security_stream_t secstr; /* MUST be first */
struct krb4_handle *krb4_handle; /* pointer into above */
int fd; /* io file descriptor */
security_stream_t secstr; /* MUST be first */
struct krb4_handle *krb4_handle; /* pointer into above */
int fd; /* io file descriptor */
int socket; /* fd for server-side accepts */
event_handle_t *ev_read; /* read event handle */
char databuf[MAX_TAPE_BLOCK_BYTES]; /* read buffer */
int socket; /* fd for server-side accepts */
event_handle_t *ev_read; /* read event handle */
char databuf[MAX_TAPE_BLOCK_BYTES]; /* read buffer */
static int recv_security_ok(struct krb4_handle *, pkt_t *);
static void stream_read_callback(void *);
static void stream_read_sync_callback(void *);
static int recv_security_ok(struct krb4_handle *, pkt_t *);
static void stream_read_callback(void *);
static void stream_read_sync_callback(void *);
-static int net_write(int, const void *, size_t);
-static int net_read(int, void *, size_t, int);
+static int knet_write(int, const void *, size_t);
+static int knet_read(int, void *, size_t, int);
static int add_ticket(struct krb4_handle *, const pkt_t *, dgram_t *);
static void add_mutual_auth(struct krb4_handle *, dgram_t *);
static int add_ticket(struct krb4_handle *, const pkt_t *, dgram_t *);
static void add_mutual_auth(struct krb4_handle *, dgram_t *);
const char *, unsigned long);
static int check_mutual_auth(struct krb4_handle *, const char *);
const char *, unsigned long);
static int check_mutual_auth(struct krb4_handle *, const char *);
-static const char *pkthdr2str(const struct krb4_handle *, const pkt_t *);
-static int str2pkthdr(const char *, pkt_t *, char *, size_t, int *);
+static const char *kpkthdr2str(const struct krb4_handle *, const pkt_t *);
+static int str2kpkthdr(const char *, pkt_t *, char *, size_t, int *);
static const char *bin2astr(const unsigned char *, int);
static void astr2bin(const unsigned char *, unsigned char *, int *);
static const char *bin2astr(const unsigned char *, int);
static void astr2bin(const unsigned char *, unsigned char *, int *);
- snprintf(tktfile, SIZEOF(tktfile), "/tmp/tkt%ld-%ld.amanda",
+ g_snprintf(tktfile, SIZEOF(tktfile), "/tmp/tkt%ld-%ld.amanda",
(long)getuid(), (long)getpid());
ticketfilename = stralloc(tktfile);
unlink(ticketfilename);
(long)getuid(), (long)getpid());
ticketfilename = stralloc(tktfile);
unlink(ticketfilename);
strncpy(realm, krb_realmofhost(hostname), SIZEOF(realm) - 1);
realm[SIZEOF(realm) - 1] = '\0';
strncpy(realm, krb_realmofhost(hostname), SIZEOF(realm) - 1);
realm[SIZEOF(realm) - 1] = '\0';
realm, "krbtgt", realm, TICKET_LIFETIME, SERVER_HOST_KEY_FILE);
if (rc != 0) {
realm, "krbtgt", realm, TICKET_LIFETIME, SERVER_HOST_KEY_FILE);
if (rc != 0) {
- error("could not get krbtgt for %s.%s@%s from %s: %s",
- SERVER_HOST_PRINCIPLE, SERVER_HOST_INSTANCE, realm,
+ error(_("could not get krbtgt for %s.%s@%s from %s: %s"),
+ SERVER_HOST_PRINCIPAL, SERVER_HOST_INSTANCE, realm,
if ((he = gethostbyname(hostname)) == NULL) {
security_seterror(&kh->sech,
if ((he = gethostbyname(hostname)) == NULL) {
security_seterror(&kh->sech,
- snprintf(handle, SIZEOF(handle), "%ld", (long)time(NULL));
+ g_snprintf(handle, SIZEOF(handle), "%ld", (long)time(NULL));
inithandle(kh, he, (int)port, handle);
(*fn)(arg, &kh->sech, S_OK);
}
inithandle(kh, he, (int)port, handle);
(*fn)(arg, &kh->sech, S_OK);
}
dgram_cat(&netfd, pkt->body);
if (dgram_send_addr(&kh->peer, &netfd) != 0) {
security_seterror(&kh->sech,
dgram_cat(&netfd, pkt->body);
if (dgram_send_addr(&kh->peer, &netfd) != 0) {
security_seterror(&kh->sech,
ks->socket = stream_server(&ks->port, STREAM_BUFSIZE, STREAM_BUFSIZE, 1);
if (ks->socket < 0) {
security_seterror(&kh->sech,
ks->socket = stream_server(&ks->port, STREAM_BUFSIZE, STREAM_BUFSIZE, 1);
if (ks->socket < 0) {
security_seterror(&kh->sech,
ks->fd = stream_accept(ks->socket, 30, STREAM_BUFSIZE, STREAM_BUFSIZE);
if (ks->fd < 0) {
security_stream_seterror(&ks->secstr,
ks->fd = stream_accept(ks->socket, 30, STREAM_BUFSIZE, STREAM_BUFSIZE);
if (ks->fd < 0) {
security_stream_seterror(&ks->secstr,
- "can't connect stream to %s port %d: %s", kh->hostname, id,
+ _("can't connect stream to %s port %d: %s"), kh->hostname, id,
* and present it to the other side.
*/
gettimeofday(&local, &tz);
* and present it to the other side.
*/
gettimeofday(&local, &tz);
- enc.tv_sec = (long)htonl((uint32_t)local.tv_sec);
- enc.tv_usec = (long)htonl((uint32_t)local.tv_usec);
+ enc.tv_sec = (long)htonl((guint32)local.tv_sec);
+ enc.tv_usec = (long)htonl((guint32)local.tv_usec);
- if (net_read(fd, &enc, SIZEOF(enc), 60) < 0) {
+ if (knet_read(fd, &enc, SIZEOF(enc), 60) < 0) {
return (-1);
}
decrypt_data(&enc, SIZEOF(enc), &kh->session_key);
/* XXX do timestamp checking here */
return (-1);
}
decrypt_data(&enc, SIZEOF(enc), &kh->session_key);
/* XXX do timestamp checking here */
- enc.tv_sec = (long)htonl(ntohl((uint32_t)enc.tv_sec) + 1);
- enc.tv_usec =(long)htonl(ntohl((uint32_t)enc.tv_usec) + 1);
+ enc.tv_sec = (long)htonl(ntohl((guint32)enc.tv_sec) + 1);
+ enc.tv_usec =(long)htonl(ntohl((guint32)enc.tv_usec) + 1);
- if (net_read(fd, &enc, SIZEOF(enc), 60) < 0) {
+ if (knet_read(fd, &enc, SIZEOF(enc), 60) < 0) {
- if ((ntohl((uint32_t)enc.tv_sec) == (uint32_t)(local.tv_sec + 1)) &&
- (ntohl((uint32_t)enc.tv_usec) == (uint32_t)(local.tv_usec + 1)))
+ if ((ntohl((guint32)enc.tv_sec) == (uint32_t)(local.tv_sec + 1)) &&
+ (ntohl((guint32)enc.tv_usec) == (uint32_t)(local.tv_usec + 1)))
- "krb4 handshake failed: sent %ld,%ld - recv %ld,%ld",
+ _("krb4 handshake failed: sent %ld,%ld - recv %ld,%ld"),
- (long)ntohl((uint32_t)enc.tv_sec),
- (long)ntohl((uint32_t)enc.tv_usec));
+ (long)ntohl((guint32)enc.tv_sec),
+ (long)ntohl((guint32)enc.tv_usec));
- if (str2pkthdr(netfd.cur, &pkt, handle, SIZEOF(handle), &sequence) < 0)
+ if (str2kpkthdr(netfd.cur, &pkt, handle, SIZEOF(handle), &sequence) < 0)
* Get a ticket with the user-defined service and instance,
* and using the checksum of the body of the request packet.
*/
* Get a ticket with the user-defined service and instance,
* and using the checksum of the body of the request packet.
*/
- rc = krb_mk_req(&ticket, CLIENT_HOST_PRINCIPLE, inst, kh->realm,
+ rc = krb_mk_req(&ticket, CLIENT_HOST_PRINCIPAL, inst, kh->realm,
- rc = krb_mk_req(&ticket, CLIENT_HOST_PRINCIPLE, inst, kh->realm,
+ rc = krb_mk_req(&ticket, CLIENT_HOST_PRINCIPAL, inst, kh->realm,
assert(kh->session_key[0] != '\0');
memset(&mutual, 0, SIZEOF(mutual));
assert(kh->session_key[0] != '\0');
memset(&mutual, 0, SIZEOF(mutual));
encrypt_data(&mutual, SIZEOF(mutual), &kh->session_key);
security = vstralloc("SECURITY MUTUAL-AUTH ",
encrypt_data(&mutual, SIZEOF(mutual), &kh->session_key);
security = vstralloc("SECURITY MUTUAL-AUTH ",
* Set this preemptively before we mangle the body.
*/
security_seterror(&kh->sech,
* Set this preemptively before we mangle the body.
*/
security_seterror(&kh->sech,
return (-1);
if (strcmp(tok, "TICKET") != 0) {
security_seterror(&kh->sech,
return (-1);
if (strcmp(tok, "TICKET") != 0) {
security_seterror(&kh->sech,
- "REQ SECURITY line parse error, expecting TICKET, got %s", tok);
+ _("REQ SECURITY line parse error, expecting TICKET, got %s"), tok);
- rc = krb_rd_req(&ticket, CLIENT_HOST_PRINCIPLE, inst,
+ rc = krb_rd_req(&ticket, CLIENT_HOST_PRINCIPAL, inst,
kh->peer.sin6_addr.s_addr, &auth, CLIENT_HOST_KEY_FILE);
if (rc != 0) {
security_seterror(&kh->sech,
kh->peer.sin6_addr.s_addr, &auth, CLIENT_HOST_KEY_FILE);
if (rc != 0) {
security_seterror(&kh->sech,
/* verify and save the checksum and session key */
if (auth.checksum != cksum) {
security_seterror(&kh->sech,
/* verify and save the checksum and session key */
if (auth.checksum != cksum) {
security_seterror(&kh->sech,
* check the userid we're forcing ourself to. Otherwise,
* just check the login we're currently setuid to.
*/
* check the userid we're forcing ourself to. Otherwise,
* just check the login we're currently setuid to.
*/
/* check the klogin file */
if (kuserok(&auth, user)) {
security_seterror(&kh->sech,
/* check the klogin file */
if (kuserok(&auth, user)) {
security_seterror(&kh->sech,
- "access as %s not allowed from %s.%s@%s", user, auth.pname,
+ _("access as %s not allowed from %s.%s@%s"), user, auth.pname,
/* unencrypt the string using the key in the ticket file */
host2key(kh->hostname, kh->inst, &kh->session_key);
decrypt_data(&mutual, (size_t)len, &kh->session_key);
/* unencrypt the string using the key in the ticket file */
host2key(kh->hostname, kh->inst, &kh->session_key);
decrypt_data(&mutual, (size_t)len, &kh->session_key);
/* the data must be the same as our request cksum + 1 */
if (mutual.cksum != (kh->cksum + 1)) {
security_seterror(&kh->sech,
/* the data must be the same as our request cksum + 1 */
if (mutual.cksum != (kh->cksum + 1)) {
security_seterror(&kh->sech,
- snprintf(retbuf, SIZEOF(retbuf), "Amanda %d.%d %s HANDLE %s SEQ %d\n",
+ g_snprintf(retbuf, SIZEOF(retbuf), "Amanda %d.%d %s HANDLE %s SEQ %d\n",
VERSION_MAJOR, VERSION_MINOR, pkt_type2str(pkt->type),
kh->proto_handle, kh->sequence);
VERSION_MAJOR, VERSION_MINOR, pkt_type2str(pkt->type),
kh->proto_handle, kh->sequence);
parse_error:
#if 0 /* XXX we have no way of passing this back up */
security_seterror(&kh->sech,
parse_error:
#if 0 /* XXX we have no way of passing this back up */
security_seterror(&kh->sech,
- krb_get_cred(CLIENT_HOST_PRINCIPLE, (char *)inst, realm, &cred);
+ krb_get_cred(CLIENT_HOST_PRINCIPAL, (char *)inst, realm, &cred);
- dbprintf(("%s: length %d chk %lX\n", str, tktp->length, tktp->mbz));
- print_hex("ticket data", tktp->dat, tktp->length);
+ dbprintf(_("%s: length %d chk %lX\n"), str, tktp->length, tktp->mbz);
+ print_hex(_("ticket data"), tktp->dat, tktp->length);
- printf("\nAuth Data:\n");
- printf(" Principal \"%s\" Instance \"%s\" Realm \"%s\"\n",
+ g_printf("\nAuth Data:\n");
+ g_printf(" Principal \"%s\" Instance \"%s\" Realm \"%s\"\n",
authp->life, SIZEOF(authp->session));
print_hex("session key", authp->session, SIZEOF(authp->session));
fflush(stdout);
authp->life, SIZEOF(authp->session));
print_hex("session key", authp->session, SIZEOF(authp->session));
fflush(stdout);
- printf("\nCredentials:\n");
- printf(" service \"%s\" instance \"%s\" realm \"%s\" life %d kvno %d\n",
+ g_printf("\nCredentials:\n");
+ g_printf(" service \"%s\" instance \"%s\" realm \"%s\" life %d kvno %d\n",
credp->service, credp->instance, credp->realm, credp->lifetime,
credp->kvno);
print_hex("session key", credp->session, SIZEOF(credp->session));
credp->service, credp->instance, credp->realm, credp->lifetime,
credp->kvno);
print_hex("session key", credp->session, SIZEOF(credp->session));