From 3d4bb3be22a631cde5b102db056bce2686d28b43 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 14 Aug 2001 08:30:08 +0000 Subject: fixed picky compiler warnings, unused arguments, const at proper places and I also indented the source code to fit curl "standard" --- lib/krb4.c | 387 ++++++++++++++++++++++++++++++------------------------------- 1 file changed, 192 insertions(+), 195 deletions(-) (limited to 'lib') diff --git a/lib/krb4.c b/lib/krb4.c index 25c452db3..03305de82 100644 --- a/lib/krb4.c +++ b/lib/krb4.c @@ -47,6 +47,10 @@ #include #include +#ifdef HAVE_UNISTD_H +#include /* for getpid() */ +#endif + #include "ftp.h" #include "sendf.h" @@ -105,9 +109,10 @@ size_t strlcpy (char *dst, const char *src, size_t dst_sz); static int krb4_check_prot(void *app_data, int level) { - if(level == prot_confidential) - return -1; - return 0; + app_data = NULL; /* prevent compiler warning */ + if(level == prot_confidential) + return -1; + return 0; } static int @@ -137,7 +142,11 @@ krb4_decode(void *app_data, void *buf, int len, int level, static int krb4_overhead(void *app_data, int level, int len) { - return 31; + /* no arguments are used, just init them to prevent compiler warnings */ + app_data = NULL; + level = 0; + len = 0; + return 31; } static int @@ -249,7 +258,7 @@ struct sec_server_mech krb4_server_mech = { static int mk_auth(struct krb4_data *d, KTEXT adat, - char *service, char *host, int checksum) + const char *service, char *host, int checksum) { int ret; CREDENTIALS cred; @@ -274,110 +283,108 @@ mk_auth(struct krb4_data *d, KTEXT adat, static int krb4_auth(void *app_data, struct connectdata *conn) { - int ret; - char *p; - int len; - KTEXT_ST adat; - MSG_DAT msg_data; - int checksum; - u_int32_t cs; - struct krb4_data *d = app_data; - struct sockaddr_in *localaddr = (struct sockaddr_in *)LOCAL_ADDR; + int ret; + char *p; + int len; + KTEXT_ST adat; + MSG_DAT msg_data; + int checksum; + u_int32_t cs; + struct krb4_data *d = app_data; + struct sockaddr_in *localaddr = (struct sockaddr_in *)LOCAL_ADDR; #if 0 - struct sockaddr_in *remoteaddr = (struct sockaddr_in *)REMOTE_ADDR; + struct sockaddr_in *remoteaddr = (struct sockaddr_in *)REMOTE_ADDR; #endif - char *host = conn->hp->h_name; - size_t nread; - int l = sizeof(local_addr); - - if(getsockname(conn->firstsocket, - (struct sockaddr *)LOCAL_ADDR, &l) < 0) - perror("getsockname()"); - - checksum = getpid(); - ret = mk_auth(d, &adat, "ftp", host, checksum); - if(ret == KDC_PR_UNKNOWN) - ret = mk_auth(d, &adat, "rcmd", host, checksum); - if(ret){ - printf("%s\n", krb_get_err_text(ret)); - return AUTH_CONTINUE; - } - + char *host = conn->hp->h_name; + ssize_t nread; + int l = sizeof(local_addr); + + if(getsockname(conn->firstsocket, + (struct sockaddr *)LOCAL_ADDR, &l) < 0) + perror("getsockname()"); + + checksum = getpid(); + ret = mk_auth(d, &adat, "ftp", host, checksum); + if(ret == KDC_PR_UNKNOWN) + ret = mk_auth(d, &adat, "rcmd", host, checksum); + if(ret) { + printf("%s\n", krb_get_err_text(ret)); + return AUTH_CONTINUE; + } + #ifdef HAVE_KRB_GET_OUR_IP_FOR_REALM - if (krb_get_config_bool("nat_in_use")) { - struct in_addr natAddr; - - if (krb_get_our_ip_for_realm(krb_realmofhost(host), - &natAddr) != KSUCCESS - && krb_get_our_ip_for_realm(NULL, &natAddr) != KSUCCESS) - printf("Can't get address for realm %s\n", - krb_realmofhost(host)); - else { - if (natAddr.s_addr != localaddr->sin_addr.s_addr) { - printf("Using NAT IP address (%s) for kerberos 4\n", - (char *)inet_ntoa(natAddr)); - localaddr->sin_addr = natAddr; - - /* - * This not the best place to do this, but it - * is here we know that (probably) NAT is in - * use! - */ - - /*passivemode = 1;***/ - /*printf("Setting: Passive mode on.\n");***/ - } + if (krb_get_config_bool("nat_in_use")) { + struct in_addr natAddr; + + if (krb_get_our_ip_for_realm(krb_realmofhost(host), + &natAddr) != KSUCCESS + && krb_get_our_ip_for_realm(NULL, &natAddr) != KSUCCESS) + printf("Can't get address for realm %s\n", + krb_realmofhost(host)); + else { + if (natAddr.s_addr != localaddr->sin_addr.s_addr) { + printf("Using NAT IP address (%s) for kerberos 4\n", + (char *)inet_ntoa(natAddr)); + localaddr->sin_addr = natAddr; + + /* + * This not the best place to do this, but it is here we know that + * (probably) NAT is in use! */ + + /*passivemode = 1;***/ + /*printf("Setting: Passive mode on.\n");***/ } } + } #endif - /*printf("Local address is %s\n", inet_ntoa(localaddr->sin_addr));***/ - /*printf("Remote address is %s\n", inet_ntoa(remoteaddr->sin_addr));***/ - - if(Curl_base64_encode(adat.dat, adat.length, &p) < 0) { - printf("Out of memory base64-encoding.\n"); - return AUTH_CONTINUE; - } - /*ret = command("ADAT %s", p)*/ - Curl_ftpsendf(conn->firstsocket, conn, "ADAT %s", p); - /* wait for feedback */ - nread = Curl_GetFTPResponse(conn->firstsocket, - conn->data->buffer, conn, NULL); - if(nread < 0) - return /*CURLE_OPERATION_TIMEOUTED*/-1; - free(p); - - if(/*ret != COMPLETE*/conn->data->buffer[0] != '2'){ - printf("Server didn't accept auth data.\n"); - return AUTH_ERROR; - } - - p = strstr(/*reply_string*/conn->data->buffer, "ADAT="); - if(!p){ - printf("Remote host didn't send adat reply.\n"); - return AUTH_ERROR; - } - p += 5; - len = Curl_base64_decode(p, adat.dat); - if(len < 0){ - printf("Failed to decode base64 from server.\n"); - return AUTH_ERROR; - } - adat.length = len; - ret = krb_rd_safe(adat.dat, adat.length, &d->key, - (struct sockaddr_in *)hisctladdr, - (struct sockaddr_in *)myctladdr, &msg_data); - if(ret){ - printf("Error reading reply from server: %s.\n", - krb_get_err_text(ret)); - return AUTH_ERROR; - } - krb_get_int(msg_data.app_data, &cs, 4, 0); - if(cs - checksum != 1){ - printf("Bad checksum returned from server.\n"); - return AUTH_ERROR; - } - return AUTH_OK; + /*printf("Local address is %s\n", inet_ntoa(localaddr->sin_addr));***/ + /*printf("Remote address is %s\n", inet_ntoa(remoteaddr->sin_addr));***/ + + if(Curl_base64_encode(adat.dat, adat.length, &p) < 0) { + printf("Out of memory base64-encoding.\n"); + return AUTH_CONTINUE; + } + + Curl_ftpsendf(conn->firstsocket, conn, "ADAT %s", p); + + nread = Curl_GetFTPResponse(conn->firstsocket, + conn->data->buffer, conn, NULL); + if(nread < 0) + return /*CURLE_OPERATION_TIMEOUTED*/-1; + free(p); + + if(/*ret != COMPLETE*/conn->data->buffer[0] != '2'){ + printf("Server didn't accept auth data.\n"); + return AUTH_ERROR; + } + + p = strstr(conn->data->buffer, "ADAT="); + if(!p){ + printf("Remote host didn't send adat reply.\n"); + return AUTH_ERROR; + } + p += 5; + len = Curl_base64_decode(p, adat.dat); + if(len < 0){ + printf("Failed to decode base64 from server.\n"); + return AUTH_ERROR; + } + adat.length = len; + ret = krb_rd_safe(adat.dat, adat.length, &d->key, + (struct sockaddr_in *)hisctladdr, + (struct sockaddr_in *)myctladdr, &msg_data); + if(ret){ + printf("Error reading reply from server: %s.\n", + krb_get_err_text(ret)); + return AUTH_ERROR; + } + krb_get_int(msg_data.app_data, &cs, 4, 0); + if(cs - checksum != 1){ + printf("Bad checksum returned from server.\n"); + return AUTH_ERROR; + } + return AUTH_OK; } struct sec_client_mech krb4_client_mech = { @@ -396,105 +403,95 @@ struct sec_client_mech krb4_client_mech = { void krb_kauth(struct connectdata *conn) { - des_cblock key; - des_key_schedule schedule; - KTEXT_ST tkt, tktcopy; - char *name; - char *p; - char passwd[100]; - int tmp; - size_t nread; + des_cblock key; + des_key_schedule schedule; + KTEXT_ST tkt, tktcopy; + char *name; + char *p; + char passwd[100]; + int tmp; + ssize_t nread; - int save; - - save = set_command_prot(conn, prot_private); - /*ret = command("SITE KAUTH %s", name);***/ - Curl_ftpsendf(conn->firstsocket, conn, - "SITE KAUTH %s", conn->data->user); - /* wait for feedback */ - nread = Curl_GetFTPResponse(conn->firstsocket, conn->data->buffer, - conn, NULL); - if(nread < 0) - return /*CURLE_OPERATION_TIMEOUTED*/; - - if(/*ret != CONTINUE*/conn->data->buffer[0] != '3'){ - set_command_prot(conn, save); - /*code = -1;***/ - return; - } - p = strstr(/*reply_string***/conn->data->buffer, "T="); - if(!p){ - printf("Bad reply from server.\n"); - set_command_prot(conn, save); - /*code = -1;***/ - return; - } - p += 2; - tmp = Curl_base64_decode(p, &tkt.dat); - if(tmp < 0){ - printf("Failed to decode base64 in reply.\n"); - set_command_prot(conn, save); - /*code = -1;***/ - return; - } - tkt.length = tmp; - tktcopy.length = tkt.length; - - p = strstr(/*reply_string***/conn->data->buffer, "P="); - if(!p){ - printf("Bad reply from server.\n"); - set_command_prot(conn, save); - /*code = -1;***/ - return; - } - name = p + 2; - for(; *p && *p != ' ' && *p != '\r' && *p != '\n'; p++); - *p = 0; + int save; -#if 0 - snprintf(buf, sizeof(buf), "Password for %s:", name); - if (des_read_pw_string (passwd, sizeof(passwd)-1, buf, 0)) - *passwd = '\0'; - des_string_to_key (passwd, &key); -#else - des_string_to_key (conn->data->passwd, &key); -#endif + save = set_command_prot(conn, prot_private); + + Curl_ftpsendf(conn->firstsocket, conn, + "SITE KAUTH %s", conn->data->user); + + nread = Curl_GetFTPResponse(conn->firstsocket, conn->data->buffer, + conn, NULL); + if(nread < 0) + return /*CURLE_OPERATION_TIMEOUTED*/; - des_key_sched(&key, schedule); + if(/*ret != CONTINUE*/conn->data->buffer[0] != '3'){ + set_command_prot(conn, save); + /*code = -1;***/ + return; + } + + p = strstr(conn->data->buffer, "T="); + if(!p) { + printf("Bad reply from server.\n"); + set_command_prot(conn, save); + return; + } + + p += 2; + tmp = Curl_base64_decode(p, &tkt.dat); + if(tmp < 0) { + printf("Failed to decode base64 in reply.\n"); + set_command_prot(conn, save); + return; + } + tkt.length = tmp; + tktcopy.length = tkt.length; + p = strstr(conn->data->buffer, "P="); + if(!p) { + printf("Bad reply from server.\n"); + set_command_prot(conn, save); + return; + } + name = p + 2; + for(; *p && *p != ' ' && *p != '\r' && *p != '\n'; p++); + *p = 0; + + des_string_to_key (conn->data->passwd, &key); + des_key_sched(&key, schedule); + + des_pcbc_encrypt((des_cblock*)tkt.dat, (des_cblock*)tktcopy.dat, + tkt.length, + schedule, &key, DES_DECRYPT); + if (strcmp ((char*)tktcopy.dat + 8, + KRB_TICKET_GRANTING_TICKET) != 0) { + afs_string_to_key (passwd, + krb_realmofhost(/*hostname*/conn->hp->h_name), + &key); + des_key_sched (&key, schedule); des_pcbc_encrypt((des_cblock*)tkt.dat, (des_cblock*)tktcopy.dat, - tkt.length, - schedule, &key, DES_DECRYPT); - if (strcmp ((char*)tktcopy.dat + 8, - KRB_TICKET_GRANTING_TICKET) != 0) { - afs_string_to_key (passwd, - krb_realmofhost(/*hostname***/conn->hp->h_name), - &key); - des_key_sched (&key, schedule); - des_pcbc_encrypt((des_cblock*)tkt.dat, (des_cblock*)tktcopy.dat, - tkt.length, - schedule, &key, DES_DECRYPT); - } - memset(key, 0, sizeof(key)); - memset(schedule, 0, sizeof(schedule)); - memset(passwd, 0, sizeof(passwd)); - if(Curl_base64_encode(tktcopy.dat, tktcopy.length, &p) < 0) { - failf(conn->data, "Out of memory base64-encoding.\n"); - set_command_prot(conn, save); - /*code = -1;***/ - return; - } - memset (tktcopy.dat, 0, tktcopy.length); - /*ret = command("SITE KAUTH %s %s", name, p);***/ - Curl_ftpsendf(conn->firstsocket, conn, - "SITE KAUTH %s %s", name, p); - /* wait for feedback */ - nread = Curl_GetFTPResponse(conn->firstsocket, conn->data->buffer, - conn, NULL); - if(nread < 0) - return /*CURLE_OPERATION_TIMEOUTED*/; - free(p); + tkt.length, + schedule, &key, DES_DECRYPT); + } + memset(key, 0, sizeof(key)); + memset(schedule, 0, sizeof(schedule)); + memset(passwd, 0, sizeof(passwd)); + if(Curl_base64_encode(tktcopy.dat, tktcopy.length, &p) < 0) { + failf(conn->data, "Out of memory base64-encoding.\n"); set_command_prot(conn, save); + return; + } + memset (tktcopy.dat, 0, tktcopy.length); + + Curl_ftpsendf(conn->firstsocket, conn, + "SITE KAUTH %s %s", name, p); + + nread = Curl_GetFTPResponse(conn->firstsocket, conn->data->buffer, + conn, NULL); + if(nread < 0) + return /*CURLE_OPERATION_TIMEOUTED*/; + free(p); + set_command_prot(conn, save); } #endif /* KRB4 */ -- cgit v1.2.3