* CCache-glue.c: Added prototypes for deprecated functions. Made internal functions static. Removed unused CoreServices include. Changed TICKET_GRANTING_TICKET to new macro: KRB_TICKET_GRANTING_TICKET. * change_password.c: Added check of inputs to krb_change_password so we don't crash on bad inputs. Call des_string_to_key not mit_password_to_key on all platforms because we don't want to prompt for a password. * FSp-glue.c: Added prototypes for deprecated functions. Changed to use KfM's FSSpecToPOSIXPath which correctly handles FSSpecs where the file does not exist. * g_in_tkt.c: Added explanatory comments. Made TARGET_OS_MAC sections a little smaller and easier to read. * g_pw_in_tkt.c: Only prompt when we are not using the login library. This is so that Darwin builds do prompt but KfM builds don't. * g_svc_in_tkt.c, g_tkt_svc.c: Changed to use KRB_TICKET_GRANTING_TICKET. * kadm_net.c: Use autoconf variable krb5_sigtype instead of sigtype, which doesn't seem to be defined on Mac OS X. * krb4int.h, RealmsConfig-glue.c: Removed krb_get_stk(). * rd_req.c: Added #ifdef KRB4_USE_KEYTAB to avoid unused variable warning when KRB4_USE_KEYTAB is not defined. * sendauth.c: Fixed warnings with casts

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15254 dc483132-0cff-0310-8789-dd5450dbe970
author: Alexandra Ellwood <lxs@mit.edu> 2003-03-06 20:52:43 +0000
committer: Alexandra Ellwood <lxs@mit.edu> 2003-03-06 20:52:43 +0000
commit: b61af2a8c8f563ea61a05af61e7de2981f28be5b (patch)
tree: 70d39f0e259b480dfe437a52b9e529ed73f1c8ae
parent: d9e959edfa8da7cab3bde96c9c4ca39beaf8db69 (diff)
download: krb5-b61af2a8c8f563ea61a05af61e7de2981f28be5b.zip
krb5-b61af2a8c8f563ea61a05af61e7de2981f28be5b.tar.gz
krb5-b61af2a8c8f563ea61a05af61e7de2981f28be5b.tar.bz2
13 files changed, 94 insertions, 145 deletions
diff --git a/src/lib/krb4/CCache-glue.c b/src/lib/krb4/CCache-glue.c
index 05cb905..3a58537 100644
--- a/src/lib/krb4/CCache-glue.c
+++ b/src/lib/krb4/CCache-glue.c
@@ -8,10 +8,8 @@
  */
 
 
-#include <CoreServices/CoreServices.h>
 #include "krb.h"
 #include "krb4int.h"
-#include "prot.h"
 
 #if !defined (USE_CCAPI) || !USE_CCAPI
 #error "Cannot use CCache glue without the CCAPI!"
@@ -25,8 +23,19 @@
 #include <string.h>
 #include <stdlib.h>
  
-void
-UpdateDefaultCache (void);
+/*
+ * The following functions are part of the KfM ABI.  
+ * They are deprecated, so they only appear here, not in krb.h.
+ *
+ * Do not change the ABI of these functions!
+ */
+int KRB5_CALLCONV krb_get_num_cred(void);
+int KRB5_CALLCONV krb_get_nth_cred(char *, char *, char *, int);
+int KRB5_CALLCONV krb_delete_cred(char *, char *,char *);
+int KRB5_CALLCONV dest_all_tkts(void);
+ 
+/* Internal functions */
+static void UpdateDefaultCache (void);
 
 /* 
  * The way Kerberos v4 normally works is that at any given point in time there is a
@@ -317,7 +326,7 @@ krb_get_cred (
 		
 #ifdef USE_LOGIN_LIBRARY
 	// If we are requesting a tgt, prompt for it
-	if (strncmp (service, TICKET_GRANTING_TICKET, ANAME_SZ) == 0) {
+	if (strncmp (service, KRB_TICKET_GRANTING_TICKET, ANAME_SZ) == 0) {
 		OSStatus	err;
 		char		*cacheName;
 		KLPrincipal	defaultPrincipal = nil;
@@ -450,7 +459,7 @@ tkt_string (void)
  * Synchronize default cache for this process with system default cache
  */
  
-void
+static void
 UpdateDefaultCache (void)
 {
 	cc_string_t 	name;
diff --git a/src/lib/krb4/ChangeLog b/src/lib/krb4/ChangeLog
index 0be2392..9c53ca1 100644
--- a/src/lib/krb4/ChangeLog
+++ b/src/lib/krb4/ChangeLog
@@ -1,3 +1,37 @@
+2003-03-06  Alexandra Ellwood  <lxs@mit.edu>
+
+    * CCache-glue.c: Added prototypes for deprecated functions.
+    Made internal functions static.  Removed unused CoreServices
+    include.  Changed TICKET_GRANTING_TICKET to new macro:
+    KRB_TICKET_GRANTING_TICKET.
+    
+    * change_password.c: Added check of inputs to krb_change_password
+    so we don't crash on bad inputs.  Call des_string_to_key not
+    mit_password_to_key on all platforms because we don't want to 
+    prompt for a password.
+    
+    * FSp-glue.c: Added prototypes for deprecated functions.  Changed to
+    use KfM's FSSpecToPOSIXPath which correctly handles FSSpecs where
+    the file does not exist.
+    
+    * g_in_tkt.c: Added explanatory comments.  Made TARGET_OS_MAC sections
+    a little smaller and easier to read.
+    
+    * g_pw_in_tkt.c: Only prompt when we are not using the login library.
+    This is so that Darwin builds do prompt but KfM builds don't.
+    
+    * g_svc_in_tkt.c, g_tkt_svc.c: Changed to use KRB_TICKET_GRANTING_TICKET.
+    
+    * kadm_net.c:  Use autoconf variable krb5_sigtype instead of sigtype, 
+    which doesn't seem to be defined on Mac OS X.
+
+    * krb4int.h, RealmsConfig-glue.c: Removed krb_get_stk().
+    
+    * rd_req.c: Added #ifdef KRB4_USE_KEYTAB to avoid unused variable warning
+    when KRB4_USE_KEYTAB is not defined.
+    
+    * sendauth.c: Fixed warnings with casts. 
+
 2003-03-04  Ken Raeburn  <raeburn@mit.edu>
 
 	* password_to_key.c (mit_passwd_to_key, afs_passwd_to_key):
diff --git a/src/lib/krb4/FSp-glue.c b/src/lib/krb4/FSp-glue.c
index f8d6be1..7bf0e7b 100644
--- a/src/lib/krb4/FSp-glue.c
+++ b/src/lib/krb4/FSp-glue.c
@@ -31,12 +31,18 @@
 #include <stdio.h>
 #include <string.h>
 
-#if TARGET_OS_MAC && defined(__FILES__)
-
-#include <CoreServices/CoreServices.h>
+#include <Kerberos/FSpUtils.h>
+/* 
+ * These functions are compiled in for ABI compatibility with older versions of KfM.
+ * They are deprecated so they do not appear in the KfM headers anymore.
+ * 
+ * Do not change their ABIs!
+ */
+int KRB5_CALLCONV FSp_krb_get_svc_in_tkt (char *, char *, char *, char *, char *, int, const FSSpec *);
+int KRB5_CALLCONV FSp_put_svc_key (const FSSpec *, char *, char *, char *, int, char *);
+int KRB5_CALLCONV FSp_read_service_key (char *, char *, char *, int, const FSSpec*, char *);
 
-static int FSp_srvtab_to_key(char *, char *, char *, char *, C_Block);
-static OSStatus FSSpec2Path (FSSpec *spec, char **path, int pathLen);
+static int FSp_srvtab_to_key (char *, char *, char *, char *, C_Block);
 
 int KRB5_CALLCONV
 FSp_read_service_key(
@@ -50,7 +56,7 @@ FSp_read_service_key(
     int retval = KFAILURE;
     char file [MAXPATHLEN];
     if (filespec != NULL) {
-        if (FSSpec2Path (filespec, &file, sizeof(file)) != noErr) {
+        if (FSSpecToPOSIXPath (filespec, file, sizeof(file)) != noErr) {
             return retval;
         }
     }
@@ -74,7 +80,7 @@ FSp_put_svc_key(
     char sfile[MAXPATHLEN];
 
     if (sfilespec != NULL) {
-        if (FSSpec2Path (sfilespec, &sfile, sizeof(sfile)) != noErr) {
+        if (FSSpecToPOSIXPath (sfilespec, sfile, sizeof(sfile)) != noErr) {
             return retval;
         }
     }
@@ -104,32 +110,3 @@ static int FSp_srvtab_to_key(char *user, char *instance, char *realm,
     return FSp_read_service_key(user, instance, realm, 0,
 				(FSSpec *)srvtab, (char *)key);
 }
-
-static OSStatus FSSpec2Path (FSSpec *spec, char **path, int pathLen)
-{
-    OSStatus err = noErr;
-    FSRef ref;
-    
-    /* check parameters */
-    if (path == NULL) err = paramErr;
-    
-    /* convert the FSSpec to an FSRef */
-    if (err == noErr) {
-        FSRefParam pb;
-        
-        pb.ioVRefNum = spec->vRefNum;
-        pb.ioDirID = spec->parID;
-        pb.ioNamePtr = (StringPtr) spec->name;
-        pb.newRef = &ref;
-        err = PBMakeFSRefSync(&pb);
-    }
-    
-    /* and then convert the FSRef to a path */
-    if (err == noErr) {
-        err = FSRefMakePath (&ref, path, pathLen);
-    }
-    
-    return err;
-}
-
-#endif
diff --git a/src/lib/krb4/RealmsConfig-glue.c b/src/lib/krb4/RealmsConfig-glue.c
index fe2c01b..52437ee 100644
--- a/src/lib/krb4/RealmsConfig-glue.c
+++ b/src/lib/krb4/RealmsConfig-glue.c
@@ -33,19 +33,12 @@
 #include <stdio.h>
 #include <ctype.h>
 #include <errno.h>
-#if TARGET_OS_MAC
-#include <CoreServices/CoreServices.h>
-#endif
 
 #include "profile.h"
 #include "krb.h"
 #include "krb4int.h"
 #include "port-sockets.h"
 
-#ifdef USE_CCAPI
-#include <CredentialsCache.h>
-#endif
-
 #define KRB5_PRIVATE 1
 /* For krb5_get_default_config_files and krb5_free_config_files */
 #include "krb5.h"
@@ -478,75 +471,6 @@ krb_get_krbhst(
     return result;
 }
 
-#ifdef USE_CCAPI
-/*
- * Realm -> string_to_key mapping
- */
-int
-krb_get_stk(
-    KRB_UINT32	*type,
-    char	*realm)
-{
-    long	profErr = 0;
-    const char	*names[] = {REALMS_V4_PROF_REALMS_SECTION, NULL,
-			    REALMS_V4_PROF_STK, NULL};
-    profile_t	profile = NULL;
-    void	*iter = NULL;
-    char	*name = NULL;
-    char	*value = NULL;
-    int		found = 0;
-
-    names[1] = realm;
-
-    profErr = krb_get_profile(&profile);
-    if (profErr) {
-	goto cleanup;
-    }
-
-    profErr = profile_iterator_create(profile, names,
-				      PROFILE_ITER_RELATIONS_ONLY, &iter);
-    if (profErr) {
-	goto cleanup;
-    }
-
-    profErr = profile_iterator(&iter, &name, &value);
-    if (profErr) {
-	goto cleanup;
-    }
-
-    if (name != NULL) {
-	if (!strncmp(value, REALMS_V4_MIT_STK, strlen(REALMS_V4_MIT_STK))) {
-	    *type = cc_v4_stk_des;
-	    found = 1;
-	} else if (!strncmp(value, REALMS_V4_AFS_STK,
-			    strlen(REALMS_V4_AFS_STK))) {
-	    *type = cc_v4_stk_afs;
-	    found = 1;
-	} else if (!strncmp(value, REALMS_V4_COLUMBIA_STK,
-			    strlen(REALMS_V4_COLUMBIA_STK))) {
-	    *type = cc_v4_stk_columbia_special;
-	    found = 1;
-	}
-    }
-
-cleanup:
-    if (name != NULL)
-	profile_release_string(name);
-    if (value != NULL)
-	profile_release_string(value);
-    if (iter != NULL)
-	profile_iterator_free(&iter);
-    if (profile != NULL)
-	profile_abandon(profile);
-
-    /* If this fails, we just rely on autodetecting the realm */
-    if (!found) {
-	*type = cc_v4_stk_unknown;
-    }
-    return KSUCCESS;
-}
-#endif /* USE_CCAPI */
-
 /*
  * Hostname -> realm name mapping
  *
diff --git a/src/lib/krb4/change_password.c b/src/lib/krb4/change_password.c
index 2dfff24..a6e4d7b 100644
--- a/src/lib/krb4/change_password.c
+++ b/src/lib/krb4/change_password.c
@@ -54,6 +54,13 @@ krb_change_password(char *principal, char *instance, char *realm,
     u_char	*p;
 
     err = 0;
+    
+    /* Check inputs: */
+    if (principal == NULL || instance == NULL || realm == NULL ||
+        oldPassword == NULL || newPassword == NULL) {
+        return KFAILURE;
+    }
+    
     /*
      * Get tickets to change the old password and shove them in the
      * client_parm
@@ -64,12 +71,10 @@ krb_change_password(char *principal, char *instance, char *realm,
     if (err != KSUCCESS)
 	goto cleanup;
 
-#if TARGET_OS_MAC
     /* Now create the key to send to the server */
-    mit_passwd_to_key(principal, instance, realm, newPassword, key);
-#else
-    des_string_to_key(newPassword, key); /* XXX check this! */
-#endif
+    /* Use this and not mit_password_to_key so that we don't prompt */
+    des_string_to_key(newPassword, key);
+
     /* Create the link to the server */
     err = kadm_init_link(PWSERV_NAME, KRB_MASTER, realm, &client_parm, 1);
     if (err != KADM_SUCCESS)
diff --git a/src/lib/krb4/g_in_tkt.c b/src/lib/krb4/g_in_tkt.c
index a00ee47..4d5286a 100644
--- a/src/lib/krb4/g_in_tkt.c
+++ b/src/lib/krb4/g_in_tkt.c
@@ -48,8 +48,7 @@ typedef int (*decrypt_tkt_type) (char *, char *, char *, char *,
 
 static int decrypt_tkt(char *, char *, char *, char *, key_proc_type, KTEXT *);
 static int krb_mk_in_tkt_preauth(char *, char *, char *, char *, char *,
-				 int, char *, int, KTEXT, int *,
-				 struct sockaddr_in *);
+				 int, char *, int, KTEXT, int *, struct sockaddr_in *);			
 static int krb_parse_in_tkt_creds(char *, char *, char *, char *, char *,
 				  int, KTEXT, int, CREDENTIALS *);
 
@@ -434,8 +433,10 @@ krb_get_in_tkt_preauth_creds(user, instance, realm, service, sinstance, life,
                     service, sinstance, life, cip, byteorder, creds);
     } while ((keyprocs [++i] != NULL) && (kerror == INTK_BADPW));
 
-    if (laddrp != NULL)
-	*laddrp = local_addr.sin_addr.s_addr;
+    /* Fill in the local address if the caller wants it */
+    if (laddrp != NULL) {
+        *laddrp = local_addr.sin_addr.s_addr;
+    }
 
     /* stomp stomp stomp */
     memset(cip->dat, 0, (size_t)cip->length);
@@ -456,17 +457,16 @@ krb_get_in_tkt_creds(user, instance, realm, service, sinstance, life,
     char *arg;
     CREDENTIALS *creds;
 {
-#if TARGET_OS_MAC /* XXX */
-    return krb_get_in_tkt_preauth_creds(user, instance, realm,
-					service, sinstance, life,
-					key_proc, decrypt_proc, arg,
-					NULL, 0, creds, &creds.address);
+#if TARGET_OS_MAC
+    KRB_UINT32 *laddrp = &creds->address;
 #else
+    KRB_UINT32 *laddrp = NULL; /* Only the Mac stores the address */
+#endif
+    
     return krb_get_in_tkt_preauth_creds(user, instance, realm,
 					service, sinstance, life,
 					key_proc, decrypt_proc, arg,
-					NULL, 0, creds, NULL);
-#endif
+					NULL, 0, creds, laddrp);
 }
 
 int KRB5_CALLCONV
diff --git a/src/lib/krb4/g_pw_in_tkt.c b/src/lib/krb4/g_pw_in_tkt.c
index 54f97ff..494a059 100644
--- a/src/lib/krb4/g_pw_in_tkt.c
+++ b/src/lib/krb4/g_pw_in_tkt.c
@@ -116,7 +116,7 @@ krb_get_pw_in_tkt(user,instance,realm,service,sinstance,life,password)
     int life;
     char *password;
 {
-#if defined(_WIN32) || defined(macintosh)
+#if defined(_WIN32) || (defined(USE_LOGIN_LIBRARY) && USE_LOGIN_LIBRARY)
     /* In spite of the comments above, we don't allow that path here,
        to simplify coding the non-UNIX clients. The only code that now
        depends on this behavior is the preauth support, which has a
@@ -173,7 +173,7 @@ krb_get_pw_in_tkt_preauth(user,instance,realm,service,sinstance,life,password)
     key_proc_type *keyprocs = krb_get_keyprocs (NULL);
     int            i = 0;
     
-#if defined(_WIN32) || USE_LOGIN_LIBRARY
+#if defined(_WIN32) || (defined(USE_LOGIN_LIBRARY) && USE_LOGIN_LIBRARY)
    /* On non-Unix systems, we can't handle a null password, because
       passwd_to_key can't handle prompting for the password.  */
     if (password == 0)
diff --git a/src/lib/krb4/g_svc_in_tkt.c b/src/lib/krb4/g_svc_in_tkt.c
index 7b15f62..7ed4efd 100644
--- a/src/lib/krb4/g_svc_in_tkt.c
+++ b/src/lib/krb4/g_svc_in_tkt.c
@@ -131,7 +131,7 @@ krb_svc_init(user,instance,realm,lifetime,srvtab_file,tkt_file)
 	krb_set_tkt_string(tkt_file);
 
     return krb_get_svc_in_tkt(user,instance,realm,
-			      "krbtgt",realm,lifetime,srvtab_file);
+			      KRB_TICKET_GRANTING_TICKET,realm,lifetime,srvtab_file);
 }
 
 
@@ -148,5 +148,5 @@ krb_svc_init_preauth(user,instance,realm,lifetime,srvtab_file,tkt_file)
         krb_set_tkt_string(tkt_file);
  
     return krb_get_svc_in_tkt_preauth(user,instance,realm,
-                              	      "krbtgt",realm,lifetime,srvtab_file);
+                              	      KRB_TICKET_GRANTING_TICKET,realm,lifetime,srvtab_file);
 }
diff --git a/src/lib/krb4/g_tkt_svc.c b/src/lib/krb4/g_tkt_svc.c
index f62571f..a164517 100644
--- a/src/lib/krb4/g_tkt_svc.c
+++ b/src/lib/krb4/g_tkt_svc.c
@@ -142,7 +142,7 @@ krb_get_ticket_for_service (serviceName, buf, buflen, checksum, sessionKey,
  	   FIXME gnu - I think this is a bug.  We should allow direct
  	   authentication to the desired realm, regardless of what the "local"
  	   realm is.   I fixed it.   FIXME -- not quite right.   */
- 	err = krb_get_cred ("krbtgt", realm, lrealm, &cr);
+ 	err = krb_get_cred (KRB_TICKET_GRANTING_TICKET, realm, lrealm, &cr);
  	if (err) 
  		return err;
 
diff --git a/src/lib/krb4/kadm_net.c b/src/lib/krb4/kadm_net.c
index 2ea4f37..189f04f 100644
--- a/src/lib/krb4/kadm_net.c
+++ b/src/lib/krb4/kadm_net.c
@@ -54,7 +54,7 @@
 static void clear_secrets(des_cblock sess_key, Key_schedule sess_sched);
 /* XXX FIXME! */
 #ifdef SIGPIPE
-static sigtype (*opipe)();
+static krb5_sigtype (*opipe)();
 #endif
 
 /*
diff --git a/src/lib/krb4/krb4int.h b/src/lib/krb4/krb4int.h
index 9857b4c..e513cfe 100644
--- a/src/lib/krb4/krb4int.h
+++ b/src/lib/krb4/krb4int.h
@@ -56,8 +56,7 @@ int k_gethostname(char *, int);
 int krb_get_in_tkt_preauth_creds(char *, char *, char *,
 				 char *, char *, int,
 				 key_proc_type, decrypt_tkt_type,
-				 char *, char *, int, CREDENTIALS *,
-				 KRB_UINT32 *);
+				 char *, char *, int, CREDENTIALS *, KRB_UINT32 *);
 
 /* klog.c */
 void kset_logfile(char *);
@@ -107,7 +106,6 @@ int krb_set_default_user (char *);
 
 /* RealmConfig-glue.c */
 int krb_get_kpasswdhst(char *, char *, int);
-int krb_get_stk(KRB_UINT32 *type, char *realm);
 
 /* err_txt.c */
 void krb4int_et_init(void);
diff --git a/src/lib/krb4/rd_req.c b/src/lib/krb4/rd_req.c
index 1b8de0c..92faf0c 100644
--- a/src/lib/krb4/rd_req.c
+++ b/src/lib/krb4/rd_req.c
@@ -466,7 +466,9 @@ krb_rd_req(authent, service, instance, from_addr, ad, fn)
     unsigned char s_kvno;
     char realm[REALM_SZ];
     unsigned char skey[KKEY_SZ];
+#ifdef KRB4_USE_KEYTAB
     krb5_keyblock keyblock;
+#endif
     int len;
     int status;
 
diff --git a/src/lib/krb4/sendauth.c b/src/lib/krb4/sendauth.c
index d4ae44e..8372944 100644
--- a/src/lib/krb4/sendauth.c
+++ b/src/lib/krb4/sendauth.c
@@ -135,7 +135,7 @@ krb_net_rd_sendauth (fd, reply, raw_len)
 
     /* get the length of the reply */
   reread:
-    got = krb_net_read(fd, raw_len, sizeof(KRB4_32));
+    got = krb_net_read(fd, (char *)raw_len, sizeof(KRB4_32));
     if (got != sizeof(KRB4_32))
 	return KFAILURE;
 
@@ -240,7 +240,7 @@ krb_sendauth(options, fd, ticket, service, inst, realm, checksum,
 	    return(cc);
 
 	/* Get the reply out of the socket.  */
-	cc = krb_net_rd_sendauth (fd, packet, (char *)&raw_tkt_len);
+	cc = krb_net_rd_sendauth (fd, packet, &raw_tkt_len);
 	if (cc != KSUCCESS)
 	    return cc;
author	Alexandra Ellwood <lxs@mit.edu>	2003-03-06 20:52:43 +0000
committer	Alexandra Ellwood <lxs@mit.edu>	2003-03-06 20:52:43 +0000
commit	b61af2a8c8f563ea61a05af61e7de2981f28be5b (patch)
tree	70d39f0e259b480dfe437a52b9e529ed73f1c8ae
parent	d9e959edfa8da7cab3bde96c9c4ca39beaf8db69 (diff)
download	krb5-b61af2a8c8f563ea61a05af61e7de2981f28be5b.zip krb5-b61af2a8c8f563ea61a05af61e7de2981f28be5b.tar.gz krb5-b61af2a8c8f563ea61a05af61e7de2981f28be5b.tar.bz2