krb5_error_code Z_krb5_init_keyblock(krb5_context context, krb5_enctype type, size_t size, krb5_keyblock **key) { #ifdef HAVE_KRB5_CREDS_KEYBLOCK_ENCTYPE return krb5_init_keyblock(context, type, size, key); #else krb5_error_code ret; krb5_keyblock *tmp, tmp_ss; tmp = &tmp_ss; *key = NULL; Z_enctype(tmp) = type; Z_keylen(tmp) = size; Z_keydata(tmp) = malloc(size); if (!Z_keydata(tmp)) return ENOMEM; ret = krb5_copy_keyblock(context, tmp, key); free(Z_keydata(tmp)); return ret; #endif }
int _GetSecurityObject(struct afscp_cell *cell) { int code = ENOENT; #ifdef HAVE_KERBEROS krb5_context context; krb5_creds match; krb5_creds *cred; krb5_ccache cc; char **realms, *realm; struct afsconf_cell celldata; char localcell[MAXCELLCHARS + 1]; struct rx_securityClass *sc; struct ktc_encryptionKey k; int i; rxkad_level l; code = _GetCellInfo(cell->name, &celldata); if (code != 0) { goto try_anon; } if (authas_name[0]) { code = _GetLocalSecurityObject(cell, authas_name, authas_inst); if (code == 0) { return 0; } } code = krb5_init_context(&context); /* see aklog.c main() */ if (code != 0) { goto try_anon; } if (cell->realm == NULL) { realm = NULL; code = krb5_get_host_realm(context, celldata.hostName[0], &realms); if (code == 0) { strlcpy(localcell, realms[0], sizeof(localcell)); krb5_free_host_realm(context, realms); realm = localcell; } else goto try_anon; } else { realm = cell->realm; strlcpy(localcell, realm, MAXCELLCHARS + 1); } if (realm) if (realm == NULL) { for (i = 0; (i < MAXCELLCHARS && cell->name[i]); i++) { if (isalpha(cell->name[i])) localcell[i] = toupper(cell->name[i]); else localcell[i] = cell->name[i]; } localcell[i] = '\0'; realm = localcell; } cc = NULL; code = krb5_cc_default(context, &cc); memset(&match, 0, sizeof(match)); Z_enctype(Z_credskey(&match)) = ENCTYPE_DES_CBC_CRC; if (code == 0) code = krb5_cc_get_principal(context, cc, &match.client); if (code == 0) code = krb5_build_principal(context, &match.server, strlen(realm), realm, "afs", cell->name, NULL); if (code != 0) { krb5_free_cred_contents(context, &match); if (cc) krb5_cc_close(context, cc); krb5_free_context(context); goto try_anon; } code = krb5_get_credentials(context, 0, cc, &match, &cred); if (code != 0) { krb5_free_principal(context, match.server); match.server = NULL; code = krb5_build_principal(context, &match.server, strlen(realm), realm, "afs", NULL); if (code == 0) code = krb5_get_credentials(context, 0, cc, &match, &cred); if (code != 0) { krb5_free_cred_contents(context, &match); if (cc) krb5_cc_close(context, cc); krb5_free_context(context); goto try_anon; } } if (insecure) l = rxkad_clear; else l = rxkad_crypt; memcpy(&k.data, Z_keydata(Z_credskey(cred)), 8); sc = (struct rx_securityClass *)rxkad_NewClientSecurityObject (l, &k, RXKAD_TKT_TYPE_KERBEROS_V5, cred->ticket.length, cred->ticket.data); krb5_free_creds(context, cred); krb5_free_cred_contents(context, &match); if (cc) krb5_cc_close(context, cc); krb5_free_context(context); cell->security = sc; cell->scindex = 2; return 0; try_anon: #endif /* HAVE_KERBEROS */ if (try_anonymous) return _GetNullSecurityObject(cell); else return code; }