diff --git a/appl/telnet/libtelnet/kerberos5.c b/appl/telnet/libtelnet/kerberos5.c index cdcff3240..29c78b54b 100644 --- a/appl/telnet/libtelnet/kerberos5.c +++ b/appl/telnet/libtelnet/kerberos5.c @@ -1,11 +1,3 @@ -#if !defined(lint) && !defined(SABER) -static -#ifdef __STDC__ -const -#endif -char rcsid_kerberos5_c[] = "$Id$"; -#endif /* lint */ - /*- * Copyright (c) 1991, 1993 * The Regents of the University of California. All rights reserved. @@ -64,17 +56,29 @@ char rcsid_kerberos5_c[] = "$Id$"; #include #endif +static const char *error_message(long foo) +{ + abort(); +} + RCSID("$Id$"); #ifdef KRB5 #include #include -#include +#define Authenticator k5_Authenticator +#include +#undef Authenticator +#include +#if 0 #include #include #include #include +#endif +#if 0 #include +#endif #include #include @@ -116,529 +120,386 @@ static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0, #endif /* FORWARD */ static krb5_data auth; - /* telnetd gets session key from here */ -static krb5_tkt_authent *authdat = NULL; +/* telnetd gets session key from here */ +static /*krb5_tkt_authent*/ void *authdat = NULL; /* telnet matches the AP_REQ and AP_REP with this */ +#if 0 static krb5_authenticator authenticator; +#endif +static k5_Authenticator authenticator; + +static krb5_context context; +static krb5_auth_context *auth_context; /* some compilers can't hack void *, so we use the Kerberos krb5_pointer, which is either void * or char *, depending on the compiler. */ -#define Voidptr krb5_pointer - des_cblock session_key; - static int -Data(ap, type, d, c) - Authenticator *ap; - int type; - Voidptr d; - int c; +static int +Data(Authenticator *ap, int type, void *d, int c) { - unsigned char *p = str_data + 4; - unsigned char *cd = (unsigned char *)d; + unsigned char *p = str_data + 4; + unsigned char *cd = (unsigned char *)d; - if (c == -1) - c = strlen(cd); + if (c == -1) + c = strlen(cd); + if (auth_debug_mode) { + printf("%s:%d: [%d] (%d)", + str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY", + str_data[3], + type, c); + printd(d, c); + printf("\r\n"); + } + *p++ = ap->type; + *p++ = ap->way; + *p++ = type; + while (c-- > 0) { + if ((*p++ = *cd++) == IAC) + *p++ = IAC; + } + *p++ = IAC; + *p++ = SE; + if (str_data[3] == TELQUAL_IS) + printsub('>', &str_data[2], p - &str_data[2]); + return(net_write(str_data, p - str_data)); +} + +int +kerberos5_init(Authenticator *ap, int server) +{ + if (server) + str_data[3] = TELQUAL_REPLY; + else + str_data[3] = TELQUAL_IS; + krb5_init_context(&context); + return(1); +} + +int +kerberos5_send(Authenticator *ap) +{ + krb5_error_code r; + krb5_ccache ccache; + int ap_opts; + + if (!UserNameRequested) { if (auth_debug_mode) { - printf("%s:%d: [%d] (%d)", - str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY", - str_data[3], - type, c); - printd(d, c); - printf("\r\n"); + printf("Kerberos V5: no user name supplied\r\n"); } - *p++ = ap->type; - *p++ = ap->way; - *p++ = type; - while (c-- > 0) { - if ((*p++ = *cd++) == IAC) - *p++ = IAC; + return(0); + } + + if (r = krb5_cc_default(context, &ccache)) { + if (auth_debug_mode) { + printf("Kerberos V5: could not get default ccache\r\n"); } - *p++ = IAC; - *p++ = SE; - if (str_data[3] == TELQUAL_IS) - printsub('>', &str_data[2], p - &str_data[2]); - return(net_write(str_data, p - str_data)); + return(0); + } + + if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) + ap_opts = AP_OPTS_MUTUAL_REQUIRED; + else + ap_opts = 0; + + auth_context = NULL; + + r = krb5_mk_req(context, &auth_context, ap_opts, + "host", RemoteHostName, + NULL, ccache, &auth); + + if (r) { + if (auth_debug_mode) { + printf("Kerberos V5: mk_req failed (%s)\r\n", + krb5_get_err_text(r)); + } + return(0); + } + + if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) { + if (auth_debug_mode) + printf("Not enough room for user name\r\n"); + return(0); + } + if (!Data(ap, KRB_AUTH, auth.data, auth.length)) { + if (auth_debug_mode) + printf("Not enough room for authentication data\r\n"); + return(0); + } + if (auth_debug_mode) { + printf("Sent Kerberos V5 credentials to server\r\n"); + } + return(1); } - int -kerberos5_init(ap, server) - Authenticator *ap; - int server; +void +kerberos5_is(Authenticator *ap, unsigned char *data, int cnt) { - if (server) - str_data[3] = TELQUAL_REPLY; - else - str_data[3] = TELQUAL_IS; - krb5_init_ets(); - return(1); -} + int r; + krb5_data outbuf; + krb5_ticket *ticket; + + krb5_keyblock *key_block; - int -kerberos5_send(ap) - Authenticator *ap; -{ - char **realms; - char *name; - char *p1, *p2; - krb5_checksum ksum; - krb5_octet sum[CRC32_CKSUM_LENGTH]; - krb5_principal server; - krb5_error_code r; - krb5_ccache ccache; - krb5_creds creds; /* telnet gets session key from here */ - extern krb5_flags krb5_kdc_default_options; - int ap_opts; + if (cnt-- < 1) + return; + switch (*data++) { + case KRB_AUTH: + auth.data = (char *)data; + auth.length = cnt; + auth_context = NULL; - ksum.checksum_type = CKSUMTYPE_CRC32; - ksum.contents = sum; - ksum.length = sizeof(sum); - memset((Voidptr )sum, 0, sizeof(sum)); + r = krb5_rd_req(context, &auth_context, &auth, + NULL, NULL, NULL, &ticket); - if (!UserNameRequested) { - if (auth_debug_mode) { - printf("Kerberos V5: no user name supplied\r\n"); - } - return(0); - } - - if (r = krb5_cc_default(&ccache)) { - if (auth_debug_mode) { - printf("Kerberos V5: could not get default ccache\r\n"); - } - return(0); - } - - if ((name = malloc(strlen(RemoteHostName)+1)) == NULL) { - if (auth_debug_mode) - printf("Out of memory for hostname in Kerberos V5\r\n"); - return(0); - } - - if (r = krb5_get_host_realm(RemoteHostName, &realms)) { - if (auth_debug_mode) - printf("Kerberos V5: no realm for %s\r\n", RemoteHostName); - free(name); - return(0); - } - - p1 = RemoteHostName; - p2 = name; - - while (*p2 = *p1++) { - if (isupper(*p2)) - *p2 |= 040; - ++p2; - } - - if (r = krb5_build_principal_ext(&server, - strlen(realms[0]), realms[0], - 4, "host", - p2 - name, name, - 0)) { - if (auth_debug_mode) { - printf("Kerberos V5: failure setting up principal (%s)\r\n", - error_message(r)); - } - free(name); - krb5_free_host_realm(realms); - return(0); - } - - - memset(&creds, 0, sizeof(creds)); - creds.server = server; - - if (r = krb5_cc_get_principal(ccache, &creds.client)) { - if (auth_debug_mode) { - printf("Kerberos V5: failure on principal (%s)\r\n", - error_message(r)); - } - free(name); - krb5_free_principal(server); - krb5_free_host_realm(realms); - return(0); - } - - if (r = krb5_get_credentials(krb5_kdc_default_options, ccache, &creds)) { - if (auth_debug_mode) { - printf("Kerberos V5: failure on credentials(%d)\r\n",r); - } - free(name); - krb5_free_host_realm(realms); - krb5_free_principal(server); - return(0); - } - - if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) - ap_opts = AP_OPTS_MUTUAL_REQUIRED; - else - ap_opts = 0; - - r = krb5_mk_req_extended(ap_opts, &ksum, krb5_kdc_default_options, 0, - 0, - ccache, &creds, &authenticator, &auth); - /* don't let the key get freed if we clean up the authenticator */ - authenticator.subkey = 0; - - free(name); - krb5_free_host_realm(realms); - krb5_free_principal(server); if (r) { - if (auth_debug_mode) { - printf("Kerberos V5: mk_req failed (%s)\r\n", - error_message(r)); - } - return(0); - } + char errbuf[128]; - if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) { - if (auth_debug_mode) - printf("Not enough room for user name\r\n"); - return(0); + errout: + authdat = 0; + strcpy(errbuf, "Read req failed: "); + strcat(errbuf, error_message(r)); + Data(ap, KRB_REJECT, errbuf, -1); + if (auth_debug_mode) + printf("%s\r\n", errbuf); + return; } - if (!Data(ap, KRB_AUTH, auth.data, auth.length)) { - if (auth_debug_mode) - printf("Not enough room for authentication data\r\n"); - return(0); +#if 0 + if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) { + r = krb5_mk_rep(context, auth_context, &outbuf); + if(r){ + + } + Data(ap, KRB_RESPONSE, outbuf.data, outbuf.length); } + if (krb5_unparse_name(context, ticket->enc_part2->client, &name)) + name = 0; +#endif +#if 0 + Data(ap, KRB_ACCEPT, name, name ? -1 : 0); if (auth_debug_mode) { - printf("Sent Kerberos V5 credentials to server\r\n"); + printf("Kerberos5 identifies him as ``%s''\r\n", + name ? name : ""); } - return(1); -} +#endif + auth_finished(ap, AUTH_USER); - void -kerberos5_is(ap, data, cnt) - Authenticator *ap; - unsigned char *data; - int cnt; -{ - int r; - struct hostent *hp; - char *p1, *p2; - static char *realm = NULL; - krb5_principal server; - krb5_ap_rep_enc_part reply; - krb5_data outbuf; - char *name; - char *getenv(); - krb5_data inbuf; +#if 0 + r = krb5_auth_con_getkey(context, auth_context, &key_block); + if(r){ + } +#endif + + if(key_block->keytype == KEYTYPE_DES){ + memcpy(&session_key, key_block->contents.data, + sizeof(session_key)); + } - if (cnt-- < 1) - return; - switch (*data++) { - case KRB_AUTH: - auth.data = (char *)data; - auth.length = cnt; - - if (!(hp = gethostbyname(LocalHostName))) { - if (auth_debug_mode) - printf("Cannot resolve local host name\r\n"); - Data(ap, KRB_REJECT, "Unknown local hostname.", -1); - auth_finished(ap, AUTH_REJECT); - return; - } - - if (!realm && (krb5_get_default_realm(&realm))) { - if (auth_debug_mode) - printf("Could not get default realm\r\n"); - Data(ap, KRB_REJECT, "Could not get default realm.", -1); - auth_finished(ap, AUTH_REJECT); - return; - } - - if ((name = malloc(strlen(hp->h_name)+1)) == NULL) { - if (auth_debug_mode) - printf("Out of memory for hostname in Kerberos V5\r\n"); - Data(ap, KRB_REJECT, "Out of memory.", -1); - auth_finished(ap, AUTH_REJECT); - return; - } - - p1 = hp->h_name; - p2 = name; - - while (*p2 = *p1++) { - if (isupper(*p2)) - *p2 |= 040; - ++p2; - } - - if (authdat) - krb5_free_tkt_authent(authdat); - - r = krb5_build_principal_ext(&server, - strlen(realm), realm, - 4, "host", - p2 - name, name, - 0); - if (!r) { - r = krb5_rd_req_simple(&auth, server, 0, &authdat); - krb5_free_principal(server); - } - if (r) { - char errbuf[128]; - - errout: - authdat = 0; - strcpy(errbuf, "Read req failed: "); - strcat(errbuf, error_message(r)); - Data(ap, KRB_REJECT, errbuf, -1); - if (auth_debug_mode) - printf("%s\r\n", errbuf); - return; - } - free(name); - if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) { - /* do ap_rep stuff here */ - reply.ctime = authdat->authenticator->ctime; - reply.cusec = authdat->authenticator->cusec; - reply.subkey = 0; /* use the one he gave us, so don't - need to return one here */ - reply.seq_number = 0; /* we don't do seq #'s. */ - - if (r = krb5_mk_rep(&reply, - authdat->authenticator->subkey ? - authdat->authenticator->subkey : - authdat->ticket->enc_part2->session, - &outbuf)) { - goto errout; - } - Data(ap, KRB_RESPONSE, outbuf.data, outbuf.length); - } - if (krb5_unparse_name(authdat->ticket->enc_part2 ->client, - &name)) - name = 0; - Data(ap, KRB_ACCEPT, name, name ? -1 : 0); - if (auth_debug_mode) { - printf("Kerberos5 identifies him as ``%s''\r\n", - name ? name : ""); - } - auth_finished(ap, AUTH_USER); - - free(name); - if (authdat->authenticator->subkey && - authdat->authenticator->subkey->keytype == KEYTYPE_DES) { - memmove((Voidptr )session_key, - (Voidptr )authdat->authenticator->subkey->contents, - sizeof(des_cblock)); - } else if (authdat->ticket->enc_part2->session->keytype == - KEYTYPE_DES) { - memmove((Voidptr )session_key, - (Voidptr )authdat->ticket->enc_part2->session->contents, - sizeof(des_cblock)); - } else - break; - - break; +#if 0 + krb5_free_keyblock(context, key_block); +#endif + + break; #ifdef FORWARD - case KRB_FORWARD: - inbuf.data = (char *)data; - inbuf.length = cnt; - if (r = rd_and_store_for_creds(&inbuf, authdat->ticket, - UserNameRequested)) { - char errbuf[128]; + case KRB_FORWARD: + inbuf.data = (char *)data; + inbuf.length = cnt; + if (r = rd_and_store_for_creds(&inbuf, authdat->ticket, + UserNameRequested)) { + char errbuf[128]; - strcpy(errbuf, "Read forwarded creds failed: "); - strcat(errbuf, error_message(r)); - Data(ap, KRB_FORWARD_REJECT, errbuf, -1); - if (auth_debug_mode) - printf("Could not read forwarded credentials\r\n"); - } - else - Data(ap, KRB_FORWARD_ACCEPT, 0, 0); - if (auth_debug_mode) - printf("Forwarded credentials obtained\r\n"); - break; -#endif /* FORWARD */ - default: - if (auth_debug_mode) - printf("Unknown Kerberos option %d\r\n", data[-1]); - Data(ap, KRB_REJECT, 0, 0); - break; + strcpy(errbuf, "Read forwarded creds failed: "); + strcat(errbuf, error_message(r)); + Data(ap, KRB_FORWARD_REJECT, errbuf, -1); + if (auth_debug_mode) + printf("Could not read forwarded credentials\r\n"); } + else + Data(ap, KRB_FORWARD_ACCEPT, 0, 0); + if (auth_debug_mode) + printf("Forwarded credentials obtained\r\n"); + break; +#endif /* FORWARD */ + default: + if (auth_debug_mode) + printf("Unknown Kerberos option %d\r\n", data[-1]); + Data(ap, KRB_REJECT, 0, 0); + break; + } } - void -kerberos5_reply(ap, data, cnt) - Authenticator *ap; - unsigned char *data; - int cnt; +void +kerberos5_reply(Authenticator *ap, unsigned char *data, int cnt) { - Session_Key skey; - static int mutual_complete = 0; + Session_Key skey; + static int mutual_complete = 0; - if (cnt-- < 1) - return; - switch (*data++) { - case KRB_REJECT: - if (cnt > 0) { - printf("[ Kerberos V5 refuses authentication because %.*s ]\r\n", - cnt, data); - } else - printf("[ Kerberos V5 refuses authentication ]\r\n"); + if (cnt-- < 1) + return; + switch (*data++) { + case KRB_REJECT: + if (cnt > 0) { + printf("[ Kerberos V5 refuses authentication because %.*s ]\r\n", + cnt, data); + } else + printf("[ Kerberos V5 refuses authentication ]\r\n"); + auth_send_retry(); + return; + case KRB_ACCEPT: + if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL && + !mutual_complete) { + printf("[ Kerberos V5 accepted you, but didn't provide mutual authentication! ]\r\n"); + auth_send_retry(); + return; + } + if (cnt) + printf("[ Kerberos V5 accepts you as ``%.*s'' ]\r\n", cnt, data); + else + printf("[ Kerberos V5 accepts you ]\r\n"); + auth_finished(ap, AUTH_USER); +#ifdef FORWARD + if (forward_flags & OPTS_FORWARD_CREDS) + kerberos5_forward(ap); +#endif /* FORWARD */ + break; + case KRB_RESPONSE: + if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) { + /* the rest of the reply should contain a krb_ap_rep */ +#if 0 + /*krb5_ap_rep_enc_part*/ void *reply; +#endif + EncAPRepPart *reply; + krb5_data inbuf; + krb5_error_code r; + + inbuf.length = cnt; + inbuf.data = (char *)data; + + if (r = krb5_rd_rep(context, auth_context, &inbuf, &reply)) { + printf("[ Mutual authentication failed: %s ]\r\n", + error_message(r)); auth_send_retry(); return; - case KRB_ACCEPT: - if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL && - !mutual_complete) { - printf("[ Kerberos V5 accepted you, but didn't provide mutual authentication! ]\r\n"); - auth_send_retry(); - return; - } - if (cnt) - printf("[ Kerberos V5 accepts you as ``%.*s'' ]\r\n", cnt, data); - else - printf("[ Kerberos V5 accepts you ]\r\n"); - auth_finished(ap, AUTH_USER); -#ifdef FORWARD - if (forward_flags & OPTS_FORWARD_CREDS) - kerberos5_forward(ap); -#endif /* FORWARD */ - break; - case KRB_RESPONSE: - if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) { - /* the rest of the reply should contain a krb_ap_rep */ - krb5_ap_rep_enc_part *reply; - krb5_data inbuf; - krb5_error_code r; - krb5_keyblock tmpkey; - - inbuf.length = cnt; - inbuf.data = (char *)data; - - tmpkey.keytype = KEYTYPE_DES; - tmpkey.contents = session_key; - tmpkey.length = sizeof(des_cblock); - - if (r = krb5_rd_rep(&inbuf, &tmpkey, &reply)) { - printf("[ Mutual authentication failed: %s ]\r\n", - error_message(r)); - auth_send_retry(); - return; - } - if (reply->ctime != authenticator.ctime || - reply->cusec != authenticator.cusec) { - printf("[ Mutual authentication failed (mismatched KRB_AP_REP) ]\r\n"); - auth_send_retry(); - return; - } - krb5_free_ap_rep_enc_part(reply); - mutual_complete = 1; - } - return; -#ifdef FORWARD - case KRB_FORWARD_ACCEPT: - printf("[ Kerberos V5 accepted forwarded credentials ]\r\n"); - return; - case KRB_FORWARD_REJECT: - printf("[ Kerberos V5 refuses forwarded credentials because %.*s ]\r\n", - cnt, data); - return; -#endif /* FORWARD */ - default: - if (auth_debug_mode) - printf("Unknown Kerberos option %d\r\n", data[-1]); + } +#if 0 + if (reply->ctime != authenticator.ctime || + reply->cusec != authenticator.cusec) { + printf("[ Mutual authentication failed (mismatched KRB_AP_REP) ]\r\n"); + auth_send_retry(); return; + } +#endif + krb5_free_ap_rep_enc_part(context, reply); + mutual_complete = 1; } + return; +#ifdef FORWARD + case KRB_FORWARD_ACCEPT: + printf("[ Kerberos V5 accepted forwarded credentials ]\r\n"); + return; + case KRB_FORWARD_REJECT: + printf("[ Kerberos V5 refuses forwarded credentials because %.*s ]\r\n", + cnt, data); + return; +#endif /* FORWARD */ + default: + if (auth_debug_mode) + printf("Unknown Kerberos option %d\r\n", data[-1]); + return; + } } - int -kerberos5_status(ap, name, level) - Authenticator *ap; - char *name; - int level; +int +kerberos5_status(Authenticator *ap, char *name, int level) { - if (level < AUTH_USER) - return(level); + if (level < AUTH_USER) + return(level); - if (UserNameRequested && - krb5_kuserok(authdat->ticket->enc_part2->client, UserNameRequested)) +#if 0 + if (UserNameRequested && + krb5_kuserok(context, authdat->ticket->enc_part2->client, UserNameRequested)) { - strcpy(name, UserNameRequested); - return(AUTH_VALID); + strcpy(name, UserNameRequested); + return(AUTH_VALID); } else - return(AUTH_USER); + return(AUTH_USER); +#endif } #define BUMP(buf, len) while (*(buf)) {++(buf), --(len);} #define ADDC(buf, len, c) if ((len) > 0) {*(buf)++ = (c); --(len);} - void -kerberos5_printsub(data, cnt, buf, buflen) - unsigned char *data, *buf; - int cnt, buflen; +void +kerberos5_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) { - char lbuf[32]; - int i; + char lbuf[32]; + int i; - buf[buflen-1] = '\0'; /* make sure its NULL terminated */ - buflen -= 1; + buf[buflen-1] = '\0'; /* make sure its NULL terminated */ + buflen -= 1; - switch(data[3]) { - case KRB_REJECT: /* Rejected (reason might follow) */ - strncpy((char *)buf, " REJECT ", buflen); - goto common; + switch(data[3]) { + case KRB_REJECT: /* Rejected (reason might follow) */ + strncpy((char *)buf, " REJECT ", buflen); + goto common; - case KRB_ACCEPT: /* Accepted (name might follow) */ - strncpy((char *)buf, " ACCEPT ", buflen); - common: - BUMP(buf, buflen); - if (cnt <= 4) - break; - ADDC(buf, buflen, '"'); - for (i = 4; i < cnt; i++) - ADDC(buf, buflen, data[i]); - ADDC(buf, buflen, '"'); - ADDC(buf, buflen, '\0'); - break; + case KRB_ACCEPT: /* Accepted (name might follow) */ + strncpy((char *)buf, " ACCEPT ", buflen); + common: + BUMP(buf, buflen); + if (cnt <= 4) + break; + ADDC(buf, buflen, '"'); + for (i = 4; i < cnt; i++) + ADDC(buf, buflen, data[i]); + ADDC(buf, buflen, '"'); + ADDC(buf, buflen, '\0'); + break; - case KRB_AUTH: /* Authentication data follows */ - strncpy((char *)buf, " AUTH", buflen); - goto common2; + case KRB_AUTH: /* Authentication data follows */ + strncpy((char *)buf, " AUTH", buflen); + goto common2; - case KRB_RESPONSE: - strncpy((char *)buf, " RESPONSE", buflen); - goto common2; + case KRB_RESPONSE: + strncpy((char *)buf, " RESPONSE", buflen); + goto common2; #ifdef FORWARD - case KRB_FORWARD: /* Forwarded credentials follow */ - strncpy((char *)buf, " FORWARD", buflen); - goto common2; + case KRB_FORWARD: /* Forwarded credentials follow */ + strncpy((char *)buf, " FORWARD", buflen); + goto common2; - case KRB_FORWARD_ACCEPT: /* Forwarded credentials accepted */ - strncpy((char *)buf, " FORWARD_ACCEPT", buflen); - goto common2; + case KRB_FORWARD_ACCEPT: /* Forwarded credentials accepted */ + strncpy((char *)buf, " FORWARD_ACCEPT", buflen); + goto common2; - case KRB_FORWARD_REJECT: /* Forwarded credentials rejected */ - /* (reason might follow) */ - strncpy((char *)buf, " FORWARD_REJECT", buflen); - goto common2; + case KRB_FORWARD_REJECT: /* Forwarded credentials rejected */ + /* (reason might follow) */ + strncpy((char *)buf, " FORWARD_REJECT", buflen); + goto common2; #endif /* FORWARD */ - default: - sprintf(lbuf, " %d (unknown)", data[3]); - strncpy((char *)buf, lbuf, buflen); - common2: - BUMP(buf, buflen); - for (i = 4; i < cnt; i++) { - sprintf(lbuf, " %d", data[i]); - strncpy((char *)buf, lbuf, buflen); - BUMP(buf, buflen); - } - break; + default: + sprintf(lbuf, " %d (unknown)", data[3]); + strncpy((char *)buf, lbuf, buflen); + common2: + BUMP(buf, buflen); + for (i = 4; i < cnt; i++) { + sprintf(lbuf, " %d", data[i]); + strncpy((char *)buf, lbuf, buflen); + BUMP(buf, buflen); } + break; + } } #ifdef FORWARD - void -kerberos5_forward(ap) - Authenticator *ap; +void +kerberos5_forward(Authenticator *ap) { struct hostent *hp; krb5_creds *local_creds; @@ -651,31 +512,31 @@ kerberos5_forward(ap) if (!(local_creds = (krb5_creds *) calloc(1, sizeof(*local_creds)))) { if (auth_debug_mode) - printf("Kerberos V5: could not allocate memory for credentials\r\n"); + printf("Kerberos V5: could not allocate memory for credentials\r\n"); return; } - if (r = krb5_sname_to_principal(RemoteHostName, "host", 1, + if (r = krb5_sname_to_principal(context, RemoteHostName, "host", 1, &local_creds->server)) { if (auth_debug_mode) - printf("Kerberos V5: could not build server name - %s\r\n", - error_message(r)); + printf("Kerberos V5: could not build server name - %s\r\n", + error_message(r)); krb5_free_creds(local_creds); return; } if (r = krb5_cc_default(&ccache)) { if (auth_debug_mode) - printf("Kerberos V5: could not get default ccache - %s\r\n", - error_message(r)); + printf("Kerberos V5: could not get default ccache - %s\r\n", + error_message(r)); krb5_free_creds(local_creds); return; } if (r = krb5_cc_get_principal(ccache, &local_creds->client)) { if (auth_debug_mode) - printf("Kerberos V5: could not get default principal - %s\r\n", - error_message(r)); + printf("Kerberos V5: could not get default principal - %s\r\n", + error_message(r)); krb5_free_creds(local_creds); return; } @@ -683,8 +544,8 @@ kerberos5_forward(ap) /* Get ticket from credentials cache */ if (r = krb5_get_credentials(KRB5_GC_CACHED, ccache, local_creds)) { if (auth_debug_mode) - printf("Kerberos V5: could not obtain credentials - %s\r\n", - error_message(r)); + printf("Kerberos V5: could not obtain credentials - %s\r\n", + error_message(r)); krb5_free_creds(local_creds); return; } @@ -697,8 +558,8 @@ kerberos5_forward(ap) forward_flags & OPTS_FORWARDABLE_CREDS, &forw_creds)) { if (auth_debug_mode) - printf("Kerberos V5: error getting forwarded creds - %s\r\n", - error_message(r)); + printf("Kerberos V5: error getting forwarded creds - %s\r\n", + error_message(r)); krb5_free_creds(local_creds); return; } @@ -706,11 +567,11 @@ kerberos5_forward(ap) /* Send forwarded credentials */ if (!Data(ap, KRB_FORWARD, forw_creds.data, forw_creds.length)) { if (auth_debug_mode) - printf("Not enough room for authentication data\r\n"); + printf("Not enough room for authentication data\r\n"); } else { if (auth_debug_mode) - printf("Forwarded local Kerberos V5 credentials to server\r\n"); + printf("Forwarded local Kerberos V5 credentials to server\r\n"); } krb5_free_creds(local_creds);