X-Git-Url: https://git.gag.com/?a=blobdiff_plain;f=common-src%2Fkrb4-security.c;h=69bf2d314142478177aedaf0bd812453be34ea80;hb=e9de482962ca61612054c6e0382814b04e416129;hp=d11d5c325c82a006e1d13c16c00e150ef9616126;hpb=eefb15c5c04acb3c75f0c704ea664feb1bbae75c;p=debian%2Famanda diff --git a/common-src/krb4-security.c b/common-src/krb4-security.c index d11d5c3..69bf2d3 100644 --- a/common-src/krb4-security.c +++ b/common-src/krb4-security.c @@ -25,13 +25,12 @@ */ /* - * $Id: krb4-security.c,v 1.9 2006/02/21 04:13:55 ktill Exp $ + * $Id: krb4-security.c,v 1.18 2006/07/13 03:22:20 paddy_s Exp $ * * krb4-security.c - helper functions for kerberos v4 security. */ #include "config.h" -#ifdef KRB4_SECURITY #include #include @@ -42,6 +41,7 @@ #include "packet.h" #include "queue.h" #include "security.h" +#include "security-util.h" #include "protocol.h" #include "stream.h" #include "version.h" @@ -60,15 +60,22 @@ #endif /* HAVE_ON_EXIT */ #endif /* ! HAVE_ATEXIT */ -int krb_set_lifetime P((int)); -int kuserok P((AUTH_DAT *, char *)); +/* + * This is the tcp stream buffer size + */ +#ifndef STREAM_BUFSIZE +#define STREAM_BUFSIZE (32768*2) +#endif + +int krb_set_lifetime(int); +int kuserok(AUTH_DAT *, char *); /* * This is the private handle data */ struct krb4_handle { security_handle_t sech; /* MUST be first */ - struct sockaddr_in peer; /* host on other side */ + struct sockaddr_in6 peer; /* host on other side */ char hostname[MAX_HOSTNAME_LENGTH+1]; /* human form of above */ char proto_handle[32]; /* protocol handle for this req */ int sequence; /* last sequence number we received */ @@ -81,7 +88,7 @@ struct krb4_handle { * The rest is used for the async recvpkt/recvpkt_cancel * interface. */ - void (*fn) P((void *, pkt_t *, security_status_t)); + void (*fn)(void *, pkt_t *, security_status_t); /* func to call when packet recvd */ void *arg; /* argument to pass function */ event_handle_t *ev_timeout; /* timeout handle for recv */ @@ -95,42 +102,37 @@ struct krb4_stream { security_stream_t secstr; /* MUST be first */ struct krb4_handle *krb4_handle; /* pointer into above */ int fd; /* io file descriptor */ - int port; /* local port this is bound to */ + in_port_t port; /* local port this is bound to */ int socket; /* fd for server-side accepts */ event_handle_t *ev_read; /* read event handle */ - char databuf[MAX_TAPE_BLOCK_BYTES]; /* read buffer */ - void (*fn) P((void *, void *, int)); /* read event fn */ + char databuf[STREAM_BUFSIZE]; /* read buffer */ + int len; /* */ + void (*fn)(void *, void *, ssize_t);/* read event fn */ void *arg; /* arg for previous */ }; -/* - * This is the tcp stream buffer size - */ -#define STREAM_BUFSIZE (MAX_TAPE_BLOCK_BYTES * 2) - /* * Interface functions */ -static void krb4_connect P((const char *, - char *(*)(char *, void *), - void (*)(void *, security_handle_t *, security_status_t), void *)); -static void krb4_accept P((int, int, void (*)(security_handle_t *, pkt_t *))); -static void krb4_close P((void *)); -static int krb4_sendpkt P((void *, pkt_t *)); -static void krb4_recvpkt P((void *, - void (*)(void *, pkt_t *, security_status_t), void *, int)); -static void krb4_recvpkt_cancel P((void *)); - -static void *krb4_stream_server P((void *)); -static int krb4_stream_accept P((void *)); -static void *krb4_stream_client P((void *, int)); -static void krb4_stream_close P((void *)); -static int krb4_stream_auth P((void *)); -static int krb4_stream_id P((void *)); -static int krb4_stream_write P((void *, const void *, size_t)); -static void krb4_stream_read P((void *, void (*)(void *, void *, int), - void *)); -static void krb4_stream_read_cancel P((void *)); +static void krb4_connect(const char *, char *(*)(char *, void *), + void (*)(void *, security_handle_t *, security_status_t), + void *, void *); +static void krb4_accept(const struct security_driver *, int, int, void (*)(security_handle_t *, pkt_t *)); +static void krb4_close(void *); +static int krb4_sendpkt(void *, pkt_t *); +static void krb4_recvpkt(void *, void (*)(void *, pkt_t *, security_status_t), + void *, int); +static void krb4_recvpkt_cancel(void *); +static void * krb4_stream_server(void *); +static int krb4_stream_accept(void *); +static void * krb4_stream_client(void *, int); +static void krb4_stream_close(void *); +static int krb4_stream_auth(void *); +static int krb4_stream_id(void *); +static int krb4_stream_write(void *, const void *, size_t); +static void krb4_stream_read(void *, void (*)(void *, void *, int), void *); +static int krb4_stream_read_sync(void *, void **); +static void krb4_stream_read_cancel(void *); /* @@ -152,7 +154,11 @@ const security_driver_t krb4_security_driver = { krb4_stream_id, krb4_stream_write, krb4_stream_read, + krb4_stream_read_sync, krb4_stream_read_cancel, + sec_close_connection_none, + NULL, + NULL }; /* @@ -196,7 +202,7 @@ static struct { #define handleq_first() TAILQ_FIRST(&handleq.tailq) #define handleq_next(kh) TAILQ_NEXT(kh, tq) - + /* * This is the event manager's handle for our netfd @@ -208,7 +214,7 @@ static event_handle_t *ev_netfd; * created. If NULL, no new handles are created. * It is passed the new handle and the received pkt */ -static void (*accept_fn) P((security_handle_t *, pkt_t *)); +static void (*accept_fn)(security_handle_t *, pkt_t *); /* @@ -225,35 +231,36 @@ union mutual { /* * Private functions */ -static unsigned long krb4_cksum P((const char *)); -static void krb4_getinst P((const char *, char *, size_t)); -static void host2key P((const char *, const char *, des_cblock *)); -static void init P((void)); -static void inithandle P((struct krb4_handle *, struct hostent *, int, - const char *)); -static void get_tgt P((void)); -static void killtickets P((void)); -static void recvpkt_callback P((void *)); -static void recvpkt_timeout P((void *)); -static int recv_security_ok P((struct krb4_handle *, pkt_t *)); -static void stream_read_callback P((void *)); -static int net_write P((int, const void *, size_t)); -static int net_read P((int, void *, size_t, int)); - -static int add_ticket P((struct krb4_handle *, const pkt_t *, dgram_t *)); -static void add_mutual_auth P((struct krb4_handle *, dgram_t *)); -static int check_ticket P((struct krb4_handle *, const pkt_t *, - const char *, unsigned long)); -static int check_mutual_auth P((struct krb4_handle *, const char *)); - -static const char *pkthdr2str P((const struct krb4_handle *, const pkt_t *)); -static int str2pkthdr P((const char *, pkt_t *, char *, size_t, int *)); - -static const char *bin2astr P((const unsigned char *, int)); -static void astr2bin P((const char *, unsigned char *, int *)); - -static void encrypt_data P((void *, int, des_cblock *)); -static void decrypt_data P((void *, int, des_cblock *)); +static unsigned long krb4_cksum(const char *); +static void krb4_getinst(const char *, char *, size_t); +static void host2key(const char *, const char *, des_cblock *); +static void init(void); +static void inithandle(struct krb4_handle *, struct hostent *, int, + const char *); +static void get_tgt(void); +static void killtickets(void); +static void recvpkt_callback(void *); +static void recvpkt_timeout(void *); +static int recv_security_ok(struct krb4_handle *, pkt_t *); +static void stream_read_callback(void *); +static void stream_read_sync_callback(void *); +static int knet_write(int, const void *, size_t); +static int knet_read(int, void *, size_t, int); + +static int add_ticket(struct krb4_handle *, const pkt_t *, dgram_t *); +static void add_mutual_auth(struct krb4_handle *, dgram_t *); +static int check_ticket(struct krb4_handle *, const pkt_t *, + const char *, unsigned long); +static int check_mutual_auth(struct krb4_handle *, const char *); + +static const char *kpkthdr2str(const struct krb4_handle *, const pkt_t *); +static int str2kpkthdr(const char *, pkt_t *, char *, size_t, int *); + +static const char *bin2astr(const unsigned char *, int); +static void astr2bin(const unsigned char *, unsigned char *, int *); + +static void encrypt_data(void *, size_t, des_cblock *); +static void decrypt_data(void *, size_t, des_cblock *); #define HOSTNAME_INSTANCE inst @@ -271,21 +278,21 @@ killtickets(void) * Setup some things about krb4. This should only be called once. */ static void -init() +init(void) { char tktfile[256]; - int port; + in_port_t port; static int beenhere = 0; if (beenhere) return; beenhere = 1; - gethostname(hostname, sizeof(hostname) - 1); - hostname[sizeof(hostname) - 1] = '\0'; + gethostname(hostname, SIZEOF(hostname) - 1); + hostname[SIZEOF(hostname) - 1] = '\0'; if (atexit(killtickets) < 0) - error("could not setup krb4 exit handler: %s", strerror(errno)); + error(_("could not setup krb4 exit handler: %s"), strerror(errno)); /* * [XXX] It could be argued that if KRBTKFILE is set outside of amanda, @@ -293,7 +300,7 @@ init() * This file also needs to be removed so that no extra tickets are * hanging around. */ - snprintf(tktfile, sizeof(tktfile), "/tmp/tkt%ld-%ld.amanda", + g_snprintf(tktfile, SIZEOF(tktfile), "/tmp/tkt%ld-%ld.amanda", (long)getuid(), (long)getpid()); ticketfilename = stralloc(tktfile); unlink(ticketfilename); @@ -315,20 +322,20 @@ init() * Get a ticket granting ticket and stuff it in the cache */ static void -get_tgt() +get_tgt(void) { char realm[REALM_SZ]; int rc; - strncpy(realm, krb_realmofhost(hostname), sizeof(realm) - 1); - realm[sizeof(realm) - 1] = '\0'; + strncpy(realm, krb_realmofhost(hostname), SIZEOF(realm) - 1); + realm[SIZEOF(realm) - 1] = '\0'; - rc = krb_get_svc_in_tkt(SERVER_HOST_PRINCIPLE, SERVER_HOST_INSTANCE, + rc = krb_get_svc_in_tkt(SERVER_HOST_PRINCIPAL, SERVER_HOST_INSTANCE, realm, "krbtgt", realm, TICKET_LIFETIME, SERVER_HOST_KEY_FILE); if (rc != 0) { - error("could not get krbtgt for %s.%s@%s from %s: %s", - SERVER_HOST_PRINCIPLE, SERVER_HOST_INSTANCE, realm, + error(_("could not get krbtgt for %s.%s@%s from %s: %s"), + SERVER_HOST_PRINCIPAL, SERVER_HOST_INSTANCE, realm, SERVER_HOST_KEY_FILE, krb_err_txt[rc]); } @@ -341,17 +348,21 @@ get_tgt() * up a network "connection". */ static void -krb4_connect(hostname, conf_fn, fn, arg) - const char *hostname; - char *(*conf_fn) P((char *, void *)); - void (*fn) P((void *, security_handle_t *, security_status_t)); - void *arg; +krb4_connect( + const char *hostname, + char * (*conf_fn)(char *, void *), + void (*fn)(void *, security_handle_t *, security_status_t), + void * arg, + void * datap) { struct krb4_handle *kh; char handle[32]; struct servent *se; struct hostent *he; - int port; + in_port_t port; + + (void)conf_fn; /* Quiet unused parameter warning */ + (void)datap; /* Quiet unused parameter warning */ assert(hostname != NULL); @@ -360,21 +371,21 @@ krb4_connect(hostname, conf_fn, fn, arg) */ init(); - kh = alloc(sizeof(*kh)); + kh = alloc(SIZEOF(*kh)); security_handleinit(&kh->sech, &krb4_security_driver); if ((he = gethostbyname(hostname)) == NULL) { security_seterror(&kh->sech, - "%s: could not resolve hostname", hostname); + _("%s: could not resolve hostname"), hostname); (*fn)(arg, &kh->sech, S_ERROR); return; } if ((se = getservbyname(KAMANDA_SERVICE_NAME, "udp")) == NULL) - port = htons(KAMANDA_SERVICE_DEFAULT); + port = (int)KAMANDA_SERVICE_DEFAULT; else - port = se->s_port; - snprintf(handle, sizeof(handle), "%ld", (long)time(NULL)); - inithandle(kh, he, port, handle); + port = ntohs(se->s_port); + g_snprintf(handle, SIZEOF(handle), "%ld", (long)time(NULL)); + inithandle(kh, he, (int)port, handle); (*fn)(arg, &kh->sech, S_OK); } @@ -382,10 +393,14 @@ krb4_connect(hostname, conf_fn, fn, arg) * Setup to handle new incoming connections */ static void -krb4_accept(in, out, fn) - int in, out; - void (*fn) P((security_handle_t *, pkt_t *)); +krb4_accept( + const struct security_driver *driver, + int in, + int out, + void (*fn)(security_handle_t *, pkt_t *)) { + (void)driver; /* Quiet unused parameter warning */ + (void)out; /* Quiet unused parameter warning */ /* * Make sure we're initted @@ -405,50 +420,50 @@ krb4_accept(in, out, fn) accept_fn = fn; if (ev_netfd == NULL) - ev_netfd = event_register(netfd.socket, EV_READFD, - recvpkt_callback, NULL); + ev_netfd = event_register((event_id_t)netfd.socket, EV_READFD, + recvpkt_callback, NULL); } /* * Given a hostname and a port, setup a krb4_handle */ static void -inithandle(kh, he, port, handle) - struct krb4_handle *kh; - struct hostent *he; - int port; - const char *handle; +inithandle( + struct krb4_handle *kh, + struct hostent * he, + int port, + const char * handle) { /* * Get the instance and realm for this host * (krb_realmofhost always returns something) */ - krb4_getinst(he->h_name, kh->inst, sizeof(kh->inst)); - strncpy(kh->realm, krb_realmofhost(he->h_name), sizeof(kh->realm) - 1); - kh->realm[sizeof(kh->realm) - 1] = '\0'; + krb4_getinst(he->h_name, kh->inst, SIZEOF(kh->inst)); + strncpy(kh->realm, krb_realmofhost(he->h_name), SIZEOF(kh->realm) - 1); + kh->realm[SIZEOF(kh->realm) - 1] = '\0'; /* * Save a copy of the hostname */ - strncpy(kh->hostname, he->h_name, sizeof(kh->hostname) - 1); - kh->hostname[sizeof(kh->hostname) - 1] = '\0'; + strncpy(kh->hostname, he->h_name, SIZEOF(kh->hostname) - 1); + kh->hostname[SIZEOF(kh->hostname) - 1] = '\0'; /* * We have no checksum or session key at this point */ kh->cksum = 0; - memset(kh->session_key, 0, sizeof(kh->session_key)); + memset(kh->session_key, 0, SIZEOF(kh->session_key)); /* * Setup our peer info. We don't do anything with the sequence yet, * so just leave it at 0. */ - kh->peer.sin_family = AF_INET; - kh->peer.sin_port = port; - kh->peer.sin_addr = *(struct in_addr *)he->h_addr; - strncpy(kh->proto_handle, handle, sizeof(kh->proto_handle) - 1); - kh->proto_handle[sizeof(kh->proto_handle) - 1] = '\0'; + kh->peer.sin6_family = (sa_family_t)AF_INET6; + kh->peer.sin6_port = (in_port_t)port; + kh->peer.sin6_addr = *(struct in6_addr *)he->h_addr; + strncpy(kh->proto_handle, handle, SIZEOF(kh->proto_handle) - 1); + kh->proto_handle[SIZEOF(kh->proto_handle) - 1] = '\0'; kh->sequence = 0; kh->fn = NULL; kh->arg = NULL; @@ -459,8 +474,8 @@ inithandle(kh, he, port, handle) * frees a handle allocated by the above */ static void -krb4_close(inst) - void *inst; +krb4_close( + void * inst) { krb4_recvpkt_cancel(inst); @@ -470,10 +485,10 @@ krb4_close(inst) /* * Transmit a packet. Add security information first. */ -static int -krb4_sendpkt(cookie, pkt) - void *cookie; - pkt_t *pkt; +static ssize_t +krb4_sendpkt( + void * cookie, + pkt_t * pkt) { struct krb4_handle *kh = cookie; @@ -488,7 +503,7 @@ krb4_sendpkt(cookie, pkt) /* * Add the header to the packet */ - dgram_cat(&netfd, pkthdr2str(kh, pkt)); + dgram_cat(&netfd, kpkthdr2str(kh, pkt)); /* * Add the security info. This depends on which kind of packet we're @@ -525,9 +540,9 @@ krb4_sendpkt(cookie, pkt) * Add the body, and send it */ dgram_cat(&netfd, pkt->body); - if (dgram_send_addr(kh->peer, &netfd) != 0) { + if (dgram_send_addr(&kh->peer, &netfd) != 0) { security_seterror(&kh->sech, - "send %s to %s failed: %s", pkt_type2str(pkt->type), + _("send %s to %s failed: %s"), pkt_type2str(pkt->type), kh->hostname, strerror(errno)); return (-1); } @@ -539,10 +554,11 @@ krb4_sendpkt(cookie, pkt) * it has been read. */ static void -krb4_recvpkt(cookie, fn, arg, timeout) - void *cookie, *arg; - void (*fn) P((void *, pkt_t *, security_status_t)); - int timeout; +krb4_recvpkt( + void * cookie, + void (*fn)(void *, pkt_t *, security_status_t), + void * arg, + int timeout) { struct krb4_handle *kh = cookie; @@ -557,8 +573,8 @@ krb4_recvpkt(cookie, fn, arg, timeout) */ if (ev_netfd == NULL) { assert(handleq.qlength == 0); - ev_netfd = event_register(netfd.socket, EV_READFD, - recvpkt_callback, NULL); + ev_netfd = event_register((event_id_t)netfd.socket, EV_READFD, + recvpkt_callback, NULL); } /* @@ -572,7 +588,8 @@ krb4_recvpkt(cookie, fn, arg, timeout) if (timeout < 0) kh->ev_timeout = NULL; else - kh->ev_timeout = event_register(timeout, EV_TIME, recvpkt_timeout, kh); + kh->ev_timeout = event_register((event_id_t)timeout, EV_TIME, + recvpkt_timeout, kh); kh->fn = fn; kh->arg = arg; } @@ -583,8 +600,8 @@ krb4_recvpkt(cookie, fn, arg, timeout) * for our network fd. */ static void -krb4_recvpkt_cancel(cookie) - void *cookie; +krb4_recvpkt_cancel( + void * cookie) { struct krb4_handle *kh = cookie; @@ -611,20 +628,20 @@ krb4_recvpkt_cancel(cookie) * socket for receiving a connection. */ static void * -krb4_stream_server(h) - void *h; +krb4_stream_server( + void * h) { struct krb4_handle *kh = h; struct krb4_stream *ks; assert(kh != NULL); - ks = alloc(sizeof(*ks)); + ks = alloc(SIZEOF(*ks)); security_streaminit(&ks->secstr, &krb4_security_driver); - ks->socket = stream_server(&ks->port, STREAM_BUFSIZE, STREAM_BUFSIZE); + ks->socket = stream_server(&ks->port, STREAM_BUFSIZE, STREAM_BUFSIZE, 1); if (ks->socket < 0) { security_seterror(&kh->sech, - "can't create server stream: %s", strerror(errno)); + _("can't create server stream: %s"), strerror(errno)); amfree(ks); return (NULL); } @@ -638,8 +655,8 @@ krb4_stream_server(h) * Accept an incoming connection on a stream_server socket */ static int -krb4_stream_accept(s) - void *s; +krb4_stream_accept( + void * s) { struct krb4_stream *ks = s; struct krb4_handle *kh; @@ -650,10 +667,10 @@ krb4_stream_accept(s) assert(ks->socket >= 0); assert(ks->fd == -1); - ks->fd = stream_accept(ks->socket, 30, -1, -1); + ks->fd = stream_accept(ks->socket, 30, STREAM_BUFSIZE, STREAM_BUFSIZE); if (ks->fd < 0) { security_stream_seterror(&ks->secstr, - "can't accept new stream connection: %s", strerror(errno)); + _("can't accept new stream connection: %s"), strerror(errno)); return (-1); } return (0); @@ -663,28 +680,22 @@ krb4_stream_accept(s) * Return a connected stream. */ static void * -krb4_stream_client(h, id) - void *h; - int id; +krb4_stream_client( + void * h, + int id) { struct krb4_handle *kh = h; struct krb4_stream *ks; assert(kh != NULL); - if (id < 0) { - security_seterror(&kh->sech, - "%d: invalid security stream id", id); - return (NULL); - } - - ks = alloc(sizeof(*ks)); + ks = alloc(SIZEOF(*ks)); security_streaminit(&ks->secstr, &krb4_security_driver); ks->fd = stream_client(kh->hostname, id, STREAM_BUFSIZE, STREAM_BUFSIZE, &ks->port, 0); if (ks->fd < 0) { security_seterror(&kh->sech, - "can't connect stream to %s port %d: %s", kh->hostname, id, + _("can't connect stream to %s port %d: %s"), kh->hostname, id, strerror(errno)); amfree(ks); return (NULL); @@ -700,8 +711,8 @@ krb4_stream_client(h, id) * Close and unallocate resources for a stream. */ static void -krb4_stream_close(s) - void *s; +krb4_stream_close( + void * s) { struct krb4_stream *ks = s; @@ -723,8 +734,8 @@ krb4_stream_close(s) * into byte arrays and send those. */ static int -krb4_stream_auth(s) - void *s; +krb4_stream_auth( + void * s) { struct krb4_stream *ks = s; struct krb4_handle *kh; @@ -742,19 +753,19 @@ krb4_stream_auth(s) assert(fd >= 0); /* make sure our timeval is what we're expecting, see above */ - assert(sizeof(struct timeval) == 8); + assert(SIZEOF(struct timeval) == 8); /* * Get the current time, put it in network byte order, encrypt it * and present it to the other side. */ gettimeofday(&local, &tz); - enc.tv_sec = htonl(local.tv_sec); - enc.tv_usec = htonl(local.tv_usec); - encrypt_data(&enc, sizeof(enc), &kh->session_key); - if (net_write(fd, &enc, sizeof(enc)) < 0) { + enc.tv_sec = (long)htonl((guint32)local.tv_sec); + enc.tv_usec = (long)htonl((guint32)local.tv_usec); + encrypt_data(&enc, SIZEOF(enc), &kh->session_key); + if (knet_write(fd, &enc, SIZEOF(enc)) < 0) { security_stream_seterror(&ks->secstr, - "krb4 stream handshake write error: %s", strerror(errno)); + _("krb4 stream handshake write error: %s"), strerror(errno)); return (-1); } @@ -763,20 +774,20 @@ krb4_stream_auth(s) * and useconds by one. Reencrypt, and present to the other side. * Timeout in 10 seconds. */ - if (net_read(fd, &enc, sizeof(enc), 10) < 0) { + if (knet_read(fd, &enc, SIZEOF(enc), 60) < 0) { security_stream_seterror(&ks->secstr, - "krb4 stream handshake read error: %s", strerror(errno)); + _("krb4 stream handshake read error: %s"), strerror(errno)); return (-1); } - decrypt_data(&enc, sizeof(enc), &kh->session_key); + decrypt_data(&enc, SIZEOF(enc), &kh->session_key); /* XXX do timestamp checking here */ - enc.tv_sec = htonl(ntohl(enc.tv_sec) + 1); - enc.tv_usec = htonl(ntohl(enc.tv_usec) + 1); - encrypt_data(&enc, sizeof(enc), &kh->session_key); + enc.tv_sec = (long)htonl(ntohl((guint32)enc.tv_sec) + 1); + enc.tv_usec =(long)htonl(ntohl((guint32)enc.tv_usec) + 1); + encrypt_data(&enc, SIZEOF(enc), &kh->session_key); - if (net_write(fd, &enc, sizeof(enc)) < 0) { + if (knet_write(fd, &enc, SIZEOF(enc)) < 0) { security_stream_seterror(&ks->secstr, - "krb4 stream handshake write error: %s", strerror(errno)); + _("krb4 stream handshake write error: %s"), strerror(errno)); return (-1); } @@ -785,20 +796,21 @@ krb4_stream_auth(s) * If they incremented it properly, then succeed. * Timeout in 10 seconds. */ - if (net_read(fd, &enc, sizeof(enc), 10) < 0) { + if (knet_read(fd, &enc, SIZEOF(enc), 60) < 0) { security_stream_seterror(&ks->secstr, - "krb4 stream handshake read error: %s", strerror(errno)); + _("krb4 stream handshake read error: %s"), strerror(errno)); return (-1); } - decrypt_data(&enc, sizeof(enc), &kh->session_key); - if (ntohl(enc.tv_sec) == local.tv_sec + 1 && - ntohl(enc.tv_usec) == local.tv_usec + 1) + decrypt_data(&enc, SIZEOF(enc), &kh->session_key); + if ((ntohl((guint32)enc.tv_sec) == (uint32_t)(local.tv_sec + 1)) && + (ntohl((guint32)enc.tv_usec) == (uint32_t)(local.tv_usec + 1))) return (0); security_stream_seterror(&ks->secstr, - "krb4 handshake failed: sent %ld,%ld - recv %ld,%ld", + _("krb4 handshake failed: sent %ld,%ld - recv %ld,%ld"), (long)(local.tv_sec + 1), (long)(local.tv_usec + 1), - (long)ntohl(enc.tv_sec), (long)ntohl(enc.tv_usec)); + (long)ntohl((guint32)enc.tv_sec), + (long)ntohl((guint32)enc.tv_usec)); return (-1); } @@ -807,8 +819,8 @@ krb4_stream_auth(s) * port. */ static int -krb4_stream_id(s) - void *s; +krb4_stream_id( + void * s) { struct krb4_stream *ks = s; @@ -821,20 +833,18 @@ krb4_stream_id(s) * Write a chunk of data to a stream. Blocks until completion. */ static int -krb4_stream_write(s, buf, size) - void *s; - const void *buf; - size_t size; +krb4_stream_write( + void * s, + const void *buf, + size_t size) { struct krb4_stream *ks = s; - struct krb4_handle *kh = ks->krb4_handle; assert(ks != NULL); - assert(kh != NULL); - if (net_write(ks->fd, buf, size) < 0) { + if (knet_write(ks->fd, buf, size) < 0) { security_stream_seterror(&ks->secstr, - "write error on stream %d: %s", ks->fd, strerror(errno)); + _("write error on stream %d: %s"), ks->fd, strerror(errno)); return (-1); } return (0); @@ -845,9 +855,10 @@ krb4_stream_write(s, buf, size) * function and arg when completed. */ static void -krb4_stream_read(s, fn, arg) - void *s, *arg; - void (*fn) P((void *, void *, int)); +krb4_stream_read( + void * s, + void (*fn)(void *, void *, ssize_t), + void * arg) { struct krb4_stream *ks = s; @@ -859,18 +870,67 @@ krb4_stream_read(s, fn, arg) if (ks->ev_read != NULL) event_release(ks->ev_read); - ks->ev_read = event_register(ks->fd, EV_READFD, stream_read_callback, ks); + ks->ev_read = event_register((event_id_t)ks->fd, EV_READFD, + stream_read_callback, ks); ks->fn = fn; ks->arg = arg; } +/* + * Write a chunk of data to a stream. Blocks until completion. + */ +static ssize_t +krb4_stream_read_sync( + void * s, + void ** buf) +{ + struct krb4_stream *ks = s; + + (void)buf; /* Quiet unused variable warning */ + assert(ks != NULL); + + if (ks->ev_read != NULL) + event_release(ks->ev_read); + + ks->ev_read = event_register((event_id_t)ks->fd, EV_READFD, + stream_read_sync_callback, ks); + event_wait(ks->ev_read); + return((ssize_t)ks->len); +} + +/* + * Callback for krb4_stream_read_sync + */ +static void +stream_read_sync_callback( + void * arg) +{ + struct krb4_stream *ks = arg; + ssize_t n; + + assert(ks != NULL); + assert(ks->fd != -1); + + /* + * Remove the event first, and then call the callback. + * We remove it first because we don't want to get in their + * way if they reschedule it. + */ + krb4_stream_read_cancel(ks); + n = read(ks->fd, ks->databuf, sizeof(ks->databuf)); + if (n < 0) + security_stream_seterror(&ks->secstr, + strerror(errno)); + ks->len = (int)n; +} + /* * Cancel a previous stream read request. It's ok if we didn't have a read * scheduled. */ static void -krb4_stream_read_cancel(s) - void *s; +krb4_stream_read_cancel( + void * s) { struct krb4_stream *ks = s; @@ -886,11 +946,11 @@ krb4_stream_read_cancel(s) * Callback for krb4_stream_read */ static void -stream_read_callback(arg) - void *arg; +stream_read_callback( + void * arg) { struct krb4_stream *ks = arg; - int n; + ssize_t n; assert(ks != NULL); assert(ks->fd != -1); @@ -901,7 +961,7 @@ stream_read_callback(arg) * way if they reschedule it. */ krb4_stream_read_cancel(ks); - n = read(ks->fd, ks->databuf, sizeof(ks->databuf)); + n = read(ks->fd, ks->databuf, SIZEOF(ks->databuf)); if (n < 0) security_stream_seterror(&ks->secstr, strerror(errno)); @@ -914,18 +974,19 @@ stream_read_callback(arg) * and does the real callback if so. */ static void -recvpkt_callback(cookie) - void *cookie; +recvpkt_callback( + void * cookie) { char handle[32]; - struct sockaddr_in peer; + struct sockaddr_in6 peer; pkt_t pkt; int sequence; struct krb4_handle *kh; struct hostent *he; - void (*fn) P((void *, pkt_t *, security_status_t)); + void (*fn)(void *, pkt_t *, security_status_t); void *arg; + (void)cookie; /* Quiet unused parameter warning */ assert(cookie == NULL); /* @@ -936,14 +997,12 @@ recvpkt_callback(cookie) dgram_zero(&netfd); if (dgram_recv(&netfd, 0, &peer) < 0) return; - if (str2pkthdr(netfd.cur, &pkt, handle, sizeof(handle), &sequence) < 0) + if (str2kpkthdr(netfd.cur, &pkt, handle, SIZEOF(handle), &sequence) < 0) return; for (kh = handleq_first(); kh != NULL; kh = handleq_next(kh)) { if (strcmp(kh->proto_handle, handle) == 0 && - memcmp(&kh->peer.sin_addr, &peer.sin_addr, - sizeof(peer.sin_addr)) == 0 && - kh->peer.sin_port == peer.sin_port) { + cmp_sockaddr(&kh->peer, &peer, 0) == 0) { kh->sequence = sequence; /* @@ -967,12 +1026,12 @@ recvpkt_callback(cookie) if (accept_fn == NULL) return; - he = gethostbyaddr((void *)&peer.sin_addr, sizeof(peer.sin_addr), AF_INET); + he = gethostbyaddr((void *)&peer.sin6_addr, SIZEOF(peer.sin6_addr), AF_INET6); if (he == NULL) return; - kh = alloc(sizeof(*kh)); + kh = alloc(SIZEOF(*kh)); security_handleinit(&kh->sech, &krb4_security_driver); - inithandle(kh, he, peer.sin_port, handle); + inithandle(kh, he, (int)peer.sin6_port, handle); /* * Check the security of the packet. If it is bad, then pass NULL @@ -988,11 +1047,11 @@ recvpkt_callback(cookie) * This is called when a handle times out before receiving a packet. */ static void -recvpkt_timeout(cookie) - void *cookie; +recvpkt_timeout( + void * cookie) { struct krb4_handle *kh = cookie; - void (*fn) P((void *, pkt_t *, security_status_t)); + void (*fn)(void *, pkt_t *, security_status_t); void *arg; assert(kh != NULL); @@ -1008,46 +1067,46 @@ recvpkt_timeout(cookie) * Add a ticket to the message */ static int -add_ticket(kh, pkt, msg) - struct krb4_handle *kh; - const pkt_t *pkt; - dgram_t *msg; +add_ticket( + struct krb4_handle *kh, + const pkt_t * pkt, + dgram_t * msg) { char inst[INST_SZ]; KTEXT_ST ticket; char *security; int rc; - kh->cksum = krb4_cksum(pkt->body); + kh->cksum = (long)krb4_cksum(pkt->body); #if CLIENT_HOST_INSTANCE == HOSTNAME_INSTANCE /* * User requested that all instances be based on the target * hostname. */ - strncpy(inst, kh->inst, sizeof(inst) - 1); + strncpy(inst, kh->inst, SIZEOF(inst) - 1); #else /* * User requested a fixed instance. */ - strncpy(inst, CLIENT_HOST_INSTANCE, sizeof(inst) - 1); + strncpy(inst, CLIENT_HOST_INSTANCE, SIZEOF(inst) - 1); #endif - inst[sizeof(inst) - 1] = '\0'; + inst[SIZEOF(inst) - 1] = '\0'; /* * Get a ticket with the user-defined service and instance, * and using the checksum of the body of the request packet. */ - rc = krb_mk_req(&ticket, CLIENT_HOST_PRINCIPLE, inst, kh->realm, + rc = krb_mk_req(&ticket, CLIENT_HOST_PRINCIPAL, inst, kh->realm, kh->cksum); if (rc == NO_TKT_FIL) { /* It's been kdestroyed. Get a new one and try again */ get_tgt(); - rc = krb_mk_req(&ticket, CLIENT_HOST_PRINCIPLE, inst, kh->realm, + rc = krb_mk_req(&ticket, CLIENT_HOST_PRINCIPAL, inst, kh->realm, kh->cksum); } if (rc != 0) { security_seterror(&kh->sech, - "krb_mk_req failed: %s (%d)", error_message(rc), rc); + _("krb_mk_req failed: %s (%d)"), error_message(rc), rc); return (-1); } /* @@ -1067,9 +1126,9 @@ add_ticket(kh, pkt, msg) * the req, + 1 */ static void -add_mutual_auth(kh, msg) - struct krb4_handle *kh; - dgram_t *msg; +add_mutual_auth( + struct krb4_handle *kh, + dgram_t * msg) { union mutual mutual; char *security; @@ -1079,12 +1138,13 @@ add_mutual_auth(kh, msg) assert(kh->cksum != 0); assert(kh->session_key[0] != '\0'); - memset(&mutual, 0, sizeof(mutual)); - mutual.cksum = htonl(kh->cksum + 1); - encrypt_data(&mutual, sizeof(mutual), &kh->session_key); + memset(&mutual, 0, SIZEOF(mutual)); + mutual.cksum = (unsigned long)htonl((guint32)kh->cksum + 1); + encrypt_data(&mutual, SIZEOF(mutual), &kh->session_key); security = vstralloc("SECURITY MUTUAL-AUTH ", - bin2astr(mutual.pad, sizeof(mutual.pad)), "\n", NULL); + bin2astr((unsigned char *)mutual.pad, + (int)sizeof(mutual.pad)), "\n", NULL); dgram_cat(msg, security); amfree(security); } @@ -1095,9 +1155,9 @@ add_mutual_auth(kh, msg) * passed packet. */ static int -recv_security_ok(kh, pkt) - struct krb4_handle *kh; - pkt_t *pkt; +recv_security_ok( + struct krb4_handle *kh, + pkt_t * pkt) { char *tok, *security, *body; unsigned long cksum; @@ -1109,7 +1169,7 @@ recv_security_ok(kh, pkt) * Set this preemptively before we mangle the body. */ security_seterror(&kh->sech, - "bad %s SECURITY line from %s: '%s'", pkt_type2str(pkt->type), + _("bad %s SECURITY line from %s: '%s'"), pkt_type2str(pkt->type), kh->hostname, pkt->body); @@ -1121,7 +1181,7 @@ recv_security_ok(kh, pkt) * Increment the cur pointer past it to the data section after * parsing is finished. */ - if (strncmp(pkt->body, "SECURITY", sizeof("SECURITY") - 1) == 0) { + if (strncmp(pkt->body, "SECURITY", SIZEOF("SECURITY") - 1) == 0) { tok = strtok(pkt->body, " "); assert(strcmp(tok, "SECURITY") == 0); /* security info goes until the newline */ @@ -1142,7 +1202,7 @@ recv_security_ok(kh, pkt) } /* - * Get a checksum of the non-security parts of the body + * Get a checksum of the non-security parts of the body */ cksum = krb4_cksum(body); @@ -1168,7 +1228,7 @@ recv_security_ok(kh, pkt) return (-1); if (strcmp(tok, "TICKET") != 0) { security_seterror(&kh->sech, - "REQ SECURITY line parse error, expecting TICKET, got %s", tok); + _("REQ SECURITY line parse error, expecting TICKET, got %s"), tok); return (-1); } @@ -1229,11 +1289,11 @@ recv_security_ok(kh, pkt) * Check the ticket in a REQ packet for authenticity */ static int -check_ticket(kh, pkt, ticket_str, cksum) - struct krb4_handle *kh; - const pkt_t *pkt; - const char *ticket_str; - unsigned long cksum; +check_ticket( + struct krb4_handle *kh, + const pkt_t * pkt, + const char * ticket_str, + unsigned long cksum) { char inst[INST_SZ]; KTEXT_ST ticket; @@ -1242,28 +1302,30 @@ check_ticket(kh, pkt, ticket_str, cksum) char *user; int rc; + (void)pkt; /* Quiet unused parameter warning */ + assert(kh != NULL); assert(pkt != NULL); assert(ticket_str != NULL); - ticket.length = sizeof(ticket.dat); - astr2bin(ticket_str, ticket.dat, &ticket.length); + ticket.length = (int)sizeof(ticket.dat); + astr2bin((unsigned char *)ticket_str, ticket.dat, &ticket.length); assert(ticket.length > 0); /* get a copy of the instance into writable memory */ #if CLIENT_HOST_INSTANCE == HOSTNAME_INSTANCE - strncpy(inst, krb_get_phost(hostname), sizeof(inst) - 1); + strncpy(inst, krb_get_phost(hostname), SIZEOF(inst) - 1); #else - strncpy(inst, CLIENT_HOST_INSTANCE, sizeof(inst) - 1); + strncpy(inst, CLIENT_HOST_INSTANCE, SIZEOF(inst) - 1); #endif - inst[sizeof(inst) - 1] = '\0'; + inst[SIZEOF(inst) - 1] = '\0'; /* get the checksum out of the ticket */ - rc = krb_rd_req(&ticket, CLIENT_HOST_PRINCIPLE, inst, - kh->peer.sin_addr.s_addr, &auth, CLIENT_HOST_KEY_FILE); + rc = krb_rd_req(&ticket, CLIENT_HOST_PRINCIPAL, inst, + kh->peer.sin6_addr.s_addr, &auth, CLIENT_HOST_KEY_FILE); if (rc != 0) { security_seterror(&kh->sech, - "krb_rd_req failed for %s: %s (%d)", kh->hostname, + _("krb_rd_req failed for %s: %s (%d)"), kh->hostname, error_message(rc), rc); return (-1); } @@ -1271,24 +1333,24 @@ check_ticket(kh, pkt, ticket_str, cksum) /* verify and save the checksum and session key */ if (auth.checksum != cksum) { security_seterror(&kh->sech, - "krb4 checksum mismatch for %s (remote=%lu, local=%lu)", + _("krb4 checksum mismatch for %s (remote=%lu, local=%lu)"), kh->hostname, (long)auth.checksum, cksum); return (-1); } - kh->cksum = cksum; - memcpy(kh->session_key, auth.session, sizeof(kh->session_key)); + kh->cksum = (unsigned long)cksum; + memcpy(kh->session_key, auth.session, SIZEOF(kh->session_key)); /* - * If FORCE_USERID is set, then we need to specifically + * If CHECK_USERID is set, then we need to specifically * check the userid we're forcing ourself to. Otherwise, * just check the login we're currently setuid to. */ -#ifdef FORCE_USERID +#ifdef CHECK_USERID if ((pwd = getpwnam(CLIENT_LOGIN)) == NULL) - error("error [getpwnam(%s) fails]", CLIENT_LOGIN); + error(_("error [getpwnam(%s) fails]"), CLIENT_LOGIN); #else if ((pwd = getpwuid(getuid())) == NULL) - error("error [getpwuid(%d) fails]", getuid()); + error(_("error [getpwuid(%d) fails]"), getuid()); #endif /* save the username in case it's overwritten */ @@ -1297,7 +1359,7 @@ check_ticket(kh, pkt, ticket_str, cksum) /* check the klogin file */ if (kuserok(&auth, user)) { security_seterror(&kh->sech, - "access as %s not allowed from %s.%s@%s", user, auth.pname, + _("access as %s not allowed from %s.%s@%s"), user, auth.pname, auth.pinst, auth.prealm); amfree(user); return (-1); @@ -1313,9 +1375,9 @@ check_ticket(kh, pkt, ticket_str, cksum) * the same checksum as our request + 1. */ static int -check_mutual_auth(kh, mutual_auth_str) - struct krb4_handle *kh; - const char *mutual_auth_str; +check_mutual_auth( + struct krb4_handle *kh, + const char * mutual_auth_str) { union mutual mutual; int len; @@ -1327,18 +1389,18 @@ check_mutual_auth(kh, mutual_auth_str) assert(kh->cksum != 0); /* convert the encoded string into binary data */ - len = sizeof(mutual); - astr2bin(mutual_auth_str, (unsigned char *)&mutual, &len); + len = (int)sizeof(mutual); + astr2bin((unsigned char *)mutual_auth_str, (unsigned char *)&mutual, &len); /* unencrypt the string using the key in the ticket file */ host2key(kh->hostname, kh->inst, &kh->session_key); - decrypt_data(&mutual, len, &kh->session_key); - mutual.cksum = ntohl(mutual.cksum); + decrypt_data(&mutual, (size_t)len, &kh->session_key); + mutual.cksum = (unsigned long)ntohl((guint32)mutual.cksum); /* the data must be the same as our request cksum + 1 */ - if (mutual.cksum != kh->cksum + 1) { + if (mutual.cksum != (kh->cksum + 1)) { security_seterror(&kh->sech, - "krb4 checksum mismatch from %s (remote=%lu, local=%lu)", + _("krb4 checksum mismatch from %s (remote=%lu, local=%lu)"), kh->hostname, mutual.cksum, kh->cksum + 1); return (-1); } @@ -1350,16 +1412,16 @@ check_mutual_auth(kh, mutual_auth_str) * Convert a pkt_t into a header string for our packet */ static const char * -pkthdr2str(kh, pkt) - const struct krb4_handle *kh; - const pkt_t *pkt; +kpkthdr2str( + const struct krb4_handle * kh, + const pkt_t * pkt) { static char retbuf[256]; assert(kh != NULL); assert(pkt != NULL); - snprintf(retbuf, sizeof(retbuf), "Amanda %d.%d %s HANDLE %s SEQ %d\n", + g_snprintf(retbuf, SIZEOF(retbuf), "Amanda %d.%d %s HANDLE %s SEQ %d\n", VERSION_MAJOR, VERSION_MINOR, pkt_type2str(pkt->type), kh->proto_handle, kh->sequence); @@ -1374,12 +1436,12 @@ pkthdr2str(kh, pkt) * Returns negative on parse error. */ static int -str2pkthdr(origstr, pkt, handle, handlesize, sequence) - const char *origstr; - pkt_t *pkt; - char *handle; - size_t handlesize; - int *sequence; +str2kpkthdr( + const char *origstr, + pkt_t * pkt, + char * handle, + size_t handlesize, + int * sequence) { char *str; const char *tok; @@ -1435,27 +1497,28 @@ str2pkthdr(origstr, pkt, handle, handlesize, sequence) parse_error: #if 0 /* XXX we have no way of passing this back up */ security_seterror(&kh->sech, - "parse error in packet header : '%s'", origstr); + _("parse error in packet header : '%s'"), origstr); #endif amfree(str); return (-1); } static void -host2key(hostname, inst, key) - const char *hostname, *inst; - des_cblock *key; +host2key( + const char *hostname, + const char *inst, + des_cblock *key) { char realm[256]; CREDENTIALS cred; - strncpy(realm, krb_realmofhost((char *)hostname), sizeof(realm) - 1); - realm[sizeof(realm) - 1] = '\0'; + strncpy(realm, krb_realmofhost((char *)hostname), SIZEOF(realm) - 1); + realm[SIZEOF(realm) - 1] = '\0'; #if CLIENT_HOST_INSTANCE != HOSTNAME_INSTANCE inst = CLIENT_HOST_INSTANCE #endif - krb_get_cred(CLIENT_HOST_PRINCIPLE, (char *)inst, realm, &cred); - memcpy(key, cred.session, sizeof(des_cblock)); + krb_get_cred(CLIENT_HOST_PRINCIPAL, (char *)inst, realm, &cred); + memcpy(key, cred.session, SIZEOF(des_cblock)); } @@ -1463,22 +1526,23 @@ host2key(hostname, inst, key) * Convert a chunk of data into a string. */ static const char * -bin2astr(buf, len) - const unsigned char *buf; - int len; +bin2astr( + const unsigned char *buf, + int len) { static const char tohex[] = "0123456789ABCDEF"; static char *str = NULL; char *q; const unsigned char *p; - int slen, i; + size_t slen; + int i; /* * calculate output string len * We quote everything, so each input byte == 3 output chars, plus * two more for quotes */ - slen = (len * 3) + 2; + slen = ((size_t)len * 3) + 2; /* allocate string and fill it in */ if (str != NULL) @@ -1497,7 +1561,7 @@ bin2astr(buf, len) *q = '\0'; /* make sure we didn't overrun our allocated buffer */ - assert(q - str == slen); + assert((size_t)(q - str) == slen); return (str); } @@ -1506,12 +1570,12 @@ bin2astr(buf, len) * Convert an encoded string into a block of data bytes */ static void -astr2bin(astr, buf, lenp) - const char *astr; - unsigned char *buf; - int *lenp; +astr2bin( + const unsigned char *astr, + unsigned char * buf, + int * lenp) { - const char *p; + const unsigned char *p; unsigned char *q; #define fromhex(h) (isdigit((int)h) ? (h) - '0' : (h) - 'A' + 10) @@ -1532,32 +1596,32 @@ astr2bin(astr, buf, lenp) *q++ = (fromhex(p[1]) << 4) + fromhex(p[2]); p += 3; } - if (q - buf >= *lenp) + if ((int)(q - buf) >= *lenp) break; } *lenp = q - buf; } static unsigned long -krb4_cksum(str) - const char *str; +krb4_cksum( + const char *str) { des_cblock seed; - memset(seed, 0, sizeof(seed)); + memset(seed, 0, SIZEOF(seed)); /* * The first arg is an unsigned char * in some krb4 implementations, * and in others, it's a des_cblock *. Just make it void here * to shut them all up. */ - return (quad_cksum((void *)str, NULL, strlen(str), 1, &seed)); + return (quad_cksum((void *)str, NULL, (long)strlen(str), 1, &seed)); } static void -krb4_getinst(hname, inst, size) - const char *hname; - char *inst; - size_t size; +krb4_getinst( + const char *hname, + char * inst, + size_t size) { /* @@ -1573,10 +1637,10 @@ krb4_getinst(hname, inst, size) } static void -encrypt_data(data, length, key) - void *data; - int length; - des_cblock *key; +encrypt_data( + void * data, + size_t length, + des_cblock *key) { des_key_schedule sched; @@ -1587,33 +1651,33 @@ encrypt_data(data, length, key) * arrays should be outlawed. */ des_key_sched((void *)key, sched); - des_pcbc_encrypt(data, data, length, sched, key, DES_ENCRYPT); + des_pcbc_encrypt(data, data, (long)length, sched, key, DES_ENCRYPT); } static void -decrypt_data(data, length, key) - void *data; - int length; - des_cblock *key; +decrypt_data( + void * data, + size_t length, + des_cblock *key) { des_key_schedule sched; des_key_sched((void *)key, sched); - des_pcbc_encrypt(data, data, length, sched, key, DES_DECRYPT); + des_pcbc_encrypt(data, data, (long)length, sched, key, DES_DECRYPT); } /* * like write(), but always writes out the entire buffer. */ static int -net_write(fd, vbuf, size) - int fd; - const void *vbuf; - size_t size; +knet_write( + int fd, + const void *vbuf, + size_t size) { const char *buf = vbuf; /* so we can do ptr arith */ - int n; + ssize_t n; while (size > 0) { n = write(fd, buf, size); @@ -1629,15 +1693,16 @@ net_write(fd, vbuf, size) * Like read(), but waits until the entire buffer has been filled. */ static int -net_read(fd, vbuf, size, timeout) - int fd; - void *vbuf; - size_t size; - int timeout; +knet_read( + int fd, + void * vbuf, + size_t size, + int timeout) { char *buf = vbuf; /* ptr arith */ - int n, neof = 0; - fd_set readfds; + ssize_t n; + int neof = 0; + SELECT_ARG_TYPE readfds; struct timeval tv; while (size > 0) { @@ -1677,58 +1742,55 @@ net_read(fd, vbuf, size, timeout) /* debug routines */ static void -print_hex(str,buf,len) -const char *str; -const unsigned char *buf; -int len; +print_hex( + const char * str, + const unsigned char * buf, + size_t len) { int i; - dbprintf(("%s:", str)); + dbprintf("%s:", str); for(i=0;ilength, tktp->mbz)); - print_hex("ticket data", tktp->dat, tktp->length); + dbprintf(_("%s: length %d chk %lX\n"), str, tktp->length, tktp->mbz); + print_hex(_("ticket data"), tktp->dat, tktp->length); fflush(stdout); } static void -print_auth(authp) -AUTH_DAT *authp; +print_auth( + AUTH_DAT *authp) { - printf("\nAuth Data:\n"); - printf(" Principal \"%s\" Instance \"%s\" Realm \"%s\"\n", + g_printf("\nAuth Data:\n"); + g_printf(" Principal \"%s\" Instance \"%s\" Realm \"%s\"\n", authp->pname, authp->pinst, authp->prealm); - printf(" cksum %d life %d keylen %ld\n", authp->checksum, - authp->life, sizeof(authp->session)); - print_hex("session key", authp->session, sizeof(authp->session)); + g_printf(" cksum %d life %d keylen %ld\n", authp->checksum, + authp->life, SIZEOF(authp->session)); + print_hex("session key", authp->session, SIZEOF(authp->session)); fflush(stdout); } static void -print_credentials(credp) -CREDENTIALS *credp; +print_credentials( + CREDENTIALS *credp) { - printf("\nCredentials:\n"); - printf(" service \"%s\" instance \"%s\" realm \"%s\" life %d kvno %d\n", + g_printf("\nCredentials:\n"); + g_printf(" service \"%s\" instance \"%s\" realm \"%s\" life %d kvno %d\n", credp->service, credp->instance, credp->realm, credp->lifetime, credp->kvno); - print_hex("session key", credp->session, sizeof(credp->session)); + print_hex("session key", credp->session, SIZEOF(credp->session)); print_hex("ticket", credp->ticket_st.dat, credp->ticket_st.length); fflush(stdout); } #endif - -#else -void krb4_security_dummy (void) {} -#endif /* KRB4_SECURITY */