aboutsummaryrefslogtreecommitdiff
path: root/src/lib/krb5/krb/conv_creds.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/krb5/krb/conv_creds.c')
-rw-r--r--src/lib/krb5/krb/conv_creds.c236
1 files changed, 1 insertions, 235 deletions
diff --git a/src/lib/krb5/krb/conv_creds.c b/src/lib/krb5/krb/conv_creds.c
index 68af733..b6c6108 100644
--- a/src/lib/krb5/krb/conv_creds.c
+++ b/src/lib/krb5/krb/conv_creds.c
@@ -27,238 +27,6 @@
#include "port-sockets.h"
#include "socket-utils.h"
-#if defined(KRB5_KRB4_COMPAT) || defined(_WIN32) /* yuck */
-#include "kerberosIV/krb.h"
-
-#ifdef USE_CCAPI
-#include <CredentialsCache.h>
-#endif
-
-#define krb524_debug krb5int_krb524_debug
-int krb524_debug = 0;
-
-static krb5_error_code krb524_convert_creds_plain
-(krb5_context context, krb5_creds *v5creds,
- CREDENTIALS *v4creds);
-
-static int decode_v4tkt
- (struct ktext *v4tkt, char *buf, unsigned int *encoded_len);
-
-krb5_error_code KRB5_CALLCONV
-krb5_524_convert_creds(krb5_context context, krb5_creds *v5creds,
- CREDENTIALS *v4creds)
-{
- krb5_error_code ret;
- krb5_data reply;
- char *p;
- struct sockaddr_storage ss;
- socklen_t slen = sizeof(ss);
-
- ret = krb524_convert_creds_plain(context, v5creds, v4creds);
- if (ret)
- return ret;
-
- reply.data = NULL;
- ret = krb5int_524_sendto_kdc(context, &v5creds->ticket,
- &v5creds->server->realm, &reply,
- ss2sa(&ss), &slen);
- if (ret)
- return ret;
-
-#if TARGET_OS_MAC
-#ifdef USE_CCAPI
- v4creds->stk_type = cc_v4_stk_des;
-#endif
- if (slen == sizeof(struct sockaddr_in)
- && ss2sa(&ss)->sa_family == AF_INET) {
- v4creds->address = ss2sin(&ss)->sin_addr.s_addr;
- }
- /* Otherwise, leave it set to all-zero. */
-#endif
-
- p = reply.data;
- ret = ntohl(*((krb5_error_code *) p));
- p += sizeof(krb5_int32);
- reply.length -= sizeof(krb5_int32);
- if (ret)
- goto fail;
-
- v4creds->kvno = ntohl(*((krb5_error_code *) p));
- p += sizeof(krb5_int32);
- reply.length -= sizeof(krb5_int32);
- ret = decode_v4tkt(&v4creds->ticket_st, p, &reply.length);
-
-fail:
- if (reply.data)
- free(reply.data);
- reply.data = NULL;
- return ret;
-}
-
-static krb5_error_code
-krb524_convert_creds_plain(context, v5creds, v4creds)
- krb5_context context;
- krb5_creds *v5creds;
- CREDENTIALS *v4creds;
-{
- int ret;
- krb5_timestamp endtime;
- char dummy[REALM_SZ];
- memset((char *) v4creds, 0, sizeof(CREDENTIALS));
-
- if ((ret = krb5_524_conv_principal(context, v5creds->client,
- v4creds->pname, v4creds->pinst,
- dummy)))
- return ret;
- if ((ret = krb5_524_conv_principal(context, v5creds->server,
- v4creds->service, v4creds->instance,
- v4creds->realm)))
- return ret;
-
- /* Check enctype too */
- if (v5creds->keyblock.length != sizeof(C_Block)) {
- if (krb524_debug)
- fprintf(stderr, "v5 session keyblock length %d != C_Block size %d\n",
- v5creds->keyblock.length,
- (int) sizeof(C_Block));
- return KRB524_BADKEY;
- } else
- memcpy(v4creds->session, (char *) v5creds->keyblock.contents,
- sizeof(C_Block));
-
- /* V4 has no concept of authtime or renew_till, so ignore them */
- v4creds->issue_date = v5creds->times.starttime;
- v4creds->lifetime = krb5int_krb_time_to_life(v5creds->times.starttime,
- v5creds->times.endtime);
- endtime = krb5int_krb_life_to_time(v4creds->issue_date,
- v4creds->lifetime);
- /*
- * Adjust start time backwards to deal with rounding up in
- * krb_time_to_life(), to match code on server side.
- */
- if (endtime > v5creds->times.endtime)
- v4creds->issue_date -= endtime - v5creds->times.endtime;
-
- return 0;
-}
-
-/* this used to be krb524/encode.c, under same copyright as above */
-/*
- * I'm sure that this is reinventing the wheel, but I don't know where
- * the wheel is hidden.
- */
-
-int encode_v4tkt (KTEXT_ST *, char *, unsigned int *);
-static int encode_bytes (char **, int *, char *, unsigned int),
- encode_int32 (char **, int *, krb5_int32 *);
-
-static int decode_bytes (char **, int *, char *, unsigned int),
- decode_int32 (char **, int *, krb5_int32 *);
-
-static int encode_bytes(out, outlen, in, len)
- char **out;
- int *outlen;
- char *in;
- unsigned int len;
-{
- if (len > *outlen)
- return KRB524_ENCFULL;
- memcpy(*out, in, len);
- *out += len;
- *outlen -= len;
- return 0;
-}
-
-static int encode_int32(out, outlen, v)
- char **out;
- int *outlen;
- krb5_int32 *v;
-{
- krb5_int32 nv; /* Must be 4 bytes */
-
- nv = htonl(*v);
- return encode_bytes(out, outlen, (char *) &nv, sizeof(nv));
-}
-
-int krb5int_encode_v4tkt(v4tkt, buf, encoded_len)
- KTEXT_ST *v4tkt;
- char *buf;
- unsigned int *encoded_len;
-{
- int buflen, ret;
- krb5_int32 temp;
-
- buflen = *encoded_len;
-
- if (v4tkt->length < MAX_KTXT_LEN)
- memset(v4tkt->dat + v4tkt->length, 0,
- (unsigned int) (MAX_KTXT_LEN - v4tkt->length));
- temp = v4tkt->length;
- if ((ret = encode_int32(&buf, &buflen, &temp)))
- return ret;
- if ((ret = encode_bytes(&buf, &buflen, (char *)v4tkt->dat, MAX_KTXT_LEN)))
- return ret;
- temp = v4tkt->mbz;
- if ((ret = encode_int32(&buf, &buflen, &temp)))
- return ret;
-
- *encoded_len -= buflen;
- return 0;
-}
-
-/* decode functions */
-
-static int decode_bytes(out, outlen, in, len)
- char **out;
- int *outlen;
- char *in;
- unsigned int len;
-{
- if (len > *outlen)
- return KRB524_DECEMPTY;
- memcpy(in, *out, len);
- *out += len;
- *outlen -= len;
- return 0;
-}
-
-static int decode_int32(out, outlen, v)
- char **out;
- int *outlen;
- krb5_int32 *v;
-{
- int ret;
- krb5_int32 nv; /* Must be four bytes */
-
- if ((ret = decode_bytes(out, outlen, (char *) &nv, sizeof(nv))))
- return ret;
- *v = ntohl(nv);
- return 0;
-}
-
-static int decode_v4tkt(v4tkt, buf, encoded_len)
- KTEXT_ST *v4tkt;
- char *buf;
- unsigned int *encoded_len;
-{
- int buflen, ret;
- krb5_int32 temp;
-
- buflen = *encoded_len;
- if ((ret = decode_int32(&buf, &buflen, &temp)))
- return ret;
- v4tkt->length = temp;
- if ((ret = decode_bytes(&buf, &buflen, (char *)v4tkt->dat, MAX_KTXT_LEN)))
- return ret;
- if ((ret = decode_int32(&buf, &buflen, &temp)))
- return ret;
- v4tkt->mbz = temp;
- *encoded_len -= buflen;
- return 0;
-}
-
-#else /* no krb4 compat */
-
krb5_error_code KRB5_CALLCONV
krb5_524_convert_creds(krb5_context context, krb5_creds *v5creds,
struct credentials *v4creds)
@@ -266,8 +34,6 @@ krb5_524_convert_creds(krb5_context context, krb5_creds *v5creds,
return KRB524_KRB4_DISABLED;
}
-#endif
-
/* These may be needed for object-level backwards compatibility on Mac
OS and UNIX, but Windows should be okay. */
#ifndef _WIN32
@@ -285,7 +51,7 @@ krb5_error_code KRB5_CALLCONV
krb524_convert_creds_kdc(krb5_context context, krb5_creds *v5creds,
struct credentials *v4creds)
{
- return krb5_524_convert_creds(context, v5creds, v4creds);
+ return KRB524_KRB4_DISABLED;
}
void KRB5_CALLCONV krb524_init_ets ()
generated by cgit v1.1 at 2024-08-04 15:41:18 +0000