From ab124e78b0271ddb904b761b31e5c9a0cf24e070 Mon Sep 17 00:00:00 2001 From: peter Date: Sat, 30 Dec 1995 19:02:48 +0000 Subject: recording cvs-1.6 file death --- eBones/acl/Makefile | 14 - eBones/acl/acl_check.3 | 183 -------- eBones/acl/acl_files.c | 555 ---------------------- eBones/acl/acl_files.doc | 107 ----- eBones/des/MISSING | 15 - eBones/ext_srvtab/Makefile | 10 - eBones/ext_srvtab/ext_srvtab.8 | 62 --- eBones/ext_srvtab/ext_srvtab.c | 176 ------- eBones/kadmin/HOW-TO | 8 - eBones/kadmin/Makefile | 19 - eBones/kadmin/kadmin.c | 636 ------------------------- eBones/kadmin/kadmin_cmds.ct | 41 -- eBones/kadmind/HOW-TO | 267 ----------- eBones/kadmind/Makefile | 11 - eBones/kadmind/admin_server.c | 474 ------------------- eBones/kadmind/kadm_funcs.c | 381 --------------- eBones/kadmind/kadm_ser_wrap.c | 213 --------- eBones/kadmind/kadm_server.c | 167 ------- eBones/kadmind/kadm_server.h | 70 --- eBones/kadmind/kadmind.8 | 117 ----- eBones/kdb/Makefile | 11 - eBones/kdb/krb_cache.c | 181 -------- eBones/kdb/krb_dbm.c | 789 ------------------------------- eBones/kdb/krb_kdb_utils.c | 148 ------ eBones/kdb/krb_lib.c | 242 ---------- eBones/kdb/print_princ.c | 51 --- eBones/kdb_destroy/Makefile | 8 - eBones/kdb_destroy/kdb_destroy.8 | 36 -- eBones/kdb_destroy/kdb_destroy.c | 66 --- eBones/kdb_edit/Makefile | 12 - eBones/kdb_edit/kdb_edit.8 | 58 --- eBones/kdb_edit/kdb_edit.c | 477 ------------------- eBones/kdb_edit/maketime.c | 85 ---- eBones/kdb_edit/time.h | 45 -- eBones/kdb_init/Makefile | 10 - eBones/kdb_init/kdb_init.8 | 45 -- eBones/kdb_init/kdb_init.c | 180 -------- eBones/kdb_util/Makefile | 13 - eBones/kdb_util/kdb_util.8 | 64 --- eBones/kdb_util/kdb_util.c | 523 --------------------- eBones/kdestroy/Makefile | 11 - eBones/kdestroy/kdestroy.c | 83 ---- eBones/kerberos/Makefile | 11 - eBones/kerberos/cr_err_reply.c | 97 ---- eBones/kerberos/kerberos.c | 816 --------------------------------- eBones/kinit/Makefile | 11 - eBones/kinit/kinit.c | 224 --------- eBones/klist/Makefile | 11 - eBones/klist/klist.1 | 84 ---- eBones/klist/klist.c | 288 ------------ eBones/kprop/Makefile | 11 - eBones/kprop/kprop.c | 637 ------------------------- eBones/kprop/kprop.h | 55 --- eBones/kpropd/Makefile | 11 - eBones/kpropd/kpropd.c | 453 ------------------ eBones/krb/Makefile | 56 --- eBones/krb/add_ticket.c | 91 ---- eBones/krb/create_auth_reply.c | 118 ----- eBones/krb/create_ciph.c | 112 ----- eBones/krb/create_death_packet.c | 65 --- eBones/krb/create_ticket.c | 132 ------ eBones/krb/debug_decl.c | 20 - eBones/krb/decomp_ticket.c | 126 ----- eBones/krb/des_rw.c | 262 ----------- eBones/krb/dest_tkt.c | 92 ---- eBones/krb/extract_ticket.c | 61 --- eBones/krb/fgetst.c | 42 -- eBones/krb/get_ad_tkt.c | 237 ---------- eBones/krb/get_admhst.c | 82 ---- eBones/krb/get_cred.c | 63 --- eBones/krb/get_in_tkt.c | 286 ------------ eBones/krb/get_krbhst.c | 87 ---- eBones/krb/get_krbrlm.c | 62 --- eBones/krb/get_phost.c | 55 --- eBones/krb/get_pw_tkt.c | 75 --- eBones/krb/get_request.c | 55 --- eBones/krb/get_svc_in_tkt.c | 77 ---- eBones/krb/get_tf_fullname.c | 69 --- eBones/krb/get_tf_realm.c | 37 -- eBones/krb/getrealm.c | 106 ----- eBones/krb/getst.c | 41 -- eBones/krb/in_tkt.c | 146 ------ eBones/krb/k_gethostname.c | 71 --- eBones/krb/klog.c | 110 ----- eBones/krb/kname_parse.c | 239 ---------- eBones/krb/kntoln.c | 63 --- eBones/krb/kparse.c | 776 ------------------------------- eBones/krb/krb.3 | 462 ------------------- eBones/krb/krb_err.et | 257 ----------- eBones/krb/krb_err_txt.c | 280 ----------- eBones/krb/krb_get_in_tkt.c | 301 ------------ eBones/krb/krb_realmofhost.3 | 161 ------- eBones/krb/krb_sendauth.3 | 348 -------------- eBones/krb/krb_set_tkt_string.3 | 43 -- eBones/krb/krbglue.c | 258 ----------- eBones/krb/kuserok.3 | 63 --- eBones/krb/kuserok.c | 199 -------- eBones/krb/log.c | 125 ----- eBones/krb/mk_err.c | 65 --- eBones/krb/mk_priv.c | 207 --------- eBones/krb/mk_req.c | 198 -------- eBones/krb/mk_safe.c | 171 ------- eBones/krb/month_sname.c | 33 -- eBones/krb/netread.c | 50 -- eBones/krb/netwrite.c | 46 -- eBones/krb/one.c | 22 - eBones/krb/pkt_cipher.c | 40 -- eBones/krb/pkt_clen.c | 58 --- eBones/krb/rd_err.c | 82 ---- eBones/krb/rd_priv.c | 207 --------- eBones/krb/rd_req.c | 331 ------------- eBones/krb/rd_safe.c | 183 -------- eBones/krb/read_service_key.c | 124 ----- eBones/krb/recvauth.c | 290 ------------ eBones/krb/save_credentials.c | 56 --- eBones/krb/send_to_kdc.c | 322 ------------- eBones/krb/sendauth.c | 259 ----------- eBones/krb/stime.c | 43 -- eBones/krb/tf_shm.c | 176 ------- eBones/krb/tf_util.3 | 151 ------ eBones/krb/tf_util.c | 581 ----------------------- eBones/krb/tkt_string.c | 80 ---- eBones/krb/util.c | 75 --- eBones/ksrvtgt/Makefile | 11 - eBones/ksrvtgt/ksrvtgt.1 | 51 --- eBones/ksrvtgt/ksrvtgt.c | 62 --- eBones/ksrvutil/HOW-TO | 291 ------------ eBones/ksrvutil/Makefile | 9 - eBones/ksrvutil/ksrvutil.c | 582 ----------------------- eBones/kstash/Makefile | 10 - eBones/kstash/kstash.8 | 44 -- eBones/kstash/kstash.c | 94 ---- eBones/libkadm/EXPORTABLE | 4 - eBones/libkadm/Makefile | 24 - eBones/libkadm/kadm.h | 164 ------- eBones/libkadm/kadm_cli_wrap.c | 509 -------------------- eBones/libkadm/kadm_err.et | 53 --- eBones/libkadm/kadm_stream.c | 286 ------------ eBones/libkadm/kadm_supp.c | 118 ----- eBones/make_keypair/Makefile | 9 - eBones/make_keypair/make_keypair.c | 134 ------ eBones/man/acl_check.3 | 183 -------- eBones/man/ext_srvtab.8 | 62 --- eBones/man/kadmind.8 | 117 ----- eBones/man/kdb_destroy.8 | 36 -- eBones/man/kdb_edit.8 | 58 --- eBones/man/kdb_init.8 | 45 -- eBones/man/kdb_util.8 | 64 --- eBones/man/klist.1 | 84 ---- eBones/man/krb.3 | 462 ------------------- eBones/man/krb_realmofhost.3 | 161 ------- eBones/man/krb_sendauth.3 | 348 -------------- eBones/man/krb_set_tkt_string.3 | 43 -- eBones/man/ksrvtgt.1 | 51 --- eBones/man/kstash.8 | 44 -- eBones/man/kuserok.3 | 63 --- eBones/man/tf_util.3 | 151 ------ eBones/passwd/HOW-TO | 247 ---------- eBones/passwd/Makefile | 23 - eBones/passwd/kpasswd.c | 223 --------- eBones/register/Makefile | 14 - eBones/register/register.c | 315 ------------- eBones/registerd/Makefile | 21 - eBones/registerd/registerd.c | 354 -------------- eBones/usr.sbin/kadmin/Makefile | 11 - eBones/usr.sbin/kadmin/admin_server.c | 474 ------------------- eBones/usr.sbin/kadmin/kadm_funcs.c | 381 --------------- eBones/usr.sbin/kadmin/kadm_ser_wrap.c | 213 --------- eBones/usr.sbin/kadmin/kadm_server.c | 167 ------- eBones/usr.sbin/kadmin/kadm_server.h | 70 --- eBones/usr.sbin/kadmin/kadmind.8 | 117 ----- 171 files changed, 26691 deletions(-) delete mode 100644 eBones/acl/Makefile delete mode 100644 eBones/acl/acl_check.3 delete mode 100644 eBones/acl/acl_files.c delete mode 100644 eBones/acl/acl_files.doc delete mode 100644 eBones/des/MISSING delete mode 100644 eBones/ext_srvtab/Makefile delete mode 100644 eBones/ext_srvtab/ext_srvtab.8 delete mode 100644 eBones/ext_srvtab/ext_srvtab.c delete mode 100644 eBones/kadmin/HOW-TO delete mode 100644 eBones/kadmin/Makefile delete mode 100644 eBones/kadmin/kadmin.c delete mode 100644 eBones/kadmin/kadmin_cmds.ct delete mode 100644 eBones/kadmind/HOW-TO delete mode 100644 eBones/kadmind/Makefile delete mode 100644 eBones/kadmind/admin_server.c delete mode 100644 eBones/kadmind/kadm_funcs.c delete mode 100644 eBones/kadmind/kadm_ser_wrap.c delete mode 100644 eBones/kadmind/kadm_server.c delete mode 100644 eBones/kadmind/kadm_server.h delete mode 100644 eBones/kadmind/kadmind.8 delete mode 100644 eBones/kdb/Makefile delete mode 100644 eBones/kdb/krb_cache.c delete mode 100644 eBones/kdb/krb_dbm.c delete mode 100644 eBones/kdb/krb_kdb_utils.c delete mode 100644 eBones/kdb/krb_lib.c delete mode 100644 eBones/kdb/print_princ.c delete mode 100644 eBones/kdb_destroy/Makefile delete mode 100644 eBones/kdb_destroy/kdb_destroy.8 delete mode 100644 eBones/kdb_destroy/kdb_destroy.c delete mode 100644 eBones/kdb_edit/Makefile delete mode 100644 eBones/kdb_edit/kdb_edit.8 delete mode 100644 eBones/kdb_edit/kdb_edit.c delete mode 100644 eBones/kdb_edit/maketime.c delete mode 100644 eBones/kdb_edit/time.h delete mode 100644 eBones/kdb_init/Makefile delete mode 100644 eBones/kdb_init/kdb_init.8 delete mode 100644 eBones/kdb_init/kdb_init.c delete mode 100644 eBones/kdb_util/Makefile delete mode 100644 eBones/kdb_util/kdb_util.8 delete mode 100644 eBones/kdb_util/kdb_util.c delete mode 100644 eBones/kdestroy/Makefile delete mode 100644 eBones/kdestroy/kdestroy.c delete mode 100644 eBones/kerberos/Makefile delete mode 100644 eBones/kerberos/cr_err_reply.c delete mode 100644 eBones/kerberos/kerberos.c delete mode 100644 eBones/kinit/Makefile delete mode 100644 eBones/kinit/kinit.c delete mode 100644 eBones/klist/Makefile delete mode 100644 eBones/klist/klist.1 delete mode 100644 eBones/klist/klist.c delete mode 100644 eBones/kprop/Makefile delete mode 100644 eBones/kprop/kprop.c delete mode 100644 eBones/kprop/kprop.h delete mode 100644 eBones/kpropd/Makefile delete mode 100644 eBones/kpropd/kpropd.c delete mode 100644 eBones/krb/Makefile delete mode 100644 eBones/krb/add_ticket.c delete mode 100644 eBones/krb/create_auth_reply.c delete mode 100644 eBones/krb/create_ciph.c delete mode 100644 eBones/krb/create_death_packet.c delete mode 100644 eBones/krb/create_ticket.c delete mode 100644 eBones/krb/debug_decl.c delete mode 100644 eBones/krb/decomp_ticket.c delete mode 100644 eBones/krb/des_rw.c delete mode 100644 eBones/krb/dest_tkt.c delete mode 100644 eBones/krb/extract_ticket.c delete mode 100644 eBones/krb/fgetst.c delete mode 100644 eBones/krb/get_ad_tkt.c delete mode 100644 eBones/krb/get_admhst.c delete mode 100644 eBones/krb/get_cred.c delete mode 100644 eBones/krb/get_in_tkt.c delete mode 100644 eBones/krb/get_krbhst.c delete mode 100644 eBones/krb/get_krbrlm.c delete mode 100644 eBones/krb/get_phost.c delete mode 100644 eBones/krb/get_pw_tkt.c delete mode 100644 eBones/krb/get_request.c delete mode 100644 eBones/krb/get_svc_in_tkt.c delete mode 100644 eBones/krb/get_tf_fullname.c delete mode 100644 eBones/krb/get_tf_realm.c delete mode 100644 eBones/krb/getrealm.c delete mode 100644 eBones/krb/getst.c delete mode 100644 eBones/krb/in_tkt.c delete mode 100644 eBones/krb/k_gethostname.c delete mode 100644 eBones/krb/klog.c delete mode 100644 eBones/krb/kname_parse.c delete mode 100644 eBones/krb/kntoln.c delete mode 100644 eBones/krb/kparse.c delete mode 100644 eBones/krb/krb.3 delete mode 100644 eBones/krb/krb_err.et delete mode 100644 eBones/krb/krb_err_txt.c delete mode 100644 eBones/krb/krb_get_in_tkt.c delete mode 100644 eBones/krb/krb_realmofhost.3 delete mode 100644 eBones/krb/krb_sendauth.3 delete mode 100644 eBones/krb/krb_set_tkt_string.3 delete mode 100644 eBones/krb/krbglue.c delete mode 100644 eBones/krb/kuserok.3 delete mode 100644 eBones/krb/kuserok.c delete mode 100644 eBones/krb/log.c delete mode 100644 eBones/krb/mk_err.c delete mode 100644 eBones/krb/mk_priv.c delete mode 100644 eBones/krb/mk_req.c delete mode 100644 eBones/krb/mk_safe.c delete mode 100644 eBones/krb/month_sname.c delete mode 100644 eBones/krb/netread.c delete mode 100644 eBones/krb/netwrite.c delete mode 100644 eBones/krb/one.c delete mode 100644 eBones/krb/pkt_cipher.c delete mode 100644 eBones/krb/pkt_clen.c delete mode 100644 eBones/krb/rd_err.c delete mode 100644 eBones/krb/rd_priv.c delete mode 100644 eBones/krb/rd_req.c delete mode 100644 eBones/krb/rd_safe.c delete mode 100644 eBones/krb/read_service_key.c delete mode 100644 eBones/krb/recvauth.c delete mode 100644 eBones/krb/save_credentials.c delete mode 100644 eBones/krb/send_to_kdc.c delete mode 100644 eBones/krb/sendauth.c delete mode 100644 eBones/krb/stime.c delete mode 100644 eBones/krb/tf_shm.c delete mode 100644 eBones/krb/tf_util.3 delete mode 100644 eBones/krb/tf_util.c delete mode 100644 eBones/krb/tkt_string.c delete mode 100644 eBones/krb/util.c delete mode 100644 eBones/ksrvtgt/Makefile delete mode 100644 eBones/ksrvtgt/ksrvtgt.1 delete mode 100644 eBones/ksrvtgt/ksrvtgt.c delete mode 100644 eBones/ksrvutil/HOW-TO delete mode 100644 eBones/ksrvutil/Makefile delete mode 100644 eBones/ksrvutil/ksrvutil.c delete mode 100644 eBones/kstash/Makefile delete mode 100644 eBones/kstash/kstash.8 delete mode 100644 eBones/kstash/kstash.c delete mode 100644 eBones/libkadm/EXPORTABLE delete mode 100644 eBones/libkadm/Makefile delete mode 100644 eBones/libkadm/kadm.h delete mode 100644 eBones/libkadm/kadm_cli_wrap.c delete mode 100644 eBones/libkadm/kadm_err.et delete mode 100644 eBones/libkadm/kadm_stream.c delete mode 100644 eBones/libkadm/kadm_supp.c delete mode 100644 eBones/make_keypair/Makefile delete mode 100644 eBones/make_keypair/make_keypair.c delete mode 100644 eBones/man/acl_check.3 delete mode 100644 eBones/man/ext_srvtab.8 delete mode 100644 eBones/man/kadmind.8 delete mode 100644 eBones/man/kdb_destroy.8 delete mode 100644 eBones/man/kdb_edit.8 delete mode 100644 eBones/man/kdb_init.8 delete mode 100644 eBones/man/kdb_util.8 delete mode 100644 eBones/man/klist.1 delete mode 100644 eBones/man/krb.3 delete mode 100644 eBones/man/krb_realmofhost.3 delete mode 100644 eBones/man/krb_sendauth.3 delete mode 100644 eBones/man/krb_set_tkt_string.3 delete mode 100644 eBones/man/ksrvtgt.1 delete mode 100644 eBones/man/kstash.8 delete mode 100644 eBones/man/kuserok.3 delete mode 100644 eBones/man/tf_util.3 delete mode 100644 eBones/passwd/HOW-TO delete mode 100644 eBones/passwd/Makefile delete mode 100644 eBones/passwd/kpasswd.c delete mode 100644 eBones/register/Makefile delete mode 100644 eBones/register/register.c delete mode 100644 eBones/registerd/Makefile delete mode 100644 eBones/registerd/registerd.c delete mode 100644 eBones/usr.sbin/kadmin/Makefile delete mode 100644 eBones/usr.sbin/kadmin/admin_server.c delete mode 100644 eBones/usr.sbin/kadmin/kadm_funcs.c delete mode 100644 eBones/usr.sbin/kadmin/kadm_ser_wrap.c delete mode 100644 eBones/usr.sbin/kadmin/kadm_server.c delete mode 100644 eBones/usr.sbin/kadmin/kadm_server.h delete mode 100644 eBones/usr.sbin/kadmin/kadmind.8 (limited to 'eBones') diff --git a/eBones/acl/Makefile b/eBones/acl/Makefile deleted file mode 100644 index c015eaa..0000000 --- a/eBones/acl/Makefile +++ /dev/null @@ -1,14 +0,0 @@ -# From: @(#)Makefile 5.1 (Berkeley) 6/25/90 -# $Id: Makefile,v 1.4 1995/07/18 16:34:47 mark Exp $ - -LIB= acl -SHLIB_MAJOR= 2 -SHLIB_MINOR= 0 -CFLAGS+=-DDEBUG -DKERBEROS -I${.CURDIR}/../include -Wall -SRCS= acl_files.c -MAN3= acl_check.3 -MLINKS= acl_check.3 acl_canonicalize_principal.3 \ - acl_check.3 acl_exact_match.3 acl_check.3 acl_add.3 \ - acl_check.3 acl_delete.3 acl_check.3 acl_initialize.3 - -.include diff --git a/eBones/acl/acl_check.3 b/eBones/acl/acl_check.3 deleted file mode 100644 index 2e5129c..0000000 --- a/eBones/acl/acl_check.3 +++ /dev/null @@ -1,183 +0,0 @@ -.\" from: acl_check.3,v 4.1 89/01/23 11:06:54 jtkohl Exp $ -.\" $Id: acl_check.3,v 1.1.1.1 1994/09/30 14:50:05 csgr Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file . -.\" -.TH ACL_CHECK 3 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -acl_canonicalize_principal, acl_check, acl_exact_match, acl_add, -acl_delete, acl_initialize \- Access control list routines -.SH SYNOPSIS -.nf -.nj -.ft B -cc \-lacl \-lkrb -.PP -.ft B -#include -.PP -.ft B -acl_canonicalize_principal(principal, buf) -char *principal; -char *buf; -.PP -.ft B -acl_check(acl, principal) -char *acl; -char *principal; -.PP -.ft B -acl_exact_match(acl, principal) -char *acl; -char *principal; -.PP -.ft B -acl_add(acl, principal) -char *acl; -char *principal; -.PP -.ft B -acl_delete(acl, principal) -char *acl; -char *principal; -.PP -.ft B -acl_initialize(acl_file, mode) -char *acl_file; -int mode; -.fi -.ft R -.SH DESCRIPTION -.SS Introduction -.PP -An access control list (ACL) is a list of principals, where each -principal is represented by a text string which cannot contain -whitespace. The library allows application programs to refer to named -access control lists to test membership and to atomically add and -delete principals using a natural and intuitive interface. At -present, the names of access control lists are required to be Unix -filenames, and refer to human-readable Unix files; in the future, when -a networked ACL server is implemented, the names may refer to a -different namespace specific to the ACL service. -.PP -.SS Principal Names -.PP -Principal names have the form -.nf -.in +5n -[.][@] -.in -5n -e.g.: -.in +5n -asp -asp.root -asp@ATHENA.MIT.EDU -asp.@ATHENA.MIT.EDU -asp.root@ATHENA.MIT.EDU -.in -5n -.fi -It is possible for principals to be underspecified. If an instance is -missing, it is assumed to be "". If realm is missing, it is assumed -to be the local realm as determined by -.IR krb_get_lrealm (3). -The canonical form contains all of name, instance, -and realm; the acl_add and acl_delete routines will always -leave the file in that form. Note that the canonical form of -asp@ATHENA.MIT.EDU is actually asp.@ATHENA.MIT.EDU. -.SS Routines -.PP -.I acl_canonicalize_principal -stores the canonical form of -.I principal -in -.IR buf . -.I Buf -must contain enough -space to store a principal, given the limits on the sizes of name, -instance, and realm specified as ANAME_SZ, INST_SZ, and REALM_SZ, -respectively, in -.IR /usr/include/kerberosIV/krb.h . -.PP -.I acl_check -returns nonzero if -.I principal -appears in -.IR acl . -Returns 0 if principal -does not appear in acl, or if an error occurs. Canonicalizes -principal before checking, and allows the ACL to contain wildcards. The -only supported wildcards are entries of the form -name.*@realm, *.*@realm, and *.*@*. An asterisk matches any value for the -its component field. For example, "jtkohl.*@*" would match principal -jtkohl, with any instance and any realm. -.PP -.I acl_exact_match -performs like -.IR acl_check , -but does no canonicalization or wildcard matching. -.PP -.I acl_add -atomically adds -.I principal -to -.IR acl . -Returns 0 if successful, nonzero otherwise. It is considered a failure -if -.I principal -is already in -.IR acl . -This routine will canonicalize -.IR principal , -but will treat wildcards literally. -.PP -.I acl_delete -atomically deletes -.I principal -from -.IR acl . -Returns 0 if successful, -nonzero otherwise. It is considered a failure if -.I principal -is not -already in -.IR acl . -This routine will canonicalize -.IR principal , -but will treat wildcards literally. -.PP -.I acl_initialize -initializes -.IR acl_file . -If the file -.I acl_file -does not exist, -.I acl_initialize -creates it with mode -.IR mode . -If the file -.I acl_file -exists, -.I acl_initialize -removes all members. Returns 0 if successful, -nonzero otherwise. WARNING: Mode argument is likely to change with -the eventual introduction of an ACL service. -.SH NOTES -In the presence of concurrency, there is a very small chance that -.I acl_add -or -.I acl_delete -could report success even though it would have -had no effect. This is a necessary side effect of using lock files -for concurrency control rather than flock(2), which is not supported -by NFS. -.PP -The current implementation caches ACLs in memory in a hash-table -format for increased efficiency in checking membership; one effect of -the caching scheme is that one file descriptor will be kept open for -each ACL cached, up to a maximum of 8. -.SH SEE ALSO -kerberos(3), krb_get_lrealm(3) -.SH AUTHOR -James Aspnes (MIT Project Athena) diff --git a/eBones/acl/acl_files.c b/eBones/acl/acl_files.c deleted file mode 100644 index a3e1f68..0000000 --- a/eBones/acl/acl_files.c +++ /dev/null @@ -1,555 +0,0 @@ -/* - * - * Copyright 1987,1989 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * . - * - * from: acl_files.c,v 4.4 89/12/19 13:30:53 jtkohl Exp $ - * $Id: acl_files.c,v 1.3 1995/07/18 16:34:49 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: acl_files.c,v 1.3 1995/07/18 16:34:49 mark Exp $"; -#endif lint -#endif - - -/*** Routines for manipulating access control list files ***/ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "krb.h" - -__BEGIN_DECLS -static int acl_abort __P((char *, FILE *)); -__END_DECLS - -#ifndef KRB_REALM -#define KRB_REALM "ATHENA.MIT.EDU" -#endif - -/* "aname.inst@realm" */ -#define MAX_PRINCIPAL_SIZE (ANAME_SZ + INST_SZ + REALM_SZ + 3) -#define INST_SEP '.' -#define REALM_SEP '@' - -#define LINESIZE 2048 /* Maximum line length in an acl file */ - -#define NEW_FILE "%s.~NEWACL~" /* Format for name of altered acl file */ -#define WAIT_TIME 300 /* Maximum time allowed write acl file */ - -#define CACHED_ACLS 8 /* How many acls to cache */ - /* Each acl costs 1 open file descriptor */ -#define ACL_LEN 16 /* Twice a reasonable acl length */ - -#define MAX(a,b) (((a)>(b))?(a):(b)) -#define MIN(a,b) (((a)<(b))?(a):(b)) - -#define COR(a,b) ((a!=NULL)?(a):(b)) - -/* Canonicalize a principal name */ -/* If instance is missing, it becomes "" */ -/* If realm is missing, it becomes the local realm */ -/* Canonicalized form is put in canon, which must be big enough to hold - MAX_PRINCIPAL_SIZE characters */ -void -acl_canonicalize_principal(principal, canon) -char *principal; -char *canon; -{ - char *dot, *atsign, *end; - int len; - - dot = index(principal, INST_SEP); - atsign = index(principal, REALM_SEP); - - /* Maybe we're done already */ - if(dot != NULL && atsign != NULL) { - if(dot < atsign) { - /* It's for real */ - /* Copy into canon */ - strncpy(canon, principal, MAX_PRINCIPAL_SIZE); - canon[MAX_PRINCIPAL_SIZE-1] = '\0'; - return; - } else { - /* Nope, it's part of the realm */ - dot = NULL; - } - } - - /* No such luck */ - end = principal + strlen(principal); - - /* Get the principal name */ - len = MIN(ANAME_SZ, COR(dot, COR(atsign, end)) - principal); - strncpy(canon, principal, len); - canon += len; - - /* Add INST_SEP */ - *canon++ = INST_SEP; - - /* Get the instance, if it exists */ - if(dot != NULL) { - ++dot; - len = MIN(INST_SZ, COR(atsign, end) - dot); - strncpy(canon, dot, len); - canon += len; - } - - /* Add REALM_SEP */ - *canon++ = REALM_SEP; - - /* Get the realm, if it exists */ - /* Otherwise, default to local realm */ - if(atsign != NULL) { - ++atsign; - len = MIN(REALM_SZ, end - atsign); - strncpy(canon, atsign, len); - canon += len; - *canon++ = '\0'; - } else if(krb_get_lrealm(canon, 1) != KSUCCESS) { - strcpy(canon, KRB_REALM); - } -} - -/* Get a lock to modify acl_file */ -/* Return new FILE pointer */ -/* or NULL if file cannot be modified */ -/* REQUIRES WRITE PERMISSION TO CONTAINING DIRECTORY */ -static FILE * -acl_lock_file(acl_file) -char *acl_file; -{ - struct stat s; - char new[LINESIZE]; - int nfd; - FILE *nf; - int mode; - - if(stat(acl_file, &s) < 0) return(NULL); - mode = s.st_mode; - sprintf(new, NEW_FILE, acl_file); - for(;;) { - /* Open the new file */ - if((nfd = open(new, O_WRONLY|O_CREAT|O_EXCL, mode)) < 0) { - if(errno == EEXIST) { - /* Maybe somebody got here already, maybe it's just old */ - if(stat(new, &s) < 0) return(NULL); - if(time(0) - s.st_ctime > WAIT_TIME) { - /* File is stale, kill it */ - unlink(new); - continue; - } else { - /* Wait and try again */ - sleep(1); - continue; - } - } else { - /* Some other error, we lose */ - return(NULL); - } - } - - /* If we got to here, the lock file is ours and ok */ - /* Reopen it under stdio */ - if((nf = fdopen(nfd, "w")) == NULL) { - /* Oops, clean up */ - unlink(new); - } - return(nf); - } -} - -/* Commit changes to acl_file written onto FILE *f */ -/* Returns zero if successful */ -/* Returns > 0 if lock was broken */ -/* Returns < 0 if some other error occurs */ -/* Closes f */ -static int -acl_commit(acl_file, f) -char *acl_file; -FILE *f; -{ - char new[LINESIZE]; - int ret; - struct stat s; - - sprintf(new, NEW_FILE, acl_file); - if(fflush(f) < 0 - || fstat(fileno(f), &s) < 0 - || s.st_nlink == 0) { - acl_abort(acl_file, f); - return(-1); - } - - ret = rename(new, acl_file); - fclose(f); - return(ret); -} - -/* - * Abort changes to acl_file written onto FILE *f - * Returns 0 if successful, < 0 otherwise - * Closes f - */ -static int -acl_abort(acl_file, f) -char *acl_file; -FILE *f; -{ - char new[LINESIZE]; - int ret; - struct stat s; - - /* make sure we aren't nuking someone else's file */ - if(fstat(fileno(f), &s) < 0 || s.st_nlink == 0) { - fclose(f); - return(-1); - } else { - sprintf(new, NEW_FILE, acl_file); - ret = unlink(new); - fclose(f); - return(ret); - } -} - -/* Initialize an acl_file */ -/* Creates the file with permissions perm if it does not exist */ -/* Erases it if it does */ -/* Returns return value of acl_commit */ -int -acl_initialize(acl_file, perm) -char *acl_file; -int perm; -{ - FILE *new; - int fd; - - /* Check if the file exists already */ - if((new = acl_lock_file(acl_file)) != NULL) { - return(acl_commit(acl_file, new)); - } else { - /* File must be readable and writable by owner */ - if((fd = open(acl_file, O_CREAT|O_EXCL, perm|0600)) < 0) { - return(-1); - } else { - close(fd); - return(0); - } - } -} - -/* Eliminate all whitespace character in buf */ -/* Modifies its argument */ -static void -nuke_whitespace(buf) -char *buf; -{ - register char *pin, *pout; - - for(pin = pout = buf; *pin != '\0'; pin++) - if(!isspace(*pin)) *pout++ = *pin; - *pout = '\0'; /* Terminate the string */ -} - -/* Hash table stuff */ - -struct hashtbl { - int size; /* Max number of entries */ - int entries; /* Actual number of entries */ - char **tbl; /* Pointer to start of table */ -}; - -/* Make an empty hash table of size s */ -static struct hashtbl * -make_hash(size) -int size; -{ - struct hashtbl *h; - - if(size < 1) size = 1; - h = (struct hashtbl *) malloc(sizeof(struct hashtbl)); - h->size = size; - h->entries = 0; - h->tbl = (char **) calloc(size, sizeof(char *)); - return(h); -} - -/* Destroy a hash table */ -static void -destroy_hash(h) -struct hashtbl *h; -{ - int i; - - for(i = 0; i < h->size; i++) { - if(h->tbl[i] != NULL) free(h->tbl[i]); - } - free(h->tbl); - free(h); -} - -/* Compute hash value for a string */ -static unsigned -hashval(s) -register char *s; -{ - register unsigned hv; - - for(hv = 0; *s != '\0'; s++) { - hv ^= ((hv << 3) ^ *s); - } - return(hv); -} - -/* Add an element to a hash table */ -static void -add_hash(h, el) -struct hashtbl *h; -char *el; -{ - unsigned hv; - char *s; - char **old; - int i; - - /* Make space if it isn't there already */ - if(h->entries + 1 > (h->size >> 1)) { - old = h->tbl; - h->tbl = (char **) calloc(h->size << 1, sizeof(char *)); - for(i = 0; i < h->size; i++) { - if(old[i] != NULL) { - hv = hashval(old[i]) % (h->size << 1); - while(h->tbl[hv] != NULL) hv = (hv+1) % (h->size << 1); - h->tbl[hv] = old[i]; - } - } - h->size = h->size << 1; - free(old); - } - - hv = hashval(el) % h->size; - while(h->tbl[hv] != NULL && strcmp(h->tbl[hv], el)) hv = (hv+1) % h->size; - s = malloc(strlen(el)+1); - strcpy(s, el); - h->tbl[hv] = s; - h->entries++; -} - -/* Returns nonzero if el is in h */ -static int -check_hash(h, el) -struct hashtbl *h; -char *el; -{ - unsigned hv; - - for(hv = hashval(el) % h->size; - h->tbl[hv] != NULL; - hv = (hv + 1) % h->size) { - if(!strcmp(h->tbl[hv], el)) return(1); - } - return(0); -} - -struct acl { - char filename[LINESIZE]; /* Name of acl file */ - int fd; /* File descriptor for acl file */ - struct stat status; /* File status at last read */ - struct hashtbl *acl; /* Acl entries */ -}; - -static struct acl acl_cache[CACHED_ACLS]; - -static int acl_cache_count = 0; -static int acl_cache_next = 0; - -/* Returns < 0 if unsuccessful in loading acl */ -/* Returns index into acl_cache otherwise */ -/* Note that if acl is already loaded, this is just a lookup */ -static int -acl_load(name) -char *name; -{ - int i; - FILE *f; - struct stat s; - char buf[MAX_PRINCIPAL_SIZE]; - char canon[MAX_PRINCIPAL_SIZE]; - - /* See if it's there already */ - for(i = 0; i < acl_cache_count; i++) { - if(!strcmp(acl_cache[i].filename, name) - && acl_cache[i].fd >= 0) goto got_it; - } - - /* It isn't, load it in */ - /* maybe there's still room */ - if(acl_cache_count < CACHED_ACLS) { - i = acl_cache_count++; - } else { - /* No room, clean one out */ - i = acl_cache_next; - acl_cache_next = (acl_cache_next + 1) % CACHED_ACLS; - close(acl_cache[i].fd); - if(acl_cache[i].acl) { - destroy_hash(acl_cache[i].acl); - acl_cache[i].acl = (struct hashtbl *) 0; - } - } - - /* Set up the acl */ - strcpy(acl_cache[i].filename, name); - if((acl_cache[i].fd = open(name, O_RDONLY, 0)) < 0) return(-1); - /* Force reload */ - acl_cache[i].acl = (struct hashtbl *) 0; - - got_it: - /* - * See if the stat matches - * - * Use stat(), not fstat(), as the file may have been re-created by - * acl_add or acl_delete. If this happens, the old inode will have - * no changes in the mod-time and the following test will fail. - */ - if(stat(acl_cache[i].filename, &s) < 0) return(-1); - if(acl_cache[i].acl == (struct hashtbl *) 0 - || s.st_nlink != acl_cache[i].status.st_nlink - || s.st_mtime != acl_cache[i].status.st_mtime - || s.st_ctime != acl_cache[i].status.st_ctime) { - /* Gotta reload */ - if(acl_cache[i].fd >= 0) close(acl_cache[i].fd); - if((acl_cache[i].fd = open(name, O_RDONLY, 0)) < 0) return(-1); - if((f = fdopen(acl_cache[i].fd, "r")) == NULL) return(-1); - if(acl_cache[i].acl) destroy_hash(acl_cache[i].acl); - acl_cache[i].acl = make_hash(ACL_LEN); - while(fgets(buf, sizeof(buf), f) != NULL) { - nuke_whitespace(buf); - acl_canonicalize_principal(buf, canon); - add_hash(acl_cache[i].acl, canon); - } - fclose(f); - acl_cache[i].status = s; - } - return(i); -} - -/* Returns nonzero if it can be determined that acl contains principal */ -/* Principal is not canonicalized, and no wildcarding is done */ -int -acl_exact_match(acl, principal) -char *acl; -char *principal; -{ - int idx; - - return((idx = acl_load(acl)) >= 0 - && check_hash(acl_cache[idx].acl, principal)); -} - -/* Returns nonzero if it can be determined that acl contains principal */ -/* Recognizes wildcards in acl of the form - name.*@realm, *.*@realm, and *.*@* */ -int -acl_check(acl, principal) -char *acl; -char *principal; -{ - char buf[MAX_PRINCIPAL_SIZE]; - char canon[MAX_PRINCIPAL_SIZE]; - char *realm; - - acl_canonicalize_principal(principal, canon); - - /* Is it there? */ - if(acl_exact_match(acl, canon)) return(1); - - /* Try the wildcards */ - realm = index(canon, REALM_SEP); - *index(canon, INST_SEP) = '\0'; /* Chuck the instance */ - - sprintf(buf, "%s.*%s", canon, realm); - if(acl_exact_match(acl, buf)) return(1); - - sprintf(buf, "*.*%s", realm); - if(acl_exact_match(acl, buf) || acl_exact_match(acl, "*.*@*")) return(1); - - return(0); -} - -/* Adds principal to acl */ -/* Wildcards are interpreted literally */ -int -acl_add(acl, principal) -char *acl; -char *principal; -{ - int idx; - int i; - FILE *new; - char canon[MAX_PRINCIPAL_SIZE]; - - acl_canonicalize_principal(principal, canon); - - if((new = acl_lock_file(acl)) == NULL) return(-1); - if((acl_exact_match(acl, canon)) - || (idx = acl_load(acl)) < 0) { - acl_abort(acl, new); - return(-1); - } - /* It isn't there yet, copy the file and put it in */ - for(i = 0; i < acl_cache[idx].acl->size; i++) { - if(acl_cache[idx].acl->tbl[i] != NULL) { - if(fputs(acl_cache[idx].acl->tbl[i], new) == NULL - || putc('\n', new) != '\n') { - acl_abort(acl, new); - return(-1); - } - } - } - fputs(canon, new); - putc('\n', new); - return(acl_commit(acl, new)); -} - -/* Removes principal from acl */ -/* Wildcards are interpreted literally */ -int -acl_delete(acl, principal) -char *acl; -char *principal; -{ - int idx; - int i; - FILE *new; - char canon[MAX_PRINCIPAL_SIZE]; - - acl_canonicalize_principal(principal, canon); - - if((new = acl_lock_file(acl)) == NULL) return(-1); - if((!acl_exact_match(acl, canon)) - || (idx = acl_load(acl)) < 0) { - acl_abort(acl, new); - return(-1); - } - /* It isn't there yet, copy the file and put it in */ - for(i = 0; i < acl_cache[idx].acl->size; i++) { - if(acl_cache[idx].acl->tbl[i] != NULL - && strcmp(acl_cache[idx].acl->tbl[i], canon)) { - fputs(acl_cache[idx].acl->tbl[i], new); - putc('\n', new); - } - } - return(acl_commit(acl, new)); -} - diff --git a/eBones/acl/acl_files.doc b/eBones/acl/acl_files.doc deleted file mode 100644 index 4096f9b..0000000 --- a/eBones/acl/acl_files.doc +++ /dev/null @@ -1,107 +0,0 @@ -PROTOTYPE ACL LIBRARY - -Introduction - -An access control list (ACL) is a list of principals, where each -principal is is represented by a text string which cannot contain -whitespace. The library allows application programs to refer to named -access control lists to test membership and to atomically add and -delete principals using a natural and intuitive interface. At -present, the names of access control lists are required to be Unix -filenames, and refer to human-readable Unix files; in the future, when -a networked ACL server is implemented, the names may refer to a -different namespace specific to the ACL service. - - -Usage - -cc -lacl -lkrb. - - - -Principal Names - -Principal names have the form - -[.][@] - -e.g. - -asp -asp.root -asp@ATHENA.MIT.EDU -asp.@ATHENA.MIT.EDU -asp.root@ATHENA.MIT.EDU - -It is possible for principals to be underspecified. If instance is -missing, it is assumed to be "". If realm is missing, it is assumed -to be local_realm. The canonical form contains all of name, instance, -and realm; the acl_add and acl_delete routines will always -leave the file in that form. Note that the canonical form of -asp@ATHENA.MIT.EDU is actually asp.@ATHENA.MIT.EDU. - - -Routines - -acl_canonicalize_principal(principal, buf) -char *principal; -char *buf; /*RETVAL*/ - -Store the canonical form of principal in buf. Buf must contain enough -space to store a principal, given the limits on the sizes of name, -instance, and realm specified in /usr/include/krb.h. - -acl_check(acl, principal) -char *acl; -char *principal; - -Returns nonzero if principal appears in acl. Returns 0 if principal -does not appear in acl, or if an error occurs. Canonicalizes -principal before checking, and allows the ACL to contain wildcards. - -acl_exact_match(acl, principal) -char *acl; -char *principal; - -Like acl_check, but does no canonicalization or wildcarding. - -acl_add(acl, principal) -char *acl; -char *principal; - -Atomically adds principal to acl. Returns 0 if successful, nonzero -otherwise. It is considered a failure if principal is already in acl. -This routine will canonicalize principal, but will treat wildcards -literally. - -acl_delete(acl, principal) -char *acl; -char *principal; - -Atomically deletes principal from acl. Returns 0 if successful, -nonzero otherwise. It is consider a failure if principal is not -already in acl. This routine will canonicalize principal, but will -treat wildcards literally. - -acl_initialize(acl, mode) -char *acl; -int mode; - -Initialize acl. If acl file does not exist, creates it with mode -mode. If acl exists, removes all members. Returns 0 if successful, -nonzero otherwise. WARNING: Mode argument is likely to change with -the eventual introduction of an ACL service. - - -Known problems - -In the presence of concurrency, there is a very small chance that -acl_add or acl_delete could report success even though it would have -had no effect. This is a necessary side effect of using lock files -for concurrency control rather than flock(2), which is not supported -by NFS. - -The current implementation caches ACLs in memory in a hash-table -format for increased efficiency in checking membership; one effect of -the caching scheme is that one file descriptor will be kept open for -each ACL cached, up to a maximum of 8. diff --git a/eBones/des/MISSING b/eBones/des/MISSING deleted file mode 100644 index a697727..0000000 --- a/eBones/des/MISSING +++ /dev/null @@ -1,15 +0,0 @@ -# $Id: MISSING,v 1.1.1.1 1994/09/30 14:49:50 csgr Exp $ - -The following symbols (you can find in the USA libdes) are still missing -in this source. - -_des_cblock_print_file -_des_generate_random_block -_des_init_random_number_generator -_des_new_random_key -_des_set_random_generator_seed -_des_set_sequence_number -_des_debug - -# END - diff --git a/eBones/ext_srvtab/Makefile b/eBones/ext_srvtab/Makefile deleted file mode 100644 index 7fb1f29..0000000 --- a/eBones/ext_srvtab/Makefile +++ /dev/null @@ -1,10 +0,0 @@ -# From: @(#)Makefile 5.1 (Berkeley) 6/25/90 -# $Id: Makefile,v 1.3 1995/07/18 16:35:54 mark Exp $ - -PROG= ext_srvtab -CFLAGS+=-DKERBEROS -I${.CURDIR}/../include -Wall -DPADD= ${LIBKDB} ${LIBKRB} -LDADD+= -L${KDBOBJDIR} -lkdb -L${KRBOBJDIR} -lkrb -ldes -MAN8= ext_srvtab.8 - -.include diff --git a/eBones/ext_srvtab/ext_srvtab.8 b/eBones/ext_srvtab/ext_srvtab.8 deleted file mode 100644 index 565c3a3..0000000 --- a/eBones/ext_srvtab/ext_srvtab.8 +++ /dev/null @@ -1,62 +0,0 @@ -.\" from: ext_srvtab.8,v 4.2 89/07/18 16:53:18 jtkohl Exp $ -.\" $Id: ext_srvtab.8,v 1.1.1.1 1994/09/30 14:50:05 csgr Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file . -.\" -.TH EXT_SRVTAB 8 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -ext_srvtab \- extract service key files from Kerberos key distribution center database -.SH SYNOPSIS -ext_srvtab [ -.B \-n -] [ -.B \-r realm -] [ -.B hostname ... -] -.SH DESCRIPTION -.I ext_srvtab -extracts service key files from the Kerberos key distribution center -(KDC) database. -.PP -Upon execution, it prompts the user to enter the master key string for -the database. If the -.B \-n -option is specified, the master key is instead fetched from the master -key cache file. -.PP -For each -.I hostname -specified on the command line, -.I ext_srvtab -creates the service key file -.IR hostname -new-srvtab, -containing all the entries in the database with an instance field of -.I hostname. -This new file contains all the keys registered for Kerberos-mediated -service providing programs which use the -.IR krb_get_phost (3) -principal and instance conventions to run on the host -.IR hostname . -If the -.B \-r -option is specified, the realm fields in the extracted file will -match the given realm rather than the local realm. -.SH DIAGNOSTICS -.TP 20n -"verify_master_key: Invalid master key, does not match database." -The master key string entered was incorrect. -.SH FILES -.TP 20n -/etc/kerberosIV/principal.db -DBM file containing database -.TP -/etc/kerberosIV/principal.ok -Semaphore indicating that the DBM database is not being modified. -.TP -/etc/kerberosIV/master_key -Master key cache file. -.SH SEE ALSO -read_service_key(3), krb_get_phost(3) diff --git a/eBones/ext_srvtab/ext_srvtab.c b/eBones/ext_srvtab/ext_srvtab.c deleted file mode 100644 index 6f25013..0000000 --- a/eBones/ext_srvtab/ext_srvtab.c +++ /dev/null @@ -1,176 +0,0 @@ -/* - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. - * - * from: ext_srvtab.c,v 4.1 89/07/18 16:49:30 jtkohl Exp $ - * $Id: ext_srvtab.c,v 1.3 1995/07/18 16:35:55 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: ext_srvtab.c,v 1.3 1995/07/18 16:35:55 mark Exp $"; -#endif lint -#endif - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#define TRUE 1 -#define FALSE 0 - -static C_Block master_key; -static C_Block session_key; -static Key_schedule master_key_schedule; -char progname[] = "ext_srvtab"; -char realm[REALM_SZ]; - -void FWrite(char *p, int size, int n, FILE *f); -void StampOutSecrets(void); -void usage(void); - -int -main(argc, argv) - int argc; - char *argv[]; -{ - FILE *fout; - char fname[1024]; - int fopen_errs = 0; - int arg; - Principal princs[40]; - int more; - int prompt = TRUE; - register int n, i; - - bzero(realm, sizeof(realm)); - - /* Parse commandline arguments */ - if (argc < 2) - usage(); - else { - for (i = 1; i < argc; i++) { - if (strcmp(argv[i], "-n") == 0) - prompt = FALSE; - else if (strcmp(argv[i], "-r") == 0) { - if (++i >= argc) - usage(); - else { - strcpy(realm, argv[i]); - /* - * This is to humor the broken way commandline - * argument parsing is done. Later, this - * program ignores everything that starts with -. - */ - argv[i][0] = '-'; - } - } - else if (argv[i][0] == '-') - usage(); - else - if (!k_isinst(argv[i])) { - fprintf(stderr, "%s: bad instance name: %s\n", - progname, argv[i]); - usage(); - } - } - } - - if (kdb_get_master_key (prompt, master_key, master_key_schedule) != 0) { - fprintf (stderr, "Couldn't read master key.\n"); - fflush (stderr); - exit(1); - } - - if (kdb_verify_master_key (master_key, master_key_schedule, stderr) < 0) { - exit(1); - } - - /* For each arg, search for instances of arg, and produce */ - /* srvtab file */ - if (!realm[0]) - if (krb_get_lrealm(realm, 1) != KSUCCESS) { - fprintf(stderr, "%s: couldn't get local realm\n", progname); - exit(1); - } - (void) umask(077); - - for (arg = 1; arg < argc; arg++) { - if (argv[arg][0] == '-') - continue; - sprintf(fname, "%s-new-srvtab", argv[arg]); - if ((fout = fopen(fname, "w")) == NULL) { - fprintf(stderr, "Couldn't create file '%s'.\n", fname); - fopen_errs++; - continue; - } - printf("Generating '%s'....\n", fname); - n = kerb_get_principal("*", argv[arg], &princs[0], 40, &more); - if (more) - fprintf(stderr, "More than 40 found...\n"); - for (i = 0; i < n; i++) { - FWrite(princs[i].name, strlen(princs[i].name) + 1, 1, fout); - FWrite(princs[i].instance, strlen(princs[i].instance) + 1, - 1, fout); - FWrite(realm, strlen(realm) + 1, 1, fout); - FWrite(&princs[i].key_version, - sizeof(princs[i].key_version), 1, fout); - bcopy(&princs[i].key_low, session_key, sizeof(long)); - bcopy(&princs[i].key_high, session_key + sizeof(long), - sizeof(long)); - kdb_encrypt_key (session_key, session_key, - master_key, master_key_schedule, DES_DECRYPT); - FWrite(session_key, sizeof session_key, 1, fout); - } - fclose(fout); - } - - StampOutSecrets(); - - exit(fopen_errs); /* 0 errors if successful */ - -} - -void -Die() -{ - StampOutSecrets(); - exit(1); -} - -void -FWrite(p, size, n, f) - char *p; - int size; - int n; - FILE *f; -{ - if (fwrite(p, size, n, f) != n) { - printf("Error writing output file. Terminating.\n"); - Die(); - } -} - -void -StampOutSecrets() -{ - bzero(master_key, sizeof master_key); - bzero(session_key, sizeof session_key); - bzero(master_key_schedule, sizeof master_key_schedule); -} - -void -usage() -{ - fprintf(stderr, - "Usage: %s [-n] [-r realm] instance [instance ...]\n", progname); - exit(1); -} diff --git a/eBones/kadmin/HOW-TO b/eBones/kadmin/HOW-TO deleted file mode 100644 index bb5c3ca..0000000 --- a/eBones/kadmin/HOW-TO +++ /dev/null @@ -1,8 +0,0 @@ -# $Id$ - -To re-create this directory from outside the US, take the Makefile -(provided), get the two source files from the original eBones distribution, -do a `perl -spi.bak -e 's/\$(Header[^\$])\$/$1/g' *.{c,ct}', and then -edit the #includes in kadmin.c to make things compile. - -Unfortunately, this program is not exportable. diff --git a/eBones/kadmin/Makefile b/eBones/kadmin/Makefile deleted file mode 100644 index 8eae179..0000000 --- a/eBones/kadmin/Makefile +++ /dev/null @@ -1,19 +0,0 @@ -# $Id: Makefile,v 1.1 1995/07/18 16:36:53 mark Exp $ - -BINDIR= /usr/bin -PROG= kadmin -SRCS= kadmin.c kadmin_cmds.c -CLEANFILES+= kadmin_cmds.c -CFLAGS+= -DPOSIX -I${.CURDIR}/../include -I${KRBOBJDIR} -CFLAGS+= -I${.CURDIR}/../libkadm -Wall -LDADD+= -L${KADMOBJDIR} -lkadm -L${KRBOBJDIR} -lkrb -ldes -LDADD+= -lss -lcom_err -MAN8= kadmin.8 - -kadmin_cmds.c: kadmin_cmds.ct - test -e kadmin_cmds.ct || ln -s ${.CURDIR}/kadmin_cmds.ct . - mk_cmds kadmin_cmds.ct - -.include - - diff --git a/eBones/kadmin/kadmin.c b/eBones/kadmin/kadmin.c deleted file mode 100644 index fd98428..0000000 --- a/eBones/kadmin/kadmin.c +++ /dev/null @@ -1,636 +0,0 @@ -/* - * $Source: /usr/cvs/src/eBones/kadmin/kadmin.c,v $ - * $Author: mark $ - * - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * Copyright.MIT. - * - * Kerberos database administrator's tool. - * - * The default behavior of kadmin is if the -m option is given - * on the commandline, multiple requests are allowed to be given - * with one entry of the admin password (until the tickets expire). - * If you do not want this to be an available option, compile with - * NO_MULTIPLE defined. - */ - -#if 0 -#ifndef lint -static char rcsid_kadmin_c[] = -"BonesHeader: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kadmin.c,v 4.5 89/09/26 14:17:54 qjb Exp "; -#endif lint -#endif - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#define BAD_PW 1 -#define GOOD_PW 0 -#define FUDGE_VALUE 15 /* for ticket expiration time */ -#define PE_NO 0 -#define PE_YES 1 -#define PE_UNSURE 2 - -/* for get_password, whether it should do the swapping...necessary for - using vals structure, unnecessary for change_pw requests */ -#define DONTSWAP 0 -#define SWAP 1 - -static void do_init(int argc, char *argv[]); -void clean_up(void); -int get_password(unsigned long *low, unsigned long *high, char *prompt, - int byteswap); -int get_admin_password(void); -int princ_exists(char *name, char *instance, char *realm); - -extern ss_request_table admin_cmds; - -static char myname[ANAME_SZ]; -static char default_realm[REALM_SZ]; /* default kerberos realm */ -static char krbrlm[REALM_SZ]; /* current realm being administered */ -#ifndef NO_MULTIPLE -static int multiple = 0; /* Allow multiple requests per ticket */ -#endif - -int -main(argc, argv) - int argc; - char *argv[]; -{ - int sci_idx; - int code; - char tktstring[MAXPATHLEN]; - - void quit(); - - sci_idx = ss_create_invocation("admin", "2.0", (char *) NULL, - &admin_cmds, &code); - if (code) { - ss_perror(sci_idx, code, "creating invocation"); - exit(1); - } - (void) sprintf(tktstring, "/tmp/tkt_adm_%d",getpid()); - krb_set_tkt_string(tktstring); - - do_init(argc, argv); - - printf("Welcome to the Kerberos Administration Program, version 2\n"); - printf("Type \"help\" if you need it.\n"); - ss_listen(sci_idx, &code); - printf("\n"); - quit(); - exit(0); -} - -int -setvals(vals, string) - Kadm_vals *vals; - char *string; -{ - char realm[REALM_SZ]; - int status = KADM_SUCCESS; - - bzero(vals, sizeof(*vals)); - bzero(realm, sizeof(realm)); - - SET_FIELD(KADM_NAME,vals->fields); - SET_FIELD(KADM_INST,vals->fields); - if ((status = kname_parse(vals->name, vals->instance, realm, string))) { - printf("kerberos error: %s\n", krb_err_txt[status]); - return status; - } - if (!realm[0]) - strcpy(realm, default_realm); - if (strcmp(realm, krbrlm)) { - strcpy(krbrlm, realm); - if ((status = kadm_init_link(PWSERV_NAME, KRB_MASTER, krbrlm)) - != KADM_SUCCESS) - printf("kadm error for realm %s: %s\n", - krbrlm, error_message(status)); - } - if (status) - return 1; - else - return KADM_SUCCESS; -} - -void -change_password(argc, argv) - int argc; - char *argv[]; -{ - Kadm_vals old, new; - int status; - char pw_prompt[BUFSIZ]; - - if (argc != 2) { - printf("Usage: change_password loginname\n"); - return; - } - - if (setvals(&old, argv[1]) != KADM_SUCCESS) - return; - - new = old; - - SET_FIELD(KADM_DESKEY,new.fields); - - if (princ_exists(old.name, old.instance, krbrlm) != PE_NO) { - /* get the admin's password */ - if (get_admin_password() != GOOD_PW) - return; - - /* get the new password */ - (void) sprintf(pw_prompt, "New password for %s:", argv[1]); - - if (get_password(&new.key_low, &new.key_high, - pw_prompt, SWAP) == GOOD_PW) { - status = kadm_mod(&old, &new); - if (status == KADM_SUCCESS) { - printf("Password changed for %s.\n", argv[1]); - } else { - printf("kadmin: %s\nwhile changing password for %s", - error_message(status), argv[1]); - } - } else - printf("Error reading password; password unchanged\n"); - bzero((char *)&new, sizeof(new)); -#ifndef NO_MULTIPLE - if (!multiple) - clean_up(); -#endif - } - else - printf("kadmin: Principal does not exist.\n"); - return; -} - -/*ARGSUSED*/ -void -change_admin_password(argc, argv) - int argc; - char *argv[]; -{ - des_cblock newkey; - unsigned long low, high; - int status; - char prompt_pw[BUFSIZ]; - - if (argc != 1) { - printf("Usage: change_admin_password\n"); - return; - } - /* get the admin's password */ - if (get_admin_password() != GOOD_PW) - return; - - (void) sprintf(prompt_pw, "New password for %s.admin:",myname); - if (get_password(&low, &high, prompt_pw, DONTSWAP) == GOOD_PW) { - bcopy((char *)&low,(char *) newkey,4); - bcopy((char *)&high, (char *)(((long *) newkey) + 1),4); - low = high = 0L; - if ((status = kadm_change_pw(newkey)) == KADM_SUCCESS) - printf("Admin password changed\n"); - else - printf("kadm error: %s\n",error_message(status)); - bzero((char *)newkey, sizeof(newkey)); - } else - printf("Error reading password; password unchanged\n"); -#ifndef NO_MULTIPLE - if (!multiple) - clean_up(); -#endif - return; -} - -void -add_new_key(argc, argv) - int argc; - char *argv[]; -{ - Kadm_vals new; - char pw_prompt[BUFSIZ]; - int status; - - if (argc != 2) { - printf("Usage: add_new_key user_name.\n"); - return; - } - if (setvals(&new, argv[1]) != KADM_SUCCESS) - return; - - SET_FIELD(KADM_DESKEY,new.fields); - - if (princ_exists(new.name, new.instance, krbrlm) != PE_YES) { - /* get the admin's password */ - if (get_admin_password() != GOOD_PW) - return; - - /* get the new password */ - (void) sprintf(pw_prompt, "Password for %s:", argv[1]); - - if (get_password(&new.key_low, &new.key_high, - pw_prompt, SWAP) == GOOD_PW) { - status = kadm_add(&new); - if (status == KADM_SUCCESS) { - printf("%s added to database.\n", argv[1]); - } else { - printf("kadm error: %s\n",error_message(status)); - } - } else - printf("Error reading password; %s not added\n",argv[1]); - bzero((char *)&new, sizeof(new)); -#ifndef NO_MULTIPLE - if (!multiple) - clean_up(); -#endif - } - else - printf("kadmin: Principal already exists.\n"); - return; -} - -void -get_entry(argc, argv) - int argc; - char *argv[]; -{ - int status; - u_char fields[4]; - Kadm_vals vals; - - if (argc != 2) { - printf("Usage: get_entry username\n"); - return; - } - - bzero(fields, sizeof(fields)); - - SET_FIELD(KADM_NAME,fields); - SET_FIELD(KADM_INST,fields); - SET_FIELD(KADM_EXPDATE,fields); - SET_FIELD(KADM_ATTR,fields); - SET_FIELD(KADM_MAXLIFE,fields); - - if (setvals(&vals, argv[1]) != KADM_SUCCESS) - return; - - - if (princ_exists(vals.name, vals.instance, krbrlm) != PE_NO) { - /* get the admin's password */ - if (get_admin_password() != GOOD_PW) - return; - - if ((status = kadm_get(&vals, fields)) == KADM_SUCCESS) - prin_vals(&vals); - else - printf("kadm error: %s\n",error_message(status)); - -#ifndef NO_MULTIPLE - if (!multiple) - clean_up(); -#endif - } - else - printf("kadmin: Principal does not exist.\n"); - return; -} - - -void -help(argc, argv) - int argc; - char *argv[]; -{ - if (argc == 1) { - printf("Welcome to the Kerberos administration program."); - printf("Type \"?\" to get\n"); - printf("a list of requests that are available. You can"); - printf(" get help on each of\n"); - printf("the commands by typing \"help command_name\"."); - printf(" Some functions of this\n"); - printf("program will require an \"admin\" password"); - printf(" from you. This is a password\n"); - printf("private to you, that is used to authenticate"); - printf(" requests from this\n"); - printf("program. You can change this password with"); - printf(" the \"change_admin_password\"\n"); - printf("(or short form \"cap\") command. Good Luck! \n"); - } else if (!strcmp(argv[1], "change_password") || - !strcmp(argv[1], "cpw")) { - printf("Usage: change_password user_name.\n"); - printf("\n"); - printf("user_name is the name of the user whose password"); - printf(" you wish to change. \n"); - printf("His/her password is changed in the kerberos database\n"); - printf("When this command is issued, first the \"Admin\""); - printf(" password will be prompted\n"); - printf("for and if correct the user's new password will"); - printf(" be prompted for (twice with\n"); - printf("appropriate comparison). Note: No minimum password"); - printf(" length restrictions apply, but\n"); - printf("longer passwords are more secure.\n"); - } else if (!strcmp(argv[1], "change_admin_password") || - !strcmp(argv[1], "cap")) { - printf("Usage: change_admin_password.\n"); - printf("\n"); - printf("This command takes no arguments and is used"); - printf(" to change your private\n"); - printf("\"Admin\" password. It will first prompt for"); - printf(" the (current) \"Admin\"\n"); - printf("password and then ask for the new password"); - printf(" by prompting:\n"); - printf("\n"); - printf("New password for .admin:\n"); - printf("\n"); - printf("Enter the new admin password that you desire"); - printf(" (it will be asked for\n"); - printf("twice to avoid errors).\n"); - } else if (!strcmp(argv[1], "add_new_key") || - !strcmp(argv[1], "ank")) { - printf("Usage: add_new_key user_name.\n"); - printf("\n"); - printf("user_name is the name of a new user to put"); - printf(" in the kerberos database. Your\n"); - printf("\"Admin\" password and the user's password"); - printf(" are prompted for. The user's\n"); - printf("password will be asked for"); - printf(" twice to avoid errors.\n"); - } else if (!strcmp(argv[1], "get_entry") || - !strcmp(argv[1], "get")) { - printf("Usage: get_entry user_name.\n"); - printf("\n"); - printf("user_name is the name of a user whose"); - printf(" entry you wish to review. Your\n"); - printf("\"Admin\" password is prompted for. "); - printf(" The key field is not filled in, for\n"); - printf("security reasons.\n"); - } else if (!strcmp(argv[1], "destroy_tickets") || - !strcmp(argv[1], "dest")) { - printf("Usage: destroy_tickets\n"); - printf("\n"); - printf("Destroy your admin tickets. This will"); - printf(" cause you to be prompted for your\n"); - printf("admin password on your next request.\n"); - } else if (!strcmp(argv[1], "list_requests") || - !strcmp(argv[1], "lr") || - !strcmp(argv[1], "?")) { - printf("Usage: list_requests\n"); - printf("\n"); - printf("This command lists what other commands are"); - printf(" currently available.\n"); - } else if (!strcmp(argv[1], "exit") || - !strcmp(argv[1], "quit") || - !strcmp(argv[1], "q")) { - printf("Usage: quit\n"); - printf("\n"); - printf("This command exits this program.\n"); - } else { - printf("Sorry there is no such command as %s.", argv[1]); - printf(" Type \"help\" for more information. \n"); - } - return; -} - -void -go_home(str,x) -char *str; -int x; -{ - fprintf(stderr, "%s: %s\n", str, error_message(x)); - clean_up(); - exit(1); -} - -static int inited = 0; - -void -usage() -{ - fprintf(stderr, "Usage: kadmin [-u admin_name] [-r default_realm]"); -#ifndef NO_MULTIPLE - fprintf(stderr, " [-m]"); -#endif - fprintf(stderr, "\n"); -#ifndef NO_MULTIPLE - fprintf(stderr, " -m allows multiple admin requests to be "); - fprintf(stderr, "serviced with one entry of admin\n"); - fprintf(stderr, " password.\n"); -#endif - exit(1); -} - -static void -do_init(argc, argv) - int argc; - char *argv[]; -{ - struct passwd *pw; - extern char *optarg; - extern int optind; - int c; -#ifndef NO_MULTIPLE -#define OPTION_STRING "u:r:m" -#else -#define OPTION_STRING "u:r:" -#endif - - bzero(myname, sizeof(myname)); - - if (!inited) { - /* - * This is only as a default/initial realm; we don't care - * about failure. - */ - if (krb_get_lrealm(default_realm, 1) != KSUCCESS) - strcpy(default_realm, KRB_REALM); - - /* - * If we can reach the local realm, initialize to it. Otherwise, - * don't initialize. - */ - if (kadm_init_link(PWSERV_NAME, KRB_MASTER, krbrlm) != KADM_SUCCESS) - bzero(krbrlm, sizeof(krbrlm)); - else - strcpy(krbrlm, default_realm); - - while ((c = getopt(argc, argv, OPTION_STRING)) != EOF) - switch (c) { - case 'u': - strncpy(myname, optarg, sizeof(myname) - 1); - break; - case 'r': - bzero(default_realm, sizeof(default_realm)); - strncpy(default_realm, optarg, sizeof(default_realm) - 1); - break; -#ifndef NO_MULTIPLE - case 'm': - multiple++; - break; -#endif - default: - usage(); - break; - } - if (optind < argc) - usage(); - if (!myname[0]) { - pw = getpwuid((int) getuid()); - if (!pw) { - fprintf(stderr, - "You aren't in the password file. Who are you?\n"); - exit(1); - } - (void) strcpy(myname, pw->pw_name); - } - inited = 1; - } -} - -#ifdef NOENCRYPTION -#define read_long_pw_string placebo_read_pw_string -#else -#define read_long_pw_string des_read_pw_string -#endif -extern int read_long_pw_string(); - -int -get_admin_password() -{ - int status; - char admin_passwd[MAX_KPW_LEN]; /* Admin's password */ - int ticket_life = 1; /* minimum ticket lifetime */ -#ifndef NO_MULTIPLE - CREDENTIALS c; - - if (multiple) { - /* If admin tickets exist and are valid, just exit. */ - bzero(&c, sizeof(c)); - if (krb_get_cred(PWSERV_NAME, KADM_SINST, krbrlm, &c) == KSUCCESS) - /* - * If time is less than lifetime - FUDGE_VALUE after issue date, - * tickets will probably last long enough for the next - * transaction. - */ - if (time(0) < (c.issue_date + (5 * 60 * c.lifetime) - FUDGE_VALUE)) - return(KADM_SUCCESS); - ticket_life = DEFAULT_TKT_LIFE; - } -#endif - - if (princ_exists(myname, "admin", krbrlm) != PE_NO) { - if (read_long_pw_string(admin_passwd, sizeof(admin_passwd)-1, - "Admin password:", 0)) { - fprintf(stderr, "Error reading admin password.\n"); - goto bad; - } - status = krb_get_pw_in_tkt(myname, "admin", krbrlm, PWSERV_NAME, - KADM_SINST, ticket_life, admin_passwd); - bzero(admin_passwd, sizeof(admin_passwd)); - } - else - status = KDC_PR_UNKNOWN; - - switch(status) { - case GT_PW_OK: - return(GOOD_PW); - case KDC_PR_UNKNOWN: - printf("Principal %s.admin@%s does not exist.\n", myname, krbrlm); - goto bad; - case GT_PW_BADPW: - printf("Incorrect admin password.\n"); - goto bad; - default: - com_err("kadmin", status+krb_err_base, - "while getting password tickets"); - goto bad; - } - - bad: - bzero(admin_passwd, sizeof(admin_passwd)); - (void) dest_tkt(); - return(BAD_PW); -} - -void -clean_up() -{ - (void) dest_tkt(); - return; -} - -void -quit() -{ - printf("Cleaning up and exiting.\n"); - clean_up(); - exit(0); -} - -int -princ_exists(name, instance, realm) - char *name; - char *instance; - char *realm; -{ - int status; - - status = krb_get_pw_in_tkt(name, instance, realm, "krbtgt", realm, 1, ""); - - if ((status == KSUCCESS) || (status == INTK_BADPW)) - return(PE_YES); - else if (status == KDC_PR_UNKNOWN) - return(PE_NO); - else - return(PE_UNSURE); -} - -int -get_password(low, high, prompt, byteswap) -unsigned long *low, *high; -char *prompt; -int byteswap; -{ - char new_passwd[MAX_KPW_LEN]; /* new password */ - des_cblock newkey; - - do { - if (read_long_pw_string(new_passwd, sizeof(new_passwd)-1, prompt, 1)) - return(BAD_PW); - if (strlen(new_passwd) == 0) - printf("Null passwords are not allowed; try again.\n"); - } while (strlen(new_passwd) == 0); - -#ifdef NOENCRYPTION - bzero((char *) newkey, sizeof(newkey)); -#else - des_string_to_key(new_passwd, &newkey); -#endif - bzero(new_passwd, sizeof(new_passwd)); - - bcopy((char *) newkey,(char *)low,4); - bcopy((char *)(((long *) newkey) + 1), (char *)high,4); - - bzero((char *) newkey, sizeof(newkey)); - -#ifdef NOENCRYPTION - *low = 1; -#endif - - if (byteswap != DONTSWAP) { - *low = htonl(*low); - *high = htonl(*high); - } - return(GOOD_PW); -} diff --git a/eBones/kadmin/kadmin_cmds.ct b/eBones/kadmin/kadmin_cmds.ct deleted file mode 100644 index 141ac15..0000000 --- a/eBones/kadmin/kadmin_cmds.ct +++ /dev/null @@ -1,41 +0,0 @@ -# $Source: /usr/cvs/src/eBones/kadmin/kadmin_cmds.ct,v $ -# $Author: mark $ -# $Header: /usr/cvs/src/eBones/kadmin/kadmin_cmds.ct,v 1.1 1995/07/18 16:36:56 mark Exp $ -# -# Copyright 1988 by the Massachusetts Institute of Technology. -# -# For copying and distribution information, please see the file -# . -# -# Command table for Kerberos administration tool -# - command_table admin_cmds; - - request change_password, - "Change a user's password", - change_password, cpw; - - request change_admin_password, "Change your admin password", - change_admin_password, cap; - - request add_new_key, "Add new user to kerberos database", - add_new_key, ank; - - request get_entry, "Get entry from kerberos database", - get_entry, get; - - request clean_up, "Destroy admin tickets", - destroy_tickets, dest; - - request help,"Request help with this program", - help; - -# list_requests is generic -- unrelated to Kerberos - - request ss_list_requests, "List available requests.", - list_requests, lr, "?"; - - request quit, "Exit program.", - quit, exit, q; - - end; diff --git a/eBones/kadmind/HOW-TO b/eBones/kadmind/HOW-TO deleted file mode 100644 index f41982a..0000000 --- a/eBones/kadmind/HOW-TO +++ /dev/null @@ -1,267 +0,0 @@ -This directory was created from eBones by the following procedure: - -1) Get the files listed in the Makefile - -2) perl -spi.bak -e 's/\$(Header[^\$]*)\$/$1/g' - -3) Apply the patch listed below. - -diff -rc2 ../kadmind.orig/admin_server.c ./admin_server.c -*** ../kadmind.orig/admin_server.c Thu Jan 19 18:04:04 1995 ---- ./admin_server.c Thu Jan 19 21:58:51 1995 -*************** -*** 1,10 **** - /* -- * $Source: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/admin_server.c,v $ -- * $Author: jtkohl $ -- * - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file -! * . - * - * Top-level loop of the kerberos Administration server ---- 1,7 ---- - /* - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file -! * Copyright.MIT. - * - * Top-level loop of the kerberos Administration server -*************** -*** 12,20 **** - - #ifndef lint - static char rcsid_admin_server_c[] = -! "$Id: admin_server.c,v 4.8 90/01/02 13:50:38 jtkohl Exp $"; - #endif lint - -- #include - /* - admin_server.c ---- 9,20 ---- - - #ifndef lint -+ #if 0 - static char rcsid_admin_server_c[] = -! "Id: admin_server.c,v 4.8 90/01/02 13:50:38 jtkohl Exp "; -! #endif -! static const char rcsid[] = -! "$Id"; - #endif lint - - /* - admin_server.c -*************** -*** 389,393 **** ---- 389,397 ---- - register int i, j; - -+ #ifdef POSIX -+ int status; -+ #else - union wait status; -+ #endif - - pid = wait(&status); -*************** -*** 400,406 **** - pidarray[j] = pidarray[j+1]; - pidarraysize--; -! if (status.w_retcode || status.w_coredump || status.w_termsig) - log("child %d: termsig %d, coredump %d, retcode %d", pid, -! status.w_termsig, status.w_coredump, status.w_retcode); - #ifdef POSIX - return; ---- 404,410 ---- - pidarray[j] = pidarray[j+1]; - pidarraysize--; -! if (WEXITSTATUS(status) || WCOREDUMP(status) || WIFSIGNALED(status)) - log("child %d: termsig %d, coredump %d, retcode %d", pid, -! WTERMSIG(status), WCOREDUMP(status), WEXITSTATUS(status)); - #ifdef POSIX - return; -*************** -*** 410,414 **** - } - log("child %d not in list: termsig %d, coredump %d, retcode %d", pid, -! status.w_termsig, status.w_coredump, status.w_retcode); - #ifdef POSIX - return; ---- 414,418 ---- - } - log("child %d not in list: termsig %d, coredump %d, retcode %d", pid, -! WTERMSIG(status), WCOREDUMP(status), WEXITSTATUS(status)); - #ifdef POSIX - return; -Only in .: admin_server.c~ -diff -rc2 ../kadmind.orig/kadm_funcs.c ./kadm_funcs.c -*** ../kadmind.orig/kadm_funcs.c Thu Jan 19 18:04:04 1995 ---- ./kadm_funcs.c Thu Jan 19 21:56:31 1995 -*************** -*** 1,10 **** - /* -- * $Source: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kadm_funcs.c,v $ -- * $Author: jon $ -- * - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file -! * . - * - * Kerberos administration server-side database manipulation routines ---- 1,7 ---- - /* - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file -! * Copyright.MIT - * - * Kerberos administration server-side database manipulation routines -*************** -*** 12,20 **** - - #ifndef lint - static char rcsid_kadm_funcs_c[] = -! "$Id: kadm_funcs.c,v 4.3 90/03/20 01:39:51 jon Exp $"; - #endif lint - -- #include - /* - kadm_funcs.c ---- 9,20 ---- - - #ifndef lint -+ #if 0 - static char rcsid_kadm_funcs_c[] = -! "Id: kadm_funcs.c,v 4.3 90/03/20 01:39:51 jon Exp "; -! #endif -! static const char rcsid[] = -! "$Id$"; - #endif lint - - /* - kadm_funcs.c -Only in .: kadm_funcs.c~ -diff -rc2 ../kadmind.orig/kadm_ser_wrap.c ./kadm_ser_wrap.c -*** ../kadmind.orig/kadm_ser_wrap.c Thu Jan 19 18:04:04 1995 ---- ./kadm_ser_wrap.c Thu Jan 19 21:59:15 1995 -*************** -*** 1,10 **** - /* -- * $Source: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kadm_ser_wrap.c,v $ -- * $Author: jtkohl $ -- * - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file -! * . - * - * Kerberos administration server-side support functions ---- 1,7 ---- - /* - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file -! * Copyright.MIT. - * - * Kerberos administration server-side support functions -*************** -*** 16,20 **** - #endif lint - -- #include - /* - kadm_ser_wrap.c ---- 13,16 ---- -Only in .: kadm_ser_wrap.c~ -diff -rc2 ../kadmind.orig/kadm_server.c ./kadm_server.c -*** ../kadmind.orig/kadm_server.c Thu Jan 19 18:04:04 1995 ---- ./kadm_server.c Thu Jan 19 21:59:31 1995 -*************** -*** 1,10 **** - /* -- * $Source: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kadm_server.c,v $ -- * $Author: jtkohl $ -- * - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file -! * . - * - * Kerberos administration server-side subroutines ---- 1,7 ---- - /* - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file -! * Copyright.MIT. - * - * Kerberos administration server-side subroutines -*************** -*** 15,20 **** - "Header: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kadm_server.c,v 4.2 89/09/26 09:30:23 jtkohl Exp "; - #endif lint -- -- #include - - #include ---- 12,15 ---- -Only in .: kadm_server.c~ -diff -rc2 ../kadmind.orig/kadm_server.h ./kadm_server.h -*** ../kadmind.orig/kadm_server.h Thu Jan 19 18:04:05 1995 ---- ./kadm_server.h Thu Jan 19 18:06:36 1995 -*************** -*** 7,11 **** - * - * For copying and distribution information, please see the file -! * . - * - * Definitions for Kerberos administration server & client ---- 7,11 ---- - * - * For copying and distribution information, please see the file -! * Copyright.MIT. - * - * Definitions for Kerberos administration server & client -*************** -*** 15,19 **** - #define KADM_SERVER_DEFS - -- #include - /* - * kadm_server.h ---- 15,18 ---- -*************** -*** 25,30 **** - - #include -! #include -! #include - - typedef struct { ---- 24,29 ---- - - #include -! #include -! #include - - typedef struct { -*************** -*** 43,49 **** - - /* the default syslog file */ -! #define KADM_SYSLOG "/kerberos/admin_server.syslog" - -! #define DEFAULT_ACL_DIR "/kerberos" - #define ADD_ACL_FILE "/admin_acl.add" - #define GET_ACL_FILE "/admin_acl.get" ---- 42,48 ---- - - /* the default syslog file */ -! #define KADM_SYSLOG "/var/log/kadmind.syslog" - -! #define DEFAULT_ACL_DIR "/etc/kerberosIV" - #define ADD_ACL_FILE "/admin_acl.add" - #define GET_ACL_FILE "/admin_acl.get" diff --git a/eBones/kadmind/Makefile b/eBones/kadmind/Makefile deleted file mode 100644 index f2e0357..0000000 --- a/eBones/kadmind/Makefile +++ /dev/null @@ -1,11 +0,0 @@ -# $Id: Makefile,v 1.1 1995/07/18 16:36:59 mark Exp $ - -PROG= kadmind -SRCS= admin_server.c kadm_funcs.c kadm_ser_wrap.c kadm_server.c -CFLAGS+=-DPOSIX -I${.CURDIR}/../include -I${KRBOBJDIR} \ - -I${.CURDIR}/../libkadm -I${KADMOBJDIR} -Wall -LDADD+= -L${KADMOBJDIR} -lkadm -L${KDBOBJDIR} -lkdb -L${KRBOBJDIR} -lkrb \ - -ldes -L${ACLOBJDIR} -lacl -lcom_err -MAN8= kadmind.8 - -.include diff --git a/eBones/kadmind/admin_server.c b/eBones/kadmind/admin_server.c deleted file mode 100644 index 72980d4..0000000 --- a/eBones/kadmind/admin_server.c +++ /dev/null @@ -1,474 +0,0 @@ -/* - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * Copyright.MIT. - * - * Top-level loop of the kerberos Administration server - */ - -#if 0 -#ifndef lint -static char rcsid_admin_server_c[] = -"Id: admin_server.c,v 4.8 90/01/02 13:50:38 jtkohl Exp "; -static const char rcsid[] = - "$Id"; -#endif lint -#endif - -/* - admin_server.c - this holds the main loop and initialization and cleanup code for the server -*/ - -#include -#include -#include -#include -#include -#ifndef sigmask -#define sigmask(m) (1 <<((m)-1)) -#endif -#include -#include -#include -#include -#include -#include -#include -#include -#include "kadm_server.h" - -/* Almost all procs and such need this, so it is global */ -admin_params prm; /* The command line parameters struct */ - -char prog[32]; /* WHY IS THIS NEEDED??????? */ -char *progname = prog; -char *acldir = DEFAULT_ACL_DIR; -char krbrlm[REALM_SZ]; -extern Kadm_Server server_parm; - -void cleanexit(int val); -void process_client(int fd, struct sockaddr_in *who); -void kill_children(void); -static void clear_secrets(void); -void byebye(void); -void close_syslog(void); -int kadm_listen(void); - -/* -** Main does the logical thing, it sets up the database and RPC interface, -** as well as handling the creation and maintenance of the syslog file... -*/ -void -main(argc, argv) /* admin_server main routine */ -int argc; -char *argv[]; -{ - int errval; - int c; - extern char *optarg; - - prog[sizeof(prog)-1]='\0'; /* Terminate... */ - (void) strncpy(prog, argv[0], sizeof(prog)-1); - - /* initialize the admin_params structure */ - prm.sysfile = KADM_SYSLOG; /* default file name */ - prm.inter = 1; - - bzero(krbrlm, sizeof(krbrlm)); - - while ((c = getopt(argc, argv, "f:hnd:a:r:")) != EOF) - switch(c) { - case 'f': /* Syslog file name change */ - prm.sysfile = optarg; - break; - case 'n': - prm.inter = 0; - break; - case 'a': /* new acl directory */ - acldir = optarg; - break; - case 'd': - /* put code to deal with alt database place */ - if ((errval = kerb_db_set_name(optarg))) { - fprintf(stderr, "opening database %s: %s", - optarg, error_message(errval)); - exit(1); - } - break; - case 'r': - (void) strncpy(krbrlm, optarg, sizeof(krbrlm) - 1); - break; - case 'h': /* get help on using admin_server */ - default: - printf("Usage: admin_server [-h] [-n] [-r realm] [-d dbname] [-f filename] [-a acldir]\n"); - exit(-1); /* failure */ - } - - if (krbrlm[0] == 0) - if (krb_get_lrealm(krbrlm, 0) != KSUCCESS) { - fprintf(stderr, - "Unable to get local realm. Fix krb.conf or use -r.\n"); - exit(1); - } - - printf("KADM Server %s initializing\n",KADM_VERSTR); - printf("Please do not use 'kill -9' to kill this job, use a\n"); - printf("regular kill instead\n\n"); - - set_logfile(prm.sysfile); - log("Admin server starting"); - - (void) kerb_db_set_lockmode(KERB_DBL_NONBLOCKING); - errval = kerb_init(); /* Open the Kerberos database */ - if (errval) { - fprintf(stderr, "error: kerb_init() failed"); - close_syslog(); - byebye(); - } - /* set up the server_parm struct */ - if ((errval = kadm_ser_init(prm.inter, krbrlm))==KADM_SUCCESS) { - kerb_fini(); /* Close the Kerberos database-- - will re-open later */ - errval = kadm_listen(); /* listen for calls to server from - clients */ - } - if (errval != KADM_SUCCESS) { - fprintf(stderr,"error: %s\n",error_message(errval)); - kerb_fini(); /* Close if error */ - } - close_syslog(); /* Close syslog file, print - closing note */ - byebye(); /* Say bye bye on the terminal - in use */ -} /* procedure main */ - - -/* close the system log file */ -void -close_syslog() -{ - log("Shutting down admin server"); -} - -void -byebye() /* say goodnight gracie */ -{ - printf("Admin Server (kadm server) has completed operation.\n"); -} - -static void -clear_secrets() -{ - bzero((char *)server_parm.master_key, sizeof(server_parm.master_key)); - bzero((char *)server_parm.master_key_schedule, - sizeof(server_parm.master_key_schedule)); - server_parm.master_key_version = 0L; -} - -static exit_now = 0; - -sigtype -doexit() -{ - exit_now = 1; -#ifdef POSIX - return; -#else /* !POSIX */ - return(0); -#endif /* POSIX */ -} - -unsigned pidarraysize = 0; -int *pidarray = (int *)0; - -/* -kadm_listen -listen on the admin servers port for a request -*/ -int -kadm_listen() -{ - extern int errno; - int found; - int admin_fd; - int peer_fd; - fd_set mask, readfds; - struct sockaddr_in peer; - int addrlen; - int pid; - sigtype do_child(); - - (void) signal(SIGINT, doexit); - (void) signal(SIGTERM, doexit); - (void) signal(SIGHUP, doexit); - (void) signal(SIGQUIT, doexit); - (void) signal(SIGPIPE, SIG_IGN); /* get errors on write() */ - (void) signal(SIGALRM, doexit); - (void) signal(SIGCHLD, do_child); - - if ((admin_fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) - return KADM_NO_SOCK; - if (bind(admin_fd, (struct sockaddr *)&server_parm.admin_addr, - sizeof(struct sockaddr_in)) < 0) - return KADM_NO_BIND; - (void) listen(admin_fd, 1); - FD_ZERO(&mask); - FD_SET(admin_fd, &mask); - - for (;;) { /* loop nearly forever */ - if (exit_now) { - clear_secrets(); - kill_children(); - return(0); - } - readfds = mask; - if ((found = select(admin_fd+1,&readfds,(fd_set *)0, - (fd_set *)0, (struct timeval *)0)) == 0) - continue; /* no things read */ - if (found < 0) { - if (errno != EINTR) - log("select: %s",error_message(errno)); - continue; - } - if (FD_ISSET(admin_fd, &readfds)) { - /* accept the conn */ - addrlen = sizeof(peer); - if ((peer_fd = accept(admin_fd, (struct sockaddr *)&peer, - &addrlen)) < 0) { - log("accept: %s",error_message(errno)); - continue; - } - addrlen = sizeof(server_parm.admin_addr); - if (getsockname(peer_fd, (struct sockaddr *)&server_parm.admin_addr, - &addrlen)) { - log("getsockname: %s",error_message(errno)); - continue; - } -#ifdef DEBUG - printf("Connection recieved on %s\n", - inet_ntoa(server_parm.admin_addr.sin_addr)); -#endif /* DEBUG */ -#ifndef DEBUG - /* if you want a sep daemon for each server */ - if ((pid = fork())) { - /* parent */ - if (pid < 0) { - log("fork: %s",error_message(errno)); - (void) close(peer_fd); - continue; - } - /* fork succeded: keep tabs on child */ - (void) close(peer_fd); - if (pidarray) { - pidarray = (int *)realloc((char *)pidarray, ++pidarraysize); - pidarray[pidarraysize-1] = pid; - } else { - pidarray = (int *)malloc(pidarraysize = 1); - pidarray[0] = pid; - } - } else { - /* child */ - (void) close(admin_fd); -#endif /* DEBUG */ - /* do stuff */ - process_client (peer_fd, &peer); -#ifndef DEBUG - } -#endif - } else { - log("something else woke me up!"); - return(0); - } - } - /*NOTREACHED*/ - return(0); /* Shut -Wall up - markm */ -} - -#ifdef DEBUG -#define cleanexit(code) {kerb_fini(); return;} -#endif - -void -process_client(fd, who) -int fd; -struct sockaddr_in *who; -{ - u_char *dat; - int dat_len; - u_short dlen; - int retval; - int on = 1; - Principal service; - des_cblock skey; - int more; - int status; - - if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) < 0) - log("setsockopt keepalive: %d",errno); - - server_parm.recv_addr = *who; - - if (kerb_init()) { /* Open as client */ - log("can't open krb db"); - cleanexit(1); - } - /* need to set service key to changepw.KRB_MASTER */ - - status = kerb_get_principal(server_parm.sname, server_parm.sinst, &service, - 1, &more); - if (status == -1) { - /* db locked */ - u_long retcode = KADM_DB_INUSE; - char *pdat; - - dat_len = KADM_VERSIZE + sizeof(u_long); - dat = (u_char *) malloc((unsigned)dat_len); - pdat = (char *) dat; - retcode = htonl((u_long) KADM_DB_INUSE); - (void) strncpy(pdat, KADM_ULOSE, KADM_VERSIZE); - bcopy((char *)&retcode, &pdat[KADM_VERSIZE], sizeof(u_long)); - goto out; - } else if (!status) { - log("no service %s.%s",server_parm.sname, server_parm.sinst); - cleanexit(2); - } - - bcopy((char *)&service.key_low, (char *)skey, 4); - bcopy((char *)&service.key_high, (char *)(((long *) skey) + 1), 4); - bzero((char *)&service, sizeof(service)); - kdb_encrypt_key (skey, skey, server_parm.master_key, - server_parm.master_key_schedule, DECRYPT); - (void) krb_set_key((char *)skey, 0); /* if error, will show up when - rd_req fails */ - bzero((char *)skey, sizeof(skey)); - - while (1) { - if ((retval = krb_net_read(fd, (char *)&dlen, sizeof(u_short))) != - sizeof(u_short)) { - if (retval < 0) - log("dlen read: %s",error_message(errno)); - else if (retval) - log("short dlen read: %d",retval); - (void) close(fd); - cleanexit(retval ? 3 : 0); - } - if (exit_now) { - cleanexit(0); - } - dat_len = (int) ntohs(dlen); - dat = (u_char *) malloc((unsigned)dat_len); - if (!dat) { - log("malloc: No memory"); - (void) close(fd); - cleanexit(4); - } - if ((retval = krb_net_read(fd, (char *)dat, dat_len)) != dat_len) { - if (retval < 0) - log("data read: %s",error_message(errno)); - else - log("short read: %d vs. %d", dat_len, retval); - (void) close(fd); - cleanexit(5); - } - if (exit_now) { - cleanexit(0); - } - if ((retval = kadm_ser_in(&dat,&dat_len)) != KADM_SUCCESS) - log("processing request: %s", error_message(retval)); - - /* kadm_ser_in did the processing and returned stuff in - dat & dat_len , return the appropriate data */ - - out: - dlen = (u_short) dat_len; - - if (dat_len != (int)dlen) { - clear_secrets(); - abort(); /* XXX */ - } - dlen = htons(dlen); - - if (krb_net_write(fd, (char *)&dlen, sizeof(u_short)) < 0) { - log("writing dlen to client: %s",error_message(errno)); - (void) close(fd); - cleanexit(6); - } - - if (krb_net_write(fd, (char *)dat, dat_len) < 0) { - log(LOG_ERR, "writing to client: %s",error_message(errno)); - (void) close(fd); - cleanexit(7); - } - free((char *)dat); - } - /*NOTREACHED*/ -} - -sigtype -do_child() -{ - /* SIGCHLD brings us here */ - int pid; - register int i, j; - -#ifdef POSIX - int status; -#else - union wait status; -#endif - - pid = wait(&status); - - for (i = 0; i < pidarraysize; i++) - if (pidarray[i] == pid) { - /* found it */ - for (j = i; j < pidarraysize-1; j++) - /* copy others down */ - pidarray[j] = pidarray[j+1]; - pidarraysize--; - if (WEXITSTATUS(status) || WCOREDUMP(status) || WIFSIGNALED(status)) - log("child %d: termsig %d, coredump %d, retcode %d", pid, - WTERMSIG(status), WCOREDUMP(status), WEXITSTATUS(status)); -#ifdef POSIX - return; -#else /* !POSIX */ - return(0); -#endif /* POSIX */ - } - log("child %d not in list: termsig %d, coredump %d, retcode %d", pid, - WTERMSIG(status), WCOREDUMP(status), WEXITSTATUS(status)); -#ifdef POSIX - return; -#else /* !POSIX */ - return(0); -#endif /* POSIX */ -} - -#ifndef DEBUG -void -cleanexit(val) - int val; -{ - kerb_fini(); - clear_secrets(); - exit(val); -} -#endif - -void -kill_children() -{ - register int i; - int osigmask; - - osigmask = sigblock(sigmask(SIGCHLD)); - - for (i = 0; i < pidarraysize; i++) { - kill(pidarray[i], SIGINT); - log("killing child %d", pidarray[i]); - } - sigsetmask(osigmask); - return; -} diff --git a/eBones/kadmind/kadm_funcs.c b/eBones/kadmind/kadm_funcs.c deleted file mode 100644 index b8ddaa0..0000000 --- a/eBones/kadmind/kadm_funcs.c +++ /dev/null @@ -1,381 +0,0 @@ -/* - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * Copyright.MIT - * - * Kerberos administration server-side database manipulation routines - */ - -#if 0 -#ifndef lint -static char rcsid_kadm_funcs_c[] = -"Id: kadm_funcs.c,v 4.3 90/03/20 01:39:51 jon Exp "; -static const char rcsid[] = - "$Id: kadm_funcs.c,v 1.1 1995/07/18 16:37:02 mark Exp $"; -#endif lint -#endif - -/* -kadm_funcs.c -the actual database manipulation code -*/ - -#include -#include -#include -#include -#include -#include -#include -#include "kadm_server.h" - -extern Kadm_Server server_parm; - -int -check_access(pname, pinst, prealm, acltype) -char *pname; -char *pinst; -char *prealm; -enum acl_types acltype; -{ - char checkname[MAX_K_NAME_SZ]; - char filename[MAXPATHLEN]; - extern char *acldir; - - sprintf(checkname, "%s.%s@%s", pname, pinst, prealm); - - switch (acltype) { - case ADDACL: - sprintf(filename, "%s%s", acldir, ADD_ACL_FILE); - break; - case GETACL: - sprintf(filename, "%s%s", acldir, GET_ACL_FILE); - break; - case MODACL: - sprintf(filename, "%s%s", acldir, MOD_ACL_FILE); - break; - } - return(acl_check(filename, checkname)); -} - -int -wildcard(str) -char *str; -{ - if (!strcmp(str, WILDCARD_STR)) - return(1); - return(0); -} - -#define failadd(code) { (void) log("FAILED addding '%s.%s' (%s)", valsin->name, valsin->instance, error_message(code)); return code; } - -int -kadm_add_entry (rname, rinstance, rrealm, valsin, valsout) -char *rname; /* requestors name */ -char *rinstance; /* requestors instance */ -char *rrealm; /* requestors realm */ -Kadm_vals *valsin; -Kadm_vals *valsout; -{ - long numfound; /* check how many we get written */ - int more; /* pointer to more grabbed records */ - Principal data_i, data_o; /* temporary principal */ - u_char flags[4]; - des_cblock newpw; - Principal default_princ; - - if (!check_access(rname, rinstance, rrealm, ADDACL)) { - (void) log("WARNING: '%s.%s@%s' tried to add an entry for '%s.%s'", - rname, rinstance, rrealm, valsin->name, valsin->instance); - return KADM_UNAUTH; - } - - /* Need to check here for "legal" name and instance */ - if (wildcard(valsin->name) || wildcard(valsin->instance)) { - failadd(KADM_ILL_WILDCARD); - } - - (void) log("request to add an entry for '%s.%s' from '%s.%s@%s'", - valsin->name, valsin->instance, rname, rinstance, rrealm); - - numfound = kerb_get_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST, - &default_princ, 1, &more); - if (numfound == -1) { - failadd(KADM_DB_INUSE); - } else if (numfound != 1) { - failadd(KADM_UK_RERROR); - } - - kadm_vals_to_prin(valsin->fields, &data_i, valsin); - (void) strncpy(data_i.name, valsin->name, ANAME_SZ); - (void) strncpy(data_i.instance, valsin->instance, INST_SZ); - - if (!IS_FIELD(KADM_EXPDATE,valsin->fields)) - data_i.exp_date = default_princ.exp_date; - if (!IS_FIELD(KADM_ATTR,valsin->fields)) - data_i.attributes = default_princ.attributes; - if (!IS_FIELD(KADM_MAXLIFE,valsin->fields)) - data_i.max_life = default_princ.max_life; - - bzero((char *)&default_princ, sizeof(default_princ)); - - /* convert to host order */ - data_i.key_low = ntohl(data_i.key_low); - data_i.key_high = ntohl(data_i.key_high); - - - bcopy(&data_i.key_low,newpw,4); - bcopy(&data_i.key_high,(char *)(((long *) newpw) + 1),4); - - /* encrypt new key in master key */ - kdb_encrypt_key (newpw, newpw, server_parm.master_key, - server_parm.master_key_schedule, ENCRYPT); - bcopy(newpw,&data_i.key_low,4); - bcopy((char *)(((long *) newpw) + 1), &data_i.key_high,4); - bzero((char *)newpw, sizeof(newpw)); - - data_o = data_i; - numfound = kerb_get_principal(valsin->name, valsin->instance, - &data_o, 1, &more); - if (numfound == -1) { - failadd(KADM_DB_INUSE); - } else if (numfound) { - failadd(KADM_INUSE); - } else { - data_i.key_version++; - data_i.kdc_key_ver = server_parm.master_key_version; - (void) strncpy(data_i.mod_name, rname, sizeof(data_i.mod_name)-1); - (void) strncpy(data_i.mod_instance, rinstance, - sizeof(data_i.mod_instance)-1); - - numfound = kerb_put_principal(&data_i, 1); - if (numfound == -1) { - failadd(KADM_DB_INUSE); - } else if (numfound) { - failadd(KADM_UK_SERROR); - } else { - numfound = kerb_get_principal(valsin->name, valsin->instance, - &data_o, 1, &more); - if ((numfound!=1) || (more!=0)) { - failadd(KADM_UK_RERROR); - } - bzero((char *)flags, sizeof(flags)); - SET_FIELD(KADM_NAME,flags); - SET_FIELD(KADM_INST,flags); - SET_FIELD(KADM_EXPDATE,flags); - SET_FIELD(KADM_ATTR,flags); - SET_FIELD(KADM_MAXLIFE,flags); - kadm_prin_to_vals(flags, valsout, &data_o); - (void) log("'%s.%s' added.", valsin->name, valsin->instance); - return KADM_DATA; /* Set all the appropriate fields */ - } - } -} -#undef failadd - -#define failget(code) { (void) log("FAILED retrieving '%s.%s' (%s)", valsin->name, valsin->instance, error_message(code)); return code; } - -int -kadm_get_entry (rname, rinstance, rrealm, valsin, flags, valsout) -char *rname; /* requestors name */ -char *rinstance; /* requestors instance */ -char *rrealm; /* requestors realm */ -Kadm_vals *valsin; /* what they wannt to get */ -u_char *flags; /* which fields we want */ -Kadm_vals *valsout; /* what data is there */ -{ - long numfound; /* check how many were returned */ - int more; /* To point to more name.instances */ - Principal data_o; /* Data object to hold Principal */ - - - if (!check_access(rname, rinstance, rrealm, GETACL)) { - (void) log("WARNING: '%s.%s@%s' tried to get '%s.%s's entry", - rname, rinstance, rrealm, valsin->name, valsin->instance); - return KADM_UNAUTH; - } - - if (wildcard(valsin->name) || wildcard(valsin->instance)) { - failget(KADM_ILL_WILDCARD); - } - - (void) log("retrieve '%s.%s's entry for '%s.%s@%s'", - valsin->name, valsin->instance, rname, rinstance, rrealm); - - /* Look up the record in the database */ - numfound = kerb_get_principal(valsin->name, valsin->instance, - &data_o, 1, &more); - if (numfound == -1) { - failget(KADM_DB_INUSE); - } else if (numfound) { /* We got the record, let's return it */ - kadm_prin_to_vals(flags, valsout, &data_o); - (void) log("'%s.%s' retrieved.", valsin->name, valsin->instance); - return KADM_DATA; /* Set all the appropriate fields */ - } else { - failget(KADM_NOENTRY); /* Else whimper and moan */ - } -} -#undef failget - -#define failmod(code) { (void) log("FAILED modifying '%s.%s' (%s)", valsin1->name, valsin1->instance, error_message(code)); return code; } - -int -kadm_mod_entry (rname, rinstance, rrealm, valsin1, valsin2, valsout) -char *rname; /* requestors name */ -char *rinstance; /* requestors instance */ -char *rrealm; /* requestors realm */ -Kadm_vals *valsin1, *valsin2; /* holds the parameters being - passed in */ -Kadm_vals *valsout; /* the actual record which is returned */ -{ - long numfound; - int more; - Principal data_o, temp_key; - u_char fields[4]; - des_cblock newpw; - - if (wildcard(valsin1->name) || wildcard(valsin1->instance)) { - failmod(KADM_ILL_WILDCARD); - } - - if (!check_access(rname, rinstance, rrealm, MODACL)) { - (void) log("WARNING: '%s.%s@%s' tried to change '%s.%s's entry", - rname, rinstance, rrealm, valsin1->name, valsin1->instance); - return KADM_UNAUTH; - } - - (void) log("request to modify '%s.%s's entry from '%s.%s@%s' ", - valsin1->name, valsin1->instance, rname, rinstance, rrealm); - - numfound = kerb_get_principal(valsin1->name, valsin1->instance, - &data_o, 1, &more); - if (numfound == -1) { - failmod(KADM_DB_INUSE); - } else if (numfound) { - kadm_vals_to_prin(valsin2->fields, &temp_key, valsin2); - (void) strncpy(data_o.name, valsin1->name, ANAME_SZ); - (void) strncpy(data_o.instance, valsin1->instance, INST_SZ); - if (IS_FIELD(KADM_EXPDATE,valsin2->fields)) - data_o.exp_date = temp_key.exp_date; - if (IS_FIELD(KADM_ATTR,valsin2->fields)) - data_o.attributes = temp_key.attributes; - if (IS_FIELD(KADM_MAXLIFE,valsin2->fields)) - data_o.max_life = temp_key.max_life; - if (IS_FIELD(KADM_DESKEY,valsin2->fields)) { - data_o.key_version++; - data_o.kdc_key_ver = server_parm.master_key_version; - - - /* convert to host order */ - temp_key.key_low = ntohl(temp_key.key_low); - temp_key.key_high = ntohl(temp_key.key_high); - - - bcopy(&temp_key.key_low,newpw,4); - bcopy(&temp_key.key_high,(char *)(((long *) newpw) + 1),4); - - /* encrypt new key in master key */ - kdb_encrypt_key (newpw, newpw, server_parm.master_key, - server_parm.master_key_schedule, ENCRYPT); - bcopy(newpw,&data_o.key_low,4); - bcopy((char *)(((long *) newpw) + 1), &data_o.key_high,4); - bzero((char *)newpw, sizeof(newpw)); - } - bzero((char *)&temp_key, sizeof(temp_key)); - - (void) strncpy(data_o.mod_name, rname, sizeof(data_o.mod_name)-1); - (void) strncpy(data_o.mod_instance, rinstance, - sizeof(data_o.mod_instance)-1); - more = kerb_put_principal(&data_o, 1); - - bzero((char *)&data_o, sizeof(data_o)); - - if (more == -1) { - failmod(KADM_DB_INUSE); - } else if (more) { - failmod(KADM_UK_SERROR); - } else { - numfound = kerb_get_principal(valsin1->name, valsin1->instance, - &data_o, 1, &more); - if ((more!=0)||(numfound!=1)) { - failmod(KADM_UK_RERROR); - } - bzero((char *) fields, sizeof(fields)); - SET_FIELD(KADM_NAME,fields); - SET_FIELD(KADM_INST,fields); - SET_FIELD(KADM_EXPDATE,fields); - SET_FIELD(KADM_ATTR,fields); - SET_FIELD(KADM_MAXLIFE,fields); - kadm_prin_to_vals(fields, valsout, &data_o); - (void) log("'%s.%s' modified.", valsin1->name, valsin1->instance); - return KADM_DATA; /* Set all the appropriate fields */ - } - } - else { - failmod(KADM_NOENTRY); - } -} -#undef failmod - -#define failchange(code) { (void) log("FAILED changing key for '%s.%s@%s' (%s)", rname, rinstance, rrealm, error_message(code)); return code; } - -int -kadm_change (rname, rinstance, rrealm, newpw) -char *rname; -char *rinstance; -char *rrealm; -des_cblock newpw; -{ - long numfound; - int more; - Principal data_o; - des_cblock local_pw; - - if (strcmp(server_parm.krbrlm, rrealm)) { - (void) log("change key request from wrong realm, '%s.%s@%s'!\n", - rname, rinstance, rrealm); - return(KADM_WRONG_REALM); - } - - if (wildcard(rname) || wildcard(rinstance)) { - failchange(KADM_ILL_WILDCARD); - } - (void) log("'%s.%s@%s' wants to change its password", - rname, rinstance, rrealm); - - bcopy(newpw, local_pw, sizeof(local_pw)); - - /* encrypt new key in master key */ - kdb_encrypt_key (local_pw, local_pw, server_parm.master_key, - server_parm.master_key_schedule, ENCRYPT); - - numfound = kerb_get_principal(rname, rinstance, - &data_o, 1, &more); - if (numfound == -1) { - failchange(KADM_DB_INUSE); - } else if (numfound) { - bcopy(local_pw,&data_o.key_low,4); - bcopy((char *)(((long *) local_pw) + 1), &data_o.key_high,4); - data_o.key_version++; - data_o.kdc_key_ver = server_parm.master_key_version; - (void) strncpy(data_o.mod_name, rname, sizeof(data_o.mod_name)-1); - (void) strncpy(data_o.mod_instance, rinstance, - sizeof(data_o.mod_instance)-1); - more = kerb_put_principal(&data_o, 1); - bzero((char *) local_pw, sizeof(local_pw)); - bzero((char *) &data_o, sizeof(data_o)); - if (more == -1) { - failchange(KADM_DB_INUSE); - } else if (more) { - failchange(KADM_UK_SERROR); - } else { - (void) log("'%s.%s@%s' password changed.", rname, rinstance, rrealm); - return KADM_SUCCESS; - } - } - else { - failchange(KADM_NOENTRY); - } -} -#undef failchange diff --git a/eBones/kadmind/kadm_ser_wrap.c b/eBones/kadmind/kadm_ser_wrap.c deleted file mode 100644 index 0fa1ace..0000000 --- a/eBones/kadmind/kadm_ser_wrap.c +++ /dev/null @@ -1,213 +0,0 @@ -/* - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * Copyright.MIT. - * - * Kerberos administration server-side support functions - */ - -#if 0 -#ifndef lint -static char rcsid_module_c[] = -"BonesHeader: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kadm_ser_wrap.c,v 4.4 89/09/26 09:29:36 jtkohl Exp "; -#endif lint -#endif - -/* -kadm_ser_wrap.c -unwraps wrapped packets and calls the appropriate server subroutine -*/ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "kadm_server.h" - -Kadm_Server server_parm; - -/* -kadm_ser_init -set up the server_parm structure -*/ -int -kadm_ser_init(inter, realm) -int inter; /* interactive or from file */ -char realm[]; -{ - struct servent *sep; - struct hostent *hp; - char hostname[MAXHOSTNAMELEN]; - - init_kadm_err_tbl(); - init_krb_err_tbl(); - if (gethostname(hostname, sizeof(hostname))) - return KADM_NO_HOSTNAME; - - strcpy(server_parm.sname, PWSERV_NAME); - strcpy(server_parm.sinst, KRB_MASTER); - strcpy(server_parm.krbrlm, realm); - - server_parm.admin_fd = -1; - /* setting up the addrs */ - if ((sep = getservbyname(KADM_SNAME, "tcp")) == NULL) - return KADM_NO_SERV; - bzero((char *)&server_parm.admin_addr,sizeof(server_parm.admin_addr)); - server_parm.admin_addr.sin_family = AF_INET; - if ((hp = gethostbyname(hostname)) == NULL) - return KADM_NO_HOSTNAME; - server_parm.admin_addr.sin_addr.s_addr = INADDR_ANY; - server_parm.admin_addr.sin_port = sep->s_port; - /* setting up the database */ - if (kdb_get_master_key((inter==1),server_parm.master_key, - server_parm.master_key_schedule) != 0) - return KADM_NO_MAST; - if ((server_parm.master_key_version = - kdb_verify_master_key(server_parm.master_key, - server_parm.master_key_schedule,stderr))<0) - return KADM_NO_VERI; - return KADM_SUCCESS; -} - -static void -errpkt(dat, dat_len, code) -u_char **dat; -int *dat_len; -int code; -{ - u_long retcode; - char *pdat; - - free((char *)*dat); /* free up req */ - *dat_len = KADM_VERSIZE + sizeof(u_long); - *dat = (u_char *) malloc((unsigned)*dat_len); - pdat = (char *) *dat; - retcode = htonl((u_long) code); - (void) strncpy(pdat, KADM_ULOSE, KADM_VERSIZE); - bcopy((char *)&retcode, &pdat[KADM_VERSIZE], sizeof(u_long)); - return; -} - -/* -kadm_ser_in -unwrap the data stored in dat, process, and return it. -*/ -int -kadm_ser_in(dat,dat_len) -u_char **dat; -int *dat_len; -{ - u_char *in_st; /* pointer into the sent packet */ - int in_len,retc; /* where in packet we are, for - returns */ - u_long r_len; /* length of the actual packet */ - KTEXT_ST authent; /* the authenticator */ - AUTH_DAT ad; /* who is this, klink */ - u_long ncksum; /* checksum of encrypted data */ - des_key_schedule sess_sched; /* our schedule */ - MSG_DAT msg_st; - u_char *retdat, *tmpdat; - int retval, retlen; - - if (strncmp(KADM_VERSTR, (char *)*dat, KADM_VERSIZE)) { - errpkt(dat, dat_len, KADM_BAD_VER); - return KADM_BAD_VER; - } - in_len = KADM_VERSIZE; - /* get the length */ - if ((retc = stv_long(*dat, &r_len, in_len, *dat_len)) < 0) - return KADM_LENGTH_ERROR; - in_len += retc; - authent.length = *dat_len - r_len - KADM_VERSIZE - sizeof(u_long); - bcopy((char *)(*dat) + in_len, (char *)authent.dat, authent.length); - authent.mbz = 0; - /* service key should be set before here */ - if ((retc = krb_rd_req(&authent, server_parm.sname, server_parm.sinst, - server_parm.recv_addr.sin_addr.s_addr, &ad, (char *)0))) - { - errpkt(dat, dat_len,retc + krb_err_base); - return retc + krb_err_base; - } - -#define clr_cli_secrets() {bzero((char *)sess_sched, sizeof(sess_sched)); bzero((char *)ad.session, sizeof(ad.session));} - - in_st = *dat + *dat_len - r_len; -#ifdef NOENCRYPTION - ncksum = 0; -#else - ncksum = quad_cksum((des_cblock *)in_st, (des_cblock *)0, (long) r_len, - 0, (des_cblock *)ad.session); -#endif - if (ncksum!=ad.checksum) { /* yow, are we correct yet */ - clr_cli_secrets(); - errpkt(dat, dat_len,KADM_BAD_CHK); - return KADM_BAD_CHK; - } -#ifdef NOENCRYPTION - bzero(sess_sched, sizeof(sess_sched)); -#else - des_key_sched((des_cblock *)ad.session, sess_sched); -#endif - if ((retc = (int) krb_rd_priv(in_st, r_len, sess_sched, ad.session, - &server_parm.recv_addr, - &server_parm.admin_addr, &msg_st))) { - clr_cli_secrets(); - errpkt(dat, dat_len,retc + krb_err_base); - return retc + krb_err_base; - } - switch (msg_st.app_data[0]) { - case CHANGE_PW: - retval = kadm_ser_cpw(msg_st.app_data+1,(int) msg_st.app_length,&ad, - &retdat, &retlen); - break; - case ADD_ENT: - retval = kadm_ser_add(msg_st.app_data+1,(int) msg_st.app_length,&ad, - &retdat, &retlen); - break; - case GET_ENT: - retval = kadm_ser_get(msg_st.app_data+1,(int) msg_st.app_length,&ad, - &retdat, &retlen); - break; - case MOD_ENT: - retval = kadm_ser_mod(msg_st.app_data+1,(int) msg_st.app_length,&ad, - &retdat, &retlen); - break; - default: - clr_cli_secrets(); - errpkt(dat, dat_len, KADM_NO_OPCODE); - return KADM_NO_OPCODE; - } - /* Now seal the response back into a priv msg */ - free((char *)*dat); - tmpdat = (u_char *) malloc((unsigned)(retlen + KADM_VERSIZE + - sizeof(u_long))); - (void) strncpy((char *)tmpdat, KADM_VERSTR, KADM_VERSIZE); - retval = htonl((u_long)retval); - bcopy((char *)&retval, (char *)tmpdat + KADM_VERSIZE, sizeof(u_long)); - if (retlen) { - bcopy((char *)retdat, (char *)tmpdat + KADM_VERSIZE + sizeof(u_long), - retlen); - free((char *)retdat); - } - /* slop for mk_priv stuff */ - *dat = (u_char *) malloc((unsigned) (retlen + KADM_VERSIZE + - sizeof(u_long) + 200)); - if ((*dat_len = krb_mk_priv(tmpdat, *dat, - (u_long) (retlen + KADM_VERSIZE + - sizeof(u_long)), - sess_sched, - ad.session, &server_parm.admin_addr, - &server_parm.recv_addr)) < 0) { - clr_cli_secrets(); - errpkt(dat, dat_len, KADM_NO_ENCRYPT); - return KADM_NO_ENCRYPT; - } - clr_cli_secrets(); - return KADM_SUCCESS; -} diff --git a/eBones/kadmind/kadm_server.c b/eBones/kadmind/kadm_server.c deleted file mode 100644 index c6cbc6a..0000000 --- a/eBones/kadmind/kadm_server.c +++ /dev/null @@ -1,167 +0,0 @@ -/* - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * Copyright.MIT. - * - * Kerberos administration server-side subroutines - */ - -#if 0 -#ifndef lint -static char rcsid_kadm_server_c[] = -"Header: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kadm_server.c,v 4.2 89/09/26 09:30:23 jtkohl Exp "; -#endif lint -#endif - -#include -#include -#include -#include "kadm_server.h" - -/* -kadm_ser_cpw - the server side of the change_password routine - recieves : KTEXT, {key} - returns : CKSUM, RETCODE - acl : caller can change only own password - -Replaces the password (i.e. des key) of the caller with that specified in key. -Returns no actual data from the master server, since this is called by a user -*/ -int -kadm_ser_cpw(dat, len, ad, datout, outlen) -u_char *dat; -int len; -AUTH_DAT *ad; -u_char **datout; -int *outlen; -{ - unsigned long keylow, keyhigh; - des_cblock newkey; - int stvlen; - - /* take key off the stream, and change the database */ - - if ((stvlen = stv_long(dat, &keyhigh, 0, len)) < 0) - return(KADM_LENGTH_ERROR); - if (stv_long(dat, &keylow, stvlen, len) < 0) - return(KADM_LENGTH_ERROR); - - keylow = ntohl(keylow); - keyhigh = ntohl(keyhigh); - bcopy((char *)&keyhigh, (char *)(((long *)newkey) + 1), 4); - bcopy((char *)&keylow, (char *)newkey, 4); - *datout = 0; - *outlen = 0; - - return(kadm_change(ad->pname, ad->pinst, ad->prealm, newkey)); -} - -/* -kadm_ser_add - the server side of the add_entry routine - recieves : KTEXT, {values} - returns : CKSUM, RETCODE, {values} - acl : su, sms (as alloc) - -Adds and entry containing values to the database -returns the values of the entry, so if you leave certain fields blank you will - be able to determine the default values they are set to -*/ -int -kadm_ser_add(dat,len,ad, datout, outlen) -u_char *dat; -int len; -AUTH_DAT *ad; -u_char **datout; -int *outlen; -{ - Kadm_vals values, retvals; - int status; - - if ((status = stream_to_vals(dat, &values, len)) < 0) - return(KADM_LENGTH_ERROR); - if ((status = kadm_add_entry(ad->pname, ad->pinst, ad->prealm, - &values, &retvals)) == KADM_DATA) { - *outlen = vals_to_stream(&retvals,datout); - return KADM_SUCCESS; - } else { - *outlen = 0; - return status; - } -} - -/* -kadm_ser_mod - the server side of the mod_entry routine - recieves : KTEXT, {values, values} - returns : CKSUM, RETCODE, {values} - acl : su, sms (as register or dealloc) - -Modifies all entries corresponding to the first values so they match the - second values. -returns the values for the changed entries -*/ -int -kadm_ser_mod(dat,len,ad, datout, outlen) -u_char *dat; -int len; -AUTH_DAT *ad; -u_char **datout; -int *outlen; -{ - Kadm_vals vals1, vals2, retvals; - int wh; - int status; - - if ((wh = stream_to_vals(dat, &vals1, len)) < 0) - return KADM_LENGTH_ERROR; - if ((status = stream_to_vals(dat+wh,&vals2, len-wh)) < 0) - return KADM_LENGTH_ERROR; - if ((status = kadm_mod_entry(ad->pname, ad->pinst, ad->prealm, &vals1, - &vals2, &retvals)) == KADM_DATA) { - *outlen = vals_to_stream(&retvals,datout); - return KADM_SUCCESS; - } else { - *outlen = 0; - return status; - } -} - -/* -kadm_ser_get - recieves : KTEXT, {values, flags} - returns : CKSUM, RETCODE, {count, values, values, values} - acl : su - -gets the fields requested by flags from all entries matching values -returns this data for each matching recipient, after a count of how many such - matches there were -*/ -int -kadm_ser_get(dat,len,ad, datout, outlen) -u_char *dat; -int len; -AUTH_DAT *ad; -u_char **datout; -int *outlen; -{ - Kadm_vals values, retvals; - u_char fl[FLDSZ]; - int loop,wh; - int status; - - if ((wh = stream_to_vals(dat, &values, len)) < 0) - return KADM_LENGTH_ERROR; - if (wh + FLDSZ > len) - return KADM_LENGTH_ERROR; - for (loop=FLDSZ-1; loop>=0; loop--) - fl[loop] = dat[wh++]; - if ((status = kadm_get_entry(ad->pname, ad->pinst, ad->prealm, - &values, fl, &retvals)) == KADM_DATA) { - *outlen = vals_to_stream(&retvals,datout); - return KADM_SUCCESS; - } else { - *outlen = 0; - return status; - } -} - diff --git a/eBones/kadmind/kadm_server.h b/eBones/kadmind/kadm_server.h deleted file mode 100644 index 1708107..0000000 --- a/eBones/kadmind/kadm_server.h +++ /dev/null @@ -1,70 +0,0 @@ -/* - * $Source: /usr/cvs/src/eBones/kadmind/kadm_server.h,v $ - * $Author: mark $ - * Header: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kadm_server.h,v 4.1 89/12/21 17:46:51 jtkohl Exp - * - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * Copyright.MIT. - * - * Definitions for Kerberos administration server & client - */ - -#ifndef KADM_SERVER_DEFS -#define KADM_SERVER_DEFS - -/* - * kadm_server.h - * Header file for the fourth attempt at an admin server - * Doug Church, December 28, 1989, MIT Project Athena - * ps. Yes that means this code belongs to athena etc... - * as part of our ongoing attempt to copyright all greek names - */ - -#include -#include -#include - -typedef struct { - struct sockaddr_in admin_addr; - struct sockaddr_in recv_addr; - int recv_addr_len; - int admin_fd; /* our link to clients */ - char sname[ANAME_SZ]; - char sinst[INST_SZ]; - char krbrlm[REALM_SZ]; - C_Block master_key; - C_Block session_key; - Key_schedule master_key_schedule; - long master_key_version; -} Kadm_Server; - -/* the default syslog file */ -#define KADM_SYSLOG "/var/log/kadmind.syslog" - -#define DEFAULT_ACL_DIR "/etc/kerberosIV" -#define ADD_ACL_FILE "/admin_acl.add" -#define GET_ACL_FILE "/admin_acl.get" -#define MOD_ACL_FILE "/admin_acl.mod" - -int kadm_ser_in(unsigned char **dat, int *dat_len); -int kadm_ser_init(int inter, char realm[]); -int kadm_ser_cpw(u_char *dat, int len, AUTH_DAT *ad, u_char **datout, - int *outlen); -int kadm_ser_add(u_char *dat, int len, AUTH_DAT *ad, u_char **datout, - int *outlen); -int kadm_ser_mod(u_char *dat, int len, AUTH_DAT *ad, u_char **datout, - int *outlen); -int kadm_ser_get(u_char *dat, int len, AUTH_DAT *ad, u_char **datout, - int *outlen); -int kadm_change (char *rname, char *rinstance, char *rrealm, - des_cblock newpw); -int kadm_add_entry(char *rname, char *rinstance, char *rrealm, - Kadm_vals *valsin, Kadm_vals *valsout); -int kadm_mod_entry(char *rname, char *rinstance, char *rrealm, - Kadm_vals *valsin1, Kadm_vals *valsin2, Kadm_vals *valsout); -int kadm_get_entry(char *rname, char *rinstance, char *rrealm, - Kadm_vals *valsin, u_char *flags, Kadm_vals *valsout); - -#endif KADM_SERVER_DEFS diff --git a/eBones/kadmind/kadmind.8 b/eBones/kadmind/kadmind.8 deleted file mode 100644 index 1eb10d7..0000000 --- a/eBones/kadmind/kadmind.8 +++ /dev/null @@ -1,117 +0,0 @@ -.\" from: kadmind.8,v 4.1 89/07/25 17:28:33 jtkohl Exp $ -.\" $Id: kadmind.8,v 1.1.1.1 1994/09/30 14:50:06 csgr Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file . -.\" -.TH KADMIND 8 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -kadmind \- network daemon for Kerberos database administration -.SH SYNOPSIS -.B kadmind -[ -.B \-n -] [ -.B \-h -] [ -.B \-r realm -] [ -.B \-f filename -] [ -.B \-d dbname -] [ -.B \-a acldir -] -.SH DESCRIPTION -.I kadmind -is the network database server for the Kerberos password-changing and -administration tools. -.PP -Upon execution, it prompts the user to enter the master key string for -the database. -.PP -If the -.B \-n -option is specified, the master key is instead fetched from the master -key cache file. -.PP -If the -.B \-r -.I realm -option is specified, the admin server will pretend that its -local realm is -.I realm -instead of the actual local realm of the host it is running on. -This makes it possible to run a server for a foreign kerberos -realm. -.PP -If the -.B \-f -.I filename -option is specified, then that file is used to hold the log information -instead of the default. -.PP -If the -.B \-d -.I dbname -option is specified, then that file is used as the database name instead -of the default. -.PP -If the -.B \-a -.I acldir -option is specified, then -.I acldir -is used as the directory in which to search for access control lists -instead of the default. -.PP -If the -.B \-h -option is specified, -.I kadmind -prints out a short summary of the permissible control arguments, and -then exits. -.PP -When performing requests on behalf of clients, -.I kadmind -checks access control lists (ACLs) to determine the authorization of the client -to perform the requested action. -Currently three distinct access types are supported: -.TP 1i -Addition -(.add ACL file). If a principal is on this list, it may add new -principals to the database. -.TP -Retrieval -(.get ACL file). If a principal is on this list, it may retrieve -database entries. NOTE: A principal's private key is never returned by -the get functions. -.TP -Modification -(.mod ACL file). If a principal is on this list, it may modify entries -in the database. -.PP -A principal is always granted authorization to change its own password. -.SH FILES -.TP 20n -/var/log/kadmind.syslog -Default log file. -.TP -/etc/kerberosIV/admin_acl.{add,get,mod} -Access control list files -.TP -/etc/kerberosIV/principal.db -DBM file containing database -.TP -/etc/kerberosIV/principal.ok -Semaphore indicating that the DBM database is not being modified. -.TP -/etc/kerberosIV/master_key -Master key cache file. -.SH "SEE ALSO" -kerberos(1), kpasswd(1), kadmin(8), acl_check(3) -.SH AUTHORS -Douglas A. Church, MIT Project Athena -.br -John T. Kohl, Project Athena/Digital Equipment Corporation diff --git a/eBones/kdb/Makefile b/eBones/kdb/Makefile deleted file mode 100644 index 42f4235..0000000 --- a/eBones/kdb/Makefile +++ /dev/null @@ -1,11 +0,0 @@ -# From: @(#)Makefile 5.1 (Berkeley) 6/25/90 -# $Id: Makefile,v 1.4 1995/07/18 16:37:10 mark Exp $ - -SHLIB_MAJOR= 2 -SHLIB_MINOR= 0 - -LIB= kdb -CFLAGS+=-DKERBEROS -DDEBUG -I${.CURDIR}/../include -Wall -SRCS= krb_cache.c krb_dbm.c krb_kdb_utils.c krb_lib.c print_princ.c - -.include diff --git a/eBones/kdb/krb_cache.c b/eBones/kdb/krb_cache.c deleted file mode 100644 index 1c7c9ce..0000000 --- a/eBones/kdb/krb_cache.c +++ /dev/null @@ -1,181 +0,0 @@ -/* - * Copyright 1988 by the Massachusetts Institute of Technology. - * For copying and distribution information, please see the file - * . - * - * This is where a cache would be implemented, if it were necessary. - * - * from: krb_cache.c,v 4.5 89/01/24 18:12:34 jon Exp $ - * $Id: krb_cache.c,v 1.3 1995/07/18 16:37:12 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: krb_cache.c,v 1.3 1995/07/18 16:37:12 mark Exp $"; -#endif lint -#endif - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#ifdef DEBUG -extern int debug; -extern long kerb_debug; -#endif -static init = 0; - -/* - * initialization routine for cache - */ - -int -kerb_cache_init() -{ - init = 1; - return (0); -} - -/* - * look up a principal in the cache returns number of principals found - */ - -int -kerb_cache_get_principal(serv, inst, principal, max) - char *serv; /* could have wild card */ - char *inst; /* could have wild card */ - Principal *principal; - unsigned int max; /* max number of name structs to return */ - -{ - int found = 0; - - if (!init) - kerb_cache_init(); -#ifdef DEBUG - if (kerb_debug & 2) { - fprintf(stderr, "cache_get_principal for %s %s max = %d\n", - serv, inst, max); - if (found) { - fprintf(stderr, "cache get %s %s found %s %s\n", - serv, inst, principal->name, principal->instance); - } else { - fprintf(stderr, "cache %s %s not found\n", serv, - inst); - } - } -#endif - return (found); -} - -/* - * insert/replace a principal in the cache returns number of principals - * inserted - */ - -int -kerb_cache_put_principal(principal, max) - Principal *principal; - unsigned int max; /* max number of principal structs to - * insert */ - -{ - u_long i; - int count = 0; - - if (!init) - kerb_cache_init(); - -#ifdef DEBUG - if (kerb_debug & 2) { - fprintf(stderr, "kerb_cache_put_principal max = %d", - max); - } -#endif - - for (i = 0; i < max; i++) { -#ifdef DEBUG - if (kerb_debug & 2) - fprintf(stderr, "\n %s %s", - principal->name, principal->instance); -#endif - /* DO IT */ - count++; - principal++; - } - return count; -} - -/* - * look up a dba in the cache returns number of dbas found - */ - -int -kerb_cache_get_dba(serv, inst, dba, max) - char *serv; /* could have wild card */ - char *inst; /* could have wild card */ - Dba *dba; - unsigned int max; /* max number of name structs to return */ - -{ - int found = 0; - - if (!init) - kerb_cache_init(); - -#ifdef DEBUG - if (kerb_debug & 2) { - fprintf(stderr, "cache_get_dba for %s %s max = %d\n", - serv, inst, max); - if (found) { - fprintf(stderr, "cache get %s %s found %s %s\n", - serv, inst, dba->name, dba->instance); - } else { - fprintf(stderr, "cache %s %s not found\n", serv, inst); - } - } -#endif - return (found); -} - -/* - * insert/replace a dba in the cache returns number of dbas inserted - */ - -int -kerb_cache_put_dba(dba, max) - Dba *dba; - unsigned int max; /* max number of dba structs to insert */ - -{ - u_long i; - int count = 0; - - if (!init) - kerb_cache_init(); -#ifdef DEBUG - if (kerb_debug & 2) { - fprintf(stderr, "kerb_cache_put_dba max = %d", max); - } -#endif - for (i = 0; i < max; i++) { -#ifdef DEBUG - if (kerb_debug & 2) - fprintf(stderr, "\n %s %s", - dba->name, dba->instance); -#endif - /* DO IT */ - count++; - dba++; - } - return count; -} - diff --git a/eBones/kdb/krb_dbm.c b/eBones/kdb/krb_dbm.c deleted file mode 100644 index 760bd6f..0000000 --- a/eBones/kdb/krb_dbm.c +++ /dev/null @@ -1,789 +0,0 @@ -/* - * Copyright 1988 by the Massachusetts Institute of Technology. - * For copying and distribution information, please see the file - * . - * - * from: krb_dbm.c,v 4.9 89/04/18 16:15:13 wesommer Exp $ - * $Id: krb_dbm.c,v 1.4 1995/08/03 17:15:42 mark Exp $ -*/ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: krb_dbm.c,v 1.4 1995/08/03 17:15:42 mark Exp $"; -#endif lint -#endif - -#if defined(__FreeBSD__) || defined(__NetBSD__) -#define _NDBM_ -#endif - -#if defined(__FreeBSD__) || defined(__NetBSD__) -#define _DBM_ -#endif - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#ifdef _NDBM_ -#include -#else /*_NDBM_*/ -#include -#endif /*_NDBM_*/ -/* before krb_db.h */ -#include -#include - -#ifdef dbm_pagfno -#define DB -#endif - -#define KERB_DB_MAX_RETRY 5 - -#ifdef DEBUG -extern int debug; -extern long kerb_debug; -extern char *progname; -#endif - -static init = 0; -static char default_db_name[] = DBM_FILE; -static char *current_db_name = default_db_name; -static void encode_princ_key(datum *key, char *name, char *instance); -static void decode_princ_key(datum *key, char *name, char *instance); -static void encode_princ_contents(datum *contents, Principal *principal); -static void decode_princ_contents(datum *contents, Principal *principal); -static void kerb_dbl_fini(void); -static int kerb_dbl_lock(int mode); -static void kerb_dbl_unlock(void); -static long kerb_start_update(char *db_name); -static long kerb_end_update(char *db_name, long age); - -static struct timeval timestamp;/* current time of request */ -static int non_blocking = 0; - -/* - * This module contains all of the code which directly interfaces to - * the underlying representation of the Kerberos database; this - * implementation uses a DBM or NDBM indexed "file" (actually - * implemented as two separate files) to store the relations, plus a - * third file as a semaphore to allow the database to be replaced out - * from underneath the KDC server. - */ - -/* - * Locking: - * - * There are two distinct locking protocols used. One is designed to - * lock against processes (the admin_server, for one) which make - * incremental changes to the database; the other is designed to lock - * against utilities (kdb_util, kpropd) which replace the entire - * database in one fell swoop. - * - * The first locking protocol is implemented using flock() in the - * krb_dbl_lock() and krb_dbl_unlock routines. - * - * The second locking protocol is necessary because DBM "files" are - * actually implemented as two separate files, and it is impossible to - * atomically rename two files simultaneously. It assumes that the - * database is replaced only very infrequently in comparison to the time - * needed to do a database read operation. - * - * A third file is used as a "version" semaphore; the modification - * time of this file is the "version number" of the database. - * At the start of a read operation, the reader checks the version - * number; at the end of the read operation, it checks again. If the - * version number changed, or if the semaphore was nonexistant at - * either time, the reader sleeps for a second to let things - * stabilize, and then tries again; if it does not succeed after - * KERB_DB_MAX_RETRY attempts, it gives up. - * - * On update, the semaphore file is deleted (if it exists) before any - * update takes place; at the end of the update, it is replaced, with - * a version number strictly greater than the version number which - * existed at the start of the update. - * - * If the system crashes in the middle of an update, the semaphore - * file is not automatically created on reboot; this is a feature, not - * a bug, since the database may be inconsistant. Note that the - * absence of a semaphore file does not prevent another _update_ from - * taking place later. Database replacements take place automatically - * only on slave servers; a crash in the middle of an update will be - * fixed by the next slave propagation. A crash in the middle of an - * update on the master would be somewhat more serious, but this would - * likely be noticed by an administrator, who could fix the problem and - * retry the operation. - */ - -/* Macros to convert ndbm names to dbm names. - * Note that dbm_nextkey() cannot be simply converted using a macro, since - * it is invoked giving the database, and nextkey() needs the previous key. - * - * Instead, all routines call "dbm_next" instead. - */ - -#ifndef _NDBM_ -typedef char DBM; - -#define dbm_open(file, flags, mode) ((dbminit(file) == 0)?"":((char *)0)) -#define dbm_fetch(db, key) fetch(key) -#define dbm_store(db, key, content, flag) store(key, content) -#define dbm_firstkey(db) firstkey() -#define dbm_next(db,key) nextkey(key) -#define dbm_close(db) dbmclose() -#else -#define dbm_next(db,key) dbm_nextkey(db) -#endif - -/* - * Utility routine: generate name of database file. - */ - -static char *gen_dbsuffix(db_name, sfx) - char *db_name; - char *sfx; -{ - char *dbsuffix; - - if (sfx == NULL) - sfx = ".ok"; - - dbsuffix = malloc (strlen(db_name) + strlen(sfx) + 1); - strcpy(dbsuffix, db_name); - strcat(dbsuffix, sfx); - return dbsuffix; -} - -/* - * initialization for data base routines. - */ - -int -kerb_db_init() -{ - init = 1; - return (0); -} - -/* - * gracefully shut down database--must be called by ANY program that does - * a kerb_db_init - */ - -void -kerb_db_fini() -{ -} - -/* - * Set the "name" of the current database to some alternate value. - * - * Passing a null pointer as "name" will set back to the default. - * If the alternate database doesn't exist, nothing is changed. - */ - -int -kerb_db_set_name(name) - char *name; -{ - DBM *db; - - if (name == NULL) - name = default_db_name; - db = dbm_open(name, 0, 0); - if (db == NULL) - return errno; - dbm_close(db); - kerb_dbl_fini(); - current_db_name = name; - return 0; -} - -/* - * Return the last modification time of the database. - */ - -long -kerb_get_db_age() -{ - struct stat st; - char *okname; - long age; - - okname = gen_dbsuffix(current_db_name, ".ok"); - - if (stat (okname, &st) < 0) - age = 0; - else - age = st.st_mtime; - - free (okname); - return age; -} - -/* - * Remove the semaphore file; indicates that database is currently - * under renovation. - * - * This is only for use when moving the database out from underneath - * the server (for example, during slave updates). - */ - -static long -kerb_start_update(db_name) - char *db_name; -{ - char *okname = gen_dbsuffix(db_name, ".ok"); - long age = kerb_get_db_age(); - - if (unlink(okname) < 0 - && errno != ENOENT) { - age = -1; - } - free (okname); - return age; -} - -static long -kerb_end_update(db_name, age) - char *db_name; - long age; -{ - int fd; - int retval = 0; - char *new_okname = gen_dbsuffix(db_name, ".ok#"); - char *okname = gen_dbsuffix(db_name, ".ok"); - - fd = open (new_okname, O_CREAT|O_RDWR|O_TRUNC, 0600); - if (fd < 0) - retval = errno; - else { - struct stat st; - struct timeval tv[2]; - /* make sure that semaphore is "after" previous value. */ - if (fstat (fd, &st) == 0 - && st.st_mtime <= age) { - tv[0].tv_sec = st.st_atime; - tv[0].tv_usec = 0; - tv[1].tv_sec = age; - tv[1].tv_usec = 0; - /* set times.. */ - utimes (new_okname, tv); - fsync(fd); - } - close(fd); - if (rename (new_okname, okname) < 0) - retval = errno; - } - - free (new_okname); - free (okname); - - return retval; -} - -static long -kerb_start_read() -{ - return kerb_get_db_age(); -} - -static long -kerb_end_read(age) - u_long age; -{ - if (kerb_get_db_age() != age || age == -1) { - return -1; - } - return 0; -} - -/* - * Create the database, assuming it's not there. - */ - -int -kerb_db_create(db_name) - char *db_name; -{ - char *okname = gen_dbsuffix(db_name, ".ok"); - int fd; - register int ret = 0; -#ifdef _NDBM_ - DBM *db; - - db = dbm_open(db_name, O_RDWR|O_CREAT|O_EXCL, 0600); - if (db == NULL) - ret = errno; - else - dbm_close(db); -#else - char *dirname = gen_dbsuffix(db_name, ".dir"); - char *pagname = gen_dbsuffix(db_name, ".pag"); - - fd = open(dirname, O_RDWR|O_CREAT|O_EXCL, 0600); - if (fd < 0) - ret = errno; - else { - close(fd); - fd = open (pagname, O_RDWR|O_CREAT|O_EXCL, 0600); - if (fd < 0) - ret = errno; - else - close(fd); - } - if (dbminit(db_name) < 0) - ret = errno; -#endif - if (ret == 0) { - fd = open (okname, O_CREAT|O_RDWR|O_TRUNC, 0600); - if (fd < 0) - ret = errno; - close(fd); - } - return ret; -} - -/* - * "Atomically" rename the database in a way that locks out read - * access in the middle of the rename. - * - * Not perfect; if we crash in the middle of an update, we don't - * necessarily know to complete the transaction the rename, but... - */ - -int -kerb_db_rename(from, to) - char *from; - char *to; -{ -#ifdef _DBM_ - char *fromdb = gen_dbsuffix (from, ".db"); - char *todb = gen_dbsuffix (to, ".db"); -#else - char *fromdir = gen_dbsuffix (from, ".dir"); - char *todir = gen_dbsuffix (to, ".dir"); - char *frompag = gen_dbsuffix (from , ".pag"); - char *topag = gen_dbsuffix (to, ".pag"); -#endif - char *fromok = gen_dbsuffix(from, ".ok"); - long trans = kerb_start_update(to); - int ok = 0; - -#ifdef _DBM_ - if (rename (fromdb, todb) == 0) { -#else - if ((rename (fromdir, todir) == 0) - && (rename (frompag, topag) == 0)) { -#endif - (void) unlink (fromok); - ok = 1; - } - - free (fromok); -#ifdef _DBM_ - free (fromdb); - free (todb); -#else - free (fromdir); - free (todir); - free (frompag); - free (topag); -#endif - if (ok) - return kerb_end_update(to, trans); - else - return -1; -} - -/* - * look up a principal in the data base returns number of principals - * found , and whether there were more than requested. - */ - -int -kerb_db_get_principal(name, inst, principal, max, more) - char *name; /* could have wild card */ - char *inst; /* could have wild card */ - Principal *principal; - unsigned int max; /* max number of name structs to return */ - int *more; /* where there more than 'max' tuples? */ - -{ - int found = 0, code; - extern int errorproc(); - int wildp, wildi; - datum key, contents; - char testname[ANAME_SZ], testinst[INST_SZ]; - u_long trans; - int try; - DBM *db; - - if (!init) - kerb_db_init(); /* initialize database routines */ - - for (try = 0; try < KERB_DB_MAX_RETRY; try++) { - trans = kerb_start_read(); - - if ((code = kerb_dbl_lock(KERB_DBL_SHARED)) != 0) - return -1; - - db = dbm_open(current_db_name, O_RDONLY, 0600); - - *more = 0; - -#ifdef DEBUG - if (kerb_debug & 2) - fprintf(stderr, - "%s: db_get_principal for %s %s max = %d", - progname, name, inst, max); -#endif - - wildp = !strcmp(name, "*"); - wildi = !strcmp(inst, "*"); - - if (!wildi && !wildp) { /* nothing's wild */ - encode_princ_key(&key, name, inst); - contents = dbm_fetch(db, key); - if (contents.dptr == NULL) { - found = 0; - goto done; - } - decode_princ_contents(&contents, principal); -#ifdef DEBUG - if (kerb_debug & 1) { - fprintf(stderr, "\t found %s %s p_n length %d t_n length %d\n", - principal->name, principal->instance, - strlen(principal->name), - strlen(principal->instance)); - } -#endif - found = 1; - goto done; - } - /* process wild cards by looping through entire database */ - - for (key = dbm_firstkey(db); key.dptr != NULL; - key = dbm_next(db, key)) { - decode_princ_key(&key, testname, testinst); - if ((wildp || !strcmp(testname, name)) && - (wildi || !strcmp(testinst, inst))) { /* have a match */ - if (found >= max) { - *more = 1; - goto done; - } else { - found++; - contents = dbm_fetch(db, key); - decode_princ_contents(&contents, principal); -#ifdef DEBUG - if (kerb_debug & 1) { - fprintf(stderr, - "\tfound %s %s p_n length %d t_n length %d\n", - principal->name, principal->instance, - strlen(principal->name), - strlen(principal->instance)); - } -#endif - principal++; /* point to next */ - } - } - } - - done: - kerb_dbl_unlock(); /* unlock read lock */ - dbm_close(db); - if (kerb_end_read(trans) == 0) - break; - found = -1; - if (!non_blocking) - sleep(1); - } - return (found); -} - -/* - * Update a name in the data base. Returns number of names - * successfully updated. - */ - -int -kerb_db_put_principal(principal, max) - Principal *principal; - unsigned int max; /* number of principal structs to - * update */ - -{ - int found = 0, code; - u_long i; - extern int errorproc(); - datum key, contents; - DBM *db; - - gettimeofday(×tamp, NULL); - - if (!init) - kerb_db_init(); - - if ((code = kerb_dbl_lock(KERB_DBL_EXCLUSIVE)) != 0) - return -1; - - db = dbm_open(current_db_name, O_RDWR, 0600); - -#ifdef DEBUG - if (kerb_debug & 2) - fprintf(stderr, "%s: kerb_db_put_principal max = %d", - progname, max); -#endif - - /* for each one, stuff temps, and do replace/append */ - for (i = 0; i < max; i++) { - encode_princ_contents(&contents, principal); - encode_princ_key(&key, principal->name, principal->instance); - dbm_store(db, key, contents, DBM_REPLACE); -#ifdef DEBUG - if (kerb_debug & 1) { - fprintf(stderr, "\n put %s %s\n", - principal->name, principal->instance); - } -#endif - found++; - principal++; /* bump to next struct */ - } - - dbm_close(db); - kerb_dbl_unlock(); /* unlock database */ - return (found); -} - -static void -encode_princ_key(key, name, instance) - datum *key; - char *name, *instance; -{ - static char keystring[ANAME_SZ + INST_SZ]; - - bzero(keystring, ANAME_SZ + INST_SZ); - strncpy(keystring, name, ANAME_SZ); - strncpy(&keystring[ANAME_SZ], instance, INST_SZ); - key->dptr = keystring; - key->dsize = ANAME_SZ + INST_SZ; -} - -static void -decode_princ_key(key, name, instance) - datum *key; - char *name, *instance; -{ - strncpy(name, key->dptr, ANAME_SZ); - strncpy(instance, key->dptr + ANAME_SZ, INST_SZ); - name[ANAME_SZ - 1] = '\0'; - instance[INST_SZ - 1] = '\0'; -} - -static void -encode_princ_contents(contents, principal) - datum *contents; - Principal *principal; -{ - contents->dsize = sizeof(*principal); - contents->dptr = (char *) principal; -} - -static void -decode_princ_contents(contents, principal) - datum *contents; - Principal *principal; -{ - bcopy(contents->dptr, (char *) principal, sizeof(*principal)); -} - -void -kerb_db_get_stat(s) - DB_stat *s; -{ - gettimeofday(×tamp, NULL); - - - s->cpu = 0; - s->elapsed = 0; - s->dio = 0; - s->pfault = 0; - s->t_stamp = timestamp.tv_sec; - s->n_retrieve = 0; - s->n_replace = 0; - s->n_append = 0; - s->n_get_stat = 0; - s->n_put_stat = 0; - /* update local copy too */ -} - -void -kerb_db_put_stat(s) - DB_stat *s; -{ -} - -void -delta_stat(a, b, c) - DB_stat *a, *b, *c; -{ - /* c = a - b then b = a for the next time */ - - c->cpu = a->cpu - b->cpu; - c->elapsed = a->elapsed - b->elapsed; - c->dio = a->dio - b->dio; - c->pfault = a->pfault - b->pfault; - c->t_stamp = a->t_stamp - b->t_stamp; - c->n_retrieve = a->n_retrieve - b->n_retrieve; - c->n_replace = a->n_replace - b->n_replace; - c->n_append = a->n_append - b->n_append; - c->n_get_stat = a->n_get_stat - b->n_get_stat; - c->n_put_stat = a->n_put_stat - b->n_put_stat; - - bcopy(a, b, sizeof(DB_stat)); -} - -/* - * look up a dba in the data base returns number of dbas found , and - * whether there were more than requested. - */ - -int -kerb_db_get_dba(dba_name, dba_inst, dba, max, more) - char *dba_name; /* could have wild card */ - char *dba_inst; /* could have wild card */ - Dba *dba; - unsigned int max; /* max number of name structs to return */ - int *more; /* where there more than 'max' tuples? */ - -{ - *more = 0; - return (0); -} - -int -kerb_db_iterate (func, arg) - int (*func)(); - char *arg; /* void *, really */ -{ - datum key, contents; - Principal *principal; - int code; - DBM *db; - - kerb_db_init(); /* initialize and open the database */ - if ((code = kerb_dbl_lock(KERB_DBL_SHARED)) != 0) - return code; - - db = dbm_open(current_db_name, O_RDONLY, 0600); - - for (key = dbm_firstkey (db); key.dptr != NULL; key = dbm_next(db, key)) { - contents = dbm_fetch (db, key); - /* XXX may not be properly aligned */ - principal = (Principal *) contents.dptr; - if ((code = (*func)(arg, principal)) != 0) - return code; - } - dbm_close(db); - kerb_dbl_unlock(); - return 0; -} - -static int dblfd = -1; -static int mylock = 0; -static int inited = 0; - -static void -kerb_dbl_init() -{ - if (!inited) { - char *filename = gen_dbsuffix (current_db_name, ".ok"); - if ((dblfd = open(filename, 0)) < 0) { - fprintf(stderr, "kerb_dbl_init: couldn't open %s\n", filename); - fflush(stderr); - perror("open"); - exit(1); - } - free(filename); - inited++; - } -} - -static void -kerb_dbl_fini() -{ - close(dblfd); - dblfd = -1; - inited = 0; - mylock = 0; -} - -static int -kerb_dbl_lock(mode) - int mode; -{ - int flock_mode; - - if (!inited) - kerb_dbl_init(); - if (mylock) { /* Detect lock call when lock already - * locked */ - fprintf(stderr, "Kerberos locking error (mylock)\n"); - fflush(stderr); - exit(1); - } - switch (mode) { - case KERB_DBL_EXCLUSIVE: - flock_mode = LOCK_EX; - break; - case KERB_DBL_SHARED: - flock_mode = LOCK_SH; - break; - default: - fprintf(stderr, "invalid lock mode %d\n", mode); - abort(); - } - if (non_blocking) - flock_mode |= LOCK_NB; - - if (flock(dblfd, flock_mode) < 0) - return errno; - mylock++; - return 0; -} - -static void -kerb_dbl_unlock() -{ - if (!mylock) { /* lock already unlocked */ - fprintf(stderr, "Kerberos database lock not locked when unlocking.\n"); - fflush(stderr); - exit(1); - } - if (flock(dblfd, LOCK_UN) < 0) { - fprintf(stderr, "Kerberos database lock error. (unlocking)\n"); - fflush(stderr); - perror("flock"); - exit(1); - } - mylock = 0; -} - -int -kerb_db_set_lockmode(mode) - int mode; -{ - int old = non_blocking; - non_blocking = mode; - return old; -} diff --git a/eBones/kdb/krb_kdb_utils.c b/eBones/kdb/krb_kdb_utils.c deleted file mode 100644 index 0256348..0000000 --- a/eBones/kdb/krb_kdb_utils.c +++ /dev/null @@ -1,148 +0,0 @@ -/* - * Copyright 1988 by the Massachusetts Institute of Technology. - * For copying and distribution information, please see the file - * . - * - * Utility routines for Kerberos programs which directly access - * the database. This code was duplicated in too many places - * before I gathered it here. - * - * Jon Rochlis, MIT Telecom, March 1988 - * - * from: krb_kdb_utils.c,v 4.1 89/07/26 11:01:12 jtkohl Exp $ - * $Id: krb_kdb_utils.c,v 1.3 1995/07/18 16:37:15 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: krb_kdb_utils.c,v 1.3 1995/07/18 16:37:15 mark Exp $"; -#endif lint -#endif - -#include -#include -#include -#include -#include -#include -#include -#include - -long -kdb_get_master_key(prompt, master_key, master_key_sched) - int prompt; - C_Block master_key; - Key_schedule master_key_sched; -{ - int kfile; - - if (prompt) { -#ifdef NOENCRYPTION - placebo_read_password(master_key, - "\nEnter Kerberos master key: ", 0); -#else - des_read_password((des_cblock *)master_key, - "\nEnter Kerberos master key: ", 0); -#endif - printf ("\n"); - } - else { - kfile = open(MKEYFILE, O_RDONLY, 0600); - if (kfile < 0) { - /* oh, for com_err_ */ - return (-1); - } - if (read(kfile, (char *) master_key, 8) != 8) { - return (-1); - } - close(kfile); - } - -#ifndef NOENCRYPTION - key_sched((des_cblock *)master_key,master_key_sched); -#endif - return (0); -} - -/* The caller is reasponsible for cleaning up the master key and sched, - even if we can't verify the master key */ - -/* Returns master key version if successful, otherwise -1 */ - -long -kdb_verify_master_key (master_key, master_key_sched, out) - C_Block master_key; - Key_schedule master_key_sched; - FILE *out; /* setting this to non-null be do output */ -{ - C_Block key_from_db; - Principal principal_data[1]; - int n, more = 0; - long master_key_version; - - /* lookup the master key version */ - n = kerb_get_principal(KERB_M_NAME, KERB_M_INST, principal_data, - 1 /* only one please */, &more); - if ((n != 1) || more) { - if (out != (FILE *) NULL) - fprintf(out, - "verify_master_key: %s, %d found.\n", - "Kerberos error on master key version lookup", - n); - return (-1); - } - - master_key_version = (long) principal_data[0].key_version; - - /* set up the master key */ - if (out != (FILE *) NULL) /* should we punt this? */ - fprintf(out, "Current Kerberos master key version is %d.\n", - principal_data[0].kdc_key_ver); - - /* - * now use the master key to decrypt the key in the db, had better - * be the same! - */ - bcopy(&principal_data[0].key_low, key_from_db, 4); - bcopy(&principal_data[0].key_high, ((long *) key_from_db) + 1, 4); - kdb_encrypt_key (key_from_db, key_from_db, - master_key, master_key_sched, DECRYPT); - - /* the decrypted database key had better equal the master key */ - n = bcmp((char *) master_key, (char *) key_from_db, - sizeof(master_key)); - /* this used to zero the master key here! */ - bzero(key_from_db, sizeof(key_from_db)); - bzero(principal_data, sizeof (principal_data)); - - if (n && (out != (FILE *) NULL)) { - fprintf(out, "\n\07\07verify_master_key: Invalid master key; "); - fprintf(out, "does not match database.\n"); - return (-1); - } - if (out != (FILE *) NULL) { - fprintf(out, "\nMaster key entered. BEWARE!\07\07\n"); - fflush(out); - } - - return (master_key_version); -} - -/* The old algorithm used the key schedule as the initial vector which - was byte order depedent ... */ - -void -kdb_encrypt_key (in, out, master_key, master_key_sched, e_d_flag) - C_Block in, out, master_key; - Key_schedule master_key_sched; - int e_d_flag; -{ - -#ifdef NOENCRYPTION - bcopy(in, out, sizeof(C_Block)); -#else - pcbc_encrypt((des_cblock*)in,(des_cblock*)out,(long)sizeof(C_Block), - master_key_sched,(des_cblock*)master_key,e_d_flag); -#endif -} diff --git a/eBones/kdb/krb_lib.c b/eBones/kdb/krb_lib.c deleted file mode 100644 index 2cf4fb8..0000000 --- a/eBones/kdb/krb_lib.c +++ /dev/null @@ -1,242 +0,0 @@ -/* - * $Source: /usr/cvs/src/eBones/kdb/krb_lib.c,v $ - * $Author: mark $ - * - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * . - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: krb_lib.c,v 1.3 1995/07/18 16:37:17 mark Exp $"; -#endif lint -#endif - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#ifdef DEBUG -extern int debug; -extern char *progname; -long kerb_debug; -#endif - -static init = 0; - -/* - * initialization routine for data base - */ - -int -kerb_init() -{ -#ifdef DEBUG - if (!init) { - char *dbg = getenv("KERB_DBG"); - if (dbg) - sscanf(dbg, "%ld", &kerb_debug); - init = 1; - } -#endif - kerb_db_init(); - -#ifdef CACHE - kerb_cache_init(); -#endif - - /* successful init, return 0, else errcode */ - return (0); -} - -/* - * finalization routine for database -- NOTE: MUST be called by any - * program using kerb_init. ALSO will have to be modified to finalize - * caches, if they're ever really implemented. - */ - -void -kerb_fini() -{ - kerb_db_fini(); -} - -/* - * look up a principal in the cache or data base returns number of - * principals found - */ - -int -kerb_get_principal(name, inst, principal, max, more) - char *name; /* could have wild card */ - char *inst; /* could have wild card */ - Principal *principal; - unsigned int max; /* max number of name structs to return */ - int *more; /* more tuples than room for */ - -{ - int found = 0; -#ifdef CACHE - static int wild = 0; -#endif - if (!init) - kerb_init(); - -#ifdef DEBUG - if (kerb_debug & 1) - fprintf(stderr, "\n%s: kerb_get_principal for %s %s max = %d\n", - progname, name, inst, max); -#endif - - /* - * if this is a request including a wild card, have to go to db - * since the cache may not be exhaustive. - */ - - /* clear the principal area */ - bzero((char *) principal, max * sizeof(Principal)); - -#ifdef CACHE - /* - * so check to see if the name contains a wildcard "*" or "?", not - * preceeded by a backslash. - */ - wild = 0; - if (index(name, '*') || index(name, '?') || - index(inst, '*') || index(inst, '?')) - wild = 1; - - if (!wild) { - /* try the cache first */ - found = kerb_cache_get_principal(name, inst, principal, max, more); - if (found) - return (found); - } -#endif - /* If we didn't try cache, or it wasn't there, try db */ - found = kerb_db_get_principal(name, inst, principal, max, more); - /* try to insert principal(s) into cache if it was found */ -#ifdef CACHE - if (found) { - kerb_cache_put_principal(principal, found); - } -#endif - return (found); -} - -/* principals */ -int -kerb_put_principal(principal, n) - Principal *principal; - unsigned int n; /* number of principal structs to write */ -{ - long time(); - struct tm *tp, *localtime(); - - /* set mod date */ - principal->mod_date = time((long *)0); - /* and mod date string */ - - tp = localtime(&principal->mod_date); - (void) sprintf(principal->mod_date_txt, "%4d-%2d-%2d", - tp->tm_year > 1900 ? tp->tm_year : tp->tm_year + 1900, - tp->tm_mon + 1, tp->tm_mday); /* January is 0, not 1 */ -#ifdef DEBUG - if (kerb_debug & 1) { - int i; - fprintf(stderr, "\nkerb_put_principal..."); - for (i = 0; i < n; i++) { - krb_print_principal(&principal[i]); - } - } -#endif - /* write database */ - if (kerb_db_put_principal(principal, n) < 0) { -#ifdef DEBUG - if (kerb_debug & 1) - fprintf(stderr, "\n%s: kerb_db_put_principal err", progname); - /* watch out for cache */ -#endif - return -1; - } -#ifdef CACHE - /* write cache */ - if (!kerb_cache_put_principal(principal, n)) { -#ifdef DEBUG - if (kerb_debug & 1) - fprintf(stderr, "\n%s: kerb_cache_put_principal err", progname); -#endif - return -1; - } -#endif - return 0; -} - -int -kerb_get_dba(name, inst, dba, max, more) - char *name; /* could have wild card */ - char *inst; /* could have wild card */ - Dba *dba; - unsigned int max; /* max number of name structs to return */ - int *more; /* more tuples than room for */ - -{ - int found = 0; -#ifdef CACHE - static int wild = 0; -#endif - if (!init) - kerb_init(); - -#ifdef DEBUG - if (kerb_debug & 1) - fprintf(stderr, "\n%s: kerb_get_dba for %s %s max = %d\n", - progname, name, inst, max); -#endif - /* - * if this is a request including a wild card, have to go to db - * since the cache may not be exhaustive. - */ - - /* clear the dba area */ - bzero((char *) dba, max * sizeof(Dba)); - -#ifdef CACHE - /* - * so check to see if the name contains a wildcard "*" or "?", not - * preceeded by a backslash. - */ - - wild = 0; - if (index(name, '*') || index(name, '?') || - index(inst, '*') || index(inst, '?')) - wild = 1; - - if (!wild) { - /* try the cache first */ - found = kerb_cache_get_dba(name, inst, dba, max, more); - if (found) - return (found); - } -#endif - /* If we didn't try cache, or it wasn't there, try db */ - found = kerb_db_get_dba(name, inst, dba, max, more); -#ifdef CACHE - /* try to insert dba(s) into cache if it was found */ - if (found) { - kerb_cache_put_dba(dba, found); - } -#endif - return (found); -} diff --git a/eBones/kdb/print_princ.c b/eBones/kdb/print_princ.c deleted file mode 100644 index 64e9106..0000000 --- a/eBones/kdb/print_princ.c +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright 1988 by the Massachusetts Institute of Technology. - * For copying and distribution information, please see the file - * . - * - * from: $Header: /usr/cvs/src/eBones/kdb/print_princ.c,v 1.3 1995/07/18 16:37:19 mark Exp $ - * $Id: print_princ.c,v 1.3 1995/07/18 16:37:19 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: print_princ.c,v 1.3 1995/07/18 16:37:19 mark Exp $"; -#endif lint -#endif - -#include -#include -#include -#include -#include -#include -#include - -extern int debug; - -long kerb_debug; -static struct tm *time_p; - -void -krb_print_principal(a_n) - Principal *a_n; -{ - /* run-time database does not contain string versions */ - time_p = localtime(&(a_n->exp_date)); - - fprintf(stderr, - "\n%s %s expires %4d-%2d-%2d %2d:%2d, max_life %d*5 = %d min attr 0x%02x", - a_n->name, a_n->instance, - time_p->tm_year > 1900 ? time_p->tm_year : time_p->tm_year + 1900, - time_p->tm_mon + 1, time_p->tm_mday, - time_p->tm_hour, time_p->tm_min, - a_n->max_life, 5 * a_n->max_life, a_n->attributes); - - fprintf(stderr, - "\n\tkey_ver %d k_low 0x%08lx k_high 0x%08lx akv %d exists %d\n", - a_n->key_version, a_n->key_low, a_n->key_high, - a_n->kdc_key_ver, (int)a_n->old); - - fflush(stderr); -} diff --git a/eBones/kdb_destroy/Makefile b/eBones/kdb_destroy/Makefile deleted file mode 100644 index f22f779..0000000 --- a/eBones/kdb_destroy/Makefile +++ /dev/null @@ -1,8 +0,0 @@ -# From: @(#)Makefile 5.1 (Berkeley) 6/25/90 -# $Id: Makefile,v 1.3 1995/07/18 16:37:22 mark Exp $ - -PROG= kdb_destroy -CFLAGS+=-DKERBEROS -DDEBUG -I${.CURDIR}/../include -Wall -MAN8= kdb_destroy.8 - -.include diff --git a/eBones/kdb_destroy/kdb_destroy.8 b/eBones/kdb_destroy/kdb_destroy.8 deleted file mode 100644 index 2e57876..0000000 --- a/eBones/kdb_destroy/kdb_destroy.8 +++ /dev/null @@ -1,36 +0,0 @@ -.\" from: kdb_destroy.8,v 4.1 89/01/23 11:08:02 jtkohl Exp $ -.\" $Id: kdb_destroy.8,v 1.1.1.1 1994/09/30 14:50:06 csgr Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file . -.\" -.TH KDB_DESTROY 8 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -kdb_destroy \- destroy Kerberos key distribution center database -.SH SYNOPSIS -kdb_destroy -.SH DESCRIPTION -.I kdb_destroy -deletes a Kerberos key distribution center database. -.PP -The user is prompted to verify that the database should be destroyed. A -response beginning with `y' or `Y' confirms deletion. -Any other response aborts deletion. -.SH DIAGNOSTICS -.TP 20n -"Database cannot be deleted at /kerberos/principal" -The attempt to delete the database failed (probably due to a system or -access permission error). -.TP -"Database not deleted." -The user aborted the deletion. -.SH FILES -.TP 20n -/etc/kerberosIV/principal.db -DBM file containing database -.TP -/etc/kerberosIV/principal.ok -Semaphore indicating that the DBM database is not being modified. -.SH SEE ALSO -kdb_init(8) diff --git a/eBones/kdb_destroy/kdb_destroy.c b/eBones/kdb_destroy/kdb_destroy.c deleted file mode 100644 index 57e1a80..0000000 --- a/eBones/kdb_destroy/kdb_destroy.c +++ /dev/null @@ -1,66 +0,0 @@ -/* - * Copyright 1988 by the Massachusetts Institute of Technology. - * For copying and distribution information, please see the file - * . - * - * from: kdb_destroy.c,v 4.0 89/01/24 21:49:02 jtkohl Exp $ - * $Id: kdb_destroy.c,v 1.5 1995/08/04 06:35:45 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: kdb_destroy.c,v 1.5 1995/08/04 06:35:45 mark Exp $"; -#endif lint -#endif - -#include -#include -#include -#include -#include - -#if defined(__FreeBSD__) || defined(__NetBSD__) -#define _DBM_ -#endif - -void -main() -{ - char answer[10]; /* user input */ -#ifdef _DBM_ - char dbm[256]; /* database path and name */ - char *file; /* database file names */ -#else - char dbm[256]; /* database path and name */ - char dbm1[256]; /* database path and name */ - char *file1, *file2; /* database file names */ -#endif - - strcpy(dbm, DBM_FILE); -#ifdef _DBM_ - file = strcat(dbm, ".db"); -#else - strcpy(dbm1, DBM_FILE); - file1 = strcat(dbm, ".dir"); - file2 = strcat(dbm1, ".pag"); -#endif - - printf("You are about to destroy the Kerberos database "); - printf("on this machine.\n"); - printf("Are you sure you want to do this (y/n)? "); - fgets(answer, sizeof(answer), stdin); - - if (answer[0] == 'y' || answer[0] == 'Y') { -#ifdef _DBM_ - if (unlink(file) == 0) -#else - if (unlink(file1) == 0 && unlink(file2) == 0) -#endif - fprintf(stderr, "Database deleted at %s\n", DBM_FILE); - else - fprintf(stderr, "Database cannot be deleted at %s\n", - DBM_FILE); - } else - fprintf(stderr, "Database not deleted.\n"); -} diff --git a/eBones/kdb_edit/Makefile b/eBones/kdb_edit/Makefile deleted file mode 100644 index a56efcf..0000000 --- a/eBones/kdb_edit/Makefile +++ /dev/null @@ -1,12 +0,0 @@ -# From: @(#)Makefile 5.2 (Berkeley) 2/14/91 -# $Id: Makefile,v 1.3 1995/07/18 16:37:25 mark Exp $ - -PROG= kdb_edit -CFLAGS+=-DKERBEROS -DDEBUG -I. -I${.CURDIR}/../include -Wall -SRCS= kdb_edit.c maketime.c -.PATH: ${.CURDIR}/../kdb_edit -DPADD= ${LIBKDB} ${LIBKRB} -LDADD= -L${KDBOBJDIR} -lkdb -L${KRBOBJDIR} -lkrb -ldes -MAN8= kdb_edit.8 - -.include diff --git a/eBones/kdb_edit/kdb_edit.8 b/eBones/kdb_edit/kdb_edit.8 deleted file mode 100644 index 44a0fa6..0000000 --- a/eBones/kdb_edit/kdb_edit.8 +++ /dev/null @@ -1,58 +0,0 @@ -.\" from: kdb_edit.8,v 4.1 89/01/23 11:08:55 jtkohl Exp $ -.\" $Id: kdb_edit.8,v 1.2 1995/02/08 10:54:20 jkh Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file . -.\" -.TH KDB_EDIT 8 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -kdb_edit \- Kerberos key distribution center database editing utility -.SH SYNOPSIS -kdb_edit [ -.B \-n -] -.SH DESCRIPTION -.I kdb_edit -is used to create or change principals stored in the Kerberos key -distribution center (KDC) database. -.PP -When executed, -.I kdb_edit -prompts for the master key string and verifies that it matches the -master key stored in the database. -If the -.B \-n -option is specified, the master key is instead fetched from the master -key cache file. -.PP -Once the master key has been verified, -.I kdb_edit -begins a prompt loop. The user is prompted for the principal and -instance to be modified. If the entry is not found the user may create -it. -Once an entry is found or created, the user may set the password, -expiration date, maximum ticket lifetime, and attributes. -Default expiration dates, maximum ticket lifetimes, and attributes are -presented in brackets; if the user presses return the default is selected. -There is no default password. -The password "RANDOM" and an empty password are interpreted specially, -if entered the user may have the program select a random DES key for the -principal. -.PP -Upon successfully creating or changing the entry, ``Edit O.K.'' is -printed. -.SH DIAGNOSTICS -.TP 20n -"verify_master_key: Invalid master key, does not match database." -The master key string entered was incorrect. -.SH FILES -.TP 20n -/etc/kerberosIV/principal.db -DBM file containing database -.TP -/etc/kerberosIV/principal.ok -Semaphore indicating that the DBM database is not being modified. -.TP -/etc/kerberosIV/master_key -Master key cache file. diff --git a/eBones/kdb_edit/kdb_edit.c b/eBones/kdb_edit/kdb_edit.c deleted file mode 100644 index 82bf9a4..0000000 --- a/eBones/kdb_edit/kdb_edit.c +++ /dev/null @@ -1,477 +0,0 @@ -/* - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * For copying and distribution information, please see the file - * . - * - * This routine changes the Kerberos encryption keys for principals, - * i.e., users or services. - * - * from: kdb_edit.c,v 4.2 90/01/09 16:05:09 raeburn Exp $ - * $Id: kdb_edit.c,v 1.5 1995/08/03 17:15:54 mark Exp $ - */ - -/* - * exit returns 0 ==> success -1 ==> error - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: kdb_edit.c,v 1.5 1995/08/03 17:15:54 mark Exp $"; -#endif lint -#endif - -#include -#include -#include -#include -#include -#include -#include "time.h" -#include -#include -#include -/* MKEYFILE is now defined in kdc.h */ -#include - -void Usage(void); -void cleanup(void); -void sig_exit(int sig, int code, struct sigcontext *scp); -void no_core_dumps(void); -int change_principal(void); - -#define zaptime(foo) bzero((char *)(foo), sizeof(*(foo))) - -char prog[32]; -char *progname = prog; -int nflag = 0; -int cflag; -int lflag; -int uflag; -int debug; -extern kerb_debug; - -Key_schedule KS; -C_Block new_key; -unsigned char *input; - -unsigned char *ivec; -int i, j; -int more; - -char *in_ptr; -char input_name[ANAME_SZ]; -char input_instance[INST_SZ]; -char input_string[ANAME_SZ]; - -#define MAX_PRINCIPAL 10 -Principal principal_data[MAX_PRINCIPAL]; - -static Principal old_principal; -static Principal default_princ; - -static C_Block master_key; -static C_Block session_key; -static Key_schedule master_key_schedule; -static char pw_str[255]; -static long master_key_version; - -/* - * gets replacement - */ -static char * s_gets(char * str, int len) -{ - int i; - char *s; - - if((s = fgets(str, len, stdin)) == NULL) - return(s); - if(str[i = (strlen(str)-1)] == '\n') - str[i] = '\0'; - return(s); -} - -int -main(argc, argv) - int argc; - char *argv[]; - -{ - /* Local Declarations */ - - long n; - - prog[sizeof prog - 1] = '\0'; /* make sure terminated */ - strncpy(prog, argv[0], sizeof prog - 1); /* salt away invoking - * program */ - - /* Assume a long is four bytes */ - if (sizeof(long) != 4) { - fprintf(stdout, "%s: size of long is %d.\n", prog, sizeof(long)); - exit(-1); - } - /* Assume <=32 signals */ - if (NSIG > 32) { - fprintf(stderr, "%s: more than 32 signals defined.\n", prog); - exit(-1); - } - while (--argc > 0 && (*++argv)[0] == '-') - for (i = 1; argv[0][i] != '\0'; i++) { - switch (argv[0][i]) { - - /* debug flag */ - case 'd': - debug = 1; - continue; - - /* debug flag */ - case 'l': - kerb_debug |= 1; - continue; - - case 'n': /* read MKEYFILE for master key */ - nflag = 1; - continue; - - default: - fprintf(stderr, "%s: illegal flag \"%c\"\n", - progname, argv[0][i]); - Usage(); /* Give message and die */ - } - }; - - fprintf(stdout, "Opening database...\n"); - fflush(stdout); - kerb_init(); - if (argc > 0) { - if (kerb_db_set_name(*argv) != 0) { - fprintf(stderr, "Could not open altername database name\n"); - exit(1); - } - } - -#ifdef notdef - no_core_dumps(); /* diddle signals to avoid core dumps! */ - - /* ignore whatever is reasonable */ - signal(SIGHUP, SIG_IGN); - signal(SIGINT, SIG_IGN); - signal(SIGTSTP, SIG_IGN); - -#endif - - if (kdb_get_master_key ((nflag == 0), - master_key, master_key_schedule) != 0) { - fprintf (stdout, "Couldn't read master key.\n"); - fflush (stdout); - exit (-1); - } - - if ((master_key_version = kdb_verify_master_key(master_key, - master_key_schedule, - stdout)) < 0) - exit (-1); - - /* lookup the default values */ - n = kerb_get_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST, - &default_princ, 1, &more); - if (n != 1) { - fprintf(stderr, - "%s: Kerberos error on default value lookup, %ld found.\n", - progname, n); - exit(-1); - } - fprintf(stdout, "Previous or default values are in [brackets] ,\n"); - fprintf(stdout, "enter return to leave the same, or new value.\n"); - - while (change_principal()) { - } - - cleanup(); - return(0); /* make -Wall shut up - MRVM */ -} - -int -change_principal() -{ - static char temp[255]; - int creating = 0; - int editpw = 0; - int changed = 0; - long temp_long; - int n; - struct tm *tp, edate, *localtime(); - long maketime(); - - fprintf(stdout, "\nPrincipal name: "); - fflush(stdout); - if (!s_gets(input_name, ANAME_SZ-1) || *input_name == '\0') - return 0; - fprintf(stdout, "Instance: "); - fflush(stdout); - /* instance can be null */ - s_gets(input_instance, INST_SZ-1); - j = kerb_get_principal(input_name, input_instance, principal_data, - MAX_PRINCIPAL, &more); - if (!j) { - fprintf(stdout, "\n\07\07, Create [y] ? "); - s_gets(temp, sizeof(temp)-1); /* Default case should work, it didn't */ - if (temp[0] != 'y' && temp[0] != 'Y' && temp[0] != '\0') - return -1; - /* make a new principal, fill in defaults */ - j = 1; - creating = 1; - strcpy(principal_data[0].name, input_name); - strcpy(principal_data[0].instance, input_instance); - principal_data[0].old = NULL; - principal_data[0].exp_date = default_princ.exp_date; - principal_data[0].max_life = default_princ.max_life; - principal_data[0].attributes = default_princ.attributes; - principal_data[0].kdc_key_ver = (unsigned char) master_key_version; - principal_data[0].key_version = 0; /* bumped up later */ - } - tp = localtime(&principal_data[0].exp_date); - (void) sprintf(principal_data[0].exp_date_txt, "%4d-%02d-%02d", - tp->tm_year > 1900 ? tp->tm_year : tp->tm_year + 1900, - tp->tm_mon + 1, tp->tm_mday); /* January is 0, not 1 */ - for (i = 0; i < j; i++) { - for (;;) { - fprintf(stdout, - "\nPrincipal: %s, Instance: %s, kdc_key_ver: %d", - principal_data[i].name, principal_data[i].instance, - principal_data[i].kdc_key_ver); - editpw = 1; - changed = 0; - if (!creating) { - /* - * copy the existing data so we can use the old values - * for the qualifier clause of the replace - */ - principal_data[i].old = (char *) &old_principal; - bcopy(&principal_data[i], &old_principal, - sizeof(old_principal)); - printf("\nChange password [n] ? "); - s_gets(temp, sizeof(temp)-1); - if (strcmp("y", temp) && strcmp("Y", temp)) - editpw = 0; - } - /* password */ - if (editpw) { -#ifdef NOENCRYPTION - placebo_read_pw_string(pw_str, sizeof pw_str, - "\nNew Password: ", TRUE); -#else - des_read_pw_string(pw_str, sizeof pw_str, - "\nNew Password: ", TRUE); -#endif - if (pw_str[0] == '\0' || !strcmp(pw_str, "RANDOM")) { - printf("\nRandom password [y] ? "); - s_gets(temp, sizeof(temp)-1); - if (!strcmp("n", temp) || !strcmp("N", temp)) { - /* no, use literal */ -#ifdef NOENCRYPTION - bzero(new_key, sizeof(C_Block)); - new_key[0] = 127; -#else - string_to_key(pw_str, &new_key); -#endif - bzero(pw_str, sizeof pw_str); /* "RANDOM" */ - } else { -#ifdef NOENCRYPTION - bzero(new_key, sizeof(C_Block)); - new_key[0] = 127; -#else - random_key(new_key); -#endif - bzero(pw_str, sizeof pw_str); - } - } else if (!strcmp(pw_str, "NULL")) { - printf("\nNull Key [y] ? "); - s_gets(temp, sizeof(temp)-1); - if (!strcmp("n", temp) || !strcmp("N", temp)) { - /* no, use literal */ -#ifdef NOENCRYPTION - bzero(new_key, sizeof(C_Block)); - new_key[0] = 127; -#else - string_to_key(pw_str, &new_key); -#endif - bzero(pw_str, sizeof pw_str); /* "NULL" */ - } else { - - principal_data[i].key_low = 0; - principal_data[i].key_high = 0; - goto null_key; - } - } else { -#ifdef NOENCRYPTION - bzero(new_key, sizeof(C_Block)); - new_key[0] = 127; -#else - string_to_key(pw_str, &new_key); -#endif - bzero(pw_str, sizeof pw_str); - } - - /* seal it under the kerberos master key */ - kdb_encrypt_key (new_key, new_key, - master_key, master_key_schedule, - ENCRYPT); - bcopy(new_key, &principal_data[i].key_low, 4); - bcopy(((long *) new_key) + 1, - &principal_data[i].key_high, 4); - bzero(new_key, sizeof(new_key)); - null_key: - /* set master key version */ - principal_data[i].kdc_key_ver = - (unsigned char) master_key_version; - /* bump key version # */ - principal_data[i].key_version++; - fprintf(stdout, - "\nPrincipal's new key version = %d\n", - principal_data[i].key_version); - fflush(stdout); - changed = 1; - } - /* expiration date */ - fprintf(stdout, "Expiration date (enter yyyy-mm-dd) [ %s ] ? ", - principal_data[i].exp_date_txt); - zaptime(&edate); - while (s_gets(temp, sizeof(temp)-1) && ((n = strlen(temp)) > - sizeof(principal_data[0].exp_date_txt))) { - bad_date: - fprintf(stdout, "\07\07Date Invalid\n"); - fprintf(stdout, - "Expiration date (enter yyyy-mm-dd) [ %s ] ? ", - principal_data[i].exp_date_txt); - zaptime(&edate); - } - - if (*temp) { - if (sscanf(temp, "%d-%d-%d", &edate.tm_year, - &edate.tm_mon, &edate.tm_mday) != 3) - goto bad_date; - (void) strcpy(principal_data[i].exp_date_txt, temp); - edate.tm_mon--; /* January is 0, not 1 */ - edate.tm_hour = 23; /* nearly midnight at the end of the */ - edate.tm_min = 59; /* specified day */ - if (!(principal_data[i].exp_date = maketime(&edate, 1))) - goto bad_date; - changed = 1; - } - - /* maximum lifetime */ - fprintf(stdout, "Max ticket lifetime (*5 minutes) [ %d ] ? ", - principal_data[i].max_life); - while (s_gets(temp, sizeof(temp)-1) && *temp) { - if (sscanf(temp, "%ld", &temp_long) != 1) - goto bad_life; - if (temp_long > 255 || (temp_long < 0)) { - bad_life: - fprintf(stdout, "\07\07Invalid, choose 0-255\n"); - fprintf(stdout, - "Max ticket lifetime (*5 minutes) [ %d ] ? ", - principal_data[i].max_life); - continue; - } - changed = 1; - /* dont clobber */ - principal_data[i].max_life = (unsigned short) temp_long; - break; - } - - /* attributes */ - fprintf(stdout, "Attributes [ %d ] ? ", - principal_data[i].attributes); - while (s_gets(temp, sizeof(temp)-1) && *temp) { - if (sscanf(temp, "%ld", &temp_long) != 1) - goto bad_att; - if (temp_long > 65535 || (temp_long < 0)) { - bad_att: - fprintf(stdout, "\07\07Invalid, choose 0-65535\n"); - fprintf(stdout, "Attributes [ %d ] ? ", - principal_data[i].attributes); - continue; - } - changed = 1; - /* dont clobber */ - principal_data[i].attributes = - (unsigned short) temp_long; - break; - } - - /* - * remaining fields -- key versions and mod info, should - * not be directly manipulated - */ - if (changed) { - if (kerb_put_principal(&principal_data[i], 1)) { - fprintf(stdout, - "\nError updating Kerberos database"); - } else { - fprintf(stdout, "Edit O.K."); - } - } else { - fprintf(stdout, "Unchanged"); - } - - - bzero(&principal_data[i].key_low, 4); - bzero(&principal_data[i].key_high, 4); - fflush(stdout); - break; - } - } - if (more) { - fprintf(stdout, "\nThere were more tuples found "); - fprintf(stdout, "than there were space for"); - } - return 1; -} - -void -no_core_dumps() -{ - - signal(SIGQUIT, (sig_t)sig_exit); - signal(SIGILL, (sig_t)sig_exit); - signal(SIGTRAP, (sig_t)sig_exit); - signal(SIGIOT, (sig_t)sig_exit); - signal(SIGEMT, (sig_t)sig_exit); - signal(SIGFPE, (sig_t)sig_exit); - signal(SIGBUS, (sig_t)sig_exit); - signal(SIGSEGV, (sig_t)sig_exit); - signal(SIGSYS, (sig_t)sig_exit); -} - -void -sig_exit(sig, code, scp) - int sig, code; - struct sigcontext *scp; -{ - cleanup(); - fprintf(stderr, - "\nSignal caught, sig = %d code = %d old pc = 0x%X \nexiting", - sig, code, scp->sc_pc); - exit(-1); -} - -void -cleanup() -{ - - bzero(master_key, sizeof(master_key)); - bzero(session_key, sizeof(session_key)); - bzero(master_key_schedule, sizeof(master_key_schedule)); - bzero(principal_data, sizeof(principal_data)); - bzero(new_key, sizeof(new_key)); - bzero(pw_str, sizeof(pw_str)); -} - -void -Usage() -{ - fprintf(stderr, "Usage: %s [-n]\n", progname); - exit(1); -} diff --git a/eBones/kdb_edit/maketime.c b/eBones/kdb_edit/maketime.c deleted file mode 100644 index 5e0ee00..0000000 --- a/eBones/kdb_edit/maketime.c +++ /dev/null @@ -1,85 +0,0 @@ -/* - * Copyright 1990 by the Massachusetts Institute of Technology. - * For copying and distribution information, please see the file - * . - * - * Convert a struct tm * to a UNIX time. - * - * from: maketime.c,v 4.2 90/01/09 15:54:51 raeburn Exp $ - * $Id: maketime.c,v 1.3 1995/07/18 16:37:29 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: maketime.c,v 1.1 1994/03/21 16:23:54 piero Exp "; -#endif lint -#endif - -#include - -#define daysinyear(y) (((y) % 4) ? 365 : (((y) % 100) ? 366 : (((y) % 400) ? 365 : 366))) - -#define SECSPERDAY 24*60*60 -#define SECSPERHOUR 60*60 -#define SECSPERMIN 60 - -static int cumdays[] = { 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334, - 365}; - -static int leapyear[] = {31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}; -static int nonleapyear[] = {31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}; - -long -maketime(tp, local) -register struct tm *tp; -int local; -{ - register long retval; - int foo; - int *marray; - - if (tp->tm_mon < 0 || tp->tm_mon > 11 || - tp->tm_hour < 0 || tp->tm_hour > 23 || - tp->tm_min < 0 || tp->tm_min > 59 || - tp->tm_sec < 0 || tp->tm_sec > 59) /* out of range */ - return 0; - - retval = 0; - if (tp->tm_year < 1900) - foo = tp->tm_year + 1900; - else - foo = tp->tm_year; - - if (foo < 1901 || foo > 2038) /* year is too small/large */ - return 0; - - if (daysinyear(foo) == 366) { - if (tp->tm_mon > 1) - retval+= SECSPERDAY; /* add leap day */ - marray = leapyear; - } else - marray = nonleapyear; - - if (tp->tm_mday < 0 || tp->tm_mday > marray[tp->tm_mon]) - return 0; /* out of range */ - - while (--foo >= 1970) - retval += daysinyear(foo) * SECSPERDAY; - - retval += cumdays[tp->tm_mon] * SECSPERDAY; - retval += (tp->tm_mday-1) * SECSPERDAY; - retval += tp->tm_hour * SECSPERHOUR + tp->tm_min * SECSPERMIN + tp->tm_sec; - - if (local) { - /* need to use local time, so we retrieve timezone info */ - struct timezone tz; - struct timeval tv; - if (gettimeofday(&tv, &tz) < 0) { - /* some error--give up? */ - return(retval); - } - retval += tz.tz_minuteswest * SECSPERMIN; - } - return(retval); -} diff --git a/eBones/kdb_edit/time.h b/eBones/kdb_edit/time.h deleted file mode 100644 index ae84e2e..0000000 --- a/eBones/kdb_edit/time.h +++ /dev/null @@ -1,45 +0,0 @@ -/* Structure for use by time manipulating subroutines. - * The following library routines use it: - * libc: ctime, localtime, gmtime, asctime - * libcx: partime, maketime (may not be installed yet) - */ - -/* - * from: time.h,v 1.1 82/05/06 11:34:29 wft Exp $ - * $Id: time.h,v 1.3 1995/07/18 16:37:31 mark Exp $ - */ - -struct tm { /* See defines below for allowable ranges */ - int tm_sec; - int tm_min; - int tm_hour; - int tm_mday; - int tm_mon; - int tm_year; - int tm_wday; - int tm_yday; - int tm_isdst; - int tm_zon; /* NEW: mins westward of Greenwich */ - int tm_ampm; /* NEW: 1 if AM, 2 if PM */ -}; - -#define LCLZONE (5*60) /* Until V7 ftime(2) works, this defines local zone*/ -#define TMNULL (-1) /* Items not specified are given this value - * in order to distinguish null specs from zero - * specs. This is only used by partime and - * maketime. */ - - /* Indices into TM structure */ -#define TM_SEC 0 /* 0-59 */ -#define TM_MIN 1 /* 0-59 */ -#define TM_HOUR 2 /* 0-23 */ -#define TM_MDAY 3 /* 1-31 day of month */ -#define TM_DAY TM_MDAY /* " synonym */ -#define TM_MON 4 /* 0-11 */ -#define TM_YEAR 5 /* (year-1900) (year) */ -#define TM_WDAY 6 /* 0-6 day of week (0 = Sunday) */ -#define TM_YDAY 7 /* 0-365 day of year */ -#define TM_ISDST 8 /* 0 Std, 1 DST */ - /* New stuff */ -#define TM_ZON 9 /* 0-(24*60) minutes west of Greenwich */ -#define TM_AMPM 10 /* 1 AM, 2 PM */ diff --git a/eBones/kdb_init/Makefile b/eBones/kdb_init/Makefile deleted file mode 100644 index 4d6a110..0000000 --- a/eBones/kdb_init/Makefile +++ /dev/null @@ -1,10 +0,0 @@ -# From: @(#)Makefile 5.1 (Berkeley) 6/25/90 -# $Id: Makefile,v 1.3 1995/07/18 16:37:34 mark Exp $ - -PROG= kdb_init -CFLAGS+=-DKERBEROS -DDEBUG -I${.CURDIR}/../include -Wall -DPADD= ${LIBKDB} ${LIBKRB} -LDADD= -L${KDBOBJDIR} -lkdb -L${KRBOBJDIR} -lkrb -ldes -MAN8= kdb_init.8 - -.include diff --git a/eBones/kdb_init/kdb_init.8 b/eBones/kdb_init/kdb_init.8 deleted file mode 100644 index d884d00..0000000 --- a/eBones/kdb_init/kdb_init.8 +++ /dev/null @@ -1,45 +0,0 @@ -.\" from: kdb_init.8,v 4.1 89/01/23 11:09:02 jtkohl Exp $ -.\" $Id: kdb_init.8,v 1.1.1.1 1994/09/30 14:50:06 csgr Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file . -.\" -.TH KDB_INIT 8 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -kdb_init \- Initialize Kerberos key distribution center database -.SH SYNOPSIS -kdb_init [ -.B realm -] -.SH DESCRIPTION -.I kdb_init -initializes a Kerberos key distribution center database, creating the -necessary principals. -.PP -If the optional -.I realm -argument is not present, -.I kdb_init -prompts for a realm name (defaulting to the definition in -/usr/include/kerberosIV/krb.h). -After determining the realm to be created, it prompts for -a master key password. The master key password is used to encrypt -every encryption key stored in the database. -.SH DIAGNOSTICS -.TP 20n -"/etc/kerberosIV/principal: File exists" -An attempt was made to create a database on a machine which already had -an existing database. -.SH FILES -.TP 20n -/etc/kerberosIV/principal.db -DBM file containing database -.TP -/etc/kerberosIV/principal.ok -Semaphore indicating that the DBM database is not being modified. -.TP -/usr/include/kerberosIV/krb.h -Include file defining default realm -.SH SEE ALSO -kdb_destroy(8) diff --git a/eBones/kdb_init/kdb_init.c b/eBones/kdb_init/kdb_init.c deleted file mode 100644 index de99181..0000000 --- a/eBones/kdb_init/kdb_init.c +++ /dev/null @@ -1,180 +0,0 @@ -/* - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. - * For copying and distribution information, please see the file - * . - * - * program to initialize the database, reports error if database file - * already exists. - * - * from: kdb_init.c,v 4.0 89/01/24 21:50:45 jtkohl Exp $ - * $Id: kdb_init.c,v 1.4 1995/07/18 16:37:35 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: kdb_init.c,v 1.4 1995/07/18 16:37:35 mark Exp $"; -#endif lint -#endif - -#include -#include -#include -#include -#include -#include -#include -#include - -#define TRUE 1 - -enum ap_op { - NULL_KEY, /* setup null keys */ - MASTER_KEY, /* use master key as new key */ - RANDOM_KEY, /* choose a random key */ -}; - -int add_principal(char *name, char *instance, enum ap_op aap_op); - -int debug = 0; -char *progname; -C_Block master_key; -Key_schedule master_key_schedule; - -int -main(argc, argv) - int argc; - char *argv[]; -{ - char realm[REALM_SZ]; - char *cp; - int code; - char *database; - - progname = (cp = rindex(*argv, '/')) ? cp + 1 : *argv; - - if (argc > 3) { - fprintf(stderr, "Usage: %s [realm-name] [database-name]\n", argv[0]); - exit(1); - } - if (argc == 3) { - database = argv[2]; - --argc; - } else - database = DBM_FILE; - - /* Do this first, it'll fail if the database exists */ - if ((code = kerb_db_create(database)) != 0) { - fprintf(stderr, "Couldn't create database: %s\n", - sys_errlist[code]); - exit(1); - } - kerb_db_set_name(database); - - if (argc == 2) - strncpy(realm, argv[1], REALM_SZ); - else { - fprintf(stderr, "Realm name [default %s ]: ", KRB_REALM); - if (fgets(realm, sizeof(realm), stdin) == NULL) { - fprintf(stderr, "\nEOF reading realm\n"); - exit(1); - } - if ((cp = index(realm, '\n'))) - *cp = '\0'; - if (!*realm) /* no realm given */ - strcpy(realm, KRB_REALM); - } - if (!k_isrealm(realm)) { - fprintf(stderr, "%s: Bad kerberos realm name \"%s\"\n", - progname, realm); - exit(1); - } - printf("You will be prompted for the database Master Password.\n"); - printf("It is important that you NOT FORGET this password.\n"); - fflush(stdout); - - if (kdb_get_master_key (TRUE, master_key, master_key_schedule) != 0) { - fprintf (stderr, "Couldn't read master key.\n"); - exit (-1); - } - - if ( - add_principal(KERB_M_NAME, KERB_M_INST, MASTER_KEY) || - add_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST, NULL_KEY) || - add_principal("krbtgt", realm, RANDOM_KEY) || - add_principal("changepw", KRB_MASTER, RANDOM_KEY) - ) { - fprintf(stderr, "\n%s: couldn't initialize database.\n", - progname); - exit(1); - } - - /* play it safe */ - bzero (master_key, sizeof (C_Block)); - bzero (master_key_schedule, sizeof (Key_schedule)); - exit(0); -} - -/* use a return code to indicate success or failure. check the return */ -/* values of the routines called by this routine. */ - -int -add_principal(name, instance, aap_op) - char *name, *instance; - enum ap_op aap_op; -{ - Principal principal; - struct tm *tm; - C_Block new_key; - - bzero(&principal, sizeof(principal)); - strncpy(principal.name, name, ANAME_SZ); - strncpy(principal.instance, instance, INST_SZ); - switch (aap_op) { - case NULL_KEY: - principal.key_low = 0; - principal.key_high = 0; - break; - case RANDOM_KEY: -#ifdef NOENCRYPTION - bzero(new_key, sizeof(C_Block)); - new_key[0] = 127; -#else - random_key(new_key); -#endif - kdb_encrypt_key (new_key, new_key, master_key, master_key_schedule, - ENCRYPT); - bcopy(new_key, &principal.key_low, 4); - bcopy(((long *) new_key) + 1, &principal.key_high, 4); - break; - case MASTER_KEY: - bcopy (master_key, new_key, sizeof (C_Block)); - kdb_encrypt_key (new_key, new_key, master_key, master_key_schedule, - ENCRYPT); - bcopy(new_key, &principal.key_low, 4); - bcopy(((long *) new_key) + 1, &principal.key_high, 4); - break; - } - principal.exp_date = 946702799; /* Happy new century */ - strncpy(principal.exp_date_txt, "12/31/99", DATE_SZ); - principal.mod_date = time(0); - - tm = localtime(&principal.mod_date); - principal.attributes = 0; - principal.max_life = 255; - - principal.kdc_key_ver = 1; - principal.key_version = 1; - - strncpy(principal.mod_name, "db_creation", ANAME_SZ); - strncpy(principal.mod_instance, "", INST_SZ); - principal.old = 0; - - kerb_db_put_principal(&principal, 1); - - /* let's play it safe */ - bzero (new_key, sizeof (C_Block)); - bzero (&principal.key_low, 4); - bzero (&principal.key_high, 4); - return 0; -} diff --git a/eBones/kdb_util/Makefile b/eBones/kdb_util/Makefile deleted file mode 100644 index 134fd34..0000000 --- a/eBones/kdb_util/Makefile +++ /dev/null @@ -1,13 +0,0 @@ -# From: @(#)Makefile 5.2 (Berkeley) 2/14/91 -# $Id: Makefile,v 1.3 1995/07/18 16:37:38 mark Exp $ - -PROG= kdb_util -CFLAGS+=-DKERBEROS -DDEBUG -I${.CURDIR}/../kdb_edit \ - -I${.CURDIR}/../include -Wall -SRCS= kdb_util.c maketime.c -.PATH: ${.CURDIR}/../kdb_edit -DPADD= ${LIBKDB} ${LIBKRB} -LDADD= -L${KDBOBJDIR} -lkdb -L${KRBOBJDIR} -lkrb -ldes -MAN8= kdb_util.8 - -.include diff --git a/eBones/kdb_util/kdb_util.8 b/eBones/kdb_util/kdb_util.8 deleted file mode 100644 index 4183ef3..0000000 --- a/eBones/kdb_util/kdb_util.8 +++ /dev/null @@ -1,64 +0,0 @@ -.\" from: kdb_util.8,v 4.1 89/01/23 11:09:11 jtkohl Exp $ -.\" $Id: kdb_util.8,v 1.1.1.1 1994/09/30 14:50:06 csgr Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file . -.\" -.TH KDB_UTIL 8 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -kdb_util \- Kerberos key distribution center database utility -.SH SYNOPSIS -kdb_util -.B operation filename -.SH DESCRIPTION -.I kdb_util -allows the Kerberos key distribution center (KDC) database administrator to -perform utility functions on the database. -.PP -.I Operation -must be one of the following: -.TP 10n -.I load -initializes the KDC database with the records described by the -text contained in the file -.IR filename . -Any existing database is overwritten. -.TP -.I dump -dumps the KDC database into a text representation in the file -.IR filename . -.TP -.I slave_dump -performs a database dump like the -.I dump -operation, and additionally creates a semaphore file signalling the -propagation software that an update is available for distribution to -slave KDC databases. -.TP -.I new_master_key -prompts for the old and new master key strings, and then dumps the KDC -database into a text representation in the file -.IR filename . -The keys in the text representation are encrypted in the new master key. -.TP -.I convert_old_db -prompts for the master key string, and then dumps the KDC database into -a text representation in the file -.IR filename . -The existing database is assumed to be encrypted using the old format -(encrypted by the key schedule of the master key); the dumped database -is encrypted using the new format (encrypted directly with master key). -.PP -.SH DIAGNOSTICS -.TP 20n -"verify_master_key: Invalid master key, does not match database." -The master key string entered was incorrect. -.SH FILES -.TP 20n -/etc/kerberosIV/principal.db -DBM file containing database -.TP -.IR filename .dump_ok -semaphore file created by -.IR slave_dump. diff --git a/eBones/kdb_util/kdb_util.c b/eBones/kdb_util/kdb_util.c deleted file mode 100644 index 5dbe509..0000000 --- a/eBones/kdb_util/kdb_util.c +++ /dev/null @@ -1,523 +0,0 @@ -/* - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. - * For copying and distribution information, please see the file - * . - * - * Kerberos database manipulation utility. This program allows you to - * dump a kerberos database to an ascii readable file and load this - * file into the database. Read locking of the database is done during a - * dump operation. NO LOCKING is done during a load operation. Loads - * should happen with other processes shutdown. - * - * Written July 9, 1987 by Jeffrey I. Schiller - * - * from: kdb_util.c,v 4.4 90/01/09 15:57:20 raeburn Exp $ - * $Id: kdb_util.c,v 1.5 1995/08/03 17:15:57 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: kdb_util.c,v 1.5 1995/08/03 17:15:57 mark Exp $"; -#endif lint -#endif - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#define TRUE 1 - -Principal aprinc; - -static des_cblock master_key, new_master_key; -static des_key_schedule master_key_schedule, new_master_key_schedule; - -#define zaptime(foo) bzero((char *)(foo), sizeof(*(foo))) - -char * progname; - -void convert_old_format_db (char *db_file, FILE *out); -void convert_new_master_key (char *db_file, FILE *out); -void update_ok_file (char *file_name); -void print_time(FILE *file, unsigned long timeval); -void load_db (char *db_file, FILE *input_file); -int dump_db (char *db_file, FILE *output_file, void (*cv_key)()); - -int -main(argc, argv) - int argc; - char **argv; -{ - FILE *file; - enum { - OP_LOAD, - OP_DUMP, - OP_SLAVE_DUMP, - OP_NEW_MASTER, - OP_CONVERT_OLD_DB, - } op; - char *file_name; - char *prog = argv[0]; - char *db_name; - - progname = prog; - - if (argc != 3 && argc != 4) { - fprintf(stderr, "Usage: %s operation file-name [database name].\n", - argv[0]); - exit(1); - } - if (argc == 3) - db_name = DBM_FILE; - else - db_name = argv[3]; - - if (kerb_db_set_name (db_name) != 0) { - perror("Can't open database"); - exit(1); - } - - if (!strcmp(argv[1], "load")) - op = OP_LOAD; - else if (!strcmp(argv[1], "dump")) - op = OP_DUMP; - else if (!strcmp(argv[1], "slave_dump")) - op = OP_SLAVE_DUMP; - else if (!strcmp(argv[1], "new_master_key")) - op = OP_NEW_MASTER; - else if (!strcmp(argv[1], "convert_old_db")) - op = OP_CONVERT_OLD_DB; - else { - fprintf(stderr, - "%s: %s is an invalid operation.\n", prog, argv[1]); - fprintf(stderr, - "%s: Valid operations are \"dump\", \"slave_dump\",", argv[0]); - fprintf(stderr, - "\"load\", \"new_master_key\", and \"convert_old_db\".\n"); - exit(1); - } - - file_name = argv[2]; - file = fopen(file_name, op == OP_LOAD ? "r" : "w"); - if (file == NULL) { - fprintf(stderr, "%s: Unable to open %s\n", prog, argv[2]); - (void) fflush(stderr); - perror("open"); - exit(1); - } - - switch (op) { - case OP_DUMP: - if ((dump_db (db_name, file, (void (*)()) 0) == EOF) || - (fclose(file) == EOF)) { - fprintf(stderr, "error on file %s:", file_name); - perror(""); - exit(1); - } - break; - case OP_SLAVE_DUMP: - if ((dump_db (db_name, file, (void (*)()) 0) == EOF) || - (fclose(file) == EOF)) { - fprintf(stderr, "error on file %s:", file_name); - perror(""); - exit(1); - } - update_ok_file (file_name); - break; - case OP_LOAD: - load_db (db_name, file); - break; - case OP_NEW_MASTER: - convert_new_master_key (db_name, file); - printf("Don't forget to do a `kdb_util load %s' to reload the database!\n", file_name); - break; - case OP_CONVERT_OLD_DB: - convert_old_format_db (db_name, file); - printf("Don't forget to do a `kdb_util load %s' to reload the database!\n", file_name); - break; - } - exit(0); - } - -void -clear_secrets () -{ - bzero((char *)master_key, sizeof (des_cblock)); - bzero((char *)master_key_schedule, sizeof (Key_schedule)); - bzero((char *)new_master_key, sizeof (des_cblock)); - bzero((char *)new_master_key_schedule, sizeof (Key_schedule)); -} - -/* cv_key is a procedure which takes a principle and changes its key, - either for a new method of encrypting the keys, or a new master key. - if cv_key is null no transformation of key is done (other than net byte - order). */ - -struct callback_args { - void (*cv_key)(); - FILE *output_file; -}; - -static int dump_db_1(arg, principal) - char *arg; - Principal *principal; -{ /* replace null strings with "*" */ - struct callback_args *a = (struct callback_args *)arg; - - if (principal->instance[0] == '\0') { - principal->instance[0] = '*'; - principal->instance[1] = '\0'; - } - if (principal->mod_name[0] == '\0') { - principal->mod_name[0] = '*'; - principal->mod_name[1] = '\0'; - } - if (principal->mod_instance[0] == '\0') { - principal->mod_instance[0] = '*'; - principal->mod_instance[1] = '\0'; - } - if (a->cv_key != NULL) { - (*a->cv_key) (principal); - } - fprintf(a->output_file, "%s %s %d %d %d %d %lx %lx", - principal->name, - principal->instance, - principal->max_life, - principal->kdc_key_ver, - principal->key_version, - principal->attributes, - htonl (principal->key_low), - htonl (principal->key_high)); - print_time(a->output_file, principal->exp_date); - print_time(a->output_file, principal->mod_date); - fprintf(a->output_file, " %s %s\n", - principal->mod_name, - principal->mod_instance); - return 0; -} - -int -dump_db (db_file, output_file, cv_key) - char *db_file; - FILE *output_file; - void (*cv_key)(); -{ - struct callback_args a; - - a.cv_key = cv_key; - a.output_file = output_file; - - kerb_db_iterate (dump_db_1, (char *)&a); - return fflush(output_file); -} - -void -load_db (db_file, input_file) - char *db_file; - FILE *input_file; -{ - char exp_date_str[50]; - char mod_date_str[50]; - int temp1, temp2, temp3; - long time_explode(); - int code; - char *temp_db_file; - temp1 = strlen(db_file)+2; - temp_db_file = malloc (temp1); - strcpy(temp_db_file, db_file); - strcat(temp_db_file, "~"); - - /* Create the database */ - if ((code = kerb_db_create(temp_db_file)) != 0) { - fprintf(stderr, "Couldn't create temp database %s: %s\n", - temp_db_file, sys_errlist[code]); - exit(1); - } - kerb_db_set_name(temp_db_file); - for (;;) { /* explicit break on eof from fscanf */ - bzero((char *)&aprinc, sizeof(aprinc)); - if (fscanf(input_file, - "%s %s %d %d %d %hd %lx %lx %s %s %s %s\n", - aprinc.name, - aprinc.instance, - &temp1, - &temp2, - &temp3, - &aprinc.attributes, - &aprinc.key_low, - &aprinc.key_high, - exp_date_str, - mod_date_str, - aprinc.mod_name, - aprinc.mod_instance) == EOF) - break; - aprinc.key_low = ntohl (aprinc.key_low); - aprinc.key_high = ntohl (aprinc.key_high); - aprinc.max_life = (unsigned char) temp1; - aprinc.kdc_key_ver = (unsigned char) temp2; - aprinc.key_version = (unsigned char) temp3; - aprinc.exp_date = time_explode(exp_date_str); - aprinc.mod_date = time_explode(mod_date_str); - if (aprinc.instance[0] == '*') - aprinc.instance[0] = '\0'; - if (aprinc.mod_name[0] == '*') - aprinc.mod_name[0] = '\0'; - if (aprinc.mod_instance[0] == '*') - aprinc.mod_instance[0] = '\0'; - if (kerb_db_put_principal(&aprinc, 1) != 1) { - fprintf(stderr, "Couldn't store %s.%s: %s; load aborted\n", - aprinc.name, aprinc.instance, - sys_errlist[errno]); - exit(1); - }; - } - if ((code = kerb_db_rename(temp_db_file, db_file)) != 0) - perror("database rename failed"); - (void) fclose(input_file); - free(temp_db_file); -} - -void -print_time(file, timeval) - FILE *file; - unsigned long timeval; -{ - struct tm *tm; - struct tm *gmtime(); - tm = gmtime((long *)&timeval); - fprintf(file, " %04d%02d%02d%02d%02d", - tm->tm_year < 1900 ? tm->tm_year + 1900: tm->tm_year, - tm->tm_mon + 1, - tm->tm_mday, - tm->tm_hour, - tm->tm_min); -} - -/*ARGSUSED*/ -void -update_ok_file (file_name) - char *file_name; -{ - /* handle slave locking/failure stuff */ - char *file_ok; - int fd; - static char ok[]=".dump_ok"; - - if ((file_ok = (char *)malloc(strlen(file_name) + strlen(ok) + 1)) - == NULL) { - fprintf(stderr, "kdb_util: out of memory.\n"); - (void) fflush (stderr); - perror ("malloc"); - exit (1); - } - strcpy(file_ok, file_name); - strcat(file_ok, ok); - if ((fd = open(file_ok, O_WRONLY|O_CREAT|O_TRUNC, 0400)) < 0) { - fprintf(stderr, "Error creating 'ok' file, '%s'", file_ok); - perror(""); - (void) fflush (stderr); - exit (1); - } - free(file_ok); - close(fd); -} - -void -convert_key_new_master (p) - Principal *p; -{ - des_cblock key; - - /* leave null keys alone */ - if ((p->key_low == 0) && (p->key_high == 0)) return; - - /* move current key to des_cblock for encryption, special case master key - since that's changing */ - if ((strncmp (p->name, KERB_M_NAME, ANAME_SZ) == 0) && - (strncmp (p->instance, KERB_M_INST, INST_SZ) == 0)) { - bcopy((char *)new_master_key, (char *) key, sizeof (des_cblock)); - (p->key_version)++; - } else { - bcopy((char *)&(p->key_low), (char *)key, 4); - bcopy((char *)&(p->key_high), (char *) (((long *) key) + 1), 4); - kdb_encrypt_key (key, key, master_key, master_key_schedule, DECRYPT); - } - - kdb_encrypt_key (key, key, new_master_key, new_master_key_schedule, ENCRYPT); - - bcopy((char *)key, (char *)&(p->key_low), 4); - bcopy((char *)(((long *) key) + 1), (char *)&(p->key_high), 4); - bzero((char *)key, sizeof (key)); /* a little paranoia ... */ - - (p->kdc_key_ver)++; -} - -void -convert_new_master_key (db_file, out) - char *db_file; - FILE *out; -{ - - printf ("\n\nEnter the CURRENT master key."); - if (kdb_get_master_key (TRUE, master_key, master_key_schedule) != 0) { - fprintf (stderr, "get_master_key: Couldn't get master key.\n"); - clear_secrets (); - exit (-1); - } - - if (kdb_verify_master_key (master_key, master_key_schedule, stderr) < 0) { - clear_secrets (); - exit (-1); - } - - printf ("\n\nNow enter the NEW master key. Do not forget it!!"); - if (kdb_get_master_key (TRUE, new_master_key, new_master_key_schedule) != 0) { - fprintf (stderr, "get_master_key: Couldn't get new master key.\n"); - clear_secrets (); - exit (-1); - } - - dump_db (db_file, out, convert_key_new_master); -} - -void -convert_key_old_db (p) - Principal *p; -{ - des_cblock key; - - /* leave null keys alone */ - if ((p->key_low == 0) && (p->key_high == 0)) return; - - bcopy((char *)&(p->key_low), (char *)key, 4); - bcopy((char *)&(p->key_high), (char *)(((long *) key) + 1), 4); - -#ifndef NOENCRYPTION - des_pcbc_encrypt((des_cblock *)key,(des_cblock *)key, - (long)sizeof(des_cblock),master_key_schedule, - (des_cblock *)master_key_schedule,DECRYPT); -#endif - - /* make new key, new style */ - kdb_encrypt_key (key, key, master_key, master_key_schedule, ENCRYPT); - - bcopy((char *)key, (char *)&(p->key_low), 4); - bcopy((char *)(((long *) key) + 1), (char *)&(p->key_high), 4); - bzero((char *)key, sizeof (key)); /* a little paranoia ... */ -} - -void -convert_old_format_db (db_file, out) - char *db_file; - FILE *out; -{ - des_cblock key_from_db; - Principal principal_data[1]; - int n, more; - - if (kdb_get_master_key (TRUE, master_key, master_key_schedule) != 0L) { - fprintf (stderr, "verify_master_key: Couldn't get master key.\n"); - clear_secrets(); - exit (-1); - } - - /* can't call kdb_verify_master_key because this is an old style db */ - /* lookup the master key version */ - n = kerb_get_principal(KERB_M_NAME, KERB_M_INST, principal_data, - 1 /* only one please */, &more); - if ((n != 1) || more) { - fprintf(stderr, "verify_master_key: " - "Kerberos error on master key lookup, %d found.\n", - n); - exit (-1); - } - - /* set up the master key */ - fprintf(stderr, "Current Kerberos master key version is %d.\n", - principal_data[0].kdc_key_ver); - - /* - * now use the master key to decrypt (old style) the key in the db, had better - * be the same! - */ - bcopy((char *)&principal_data[0].key_low, (char *)key_from_db, 4); - bcopy((char *)&principal_data[0].key_high, - (char *)(((long *) key_from_db) + 1), 4); -#ifndef NOENCRYPTION - des_pcbc_encrypt((des_cblock *)key_from_db,(des_cblock *)key_from_db, - (long)sizeof(key_from_db),master_key_schedule, - (des_cblock *)master_key_schedule,DECRYPT); -#endif - /* the decrypted database key had better equal the master key */ - n = bcmp((char *) master_key, (char *) key_from_db, - sizeof(master_key)); - bzero((char *)key_from_db, sizeof(key_from_db)); - - if (n) { - fprintf(stderr, "\n\07\07verify_master_key: Invalid master key, "); - fprintf(stderr, "does not match database.\n"); - exit (-1); - } - - fprintf(stderr, "Master key verified.\n"); - (void) fflush(stderr); - - dump_db (db_file, out, convert_key_old_db); -} - -long -time_explode(cp) -register char *cp; -{ - char wbuf[5]; - struct tm tp; - long maketime(); - int local; - - zaptime(&tp); /* clear out the struct */ - - if (strlen(cp) > 10) { /* new format */ - (void) strncpy(wbuf, cp, 4); - wbuf[4] = 0; - tp.tm_year = atoi(wbuf); - cp += 4; /* step over the year */ - local = 0; /* GMT */ - } else { /* old format: local time, - year is 2 digits, assuming 19xx */ - wbuf[0] = *cp++; - wbuf[1] = *cp++; - wbuf[2] = 0; - tp.tm_year = 1900 + atoi(wbuf); - local = 1; /* local */ - } - - wbuf[0] = *cp++; - wbuf[1] = *cp++; - wbuf[2] = 0; - tp.tm_mon = atoi(wbuf)-1; - - wbuf[0] = *cp++; - wbuf[1] = *cp++; - tp.tm_mday = atoi(wbuf); - - wbuf[0] = *cp++; - wbuf[1] = *cp++; - tp.tm_hour = atoi(wbuf); - - wbuf[0] = *cp++; - wbuf[1] = *cp++; - tp.tm_min = atoi(wbuf); - - - return(maketime(&tp, local)); -} diff --git a/eBones/kdestroy/Makefile b/eBones/kdestroy/Makefile deleted file mode 100644 index 1e4da0a..0000000 --- a/eBones/kdestroy/Makefile +++ /dev/null @@ -1,11 +0,0 @@ -# From: @(#)Makefile 5.1 (Berkeley) 6/25/90 -# $Id: Makefile,v 1.3 1995/07/18 16:37:42 mark Exp $ - -PROG= kdestroy -CFLAGS+=-DKERBEROS -DDEBUG -I${.CURDIR}/../include -DBSD42 -Wall -DPADD= ${LIBKRB} -LDADD= -L${KRBOBJDIR} -lkrb -ldes -BINDIR= /usr/bin -MAN1= kdestroy.1 - -.include diff --git a/eBones/kdestroy/kdestroy.c b/eBones/kdestroy/kdestroy.c deleted file mode 100644 index 926eea5..0000000 --- a/eBones/kdestroy/kdestroy.c +++ /dev/null @@ -1,83 +0,0 @@ -/* - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. - * For copying and distribution information, please see the file - * . - * - * This program causes Kerberos tickets to be destroyed. - * Options are: - * - * -q[uiet] - no bell even if tickets not destroyed - * -f[orce] - no message printed at all - * - * from: kdestroy.c,v 4.5 88/03/18 15:16:02 steiner Exp $ - * $Id: kdestroy.c,v 1.3 1995/07/18 16:37:44 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: kdestroy.c,v 1.3 1995/07/18 16:37:44 mark Exp $"; -#endif lint -#endif - -#include -#include -#ifdef BSD42 -#include -#endif BSD42 - - -static char *pname; - -static void -usage() -{ - fprintf(stderr, "Usage: %s [-f] [-q]\n", pname); - exit(1); -} - -int -main(argc, argv) - int argc; - char *argv[]; -{ - int fflag=0, qflag=0, k_errno; - register char *cp; - - cp = rindex (argv[0], '/'); - if (cp == NULL) - pname = argv[0]; - else - pname = cp+1; - - if (argc > 2) - usage(); - else if (argc == 2) { - if (!strcmp(argv[1], "-f")) - ++fflag; - else if (!strcmp(argv[1], "-q")) - ++qflag; - else usage(); - } - - k_errno = dest_tkt(); - - if (fflag) { - if (k_errno != 0 && k_errno != RET_TKFIL) - exit(1); - else - exit(0); - } else { - if (k_errno == 0) - printf("Tickets destroyed.\n"); - else if (k_errno == RET_TKFIL) - fprintf(stderr, "No tickets to destroy.\n"); - else { - fprintf(stderr, "Tickets NOT destroyed.\n"); - if (!qflag) - fprintf(stderr, "\007"); - exit(1); - } - } - exit(0); -} diff --git a/eBones/kerberos/Makefile b/eBones/kerberos/Makefile deleted file mode 100644 index 7db860e..0000000 --- a/eBones/kerberos/Makefile +++ /dev/null @@ -1,11 +0,0 @@ -# From: @(#)Makefile 5.1 (Berkeley) 6/25/90 -# $Id: Makefile,v 1.3 1995/07/18 16:37:47 mark Exp $ - -PROG= kerberos -SRCS= kerberos.c cr_err_reply.c -CFLAGS+=-DKERBEROS -DDEBUG -I${.CURDIR}/../include -Wall -DPADD= ${LIBKDB} ${LIBKRB} -LDADD= -L${KDBOBJDIR} -lkdb -L${KRBOBJDIR} -lkrb -ldes -NOMAN= noman - -.include diff --git a/eBones/kerberos/cr_err_reply.c b/eBones/kerberos/cr_err_reply.c deleted file mode 100644 index 89ee5f6..0000000 --- a/eBones/kerberos/cr_err_reply.c +++ /dev/null @@ -1,97 +0,0 @@ -/* - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * For copying and distribution information, please see the file - * . - * - * from: cr_err_reply.c,v 4.10 89/01/10 11:34:42 steiner Exp $ - * $Id: cr_err_reply.c,v 1.2 1995/07/18 16:37:49 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: cr_err_reply.c,v 1.2 1995/07/18 16:37:49 mark Exp $"; -#endif /* lint */ -#endif - -#include -#include -#include -#include - -extern int req_act_vno; /* this is defined in the kerberos - * server code */ - -/* - * This routine is used by the Kerberos authentication server to - * create an error reply packet to send back to its client. - * - * It takes a pointer to the packet to be built, the name, instance, - * and realm of the principal, the client's timestamp, an error code - * and an error string as arguments. Its return value is undefined. - * - * The packet is built in the following format: - * - * type variable data - * or constant - * ---- ----------- ---- - * - * unsigned char req_ack_vno protocol version number - * - * unsigned char AUTH_MSG_ERR_REPLY protocol message type - * - * [least significant HOST_BYTE_ORDER sender's (server's) byte - * bit of above field] order - * - * string pname principal's name - * - * string pinst principal's instance - * - * string prealm principal's realm - * - * unsigned long time_ws client's timestamp - * - * unsigned long e error code - * - * string e_string error text - */ - -void -cr_err_reply(pkt,pname,pinst,prealm,time_ws,e,e_string) - KTEXT pkt; - char *pname; /* Principal's name */ - char *pinst; /* Principal's instance */ - char *prealm; /* Principal's authentication domain */ - u_long time_ws; /* Workstation time */ - u_long e; /* Error code */ - char *e_string; /* Text of error */ -{ - u_char *v = (u_char *) pkt->dat; /* Prot vers number */ - u_char *t = (u_char *)(pkt->dat+1); /* Prot message type */ - - /* Create fixed part of packet */ - *v = (unsigned char) req_act_vno; /* KRB_PROT_VERSION; */ - *t = (unsigned char) AUTH_MSG_ERR_REPLY; - *t |= HOST_BYTE_ORDER; - - /* Add the basic info */ - (void) strcpy((char *) (pkt->dat+2),pname); - pkt->length = 3 + strlen(pname); - (void) strcpy((char *)(pkt->dat+pkt->length),pinst); - pkt->length += 1 + strlen(pinst); - (void) strcpy((char *)(pkt->dat+pkt->length),prealm); - pkt->length += 1 + strlen(prealm); - /* ws timestamp */ - bcopy((char *) &time_ws,(char *)(pkt->dat+pkt->length),4); - pkt->length += 4; - /* err code */ - bcopy((char *) &e,(char *)(pkt->dat+pkt->length),4); - pkt->length += 4; - /* err text */ - (void) strcpy((char *)(pkt->dat+pkt->length),e_string); - pkt->length += 1 + strlen(e_string); - - /* And return */ - return; -} diff --git a/eBones/kerberos/kerberos.c b/eBones/kerberos/kerberos.c deleted file mode 100644 index 236bbbd..0000000 --- a/eBones/kerberos/kerberos.c +++ /dev/null @@ -1,816 +0,0 @@ -/* - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * For copying and distribution information, please see the file - * . - * - * from: kerberos.c,v 4.19 89/11/01 17:18:07 qjb Exp $ - * $Id: kerberos.c,v 1.4 1995/07/18 16:37:51 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: kerberos.c,v 1.4 1995/07/18 16:37:51 mark Exp $"; -#endif lint -#endif - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include - -void cr_err_reply(KTEXT pkt, char *pname, char *pinst, char *prealm, - u_long time_ws, u_long e, char *e_string); -void kerb_err_reply(struct sockaddr_in *client, KTEXT pkt, long err, - char *string); -void setup_disc(void); -void kerberos(struct sockaddr_in *client, KTEXT pkt); -int check_princ(char *p_name, char *instance, unsigned lifetime, Principal *p); -int set_tgtkey(char *r); - -struct sockaddr_in s_in = {AF_INET}; -int f; - -/* XXX several files in libkdb know about this */ -char *progname; - -static Key_schedule master_key_schedule; -static C_Block master_key; - -static struct timeval kerb_time; -static Principal a_name_data; /* for requesting user */ -static Principal s_name_data; /* for services requested */ -static C_Block session_key; -static u_char master_key_version; -static char k_instance[INST_SZ]; -static char *lt; -static int more; - -static int mflag; /* Are we invoked manually? */ -static int lflag; /* Have we set an alterate log file? */ -static char *log_file; /* name of alt. log file */ -static int nflag; /* don't check max age */ -static int rflag; /* alternate realm specified */ - -/* fields within the received request packet */ -static u_char req_msg_type; -static u_char req_version; -static char *req_name_ptr; -static char *req_inst_ptr; -static char *req_realm_ptr; -static u_long req_time_ws; - -int req_act_vno = KRB_PROT_VERSION; /* Temporary for version skew */ - -static char local_realm[REALM_SZ]; - -/* statistics */ -static long q_bytes; /* current bytes remaining in queue */ -static long q_n; /* how many consecutive non-zero - * q_bytes */ -static long max_q_bytes; -static long max_q_n; -static long n_auth_req; -static long n_appl_req; -static long n_packets; - -static long max_age = -1; -static long pause_int = -1; - -static void check_db_age(); -static void hang(); - -/* - * Print usage message and exit. - */ -static void usage() -{ - fprintf(stderr, "Usage: %s [-s] [-m] [-n] [-p pause_seconds]%s%s\n", progname, - " [-a max_age] [-l log_file] [-r realm]" - ," [database_pathname]" - ); - exit(1); -} - - -int -main(argc, argv) - int argc; - char **argv; -{ - struct sockaddr_in from; - register int n; - int on = 1; - int child; - struct servent *sp; - int fromlen; - static KTEXT_ST pkt_st; - KTEXT pkt = &pkt_st; - int kerror; - int c; - extern char *optarg; - extern int optind; - - progname = argv[0]; - - while ((c = getopt(argc, argv, "snmp:a:l:r:")) != EOF) { - switch(c) { - case 's': - /* - * Set parameters to slave server defaults. - */ - if (max_age == -1 && !nflag) - max_age = ONE_DAY; /* 24 hours */ - if (pause_int == -1) - pause_int = FIVE_MINUTES; /* 5 minutes */ - if (lflag == 0) { - log_file = KRBSLAVELOG; - lflag++; - } - break; - case 'n': - max_age = -1; /* don't check max age. */ - nflag++; - break; - case 'm': - mflag++; /* running manually; prompt for master key */ - break; - case 'p': - /* Set pause interval. */ - if (!isdigit(optarg[0])) - usage(); - pause_int = atoi(optarg); - if ((pause_int < 5) || (pause_int > ONE_HOUR)) { - fprintf(stderr, "pause_int must be between 5 and 3600 seconds.\n"); - usage(); - } - break; - case 'a': - /* Set max age. */ - if (!isdigit(optarg[0])) - usage(); - max_age = atoi(optarg); - if ((max_age < ONE_HOUR) || (max_age > THREE_DAYS)) { - fprintf(stderr, "max_age must be between one hour and three days, in seconds\n"); - usage(); - } - break; - case 'l': - /* Set alternate log file */ - lflag++; - log_file = optarg; - break; - case 'r': - /* Set realm name */ - rflag++; - strcpy(local_realm, optarg); - break; - default: - usage(); - break; - } - } - - if (optind == (argc-1)) { - if (kerb_db_set_name(argv[optind]) != 0) { - fprintf(stderr, "Could not set alternate database name\n"); - exit(1); - } - optind++; - } - - if (optind != argc) - usage(); - - printf("Kerberos server starting\n"); - - if ((!nflag) && (max_age != -1)) - printf("\tMaximum database age: %ld seconds\n", max_age); - if (pause_int != -1) - printf("\tSleep for %ld seconds on error\n", pause_int); - else - printf("\tSleep forever on error\n"); - if (mflag) - printf("\tMaster key will be entered manually\n"); - - printf("\tLog file is %s\n", lflag ? log_file : KRBLOG); - - if (lflag) - kset_logfile(log_file); - - /* find our hostname, and use it as the instance */ - if (gethostname(k_instance, INST_SZ)) { - fprintf(stderr, "%s: gethostname error\n", progname); - exit(1); - } - - if ((sp = getservbyname("kerberos", "udp")) == 0) { - fprintf(stderr, "%s: udp/kerberos unknown service\n", progname); - exit(1); - } - s_in.sin_port = sp->s_port; - - if ((f = socket(AF_INET, SOCK_DGRAM, 0)) < 0) { - fprintf(stderr, "%s: Can't open socket\n", progname); - exit(1); - } - if (setsockopt(f, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) < 0) - fprintf(stderr, "%s: setsockopt (SO_REUSEADDR)\n", progname); - - if (bind(f, (struct sockaddr *) &s_in, S_AD_SZ) < 0) { - fprintf(stderr, "%s: Can't bind socket\n", progname); - exit(1); - } - /* do all the database and cache inits */ - if ((n = kerb_init())) { - if (mflag) { - printf("Kerberos db and cache init "); - printf("failed = %d ...exiting\n", n); - exit(-1); - } else { - klog(L_KRB_PERR, - "Kerberos db and cache init failed = %d ...exiting", n); - hang(); - } - } - - /* Make sure database isn't stale */ - check_db_age(); - - /* setup master key */ - if (kdb_get_master_key (mflag, master_key, master_key_schedule) != 0) { - klog (L_KRB_PERR, "kerberos: couldn't get master key.\n"); - exit (-1); - } - kerror = kdb_verify_master_key (master_key, master_key_schedule, stdout); - if (kerror < 0) { - klog (L_KRB_PERR, "Can't verify master key."); - bzero (master_key, sizeof (master_key)); - bzero (master_key_schedule, sizeof (master_key_schedule)); - exit (-1); - } - - master_key_version = (u_char) kerror; - - fprintf(stdout, "\nCurrent Kerberos master key version is %d\n", - master_key_version); - - if (!rflag) { - /* Look up our local realm */ - krb_get_lrealm(local_realm, 1); - } - fprintf(stdout, "Local realm: %s\n", local_realm); - fflush(stdout); - - if (set_tgtkey(local_realm)) { - /* Ticket granting service unknown */ - klog(L_KRB_PERR, "Ticket granting ticket service unknown"); - fprintf(stderr, "Ticket granting ticket service unknown\n"); - exit(1); - } - if (mflag) { - if ((child = fork()) != 0) { - printf("Kerberos started, PID=%d\n", child); - exit(0); - } - setup_disc(); - } - /* receive loop */ - for (;;) { - fromlen = S_AD_SZ; - n = recvfrom(f, pkt->dat, MAX_PKT_LEN, 0, (struct sockaddr *) &from, - &fromlen); - if (n > 0) { - pkt->length = n; - pkt->mbz = 0; /* force zeros to catch runaway strings */ - /* see what is left in the input queue */ - ioctl(f, FIONREAD, &q_bytes); - gettimeofday(&kerb_time, NULL); - q_n++; - max_q_n = max(max_q_n, q_n); - n_packets++; - klog(L_NET_INFO, - "q_byt %d, q_n %d, rd_byt %d, mx_q_b %d, mx_q_n %d, n_pkt %d", - q_bytes, q_n, n, max_q_bytes, max_q_n, n_packets, 0); - max_q_bytes = max(max_q_bytes, q_bytes); - if (!q_bytes) - q_n = 0; /* reset consecutive packets */ - kerberos(&from, pkt); - } else - klog(L_NET_ERR, - "%s: bad recvfrom n = %d errno = %d", progname, n, errno, 0); - } -} - -void -kerberos(client, pkt) - struct sockaddr_in *client; - KTEXT pkt; -{ - static KTEXT_ST rpkt_st; - KTEXT rpkt = &rpkt_st; - static KTEXT_ST ciph_st; - KTEXT ciph = &ciph_st; - static KTEXT_ST tk_st; - KTEXT tk = &tk_st; - static KTEXT_ST auth_st; - KTEXT auth = &auth_st; - AUTH_DAT ad_st; - AUTH_DAT *ad = &ad_st; - - - static struct in_addr client_host; - static int msg_byte_order; - static int swap_bytes; - static u_char k_flags; - u_long lifetime; - int i; - C_Block key; - Key_schedule key_s; - char *ptr; - - - - ciph->length = 0; - - client_host = client->sin_addr; - - /* eval macros and correct the byte order and alignment as needed */ - req_version = pkt_version(pkt); /* 1 byte, version */ - req_msg_type = pkt_msg_type(pkt); /* 1 byte, Kerberos msg type */ - - req_act_vno = req_version; - - /* check packet version */ - if (req_version != KRB_PROT_VERSION) { - lt = klog(L_KRB_PERR, - "KRB prot version mismatch: KRB =%d request = %d", - KRB_PROT_VERSION, req_version, 0); - /* send an error reply */ - kerb_err_reply(client, pkt, KERB_ERR_PKT_VER, lt); - return; - } - msg_byte_order = req_msg_type & 1; - - swap_bytes = 0; - if (msg_byte_order != HOST_BYTE_ORDER) { - swap_bytes++; - } - klog(L_KRB_PINFO, - "Prot version: %d, Byte order: %d, Message type: %d", - req_version, msg_byte_order, req_msg_type); - - switch (req_msg_type & ~1) { - - case AUTH_MSG_KDC_REQUEST: - { - u_long req_life; /* Requested liftime */ - char *service; /* Service name */ - char *instance; /* Service instance */ - n_auth_req++; - tk->length = 0; - k_flags = 0; /* various kerberos flags */ - - - /* set up and correct for byte order and alignment */ - req_name_ptr = (char *) pkt_a_name(pkt); - req_inst_ptr = (char *) pkt_a_inst(pkt); - req_realm_ptr = (char *) pkt_a_realm(pkt); - bcopy(pkt_time_ws(pkt), &req_time_ws, sizeof(req_time_ws)); - /* time has to be diddled */ - if (swap_bytes) { - swap_u_long(req_time_ws); - } - ptr = (char *) pkt_time_ws(pkt) + 4; - - req_life = (u_long) (*ptr++); - - service = ptr; - instance = ptr + strlen(service) + 1; - - rpkt = &rpkt_st; - klog(L_INI_REQ, - "Initial ticket request Host: %s User: \"%s\" \"%s\"", - inet_ntoa(client_host), req_name_ptr, req_inst_ptr, 0); - - if ((i = check_princ(req_name_ptr, req_inst_ptr, 0, - &a_name_data))) { - kerb_err_reply(client, pkt, i, lt); - return; - } - tk->length = 0; /* init */ - if (strcmp(service, "krbtgt")) - klog(L_NTGT_INTK, - "INITIAL request from %s.%s for %s.%s", - req_name_ptr, req_inst_ptr, service, instance, 0); - /* this does all the checking */ - if ((i = check_princ(service, instance, lifetime, - &s_name_data))) { - kerb_err_reply(client, pkt, i, lt); - return; - } - /* Bound requested lifetime with service and user */ - lifetime = min(req_life, ((u_long) s_name_data.max_life)); - lifetime = min(lifetime, ((u_long) a_name_data.max_life)); - -#ifdef NOENCRYPTION - bzero(session_key, sizeof(C_Block)); -#else - random_key(session_key); -#endif - /* unseal server's key from master key */ - bcopy(&s_name_data.key_low, key, 4); - bcopy(&s_name_data.key_high, ((long *) key) + 1, 4); - kdb_encrypt_key(key, key, master_key, - master_key_schedule, DECRYPT); - /* construct and seal the ticket */ - krb_create_ticket(tk, k_flags, a_name_data.name, - a_name_data.instance, local_realm, - client_host.s_addr, session_key, lifetime, kerb_time.tv_sec, - s_name_data.name, s_name_data.instance, key); - bzero(key, sizeof(key)); - bzero(key_s, sizeof(key_s)); - - /* - * get the user's key, unseal it from the server's key, and - * use it to seal the cipher - */ - - /* a_name_data.key_low a_name_data.key_high */ - bcopy(&a_name_data.key_low, key, 4); - bcopy(&a_name_data.key_high, ((long *) key) + 1, 4); - - /* unseal the a_name key from the master key */ - kdb_encrypt_key(key, key, master_key, - master_key_schedule, DECRYPT); - - create_ciph(ciph, session_key, s_name_data.name, - s_name_data.instance, local_realm, lifetime, - s_name_data.key_version, tk, kerb_time.tv_sec, key); - - /* clear session key */ - bzero(session_key, sizeof(session_key)); - - bzero(key, sizeof(key)); - - - - /* always send a reply packet */ - rpkt = create_auth_reply(req_name_ptr, req_inst_ptr, - req_realm_ptr, req_time_ws, 0, a_name_data.exp_date, - a_name_data.key_version, ciph); - sendto(f, rpkt->dat, rpkt->length, 0, (struct sockaddr *) client, - S_AD_SZ); - bzero(&a_name_data, sizeof(a_name_data)); - bzero(&s_name_data, sizeof(s_name_data)); - break; - } - case AUTH_MSG_APPL_REQUEST: - { - u_long time_ws; /* Workstation time */ - u_long req_life; /* Requested liftime */ - char *service; /* Service name */ - char *instance; /* Service instance */ - int kerno; /* Kerberos error number */ - char tktrlm[REALM_SZ]; - - n_appl_req++; - tk->length = 0; - k_flags = 0; /* various kerberos flags */ - - auth->length = 4 + strlen(pkt->dat + 3); - auth->length += (int) *(pkt->dat + auth->length) + - (int) *(pkt->dat + auth->length + 1) + 2; - - bcopy(pkt->dat, auth->dat, auth->length); - - strncpy(tktrlm, auth->dat + 3, REALM_SZ); - if (set_tgtkey(tktrlm)) { - lt = klog(L_ERR_UNK, - "FAILED realm %s unknown. Host: %s ", - tktrlm, inet_ntoa(client_host)); - kerb_err_reply(client, pkt, kerno, lt); - return; - } - kerno = krb_rd_req(auth, "ktbtgt", tktrlm, client_host.s_addr, - ad, 0); - - if (kerno) { - klog(L_ERR_UNK, "FAILED krb_rd_req from %s: %s", - inet_ntoa(client_host), krb_err_txt[kerno]); - kerb_err_reply(client, pkt, kerno, "krb_rd_req failed"); - return; - } - ptr = (char *) pkt->dat + auth->length; - - bcopy(ptr, &time_ws, 4); - ptr += 4; - - req_life = (u_long) (*ptr++); - - service = ptr; - instance = ptr + strlen(service) + 1; - - klog(L_APPL_REQ, "APPL Request %s.%s@%s on %s for %s.%s", - ad->pname, ad->pinst, ad->prealm, inet_ntoa(client_host), - service, instance, 0); - - if (strcmp(ad->prealm, tktrlm)) { - kerb_err_reply(client, pkt, KERB_ERR_PRINCIPAL_UNKNOWN, - "Can't hop realms"); - return; - } - if (!strcmp(service, "changepw")) { - kerb_err_reply(client, pkt, KERB_ERR_PRINCIPAL_UNKNOWN, - "Can't authorize password changed based on TGT"); - return; - } - kerno = check_princ(service, instance, req_life, - &s_name_data); - if (kerno) { - kerb_err_reply(client, pkt, kerno, lt); - return; - } - /* Bound requested lifetime with service and user */ - lifetime = min(req_life, - (ad->life - ((kerb_time.tv_sec - ad->time_sec) / 300))); - lifetime = min(lifetime, ((u_long) s_name_data.max_life)); - - /* unseal server's key from master key */ - bcopy(&s_name_data.key_low, key, 4); - bcopy(&s_name_data.key_high, ((long *) key) + 1, 4); - kdb_encrypt_key(key, key, master_key, - master_key_schedule, DECRYPT); - /* construct and seal the ticket */ - -#ifdef NOENCRYPTION - bzero(session_key, sizeof(C_Block)); -#else - random_key(session_key); -#endif - - krb_create_ticket(tk, k_flags, ad->pname, ad->pinst, - ad->prealm, client_host.s_addr, - session_key, lifetime, kerb_time.tv_sec, - s_name_data.name, s_name_data.instance, - key); - bzero(key, sizeof(key)); - bzero(key_s, sizeof(key_s)); - - create_ciph(ciph, session_key, service, instance, - local_realm, - lifetime, s_name_data.key_version, tk, - kerb_time.tv_sec, ad->session); - - /* clear session key */ - bzero(session_key, sizeof(session_key)); - - bzero(ad->session, sizeof(ad->session)); - - rpkt = create_auth_reply(ad->pname, ad->pinst, - ad->prealm, time_ws, - 0, 0, 0, ciph); - sendto(f, rpkt->dat, rpkt->length, 0, (struct sockaddr *) client, - S_AD_SZ); - bzero(&s_name_data, sizeof(s_name_data)); - break; - } - - -#ifdef notdef_DIE - case AUTH_MSG_DIE: - { - lt = klog(L_DEATH_REQ, - "Host: %s User: \"%s\" \"%s\" Kerberos killed", - inet_ntoa(client_host), req_name_ptr, req_inst_ptr, 0); - exit(0); - } -#endif notdef_DIE - - default: - { - lt = klog(L_KRB_PERR, - "Unknown message type: %d from %s port %u", - req_msg_type, inet_ntoa(client_host), - ntohs(client->sin_port)); - break; - } - } -} - - -/* - * setup_disc - * - * disconnect all descriptors, remove ourself from the process - * group that spawned us. - */ - -void -setup_disc() -{ - - int s; - - for (s = 0; s < 3; s++) { - (void) close(s); - } - - (void) open("/dev/null", 0); - (void) dup2(0, 1); - (void) dup2(0, 2); - - s = open("/dev/tty", 2); - - if (s >= 0) { - ioctl(s, TIOCNOTTY, (struct sgttyb *) 0); - (void) close(s); - } - (void) chdir("/tmp"); -} - - -/* - * kerb_er_reply creates an error reply packet and sends it to the - * client. - */ - -void -kerb_err_reply(client, pkt, err, string) - struct sockaddr_in *client; - KTEXT pkt; - long err; - char *string; - -{ - static KTEXT_ST e_pkt_st; - KTEXT e_pkt = &e_pkt_st; - static char e_msg[128]; - - strcpy(e_msg, "\nKerberos error -- "); - strcat(e_msg, string); - cr_err_reply(e_pkt, req_name_ptr, req_inst_ptr, req_realm_ptr, - req_time_ws, err, e_msg); - sendto(f, e_pkt->dat, e_pkt->length, 0, (struct sockaddr *) client, - S_AD_SZ); - -} - -/* - * Make sure that database isn't stale. - * - * Exit if it is; we don't want to tell lies. - */ - -static void check_db_age() -{ - long age; - - if (max_age != -1) { - /* Requires existance of kerb_get_db_age() */ - gettimeofday(&kerb_time, 0); - age = kerb_get_db_age(); - if (age == 0) { - klog(L_KRB_PERR, "Database currently being updated!"); - hang(); - } - if ((age + max_age) < kerb_time.tv_sec) { - klog(L_KRB_PERR, "Database out of date!"); - hang(); - /* NOTREACHED */ - } - } -} - -int -check_princ(p_name, instance, lifetime, p) - char *p_name; - char *instance; - unsigned lifetime; - - Principal *p; -{ - static int n; - static int more; - - n = kerb_get_principal(p_name, instance, p, 1, &more); - klog(L_ALL_REQ, - "Principal: \"%s\", Instance: \"%s\" Lifetime = %d n = %d", - p_name, instance, lifetime, n, 0); - - if (n < 0) { - lt = klog(L_KRB_PERR, "Database unavailable!"); - hang(); - } - - /* - * if more than one p_name, pick one, randomly create a session key, - * compute maximum lifetime, lookup authorizations if applicable, - * and stuff into cipher. - */ - if (n == 0) { - /* service unknown, log error, skip to next request */ - lt = klog(L_ERR_UNK, "UNKNOWN \"%s\" \"%s\"", p_name, - instance, 0); - return KERB_ERR_PRINCIPAL_UNKNOWN; - } - if (more) { - /* not unique, log error */ - lt = klog(L_ERR_NUN, "Principal NOT UNIQUE \"%s\" \"%s\"", - p_name, instance, 0); - return KERB_ERR_PRINCIPAL_NOT_UNIQUE; - } - /* If the user's key is null, we want to return an error */ - if ((p->key_low == 0) && (p->key_high == 0)) { - /* User has a null key */ - lt = klog(L_ERR_NKY, "Null key \"%s\" \"%s\"", p_name, - instance, 0); - return KERB_ERR_NULL_KEY; - } - if (master_key_version != p->kdc_key_ver) { - /* log error reply */ - lt = klog(L_ERR_MKV, - "Key vers incorrect, KRB = %d, \"%s\" \"%s\" = %d", - master_key_version, p->name, p->instance, p->kdc_key_ver, - 0); - return KERB_ERR_NAME_MAST_KEY_VER; - } - /* make sure the service hasn't expired */ - if ((u_long) p->exp_date < (u_long) kerb_time.tv_sec) { - /* service did expire, log it */ - lt = klog(L_ERR_SEXP, - "EXPIRED \"%s\" \"%s\" %s", p->name, p->instance, - stime(&(p->exp_date)), 0); - return KERB_ERR_NAME_EXP; - } - /* ok is zero */ - return 0; -} - - -/* Set the key for krb_rd_req so we can check tgt */ -int -set_tgtkey(r) - char *r; /* Realm for desired key */ -{ - int n; - static char lastrealm[REALM_SZ]; - Principal p_st; - Principal *p = &p_st; - C_Block key; - - if (!strcmp(lastrealm, r)) - return (KSUCCESS); - - log("Getting key for %s", r); - - n = kerb_get_principal("krbtgt", r, p, 1, &more); - if (n == 0) - return (KFAILURE); - - /* unseal tgt key from master key */ - bcopy(&p->key_low, key, 4); - bcopy(&p->key_high, ((long *) key) + 1, 4); - kdb_encrypt_key(key, key, master_key, - master_key_schedule, DECRYPT); - krb_set_key(key, 0); - strcpy(lastrealm, r); - return (KSUCCESS); -} - -static void -hang() -{ - if (pause_int == -1) { - klog(L_KRB_PERR, "Kerberos will pause so as not to loop init"); - for (;;) - pause(); - } else { - char buf[256]; - sprintf(buf, "Kerberos will wait %ld seconds before dying so as not to loop init", pause_int); - klog(L_KRB_PERR, buf); - sleep(pause_int); - klog(L_KRB_PERR, "Do svedania....\n"); - exit(1); - } -} diff --git a/eBones/kinit/Makefile b/eBones/kinit/Makefile deleted file mode 100644 index 884f37d..0000000 --- a/eBones/kinit/Makefile +++ /dev/null @@ -1,11 +0,0 @@ -# From: @(#)Makefile 5.1 (Berkeley) 6/25/90 -# $Id: Makefile,v 1.3 1995/07/18 16:37:53 mark Exp $ - -PROG= kinit -CFLAGS+=-DKERBEROS -DDEBUG -I${.CURDIR}/../include -DBSD42 -Wall -DPADD= ${LIBKRB} ${LIBDES} -LDADD= -L${KRBOBJDIR} -lkrb -ldes -BINDIR= /usr/bin -MAN1= kinit.1 - -.include diff --git a/eBones/kinit/kinit.c b/eBones/kinit/kinit.c deleted file mode 100644 index 3b47c7c..0000000 --- a/eBones/kinit/kinit.c +++ /dev/null @@ -1,224 +0,0 @@ -/* - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. - * For copying and distribution information, please see the file - * . - * - * Routine to initialize user to Kerberos. Prompts optionally for - * user, instance and realm. Authenticates user and gets a ticket - * for the Kerberos ticket-granting service for future use. - * - * Options are: - * - * -i[instance] - * -r[realm] - * -v[erbose] - * -l[ifetime] - * - * from: kinit.c,v 4.12 90/03/20 16:11:15 jon Exp $ - * $Id: kinit.c,v 1.4 1995/08/03 17:16:00 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: kinit.c,v 1.4 1995/08/03 17:16:00 mark Exp $"; -#endif lint -#endif - -#include -#include -#include -#include -#include - -#ifndef ORGANIZATION -#define ORGANIZATION "MIT Project Athena" -#endif /*ORGANIZATION*/ - -#ifdef PC -#define LEN 64 /* just guessing */ -#endif PC - -#if defined(BSD42) || defined(__FreeBSD__) || defined(__NetBSD__) -#include -#include -#if defined(ultrix) || defined(sun) -#define LEN 64 -#else -#define LEN MAXHOSTNAMELEN -#endif /* defined(ultrix) || defined(sun) */ -#endif /* BSD42 */ - -#define LIFE 96 /* lifetime of ticket in 5-minute units */ - -char *progname; - -void usage(void); - -void -get_input(s, size, stream) -char *s; -int size; -FILE *stream; -{ - char *p; - - if (fgets(s, size, stream) == NULL) - exit(1); - if ((p = index(s, '\n')) != NULL) - *p = '\0'; -} - -int -main(argc, argv) - int argc; - char *argv[]; -{ - char aname[ANAME_SZ]; - char inst[INST_SZ]; - char realm[REALM_SZ]; - char buf[LEN]; - char *username = NULL; - int iflag, rflag, vflag, lflag, lifetime, k_errno; - register char *cp; - register i; - - *inst = *realm = '\0'; - iflag = rflag = vflag = lflag = 0; - lifetime = LIFE; - progname = (cp = rindex(*argv, '/')) ? cp + 1 : *argv; - - while (--argc) { - if ((*++argv)[0] != '-') { - if (username) - usage(); - username = *argv; - continue; - } - for (i = 1; (*argv)[i] != '\0'; i++) - switch ((*argv)[i]) { - case 'i': /* Instance */ - ++iflag; - continue; - case 'r': /* Realm */ - ++rflag; - continue; - case 'v': /* Verbose */ - ++vflag; - continue; - case 'l': - ++lflag; - continue; - default: - usage(); - exit(1); - } - } - if (username && - (k_errno = kname_parse(aname, inst, realm, username)) - != KSUCCESS) { - fprintf(stderr, "%s: %s\n", progname, krb_err_txt[k_errno]); - iflag = rflag = 1; - username = NULL; - } - if (k_gethostname(buf, LEN)) { - fprintf(stderr, "%s: k_gethostname failed\n", progname); - exit(1); - } - printf("%s (%s)\n", ORGANIZATION, buf); - if (username) { - printf("Kerberos Initialization for \"%s", aname); - if (*inst) - printf(".%s", inst); - if (*realm) - printf("@%s", realm); - printf("\"\n"); - } else { - if (iflag) { - printf("Kerberos Initialization\n"); - printf("Kerberos name: "); - get_input(aname, sizeof(aname), stdin); - } else { - int uid = getuid(); - char *getenv(); - struct passwd *pwd; - - /* default to current user name unless running as root */ - if (uid == 0 && (username = getenv("USER")) && - strcmp(username, "root") != 0) { - strncpy(aname, username, sizeof(aname)); - strncpy(inst, "root", sizeof(inst)); - } else { - pwd = getpwuid(uid); - - if (pwd == (struct passwd *) NULL) { - fprintf(stderr, "Unknown name for your uid\n"); - printf("Kerberos name: "); - gets(aname); - } else - strncpy(aname, pwd->pw_name, sizeof(aname)); - } - } - - if (!*aname) - exit(0); - if (!k_isname(aname)) { - fprintf(stderr, "%s: bad Kerberos name format\n", - progname); - exit(1); - } - } - /* optional instance */ - if (iflag) { - printf("Kerberos instance: "); - get_input(inst, sizeof(inst), stdin); - if (!k_isinst(inst)) { - fprintf(stderr, "%s: bad Kerberos instance format\n", - progname); - exit(1); - } - } - if (rflag) { - printf("Kerberos realm: "); - get_input(realm, sizeof(realm), stdin); - if (!k_isrealm(realm)) { - fprintf(stderr, "%s: bad Kerberos realm format\n", - progname); - exit(1); - } - } - if (lflag) { - printf("Kerberos ticket lifetime (minutes): "); - get_input(buf, sizeof(buf), stdin); - lifetime = atoi(buf); - if (lifetime < 5) - lifetime = 1; - else - lifetime /= 5; - /* This should be changed if the maximum ticket lifetime */ - /* changes */ - if (lifetime > 255) - lifetime = 255; - } - if (!*realm && krb_get_lrealm(realm, 1)) { - fprintf(stderr, "%s: krb_get_lrealm failed\n", progname); - exit(1); - } - k_errno = krb_get_pw_in_tkt(aname, inst, realm, "krbtgt", realm, - lifetime, 0); - if (vflag) { - printf("Kerberos realm %s:\n", realm); - printf("%s\n", krb_err_txt[k_errno]); - } else if (k_errno) { - fprintf(stderr, "%s: %s\n", progname, krb_err_txt[k_errno]); - exit(1); - } - return 0; -} - -void -usage() -{ - fprintf(stderr, "Usage: %s [-irvl] [name]\n", progname); - exit(1); -} diff --git a/eBones/klist/Makefile b/eBones/klist/Makefile deleted file mode 100644 index c24800b..0000000 --- a/eBones/klist/Makefile +++ /dev/null @@ -1,11 +0,0 @@ -# From: @(#)Makefile 5.1 (Berkeley) 6/25/90 -# $Id: Makefile,v 1.3 1995/07/18 16:37:57 mark Exp $ - -PROG= klist -CFLAGS+=-DKERBEROS -DDEBUG -I${.CURDIR}/../include -Wall -DPADD= ${LIBKRB} ${LIBDES} -LDADD= -L${KRBOBJDIR} -lkrb -ldes -BINDIR= /usr/bin -MAN1= klist.1 - -.include diff --git a/eBones/klist/klist.1 b/eBones/klist/klist.1 deleted file mode 100644 index af7e31a..0000000 --- a/eBones/klist/klist.1 +++ /dev/null @@ -1,84 +0,0 @@ -.\" from: klist.1,v 4.8 89/01/24 14:35:09 jtkohl Exp $ -.\" $Id: klist.1,v 1.1.1.1 1994/09/30 14:50:06 csgr Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file . -.\" -.TH KLIST 1 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -klist \- list currently held Kerberos tickets -.SH SYNOPSIS -.B klist -[ -\fB\-s \fR|\fB \-t\fR -] [ -.B \-file -name ] [ -.B \-srvtab -] -.br -.SH DESCRIPTION -.I klist -prints the name of the tickets file and the -identity of the principal the tickets are for (as listed in the -tickets file), and -lists the principal names of all Kerberos tickets currently held by -the user, along with the issue and expire time for each authenticator. -Principal names are listed in the form -.I name.instance@realm, -with the '.' omitted if the instance is null, -and the '@' omitted if the realm is null. - -If given the -.B \-s -option, -.I klist -does not print the issue and expire times, the name of the tickets file, -or the identity of the principal. - -If given the -.B \-t -option, -.B klist -checks for the existence of a non-expired ticket-granting-ticket in the -ticket file. If one is present, it exits with status 0, else it exits -with status 1. No output is generated when this option is specified. - -If given the -.B \-file -option, the following argument is used as the ticket file. -Otherwise, if the -.B KRBTKFILE -environment variable is set, it is used. -If this environment variable -is not set, the file -.B /tmp/tkt[uid] -is used, where -.B uid -is the current user-id of the user. - -If given the -.B \-srvtab -option, the file is treated as a service key file, and the names of the -keys contained therein are printed. If no file is -specified with a -.B \-file -option, the default is -.IR /etc/kerberosIV/srvtab . -.SH FILES -.TP 2i -/etc/kerberosIV/krb.conf -to get the name of the local realm -.TP -/tmp/tkt[uid] -as the default ticket file ([uid] is the decimal UID of the user). -.TP -/etc/kerberosIV/srvtab -as the default service key file -.SH SEE ALSO -.PP -kerberos(1), kinit(1), kdestroy(1) -.SH BUGS -When reading a file as a service key file, very little sanity or error -checking is performed. diff --git a/eBones/klist/klist.c b/eBones/klist/klist.c deleted file mode 100644 index 0927dcb..0000000 --- a/eBones/klist/klist.c +++ /dev/null @@ -1,288 +0,0 @@ -/* - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. - * For copying and distribution information, please see the file - * . - * - * Lists your current Kerberos tickets. - * Written by Bill Sommerfeld, MIT Project Athena. - * - * from: klist.c,v 4.15 89/08/30 11:19:16 jtkohl Exp $ - * $Id: klist.c,v 1.3 1995/07/18 16:37:59 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: klist.c,v 1.3 1995/07/18 16:37:59 mark Exp $"; -#endif lint -#endif - -#include -#include -#include -#include -#include -#include -#include -#include - -int ok_getst(int fd, char *s, int n); -void display_srvtab(char *file); -char *short_date(long *dp); -void usage(void); -void display_tktfile(char *file, int tgt_test, int long_form); - -char *whoami; /* What was I invoked as?? */ - -extern char *krb_err_txt[]; - -/* ARGSUSED */ -int -main(argc, argv) - int argc; - char **argv; -{ - int long_form = 1; - int tgt_test = 0; - int do_srvtab = 0; - char *tkt_file = NULL; - char *cp; - - whoami = (cp = rindex(*argv, '/')) ? cp + 1 : *argv; - - while (*(++argv)) { - if (!strcmp(*argv, "-s")) { - long_form = 0; - continue; - } - if (!strcmp(*argv, "-t")) { - tgt_test = 1; - long_form = 0; - continue; - } - if (!strcmp(*argv, "-l")) { /* now default */ - continue; - } - if (!strcmp(*argv, "-file")) { - if (*(++argv)) { - tkt_file = *argv; - continue; - } else - usage(); - } - if (!strcmp(*argv, "-srvtab")) { - if (tkt_file == NULL) /* if no other file spec'ed, - set file to default srvtab */ - tkt_file = KEYFILE; - do_srvtab = 1; - continue; - } - usage(); - } - - if (do_srvtab) - display_srvtab(tkt_file); - else - display_tktfile(tkt_file, tgt_test, long_form); - exit(0); -} - -void -display_tktfile(file, tgt_test, long_form) -char *file; -int tgt_test, long_form; -{ - char pname[ANAME_SZ]; - char pinst[INST_SZ]; - char prealm[REALM_SZ]; - char buf1[20], buf2[20]; - int k_errno; - CREDENTIALS c; - int header = 1; - - if ((file == NULL) && ((file = getenv("KRBTKFILE")) == NULL)) - file = TKT_FILE; - - if (long_form) - printf("Ticket file: %s\n", file); - - /* - * Since krb_get_tf_realm will return a ticket_file error, - * we will call tf_init and tf_close first to filter out - * things like no ticket file. Otherwise, the error that - * the user would see would be - * klist: can't find realm of ticket file: No ticket file (tf_util) - * instead of - * klist: No ticket file (tf_util) - */ - - /* Open ticket file */ - if ((k_errno = tf_init(file, R_TKT_FIL))) { - if (!tgt_test) - fprintf(stderr, "%s: %s\n", whoami, krb_err_txt[k_errno]); - exit(1); - } - /* Close ticket file */ - (void) tf_close(); - - /* - * We must find the realm of the ticket file here before calling - * tf_init because since the realm of the ticket file is not - * really stored in the principal section of the file, the - * routine we use must itself call tf_init and tf_close. - */ - if ((k_errno = krb_get_tf_realm(file, prealm)) != KSUCCESS) { - if (!tgt_test) - fprintf(stderr, "%s: can't find realm of ticket file: %s\n", - whoami, krb_err_txt[k_errno]); - exit(1); - } - - /* Open ticket file */ - if ((k_errno = tf_init(file, R_TKT_FIL))) { - if (!tgt_test) - fprintf(stderr, "%s: %s\n", whoami, krb_err_txt[k_errno]); - exit(1); - } - /* Get principal name and instance */ - if ((k_errno = tf_get_pname(pname)) || - (k_errno = tf_get_pinst(pinst))) { - if (!tgt_test) - fprintf(stderr, "%s: %s\n", whoami, krb_err_txt[k_errno]); - exit(1); - } - - /* - * You may think that this is the obvious place to get the - * realm of the ticket file, but it can't be done here as the - * routine to do this must open the ticket file. This is why - * it was done before tf_init. - */ - - if (!tgt_test && long_form) - printf("Principal:\t%s%s%s%s%s\n\n", pname, - (pinst[0] ? "." : ""), pinst, - (prealm[0] ? "@" : ""), prealm); - while ((k_errno = tf_get_cred(&c)) == KSUCCESS) { - if (!tgt_test && long_form && header) { - printf("%-15s %-15s %s\n", - " Issued", " Expires", " Principal"); - header = 0; - } - if (tgt_test) { - c.issue_date += ((unsigned char) c.lifetime) * 5 * 60; - if (!strcmp(c.service, TICKET_GRANTING_TICKET) && - !strcmp(c.instance, prealm)) { - if (time(0) < c.issue_date) - exit(0); /* tgt hasn't expired */ - else - exit(1); /* has expired */ - } - continue; /* not a tgt */ - } - if (long_form) { - (void) strcpy(buf1, short_date(&c.issue_date)); - c.issue_date += ((unsigned char) c.lifetime) * 5 * 60; - (void) strcpy(buf2, short_date(&c.issue_date)); - printf("%s %s ", buf1, buf2); - } - printf("%s%s%s%s%s\n", - c.service, (c.instance[0] ? "." : ""), c.instance, - (c.realm[0] ? "@" : ""), c.realm); - } - if (tgt_test) - exit(1); /* no tgt found */ - if (header && long_form && k_errno == EOF) { - printf("No tickets in file.\n"); - } -} - -char * -short_date(dp) - long *dp; -{ - register char *cp; - extern char *ctime(); - cp = ctime(dp) + 4; - cp[15] = '\0'; - return (cp); -} - -void -usage() -{ - fprintf(stderr, - "Usage: %s [ -s | -t ] [ -file filename ] [ -srvtab ]\n", whoami); - exit(1); -} - -void -display_srvtab(file) -char *file; -{ - int stab; - char serv[SNAME_SZ]; - char inst[INST_SZ]; - char rlm[REALM_SZ]; - unsigned char key[8]; - unsigned char vno; - int count; - - printf("Server key file: %s\n", file); - - if ((stab = open(file, O_RDONLY, 0400)) < 0) { - perror(file); - exit(1); - } - printf("%-15s %-15s %-10s %s\n","Service","Instance","Realm", - "Key Version"); - printf("------------------------------------------------------\n"); - - /* argh. getst doesn't return error codes, it silently fails */ - while (((count = ok_getst(stab, serv, SNAME_SZ)) > 0) - && ((count = ok_getst(stab, inst, INST_SZ)) > 0) - && ((count = ok_getst(stab, rlm, REALM_SZ)) > 0)) { - if (((count = read(stab,(char *) &vno,1)) != 1) || - ((count = read(stab,(char *) key,8)) != 8)) { - if (count < 0) - perror("reading from key file"); - else - fprintf(stderr, "key file truncated\n"); - exit(1); - } - printf("%-15s %-15s %-15s %d\n",serv,inst,rlm,vno); - } - if (count < 0) - perror(file); - (void) close(stab); -} - -/* adapted from getst() in librkb */ -/* - * ok_getst() takes a file descriptor, a string and a count. It reads - * from the file until either it has read "count" characters, or until - * it reads a null byte. When finished, what has been read exists in - * the given string "s". If "count" characters were actually read, the - * last is changed to a null, so the returned string is always null- - * terminated. ok_getst() returns the number of characters read, including - * the null terminator. - * - * If there is a read error, it returns -1 (like the read(2) system call) - */ - -int -ok_getst(fd, s, n) - int fd; - register char *s; - int n; -{ - register count = n; - int err; - while ((err = read(fd, s, 1)) > 0 && --count) - if (*s++ == '\0') - return (n - count); - if (err < 0) - return(-1); - *s = '\0'; - return (n - count); -} diff --git a/eBones/kprop/Makefile b/eBones/kprop/Makefile deleted file mode 100644 index 636eaa4..0000000 --- a/eBones/kprop/Makefile +++ /dev/null @@ -1,11 +0,0 @@ -# From: @(#)Makefile 5.1 (Berkeley) 6/25/90 -# $Id: Makefile,v 1.1.1.1 1995/08/03 07:36:18 mark Exp $ - -PROG= kprop -CFLAGS+=-I${.CURDIR}/../include -Wall -DPADD= ${LIBKRB} -LDADD= -L${KRBOBJDIR} -lkrb -ldes -BINDIR= /usr/sbin -NOMAN= noman - -.include diff --git a/eBones/kprop/kprop.c b/eBones/kprop/kprop.c deleted file mode 100644 index 23bb893..0000000 --- a/eBones/kprop/kprop.c +++ /dev/null @@ -1,637 +0,0 @@ -/* - * - * Copyright 1987 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, - * please see the file . - * - * $Revision: 1.1.1.1 $ - * $Date: 1995/08/03 07:36:18 $ - * $State: Exp $ - * $Source: /usr/cvs/src/eBones/kprop/kprop.c,v $ - * $Author: mark $ - * $Locker: $ - * - * $Log: kprop.c,v $ - * Revision 1.1.1.1 1995/08/03 07:36:18 mark - * Import an updated revision of the MIT kprop program for distributing - * kerberos databases to slave servers. - * - * NOTE: This method was abandoned by MIT long ago, this code is close to - * garbage, but it is slightly more secure than using rdist. - * There is no documentation available on how to use it, and - * it should -not- be built by default. - * - * Obtained from: MIT Project Athena - * - * Revision 1.1.1.1 1995/08/02 22:11:44 pst - * Import an updated revision of the MIT kprop program for distributing - * kerberos databases to slave servers. - * - * NOTE: This method was abandoned by MIT long ago, this code is close to - * garbage, but it is slightly more secure than using rdist. - * There is no documentation available on how to use it, and - * it should -not- be built by default. - * - * Obtained from: MIT Project Athena - * - * Revision 4.7 92/11/10 23:01:06 tytso - * Removed incompatible #include - * - * Revision 4.6 91/02/28 22:49:34 probe - * Fixed header file inclusion - * - * Revision 4.5 90/03/20 15:37:57 jon - * Stop kpropd port number from being bashed (static buffers) - * Programmer: jtkohl - * Auditor: jon - * - * Revision 4.4 90/01/02 13:42:40 jtkohl - * add back in accidentally deleted $ in rcsid string - * - * Revision 4.3 89/12/30 21:22:27 qjb - * Added #define MAXHOSTNAMELEN if not already defined for the benifit - * of Unixes that don't have this variable in sys/param.h. - * - * Revision 4.2 89/03/23 10:23:43 jtkohl - * fix misuse of mkstemp to use mktemp - * NOENCRYPTION changes - * - * Revision 4.1 89/01/24 20:35:17 root - * name change - * - * Revision 4.0 89/01/24 18:44:38 wesommer - * Original version; programmer: wesommer - * auditor: jon. - * - * Revision 4.4 88/01/08 18:05:21 jon - * formating changes and rcs header info - * - * - */ - -#if 0 -#ifndef lint -static char rcsid_kprop_c[] = -"$Id: kprop.c,v 1.1.1.1 1995/08/03 07:36:18 mark Exp $"; -#endif lint -#endif - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "kprop.h" - -/* for those broken Unixes without this defined... should be in sys/param.h */ -#ifndef MAXHOSTNAMELEN -#define MAXHOSTNAMELEN 64 -#endif - -static char kprop_version[KPROP_PROT_VERSION_LEN] = KPROP_PROT_VERSION; - -int debug = 0; - -char my_realm[REALM_SZ]; -int princ_data_size = 3 * sizeof(long) + 3 * sizeof(unsigned char); -short transfer_mode, net_transfer_mode; -int force_flag; -static char ok[] = ".dump_ok"; - -extern char *krb_get_phost(char *); - -struct slave_host { - u_long net_addr; - char *name; - char *instance; - char *realm; - int not_time_yet; - int succeeded; - struct slave_host *next; -}; - -void Death(char *s); -int get_slaves(struct slave_host **psl, char *file, time_t ok_mtime); -int prop_to_slaves(struct slave_host *sl, int fd, char *fslv); - -int -main(argc, argv) - int argc; - char *argv[]; -{ - int fd, i; - char *floc, *floc_ok; - char *fslv; - struct stat stbuf, stbuf_ok; - long l_init, l_final; - char *pc; - int l_diff; - static struct slave_host *slave_host_list = NULL; - struct slave_host *sh; - - transfer_mode = KPROP_TRANSFER_PRIVATE; - - time(&l_init); - pc = ctime(&l_init); - pc[strlen(pc) - 1] = '\0'; - printf("\nStart slave propagation: %s\n", pc); - - floc = (char *) NULL; - fslv = (char *) NULL; - - if (krb_get_lrealm(my_realm,1) != KSUCCESS) - Death ("Getting my kerberos realm. Check krb.conf"); - - for (i = 1; i < argc; i++) - switch (argv[i][0]) { - case '-': - if (strcmp (argv[i], "-private") == 0) - transfer_mode = KPROP_TRANSFER_PRIVATE; -#ifdef not_safe_yet - else if (strcmp (argv[i], "-safe") == 0) - transfer_mode = KPROP_TRANSFER_SAFE; - else if (strcmp (argv[i], "-clear") == 0) - transfer_mode = KPROP_TRANSFER_CLEAR; -#endif - else if (strcmp (argv[i], "-realm") == 0) { - i++; - if (i < argc) - strcpy(my_realm, argv[i]); - else - goto usage; - } else if (strcmp (argv[i], "-force") == 0) - force_flag++; - else { - fprintf (stderr, "kprop: unknown control argument %s.\n", - argv[i]); - exit (1); - } - break; - default: - /* positional arguments are marginal at best ... */ - if (floc == (char *) NULL) - floc = argv[i]; - else { - if (fslv == (char *) NULL) - fslv = argv[i]; - else { - usage: - /* already got floc and fslv, what is this? */ - fprintf(stderr, - "\nUsage: kprop [-force] [-realm realm] [-private|-safe|-clear] data_file slaves_file\n\n"); - exit(1); - } - } - } - if ((floc == (char *)NULL) || (fslv == (char *)NULL)) - goto usage; - - if ((floc_ok = (char *) malloc(strlen(floc) + strlen(ok) + 1)) - == NULL) { - Death(floc); - } - strcat(strcpy(floc_ok, floc), ok); - - if ((fd = open(floc, O_RDONLY)) < 0) { - Death(floc); - } - if (flock(fd, LOCK_EX | LOCK_NB)) { - Death(floc); - } - if (stat(floc, &stbuf)) { - Death(floc); - } - if (stat(floc_ok, &stbuf_ok)) { - Death(floc_ok); - } - if (stbuf.st_mtime > stbuf_ok.st_mtime) { - fprintf(stderr, "kprop: '%s' more recent than '%s'.\n", - floc, floc_ok); - exit(1); - } - if (!get_slaves(&slave_host_list, fslv, stbuf_ok.st_mtime)) { - fprintf(stderr, - "kprop: can't read slave host file '%s'.\n", fslv); - exit(1); - } -#ifdef KPROP_DBG - { - struct slave_host *sh; - int i; - fprintf(stderr, "\n\n"); - fflush(stderr); - for (sh = slave_host_list; sh; sh = sh->next) { - fprintf(stderr, "slave %d: %s, %s", i++, sh->name, - inet_ntoa(sh->net_addr)); - fflush(stderr); - } - } -#endif /* KPROP_DBG */ - - if (!prop_to_slaves(slave_host_list, fd, fslv)) { - fprintf(stderr, - "kprop: propagation failed.\n"); - exit(1); - } - if (flock(fd, LOCK_UN)) { - Death(floc); - } - fprintf(stderr, "\n\n"); - for (sh = slave_host_list; sh; sh = sh->next) { - fprintf(stderr, "%s:\t\t%s\n", sh->name, - (sh->not_time_yet? "Not time yet" : (sh->succeeded ? "Succeeded" : "FAILED"))); - } - - time(&l_final); - l_diff = l_final - l_init; - printf("propagation finished, %d:%02d:%02d elapsed\n", - l_diff / 3600, (l_diff % 3600) / 60, l_diff % 60); - - exit(0); -} - -void -Death(s) - char *s; -{ - fprintf(stderr, "kprop: "); - perror(s); - exit(1); -} - -/* The master -> slave protocol looks like this: - 1) 8 byte version string - 2) 2 bytes of "transfer mode" (net byte order of course) - 3) ticket/authentication send by sendauth - 4) 4 bytes of "block" length (u_long) - 5) data - - 4 and 5 repeat til EOF ... -*/ - -int -prop_to_slaves(sl, fd, fslv) - struct slave_host *sl; - int fd; - char *fslv; -{ - char buf[KPROP_BUFSIZ]; - char obuf[KPROP_BUFSIZ + 64 /* leave room for private msg overhead */ ]; - struct servent *sp; - struct sockaddr_in sin, my_sin; - int i, n, s; - struct slave_host *cs; /* current slave */ - char path[256], my_host_name[MAXHOSTNAMELEN], *p_my_host_name; - char kprop_service_instance[INST_SZ]; - char *pc; - u_long cksum, get_data_checksum(); - u_long length, nlength; - long kerror; - KTEXT_ST ticket; - CREDENTIALS cred; - MSG_DAT msg_dat; - static char tkstring[] = "/tmp/kproptktXXXXXX"; - - Key_schedule session_sched; - - (void) mktemp(tkstring); - krb_set_tkt_string(tkstring); - - if ((sp = getservbyname("krb_prop", "tcp")) == 0) { - fprintf(stderr, "tcp/krb_prop: service unknown.\n"); - exit(1); - } - - bzero(&sin, sizeof sin); - sin.sin_family = AF_INET; - sin.sin_port = sp->s_port; - - strcpy(path, fslv); - if ((pc = rindex(path, '/'))) { - pc += 1; - } else { - pc = path; - } - - for (i = 0; i < 5; i++) { /* try each slave five times max */ - for (cs = sl; cs; cs = cs->next) { - if (!cs->succeeded) { - if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) { - perror("kprop: socket"); - exit(1); - } - bcopy(&cs->net_addr, &sin.sin_addr, - sizeof cs->net_addr); - - if (connect(s, (struct sockaddr *) &sin, sizeof sin) < 0) { - fprintf(stderr, "%s: ", cs->name); - perror("connect"); - close(s); - continue; /*** NEXT SLAVE ***/ - } - - /* for krb_mk_{priv, safe} */ - bzero (&my_sin, sizeof my_sin); - n = sizeof my_sin; - if (getsockname (s, (struct sockaddr *) &my_sin, &n) != 0) { - fprintf (stderr, "kprop: can't get socketname."); - perror ("getsockname"); - close (s); - continue; /*** NEXT SLAVE ***/ - } - if (n != sizeof (my_sin)) { - fprintf (stderr, "kprop: can't get socketname. len"); - close (s); - continue; /*** NEXT SLAVE ***/ - } - - /* Get ticket */ - kerror = krb_mk_req (&ticket, KPROP_SERVICE_NAME, - cs->instance, cs->realm, (u_long) 0); - /* if ticket has expired try to get a new one, but - * first get a TGT ... - */ - if (kerror != MK_AP_OK) { - if (gethostname (my_host_name, sizeof(my_host_name)) != 0) { - fprintf (stderr, "%s:", cs->name); - perror ("getting my hostname"); - close (s); - break; /* next one can't work either! */ - } - /* get canonical kerberos service instance name */ - p_my_host_name = krb_get_phost (my_host_name); - /* copy it to make sure gethostbyname static doesn't - * screw us. */ - strcpy (kprop_service_instance, p_my_host_name); - kerror = krb_get_svc_in_tkt (KPROP_SERVICE_NAME, -#if 0 - kprop_service_instance, -#else - KRB_MASTER, -#endif - my_realm, - TGT_SERVICE_NAME, - my_realm, - 96, - KPROP_SRVTAB); - if (kerror != INTK_OK) { - fprintf (stderr, - "%s: %s. While getting initial ticket\n", - cs->name, krb_err_txt[kerror]); - close (s); - goto punt; - } - kerror = krb_mk_req (&ticket, KPROP_SERVICE_NAME, - cs->instance, cs->realm, (u_long) 0); - } - if (kerror != MK_AP_OK) { - fprintf (stderr, "%s: %s. Calling krb_mk_req.", - cs->name, krb_err_txt[kerror]); - close (s); - continue; /*** NEXT SLAVE ***/ - } - - if (write(s, kprop_version, sizeof(kprop_version)) - != sizeof(kprop_version)) { - fprintf (stderr, "%s: ", cs->name); - perror ("write (version) error"); - close (s); - continue; /*** NEXT SLAVE ***/ - } - - net_transfer_mode = htons (transfer_mode); - if (write(s, &net_transfer_mode, sizeof(net_transfer_mode)) - != sizeof(net_transfer_mode)) { - fprintf (stderr, "%s: ", cs->name); - perror ("write (transfer_mode) error"); - close (s); - continue; /*** NEXT SLAVE ***/ - } - - kerror = krb_get_cred (KPROP_SERVICE_NAME, cs->instance, - cs->realm, &cred); - if (kerror != KSUCCESS) { - fprintf (stderr, "%s: %s. Getting session key.", - cs->name, krb_err_txt[kerror]); - close (s); - continue; /*** NEXT SLAVE ***/ - } -#ifdef NOENCRYPTION - bzero((char *)session_sched, sizeof(session_sched)); -#else - if (key_sched ((C_Block *)cred.session, session_sched)) { - fprintf (stderr, "%s: can't make key schedule.", - cs->name); - close (s); - continue; /*** NEXT SLAVE ***/ - } -#endif - /* SAFE (quad_cksum) and CLEAR are just not good enough */ - cksum = 0; -#ifdef not_working_yet - if (transfer_mode != KPROP_TRANSFER_PRIVATE) { - cksum = get_data_checksum(fd, session_sched); - lseek(fd, 0L, 0); - } - else -#endif - { - struct stat st; - fstat (fd, &st); - cksum = st.st_size; - } - kerror = krb_sendauth(KOPT_DO_MUTUAL, - s, - &ticket, - KPROP_SERVICE_NAME, - cs->instance, - cs->realm, - cksum, - &msg_dat, - &cred, - session_sched, - &my_sin, - &sin, - KPROP_PROT_VERSION); - if (kerror != KSUCCESS) { - fprintf (stderr, "%s: %s. Calling krb_sendauth.", - cs->name, krb_err_txt[kerror]); - close (s); - continue; /*** NEXT SLAVE ***/ - } - - while ((n = read(fd, buf, sizeof buf))) { - if (n < 0) { - perror("input file read error"); - exit(1); - } - switch (transfer_mode) { - case KPROP_TRANSFER_PRIVATE: - case KPROP_TRANSFER_SAFE: - if (transfer_mode == KPROP_TRANSFER_PRIVATE) - length = krb_mk_priv (buf, obuf, n, - session_sched, cred.session, - &my_sin, &sin); - else - length = krb_mk_safe (buf, obuf, n, - (C_Block *)cred.session, - &my_sin, &sin); - if (length == -1) { - fprintf (stderr, "%s: %s failed.", - cs->name, - (transfer_mode == KPROP_TRANSFER_PRIVATE) - ? "krb_rd_priv" : "krb_rd_safe"); - close (s); - continue; /*** NEXT SLAVE ***/ - } - nlength = htonl(length); - if (write(s, &nlength, sizeof nlength) - != sizeof nlength) { - fprintf (stderr, "%s: ", cs->name); - perror ("write error"); - close (s); - continue; /*** NEXT SLAVE ***/ - } - if (write(s, obuf, length) != length) { - fprintf(stderr, "%s: ", cs->name); - perror("write error"); - close(s); - continue; /*** NEXT SLAVE ***/ - } - break; - case KPROP_TRANSFER_CLEAR: - if (write(s, buf, n) != n) { - fprintf(stderr, "%s: ", cs->name); - perror("write error"); - close(s); - continue; /*** NEXT SLAVE ***/ - } - break; - } - } - close(s); - cs->succeeded = 1; - fprintf(stderr, "%s: success.\n", cs->name); - strcat(strcpy(pc, cs->name), "-last-prop"); - close(creat(path, 0600)); - } - } - } -punt: - - dest_tkt(); - for (cs = sl; cs; cs = cs->next) { - if (!cs->succeeded) - return (0); /* didn't get this slave */ - } - return (1); -} - -int -get_slaves(psl, file, ok_mtime) - struct slave_host **psl; - char *file; - time_t ok_mtime; -{ - FILE *fin; - char namebuf[128], *inst; - char *pc; - struct hostent *host; - struct slave_host **th; - char path[256]; - char *ppath; - struct stat stbuf; - - if ((fin = fopen(file, "r")) == NULL) { - fprintf(stderr, "Can't open slave host file, '%s'.\n", file); - exit(-1); - } - strcpy(path, file); - if ((ppath = rindex(path, '/'))) { - ppath += 1; - } else { - ppath = path; - } - for (th = psl; fgets(namebuf, sizeof namebuf, fin); th = &(*th)->next) { - if ((pc = index(namebuf, '\n'))) { - *pc = '\0'; - } else { - fprintf(stderr, "Host name too long (>= %d chars) in '%s'.\n", - sizeof namebuf, file); - exit(-1); - } - host = gethostbyname(namebuf); - if (host == NULL) { - fprintf(stderr, "Unknown host '%s' in '%s'.\n", namebuf, file); - exit(-1); - } - (*th) = (struct slave_host *) malloc(sizeof(struct slave_host)); - if (!*th) { - fprintf(stderr, "No memory reading host list from '%s'.\n", - file); - exit(-1); - } - (*th)->name = malloc(strlen(namebuf) + 1); - if (!(*th)->name) { - fprintf(stderr, "No memory reading host list from '%s'.\n", - file); - exit(-1); - } - /* get kerberos cannonical instance name */ - strcpy((*th)->name, namebuf); - inst = krb_get_phost ((*th)->name); - (*th)->instance = malloc(strlen(inst) + 1); - if (!(*th)->instance) { - fprintf(stderr, "No memory reading host list from '%s'.\n", - file); - exit(-1); - } - strcpy((*th)->instance, inst); - /* what a concept, slave servers in different realms! */ - (*th)->realm = my_realm; - (*th)->net_addr = *(u_long *) host->h_addr; - (*th)->succeeded = 0; - (*th)->next = NULL; - strcat(strcpy(ppath, (*th)->name), "-last-prop"); - if (!force_flag && !stat(path, &stbuf) && stbuf.st_mtime > ok_mtime) { - (*th)->not_time_yet = 1; - (*th)->succeeded = 1; /* no change since last success */ - } - } - fclose(fin); - return (1); -} - -#ifdef doesnt_work_yet -u_long get_data_checksum(fd, key_sched) - int fd; - Key_schedule key_sched; -{ - unsigned long cksum = 0; - unsigned long cbc_cksum(); - int n; - char buf[BUFSIZ]; - long obuf[2]; - - while (n = read(fd, buf, sizeof buf)) { - if (n < 0) { - fprintf(stderr, "Input data file read error: "); - perror("read"); - exit(1); - } - cksum = cbc_cksum(buf, obuf, n, key_sched, key_sched); - } - return cksum; -} -#endif diff --git a/eBones/kprop/kprop.h b/eBones/kprop/kprop.h deleted file mode 100644 index 5197276..0000000 --- a/eBones/kprop/kprop.h +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Copyright 1987 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, - * please see the file . - * - * $Revision: 1.1.1.1 $ - * $Date: 1995/08/03 07:36:18 $ - * $State: Exp $ - * $Source: /usr/cvs/src/eBones/kprop/kprop.h,v $ - * $Author: mark $ - * $Locker: $ - * - * $Log: kprop.h,v $ - * Revision 1.1.1.1 1995/08/03 07:36:18 mark - * Import an updated revision of the MIT kprop program for distributing - * kerberos databases to slave servers. - * - * NOTE: This method was abandoned by MIT long ago, this code is close to - * garbage, but it is slightly more secure than using rdist. - * There is no documentation available on how to use it, and - * it should -not- be built by default. - * - * Obtained from: MIT Project Athena - * - * Revision 1.1.1.1 1995/08/02 22:11:44 pst - * Import an updated revision of the MIT kprop program for distributing - * kerberos databases to slave servers. - * - * NOTE: This method was abandoned by MIT long ago, this code is close to - * garbage, but it is slightly more secure than using rdist. - * There is no documentation available on how to use it, and - * it should -not- be built by default. - * - * Obtained from: MIT Project Athena - * - * Revision 4.1 92/10/23 15:45:13 tytso - * Change the location of KPROP_KDBUTIL to be /kerberos/bin/kdb_util. - * - * Revision 4.0 89/01/24 18:44:46 wesommer - * Original version; programmer: wesommer - * auditor: jon - * - */ - -#define KPROP_SERVICE_NAME "rcmd" -#define KPROP_SRVTAB "/etc/kerberosIV/srvtab" -#define TGT_SERVICE_NAME "krbtgt" -#define KPROP_PROT_VERSION_LEN 8 -#define KPROP_PROT_VERSION "kprop01" -#define KPROP_TRANSFER_PRIVATE 1 -#define KPROP_TRANSFER_SAFE 2 -#define KPROP_TRANSFER_CLEAR 3 -#define KPROP_BUFSIZ 32768 -#define KPROP_KDB_UTIL "/usr/sbin/kdb_util" diff --git a/eBones/kpropd/Makefile b/eBones/kpropd/Makefile deleted file mode 100644 index 59d7914..0000000 --- a/eBones/kpropd/Makefile +++ /dev/null @@ -1,11 +0,0 @@ -# From: @(#)Makefile 5.1 (Berkeley) 6/25/90 -# $Id: Makefile,v 1.1.1.1 1995/08/03 07:37:19 mark Exp $ - -PROG= kpropd -CFLAGS+=-I${.CURDIR}/../include -I${.CURDIR}/../kprop -Wall -DPADD= ${LIBKRB} -LDADD= -L${KRBOBJDIR} -lkrb -ldes -BINDIR= /usr/libexec -NOMAN= noman - -.include diff --git a/eBones/kpropd/kpropd.c b/eBones/kpropd/kpropd.c deleted file mode 100644 index 1b232df..0000000 --- a/eBones/kpropd/kpropd.c +++ /dev/null @@ -1,453 +0,0 @@ -/* - * Copyright 1987 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * MIT.Copyright. - * - * kprop/kpropd have been abandonded by Project Athena (for good reason) - * however they still form the basis for one of the better ways for - * distributing kerberos databases. This version of kpropd has been - * adapted from the MIT distribution to work properly in a 4.4BSD - * environment. - * - * $Revision: 1.1.1.1 $ $Date: 1995/08/03 07:37:19 $ $State: Exp $ - * $Source: /usr/cvs/src/eBones/kpropd/kpropd.c,v $ - * - * Log: kpropd.c,v - * Revision 4.5 92/10/23 15:45:46 tytso Make it possible - * to specify the location of the kdb_util program. - * - * Revision 4.4 91/06/15 03:20:51 probe Fixed inclusion - * - * Revision 4.3 89/05/16 15:06:04 wesommer Fix operator precedence stuff. - * Programmer: John Kohl. - * - * Revision 4.2 89/03/23 10:24:00 jtkohl NOENCRYPTION changes - * - * Revision 4.1 89/01/24 20:33:48 root name change - * - * Revision 4.0 89/01/24 18:45:06 wesommer Original version; programmer: - * wesommer auditor: jon - * - * Revision 4.5 88/01/08 18:07:46 jon formatting and rcs header changes */ - -/* - * This program is run on slave servers, to catch updates "pushed" from the - * master kerberos server in a realm. - */ - -#if 0 -#ifndef lint -static char rcsid_kpropd_c[] = -"$Header: /usr/cvs/src/eBones/kpropd/kpropd.c,v 1.1.1.1 1995/08/03 07:37:19 mark Exp $"; -#endif /* lint */ -#endif - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "kprop.h" - -static char kprop_version[KPROP_PROT_VERSION_LEN] = KPROP_PROT_VERSION; - -int debug = 0; - -int pause_int = 300; /* 5 minutes in seconds */ -unsigned long get_data_checksum(int fd, Key_schedule key_sched); -void recv_auth(int in, int out, int private, - struct sockaddr_in *remote, struct sockaddr_in *local, - AUTH_DAT *ad); -static void SlowDeath(void); -void recv_clear(int in, int out); - /* leave room for private msg overhead */ -static char buf[KPROP_BUFSIZ + 64]; - -static void -usage() -{ - fprintf(stderr, "\nUsage: kpropd [-r realm] [-s srvtab] [-P kdb_util] fname\n"); - exit(2); -} - -void -main(argc, argv) - int argc; - char **argv; -{ - struct sockaddr_in from; - struct sockaddr_in sin; - int s2, fd, n, fdlock; - int from_len; - char local_file[256]; - char local_temp[256]; - struct hostent *hp; - char hostname[256]; - char from_str[128]; - long kerror; - AUTH_DAT auth_dat; - KTEXT_ST ticket; - char my_instance[INST_SZ]; - char my_realm[REALM_SZ]; - char cmd[1024]; - short net_transfer_mode, transfer_mode; - Key_schedule session_sched; - char version[9]; - int c; - extern char *optarg; - extern int optind; - int rflag = 0; - char *srvtab = ""; - char *local_db = DBM_FILE; - char *kdb_util = KPROP_KDB_UTIL; - - if (argv[argc - 1][0] == 'k' && isdigit(argv[argc - 1][1])) { - argc--; /* ttys file hack */ - } - while ((c = getopt(argc, argv, "r:s:d:P:")) != EOF) { - switch (c) { - case 'r': - rflag++; - strcpy(my_realm, optarg); - break; - case 's': - srvtab = optarg; - break; - case 'd': - local_db = optarg; - break; - case 'P': - kdb_util = optarg; - break; - default: - usage(); - break; - } - } - if (optind != argc - 1) - usage(); - - openlog("kpropd", LOG_PID, LOG_AUTH); - - strcpy(local_file, argv[optind]); - strcat(strcpy(local_temp, argv[optind]), ".tmp"); - -#ifdef STANDALONE - - if ((sp = getservbyname("krb_prop", "tcp")) == NULL) { - syslog(LOG_ERR, "tcp/krb_prop: unknown service."); - SlowDeath(); - } - bzero(&sin, sizeof sin); - sin.sin_port = sp->s_port; - sin.sin_family = AF_INET; - - if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) { - syslog(LOG_ERR, "socket: %m"); - SlowDeath(); - } - if (bind(s, (struct sockaddr *)&sin, sizeof sin) < 0) { - syslog(LOG_ERR, "bind: %m"); - SlowDeath(); - } - -#endif /* STANDALONE */ - - if (!rflag) { - kerror = krb_get_lrealm(my_realm, 1); - if (kerror != KSUCCESS) { - syslog(LOG_ERR, "can't get local realm. %s", - krb_err_txt[kerror]); - SlowDeath(); - } - } - if (gethostname(my_instance, sizeof(my_instance)) != 0) { - syslog(LOG_ERR, "gethostname: %m"); - SlowDeath(); - } - -#ifdef STANDALONE - listen(s, 5); - for (;;) { - from_len = sizeof from; - if ((s2 = accept(s, (struct sockaddr *)&from, &from_len)) < 0) { - syslog(LOG_ERR, "accept: %m"); - continue; - } -#else /* !STANDALONE */ - - s2 = 0; - from_len = sizeof from; - if (getpeername(0, (struct sockaddr *)&from, &from_len) < 0) { - syslog(LOG_ERR, "getpeername: %m"); - SlowDeath(); - } - -#endif /* !STANDALONE */ - - strcpy(from_str, inet_ntoa(from.sin_addr)); - - if ((hp = gethostbyaddr((char *) &(from.sin_addr.s_addr), - from_len, AF_INET)) == NULL) { - strcpy(hostname, "UNKNOWN"); - } else { - strcpy(hostname, hp->h_name); - } - - syslog(LOG_INFO, "connection from %s, %s", hostname, from_str); - - /* for krb_rd_{priv, safe} */ - n = sizeof sin; - if (getsockname(s2, (struct sockaddr *)&sin, &n) != 0) { - syslog(LOG_ERR, "can't get socketname: %m"); - SlowDeath(); - } - if (n != sizeof(sin)) { - syslog(LOG_ERR, "can't get socketname (length)"); - SlowDeath(); - } - if ((fdlock = open(local_temp, O_WRONLY | O_CREAT, 0600)) < 0) { - syslog(LOG_ERR, "open: %m"); - SlowDeath(); - } - if (flock(fdlock, LOCK_EX | LOCK_NB)) { - syslog(LOG_ERR, "flock: %m"); - SlowDeath(); - } - if ((fd = creat(local_temp, 0600)) < 0) { - syslog(LOG_ERR, "creat: %m"); - SlowDeath(); - } - if ((n = read(s2, buf, sizeof(kprop_version))) - != sizeof(kprop_version)) { - syslog(LOG_ERR, - "can't read protocol version (%d bytes)", n); - SlowDeath(); - } - if (strncmp(buf, kprop_version, sizeof(kprop_version)) != 0) { - syslog(LOG_ERR, "unsupported version %s", buf); - SlowDeath(); - } - if ((n = read(s2, &net_transfer_mode, - sizeof(net_transfer_mode))) - != sizeof(net_transfer_mode)) { - syslog(LOG_ERR, "can't read transfer mode"); - SlowDeath(); - } - transfer_mode = ntohs(net_transfer_mode); - kerror = krb_recvauth(KOPT_DO_MUTUAL, s2, &ticket, - KPROP_SERVICE_NAME, - my_instance, - &from, - &sin, - &auth_dat, - srvtab, - session_sched, - version); - if (kerror != KSUCCESS) { - syslog(LOG_ERR, "%s calling getkdata", - krb_err_txt[kerror]); - SlowDeath(); - } - syslog(LOG_INFO, "connection from %s.%s@%s", - auth_dat.pname, auth_dat.pinst, auth_dat.prealm); - - /* - * AUTHORIZATION is done here. We might want to expand this - * to read an acl file at some point, but allowing for now - * KPROP_SERVICE_NAME.KRB_MASTER@local-realm is fine ... - */ - - if ((strcmp(KPROP_SERVICE_NAME, auth_dat.pname) != 0) || - (strcmp(KRB_MASTER, auth_dat.pinst) != 0) || - (strcmp(my_realm, auth_dat.prealm) != 0)) { - syslog(LOG_NOTICE, "authorization denied"); - SlowDeath(); - } - switch (transfer_mode) { - case KPROP_TRANSFER_PRIVATE: - recv_auth(s2, fd, 1 /* private */ , &from, &sin, &auth_dat); - break; - case KPROP_TRANSFER_SAFE: - recv_auth(s2, fd, 0 /* safe */ , &from, &sin, &auth_dat); - break; - case KPROP_TRANSFER_CLEAR: - recv_clear(s2, fd); - break; - default: - syslog(LOG_ERR, "bad transfer mode %d", transfer_mode); - SlowDeath(); - } - - if (transfer_mode != KPROP_TRANSFER_PRIVATE) { - syslog(LOG_ERR, "non-private transfers not supported\n"); - SlowDeath(); -#ifdef doesnt_work_yet - lseek(fd, (long) 0, L_SET); - if (auth_dat.checksum != get_data_checksum(fd, session_sched)) { - syslog(LOG_ERR, "checksum doesn't match"); - SlowDeath(); - } -#endif - } else { - struct stat st; - fstat(fd, &st); - if (st.st_size != auth_dat.checksum) { - syslog(LOG_ERR, "length doesn't match"); - SlowDeath(); - } - } - close(fd); - close(s2); - - if (rename(local_temp, local_file) < 0) { - syslog(LOG_ERR, "rename: %m"); - SlowDeath(); - } - - if (flock(fdlock, LOCK_UN)) { - syslog(LOG_ERR, "flock (unlock): %m"); - SlowDeath(); - } - close(fdlock); - sprintf(cmd, "%s load %s %s\n", kdb_util, local_file, local_db); - if (system(cmd) != 0) { - syslog(LOG_ERR, "couldn't load database"); - SlowDeath(); - } - -#ifdef STANDALONE - } -#endif - -} - -void -recv_auth(in, out, private, remote, local, ad) - int in, out; - int private; - struct sockaddr_in *remote, *local; - AUTH_DAT *ad; -{ - u_long length; - long kerror; - int n; - MSG_DAT msg_data; - Key_schedule session_sched; - - if (private) -#ifdef NOENCRYPTION - bzero((char *) session_sched, sizeof(session_sched)); -#else - if (key_sched((C_Block *)ad->session, session_sched)) { - syslog(LOG_ERR, "can't make key schedule"); - SlowDeath(); - } -#endif - - while (1) { - n = krb_net_read(in, (char *)&length, sizeof length); - if (n == 0) - break; - if (n < 0) { - syslog(LOG_ERR, "read: %m"); - SlowDeath(); - } - length = ntohl(length); - if (length > sizeof buf) { - syslog(LOG_ERR, "read length %d, bigger than buf %d", - length, sizeof buf); - SlowDeath(); - } - n = krb_net_read(in, buf, length); - if (n < 0) { - syslog(LOG_ERR, "kpropd: read: %m"); - SlowDeath(); - } - if (private) - kerror = krb_rd_priv(buf, n, session_sched, ad->session, - remote, local, &msg_data); - else - kerror = krb_rd_safe(buf, n, (C_Block *)ad->session, - remote, local, &msg_data); - if (kerror != KSUCCESS) { - syslog(LOG_ERR, "%s: %s", - private ? "krb_rd_priv" : "krb_rd_safe", - krb_err_txt[kerror]); - SlowDeath(); - } - if (write(out, msg_data.app_data, msg_data.app_length) != - msg_data.app_length) { - syslog(LOG_ERR, "write: %m"); - SlowDeath(); - } - } -} - -void -recv_clear(in, out) - int in, out; -{ - int n; - - while (1) { - n = read(in, buf, sizeof buf); - if (n == 0) - break; - if (n < 0) { - syslog(LOG_ERR, "read: %m"); - SlowDeath(); - } - if (write(out, buf, n) != n) { - syslog(LOG_ERR, "write: %m"); - SlowDeath(); - } - } -} - -static void -SlowDeath() -{ -#ifdef STANDALONE - sleep(pause_int); -#endif - exit(1); -} - -#ifdef doesnt_work_yet -unsigned long -get_data_checksum(fd, key_sched) - int fd; - Key_schedule key_sched; -{ - unsigned long cksum = 0; - unsigned long cbc_cksum(); - int n; - char buf[BUFSIZ]; - char obuf[8]; - - while (n = read(fd, buf, sizeof buf)) { - if (n < 0) { - syslog(LOG_ERR, "read (in checksum test): %m"); - SlowDeath(); - } -#ifndef NOENCRYPTION - cksum += cbc_cksum(buf, obuf, n, key_sched, key_sched); -#endif - } - return cksum; -} -#endif diff --git a/eBones/krb/Makefile b/eBones/krb/Makefile deleted file mode 100644 index b09b96b..0000000 --- a/eBones/krb/Makefile +++ /dev/null @@ -1,56 +0,0 @@ -# From: @(#)Makefile 5.1 (Berkeley) 6/25/90 -# $Id: Makefile,v 1.5 1995/07/18 16:38:02 mark Exp $ - -LIB= krb -SHLIB_MAJOR= 2 -SHLIB_MINOR= 0 -CFLAGS+=-DKERBEROS -DCRYPT -DDEBUG -I${.CURDIR}/../include -DBSD42 -Wall -SRCS= krb_err.c create_auth_reply.c create_ciph.c \ - create_death_packet.c create_ticket.c debug_decl.c decomp_ticket.c \ - des_rw.c dest_tkt.c extract_ticket.c fgetst.c get_ad_tkt.c \ - get_admhst.c get_cred.c get_in_tkt.c get_krbhst.c get_krbrlm.c \ - get_phost.c get_pw_tkt.c get_request.c get_svc_in_tkt.c \ - get_tf_fullname.c get_tf_realm.c getrealm.c getst.c in_tkt.c \ - k_gethostname.c klog.c kname_parse.c kntoln.c kparse.c \ - krb_err_txt.c krb_get_in_tkt.c kuserok.c log.c mk_err.c \ - mk_priv.c mk_req.c mk_safe.c month_sname.c \ - netread.c netwrite.c one.c pkt_cipher.c pkt_clen.c rd_err.c \ - rd_priv.c rd_req.c rd_safe.c read_service_key.c recvauth.c \ - save_credentials.c send_to_kdc.c sendauth.c stime.c tf_util.c \ - tkt_string.c util.c - -TDIR= ${.CURDIR}/.. -krb_err.c krb_err.h: krb_err.et - test -e krb_err.et || ln -s ${.CURDIR}/krb_err.et . - ${COMPILE_ET} krb_err.et -LDADD+= -lcom_err - -beforeinstall: - -cd ${.OBJDIR}; cmp -s krb_err.h \ - ${DESTDIR}/usr/include/kerberosIV/krb_err.h || \ - install -c -o ${BINOWN} -g ${BINGRP} -m 444 krb_err.h \ - ${DESTDIR}/usr/include/kerberosIV - -MAN3= krb.3 krb_realmofhost.3 krb_sendauth.3 krb_set_tkt_string.3 \ - kuserok.3 tf_util.3 - -MLINKS= krb.3 krb_mk_req.3 krb.3 krb_rd_req.3 krb.3 krb_kntoln.3 \ - krb.3 krb_set_key.3 krb.3 krb_get_cred.3 krb.3 krb_mk_priv.3 \ - krb.3 krb_rd_priv.3 krb.3 krb_mk_safe.3 krb.3 krb_rd_safe.3 \ - krb.3 krb_mk_err.3 krb.3 krb_rd_err.3 krb.3 krb_ck_repl.3 - -MLINKS+=krb_realmofhost.3 krb_get_phost.3 krb_realmofhost.3 krb_get_krbhst.3 \ - krb_realmofhost.3 krb_get_admhst.3 krb_realmofhost.3 krb_get_lrealm.3 - -MLINKS+=krb_realmofhost.3 realm.3 - -MLINKS+=krb_sendauth.3 krb_recvauth.3 krb_sendauth.3 krb_net_write.3 \ - krb_sendauth.3 krb_net_read.3 - -MLINKS+=krb_sendauth.3 ksend.3 - -MLINKS+=tf_util.3 tf_init.3 tf_util.3 tf_get_pname.3 \ - tf_util.3 tf_get_pinst.3 tf_util.3 tf_get_cred.3 \ - tf_util.3 tf_close.3 - -.include diff --git a/eBones/krb/add_ticket.c b/eBones/krb/add_ticket.c deleted file mode 100644 index 14ef47c..0000000 --- a/eBones/krb/add_ticket.c +++ /dev/null @@ -1,91 +0,0 @@ -/* - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * For copying and distribution information, please see the file - * . - * - * from: add_ticket.c,v 4.7 88/10/07 06:06:26 shanzer Exp $ - * $Id: add_ticket.c,v 1.3 1995/07/18 16:38:04 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: add_ticket.c,v 1.3 1995/07/18 16:38:04 mark Exp $"; -#endif /* lint */ -#endif - -#include -#include -#include - -/* - * This routine is now obsolete. It used to be possible to request - * more than one ticket at a time from the authentication server, and - * it looks like this routine was used by the server to package the - * tickets to be returned to the client. - */ - -/* - * This routine adds a new ticket to the ciphertext to be returned to - * the client. The routine takes the ciphertext (which doesn't get - * encrypted till later), the number of the ticket (i.e. 1st, 2nd, - * etc) the session key which goes in the ticket and is sent back to - * the user, the lifetime for the ticket, the service name, the - * instance, the realm, the key version number, and the ticket itself. - * - * This routine returns 0 (KSUCCESS) on success, and 1 (KFAILURE) on - * failure. On failure, which occurs when there isn't enough room - * for the ticket, a 0 length ticket is added. - * - * Notes: This routine must be called with successive values of n. - * i.e. the ticket must be added in order. The corresponding routine - * on the client side is extract ticket. - */ - -/* XXX they aren't all used; to avoid incompatible changes we will - * fool lint for the moment */ -/*ARGSUSED */ -int -add_ticket(cipher,n,session,lifetime,sname,instance,realm,kvno,ticket) - KTEXT cipher; /* Ciphertext info for ticket */ - char *sname; /* Service name */ - char *instance; /* Instance */ - int n; /* Relative position of this ticket */ - char *session; /* Session key for this tkt */ - int lifetime; /* Lifetime of this ticket */ - char *realm; /* Realm in which ticket is valid */ - int kvno; /* Key version number of service key */ - KTEXT ticket; /* The ticket itself */ -{ - - /* Note, the 42 is a temporary hack; it will have to be changed. */ - - /* Begin check of ticket length */ - if ((cipher->length + ticket->length + 4 + 42 + - (*(cipher->dat)+1-n)*(11+strlen(realm))) > - MAX_KTXT_LEN) { - bcopy(session,(char *)(cipher->dat+cipher->length),8); - *(cipher->dat+cipher->length+8) = (char) lifetime; - *(cipher->dat+cipher->length+9) = (char) kvno; - (void) strcpy((char *)(cipher->dat+cipher->length+10),realm); - cipher->length += 11 + strlen(realm); - *(cipher->dat+n) = 0; - return(KFAILURE); - } - /* End check of ticket length */ - - /* Add the session key, lifetime, kvno, ticket to the ciphertext */ - bcopy(session,(char *)(cipher->dat+cipher->length),8); - *(cipher->dat+cipher->length+8) = (char) lifetime; - *(cipher->dat+cipher->length+9) = (char) kvno; - (void) strcpy((char *)(cipher->dat+cipher->length+10),realm); - cipher->length += 11 + strlen(realm); - bcopy((char *)(ticket->dat),(char *)(cipher->dat+cipher->length), - ticket->length); - cipher->length += ticket->length; - - /* Set the ticket length at beginning of ciphertext */ - *(cipher->dat+n) = ticket->length; - return(KSUCCESS); -} diff --git a/eBones/krb/create_auth_reply.c b/eBones/krb/create_auth_reply.c deleted file mode 100644 index e304b17..0000000 --- a/eBones/krb/create_auth_reply.c +++ /dev/null @@ -1,118 +0,0 @@ -/* - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * For copying and distribution information, please see the file - * . - * - * from: create_auth_reply.c,v 4.10 89/01/13 17:47:38 steiner Exp $ - * $Id: create_auth_reply.c,v 1.3 1995/07/18 16:38:06 mark Exp $ - */ - -#if 0 -#ifndef lint -static char *rcsid = -"$Id: create_auth_reply.c,v 1.3 1995/07/18 16:38:06 mark Exp $"; -#endif /* lint */ -#endif - -#include -#include -#include - -/* - * This routine is called by the Kerberos authentication server - * to create a reply to an authentication request. The routine - * takes the user's name, instance, and realm, the client's - * timestamp, the number of tickets, the user's key version - * number and the ciphertext containing the tickets themselves. - * It constructs a packet and returns a pointer to it. - * - * Notes: The packet returned by this routine is static. Thus, if you - * intend to keep the result beyond the next call to this routine, you - * must copy it elsewhere. - * - * The packet is built in the following format: - * - * variable - * type or constant data - * ---- ----------- ---- - * - * unsigned char KRB_PROT_VERSION protocol version number - * - * unsigned char AUTH_MSG_KDC_REPLY protocol message type - * - * [least significant HOST_BYTE_ORDER sender's (server's) byte - * bit of above field] order - * - * string pname principal's name - * - * string pinst principal's instance - * - * string prealm principal's realm - * - * unsigned long time_ws client's timestamp - * - * unsigned char n number of tickets - * - * unsigned long x_date expiration date - * - * unsigned char kvno master key version - * - * short w_1 cipher length - * - * --- cipher->dat cipher data - */ - -KTEXT -create_auth_reply(pname,pinst,prealm,time_ws,n,x_date,kvno,cipher) - char *pname; /* Principal's name */ - char *pinst; /* Principal's instance */ - char *prealm; /* Principal's authentication domain */ - long time_ws; /* Workstation time */ - int n; /* Number of tickets */ - unsigned long x_date; /* Principal's expiration date */ - int kvno; /* Principal's key version number */ - KTEXT cipher; /* Cipher text with tickets and - * session keys */ -{ - static KTEXT_ST pkt_st; - KTEXT pkt = &pkt_st; - unsigned char *v = pkt->dat; /* Prot vers number */ - unsigned char *t = (pkt->dat+1); /* Prot message type */ - short w_l; /* Cipher length */ - - /* Create fixed part of packet */ - *v = (unsigned char) KRB_PROT_VERSION; - *t = (unsigned char) AUTH_MSG_KDC_REPLY; - *t |= HOST_BYTE_ORDER; - - if (n != 0) - *v = 3; - - /* Add the basic info */ - (void) strcpy((char *) (pkt->dat+2), pname); - pkt->length = 3 + strlen(pname); - (void) strcpy((char *) (pkt->dat+pkt->length),pinst); - pkt->length += 1 + strlen(pinst); - (void) strcpy((char *) (pkt->dat+pkt->length),prealm); - pkt->length += 1 + strlen(prealm); - /* Workstation timestamp */ - bcopy((char *) &time_ws, (char *) (pkt->dat+pkt->length), 4); - pkt->length += 4; - *(pkt->dat+(pkt->length)++) = (unsigned char) n; - /* Expiration date */ - bcopy((char *) &x_date, (char *) (pkt->dat+pkt->length),4); - pkt->length += 4; - - /* Now send the ciphertext and info to help decode it */ - *(pkt->dat+(pkt->length)++) = (unsigned char) kvno; - w_l = (short) cipher->length; - bcopy((char *) &w_l,(char *) (pkt->dat+pkt->length),2); - pkt->length += 2; - bcopy((char *) (cipher->dat), (char *) (pkt->dat+pkt->length), - cipher->length); - pkt->length += cipher->length; - - /* And return the packet */ - return pkt; -} diff --git a/eBones/krb/create_ciph.c b/eBones/krb/create_ciph.c deleted file mode 100644 index 7fb93e3..0000000 --- a/eBones/krb/create_ciph.c +++ /dev/null @@ -1,112 +0,0 @@ -/* - * Copyright 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * For copying and distribution information, please see the file - * . - * - * from: create_ciph.c,v 4.8 89/05/18 21:24:26 jis Exp $ - * $Id: create_ciph.c,v 1.3 1995/07/18 16:38:07 mark Exp $ - */ - -#if 0 -#ifndef lint -static char *rcsid = -"$Id: create_ciph.c,v 1.3 1995/07/18 16:38:07 mark Exp $"; -#endif /* lint */ -#endif - -#include -#include -#include - -/* - * This routine is used by the authentication server to create - * a packet for its client, containing a ticket for the requested - * service (given in "tkt"), and some information about the ticket, - * - * Returns KSUCCESS no matter what. - * - * The length of the cipher is stored in c->length; the format of - * c->dat is as follows: - * - * variable - * type or constant data - * ---- ----------- ---- - * - * - * 8 bytes session session key for client, service - * - * string service service name - * - * string instance service instance - * - * string realm KDC realm - * - * unsigned char life ticket lifetime - * - * unsigned char kvno service key version number - * - * unsigned char tkt->length length of following ticket - * - * data tkt->dat ticket for service - * - * 4 bytes kdc_time KDC's timestamp - * - * <=7 bytes null null pad to 8 byte multiple - * - */ - -int -create_ciph(c, session, service, instance, realm, life, kvno, tkt, - kdc_time, key) - KTEXT c; /* Text block to hold ciphertext */ - C_Block session; /* Session key to send to user */ - char *service; /* Service name on ticket */ - char *instance; /* Instance name on ticket */ - char *realm; /* Realm of this KDC */ - unsigned long life; /* Lifetime of the ticket */ - int kvno; /* Key version number for service */ - KTEXT tkt; /* The ticket for the service */ - unsigned long kdc_time; /* KDC time */ - C_Block key; /* Key to encrypt ciphertext with */ -{ - char *ptr; - Key_schedule key_s; - - ptr = (char *) c->dat; - - bcopy((char *) session, ptr, 8); - ptr += 8; - - (void) strcpy(ptr,service); - ptr += strlen(service) + 1; - - (void) strcpy(ptr,instance); - ptr += strlen(instance) + 1; - - (void) strcpy(ptr,realm); - ptr += strlen(realm) + 1; - - *(ptr++) = (unsigned char) life; - *(ptr++) = (unsigned char) kvno; - *(ptr++) = (unsigned char) tkt->length; - - bcopy((char *)(tkt->dat),ptr,tkt->length); - ptr += tkt->length; - - bcopy((char *) &kdc_time,ptr,4); - ptr += 4; - - /* guarantee null padded encrypted data to multiple of 8 bytes */ - bzero(ptr, 7); - - c->length = (((ptr - (char *) c->dat) + 7) / 8) * 8; - -#ifndef NOENCRYPTION - key_sched((C_Block *)key,key_s); - pcbc_encrypt((C_Block *)c->dat,(C_Block *)c->dat,(long) c->length,key_s, - (C_Block *)key,ENCRYPT); -#endif /* NOENCRYPTION */ - - return(KSUCCESS); -} diff --git a/eBones/krb/create_death_packet.c b/eBones/krb/create_death_packet.c deleted file mode 100644 index bdc0e34..0000000 --- a/eBones/krb/create_death_packet.c +++ /dev/null @@ -1,65 +0,0 @@ -/* - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * For copying and distribution information, please see the file - * . - * - * from: create_death_packet.c,v 4.9 89/01/17 16:05:59 rfrench Exp $ - * $Id: create_death_packet.c,v 1.3 1995/07/18 16:38:09 mark Exp $ - */ - -#if 0 -#ifndef lint -static char *rcsid = -"$Id: create_death_packet.c,v 1.3 1995/07/18 16:38:09 mark Exp $"; -#endif /* lint */ -#endif - -#include -#include -#include - -/* - * This routine creates a packet to type AUTH_MSG_DIE which is sent to - * the Kerberos server to make it shut down. It is used only in the - * development environment. - * - * It takes a string "a_name" which is sent in the packet. A pointer - * to the packet is returned. - * - * The format of the killer packet is: - * - * type variable data - * or constant - * ---- ----------- ---- - * - * unsigned char KRB_PROT_VERSION protocol version number - * - * unsigned char AUTH_MSG_DIE message type - * - * [least significant HOST_BYTE_ORDER byte order of sender - * bit of above field] - * - * string a_name presumably, name of - * principal sending killer - * packet - */ - -#ifdef DEBUG -KTEXT -krb_create_death_packet(a_name) - char *a_name; -{ - static KTEXT_ST pkt_st; - KTEXT pkt = &pkt_st; - - unsigned char *v = pkt->dat; - unsigned char *t = (pkt->dat+1); - *v = (unsigned char) KRB_PROT_VERSION; - *t = (unsigned char) AUTH_MSG_DIE; - *t |= HOST_BYTE_ORDER; - (void) strcpy((char *) (pkt->dat+2),a_name); - pkt->length = 3 + strlen(a_name); - return pkt; -} -#endif /* DEBUG */ diff --git a/eBones/krb/create_ticket.c b/eBones/krb/create_ticket.c deleted file mode 100644 index e1d6974..0000000 --- a/eBones/krb/create_ticket.c +++ /dev/null @@ -1,132 +0,0 @@ -/* - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * For copying and distribution information, please see the file - * . - * - * from: create_ticket.c,v 4.11 89/03/22 14:43:23 jtkohl Exp $ - * $Id: create_ticket.c,v 1.3 1995/07/18 16:38:12 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: create_ticket.c,v 1.3 1995/07/18 16:38:12 mark Exp $"; -#endif /* lint */ -#endif - -#include -#include -#include -#include -#include - -/* - * Create ticket takes as arguments information that should be in a - * ticket, and the KTEXT object in which the ticket should be - * constructed. It then constructs a ticket and returns, leaving the - * newly created ticket in tkt. - * The length of the ticket is a multiple of - * eight bytes and is in tkt->length. - * - * If the ticket is too long, the ticket will contain nulls. - * The return value of the routine is undefined. - * - * The corresponding routine to extract information from a ticket it - * decomp_ticket. When changes are made to this routine, the - * corresponding changes should also be made to that file. - * - * The packet is built in the following format: - * - * variable - * type or constant data - * ---- ----------- ---- - * - * tkt->length length of ticket (multiple of 8 bytes) - * - * tkt->dat: - * - * unsigned char flags namely, HOST_BYTE_ORDER - * - * string pname client's name - * - * string pinstance client's instance - * - * string prealm client's realm - * - * 4 bytes paddress client's address - * - * 8 bytes session session key - * - * 1 byte life ticket lifetime - * - * 4 bytes time_sec KDC timestamp - * - * string sname service's name - * - * string sinstance service's instance - * - * <=7 bytes null null pad to 8 byte multiple - * - */ - -int krb_create_ticket(tkt, flags, pname, pinstance, prealm, paddress, - session, life, time_sec, sname, sinstance, key) - KTEXT tkt; /* Gets filled in by the ticket */ - unsigned char flags; /* Various Kerberos flags */ - char *pname; /* Principal's name */ - char *pinstance; /* Principal's instance */ - char *prealm; /* Principal's authentication domain */ - long paddress; /* Net address of requesting entity */ - char *session; /* Session key inserted in ticket */ - short life; /* Lifetime of the ticket */ - long time_sec; /* Issue time and date */ - char *sname; /* Service Name */ - char *sinstance; /* Instance Name */ - C_Block key; /* Service's secret key */ -{ - Key_schedule key_s; - register char *data; /* running index into ticket */ - - tkt->length = 0; /* Clear previous data */ - flags |= HOST_BYTE_ORDER; /* ticket byte order */ - bcopy((char *) &flags,(char *) (tkt->dat),sizeof(flags)); - data = ((char *)tkt->dat) + sizeof(flags); - (void) strcpy(data, pname); - data += 1 + strlen(pname); - (void) strcpy(data, pinstance); - data += 1 + strlen(pinstance); - (void) strcpy(data, prealm); - data += 1 + strlen(prealm); - bcopy((char *) &paddress, data, 4); - data += 4; - - bcopy((char *) session, data, 8); - data += 8; - *(data++) = (char) life; - /* issue time */ - bcopy((char *) &time_sec, data, 4); - data += 4; - (void) strcpy(data, sname); - data += 1 + strlen(sname); - (void) strcpy(data, sinstance); - data += 1 + strlen(sinstance); - - /* guarantee null padded ticket to multiple of 8 bytes */ - bzero(data, 7); - tkt->length = ((data - ((char *)tkt->dat) + 7)/8)*8; - - /* Check length of ticket */ - if (tkt->length > (sizeof(KTEXT_ST) - 7)) { - bzero(tkt->dat, tkt->length); - tkt->length = 0; - return KFAILURE /* XXX */; - } - -#ifndef NOENCRYPTION - key_sched((C_Block *)key,key_s); - pcbc_encrypt((C_Block *)tkt->dat,(C_Block *)tkt->dat,(long)tkt->length, - key_s,(C_Block *)key,ENCRYPT); -#endif - return 0; -} diff --git a/eBones/krb/debug_decl.c b/eBones/krb/debug_decl.c deleted file mode 100644 index f548e2a..0000000 --- a/eBones/krb/debug_decl.c +++ /dev/null @@ -1,20 +0,0 @@ -/* - * Copyright 1988 by the Massachusetts Institute of Technology. - * For copying and distribution information, please see the file - * . - * - * from: debug_decl.c,v 4.5 88/10/07 06:07:49 shanzer Exp $ - * $Id: debug_decl.c,v 1.3 1995/07/18 16:38:14 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: debug_decl.c,v 1.3 1995/07/18 16:38:14 mark Exp $"; -#endif lint -#endif - -/* Declare global debugging variables. */ - -int krb_ap_req_debug = 0; -int krb_debug = 0; diff --git a/eBones/krb/decomp_ticket.c b/eBones/krb/decomp_ticket.c deleted file mode 100644 index 04316ad..0000000 --- a/eBones/krb/decomp_ticket.c +++ /dev/null @@ -1,126 +0,0 @@ -/* - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * For copying and distribution information, please see the file - * . - * - * from: decomp_ticket.c,v 4.12 89/05/16 18:44:46 jtkohl Exp $ - * $Id: decomp_ticket.c,v 1.3 1995/07/18 16:38:15 mark Exp $ - */ - -#if 0 -#ifndef lint -static char *rcsid = -"$Id: decomp_ticket.c,v 1.3 1995/07/18 16:38:15 mark Exp $"; -#endif /* lint */ -#endif - -#include -#include -#include -#include -#include - -/* - * This routine takes a ticket and pointers to the variables that - * should be filled in based on the information in the ticket. It - * fills in values for its arguments. - * - * Note: if the client realm field in the ticket is the null string, - * then the "prealm" variable is filled in with the local realm (as - * defined by KRB_REALM). - * - * If the ticket byte order is different than the host's byte order - * (as indicated by the byte order bit of the "flags" field), then - * the KDC timestamp "time_sec" is byte-swapped. The other fields - * potentially affected by byte order, "paddress" and "session" are - * not byte-swapped. - * - * The routine returns KFAILURE if any of the "pname", "pinstance", - * or "prealm" fields is too big, otherwise it returns KSUCCESS. - * - * The corresponding routine to generate tickets is create_ticket. - * When changes are made to this routine, the corresponding changes - * should also be made to that file. - * - * See create_ticket.c for the format of the ticket packet. - */ - -int -decomp_ticket(tkt, flags, pname, pinstance, prealm, paddress, session, - life, time_sec, sname, sinstance, key, key_s) - KTEXT tkt; /* The ticket to be decoded */ - unsigned char *flags; /* Kerberos ticket flags */ - char *pname; /* Authentication name */ - char *pinstance; /* Principal's instance */ - char *prealm; /* Principal's authentication domain */ - unsigned long *paddress; /* Net address of entity - * requesting ticket */ - C_Block session; /* Session key inserted in ticket */ - int *life; /* Lifetime of the ticket */ - unsigned long *time_sec; /* Issue time and date */ - char *sname; /* Service name */ - char *sinstance; /* Service instance */ - C_Block key; /* Service's secret key - * (to decrypt the ticket) */ - Key_schedule key_s; /* The precomputed key schedule */ -{ - static int tkt_swap_bytes; - unsigned char *uptr; - char *ptr = (char *)tkt->dat; - -#ifndef NOENCRYPTION - pcbc_encrypt((C_Block *)tkt->dat,(C_Block *)tkt->dat,(long)tkt->length, - key_s,(C_Block *)key,DECRYPT); -#endif /* ! NOENCRYPTION */ - - *flags = *ptr; /* get flags byte */ - ptr += sizeof(*flags); - tkt_swap_bytes = 0; - if (HOST_BYTE_ORDER != ((*flags >> K_FLAG_ORDER)& 1)) - tkt_swap_bytes++; - - if (strlen(ptr) > ANAME_SZ) - return(KFAILURE); - (void) strcpy(pname,ptr); /* pname */ - ptr += strlen(pname) + 1; - - if (strlen(ptr) > INST_SZ) - return(KFAILURE); - (void) strcpy(pinstance,ptr); /* instance */ - ptr += strlen(pinstance) + 1; - - if (strlen(ptr) > REALM_SZ) - return(KFAILURE); - (void) strcpy(prealm,ptr); /* realm */ - ptr += strlen(prealm) + 1; - /* temporary hack until realms are dealt with properly */ - if (*prealm == 0) - (void) strcpy(prealm,KRB_REALM); - - bcopy(ptr,(char *)paddress,4); /* net address */ - ptr += 4; - - bcopy(ptr,(char *)session,8); /* session key */ - ptr+= 8; -#ifdef notdef /* DONT SWAP SESSION KEY spm 10/22/86 */ - if (tkt_swap_bytes) - swap_C_Block(session); -#endif - - /* get lifetime, being certain we don't get negative lifetimes */ - uptr = (unsigned char *) ptr++; - *life = (int) *uptr; - - bcopy(ptr,(char *) time_sec,4); /* issue time */ - ptr += 4; - if (tkt_swap_bytes) - swap_u_long(*time_sec); - - (void) strcpy(sname,ptr); /* service name */ - ptr += 1 + strlen(sname); - - (void) strcpy(sinstance,ptr); /* instance */ - ptr += 1 + strlen(sinstance); - return(KSUCCESS); -} diff --git a/eBones/krb/des_rw.c b/eBones/krb/des_rw.c deleted file mode 100644 index 5b339ee..0000000 --- a/eBones/krb/des_rw.c +++ /dev/null @@ -1,262 +0,0 @@ -/* - * Copyright (c) 1994 Geoffrey M. Rehmet, Rhodes University - * All rights reserved. - * - * This code is derived from a specification based on software - * which forms part of the 4.4BSD-Lite distribution, which was developed - * by the University of California and its contributors. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the entire comment, - * including the above copyright notice, this list of conditions - * and the following disclaimer, verbatim, at the beginning of - * the source file. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Geoffrey M. Rehmet - * 4. Neither the name of Geoffrey M. Rehmet nor that of Rhodes University - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED - * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL GEOFFREY M. REHMET OR RHODES UNIVERSITY BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * $Id: des_rw.c,v 1.6 1995/07/18 16:38:17 mark Exp $ - */ - -/* - * - * NB: THESE ROUTINES WILL FAIL IF NON-BLOCKING I/O IS USED. - * - */ - -/* - * Routines for reading and writing DES encrypted messages onto sockets. - * (These routines will fail if non-blocking I/O is used.) - * - * When a message is written, its length is first transmitted as an int, - * in network byte order. The encrypted message is then transmitted, - * to a multiple of 8 bytes. Messages shorter than 8 bytes are right - * justified into a buffer of length 8 bytes, and the remainder of the - * buffer is filled with random garbage (before encryption): - * - * DDD -------->--+--------+ - * | | - * +--+--+--+--+--+--+--+--+ - * |x |x |x |x |x |D |D |D | - * +--+--+--+--+--+--+--+--+ - * | garbage | data | - * | | - * +-----------------------+----> des_pcbc_encrypt() --> - * - * (Note that the length field sent before the actual message specifies - * the number of data bytes, not the length of the entire padded message. - * - * When data is read, if the message received is longer than the number - * of bytes requested, then the remaining bytes are stored until the - * following call to des_read(). If the number of bytes received is - * less then the number of bytes received, then only the number of bytes - * actually received is returned. - * - * This interface corresponds with the original des_rw.c, except for the - * bugs in des_read() in the original 4.4BSD version. (One bug is - * normally not visible, due to undocumented behaviour of - * des_pcbc_encrypt() in the original MIT libdes.) - * - * XXX Todo: - * 1) Give better error returns on writes - * 2) Improve error checking on reads - * 3) Get rid of need for extern decl. of krb_net_read() - * 4) Tidy garbage generation a bit - * 5) Make the above comment more readable - */ - -#ifdef CRYPT -#ifdef KERBEROS - -#ifndef BUFFER_LEN -#define BUFFER_LEN 10240 -#endif - -#include -#include -#include -#include - -#include -#include - -#include -#include - -static des_cblock des_key; -static des_key_schedule key_schedule; - -/* - * Buffer for storing extra data when more data is received, then was - * actually requested in des_read(). - */ -static u_char des_buff[BUFFER_LEN]; -static u_char buffer[BUFFER_LEN]; -static unsigned stored = 0; -static u_char *buff_ptr = buffer; - -/* - * Set the encryption key for des_read() and des_write(). - * inkey is the initial vector for the DES encryption, while insched is - * the DES key, in unwrapped form. - */ - -int -des_set_key(inkey, insched) - des_cblock *inkey; - des_key_schedule insched; -{ - bcopy(inkey, des_key, sizeof(des_cblock)); - bcopy(insched, &key_schedule, sizeof(des_key_schedule)); - return 0; -} - -/* - * Clear the key schedule, and initial vector, which were previously - * stored in static vars by des_set_key(). - */ -void des_clear_key() -{ - bzero(&des_key, sizeof(des_cblock)); - bzero(&key_schedule, sizeof(des_key_schedule)); -} - -int -des_read(fd, buf, len) - int fd; - register char * buf; - int len; -{ - int msg_length; /* length of actual message data */ - int pad_length; /* length of padded message */ - int nread; /* number of bytes actually read */ - int nreturned = 0; - - if(stored >= len) { - bcopy(buff_ptr, buf, len); - stored -= len; - buff_ptr += len; - return(len); - } else { - if (stored) { - bcopy(buff_ptr, buf, stored); - nreturned = stored; - len -= stored; - stored = 0; - buff_ptr = buffer; - } else { - nreturned = 0; - buff_ptr = buffer; - } - } - - nread = krb_net_read(fd, (char *)&msg_length, sizeof(msg_length)); - if(nread != (int)(sizeof(msg_length))) - return(0); - - msg_length = ntohl(msg_length); - pad_length = roundup(msg_length, 8); - - nread = krb_net_read(fd, des_buff, pad_length); - if(nread != pad_length) - return(0); - - des_pcbc_encrypt((des_cblock*) des_buff, (des_cblock*) buff_ptr, - (msg_length < 8 ? 8 : msg_length), - key_schedule, (des_cblock*) &des_key, DES_DECRYPT); - - - if(msg_length < 8) - buff_ptr += (8 - msg_length); - stored = msg_length; - - if(stored >= len) { - bcopy(buff_ptr, buf, len); - stored -= len; - buff_ptr += len; - nreturned += len; - } else { - bcopy(buff_ptr, buf, stored); - nreturned += stored; - stored = 0; - } - - return(nreturned); -} - - -/* - * Write a message onto a file descriptor (generally a socket), using - * DES to encrypt the message. - */ -int -des_write(fd, buf, len) - int fd; - char * buf; - int len; -{ - static int seeded = 0; - char garbage[8]; - long rnd; - int pad_len; - int write_len; - int i; - char *data; - - if(len < 8) { - /* - * Right justify the message in 8 bytes of random garbage. - */ - if(!seeded) { - seeded = 1; - srandom((unsigned)time(NULL)); - } - - for(i = 0 ; i < 8 ; i+= sizeof(long)) { - rnd = random(); - bcopy(&rnd, garbage+i, - (i <= (8 - sizeof(long)))?sizeof(long):(8-i)); - } - bcopy(buf, garbage + 8 - len, len); - data = garbage; - pad_len = 8; - } else { - data = buf; - pad_len = roundup(len, 8); - } - - des_pcbc_encrypt((des_cblock*) data, (des_cblock*) des_buff, - (len < 8)?8:len, key_schedule, (des_cblock*) &des_key, DES_ENCRYPT); - - - write_len = htonl(len); - if(write(fd, &write_len, sizeof(write_len)) != sizeof(write_len)) - return(-1); - if(write(fd, des_buff, pad_len) != pad_len) - return(-1); - - return(len); -} - -#endif /* KERBEROS */ -#endif /* CRYPT */ diff --git a/eBones/krb/dest_tkt.c b/eBones/krb/dest_tkt.c deleted file mode 100644 index df04be0..0000000 --- a/eBones/krb/dest_tkt.c +++ /dev/null @@ -1,92 +0,0 @@ -/* - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * For copying and distribution information, please see the file - * . - * - * from: dest_tkt.c,v 4.9 89/10/02 16:23:07 jtkohl Exp $ - * $Id: dest_tkt.c,v 1.3 1995/07/18 16:38:19 mark Exp $ - */ - -#if 0 -#ifndef lint -static char *rcsid = -"$Id: dest_tkt.c,v 1.3 1995/07/18 16:38:19 mark Exp $"; -#endif /* lint */ -#endif - -#include -#include -#include -#include -#include -#include -#include -#ifdef TKT_SHMEM -#include -#endif -#include - -/* - * dest_tkt() is used to destroy the ticket store upon logout. - * If the ticket file does not exist, dest_tkt() returns RET_TKFIL. - * Otherwise the function returns RET_OK on success, KFAILURE on - * failure. - * - * The ticket file (TKT_FILE) is defined in "krb.h". - */ - -int -dest_tkt() -{ - char *file = TKT_FILE; - int i,fd; - extern int errno; - struct stat statb; - char buf[BUFSIZ]; -#ifdef TKT_SHMEM - char shmidname[MAXPATHLEN]; -#endif /* TKT_SHMEM */ - - errno = 0; - if (lstat(file,&statb) < 0) - goto out; - - if (!(statb.st_mode & S_IFREG) -#ifdef notdef - || statb.st_mode & 077 -#endif - ) - goto out; - - if ((fd = open(file, O_RDWR, 0)) < 0) - goto out; - - bzero(buf, BUFSIZ); - - for (i = 0; i < statb.st_size; i += BUFSIZ) - if (write(fd, buf, BUFSIZ) != BUFSIZ) { - (void) fsync(fd); - (void) close(fd); - goto out; - } - - (void) fsync(fd); - (void) close(fd); - - (void) unlink(file); - -out: - if (errno == ENOENT) return RET_TKFIL; - else if (errno != 0) return KFAILURE; -#ifdef TKT_SHMEM - /* - * handle the shared memory case - */ - (void) strcpy(shmidname, file); - (void) strcat(shmidname, ".shm"); - if ((i = krb_shm_dest(shmidname)) != KSUCCESS) - return(i); -#endif /* TKT_SHMEM */ - return(KSUCCESS); -} diff --git a/eBones/krb/extract_ticket.c b/eBones/krb/extract_ticket.c deleted file mode 100644 index 8ad3097..0000000 --- a/eBones/krb/extract_ticket.c +++ /dev/null @@ -1,61 +0,0 @@ -/* - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * For copying and distribution information, please see the file - * . - * - * from: extract_ticket.c,v 4.6 88/10/07 06:08:15 shanzer Exp $ - * $Id: extract_ticket.c,v 1.3 1995/07/18 16:38:21 mark Exp $ - */ - -#if 0 -#ifndef lint -static char *rcsid = -"$Id: extract_ticket.c,v 1.3 1995/07/18 16:38:21 mark Exp $"; -#endif /* lint */ -#endif - -#include -#include -#include - -/* - * This routine is obsolete. - * - * This routine accepts the ciphertext returned by kerberos and - * extracts the nth ticket. It also fills in the variables passed as - * session, liftime and kvno. - */ - -void -extract_ticket(cipher,n,session,lifetime,kvno,realm,ticket) - KTEXT cipher; /* The ciphertext */ - int n; /* Which ticket */ - char *session; /* The session key for this tkt */ - int *lifetime; /* The life of this ticket */ - int *kvno; /* The kvno for the service */ - char *realm; /* Realm in which tkt issued */ - KTEXT ticket; /* The ticket itself */ -{ - char *ptr; - int i; - - /* Start after the ticket lengths */ - ptr = (char *) cipher->dat; - ptr = ptr + 1 + (int) *(cipher->dat); - - /* Step through earlier tickets */ - for (i = 1; i < n; i++) - ptr = ptr + 11 + strlen(ptr+10) + (int) *(cipher->dat+i); - bcopy(ptr, (char *) session, 8); /* Save the session key */ - ptr += 8; - *lifetime = *(ptr++); /* Save the life of the ticket */ - *kvno = *(ptr++); /* Save the kvno */ - (void) strcpy(realm,ptr); /* instance */ - ptr += strlen(realm) + 1; - - /* Save the ticket if its length is non zero */ - ticket->length = *(cipher->dat+n); - if (ticket->length) - bcopy(ptr, (char *) (ticket->dat), ticket->length); -} diff --git a/eBones/krb/fgetst.c b/eBones/krb/fgetst.c deleted file mode 100644 index 796caca..0000000 --- a/eBones/krb/fgetst.c +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. - * For copying and distribution information, please see the file - * . - * - * from: fgetst.c,v 4.0 89/01/23 10:08:31 jtkohl Exp $ - * $Id: fgetst.c,v 1.3 1995/07/18 16:38:23 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: fgetst.c,v 1.3 1995/07/18 16:38:23 mark Exp $"; -#endif /* lint */ -#endif - -#include - -/* - * fgetst takes a file descriptor, a character pointer, and a count. - * It reads from the file it has either read "count" characters, or - * until it reads a null byte. When finished, what has been read exists - * in "s". If "count" characters were actually read, the last is changed - * to a null, so the returned string is always null-terminated. fgetst - * returns the number of characters read, including the null terminator. - */ - -int -fgetst(f, s, n) - FILE *f; - register char *s; - int n; -{ - register int count = n; - int ch; /* NOT char; otherwise you don't see EOF */ - - while ((ch = getc(f)) != EOF && ch && --count) { - *s++ = ch; - } - *s = '\0'; - return (n - count); -} diff --git a/eBones/krb/get_ad_tkt.c b/eBones/krb/get_ad_tkt.c deleted file mode 100644 index f96644a..0000000 --- a/eBones/krb/get_ad_tkt.c +++ /dev/null @@ -1,237 +0,0 @@ -/* - * Copyright 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * For copying and distribution information, please see the file - * . - * - * from: get_ad_tkt.c,v 4.15 89/07/07 15:18:51 jtkohl Exp $ - * $Id: get_ad_tkt.c,v 1.3 1995/07/18 16:38:25 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: get_ad_tkt.c,v 1.3 1995/07/18 16:38:25 mark Exp $"; -#endif /* lint */ -#endif - -#include -#include -#include -#include - -#include -#include - -/* use the bsd time.h struct defs for PC too! */ -#include -#include - -extern int krb_debug; - -struct timeval tt_local = { 0, 0 }; - -int swap_bytes; -unsigned long rep_err_code; - -/* - * get_ad_tkt obtains a new service ticket from Kerberos, using - * the ticket-granting ticket which must be in the ticket file. - * It is typically called by krb_mk_req() when the client side - * of an application is creating authentication information to be - * sent to the server side. - * - * get_ad_tkt takes four arguments: three pointers to strings which - * contain the name, instance, and realm of the service for which the - * ticket is to be obtained; and an integer indicating the desired - * lifetime of the ticket. - * - * It returns an error status if the ticket couldn't be obtained, - * or AD_OK if all went well. The ticket is stored in the ticket - * cache. - * - * The request sent to the Kerberos ticket-granting service looks - * like this: - * - * pkt->dat - * - * TEXT original contents of authenticator+ticket - * pkt->dat built in krb_mk_req call - * - * 4 bytes time_ws always 0 (?) - * char lifetime lifetime argument passed - * string service service name argument - * string sinstance service instance arg. - * - * See "prot.h" for the reply packet layout and definitions of the - * extraction macros like pkt_version(), pkt_msg_type(), etc. - */ - -int -get_ad_tkt(service,sinstance,realm,lifetime) - char *service; - char *sinstance; - char *realm; - int lifetime; -{ - static KTEXT_ST pkt_st; - KTEXT pkt = & pkt_st; /* Packet to KDC */ - static KTEXT_ST rpkt_st; - KTEXT rpkt = &rpkt_st; /* Returned packet */ - static KTEXT_ST cip_st; - KTEXT cip = &cip_st; /* Returned Ciphertext */ - static KTEXT_ST tkt_st; - KTEXT tkt = &tkt_st; /* Current ticket */ - C_Block ses; /* Session key for tkt */ - CREDENTIALS cr; - int kvno; /* Kvno for session key */ - char lrealm[REALM_SZ]; - C_Block key; /* Key for decrypting cipher */ - Key_schedule key_s; - long time_ws = 0; - - char s_name[SNAME_SZ]; - char s_instance[INST_SZ]; - int msg_byte_order; - int kerror; - char rlm[REALM_SZ]; - char *ptr; - - unsigned long kdc_time; /* KDC time */ - - if ((kerror = krb_get_tf_realm(TKT_FILE, lrealm)) != KSUCCESS) - return(kerror); - - /* Create skeleton of packet to be sent */ - (void) gettimeofday(&tt_local,(struct timezone *) 0); - - pkt->length = 0; - - /* - * Look for the session key (and other stuff we don't need) - * in the ticket file for krbtgt.realm@lrealm where "realm" - * is the service's realm (passed in "realm" argument) and - * lrealm is the realm of our initial ticket. If we don't - * have this, we will try to get it. - */ - - if ((kerror = krb_get_cred("krbtgt",realm,lrealm,&cr)) != KSUCCESS) { - /* - * If realm == lrealm, we have no hope, so let's not even try. - */ - if ((strncmp(realm, lrealm, REALM_SZ)) == 0) - return(AD_NOTGT); - else{ - if ((kerror = - get_ad_tkt("krbtgt",realm,lrealm,lifetime)) != KSUCCESS) - return(kerror); - if ((kerror = krb_get_cred("krbtgt",realm,lrealm,&cr)) != KSUCCESS) - return(kerror); - } - } - - /* - * Make up a request packet to the "krbtgt.realm@lrealm". - * Start by calling krb_mk_req() which puts ticket+authenticator - * into "pkt". Then tack other stuff on the end. - */ - - kerror = krb_mk_req(pkt,"krbtgt",realm,lrealm,0L); - - if (kerror) - return(AD_NOTGT); - - /* timestamp */ - bcopy((char *) &time_ws,(char *) (pkt->dat+pkt->length),4); - pkt->length += 4; - *(pkt->dat+(pkt->length)++) = (char) lifetime; - (void) strcpy((char *) (pkt->dat+pkt->length),service); - pkt->length += 1 + strlen(service); - (void) strcpy((char *)(pkt->dat+pkt->length),sinstance); - pkt->length += 1 + strlen(sinstance); - - rpkt->length = 0; - - /* Send the request to the local ticket-granting server */ - if ((kerror = send_to_kdc(pkt, rpkt, realm))) return(kerror); - - /* check packet version of the returned packet */ - if (pkt_version(rpkt) != KRB_PROT_VERSION ) - return(INTK_PROT); - - /* Check byte order */ - msg_byte_order = pkt_msg_type(rpkt) & 1; - swap_bytes = 0; - if (msg_byte_order != HOST_BYTE_ORDER) - swap_bytes++; - - switch (pkt_msg_type(rpkt) & ~1) { - case AUTH_MSG_KDC_REPLY: - break; - case AUTH_MSG_ERR_REPLY: - bcopy(pkt_err_code(rpkt), (char *) &rep_err_code, 4); - if (swap_bytes) - swap_u_long(rep_err_code); - return(rep_err_code); - - default: - return(INTK_PROT); - } - - /* Extract the ciphertext */ - cip->length = pkt_clen(rpkt); /* let clen do the swap */ - - bcopy((char *) pkt_cipher(rpkt),(char *) (cip->dat),cip->length); - -#ifndef NOENCRYPTION - key_sched((C_Block *)cr.session,key_s); - pcbc_encrypt((C_Block *)cip->dat,(C_Block *)cip->dat,(long)cip->length, - key_s,(C_Block *)cr.session,DECRYPT); -#endif - /* Get rid of all traces of key */ - bzero((char *) cr.session, sizeof(key)); - bzero((char *) key_s, sizeof(key_s)); - - ptr = (char *) cip->dat; - - bcopy(ptr,(char *)ses,8); - ptr += 8; - - (void) strcpy(s_name,ptr); - ptr += strlen(s_name) + 1; - - (void) strcpy(s_instance,ptr); - ptr += strlen(s_instance) + 1; - - (void) strcpy(rlm,ptr); - ptr += strlen(rlm) + 1; - - lifetime = (unsigned long) ptr[0]; - kvno = (unsigned long) ptr[1]; - tkt->length = (int) ptr[2]; - ptr += 3; - bcopy(ptr,(char *)(tkt->dat),tkt->length); - ptr += tkt->length; - - if (strcmp(s_name, service) || strcmp(s_instance, sinstance) || - strcmp(rlm, realm)) /* not what we asked for */ - return(INTK_ERR); /* we need a better code here XXX */ - - /* check KDC time stamp */ - bcopy(ptr,(char *)&kdc_time,4); /* Time (coarse) */ - if (swap_bytes) swap_u_long(kdc_time); - - ptr += 4; - - (void) gettimeofday(&tt_local,(struct timezone *) 0); - if (abs((int)(tt_local.tv_sec - kdc_time)) > CLOCK_SKEW) { - return(RD_AP_TIME); /* XXX should probably be better - code */ - } - - if ((kerror = save_credentials(s_name,s_instance,rlm,ses,lifetime, - kvno,tkt,tt_local.tv_sec))) - return(kerror); - - return(AD_OK); -} diff --git a/eBones/krb/get_admhst.c b/eBones/krb/get_admhst.c deleted file mode 100644 index a01a40f..0000000 --- a/eBones/krb/get_admhst.c +++ /dev/null @@ -1,82 +0,0 @@ -/* - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * For copying and distribution information, please see the file - * . - * - * from: get_admhst.c,v 4.0 89/01/23 10:08:55 jtkohl Exp $ - * $Id: get_admhst.c,v 1.3 1995/07/18 16:38:27 mark Exp $ - */ - -#if 0 -#ifndef lint -static char *rcsid = -"$Id: get_admhst.c,v 1.3 1995/07/18 16:38:27 mark Exp $"; -#endif /* lint */ -#endif - -#include -#include -#include - -/* - * Given a Kerberos realm, find a host on which the Kerberos database - * administration server can be found. - * - * krb_get_admhst takes a pointer to be filled in, a pointer to the name - * of the realm for which a server is desired, and an integer n, and - * returns (in h) the nth administrative host entry from the configuration - * file (KRB_CONF, defined in "krb.h") associated with the specified realm. - * - * On error, get_admhst returns KFAILURE. If all goes well, the routine - * returns KSUCCESS. - * - * For the format of the KRB_CONF file, see comments describing the routine - * krb_get_krbhst(). - * - * This is a temporary hack to allow us to find the nearest system running - * a Kerberos admin server. In the long run, this functionality will be - * provided by a nameserver. - */ - -int -krb_get_admhst(h, r, n) - char *h; - char *r; - int n; -{ - FILE *cnffile; - char tr[REALM_SZ]; - char linebuf[BUFSIZ]; - char scratch[64]; - register int i; - - if ((cnffile = fopen(KRB_CONF,"r")) == NULL) { - return(KFAILURE); - } - if (fgets(linebuf, BUFSIZ, cnffile) == NULL) { - /* error reading */ - (void) fclose(cnffile); - return(KFAILURE); - } - if (!index(linebuf, '\n')) { - /* didn't all fit into buffer, punt */ - (void) fclose(cnffile); - return(KFAILURE); - } - for (i = 0; i < n; ) { - /* run through the file, looking for admin host */ - if (fgets(linebuf, BUFSIZ, cnffile) == NULL) { - (void) fclose(cnffile); - return(KFAILURE); - } - /* need to scan for a token after 'admin' to make sure that - admin matched correctly */ - if (sscanf(linebuf, "%s %s admin %s", tr, h, scratch) != 3) - continue; - if (!strcmp(tr,r)) - i++; - } - (void) fclose(cnffile); - return(KSUCCESS); -} diff --git a/eBones/krb/get_cred.c b/eBones/krb/get_cred.c deleted file mode 100644 index 6023386..0000000 --- a/eBones/krb/get_cred.c +++ /dev/null @@ -1,63 +0,0 @@ -/* - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * For copying and distribution information, please see the file - * . - * - * from: get_cred.c,v 4.10 89/05/31 17:46:22 jtkohl Exp $ - * $Id: get_cred.c,v 1.3 1995/07/18 16:38:28 mark Exp $ - */ - -#if 0 -#ifndef lint -static char *rcsid = -"$Id: get_cred.c,v 1.3 1995/07/18 16:38:28 mark Exp $"; -#endif /* lint */ -#endif - -#include -#include - -/* - * krb_get_cred takes a service name, instance, and realm, and a - * structure of type CREDENTIALS to be filled in with ticket - * information. It then searches the ticket file for the appropriate - * ticket and fills in the structure with the corresponding - * information from the file. If successful, it returns KSUCCESS. - * On failure it returns a Kerberos error code. - */ - -int -krb_get_cred(service,instance,realm,c) - char *service; /* Service name */ - char *instance; /* Instance */ - char *realm; /* Auth domain */ - CREDENTIALS *c; /* Credentials struct */ -{ - int tf_status; /* return value of tf function calls */ - - /* Open ticket file and lock it for shared reading */ - if ((tf_status = tf_init(TKT_FILE, R_TKT_FIL)) != KSUCCESS) - return(tf_status); - - /* Copy principal's name and instance into the CREDENTIALS struc c */ - - if ( (tf_status = tf_get_pname(c->pname)) != KSUCCESS || - (tf_status = tf_get_pinst(c->pinst)) != KSUCCESS ) - return (tf_status); - - /* Search for requested service credentials and copy into c */ - - while ((tf_status = tf_get_cred(c)) == KSUCCESS) { - /* Is this the right ticket? */ - if ((strcmp(c->service,service) == 0) && - (strcmp(c->instance,instance) == 0) && - (strcmp(c->realm,realm) == 0)) - break; - } - (void) tf_close(); - - if (tf_status == EOF) - return (GC_NOTKT); - return(tf_status); -} diff --git a/eBones/krb/get_in_tkt.c b/eBones/krb/get_in_tkt.c deleted file mode 100644 index b95f073..0000000 --- a/eBones/krb/get_in_tkt.c +++ /dev/null @@ -1,286 +0,0 @@ -/* - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. - * For copying and distribution information, please see the file - * . - * - * from: get_in_tkt.c,v 4.12 89/07/18 16:32:56 jtkohl Exp $ - * $Id: get_in_tkt.c,v 1.3 1995/07/18 16:38:30 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: get_in_tkt.c,v 1.3 1995/07/18 16:38:30 mark Exp $"; -#endif /* lint */ -#endif - -#include -#include - -#ifndef NULL -#define NULL 0 -#endif - -/* - * This file contains two routines: passwd_to_key() converts - * a password into a DES key (prompting for the password if - * not supplied), and krb_get_pw_in_tkt() gets an initial ticket for - * a user. - */ - -/* - * passwd_to_key(): given a password, return a DES key. - * There are extra arguments here which (used to be?) - * used by srvtab_to_key(). - * - * If the "passwd" argument is not null, generate a DES - * key from it, using string_to_key(). - * - * If the "passwd" argument is null, call des_read_password() - * to prompt for a password and then convert it into a DES key. - * - * In either case, the resulting key is put in the "key" argument, - * and 0 is returned. - */ - -/*ARGSUSED */ -static int passwd_to_key(user,instance,realm,passwd,key) - char *user, *instance, *realm, *passwd; - C_Block *key; -{ -#ifdef NOENCRYPTION - if (!passwd) - placebo_read_password(key, "Password: ", 0); -#else - if (passwd) - string_to_key(passwd,key); - else - des_read_password(key,"Password: ",0); -#endif - return (0); -} - -/* - * krb_get_pw_in_tkt() takes the name of the server for which the initial - * ticket is to be obtained, the name of the principal the ticket is - * for, the desired lifetime of the ticket, and the user's password. - * It passes its arguments on to krb_get_in_tkt(), which contacts - * Kerberos to get the ticket, decrypts it using the password provided, - * and stores it away for future use. - * - * krb_get_pw_in_tkt() passes two additional arguments to krb_get_in_tkt(): - * the name of a routine (passwd_to_key()) to be used to get the - * password in case the "password" argument is null and NULL for the - * decryption procedure indicating that krb_get_in_tkt should use the - * default method of decrypting the response from the KDC. - * - * The result of the call to krb_get_in_tkt() is returned. - */ - -int -krb_get_pw_in_tkt(user,instance,realm,service,sinstance,life,password) - char *user, *instance, *realm, *service, *sinstance; - int life; - char *password; -{ - return(krb_get_in_tkt(user,instance,realm,service,sinstance,life, - passwd_to_key, NULL, password)); -} - -#ifdef NOENCRYPTION -/* - * $Source: /usr/cvs/src/eBones/krb/get_in_tkt.c,v $ - * $Author: mark $ - * - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * - * For copying and distribution information, please see the file - * . - * - * This routine prints the supplied string to standard - * output as a prompt, and reads a password string without - * echoing. - */ - -#include -#include "conf.h" - -#include -#ifdef BSDUNIX -#include -#include -#include -#include -#else -/* char *strcpy(); -int strcmp(); */ -#endif - -#ifdef BSDUNIX -static jmp_buf env; -#endif - -#ifdef BSDUNIX -static void sig_restore(); -static push_signals(), pop_signals(); -int placebo_read_pw_string(); -#endif - -/*** Routines ****************************************************** */ -int -placebo_read_password(k,prompt,verify) - des_cblock *k; - char *prompt; - int verify; -{ - int ok; - char key_string[BUFSIZ]; - -#ifdef BSDUNIX - if (setjmp(env)) { - ok = -1; - goto lose; - } -#endif - - ok = placebo_read_pw_string(key_string, BUFSIZ, prompt, verify); - if (ok == 0) - bzero(k, sizeof(C_Block)); - -lose: - bzero(key_string, sizeof (key_string)); - return ok; -} - -/* - * This version just returns the string, doesn't map to key. - * - * Returns 0 on success, non-zero on failure. - */ - -int -placebo_read_pw_string(s,max,prompt,verify) - char *s; - int max; - char *prompt; - int verify; -{ - int ok = 0; - char *ptr; - -#ifdef BSDUNIX - jmp_buf old_env; - struct sgttyb tty_state; -#endif - char key_string[BUFSIZ]; - - if (max > BUFSIZ) { - return -1; - } - -#ifdef BSDUNIX - bcopy(old_env, env, sizeof(env)); - if (setjmp(env)) - goto lose; - - /* save terminal state*/ - if (ioctl(0,TIOCGETP,&tty_state) == -1) - return -1; - - push_signals(); - /* Turn off echo */ - tty_state.sg_flags &= ~ECHO; - if (ioctl(0,TIOCSETP,&tty_state) == -1) - return -1; -#endif - while (!ok) { - printf(prompt); - fflush(stdout); -#ifdef CROSSMSDOS - h19line(s,sizeof(s),0); - if (!strlen(s)) - continue; -#else - if (!fgets(s, max, stdin)) { - clearerr(stdin); - continue; - } - if ((ptr = index(s, '\n'))) - *ptr = '\0'; -#endif - if (verify) { - printf("\nVerifying, please re-enter %s",prompt); - fflush(stdout); -#ifdef CROSSMSDOS - h19line(key_string,sizeof(key_string),0); - if (!strlen(key_string)) - continue; -#else - if (!fgets(key_string, sizeof(key_string), stdin)) { - clearerr(stdin); - continue; - } - if ((ptr = index(key_string, '\n'))) - *ptr = '\0'; -#endif - if (strcmp(s,key_string)) { - printf("\n\07\07Mismatch - try again\n"); - fflush(stdout); - continue; - } - } - ok = 1; - } - -#ifdef BSDUNIX -lose: - if (!ok) - bzero(s, max); - printf("\n"); - /* turn echo back on */ - tty_state.sg_flags |= ECHO; - if (ioctl(0,TIOCSETP,&tty_state)) - ok = 0; - pop_signals(); - bcopy(env, old_env, sizeof(env)); -#endif - if (verify) - bzero(key_string, sizeof (key_string)); - s[max-1] = 0; /* force termination */ - return !ok; /* return nonzero if not okay */ -} - -#ifdef BSDUNIX -/* - * this can be static since we should never have more than - * one set saved.... - */ -#ifdef POSIX -static void (*old_sigfunc[NSIG])(); -#else -static int (*old_sigfunc[NSIG])(); -#endif POSIX - -static push_signals() -{ - register i; - for (i = 0; i < NSIG; i++) - old_sigfunc[i] = signal(i,sig_restore); -} - -static pop_signals() -{ - register i; - for (i = 0; i < NSIG; i++) - signal(i,old_sigfunc[i]); -} - -static void sig_restore(sig,code,scp) - int sig,code; - struct sigcontext *scp; -{ - longjmp(env,1); -} -#endif -#endif /* NOENCRYPTION */ diff --git a/eBones/krb/get_krbhst.c b/eBones/krb/get_krbhst.c deleted file mode 100644 index cfc6e1c..0000000 --- a/eBones/krb/get_krbhst.c +++ /dev/null @@ -1,87 +0,0 @@ -/* - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * For copying and distribution information, please see the file - * . - * - * from: get_krbhst.c,v 4.8 89/01/22 20:00:29 rfrench Exp $ - * $Id: get_krbhst.c,v 1.3 1995/07/18 16:38:32 mark Exp $ - */ - -#if 0 -#ifndef lint -static char *rcsid = -"$Id: get_krbhst.c,v 1.3 1995/07/18 16:38:32 mark Exp $"; -#endif /* lint */ -#endif - -#include -#include -#include - -/* - * Given a Kerberos realm, find a host on which the Kerberos authenti- - * cation server can be found. - * - * krb_get_krbhst takes a pointer to be filled in, a pointer to the name - * of the realm for which a server is desired, and an integer, n, and - * returns (in h) the nth entry from the configuration file (KRB_CONF, - * defined in "krb.h") associated with the specified realm. - * - * On end-of-file, krb_get_krbhst returns KFAILURE. If n=1 and the - * configuration file does not exist, krb_get_krbhst will return KRB_HOST - * (also defined in "krb.h"). If all goes well, the routine returnes - * KSUCCESS. - * - * The KRB_CONF file contains the name of the local realm in the first - * line (not used by this routine), followed by lines indicating realm/host - * entries. The words "admin server" following the hostname indicate that - * the host provides an administrative database server. - * - * For example: - * - * ATHENA.MIT.EDU - * ATHENA.MIT.EDU kerberos-1.mit.edu admin server - * ATHENA.MIT.EDU kerberos-2.mit.edu - * LCS.MIT.EDU kerberos.lcs.mit.edu admin server - * - * This is a temporary hack to allow us to find the nearest system running - * kerberos. In the long run, this functionality will be provided by a - * nameserver. - */ - -int -krb_get_krbhst(h,r,n) - char *h; - char *r; - int n; -{ - FILE *cnffile; - char tr[REALM_SZ]; - char linebuf[BUFSIZ]; - register int i; - - if ((cnffile = fopen(KRB_CONF,"r")) == NULL) { - if (n==1) { - (void) strcpy(h,KRB_HOST); - return(KSUCCESS); - } - else - return(KFAILURE); - } - if (fscanf(cnffile,"%s",tr) == EOF) - return(KFAILURE); - /* run through the file, looking for the nth server for this realm */ - for (i = 1; i <= n;) { - if (fgets(linebuf, BUFSIZ, cnffile) == NULL) { - (void) fclose(cnffile); - return(KFAILURE); - } - if (sscanf(linebuf, "%s %s", tr, h) != 2) - continue; - if (!strcmp(tr,r)) - i++; - } - (void) fclose(cnffile); - return(KSUCCESS); -} diff --git a/eBones/krb/get_krbrlm.c b/eBones/krb/get_krbrlm.c deleted file mode 100644 index a4803e5..0000000 --- a/eBones/krb/get_krbrlm.c +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * For copying and distribution information, please see the file - * . - * - * from: get_krbrlm.c,v 4.8 89/01/22 20:02:54 rfrench Exp $ - * $Id: get_krbrlm.c,v 1.3 1995/07/18 16:38:34 mark Exp $ - */ - -#if 0 -#ifndef lint -static char *rcsid = -"$Id: get_krbrlm.c,v 1.3 1995/07/18 16:38:34 mark Exp $"; -#endif /* lint */ -#endif - -#include -#include -#include - -/* - * krb_get_lrealm takes a pointer to a string, and a number, n. It fills - * in the string, r, with the name of the nth realm specified on the - * first line of the kerberos config file (KRB_CONF, defined in "krb.h"). - * It returns 0 (KSUCCESS) on success, and KFAILURE on failure. If the - * config file does not exist, and if n=1, a successful return will occur - * with r = KRB_REALM (also defined in "krb.h"). - * - * NOTE: for archaic & compatibility reasons, this routine will only return - * valid results when n = 1. - * - * For the format of the KRB_CONF file, see comments describing the routine - * krb_get_krbhst(). - */ - -int -krb_get_lrealm(r,n) - char *r; - int n; -{ - FILE *cnffile, *fopen(); - - if (n > 1) - return(KFAILURE); /* Temporary restriction */ - - if ((cnffile = fopen(KRB_CONF, "r")) == NULL) { - if (n == 1) { - (void) strcpy(r, KRB_REALM); - return(KSUCCESS); - } - else - return(KFAILURE); - } - - if (fscanf(cnffile,"%s",r) != 1) { - (void) fclose(cnffile); - return(KFAILURE); - } - (void) fclose(cnffile); - return(KSUCCESS); -} diff --git a/eBones/krb/get_phost.c b/eBones/krb/get_phost.c deleted file mode 100644 index cd83b2d..0000000 --- a/eBones/krb/get_phost.c +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Copyright 1988 by the Massachusetts Institute of Technology. - * For copying and distribution information, please see the file - * . - * - * from: get_phost.c,v 4.6 89/01/23 09:25:40 jtkohl Exp $ - * $Id: get_phost.c,v 1.3 1995/07/18 16:38:35 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: get_phost.c,v 1.3 1995/07/18 16:38:35 mark Exp $"; -#endif /* lint */ -#endif - -#include -#include -#include - -char *index(); - -/* - * This routine takes an alias for a host name and returns the first - * field, lower case, of its domain name. For example, if "menel" is - * an alias for host officially named "menelaus" (in /etc/hosts), for - * the host whose official name is "MENELAUS.MIT.EDU", the name "menelaus" - * is returned. - * - * This is done for historical Athena reasons: the Kerberos name of - * rcmd servers (rlogin, rsh, rcp) is of the form "rcmd.host@realm" - * where "host"is the lowercase for of the host name ("menelaus"). - * This should go away: the instance should be the domain name - * (MENELAUS.MIT.EDU). But for now we need this routine... - * - * A pointer to the name is returned, if found, otherwise a pointer - * to the original "alias" argument is returned. - */ - -char * krb_get_phost(alias) - char *alias; -{ - struct hostent *h; - char *phost = alias; - if ((h=gethostbyname(alias)) != (struct hostent *)NULL ) { - char *p = index( h->h_name, '.' ); - if (p) - *p = NULL; - p = phost = h->h_name; - do { - if (isupper(*p)) *p=tolower(*p); - } while (*p++); - } - return(phost); -} diff --git a/eBones/krb/get_pw_tkt.c b/eBones/krb/get_pw_tkt.c deleted file mode 100644 index 48b6126..0000000 --- a/eBones/krb/get_pw_tkt.c +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Copyright 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * For copying and distribution information, please see the file - * . - * - * from: get_pw_tkt.c,v 4.6 89/01/13 18:19:11 steiner Exp $ - * $Id: get_pw_tkt.c,v 1.3 1995/07/18 16:38:37 mark Exp $ - */ - -#if 0 -#ifndef lint -static char *rcsid = -"$Id: get_pw_tkt.c,v 1.3 1995/07/18 16:38:37 mark Exp $"; -#endif /* lint */ -#endif - - -#include - -/* - * Get a ticket for the password-changing server ("changepw.KRB_MASTER"). - * - * Given the name, instance, realm, and current password of the - * principal for which the user wants a password-changing-ticket, - * return either: - * - * GT_PW_BADPW if current password was wrong, - * GT_PW_NULL if principal had a NULL password, - * or the result of the krb_get_pw_in_tkt() call. - * - * First, try to get a ticket for "user.instance@realm" to use the - * "changepw.KRB_MASTER" server (KRB_MASTER is defined in "krb.h"). - * The requested lifetime for the ticket is "1", and the current - * password is the "cpw" argument given. - * - * If the password was bad, give up. - * - * If the principal had a NULL password in the Kerberos database - * (indicating that the principal is known to Kerberos, but hasn't - * got a password yet), try instead to get a ticket for the principal - * "default.changepw@realm" to use the "changepw.KRB_MASTER" server. - * Use the password "changepwkrb" instead of "cpw". Return GT_PW_NULL - * if all goes well, otherwise the error. - * - * If this routine succeeds, a ticket and session key for either the - * principal "user.instance@realm" or "default.changepw@realm" to use - * the password-changing server will be in the user's ticket file. - */ - -int -get_pw_tkt(user,instance,realm,cpw) - char *user; - char *instance; - char *realm; - char *cpw; -{ - int kerror; - - kerror = krb_get_pw_in_tkt(user, instance, realm, "changepw", - KRB_MASTER, 1, cpw); - - if (kerror == INTK_BADPW) - return(GT_PW_BADPW); - - if (kerror == KDC_NULL_KEY) { - kerror = krb_get_pw_in_tkt("default","changepw",realm,"changepw", - KRB_MASTER,1,"changepwkrb"); - if (kerror) - return(kerror); - return(GT_PW_NULL); - } - - return(kerror); -} diff --git a/eBones/krb/get_request.c b/eBones/krb/get_request.c deleted file mode 100644 index c4982bf3..0000000 --- a/eBones/krb/get_request.c +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * For copying and distribution information, please see the file - * . - * - * from: get_request.c,v 4.7 88/12/01 14:00:11 jtkohl Exp $ - * $Id: get_request.c,v 1.3 1995/07/18 16:38:39 mark Exp $ - */ - -#if 0 -#ifndef lint -static char *rcsid = -"$Id: get_request.c,v 1.3 1995/07/18 16:38:39 mark Exp $"; -#endif /* lint */ -#endif - -#include -#include - -/* - * This procedure is obsolete. It is used in the kerberos_slave - * code for Version 3 tickets. - * - * This procedure sets s_name, and instance to point to - * the corresponding fields from tne nth request in the packet. - * it returns the lifetime requested. Garbage will be returned - * if there are less than n requests in the packet. - */ - -int -get_request(pkt, n, s_name, instance) - KTEXT pkt; /* The packet itself */ - int n; /* Which request do we want */ - char **s_name; /* Service name to be filled in */ - char **instance; /* Instance name to be filled in */ -{ - /* Go to the beginning of the request list */ - char *ptr = (char *) pkt_a_realm(pkt) + 6 + - strlen((char *)pkt_a_realm(pkt)); - - /* Read requests until we hit the right one */ - while (n-- > 1) { - ptr++; - ptr += 1 + strlen(ptr); - ptr += 1 + strlen(ptr); - } - - /* Set the arguments to point to the right place */ - *s_name = 1 + ptr; - *instance = 2 + ptr + strlen(*s_name); - - /* Return the requested lifetime */ - return((int) *ptr); -} diff --git a/eBones/krb/get_svc_in_tkt.c b/eBones/krb/get_svc_in_tkt.c deleted file mode 100644 index f5680db..0000000 --- a/eBones/krb/get_svc_in_tkt.c +++ /dev/null @@ -1,77 +0,0 @@ -/* - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. - * For copying and distribution information, please see the file - * . - * - * from: get_svc_in_tkt.c,v 4.9 89/07/18 16:33:34 jtkohl Exp $ - * $Id: get_svc_in_tkt.c,v 1.3 1995/07/18 16:38:41 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: get_svc_in_tkt.c,v 1.3 1995/07/18 16:38:41 mark Exp $"; -#endif /* lint */ -#endif - -#include -#include - -#ifndef NULL -#define NULL 0 -#endif - -/* - * This file contains two routines: srvtab_to_key(), which gets - * a server's key from a srvtab file, and krb_get_svc_in_tkt() which - * gets an initial ticket for a server. - */ - -/* - * srvtab_to_key(): given a "srvtab" file (where the keys for the - * service on a host are stored), return the private key of the - * given service (user.instance@realm). - * - * srvtab_to_key() passes its arguments on to read_service_key(), - * plus one additional argument, the key version number. - * (Currently, the key version number is always 0; this value - * is treated as a wildcard by read_service_key().) - * - * If the "srvtab" argument is null, KEYFILE (defined in "krb.h") - * is passed in its place. - * - * It returns the return value of the read_service_key() call. - * The service key is placed in "key". - */ - -static int -srvtab_to_key(user, instance, realm, srvtab, key) - char *user, *instance, *realm, *srvtab; - C_Block key; -{ - if (!srvtab) - srvtab = KEYFILE; - - return(read_service_key(user, instance, realm, 0, srvtab, - (char *)key)); -} - -/* - * krb_get_svc_in_tkt() passes its arguments on to krb_get_in_tkt(), - * plus two additional arguments: a pointer to the srvtab_to_key() - * function to be used to get the key from the key file and a NULL - * for the decryption procedure indicating that krb_get_in_tkt should - * use the default method of decrypting the response from the KDC. - * - * It returns the return value of the krb_get_in_tkt() call. - */ - -int -krb_get_svc_in_tkt(user, instance, realm, service, sinstance, life, srvtab) - char *user, *instance, *realm, *service, *sinstance; - int life; - char *srvtab; -{ - return(krb_get_in_tkt(user, instance, realm, service, sinstance, - life, srvtab_to_key, NULL, srvtab)); -} diff --git a/eBones/krb/get_tf_fullname.c b/eBones/krb/get_tf_fullname.c deleted file mode 100644 index 8d76399..0000000 --- a/eBones/krb/get_tf_fullname.c +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. - * For copying and distribution information, please see the file - * . - * - * from: get_tf_fullname.c,v 4.3 90/03/10 22:40:20 jon Exp $ - * $Id: get_tf_fullname.c,v 1.3 1995/07/18 16:38:42 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: get_tf_fullname.c,v 1.3 1995/07/18 16:38:42 mark Exp $"; -#endif /* lint */ -#endif - -#include -#include -#include - -/* - * This file contains a routine to extract the fullname of a user - * from the ticket file. - */ - -/* - * krb_get_tf_fullname() takes four arguments: the name of the - * ticket file, and variables for name, instance, and realm to be - * returned in. Since the realm of a ticket file is not really fully - * supported, the realm used will be that of the the first ticket in - * the file as this is the one that was obtained with a password by - * krb_get_in_tkt(). - */ - -int -krb_get_tf_fullname(ticket_file, name, instance, realm) - char *ticket_file; - char *name; - char *instance; - char *realm; -{ - int tf_status; - CREDENTIALS c; - - if ((tf_status = tf_init(ticket_file, R_TKT_FIL)) != KSUCCESS) - return(tf_status); - - if (((tf_status = tf_get_pname(c.pname)) != KSUCCESS) || - ((tf_status = tf_get_pinst(c.pinst)) != KSUCCESS)) - return (tf_status); - - if (name) - strcpy(name, c.pname); - if (instance) - strcpy(instance, c.pinst); - if ((tf_status = tf_get_cred(&c)) == KSUCCESS) { - if (realm) - strcpy(realm, c.realm); - } - else { - if (tf_status == EOF) - return(KFAILURE); - else - return(tf_status); - } - (void) tf_close(); - - return(tf_status); -} diff --git a/eBones/krb/get_tf_realm.c b/eBones/krb/get_tf_realm.c deleted file mode 100644 index 8d75a9d..0000000 --- a/eBones/krb/get_tf_realm.c +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. - * For copying and distribution information, please see the file - * . - * - * from: get_tf_realm.c,v 4.2 90/01/02 13:40:19 jtkohl Exp $ - * $Id: get_tf_realm.c,v 1.3 1995/07/18 16:38:44 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: get_tf_realm.c,v 1.3 1995/07/18 16:38:44 mark Exp $"; -#endif /* lint */ -#endif - -#include -#include - -/* - * This file contains a routine to extract the realm of a kerberos - * ticket file. - */ - -/* - * krb_get_tf_realm() takes two arguments: the name of a ticket - * and a variable to store the name of the realm in. - * - */ - -int -krb_get_tf_realm(ticket_file, realm) - char *ticket_file; - char *realm; -{ - return(krb_get_tf_fullname(ticket_file, 0, 0, realm)); -} diff --git a/eBones/krb/getrealm.c b/eBones/krb/getrealm.c deleted file mode 100644 index dcd4d28..0000000 --- a/eBones/krb/getrealm.c +++ /dev/null @@ -1,106 +0,0 @@ -/* - * Copyright 1988 by the Massachusetts Institute of Technology. - * For copying and distribution information, please see the file - * . - * - * routine to convert hostname into realm name. - * - * from: getrealm.c,v 4.6 90/01/02 13:35:56 jtkohl Exp $ - * $Id: getrealm.c,v 1.3 1995/07/18 16:38:46 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: getrealm.c,v 1.3 1995/07/18 16:38:46 mark Exp $"; -#endif lint -#endif - -#include -#include -#include -#include -#include - -/* for Ultrix and friends ... */ -#ifndef MAXHOSTNAMELEN -#define MAXHOSTNAMELEN 64 -#endif - -/* - * krb_realmofhost. - * Given a fully-qualified domain-style primary host name, - * return the name of the Kerberos realm for the host. - * If the hostname contains no discernable domain, or an error occurs, - * return the local realm name, as supplied by get_krbrlm(). - * If the hostname contains a domain, but no translation is found, - * the hostname's domain is converted to upper-case and returned. - * - * The format of each line of the translation file is: - * domain_name kerberos_realm - * -or- - * host_name kerberos_realm - * - * domain_name should be of the form .XXX.YYY (e.g. .LCS.MIT.EDU) - * host names should be in the usual form (e.g. FOO.BAR.BAZ) - */ - -static char ret_realm[REALM_SZ+1]; - -char * -krb_realmofhost(host) -char *host; -{ - char *domain; - FILE *trans_file; - char trans_host[MAXHOSTNAMELEN+1]; - char trans_realm[REALM_SZ+1]; - int retval; - - domain = index(host, '.'); - - /* prepare default */ - if (domain) { - char *cp; - - strncpy(ret_realm, &domain[1], REALM_SZ); - ret_realm[REALM_SZ] = '\0'; - /* Upper-case realm */ - for (cp = ret_realm; *cp; cp++) - if (islower(*cp)) - *cp = toupper(*cp); - } else { - krb_get_lrealm(ret_realm, 1); - } - - if ((trans_file = fopen(KRB_RLM_TRANS, "r")) == (FILE *) 0) { - /* krb_errno = KRB_NO_TRANS */ - return(ret_realm); - } - while (1) { - if ((retval = fscanf(trans_file, "%s %s", - trans_host, trans_realm)) != 2) { - if (retval == EOF) { - fclose(trans_file); - return(ret_realm); - } - continue; /* ignore broken lines */ - } - trans_host[MAXHOSTNAMELEN] = '\0'; - trans_realm[REALM_SZ] = '\0'; - if (!strcasecmp(trans_host, host)) { - /* exact match of hostname, so return the realm */ - (void) strcpy(ret_realm, trans_realm); - fclose(trans_file); - return(ret_realm); - } - if ((trans_host[0] == '.') && domain) { - /* this is a domain match */ - if (!strcasecmp(trans_host, domain)) { - /* domain match, save for later */ - (void) strcpy(ret_realm, trans_realm); - continue; - } - } - } -} diff --git a/eBones/krb/getst.c b/eBones/krb/getst.c deleted file mode 100644 index e50e4bb..0000000 --- a/eBones/krb/getst.c +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. - * For copying and distribution information, please see the file - * . - * - * form: getst.c,v 4.5 88/11/15 16:31:39 jtkohl Exp $ - * $Id: getst.c,v 1.3 1995/07/18 16:38:47 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: getst.c,v 1.3 1995/07/18 16:38:47 mark Exp $"; -#endif /* lint */ -#endif - -#include - -/* - * getst() takes a file descriptor, a string and a count. It reads - * from the file until either it has read "count" characters, or until - * it reads a null byte. When finished, what has been read exists in - * the given string "s". If "count" characters were actually read, the - * last is changed to a null, so the returned string is always null- - * terminated. getst() returns the number of characters read, including - * the null terminator. - */ - -int -getst(fd, s, n) - int fd; - register char *s; - int n; -{ - register count = n; - while (read(fd, s, 1) > 0 && --count) - if (*s++ == '\0') - return (n - count); - *s = '\0'; - return (n - count); -} diff --git a/eBones/krb/in_tkt.c b/eBones/krb/in_tkt.c deleted file mode 100644 index 1f6ee8a..0000000 --- a/eBones/krb/in_tkt.c +++ /dev/null @@ -1,146 +0,0 @@ -/* - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * For copying and distribution information, please see the file - * . - * - * from: kt.c,v 4.9 89/10/25 19:03:35 qjb Exp $ - * $Id: in_tkt.c,v 1.6 1995/07/18 16:38:49 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: in_tkt.c,v 1.6 1995/07/18 16:38:49 mark Exp $"; -#endif /* lint */ -#endif - -#include -#include -#include -#include -#include -#include -#include -#include -#ifdef TKT_SHMEM -#include -#endif - -extern int krb_debug; - -/* - * in_tkt() is used to initialize the ticket store. It creates the - * file to contain the tickets and writes the given user's name "pname" - * and instance "pinst" in the file. in_tkt() returns KSUCCESS on - * success, or KFAILURE if something goes wrong. - */ - -int -in_tkt(pname,pinst) - char *pname; - char *pinst; -{ - int tktfile; - uid_t me, metoo; - struct stat buf; - int count; - char *file = TKT_FILE; - int fd; - register int i; - char charbuf[BUFSIZ]; -#ifdef TKT_SHMEM - char shmidname[MAXPATHLEN]; -#endif /* TKT_SHMEM */ - - me = getuid (); - metoo = geteuid(); - if (lstat(file,&buf) == 0) { - if (buf.st_uid != me && me == 0) { - unlink(file); - } else { - if (buf.st_uid != me || !(buf.st_mode & S_IFREG) || - buf.st_mode & 077) { - if (krb_debug) - fprintf(stderr,"Error initializing %s",file); - return(KFAILURE); - } - /* file already exists, and permissions appear ok, so nuke it */ - if ((fd = open(file, O_RDWR, 0)) < 0) - goto out; /* can't zero it, but we can still try truncating it */ - - bzero(charbuf, sizeof(charbuf)); - - for (i = 0; i < buf.st_size; i += sizeof(charbuf)) - if (write(fd, charbuf, sizeof(charbuf)) != sizeof(charbuf)) { - (void) fsync(fd); - (void) close(fd); - goto out; - } - - (void) fsync(fd); - (void) close(fd); - } - } - out: - /* arrange so the file is owned by the ruid - (swap real & effective uid if necessary). - This isn't a security problem, since the ticket file, if it already - exists, has the right uid (== ruid) and mode. */ - if (me != metoo) { - if (setreuid(metoo, me) < 0) { - /* can't switch??? barf! */ - if (krb_debug) - perror("in_tkt: setreuid"); - return(KFAILURE); - } else - if (krb_debug) - printf("swapped UID's %ld and %ld\n",metoo,me); - } - if ((tktfile = open(file,O_CREAT | O_TRUNC | O_WRONLY,0600)) < 0) { - if (krb_debug) - fprintf(stderr,"Error initializing %s",TKT_FILE); - return(KFAILURE); - } - if (me != metoo) { - if (setreuid(me, metoo) < 0) { - /* can't switch??? barf! */ - if (krb_debug) - perror("in_tkt: setreuid2"); - return(KFAILURE); - } else - if (krb_debug) - printf("swapped UID's %ld and %ld\n",me,metoo); - } - if (lstat(file,&buf) < 0) { - if (krb_debug) - fprintf(stderr,"Error initializing %s",TKT_FILE); - return(KFAILURE); - } - - if (buf.st_uid != me || !(buf.st_mode & S_IFREG) || - buf.st_mode & 077) { - if (krb_debug) - fprintf(stderr,"Error initializing %s",TKT_FILE); - return(KFAILURE); - } - - count = strlen(pname)+1; - if (write(tktfile,pname,count) != count) { - (void) close(tktfile); - return(KFAILURE); - } - count = strlen(pinst)+1; - if (write(tktfile,pinst,count) != count) { - (void) close(tktfile); - return(KFAILURE); - } - (void) close(tktfile); -#ifdef TKT_SHMEM - (void) strcpy(shmidname, file); - (void) strcat(shmidname, ".shm"); - return(krb_shm_create(shmidname)); -#else /* !TKT_SHMEM */ - return(KSUCCESS); -#endif /* TKT_SHMEM */ -} diff --git a/eBones/krb/k_gethostname.c b/eBones/krb/k_gethostname.c deleted file mode 100644 index cfb4f92..0000000 --- a/eBones/krb/k_gethostname.c +++ /dev/null @@ -1,71 +0,0 @@ -/* - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. - * For copying and distribution information, please see the file - * . - * - * from: k_gethostname.c,v 4.1 88/12/01 14:04:42 jtkohl Exp $ - * $Id: k_gethostname.c,v 1.3 1995/07/18 16:38:51 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: k_gethostname.c,v 1.3 1995/07/18 16:38:51 mark Exp $"; -#endif /* lint */ -#endif - -#include - -#ifndef PC -#ifndef BSD42 -/* teach me how to k_gethostname for your system here */ -#endif -#endif - -#ifdef PC -#include -typedef long in_name; -#include "custom.h" /* where is this file? */ -extern get_custom(); -#define LEN 64 /* just a guess */ -#endif /* PC */ - -/* - * Return the local host's name in "name", up to "namelen" characters. - * "name" will be null-terminated if "namelen" is big enough. - * The return code is 0 on success, -1 on failure. (The calling - * interface is identical to gethostname(2).) - * - * Currently defined for BSD 4.2 and PC. The BSD version just calls - * gethostname(); the PC code was taken from "kinit.c", and may or may - * not work. - */ - -int -k_gethostname(name, namelen) - char *name; - int namelen; -{ -#ifdef BSD42 - return gethostname(name, namelen); -#endif - -#ifdef PC - char buf[LEN]; - char b1, b2, b3, b4; - register char *ptr; - - get_custom(); /* should check for errors, - * return -1 on failure */ - ptr = (char *) &(custom.c_me); - b1 = *ptr++; - b2 = *ptr++; - b3 = *ptr++; - b4 = *ptr; - (void) sprintf(buf,"PC address %d.%d.%d.%d",b1,b2,b3,b4); - if (strlen(buf) > namelen) - fprintf(stderr, "gethostname: namelen too small; truncating"); - strnpcy(name, buf, namelen); - return 0; -#endif -} diff --git a/eBones/krb/klog.c b/eBones/krb/klog.c deleted file mode 100644 index 7fdc774..0000000 --- a/eBones/krb/klog.c +++ /dev/null @@ -1,110 +0,0 @@ -/* - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * For copying and distribution information, please see the file - * . - * - * from: klog.c,v 4.6 88/12/01 14:06:05 jtkohl Exp $ - * $Id: klog.c,v 1.3 1995/07/18 16:38:52 mark Exp $ - */ - -#if 0 -#ifndef lint -static char *rcsid = -"$Id: klog.c,v 1.3 1995/07/18 16:38:52 mark Exp $"; -#endif /* lint */ -#endif - -#include -#include - -#include -#include - -static char *log_name = KRBLOG; -static int is_open; -static char logtxt[1000]; - -/* - * This file contains two logging routines: kset_logfile() - * to determine the file to which log entries should be written; - * and klog() to write log entries to the file. - */ - -/* - * klog() is used to add entries to the logfile (see kset_logfile() - * below). Note that it is probably not portable since it makes - * assumptions about what the compiler will do when it is called - * with less than the correct number of arguments which is the - * way it is usually called. - * - * The log entry consists of a timestamp and the given arguments - * printed according to the given "format" string. - * - * The log file is opened and closed for each log entry. - * - * If the given log type "type" is unknown, or if the log file - * cannot be opened, no entry is made to the log file. - * - * The return value is always a pointer to the formatted log - * text string "logtxt". - */ - -char * klog(type,format,a1,a2,a3,a4,a5,a6,a7,a8,a9,a0) - int type; - char *format; - int a1,a2,a3,a4,a5,a6,a7,a8,a9,a0; -{ - FILE *logfile; - long now; - struct tm *tm; - static int logtype_array[NLOGTYPE] = {0,0}; - static int array_initialized; - - if (!(array_initialized++)) { - logtype_array[L_NET_ERR] = 1; - logtype_array[L_KRB_PERR] = 1; - logtype_array[L_KRB_PWARN] = 1; - logtype_array[L_APPL_REQ] = 1; - logtype_array[L_INI_REQ] = 1; - logtype_array[L_DEATH_REQ] = 1; - logtype_array[L_NTGT_INTK] = 1; - logtype_array[L_ERR_SEXP] = 1; - logtype_array[L_ERR_MKV] = 1; - logtype_array[L_ERR_NKY] = 1; - logtype_array[L_ERR_NUN] = 1; - logtype_array[L_ERR_UNK] = 1; - } - - (void) sprintf(logtxt,format,a1,a2,a3,a4,a5,a6,a7,a8,a9,a0); - - if (!logtype_array[type]) - return(logtxt); - - if ((logfile = fopen(log_name,"a")) == NULL) - return(logtxt); - - (void) time(&now); - tm = localtime(&now); - - fprintf(logfile,"%2d-%s-%02d %02d:%02d:%02d ",tm->tm_mday, - month_sname(tm->tm_mon + 1),tm->tm_year, - tm->tm_hour, tm->tm_min, tm->tm_sec); - fprintf(logfile,"%s\n",logtxt); - (void) fclose(logfile); - return(logtxt); -} - -/* - * kset_logfile() changes the name of the file to which - * messages are logged. If kset_logfile() is not called, - * the logfile defaults to KRBLOG, defined in "krb.h". - */ - -void -kset_logfile(filename) - char *filename; -{ - log_name = filename; - is_open = 0; -} diff --git a/eBones/krb/kname_parse.c b/eBones/krb/kname_parse.c deleted file mode 100644 index da7ec93..0000000 --- a/eBones/krb/kname_parse.c +++ /dev/null @@ -1,239 +0,0 @@ -/* - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. - * For copying and distribution information, please see the file - * . - * - * from: kname_parse.c,v 4.4 88/12/01 14:07:29 jtkohl Exp $ - * $Id: kname_parse.c,v 1.3 1995/07/18 16:38:54 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: kname_parse.c,v 1.3 1995/07/18 16:38:54 mark Exp $"; -#endif /* lint */ -#endif - -#include -#include -#include - -/* max size of full name */ -#define FULL_SZ (ANAME_SZ + INST_SZ + REALM_SZ) - -#define NAME 0 /* which field are we in? */ -#define INST 1 -#define REALM 2 - -extern char *krb_err_txt[]; - -/* - * This file contains four routines for handling Kerberos names. - * - * kname_parse() breaks a Kerberos name into its name, instance, - * and realm components. - * - * k_isname(), k_isinst(), and k_isrealm() check a given string to see if - * it's a syntactically legitimate respective part of a Kerberos name, - * returning 1 if it is, 0 if it isn't. - * - * Definition of "syntactically legitimate" names is according to - * the Project Athena Technical Plan Section E.2.1, page 7 "Specifying - * names", version dated 21 Dec 1987. - */ - -/* - * kname_parse() takes a Kerberos name "fullname" of the form: - * - * username[.instance][@realm] - * - * and returns the three components ("name", "instance", and "realm" - * in the example above) in the given arguments "np", "ip", and "rp". - * - * If successful, it returns KSUCCESS. If there was an error, - * KNAME_FMT is returned. - */ - -int -kname_parse(np, ip, rp, fullname) - char *np, *ip, *rp, *fullname; -{ - static char buf[FULL_SZ]; - char *rnext, *wnext; /* next char to read, write */ - register char c; - int backslash; - int field; - - backslash = 0; - rnext = buf; - wnext = np; - field = NAME; - - if (strlen(fullname) > FULL_SZ) - return KNAME_FMT; - (void) strcpy(buf, fullname); - - while ((c = *rnext++)) { - if (backslash) { - *wnext++ = c; - backslash = 0; - continue; - } - switch (c) { - case '\\': - backslash++; - break; - case '.': - switch (field) { - case NAME: - if (wnext == np) - return KNAME_FMT; - *wnext = '\0'; - field = INST; - wnext = ip; - break; - case INST: - return KNAME_FMT; - /* break; */ - case REALM: - *wnext++ = c; - break; - default: - fprintf(stderr, "unknown field value\n"); - exit(1); - } - break; - case '@': - switch (field) { - case NAME: - if (wnext == np) - return KNAME_FMT; - *ip = '\0'; - /* fall through */ - case INST: - *wnext = '\0'; - field = REALM; - wnext = rp; - break; - case REALM: - return KNAME_FMT; - default: - fprintf(stderr, "unknown field value\n"); - exit(1); - } - break; - default: - *wnext++ = c; - } - } - *wnext = '\0'; - if ((strlen(np) > ANAME_SZ - 1) || - (strlen(ip) > INST_SZ - 1) || - (strlen(rp) > REALM_SZ - 1)) - return KNAME_FMT; - return KSUCCESS; -} - -/* - * k_isname() returns 1 if the given name is a syntactically legitimate - * Kerberos name; returns 0 if it's not. - */ - -int -k_isname(s) - char *s; -{ - register char c; - int backslash = 0; - - if (!*s) - return 0; - if (strlen(s) > ANAME_SZ - 1) - return 0; - while((c = *s++)) { - if (backslash) { - backslash = 0; - continue; - } - switch(c) { - case '\\': - backslash = 1; - break; - case '.': - return 0; - /* break; */ - case '@': - return 0; - /* break; */ - } - } - return 1; -} - - -/* - * k_isinst() returns 1 if the given name is a syntactically legitimate - * Kerberos instance; returns 0 if it's not. - */ - -int -k_isinst(s) - char *s; -{ - register char c; - int backslash = 0; - - if (strlen(s) > INST_SZ - 1) - return 0; - while((c = *s++)) { - if (backslash) { - backslash = 0; - continue; - } - switch(c) { - case '\\': - backslash = 1; - break; - case '.': - return 0; - /* break; */ - case '@': - return 0; - /* break; */ - } - } - return 1; -} - -/* - * k_isrealm() returns 1 if the given name is a syntactically legitimate - * Kerberos realm; returns 0 if it's not. - */ - -int -k_isrealm(s) - char *s; -{ - register char c; - int backslash = 0; - - if (!*s) - return 0; - if (strlen(s) > REALM_SZ - 1) - return 0; - while((c = *s++)) { - if (backslash) { - backslash = 0; - continue; - } - switch(c) { - case '\\': - backslash = 1; - break; - case '@': - return 0; - /* break; */ - } - } - return 1; -} diff --git a/eBones/krb/kntoln.c b/eBones/krb/kntoln.c deleted file mode 100644 index 388704c..0000000 --- a/eBones/krb/kntoln.c +++ /dev/null @@ -1,63 +0,0 @@ -/* - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * For copying and distribution information, please see the file - * . - * - * from: kntoln.c,v 4.7 89/01/23 09:25:15 jtkohl Exp $ - * $Id: kntoln.c,v 1.3 1995/07/18 16:38:56 mark Exp $ - */ - -#if 0 -#ifndef lint -static char *rcsid = -"$Id: kntoln.c,v 1.3 1995/07/18 16:38:56 mark Exp $"; -#endif /* lint */ -#endif - -#include -#include - -/* - * krb_kntoln converts an auth name into a local name by looking up - * the auth name in the /etc/aname file. The format of the aname - * file is: - * - * +-----+-----+-----+-----+------+----------+-------+-------+ - * | anl | inl | rll | lnl | name | instance | realm | lname | - * +-----+-----+-----+-----+------+----------+-------+-------+ - * | 1by | 1by | 1by | 1by | name | instance | realm | lname | - * +-----+-----+-----+-----+------+----------+-------+-------+ - * - * If the /etc/aname file can not be opened it will set the - * local name to the auth name. Thus, in this case it performs as - * the identity function. - * - * The name instance and realm are passed to krb_kntoln through - * the AUTH_DAT structure (ad). - * - * Now here's what it *really* does: - * - * Given a Kerberos name in an AUTH_DAT structure, check that the - * instance is null, and that the realm is the same as the local - * realm, and return the principal's name in "lname". Return - * KSUCCESS if all goes well, otherwise KFAILURE. - */ - -int -krb_kntoln(ad,lname) - AUTH_DAT *ad; - char *lname; -{ - static char lrealm[REALM_SZ] = ""; - - if (!(*lrealm) && (krb_get_lrealm(lrealm,1) == KFAILURE)) - return(KFAILURE); - - if (strcmp(ad->pinst,"")) - return(KFAILURE); - if (strcmp(ad->prealm,lrealm)) - return(KFAILURE); - (void) strcpy(lname,ad->pname); - return(KSUCCESS); -} diff --git a/eBones/krb/kparse.c b/eBones/krb/kparse.c deleted file mode 100644 index 5b25ac7..0000000 --- a/eBones/krb/kparse.c +++ /dev/null @@ -1,776 +0,0 @@ -/* - * Copyright 1988 by the Massachusetts Institute of Technology. - * For copying and distribution information, please see the file - * . - * - * Purpose: - * This module was developed to parse the "~/.klogin" files for - * Kerberos-authenticated rlogin/rcp/rsh services. However, it is - * general purpose and can be used to parse any such parameter file. - * - * The parameter file should consist of one or more entries, with each - * entry on a separate line and consisting of zero or more - * "keyword=value" combinations. The keyword is case insensitive, but - * the value is not. Any string may be enclosed in quotes, and - * c-style "\" literals are supported. A comma may be used to - * separate the k/v combinations, and multiple commas are ignored. - * Whitespace (blank or tab) may be used freely and is ignored. - * - * Full error processing is available. When PS_BAD_KEYWORD or - * PS_SYNTAX is returned from fGetParameterSet(), the string ErrorMsg - * contains a meaningful error message. - * - * Keywords and their default values are programmed by an external - * table. - * - * Routines: - * fGetParameterSet() parse one line of the parameter file - * fGetKeywordValue() parse one "keyword=value" combo - * fGetToken() parse one token - * - * - * from: kparse.c,v 4.5 89/01/21 17:20:39 jtkohl Exp $ - * $Id: kparse.c,v 1.3 1995/07/18 16:38:58 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: kparse.c,v 1.3 1995/07/18 16:38:58 mark Exp $"; -#endif lint -#endif - -#include -#include -#include -#include - -#ifndef FALSE -#define FALSE 0 -#define TRUE 1 -#endif - -#define MAXKEY 80 -#define MAXVALUE 80 - -int fUngetChar(int ch, FILE *fp); -int fGetChar(FILE *fp); -int fGetLiteral(FILE *fp); - -int LineNbr=1; /* current line nbr in parameter file */ -char ErrorMsg[80]; /* meaningful only when KV_SYNTAX, PS_SYNTAX, - * or PS_BAD_KEYWORD is returned by - * fGetKeywordValue or fGetParameterSet */ - -int -fGetParameterSet( fp,parm,parmcount ) - FILE *fp; - parmtable parm[]; - int parmcount; -{ - int rc,i; - char keyword[MAXKEY]; - char value[MAXVALUE]; - - while (TRUE) { - rc=fGetKeywordValue(fp,keyword,MAXKEY,value,MAXVALUE); - - switch (rc) { - - case KV_EOF: - return(PS_EOF); - - case KV_EOL: - return(PS_OKAY); - - case KV_SYNTAX: - return(PS_SYNTAX); - - case KV_OKAY: - /* - * got a reasonable keyword/value pair. Search the - * parameter table to see if we recognize the keyword; if - * not, return an error. If we DO recognize it, make sure - * it has not already been given. If not already given, - * save the value. - */ - for (i=0; i= parmcount) { - sprintf(ErrorMsg, "unrecognized keyword \"%s\" found", - keyword); - return(PS_BAD_KEYWORD); - } - break; - - default: - sprintf(ErrorMsg, - "panic: bad return (%d) from fGetToken()",rc); - break; - } - } -} - -/* - * Routine: ParmCompare - * - * Purpose: - * ParmCompare checks a specified value for a particular keyword. - * fails if keyword not found or keyword found but the value was - * different. Like strcmp, ParmCompare returns 0 for a match found, -1 - * otherwise - */ -int -ParmCompare( parm, parmcount, keyword, value ) - parmtable parm[]; - int parmcount; - char *keyword; - char *value; -{ - int i; - - for (i=0; i\n"); - exit(1); - } - - if (!(fp=fopen(*++argv,"r"))) { - fprintf(stderr,"can\'t open input file \"%s\"\n",filename); - exit(1); - } - filename = *argv; - - while ((rc=fGetKeywordValue(fp,key,MAXKEY,valu,MAXVALUE))!=KV_EOF){ - - switch (rc) { - - case KV_EOL: - printf("%s, line %d: nada mas.\n",filename,LineNbr-1); - break; - - case KV_SYNTAX: - printf("%s, line %d: syntax error: %s\n", - filename,LineNbr,ErrorMsg); - while ( ((ch=fGetChar(fp))!=EOF) && (ch!='\n') ); - break; - - case KV_OKAY: - printf("%s, line %d: okay, %s=\"%s\"\n", - filename,LineNbr,key,valu); - break; - - default: - printf("panic: bad return (%d) from fGetKeywordValue\n",rc); - break; - } - } - printf("EOF"); - fclose(fp); - exit(0); -} -#endif - -#ifdef PSTEST - -parmtable kparm[] = { - /* keyword, default, found value */ - { "user", "", (char *)NULL }, - { "realm", "Athena", (char *)NULL }, - { "instance", "", (char *)NULL } -}; - -main(argc,argv) - int argc; - char **argv; -{ - int rc,i,ch; - FILE *fp; - char *filename; - - if (argc != 2) { - fprintf(stderr,"usage: test \n"); - exit(1); - } - - if (!(fp=fopen(*++argv,"r"))) { - fprintf(stderr,"can\'t open input file \"%s\"\n",filename); - exit(1); - } - filename = *argv; - - while ((rc=fGetParameterSet(fp,kparm,PARMCOUNT(kparm))) != PS_EOF) { - - switch (rc) { - - case PS_BAD_KEYWORD: - printf("%s, line %d: %s\n",filename,LineNbr,ErrorMsg); - while ( ((ch=fGetChar(fp))!=EOF) && (ch!='\n') ); - break; - - case PS_SYNTAX: - printf("%s, line %d: syntax error: %s\n", - filename,LineNbr,ErrorMsg); - while ( ((ch=fGetChar(fp))!=EOF) && (ch!='\n') ); - break; - - case PS_OKAY: - printf("%s, line %d: valid parameter set found:\n", - filename,LineNbr-1); - for (i=0; i. -.\" -.TH KERBEROS 3 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -krb_mk_req, krb_rd_req, krb_kntoln, krb_set_key, krb_get_cred, -krb_mk_priv, krb_rd_priv, krb_mk_safe, krb_rd_safe, krb_mk_err, -krb_rd_err, krb_ck_repl \- Kerberos authentication library -.SH SYNOPSIS -.nf -.nj -.ft B -#include -#include -.PP -.ft B -extern char *krb_err_txt[]; -.PP -.ft B -int krb_mk_req(authent,service,instance,realm,checksum) -KTEXT authent; -char *service; -char *instance; -char *realm; -u_long checksum; -.PP -.ft B -int krb_rd_req(authent,service,instance,from_addr,ad,fn) -KTEXT authent; -char *service; -char *instance; -u_long from_addr; -AUTH_DAT *ad; -char *fn; -.PP -.ft B -int krb_kntoln(ad,lname) -AUTH_DAT *ad; -char *lname; -.PP -.ft B -int krb_set_key(key,cvt) -char *key; -int cvt; -.PP -.ft B -int krb_get_cred(service,instance,realm,c) -char *service; -char *instance; -char *realm; -CREDENTIALS *c; -.PP -.ft B -long krb_mk_priv(in,out,in_length,schedule,key,sender,receiver) -u_char *in; -u_char *out; -u_long in_length; -des_cblock key; -des_key_schedule schedule; -struct sockaddr_in *sender; -struct sockaddr_in *receiver; -.PP -.ft B -long krb_rd_priv(in,in_length,schedule,key,sender,receiver,msg_data) -u_char *in; -u_long in_length; -Key_schedule schedule; -des_cblock key; -struct sockaddr_in *sender; -struct sockaddr_in *receiver; -MSG_DAT *msg_data; -.PP -.ft B -long krb_mk_safe(in,out,in_length,key,sender,receiver) -u_char *in; -u_char *out; -u_long in_length; -des_cblock key; -struct sockaddr_in *sender; -struct sockaddr_in *receiver; -.PP -.ft B -long krb_rd_safe(in,length,key,sender,receiver,msg_data) -u_char *in; -u_long length; -des_cblock key; -struct sockaddr_in *sender; -struct sockaddr_in *receiver; -MSG_DAT *msg_data; -.PP -.ft B -long krb_mk_err(out,code,string) -u_char *out; -long code; -char *string; -.PP -.ft B -long krb_rd_err(in,length,code,msg_data) -u_char *in; -u_long length; -long code; -MSG_DAT *msg_data; -.fi -.ft R -.SH DESCRIPTION -This library supports network authentication and various related -operations. The library contains many routines beyond those described -in this man page, but they are not intended to be used directly. -Instead, they are called by the routines that are described, the -authentication server and the login program. -.PP -.I krb_err_txt[] -contains text string descriptions of various Kerberos error codes returned -by some of the routines below. -.PP -.I krb_mk_req -takes a pointer to a text structure in which an authenticator is to be -built. It also takes the name, instance, and realm of the service to be -used and an optional checksum. It is up to the application to decide -how to generate the checksum. -.I krb_mk_req -then retrieves a ticket for the desired service and creates an -authenticator. The authenticator is built in -.I authent -and is accessible -to the calling procedure. -.PP -It is up to the application to get the authenticator to the service -where it will be read by -.I krb_rd_req. -Unless an attacker posesses the session key contained in the ticket, it -will be unable to modify the authenticator. Thus, the checksum can be -used to verify the authenticity of the other data that will pass through -a connection. -.PP -.I krb_rd_req -takes an authenticator of type -.B KTEXT, -a service name, an instance, the address of the -host originating the request, and a pointer to a structure of type -.B AUTH_DAT -which is filled in with information obtained from the authenticator. -It also optionally takes the name of the file in which it will find the -secret key(s) for the service. -If the supplied -.I instance -contains "*", then the first service key with the same service name -found in the service key file will be used, and the -.I instance -argument will be filled in with the chosen instance. This means that -the caller must provide space for such an instance name. -.PP -It is used to find out information about the principal when a request -has been made to a service. It is up to the application protocol to get -the authenticator from the client to the service. The authenticator is -then passed to -.I krb_rd_req -to extract the desired information. -.PP -.I krb_rd_req -returns zero (RD_AP_OK) upon successful authentication. If a packet was -forged, modified, or replayed, authentication will fail. If the -authentication fails, a non-zero value is returned indicating the -particular problem encountered. See -.I krb.h -for the list of error codes. -.PP -If the last argument is the null string (""), krb_rd_req will use the -file /etc/kerberosIV/srvtab to find its keys. If the last argument is -NULL, it will assume that the key has been set by -.I krb_set_key -and will not bother looking further. -.PP -.I krb_kntoln -converts a Kerberos name to a local name. It takes a structure -of type AUTH_DAT and uses the name and instance to look in the database -/etc/kerberosIV/aname to find the corresponding local name. The local name is -returned and can be used by an application to change uids, directories, -or other parameters. It is not an integral part of Kerberos, but is -instead provided to support the use of Kerberos in existing utilities. -.PP -.I krb_set_key -takes as an argument a des key. It then creates -a key schedule from it and saves the original key to be used as an -initialization vector. -It is used to set the server's key which -must be used to decrypt tickets. -.PP -If called with a non-zero second argument, -.I krb_set_key -will first convert the input from a string of arbitrary length to a DES -key by encrypting it with a one-way function. -.PP -In most cases it should not be necessary to call -.I krb_set_key. -The necessary keys will usually be obtained and set inside -.I krb_rd_req. krb_set_key -is provided for those applications that do not wish to place the -application keys on disk. -.PP -.I krb_get_cred -searches the caller's ticket file for a ticket for the given service, instance, -and realm; and, if a ticket is found, fills in the given CREDENTIALS structure -with the ticket information. -.PP -If the ticket was found, -.I krb_get_cred -returns GC_OK. -If the ticket file can't be found, can't be read, doesn't belong to -the user (other than root), isn't a regular file, or is in the wrong -mode, the error GC_TKFIL is returned. -.PP -.I krb_mk_priv -creates an encrypted, authenticated -message from any arbitrary application data, pointed to by -.I in -and -.I in_length -bytes long. -The private session key, pointed to by -.I key -and the key schedule, -.I schedule, -are used to encrypt the data and some header information using -.I pcbc_encrypt. -.I sender -and -.I receiver -point to the Internet address of the two parties. -In addition to providing privacy, this protocol message protects -against modifications, insertions or replays. The encapsulated message and -header are placed in the area pointed to by -.I out -and the routine returns the length of the output, or -1 indicating -an error. -.PP -.I krb_rd_priv -decrypts and authenticates a received -.I krb_mk_priv -message. -.I in -points to the beginning of the received message, whose length -is specified in -.I in_length. -The private session key, pointed to by -.I key, -and the key schedule, -.I schedule, -are used to decrypt and verify the received message. -.I msg_data -is a pointer to a -.I MSG_DAT -struct, defined in -.I krb.h. -The routine fills in the -.I app_data -field with a pointer to the decrypted application data, -.I app_length -with the length of the -.I app_data -field, -.I time_sec -and -.I time_5ms -with the timestamps in the message, and -.I swap -with a 1 if the byte order of the receiver is different than that of -the sender. (The application must still determine if it is appropriate -to byte-swap application data; the Kerberos protocol fields are already taken -care of). The -.I hash -field returns a value useful as input to the -.I krb_ck_repl -routine. - -The routine returns zero if ok, or a Kerberos error code. Modified messages -and old messages cause errors, but it is up to the caller to -check the time sequence of messages, and to check against recently replayed -messages using -.I krb_ck_repl -if so desired. -.PP -.I krb_mk_safe -creates an authenticated, but unencrypted message from any arbitrary -application data, -pointed to by -.I in -and -.I in_length -bytes long. -The private session key, pointed to by -.I key, -is used to seed the -.I quad_cksum() -checksum algorithm used as part of the authentication. -.I sender -and -.I receiver -point to the Internet address of the two parties. -This message does not provide privacy, but does protect (via detection) -against modifications, insertions or replays. The encapsulated message and -header are placed in the area pointed to by -.I out -and the routine returns the length of the output, or -1 indicating -an error. -The authentication provided by this routine is not as strong as that -provided by -.I krb_mk_priv -or by computing the checksum using -.I cbc_cksum -instead, both of which authenticate via DES. -.PP - -.I krb_rd_safe -authenticates a received -.I krb_mk_safe -message. -.I in -points to the beginning of the received message, whose length -is specified in -.I in_length. -The private session key, pointed to by -.I key, -is used to seed the quad_cksum() routine as part of the authentication. -.I msg_data -is a pointer to a -.I MSG_DAT -struct, defined in -.I krb.h . -The routine fills in these -.I MSG_DAT -fields: -the -.I app_data -field with a pointer to the application data, -.I app_length -with the length of the -.I app_data -field, -.I time_sec -and -.I time_5ms -with the timestamps in the message, and -.I swap -with a 1 if the byte order of the receiver is different than that of -the sender. -(The application must still determine if it is appropriate -to byte-swap application data; the Kerberos protocol fields are already taken -care of). The -.I hash -field returns a value useful as input to the -.I krb_ck_repl -routine. - -The routine returns zero if ok, or a Kerberos error code. Modified messages -and old messages cause errors, but it is up to the caller to -check the time sequence of messages, and to check against recently replayed -messages using -.I krb_ck_repl -if so desired. -.PP -.I krb_mk_err -constructs an application level error message that may be used along -with -.I krb_mk_priv -or -.I krb_mk_safe. -.I out -is a pointer to the output buffer, -.I code -is an application specific error code, and -.I string -is an application specific error string. - -.PP -.I krb_rd_err -unpacks a received -.I krb_mk_err -message. -.I in -points to the beginning of the received message, whose length -is specified in -.I in_length. -.I code -is a pointer to a value to be filled in with the error -value provided by the application. -.I msg_data -is a pointer to a -.I MSG_DAT -struct, defined in -.I krb.h . -The routine fills in these -.I MSG_DAT -fields: the -.I app_data -field with a pointer to the application error text, -.I app_length -with the length of the -.I app_data -field, and -.I swap -with a 1 if the byte order of the receiver is different than that of -the sender. (The application must still determine if it is appropriate -to byte-swap application data; the Kerberos protocol fields are already taken -care of). - -The routine returns zero if the error message has been successfully received, -or a Kerberos error code. -.PP -The -.I KTEXT -structure is used to pass around text of varying lengths. It consists -of a buffer for the data, and a length. krb_rd_req takes an argument of this -type containing the authenticator, and krb_mk_req returns the -authenticator in a structure of this type. KTEXT itself is really a -pointer to the structure. The actual structure is of type KTEXT_ST. -.PP -The -.I AUTH_DAT -structure is filled in by krb_rd_req. It must be allocated before -calling krb_rd_req, and a pointer to it is passed. The structure is -filled in with data obtained from Kerberos. -.I MSG_DAT -structure is filled in by either krb_rd_priv, krb_rd_safe, or -krb_rd_err. It must be allocated before the call and a pointer to it -is passed. The structure is -filled in with data obtained from Kerberos. -.PP -.SH FILES -/usr/include/kerberosIV/krb.h -.br -/usr/lib/libkrb.a -.br -/usr/include/kerberosIV/des.h -.br -/usr/lib/libdes.a -.br -/etc/kerberosIV/aname -.br -/etc/kerberosIV/srvtab -.br -/tmp/tkt[uid] -.SH "SEE ALSO" -kerberos(1), des_crypt(3) -.SH DIAGNOSTICS -.SH BUGS -The caller of -.I krb_rd_req, krb_rd_priv, and krb_rd_safe -must check time order and for replay attempts. -.I krb_ck_repl -is not implemented yet. -.SH AUTHORS -Clifford Neuman, MIT Project Athena -.br -Steve Miller, MIT Project Athena/Digital Equipment Corporation -.SH RESTRICTIONS -COPYRIGHT 1985,1986,1989 Massachusetts Institute of Technology diff --git a/eBones/krb/krb_err.et b/eBones/krb/krb_err.et deleted file mode 100644 index 7d2baef..0000000 --- a/eBones/krb/krb_err.et +++ /dev/null @@ -1,257 +0,0 @@ -# Copyright 1987,1988 Massachusetts Institute of Technology -# For copying and distribution information, see the file -# "Copyright.MIT". -# -# from: krb_err.et,v 4.1 89/09/26 09:24:20 jtkohl Exp $ -# $Id: krb_err.et,v 1.3 1995/07/18 16:39:00 mark Exp $ -# - error_table krb - - ec KRBET_KSUCCESS, - "Kerberos successful" - - ec KRBET_KDC_NAME_EXP, - "Kerberos principal expired" - - ec KRBET_KDC_SERVICE_EXP, - "Kerberos service expired" - - ec KRBET_KDC_AUTH_EXP, - "Kerberos auth expired" - - ec KRBET_KDC_PKT_VER, - "Incorrect kerberos master key version" - - ec KRBET_KDC_P_MKEY_VER, - "Incorrect kerberos master key version" - - ec KRBET_KDC_S_MKEY_VER, - "Incorrect kerberos master key version" - - ec KRBET_KDC_BYTE_ORDER, - "Kerberos error: byte order unknown" - - ec KRBET_KDC_PR_UNKNOWN, - "Kerberos principal unknown" - - ec KRBET_KDC_PR_N_UNIQUE, - "Kerberos principal not unique" - - ec KRBET_KDC_NULL_KEY, - "Kerberos principal has null key" - - ec KRBET_KRB_RES11, - "Reserved 11" - - ec KRBET_KRB_RES12, - "Reserved 12" - - ec KRBET_KRB_RES13, - "Reserved 13" - - ec KRBET_KRB_RES14, - "Reserved 14" - - ec KRBET_KRB_RES15, - "Reserved 15" - - ec KRBET_KRB_RES16, - "Reserved 16" - - ec KRBET_KRB_RES17, - "Reserved 17" - - ec KRBET_KRB_RES18, - "Reserved 18" - - ec KRBET_KRB_RES19, - "Reserved 19" - - ec KRBET_KDC_GEN_ERR, - "Generic error from Kerberos KDC" - - ec KRBET_GC_TKFIL, - "Can't read Kerberos ticket file" - - ec KRBET_GC_NOTKT, - "Can't find Kerberos ticket or TGT" - - ec KRBET_KRB_RES23, - "Reserved 23" - - ec KRBET_KRB_RES24, - "Reserved 24" - - ec KRBET_KRB_RES25, - "Reserved 25" - - ec KRBET_MK_AP_TGTEXP, - "Kerberos TGT Expired" - - ec KRBET_KRB_RES27, - "Reserved 27" - - ec KRBET_KRB_RES28, - "Reserved 28" - - ec KRBET_KRB_RES29, - "Reserved 29" - - ec KRBET_KRB_RES30, - "Reserved 30" - - ec KRBET_RD_AP_UNDEC, - "Kerberos error: Can't decode authenticator" - - ec KRBET_RD_AP_EXP, - "Kerberos ticket expired" - - ec KRBET_RD_AP_NYV, - "Kerberos ticket not yet valid" - - ec KRBET_RD_AP_REPEAT, - "Kerberos error: Repeated request" - - ec KRBET_RD_AP_NOT_US, - "The kerberos ticket isn't for us" - - ec KRBET_RD_AP_INCON, - "Kerberos request inconsistent" - - ec KRBET_RD_AP_TIME, - "Kerberos error: delta_t too big" - - ec KRBET_RD_AP_BADD, - "Kerberos error: incorrect net address" - - ec KRBET_RD_AP_VERSION, - "Kerberos protocol version mismatch" - - ec KRBET_RD_AP_MSG_TYPE, - "Kerberos error: invalid msg type" - - ec KRBET_RD_AP_MODIFIED, - "Kerberos error: message stream modified" - - ec KRBET_RD_AP_ORDER, - "Kerberos error: message out of order" - - ec KRBET_RD_AP_UNAUTHOR, - "Kerberos error: unauthorized request" - - ec KRBET_KRB_RES44, - "Reserved 44" - - ec KRBET_KRB_RES45, - "Reserved 45" - - ec KRBET_KRB_RES46, - "Reserved 46" - - ec KRBET_KRB_RES47, - "Reserved 47" - - ec KRBET_KRB_RES48, - "Reserved 48" - - ec KRBET_KRB_RES49, - "Reserved 49" - - ec KRBET_KRB_RES50, - "Reserved 50" - - ec KRBET_GT_PW_NULL, - "Kerberos error: current PW is null" - - ec KRBET_GT_PW_BADPW, - "Kerberos error: Incorrect current password" - - ec KRBET_GT_PW_PROT, - "Kerberos protocol error" - - ec KRBET_GT_PW_KDCERR, - "Error returned by Kerberos KDC" - - ec KRBET_GT_PW_NULLTKT, - "Null Kerberos ticket returned by KDC" - - ec KRBET_SKDC_RETRY, - "Kerberos error: Retry count exceeded" - - ec KRBET_SKDC_CANT, - "Kerberos error: Can't send request" - - ec KRBET_KRB_RES58, - "Reserved 58" - - ec KRBET_KRB_RES59, - "Reserved 59" - - ec KRBET_KRB_RES60, - "Reserved 60" - - ec KRBET_INTK_W_NOTALL, - "Kerberos error: not all tickets returned" - - ec KRBET_INTK_BADPW, - "Kerberos error: incorrect password" - - ec KRBET_INTK_PROT, - "Kerberos error: Protocol Error" - - ec KRBET_KRB_RES64, - "Reserved 64" - - ec KRBET_KRB_RES65, - "Reserved 65" - - ec KRBET_KRB_RES66, - "Reserved 66" - - ec KRBET_KRB_RES67, - "Reserved 67" - - ec KRBET_KRB_RES68, - "Reserved 68" - - ec KRBET_KRB_RES69, - "Reserved 69" - - ec KRBET_INTK_ERR, - "Other error" - - ec KRBET_AD_NOTGT, - "Don't have Kerberos ticket-granting ticket" - - ec KRBET_KRB_RES72, - "Reserved 72" - - ec KRBET_KRB_RES73, - "Reserved 73" - - ec KRBET_KRB_RES74, - "Reserved 74" - - ec KRBET_KRB_RES75, - "Reserved 75" - - ec KRBET_NO_TKT_FIL, - "No ticket file found" - - ec KRBET_TKT_FIL_ACC, - "Couldn't access ticket file" - - ec KRBET_TKT_FIL_LCK, - "Couldn't lock ticket file" - - ec KRBET_TKT_FIL_FMT, - "Bad ticket file format" - - ec KRBET_TKT_FIL_INI, - "tf_init not called first" - - ec KRBET_KNAME_FMT, - "Bad Kerberos name format" - - end - diff --git a/eBones/krb/krb_err_txt.c b/eBones/krb/krb_err_txt.c deleted file mode 100644 index 2c8c0ca..0000000 --- a/eBones/krb/krb_err_txt.c +++ /dev/null @@ -1,280 +0,0 @@ -/* - * Copyright 1988 by the Massachusetts Institute of Technology. - * For copying and distribution information, please see the file - * . - * - * from: krb_err_txt.c,v 4.7 88/12/01 14:10:14 jtkohl Exp $ - * $Id: krb_err_txt.c,v 1.3 1995/07/18 16:39:02 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: krb_err_txt.c,v 1.3 1995/07/18 16:39:02 mark Exp $"; -#endif lint -#endif - -/* - * This file contains an array of error text strings. - * The associated error codes (which are defined in "krb.h") - * follow the string in the comments at the end of each line. - */ - -char *krb_err_txt[256] = { - "OK", /* 000 */ - "Principal expired (kerberos)", /* 001 */ - "Service expired (kerberos)", /* 002 */ - "Authentication expired (kerberos)", /* 003 */ - "Unknown protocol version number (kerberos)", /* 004 */ - "Principal: Incorrect master key version (kerberos)", /* 005 */ - "Service: Incorrect master key version (kerberos)", /* 006 */ - "Bad byte order (kerberos)", /* 007 */ - "Principal unknown (kerberos)", /* 008 */ - "Principal not unique (kerberos)", /* 009 */ - "Principal has null key (kerberos)", /* 010 */ - "Reserved error message 11 (kerberos)", /* 011 */ - "Reserved error message 12 (kerberos)", /* 012 */ - "Reserved error message 13 (kerberos)", /* 013 */ - "Reserved error message 14 (kerberos)", /* 014 */ - "Reserved error message 15 (kerberos)", /* 015 */ - "Reserved error message 16 (kerberos)", /* 016 */ - "Reserved error message 17 (kerberos)", /* 017 */ - "Reserved error message 18 (kerberos)", /* 018 */ - "Reserved error message 19 (kerberos)", /* 019 */ - "Permission Denied (kerberos)", /* 020 */ - "Can't read ticket file (krb_get_cred)", /* 021 */ - "Can't find ticket (krb_get_cred)", /* 022 */ - "Reserved error message 23 (krb_get_cred)", /* 023 */ - "Reserved error message 24 (krb_get_cred)", /* 024 */ - "Reserved error message 25 (krb_get_cred)", /* 025 */ - "Ticket granting ticket expired (krb_mk_req)", /* 026 */ - "Reserved error message 27 (krb_mk_req)", /* 027 */ - "Reserved error message 28 (krb_mk_req)", /* 028 */ - "Reserved error message 29 (krb_mk_req)", /* 029 */ - "Reserved error message 30 (krb_mk_req)", /* 030 */ - "Can't decode authenticator (krb_rd_req)", /* 031 */ - "Ticket expired (krb_rd_req)", /* 032 */ - "Ticket issue date too far in the future (krb_rd_req)",/* 033 */ - "Repeat request (krb_rd_req)", /* 034 */ - "Ticket for wrong server (krb_rd_req)", /* 035 */ - "Request inconsistent (krb_rd_req)", /* 036 */ - "Time is out of bounds (krb_rd_req)", /* 037 */ - "Incorrect network address (krb_rd_req)", /* 038 */ - "Protocol version mismatch (krb_rd_req)", /* 039 */ - "Illegal message type (krb_rd_req)", /* 040 */ - "Message integrity error (krb_rd_req)", /* 041 */ - "Message duplicate or out of order (krb_rd_req)", /* 042 */ - "Unauthorized request (krb_rd_req)", /* 043 */ - "Reserved error message 44 (krb_rd_req)", /* 044 */ - "Reserved error message 45 (krb_rd_req)", /* 045 */ - "Reserved error message 46 (krb_rd_req)", /* 046 */ - "Reserved error message 47 (krb_rd_req)", /* 047 */ - "Reserved error message 48 (krb_rd_req)", /* 048 */ - "Reserved error message 49 (krb_rd_req)", /* 049 */ - "Reserved error message 50 (krb_rd_req)", /* 050 */ - "Current password is NULL (get_pw_tkt)", /* 051 */ - "Current password incorrect (get_pw_tkt)", /* 052 */ - "Protocol error (gt_pw_tkt)", /* 053 */ - "Error returned by KDC (gt_pw_tkt)", /* 054 */ - "Null ticket returned by KDC (gt_pw_tkt)", /* 055 */ - "Retry count exceeded (send_to_kdc)", /* 056 */ - "Can't send request (send_to_kdc)", /* 057 */ - "Reserved error message 58 (send_to_kdc)", /* 058 */ - "Reserved error message 59 (send_to_kdc)", /* 059 */ - "Reserved error message 60 (send_to_kdc)", /* 060 */ - "Warning: Not ALL tickets returned", /* 061 */ - "Password incorrect", /* 062 */ - "Protocol error (get_intkt)", /* 063 */ - "Reserved error message 64 (get_in_tkt)", /* 064 */ - "Reserved error message 65 (get_in_tkt)", /* 065 */ - "Reserved error message 66 (get_in_tkt)", /* 066 */ - "Reserved error message 67 (get_in_tkt)", /* 067 */ - "Reserved error message 68 (get_in_tkt)", /* 068 */ - "Reserved error message 69 (get_in_tkt)", /* 069 */ - "Generic error (get_intkt)", /* 070 */ - "Don't have ticket granting ticket (get_ad_tkt)", /* 071 */ - "Reserved error message 72 (get_ad_tkt)", /* 072 */ - "Reserved error message 73 (get_ad_tkt)", /* 073 */ - "Reserved error message 74 (get_ad_tkt)", /* 074 */ - "Reserved error message 75 (get_ad_tkt)", /* 075 */ - "No ticket file (tf_util)", /* 076 */ - "Can't access ticket file (tf_util)", /* 077 */ - "Can't lock ticket file; try later (tf_util)", /* 078 */ - "Bad ticket file format (tf_util)", /* 079 */ - "Read ticket file before tf_init (tf_util)", /* 080 */ - "Bad Kerberos name format (kname_parse)", /* 081 */ - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", - "Generic kerberos error (kfailure)", /* 255 */ -}; diff --git a/eBones/krb/krb_get_in_tkt.c b/eBones/krb/krb_get_in_tkt.c deleted file mode 100644 index b6ff308..0000000 --- a/eBones/krb/krb_get_in_tkt.c +++ /dev/null @@ -1,301 +0,0 @@ -/* - * Copyright 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * For copying and distribution information, please see the file - * . - * - * from: der: krb_get_in_tkt.c,v 4.19 89/07/18 16:31:31 jtkohl Exp $ - * $Id: krb_get_in_tkt.c,v 1.3 1995/07/18 16:39:04 mark Exp $ - */ - -#if 0 -#ifndef lint -static char *rcsid = -"$Id: krb_get_in_tkt.c,v 1.3 1995/07/18 16:39:04 mark Exp $"; -#endif /* lint */ -#endif - -#include -#include -#include - -#include -#include -#include - -/* use the bsd time.h struct defs for PC too! */ -#include -#include - -int swap_bytes; - -/* - * decrypt_tkt(): Given user, instance, realm, passwd, key_proc - * and the cipher text sent from the KDC, decrypt the cipher text - * using the key returned by key_proc. - */ - -static int -decrypt_tkt(user, instance, realm, arg, key_proc, cipp) - char *user; - char *instance; - char *realm; - char *arg; - int (*key_proc)(); - KTEXT *cipp; -{ - KTEXT cip = *cipp; - C_Block key; /* Key for decrypting cipher */ - Key_schedule key_s; - -#ifndef NOENCRYPTION - /* Attempt to decrypt it */ -#endif - - /* generate a key */ - - { - register int rc; - rc = (*key_proc)(user,instance,realm,arg,key); - if (rc) - return(rc); - } - -#ifndef NOENCRYPTION - key_sched(&key,key_s); - pcbc_encrypt((C_Block *)cip->dat,(C_Block *)cip->dat, - (long) cip->length,key_s,(C_Block *)key,DES_DECRYPT); -#endif /* !NOENCRYPTION */ - /* Get rid of all traces of key */ - bzero((char *)key,sizeof(key)); - bzero((char *)key_s,sizeof(key_s)); - - return(0); -} - -/* - * krb_get_in_tkt() gets a ticket for a given principal to use a given - * service and stores the returned ticket and session key for future - * use. - * - * The "user", "instance", and "realm" arguments give the identity of - * the client who will use the ticket. The "service" and "sinstance" - * arguments give the identity of the server that the client wishes - * to use. (The realm of the server is the same as the Kerberos server - * to whom the request is sent.) The "life" argument indicates the - * desired lifetime of the ticket; the "key_proc" argument is a pointer - * to the routine used for getting the client's private key to decrypt - * the reply from Kerberos. The "decrypt_proc" argument is a pointer - * to the routine used to decrypt the reply from Kerberos; and "arg" - * is an argument to be passed on to the "key_proc" routine. - * - * If all goes well, krb_get_in_tkt() returns INTK_OK, otherwise it - * returns an error code: If an AUTH_MSG_ERR_REPLY packet is returned - * by Kerberos, then the error code it contains is returned. Other - * error codes returned by this routine include INTK_PROT to indicate - * wrong protocol version, INTK_BADPW to indicate bad password (if - * decrypted ticket didn't make sense), INTK_ERR if the ticket was for - * the wrong server or the ticket store couldn't be initialized. - * - * The format of the message sent to Kerberos is as follows: - * - * Size Variable Field - * ---- -------- ----- - * - * 1 byte KRB_PROT_VERSION protocol version number - * 1 byte AUTH_MSG_KDC_REQUEST | message type - * HOST_BYTE_ORDER local byte order in lsb - * string user client's name - * string instance client's instance - * string realm client's realm - * 4 bytes tlocal.tv_sec timestamp in seconds - * 1 byte life desired lifetime - * string service service's name - * string sinstance service's instance - */ - -int -krb_get_in_tkt(user, instance, realm, service, sinstance, life, - key_proc, decrypt_proc, arg) - char *user; - char *instance; - char *realm; - char *service; - char *sinstance; - int life; - int (*key_proc)(); - int (*decrypt_proc)(); - char *arg; -{ - KTEXT_ST pkt_st; - KTEXT pkt = &pkt_st; /* Packet to KDC */ - KTEXT_ST rpkt_st; - KTEXT rpkt = &rpkt_st; /* Returned packet */ - KTEXT_ST cip_st; - KTEXT cip = &cip_st; /* Returned Ciphertext */ - KTEXT_ST tkt_st; - KTEXT tkt = &tkt_st; /* Current ticket */ - C_Block ses; /* Session key for tkt */ - int kvno; /* Kvno for session key */ - unsigned char *v = pkt->dat; /* Prot vers no */ - unsigned char *t = (pkt->dat+1); /* Prot msg type */ - - char s_name[SNAME_SZ]; - char s_instance[INST_SZ]; - char rlm[REALM_SZ]; - int lifetime; - int msg_byte_order; - int kerror; - unsigned long exp_date; - char *ptr; - - struct timeval t_local; - - unsigned long rep_err_code; - - unsigned long kdc_time; /* KDC time */ - - /* BUILD REQUEST PACKET */ - - /* Set up the fixed part of the packet */ - *v = (unsigned char) KRB_PROT_VERSION; - *t = (unsigned char) AUTH_MSG_KDC_REQUEST; - *t |= HOST_BYTE_ORDER; - - /* Now for the variable info */ - (void) strcpy((char *)(pkt->dat+2),user); /* aname */ - pkt->length = 3 + strlen(user); - (void) strcpy((char *)(pkt->dat+pkt->length), - instance); /* instance */ - pkt->length += 1 + strlen(instance); - (void) strcpy((char *)(pkt->dat+pkt->length),realm); /* realm */ - pkt->length += 1 + strlen(realm); - - (void) gettimeofday(&t_local,(struct timezone *) 0); - /* timestamp */ - bcopy((char *)&(t_local.tv_sec),(char *)(pkt->dat+pkt->length), 4); - pkt->length += 4; - - *(pkt->dat+(pkt->length)++) = (char) life; - (void) strcpy((char *)(pkt->dat+pkt->length),service); - pkt->length += 1 + strlen(service); - (void) strcpy((char *)(pkt->dat+pkt->length),sinstance); - pkt->length += 1 + strlen(sinstance); - - rpkt->length = 0; - - /* SEND THE REQUEST AND RECEIVE THE RETURN PACKET */ - - if ((kerror = send_to_kdc(pkt, rpkt, realm))) return(kerror); - - /* check packet version of the returned packet */ - if (pkt_version(rpkt) != KRB_PROT_VERSION) - return(INTK_PROT); - - /* Check byte order */ - msg_byte_order = pkt_msg_type(rpkt) & 1; - swap_bytes = 0; - if (msg_byte_order != HOST_BYTE_ORDER) { - swap_bytes++; - } - - switch (pkt_msg_type(rpkt) & ~1) { - case AUTH_MSG_KDC_REPLY: - break; - case AUTH_MSG_ERR_REPLY: - bcopy(pkt_err_code(rpkt),(char *) &rep_err_code,4); - if (swap_bytes) swap_u_long(rep_err_code); - return((int)rep_err_code); - default: - return(INTK_PROT); - } - - /* EXTRACT INFORMATION FROM RETURN PACKET */ - - /* get the principal's expiration date */ - bcopy(pkt_x_date(rpkt),(char *) &exp_date,sizeof(exp_date)); - if (swap_bytes) swap_u_long(exp_date); - - /* Extract the ciphertext */ - cip->length = pkt_clen(rpkt); /* let clen do the swap */ - - if ((cip->length < 0) || (cip->length > sizeof(cip->dat))) - return(INTK_ERR); /* no appropriate error code - currently defined for INTK_ */ - /* copy information from return packet into "cip" */ - bcopy((char *) pkt_cipher(rpkt),(char *)(cip->dat),cip->length); - - /* Attempt to decrypt the reply. */ - if (decrypt_proc == NULL) - decrypt_proc = decrypt_tkt; - (*decrypt_proc)(user, instance, realm, arg, key_proc, &cip); - - ptr = (char *) cip->dat; - - /* extract session key */ - bcopy(ptr,(char *)ses,8); - ptr += 8; - - if ((strlen(ptr) + (ptr - (char *) cip->dat)) > cip->length) - return(INTK_BADPW); - - /* extract server's name */ - (void) strcpy(s_name,ptr); - ptr += strlen(s_name) + 1; - - if ((strlen(ptr) + (ptr - (char *) cip->dat)) > cip->length) - return(INTK_BADPW); - - /* extract server's instance */ - (void) strcpy(s_instance,ptr); - ptr += strlen(s_instance) + 1; - - if ((strlen(ptr) + (ptr - (char *) cip->dat)) > cip->length) - return(INTK_BADPW); - - /* extract server's realm */ - (void) strcpy(rlm,ptr); - ptr += strlen(rlm) + 1; - - /* extract ticket lifetime, server key version, ticket length */ - /* be sure to avoid sign extension on lifetime! */ - lifetime = (unsigned char) ptr[0]; - kvno = (unsigned char) ptr[1]; - tkt->length = (unsigned char) ptr[2]; - ptr += 3; - - if ((tkt->length < 0) || - ((tkt->length + (ptr - (char *) cip->dat)) > cip->length)) - return(INTK_BADPW); - - /* extract ticket itself */ - bcopy(ptr,(char *)(tkt->dat),tkt->length); - ptr += tkt->length; - - if (strcmp(s_name, service) || strcmp(s_instance, sinstance) || - strcmp(rlm, realm)) /* not what we asked for */ - return(INTK_ERR); /* we need a better code here XXX */ - - /* check KDC time stamp */ - bcopy(ptr,(char *)&kdc_time,4); /* Time (coarse) */ - if (swap_bytes) swap_u_long(kdc_time); - - ptr += 4; - - (void) gettimeofday(&t_local,(struct timezone *) 0); - if (abs((int)(t_local.tv_sec - kdc_time)) > CLOCK_SKEW) { - return(RD_AP_TIME); /* XXX should probably be better - code */ - } - - /* initialize ticket cache */ - if (in_tkt(user,instance) != KSUCCESS) - return(INTK_ERR); - - /* stash ticket, session key, etc. for future use */ - if ((kerror = save_credentials(s_name, s_instance, rlm, ses, - lifetime, kvno, tkt, t_local.tv_sec))) - return(kerror); - - return(INTK_OK); -} diff --git a/eBones/krb/krb_realmofhost.3 b/eBones/krb/krb_realmofhost.3 deleted file mode 100644 index 63aa1eb..0000000 --- a/eBones/krb/krb_realmofhost.3 +++ /dev/null @@ -1,161 +0,0 @@ -.\" from: krb_realmofhost.3,v 4.1 89/01/23 11:10:47 jtkohl Exp $ -.\" $Id: krb_realmofhost.3,v 1.1.1.1 1994/09/30 14:50:07 csgr Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file . -.\" -.TH KRB_REALMOFHOST 3 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -krb_realmofhost, krb_get_phost, krb_get_krbhst, krb_get_admhst, -krb_get_lrealm \- additional Kerberos utility routines -.SH SYNOPSIS -.nf -.nj -.ft B -#include -#include -#include -.PP -.ft B -char *krb_realmofhost(host) -char *host; -.PP -.ft B -char *krb_get_phost(alias) -char *alias; -.PP -.ft B -krb_get_krbhst(host,realm,n) -char *host; -char *realm; -int n; -.PP -.ft B -krb_get_admhst(host,realm,n) -char *host; -char *realm; -int n; -.PP -.ft B -krb_get_lrealm(realm,n) -char *realm; -int n; -.fi -.ft R -.SH DESCRIPTION -.I krb_realmofhost -returns the Kerberos realm of the host -.IR host , -as determined by the translation table -.IR /etc/kerberosIV/krb.realms . -.I host -should be the fully-qualified domain-style primary host name of the host -in question. In order to prevent certain security attacks, this routine -must either have -.I a priori -knowledge of a host's realm, or obtain such information securely. -.PP -The format of the translation file is described by -.IR krb.realms (5). -If -.I host -exactly matches a host_name line, the corresponding realm -is returned. -Otherwise, if the domain portion of -.I host -matches a domain_name line, the corresponding realm -is returned. -If -.I host -contains a domain, but no translation is found, -.IR host 's -domain is converted to upper-case and returned. -If -.I host -contains no discernable domain, or an error occurs, -the local realm name, as supplied by -.IR krb_get_lrealm (3), -is returned. -.PP -.I krb_get_phost -converts the hostname -.I alias -(which can be either an official name or an alias) into the instance -name to be used in obtaining Kerberos tickets for most services, -including the Berkeley rcmd suite (rlogin, rcp, rsh). -.br -The current convention is to return the first segment of the official -domain-style name after conversion to lower case. -.PP -.I krb_get_krbhst -fills in -.I host -with the hostname of the -.IR n th -host running a Kerberos key distribution center (KDC) -for realm -.IR realm , -as specified in the configuration file (\fI/etc/kerberosIV/krb.conf\fR). -The configuration file is described by -.IR krb.conf (5). -If the host is successfully filled in, the routine -returns KSUCCESS. -If the file cannot be opened, and -.I n -equals 1, then the value of KRB_HOST as defined in -.I -is filled in, and KSUCCESS is returned. If there are fewer than -.I n -hosts running a Kerberos KDC for the requested realm, or the -configuration file is malformed, the routine -returns KFAILURE. -.PP -.I krb_get_admhst -fills in -.I host -with the hostname of the -.IR n th -host running a Kerberos KDC database administration server -for realm -.IR realm , -as specified in the configuration file (\fI/etc/kerberosIV/krb.conf\fR). -If the file cannot be opened or is malformed, or there are fewer than -.I n -hosts running a Kerberos KDC database administration server, -the routine returns KFAILURE. -.PP -The character arrays used as return values for -.IR krb_get_krbhst , -.IR krb_get_admhst , -should be large enough to -hold any hostname (MAXHOSTNAMELEN from ). -.PP -.I krb_get_lrealm -fills in -.I realm -with the -.IR n th -realm of the local host, as specified in the configuration file. -.I realm -should be at least REALM_SZ (from -.IR ) characters long. -.PP -.SH SEE ALSO -kerberos(3), krb.conf(5), krb.realms(5) -.SH FILES -.TP 20n -/etc/kerberosIV/krb.realms -translation file for host-to-realm mapping. -.TP -/etc/kerberosIV/krb.conf -local realm-name and realm/server configuration file. -.SH BUGS -The current convention for instance names is too limited; the full -domain name should be used. -.PP -.I krb_get_lrealm -currently only supports -.I n -= 1. It should really consult the user's ticket cache to determine the -user's current realm, rather than consulting a file on the host. diff --git a/eBones/krb/krb_sendauth.3 b/eBones/krb/krb_sendauth.3 deleted file mode 100644 index a749bb5..0000000 --- a/eBones/krb/krb_sendauth.3 +++ /dev/null @@ -1,348 +0,0 @@ -.\" from: krb_sendauth.3,v 4.1 89/01/23 11:10:58 jtkohl Exp $ -.\" $Id: krb_sendauth.3,v 1.1.1.1 1994/09/30 14:50:07 csgr Exp $ -.\" Copyright 1988 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file . -.\" -.TH KRB_SENDAUTH 3 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -krb_sendauth, krb_recvauth, krb_net_write, krb_net_read \- -Kerberos routines for sending authentication via network stream sockets -.SH SYNOPSIS -.nf -.nj -.ft B -#include -#include -#include -.PP -.fi -.HP 1i -.ft B -int krb_sendauth(options, fd, ktext, service, inst, realm, checksum, -msg_data, cred, schedule, laddr, faddr, version) -.nf -.RS 0 -.ft B -long options; -int fd; -KTEXT ktext; -char *service, *inst, *realm; -u_long checksum; -MSG_DAT *msg_data; -CREDENTIALS *cred; -Key_schedule schedule; -struct sockaddr_in *laddr, *faddr; -char *version; -.PP -.fi -.HP 1i -.ft B -int krb_recvauth(options, fd, ktext, service, inst, faddr, laddr, -auth_data, filename, schedule, version) -.nf -.RS 0 -.ft B -long options; -int fd; -KTEXT ktext; -char *service, *inst; -struct sockaddr_in *faddr, *laddr; -AUTH_DAT *auth_data; -char *filename; -Key_schedule schedule; -char *version; -.PP -.ft B -int krb_net_write(fd, buf, len) -int fd; -char *buf; -int len; -.PP -.ft B -int krb_net_read(fd, buf, len) -int fd; -char *buf; -int len; -.fi -.SH DESCRIPTION -.PP -These functions, -which are built on top of the core Kerberos library, -provide a convenient means for client and server -programs to send authentication messages -to one another through network connections. -The -.I krb_sendauth -function sends an authenticated ticket from the client program to -the server program by writing the ticket to a network socket. -The -.I krb_recvauth -function receives the ticket from the client by -reading from a network socket. - -.SH KRB_SENDAUTH -.PP -This function writes the ticket to -the network socket specified by the -file descriptor -.IR fd, -returning KSUCCESS if the write proceeds successfully, -and an error code if it does not. - -The -.I ktext -argument should point to an allocated KTEXT_ST structure. -The -.IR service, -.IR inst, -and -.IR realm -arguments specify the server program's Kerberos principal name, -instance, and realm. -If you are writing a client that uses the local realm exclusively, -you can set the -.I realm -argument to NULL. - -The -.I version -argument allows the client program to pass an application-specific -version string that the server program can then match against -its own version string. -The -.I version -string can be up to KSEND_VNO_LEN (see -.IR ) -characters in length. - -The -.I checksum -argument can be used to pass checksum information to the -server program. -The client program is responsible for specifying this information. -This checksum information is difficult to corrupt because -.I krb_sendauth -passes it over the network in encrypted form. -The -.I checksum -argument is passed as the checksum argument to -.IR krb_mk_req . - -You can set -.IR krb_sendauth's -other arguments to NULL unless you want the -client and server programs to mutually authenticate -themselves. -In the case of mutual authentication, -the client authenticates itself to the server program, -and demands that the server in turn authenticate itself to -the client. - -.SH KRB_SENDAUTH AND MUTUAL AUTHENTICATION -.PP -If you want mutual authentication, -make sure that you read all pending data from the local socket -before calling -.IR krb_sendauth. -Set -.IR krb_sendauth's -.I options -argument to -.BR KOPT_DO_MUTUAL -(this macro is defined in the -.IR krb.h -file); -make sure that the -.I laddr -argument points to -the address of the local socket, -and that -.I faddr -points to the foreign socket's network address. - -.I Krb_sendauth -fills in the other arguments-- -.IR msg_data , -.IR cred , -and -.IR schedule --before -sending the ticket to the server program. -You must, however, allocate space for these arguments -before calling the function. - -.I Krb_sendauth -supports two other options: -.BR KOPT_DONT_MK_REQ, -and -.BR KOPT_DONT_CANON. -If called with -.I options -set as KOPT_DONT_MK_REQ, -.I krb_sendauth -will not use the -.I krb_mk_req -function to retrieve the ticket from the Kerberos server. -The -.I ktext -argument must point to an existing ticket and authenticator (such as -would be created by -.IR krb_mk_req ), -and the -.IR service, -.IR inst, -and -.IR realm -arguments can be set to NULL. - -If called with -.I options -set as KOPT_DONT_CANON, -.I krb_sendauth -will not convert the service's instance to canonical form using -.IR krb_get_phost (3). - -If you want to call -.I krb_sendauth -with a multiple -.I options -specification, -construct -.I options -as a bitwise-OR of the options you want to specify. - -.SH KRB_RECVAUTH -.PP -The -.I krb_recvauth -function -reads a ticket/authenticator pair from the socket pointed to by the -.I fd -argument. -Set the -.I options -argument -as a bitwise-OR of the options desired. -Currently only KOPT_DO_MUTUAL is useful to the receiver. - -The -.I ktext -argument -should point to an allocated KTEXT_ST structure. -.I Krb_recvauth -fills -.I ktext -with the -ticket/authenticator pair read from -.IR fd , -then passes it to -.IR krb_rd_req . - -The -.I service -and -.I inst -arguments -specify the expected service and instance for which the ticket was -generated. They are also passed to -.IR krb_rd_req. -The -.I inst -argument may be set to "*" if the caller wishes -.I krb_mk_req -to fill in the instance used (note that there must be space in the -.I inst -argument to hold a full instance name, see -.IR krb_mk_req (3)). - -The -.I faddr -argument -should point to the address of the peer which is presenting the ticket. -It is also passed to -.IR krb_rd_req . - -If the client and server plan to mutually authenticate -one another, -the -.I laddr -argument -should point to the local address of the file descriptor. -Otherwise you can set this argument to NULL. - -The -.I auth_data -argument -should point to an allocated AUTH_DAT area. -It is passed to and filled in by -.IR krb_rd_req . -The checksum passed to the corresponding -.I krb_sendauth -is available as part of the filled-in AUTH_DAT area. - -The -.I filename -argument -specifies the filename -which the service program should use to obtain its service key. -.I Krb_recvauth -passes -.I filename -to the -.I krb_rd_req -function. -If you set this argument to "", -.I krb_rd_req -looks for the service key in the file -.IR /etc/kerberosIV/srvtab. - -If the client and server are performing mutual authenication, -the -.I schedule -argument -should point to an allocated Key_schedule. -Otherwise it is ignored and may be NULL. - -The -.I version -argument should point to a character array of at least KSEND_VNO_LEN -characters. It is filled in with the version string passed by the client to -.IR krb_sendauth. -.PP -.SH KRB_NET_WRITE AND KRB_NET_READ -.PP -The -.I krb_net_write -function -emulates the write(2) system call, but guarantees that all data -specified is written to -.I fd -before returning, unless an error condition occurs. -.PP -The -.I krb_net_read -function -emulates the read(2) system call, but guarantees that the requested -amount of data is read from -.I fd -before returning, unless an error condition occurs. -.PP -.SH BUGS -.IR krb_sendauth, -.IR krb_recvauth, -.IR krb_net_write, -and -.IR krb_net_read -will not work properly on sockets set to non-blocking I/O mode. - -.SH SEE ALSO - -krb_mk_req(3), krb_rd_req(3), krb_get_phost(3) - -.SH AUTHOR -John T. Kohl, MIT Project Athena -.SH RESTRICTIONS -Copyright 1988, Massachusetts Instititute of Technology. -For copying and distribution information, -please see the file . diff --git a/eBones/krb/krb_set_tkt_string.3 b/eBones/krb/krb_set_tkt_string.3 deleted file mode 100644 index 73b5e5d..0000000 --- a/eBones/krb/krb_set_tkt_string.3 +++ /dev/null @@ -1,43 +0,0 @@ -.\" from: krb_set_tkt_string.3,v 4.1 89/01/23 11:11:09 jtkohl Exp $ -.\" $Id: krb_set_tkt_string.3,v 1.1.1.1 1994/09/30 14:50:07 csgr Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file . -.\" -.TH KRB_SET_TKT_STRING 3 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -krb_set_tkt_string \- set Kerberos ticket cache file name -.SH SYNOPSIS -.nf -.nj -.ft B -#include -.PP -.ft B -void krb_set_tkt_string(filename) -char *filename; -.fi -.ft R -.SH DESCRIPTION -.I krb_set_tkt_string -sets the name of the file that holds the user's -cache of Kerberos server tickets and associated session keys. -.PP -The string -.I filename -passed in is copied into local storage. -Only MAXPATHLEN-1 (see ) characters of the filename are -copied in for use as the cache file name. -.PP -This routine should be called during initialization, before other -Kerberos routines are called; otherwise the routines which fetch the -ticket cache file name may be called and return an undesired ticket file -name until this routine is called. -.SH FILES -.TP 20n -/tmp/tkt[uid] -default ticket file name, unless the environment variable KRBTKFILE is set. -[uid] denotes the user's uid, in decimal. -.SH SEE ALSO -kerberos(3), setenv(3) diff --git a/eBones/krb/krbglue.c b/eBones/krb/krbglue.c deleted file mode 100644 index f82cf70..0000000 --- a/eBones/krb/krbglue.c +++ /dev/null @@ -1,258 +0,0 @@ -/* - * Copyright 1988 by the Massachusetts Institute of Technology. - * For copying and distribution information, please see the file - * . - * - * from: krbglue.c,v 4.1 89/01/23 15:51:50 wesommer Exp $ - * $Id: krbglue.c,v 1.3 1995/07/18 16:39:05 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -$Id: krbglue.c,v 1.3 1995/07/18 16:39:05 mark Exp $"; -#endif lint -#endif - -#ifndef NCOMPAT -/* - * glue together new libraries and old clients - */ - -#include -#include -#include -#include -#include "krb.h" - -/* These definitions should be in krb.h, no? */ -/* -#if defined(__HIGHC__) -#undef __STDC__ -#endif -#ifdef __STDC__ -extern int krb_mk_req (KTEXT, char *, char *, char *, long); -extern int krb_rd_req (KTEXT, char *, char *, long, AUTH_DAT *, char *); -extern int krb_kntoln (AUTH_DAT *, char *); -extern int krb_set_key (char *, int); -extern int krb_get_cred (char *, char *, char *, CREDENTIALS *); -extern long krb_mk_priv (u_char *, u_char *, u_long, Key_schedule, - C_Block, struct sockaddr_in *, - struct sockaddr_in *); -extern long krb_rd_priv (u_char *, u_long, Key_schedule, - C_Block, struct sockaddr_in *, - struct sockaddr_in *, MSG_DAT *); -extern long krb_mk_safe (u_char *, u_char *, u_long, C_Block *, - struct sockaddr_in *, struct sockaddr_in *); -extern long krb_rd_safe (u_char *, u_long, C_Block *, - struct sockaddr_in *, struct sockaddr_in *, - MSG_DAT *); -extern long krb_mk_err (u_char *, long, char *); -extern int krb_rd_err (u_char *, u_long, long *, MSG_DAT *); -extern int krb_get_pw_in_tkt (char *, char *, char *, char *, char *, int, - char *); -extern int krb_get_svc_in_tkt (char *, char *, char *, char *, char *, int, - char *); -extern int krb_get_pw_tkt (char *, char *, char *, char *); -extern int krb_get_lrealm (char *, char *); -extern int krb_realmofhost (char *); -extern char *krb_get_phost (char *); -extern int krb_get_krbhst (char *, char *, int); -#ifdef DEBUG -extern KTEXT krb_create_death_packet (char *); -#endif -#else -extern int krb_mk_req (); -extern int krb_rd_req (); -extern int krb_kntoln (); -extern int krb_set_key (); -extern int krb_get_cred (); -extern long krb_mk_priv (); -extern long krb_rd_priv (); -extern long krb_mk_safe (); -extern long krb_rd_safe (); -extern long krb_mk_err (); -extern int krb_rd_err (); -extern int krb_get_pw_in_tkt (); -extern int krb_get_svc_in_tkt (); -extern int krb_get_pw_tkt (); -extern int krb_get_lrealm (); -extern int krb_realmofhost (); -extern char *krb_get_phost (); -extern int krb_get_krbhst (); -#ifdef DEBUG -extern KTEXT krb_create_death_packet (); -#endif -#endif -*/ - - -int mk_ap_req(authent, service, instance, realm, checksum) - KTEXT authent; - char *service, *instance, *realm; - u_long checksum; -{ - return krb_mk_req(authent,service,instance,realm,checksum); -} - -int rd_ap_req(authent, service, instance, from_addr, ad, fn) - KTEXT authent; - char *service, *instance; - u_long from_addr; - AUTH_DAT *ad; - char *fn; -{ - return krb_rd_req(authent,service,instance,from_addr,ad,fn); -} - -int an_to_ln(ad, lname) - AUTH_DAT *ad; - char *lname; -{ - return krb_kntoln (ad,lname); -} - -int set_serv_key (key, cvt) - char *key; - int cvt; -{ - return krb_set_key(key,cvt); -} - -int get_credentials (svc,inst,rlm,cred) - char *svc, *inst, *rlm; - CREDENTIALS *cred; -{ - return krb_get_cred (svc, inst, rlm, cred); -} - -long mk_private_msg (in,out,in_length,schedule,key,sender,receiver) - u_char *in, *out; - u_long in_length; - Key_schedule schedule; - C_Block key; - struct sockaddr_in *sender, *receiver; -{ - return krb_mk_priv (in,out,in_length,schedule,key,sender,receiver); -} - -long rd_private_msg (in,in_length,schedule,key,sender,receiver,msg_data) - u_char *in; - u_long in_length; - Key_schedule schedule; - C_Block key; - struct sockaddr_in *sender, *receiver; - MSG_DAT *msg_data; -{ - return krb_rd_priv (in,in_length,schedule,key,sender,receiver,msg_data); -} - -long mk_safe_msg (in,out,in_length,key,sender,receiver) - u_char *in, *out; - u_long in_length; - C_Block *key; - struct sockaddr_in *sender, *receiver; -{ - return krb_mk_safe (in,out,in_length,key,sender,receiver); -} - -long rd_safe_msg (in,length,key,sender,receiver,msg_data) - u_char *in; - u_long length; - C_Block *key; - struct sockaddr_in *sender, *receiver; - MSG_DAT *msg_data; -{ - return krb_rd_safe (in,length,key,sender,receiver,msg_data); -} - -long mk_appl_err_msg (out,code,string) - u_char *out; - long code; - char *string; -{ - return krb_mk_err (out,code,string); -} - -long rd_appl_err_msg (in,length,code,msg_data) - u_char *in; - u_long length; - long *code; - MSG_DAT *msg_data; -{ - return krb_rd_err (in,length,code,msg_data); -} - -int get_in_tkt(user,instance,realm,service,sinstance,life,password) - char *user, *instance, *realm, *service, *sinstance; - int life; - char *password; -{ - return krb_get_pw_in_tkt(user,instance,realm,service,sinstance, - life,password); -} - -int get_svc_in_tkt(user, instance, realm, service, sinstance, life, srvtab) - char *user, *instance, *realm, *service, *sinstance; - int life; - char *srvtab; -{ - return krb_get_svc_in_tkt(user, instance, realm, service, sinstance, - life, srvtab); -} - -int get_pw_tkt(user,instance,realm,cpw) - char *user; - char *instance; - char *realm; - char *cpw; -{ - return krb_get_pw_tkt(user,instance,realm,cpw); -} - -int -get_krbrlm (r, n) -char *r; -int n; -{ - return krb_get_lream(r,n); -} - -int -krb_getrealm (host) -{ - return krb_realmofhost(host); -} - -char * -get_phost (host) -char *host -{ - return krb_get_phost(host); -} - -int -get_krbhst (h, r, n) -char *h; -char *r; -int n; -{ - return krb_get_krbhst(h,r,n); -} -#ifdef DEBUG -struct ktext *create_death_packet(a_name) - char *a_name; -{ - return krb_create_death_packet(a_name); -} -#endif /* DEBUG */ - -#if 0 -extern int krb_ck_repl (); - -int check_replay () -{ - return krb_ck_repl (); -} -#endif -#endif /* NCOMPAT */ diff --git a/eBones/krb/kuserok.3 b/eBones/krb/kuserok.3 deleted file mode 100644 index c7581a6..0000000 --- a/eBones/krb/kuserok.3 +++ /dev/null @@ -1,63 +0,0 @@ -.\" from: kuserok.3,v 4.1 89/01/23 11:11:49 jtkohl Exp $ -.\" $Id: kuserok.3,v 1.1.1.1 1994/09/30 14:50:07 csgr Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file . -.\" -.TH KUSEROK 3 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -kuserok \- Kerberos version of ruserok -.SH SYNOPSIS -.nf -.nj -.ft B -#include -.PP -.ft B -kuserok(kdata, localuser) -AUTH_DAT *auth_data; -char *localuser; -.fi -.ft R -.SH DESCRIPTION -.I kuserok -determines whether a Kerberos principal described by the structure -.I auth_data -is authorized to login as user -.I localuser -according to the authorization file -("~\fIlocaluser\fR/.klogin" by default). It returns 0 (zero) if authorized, -1 (one) if not authorized. -.PP -If there is no account for -.I localuser -on the local machine, authorization is not granted. -If there is no authorization file, and the Kerberos principal described -by -.I auth_data -translates to -.I localuser -(using -.IR krb_kntoln (3)), -authorization is granted. -If the authorization file -can't be accessed, or the file is not owned by -.IR localuser, -authorization is denied. Otherwise, the file is searched for -a matching principal name, instance, and realm. If a match is found, -authorization is granted, else authorization is denied. -.PP -The file entries are in the format: -.nf -.in +5n - name.instance@realm -.in -5n -.fi -with one entry per line. -.SH SEE ALSO -kerberos(3), ruserok(3), krb_kntoln(3) -.SH FILES -.TP 20n -~\fIlocaluser\fR/.klogin -authorization list diff --git a/eBones/krb/kuserok.c b/eBones/krb/kuserok.c deleted file mode 100644 index 8e5d18a..0000000 --- a/eBones/krb/kuserok.c +++ /dev/null @@ -1,199 +0,0 @@ -/* - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. - * For copying and distribution information, please see the file - * . - * - * kuserok: check if a kerberos principal has - * access to a local account - * - * from: kuserok.c,v 4.5 89/01/23 09:25:21 jtkohl Exp $ - * $Id: kuserok.c,v 1.3 1995/07/18 16:39:07 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: kuserok.c,v 1.3 1995/07/18 16:39:07 mark Exp $"; -#endif lint -#endif - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#define OK 0 -#define NOTOK 1 -#define MAX_USERNAME 10 - -/* - * Given a Kerberos principal "kdata", and a local username "luser", - * determine whether user is authorized to login according to the - * authorization file ("~luser/.klogin" by default). Returns OK - * if authorized, NOTOK if not authorized. - * - * If there is no account for "luser" on the local machine, returns - * NOTOK. If there is no authorization file, and the given Kerberos - * name "kdata" translates to the same name as "luser" (using - * krb_kntoln()), returns OK. Otherwise, if the authorization file - * can't be accessed, returns NOTOK. Otherwise, the file is read for - * a matching principal name, instance, and realm. If one is found, - * returns OK, if none is found, returns NOTOK. - * - * The file entries are in the format: - * - * name.instance@realm - * - * one entry per line. - * - * The ATHENA_COMPAT code supports old-style Athena ~luser/.klogin - * file entries. See the file "kparse.c". - */ - -#ifdef ATHENA_COMPAT - -#include - -/* - * The parmtable defines the keywords we will recognize with their - * default values, and keeps a pointer to the found value. The found - * value should be filled in with strsave(), since FreeParameterSet() - * will release memory for all non-NULL found strings. - * -*** NOTE WELL! *** - * - * The table below is very nice, but we cannot hard-code a default for the - * realm: we have to get the realm via krb_get_lrealm(). Even though the - * default shows as "from krb_get_lrealm, below", it gets changed in - * kuserok to whatever krb_get_lrealm() tells us. That code assumes that - * the realm will be the entry number in the table below, so if you - * change the order of the entries below, you have to change the - * #definition of REALM_SCRIPT to reflect it. - */ -#define REALM_SUBSCRIPT 1 -parmtable kparm[] = { - -/* keyword default found value */ -{"user", "", (char *) NULL}, -{"realm", "see krb_get_lrealm, below", (char *) NULL}, -{"instance", "", (char *) NULL}, -}; -#define KPARMS kparm,PARMCOUNT(kparm) -#endif ATHENA_COMPAT - -int -kuserok(kdata, luser) - AUTH_DAT *kdata; - char *luser; -{ - struct stat sbuf; - struct passwd *pwd; - char pbuf[MAXPATHLEN]; - int isok = NOTOK, rc; - FILE *fp; - char kuser[MAX_USERNAME]; - char principal[ANAME_SZ], inst[INST_SZ], realm[REALM_SZ]; - char linebuf[BUFSIZ]; - char *newline; - int gobble; -#ifdef ATHENA_COMPAT - char local_realm[REALM_SZ]; -#endif ATHENA_COMPAT - - /* no account => no access */ - if ((pwd = getpwnam(luser)) == NULL) { - return(NOTOK); - } - (void) strcpy(pbuf, pwd->pw_dir); - (void) strcat(pbuf, "/.klogin"); - - if (access(pbuf, F_OK)) { /* not accessible */ - /* - * if he's trying to log in as himself, and there is no .klogin file, - * let him. To find out, call - * krb_kntoln to convert the triple in kdata to a name which we can - * string compare. - */ - if (!krb_kntoln(kdata, kuser) && (strcmp(kuser, luser) == 0)) { - return(OK); - } - } - /* open ~/.klogin */ - if ((fp = fopen(pbuf, "r")) == NULL) { - return(NOTOK); - } - /* - * security: if the user does not own his own .klogin file, - * do not grant access - */ - if (fstat(fileno(fp), &sbuf)) { - fclose(fp); - return(NOTOK); - } - if (sbuf.st_uid != pwd->pw_uid) { - fclose(fp); - return(NOTOK); - } - -#ifdef ATHENA_COMPAT - /* Accept old-style .klogin files */ - - /* - * change the default realm from the hard-coded value to the - * accepted realm that Kerberos specifies. - */ - rc = krb_get_lrealm(local_realm, 1); - if (rc == KSUCCESS) - kparm[REALM_SUBSCRIPT].defvalue = local_realm; - else - return (rc); - - /* check each line */ - while ((isok != OK) && (rc = fGetParameterSet(fp, KPARMS)) != PS_EOF) { - switch (rc) { - case PS_BAD_KEYWORD: - case PS_SYNTAX: - while (((gobble = fGetChar(fp)) != EOF) && (gobble != '\n')); - break; - - case PS_OKAY: - isok = (ParmCompare(KPARMS, "user", kdata->pname) || - ParmCompare(KPARMS, "instance", kdata->pinst) || - ParmCompare(KPARMS, "realm", kdata->prealm)); - break; - - default: - break; - } - FreeParameterSet(kparm, PARMCOUNT(kparm)); - } - /* reset the stream for parsing new-style names, if necessary */ - rewind(fp); -#endif ATHENA_COMPAT - - /* check each line */ - while ((isok != OK) && (fgets(linebuf, BUFSIZ, fp) != NULL)) { - /* null-terminate the input string */ - linebuf[BUFSIZ-1] = '\0'; - newline = NULL; - /* nuke the newline if it exists */ - if ((newline = index(linebuf, '\n'))) - *newline = '\0'; - rc = kname_parse(principal, inst, realm, linebuf); - if (rc == KSUCCESS) { - isok = (strncmp(kdata->pname, principal, ANAME_SZ) || - strncmp(kdata->pinst, inst, INST_SZ) || - strncmp(kdata->prealm, realm, REALM_SZ)); - } - /* clean up the rest of the line if necessary */ - if (!newline) - while (((gobble = getc(fp)) != EOF) && gobble != '\n'); - } - fclose(fp); - return(isok); -} diff --git a/eBones/krb/log.c b/eBones/krb/log.c deleted file mode 100644 index e33477f..0000000 --- a/eBones/krb/log.c +++ /dev/null @@ -1,125 +0,0 @@ -/* - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * For copying and distribution information, please see the file - * . - * - * from: log.c,v 4.7 88/12/01 14:15:14 jtkohl Exp $ - * $Id: log.c,v 1.3 1995/07/18 16:39:09 mark Exp $ - */ - -#if 0 -#ifndef lint -static char *rcsid = -"$Id: log.c,v 1.3 1995/07/18 16:39:09 mark Exp $"; -#endif /* lint */ -#endif - -#include -#include -#include -#include - -static char *log_name = KRBLOG; -static is_open; - -/* - * This file contains three logging routines: set_logfile() - * to determine the file that log entries should be written to; - * and log() and new_log() to write log entries to the file. - */ - -/* - * log() is used to add entries to the logfile (see set_logfile() - * below). Note that it is probably not portable since it makes - * assumptions about what the compiler will do when it is called - * with less than the correct number of arguments which is the - * way it is usually called. - * - * The log entry consists of a timestamp and the given arguments - * printed according to the given "format". - * - * The log file is opened and closed for each log entry. - * - * The return value is undefined. - */ - -__BEGIN_DECLS -char *month_sname __P((int)); -__END_DECLS - - -/*VARARGS1 */ -void log(format,a1,a2,a3,a4,a5,a6,a7,a8,a9,a0) - char *format; - int a1,a2,a3,a4,a5,a6,a7,a8,a9,a0; -{ - FILE *logfile, *fopen(); - long time(),now; - struct tm *tm; - - if ((logfile = fopen(log_name,"a")) == NULL) - return; - - (void) time(&now); - tm = localtime(&now); - - fprintf(logfile,"%2d-%s-%02d %02d:%02d:%02d ",tm->tm_mday, - month_sname(tm->tm_mon + 1),tm->tm_year, - tm->tm_hour, tm->tm_min, tm->tm_sec); - fprintf(logfile,format,a1,a2,a3,a4,a5,a6,a7,a8,a9,a0); - fprintf(logfile,"\n"); - (void) fclose(logfile); - return; -} - -/* - * set_logfile() changes the name of the file to which - * messages are logged. If set_logfile() is not called, - * the logfile defaults to KRBLOG, defined in "krb.h". - */ - -void -set_logfile(filename) - char *filename; -{ - log_name = filename; - is_open = 0; -} - -/* - * new_log() appends a log entry containing the give time "t" and the - * string "string" to the logfile (see set_logfile() above). The file - * is opened once and left open. The routine returns 1 on failure, 0 - * on success. - */ - -int -new_log(t,string) - long t; - char *string; -{ - static FILE *logfile; - - long time(); - struct tm *tm; - - if (!is_open) { - if ((logfile = fopen(log_name,"a")) == NULL) return(1); - is_open = 1; - } - - if (t) { - tm = localtime(&t); - - fprintf(logfile,"\n%2d-%s-%02d %02d:%02d:%02d %s",tm->tm_mday, - month_sname(tm->tm_mon + 1),tm->tm_year, - tm->tm_hour, tm->tm_min, tm->tm_sec, string); - } - else { - fprintf(logfile,"\n%20s%s","",string); - } - - (void) fflush(logfile); - return(0); -} diff --git a/eBones/krb/mk_err.c b/eBones/krb/mk_err.c deleted file mode 100644 index 8600240..0000000 --- a/eBones/krb/mk_err.c +++ /dev/null @@ -1,65 +0,0 @@ -/* - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * For copying and distribution information, please see the file - * . - * - * from: mk_err.c,v 4.4 88/11/15 16:33:36 jtkohl Exp $ - * $Id: mk_err.c,v 1.3 1995/07/18 16:39:11 mark Exp $ - */ - -#if 0 -#ifndef lint -static char *rcsid = -"$Id: mk_err.c,v 1.3 1995/07/18 16:39:11 mark Exp $"; -#endif /* lint */ -#endif - -#include -#include -#include -#include - -/* - * This routine creates a general purpose error reply message. It - * doesn't use KTEXT because application protocol may have long - * messages, and may want this part of buffer contiguous to other - * stuff. - * - * The error reply is built in "p", using the error code "e" and - * error text "e_string" given. The length of the error reply is - * returned. - * - * The error reply is in the following format: - * - * unsigned char KRB_PROT_VERSION protocol version no. - * unsigned char AUTH_MSG_APPL_ERR message type - * (least significant - * bit of above) HOST_BYTE_ORDER local byte order - * 4 bytes e given error code - * string e_string given error text - */ - -long krb_mk_err(p,e,e_string) - u_char *p; /* Where to build error packet */ - long e; /* Error code */ - char *e_string; /* Text of error */ -{ - u_char *start; - - start = p; - - /* Create fixed part of packet */ - *p++ = (unsigned char) KRB_PROT_VERSION; - *p = (unsigned char) AUTH_MSG_APPL_ERR; - *p++ |= HOST_BYTE_ORDER; - - /* Add the basic info */ - bcopy((char *)&e,(char *)p,4); /* err code */ - p += sizeof(e); - (void) strcpy((char *)p,e_string); /* err text */ - p += strlen(e_string); - - /* And return the length */ - return p-start; -} diff --git a/eBones/krb/mk_priv.c b/eBones/krb/mk_priv.c deleted file mode 100644 index d45d734..0000000 --- a/eBones/krb/mk_priv.c +++ /dev/null @@ -1,207 +0,0 @@ -/* - * Copyright 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * For copying and distribution information, please see the file - * . - * - * This routine constructs a Kerberos 'private msg', i.e. - * cryptographically sealed with a private session key. - * - * Note-- bcopy is used to avoid alignment problems on IBM RT. - * - * Note-- It's too bad that it did a long int compare on the RT before. - * - * Returns either < 0 ===> error, or resulting size of message - * - * Steve Miller Project Athena MIT/DEC - * - * from: mk_priv.c,v 4.13 89/03/22 14:48:59 jtkohl Exp $ - * $Id: mk_priv.c,v 1.3 1995/07/18 16:39:13 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: mk_priv.c,v 1.3 1995/07/18 16:39:13 mark Exp $"; -#endif /* lint */ -#endif - -/* system include files */ -#include -#include -#include -#include -#include -#include - -/* application include files */ -#include -#include -#include -#include "lsb_addr_comp.h" - -extern char *errmsg(); -extern int errno; -extern int krb_debug; - -/* static storage */ - - -static u_long c_length; -static struct timeval msg_time; -static u_char msg_time_5ms; -static long msg_time_sec; - -/* - * krb_mk_priv() constructs an AUTH_MSG_PRIVATE message. It takes - * some user data "in" of "length" bytes and creates a packet in "out" - * consisting of the user data, a timestamp, and the sender's network - * address. -#ifndef NOENCRYTION - * The packet is encrypted by pcbc_encrypt(), using the given - * "key" and "schedule". -#endif - * The length of the resulting packet "out" is - * returned. - * - * It is similar to krb_mk_safe() except for the additional key - * schedule argument "schedule" and the fact that the data is encrypted - * rather than appended with a checksum. Also, the protocol version - * number is "private_msg_ver", defined in krb_rd_priv.c, rather than - * KRB_PROT_VERSION, defined in "krb.h". - * - * The "out" packet consists of: - * - * Size Variable Field - * ---- -------- ----- - * - * 1 byte private_msg_ver protocol version number - * 1 byte AUTH_MSG_PRIVATE | message type plus local - * HOST_BYTE_ORDER byte order in low bit - * - * 4 bytes c_length length of data -#ifndef NOENCRYPT - * we encrypt from here with pcbc_encrypt -#endif - * - * 4 bytes length length of user data - * length in user data - * 1 byte msg_time_5ms timestamp milliseconds - * 4 bytes sender->sin.addr.s_addr sender's IP address - * - * 4 bytes msg_time_sec or timestamp seconds with - * -msg_time_sec direction in sign bit - * - * 0<=n<=7 bytes pad to 8 byte multiple zeroes - */ - -long krb_mk_priv(in,out,length,schedule,key,sender,receiver) - u_char *in; /* application data */ - u_char *out; /* put msg here, leave room for - * header! breaks if in and out - * (header stuff) overlap */ - u_long length; /* of in data */ - Key_schedule schedule; /* precomputed key schedule */ - C_Block key; /* encryption key for seed and ivec */ - struct sockaddr_in *sender; /* sender address */ - struct sockaddr_in *receiver; /* receiver address */ -{ - register u_char *p,*q; - static u_char *c_length_ptr; - extern int private_msg_ver; /* in krb_rd_priv.c */ - - /* - * get the current time to use instead of a sequence #, since - * process lifetime may be shorter than the lifetime of a session - * key. - */ - if (gettimeofday(&msg_time,(struct timezone *)0)) { - return -1; - } - msg_time_sec = (long) msg_time.tv_sec; - msg_time_5ms = msg_time.tv_usec/5000; /* 5ms quanta */ - - p = out; - - *p++ = private_msg_ver; - *p++ = AUTH_MSG_PRIVATE | HOST_BYTE_ORDER; - - /* calculate cipher length */ - c_length_ptr = p; - p += sizeof(c_length); - - q = p; - - /* stuff input length */ - bcopy((char *)&length,(char *)p,sizeof(length)); - p += sizeof(length); - -#ifdef NOENCRYPTION - /* make all the stuff contiguous for checksum */ -#else - /* make all the stuff contiguous for checksum and encryption */ -#endif - bcopy((char *)in,(char *)p,(int) length); - p += length; - - /* stuff time 5ms */ - bcopy((char *)&msg_time_5ms,(char *)p,sizeof(msg_time_5ms)); - p += sizeof(msg_time_5ms); - - /* stuff source address */ - bcopy((char *)&sender->sin_addr.s_addr,(char *)p, - sizeof(sender->sin_addr.s_addr)); - p += sizeof(sender->sin_addr.s_addr); - - /* - * direction bit is the sign bit of the timestamp. Ok - * until 2038?? - */ - /* For compatibility with broken old code, compares are done in VAX - byte order (LSBFIRST) */ - if (lsb_net_ulong_less(sender->sin_addr.s_addr, /* src < recv */ - receiver->sin_addr.s_addr)==-1) - msg_time_sec = -msg_time_sec; - else if (lsb_net_ulong_less(sender->sin_addr.s_addr, - receiver->sin_addr.s_addr)==0) - if (lsb_net_ushort_less(sender->sin_port,receiver->sin_port) == -1) - msg_time_sec = -msg_time_sec; - /* stuff time sec */ - bcopy((char *)&msg_time_sec,(char *)p,sizeof(msg_time_sec)); - p += sizeof(msg_time_sec); - - /* - * All that for one tiny bit! Heaven help those that talk to - * themselves. - */ - -#ifdef notdef - /* - * calculate the checksum of the length, address, sequence, and - * inp data - */ - cksum = quad_cksum(q,NULL,p-q,0,key); - if (krb_debug) - printf("\ncksum = %u",cksum); - /* stuff checksum */ - bcopy((char *) &cksum,(char *) p,sizeof(cksum)); - p += sizeof(cksum); -#endif - - /* - * All the data have been assembled, compute length - */ - - c_length = p - q; - c_length = ((c_length + sizeof(C_Block) -1)/sizeof(C_Block)) * - sizeof(C_Block); - /* stuff the length */ - bcopy((char *) &c_length,(char *)c_length_ptr,sizeof(c_length)); - -#ifndef NOENCRYPTION - pcbc_encrypt((C_Block *)q,(C_Block *)q,(long)(p-q),schedule,(C_Block *)key, - ENCRYPT); -#endif /* NOENCRYPTION */ - - return (q - out + c_length); /* resulting size */ -} diff --git a/eBones/krb/mk_req.c b/eBones/krb/mk_req.c deleted file mode 100644 index a27c1c0..0000000 --- a/eBones/krb/mk_req.c +++ /dev/null @@ -1,198 +0,0 @@ -/* - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * For copying and distribution information, please see the file - * . - * - * from: der: mk_req.c,v 4.17 89/07/07 15:20:35 jtkohl Exp $ - * $Id: mk_req.c,v 1.3 1995/07/18 16:39:15 mark Exp $ - */ - -#if 0 -#ifndef lint -static char *rcsid = -"$Id: mk_req.c,v 1.3 1995/07/18 16:39:15 mark Exp $"; -#endif /* lint */ -#endif - -#include -#include -#include -#include -#include - -extern int krb_ap_req_debug; -static struct timeval tv_local = { 0, 0 }; -static int lifetime = DEFAULT_TKT_LIFE; - -/* - * krb_mk_req takes a text structure in which an authenticator is to - * be built, the name of a service, an instance, a realm, - * and a checksum. It then retrieves a ticket for - * the desired service and creates an authenticator in the text - * structure passed as the first argument. krb_mk_req returns - * KSUCCESS on success and a Kerberos error code on failure. - * - * The peer procedure on the other end is krb_rd_req. When making - * any changes to this routine it is important to make corresponding - * changes to krb_rd_req. - * - * The authenticator consists of the following: - * - * authent->dat - * - * unsigned char KRB_PROT_VERSION protocol version no. - * unsigned char AUTH_MSG_APPL_REQUEST message type - * (least significant - * bit of above) HOST_BYTE_ORDER local byte ordering - * unsigned char kvno from ticket server's key version - * string realm server's realm - * unsigned char tl ticket length - * unsigned char idl request id length - * text ticket->dat ticket for server - * text req_id->dat request id - * - * The ticket information is retrieved from the ticket cache or - * fetched from Kerberos. The request id (called the "authenticator" - * in the papers on Kerberos) contains the following: - * - * req_id->dat - * - * string cr.pname {name, instance, and - * string cr.pinst realm of principal - * string myrealm making this request} - * 4 bytes checksum checksum argument given - * unsigned char tv_local.tf_usec time (milliseconds) - * 4 bytes tv_local.tv_sec time (seconds) - * - * req_id->length = 3 strings + 3 terminating nulls + 5 bytes for time, - * all rounded up to multiple of 8. - */ - -int -krb_mk_req(authent,service,instance,realm,checksum) - register KTEXT authent; /* Place to build the authenticator */ - char *service; /* Name of the service */ - char *instance; /* Service instance */ - char *realm; /* Authentication domain of service */ - long checksum; /* Checksum of data (optional) */ -{ - static KTEXT_ST req_st; /* Temp storage for req id */ - register KTEXT req_id = &req_st; - unsigned char *v = authent->dat; /* Prot version number */ - unsigned char *t = (authent->dat+1); /* Message type */ - unsigned char *kv = (authent->dat+2); /* Key version no */ - unsigned char *tl = (authent->dat+4+strlen(realm)); /* Tkt len */ - unsigned char *idl = (authent->dat+5+strlen(realm)); /* Reqid len */ - CREDENTIALS cr; /* Credentials used by retr */ - register KTEXT ticket = &(cr.ticket_st); /* Pointer to tkt_st */ - int retval; /* Returned by krb_get_cred */ - static Key_schedule key_s; - char myrealm[REALM_SZ]; - - /* The fixed parts of the authenticator */ - *v = (unsigned char) KRB_PROT_VERSION; - *t = (unsigned char) AUTH_MSG_APPL_REQUEST; - *t |= HOST_BYTE_ORDER; - - /* Get the ticket and move it into the authenticator */ - if (krb_ap_req_debug) - printf("Realm: %s\n",realm); - /* - * Determine realm of these tickets. We will send this to the - * KDC from which we are requesting tickets so it knows what to - * with our session key. - */ - if ((retval = krb_get_tf_realm(TKT_FILE, myrealm)) != KSUCCESS) - return(retval); - - retval = krb_get_cred(service,instance,realm,&cr); - - if (retval == RET_NOTKT) { - if ((retval = get_ad_tkt(service,instance,realm,lifetime))) - return(retval); - if ((retval = krb_get_cred(service,instance,realm,&cr))) - return(retval); - } - - if (retval != KSUCCESS) return (retval); - - if (krb_ap_req_debug) - printf("%s %s %s %s %s\n", service, instance, realm, - cr.pname, cr.pinst); - *kv = (unsigned char) cr.kvno; - (void) strcpy((char *)(authent->dat+3),realm); - *tl = (unsigned char) ticket->length; - bcopy((char *)(ticket->dat),(char *)(authent->dat+6+strlen(realm)), - ticket->length); - authent->length = 6 + strlen(realm) + ticket->length; - if (krb_ap_req_debug) - printf("Ticket->length = %d\n",ticket->length); - if (krb_ap_req_debug) - printf("Issue date: %ld\n",cr.issue_date); - - /* Build request id */ - (void) strcpy((char *)(req_id->dat),cr.pname); /* Auth name */ - req_id->length = strlen(cr.pname)+1; - /* Principal's instance */ - (void) strcpy((char *)(req_id->dat+req_id->length),cr.pinst); - req_id->length += strlen(cr.pinst)+1; - /* Authentication domain */ - (void) strcpy((char *)(req_id->dat+req_id->length),myrealm); - req_id->length += strlen(myrealm)+1; - /* Checksum */ - bcopy((char *)&checksum,(char *)(req_id->dat+req_id->length),4); - req_id->length += 4; - - /* Fill in the times on the request id */ - (void) gettimeofday(&tv_local,(struct timezone *) 0); - *(req_id->dat+(req_id->length)++) = - (unsigned char) tv_local.tv_usec; - /* Time (coarse) */ - bcopy((char *)&(tv_local.tv_sec), - (char *)(req_id->dat+req_id->length), 4); - req_id->length += 4; - - /* Fill to a multiple of 8 bytes for DES */ - req_id->length = ((req_id->length+7)/8)*8; - -#ifndef NOENCRYPTION - key_sched((C_Block *)cr.session,key_s); - pcbc_encrypt((C_Block *)req_id->dat,(C_Block *)req_id->dat, - (long)req_id->length,key_s,(C_Block *)cr.session,ENCRYPT); - bzero((char *) key_s, sizeof(key_s)); -#endif /* NOENCRYPTION */ - - /* Copy it into the authenticator */ - bcopy((char *)(req_id->dat),(char *)(authent->dat+authent->length), - req_id->length); - authent->length += req_id->length; - /* And set the id length */ - *idl = (unsigned char) req_id->length; - /* clean up */ - bzero((char *)req_id, sizeof(*req_id)); - - if (krb_ap_req_debug) - printf("Authent->length = %d\n",authent->length); - if (krb_ap_req_debug) - printf("idl = %d, tl = %d\n",(int) *idl, (int) *tl); - - return(KSUCCESS); -} - -/* - * krb_set_lifetime sets the default lifetime for additional tickets - * obtained via krb_mk_req(). - * - * It returns the previous value of the default lifetime. - */ - -int -krb_set_lifetime(newval) -int newval; -{ - int olife = lifetime; - - lifetime = newval; - return(olife); -} diff --git a/eBones/krb/mk_safe.c b/eBones/krb/mk_safe.c deleted file mode 100644 index e5490bc..0000000 --- a/eBones/krb/mk_safe.c +++ /dev/null @@ -1,171 +0,0 @@ -/* - * Copyright 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * For copying and distribution information, please see the file - * . - * - * This routine constructs a Kerberos 'safe msg', i.e. authenticated - * using a private session key to seed a checksum. Msg is NOT - * encrypted. - * - * Note-- bcopy is used to avoid alignment problems on IBM RT - * - * Returns either <0 ===> error, or resulting size of message - * - * Steve Miller Project Athena MIT/DEC - * - * from: mk_safe.c,v 4.12 89/03/22 14:50:49 jtkohl Exp $ - * $Id: mk_safe.c,v 1.3 1995/07/18 16:39:17 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: mk_safe.c,v 1.3 1995/07/18 16:39:17 mark Exp $"; -#endif /* lint */ -#endif - -/* system include files */ -#include -#include -#include -#include -#include -#include - -/* application include files */ -#include -#include -#include -#include "lsb_addr_comp.h" - -extern char *errmsg(); -extern int errno; -extern int krb_debug; - -/* static storage */ - -static u_long cksum; -static C_Block big_cksum[2]; -static struct timeval msg_time; -static u_char msg_time_5ms; -static long msg_time_sec; - -/* - * krb_mk_safe() constructs an AUTH_MSG_SAFE message. It takes some - * user data "in" of "length" bytes and creates a packet in "out" - * consisting of the user data, a timestamp, and the sender's network - * address, followed by a checksum computed on the above, using the - * given "key". The length of the resulting packet is returned. - * - * The "out" packet consists of: - * - * Size Variable Field - * ---- -------- ----- - * - * 1 byte KRB_PROT_VERSION protocol version number - * 1 byte AUTH_MSG_SAFE | message type plus local - * HOST_BYTE_ORDER byte order in low bit - * - * ===================== begin checksum ================================ - * - * 4 bytes length length of user data - * length in user data - * 1 byte msg_time_5ms timestamp milliseconds - * 4 bytes sender->sin.addr.s_addr sender's IP address - * - * 4 bytes msg_time_sec or timestamp seconds with - * -msg_time_sec direction in sign bit - * - * ======================= end checksum ================================ - * - * 16 bytes big_cksum quadratic checksum of - * above using "key" - */ - -long krb_mk_safe(in,out,length,key,sender,receiver) - u_char *in; /* application data */ - u_char *out; /* - * put msg here, leave room for header! - * breaks if in and out (header stuff) - * overlap - */ - u_long length; /* of in data */ - C_Block *key; /* encryption key for seed and ivec */ - struct sockaddr_in *sender; /* sender address */ - struct sockaddr_in *receiver; /* receiver address */ -{ - register u_char *p,*q; - - /* - * get the current time to use instead of a sequence #, since - * process lifetime may be shorter than the lifetime of a session - * key. - */ - if (gettimeofday(&msg_time,(struct timezone *)0)) { - return -1; - } - msg_time_sec = (long) msg_time.tv_sec; - msg_time_5ms = msg_time.tv_usec/5000; /* 5ms quanta */ - - p = out; - - *p++ = KRB_PROT_VERSION; - *p++ = AUTH_MSG_SAFE | HOST_BYTE_ORDER; - - q = p; /* start for checksum stuff */ - /* stuff input length */ - bcopy((char *)&length,(char *)p,sizeof(length)); - p += sizeof(length); - - /* make all the stuff contiguous for checksum */ - bcopy((char *)in,(char *)p,(int) length); - p += length; - - /* stuff time 5ms */ - bcopy((char *)&msg_time_5ms,(char *)p,sizeof(msg_time_5ms)); - p += sizeof(msg_time_5ms); - - /* stuff source address */ - bcopy((char *) &sender->sin_addr.s_addr,(char *)p, - sizeof(sender->sin_addr.s_addr)); - p += sizeof(sender->sin_addr.s_addr); - - /* - * direction bit is the sign bit of the timestamp. Ok until - * 2038?? - */ - /* For compatibility with broken old code, compares are done in VAX - byte order (LSBFIRST) */ - if (lsb_net_ulong_less(sender->sin_addr.s_addr, /* src < recv */ - receiver->sin_addr.s_addr)==-1) - msg_time_sec = -msg_time_sec; - else if (lsb_net_ulong_less(sender->sin_addr.s_addr, - receiver->sin_addr.s_addr)==0) - if (lsb_net_ushort_less(sender->sin_port,receiver->sin_port) == -1) - msg_time_sec = -msg_time_sec; - /* - * all that for one tiny bit! Heaven help those that talk to - * themselves. - */ - - /* stuff time sec */ - bcopy((char *)&msg_time_sec,(char *)p,sizeof(msg_time_sec)); - p += sizeof(msg_time_sec); - -#ifdef NOENCRYPTION - cksum = 0; - bzero(big_cksum, sizeof(big_cksum)); -#else - cksum=quad_cksum((C_Block *)q,big_cksum,p-q,2,key); -#endif - if (krb_debug) - printf("\ncksum = %lu",cksum); - - /* stuff checksum */ - bcopy((char *)big_cksum,(char *)p,sizeof(big_cksum)); - p += sizeof(big_cksum); - - return ((long)(p - out)); /* resulting size */ - -} diff --git a/eBones/krb/month_sname.c b/eBones/krb/month_sname.c deleted file mode 100644 index f4ef339..0000000 --- a/eBones/krb/month_sname.c +++ /dev/null @@ -1,33 +0,0 @@ -/* - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * For copying and distribution information, please see the file - * . - * - * from: month_sname.c,v 4.4 88/11/15 16:39:32 jtkohl Exp $ - * $Id: month_sname.c,v 1.3 1995/07/18 16:39:19 mark Exp $ - */ - -#if 0 -#ifndef lint -static char *rcsid = -"$Id: month_sname.c,v 1.3 1995/07/18 16:39:19 mark Exp $"; -#endif /* lint */ -#endif - - -/* - * Given an integer 1-12, month_sname() returns a string - * containing the first three letters of the corresponding - * month. Returns 0 if the argument is out of range. - */ - -char *month_sname(n) - int n; -{ - static char *name[] = { - "Jan","Feb","Mar","Apr","May","Jun", - "Jul","Aug","Sep","Oct","Nov","Dec" - }; - return((n < 1 || n > 12) ? 0 : name [n-1]); -} diff --git a/eBones/krb/netread.c b/eBones/krb/netread.c deleted file mode 100644 index 628004e..0000000 --- a/eBones/krb/netread.c +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. - * For copying and distribution information, please see the file - * . - * - * from: netread.c,v 4.1 88/11/15 16:47:21 jtkohl Exp $ - * $Id: netread.c,v 1.3 1995/07/18 16:39:20 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: netread.c,v 1.3 1995/07/18 16:39:20 mark Exp $"; -#endif lint -#endif - -#include - -/* - * krb_net_read() reads from the file descriptor "fd" to the buffer - * "buf", until either 1) "len" bytes have been read or 2) cannot - * read anymore from "fd". It returns the number of bytes read - * or a read() error. (The calling interface is identical to - * read(2).) - * - * XXX must not use non-blocking I/O - */ - -int -krb_net_read(fd, buf, len) -int fd; -register char *buf; -register int len; -{ - int cc, len2 = 0; - - do { - cc = read(fd, buf, len); - if (cc < 0) - return(cc); /* errno is already set */ - else if (cc == 0) { - return(len2); - } else { - buf += cc; - len2 += cc; - len -= cc; - } - } while (len > 0); - return(len2); -} diff --git a/eBones/krb/netwrite.c b/eBones/krb/netwrite.c deleted file mode 100644 index f85f7ba..0000000 --- a/eBones/krb/netwrite.c +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. - * For copying and distribution information, please see the file - * . - * - * from: netwrite.c,v 4.1 88/11/15 16:48:58 jtkohl Exp $"; - * $Id: netwrite.c,v 1.3 1995/07/18 16:39:22 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: netwrite.c,v 1.3 1995/07/18 16:39:22 mark Exp $"; -#endif lint -#endif - -#include - -/* - * krb_net_write() writes "len" bytes from "buf" to the file - * descriptor "fd". It returns the number of bytes written or - * a write() error. (The calling interface is identical to - * write(2).) - * - * XXX must not use non-blocking I/O - */ - -int -krb_net_write(fd, buf, len) -int fd; -register char *buf; -int len; -{ - int cc; - register int wrlen = len; - do { - cc = write(fd, buf, wrlen); - if (cc < 0) - return(cc); - else { - buf += cc; - wrlen -= cc; - } - } while (wrlen > 0); - return(len); -} diff --git a/eBones/krb/one.c b/eBones/krb/one.c deleted file mode 100644 index ef02ae1..0000000 --- a/eBones/krb/one.c +++ /dev/null @@ -1,22 +0,0 @@ -/* - * Copyright 1988 by the Massachusetts Institute of Technology. - * For copying and distribution information, please see the file - * . - * - * form: one.c,v 4.1 88/11/15 16:51:41 jtkohl Exp $ - * $Id: one.c,v 1.3 1995/07/18 16:39:24 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: one.c,v 1.3 1995/07/18 16:39:24 mark Exp $"; -#endif lint -#endif - -/* - * definition of variable set to 1. - * used in krb_conf.h to determine host byte order. - */ - -int krbONE = 1; diff --git a/eBones/krb/pkt_cipher.c b/eBones/krb/pkt_cipher.c deleted file mode 100644 index 9c32b72..0000000 --- a/eBones/krb/pkt_cipher.c +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * For copying and distribution information, please see the file - * . - * - * from: pkt_cipher.c,v 4.8 89/01/13 17:46:14 steiner Exp $ - * $Id: pkt_cipher.c,v 1.3 1995/07/18 16:39:25 mark Exp $ - */ - -#if 0 -#ifndef lint -static char *rcsid = -"$Id: pkt_cipher.c,v 1.3 1995/07/18 16:39:25 mark Exp $"; -#endif /* lint */ -#endif - -#include -#include - - -/* - * This routine takes a reply packet from the Kerberos ticket-granting - * service and returns a pointer to the beginning of the ciphertext in it. - * - * See "prot.h" for packet format. - */ - -KTEXT -pkt_cipher(packet) - KTEXT packet; -{ - unsigned char *ptr = pkt_a_realm(packet) + 6 - + strlen((char *)pkt_a_realm(packet)); - /* Skip a few more fields */ - ptr += 3 + 4; /* add 4 for exp_date */ - - /* And return the pointer */ - return((KTEXT) ptr); -} diff --git a/eBones/krb/pkt_clen.c b/eBones/krb/pkt_clen.c deleted file mode 100644 index f8dacae..0000000 --- a/eBones/krb/pkt_clen.c +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * For copying and distribution information, please see the file - * . - * - * from: pkt_clen.c,v 4.7 88/11/15 16:56:36 jtkohl Exp $ - * $Id: pkt_clen.c,v 1.3 1995/07/18 16:39:27 mark Exp $ - */ - -#if 0 -#ifndef lint -static char *rcsid = -"$Id: pkt_clen.c,v 1.3 1995/07/18 16:39:27 mark Exp $"; -#endif /* lint */ -#endif - -#include - -#include -#include - -extern int krb_debug; -extern int swap_bytes; - -/* - * Given a pointer to an AUTH_MSG_KDC_REPLY packet, return the length of - * its ciphertext portion. The external variable "swap_bytes" is assumed - * to have been set to indicate whether or not the packet is in local - * byte order. pkt_clen() takes this into account when reading the - * ciphertext length out of the packet. - */ - -int -pkt_clen(pkt) - KTEXT pkt; -{ - static unsigned short temp,temp2; - int clen = 0; - - /* Start of ticket list */ - unsigned char *ptr = pkt_a_realm(pkt) + 10 - + strlen((char *)pkt_a_realm(pkt)); - - /* Finally the length */ - bcopy((char *)(++ptr),(char *)&temp,2); /* alignment */ - if (swap_bytes) { - /* assume a short is 2 bytes?? */ - swab((char *)&temp,(char *)&temp2,2); - temp = temp2; - } - - clen = (int) temp; - - if (krb_debug) - printf("Clen is %d\n",clen); - return(clen); -} diff --git a/eBones/krb/rd_err.c b/eBones/krb/rd_err.c deleted file mode 100644 index e46dc66..0000000 --- a/eBones/krb/rd_err.c +++ /dev/null @@ -1,82 +0,0 @@ -/* - * Copyright 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * For copying and distribution information, please see the file - * . - * - * This routine dissects a a Kerberos 'safe msg', - * checking its integrity, and returning a pointer to the application - * data contained and its length. - * - * Returns 0 (RD_AP_OK) for success or an error code (RD_AP_...) - * - * Steve Miller Project Athena MIT/DEC - * - * from: rd_err.c,v 4.5 89/01/13 17:26:38 steiner Exp $ - * $Id: rd_err.c,v 1.3 1995/07/18 16:39:29 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: rd_err.c,v 1.3 1995/07/18 16:39:29 mark Exp $"; -#endif /* lint */ -#endif - -/* system include files */ -#include -#include -#include -#include -#include -#include - -/* application include files */ -#include -#include - -/* - * Given an AUTH_MSG_APPL_ERR message, "in" and its length "in_length", - * return the error code from the message in "code" and the text in - * "m_data" as follows: - * - * m_data->app_data points to the error text - * m_data->app_length points to the length of the error text - * - * If all goes well, return RD_AP_OK. If the version number - * is wrong, return RD_AP_VERSION, and if it's not an AUTH_MSG_APPL_ERR - * type message, return RD_AP_MSG_TYPE. - * - * The AUTH_MSG_APPL_ERR message format can be found in mk_err.c - */ - -int -krb_rd_err(in,in_length,code,m_data) - u_char *in; /* pointer to the msg received */ - u_long in_length; /* of in msg */ - long *code; /* received error code */ - MSG_DAT *m_data; -{ - register u_char *p; - int swap_bytes = 0; - p = in; /* beginning of message */ - - if (*p++ != KRB_PROT_VERSION) - return(RD_AP_VERSION); - if (((*p) & ~1) != AUTH_MSG_APPL_ERR) - return(RD_AP_MSG_TYPE); - if ((*p++ & 1) != HOST_BYTE_ORDER) - swap_bytes++; - - /* safely get code */ - bcopy((char *)p,(char *)code,sizeof(*code)); - if (swap_bytes) - swap_u_long(*code); - p += sizeof(*code); /* skip over */ - - m_data->app_data = p; /* we're now at the error text - * message */ - m_data->app_length = in_length; - - return(RD_AP_OK); /* OK == 0 */ -} diff --git a/eBones/krb/rd_priv.c b/eBones/krb/rd_priv.c deleted file mode 100644 index 0c21a1d..0000000 --- a/eBones/krb/rd_priv.c +++ /dev/null @@ -1,207 +0,0 @@ -/* - * Copyright 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * For copying and distribution information, please see the file - * . - * - * This routine dissects a a Kerberos 'private msg', decrypting it, - * checking its integrity, and returning a pointer to the application - * data contained and its length. - * - * Returns 0 (RD_AP_OK) for success or an error code (RD_AP_...). If - * the return value is RD_AP_TIME, then either the times are too far - * out of synch, OR the packet was modified. - * - * Steve Miller Project Athena MIT/DEC - * - * from: rd_priv.c,v 4.14 89/04/28 11:59:42 jtkohl Exp $ - * $Id: rd_priv.c,v 1.3 1995/07/18 16:39:31 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid[]= -"$Id: rd_priv.c,v 1.3 1995/07/18 16:39:31 mark Exp $"; -#endif /* lint */ -#endif - -/* system include files */ -#include -#include -#include -#include -#include -#include - -/* application include files */ -#include -#include -#include -#include "lsb_addr_comp.h" - -extern int krb_debug; - -/* static storage */ - -static u_long c_length; -static int swap_bytes; -static struct timeval local_time; -static long delta_t; -int private_msg_ver = KRB_PROT_VERSION; - -/* -#ifdef NOENCRPYTION - * krb_rd_priv() checks the integrity of an -#else - * krb_rd_priv() decrypts and checks the integrity of an -#endif - * AUTH_MSG_PRIVATE message. Given the message received, "in", - * the length of that message, "in_length", the key "schedule" - * and "key", and the network addresses of the - * "sender" and "receiver" of the message, krb_rd_safe() returns - * RD_AP_OK if the message is okay, otherwise some error code. - * - * The message data retrieved from "in" are returned in the structure - * "m_data". The pointer to the application data - * (m_data->app_data) refers back to the appropriate place in "in". - * - * See the file "mk_priv.c" for the format of the AUTH_MSG_PRIVATE - * message. The structure containing the extracted message - * information, MSG_DAT, is defined in "krb.h". - */ - -long -krb_rd_priv(in,in_length,schedule,key,sender,receiver,m_data) - u_char *in; /* pointer to the msg received */ - u_long in_length; /* length of "in" msg */ - Key_schedule schedule; /* precomputed key schedule */ - C_Block key; /* encryption key for seed and ivec */ - struct sockaddr_in *sender; - struct sockaddr_in *receiver; - MSG_DAT *m_data; /*various input/output data from msg */ -{ - register u_char *p,*q; - static u_long src_addr; /* Can't send structs since no - * guarantees on size */ - - if (gettimeofday(&local_time,(struct timezone *)0)) - return -1; - - p = in; /* beginning of message */ - swap_bytes = 0; - - if (*p++ != KRB_PROT_VERSION && *(p-1) != 3) - return RD_AP_VERSION; - private_msg_ver = *(p-1); - if (((*p) & ~1) != AUTH_MSG_PRIVATE) - return RD_AP_MSG_TYPE; - if ((*p++ & 1) != HOST_BYTE_ORDER) - swap_bytes++; - - /* get cipher length */ - bcopy((char *)p,(char *)&c_length,sizeof(c_length)); - if (swap_bytes) - swap_u_long(c_length); - p += sizeof(c_length); - /* check for rational length so we don't go comatose */ - if (VERSION_SZ + MSG_TYPE_SZ + c_length > in_length) - return RD_AP_MODIFIED; - - - q = p; /* mark start of encrypted stuff */ - -#ifndef NOENCRYPTION - pcbc_encrypt((C_Block *)q,(C_Block *)q,(long)c_length,schedule, - (C_Block *)key,DECRYPT); -#endif - - /* safely get application data length */ - bcopy((char *) p,(char *)&(m_data->app_length), - sizeof(m_data->app_length)); - if (swap_bytes) - swap_u_long(m_data->app_length); - p += sizeof(m_data->app_length); /* skip over */ - - if (m_data->app_length + sizeof(c_length) + sizeof(in_length) + - sizeof(m_data->time_sec) + sizeof(m_data->time_5ms) + - sizeof(src_addr) + VERSION_SZ + MSG_TYPE_SZ - > in_length) - return RD_AP_MODIFIED; - -#ifndef NOENCRYPTION - /* we're now at the decrypted application data */ -#endif - m_data->app_data = p; - - p += m_data->app_length; - - /* safely get time_5ms */ - bcopy((char *) p, (char *)&(m_data->time_5ms), - sizeof(m_data->time_5ms)); - /* don't need to swap-- one byte for now */ - p += sizeof(m_data->time_5ms); - - /* safely get src address */ - bcopy((char *) p,(char *)&src_addr,sizeof(src_addr)); - /* don't swap, net order always */ - p += sizeof(src_addr); - - if (src_addr != (u_long) sender->sin_addr.s_addr) - return RD_AP_MODIFIED; - - /* safely get time_sec */ - bcopy((char *) p, (char *)&(m_data->time_sec), - sizeof(m_data->time_sec)); - if (swap_bytes) swap_u_long(m_data->time_sec); - - p += sizeof(m_data->time_sec); - - /* check direction bit is the sign bit */ - /* For compatibility with broken old code, compares are done in VAX - byte order (LSBFIRST) */ - if (lsb_net_ulong_less(sender->sin_addr.s_addr, - receiver->sin_addr.s_addr)==-1) - /* src < recv */ - m_data->time_sec = - m_data->time_sec; - else if (lsb_net_ulong_less(sender->sin_addr.s_addr, - receiver->sin_addr.s_addr)==0) - if (lsb_net_ushort_less(sender->sin_port,receiver->sin_port)==-1) - /* src < recv */ - m_data->time_sec = - m_data->time_sec; - /* - * all that for one tiny bit! - * Heaven help those that talk to themselves. - */ - - /* check the time integrity of the msg */ - delta_t = abs((int)((long) local_time.tv_sec - - m_data->time_sec)); - if (delta_t > CLOCK_SKEW) - return RD_AP_TIME; - if (krb_debug) - printf("\ndelta_t = %ld",delta_t); - - /* - * caller must check timestamps for proper order and - * replays, since server might have multiple clients - * each with its own timestamps and we don't assume - * tightly synchronized clocks. - */ - -#ifdef notdef - bcopy((char *) p,(char *)&cksum,sizeof(cksum)); - if (swap_bytes) swap_u_long(cksum) - /* - * calculate the checksum of the length, sequence, - * and input data, on the sending byte order!! - */ - calc_cksum = quad_cksum(q,NULL,p-q,0,key); - - if (krb_debug) - printf("\ncalc_cksum = %u, received cksum = %u", - calc_cksum, cksum); - if (cksum != calc_cksum) - return RD_AP_MODIFIED; -#endif - return RD_AP_OK; /* OK == 0 */ -} diff --git a/eBones/krb/rd_req.c b/eBones/krb/rd_req.c deleted file mode 100644 index 60ee948..0000000 --- a/eBones/krb/rd_req.c +++ /dev/null @@ -1,331 +0,0 @@ -/* - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * For copying and distribution information, please see the file - * . - * - * from: der: rd_req.c,v 4.16 89/03/22 14:52:06 jtkohl Exp $ - * $Id: rd_req.c,v 1.3 1995/07/18 16:39:33 mark Exp $ - */ - -#if 0 -#ifndef lint -static char *rcsid = -"$Id: rd_req.c,v 1.3 1995/07/18 16:39:33 mark Exp $"; -#endif /* lint */ -#endif - -#include -#include -#include -#include -#include - -extern int krb_ap_req_debug; - -static struct timeval t_local = { 0, 0 }; - -/* - * Keep the following information around for subsequent calls - * to this routine by the same server using the same key. - */ - -static Key_schedule serv_key; /* Key sched to decrypt ticket */ -static C_Block ky; /* Initialization vector */ -static int st_kvno; /* version number for this key */ -static char st_rlm[REALM_SZ]; /* server's realm */ -static char st_nam[ANAME_SZ]; /* service name */ -static char st_inst[INST_SZ]; /* server's instance */ - -/* - * This file contains two functions. krb_set_key() takes a DES - * key or password string and returns a DES key (either the original - * key, or the password converted into a DES key) and a key schedule - * for it. - * - * krb_rd_req() reads an authentication request and returns information - * about the identity of the requestor, or an indication that the - * identity information was not authentic. - */ - -/* - * krb_set_key() takes as its first argument either a DES key or a - * password string. The "cvt" argument indicates how the first - * argument "key" is to be interpreted: if "cvt" is null, "key" is - * taken to be a DES key; if "cvt" is non-null, "key" is taken to - * be a password string, and is converted into a DES key using - * string_to_key(). In either case, the resulting key is returned - * in the external static variable "ky". A key schedule is - * generated for "ky" and returned in the external static variable - * "serv_key". - * - * This routine returns the return value of des_key_sched. - * - * krb_set_key() needs to be in the same .o file as krb_rd_req() so that - * the key set by krb_set_key() is available in private storage for - * krb_rd_req(). - */ - -int -krb_set_key(key,cvt) - char *key; - int cvt; -{ -#ifdef NOENCRYPTION - bzero(ky, sizeof(ky)); - return KSUCCESS; -#else - if (cvt) - string_to_key(key,(C_Block *)ky); - else - bcopy(key,(char *)ky,8); - return(des_key_sched((C_Block *)ky,serv_key)); -#endif -} - - -/* - * krb_rd_req() takes an AUTH_MSG_APPL_REQUEST or - * AUTH_MSG_APPL_REQUEST_MUTUAL message created by krb_mk_req(), - * checks its integrity and returns a judgement as to the requestor's - * identity. - * - * The "authent" argument is a pointer to the received message. - * The "service" and "instance" arguments name the receiving server, - * and are used to get the service's ticket to decrypt the ticket - * in the message, and to compare against the server name inside the - * ticket. "from_addr" is the network address of the host from which - * the message was received; this is checked against the network - * address in the ticket. If "from_addr" is zero, the check is not - * performed. "ad" is an AUTH_DAT structure which is - * filled in with information about the sender's identity according - * to the authenticator and ticket sent in the message. Finally, - * "fn" contains the name of the file containing the server's key. - * (If "fn" is NULL, the server's key is assumed to have been set - * by krb_set_key(). If "fn" is the null string ("") the default - * file KEYFILE, defined in "krb.h", is used.) - * - * krb_rd_req() returns RD_AP_OK if the authentication information - * was genuine, or one of the following error codes (defined in - * "krb.h"): - * - * RD_AP_VERSION - wrong protocol version number - * RD_AP_MSG_TYPE - wrong message type - * RD_AP_UNDEC - couldn't decipher the message - * RD_AP_INCON - inconsistencies found - * RD_AP_BADD - wrong network address - * RD_AP_TIME - client time (in authenticator) - * too far off server time - * RD_AP_NYV - Kerberos time (in ticket) too - * far off server time - * RD_AP_EXP - ticket expired - * - * For the message format, see krb_mk_req(). - * - * Mutual authentication is not implemented. - */ - -int -krb_rd_req(authent,service,instance,from_addr,ad,fn) - register KTEXT authent; /* The received message */ - char *service; /* Service name */ - char *instance; /* Service instance */ - long from_addr; /* Net address of originating host */ - AUTH_DAT *ad; /* Structure to be filled in */ - char *fn; /* Filename to get keys from */ -{ - static KTEXT_ST ticket; /* Temp storage for ticket */ - static KTEXT tkt = &ticket; - static KTEXT_ST req_id_st; /* Temp storage for authenticator */ - register KTEXT req_id = &req_id_st; - - char realm[REALM_SZ]; /* Realm of issuing kerberos */ - static Key_schedule seskey_sched; /* Key sched for session key */ - unsigned char skey[KKEY_SZ]; /* Session key from ticket */ - char sname[SNAME_SZ]; /* Service name from ticket */ - char iname[INST_SZ]; /* Instance name from ticket */ - char r_aname[ANAME_SZ]; /* Client name from authenticator */ - char r_inst[INST_SZ]; /* Client instance from authenticator */ - char r_realm[REALM_SZ]; /* Client realm from authenticator */ - unsigned int r_time_ms; /* Fine time from authenticator */ - unsigned long r_time_sec; /* Coarse time from authenticator */ - register char *ptr; /* For stepping through */ - unsigned long delta_t; /* Time in authenticator - local time */ - long tkt_age; /* Age of ticket */ - static int swap_bytes; /* Need to swap bytes? */ - static int mutual; /* Mutual authentication requested? */ - static unsigned char s_kvno;/* Version number of the server's key - * Kerberos used to encrypt ticket */ - int status; - - if (authent->length <= 0) - return(RD_AP_MODIFIED); - - ptr = (char *) authent->dat; - - /* get msg version, type and byte order, and server key version */ - - /* check version */ - if (KRB_PROT_VERSION != (unsigned int) *ptr++) - return(RD_AP_VERSION); - - /* byte order */ - swap_bytes = 0; - if ((*ptr & 1) != HOST_BYTE_ORDER) - swap_bytes++; - - /* check msg type */ - mutual = 0; - switch (*ptr++ & ~1) { - case AUTH_MSG_APPL_REQUEST: - break; - case AUTH_MSG_APPL_REQUEST_MUTUAL: - mutual++; - break; - default: - return(RD_AP_MSG_TYPE); - } - -#ifdef lint - /* XXX mutual is set but not used; why??? */ - /* this is a crock to get lint to shut up */ - if (mutual) - mutual = 0; -#endif /* lint */ - s_kvno = *ptr++; /* get server key version */ - (void) strcpy(realm,ptr); /* And the realm of the issuing KDC */ - ptr += strlen(ptr) + 1; /* skip the realm "hint" */ - - /* - * If "fn" is NULL, key info should already be set; don't - * bother with ticket file. Otherwise, check to see if we - * already have key info for the given server and key version - * (saved in the static st_* variables). If not, go get it - * from the ticket file. If "fn" is the null string, use the - * default ticket file. - */ - if (fn && (strcmp(st_nam,service) || strcmp(st_inst,instance) || - strcmp(st_rlm,realm) || (st_kvno != s_kvno))) { - if (*fn == 0) fn = KEYFILE; - st_kvno = s_kvno; -#ifndef NOENCRYPTION - if (read_service_key(service,instance,realm,s_kvno,fn,(char *)skey)) - return(RD_AP_UNDEC); - if ((status=krb_set_key((char *)skey,0))) return(status); -#endif - (void) strcpy(st_rlm,realm); - (void) strcpy(st_nam,service); - (void) strcpy(st_inst,instance); - } - - /* Get ticket from authenticator */ - tkt->length = (int) *ptr++; - if ((tkt->length + (ptr+1 - (char *) authent->dat)) > authent->length) - return(RD_AP_MODIFIED); - bcopy(ptr+1,(char *)(tkt->dat),tkt->length); - - if (krb_ap_req_debug) - log("ticket->length: %d",tkt->length); - -#ifndef NOENCRYPTION - /* Decrypt and take apart ticket */ -#endif - - if (decomp_ticket(tkt,&ad->k_flags,ad->pname,ad->pinst,ad->prealm, - &(ad->address),ad->session, &(ad->life), - &(ad->time_sec),sname,iname,ky,serv_key)) - return(RD_AP_UNDEC); - - if (krb_ap_req_debug) { - log("Ticket Contents."); - log(" Aname: %s.%s",ad->pname, - ((int)*(ad->prealm) ? ad->prealm : "Athena")); - log(" Service: %s%s%s",sname,((int)*iname ? "." : ""),iname); - } - - /* Extract the authenticator */ - req_id->length = (int) *(ptr++); - if ((req_id->length + (ptr + tkt->length - (char *) authent->dat)) > - authent->length) - return(RD_AP_MODIFIED); - bcopy(ptr + tkt->length, (char *)(req_id->dat),req_id->length); - -#ifndef NOENCRYPTION - key_sched((C_Block *)ad->session,seskey_sched); - pcbc_encrypt((C_Block *)req_id->dat,(C_Block *)req_id->dat, - (long)req_id->length,seskey_sched,(C_Block *)ad->session,DES_DECRYPT); -#endif /* NOENCRYPTION */ - -#define check_ptr() if ((ptr - (char *) req_id->dat) > req_id->length) return(RD_AP_MODIFIED); - - ptr = (char *) req_id->dat; - (void) strcpy(r_aname,ptr); /* Authentication name */ - ptr += strlen(r_aname)+1; - check_ptr(); - (void) strcpy(r_inst,ptr); /* Authentication instance */ - ptr += strlen(r_inst)+1; - check_ptr(); - (void) strcpy(r_realm,ptr); /* Authentication name */ - ptr += strlen(r_realm)+1; - check_ptr(); - bcopy(ptr,(char *)&ad->checksum,4); /* Checksum */ - ptr += 4; - check_ptr(); - if (swap_bytes) swap_u_long(ad->checksum); - r_time_ms = *(ptr++); /* Time (fine) */ -#ifdef lint - /* XXX r_time_ms is set but not used. why??? */ - /* this is a crock to get lint to shut up */ - if (r_time_ms) - r_time_ms = 0; -#endif /* lint */ - check_ptr(); - /* assume sizeof(r_time_sec) == 4 ?? */ - bcopy(ptr,(char *)&r_time_sec,4); /* Time (coarse) */ - if (swap_bytes) swap_u_long(r_time_sec); - - /* Check for authenticity of the request */ - if (krb_ap_req_debug) - log("Pname: %s %s",ad->pname,r_aname); - if (strcmp(ad->pname,r_aname) != 0) - return(RD_AP_INCON); - if (strcmp(ad->pinst,r_inst) != 0) - return(RD_AP_INCON); - if (krb_ap_req_debug) - log("Realm: %s %s",ad->prealm,r_realm); - if ((strcmp(ad->prealm,r_realm) != 0)) - return(RD_AP_INCON); - - if (krb_ap_req_debug) - log("Address: %d %d",ad->address,from_addr); - if (from_addr && (ad->address != from_addr)) - return(RD_AP_BADD); - - (void) gettimeofday(&t_local,(struct timezone *) 0); - delta_t = abs((int)(t_local.tv_sec - r_time_sec)); - if (delta_t > CLOCK_SKEW) { - if (krb_ap_req_debug) - log("Time out of range: %d - %d = %d", - t_local.tv_sec,r_time_sec,delta_t); - return(RD_AP_TIME); - } - - /* Now check for expiration of ticket */ - - tkt_age = t_local.tv_sec - ad->time_sec; - if (krb_ap_req_debug) - log("Time: %d Issue Date: %d Diff: %d Life %x", - t_local.tv_sec,ad->time_sec,tkt_age,ad->life); - - if (t_local.tv_sec < ad->time_sec) { - if ((ad->time_sec - t_local.tv_sec) > CLOCK_SKEW) - return(RD_AP_NYV); - } - else if ((t_local.tv_sec - ad->time_sec) > 5 * 60 * ad->life) - return(RD_AP_EXP); - - /* All seems OK */ - ad->reply.length = 0; - - return(RD_AP_OK); -} diff --git a/eBones/krb/rd_safe.c b/eBones/krb/rd_safe.c deleted file mode 100644 index 4d3e8d6..0000000 --- a/eBones/krb/rd_safe.c +++ /dev/null @@ -1,183 +0,0 @@ -/* - * Copyright 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * For copying and distribution information, please see the file - * . - * - * This routine dissects a a Kerberos 'safe msg', checking its - * integrity, and returning a pointer to the application data - * contained and its length. - * - * Returns 0 (RD_AP_OK) for success or an error code (RD_AP_...) - * - * Steve Miller Project Athena MIT/DEC - * - * from: rd_safe.c,v 4.12 89/01/23 15:16:16 steiner Exp $ - * $Id: rd_safe.c,v 1.3 1995/07/18 16:39:34 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: rd_safe.c,v 1.3 1995/07/18 16:39:34 mark Exp $"; -#endif /* lint */ -#endif - -/* system include files */ -#include -#include -#include -#include -#include -#include - -/* application include files */ -#include -#include -#include -#include "lsb_addr_comp.h" - -extern char *errmsg(); -extern int errno; -extern int krb_debug; - -/* static storage */ - -static C_Block calc_cksum[2]; -static C_Block big_cksum[2]; -static int swap_bytes; -static struct timeval local_time; -static u_long delta_t; - -/* - * krb_rd_safe() checks the integrity of an AUTH_MSG_SAFE message. - * Given the message received, "in", the length of that message, - * "in_length", the "key" to compute the checksum with, and the - * network addresses of the "sender" and "receiver" of the message, - * krb_rd_safe() returns RD_AP_OK if message is okay, otherwise - * some error code. - * - * The message data retrieved from "in" is returned in the structure - * "m_data". The pointer to the application data (m_data->app_data) - * refers back to the appropriate place in "in". - * - * See the file "mk_safe.c" for the format of the AUTH_MSG_SAFE - * message. The structure containing the extracted message - * information, MSG_DAT, is defined in "krb.h". - */ - -long krb_rd_safe(in,in_length,key,sender,receiver,m_data) - u_char *in; /* pointer to the msg received */ - u_long in_length; /* length of "in" msg */ - C_Block *key; /* encryption key for seed and ivec */ - struct sockaddr_in *sender; /* sender's address */ - struct sockaddr_in *receiver; /* receiver's address -- me */ - MSG_DAT *m_data; /* where to put message information */ -{ - register u_char *p,*q; - static u_long src_addr; /* Can't send structs since no - * guarantees on size */ - /* Be very conservative */ - if (sizeof(u_long) != sizeof(struct in_addr)) { - fprintf(stderr,"\n\ -krb_rd_safe protocol err sizeof(u_long) != sizeof(struct in_addr)"); - exit(-1); - } - - if (gettimeofday(&local_time,(struct timezone *)0)) - return -1; - - p = in; /* beginning of message */ - swap_bytes = 0; - - if (*p++ != KRB_PROT_VERSION) return RD_AP_VERSION; - if (((*p) & ~1) != AUTH_MSG_SAFE) return RD_AP_MSG_TYPE; - if ((*p++ & 1) != HOST_BYTE_ORDER) swap_bytes++; - - q = p; /* mark start of cksum stuff */ - - /* safely get length */ - bcopy((char *)p,(char *)&(m_data->app_length), - sizeof(m_data->app_length)); - if (swap_bytes) swap_u_long(m_data->app_length); - p += sizeof(m_data->app_length); /* skip over */ - - if (m_data->app_length + sizeof(in_length) - + sizeof(m_data->time_sec) + sizeof(m_data->time_5ms) - + sizeof(big_cksum) + sizeof(src_addr) - + VERSION_SZ + MSG_TYPE_SZ > in_length) - return(RD_AP_MODIFIED); - - m_data->app_data = p; /* we're now at the application data */ - - /* skip app data */ - p += m_data->app_length; - - /* safely get time_5ms */ - bcopy((char *)p, (char *)&(m_data->time_5ms), - sizeof(m_data->time_5ms)); - - /* don't need to swap-- one byte for now */ - p += sizeof(m_data->time_5ms); - - /* safely get src address */ - bcopy((char *)p,(char *)&src_addr,sizeof(src_addr)); - - /* don't swap, net order always */ - p += sizeof(src_addr); - - if (src_addr != (u_long) sender->sin_addr.s_addr) - return RD_AP_MODIFIED; - - /* safely get time_sec */ - bcopy((char *)p, (char *)&(m_data->time_sec), - sizeof(m_data->time_sec)); - if (swap_bytes) - swap_u_long(m_data->time_sec); - p += sizeof(m_data->time_sec); - - /* check direction bit is the sign bit */ - /* For compatibility with broken old code, compares are done in VAX - byte order (LSBFIRST) */ - if (lsb_net_ulong_less(sender->sin_addr.s_addr, - receiver->sin_addr.s_addr)==-1) - /* src < recv */ - m_data->time_sec = - m_data->time_sec; - else if (lsb_net_ulong_less(sender->sin_addr.s_addr, - receiver->sin_addr.s_addr)==0) - if (lsb_net_ushort_less(sender->sin_port,receiver->sin_port)==-1) - /* src < recv */ - m_data->time_sec = - m_data->time_sec; - - /* - * All that for one tiny bit! Heaven help those that talk to - * themselves. - */ - - /* check the time integrity of the msg */ - delta_t = abs((int)((long) local_time.tv_sec - m_data->time_sec)); - if (delta_t > CLOCK_SKEW) return RD_AP_TIME; - - /* - * caller must check timestamps for proper order and replays, since - * server might have multiple clients each with its own timestamps - * and we don't assume tightly synchronized clocks. - */ - - bcopy((char *)p,(char *)big_cksum,sizeof(big_cksum)); - if (swap_bytes) swap_u_16(big_cksum); - -#ifdef NOENCRYPTION - bzero(calc_cksum, sizeof(calc_cksum)); -#else - quad_cksum((C_Block *)q,calc_cksum,p-q,2,key); -#endif - - if (krb_debug) - printf("\ncalc_cksum = %lu, received cksum = %lu", - (long) calc_cksum[0], (long) big_cksum[0]); - if (bcmp((char *)big_cksum,(char *)calc_cksum,sizeof(big_cksum))) - return(RD_AP_MODIFIED); - - return(RD_AP_OK); /* OK == 0 */ -} diff --git a/eBones/krb/read_service_key.c b/eBones/krb/read_service_key.c deleted file mode 100644 index 6064292..0000000 --- a/eBones/krb/read_service_key.c +++ /dev/null @@ -1,124 +0,0 @@ -/* - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * For copying and distribution information, please see the file - * . - * - * from: _service_key.c,v 4.10 90/03/10 19:06:56 jon Exp $ - * $Id: read_service_key.c,v 1.3 1995/07/18 16:39:36 mark Exp $ - */ - -#if 0 -#ifndef lint -static char *rcsid = -"$Id: read_service_key.c,v 1.3 1995/07/18 16:39:36 mark Exp $"; -#endif /* lint */ -#endif - -#include -#include -#include -#include - -/* - * The private keys for servers on a given host are stored in a - * "srvtab" file (typically "/etc/srvtab"). This routine extracts - * a given server's key from the file. - * - * read_service_key() takes the server's name ("service"), "instance", - * and "realm" and a key version number "kvno", and looks in the given - * "file" for the corresponding entry, and if found, returns the entry's - * key field in "key". - * - * If "instance" contains the string "*", then it will match - * any instance, and the chosen instance will be copied to that - * string. For this reason it is important that the there is enough - * space beyond the "*" to receive the entry. - * - * If "kvno" is 0, it is treated as a wild card and the first - * matching entry regardless of the "vno" field is returned. - * - * This routine returns KSUCCESS on success, otherwise KFAILURE. - * - * The format of each "srvtab" entry is as follows: - * - * Size Variable Field in file - * ---- -------- ------------- - * string serv server name - * string inst server instance - * string realm server realm - * 1 byte vno server key version # - * 8 bytes key server's key - * ... ... ... - */ - - -/*ARGSUSED */ -int -read_service_key(service,instance,realm,kvno,file,key) - char *service; /* Service Name */ - char *instance; /* Instance name or "*" */ - char *realm; /* Realm */ - int kvno; /* Key version number */ - char *file; /* Filename */ - char *key; /* Pointer to key to be filled in */ -{ - char serv[SNAME_SZ]; - char inst[INST_SZ]; - char rlm[REALM_SZ]; - unsigned char vno; /* Key version number */ - int wcard; - - int stab, open(); - - if ((stab = open(file, 0, 0)) < NULL) - return(KFAILURE); - - wcard = (instance[0] == '*') && (instance[1] == '\0'); - - while(getst(stab,serv,SNAME_SZ) > 0) { /* Read sname */ - (void) getst(stab,inst,INST_SZ); /* Instance */ - (void) getst(stab,rlm,REALM_SZ); /* Realm */ - /* Vers number */ - if (read(stab,(char *)&vno,1) != 1) { - close(stab); - return(KFAILURE); - } - /* Key */ - if (read(stab,key,8) != 8) { - close(stab); - return(KFAILURE); - } - /* Is this the right service */ - if (strcmp(serv,service)) - continue; - /* How about instance */ - if (!wcard && strcmp(inst,instance)) - continue; - if (wcard) - (void) strncpy(instance,inst,INST_SZ); - /* Is this the right realm */ -#ifdef ATHENA_COMPAT - /* XXX For backward compatibility: if keyfile says "Athena" - and caller wants "ATHENA.MIT.EDU", call it a match */ - if (strcmp(rlm,realm) && - (strcmp(rlm,"Athena") || - strcmp(realm,"ATHENA.MIT.EDU"))) - continue; -#else /* ! ATHENA_COMPAT */ - if (strcmp(rlm,realm)) - continue; -#endif /* ATHENA_COMPAT */ - - /* How about the key version number */ - if (kvno && kvno != (int) vno) - continue; - - (void) close(stab); - return(KSUCCESS); - } - - /* Can't find the requested service */ - (void) close(stab); - return(KFAILURE); -} diff --git a/eBones/krb/recvauth.c b/eBones/krb/recvauth.c deleted file mode 100644 index 45d68ee..0000000 --- a/eBones/krb/recvauth.c +++ /dev/null @@ -1,290 +0,0 @@ -/* - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. - * For copying and distribution information, please see the file - * . - * - * from: recvauth.c,v 4.4 90/03/10 19:03:08 jon Exp $"; - * $Id: recvauth.c,v 1.3 1995/07/18 16:39:38 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: recvauth.c,v 1.3 1995/07/18 16:39:38 mark Exp $"; -#endif lint -#endif - -#include -#include -#include -#include -#include -#include -#include -#include -#include - - -#define KRB_SENDAUTH_VERS "AUTHV0.1" /* MUST be KRB_SENDAUTH_VLEN - chars */ - -/* - * If the protocol changes, you will need to change the version string - * and make appropriate changes in krb_sendauth.c - * be sure to support old versions of krb_sendauth! - */ - -extern int errno; - -/* - * krb_recvauth() reads (and optionally responds to) a message sent - * using krb_sendauth(). The "options" argument is a bit-field of - * selected options (see "sendauth.c" for options description). - * The only option relevant to krb_recvauth() is KOPT_DO_MUTUAL - * (mutual authentication requested). The "fd" argument supplies - * a file descriptor to read from (and write to, if mutual authenti- - * cation is requested). - * - * Part of the received message will be a Kerberos ticket sent by the - * client; this is read into the "ticket" argument. The "service" and - * "instance" arguments supply the server's Kerberos name. If the - * "instance" argument is the string "*", it is treated as a wild card - * and filled in during the krb_rd_req() call (see read_service_key()). - * - * The "faddr" and "laddr" give the sending (client) and receiving - * (local server) network addresses. ("laddr" may be left NULL unless - * mutual authentication is requested, in which case it must be set.) - * - * The authentication information extracted from the message is returned - * in "kdata". The "filename" argument indicates the file where the - * server's key can be found. (It is passed on to krb_rd_req().) If - * left null, the default "/etc/srvtab" will be used. - * - * If mutual authentication is requested, the session key schedule must - * be computed in order to reply; this schedule is returned in the - * "schedule" argument. A string containing the application version - * number from the received message is returned in "version", which - * should be large enough to hold a KRB_SENDAUTH_VLEN-character string. - * - * See krb_sendauth() for the format of the received client message. - * - * This routine supports another client format, for backward - * compatibility, consisting of: - * - * Size Variable Field - * ---- -------- ----- - * - * string tmp_buf, tkt_len length of ticket, in - * ascii - * - * char ' ' (space char) separator - * - * tkt_len ticket->dat the ticket - * - * This old-style version does not support mutual authentication. - * - * krb_recvauth() first reads the protocol version string from the - * given file descriptor. If it doesn't match the current protocol - * version (KRB_SENDAUTH_VERS), the old-style format is assumed. In - * that case, the string of characters up to the first space is read - * and interpreted as the ticket length, then the ticket is read. - * - * If the first string did match KRB_SENDAUTH_VERS, krb_recvauth() - * next reads the application protocol version string. Then the - * ticket length and ticket itself are read. - * - * The ticket is decrypted and checked by the call to krb_rd_req(). - * If no mutual authentication is required, the result of the - * krb_rd_req() call is retured by this routine. If mutual authenti- - * cation is required, a message in the following format is returned - * on "fd": - * - * Size Variable Field - * ---- -------- ----- - * - * 4 bytes tkt_len length of ticket or -1 - * if error occurred - * - * priv_len tmp_buf "private" message created - * by krb_mk_priv() which - * contains the incremented - * checksum sent by the client - * encrypted in the session - * key. (This field is not - * present in case of error.) - * - * If all goes well, KSUCCESS is returned; otherwise KFAILURE or some - * other error code is returned. - */ - -#ifndef max -#define max(a,b) (((a) > (b)) ? (a) : (b)) -#endif /* max */ - -int -krb_recvauth(options, fd, ticket, service, instance, faddr, laddr, kdata, - filename, schedule, version) -long options; /* bit-pattern of options */ -int fd; /* file descr. to read from */ -KTEXT ticket; /* storage for client's ticket */ -char *service; /* service expected */ -char *instance; /* inst expected (may be filled in) */ -struct sockaddr_in *faddr; /* address of foreign host on fd */ -struct sockaddr_in *laddr; /* local address */ -AUTH_DAT *kdata; /* kerberos data (returned) */ -char *filename; /* name of file with service keys */ -Key_schedule schedule; /* key schedule (return) */ -char *version; /* version string (filled in) */ -{ - - int i, cc, old_vers = 0; - char krb_vers[KRB_SENDAUTH_VLEN + 1]; /* + 1 for the null terminator */ - char *cp; - int rem; - long tkt_len, priv_len; - u_long cksum; - u_char tmp_buf[MAX_KTXT_LEN+max(KRB_SENDAUTH_VLEN+1,21)]; - - /* read the protocol version number */ - if (krb_net_read(fd, krb_vers, KRB_SENDAUTH_VLEN) != - KRB_SENDAUTH_VLEN) - return(errno); - krb_vers[KRB_SENDAUTH_VLEN] = '\0'; - - /* check version string */ - if (strcmp(krb_vers,KRB_SENDAUTH_VERS)) { - /* Assume the old version of sendkerberosdata: send ascii - length, ' ', and ticket. */ - if (options & KOPT_DO_MUTUAL) - return(KFAILURE); /* XXX can't do old style with mutual auth */ - old_vers = 1; - - /* copy what we have read into tmp_buf */ - (void) bcopy(krb_vers, (char *) tmp_buf, KRB_SENDAUTH_VLEN); - - /* search for space, and make it a null */ - for (i = 0; i < KRB_SENDAUTH_VLEN; i++) - if (tmp_buf[i]== ' ') { - tmp_buf[i] = '\0'; - /* point cp to the beginning of the real ticket */ - cp = (char *) &tmp_buf[i+1]; - break; - } - - if (i == KRB_SENDAUTH_VLEN) - /* didn't find the space, keep reading to find it */ - for (; i<20; i++) { - if (read(fd, (char *)&tmp_buf[i], 1) != 1) { - return(KFAILURE); - } - if (tmp_buf[i] == ' ') { - tmp_buf[i] = '\0'; - /* point cp to the beginning of the real ticket */ - cp = (char *) &tmp_buf[i+1]; - break; - } - } - - tkt_len = (long) atoi((char *) tmp_buf); - - /* sanity check the length */ - if ((i==20)||(tkt_len<=0)||(tkt_len>MAX_KTXT_LEN)) - return(KFAILURE); - - if (i < KRB_SENDAUTH_VLEN) { - /* since we already got the space, and part of the ticket, - we read fewer bytes to get the rest of the ticket */ - if (krb_net_read(fd, (char *)(tmp_buf+KRB_SENDAUTH_VLEN), - (int) (tkt_len - KRB_SENDAUTH_VLEN + 1 + i)) - != (int)(tkt_len - KRB_SENDAUTH_VLEN + 1 + i)) - return(errno); - } else { - if (krb_net_read(fd, (char *)(tmp_buf+i), (int)tkt_len) != - (int) tkt_len) - return(errno); - } - ticket->length = tkt_len; - /* copy the ticket into the struct */ - (void) bcopy(cp, (char *) ticket->dat, ticket->length); - - } else { - /* read the application version string */ - if (krb_net_read(fd, version, KRB_SENDAUTH_VLEN) != - KRB_SENDAUTH_VLEN) - return(errno); - version[KRB_SENDAUTH_VLEN] = '\0'; - - /* get the length of the ticket */ - if (krb_net_read(fd, (char *)&tkt_len, sizeof(tkt_len)) != - sizeof(tkt_len)) - return(errno); - - /* sanity check */ - ticket->length = ntohl((unsigned long)tkt_len); - if ((ticket->length <= 0) || (ticket->length > MAX_KTXT_LEN)) { - if (options & KOPT_DO_MUTUAL) { - rem = KFAILURE; - goto mutual_fail; - } else - return(KFAILURE); /* XXX there may still be junk on the fd? */ - } - - /* read the ticket */ - if (krb_net_read(fd, (char *) ticket->dat, ticket->length) - != ticket->length) - return(errno); - } - /* - * now have the ticket. decrypt it to get the authenticated - * data. - */ - rem = krb_rd_req(ticket,service,instance,faddr->sin_addr.s_addr, - kdata,filename); - - if (old_vers) return(rem); /* XXX can't do mutual with old client */ - - /* if we are doing mutual auth, compose a response */ - if (options & KOPT_DO_MUTUAL) { - if (rem != KSUCCESS) - /* the krb_rd_req failed */ - goto mutual_fail; - - /* add one to the (formerly) sealed checksum, and re-seal it - for return to the client */ - cksum = kdata->checksum + 1; - cksum = htonl(cksum); -#ifndef NOENCRYPTION - key_sched((C_Block *)kdata->session,schedule); -#endif - priv_len = krb_mk_priv((unsigned char *)&cksum, - tmp_buf, - (unsigned long) sizeof(cksum), - schedule, - kdata->session, - laddr, - faddr); - if (priv_len < 0) { - /* re-sealing failed; notify the client */ - rem = KFAILURE; /* XXX */ -mutual_fail: - priv_len = -1; - tkt_len = htonl((unsigned long) priv_len); - /* a length of -1 is interpreted as an authentication - failure by the client */ - if ((cc = krb_net_write(fd, (char *)&tkt_len, sizeof(tkt_len))) - != sizeof(tkt_len)) - return(cc); - return(rem); - } else { - /* re-sealing succeeded, send the private message */ - tkt_len = htonl((unsigned long)priv_len); - if ((cc = krb_net_write(fd, (char *)&tkt_len, sizeof(tkt_len))) - != sizeof(tkt_len)) - return(cc); - if ((cc = krb_net_write(fd, (char *)tmp_buf, (int) priv_len)) - != (int) priv_len) - return(cc); - } - } - return(rem); -} diff --git a/eBones/krb/save_credentials.c b/eBones/krb/save_credentials.c deleted file mode 100644 index 268bb77..0000000 --- a/eBones/krb/save_credentials.c +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * For copying and distribution information, please see the file - * . - * - * from: save_credentials.c,v 4.9 89/05/31 17:45:43 jtkohl Exp $ - * $Id: save_credentials.c,v 1.3 1995/07/18 16:39:40 mark Exp $ - */ - -#if 0 -#ifndef lint -static char *rcsid = -"$Id: save_credentials.c,v 1.3 1995/07/18 16:39:40 mark Exp $"; -#endif /* lint */ -#endif - -#include -#include - -/* - * This routine takes a ticket and associated info and calls - * tf_save_cred() to store them in the ticket cache. The peer - * routine for extracting a ticket and associated info from the - * ticket cache is krb_get_cred(). When changes are made to - * this routine, the corresponding changes should be made - * in krb_get_cred() as well. - * - * Returns KSUCCESS if all goes well, otherwise an error returned - * by the tf_init() or tf_save_cred() routines. - */ - -int -save_credentials(service, instance, realm, session, lifetime, kvno, - ticket, issue_date) - char *service; /* Service name */ - char *instance; /* Instance */ - char *realm; /* Auth domain */ - C_Block session; /* Session key */ - int lifetime; /* Lifetime */ - int kvno; /* Key version number */ - KTEXT ticket; /* The ticket itself */ - long issue_date; /* The issue time */ -{ - int tf_status; /* return values of the tf_util calls */ - - /* Open and lock the ticket file for writing */ - if ((tf_status = tf_init(TKT_FILE, W_TKT_FIL)) != KSUCCESS) - return(tf_status); - - /* Save credentials by appending to the ticket file */ - tf_status = tf_save_cred(service, instance, realm, session, - lifetime, kvno, ticket, issue_date); - (void) tf_close(); - return (tf_status); -} diff --git a/eBones/krb/send_to_kdc.c b/eBones/krb/send_to_kdc.c deleted file mode 100644 index a2a329a..0000000 --- a/eBones/krb/send_to_kdc.c +++ /dev/null @@ -1,322 +0,0 @@ -/* - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. - * For copying and distribution information, please see the file - * . - * - * from: send_to_kdc.c,v 4.20 90/01/02 13:40:37 jtkohl Exp $ - * $Id: send_to_kdc.c,v 1.3 1995/07/18 16:39:42 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid_send_to_kdc_c[] = -"$Id: send_to_kdc.c,v 1.1 1994/03/21 17:35:39 piero Exp "; -#endif /* lint */ -#endif - -#include -#include - -#include -#include -#include -#include -#include -#include -#ifdef lint -#include /* struct iovec to make lint happy */ -#endif /* lint */ -#include -#include -#include -#include -#include - -#define S_AD_SZ sizeof(struct sockaddr_in) - -extern int errno; -extern int krb_debug; - -extern char *malloc(), *calloc(), *realloc(); - -int krb_udp_port = 0; - -/* CLIENT_KRB_TIMEOUT indicates the time to wait before - * retrying a server. It's defined in "krb.h". - */ -static struct timeval timeout = { CLIENT_KRB_TIMEOUT, 0}; -static char *prog = "send_to_kdc"; -static send_recv(); - -/* - * This file contains two routines, send_to_kdc() and send_recv(). - * send_recv() is a static routine used by send_to_kdc(). - */ - -/* - * send_to_kdc() sends a message to the Kerberos authentication - * server(s) in the given realm and returns the reply message. - * The "pkt" argument points to the message to be sent to Kerberos; - * the "rpkt" argument will be filled in with Kerberos' reply. - * The "realm" argument indicates the realm of the Kerberos server(s) - * to transact with. If the realm is null, the local realm is used. - * - * If more than one Kerberos server is known for a given realm, - * different servers will be queried until one of them replies. - * Several attempts (retries) are made for each server before - * giving up entirely. - * - * If an answer was received from a Kerberos host, KSUCCESS is - * returned. The following errors can be returned: - * - * SKDC_CANT - can't get local realm - * - can't find "kerberos" in /etc/services database - * - can't open socket - * - can't bind socket - * - all ports in use - * - couldn't find any Kerberos host - * - * SKDC_RETRY - couldn't get an answer from any Kerberos server, - * after several retries - */ - -int -send_to_kdc(pkt,rpkt,realm) - KTEXT pkt; - KTEXT rpkt; - char *realm; -{ - int i, f; - int no_host; /* was a kerberos host found? */ - int retry; - int n_hosts; - int retval; - struct sockaddr_in to; - struct hostent *host, *hostlist; - char *cp; - char krbhst[MAX_HSTNM]; - char lrealm[REALM_SZ]; - - /* - * If "realm" is non-null, use that, otherwise get the - * local realm. - */ - if (realm) - (void) strcpy(lrealm, realm); - else - if (krb_get_lrealm(lrealm,1)) { - if (krb_debug) - fprintf(stderr, "%s: can't get local realm\n", prog); - return(SKDC_CANT); - } - if (krb_debug) - printf("lrealm is %s\n", lrealm); - if (krb_udp_port == 0) { - register struct servent *sp; - if ((sp = getservbyname("kerberos","udp")) == 0) { - if (krb_debug) - fprintf(stderr, "%s: Can't get kerberos/udp service\n", - prog); - return(SKDC_CANT); - } - krb_udp_port = sp->s_port; - if (krb_debug) - printf("krb_udp_port is %d\n", krb_udp_port); - } - bzero((char *)&to, S_AD_SZ); - hostlist = (struct hostent *) malloc(sizeof(struct hostent)); - if (!hostlist) - return (/*errno */SKDC_CANT); - if ((f = socket(AF_INET, SOCK_DGRAM, 0)) < 0) { - if (krb_debug) - fprintf(stderr,"%s: Can't open socket\n", prog); - return(SKDC_CANT); - } - /* from now on, exit through rtn label for cleanup */ - - no_host = 1; - /* get an initial allocation */ - n_hosts = 0; - for (i = 1; krb_get_krbhst(krbhst, lrealm, i) == KSUCCESS; ++i) { - if (krb_debug) { - printf("Getting host entry for %s...",krbhst); - (void) fflush(stdout); - } - host = gethostbyname(krbhst); - if (krb_debug) { - printf("%s.\n", - host ? "Got it" : "Didn't get it"); - (void) fflush(stdout); - } - if (!host) - continue; - no_host = 0; /* found at least one */ - n_hosts++; - /* preserve host network address to check later - * (would be better to preserve *all* addresses, - * take care of that later) - */ - hostlist = (struct hostent *) - realloc((char *)hostlist, - (unsigned) - sizeof(struct hostent)*(n_hosts+1)); - if (!hostlist) - return /*errno */SKDC_CANT; - bcopy((char *)host, (char *)&hostlist[n_hosts-1], - sizeof(struct hostent)); - host = &hostlist[n_hosts-1]; - cp = malloc((unsigned)host->h_length); - if (!cp) { - retval = /*errno */SKDC_CANT; - goto rtn; - } - bcopy((char *)host->h_addr, cp, host->h_length); -/* At least Sun OS version 3.2 (or worse) and Ultrix version 2.2 - (or worse) only return one name ... */ -#if !(defined(ULTRIX022) || (defined(SunOS) && SunOS < 40)) - host->h_addr_list = (char **)malloc(sizeof(char *)); - if (!host->h_addr_list) { - retval = /*errno */SKDC_CANT; - goto rtn; - } -#endif /* ULTRIX022 || SunOS */ - host->h_addr = cp; - bzero((char *)&hostlist[n_hosts], - sizeof(struct hostent)); - to.sin_family = host->h_addrtype; - bcopy(host->h_addr, (char *)&to.sin_addr, - host->h_length); - to.sin_port = krb_udp_port; - if (send_recv(pkt, rpkt, f, &to, hostlist)) { - retval = KSUCCESS; - goto rtn; - } - if (krb_debug) { - printf("Timeout, error, or wrong descriptor\n"); - (void) fflush(stdout); - } - } - if (no_host) { - if (krb_debug) - fprintf(stderr, "%s: can't find any Kerberos host.\n", - prog); - retval = SKDC_CANT; - goto rtn; - } - /* retry each host in sequence */ - for (retry = 0; retry < CLIENT_KRB_RETRY; ++retry) { - for (host = hostlist; host->h_name != (char *)NULL; host++) { - to.sin_family = host->h_addrtype; - bcopy(host->h_addr, (char *)&to.sin_addr, - host->h_length); - if (send_recv(pkt, rpkt, f, &to, hostlist)) { - retval = KSUCCESS; - goto rtn; - } - } - } - retval = SKDC_RETRY; -rtn: - (void) close(f); - if (hostlist) { - if(!no_host) { - register struct hostent *hp; - for (hp = hostlist; hp->h_name; hp++) -#if !(defined(ULTRIX022) || (defined(SunOS) && SunOS < 40)) - if (hp->h_addr_list) { -#endif /* ULTRIX022 || SunOS */ - if (hp->h_addr) - free(hp->h_addr); -#if !(defined(ULTRIX022) || (defined(SunOS) && SunOS < 40)) - free((char *)hp->h_addr_list); - } -#endif /* ULTRIX022 || SunOS */ - } - free((char *)hostlist); - } - return(retval); -} - -/* - * try to send out and receive message. - * return 1 on success, 0 on failure - */ - -static int -send_recv(pkt,rpkt,f,_to,addrs) - KTEXT pkt; - KTEXT rpkt; - int f; - struct sockaddr_in *_to; - struct hostent *addrs; -{ - fd_set readfds; - register struct hostent *hp; - struct sockaddr_in from; - int sin_size; - int numsent; - - if (krb_debug) { - if (_to->sin_family == AF_INET) - printf("Sending message to %s...", - inet_ntoa(_to->sin_addr)); - else - printf("Sending message..."); - (void) fflush(stdout); - } - if ((numsent = sendto(f,(char *)(pkt->dat), pkt->length, 0, - (struct sockaddr *)_to, - S_AD_SZ)) != pkt->length) { - if (krb_debug) - printf("sent only %d/%d\n",numsent, pkt->length); - return 0; - } - if (krb_debug) { - printf("Sent\nWaiting for reply..."); - (void) fflush(stdout); - } - FD_ZERO(&readfds); - FD_SET(f, &readfds); - errno = 0; - /* select - either recv is ready, or timeout */ - /* see if timeout or error or wrong descriptor */ - if (select(f + 1, &readfds, (fd_set *)0, (fd_set *)0, &timeout) < 1 - || !FD_ISSET(f, &readfds)) { - if (krb_debug) { - fprintf(stderr, "select failed: readfds=%x", - readfds); - perror(""); - } - return 0; - } - sin_size = sizeof(from); - if (recvfrom(f, (char *)(rpkt->dat), sizeof(rpkt->dat), 0, - (struct sockaddr *)&from, &sin_size) - < 0) { - if (krb_debug) - perror("recvfrom"); - return 0; - } - if (krb_debug) { - printf("received packet from %s\n", inet_ntoa(from.sin_addr)); - fflush(stdout); - } - for (hp = addrs; hp->h_name != (char *)NULL; hp++) { - if (!bcmp(hp->h_addr, (char *)&from.sin_addr.s_addr, - hp->h_length)) { - if (krb_debug) { - printf("Received it\n"); - (void) fflush(stdout); - } - return 1; - } - if (krb_debug) - fprintf(stderr, - "packet not from %lx\n", - (unsigned long)hp->h_addr); - } - if (krb_debug) - fprintf(stderr, "%s: received packet from wrong host! (%lx)\n", - "send_to_kdc(send_rcv)", from.sin_addr.s_addr); - return 0; -} diff --git a/eBones/krb/sendauth.c b/eBones/krb/sendauth.c deleted file mode 100644 index a1d79e7..0000000 --- a/eBones/krb/sendauth.c +++ /dev/null @@ -1,259 +0,0 @@ -/* - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. - * For copying and distribution information, please see the file - * . - * - * from: sendauth.c,v 4.6 90/03/10 23:18:28 jon Exp $ - * $Id: sendauth.c,v 1.3 1995/07/18 16:39:44 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: sendauth.c,v 1.3 1995/07/18 16:39:44 mark Exp $"; -#endif lint -#endif - -#include -#include -#include -#include -#include -#include -#include - -#define KRB_SENDAUTH_VERS "AUTHV0.1" /* MUST be KRB_SENDAUTH_VLEN chars */ -/* - * If the protocol changes, you will need to change the version string - * and make appropriate changes in krb_recvauth.c - */ - -extern int errno; - -extern char *krb_get_phost(); - -/* - * This file contains two routines: krb_sendauth() and krb_sendsrv(). - * - * krb_sendauth() transmits a ticket over a file descriptor for a - * desired service, instance, and realm, doing mutual authentication - * with the server if desired. - * - * krb_sendsvc() sends a service name to a remote knetd server. - */ - -/* - * The first argument to krb_sendauth() contains a bitfield of - * options (the options are defined in "krb.h"): - * - * KOPT_DONT_CANON Don't canonicalize instance as a hostname. - * (If this option is not chosen, krb_get_phost() - * is called to canonicalize it.) - * - * KOPT_DONT_MK_REQ Don't request server ticket from Kerberos. - * A ticket must be supplied in the "ticket" - * argument. - * (If this option is not chosen, and there - * is no ticket for the given server in the - * ticket cache, one will be fetched using - * krb_mk_req() and returned in "ticket".) - * - * KOPT_DO_MUTUAL Do mutual authentication, requiring that the - * receiving server return the checksum+1 encrypted - * in the session key. The mutual authentication - * is done using krb_mk_priv() on the other side - * (see "recvauth.c") and krb_rd_priv() on this - * side. - * - * The "fd" argument is a file descriptor to write to the remote - * server on. The "ticket" argument is used to store the new ticket - * from the krb_mk_req() call. If the KOPT_DONT_MK_REQ options is - * chosen, the ticket must be supplied in the "ticket" argument. - * The "service", "inst", and "realm" arguments identify the ticket. - * If "realm" is null, the local realm is used. - * - * The following arguments are only needed if the KOPT_DO_MUTUAL option - * is chosen: - * - * The "checksum" argument is a number that the server will add 1 to - * to authenticate itself back to the client; the "msg_data" argument - * holds the returned mutual-authentication message from the server - * (i.e., the checksum+1); the "cred" structure is used to hold the - * session key of the server, extracted from the ticket file, for use - * in decrypting the mutual authentication message from the server; - * and "schedule" holds the key schedule for that decryption. The - * the local and server addresses are given in "laddr" and "faddr". - * - * The application protocol version number (of up to KRB_SENDAUTH_VLEN - * characters) is passed in "version". - * - * If all goes well, KSUCCESS is returned, otherwise some error code. - * - * The format of the message sent to the server is: - * - * Size Variable Field - * ---- -------- ----- - * - * KRB_SENDAUTH_VLEN KRB_SENDAUTH_VER sendauth protocol - * bytes version number - * - * KRB_SENDAUTH_VLEN version application protocol - * bytes version number - * - * 4 bytes ticket->length length of ticket - * - * ticket->length ticket->dat ticket itself - */ - -/* - * XXX: Note that krb_rd_priv() is coded in such a way that - * "msg_data->app_data" will be pointing into "priv_buf", which - * will disappear when krb_sendauth() returns. - */ - -int -krb_sendauth(options, fd, ticket, service, inst, realm, checksum, - msg_data, cred, schedule, laddr, faddr, version) -long options; /* bit-pattern of options */ -int fd; /* file descriptor to write onto */ -KTEXT ticket; /* where to put ticket (return); or - * supplied in case of KOPT_DONT_MK_REQ */ -char *service, *inst, *realm; /* service name, instance, realm */ -u_long checksum; /* checksum to include in request */ -MSG_DAT *msg_data; /* mutual auth MSG_DAT (return) */ -CREDENTIALS *cred; /* credentials (return) */ -Key_schedule schedule; /* key schedule (return) */ -struct sockaddr_in *laddr; /* local address */ -struct sockaddr_in *faddr; /* address of foreign host on fd */ -char *version; /* version string */ -{ - int rem, i, cc; - char srv_inst[INST_SZ]; - char krb_realm[REALM_SZ]; - char buf[BUFSIZ]; - long tkt_len; - u_char priv_buf[1024]; - u_long cksum; - - rem=KSUCCESS; - - /* get current realm if not passed in */ - if (!realm) { - rem = krb_get_lrealm(krb_realm,1); - if (rem != KSUCCESS) - return(rem); - realm = krb_realm; - } - - /* copy instance into local storage, canonicalizing if desired */ - if (options & KOPT_DONT_CANON) - (void) strncpy(srv_inst, inst, INST_SZ); - else - (void) strncpy(srv_inst, krb_get_phost(inst), INST_SZ); - - /* get the ticket if desired */ - if (!(options & KOPT_DONT_MK_REQ)) { - rem = krb_mk_req(ticket, service, srv_inst, realm, checksum); - if (rem != KSUCCESS) - return(rem); - } - -#ifdef ATHENA_COMPAT - /* this is only for compatibility with old servers */ - if (options & KOPT_DO_OLDSTYLE) { - (void) sprintf(buf,"%d ",ticket->length); - (void) write(fd, buf, strlen(buf)); - (void) write(fd, (char *) ticket->dat, ticket->length); - return(rem); - } -#endif ATHENA_COMPAT - /* if mutual auth, get credentials so we have service session - keys for decryption below */ - if (options & KOPT_DO_MUTUAL) - if ((cc = krb_get_cred(service, srv_inst, realm, cred))) - return(cc); - - /* zero the buffer */ - (void) bzero(buf, BUFSIZ); - - /* insert version strings */ - (void) strncpy(buf, KRB_SENDAUTH_VERS, KRB_SENDAUTH_VLEN); - (void) strncpy(buf+KRB_SENDAUTH_VLEN, version, KRB_SENDAUTH_VLEN); - - /* increment past vers strings */ - i = 2*KRB_SENDAUTH_VLEN; - - /* put ticket length into buffer */ - tkt_len = htonl((unsigned long) ticket->length); - (void) bcopy((char *) &tkt_len, buf+i, sizeof(tkt_len)); - i += sizeof(tkt_len); - - /* put ticket into buffer */ - (void) bcopy((char *) ticket->dat, buf+i, ticket->length); - i += ticket->length; - - /* write the request to the server */ - if ((cc = krb_net_write(fd, buf, i)) != i) - return(cc); - - /* mutual authentication, if desired */ - if (options & KOPT_DO_MUTUAL) { - /* get the length of the reply */ - if (krb_net_read(fd, (char *) &tkt_len, sizeof(tkt_len)) != - sizeof(tkt_len)) - return(errno); - tkt_len = ntohl((unsigned long)tkt_len); - - /* if the length is negative, the server failed to recognize us. */ - if ((tkt_len < 0) || (tkt_len > sizeof(priv_buf))) - return(KFAILURE); /* XXX */ - /* read the reply... */ - if (krb_net_read(fd, (char *)priv_buf, (int) tkt_len) != (int) tkt_len) - return(errno); - - /* ...and decrypt it */ -#ifndef NOENCRYPTION - key_sched((C_Block *)cred->session,schedule); -#endif - if ((cc = krb_rd_priv(priv_buf,(unsigned long) tkt_len, schedule, - cred->session, faddr, laddr, msg_data))) - return(cc); - - /* fetch the (modified) checksum */ - (void) bcopy((char *)msg_data->app_data, (char *)&cksum, - sizeof(cksum)); - cksum = ntohl(cksum); - - /* if it doesn't match, fail */ - if (cksum != checksum + 1) - return(KFAILURE); /* XXX */ - } - return(KSUCCESS); -} - -#ifdef ATHENA_COMPAT -/* - * krb_sendsvc - */ - -int -krb_sendsvc(fd, service) -int fd; -char *service; -{ - /* write the service name length and then the service name to - the fd */ - long serv_length; - int cc; - - serv_length = htonl((unsigned long)strlen(service)); - if ((cc = krb_net_write(fd, (char *) &serv_length, - sizeof(serv_length))) - != sizeof(serv_length)) - return(cc); - if ((cc = krb_net_write(fd, service, strlen(service))) - != strlen(service)) - return(cc); - return(KSUCCESS); -} -#endif ATHENA_COMPAT diff --git a/eBones/krb/stime.c b/eBones/krb/stime.c deleted file mode 100644 index 2da2463..0000000 --- a/eBones/krb/stime.c +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * For copying and distribution information, please see the file - * . - * - * from: stime.c,v 4.5 88/11/15 16:58:05 jtkohl Exp $ - * $Id: stime.c,v 1.3 1995/07/18 16:39:46 mark Exp $ - */ - -#if 0 -#ifndef lint -static char *rcsid = -"$Id: stime.c,v 1.3 1995/07/18 16:39:46 mark Exp $"; -#endif /* lint */ -#endif - -#include -#include /* for sprintf() */ - -/* - * Given a pointer to a long containing the number of seconds - * since the beginning of time (midnight 1 Jan 1970 GMT), return - * a string containing the local time in the form: - * - * "25-Jan-88 10:17:56" - */ - -char * -stime(t) - long *t; -{ - static char st_data[40]; - static char *st = st_data; - struct tm *tm; - char *month_sname(); - - tm = localtime(t); - (void) sprintf(st,"%2d-%s-%02d %02d:%02d:%02d",tm->tm_mday, - month_sname(tm->tm_mon + 1),tm->tm_year, - tm->tm_hour, tm->tm_min, tm->tm_sec); - return st; -} diff --git a/eBones/krb/tf_shm.c b/eBones/krb/tf_shm.c deleted file mode 100644 index 31894cb..0000000 --- a/eBones/krb/tf_shm.c +++ /dev/null @@ -1,176 +0,0 @@ -/* - * Copyright 1988 by the Massachusetts Institute of Technology. - * For copying and distribution information, please see the file - * . - * - * Shared memory segment functions for session keys. Derived from code - * contributed by Dan Kolkowitz (kolk@jessica.stanford.edu). - * - * from: tf_shm.c,v 4.2 89/10/25 23:26:46 qjb Exp $ - * $Id: tf_shm.c,v 1.3 1995/07/18 16:39:48 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: tf_shm.c,v 1.3 1995/07/18 16:39:48 mark Exp $"; -#endif lint -#endif - -#include -#include -#include -#include -#include -#include -#include -#include - -#define MAX_BUFF sizeof(des_cblock)*1000 /* room for 1k keys */ - -extern int errno; -extern int krb_debug; - -/* - * krb_create_shmtkt: - * - * create a shared memory segment for session keys, leaving its id - * in the specified filename. - */ - -int -krb_shm_create(file_name) -char *file_name; -{ - int retval; - int shmid; - struct shmid_ds shm_buf; - FILE *sfile; - uid_t me, metoo, getuid(), geteuid(); - - (void) krb_shm_dest(file_name); /* nuke it if it exists... - this cleans up to make sure we - don't slowly lose memory. */ - - shmid = shmget((long)IPC_PRIVATE,MAX_BUFF, IPC_CREAT); - if (shmid == -1) { - if (krb_debug) - perror("krb_shm_create shmget"); - return(KFAILURE); /* XXX */ - } - me = getuid(); - metoo = geteuid(); - /* - * now set up the buffer so that we can modify it - */ - shm_buf.shm_perm.uid = me; - shm_buf.shm_perm.gid = getgid(); - shm_buf.shm_perm.mode = 0600; - if (shmctl(shmid,IPC_SET,&shm_buf) < 0) { /*can now map it */ - if (krb_debug) - perror("krb_shm_create shmctl"); - (void) shmctl(shmid, IPC_RMID, 0); - return(KFAILURE); /* XXX */ - } - (void) shmctl(shmid, SHM_LOCK, 0); /* attempt to lock-in-core */ - /* arrange so the file is owned by the ruid - (swap real & effective uid if necessary). */ - if (me != metoo) { - if (setreuid(metoo, me) < 0) { - /* can't switch??? barf! */ - if (krb_debug) - perror("krb_shm_create: setreuid"); - (void) shmctl(shmid, IPC_RMID, 0); - return(KFAILURE); - } else - if (krb_debug) - printf("swapped UID's %d and %d\n",metoo,me); - } - if ((sfile = fopen(file_name,"w")) == 0) { - if (krb_debug) - perror("krb_shm_create file"); - (void) shmctl(shmid, IPC_RMID, 0); - return(KFAILURE); /* XXX */ - } - if (fchmod(fileno(sfile),0600) < 0) { - if (krb_debug) - perror("krb_shm_create fchmod"); - (void) shmctl(shmid, IPC_RMID, 0); - return(KFAILURE); /* XXX */ - } - if (me != metoo) { - if (setreuid(me, metoo) < 0) { - /* can't switch??? barf! */ - if (krb_debug) - perror("krb_shm_create: setreuid2"); - (void) shmctl(shmid, IPC_RMID, 0); - return(KFAILURE); - } else - if (krb_debug) - printf("swapped UID's %d and %d\n",me,metoo); - } - - (void) fprintf(sfile,"%d",shmid); - (void) fflush(sfile); - (void) fclose(sfile); - return(KSUCCESS); -} - - -/* - * krb_is_diskless: - * - * check / to see if file .diskless exists. If so it is diskless. - * Do it this way now to avoid dependencies on a particular routine. - * Choose root file system since that will be private to the client. - */ - -int krb_is_diskless() -{ - struct stat buf; - if (stat("/.diskless",&buf) < 0) - return(0); - else return(1); -} - -/* - * krb_shm_dest: destroy shared memory segment with session keys, and remove - * file pointing to it. - */ - -int krb_shm_dest(file) -char *file; -{ - int shmid; - FILE *sfile; - struct stat st_buf; - - if (stat(file,&st_buf) == 0) { - /* successful stat */ - if ((sfile = fopen(file,"r")) == 0) { - if (krb_debug) - perror("cannot open shared memory file"); - return(KFAILURE); /* XXX */ - } - if (fscanf(sfile,"%d",&shmid) == 1) { - if (shmctl(shmid,IPC_RMID,0) != 0) { - if (krb_debug) - perror("krb_shm_dest: cannot delete shm segment"); - (void) fclose(sfile); - return(KFAILURE); /* XXX */ - } - } else { - if (krb_debug) - fprintf(stderr, "bad format in shmid file\n"); - (void) fclose(sfile); - return(KFAILURE); /* XXX */ - } - (void) fclose(sfile); - (void) unlink(file); - return(KSUCCESS); - } else - return(RET_TKFIL); /* XXX */ -} - - - diff --git a/eBones/krb/tf_util.3 b/eBones/krb/tf_util.3 deleted file mode 100644 index ee6e436..0000000 --- a/eBones/krb/tf_util.3 +++ /dev/null @@ -1,151 +0,0 @@ -.\" from: tf_util.3,v 4.2 89/04/25 17:17:11 jtkohl Exp $ -.\" $Id: tf_util.3,v 1.1.1.1 1994/09/30 14:50:08 csgr Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file . -.\" -.TH TF_UTIL 3 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -tf_init, tf_get_pname, tf_get_pinst, tf_get_cred, tf_close \ -\- Routines for manipulating a Kerberos ticket file -.SH SYNOPSIS -.nf -.nj -.ft B -#include -.PP -.ft B -extern char *krb_err_txt[]; -.PP -.ft B -tf_init(tf_name, rw) -char *tf_name; -int rw; -.PP -.ft B -tf_get_pname(pname) -char *pname; -.PP -.ft B -tf_get_pinst(pinst) -char *pinst; -.PP -.ft B -tf_get_cred(c) -CREDENTIALS *c; -.PP -.ft B -tf_close() -.PP -.fi -.SH DESCRIPTION -This group of routines are provided to manipulate the Kerberos tickets -file. A ticket file has the following format: -.nf -.in +4 -.sp -principal's name (null-terminated string) -principal's instance (null-terminated string) -CREDENTIAL_1 -CREDENTIAL_2 - ... -CREDENTIAL_n -EOF -.sp -.in -4 -.LP -Where "CREDENTIAL_x" consists of the following fixed-length -fields from the CREDENTIALS structure (defined in ): -.nf -.sp -.in +4 - char service[ANAME_SZ] - char instance[INST_SZ] - char realm[REALM_SZ] - des_cblock session - int lifetime - int kvno - KTEXT_ST ticket_st - long issue_date -.in -4 -.sp -.fi -.PP -.I tf_init -must be called before the other ticket file -routines. -It takes the name of the ticket file to use, -and a read/write flag as arguments. -It tries to open the ticket file, checks the mode and if -everything is okay, locks the file. If it's opened for -reading, the lock is shared. If it's opened for writing, -the lock is exclusive. -KSUCCESS is returned if all went well, otherwise one of the -following: -.nf -.sp -NO_TKT_FIL - file wasn't there -TKT_FIL_ACC - file was in wrong mode, etc. -TKT_FIL_LCK - couldn't lock the file, even after a retry -.sp -.fi -.PP -The -.I tf_get_pname -reads the principal's name from a ticket file. -It should only be called after tf_init has been called. The -principal's name is filled into the -.I pname -parameter. If all goes -well, KSUCCESS is returned. -If tf_init wasn't called, TKT_FIL_INI -is returned. -If the principal's name was null, or EOF was encountered, or the -name was longer than ANAME_SZ, TKT_FIL_FMT is returned. -.PP -The -.I tf_get_pinst -reads the principal's instance from a ticket file. -It should only be called after tf_init and tf_get_pname -have been called. -The principal's instance is filled into the -.I pinst -parameter. -If all goes -well, KSUCCESS is returned. -If tf_init wasn't called, TKT_FIL_INI -is returned. -If EOF was encountered, or the -name was longer than INST_SZ, TKT_FIL_FMT is returned. -Note that, unlike the principal name, the instance name may be null. -.PP -The -.I tf_get_cred -routine reads a CREDENTIALS record from a ticket file and -fills in the given structure. -It should only be called after -tf_init, tf_get_pname, and tf_get_pinst have been called. -If all goes well, KSUCCESS is returned. Possible error codes -are: -.nf -.sp -TKT_FIL_INI - tf_init wasn't called first -TKT_FIL_FMT - bad format -EOF - end of file encountered -.sp -.fi -.PP -.I tf_close -closes the ticket file and releases the lock on it. -.SH "SEE ALSO" -krb(3) -.SH DIAGNOSTICS -.SH BUGS -The ticket file routines have to be called in a certain order. -.SH AUTHORS -Jennifer Steiner, MIT Project Athena -.br -Bill Bryant, MIT Project Athena -.SH RESTRICTIONS -Copyright 1987 Massachusetts Institute of Technology diff --git a/eBones/krb/tf_util.c b/eBones/krb/tf_util.c deleted file mode 100644 index e939c38..0000000 --- a/eBones/krb/tf_util.c +++ /dev/null @@ -1,581 +0,0 @@ -/* - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. - * For copying and distribution information, please see the file - * . - * - * from: tf_util.c,v 4.9 90/03/10 19:19:45 jon Exp $ - * $Id: tf_util.c,v 1.3 1995/07/18 16:39:50 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: tf_util.c,v 1.3 1995/07/18 16:39:50 mark Exp $"; -#endif /* lint */ -#endif - -#include -#include -#include -#include -#include -#include -#include -#include - -#ifdef TKT_SHMEM -#include -#include -#include -#endif /* TKT_SHMEM */ - -#define TOO_BIG -1 -#define TF_LCK_RETRY ((unsigned)2) /* seconds to sleep before - * retry if ticket file is - * locked */ -extern int krb_debug; - -#ifdef TKT_SHMEM -char *krb_shm_addr = 0; -static char *tmp_shm_addr = 0; -static char krb_dummy_skey[8] = {0,0,0,0,0,0,0,0}; - -#endif /* TKT_SHMEM */ - -/* - * fd must be initialized to something that won't ever occur as a real - * file descriptor. Since open(2) returns only non-negative numbers as - * valid file descriptors, and tf_init always stuffs the return value - * from open in here even if it is an error flag, we must - * a. Initialize fd to a negative number, to indicate that it is - * not initially valid. - * b. When checking for a valid fd, assume that negative values - * are invalid (ie. when deciding whether tf_init has been - * called.) - * c. In tf_close, be sure it gets reinitialized to a negative - * number. - */ -static fd = -1; -static curpos; /* Position in tfbfr */ -static lastpos; /* End of tfbfr */ -static char tfbfr[BUFSIZ]; /* Buffer for ticket data */ - -static int tf_read(char *s, int n); -static int tf_gets(char *s, int n); - -/* - * This file contains routines for manipulating the ticket cache file. - * - * The ticket file is in the following format: - * - * principal's name (null-terminated string) - * principal's instance (null-terminated string) - * CREDENTIAL_1 - * CREDENTIAL_2 - * ... - * CREDENTIAL_n - * EOF - * - * Where "CREDENTIAL_x" consists of the following fixed-length - * fields from the CREDENTIALS structure (see "krb.h"): - * - * char service[ANAME_SZ] - * char instance[INST_SZ] - * char realm[REALM_SZ] - * C_Block session - * int lifetime - * int kvno - * KTEXT_ST ticket_st - * long issue_date - * - * Short description of routines: - * - * tf_init() opens the ticket file and locks it. - * - * tf_get_pname() returns the principal's name. - * - * tf_get_pinst() returns the principal's instance (may be null). - * - * tf_get_cred() returns the next CREDENTIALS record. - * - * tf_save_cred() appends a new CREDENTIAL record to the ticket file. - * - * tf_close() closes the ticket file and releases the lock. - * - * tf_gets() returns the next null-terminated string. It's an internal - * routine used by tf_get_pname(), tf_get_pinst(), and tf_get_cred(). - * - * tf_read() reads a given number of bytes. It's an internal routine - * used by tf_get_cred(). - */ - -/* - * tf_init() should be called before the other ticket file routines. - * It takes the name of the ticket file to use, "tf_name", and a - * read/write flag "rw" as arguments. - * - * It tries to open the ticket file, checks the mode, and if everything - * is okay, locks the file. If it's opened for reading, the lock is - * shared. If it's opened for writing, the lock is exclusive. - * - * Returns KSUCCESS if all went well, otherwise one of the following: - * - * NO_TKT_FIL - file wasn't there - * TKT_FIL_ACC - file was in wrong mode, etc. - * TKT_FIL_LCK - couldn't lock the file, even after a retry - */ - -int -tf_init(tf_name, rw) - char *tf_name; - int rw; -{ - int wflag; - uid_t me, getuid(); - struct stat stat_buf; -#ifdef TKT_SHMEM - char shmidname[MAXPATHLEN]; - FILE *sfp; - int shmid; -#endif - - switch (rw) { - case R_TKT_FIL: - wflag = 0; - break; - case W_TKT_FIL: - wflag = 1; - break; - default: - if (krb_debug) fprintf(stderr, "tf_init: illegal parameter\n"); - return TKT_FIL_ACC; - } - if (lstat(tf_name, &stat_buf) < 0) - switch (errno) { - case ENOENT: - return NO_TKT_FIL; - default: - return TKT_FIL_ACC; - } - me = getuid(); - if ((stat_buf.st_uid != me && me != 0) || - ((stat_buf.st_mode & S_IFMT) != S_IFREG)) - return TKT_FIL_ACC; -#ifdef TKT_SHMEM - (void) strcpy(shmidname, tf_name); - (void) strcat(shmidname, ".shm"); - if (stat(shmidname,&stat_buf) < 0) - return(TKT_FIL_ACC); - if ((stat_buf.st_uid != me && me != 0) || - ((stat_buf.st_mode & S_IFMT) != S_IFREG)) - return TKT_FIL_ACC; -#endif /* TKT_SHMEM */ - - /* - * If "wflag" is set, open the ticket file in append-writeonly mode - * and lock the ticket file in exclusive mode. If unable to lock - * the file, sleep and try again. If we fail again, return with the - * proper error message. - */ - - curpos = sizeof(tfbfr); - -#ifdef TKT_SHMEM - sfp = fopen(shmidname, "r"); /* only need read/write on the - actual tickets */ - if (sfp == 0) - return TKT_FIL_ACC; - shmid = -1; - { - char buf[BUFSIZ]; - int val; /* useful for debugging fscanf */ - /* We provide our own buffer here since some STDIO libraries - barf on unbuffered input with fscanf() */ - - setbuf(sfp, buf); - if ((val = fscanf(sfp,"%d",&shmid)) != 1) { - (void) fclose(sfp); - return TKT_FIL_ACC; - } - if (shmid < 0) { - (void) fclose(sfp); - return TKT_FIL_ACC; - } - (void) fclose(sfp); - } - /* - * global krb_shm_addr is initialized to 0. Ultrix bombs when you try and - * attach the same segment twice so we need this check. - */ - if (!krb_shm_addr) { - if ((krb_shm_addr = shmat(shmid,0,0)) == -1){ - if (krb_debug) - fprintf(stderr, - "cannot attach shared memory for segment %d\n", - shmid); - krb_shm_addr = 0; /* reset so we catch further errors */ - return TKT_FIL_ACC; - } - } - tmp_shm_addr = krb_shm_addr; -#endif /* TKT_SHMEM */ - - if (wflag) { - fd = open(tf_name, O_RDWR, 0600); - if (fd < 0) { - return TKT_FIL_ACC; - } - if (flock(fd, LOCK_EX | LOCK_NB) < 0) { - sleep(TF_LCK_RETRY); - if (flock(fd, LOCK_EX | LOCK_NB) < 0) { - (void) close(fd); - fd = -1; - return TKT_FIL_LCK; - } - } - return KSUCCESS; - } - /* - * Otherwise "wflag" is not set and the ticket file should be opened - * for read-only operations and locked for shared access. - */ - - fd = open(tf_name, O_RDONLY, 0600); - if (fd < 0) { - return TKT_FIL_ACC; - } - if (flock(fd, LOCK_SH | LOCK_NB) < 0) { - sleep(TF_LCK_RETRY); - if (flock(fd, LOCK_SH | LOCK_NB) < 0) { - (void) close(fd); - fd = -1; - return TKT_FIL_LCK; - } - } - return KSUCCESS; -} - -/* - * tf_get_pname() reads the principal's name from the ticket file. It - * should only be called after tf_init() has been called. The - * principal's name is filled into the "p" parameter. If all goes well, - * KSUCCESS is returned. If tf_init() wasn't called, TKT_FIL_INI is - * returned. If the name was null, or EOF was encountered, or the name - * was longer than ANAME_SZ, TKT_FIL_FMT is returned. - */ - -int -tf_get_pname(p) - char *p; -{ - if (fd < 0) { - if (krb_debug) - fprintf(stderr, "tf_get_pname called before tf_init.\n"); - return TKT_FIL_INI; - } - if (tf_gets(p, ANAME_SZ) < 2) /* can't be just a null */ - return TKT_FIL_FMT; - return KSUCCESS; -} - -/* - * tf_get_pinst() reads the principal's instance from a ticket file. - * It should only be called after tf_init() and tf_get_pname() have been - * called. The instance is filled into the "inst" parameter. If all - * goes well, KSUCCESS is returned. If tf_init() wasn't called, - * TKT_FIL_INI is returned. If EOF was encountered, or the instance - * was longer than ANAME_SZ, TKT_FIL_FMT is returned. Note that the - * instance may be null. - */ - -int -tf_get_pinst(inst) - char *inst; -{ - if (fd < 0) { - if (krb_debug) - fprintf(stderr, "tf_get_pinst called before tf_init.\n"); - return TKT_FIL_INI; - } - if (tf_gets(inst, INST_SZ) < 1) - return TKT_FIL_FMT; - return KSUCCESS; -} - -/* - * tf_get_cred() reads a CREDENTIALS record from a ticket file and fills - * in the given structure "c". It should only be called after tf_init(), - * tf_get_pname(), and tf_get_pinst() have been called. If all goes well, - * KSUCCESS is returned. Possible error codes are: - * - * TKT_FIL_INI - tf_init wasn't called first - * TKT_FIL_FMT - bad format - * EOF - end of file encountered - */ - -int -tf_get_cred(c) - CREDENTIALS *c; -{ - KTEXT ticket = &c->ticket_st; /* pointer to ticket */ - int k_errno; - - if (fd < 0) { - if (krb_debug) - fprintf(stderr, "tf_get_cred called before tf_init.\n"); - return TKT_FIL_INI; - } - if ((k_errno = tf_gets(c->service, SNAME_SZ)) < 2) - switch (k_errno) { - case TOO_BIG: - case 1: /* can't be just a null */ - tf_close(); - return TKT_FIL_FMT; - case 0: - return EOF; - } - if ((k_errno = tf_gets(c->instance, INST_SZ)) < 1) - switch (k_errno) { - case TOO_BIG: - return TKT_FIL_FMT; - case 0: - return EOF; - } - if ((k_errno = tf_gets(c->realm, REALM_SZ)) < 2) - switch (k_errno) { - case TOO_BIG: - case 1: /* can't be just a null */ - tf_close(); - return TKT_FIL_FMT; - case 0: - return EOF; - } - if ( - tf_read((char *) (c->session), KEY_SZ) < 1 || - tf_read((char *) &(c->lifetime), sizeof(c->lifetime)) < 1 || - tf_read((char *) &(c->kvno), sizeof(c->kvno)) < 1 || - tf_read((char *) &(ticket->length), sizeof(ticket->length)) - < 1 || - /* don't try to read a silly amount into ticket->dat */ - ticket->length > MAX_KTXT_LEN || - tf_read((char *) (ticket->dat), ticket->length) < 1 || - tf_read((char *) &(c->issue_date), sizeof(c->issue_date)) < 1 - ) { - tf_close(); - return TKT_FIL_FMT; - } -#ifdef TKT_SHMEM - bcopy(tmp_shm_addr,c->session,KEY_SZ); - tmp_shm_addr += KEY_SZ; -#endif /* TKT_SHMEM */ - return KSUCCESS; -} - -/* - * tf_close() closes the ticket file and sets "fd" to -1. If "fd" is - * not a valid file descriptor, it just returns. It also clears the - * buffer used to read tickets. - * - * The return value is not defined. - */ - -void -tf_close() -{ - if (!(fd < 0)) { -#ifdef TKT_SHMEM - if (shmdt(krb_shm_addr)) { - /* what kind of error? */ - if (krb_debug) - fprintf(stderr, "shmdt 0x%x: errno %d",krb_shm_addr, errno); - } else { - krb_shm_addr = 0; - } -#endif TKT_SHMEM - (void) flock(fd, LOCK_UN); - (void) close(fd); - fd = -1; /* see declaration of fd above */ - } - bzero(tfbfr, sizeof(tfbfr)); -} - -/* - * tf_gets() is an internal routine. It takes a string "s" and a count - * "n", and reads from the file until either it has read "n" characters, - * or until it reads a null byte. When finished, what has been read exists - * in "s". If it encounters EOF or an error, it closes the ticket file. - * - * Possible return values are: - * - * n the number of bytes read (including null terminator) - * when all goes well - * - * 0 end of file or read error - * - * TOO_BIG if "count" characters are read and no null is - * encountered. This is an indication that the ticket - * file is seriously ill. - */ - -static int -tf_gets(s, n) - register char *s; - int n; -{ - register count; - - if (fd < 0) { - if (krb_debug) - fprintf(stderr, "tf_gets called before tf_init.\n"); - return TKT_FIL_INI; - } - for (count = n - 1; count > 0; --count) { - if (curpos >= sizeof(tfbfr)) { - lastpos = read(fd, tfbfr, sizeof(tfbfr)); - curpos = 0; - } - if (curpos == lastpos) { - tf_close(); - return 0; - } - *s = tfbfr[curpos++]; - if (*s++ == '\0') - return (n - count); - } - tf_close(); - return TOO_BIG; -} - -/* - * tf_read() is an internal routine. It takes a string "s" and a count - * "n", and reads from the file until "n" bytes have been read. When - * finished, what has been read exists in "s". If it encounters EOF or - * an error, it closes the ticket file. - * - * Possible return values are: - * - * n the number of bytes read when all goes well - * - * 0 on end of file or read error - */ - -static int -tf_read(s, n) - register char *s; - register int n; -{ - register count; - - for (count = n; count > 0; --count) { - if (curpos >= sizeof(tfbfr)) { - lastpos = read(fd, tfbfr, sizeof(tfbfr)); - curpos = 0; - } - if (curpos == lastpos) { - tf_close(); - return 0; - } - *s++ = tfbfr[curpos++]; - } - return n; -} - -/* - * tf_save_cred() appends an incoming ticket to the end of the ticket - * file. You must call tf_init() before calling tf_save_cred(). - * - * The "service", "instance", and "realm" arguments specify the - * server's name; "session" contains the session key to be used with - * the ticket; "kvno" is the server key version number in which the - * ticket is encrypted, "ticket" contains the actual ticket, and - * "issue_date" is the time the ticket was requested (local host's time). - * - * Returns KSUCCESS if all goes well, TKT_FIL_INI if tf_init() wasn't - * called previously, and KFAILURE for anything else that went wrong. - */ - -int -tf_save_cred(service, instance, realm, session, lifetime, kvno, - ticket, issue_date) - char *service; /* Service name */ - char *instance; /* Instance */ - char *realm; /* Auth domain */ - C_Block session; /* Session key */ - int lifetime; /* Lifetime */ - int kvno; /* Key version number */ - KTEXT ticket; /* The ticket itself */ - long issue_date; /* The issue time */ -{ - - off_t lseek(); - int count; /* count for write */ -#ifdef TKT_SHMEM - int *skey_check; -#endif /* TKT_SHMEM */ - - if (fd < 0) { /* fd is ticket file as set by tf_init */ - if (krb_debug) - fprintf(stderr, "tf_save_cred called before tf_init.\n"); - return TKT_FIL_INI; - } - /* Find the end of the ticket file */ - (void) lseek(fd, 0L, 2); -#ifdef TKT_SHMEM - /* scan to end of existing keys: pick first 'empty' slot. - we assume that no real keys will be completely zero (it's a weak - key under DES) */ - - skey_check = (int *) krb_shm_addr; - - while (*skey_check && *(skey_check+1)) - skey_check += 2; - tmp_shm_addr = (char *)skey_check; -#endif /* TKT_SHMEM */ - - /* Write the ticket and associated data */ - /* Service */ - count = strlen(service) + 1; - if (write(fd, service, count) != count) - goto bad; - /* Instance */ - count = strlen(instance) + 1; - if (write(fd, instance, count) != count) - goto bad; - /* Realm */ - count = strlen(realm) + 1; - if (write(fd, realm, count) != count) - goto bad; - /* Session key */ -#ifdef TKT_SHMEM - bcopy(session,tmp_shm_addr,8); - tmp_shm_addr+=8; - if (write(fd,krb_dummy_skey,8) != 8) - goto bad; -#else /* ! TKT_SHMEM */ - if (write(fd, (char *) session, 8) != 8) - goto bad; -#endif /* TKT_SHMEM */ - /* Lifetime */ - if (write(fd, (char *) &lifetime, sizeof(int)) != sizeof(int)) - goto bad; - /* Key vno */ - if (write(fd, (char *) &kvno, sizeof(int)) != sizeof(int)) - goto bad; - /* Tkt length */ - if (write(fd, (char *) &(ticket->length), sizeof(int)) != - sizeof(int)) - goto bad; - /* Ticket */ - count = ticket->length; - if (write(fd, (char *) (ticket->dat), count) != count) - goto bad; - /* Issue date */ - if (write(fd, (char *) &issue_date, sizeof(long)) - != sizeof(long)) - goto bad; - - /* Actually, we should check each write for success */ - return (KSUCCESS); -bad: - return (KFAILURE); -} diff --git a/eBones/krb/tkt_string.c b/eBones/krb/tkt_string.c deleted file mode 100644 index d944833..0000000 --- a/eBones/krb/tkt_string.c +++ /dev/null @@ -1,80 +0,0 @@ -/* - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * For copying and distribution information, please see the file - * . - * - * from: tkt_string.c,v 4.6 89/01/05 12:31:51 raeburn Exp $ - * $Id: tkt_string.c,v 1.3 1995/07/18 16:39:52 mark Exp $ - */ - -#if 0 -#ifndef lint -static char *rcsid = -"$Id: tkt_string.c,v 1.3 1995/07/18 16:39:52 mark Exp $"; -#endif /* lint */ -#endif - -#include -#include -#include -#include -#include -#include - -/* - * This routine is used to generate the name of the file that holds - * the user's cache of server tickets and associated session keys. - * - * If it is set, krb_ticket_string contains the ticket file name. - * Otherwise, the filename is constructed as follows: - * - * If it is set, the environment variable "KRBTKFILE" will be used as - * the ticket file name. Otherwise TKT_ROOT (defined in "krb.h") and - * the user's uid are concatenated to produce the ticket file name - * (e.g., "/tmp/tkt123"). A pointer to the string containing the ticket - * file name is returned. - */ - -static char krb_ticket_string[MAXPATHLEN] = ""; - -char *tkt_string() -{ - char *env; - uid_t getuid(); - - if (!*krb_ticket_string) { - if ((env = getenv("KRBTKFILE"))) { - (void) strncpy(krb_ticket_string, env, - sizeof(krb_ticket_string)-1); - krb_ticket_string[sizeof(krb_ticket_string)-1] = '\0'; - } else { - /* 32 bits of signed integer will always fit in 11 characters - (including the sign), so no need to worry about overflow */ - (void) sprintf(krb_ticket_string, "%s%ld",TKT_ROOT,getuid()); - } - } - return krb_ticket_string; -} - -/* - * This routine is used to set the name of the file that holds the user's - * cache of server tickets and associated session keys. - * - * The value passed in is copied into local storage. - * - * NOTE: This routine should be called during initialization, before other - * Kerberos routines are called; otherwise tkt_string() above may be called - * and return an undesired ticket file name until this routine is called. - */ - -void -krb_set_tkt_string(val) -char *val; -{ - - (void) strncpy(krb_ticket_string, val, sizeof(krb_ticket_string)-1); - krb_ticket_string[sizeof(krb_ticket_string)-1] = '\0'; - - return; -} diff --git a/eBones/krb/util.c b/eBones/krb/util.c deleted file mode 100644 index 68c0dbc..0000000 --- a/eBones/krb/util.c +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Copyright 1988 by the Massachusetts Institute of Technology. - * For copying and distribution information, please see the file - * . - * - * Miscellaneous debug printing utilities - * - * from: util.c,v 4.8 89/01/17 22:02:08 wesommer Exp $ - * $Id: util.c,v 1.3 1995/07/18 16:39:54 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: util.c,v 1.3 1995/07/18 16:39:54 mark Exp $"; -#endif lint -#endif - -#include -#include -#include -#include -#include -#include - -/* - * Print some of the contents of the given authenticator structure - * (AUTH_DAT defined in "krb.h"). Fields printed are: - * - * pname, pinst, prealm, netaddr, flags, cksum, timestamp, session - */ - -void -ad_print(x) -AUTH_DAT *x; -{ - struct in_addr in; - - /* Print the contents of an auth_dat struct. */ - in.s_addr = x->address; - printf("\n%s %s %s %s flags %u cksum 0x%lX\n\ttkt_tm 0x%lX sess_key", - x->pname, x->pinst, x->prealm, inet_ntoa(in), x->k_flags, - x->checksum, x->time_sec); - - printf("[8] ="); -#ifdef NOENCRYPTION - placebo_cblock_print(x->session); -#else - des_cblock_print_file((C_Block *)x->session,stdout); -#endif - /* skip reply for now */ -} - -/* - * Print in hex the 8 bytes of the given session key. - * - * Printed format is: " 0x { x, x, x, x, x, x, x, x }" - */ - -#ifdef NOENCRYPTION -placebo_cblock_print(x) - des_cblock x; -{ - unsigned char *y = (unsigned char *) x; - register int i = 0; - - printf(" 0x { "); - - while (i++ <8) { - printf("%x",*y++); - if (i<8) printf(", "); - } - printf(" }"); -} -#endif diff --git a/eBones/ksrvtgt/Makefile b/eBones/ksrvtgt/Makefile deleted file mode 100644 index 9bf166d..0000000 --- a/eBones/ksrvtgt/Makefile +++ /dev/null @@ -1,11 +0,0 @@ -# From: @(#)Makefile 5.1 (Berkeley) 6/25/90 -# $Id: Makefile,v 1.3 1995/07/18 16:40:05 mark Exp $ - -PROG= ksrvtgt -CFLAGS+=-DKERBEROS -DDEBUG -I${.CURDIR}/../include -Wall -DPADD= ${LIBKRB} ${LIBDES} -LDADD= -L${KRBOBJDIR} -lkrb -ldes -BINDIR= /usr/bin -MAN1= ksrvtgt.1 - -.include diff --git a/eBones/ksrvtgt/ksrvtgt.1 b/eBones/ksrvtgt/ksrvtgt.1 deleted file mode 100644 index 129c745..0000000 --- a/eBones/ksrvtgt/ksrvtgt.1 +++ /dev/null @@ -1,51 +0,0 @@ -.\" from: ksrvtgt.1,v 4.1 89/01/24 14:36:28 jtkohl Exp $ -.\" $Id: ksrvtgt.1,v 1.1.1.1 1994/09/30 14:50:07 csgr Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file . -.\" -.TH KSRVTGT 1 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -ksrvtgt \- fetch and store Kerberos ticket-granting-ticket using a -service key -.SH SYNOPSIS -.B ksrvtgt -name instance [[realm] srvtab] -.SH DESCRIPTION -.I ksrvtgt -retrieves a ticket-granting ticket with a lifetime of five (5) minutes -for the principal -.I name.instance@realm -(or -.I name.instance@localrealm -if -.I realm -is not supplied on the command line), decrypts the response using -the service key found in -.I srvtab -(or in -.B /etc/kerberosIV/srvtab -if -.I srvtab -is not specified on the command line), and stores the ticket in the -standard ticket cache. -.PP -This command is intended primarily for use in shell scripts and other -batch-type facilities. -.SH DIAGNOSTICS -"Generic kerberos failure (kfailure)" can indicate a whole range of -problems, the most common of which is the inability to read the service -key file. -.SH FILES -.TP 2i -/etc/kerberosIV/krb.conf -to get the name of the local realm. -.TP -/tmp/tkt[uid] -The default ticket file. -.TP -/etc/kerberosIV/srvtab -The default service key file. -.SH SEE ALSO -kerberos(1), kinit(1), kdestroy(1) diff --git a/eBones/ksrvtgt/ksrvtgt.c b/eBones/ksrvtgt/ksrvtgt.c deleted file mode 100644 index 0f92394..0000000 --- a/eBones/ksrvtgt/ksrvtgt.c +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Copyright 1988 by the Massachusetts Institute of Technology. - * For copying and distribution information, please see the file - * . - * - * Get a ticket-granting-ticket given a service key file (srvtab) - * The lifetime is the shortest allowed [1 five-minute interval] - * - * from: ksrvtgt.c,v 4.3 89/07/28 10:17:28 jtkohl Exp $ - * $Id: ksrvtgt.c,v 1.3 1995/07/18 16:40:07 mark Exp $ - */ - -#ifndef lint -const char rcsid[] = -"$Id: ksrvtgt.c,v 1.3 1995/07/18 16:40:07 mark Exp $"; -#endif /* lint */ - -#include -#include -#include -#include -#include - -int -main(argc,argv) - int argc; - char **argv; -{ - char realm[REALM_SZ + 1]; - register int code; - char srvtab[MAXPATHLEN + 1]; - - bzero(realm, sizeof(realm)); - bzero(srvtab, sizeof(srvtab)); - - if (argc < 3 || argc > 5) { - fprintf(stderr, "Usage: %s name instance [[realm] srvtab]\n", - argv[0]); - exit(1); - } - - if (argc == 4) - (void) strncpy(srvtab, argv[3], sizeof(srvtab) -1); - - if (argc == 5) { - (void) strncpy(realm, argv[3], sizeof(realm) - 1); - (void) strncpy(srvtab, argv[4], sizeof(srvtab) -1); - } - - if (srvtab[0] == 0) - (void) strcpy(srvtab, KEYFILE); - - if (realm[0] == 0) - if (krb_get_lrealm(realm, 1) != KSUCCESS) - (void) strcpy(realm, KRB_REALM); - - code = krb_get_svc_in_tkt(argv[1], argv[2], realm, - "krbtgt", realm, 1, srvtab); - if (code) - fprintf(stderr, "%s\n", krb_err_txt[code]); - exit(code); -} diff --git a/eBones/ksrvutil/HOW-TO b/eBones/ksrvutil/HOW-TO deleted file mode 100644 index 53f719c..0000000 --- a/eBones/ksrvutil/HOW-TO +++ /dev/null @@ -1,291 +0,0 @@ -To re-create this export-controlled program from eBones: - -1) Copy ksrvutil.c from the kadmin directory. -2) perl -spi.bak -e 's/\$(Header[^\$]*)\$/$1/g' *.[ch] -3) Apply this patch: - -*** ksrvutil.c.orig Fri Jan 20 17:19:45 1995 ---- ksrvutil.c Fri Jan 20 17:27:38 1995 -*************** -*** 1,10 **** - /* -- * $Source: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/ksrvutil.c,v $ -- * $Author: jtkohl $ -- * - * Copyright 1989 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file -! * . - * - * list and update contents of srvtab files ---- 1,7 ---- - /* - * Copyright 1989 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file -! * Copyright.MIT. - * - * list and update contents of srvtab files -*************** -*** 12,20 **** - - #ifndef lint - static char rcsid_ksrvutil_c[] = -! "BonesHeader: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/ksrvutil.c,v 4.1 89/09/26 09:33:49 jtkohl Exp "; - #endif lint - -- #include - /* - * ksrvutil ---- 9,20 ---- - - #ifndef lint -+ #if 0 - static char rcsid_ksrvutil_c[] = -! "BonesHeader: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/ksrvutil.c,v 4.1 89/09/26 09:33:49 jtkohl Exp "; -! #endif -! static const char rcsid[] = -! "$Id$"; - #endif lint - - /* - * ksrvutil -*************** -*** 37,40 **** ---- 37,41 ---- - #include - #include -+ #include - - #ifdef NOENCRYPTION -*************** -*** 54,58 **** - - extern int errno; -- extern char *sys_errlist[]; - - extern void krb_set_tkt_string(); ---- 55,58 ---- -*************** -*** 79,85 **** - if ((keyfile_fd = open(keyfile, O_RDONLY, 0)) < 0) { - if (errno != ENOENT) { -! (void)fprintf(stderr, "%s: Unable to read %s: %s\n", progname, -! keyfile, sys_errlist[errno]); -! exit(1); - } - else { ---- 79,83 ---- - if ((keyfile_fd = open(keyfile, O_RDONLY, 0)) < 0) { - if (errno != ENOENT) { -! err(1, "unable to read %s", keyfile); - } - else { -*************** -*** 88,100 **** - open(keyfile, - O_WRONLY | O_TRUNC | O_CREAT, SRVTAB_MODE)) < 0) { -! (void) fprintf(stderr, "%s: Unable to create %s: %s\n", -! progname, keyfile, sys_errlist[errno]); -! exit(1); - } - else - if (close(keyfile_fd) < 0) { -! (void) fprintf(stderr, "%s: Failure closing %s: %s\n", -! progname, keyfile, sys_errlist[errno]); -! exit(1); - } - } ---- 86,94 ---- - open(keyfile, - O_WRONLY | O_TRUNC | O_CREAT, SRVTAB_MODE)) < 0) { -! err(1, "unable to create %s", keyfile); - } - else - if (close(keyfile_fd) < 0) { -! err(1, "failure closing %s", keyfile); - } - } -*************** -*** 107,135 **** - open(backup_keyfile, O_WRONLY | O_TRUNC | O_CREAT, - keyfile_mode)) < 0) { -! (void) fprintf(stderr, "%s: Unable to write %s: %s\n", progname, -! backup_keyfile, sys_errlist[errno]); -! exit(1); - } - do { - if ((rcount = read(keyfile_fd, (char *)buf, sizeof(buf))) < 0) { -! (void) fprintf(stderr, "%s: Error reading %s: %s\n", progname, -! keyfile, sys_errlist[errno]); -! exit(1); - } - if (rcount && (write(backup_keyfile_fd, buf, rcount) != rcount)) { -! (void) fprintf(stderr, "%s: Error writing %s: %s\n", progname, -! backup_keyfile, sys_errlist[errno]); -! exit(1); - } - } while (rcount); - if (close(backup_keyfile_fd) < 0) { -! (void) fprintf(stderr, "%s: Error closing %s: %s\n", progname, -! backup_keyfile, sys_errlist[errno]); -! exit(1); - } - if (close(keyfile_fd) < 0) { -! (void) fprintf(stderr, "%s: Error closing %s: %s\n", progname, -! keyfile, sys_errlist[errno]); -! exit(1); - } - } ---- 101,119 ---- - open(backup_keyfile, O_WRONLY | O_TRUNC | O_CREAT, - keyfile_mode)) < 0) { -! err(1, "unable to write %s", backup_keyfile); - } - do { - if ((rcount = read(keyfile_fd, (char *)buf, sizeof(buf))) < 0) { -! err(1, "error reading %s", keyfile); - } - if (rcount && (write(backup_keyfile_fd, buf, rcount) != rcount)) { -! err(1, "error writing %s", backup_keyfile); - } - } while (rcount); - if (close(backup_keyfile_fd) < 0) { -! err(1, "error closing %s", backup_keyfile); - } - if (close(keyfile_fd) < 0) { -! err(1, "error closing %s", keyfile); - } - } -*************** -*** 145,151 **** - (void) bzero(buf, size); - if (read(0, buf, size - 1) < 0) { -! (void) fprintf(stderr, "Failure reading from stdin: %s\n", -! sys_errlist[errno]); -! leave((char *)NULL, 1); - } - fflush(stdin); ---- 129,134 ---- - (void) bzero(buf, size); - if (read(0, buf, size - 1) < 0) { -! warn("failure reading from stdin"); -! leave((char *)NULL, 1); - } - fflush(stdin); -*************** -*** 163,170 **** - { - if (write(fd, buf, len) != len) { -! (void) fprintf(stderr, "%s: Failure writing to %s: %s\n", progname, -! filename, sys_errlist[errno]); -! (void) close(fd); -! leave("In progress srvtab in this file.", 1); - } - } ---- 146,152 ---- - { - if (write(fd, buf, len) != len) { -! warn("failure writing %s", filename); -! close(fd); -! leave("In progress srvtab in this file.", 1); - } - } -*************** -*** 343,349 **** - if (change || list) { - if ((backup_keyfile_fd = open(backup_keyfile, O_RDONLY, 0)) < 0) { -! (void) fprintf(stderr, "%s: Unable to read %s: %s\n", argv[0], -! backup_keyfile, sys_errlist[errno]); -! exit(1); - } - } ---- 325,329 ---- - if (change || list) { - if ((backup_keyfile_fd = open(backup_keyfile, O_RDONLY, 0)) < 0) { -! err(1, "unable to read %s", backup_keyfile); - } - } -*************** -*** 353,359 **** - open(work_keyfile, O_WRONLY | O_CREAT | O_TRUNC, - SRVTAB_MODE)) < 0) { -! (void) fprintf(stderr, "%s: Unable to write %s: %s\n", argv[0], -! work_keyfile, sys_errlist[errno]); -! exit(1); - } - } ---- 333,337 ---- - open(work_keyfile, O_WRONLY | O_CREAT | O_TRUNC, - SRVTAB_MODE)) < 0) { -! err(1, "unable to write %s", work_keyfile); - } - } -*************** -*** 361,367 **** - if ((work_keyfile_fd = - open(work_keyfile, O_APPEND | O_WRONLY, SRVTAB_MODE)) < 0) { -! (void) fprintf(stderr, "%s: Unable to open %s for append: %s\n", -! argv[0], work_keyfile, sys_errlist[errno]); -! exit(1); - } - } ---- 339,343 ---- - if ((work_keyfile_fd = - open(work_keyfile, O_APPEND | O_WRONLY, SRVTAB_MODE)) < 0) { -! err(1, "unable to append to %s", work_keyfile); - } - } -*************** -*** 456,463 **** - } - else { -! (void)fprintf(stderr, -! "%s: Unable to revert keyfile: %s\n", -! argv[0], sys_errlist[errno]); -! leave("", 1); - } - } ---- 432,437 ---- - } - else { -! warn("unable to revert keyfile"); -! leave("", 1); - } - } -*************** -*** 499,518 **** - if (change || list) - if (close(backup_keyfile_fd) < 0) { -! (void) fprintf(stderr, "%s: Failure closing %s: %s\n", -! argv[0], backup_keyfile, sys_errlist[errno]); -! (void) fprintf(stderr, "continuing...\n"); - } - - if (change || add) { - if (close(work_keyfile_fd) < 0) { -! (void) fprintf(stderr, "%s: Failure closing %s: %s\n", -! argv[0], work_keyfile, sys_errlist[errno]); -! exit(1); - } - if (rename(work_keyfile, keyfile) < 0) { -! (void) fprintf(stderr, "%s: Failure renaming %s to %s: %s\n", -! argv[0], work_keyfile, keyfile, -! sys_errlist[errno]); -! exit(1); - } - (void) chmod(backup_keyfile, keyfile_mode); ---- 473,485 ---- - if (change || list) - if (close(backup_keyfile_fd) < 0) { -! warn("failure closing %s, continuing", backup_keyfile); - } - - if (change || add) { - if (close(work_keyfile_fd) < 0) { -! err(1, "failure closing %s", work_keyfile); - } - if (rename(work_keyfile, keyfile) < 0) { -! err(1, "failure renaming %s to %s", work_keyfile, keyfile); - } - (void) chmod(backup_keyfile, keyfile_mode); diff --git a/eBones/ksrvutil/Makefile b/eBones/ksrvutil/Makefile deleted file mode 100644 index a95d9ae..0000000 --- a/eBones/ksrvutil/Makefile +++ /dev/null @@ -1,9 +0,0 @@ -# $Id: Makefile,v 1.1 1995/07/18 16:40:09 mark Exp $ - -PROG= ksrvutil -SRCS= ksrvutil.c -CFLAGS+= -I${.CURDIR}/../include -I${.CURDIR}/../libkadm -Wall -LDADD+= -L${KADMOBJDIR} -lkadm -L${KRBOBJDIR} -lkrb -ldes -lcom_err -MAN8= ksrvutil.8 - -.include diff --git a/eBones/ksrvutil/ksrvutil.c b/eBones/ksrvutil/ksrvutil.c deleted file mode 100644 index 1062ea5..0000000 --- a/eBones/ksrvutil/ksrvutil.c +++ /dev/null @@ -1,582 +0,0 @@ -/* - * Copyright 1989 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * Copyright.MIT. - * - * list and update contents of srvtab files - */ - -#if 0 -#ifndef lint -static char rcsid_ksrvutil_c[] = -"BonesHeader: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/ksrvutil.c,v 4.1 89/09/26 09:33:49 jtkohl Exp "; -static const char rcsid[] = - "$Id: ksrvutil.c,v 1.1 1995/07/18 16:40:11 mark Exp $"; -#endif lint -#endif - -/* - * ksrvutil - * list and update the contents of srvtab files - */ - -#ifndef FALSE -#define FALSE 0 -#endif - -#ifndef TRUE -#define TRUE 1 -#endif - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#ifdef NOENCRYPTION -#define read_long_pw_string placebo_read_pw_string -#else /* NOENCRYPTION */ -#define read_long_pw_string des_read_pw_string -#endif /* NOENCRYPTION */ -int read_long_pw_string(); - -#define SRVTAB_MODE 0600 /* rw------- */ -#define PAD " " -#define VNO_HEADER "Version" -#define VNO_FORMAT "%4d " -#define KEY_HEADER " Key " /* 17 characters long */ -#define PRINC_HEADER " Principal\n" -#define PRINC_FORMAT "%s" - -void usage(void); -void leave(char *str, int x); -void get_key_from_password(des_cblock key); -void print_name(char *name, char *inst, char *realm); -void print_key(des_cblock key); -unsigned short get_mode(char *filename); -int get_svc_new_key(des_cblock new_key, char *sname, char *sinst, - char *srealm, char *keyfile); - -void -copy_keyfile(progname, keyfile, backup_keyfile) - char *progname; - char *keyfile; - char *backup_keyfile; -{ - int keyfile_fd; - int backup_keyfile_fd; - int keyfile_mode; - char buf[BUFSIZ]; /* for copying keyfiles */ - int rcount; /* for copying keyfiles */ - int try_again; - - bzero((char *)buf, sizeof(buf)); - - do { - try_again = FALSE; - if ((keyfile_fd = open(keyfile, O_RDONLY, 0)) < 0) { - if (errno != ENOENT) { - err(1, "unable to read %s", keyfile); - } - else { - try_again = TRUE; - if ((keyfile_fd = - open(keyfile, - O_WRONLY | O_TRUNC | O_CREAT, SRVTAB_MODE)) < 0) { - err(1, "unable to create %s", keyfile); - } - else - if (close(keyfile_fd) < 0) { - err(1, "failure closing %s", keyfile); - } - } - } - } while(try_again); - - keyfile_mode = get_mode(keyfile); - - if ((backup_keyfile_fd = - open(backup_keyfile, O_WRONLY | O_TRUNC | O_CREAT, - keyfile_mode)) < 0) { - err(1, "unable to write %s", backup_keyfile); - } - do { - if ((rcount = read(keyfile_fd, (char *)buf, sizeof(buf))) < 0) { - err(1, "error reading %s", keyfile); - } - if (rcount && (write(backup_keyfile_fd, buf, rcount) != rcount)) { - err(1, "error writing %s", backup_keyfile); - } - } while (rcount); - if (close(backup_keyfile_fd) < 0) { - err(1, "error closing %s", backup_keyfile); - } - if (close(keyfile_fd) < 0) { - err(1, "error closing %s", keyfile); - } -} - -void -safe_read_stdin(prompt, buf, size) - char *prompt; - char *buf; - int size; -{ - printf(prompt); - fflush(stdout); - bzero(buf, size); - if (read(0, buf, size - 1) < 0) { - warn("failure reading from stdin"); - leave((char *)NULL, 1); - } - fflush(stdin); - buf[strlen(buf)-1] = 0; -} - - -void -safe_write(progname, filename, fd, buf, len) - char *progname; - char *filename; - int fd; - char *buf; - int len; -{ - if (write(fd, buf, len) != len) { - warn("failure writing %s", filename); - close(fd); - leave("In progress srvtab in this file.", 1); - } -} - -int -yn(string) - char *string; -{ - char ynbuf[5]; - - printf("%s (y,n) [y] ", string); - for (;;) { - safe_read_stdin("", ynbuf, sizeof(ynbuf)); - - if ((ynbuf[0] == 'n') || (ynbuf[0] == 'N')) - return(0); - else if ((ynbuf[0] == 'y') || (ynbuf[0] == 'Y') || (ynbuf[0] == 0)) - return(1); - else { - printf("Please enter 'y' or 'n': "); - fflush(stdout); - } - } -} - -void -append_srvtab(progname, filename, fd, sname, sinst, - srealm, key_vno, key) - char *progname; - char *filename; - int fd; - char *sname; - char *sinst; - char *srealm; - unsigned char key_vno; - des_cblock key; -{ - /* Add one to append null */ - safe_write(progname, filename, fd, sname, strlen(sname) + 1); - safe_write(progname, filename, fd, sinst, strlen(sinst) + 1); - safe_write(progname, filename, fd, srealm, strlen(srealm) + 1); - safe_write(progname, filename, fd, (char *)&key_vno, 1); - safe_write(progname, filename, fd, (char *)key, sizeof(des_cblock)); - fsync(fd); -} - -unsigned short -get_mode(filename) - char *filename; -{ - struct stat statbuf; - unsigned short mode; - - bzero((char *)&statbuf, sizeof(statbuf)); - - if (stat(filename, &statbuf) < 0) - mode = SRVTAB_MODE; - else - mode = statbuf.st_mode; - - return(mode); -} - -int -main(argc,argv) - int argc; - char *argv[]; -{ - char sname[ANAME_SZ]; /* name of service */ - char sinst[INST_SZ]; /* instance of service */ - char srealm[REALM_SZ]; /* realm of service */ - unsigned char key_vno; /* key version number */ - int status; /* general purpose error status */ - des_cblock new_key; - des_cblock old_key; - char change_tkt[MAXPATHLEN]; /* Ticket to use for key change */ - char keyfile[MAXPATHLEN]; /* Original keyfile */ - char work_keyfile[MAXPATHLEN]; /* Working copy of keyfile */ - char backup_keyfile[MAXPATHLEN]; /* Backup copy of keyfile */ - unsigned short keyfile_mode; /* Protections on keyfile */ - int work_keyfile_fd = -1; /* Initialize so that */ - int backup_keyfile_fd = -1; /* compiler doesn't complain */ - char local_realm[REALM_SZ]; /* local kerberos realm */ - int i; - int interactive = FALSE; - int list = FALSE; - int change = FALSE; - int add = FALSE; - int key = FALSE; /* do we show keys? */ - int arg_entered = FALSE; - int change_this_key = FALSE; - char databuf[BUFSIZ]; - int first_printed = FALSE; /* have we printed the first item? */ - - bzero((char *)sname, sizeof(sname)); - bzero((char *)sinst, sizeof(sinst)); - bzero((char *)srealm, sizeof(srealm)); - - bzero((char *)change_tkt, sizeof(change_tkt)); - bzero((char *)keyfile, sizeof(keyfile)); - bzero((char *)work_keyfile, sizeof(work_keyfile)); - bzero((char *)backup_keyfile, sizeof(backup_keyfile)); - bzero((char *)local_realm, sizeof(local_realm)); - - sprintf(change_tkt, "/tmp/tkt_ksrvutil.%d", getpid()); - krb_set_tkt_string(change_tkt); - - /* This is used only as a default for adding keys */ - if (krb_get_lrealm(local_realm, 1) != KSUCCESS) - strcpy(local_realm, KRB_REALM); - - for (i = 1; i < argc; i++) { - if (strcmp(argv[i], "-i") == 0) - interactive++; - else if (strcmp(argv[i], "-k") == 0) - key++; - else if (strcmp(argv[i], "list") == 0) { - if (arg_entered) - usage(); - else { - arg_entered++; - list++; - } - } - else if (strcmp(argv[i], "change") == 0) { - if (arg_entered) - usage(); - else { - arg_entered++; - change++; - } - } - else if (strcmp(argv[i], "add") == 0) { - if (arg_entered) - usage(); - else { - arg_entered++; - add++; - } - } - else if (strcmp(argv[i], "-f") == 0) { - if (++i == argc) - usage(); - else - strcpy(keyfile, argv[i]); - } - else - usage(); - } - - if (!arg_entered) - usage(); - - if (!keyfile[0]) - strcpy(keyfile, KEYFILE); - - strcpy(work_keyfile, keyfile); - strcpy(backup_keyfile, keyfile); - - if (change || add) { - strcat(work_keyfile, ".work"); - strcat(backup_keyfile, ".old"); - - copy_keyfile(argv[0], keyfile, backup_keyfile); - } - - if (add) - copy_keyfile(argv[0], backup_keyfile, work_keyfile); - - keyfile_mode = get_mode(keyfile); - - if (change || list) { - if ((backup_keyfile_fd = open(backup_keyfile, O_RDONLY, 0)) < 0) { - err(1, "unable to read %s", backup_keyfile); - } - } - - if (change) { - if ((work_keyfile_fd = - open(work_keyfile, O_WRONLY | O_CREAT | O_TRUNC, - SRVTAB_MODE)) < 0) { - err(1, "unable to write %s", work_keyfile); - } - } - else if (add) { - if ((work_keyfile_fd = - open(work_keyfile, O_APPEND | O_WRONLY, SRVTAB_MODE)) < 0) { - err(1, "unable to append to %s", work_keyfile); - } - } - - if (change || list) { - while ((getst(backup_keyfile_fd, sname, SNAME_SZ) > 0) && - (getst(backup_keyfile_fd, sinst, INST_SZ) > 0) && - (getst(backup_keyfile_fd, srealm, REALM_SZ) > 0) && - (read(backup_keyfile_fd, &key_vno, 1) > 0) && - (read(backup_keyfile_fd,(char *)old_key,sizeof(old_key)) > 0)) { - if (list) { - if (!first_printed) { - printf(VNO_HEADER); - printf(PAD); - if (key) { - printf(KEY_HEADER); - printf(PAD); - } - printf(PRINC_HEADER); - first_printed = 1; - } - printf(VNO_FORMAT, key_vno); - printf(PAD); - if (key) { - print_key(old_key); - printf(PAD); - } - print_name(sname, sinst, srealm); - printf("\n"); - } - else if (change) { - printf("\nPrincipal: "); - print_name(sname, sinst, srealm); - printf("; version %d\n", key_vno); - if (interactive) - change_this_key = yn("Change this key?"); - else if (change) - change_this_key = 1; - else - change_this_key = 0; - - if (change_this_key) - printf("Changing to version %d.\n", key_vno + 1); - else if (change) - printf("Not changing this key.\n"); - - if (change_this_key) { - /* - * Pick a new key and determine whether or not - * it is safe to change - */ - if ((status = - get_svc_new_key(new_key, sname, sinst, - srealm, keyfile)) == KADM_SUCCESS) - key_vno++; - else { - bcopy(old_key, new_key, sizeof(new_key)); - com_err(argv[0], status, ": key NOT changed"); - change_this_key = FALSE; - } - } - else - bcopy(old_key, new_key, sizeof(new_key)); - append_srvtab(argv[0], work_keyfile, work_keyfile_fd, - sname, sinst, srealm, key_vno, new_key); - if (key && change_this_key) { - printf("Old key: "); - print_key(old_key); - printf("; new key: "); - print_key(new_key); - printf("\n"); - } - if (change_this_key) { - if ((status = kadm_change_pw(new_key)) == KADM_SUCCESS) { - printf("Key changed.\n"); - dest_tkt(); - } - else { - com_err(argv[0], status, - " attempting to change password."); - dest_tkt(); - /* XXX This knows the format of a keyfile */ - if (lseek(work_keyfile_fd, -9, L_INCR) >= 0) { - key_vno--; - safe_write(argv[0], work_keyfile, - work_keyfile_fd, (char *)&key_vno, 1); - safe_write(argv[0], work_keyfile, work_keyfile_fd, - (char *)old_key, sizeof(des_cblock)); - fsync(work_keyfile_fd); - fprintf(stderr,"Key NOT changed.\n"); - } - else { - warn("unable to revert keyfile"); - leave("", 1); - } - } - } - } - bzero((char *)old_key, sizeof(des_cblock)); - bzero((char *)new_key, sizeof(des_cblock)); - } - } - else if (add) { - do { - do { - safe_read_stdin("Name: ", databuf, sizeof(databuf)); - strncpy(sname, databuf, sizeof(sname) - 1); - safe_read_stdin("Instance: ", databuf, sizeof(databuf)); - strncpy(sinst, databuf, sizeof(sinst) - 1); - safe_read_stdin("Realm: ", databuf, sizeof(databuf)); - strncpy(srealm, databuf, sizeof(srealm) - 1); - safe_read_stdin("Version number: ", databuf, sizeof(databuf)); - key_vno = atoi(databuf); - if (!srealm[0]) - strcpy(srealm, local_realm); - printf("New principal: "); - print_name(sname, sinst, srealm); - printf("; version %d\n", key_vno); - } while (!yn("Is this correct?")); - get_key_from_password(new_key); - if (key) { - printf("Key: "); - print_key(new_key); - printf("\n"); - } - append_srvtab(argv[0], work_keyfile, work_keyfile_fd, - sname, sinst, srealm, key_vno, new_key); - printf("Key successfully added.\n"); - } while (yn("Would you like to add another key?")); - } - - if (change || list) - if (close(backup_keyfile_fd) < 0) { - warn("failure closing %s, continuing", backup_keyfile); - } - - if (change || add) { - if (close(work_keyfile_fd) < 0) { - err(1, "failure closing %s", work_keyfile); - } - if (rename(work_keyfile, keyfile) < 0) { - err(1, "failure renaming %s to %s", work_keyfile, keyfile); - } - chmod(backup_keyfile, keyfile_mode); - chmod(keyfile, keyfile_mode); - printf("Old keyfile in %s.\n", backup_keyfile); - } - - exit(0); -} - -void -print_key(key) - des_cblock key; -{ - int i; - - for (i = 0; i < 4; i++) - printf("%02x", key[i]); - printf(" "); - for (i = 4; i < 8; i++) - printf("%02x", key[i]); -} - -void -print_name(name, inst, realm) - char *name; - char *inst; - char *realm; -{ - printf("%s%s%s%s%s", name, inst[0] ? "." : "", inst, - realm[0] ? "@" : "", realm); -} - -int -get_svc_new_key(new_key, sname, sinst, srealm, keyfile) - des_cblock new_key; - char *sname; - char *sinst; - char *srealm; - char *keyfile; -{ - int status = KADM_SUCCESS; - - if (((status = krb_get_svc_in_tkt(sname, sinst, srealm, PWSERV_NAME, - KADM_SINST, 1, keyfile)) == KSUCCESS) && - ((status = kadm_init_link("changepw", KRB_MASTER, srealm)) == - KADM_SUCCESS)) { -#ifdef NOENCRYPTION - bzero((char *) new_key, sizeof(des_cblock)); - new_key[0] = (unsigned char) 1; -#else /* NOENCRYPTION */ - des_random_key(new_key); -#endif /* NOENCRYPTION */ - return(KADM_SUCCESS); - } - - return(status); -} - -void -get_key_from_password(key) - des_cblock key; -{ - char password[MAX_KPW_LEN]; /* storage for the password */ - - if (read_long_pw_string(password, sizeof(password)-1, "Password: ", 1)) - leave("Error reading password.", 1); - -#ifdef NOENCRYPTION - bzero((char *) key, sizeof(des_cblock)); - key[0] = (unsigned char) 1; -#else /* NOENCRYPTION */ - des_string_to_key(password, (des_cblock *)key); -#endif /* NOENCRYPTION */ - bzero((char *)password, sizeof(password)); -} - -void -usage() -{ - fprintf(stderr, "Usage: ksrvutil [-f keyfile] [-i] [-k] "); - fprintf(stderr, "{list | change | add}\n"); - fprintf(stderr, " -i causes the program to ask for "); - fprintf(stderr, "confirmation before changing keys.\n"); - fprintf(stderr, " -k causes the key to printed for list or "); - fprintf(stderr, "change.\n"); - exit(1); -} - -void -leave(str,x) -char *str; -int x; -{ - if (str) - fprintf(stderr, "%s\n", str); - dest_tkt(); - exit(x); -} diff --git a/eBones/kstash/Makefile b/eBones/kstash/Makefile deleted file mode 100644 index 1387f8c..0000000 --- a/eBones/kstash/Makefile +++ /dev/null @@ -1,10 +0,0 @@ -# From: @(#)Makefile 5.2 (Berkeley) 3/5/91 -# $Id: Makefile,v 1.3 1995/07/18 16:40:14 mark Exp $ - -PROG= kstash -CFLAGS+=-DKERBEROS -DDEBUG -I${.CURDIR}/../include -Wall -DPADD= ${LIBKDB} ${LIBKRB} -LDADD= -L${KDBOBJDIR} -lkdb -L${KRBOBJDIR} -lkrb -ldes -MAN8= kstash.8 - -.include diff --git a/eBones/kstash/kstash.8 b/eBones/kstash/kstash.8 deleted file mode 100644 index ac8c57b..0000000 --- a/eBones/kstash/kstash.8 +++ /dev/null @@ -1,44 +0,0 @@ -.\" from: kstash.8,v 4.1 89/01/23 11:11:39 jtkohl Exp $ -.\" $Id: kstash.8,v 1.1.1.1 1994/09/30 14:50:07 csgr Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file . -.\" -.TH KSTASH 8 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -kstash \- stash Kerberos key distribution center database master key -.SH SYNOPSIS -kstash -.SH DESCRIPTION -.I kstash -saves the Kerberos key distribution center (KDC) database master key in -the master key cache file. -.PP -The user is prompted to enter the key, to verify the authenticity of the -key and the authorization to store the key in the file. -.SH DIAGNOSTICS -.TP 20n -"verify_master_key: Invalid master key, does not match database." -The master key string entered was incorrect. -.TP -"kstash: Unable to open master key file" -The attempt to open the cache file for writing failed (probably due to a -system or access permission error). -.TP -"kstash: Write I/O error on master key file" -The -.BR write (2) -system call returned an error while -.I kstash -was attempting to write the key to the file. -.SH FILES -.TP 20n -/etc/kerberosIV/principal.db -DBM file containing database -.TP -/etc/kerberosIV/principal.ok -Semaphore indicating that the DBM database is not being modified. -.TP -/etc/kerberosIV/master_key -Master key cache file. diff --git a/eBones/kstash/kstash.c b/eBones/kstash/kstash.c deleted file mode 100644 index ce26a1d..0000000 --- a/eBones/kstash/kstash.c +++ /dev/null @@ -1,94 +0,0 @@ -/* - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology - * For copying and distribution information, please see the file - * . - * - * from: kstash.c,v 4.0 89/01/23 09:45:43 jtkohl Exp $ - * $Id: kstash.c,v 1.3 1995/07/18 16:40:16 mark Exp $ - */ - -#if 0 -#ifndef lint -static char rcsid[] = -"$Id: kstash.c,v 1.3 1995/07/18 16:40:16 mark Exp $"; -#endif lint -#endif - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include - -/* change this later, but krblib_dbm needs it for now */ -char *progname; - -static C_Block master_key; -static Key_schedule master_key_schedule; -int debug; -static int kfile; -static void clear_secrets(); - -int -main(argc, argv) - int argc; - char **argv; -{ - long n; - if ((n = kerb_init())) { - fprintf(stderr, "Kerberos db and cache init failed = %ld\n", n); - exit(1); - } - - if (kdb_get_master_key (TRUE, master_key, master_key_schedule) != 0) { - fprintf (stderr, "%s: Couldn't read master key.\n", argv[0]); - fflush (stderr); - clear_secrets(); - exit (-1); - } - - if (kdb_verify_master_key (master_key, master_key_schedule, stderr) < 0) { - clear_secrets(); - exit (-1); - } - - kfile = open(MKEYFILE, O_TRUNC | O_RDWR | O_CREAT, 0600); - if (kfile < 0) { - clear_secrets(); - fprintf(stderr, "\n\07\07%s: Unable to open master key file\n", - argv[0]); - exit(1); - } - if (write(kfile, (char *) master_key, 8) < 0) { - clear_secrets(); - fprintf(stderr, "\n%s: Write I/O error on master key file\n", - argv[0]); - exit(1); - } - (void) close(kfile); - clear_secrets(); - return(0); -} - -static void -clear_secrets() -{ - bzero(master_key_schedule, sizeof(master_key_schedule)); - bzero(master_key, sizeof(master_key)); -} diff --git a/eBones/libkadm/EXPORTABLE b/eBones/libkadm/EXPORTABLE deleted file mode 100644 index e478483..0000000 --- a/eBones/libkadm/EXPORTABLE +++ /dev/null @@ -1,4 +0,0 @@ -The files in this directory are believed to be exportable. - --GAWollman - diff --git a/eBones/libkadm/Makefile b/eBones/libkadm/Makefile deleted file mode 100644 index 293e842..0000000 --- a/eBones/libkadm/Makefile +++ /dev/null @@ -1,24 +0,0 @@ -# $Id: Makefile,v 1.1 1995/07/18 16:40:20 mark Exp $ - -LIB= kadm - -SRCS= kadm_err.c kadm_stream.c kadm_supp.c kadm_cli_wrap.c -CFLAGS+= -I. -I${.CURDIR} -I${.CURDIR}/../include -I${KRBOBJDIR} \ - -DPOSIX -Wall -CLEANFILES+= kadm_err.c kadm_err.h - -kadm_err.c kadm_err.h: kadm_err.et - test -e kadm_err.et || ln -s ${.CURDIR}/kadm_err.et . - compile_et kadm_err.et - -beforeinstall: - -cd ${.CURDIR}; cmp -s kadm.h \ - ${DESTDIR}/usr/include/kerberosIV/kadm.h || \ - install -c -o ${BINOWN} -g ${BINGRP} -m 444 kadm.h \ - ${DESTDIR}/usr/include/kerberosIV - -cd ${.OBJDIR}; cmp -s kadm_err.h \ - ${DESTDIR}/usr/include/kerberosIV/kadm_err.h || \ - install -c -o ${BINOWN} -g ${BINGRP} -m 444 kadm_err.h \ - ${DESTDIR}/usr/include/kerberosIV - -.include diff --git a/eBones/libkadm/kadm.h b/eBones/libkadm/kadm.h deleted file mode 100644 index 21a23bb..0000000 --- a/eBones/libkadm/kadm.h +++ /dev/null @@ -1,164 +0,0 @@ -/* - * $Source: /usr/cvs/src/eBones/libkadm/kadm.h,v $ - * $Author: mark $ - * Header: /afs/athena.mit.edu/astaff/project/kerberos/src/include/RCS/kadm.h,v 4.2 89/09/26 09:15:20 jtkohl Exp - * - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * Copyright.MIT. - * - * Definitions for Kerberos administration server & client - */ - -#ifndef KADM_DEFS -#define KADM_DEFS - -/* - * kadm.h - * Header file for the fourth attempt at an admin server - * Doug Church, December 28, 1989, MIT Project Athena - */ - -/* for those broken Unixes without this defined... should be in sys/param.h */ -#ifndef MAXHOSTNAMELEN -#define MAXHOSTNAMELEN 64 -#endif - -#include -#include -#include -#include -#include -#include - -/* The global structures for the client and server */ -typedef struct { - struct sockaddr_in admin_addr; - struct sockaddr_in my_addr; - int my_addr_len; - int admin_fd; /* file descriptor for link to admin server */ - char sname[ANAME_SZ]; /* the service name */ - char sinst[INST_SZ]; /* the services instance */ - char krbrlm[REALM_SZ]; -} Kadm_Client; - -typedef struct { /* status of the server, i.e the parameters */ - int inter; /* Space for command line flags */ - char *sysfile; /* filename of server */ -} admin_params; /* Well... it's the admin's parameters */ - -/* Largest password length to be supported */ -#define MAX_KPW_LEN 128 - -/* Largest packet the admin server will ever allow itself to return */ -#define KADM_RET_MAX 2048 - -/* That's right, versions are 8 byte strings */ -#define KADM_VERSTR "KADM0.0A" -#define KADM_ULOSE "KYOULOSE" /* sent back when server can't - decrypt client's msg */ -#define KADM_VERSIZE strlen(KADM_VERSTR) - -/* the lookups for the server instances */ -#define PWSERV_NAME "changepw" -#define KADM_SNAME "kerberos_master" -#define KADM_SINST "kerberos" - -/* Attributes fields constants and macros */ -#define ALLOC 2 -#define RESERVED 3 -#define DEALLOC 4 -#define DEACTIVATED 5 -#define ACTIVE 6 - -/* Kadm_vals structure for passing db fields into the server routines */ -#define FLDSZ 4 - -typedef struct { - u_char fields[FLDSZ]; /* The active fields in this struct */ - char name[ANAME_SZ]; - char instance[INST_SZ]; - unsigned long key_low; - unsigned long key_high; - unsigned long exp_date; - unsigned short attributes; - unsigned char max_life; -} Kadm_vals; /* The basic values structure in Kadm */ - -/* Kadm_vals structure for passing db fields into the server routines */ -#define FLDSZ 4 - -/* Need to define fields types here */ -#define KADM_NAME 31 -#define KADM_INST 30 -#define KADM_EXPDATE 29 -#define KADM_ATTR 28 -#define KADM_MAXLIFE 27 -#define KADM_DESKEY 26 - -/* To set a field entry f in a fields structure d */ -#define SET_FIELD(f,d) (d[3-(f/8)]|=(1<<(f%8))) - -/* To set a field entry f in a fields structure d */ -#define CLEAR_FIELD(f,d) (d[3-(f/8)]&=(~(1<<(f%8)))) - -/* Is field f in fields structure d */ -#define IS_FIELD(f,d) (d[3-(f/8)]&(1<<(f%8))) - -/* Various return codes */ -#define KADM_SUCCESS 0 - -#define WILDCARD_STR "*" - -enum acl_types { -ADDACL, -GETACL, -MODACL -}; - -/* Various opcodes for the admin server's functions */ -#define CHANGE_PW 2 -#define ADD_ENT 3 -#define MOD_ENT 4 -#define GET_ENT 5 - -/* XXX This doesn't belong here!!! */ -#ifdef POSIX -typedef void sigtype; -#else -typedef int sigtype; -#endif - -int vals_to_stream(Kadm_vals *dt_in, u_char **dt_out); -int stream_to_vals(u_char *dt_in, Kadm_vals *dt_out, int maxlen); - -int build_field_header(u_char *cont, u_char **st); -int check_field_header(u_char *st, u_char *cont, int maxlen); - -int stv_string(u_char *st, char *dat, int loc, int stlen, int maxlen); -int stv_short(u_char *st, u_short *dat, int loc, int maxlen); -int stv_long(u_char *st, u_long *dat, int loc, int maxlen); -int stv_char(u_char *st, u_char *dat, int loc, int maxlen); - -int vts_string(char *dat, u_char **st, int loc); -int vts_short(u_short dat, u_char **st, int loc); -int vts_long(u_long dat, u_char **st, int loc); -int vts_char(u_char dat, u_char **st, int loc); - -int kadm_cli_conn(void); -void kadm_cli_disconn(void); -int kadm_cli_send(u_char *st_dat, int st_siz, u_char **ret_dat, int *ret_siz); -int kadm_cli_out(u_char *dat, int dat_len, u_char **ret_dat, int *ret_siz); -int kadm_cli_keyd(des_cblock s_k, des_key_schedule s_s); - -int kadm_get(Kadm_vals *vals, u_char fl[4]); -int kadm_mod(Kadm_vals *vals1, Kadm_vals *vals2); -int kadm_add(Kadm_vals *vals); -int kadm_change_pw(des_cblock newkey); -int kadm_init_link(char n[], char i[], char r[]); -void prin_vals(Kadm_vals *vals); -void kadm_vals_to_prin(u_char fields[FLDSZ], Principal *new, Kadm_vals *old); -void kadm_prin_to_vals(u_char fields[FLDSZ], Kadm_vals *new, Principal *old); - -#endif KADM_DEFS diff --git a/eBones/libkadm/kadm_cli_wrap.c b/eBones/libkadm/kadm_cli_wrap.c deleted file mode 100644 index e25439d..0000000 --- a/eBones/libkadm/kadm_cli_wrap.c +++ /dev/null @@ -1,509 +0,0 @@ -/* - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * Copyright.MIT. - * - * Kerberos administration server client-side routines - */ - -#if 0 -#ifndef lint -static char rcsid_kadm_cli_wrap_c[] = -"from: Id: kadm_cli_wrap.c,v 4.6 89/12/30 20:09:45 qjb Exp"; -static const char rcsid[] = - "$Id: kadm_cli_wrap.c,v 1.1 1995/07/18 16:40:23 mark Exp $"; -#endif lint -#endif - -/* - * kadm_cli_wrap.c the client side wrapping of the calls to the admin server - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#ifndef NULL -#define NULL 0 -#endif - -static Kadm_Client client_parm; - -/* Macros for use in returning data... used in kadm_cli_send */ -#define RET_N_FREE(r) {clear_secrets(); free((char *)act_st); free((char *)priv_pak); return r;} - -/* Keys for use in the transactions */ -static des_cblock sess_key; /* to be filled in by kadm_cli_keyd */ -static Key_schedule sess_sched; - -static void -clear_secrets() -{ - bzero((char *)sess_key, sizeof(sess_key)); - bzero((char *)sess_sched, sizeof(sess_sched)); -} - -/* - * kadm_init_link - * receives : name, inst, realm - * - * initializes client parm, the Kadm_Client structure which holds the - * data about the connection between the server and client, the services - * used, the locations and other fun things - */ -int -kadm_init_link(n, i, r) -char n[]; -char i[]; -char r[]; -{ - struct servent *sep; /* service we will talk to */ - struct hostent *hop; /* host we will talk to */ - char adm_hostname[MAXHOSTNAMELEN]; - - (void) init_kadm_err_tbl(); - (void) init_krb_err_tbl(); - (void) strcpy(client_parm.sname, n); - (void) strcpy(client_parm.sinst, i); - (void) strcpy(client_parm.krbrlm, r); - client_parm.admin_fd = -1; - - /* set up the admin_addr - fetch name of admin host */ - if (krb_get_admhst(adm_hostname, client_parm.krbrlm, 1) != KSUCCESS) - return KADM_NO_HOST; - if ((hop = gethostbyname(adm_hostname)) == NULL) - return KADM_UNK_HOST; /* couldnt find the admin servers - * address */ - if ((sep = getservbyname(KADM_SNAME, "tcp")) == NULL) - return KADM_NO_SERV; /* couldnt find the admin service */ - bzero((char *) &client_parm.admin_addr, - sizeof(client_parm.admin_addr)); - client_parm.admin_addr.sin_family = hop->h_addrtype; - bcopy((char *) hop->h_addr, (char *) &client_parm.admin_addr.sin_addr, - hop->h_length); - client_parm.admin_addr.sin_port = sep->s_port; - - return KADM_SUCCESS; -} /* procedure kadm_init_link */ - -/* - * kadm_change_pw - * recieves : key - * - * Replaces the password (i.e. des key) of the caller with that specified in - * key. Returns no actual data from the master server, since this is called - * by a user - */ -int -kadm_change_pw(newkey) -des_cblock newkey; /* The DES form of the users key */ -{ - int stsize, retc; /* stream size and return code */ - u_char *send_st; /* send stream */ - u_char *ret_st; - int ret_sz; - u_long keytmp; - - if ((retc = kadm_cli_conn()) != KADM_SUCCESS) - return(retc); - /* possible problem with vts_long on a non-multiple of four boundary */ - - stsize = 0; /* start of our output packet */ - send_st = (u_char *) malloc(1);/* to make it reallocable */ - send_st[stsize++] = (u_char) CHANGE_PW; - - /* change key to stream */ - - bcopy((char *) (((long *) newkey) + 1), (char *) &keytmp, 4); - keytmp = htonl(keytmp); - stsize += vts_long(keytmp, &send_st, stsize); - - bcopy((char *) newkey, (char *) &keytmp, 4); - keytmp = htonl(keytmp); - stsize += vts_long(keytmp, &send_st, stsize); - - retc = kadm_cli_send(send_st, stsize, &ret_st, &ret_sz); - free((char *)send_st); - if (retc == KADM_SUCCESS) { - free((char *)ret_st); - } - kadm_cli_disconn(); - return(retc); -} - -/* - * kadm_add - * receives : vals - * returns : vals - * - * Adds and entry containing values to the database returns the values of the - * entry, so if you leave certain fields blank you will be able to determine - * the default values they are set to - */ -int -kadm_add(vals) -Kadm_vals *vals; -{ - u_char *st, *st2; /* st will hold the stream of values */ - int st_len; /* st2 the final stream with opcode */ - int retc; /* return code from call */ - u_char *ret_st; - int ret_sz; - - if ((retc = kadm_cli_conn()) != KADM_SUCCESS) - return(retc); - st_len = vals_to_stream(vals, &st); - st2 = (u_char *) malloc((unsigned)(1 + st_len)); - *st2 = (u_char) ADD_ENT; /* here's the opcode */ - bcopy((char *) st, (char *) st2 + 1, st_len); /* append st on */ - retc = kadm_cli_send(st2, st_len + 1, &ret_st, &ret_sz); - free((char *)st); - free((char *)st2); - if (retc == KADM_SUCCESS) { - /* ret_st has vals */ - if (stream_to_vals(ret_st, vals, ret_sz) < 0) - retc = KADM_LENGTH_ERROR; - free((char *)ret_st); - } - kadm_cli_disconn(); - return(retc); -} - -/* - * kadm_mod - * receives : KTEXT, {values, values} - * returns : CKSUM, RETCODE, {values} - * acl : su, sms (as register or dealloc) - * - * Modifies all entries corresponding to the first values so they match the - * second values. returns the values for the changed entries in vals2 - */ -int -kadm_mod(vals1, vals2) -Kadm_vals *vals1; -Kadm_vals *vals2; -{ - u_char *st, *st2; /* st will hold the stream of values */ - int st_len, nlen; /* st2 the final stream with opcode */ - u_char *ret_st; - int ret_sz; - - /* nlen is the length of second vals */ - int retc; /* return code from call */ - - if ((retc = kadm_cli_conn()) != KADM_SUCCESS) - return(retc); - - st_len = vals_to_stream(vals1, &st); - st2 = (u_char *) malloc((unsigned)(1 + st_len)); - *st2 = (u_char) MOD_ENT; /* here's the opcode */ - bcopy((char *) st, (char *) st2 + 1, st_len++); /* append st on */ - free((char *)st); - nlen = vals_to_stream(vals2, &st); - st2 = (u_char *) realloc((char *) st2, (unsigned)(st_len + nlen)); - bcopy((char *) st, (char *) st2 + st_len, nlen); /* append st on */ - retc = kadm_cli_send(st2, st_len + nlen, &ret_st, &ret_sz); - free((char *)st); - free((char *)st2); - if (retc == KADM_SUCCESS) { - /* ret_st has vals */ - if (stream_to_vals(ret_st, vals2, ret_sz) < 0) - retc = KADM_LENGTH_ERROR; - free((char *)ret_st); - } - kadm_cli_disconn(); - return(retc); -} - -/* - * kadm_get - * receives : KTEXT, {values, flags} - * returns : CKSUM, RETCODE, {count, values, values, values} - * acl : su - * - * gets the fields requested by flags from all entries matching values returns - * this data for each matching recipient, after a count of how many such - * matches there were - */ -int -kadm_get(vals, fl) -Kadm_vals *vals; -u_char fl[4]; - -{ - int loop; /* for copying the fields data */ - u_char *st, *st2; /* st will hold the stream of values */ - int st_len; /* st2 the final stream with opcode */ - int retc; /* return code from call */ - u_char *ret_st; - int ret_sz; - - if ((retc = kadm_cli_conn()) != KADM_SUCCESS) - return(retc); - st_len = vals_to_stream(vals, &st); - st2 = (u_char *) malloc((unsigned)(1 + st_len + FLDSZ)); - *st2 = (u_char) GET_ENT; /* here's the opcode */ - bcopy((char *) st, (char *) st2 + 1, st_len); /* append st on */ - for (loop = FLDSZ - 1; loop >= 0; loop--) - *(st2 + st_len + FLDSZ - loop) = fl[loop]; /* append the flags */ - retc = kadm_cli_send(st2, st_len + 1 + FLDSZ, &ret_st, &ret_sz); - free((char *)st); - free((char *)st2); - if (retc == KADM_SUCCESS) { - /* ret_st has vals */ - if (stream_to_vals(ret_st, vals, ret_sz) < 0) - retc = KADM_LENGTH_ERROR; - free((char *)ret_st); - } - kadm_cli_disconn(); - return(retc); -} - -/* - * kadm_cli_send - * recieves : opcode, packet, packet length, serv_name, serv_inst - * returns : return code from the packet build, the server, or - * something else - * - * It assembles a packet as follows: - * 8 bytes : VERSION STRING - * 4 bytes : LENGTH OF MESSAGE DATA and OPCODE - * : KTEXT - * : OPCODE \ - * : DATA > Encrypted (with make priv) - * : ...... / - * - * If it builds the packet and it is small enough, then it attempts to open the - * connection to the admin server. If the connection is succesfully open - * then it sends the data and waits for a reply. - */ -int -kadm_cli_send(st_dat, st_siz, ret_dat, ret_siz) -u_char *st_dat; /* the actual data */ -int st_siz; /* length of said data */ -u_char **ret_dat; /* to give return info */ -int *ret_siz; /* length of returned info */ -{ - int act_len, retdat; /* current offset into packet, return - * data */ - KTEXT_ST authent; /* the authenticator we will build */ - u_char *act_st; /* the pointer to the complete packet */ - u_char *priv_pak; /* private version of the packet */ - int priv_len; /* length of private packet */ - u_long cksum; /* checksum of the packet */ - MSG_DAT mdat; - u_char *return_dat; - - act_st = (u_char *) malloc(KADM_VERSIZE); /* verstr stored first */ - (void) strncpy((char *)act_st, KADM_VERSTR, KADM_VERSIZE); - act_len = KADM_VERSIZE; - - if ((retdat = kadm_cli_keyd(sess_key, sess_sched)) != KADM_SUCCESS) { - free((char *)act_st); - return retdat; /* couldnt get key working */ - } - priv_pak = (u_char *) malloc((unsigned)(st_siz + 200)); - /* 200 bytes for extra info case */ - if ((priv_len = krb_mk_priv(st_dat, priv_pak, (u_long)st_siz, - sess_sched, sess_key, &client_parm.my_addr, - &client_parm.admin_addr)) < 0) - RET_N_FREE(KADM_NO_ENCRYPT); /* whoops... we got a lose - * here */ - /* here is the length of priv data. receiver calcs - size of authenticator by subtracting vno size, priv size, and - sizeof(u_long) (for the size indication) from total size */ - - act_len += vts_long((u_long) priv_len, &act_st, act_len); -#ifdef NOENCRYPTION - cksum = 0; -#else - cksum = quad_cksum((des_cblock *)priv_pak, (des_cblock *)0, - (long)priv_len, 0, (des_cblock *)sess_key); -#endif - if ((retdat = krb_mk_req(&authent, client_parm.sname, client_parm.sinst, - client_parm.krbrlm, (long)cksum))) { - /* authenticator? */ - RET_N_FREE(retdat + krb_err_base); - } - - act_st = (u_char *) realloc((char *) act_st, - (unsigned) (act_len + authent.length - + priv_len)); - if (!act_st) { - clear_secrets(); - free((char *)priv_pak); - return(KADM_NOMEM); - } - bcopy((char *) authent.dat, (char *) act_st + act_len, authent.length); - bcopy((char *) priv_pak, (char *) act_st + act_len + authent.length, - priv_len); - free((char *)priv_pak); - if ((retdat = kadm_cli_out(act_st, - act_len + authent.length + priv_len, - ret_dat, ret_siz)) != KADM_SUCCESS) - RET_N_FREE(retdat); - free((char *)act_st); -#define RET_N_FREE2(r) {free((char *)*ret_dat); clear_secrets(); return(r);} - - /* first see if it's a YOULOUSE */ - if ((*ret_siz >= KADM_VERSIZE) && - !strncmp(KADM_ULOSE, (char *)*ret_dat, KADM_VERSIZE)) { - u_long errcode; - /* it's a youlose packet */ - if (*ret_siz < KADM_VERSIZE + sizeof(u_long)) - RET_N_FREE2(KADM_BAD_VER); - bcopy((char *)(*ret_dat) + KADM_VERSIZE, (char *)&errcode, - sizeof(u_long)); - retdat = (int) ntohl(errcode); - RET_N_FREE2(retdat); - } - /* need to decode the ret_dat */ - if ((retdat = krb_rd_priv(*ret_dat, (u_long)*ret_siz, sess_sched, - sess_key, &client_parm.admin_addr, - &client_parm.my_addr, &mdat))) - RET_N_FREE2(retdat+krb_err_base); - if (mdat.app_length < KADM_VERSIZE + 4) - /* too short! */ - RET_N_FREE2(KADM_BAD_VER); - if (strncmp((char *)mdat.app_data, KADM_VERSTR, KADM_VERSIZE)) - /* bad version */ - RET_N_FREE2(KADM_BAD_VER); - bcopy((char *)mdat.app_data+KADM_VERSIZE, - (char *)&retdat, sizeof(u_long)); - retdat = ntohl((u_long)retdat); - if (!(return_dat = (u_char *)malloc((unsigned)(mdat.app_length - - KADM_VERSIZE - sizeof(u_long))))) - RET_N_FREE2(KADM_NOMEM); - bcopy((char *) mdat.app_data + KADM_VERSIZE + sizeof(u_long), - (char *)return_dat, - (int)mdat.app_length - KADM_VERSIZE - sizeof(u_long)); - free((char *)*ret_dat); - clear_secrets(); - *ret_dat = return_dat; - *ret_siz = mdat.app_length - KADM_VERSIZE - sizeof(u_long); - return retdat; -} - -/* takes in the sess_key and key_schedule and sets them appropriately */ -int -kadm_cli_keyd(s_k, s_s) -des_cblock s_k; /* session key */ -des_key_schedule s_s; /* session key schedule */ -{ - CREDENTIALS cred; /* to get key data */ - int stat; - - /* want .sname and .sinst here.... */ - if ((stat = krb_get_cred(client_parm.sname, client_parm.sinst, - client_parm.krbrlm, &cred))) - return stat + krb_err_base; - bcopy((char *) cred.session, (char *) s_k, sizeof(des_cblock)); - bzero((char *) cred.session, sizeof(des_cblock)); -#ifdef NOENCRYPTION - bzero(s_s, sizeof(des_key_schedule)); -#else - if ((stat = key_sched((des_cblock *)s_k,s_s))) - return(stat+krb_err_base); -#endif - return KADM_SUCCESS; -} /* This code "works" */ - -static sigtype (*opipe)(); - -int -kadm_cli_conn() -{ /* this connects and sets my_addr */ - int on = 1; - - if ((client_parm.admin_fd = - socket(client_parm.admin_addr.sin_family, SOCK_STREAM,0)) < 0) - return KADM_NO_SOCK; /* couldnt create the socket */ - if (connect(client_parm.admin_fd, - (struct sockaddr *) & client_parm.admin_addr, - sizeof(client_parm.admin_addr))) { - (void) close(client_parm.admin_fd); - client_parm.admin_fd = -1; - return KADM_NO_CONN; /* couldnt get the connect */ - } - opipe = signal(SIGPIPE, SIG_IGN); - client_parm.my_addr_len = sizeof(client_parm.my_addr); - if (getsockname(client_parm.admin_fd, - (struct sockaddr *) & client_parm.my_addr, - &client_parm.my_addr_len) < 0) { - (void) close(client_parm.admin_fd); - client_parm.admin_fd = -1; - (void) signal(SIGPIPE, opipe); - return KADM_NO_HERE; /* couldnt find out who we are */ - } - if (setsockopt(client_parm.admin_fd, SOL_SOCKET, SO_KEEPALIVE, &on, - sizeof(on)) < 0) { - (void) close(client_parm.admin_fd); - client_parm.admin_fd = -1; - (void) signal(SIGPIPE, opipe); - return KADM_NO_CONN; /* XXX */ - } - return KADM_SUCCESS; -} - -void -kadm_cli_disconn() -{ - (void) close(client_parm.admin_fd); - (void) signal(SIGPIPE, opipe); -} - -int -kadm_cli_out(dat, dat_len, ret_dat, ret_siz) -u_char *dat; -int dat_len; -u_char **ret_dat; -int *ret_siz; -{ - extern int errno; - u_short dlen; - int retval; - - dlen = (u_short) dat_len; - - if (dat_len != (int)dlen) - return (KADM_NO_ROOM); - - dlen = htons(dlen); - if (krb_net_write(client_parm.admin_fd, (char *) &dlen, - sizeof(u_short)) < 0) - return (errno); /* XXX */ - - if (krb_net_write(client_parm.admin_fd, (char *) dat, dat_len) < 0) - return (errno); /* XXX */ - - if ((retval = krb_net_read(client_parm.admin_fd, (char *) &dlen, - sizeof(u_short)) != sizeof(u_short))) { - if (retval < 0) - return(errno); /* XXX */ - else - return(EPIPE); /* short read ! */ - } - - dlen = ntohs(dlen); - *ret_dat = (u_char *)malloc((unsigned)dlen); - if (!*ret_dat) - return(KADM_NOMEM); - - if ((retval = krb_net_read(client_parm.admin_fd, (char *) *ret_dat, - (int) dlen) != dlen)) { - if (retval < 0) - return(errno); /* XXX */ - else - return(EPIPE); /* short read ! */ - } - *ret_siz = (int) dlen; - return KADM_SUCCESS; -} diff --git a/eBones/libkadm/kadm_err.et b/eBones/libkadm/kadm_err.et deleted file mode 100644 index e45a9c2..0000000 --- a/eBones/libkadm/kadm_err.et +++ /dev/null @@ -1,53 +0,0 @@ -# $Source: /usr/cvs/src/eBones/libkadm/kadm_err.et,v $ -# $Author: mark $ -# $Header: /usr/cvs/src/eBones/libkadm/kadm_err.et,v 1.1 1995/07/18 16:40:25 mark Exp $ -# Copyright 1988 by the Massachusetts Institute of Technology. -# -# For copying and distribution information, please see the file -# . -# -# Kerberos administration server error table -# - et kadm - -# KADM_SUCCESS, as all success codes should be, is zero - -ec KADM_RCSID, "$Header: /usr/cvs/src/eBones/libkadm/kadm_err.et,v 1.1 1995/07/18 16:40:25 mark Exp $" -# /* Building and unbuilding the packet errors */ -ec KADM_NO_REALM, "Cannot fetch local realm" -ec KADM_NO_CRED, "Unable to fetch credentials" -ec KADM_BAD_KEY, "Bad key supplied" -ec KADM_NO_ENCRYPT, "Can't encrypt data" -ec KADM_NO_AUTH, "Cannot encode/decode authentication info" -ec KADM_WRONG_REALM, "Principal attemping change is in wrong realm" -ec KADM_NO_ROOM, "Packet is too large" -ec KADM_BAD_VER, "Version number is incorrect" -ec KADM_BAD_CHK, "Checksum does not match" -ec KADM_NO_READ, "Unsealing private data failed" -ec KADM_NO_OPCODE, "Unsupported operation" -ec KADM_NO_HOST, "Could not find administrating host" -ec KADM_UNK_HOST, "Administrating host name is unknown" -ec KADM_NO_SERV, "Could not find service name in services database" -ec KADM_NO_SOCK, "Could not create socket" -ec KADM_NO_CONN, "Could not connect to server" -ec KADM_NO_HERE, "Could not fetch local socket address" -ec KADM_NO_MAST, "Could not fetch master key" -ec KADM_NO_VERI, "Could not verify master key" - -# /* From the server side routines */ -ec KADM_INUSE, "Entry already exists in database" -ec KADM_UK_SERROR, "Database store error" -ec KADM_UK_RERROR, "Database read error" -ec KADM_UNAUTH, "Insufficient access to perform requested operation" -# KADM_DATA isn't really an error, but... -ec KADM_DATA, "Data is available for return to client" -ec KADM_NOENTRY, "No such entry in the database" - -ec KADM_NOMEM, "Memory exhausted" -ec KADM_NO_HOSTNAME, "Could not fetch system hostname" -ec KADM_NO_BIND, "Could not bind port" -ec KADM_LENGTH_ERROR, "Length mismatch problem" -ec KADM_ILL_WILDCARD, "Illegal use of wildcard" - -ec KADM_DB_INUSE, "Database is locked or in use--try again later" -end diff --git a/eBones/libkadm/kadm_stream.c b/eBones/libkadm/kadm_stream.c deleted file mode 100644 index 58a625a..0000000 --- a/eBones/libkadm/kadm_stream.c +++ /dev/null @@ -1,286 +0,0 @@ -/* - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * Copyright.MIT. - * - * Stream conversion functions for Kerberos administration server - */ - -#if 0 -#ifndef lint -static char rcsid_kadm_stream_c[] = -"Header: /afs/athena.mit.edu/astaff/project/kerberos/src/lib/kadm/RCS/kadm_stream.c,v 4.2 89/09/26 09:20:48 jtkohl Exp "; -static const char rcsid[] = - "$Id: kadm_stream.c,v 1.1 1995/07/18 16:40:27 mark Exp $"; -#endif lint -#endif - -/* - kadm_stream.c - this holds the stream support routines for the kerberos administration server - - vals_to_stream: converts a vals struct to a stream for transmission - internals build_field_header, vts_[string, char, long, short] - stream_to_vals: converts a stream to a vals struct - internals check_field_header, stv_[string, char, long, short] - error: prints out a kadm error message, returns - fatal: prints out a kadm fatal error message, exits -*/ - -#include -#include - -#define min(a,b) (((a) < (b)) ? (a) : (b)) - -/* -vals_to_stream - recieves : kadm_vals *, u_char * - returns : a realloced and filled in u_char * - -this function creates a byte-stream representation of the kadm_vals structure -*/ - -int -vals_to_stream(dt_in, dt_out) -Kadm_vals *dt_in; -u_char **dt_out; -{ - int vsloop, stsize; /* loop counter, stream size */ - - stsize = build_field_header(dt_in->fields, dt_out); - for (vsloop=31; vsloop>=0; vsloop--) - if (IS_FIELD(vsloop,dt_in->fields)) { - switch (vsloop) { - case KADM_NAME: - stsize+=vts_string(dt_in->name, dt_out, stsize); - break; - case KADM_INST: - stsize+=vts_string(dt_in->instance, dt_out, stsize); - break; - case KADM_EXPDATE: - stsize+=vts_long(dt_in->exp_date, dt_out, stsize); - break; - case KADM_ATTR: - stsize+=vts_short(dt_in->attributes, dt_out, stsize); - break; - case KADM_MAXLIFE: - stsize+=vts_char(dt_in->max_life, dt_out, stsize); - break; - case KADM_DESKEY: - stsize+=vts_long(dt_in->key_high, dt_out, stsize); - stsize+=vts_long(dt_in->key_low, dt_out, stsize); - break; - default: - break; - } -} - return(stsize); -} - -int -build_field_header(cont, st) -u_char *cont; /* container for fields data */ -u_char **st; /* stream */ -{ - *st = (u_char *) malloc (4); - bcopy((char *) cont, (char *) *st, 4); - return 4; /* return pointer to current stream location */ -} - -int -vts_string(dat, st, loc) -char *dat; /* a string to put on the stream */ -u_char **st; /* base pointer to the stream */ -int loc; /* offset into the stream for current data */ -{ - *st = (u_char *) realloc ((char *)*st, (unsigned) (loc + strlen(dat) + 1)); - bcopy(dat, (char *)(*st + loc), strlen(dat)+1); - return strlen(dat)+1; -} - -int -vts_short(dat, st, loc) -u_short dat; /* the attributes field */ -u_char **st; /* a base pointer to the stream */ -int loc; /* offset into the stream for current data */ -{ - u_short temp; /* to hold the net order short */ - - temp = htons(dat); /* convert to network order */ - *st = (u_char *) realloc ((char *)*st, (unsigned)(loc + sizeof(u_short))); - bcopy((char *) &temp, (char *)(*st + loc), sizeof(u_short)); - return sizeof(u_short); -} - -int -vts_long(dat, st, loc) -u_long dat; /* the attributes field */ -u_char **st; /* a base pointer to the stream */ -int loc; /* offset into the stream for current data */ -{ - u_long temp; /* to hold the net order short */ - - temp = htonl(dat); /* convert to network order */ - *st = (u_char *) realloc ((char *)*st, (unsigned)(loc + sizeof(u_long))); - bcopy((char *) &temp, (char *)(*st + loc), sizeof(u_long)); - return sizeof(u_long); -} - -int -vts_char(dat, st, loc) -u_char dat; /* the attributes field */ -u_char **st; /* a base pointer to the stream */ -int loc; /* offset into the stream for current data */ -{ - *st = (u_char *) realloc ((char *)*st, (unsigned)(loc + sizeof(u_char))); - (*st)[loc] = (u_char) dat; - return 1; -} - -/* -stream_to_vals - recieves : u_char *, kadm_vals * - returns : a kadm_vals filled in according to u_char * - -this decodes a byte stream represntation of a vals struct into kadm_vals -*/ -int -stream_to_vals(dt_in, dt_out, maxlen) -u_char *dt_in; -Kadm_vals *dt_out; -int maxlen; /* max length to use */ -{ - register int vsloop, stsize; /* loop counter, stream size */ - register int status; - - bzero((char *) dt_out, sizeof(*dt_out)); - - stsize = check_field_header(dt_in, dt_out->fields, maxlen); - if (stsize < 0) - return(-1); - for (vsloop=31; vsloop>=0; vsloop--) - if (IS_FIELD(vsloop,dt_out->fields)) - switch (vsloop) { - case KADM_NAME: - if ((status = stv_string(dt_in, dt_out->name, stsize, - sizeof(dt_out->name), maxlen)) < 0) - return(-1); - stsize += status; - break; - case KADM_INST: - if ((status = stv_string(dt_in, dt_out->instance, stsize, - sizeof(dt_out->instance), maxlen)) < 0) - return(-1); - stsize += status; - break; - case KADM_EXPDATE: - if ((status = stv_long(dt_in, &dt_out->exp_date, stsize, - maxlen)) < 0) - return(-1); - stsize += status; - break; - case KADM_ATTR: - if ((status = stv_short(dt_in, &dt_out->attributes, stsize, - maxlen)) < 0) - return(-1); - stsize += status; - break; - case KADM_MAXLIFE: - if ((status = stv_char(dt_in, &dt_out->max_life, stsize, - maxlen)) < 0) - return(-1); - stsize += status; - break; - case KADM_DESKEY: - if ((status = stv_long(dt_in, &dt_out->key_high, stsize, - maxlen)) < 0) - return(-1); - stsize += status; - if ((status = stv_long(dt_in, &dt_out->key_low, stsize, - maxlen)) < 0) - return(-1); - stsize += status; - break; - default: - break; - } - return stsize; -} - -int -check_field_header(st, cont, maxlen) -u_char *st; /* stream */ -u_char *cont; /* container for fields data */ -int maxlen; -{ - if (4 > maxlen) - return(-1); - bcopy((char *) st, (char *) cont, 4); - return 4; /* return pointer to current stream location */ -} - -int -stv_string(st, dat, loc, stlen, maxlen) -register u_char *st; /* base pointer to the stream */ -char *dat; /* a string to read from the stream */ -register int loc; /* offset into the stream for current data */ -int stlen; /* max length of string to copy in */ -int maxlen; /* max length of input stream */ -{ - int maxcount; /* max count of chars to copy */ - - maxcount = min(maxlen - loc, stlen); - - (void) strncpy(dat, (char *)st + loc, maxcount); - - if (dat[maxcount-1]) /* not null-term --> not enuf room */ - return(-1); - return strlen(dat)+1; -} - -int -stv_short(st, dat, loc, maxlen) -u_char *st; /* a base pointer to the stream */ -u_short *dat; /* the attributes field */ -int loc; /* offset into the stream for current data */ -int maxlen; -{ - u_short temp; /* to hold the net order short */ - - if (loc + sizeof(u_short) > maxlen) - return(-1); - bcopy((char *)((u_long)st+(u_long)loc), (char *) &temp, sizeof(u_short)); - *dat = ntohs(temp); /* convert to network order */ - return sizeof(u_short); -} - -int -stv_long(st, dat, loc, maxlen) -u_char *st; /* a base pointer to the stream */ -u_long *dat; /* the attributes field */ -int loc; /* offset into the stream for current data */ -int maxlen; /* maximum length of st */ -{ - u_long temp; /* to hold the net order short */ - - if (loc + sizeof(u_long) > maxlen) - return(-1); - bcopy((char *)((u_long)st+(u_long)loc), (char *) &temp, sizeof(u_long)); - *dat = ntohl(temp); /* convert to network order */ - return sizeof(u_long); -} - -int -stv_char(st, dat, loc, maxlen) -u_char *st; /* a base pointer to the stream */ -u_char *dat; /* the attributes field */ -int loc; /* offset into the stream for current data */ -int maxlen; -{ - if (loc + 1 > maxlen) - return(-1); - *dat = *(st + loc); - return 1; -} - diff --git a/eBones/libkadm/kadm_supp.c b/eBones/libkadm/kadm_supp.c deleted file mode 100644 index 353fed0..0000000 --- a/eBones/libkadm/kadm_supp.c +++ /dev/null @@ -1,118 +0,0 @@ -/* - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * Copyright.MIT. - * - * Support functions for Kerberos administration server & clients - */ - -#if 0 -#ifndef lint -static char rcsid_kadm_supp_c[] = -"Header: /afs/athena.mit.edu/astaff/project/kerberos/src/lib/kadm/RCS/kadm_supp.c,v 4.1 89/09/26 09:21:07 jtkohl Exp "; -static const char rcsid[] = - "$Id: kadm_supp.c,v 1.1 1995/07/18 16:40:28 mark Exp $"; -#endif lint -#endif - -/* - kadm_supp.c - this holds the support routines for the kerberos administration server - - error: prints out a kadm error message, returns - fatal: prints out a kadm fatal error message, exits - prin_vals: prints out data associated with a Principal in the vals - structure -*/ - -#include -#include -#include -#include - -/* -prin_vals: - recieves : a vals structure -*/ -void -prin_vals(vals) -Kadm_vals *vals; -{ - printf("Info in Database for %s.%s:\n", vals->name, vals->instance); - printf(" Max Life: %d Exp Date: %s\n",vals->max_life, - asctime(localtime((long *)&vals->exp_date))); - printf(" Attribs: %.2x key: %lu %lu\n",vals->attributes, - vals->key_low, vals->key_high); -} - -#ifdef notdef -nierror(s) -int s; -{ - printf("Kerberos admin server loses..... %s\n",error_message(s)); - return(s); -} -#endif - -/* kadm_prin_to_vals takes a fields arguments, a Kadm_vals and a Principal, - it copies the fields in Principal specified by fields into Kadm_vals, - i.e from old to new */ - -void -kadm_prin_to_vals(fields, new, old) -u_char fields[FLDSZ]; -Kadm_vals *new; -Principal *old; -{ - bzero((char *)new, sizeof(*new)); - if (IS_FIELD(KADM_NAME,fields)) { - (void) strncpy(new->name, old->name, ANAME_SZ); - SET_FIELD(KADM_NAME, new->fields); - } - if (IS_FIELD(KADM_INST,fields)) { - (void) strncpy(new->instance, old->instance, INST_SZ); - SET_FIELD(KADM_INST, new->fields); - } - if (IS_FIELD(KADM_EXPDATE,fields)) { - new->exp_date = old->exp_date; - SET_FIELD(KADM_EXPDATE, new->fields); - } - if (IS_FIELD(KADM_ATTR,fields)) { - new->attributes = old->attributes; - SET_FIELD(KADM_MAXLIFE, new->fields); - } - if (IS_FIELD(KADM_MAXLIFE,fields)) { - new->max_life = old->max_life; - SET_FIELD(KADM_MAXLIFE, new->fields); - } - if (IS_FIELD(KADM_DESKEY,fields)) { - new->key_low = old->key_low; - new->key_high = old->key_high; - SET_FIELD(KADM_DESKEY, new->fields); - } -} - -void -kadm_vals_to_prin(fields, new, old) -u_char fields[FLDSZ]; -Principal *new; -Kadm_vals *old; -{ - - bzero((char *)new, sizeof(*new)); - if (IS_FIELD(KADM_NAME,fields)) - (void) strncpy(new->name, old->name, ANAME_SZ); - if (IS_FIELD(KADM_INST,fields)) - (void) strncpy(new->instance, old->instance, INST_SZ); - if (IS_FIELD(KADM_EXPDATE,fields)) - new->exp_date = old->exp_date; - if (IS_FIELD(KADM_ATTR,fields)) - new->attributes = old->attributes; - if (IS_FIELD(KADM_MAXLIFE,fields)) - new->max_life = old->max_life; - if (IS_FIELD(KADM_DESKEY,fields)) { - new->key_low = old->key_low; - new->key_high = old->key_high; - } -} diff --git a/eBones/make_keypair/Makefile b/eBones/make_keypair/Makefile deleted file mode 100644 index 7d435e7..0000000 --- a/eBones/make_keypair/Makefile +++ /dev/null @@ -1,9 +0,0 @@ -# @(#)Makefile 8.1 (Berkeley) 6/1/93 - -PROG= make_keypair -MAN8= make_keypair.8 -CFLAGS+=-DKERBEROS -I${.CURDIR}/../include -I${.CURDIR}/../register -Wall -DPADD= ${LIBKRB} -LDADD= -L${KDBOBJDIR} -lkdb -L${KRBOBJDIR} -lkrb -ldes - -.include diff --git a/eBones/make_keypair/make_keypair.c b/eBones/make_keypair/make_keypair.c deleted file mode 100644 index deb67ac..0000000 --- a/eBones/make_keypair/make_keypair.c +++ /dev/null @@ -1,134 +0,0 @@ -/*- - * Copyright (c) 1988, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if 0 -#ifndef lint -static char copyright[] = -"@(#) Copyright (c) 1988, 1993\n\ - The Regents of the University of California. All rights reserved.\n"; -static char sccsid[] = "@(#)make_keypair.c 8.1 (Berkeley) 6/1/93"; -#endif /* not lint */ -#endif - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "pathnames.h" -#include "register_proto.h" - -void usage(char *name); -void make_key(struct in_addr addr); - -char * progname; - -void -main(argc, argv) - int argc; - char **argv; -{ - struct hostent *hp; - char *addr; - int i; - struct sockaddr_in sin; - - progname = *argv; /* argv[0] */ - - if (argc != 2) { - usage(argv[0]); - exit(1); - } - - if ((hp = gethostbyname(argv[1])) == NULL) { - herror(argv[1]); - exit(1); - } - - for (i = 0; (addr = hp->h_addr_list[i]); i++) { - addr = hp->h_addr_list[i]; - bcopy(addr, &sin.sin_addr, hp->h_length); - - printf("Making key for host %s (%s)\n", - argv[1], inet_ntoa(sin.sin_addr)); - make_key(sin.sin_addr); - } - printf("==========\n"); - printf("One copy of the each key should be put in %s on the\n", - SERVER_KEYDIR); - printf("Kerberos server machine (mode 600, owner root).\n"); - printf("Another copy of each key should be put on the named\n"); - printf("client as %sXXX.XXX.XXX.XXX (same modes as above),\n", - CLIENT_KEYFILE); - printf("where the X's refer to digits of the host's inet address.\n"); - (void)fflush(stdout); - exit(0); -} - -void -make_key(addr) - struct in_addr addr; -{ - struct keyfile_data kfile; - char namebuf[255]; - int fd; - - (void)sprintf(namebuf, "%s%s", - CLIENT_KEYFILE, - inet_ntoa(addr)); - fd = open(namebuf, O_WRONLY|O_CREAT, 0600); - if (fd < 0) { - perror("open"); - exit(1); - } - random_key(kfile.kf_key); - printf("writing to file -> %s ...", namebuf); - if (write(fd, &kfile, sizeof(kfile)) != sizeof(kfile)) { - fprintf(stderr, "error writing file %s\n", namebuf); - } - printf("done.\n"); - (void)close(fd); - return; -} - -void -usage(name) - char *name; -{ - fprintf(stderr, "usage: %s host\n", name); -} diff --git a/eBones/man/acl_check.3 b/eBones/man/acl_check.3 deleted file mode 100644 index 2e5129c..0000000 --- a/eBones/man/acl_check.3 +++ /dev/null @@ -1,183 +0,0 @@ -.\" from: acl_check.3,v 4.1 89/01/23 11:06:54 jtkohl Exp $ -.\" $Id: acl_check.3,v 1.1.1.1 1994/09/30 14:50:05 csgr Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file . -.\" -.TH ACL_CHECK 3 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -acl_canonicalize_principal, acl_check, acl_exact_match, acl_add, -acl_delete, acl_initialize \- Access control list routines -.SH SYNOPSIS -.nf -.nj -.ft B -cc \-lacl \-lkrb -.PP -.ft B -#include -.PP -.ft B -acl_canonicalize_principal(principal, buf) -char *principal; -char *buf; -.PP -.ft B -acl_check(acl, principal) -char *acl; -char *principal; -.PP -.ft B -acl_exact_match(acl, principal) -char *acl; -char *principal; -.PP -.ft B -acl_add(acl, principal) -char *acl; -char *principal; -.PP -.ft B -acl_delete(acl, principal) -char *acl; -char *principal; -.PP -.ft B -acl_initialize(acl_file, mode) -char *acl_file; -int mode; -.fi -.ft R -.SH DESCRIPTION -.SS Introduction -.PP -An access control list (ACL) is a list of principals, where each -principal is represented by a text string which cannot contain -whitespace. The library allows application programs to refer to named -access control lists to test membership and to atomically add and -delete principals using a natural and intuitive interface. At -present, the names of access control lists are required to be Unix -filenames, and refer to human-readable Unix files; in the future, when -a networked ACL server is implemented, the names may refer to a -different namespace specific to the ACL service. -.PP -.SS Principal Names -.PP -Principal names have the form -.nf -.in +5n -[.][@] -.in -5n -e.g.: -.in +5n -asp -asp.root -asp@ATHENA.MIT.EDU -asp.@ATHENA.MIT.EDU -asp.root@ATHENA.MIT.EDU -.in -5n -.fi -It is possible for principals to be underspecified. If an instance is -missing, it is assumed to be "". If realm is missing, it is assumed -to be the local realm as determined by -.IR krb_get_lrealm (3). -The canonical form contains all of name, instance, -and realm; the acl_add and acl_delete routines will always -leave the file in that form. Note that the canonical form of -asp@ATHENA.MIT.EDU is actually asp.@ATHENA.MIT.EDU. -.SS Routines -.PP -.I acl_canonicalize_principal -stores the canonical form of -.I principal -in -.IR buf . -.I Buf -must contain enough -space to store a principal, given the limits on the sizes of name, -instance, and realm specified as ANAME_SZ, INST_SZ, and REALM_SZ, -respectively, in -.IR /usr/include/kerberosIV/krb.h . -.PP -.I acl_check -returns nonzero if -.I principal -appears in -.IR acl . -Returns 0 if principal -does not appear in acl, or if an error occurs. Canonicalizes -principal before checking, and allows the ACL to contain wildcards. The -only supported wildcards are entries of the form -name.*@realm, *.*@realm, and *.*@*. An asterisk matches any value for the -its component field. For example, "jtkohl.*@*" would match principal -jtkohl, with any instance and any realm. -.PP -.I acl_exact_match -performs like -.IR acl_check , -but does no canonicalization or wildcard matching. -.PP -.I acl_add -atomically adds -.I principal -to -.IR acl . -Returns 0 if successful, nonzero otherwise. It is considered a failure -if -.I principal -is already in -.IR acl . -This routine will canonicalize -.IR principal , -but will treat wildcards literally. -.PP -.I acl_delete -atomically deletes -.I principal -from -.IR acl . -Returns 0 if successful, -nonzero otherwise. It is considered a failure if -.I principal -is not -already in -.IR acl . -This routine will canonicalize -.IR principal , -but will treat wildcards literally. -.PP -.I acl_initialize -initializes -.IR acl_file . -If the file -.I acl_file -does not exist, -.I acl_initialize -creates it with mode -.IR mode . -If the file -.I acl_file -exists, -.I acl_initialize -removes all members. Returns 0 if successful, -nonzero otherwise. WARNING: Mode argument is likely to change with -the eventual introduction of an ACL service. -.SH NOTES -In the presence of concurrency, there is a very small chance that -.I acl_add -or -.I acl_delete -could report success even though it would have -had no effect. This is a necessary side effect of using lock files -for concurrency control rather than flock(2), which is not supported -by NFS. -.PP -The current implementation caches ACLs in memory in a hash-table -format for increased efficiency in checking membership; one effect of -the caching scheme is that one file descriptor will be kept open for -each ACL cached, up to a maximum of 8. -.SH SEE ALSO -kerberos(3), krb_get_lrealm(3) -.SH AUTHOR -James Aspnes (MIT Project Athena) diff --git a/eBones/man/ext_srvtab.8 b/eBones/man/ext_srvtab.8 deleted file mode 100644 index 565c3a3..0000000 --- a/eBones/man/ext_srvtab.8 +++ /dev/null @@ -1,62 +0,0 @@ -.\" from: ext_srvtab.8,v 4.2 89/07/18 16:53:18 jtkohl Exp $ -.\" $Id: ext_srvtab.8,v 1.1.1.1 1994/09/30 14:50:05 csgr Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file . -.\" -.TH EXT_SRVTAB 8 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -ext_srvtab \- extract service key files from Kerberos key distribution center database -.SH SYNOPSIS -ext_srvtab [ -.B \-n -] [ -.B \-r realm -] [ -.B hostname ... -] -.SH DESCRIPTION -.I ext_srvtab -extracts service key files from the Kerberos key distribution center -(KDC) database. -.PP -Upon execution, it prompts the user to enter the master key string for -the database. If the -.B \-n -option is specified, the master key is instead fetched from the master -key cache file. -.PP -For each -.I hostname -specified on the command line, -.I ext_srvtab -creates the service key file -.IR hostname -new-srvtab, -containing all the entries in the database with an instance field of -.I hostname. -This new file contains all the keys registered for Kerberos-mediated -service providing programs which use the -.IR krb_get_phost (3) -principal and instance conventions to run on the host -.IR hostname . -If the -.B \-r -option is specified, the realm fields in the extracted file will -match the given realm rather than the local realm. -.SH DIAGNOSTICS -.TP 20n -"verify_master_key: Invalid master key, does not match database." -The master key string entered was incorrect. -.SH FILES -.TP 20n -/etc/kerberosIV/principal.db -DBM file containing database -.TP -/etc/kerberosIV/principal.ok -Semaphore indicating that the DBM database is not being modified. -.TP -/etc/kerberosIV/master_key -Master key cache file. -.SH SEE ALSO -read_service_key(3), krb_get_phost(3) diff --git a/eBones/man/kadmind.8 b/eBones/man/kadmind.8 deleted file mode 100644 index 1eb10d7..0000000 --- a/eBones/man/kadmind.8 +++ /dev/null @@ -1,117 +0,0 @@ -.\" from: kadmind.8,v 4.1 89/07/25 17:28:33 jtkohl Exp $ -.\" $Id: kadmind.8,v 1.1.1.1 1994/09/30 14:50:06 csgr Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file . -.\" -.TH KADMIND 8 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -kadmind \- network daemon for Kerberos database administration -.SH SYNOPSIS -.B kadmind -[ -.B \-n -] [ -.B \-h -] [ -.B \-r realm -] [ -.B \-f filename -] [ -.B \-d dbname -] [ -.B \-a acldir -] -.SH DESCRIPTION -.I kadmind -is the network database server for the Kerberos password-changing and -administration tools. -.PP -Upon execution, it prompts the user to enter the master key string for -the database. -.PP -If the -.B \-n -option is specified, the master key is instead fetched from the master -key cache file. -.PP -If the -.B \-r -.I realm -option is specified, the admin server will pretend that its -local realm is -.I realm -instead of the actual local realm of the host it is running on. -This makes it possible to run a server for a foreign kerberos -realm. -.PP -If the -.B \-f -.I filename -option is specified, then that file is used to hold the log information -instead of the default. -.PP -If the -.B \-d -.I dbname -option is specified, then that file is used as the database name instead -of the default. -.PP -If the -.B \-a -.I acldir -option is specified, then -.I acldir -is used as the directory in which to search for access control lists -instead of the default. -.PP -If the -.B \-h -option is specified, -.I kadmind -prints out a short summary of the permissible control arguments, and -then exits. -.PP -When performing requests on behalf of clients, -.I kadmind -checks access control lists (ACLs) to determine the authorization of the client -to perform the requested action. -Currently three distinct access types are supported: -.TP 1i -Addition -(.add ACL file). If a principal is on this list, it may add new -principals to the database. -.TP -Retrieval -(.get ACL file). If a principal is on this list, it may retrieve -database entries. NOTE: A principal's private key is never returned by -the get functions. -.TP -Modification -(.mod ACL file). If a principal is on this list, it may modify entries -in the database. -.PP -A principal is always granted authorization to change its own password. -.SH FILES -.TP 20n -/var/log/kadmind.syslog -Default log file. -.TP -/etc/kerberosIV/admin_acl.{add,get,mod} -Access control list files -.TP -/etc/kerberosIV/principal.db -DBM file containing database -.TP -/etc/kerberosIV/principal.ok -Semaphore indicating that the DBM database is not being modified. -.TP -/etc/kerberosIV/master_key -Master key cache file. -.SH "SEE ALSO" -kerberos(1), kpasswd(1), kadmin(8), acl_check(3) -.SH AUTHORS -Douglas A. Church, MIT Project Athena -.br -John T. Kohl, Project Athena/Digital Equipment Corporation diff --git a/eBones/man/kdb_destroy.8 b/eBones/man/kdb_destroy.8 deleted file mode 100644 index 2e57876..0000000 --- a/eBones/man/kdb_destroy.8 +++ /dev/null @@ -1,36 +0,0 @@ -.\" from: kdb_destroy.8,v 4.1 89/01/23 11:08:02 jtkohl Exp $ -.\" $Id: kdb_destroy.8,v 1.1.1.1 1994/09/30 14:50:06 csgr Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file . -.\" -.TH KDB_DESTROY 8 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -kdb_destroy \- destroy Kerberos key distribution center database -.SH SYNOPSIS -kdb_destroy -.SH DESCRIPTION -.I kdb_destroy -deletes a Kerberos key distribution center database. -.PP -The user is prompted to verify that the database should be destroyed. A -response beginning with `y' or `Y' confirms deletion. -Any other response aborts deletion. -.SH DIAGNOSTICS -.TP 20n -"Database cannot be deleted at /kerberos/principal" -The attempt to delete the database failed (probably due to a system or -access permission error). -.TP -"Database not deleted." -The user aborted the deletion. -.SH FILES -.TP 20n -/etc/kerberosIV/principal.db -DBM file containing database -.TP -/etc/kerberosIV/principal.ok -Semaphore indicating that the DBM database is not being modified. -.SH SEE ALSO -kdb_init(8) diff --git a/eBones/man/kdb_edit.8 b/eBones/man/kdb_edit.8 deleted file mode 100644 index 44a0fa6..0000000 --- a/eBones/man/kdb_edit.8 +++ /dev/null @@ -1,58 +0,0 @@ -.\" from: kdb_edit.8,v 4.1 89/01/23 11:08:55 jtkohl Exp $ -.\" $Id: kdb_edit.8,v 1.2 1995/02/08 10:54:20 jkh Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file . -.\" -.TH KDB_EDIT 8 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -kdb_edit \- Kerberos key distribution center database editing utility -.SH SYNOPSIS -kdb_edit [ -.B \-n -] -.SH DESCRIPTION -.I kdb_edit -is used to create or change principals stored in the Kerberos key -distribution center (KDC) database. -.PP -When executed, -.I kdb_edit -prompts for the master key string and verifies that it matches the -master key stored in the database. -If the -.B \-n -option is specified, the master key is instead fetched from the master -key cache file. -.PP -Once the master key has been verified, -.I kdb_edit -begins a prompt loop. The user is prompted for the principal and -instance to be modified. If the entry is not found the user may create -it. -Once an entry is found or created, the user may set the password, -expiration date, maximum ticket lifetime, and attributes. -Default expiration dates, maximum ticket lifetimes, and attributes are -presented in brackets; if the user presses return the default is selected. -There is no default password. -The password "RANDOM" and an empty password are interpreted specially, -if entered the user may have the program select a random DES key for the -principal. -.PP -Upon successfully creating or changing the entry, ``Edit O.K.'' is -printed. -.SH DIAGNOSTICS -.TP 20n -"verify_master_key: Invalid master key, does not match database." -The master key string entered was incorrect. -.SH FILES -.TP 20n -/etc/kerberosIV/principal.db -DBM file containing database -.TP -/etc/kerberosIV/principal.ok -Semaphore indicating that the DBM database is not being modified. -.TP -/etc/kerberosIV/master_key -Master key cache file. diff --git a/eBones/man/kdb_init.8 b/eBones/man/kdb_init.8 deleted file mode 100644 index d884d00..0000000 --- a/eBones/man/kdb_init.8 +++ /dev/null @@ -1,45 +0,0 @@ -.\" from: kdb_init.8,v 4.1 89/01/23 11:09:02 jtkohl Exp $ -.\" $Id: kdb_init.8,v 1.1.1.1 1994/09/30 14:50:06 csgr Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file . -.\" -.TH KDB_INIT 8 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -kdb_init \- Initialize Kerberos key distribution center database -.SH SYNOPSIS -kdb_init [ -.B realm -] -.SH DESCRIPTION -.I kdb_init -initializes a Kerberos key distribution center database, creating the -necessary principals. -.PP -If the optional -.I realm -argument is not present, -.I kdb_init -prompts for a realm name (defaulting to the definition in -/usr/include/kerberosIV/krb.h). -After determining the realm to be created, it prompts for -a master key password. The master key password is used to encrypt -every encryption key stored in the database. -.SH DIAGNOSTICS -.TP 20n -"/etc/kerberosIV/principal: File exists" -An attempt was made to create a database on a machine which already had -an existing database. -.SH FILES -.TP 20n -/etc/kerberosIV/principal.db -DBM file containing database -.TP -/etc/kerberosIV/principal.ok -Semaphore indicating that the DBM database is not being modified. -.TP -/usr/include/kerberosIV/krb.h -Include file defining default realm -.SH SEE ALSO -kdb_destroy(8) diff --git a/eBones/man/kdb_util.8 b/eBones/man/kdb_util.8 deleted file mode 100644 index 4183ef3..0000000 --- a/eBones/man/kdb_util.8 +++ /dev/null @@ -1,64 +0,0 @@ -.\" from: kdb_util.8,v 4.1 89/01/23 11:09:11 jtkohl Exp $ -.\" $Id: kdb_util.8,v 1.1.1.1 1994/09/30 14:50:06 csgr Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file . -.\" -.TH KDB_UTIL 8 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -kdb_util \- Kerberos key distribution center database utility -.SH SYNOPSIS -kdb_util -.B operation filename -.SH DESCRIPTION -.I kdb_util -allows the Kerberos key distribution center (KDC) database administrator to -perform utility functions on the database. -.PP -.I Operation -must be one of the following: -.TP 10n -.I load -initializes the KDC database with the records described by the -text contained in the file -.IR filename . -Any existing database is overwritten. -.TP -.I dump -dumps the KDC database into a text representation in the file -.IR filename . -.TP -.I slave_dump -performs a database dump like the -.I dump -operation, and additionally creates a semaphore file signalling the -propagation software that an update is available for distribution to -slave KDC databases. -.TP -.I new_master_key -prompts for the old and new master key strings, and then dumps the KDC -database into a text representation in the file -.IR filename . -The keys in the text representation are encrypted in the new master key. -.TP -.I convert_old_db -prompts for the master key string, and then dumps the KDC database into -a text representation in the file -.IR filename . -The existing database is assumed to be encrypted using the old format -(encrypted by the key schedule of the master key); the dumped database -is encrypted using the new format (encrypted directly with master key). -.PP -.SH DIAGNOSTICS -.TP 20n -"verify_master_key: Invalid master key, does not match database." -The master key string entered was incorrect. -.SH FILES -.TP 20n -/etc/kerberosIV/principal.db -DBM file containing database -.TP -.IR filename .dump_ok -semaphore file created by -.IR slave_dump. diff --git a/eBones/man/klist.1 b/eBones/man/klist.1 deleted file mode 100644 index af7e31a..0000000 --- a/eBones/man/klist.1 +++ /dev/null @@ -1,84 +0,0 @@ -.\" from: klist.1,v 4.8 89/01/24 14:35:09 jtkohl Exp $ -.\" $Id: klist.1,v 1.1.1.1 1994/09/30 14:50:06 csgr Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file . -.\" -.TH KLIST 1 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -klist \- list currently held Kerberos tickets -.SH SYNOPSIS -.B klist -[ -\fB\-s \fR|\fB \-t\fR -] [ -.B \-file -name ] [ -.B \-srvtab -] -.br -.SH DESCRIPTION -.I klist -prints the name of the tickets file and the -identity of the principal the tickets are for (as listed in the -tickets file), and -lists the principal names of all Kerberos tickets currently held by -the user, along with the issue and expire time for each authenticator. -Principal names are listed in the form -.I name.instance@realm, -with the '.' omitted if the instance is null, -and the '@' omitted if the realm is null. - -If given the -.B \-s -option, -.I klist -does not print the issue and expire times, the name of the tickets file, -or the identity of the principal. - -If given the -.B \-t -option, -.B klist -checks for the existence of a non-expired ticket-granting-ticket in the -ticket file. If one is present, it exits with status 0, else it exits -with status 1. No output is generated when this option is specified. - -If given the -.B \-file -option, the following argument is used as the ticket file. -Otherwise, if the -.B KRBTKFILE -environment variable is set, it is used. -If this environment variable -is not set, the file -.B /tmp/tkt[uid] -is used, where -.B uid -is the current user-id of the user. - -If given the -.B \-srvtab -option, the file is treated as a service key file, and the names of the -keys contained therein are printed. If no file is -specified with a -.B \-file -option, the default is -.IR /etc/kerberosIV/srvtab . -.SH FILES -.TP 2i -/etc/kerberosIV/krb.conf -to get the name of the local realm -.TP -/tmp/tkt[uid] -as the default ticket file ([uid] is the decimal UID of the user). -.TP -/etc/kerberosIV/srvtab -as the default service key file -.SH SEE ALSO -.PP -kerberos(1), kinit(1), kdestroy(1) -.SH BUGS -When reading a file as a service key file, very little sanity or error -checking is performed. diff --git a/eBones/man/krb.3 b/eBones/man/krb.3 deleted file mode 100644 index 98a720b..0000000 --- a/eBones/man/krb.3 +++ /dev/null @@ -1,462 +0,0 @@ -.\" $Source: /home/ncvs/src/eBones/man/krb.3,v $ -.\" $Author: rgrimes $ -.\" $Header: /home/ncvs/src/eBones/man/krb.3,v 1.1.1.1 1994/05/27 05:12:09 rgrimes Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file . -.\" -.TH KERBEROS 3 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -krb_mk_req, krb_rd_req, krb_kntoln, krb_set_key, krb_get_cred, -krb_mk_priv, krb_rd_priv, krb_mk_safe, krb_rd_safe, krb_mk_err, -krb_rd_err, krb_ck_repl \- Kerberos authentication library -.SH SYNOPSIS -.nf -.nj -.ft B -#include -#include -.PP -.ft B -extern char *krb_err_txt[]; -.PP -.ft B -int krb_mk_req(authent,service,instance,realm,checksum) -KTEXT authent; -char *service; -char *instance; -char *realm; -u_long checksum; -.PP -.ft B -int krb_rd_req(authent,service,instance,from_addr,ad,fn) -KTEXT authent; -char *service; -char *instance; -u_long from_addr; -AUTH_DAT *ad; -char *fn; -.PP -.ft B -int krb_kntoln(ad,lname) -AUTH_DAT *ad; -char *lname; -.PP -.ft B -int krb_set_key(key,cvt) -char *key; -int cvt; -.PP -.ft B -int krb_get_cred(service,instance,realm,c) -char *service; -char *instance; -char *realm; -CREDENTIALS *c; -.PP -.ft B -long krb_mk_priv(in,out,in_length,schedule,key,sender,receiver) -u_char *in; -u_char *out; -u_long in_length; -des_cblock key; -des_key_schedule schedule; -struct sockaddr_in *sender; -struct sockaddr_in *receiver; -.PP -.ft B -long krb_rd_priv(in,in_length,schedule,key,sender,receiver,msg_data) -u_char *in; -u_long in_length; -Key_schedule schedule; -des_cblock key; -struct sockaddr_in *sender; -struct sockaddr_in *receiver; -MSG_DAT *msg_data; -.PP -.ft B -long krb_mk_safe(in,out,in_length,key,sender,receiver) -u_char *in; -u_char *out; -u_long in_length; -des_cblock key; -struct sockaddr_in *sender; -struct sockaddr_in *receiver; -.PP -.ft B -long krb_rd_safe(in,length,key,sender,receiver,msg_data) -u_char *in; -u_long length; -des_cblock key; -struct sockaddr_in *sender; -struct sockaddr_in *receiver; -MSG_DAT *msg_data; -.PP -.ft B -long krb_mk_err(out,code,string) -u_char *out; -long code; -char *string; -.PP -.ft B -long krb_rd_err(in,length,code,msg_data) -u_char *in; -u_long length; -long code; -MSG_DAT *msg_data; -.fi -.ft R -.SH DESCRIPTION -This library supports network authentication and various related -operations. The library contains many routines beyond those described -in this man page, but they are not intended to be used directly. -Instead, they are called by the routines that are described, the -authentication server and the login program. -.PP -.I krb_err_txt[] -contains text string descriptions of various Kerberos error codes returned -by some of the routines below. -.PP -.I krb_mk_req -takes a pointer to a text structure in which an authenticator is to be -built. It also takes the name, instance, and realm of the service to be -used and an optional checksum. It is up to the application to decide -how to generate the checksum. -.I krb_mk_req -then retrieves a ticket for the desired service and creates an -authenticator. The authenticator is built in -.I authent -and is accessible -to the calling procedure. -.PP -It is up to the application to get the authenticator to the service -where it will be read by -.I krb_rd_req. -Unless an attacker posesses the session key contained in the ticket, it -will be unable to modify the authenticator. Thus, the checksum can be -used to verify the authenticity of the other data that will pass through -a connection. -.PP -.I krb_rd_req -takes an authenticator of type -.B KTEXT, -a service name, an instance, the address of the -host originating the request, and a pointer to a structure of type -.B AUTH_DAT -which is filled in with information obtained from the authenticator. -It also optionally takes the name of the file in which it will find the -secret key(s) for the service. -If the supplied -.I instance -contains "*", then the first service key with the same service name -found in the service key file will be used, and the -.I instance -argument will be filled in with the chosen instance. This means that -the caller must provide space for such an instance name. -.PP -It is used to find out information about the principal when a request -has been made to a service. It is up to the application protocol to get -the authenticator from the client to the service. The authenticator is -then passed to -.I krb_rd_req -to extract the desired information. -.PP -.I krb_rd_req -returns zero (RD_AP_OK) upon successful authentication. If a packet was -forged, modified, or replayed, authentication will fail. If the -authentication fails, a non-zero value is returned indicating the -particular problem encountered. See -.I krb.h -for the list of error codes. -.PP -If the last argument is the null string (""), krb_rd_req will use the -file /etc/kerberosIV/srvtab to find its keys. If the last argument is -NULL, it will assume that the key has been set by -.I krb_set_key -and will not bother looking further. -.PP -.I krb_kntoln -converts a Kerberos name to a local name. It takes a structure -of type AUTH_DAT and uses the name and instance to look in the database -/etc/kerberosIV/aname to find the corresponding local name. The local name is -returned and can be used by an application to change uids, directories, -or other parameters. It is not an integral part of Kerberos, but is -instead provided to support the use of Kerberos in existing utilities. -.PP -.I krb_set_key -takes as an argument a des key. It then creates -a key schedule from it and saves the original key to be used as an -initialization vector. -It is used to set the server's key which -must be used to decrypt tickets. -.PP -If called with a non-zero second argument, -.I krb_set_key -will first convert the input from a string of arbitrary length to a DES -key by encrypting it with a one-way function. -.PP -In most cases it should not be necessary to call -.I krb_set_key. -The necessary keys will usually be obtained and set inside -.I krb_rd_req. krb_set_key -is provided for those applications that do not wish to place the -application keys on disk. -.PP -.I krb_get_cred -searches the caller's ticket file for a ticket for the given service, instance, -and realm; and, if a ticket is found, fills in the given CREDENTIALS structure -with the ticket information. -.PP -If the ticket was found, -.I krb_get_cred -returns GC_OK. -If the ticket file can't be found, can't be read, doesn't belong to -the user (other than root), isn't a regular file, or is in the wrong -mode, the error GC_TKFIL is returned. -.PP -.I krb_mk_priv -creates an encrypted, authenticated -message from any arbitrary application data, pointed to by -.I in -and -.I in_length -bytes long. -The private session key, pointed to by -.I key -and the key schedule, -.I schedule, -are used to encrypt the data and some header information using -.I pcbc_encrypt. -.I sender -and -.I receiver -point to the Internet address of the two parties. -In addition to providing privacy, this protocol message protects -against modifications, insertions or replays. The encapsulated message and -header are placed in the area pointed to by -.I out -and the routine returns the length of the output, or -1 indicating -an error. -.PP -.I krb_rd_priv -decrypts and authenticates a received -.I krb_mk_priv -message. -.I in -points to the beginning of the received message, whose length -is specified in -.I in_length. -The private session key, pointed to by -.I key, -and the key schedule, -.I schedule, -are used to decrypt and verify the received message. -.I msg_data -is a pointer to a -.I MSG_DAT -struct, defined in -.I krb.h. -The routine fills in the -.I app_data -field with a pointer to the decrypted application data, -.I app_length -with the length of the -.I app_data -field, -.I time_sec -and -.I time_5ms -with the timestamps in the message, and -.I swap -with a 1 if the byte order of the receiver is different than that of -the sender. (The application must still determine if it is appropriate -to byte-swap application data; the Kerberos protocol fields are already taken -care of). The -.I hash -field returns a value useful as input to the -.I krb_ck_repl -routine. - -The routine returns zero if ok, or a Kerberos error code. Modified messages -and old messages cause errors, but it is up to the caller to -check the time sequence of messages, and to check against recently replayed -messages using -.I krb_ck_repl -if so desired. -.PP -.I krb_mk_safe -creates an authenticated, but unencrypted message from any arbitrary -application data, -pointed to by -.I in -and -.I in_length -bytes long. -The private session key, pointed to by -.I key, -is used to seed the -.I quad_cksum() -checksum algorithm used as part of the authentication. -.I sender -and -.I receiver -point to the Internet address of the two parties. -This message does not provide privacy, but does protect (via detection) -against modifications, insertions or replays. The encapsulated message and -header are placed in the area pointed to by -.I out -and the routine returns the length of the output, or -1 indicating -an error. -The authentication provided by this routine is not as strong as that -provided by -.I krb_mk_priv -or by computing the checksum using -.I cbc_cksum -instead, both of which authenticate via DES. -.PP - -.I krb_rd_safe -authenticates a received -.I krb_mk_safe -message. -.I in -points to the beginning of the received message, whose length -is specified in -.I in_length. -The private session key, pointed to by -.I key, -is used to seed the quad_cksum() routine as part of the authentication. -.I msg_data -is a pointer to a -.I MSG_DAT -struct, defined in -.I krb.h . -The routine fills in these -.I MSG_DAT -fields: -the -.I app_data -field with a pointer to the application data, -.I app_length -with the length of the -.I app_data -field, -.I time_sec -and -.I time_5ms -with the timestamps in the message, and -.I swap -with a 1 if the byte order of the receiver is different than that of -the sender. -(The application must still determine if it is appropriate -to byte-swap application data; the Kerberos protocol fields are already taken -care of). The -.I hash -field returns a value useful as input to the -.I krb_ck_repl -routine. - -The routine returns zero if ok, or a Kerberos error code. Modified messages -and old messages cause errors, but it is up to the caller to -check the time sequence of messages, and to check against recently replayed -messages using -.I krb_ck_repl -if so desired. -.PP -.I krb_mk_err -constructs an application level error message that may be used along -with -.I krb_mk_priv -or -.I krb_mk_safe. -.I out -is a pointer to the output buffer, -.I code -is an application specific error code, and -.I string -is an application specific error string. - -.PP -.I krb_rd_err -unpacks a received -.I krb_mk_err -message. -.I in -points to the beginning of the received message, whose length -is specified in -.I in_length. -.I code -is a pointer to a value to be filled in with the error -value provided by the application. -.I msg_data -is a pointer to a -.I MSG_DAT -struct, defined in -.I krb.h . -The routine fills in these -.I MSG_DAT -fields: the -.I app_data -field with a pointer to the application error text, -.I app_length -with the length of the -.I app_data -field, and -.I swap -with a 1 if the byte order of the receiver is different than that of -the sender. (The application must still determine if it is appropriate -to byte-swap application data; the Kerberos protocol fields are already taken -care of). - -The routine returns zero if the error message has been successfully received, -or a Kerberos error code. -.PP -The -.I KTEXT -structure is used to pass around text of varying lengths. It consists -of a buffer for the data, and a length. krb_rd_req takes an argument of this -type containing the authenticator, and krb_mk_req returns the -authenticator in a structure of this type. KTEXT itself is really a -pointer to the structure. The actual structure is of type KTEXT_ST. -.PP -The -.I AUTH_DAT -structure is filled in by krb_rd_req. It must be allocated before -calling krb_rd_req, and a pointer to it is passed. The structure is -filled in with data obtained from Kerberos. -.I MSG_DAT -structure is filled in by either krb_rd_priv, krb_rd_safe, or -krb_rd_err. It must be allocated before the call and a pointer to it -is passed. The structure is -filled in with data obtained from Kerberos. -.PP -.SH FILES -/usr/include/kerberosIV/krb.h -.br -/usr/lib/libkrb.a -.br -/usr/include/kerberosIV/des.h -.br -/usr/lib/libdes.a -.br -/etc/kerberosIV/aname -.br -/etc/kerberosIV/srvtab -.br -/tmp/tkt[uid] -.SH "SEE ALSO" -kerberos(1), des_crypt(3) -.SH DIAGNOSTICS -.SH BUGS -The caller of -.I krb_rd_req, krb_rd_priv, and krb_rd_safe -must check time order and for replay attempts. -.I krb_ck_repl -is not implemented yet. -.SH AUTHORS -Clifford Neuman, MIT Project Athena -.br -Steve Miller, MIT Project Athena/Digital Equipment Corporation -.SH RESTRICTIONS -COPYRIGHT 1985,1986,1989 Massachusetts Institute of Technology diff --git a/eBones/man/krb_realmofhost.3 b/eBones/man/krb_realmofhost.3 deleted file mode 100644 index 63aa1eb..0000000 --- a/eBones/man/krb_realmofhost.3 +++ /dev/null @@ -1,161 +0,0 @@ -.\" from: krb_realmofhost.3,v 4.1 89/01/23 11:10:47 jtkohl Exp $ -.\" $Id: krb_realmofhost.3,v 1.1.1.1 1994/09/30 14:50:07 csgr Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file . -.\" -.TH KRB_REALMOFHOST 3 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -krb_realmofhost, krb_get_phost, krb_get_krbhst, krb_get_admhst, -krb_get_lrealm \- additional Kerberos utility routines -.SH SYNOPSIS -.nf -.nj -.ft B -#include -#include -#include -.PP -.ft B -char *krb_realmofhost(host) -char *host; -.PP -.ft B -char *krb_get_phost(alias) -char *alias; -.PP -.ft B -krb_get_krbhst(host,realm,n) -char *host; -char *realm; -int n; -.PP -.ft B -krb_get_admhst(host,realm,n) -char *host; -char *realm; -int n; -.PP -.ft B -krb_get_lrealm(realm,n) -char *realm; -int n; -.fi -.ft R -.SH DESCRIPTION -.I krb_realmofhost -returns the Kerberos realm of the host -.IR host , -as determined by the translation table -.IR /etc/kerberosIV/krb.realms . -.I host -should be the fully-qualified domain-style primary host name of the host -in question. In order to prevent certain security attacks, this routine -must either have -.I a priori -knowledge of a host's realm, or obtain such information securely. -.PP -The format of the translation file is described by -.IR krb.realms (5). -If -.I host -exactly matches a host_name line, the corresponding realm -is returned. -Otherwise, if the domain portion of -.I host -matches a domain_name line, the corresponding realm -is returned. -If -.I host -contains a domain, but no translation is found, -.IR host 's -domain is converted to upper-case and returned. -If -.I host -contains no discernable domain, or an error occurs, -the local realm name, as supplied by -.IR krb_get_lrealm (3), -is returned. -.PP -.I krb_get_phost -converts the hostname -.I alias -(which can be either an official name or an alias) into the instance -name to be used in obtaining Kerberos tickets for most services, -including the Berkeley rcmd suite (rlogin, rcp, rsh). -.br -The current convention is to return the first segment of the official -domain-style name after conversion to lower case. -.PP -.I krb_get_krbhst -fills in -.I host -with the hostname of the -.IR n th -host running a Kerberos key distribution center (KDC) -for realm -.IR realm , -as specified in the configuration file (\fI/etc/kerberosIV/krb.conf\fR). -The configuration file is described by -.IR krb.conf (5). -If the host is successfully filled in, the routine -returns KSUCCESS. -If the file cannot be opened, and -.I n -equals 1, then the value of KRB_HOST as defined in -.I -is filled in, and KSUCCESS is returned. If there are fewer than -.I n -hosts running a Kerberos KDC for the requested realm, or the -configuration file is malformed, the routine -returns KFAILURE. -.PP -.I krb_get_admhst -fills in -.I host -with the hostname of the -.IR n th -host running a Kerberos KDC database administration server -for realm -.IR realm , -as specified in the configuration file (\fI/etc/kerberosIV/krb.conf\fR). -If the file cannot be opened or is malformed, or there are fewer than -.I n -hosts running a Kerberos KDC database administration server, -the routine returns KFAILURE. -.PP -The character arrays used as return values for -.IR krb_get_krbhst , -.IR krb_get_admhst , -should be large enough to -hold any hostname (MAXHOSTNAMELEN from ). -.PP -.I krb_get_lrealm -fills in -.I realm -with the -.IR n th -realm of the local host, as specified in the configuration file. -.I realm -should be at least REALM_SZ (from -.IR ) characters long. -.PP -.SH SEE ALSO -kerberos(3), krb.conf(5), krb.realms(5) -.SH FILES -.TP 20n -/etc/kerberosIV/krb.realms -translation file for host-to-realm mapping. -.TP -/etc/kerberosIV/krb.conf -local realm-name and realm/server configuration file. -.SH BUGS -The current convention for instance names is too limited; the full -domain name should be used. -.PP -.I krb_get_lrealm -currently only supports -.I n -= 1. It should really consult the user's ticket cache to determine the -user's current realm, rather than consulting a file on the host. diff --git a/eBones/man/krb_sendauth.3 b/eBones/man/krb_sendauth.3 deleted file mode 100644 index a749bb5..0000000 --- a/eBones/man/krb_sendauth.3 +++ /dev/null @@ -1,348 +0,0 @@ -.\" from: krb_sendauth.3,v 4.1 89/01/23 11:10:58 jtkohl Exp $ -.\" $Id: krb_sendauth.3,v 1.1.1.1 1994/09/30 14:50:07 csgr Exp $ -.\" Copyright 1988 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file . -.\" -.TH KRB_SENDAUTH 3 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -krb_sendauth, krb_recvauth, krb_net_write, krb_net_read \- -Kerberos routines for sending authentication via network stream sockets -.SH SYNOPSIS -.nf -.nj -.ft B -#include -#include -#include -.PP -.fi -.HP 1i -.ft B -int krb_sendauth(options, fd, ktext, service, inst, realm, checksum, -msg_data, cred, schedule, laddr, faddr, version) -.nf -.RS 0 -.ft B -long options; -int fd; -KTEXT ktext; -char *service, *inst, *realm; -u_long checksum; -MSG_DAT *msg_data; -CREDENTIALS *cred; -Key_schedule schedule; -struct sockaddr_in *laddr, *faddr; -char *version; -.PP -.fi -.HP 1i -.ft B -int krb_recvauth(options, fd, ktext, service, inst, faddr, laddr, -auth_data, filename, schedule, version) -.nf -.RS 0 -.ft B -long options; -int fd; -KTEXT ktext; -char *service, *inst; -struct sockaddr_in *faddr, *laddr; -AUTH_DAT *auth_data; -char *filename; -Key_schedule schedule; -char *version; -.PP -.ft B -int krb_net_write(fd, buf, len) -int fd; -char *buf; -int len; -.PP -.ft B -int krb_net_read(fd, buf, len) -int fd; -char *buf; -int len; -.fi -.SH DESCRIPTION -.PP -These functions, -which are built on top of the core Kerberos library, -provide a convenient means for client and server -programs to send authentication messages -to one another through network connections. -The -.I krb_sendauth -function sends an authenticated ticket from the client program to -the server program by writing the ticket to a network socket. -The -.I krb_recvauth -function receives the ticket from the client by -reading from a network socket. - -.SH KRB_SENDAUTH -.PP -This function writes the ticket to -the network socket specified by the -file descriptor -.IR fd, -returning KSUCCESS if the write proceeds successfully, -and an error code if it does not. - -The -.I ktext -argument should point to an allocated KTEXT_ST structure. -The -.IR service, -.IR inst, -and -.IR realm -arguments specify the server program's Kerberos principal name, -instance, and realm. -If you are writing a client that uses the local realm exclusively, -you can set the -.I realm -argument to NULL. - -The -.I version -argument allows the client program to pass an application-specific -version string that the server program can then match against -its own version string. -The -.I version -string can be up to KSEND_VNO_LEN (see -.IR ) -characters in length. - -The -.I checksum -argument can be used to pass checksum information to the -server program. -The client program is responsible for specifying this information. -This checksum information is difficult to corrupt because -.I krb_sendauth -passes it over the network in encrypted form. -The -.I checksum -argument is passed as the checksum argument to -.IR krb_mk_req . - -You can set -.IR krb_sendauth's -other arguments to NULL unless you want the -client and server programs to mutually authenticate -themselves. -In the case of mutual authentication, -the client authenticates itself to the server program, -and demands that the server in turn authenticate itself to -the client. - -.SH KRB_SENDAUTH AND MUTUAL AUTHENTICATION -.PP -If you want mutual authentication, -make sure that you read all pending data from the local socket -before calling -.IR krb_sendauth. -Set -.IR krb_sendauth's -.I options -argument to -.BR KOPT_DO_MUTUAL -(this macro is defined in the -.IR krb.h -file); -make sure that the -.I laddr -argument points to -the address of the local socket, -and that -.I faddr -points to the foreign socket's network address. - -.I Krb_sendauth -fills in the other arguments-- -.IR msg_data , -.IR cred , -and -.IR schedule --before -sending the ticket to the server program. -You must, however, allocate space for these arguments -before calling the function. - -.I Krb_sendauth -supports two other options: -.BR KOPT_DONT_MK_REQ, -and -.BR KOPT_DONT_CANON. -If called with -.I options -set as KOPT_DONT_MK_REQ, -.I krb_sendauth -will not use the -.I krb_mk_req -function to retrieve the ticket from the Kerberos server. -The -.I ktext -argument must point to an existing ticket and authenticator (such as -would be created by -.IR krb_mk_req ), -and the -.IR service, -.IR inst, -and -.IR realm -arguments can be set to NULL. - -If called with -.I options -set as KOPT_DONT_CANON, -.I krb_sendauth -will not convert the service's instance to canonical form using -.IR krb_get_phost (3). - -If you want to call -.I krb_sendauth -with a multiple -.I options -specification, -construct -.I options -as a bitwise-OR of the options you want to specify. - -.SH KRB_RECVAUTH -.PP -The -.I krb_recvauth -function -reads a ticket/authenticator pair from the socket pointed to by the -.I fd -argument. -Set the -.I options -argument -as a bitwise-OR of the options desired. -Currently only KOPT_DO_MUTUAL is useful to the receiver. - -The -.I ktext -argument -should point to an allocated KTEXT_ST structure. -.I Krb_recvauth -fills -.I ktext -with the -ticket/authenticator pair read from -.IR fd , -then passes it to -.IR krb_rd_req . - -The -.I service -and -.I inst -arguments -specify the expected service and instance for which the ticket was -generated. They are also passed to -.IR krb_rd_req. -The -.I inst -argument may be set to "*" if the caller wishes -.I krb_mk_req -to fill in the instance used (note that there must be space in the -.I inst -argument to hold a full instance name, see -.IR krb_mk_req (3)). - -The -.I faddr -argument -should point to the address of the peer which is presenting the ticket. -It is also passed to -.IR krb_rd_req . - -If the client and server plan to mutually authenticate -one another, -the -.I laddr -argument -should point to the local address of the file descriptor. -Otherwise you can set this argument to NULL. - -The -.I auth_data -argument -should point to an allocated AUTH_DAT area. -It is passed to and filled in by -.IR krb_rd_req . -The checksum passed to the corresponding -.I krb_sendauth -is available as part of the filled-in AUTH_DAT area. - -The -.I filename -argument -specifies the filename -which the service program should use to obtain its service key. -.I Krb_recvauth -passes -.I filename -to the -.I krb_rd_req -function. -If you set this argument to "", -.I krb_rd_req -looks for the service key in the file -.IR /etc/kerberosIV/srvtab. - -If the client and server are performing mutual authenication, -the -.I schedule -argument -should point to an allocated Key_schedule. -Otherwise it is ignored and may be NULL. - -The -.I version -argument should point to a character array of at least KSEND_VNO_LEN -characters. It is filled in with the version string passed by the client to -.IR krb_sendauth. -.PP -.SH KRB_NET_WRITE AND KRB_NET_READ -.PP -The -.I krb_net_write -function -emulates the write(2) system call, but guarantees that all data -specified is written to -.I fd -before returning, unless an error condition occurs. -.PP -The -.I krb_net_read -function -emulates the read(2) system call, but guarantees that the requested -amount of data is read from -.I fd -before returning, unless an error condition occurs. -.PP -.SH BUGS -.IR krb_sendauth, -.IR krb_recvauth, -.IR krb_net_write, -and -.IR krb_net_read -will not work properly on sockets set to non-blocking I/O mode. - -.SH SEE ALSO - -krb_mk_req(3), krb_rd_req(3), krb_get_phost(3) - -.SH AUTHOR -John T. Kohl, MIT Project Athena -.SH RESTRICTIONS -Copyright 1988, Massachusetts Instititute of Technology. -For copying and distribution information, -please see the file . diff --git a/eBones/man/krb_set_tkt_string.3 b/eBones/man/krb_set_tkt_string.3 deleted file mode 100644 index 73b5e5d..0000000 --- a/eBones/man/krb_set_tkt_string.3 +++ /dev/null @@ -1,43 +0,0 @@ -.\" from: krb_set_tkt_string.3,v 4.1 89/01/23 11:11:09 jtkohl Exp $ -.\" $Id: krb_set_tkt_string.3,v 1.1.1.1 1994/09/30 14:50:07 csgr Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file . -.\" -.TH KRB_SET_TKT_STRING 3 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -krb_set_tkt_string \- set Kerberos ticket cache file name -.SH SYNOPSIS -.nf -.nj -.ft B -#include -.PP -.ft B -void krb_set_tkt_string(filename) -char *filename; -.fi -.ft R -.SH DESCRIPTION -.I krb_set_tkt_string -sets the name of the file that holds the user's -cache of Kerberos server tickets and associated session keys. -.PP -The string -.I filename -passed in is copied into local storage. -Only MAXPATHLEN-1 (see ) characters of the filename are -copied in for use as the cache file name. -.PP -This routine should be called during initialization, before other -Kerberos routines are called; otherwise the routines which fetch the -ticket cache file name may be called and return an undesired ticket file -name until this routine is called. -.SH FILES -.TP 20n -/tmp/tkt[uid] -default ticket file name, unless the environment variable KRBTKFILE is set. -[uid] denotes the user's uid, in decimal. -.SH SEE ALSO -kerberos(3), setenv(3) diff --git a/eBones/man/ksrvtgt.1 b/eBones/man/ksrvtgt.1 deleted file mode 100644 index 129c745..0000000 --- a/eBones/man/ksrvtgt.1 +++ /dev/null @@ -1,51 +0,0 @@ -.\" from: ksrvtgt.1,v 4.1 89/01/24 14:36:28 jtkohl Exp $ -.\" $Id: ksrvtgt.1,v 1.1.1.1 1994/09/30 14:50:07 csgr Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file . -.\" -.TH KSRVTGT 1 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -ksrvtgt \- fetch and store Kerberos ticket-granting-ticket using a -service key -.SH SYNOPSIS -.B ksrvtgt -name instance [[realm] srvtab] -.SH DESCRIPTION -.I ksrvtgt -retrieves a ticket-granting ticket with a lifetime of five (5) minutes -for the principal -.I name.instance@realm -(or -.I name.instance@localrealm -if -.I realm -is not supplied on the command line), decrypts the response using -the service key found in -.I srvtab -(or in -.B /etc/kerberosIV/srvtab -if -.I srvtab -is not specified on the command line), and stores the ticket in the -standard ticket cache. -.PP -This command is intended primarily for use in shell scripts and other -batch-type facilities. -.SH DIAGNOSTICS -"Generic kerberos failure (kfailure)" can indicate a whole range of -problems, the most common of which is the inability to read the service -key file. -.SH FILES -.TP 2i -/etc/kerberosIV/krb.conf -to get the name of the local realm. -.TP -/tmp/tkt[uid] -The default ticket file. -.TP -/etc/kerberosIV/srvtab -The default service key file. -.SH SEE ALSO -kerberos(1), kinit(1), kdestroy(1) diff --git a/eBones/man/kstash.8 b/eBones/man/kstash.8 deleted file mode 100644 index ac8c57b..0000000 --- a/eBones/man/kstash.8 +++ /dev/null @@ -1,44 +0,0 @@ -.\" from: kstash.8,v 4.1 89/01/23 11:11:39 jtkohl Exp $ -.\" $Id: kstash.8,v 1.1.1.1 1994/09/30 14:50:07 csgr Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file . -.\" -.TH KSTASH 8 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -kstash \- stash Kerberos key distribution center database master key -.SH SYNOPSIS -kstash -.SH DESCRIPTION -.I kstash -saves the Kerberos key distribution center (KDC) database master key in -the master key cache file. -.PP -The user is prompted to enter the key, to verify the authenticity of the -key and the authorization to store the key in the file. -.SH DIAGNOSTICS -.TP 20n -"verify_master_key: Invalid master key, does not match database." -The master key string entered was incorrect. -.TP -"kstash: Unable to open master key file" -The attempt to open the cache file for writing failed (probably due to a -system or access permission error). -.TP -"kstash: Write I/O error on master key file" -The -.BR write (2) -system call returned an error while -.I kstash -was attempting to write the key to the file. -.SH FILES -.TP 20n -/etc/kerberosIV/principal.db -DBM file containing database -.TP -/etc/kerberosIV/principal.ok -Semaphore indicating that the DBM database is not being modified. -.TP -/etc/kerberosIV/master_key -Master key cache file. diff --git a/eBones/man/kuserok.3 b/eBones/man/kuserok.3 deleted file mode 100644 index c7581a6..0000000 --- a/eBones/man/kuserok.3 +++ /dev/null @@ -1,63 +0,0 @@ -.\" from: kuserok.3,v 4.1 89/01/23 11:11:49 jtkohl Exp $ -.\" $Id: kuserok.3,v 1.1.1.1 1994/09/30 14:50:07 csgr Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file . -.\" -.TH KUSEROK 3 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -kuserok \- Kerberos version of ruserok -.SH SYNOPSIS -.nf -.nj -.ft B -#include -.PP -.ft B -kuserok(kdata, localuser) -AUTH_DAT *auth_data; -char *localuser; -.fi -.ft R -.SH DESCRIPTION -.I kuserok -determines whether a Kerberos principal described by the structure -.I auth_data -is authorized to login as user -.I localuser -according to the authorization file -("~\fIlocaluser\fR/.klogin" by default). It returns 0 (zero) if authorized, -1 (one) if not authorized. -.PP -If there is no account for -.I localuser -on the local machine, authorization is not granted. -If there is no authorization file, and the Kerberos principal described -by -.I auth_data -translates to -.I localuser -(using -.IR krb_kntoln (3)), -authorization is granted. -If the authorization file -can't be accessed, or the file is not owned by -.IR localuser, -authorization is denied. Otherwise, the file is searched for -a matching principal name, instance, and realm. If a match is found, -authorization is granted, else authorization is denied. -.PP -The file entries are in the format: -.nf -.in +5n - name.instance@realm -.in -5n -.fi -with one entry per line. -.SH SEE ALSO -kerberos(3), ruserok(3), krb_kntoln(3) -.SH FILES -.TP 20n -~\fIlocaluser\fR/.klogin -authorization list diff --git a/eBones/man/tf_util.3 b/eBones/man/tf_util.3 deleted file mode 100644 index ee6e436..0000000 --- a/eBones/man/tf_util.3 +++ /dev/null @@ -1,151 +0,0 @@ -.\" from: tf_util.3,v 4.2 89/04/25 17:17:11 jtkohl Exp $ -.\" $Id: tf_util.3,v 1.1.1.1 1994/09/30 14:50:08 csgr Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file . -.\" -.TH TF_UTIL 3 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -tf_init, tf_get_pname, tf_get_pinst, tf_get_cred, tf_close \ -\- Routines for manipulating a Kerberos ticket file -.SH SYNOPSIS -.nf -.nj -.ft B -#include -.PP -.ft B -extern char *krb_err_txt[]; -.PP -.ft B -tf_init(tf_name, rw) -char *tf_name; -int rw; -.PP -.ft B -tf_get_pname(pname) -char *pname; -.PP -.ft B -tf_get_pinst(pinst) -char *pinst; -.PP -.ft B -tf_get_cred(c) -CREDENTIALS *c; -.PP -.ft B -tf_close() -.PP -.fi -.SH DESCRIPTION -This group of routines are provided to manipulate the Kerberos tickets -file. A ticket file has the following format: -.nf -.in +4 -.sp -principal's name (null-terminated string) -principal's instance (null-terminated string) -CREDENTIAL_1 -CREDENTIAL_2 - ... -CREDENTIAL_n -EOF -.sp -.in -4 -.LP -Where "CREDENTIAL_x" consists of the following fixed-length -fields from the CREDENTIALS structure (defined in ): -.nf -.sp -.in +4 - char service[ANAME_SZ] - char instance[INST_SZ] - char realm[REALM_SZ] - des_cblock session - int lifetime - int kvno - KTEXT_ST ticket_st - long issue_date -.in -4 -.sp -.fi -.PP -.I tf_init -must be called before the other ticket file -routines. -It takes the name of the ticket file to use, -and a read/write flag as arguments. -It tries to open the ticket file, checks the mode and if -everything is okay, locks the file. If it's opened for -reading, the lock is shared. If it's opened for writing, -the lock is exclusive. -KSUCCESS is returned if all went well, otherwise one of the -following: -.nf -.sp -NO_TKT_FIL - file wasn't there -TKT_FIL_ACC - file was in wrong mode, etc. -TKT_FIL_LCK - couldn't lock the file, even after a retry -.sp -.fi -.PP -The -.I tf_get_pname -reads the principal's name from a ticket file. -It should only be called after tf_init has been called. The -principal's name is filled into the -.I pname -parameter. If all goes -well, KSUCCESS is returned. -If tf_init wasn't called, TKT_FIL_INI -is returned. -If the principal's name was null, or EOF was encountered, or the -name was longer than ANAME_SZ, TKT_FIL_FMT is returned. -.PP -The -.I tf_get_pinst -reads the principal's instance from a ticket file. -It should only be called after tf_init and tf_get_pname -have been called. -The principal's instance is filled into the -.I pinst -parameter. -If all goes -well, KSUCCESS is returned. -If tf_init wasn't called, TKT_FIL_INI -is returned. -If EOF was encountered, or the -name was longer than INST_SZ, TKT_FIL_FMT is returned. -Note that, unlike the principal name, the instance name may be null. -.PP -The -.I tf_get_cred -routine reads a CREDENTIALS record from a ticket file and -fills in the given structure. -It should only be called after -tf_init, tf_get_pname, and tf_get_pinst have been called. -If all goes well, KSUCCESS is returned. Possible error codes -are: -.nf -.sp -TKT_FIL_INI - tf_init wasn't called first -TKT_FIL_FMT - bad format -EOF - end of file encountered -.sp -.fi -.PP -.I tf_close -closes the ticket file and releases the lock on it. -.SH "SEE ALSO" -krb(3) -.SH DIAGNOSTICS -.SH BUGS -The ticket file routines have to be called in a certain order. -.SH AUTHORS -Jennifer Steiner, MIT Project Athena -.br -Bill Bryant, MIT Project Athena -.SH RESTRICTIONS -Copyright 1987 Massachusetts Institute of Technology diff --git a/eBones/passwd/HOW-TO b/eBones/passwd/HOW-TO deleted file mode 100644 index aad3b9c..0000000 --- a/eBones/passwd/HOW-TO +++ /dev/null @@ -1,247 +0,0 @@ -Here's how to regenerate this from the original eBones: - -1) Copy kpasswd.c from the admin directory. -2) perl -spi.bak -e 's/\$(Header[^\$]*)\$/$1/g' *.[ch] -3) Apply the following patch: - -*** /home/wollman/kpasswd.orig/kpasswd.c Fri Jan 20 16:01:36 1995 ---- kpasswd.c Fri Jan 20 16:29:57 1995 -*************** -*** 1,10 **** - /* -- * $Source: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kpasswd.c,v $ -- * $Author: jtkohl $ -- * - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file -! * . - * - * change your password with kerberos ---- 1,7 ---- - /* - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file -! * Copyright.MIT. - * - * change your password with kerberos -*************** -*** 12,20 **** - - #ifndef lint - static char rcsid_kpasswd_c[] = - "BonesHeader: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kpasswd.c,v 4.3 89/09/26 09:33:02 jtkohl Exp "; - #endif lint - -- #include - /* - * kpasswd ---- 9,20 ---- - - #ifndef lint -+ #if 0 - static char rcsid_kpasswd_c[] = - "BonesHeader: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kpasswd.c,v 4.3 89/09/26 09:33:02 jtkohl Exp "; -+ #endif -+ static const char rcsid[] = -+ "$Id$"; - #endif lint - - /* - * kpasswd -*************** -*** 28,36 **** - #include "kadm.h" - - extern void krb_set_tkt_string(); - -! main(argc,argv) -! int argc; -! char *argv[]; - { - char name[ANAME_SZ]; /* name of user */ ---- 28,38 ---- - #include "kadm.h" - -+ #include "extern.h" -+ - extern void krb_set_tkt_string(); -+ static void go_home(char *, int); - -! -! int krb_passwd(char *uname, char *iflag, char *rflag, char *uflag) - { - char name[ANAME_SZ]; /* name of user */ -*************** -*** 66,74 **** - default_realm) != KSUCCESS) { - pw = getpwuid((int) getuid()); -! if (pw) -! (void) strcpy(default_name, pw->pw_name); -! else - /* seems like a null name is kinda silly */ -! (void) strcpy(default_name, ""); - strcpy(default_inst, ""); - if (krb_get_lrealm(default_realm, 1) != KSUCCESS) ---- 68,77 ---- - default_realm) != KSUCCESS) { - pw = getpwuid((int) getuid()); -! if (pw) { -! strcpy(default_name, pw->pw_name); -! } else { - /* seems like a null name is kinda silly */ -! strcpy(default_name, ""); -! } - strcpy(default_inst, ""); - if (krb_get_lrealm(default_realm, 1) != KSUCCESS) -*************** -*** 76,85 **** - } - -! while ((c = getopt(argc, argv, "u:n:i:r:h")) != EOF) { -! switch (c) { -! case 'u': -! if (status = kname_parse(name, inst, realm, optarg)) { -! fprintf(stderr, "Kerberos error: %s\n", krb_err_txt[status]); -! exit(2); - } - if (realm[0]) ---- 79,85 ---- - } - -! if(uflag) { -! if (status = kname_parse(name, inst, realm, uflag)) { -! errx(2, "Kerberos error: %s", krb_err_txt[status]); - } - if (realm[0]) -*************** -*** 88,130 **** - if (krb_get_lrealm(realm, 1) != KSUCCESS) - strcpy(realm, KRB_REALM); -! break; -! case 'n': -! if (k_isname(optarg)) -! (void) strncpy(name, optarg, sizeof(name) - 1); -! else { -! fprintf(stderr, "Bad name: %s\n", optarg); -! usage(1); -! } -! break; -! case 'i': -! if (k_isinst(optarg)) -! (void) strncpy(inst, optarg, sizeof(inst) - 1); -! else { -! fprintf(stderr, "Bad instance: %s\n", optarg); -! usage(1); - } -! (void) strcpy(inst, optarg); -! break; -! case 'r': -! if (k_isrealm(optarg)) { -! (void) strncpy(realm, optarg, sizeof(realm) - 1); -! realm_given++; - } -! else { -! fprintf(stderr, "Bad realm: %s\n", optarg); -! usage(1); - } -- break; -- case 'h': -- usage(0); -- break; -- default: -- usage(1); -- break; -- } -- use_default = 0; - } -! if (optind < argc) -! usage(1); - - if (use_default) { ---- 88,119 ---- - if (krb_get_lrealm(realm, 1) != KSUCCESS) - strcpy(realm, KRB_REALM); -! } -! -! if(uname) { -! if (k_isname(uname)) { -! strncpy(name, uname, sizeof(name) - 1); -! } else { -! errx(1, "bad name: %s", uname); - } -! } -! -! if(iflag) { -! if (k_isinst(iflag)) { -! strncpy(inst, iflag, sizeof(inst) - 1); -! } else { -! errx(1, "bad instance: %s", iflag); - } -! } -! -! if(rflag) { -! if (k_isrealm(rflag)) { -! strncpy(realm, rflag, sizeof(realm) - 1); -! realm_given++; -! } else { -! errx(1, "bad realm: %s", rflag); - } - } -! -! if(uname || iflag || rflag || uflag) use_default = 0; - - if (use_default) { -*************** -*** 132,137 **** - strcpy(inst, default_inst); - strcpy(realm, default_realm); -! } -! else { - if (!name[0]) - strcpy(name, default_name); ---- 121,125 ---- - strcpy(inst, default_inst); - strcpy(realm, default_realm); -! } else { - if (!name[0]) - strcpy(name, default_name); -*************** -*** 147,153 **** - if ((status = kadm_init_link("changepw", KRB_MASTER, realm)) - != KADM_SUCCESS) -! com_err(argv[0], status, "while initializing"); - else if ((status = kadm_change_pw(new_key)) != KADM_SUCCESS) -! com_err(argv[0], status, " attempting to change password."); - - if (status != KADM_SUCCESS) ---- 135,141 ---- - if ((status = kadm_init_link("changepw", KRB_MASTER, realm)) - != KADM_SUCCESS) -! com_err("kpasswd", status, "while initializing"); - else if ((status = kadm_change_pw(new_key)) != KADM_SUCCESS) -! com_err("kpasswd", status, " attempting to change password."); - - if (status != KADM_SUCCESS) -*************** -*** 225,237 **** - } - -! usage(value) -! int value; -! { -! fprintf(stderr, "Usage: "); -! fprintf(stderr, "kpasswd [-h ] [-n user] [-i instance] [-r realm] "); -! fprintf(stderr, "[-u fullname]\n"); -! exit(value); -! } -! - go_home(str,x) - char *str; ---- 213,217 ---- - } - -! static void - go_home(str,x) - char *str; diff --git a/eBones/passwd/Makefile b/eBones/passwd/Makefile deleted file mode 100644 index 5dba6a3..0000000 --- a/eBones/passwd/Makefile +++ /dev/null @@ -1,23 +0,0 @@ -# $Id$ - -PROG= passwd -BINDIR= /usr/bin - -SRCS= local_passwd.c passwd.c pw_copy.c pw_util.c kpasswd.c -.PATH: ${.CURDIR}/../../usr.bin/chpass ${.CURDIR}/../../usr.sbin/vipw \ - ${.CURDIR}/../../usr.bin/rlogin ${.CURDIR}/../../usr.bin/passwd -CFLAGS+= -DKERBEROS -DPOSIX \ - -I${.CURDIR} -I${.CURDIR}/../../usr.sbin/vipw \ - -I${.CURDIR}/../../usr.bin/chpass \ - -I${.CURDIR}/../../usr.bin/passwd \ - -I${.CURDIR}/../include \ - -I${.CURDIR}/../libkadm -LDADD= -L${KADMOBJDIR} -lkadm -L${KRBOBJDIR} -lkrb -L${DESOBJDIR} -ldes \ - -lcrypt -lcom_err - -BINOWN= root -BINMODE=4555 -INSTALLFLAGS= -fschg -NOMAN= #man page installed by regular passwd - -.include diff --git a/eBones/passwd/kpasswd.c b/eBones/passwd/kpasswd.c deleted file mode 100644 index 56e76a3..0000000 --- a/eBones/passwd/kpasswd.c +++ /dev/null @@ -1,223 +0,0 @@ -/* - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * Copyright.MIT. - * - * change your password with kerberos - */ - -#ifndef lint -#if 0 -static char rcsid_kpasswd_c[] = - "BonesHeader: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kpasswd.c,v 4.3 89/09/26 09:33:02 jtkohl Exp "; -#endif -static const char rcsid[] = - "$Id: kpasswd.c,v 1.1 1995/07/18 16:41:20 mark Exp $"; -#endif lint - -/* - * kpasswd - * change your password with kerberos - */ - -#include -#include -#include -#include -#include "kadm.h" - -#include "extern.h" - -extern void krb_set_tkt_string(); -static void go_home(char *, int); - - -int krb_passwd(char *uname, char *iflag, char *rflag, char *uflag) -{ - char name[ANAME_SZ]; /* name of user */ - char inst[INST_SZ]; /* instance of user */ - char realm[REALM_SZ]; /* realm of user */ - char default_name[ANAME_SZ]; - char default_inst[INST_SZ]; - char default_realm[REALM_SZ]; - int realm_given = 0; /* True if realm was give on cmdline */ - int use_default = 1; /* True if we should use default name */ - struct passwd *pw; - int status; /* return code */ - des_cblock new_key; - int c; - extern char *optarg; - extern int optind; - char tktstring[MAXPATHLEN]; - - void get_pw_new_key(); - -#ifdef NOENCRYPTION -#define read_long_pw_string placebo_read_pw_string -#else -#define read_long_pw_string des_read_pw_string -#endif - int read_long_pw_string(); - - bzero(name, sizeof(name)); - bzero(inst, sizeof(inst)); - bzero(realm, sizeof(realm)); - - if (krb_get_tf_fullname(TKT_FILE, default_name, default_inst, - default_realm) != KSUCCESS) { - pw = getpwuid((int) getuid()); - if (pw) { - strcpy(default_name, pw->pw_name); - } else { - /* seems like a null name is kinda silly */ - strcpy(default_name, ""); - } - strcpy(default_inst, ""); - if (krb_get_lrealm(default_realm, 1) != KSUCCESS) - strcpy(default_realm, KRB_REALM); - } - - if(uflag) { - if (status = kname_parse(name, inst, realm, uflag)) { - errx(2, "Kerberos error: %s", krb_err_txt[status]); - } - if (realm[0]) - realm_given++; - else - if (krb_get_lrealm(realm, 1) != KSUCCESS) - strcpy(realm, KRB_REALM); - } - - if(uname) { - if (k_isname(uname)) { - strncpy(name, uname, sizeof(name) - 1); - } else { - errx(1, "bad name: %s", uname); - } - } - - if(iflag) { - if (k_isinst(iflag)) { - strncpy(inst, iflag, sizeof(inst) - 1); - } else { - errx(1, "bad instance: %s", iflag); - } - } - - if(rflag) { - if (k_isrealm(rflag)) { - strncpy(realm, rflag, sizeof(realm) - 1); - realm_given++; - } else { - errx(1, "bad realm: %s", rflag); - } - } - - if(uname || iflag || rflag || uflag) use_default = 0; - - if (use_default) { - strcpy(name, default_name); - strcpy(inst, default_inst); - strcpy(realm, default_realm); - } else { - if (!name[0]) - strcpy(name, default_name); - if (!realm[0]) - strcpy(realm, default_realm); - } - - (void) sprintf(tktstring, "/tmp/tkt_cpw_%d",getpid()); - krb_set_tkt_string(tktstring); - - get_pw_new_key(new_key, name, inst, realm, realm_given); - - if ((status = kadm_init_link("changepw", KRB_MASTER, realm)) - != KADM_SUCCESS) - com_err("kpasswd", status, "while initializing"); - else if ((status = kadm_change_pw(new_key)) != KADM_SUCCESS) - com_err("kpasswd", status, " attempting to change password."); - - if (status != KADM_SUCCESS) - fprintf(stderr,"Password NOT changed.\n"); - else - printf("Password changed.\n"); - - (void) dest_tkt(); - if (status) - exit(2); - else - exit(0); -} - -void get_pw_new_key(new_key, name, inst, realm, print_realm) - des_cblock new_key; - char *name; - char *inst; - char *realm; - int print_realm; /* True if realm was give on cmdline */ -{ - char ppromp[40+ANAME_SZ+INST_SZ+REALM_SZ]; /* for the password prompt */ - char pword[MAX_KPW_LEN]; /* storage for the password */ - char npromp[40+ANAME_SZ+INST_SZ+REALM_SZ]; /* for the password prompt */ - - char local_realm[REALM_SZ]; - int status; - - /* - * We don't care about failure; this is to determine whether or - * not to print the realm in the prompt for a new password. - */ - (void) krb_get_lrealm(local_realm, 1); - - if (strcmp(local_realm, realm)) - print_realm++; - - (void) sprintf(ppromp,"Old password for %s%s%s%s%s:", - name, *inst ? "." : "", inst, - print_realm ? "@" : "", print_realm ? realm : ""); - if (read_long_pw_string(pword, sizeof(pword)-1, ppromp, 0)) { - fprintf(stderr, "Error reading old password.\n"); - exit(1); - } - - if ((status = krb_get_pw_in_tkt(name, inst, realm, PWSERV_NAME, - KADM_SINST, 1, pword)) != KSUCCESS) { - if (status == INTK_BADPW) { - printf("Incorrect old password.\n"); - exit(0); - } - else { - fprintf(stderr, "Kerberos error: %s\n", krb_err_txt[status]); - exit(1); - } - } - bzero(pword, sizeof(pword)); - do { - (void) sprintf(npromp,"New Password for %s%s%s%s%s:", - name, *inst ? "." : "", inst, - print_realm ? "@" : "", print_realm ? realm : ""); - if (read_long_pw_string(pword, sizeof(pword)-1, npromp, 1)) - go_home("Error reading new password, password unchanged.\n",0); - if (strlen(pword) == 0) - printf("Null passwords are not allowed; try again.\n"); - } while (strlen(pword) == 0); - -#ifdef NOENCRYPTION - bzero((char *) new_key, sizeof(des_cblock)); - new_key[0] = (unsigned char) 1; -#else - (void) des_string_to_key(pword, new_key); -#endif - bzero(pword, sizeof(pword)); -} - -static void -go_home(str,x) - char *str; - int x; -{ - fprintf(stderr, str, x); - (void) dest_tkt(); - exit(1); -} diff --git a/eBones/register/Makefile b/eBones/register/Makefile deleted file mode 100644 index 9adfc93..0000000 --- a/eBones/register/Makefile +++ /dev/null @@ -1,14 +0,0 @@ -# @(#)Makefile 8.1 (Berkeley) 6/1/93 -# $Id: Makefile,v 1.5 1995/07/18 16:41:22 mark Exp $ - -PROG= register -SRCS= register.c -CFLAGS+=-DCRYPT -DDEBUG -DKERBEROS -I${.CURDIR}/../include -Wall -.PATH: ${.CURDIR}/../../usr.bin/rlogin -DPADD= ${LIBKRB} -LDADD= -L${KRBOBJDIR} -lkrb -ldes -lcrypt -BINDIR= /usr/bin -BINOWN= root -BINMODE=4555 - -.include diff --git a/eBones/register/register.c b/eBones/register/register.c deleted file mode 100644 index 4f083a7..0000000 --- a/eBones/register/register.c +++ /dev/null @@ -1,315 +0,0 @@ -/*- - * Copyright (c) 1989, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if 0 -#ifndef lint -static char copyright[] = -"@(#) Copyright (c) 1989, 1993\n\ - The Regents of the University of California. All rights reserved.\n"; -static char sccsid[] = "@(#)register.c 8.1 (Berkeley) 6/1/93"; -#endif /* not lint */ -#endif - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "pathnames.h" -#include "register_proto.h" - -#define SERVICE "krbupdate" /* service to add to KDC's database */ -#define PROTOCOL "tcp" - -void die(void); -void type_info(void); -void setup_key(struct sockaddr_in local); -void cleanup(void); -int get_user_info(void); - -char realm[REALM_SZ]; -char krbhst[MAX_HSTNM]; - -static char pname[ANAME_SZ]; -static char iname[INST_SZ]; -static char password[_PASSWORD_LEN]; - -void -main(argc, argv) - int argc; - char **argv; -{ - struct servent *se; - struct hostent *host; - struct sockaddr_in sin, local; - int rval; - int sock, llen; - u_char code; - static struct rlimit rl = { 0, 0 }; - - signal(SIGPIPE, (__sighandler_t *)die); - - if (setrlimit(RLIMIT_CORE, &rl) < 0) { - perror("rlimit"); - exit(1); - } - - if ((se = getservbyname(SERVICE, PROTOCOL)) == NULL) { - fprintf(stderr, "couldn't find entry for service %s\n", - SERVICE); - exit(1); - } - if ((rval = krb_get_lrealm(realm,0)) != KSUCCESS) { - fprintf(stderr, "couldn't get local Kerberos realm: %s\n", - krb_err_txt[rval]); - exit(1); - } - - if ((rval = krb_get_krbhst(krbhst, realm, 1)) != KSUCCESS) { - fprintf(stderr, "couldn't get Kerberos host: %s\n", - krb_err_txt[rval]); - exit(1); - } - - if ((host = gethostbyname(krbhst)) == NULL) { - fprintf(stderr, "couldn't get host entry for host %s\n", - krbhst); - exit(1); - } - - sin.sin_family = host->h_addrtype; - (void)bcopy(host->h_addr, (char *) &sin.sin_addr, host->h_length); - sin.sin_port = se->s_port; - - if ((sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) { - perror("socket"); - exit(1); - } - - if (connect(sock, (struct sockaddr *) &sin, sizeof(sin)) < 0) { - perror("connect"); - (void)close(sock); - exit(1); - } - - llen = sizeof(local); - if (getsockname(sock, (struct sockaddr *) &local, &llen) < 0) { - perror("getsockname"); - (void)close(sock); - exit(1); - } - - setup_key(local); - - type_info(); - - if (!get_user_info()) { - code = ABORT; - (void)des_write(sock, &code, 1); - cleanup(); - exit(1); - } - - code = APPEND_DB; - if (des_write(sock, &code, 1) != 1) { - perror("write 1"); - cleanup(); - exit(1); - } - - if (des_write(sock, pname, ANAME_SZ) != ANAME_SZ) { - perror("write principal name"); - cleanup(); - exit(1); - } - - if (des_write(sock, iname, INST_SZ) != INST_SZ) { - perror("write instance name"); - cleanup(); - exit(1); - } - - if (des_write(sock, password, 255) != 255) { - perror("write password"); - cleanup(); - exit(1); - } - - /* get return message */ - - { - int cc; - char msgbuf[BUFSIZ]; - - cc = read(sock, msgbuf, BUFSIZ); - if (cc <= 0) { - fprintf(stderr, "protocol error during key verification\n"); - cleanup(); - exit(1); - } - if (strncmp(msgbuf, GOTKEY_MSG, 6) != 0) { - fprintf(stderr, "%s: %s", krbhst, msgbuf); - cleanup(); - exit(1); - } - - cc = des_read(sock, msgbuf, BUFSIZ); - if (cc <= 0) { - fprintf(stderr, "protocol error during read\n"); - cleanup(); - exit(1); - } else { - printf("%s: %s", krbhst, msgbuf); - } - } - - cleanup(); - close(sock); -} - -void -cleanup() -{ - bzero(password, 255); -} - -extern char *crypt(); -extern char *getpass(); - -int -get_user_info() -{ - int uid = getuid(); - int valid = 0, i; - struct passwd *pw; - char *pas, *namep; - - /* NB: we must run setuid-root to get at the real pw file */ - - if ((pw = getpwuid(uid)) == NULL) { - fprintf(stderr, "Who are you?\n"); - return(0); - } - (void)seteuid(uid); - (void)strcpy(pname, pw->pw_name); /* principal name */ - - for (i = 1; i < 3; i++) { - pas = getpass("login password:"); - namep = crypt(pas, pw->pw_passwd); - if (strcmp(namep, pw->pw_passwd)) { - fprintf(stderr, "Password incorrect\n"); - continue; - } else { - valid = 1; - break; - } - } - if (!valid) - return(0); - pas = getpass("Kerberos password (may be the same):"); - while (*pas == NULL) { - printf(" password not allowed\n"); - pas = getpass("Kerberos password (may be the same):"); - } - (void)strcpy(password, pas); /* password */ - pas = getpass("Retype Kerberos password:"); - if (strcmp(password, pas)) { - fprintf(stderr, "Password mismatch -- aborted\n"); - return(0); - } - - iname[0] = NULL; /* null instance name */ - return(1); -} - -void -setup_key(local) - struct sockaddr_in local; -{ - static struct keyfile_data kdata; - static Key_schedule schedule; - int fd; - char namebuf[MAXPATHLEN]; - - (void) sprintf(namebuf, "%s%s", - CLIENT_KEYFILE, - inet_ntoa(local.sin_addr)); - - fd = open(namebuf, O_RDONLY); - if (fd < 0) { - fprintf(stderr, "couldn't open key file %s for local host: ", - namebuf); - perror(""); - exit(1); - } - - if (read(fd, (char *)&kdata, sizeof(kdata)) != sizeof(kdata)) { - fprintf(stderr,"size error reading key file for local host %s\n", - inet_ntoa(local.sin_addr)); - exit(1); - } - key_sched((des_cblock *)kdata.kf_key, schedule); - des_set_key((des_cblock *)kdata.kf_key, schedule); - return; -} - -void -type_info() -{ - printf("Kerberos user registration (realm %s)\n\n", realm); - printf("Please enter your login password followed by your new Kerberos password.\n"); - printf("The Kerberos password you enter now will be used in the future\n"); - printf("as your Kerberos password for all machines in the %s realm.\n", realm); - printf("You will only be allowed to perform this operation once, although you may run\n"); - printf("the %s program from now on to change your Kerberos password.\n\n", _PATH_KPASSWD); -} - -void -die() -{ - fprintf(stderr, "\nServer no longer listening\n"); - fflush(stderr); - cleanup(); - exit(1); -} diff --git a/eBones/registerd/Makefile b/eBones/registerd/Makefile deleted file mode 100644 index 89b6ca7..0000000 --- a/eBones/registerd/Makefile +++ /dev/null @@ -1,21 +0,0 @@ -# -# Copyright (c) 1990 The Regents of the University of California. -# All rights reserved. -# -# %sccs.include.redist.sh -# -# @(#)Makefile 8.1 (Berkeley) 6/1/93 -# -# $Id: Makefile,v 1.4 1995/07/18 16:41:24 mark Exp $ - -PROG= registerd -SRCS= registerd.c -CFLAGS+=-DCRYPT -DKERBEROS -I${.CURDIR}/../register \ - -I${.CURDIR}/../include -Wall -.PATH: ${.CURDIR}/../../usr.bin/rlogin -DPADD= ${LIBKDB} ${LIBKRB} -LDADD= -L${KDBOBJDIR} -lkdb -L${KRBOBJDIR} -lkrb -ldes -MAN8= registerd.8 -BINDIR= /usr/libexec - -.include diff --git a/eBones/registerd/registerd.c b/eBones/registerd/registerd.c deleted file mode 100644 index 12a3939..0000000 --- a/eBones/registerd/registerd.c +++ /dev/null @@ -1,354 +0,0 @@ -/*- - * Copyright (c) 1990, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if 0 -#ifndef lint -static char copyright[] = -"@(#) Copyright (c) 1990, 1993\n\ - The Regents of the University of California. All rights reserved.\n"; -static char sccsid[] = "@(#)registerd.c 8.1 (Berkeley) 6/1/93"; -#endif /* not lint */ -#endif - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "register_proto.h" -#include "pathnames.h" - -#define KBUFSIZ (sizeof(struct keyfile_data)) -#define RCRYPT 0x00 -#define CLEAR 0x01 - -char *progname, msgbuf[BUFSIZ]; - -void cleanup(void); -void die(void); -void send_packet(char *msg, int flag); -int net_get_principal(char *pname, char *iname, C_Block *keyp); -int do_append(struct sockaddr_in *sinp); - -void -main(argc, argv) - int argc; - char **argv; -{ - static Key_schedule schedule; - static struct rlimit rl = { 0, 0 }; - struct keyfile_data *kfile; - u_char code; - int kf, retval, sval; - struct sockaddr_in sin; - char keyfile[MAXPATHLEN], keybuf[KBUFSIZ]; - - progname = argv[0]; /* for the library routines */ - - openlog("registerd", LOG_PID, LOG_AUTH); - - signal(SIGHUP, SIG_IGN); - signal(SIGINT, SIG_IGN); - signal(SIGTSTP, SIG_IGN); - signal(SIGPIPE, (__sighandler_t *)die); - - if (setrlimit(RLIMIT_CORE, &rl) < 0) { - syslog(LOG_ERR, "setrlimit: %m"); - exit(1); - } - - - /* figure out who we are talking to */ - - sval = sizeof(sin); - if (getpeername(0, (struct sockaddr *) &sin, &sval) < 0) { - syslog(LOG_ERR, "getpeername: %m"); - exit(1); - } - - /* get encryption key */ - - (void) sprintf(keyfile, "%s/%s%s", - SERVER_KEYDIR, - KEYFILE_BASE, - inet_ntoa(sin.sin_addr)); - - if ((kf = open(keyfile, O_RDONLY)) < 0) { - syslog(LOG_ERR, - "error opening Kerberos update keyfile (%s): %m", keyfile); - sprintf(msgbuf, - "couldn't open session keyfile for your host"); - send_packet(msgbuf, CLEAR); - exit(1); - } - - if (read(kf, keybuf, KBUFSIZ) != KBUFSIZ) { - syslog(LOG_ERR, "wrong read size of Kerberos update keyfile"); - sprintf(msgbuf, - "couldn't read session key from your host's keyfile"); - send_packet(msgbuf, CLEAR); - exit(1); - } - sprintf(msgbuf, GOTKEY_MSG); - send_packet(msgbuf, CLEAR); - kfile = (struct keyfile_data *) keybuf; - key_sched((C_Block *)kfile->kf_key, schedule); - des_set_key((des_cblock *)kfile->kf_key, schedule); - - /* read the command code byte */ - - if (des_read(0, &code, 1) == 1) { - - switch(code) { - case APPEND_DB: - retval = do_append(&sin); - break; - case ABORT: - cleanup(); - close(0); - exit(0); - default: - retval = KFAILURE; - syslog(LOG_NOTICE, - "invalid command code on db update (0x%x)", - code); - } - - } else { - retval = KFAILURE; - syslog(LOG_ERR, - "couldn't read command code on Kerberos update"); - } - - code = (u_char) retval; - if (code != KSUCCESS) { - sprintf(msgbuf, "%s", krb_err_txt[code]); - send_packet(msgbuf, RCRYPT); - } else { - sprintf(msgbuf, "Update complete."); - send_packet(msgbuf, RCRYPT); - } - cleanup(); - close(0); - exit(0); -} - -#define MAX_PRINCIPAL 10 -static Principal principal_data[MAX_PRINCIPAL]; -static C_Block key, master_key; -static Key_schedule master_key_schedule; - -int -do_append(sinp) - struct sockaddr_in *sinp; -{ - Principal default_princ; - char input_name[ANAME_SZ]; - char input_instance[INST_SZ]; - int j,n, more; - long mkeyversion; - - - - /* get master key from MKEYFILE */ - if (kdb_get_master_key(0, master_key, master_key_schedule) != 0) { - syslog(LOG_ERR, "couldn't get master key"); - return(KFAILURE); - } - - mkeyversion = kdb_verify_master_key(master_key, master_key_schedule, NULL); - if (mkeyversion < 0) { - syslog(LOG_ERR, "couldn't validate master key"); - return(KFAILURE); - } - - n = kerb_get_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST, - &default_princ, 1, &more); - - if (n != 1) { - syslog(LOG_ERR, "couldn't get default principal"); - return(KFAILURE); - } - - /* - * get principal name, instance, and password from network. - * convert password to key and store it - */ - - if (net_get_principal(input_name, input_instance, (C_Block *)key) != 0) { - return(KFAILURE); - } - - - j = kerb_get_principal( - input_name, - input_instance, - principal_data, - MAX_PRINCIPAL, - &more - ); - - if (j != 0) { - /* already in database, no update */ - syslog(LOG_NOTICE, - "attempt to add duplicate entry for principal %s.%s", - input_name, input_instance); - return(KDC_PR_N_UNIQUE); - } - - /* - * set up principal's name, instance - */ - - strcpy(principal_data[0].name, input_name); - strcpy(principal_data[0].instance, input_instance); - principal_data[0].old = NULL; - - - /* and the expiration date and version #s */ - - principal_data[0].exp_date = default_princ.exp_date; - strcpy(principal_data[0].exp_date_txt, default_princ.exp_date_txt); - principal_data[0].max_life = default_princ.max_life; - principal_data[0].attributes = default_princ.attributes; - principal_data[0].kdc_key_ver = default_princ.kdc_key_ver; - - - /* and the key */ - - kdb_encrypt_key(key, key, master_key, master_key_schedule, - ENCRYPT); - bcopy(key, &principal_data[0].key_low, 4); - bcopy(((long *) key) + 1, &principal_data[0].key_high,4); - bzero(key, sizeof(key)); - - principal_data[0].key_version = 1; /* 1st entry */ - - /* and write it to the database */ - - if (kerb_put_principal(&principal_data[0], 1)) { - syslog(LOG_INFO, "Kerberos update failure: put_principal failed"); - return(KFAILURE); - } - - syslog(LOG_NOTICE, "Kerberos update: wrote new record for %s.%s from %s", - principal_data[0].name, - principal_data[0].instance, - inet_ntoa(sinp->sin_addr) - ); - - return(KSUCCESS); - -} - -void -send_packet(msg,flag) - char *msg; - int flag; -{ - int len = strlen(msg); - msg[len++] = '\n'; - msg[len] = '\0'; - if (len > sizeof(msgbuf)) { - syslog(LOG_ERR, "send_packet: invalid msg size"); - return; - } - if (flag == RCRYPT) { - if (des_write(0, msg, len) != len) - syslog(LOG_ERR, "couldn't write reply message"); - } else if (flag == CLEAR) { - if (write(0, msg, len) != len) - syslog(LOG_ERR, "couldn't write reply message"); - } else - syslog(LOG_ERR, "send_packet: invalid flag (%d)", flag); - -} - -int -net_get_principal(pname, iname, keyp) - char *pname, *iname; - C_Block *keyp; -{ - int cc; - static char password[255]; - - cc = des_read(0, pname, ANAME_SZ); - if (cc != ANAME_SZ) { - syslog(LOG_ERR, "couldn't get principal name"); - return(-1); - } - - cc = des_read(0, iname, INST_SZ); - if (cc != INST_SZ) { - syslog(LOG_ERR, "couldn't get instance name"); - return(-1); - } - - cc = des_read(0, password, 255); - if (cc != 255) { - syslog(LOG_ERR, "couldn't get password"); - bzero(password, 255); - return(-1); - } - - string_to_key(password, (des_cblock *)*keyp); - bzero(password, 255); - return(0); -} - -void -cleanup() -{ - bzero(master_key, sizeof(master_key)); - bzero(key, sizeof(key)); - bzero(master_key_schedule, sizeof(master_key_schedule)); -} - -void -die() -{ - syslog(LOG_ERR, "remote end died (SIGPIPE)"); - cleanup(); - exit(1); -} diff --git a/eBones/usr.sbin/kadmin/Makefile b/eBones/usr.sbin/kadmin/Makefile deleted file mode 100644 index f2e0357..0000000 --- a/eBones/usr.sbin/kadmin/Makefile +++ /dev/null @@ -1,11 +0,0 @@ -# $Id: Makefile,v 1.1 1995/07/18 16:36:59 mark Exp $ - -PROG= kadmind -SRCS= admin_server.c kadm_funcs.c kadm_ser_wrap.c kadm_server.c -CFLAGS+=-DPOSIX -I${.CURDIR}/../include -I${KRBOBJDIR} \ - -I${.CURDIR}/../libkadm -I${KADMOBJDIR} -Wall -LDADD+= -L${KADMOBJDIR} -lkadm -L${KDBOBJDIR} -lkdb -L${KRBOBJDIR} -lkrb \ - -ldes -L${ACLOBJDIR} -lacl -lcom_err -MAN8= kadmind.8 - -.include diff --git a/eBones/usr.sbin/kadmin/admin_server.c b/eBones/usr.sbin/kadmin/admin_server.c deleted file mode 100644 index 72980d4..0000000 --- a/eBones/usr.sbin/kadmin/admin_server.c +++ /dev/null @@ -1,474 +0,0 @@ -/* - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * Copyright.MIT. - * - * Top-level loop of the kerberos Administration server - */ - -#if 0 -#ifndef lint -static char rcsid_admin_server_c[] = -"Id: admin_server.c,v 4.8 90/01/02 13:50:38 jtkohl Exp "; -static const char rcsid[] = - "$Id"; -#endif lint -#endif - -/* - admin_server.c - this holds the main loop and initialization and cleanup code for the server -*/ - -#include -#include -#include -#include -#include -#ifndef sigmask -#define sigmask(m) (1 <<((m)-1)) -#endif -#include -#include -#include -#include -#include -#include -#include -#include -#include "kadm_server.h" - -/* Almost all procs and such need this, so it is global */ -admin_params prm; /* The command line parameters struct */ - -char prog[32]; /* WHY IS THIS NEEDED??????? */ -char *progname = prog; -char *acldir = DEFAULT_ACL_DIR; -char krbrlm[REALM_SZ]; -extern Kadm_Server server_parm; - -void cleanexit(int val); -void process_client(int fd, struct sockaddr_in *who); -void kill_children(void); -static void clear_secrets(void); -void byebye(void); -void close_syslog(void); -int kadm_listen(void); - -/* -** Main does the logical thing, it sets up the database and RPC interface, -** as well as handling the creation and maintenance of the syslog file... -*/ -void -main(argc, argv) /* admin_server main routine */ -int argc; -char *argv[]; -{ - int errval; - int c; - extern char *optarg; - - prog[sizeof(prog)-1]='\0'; /* Terminate... */ - (void) strncpy(prog, argv[0], sizeof(prog)-1); - - /* initialize the admin_params structure */ - prm.sysfile = KADM_SYSLOG; /* default file name */ - prm.inter = 1; - - bzero(krbrlm, sizeof(krbrlm)); - - while ((c = getopt(argc, argv, "f:hnd:a:r:")) != EOF) - switch(c) { - case 'f': /* Syslog file name change */ - prm.sysfile = optarg; - break; - case 'n': - prm.inter = 0; - break; - case 'a': /* new acl directory */ - acldir = optarg; - break; - case 'd': - /* put code to deal with alt database place */ - if ((errval = kerb_db_set_name(optarg))) { - fprintf(stderr, "opening database %s: %s", - optarg, error_message(errval)); - exit(1); - } - break; - case 'r': - (void) strncpy(krbrlm, optarg, sizeof(krbrlm) - 1); - break; - case 'h': /* get help on using admin_server */ - default: - printf("Usage: admin_server [-h] [-n] [-r realm] [-d dbname] [-f filename] [-a acldir]\n"); - exit(-1); /* failure */ - } - - if (krbrlm[0] == 0) - if (krb_get_lrealm(krbrlm, 0) != KSUCCESS) { - fprintf(stderr, - "Unable to get local realm. Fix krb.conf or use -r.\n"); - exit(1); - } - - printf("KADM Server %s initializing\n",KADM_VERSTR); - printf("Please do not use 'kill -9' to kill this job, use a\n"); - printf("regular kill instead\n\n"); - - set_logfile(prm.sysfile); - log("Admin server starting"); - - (void) kerb_db_set_lockmode(KERB_DBL_NONBLOCKING); - errval = kerb_init(); /* Open the Kerberos database */ - if (errval) { - fprintf(stderr, "error: kerb_init() failed"); - close_syslog(); - byebye(); - } - /* set up the server_parm struct */ - if ((errval = kadm_ser_init(prm.inter, krbrlm))==KADM_SUCCESS) { - kerb_fini(); /* Close the Kerberos database-- - will re-open later */ - errval = kadm_listen(); /* listen for calls to server from - clients */ - } - if (errval != KADM_SUCCESS) { - fprintf(stderr,"error: %s\n",error_message(errval)); - kerb_fini(); /* Close if error */ - } - close_syslog(); /* Close syslog file, print - closing note */ - byebye(); /* Say bye bye on the terminal - in use */ -} /* procedure main */ - - -/* close the system log file */ -void -close_syslog() -{ - log("Shutting down admin server"); -} - -void -byebye() /* say goodnight gracie */ -{ - printf("Admin Server (kadm server) has completed operation.\n"); -} - -static void -clear_secrets() -{ - bzero((char *)server_parm.master_key, sizeof(server_parm.master_key)); - bzero((char *)server_parm.master_key_schedule, - sizeof(server_parm.master_key_schedule)); - server_parm.master_key_version = 0L; -} - -static exit_now = 0; - -sigtype -doexit() -{ - exit_now = 1; -#ifdef POSIX - return; -#else /* !POSIX */ - return(0); -#endif /* POSIX */ -} - -unsigned pidarraysize = 0; -int *pidarray = (int *)0; - -/* -kadm_listen -listen on the admin servers port for a request -*/ -int -kadm_listen() -{ - extern int errno; - int found; - int admin_fd; - int peer_fd; - fd_set mask, readfds; - struct sockaddr_in peer; - int addrlen; - int pid; - sigtype do_child(); - - (void) signal(SIGINT, doexit); - (void) signal(SIGTERM, doexit); - (void) signal(SIGHUP, doexit); - (void) signal(SIGQUIT, doexit); - (void) signal(SIGPIPE, SIG_IGN); /* get errors on write() */ - (void) signal(SIGALRM, doexit); - (void) signal(SIGCHLD, do_child); - - if ((admin_fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) - return KADM_NO_SOCK; - if (bind(admin_fd, (struct sockaddr *)&server_parm.admin_addr, - sizeof(struct sockaddr_in)) < 0) - return KADM_NO_BIND; - (void) listen(admin_fd, 1); - FD_ZERO(&mask); - FD_SET(admin_fd, &mask); - - for (;;) { /* loop nearly forever */ - if (exit_now) { - clear_secrets(); - kill_children(); - return(0); - } - readfds = mask; - if ((found = select(admin_fd+1,&readfds,(fd_set *)0, - (fd_set *)0, (struct timeval *)0)) == 0) - continue; /* no things read */ - if (found < 0) { - if (errno != EINTR) - log("select: %s",error_message(errno)); - continue; - } - if (FD_ISSET(admin_fd, &readfds)) { - /* accept the conn */ - addrlen = sizeof(peer); - if ((peer_fd = accept(admin_fd, (struct sockaddr *)&peer, - &addrlen)) < 0) { - log("accept: %s",error_message(errno)); - continue; - } - addrlen = sizeof(server_parm.admin_addr); - if (getsockname(peer_fd, (struct sockaddr *)&server_parm.admin_addr, - &addrlen)) { - log("getsockname: %s",error_message(errno)); - continue; - } -#ifdef DEBUG - printf("Connection recieved on %s\n", - inet_ntoa(server_parm.admin_addr.sin_addr)); -#endif /* DEBUG */ -#ifndef DEBUG - /* if you want a sep daemon for each server */ - if ((pid = fork())) { - /* parent */ - if (pid < 0) { - log("fork: %s",error_message(errno)); - (void) close(peer_fd); - continue; - } - /* fork succeded: keep tabs on child */ - (void) close(peer_fd); - if (pidarray) { - pidarray = (int *)realloc((char *)pidarray, ++pidarraysize); - pidarray[pidarraysize-1] = pid; - } else { - pidarray = (int *)malloc(pidarraysize = 1); - pidarray[0] = pid; - } - } else { - /* child */ - (void) close(admin_fd); -#endif /* DEBUG */ - /* do stuff */ - process_client (peer_fd, &peer); -#ifndef DEBUG - } -#endif - } else { - log("something else woke me up!"); - return(0); - } - } - /*NOTREACHED*/ - return(0); /* Shut -Wall up - markm */ -} - -#ifdef DEBUG -#define cleanexit(code) {kerb_fini(); return;} -#endif - -void -process_client(fd, who) -int fd; -struct sockaddr_in *who; -{ - u_char *dat; - int dat_len; - u_short dlen; - int retval; - int on = 1; - Principal service; - des_cblock skey; - int more; - int status; - - if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) < 0) - log("setsockopt keepalive: %d",errno); - - server_parm.recv_addr = *who; - - if (kerb_init()) { /* Open as client */ - log("can't open krb db"); - cleanexit(1); - } - /* need to set service key to changepw.KRB_MASTER */ - - status = kerb_get_principal(server_parm.sname, server_parm.sinst, &service, - 1, &more); - if (status == -1) { - /* db locked */ - u_long retcode = KADM_DB_INUSE; - char *pdat; - - dat_len = KADM_VERSIZE + sizeof(u_long); - dat = (u_char *) malloc((unsigned)dat_len); - pdat = (char *) dat; - retcode = htonl((u_long) KADM_DB_INUSE); - (void) strncpy(pdat, KADM_ULOSE, KADM_VERSIZE); - bcopy((char *)&retcode, &pdat[KADM_VERSIZE], sizeof(u_long)); - goto out; - } else if (!status) { - log("no service %s.%s",server_parm.sname, server_parm.sinst); - cleanexit(2); - } - - bcopy((char *)&service.key_low, (char *)skey, 4); - bcopy((char *)&service.key_high, (char *)(((long *) skey) + 1), 4); - bzero((char *)&service, sizeof(service)); - kdb_encrypt_key (skey, skey, server_parm.master_key, - server_parm.master_key_schedule, DECRYPT); - (void) krb_set_key((char *)skey, 0); /* if error, will show up when - rd_req fails */ - bzero((char *)skey, sizeof(skey)); - - while (1) { - if ((retval = krb_net_read(fd, (char *)&dlen, sizeof(u_short))) != - sizeof(u_short)) { - if (retval < 0) - log("dlen read: %s",error_message(errno)); - else if (retval) - log("short dlen read: %d",retval); - (void) close(fd); - cleanexit(retval ? 3 : 0); - } - if (exit_now) { - cleanexit(0); - } - dat_len = (int) ntohs(dlen); - dat = (u_char *) malloc((unsigned)dat_len); - if (!dat) { - log("malloc: No memory"); - (void) close(fd); - cleanexit(4); - } - if ((retval = krb_net_read(fd, (char *)dat, dat_len)) != dat_len) { - if (retval < 0) - log("data read: %s",error_message(errno)); - else - log("short read: %d vs. %d", dat_len, retval); - (void) close(fd); - cleanexit(5); - } - if (exit_now) { - cleanexit(0); - } - if ((retval = kadm_ser_in(&dat,&dat_len)) != KADM_SUCCESS) - log("processing request: %s", error_message(retval)); - - /* kadm_ser_in did the processing and returned stuff in - dat & dat_len , return the appropriate data */ - - out: - dlen = (u_short) dat_len; - - if (dat_len != (int)dlen) { - clear_secrets(); - abort(); /* XXX */ - } - dlen = htons(dlen); - - if (krb_net_write(fd, (char *)&dlen, sizeof(u_short)) < 0) { - log("writing dlen to client: %s",error_message(errno)); - (void) close(fd); - cleanexit(6); - } - - if (krb_net_write(fd, (char *)dat, dat_len) < 0) { - log(LOG_ERR, "writing to client: %s",error_message(errno)); - (void) close(fd); - cleanexit(7); - } - free((char *)dat); - } - /*NOTREACHED*/ -} - -sigtype -do_child() -{ - /* SIGCHLD brings us here */ - int pid; - register int i, j; - -#ifdef POSIX - int status; -#else - union wait status; -#endif - - pid = wait(&status); - - for (i = 0; i < pidarraysize; i++) - if (pidarray[i] == pid) { - /* found it */ - for (j = i; j < pidarraysize-1; j++) - /* copy others down */ - pidarray[j] = pidarray[j+1]; - pidarraysize--; - if (WEXITSTATUS(status) || WCOREDUMP(status) || WIFSIGNALED(status)) - log("child %d: termsig %d, coredump %d, retcode %d", pid, - WTERMSIG(status), WCOREDUMP(status), WEXITSTATUS(status)); -#ifdef POSIX - return; -#else /* !POSIX */ - return(0); -#endif /* POSIX */ - } - log("child %d not in list: termsig %d, coredump %d, retcode %d", pid, - WTERMSIG(status), WCOREDUMP(status), WEXITSTATUS(status)); -#ifdef POSIX - return; -#else /* !POSIX */ - return(0); -#endif /* POSIX */ -} - -#ifndef DEBUG -void -cleanexit(val) - int val; -{ - kerb_fini(); - clear_secrets(); - exit(val); -} -#endif - -void -kill_children() -{ - register int i; - int osigmask; - - osigmask = sigblock(sigmask(SIGCHLD)); - - for (i = 0; i < pidarraysize; i++) { - kill(pidarray[i], SIGINT); - log("killing child %d", pidarray[i]); - } - sigsetmask(osigmask); - return; -} diff --git a/eBones/usr.sbin/kadmin/kadm_funcs.c b/eBones/usr.sbin/kadmin/kadm_funcs.c deleted file mode 100644 index b8ddaa0..0000000 --- a/eBones/usr.sbin/kadmin/kadm_funcs.c +++ /dev/null @@ -1,381 +0,0 @@ -/* - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * Copyright.MIT - * - * Kerberos administration server-side database manipulation routines - */ - -#if 0 -#ifndef lint -static char rcsid_kadm_funcs_c[] = -"Id: kadm_funcs.c,v 4.3 90/03/20 01:39:51 jon Exp "; -static const char rcsid[] = - "$Id: kadm_funcs.c,v 1.1 1995/07/18 16:37:02 mark Exp $"; -#endif lint -#endif - -/* -kadm_funcs.c -the actual database manipulation code -*/ - -#include -#include -#include -#include -#include -#include -#include -#include "kadm_server.h" - -extern Kadm_Server server_parm; - -int -check_access(pname, pinst, prealm, acltype) -char *pname; -char *pinst; -char *prealm; -enum acl_types acltype; -{ - char checkname[MAX_K_NAME_SZ]; - char filename[MAXPATHLEN]; - extern char *acldir; - - sprintf(checkname, "%s.%s@%s", pname, pinst, prealm); - - switch (acltype) { - case ADDACL: - sprintf(filename, "%s%s", acldir, ADD_ACL_FILE); - break; - case GETACL: - sprintf(filename, "%s%s", acldir, GET_ACL_FILE); - break; - case MODACL: - sprintf(filename, "%s%s", acldir, MOD_ACL_FILE); - break; - } - return(acl_check(filename, checkname)); -} - -int -wildcard(str) -char *str; -{ - if (!strcmp(str, WILDCARD_STR)) - return(1); - return(0); -} - -#define failadd(code) { (void) log("FAILED addding '%s.%s' (%s)", valsin->name, valsin->instance, error_message(code)); return code; } - -int -kadm_add_entry (rname, rinstance, rrealm, valsin, valsout) -char *rname; /* requestors name */ -char *rinstance; /* requestors instance */ -char *rrealm; /* requestors realm */ -Kadm_vals *valsin; -Kadm_vals *valsout; -{ - long numfound; /* check how many we get written */ - int more; /* pointer to more grabbed records */ - Principal data_i, data_o; /* temporary principal */ - u_char flags[4]; - des_cblock newpw; - Principal default_princ; - - if (!check_access(rname, rinstance, rrealm, ADDACL)) { - (void) log("WARNING: '%s.%s@%s' tried to add an entry for '%s.%s'", - rname, rinstance, rrealm, valsin->name, valsin->instance); - return KADM_UNAUTH; - } - - /* Need to check here for "legal" name and instance */ - if (wildcard(valsin->name) || wildcard(valsin->instance)) { - failadd(KADM_ILL_WILDCARD); - } - - (void) log("request to add an entry for '%s.%s' from '%s.%s@%s'", - valsin->name, valsin->instance, rname, rinstance, rrealm); - - numfound = kerb_get_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST, - &default_princ, 1, &more); - if (numfound == -1) { - failadd(KADM_DB_INUSE); - } else if (numfound != 1) { - failadd(KADM_UK_RERROR); - } - - kadm_vals_to_prin(valsin->fields, &data_i, valsin); - (void) strncpy(data_i.name, valsin->name, ANAME_SZ); - (void) strncpy(data_i.instance, valsin->instance, INST_SZ); - - if (!IS_FIELD(KADM_EXPDATE,valsin->fields)) - data_i.exp_date = default_princ.exp_date; - if (!IS_FIELD(KADM_ATTR,valsin->fields)) - data_i.attributes = default_princ.attributes; - if (!IS_FIELD(KADM_MAXLIFE,valsin->fields)) - data_i.max_life = default_princ.max_life; - - bzero((char *)&default_princ, sizeof(default_princ)); - - /* convert to host order */ - data_i.key_low = ntohl(data_i.key_low); - data_i.key_high = ntohl(data_i.key_high); - - - bcopy(&data_i.key_low,newpw,4); - bcopy(&data_i.key_high,(char *)(((long *) newpw) + 1),4); - - /* encrypt new key in master key */ - kdb_encrypt_key (newpw, newpw, server_parm.master_key, - server_parm.master_key_schedule, ENCRYPT); - bcopy(newpw,&data_i.key_low,4); - bcopy((char *)(((long *) newpw) + 1), &data_i.key_high,4); - bzero((char *)newpw, sizeof(newpw)); - - data_o = data_i; - numfound = kerb_get_principal(valsin->name, valsin->instance, - &data_o, 1, &more); - if (numfound == -1) { - failadd(KADM_DB_INUSE); - } else if (numfound) { - failadd(KADM_INUSE); - } else { - data_i.key_version++; - data_i.kdc_key_ver = server_parm.master_key_version; - (void) strncpy(data_i.mod_name, rname, sizeof(data_i.mod_name)-1); - (void) strncpy(data_i.mod_instance, rinstance, - sizeof(data_i.mod_instance)-1); - - numfound = kerb_put_principal(&data_i, 1); - if (numfound == -1) { - failadd(KADM_DB_INUSE); - } else if (numfound) { - failadd(KADM_UK_SERROR); - } else { - numfound = kerb_get_principal(valsin->name, valsin->instance, - &data_o, 1, &more); - if ((numfound!=1) || (more!=0)) { - failadd(KADM_UK_RERROR); - } - bzero((char *)flags, sizeof(flags)); - SET_FIELD(KADM_NAME,flags); - SET_FIELD(KADM_INST,flags); - SET_FIELD(KADM_EXPDATE,flags); - SET_FIELD(KADM_ATTR,flags); - SET_FIELD(KADM_MAXLIFE,flags); - kadm_prin_to_vals(flags, valsout, &data_o); - (void) log("'%s.%s' added.", valsin->name, valsin->instance); - return KADM_DATA; /* Set all the appropriate fields */ - } - } -} -#undef failadd - -#define failget(code) { (void) log("FAILED retrieving '%s.%s' (%s)", valsin->name, valsin->instance, error_message(code)); return code; } - -int -kadm_get_entry (rname, rinstance, rrealm, valsin, flags, valsout) -char *rname; /* requestors name */ -char *rinstance; /* requestors instance */ -char *rrealm; /* requestors realm */ -Kadm_vals *valsin; /* what they wannt to get */ -u_char *flags; /* which fields we want */ -Kadm_vals *valsout; /* what data is there */ -{ - long numfound; /* check how many were returned */ - int more; /* To point to more name.instances */ - Principal data_o; /* Data object to hold Principal */ - - - if (!check_access(rname, rinstance, rrealm, GETACL)) { - (void) log("WARNING: '%s.%s@%s' tried to get '%s.%s's entry", - rname, rinstance, rrealm, valsin->name, valsin->instance); - return KADM_UNAUTH; - } - - if (wildcard(valsin->name) || wildcard(valsin->instance)) { - failget(KADM_ILL_WILDCARD); - } - - (void) log("retrieve '%s.%s's entry for '%s.%s@%s'", - valsin->name, valsin->instance, rname, rinstance, rrealm); - - /* Look up the record in the database */ - numfound = kerb_get_principal(valsin->name, valsin->instance, - &data_o, 1, &more); - if (numfound == -1) { - failget(KADM_DB_INUSE); - } else if (numfound) { /* We got the record, let's return it */ - kadm_prin_to_vals(flags, valsout, &data_o); - (void) log("'%s.%s' retrieved.", valsin->name, valsin->instance); - return KADM_DATA; /* Set all the appropriate fields */ - } else { - failget(KADM_NOENTRY); /* Else whimper and moan */ - } -} -#undef failget - -#define failmod(code) { (void) log("FAILED modifying '%s.%s' (%s)", valsin1->name, valsin1->instance, error_message(code)); return code; } - -int -kadm_mod_entry (rname, rinstance, rrealm, valsin1, valsin2, valsout) -char *rname; /* requestors name */ -char *rinstance; /* requestors instance */ -char *rrealm; /* requestors realm */ -Kadm_vals *valsin1, *valsin2; /* holds the parameters being - passed in */ -Kadm_vals *valsout; /* the actual record which is returned */ -{ - long numfound; - int more; - Principal data_o, temp_key; - u_char fields[4]; - des_cblock newpw; - - if (wildcard(valsin1->name) || wildcard(valsin1->instance)) { - failmod(KADM_ILL_WILDCARD); - } - - if (!check_access(rname, rinstance, rrealm, MODACL)) { - (void) log("WARNING: '%s.%s@%s' tried to change '%s.%s's entry", - rname, rinstance, rrealm, valsin1->name, valsin1->instance); - return KADM_UNAUTH; - } - - (void) log("request to modify '%s.%s's entry from '%s.%s@%s' ", - valsin1->name, valsin1->instance, rname, rinstance, rrealm); - - numfound = kerb_get_principal(valsin1->name, valsin1->instance, - &data_o, 1, &more); - if (numfound == -1) { - failmod(KADM_DB_INUSE); - } else if (numfound) { - kadm_vals_to_prin(valsin2->fields, &temp_key, valsin2); - (void) strncpy(data_o.name, valsin1->name, ANAME_SZ); - (void) strncpy(data_o.instance, valsin1->instance, INST_SZ); - if (IS_FIELD(KADM_EXPDATE,valsin2->fields)) - data_o.exp_date = temp_key.exp_date; - if (IS_FIELD(KADM_ATTR,valsin2->fields)) - data_o.attributes = temp_key.attributes; - if (IS_FIELD(KADM_MAXLIFE,valsin2->fields)) - data_o.max_life = temp_key.max_life; - if (IS_FIELD(KADM_DESKEY,valsin2->fields)) { - data_o.key_version++; - data_o.kdc_key_ver = server_parm.master_key_version; - - - /* convert to host order */ - temp_key.key_low = ntohl(temp_key.key_low); - temp_key.key_high = ntohl(temp_key.key_high); - - - bcopy(&temp_key.key_low,newpw,4); - bcopy(&temp_key.key_high,(char *)(((long *) newpw) + 1),4); - - /* encrypt new key in master key */ - kdb_encrypt_key (newpw, newpw, server_parm.master_key, - server_parm.master_key_schedule, ENCRYPT); - bcopy(newpw,&data_o.key_low,4); - bcopy((char *)(((long *) newpw) + 1), &data_o.key_high,4); - bzero((char *)newpw, sizeof(newpw)); - } - bzero((char *)&temp_key, sizeof(temp_key)); - - (void) strncpy(data_o.mod_name, rname, sizeof(data_o.mod_name)-1); - (void) strncpy(data_o.mod_instance, rinstance, - sizeof(data_o.mod_instance)-1); - more = kerb_put_principal(&data_o, 1); - - bzero((char *)&data_o, sizeof(data_o)); - - if (more == -1) { - failmod(KADM_DB_INUSE); - } else if (more) { - failmod(KADM_UK_SERROR); - } else { - numfound = kerb_get_principal(valsin1->name, valsin1->instance, - &data_o, 1, &more); - if ((more!=0)||(numfound!=1)) { - failmod(KADM_UK_RERROR); - } - bzero((char *) fields, sizeof(fields)); - SET_FIELD(KADM_NAME,fields); - SET_FIELD(KADM_INST,fields); - SET_FIELD(KADM_EXPDATE,fields); - SET_FIELD(KADM_ATTR,fields); - SET_FIELD(KADM_MAXLIFE,fields); - kadm_prin_to_vals(fields, valsout, &data_o); - (void) log("'%s.%s' modified.", valsin1->name, valsin1->instance); - return KADM_DATA; /* Set all the appropriate fields */ - } - } - else { - failmod(KADM_NOENTRY); - } -} -#undef failmod - -#define failchange(code) { (void) log("FAILED changing key for '%s.%s@%s' (%s)", rname, rinstance, rrealm, error_message(code)); return code; } - -int -kadm_change (rname, rinstance, rrealm, newpw) -char *rname; -char *rinstance; -char *rrealm; -des_cblock newpw; -{ - long numfound; - int more; - Principal data_o; - des_cblock local_pw; - - if (strcmp(server_parm.krbrlm, rrealm)) { - (void) log("change key request from wrong realm, '%s.%s@%s'!\n", - rname, rinstance, rrealm); - return(KADM_WRONG_REALM); - } - - if (wildcard(rname) || wildcard(rinstance)) { - failchange(KADM_ILL_WILDCARD); - } - (void) log("'%s.%s@%s' wants to change its password", - rname, rinstance, rrealm); - - bcopy(newpw, local_pw, sizeof(local_pw)); - - /* encrypt new key in master key */ - kdb_encrypt_key (local_pw, local_pw, server_parm.master_key, - server_parm.master_key_schedule, ENCRYPT); - - numfound = kerb_get_principal(rname, rinstance, - &data_o, 1, &more); - if (numfound == -1) { - failchange(KADM_DB_INUSE); - } else if (numfound) { - bcopy(local_pw,&data_o.key_low,4); - bcopy((char *)(((long *) local_pw) + 1), &data_o.key_high,4); - data_o.key_version++; - data_o.kdc_key_ver = server_parm.master_key_version; - (void) strncpy(data_o.mod_name, rname, sizeof(data_o.mod_name)-1); - (void) strncpy(data_o.mod_instance, rinstance, - sizeof(data_o.mod_instance)-1); - more = kerb_put_principal(&data_o, 1); - bzero((char *) local_pw, sizeof(local_pw)); - bzero((char *) &data_o, sizeof(data_o)); - if (more == -1) { - failchange(KADM_DB_INUSE); - } else if (more) { - failchange(KADM_UK_SERROR); - } else { - (void) log("'%s.%s@%s' password changed.", rname, rinstance, rrealm); - return KADM_SUCCESS; - } - } - else { - failchange(KADM_NOENTRY); - } -} -#undef failchange diff --git a/eBones/usr.sbin/kadmin/kadm_ser_wrap.c b/eBones/usr.sbin/kadmin/kadm_ser_wrap.c deleted file mode 100644 index 0fa1ace..0000000 --- a/eBones/usr.sbin/kadmin/kadm_ser_wrap.c +++ /dev/null @@ -1,213 +0,0 @@ -/* - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * Copyright.MIT. - * - * Kerberos administration server-side support functions - */ - -#if 0 -#ifndef lint -static char rcsid_module_c[] = -"BonesHeader: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kadm_ser_wrap.c,v 4.4 89/09/26 09:29:36 jtkohl Exp "; -#endif lint -#endif - -/* -kadm_ser_wrap.c -unwraps wrapped packets and calls the appropriate server subroutine -*/ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "kadm_server.h" - -Kadm_Server server_parm; - -/* -kadm_ser_init -set up the server_parm structure -*/ -int -kadm_ser_init(inter, realm) -int inter; /* interactive or from file */ -char realm[]; -{ - struct servent *sep; - struct hostent *hp; - char hostname[MAXHOSTNAMELEN]; - - init_kadm_err_tbl(); - init_krb_err_tbl(); - if (gethostname(hostname, sizeof(hostname))) - return KADM_NO_HOSTNAME; - - strcpy(server_parm.sname, PWSERV_NAME); - strcpy(server_parm.sinst, KRB_MASTER); - strcpy(server_parm.krbrlm, realm); - - server_parm.admin_fd = -1; - /* setting up the addrs */ - if ((sep = getservbyname(KADM_SNAME, "tcp")) == NULL) - return KADM_NO_SERV; - bzero((char *)&server_parm.admin_addr,sizeof(server_parm.admin_addr)); - server_parm.admin_addr.sin_family = AF_INET; - if ((hp = gethostbyname(hostname)) == NULL) - return KADM_NO_HOSTNAME; - server_parm.admin_addr.sin_addr.s_addr = INADDR_ANY; - server_parm.admin_addr.sin_port = sep->s_port; - /* setting up the database */ - if (kdb_get_master_key((inter==1),server_parm.master_key, - server_parm.master_key_schedule) != 0) - return KADM_NO_MAST; - if ((server_parm.master_key_version = - kdb_verify_master_key(server_parm.master_key, - server_parm.master_key_schedule,stderr))<0) - return KADM_NO_VERI; - return KADM_SUCCESS; -} - -static void -errpkt(dat, dat_len, code) -u_char **dat; -int *dat_len; -int code; -{ - u_long retcode; - char *pdat; - - free((char *)*dat); /* free up req */ - *dat_len = KADM_VERSIZE + sizeof(u_long); - *dat = (u_char *) malloc((unsigned)*dat_len); - pdat = (char *) *dat; - retcode = htonl((u_long) code); - (void) strncpy(pdat, KADM_ULOSE, KADM_VERSIZE); - bcopy((char *)&retcode, &pdat[KADM_VERSIZE], sizeof(u_long)); - return; -} - -/* -kadm_ser_in -unwrap the data stored in dat, process, and return it. -*/ -int -kadm_ser_in(dat,dat_len) -u_char **dat; -int *dat_len; -{ - u_char *in_st; /* pointer into the sent packet */ - int in_len,retc; /* where in packet we are, for - returns */ - u_long r_len; /* length of the actual packet */ - KTEXT_ST authent; /* the authenticator */ - AUTH_DAT ad; /* who is this, klink */ - u_long ncksum; /* checksum of encrypted data */ - des_key_schedule sess_sched; /* our schedule */ - MSG_DAT msg_st; - u_char *retdat, *tmpdat; - int retval, retlen; - - if (strncmp(KADM_VERSTR, (char *)*dat, KADM_VERSIZE)) { - errpkt(dat, dat_len, KADM_BAD_VER); - return KADM_BAD_VER; - } - in_len = KADM_VERSIZE; - /* get the length */ - if ((retc = stv_long(*dat, &r_len, in_len, *dat_len)) < 0) - return KADM_LENGTH_ERROR; - in_len += retc; - authent.length = *dat_len - r_len - KADM_VERSIZE - sizeof(u_long); - bcopy((char *)(*dat) + in_len, (char *)authent.dat, authent.length); - authent.mbz = 0; - /* service key should be set before here */ - if ((retc = krb_rd_req(&authent, server_parm.sname, server_parm.sinst, - server_parm.recv_addr.sin_addr.s_addr, &ad, (char *)0))) - { - errpkt(dat, dat_len,retc + krb_err_base); - return retc + krb_err_base; - } - -#define clr_cli_secrets() {bzero((char *)sess_sched, sizeof(sess_sched)); bzero((char *)ad.session, sizeof(ad.session));} - - in_st = *dat + *dat_len - r_len; -#ifdef NOENCRYPTION - ncksum = 0; -#else - ncksum = quad_cksum((des_cblock *)in_st, (des_cblock *)0, (long) r_len, - 0, (des_cblock *)ad.session); -#endif - if (ncksum!=ad.checksum) { /* yow, are we correct yet */ - clr_cli_secrets(); - errpkt(dat, dat_len,KADM_BAD_CHK); - return KADM_BAD_CHK; - } -#ifdef NOENCRYPTION - bzero(sess_sched, sizeof(sess_sched)); -#else - des_key_sched((des_cblock *)ad.session, sess_sched); -#endif - if ((retc = (int) krb_rd_priv(in_st, r_len, sess_sched, ad.session, - &server_parm.recv_addr, - &server_parm.admin_addr, &msg_st))) { - clr_cli_secrets(); - errpkt(dat, dat_len,retc + krb_err_base); - return retc + krb_err_base; - } - switch (msg_st.app_data[0]) { - case CHANGE_PW: - retval = kadm_ser_cpw(msg_st.app_data+1,(int) msg_st.app_length,&ad, - &retdat, &retlen); - break; - case ADD_ENT: - retval = kadm_ser_add(msg_st.app_data+1,(int) msg_st.app_length,&ad, - &retdat, &retlen); - break; - case GET_ENT: - retval = kadm_ser_get(msg_st.app_data+1,(int) msg_st.app_length,&ad, - &retdat, &retlen); - break; - case MOD_ENT: - retval = kadm_ser_mod(msg_st.app_data+1,(int) msg_st.app_length,&ad, - &retdat, &retlen); - break; - default: - clr_cli_secrets(); - errpkt(dat, dat_len, KADM_NO_OPCODE); - return KADM_NO_OPCODE; - } - /* Now seal the response back into a priv msg */ - free((char *)*dat); - tmpdat = (u_char *) malloc((unsigned)(retlen + KADM_VERSIZE + - sizeof(u_long))); - (void) strncpy((char *)tmpdat, KADM_VERSTR, KADM_VERSIZE); - retval = htonl((u_long)retval); - bcopy((char *)&retval, (char *)tmpdat + KADM_VERSIZE, sizeof(u_long)); - if (retlen) { - bcopy((char *)retdat, (char *)tmpdat + KADM_VERSIZE + sizeof(u_long), - retlen); - free((char *)retdat); - } - /* slop for mk_priv stuff */ - *dat = (u_char *) malloc((unsigned) (retlen + KADM_VERSIZE + - sizeof(u_long) + 200)); - if ((*dat_len = krb_mk_priv(tmpdat, *dat, - (u_long) (retlen + KADM_VERSIZE + - sizeof(u_long)), - sess_sched, - ad.session, &server_parm.admin_addr, - &server_parm.recv_addr)) < 0) { - clr_cli_secrets(); - errpkt(dat, dat_len, KADM_NO_ENCRYPT); - return KADM_NO_ENCRYPT; - } - clr_cli_secrets(); - return KADM_SUCCESS; -} diff --git a/eBones/usr.sbin/kadmin/kadm_server.c b/eBones/usr.sbin/kadmin/kadm_server.c deleted file mode 100644 index c6cbc6a..0000000 --- a/eBones/usr.sbin/kadmin/kadm_server.c +++ /dev/null @@ -1,167 +0,0 @@ -/* - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * Copyright.MIT. - * - * Kerberos administration server-side subroutines - */ - -#if 0 -#ifndef lint -static char rcsid_kadm_server_c[] = -"Header: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kadm_server.c,v 4.2 89/09/26 09:30:23 jtkohl Exp "; -#endif lint -#endif - -#include -#include -#include -#include "kadm_server.h" - -/* -kadm_ser_cpw - the server side of the change_password routine - recieves : KTEXT, {key} - returns : CKSUM, RETCODE - acl : caller can change only own password - -Replaces the password (i.e. des key) of the caller with that specified in key. -Returns no actual data from the master server, since this is called by a user -*/ -int -kadm_ser_cpw(dat, len, ad, datout, outlen) -u_char *dat; -int len; -AUTH_DAT *ad; -u_char **datout; -int *outlen; -{ - unsigned long keylow, keyhigh; - des_cblock newkey; - int stvlen; - - /* take key off the stream, and change the database */ - - if ((stvlen = stv_long(dat, &keyhigh, 0, len)) < 0) - return(KADM_LENGTH_ERROR); - if (stv_long(dat, &keylow, stvlen, len) < 0) - return(KADM_LENGTH_ERROR); - - keylow = ntohl(keylow); - keyhigh = ntohl(keyhigh); - bcopy((char *)&keyhigh, (char *)(((long *)newkey) + 1), 4); - bcopy((char *)&keylow, (char *)newkey, 4); - *datout = 0; - *outlen = 0; - - return(kadm_change(ad->pname, ad->pinst, ad->prealm, newkey)); -} - -/* -kadm_ser_add - the server side of the add_entry routine - recieves : KTEXT, {values} - returns : CKSUM, RETCODE, {values} - acl : su, sms (as alloc) - -Adds and entry containing values to the database -returns the values of the entry, so if you leave certain fields blank you will - be able to determine the default values they are set to -*/ -int -kadm_ser_add(dat,len,ad, datout, outlen) -u_char *dat; -int len; -AUTH_DAT *ad; -u_char **datout; -int *outlen; -{ - Kadm_vals values, retvals; - int status; - - if ((status = stream_to_vals(dat, &values, len)) < 0) - return(KADM_LENGTH_ERROR); - if ((status = kadm_add_entry(ad->pname, ad->pinst, ad->prealm, - &values, &retvals)) == KADM_DATA) { - *outlen = vals_to_stream(&retvals,datout); - return KADM_SUCCESS; - } else { - *outlen = 0; - return status; - } -} - -/* -kadm_ser_mod - the server side of the mod_entry routine - recieves : KTEXT, {values, values} - returns : CKSUM, RETCODE, {values} - acl : su, sms (as register or dealloc) - -Modifies all entries corresponding to the first values so they match the - second values. -returns the values for the changed entries -*/ -int -kadm_ser_mod(dat,len,ad, datout, outlen) -u_char *dat; -int len; -AUTH_DAT *ad; -u_char **datout; -int *outlen; -{ - Kadm_vals vals1, vals2, retvals; - int wh; - int status; - - if ((wh = stream_to_vals(dat, &vals1, len)) < 0) - return KADM_LENGTH_ERROR; - if ((status = stream_to_vals(dat+wh,&vals2, len-wh)) < 0) - return KADM_LENGTH_ERROR; - if ((status = kadm_mod_entry(ad->pname, ad->pinst, ad->prealm, &vals1, - &vals2, &retvals)) == KADM_DATA) { - *outlen = vals_to_stream(&retvals,datout); - return KADM_SUCCESS; - } else { - *outlen = 0; - return status; - } -} - -/* -kadm_ser_get - recieves : KTEXT, {values, flags} - returns : CKSUM, RETCODE, {count, values, values, values} - acl : su - -gets the fields requested by flags from all entries matching values -returns this data for each matching recipient, after a count of how many such - matches there were -*/ -int -kadm_ser_get(dat,len,ad, datout, outlen) -u_char *dat; -int len; -AUTH_DAT *ad; -u_char **datout; -int *outlen; -{ - Kadm_vals values, retvals; - u_char fl[FLDSZ]; - int loop,wh; - int status; - - if ((wh = stream_to_vals(dat, &values, len)) < 0) - return KADM_LENGTH_ERROR; - if (wh + FLDSZ > len) - return KADM_LENGTH_ERROR; - for (loop=FLDSZ-1; loop>=0; loop--) - fl[loop] = dat[wh++]; - if ((status = kadm_get_entry(ad->pname, ad->pinst, ad->prealm, - &values, fl, &retvals)) == KADM_DATA) { - *outlen = vals_to_stream(&retvals,datout); - return KADM_SUCCESS; - } else { - *outlen = 0; - return status; - } -} - diff --git a/eBones/usr.sbin/kadmin/kadm_server.h b/eBones/usr.sbin/kadmin/kadm_server.h deleted file mode 100644 index 1708107..0000000 --- a/eBones/usr.sbin/kadmin/kadm_server.h +++ /dev/null @@ -1,70 +0,0 @@ -/* - * $Source: /usr/cvs/src/eBones/kadmind/kadm_server.h,v $ - * $Author: mark $ - * Header: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kadm_server.h,v 4.1 89/12/21 17:46:51 jtkohl Exp - * - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * Copyright.MIT. - * - * Definitions for Kerberos administration server & client - */ - -#ifndef KADM_SERVER_DEFS -#define KADM_SERVER_DEFS - -/* - * kadm_server.h - * Header file for the fourth attempt at an admin server - * Doug Church, December 28, 1989, MIT Project Athena - * ps. Yes that means this code belongs to athena etc... - * as part of our ongoing attempt to copyright all greek names - */ - -#include -#include -#include - -typedef struct { - struct sockaddr_in admin_addr; - struct sockaddr_in recv_addr; - int recv_addr_len; - int admin_fd; /* our link to clients */ - char sname[ANAME_SZ]; - char sinst[INST_SZ]; - char krbrlm[REALM_SZ]; - C_Block master_key; - C_Block session_key; - Key_schedule master_key_schedule; - long master_key_version; -} Kadm_Server; - -/* the default syslog file */ -#define KADM_SYSLOG "/var/log/kadmind.syslog" - -#define DEFAULT_ACL_DIR "/etc/kerberosIV" -#define ADD_ACL_FILE "/admin_acl.add" -#define GET_ACL_FILE "/admin_acl.get" -#define MOD_ACL_FILE "/admin_acl.mod" - -int kadm_ser_in(unsigned char **dat, int *dat_len); -int kadm_ser_init(int inter, char realm[]); -int kadm_ser_cpw(u_char *dat, int len, AUTH_DAT *ad, u_char **datout, - int *outlen); -int kadm_ser_add(u_char *dat, int len, AUTH_DAT *ad, u_char **datout, - int *outlen); -int kadm_ser_mod(u_char *dat, int len, AUTH_DAT *ad, u_char **datout, - int *outlen); -int kadm_ser_get(u_char *dat, int len, AUTH_DAT *ad, u_char **datout, - int *outlen); -int kadm_change (char *rname, char *rinstance, char *rrealm, - des_cblock newpw); -int kadm_add_entry(char *rname, char *rinstance, char *rrealm, - Kadm_vals *valsin, Kadm_vals *valsout); -int kadm_mod_entry(char *rname, char *rinstance, char *rrealm, - Kadm_vals *valsin1, Kadm_vals *valsin2, Kadm_vals *valsout); -int kadm_get_entry(char *rname, char *rinstance, char *rrealm, - Kadm_vals *valsin, u_char *flags, Kadm_vals *valsout); - -#endif KADM_SERVER_DEFS diff --git a/eBones/usr.sbin/kadmin/kadmind.8 b/eBones/usr.sbin/kadmin/kadmind.8 deleted file mode 100644 index 1eb10d7..0000000 --- a/eBones/usr.sbin/kadmin/kadmind.8 +++ /dev/null @@ -1,117 +0,0 @@ -.\" from: kadmind.8,v 4.1 89/07/25 17:28:33 jtkohl Exp $ -.\" $Id: kadmind.8,v 1.1.1.1 1994/09/30 14:50:06 csgr Exp $ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file . -.\" -.TH KADMIND 8 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -kadmind \- network daemon for Kerberos database administration -.SH SYNOPSIS -.B kadmind -[ -.B \-n -] [ -.B \-h -] [ -.B \-r realm -] [ -.B \-f filename -] [ -.B \-d dbname -] [ -.B \-a acldir -] -.SH DESCRIPTION -.I kadmind -is the network database server for the Kerberos password-changing and -administration tools. -.PP -Upon execution, it prompts the user to enter the master key string for -the database. -.PP -If the -.B \-n -option is specified, the master key is instead fetched from the master -key cache file. -.PP -If the -.B \-r -.I realm -option is specified, the admin server will pretend that its -local realm is -.I realm -instead of the actual local realm of the host it is running on. -This makes it possible to run a server for a foreign kerberos -realm. -.PP -If the -.B \-f -.I filename -option is specified, then that file is used to hold the log information -instead of the default. -.PP -If the -.B \-d -.I dbname -option is specified, then that file is used as the database name instead -of the default. -.PP -If the -.B \-a -.I acldir -option is specified, then -.I acldir -is used as the directory in which to search for access control lists -instead of the default. -.PP -If the -.B \-h -option is specified, -.I kadmind -prints out a short summary of the permissible control arguments, and -then exits. -.PP -When performing requests on behalf of clients, -.I kadmind -checks access control lists (ACLs) to determine the authorization of the client -to perform the requested action. -Currently three distinct access types are supported: -.TP 1i -Addition -(.add ACL file). If a principal is on this list, it may add new -principals to the database. -.TP -Retrieval -(.get ACL file). If a principal is on this list, it may retrieve -database entries. NOTE: A principal's private key is never returned by -the get functions. -.TP -Modification -(.mod ACL file). If a principal is on this list, it may modify entries -in the database. -.PP -A principal is always granted authorization to change its own password. -.SH FILES -.TP 20n -/var/log/kadmind.syslog -Default log file. -.TP -/etc/kerberosIV/admin_acl.{add,get,mod} -Access control list files -.TP -/etc/kerberosIV/principal.db -DBM file containing database -.TP -/etc/kerberosIV/principal.ok -Semaphore indicating that the DBM database is not being modified. -.TP -/etc/kerberosIV/master_key -Master key cache file. -.SH "SEE ALSO" -kerberos(1), kpasswd(1), kadmin(8), acl_check(3) -.SH AUTHORS -Douglas A. Church, MIT Project Athena -.br -John T. Kohl, Project Athena/Digital Equipment Corporation -- cgit v1.1