From 233b7043ce22a120e52b2d1194a2603c659de735 Mon Sep 17 00:00:00 2001 From: Ken Hornstein Date: Thu, 30 Jun 2005 22:06:15 +0000 Subject: [PATCH] aklog-heimdal-integration-20050630 The necessary autoconf/C glue to make aklog work with Heimdal. --- src/aklog/Makefile.in | 2 +- src/aklog/aklog.c | 1 - src/aklog/aklog.h | 63 ++++++++++++++++++++++++++++++--------- src/aklog/aklog_main.c | 80 ++++++++++++++++++++++++++++++++++++++++---------- src/aklog/krb_util.c | 2 +- src/cf/kerberos.m4 | 10 ++++--- 6 files changed, 121 insertions(+), 37 deletions(-) diff --git a/src/aklog/Makefile.in b/src/aklog/Makefile.in index 9b20173..2385192 100644 --- a/src/aklog/Makefile.in +++ b/src/aklog/Makefile.in @@ -5,7 +5,7 @@ srcdir=@srcdir@ include @TOP_OBJDIR@/src/config/Makefile.config -CFLAGS += @KRB5CFLAGS@ -DALLOW_REGISTER +OPTMZ += @KRB5CFLAGS@ -DALLOW_REGISTER LIBS += @KRB5LIBS@ AFSLIBS = ${TOP_LIBDIR}/libprot.a ${TOP_LIBDIR}/libubik.a \ ${TOP_LIBDIR}/libauth.a ${TOP_LIBDIR}/librxkad.a \ diff --git a/src/aklog/aklog.c b/src/aklog/aklog.c index a64361d..5e5dbde 100644 --- a/src/aklog/aklog.c +++ b/src/aklog/aklog.c @@ -43,7 +43,6 @@ WinMain(HINSTANCE hinst, HINSTANCE hprevinstance, LPSTR cmdline, int noshow) parse_cmdline(cmdline, &argv, &argc); - aklog_init_params(¶ms); aklog(argc, argv, ¶ms); return 0; diff --git a/src/aklog/aklog.h b/src/aklog/aklog.h index 0b6b947..2984441 100644 --- a/src/aklog/aklog.h +++ b/src/aklog/aklog.h @@ -13,7 +13,6 @@ static char *rcsid_aklog_h = "$Id$"; #endif /* lint || SABER */ #include -#include #include "linked_list.h" #include @@ -23,20 +22,56 @@ static char *rcsid_aklog_h = "$Id$"; #define ARGS(x) () #endif /* __STDC__ */ -typedef struct { - int (*readlink)ARGS((char *, char *, size_t)); - int (*isdir)ARGS((char *, unsigned char *)); - char *(*getwd)ARGS((char *)); - int (*get_cred)ARGS((krb5_context, char *, char *, char *, CREDENTIALS *, - krb5_creds **)); - int (*get_user_realm)ARGS((krb5_context, char *)); - void (*pstderr)ARGS((char *)); - void (*pstdout)ARGS((char *)); - void (*exitprog)ARGS((char)); -} aklog_params; - void aklog ARGS((int, char *[])); -void aklog_init_params ARGS((aklog_params *)); + +/* + * If we have krb.h, use the definition of CREDENTIAL from there. Otherwise, + * inline it. When we inline it we're using the inline definition from the + * Heimdal sources (since Heimdal doesn't include a definition of struct + * credentials with the sources + */ + +#ifdef HAVE_KERBEROSIV_KRB_H +#include +#else /* HAVE_KERBEROSIV_KRB_H */ + +#ifndef MAX_KTXT_LEN +#define MAX_KTXT_LEN 1250 +#endif /* MAX_KTXT_LEN */ +#ifndef ANAME_SZ +#define ANAME_SZ 40 +#endif /* ANAME_SZ */ +#ifndef REALM_SZ +#define REALM_SZ 40 +#endif /* REALM_SZ */ +#ifndef SNAME_SZ +#define SNAME_SZ 40 +#endif /* SNAME_SZ */ +#ifndef INST_SZ +#define INST_SZ 40 +#endif /* INST_SZ */ + +struct ktext { + unsigned int length; + unsigned char dat[MAX_KTXT_LEN]; + u_int32_t mbz; +}; + +struct credentials { + char service[ANAME_SZ]; + char instance[INST_SZ]; + char realm[REALM_SZ]; + char session[8]; + int lifetime; + int kvno; + struct ktext ticket_st; + int32_t issue_date; + char pname[ANAME_SZ]; + char pinst[INST_SZ]; +}; + +typedef struct credentials CREDENTIALS; +#endif /* ! HAVE_KERBEROSIV_KRB_H */ #ifdef WINDOWS /* diff --git a/src/aklog/aklog_main.c b/src/aklog/aklog_main.c index b887aea..cbb7230 100644 --- a/src/aklog/aklog_main.c +++ b/src/aklog/aklog_main.c @@ -161,6 +161,48 @@ static krb5_error_code get_credv5(krb5_context context, char *, char *, char *, krb5_creds **); static int get_user_realm(krb5_context, char *); +#if defined(HAVE_KRB5_PRINC_SIZE) || defined(krb5_princ_size) + +#define get_princ_str(c, p, n) krb5_princ_component(c, p, n)->data +#define get_princ_len(c, p, n) krb5_princ_component(c, p, n)->length +#define second_comp(c, p) (krb5_princ_size(c, p) > 1) +#define realm_data(c, p) krb5_princ_realm(c, p)->data +#define realm_len(c, p) krb5_princ_realm(c, p)->length + +#elif defined(HAVE_KRB5_PRINCIPAL_GET_COMP_STRING) + +#define get_princ_str(c, p, n) krb5_principal_get_comp_string(c, p, n) +#define get_princ_len(c, p, n) strlen(krb5_principal_get_comp_string(c, p, n)) +#define second_comp(c, p) (krb5_principal_get_comp_string(c, p, 1) != NULL) +#define realm_data(c, p) krb5_realm_data(krb5_principal_get_realm(c, p)) +#define realm_len(c, p) krb5_realm_length(krb5_principal_get_realm(c, p)) + +#else +#error "Must have either krb5_princ_size or krb5_principal_get_comp_string" +#endif + +#if defined(HAVE_KRB5_CREDS_KEYBLOCK) + +#define get_cred_keydata(c) c->keyblock.contents +#define get_cred_keylen(c) c->keyblock.length +#define get_creds_enctype(c) c->keyblock.enctype + +#elif defined(HAVE_KRB5_CREDS_SESSION) + +#define get_cred_keydata(c) c->session.keyvalue.data +#define get_cred_keylen(c) c->session.keyvalue.length +#define get_creds_enctype(c) c->session.keytype + +#else +#error "Must have either keyblock or session member of krb5_creds +#endif + +#if !defined(HAVE_KRB5_524_CONVERT_CREDS) && defined(HAVE_KRB524_CONVERT_CREDS_KDC) +#define krb5_524_convert_creds krb524_convert_creds_kdc +#elif !defined(HAVE_KRB5_524_CONVERT_CREDS) && !defined(HAVE_KRB524_CONVERT_CREDS_KDC) +#error "You must have one of krb5_524_convert_creds or krb5_524_convert_creds_kdc available" +#endif + #endif /* WINDOWS */ /* @@ -546,7 +588,7 @@ static int auth_to_cell(context, cell, realm) } } - if (status != KSUCCESS) { + if (status) { if (dflag) { printf("Kerberos error code returned by get_cred: %d\n", status); @@ -574,18 +616,18 @@ static int auth_to_cell(context, cell, realm) if (dflag) printf("Using Kerberos V5 ticket natively\n"); - len = min(v5cred->client->data[0].length, - v5cred->client->length > 1 ? MAXKTCNAMELEN - 2 : - MAXKTCNAMELEN - 1); - strncpy(username, v5cred->client->data[0].data, len); + len = min(get_princ_len(context, v5cred->client, 0), + second_comp(context, v5cred->client) ? + MAXKTCNAMELEN - 2 : MAXKTCNAMELEN - 1); + strncpy(username, get_princ_str(context, v5cred->client, 0), len); username[len] = '\0'; - if (v5cred->client->length > 1) { + if (second_comp(context, v5cred->client) > 1) { strcat(username, "."); p = username + strlen(username); - len = min(v5cred->client->data[1].length, + len = min(get_princ_len(context, v5cred->client, 1), MAXKTCNAMELEN - strlen(username) - 1); - strncpy(p, v5cred->client->data[1].data, len); + strncpy(p, get_princ_str(context, v5cred->client, 1), len); p[len] = '\0'; } @@ -593,8 +635,8 @@ static int auth_to_cell(context, cell, realm) atoken.kvno = RXKAD_TKT_TYPE_KERBEROS_V5; atoken.startTime = v5cred->times.starttime;; atoken.endTime = v5cred->times.endtime; - memcpy(&atoken.sessionKey, v5cred->keyblock.contents, - v5cred->keyblock.length); + memcpy(&atoken.sessionKey, get_cred_keydata(v5cred), + get_cred_keylen(v5cred)); atoken.ticketLen = v5cred->ticket.length; memcpy(atoken.ticket, v5cred->ticket.data, atoken.ticketLen); } else { @@ -660,7 +702,7 @@ static int auth_to_cell(context, cell, realm) #ifndef WINDOWS } else { - if ((status = get_user_realm(context, realm_of_user)) != KSUCCESS) { + if ((status = get_user_realm(context, realm_of_user))) { fprintf(stderr, "%s: Couldn't determine realm of user:)", progname); com_err(progname, status, " while getting realm"); @@ -1514,14 +1556,19 @@ void aklog(int argc, char *argv[]) } #ifndef HAVE_ADD_TO_ERROR_TABLE + +#define error_table error_table_compat #include +#undef error_table +#ifndef HAVE_ADD_ERROR_TABLE void add_error_table (const struct error_table *); +#endif /* !HAVE_ADD_ERROR_TABLE */ void add_to_error_table(struct et_list *new_table) { - add_error_table(new_table->table); + add_error_table((struct error_table *) new_table->table); } #endif /* HAVE_ADD_TO_ERROR_TABLE */ @@ -1572,7 +1619,7 @@ static krb5_error_code get_credv5(krb5_context context, increds.client = client_principal; increds.times.endtime = 0; /* Ask for DES since that is what V4 understands */ - increds.keyblock.enctype = ENCTYPE_DES_CBC_CRC; + get_creds_enctype((&increds)) = ENCTYPE_DES_CBC_CRC; r = krb5_get_credentials(context, 0, _krb425_ccache, &increds, creds); @@ -1590,9 +1637,10 @@ static int get_user_realm(krb5_context context, char *realm) if (!client_principal) krb5_cc_get_principal(context, _krb425_ccache, &client_principal); - i = krb5_princ_realm(context, client_principal)->length; + i = realm_len(context, client_principal); if (i > REALM_SZ-1) i = REALM_SZ-1; - strncpy(realm,krb5_princ_realm(context, client_principal)->data,i); + strncpy(realm,realm_data(context, client_principal), i); realm[i] = 0; - return(KSUCCESS); + + return(0); } diff --git a/src/aklog/krb_util.c b/src/aklog/krb_util.c index d202715..a62e871 100644 --- a/src/aklog/krb_util.c +++ b/src/aklog/krb_util.c @@ -18,8 +18,8 @@ static char rcsid_send_to_kdc_c[] = #include #endif #include +#include "aklog.h" #include -#include #ifndef MAX_HSTNM #define MAX_HSTNM 100 diff --git a/src/cf/kerberos.m4 b/src/cf/kerberos.m4 index 51b9008..7f8e58c 100644 --- a/src/cf/kerberos.m4 +++ b/src/cf/kerberos.m4 @@ -54,12 +54,14 @@ BUILD_KRB5=no if test X$conf_krb5 = XYES; then AC_MSG_RESULT([Configuring support for Kerberos 5 utilities]) BUILD_KRB5=yes - save_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS KRB5CFLAGS" + save_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $KRB5CFLAGS" save_LIBS="$LIBS" LIBS="$LIBS $KRB5LIBS" - AC_CHECK_FUNCS([add_to_error_table]) - CFLAGS="$save_CFLAGS" + AC_CHECK_FUNCS([add_to_error_table add_error_table krb5_princ_size krb5_principal_get_comp_string krb5_524_convert_creds krb524_convert_creds_kdc]) + AC_CHECK_HEADERS([kerberosIV/krb.h]) + AC_CHECK_MEMBERS([krb5_creds.keyblock, krb5_creds.session],,, [#include ]) + CPPFLAGS="$save_CPPFLAGS" LIBS="$save_LIBS" fi AC_SUBST(BUILD_KRB5) -- 1.9.4