Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-5]: src/crypto/dist/heimdal/kuser Pull up revision 1.2 (request...
details: https://anonhg.NetBSD.org/src/rev/a6745a3b32cd
branches: netbsd-1-5
changeset: 490747:a6745a3b32cd
user: he <he%NetBSD.org@localhost>
date: Mon Feb 26 22:10:03 2001 +0000
description:
Pull up revision 1.2 (requested by assar):
Fix a bug with KerberosIV fallback lifetime calculation.
diffstat:
crypto/dist/heimdal/kuser/kinit.c | 170 ++++++++++++++++++++++++++++++++++++-
1 files changed, 164 insertions(+), 6 deletions(-)
diffs (226 lines):
diff -r 556f6c60cfc8 -r a6745a3b32cd crypto/dist/heimdal/kuser/kinit.c
--- a/crypto/dist/heimdal/kuser/kinit.c Mon Feb 26 22:08:11 2001 +0000
+++ b/crypto/dist/heimdal/kuser/kinit.c Mon Feb 26 22:10:03 2001 +0000
@@ -32,11 +32,136 @@
*/
#include "kuser_locl.h"
-RCSID("$Id: kinit.c,v 1.1.1.1 2000/06/16 18:31:40 thorpej Exp $");
+RCSID("$Id: kinit.c,v 1.1.1.1.2.1 2001/02/26 22:10:03 he Exp $");
+
+#ifdef KRB4
+/* for when the KDC tells us it's a v4 one, we try to talk that */
+
+static int
+key_to_key(const char *user,
+ char *instance,
+ const char *realm,
+ const void *arg,
+ des_cblock *key)
+{
+ memcpy(key, arg, sizeof(des_cblock));
+ return 0;
+}
+
+static int
+do_v4_fallback (krb5_context context,
+ const krb5_principal principal,
+ int lifetime,
+ int use_srvtab, const char *srvtab_str,
+ char *passwd, size_t passwd_size)
+{
+ int ret;
+ krb_principal princ;
+ des_cblock key;
+ krb5_error_code kret;
+
+ if (lifetime == 0)
+ lifetime = DEFAULT_TKT_LIFE;
+ else
+ lifetime = krb_time_to_life (0, lifetime);
+
+ kret = krb5_524_conv_principal (context, principal,
+ princ.name,
+ princ.instance,
+ princ.realm);
+ if (kret) {
+ krb5_warn (context, kret, "krb5_524_conv_principal");
+ return 1;
+ }
+
+ if (use_srvtab || srvtab_str) {
+ if (srvtab_str == NULL)
+ srvtab_str = KEYFILE;
+
+ ret = read_service_key (princ.name, princ.instance, princ.realm,
+ 0, srvtab_str, (char *)&key);
+ if (ret) {
+ warnx ("read_service_key %s: %s", srvtab_str,
+ krb_get_err_text (ret));
+ return 1;
+ }
+ ret = krb_get_in_tkt (princ.name, princ.instance, princ.realm,
+ KRB_TICKET_GRANTING_TICKET, princ.realm,
+ lifetime, key_to_key, NULL, key);
+ } else {
+ ret = krb_get_pw_in_tkt2(princ.name, princ.instance, princ.realm,
+ KRB_TICKET_GRANTING_TICKET, princ.realm,
+ lifetime, passwd, &key);
+ }
+ memset (passwd, 0, passwd_size);
+ memset (key, 0, sizeof(key));
+ if (ret) {
+ warnx ("%s", krb_get_err_text(ret));
+ return 1;
+ }
+ if (k_hasafs()) {
+ if ((ret = krb_afslog(NULL, NULL)) != 0 && ret != KDC_PR_UNKNOWN) {
+ if(ret > 0)
+ warnx ("%s", krb_get_err_text(ret));
+ else
+ warnx ("failed to store AFS token");
+ }
+ }
+ return 0;
+}
+
+
+/*
+ * the special version of get_default_principal that takes v4 into account
+ */
+
+static krb5_error_code
+kinit_get_default_principal (krb5_context context,
+ krb5_principal *princ)
+{
+ krb5_error_code ret;
+ krb5_ccache id;
+ krb_principal v4_princ;
+ int kret;
+
+ ret = krb5_cc_default (context, &id);
+ if (ret == 0) {
+ ret = krb5_cc_get_principal (context, id, princ);
+ krb5_cc_close (context, id);
+ if (ret == 0)
+ return 0;
+ }
+
+ kret = krb_get_tf_fullname (tkt_string(),
+ v4_princ.name,
+ v4_princ.instance,
+ v4_princ.realm);
+ if (kret == KSUCCESS) {
+ ret = krb5_425_conv_principal (context,
+ v4_princ.name,
+ v4_princ.instance,
+ v4_princ.realm,
+ princ);
+ if (ret == 0)
+ return 0;
+ }
+ return krb5_get_default_principal (context, princ);
+}
+
+#else /* !KRB4 */
+
+static krb5_error_code
+kinit_get_default_principal (krb5_context context,
+ krb5_principal *princ)
+{
+ return krb5_get_default_principal (context, princ);
+}
+
+#endif /* !KRB4 */
int forwardable_flag = 0;
int proxiable_flag = 0;
-int renewable_flag = 0;
+int renewable_flag = 0;
int renew_flag = 0;
int validate_flag = 0;
int version_flag = 0;
@@ -57,7 +182,7 @@
#endif
int fcache_version;
-struct getargs args[] = {
+static struct getargs args[] = {
#ifdef KRB4
{ "524init", '4', arg_flag, &get_v4_tgt,
"obtain version 4 TGT" },
@@ -212,6 +337,7 @@
krb5_deltat start_time = 0;
krb5_deltat ticket_life = 0;
krb5_addresses no_addrs;
+ char passwd[256];
set_progname (argv[0]);
memset(&cred, 0, sizeof(cred));
@@ -328,7 +454,7 @@
if (ret)
krb5_err (context, 1, ret, "krb5_parse_name");
} else {
- ret = krb5_get_default_principal (context, &principal);
+ ret = kinit_get_default_principal (context, &principal);
if (ret)
krb5_err (context, 1, ret, "krb5_get_default_principal");
}
@@ -360,23 +486,55 @@
server,
&opt);
krb5_kt_close(context, kt);
- } else
+ } else {
+ char *p, *prompt;
+
+ krb5_unparse_name (context, principal, &p);
+ asprintf (&prompt, "%s's Password: ", p);
+ free (p);
+
+ if (des_read_pw_string(passwd, sizeof(passwd)-1, prompt, 0)){
+ memset(passwd, 0, sizeof(passwd));
+ exit(1);
+ }
+
+ free (prompt);
+
ret = krb5_get_init_creds_password (context,
&cred,
principal,
- NULL,
+ passwd,
krb5_prompter_posix,
NULL,
start_time,
server,
&opt);
+ }
+#ifdef KRB4
+ if (ret == KRB5KRB_AP_ERR_V4_REPLY || ret == KRB5_KDC_UNREACH) {
+ int exit_val;
+
+ exit_val = do_v4_fallback (context, principal, ticket_life,
+ use_keytab, keytab_str,
+ passwd, sizeof(passwd));
+ memset(passwd, 0, sizeof(passwd));
+ if (exit_val == 0 || ret == KRB5KRB_AP_ERR_V4_REPLY) {
+ krb5_free_context (context);
+ return exit_val;
+ }
+ }
+#endif
+ memset(passwd, 0, sizeof(passwd));
+
switch(ret){
case 0:
break;
case KRB5_LIBOS_PWDINTR: /* don't print anything if it was just C-c:ed */
+ memset(passwd, 0, sizeof(passwd));
exit(1);
case KRB5KRB_AP_ERR_BAD_INTEGRITY:
case KRB5KRB_AP_ERR_MODIFIED:
+ memset(passwd, 0, sizeof(passwd));
krb5_errx(context, 1, "Password incorrect");
break;
default:
Home |
Main Index |
Thread Index |
Old Index