applied athena-update-branch patch

author: Karl Ramm <kcr@mit.edu> 2007-12-25 00:56:08 +0000
committer: Karl Ramm <kcr@mit.edu> 2007-12-25 00:56:08 +0000
commit: 1a0e03eb19998ab496a6ea845ff2c42d9a02df0b (patch)
tree: 29b47c8532e1f1678063fbb1b851ee4208134626 /h
parent: 3f120f880be9ae9aa1612ddc2412e9acb9a8e85e (diff)
3 files changed, 249 insertions, 80 deletions
diff --git a/h/config.h.in b/h/config.h.in
index 1a3dd61..c962a5d 100644
--- a/h/config.h.in
+++ b/h/config.h.in
@@ -1,40 +1,42 @@
-/* h/config.h.in.  Generated automatically from configure.in by autoheader.  */
+/* h/config.h.in.  Generated from configure.in by autoheader.  */
+/* Define to compile with Hesiod support. */
+#undef HAVE_HESIOD
 
-/* Define if the `getpgrp' function takes no argument.  */
-#undef GETPGRP_VOID
+/* Define to compile with Kerberos support. */
+#undef HAVE_KRB4
 
-/* Define to `int' if <sys/types.h> doesn't define.  */
-#undef gid_t
+/* Define to compile with Kerberos v5 support. */
+#undef HAVE_KRB5
 
-/* Define if you don't have vprintf but do have _doprnt.  */
-#undef HAVE_DOPRNT
+/* Define to 1 if `enc_part2' is member of `krb5_ticket'. */
+#undef HAVE_KRB5_TICKET_ENC_PART2
 
-/* Define if you have <sys/wait.h> that is POSIX.1 compatible.  */
-#undef HAVE_SYS_WAIT_H
+/* Define to 1 if `keyblock.enctype' is member of `krb5_creds'. */
+#undef HAVE_KRB5_CREDS_KEYBLOCK_ENCTYPE
 
-/* Define if you have the vprintf function.  */
-#undef HAVE_VPRINTF
+/* Define to 1 if you have the `krb5_c_make_checksum' function. */
+#undef HAVE_KRB5_C_MAKE_CHECKSUM
 
-/* Define as the return type of signal handlers (int or void).  */
-#undef RETSIGTYPE
+/* Define to 1 if you have the `krb5_cc_set_default_name' function. */
+#undef HAVE_KRB5_CC_SET_DEFAULT_NAME
 
-/* Define if the `setpgrp' function takes no argument.  */
-#undef SETPGRP_VOID
+/* Define to 1 if `krb5_auth_con_getauthenticator' takes a double pointer third arg. */
+#undef KRB5_AUTH_CON_GETAUTHENTICATOR_TAKES_DOUBLE_POINTER
 
-/* Define if you have the ANSI C header files.  */
-#undef STDC_HEADERS
+/* Define to 1 if you have the <krb5_err.h> header file. */
+#undef HAVE_KRB5_ERR_H
 
-/* Define to `int' if <sys/types.h> doesn't define.  */
-#undef uid_t
+/* Define to 1 if you have the `krb5_free_data' function. */
+#undef HAVE_KRB5_FREE_DATA
 
-/* Define if the X Window System is missing or not being used.  */
-#undef X_DISPLAY_MISSING
+/* Define to 1 if you have the <krb5/ss.h> header file. */
+#undef HAVE_KRB5_SS_H
 
-/* Define to compile with Hesiod support. */
-#undef HAVE_HESIOD
+/* Define to 1 if you have the `krb_get_err_text' function. */
+#undef HAVE_KRB_GET_ERR_TEXT
 
-/* Define to compile with Kerberos support. */
-#undef HAVE_KRB4
+/* Define to 1 if you have the `krb_log' function. */
+#undef HAVE_KRB_LOG
 
 /* Define to compile with ares support. */
 #undef HAVE_ARES
@@ -45,122 +47,223 @@
 /* Define if you have the System Resource Controller library. */
 #undef HAVE_SRC
 
+/* Define to "unsigned long" if your system headers don't. */
+#undef ulong
+
 /* Define to a temporary directory on your system. */
 #define FOUND_TMP "/var/tmp"
 
 /* Define to the type of the host system. */
 #define MACHINE_TYPE "unknown"
 
-/* The number of bytes in a int.  */
-#undef SIZEOF_INT
+/* Define if `regcomp' exists and works. */
+#undef HAVE_REGCOMP
 
-/* The number of bytes in a long.  */
-#undef SIZEOF_LONG
 
-/* The number of bytes in a short.  */
-#undef SIZEOF_SHORT
+/* Define to 1 if the `getpgrp' function requires zero arguments. */
+#undef GETPGRP_VOID
 
-/* Define if you have the gethostid function.  */
+/* Define to 1 if you have the <dlfcn.h> header file. */
+#undef HAVE_DLFCN_H
+
+/* Define to 1 if you don't have `vprintf' but do have `_doprnt.' */
+#undef HAVE_DOPRNT
+
+/* Define to 1 if you have the <fcntl.h> header file. */
+#undef HAVE_FCNTL_H
+
+/* Define to 1 if you have the `gethostid' function. */
 #undef HAVE_GETHOSTID
 
-/* Define if you have the getlogin function.  */
+/* Define to 1 if you have the `getlogin' function. */
 #undef HAVE_GETLOGIN
 
-/* Define if you have the getpgid function.  */
+/* Define to 1 if you have the `getpgid' function. */
 #undef HAVE_GETPGID
 
-/* Define if you have the getsid function.  */
+/* Define to 1 if you have the `getsid' function. */
 #undef HAVE_GETSID
 
-/* Define if you have the krb_get_err_text function.  */
+/* Define to 1 if you have the <inttypes.h> header file. */
+#undef HAVE_INTTYPES_H
+
+/* Define to 1 if you have the `krb5_cc_set_default_name' function. */
+#undef HAVE_KRB5_CC_SET_DEFAULT_NAME
+
+/* Define to 1 if you have the `krb5_c_make_checksum' function. */
+#undef HAVE_KRB5_C_MAKE_CHECKSUM
+
+/* Define to 1 if you have the <krb5_err.h> header file. */
+#undef HAVE_KRB5_ERR_H
+
+/* Define to 1 if you have the `krb5_free_data' function. */
+#undef HAVE_KRB5_FREE_DATA
+
+/* Define to 1 if you have the `krb_get_err_text' function. */
 #undef HAVE_KRB_GET_ERR_TEXT
 
-/* Define if you have the krb_log function.  */
+/* Define to 1 if you have the `krb_log' function. */
 #undef HAVE_KRB_LOG
 
-/* Define if you have the lrand48 function.  */
+/* Define to 1 if you have the `44bsd' library (-l44bsd). */
+#undef HAVE_LIB44BSD
+
+/* Define to 1 if you have the `curses' library (-lcurses). */
+#undef HAVE_LIBCURSES
+
+/* Define to 1 if you have the `dl' library (-ldl). */
+#undef HAVE_LIBDL
+
+/* Define to 1 if you have the `gen' library (-lgen). */
+#undef HAVE_LIBGEN
+
+/* Define to 1 if you have the `nsl' library (-lnsl). */
+#undef HAVE_LIBNSL
+
+/* Define to 1 if you have the `readline' library (-lreadline). */
+#undef HAVE_LIBREADLINE
+
+/* Define to 1 if you have the `resolv' library (-lresolv). */
+#undef HAVE_LIBRESOLV
+
+/* Define to 1 if you have the `socket' library (-lsocket). */
+#undef HAVE_LIBSOCKET
+
+/* Define to 1 if you have the `w' library (-lw). */
+#undef HAVE_LIBW
+
+/* Define to 1 if you have the `lrand48' function. */
 #undef HAVE_LRAND48
 
-/* Define if you have the memcpy function.  */
+/* Define to 1 if you have the <malloc.h> header file. */
+#undef HAVE_MALLOC_H
+
+/* Define to 1 if you have the `memcpy' function. */
 #undef HAVE_MEMCPY
 
-/* Define if you have the memmove function.  */
+/* Define to 1 if you have the `memmove' function. */
 #undef HAVE_MEMMOVE
 
-/* Define if you have the putenv function.  */
+/* Define to 1 if you have the <memory.h> header file. */
+#undef HAVE_MEMORY_H
+
+/* Define to 1 if you have the <paths.h> header file. */
+#undef HAVE_PATHS_H
+
+/* Define to 1 if you have the `putenv' function. */
 #undef HAVE_PUTENV
 
-/* Define if you have the random function.  */
+/* Define to 1 if you have the `random' function. */
 #undef HAVE_RANDOM
 
-/* Define if you have the strchr function.  */
-#undef HAVE_STRCHR
+/* Define to 1 if you have the <sgtty.h> header file. */
+#undef HAVE_SGTTY_H
 
-/* Define if you have the strerror function.  */
-#undef HAVE_STRERROR
+/* Define to 1 if you have the <stdint.h> header file. */
+#undef HAVE_STDINT_H
 
-/* Define if you have the waitpid function.  */
-#undef HAVE_WAITPID
+/* Define to 1 if you have the <stdlib.h> header file. */
+#undef HAVE_STDLIB_H
 
-/* Define if you have the <fcntl.h> header file.  */
-#undef HAVE_FCNTL_H
+/* Define to 1 if you have the `strchr' function. */
+#undef HAVE_STRCHR
 
-/* Define if you have the <malloc.h> header file.  */
-#undef HAVE_MALLOC_H
+/* Define to 1 if you have the `strerror' function. */
+#undef HAVE_STRERROR
 
-/* Define if you have the <paths.h> header file.  */
-#undef HAVE_PATHS_H
+/* Define to 1 if you have the <strings.h> header file. */
+#undef HAVE_STRINGS_H
 
-/* Define if you have the <sgtty.h> header file.  */
-#undef HAVE_SGTTY_H
+/* Define to 1 if you have the <string.h> header file. */
+#undef HAVE_STRING_H
 
-/* Define if you have the <sys/cdefs.h> header file.  */
+/* Define to 1 if you have the <sys/cdefs.h> header file. */
 #undef HAVE_SYS_CDEFS_H
 
-/* Define if you have the <sys/file.h> header file.  */
+/* Define to 1 if you have the <sys/file.h> header file. */
 #undef HAVE_SYS_FILE_H
 
-/* Define if you have the <sys/filio.h> header file.  */
+/* Define to 1 if you have the <sys/filio.h> header file. */
 #undef HAVE_SYS_FILIO_H
 
-/* Define if you have the <sys/ioctl.h> header file.  */
+/* Define to 1 if you have the <sys/ioctl.h> header file. */
 #undef HAVE_SYS_IOCTL_H
 
-/* Define if you have the <sys/msgbuf.h> header file.  */
+/* Define to 1 if you have the <sys/msgbuf.h> header file. */
 #undef HAVE_SYS_MSGBUF_H
 
-/* Define if you have the <sys/select.h> header file.  */
+/* Define to 1 if you have the <sys/select.h> header file. */
 #undef HAVE_SYS_SELECT_H
 
-/* Define if you have the <sys/time.h> header file.  */
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#undef HAVE_SYS_STAT_H
+
+/* Define to 1 if you have the <sys/time.h> header file. */
 #undef HAVE_SYS_TIME_H
 
-/* Define if you have the <sys/utsname.h> header file.  */
+/* Define to 1 if you have the <sys/types.h> header file. */
+#undef HAVE_SYS_TYPES_H
+
+/* Define to 1 if you have the <sys/utsname.h> header file. */
 #undef HAVE_SYS_UTSNAME_H
 
-/* Define if you have the <termios.h> header file.  */
+/* Define to 1 if you have <sys/wait.h> that is POSIX.1 compatible. */
+#undef HAVE_SYS_WAIT_H
+
+/* Define to 1 if you have the <termios.h> header file. */
 #undef HAVE_TERMIOS_H
 
-/* Define if you have the <unistd.h> header file.  */
+/* Define to 1 if you have the <unistd.h> header file. */
 #undef HAVE_UNISTD_H
 
-/* Define if you have the 44bsd library (-l44bsd).  */
-#undef HAVE_LIB44BSD
+/* Define to 1 if you have the `vprintf' function. */
+#undef HAVE_VPRINTF
 
-/* Define if you have the dl library (-ldl).  */
-#undef HAVE_LIBDL
+/* Define to 1 if you have the `waitpid' function. */
+#undef HAVE_WAITPID
 
-/* Define if you have the gen library (-lgen).  */
-#undef HAVE_LIBGEN
+/* Define to the address where bug reports for this package should be sent. */
+#undef PACKAGE_BUGREPORT
 
-/* Define if you have the nsl library (-lnsl).  */
-#undef HAVE_LIBNSL
+/* Define to the full name of this package. */
+#undef PACKAGE_NAME
 
-/* Define if you have the resolv library (-lresolv).  */
-#undef HAVE_LIBRESOLV
+/* Define to the full name and version of this package. */
+#undef PACKAGE_STRING
 
-/* Define if you have the socket library (-lsocket).  */
-#undef HAVE_LIBSOCKET
+/* Define to the one symbol short name of this package. */
+#undef PACKAGE_TARNAME
 
-/* Define if you have the w library (-lw).  */
-#undef HAVE_LIBW
+/* Define to the version of this package. */
+#undef PACKAGE_VERSION
+
+/* Define as the return type of signal handlers (`int' or `void'). */
+#undef RETSIGTYPE
+
+/* Define to 1 if the `setpgrp' function takes no argument. */
+#undef SETPGRP_VOID
+
+/* The size of `int', as computed by sizeof. */
+#undef SIZEOF_INT
+
+/* The size of `long', as computed by sizeof. */
+#undef SIZEOF_LONG
+
+/* The size of `short', as computed by sizeof. */
+#undef SIZEOF_SHORT
+
+/* Define to 1 if you have the ANSI C header files. */
+#undef STDC_HEADERS
+
+/* Define to 1 if the X Window System is missing or not being used. */
+#undef X_DISPLAY_MISSING
+
+/* Define to 1 if `lex' declares `yytext' as a `char *' by default, not a
+   `char[]'. */
+#undef YYTEXT_POINTER
+
+/* Define to `int' if <sys/types.h> doesn't define. */
+#undef gid_t
+
+/* Define to `int' if <sys/types.h> doesn't define. */
+#undef uid_t
diff --git a/h/internal.h b/h/internal.h
index f0b482c..403e85c 100644
--- a/h/internal.h
+++ b/h/internal.h
@@ -11,6 +11,10 @@
 #include <krb_err.h>
 #endif
 
+#ifdef HAVE_KRB5
+#include <krb5.h>
+#endif
+
 #ifdef HAVE_HESIOD
 #include <hesiod.h>
 #endif
@@ -34,6 +38,13 @@
 #define Z_NOTICETIMELIMIT	30	/* Time to wait for fragments */
 #define Z_INITFILTERSIZE	30	/* Starting size of uid filter */
 
+#define Z_AUTHMODE_NONE          0      /* no authentication */
+#define Z_AUTHMODE_KRB4          1      /* authenticate using Kerberos V4 */
+#define Z_AUTHMODE_KRB5          2      /* authenticate using Kerberos V5 */
+
+#define Z_KEYUSAGE_CLT_CKSUM  1027    /* client->server notice checksum */
+#define Z_KEYUSAGE_SRV_CKSUM  1029    /* server->client notice checksum */
+
 struct _Z_Hole {
     struct _Z_Hole	*next;
     int			first;
@@ -64,6 +75,11 @@ extern int __Zephyr_open;	/* 0 if FD opened, 1 otherwise */
 extern int __HM_set;		/* 0 if dest addr set, 1 otherwise */
 extern int __Zephyr_server;	/* 0 if normal client, 1 if server or zhm */
 
+#ifdef HAVE_KRB5
+extern krb5_context Z_krb5_ctx;
+Code_t Z_krb5_lookup_cksumtype(krb5_enctype, krb5_cksumtype *);
+#endif
+
 extern ZLocations_t *__locate_list;
 extern int __locate_num;
 extern int __locate_next;
@@ -97,6 +113,46 @@ Code_t Z_WaitForNotice __P((ZNotice_t *notice,
 			    int (*pred) __P((ZNotice_t *, void *)), void *arg,
 			    int timeout));
 
+
+Code_t Z_NewFormatHeader __P((ZNotice_t *, char *, int, int *, Z_AuthProc));
+Code_t Z_NewFormatAuthHeader __P((ZNotice_t *, char *, int, int *, Z_AuthProc));
+Code_t Z_NewFormatRawHeader __P((ZNotice_t *, char *, int, int *, char **, 
+                                 int *, char **, char **));
+Code_t Z_AsciiFormatRawHeader __P((ZNotice_t *, char *, int, int *, char **, 
+                                 int *, char **, char **));
+
 void Z_gettimeofday(struct _ZTimeval *ztv, struct timezone *tz);
+
+#ifdef HAVE_KRB5
+int ZGetCreds(krb5_creds **creds_out);
+int ZGetCredsRealm(krb5_creds **creds_out, char *realm);
+Code_t Z_Checksum(krb5_data *cksumbuf, krb5_keyblock *keyblock, krb5_cksumtype cksumtype, char **asn1_data, int *asn1_len);
+Code_t Z_ExtractEncCksum(krb5_keyblock *keyblock, krb5_enctype *enctype, krb5_cksumtype *cksumtype);
+int Z_krb5_verify_cksum(krb5_keyblock *keyblock, krb5_data *cksumbuf, krb5_cksumtype cksumtype, char *asn1_data, int asn1_len);
+Code_t Z_InsertZcodeChecksum(krb5_keyblock *keyblock, ZNotice_t *notice, 
+                             char *buffer,
+                             char *cksum_start, int cksum_len, 
+                             char *cstart, char *cend, int buffer_len,
+                             int *length_ajdust);
+#endif
+
+#ifdef HAVE_KRB5_CREDS_KEYBLOCK_ENCTYPE
+#define Z_keydata(keyblock)	((keyblock)->contents)
+#define Z_keylen(keyblock)	((keyblock)->length)
+#define Z_credskey(creds)	(&(creds)->keyblock)
+#else
+#define Z_keydata(keyblock)	((keyblock)->keyvalue.data)
+#define Z_keylen(keyblock)	((keyblock)->keyvalue.length)
+#define Z_credskey(creds)	(&(creds)->session)
+#endif
+
+#ifdef HAVE_KRB5_TICKET_ENC_PART2
+#define Z_tktprincp(tkt)	((tkt)->enc_part2 != 0)
+#define Z_tktprinc(tkt)		((tkt)->enc_part2->client)
+#else
+#define	Z_tktprincp(tkt)	((tkt)->client != 0)
+#define Z_tktprinc(tkt)		((tkt)->client)
+#endif
+
 #endif /* __INTERNAL_H__ */
 
diff --git a/h/zephyr/zephyr.h b/h/zephyr/zephyr.h
index 713e261..429663e 100644
--- a/h/zephyr/zephyr.h
+++ b/h/zephyr/zephyr.h
@@ -39,6 +39,7 @@
 #define	SERVER_SVCNAME		"zephyr-clt"
 #define SERVER_SERVICE		"zephyr"
 #define SERVER_INSTANCE		"zephyr"
+#define SERVER_KRB5_SERVICE     "zephyr"
 
 #define ZVERSIONHDR	"ZEPH"
 #define ZVERSIONMAJOR	0
@@ -98,6 +99,7 @@ typedef struct _ZNotice_t {
     char		*z_multinotice;
     ZUnique_Id_t	z_multiuid;
     ZChecksum_t		z_checksum;
+    char                *z_ascii_checksum;
     int			z_num_other_fields;
     char		*z_other_fields[Z_MAXOTHERFIELDS];
     caddr_t		z_message;
@@ -139,6 +141,8 @@ int ZCompareMultiUIDPred ZP((ZNotice_t *, void *));
 /* Defines for ZFormatNotice, et al. */
 typedef Code_t (*Z_AuthProc) ZP((ZNotice_t*, char *, int, int *));
 Code_t ZMakeAuthentication ZP((ZNotice_t*, char *,int, int*));
+Code_t ZMakeZcodeAuthentication ZP((ZNotice_t*, char *,int, int*));
+Code_t ZMakeZcodeRealmAuthentication ZP((ZNotice_t*, char *,int, int*, char*));
 
 char *ZGetSender ZP((void));
 char *ZGetVariable ZP((char *));
@@ -152,6 +156,7 @@ Code_t ZParseNotice ZP((char*, int, ZNotice_t *));
 Code_t ZReadAscii ZP((char*, int, unsigned char*, int));
 Code_t ZReadAscii32 ZP((char *, int, unsigned long *));
 Code_t ZReadAscii16 ZP((char *, int, unsigned short *));
+Code_t ZReadZcode ZP((unsigned char*, unsigned char*, int, int *));
 Code_t ZSendPacket ZP((char*, int, int));
 Code_t ZSendList ZP((ZNotice_t*, char *[], int, Z_AuthProc));
 Code_t ZSrvSendList ZP((ZNotice_t*, char*[], int, Z_AuthProc, Code_t (*)()));
@@ -175,8 +180,12 @@ Code_t ZSrvSendRawList ZP((ZNotice_t*, char*[], int,
 Code_t ZMakeAscii ZP((char*, int, unsigned char*, int));
 Code_t ZMakeAscii32 ZP((char *, int, unsigned long));
 Code_t ZMakeAscii16 ZP((char *, int, unsigned int));
+Code_t ZMakeZcode ZP((char*, int, unsigned char*, int));
+Code_t ZMakeZcode32 ZP((char *, int, unsigned long));
 Code_t ZReceivePacket ZP((ZPacket_t, int*, struct sockaddr_in*));
 Code_t ZCheckAuthentication ZP((ZNotice_t*, struct sockaddr_in*));
+Code_t ZCheckZcodeAuthentication ZP((ZNotice_t*, struct sockaddr_in*));
+Code_t ZCheckZcodeRealmAuthentication ZP((ZNotice_t*, struct sockaddr_in*, char *realm));
 Code_t ZInitLocationInfo ZP((char *hostname, char *tty));
 Code_t ZSetLocation ZP((char *exposure));
 Code_t ZUnsetLocation ZP((void));
@@ -253,6 +262,7 @@ void ZSetDebug ZP((void (*)(ZCONST char *, va_list, void *), void *));
 #define	SRV_TIMEOUT		30
 
 #define ZAUTH (ZMakeAuthentication)
+#define ZCAUTH (ZMakeZcodeAuthentication)
 #define ZNOAUTH ((Z_AuthProc)0)
 
 /* Packet strings */
author	Karl Ramm <kcr@mit.edu>	2007-12-25 00:56:08 +0000
committer	Karl Ramm <kcr@mit.edu>	2007-12-25 00:56:08 +0000
commit	1a0e03eb19998ab496a6ea845ff2c42d9a02df0b (patch)
tree	29b47c8532e1f1678063fbb1b851ee4208134626 /h
parent	3f120f880be9ae9aa1612ddc2412e9acb9a8e85e (diff)