diff options
author | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | 2016-06-23 10:46:48 +0200 |
---|---|---|
committer | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | 2016-07-01 15:17:42 +0200 |
commit | 20454528656dbe98a538de7c67ce89e50841bd5f (patch) | |
tree | ba1bf29ee69e8ae391b0773161ff3baf58707761 | |
parent | 26bf48bab8f6ca72d20f5375a4cbc02dbefcb359 (diff) | |
download | nx-libs-20454528656dbe98a538de7c67ce89e50841bd5f.tar.gz nx-libs-20454528656dbe98a538de7c67ce89e50841bd5f.tar.bz2 nx-libs-20454528656dbe98a538de7c67ce89e50841bd5f.zip |
nxagent Xserver: Drop Kerberos code. Not used in nxagent.
-rw-r--r-- | nx-X11/config/cf/Imake.tmpl | 29 | ||||
-rw-r--r-- | nx-X11/config/cf/README | 7 | ||||
-rw-r--r-- | nx-X11/config/cf/X11.tmpl | 14 | ||||
-rw-r--r-- | nx-X11/lib/X11/Imakefile | 9 | ||||
-rw-r--r-- | nx-X11/programs/Xserver/Imakefile | 2 | ||||
-rw-r--r-- | nx-X11/programs/Xserver/dix/Imakefile | 6 | ||||
-rw-r--r-- | nx-X11/programs/Xserver/dix/dispatch.c | 10 | ||||
-rw-r--r-- | nx-X11/programs/Xserver/dix/tables.c | 15 | ||||
-rw-r--r-- | nx-X11/programs/Xserver/include/dixstruct.h | 4 | ||||
-rw-r--r-- | nx-X11/programs/Xserver/os/Imakefile | 18 | ||||
-rw-r--r-- | nx-X11/programs/Xserver/os/access.c | 31 | ||||
-rw-r--r-- | nx-X11/programs/Xserver/os/auth.c | 12 | ||||
-rw-r--r-- | nx-X11/programs/Xserver/os/k5auth.c | 801 | ||||
-rw-r--r-- | nx-X11/programs/Xserver/os/osdep.h | 23 | ||||
-rw-r--r-- | nx-X11/programs/Xserver/os/rpcauth.c | 2 |
15 files changed, 7 insertions, 976 deletions
diff --git a/nx-X11/config/cf/Imake.tmpl b/nx-X11/config/cf/Imake.tmpl index f40864ced..d540f418b 100644 --- a/nx-X11/config/cf/Imake.tmpl +++ b/nx-X11/config/cf/Imake.tmpl @@ -566,12 +566,6 @@ X_BYTE_ORDER = ByteOrder #ifndef HasSecureRPC #define HasSecureRPC NO /* if you have Secure RPC */ #endif -#ifndef HasKrbIV -#define HasKrbIV NO /* if you have Kerberos IV */ -#endif -#ifndef HasKrb5 -#define HasKrb5 NO /* if you have Kerberos V5 */ -#endif #ifndef HasLatex #define HasLatex NO #endif @@ -591,27 +585,6 @@ X_BYTE_ORDER = ByteOrder #ifndef GzipLibrary /* if OS config didn't define it, assume it's -lz */ #define GzipLibrary -lz #endif -#if HasKrbIV -#ifndef KrbIVIncludes -#define KrbIVIncludes /**/ -#endif -#ifndef KrbIVLibraries -#define KrbIVLibraries -lkrb -ldes -#endif -#endif -#if HasKrb5 -#ifndef Krb5Includes -#define Krb5Includes -I/krb5/include -#endif -#ifndef Krb5Libraries -#define Krb5Libraries -L/krb5/lib -L/usr/isode/lib -lkrb5 -lcrypto -lisode -lcom_err -ldbm -#endif -#else -#undef Krb5Includes -#define Krb5Includes /**/ -#undef Krb5Libraries -#define Krb5Libraries /**/ -#endif #ifndef UseGnuMalloc #define UseGnuMalloc NO #endif @@ -1878,7 +1851,7 @@ MODLDCOMBINEFLAGS = ModuleLdCombineFlags STD_DEFINES = StandardDefines $(PROJECT_DEFINES) EXTRA_LOAD_FLAGS = ExtraLoadFlags EXTRA_LDOPTIONS = ExtraLoadOptions - EXTRA_LIBRARIES = MallocLibraries ExtraLibraries Krb5Libraries + EXTRA_LIBRARIES = MallocLibraries ExtraLibraries TAGS = TagsCmd #if ConstructMFLAGS MFLAGS = -$(MAKEFLAGS) diff --git a/nx-X11/config/cf/README b/nx-X11/config/cf/README index 41ff36a01..0cd37245a 100644 --- a/nx-X11/config/cf/README +++ b/nx-X11/config/cf/README @@ -68,8 +68,6 @@ Imake.tmpl provides defaults for the following variables: HasGnuMake use the GNU make program? HasGhostPCL boolean for system has GhostPCL HasGhostScript boolean for system has GhostScript - HasKrbIV system has Kerberos version IV support? - HasKrb5 system has Kerberos version 5 support? HasLargeTmp boolean for system has /tmp space HasLatex system has LaTeX document preparation software HasLibCrypt boolean for system has libcrypt @@ -105,10 +103,6 @@ Imake.tmpl provides defaults for the following variables: InstPgmFlags install flags for normal programs InstUidFlags install flags for xterm to chown /dev/ptys InstallCmd command to install files - KrbIVIncludes where to include KerberosIV header files from - KrbIVLibraries where to load KerberosIV libraries from - Krb5Includes where to include Kerberos header files from - Krb5Libraries where to load Kerberos libraries from LdCmd command to run loader LdCombineFlags flags for incremental loading LexCmd command to run lex @@ -207,7 +201,6 @@ X11.tmpl provides defaults for the following variables: needs Wraphelp.c, see Release Notes InstallLibManPages boolean for installing library man pages InstallSecurityConfig install server security policy file over old? - KrbIVDefines defines for use with KerberosIV LibDir directory in which to install X11 support files LibManSuffix man suffix for library pages LibmanDir directory in which to install library man pages diff --git a/nx-X11/config/cf/X11.tmpl b/nx-X11/config/cf/X11.tmpl index a40df9fa2..ce952fb68 100644 --- a/nx-X11/config/cf/X11.tmpl +++ b/nx-X11/config/cf/X11.tmpl @@ -739,20 +739,6 @@ FCHOWN_DEFINES = -DHAS_FCHOWN #ifndef ServerOSDefines #define ServerOSDefines /**/ #endif -#if HasKrbIV -#ifndef KrbIVDefines -#define KrbIVDefines -DKERBEROS -#endif -#else -#define KrbIVDefines /**/ -#endif -#if HasKrb5 -#ifndef Krb5Defines -#define Krb5Defines -DK5AUTH -#endif -#else -#define Krb5Defines /**/ -#endif #ifndef ServerExtraDefines #define ServerExtraDefines /* -DPIXPRIV */ #endif diff --git a/nx-X11/lib/X11/Imakefile b/nx-X11/lib/X11/Imakefile index 8be1b592d..cc87d6e7b 100644 --- a/nx-X11/lib/X11/Imakefile +++ b/nx-X11/lib/X11/Imakefile @@ -172,12 +172,6 @@ EXTRA_LIBRARIES = /**/ SETID_DEFINES = -DHASGETRESUID #endif XLC_DEFINES = -DXLOCALEDIR=\"$(XLOCALEDIR)\" -#if HasKrb5 - K5OBJS = k5encode.o - K5SRCS = k5encode.c - K5INCL = Krb5Includes - K5DEFS = Krb5Defines -#endif #if (defined(FreeBSDArchitecture) && OSRelVersion < 500016) || \ defined(OpenBSDArchitecture) THRSTUBSRCS = UIThrStubs.c @@ -1082,9 +1076,6 @@ SpecialCLibObjectRule(KeyBind,$(ICONFIGFILES),$(XKB_DEFINES)) SpecialCLibObjectRule(XKBBind,$(ICONFIGFILES),$(XKB_DEFINES)) SpecialCLibObjectRule(imConv,$(ICONFIGFILES),$(XKB_DEFINES)) #endif -#if HasKrb5 -SpecialCLibObjectRule(k5encode,$(_NOOP_),$(K5INCL)) -#endif #if BuildLoadableXlibI18n SpecialCLibObjectRuleSeparateOpts(lcInit,$(ICONFIGFILES),$(_NOOP_),$(LC_DYNDEFINES)) SpecialCLibObjectRuleSeparateOpts(lcGeneric,$(ICONFIGFILES),$(_NOOP_),$(LC_DYNDEFINES)) diff --git a/nx-X11/programs/Xserver/Imakefile b/nx-X11/programs/Xserver/Imakefile index 6a8e736f1..93a3286b1 100644 --- a/nx-X11/programs/Xserver/Imakefile +++ b/nx-X11/programs/Xserver/Imakefile @@ -246,7 +246,7 @@ INSTPGMFLAGS = #if !(SystemV4 || defined(SGIArchitecture) || UseRgbTxt) DBMLIBS = DBMLibrary #endif - SYSLIBS = $(ZLIB) MathLibrary Krb5Libraries $(DBMLIBS) $(USB) \ + SYSLIBS = $(ZLIB) MathLibrary $(DBMLIBS) $(USB) \ $(PAMLIBS) $(EXTRASYSLIBS) #if !HasCbrt CBRT = mi/LibraryTargetName(cbrt) diff --git a/nx-X11/programs/Xserver/dix/Imakefile b/nx-X11/programs/Xserver/dix/Imakefile index ed7530caf..fb67cb65b 100644 --- a/nx-X11/programs/Xserver/dix/Imakefile +++ b/nx-X11/programs/Xserver/dix/Imakefile @@ -126,10 +126,6 @@ VENDORRELEASE = XVendorRelease VENDOR_RELEASE = -DVENDOR_RELEASE="$(VENDORRELEASE)" #endif -#if HasKrb5 - K5DEFS = Krb5Defines -#endif - #ifdef DarwinArchitecture #if DarwinQuartzSupport QUARTZ_DEFINES = -DDARWIN_WITH_QUARTZ @@ -146,8 +142,6 @@ LintLibraryTarget(dix,$(SRCS) $(XPSRC)) NormalLintTarget($(SRCS) $(XPSRC)) SpecialCObjectRule(globals,$(ICONFIGFILES),$(SITE_DEFINES)) -SpecialCObjectRule(tables,$(ICONFIGFILES),$(K5DEFS)) -SpecialCObjectRule(dispatch,$(ICONFIGFILES),$(K5DEFS)) SpecialCObjectRule(main,$(ICONFIGFILES),$(VENDOR_DEFINES)) SpecialCObjectRule(pixmap,$(ICONFIGFILES),$(_NOOP_)) SpecialCObjectRule(privates,$(ICONFIGFILES),$(_NOOP_)) diff --git a/nx-X11/programs/Xserver/dix/dispatch.c b/nx-X11/programs/Xserver/dix/dispatch.c index fe4da8a0c..803870369 100644 --- a/nx-X11/programs/Xserver/dix/dispatch.c +++ b/nx-X11/programs/Xserver/dix/dispatch.c @@ -955,10 +955,6 @@ ProcGetAtomName(register ClientPtr client) } } -#ifdef K5AUTH -extern int k5_bad(); -#endif - #ifndef NXAGENT_SERVER int ProcSetSelectionOwner(register ClientPtr client) @@ -3506,12 +3502,6 @@ InitProcVectors(void) ProcVector[i] = SwappedProcVector[i] = ProcBadRequest; ReplySwapVector[i] = ReplyNotSwappd; } -#ifdef K5AUTH - if (!k5_Vector[i]) - { - k5_Vector[i] = k5_bad; - } -#endif } for(i = LASTEvent; i < 128; i++) { diff --git a/nx-X11/programs/Xserver/dix/tables.c b/nx-X11/programs/Xserver/dix/tables.c index eb4f4c8d2..df15de7d1 100644 --- a/nx-X11/programs/Xserver/dix/tables.c +++ b/nx-X11/programs/Xserver/dix/tables.c @@ -63,11 +63,6 @@ SOFTWARE. #include "swaprep.h" #include "swapreq.h" -#ifdef K5AUTH -extern int - k5_stage1(), k5_stage2(), k5_stage3(), k5_bad(); -#endif - int (* InitialVector[3]) ( ClientPtr /* client */ ) = @@ -517,13 +512,3 @@ ReplySwapPtr ReplySwapVector[256] = ReplyNotSwappd, /* NoOperation */ ReplyNotSwappd }; - -#ifdef K5AUTH -int (*k5_Vector[256])() = -{ - k5_bad, - k5_stage1, - k5_bad, - k5_stage3 -}; -#endif diff --git a/nx-X11/programs/Xserver/include/dixstruct.h b/nx-X11/programs/Xserver/include/dixstruct.h index 01a1c86dc..57033a43e 100644 --- a/nx-X11/programs/Xserver/include/dixstruct.h +++ b/nx-X11/programs/Xserver/include/dixstruct.h @@ -219,10 +219,6 @@ extern int (* ProcVector[256]) (ClientPtr /*client*/); extern int (* SwappedProcVector[256]) (ClientPtr /*client*/); -#ifdef K5AUTH -extern int (*k5_Vector[256])(ClientPtr /*client*/); -#endif - extern ReplySwapPtr ReplySwapVector[256]; extern int ProcBadRequest(ClientPtr /*client*/); diff --git a/nx-X11/programs/Xserver/os/Imakefile b/nx-X11/programs/Xserver/os/Imakefile index 5245b7841..00d28deb1 100644 --- a/nx-X11/programs/Xserver/os/Imakefile +++ b/nx-X11/programs/Xserver/os/Imakefile @@ -78,11 +78,6 @@ RPCOBJS = RPCSRCS = #endif -#if HasKrb5 -KRB5OBJS = k5auth.o k5encode.o -KRB5SRCS = k5auth.c k5encode.c -#endif - #if HasBSD44Sockets SOCK_DEFINES = -DBSD44SOCKETS #endif @@ -122,12 +117,12 @@ GETPEER_DEFINES = -DHAS_GETPEEREID BOOTSTRAPCFLAGS = SRCS = WaitFor.c access.c connection.c io.c $(COLOR_SRCS) \ osinit.c utils.c log.c auth.c mitauth.c secauth.c \ - $(XDMAUTHSRCS) $(RPCSRCS) $(KRB5SRCS) xdmcp.c OtherSources \ + $(XDMAUTHSRCS) $(RPCSRCS) xdmcp.c OtherSources \ transport.c $(SNPRINTF_SRCS) $(STRLCAT_SRCS) \ $(MALLOC_SRCS) xprintf.c OBJS = WaitFor.o access.o connection.o io.o $(COLOR_OBJS) \ osinit.o utils.o log.o auth.o mitauth.o secauth.o \ - $(XDMAUTHOBJS) $(RPCOBJS) $(KRB5OBJS) xdmcp.o OtherObjects \ + $(XDMAUTHOBJS) $(RPCOBJS) xdmcp.o OtherObjects \ transport.o $(SNPRINTF_OBJS) $(STRLCAT_OBJS) \ $(MALLOC_OBJS) xprintf.o @@ -146,7 +141,6 @@ BOOTSTRAPCFLAGS = DBM_DEFINES = NdbmDefines ADM_DEFINES = -DADMPATH=\"$(ADMDIR)/X\%smsgs\" XDMCP_DEFINES = ServerXdmcpDefines - KRB5_DEFINES = Krb5Defines XALLOC_DEFINES = XallocDefines ERROR_DEFINES = ServerErrorDefines #if HasPam && HasPamMisc @@ -154,11 +148,11 @@ BOOTSTRAPCFLAGS = #endif DEFINES = -DXSERV_t -DTRANS_SERVER $(CONNECTION_FLAGS) $(MEM_DEFINES) \ $(XDMAUTHDEFS) $(RPCDEFS) $(SIGNAL_DEFINES) $(OS_DEFINES) \ - $(KRB5_DEFINES) $(RGB_DEFINES) $(GETPEER_DEFINES) \ + $(RGB_DEFINES) $(GETPEER_DEFINES) \ $(RANDOM_DEFINES) $(BUGMSG) $(XTRANS_FAILDEFINES) $(NX_DEFINES) INCLUDES = -I. -I../include -I$(XINCLUDESRC) -I$(EXTINCSRC) \ -I$(SERVERSRC)/Xext -I$(SERVERSRC)/render \ - -I$(TOP)/lib/Xau Krb5Includes $(NX_INCLUDES) \ + -I$(TOP)/lib/Xau $(NX_INCLUDES) \ `pkg-config --cflags-only-I pixman-1` DEPEND_DEFINES = $(DBM_DEFINES) $(XDMCP_DEFINES) $(EXT_DEFINES) \ $(TRANS_INCLUDES) $(CONNECTION_FLAGS) $(GETPEER_DEFINES) \ @@ -204,10 +198,6 @@ oscolor.o: oscolor.c $(ICONFIGFILES) SpecialCObjectRule(oscolor,$(ICONFIGFILES),$(DBM_DEFINES)) #endif -#if HasKrb5 -LinkSourceFile(k5encode.c,$(XAUTHSRC)) -#endif - #if !HasSnprintf LinkSourceFile(snprintf.c,$(LIBSRC)/misc) #endif diff --git a/nx-X11/programs/Xserver/os/access.c b/nx-X11/programs/Xserver/os/access.c index d2bf972fe..7f45e5ec9 100644 --- a/nx-X11/programs/Xserver/os/access.c +++ b/nx-X11/programs/Xserver/os/access.c @@ -1170,10 +1170,6 @@ ResetHosts (char *display) struct nodeent *np; struct dn_naddr dnaddr, *dnaddrp, *dnet_addr(); #endif -#ifdef K5AUTH - krb5_principal princ; - krb5_data kbuf; -#endif int family = 0; void *addr; int len; @@ -1249,13 +1245,6 @@ ResetHosts (char *display) hostname = ohostname + 4; } #endif -#ifdef K5AUTH - else if (!strncmp("krb:", lhostname, 4)) - { - family = FamilyKrb5Principal; - hostname = ohostname + 4; - } -#endif else if (!strncmp("si:", lhostname, 3)) { family = FamilyServerInterpreted; @@ -1298,16 +1287,6 @@ ResetHosts (char *display) } else #endif /* DNETCONN */ -#ifdef K5AUTH - if (family == FamilyKrb5Principal) - { - krb5_parse_name(hostname, &princ); - XauKrb5Encode(princ, &kbuf); - (void) NewHost(FamilyKrb5Principal, kbuf.data, kbuf.length, FALSE); - krb5_free_principal(princ); - } - else -#endif #ifdef SECURE_RPC if ((family == FamilyNetname) || (strchr(hostname, '@'))) { @@ -1553,11 +1532,6 @@ AddHost (ClientPtr client, len = length; LocalHostEnabled = TRUE; break; -#ifdef K5AUTH - case FamilyKrb5Principal: - len = length; - break; -#endif #ifdef SECURE_RPC case FamilyNetname: len = length; @@ -1656,11 +1630,6 @@ RemoveHost ( len = length; LocalHostEnabled = FALSE; break; -#ifdef K5AUTH - case FamilyKrb5Principal: - len = length; - break; -#endif #ifdef SECURE_RPC case FamilyNetname: len = length; diff --git a/nx-X11/programs/Xserver/os/auth.c b/nx-X11/programs/Xserver/os/auth.c index c14c1e874..587e0d5ec 100644 --- a/nx-X11/programs/Xserver/os/auth.c +++ b/nx-X11/programs/Xserver/os/auth.c @@ -54,9 +54,6 @@ from The Open Group. #include <dix-config.h> #endif -#ifdef K5AUTH -# include <krb5/krb5.h> -#endif # include <nx-X11/X.h> # include <nx-X11/Xauth.h> # include "misc.h" @@ -112,15 +109,6 @@ static struct protocol protocols[] = { #endif }, #endif -#ifdef K5AUTH -{ (unsigned short) 14, "MIT-KERBEROS-5", - K5Add, K5Check, K5Reset, - K5ToID, K5FromID, K5Remove, -#ifdef XCSECURITY - NULL -#endif -}, -#endif #ifdef XCSECURITY { (unsigned short) XSecurityAuthorizationNameLen, XSecurityAuthorizationName, diff --git a/nx-X11/programs/Xserver/os/k5auth.c b/nx-X11/programs/Xserver/os/k5auth.c deleted file mode 100644 index f2ed5369d..000000000 --- a/nx-X11/programs/Xserver/os/k5auth.c +++ /dev/null @@ -1,801 +0,0 @@ -/* $Xorg: k5auth.c,v 1.4 2001/02/09 02:05:23 xorgcvs Exp $ */ -/* - -Copyright 1993, 1994, 1998 The Open Group - -Permission to use, copy, modify, distribute, and sell this software and its -documentation for any purpose is hereby granted without fee, provided that -the above copyright notice appear in all copies and that both that -copyright notice and this permission notice appear in supporting -documentation. - -The above copyright notice and this permission notice shall be included -in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS -OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR -OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, -ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR -OTHER DEALINGS IN THE SOFTWARE. - -Except as contained in this notice, the name of The Open Group shall -not be used in advertising or otherwise to promote the sale, use or -other dealings in this Software without prior written authorization -from The Open Group. - -*/ -/* $XFree86: xc/programs/Xserver/os/k5auth.c,v 3.4 2001/01/17 22:37:10 dawes Exp $ */ - -/* - * Kerberos V5 authentication scheme - * Author: Tom Yu <tlyu@MIT.EDU> - * - * Mostly snarfed wholesale from the user_user demo in the - * krb5 distribution. (At least the checking part) - */ - -#ifdef HAVE_DIX_CONFIG_H -#include <dix-config.h> -#endif - -#include <sys/types.h> -#include <sys/socket.h> -#ifdef TCPCONN -#include <netinet/in.h> -#endif -#ifdef DNETCONN -#include <netdnet/dn.h> -#endif -#include <arpa/inet.h> -#include <krb5/krb5.h> -/* 9/93: krb5.h leaks some symbols */ -#undef BITS32 -#undef xfree -#include <krb5/los-proto.h> -#include <nx-X11/X.h> -#include "os.h" -#include "osdep.h" -#include <nx-X11/Xproto.h> -#include <nx-X11/Xfuncs.h> -#include "dixstruct.h" -#include <com_err.h> -#include "Xauth.h" - -extern int (*k5_Vector[256])(); -extern int SendConnSetup(); -extern char *display; /* need this to generate rcache name */ - -static XID krb5_id = ~0L; -static krb5_principal srvname = NULL; /* service name */ -static char *ccname = NULL; -static char *ktname = NULL; /* key table name */ -static char kerror[256]; - -/* - * tgt_keyproc: - * - * extract session key from a credentials struct - */ -krb5_error_code tgt_keyproc(keyprocarg, principal, vno, key) - krb5_void * keyprocarg; - krb5_principal principal; - krb5_kvno vno; - krb5_keyblock **key; -{ - krb5_creds *creds = (krb5_creds *)keyprocarg; - - return krb5_copy_keyblock(&creds->keyblock, key); -} - -/* - * k5_cmpenc: - * - * compare "encoded" principals - */ -Bool k5_cmpenc(pname, plen, buf) - unsigned char *pname; - short plen; - krb5_data *buf; -{ - return (plen == buf->length && - memcmp(pname, buf->data, plen) == 0); -} - -/* - * K5Check: - * - * This is stage 0 of the krb5 authentication protocol. It - * goes through the current credentials cache and extracts the - * primary principal and tgt to send to the client, or as - * appropriate, extracts from a keytab. - * - * The packet sent to the client has the following format: - * - * CARD8 reqType = 2 - * CARD8 data = 0 - * CARD16 length = total length of packet (in 32 bit units) - * CARD16 plen = length of encoded principal following - * STRING8 princ = encoded principal - * STRING8 ticket = server tgt - * - * For client-server authentication, the packet is as follows: - * - * CARD8 reqType = 3 - * CARD8 data = 0 - * CARD16 length = total length - * STRING8 princ = encoded principal of server - */ -XID K5Check(data_length, data, client, reason) - unsigned short data_length; - char *data; - ClientPtr client; - char **reason; -{ - krb5_error_code retval; - CARD16 tlen; - krb5_principal sprinc, cprinc; - krb5_ccache cc; - krb5_creds *creds; - char *outbuf, *cp; - krb5_data princ; - register char n; - xReq prefix; - - if (krb5_id == ~0L) - return ~0L; - if (!ccname && !srvname) - return ~0L; - if (ccname) - { - if ((creds = (krb5_creds *)malloc(sizeof(krb5_creds))) == NULL) - return ~0L; - if (retval = krb5_cc_resolve(ccname, &cc)) - return ~0L; - bzero((char*)creds, sizeof (krb5_creds)); - if (retval = krb5_cc_get_principal(cc, &cprinc)) - { - krb5_free_creds(creds); - krb5_cc_close(cc); - return ~0L; - } - creds->client = cprinc; - if (retval = - krb5_build_principal_ext(&sprinc, - krb5_princ_realm(creds->client)->length, - krb5_princ_realm(creds->client)->data, - 6, "krbtgt", - krb5_princ_realm(creds->client)->length, - krb5_princ_realm(creds->client)->data, - 0)) - { - krb5_free_creds(creds); - krb5_cc_close(cc); - return ~0L; - } - creds->server = sprinc; - retval = krb5_get_credentials(KRB5_GC_CACHED, cc, creds); - krb5_cc_close(cc); - if (retval) - { - krb5_free_creds(creds); - return ~0L; - } - if (retval = XauKrb5Encode(cprinc, &princ)) - { - krb5_free_creds(creds); - return ~0L; - } - tlen = sz_xReq + 2 + princ.length + creds->ticket.length; - prefix.reqType = 2; /* opcode = authenticate user-to-user */ - } - else if (srvname) - { - if (retval = XauKrb5Encode(srvname, &princ)) - { - return ~0L; - } - tlen = sz_xReq + princ.length; - prefix.reqType = 3; /* opcode = authenticate client-server */ - } - prefix.data = 0; /* stage = 0 */ - prefix.length = (tlen + 3) >> 2; /* round up to nearest multiple - of 4 bytes */ - if (client->swapped) - { - swaps(&prefix.length, n); - } - if ((cp = outbuf = (char *)malloc(tlen)) == NULL) - { - if (ccname) - { - krb5_free_creds(creds); - } - free(princ.data); - return ~0L; - } - memcpy(cp, &prefix, sz_xReq); - cp += sz_xReq; - if (ccname) - { - memcpy(cp, &princ.length, 2); - if (client->swapped) - { - swaps((CARD16 *)cp, n); - } - cp += 2; - } - memcpy(cp, princ.data, princ.length); - cp += princ.length; - free(princ.data); /* we don't need that anymore */ - if (ccname) - memcpy(cp, creds->ticket.data, creds->ticket.length); - WriteToClient(client, tlen, outbuf); - free(outbuf); - client->requestVector = k5_Vector; /* hack in our dispatch vector */ - client->clientState = ClientStateAuthenticating; - if (ccname) - { - ((OsCommPtr)client->osPrivate)->authstate.srvcreds = (void *)creds; /* save tgt creds */ - ((OsCommPtr)client->osPrivate)->authstate.ktname = NULL; - ((OsCommPtr)client->osPrivate)->authstate.srvname = NULL; - } - if (srvname) - { - ((OsCommPtr)client->osPrivate)->authstate.srvcreds = NULL; - ((OsCommPtr)client->osPrivate)->authstate.ktname = (void *)ktname; - ((OsCommPtr)client->osPrivate)->authstate.srvname = (void *)srvname; - } - ((OsCommPtr)client->osPrivate)->authstate.stageno = 1; /* next stage is 1 */ - return krb5_id; -} - -/* - * k5_stage1: - * - * This gets called out of the dispatcher after K5Check frobs with the - * client->requestVector. It accepts the ap_req from the client and verifies - * it. In addition, if the client has set AP_OPTS_MUTUAL_REQUIRED, it then - * sends an ap_rep to the client to achieve mutual authentication. - * - * client stage1 packet format is as follows: - * - * CARD8 reqType = 1 - * CARD8 data = ignored - * CARD16 length = total length - * STRING8 data = the actual ap_req - * - * stage2 packet sent back to client for mutual authentication: - * - * CARD8 reqType = 2 - * CARD8 data = 2 - * CARD16 length = total length - * STRING8 data = the ap_rep - */ -int k5_stage1(client) - register ClientPtr client; -{ - long addrlen; - krb5_error_code retval, retval2; - register char n; - struct sockaddr cli_net_addr; - xReq prefix; - krb5_principal cprinc; - krb5_data buf; - krb5_creds *creds = (krb5_creds *)((OsCommPtr)client->osPrivate)->authstate.srvcreds; - krb5_keyblock *skey; - krb5_address cli_addr, **localaddrs = NULL; - krb5_tkt_authent *authdat; - krb5_ap_rep_enc_part rep; - krb5_int32 ctime, cusec; - krb5_rcache rcache = NULL; - char *cachename = NULL, *rc_type = NULL, *rc_base = "rcX", *kt = NULL; - REQUEST(xReq); - - if (((OsCommPtr)client->osPrivate)->authstate.stageno != 1) - { - if (creds) - krb5_free_creds(creds); - return(SendConnSetup(client, "expected Krb5 stage1 packet")); - } - addrlen = sizeof (cli_net_addr); - if (getpeername(((OsCommPtr)client->osPrivate)->fd, - &cli_net_addr, &addrlen) == -1) - { - if (creds) - krb5_free_creds(creds); - return(SendConnSetup(client, "Krb5 stage1: getpeername failed")); - } - if (cli_net_addr.sa_family == AF_UNSPEC -#if defined(UNIXCONN) || defined(LOCALCONN) || defined(OS2PIPECONN) - || cli_net_addr.sa_family == AF_UNIX -#endif - ) /* assume local host */ - { - krb5_os_localaddr(&localaddrs); - if (!localaddrs || !localaddrs[0]) - { - if (creds) - krb5_free_creds(creds); - return(SendConnSetup(client, "Krb5 failed to get localaddrs")); - } - cli_addr.addrtype = localaddrs[0]->addrtype; - cli_addr.length = localaddrs[0]->length; - cli_addr.contents = localaddrs[0]->contents; - } - else - { - cli_addr.addrtype = cli_net_addr.sa_family; /* the values - are compatible */ - switch (cli_net_addr.sa_family) - { -#ifdef TCPCONN - case AF_INET: - cli_addr.length = sizeof (struct in_addr); - cli_addr.contents = - (krb5_octet *)&((struct sockaddr_in *)&cli_net_addr)->sin_addr; - break; -#endif -#ifdef DNETCONN - case AF_DECnet: - cli_addr.length = sizeof (struct dn_naddr); - cli_addr.contents = - (krb5_octet *)&((struct sockaddr_dn *)&cli_net_addr)->sdn_add; - break; -#endif - default: - if (localaddrs) - krb5_free_addresses(localaddrs); - if (creds) - krb5_free_creds(creds); - sprintf(kerror, "Krb5 stage1: unknown address family %d from getpeername", - cli_net_addr.sa_family); - return(SendConnSetup(client, kerror)); - } - } - if ((rcache = (krb5_rcache)malloc(sizeof(*rcache))) == NULL) - { - if (localaddrs) - krb5_free_addresses(localaddrs); - if (creds) - krb5_free_creds(creds); - return(SendConnSetup(client, "malloc bombed for krb5_rcache")); - } - if ((rc_type = krb5_rc_default_type()) == NULL) - rc_type = "dfl"; - if (retval = krb5_rc_resolve_type(&rcache, rc_type)) - { - if (localaddrs) - krb5_free_addresses(localaddrs); - if (creds) - krb5_free_creds(creds); - free(rcache); - strcpy(kerror, "krb5_rc_resolve_type failed: "); - strncat(kerror, error_message(retval), 231); - return(SendConnSetup(client, kerror)); - } - if ((cachename = (char *)malloc(strlen(rc_base) + strlen(display) + 1)) - == NULL) - { - if (localaddrs) - krb5_free_addresses(localaddrs); - if (creds) - krb5_free_creds(creds); - free(rcache); - return(SendConnSetup(client, "Krb5: malloc bombed for cachename")); - } - strcpy(cachename, rc_base); - strcat(cachename, display); - if (retval = krb5_rc_resolve(rcache, cachename)) - { - if (localaddrs) - krb5_free_addresses(localaddrs); - if (creds) - krb5_free_creds(creds); - free(rcache); - free(cachename); - strcpy(kerror, "krb5_rc_resolve failed: "); - strncat(kerror, error_message(retval), 236); - return(SendConnSetup(client, kerror)); - } - free(cachename); - if (krb5_rc_recover(rcache)) - { - extern krb5_deltat krb5_clockskew; - if (retval = krb5_rc_initialize(rcache, krb5_clockskew)) - { - if (localaddrs) - krb5_free_addresses(localaddrs); - if (creds) - krb5_free_creds(creds); - if (retval2 = krb5_rc_close(rcache)) - { - strcpy(kerror, "krb5_rc_close failed: "); - strncat(kerror, error_message(retval2), 238); - return(SendConnSetup(client, kerror)); - } - free(rcache); - strcpy(kerror, "krb5_rc_initialize failed: "); - strncat(kerror, error_message(retval), 233); - return(SendConnSetup(client, kerror)); - } - } - buf.length = (stuff->length << 2) - sz_xReq; - buf.data = (char *)stuff + sz_xReq; - if (creds) - { - retval = krb5_rd_req(&buf, - NULL, /* don't bother with server name */ - &cli_addr, - NULL, /* no fetchfrom */ - tgt_keyproc, - creds, /* credentials as arg to - keyproc */ - rcache, - &authdat); - krb5_free_creds(creds); - } - else if (kt = (char *)((OsCommPtr)client->osPrivate)->authstate.ktname) - { - retval = krb5_rd_req(&buf, srvname, &cli_addr, kt, NULL, NULL, - rcache, &authdat); - ((OsCommPtr)client->osPrivate)->authstate.ktname = NULL; - } - else - { - if (localaddrs) - krb5_free_addresses(localaddrs); - return(SendConnSetup(client, "Krb5: neither srvcreds nor ktname set")); - } - if (localaddrs) - krb5_free_addresses(localaddrs); - if (rcache) - { - if (retval2 = krb5_rc_close(rcache)) - { - strcpy(kerror, "krb5_rc_close failed (2): "); - strncat(kerror, error_message(retval2), 230); - return(SendConnSetup(client, kerror)); - } - free(rcache); - } - if (retval) - { - strcpy(kerror, "Krb5: Bad application request: "); - strncat(kerror, error_message(retval), 224); - return(SendConnSetup(client, kerror)); - } - cprinc = authdat->ticket->enc_part2->client; - skey = authdat->ticket->enc_part2->session; - if (XauKrb5Encode(cprinc, &buf)) - { - krb5_free_tkt_authent(authdat); - return(SendConnSetup(client, "XauKrb5Encode bombed")); - } - /* - * Now check to see if the principal we got is one that we want to let in - */ - if (ForEachHostInFamily(FamilyKrb5Principal, k5_cmpenc, (void *)&buf)) - { - free(buf.data); - /* - * The following deals with sending an ap_rep to the client to - * achieve mutual authentication. The client sends back a stage 3 - * packet if all is ok. - */ - if (authdat->ap_options | AP_OPTS_MUTUAL_REQUIRED) - { - /* - * stage 2: send ap_rep to client - */ - if (retval = krb5_us_timeofday(&ctime, &cusec)) - { - krb5_free_tkt_authent(authdat); - strcpy(kerror, "error in krb5_us_timeofday: "); - strncat(kerror, error_message(retval), 234); - return(SendConnSetup(client, kerror)); - } - rep.ctime = ctime; - rep.cusec = cusec; - rep.subkey = NULL; - rep.seq_number = 0; - if (retval = krb5_mk_rep(&rep, skey, &buf)) - { - krb5_free_tkt_authent(authdat); - strcpy(kerror, "error in krb5_mk_rep: "); - strncat(kerror, error_message(retval), 238); - return(SendConnSetup(client, kerror)); - } - prefix.reqType = 2; /* opcode = authenticate */ - prefix.data = 2; /* stage = 2 */ - prefix.length = (buf.length + sz_xReq + 3) >> 2; - if (client->swapped) - { - swaps(&prefix.length, n); - } - WriteToClient(client, sz_xReq, (char *)&prefix); - WriteToClient(client, buf.length, buf.data); - free(buf.data); - krb5_free_tkt_authent(authdat); - ((OsCommPtr)client->osPrivate)->authstate.stageno = 3; /* expect stage3 packet */ - return(Success); - } - else - { - free(buf.data); - krb5_free_tkt_authent(authdat); - return(SendConnSetup(client, NULL)); /* success! */ - } - } - else - { - char *kname; - - krb5_free_tkt_authent(authdat); - free(buf.data); - retval = krb5_unparse_name(cprinc, &kname); - if (retval == 0) - { - sprintf(kerror, "Principal \"%s\" is not authorized to connect", - kname); - if (kname) - free(kname); - return(SendConnSetup(client, kerror)); - } - else - return(SendConnSetup(client,"Principal is not authorized to connect to Server")); - } -} - -/* - * k5_stage3: - * - * Get the short ack packet from the client. This packet can conceivably - * be expanded to allow for switching on end-to-end encryption. - * - * stage3 packet format: - * - * CARD8 reqType = 3 - * CARD8 data = ignored (for now) - * CARD16 length = should be zero - */ -int k5_stage3(client) - register ClientPtr client; -{ - REQUEST(xReq); - - if (((OsCommPtr)client->osPrivate)->authstate.stageno != 3) - { - return(SendConnSetup(client, "expected Krb5 stage3 packet")); - } - else - return(SendConnSetup(client, NULL)); /* success! */ -} - -k5_bad(client) - register ClientPtr client; -{ - if (((OsCommPtr)client->osPrivate)->authstate.srvcreds) - krb5_free_creds((krb5_creds *)((OsCommPtr)client->osPrivate)->authstate.srvcreds); - sprintf(kerror, "unrecognized Krb5 auth packet %d, expecting %d", - ((xReq *)client->requestBuffer)->reqType, - ((OsCommPtr)client->osPrivate)->authstate.stageno); - return(SendConnSetup(client, kerror)); -} - -/* - * K5Add: - * - * Takes the name of a credentials cache and resolves it. Also adds the - * primary principal of the ccache to the acl. - * - * Now will also take a service name. - */ -int K5Add(data_length, data, id) - unsigned short data_length; - char *data; - XID id; -{ - krb5_principal princ; - krb5_error_code retval; - krb5_keytab_entry tmp_entry; - krb5_keytab keytab; - krb5_kvno kvno = 0; - krb5_ccache cc; - char *nbuf, *cp; - krb5_data kbuf; - int i, ktlen; - - krb5_init_ets(); /* can't think of a better place to put it */ - krb5_id = ~0L; - if (data_length < 3) - return 0; - if ((nbuf = (char *)malloc(data_length - 2)) == NULL) - return 0; - memcpy(nbuf, data + 3, data_length - 3); - nbuf[data_length - 3] = '\0'; - if (ccname) - { - free(ccname); - ccname = NULL; - } - if (srvname) - { - krb5_free_principal(srvname); - srvname = NULL; - } - if (ktname) - { - free(ktname); - ktname = NULL; - } - if (!strncmp(data, "UU:", 3)) - { - if (retval = krb5_cc_resolve(nbuf, &cc)) - { - ErrorF("K5Add: krb5_cc_resolve of \"%s\" failed: %s\n", - nbuf, error_message(retval)); - free(nbuf); - return 0; - } - if (cc && !(retval = krb5_cc_get_principal(cc, &princ))) - { - if (XauKrb5Encode(princ, &kbuf)) - { - free(nbuf); - krb5_free_principal(princ); - krb5_cc_close(cc); - return 0; - } - if (krb5_cc_close(cc)) - return 0; - AddHost(NULL, FamilyKrb5Principal, kbuf.length, kbuf.data); - krb5_free_principal(princ); - free(kbuf.data); - ccname = nbuf; - krb5_id = id; - return 1; - } - else - { - ErrorF("K5Add: getting principal from cache \"%s\" failed: %s\n", - nbuf, error_message(retval)); - } - } - else if (!strncmp(data, "CS:", 3)) - { - if ((cp = strchr(nbuf, ',')) == NULL) - { - free(nbuf); - return 0; - } - *cp = '\0'; /* gross but it works :-) */ - ktlen = strlen(cp + 1); - if ((ktname = (char *)malloc(ktlen + 1)) == NULL) - { - free(nbuf); - return 0; - } - strcpy(ktname, cp + 1); - retval = krb5_sname_to_principal(NULL, /* NULL for hostname uses - local host name*/ - nbuf, KRB5_NT_SRV_HST, - &srvname); - free(nbuf); - if (retval) - { - free(ktname); - ktname = NULL; - return 0; - } - if (retval = krb5_kt_resolve(ktname, &keytab)) - { - free(ktname); - ktname = NULL; - krb5_free_principal(srvname); - srvname = NULL; - return 0; - } - retval = krb5_kt_get_entry(keytab, srvname, kvno, &tmp_entry); - krb5_kt_free_entry(&tmp_entry); - if (retval) - { - free(ktname); - ktname = NULL; - krb5_free_principal(srvname); - srvname = NULL; - return 0; - } - if (XauKrb5Encode(srvname, &kbuf)) - { - free(ktname); - ktname = NULL; - krb5_free_principal(srvname); - srvname = NULL; - return 0; - } - AddHost(NULL, FamilyKrb5Principal, kbuf.length, kbuf.data); - krb5_id = id; - return 1; - } - else - { - ErrorF("K5Add: credentials cache name \"%.*s\" in auth file: unknown type\n", - data_length, data); - } - return 0; -} - -/* - * K5Reset: - * - * Reset krb5_id, also nuke the current principal from the acl. - */ -int K5Reset() -{ - krb5_principal princ; - krb5_error_code retval; - krb5_ccache cc; - krb5_data kbuf; - int i; - - if (ccname) - { - if (retval = krb5_cc_resolve(ccname, &cc)) - { - free(ccname); - ccname = NULL; - } - if (cc && !(retval = krb5_cc_get_principal(cc, &princ))) - { - if (XauKrb5Encode(princ, &kbuf)) - return 1; - RemoveHost(NULL, FamilyKrb5Principal, kbuf.length, kbuf.data); - krb5_free_principal(princ); - free(kbuf.data); - if (krb5_cc_close(cc)) - return 1; - free(ccname); - ccname = NULL; - } - } - if (srvname) - { - if (XauKrb5Encode(srvname, &kbuf)) - return 1; - RemoveHost(NULL, FamilyKrb5Principal, kbuf.length, kbuf.data); - krb5_free_principal(srvname); - free(kbuf.data); - srvname = NULL; - } - if (ktname) - { - free(ktname); - ktname = NULL; - } - krb5_id = ~0L; - return 0; -} - -XID K5ToID(data_length, data) - unsigned short data_length; - char *data; -{ - return krb5_id; -} - -int K5FromID(id, data_lenp, datap) - XID id; - unsigned short *data_lenp; - char **datap; -{ - return 0; -} - -int K5Remove(data_length, data) - unsigned short data_length; - char *data; -{ - return 0; -} diff --git a/nx-X11/programs/Xserver/os/osdep.h b/nx-X11/programs/Xserver/os/osdep.h index acf832e1c..633039f4a 100644 --- a/nx-X11/programs/Xserver/os/osdep.h +++ b/nx-X11/programs/Xserver/os/osdep.h @@ -145,16 +145,6 @@ typedef struct _connectionOutput { int count; } ConnectionOutput, *ConnectionOutputPtr; -#ifdef K5AUTH -typedef struct _k5_state { - int stageno; /* current stage of auth protocol */ - void *srvcreds; /* server credentials */ - void *srvname; /* server principal name */ - void *ktname; /* key table: principal-key pairs */ - void *skey; /* session key */ -} k5_state; -#endif - struct _osComm; #define AuthInitArgs void @@ -190,9 +180,6 @@ typedef struct _osComm { ConnectionInputPtr input; ConnectionOutputPtr output; XID auth_id; /* authorization id */ -#ifdef K5AUTH - k5_state authstate; /* state of setup auth conversation */ -#endif CARD32 conn_time; /* timestamp if not established, else 0 */ struct _XtransConnInfo *trans_conn; /* transport connection object */ } OsCommRec, *OsCommPtr; @@ -283,16 +270,6 @@ extern int SecureRPCRemove (AuthRemCArgs); extern int SecureRPCReset (AuthRstCArgs); #endif -/* in k5auth.c */ -#ifdef K5AUTH -extern XID K5Check (AuthCheckArgs); -extern XID K5ToID (AuthToIDArgs); -extern int K5Add (AuthAddCArgs); -extern int K5FromID (AuthFromIDArgs); -extern int K5Remove (AuthRemCArgs); -extern int K5Reset (AuthRstCArgs); -#endif - /* in secauth.c */ extern XID AuthSecurityCheck (AuthCheckArgs); diff --git a/nx-X11/programs/Xserver/os/rpcauth.c b/nx-X11/programs/Xserver/os/rpcauth.c index 94c26651b..91823553c 100644 --- a/nx-X11/programs/Xserver/os/rpcauth.c +++ b/nx-X11/programs/Xserver/os/rpcauth.c @@ -41,7 +41,7 @@ from The Open Group. #ifdef SECURE_RPC #include <nx-X11/X.h> -#include "Xauth.h" +#include <nx-X11/Xauth.h> #include "misc.h" #include "os.h" #include "dixstruct.h" |