From 3f3dcd917641c8769bfd22e2aed5273b12471e65 Mon Sep 17 00:00:00 2001 From: Assar Westerlund Date: Tue, 5 Aug 1997 20:58:27 +0000 Subject: [PATCH] new files git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@2708 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/krb5/Makefile.am | 35 +++--- lib/krb5/init_creds.c | 116 +++++++++++++++++++ lib/krb5/init_creds_pw.c | 236 ++++++++++++++++++++++++++++++++++++++ lib/krb5/prompter_posix.c | 66 +++++++++++ lib/krb5/verify_init.c | 89 ++++++++++++++ 5 files changed, 524 insertions(+), 18 deletions(-) create mode 100644 lib/krb5/init_creds.c create mode 100644 lib/krb5/init_creds_pw.c create mode 100644 lib/krb5/prompter_posix.c create mode 100644 lib/krb5/verify_init.c diff --git a/lib/krb5/Makefile.am b/lib/krb5/Makefile.am index b1eec8e0c..cdaeefac5 100644 --- a/lib/krb5/Makefile.am +++ b/lib/krb5/Makefile.am @@ -7,24 +7,23 @@ INCLUDES = -I$(top_builddir)/include lib_LIBRARIES = libkrb5.a libkrb5_a_SOURCES = \ - address.c asn1_glue.c auth_context.c \ - build_ap_req.c build_auth.c cache.c \ - checksum.c config_file.c constants.c \ - context.c crc.c creds.c data.c encrypt.c \ - fcache.c free.c generate_seq_number.c \ - generate_subkey.c get_addrs.c get_cred.c \ - get_default_realm.c get_for_creds.c \ - get_host_realm.c get_in_tkt.c \ - get_in_tkt_pw.c get_port.c keyblock.c \ - keytab.c krbhst.c kuserok.c log.c misc.c \ - mk_error.c mk_priv.c mk_rep.c mk_req.c \ - mk_req_ext.c mk_safe.c net_read.c \ - net_write.c padata.c principal.c rd_cred.c \ - rd_error.c rd_priv.c rd_rep.c rd_req.c \ - rd_safe.c read_message.c recvauth.c \ - send_to_kdc.c sendauth.c \ - set_default_realm.c store.c store_emem.c \ - store_fd.c store_mem.c str2key.c ticket.c \ + address.c asn1_glue.c auth_context.c \ + build_ap_req.c build_auth.c cache.c checksum.c \ + config_file.c constants.c context.c crc.c \ + creds.c data.c encrypt.c fcache.c free.c \ + generate_seq_number.c generate_subkey.c \ + get_addrs.c get_cred.c get_default_realm.c \ + get_for_creds.c get_host_realm.c get_in_tkt.c \ + get_in_tkt_pw.c get_port.c init_creds.c \ + init_creds_pw.c keyblock.c keytab.c krbhst.c \ + kuserok.c log.c misc.c mk_error.c mk_priv.c \ + mk_rep.c mk_req.c mk_req_ext.c mk_safe.c \ + net_read.c net_write.c padata.c principal.c \ + prompter_posix.c rd_cred.c rd_error.c rd_priv.c \ + rd_rep.c rd_req.c rd_safe.c read_message.c \ + recvauth.c send_to_kdc.c sendauth.c \ + set_default_realm.c store.c store_emem.c \ + store_fd.c store_mem.c str2key.c ticket.c \ verify_user.c version.c write_message.c libkrb5_a_LIBADD = ../error/error.o ../error/krb5_err.o \ diff --git a/lib/krb5/init_creds.c b/lib/krb5/init_creds.c new file mode 100644 index 000000000..4e63c6a41 --- /dev/null +++ b/lib/krb5/init_creds.c @@ -0,0 +1,116 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id$"); + +void +krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt) +{ + memset (opt, 0, sizeof(*opt)); + opt->flags = 0; +} + +void +krb5_get_init_creds_opt_set_tkt_life(krb5_get_init_creds_opt *opt, + krb5_deltat tkt_life) +{ + opt->flags |= KRB5_GET_INIT_CREDS_OPT_TKT_LIFE; + opt->tkt_life = tkt_life; +} + +void +krb5_get_init_creds_opt_set_renew_life(krb5_get_init_creds_opt *opt, + krb5_deltat renew_life) +{ + opt->flags |= KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE; + opt->renew_life = renew_life; +} + +void +krb5_get_init_creds_opt_set_forwardable(krb5_get_init_creds_opt *opt, + int forwardable) +{ + opt->flags |= KRB5_GET_INIT_CREDS_OPT_FORWARDABLE; + opt->forwardable = forwardable; +} + +void +krb5_get_init_creds_opt_set_proxiable(krb5_get_init_creds_opt *opt, + int proxiable) +{ + opt->flags |= KRB5_GET_INIT_CREDS_OPT_PROXIABLE; + opt->proxiable = proxiable; +} + +void +krb5_get_init_creds_opt_set_etype_list(krb5_get_init_creds_opt *opt, + krb5_enctype *etype_list, + int etype_list_length) +{ + opt->flags |= KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST; + opt->etype_list = etype_list; + opt->etype_list_length = etype_list_length; +} + +void +krb5_get_init_creds_opt_set_address_list(krb5_get_init_creds_opt *opt, + krb5_addresses *addresses) +{ + opt->flags |= KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST; + opt->address_list = addresses; +} + +void +krb5_get_init_creds_opt_set_preauth_list(krb5_get_init_creds_opt *opt, + krb5_preauthtype *preauth_list, + int preauth_list_length) +{ + opt->flags |= KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST; + opt->preauth_list_length = preauth_list_length; + opt->preauth_list = preauth_list; +} + +void +krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt *opt, + krb5_data *salt) +{ + opt->flags |= KRB5_GET_INIT_CREDS_OPT_SALT; + opt->salt = salt; +} diff --git a/lib/krb5/init_creds_pw.c b/lib/krb5/init_creds_pw.c new file mode 100644 index 000000000..c12d4b347 --- /dev/null +++ b/lib/krb5/init_creds_pw.c @@ -0,0 +1,236 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id$"); + +static krb5_error_code +init_cred (krb5_context context, + krb5_creds *cred, + krb5_principal client, + krb5_deltat start_time, + char *in_tkt_service, + krb5_get_init_creds_opt *options) +{ + krb5_error_code ret; + krb5_realm *client_realm; + + memset (cred, 0, sizeof(*cred)); + + if (start_time) + cred->times.starttime = time(NULL) + start_time; + + if (options->flags & KRB5_GET_INIT_CREDS_OPT_TKT_LIFE) + cred->times.endtime = time(NULL) + options->tkt_life; + else + cred->times.endtime = 0; + + if (options->flags & KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE) + cred->times.renew_till = time(NULL) + options->renew_life; + else + cred->times.renew_till = 0; + + if (client) + cred->client = client; + else { /* XXX -> get_default_principal */ + char *p; + + p = getenv ("USER"); + if (p) { + ret = krb5_parse_name (context, p, &cred->client); + if (ret) + goto out; + } else { + struct passwd *pw; + char *realm; + + pw = getpwuid (getuid ()); + if (pw == NULL) { + ret = ENOTTY; /* XXX */ + goto out; + } + ret = krb5_get_default_realm (context, &realm); + if (ret) + goto out; + ret = krb5_build_principal (context, &cred->client, + strlen(realm), realm, + pw->pw_name, NULL); + free (realm); + if (ret) + goto out; + } + } + + client_realm = krb5_princ_realm (context, cred->client); + + if (in_tkt_service) { + ret = krb5_parse_name (context, in_tkt_service, &cred->server); + if (ret) + goto out; + krb5_princ_set_realm (context, cred->server, client_realm); + } else { + ret = krb5_build_principal_ext (context, + &cred->server, + strlen(*client_realm), + *client_realm, + strlen("krbtgt"), + "krbtgt", + strlen(*client_realm), + *client_realm, + NULL); + if (ret) + goto out; + } + return 0; + +out: + krb5_free_creds (context, cred); + return ret; +} + +krb5_error_code +krb5_get_init_creds_password(krb5_context context, + krb5_creds *creds, + krb5_principal client, + char *password, + krb5_prompter_fct prompter, + void *data, + krb5_deltat start_time, + char *in_tkt_service, + krb5_get_init_creds_opt *options) +{ + krb5_error_code ret; + krb5_kdc_flags flags; + krb5_addresses *addrs = NULL; + krb5_enctype *etypes = NULL; + krb5_preauthtype *pre_auth_types = NULL; + krb5_creds this_cred; + krb5_kdc_rep kdc_reply; + char buf[BUFSIZ]; + krb5_data password_data; + + ret = init_cred (context, &this_cred, client, start_time, + in_tkt_service, options); + if (ret) + return ret; + + flags.i = 0; + + if (options->flags & KRB5_GET_INIT_CREDS_OPT_FORWARDABLE) + flags.b.forwardable = 1; + if (options->flags & KRB5_GET_INIT_CREDS_OPT_PROXIABLE) + flags.b.proxiable = 1; + if (options->flags & KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE) + flags.b.renewable = 1; + + if (options->flags & KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST) + addrs = options->address_list; + if (options->flags & KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST) { + etypes = malloc((options->etype_list_length + 1) + * sizeof(krb5_enctype)); + if (etypes == NULL) { + ret = ENOMEM; + goto out; + } + memcpy (etypes, options->etype_list, + options->etype_list_length * sizeof(krb5_enctype)); + etypes[options->etype_list_length] = 0; + } + if (options->flags & KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST) { + pre_auth_types = malloc((options->preauth_list_length + 1) + * sizeof(krb5_preauthtype)); + if (pre_auth_types == NULL) { + ret = ENOMEM; + goto out; + } + memcpy (pre_auth_types, options->preauth_list, + options->preauth_list_length * sizeof(krb5_preauthtype)); + pre_auth_types[options->preauth_list_length] = 0; + } + if (options->flags & KRB5_GET_INIT_CREDS_OPT_SALT) + ; /* XXX */ + + if (password == NULL) { + krb5_prompt prompt; + char *p; + + krb5_unparse_name (context, this_cred.client, &p); + asprintf (&prompt.prompt, "%s's Password: ", p); + free (p); + password_data.data = buf; + password_data.length = sizeof(buf); + prompt.hidden = 1; + prompt.reply = &password_data; + + ret = (*prompter) (context, data, NULL, 1, &prompt); + if (ret) { + memset (buf, 0, sizeof(buf)); + goto out; + } + password = password_data.data; + } + + ret = krb5_get_in_cred (context, + flags.i, + addrs, + etypes, + pre_auth_types, + krb5_password_key_proc, + password, + NULL, + NULL, + &this_cred, + NULL /* &kdc_reply */); + memset (buf, 0, sizeof(buf)); + if (ret) + goto out; + free (pre_auth_types); + free (etypes); + if (creds) + *creds = this_cred; + else + krb5_free_creds (context, &this_cred); + return 0; + +out: + free (pre_auth_types); + free (etypes); + krb5_free_creds (context, &this_cred); + return ret; +} diff --git a/lib/krb5/prompter_posix.c b/lib/krb5/prompter_posix.c new file mode 100644 index 000000000..c29970705 --- /dev/null +++ b/lib/krb5/prompter_posix.c @@ -0,0 +1,66 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id$"); + +int +krb5_prompter_posix (krb5_context context, + void *data, + const char *banner, + int num_prompts, + krb5_prompt prompts[]) +{ + int i; + + if (banner) + printf ("%s\n", banner); + for (i = 0; i < num_prompts; ++i) { + if (prompts[i].hidden) { + if(des_read_pw_string(prompts[i].reply->data, + prompts[i].reply->length, + prompts[i].prompt, + 0)) + return 1; + } else { + abort (); + } + } + return 0; +} diff --git a/lib/krb5/verify_init.c b/lib/krb5/verify_init.c new file mode 100644 index 000000000..d466f4415 --- /dev/null +++ b/lib/krb5/verify_init.c @@ -0,0 +1,89 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id$"); + +void +krb5_verify_init_creds_opt_init(krb5_init_creds_opt *options) +{ + memset (options, 0, sizeof(*options)); +} + +void +krb5_verify_init_creds_opt_set_ap_req_nofail(krb5_init_creds_opt *options, + int ap_req_nofail) +{ + options->flags |= KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL; + options->ap_req_nofail = ap_req_nofail; +} + +krb5_error_code +krb5_verify_init_creds(krb5_context context, + krb5_creds *creds, + krb5_principal ap_req_server, + krb5_keytab ap_req_keytab, + krb5_ccache *ccache, + krb5_verify_init_creds_opt *options) +{ + krb5_error_code ret; + + if (ap_req_server == NULL) { + char local_hostname[MAXHOSTNAMELEN]; + chat *hostname; + struct hostent *hostent; + + if (gethostname (local_hostname, sizeof(local_hostname)) < 0) + return errno; + hostname = local_hostname; + hostent = gethostbyname (hostname); + if (hostent != NULL) + hostname = hostent->h_name; + strlwr (hostname); /* XXX */ + + ret = krb5_sname_to_principal (context, + hostname, + "host", + KRB5_NT_SRV_INST, + &ap_req_server); + if (ret) + return ret; + } + +}