#include <string.h>
#include <ctype.h>
-#include <krb.h>
+#include <krb5.h>
RCSID("$Header$");
-static char default_realm[REALM_SZ];
-
int mrcl_validate_string_member(char *str)
{
char *p, *lname, *ret;
int mrcl_validate_kerberos_member(char *str, char **ret)
{
char *p;
+ int code = 0;
+ krb5_context context = NULL;
+ char *default_realm = NULL;
mrcl_clear_message();
return MRCL_SUCCESS;
}
- if (!*default_realm)
- krb_get_lrealm(default_realm, 1);
+ code = krb5_init_context(&context);
+ if (!code)
+ goto out;
+
+ code = krb5_get_default_realm(context, &default_realm);
+ if (!code)
+ goto out;
*ret = malloc(strlen(str) + strlen(default_realm) + 2);
sprintf(*ret, "%s@%s", str, default_realm);
mrcl_set_message("Warning: default realm \"%s\" added to principal "
"\"%s\"", default_realm, str);
+
+ out:
+ if (default_realm)
+ free(default_realm);
+ if (context)
+ krb5_free_context(context);
+ if (!code)
+ return code;
return MRCL_SUCCESS;
}
#include <mrclient.h>
#include <com_err.h>
-#include <krb.h>
#include <krb5.h>
#include <sys/types.h>
#include <unistd.h>
#endif
-#include <krb.h>
-
#ifdef _WIN32
#define INPUT_MASK 0xff
#ifdef getchar
#include <stdio.h>
#include <string.h>
-#include <krb.h>
-
RCSID("$Header$");
static void ErrorExit(char *buf, int status);
int status;
Menu *menu;
char *motd, **arg;
- char pname[ANAME_SZ];
struct sigaction act;
if (!(program_name = strrchr(argv[0], '/')))
#include <string.h>
#include <time.h>
-#include <krb.h>
-
RCSID("$Header$");
void CorrectCapitalization(char **name);
--without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
--with-com_err=PREFIX Specify location of com_err
--with-krb4=PREFIX Specify location of krb4
- --with-krb5=PREFIX Specify location of krb5 (for reg_svr)
+ --with-krb5=PREFIX Specify location of krb5
--with-hesiod=PREFIX Specify location of Hesiod
--with-zephyr=PREFIX Specify location of Zephyr
--with-rsaref=PREFIX Specify location of RSAREF
-
- case $CPPFLAGS in
- *-I/usr/athena/include/kerberosIV*) ;;
- *) CPPFLAGS=-I/usr/athena/include/kerberosIV\ $CPPFLAGS ;;
- esac
-
-
- case $PRO_C_INCLUDES in
- *INCLUDE=/usr/athena/include/kerberosIV*) ;;
- *) PRO_C_INCLUDES=INCLUDE=/usr/athena/include/kerberosIV\ $PRO_C_INCLUDES ;;
- esac
-
-
-
case $LIBPATH in
*-L/usr/athena/lib*) ;;
*) LIBPATH=-L/usr/athena/lib\ $LIBPATH ;;
-# Kerberos (Kerberos 4 required, Kerberos 5 optional for reg_svr)
-echo "$as_me:$LINENO: checking for Kerberos 4" >&5
-echo $ECHO_N "checking for Kerberos 4... $ECHO_C" >&6
-
-# Check whether --with-krb4 or --without-krb4 was given.
-if test "${with_krb4+set}" = set; then
- withval="$with_krb4"
- krb4="$withval"
-else
- krb4=no
-fi;
-echo "$as_me:$LINENO: result: $krb4" >&5
-echo "${ECHO_T}$krb4" >&6
-if test "$krb4" != yes; then
-
-
- case $CPPFLAGS in
- *-I$krb4/include*) ;;
- *) CPPFLAGS=-I$krb4/include\ $CPPFLAGS ;;
- esac
-
-
- case $PRO_C_INCLUDES in
- *INCLUDE=$krb4/include*) ;;
- *) PRO_C_INCLUDES=INCLUDE=$krb4/include\ $PRO_C_INCLUDES ;;
- esac
-
-
- if test -d "$krb4/include/kerberosIV"; then
-
-
- case $CPPFLAGS in
- *-I$krb4/include/kerberosIV*) ;;
- *) CPPFLAGS=-I$krb4/include/kerberosIV\ $CPPFLAGS ;;
- esac
-
-
- case $PRO_C_INCLUDES in
- *INCLUDE=$krb4/include/kerberosIV*) ;;
- *) PRO_C_INCLUDES=INCLUDE=$krb4/include/kerberosIV\ $PRO_C_INCLUDES ;;
- esac
-
-
- fi
-
- case $LIBPATH in
- *-L$krb4/lib*) ;;
- *) LIBPATH=-L$krb4/lib\ $LIBPATH ;;
- esac
-
-elif test -d /usr/include/kerberosIV; then
-
-
- case $CPPFLAGS in
- *-I/usr/include/kerberosIV*) ;;
- *) CPPFLAGS=-I/usr/include/kerberosIV\ $CPPFLAGS ;;
- esac
-
-
- case $PRO_C_INCLUDES in
- *INCLUDE=/usr/include/kerberosIV*) ;;
- *) PRO_C_INCLUDES=INCLUDE=/usr/include/kerberosIV\ $PRO_C_INCLUDES ;;
- esac
-
-
-fi
echo "$as_me:$LINENO: checking for main in -lk5crypto" >&5
echo $ECHO_N "checking for main in -lk5crypto... $ECHO_C" >&6
if test "${ac_cv_lib_k5crypto_main+set}" = set; then
fi
-echo "$as_me:$LINENO: checking for krb_rd_req in -lkrb4" >&5
+
+# Kerberos (Kerberos 4 optional, Kerberos 5 required)
+echo "$as_me:$LINENO: checking for Kerberos 4" >&5
+echo $ECHO_N "checking for Kerberos 4... $ECHO_C" >&6
+
+# Check whether --with-krb4 or --without-krb4 was given.
+if test "${with_krb4+set}" = set; then
+ withval="$with_krb4"
+ krb4="$withval"
+else
+ krb4=no
+fi;
+echo "$as_me:$LINENO: result: $krb4" >&5
+echo "${ECHO_T}$krb4" >&6
+if test "$krb4" != no; then
+ if test "$krb4" != yes; then
+
+
+ case $CPPFLAGS in
+ *-I$krb4/include*) ;;
+ *) CPPFLAGS=-I$krb4/include\ $CPPFLAGS ;;
+ esac
+
+
+ case $PRO_C_INCLUDES in
+ *INCLUDE=$krb4/include*) ;;
+ *) PRO_C_INCLUDES=INCLUDE=$krb4/include\ $PRO_C_INCLUDES ;;
+ esac
+
+
+ if test -d "$krb4/include/kerberosIV"; then
+
+
+ case $CPPFLAGS in
+ *-I$krb4/include/kerberosIV*) ;;
+ *) CPPFLAGS=-I$krb4/include/kerberosIV\ $CPPFLAGS ;;
+ esac
+
+
+ case $PRO_C_INCLUDES in
+ *INCLUDE=$krb4/include/kerberosIV*) ;;
+ *) PRO_C_INCLUDES=INCLUDE=$krb4/include/kerberosIV\ $PRO_C_INCLUDES ;;
+ esac
+
+
+ fi
+
+ case $LIBPATH in
+ *-L$krb4/lib*) ;;
+ *) LIBPATH=-L$krb4/lib\ $LIBPATH ;;
+ esac
+
+ elif test -d /usr/include/kerberosIV; then
+
+
+ case $CPPFLAGS in
+ *-I/usr/include/kerberosIV*) ;;
+ *) CPPFLAGS=-I/usr/include/kerberosIV\ $CPPFLAGS ;;
+ esac
+
+
+ case $PRO_C_INCLUDES in
+ *INCLUDE=/usr/include/kerberosIV*) ;;
+ *) PRO_C_INCLUDES=INCLUDE=/usr/include/kerberosIV\ $PRO_C_INCLUDES ;;
+ esac
+
+
+ fi
+
+ cat >>confdefs.h <<\_ACEOF
+#define HAVE_KRB4 1
+_ACEOF
+
+
+ case $PRO_C_DEFS in
+ *DEFINE=HAVE_KRB4*) ;;
+ *) PRO_C_DEFS=DEFINE=HAVE_KRB4\ $PRO_C_DEFS ;;
+ esac
+
+
+ echo "$as_me:$LINENO: checking for krb_rd_req in -lkrb4" >&5
echo $ECHO_N "checking for krb_rd_req in -lkrb4... $ECHO_C" >&6
if test "${ac_cv_lib_krb4_krb_rd_req+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
fi
+fi
echo "$as_me:$LINENO: checking for Kerberos 5" >&5
echo $ECHO_N "checking for Kerberos 5... $ECHO_C" >&6
if test "$krb5" != yes; then
REG_SVR_INCLUDES=-I$krb5/include
REG_SVR_LIBS=-L$krb5/lib
+
+
+ case $CPPFLAGS in
+ *-I$krb5/include*) ;;
+ *) CPPFLAGS=-I$krb5/include\ $CPPFLAGS ;;
+ esac
+
+
+ case $PRO_C_INCLUDES in
+ *INCLUDE=$krb5/include*) ;;
+ *) PRO_C_INCLUDES=INCLUDE=$krb5/include\ $PRO_C_INCLUDES ;;
+ esac
+
+
+
+ case $LIBPATH in
+ *-L$krb5/lib*) ;;
+ *) LIBPATH=-L$krb5/lib\ $LIBPATH ;;
+ esac
+
fi
+
+ cat >>confdefs.h <<\_ACEOF
+#define HAVE_KRB5 1
+_ACEOF
+
+
+ case $PRO_C_DEFS in
+ *DEFINE=HAVE_KRB5*) ;;
+ *) PRO_C_DEFS=DEFINE=HAVE_KRB5\ $PRO_C_DEFS ;;
+ esac
+
+
+ KRB5_LIBS="-lkrb5 -l${crypto} -lcom_err -lresolv"
REG_SVR_LIBS="$REG_SVR_LIBS -lkadm5clnt -lgssapi_krb5 -lgssrpc -lkrb4 -ldes425 -lkrb5 -l${crypto} -lresolv"
else
REG_SVR_DEFS=-DKRB4
echo $ECHO_N "(cached) $ECHO_C" >&6
else
ac_check_lib_save_LIBS=$LIBS
-LIBS="-lzephyr $LIBPATH $KRB4_LIBS -lcom_err $LIBS"
+LIBS="-lzephyr $LIBPATH $KRB4_LIBS $KRB5_LIBS -lcom_err $LIBS"
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
LDFLAGS="$LDFLAGS -L\$(BUILDTOP)/lib $LIBPATH"
-KLIBS="$KRB4_LIBS -lcom_err $LIBS"
+KLIBS="$KRB4_LIBS $KRB5_LIBS -lcom_err $LIBS"
KLIBS="$LIBS"
if test "$hesiod" != no; then
KLIBS="-lhesiod $KLIBS"
fi
-KLIBS="$KRB4_LIBS -lcom_err $KLIBS"
+KLIBS="$KRB4_LIBS $KRB5_LIBS -lcom_err $KLIBS"
if test "$zephyr" != no; then
KLIBS="-lzephyr $KLIBS"
fi
bindir=$prefix/arch/$ATHENA_SYS/bin
sbindir=$bindir
MR_INCLUDE(/usr/athena/include)
- MR_INCLUDE(/usr/athena/include/kerberosIV)
MR_LIBS(/usr/athena/lib)
fi
AC_SUBST(COM_ERR_SUBDIR)
AC_SUBST(COMPILE_ET)
-# Kerberos (Kerberos 4 required, Kerberos 5 optional for reg_svr)
+AC_CHECK_LIB(k5crypto, main, crypto="k5crypto",
+ [AC_CHECK_LIB(crypto, main, crypto="crypto")])
+
+# Kerberos (Kerberos 4 optional, Kerberos 5 required)
AC_MSG_CHECKING(for Kerberos 4)
AC_ARG_WITH(krb4,
[ --with-krb4=PREFIX Specify location of krb4],
[krb4="$withval"], [krb4=no])
AC_MSG_RESULT($krb4)
-if test "$krb4" != yes; then
- MR_INCLUDE($krb4/include)
- if test -d "$krb4/include/kerberosIV"; then
- MR_INCLUDE($krb4/include/kerberosIV)
+if test "$krb4" != no; then
+ if test "$krb4" != yes; then
+ MR_INCLUDE($krb4/include)
+ if test -d "$krb4/include/kerberosIV"; then
+ MR_INCLUDE($krb4/include/kerberosIV)
+ fi
+ MR_LIBS($krb4/lib)
+ elif test -d /usr/include/kerberosIV; then
+ MR_INCLUDE(/usr/include/kerberosIV)
fi
- MR_LIBS($krb4/lib)
-elif test -d /usr/include/kerberosIV; then
- MR_INCLUDE(/usr/include/kerberosIV)
+ MR_DEFINE(HAVE_KRB4)
+ AC_CHECK_LIB(krb4, krb_rd_req,
+ [KRB4_LIBS="-lkrb4 -ldes425 -lkrb5 -l${crypto} -lresolv"],
+ [AC_CHECK_LIB(krb, krb_rd_req,
+ [KRB4_LIBS="-lkrb -ldes"],
+ [AC_MSG_ERROR(Kerberos 4 libraries not found)],
+ $LIBPATH -ldes)],
+ $LIBPATH -ldes425 -lkrb5 -l${crypto} -lcom_err -lresolv)
fi
-AC_CHECK_LIB(k5crypto, main, crypto="k5crypto",
- [AC_CHECK_LIB(crypto, main, crypto="crypto")])
-AC_CHECK_LIB(krb4, krb_rd_req,
- [KRB4_LIBS="-lkrb4 -ldes425 -lkrb5 -l${crypto} -lresolv"],
- [AC_CHECK_LIB(krb, krb_rd_req,
- [KRB4_LIBS="-lkrb -ldes"],
- [AC_MSG_ERROR(Kerberos 4 libraries not found)],
- $LIBPATH -ldes)],
- $LIBPATH -ldes425 -lkrb5 -l${crypto} -lcom_err -lresolv)
AC_MSG_CHECKING(for Kerberos 5)
AC_ARG_WITH(krb5,
- [ --with-krb5=PREFIX Specify location of krb5 (for reg_svr)],
+ [ --with-krb5=PREFIX Specify location of krb5],
[krb5="$withval"], [krb5=no])
AC_MSG_RESULT($krb5)
if test "$krb5" != no; then
if test "$krb5" != yes; then
REG_SVR_INCLUDES=-I$krb5/include
REG_SVR_LIBS=-L$krb5/lib
+ MR_INCLUDE($krb5/include)
+ MR_LIBS($krb5/lib)
fi
- REG_SVR_LIBS="$REG_SVR_LIBS -lkadm5clnt -lgssapi_krb5 -lgssrpc -lkrb4 -ldes425 -lkrb5 -l${crypto} -lresolv"
+ MR_DEFINE(HAVE_KRB5)
+ KRB5_LIBS="-lkrb5 -l${crypto} -lcom_err -lresolv"
+ REG_SVR_LIBS="$REG_SVR_LIBS -lkadm5clnt -lgssapi_krb5 -lgssrpc -lkrb5 -l${crypto} -lresolv"
else
REG_SVR_DEFS=-DKRB4
REG_SVR_LIBS=-lkadm
fi
AC_CHECK_LIB(zephyr, ZInitialize, :,
[AC_MSG_ERROR(Zephyr library not found)],
- $LIBPATH $KRB4_LIBS -lcom_err)
+ $LIBPATH $KRB4_LIBS $KRB5_LIBS -lcom_err)
MR_DEFINE(HAVE_ZEPHYR)
fi
MR_INCLUDE('$(BUILDTOP)/db')
MR_INCLUDE('$(srcdir)')
LDFLAGS="$LDFLAGS -L\$(BUILDTOP)/lib $LIBPATH"
-KLIBS="$KRB4_LIBS -lcom_err $LIBS"
+KLIBS="$KRB4_LIBS $KRB5_LIBS -lcom_err $LIBS"
KLIBS="$LIBS"
if test "$hesiod" != no; then
KLIBS="-lhesiod $KLIBS"
fi
-KLIBS="$KRB4_LIBS -lcom_err $KLIBS"
+KLIBS="$KRB4_LIBS $KRB5_LIBS -lcom_err $KLIBS"
if test "$zephyr" != no; then
KLIBS="-lzephyr $KLIBS"
fi
#include <stdlib.h>
#include <string.h>
+#ifdef HAVE_KRB4
#include <krb.h>
+#endif
EXEC SQL INCLUDE sqlca;
char *whoami = "acl.gen";
char *db = "moira/moira";
-char defaultrealm[REALM_SZ];
void dump_access_file(FILE *out, int lid);
char *merge_access_bits(char *t1, char *t2);
#include <string.h>
#include <time.h>
+#ifdef HAVE_KRB4
#include <krb.h>
+#endif
#include <krb5.h>
#include "util.h"
-
-
EXEC SQL INCLUDE sqlca;
RCSID("$Header$");
#include <stdlib.h>
#include <string.h>
+#ifdef HAVE_KRB4
#include <krb.h>
+#else
+#include <mr_krb.h>
+#endif
#include <krb5.h>
EXEC SQL INCLUDE sqlca;
RCSID("$Header$");
-static char defaultrealm[REALM_SZ];
+static char *defaultrealm = NULL;
static struct hash *users, *strings;
void init_acls(void)
{
+ krb5_context context = NULL;
+ int code;
+
users = create_hash(2000);
strings = create_hash(2000);
- krb_get_lrealm(defaultrealm, 1);
+
+ code = krb5_init_context(&context);
+ if (code)
+ goto out;
+
+ code = krb5_get_default_realm(context, &defaultrealm);
+ if (code)
+ goto out;
+
+ out:
+ if (context)
+ krb5_free_context(context);
}
void dump_krb_acl(FILE *out, char *type, int id, int vers)
krb5_principal client = NULL;
int status = 0;
- if (kname_parse(name, inst, realm, kbuf) != KSUCCESS)
+ if (mr_kname_parse(name, inst, realm, kbuf) != 0)
goto out;
status = krb5_init_context(&context);
/* prototypes from kname_unparse.c */
char *mr_kname_unparse(char *p, char *i, char *r);
+/* prototypes from kname_parse.c */
+int mr_kname_parse(char *np, char *ip, char *rp, char *fullname);
+
/* prototypes from nfsparttype.c */
char *parse_filesys_type(char *fs_type_name);
char *format_filesys_type(char *fs_status);
--- /dev/null
+/* $Id$
+ *
+ * Copyright (C) 2009 by the Massachusetts Institute of Technology
+ *
+ * Define some useful constants that used to be provided by the krb4
+ * libraries.
+ *
+ */
+
+#define ANAME_SZ 40
+#define INST_SZ 40
+#define REALM_SZ 40
+/* include space for '.' and '@' */
+#define MAX_K_NAME_SZ (ANAME_SZ + INST_SZ + REALM_SZ + 2)
+
+#define KRB_REALM "ATHENA.MIT.EDU"
+
+#define kname_parse mr_kname_parse
+
+#define ERROR_TABLE_BASE_krb (39525376L)
int mr_execute(int conn, char *path);
void mr_send_quit(int conn);
-#include <krb.h>
-int get_mr_update_ticket(char *host, KTEXT ticket);
-
extern char *whoami;
SUBDIRS=@AFS_SUBDIRS@ @WINAD_SUBDIRS@
-KSRVTGT_OBJS=ksrvtgt.o
-
-TARGET=ksrvtgt
-
.SUFFIXES: .pc
.pc.c:
.c.o:
$(CC) -c $(ALL_CFLAGS) $<
-all: $(TARGET)
+all:
@for d in $(SUBDIRS); do (echo "### Making $@ in incremental/$$d"; cd $$d; $(MAKE) $@) || exit 1; done
clean:
install:
$(INSTALL_PROGRAM) ksrvtgt $(DESTDIR)$(mrbindir)
@for d in $(SUBDIRS); do (echo "### Making $@ in incremental/$$d"; cd $$d; $(MAKE) $@) || exit 1; done
-
-ksrvtgt: $(KSRVTGT_OBJS)
- $(CC) -o $@ $(LDFLAGS) $(KSRVTGT_OBJS) $(LIBS)
#include <unistd.h>
#include <com_err.h>
+#ifdef HAVE_KRB4
#include <krb.h>
+#endif
+#include <krb5.h>
#include <afs/param.h>
#include <afs/cellconfig.h>
char *p = 0;
char buf[PR_MAXNAMELEN];
int code, ustate;
- static char local_realm[REALM_SZ+1] = "";
+ static char *local_realm = NULL;
struct member *m;
+ krb5_context context = NULL;
/* The following KERBEROS code allows for the use of entities
* user@foreign_cell.
*/
- if (!local_realm[0])
- krb_get_lrealm(local_realm, 1);
+ if (!local_realm)
+ {
+ code = krb5_init_context(&context);
+ if (code)
+ goto out;
+
+ code = krb5_get_default_realm(context, &local_realm);
+ if (code)
+ goto out;
+ }
+
if (!strcmp(type, "KERBEROS"))
{
p = strchr(member, '@');
code = PRNOENT;
}
+ out:
+ if (context)
+ krb5_free_context(context);
+ if (local_realm)
+ free(local_realm);
+
critical_alert("incremental", "Couldn't %s %s %s %s: %s",
op ? "add" : "remove", member,
op ? "to" : "from", buf,
#include "port-sockets.h"
#endif
#include <krb5.h>
+#ifdef HAVE_KRB4
#include <krb.h>
+#endif
#include <ldap.h>
#ifdef _WIN32
#include <wshelper.h>
#include "port-sockets.h"
#endif
#include <krb5.h>
+#ifdef HAVE_KRB4
#include <krb.h>
+#endif
#include <ldap.h>
#ifdef _WIN32
#include <wshelper.h>
BUILDTOP=..
OBJS= critical.o fixhost.o fixname.o \
- hash.o kname_unparse.o krb_et.o mr_access.o mr_auth.o \
+ hash.o kname_unparse.o kname_parse.o krb_et.o mr_access.o mr_auth.o \
mr_call.o mr_connect.o mr_et.o mr_init.o mr_ops.o mr_query.o \
nfsparttype.o sq.o strs.o ureg_err.o
#include <stdio.h>
-#include <des.h>
+#ifdef HAVE_KRB5
#include <krb.h>
+#else
+#include <mr_krb.h>
+#endif
RCSID("$Header$");
#include <stdio.h>
#include <string.h>
+#ifdef HAVE_KRB4
#include <krb.h>
+#endif
#include <krb5.h>
krb5_context context = NULL;
int mr_auth(char *prog)
{
+#ifdef HAVE_KRB4
int status;
mr_params params, reply;
char *args[2];
mr_destroy_reply(reply);
return status;
+#else
+ return MR_NO_KRB4;
+#endif
}
int mr_proxy(char *principal, char *orig_authtype)
ec MR_BAD_MAIL_STRING,
"Address refers to nonexistent domain or MIT internal mail server"
+ec MR_NO_KRB4,
+ "Unable to complete operation using Kerberos v4"
+
end
#ifdef KRB5
#include <kadm5/admin.h>
#include <krb5.h>
-#include <krb.h>
krb5_context context;
#endif
#include <unistd.h>
#include <com_err.h>
+#ifdef HAVE_KRB4
#include <krb.h>
+#endif
EXEC SQL INCLUDE sqlca;
return MR_DOWN;
}
- status = krb_get_svc_in_tkt(REG_SVR_PRINCIPAL, REG_SVR_INSTANCE,
- krb_realmofhost(hostname), MOIRA_SNAME,
- shorthostname, 3, KEYFILE);
- if (status)
- status += ERROR_TABLE_BASE_krb;
- else
- status = mr_krb5_auth("reg_svr");
+ status = mr_krb5_auth("reg_svr");
if (status)
{
com_err(whoami, status, "authenticating to moira");
#include <string.h>
#include <unistd.h>
+#ifdef HAVE_KRB4
#include <krb.h>
+#endif
#include <krb5.h>
RCSID("$Header$");
time_t now;
char *host;
-char krb_realm[REALM_SZ];
krb5_context context = NULL;
+char *krb_realm = NULL;
/* Client array and associated data. This needs to be global for _list_users */
client **clients;
}
}
- krb_get_lrealm(krb_realm, 1);
-
status = krb5_init_context(&context);
if (status)
{
exit(1);
}
+ status = krb5_get_default_realm(context, &krb_realm);
+ if (status)
+ {
+ com_err(whoami, status, "Getting default Kerberos realm.");
+ exit(1);
+ }
+
/*
* Database initialization. Only init if database should be open.
*/
static int set_client(client *cl, char *kname,
char *name, char *inst, char *realm);
+#ifdef HAVE_KRB4
typedef struct _replay_cache {
KTEXT_ST auth;
time_t expires;
} replay_cache;
replay_cache *rcache = NULL;
+#endif
/*
* Handle a MOIRA_AUTH RPC request.
void do_auth(client *cl)
{
+#ifdef HAVE_KRB4
KTEXT_ST auth;
AUTH_DAT ad;
int status;
client_reply(cl, status);
else
client_reply(cl, MR_USER_AUTH);
+#else
+ client_reply(cl, MR_NO_KRB4);
+#endif
}
void do_proxy(client *cl)
return;
}
- if (kname_parse(name, inst, realm, cl->req.mr_argv[0]) != KSUCCESS)
+ if (mr_kname_parse(name, inst, realm, cl->req.mr_argv[0]) != 0)
{
com_err(whoami, KE_KNAME_FMT, "while parsing proxy name %s",
cl->req.mr_argv);
#include <stdarg.h>
+#ifdef HAVE_KRB4
#include <krb.h>
+#else
+#include <mr_krb.h>
+#endif
#include <krb5.h>
enum clstate { CL_ACCEPTING, CL_ACTIVE, CL_CLOSING };
int pref;
};
-extern char krb_realm[REALM_SZ];
+extern char *krb_realm;
/* max length of query argument allowed */
#define ARGLEN 257
#include <stdio.h>
#include <string.h>
+#ifdef HAVE_KRB4
#include <krb.h>
+#endif
RCSID("$Header$");
static char service[] = "rcmd";
static char master[] = "sms";
static char qmark[] = "???";
+#ifdef HAVE_KRB4
extern des_cblock session;
+#endif
/*
* authentication request auth_002:
void auth_002(int conn, char *str)
{
+#ifdef HAVE_KRB4
char aname[ANAME_SZ], ainst[INST_SZ], arealm[REALM_SZ];
AUTH_DAT ad;
char *p, *first, *data;
com_err(whoami, code, "auth for %s.%s@%s failed",
ad.pname, ad.pinst, ad.prealm);
send_int(conn, code);
+#else
+ return MR_NO_KRB4;
+#endif
}
#include <stdio.h>
#include <string.h>
+#ifdef HAVE_KRB4
#include <krb.h>
+#else
+#include <mr_krb.h>
+#endif
#include <krb5.h>
RCSID("$Header$");
char *p, *first, *data;
char name[ANAME_SZ], inst[INST_SZ], realm[REALM_SZ];
char aname[ANAME_SZ], ainst[INST_SZ], arealm[REALM_SZ];
+ char *lrealm = NULL;
size_t size;
long code;
struct utsname uts;
{
strcpy(aname, master);
strcpy(ainst, "");
- if (krb_get_lrealm(arealm, 1))
+ if (!krb5_get_default_realm(context, &lrealm))
+ {
+ strcpy(arealm, lrealm);
+ }
+ else
strcpy(arealm, KRB_REALM);
}
code = EPERM;
have_authorization = 1;
out:
+ if (lrealm)
+ free(lrealm);
if (client)
krb5_free_principal(context, client);
if (server)
#include <stdlib.h>
#include <string.h>
+#ifdef HAVE_KRB4
#include <des.h>
#include <krb.h>
+#endif
#include <krb5.h>
RCSID("$Header$");
+#ifdef HAVE_KRB4
extern des_cblock session;
+#endif
extern char *whoami;
extern krb5_context context;
int mr_send_auth(int conn, char *host_name)
{
+#ifdef HAVE_KRB4
KTEXT_ST ticket_st;
int code, auth_version = 2;
long response;
}
return MR_SUCCESS;
+#else
+ return MR_NO_KRB4;
+#endif
}
int mr_execute(int conn, char *path)
#include <string.h>
#include <unistd.h>
+#ifdef HAVE_KRB4
#include <des.h>
+#endif
RCSID("$Header$");
#define MIN(a, b) (((a) < (b)) ? (a) : (b))
#endif /* MIN */
+#ifdef HAVE_KRB4
static des_key_schedule sched;
static des_cblock ivec;
extern des_cblock session;
+#endif
static int get_block(int conn, int fd, int max_size, int encrypt);
if (encrypt)
{
+#ifdef HAVE_KRB4
des_key_sched(session, sched);
memcpy(ivec, session, sizeof(ivec));
+#else
+ /* The session key only gets stored if auth happens in krb4 to
+ begin with. If you don't have krb4, you can't possibly be
+ coming up with a valid session key. */
+ return MR_NO_KRB4;
+#endif
}
n_written = 0;
if (encrypt)
{
+#ifdef HAVE_KRB4
char *unenc = malloc(len);
if (!unenc)
ivec[i] = data[len - 8 + i] ^ unenc[len - 8 + i];
free(data);
data = unenc;
+#endif
}
n_read = MIN(len, max_size);
#include <string.h>
#include <unistd.h>
+#ifdef HAVE_KRB4
#include <des.h>
+#endif
#include <update.h>
RCSID("$Header$");
+#ifdef HAVE_KRB4
extern des_cblock session;
+#endif
/*
* syntax:
char data[UPDATE_BUFSIZ], enc[UPDATE_BUFSIZ];
long response;
struct stat statb;
+#ifdef HAVE_KRB4
des_key_schedule sched;
des_cblock ivec;
+#endif
/* send file over */
fd = open(pathname, O_RDONLY, 0);
if (encrypt)
{
+#ifdef HAVE_KRB4
des_key_sched(session, sched);
memmove(ivec, session, sizeof(ivec));
+#else
+ /* The session key only gets stored if auth happens in krb4 to
+ begin with. If you don't have krb4, you can't possibly be
+ coming up with a valid session key. */
+ return MR_NO_KRB4;
+#endif
}
while (n_to_send > 0)
}
if (encrypt)
{
+#ifdef HAVE_KRB4
memset(data + n, 0, sizeof(data) -n);
des_pcbc_encrypt(data, enc, (n + 7) & ~7, sched, ivec, 0);
/* save vector to continue chaining */
/* round up to multiple of 8 */
n = (n + 7) & ~7;
code = send_string(conn, enc, n);
+#endif
}
else
code = send_string(conn, data, n);
#include <stdio.h>
#include <string.h>
+#ifdef HAVE_KRB4
#include <krb.h>
+#else
+#define KTEXT void*
+#endif
#include <krb5.h>
#include <update.h>
RCSID("$Header$");
+#ifdef HAVE_KRB4
static char realm[REALM_SZ];
static char master[INST_SZ] = "sms";
static char service[ANAME_SZ] = "rcmd";
des_cblock session;
+#endif
krb5_context context = NULL;
+#ifdef HAVE_KRB4
static int get_mr_tgt(void);
+#endif
int get_mr_krb5_update_ticket(char *host, krb5_data auth)
{
int get_mr_update_ticket(char *host, KTEXT ticket)
{
+#ifdef HAVE_KRB4
int code, pass;
char phost[BUFSIZ];
CREDENTIALS cr;
memcpy(session, cr.session, sizeof(session));
}
return code;
+#else
+ return MR_NO_KRB4;
+#endif
}
+#ifdef HAVE_KRB4
static int get_mr_tgt(void)
{
int code;
else
return code + ERROR_TABLE_BASE_krb;
}
+#endif
#include <unistd.h>
#include <syslog.h>
+#ifdef HAVE_KRB4
#include <des.h>
+#endif
#include "update.h"
RCSID("$Header$");
char *whoami, *hostname;
int have_authorization = 0;
+#ifdef HAVE_KRB4
des_cblock session;
+#endif
int uid = 0;
void child_handler(int signal);
char *str;
void (*proc)(int, char *);
} dispatch_table[] = {
+#ifdef HAVE_KRB4
{ "AUTH_002", auth_002 },
+#endif
{ "AUTH_003", auth_003 },
{ "XFER_002", xfer_002 },
{ "XFER_003", xfer_003 },