int
main(int argc, char **argv)
{
char pname[ANAME_SZ + 1], pinst[INST_SZ + 1];
CREDENTIALS cred;
int ret;
ret = tf_init(tkt_string(), R_TKT_FIL);
if (ret != 0) {
printf("Error initializing ticket file \"%s\".\n",
tkt_string());
return ret;
}
memset(&cred, 0, sizeof(cred));
ret = tf_get_pname(pname);
if (ret != 0) {
printf("Error reading names from \"%s\".\n", tkt_string());
return ret;
}
ret = tf_get_pinst(pinst);
if (ret != 0) {
printf("Error reading names from \"%s\".\n", tkt_string());
return ret;
}
ret = tf_get_cred(&cred);
if (ret != 0) {
printf("Error reading creds from \"%s\".\n", tkt_string());
return ret;
}
printf("%lu\n", (unsigned long) cred.lifetime);
tf_close();
return 0;
}
int _main(int argc, const char *argv[])
{
int size = 8,i=0;
int array[8] = {0,1,2,3,4,5,6,7};
struct twinddle_factor *tf = NULL;
struct twinddle_factor *result = NULL;
tf = tf_init(array, size);
printf("Init..입력값 \n");
tf_print(tf, size);
printf("===== \n\n");
tf = Main_FFT(tf, size, 1);
printf("변환됨 Result \n");
tf_print(tf, size);
/* 리버싱 확인하기 */
printf("reverse\n");
tf_bit_reverse(tf,size);
tf_print(tf, size);
tf=Main_FFT(tf,size,-1);
for(i=0;i<size;i++){tf[i].real/=size;tf[i].imag/=size;}
tf_print(tf,size);
tf_bit_reverse(tf,size);
tf_print(tf,size);
return 0;
}
//开机初始化
void All_Init( void )
{
const uint32_t NewDeviationAddr = 0x4000;
/* BootLoad引导程序时,必须在Main中添加,同时更改“魔术棒--Target选项卡的ROM偏移地址” */
NVIC_SetVectorTable(NVIC_VectTab_FLASH,NewDeviationAddr);
/* 外设初始化 */
lcd_init();
rtc_init();
led_init();
uart3_init(BAUD_38400);
print_init(); //波特率19200
timeout_init();
TIM5_TimeoutInit();
link_init();
tf_init();
eep_init();
delay_init_t2();
beep_init();
SysTick_Config(SYSTICK_10MS);
// PrintSystemParameter(); //串口打印系统参数信息,用于调试
#ifdef ENABLE_BEEP
BEEP_START();
#endif
set_page(system_init);
}
/* Called at startup to grab user, instance, and realm information
from the user's ticketfile (remember, name.inst@realm). Since we're
using tf_get_pname(), this should work even if your kerberos username
isn't the same as your local username. We grab the ticket at startup
time so that even if your ticketfile dies while the screen's locked
we'll still have the information to unlock it.
Problems: the password dialog currently displays local username, so if
you have some non-standard name/instance when you run xscreensaver,
you'll need to remember what it was when unlocking, or else you lose.
Also, we use des_string_to_key(), so if you have an AFS password
(encrypted with ka_StringToKey()), you'll lose. Get a kerberos password;
it isn't that hard.
Like the original lock_init, we return false if something went wrong.
We don't use the arguments we're given, though.
*/
Bool
kerberos_lock_init (int argc, char **argv, Bool verbose_p)
{
# ifdef HAVE_DARWIN
KLBoolean found;
return ((klNoErr == (KLCacheHasValidTickets (NULL, kerberosVersion_Any,
&found, &princ, NULL)))
&& found);
# else /* !HAVE_DARWIN */
/* Perhaps we should be doing it the Mac way (above) all the time?
The following code assumes Unix-style file-based Kerberos credentials
cache, which Mac OS X doesn't use. But is there any real reason to
do it this way at all, even on other Unixen?
*/
int k_errno;
memset(name, 0, sizeof(name));
memset(inst, 0, sizeof(inst));
/* find out where the user's keeping his tickets.
squirrel it away for later use. */
tk_file = tkt_string();
/* open ticket file or die trying. */
if ((k_errno = tf_init(tk_file, R_TKT_FIL))) {
return False;
}
/* same with principal and instance names */
if ((k_errno = tf_get_pname(name)) ||
(k_errno = tf_get_pinst(inst))) {
return False;
}
/* close the ticketfile to release the lock on it. */
tf_close();
/* figure out what realm we're authenticated to. this ought
to be the local realm, but it pays to be sure. */
if ((k_errno = krb_get_tf_realm(tk_file, realm))) {
return False;
}
/* last-minute sanity check on what we got. */
if ((strlen(name)+strlen(inst)+strlen(realm)+3) >
(REALM_SZ + ANAME_SZ + INST_SZ + 3)) {
return False;
}
/* success */
return True;
# endif /* !HAVE_DARWIN */
}
static void *tf_decrypt_inplace(void *p, size_t len)
{
int i;
tf_init(tf_key, 128);
for (i = 0; i < len/16; i++) {
tf_decrypt(p, p);
p += 16;
}
return p;
}
int
main()
{
struct tf_init init;
struct tf_result result;
memset(&result, 0, sizeof(result));
init.i_siginfo_hnd = &siginfo_hnd;
tf_init(&init);
tf_runall(tests, &result);
printf("%d successes %d failures %d total\n",
result.r_nsucc, result.r_nfail, result.r_nrun);
return 0;
}
static void *tf_decrypt_inplace(void *p, size_t len)
{
int i;
/* If encryption is disabled, we've got nothing to do */
if (!flag_encryption_enabled)
return p + len;
tf_init(tf_key, 128);
for (i = 0; i < len/16; i++) {
tf_decrypt(p, p);
p += 16;
}
return p;
}
struct twinddle_factor *Main_FFT(struct twinddle_factor *input, const int size, int inverse)
{
struct twinddle_factor *result = NULL;
int *index = NULL,i=0;
/* Init inedx */
index = (int*)malloc(sizeof(int));
*index = 0;
/* Init resutn array */
result = tf_init(NULL, size);
/* Run FFT main */
FFT_Calc(result, input, size, inverse, index);
for (i = 0; i < size; i++) {
input[i].real /= size;
input[i].imag /= size;
}
printf("Index : %d\n", *index);
return result;
}
/* Store the v4 TGT in $KRBTKFILE. */
static void
sly_v4(krb5_context ctx, const char *v4tktfile,
struct _pam_krb5_user_info *userinfo, struct _pam_krb5_stash *stash)
{
int i;
char name[ANAME_SZ + 1], instance[INST_SZ + 1], realm[REALM_SZ + 1];
i = krb5_524_conv_principal(ctx, userinfo->principal_name,
name, instance, realm);
if (i != 0) {
return;
}
tf_init((char *) v4tktfile, W_TKT_FIL);
v4_in_tkt(name, instance, realm);
v4_save_credentials(KRB5_TGS_NAME, realm, realm,
stash->v4creds.session,
stash->v4creds.lifetime,
stash->v4creds.kvno,
&stash->v4creds.ticket_st,
stash->v4creds.issue_date);
tf_close();
}
/*
* First routine called when the kernel module is loaded
*/
static int __init tf_device_register(void)
{
int error;
struct tf_device *dev = &g_tf_dev;
dprintk(KERN_INFO "tf_device_register()\n");
/*
* Initialize the device
*/
dev->dev_number = MKDEV(device_major_number,
TF_DEVICE_MINOR_NUMBER);
cdev_init(&dev->cdev, &g_tf_device_file_ops);
dev->cdev.owner = THIS_MODULE;
g_tf_sysdev.id = 0;
g_tf_sysdev.cls = &g_tf_device_sys_class;
INIT_LIST_HEAD(&dev->connection_list);
spin_lock_init(&dev->connection_list_lock);
#if defined(MODULE) && defined(CONFIG_TF_ZEBRA)
error = (*tf_comm_early_init)();
if (error)
goto module_early_init_failed;
error = tf_device_mshield_init(smc_mem);
if (error)
goto mshield_init_failed;
#ifdef CONFIG_TF_DRIVER_CRYPTO_FIPS
error = tf_crypto_hmac_module_init();
if (error)
goto hmac_init_failed;
error = tf_self_test_register_device();
if (error)
goto self_test_register_device_failed;
#endif
#endif
/* register the sysfs object driver stats */
error = kobject_init_and_add(&dev->kobj, &tf_ktype, NULL, "%s",
TF_DEVICE_BASE_NAME);
if (error) {
printk(KERN_ERR "tf_device_register(): "
"kobject_init_and_add failed (error %d)!\n", error);
kobject_put(&dev->kobj);
goto kobject_init_and_add_failed;
}
/*
* Register the system device.
*/
error = sysdev_class_register(&g_tf_device_sys_class);
if (error != 0) {
printk(KERN_ERR "tf_device_register():"
" sysdev_class_register failed (error %d)!\n",
error);
goto sysdev_class_register_failed;
}
error = sysdev_register(&g_tf_sysdev);
if (error != 0) {
dprintk(KERN_ERR "tf_device_register(): "
"sysdev_register failed (error %d)!\n",
error);
goto sysdev_register_failed;
}
/*
* Register the char device.
*/
printk(KERN_INFO "Registering char device %s (%u:%u)\n",
TF_DEVICE_BASE_NAME,
MAJOR(dev->dev_number),
MINOR(dev->dev_number));
error = register_chrdev_region(dev->dev_number, 1,
TF_DEVICE_BASE_NAME);
if (error != 0) {
printk(KERN_ERR "tf_device_register():"
" register_chrdev_region failed (error %d)!\n",
error);
goto register_chrdev_region_failed;
}
error = cdev_add(&dev->cdev, dev->dev_number, 1);
if (error != 0) {
printk(KERN_ERR "tf_device_register(): "
"cdev_add failed (error %d)!\n",
error);
goto cdev_add_failed;
}
/*
* Initialize the communication with the Secure World.
*/
#ifdef CONFIG_TF_TRUSTZONE
dev->sm.soft_int_irq = soft_interrupt;
#endif
error = tf_init(&g_tf_dev.sm);
if (error != S_SUCCESS) {
dprintk(KERN_ERR "tf_device_register(): "
"tf_init failed (error %d)!\n",
error);
goto init_failed;
}
#ifdef CONFIG_TF_DRIVER_CRYPTO_FIPS
error = tf_self_test_post_init(&(dev_stats->kobj));
/* N.B. error > 0 indicates a POST failure, which will not
prevent the module from loading. */
if (error < 0) {
dprintk(KERN_ERR "tf_device_register(): "
"tf_self_test_post_vectors failed (error %d)!\n",
error);
goto post_failed;
}
#endif
#ifdef CONFIG_ANDROID
tf_class = class_create(THIS_MODULE, TF_DEVICE_BASE_NAME);
device_create(tf_class, NULL,
dev->dev_number,
NULL, TF_DEVICE_BASE_NAME);
#endif
#ifdef CONFIG_TF_ZEBRA
/*
* Initializes the /dev/tf_ctrl device node.
*/
error = tf_ctrl_device_register();
if (error)
goto ctrl_failed;
#endif
#ifdef CONFIG_TF_DRIVER_DEBUG_SUPPORT
address_cache_property((unsigned long) &tf_device_register);
#endif
/*
* Successful completion.
*/
dprintk(KERN_INFO "tf_device_register(): Success\n");
return 0;
/*
* Error: undo all operations in the reverse order
*/
#ifdef CONFIG_TF_ZEBRA
ctrl_failed:
#endif
#ifdef CONFIG_TF_DRIVER_CRYPTO_FIPS
tf_self_test_post_exit();
post_failed:
#endif
init_failed:
cdev_del(&dev->cdev);
cdev_add_failed:
unregister_chrdev_region(dev->dev_number, 1);
register_chrdev_region_failed:
sysdev_unregister(&g_tf_sysdev);
sysdev_register_failed:
sysdev_class_unregister(&g_tf_device_sys_class);
sysdev_class_register_failed:
kobject_init_and_add_failed:
kobject_del(&g_tf_dev.kobj);
#if defined(MODULE) && defined(CONFIG_TF_ZEBRA)
#ifdef CONFIG_TF_DRIVER_CRYPTO_FIPS
tf_self_test_unregister_device();
self_test_register_device_failed:
tf_crypto_hmac_module_exit();
hmac_init_failed:
#endif
tf_device_mshield_exit();
mshield_init_failed:
module_early_init_failed:
#endif
dprintk(KERN_INFO "tf_device_register(): Failure (error %d)\n",
error);
return error;
}
int
krb_get_cred(
char *service, /* Service name */
char *instance, /* Instance */
char *realm, /* Auth domain */
CREDENTIALS *c /* Credentials struct */
)
{
int tf_status; /* return value of tf function calls */
struct timeval local_time;
int kinited = 0;
char env[16];
BOOL prompt;
GetEnvironmentVariable("KERBEROSLOGIN_NEVER_PROMPT",env, sizeof(env));
prompt = (GetLastError() == ERROR_ENVVAR_NOT_FOUND);
c->pname[0] = c->pinst[0] = '\0';
check_cache:
gettimeofday(&local_time, 0);
/* Open ticket file and lock it for shared reading */
if ((tf_status = tf_init(TKT_FILE, R_TKT_FIL)) != KSUCCESS) {
goto cache_checked;
}
/* Copy principal's name and instance into the CREDENTIALS struc c */
if (((tf_status = tf_get_pname(c->pname)) != KSUCCESS) ||
((tf_status = tf_get_pinst(c->pinst)) != KSUCCESS))
{
goto cache_checked;
}
/* Search for requested service credentials and copy into c */
while ((tf_status = tf_get_cred(c)) == KSUCCESS) {
/* Is this the right ticket? */
if (!service || (strcmp(c->service,service) == 0) &&
(!instance || strcmp(c->instance,instance) == 0) &&
(!realm || strcmp(c->realm,realm) == 0))
{
// Hey, is this a valid ticket? Let's check before we return.
if (((long)((c->issue_date + c->lifetime * 5L * 60L) -
(long)local_time.tv_sec) >= 0)
&&
( 0 == com_addr(c)))
{
break; // we're OK
}
}
}
cache_checked:
tf_close();
// If we are requesting a tgt, prompt for it
if (tf_status != KSUCCESS && !kinited &&
strncmp(service, "krbtgt", ANAME_SZ) == 0 &&
prompt)
{
static int (*pLeash_kinit_dlg_ex)(HWND hParent, LPLSH_DLGINFO_EX lpdlginfoex) = 0;
static DWORD (*pLeash_get_default_use_krb4)() = 0;
kinited = 1;
if ( !m_hLeashDLL ) {
m_hLeashDLL = LoadLibrary(LEASHDLL);
if ( m_hLeashDLL ) {
(FARPROC)pLeash_kinit_dlg_ex=GetProcAddress(m_hLeashDLL,"Leash_kinit_dlg_ex");
(FARPROC)pLeash_get_default_use_krb4=GetProcAddress(m_hLeashDLL,"Leash_get_default_use_krb4");
}
}
if ( pLeash_get_default_use_krb4 &&
pLeash_kinit_dlg_ex ) {
LSH_DLGINFO_EX dlginfo;
int success;
// copy in the existing username and realm
char * pTmp = calloc(1, strlen(c->pname) + strlen(c->pinst) + 2);
strcpy(pTmp, c->pname);
if (c->pname[0] != 0 && c->pinst[0] != 0)
{
strcat(pTmp, "/");
strcat(pTmp, c->pinst);
}
memset(&dlginfo, 0, sizeof(LSH_DLGINFO_EX));
dlginfo.size = sizeof(LSH_DLGINFO_EX);
dlginfo.dlgtype = DLGTYPE_PASSWD;
dlginfo.title = dlginfo.in.title;
strcpy(dlginfo.in.title,"Kerberos 4 - Obtain Tickets");
dlginfo.username = dlginfo.in.username;
strcpy(dlginfo.in.username,pTmp);
dlginfo.realm = dlginfo.in.realm;
strcpy(dlginfo.in.realm,realm);
dlginfo.use_defaults = 1;
success = pLeash_kinit_dlg_ex(GetDesktopWindow(), &dlginfo);
free(pTmp);
if (success)
goto check_cache;
}
}
if (tf_status == EOF)
return (GC_NOTKT);
return(tf_status);
}
/*
* First routine called when the kernel module is loaded
*/
static int __init tf_device_register(void)
{
int error;
struct tf_device *dev = &g_tf_dev;
struct tf_device_stats *dev_stats = &dev->stats;
dprintk(KERN_INFO "tf_device_register()\n");
/*
* Initialize the device
*/
dev->dev_number = MKDEV(device_major_number,
TF_DEVICE_MINOR_NUMBER);
cdev_init(&dev->cdev, &g_tf_device_file_ops);
dev->cdev.owner = THIS_MODULE;
INIT_LIST_HEAD(&dev->connection_list);
spin_lock_init(&dev->connection_list_lock);
/* register the sysfs object driver stats */
dev_stats->kobj_type.sysfs_ops = &kobj_sysfs_operations;
dev_stats->kobj_stat_attribute.name = "info";
dev_stats->kobj_stat_attribute.mode = S_IRUGO;
dev_stats->kobj_attribute_list[0] =
&dev_stats->kobj_stat_attribute;
dev_stats->kobj_type.default_attrs =
dev_stats->kobj_attribute_list,
error = kobject_init_and_add(&(dev_stats->kobj),
&(dev_stats->kobj_type), NULL, "%s",
TF_DEVICE_BASE_NAME);
if (error) {
kobject_put(&dev_stats->kobj);
goto kobject_init_and_add_failed;
}
register_syscore_ops((struct syscore_ops *)&g_tf_syscore_ops);
/*
* Register the char device.
*/
printk(KERN_INFO "Registering char device %s (%u:%u)\n",
TF_DEVICE_BASE_NAME,
MAJOR(dev->dev_number),
MINOR(dev->dev_number));
error = register_chrdev_region(dev->dev_number, 1,
TF_DEVICE_BASE_NAME);
if (error != 0) {
printk(KERN_ERR "tf_device_register():"
" register_chrdev_region failed (error %d)!\n",
error);
goto register_chrdev_region_failed;
}
error = cdev_add(&dev->cdev, dev->dev_number, 1);
if (error != 0) {
printk(KERN_ERR "tf_device_register(): "
"cdev_add failed (error %d)!\n",
error);
goto cdev_add_failed;
}
/*
* Initialize the communication with the Secure World.
*/
#ifdef CONFIG_TF_TRUSTZONE
dev->sm.soft_int_irq = soft_interrupt;
#endif
error = tf_init(&g_tf_dev.sm);
if (error != S_SUCCESS) {
dprintk(KERN_ERR "tf_device_register(): "
"tf_init failed (error %d)!\n",
error);
goto init_failed;
}
#ifdef CONFIG_ANDROID
#ifdef CONFIG_TF_DRIVER_CRYPTO_FIPS
error = tf_self_test_post_init(&(g_tf_dev.kobj));
/* N.B. error > 0 indicates a POST failure, which will not
prevent the module from loading. */
if (error < 0) {
dprintk(KERN_ERR "tf_device_register(): "
"tf_self_test_post_vectors failed (error %d)!\n",
error);
goto post_failed;
}
#endif
tf_class = class_create(THIS_MODULE, TF_DEVICE_BASE_NAME);
device_create(tf_class, NULL,
dev->dev_number,
NULL, TF_DEVICE_BASE_NAME);
#endif
#ifdef CONFIG_TF_ZEBRA
/*
* Initializes the /dev/tf_ctrl device node.
*/
error = tf_ctrl_device_register();
if (error)
goto init_failed;
#endif
#ifdef CONFIG_BENCH_SECURE_CYCLE
run_bogo_mips();
address_cache_property((unsigned long) &tf_device_register);
#endif
/*
* Successful completion.
*/
dprintk(KERN_INFO "tf_device_register(): Success\n");
return 0;
/*
* Error: undo all operations in the reverse order
*/
init_failed:
cdev_del(&dev->cdev);
cdev_add_failed:
unregister_chrdev_region(dev->dev_number, 1);
register_chrdev_region_failed:
unregister_syscore_ops((struct syscore_ops *)&g_tf_syscore_ops);
kobject_init_and_add_failed:
kobject_del(&g_tf_dev.stats.kobj);
dprintk(KERN_INFO "tf_device_register(): Failure (error %d)\n",
error);
return error;
}
static int
v4_save(krb5_context ctx,
struct _pam_krb5_stash *stash,
struct _pam_krb5_user_info *userinfo,
struct _pam_krb5_options *options,
uid_t uid, gid_t gid,
const char **ccname,
int clone_cc)
{
char name[ANAME_SZ + 1], instance[INST_SZ + 1], realm[REALM_SZ + 1];
char tktfile[PATH_MAX];
char *saved_tktstring;
int i, fd;
struct stat st;
if (ccname != NULL) {
*ccname = NULL;
}
/* Convert the v5 principal name into v4 notation. */
memset(name, '\0', sizeof(name));
memset(instance, '\0', sizeof(instance));
memset(realm, '\0', sizeof(realm));
if (stash->v5creds.client != NULL) {
/* Use the client principal of the creds we have, which we
* can assume are always correct, even if "external" somehow
* got us to the point where the principal name in "userinfo"
* is incorrect. */
i = krb5_524_conv_principal(ctx, stash->v5creds.client,
name, instance, realm);
} else {
/* Use the parsed principal as a fallback. We should never
* really get here, but just in case. */
i = krb5_524_conv_principal(ctx, userinfo->principal_name,
name, instance, realm);
}
if (i != 0) {
warn("error converting %s to a Kerberos IV principal "
"(shouldn't happen)", userinfo->unparsed_name);
return PAM_SERVICE_ERR;
}
/* Create a new ticket file. */
#ifdef HAVE_LONG_LONG
snprintf(tktfile, sizeof(tktfile), "%s/tkt%llu_XXXXXX",
options->ccache_dir,
options->user_check ?
(unsigned long long) userinfo->uid :
(unsigned long long) getuid());
#else
snprintf(tktfile, sizeof(tktfile), "%s/tkt%lu_XXXXXX",
options->ccache_dir,
options->user_check ?
(unsigned long) userinfo->uid :
(unsigned long) getuid());
#endif
fd = mkstemp(tktfile);
if (fd == -1) {
warn("error creating unique Kerberos IV ticket file "
"(shouldn't happen)");
return PAM_SERVICE_ERR;
}
if (fchown(fd, getuid(), getgid()) != 0) {
warn("error setting permissions on \"%s\" (%s), attempting "
"to continue", tktfile, strerror(errno));
}
if (options->debug) {
debug("saving v4 tickets to '%s'", tktfile);
}
/* Open the ticket file. */
saved_tktstring = xstrdup(tkt_string());
krb_set_tkt_string(tktfile);
i = tf_init(tktfile, W_TKT_FIL);
if (i != 0) {
const char *tferror;
switch (i) {
case NO_TKT_FIL:
tferror = "no ticket file";
break;
case TKT_FIL_ACC:
tferror = "ticket file had wrong permissions";
break;
case TKT_FIL_LCK:
tferror = "error locking ticket file";
break;
default:
tferror = strerror(errno);
break;
}
warn("error opening ticket file '%s': %s",
tktfile, tferror);
if ((i == TKT_FIL_ACC) && (options->debug)) {
if (stat(tktfile, &st) == 0) {
debug("file owner is %lu:%lu, "
"we are effective %lu:%lu, "
"real %lu:%lu",
(unsigned long) st.st_uid,
(unsigned long) st.st_gid,
(unsigned long) geteuid(),
(unsigned long) getegid(),
(unsigned long) getuid(),
(unsigned long) getgid());
}
}
krb_set_tkt_string(saved_tktstring);
xstrfree(saved_tktstring);
unlink(tktfile);
close(fd);
return PAM_SERVICE_ERR;
}
/* Store the user's name. */
if (v4_in_tkt(name, instance, realm) != 0) {
warn("error initializing ticket file '%s'", tktfile);
tf_close();
krb_set_tkt_string(saved_tktstring);
xstrfree(saved_tktstring);
unlink(tktfile);
close(fd);
return PAM_SERVICE_ERR;
}
/* Store the v4 credentials. */
if (v4_save_credentials(KRB5_TGS_NAME, realm, realm,
stash->v4creds.session,
stash->v4creds.lifetime,
stash->v4creds.kvno,
&stash->v4creds.ticket_st,
stash->v4creds.issue_date) != 0) {
warn("error saving tickets to '%s'", tktfile);
tf_close();
krb_set_tkt_string(saved_tktstring);
xstrfree(saved_tktstring);
unlink(tktfile);
close(fd);
return PAM_SERVICE_ERR;
}
/* Close the new file. */
tf_close();
xstrfree(saved_tktstring);
close(fd);
/* Save the new file's name in the stash, and optionally return it to
* the caller. */
if (_pam_krb5_stash_push_v4(ctx, stash, options, tktfile) == 0) {
/* Generate a *new* ticket file with the same contents as this
* one. */
if (clone_cc) {
_pam_krb5_stash_clone_v4(stash, uid, gid);
}
krb_set_tkt_string(stash->v4tktfiles->name);
if (ccname != NULL) {
*ccname = stash->v4tktfiles->name;
}
}
return PAM_SUCCESS;
}
static int
_pam_krb5_v4_init(krb5_context ctx,
struct _pam_krb5_stash *stash,
struct _pam_krb5_user_info *user,
struct _pam_krb5_options *options,
char *sname, char *sinstance,
char *password,
int *result)
{
char name[ANAME_SZ + 1], instance[INST_SZ + 1], realm[REALM_SZ + 1];
char pname[ANAME_SZ + 1], pinstance[INST_SZ + 1];
char tktfile[PATH_MAX];
char *saved_tktstring;
int life, i, fd;
struct stat st;
/* Convert the krb5 version of the principal's name to a v4 principal
* name. This may involve changing "host" to "rcmd" and so on, so let
* libkrb5 handle it. */
memset(name, '\0', sizeof(name));
memset(instance, '\0', sizeof(instance));
memset(realm, '\0', sizeof(realm));
i = krb5_524_conv_principal(ctx, user->principal_name,
name, instance, realm);
if (i != 0) {
if (result) {
*result = i;
}
return PAM_SERVICE_ERR;
}
if (options->debug) {
debug("converted principal to '%s%s%s%s@'%s'", name,
strlen(instance) ? "'.'" : "'", instance,
strlen(instance) ? "'" : "", realm);
}
#ifdef HAVE_KRB_TIME_TO_LIFE
/* Convert the ticket lifetime of the v5 credentials into a v4
* lifetime, which is the X coordinate along a curve where Y is the
* actual length. Again, this is magic. */
life = krb_time_to_life(stash->v5creds.times.starttime,
stash->v5creds.times.endtime);
#else
/* No life_to_time() function means that we have to estimate the
* intended lifetime, in 5-minute increments. We also have a maximum
* value to contend with, because the lifetime is expressed in a single
* byte. */
life = stash->v5creds.times.endtime -
stash->v5creds.times.starttime;
life /= (60 * 5);
if (life > 0xff) {
life = 0xff;
}
#endif
/* Create the ticket file. One of two things will happen here. Either
* libkrb[4] will just use the file, and we're safer because it
* wouldn't have used O_EXCL to do so, or it will nuke the file and
* reopen it with O_EXCL. In the latter case, the descriptor we have
* will become useless, so we don't actually use it for anything. */
#ifdef HAVE_LONG_LONG
snprintf(tktfile, sizeof(tktfile), "%s/tkt%llu_XXXXXX",
options->ccache_dir,
options->user_check ?
(unsigned long long) user->uid :
(unsigned long long) getuid());
#else
snprintf(tktfile, sizeof(tktfile), "%s/tkt%lu_XXXXXX",
options->ccache_dir,
options->user_check ?
(unsigned long) user->uid :
(unsigned long) getuid());
#endif
fd = mkstemp(tktfile);
if (fd == -1) {
if (result) {
*result = errno;
}
return PAM_SERVICE_ERR;
}
if (fchown(fd, getuid(), getgid()) != 0) {
warn("error setting permissions on \"%s\" (%s), attempting "
"to continue", tktfile, strerror(errno));
}
if (options->debug) {
debug("preparing to place v4 credentials in '%s'", tktfile);
}
/* Save the old default ticket file name, and set the default to use
* our just-created empty file. */
saved_tktstring = xstrdup(tkt_string());
krb_set_tkt_string(tktfile);
/* Get the initial credentials. */
i = krb_get_pw_in_tkt(name, instance, realm,
sname, sinstance ? sinstance : realm,
life, password);
if (result) {
*result = i;
}
/* Restore the original default ticket file name. */
krb_set_tkt_string(saved_tktstring);
xstrfree(saved_tktstring);
saved_tktstring = NULL;
/* If we got credentials, read them from the file, and then remove the
* file. */
if (i == 0) {
i = tf_init(tktfile, R_TKT_FIL);
if (i == 0) {
i = tf_get_pname(pname);
if (i == 0) {
i = tf_get_pinst(pinstance);
if (i == 0) {
i = tf_get_cred(&stash->v4creds);
if (i == 0) {
tf_close();
unlink(tktfile);
close(fd);
return PAM_SUCCESS;
} else {
warn("error reading creds "
"from '%s': %d (%s)",
tktfile,
i, v5_error_message(i));
}
} else {
warn("error reading instance from '%s'"
": %d (%s)",
tktfile, i, v5_error_message(i));
}
} else {
warn("error reading principal name from '%s'"
": %d (%s)",
tktfile, i, v5_error_message(i));
}
tf_close();
} else {
const char *tferror;
switch (i) {
case NO_TKT_FIL:
tferror = "no ticket file";
break;
case TKT_FIL_ACC:
tferror = "ticket file had wrong permissions";
break;
case TKT_FIL_LCK:
tferror = "error locking ticket file";
break;
default:
tferror = strerror(errno);
break;
}
warn("error opening '%s' for reading: %s",
tktfile, tferror);
if ((i == TKT_FIL_ACC) && (options->debug)) {
if (stat(tktfile, &st) == 0) {
debug("file owner is %lu:%lu, "
"we are effective %lu:%lu, "
"real %lu:%lu",
(unsigned long) st.st_uid,
(unsigned long) st.st_gid,
(unsigned long) geteuid(),
(unsigned long) getegid(),
(unsigned long) getuid(),
(unsigned long) getgid());
}
}
}
}
unlink(tktfile);
close(fd);
return PAM_AUTH_ERR;
}