#include <stdio.h>
#include <pwd.h>
-#if 0
#include <afs/com_err.h>
-#endif
#include <afs/auth.h>
#include <afs/afsutil.h>
#include <afs/cellconfig.h>
#define USING_HEIMDAL 1
#endif
-#ifndef USING_HEIMDAL
-extern krb5_cc_ops krb5_mcc_ops;
-#endif
-
#include "assert.h"
-
+#include "skipwrap.h"
/* This code borrowed heavily from the previous version of log. Here is the
intro comment for that program: */
struct ktc_principal *aclient,
int *vicep)
{
- int scIndex;
+ rx_securityIndex scIndex;
int code;
int i;
struct ubik_client *ptconn = 0;
memset(lnames, 0, sizeof *lnames);
memset(lids, 0, sizeof *lids);
- scIndex = 2;
+ scIndex = RX_SECIDX_KAD;
sc = rxkad_NewClientSecurityObject(rxkad_auth,
&atoken->sessionKey, atoken->kvno,
atoken->ticketLen, atoken->ticket);
{
krb5_error_code code;
int i, type;
-#ifndef USING_HEIMDAL
+#if !defined(USING_HEIMDAL) && defined(HAVE_KRB5_GET_PROMPT_TYPES)
krb5_prompt_type *types;
#endif
struct kp_arg *kparg = (struct kp_arg *) a;
code = krb5_prompter_posix(context, a, name, banner, num_prompts, prompts);
if (code) return code;
-#ifndef USING_HEIMDAL
+#if !defined(USING_HEIMDAL) && defined(HAVE_KRB5_GET_PROMPT_TYPES)
if ((types = krb5_get_prompt_types(context)))
#endif
for (i = 0; i < num_prompts; ++i) {
-#ifdef USING_HEIMDAL
+#if !defined(USING_HEIMDAL)
+#if defined(HAVE_KRB5_GET_PROMPT_TYPES)
+ type = types[i];
+#elif defined(HAVE_KRB5_PROMPT_TYPE)
type = prompts[i].type;
#else
- type = types[i];
+ /* AIX 5.3 krb5_get_prompt_types is missing. Um... */
+ type = ((i == 1)&&(num_prompts == 2)) ?
+ KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN : KRB5_PROMPT_TYPE_PASSWORD;
+#endif
+#else
+ type = prompts[i].type;
#endif
#if 0
- printf ("i%d t%d <%.*s>\n", i,
-type,
-prompts[i].reply->length,
-prompts[i].reply->data);
+ printf ("i%d t%d <%.*s>\n", i, type, prompts[i].reply->length,
+ prompts[i].reply->data);
#endif
switch(type) {
case KRB5_PROMPT_TYPE_PASSWORD:
krb5_principal princ = 0;
char *cell, *pname, **hrealms, *service;
char service_temp[MAXKTCREALMLEN + 20];
- char realm[MAXKTCREALMLEN];
- char lrealm[MAXKTCREALMLEN]; /* uppercase copy of local cellname */
krb5_creds incred[1], mcred[1], *outcred = 0, *afscred;
krb5_ccache cc = 0;
krb5_get_init_creds_opt gic_opts[1];
- char *tofree, *outname;
+ char *tofree = NULL, *outname;
int code;
char *what;
int i, dosetpag, evil, noprdb, id;
time_t lifetime; /* requested ticket lifetime */
krb5_prompter_fct pf = NULL;
char *pass = 0;
- char *pa = 0;
+ void *pa = 0;
struct kp_arg klog_arg[1];
char passwd[BUFSIZ];
static int Pipe = 0; /* reading from a pipe */
static int Silent = 0; /* Don't want error messages */
- int local; /* explicit cell is same a local one */
int writeTicketFile = 0; /* write ticket file to /tmp */
- char *reason; /* string describing errors */
-
service = 0;
memset(incred, 0, sizeof *incred);
/* blow away command line arguments */
Silent = (as->parms[aSILENT].items ? 1 : 0);
if (Silent) {
- set_com_err_hook(silent_errors);
+ afs_set_com_err_hook(silent_errors);
}
if ((code = krb5_init_context(&k5context))) {
- com_err(rn, code, "while initializing Kerberos 5 library");
+ afs_com_err(rn, code, "while initializing Kerberos 5 library");
KLOGEXIT(code);
}
if ((code = rx_Init(0))) {
- com_err(rn, code, "while initializing rx");
+ afs_com_err(rn, code, "while initializing rx");
KLOGEXIT(code);
}
initialize_U_error_table();
- initialize_krb5_error_table();
+ /*initialize_krb5_error_table();*/
initialize_RXK_error_table();
initialize_KTC_error_table();
initialize_ACFG_error_table();
/* initialize_rx_error_table(); */
if (!(tdir = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH))) {
- com_err(rn, 0, "can't get afs configuration (afsconf_Open(%s))",
- rn, AFSDIR_CLIENT_ETC_DIRPATH);
+ afs_com_err(rn, 0, "can't get afs configuration (afsconf_Open(%s))",
+ AFSDIR_CLIENT_ETC_DIRPATH);
KLOGEXIT(1);
}
+ /*
+ * Enable DES enctypes, which are currently still required for AFS.
+ * krb5_allow_weak_crypto is MIT Kerberos 1.8. krb5_enctype_enable is
+ * Heimdal.
+ */
+#if defined(HAVE_KRB5_ALLOW_WEAK_CRYPTO)
+ krb5_allow_weak_crypto(k5context, 1);
+#elif defined(HAVE_KRB5_ENCTYPE_ENABLE)
+ i = krb5_enctype_valid(k5context, ETYPE_DES_CBC_CRC);
+ if (i)
+ krb5_enctype_enable(k5context, ETYPE_DES_CBC_CRC);
+#endif
+
/* Parse remaining arguments. */
dosetpag = !! as->parms[aSETPAG].items;
authtype |= env_afs_rxk5_default();
#endif
- cell = as->parms[aCELL].items ? cell = as->parms[aCELL].items->data : 0;
+ cell = as->parms[aCELL].items ? as->parms[aCELL].items->data : 0;
if ((code = afsconf_GetCellInfo(tdir, cell, "afsprot", cellconfig))) {
if (cell)
- com_err(rn, code, "Can't get cell information for '%s'", cell);
+ afs_com_err(rn, code, "Can't get cell information for '%s'", cell);
else
- com_err(rn, code, "Can't get determine local cell!");
+ afs_com_err(rn, code, "Can't get determine local cell!");
KLOGEXIT(code);
}
if (as->parms[aKRBREALM].items) {
code = krb5_set_default_realm(k5context,
- (const char *) as->parms[aKRBREALM].items);
+ as->parms[aKRBREALM].items->data);
if (code) {
- com_err(rn, code, "Can't make <%s> the default realm",
- as->parms[aKRBREALM].items);
+ afs_com_err(rn, code, "Can't make <%s> the default realm",
+ as->parms[aKRBREALM].items->data);
KLOGEXIT(code);
}
}
else if ((code = krb5_get_host_realm(k5context, cellconfig->hostName[0], &hrealms))) {
- com_err(rn, code, "Can't get realm for host <%s> in cell <%s>\n",
+ afs_com_err(rn, code, "Can't get realm for host <%s> in cell <%s>\n",
cellconfig->hostName[0], cellconfig->name);
KLOGEXIT(code);
} else {
code = krb5_set_default_realm(k5context,
*hrealms);
if (code) {
- com_err(rn, code, "Can't make <%s> the default realm",
+ afs_com_err(rn, code, "Can't make <%s> the default realm",
*hrealms);
KLOGEXIT(code);
}
struct passwd *pw;
pw = getpwuid(id);
if (pw == 0) {
- com_err(rn, 0,
+ afs_com_err(rn, 0,
"Can't figure out your name from your user id (%d).", id);
if (!Silent)
fprintf(stderr, "%s: Try providing the user name.\n", rn);
}
code = krb5_parse_name(k5context, pname, &princ);
if (code) {
- com_err(rn, code, "Can't parse principal <%s>", pname);
+ afs_com_err(rn, code, "Can't parse principal <%s>", pname);
KLOGEXIT(code);
}
if (krb5_get_default_realm(k5context, &r))
r = 0;
if (service)
- com_err(rn, code, "Unable to authenticate to use %s", service);
+ afs_com_err(rn, code, "Unable to authenticate to use %s", service);
else if (r)
- com_err(rn, code, "Unable to authenticate in realm %s", r);
+ afs_com_err(rn, code, "Unable to authenticate in realm %s", r);
else
- com_err(rn, code, "Unable to authenticate to use cell %s",
+ afs_com_err(rn, code, "Unable to authenticate to use cell %s",
cellconfig->name);
if (r) free(r);
KLOGEXIT(code);
what = "getting default ccache";
code = krb5_cc_default(k5context, &cc);
} else {
- what = "krb5_cc_register";
- code = krb5_cc_register(k5context, &krb5_mcc_ops, FALSE);
- if (code && code != KRB5_CC_TYPE_EXISTS) goto Failed;
what = "krb5_cc_resolve";
code = krb5_cc_resolve(k5context, "MEMORY:core", &cc);
if (code) goto Failed;
break;
Failed:
if (code)
- com_err(rn, code, what);
+ afs_com_err(rn, code, "%s", what);
if (writeTicketFile) {
if (cc) {
krb5_cc_close(k5context, cc);
mcred->client = princ;
code = krb5_parse_name(k5context, service, &mcred->server);
if (code) {
- com_err(rn, code, "Unable to parse service <%s>\n", service);
+ afs_com_err(rn, code, "Unable to parse service <%s>\n", service);
KLOGEXIT(code);
}
if (tofree) { free(tofree); tofree = 0; }
afscred = outcred;
}
if (code) {
- com_err(rn, code, "Unable to get credentials to use %s", outname);
+ afs_com_err(rn, code, "Unable to get credentials to use %s", outname);
KLOGEXIT(code);
}
strncpy(aserver->cell, cellconfig->name, MAXKTCREALMLEN-1);
code = ktc_SetK5Token(k5context, aserver, afscred, viceid, dosetpag);
if (code) {
- com_err(rn, code, "Unable to store tokens for cell %s\n",
+ afs_com_err(rn, code, "Unable to store tokens for cell %s\n",
cellconfig->name);
KLOGEXIT(1);
}
memset(atoken, 0, sizeof *atoken);
if (evil) {
+ size_t elen = enc_part->length;
atoken->kvno = RXKAD_TKT_TYPE_KERBEROS_V5_ENCPART_ONLY;
if (afs_krb5_skip_ticket_wrapper(afscred->ticket.data,
afscred->ticket.length, &enc_part->data,
- &enc_part->length)) {
- com_err(rn, 0, "Can't unwrap %s AFS credential",
+ &elen)) {
+ afs_com_err(rn, 0, "Can't unwrap %s AFS credential",
cellconfig->name);
KLOGEXIT(1);
}
k5_to_k4_name(k5context, afscred->client, aclient);
code = whoami(atoken, cellconfig, aclient, &viceid);
if (code) {
- com_err(rn, code, "Can't get your viceid", cellconfig->name);
+ afs_com_err(rn, code, "Can't get your viceid for cell %s", cellconfig->name);
*aclient->name = 0;
} else
snprintf(aclient->name, MAXKTCNAMELEN-1, "AFS ID %d", viceid);
k5_to_k4_name(k5context, afscred->client, aclient);
code = ktc_SetToken(aserver, atoken, aclient, dosetpag);
if (code) {
- com_err(rn, code, "Unable to store tokens for cell %s\n",
+ afs_com_err(rn, code, "Unable to store tokens for cell %s\n",
cellconfig->name);
KLOGEXIT(1);
}
git://git.openafs.org / openafs.git / blobdiff