From 2b29b7186459d945ec448694164bfe4239b30d72 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 27 Oct 2008 11:35:07 +0100 Subject: s4: import lorikeet-heimdal-200810271034 metze --- source4/heimdal/kdc/kerberos4.c | 132 ++++++++++++++++++++-------------------- 1 file changed, 66 insertions(+), 66 deletions(-) (limited to 'source4/heimdal/kdc/kerberos4.c') diff --git a/source4/heimdal/kdc/kerberos4.c b/source4/heimdal/kdc/kerberos4.c index 3e9a70057e..2bd2383940 100644 --- a/source4/heimdal/kdc/kerberos4.c +++ b/source4/heimdal/kdc/kerberos4.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "kdc_locl.h" @@ -58,7 +58,7 @@ static void make_err_reply(krb5_context context, krb5_data *reply, int code, const char *msg) { - _krb5_krb_cr_err_reply(context, "", "", "", + _krb5_krb_cr_err_reply(context, "", "", "", kdc_time, code, msg, reply); } @@ -106,8 +106,8 @@ _kdc_db_fetch4(krb5_context context, ctx.config = config; ctx.flags = flags; - - ret = krb5_425_conv_principal_ext2(context, name, instance, realm, + + ret = krb5_425_conv_principal_ext2(context, name, instance, realm, valid_princ, &ctx, 0, &p); if(ret) return ret; @@ -125,7 +125,7 @@ _kdc_db_fetch4(krb5_context context, */ krb5_error_code -_kdc_do_version4(krb5_context context, +_kdc_do_version4(krb5_context context, krb5_kdc_configuration *config, unsigned char *buf, size_t len, @@ -193,7 +193,7 @@ _kdc_do_version4(krb5_context context, kdc_log(context, config, 0, "AS-REQ (krb4) %s from %s for %s", client_name, from, server_name); - ret = _kdc_db_fetch4(context, config, name, inst, realm, + ret = _kdc_db_fetch4(context, config, name, inst, realm, HDB_F_GET_CLIENT, &client); if(ret) { kdc_log(context, config, 0, "Client not found in database: %s: %s", @@ -212,7 +212,7 @@ _kdc_do_version4(krb5_context context, goto out1; } - ret = _kdc_check_flags (context, config, + ret = _kdc_check_flags (context, config, client, client_name, server, server_name, TRUE); @@ -254,7 +254,7 @@ _kdc_do_version4(krb5_context context, ret = _kdc_get_des_key(context, client, FALSE, FALSE, &ckey); if(ret){ kdc_log(context, config, 0, "no suitable DES key for client"); - make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY, + make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY, "no suitable DES key for client"); goto out1; } @@ -262,7 +262,7 @@ _kdc_do_version4(krb5_context context, ret = _kdc_get_des_key(context, server, TRUE, FALSE, &skey); if(ret){ kdc_log(context, config, 0, "no suitable DES key for server"); - make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY, + make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY, "no suitable DES key for server"); goto out1; } @@ -274,7 +274,7 @@ _kdc_do_version4(krb5_context context, max_life = min(max_life, *server->entry.max_life); life = krb_time_to_life(kdc_time, kdc_time + max_life); - + ret = krb5_generate_random_keyblock(context, ETYPE_DES_PCBC_NONE, &session); @@ -318,7 +318,7 @@ _kdc_do_version4(krb5_context context, krb5_free_keyblock_contents(context, &session); krb5_data_free(&ticket); if (ret) { - make_err_reply(context, reply, KFAILURE, + make_err_reply(context, reply, KFAILURE, "Failed to create v4 cipher"); goto out1; } @@ -362,9 +362,9 @@ _kdc_do_version4(krb5_context context, &tgt_princ); if(ret){ kdc_log(context, config, 0, - "Converting krbtgt principal (krb4): %s", + "Converting krbtgt principal (krb4): %s", krb5_get_err_text(context, ret)); - make_err_reply(context, reply, KFAILURE, + make_err_reply(context, reply, KFAILURE, "Failed to convert v4 principal (krbtgt)"); goto out2; } @@ -374,7 +374,7 @@ _kdc_do_version4(krb5_context context, if(ret){ char *s; s = kdc_log_msg(context, config, 0, "Ticket-granting ticket not " - "found in database (krb4): krbtgt.%s@%s: %s", + "found in database (krb4): krbtgt.%s@%s: %s", realm, config->v4_realm, krb5_get_err_text(context, ret)); make_err_reply(context, reply, KFAILURE, s); @@ -385,7 +385,7 @@ _kdc_do_version4(krb5_context context, if(tgt->entry.kvno % 256 != kvno){ kdc_log(context, config, 0, "tgs-req (krb4) with old kvno %d (current %d) for " - "krbtgt.%s@%s", kvno, tgt->entry.kvno % 256, + "krbtgt.%s@%s", kvno, tgt->entry.kvno % 256, realm, config->v4_realm); make_err_reply(context, reply, KRB4ET_KDC_AUTH_EXP, "old krbtgt kvno used"); @@ -394,9 +394,9 @@ _kdc_do_version4(krb5_context context, ret = _kdc_get_des_key(context, tgt, TRUE, FALSE, &tkey); if(ret){ - kdc_log(context, config, 0, + kdc_log(context, config, 0, "no suitable DES key for krbtgt (krb4)"); - make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY, + make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY, "no suitable DES key for krbtgt"); goto out2; } @@ -414,7 +414,7 @@ _kdc_do_version4(krb5_context context, else address = 0; - ret = _krb5_krb_rd_req(context, &auth, "krbtgt", realm, + ret = _krb5_krb_rd_req(context, &auth, "krbtgt", realm, config->v4_realm, address, &tkey->key, &ad); if(ret){ @@ -440,15 +440,15 @@ _kdc_do_version4(krb5_context context, client_name, from, server_name); if(strcmp(ad.prealm, realm)){ - kdc_log(context, config, 0, + kdc_log(context, config, 0, "Can't hop realms (krb4) %s -> %s", realm, ad.prealm); - make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN, + make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN, "Can't hop realms"); goto out2; } if (!config->enable_v4_cross_realm && strcmp(realm, config->v4_realm) != 0) { - kdc_log(context, config, 0, + kdc_log(context, config, 0, "krb4 Cross-realm %s -> %s disabled", realm, config->v4_realm); make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN, @@ -457,9 +457,9 @@ _kdc_do_version4(krb5_context context, } if(strcmp(sname, "changepw") == 0){ - kdc_log(context, config, 0, + kdc_log(context, config, 0, "Bad request for changepw ticket (krb4)"); - make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN, + make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN, "Can't authorize password change based on TGT"); goto out2; } @@ -497,7 +497,7 @@ _kdc_do_version4(krb5_context context, goto out2; } - ret = _kdc_check_flags (context, config, + ret = _kdc_check_flags (context, config, client, client_name, server, server_name, FALSE); @@ -509,9 +509,9 @@ _kdc_do_version4(krb5_context context, ret = _kdc_get_des_key(context, server, TRUE, FALSE, &skey); if(ret){ - kdc_log(context, config, 0, + kdc_log(context, config, 0, "no suitable DES key for server (krb4)"); - make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY, + make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY, "no suitable DES key for server"); goto out2; } @@ -589,7 +589,7 @@ _kdc_do_version4(krb5_context context, "failed to create v4 cipher"); goto out2; } - + ret = _krb5_krb_create_auth_reply(context, ad.pname, ad.pinst, @@ -614,7 +614,7 @@ _kdc_do_version4(krb5_context context, ret = EINVAL; break; default: - kdc_log(context, config, 0, "Unknown message type (krb4): %d from %s", + kdc_log(context, config, 0, "Unknown message type (krb4): %d from %s", msg_type, from); make_err_reply(context, reply, KFAILURE, "Unknown message type"); @@ -640,7 +640,7 @@ _kdc_do_version4(krb5_context context, } krb5_error_code -_kdc_encode_v4_ticket(krb5_context context, +_kdc_encode_v4_ticket(krb5_context context, krb5_kdc_configuration *config, void *buf, size_t len, const EncTicketPart *et, const PrincipalName *service, size_t *size) @@ -656,7 +656,7 @@ _kdc_encode_v4_ticket(krb5_context context, &princ, *service, et->crealm); - ret = krb5_524_conv_principal(context, + ret = krb5_524_conv_principal(context, princ, sname, sinst, @@ -669,8 +669,8 @@ _kdc_encode_v4_ticket(krb5_context context, &princ, et->cname, et->crealm); - - ret = krb5_524_conv_principal(context, + + ret = krb5_524_conv_principal(context, princ, name, inst, @@ -681,7 +681,7 @@ _kdc_encode_v4_ticket(krb5_context context, return ret; sp = krb5_storage_emem(); - + krb5_store_int8(sp, 0); /* flags */ krb5_store_stringz(sp, name); krb5_store_stringz(sp, inst); @@ -702,11 +702,11 @@ _kdc_encode_v4_ticket(krb5_context context, if((et->key.keytype != ETYPE_DES_CBC_MD5 && et->key.keytype != ETYPE_DES_CBC_MD4 && - et->key.keytype != ETYPE_DES_CBC_CRC) || + et->key.keytype != ETYPE_DES_CBC_CRC) || et->key.keyvalue.length != 8) return -1; krb5_storage_write(sp, et->key.keyvalue.data, 8); - + { time_t start = et->starttime ? *et->starttime : et->authtime; krb5_store_int8(sp, krb_time_to_life(start, et->endtime)); @@ -715,7 +715,7 @@ _kdc_encode_v4_ticket(krb5_context context, krb5_store_stringz(sp, sname); krb5_store_stringz(sp, sinst); - + { krb5_data data; krb5_storage_to_data(sp, &data); @@ -731,19 +731,19 @@ _kdc_encode_v4_ticket(krb5_context context, } krb5_error_code -_kdc_get_des_key(krb5_context context, - hdb_entry_ex *principal, krb5_boolean is_server, +_kdc_get_des_key(krb5_context context, + hdb_entry_ex *principal, krb5_boolean is_server, krb5_boolean prefer_afs_key, Key **ret_key) { Key *v5_key = NULL, *v4_key = NULL, *afs_key = NULL, *server_key = NULL; int i; - krb5_enctype etypes[] = { ETYPE_DES_CBC_MD5, - ETYPE_DES_CBC_MD4, + krb5_enctype etypes[] = { ETYPE_DES_CBC_MD5, + ETYPE_DES_CBC_MD4, ETYPE_DES_CBC_CRC }; for(i = 0; i < sizeof(etypes)/sizeof(etypes[0]) - && (v5_key == NULL || v4_key == NULL || + && (v5_key == NULL || v4_key == NULL || afs_key == NULL || server_key == NULL); ++i) { Key *key = NULL; @@ -751,7 +751,7 @@ _kdc_get_des_key(krb5_context context, if(key->salt == NULL) { if(v5_key == NULL) v5_key = key; - } else if(key->salt->type == hdb_pw_salt && + } else if(key->salt->type == hdb_pw_salt && key->salt->salt.length == 0) { if(v4_key == NULL) v4_key = key; -- cgit