krb5 client doing krb4 protocol

[1ts-debian.git] / zephyr / lib / ZMkAuth.c

diff --git a/zephyr/lib/ZMkAuth.c b/zephyr/lib/ZMkAuth.c
index f776cba5679e2df84481d82ea0334aa1c1453cd0..bf17695f54eb6c8fbf1c4e5c132701b3e339358b 100644 (file)
--- a/zephyr/lib/ZMkAuth.c
+++ b/zephyr/lib/ZMkAuth.c
@@ -34,15 +34,36 @@ Code_t ZMakeAuthentication(notice, buffer, buffer_len, len)
     int buffer_len;
     int *len;
 {
-#ifdef HAVE_KRB4
+#if defined(HAVE_KRB4) || defined(HAVE_KRB5)
     int result;
     time_t now;
     KTEXT_ST authent;
     char *cstart, *cend;
     ZChecksum_t checksum;
     CREDENTIALS cred;
-    extern unsigned long des_quad_cksum();
+    C_Block *session;
+#ifdef HAVE_KRB5
+    krb5_creds *creds_out;
+
+    result = ZGetCreds(&creds_out);
+    if (result)
+      return result;
+
+    result = krb5_524_convert_creds(Z_krb5_ctx, creds_out, &cred);
+    /* krb5_free_creds(Z_krb5_ctx, creds_out);*/
+    if (result)
+      return result;
+    /* HOLDING: creds_out */
+
+    if (creds_out->keyblock.enctype != ENCTYPE_DES_CBC_CRC)
+      return (KRB5_BAD_ENCTYPE);
+    session = (C_Block *)creds_out->keyblock.contents;
 
+    result = krb_mk_req_creds(&authent, &cred, 0);
+    if (result != MK_AP_OK)
+      return result + krb_err_base;
+#endif
+#ifndef HAVE_KRB5
     result = krb_mk_req(&authent, SERVER_SERVICE, 
                        SERVER_INSTANCE, __Zephyr_realm, 0);
     if (result != MK_AP_OK)
@@ -52,6 +73,9 @@ Code_t ZMakeAuthentication(notice, buffer, buffer_len, len)
     if (result != KSUCCESS)
        return (result+krb_err_base);
 
+    session = (C_Block *)cred.session;
+#endif
+
     notice->z_auth = 1;
     notice->z_authent_len = authent.length;
     notice->z_ascii_authent = (char *)malloc((unsigned)authent.length*3);
@@ -73,11 +97,11 @@ Code_t ZMakeAuthentication(notice, buffer, buffer_len, len)
        return(result);
 
     /* Compute a checksum over the header and message. */
-    checksum = des_quad_cksum(buffer, NULL, cstart - buffer, 0, cred.session);
+    checksum = des_quad_cksum(buffer, NULL, cstart - buffer, 0, session);
     checksum ^= des_quad_cksum(cend, NULL, buffer + *len - cend, 0,
-                              cred.session);
+                              session);
     checksum ^= des_quad_cksum(notice->z_message, NULL, notice->z_message_len,
-                              0, cred.session);
+                              0, session);
     notice->z_checksum = checksum;
     ZMakeAscii32(cstart, buffer + buffer_len - cstart, checksum);
 
@@ -340,3 +364,42 @@ Code_t ZMakeZcodeRealmAuthentication(notice, buffer, buffer_len, phdr_len,
     return (result);
 #endif /* HAVE_KRB5 */
 }
+
+#ifdef HAVE_KRB5
+int ZGetCreds(krb5_creds **creds_out) {
+  krb5_creds creds_in;
+  krb5_ccache ccache; /* XXX make this a global or static?*/
+  int result;
+  
+  result = krb5_cc_default(Z_krb5_ctx, &ccache);
+  if (result)
+    return result;
+
+  memset((char *)&creds_in, 0, sizeof(creds_in));
+  result = krb5_build_principal(Z_krb5_ctx, &creds_in.server,
+                            strlen(__Zephyr_realm), __Zephyr_realm,
+                               SERVER_SERVICE, SERVER_INSTANCE, 0);
+  if (result) {
+    krb5_cc_close(Z_krb5_ctx, ccache);
+    return result;
+  }
+  
+  result = krb5_cc_get_principal(Z_krb5_ctx, ccache, &creds_in.client);
+  if (result) {
+    krb5_free_cred_contents(Z_krb5_ctx, &creds_in); /* I also hope this is ok */
+    krb5_cc_close(Z_krb5_ctx, ccache);
+    return result;
+  }
+  
+  creds_in.times.endtime = 0;
+  creds_in.keyblock.enctype = ENCTYPE_DES_CBC_CRC;
+  
+  result = krb5_get_credentials(Z_krb5_ctx, 0, ccache, &creds_in, creds_out);
+  krb5_cc_close(Z_krb5_ctx, ccache);
+  krb5_free_cred_contents(Z_krb5_ctx, &creds_in); /* I also hope this is ok */
+
+  return result;
+  
+  
+}
+#endif