KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_init_context_flags(unsigned int flags, krb5_context *context)
{
static heim_base_once_t init_context = HEIM_BASE_ONCE_INIT;
krb5_context p;
krb5_error_code ret;
char **files = NULL;
*context = NULL;
p = calloc(1, sizeof(*p));
if (!p)
return ENOMEM;
p->mutex = malloc(sizeof(HEIMDAL_MUTEX));
if (p->mutex == NULL) {
free(p);
return ENOMEM;
}
HEIMDAL_MUTEX_init(p->mutex);
HEIMDAL_MUTEX_lock(&homedir_mutex);
if (allow_homedir)
p->flags |= KRB5_CTX_F_HOMEDIR_ACCESS;
HEIMDAL_MUTEX_unlock(&homedir_mutex);
if ((flags & KRB5_CONTEXT_FLAG_NO_CONFIG) == 0) {
ret = krb5_get_default_config_files(&files);
if (ret)
goto out;
}
ret = krb5_set_config_files(p, files);
krb5_free_config_files(files);
if (ret)
goto out;
heim_base_once_f(&init_context, p, init_context_once);
/* init error tables */
krb5_init_ets(p);
cc_ops_register(p);
kt_ops_register(p);
#ifdef PKINIT
ret = hx509_context_init(&p->hx509ctx);
if (ret)
goto out;
#endif
if (rk_SOCK_INIT())
p->flags |= KRB5_CTX_F_SOCKETS_INITIALIZED;
out:
if (ret) {
krb5_free_context(p);
p = NULL;
}
*context = p;
return ret;
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_init_context(krb5_context *context)
{
static heim_base_once_t init_context = HEIM_BASE_ONCE_INIT;
krb5_context p;
krb5_error_code ret;
char **files;
*context = NULL;
p = calloc(1, sizeof(*p));
if(!p)
return ENOMEM;
p->mutex = malloc(sizeof(HEIMDAL_MUTEX));
if (p->mutex == NULL) {
free(p);
return ENOMEM;
}
HEIMDAL_MUTEX_init(p->mutex);
p->flags |= KRB5_CTX_F_HOMEDIR_ACCESS;
ret = krb5_get_default_config_files(&files);
if(ret)
goto out;
ret = krb5_set_config_files(p, files);
krb5_free_config_files(files);
if(ret)
goto out;
/* done enough to load plugins */
heim_base_once_f(&init_context, p, init_context_once);
/* init error tables */
krb5_init_ets(p);
cc_ops_register(p);
kt_ops_register(p);
#ifdef PKINIT
ret = hx509_context_init(&p->hx509ctx);
if (ret)
goto out;
#endif
if (rk_SOCK_INIT())
p->flags |= KRB5_CTX_F_SOCKETS_INITIALIZED;
out:
if(ret) {
krb5_free_context(p);
p = NULL;
}
*context = p;
return ret;
}
static int
krb5_init(void *context)
{
struct authctxt *authctxt = (struct authctxt *)context;
krb5_error_code problem;
if (authctxt->krb5_ctx == NULL) {
problem = krb5_init_context(&authctxt->krb5_ctx);
if (problem)
return (problem);
krb5_init_ets(authctxt->krb5_ctx);
}
return (0);
}
static int
krb5_init(void *context)
{
Authctxt *authctxt = (Authctxt *)context;
krb5_error_code problem;
if (authctxt->krb5_ctx == NULL) {
problem = krb5_init_context(&authctxt->krb5_ctx);
if (problem)
return (problem);
#ifdef KRB5_INIT_ETS
krb5_init_ets(authctxt->krb5_ctx);
#endif
}
return (0);
}
static int
ssh_gssapi_krb5_init(void)
{
krb5_error_code problem;
if (krb_context != NULL)
return 1;
problem = krb5_init_context(&krb_context);
if (problem) {
logit("Cannot initialize krb5 context");
return 0;
}
krb5_init_ets(krb_context);
return 1;
}
static int
ssh_gssapi_krb5_init()
{
krb5_error_code problem;
if (krb_context != NULL)
return 1;
problem = krb5_init_context(&krb_context);
if (problem) {
logit("Cannot initialize krb5 context");
return 0;
}
#ifdef KRB5_INIT_ETS
krb5_init_ets(krb_context);
#endif
return 1;
}
static int
krb5_init(void *context)
{
Authctxt *authctxt = (Authctxt *)context;
krb5_error_code problem;
static int cleanup_registered = 0;
if (authctxt->krb5_ctx == NULL) {
problem = krb5_init_context(&authctxt->krb5_ctx);
if (problem)
return (problem);
krb5_init_ets(authctxt->krb5_ctx);
}
if (!cleanup_registered) {
fatal_add_cleanup(krb5_cleanup_proc, authctxt);
cleanup_registered = 1;
}
return (0);
}
static int
change_host(Display *dpy, char *name, Bool add)
{
XHostAddress ha;
char *lname;
int namelen, i, family = FamilyWild;
#ifdef K5AUTH
krb5_principal princ;
krb5_data kbuf;
#endif
#ifdef NEEDSOCKETS
#ifndef AMTCPCONN
static struct in_addr addr; /* so we can point at it */
#if defined(IPv6) && defined(AF_INET6)
static struct in6_addr addr6; /* so we can point at it */
#else
struct hostent *hp;
#endif
#else
static ipaddr_t addr;
#endif
#endif
char *cp;
#ifdef DNETCONN
struct dn_naddr *dnaddrp;
struct nodeent *np;
static struct dn_naddr dnaddr;
#endif /* DNETCONN */
static char *add_msg = "being added to access control list";
static char *remove_msg = "being removed from access control list";
namelen = strlen(name);
if ((lname = (char *)malloc(namelen+1)) == NULL) {
fprintf (stderr, "%s: malloc bombed in change_host\n", ProgramName);
exit (1);
}
for (i = 0; i < namelen; i++) {
lname[i] = tolower(name[i]);
}
lname[namelen] = '\0';
if (!strncmp("inet:", lname, 5)) {
#if defined(TCPCONN) || defined(STREAMSCONN) || defined(AMTCPCONN)
family = FamilyInternet;
name += 5;
#else
fprintf (stderr, "%s: not compiled for TCP/IP\n", ProgramName);
return 0;
#endif
}
else if (!strncmp("inet6:", lname, 6)) {
#if (defined(TCPCONN) || defined(STREAMSCONN)) && \
defined(IPv6) && defined(AF_INET6)
family = FamilyInternet6;
name += 6;
#else
fprintf (stderr, "%s: not compiled for IPv6\n", ProgramName);
return 0;
#endif
}
else if (!strncmp("dnet:", lname, 5)) {
#ifdef DNETCONN
family = FamilyDECnet;
name += 5;
#else
fprintf (stderr, "%s: not compiled for DECnet\n", ProgramName);
return 0;
#endif
}
else if (!strncmp("nis:", lname, 4)) {
#ifdef SECURE_RPC
family = FamilyNetname;
name += 4;
#else
fprintf (stderr, "%s: not compiled for Secure RPC\n", ProgramName);
return 0;
#endif
}
else if (!strncmp("krb:", lname, 4)) {
#ifdef K5AUTH
family = FamilyKrb5Principal;
name +=4;
#else
fprintf (stderr, "%s: not compiled for Kerberos 5\n", ProgramName);
return 0;
#endif
}
else if (!strncmp("local:", lname, 6)) {
family = FamilyLocalHost;
}
if (family == FamilyWild && (cp = strchr(lname, ':'))) {
*cp = '\0';
fprintf (stderr, "%s: unknown address family \"%s\"\n",
ProgramName, lname);
return 0;
}
free(lname);
#ifdef DNETCONN
if (family == FamilyDECnet ||
(cp = strchr(name, ':')) && (*(cp + 1) == ':') &&
!(*cp = '\0')) {
ha.family = FamilyDECnet;
if (dnaddrp = dnet_addr(name)) {
dnaddr = *dnaddrp;
} else {
if ((np = getnodebyname (name)) == NULL) {
fprintf (stderr, "%s: unable to get node name for \"%s::\"\n",
ProgramName, name);
return 0;
}
dnaddr.a_len = np->n_length;
memmove( dnaddr.a_addr, np->n_addr, np->n_length);
}
ha.length = sizeof(struct dn_naddr);
ha.address = (char *)&dnaddr;
if (add) {
XAddHost (dpy, &ha);
printf ("%s:: %s\n", name, add_msg);
} else {
XRemoveHost (dpy, &ha);
printf ("%s:: %s\n", name, remove_msg);
}
return 1;
}
#endif /* DNETCONN */
#ifdef K5AUTH
if (family == FamilyKrb5Principal) {
krb5_error_code retval;
retval = krb5_parse_name(name, &princ);
if (retval) {
krb5_init_ets(); /* init krb errs for error_message() */
fprintf(stderr, "%s: cannot parse Kerberos name: %s\n",
ProgramName, error_message(retval));
return 0;
}
XauKrb5Encode(princ, &kbuf);
ha.length = kbuf.length;
ha.address = kbuf.data;
ha.family = family;
if (add)
XAddHost(dpy, &ha);
else
XRemoveHost(dpy, &ha);
krb5_free_principal(princ);
free(kbuf.data);
printf( "%s %s\n", name, add ? add_msg : remove_msg);
return 1;
}
#endif
if (family == FamilyLocalHost) {
ha.length = 0;
ha.address = "";
ha.family = family;
if (add)
XAddHost(dpy, &ha);
else
XRemoveHost(dpy, &ha);
printf( "non-network local connections %s\n", add ? add_msg : remove_msg);
return 1;
}
/*
* If it has an '@', it's a netname
*/
if ((family == FamilyNetname && (cp = strchr(name, '@'))) ||
(cp = strchr(name, '@'))) {
char *netname = name;
#ifdef SECURE_RPC
static char username[MAXNETNAMELEN];
if (!cp[1]) {
struct passwd *pwd;
static char domainname[128];
*cp = '\0';
pwd = getpwnam(name);
if (!pwd) {
fprintf(stderr, "no such user \"%s\"\n", name);
return 0;
}
getdomainname(domainname, sizeof(domainname));
if (!user2netname(username, pwd->pw_uid, domainname)) {
fprintf(stderr, "failed to get netname for \"%s\"\n", name);
return 0;
}
netname = username;
}
#endif
ha.family = FamilyNetname;
ha.length = strlen(netname);
ha.address = netname;
if (add)
XAddHost (dpy, &ha);
else
XRemoveHost (dpy, &ha);
if (netname != name)
printf ("%s@ (%s) %s\n", name, netname, add ? add_msg : remove_msg);
else
printf ("%s %s\n", netname, add ? add_msg : remove_msg);
return 1;
}
#ifdef NEEDSOCKETS
/*
* First see if inet_addr() can grok the name; if so, then use it.
*/
#ifndef AMTCPCONN
if (((family == FamilyWild) || (family == FamilyInternet)) &&
((addr.s_addr = inet_addr(name)) != -1)) {
#else
if (((family == FamilyWild) || (family == FamilyInternet)) &&
((addr = inet_addr(name)) != -1)) {
#endif
ha.family = FamilyInternet;
ha.length = 4; /* but for Cray would be sizeof(addr.s_addr) */
ha.address = (char *)&addr; /* but for Cray would be &addr.s_addr */
if (add) {
XAddHost (dpy, &ha);
printf ("%s %s\n", name, add_msg);
} else {
XRemoveHost (dpy, &ha);
printf ("%s %s\n", name, remove_msg);
}
return 1;
}
#if defined(IPv6) && defined(AF_INET6)
/*
* Check to see if inet_pton() can grok it as an IPv6 address
*/
else if (((family == FamilyWild) || (family == FamilyInternet6)) &&
(inet_pton(AF_INET6, name, &addr6.s6_addr) == 1)) {
ha.family = FamilyInternet6;
ha.length = sizeof(addr6.s6_addr);
ha.address = (char *) &addr6.s6_addr;
if (add) {
XAddHost (dpy, &ha);
printf ("%s %s\n", name, add_msg);
} else {
XRemoveHost (dpy, &ha);
printf ("%s %s\n", name, remove_msg);
}
return 1;
} else {
/*
* Is it in the namespace?
*
* If no family was specified, use both Internet v4 & v6 addresses.
* Otherwise, use only addresses matching specified family.
*/
struct addrinfo *addresses;
struct addrinfo *a;
Bool didit = False;
if (getaddrinfo(name, NULL, NULL, &addresses) != 0)
return 0;
for (a = addresses; a != NULL; a = a->ai_next) {
if ( ((a->ai_family == AF_INET) && (family != FamilyInternet6))
|| ((a->ai_family == AF_INET6) && (family != FamilyInternet)) ) {
char ad[INET6_ADDRSTRLEN];
ha.family = XFamily(a->ai_family);
if (a->ai_family == AF_INET6) {
ha.address = (char *)
&((struct sockaddr_in6 *) a->ai_addr)->sin6_addr;
ha.length =
sizeof (((struct sockaddr_in6 *) a->ai_addr)->sin6_addr);
} else {
ha.address = (char *)
&((struct sockaddr_in *) a->ai_addr)->sin_addr;
ha.length =
sizeof (((struct sockaddr_in *) a->ai_addr)->sin_addr);
}
inet_ntop(a->ai_family, ha.address, ad, sizeof(ad));
/* printf("Family: %d\nLength: %d\n", a->ai_family, ha.length); */
/* printf("Address: %s\n", ad); */
if (add) {
XAddHost (dpy, &ha);
} else {
XRemoveHost (dpy, &ha);
}
didit = True;
}
}
if (didit == True) {
printf ("%s %s\n", name, add ? add_msg : remove_msg);
} else {
const char *familyMsg = "";
if (family == FamilyInternet6) {
familyMsg = "inet6 ";
} else if (family == FamilyInternet) {
familyMsg = "inet ";
}
fprintf(stderr, "%s: unable to get %saddress for \"%s\"\n",
ProgramName, familyMsg, name);
}
freeaddrinfo(addresses);
return 1;
}
#else /* !IPv6 */
/*
* Is it in the namespace?
*/
else if (((hp = gethostbyname(name)) == (struct hostent *)NULL)
|| hp->h_addrtype != AF_INET) {
return 0;
} else {
ha.family = XFamily(hp->h_addrtype);
ha.length = hp->h_length;
#ifdef h_addr /* new 4.3bsd version of gethostent */
{
char **list;
/* iterate over the hosts */
for (list = hp->h_addr_list; *list; list++) {
ha.address = *list;
if (add) {
XAddHost (dpy, &ha);
} else {
XRemoveHost (dpy, &ha);
}
}
}
#else
ha.address = hp->h_addr;
if (add) {
XAddHost (dpy, &ha);
} else {
XRemoveHost (dpy, &ha);
}
#endif
printf ("%s %s\n", name, add ? add_msg : remove_msg);
return 1;
}
#endif /* IPv6 */
#else /* NEEDSOCKETS */
return 0;
#endif /* NEEDSOCKETS */
}
/*ARGSUSED*/
void
Krb5InitAuth (unsigned short name_len, char *name)
{
krb5_init_ets(); /* initialize error_message() tables */
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_copy_context(krb5_context context, krb5_context *out)
{
krb5_error_code ret;
krb5_context p;
*out = NULL;
p = calloc(1, sizeof(*p));
if (p == NULL)
return krb5_enomem(context);
p->mutex = malloc(sizeof(HEIMDAL_MUTEX));
if (p->mutex == NULL) {
free(p);
return krb5_enomem(context);
}
HEIMDAL_MUTEX_init(p->mutex);
if (context->default_cc_name)
p->default_cc_name = strdup(context->default_cc_name);
if (context->default_cc_name_env)
p->default_cc_name_env = strdup(context->default_cc_name_env);
if (context->etypes) {
ret = copy_etypes(context, context->etypes, &p->etypes);
if (ret)
goto out;
}
if (context->etypes_des) {
ret = copy_etypes(context, context->etypes_des, &p->etypes_des);
if (ret)
goto out;
}
if (context->default_realms) {
ret = krb5_copy_host_realm(context,
context->default_realms, &p->default_realms);
if (ret)
goto out;
}
ret = _krb5_config_copy(context, context->cf, &p->cf);
if (ret)
goto out;
/* XXX should copy */
krb5_init_ets(p);
cc_ops_copy(p, context);
kt_ops_copy(p, context);
#if 0 /* XXX */
if(context->warn_dest != NULL)
;
if(context->debug_dest != NULL)
;
#endif
ret = krb5_set_extra_addresses(p, context->extra_addresses);
if (ret)
goto out;
ret = krb5_set_extra_addresses(p, context->ignore_addresses);
if (ret)
goto out;
ret = _krb5_copy_send_to_kdc_func(p, context);
if (ret)
goto out;
*out = p;
return 0;
out:
krb5_free_context(p);
return ret;
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_init_context(krb5_context *context)
{
static heim_base_once_t init_context = HEIM_BASE_ONCE_INIT;
krb5_context p;
krb5_error_code ret;
char **files;
uint8_t rnd;
*context = NULL;
/**
* krb5_init_context() will get one random byte to make sure our
* random is alive. Assumption is that once the non blocking
* source allows us to pull bytes, its all seeded and allows us to
* pull more bytes.
*
* Most Kerberos users calls krb5_init_context(), so this is
* useful point where we can do the checking.
*/
ret = krb5_generate_random(&rnd, sizeof(rnd));
if (ret)
return ret;
p = calloc(1, sizeof(*p));
if(!p)
return ENOMEM;
p->mutex = malloc(sizeof(HEIMDAL_MUTEX));
if (p->mutex == NULL) {
free(p);
return ENOMEM;
}
HEIMDAL_MUTEX_init(p->mutex);
p->flags |= KRB5_CTX_F_HOMEDIR_ACCESS;
ret = krb5_get_default_config_files(&files);
if(ret)
goto out;
ret = krb5_set_config_files(p, files);
krb5_free_config_files(files);
if(ret)
goto out;
/* done enough to load plugins */
heim_base_once_f(&init_context, p, init_context_once);
/* init error tables */
krb5_init_ets(p);
cc_ops_register(p);
kt_ops_register(p);
#ifdef PKINIT
ret = hx509_context_init(&p->hx509ctx);
if (ret)
goto out;
#endif
if (rk_SOCK_INIT())
p->flags |= KRB5_CTX_F_SOCKETS_INITIALIZED;
out:
if(ret) {
krb5_free_context(p);
p = NULL;
}
*context = p;
return ret;
}
/*
* Function: Initialize the current instance of the KWIN application.
*
* Parameters:
* hinstance - the instance to initialize
*
* ncmdshow - show flag to indicate wheather to come up minimized
* or not.
*
* Returns: TRUE if initialized sucessfully, false otherwise.
*/
static BOOL
init_instance(HINSTANCE hinstance, int ncmdshow)
{
WORD versionrequested;
WSADATA wsadata;
int rc;
int i;
versionrequested = 0x0101; /* We need version 1.1 */
rc = WSAStartup(versionrequested, &wsadata);
if (rc != 0) {
MessageBox(NULL, "Couldn't initialize Winsock library", "",
MB_OK | MB_ICONSTOP);
return FALSE;
}
if (versionrequested != wsadata.wVersion) {
WSACleanup();
MessageBox(NULL, "Winsock version 1.1 not available", "",
MB_OK | MB_ICONSTOP);
return FALSE;
}
#ifdef KRB5
{
krb5_error_code code;
code = krb5_init_context(&k5_context);
if (!code) {
#if 0 /* Not needed under windows */
krb5_init_ets(k5_context);
#endif
code = k5_init_ccache(&k5_ccache);
}
if (code) {
com_err(NULL, code, "while initializing program");
return FALSE;
}
k5_name_from_ccache(k5_ccache);
}
#endif
cns_load_registry();
/*
* Set up expiration action
*/
alert = cns_res.alert;
beep = cns_res.beep;
/*
* ticket options
*/
forwardable = cns_res.forwardable;
noaddresses = cns_res.noaddresses;
/*
* Load clock icons
*/
for (i = IDI_FIRST_CLOCK; i <= IDI_LAST_CLOCK; i++)
kwin_icons[i - IDI_FIRST_CLOCK] = LoadIcon(hinstance, MAKEINTRESOURCE(i));
#ifdef KRB4
krb_start_session(NULL);
#endif
return TRUE;
}
main()
{
krb5_init_ets();
tkt_test_1();
}
