rxkad-ticket-cleanup-20030610

[openafs.git] / src / rxkad / ticket.c

diff --git a/src/rxkad/ticket.c b/src/rxkad/ticket.c
index 7b53628..4d4bd42 100644 (file)
--- a/src/rxkad/ticket.c
+++ b/src/rxkad/ticket.c
@@ -47,17 +47,6 @@ RCSID("$Header$");
 #include "rxkad.h"
 #endif /* defined(UKERNEL) */
 
-/* static prototypes */
-static int decode_athena_ticket (char *ticket, int ticketLen, char *name, 
-        char *inst, char *realm, afs_int32 *host, struct ktc_encryptionKey *sessionKey, 
-        afs_uint32 *start, afs_uint32 *end);
-static int assemble_athena_ticket (char *ticket, int *ticketLen, char *name, 
-        char *inst, char *realm, afs_int32 host, struct ktc_encryptionKey *sessionKey, 
-        afs_uint32 start, afs_uint32 end, char *sname, char *sinst);
-
-#define ANDREWFLAGSVALUE (0x80)
-#define TICKET_LABEL "TicketEnd"
-
 /* This union is used to insure we allocate enough space for a key
  * schedule even if we are linked against a library that uses OpenSSL's
  * larger representation.  This is necessary so we don't lose if an
@@ -74,6 +63,49 @@ union Key_schedule_safe {
   } openssl_schedule[16];
 };
  
+#define getstr(name,min) \
+    slen = strlen(ticket); \
+    if ((slen < min) || (slen >= MAXKTCNAMELEN)) return -1; \
+    strcpy (name, ticket); \
+    ticket += slen+1
+
+static int decode_athena_ticket (char *ticket, int ticketLen, char *name, 
+       char *inst, char *realm, afs_int32 *host, struct ktc_encryptionKey *sessionKey, 
+       afs_uint32 *start, afs_uint32 *end)
+{   char *ticketBeg = ticket;
+    char  flags;
+    int          slen;
+    int          tlen;
+    unsigned char  lifetime;
+    char  sname[MAXKTCNAMELEN];                /* these aren't used, */
+    char  sinst[MAXKTCNAMELEN];                /* but are in the ticket */
+
+    flags = *ticket++;
+    getstr (name, 1);
+    getstr (inst, 0);
+    getstr (realm, 0);
+
+    memcpy(host, ticket, sizeof (*host));
+    ticket += sizeof(*host);
+    *host = ktohl (flags, *host);
+
+    memcpy(sessionKey, ticket, sizeof (struct ktc_encryptionKey));
+    ticket += sizeof (struct ktc_encryptionKey);
+
+    lifetime = *ticket++;
+    memcpy(start, ticket, sizeof (*start));
+    ticket += sizeof(*start);
+    *start = ktohl (flags, *start);
+    *end = life_to_time (*start, lifetime);
+
+    getstr (sname, 1);
+    getstr (sinst, 0);
+
+    tlen = ticket - ticketBeg;
+    if ((round_up_to_ebs(tlen) != ticketLen) && (ticketLen != 56)) return -1;
+    return 0;
+}
+
 /* This is called to interpret a ticket.  It is assumed that the necessary keys
    have been added so that the key version number in the ticket will indicate a
    valid key for decrypting the ticket.  The various fields inside the ticket
@@ -87,11 +119,11 @@ int tkt_DecodeTicket (char *asecret, afs_int32 ticketLen,
 {   char          clear_ticket[MAXKTCTICKETLEN];
     char         *ticket;
     union Key_schedule_safe   schedule;
-    /* unsigned char  flags; */
     int                   code;
 
     if (ticketLen == 0) return RXKADBADTICKET; /* no ticket */
     if ((ticketLen < MINKTCTICKETLEN) || /* minimum legal ticket size */
+       (ticketLen > MAXKTCTICKETLEN) || /* maximum legal ticket size */
        ((ticketLen) % 8 != 0))         /* enc. part must be (0 mod 8) bytes */
        return RXKADBADTICKET;
 
@@ -100,32 +132,9 @@ int tkt_DecodeTicket (char *asecret, afs_int32 ticketLen,
     ticket = clear_ticket;
     pcbc_encrypt (asecret, ticket, ticketLen, schedule.schedule, key, DECRYPT);
 
-    /* flags = *ticket; */             /* get the first byte: the flags */
-#if 0
-    if (flags == ANDREWFLAGSVALUE) {
-       code = decode_andrew_ticket (ticket, ticketLen, name, inst, cell,
-                                    host, sessionKey, start, end);
-       if (code) {
-           code = decode_athena_ticket (ticket, ticketLen, name, inst, cell,
-                                        host, sessionKey, start, end);
-           flags = 0;
-       }
-    }
-    else {
-       code = decode_athena_ticket (ticket, ticketLen, name, inst, cell,
-                                    host, sessionKey, start, end);
-       if (code) {
-           code = decode_andrew_ticket (ticket, ticketLen, name, inst, cell,
-                                        host, sessionKey, start, end);
-           flags = ANDREWFLAGSVALUE;
-       }
-    }
-#else
     code = decode_athena_ticket
        (ticket, ticketLen, name, inst, cell, host, sessionKey, start, end);
-    /* flags = 0; */
 
-#endif
     if (code) return RXKADBADTICKET;
     if (tkt_CheckTimes (*start, *end, time(0)) < -1) return RXKADBADTICKET;
 
@@ -147,71 +156,6 @@ int tkt_DecodeTicket (char *asecret, afs_int32 ticketLen,
   char         *sinst;
 */
 
-int tkt_MakeTicket (char *ticket, int *ticketLen, 
-       struct ktc_encryptionKey *key, char *name, char *inst, char *cell,
-       afs_uint32 start, afs_uint32 end, struct ktc_encryptionKey *sessionKey, 
-       afs_uint32 host, char *sname, char *sinst)
-{   int                 code;
-    union Key_schedule_safe schedule;
-
-    *ticketLen = 0;                    /* in case we return early */
-    code = assemble_athena_ticket (ticket, ticketLen, name, inst, cell,
-                                  host, sessionKey, start, end, sname, sinst);
-    *ticketLen = round_up_to_ebs(*ticketLen); /* round up */
-    if (code) return -1;
-
-    /* encrypt ticket */
-    if (code = key_sched (key, schedule.schedule)) {
-        printf ("In tkt_MakeTicket: key_sched returned %d\n", code);
-        return RXKADBADKEY;
-    }
-    pcbc_encrypt (ticket, ticket, *ticketLen, schedule.schedule, key, ENCRYPT);
-    return 0;
-}
-
-#define getstr(name,min) \
-    slen = strlen(ticket); \
-    if ((slen < min) || (slen >= MAXKTCNAMELEN)) return -1; \
-    strcpy (name, ticket); \
-    ticket += slen+1
-
-static int decode_athena_ticket (char *ticket, int ticketLen, char *name, 
-       char *inst, char *realm, afs_int32 *host, struct ktc_encryptionKey *sessionKey, 
-       afs_uint32 *start, afs_uint32 *end)
-{   char *ticketBeg = ticket;
-    char  flags;
-    int          slen;
-    int          tlen;
-    unsigned char  lifetime;
-    char  sname[MAXKTCNAMELEN];                /* these aren't used, */
-    char  sinst[MAXKTCNAMELEN];                /* but are in the ticket */
-
-    flags = *ticket++;
-    getstr (name, 1);
-    getstr (inst, 0);
-    getstr (realm, 0);
-
-    memcpy(host, ticket, sizeof (*host));
-    ticket += sizeof(*host);
-    *host = ktohl (flags, *host);
-
-    memcpy(sessionKey, ticket, sizeof (struct ktc_encryptionKey));
-    ticket += sizeof (struct ktc_encryptionKey);
-
-    lifetime = *ticket++;
-    memcpy(start, ticket, sizeof (*start));
-    ticket += sizeof(*start);
-    *start = ktohl (flags, *start);
-    *end = life_to_time (*start, lifetime);
-
-    getstr (sname, 1);
-    getstr (sinst, 0);
-
-    tlen = ticket - ticketBeg;
-    if ((round_up_to_ebs(tlen) != ticketLen) && (ticketLen != 56)) return -1;
-    return 0;
-}
-
 #define putstr(name,min) \
     slen = strlen(name); \
     if ((slen < min) || (slen >= MAXKTCNAMELEN)) return -1; \
@@ -249,6 +193,28 @@ static int assemble_athena_ticket (char *ticket, int *ticketLen, char *name,
     return 0;
 }
 
+int tkt_MakeTicket (char *ticket, int *ticketLen, 
+       struct ktc_encryptionKey *key, char *name, char *inst, char *cell,
+       afs_uint32 start, afs_uint32 end, struct ktc_encryptionKey *sessionKey, 
+       afs_uint32 host, char *sname, char *sinst)
+{   int                 code;
+    union Key_schedule_safe schedule;
+
+    *ticketLen = 0;                    /* in case we return early */
+    code = assemble_athena_ticket (ticket, ticketLen, name, inst, cell,
+                                  host, sessionKey, start, end, sname, sinst);
+    *ticketLen = round_up_to_ebs(*ticketLen); /* round up */
+    if (code) return -1;
+
+    /* encrypt ticket */
+    if (code = key_sched (key, schedule.schedule)) {
+        printf ("In tkt_MakeTicket: key_sched returned %d\n", code);
+        return RXKADBADKEY;
+    }
+    pcbc_encrypt (ticket, ticket, *ticketLen, schedule.schedule, key, ENCRYPT);
+    return 0;
+}
+
 /* This is just a routine that checks the consistency of ticket lifetimes.  It
    returns three values: */
 /* -2 means the times are inconsistent or ticket has expired