* directory or online at http://www.openafs.org/dl/license10.html
*/
+#include <afsconfig.h>
#if defined(UKERNEL)
-#include "../afs/param.h"
-#include "../afs/sysincludes.h"
-#include "../afs/afsincludes.h"
-#include "../afs/stds.h"
-#include "../rx/xdr.h"
-#include "../rx/rx.h"
-#include "../des/des.h"
-#include "../afs/lifetimes.h"
-#include "../afs/rxkad.h"
-#else /* defined(UKERNEL) */
+#include "afs/param.h"
+#else
#include <afs/param.h>
+#endif
+
+RCSID("$Header$");
+
+#if defined(UKERNEL)
+#include "afs/sysincludes.h"
+#include "afsincludes.h"
+#include "afs/stds.h"
+#include "rx/xdr.h"
+#include "rx/rx.h"
+#include "des/des.h"
+#include "rxkad/lifetimes.h"
+#include "rx/rxkad.h"
+#else /* defined(UKERNEL) */
#include <afs/stds.h>
#include <sys/types.h>
#ifdef AFS_NT40_ENV
#else
#include <netinet/in.h>
#endif
+#ifdef HAVE_STRING_H
+#include <string.h>
+#else
+#ifdef HAVE_STRINGS_H
+#include <strings.h>
+#endif
+#endif
#include <rx/xdr.h>
#include <rx/rx.h>
#include <des.h>
#include "rxkad.h"
#endif /* defined(UKERNEL) */
-
-extern afs_int32 ktohl();
-extern afs_uint32 life_to_time();
-extern unsigned char time_to_life();
-
-static int decode_athena_ticket();
-static int assemble_athena_ticket();
+/* static prototypes */
+static int decode_athena_ticket (char *ticket, int ticketLen, char *name,
+ char *inst, char *realm, afs_int32 *host, struct ktc_encryptionKey *sessionKey,
+ afs_uint32 *start, afs_uint32 *end);
+static int assemble_athena_ticket (char *ticket, int *ticketLen, char *name,
+ char *inst, char *realm, afs_int32 host, struct ktc_encryptionKey *sessionKey,
+ afs_uint32 start, afs_uint32 end, char *sname, char *sinst);
#define ANDREWFLAGSVALUE (0x80)
#define TICKET_LABEL "TicketEnd"
+/* This union is used to insure we allocate enough space for a key
+ * schedule even if we are linked against a library that uses OpenSSL's
+ * larger representation. This is necessary so we don't lose if an
+ * application uses both rxkad and openssl.
+ */
+union Key_schedule_safe {
+ Key_schedule schedule;
+ struct {
+ union {
+ char cblock[8];
+ long deslong[2];
+ } ks;
+ int weak_key;
+ } openssl_schedule[16];
+};
+
/* This is called to interpret a ticket. It is assumed that the necessary keys
have been added so that the key version number in the ticket will indicate a
valid key for decrypting the ticket. The various fields inside the ticket
interpreting the ticket and the values of the output parameters are
undefined. */
-int tkt_DecodeTicket (asecret, ticketLen, key,
- name, inst, cell, sessionKey, host, start, end)
- char *asecret;
- afs_int32 ticketLen;
- struct ktc_encryptionKey *key;
- char *name;
- char *inst;
- char *cell;
- char *sessionKey;
- afs_int32 *host;
- afs_int32 *start;
- afs_int32 *end;
+int tkt_DecodeTicket (char *asecret, afs_int32 ticketLen,
+ struct ktc_encryptionKey *key, char *name, char *inst, char *cell,
+ char *sessionKey, afs_int32 *host, afs_int32 *start, afs_int32 *end)
{ char clear_ticket[MAXKTCTICKETLEN];
char *ticket;
- Key_schedule schedule;
+ union Key_schedule_safe schedule;
/* unsigned char flags; */
int code;
((ticketLen) % 8 != 0)) /* enc. part must be (0 mod 8) bytes */
return RXKADBADTICKET;
- if (key_sched (key, schedule)) return RXKADBADKEY;
+ if (key_sched (key, schedule.schedule)) return RXKADBADKEY;
ticket = clear_ticket;
- pcbc_encrypt (asecret, ticket, ticketLen, schedule, key, DECRYPT);
+ pcbc_encrypt (asecret, ticket, ticketLen, schedule.schedule, key, DECRYPT);
/* flags = *ticket; */ /* get the first byte: the flags */
#if 0
}
/* This makes a Kerberos ticket */
-
-int tkt_MakeTicket (ticket, ticketLen, key, name, inst, cell,
- start, end, sessionKey, host, sname, sinst)
- char *ticket; /* ticket is constructed here */
- int *ticketLen; /* output length of finished ticket */
- struct ktc_encryptionKey *key; /* key ticket should be sealed with */
- char *name; /* user of this ticket */
+/*
+ char *ticket; * ticket is constructed here *
+ int *ticketLen; * output length of finished ticket *
+ struct ktc_encryptionKey *key; * key ticket should be sealed with *
+ char *name; * user of this ticket *
char *inst;
- char *cell; /* cell of authentication */
- afs_uint32 start,end; /* life of ticket */
- struct ktc_encryptionKey *sessionKey; /* session key invented for ticket */
- afs_uint32 host; /* caller's host address */
- char *sname; /* server */
+ char *cell; * cell of authentication *
+ afs_uint32 start,end; * life of ticket *
+ struct ktc_encryptionKey *sessionKey; * session key invented for ticket *
+ afs_uint32 host; * caller's host address *
+ char *sname; * server *
char *sinst;
+*/
+
+int tkt_MakeTicket (char *ticket, int *ticketLen,
+ struct ktc_encryptionKey *key, char *name, char *inst, char *cell,
+ afs_uint32 start, afs_uint32 end, struct ktc_encryptionKey *sessionKey,
+ afs_uint32 host, char *sname, char *sinst)
{ int code;
- Key_schedule schedule;
+ union Key_schedule_safe schedule;
*ticketLen = 0; /* in case we return early */
code = assemble_athena_ticket (ticket, ticketLen, name, inst, cell,
if (code) return -1;
/* encrypt ticket */
- if (code = key_sched (key, schedule)) {
- printf ("In tkt_MakeTicket: key_sched returned %d\n", code);
- return RXKADBADKEY;
+ if (code = key_sched (key, schedule.schedule)) {
+ printf ("In tkt_MakeTicket: key_sched returned %d\n", code);
+ return RXKADBADKEY;
}
- pcbc_encrypt (ticket, ticket, *ticketLen, schedule, key, ENCRYPT);
+ pcbc_encrypt (ticket, ticket, *ticketLen, schedule.schedule, key, ENCRYPT);
return 0;
}
strcpy (name, ticket); \
ticket += slen+1
-static int decode_athena_ticket (ticket, ticketLen, name, inst, realm,
- host, sessionKey, start, end)
- char *ticket;
- int ticketLen;
- char *name;
- char *inst;
- char *realm;
- afs_int32 *host;
- struct ktc_encryptionKey *sessionKey;
- afs_uint32 *start;
- afs_uint32 *end;
+static int decode_athena_ticket (char *ticket, int ticketLen, char *name,
+ char *inst, char *realm, afs_int32 *host, struct ktc_encryptionKey *sessionKey,
+ afs_uint32 *start, afs_uint32 *end)
{ char *ticketBeg = ticket;
char flags;
int slen;
getstr (inst, 0);
getstr (realm, 0);
- bcopy (ticket, host, sizeof (*host));
+ memcpy(host, ticket, sizeof (*host));
ticket += sizeof(*host);
*host = ktohl (flags, *host);
- bcopy (ticket, sessionKey, sizeof (struct ktc_encryptionKey));
+ memcpy(sessionKey, ticket, sizeof (struct ktc_encryptionKey));
ticket += sizeof (struct ktc_encryptionKey);
lifetime = *ticket++;
- bcopy (ticket, start, sizeof (*start));
+ memcpy(start, ticket, sizeof (*start));
ticket += sizeof(*start);
*start = ktohl (flags, *start);
*end = life_to_time (*start, lifetime);
strcpy (ticket, name); \
ticket += slen+1
#define putint(num) num = htonl(num);\
- bcopy (&num, ticket, sizeof(num));\
+ memcpy(ticket, &num, sizeof(num));\
ticket += sizeof(num)
-static int assemble_athena_ticket (ticket, ticketLen, name, inst, realm,
- host, sessionKey, start, end, sname, sinst)
- char *ticket;
- int *ticketLen;
- char *name;
- char *inst;
- char *realm;
- afs_int32 host;
- struct ktc_encryptionKey *sessionKey;
- afs_uint32 start;
- afs_uint32 end;
- char *sname;
- char *sinst;
+static int assemble_athena_ticket (char *ticket, int *ticketLen, char *name,
+ char *inst, char *realm, afs_int32 host, struct ktc_encryptionKey *sessionKey,
+ afs_uint32 start, afs_uint32 end, char *sname, char *sinst)
{ char *ticketBeg = ticket;
int slen;
unsigned char life;
putstr (realm, 0);
putint (host);
- bcopy (sessionKey, ticket, sizeof(struct ktc_encryptionKey));
+ memcpy(ticket, sessionKey, sizeof(struct ktc_encryptionKey));
ticket += sizeof(struct ktc_encryptionKey);
life = time_to_life (start, end);
and the lifetime is within the legal limit.
*/
-int tkt_CheckTimes (start, end, now)
- afs_uint32 start;
- afs_uint32 end;
- afs_uint32 now;
+int tkt_CheckTimes (afs_uint32 start, afs_uint32 end, afs_uint32 now)
{ int active;
if (start >= end) return -2; /* zero or negative lifetime */
return active*2; /* ticket valid */
}
-afs_int32 ktohl (flags, l)
- char flags;
- afs_int32 l;
+afs_int32 ktohl (char flags, afs_int32 l)
{
if (flags & 1) {
unsigned char *lp = (unsigned char *)&l;
* table to extract the lifetime in seconds, which is added to start to produce
* the end time. */
-afs_uint32 life_to_time (start, life)
- afs_uint32 start;
- unsigned char life;
+afs_uint32 life_to_time (afs_uint32 start, unsigned char life)
{ int realLife;
if (life == TKTLIFENOEXPIRE) return NEVERDATE;
* entry. The actual code is prepared to handle the case where the table is
* unordered but that it an unnecessary frill. */
-unsigned char time_to_life (start, end)
- afs_uint32 start;
- afs_uint32 end;
+unsigned char time_to_life (afs_uint32 start, afs_uint32 end)
{ int lifetime = end-start;
int best, best_i;
int i;