From kenh@cmf.nrl.navy.mil Tue Nov 12 17:42:24 1996
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id RAA28612 for <bugs@RT-11.MIT.EDU>; Tue, 12 Nov 1996 17:42:24 -0500
Received: from ginger.cmf.nrl.navy.mil by MIT.EDU with SMTP
id AA15082; Tue, 12 Nov 96 17:42:21 EST
Received: from elvis.cmf.nrl.navy.mil (kenh@elvis.cmf.nrl.navy.mil [134.207.10.38]) by ginger.cmf.nrl.navy.mil (8.7.5/8.7.3) with ESMTP id RAA20532 for <krb5-bugs@mit.edu>; Tue, 12 Nov 1996 17:42:21 -0500 (EST)
Received: (kenh@localhost) by elvis.cmf.nrl.navy.mil (8.6.12/8.6.11) id RAA09828; Tue, 12 Nov 1996 17:42:10 -0500
Message-Id: <199611122242.RAA09828@elvis.cmf.nrl.navy.mil>
Date: Tue, 12 Nov 1996 17:42:10 -0500
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Reply-To: kenh@cmf.nrl.navy.mil
To: krb5-bugs@MIT.EDU
Subject: popper can't handle V4 clients
X-Send-Pr-Version: 3.2
System: SunOS elvis 4.1.3_U1 13 sun4m
Architecture: sun4
The V5 popper included with Kerberos V5 doesn't know how to deal with V4
POP clients. This is unfortunate, since there are many V4 POP clients
that will be slow to be upgraded (like Eudora).
The following patch adds functionality to the V5 popper by using the
krb5_compat_recvauth() function much the same way that kshd and klogind
do. It does the right thing no matter if you use a V5 POP client or a V4
POP client. I'm not sure if the autoconf stuff is 100% right, but it works
for me.
--- appl/popper/configure.in.orig Tue Nov 12 15:54:10 1996
+++ appl/popper/configure.in Tue Nov 12 17:16:48 1996
@@ -11,6 +11,8 @@
AC_HEADER_CHECK(paths.h,AC_DEFINE(HAS_PATHS_H))
USE_ANAME
+USE_KRB4_LIBRARY
+USE_KRB5UTIL_LIBRARY
KRB5_LIBRARIES
V5_USE_SHARED_LIB
V5_AC_OUTPUT_MAKEFILE
--- appl/popper/pop_init.c.orig Tue Nov 12 13:45:43 1996
+++ appl/popper/pop_init.c Tue Nov 12 17:14:57 1996
@@ -25,9 +25,12 @@
#include "krb5.h"
#include "com_err.h"
#include <ctype.h>
+#include <kerberosIV/krb.h>
krb5_principal ext_client;
krb5_context pop_context;
char *client_name;
+#define KRB5_RECVAUTH_V4 4 /* V4 recvauth */
+#define KRB5_RECVAUTH_V5 5 /* V5 recvauth */
#endif /* KRB5 */
#endif /* KERBEROS */
@@ -291,6 +294,11 @@
krb5_error_code retval;
krb5_principal server;
krb5_ticket *ticket;
+ char v4_instance[INST_SZ]; /* V4 instance */
+ char v4_version[9]; /* V4 version */
+ char krb_vers[KRB_SENDAUTH_VLEN + 1]; /* Version from sendauth */
+ AUTH_DAT *v4_kdata; /* Authorization data */
+ krb5_int32 auth_sys = 0;
int sock = 0;
krb5_init_context(&pop_context);
@@ -306,28 +314,84 @@
exit(-1);
}
- if (retval = krb5_recvauth(pop_context, &auth_context, (krb5_pointer)&sock,
- "KPOPV1.0", server,
- 0, /* no flags */
- NULL, /* default keytab */
- &ticket /* need ticket for client name */
- )) {
+ /*
+ * Since the instance gets filled in, we need to have room for it
+ */
+
+ strcpy(v4_instance, "*");
+
+ /*
+ * Note that here we're using krb5_compat_recvauth so we can handle
+ * _both_ V5 and V4 pop services.
+ */
+
+ if (retval = krb5_compat_recvauth(pop_context, &auth_context,
+ (krb5_pointer)&sock,
+ "KPOPV1.0", server,
+ 0, /* no flags */
+ NULL, /* default keytab */
+ 0, /* V4 options */
+ "pop", /* V4 service */
+ v4_instance, /* V4 instance */
+ addr, /* Remote address */
+ NULL, /* Local address (unused) */
+ "", /* Use default srvtab */
+ &ticket, /* V5 ticket for client name */
+ &auth_sys, /* Authentication type */
+ &v4_kdata, /* V4 kerberos data */
+ NULL, /* Key schedule (unused */
+ &v4_version /* V4 version */
+ )) {
pop_msg(p, POP_FAILURE, "recvauth failed--%s", error_message(retval));
pop_log(p, POP_WARNING, "%s: recvauth failed--%s",
p->client, error_message(retval));
exit(-1);
}
+
krb5_free_principal(pop_context, server);
- krb5_auth_con_free(pop_context, auth_context);
- if (retval = krb5_copy_principal(pop_context, ticket->enc_part2->client,
- &ext_client)) {
- pop_msg(p, POP_FAILURE, "unable to copy principal--%s",
- error_message(retval));
- pop_msg(p, POP_FAILURE, "unable to copy principal (%s)",
+
+#ifdef KRB5_KRB4_COMPAT
+
+ /*
+ * Handle the case if we were talking to a V4 sendauth
+ */
+
+ if (auth_sys == KRB5_RECVAUTH_V4) {
+
+ if (retval = krb5_425_conv_principal(pop_context, v4_kdata->pname,
+ v4_kdata->pinst, v4_kdata->prealm,
+ &ext_client)) {
+ pop_msg(p, POP_FAILURE, "unable to convert V4 principal to V5--%s",
+ error_message(retval));
+ pop_log(p, POP_DEBUG, "unable to convert V4 principal (%s)",
+ inet_ntoa(addr->sin_addr));
+ exit(-1);
+ }
+ } else
+#endif /* KRB5_KRB4_COMPAT */
+ if (auth_sys == KRB5_RECVAUTH_V5) {
+
+
+ krb5_auth_con_free(pop_context, auth_context);
+
+ if (retval = krb5_copy_principal(pop_context, ticket->enc_part2->client,
+ &ext_client)) {
+ pop_msg(p, POP_FAILURE, "unable to copy principal--%s",
+ error_message(retval));
+ pop_log(p, POP_DEBUG, "unable to copy principal (%s)",
+ inet_ntoa(addr->sin_addr));
+ exit(-1);
+ }
+
+ krb5_free_ticket(pop_context, ticket);
+
+ } else {
+ pop_msg(p, POP_FAILURE, "unknown authentication type--%d", auth_sys);
+ pop_log(p, POP_DEBUG, "unknown authentication type (%s)",
inet_ntoa(addr->sin_addr));
exit(-1);
}
- krb5_free_ticket(pop_context, ticket);
+
if (retval = krb5_unparse_name(pop_context, ext_client, &client_name)) {
pop_msg(p, POP_FAILURE, "name not parsable--%s",
error_message(retval));
State-Changed-From-To: open-closed
State-Changed-By: hartmans
State-Changed-When: Wed Apr 10 16:09:26 2002
State-Changed-Why:
We don't ship a pop server in the more.
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id RAA28612 for <bugs@RT-11.MIT.EDU>; Tue, 12 Nov 1996 17:42:24 -0500
Received: from ginger.cmf.nrl.navy.mil by MIT.EDU with SMTP
id AA15082; Tue, 12 Nov 96 17:42:21 EST
Received: from elvis.cmf.nrl.navy.mil (kenh@elvis.cmf.nrl.navy.mil [134.207.10.38]) by ginger.cmf.nrl.navy.mil (8.7.5/8.7.3) with ESMTP id RAA20532 for <krb5-bugs@mit.edu>; Tue, 12 Nov 1996 17:42:21 -0500 (EST)
Received: (kenh@localhost) by elvis.cmf.nrl.navy.mil (8.6.12/8.6.11) id RAA09828; Tue, 12 Nov 1996 17:42:10 -0500
Message-Id: <199611122242.RAA09828@elvis.cmf.nrl.navy.mil>
Date: Tue, 12 Nov 1996 17:42:10 -0500
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Reply-To: kenh@cmf.nrl.navy.mil
To: krb5-bugs@MIT.EDU
Subject: popper can't handle V4 clients
X-Send-Pr-Version: 3.2
Show quoted text
>Number: 181
>Category: krb5-appl
>Synopsis: popper doesn't know about V4 clients
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: krb5-unassigned
>State: closed
>Class: change-request
>Submitter-Id: unknown
>Arrival-Date: Tue Nov 12 17:43:00 EST 1996
>Last-Modified: Wed Apr 10 16:09:36 EDT 2002
>Originator: Ken Hornstein
>Organization:
Naval Research Lab>Category: krb5-appl
>Synopsis: popper doesn't know about V4 clients
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: krb5-unassigned
>State: closed
>Class: change-request
>Submitter-Id: unknown
>Arrival-Date: Tue Nov 12 17:43:00 EST 1996
>Last-Modified: Wed Apr 10 16:09:36 EDT 2002
>Originator: Ken Hornstein
>Organization:
Show quoted text
>Release: beta-7
>Environment:
>Environment:
System: SunOS elvis 4.1.3_U1 13 sun4m
Architecture: sun4
Show quoted text
>Description:
The V5 popper included with Kerberos V5 doesn't know how to deal with V4
POP clients. This is unfortunate, since there are many V4 POP clients
that will be slow to be upgraded (like Eudora).
Show quoted text
>How-To-Repeat:
Try to use Eudora on a Mac or PC with the V5 popper.Show quoted text
>Fix:
The following patch adds functionality to the V5 popper by using the
krb5_compat_recvauth() function much the same way that kshd and klogind
do. It does the right thing no matter if you use a V5 POP client or a V4
POP client. I'm not sure if the autoconf stuff is 100% right, but it works
for me.
--- appl/popper/configure.in.orig Tue Nov 12 15:54:10 1996
+++ appl/popper/configure.in Tue Nov 12 17:16:48 1996
@@ -11,6 +11,8 @@
AC_HEADER_CHECK(paths.h,AC_DEFINE(HAS_PATHS_H))
USE_ANAME
+USE_KRB4_LIBRARY
+USE_KRB5UTIL_LIBRARY
KRB5_LIBRARIES
V5_USE_SHARED_LIB
V5_AC_OUTPUT_MAKEFILE
--- appl/popper/pop_init.c.orig Tue Nov 12 13:45:43 1996
+++ appl/popper/pop_init.c Tue Nov 12 17:14:57 1996
@@ -25,9 +25,12 @@
#include "krb5.h"
#include "com_err.h"
#include <ctype.h>
+#include <kerberosIV/krb.h>
krb5_principal ext_client;
krb5_context pop_context;
char *client_name;
+#define KRB5_RECVAUTH_V4 4 /* V4 recvauth */
+#define KRB5_RECVAUTH_V5 5 /* V5 recvauth */
#endif /* KRB5 */
#endif /* KERBEROS */
@@ -291,6 +294,11 @@
krb5_error_code retval;
krb5_principal server;
krb5_ticket *ticket;
+ char v4_instance[INST_SZ]; /* V4 instance */
+ char v4_version[9]; /* V4 version */
+ char krb_vers[KRB_SENDAUTH_VLEN + 1]; /* Version from sendauth */
+ AUTH_DAT *v4_kdata; /* Authorization data */
+ krb5_int32 auth_sys = 0;
int sock = 0;
krb5_init_context(&pop_context);
@@ -306,28 +314,84 @@
exit(-1);
}
- if (retval = krb5_recvauth(pop_context, &auth_context, (krb5_pointer)&sock,
- "KPOPV1.0", server,
- 0, /* no flags */
- NULL, /* default keytab */
- &ticket /* need ticket for client name */
- )) {
+ /*
+ * Since the instance gets filled in, we need to have room for it
+ */
+
+ strcpy(v4_instance, "*");
+
+ /*
+ * Note that here we're using krb5_compat_recvauth so we can handle
+ * _both_ V5 and V4 pop services.
+ */
+
+ if (retval = krb5_compat_recvauth(pop_context, &auth_context,
+ (krb5_pointer)&sock,
+ "KPOPV1.0", server,
+ 0, /* no flags */
+ NULL, /* default keytab */
+ 0, /* V4 options */
+ "pop", /* V4 service */
+ v4_instance, /* V4 instance */
+ addr, /* Remote address */
+ NULL, /* Local address (unused) */
+ "", /* Use default srvtab */
+ &ticket, /* V5 ticket for client name */
+ &auth_sys, /* Authentication type */
+ &v4_kdata, /* V4 kerberos data */
+ NULL, /* Key schedule (unused */
+ &v4_version /* V4 version */
+ )) {
pop_msg(p, POP_FAILURE, "recvauth failed--%s", error_message(retval));
pop_log(p, POP_WARNING, "%s: recvauth failed--%s",
p->client, error_message(retval));
exit(-1);
}
+
krb5_free_principal(pop_context, server);
- krb5_auth_con_free(pop_context, auth_context);
- if (retval = krb5_copy_principal(pop_context, ticket->enc_part2->client,
- &ext_client)) {
- pop_msg(p, POP_FAILURE, "unable to copy principal--%s",
- error_message(retval));
- pop_msg(p, POP_FAILURE, "unable to copy principal (%s)",
+
+#ifdef KRB5_KRB4_COMPAT
+
+ /*
+ * Handle the case if we were talking to a V4 sendauth
+ */
+
+ if (auth_sys == KRB5_RECVAUTH_V4) {
+
+ if (retval = krb5_425_conv_principal(pop_context, v4_kdata->pname,
+ v4_kdata->pinst, v4_kdata->prealm,
+ &ext_client)) {
+ pop_msg(p, POP_FAILURE, "unable to convert V4 principal to V5--%s",
+ error_message(retval));
+ pop_log(p, POP_DEBUG, "unable to convert V4 principal (%s)",
+ inet_ntoa(addr->sin_addr));
+ exit(-1);
+ }
+ } else
+#endif /* KRB5_KRB4_COMPAT */
+ if (auth_sys == KRB5_RECVAUTH_V5) {
+
+
+ krb5_auth_con_free(pop_context, auth_context);
+
+ if (retval = krb5_copy_principal(pop_context, ticket->enc_part2->client,
+ &ext_client)) {
+ pop_msg(p, POP_FAILURE, "unable to copy principal--%s",
+ error_message(retval));
+ pop_log(p, POP_DEBUG, "unable to copy principal (%s)",
+ inet_ntoa(addr->sin_addr));
+ exit(-1);
+ }
+
+ krb5_free_ticket(pop_context, ticket);
+
+ } else {
+ pop_msg(p, POP_FAILURE, "unknown authentication type--%d", auth_sys);
+ pop_log(p, POP_DEBUG, "unknown authentication type (%s)",
inet_ntoa(addr->sin_addr));
exit(-1);
}
- krb5_free_ticket(pop_context, ticket);
+
if (retval = krb5_unparse_name(pop_context, ext_client, &client_name)) {
pop_msg(p, POP_FAILURE, "name not parsable--%s",
error_message(retval));
Show quoted text
>Audit-Trail:
State-Changed-From-To: open-closed
State-Changed-By: hartmans
State-Changed-When: Wed Apr 10 16:09:26 2002
State-Changed-Why:
We don't ship a pop server in the more.
Show quoted text
>Unformatted: