diff options
Diffstat (limited to 'src/lib/krb5/krb/conv_creds.c')
-rw-r--r-- | src/lib/krb5/krb/conv_creds.c | 236 |
1 files changed, 1 insertions, 235 deletions
diff --git a/src/lib/krb5/krb/conv_creds.c b/src/lib/krb5/krb/conv_creds.c index 68af733..b6c6108 100644 --- a/src/lib/krb5/krb/conv_creds.c +++ b/src/lib/krb5/krb/conv_creds.c @@ -27,238 +27,6 @@ #include "port-sockets.h" #include "socket-utils.h" -#if defined(KRB5_KRB4_COMPAT) || defined(_WIN32) /* yuck */ -#include "kerberosIV/krb.h" - -#ifdef USE_CCAPI -#include <CredentialsCache.h> -#endif - -#define krb524_debug krb5int_krb524_debug -int krb524_debug = 0; - -static krb5_error_code krb524_convert_creds_plain -(krb5_context context, krb5_creds *v5creds, - CREDENTIALS *v4creds); - -static int decode_v4tkt - (struct ktext *v4tkt, char *buf, unsigned int *encoded_len); - -krb5_error_code KRB5_CALLCONV -krb5_524_convert_creds(krb5_context context, krb5_creds *v5creds, - CREDENTIALS *v4creds) -{ - krb5_error_code ret; - krb5_data reply; - char *p; - struct sockaddr_storage ss; - socklen_t slen = sizeof(ss); - - ret = krb524_convert_creds_plain(context, v5creds, v4creds); - if (ret) - return ret; - - reply.data = NULL; - ret = krb5int_524_sendto_kdc(context, &v5creds->ticket, - &v5creds->server->realm, &reply, - ss2sa(&ss), &slen); - if (ret) - return ret; - -#if TARGET_OS_MAC -#ifdef USE_CCAPI - v4creds->stk_type = cc_v4_stk_des; -#endif - if (slen == sizeof(struct sockaddr_in) - && ss2sa(&ss)->sa_family == AF_INET) { - v4creds->address = ss2sin(&ss)->sin_addr.s_addr; - } - /* Otherwise, leave it set to all-zero. */ -#endif - - p = reply.data; - ret = ntohl(*((krb5_error_code *) p)); - p += sizeof(krb5_int32); - reply.length -= sizeof(krb5_int32); - if (ret) - goto fail; - - v4creds->kvno = ntohl(*((krb5_error_code *) p)); - p += sizeof(krb5_int32); - reply.length -= sizeof(krb5_int32); - ret = decode_v4tkt(&v4creds->ticket_st, p, &reply.length); - -fail: - if (reply.data) - free(reply.data); - reply.data = NULL; - return ret; -} - -static krb5_error_code -krb524_convert_creds_plain(context, v5creds, v4creds) - krb5_context context; - krb5_creds *v5creds; - CREDENTIALS *v4creds; -{ - int ret; - krb5_timestamp endtime; - char dummy[REALM_SZ]; - memset((char *) v4creds, 0, sizeof(CREDENTIALS)); - - if ((ret = krb5_524_conv_principal(context, v5creds->client, - v4creds->pname, v4creds->pinst, - dummy))) - return ret; - if ((ret = krb5_524_conv_principal(context, v5creds->server, - v4creds->service, v4creds->instance, - v4creds->realm))) - return ret; - - /* Check enctype too */ - if (v5creds->keyblock.length != sizeof(C_Block)) { - if (krb524_debug) - fprintf(stderr, "v5 session keyblock length %d != C_Block size %d\n", - v5creds->keyblock.length, - (int) sizeof(C_Block)); - return KRB524_BADKEY; - } else - memcpy(v4creds->session, (char *) v5creds->keyblock.contents, - sizeof(C_Block)); - - /* V4 has no concept of authtime or renew_till, so ignore them */ - v4creds->issue_date = v5creds->times.starttime; - v4creds->lifetime = krb5int_krb_time_to_life(v5creds->times.starttime, - v5creds->times.endtime); - endtime = krb5int_krb_life_to_time(v4creds->issue_date, - v4creds->lifetime); - /* - * Adjust start time backwards to deal with rounding up in - * krb_time_to_life(), to match code on server side. - */ - if (endtime > v5creds->times.endtime) - v4creds->issue_date -= endtime - v5creds->times.endtime; - - return 0; -} - -/* this used to be krb524/encode.c, under same copyright as above */ -/* - * I'm sure that this is reinventing the wheel, but I don't know where - * the wheel is hidden. - */ - -int encode_v4tkt (KTEXT_ST *, char *, unsigned int *); -static int encode_bytes (char **, int *, char *, unsigned int), - encode_int32 (char **, int *, krb5_int32 *); - -static int decode_bytes (char **, int *, char *, unsigned int), - decode_int32 (char **, int *, krb5_int32 *); - -static int encode_bytes(out, outlen, in, len) - char **out; - int *outlen; - char *in; - unsigned int len; -{ - if (len > *outlen) - return KRB524_ENCFULL; - memcpy(*out, in, len); - *out += len; - *outlen -= len; - return 0; -} - -static int encode_int32(out, outlen, v) - char **out; - int *outlen; - krb5_int32 *v; -{ - krb5_int32 nv; /* Must be 4 bytes */ - - nv = htonl(*v); - return encode_bytes(out, outlen, (char *) &nv, sizeof(nv)); -} - -int krb5int_encode_v4tkt(v4tkt, buf, encoded_len) - KTEXT_ST *v4tkt; - char *buf; - unsigned int *encoded_len; -{ - int buflen, ret; - krb5_int32 temp; - - buflen = *encoded_len; - - if (v4tkt->length < MAX_KTXT_LEN) - memset(v4tkt->dat + v4tkt->length, 0, - (unsigned int) (MAX_KTXT_LEN - v4tkt->length)); - temp = v4tkt->length; - if ((ret = encode_int32(&buf, &buflen, &temp))) - return ret; - if ((ret = encode_bytes(&buf, &buflen, (char *)v4tkt->dat, MAX_KTXT_LEN))) - return ret; - temp = v4tkt->mbz; - if ((ret = encode_int32(&buf, &buflen, &temp))) - return ret; - - *encoded_len -= buflen; - return 0; -} - -/* decode functions */ - -static int decode_bytes(out, outlen, in, len) - char **out; - int *outlen; - char *in; - unsigned int len; -{ - if (len > *outlen) - return KRB524_DECEMPTY; - memcpy(in, *out, len); - *out += len; - *outlen -= len; - return 0; -} - -static int decode_int32(out, outlen, v) - char **out; - int *outlen; - krb5_int32 *v; -{ - int ret; - krb5_int32 nv; /* Must be four bytes */ - - if ((ret = decode_bytes(out, outlen, (char *) &nv, sizeof(nv)))) - return ret; - *v = ntohl(nv); - return 0; -} - -static int decode_v4tkt(v4tkt, buf, encoded_len) - KTEXT_ST *v4tkt; - char *buf; - unsigned int *encoded_len; -{ - int buflen, ret; - krb5_int32 temp; - - buflen = *encoded_len; - if ((ret = decode_int32(&buf, &buflen, &temp))) - return ret; - v4tkt->length = temp; - if ((ret = decode_bytes(&buf, &buflen, (char *)v4tkt->dat, MAX_KTXT_LEN))) - return ret; - if ((ret = decode_int32(&buf, &buflen, &temp))) - return ret; - v4tkt->mbz = temp; - *encoded_len -= buflen; - return 0; -} - -#else /* no krb4 compat */ - krb5_error_code KRB5_CALLCONV krb5_524_convert_creds(krb5_context context, krb5_creds *v5creds, struct credentials *v4creds) @@ -266,8 +34,6 @@ krb5_524_convert_creds(krb5_context context, krb5_creds *v5creds, return KRB524_KRB4_DISABLED; } -#endif - /* These may be needed for object-level backwards compatibility on Mac OS and UNIX, but Windows should be okay. */ #ifndef _WIN32 @@ -285,7 +51,7 @@ krb5_error_code KRB5_CALLCONV krb524_convert_creds_kdc(krb5_context context, krb5_creds *v5creds, struct credentials *v4creds) { - return krb5_524_convert_creds(context, v5creds, v4creds); + return KRB524_KRB4_DISABLED; } void KRB5_CALLCONV krb524_init_ets () |