$NetBSD: patch-bk,v 1.1 2008/06/07 23:58:11 tonnerre Exp $

--- kdc/kerberos_v4.c.orig	2004-07-24 02:40:18.000000000 +0200
+++ kdc/kerberos_v4.c
@@ -86,11 +86,6 @@ extern int krbONE;
 #define		MSB_FIRST		0	/* 68000, IBM RT/PC */
 #define		LSB_FIRST		1	/* Vax, PC8086 */
 
-int     f;
-
-/* XXX several files in libkdb know about this */
-char *progname;
-
 #ifndef BACKWARD_COMPAT
 static Key_schedule master_key_schedule;
 static C_Block master_key;
@@ -142,10 +137,8 @@ static void hang(void);
 #include "com_err.h"
 #include "extern.h"		/* to pick up master_princ */
 
-static krb5_data *response;
-
-void kerberos_v4 (struct sockaddr_in *, KTEXT);
-void kerb_err_reply (struct sockaddr_in *, KTEXT, long, char *);
+static krb5_data *kerberos_v4 (struct sockaddr_in *, KTEXT);
+static krb5_data *kerb_err_reply (struct sockaddr_in *, KTEXT, long, char *);
 static int set_tgtkey (char *, krb5_kvno, krb5_boolean);
 
 /* Attributes converted from V5 to V4 - internal representation */
@@ -261,12 +254,12 @@ process_v4(const krb5_data *pkt, const k
 	    (void) klog(L_KRB_PERR, "V4 request too long.");
 	    return KRB5KRB_ERR_FIELD_TOOLONG;
     }
+    memset( &v4_pkt, 0, sizeof(v4_pkt));
     v4_pkt.length = pkt->length;
     v4_pkt.mbz = 0;
     memcpy( v4_pkt.dat, pkt->data, pkt->length);
 
-    kerberos_v4( &client_sockaddr, &v4_pkt);
-    *resp = response;
+    *resp = kerberos_v4( &client_sockaddr, &v4_pkt);
     return(retval);
 }
 
@@ -299,19 +292,20 @@ char * v4_klog( int type, const char *fo
 }
 
 static
-int krb4_sendto(int s, const char *msg, int len, int flags,
-		const struct sockaddr *to, int to_len)
+krb5_data *make_response(const char *msg, int len)
 {
+    krb5_data *response;
+
     if (  !(response = (krb5_data *) malloc( sizeof *response))) {
-	return ENOMEM;
+	return 0;
     }
     if ( !(response->data = (char *) malloc( len))) {
 	krb5_free_data(kdc_context,  response);
-	return ENOMEM;
+	return 0;
     }
     response->length = len;
     memcpy( response->data, msg, len);
-    return( 0);
+    return response;
 }
 static void
 hang(void)
@@ -590,7 +584,7 @@ static void str_length_check(char *str, 
 	*cp = 0;
 }
 
-void
+static krb5_data *
 kerberos_v4(struct sockaddr_in *client, KTEXT pkt)
 {
     static KTEXT_ST rpkt_st;
@@ -603,7 +597,7 @@ kerberos_v4(struct sockaddr_in *client, 
     KTEXT   auth = &auth_st;
     AUTH_DAT ad_st;
     AUTH_DAT *ad = &ad_st;
-
+    krb5_data *response = 0;
 
     static struct in_addr client_host;
     static int msg_byte_order;
@@ -641,8 +635,7 @@ kerberos_v4(struct sockaddr_in *client, 
 		  inet_ntoa(client_host));
 	/* send an error reply */
 	req_name_ptr = req_inst_ptr = req_realm_ptr = "";
-	kerb_err_reply(client, pkt, KERB_ERR_PKT_VER, lt);
-	return;
+	return kerb_err_reply(client, pkt, KERB_ERR_PKT_VER, lt);
     }
 
     /* check packet version */
@@ -652,8 +645,7 @@ kerberos_v4(struct sockaddr_in *client, 
 		  KRB_PROT_VERSION, req_version, 0);
 	/* send an error reply */
 	req_name_ptr = req_inst_ptr = req_realm_ptr = "";
-	kerb_err_reply(client, pkt, KERB_ERR_PKT_VER, lt);
-	return;
+	return kerb_err_reply(client, pkt, KERB_ERR_PKT_VER, lt);
     }
     msg_byte_order = req_msg_type & 1;
 
@@ -711,10 +703,10 @@ kerberos_v4(struct sockaddr_in *client, 
 
 	    if ((i = check_princ(req_name_ptr, req_inst_ptr, 0,
 				 &a_name_data, &k5key, 0, &ck5life))) {
-		kerb_err_reply(client, pkt, i, "check_princ failed");
+		response = kerb_err_reply(client, pkt, i, "check_princ failed");
 		a_name_data.key_low = a_name_data.key_high = 0;
 		krb5_free_keyblock_contents(kdc_context, &k5key);
-		return;
+		return response;
 	    }
 	    /* don't use k5key for client */
 	    krb5_free_keyblock_contents(kdc_context, &k5key);
@@ -726,11 +718,11 @@ kerberos_v4(struct sockaddr_in *client, 
 	    /* this does all the checking */
 	    if ((i = check_princ(service, instance, lifetime,
 				 &s_name_data, &k5key, 1, &sk5life))) {
-		kerb_err_reply(client, pkt, i, "check_princ failed");
+		response = kerb_err_reply(client, pkt, i, "check_princ failed");
 		a_name_data.key_high = a_name_data.key_low = 0;
 		s_name_data.key_high = s_name_data.key_low = 0;
 		krb5_free_keyblock_contents(kdc_context, &k5key);
-		return;
+		return response;
 	    }
 	    /* Bound requested lifetime with service and user */
 	    v4req_end = krb_life_to_time(kerb_time.tv_sec, req_life);
@@ -801,8 +793,7 @@ kerberos_v4(struct sockaddr_in *client, 
 	    rpkt = create_auth_reply(req_name_ptr, req_inst_ptr,
 		req_realm_ptr, req_time_ws, 0, a_name_data.exp_date,
 		a_name_data.key_version, ciph);
-	    krb4_sendto(f, (char *) rpkt->dat, rpkt->length, 0,
-		   (struct sockaddr *) client, S_AD_SZ);
+	    response  = make_response((char *) rpkt->dat, rpkt->length);
 	    memset(&a_name_data, 0, sizeof(a_name_data));
 	    memset(&s_name_data, 0, sizeof(s_name_data));
 	    break;
@@ -828,9 +819,8 @@ kerberos_v4(struct sockaddr_in *client, 
 		lt = klog(L_KRB_PERR,
 			  "APPL request with realm length too long from %s",
 			  inet_ntoa(client_host));
-		kerb_err_reply(client, pkt, RD_AP_INCON,
-			       "realm length too long");
-		return;
+		return kerb_err_reply(client, pkt, RD_AP_INCON,
+				      "realm length too long");
 	    }
 
 	    auth->length += (int) *(pkt->dat + auth->length) +
@@ -839,9 +829,8 @@ kerberos_v4(struct sockaddr_in *client, 
 		lt = klog(L_KRB_PERR,
 			  "APPL request with funky tkt or req_id length from %s",
 			  inet_ntoa(client_host));
-		kerb_err_reply(client, pkt, RD_AP_INCON,
-			       "funky tkt or req_id length");
-		return;
+		return kerb_err_reply(client, pkt, RD_AP_INCON,
+				      "funky tkt or req_id length");
 	    }
 
 	    memcpy(auth->dat, pkt->dat, auth->length);
@@ -852,18 +841,16 @@ kerberos_v4(struct sockaddr_in *client, 
 	    if ((!allow_v4_crossrealm)&&strcmp(tktrlm, local_realm) != 0) {
 	      lt = klog(L_ERR_UNK,
 			"Cross realm ticket from %s denied by policy,", tktrlm);
-	      kerb_err_reply(client, pkt,
-			       KERB_ERR_PRINCIPAL_UNKNOWN, lt);
-		return;
+	      return kerb_err_reply(client, pkt,
+				    KERB_ERR_PRINCIPAL_UNKNOWN, lt);
 	    }
 	    if (set_tgtkey(tktrlm, kvno, 0)) {
-	      lt = klog(L_ERR_UNK,
+		lt = klog(L_ERR_UNK,
 			  "FAILED set_tgtkey realm %s, kvno %d. Host: %s ",
 			  tktrlm, kvno, inet_ntoa(client_host));
 		/* no better error code */
-		kerb_err_reply(client, pkt,
-			       KERB_ERR_PRINCIPAL_UNKNOWN, lt);
-		return;
+		return kerb_err_reply(client, pkt,
+				      KERB_ERR_PRINCIPAL_UNKNOWN, lt);
 	    }
 	    kerno = krb_rd_req(auth, "krbtgt", tktrlm, client_host.s_addr,
 		ad, 0);
@@ -873,9 +860,8 @@ kerberos_v4(struct sockaddr_in *client, 
 			      "FAILED 3des set_tgtkey realm %s, kvno %d. Host: %s ",
 			      tktrlm, kvno, inet_ntoa(client_host));
 		    /* no better error code */
-		    kerb_err_reply(client, pkt,
-				   KERB_ERR_PRINCIPAL_UNKNOWN, lt);
-		    return;
+		    return kerb_err_reply(client, pkt,
+					  KERB_ERR_PRINCIPAL_UNKNOWN, lt);
 		}
 		kerno = krb_rd_req(auth, "krbtgt", tktrlm, client_host.s_addr,
 				   ad, 0);
@@ -885,8 +871,7 @@ kerberos_v4(struct sockaddr_in *client, 
 		klog(L_ERR_UNK, "FAILED krb_rd_req from %s: %s",
 		     inet_ntoa(client_host), krb_get_err_text(kerno));
 		req_name_ptr = req_inst_ptr = req_realm_ptr = "";
-		kerb_err_reply(client, pkt, kerno, "krb_rd_req failed");
-		return;
+		return kerb_err_reply(client, pkt, kerno, "krb_rd_req failed");
 	    }
 	    ptr = (char *) pkt->dat + auth->length;
 
@@ -908,22 +893,20 @@ kerberos_v4(struct sockaddr_in *client, 
 	    req_realm_ptr = ad->prealm;
 
 	    if (strcmp(ad->prealm, tktrlm)) {
-		kerb_err_reply(client, pkt, KERB_ERR_PRINCIPAL_UNKNOWN,
-		     "Can't hop realms");
-		return;
+		return kerb_err_reply(client, pkt, KERB_ERR_PRINCIPAL_UNKNOWN,
+				      "Can't hop realms");
 	    }
 	    if (!strcmp(service, "changepw")) {
-		kerb_err_reply(client, pkt, KERB_ERR_PRINCIPAL_UNKNOWN,
-		     "Can't authorize password changed based on TGT");
-		return;
+		return kerb_err_reply(client, pkt, KERB_ERR_PRINCIPAL_UNKNOWN,
+				      "Can't authorize password changed based on TGT");
 	    }
 	    kerno = check_princ(service, instance, req_life,
 				&s_name_data, &k5key, 1, &sk5life);
 	    if (kerno) {
-		kerb_err_reply(client, pkt, kerno, "check_princ failed");
+		response = kerb_err_reply(client, pkt, kerno, "check_princ failed");
 		s_name_data.key_high = s_name_data.key_low = 0;
 		krb5_free_keyblock_contents(kdc_context, &k5key);
-		return;
+		return response;
 	    }
 	    /* Bound requested lifetime with service and user */
 	    v4endtime = krb_life_to_time((KRB4_32)ad->time_sec, ad->life);
@@ -979,8 +962,7 @@ kerberos_v4(struct sockaddr_in *client, 
 	    rpkt = create_auth_reply(ad->pname, ad->pinst,
 				     ad->prealm, time_ws,
 				     0, 0, 0, ciph);
-	    krb4_sendto(f, (char *) rpkt->dat, rpkt->length, 0,
-		   (struct sockaddr *) client, S_AD_SZ);
+	    response = make_response((char *) rpkt->dat, rpkt->length);
 	    memset(&s_name_data, 0, sizeof(s_name_data));
 	    break;
 	}
@@ -1005,6 +987,8 @@ kerberos_v4(struct sockaddr_in *client, 
 	    break;
 	}
     }
+
+    return response;
 }
 
 
@@ -1014,7 +998,7 @@ kerberos_v4(struct sockaddr_in *client, 
  * client. 
  */
 
-void
+static krb5_data *
 kerb_err_reply(struct sockaddr_in *client, KTEXT pkt, long int err, char *string)
 {
     static KTEXT_ST e_pkt_st;
@@ -1025,9 +1009,7 @@ kerb_err_reply(struct sockaddr_in *clien
     strncat(e_msg, string, sizeof(e_msg) - 1 - 19);
     cr_err_reply(e_pkt, req_name_ptr, req_inst_ptr, req_realm_ptr,
 		 req_time_ws, err, e_msg);
-    krb4_sendto(f, (char *) e_pkt->dat, e_pkt->length, 0,
-	   (struct sockaddr *) client, S_AD_SZ);
-
+    return make_response((char *) e_pkt->dat, e_pkt->length);
 }
 
 static int
