home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!snorkelwacker.mit.edu!bloom-picayune.mit.edu!senator-bedfellow.mit.edu!athena.mit.edu!jik
- From: jik@athena.mit.edu (Jonathan I. Kamens)
- Newsgroups: comp.protocols.kerberos
- Subject: Some patches to V5 B2
- Date: 6 Nov 1992 00:49:40 GMT
- Organization: Massachusetts Institute of Technology
- Lines: 334
- Message-ID: <JIK.92Nov5194939@pit-manager.mit.edu>
- NNTP-Posting-Host: pit-manager.mit.edu
-
-
- The patches below, prepared by Barry Jaspan <bjaspan@mit.edu> and me,
- do the following:
-
- include/kerberosIV/Imakefile:
- Create the file, which installs header files in
- $(KRB5_INCDIR)/kerberosIV.
-
- include/Imakefile:
- Descend into the kerberosIV subdirectory.
-
- lib/krb425/rd_req.c:
- 1) Prepend "FILE:" to the name of the srvtab file name before
- passing it to V5 routines.
- 2) Correctly extract the aname, instance and realm from the V5
- ticket for the V4 ticket.
-
- lib/krb425/get_cred.c:
- 1) Correctly extract the aname and instance from the V5
- ticket.
- 2) Correctly extract the service aname and instance from the
- V5 server ticket.
-
- lib/des/Imakefile:
- Add "depend" dependencies for the .c and .h files that are
- machine-generated.
-
- lib/Imakefile:
- Install the krb425 and des425 libraries.
-
- kdc/do_as_req.c:
- Print more useful error messages.
-
- kdc/policy.c:
- "#ifdef 0" should be "#if 0".
-
- kadmin/kpasswd/kpasswd.c:
- Fix a stupid error that was causing an "out of memory" error
- unnecessarily.
-
- config-files/services.append:
- Add this file.
-
- Jonathan Kamens jik@MIT.Edu
- Geer Zolot Associates Moderator, news.answers
-
- *** /dev/null Thu Nov 5 17:17:21 1992
- --- include/kerberosIV/Imakefile Thu Nov 5 14:49:18 1992
- ***************
- *** 0 ****
- --- 1,9 ----
- + KRB4_HEADERS=krb.h des.h kadm.h mit-copyright.h
- +
- + all::
- +
- + clean::
- +
- + depend::
- +
- + Krb5InstallHeaders($(KRB4_HEADERS),$(KRB5_INCDIR)/kerberosIV)
- *** 5.3 1991/06/06 09:35:05
- --- include/Imakefile 1992/11/04 20:52:25
- ***************
- *** 25,30 ****
- #define IHaveSubdirs
- #define PassCDebugFlags
-
- ! SUBDIRS=krb5
-
- MakeSubdirs($(SUBDIRS))
- --- 25,30 ----
- #define IHaveSubdirs
- #define PassCDebugFlags
-
- ! SUBDIRS=krb5 kerberosIV
-
- MakeSubdirs($(SUBDIRS))
- *** 5.9 1992/08/21 03:16:54
- --- lib/krb425/rd_req.c 1992/11/05 23:45:21
- ***************
- *** 27,36 ****
-
- #if !defined(lint) && !defined(SABER)
- static char rcsid_rd_req_c[] =
- "$Id: rd_req.c,v 5.9 1992/08/21 03:16:54 jfc Exp $";
- #endif /* !lint & !SABER */
-
- #include "krb425.h"
-
- static krb5_error_code
- setkey_key_proc(DECLARG(krb5_pointer,arg),
- --- 27,37 ----
-
- #if !defined(lint) && !defined(SABER)
- static char rcsid_rd_req_c[] =
- "$Id: rd_req.c,v 5.9 1992/08/21 03:16:54 jfc Exp $";
- #endif /* !lint & !SABER */
-
- #include "krb425.h"
- + #include <sys/param.h>
-
- static krb5_error_code
- setkey_key_proc(DECLARG(krb5_pointer,arg),
- ***************
- *** 62,67 ****
- --- 63,70 ----
- krb5_data authe;
- extern int gethostname();
- int use_set_key = 0;
- + char file_name[MAXPATHLEN+5]; /* 5 for "FILE:" */
- + int tmp;
-
- if (from_addr) {
- peer.addrtype = ADDRTYPE_INET;
- ***************
- *** 108,115 ****
- if (!fn) {
- use_set_key = 1;
- fn = (char *)0;
- ! } else if (!*fn)
- ! fn = (char *)0;
-
- #ifdef EBUG
- EPRINT "Calling krb5_rd_req with:\n");
- --- 111,124 ----
- if (!fn) {
- use_set_key = 1;
- fn = (char *)0;
- ! } else if (!*fn) {
- ! fn = (char *)0;
- ! } else {
- ! strcpy(file_name, "FILE:");
- ! strncpy(file_name + 5, fn, MAXPATHLEN);
- ! file_name[sizeof(file_name)-1] = '\0';
- ! fn = file_name;
- ! }
-
- #ifdef EBUG
- EPRINT "Calling krb5_rd_req with:\n");
- ***************
- *** 175,185 ****
- r = 0;
- #endif
- set_string(ad->pname, ANAME_SZ,
- - krb5_princ_component(authdat->authenticator->client, 1));
- - set_string(ad->pinst, INST_SZ,
- - krb5_princ_component(authdat->authenticator->client, 2));
- - set_string(ad->prealm, REALM_SZ,
- krb5_princ_component(authdat->authenticator->client, 0));
-
- ad->checksum = *(long *)authdat->authenticator->checksum->contents;
-
- --- 184,202 ----
- r = 0;
- #endif
- set_string(ad->pname, ANAME_SZ,
- krb5_princ_component(authdat->authenticator->client, 0));
- +
- + if (authdat->authenticator->client->length > 1) {
- + set_string(ad->pinst, INST_SZ,
- + krb5_princ_component(authdat->authenticator->client,
- + 1));
- + }
- + else {
- + ad->pinst[0] = '\0';
- + }
- +
- + set_string(ad->prealm, REALM_SZ,
- + krb5_princ_realm(authdat->authenticator->client));
-
- ad->checksum = *(long *)authdat->authenticator->checksum->contents;
-
- *** 5.7 1992/08/21 03:17:43
- --- lib/krb425/get_cred.c 1992/11/05 23:21:11
- ***************
- *** 93,104 ****
- }
- }
- #endif
- ! set_string(c->pname, ANAME_SZ, krb5_princ_component(creds.client, 1));
- ! set_string(c->pinst, INST_SZ, krb5_princ_component(creds.client, 2));
- !
- set_string(c->realm, REALM_SZ, krb5_princ_realm(creds.server));
- ! set_string(c->service, REALM_SZ, krb5_princ_component(creds.server, 1));
- ! set_string(c->instance, REALM_SZ, krb5_princ_component(creds.server, 2));
-
- c->ticket_st.length = creds.ticket.length;
- memcpy((char *)c->ticket_st.dat,
- --- 93,108 ----
- }
- }
- #endif
- ! set_string(c->pname, ANAME_SZ, krb5_princ_component(creds.client, 0));
- ! if (creds.client->length > 1) {
- ! set_string(c->pinst, INST_SZ, krb5_princ_component(creds.client, 1));
- ! }
- ! else {
- ! c->pinst[0] = '\0';
- ! }
- set_string(c->realm, REALM_SZ, krb5_princ_realm(creds.server));
- ! set_string(c->service, REALM_SZ, krb5_princ_component(creds.server, 0));
- ! set_string(c->instance, REALM_SZ, krb5_princ_component(creds.server, 1));
-
- c->ticket_st.length = creds.ticket.length;
- memcpy((char *)c->ticket_st.dat,
- *** 5.24 1992/08/21 02:59:25
- --- lib/des/Imakefile 1992/11/05 23:26:20
- ***************
- *** 128,130 ****
- --- 128,134 ----
- ./make_st s_table.h
-
- NormalLintTarget($(SRCS))
- +
- + depend:: key_perm.h odd.h p_table.h s_table.h
- +
- + depend:: fp.c ip.c p.c
- *** 5.28 1992/08/21 03:21:29
- --- lib/Imakefile 1992/11/05 23:26:41
- ***************
- *** 121,126 ****
- --- 121,128 ----
-
- Krb5InstallLibrary(krb5,$(KRB5_LIBDIR))
- Krb5InstallLibrary($(DESLIB),$(KRB5_LIBDIR))
- + Krb5InstallLibrary(krb425,$(KRB5_LIBDIR))
- + Krb5InstallLibrary(des425,$(KRB5_LIBDIR))
-
- SharedLibraryTarget(kdb5,-L$(KRB5_LIBDIR) -Lshared $(LDLOCATIONS) -lkrb5 -l$(DESLIB) $(ISODELIB) -lcom_err)
- /* SharedLibraryTarget(des425,-L$(KRB5_LIBDIR) -Lshared $(LDLOCATIONS) -l$(DESLIB)) */
- *** 5.32 1992/09/30 14:06:19
- --- kdc/do_as_req.c 1992/11/04 22:36:04
- ***************
- *** 548,556 ****
- krb5_error errpkt;
- krb5_error_code retval;
- krb5_data *scratch;
-
- ! syslog(LOG_INFO, "AS_REQ: %s while processing request",
- ! error_message(error+KRB5KDC_ERR_NONE));
-
- errpkt.ctime = request->nonce;
- errpkt.cusec = 0;
- --- 548,581 ----
- krb5_error errpkt;
- krb5_error_code retval;
- krb5_data *scratch;
- + char unparse_failed = 0, *cname = 0, *sname = 0;
-
- ! if (retval = krb5_unparse_name(request->client, &cname)) {
- ! syslog(LOG_INFO, "AS_REQ: %s while unparsing client name for error",
- ! error_message(retval));
- ! unparse_failed = 1;
- ! }
- ! if (retval = krb5_unparse_name(request->server, &sname)) {
- ! syslog(LOG_INFO, "AS_REQ: %s while unparsing server name for error",
- ! error_message(retval));
- ! unparse_failed = 2;
- ! }
- !
- ! if (!unparse_failed)
- ! syslog(LOG_INFO, "AS_REQ: %s while processing request from %s for %s",
- ! error_message(error+KRB5KDC_ERR_NONE), cname, sname);
- ! else
- ! syslog(LOG_INFO, "AS_REQ: %s while processing request",
- ! error_message(error+KRB5KDC_ERR_NONE));
- !
- ! switch (unparse_failed) {
- ! case 0:
- ! free(sname);
- ! case 2:
- ! free(cname);
- ! case 1:
- ! break;
- ! }
-
- errpkt.ctime = request->nonce;
- errpkt.cusec = 0;
- *** 5.6 1992/09/30 14:08:14
- --- kdc/policy.c 1992/11/05 23:34:37
- ***************
- *** 58,64 ****
- krb5_ticket *ticket;
- char **status;
- {
- ! #ifdef 0
- /*
- * For example, if your site wants to disallow ticket forwarding,
- * you might do something like this:
- --- 58,64 ----
- krb5_ticket *ticket;
- char **status;
- {
- ! #if 0
- /*
- * For example, if your site wants to disallow ticket forwarding,
- * you might do something like this:
- *** /dev/null Thu Nov 5 17:17:21 1992
- --- config-files/services.append Wed Nov 4 16:24:37 1992
- ***************
- *** 0 ****
- --- 1,13 ----
- + klogin 543/tcp # Kerberos authenticated rlogin
- + kerberos 88/udp kdc # Kerberos authentication--udp
- + kerberos 88/tcp kdc # Kerberos authentication--tcp
- + kerberos-sec 750/udp # Kerberos authentication--udp
- + kerberos-sec 750/tcp # Kerberos authentication--tcp
- + kerberos_master 751/udp # Kerberos authentication
- + kerberos_master 751/tcp # Kerberos authentication
- + kerberos_adm 752/tcp # Kerberos 5 admin/changepw
- + passwd_server 752/udp # Kerberos passwd server
- + kpop 1109/tcp # Pop with Kerberos
- + kshell 544/tcp cmd # and remote shell
- + eklogin 2105/tcp # Kerberos encrypted rlogin
- + krb_prop 754/tcp # Kerberos slave propagation
- *** 5.1 1992/09/30 14:33:37
- --- kadmin/kpasswd/kpasswd.c 1992/11/04 22:37:42
- ***************
- *** 150,156 ****
- arg = &arg2;
- }
- my_keyblock = (krb5_keyblock *)malloc(sizeof(**key));
- ! if (!*key) {
- if (f_salt) xfree(salt.data);
- if (arg != (struct v4_pwd_keyproc_arg *) keyseed)
- memset((char *) arg->password.data, 0, arg->password.length);
- --- 150,156 ----
- arg = &arg2;
- }
- my_keyblock = (krb5_keyblock *)malloc(sizeof(**key));
- ! if (!my_keyblock) {
- if (f_salt) xfree(salt.data);
- if (arg != (struct v4_pwd_keyproc_arg *) keyseed)
- memset((char *) arg->password.data, 0, arg->password.length);
-
