Line
Link Here
|
0 |
-- src/kdc/dispatch.c (revision 20192) |
0 |
++ src/kdc/dispatch.c (working copy) |
Lines 1-7
Link Here
|
1 |
/* |
1 |
/* |
2 |
* kdc/dispatch.c |
2 |
* kdc/dispatch.c |
3 |
* |
3 |
* |
4 |
* Copyright 1990 by the Massachusetts Institute of Technology. |
4 |
* Copyright 1990, 2007 by the Massachusetts Institute of Technology. |
5 |
* |
5 |
* |
6 |
* Export of this software from the United States of America may |
6 |
* Export of this software from the United States of America may |
7 |
* require a specific license from the United States Government. |
7 |
* require a specific license from the United States Government. |
Lines 107-113
Link Here
|
107 |
retval = KRB5KRB_AP_ERR_MSG_TYPE; |
107 |
retval = KRB5KRB_AP_ERR_MSG_TYPE; |
108 |
#ifndef NOCACHE |
108 |
#ifndef NOCACHE |
109 |
/* put the response into the lookaside buffer */ |
109 |
/* put the response into the lookaside buffer */ |
110 |
if (!retval) |
110 |
if (!retval && *response != NULL) |
111 |
#endif |
111 |
#endif |
112 |
|
112 |
|
113 |
-- src/kdc/kerberos_v4.c (revision 20192) |
113 |
++ src/kdc/kerberos_v4.c (working copy) |
Lines 1-7
Link Here
|
1 |
/* |
1 |
/* |
2 |
* kdc/kerberos_v4.c |
2 |
* kdc/kerberos_v4.c |
3 |
* |
3 |
* |
4 |
* Copyright 1985, 1986, 1987, 1988,1991 by the Massachusetts Institute |
4 |
* Copyright 1985, 1986, 1987, 1988,1991,2007 by the Massachusetts Institute |
5 |
* of Technology. |
5 |
* of Technology. |
6 |
* All Rights Reserved. |
6 |
* All Rights Reserved. |
7 |
* |
7 |
* |
Lines 87-97
Link Here
|
87 |
#define MSB_FIRST 0 /* 68000, IBM RT/PC */ |
87 |
#define MSB_FIRST 0 /* 68000, IBM RT/PC */ |
88 |
#define LSB_FIRST 1 /* Vax, PC8086 */ |
88 |
#define LSB_FIRST 1 /* Vax, PC8086 */ |
89 |
|
89 |
|
90 |
int f; |
|
|
91 |
|
92 |
/* XXX several files in libkdb know about this */ |
93 |
char *progname; |
94 |
|
95 |
#ifndef BACKWARD_COMPAT |
90 |
#ifndef BACKWARD_COMPAT |
96 |
static Key_schedule master_key_schedule; |
91 |
static Key_schedule master_key_schedule; |
97 |
static C_Block master_key; |
92 |
static C_Block master_key; |
Lines 143-152
Link Here
|
143 |
#include "com_err.h" |
138 |
#include "com_err.h" |
144 |
#include "extern.h" /* to pick up master_princ */ |
139 |
#include "extern.h" /* to pick up master_princ */ |
145 |
|
140 |
|
146 |
static krb5_data *response; |
141 |
static krb5_data *kerberos_v4 (struct sockaddr_in *, KTEXT); |
147 |
|
142 |
static krb5_data *kerb_err_reply (struct sockaddr_in *, KTEXT, long, char *); |
148 |
void kerberos_v4 (struct sockaddr_in *, KTEXT); |
|
|
149 |
void kerb_err_reply (struct sockaddr_in *, KTEXT, long, char *); |
150 |
static int set_tgtkey (char *, krb5_kvno, krb5_boolean); |
143 |
static int set_tgtkey (char *, krb5_kvno, krb5_boolean); |
151 |
|
144 |
|
152 |
/* Attributes converted from V5 to V4 - internal representation */ |
145 |
/* Attributes converted from V5 to V4 - internal representation */ |
Lines 262-273
Link Here
|
262 |
(void) klog(L_KRB_PERR, "V4 request too long."); |
255 |
(void) klog(L_KRB_PERR, "V4 request too long."); |
263 |
return KRB5KRB_ERR_FIELD_TOOLONG; |
256 |
return KRB5KRB_ERR_FIELD_TOOLONG; |
264 |
} |
257 |
} |
|
|
258 |
memset( &v4_pkt, 0, sizeof(v4_pkt)); |
265 |
v4_pkt.length = pkt->length; |
259 |
v4_pkt.length = pkt->length; |
266 |
v4_pkt.mbz = 0; |
260 |
v4_pkt.mbz = 0; |
267 |
memcpy( v4_pkt.dat, pkt->data, pkt->length); |
261 |
memcpy( v4_pkt.dat, pkt->data, pkt->length); |
268 |
|
262 |
|
269 |
kerberos_v4( &client_sockaddr, &v4_pkt); |
263 |
*resp = kerberos_v4( &client_sockaddr, &v4_pkt); |
270 |
*resp = response; |
|
|
271 |
return(retval); |
264 |
return(retval); |
272 |
} |
265 |
} |
273 |
|
266 |
|
Lines 300-318
Link Here
|
300 |
} |
293 |
} |
301 |
|
294 |
|
302 |
static |
295 |
static |
303 |
int krb4_sendto(int s, const char *msg, int len, int flags, |
296 |
krb5_data *make_response(const char *msg, int len) |
304 |
const struct sockaddr *to, int to_len) |
|
|
305 |
{ |
297 |
{ |
|
|
298 |
krb5_data *response; |
299 |
|
306 |
if ( !(response = (krb5_data *) malloc( sizeof *response))) { |
300 |
if ( !(response = (krb5_data *) malloc( sizeof *response))) { |
307 |
return ENOMEM; |
301 |
return 0; |
308 |
} |
302 |
} |
309 |
if ( !(response->data = (char *) malloc( len))) { |
303 |
if ( !(response->data = (char *) malloc( len))) { |
310 |
return ENOMEM; |
304 |
return 0; |
311 |
} |
305 |
} |
312 |
response->length = len; |
306 |
response->length = len; |
313 |
memcpy( response->data, msg, len); |
307 |
memcpy( response->data, msg, len); |
314 |
return( 0); |
308 |
return response; |
315 |
} |
309 |
} |
316 |
static void |
310 |
static void |
317 |
hang(void) |
311 |
hang(void) |
Lines 586-592
Link Here
|
586 |
*cp = 0; |
580 |
*cp = 0; |
587 |
} |
581 |
} |
588 |
|
582 |
|
589 |
void |
583 |
static krb5_data * |
590 |
kerberos_v4(struct sockaddr_in *client, KTEXT pkt) |
584 |
kerberos_v4(struct sockaddr_in *client, KTEXT pkt) |
591 |
{ |
585 |
{ |
592 |
static KTEXT_ST rpkt_st; |
586 |
static KTEXT_ST rpkt_st; |
Lines 599-606
Link Here
|
599 |
KTEXT auth = &auth_st; |
593 |
KTEXT auth = &auth_st; |
600 |
AUTH_DAT ad_st; |
594 |
AUTH_DAT ad_st; |
601 |
AUTH_DAT *ad = &ad_st; |
595 |
AUTH_DAT *ad = &ad_st; |
|
|
596 |
krb5_data *response = 0; |
602 |
|
597 |
|
603 |
|
|
|
604 |
static struct in_addr client_host; |
598 |
static struct in_addr client_host; |
605 |
static int msg_byte_order; |
599 |
static int msg_byte_order; |
606 |
static int swap_bytes; |
600 |
static int swap_bytes; |
Lines 637-644
Link Here
|
637 |
kerb_err_reply(client, pkt, KERB_ERR_PKT_VER, lt); |
631 |
return kerb_err_reply(client, pkt, KERB_ERR_PKT_VER, lt); |
638 |
return; |
|
|
639 |
} |
632 |
} |
640 |
|
633 |
|
641 |
/* check packet version */ |
634 |
/* check packet version */ |
Lines 648-655
Link Here
|
648 |
kerb_err_reply(client, pkt, KERB_ERR_PKT_VER, lt); |
641 |
return kerb_err_reply(client, pkt, KERB_ERR_PKT_VER, lt); |
649 |
return; |
|
|
650 |
} |
642 |
} |
651 |
msg_byte_order = req_msg_type & 1; |
643 |
msg_byte_order = req_msg_type & 1; |
652 |
|
644 |
|
Lines 707-716
Link Here
|
707 |
|
699 |
|
708 |
kerb_err_reply(client, pkt, i, "check_princ failed"); |
700 |
response = kerb_err_reply(client, pkt, i, "check_princ failed"); |
709 |
return; |
701 |
return response; |
Lines 722-732
Link Here
|
722 |
kerb_err_reply(client, pkt, i, "check_princ failed"); |
714 |
response = kerb_err_reply(client, pkt, i, "check_princ failed"); |
723 |
return; |
715 |
return response; |
Lines 797-804
Link Here
|
797 |
krb4_sendto(f, (char *) rpkt->dat, rpkt->length, 0, |
789 |
response = make_response((char *) rpkt->dat, rpkt->length); |
798 |
(struct sockaddr *) client, sizeof (struct sockaddr_in)); |
|
|
Lines 824-832
Link Here
|
824 |
kerb_err_reply(client, pkt, RD_AP_INCON, |
815 |
return kerb_err_reply(client, pkt, RD_AP_INCON, |
825 |
"realm length too long"); |
816 |
"realm length too long"); |
826 |
return; |
|
|
827 |
|
817 |
|
Lines 835-843
Link Here
|
835 |
kerb_err_reply(client, pkt, RD_AP_INCON, |
825 |
return kerb_err_reply(client, pkt, RD_AP_INCON, |
836 |
"funky tkt or req_id length"); |
826 |
"funky tkt or req_id length"); |
837 |
return; |
|
|
838 |
|
827 |
|
Lines 848-865
Link Here
|
848 |
kerb_err_reply(client, pkt, |
837 |
return kerb_err_reply(client, pkt, |
849 |
KERB_ERR_PRINCIPAL_UNKNOWN, lt); |
838 |
KERB_ERR_PRINCIPAL_UNKNOWN, lt); |
850 |
return; |
|
|
851 |
lt = klog(L_ERR_UNK, |
839 |
lt = klog(L_ERR_UNK, |
852 |
kerb_err_reply(client, pkt, |
840 |
return kerb_err_reply(client, pkt, |
853 |
KERB_ERR_PRINCIPAL_UNKNOWN, lt); |
841 |
KERB_ERR_PRINCIPAL_UNKNOWN, lt); |
854 |
return; |
|
|
Lines 869-877
Link Here
|
869 |
kerb_err_reply(client, pkt, |
856 |
return kerb_err_reply(client, pkt, |
870 |
KERB_ERR_PRINCIPAL_UNKNOWN, lt); |
857 |
KERB_ERR_PRINCIPAL_UNKNOWN, lt); |
871 |
return; |
|
|
Lines 881-888
Link Here
|
881 |
kerb_err_reply(client, pkt, kerno, "krb_rd_req failed"); |
867 |
return kerb_err_reply(client, pkt, kerno, "krb_rd_req failed"); |
882 |
return; |
|
|
883 |
|
868 |
|
Lines 904-925
Link Here
|
904 |
|
889 |
|
905 |
kerb_err_reply(client, pkt, KERB_ERR_PRINCIPAL_UNKNOWN, |
890 |
return kerb_err_reply(client, pkt, KERB_ERR_PRINCIPAL_UNKNOWN, |
906 |
"Can't hop realms"); |
891 |
"Can't hop realms"); |
907 |
return; |
|
|
908 |
kerb_err_reply(client, pkt, KERB_ERR_PRINCIPAL_UNKNOWN, |
892 |
return kerb_err_reply(client, pkt, KERB_ERR_PRINCIPAL_UNKNOWN, |
909 |
"Can't authorize password changed based on TGT"); |
893 |
"Can't authorize password changed based on TGT"); |
910 |
return; |
|
|
911 |
kerb_err_reply(client, pkt, kerno, "check_princ failed"); |
894 |
response = kerb_err_reply(client, pkt, kerno, |
|
|
895 |
"check_princ failed"); |
912 |
return; |
896 |
return response; |
Lines 975-982
Link Here
|
975 |
krb4_sendto(f, (char *) rpkt->dat, rpkt->length, 0, |
959 |
response = make_response((char *) rpkt->dat, rpkt->length); |
976 |
(struct sockaddr *) client, sizeof (struct sockaddr_in)); |
|
|
Lines 1001-1006
Link Here
|
1001 |
} |
984 |
} |
|
|
985 |
return response; |
1002 |
} |
986 |
} |
1003 |
|
987 |
|
1004 |
|
988 |
|
Lines 1010-1016
Link Here
|
1010 |
* client. |
994 |
* client. |
1011 |
*/ |
995 |
*/ |
1012 |
|
996 |
|
1013 |
void |
997 |
static krb5_data * |
1014 |
kerb_err_reply(struct sockaddr_in *client, KTEXT pkt, long int err, char *string) |
998 |
kerb_err_reply(struct sockaddr_in *client, KTEXT pkt, long int err, char *string) |
1015 |
{ |
999 |
{ |
1016 |
static KTEXT_ST e_pkt_st; |
1000 |
static KTEXT_ST e_pkt_st; |
Lines 1021-1029
Link Here
|
1021 |
strncat(e_msg, string, sizeof(e_msg) - 1 - 19); |
1005 |
strncat(e_msg, string, sizeof(e_msg) - 1 - 19); |
1022 |
cr_err_reply(e_pkt, req_name_ptr, req_inst_ptr, req_realm_ptr, |
1006 |
cr_err_reply(e_pkt, req_name_ptr, req_inst_ptr, req_realm_ptr, |
1023 |
krb4_sendto(f, (char *) e_pkt->dat, e_pkt->length, 0, |
1007 |
return make_response((char *) e_pkt->dat, e_pkt->length); |
1024 |
(struct sockaddr *) client, sizeof (struct sockaddr_in)); |
|
|
1025 |
|
1026 |
} |
1008 |
} |
1027 |
|
1009 |
|
1028 |
static int |
1010 |
static int |
1029 |
-- src/kdc/network.c (revision 20192) |
1011 |
++ src/kdc/network.c (working copy) |
Lines 1-7
Link Here
|
1 |
/* |
1 |
/* |
2 |
* kdc/network.c |
2 |
* kdc/network.c |
3 |
* |
3 |
* |
4 |
* Copyright 1990,2000 by the Massachusetts Institute of Technology. |
4 |
* Copyright 1990,2000,2007 by the Massachusetts Institute of Technology. |
5 |
* |
5 |
* |
6 |
* Export of this software from the United States of America may |
6 |
* Export of this software from the United States of America may |
7 |
* require a specific license from the United States Government. |
7 |
* require a specific license from the United States Government. |
Lines 747-752
Link Here
|
747 |
com_err(prog, retval, "while dispatching (udp)"); |
747 |
com_err(prog, retval, "while dispatching (udp)"); |
748 |
return; |
748 |
return; |
749 |
} |
749 |
} |
|
|
750 |
if (response == NULL) |
751 |
return; |
750 |
cc = sendto(port_fd, response->data, (socklen_t) response->length, 0, |
752 |
cc = sendto(port_fd, response->data, (socklen_t) response->length, 0, |
751 |
(struct sockaddr *)&saddr, saddr_len); |
753 |
(struct sockaddr *)&saddr, saddr_len); |
752 |
if (cc == -1) { |
754 |
if (cc == -1) { |