oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Add Kerberos 5 klist, old patch from Tomas Nyström (remove krb4 support).

Browse Source 
Support klist in client for kerberos 5 clase.
Clean up delegation of gss tokens and do afslog.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15666 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2005-07-19 17:08:11 +00:00
parent 111eda69f8
commit 70e4fce904
9 changed files with 132 additions and 157 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
appl/ftp/ftp/cmds.c
View File

@@ -2126,3 +2126,17 @@ newer(int argc, char **argv)
printf("Local file \"%s\" is newer than remote file \"%s\"\n", printf("Local file \"%s\" is newer than remote file \"%s\"\n",
argv[2], argv[1]); argv[2], argv[1]);
} }
void
klist(int argc, char **argv)
{
int ret;
if(argc != 1){
printf("usage: %s\n", argv[0]);
code = -1;
return;
}
ret = command("SITE KLIST");
code = (ret == COMPLETE);
}

8
appl/ftp/ftp/cmdtab.c
View File

@@ -107,7 +107,11 @@ char verbosehelp[] = "toggle verbose mode";
char prothelp[] = "set protection level"; char prothelp[] = "set protection level";
#ifdef KRB4 #ifdef KRB4
char kauthhelp[] = "get remote tokens"; char kauthhelp[] = "get remote tokens";
#endif
#if defined(KRB4) || defined(KRB5)
char klisthelp[] = "show remote tickets"; char klisthelp[] = "show remote tickets";
#endif
#ifdef KRB4
char kdestroyhelp[] = "destroy remote tickets"; char kdestroyhelp[] = "destroy remote tickets";
char krbtkfilehelp[] = "set filename of remote tickets"; char krbtkfilehelp[] = "set filename of remote tickets";
#endif #endif
@@ -192,7 +196,11 @@ struct cmd cmdtab[] = {
{ "prot", prothelp, 0, 1, 0, sec_prot }, { "prot", prothelp, 0, 1, 0, sec_prot },
#ifdef KRB4 #ifdef KRB4
{ "kauth", kauthhelp, 0, 1, 0, kauth }, { "kauth", kauthhelp, 0, 1, 0, kauth },
#endif
#if defined(KRB4) || defined(KRB5)
{ "klist", klisthelp, 0, 1, 0, klist }, { "klist", klisthelp, 0, 1, 0, klist },
#endif
#ifdef KRB4
{ "kdestroy", kdestroyhelp, 0, 1, 0, kdestroy }, { "kdestroy", kdestroyhelp, 0, 1, 0, kdestroy },
{ "krbtkfile", krbtkfilehelp, 0, 1, 0, krbtkfile }, { "krbtkfile", krbtkfilehelp, 0, 1, 0, krbtkfile },
#endif #endif

14
appl/ftp/ftp/kauth.c
View File

@@ -143,20 +143,6 @@ kauth(int argc, char **argv)
code = 0; code = 0;
} }
void
klist(int argc, char **argv)
{
int ret;
if(argc != 1){
printf("usage: %s\n", argv[0]);
code = -1;
return;
}
ret = command("SITE KLIST");
code = (ret == COMPLETE);
}
void void
kdestroy(int argc, char **argv) kdestroy(int argc, char **argv)
{ {

1
appl/ftp/ftpd/Makefile.am
View File

@@ -26,6 +26,7 @@ ftpd_SOURCES = \
popen.c \ popen.c \
security.c \ security.c \
kauth.c \ kauth.c \
klist.c \
$(krb4_sources) \ $(krb4_sources) \
$(krb5_sources) $(krb5_sources)

5
appl/ftp/ftpd/extern.h
View File

@@ -107,9 +107,12 @@ void klist(void);
void cond_kdestroy(void); void cond_kdestroy(void);
void kdestroy(void); void kdestroy(void);
void krbtkfile(const char *tkfile); void krbtkfile(const char *tkfile);
void afslog(const char *cell); void afslog(const char *, int);
void afsunlog(void); void afsunlog(void);
extern int do_destroy_tickets;
extern char *k5ccname;
int find(char *); int find(char *);
int builtin_ls(FILE*, const char*); int builtin_ls(FILE*, const char*);

20
appl/ftp/ftpd/ftpcmd.y
View File

@@ -524,12 +524,8 @@ cmd
} }
| SITE SP KLIST CRLF check_login | SITE SP KLIST CRLF check_login
{ {
#ifdef KRB4
if($5) if($5)
klist(); klist();
#else
reply(500, "Command not implemented.");
#endif
} }
| SITE SP KDESTROY CRLF check_login | SITE SP KDESTROY CRLF check_login
{ {
@@ -559,7 +555,7 @@ cmd
if(guest) if(guest)
reply(500, "Can't be done as guest."); reply(500, "Can't be done as guest.");
else if($5) else if($5)
afslog(NULL); afslog(NULL, 0);
#else #else
reply(500, "Command not implemented."); reply(500, "Command not implemented.");
#endif #endif
@@ -570,7 +566,7 @@ cmd
if(guest) if(guest)
reply(500, "Can't be done as guest."); reply(500, "Can't be done as guest.");
else if($7) else if($7)
afslog($5); afslog($5, 0);
if($5) if($5)
free($5); free($5);
#else #else
@@ -1391,13 +1387,13 @@ help(struct tab *ctab, char *s)
{ {
struct tab *c; struct tab *c;
int width, NCMDS; int width, NCMDS;
char *type; char *t;
char buf[1024]; char buf[1024];
if (ctab == sitetab) if (ctab == sitetab)
type = "SITE "; t = "SITE ";
else else
type = ""; t = "";
width = 0, NCMDS = 0; width = 0, NCMDS = 0;
for (c = ctab; c->name != NULL; c++) { for (c = ctab; c->name != NULL; c++) {
int len = strlen(c->name); int len = strlen(c->name);
@@ -1412,7 +1408,7 @@ help(struct tab *ctab, char *s)
int columns, lines; int columns, lines;
lreply(214, "The following %scommands are recognized %s.", lreply(214, "The following %scommands are recognized %s.",
type, "(* =>'s unimplemented)"); t, "(* =>'s unimplemented)");
columns = 76 / width; columns = 76 / width;
if (columns == 0) if (columns == 0)
columns = 1; columns = 1;
@@ -1448,9 +1444,9 @@ help(struct tab *ctab, char *s)
return; return;
} }
if (c->implemented) if (c->implemented)
reply(214, "Syntax: %s%s %s", type, c->name, c->help); reply(214, "Syntax: %s%s %s", t, c->name, c->help);
else else
reply(214, "%s%-*s\t%s; unimplemented.", type, width, reply(214, "%s%-*s\t%s; unimplemented.", t, width,
c->name, c->help); c->name, c->help);
} }

2
appl/ftp/ftpd/ftpd.c
View File

@@ -1891,7 +1891,7 @@ dologout(int status)
if (logged_in) { if (logged_in) {
seteuid((uid_t)0); seteuid((uid_t)0);
ftpd_logwtmp(ttyline, "", ""); ftpd_logwtmp(ttyline, "", "");
#ifdef KRB4 #if KRB4 || KRB5
cond_kdestroy(); cond_kdestroy();
#endif #endif
} }

43
appl/ftp/ftpd/gss_userok.c
View File

@@ -76,23 +76,15 @@ gss_userok(void *app_data, char *username)
/* gss_add_cred() ? */ /* gss_add_cred() ? */
if (data->delegated_cred_handle != GSS_C_NO_CREDENTIAL) { if (data->delegated_cred_handle != GSS_C_NO_CREDENTIAL) {
krb5_ccache ccache = NULL; krb5_ccache ccache = NULL;
char* ticketfile; const char* ticketfile;
struct passwd *pw; struct passwd *kpw;
pw = getpwnam(username); ret = krb5_cc_gen_new(gssapi_krb5_context, &krb5_fcc_ops, &ccache);
if (pw == NULL) {
ret = 1;
goto fail;
}
asprintf (&ticketfile, "%s%u", KRB5_DEFAULT_CCROOT,
(unsigned)pw->pw_uid);
ret = krb5_cc_resolve(gssapi_krb5_context, ticketfile, &ccache);
if (ret) if (ret)
goto fail; goto fail;
ticketfile = krb5_cc_get_name(gssapi_krb5_context, ccache);
ret = gss_krb5_copy_ccache(&minor_status, ret = gss_krb5_copy_ccache(&minor_status,
data->delegated_cred_handle, data->delegated_cred_handle,
ccache); ccache);
@@ -101,17 +93,26 @@ gss_userok(void *app_data, char *username)
goto fail; goto fail;
} }
chown (ticketfile+5, pw->pw_uid, pw->pw_gid); do_destroy_tickets = 1;
kpw = getpwnam(username);
if (k_hasafs()) { if (kpw == NULL) {
krb5_afslog(gssapi_krb5_context, ccache, 0, 0); unlink(ticketfile);
} ret = 1;
esetenv ("KRB5CCNAME", ticketfile, 1); goto fail;
}
chown (ticketfile, kpw->pw_uid, kpw->pw_gid);
asprintf(&k5ccname, "FILE:%s", ticketfile);
if (k5ccname) {
esetenv ("KRB5CCNAME", k5ccname, 1);
}
afslog(NULL, 1);
fail: fail:
if (ccache) if (ccache)
krb5_cc_close(gssapi_krb5_context, ccache); krb5_cc_close(gssapi_krb5_context, ccache);
free(ticketfile);
} }
gss_release_cred(&minor_status, &data->delegated_cred_handle); gss_release_cred(&minor_status, &data->delegated_cred_handle);

182
appl/ftp/ftpd/kauth.c
View File

@@ -35,6 +35,13 @@
RCSID("$Id$"); RCSID("$Id$");
#if defined(KRB4) || defined(KRB5)
int do_destroy_tickets = 1;
char *k5ccname;
#endif
#ifdef KRB4 #ifdef KRB4
static KTEXT_ST cip; static KTEXT_ST cip;
@@ -43,8 +50,6 @@ static time_t local_time;
static krb_principal pr; static krb_principal pr;
static int do_destroy_tickets = 1;
static int static int
save_tkt(const char *user, save_tkt(const char *user,
const char *instance, const char *instance,
@@ -238,108 +243,6 @@ short_date(int32_t dp)
return (cp); return (cp);
} }
void
klist(void)
{
int err;
char *file = tkt_string();
krb_principal pr;
char buf1[128], buf2[128];
int header = 1;
CREDENTIALS c;
err = tf_init(file, R_TKT_FIL);
if(err != KSUCCESS){
reply(500, "%s", krb_get_err_text(err));
return;
}
tf_close();
/*
* We must find the realm of the ticket file here before calling
* tf_init because since the realm of the ticket file is not
* really stored in the principal section of the file, the
* routine we use must itself call tf_init and tf_close.
*/
err = krb_get_tf_realm(file, pr.realm);
if(err != KSUCCESS){
reply(500, "%s", krb_get_err_text(err));
return;
}
err = tf_init(file, R_TKT_FIL);
if(err != KSUCCESS){
reply(500, "%s", krb_get_err_text(err));
return;
}
err = tf_get_pname(pr.name);
if(err != KSUCCESS){
reply(500, "%s", krb_get_err_text(err));
return;
}
err = tf_get_pinst(pr.instance);
if(err != KSUCCESS){
reply(500, "%s", krb_get_err_text(err));
return;
}
/*
* You may think that this is the obvious place to get the
* realm of the ticket file, but it can't be done here as the
* routine to do this must open the ticket file. This is why
* it was done before tf_init.
*/
lreply(200, "Ticket file: %s", tkt_string());
lreply(200, "Principal: %s", krb_unparse_name(&pr));
while ((err = tf_get_cred(&c)) == KSUCCESS) {
if (header) {
lreply(200, "%-15s %-15s %s",
" Issued", " Expires", " Principal (kvno)");
header = 0;
}
strlcpy(buf1, short_date(c.issue_date), sizeof(buf1));
c.issue_date = krb_life_to_time(c.issue_date, c.lifetime);
if (time(0) < (unsigned long) c.issue_date)
strlcpy(buf2, short_date(c.issue_date), sizeof(buf2));
else
strlcpy(buf2, ">>> Expired <<< ", sizeof(buf2));
lreply(200, "%s %s %s (%d)", buf1, buf2,
krb_unparse_name_long(c.service, c.instance, c.realm), c.kvno);
}
if (header && err == EOF) {
lreply(200, "No tickets in file.");
}
reply(200, " ");
}
/*
* Only destroy if we created the tickets
*/
void
cond_kdestroy(void)
{
if (do_destroy_tickets)
dest_tkt();
afsunlog();
}
void
kdestroy(void)
{
dest_tkt();
afsunlog();
reply(200, "Tickets destroyed");
}
void void
krbtkfile(const char *tkfile) krbtkfile(const char *tkfile)
{ {
@@ -350,10 +253,68 @@ krbtkfile(const char *tkfile)
#endif /* KRB4 */ #endif /* KRB4 */
#ifdef KRB5
static void
dest_cc(void)
{
krb5_context context;
krb5_error_code ret;
krb5_ccache id;
ret = krb5_init_context(&context);
if (ret == 0) {
if (k5ccname)
ret = krb5_cc_resolve(context, k5ccname, &id);
else
ret = krb5_cc_default (context, &id);
if (ret)
krb5_free_context(context);
}
if (ret == 0) {
krb5_cc_destroy(context, id);
krb5_free_context (context);
}
}
#endif
#if defined(KRB4) || defined(KRB5) #if defined(KRB4) || defined(KRB5)
/*
* Only destroy if we created the tickets
*/
void void
afslog(const char *cell) cond_kdestroy(void)
{
if (do_destroy_tickets) {
#if KRB4
dest_tkt();
#endif
#if KRB5
dest_cc();
#endif
do_destroy_tickets = 0;
}
afsunlog();
}
void
kdestroy(void)
{
#if KRB4
dest_tkt();
#endif
#if KRB5
dest_cc();
#endif
afsunlog();
reply(200, "Tickets destroyed");
}
void
afslog(const char *cell, int quiet)
{ {
if(k_hasafs()) { if(k_hasafs()) {
#ifdef KRB5 #ifdef KRB5
@@ -363,7 +324,10 @@ afslog(const char *cell)
ret = krb5_init_context(&context); ret = krb5_init_context(&context);
if (ret == 0) { if (ret == 0) {
ret = krb5_cc_default(context, &id); if (k5ccname)
ret = krb5_cc_resolve(context, k5ccname, &id);
else
ret = krb5_cc_default(context, &id);
if (ret) if (ret)
krb5_free_context(context); krb5_free_context(context);
} }
@@ -376,9 +340,11 @@ afslog(const char *cell)
#ifdef KRB4 #ifdef KRB4
krb_afslog(cell, 0); krb_afslog(cell, 0);
#endif #endif
reply(200, "afslog done"); if (!quiet)
reply(200, "afslog done");
} else { } else {
reply(200, "no AFS present"); if (!quiet)
reply(200, "no AFS present");
} }
} }