mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-12-22 08:53:41 +01:00
d79d4a7ced
- Get all functions prototyped or at least defined before use. - Make code compile (Mostly) clean with -Wall set - Start to reduce the degree to which DES aka libdes is built in. - get all functions to the same uniform standard of definition: int foo(a, b) int a; int *b; { : } - fix numerous bugs exposed by above processes. Note - this replaces the previous work which used an unpopular function definition style.
323 lines
9.4 KiB
C
323 lines
9.4 KiB
C
/*
|
|
* Copyright 1987, 1988 by the Massachusetts Institute of Technology.
|
|
* For copying and distribution information, please see the file
|
|
* <Copyright.MIT>.
|
|
*
|
|
* from: send_to_kdc.c,v 4.20 90/01/02 13:40:37 jtkohl Exp $
|
|
* $Id: send_to_kdc.c,v 1.3 1995/07/18 16:39:42 mark Exp $
|
|
*/
|
|
|
|
#if 0
|
|
#ifndef lint
|
|
static char rcsid_send_to_kdc_c[] =
|
|
"$Id: send_to_kdc.c,v 1.1 1994/03/21 17:35:39 piero Exp ";
|
|
#endif /* lint */
|
|
#endif
|
|
|
|
#include <krb.h>
|
|
#include <prot.h>
|
|
|
|
#include <unistd.h>
|
|
#include <stdlib.h>
|
|
#include <stdio.h>
|
|
#include <errno.h>
|
|
#include <sys/time.h>
|
|
#include <sys/types.h>
|
|
#ifdef lint
|
|
#include <sys/uio.h> /* struct iovec to make lint happy */
|
|
#endif /* lint */
|
|
#include <sys/socket.h>
|
|
#include <netinet/in.h>
|
|
#include <arpa/inet.h>
|
|
#include <netdb.h>
|
|
#include <strings.h>
|
|
|
|
#define S_AD_SZ sizeof(struct sockaddr_in)
|
|
|
|
extern int errno;
|
|
extern int krb_debug;
|
|
|
|
extern char *malloc(), *calloc(), *realloc();
|
|
|
|
int krb_udp_port = 0;
|
|
|
|
/* CLIENT_KRB_TIMEOUT indicates the time to wait before
|
|
* retrying a server. It's defined in "krb.h".
|
|
*/
|
|
static struct timeval timeout = { CLIENT_KRB_TIMEOUT, 0};
|
|
static char *prog = "send_to_kdc";
|
|
static send_recv();
|
|
|
|
/*
|
|
* This file contains two routines, send_to_kdc() and send_recv().
|
|
* send_recv() is a static routine used by send_to_kdc().
|
|
*/
|
|
|
|
/*
|
|
* send_to_kdc() sends a message to the Kerberos authentication
|
|
* server(s) in the given realm and returns the reply message.
|
|
* The "pkt" argument points to the message to be sent to Kerberos;
|
|
* the "rpkt" argument will be filled in with Kerberos' reply.
|
|
* The "realm" argument indicates the realm of the Kerberos server(s)
|
|
* to transact with. If the realm is null, the local realm is used.
|
|
*
|
|
* If more than one Kerberos server is known for a given realm,
|
|
* different servers will be queried until one of them replies.
|
|
* Several attempts (retries) are made for each server before
|
|
* giving up entirely.
|
|
*
|
|
* If an answer was received from a Kerberos host, KSUCCESS is
|
|
* returned. The following errors can be returned:
|
|
*
|
|
* SKDC_CANT - can't get local realm
|
|
* - can't find "kerberos" in /etc/services database
|
|
* - can't open socket
|
|
* - can't bind socket
|
|
* - all ports in use
|
|
* - couldn't find any Kerberos host
|
|
*
|
|
* SKDC_RETRY - couldn't get an answer from any Kerberos server,
|
|
* after several retries
|
|
*/
|
|
|
|
int
|
|
send_to_kdc(pkt,rpkt,realm)
|
|
KTEXT pkt;
|
|
KTEXT rpkt;
|
|
char *realm;
|
|
{
|
|
int i, f;
|
|
int no_host; /* was a kerberos host found? */
|
|
int retry;
|
|
int n_hosts;
|
|
int retval;
|
|
struct sockaddr_in to;
|
|
struct hostent *host, *hostlist;
|
|
char *cp;
|
|
char krbhst[MAX_HSTNM];
|
|
char lrealm[REALM_SZ];
|
|
|
|
/*
|
|
* If "realm" is non-null, use that, otherwise get the
|
|
* local realm.
|
|
*/
|
|
if (realm)
|
|
(void) strcpy(lrealm, realm);
|
|
else
|
|
if (krb_get_lrealm(lrealm,1)) {
|
|
if (krb_debug)
|
|
fprintf(stderr, "%s: can't get local realm\n", prog);
|
|
return(SKDC_CANT);
|
|
}
|
|
if (krb_debug)
|
|
printf("lrealm is %s\n", lrealm);
|
|
if (krb_udp_port == 0) {
|
|
register struct servent *sp;
|
|
if ((sp = getservbyname("kerberos","udp")) == 0) {
|
|
if (krb_debug)
|
|
fprintf(stderr, "%s: Can't get kerberos/udp service\n",
|
|
prog);
|
|
return(SKDC_CANT);
|
|
}
|
|
krb_udp_port = sp->s_port;
|
|
if (krb_debug)
|
|
printf("krb_udp_port is %d\n", krb_udp_port);
|
|
}
|
|
bzero((char *)&to, S_AD_SZ);
|
|
hostlist = (struct hostent *) malloc(sizeof(struct hostent));
|
|
if (!hostlist)
|
|
return (/*errno */SKDC_CANT);
|
|
if ((f = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
|
|
if (krb_debug)
|
|
fprintf(stderr,"%s: Can't open socket\n", prog);
|
|
return(SKDC_CANT);
|
|
}
|
|
/* from now on, exit through rtn label for cleanup */
|
|
|
|
no_host = 1;
|
|
/* get an initial allocation */
|
|
n_hosts = 0;
|
|
for (i = 1; krb_get_krbhst(krbhst, lrealm, i) == KSUCCESS; ++i) {
|
|
if (krb_debug) {
|
|
printf("Getting host entry for %s...",krbhst);
|
|
(void) fflush(stdout);
|
|
}
|
|
host = gethostbyname(krbhst);
|
|
if (krb_debug) {
|
|
printf("%s.\n",
|
|
host ? "Got it" : "Didn't get it");
|
|
(void) fflush(stdout);
|
|
}
|
|
if (!host)
|
|
continue;
|
|
no_host = 0; /* found at least one */
|
|
n_hosts++;
|
|
/* preserve host network address to check later
|
|
* (would be better to preserve *all* addresses,
|
|
* take care of that later)
|
|
*/
|
|
hostlist = (struct hostent *)
|
|
realloc((char *)hostlist,
|
|
(unsigned)
|
|
sizeof(struct hostent)*(n_hosts+1));
|
|
if (!hostlist)
|
|
return /*errno */SKDC_CANT;
|
|
bcopy((char *)host, (char *)&hostlist[n_hosts-1],
|
|
sizeof(struct hostent));
|
|
host = &hostlist[n_hosts-1];
|
|
cp = malloc((unsigned)host->h_length);
|
|
if (!cp) {
|
|
retval = /*errno */SKDC_CANT;
|
|
goto rtn;
|
|
}
|
|
bcopy((char *)host->h_addr, cp, host->h_length);
|
|
/* At least Sun OS version 3.2 (or worse) and Ultrix version 2.2
|
|
(or worse) only return one name ... */
|
|
#if !(defined(ULTRIX022) || (defined(SunOS) && SunOS < 40))
|
|
host->h_addr_list = (char **)malloc(sizeof(char *));
|
|
if (!host->h_addr_list) {
|
|
retval = /*errno */SKDC_CANT;
|
|
goto rtn;
|
|
}
|
|
#endif /* ULTRIX022 || SunOS */
|
|
host->h_addr = cp;
|
|
bzero((char *)&hostlist[n_hosts],
|
|
sizeof(struct hostent));
|
|
to.sin_family = host->h_addrtype;
|
|
bcopy(host->h_addr, (char *)&to.sin_addr,
|
|
host->h_length);
|
|
to.sin_port = krb_udp_port;
|
|
if (send_recv(pkt, rpkt, f, &to, hostlist)) {
|
|
retval = KSUCCESS;
|
|
goto rtn;
|
|
}
|
|
if (krb_debug) {
|
|
printf("Timeout, error, or wrong descriptor\n");
|
|
(void) fflush(stdout);
|
|
}
|
|
}
|
|
if (no_host) {
|
|
if (krb_debug)
|
|
fprintf(stderr, "%s: can't find any Kerberos host.\n",
|
|
prog);
|
|
retval = SKDC_CANT;
|
|
goto rtn;
|
|
}
|
|
/* retry each host in sequence */
|
|
for (retry = 0; retry < CLIENT_KRB_RETRY; ++retry) {
|
|
for (host = hostlist; host->h_name != (char *)NULL; host++) {
|
|
to.sin_family = host->h_addrtype;
|
|
bcopy(host->h_addr, (char *)&to.sin_addr,
|
|
host->h_length);
|
|
if (send_recv(pkt, rpkt, f, &to, hostlist)) {
|
|
retval = KSUCCESS;
|
|
goto rtn;
|
|
}
|
|
}
|
|
}
|
|
retval = SKDC_RETRY;
|
|
rtn:
|
|
(void) close(f);
|
|
if (hostlist) {
|
|
if(!no_host) {
|
|
register struct hostent *hp;
|
|
for (hp = hostlist; hp->h_name; hp++)
|
|
#if !(defined(ULTRIX022) || (defined(SunOS) && SunOS < 40))
|
|
if (hp->h_addr_list) {
|
|
#endif /* ULTRIX022 || SunOS */
|
|
if (hp->h_addr)
|
|
free(hp->h_addr);
|
|
#if !(defined(ULTRIX022) || (defined(SunOS) && SunOS < 40))
|
|
free((char *)hp->h_addr_list);
|
|
}
|
|
#endif /* ULTRIX022 || SunOS */
|
|
}
|
|
free((char *)hostlist);
|
|
}
|
|
return(retval);
|
|
}
|
|
|
|
/*
|
|
* try to send out and receive message.
|
|
* return 1 on success, 0 on failure
|
|
*/
|
|
|
|
static int
|
|
send_recv(pkt,rpkt,f,_to,addrs)
|
|
KTEXT pkt;
|
|
KTEXT rpkt;
|
|
int f;
|
|
struct sockaddr_in *_to;
|
|
struct hostent *addrs;
|
|
{
|
|
fd_set readfds;
|
|
register struct hostent *hp;
|
|
struct sockaddr_in from;
|
|
int sin_size;
|
|
int numsent;
|
|
|
|
if (krb_debug) {
|
|
if (_to->sin_family == AF_INET)
|
|
printf("Sending message to %s...",
|
|
inet_ntoa(_to->sin_addr));
|
|
else
|
|
printf("Sending message...");
|
|
(void) fflush(stdout);
|
|
}
|
|
if ((numsent = sendto(f,(char *)(pkt->dat), pkt->length, 0,
|
|
(struct sockaddr *)_to,
|
|
S_AD_SZ)) != pkt->length) {
|
|
if (krb_debug)
|
|
printf("sent only %d/%d\n",numsent, pkt->length);
|
|
return 0;
|
|
}
|
|
if (krb_debug) {
|
|
printf("Sent\nWaiting for reply...");
|
|
(void) fflush(stdout);
|
|
}
|
|
FD_ZERO(&readfds);
|
|
FD_SET(f, &readfds);
|
|
errno = 0;
|
|
/* select - either recv is ready, or timeout */
|
|
/* see if timeout or error or wrong descriptor */
|
|
if (select(f + 1, &readfds, (fd_set *)0, (fd_set *)0, &timeout) < 1
|
|
|| !FD_ISSET(f, &readfds)) {
|
|
if (krb_debug) {
|
|
fprintf(stderr, "select failed: readfds=%x",
|
|
readfds);
|
|
perror("");
|
|
}
|
|
return 0;
|
|
}
|
|
sin_size = sizeof(from);
|
|
if (recvfrom(f, (char *)(rpkt->dat), sizeof(rpkt->dat), 0,
|
|
(struct sockaddr *)&from, &sin_size)
|
|
< 0) {
|
|
if (krb_debug)
|
|
perror("recvfrom");
|
|
return 0;
|
|
}
|
|
if (krb_debug) {
|
|
printf("received packet from %s\n", inet_ntoa(from.sin_addr));
|
|
fflush(stdout);
|
|
}
|
|
for (hp = addrs; hp->h_name != (char *)NULL; hp++) {
|
|
if (!bcmp(hp->h_addr, (char *)&from.sin_addr.s_addr,
|
|
hp->h_length)) {
|
|
if (krb_debug) {
|
|
printf("Received it\n");
|
|
(void) fflush(stdout);
|
|
}
|
|
return 1;
|
|
}
|
|
if (krb_debug)
|
|
fprintf(stderr,
|
|
"packet not from %lx\n",
|
|
(unsigned long)hp->h_addr);
|
|
}
|
|
if (krb_debug)
|
|
fprintf(stderr, "%s: received packet from wrong host! (%lx)\n",
|
|
"send_to_kdc(send_rcv)", from.sin_addr.s_addr);
|
|
return 0;
|
|
}
|