STABLE14-aklog-heimdal-integration-20050630

The necessary autoconf/C glue to make aklog work with Heimdal. (cherry picked from commit 233b7043ce22a120e52b2d1194a2603c659de735)
2025-02-01 14:07:39 +00:00 · 2005-07-11 20:07:00 +00:00 · 2005-07-11 20:07:00 +00:00 · 6df854931e
commit 6df854931e
parent c7eb015409
6 changed files with 122 additions and 38 deletions
--- a/src/aklog/Makefile.in
+++ b/src/aklog/Makefile.in
@ -5,7 +5,7 @@
 srcdir=@srcdir@
 include @TOP_OBJDIR@/src/config/Makefile.config

-CFLAGS += @KRB5CFLAGS@ -DALLOW_REGISTER
+OPTMZ += @KRB5CFLAGS@ -DALLOW_REGISTER
 LIBS += @KRB5LIBS@
 AFSLIBS = ${TOP_LIBDIR}/libprot.a ${TOP_LIBDIR}/libubik.a \
 	  ${TOP_LIBDIR}/libauth.a ${TOP_LIBDIR}/librxkad.a \
--- a/src/aklog/aklog.c
+++ b/src/aklog/aklog.c
@ -43,7 +43,6 @@ WinMain(HINSTANCE hinst, HINSTANCE hprevinstance, LPSTR cmdline, int noshow)

 	parse_cmdline(cmdline, &argv, &argc);

-    aklog_init_params(&params);
    aklog(argc, argv, &params);

 	return 0;
--- a/src/aklog/aklog.h
+++ b/src/aklog/aklog.h
@ -13,7 +13,6 @@ static char *rcsid_aklog_h = "$Id$";
 #endif /* lint || SABER */

 #include <krb5.h>
-#include <kerberosIV/krb.h>
 #include "linked_list.h"
 #include <afsconfig.h>

@ -23,20 +22,56 @@ static char *rcsid_aklog_h = "$Id$";
 #define ARGS(x) ()
 #endif /* __STDC__ */

-typedef struct {
-    int (*readlink)ARGS((char *, char *, size_t));
-    int (*isdir)ARGS((char *, unsigned char *));
-    char *(*getwd)ARGS((char *));
-    int (*get_cred)ARGS((krb5_context, char *, char *, char *, CREDENTIALS *,
-		krb5_creds **));
-    int (*get_user_realm)ARGS((krb5_context, char *));
-    void (*pstderr)ARGS((char *));
-    void (*pstdout)ARGS((char *));
-    void (*exitprog)ARGS((char));
-} aklog_params;
-
 void aklog ARGS((int, char *[]));
-void aklog_init_params ARGS((aklog_params *));
+
+/*
+ * If we have krb.h, use the definition of CREDENTIAL from there.  Otherwise,
+ * inline it.  When we inline it we're using the inline definition from the
+ * Heimdal sources (since Heimdal doesn't include a definition of struct
+ * credentials with the sources
+ */
+
+#ifdef HAVE_KERBEROSIV_KRB_H
+#include <kerberosIV/krb.h>
+#else /* HAVE_KERBEROSIV_KRB_H */
+
+#ifndef MAX_KTXT_LEN
+#define MAX_KTXT_LEN 1250
+#endif /* MAX_KTXT_LEN */
+#ifndef ANAME_SZ
+#define ANAME_SZ 40
+#endif /* ANAME_SZ */
+#ifndef REALM_SZ
+#define REALM_SZ 40
+#endif /* REALM_SZ */
+#ifndef SNAME_SZ
+#define SNAME_SZ 40
+#endif /* SNAME_SZ */
+#ifndef INST_SZ
+#define INST_SZ 40
+#endif /* INST_SZ */
+
+struct ktext {
+    unsigned int length;
+    unsigned char dat[MAX_KTXT_LEN];
+    u_int32_t mbz;
+};
+
+struct credentials {
+    char    service[ANAME_SZ];
+    char    instance[INST_SZ];
+    char    realm[REALM_SZ];
+    char    session[8];
+    int     lifetime;
+    int     kvno;
+    struct ktext ticket_st;
+    int32_t    issue_date;
+    char    pname[ANAME_SZ];
+    char    pinst[INST_SZ];
+};
+
+typedef struct credentials CREDENTIALS;
+#endif /* ! HAVE_KERBEROSIV_KRB_H */

 #ifdef WINDOWS
 /*
--- a/src/aklog/aklog_main.c
+++ b/src/aklog/aklog_main.c
@ -161,6 +161,48 @@ static krb5_error_code get_credv5(krb5_context context, char *, char *,
 				  char *, krb5_creds **);
 static int get_user_realm(krb5_context, char *);

+#if defined(HAVE_KRB5_PRINC_SIZE) || defined(krb5_princ_size)
+
+#define get_princ_str(c, p, n) krb5_princ_component(c, p, n)->data
+#define get_princ_len(c, p, n) krb5_princ_component(c, p, n)->length
+#define second_comp(c, p) (krb5_princ_size(c, p) > 1)
+#define realm_data(c, p) krb5_princ_realm(c, p)->data
+#define realm_len(c, p) krb5_princ_realm(c, p)->length
+
+#elif defined(HAVE_KRB5_PRINCIPAL_GET_COMP_STRING)
+
+#define get_princ_str(c, p, n) krb5_principal_get_comp_string(c, p, n)
+#define get_princ_len(c, p, n) strlen(krb5_principal_get_comp_string(c, p, n))
+#define second_comp(c, p) (krb5_principal_get_comp_string(c, p, 1) != NULL)
+#define realm_data(c, p) krb5_realm_data(krb5_principal_get_realm(c, p))
+#define realm_len(c, p) krb5_realm_length(krb5_principal_get_realm(c, p))
+
+#else
+#error "Must have either krb5_princ_size or krb5_principal_get_comp_string"
+#endif
+
+#if defined(HAVE_KRB5_CREDS_KEYBLOCK)
+
+#define get_cred_keydata(c) c->keyblock.contents
+#define get_cred_keylen(c) c->keyblock.length
+#define get_creds_enctype(c) c->keyblock.enctype
+
+#elif defined(HAVE_KRB5_CREDS_SESSION)
+
+#define get_cred_keydata(c) c->session.keyvalue.data
+#define get_cred_keylen(c) c->session.keyvalue.length
+#define get_creds_enctype(c) c->session.keytype
+
+#else
+#error "Must have either keyblock or session member of krb5_creds
+#endif
+
+#if !defined(HAVE_KRB5_524_CONVERT_CREDS) && defined(HAVE_KRB524_CONVERT_CREDS_KDC)
+#define krb5_524_convert_creds krb524_convert_creds_kdc
+#elif !defined(HAVE_KRB5_524_CONVERT_CREDS) && !defined(HAVE_KRB524_CONVERT_CREDS_KDC)
+#error "You must have one of krb5_524_convert_creds or krb5_524_convert_creds_kdc available"
+#endif
+
 #endif /* WINDOWS */

 /*
@ -546,7 +588,7 @@ static int auth_to_cell(context, cell, realm)
 	    }
 	}

-	if (status != KSUCCESS) {
+	if (status) {
 	    if (dflag) {
 		printf("Kerberos error code returned by get_cred: %d\n",
 			status);
@ -574,18 +616,18 @@ static int auth_to_cell(context, cell, realm)
 	    if (dflag)
 	    	printf("Using Kerberos V5 ticket natively\n");

-	    len = min(v5cred->client->data[0].length,
-	    	      v5cred->client->length > 1 ? MAXKTCNAMELEN - 2 :
-		      MAXKTCNAMELEN - 1);
-	    strncpy(username, v5cred->client->data[0].data, len);
+	    len = min(get_princ_len(context, v5cred->client, 0),
+	    	      second_comp(context, v5cred->client) ?
+					MAXKTCNAMELEN - 2 : MAXKTCNAMELEN - 1);
+	    strncpy(username, get_princ_str(context, v5cred->client, 0), len);
 	    username[len] = '\0';

-	    if (v5cred->client->length > 1) {
+	    if (second_comp(context, v5cred->client) > 1) {
 	    	strcat(username, ".");
 		p = username + strlen(username);
-		len = min(v5cred->client->data[1].length,
+		len = min(get_princ_len(context, v5cred->client, 1),
 			  MAXKTCNAMELEN - strlen(username) - 1);
-		strncpy(p, v5cred->client->data[1].data, len);
+		strncpy(p, get_princ_str(context, v5cred->client, 1), len);
 		p[len] = '\0';
 	    }

@ -593,8 +635,8 @@ static int auth_to_cell(context, cell, realm)
 	    atoken.kvno = RXKAD_TKT_TYPE_KERBEROS_V5;
 	    atoken.startTime = v5cred->times.starttime;;
 	    atoken.endTime = v5cred->times.endtime;
-	    memcpy(&atoken.sessionKey, v5cred->keyblock.contents,
-		   v5cred->keyblock.length);
+	    memcpy(&atoken.sessionKey, get_cred_keydata(v5cred),
+		   get_cred_keylen(v5cred));
 	    atoken.ticketLen = v5cred->ticket.length;
 	    memcpy(atoken.ticket, v5cred->ticket.data, atoken.ticketLen);
 	} else {
@ -660,7 +702,7 @@ static int auth_to_cell(context, cell, realm)
 #ifndef WINDOWS
 	}
 	else {
-	    if ((status = get_user_realm(context, realm_of_user)) != KSUCCESS) {
+	    if ((status = get_user_realm(context, realm_of_user))) {
 		fprintf(stderr, "%s: Couldn't determine realm of user:)",
 			progname);
 		com_err(progname, status, " while getting realm");
@ -1514,14 +1556,19 @@ void aklog(int argc, char *argv[])
 }

 #ifndef HAVE_ADD_TO_ERROR_TABLE
-#include <afs/error_table.h>

+#define error_table error_table_compat
+#include <afs/error_table.h>
+#undef error_table
+
+#ifndef HAVE_ADD_ERROR_TABLE
 void add_error_table (const struct error_table *);
+#endif /* !HAVE_ADD_ERROR_TABLE */

 void
 add_to_error_table(struct et_list *new_table)
 {
-	add_error_table(new_table->table);
+	add_error_table((struct error_table *) new_table->table);
 }
 #endif /* HAVE_ADD_TO_ERROR_TABLE */

@ -1572,7 +1619,7 @@ static krb5_error_code get_credv5(krb5_context context,
    increds.client = client_principal;
    increds.times.endtime = 0;
 	/* Ask for DES since that is what V4 understands */
-    increds.keyblock.enctype = ENCTYPE_DES_CBC_CRC;
+    get_creds_enctype((&increds)) = ENCTYPE_DES_CBC_CRC;

    r = krb5_get_credentials(context, 0, _krb425_ccache, &increds, creds);

@ -1590,9 +1637,10 @@ static int get_user_realm(krb5_context context, char *realm)
    if (!client_principal)
        krb5_cc_get_principal(context, _krb425_ccache, &client_principal);

-    i = krb5_princ_realm(context, client_principal)->length;
+    i = realm_len(context, client_principal);
    if (i > REALM_SZ-1) i = REALM_SZ-1;
-    strncpy(realm,krb5_princ_realm(context, client_principal)->data,i);
+    strncpy(realm,realm_data(context, client_principal), i);
    realm[i] = 0;
-    return(KSUCCESS);
+
+    return(0);
 }
--- a/src/aklog/krb_util.c
+++ b/src/aklog/krb_util.c
@ -18,8 +18,8 @@ static char rcsid_send_to_kdc_c[] =
 #include <kerberosIV/mit-copyright.h>
 #endif
 #include <afs/stds.h>
+#include "aklog.h"
 #include <krb5.h>
-#include <kerberosIV/krb.h> 

 #ifndef MAX_HSTNM
 #define MAX_HSTNM 100
--- a/src/cf/kerberos.m4
+++ b/src/cf/kerberos.m4
@ -54,12 +54,14 @@ BUILD_KRB5=no
 if test X$conf_krb5 = XYES; then
 	AC_MSG_RESULT([Configuring support for Kerberos 5 utilities])
 	BUILD_KRB5=yes
-	save_CFLAGS="$CFLAGS"
-	CFLAGS="$CFLAGS KRB5CFLAGS"
+	save_CPPFLAGS="$CPPFLAGS"
+	CPPFLAGS="$CPPFLAGS $KRB5CFLAGS"
 	save_LIBS="$LIBS"
 	LIBS="$LIBS $KRB5LIBS"
-	AC_CHECK_FUNCS([add_to_error_table])
-	CFLAGS="$save_CFLAGS"
+	AC_CHECK_FUNCS([add_to_error_table add_error_table krb5_princ_size krb5_principal_get_comp_string krb5_524_convert_creds krb524_convert_creds_kdc])
+	AC_CHECK_HEADERS([kerberosIV/krb.h])
+	AC_CHECK_MEMBERS([krb5_creds.keyblock, krb5_creds.session],,, [#include <krb5.h>])
+	CPPFLAGS="$save_CPPFLAGS"
 	LIBS="$save_LIBS"
 fi
 AC_SUBST(BUILD_KRB5)