bug-cvs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] Kerberos client split [1/4]

From: Alexey Mahotkin
Subject: [PATCH] Kerberos client split [1/4]
Date: Wed, 18 Jun 2003 00:22:45 +0400
User-agent: Gnus/5.090006 (Oort Gnus v0.06) XEmacs/21.4 (Common Lisp, i386-debian-linux) 
Move Kerberos4 client stuff to kerberos4-client.[ch];

compile new files only if configure has found Kerberos 4;

create initialize_kerberos4_encryption_buffers() wrapper to hide
global variables (a-la gssapi-client)


 ChangeLog              |    4 +
 configure.in           |    1 
 src/ChangeLog          |    7 ++
 src/Makefile.am        |    3 -
 src/kerberos4-client.c |  116 +++++++++++++++++++++++++++++++++++++++++++++++++
 src/kerberos4-client.h |   25 ++++++++++
 6 files changed, 155 insertions(+), 1 deletion(-)

--- ccvs/src/ChangeLog~kerberos-split   Tue Jun 17 23:50:31 2003
+++ ccvs-alexm/src/ChangeLog    Tue Jun 17 23:52:06 2003
@@ -1,3 +1,10 @@
+2003-06-17  Alexey Mahotkin  <alexm@hsys.msk.ru>
+
+       * kerberos-client.c, kerberos-client.h, client.c: Split out
+       Kerberos 4 code to separate files.
+
+       * Makefile.am: Mention new files.
+
 2003-06-16  Derek Price  <derek@ximbiot.com>
 
        * cvs.h: Comment an #endif.
--- ccvs/ChangeLog~kerberos-split       Tue Jun 17 23:56:04 2003
+++ ccvs-alexm/ChangeLog        Tue Jun 17 23:56:28 2003
@@ -1,3 +1,7 @@
+2003-06-17  Alexey Mahotkin  <alexm@hsys.msk.ru>
+
+       * configure.in: Compile kerberos4-client.[ch] if needed.
+
 2003-06-14  Derek Price  <derek@ximbiot.com>
 
        * aclocal.m4: Regenerated.
--- /dev/null   Wed Jan  1 02:48:46 2003
+++ ccvs-alexm/src/kerberos4-client.c   Tue Jun 17 23:56:41 2003
@@ -0,0 +1,116 @@
+/* CVS Kerberos4 client stuff.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2, or (at your option)
+   any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.  */
+
+#include <config.h>
+
+#include "cvs.h"
+
+#include "buffer.h"
+#include "socket-client.h"
+
+#   include <krb.h>
+
+extern char *krb_realmofhost ();
+#   ifndef HAVE_KRB_GET_ERR_TEXT
+#     define krb_get_err_text(status) krb_err_txt[status]
+#   endif /* HAVE_KRB_GET_ERR_TEXT */
+
+/* Information we need if we are going to use Kerberos encryption.  */
+static C_Block kblock;
+static Key_schedule sched;
+
+
+/* This function has not been changed to deal with NO_SOCKET_TO_FD
+   (i.e., systems on which sockets cannot be converted to file
+   descriptors).  The first person to try building a kerberos client
+   on such a system (OS/2, Windows 95, and maybe others) will have to
+   take care of this.  */
+void
+start_tcp_server (root, to_server_p, from_server_p)
+    cvsroot_t *root;
+    struct buffer **to_server_p;
+    struct buffer **from_server_p;
+{
+    int s;
+    int port;
+    struct hostent *hp;
+    struct sockaddr_in sin;
+    char *hname;
+
+    s = socket (AF_INET, SOCK_STREAM, 0);
+    if (s < 0)
+       error (1, 0, "cannot create socket: %s", SOCK_STRERROR (SOCK_ERRNO));
+
+    port = get_cvs_port_number (root);
+
+    hp = init_sockaddr (&sin, root->hostname, port);
+
+    hname = xmalloc (strlen (hp->h_name) + 1);
+    strcpy (hname, hp->h_name);
+  
+    TRACE ( 1, "Connecting to %s(%s):%d",
+           root->hostname,
+           inet_ntoa (sin.sin_addr),
+           port );
+
+    if (connect (s, (struct sockaddr *) &sin, sizeof sin) < 0)
+       error (1, 0, "connect to %s(%s):%d failed: %s",
+              root->hostname,
+              inet_ntoa (sin.sin_addr),
+              port, SOCK_STRERROR (SOCK_ERRNO));
+
+    {
+       const char *realm;
+       struct sockaddr_in laddr;
+       int laddrlen;
+       KTEXT_ST ticket;
+       MSG_DAT msg_data;
+       CREDENTIALS cred;
+       int status;
+
+       realm = krb_realmofhost (hname);
+
+       laddrlen = sizeof (laddr);
+       if (getsockname (s, (struct sockaddr *) &laddr, &laddrlen) < 0)
+           error (1, 0, "getsockname failed: %s", SOCK_STRERROR (SOCK_ERRNO));
+
+       /* We don't care about the checksum, and pass it as zero.  */
+       status = krb_sendauth (KOPT_DO_MUTUAL, s, &ticket, "rcmd",
+                              hname, realm, (unsigned long) 0, &msg_data,
+                              &cred, sched, &laddr, &sin, "KCVSV1.0");
+       if (status != KSUCCESS)
+           error (1, 0, "kerberos authentication failed: %s",
+                  krb_get_err_text (status));
+       memcpy (kblock, cred.session, sizeof (C_Block));
+    }
+
+    close_on_exec (s);
+
+    free (hname);
+
+    /* Give caller the values it wants. */
+    make_bufs_from_fds (s, s, 0, to_server_p, from_server_p, 1);
+}
+
+void
+initialize_kerberos4_encryption_buffers (to_server_p, from_server_p)
+     struct buffer **to_server_p;
+     struct buffer **from_server_p;
+{
+  *to_server_p = krb_encrypt_buffer_initialize (*to_server_p, 0, sched,
+                                               kblock,
+                                               (BUFMEMERRPROC) NULL);
+  *from_server_p = krb_encrypt_buffer_initialize (*from_server_p, 1,
+                                                 sched, kblock,
+                                                 (BUFMEMERRPROC) NULL);
+}
+
--- /dev/null   Wed Jan  1 02:48:46 2003
+++ ccvs-alexm/src/kerberos4-client.h   Wed Jun 18 00:00:15 2003
@@ -0,0 +1,25 @@
+/* CVS Kerberos4 client stuff.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2, or (at your option)
+   any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.  */
+
+
+#ifndef KERBEROS4_CLIENT_H__
+#define KERBEROS4_CLIENT_H__
+
+extern void start_tcp_server PROTO((cvsroot_t *root,
+                                   struct buffer **to_server_p,
+                                   struct buffer **from_server_p));
+
+extern void initialize_kerberos4_encryption_buffers PROTO((struct buffer 
**to_server_p,
+                                                          struct buffer 
**from_server_p));
+
+#endif
+
--- ccvs/src/Makefile.am~kerberos-split Tue Jun 17 23:49:47 2003
+++ ccvs-alexm/src/Makefile.am  Tue Jun 17 23:50:18 2003
@@ -94,7 +94,8 @@ cvs_SOURCES = \
        update.h \
        watch.h
 
-EXTRA_cvs_SOURCES = gssapi-client.c gssapi-client.h
+EXTRA_cvs_SOURCES = gssapi-client.c gssapi-client.h \
+                    kerberos4-client.c kerberos4-client.h
 
 cvs_DEPENDENCIES = $(cvs_client_objects)
 cvs_LDADD = $(cvs_client_objects) \
--- ccvs/configure.in~kerberos-split    Tue Jun 17 23:51:35 2003
+++ ccvs-alexm/configure.in     Tue Jun 17 23:52:26 2003
@@ -400,6 +400,7 @@ if test -n "$krb_h"; then
   if test -n "$krb_lib"; then
     AC_DEFINE([HAVE_KERBEROS], 1,
              [Define if you have MIT Kerberos version 4 available.])
+    cvs_client_objects="$cvs_client_objects kerberos4-client.o"
     test -n "${krb_libdir}" && LIBS="${LIBS} -L${krb_libdir}"
     # Put -L${krb_libdir} in LDFLAGS temporarily so that it appears before
     # -ldes in the command line.  Don't do it permanently so that we honor

_

--alexm
reply via email to
[Prev in Thread] Current Thread [Next in Thread]