Fix incorrect uses of abs()

[openafs.git] / src / kauth / krb_udp.c

diff --git a/src/kauth/krb_udp.c b/src/kauth/krb_udp.c
index 92d4444..189e313 100644 (file)
--- a/src/kauth/krb_udp.c
+++ b/src/kauth/krb_udp.c
@@ -1,7 +1,7 @@
 /*
  * Copyright 2000, International Business Machines Corporation and others.
  * All Rights Reserved.
- * 
+ *
  * This software has been released under the terms of the IBM Public
  * License.  For details, see the LICENSE file in the top-level source
  * directory or online at http://www.openafs.org/dl/license10.html
@@ -14,47 +14,39 @@
 
 #include <afsconfig.h>
 #include <afs/param.h>
+#include <afs/stds.h>
 
-RCSID
-    ("$Header$");
+#include <roken.h>
+
+#ifdef IGNORE_SOME_GCC_WARNINGS
+# pragma GCC diagnostic warning "-Wdeprecated-declarations"
+#endif
 
-#include <afs/stds.h>
-#include <sys/types.h>
-#include <errno.h>
 #ifdef AFS_NT40_ENV
-#include <winsock2.h>
 #include <afs/errmap_nt.h>
-#define snprintf _snprintf
-#else
-#include <sys/socket.h>
-#include <netdb.h>
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_STRING_H
-#include <string.h>
-#else
-#ifdef HAVE_STRINGS_H
-#include <strings.h>
 #endif
-#endif
-#include <afs/afsutil.h>
-#include <time.h>
+
+#define HC_DEPRECATED
+#include <hcrypto/des.h>
+
 #include <afs/com_err.h>
 #include <lwp.h>
-#include <des.h>
 #include <rx/xdr.h>
 #include <rx/rx.h>
 #include <rx/rxkad.h>
+#include <rx/rxkad_convert.h>
 #include <afs/auth.h>
 #include <ubik.h>
 
 #include "kauth.h"
 #include "kautils.h"
+#include "kauth_internal.h"
 #include "kaserver.h"
 #include "prot.h"              /* protocol definitions */
 #include "kaport.h"
 #include "afs/audit.h"
 #include "kalog.h"
+#include "kadatabase.h"
 
 /* my kerberos error codes */
 #define KERB_ERR_BAD_MSG_TYPE  99
@@ -66,6 +58,9 @@ RCSID
 #define        KDC_GEN_ERR     20
 #endif
 
+#ifndef AFS_NT40_ENV
+#define closesocket close
+#endif
 
 int krb_udp_debug = 0;
 
@@ -84,7 +79,6 @@ struct packet {
     char data[MAX_PKT_LEN];
 };
 
-extern struct kadstats dynamic_statistics;
 extern char *lastOperation;
 extern char lrealm[];
 
@@ -108,8 +102,8 @@ char udptgsServerPrincipal[256];
 
 int fiveminutes = 300;
 
-static
-FiveMinuteCheckLWP()
+static void *
+FiveMinuteCheckLWP(void *unused)
 {
 
     printf("start 5 min check lwp\n");
@@ -119,28 +113,21 @@ FiveMinuteCheckLWP()
        /* close the log so it can be removed */
        ReOpenLog(AFSDIR_SERVER_KALOG_FILEPATH);        /* no trunc, just append */
     }
+    return NULL;
 }
 
 
 static afs_int32
-create_cipher(cipher, cipherLen, sessionKey, sname, sinst, start, end, kvno,
-             ticket, ticketLen, key)
-     char *cipher;
-     int *cipherLen;
-     struct ktc_encryptionKey *sessionKey;
-     char *sname;
-     char *sinst;
-     Date start, end;
-     afs_int32 kvno;
-     char *ticket;
-     int ticketLen;
-     struct ktc_encryptionKey *key;
+create_cipher(char *cipher, int *cipherLen,
+             struct ktc_encryptionKey *sessionKey, char *sname,
+             char *sinst, Date start, Date end, afs_int32 kvno,
+             char *ticket, int ticketLen, struct ktc_encryptionKey *key)
 {
     char *answer;
     int slen;
     unsigned char life = time_to_life(start, end);
     int len;
-    des_key_schedule schedule;
+    DES_key_schedule schedule;
     afs_int32 code;
 
     answer = cipher;
@@ -173,9 +160,9 @@ create_cipher(cipher, cipherLen, sessionKey, sname, sinst, start, end, kvno,
        printf("\n");
     }
 
-    if (code = des_key_sched(key, schedule))
+    if ((code = DES_key_sched(ktc_to_cblock(key), &schedule)))
        printf("In KAAuthenticate: key_sched returned %d\n", code);
-    des_pcbc_encrypt(cipher, cipher, len, schedule, key, ENCRYPT);
+    DES_pcbc_encrypt(cipher, cipher, len, &schedule, ktc_to_cblockptr(key), ENCRYPT);
     *cipherLen = round_up_to_ebs(len);
 
     if (krb_udp_debug) {
@@ -187,14 +174,8 @@ create_cipher(cipher, cipherLen, sessionKey, sname, sinst, start, end, kvno,
 }
 
 static afs_int32
-create_reply(ans, name, inst, startTime, endTime, kvno, cipher, cipherLen)
-     struct packet *ans;
-     char *name;
-     char *inst;
-     Date startTime, endTime;
-     afs_int32 kvno;
-     char *cipher;
-     int cipherLen;
+create_reply(struct packet *ans, char *name, char *inst, Date startTime,
+            Date endTime, afs_int32 kvno, char *cipher, int cipherLen)
 {
     char *answer = ans->data;
     int slen;
@@ -228,24 +209,18 @@ create_reply(ans, name, inst, startTime, endTime, kvno, cipher, cipherLen)
 }
 
 static afs_int32
-check_auth(pkt, auth, authLen, key, name, inst, cell)
-     struct packet *pkt;
-     char *auth;
-     int authLen;
-     struct ktc_encryptionKey *key;
-     char *name;
-     char *inst;
-     char *cell;
+check_auth(struct packet *pkt, char *auth, int authLen,
+          struct ktc_encryptionKey *key, char *name, char *inst,
+          char *cell)
 {
     char *packet;
-    des_key_schedule schedule;
+    DES_key_schedule schedule;
     afs_int32 cksum;
-    /* unsigned char time_msec; */
     afs_int32 time_sec;
     int byteOrder = pkt->byteOrder;
 
-    des_key_sched(key, schedule);
-    des_pcbc_encrypt(auth, auth, authLen, schedule, key, DECRYPT);
+    DES_key_sched(ktc_to_cblock(key), &schedule);
+    DES_pcbc_encrypt(auth, auth, authLen, &schedule, ktc_to_cblockptr(key), DECRYPT);
     packet = auth;
     if (strcmp(packet, name) != 0)
        return KABADTICKET;
@@ -257,7 +232,8 @@ check_auth(pkt, auth, authLen, key, name, inst, cell)
        return KABADTICKET;
     packet += strlen(packet) + 1;
     getint(cksum);
-    /* time_msec = */ *(unsigned char *)packet++;
+    /* Comments in the original IBM source suggest this byte was/is "time_msec" */
+    packet++;
     getint(time_sec);
     if ((packet - auth) > authLen)
        return KABADTICKET;
@@ -265,15 +241,9 @@ check_auth(pkt, auth, authLen, key, name, inst, cell)
 }
 
 afs_int32
-UDP_Authenticate(ksoc, client, name, inst, startTime, endTime, sname, sinst)
-     int ksoc;
-     struct sockaddr_in *client;
-     char *name;
-     char *inst;
-     Date startTime;
-     Date endTime;
-     char *sname;
-     char *sinst;
+UDP_Authenticate(int ksoc, struct sockaddr_in *client, char *name,
+                char *inst, Date startTime, Date endTime, char *sname,
+                char *sinst)
 {
     struct ubik_trans *tt;
     afs_int32 to;              /* offset of block */
@@ -295,7 +265,7 @@ UDP_Authenticate(ksoc, client, name, inst, startTime, endTime, sname, sinst)
     COUNT_REQ(UAuthenticate);
     if (!name_instance_legal(name, inst))
        return KERB_ERR_NAME_EXP;       /* KABADNAME */
-    if (code = InitAuthServ(&tt, LOCKREAD, this_op))
+    if ((code = InitAuthServ(&tt, LOCKREAD, this_op)))
        return code;
 
     code = FindBlock(tt, name, inst, &to, &tentry);
@@ -324,7 +294,7 @@ UDP_Authenticate(ksoc, client, name, inst, startTime, endTime, sname, sinst)
            code = KERB_ERR_NAME_EXP;   /* XXX Could use another error code XXX */
            goto abort;
        }
-       if (abs(startTime - now) > KTC_TIME_UNCERTAINTY) {
+       if (startTime - now > KTC_TIME_UNCERTAINTY) {
            code = KERB_ERR_SERVICE_EXP;        /* was KABADREQUEST */
            goto abort;
        }
@@ -334,7 +304,8 @@ UDP_Authenticate(ksoc, client, name, inst, startTime, endTime, sname, sinst)
            afs_uint32 temp;    /* unsigned for safety */
            afs_uint32 pwexpires;
 
-           temp = ntohl(*((afs_int32 *) (tentry.misc_auth_bytes)));
+           memcpy(&temp, tentry.misc_auth_bytes, sizeof(afs_uint32));
+           temp = ntohl(temp);
            unpack_long(temp, misc_auth_bytes);
            pwexpires = misc_auth_bytes[0];
            if (pwexpires) {
@@ -349,7 +320,7 @@ UDP_Authenticate(ksoc, client, name, inst, startTime, endTime, sname, sinst)
        }
 
        /* make the ticket */
-       code = des_random_key(&sessionKey);
+       code = DES_new_random_key(ktc_to_cblock(&sessionKey));
        if (code) {
            code = KERB_ERR_NULL_KEY;   /* was KANOKEYS */
            goto abort;
@@ -400,6 +371,11 @@ UDP_Authenticate(ksoc, client, name, inst, startTime, endTime, sname, sinst)
     }
     KALOG(name, inst, sname, sinst, NULL, client->sin_addr.s_addr,
          LOG_AUTHENTICATE);
+
+    if (cipherLen != 0) {
+       KALOG(name, inst, sname, sinst, NULL, client->sin_addr.s_addr,
+             LOG_TGTREQUEST);
+    }
     osi_audit(UDPAuthenticateEvent, 0, AUD_STR, name, AUD_STR, inst, AUD_END);
     return 0;
 
@@ -414,15 +390,9 @@ UDP_Authenticate(ksoc, client, name, inst, startTime, endTime, sname, sinst)
 }
 
 afs_int32
-UDP_GetTicket(ksoc, pkt, kvno, authDomain, ticket, ticketLen, auth, authLen)
-     int ksoc;
-     struct packet *pkt;
-     afs_int32 kvno;
-     char *authDomain;
-     char *ticket;
-     int ticketLen;
-     char *auth;
-     int authLen;
+UDP_GetTicket(int ksoc, struct packet *pkt, afs_int32 kvno,
+             char *authDomain, char *ticket, int ticketLen, char *auth,
+             int authLen)
 {
     afs_int32 code;
     struct ktc_encryptionKey tgskey;
@@ -460,7 +430,7 @@ UDP_GetTicket(ksoc, pkt, kvno, authDomain, ticket, ticketLen, auth, authLen)
 
     COUNT_REQ(UGetTicket);
 
-    if (code = InitAuthServ(&tt, LOCKREAD, this_op))
+    if ((code = InitAuthServ(&tt, LOCKREAD, this_op)))
        goto fail;
     code =
        ka_LookupKvno(tt, KA_TGS_NAME,
@@ -563,7 +533,7 @@ UDP_GetTicket(ksoc, pkt, kvno, authDomain, ticket, ticketLen, auth, authLen)
     if (ntohl(server.flags) & KAFNOSEAL)
        return KABADSERVER;
 
-    code = des_random_key(&sessionKey);
+    code = DES_new_random_key(ktc_to_cblock(&sessionKey));
     if (code) {
        code = KERB_ERR_NULL_KEY;       /* was KANOKEYS */
        goto fail;
@@ -621,11 +591,7 @@ UDP_GetTicket(ksoc, pkt, kvno, authDomain, ticket, ticketLen, auth, authLen)
 }
 
 static int
-err_packet(ksoc, pkt, code, reason)
-     int ksoc;
-     struct packet *pkt;
-     afs_int32 code;
-     char *reason;
+err_packet(int ksoc, struct packet *pkt, afs_int32 code, char *reason)
 {
     struct packet ans;
     char *answer = ans.data;
@@ -678,9 +644,7 @@ err_packet(ksoc, pkt, code, reason)
 }
 
 int
-process_udp_auth(ksoc, pkt)
-     int ksoc;
-     struct packet *pkt;
+process_udp_auth(int ksoc, struct packet *pkt)
 {
     char *packet = pkt->rest;
     char name[MAXKTCNAMELEN];
@@ -736,20 +700,18 @@ process_udp_auth(ksoc, pkt)
     if (code) {
        if (code == KANOENT) {
            code = KERB_ERR_PRINCIPAL_UNKNOWN;
-           err_packet(ksoc, pkt, code, (char *)error_message(code));
+           err_packet(ksoc, pkt, code, (char *)afs_error_message(code));
        } else if (code == KAPWEXPIRED) {
            code = KERB_ERR_NAME_EXP;
            err_packet(ksoc, pkt, code, "password has expired");
        } else
-           err_packet(ksoc, pkt, code, (char *)error_message(code));
+           err_packet(ksoc, pkt, code, (char *)afs_error_message(code));
     }
     return 0;
 }
 
 int
-process_udp_appl(ksoc, pkt)
-     int ksoc;
-     struct packet *pkt;
+process_udp_appl(int ksoc, struct packet *pkt)
 {
     char *packet = pkt->rest;
     afs_int32 kvno;
@@ -785,16 +747,14 @@ process_udp_appl(ksoc, pkt)
     if (code) {
        if (code == KANOENT)
            code = KERB_ERR_PRINCIPAL_UNKNOWN;
-       err_packet(ksoc, pkt, code, (char *)error_message(code));
+       err_packet(ksoc, pkt, code, (char *)afs_error_message(code));
        return -1;
     }
     return 0;
 }
 
 void
-process_udp_request(ksoc, pkt)
-     int ksoc;
-     struct packet *pkt;
+process_udp_request(int ksoc, struct packet *pkt)
 {
     char *packet = pkt->data;
     unsigned char version, auth_msg_type;
@@ -824,14 +784,15 @@ process_udp_request(ksoc, pkt)
     return;
 }
 
-static
-SocketListener()
+static void *
+SocketListener(void *unused)
 {
     fd_set rfds;
     struct timeval tv;
     struct packet packet;
-    int fromLen;
+    socklen_t fromLen;
     afs_int32 code;
+    char hoststr[16];
 
     printf("Starting to listen for UDP packets\n");
     while (1) {
@@ -867,7 +828,7 @@ SocketListener()
            packet.len = code;
            if (krb_udp_debug) {
                printf("Kerb:udp: Got %d bytes from addr %s which are '",
-                      code, afs_inet_ntoa(packet.from.sin_addr.s_addr));
+                      code, afs_inet_ntoa_r(packet.from.sin_addr.s_addr, hoststr));
                ka_PrintBytes(packet.data, packet.len);
                printf("'\n");
            }
@@ -889,7 +850,7 @@ SocketListener()
            packet.len = code;
            if (krb_udp_debug) {
                printf("Kerb5:udp: Got %d bytes from addr %s which are '",
-                      code, afs_inet_ntoa(packet.from.sin_addr.s_addr));
+                      code, afs_inet_ntoa_r(packet.from.sin_addr.s_addr, hoststr));
                ka_PrintBytes(packet.data, packet.len);
                printf("'\n");
            }
@@ -899,24 +860,27 @@ SocketListener()
        }
     }
     if (sock_kerb >= 0) {
-       close(sock_kerb);
+       closesocket(sock_kerb);
        sock_kerb = -1;
     }
     if (sock_kerb5 >= 0) {
-       close(sock_kerb5);
+       closesocket(sock_kerb5);
        sock_kerb5 = -1;
     }
     printf("UDP SocketListener exiting due to error\n");
+
+    return NULL;
 }
 
 #if MAIN
 
 #include "AFS_component_version_number.c"
 
-main()
+int
+main(int, char **)
 #else
 afs_int32
-init_krb_udp()
+init_krb_udp(void)
 #endif
 {
     struct sockaddr_in taddr;
@@ -1067,7 +1031,7 @@ FindBlock(at, aname, ainstance, tentry)
     strcpy(tentry->userID.name, aname);
     strcpy(tentry->userID.instance, ainstance);
     tentry->key_version = htonl(17);
-    des_string_to_key("toa", &tentry->key);
+    DES_string_to_key("toa", &tentry->key);
     tentry->flags = htonl(KAFNORMAL);
     tentry->user_expiration = htonl(NEVERDATE);
     tentry->max_ticket_lifetime = htonl(MAXKTCTICKETLIFETIME);
@@ -1084,7 +1048,7 @@ ka_LookupKey(tt, name, inst, kvno, key)
 {
     printf("Calling ka_LookupKey with '%s'.'%s'\n", name, inst);
     *kvno = 23;
-    des_string_to_key("applexx", key);
+    DES_string_to_key("applexx", key);
 }
 
 static afs_int32
@@ -1097,7 +1061,7 @@ kvno_tgs_key(authDomain, kvno, tgskey)
        printf("Called with wrong %s as authDomain\n", authDomain);
     if (kvno != 23)
        printf("kvno_tgs_key: being called with wrong kvno: %d\n", kvno);
-    des_string_to_key("applexx", tgskey);
+    DES_string_to_key("applexx", tgskey);
     return 0;
 }