diff options
| author | assar <assar@FreeBSD.org> | 2001-06-21 02:12:07 +0000 |
|---|---|---|
| committer | assar <assar@FreeBSD.org> | 2001-06-21 02:12:07 +0000 |
| commit | 7281f9682138be213c08fe4674685b925aef5ead (patch) | |
| tree | 8db65324ee035fc0568492b88eec17f660241fd0 /crypto/heimdal/lib/krb5 | |
| parent | 869b11442ded05e5e48acc47ea0896d83d8ea198 (diff) | |
| parent | 0c8fa354358381b3f1b92598e7f1b46f8cf744cc (diff) | |
| download | FreeBSD-src-7281f9682138be213c08fe4674685b925aef5ead.zip FreeBSD-src-7281f9682138be213c08fe4674685b925aef5ead.tar.gz | |
This commit was generated by cvs2svn to compensate for changes in r78527,
which included commits to RCS files with non-trunk default branches.
Diffstat (limited to 'crypto/heimdal/lib/krb5')
96 files changed, 3123 insertions, 1009 deletions
diff --git a/crypto/heimdal/lib/krb5/Makefile.am b/crypto/heimdal/lib/krb5/Makefile.am index 395f29d..bc3dd6e 100644 --- a/crypto/heimdal/lib/krb5/Makefile.am +++ b/crypto/heimdal/lib/krb5/Makefile.am @@ -1,4 +1,4 @@ -# $Id: Makefile.am,v 1.119 2001/01/30 01:50:52 assar Exp $ +# $Id: Makefile.am,v 1.125 2001/05/16 23:51:50 assar Exp $ include $(top_srcdir)/Makefile.am.common @@ -6,8 +6,8 @@ bin_PROGRAMS = verify_krb5_conf noinst_PROGRAMS = dump_config test_get_addrs -check_PROGRAMS = n-fold-test string-to-key-test -TESTS = n-fold-test string-to-key-test +check_PROGRAMS = n-fold-test string-to-key-test derived-key-test store-test +TESTS = n-fold-test string-to-key-test derived-key-test store-test LDADD = libkrb5.la \ $(LIB_des) \ @@ -24,102 +24,104 @@ lib_LTLIBRARIES = libkrb5.la ERR_FILES = krb5_err.c heim_err.c -libkrb5_la_SOURCES = \ - acl.c \ - add_et_list.c \ - addr_families.c \ - address.c \ - aname_to_localname.c \ - appdefault.c \ - asn1_glue.c \ - auth_context.c \ - build_ap_req.c \ - build_auth.c \ - cache.c \ - changepw.c \ - codec.c \ - config_file.c \ - config_file_netinfo.c \ - convert_creds.c \ - constants.c \ - context.c \ - copy_host_realm.c \ - crc.c \ - creds.c \ - crypto.c \ - data.c \ - eai_to_heim_errno.c \ - expand_hostname.c \ - fcache.c \ - free.c \ - free_host_realm.c \ - generate_seq_number.c \ - generate_subkey.c \ - get_addrs.c \ - get_cred.c \ - get_default_principal.c \ - get_default_realm.c \ - get_for_creds.c \ - get_host_realm.c \ - get_in_tkt.c \ - get_in_tkt_pw.c \ - get_in_tkt_with_keytab.c \ - get_in_tkt_with_skey.c \ - get_port.c \ - init_creds.c \ - init_creds_pw.c \ - keyblock.c \ - keytab.c \ - keytab_file.c \ - keytab_memory.c \ - keytab_keyfile.c \ - keytab_krb4.c \ - krbhst.c \ - kuserok.c \ - log.c \ - mcache.c \ - misc.c \ - mk_error.c \ - mk_priv.c \ - mk_rep.c \ - mk_req.c \ - mk_req_ext.c \ - mk_safe.c \ - net_read.c \ - net_write.c \ - n-fold.c \ - padata.c \ - principal.c \ - prog_setup.c \ - prompter_posix.c \ - rd_cred.c \ - rd_error.c \ - rd_priv.c \ - rd_rep.c \ - rd_req.c \ - rd_safe.c \ - read_message.c \ - recvauth.c \ - replay.c \ - send_to_kdc.c \ - sendauth.c \ - set_default_realm.c \ - sock_principal.c \ - store.c \ - store_emem.c \ - store_fd.c \ - store_mem.c \ - ticket.c \ - time.c \ - transited.c \ - verify_init.c \ - verify_user.c \ - version.c \ - warn.c \ - write_message.c \ +libkrb5_la_SOURCES = \ + acl.c \ + add_et_list.c \ + addr_families.c \ + address.c \ + aname_to_localname.c \ + appdefault.c \ + asn1_glue.c \ + auth_context.c \ + build_ap_req.c \ + build_auth.c \ + cache.c \ + changepw.c \ + codec.c \ + config_file.c \ + config_file_netinfo.c \ + convert_creds.c \ + constants.c \ + context.c \ + copy_host_realm.c \ + crc.c \ + creds.c \ + crypto.c \ + data.c \ + eai_to_heim_errno.c \ + error_string.c \ + expand_hostname.c \ + fcache.c \ + free.c \ + free_host_realm.c \ + generate_seq_number.c \ + generate_subkey.c \ + get_addrs.c \ + get_cred.c \ + get_default_principal.c \ + get_default_realm.c \ + get_for_creds.c \ + get_host_realm.c \ + get_in_tkt.c \ + get_in_tkt_pw.c \ + get_in_tkt_with_keytab.c \ + get_in_tkt_with_skey.c \ + get_port.c \ + init_creds.c \ + init_creds_pw.c \ + keyblock.c \ + keytab.c \ + keytab_any.c \ + keytab_file.c \ + keytab_memory.c \ + keytab_keyfile.c \ + keytab_krb4.c \ + krbhst.c \ + kuserok.c \ + log.c \ + mcache.c \ + misc.c \ + mk_error.c \ + mk_priv.c \ + mk_rep.c \ + mk_req.c \ + mk_req_ext.c \ + mk_safe.c \ + net_read.c \ + net_write.c \ + n-fold.c \ + padata.c \ + principal.c \ + prog_setup.c \ + prompter_posix.c \ + rd_cred.c \ + rd_error.c \ + rd_priv.c \ + rd_rep.c \ + rd_req.c \ + rd_safe.c \ + read_message.c \ + recvauth.c \ + replay.c \ + send_to_kdc.c \ + sendauth.c \ + set_default_realm.c \ + sock_principal.c \ + store.c \ + store_emem.c \ + store_fd.c \ + store_mem.c \ + ticket.c \ + time.c \ + transited.c \ + verify_init.c \ + verify_user.c \ + version.c \ + warn.c \ + write_message.c \ $(ERR_FILES) -libkrb5_la_LDFLAGS = -version-info 15:0:0 +libkrb5_la_LDFLAGS = -version-info 16:0:0 $(libkrb5_la_OBJECTS): $(srcdir)/krb5-protos.h $(srcdir)/krb5-private.h @@ -147,7 +149,8 @@ man_MANS = \ verify_krb5_conf.8 \ krb5_auth_context.3 \ krb5_context.3 \ - krb5_init_context.3 + krb5_init_context.3 \ + krb5_keytab.3 include_HEADERS = krb5.h krb5-protos.h krb5-private.h krb5_err.h heim_err.h diff --git a/crypto/heimdal/lib/krb5/Makefile.in b/crypto/heimdal/lib/krb5/Makefile.in index be103d2..52925bb 100644 --- a/crypto/heimdal/lib/krb5/Makefile.in +++ b/crypto/heimdal/lib/krb5/Makefile.in @@ -1,6 +1,7 @@ -# Makefile.in generated automatically by automake 1.4a from Makefile.am +# Makefile.in generated automatically by automake 1.4b from Makefile.am -# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc. +# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000 +# Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -113,13 +114,13 @@ dpagaix_CFLAGS = @dpagaix_CFLAGS@ dpagaix_LDADD = @dpagaix_LDADD@ install_sh = @install_sh@ -# $Id: Makefile.am,v 1.119 2001/01/30 01:50:52 assar Exp $ +# $Id: Makefile.am,v 1.125 2001/05/16 23:51:50 assar Exp $ # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $ -# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $ +# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $ AUTOMAKE_OPTIONS = foreign no-dependencies @@ -185,14 +186,16 @@ NROFF_MAN = groff -mandoc -Tascii @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la +@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la + CHECK_LOCAL = $(PROGRAMS) bin_PROGRAMS = verify_krb5_conf noinst_PROGRAMS = dump_config test_get_addrs -check_PROGRAMS = n-fold-test string-to-key-test -TESTS = n-fold-test string-to-key-test +check_PROGRAMS = n-fold-test string-to-key-test derived-key-test store-test +TESTS = n-fold-test string-to-key-test derived-key-test store-test LDADD = libkrb5.la \ $(LIB_des) \ @@ -212,102 +215,104 @@ lib_LTLIBRARIES = libkrb5.la ERR_FILES = krb5_err.c heim_err.c libkrb5_la_SOURCES = \ - acl.c \ - add_et_list.c \ - addr_families.c \ - address.c \ - aname_to_localname.c \ - appdefault.c \ - asn1_glue.c \ - auth_context.c \ - build_ap_req.c \ - build_auth.c \ - cache.c \ - changepw.c \ - codec.c \ - config_file.c \ - config_file_netinfo.c \ - convert_creds.c \ - constants.c \ - context.c \ - copy_host_realm.c \ - crc.c \ - creds.c \ - crypto.c \ - data.c \ - eai_to_heim_errno.c \ - expand_hostname.c \ - fcache.c \ - free.c \ - free_host_realm.c \ - generate_seq_number.c \ - generate_subkey.c \ - get_addrs.c \ - get_cred.c \ - get_default_principal.c \ - get_default_realm.c \ - get_for_creds.c \ - get_host_realm.c \ - get_in_tkt.c \ - get_in_tkt_pw.c \ - get_in_tkt_with_keytab.c \ - get_in_tkt_with_skey.c \ - get_port.c \ - init_creds.c \ - init_creds_pw.c \ - keyblock.c \ - keytab.c \ - keytab_file.c \ - keytab_memory.c \ - keytab_keyfile.c \ - keytab_krb4.c \ - krbhst.c \ - kuserok.c \ - log.c \ - mcache.c \ - misc.c \ - mk_error.c \ - mk_priv.c \ - mk_rep.c \ - mk_req.c \ - mk_req_ext.c \ - mk_safe.c \ - net_read.c \ - net_write.c \ - n-fold.c \ - padata.c \ - principal.c \ - prog_setup.c \ - prompter_posix.c \ - rd_cred.c \ - rd_error.c \ - rd_priv.c \ - rd_rep.c \ - rd_req.c \ - rd_safe.c \ - read_message.c \ - recvauth.c \ - replay.c \ - send_to_kdc.c \ - sendauth.c \ - set_default_realm.c \ - sock_principal.c \ - store.c \ - store_emem.c \ - store_fd.c \ - store_mem.c \ - ticket.c \ - time.c \ - transited.c \ - verify_init.c \ - verify_user.c \ - version.c \ - warn.c \ - write_message.c \ + acl.c \ + add_et_list.c \ + addr_families.c \ + address.c \ + aname_to_localname.c \ + appdefault.c \ + asn1_glue.c \ + auth_context.c \ + build_ap_req.c \ + build_auth.c \ + cache.c \ + changepw.c \ + codec.c \ + config_file.c \ + config_file_netinfo.c \ + convert_creds.c \ + constants.c \ + context.c \ + copy_host_realm.c \ + crc.c \ + creds.c \ + crypto.c \ + data.c \ + eai_to_heim_errno.c \ + error_string.c \ + expand_hostname.c \ + fcache.c \ + free.c \ + free_host_realm.c \ + generate_seq_number.c \ + generate_subkey.c \ + get_addrs.c \ + get_cred.c \ + get_default_principal.c \ + get_default_realm.c \ + get_for_creds.c \ + get_host_realm.c \ + get_in_tkt.c \ + get_in_tkt_pw.c \ + get_in_tkt_with_keytab.c \ + get_in_tkt_with_skey.c \ + get_port.c \ + init_creds.c \ + init_creds_pw.c \ + keyblock.c \ + keytab.c \ + keytab_any.c \ + keytab_file.c \ + keytab_memory.c \ + keytab_keyfile.c \ + keytab_krb4.c \ + krbhst.c \ + kuserok.c \ + log.c \ + mcache.c \ + misc.c \ + mk_error.c \ + mk_priv.c \ + mk_rep.c \ + mk_req.c \ + mk_req_ext.c \ + mk_safe.c \ + net_read.c \ + net_write.c \ + n-fold.c \ + padata.c \ + principal.c \ + prog_setup.c \ + prompter_posix.c \ + rd_cred.c \ + rd_error.c \ + rd_priv.c \ + rd_rep.c \ + rd_req.c \ + rd_safe.c \ + read_message.c \ + recvauth.c \ + replay.c \ + send_to_kdc.c \ + sendauth.c \ + set_default_realm.c \ + sock_principal.c \ + store.c \ + store_emem.c \ + store_fd.c \ + store_mem.c \ + ticket.c \ + time.c \ + transited.c \ + verify_init.c \ + verify_user.c \ + version.c \ + warn.c \ + write_message.c \ $(ERR_FILES) -libkrb5_la_LDFLAGS = -version-info 15:0:0 +libkrb5_la_LDFLAGS = -version-info 16:0:0 #libkrb5_la_LIBADD = ../com_err/error.lo ../com_err/com_err.lo @@ -327,7 +332,8 @@ man_MANS = \ verify_krb5_conf.8 \ krb5_auth_context.3 \ krb5_context.3 \ - krb5_init_context.3 + krb5_init_context.3 \ + krb5_keytab.3 include_HEADERS = krb5.h krb5-protos.h krb5-private.h krb5_err.h heim_err.h @@ -354,27 +360,35 @@ address.lo aname_to_localname.lo appdefault.lo asn1_glue.lo \ auth_context.lo build_ap_req.lo build_auth.lo cache.lo changepw.lo \ codec.lo config_file.lo config_file_netinfo.lo convert_creds.lo \ constants.lo context.lo copy_host_realm.lo crc.lo creds.lo crypto.lo \ -data.lo eai_to_heim_errno.lo expand_hostname.lo fcache.lo free.lo \ -free_host_realm.lo generate_seq_number.lo generate_subkey.lo \ -get_addrs.lo get_cred.lo get_default_principal.lo get_default_realm.lo \ -get_for_creds.lo get_host_realm.lo get_in_tkt.lo get_in_tkt_pw.lo \ -get_in_tkt_with_keytab.lo get_in_tkt_with_skey.lo get_port.lo \ -init_creds.lo init_creds_pw.lo keyblock.lo keytab.lo keytab_file.lo \ -keytab_memory.lo keytab_keyfile.lo keytab_krb4.lo krbhst.lo kuserok.lo \ -log.lo mcache.lo misc.lo mk_error.lo mk_priv.lo mk_rep.lo mk_req.lo \ -mk_req_ext.lo mk_safe.lo net_read.lo net_write.lo n-fold.lo padata.lo \ -principal.lo prog_setup.lo prompter_posix.lo rd_cred.lo rd_error.lo \ -rd_priv.lo rd_rep.lo rd_req.lo rd_safe.lo read_message.lo recvauth.lo \ -replay.lo send_to_kdc.lo sendauth.lo set_default_realm.lo \ -sock_principal.lo store.lo store_emem.lo store_fd.lo store_mem.lo \ -ticket.lo time.lo transited.lo verify_init.lo verify_user.lo version.lo \ -warn.lo write_message.lo krb5_err.lo heim_err.lo +data.lo eai_to_heim_errno.lo error_string.lo expand_hostname.lo \ +fcache.lo free.lo free_host_realm.lo generate_seq_number.lo \ +generate_subkey.lo get_addrs.lo get_cred.lo get_default_principal.lo \ +get_default_realm.lo get_for_creds.lo get_host_realm.lo get_in_tkt.lo \ +get_in_tkt_pw.lo get_in_tkt_with_keytab.lo get_in_tkt_with_skey.lo \ +get_port.lo init_creds.lo init_creds_pw.lo keyblock.lo keytab.lo \ +keytab_any.lo keytab_file.lo keytab_memory.lo keytab_keyfile.lo \ +keytab_krb4.lo krbhst.lo kuserok.lo log.lo mcache.lo misc.lo \ +mk_error.lo mk_priv.lo mk_rep.lo mk_req.lo mk_req_ext.lo mk_safe.lo \ +net_read.lo net_write.lo n-fold.lo padata.lo principal.lo prog_setup.lo \ +prompter_posix.lo rd_cred.lo rd_error.lo rd_priv.lo rd_rep.lo rd_req.lo \ +rd_safe.lo read_message.lo recvauth.lo replay.lo send_to_kdc.lo \ +sendauth.lo set_default_realm.lo sock_principal.lo store.lo \ +store_emem.lo store_fd.lo store_mem.lo ticket.lo time.lo transited.lo \ +verify_init.lo verify_user.lo version.lo warn.lo write_message.lo \ +krb5_err.lo heim_err.lo libkrb5_la_OBJECTS = $(am_libkrb5_la_OBJECTS) bin_PROGRAMS = verify_krb5_conf$(EXEEXT) -check_PROGRAMS = n-fold-test$(EXEEXT) string-to-key-test$(EXEEXT) +check_PROGRAMS = n-fold-test$(EXEEXT) string-to-key-test$(EXEEXT) \ +derived-key-test$(EXEEXT) store-test$(EXEEXT) noinst_PROGRAMS = dump_config$(EXEEXT) test_get_addrs$(EXEEXT) PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS) +derived_key_test_SOURCES = derived-key-test.c +derived_key_test_OBJECTS = derived-key-test.$(OBJEXT) +derived_key_test_LDADD = $(LDADD) +derived_key_test_DEPENDENCIES = libkrb5.la \ +$(top_builddir)/lib/asn1/libasn1.la +derived_key_test_LDFLAGS = dump_config_SOURCES = dump_config.c dump_config_OBJECTS = dump_config.$(OBJEXT) dump_config_LDADD = $(LDADD) @@ -387,6 +401,12 @@ n_fold_test_LDADD = $(LDADD) n_fold_test_DEPENDENCIES = libkrb5.la \ $(top_builddir)/lib/asn1/libasn1.la n_fold_test_LDFLAGS = +store_test_SOURCES = store-test.c +store_test_OBJECTS = store-test.$(OBJEXT) +store_test_LDADD = $(LDADD) +store_test_DEPENDENCIES = libkrb5.la \ +$(top_builddir)/lib/asn1/libasn1.la +store_test_LDFLAGS = string_to_key_test_SOURCES = string-to-key-test.c string_to_key_test_OBJECTS = string-to-key-test.$(OBJEXT) string_to_key_test_LDADD = $(LDADD) @@ -410,8 +430,9 @@ LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $ CFLAGS = @CFLAGS@ CCLD = $(CC) LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ -DIST_SOURCES = $(libkrb5_la_SOURCES) dump_config.c n-fold-test.c \ -string-to-key-test.c test_get_addrs.c verify_krb5_conf.c +DIST_SOURCES = $(libkrb5_la_SOURCES) derived-key-test.c dump_config.c \ +n-fold-test.c store-test.c string-to-key-test.c test_get_addrs.c \ +verify_krb5_conf.c man3dir = $(mandir)/man3 man5dir = $(mandir)/man5 man8dir = $(mandir)/man8 @@ -425,12 +446,12 @@ DIST_COMMON = $(include_HEADERS) Makefile.am Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) GZIP_ENV = --best -SOURCES = $(libkrb5_la_SOURCES) dump_config.c n-fold-test.c string-to-key-test.c test_get_addrs.c verify_krb5_conf.c -OBJECTS = $(am_libkrb5_la_OBJECTS) dump_config.$(OBJEXT) n-fold-test.$(OBJEXT) string-to-key-test.$(OBJEXT) test_get_addrs.$(OBJEXT) verify_krb5_conf.$(OBJEXT) +SOURCES = $(libkrb5_la_SOURCES) derived-key-test.c dump_config.c n-fold-test.c store-test.c string-to-key-test.c test_get_addrs.c verify_krb5_conf.c +OBJECTS = $(am_libkrb5_la_OBJECTS) derived-key-test.$(OBJEXT) dump_config.$(OBJEXT) n-fold-test.$(OBJEXT) store-test.$(OBJEXT) string-to-key-test.$(OBJEXT) test_get_addrs.$(OBJEXT) verify_krb5_conf.$(OBJEXT) all: all-redirect .SUFFIXES: -.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x +.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common cd $(top_srcdir) && $(AUTOMAKE) --foreign lib/krb5/Makefile @@ -535,6 +556,10 @@ distclean-noinstPROGRAMS: maintainer-clean-noinstPROGRAMS: +derived-key-test$(EXEEXT): $(derived_key_test_OBJECTS) $(derived_key_test_DEPENDENCIES) + @rm -f derived-key-test$(EXEEXT) + $(LINK) $(derived_key_test_LDFLAGS) $(derived_key_test_OBJECTS) $(derived_key_test_LDADD) $(LIBS) + dump_config$(EXEEXT): $(dump_config_OBJECTS) $(dump_config_DEPENDENCIES) @rm -f dump_config$(EXEEXT) $(LINK) $(dump_config_LDFLAGS) $(dump_config_OBJECTS) $(dump_config_LDADD) $(LIBS) @@ -543,6 +568,10 @@ n-fold-test$(EXEEXT): $(n_fold_test_OBJECTS) $(n_fold_test_DEPENDENCIES) @rm -f n-fold-test$(EXEEXT) $(LINK) $(n_fold_test_LDFLAGS) $(n_fold_test_OBJECTS) $(n_fold_test_LDADD) $(LIBS) +store-test$(EXEEXT): $(store_test_OBJECTS) $(store_test_DEPENDENCIES) + @rm -f store-test$(EXEEXT) + $(LINK) $(store_test_LDFLAGS) $(store_test_OBJECTS) $(store_test_LDADD) $(LIBS) + string-to-key-test$(EXEEXT): $(string_to_key_test_OBJECTS) $(string_to_key_test_DEPENDENCIES) @rm -f string-to-key-test$(EXEEXT) $(LINK) $(string_to_key_test_LDFLAGS) $(string_to_key_test_OBJECTS) $(string_to_key_test_LDADD) $(LIBS) @@ -714,6 +743,11 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \ || etags $(ETAGS_ARGS) $$tags $$unique $(LISP) +GTAGS: + here=`CDPATH=: && cd $(top_builddir) && pwd` \ + && cd $(top_srcdir) \ + && gtags -i $$here + mostlyclean-tags: clean-tags: @@ -802,6 +836,8 @@ check-am: all-am check: check-am installcheck-am: installcheck: installcheck-am +install-binPROGRAMS: install-libLTLIBRARIES + install-exec-am: install-libLTLIBRARIES install-binPROGRAMS @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-exec-hook diff --git a/crypto/heimdal/lib/krb5/acl.c b/crypto/heimdal/lib/krb5/acl.c index 0106251..fb22fbb 100644 --- a/crypto/heimdal/lib/krb5/acl.c +++ b/crypto/heimdal/lib/krb5/acl.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000 Kungliga Tekniska Högskolan + * Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include <fnmatch.h> -RCSID("$Id: acl.c,v 1.1 2000/06/12 11:17:52 joda Exp $"); +RCSID("$Id: acl.c,v 1.2 2001/05/14 06:14:43 assar Exp $"); struct acl_field { enum { acl_string, acl_fnmatch, acl_retval } type; @@ -68,6 +68,7 @@ acl_parse_format(krb5_context context, for(p = format; *p != '\0'; p++) { tmp = malloc(sizeof(*tmp)); if(tmp == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); acl_free_list(acl); return ENOMEM; } @@ -133,6 +134,7 @@ krb5_acl_match_string(krb5_context context, ...) { krb5_error_code ret; + krb5_boolean found; struct acl_field *acl; va_list ap; @@ -142,10 +144,14 @@ krb5_acl_match_string(krb5_context context, if(ret) return ret; - ret = acl_match_acl(context, acl, acl_string); - + found = acl_match_acl(context, acl, acl_string); acl_free_list(acl); - return ret ? 0 : EACCES; + if (found) { + return 0; + } else { + krb5_set_error_string(context, "ACL did not match"); + return EACCES; + } } krb5_error_code @@ -159,10 +165,16 @@ krb5_acl_match_file(krb5_context context, char buf[256]; va_list ap; FILE *f; + krb5_boolean found; f = fopen(file, "r"); - if(f == NULL) - return errno; + if(f == NULL) { + int save_errno = errno; + + krb5_set_error_string(context, "open(%s): %s", file, + strerror(save_errno)); + return save_errno; + } va_start(ap, format); ret = acl_parse_format(context, &acl, format, ap); @@ -172,18 +184,22 @@ krb5_acl_match_file(krb5_context context, return ret; } - ret = EACCES; /* XXX */ + found = FALSE; while(fgets(buf, sizeof(buf), f)) { if(buf[0] == '#') continue; if(acl_match_acl(context, acl, buf)) { - ret = 0; - goto out; + found = TRUE; + break; } } - out: fclose(f); acl_free_list(acl); - return ret; + if (found) { + return 0; + } else { + krb5_set_error_string(context, "ACL did not match"); + return EACCES; + } } diff --git a/crypto/heimdal/lib/krb5/addr_families.c b/crypto/heimdal/lib/krb5/addr_families.c index 339d23b..430fd1e 100644 --- a/crypto/heimdal/lib/krb5/addr_families.c +++ b/crypto/heimdal/lib/krb5/addr_families.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: addr_families.c,v 1.24 2000/07/08 13:05:43 joda Exp $"); +RCSID("$Id: addr_families.c,v 1.26 2001/05/14 22:49:55 assar Exp $"); struct addr_operations { int af; @@ -386,33 +386,45 @@ find_atype(int atype) } krb5_error_code -krb5_sockaddr2address (const struct sockaddr *sa, krb5_address *addr) +krb5_sockaddr2address (krb5_context context, + const struct sockaddr *sa, krb5_address *addr) { struct addr_operations *a = find_af(sa->sa_family); - if (a == NULL) + if (a == NULL) { + krb5_set_error_string (context, "Address family %d not supported", + sa->sa_family); return KRB5_PROG_ATYPE_NOSUPP; + } return (*a->sockaddr2addr)(sa, addr); } krb5_error_code -krb5_sockaddr2port (const struct sockaddr *sa, int16_t *port) +krb5_sockaddr2port (krb5_context context, + const struct sockaddr *sa, int16_t *port) { struct addr_operations *a = find_af(sa->sa_family); - if (a == NULL) + if (a == NULL) { + krb5_set_error_string (context, "Address family %d not supported", + sa->sa_family); return KRB5_PROG_ATYPE_NOSUPP; + } return (*a->sockaddr2port)(sa, port); } krb5_error_code -krb5_addr2sockaddr (const krb5_address *addr, +krb5_addr2sockaddr (krb5_context context, + const krb5_address *addr, struct sockaddr *sa, int *sa_size, int port) { struct addr_operations *a = find_atype(addr->addr_type); - if (a == NULL) + if (a == NULL) { + krb5_set_error_string (context, "Address type %d not supported", + addr->addr_type); return KRB5_PROG_ATYPE_NOSUPP; + } (*a->addr2sockaddr)(addr, sa, sa_size, port); return 0; } @@ -439,37 +451,46 @@ krb5_sockaddr_uninteresting(const struct sockaddr *sa) } krb5_error_code -krb5_h_addr2sockaddr (int af, +krb5_h_addr2sockaddr (krb5_context context, + int af, const char *addr, struct sockaddr *sa, int *sa_size, int port) { struct addr_operations *a = find_af(af); - if (a == NULL) + if (a == NULL) { + krb5_set_error_string (context, "Address family %d not supported", af); return KRB5_PROG_ATYPE_NOSUPP; + } (*a->h_addr2sockaddr)(addr, sa, sa_size, port); return 0; } krb5_error_code -krb5_h_addr2addr (int af, +krb5_h_addr2addr (krb5_context context, + int af, const char *haddr, krb5_address *addr) { struct addr_operations *a = find_af(af); - if (a == NULL) + if (a == NULL) { + krb5_set_error_string (context, "Address family %d not supported", af); return KRB5_PROG_ATYPE_NOSUPP; + } return (*a->h_addr2addr)(haddr, addr); } krb5_error_code -krb5_anyaddr (int af, +krb5_anyaddr (krb5_context context, + int af, struct sockaddr *sa, int *sa_size, int port) { struct addr_operations *a = find_af (af); - if (a == NULL) + if (a == NULL) { + krb5_set_error_string (context, "Address family %d not supported", af); return KRB5_PROG_ATYPE_NOSUPP; + } (*a->anyaddr)(sa, sa_size, port); return 0; @@ -509,6 +530,7 @@ krb5_parse_address(krb5_context context, int i, n; struct addrinfo *ai, *a; int error; + int save_errno; for(i = 0; i < num_addrs; i++) { if(at[i].parse_addr) { @@ -522,8 +544,11 @@ krb5_parse_address(krb5_context context, } error = getaddrinfo (string, NULL, NULL, &ai); - if (error) - return krb5_eai_to_heim_errno(error); + if (error) { + save_errno = errno; + krb5_set_error_string (context, "%s: %s", string, gai_strerror(error)); + return krb5_eai_to_heim_errno(error, save_errno); + } n = 0; for (a = ai; a != NULL; a = a->ai_next) @@ -532,7 +557,7 @@ krb5_parse_address(krb5_context context, ALLOC_SEQ(addresses, n); for (a = ai, i = 0; a != NULL; a = a->ai_next, ++i) { - krb5_sockaddr2address (ai->ai_addr, &addresses->val[i]); + krb5_sockaddr2address (context, ai->ai_addr, &addresses->val[i]); } freeaddrinfo (ai); return 0; diff --git a/crypto/heimdal/lib/krb5/address.c b/crypto/heimdal/lib/krb5/address.c index 8b0704f..5dc756a 100644 --- a/crypto/heimdal/lib/krb5/address.c +++ b/crypto/heimdal/lib/krb5/address.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: address.c,v 1.14 1999/12/02 17:05:07 joda Exp $"); +RCSID("$Id: address.c,v 1.15 2001/05/14 06:14:44 assar Exp $"); #if 0 /* This is the supposedly MIT-api version */ @@ -128,8 +128,10 @@ krb5_append_addresses(krb5_context context, int i; if(source->len > 0) { tmp = realloc(dest->val, (dest->len + source->len) * sizeof(*tmp)); - if(tmp == NULL) + if(tmp == NULL) { + krb5_set_error_string(context, "realloc: out of memory"); return ENOMEM; + } dest->val = tmp; for(i = 0; i < source->len; i++) { /* skip duplicates */ @@ -151,18 +153,22 @@ krb5_append_addresses(krb5_context context, */ krb5_error_code -krb5_make_addrport (krb5_address **res, const krb5_address *addr, int16_t port) +krb5_make_addrport (krb5_context context, + krb5_address **res, const krb5_address *addr, int16_t port) { krb5_error_code ret; size_t len = addr->address.length + 2 + 4 * 4; u_char *p; *res = malloc (sizeof(**res)); - if (*res == NULL) + if (*res == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } (*res)->addr_type = KRB5_ADDRESS_ADDRPORT; ret = krb5_data_alloc (&(*res)->address, len); if (ret) { + krb5_set_error_string(context, "malloc: out of memory"); free (*res); return ret; } diff --git a/crypto/heimdal/lib/krb5/appdefault.c b/crypto/heimdal/lib/krb5/appdefault.c index 081dec0..12de150 100644 --- a/crypto/heimdal/lib/krb5/appdefault.c +++ b/crypto/heimdal/lib/krb5/appdefault.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2001 Kungliga Tekniska Högskolan + * Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: appdefault.c,v 1.3 2001/01/10 00:19:58 assar Exp $"); +RCSID("$Id: appdefault.c,v 1.5 2001/05/14 06:14:44 assar Exp $"); void krb5_appdefault_boolean(krb5_context context, const char *appname, @@ -42,7 +42,7 @@ krb5_appdefault_boolean(krb5_context context, const char *appname, { if(appname == NULL) - appname = __progname; + appname = getprogname(); def_val = krb5_config_get_bool_default(context, NULL, def_val, "appdefaults", option, @@ -76,7 +76,7 @@ krb5_appdefault_string(krb5_context context, const char *appname, const char *def_val, char **ret_val) { if(appname == NULL) - appname = __progname; + appname = getprogname(); def_val = krb5_config_get_string_default(context, NULL, def_val, "appdefaults", option, diff --git a/crypto/heimdal/lib/krb5/auth_context.c b/crypto/heimdal/lib/krb5/auth_context.c index a37c4dd..eca2e87 100644 --- a/crypto/heimdal/lib/krb5/auth_context.c +++ b/crypto/heimdal/lib/krb5/auth_context.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: auth_context.c,v 1.55 2000/12/10 20:01:05 assar Exp $"); +RCSID("$Id: auth_context.c,v 1.56 2001/05/14 06:14:44 assar Exp $"); krb5_error_code krb5_auth_con_init(krb5_context context, @@ -42,11 +42,14 @@ krb5_auth_con_init(krb5_context context, krb5_auth_context p; ALLOC(p, 1); - if(!p) + if(!p) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } memset(p, 0, sizeof(*p)); ALLOC(p->authenticator, 1); if (!p->authenticator) { + krb5_set_error_string(context, "malloc: out of memory"); free(p); return ENOMEM; } @@ -146,11 +149,13 @@ krb5_auth_con_genaddrs(krb5_context context, len = sizeof(ss_local); if(getsockname(fd, local, &len) < 0) { ret = errno; + krb5_set_error_string (context, "getsockname: %s", + strerror(ret)); goto out; } - krb5_sockaddr2address (local, &local_k_address); + krb5_sockaddr2address (context, local, &local_k_address); if(flags & KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR) { - krb5_sockaddr2port (local, &auth_context->local_port); + krb5_sockaddr2port (context, local, &auth_context->local_port); } else auth_context->local_port = 0; lptr = &local_k_address; @@ -160,11 +165,12 @@ krb5_auth_con_genaddrs(krb5_context context, len = sizeof(ss_remote); if(getpeername(fd, remote, &len) < 0) { ret = errno; + krb5_set_error_string (context, "getpeername: %s", strerror(ret)); goto out; } - krb5_sockaddr2address (remote, &remote_k_address); + krb5_sockaddr2address (context, remote, &remote_k_address); if(flags & KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR) { - krb5_sockaddr2port (remote, &auth_context->remote_port); + krb5_sockaddr2port (context, remote, &auth_context->remote_port); } else auth_context->remote_port = 0; rptr = &remote_k_address; @@ -205,8 +211,10 @@ krb5_auth_con_getaddrs(krb5_context context, if(*local_addr) krb5_free_address (context, *local_addr); *local_addr = malloc (sizeof(**local_addr)); - if (*local_addr == NULL) + if (*local_addr == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } krb5_copy_address(context, auth_context->local_address, *local_addr); @@ -214,8 +222,12 @@ krb5_auth_con_getaddrs(krb5_context context, if(*remote_addr) krb5_free_address (context, *remote_addr); *remote_addr = malloc (sizeof(**remote_addr)); - if (*remote_addr == NULL) + if (*remote_addr == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + krb5_free_address (context, *local_addr); + *local_addr = NULL; return ENOMEM; + } krb5_copy_address(context, auth_context->remote_address, *remote_addr); @@ -390,8 +402,10 @@ krb5_auth_getauthenticator(krb5_context context, krb5_authenticator *authenticator) { *authenticator = malloc(sizeof(**authenticator)); - if (*authenticator == NULL) + if (*authenticator == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } copy_Authenticator(auth_context->authenticator, *authenticator); diff --git a/crypto/heimdal/lib/krb5/build_ap_req.c b/crypto/heimdal/lib/krb5/build_ap_req.c index c8a89ca..e4f7d4e 100644 --- a/crypto/heimdal/lib/krb5/build_ap_req.c +++ b/crypto/heimdal/lib/krb5/build_ap_req.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: build_ap_req.c,v 1.16 1999/12/02 17:05:07 joda Exp $"); +RCSID("$Id: build_ap_req.c,v 1.17 2001/05/14 06:14:44 assar Exp $"); krb5_error_code krb5_build_ap_req (krb5_context context, @@ -68,9 +68,10 @@ krb5_build_ap_req (krb5_context context, retdata->length = length_AP_REQ(&ap); retdata->data = malloc(retdata->length); - if(retdata->data == NULL) + if(retdata->data == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; - else + } else encode_AP_REQ((unsigned char *)retdata->data + retdata->length - 1, retdata->length, &ap, &len); free_AP_REQ(&ap); diff --git a/crypto/heimdal/lib/krb5/build_auth.c b/crypto/heimdal/lib/krb5/build_auth.c index c75b2f1..b1650fd 100644 --- a/crypto/heimdal/lib/krb5/build_auth.c +++ b/crypto/heimdal/lib/krb5/build_auth.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: build_auth.c,v 1.34 2000/11/15 06:58:51 assar Exp $"); +RCSID("$Id: build_auth.c,v 1.35 2001/05/14 06:14:44 assar Exp $"); krb5_error_code krb5_build_authenticator (krb5_context context, @@ -53,8 +53,10 @@ krb5_build_authenticator (krb5_context context, krb5_crypto crypto; auth = malloc(sizeof(*auth)); - if (auth == NULL) + if (auth == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } memset (auth, 0, sizeof(*auth)); auth->authenticator_vno = 5; @@ -100,6 +102,7 @@ krb5_build_authenticator (krb5_context context, buf_size = 1024; buf = malloc (buf_size); if (buf == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; goto fail; } @@ -116,6 +119,7 @@ krb5_build_authenticator (krb5_context context, buf_size *= 2; tmp = realloc (buf, buf_size); if (tmp == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; goto fail; } diff --git a/crypto/heimdal/lib/krb5/cache.c b/crypto/heimdal/lib/krb5/cache.c index 121f44f..141eb61 100644 --- a/crypto/heimdal/lib/krb5/cache.c +++ b/crypto/heimdal/lib/krb5/cache.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: cache.c,v 1.45 2000/12/05 09:18:29 joda Exp $"); +RCSID("$Id: cache.c,v 1.47 2001/05/14 06:14:45 assar Exp $"); /* * Add a new ccache type with operations `ops', overwriting any @@ -46,32 +46,42 @@ krb5_cc_register(krb5_context context, const krb5_cc_ops *ops, krb5_boolean override) { + char *prefix_copy; int i; for(i = 0; i < context->num_cc_ops && context->cc_ops[i].prefix; i++) { if(strcmp(context->cc_ops[i].prefix, ops->prefix) == 0) { if(override) free(context->cc_ops[i].prefix); - else + else { + krb5_set_error_string(context, + "ccache type %s already exists", + ops->prefix); return KRB5_CC_TYPE_EXISTS; + } } } + prefix_copy = strdup(ops->prefix); + if (prefix_copy == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return KRB5_CC_NOMEM; + } if(i == context->num_cc_ops) { krb5_cc_ops *o = realloc(context->cc_ops, (context->num_cc_ops + 1) * sizeof(*context->cc_ops)); - if(o == NULL) + if(o == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + free(prefix_copy); return KRB5_CC_NOMEM; + } context->num_cc_ops++; context->cc_ops = o; memset(context->cc_ops + i, 0, (context->num_cc_ops - i) * sizeof(*context->cc_ops)); } memcpy(&context->cc_ops[i], ops, sizeof(context->cc_ops[i])); - context->cc_ops[i].prefix = strdup(ops->prefix); - if(context->cc_ops[i].prefix == NULL) - return KRB5_CC_NOMEM; - + context->cc_ops[i].prefix = prefix_copy; return 0; } @@ -91,8 +101,10 @@ allocate_ccache (krb5_context context, krb5_ccache p; p = malloc(sizeof(*p)); - if(p == NULL) + if(p == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return KRB5_CC_NOMEM; + } p->ops = ops; *id = p; ret = p->ops->resolve(context, id, residual); @@ -126,8 +138,10 @@ krb5_cc_resolve(krb5_context context, } if (strchr (name, ':') == NULL) return allocate_ccache (context, &krb5_fcc_ops, name, id); - else + else { + krb5_set_error_string(context, "unknown ccache type %s", name); return KRB5_CC_UNKNOWN_TYPE; + } } /* @@ -143,8 +157,10 @@ krb5_cc_gen_new(krb5_context context, krb5_ccache p; p = malloc (sizeof(*p)); - if (p == NULL) + if (p == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return KRB5_CC_NOMEM; + } p->ops = ops; *id = p; return p->ops->gen_new(context, id); @@ -281,7 +297,7 @@ krb5_cc_retrieve_cred(krb5_context context, krb5_error_code ret; krb5_cc_cursor cursor; krb5_cc_start_seq_get(context, id, &cursor); - while((ret = krb5_cc_next_cred(context, id, creds, &cursor)) == 0){ + while((ret = krb5_cc_next_cred(context, id, &cursor, creds)) == 0){ if(krb5_compare_creds(context, whichfields, mcreds, creds)){ ret = 0; break; @@ -328,8 +344,8 @@ krb5_cc_start_seq_get (krb5_context context, krb5_error_code krb5_cc_next_cred (krb5_context context, const krb5_ccache id, - krb5_creds *creds, - krb5_cc_cursor *cursor) + krb5_cc_cursor *cursor, + krb5_creds *creds) { return id->ops->get_next(context, id, cursor, creds); } @@ -356,8 +372,12 @@ krb5_cc_remove_cred(krb5_context context, krb5_flags which, krb5_creds *cred) { - if(id->ops->remove_cred == NULL) + if(id->ops->remove_cred == NULL) { + krb5_set_error_string(context, + "ccache %s does not support remove_cred", + id->ops->prefix); return EACCES; /* XXX */ + } return (*id->ops->remove_cred)(context, id, which, cred); } @@ -400,7 +420,7 @@ krb5_cc_copy_cache(krb5_context context, krb5_free_principal(context, princ); return ret; } - while(ret == 0 && krb5_cc_next_cred(context, from, &cred, &cursor) == 0){ + while(ret == 0 && krb5_cc_next_cred(context, from, &cursor, &cred) == 0){ ret = krb5_cc_store_cred(context, to, &cred); krb5_free_creds_contents (context, &cred); } diff --git a/crypto/heimdal/lib/krb5/changepw.c b/crypto/heimdal/lib/krb5/changepw.c index 407abf0..309e972 100644 --- a/crypto/heimdal/lib/krb5/changepw.c +++ b/crypto/heimdal/lib/krb5/changepw.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,17 +33,20 @@ #include <krb5_locl.h> -RCSID("$Id: changepw.c,v 1.30 2000/12/10 23:10:10 assar Exp $"); +RCSID("$Id: changepw.c,v 1.32 2001/05/14 22:49:55 assar Exp $"); static krb5_error_code get_kdc_address (krb5_context context, krb5_realm realm, - struct addrinfo **ai) + struct addrinfo **ai, + char **ret_host) { krb5_error_code ret; char **hostlist; int port = 0; int error; + char *host; + int save_errno; ret = krb5_get_krb_changepw_hst (context, &realm, @@ -51,12 +54,23 @@ get_kdc_address (krb5_context context, if (ret) return ret; + host = strdup(*hostlist); + krb5_free_krbhst(context, hostlist); + if (host == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + port = ntohs(krb5_getportbyname (context, "kpasswd", "udp", KPASSWD_PORT)); - error = roken_getaddrinfo_hostspec2(*hostlist, SOCK_DGRAM, port, ai); + error = roken_getaddrinfo_hostspec2(host, SOCK_DGRAM, port, ai); - krb5_free_krbhst (context, hostlist); - if(error) - return krb5_eai_to_heim_errno(error); + if(error) { + save_errno = errno; + krb5_set_error_string(context, "resolving %s: %s", + host, gai_strerror(error)); + return krb5_eai_to_heim_errno(error, save_errno); + } + *ret_host = host; return 0; } @@ -67,7 +81,8 @@ send_request (krb5_context context, int sock, struct sockaddr *sa, int sa_size, - char *passwd) + char *passwd, + const char *host) { krb5_error_code ret; krb5_data ap_req_data; @@ -129,8 +144,10 @@ send_request (krb5_context context, iov[2].iov_base = krb_priv_data.data; iov[2].iov_len = krb_priv_data.length; - if (sendmsg (sock, &msghdr, 0) < 0) + if (sendmsg (sock, &msghdr, 0) < 0) { ret = errno; + krb5_set_error_string(context, "sendmsg %s: %s", host, strerror(ret)); + } krb5_data_free (&krb_priv_data); out2: @@ -161,17 +178,23 @@ process_reply (krb5_context context, int sock, int *result_code, krb5_data *result_code_string, - krb5_data *result_string) + krb5_data *result_string, + const char *host) { krb5_error_code ret; u_char reply[BUFSIZ]; size_t len; u_int16_t pkt_len, pkt_ver; krb5_data ap_rep_data; + int save_errno; ret = recvfrom (sock, reply, sizeof(reply), 0, NULL, NULL); - if (ret < 0) - return errno; + if (ret < 0) { + save_errno = errno; + krb5_set_error_string(context, "recvfrom %s: %s", + host, strerror(save_errno)); + return save_errno; + } len = ret; pkt_len = (reply[0] << 8) | (reply[1]); @@ -243,7 +266,7 @@ process_reply (krb5_context context, } if (error.e_data->length < 2) { krb5_warnx (context, "too short e_data to print anything usable"); - return 1; + return 1; /* XXX */ } p = error.e_data->data; @@ -255,6 +278,12 @@ process_reply (krb5_context context, } } +/* + * change the password using the credentials in `creds' (for the + * principal indicated in them) to `newpw', storing the result of + * the operation in `result_*' and an error code or 0. + */ + krb5_error_code krb5_change_password (krb5_context context, krb5_creds *creds, @@ -269,12 +298,13 @@ krb5_change_password (krb5_context context, int i; struct addrinfo *ai, *a; int done = 0; + char *host = NULL; ret = krb5_auth_con_init (context, &auth_context); if (ret) return ret; - ret = get_kdc_address (context, creds->client->realm, &ai); + ret = get_kdc_address (context, creds->client->realm, &ai, &host); if (ret) goto out; @@ -297,7 +327,8 @@ krb5_change_password (krb5_context context, sock, a->ai_addr, a->ai_addrlen, - newpw); + newpw, + host); if (ret) { close(sock); goto out; @@ -305,6 +336,7 @@ krb5_change_password (krb5_context context, } if (sock >= FD_SETSIZE) { + krb5_set_error_string(context, "fd %d too large", sock); ret = ERANGE; close (sock); goto out; @@ -326,7 +358,8 @@ krb5_change_password (krb5_context context, sock, result_code, result_code_string, - result_string); + result_string, + host); if (ret == 0) done = 1; else if (i > 0 && ret == KRB5KRB_AP_ERR_MUT_FAIL) @@ -341,8 +374,16 @@ krb5_change_password (krb5_context context, out: krb5_auth_con_free (context, auth_context); + free (host); if (done) return 0; - else + else { + if (ret == KRB5_KDC_UNREACH) + krb5_set_error_string(context, + "failed to reach kpasswd server %s " + "in realm %s", + host, creds->client->realm); + return ret; + } } diff --git a/crypto/heimdal/lib/krb5/codec.c b/crypto/heimdal/lib/krb5/codec.c index 1d94613..6a49e68 100644 --- a/crypto/heimdal/lib/krb5/codec.c +++ b/crypto/heimdal/lib/krb5/codec.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998 - 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1998 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,36 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: codec.c,v 1.6 1999/12/02 17:05:08 joda Exp $"); - -/* these functions does what the normal asn.1-functions does, but - converts the keytype to/from the on-the-wire enctypes */ - -#if 1 -#define DECODE(T, K) return decode_ ## T(data, length, t, len) -#define ENCODE(T, K) return encode_ ## T(data, length, t, len) -#else -#define DECODE(T, K) \ -{ \ - krb5_error_code ret; \ - ret = decode_ ## T((void*)data, length, t, len); \ - if(ret) \ - return ret; \ - if(K) \ - ret = krb5_decode_keyblock(context, (K), 1); \ - return ret; \ -} - -#define ENCODE(T, K) \ -{ \ - krb5_error_code ret = 0; \ - if(K) \ - ret = krb5_decode_keyblock(context, (K), 0); \ - if(ret) \ - return ret; \ - return encode_ ## T(data, length, t, len); \ -} -#endif +RCSID("$Id: codec.c,v 1.7 2001/05/16 22:08:08 assar Exp $"); krb5_error_code krb5_decode_EncTicketPart (krb5_context context, @@ -71,7 +42,7 @@ krb5_decode_EncTicketPart (krb5_context context, EncTicketPart *t, size_t *len) { - DECODE(EncTicketPart, &t->key); + return decode_EncTicketPart(data, length, t, len); } krb5_error_code @@ -81,7 +52,7 @@ krb5_encode_EncTicketPart (krb5_context context, EncTicketPart *t, size_t *len) { - ENCODE(EncTicketPart, &t->key); + return encode_EncTicketPart(data, length, t, len); } krb5_error_code @@ -91,7 +62,7 @@ krb5_decode_EncASRepPart (krb5_context context, EncASRepPart *t, size_t *len) { - DECODE(EncASRepPart, &t->key); + return decode_EncASRepPart(data, length, t, len); } krb5_error_code @@ -101,7 +72,7 @@ krb5_encode_EncASRepPart (krb5_context context, EncASRepPart *t, size_t *len) { - ENCODE(EncASRepPart, &t->key); + return encode_EncASRepPart(data, length, t, len); } krb5_error_code @@ -111,7 +82,7 @@ krb5_decode_EncTGSRepPart (krb5_context context, EncTGSRepPart *t, size_t *len) { - DECODE(EncTGSRepPart, &t->key); + return decode_EncTGSRepPart(data, length, t, len); } krb5_error_code @@ -121,7 +92,7 @@ krb5_encode_EncTGSRepPart (krb5_context context, EncTGSRepPart *t, size_t *len) { - ENCODE(EncTGSRepPart, &t->key); + return encode_EncTGSRepPart(data, length, t, len); } krb5_error_code @@ -131,7 +102,7 @@ krb5_decode_EncAPRepPart (krb5_context context, EncAPRepPart *t, size_t *len) { - DECODE(EncAPRepPart, t->subkey); + return decode_EncAPRepPart(data, length, t, len); } krb5_error_code @@ -141,7 +112,7 @@ krb5_encode_EncAPRepPart (krb5_context context, EncAPRepPart *t, size_t *len) { - ENCODE(EncAPRepPart, t->subkey); + return encode_EncAPRepPart(data, length, t, len); } krb5_error_code @@ -151,7 +122,7 @@ krb5_decode_Authenticator (krb5_context context, Authenticator *t, size_t *len) { - DECODE(Authenticator, t->subkey); + return decode_Authenticator(data, length, t, len); } krb5_error_code @@ -161,7 +132,7 @@ krb5_encode_Authenticator (krb5_context context, Authenticator *t, size_t *len) { - ENCODE(Authenticator, t->subkey); + return encode_Authenticator(data, length, t, len); } krb5_error_code @@ -171,19 +142,7 @@ krb5_decode_EncKrbCredPart (krb5_context context, EncKrbCredPart *t, size_t *len) { -#if 1 return decode_EncKrbCredPart(data, length, t, len); -#else - krb5_error_code ret; - int i; - ret = decode_EncKrbCredPart((void*)data, length, t, len); - if(ret) - return ret; - for(i = 0; i < t->ticket_info.len; i++) - if((ret = krb5_decode_keyblock(context, &t->ticket_info.val[i].key, 1))) - break; - return ret; -#endif } krb5_error_code @@ -193,15 +152,6 @@ krb5_encode_EncKrbCredPart (krb5_context context, EncKrbCredPart *t, size_t *len) { -#if 0 - krb5_error_code ret = 0; - int i; - - for(i = 0; i < t->ticket_info.len; i++) - if((ret = krb5_decode_keyblock(context, &t->ticket_info.val[i].key, 0))) - break; - if(ret) return ret; -#endif return encode_EncKrbCredPart (data, length, t, len); } @@ -212,21 +162,7 @@ krb5_decode_ETYPE_INFO (krb5_context context, ETYPE_INFO *t, size_t *len) { -#if 1 return decode_ETYPE_INFO(data, length, t, len); -#else - krb5_error_code ret; - int i; - - ret = decode_ETYPE_INFO((void*)data, length, t, len); - if(ret) - return ret; - for(i = 0; i < t->len; i++) { - if((ret = krb5_decode_keytype(context, &t->val[i].etype, 1))) - break; - } - return ret; -#endif } krb5_error_code @@ -236,16 +172,5 @@ krb5_encode_ETYPE_INFO (krb5_context context, ETYPE_INFO *t, size_t *len) { -#if 0 - krb5_error_code ret = 0; - - int i; - /* XXX this will break, since we need one key-info for each enctype */ - /* XXX or do we? */ - for(i = 0; i < t->len; i++) - if((ret = krb5_decode_keytype(context, &t->val[i].etype, 0))) - break; - if(ret) return ret; -#endif return encode_ETYPE_INFO (data, length, t, len); } diff --git a/crypto/heimdal/lib/krb5/config_file.c b/crypto/heimdal/lib/krb5/config_file.c index d5d8a42..b53b69c 100644 --- a/crypto/heimdal/lib/krb5/config_file.c +++ b/crypto/heimdal/lib/krb5/config_file.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 1999, 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,19 +32,20 @@ */ #include "krb5_locl.h" -RCSID("$Id: config_file.c,v 1.41 2000/08/16 07:40:36 assar Exp $"); +RCSID("$Id: config_file.c,v 1.42 2001/05/14 06:14:45 assar Exp $"); #ifndef HAVE_NETINFO -static int parse_section(char *p, krb5_config_section **s, - krb5_config_section **res, - char **error_message); -static int parse_binding(FILE *f, unsigned *lineno, char *p, - krb5_config_binding **b, - krb5_config_binding **parent, - char **error_message); -static int parse_list(FILE *f, unsigned *lineno, krb5_config_binding **parent, - char **error_message); +static krb5_error_code parse_section(char *p, krb5_config_section **s, + krb5_config_section **res, + char **error_message); +static krb5_error_code parse_binding(FILE *f, unsigned *lineno, char *p, + krb5_config_binding **b, + krb5_config_binding **parent, + char **error_message); +static krb5_error_code parse_list(FILE *f, unsigned *lineno, + krb5_config_binding **parent, + char **error_message); /* * Parse a section: @@ -61,7 +62,7 @@ static int parse_list(FILE *f, unsigned *lineno, krb5_config_binding **parent, * Store the error message in `error_message'. */ -static int +static krb5_error_code parse_section(char *p, krb5_config_section **s, krb5_config_section **parent, char **error_message) { @@ -71,18 +72,18 @@ parse_section(char *p, krb5_config_section **s, krb5_config_section **parent, p1 = strchr (p + 1, ']'); if (p1 == NULL) { *error_message = "missing ]"; - return -1; + return KRB5_CONFIG_BADFORMAT; } *p1 = '\0'; tmp = malloc(sizeof(*tmp)); if (tmp == NULL) { *error_message = "out of memory"; - return -1; + return KRB5_CONFIG_BADFORMAT; } tmp->name = strdup(p+1); if (tmp->name == NULL) { *error_message = "out of memory"; - return -1; + return KRB5_CONFIG_BADFORMAT; } tmp->type = krb5_config_list; tmp->u.list = NULL; @@ -133,7 +134,7 @@ parse_list(FILE *f, unsigned *lineno, krb5_config_binding **parent, } *lineno = beg_lineno; *error_message = "unclosed {"; - return -1; + return KRB5_CONFIG_BADFORMAT; } /* @@ -154,14 +155,14 @@ parse_binding(FILE *f, unsigned *lineno, char *p, ++p; if (*p == '\0') { *error_message = "no ="; - return -1; + return KRB5_CONFIG_BADFORMAT; } p2 = p; while (isspace((unsigned char)*p)) ++p; if (*p != '=') { *error_message = "no ="; - return -1; + return KRB5_CONFIG_BADFORMAT; } ++p; while(isspace((unsigned char)*p)) @@ -169,7 +170,7 @@ parse_binding(FILE *f, unsigned *lineno, char *p, tmp = malloc(sizeof(*tmp)); if (tmp == NULL) { *error_message = "out of memory"; - return -1; + return KRB5_CONFIG_BADFORMAT; } *p2 = '\0'; tmp->name = strdup(p1); @@ -200,7 +201,7 @@ parse_binding(FILE *f, unsigned *lineno, char *p, * returning error messages in `error_message' */ -krb5_error_code +static krb5_error_code krb5_config_parse_file_debug (const char *fname, krb5_config_section **res, unsigned *lineno, @@ -210,7 +211,7 @@ krb5_config_parse_file_debug (const char *fname, krb5_config_section *s; krb5_config_binding *b; char buf[BUFSIZ]; - int ret = 0; + krb5_error_code ret = 0; s = NULL; b = NULL; @@ -240,7 +241,7 @@ krb5_config_parse_file_debug (const char *fname, b = NULL; } else if (*p == '}') { *error_message = "unmatched }"; - ret = -1; + ret = EINVAL; /* XXX */ goto out; } else if(*p != '\0') { ret = parse_binding(f, lineno, p, &b, &s->u.list, error_message); @@ -254,12 +255,20 @@ out: } krb5_error_code -krb5_config_parse_file (const char *fname, krb5_config_section **res) +krb5_config_parse_file (krb5_context context, + const char *fname, + krb5_config_section **res) { - char *foo; + char *str; unsigned lineno; + krb5_error_code ret; - return krb5_config_parse_file_debug (fname, res, &lineno, &foo); + ret = krb5_config_parse_file_debug (fname, res, &lineno, &str); + if (ret) { + krb5_set_error_string (context, "%s:%u: %s", fname, lineno, str); + return ret; + } + return 0; } #endif /* !HAVE_NETINFO */ diff --git a/crypto/heimdal/lib/krb5/config_file_netinfo.c b/crypto/heimdal/lib/krb5/config_file_netinfo.c index aeb939a..a035e88 100644 --- a/crypto/heimdal/lib/krb5/config_file_netinfo.c +++ b/crypto/heimdal/lib/krb5/config_file_netinfo.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: config_file_netinfo.c,v 1.2 1999/12/02 17:05:08 joda Exp $"); +RCSID("$Id: config_file_netinfo.c,v 1.3 2001/05/14 06:14:45 assar Exp $"); /* * Netinfo implementation from Luke Howard <lukeh@xedoc.com.au> @@ -131,7 +131,9 @@ ni_idlist2binding(void *ni, ni_idlist *idlist, krb5_config_section **ret) } krb5_error_code -krb5_config_parse_file (const char *fname, krb5_config_section **res) +krb5_config_parse_file (krb5_context context, + const char *fname, + krb5_config_section **res) { void *ni = NULL, *lastni = NULL; int i; diff --git a/crypto/heimdal/lib/krb5/context.c b/crypto/heimdal/lib/krb5/context.c index 0cfac9a..2ba194b 100644 --- a/crypto/heimdal/lib/krb5/context.c +++ b/crypto/heimdal/lib/krb5/context.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: context.c,v 1.59 2000/12/15 17:11:51 joda Exp $"); +RCSID("$Id: context.c,v 1.64 2001/05/16 22:24:42 assar Exp $"); #define INIT_FIELD(C, T, E, D, F) \ (C)->E = krb5_config_get_ ## T ## _default ((C), NULL, (D), \ @@ -60,6 +60,7 @@ set_etypes (krb5_context context, etypes = malloc((i+1) * sizeof(*etypes)); if (etypes == NULL) { krb5_config_free_strings (etypes_str); + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } for(j = 0, k = 0; j < i; j++) { @@ -94,6 +95,9 @@ init_context_from_config_file(krb5_context context) INIT_FIELD(context, string, default_keytab, KEYTAB_DEFAULT, "default_keytab_name"); + INIT_FIELD(context, string, default_keytab_modify, + KEYTAB_DEFAULT_MODIFY, "default_keytab_modify_name"); + INIT_FIELD(context, string, time_fmt, "%Y-%m-%dT%H:%M:%S", "time_format"); @@ -144,6 +148,8 @@ init_context_from_config_file(krb5_context context) krb5_kt_register (context, &krb5_mkt_ops); krb5_kt_register (context, &krb5_akf_ops); krb5_kt_register (context, &krb4_fkt_ops); + krb5_kt_register (context, &krb5_srvtab_fkt_ops); + krb5_kt_register (context, &krb5_any_ops); return 0; } @@ -168,7 +174,7 @@ krb5_init_context(krb5_context *context) if (config_file == NULL) config_file = krb5_config_file; - ret = krb5_config_parse_file (config_file, &tmp_cf); + ret = krb5_config_parse_file (p, config_file, &tmp_cf); if (ret == 0) p->cf = tmp_cf; @@ -210,7 +216,7 @@ krb5_free_context(krb5_context context) */ static krb5_error_code -default_etypes(krb5_enctype **etype) +default_etypes(krb5_context context, krb5_enctype **etype) { krb5_enctype p[] = { ETYPE_DES3_CBC_SHA1, @@ -221,9 +227,12 @@ default_etypes(krb5_enctype **etype) ETYPE_DES_CBC_CRC, ETYPE_NULL }; + *etype = malloc(sizeof(p)); - if(*etype == NULL) + if(*etype == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } memcpy(*etype, p, sizeof(p)); return 0; } @@ -236,14 +245,18 @@ krb5_set_default_in_tkt_etypes(krb5_context context, krb5_enctype *p = NULL; if(etypes) { - i = 0; - while(etypes[i]) - if(!krb5_enctype_valid(context, etypes[i++])) + for (i = 0; etypes[i]; ++i) + if(!krb5_enctype_valid(context, etypes[i])) { + krb5_set_error_string(context, "enctype %d not supported", + etypes[i]); return KRB5_PROG_ETYPE_NOSUPP; + } ++i; ALLOC(p, i); - if(!p) + if(!p) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } memmove(p, etypes, i * sizeof(krb5_enctype)); } if(context->etypes) @@ -259,17 +272,22 @@ krb5_get_default_in_tkt_etypes(krb5_context context, { krb5_enctype *p; int i; + krb5_error_code ret; if(context->etypes) { for(i = 0; context->etypes[i]; i++); ++i; ALLOC(p, i); - if(!p) + if(!p) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } memmove(p, context->etypes, i * sizeof(krb5_enctype)); - } else - if(default_etypes(&p)) - return ENOMEM; + } else { + ret = default_etypes(context, &p); + if (ret) + return ret; + } *etypes = p; return 0; } @@ -287,9 +305,9 @@ void krb5_init_ets(krb5_context context) { if(context->et_list == NULL){ - initialize_krb5_error_table_r(&context->et_list); - initialize_asn1_error_table_r(&context->et_list); - initialize_heim_error_table_r(&context->et_list); + krb5_add_et_list(context, initialize_krb5_error_table_r); + krb5_add_et_list(context, initialize_asn1_error_table_r); + krb5_add_et_list(context, initialize_heim_error_table_r); } } @@ -325,8 +343,10 @@ krb5_set_extra_addresses(krb5_context context, const krb5_addresses *addresses) } if(context->extra_addresses == NULL) { context->extra_addresses = malloc(sizeof(*context->extra_addresses)); - if(context->extra_addresses == NULL) + if(context->extra_addresses == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } } return krb5_copy_addresses(context, addresses, context->extra_addresses); } diff --git a/crypto/heimdal/lib/krb5/convert_creds.c b/crypto/heimdal/lib/krb5/convert_creds.c index 8459ee3..f248cd0 100644 --- a/crypto/heimdal/lib/krb5/convert_creds.c +++ b/crypto/heimdal/lib/krb5/convert_creds.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: convert_creds.c,v 1.15 2000/07/11 19:30:04 joda Exp $"); +RCSID("$Id: convert_creds.c,v 1.17 2001/05/14 06:14:45 assar Exp $"); static krb5_error_code check_ticket_flags(TicketFlags f) @@ -134,16 +134,15 @@ krb524_convert_creds_kdc(krb5_context context, krb5_creds *v5_creds = in_cred; krb5_keytype keytype; - ret = krb5_enctype_to_keytype (context, v5_creds->session.keytype, - &keytype); - if (ret) - return ret; + keytype = v5_creds->session.keytype; - if (keytype != KEYTYPE_DES) { + if (keytype != ENCTYPE_DES_CBC_CRC) { + /* MIT krb524d doesn't like nothing but des-cbc-crc tickets, + so go get one */ krb5_creds template; memset (&template, 0, sizeof(template)); - template.session.keytype = KEYTYPE_DES; + template.session.keytype = ENCTYPE_DES_CBC_CRC; ret = krb5_copy_principal (context, in_cred->client, &template.client); if (ret) { krb5_free_creds_contents (context, &template); @@ -197,6 +196,7 @@ krb524_convert_creds_kdc(krb5_context context, sp = krb5_storage_from_mem(reply.data, reply.length); if(sp == NULL) { ret = ENOMEM; + krb5_set_error_string (context, "malloc: out of memory"); goto out2; } krb5_ret_int32(sp, &tmp); @@ -204,10 +204,12 @@ krb524_convert_creds_kdc(krb5_context context, if(ret == 0) { memset(v4creds, 0, sizeof(*v4creds)); ret = krb5_ret_int32(sp, &tmp); - if(ret) goto out; + if(ret) + goto out; v4creds->kvno = tmp; ret = krb5_ret_data(sp, &ticket); - if(ret) goto out; + if(ret) + goto out; v4creds->ticket_st.length = ticket.length; memcpy(v4creds->ticket_st.dat, ticket.data, ticket.length); krb5_data_free(&ticket); @@ -216,7 +218,8 @@ krb524_convert_creds_kdc(krb5_context context, v4creds->service, v4creds->instance, v4creds->realm); - if(ret) goto out; + if(ret) + goto out; v4creds->issue_date = v5_creds->times.authtime; v4creds->lifetime = _krb_time_to_life(v4creds->issue_date, v5_creds->times.endtime); @@ -224,7 +227,8 @@ krb524_convert_creds_kdc(krb5_context context, v4creds->pname, v4creds->pinst, realm); - if(ret) goto out; + if(ret) + goto out; memcpy(v4creds->session, v5_creds->session.keyvalue.data, 8); } out: diff --git a/crypto/heimdal/lib/krb5/copy_host_realm.c b/crypto/heimdal/lib/krb5/copy_host_realm.c index 4a8f3ec..38fdfa8 100644 --- a/crypto/heimdal/lib/krb5/copy_host_realm.c +++ b/crypto/heimdal/lib/krb5/copy_host_realm.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: copy_host_realm.c,v 1.3 1999/12/02 17:05:08 joda Exp $"); +RCSID("$Id: copy_host_realm.c,v 1.4 2001/05/14 06:14:45 assar Exp $"); /* * Copy the list of realms from `from' to `to'. @@ -51,14 +51,17 @@ krb5_copy_host_realm(krb5_context context, ++n; ++n; *to = malloc (n * sizeof(**to)); - if (*to == NULL) + if (*to == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } for (i = 0; i < n; ++i) (*to)[i] = NULL; for (i = 0, p = from; *p != NULL; ++p, ++i) { (*to)[i] = strdup(*p); if ((*to)[i] == NULL) { krb5_free_host_realm (context, *to); + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } } diff --git a/crypto/heimdal/lib/krb5/creds.c b/crypto/heimdal/lib/krb5/creds.c index 7051168..01c1c30 100644 --- a/crypto/heimdal/lib/krb5/creds.c +++ b/crypto/heimdal/lib/krb5/creds.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: creds.c,v 1.14 1999/12/02 17:05:08 joda Exp $"); +RCSID("$Id: creds.c,v 1.15 2001/05/14 06:14:45 assar Exp $"); krb5_error_code krb5_free_cred_contents (krb5_context context, krb5_creds *c) @@ -108,8 +108,10 @@ krb5_copy_creds (krb5_context context, krb5_creds *c; c = malloc (sizeof (*c)); - if (c == NULL) + if (c == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } memset (c, 0, sizeof(*c)); *outcred = c; return krb5_copy_creds_contents (context, incred, c); diff --git a/crypto/heimdal/lib/krb5/data.c b/crypto/heimdal/lib/krb5/data.c index 21191e2..c6a5d75 100644 --- a/crypto/heimdal/lib/krb5/data.c +++ b/crypto/heimdal/lib/krb5/data.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: data.c,v 1.15 1999/12/02 17:05:09 joda Exp $"); +RCSID("$Id: data.c,v 1.16 2001/05/14 06:14:46 assar Exp $"); void krb5_data_zero(krb5_data *p) @@ -100,10 +100,14 @@ krb5_copy_data(krb5_context context, { krb5_error_code ret; ALLOC(*outdata, 1); - if(*outdata == NULL) + if(*outdata == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } ret = copy_octet_string(indata, *outdata); - if(ret) + if(ret) { + krb5_clear_error_string (context); free(*outdata); + } return ret; } diff --git a/crypto/heimdal/lib/krb5/derived-key-test.c b/crypto/heimdal/lib/krb5/derived-key-test.c new file mode 100644 index 0000000..0a47dd3 --- /dev/null +++ b/crypto/heimdal/lib/krb5/derived-key-test.c @@ -0,0 +1,119 @@ +/* + * Copyright (c) 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of KTH nor the names of its contributors may be + * used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ + +#include "krb5_locl.h" + +RCSID("$Id: derived-key-test.c,v 1.1 2001/03/12 07:44:52 assar Exp $"); + +enum { MAXSIZE = 24 }; + +static struct testcase { + krb5_enctype enctype; + unsigned char constant[MAXSIZE]; + size_t constant_len; + unsigned char key[MAXSIZE]; + unsigned char res[MAXSIZE]; +} tests[] = { + {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0x55}, 5, + {0xdc, 0xe0, 0x6b, 0x1f, 0x64, 0xc8, 0x57, 0xa1, 0x1c, 0x3d, 0xb5, 0x7c, 0x51, 0x89, 0x9b, 0x2c, 0xc1, 0x79, 0x10, 0x08, 0xce, 0x97, 0x3b, 0x92}, + {0x92, 0x51, 0x79, 0xd0, 0x45, 0x91, 0xa7, 0x9b, 0x5d, 0x31, 0x92, 0xc4, 0xa7, 0xe9, 0xc2, 0x89, 0xb0, 0x49, 0xc7, 0x1f, 0x6e, 0xe6, 0x04, 0xcd}}, + {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0xaa}, 5, + {0x5e, 0x13, 0xd3, 0x1c, 0x70, 0xef, 0x76, 0x57, 0x46, 0x57, 0x85, 0x31, 0xcb, 0x51, 0xc1, 0x5b, 0xf1, 0x1c, 0xa8, 0x2c, 0x97, 0xce, 0xe9, 0xf2}, + {0x9e, 0x58, 0xe5, 0xa1, 0x46, 0xd9, 0x94, 0x2a, 0x10, 0x1c, 0x46, 0x98, 0x45, 0xd6, 0x7a, 0x20, 0xe3, 0xc4, 0x25, 0x9e, 0xd9, 0x13, 0xf2, 0x07}}, + {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0x55}, 5, + {0x98, 0xe6, 0xfd, 0x8a, 0x04, 0xa4, 0xb6, 0x85, 0x9b, 0x75, 0xa1, 0x76, 0x54, 0x0b, 0x97, 0x52, 0xba, 0xd3, 0xec, 0xd6, 0x10, 0xa2, 0x52, 0xbc}, + {0x13, 0xfe, 0xf8, 0x0d, 0x76, 0x3e, 0x94, 0xec, 0x6d, 0x13, 0xfd, 0x2c, 0xa1, 0xd0, 0x85, 0x07, 0x02, 0x49, 0xda, 0xd3, 0x98, 0x08, 0xea, 0xbf}}, + {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0xaa}, 5, + {0x62, 0x2a, 0xec, 0x25, 0xa2, 0xfe, 0x2c, 0xad, 0x70, 0x94, 0x68, 0x0b, 0x7c, 0x64, 0x94, 0x02, 0x80, 0x08, 0x4c, 0x1a, 0x7c, 0xec, 0x92, 0xb5}, + {0xf8, 0xdf, 0xbf, 0x04, 0xb0, 0x97, 0xe6, 0xd9, 0xdc, 0x07, 0x02, 0x68, 0x6b, 0xcb, 0x34, 0x89, 0xd9, 0x1f, 0xd9, 0xa4, 0x51, 0x6b, 0x70, 0x3e}}, + {ETYPE_DES3_CBC_SHA1, {0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73}, 8, + {0xd3, 0xf8, 0x29, 0x8c, 0xcb, 0x16, 0x64, 0x38, 0xdc, 0xb9, 0xb9, 0x3e, 0xe5, 0xa7, 0x62, 0x92, 0x86, 0xa4, 0x91, 0xf8, 0x38, 0xf8, 0x02, 0xfb}, + {0x23, 0x70, 0xda, 0x57, 0x5d, 0x2a, 0x3d, 0xa8, 0x64, 0xce, 0xbf, 0xdc, 0x52, 0x04, 0xd5, 0x6d, 0xf7, 0x79, 0xa7, 0xdf, 0x43, 0xd9, 0xda, 0x43}}, + {ETYPE_DES3_CBC_SHA1, {0x63, 0x6f, 0x6d, 0x62, 0x69, 0x6e, 0x65}, 7, + {0xb5, 0x5e, 0x98, 0x34, 0x67, 0xe5, 0x51, 0xb3, 0xe5, 0xd0, 0xe5, 0xb6, 0xc8, 0x0d, 0x45, 0x76, 0x94, 0x23, 0xa8, 0x73, 0xdc, 0x62, 0xb3, 0x0e}, + {0x01, 0x26, 0x38, 0x8a, 0xad, 0xc8, 0x1a, 0x1f, 0x2a, 0x62, 0xbc, 0x45, 0xf8, 0xd5, 0xc1, 0x91, 0x51, 0xba, 0xcd, 0xd5, 0xcb, 0x79, 0x8a, 0x3e}}, + {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0x55}, 5, + {0xc1, 0x08, 0x16, 0x49, 0xad, 0xa7, 0x43, 0x62, 0xe6, 0xa1, 0x45, 0x9d, 0x01, 0xdf, 0xd3, 0x0d, 0x67, 0xc2, 0x23, 0x4c, 0x94, 0x07, 0x04, 0xda}, + {0x34, 0x80, 0x57, 0xec, 0x98, 0xfd, 0xc4, 0x80, 0x16, 0x16, 0x1c, 0x2a, 0x4c, 0x7a, 0x94, 0x3e, 0x92, 0xae, 0x49, 0x2c, 0x98, 0x91, 0x75, 0xf7}}, + {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0xaa}, 5, + {0x5d, 0x15, 0x4a, 0xf2, 0x38, 0xf4, 0x67, 0x13, 0x15, 0x57, 0x19, 0xd5, 0x5e, 0x2f, 0x1f, 0x79, 0x0d, 0xd6, 0x61, 0xf2, 0x79, 0xa7, 0x91, 0x7c}, + {0xa8, 0x80, 0x8a, 0xc2, 0x67, 0xda, 0xda, 0x3d, 0xcb, 0xe9, 0xa7, 0xc8, 0x46, 0x26, 0xfb, 0xc7, 0x61, 0xc2, 0x94, 0xb0, 0x13, 0x15, 0xe5, 0xc1}}, + {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0x55}, 5, + {0x79, 0x85, 0x62, 0xe0, 0x49, 0x85, 0x2f, 0x57, 0xdc, 0x8c, 0x34, 0x3b, 0xa1, 0x7f, 0x2c, 0xa1, 0xd9, 0x73, 0x94, 0xef, 0xc8, 0xad, 0xc4, 0x43}, + {0xc8, 0x13, 0xf8, 0x8a, 0x3b, 0xe3, 0xb3, 0x34, 0xf7, 0x54, 0x25, 0xce, 0x91, 0x75, 0xfb, 0xe3, 0xc8, 0x49, 0x3b, 0x89, 0xc8, 0x70, 0x3b, 0x49}}, + {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0xaa}, 5, + {0x26, 0xdc, 0xe3, 0x34, 0xb5, 0x45, 0x29, 0x2f, 0x2f, 0xea, 0xb9, 0xa8, 0x70, 0x1a, 0x89, 0xa4, 0xb9, 0x9e, 0xb9, 0x94, 0x2c, 0xec, 0xd0, 0x16}, + {0xf4, 0x8f, 0xfd, 0x6e, 0x83, 0xf8, 0x3e, 0x73, 0x54, 0xe6, 0x94, 0xfd, 0x25, 0x2c, 0xf8, 0x3b, 0xfe, 0x58, 0xf7, 0xd5, 0xba, 0x37, 0xec, 0x5d}}, + {0} +}; + +int +main(int argc, char **argv) +{ + struct testcase *t; + krb5_context context; + krb5_error_code ret; + int val = 0; + + ret = krb5_init_context (&context); + if (ret) + errx (1, "krb5_init_context failed: %d", ret); + + for (t = tests; t->enctype != 0; ++t) { + krb5_keyblock key; + krb5_keyblock *dkey; + + key.keytype = KEYTYPE_DES3; + key.keyvalue.length = MAXSIZE; + key.keyvalue.data = t->key; + + ret = krb5_derive_key(context, &key, t->enctype, t->constant, + t->constant_len, &dkey); + if (ret) + krb5_err (context, 1, ret, "krb5_derive_key"); + if (memcmp (dkey->keyvalue.data, t->res, dkey->keyvalue.length) != 0) { + const unsigned char *p = dkey->keyvalue.data; + int i; + + printf ("derive_key failed\n"); + printf ("should be: "); + for (i = 0; i < dkey->keyvalue.length; ++i) + printf ("%02x", t->res[i]); + printf ("\nresult was: "); + for (i = 0; i < dkey->keyvalue.length; ++i) + printf ("%02x", p[i]); + printf ("\n"); + val = 1; + } + } + return val; +} diff --git a/crypto/heimdal/lib/krb5/eai_to_heim_errno.c b/crypto/heimdal/lib/krb5/eai_to_heim_errno.c index b9272dd..924be7c 100644 --- a/crypto/heimdal/lib/krb5/eai_to_heim_errno.c +++ b/crypto/heimdal/lib/krb5/eai_to_heim_errno.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000 Kungliga Tekniska Högskolan + * Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,10 +33,16 @@ #include <krb5_locl.h> -RCSID("$Id: eai_to_heim_errno.c,v 1.1 2000/07/08 13:03:36 joda Exp $"); +RCSID("$Id: eai_to_heim_errno.c,v 1.3 2001/05/14 22:48:33 assar Exp $"); + +/* + * convert the getaddrinfo error code in `eai_errno' into a + * krb5_error_code. `system_error' should have the value of the errno + * after the failed call. + */ krb5_error_code -krb5_eai_to_heim_errno(int eai_errno) +krb5_eai_to_heim_errno(int eai_errno, int system_error) { switch(eai_errno) { case EAI_NOERROR: @@ -62,7 +68,26 @@ krb5_eai_to_heim_errno(int eai_errno) case EAI_SOCKTYPE: return HEIM_EAI_SOCKTYPE; case EAI_SYSTEM: - return errno; + return system_error; + default: + return HEIM_EAI_UNKNOWN; /* XXX */ + } +} + +krb5_error_code +krb5_h_errno_to_heim_errno(int eai_errno) +{ + switch(eai_errno) { + case 0: + return 0; + case HOST_NOT_FOUND: + return HEIM_EAI_NONAME; + case TRY_AGAIN: + return HEIM_EAI_AGAIN; + case NO_RECOVERY: + return HEIM_EAI_FAIL; + case NO_DATA: + return HEIM_EAI_NONAME; default: return HEIM_EAI_UNKNOWN; /* XXX */ } diff --git a/crypto/heimdal/lib/krb5/error_string.c b/crypto/heimdal/lib/krb5/error_string.c new file mode 100644 index 0000000..bf73448 --- /dev/null +++ b/crypto/heimdal/lib/krb5/error_string.c @@ -0,0 +1,95 @@ +/* + * Copyright (c) 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id: error_string.c,v 1.1 2001/05/06 23:07:22 assar Exp $"); + +#undef __attribute__ +#define __attribute__(X) + +void +krb5_free_error_string(krb5_context context, char *str) +{ + if (str != context->error_buf) + free(str); +} + +void +krb5_clear_error_string(krb5_context context) +{ + if (context->error_string != NULL + && context->error_string != context->error_buf) + free(context->error_string); + context->error_string = NULL; +} + +krb5_error_code +krb5_set_error_string(krb5_context context, const char *fmt, ...) + __attribute__((format (printf, 2, 3))) +{ + krb5_error_code ret; + va_list ap; + + va_start(ap, fmt); + ret = krb5_vset_error_string (context, fmt, ap); + va_end(ap); + return ret; +} + +krb5_error_code +krb5_vset_error_string(krb5_context context, const char *fmt, va_list args) + __attribute__ ((format (printf, 2, 0))) +{ + krb5_clear_error_string(context); + vasprintf(&context->error_string, fmt, args); + if(context->error_string == NULL) { + vsnprintf (context->error_buf, sizeof(context->error_buf), fmt, args); + context->error_string = context->error_buf; + } + return 0; +} + +char* +krb5_get_error_string(krb5_context context) +{ + char *ret = context->error_string; + context->error_string = NULL; + return ret; +} + +krb5_boolean +krb5_have_error_string(krb5_context context) +{ + return context->error_string != NULL; +} diff --git a/crypto/heimdal/lib/krb5/expand_hostname.c b/crypto/heimdal/lib/krb5/expand_hostname.c index 72c5718..848c8ab 100644 --- a/crypto/heimdal/lib/krb5/expand_hostname.c +++ b/crypto/heimdal/lib/krb5/expand_hostname.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: expand_hostname.c,v 1.9 2000/02/23 03:12:07 assar Exp $"); +RCSID("$Id: expand_hostname.c,v 1.10 2001/05/14 06:14:46 assar Exp $"); static krb5_error_code copy_hostname(krb5_context context, @@ -41,8 +41,10 @@ copy_hostname(krb5_context context, char **new_hostname) { *new_hostname = strdup (orig_hostname); - if (*new_hostname == NULL) + if (*new_hostname == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } strlwr (*new_hostname); return 0; } @@ -70,10 +72,12 @@ krb5_expand_hostname (krb5_context context, if (a->ai_canonname != NULL) { *new_hostname = strdup (a->ai_canonname); freeaddrinfo (ai); - if (*new_hostname == NULL) + if (*new_hostname == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; - else + } else { return 0; + } } } freeaddrinfo (ai); diff --git a/crypto/heimdal/lib/krb5/fcache.c b/crypto/heimdal/lib/krb5/fcache.c index fbdb3a1..317f702 100644 --- a/crypto/heimdal/lib/krb5/fcache.c +++ b/crypto/heimdal/lib/krb5/fcache.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: fcache.c,v 1.31 2000/12/05 09:15:10 joda Exp $"); +RCSID("$Id: fcache.c,v 1.33 2001/05/14 06:14:46 assar Exp $"); typedef struct krb5_fcache{ char *filename; @@ -70,11 +70,14 @@ fcc_resolve(krb5_context context, krb5_ccache *id, const char *res) { krb5_fcache *f; f = malloc(sizeof(*f)); - if(f == NULL) + if(f == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return KRB5_CC_NOMEM; + } f->filename = strdup(res); if(f->filename == NULL){ free(f); + krb5_set_error_string(context, "malloc: out of memory"); return KRB5_CC_NOMEM; } f->version = 0; @@ -171,18 +174,23 @@ fcc_gen_new(krb5_context context, krb5_ccache *id) krb5_fcache *f; int fd; char *file; + f = malloc(sizeof(*f)); - if(f == NULL) + if(f == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return KRB5_CC_NOMEM; + } asprintf (&file, "%sXXXXXX", KRB5_DEFAULT_CCFILE_ROOT); if(file == NULL) { free(f); + krb5_set_error_string(context, "malloc: out of memory"); return KRB5_CC_NOMEM; } fd = mkstemp(file); if(fd < 0) { free(f); free(file); + krb5_set_error_string(context, "mkstemp %s", file); return errno; } close(fd); @@ -231,8 +239,12 @@ fcc_initialize(krb5_context context, unlink (filename); fd = open(filename, O_RDWR | O_CREAT | O_EXCL | O_BINARY, 0600); - if(fd == -1) - return errno; + if(fd == -1) { + ret = errno; + krb5_set_error_string(context, "open(%s): %s", filename, + strerror(ret)); + return ret; + } { krb5_storage *sp; sp = krb5_storage_from_fd(fd); @@ -259,8 +271,11 @@ fcc_initialize(krb5_context context, krb5_storage_free(sp); } if(close(fd) < 0) - if (ret == 0) + if (ret == 0) { ret = errno; + krb5_set_error_string (context, "close %s: %s", filename, + strerror(ret)); + } return ret; } @@ -298,8 +313,11 @@ fcc_store_cred(krb5_context context, f = FILENAME(id); fd = open(f, O_WRONLY | O_APPEND | O_BINARY); - if(fd < 0) - return errno; + if(fd < 0) { + ret = errno; + krb5_set_error_string (context, "open(%s): %s", f, strerror(ret)); + return ret; + } { krb5_storage *sp; sp = krb5_storage_from_fd(fd); @@ -308,8 +326,10 @@ fcc_store_cred(krb5_context context, krb5_storage_free(sp); } if (close(fd) < 0) - if (ret == 0) + if (ret == 0) { ret = errno; + krb5_set_error_string (context, "close %s: %s", f, strerror(ret)); + } return ret; } @@ -339,12 +359,18 @@ init_fcc (krb5_context context, krb5_error_code ret; fd = open(fcache->filename, O_RDONLY | O_BINARY); - if(fd < 0) - return errno; + if(fd < 0) { + ret = errno; + krb5_set_error_string(context, "open(%s): %s", fcache->filename, + strerror(ret)); + return ret; + } sp = krb5_storage_from_fd(fd); ret = krb5_ret_int8(sp, &pvno); - if(ret == KRB5_CC_END) + if(ret == KRB5_CC_END) { + return ENOENT; + } if(ret) return ret; if(pvno != 5) { diff --git a/crypto/heimdal/lib/krb5/generate_seq_number.c b/crypto/heimdal/lib/krb5/generate_seq_number.c index 3ebe562..795c3f3 100644 --- a/crypto/heimdal/lib/krb5/generate_seq_number.c +++ b/crypto/heimdal/lib/krb5/generate_seq_number.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: generate_seq_number.c,v 1.7 2000/04/08 21:20:45 assar Exp $"); +RCSID("$Id: generate_seq_number.c,v 1.8 2001/05/08 14:05:37 assar Exp $"); krb5_error_code krb5_generate_seq_number(krb5_context context, @@ -57,6 +57,6 @@ krb5_generate_seq_number(krb5_context context, q = (q << 8) | *p; q &= 0xffffffff; *seqno = q; - krb5_free_keyblock_contents (context, subkey); + krb5_free_keyblock (context, subkey); return 0; } diff --git a/crypto/heimdal/lib/krb5/generate_subkey.c b/crypto/heimdal/lib/krb5/generate_subkey.c index a5b2e9e..3fb22f9 100644 --- a/crypto/heimdal/lib/krb5/generate_subkey.c +++ b/crypto/heimdal/lib/krb5/generate_subkey.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: generate_subkey.c,v 1.7 1999/12/02 17:05:09 joda Exp $"); +RCSID("$Id: generate_subkey.c,v 1.8 2001/05/14 06:14:46 assar Exp $"); krb5_error_code krb5_generate_subkey(krb5_context context, @@ -43,8 +43,10 @@ krb5_generate_subkey(krb5_context context, krb5_error_code ret; ALLOC(*subkey, 1); - if (*subkey == NULL) + if (*subkey == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } ret = krb5_generate_random_keyblock(context, key->keytype, *subkey); if(ret) free(*subkey); diff --git a/crypto/heimdal/lib/krb5/get_addrs.c b/crypto/heimdal/lib/krb5/get_addrs.c index 7b9d74c..c05569f 100644 --- a/crypto/heimdal/lib/krb5/get_addrs.c +++ b/crypto/heimdal/lib/krb5/get_addrs.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: get_addrs.c,v 1.40 2000/12/10 20:07:05 assar Exp $"); +RCSID("$Id: get_addrs.c,v 1.41 2001/05/14 06:14:46 assar Exp $"); #ifdef __osf__ /* hate */ @@ -46,30 +46,39 @@ struct mbuf; #include <ifaddrs.h> static krb5_error_code -gethostname_fallback (krb5_addresses *res) +gethostname_fallback (krb5_context context, krb5_addresses *res) { - krb5_error_code err; + krb5_error_code ret; char hostname[MAXHOSTNAMELEN]; struct hostent *hostent; - if (gethostname (hostname, sizeof(hostname))) - return errno; + if (gethostname (hostname, sizeof(hostname))) { + ret = errno; + krb5_set_error_string (context, "gethostname: %s", strerror(ret)); + return ret; + } hostent = roken_gethostbyname (hostname); - if (hostent == NULL) - return errno; + if (hostent == NULL) { + ret = errno; + krb5_set_error_string (context, "gethostbyname %s: %s", + hostname, strerror(ret)); + return ret; + } res->len = 1; res->val = malloc (sizeof(*res->val)); - if (res->val == NULL) + if (res->val == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } res->val[0].addr_type = hostent->h_addrtype; res->val[0].address.data = NULL; res->val[0].address.length = 0; - err = krb5_data_copy (&res->val[0].address, + ret = krb5_data_copy (&res->val[0].address, hostent->h_addr, hostent->h_length); - if (err) { + if (ret) { free (res->val); - return err; + return ret; } return 0; } @@ -96,8 +105,11 @@ find_all_addresses (krb5_context context, krb5_addresses *res, int flags) res->val = NULL; - if (getifaddrs(&ifa0) == -1) - return (errno); + if (getifaddrs(&ifa0) == -1) { + ret = errno; + krb5_set_error_string(context, "getifaddrs: %s", strerror(ret)); + return (ret); + } memset(&sa_zero, 0, sizeof(sa_zero)); @@ -107,6 +119,7 @@ find_all_addresses (krb5_context context, krb5_addresses *res, int flags) if (num == 0) { freeifaddrs(ifa0); + krb5_set_error_string(context, "no addresses found"); return (ENXIO); } @@ -114,6 +127,7 @@ find_all_addresses (krb5_context context, krb5_addresses *res, int flags) res->val = calloc(num, sizeof(*res->val)); if (res->val == NULL) { freeifaddrs(ifa0); + krb5_set_error_string (context, "malloc: out of memory"); return (ENOMEM); } @@ -132,7 +146,7 @@ find_all_addresses (krb5_context context, krb5_addresses *res, int flags) continue; } - ret = krb5_sockaddr2address(ifa->ifa_addr, &res->val[idx]); + ret = krb5_sockaddr2address(context, ifa->ifa_addr, &res->val[idx]); if (ret) { /* * The most likely error here is going to be "Program @@ -159,7 +173,8 @@ find_all_addresses (krb5_context context, krb5_addresses *res, int flags) continue; if ((ifa->ifa_flags & IFF_LOOPBACK) != 0) { - ret = krb5_sockaddr2address(ifa->ifa_addr, &res->val[idx]); + ret = krb5_sockaddr2address(context, + ifa->ifa_addr, &res->val[idx]); if (ret) { /* * See comment above. @@ -187,7 +202,7 @@ get_addrs_int (krb5_context context, krb5_addresses *res, int flags) if (flags & SCAN_INTERFACES) { ret = find_all_addresses (context, res, flags); if(ret || res->len == 0) - ret = gethostname_fallback (res); + ret = gethostname_fallback (context, res); } else ret = 0; diff --git a/crypto/heimdal/lib/krb5/get_cred.c b/crypto/heimdal/lib/krb5/get_cred.c index e649cfe..2af940c 100644 --- a/crypto/heimdal/lib/krb5/get_cred.c +++ b/crypto/heimdal/lib/krb5/get_cred.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: get_cred.c,v 1.82 2001/01/19 04:29:44 assar Exp $"); +RCSID("$Id: get_cred.c,v 1.85 2001/05/14 06:14:46 assar Exp $"); /* * Take the `body' and encode it into `padata' using the credentials @@ -45,7 +45,8 @@ make_pa_tgs_req(krb5_context context, krb5_auth_context ac, KDC_REQ_BODY *body, PA_DATA *padata, - krb5_creds *creds) + krb5_creds *creds, + krb5_key_usage usage) { u_char *buf; size_t buf_size; @@ -55,8 +56,10 @@ make_pa_tgs_req(krb5_context context, buf_size = 1024; buf = malloc (buf_size); - if (buf == NULL) + if (buf == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } do { ret = encode_KDC_REQ_BODY(buf + buf_size - 1, buf_size, @@ -68,6 +71,7 @@ make_pa_tgs_req(krb5_context context, buf_size *= 2; tmp = realloc (buf, buf_size); if (tmp == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; goto out; } @@ -83,7 +87,8 @@ make_pa_tgs_req(krb5_context context, ret = krb5_mk_req_internal(context, &ac, 0, &in_data, creds, &padata->padata_value, KRB5_KU_TGS_REQ_AUTH_CKSUM, - KRB5_KU_TGS_REQ_AUTH); + usage + /* KRB5_KU_TGS_REQ_AUTH */); out: free (buf); if(ret) @@ -110,8 +115,10 @@ set_auth_data (krb5_context context, len = length_AuthorizationData(authdata); buf = malloc(len); - if (buf == NULL) + if (buf == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } ret = encode_AuthorizationData(buf + len - 1, len, authdata, &len); if (ret) { @@ -122,7 +129,8 @@ set_auth_data (krb5_context context, ALLOC(req_body->enc_authorization_data, 1); if (req_body->enc_authorization_data == NULL) { free (buf); - return ret; + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; } ret = krb5_crypto_init(context, key, 0, &crypto); if (ret) { @@ -162,7 +170,8 @@ init_tgs_req (krb5_context context, krb5_creds *krbtgt, unsigned nonce, krb5_keyblock **subkey, - TGS_REQ *t) + TGS_REQ *t, + krb5_key_usage usage) { krb5_error_code ret; @@ -190,6 +199,7 @@ init_tgs_req (krb5_context context, ALLOC(t->req_body.sname, 1); if (t->req_body.sname == NULL) { ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); goto fail; } @@ -205,6 +215,7 @@ init_tgs_req (krb5_context context, ALLOC(t->req_body.till, 1); if(t->req_body.till == NULL){ ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); goto fail; } *t->req_body.till = in_creds->times.endtime; @@ -214,11 +225,13 @@ init_tgs_req (krb5_context context, ALLOC(t->req_body.additional_tickets, 1); if (t->req_body.additional_tickets == NULL) { ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); goto fail; } ALLOC_SEQ(t->req_body.additional_tickets, 1); if (t->req_body.additional_tickets->val == NULL) { ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); goto fail; } ret = copy_Ticket(second_ticket, t->req_body.additional_tickets->val); @@ -228,11 +241,13 @@ init_tgs_req (krb5_context context, ALLOC(t->padata, 1); if (t->padata == NULL) { ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); goto fail; } ALLOC_SEQ(t->padata, 1); if (t->padata->val == NULL) { ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); goto fail; } @@ -266,7 +281,8 @@ init_tgs_req (krb5_context context, ac, &t->req_body, t->padata->val, - krbtgt); + krbtgt, + usage); if(ret) { krb5_free_keyblock (context, key); krb5_auth_con_free(context, ac); @@ -366,13 +382,14 @@ decrypt_tkt_with_subkey (krb5_context context, } static krb5_error_code -get_cred_kdc(krb5_context context, - krb5_ccache id, - krb5_kdc_flags flags, - krb5_addresses *addresses, - krb5_creds *in_creds, - krb5_creds *krbtgt, - krb5_creds *out_creds) +get_cred_kdc_usage(krb5_context context, + krb5_ccache id, + krb5_kdc_flags flags, + krb5_addresses *addresses, + krb5_creds *in_creds, + krb5_creds *krbtgt, + krb5_creds *out_creds, + krb5_key_usage usage) { TGS_REQ req; krb5_data enc; @@ -407,7 +424,8 @@ get_cred_kdc(krb5_context context, krbtgt, nonce, &subkey, - &req); + &req, + usage); if(flags.b.enc_tkt_in_skey) free_Ticket(&second_ticket); if (ret) @@ -416,6 +434,7 @@ get_cred_kdc(krb5_context context, buf_size = 1024; buf = malloc (buf_size); if (buf == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; goto out; } @@ -430,6 +449,7 @@ get_cred_kdc(krb5_context context, buf_size *= 2; tmp = realloc (buf, buf_size); if (tmp == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; goto out; } @@ -487,13 +507,16 @@ get_cred_kdc(krb5_context context, krb5_free_kdc_rep(context, &rep); if (ret) goto out; - }else if(krb5_rd_error(context, &resp, &error) == 0){ - ret = error.error_code; - free_KRB_ERROR(&error); - }else if(resp.data && ((char*)resp.data)[0] == 4) + } else if(krb5_rd_error(context, &resp, &error) == 0) { + ret = krb5_error_from_rd_error(context, &error, in_creds); + krb5_free_error_contents(context, &error); + } else if(resp.data && ((char*)resp.data)[0] == 4) { ret = KRB5KRB_AP_ERR_V4_REPLY; - else + krb5_clear_error_string(context); + } else { ret = KRB5KRB_AP_ERR_MSG_TYPE; + krb5_clear_error_string(context); + } krb5_data_free(&resp); out: if(subkey){ @@ -506,6 +529,27 @@ out: } +static krb5_error_code +get_cred_kdc(krb5_context context, + krb5_ccache id, + krb5_kdc_flags flags, + krb5_addresses *addresses, + krb5_creds *in_creds, + krb5_creds *krbtgt, + krb5_creds *out_creds) +{ + krb5_error_code ret; + + ret = get_cred_kdc_usage(context, id, flags, addresses, in_creds, + krbtgt, out_creds, KRB5_KU_TGS_REQ_AUTH); + if (ret == KRB5KRB_AP_ERR_BAD_INTEGRITY) { + krb5_clear_error_string (context); + ret = get_cred_kdc_usage(context, id, flags, addresses, in_creds, + krbtgt, out_creds, KRB5_KU_AP_REQ_AUTH); + } + return ret; +} + /* same as above, just get local addresses first */ static krb5_error_code @@ -535,9 +579,12 @@ krb5_get_kdc_cred(krb5_context context, { krb5_error_code ret; krb5_creds *krbtgt; + *out_creds = calloc(1, sizeof(**out_creds)); - if(*out_creds == NULL) + if(*out_creds == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } ret = get_krbtgt (context, id, in_creds->server->realm, @@ -577,6 +624,7 @@ find_cred(krb5_context context, } tgts++; } + krb5_clear_error_string(context); return KRB5_CC_NOTFOUND; } @@ -586,10 +634,13 @@ add_cred(krb5_context context, krb5_creds ***tgts, krb5_creds *tkt) int i; krb5_error_code ret; krb5_creds **tmp = *tgts; + for(i = 0; tmp && tmp[i]; i++); /* XXX */ tmp = realloc(tmp, (i+2)*sizeof(*tmp)); - if(tmp == NULL) + if(tmp == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } *tgts = tmp; ret = krb5_copy_creds(context, tkt, &tmp[i]); tmp[i+1] = NULL; @@ -654,9 +705,10 @@ get_cred_from_kdc_flags(krb5_context context, *ret_tgts, &tgts); if(ret == 0){ *out_creds = calloc(1, sizeof(**out_creds)); - if(*out_creds == NULL) + if(*out_creds == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; - else { + } else { ret = get_cred_kdc_la(context, ccache, flags, in_creds, &tgts, *out_creds); if (ret) { @@ -670,8 +722,10 @@ get_cred_from_kdc_flags(krb5_context context, return ret; } } - if(krb5_realm_compare(context, in_creds->client, in_creds->server)) + if(krb5_realm_compare(context, in_creds->client, in_creds->server)) { + krb5_clear_error_string (context); return KRB5_CC_NOTFOUND; + } /* XXX this can loop forever */ while(1){ general_string tgt_inst; @@ -711,9 +765,10 @@ get_cred_from_kdc_flags(krb5_context context, krb5_free_principal(context, tmp_creds.server); krb5_free_principal(context, tmp_creds.client); *out_creds = calloc(1, sizeof(**out_creds)); - if(*out_creds == NULL) + if(*out_creds == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; - else { + } else { ret = get_cred_kdc_la(context, ccache, flags, in_creds, tgt, *out_creds); if (ret) { @@ -726,16 +781,28 @@ get_cred_from_kdc_flags(krb5_context context, } krb5_error_code +krb5_get_cred_from_kdc_opt(krb5_context context, + krb5_ccache ccache, + krb5_creds *in_creds, + krb5_creds **out_creds, + krb5_creds ***ret_tgts, + krb5_flags flags) +{ + krb5_kdc_flags f; + f.i = flags; + return get_cred_from_kdc_flags(context, f, ccache, + in_creds, out_creds, ret_tgts); +} + +krb5_error_code krb5_get_cred_from_kdc(krb5_context context, krb5_ccache ccache, krb5_creds *in_creds, krb5_creds **out_creds, krb5_creds ***ret_tgts) { - krb5_kdc_flags f; - f.i = 0; - return get_cred_from_kdc_flags(context, f, ccache, - in_creds, out_creds, ret_tgts); + return krb5_get_cred_from_kdc_opt(context, ccache, + in_creds, out_creds, ret_tgts, 0); } @@ -754,8 +821,10 @@ krb5_get_credentials_with_flags(krb5_context context, *out_creds = NULL; res_creds = calloc(1, sizeof(*res_creds)); - if (res_creds == NULL) + if (res_creds == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } ret = krb5_cc_retrieve_cred(context, ccache, @@ -769,8 +838,10 @@ krb5_get_credentials_with_flags(krb5_context context, free(res_creds); if(ret != KRB5_CC_END) return ret; - if(options & KRB5_GC_CACHED) + if(options & KRB5_GC_CACHED) { + krb5_clear_error_string (context); return KRB5_CC_NOTFOUND; + } if(options & KRB5_GC_USER_USER) flags.b.enc_tkt_in_skey = 1; tgts = NULL; diff --git a/crypto/heimdal/lib/krb5/get_default_principal.c b/crypto/heimdal/lib/krb5/get_default_principal.c index 84d7a5e..f8ed48f 100644 --- a/crypto/heimdal/lib/krb5/get_default_principal.c +++ b/crypto/heimdal/lib/krb5/get_default_principal.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,12 +33,23 @@ #include "krb5_locl.h" -RCSID("$Id: get_default_principal.c,v 1.5 1999/12/02 17:05:09 joda Exp $"); +RCSID("$Id: get_default_principal.c,v 1.7 2001/05/14 06:14:46 assar Exp $"); /* * Try to find out what's a reasonable default principal. */ +static const char* +get_env_user(void) +{ + const char *user = getenv("USER"); + if(user == NULL) + user = getenv("LOGNAME"); + if(user == NULL) + user = getenv("USERNAME"); + return user; +} + krb5_error_code krb5_get_default_principal (krb5_context context, krb5_principal *princ) @@ -46,6 +57,7 @@ krb5_get_default_principal (krb5_context context, krb5_error_code ret; krb5_ccache id; const char *user; + uid_t uid; ret = krb5_cc_default (context, &id); if (ret == 0) { @@ -55,13 +67,32 @@ krb5_get_default_principal (krb5_context context, return 0; } - user = get_default_username (); - if (user == NULL) - return ENOTTY; - if (getuid () == 0) { - ret = krb5_make_principal(context, princ, NULL, user, "root", NULL); + + uid = getuid(); + if(uid == 0) { + user = getlogin(); + if(user == NULL) + user = get_env_user(); + if(user != NULL && strcmp(user, "root") != 0) + ret = krb5_make_principal(context, princ, NULL, user, "root", NULL); + else + ret = krb5_make_principal(context, princ, NULL, "root", NULL); } else { + struct passwd *pw = getpwuid(uid); + if(pw != NULL) + user = pw->pw_name; + else { + user = get_env_user(); + if(user == NULL) + user = getlogin(); + } + if(user == NULL) { + krb5_set_error_string(context, + "unable to figure out current principal"); + return ENOTTY; /* XXX */ + } ret = krb5_make_principal(context, princ, NULL, user, NULL); } + return ret; } diff --git a/crypto/heimdal/lib/krb5/get_default_realm.c b/crypto/heimdal/lib/krb5/get_default_realm.c index 3f9b901..c090cea 100644 --- a/crypto/heimdal/lib/krb5/get_default_realm.c +++ b/crypto/heimdal/lib/krb5/get_default_realm.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: get_default_realm.c,v 1.8 1999/12/02 17:05:09 joda Exp $"); +RCSID("$Id: get_default_realm.c,v 1.9 2001/05/14 06:14:47 assar Exp $"); /* * Return a NULL-terminated list of default realms in `realms'. @@ -73,8 +73,10 @@ krb5_get_default_realm(krb5_context context, } res = strdup (context->default_realms[0]); - if (res == NULL) + if (res == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } *realm = res; return 0; } diff --git a/crypto/heimdal/lib/krb5/get_for_creds.c b/crypto/heimdal/lib/krb5/get_for_creds.c index 103b757..febd061 100644 --- a/crypto/heimdal/lib/krb5/get_for_creds.c +++ b/crypto/heimdal/lib/krb5/get_for_creds.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: get_for_creds.c,v 1.27 2000/08/18 06:47:40 assar Exp $"); +RCSID("$Id: get_for_creds.c,v 1.29 2001/05/14 22:49:55 assar Exp $"); static krb5_error_code add_addrs(krb5_context context, @@ -53,6 +53,7 @@ add_addrs(krb5_context context, addr->len += n; tmp = realloc(addr->val, addr->len * sizeof(*addr->val)); if (tmp == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; goto fail; } @@ -62,10 +63,12 @@ add_addrs(krb5_context context, krb5_data_zero(&addr->val[i].address); } for (a = ai; a != NULL; a = a->ai_next) { - ret = krb5_sockaddr2address (a->ai_addr, &addr->val[i]); + ret = krb5_sockaddr2address (context, a->ai_addr, &addr->val[i]); if (ret == 0) ++i; - else if (ret != KRB5_PROG_ATYPE_NOSUPP) + else if (ret == KRB5_PROG_ATYPE_NOSUPP) + krb5_clear_error_string (context); + else goto fail; } addr->len = i; @@ -138,13 +141,18 @@ krb5_get_forwarded_creds (krb5_context context, krb5_kdc_flags kdc_flags; krb5_crypto crypto; struct addrinfo *ai; + int save_errno; addrs.len = 0; addrs.val = NULL; ret = getaddrinfo (hostname, NULL, NULL, &ai); - if (ret) - return krb5_eai_to_heim_errno(ret); + if (ret) { + save_errno = errno; + krb5_set_error_string(context, "resolving %s: %s", + hostname, gai_strerror(ret)); + return krb5_eai_to_heim_errno(ret, save_errno); + } ret = add_addrs (context, &addrs, ai); freeaddrinfo (ai); @@ -171,6 +179,7 @@ krb5_get_forwarded_creds (krb5_context context, ALLOC_SEQ(&cred.tickets, 1); if (cred.tickets.val == NULL) { ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); goto out2; } ret = decode_Ticket(out_creds->ticket.data, @@ -183,6 +192,7 @@ krb5_get_forwarded_creds (krb5_context context, ALLOC_SEQ(&enc_krb_cred_part.ticket_info, 1); if (enc_krb_cred_part.ticket_info.val == NULL) { ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); goto out4; } @@ -191,18 +201,21 @@ krb5_get_forwarded_creds (krb5_context context, ALLOC(enc_krb_cred_part.timestamp, 1); if (enc_krb_cred_part.timestamp == NULL) { ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); goto out4; } *enc_krb_cred_part.timestamp = sec; ALLOC(enc_krb_cred_part.usec, 1); if (enc_krb_cred_part.usec == NULL) { ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); goto out4; } *enc_krb_cred_part.usec = usec; if (auth_context->local_address && auth_context->local_port) { - ret = krb5_make_addrport (&enc_krb_cred_part.s_address, + ret = krb5_make_addrport (context, + &enc_krb_cred_part.s_address, auth_context->local_address, auth_context->local_port); if (ret) @@ -213,6 +226,7 @@ krb5_get_forwarded_creds (krb5_context context, ALLOC(enc_krb_cred_part.r_address, 1); if (enc_krb_cred_part.r_address == NULL) { ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); goto out4; } @@ -288,8 +302,10 @@ krb5_get_forwarded_creds (krb5_context context, return ret; out_data->length = len; out_data->data = malloc(len); - if (out_data->data == NULL) + if (out_data->data == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } memcpy (out_data->data, buf + sizeof(buf) - len, len); return 0; out4: diff --git a/crypto/heimdal/lib/krb5/get_host_realm.c b/crypto/heimdal/lib/krb5/get_host_realm.c index e8522cb..266072e 100644 --- a/crypto/heimdal/lib/krb5/get_host_realm.c +++ b/crypto/heimdal/lib/krb5/get_host_realm.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include <resolve.h> -RCSID("$Id: get_host_realm.c,v 1.25 1999/12/11 23:14:07 assar Exp $"); +RCSID("$Id: get_host_realm.c,v 1.28 2001/05/14 06:14:47 assar Exp $"); /* To automagically find the correct realm of a host (without * [domain_realm] in krb5.conf) add a text record for your domain with @@ -142,6 +142,7 @@ config_find_realm(krb5_context context, krb5_error_code krb5_get_host_realm_int (krb5_context context, const char *host, + krb5_boolean use_dns, krb5_realm **realms) { const char *p; @@ -149,27 +150,33 @@ krb5_get_host_realm_int (krb5_context context, for (p = host; p != NULL; p = strchr (p + 1, '.')) { if(config_find_realm(context, p, realms) == 0) return 0; - else if(dns_find_realm(context, p, "krb5-realm", realms) == 0) - return 0; - else if(dns_find_realm(context, p, "_kerberos", realms) == 0) - return 0; + else if(use_dns) { + if(dns_find_realm(context, p, "krb5-realm", realms) == 0) + return 0; + if(dns_find_realm(context, p, "_kerberos", realms) == 0) + return 0; + } } p = strchr(host, '.'); if(p != NULL) { p++; *realms = malloc(2 * sizeof(krb5_realm)); - if (*realms == NULL) + if (*realms == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } (*realms)[0] = strdup(p); if((*realms)[0] == NULL) { free(*realms); + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; } strupr((*realms)[0]); (*realms)[1] = NULL; return 0; } + krb5_set_error_string(context, "unable to find realm of host %s", host); return KRB5_ERR_HOST_REALM_UNKNOWN; } @@ -190,5 +197,5 @@ krb5_get_host_realm(krb5_context context, host = hostname; } - return krb5_get_host_realm_int (context, host, realms); + return krb5_get_host_realm_int (context, host, 1, realms); } diff --git a/crypto/heimdal/lib/krb5/get_in_tkt.c b/crypto/heimdal/lib/krb5/get_in_tkt.c index 84afe5e..bb023b1 100644 --- a/crypto/heimdal/lib/krb5/get_in_tkt.c +++ b/crypto/heimdal/lib/krb5/get_in_tkt.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: get_in_tkt.c,v 1.97 2000/08/18 06:47:54 assar Exp $"); +RCSID("$Id: get_in_tkt.c,v 1.100 2001/05/14 06:14:48 assar Exp $"); krb5_error_code krb5_init_etype (krb5_context context, @@ -61,6 +61,7 @@ krb5_init_etype (krb5_context context, *val = malloc(i * sizeof(int)); if (i != 0 && *val == NULL) { ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); goto cleanup; } memmove (*val, @@ -148,6 +149,7 @@ _krb5_extract_ticket(krb5_context context, tmp = krb5_principal_compare (context, tmp_principal, creds->client); if (!tmp) { krb5_free_principal (context, tmp_principal); + krb5_clear_error_string (context); ret = KRB5KRB_AP_ERR_MODIFIED; goto out; } @@ -163,6 +165,7 @@ _krb5_extract_ticket(krb5_context context, len = length_Ticket(&rep->kdc_rep.ticket); buf = malloc(len); if(buf == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; goto out; } @@ -189,6 +192,7 @@ _krb5_extract_ticket(krb5_context context, krb5_free_principal (context, tmp_principal); if (!tmp) { ret = KRB5KRB_AP_ERR_MODIFIED; + krb5_clear_error_string (context); goto out; } } @@ -213,6 +217,7 @@ _krb5_extract_ticket(krb5_context context, if (nonce != rep->enc_part.nonce) { ret = KRB5KRB_AP_ERR_MODIFIED; + krb5_set_error_string(context, "malloc: out of memory"); goto out; } @@ -238,11 +243,16 @@ _krb5_extract_ticket(krb5_context context, if (creds->times.starttime == 0 && abs(tmp_time - sec_now) > context->max_skew) { ret = KRB5KRB_AP_ERR_SKEW; + krb5_set_error_string (context, + "time skew (%d) larger than max (%d)", + abs(tmp_time - sec_now), + (int)context->max_skew); goto out; } if (creds->times.starttime != 0 && tmp_time != creds->times.starttime) { + krb5_clear_error_string (context); ret = KRB5KRB_AP_ERR_MODIFIED; goto out; } @@ -256,6 +266,7 @@ _krb5_extract_ticket(krb5_context context, if (creds->times.renew_till != 0 && tmp_time > creds->times.renew_till) { + krb5_clear_error_string (context); ret = KRB5KRB_AP_ERR_MODIFIED; goto out; } @@ -266,6 +277,7 @@ _krb5_extract_ticket(krb5_context context, if (creds->times.endtime != 0 && rep->enc_part.endtime > creds->times.endtime) { + krb5_clear_error_string (context); ret = KRB5KRB_AP_ERR_MODIFIED; goto out; } @@ -380,8 +392,10 @@ add_padata(krb5_context context, netypes++; } pa2 = realloc (md->val, (md->len + netypes) * sizeof(*md->val)); - if (pa2 == NULL) + if (pa2 == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } md->val = pa2; for (i = 0; i < netypes; ++i) { @@ -426,11 +440,13 @@ init_as_req (krb5_context context, a->req_body.cname = malloc(sizeof(*a->req_body.cname)); if (a->req_body.cname == NULL) { ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); goto fail; } a->req_body.sname = malloc(sizeof(*a->req_body.sname)); if (a->req_body.sname == NULL) { ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); goto fail; } ret = krb5_principal2principalname (a->req_body.cname, creds->client); @@ -447,6 +463,7 @@ init_as_req (krb5_context context, a->req_body.from = malloc(sizeof(*a->req_body.from)); if (a->req_body.from == NULL) { ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); goto fail; } *a->req_body.from = creds->times.starttime; @@ -459,6 +476,7 @@ init_as_req (krb5_context context, a->req_body.rtime = malloc(sizeof(*a->req_body.rtime)); if (a->req_body.rtime == NULL) { ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); goto fail; } *a->req_body.rtime = creds->times.renew_till; @@ -481,6 +499,7 @@ init_as_req (krb5_context context, a->req_body.addresses = malloc(sizeof(*a->req_body.addresses)); if (a->req_body.addresses == NULL) { ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); goto fail; } @@ -500,6 +519,7 @@ init_as_req (krb5_context context, ALLOC(a->padata, 1); if(a->padata == NULL) { ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); goto fail; } for(i = 0; i < preauth->len; i++) { @@ -511,6 +531,7 @@ init_as_req (krb5_context context, sizeof(*a->padata->val)); if(tmp == NULL) { ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); goto fail; } a->padata->val = tmp; @@ -542,6 +563,7 @@ init_as_req (krb5_context context, ALLOC(a->padata, 1); if (a->padata == NULL) { ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); goto fail; } a->padata->len = 0; @@ -559,6 +581,8 @@ init_as_req (krb5_context context, key_proc, keyseed, a->req_body.etype.val, a->req_body.etype.len, &salt); } else { + krb5_set_error_string (context, "pre-auth type %d not supported", + *ptypes); ret = KRB5_PREAUTH_BAD_TYPE; goto fail; } @@ -690,7 +714,7 @@ krb5_get_in_cred(krb5_context context, ret = KRB5KRB_AP_ERR_V4_REPLY; krb5_data_free(&resp); if (ret2 == 0) { - ret = error.error_code; + ret = krb5_error_from_rd_error(context, &error, creds); /* if no preauth was set and KDC requires it, give it one more try */ if (!ptypes && !preauth @@ -701,7 +725,7 @@ krb5_get_in_cred(krb5_context context, && set_ptypes(context, &error, &ptypes, &my_preauth)) { done = 0; preauth = my_preauth; - free_KRB_ERROR(&error); + krb5_free_error_contents(context, &error); continue; } if(ret_as_reply) diff --git a/crypto/heimdal/lib/krb5/get_in_tkt_pw.c b/crypto/heimdal/lib/krb5/get_in_tkt_pw.c index 4fb8800..a4f5c80 100644 --- a/crypto/heimdal/lib/krb5/get_in_tkt_pw.c +++ b/crypto/heimdal/lib/krb5/get_in_tkt_pw.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: get_in_tkt_pw.c,v 1.15 1999/12/02 17:05:10 joda Exp $"); +RCSID("$Id: get_in_tkt_pw.c,v 1.16 2001/05/14 06:14:48 assar Exp $"); krb5_error_code krb5_password_key_proc (krb5_context context, @@ -47,11 +47,14 @@ krb5_password_key_proc (krb5_context context, char buf[BUFSIZ]; *key = malloc (sizeof (**key)); - if (*key == NULL) + if (*key == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } if (password == NULL) { if(des_read_pw_string (buf, sizeof(buf), "Password: ", 0)) { free (*key); + krb5_clear_error_string(context); return KRB5_LIBOS_PWDINTR; } password = buf; diff --git a/crypto/heimdal/lib/krb5/get_in_tkt_with_keytab.c b/crypto/heimdal/lib/krb5/get_in_tkt_with_keytab.c index d78ef35..c5feee4 100644 --- a/crypto/heimdal/lib/krb5/get_in_tkt_with_keytab.c +++ b/crypto/heimdal/lib/krb5/get_in_tkt_with_keytab.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: get_in_tkt_with_keytab.c,v 1.5 1999/12/02 17:05:10 joda Exp $"); +RCSID("$Id: get_in_tkt_with_keytab.c,v 1.6 2001/05/14 06:14:48 assar Exp $"); krb5_error_code krb5_keytab_key_proc (krb5_context context, @@ -82,8 +82,10 @@ krb5_get_in_tkt_with_keytab (krb5_context context, krb5_keytab_key_proc_args *a; a = malloc(sizeof(*a)); - if (a == NULL) + if (a == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } a->principal = creds->client; a->keytab = keytab; diff --git a/crypto/heimdal/lib/krb5/init_creds_pw.c b/crypto/heimdal/lib/krb5/init_creds_pw.c index 8881d13..daa704f 100644 --- a/crypto/heimdal/lib/krb5/init_creds_pw.c +++ b/crypto/heimdal/lib/krb5/init_creds_pw.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: init_creds_pw.c,v 1.44 2000/07/24 03:46:40 assar Exp $"); +RCSID("$Id: init_creds_pw.c,v 1.47 2001/05/14 06:14:48 assar Exp $"); static int get_config_time (krb5_context context, @@ -175,13 +175,13 @@ print_expire (krb5_context context, 7 * 24 * 60 * 60); for (i = 0; i < lr->len; ++i) { - if (lr->val[i].lr_type == 6 + if (abs(lr->val[i].lr_type) == LR_PW_EXPTIME && lr->val[i].lr_value <= t) { char *p; time_t tmp = lr->val[i].lr_value; asprintf (&p, "Your password will expire at %s", ctime(&tmp)); - (*prompter) (context, data, p, 0, NULL); + (*prompter) (context, data, NULL, p, 0, NULL); free (p); return; } @@ -193,7 +193,7 @@ print_expire (krb5_context context, time_t t = *rep->enc_part.key_expiration; asprintf (&p, "Your password/account will expire at %s", ctime(&t)); - (*prompter) (context, data, p, 0, NULL); + (*prompter) (context, data, NULL, p, 0, NULL); free (p); } } @@ -213,6 +213,12 @@ get_init_creds_common(krb5_context context, { krb5_error_code ret; krb5_realm *client_realm; + krb5_get_init_creds_opt default_opt; + + if (options == NULL) { + krb5_get_init_creds_opt_init (&default_opt); + options = &default_opt; + } ret = init_cred (context, cred, client, start_time, in_tkt_service, options); @@ -246,8 +252,10 @@ get_init_creds_common(krb5_context context, if (options->flags & KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST) { *etypes = malloc((options->etype_list_length + 1) * sizeof(krb5_enctype)); - if (*etypes == NULL) + if (*etypes == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } memcpy (*etypes, options->etype_list, options->etype_list_length * sizeof(krb5_enctype)); (*etypes)[options->etype_list_length] = ETYPE_NULL; @@ -255,8 +263,10 @@ get_init_creds_common(krb5_context context, if (options->flags & KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST) { *pre_auth_types = malloc((options->preauth_list_length + 1) * sizeof(krb5_preauthtype)); - if (*pre_auth_types == NULL) + if (*pre_auth_types == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } memcpy (*pre_auth_types, options->preauth_list, options->preauth_list_length * sizeof(krb5_preauthtype)); (*pre_auth_types)[options->preauth_list_length] = KRB5_PADATA_NONE; @@ -278,7 +288,7 @@ change_password (krb5_context context, void *data, krb5_get_init_creds_opt *old_options) { - krb5_prompt prompt; + krb5_prompt prompts[2]; krb5_error_code ret; krb5_creds cpw_cred; char buf1[BUFSIZ], buf2[BUFSIZ]; @@ -319,27 +329,31 @@ change_password (krb5_context context, password_data.data = buf1; password_data.length = sizeof(buf1); - prompt.hidden = 1; - prompt.prompt = "New password: "; - prompt.reply = &password_data; - - ret = (*prompter) (context, data, "Changing password", 1, &prompt); - if (ret) - goto out; + prompts[0].hidden = 1; + prompts[0].prompt = "New password: "; + prompts[0].reply = &password_data; + prompts[0].type = KRB5_PROMPT_TYPE_NEW_PASSWORD; password_data.data = buf2; password_data.length = sizeof(buf2); - prompt.hidden = 1; - prompt.prompt = "Repeat new password: "; - prompt.reply = &password_data; + prompts[1].hidden = 1; + prompts[1].prompt = "Repeat new password: "; + prompts[1].reply = &password_data; + prompts[1].type = KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN; - ret = (*prompter) (context, data, "Changing password", 1, &prompt); - if (ret) + ret = (*prompter) (context, data, NULL, "Changing password", + 2, prompts); + if (ret) { + memset (buf1, 0, sizeof(buf1)); + memset (buf2, 0, sizeof(buf2)); goto out; + } if (strcmp (buf1, buf2) == 0) break; + memset (buf1, 0, sizeof(buf1)); + memset (buf2, 0, sizeof(buf2)); } ret = krb5_change_password (context, @@ -355,13 +369,15 @@ change_password (krb5_context context, (int)result_string.length, (char*)result_string.data); - ret = (*prompter) (context, data, p, 0, NULL); + ret = (*prompter) (context, data, NULL, p, 0, NULL); free (p); if (result_code == 0) { strlcpy (newpw, buf1, newpw_sz); ret = 0; - } else + } else { + krb5_set_error_string (context, "failed changing password"); ret = ENOTTY; + } out: memset (buf1, 0, sizeof(buf1)); @@ -412,12 +428,14 @@ krb5_get_init_creds_password(krb5_context context, password_data.length = sizeof(buf); prompt.hidden = 1; prompt.reply = &password_data; + prompt.type = KRB5_PROMPT_TYPE_PASSWORD; - ret = (*prompter) (context, data, NULL, 1, &prompt); + ret = (*prompter) (context, data, NULL, NULL, 1, &prompt); free (prompt.prompt); if (ret) { memset (buf, 0, sizeof(buf)); ret = KRB5_LIBOS_PWDINTR; + krb5_clear_error_string (context); goto out; } password = password_data.data; @@ -445,6 +463,8 @@ krb5_get_init_creds_password(krb5_context context, case KRB5KDC_ERR_KEY_EXPIRED : /* try to avoid recursion */ + krb5_clear_error_string (context); + if (in_tkt_service != NULL && strcmp (in_tkt_service, "kadmin/changepw") == 0) goto out; @@ -522,6 +542,7 @@ krb5_get_init_creds_keytab(krb5_context context, a = malloc (sizeof(*a)); if (a == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; goto out; } diff --git a/crypto/heimdal/lib/krb5/kerberos.8 b/crypto/heimdal/lib/krb5/kerberos.8 index ac9d3d5..10f2dab 100644 --- a/crypto/heimdal/lib/krb5/kerberos.8 +++ b/crypto/heimdal/lib/krb5/kerberos.8 @@ -1,4 +1,4 @@ -.\" $Id: kerberos.8,v 1.1 2000/09/01 15:52:24 joda Exp $ +.\" $Id: kerberos.8,v 1.2 2001/05/02 08:59:23 assar Exp $ .\" .Dd September 1, 2000 .Dt KERBEROS 8 diff --git a/crypto/heimdal/lib/krb5/keyblock.c b/crypto/heimdal/lib/krb5/keyblock.c index 124d9bc..7eb7067 100644 --- a/crypto/heimdal/lib/krb5/keyblock.c +++ b/crypto/heimdal/lib/krb5/keyblock.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keyblock.c,v 1.11 2000/03/23 03:38:25 assar Exp $"); +RCSID("$Id: keyblock.c,v 1.12 2001/05/14 06:14:48 assar Exp $"); void krb5_free_keyblock_contents(krb5_context context, @@ -72,8 +72,10 @@ krb5_copy_keyblock (krb5_context context, krb5_keyblock *k; k = malloc (sizeof(*k)); - if (k == NULL) + if (k == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } *to = k; return krb5_copy_keyblock_contents (context, inblock, k); } diff --git a/crypto/heimdal/lib/krb5/keytab.c b/crypto/heimdal/lib/krb5/keytab.c index 36ef2f5..bde443a 100644 --- a/crypto/heimdal/lib/krb5/keytab.c +++ b/crypto/heimdal/lib/krb5/keytab.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab.c,v 1.46 2000/02/07 03:18:05 assar Exp $"); +RCSID("$Id: keytab.c,v 1.50 2001/05/14 06:14:48 assar Exp $"); /* * Register a new keytab in `ops' @@ -48,8 +48,10 @@ krb5_kt_register(krb5_context context, tmp = realloc(context->kt_types, (context->num_kt_types + 1) * sizeof(*context->kt_types)); - if(tmp == NULL) + if(tmp == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } memcpy(&tmp[context->num_kt_types], ops, sizeof(tmp[context->num_kt_types])); context->kt_types = tmp; @@ -89,12 +91,17 @@ krb5_kt_resolve(krb5_context context, if(strncmp(type, context->kt_types[i].prefix, type_len) == 0) break; } - if(i == context->num_kt_types) + if(i == context->num_kt_types) { + krb5_set_error_string(context, "unknown keytab type %.*s", + (int)type_len, type); return KRB5_KT_UNKNOWN_TYPE; + } k = malloc (sizeof(*k)); - if (k == NULL) + if (k == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } memcpy(k, &context->kt_types[i], sizeof(*k)); k->data = NULL; ret = (*k->resolve)(context, residual, k); @@ -114,8 +121,25 @@ krb5_kt_resolve(krb5_context context, krb5_error_code krb5_kt_default_name(krb5_context context, char *name, size_t namesize) { - if (strlcpy (name, context->default_keytab, namesize) >= namesize) + if (strlcpy (name, context->default_keytab, namesize) >= namesize) { + krb5_clear_error_string (context); return KRB5_CONFIG_NOTENUFSPACE; + } + return 0; +} + +/* + * copy the name of the default modify keytab into `name'. + * Return 0 or KRB5_CONFIG_NOTENUFSPACE if `namesize' is too short. + */ + +krb5_error_code +krb5_kt_default_modify_name(krb5_context context, char *name, size_t namesize) +{ + if (strlcpy (name, context->default_keytab_modify, namesize) >= namesize) { + krb5_clear_error_string (context); + return KRB5_CONFIG_NOTENUFSPACE; + } return 0; } @@ -261,10 +285,19 @@ krb5_kt_get_entry(krb5_context context, krb5_kt_free_entry(context, &tmp); } krb5_kt_end_seq_get (context, id, &cursor); - if (entry->vno) + if (entry->vno) { return 0; - else + } else { + char princ[256], kt_name[256]; + + krb5_unparse_name_fixed (context, principal, princ, sizeof(princ)); + krb5_kt_get_name (context, id, kt_name, sizeof(kt_name)); + + krb5_set_error_string (context, + "failed to find %s in keytab %s", + princ, kt_name); return KRB5_KT_NOTFOUND; + } } /* @@ -339,8 +372,12 @@ krb5_kt_start_seq_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cursor) { - if(id->start_seq_get == NULL) + if(id->start_seq_get == NULL) { + krb5_set_error_string(context, + "start_seq_get is not supported in the %s " + " keytab", id->prefix); return HEIM_ERR_OPNOTSUPP; + } return (*id->start_seq_get)(context, id, cursor); } @@ -356,8 +393,12 @@ krb5_kt_next_entry(krb5_context context, krb5_keytab_entry *entry, krb5_kt_cursor *cursor) { - if(id->next_entry == NULL) + if(id->next_entry == NULL) { + krb5_set_error_string(context, + "next_entry is not supported in the %s " + " keytab", id->prefix); return HEIM_ERR_OPNOTSUPP; + } return (*id->next_entry)(context, id, entry, cursor); } @@ -370,8 +411,12 @@ krb5_kt_end_seq_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cursor) { - if(id->end_seq_get == NULL) + if(id->end_seq_get == NULL) { + krb5_set_error_string(context, + "end_seq_get is not supported in the %s " + " keytab", id->prefix); return HEIM_ERR_OPNOTSUPP; + } return (*id->end_seq_get)(context, id, cursor); } @@ -385,8 +430,11 @@ krb5_kt_add_entry(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry) { - if(id->add == NULL) + if(id->add == NULL) { + krb5_set_error_string(context, "Add is not supported in the %s keytab", + id->prefix); return KRB5_KT_NOWRITE; + } entry->timestamp = time(NULL); return (*id->add)(context, id,entry); } @@ -401,7 +449,11 @@ krb5_kt_remove_entry(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry) { - if(id->remove == NULL) + if(id->remove == NULL) { + krb5_set_error_string(context, + "Remove is not supported in the %s keytab", + id->prefix); return KRB5_KT_NOWRITE; + } return (*id->remove)(context, id, entry); } diff --git a/crypto/heimdal/lib/krb5/keytab_any.c b/crypto/heimdal/lib/krb5/keytab_any.c new file mode 100644 index 0000000..490a8f3 --- /dev/null +++ b/crypto/heimdal/lib/krb5/keytab_any.c @@ -0,0 +1,210 @@ +/* + * Copyright (c) 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id: keytab_any.c,v 1.2 2001/05/14 06:14:48 assar Exp $"); + +struct any_data { + krb5_keytab kt; + char *name; + struct any_data *next; +}; + +static void +free_list (struct any_data *a) +{ + struct any_data *next; + + for (; a != NULL; a = next) { + next = a->next; + free (a->name); + free (a); + } +} + +static krb5_error_code +any_resolve(krb5_context context, const char *name, krb5_keytab id) +{ + struct any_data *a, *a0 = NULL, *prev = NULL; + krb5_error_code ret; + char buf[256]; + + while (strsep_copy(&name, ",", buf, sizeof(buf)) != -1) { + a = malloc(sizeof(*a)); + if (a == NULL) { + ret = ENOMEM; + goto fail; + } + if (a0 == NULL) { + a0 = a; + a->name = strdup(name); + if (a->name == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + ret = ENOMEM; + goto fail; + } + } else + a->name = NULL; + if (prev != NULL) + prev->next = a; + a->next = NULL; + ret = krb5_kt_resolve (context, buf, &a->kt); + if (ret) + goto fail; + prev = a; + } + if (a0 == NULL) { + krb5_set_error_string(context, "empty ANY: keytab"); + return ENOENT; + } + id->data = a0; + return 0; + fail: + free_list (a0); + return ret; +} + +static krb5_error_code +any_get_name (krb5_context context, + krb5_keytab id, + char *name, + size_t namesize) +{ + struct any_data *a = id->data; + strlcpy(name, a->name, namesize); + return 0; +} + +static krb5_error_code +any_close (krb5_context context, + krb5_keytab id) +{ + struct any_data *a = id->data; + + free_list (a); + return 0; +} + +struct any_cursor_extra_data { + struct any_data *a; + krb5_kt_cursor cursor; +}; + +static krb5_error_code +any_start_seq_get(krb5_context context, + krb5_keytab id, + krb5_kt_cursor *c) +{ + struct any_data *a = id->data; + struct any_cursor_extra_data *ed; + krb5_error_code ret; + + c->data = malloc (sizeof(struct any_cursor_extra_data)); + if(c->data == NULL){ + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + ed = (struct any_cursor_extra_data *)c->data; + ed->a = a; + ret = krb5_kt_start_seq_get(context, ed->a->kt, &ed->cursor); + if (ret) { + free (ed); + free (c->data); + c->data = NULL; + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + return 0; +} + +static krb5_error_code +any_next_entry (krb5_context context, + krb5_keytab id, + krb5_keytab_entry *entry, + krb5_kt_cursor *cursor) +{ + krb5_error_code ret, ret2; + struct any_cursor_extra_data *ed; + + ed = (struct any_cursor_extra_data *)cursor->data; + do { + ret = krb5_kt_next_entry(context, ed->a->kt, entry, &ed->cursor); + if (ret == 0) + return 0; + else if (ret == KRB5_CC_END) { + ret2 = krb5_kt_end_seq_get (context, ed->a->kt, &ed->cursor); + if (ret2) + return ret2; + ed->a = ed->a->next; + if (ed->a == NULL) { + krb5_clear_error_string (context); + return KRB5_CC_END; + } + ret2 = krb5_kt_start_seq_get(context, ed->a->kt, &ed->cursor); + if (ret2) + return ret2; + } else + return ret; + } while (ret == KRB5_CC_END); + return ret; +} + +static krb5_error_code +any_end_seq_get(krb5_context context, + krb5_keytab id, + krb5_kt_cursor *cursor) +{ + krb5_error_code ret = 0; + struct any_cursor_extra_data *ed; + + ed = (struct any_cursor_extra_data *)cursor->data; + if (ed->a != NULL) + ret = krb5_kt_end_seq_get(context, ed->a->kt, &ed->cursor); + free (ed); + cursor->data = NULL; + return ret; +} + +const krb5_kt_ops krb5_any_ops = { + "ANY", + any_resolve, + any_get_name, + any_close, + NULL, /* get */ + any_start_seq_get, + any_next_entry, + any_end_seq_get, + NULL, /* add_entry */ + NULL /* remote_entry */ +}; diff --git a/crypto/heimdal/lib/krb5/keytab_file.c b/crypto/heimdal/lib/krb5/keytab_file.c index c6c35e5..13b67c2 100644 --- a/crypto/heimdal/lib/krb5/keytab_file.c +++ b/crypto/heimdal/lib/krb5/keytab_file.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_file.c,v 1.6 2000/01/02 00:20:22 assar Exp $"); +RCSID("$Id: keytab_file.c,v 1.8 2001/05/14 06:14:48 assar Exp $"); #define KRB5_KT_VNO_1 1 #define KRB5_KT_VNO_2 2 @@ -46,7 +46,8 @@ struct fkt_data { }; static krb5_error_code -krb5_kt_ret_data(krb5_storage *sp, +krb5_kt_ret_data(krb5_context context, + krb5_storage *sp, krb5_data *data) { int ret; @@ -56,8 +57,10 @@ krb5_kt_ret_data(krb5_storage *sp, return ret; data->length = size; data->data = malloc(size); - if (data->data == NULL) + if (data->data == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } ret = sp->fetch(sp, data->data, size); if(ret != size) return (ret < 0)? errno : KRB5_KT_END; @@ -65,7 +68,8 @@ krb5_kt_ret_data(krb5_storage *sp, } static krb5_error_code -krb5_kt_ret_string(krb5_storage *sp, +krb5_kt_ret_string(krb5_context context, + krb5_storage *sp, general_string *data) { int ret; @@ -74,8 +78,10 @@ krb5_kt_ret_string(krb5_storage *sp, if(ret) return ret; *data = malloc(size + 1); - if (*data == NULL) + if (*data == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } ret = sp->fetch(sp, *data, size); (*data)[size] = '\0'; if(ret != size) @@ -84,7 +90,8 @@ krb5_kt_ret_string(krb5_storage *sp, } static krb5_error_code -krb5_kt_store_data(krb5_storage *sp, +krb5_kt_store_data(krb5_context context, + krb5_storage *sp, krb5_data data) { int ret; @@ -119,7 +126,7 @@ krb5_kt_store_string(krb5_storage *sp, } static krb5_error_code -krb5_kt_ret_keyblock(krb5_storage *sp, krb5_keyblock *p) +krb5_kt_ret_keyblock(krb5_context context, krb5_storage *sp, krb5_keyblock *p) { int ret; int16_t tmp; @@ -127,25 +134,27 @@ krb5_kt_ret_keyblock(krb5_storage *sp, krb5_keyblock *p) ret = krb5_ret_int16(sp, &tmp); /* keytype + etype */ if(ret) return ret; p->keytype = tmp; - ret = krb5_kt_ret_data(sp, &p->keyvalue); + ret = krb5_kt_ret_data(context, sp, &p->keyvalue); return ret; } static krb5_error_code -krb5_kt_store_keyblock(krb5_storage *sp, +krb5_kt_store_keyblock(krb5_context context, + krb5_storage *sp, krb5_keyblock *p) { int ret; ret = krb5_store_int16(sp, p->keytype); /* keytype + etype */ if(ret) return ret; - ret = krb5_kt_store_data(sp, p->keyvalue); + ret = krb5_kt_store_data(context, sp, p->keyvalue); return ret; } static krb5_error_code -krb5_kt_ret_principal(krb5_storage *sp, +krb5_kt_ret_principal(krb5_context context, + krb5_storage *sp, krb5_principal *princ) { int i; @@ -154,8 +163,10 @@ krb5_kt_ret_principal(krb5_storage *sp, int16_t tmp; ALLOC(p, 1); - if(p == NULL) + if(p == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } ret = krb5_ret_int16(sp, &tmp); if(ret) @@ -163,15 +174,19 @@ krb5_kt_ret_principal(krb5_storage *sp, if (sp->flags & KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS) tmp--; p->name.name_string.len = tmp; - ret = krb5_kt_ret_string(sp, &p->realm); - if(ret) return ret; + ret = krb5_kt_ret_string(context, sp, &p->realm); + if(ret) + return ret; p->name.name_string.val = calloc(p->name.name_string.len, sizeof(*p->name.name_string.val)); - if(p->name.name_string.val == NULL) + if(p->name.name_string.val == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } for(i = 0; i < p->name.name_string.len; i++){ - ret = krb5_kt_ret_string(sp, p->name.name_string.val + i); - if(ret) return ret; + ret = krb5_kt_ret_string(context, sp, p->name.name_string.val + i); + if(ret) + return ret; } if (krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE)) p->name.name_type = KRB5_NT_UNKNOWN; @@ -187,7 +202,8 @@ krb5_kt_ret_principal(krb5_storage *sp, } static krb5_error_code -krb5_kt_store_principal(krb5_storage *sp, +krb5_kt_store_principal(krb5_context context, + krb5_storage *sp, krb5_principal p) { int i; @@ -202,7 +218,8 @@ krb5_kt_store_principal(krb5_storage *sp, if(ret) return ret; for(i = 0; i < p->name.name_string.len; i++){ ret = krb5_kt_store_string(sp, p->name.name_string.val[i]); - if(ret) return ret; + if(ret) + return ret; } if(!krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE)) { ret = krb5_store_int32(sp, p->name.name_type); @@ -217,12 +234,16 @@ static krb5_error_code fkt_resolve(krb5_context context, const char *name, krb5_keytab id) { struct fkt_data *d; + d = malloc(sizeof(*d)); - if(d == NULL) + if(d == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } d->filename = strdup(name); if(d->filename == NULL) { free(d); + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } id->data = d; @@ -280,8 +301,12 @@ fkt_start_seq_get_int(krb5_context context, struct fkt_data *d = id->data; c->fd = open (d->filename, flags); - if (c->fd < 0) - return errno; + if (c->fd < 0) { + ret = errno; + krb5_set_error_string(context, "open(%s): %s", d->filename, + strerror(ret)); + return ret; + } c->sp = krb5_storage_from_fd(c->fd); ret = krb5_ret_int8(c->sp, &pvno); if(ret) { @@ -292,6 +317,7 @@ fkt_start_seq_get_int(krb5_context context, if(pvno != 5) { krb5_storage_free(c->sp); close(c->fd); + krb5_clear_error_string (context); return KRB5_KEYTAB_BADVNO; } ret = krb5_ret_int8(c->sp, &tag); @@ -336,7 +362,7 @@ loop: pos = cursor->sp->seek(cursor->sp, -len, SEEK_CUR); goto loop; } - ret = krb5_kt_ret_principal (cursor->sp, &entry->principal); + ret = krb5_kt_ret_principal (context, cursor->sp, &entry->principal); if (ret) goto out; ret = krb5_ret_int32(cursor->sp, &tmp32); @@ -347,7 +373,7 @@ loop: if (ret) goto out; entry->vno = tmp8; - ret = krb5_kt_ret_keyblock (cursor->sp, &entry->keyblock); + ret = krb5_kt_ret_keyblock (context, cursor->sp, &entry->keyblock); if (ret) goto out; if(start) *start = pos; @@ -391,8 +417,12 @@ fkt_add_entry(krb5_context context, fd = open (d->filename, O_RDWR | O_BINARY); if (fd < 0) { fd = open (d->filename, O_RDWR | O_CREAT | O_BINARY, 0600); - if (fd < 0) - return errno; + if (fd < 0) { + ret = errno; + krb5_set_error_string(context, "open(%s): %s", d->filename, + strerror(ret)); + return ret; + } sp = krb5_storage_from_fd(fd); ret = krb5_store_int8(sp, 5); if(ret) { @@ -421,6 +451,7 @@ fkt_add_entry(krb5_context context, if(pvno != 5) { krb5_storage_free(sp); close(fd); + krb5_clear_error_string (context); return KRB5_KEYTAB_BADVNO; } ret = krb5_ret_int8 (sp, &tag); @@ -438,9 +469,10 @@ fkt_add_entry(krb5_context context, emem = krb5_storage_emem(); if(emem == NULL) { ret = ENOMEM; + krb5_set_error_string (context, "malloc: out of memory"); goto out; } - ret = krb5_kt_store_principal(emem, entry->principal); + ret = krb5_kt_store_principal(context, emem, entry->principal); if(ret) { krb5_storage_free(emem); goto out; @@ -455,7 +487,7 @@ fkt_add_entry(krb5_context context, krb5_storage_free(emem); goto out; } - ret = krb5_kt_store_keyblock (emem, &entry->keyblock); + ret = krb5_kt_store_keyblock (context, emem, &entry->keyblock); if(ret) { krb5_storage_free(emem); goto out; @@ -521,8 +553,10 @@ fkt_remove_entry(krb5_context context, } } krb5_kt_end_seq_get(context, id, &cursor); - if (!found) + if (!found) { + krb5_clear_error_string (context); return KRB5_KT_NOTFOUND; + } return 0; } diff --git a/crypto/heimdal/lib/krb5/keytab_keyfile.c b/crypto/heimdal/lib/krb5/keytab_keyfile.c index ffdf35c..2403412 100644 --- a/crypto/heimdal/lib/krb5/keytab_keyfile.c +++ b/crypto/heimdal/lib/krb5/keytab_keyfile.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_keyfile.c,v 1.9 2000/07/02 16:14:16 assar Exp $"); +RCSID("$Id: keytab_keyfile.c,v 1.11 2001/05/14 06:14:49 assar Exp $"); /* afs keyfile operations --------------------------------------- */ @@ -63,16 +63,23 @@ struct akf_data { */ static int -get_cell_and_realm (struct akf_data *d) +get_cell_and_realm (krb5_context context, + struct akf_data *d) { FILE *f; char buf[BUFSIZ], *cp; + int ret; f = fopen (AFS_SERVERTHISCELL, "r"); - if (f == NULL) - return errno; + if (f == NULL) { + ret = errno; + krb5_set_error_string (context, "open %s: %s", AFS_SERVERTHISCELL, + strerror(ret)); + return ret; + } if (fgets (buf, sizeof(buf), f) == NULL) { fclose (f); + krb5_set_error_string (context, "no cell in %s", AFS_SERVERTHISCELL); return EINVAL; } if (buf[strlen(buf) - 1] == '\n') @@ -80,13 +87,17 @@ get_cell_and_realm (struct akf_data *d) fclose(f); d->cell = strdup (buf); - if (d->cell == NULL) - return errno; + if (d->cell == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } f = fopen (AFS_SERVERMAGICKRBCONF, "r"); if (f != NULL) { if (fgets (buf, sizeof(buf), f) == NULL) { fclose (f); + krb5_set_error_string (context, "no realm in %s", + AFS_SERVERMAGICKRBCONF); return EINVAL; } if (buf[strlen(buf)-1] == '\n') @@ -100,7 +111,8 @@ get_cell_and_realm (struct akf_data *d) d->realm = strdup (buf); if (d->realm == NULL) { free (d->cell); - return errno; + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; } return 0; } @@ -115,11 +127,13 @@ akf_resolve(krb5_context context, const char *name, krb5_keytab id) int ret; struct akf_data *d = malloc(sizeof (struct akf_data)); - if (d == NULL) - return errno; + if (d == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } d->num_entries = 0; - ret = get_cell_and_realm (d); + ret = get_cell_and_realm (context, d); if (ret) { free (d); return ret; @@ -129,6 +143,7 @@ akf_resolve(krb5_context context, const char *name, krb5_keytab id) free (d->cell); free (d->realm); free (d); + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } id->data = d; @@ -180,14 +195,21 @@ akf_start_seq_get(krb5_context context, struct akf_data *d = id->data; c->fd = open (d->filename, O_RDONLY|O_BINARY, 0600); - if (c->fd < 0) - return errno; + if (c->fd < 0) { + ret = errno; + krb5_set_error_string(context, "open(%s): %s", d->filename, + strerror(ret)); + return ret; + } c->sp = krb5_storage_from_fd(c->fd); ret = krb5_ret_int32(c->sp, &d->num_entries); if(ret) { krb5_storage_free(c->sp); close(c->fd); + krb5_clear_error_string (context); + if(ret == KRB5_CC_END) + return KRB5_KT_NOTFOUND; return ret; } @@ -228,6 +250,7 @@ akf_next_entry(krb5_context context, entry->keyblock.keyvalue.data = malloc (8); if (entry->keyblock.keyvalue.data == NULL) { krb5_free_principal (context, entry->principal); + krb5_set_error_string (context, "malloc: out of memory"); ret = ENOMEM; goto out; } @@ -268,8 +291,12 @@ akf_add_entry(krb5_context context, if (fd < 0) { fd = open (d->filename, O_RDWR | O_BINARY | O_CREAT, 0600); - if (fd < 0) - return errno; + if (fd < 0) { + ret = errno; + krb5_set_error_string(context, "open(%s): %s", d->filename, + strerror(ret)); + return ret; + } created = 1; } @@ -282,15 +309,18 @@ akf_add_entry(krb5_context context, sp = krb5_storage_from_fd(fd); if(sp == NULL) { close(fd); + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } if (created) len = 0; else { if((*sp->seek)(sp, 0, SEEK_SET) < 0) { + ret = errno; krb5_storage_free(sp); close(fd); - return errno; + krb5_set_error_string (context, "seek: %s", strerror(ret)); + return ret; } ret = krb5_ret_int32(sp, &len); @@ -303,9 +333,11 @@ akf_add_entry(krb5_context context, len++; if((*sp->seek)(sp, 0, SEEK_SET) < 0) { + ret = errno; krb5_storage_free(sp); close(fd); - return errno; + krb5_set_error_string (context, "seek: %s", strerror(ret)); + return ret; } ret = krb5_store_int32(sp, len); @@ -317,9 +349,11 @@ akf_add_entry(krb5_context context, if((*sp->seek)(sp, (len - 1) * (8 + 4), SEEK_CUR) < 0) { + ret = errno; krb5_storage_free(sp); close(fd); - return errno; + krb5_set_error_string (context, "seek: %s", strerror(ret)); + return ret; } ret = krb5_store_int32(sp, entry->vno); diff --git a/crypto/heimdal/lib/krb5/keytab_krb4.c b/crypto/heimdal/lib/krb5/keytab_krb4.c index e41f849..6915cac 100644 --- a/crypto/heimdal/lib/krb5/keytab_krb4.c +++ b/crypto/heimdal/lib/krb5/keytab_krb4.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_krb4.c,v 1.6 2000/12/15 17:10:40 joda Exp $"); +RCSID("$Id: keytab_krb4.c,v 1.8 2001/05/16 22:23:31 assar Exp $"); struct krb4_kt_data { char *filename; @@ -45,11 +45,14 @@ krb4_kt_resolve(krb5_context context, const char *name, krb5_keytab id) struct krb4_kt_data *d; d = malloc (sizeof(*d)); - if (d == NULL) + if (d == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } d->filename = strdup (name); if (d->filename == NULL) { free(d); + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } id->data = d; @@ -92,17 +95,23 @@ krb4_kt_start_seq_get_int (krb5_context context, { struct krb4_kt_data *d = id->data; struct krb4_cursor_extra_data *ed; + int ret; ed = malloc (sizeof(*ed)); - if (ed == NULL) + if (ed == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } ed->entry.principal = NULL; ed->num = -1; c->data = ed; c->fd = open (d->filename, flags); if (c->fd < 0) { + ret = errno; free (ed); - return errno; + krb5_set_error_string(context, "open(%s): %s", d->filename, + strerror(ret)); + return ret; } c->sp = krb5_storage_from_fd(c->fd); return 0; @@ -238,8 +247,12 @@ krb4_kt_add_entry (krb5_context context, if (fd < 0) { fd = open (d->filename, O_WRONLY | O_APPEND | O_BINARY | O_CREAT, 0600); - if (fd < 0) - return errno; + if (fd < 0) { + ret = errno; + krb5_set_error_string(context, "open(%s): %s", d->filename, + strerror(ret)); + return ret; + } } ret = krb5_524_conv_principal (context, entry->principal, service, instance, realm); @@ -272,3 +285,16 @@ const krb5_kt_ops krb4_fkt_ops = { krb4_kt_add_entry, /* add_entry */ NULL /* remove_entry */ }; + +const krb5_kt_ops krb5_srvtab_fkt_ops = { + "SRVTAB", + krb4_kt_resolve, + krb4_kt_get_name, + krb4_kt_close, + NULL, /* get */ + krb4_kt_start_seq_get, + krb4_kt_next_entry, + krb4_kt_end_seq_get, + krb4_kt_add_entry, /* add_entry */ + NULL /* remove_entry */ +}; diff --git a/crypto/heimdal/lib/krb5/keytab_memory.c b/crypto/heimdal/lib/krb5/keytab_memory.c index 9fde8d0..cde8943 100644 --- a/crypto/heimdal/lib/krb5/keytab_memory.c +++ b/crypto/heimdal/lib/krb5/keytab_memory.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_memory.c,v 1.4 2000/02/07 03:18:39 assar Exp $"); +RCSID("$Id: keytab_memory.c,v 1.5 2001/05/14 06:14:49 assar Exp $"); /* memory operations -------------------------------------------- */ @@ -47,8 +47,10 @@ mkt_resolve(krb5_context context, const char *name, krb5_keytab id) { struct mkt_data *d; d = malloc(sizeof(*d)); - if(d == NULL) + if(d == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } d->entries = NULL; d->num_entries = 0; id->data = d; @@ -115,8 +117,10 @@ mkt_add_entry(krb5_context context, struct mkt_data *d = id->data; krb5_keytab_entry *tmp; tmp = realloc(d->entries, (d->num_entries + 1) * sizeof(*d->entries)); - if(tmp == NULL) + if(tmp == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } d->entries = tmp; return krb5_kt_copy_entry_contents(context, entry, &d->entries[d->num_entries++]); diff --git a/crypto/heimdal/lib/krb5/krb5-protos.h b/crypto/heimdal/lib/krb5/krb5-protos.h index 628f560..1f0fdf9 100644 --- a/crypto/heimdal/lib/krb5/krb5-protos.h +++ b/crypto/heimdal/lib/krb5/krb5-protos.h @@ -93,7 +93,7 @@ krb5_error_code krb5_addlog_dest __P(( krb5_context context, krb5_log_facility *f, - const char *p)); + const char *orig)); krb5_error_code krb5_addlog_func __P(( @@ -107,6 +107,7 @@ krb5_addlog_func __P(( krb5_error_code krb5_addr2sockaddr __P(( + krb5_context context, const krb5_address *addr, struct sockaddr *sa, int *sa_size, @@ -139,6 +140,7 @@ krb5_aname_to_localname __P(( krb5_error_code krb5_anyaddr __P(( + krb5_context context, int af, struct sockaddr *sa, int *sa_size, @@ -453,8 +455,8 @@ krb5_error_code krb5_cc_next_cred __P(( krb5_context context, const krb5_ccache id, - krb5_creds *creds, - krb5_cc_cursor *cursor)); + krb5_cc_cursor *cursor, + krb5_creds *creds)); krb5_error_code krb5_cc_register __P(( @@ -533,6 +535,9 @@ krb5_checksumsize __P(( krb5_cksumtype type, size_t *size)); +void +krb5_clear_error_string __P((krb5_context context)); + krb5_error_code krb5_closelog __P(( krb5_context context, @@ -634,16 +639,10 @@ krb5_config_get_time_default __P(( krb5_error_code krb5_config_parse_file __P(( + krb5_context context, const char *fname, krb5_config_section **res)); -krb5_error_code -krb5_config_parse_file_debug __P(( - const char *fname, - krb5_config_section **res, - unsigned *lineno, - char **error_message)); - const void * krb5_config_vget __P(( krb5_context context, @@ -787,7 +786,8 @@ krb5_error_code krb5_create_checksum __P(( krb5_context context, krb5_crypto crypto, - unsigned usage_or_type, + krb5_key_usage usage, + int type, void *data, size_t len, Checksum *result)); @@ -800,7 +800,7 @@ krb5_crypto_destroy __P(( krb5_error_code krb5_crypto_init __P(( krb5_context context, - krb5_keyblock *key, + const krb5_keyblock *key, krb5_enctype etype, krb5_crypto *crypto)); @@ -924,7 +924,17 @@ krb5_decrypt_ticket __P(( krb5_flags flags)); krb5_error_code +krb5_derive_key __P(( + krb5_context context, + const krb5_keyblock *key, + krb5_enctype etype, + const void *constant, + size_t constant_len, + krb5_keyblock **derived_key)); + +krb5_error_code krb5_domain_x500_decode __P(( + krb5_context context, krb5_data tr, char ***realms, int *num_realms, @@ -938,7 +948,9 @@ krb5_domain_x500_encode __P(( krb5_data *encoding)); krb5_error_code -krb5_eai_to_heim_errno __P((int eai_errno)); +krb5_eai_to_heim_errno __P(( + int eai_errno, + int system_error)); krb5_error_code krb5_encode_Authenticator __P(( @@ -1058,6 +1070,12 @@ krb5_err __P(( __attribute__ ((noreturn, format (printf, 4, 5))); krb5_error_code +krb5_error_from_rd_error __P(( + krb5_context context, + const krb5_error *error, + const krb5_creds *creds)); + +krb5_error_code krb5_errx __P(( krb5_context context, int eval, @@ -1146,6 +1164,11 @@ krb5_free_error_contents __P(( krb5_context context, krb5_error *error)); +void +krb5_free_error_string __P(( + krb5_context context, + char *str)); + krb5_error_code krb5_free_host_realm __P(( krb5_context context, @@ -1239,6 +1262,15 @@ krb5_get_cred_from_kdc __P(( krb5_creds ***ret_tgts)); krb5_error_code +krb5_get_cred_from_kdc_opt __P(( + krb5_context context, + krb5_ccache ccache, + krb5_creds *in_creds, + krb5_creds **out_creds, + krb5_creds ***ret_tgts, + krb5_flags flags)); + +krb5_error_code krb5_get_credentials __P(( krb5_context context, krb5_flags options, @@ -1280,6 +1312,9 @@ krb5_get_err_text __P(( krb5_context context, krb5_error_code code)); +char* +krb5_get_error_string __P((krb5_context context)); + krb5_error_code krb5_get_extra_addresses __P(( krb5_context context, @@ -1310,6 +1345,7 @@ krb5_error_code krb5_get_host_realm_int __P(( krb5_context context, const char *host, + krb5_boolean use_dns, krb5_realm **realms)); krb5_error_code @@ -1515,12 +1551,14 @@ krb5_getportbyname __P(( krb5_error_code krb5_h_addr2addr __P(( + krb5_context context, int af, const char *haddr, krb5_address *addr)); krb5_error_code krb5_h_addr2sockaddr __P(( + krb5_context context, int af, const char *addr, struct sockaddr *sa, @@ -1528,6 +1566,12 @@ krb5_h_addr2sockaddr __P(( int port)); krb5_error_code +krb5_h_errno_to_heim_errno __P((int eai_errno)); + +krb5_boolean +krb5_have_error_string __P((krb5_context context)); + +krb5_error_code krb5_init_context __P((krb5_context *context)); void @@ -1613,6 +1657,12 @@ krb5_kt_default __P(( krb5_keytab *id)); krb5_error_code +krb5_kt_default_modify_name __P(( + krb5_context context, + char *name, + size_t namesize)); + +krb5_error_code krb5_kt_default_name __P(( krb5_context context, char *name, @@ -1711,6 +1761,7 @@ krb5_log_msg __P(( krb5_error_code krb5_make_addrport __P(( + krb5_context context, krb5_address **res, const krb5_address *addr, int16_t port)); @@ -1733,7 +1784,8 @@ krb5_mk_error __P(( const krb5_data *e_data, const krb5_principal client, const krb5_principal server, - time_t ctime, + time_t *ctime, + int *cusec, krb5_data *reply)); krb5_error_code @@ -1893,6 +1945,7 @@ int krb5_prompter_posix __P(( krb5_context context, void *data, + const char *name, const char *banner, int num_prompts, krb5_prompt prompts[])); @@ -2209,6 +2262,13 @@ krb5_set_default_realm __P(( char *realm)); krb5_error_code +krb5_set_error_string __P(( + krb5_context context, + const char *fmt, + ...)) + __attribute__((format (printf, 2, 3))); + +krb5_error_code krb5_set_extra_addresses __P(( krb5_context context, const krb5_addresses *addresses)); @@ -2246,11 +2306,13 @@ krb5_sock_to_principal __P(( krb5_error_code krb5_sockaddr2address __P(( + krb5_context context, const struct sockaddr *sa, krb5_address *addr)); krb5_error_code krb5_sockaddr2port __P(( + krb5_context context, const struct sockaddr *sa, int16_t *port)); @@ -2285,12 +2347,22 @@ krb5_storage_from_mem __P(( void *buf, size_t len)); +krb5_flags +krb5_storage_get_byteorder __P(( + krb5_storage *sp, + krb5_flags byteorder)); + krb5_boolean krb5_storage_is_flags __P(( krb5_storage *sp, krb5_flags flags)); void +krb5_storage_set_byteorder __P(( + krb5_storage *sp, + krb5_flags byteorder)); + +void krb5_storage_set_flags __P(( krb5_storage *sp, krb5_flags flags)); @@ -2366,6 +2438,11 @@ krb5_store_times __P(( krb5_times times)); krb5_error_code +krb5_string_to_deltat __P(( + const char *string, + krb5_deltat *deltat)); + +krb5_error_code krb5_string_to_enctype __P(( krb5_context context, const char *string, @@ -2532,6 +2609,34 @@ krb5_verify_init_creds_opt_set_ap_req_nofail __P(( krb5_verify_init_creds_opt *options, int ap_req_nofail)); +void +krb5_verify_opt_init __P((krb5_verify_opt *opt)); + +void +krb5_verify_opt_set_ccache __P(( + krb5_verify_opt *opt, + krb5_ccache ccache)); + +void +krb5_verify_opt_set_flags __P(( + krb5_verify_opt *opt, + unsigned int flags)); + +void +krb5_verify_opt_set_keytab __P(( + krb5_verify_opt *opt, + krb5_keytab keytab)); + +void +krb5_verify_opt_set_secure __P(( + krb5_verify_opt *opt, + krb5_boolean secure)); + +void +krb5_verify_opt_set_service __P(( + krb5_verify_opt *opt, + const char *service)); + krb5_error_code krb5_verify_user __P(( krb5_context context, @@ -2551,6 +2656,13 @@ krb5_verify_user_lrealm __P(( const char *service)); krb5_error_code +krb5_verify_user_opt __P(( + krb5_context context, + krb5_principal principal, + const char *password, + krb5_verify_opt *opt)); + +krb5_error_code krb5_verr __P(( krb5_context context, int eval, @@ -2587,6 +2699,13 @@ krb5_vlog_msg __P(( __attribute__((format (printf, 5, 0))); krb5_error_code +krb5_vset_error_string __P(( + krb5_context context, + const char *fmt, + va_list args)) + __attribute__ ((format (printf, 2, 0))); + +krb5_error_code krb5_vwarn __P(( krb5_context context, krb5_error_code code, diff --git a/crypto/heimdal/lib/krb5/krb5.conf.5 b/crypto/heimdal/lib/krb5/krb5.conf.5 index 6ff4aef..ca2d1e59 100644 --- a/crypto/heimdal/lib/krb5/krb5.conf.5 +++ b/crypto/heimdal/lib/krb5/krb5.conf.5 @@ -1,4 +1,4 @@ -.\" $Id: krb5.conf.5,v 1.12 2001/01/19 04:53:24 assar Exp $ +.\" $Id: krb5.conf.5,v 1.17 2001/05/31 13:58:34 assar Exp $ .\" .Dd April 11, 1999 .Dt KRB5.CONF 5 @@ -46,6 +46,35 @@ name: consists of one or more non-white space characters. Currently recognised sections and bindings are: .Bl -tag -width "xxx" -offset indent +.It Li [appdefaults] +Specifies the default values to be used for Kerberos applications. +You can specify defaults per application, realm, or a combination of +these. The preference order is: +.Bl -enum -compact +.It +.Va application Va realm Va option +.It +.Va application Va option +.It +.Va realm Va option +.It +.Va option +.El +.Pp +The supported options are: +.Bl -tag -width "xxx" -offset indent +.It Li forwardable = Va boolean +When obtaining initial credentials, make the credentials forwardable. +.It Li proxiable = Va boolean +When obtaining initial credentials, make the credentials proxiable. +.It Li no-addresses = Va boolean +When obtaining initial credentials, request them for an empty set of +addresses, making the tickets valid from any address. +.It Li ticket_life = Va time +Default ticket lifetime. +.It Li renew_lifetime = Va time +Default renewable ticket lifetime. +.El .It Li [libdefaults] .Bl -tag -width "xxx" -offset indent .It Li default_realm = Va REALM @@ -97,6 +126,12 @@ The max number of times to try to contact each KDC. Default ticket lifetime. .It Li renew_lifetime = Va time Default renewable ticket lifetime. +.It Li forwardable = Va boolean +When obtaining initial credentials, make the credentials forwardable. +This option is also valid in the [realms] section. +.It Li proxiable = Va boolean +When obtaining initial credentials, make the credentials proxiable. +This option is also valid in the [realms] section. .It Li verify_ap_req_nofail = Va boolean Enable to make a failure to verify obtained credentials non-fatal. This can be useful if there is no keytab on a host. @@ -111,8 +146,25 @@ A list of addresses to get tickets for along with all local addresses. .It Li time_format = Va string How to print time strings in logs, this string is passed to .Xr strftime 3 . +.It Li date_format = Va string +How to print date strings in logs, this string is passed to +.Xr strftime 3 . .It Li log_utc = Va boolean Write log-entries using UTC instead of your local time zone. +.It Li srv_lookup = Va boolean +Use DNS SRV records to lookup realm configuration information. +.It Li srv_try_txt = Va boolean +If a SRV lookup fails, try looking up the same info in a DNS TXT record. +.It Li scan_interfaces = Va boolean +Scan all network interfaces for addresses, as opposed to simply using +the address associated with the system's host name. +.It Li fcache_version = Va int +Use file credential cache format version specified. +.It Li krb4_get_tickets = Va boolean +Also get Kerberos 4 tickets in +.Nm kinit +and other programs. +This option is also valid in the [realms] section. .El .It Li [domain_realm] This is a list of mappings from DNS domain to Kerberos realm. Each @@ -255,8 +307,8 @@ and is only left for backwards compatability. points to the configuration file to read. .Sh EXAMPLE .Bd -literal -offset indent -[lib_defaults] - default_domain = FOO.SE +[libdefaults] + default_realm = FOO.SE [domain_realm] .foo.se = FOO.SE .bar.se = FOO.SE @@ -294,4 +346,5 @@ actually used and thus cannot warn about unknown or misspelt ones. .Xr krb5_openlog 3 , .Xr krb5_425_conv_principal 3 , .Xr strftime 3 , +.Xr kinit 1 , .Xr Source tm diff --git a/crypto/heimdal/lib/krb5/krb5.h b/crypto/heimdal/lib/krb5/krb5.h index 65a8a16..32be069 100644 --- a/crypto/heimdal/lib/krb5/krb5.h +++ b/crypto/heimdal/lib/krb5/krb5.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5.h,v 1.179 2000/12/15 17:11:12 joda Exp $ */ +/* $Id: krb5.h,v 1.190 2001/05/16 22:23:56 assar Exp $ */ #ifndef __KRB5_H__ #define __KRB5_H__ @@ -43,7 +43,7 @@ #include <krb5_err.h> #include <heim_err.h> -#include <asn1.h> +#include <krb5_asn1.h> /* simple constants */ @@ -70,26 +70,31 @@ typedef struct krb5_crypto_data *krb5_crypto; typedef CKSUMTYPE krb5_cksumtype; -typedef enum krb5_enctype { - ETYPE_NULL = 0, - ETYPE_DES_CBC_CRC = 1, - ETYPE_DES_CBC_MD4 = 2, - ETYPE_DES_CBC_MD5 = 3, - ETYPE_DES3_CBC_MD5 = 5, - ETYPE_OLD_DES3_CBC_SHA1 = 7, - ETYPE_SIGN_DSA_GENERATE = 8, - ETYPE_ENCRYPT_RSA_PRIV = 9, - ETYPE_ENCRYPT_RSA_PUB = 10, - ETYPE_DES3_CBC_SHA1 = 16, /* with key derivation */ - ETYPE_ARCFOUR_HMAC_MD5 = 23, - ETYPE_ARCFOUR_HMAC_MD5_56 = 24, - ETYPE_ENCTYPE_PK_CROSS = 48, - ETYPE_DES_CBC_NONE = -0x1000, - ETYPE_DES3_CBC_NONE = -0x1001, - ETYPE_DES_CFB64_NONE = -0x1002, - ETYPE_DES_PCBC_NONE = -0x1003, - ETYPE_DES3_CBC_NONE_IVEC = -0x1004 -} krb5_enctype; +typedef Checksum krb5_checksum; + +typedef ENCTYPE krb5_enctype; + +/* alternative names */ +enum { + ENCTYPE_NULL = ETYPE_NULL, + ENCTYPE_DES_CBC_CRC = ETYPE_DES_CBC_CRC, + ENCTYPE_DES_CBC_MD4 = ETYPE_DES_CBC_MD4, + ENCTYPE_DES_CBC_MD5 = ETYPE_DES_CBC_MD5, + ENCTYPE_DES3_CBC_MD5 = ETYPE_DES3_CBC_MD5, + ENCTYPE_OLD_DES3_CBC_SHA1 = ETYPE_OLD_DES3_CBC_SHA1, + ENCTYPE_SIGN_DSA_GENERATE = ETYPE_SIGN_DSA_GENERATE, + ENCTYPE_ENCRYPT_RSA_PRIV = ETYPE_ENCRYPT_RSA_PRIV, + ENCTYPE_ENCRYPT_RSA_PUB = ETYPE_ENCRYPT_RSA_PUB, + ENCTYPE_DES3_CBC_SHA1 = ETYPE_DES3_CBC_SHA1, + ENCTYPE_ARCFOUR_HMAC_MD5 = ETYPE_ARCFOUR_HMAC_MD5, + ENCTYPE_ARCFOUR_HMAC_MD5_56 = ETYPE_ARCFOUR_HMAC_MD5_56, + ENCTYPE_ENCTYPE_PK_CROSS = ETYPE_ENCTYPE_PK_CROSS, + ENCTYPE_DES_CBC_NONE = ETYPE_DES_CBC_NONE, + ENCTYPE_DES3_CBC_NONE = ETYPE_DES3_CBC_NONE, + ENCTYPE_DES_CFB64_NONE = ETYPE_DES_CFB64_NONE, + ENCTYPE_DES_PCBC_NONE = ETYPE_DES_PCBC_NONE, + ENCTYPE_DES3_CBC_NONE_IVEC = ETYPE_DES3_CBC_NONE_IVEC +}; typedef PADATA_TYPE krb5_preauthtype; @@ -164,6 +169,8 @@ typedef enum krb5_key_usage { /* SEQ in GSSAPI krb5 mechanism */ } krb5_key_usage; +typedef krb5_key_usage krb5_keyusage; + typedef enum krb5_salttype { KRB5_PW_SALT = KRB5_PADATA_PW_SALT, KRB5_AFS3_SALT = KRB5_PADATA_AFS3_SALT @@ -364,6 +371,7 @@ typedef struct krb5_context_data { const char *time_fmt; krb5_boolean log_utc; const char *default_keytab; + const char *default_keytab_modify; krb5_boolean use_admin_kdc; krb5_addresses *extra_addresses; krb5_boolean scan_interfaces; /* `ifconfig -a' */ @@ -375,6 +383,8 @@ typedef struct krb5_context_data { int num_kt_types; /* # of registered keytab types */ struct krb5_keytab_data *kt_types; /* registered keytab types */ const char *date_fmt; + char *error_string; + char error_buf[256]; } krb5_context_data; typedef struct krb5_ticket { @@ -391,10 +401,14 @@ struct krb5_rcache_data; typedef struct krb5_rcache_data *krb5_rcache; typedef Authenticator krb5_donot_replay; -#define KRB5_STORAGE_HOST_BYTEORDER 0x01 +#define KRB5_STORAGE_HOST_BYTEORDER 0x01 /* old */ #define KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS 0x02 #define KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE 0x04 #define KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE 0x08 +#define KRB5_STORAGE_BYTEORDER_MASK 0x60 +#define KRB5_STORAGE_BYTEORDER_BE 0x00 /* default */ +#define KRB5_STORAGE_BYTEORDER_LE 0x20 +#define KRB5_STORAGE_BYTEORDER_HOST 0x40 typedef struct krb5_storage { void *data; @@ -527,14 +541,23 @@ typedef EncAPRepPart krb5_ap_rep_enc_part; extern const char krb5_config_file[]; extern const char krb5_defkeyname[]; +typedef enum { + KRB5_PROMPT_TYPE_PASSWORD = 0x1, + KRB5_PROMPT_TYPE_NEW_PASSWORD = 0x2, + KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN = 0x3, + KRB5_PROMPT_TYPE_PREAUTH = 0x4 +} krb5_prompt_type; + typedef struct _krb5_prompt { char *prompt; int hidden; krb5_data *reply; + krb5_prompt_type type; } krb5_prompt; typedef int (*krb5_prompter_fct)(krb5_context context, void *data, + const char *name, const char *banner, int num_prompts, krb5_prompt prompts[]); @@ -588,6 +611,16 @@ typedef struct _krb5_verify_init_creds_opt { #define KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL 0x0001 +typedef struct krb5_verify_opt { + unsigned int flags; + krb5_ccache ccache; + krb5_keytab keytab; + krb5_boolean secure; + const char *service; +} krb5_verify_opt; + +#define KRB5_VERIFY_LREALMS 1 + extern const krb5_cc_ops krb5_fcc_ops; extern const krb5_cc_ops krb5_mcc_ops; @@ -595,6 +628,8 @@ extern const krb5_kt_ops krb5_fkt_ops; extern const krb5_kt_ops krb5_mkt_ops; extern const krb5_kt_ops krb5_akf_ops; extern const krb5_kt_ops krb4_fkt_ops; +extern const krb5_kt_ops krb5_srvtab_fkt_ops; +extern const krb5_kt_ops krb5_any_ops; #define KRB5_KPASSWD_SUCCESS 0 #define KRB5_KPASSWD_MALFORMED 0 diff --git a/crypto/heimdal/lib/krb5/krb5_425_conv_principal.3 b/crypto/heimdal/lib/krb5/krb5_425_conv_principal.3 index 3a3bb85..edd2f47 100644 --- a/crypto/heimdal/lib/krb5/krb5_425_conv_principal.3 +++ b/crypto/heimdal/lib/krb5/krb5_425_conv_principal.3 @@ -1,5 +1,5 @@ .\" Copyright (c) 1997 Kungliga Tekniska Högskolan -.\" $Id: krb5_425_conv_principal.3,v 1.4 2001/01/26 22:43:21 assar Exp $ +.\" $Id: krb5_425_conv_principal.3,v 1.5 2001/05/02 08:59:23 assar Exp $ .Dd April 11, 1999 .Dt KRB5_425_CONV_PRINCIPAL 3 .Os HEIMDAL diff --git a/crypto/heimdal/lib/krb5/krb5_appdefault.3 b/crypto/heimdal/lib/krb5/krb5_appdefault.3 index 7c45925..975cc27 100644 --- a/crypto/heimdal/lib/krb5/krb5_appdefault.3 +++ b/crypto/heimdal/lib/krb5/krb5_appdefault.3 @@ -1,5 +1,5 @@ .\" Copyright (c) 2000 Kungliga Tekniska Högskolan -.\" $Id: krb5_appdefault.3,v 1.3 2001/01/05 16:29:42 joda Exp $ +.\" $Id: krb5_appdefault.3,v 1.4 2001/05/02 08:59:23 assar Exp $ .Dd July 25, 2000 .Dt KRB5_APPDEFAULT 3 .Os HEIMDAL diff --git a/crypto/heimdal/lib/krb5/krb5_auth_context.3 b/crypto/heimdal/lib/krb5/krb5_auth_context.3 index d383c0a..92e25b0 100644 --- a/crypto/heimdal/lib/krb5/krb5_auth_context.3 +++ b/crypto/heimdal/lib/krb5/krb5_auth_context.3 @@ -1,5 +1,5 @@ .\" Copyright (c) 2001 Kungliga Tekniska Högskolan -.\" $Id: krb5_auth_context.3,v 1.1 2001/01/28 19:47:33 assar Exp $ +.\" $Id: krb5_auth_context.3,v 1.2 2001/05/02 08:59:23 assar Exp $ .Dd Jan 21, 2001 .Dt KRB5_AUTH_CONTEXT 3 .Os HEIMDAL diff --git a/crypto/heimdal/lib/krb5/krb5_build_principal.3 b/crypto/heimdal/lib/krb5/krb5_build_principal.3 index af01cd8..80ac5e1 100644 --- a/crypto/heimdal/lib/krb5/krb5_build_principal.3 +++ b/crypto/heimdal/lib/krb5/krb5_build_principal.3 @@ -1,5 +1,5 @@ .\" Copyright (c) 1997 Kungliga Tekniska Högskolan -.\" $Id: krb5_build_principal.3,v 1.2 2001/01/26 22:43:21 assar Exp $ +.\" $Id: krb5_build_principal.3,v 1.3 2001/05/02 08:59:23 assar Exp $ .Dd August 8, 1997 .Dt KRB5_BUILD_PRINCIPAL 3 .Os HEIMDAL diff --git a/crypto/heimdal/lib/krb5/krb5_config.3 b/crypto/heimdal/lib/krb5/krb5_config.3 index 3f2de83..f847436 100644 --- a/crypto/heimdal/lib/krb5/krb5_config.3 +++ b/crypto/heimdal/lib/krb5/krb5_config.3 @@ -1,5 +1,5 @@ .\" Copyright (c) 2000 Kungliga Tekniska Högskolan -.\" $Id: krb5_config.3,v 1.1 2000/07/25 10:22:46 joda Exp $ +.\" $Id: krb5_config.3,v 1.2 2001/05/02 08:59:23 assar Exp $ .Dd July 25, 2000 .Dt KRB5_CONFIG 3 .Os HEIMDAL diff --git a/crypto/heimdal/lib/krb5/krb5_free_principal.3 b/crypto/heimdal/lib/krb5/krb5_free_principal.3 index 023853b..110c802 100644 --- a/crypto/heimdal/lib/krb5/krb5_free_principal.3 +++ b/crypto/heimdal/lib/krb5/krb5_free_principal.3 @@ -1,5 +1,5 @@ .\" Copyright (c) 1997 Kungliga Tekniska Högskolan -.\" $Id: krb5_free_principal.3,v 1.2 2001/01/26 22:43:22 assar Exp $ +.\" $Id: krb5_free_principal.3,v 1.3 2001/05/02 08:59:23 assar Exp $ .Dd August 8, 1997 .Dt KRB5_FREE_PRINCIPAL 3 .Os HEIMDAL diff --git a/crypto/heimdal/lib/krb5/krb5_init_context.3 b/crypto/heimdal/lib/krb5/krb5_init_context.3 index 7e27ec2..54690de 100644 --- a/crypto/heimdal/lib/krb5/krb5_init_context.3 +++ b/crypto/heimdal/lib/krb5/krb5_init_context.3 @@ -1,5 +1,5 @@ .\" Copyright (c) 2001 Kungliga Tekniska Högskolan -.\" $Id: krb5_init_context.3,v 1.1 2001/01/28 21:39:29 assar Exp $ +.\" $Id: krb5_init_context.3,v 1.2 2001/05/23 16:24:02 assar Exp $ .Dd Jan 21, 2001 .Dt KRB5_CONTEXT 3 .Os HEIMDAL @@ -11,7 +11,7 @@ .Ft krb5_error_code .Fn krb5_init_context "krb5_context *context" .Ft void -.Fn krb5_free_context "krb5_context *context" +.Fn krb5_free_context "krb5_context context" .Sh DESCRIPTION The .Fn krb5_init_context diff --git a/crypto/heimdal/lib/krb5/krb5_keytab.3 b/crypto/heimdal/lib/krb5/krb5_keytab.3 new file mode 100644 index 0000000..6dc524e --- /dev/null +++ b/crypto/heimdal/lib/krb5/krb5_keytab.3 @@ -0,0 +1,358 @@ +.\" Copyright (c) 2001 Kungliga Tekniska Högskolan +.\" $Id: krb5_keytab.3,v 1.1 2001/02/05 18:17:46 assar Exp $ +.Dd Feb 5, 2001 +.Dt KRB5_KEYTAB 3 +.Os HEIMDAL +.Sh NAME +.Nm krb5_kt_ops, +.Nm krb5_keytab_entry , +.Nm krb5_kt_cursor , +.Nm krb5_kt_add_entry , +.Nm krb5_kt_close , +.Nm krb5_kt_compare , +.Nm krb5_kt_copy_entry_contents , +.Nm krb5_kt_default , +.Nm krb5_kt_default_name , +.Nm krb5_kt_end_seq_get , +.Nm krb5_kt_free_entry , +.Nm krb5_kt_get_entry , +.Nm krb5_kt_get_name , +.Nm krb5_kt_next_entry , +.Nm krb5_kt_read_service_key , +.Nm krb5_kt_register , +.Nm krb5_kt_remove_entry , +.Nm krb5_kt_resolve , +.Nm krb5_kt_start_seq_get +.Nd manage keytab (key storage) files +.Sh SYNOPSIS +.Fd #include <krb5.h> +.Pp +.Ft krb5_error_code +.Fo krb5_kt_add_entry +.Fa "krb5_context context" +.Fa "krb5_keytab id" +.Fa "krb5_keytab_entry *entry" +.Fc +.Ft krb5_error_code +.Fo krb5_kt_close +.Fa "krb5_context context" +.Fa "krb5_keytab id" +.Fc +.Ft krb5_boolean +.Fo krb5_kt_compare +.Fa "krb5_context context" +.Fa "krb5_keytab_entry *entry" +.Fa "krb5_const_principal principal" +.Fa "krb5_kvno vno" +.Fa "krb5_enctype enctype" +.Fc +.Ft krb5_error_code +.Fo krb5_kt_copy_entry_contents +.Fa "krb5_context context" +.Fa "const krb5_keytab_entry *in" +.Fa "krb5_keytab_entry *out" +.Fc +.Ft krb5_error_code +.Fo krb5_kt_default +.Fa "krb5_context context" +.Fa "krb5_keytab *id" +.Fc +.Ft krb5_error_code +.Fo krb5_kt_default_name +.Fa "krb5_context context" +.Fa "char *name" +.Fa "size_t namesize" +.Fc +.Ft krb5_error_code +.Fo krb5_kt_end_seq_get +.Fa "krb5_context context" +.Fa "krb5_keytab id" +.Fa "krb5_kt_cursor *cursor" +.Fc +.Ft krb5_error_code +.Fo krb5_kt_free_entry +.Fa "krb5_context context" +.Fa "krb5_keytab_entry *entry" +.Fc +.Ft krb5_error_code +.Fo krb5_kt_get_entry +.Fa "krb5_context context" +.Fa "krb5_keytab id" +.Fa "krb5_const_principal principal" +.Fa "krb5_kvno kvno" +.Fa "krb5_enctype enctype" +.Fa "krb5_keytab_entry *entry" +.Fc +.Ft krb5_error_code +.Fo krb5_kt_get_name +.Fa "krb5_context context" +.Fa "krb5_keytab keytab" +.Fa "char *name" +.Fa "size_t namesize" +.Fc +.Ft krb5_error_code +.Fo krb5_kt_next_entry +.Fa "krb5_context context" +.Fa "krb5_keytab id" +.Fa "krb5_keytab_entry *entry" +.Fa "krb5_kt_cursor *cursor" +.Fc +.Ft krb5_error_code +.Fo krb5_kt_read_service_key +.Fa "krb5_context context" +.Fa "krb5_pointer keyprocarg" +.Fa "krb5_principal principal" +.Fa "krb5_kvno vno" +.Fa "krb5_enctype enctype" +.Fa "krb5_keyblock **key" +.Fc +.Ft krb5_error_code +.Fo krb5_kt_register +.Fa "krb5_context context" +.Fa "const krb5_kt_ops *ops" +.Fc +.Ft krb5_error_code +.Fo krb5_kt_remove_entry +.Fa "krb5_context context" +.Fa "krb5_keytab id" +.Fa "krb5_keytab_entry *entry" +.Fc +.Ft krb5_error_code +.Fo krb5_kt_resolve +.Fa "krb5_context context" +.Fa "const char *name" +.Fa "krb5_keytab *id" +.Fc +.Ft krb5_error_code +.Fo krb5_kt_start_seq_get +.Fa "krb5_context context" +.Fa "krb5_keytab id" +.Fa "krb5_kt_cursor *cursor" +.Fc +.Sh DESCRIPTION +A keytab name is on the form +.Li type:residual . +The +.Li residual +part is specific to each keytab-type. +.Pp +When a keytab-name is resolved, the type is matched with an interal +list of keytab types. If there is no matching keytab type, +the default keytab is used. The current default type is +.Nm file . +The default value can be changed in the configuration file +.Pa /etc/krb5.conf +by setting the variable +.Li [defaults]default_keytab_name . +.Pp +The keytab types that are implemented in Heimdal +are: +.Bl -tag -width Ds +.It Nm file +store the keytab in a file, the type's name is +.Li KEYFILE . +The residual part is a filename. +.It Nm keyfile +store the keytab in a +.Li AFS +keyfile (usually +.Pa /usr/afs/etc/KeyFile ) , +the type's name is +.Li AFSKEYFILE . +The residual part is a filename. +.It Nm krb4 +the keytab is a Kerberos 4 +.Pa srvtab +that is on-the-fly converted to a keytab. The type's name is +.Li krb4 . +The residual part is a filename. +.It Nm memory +The keytab is stored in a memory segment. This allows sensitive and/or +temporary data not to be stored on disk. The type's name is +.Li MEMORY . +There are no residual part, the only pointer back to the keytab is the +.Fa id +returned by +.Fn krb5_kt_resolve . +.El +.Pp +.Nm krb5_keytab_entry +holds all data for an entry in a keytab file, like principal name, +key-type, key, key-version number, etc. +.Nm krb5_kt_cursor +holds the current position that is used when iterating through a +keytab entry with +.Fn krb5_kt_start_seq_get , +.Fn krb5_kt_next_entry , +and +.Fn krb5_kt_end_seq_get . +.Pp +.Nm krb5_kt_ops +contains the different operations that can be done to a keytab. This +structure is normally only used when doing a new keytab-type +implementation. +.Pp +.Fn krb5_kt_resolve +is the equvalent of an +.Xr open 2 +on keytab. Resolve the keytab name in +.Fa name +into a keytab in +.Fa id . +Returns 0 or an error. The opposite of +.Fn krb5_kt_resolve +is +.Fn krb5_kt_close . +.Fn krb5_kt_close +frees all resources allocated to the keytab. +.Pp +.Fn krb5_kt_default +sets the argument +.Fa id +to the default keytab. +Returns 0 or an error. +.Pp +.Fn krb5_kt_default_name +copy the name of the default keytab into +.Fa name . +Return 0 or KRB5_CONFIG_NOTENUFSPACE if +.Fa namesize +is too short. +.Pp +.Fn krb5_kt_add_entry +Add a new +.Fa entry +to the keytab +.Fa id . +.Li KRB5_KT_NOWRITE +is returned if the keytab is a readonly keytab. +.Pp +.Fn krb5_kt_compare +compares the passed in +.Fa entry +against +.Fa principal , +.Fa vno , +and +.Fa enctype . +Any of +.Fa principal , +.Fa vno +or +.Fa enctype +might be 0 which acts as a wildcard. Return TRUE if they compare the +same, FALSE otherwise. +.Pp +.Fn krb5_kt_copy_entry_contents +copies the contents of +.Fa in +into +.Fa out . +Returns 0 or an error. +.Pp +.Fn krb5_kt_get_name +retrieves the name of the keytab +.Fa keytab +into +.Fa name , +.Fa namesize . +Returns 0 or an error. +.Pp +.Fn krb5_kt_free_entry +frees the contents of +.Fa entry . +.Pp +.Fn krb5_kt_start_seq_get +sets +.Fa cursor +to point at the beginning of +.Fa id. +Returns 0 or an error. +.Pp +.Fn krb5_kt_next_entry +gets the next entry from +.Fa id +pointed to by +.Fa cursor +and advance the +.Fa cursor . +Returns 0 or an error. +.Pp +.Fn krb5_kt_end_seq_get +releases all resources associated with +.Fa cursor . +.Pp +.Fn krb5_kt_get_entry +retrieves the keytab entry for +.Fa principal, +.Fa kvno, +.Fa enctype +into +.Fa entry +from the keytab +.Fa id . +Returns 0 or an error. +.Pp +.Fn krb5_kt_read_service_key +reads the key identified by +.Ns ( Fa principal , +.Fa vno , +.Fa enctype ) +from the keytab in +.Fa keyprocarg +(the default if == NULL) into +.Fa *key . +Returns 0 or an error. +.Pp +.Fn krb5_kt_remove_entry +removes the entry +.Fa entry +from the keytab +.Fa id . +Returns 0 or an error. +.Pp +.Fn krb5_kt_register +registers a new keytab type +.Fa ops . +Returns 0 or an error. +.Sh EXAMPLE +This is a minimalistic version of +.Nm ktutil . +.Pp +.Bd -literal +int +main (int argc, char **argv) +{ + krb5_context context; + krb5_keytab keytab; + krb5_kt_cursor cursor; + krb5_keytab_entry entry; + krb5_error_code ret; + char *principal; + + if (krb5_init_context (&context) != 0) + errx(1, "krb5_context"); + + ret = krb5_kt_default (context, &keytab); + if (ret) + krb5_err(context, 1, ret, "krb5_kt_default"); + + ret = krb5_kt_start_seq_get(context, keytab, &cursor); + if (ret) + krb5_err(context, 1, ret, "krb5_kt_start_seq_get"); + while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0){ + krb5_unparse_name_short(context, entry.principal, &principal); + printf("principal: %s\\n", principal); + free(principal); + krb5_kt_free_entry(context, &entry); + } + ret = krb5_kt_end_seq_get(context, keytab, &cursor); + if (ret) + krb5_err(context, 1, ret, "krb5_kt_end_seq_get"); + krb5_free_context(context); + return 0; +} +.Ed +.Sh SEE ALSO +.Xr kerberos 8 , +.Xr krb5.conf 5 diff --git a/crypto/heimdal/lib/krb5/krb5_parse_name.3 b/crypto/heimdal/lib/krb5/krb5_parse_name.3 index 05ba77b..c4f5acd 100644 --- a/crypto/heimdal/lib/krb5/krb5_parse_name.3 +++ b/crypto/heimdal/lib/krb5/krb5_parse_name.3 @@ -1,5 +1,5 @@ .\" Copyright (c) 1997 Kungliga Tekniska Högskolan -.\" $Id: krb5_parse_name.3,v 1.2 2001/01/26 22:43:22 assar Exp $ +.\" $Id: krb5_parse_name.3,v 1.3 2001/05/02 08:59:23 assar Exp $ .Dd August 8, 1997 .Dt KRB5_PARSE_NAME 3 .Os HEIMDAL diff --git a/crypto/heimdal/lib/krb5/krb5_sname_to_principal.3 b/crypto/heimdal/lib/krb5/krb5_sname_to_principal.3 index 5f7f096..1dee7de 100644 --- a/crypto/heimdal/lib/krb5/krb5_sname_to_principal.3 +++ b/crypto/heimdal/lib/krb5/krb5_sname_to_principal.3 @@ -1,5 +1,5 @@ .\" Copyright (c) 1997 Kungliga Tekniska Högskolan -.\" $Id: krb5_sname_to_principal.3,v 1.2 2001/01/26 22:43:22 assar Exp $ +.\" $Id: krb5_sname_to_principal.3,v 1.3 2001/05/02 08:59:23 assar Exp $ .Dd August 8, 1997 .Dt KRB5_PRINCIPAL 3 .Os HEIMDAL diff --git a/crypto/heimdal/lib/krb5/krb5_unparse_name.3 b/crypto/heimdal/lib/krb5/krb5_unparse_name.3 index a335eb2..08409ae 100644 --- a/crypto/heimdal/lib/krb5/krb5_unparse_name.3 +++ b/crypto/heimdal/lib/krb5/krb5_unparse_name.3 @@ -1,5 +1,5 @@ .\" Copyright (c) 1997 Kungliga Tekniska Högskolan -.\" $Id: krb5_unparse_name.3,v 1.2 2001/01/26 22:43:22 assar Exp $ +.\" $Id: krb5_unparse_name.3,v 1.3 2001/05/02 08:59:23 assar Exp $ .Dd August 8, 1997 .Dt KRB5_UNPARSE_NAME 3 .Os HEIMDAL diff --git a/crypto/heimdal/lib/krb5/krbhst.c b/crypto/heimdal/lib/krb5/krbhst.c index b257e8b..86d67f6 100644 --- a/crypto/heimdal/lib/krb5/krbhst.c +++ b/crypto/heimdal/lib/krb5/krbhst.c @@ -34,24 +34,28 @@ #include "krb5_locl.h" #include <resolve.h> -RCSID("$Id: krbhst.c,v 1.25 2001/01/19 04:30:54 assar Exp $"); +RCSID("$Id: krbhst.c,v 1.26 2001/05/14 06:14:49 assar Exp $"); /* * assuming that `*res' contains `*count' strings, add a copy of `string'. */ static int -add_string(char ***res, int *count, const char *string) +add_string(krb5_context context, char ***res, int *count, const char *string) { char **tmp = realloc(*res, (*count + 1) * sizeof(**res)); - if(tmp == NULL) + if(tmp == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } *res = tmp; if(string) { tmp[*count] = strdup(string); - if(tmp[*count] == NULL) + if(tmp[*count] == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } } else tmp[*count] = NULL; (*count)++; @@ -94,19 +98,21 @@ srv_find_realm(krb5_context context, char ***res, int *count, char **tmp; tmp = realloc(*res, (*count + 1) * sizeof(**res)); - if (tmp == NULL) + if (tmp == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } *res = tmp; snprintf (buf, sizeof(buf), "%s/%s:%u", proto, rr->u.srv->target, rr->u.srv->port); - ret = add_string(res, count, buf); + ret = add_string(context, res, count, buf); if(ret) return ret; }else if(rr->type == T_TXT) { - ret = add_string(res, count, rr->u.txt); + ret = add_string(context, res, count, rr->u.txt); if(ret) return ret; } @@ -151,13 +157,13 @@ get_krbhst (krb5_context context, if(count == 0) { char buf[1024]; snprintf(buf, sizeof(buf), "kerberos.%s", *realm); - ret = add_string(&res, &count, buf); + ret = add_string(context, &res, &count, buf); if(ret) { krb5_config_free_strings(res); return ret; } } - add_string(&res, &count, NULL); + add_string(context, &res, &count, NULL); *hostlist = res; return 0; } diff --git a/crypto/heimdal/lib/krb5/log.c b/crypto/heimdal/lib/krb5/log.c index 37bff1d..1a6d6b2 100644 --- a/crypto/heimdal/lib/krb5/log.c +++ b/crypto/heimdal/lib/krb5/log.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: log.c,v 1.25 2000/09/17 21:46:07 assar Exp $"); +RCSID("$Id: log.c,v 1.26 2001/05/14 06:14:49 assar Exp $"); struct facility { int min; @@ -120,11 +120,14 @@ krb5_initlog(krb5_context context, krb5_log_facility **fac) { krb5_log_facility *f = calloc(1, sizeof(*f)); - if(f == NULL) + if(f == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } f->program = strdup(program); if(f->program == NULL){ free(f); + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } *fac = f; @@ -141,8 +144,10 @@ krb5_addlog_func(krb5_context context, void *data) { struct facility *fp = log_realloc(fac); - if(fp == NULL) + if(fp == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } fp->min = min; fp->max = max; fp->log = log; @@ -181,8 +186,10 @@ open_syslog(krb5_context context, struct syslog_data *sd = malloc(sizeof(*sd)); int i; - if(sd == NULL) + if(sd == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } i = find_value(sev, syslogvals); if(i == -1) i = LOG_ERR; @@ -232,8 +239,10 @@ open_file(krb5_context context, krb5_log_facility *fac, int min, int max, char *filename, char *mode, FILE *f, int keep_open) { struct file_data *fd = malloc(sizeof(*fd)); - if(fd == NULL) + if(fd == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } fd->filename = filename; fd->mode = mode; fd->fd = f; @@ -245,11 +254,13 @@ open_file(krb5_context context, krb5_log_facility *fac, int min, int max, krb5_error_code -krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *p) +krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig) { krb5_error_code ret = 0; int min = 0, max = -1, n; char c; + const char *p = orig; + n = sscanf(p, "%d%c%d/", &min, &c, &max); if(n == 2){ if(c == '/') { @@ -263,7 +274,10 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *p) } if(n){ p = strchr(p, '/'); - if(p == NULL) return HEIM_ERR_LOG_PARSE; + if(p == NULL) { + krb5_set_error_string (context, "failed to parse \"%s\"", orig); + return HEIM_ERR_LOG_PARSE; + } p++; } if(strcmp(p, "STDERR") == 0){ @@ -275,17 +289,26 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *p) FILE *file = NULL; int keep_open = 0; fn = strdup(p + 5); - if(fn == NULL) + if(fn == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } if(p[4] == '='){ int i = open(fn, O_WRONLY | O_CREAT | O_TRUNC | O_APPEND, 0666); - if(i < 0) - return errno; + if(i < 0) { + ret = errno; + krb5_set_error_string (context, "open(%s): %s", fn, + strerror(ret)); + return ret; + } file = fdopen(i, "a"); if(file == NULL){ + ret = errno; close(i); - return errno; + krb5_set_error_string (context, "fdopen(%s): %s", fn, + strerror(ret)); + return ret; } keep_open = 1; } @@ -303,6 +326,7 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *p) facility = "AUTH"; ret = open_syslog(context, f, min, max, severity, facility); }else{ + krb5_set_error_string (context, "unknown log type: %s", p); ret = HEIM_ERR_LOG_PARSE; /* XXX */ } return ret; diff --git a/crypto/heimdal/lib/krb5/mcache.c b/crypto/heimdal/lib/krb5/mcache.c index 29c5cfd..8c44b6e 100644 --- a/crypto/heimdal/lib/krb5/mcache.c +++ b/crypto/heimdal/lib/krb5/mcache.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: mcache.c,v 1.12 2000/11/15 02:12:51 assar Exp $"); +RCSID("$Id: mcache.c,v 1.13 2001/05/14 06:14:49 assar Exp $"); typedef struct krb5_mcache { char *name; @@ -65,6 +65,7 @@ static krb5_mcache * mcc_alloc(const char *name) { krb5_mcache *m; + ALLOC(m, 1); if(m == NULL) return NULL; @@ -101,8 +102,10 @@ mcc_resolve(krb5_context context, krb5_ccache *id, const char *res) } m = mcc_alloc(res); - if (m == NULL) + if (m == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return KRB5_CC_NOMEM; + } (*id)->data.data = m; (*id)->data.length = sizeof(*m); @@ -118,8 +121,10 @@ mcc_gen_new(krb5_context context, krb5_ccache *id) m = mcc_alloc(NULL); - if (m == NULL) + if (m == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return KRB5_CC_NOMEM; + } (*id)->data.data = m; (*id)->data.length = sizeof(*m); @@ -203,8 +208,10 @@ mcc_store_cred(krb5_context context, return ENOENT; l = malloc (sizeof(*l)); - if (l == NULL) + if (l == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return KRB5_CC_NOMEM; + } l->next = m->creds; m->creds = l; memset (&l->cred, 0, sizeof(l->cred)); diff --git a/crypto/heimdal/lib/krb5/mk_error.c b/crypto/heimdal/lib/krb5/mk_error.c index 2b173db..0015f45 100644 --- a/crypto/heimdal/lib/krb5/mk_error.c +++ b/crypto/heimdal/lib/krb5/mk_error.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: mk_error.c,v 1.14 1999/12/02 17:05:11 joda Exp $"); +RCSID("$Id: mk_error.c,v 1.16 2001/05/14 06:14:49 assar Exp $"); krb5_error_code krb5_mk_error(krb5_context context, @@ -42,7 +42,8 @@ krb5_mk_error(krb5_context context, const krb5_data *e_data, const krb5_principal client, const krb5_principal server, - time_t ctime, + time_t *ctime, + int *cusec, krb5_data *reply) { KRB_ERROR msg; @@ -59,9 +60,8 @@ krb5_mk_error(krb5_context context, msg.msg_type = krb_error; msg.stime = sec; msg.susec = usec; - if(ctime) { - msg.ctime = &ctime; - } + msg.ctime = ctime; + msg.cusec = cusec; /* Make sure we only send `protocol' error codes */ if(error_code < KRB5KDC_ERR_NONE || error_code >= KRB5_ERR_RCSID) { if(e_text == NULL) @@ -86,8 +86,10 @@ krb5_mk_error(krb5_context context, buf_size = 1024; buf = malloc (buf_size); - if (buf == NULL) + if (buf == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } do { ret = encode_KRB_ERROR(buf + buf_size - 1, @@ -101,6 +103,7 @@ krb5_mk_error(krb5_context context, buf_size *= 2; tmp = realloc (buf, buf_size); if (tmp == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); ret = ENOMEM; goto out; } @@ -114,6 +117,7 @@ krb5_mk_error(krb5_context context, reply->length = len; reply->data = malloc(len); if (reply->data == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); ret = ENOMEM; goto out; } diff --git a/crypto/heimdal/lib/krb5/mk_priv.c b/crypto/heimdal/lib/krb5/mk_priv.c index c880f10..1de4a5c 100644 --- a/crypto/heimdal/lib/krb5/mk_priv.c +++ b/crypto/heimdal/lib/krb5/mk_priv.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: mk_priv.c,v 1.28 2000/08/18 06:48:07 assar Exp $"); +RCSID("$Id: mk_priv.c,v 1.29 2001/05/14 06:14:49 assar Exp $"); /* * @@ -87,8 +87,10 @@ krb5_mk_priv(krb5_context context, buf_size = 1024; buf = malloc (buf_size); - if (buf == NULL) + if (buf == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } krb5_data_zero (&s.enc_part.cipher); @@ -102,6 +104,7 @@ krb5_mk_priv(krb5_context context, buf_size *= 2; tmp = realloc (buf, buf_size); if (tmp == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); ret = ENOMEM; goto fail; } @@ -144,6 +147,7 @@ krb5_mk_priv(krb5_context context, buf_size *= 2; tmp = realloc (buf, buf_size); if (tmp == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); ret = ENOMEM; goto fail; } @@ -158,6 +162,7 @@ krb5_mk_priv(krb5_context context, outbuf->length = len; outbuf->data = malloc (len); if (outbuf->data == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); free(buf); return ENOMEM; } diff --git a/crypto/heimdal/lib/krb5/mk_rep.c b/crypto/heimdal/lib/krb5/mk_rep.c index ad750b0..fc6b4f2 100644 --- a/crypto/heimdal/lib/krb5/mk_rep.c +++ b/crypto/heimdal/lib/krb5/mk_rep.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: mk_rep.c,v 1.18 2000/12/06 20:57:23 joda Exp $"); +RCSID("$Id: mk_rep.c,v 1.19 2001/05/14 06:14:49 assar Exp $"); krb5_error_code krb5_mk_rep(krb5_context context, @@ -61,8 +61,10 @@ krb5_mk_rep(krb5_context context, auth_context->keyblock, &auth_context->local_seqnumber); body.seq_number = malloc (sizeof(*body.seq_number)); - if (body.seq_number == NULL) + if (body.seq_number == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } *(body.seq_number) = auth_context->local_seqnumber; } else body.seq_number = NULL; @@ -74,6 +76,7 @@ krb5_mk_rep(krb5_context context, buf = malloc (buf_size); if (buf == NULL) { free_EncAPRepPart (&body); + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } @@ -106,6 +109,7 @@ krb5_mk_rep(krb5_context context, buf = realloc(buf, buf_size); if(buf == NULL) { free_AP_REP (&ap); + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } ret = encode_AP_REP (buf + buf_size - 1, buf_size, &ap, &len); diff --git a/crypto/heimdal/lib/krb5/mk_req.c b/crypto/heimdal/lib/krb5/mk_req.c index a30c19e..dbe7f3d 100644 --- a/crypto/heimdal/lib/krb5/mk_req.c +++ b/crypto/heimdal/lib/krb5/mk_req.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: mk_req.c,v 1.22 2000/11/15 06:50:53 assar Exp $"); +RCSID("$Id: mk_req.c,v 1.23 2001/05/14 06:14:49 assar Exp $"); krb5_error_code krb5_mk_req_exact(krb5_context context, diff --git a/crypto/heimdal/lib/krb5/mk_req_ext.c b/crypto/heimdal/lib/krb5/mk_req_ext.c index f0f572c..5ab7a1c 100644 --- a/crypto/heimdal/lib/krb5/mk_req_ext.c +++ b/crypto/heimdal/lib/krb5/mk_req_ext.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: mk_req_ext.c,v 1.24 2000/11/15 07:01:26 assar Exp $"); +RCSID("$Id: mk_req_ext.c,v 1.25 2001/05/09 07:15:00 assar Exp $"); krb5_error_code krb5_mk_req_internal(krb5_context context, @@ -99,6 +99,7 @@ krb5_mk_req_internal(krb5_context context, /* this is to make DCE secd (and older MIT kdcs?) happy */ ret = krb5_create_checksum(context, NULL, + 0, CKSUMTYPE_RSA_MD4, in_data->data, in_data->length, @@ -112,6 +113,7 @@ krb5_mk_req_internal(krb5_context context, ret = krb5_create_checksum(context, crypto, checksum_usage, + 0, in_data->data, in_data->length, &c); diff --git a/crypto/heimdal/lib/krb5/mk_safe.c b/crypto/heimdal/lib/krb5/mk_safe.c index 2803d38..085ebaf 100644 --- a/crypto/heimdal/lib/krb5/mk_safe.c +++ b/crypto/heimdal/lib/krb5/mk_safe.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: mk_safe.c,v 1.24 2000/08/18 06:48:40 assar Exp $"); +RCSID("$Id: mk_safe.c,v 1.26 2001/05/14 06:14:50 assar Exp $"); krb5_error_code krb5_mk_safe(krb5_context context, @@ -48,6 +48,7 @@ krb5_mk_safe(krb5_context context, KerberosTime sec2; int usec2; u_char *buf = NULL; + void *tmp; size_t buf_size; size_t len; u_int32_t tmp_seq; @@ -78,8 +79,10 @@ krb5_mk_safe(krb5_context context, buf_size = length_KRB_SAFE(&s); buf = malloc(buf_size + 128); /* add some for checksum */ - if(buf == NULL) + if(buf == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } ret = encode_KRB_SAFE (buf + buf_size - 1, buf_size, &s, &len); if (ret) { free (buf); @@ -93,6 +96,7 @@ krb5_mk_safe(krb5_context context, ret = krb5_create_checksum(context, crypto, KRB5_KU_KRB_SAFE_CKSUM, + 0, buf + buf_size - len, len, &s.cksum); @@ -103,9 +107,13 @@ krb5_mk_safe(krb5_context context, } buf_size = length_KRB_SAFE(&s); - buf = realloc(buf, buf_size); - if(buf == NULL) + tmp = realloc(buf, buf_size); + if(tmp == NULL) { + free(buf); + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } + buf = tmp; ret = encode_KRB_SAFE (buf + buf_size - 1, buf_size, &s, &len); free_Checksum (&s.cksum); @@ -114,6 +122,7 @@ krb5_mk_safe(krb5_context context, outbuf->data = malloc (len); if (outbuf->data == NULL) { free (buf); + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } memcpy (outbuf->data, buf + buf_size - len, len); diff --git a/crypto/heimdal/lib/krb5/n-fold-test.c b/crypto/heimdal/lib/krb5/n-fold-test.c index 814dc6f..7cf4905 100644 --- a/crypto/heimdal/lib/krb5/n-fold-test.c +++ b/crypto/heimdal/lib/krb5/n-fold-test.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,7 +32,7 @@ #include "krb5_locl.h" -RCSID("$Id: n-fold-test.c,v 1.3 1999/07/22 11:45:33 assar Exp $"); +RCSID("$Id: n-fold-test.c,v 1.4 2001/03/12 07:42:30 assar Exp $"); enum { MAXSIZE = 24 }; @@ -74,6 +74,21 @@ static struct testcase { 0xbd, 0x22, 0x28, 0x91, 0x56, 0xc0, 0x06, 0xa0, 0xdc, 0xf5, 0xb6, 0xc2, 0xda, 0x6c} }, + {"password", 7, + {0x78, 0xa0, 0x7b, 0x6c, 0xaf, 0x85, 0xfa} + }, + {"Rough Consensus, and Running Code", 8, + {0xbb, 0x6e, 0xd3, 0x08, 0x70, 0xb7, 0xf0, 0xe0}, + }, + {"password", 21, + {0x59, 0xe4, 0xa8, 0xca, 0x7c, 0x03, 0x85, 0xc3, 0xc3, 0x7b, 0x3f, + 0x6d, 0x20, 0x00, 0x24, 0x7c, 0xb6, 0xe6, 0xbd, 0x5b, 0x3e}, + }, + {"MASSACHVSETTS INSTITVTE OF TECHNOLOGY", 24, + {0xdb, 0x3b, 0x0d, 0x8f, 0x0b, 0x06, 0x1e, 0x60, 0x32, 0x82, 0xb3, + 0x08, 0xa5, 0x08, 0x41, 0x22, 0x9a, 0xd7, 0x98, 0xfa, 0xb9, 0x54, + 0x0c, 0x1b} + }, {NULL, 0} }; diff --git a/crypto/heimdal/lib/krb5/principal.c b/crypto/heimdal/lib/krb5/principal.c index 7be1d93..0bffef4 100644 --- a/crypto/heimdal/lib/krb5/principal.c +++ b/crypto/heimdal/lib/krb5/principal.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -41,7 +41,7 @@ #include <fnmatch.h> #include "resolve.h" -RCSID("$Id: principal.c,v 1.73 2000/10/16 03:42:14 assar Exp $"); +RCSID("$Id: principal.c,v 1.74 2001/05/14 06:14:50 assar Exp $"); #define princ_num_comp(P) ((P)->name.name_string.len) #define princ_type(P) ((P)->name.name_type) @@ -82,20 +82,26 @@ krb5_parse_name(krb5_context context, ncomp = 1; for(p = (char*)name; *p; p++){ if(*p=='\\'){ - if(!p[1]) + if(!p[1]) { + krb5_set_error_string (context, + "trailing \\ in principal name"); return KRB5_PARSE_MALFORMED; + } p++; } else if(*p == '/') ncomp++; } comp = calloc(ncomp, sizeof(*comp)); - if (comp == NULL) + if (comp == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } n = 0; start = q = p = s = strdup(name); if (start == NULL) { free (comp); + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } while(*p){ @@ -112,11 +118,14 @@ krb5_parse_name(krb5_context context, c = '\0'; }else if(c == '/' || c == '@'){ if(got_realm){ + krb5_set_error_string (context, + "part after realm in principal name"); ret = KRB5_PARSE_MALFORMED; goto exit; }else{ comp[n] = malloc(q - start + 1); if (comp[n] == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); ret = ENOMEM; goto exit; } @@ -130,6 +139,8 @@ krb5_parse_name(krb5_context context, continue; } if(got_realm && (c == ':' || c == '/' || c == '\0')) { + krb5_set_error_string (context, + "part after realm in principal name"); ret = KRB5_PARSE_MALFORMED; goto exit; } @@ -138,6 +149,7 @@ krb5_parse_name(krb5_context context, if(got_realm){ realm = malloc(q - start + 1); if (realm == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); ret = ENOMEM; goto exit; } @@ -150,6 +162,7 @@ krb5_parse_name(krb5_context context, comp[n] = malloc(q - start + 1); if (comp[n] == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); ret = ENOMEM; goto exit; } @@ -159,6 +172,7 @@ krb5_parse_name(krb5_context context, } *principal = malloc(sizeof(**principal)); if (*principal == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); ret = ENOMEM; goto exit; } @@ -278,8 +292,10 @@ unparse_name(krb5_context context, len++; } *name = malloc(len); - if(len != 0 && *name == NULL) + if(len != 0 && *name == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } ret = unparse_name_fixed(context, principal, *name, len, short_flag); if(ret) free(*name); @@ -356,12 +372,16 @@ append_component(krb5_context context, krb5_principal p, size_t len = princ_num_comp(p); tmp = realloc(princ_comp(p), (len + 1) * sizeof(*tmp)); - if(tmp == NULL) + if(tmp == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } princ_comp(p) = tmp; princ_ncomp(p, len) = malloc(comp_len + 1); - if (princ_ncomp(p, len) == NULL) + if (princ_ncomp(p, len) == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } memcpy (princ_ncomp(p, len), comp, comp_len); princ_ncomp(p, len)[comp_len] = '\0'; princ_num_comp(p)++; @@ -406,13 +426,16 @@ build_principal(krb5_context context, krb5_principal p; p = calloc(1, sizeof(*p)); - if (p == NULL) + if (p == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } princ_type(p) = KRB5_NT_PRINCIPAL; princ_realm(p) = strdup(realm); if(p->realm == NULL){ free(p); + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } @@ -487,10 +510,15 @@ krb5_copy_principal(krb5_context context, krb5_principal *outprinc) { krb5_principal p = malloc(sizeof(*p)); - if (p == NULL) + if (p == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; - if(copy_Principal(inprinc, p)) + } + if(copy_Principal(inprinc, p)) { + free(p); + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } *outprinc = p; return 0; } @@ -667,6 +695,7 @@ krb5_425_conv_principal_ext(krb5_context context, } krb5_free_principal(context, pr); *princ = NULL; + krb5_clear_error_string (context); return HEIM_ERR_V4_PRINC_NO_CONV; } if(resolve){ @@ -688,6 +717,7 @@ krb5_425_conv_principal_ext(krb5_context context, #ifdef USE_RESOLVER dns_free_data(r); #endif + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } ret = krb5_make_principal(context, &pr, realm, name, low_inst, @@ -731,6 +761,7 @@ krb5_425_conv_principal_ext(krb5_context context, "default_domain", NULL); if(p == NULL){ /* this should be an error, just faking a name is not good */ + krb5_clear_error_string (context); return HEIM_ERR_V4_PRINC_NO_CONV; } @@ -743,6 +774,7 @@ krb5_425_conv_principal_ext(krb5_context context, return 0; } krb5_free_principal(context, pr); + krb5_clear_error_string (context); return HEIM_ERR_V4_PRINC_NO_CONV; no_host: p = krb5_config_get_string(context, NULL, @@ -768,6 +800,7 @@ no_host: return 0; } krb5_free_principal(context, pr); + krb5_clear_error_string (context); return HEIM_ERR_V4_PRINC_NO_CONV; } @@ -888,6 +921,9 @@ krb5_524_conv_principal(krb5_context context, i = principal->name.name_string.val[1]; break; default: + krb5_set_error_string (context, + "cannot convert a %d component principal", + principal->name.name_string.len); return KRB5_PARSE_MALFORMED; } @@ -910,12 +946,21 @@ krb5_524_conv_principal(krb5_context context, i = tmpinst; } - if (strlcpy (name, n, aname_sz) >= aname_sz) + if (strlcpy (name, n, aname_sz) >= aname_sz) { + krb5_set_error_string (context, + "too long name component to convert"); return KRB5_PARSE_MALFORMED; - if (strlcpy (instance, i, aname_sz) >= aname_sz) + } + if (strlcpy (instance, i, aname_sz) >= aname_sz) { + krb5_set_error_string (context, + "too long instance component to convert"); return KRB5_PARSE_MALFORMED; - if (strlcpy (realm, r, aname_sz) >= aname_sz) + } + if (strlcpy (realm, r, aname_sz) >= aname_sz) { + krb5_set_error_string (context, + "too long realm component to convert"); return KRB5_PARSE_MALFORMED; + } return 0; } @@ -934,8 +979,11 @@ krb5_sname_to_principal (krb5_context context, char localhost[MAXHOSTNAMELEN]; char **realms, *host = NULL; - if(type != KRB5_NT_SRV_HST && type != KRB5_NT_UNKNOWN) + if(type != KRB5_NT_SRV_HST && type != KRB5_NT_UNKNOWN) { + krb5_set_error_string (context, "unsupported name type %d", + type); return KRB5_SNAME_UNSUPP_NAMETYPE; + } if(hostname == NULL) { gethostname(localhost, sizeof(localhost)); hostname = localhost; diff --git a/crypto/heimdal/lib/krb5/prog_setup.c b/crypto/heimdal/lib/krb5/prog_setup.c index dc3b119..3f5efb6 100644 --- a/crypto/heimdal/lib/krb5/prog_setup.c +++ b/crypto/heimdal/lib/krb5/prog_setup.c @@ -35,7 +35,7 @@ #include <getarg.h> #include <err.h> -RCSID("$Id: prog_setup.c,v 1.8 2001/01/25 11:20:32 assar Exp $"); +RCSID("$Id: prog_setup.c,v 1.9 2001/02/20 01:44:54 assar Exp $"); void krb5_std_usage(int code, struct getargs *args, int num_args) @@ -55,7 +55,7 @@ krb5_program_setup(krb5_context *context, int argc, char **argv, if(usage == NULL) usage = krb5_std_usage; - set_progname(argv[0]); + setprogname(argv[0]); ret = krb5_init_context(context); if (ret) errx (1, "krb5_init_context failed: %d", ret); diff --git a/crypto/heimdal/lib/krb5/prompter_posix.c b/crypto/heimdal/lib/krb5/prompter_posix.c index a849254..4b9c573 100644 --- a/crypto/heimdal/lib/krb5/prompter_posix.c +++ b/crypto/heimdal/lib/krb5/prompter_posix.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,17 +33,20 @@ #include "krb5_locl.h" -RCSID("$Id: prompter_posix.c,v 1.5 1999/12/02 17:05:11 joda Exp $"); +RCSID("$Id: prompter_posix.c,v 1.6 2001/05/11 20:26:49 assar Exp $"); int krb5_prompter_posix (krb5_context context, void *data, + const char *name, const char *banner, int num_prompts, krb5_prompt prompts[]) { int i; + if (name) + fprintf (stderr, "%s\n", name); if (banner) fprintf (stderr, "%s\n", banner); for (i = 0; i < num_prompts; ++i) { diff --git a/crypto/heimdal/lib/krb5/rd_cred.c b/crypto/heimdal/lib/krb5/rd_cred.c index ca8ff02..c7729b1 100644 --- a/crypto/heimdal/lib/krb5/rd_cred.c +++ b/crypto/heimdal/lib/krb5/rd_cred.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: rd_cred.c,v 1.12 2001/01/04 16:19:00 joda Exp $"); +RCSID("$Id: rd_cred.c,v 1.14 2001/05/14 06:14:50 assar Exp $"); krb5_error_code krb5_rd_cred(krb5_context context, @@ -50,6 +50,8 @@ krb5_rd_cred(krb5_context context, krb5_crypto crypto; int i; + *ret_creds = NULL; + ret = decode_KRB_CRED(in_data->data, in_data->length, &cred, &len); if(ret) @@ -57,11 +59,13 @@ krb5_rd_cred(krb5_context context, if (cred.pvno != 5) { ret = KRB5KRB_AP_ERR_BADVERSION; + krb5_clear_error_string (context); goto out; } if (cred.msg_type != krb_cred) { ret = KRB5KRB_AP_ERR_MSG_TYPE; + krb5_clear_error_string (context); goto out; } @@ -108,7 +112,7 @@ krb5_rd_cred(krb5_context context, krb5_address *a; int cmp; - ret = krb5_make_addrport (&a, + ret = krb5_make_addrport (context, &a, auth_context->remote_address, auth_context->remote_port); if (ret) @@ -123,6 +127,7 @@ krb5_rd_cred(krb5_context context, free (a); if (cmp == 0) { + krb5_clear_error_string (context); ret = KRB5KRB_AP_ERR_BADADDR; goto out; } @@ -135,6 +140,7 @@ krb5_rd_cred(krb5_context context, && !krb5_address_compare (context, auth_context->local_address, enc_krb_cred_part.r_address)) { + krb5_clear_error_string (context); ret = KRB5KRB_AP_ERR_BADADDR; goto out; } @@ -149,6 +155,7 @@ krb5_rd_cred(krb5_context context, enc_krb_cred_part.usec == NULL || abs(*enc_krb_cred_part.timestamp - sec) > context->max_skew) { + krb5_clear_error_string (context); ret = KRB5KRB_AP_ERR_SKEW; goto out; } @@ -183,6 +190,7 @@ krb5_rd_cred(krb5_context context, creds = calloc(1, sizeof(*creds)); if(creds == NULL) { ret = ENOMEM; + krb5_set_error_string (context, "malloc: out of memory"); goto out; } diff --git a/crypto/heimdal/lib/krb5/rd_error.c b/crypto/heimdal/lib/krb5/rd_error.c index df9b45e..ca02f3d 100644 --- a/crypto/heimdal/lib/krb5/rd_error.c +++ b/crypto/heimdal/lib/krb5/rd_error.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: rd_error.c,v 1.4 1999/12/02 17:05:12 joda Exp $"); +RCSID("$Id: rd_error.c,v 1.6 2001/05/15 06:35:10 assar Exp $"); krb5_error_code krb5_rd_error(krb5_context context, @@ -43,11 +43,12 @@ krb5_rd_error(krb5_context context, size_t len; krb5_error_code ret; + ret = decode_KRB_ERROR(msg->data, msg->length, result, &len); if(ret) return ret; result->error_code += KRB5KDC_ERR_NONE; - return 0; + return 0; } void @@ -64,3 +65,56 @@ krb5_free_error (krb5_context context, krb5_free_error_contents (context, error); free (error); } + +krb5_error_code +krb5_error_from_rd_error(krb5_context context, + const krb5_error *error, + const krb5_creds *creds) +{ + krb5_error_code ret; + + ret = error->error_code; + if (error->e_text != NULL) { + krb5_set_error_string(context, "%s", *error->e_text); + } else { + char clientname[256], servername[256]; + + if (creds != NULL) { + krb5_unparse_name_fixed(context, creds->client, + clientname, sizeof(clientname)); + krb5_unparse_name_fixed(context, creds->server, + servername, sizeof(servername)); + } + + switch (ret) { + case KRB5KDC_ERR_NAME_EXP : + krb5_set_error_string(context, "Client %s%s%s expired", + creds ? "(" : "", + creds ? clientname : "", + creds ? ")" : ""); + break; + case KRB5KDC_ERR_SERVICE_EXP : + krb5_set_error_string(context, "Server %s%s%s expired", + creds ? "(" : "", + creds ? servername : "", + creds ? ")" : ""); + break; + case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN : + krb5_set_error_string(context, "Client %s%s%s unknown", + creds ? "(" : "", + creds ? clientname : "", + creds ? ")" : ""); + break; + case KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN : + krb5_set_error_string(context, "Server %s%s%s unknown", + creds ? "(" : "", + creds ? servername : "", + creds ? ")" : ""); + break; + default : + krb5_clear_error_string(context); + break; + } + } + return ret; +} diff --git a/crypto/heimdal/lib/krb5/rd_priv.c b/crypto/heimdal/lib/krb5/rd_priv.c index 62350ba..1447c14 100644 --- a/crypto/heimdal/lib/krb5/rd_priv.c +++ b/crypto/heimdal/lib/krb5/rd_priv.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: rd_priv.c,v 1.27 2001/01/19 04:27:09 assar Exp $"); +RCSID("$Id: rd_priv.c,v 1.28 2001/05/14 06:14:50 assar Exp $"); krb5_error_code krb5_rd_priv(krb5_context context, @@ -55,10 +55,12 @@ krb5_rd_priv(krb5_context context, if (ret) goto failure; if (priv.pvno != 5) { + krb5_clear_error_string (context); ret = KRB5KRB_AP_ERR_BADVERSION; goto failure; } if (priv.msg_type != krb_priv) { + krb5_clear_error_string (context); ret = KRB5KRB_AP_ERR_MSG_TYPE; goto failure; } @@ -96,6 +98,7 @@ krb5_rd_priv(krb5_context context, && !krb5_address_compare (context, auth_context->remote_address, part.s_address)) { + krb5_clear_error_string (context); ret = KRB5KRB_AP_ERR_BADADDR; goto failure_part; } @@ -107,6 +110,7 @@ krb5_rd_priv(krb5_context context, && !krb5_address_compare (context, auth_context->local_address, part.r_address)) { + krb5_clear_error_string (context); ret = KRB5KRB_AP_ERR_BADADDR; goto failure_part; } @@ -119,6 +123,7 @@ krb5_rd_priv(krb5_context context, if (part.timestamp == NULL || part.usec == NULL || abs(*part.timestamp - sec) > context->max_skew) { + krb5_clear_error_string (context); ret = KRB5KRB_AP_ERR_SKEW; goto failure_part; } @@ -135,6 +140,7 @@ krb5_rd_priv(krb5_context context, && auth_context->remote_seqnumber != 0) || (part.seq_number != NULL && *part.seq_number != auth_context->remote_seqnumber)) { + krb5_clear_error_string (context); ret = KRB5KRB_AP_ERR_BADORDER; goto failure_part; } diff --git a/crypto/heimdal/lib/krb5/rd_rep.c b/crypto/heimdal/lib/krb5/rd_rep.c index 20f2033..7462b3d 100644 --- a/crypto/heimdal/lib/krb5/rd_rep.c +++ b/crypto/heimdal/lib/krb5/rd_rep.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: rd_rep.c,v 1.20 2000/08/18 06:49:03 assar Exp $"); +RCSID("$Id: rd_rep.c,v 1.21 2001/05/14 06:14:50 assar Exp $"); krb5_error_code krb5_rd_rep(krb5_context context, @@ -55,10 +55,12 @@ krb5_rd_rep(krb5_context context, return ret; if (ap_rep.pvno != 5) { ret = KRB5KRB_AP_ERR_BADVERSION; + krb5_clear_error_string (context); goto out; } if (ap_rep.msg_type != krb_ap_rep) { ret = KRB5KRB_AP_ERR_MSG_TYPE; + krb5_clear_error_string (context); goto out; } @@ -77,6 +79,7 @@ krb5_rd_rep(krb5_context context, *repl = malloc(sizeof(**repl)); if (*repl == NULL) { ret = ENOMEM; + krb5_set_error_string (context, "malloc: out of memory"); goto out; } ret = krb5_decode_EncAPRepPart(context, @@ -90,6 +93,7 @@ krb5_rd_rep(krb5_context context, if ((*repl)->ctime != auth_context->authenticator->ctime || (*repl)->cusec != auth_context->authenticator->cusec) { ret = KRB5KRB_AP_ERR_MUT_FAIL; + krb5_clear_error_string (context); goto out; } if ((*repl)->seq_number) diff --git a/crypto/heimdal/lib/krb5/rd_req.c b/crypto/heimdal/lib/krb5/rd_req.c index 922137a..b7059e1 100644 --- a/crypto/heimdal/lib/krb5/rd_req.c +++ b/crypto/heimdal/lib/krb5/rd_req.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: rd_req.c,v 1.44 2000/11/15 23:16:28 assar Exp $"); +RCSID("$Id: rd_req.c,v 1.45 2001/05/14 06:14:50 assar Exp $"); static krb5_error_code decrypt_tkt_enc_part (krb5_context context, @@ -113,14 +113,17 @@ krb5_decode_ap_req(krb5_context context, return ret; if (ap_req->pvno != 5){ free_AP_REQ(ap_req); + krb5_clear_error_string (context); return KRB5KRB_AP_ERR_BADVERSION; } if (ap_req->msg_type != krb_ap_req){ free_AP_REQ(ap_req); + krb5_clear_error_string (context); return KRB5KRB_AP_ERR_MSG_TYPE; } if (ap_req->ticket.tkt_vno != 5){ free_AP_REQ(ap_req); + krb5_clear_error_string (context); return KRB5KRB_AP_ERR_BADVERSION; } return 0; @@ -150,10 +153,12 @@ krb5_decrypt_ticket(krb5_context context, || (t.flags.invalid && !(flags & KRB5_VERIFY_AP_REQ_IGNORE_INVALID))) { free_EncTicketPart(&t); + krb5_clear_error_string (context); return KRB5KRB_AP_ERR_TKT_NYV; } if(now - t.endtime > context->max_skew) { free_EncTicketPart(&t); + krb5_clear_error_string (context); return KRB5KRB_AP_ERR_TKT_EXPIRED; } } @@ -320,6 +325,7 @@ krb5_verify_ap_req2(krb5_context context, krb5_free_principal (context, p2); if (!res) { ret = KRB5KRB_AP_ERR_BADMATCH; + krb5_clear_error_string (context); goto out2; } } @@ -332,6 +338,7 @@ krb5_verify_ap_req2(krb5_context context, ac->remote_address, t.ticket.caddr)) { ret = KRB5KRB_AP_ERR_BADADDR; + krb5_clear_error_string (context); goto out2; } diff --git a/crypto/heimdal/lib/krb5/rd_safe.c b/crypto/heimdal/lib/krb5/rd_safe.c index 07628d9..62d3646 100644 --- a/crypto/heimdal/lib/krb5/rd_safe.c +++ b/crypto/heimdal/lib/krb5/rd_safe.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: rd_safe.c,v 1.23 2001/01/19 04:25:37 assar Exp $"); +RCSID("$Id: rd_safe.c,v 1.24 2001/05/14 06:14:51 assar Exp $"); static krb5_error_code verify_checksum(krb5_context context, @@ -58,6 +58,7 @@ verify_checksum(krb5_context context, if (buf == NULL) { ret = ENOMEM; + krb5_set_error_string (context, "malloc: out of memory"); goto out; } @@ -97,15 +98,18 @@ krb5_rd_safe(krb5_context context, return ret; if (safe.pvno != 5) { ret = KRB5KRB_AP_ERR_BADVERSION; + krb5_clear_error_string (context); goto failure; } if (safe.msg_type != krb_safe) { ret = KRB5KRB_AP_ERR_MSG_TYPE; + krb5_clear_error_string (context); goto failure; } if (!krb5_checksum_is_keyed(context, safe.cksum.cksumtype) || !krb5_checksum_is_collision_proof(context, safe.cksum.cksumtype)) { ret = KRB5KRB_AP_ERR_INAPP_CKSUM; + krb5_clear_error_string (context); goto failure; } @@ -117,6 +121,7 @@ krb5_rd_safe(krb5_context context, auth_context->remote_address, safe.safe_body.s_address)) { ret = KRB5KRB_AP_ERR_BADADDR; + krb5_clear_error_string (context); goto failure; } @@ -128,6 +133,7 @@ krb5_rd_safe(krb5_context context, auth_context->local_address, safe.safe_body.r_address)) { ret = KRB5KRB_AP_ERR_BADADDR; + krb5_clear_error_string (context); goto failure; } @@ -141,6 +147,7 @@ krb5_rd_safe(krb5_context context, safe.safe_body.usec == NULL || abs(*safe.safe_body.timestamp - sec) > context->max_skew) { ret = KRB5KRB_AP_ERR_SKEW; + krb5_clear_error_string (context); goto failure; } } @@ -157,6 +164,7 @@ krb5_rd_safe(krb5_context context, && *safe.safe_body.seq_number != auth_context->remote_seqnumber)) { ret = KRB5KRB_AP_ERR_BADORDER; + krb5_clear_error_string (context); goto failure; } auth_context->remote_seqnumber++; @@ -170,6 +178,7 @@ krb5_rd_safe(krb5_context context, outbuf->data = malloc(outbuf->length); if (outbuf->data == NULL) { ret = ENOMEM; + krb5_set_error_string (context, "malloc: out of memory"); goto failure; } memcpy (outbuf->data, safe.safe_body.user_data.data, outbuf->length); diff --git a/crypto/heimdal/lib/krb5/read_message.c b/crypto/heimdal/lib/krb5/read_message.c index 45d6b62..124499a 100644 --- a/crypto/heimdal/lib/krb5/read_message.c +++ b/crypto/heimdal/lib/krb5/read_message.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: read_message.c,v 1.7 2000/07/21 22:54:09 joda Exp $"); +RCSID("$Id: read_message.c,v 1.8 2001/05/14 06:14:51 assar Exp $"); krb5_error_code krb5_read_message (krb5_context context, @@ -45,8 +45,11 @@ krb5_read_message (krb5_context context, u_int8_t buf[4]; ret = krb5_net_read (context, p_fd, buf, 4); - if(ret == -1) - return errno; + if(ret == -1) { + ret = errno; + krb5_clear_error_string (context); + return ret; + } if(ret < 4) { data->length = 0; return HEIM_ERR_EOF; @@ -56,8 +59,10 @@ krb5_read_message (krb5_context context, if (ret) return ret; if (krb5_net_read (context, p_fd, data->data, len) != len) { + ret = errno; krb5_data_free (data); - return errno; + krb5_clear_error_string (context); + return ret; } return 0; } @@ -76,8 +81,6 @@ krb5_read_priv_message(krb5_context context, return ret; ret = krb5_rd_priv (context, ac, &packet, data, NULL); krb5_data_free(&packet); - if(ret) - return ret; return ret; } @@ -95,7 +98,5 @@ krb5_read_safe_message(krb5_context context, return ret; ret = krb5_rd_safe (context, ac, &packet, data, NULL); krb5_data_free(&packet); - if(ret) - return ret; return ret; } diff --git a/crypto/heimdal/lib/krb5/recvauth.c b/crypto/heimdal/lib/krb5/recvauth.c index 3c11254..806a765 100644 --- a/crypto/heimdal/lib/krb5/recvauth.c +++ b/crypto/heimdal/lib/krb5/recvauth.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: recvauth.c,v 1.13 2000/12/06 20:59:05 joda Exp $"); +RCSID("$Id: recvauth.c,v 1.15 2001/05/14 06:14:51 assar Exp $"); /* * See `sendauth.c' for the format. @@ -101,44 +101,61 @@ krb5_recvauth_match_version(krb5_context context, if(!(flags & KRB5_RECVAUTH_IGNORE_VERSION)) { n = krb5_net_read (context, p_fd, &len, 4); - if (n < 0) - return errno; - if (n == 0) + if (n < 0) { + ret = errno; + krb5_set_error_string (context, "read: %s", strerror(errno)); + return ret; + } + if (n == 0) { + krb5_clear_error_string (context); return KRB5_SENDAUTH_BADAUTHVERS; + } len = ntohl(len); if (len != sizeof(her_version) || krb5_net_read (context, p_fd, her_version, len) != len || strncmp (version, her_version, len)) { repl = 1; krb5_net_write (context, p_fd, &repl, 1); + krb5_clear_error_string (context); return KRB5_SENDAUTH_BADAUTHVERS; } } n = krb5_net_read (context, p_fd, &len, 4); - if (n < 0) - return errno; - if (n == 0) + if (n < 0) { + ret = errno; + krb5_set_error_string (context, "read: %s", strerror(errno)); + return ret; + } + if (n == 0) { + krb5_clear_error_string (context); return KRB5_SENDAUTH_BADAPPLVERS; + } len = ntohl(len); her_appl_version = malloc (len); if (her_appl_version == NULL) { repl = 2; krb5_net_write (context, p_fd, &repl, 1); + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } if (krb5_net_read (context, p_fd, her_appl_version, len) != len || !(*match_appl_version)(match_data, her_appl_version)) { repl = 2; krb5_net_write (context, p_fd, &repl, 1); + krb5_set_error_string (context, "wrong sendauth version (%s)", + her_appl_version); free (her_appl_version); return KRB5_SENDAUTH_BADAPPLVERS; } free (her_appl_version); repl = 0; - if (krb5_net_write (context, p_fd, &repl, 1) != 1) - return errno; + if (krb5_net_write (context, p_fd, &repl, 1) != 1) { + ret = errno; + krb5_set_error_string (context, "write: %s", strerror(errno)); + return ret; + } krb5_data_zero (&data); ret = krb5_read_message (context, p_fd, &data); @@ -163,7 +180,8 @@ krb5_recvauth_match_version(krb5_context context, NULL, NULL, server, - 0, + NULL, + NULL, &error_data); if (ret2 == 0) { krb5_write_message (context, p_fd, &error_data); @@ -173,8 +191,11 @@ krb5_recvauth_match_version(krb5_context context, } len = 0; - if (krb5_net_write (context, p_fd, &len, 4) != 4) - return errno; + if (krb5_net_write (context, p_fd, &len, 4) != 4) { + ret = errno; + krb5_set_error_string (context, "write: %s", strerror(errno)); + return ret; + } if (ap_options & AP_OPTS_MUTUAL_REQUIRED) { ret = krb5_mk_rep (context, *auth_context, &data); diff --git a/crypto/heimdal/lib/krb5/replay.c b/crypto/heimdal/lib/krb5/replay.c index 2935cfc..d4f5569 100644 --- a/crypto/heimdal/lib/krb5/replay.c +++ b/crypto/heimdal/lib/krb5/replay.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include <vis.h> -RCSID("$Id: replay.c,v 1.7 2001/01/29 02:09:00 assar Exp $"); +RCSID("$Id: replay.c,v 1.8 2001/05/14 06:14:51 assar Exp $"); struct krb5_rcache_data { char *name; @@ -46,8 +46,10 @@ krb5_rc_resolve(krb5_context context, const char *name) { id->name = strdup(name); - if(id->name == NULL) + if(id->name == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return KRB5_RC_MALLOC; + } return 0; } @@ -56,11 +58,16 @@ krb5_rc_resolve_type(krb5_context context, krb5_rcache *id, const char *type) { - if(strcmp(type, "FILE")) + if(strcmp(type, "FILE")) { + krb5_set_error_string (context, "replay cache type %s not supported", + type); return KRB5_RC_TYPE_NOTFOUND; + } *id = calloc(1, sizeof(**id)); - if(*id == NULL) + if(*id == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return KRB5_RC_MALLOC; + } return 0; } @@ -70,8 +77,11 @@ krb5_rc_resolve_full(krb5_context context, const char *string_name) { krb5_error_code ret; - if(strncmp(string_name, "FILE:", 5)) + if(strncmp(string_name, "FILE:", 5)) { + krb5_set_error_string (context, "replay cache type %s not supported", + string_name); return KRB5_RC_TYPE_NOTFOUND; + } ret = krb5_rc_resolve_type(context, id, "FILE"); if(ret) return ret; @@ -110,8 +120,14 @@ krb5_rc_initialize(krb5_context context, { FILE *f = fopen(id->name, "w"); struct rc_entry tmp; - if(f == NULL) - return errno; + int ret; + + if(f == NULL) { + ret = errno; + krb5_set_error_string (context, "open(%s): %s", id->name, + strerror(ret)); + return ret; + } tmp.stamp = auth_lifespan; fwrite(&tmp, 1, sizeof(tmp), f); fclose(f); @@ -129,8 +145,14 @@ krb5_error_code krb5_rc_destroy(krb5_context context, krb5_rcache id) { - if(remove(id->name) < 0) - return errno; + int ret; + + if(remove(id->name) < 0) { + ret = errno; + krb5_set_error_string (context, "remove(%s): %s", id->name, + strerror(ret)); + return ret; + } return krb5_rc_close(context, id); } @@ -167,11 +189,17 @@ krb5_rc_store(krb5_context context, struct rc_entry ent, tmp; time_t t; FILE *f; + int ret; + ent.stamp = time(NULL); checksum_authenticator(rep, ent.data); f = fopen(id->name, "r"); - if(f == NULL) - return errno; + if(f == NULL) { + ret = errno; + krb5_set_error_string (context, "open(%s): %s", id->name, + strerror(ret)); + return ret; + } fread(&tmp, sizeof(ent), 1, f); t = ent.stamp - tmp.stamp; while(fread(&tmp, sizeof(ent), 1, f)){ @@ -179,17 +207,23 @@ krb5_rc_store(krb5_context context, continue; if(memcmp(tmp.data, ent.data, sizeof(ent.data)) == 0){ fclose(f); + krb5_clear_error_string (context); return KRB5_RC_REPLAY; } } if(ferror(f)){ + ret = errno; fclose(f); - return errno; + krb5_set_error_string (context, "%s: %s", id->name, strerror(ret)); + return ret; } fclose(f); f = fopen(id->name, "a"); - if(f == NULL) + if(f == NULL) { + krb5_set_error_string (context, "open(%s): %s", id->name, + strerror(errno)); return KRB5_RC_IO_UNKNOWN; + } fwrite(&ent, 1, sizeof(ent), f); fclose(f); return 0; @@ -216,6 +250,7 @@ krb5_rc_get_lifespan(krb5_context context, *auth_lifespan = ent.stamp; return 0; } + krb5_clear_error_string (context); return KRB5_RC_IO_UNKNOWN; } @@ -243,8 +278,11 @@ krb5_get_server_rcache(krb5_context context, char *tmp = malloc(4 * piece->length + 1); char *name; - if(tmp == NULL) + + if(tmp == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } strvisx(tmp, piece->data, piece->length, VIS_WHITE | VIS_OCTAL); #ifdef HAVE_GETEUID asprintf(&name, "FILE:rc_%s_%u", tmp, geteuid()); @@ -252,8 +290,10 @@ krb5_get_server_rcache(krb5_context context, asprintf(&name, "FILE:rc_%s", tmp); #endif free(tmp); - if(name == NULL) + if(name == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } ret = krb5_rc_resolve_full(context, &rcache, name); free(name); diff --git a/crypto/heimdal/lib/krb5/send_to_kdc.c b/crypto/heimdal/lib/krb5/send_to_kdc.c index e2b884d..5a66f02 100644 --- a/crypto/heimdal/lib/krb5/send_to_kdc.c +++ b/crypto/heimdal/lib/krb5/send_to_kdc.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: send_to_kdc.c,v 1.40 2000/11/15 01:48:23 assar Exp $"); +RCSID("$Id: send_to_kdc.c,v 1.44 2001/05/14 22:49:56 assar Exp $"); /* * send the data in `req' on the socket `fd' (which is datagram iff udp) @@ -267,7 +267,7 @@ send_via_proxy (krb5_context context, ret = getaddrinfo (proxy, portstr, &hints, &ai); free (proxy2); if (ret) - return krb5_eai_to_heim_errno(ret); + return krb5_eai_to_heim_errno(ret, errno); for (a = ai; a != NULL; a = a->ai_next) { s = socket (a->ai_family, a->ai_socktype, a->ai_protocol); @@ -300,7 +300,7 @@ send_via_proxy (krb5_context context, } /* - * Send the data `send' to one KDC in `realm' and get back the reply + * Send the data `send' to one hots in `hostlist' and get back the reply * in `receive'. */ @@ -316,7 +316,7 @@ krb5_sendto (krb5_context context, int fd; int i; - for (i = 0; i < context->max_retries; ++i) + for (i = 0; i < context->max_retries; ++i) { for (hp = hostlist; (p = *hp); ++hp) { char *colon; int http_flag = 0; @@ -368,27 +368,25 @@ krb5_sendto (krb5_context context, close (fd); continue; } - break; - } - if (a == NULL) { - freeaddrinfo (ai); - continue; + if(http_flag) + ret = send_and_recv_http(fd, context->kdc_timeout, + "", send, receive); + else if(tcp_flag) + ret = send_and_recv_tcp (fd, context->kdc_timeout, + send, receive); + else + ret = send_and_recv_udp (fd, context->kdc_timeout, + send, receive); + close (fd); + if(ret == 0 && receive->length != 0) { + freeaddrinfo(ai); + goto out; + } } - freeaddrinfo (ai); - - if(http_flag) - ret = send_and_recv_http(fd, context->kdc_timeout, - "", send, receive); - else if(tcp_flag) - ret = send_and_recv_tcp (fd, context->kdc_timeout, - send, receive); - else - ret = send_and_recv_udp (fd, context->kdc_timeout, - send, receive); - close (fd); - if(ret == 0 && receive->length != 0) - goto out; + freeaddrinfo(ai); } + } + krb5_clear_error_string (context); ret = KRB5_KDC_UNREACH; out: return ret; @@ -415,6 +413,9 @@ krb5_sendto_kdc2(krb5_context context, return ret; ret = krb5_sendto(context, send, hostlist, port, receive); krb5_free_krbhst (context, hostlist); + if (ret == KRB5_KDC_UNREACH) + krb5_set_error_string(context, + "unable to reach any KDC in realm %s", *realm); return ret; } diff --git a/crypto/heimdal/lib/krb5/sendauth.c b/crypto/heimdal/lib/krb5/sendauth.c index b9e8dd0..8f2c544 100644 --- a/crypto/heimdal/lib/krb5/sendauth.c +++ b/crypto/heimdal/lib/krb5/sendauth.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: sendauth.c,v 1.17 1999/12/02 17:05:12 joda Exp $"); +RCSID("$Id: sendauth.c,v 1.18 2001/05/14 06:14:51 assar Exp $"); /* * The format seems to be: @@ -90,23 +90,35 @@ krb5_sendauth(krb5_context context, len = strlen(version) + 1; net_len = htonl(len); if (krb5_net_write (context, p_fd, &net_len, 4) != 4 - || krb5_net_write (context, p_fd, version, len) != len) - return errno; + || krb5_net_write (context, p_fd, version, len) != len) { + ret = errno; + krb5_set_error_string (context, "write: %s", strerror(ret)); + return ret; + } len = strlen(appl_version) + 1; net_len = htonl(len); if (krb5_net_write (context, p_fd, &net_len, 4) != 4 - || krb5_net_write (context, p_fd, appl_version, len) != len) - return errno; + || krb5_net_write (context, p_fd, appl_version, len) != len) { + ret = errno; + krb5_set_error_string (context, "write: %s", strerror(ret)); + return ret; + } sret = krb5_net_read (context, p_fd, &repl, sizeof(repl)); - if (sret < 0) - return errno; - else if (sret != sizeof(repl)) + if (sret < 0) { + ret = errno; + krb5_set_error_string (context, "read: %s", strerror(ret)); + return ret; + } else if (sret != sizeof(repl)) { + krb5_clear_error_string (context); return KRB5_SENDAUTH_BADRESPONSE; + } - if (repl != 0) + if (repl != 0) { + krb5_clear_error_string (context); return KRB5_SENDAUTH_REJECTED; + } if (in_creds == NULL) { if (ccache == NULL) { @@ -170,19 +182,22 @@ krb5_sendauth(krb5_context context, ret = krb5_rd_error (context, &error_data, &error); krb5_data_free (&error_data); if (ret == 0) { + ret = krb5_error_from_rd_error(context, &error, NULL); if (ret_error != NULL) { *ret_error = malloc (sizeof(krb5_error)); if (*ret_error == NULL) { - free_KRB_ERROR(&error); + krb5_free_error_contents (context, &error); } else { **ret_error = error; } } else { - free_KRB_ERROR(&error); + krb5_free_error_contents (context, &error); } - return error.error_code; - } else return ret; + } else { + krb5_clear_error_string(context); + return ret; + } } if (ap_req_options & AP_OPTS_MUTUAL_REQUIRED) { diff --git a/crypto/heimdal/lib/krb5/set_default_realm.c b/crypto/heimdal/lib/krb5/set_default_realm.c index b917a92..9cb49c3 100644 --- a/crypto/heimdal/lib/krb5/set_default_realm.c +++ b/crypto/heimdal/lib/krb5/set_default_realm.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: set_default_realm.c,v 1.11 1999/12/02 17:05:12 joda Exp $"); +RCSID("$Id: set_default_realm.c,v 1.12 2001/05/14 06:14:51 assar Exp $"); /* * Convert the simple string `s' into a NULL-terminated and freshly allocated @@ -41,15 +41,18 @@ RCSID("$Id: set_default_realm.c,v 1.11 1999/12/02 17:05:12 joda Exp $"); */ static krb5_error_code -string_to_list (const char *s, krb5_realm **list) +string_to_list (krb5_context context, const char *s, krb5_realm **list) { *list = malloc (2 * sizeof(**list)); - if (*list == NULL) + if (*list == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } (*list)[0] = strdup (s); if ((*list)[0] == NULL) { free (*list); + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } (*list)[1] = NULL; @@ -77,7 +80,7 @@ krb5_set_default_realm(krb5_context context, if (realms == NULL) ret = krb5_get_host_realm(context, NULL, &realms); } else { - ret = string_to_list (realm, &realms); + ret = string_to_list (context, realm, &realms); } if (ret) return ret; diff --git a/crypto/heimdal/lib/krb5/sock_principal.c b/crypto/heimdal/lib/krb5/sock_principal.c index 477622d..d7a77a4 100644 --- a/crypto/heimdal/lib/krb5/sock_principal.c +++ b/crypto/heimdal/lib/krb5/sock_principal.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: sock_principal.c,v 1.11 2000/08/09 20:53:11 assar Exp $"); +RCSID("$Id: sock_principal.c,v 1.13 2001/05/14 06:14:51 assar Exp $"); krb5_error_code krb5_sock_to_principal (krb5_context context, @@ -49,14 +49,16 @@ krb5_sock_to_principal (krb5_context context, socklen_t len = sizeof(__ss); struct hostent *hostent; int family; - char hname[256]; - char *tmp; + char *hname = NULL; - if (getsockname (sock, sa, &len) < 0) - return errno; + if (getsockname (sock, sa, &len) < 0) { + ret = errno; + krb5_set_error_string (context, "getsockname: %s", strerror(ret)); + return ret; + } family = sa->sa_family; - ret = krb5_sockaddr2address (sa, &address); + ret = krb5_sockaddr2address (context, sa, &address); if (ret) return ret; @@ -64,20 +66,22 @@ krb5_sock_to_principal (krb5_context context, address.address.length, family); - if (hostent == NULL) - return h_errno; - tmp = hostent->h_name; - if (strchr(tmp, '.') == NULL) { + if (hostent == NULL) { + krb5_set_error_string (context, "gethostbyaddr: %s", + hstrerror(h_errno)); + return krb5_h_errno_to_heim_errno(h_errno); + } + hname = hostent->h_name; + if (strchr(hname, '.') == NULL) { char **a; for (a = hostent->h_aliases; a != NULL && *a != NULL; ++a) if (strchr(*a, '.') != NULL) { - tmp = *a; + hname = *a; break; } } - strlcpy(hname, tmp, sizeof(hname)); return krb5_sname_to_principal (context, hname, sname, diff --git a/crypto/heimdal/lib/krb5/store-test.c b/crypto/heimdal/lib/krb5/store-test.c new file mode 100644 index 0000000..512d2a5 --- /dev/null +++ b/crypto/heimdal/lib/krb5/store-test.c @@ -0,0 +1,115 @@ +/* + * Copyright (c) 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of KTH nor the names of its contributors may be + * used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ + +#include "krb5_locl.h" + +RCSID("$Id: store-test.c,v 1.1 2001/05/11 16:06:25 joda Exp $"); + +static void +print_data(unsigned char *data, size_t len) +{ + int i; + for(i = 0; i < len; i++) { + if(i > 0 && (i % 16) == 0) + printf("\n "); + printf("%02x ", data[i]); + } + printf("\n"); +} + +static int +compare(const char *name, krb5_storage *sp, void *expected, size_t len) +{ + int ret = 0; + krb5_data data; + krb5_storage_to_data(sp, &data); + krb5_storage_free(sp); + if(data.length != len || memcmp(data.data, expected, len) != 0) { + printf("%s mismatch\n", name); + printf(" Expected: "); + print_data(expected, len); + printf(" Actual: "); + print_data(data.data, data.length); + ret++; + } + krb5_data_free(&data); + return ret; +} + +int +main(int argc, char **argv) +{ + int nerr = 0; + krb5_storage *sp; + krb5_context context; + krb5_principal principal; + + + krb5_init_context(&context); + + sp = krb5_storage_emem(); + krb5_store_int32(sp, 0x01020304); + nerr += compare("Integer", sp, "\x1\x2\x3\x4", 4); + + sp = krb5_storage_emem(); + krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_LE); + krb5_store_int32(sp, 0x01020304); + nerr += compare("Integer (LE)", sp, "\x4\x3\x2\x1", 4); + + sp = krb5_storage_emem(); + krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE); + krb5_store_int32(sp, 0x01020304); + nerr += compare("Integer (BE)", sp, "\x1\x2\x3\x4", 4); + + sp = krb5_storage_emem(); + krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_HOST); + krb5_store_int32(sp, 0x01020304); + { + int test = 1; + void *data; + if(*(char*)&test) + data = "\x4\x3\x2\x1"; + else + data = "\x1\x2\x3\x4"; + nerr += compare("Integer (host)", sp, data, 4); + } + + sp = krb5_storage_emem(); + krb5_make_principal(context, &principal, "TEST", "foobar", NULL); + krb5_store_principal(sp, principal); + nerr += compare("Principal", sp, "\x0\x0\x0\x1" + "\x0\x0\x0\x1" + "\x0\x0\x0\x4TEST" + "\x0\x0\x0\x6""foobar", 26); + + return nerr ? 1 : 0; +} diff --git a/crypto/heimdal/lib/krb5/store.c b/crypto/heimdal/lib/krb5/store.c index 5f9d659..4dd96a8 100644 --- a/crypto/heimdal/lib/krb5/store.c +++ b/crypto/heimdal/lib/krb5/store.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,13 @@ #include "krb5_locl.h" -RCSID("$Id: store.c,v 1.34 2000/04/11 00:46:09 assar Exp $"); +RCSID("$Id: store.c,v 1.35 2001/05/11 13:01:43 joda Exp $"); + +#define BYTEORDER_IS(SP, V) (((SP)->flags & KRB5_STORAGE_BYTEORDER_MASK) == (V)) +#define BYTEORDER_IS_LE(SP) BYTEORDER_IS((SP), KRB5_STORAGE_BYTEORDER_LE) +#define BYTEORDER_IS_BE(SP) BYTEORDER_IS((SP), KRB5_STORAGE_BYTEORDER_BE) +#define BYTEORDER_IS_HOST(SP) (BYTEORDER_IS((SP), KRB5_STORAGE_BYTEORDER_HOST) || \ + krb5_storage_is_flags((SP), KRB5_STORAGE_HOST_BYTEORDER)) void krb5_storage_set_flags(krb5_storage *sp, krb5_flags flags) @@ -53,6 +59,20 @@ krb5_storage_is_flags(krb5_storage *sp, krb5_flags flags) return (sp->flags & flags) == flags; } +void +krb5_storage_set_byteorder(krb5_storage *sp, krb5_flags byteorder) +{ + sp->flags &= ~KRB5_STORAGE_BYTEORDER_MASK; + sp->flags |= byteorder; +} + +krb5_flags +krb5_storage_get_byteorder(krb5_storage *sp, krb5_flags byteorder) +{ + return sp->flags & KRB5_STORAGE_BYTEORDER_MASK; +} + + ssize_t _krb5_put_int(void *buffer, unsigned long value, size_t size) { @@ -115,8 +135,10 @@ krb5_store_int(krb5_storage *sp, size_t len) { int ret; - unsigned char v[4]; + unsigned char v[16]; + if(len > sizeof(v)) + return EINVAL; _krb5_put_int(v, value, len); ret = sp->store(sp, v, len); if (ret != len) @@ -128,8 +150,10 @@ krb5_error_code krb5_store_int32(krb5_storage *sp, int32_t value) { - if(krb5_storage_is_flags(sp, KRB5_STORAGE_HOST_BYTEORDER)) + if(BYTEORDER_IS_HOST(sp)) value = htonl(value); + else if(BYTEORDER_IS_LE(sp)) + value = bswap32(value); return krb5_store_int(sp, value, 4); } @@ -156,8 +180,10 @@ krb5_ret_int32(krb5_storage *sp, krb5_error_code ret = krb5_ret_int(sp, value, 4); if(ret) return ret; - if(krb5_storage_is_flags(sp, KRB5_STORAGE_HOST_BYTEORDER)) - *value = ntohl(*value); + if(BYTEORDER_IS_HOST(sp)) + *value = htonl(*value); + else if(BYTEORDER_IS_LE(sp)) + *value = bswap32(*value); return 0; } @@ -165,8 +191,10 @@ krb5_error_code krb5_store_int16(krb5_storage *sp, int16_t value) { - if(krb5_storage_is_flags(sp, KRB5_STORAGE_HOST_BYTEORDER)) + if(BYTEORDER_IS_HOST(sp)) value = htons(value); + else if(BYTEORDER_IS_LE(sp)) + value = bswap16(value); return krb5_store_int(sp, value, 2); } @@ -180,8 +208,10 @@ krb5_ret_int16(krb5_storage *sp, if(ret) return ret; *value = v; - if(krb5_storage_is_flags(sp, KRB5_STORAGE_HOST_BYTEORDER)) - *value = ntohs(*value); + if(BYTEORDER_IS_HOST(sp)) + *value = htons(*value); + else if(BYTEORDER_IS_LE(sp)) + *value = bswap16(*value); return 0; } diff --git a/crypto/heimdal/lib/krb5/string-to-key-test.c b/crypto/heimdal/lib/krb5/string-to-key-test.c index 6e6c0b6..0ea5cd1 100644 --- a/crypto/heimdal/lib/krb5/string-to-key-test.c +++ b/crypto/heimdal/lib/krb5/string-to-key-test.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,7 +32,7 @@ #include "krb5_locl.h" -RCSID("$Id: string-to-key-test.c,v 1.4 2000/12/31 08:03:54 assar Exp $"); +RCSID("$Id: string-to-key-test.c,v 1.7 2001/05/11 16:15:27 joda Exp $"); enum { MAXSIZE = 24 }; @@ -43,7 +43,7 @@ static struct testcase { unsigned char res[MAXSIZE]; } tests[] = { {"@", "", ETYPE_DES_CBC_MD5, - {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01}}, + {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0xf1}}, {"nisse@FOO.SE", "hej", ETYPE_DES_CBC_MD5, {0xfe, 0x67, 0xbf, 0x9e, 0x57, 0x6b, 0xfe, 0x52}}, {"assar/liten@FOO.SE", "hemligt", ETYPE_DES_CBC_MD5, @@ -63,6 +63,26 @@ static struct testcase { {"does/not@MATTER", "foo", ETYPE_ARCFOUR_HMAC_MD5, {0xac, 0x8e, 0x65, 0x7f, 0x83, 0xdf, 0x82, 0xbe, 0xea, 0x5d, 0x43, 0xbd, 0xaf, 0x78, 0x00, 0xcc}}, + {"raeburn@ATHENA.MIT.EDU", "password", ETYPE_DES_CBC_MD5, + {0xcb, 0xc2, 0x2f, 0xae, 0x23, 0x52, 0x98, 0xe3}}, + {"danny@WHITEHOUSE.GOV", "potatoe", ETYPE_DES_CBC_MD5, + {0xdf, 0x3d, 0x32, 0xa7, 0x4f, 0xd9, 0x2a, 0x01}}, + {"buckaroo@EXAMPLE.COM", "penny", ETYPE_DES_CBC_MD5, + {0x94, 0x43, 0xa2, 0xe5, 0x32, 0xfd, 0xc4, 0xf1}}, + {"Juri\xc5\xa1i\xc4\x87@ATHENA.MIT.EDU", "\xc3\x9f", ETYPE_DES_CBC_MD5, + {0x62, 0xc8, 0x1a, 0x52, 0x32, 0xb5, 0xe6, 0x9d}}, + {"AAAAAAAA", "11119999", ETYPE_DES_CBC_MD5, + {0x98, 0x40, 0x54, 0xd0, 0xf1, 0xa7, 0x3e, 0x31}}, + {"FFFFAAAA", "NNNN6666", ETYPE_DES_CBC_MD5, + {0xc4, 0xbf, 0x6b, 0x25, 0xad, 0xf7, 0xa4, 0xf8}}, + {"raeburn@ATHENA.MIT.EDU", "password", ETYPE_DES3_CBC_SHA1, + {0x85, 0x0b, 0xb5, 0x13, 0x58, 0x54, 0x8c, 0xd0, 0x5e, 0x86, 0x76, 0x8c, 0x31, 0x3e, 0x3b, 0xfe, 0xf7, 0x51, 0x19, 0x37, 0xdc, 0xf7, 0x2c, 0x3e}}, + {"danny@WHITEHOUSE.GOV", "potatoe", ETYPE_DES3_CBC_SHA1, + {0xdf, 0xcd, 0x23, 0x3d, 0xd0, 0xa4, 0x32, 0x04, 0xea, 0x6d, 0xc4, 0x37, 0xfb, 0x15, 0xe0, 0x61, 0xb0, 0x29, 0x79, 0xc1, 0xf7, 0x4f, 0x37, 0x7a}}, + {"buckaroo@EXAMPLE.COM", "penny", ETYPE_DES3_CBC_SHA1, + {0x6d, 0x2f, 0xcd, 0xf2, 0xd6, 0xfb, 0xbc, 0x3d, 0xdc, 0xad, 0xb5, 0xda, 0x57, 0x10, 0xa2, 0x34, 0x89, 0xb0, 0xd3, 0xb6, 0x9d, 0x5d, 0x9d, 0x4a}}, + {"Juri\xc5\xa1i\xc4\x87@ATHENA.MIT.EDU", "\xc3\x9f", ETYPE_DES3_CBC_SHA1, + {0x16, 0xd5, 0xa4, 0x0e, 0x1c, 0xe3, 0xba, 0xcb, 0x61, 0xb9, 0xdc, 0xe0, 0x04, 0x70, 0x32, 0x4c, 0x83, 0x19, 0x73, 0xa7, 0xb9, 0x52, 0xfe, 0xb0}}, {NULL} }; @@ -78,6 +98,10 @@ main(int argc, char **argv) if (ret) errx (1, "krb5_init_context failed: %d", ret); + /* to enable realm-less principal name above */ + + krb5_set_default_realm(context, ""); + for (t = tests; t->principal_name; ++t) { krb5_keyblock key; krb5_principal principal; diff --git a/crypto/heimdal/lib/krb5/ticket.c b/crypto/heimdal/lib/krb5/ticket.c index ecb5821..8d2397b 100644 --- a/crypto/heimdal/lib/krb5/ticket.c +++ b/crypto/heimdal/lib/krb5/ticket.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: ticket.c,v 1.4 1999/12/02 17:05:13 joda Exp $"); +RCSID("$Id: ticket.c,v 1.5 2001/05/14 06:14:51 assar Exp $"); krb5_error_code krb5_free_ticket(krb5_context context, @@ -52,8 +52,10 @@ krb5_copy_ticket(krb5_context context, { krb5_error_code ret; krb5_ticket *tmp = malloc(sizeof(*tmp)); - if(tmp == NULL) + if(tmp == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; + } if((ret = copy_EncTicketPart(&from->ticket, &tmp->ticket))){ free(tmp); return ret; diff --git a/crypto/heimdal/lib/krb5/time.c b/crypto/heimdal/lib/krb5/time.c index 98121b4..9346546 100644 --- a/crypto/heimdal/lib/krb5/time.c +++ b/crypto/heimdal/lib/krb5/time.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: time.c,v 1.4 2000/06/29 08:20:52 joda Exp $"); +RCSID("$Id: time.c,v 1.5 2001/05/02 10:06:11 joda Exp $"); /* * return ``corrected'' time in `timeret'. @@ -77,3 +77,11 @@ krb5_format_time(krb5_context context, time_t t, strftime(s, len, include_time ? context->time_fmt : context->date_fmt, tm); return 0; } + +krb5_error_code +krb5_string_to_deltat(const char *string, krb5_deltat *deltat) +{ + if((*deltat = parse_time(string, "s")) == -1) + return EINVAL; + return 0; +} diff --git a/crypto/heimdal/lib/krb5/transited.c b/crypto/heimdal/lib/krb5/transited.c index 1faf378..dbe6c80 100644 --- a/crypto/heimdal/lib/krb5/transited.c +++ b/crypto/heimdal/lib/krb5/transited.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: transited.c,v 1.7 2000/02/07 13:30:41 joda Exp $"); +RCSID("$Id: transited.c,v 1.8 2001/05/14 06:14:52 assar Exp $"); /* this is an attempt at one of the most horrible `compression' schemes that has ever been invented; it's so amazingly brain-dead @@ -61,7 +61,8 @@ free_realms(struct tr_realm *r) } static int -make_path(struct tr_realm *r, const char *from, const char *to) +make_path(krb5_context context, struct tr_realm *r, + const char *from, const char *to) { const char *p; struct tr_realm *path = r->next; @@ -78,8 +79,10 @@ make_path(struct tr_realm *r, const char *from, const char *to) p = from; while(1){ p = strchr(p, '.'); - if(p == NULL) + if(p == NULL) { + krb5_clear_error_string (context); return KRB5KDC_ERR_POLICY; + } p++; if(strcmp(p, to) == 0) break; @@ -89,6 +92,7 @@ make_path(struct tr_realm *r, const char *from, const char *to) path->realm = strdup(p); if(path->realm == NULL){ r->next = path; /* XXX */ + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM;; } } @@ -106,21 +110,25 @@ make_path(struct tr_realm *r, const char *from, const char *to) path->realm = malloc(p - from + 1); if(path->realm == NULL){ r->next = path; /* XXX */ + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } memcpy(path->realm, from, p - from); path->realm[p - from] = '\0'; p--; } - }else + } else { + krb5_clear_error_string (context); return KRB5KDC_ERR_POLICY; + } r->next = path; return 0; } static int -make_paths(struct tr_realm *realms, const char *client_realm, +make_paths(krb5_context context, + struct tr_realm *realms, const char *client_realm, const char *server_realm) { struct tr_realm *r; @@ -138,7 +146,7 @@ make_paths(struct tr_realm *realms, const char *client_realm, next_realm = r->next->realm; else next_realm = server_realm; - ret = make_path(r, prev_realm, next_realm); + ret = make_path(context, r, prev_realm, next_realm); if(ret){ free_realms(realms); return ret; @@ -150,7 +158,8 @@ make_paths(struct tr_realm *realms, const char *client_realm, } static int -expand_realms(struct tr_realm *realms, const char *client_realm) +expand_realms(krb5_context context, + struct tr_realm *realms, const char *client_realm) { struct tr_realm *r; const char *prev_realm = NULL; @@ -162,6 +171,7 @@ expand_realms(struct tr_realm *realms, const char *client_realm) tmp = realloc(r->realm, strlen(r->realm) + strlen(prev_realm) + 1); if(tmp == NULL){ free_realms(realms); + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } r->realm = tmp; @@ -173,6 +183,7 @@ expand_realms(struct tr_realm *realms, const char *client_realm) tmp = malloc(strlen(r->realm) + strlen(prev_realm) + 1); if(tmp == NULL){ free_realms(realms); + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } strcpy(tmp, prev_realm); @@ -236,7 +247,8 @@ append_realm(struct tr_realm *head, struct tr_realm *r) } static int -decode_realms(const char *tr, int length, struct tr_realm **realms) +decode_realms(krb5_context context, + const char *tr, int length, struct tr_realm **realms) { struct tr_realm *r = NULL; @@ -261,6 +273,7 @@ decode_realms(const char *tr, int length, struct tr_realm **realms) r = make_realm(tmp); if(r == NULL){ free_realms(*realms); + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } *realms = append_realm(*realms, r); @@ -273,6 +286,7 @@ decode_realms(const char *tr, int length, struct tr_realm **realms) r = make_realm(tmp); if(r == NULL){ free_realms(*realms); + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } *realms = append_realm(*realms, r); @@ -282,7 +296,8 @@ decode_realms(const char *tr, int length, struct tr_realm **realms) krb5_error_code -krb5_domain_x500_decode(krb5_data tr, char ***realms, int *num_realms, +krb5_domain_x500_decode(krb5_context context, + krb5_data tr, char ***realms, int *num_realms, const char *client_realm, const char *server_realm) { struct tr_realm *r = NULL; @@ -290,16 +305,16 @@ krb5_domain_x500_decode(krb5_data tr, char ***realms, int *num_realms, int ret; /* split string in components */ - ret = decode_realms(tr.data, tr.length, &r); + ret = decode_realms(context, tr.data, tr.length, &r); if(ret) return ret; /* apply prefix rule */ - ret = expand_realms(r, client_realm); + ret = expand_realms(context, r, client_realm); if(ret) return ret; - ret = make_paths(r, client_realm, server_realm); + ret = make_paths(context, r, client_realm, server_realm); if(ret) return ret; @@ -324,6 +339,7 @@ krb5_domain_x500_decode(krb5_data tr, char ***realms, int *num_realms, R = realloc(*realms, (*num_realms + 1) * sizeof(**realms)); if(R == NULL) { free(*realms); + krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } R[*num_realms] = r->realm; @@ -382,6 +398,8 @@ krb5_check_transited_realms(krb5_context context, char **p; for(p = bad_realms; *p; p++) if(strcmp(*p, realms[i]) == 0) { + krb5_set_error_string (context, "no transit through realm %s", + *p); ret = KRB5KRB_AP_ERR_ILL_CR_TKT; if(bad_realm) *bad_realm = i; diff --git a/crypto/heimdal/lib/krb5/verify_init.c b/crypto/heimdal/lib/krb5/verify_init.c index e7945ad..7e4618e 100644 --- a/crypto/heimdal/lib/krb5/verify_init.c +++ b/crypto/heimdal/lib/krb5/verify_init.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: verify_init.c,v 1.12 2000/01/21 05:47:35 assar Exp $"); +RCSID("$Id: verify_init.c,v 1.14 2001/05/14 06:14:52 assar Exp $"); void krb5_verify_init_creds_opt_init(krb5_verify_init_creds_opt *options) @@ -79,7 +79,7 @@ krb5_verify_init_creds(krb5_context context, { krb5_error_code ret; krb5_data req; - krb5_ccache local_ccache; + krb5_ccache local_ccache = NULL; krb5_keytab_entry entry; krb5_creds *new_creds = NULL; krb5_auth_context auth_context = NULL; @@ -92,8 +92,12 @@ krb5_verify_init_creds(krb5_context context, if (ap_req_server == NULL) { char local_hostname[MAXHOSTNAMELEN]; - if (gethostname (local_hostname, sizeof(local_hostname)) < 0) - return errno; + if (gethostname (local_hostname, sizeof(local_hostname)) < 0) { + ret = errno; + krb5_set_error_string (context, "getsockname: %s", + strerror(ret)); + return ret; + } ret = krb5_sname_to_principal (context, local_hostname, @@ -185,8 +189,10 @@ cleanup: krb5_free_principal (context, server); if (ap_req_keytab == NULL && keytab) krb5_kt_close (context, keytab); - if (ccache == NULL - || (ret != 0 && *ccache == NULL)) + if (local_ccache != NULL + && + (ccache == NULL + || (ret != 0 && *ccache == NULL))) krb5_cc_destroy (context, local_ccache); if (ret == 0 && ccache != NULL && *ccache == NULL) diff --git a/crypto/heimdal/lib/krb5/verify_krb5_conf.8 b/crypto/heimdal/lib/krb5/verify_krb5_conf.8 index c071d24..5aba5d8 100644 --- a/crypto/heimdal/lib/krb5/verify_krb5_conf.8 +++ b/crypto/heimdal/lib/krb5/verify_krb5_conf.8 @@ -1,4 +1,4 @@ -.\" $Id: verify_krb5_conf.8,v 1.2 2000/03/04 14:07:50 assar Exp $ +.\" $Id: verify_krb5_conf.8,v 1.3 2001/05/02 08:59:23 assar Exp $ .\" .Dd March 4, 2000 .Dt VERIFY_KRB5_CONF 8 diff --git a/crypto/heimdal/lib/krb5/verify_krb5_conf.c b/crypto/heimdal/lib/krb5/verify_krb5_conf.c index 2b9ce28..e480324 100644 --- a/crypto/heimdal/lib/krb5/verify_krb5_conf.c +++ b/crypto/heimdal/lib/krb5/verify_krb5_conf.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" #include <getarg.h> -RCSID("$Id: verify_krb5_conf.c,v 1.3 1999/12/02 17:05:13 joda Exp $"); +RCSID("$Id: verify_krb5_conf.c,v 1.5 2001/05/14 06:14:52 assar Exp $"); /* verify krb5.conf */ @@ -60,14 +60,17 @@ usage (int ret) int main(int argc, char **argv) { + krb5_context context; const char *config_file = NULL; krb5_error_code ret; krb5_config_section *tmp_cf; - unsigned lineno; - char *error_message; int optind = 0; - set_progname (argv[0]); + setprogname (argv[0]); + + ret = krb5_init_context(&context); + if (ret) + errx (1, "krb5_init_context failed"); if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind)) usage(1); @@ -93,10 +96,9 @@ main(int argc, char **argv) usage (1); } - ret = krb5_config_parse_file_debug (config_file, &tmp_cf, &lineno, - &error_message); + ret = krb5_config_parse_file (context, config_file, &tmp_cf); if (ret == 0) return 0; - fprintf (stderr, "%s:%u: %s\n", config_file, lineno, error_message); + krb5_warn (context, ret, "krb5_config_parse_file"); return 1; } diff --git a/crypto/heimdal/lib/krb5/verify_user.c b/crypto/heimdal/lib/krb5/verify_user.c index 758bc60..25cd77b 100644 --- a/crypto/heimdal/lib/krb5/verify_user.c +++ b/crypto/heimdal/lib/krb5/verify_user.c @@ -33,12 +33,13 @@ #include "krb5_locl.h" -RCSID("$Id: verify_user.c,v 1.12 2001/01/04 17:40:00 joda Exp $"); +RCSID("$Id: verify_user.c,v 1.14 2001/05/14 09:06:53 joda Exp $"); static krb5_error_code verify_common (krb5_context context, krb5_principal principal, krb5_ccache ccache, + krb5_keytab keytab, krb5_boolean secure, const char *service, krb5_creds cred) @@ -50,7 +51,8 @@ verify_common (krb5_context context, ret = krb5_sname_to_principal (context, NULL, service, KRB5_NT_SRV_HST, &server); - if(ret) return ret; + if(ret) + return ret; krb5_verify_init_creds_opt_init(&vopt); krb5_verify_init_creds_opt_set_ap_req_nofail(&vopt, secure); @@ -58,11 +60,12 @@ verify_common (krb5_context context, ret = krb5_verify_init_creds(context, &cred, server, - NULL, + keytab, NULL, &vopt); krb5_free_principal(context, server); - if(ret) return ret; + if(ret) + return ret; if(ccache == NULL) ret = krb5_cc_default (context, &id); else @@ -87,24 +90,59 @@ verify_common (krb5_context context, * As a side effect, fresh tickets are obtained and stored in `ccache'. */ -krb5_error_code -krb5_verify_user(krb5_context context, - krb5_principal principal, - krb5_ccache ccache, - const char *password, - krb5_boolean secure, - const char *service) +void +krb5_verify_opt_init(krb5_verify_opt *opt) +{ + memset(opt, 0, sizeof(*opt)); + opt->secure = TRUE; + opt->service = "host"; +} + +void +krb5_verify_opt_set_ccache(krb5_verify_opt *opt, krb5_ccache ccache) +{ + opt->ccache = ccache; +} + +void +krb5_verify_opt_set_keytab(krb5_verify_opt *opt, krb5_keytab keytab) { + opt->keytab = keytab; +} + +void +krb5_verify_opt_set_secure(krb5_verify_opt *opt, krb5_boolean secure) +{ + opt->secure = secure; +} + +void +krb5_verify_opt_set_service(krb5_verify_opt *opt, const char *service) +{ + opt->service = service; +} + +void +krb5_verify_opt_set_flags(krb5_verify_opt *opt, unsigned int flags) +{ + opt->flags |= flags; +} + +static krb5_error_code +verify_user_opt_int(krb5_context context, + krb5_principal principal, + const char *password, + krb5_verify_opt *vopt) +{ krb5_error_code ret; krb5_get_init_creds_opt opt; krb5_creds cred; - + krb5_get_init_creds_opt_init (&opt); krb5_get_init_creds_opt_set_default_flags(context, NULL, *krb5_princ_realm(context, principal), &opt); - ret = krb5_get_init_creds_password (context, &cred, principal, @@ -114,10 +152,70 @@ krb5_verify_user(krb5_context context, 0, NULL, &opt); - if(ret) return ret; - return verify_common (context, principal, ccache, secure, service, cred); +#define OPT(V, D) ((vopt && (vopt->V)) ? (vopt->V) : (D)) + return verify_common (context, principal, OPT(ccache, NULL), + OPT(keytab, NULL), vopt ? vopt->secure : TRUE, + OPT(service, "host"), cred); +#undef OPT +} + +krb5_error_code +krb5_verify_user_opt(krb5_context context, + krb5_principal principal, + const char *password, + krb5_verify_opt *opt) +{ + krb5_error_code ret; + + if(opt && (opt->flags & KRB5_VERIFY_LREALMS)) { + krb5_realm *realms, *r; + ret = krb5_get_default_realms (context, &realms); + if (ret) + return ret; + ret = KRB5_CONFIG_NODEFREALM; + + for (r = realms; *r != NULL && ret != 0; ++r) { + char *tmp = strdup (*r); + + if (tmp == NULL) { + krb5_free_host_realm (context, realms); + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + free (*krb5_princ_realm (context, principal)); + krb5_princ_set_realm (context, principal, &tmp); + + ret = verify_user_opt_int(context, principal, password, opt); + } + krb5_free_host_realm (context, realms); + if(ret) + return ret; + } else + ret = verify_user_opt_int(context, principal, password, opt); + return ret; +} + +/* compat function that calls above */ + +krb5_error_code +krb5_verify_user(krb5_context context, + krb5_principal principal, + krb5_ccache ccache, + const char *password, + krb5_boolean secure, + const char *service) +{ + krb5_verify_opt opt; + + krb5_verify_opt_init(&opt); + + krb5_verify_opt_set_ccache(&opt, ccache); + krb5_verify_opt_set_secure(&opt, secure); + krb5_verify_opt_set_service(&opt, service); + + return krb5_verify_user_opt(context, principal, password, &opt); } /* @@ -133,44 +231,14 @@ krb5_verify_user_lrealm(krb5_context context, krb5_boolean secure, const char *service) { - krb5_error_code ret; - krb5_get_init_creds_opt opt; - krb5_realm *realms, *r; - krb5_creds cred; + krb5_verify_opt opt; - krb5_get_init_creds_opt_init (&opt); - - ret = krb5_get_default_realms (context, &realms); - if (ret) - return ret; - ret = KRB5_CONFIG_NODEFREALM; - - for (r = realms; *r != NULL && ret != 0; ++r) { - char *tmp = strdup (*r); - - if (tmp == NULL) { - krb5_free_host_realm (context, realms); - return ENOMEM; - } - free (*krb5_princ_realm (context, principal)); - krb5_princ_set_realm (context, principal, &tmp); - - krb5_get_init_creds_opt_set_default_flags(context, NULL, - *krb5_princ_realm(context, principal), - &opt); - ret = krb5_get_init_creds_password (context, - &cred, - principal, - (char*)password, - krb5_prompter_posix, - NULL, - 0, - NULL, - &opt); - } - krb5_free_host_realm (context, realms); - if(ret) - return ret; - - return verify_common (context, principal, ccache, secure, service, cred); + krb5_verify_opt_init(&opt); + + krb5_verify_opt_set_ccache(&opt, ccache); + krb5_verify_opt_set_secure(&opt, secure); + krb5_verify_opt_set_service(&opt, service); + krb5_verify_opt_set_flags(&opt, KRB5_VERIFY_LREALMS); + + return krb5_verify_user_opt(context, principal, password, &opt); } diff --git a/crypto/heimdal/lib/krb5/warn.c b/crypto/heimdal/lib/krb5/warn.c index 1f594fb..ec009b2 100644 --- a/crypto/heimdal/lib/krb5/warn.c +++ b/crypto/heimdal/lib/krb5/warn.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -34,8 +34,12 @@ #include "krb5_locl.h" #include <err.h> -RCSID("$Id: warn.c,v 1.11 2000/08/16 07:37:41 assar Exp $"); +RCSID("$Id: warn.c,v 1.13 2001/05/07 21:04:34 assar Exp $"); +static krb5_error_code _warnerr(krb5_context context, int do_errtext, + krb5_error_code code, int level, const char *fmt, va_list ap) + __attribute__((__format__(__printf__, 5, 0))); + static krb5_error_code _warnerr(krb5_context context, int do_errtext, krb5_error_code code, int level, const char *fmt, va_list ap) @@ -43,6 +47,7 @@ _warnerr(krb5_context context, int do_errtext, char xfmt[7] = ""; const char *args[2], **arg; char *msg = NULL; + char *err_str = NULL; args[0] = args[1] = NULL; arg = args; @@ -60,11 +65,16 @@ _warnerr(krb5_context context, int do_errtext, strcat(xfmt, "%s"); - err_msg = krb5_get_err_text(context, code); - if (err_msg) - *arg++ = err_msg; - else - *arg++ = "<unknown error>"; + err_str = krb5_get_error_string(context); + if (err_str != NULL) { + *arg++ = err_str; + } else { + err_msg = krb5_get_err_text(context, code); + if (err_msg) + *arg++ = err_msg; + else + *arg++ = "<unknown error>"; + } } if(context && context->warn_dest) @@ -72,6 +82,7 @@ _warnerr(krb5_context context, int do_errtext, else warnx(xfmt, args[0], args[1]); free(msg); + free(err_str); return 0; } diff --git a/crypto/heimdal/lib/krb5/write_message.c b/crypto/heimdal/lib/krb5/write_message.c index 2e394b6..16a40f0 100644 --- a/crypto/heimdal/lib/krb5/write_message.c +++ b/crypto/heimdal/lib/krb5/write_message.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: write_message.c,v 1.6 2000/07/21 23:49:09 joda Exp $"); +RCSID("$Id: write_message.c,v 1.7 2001/05/14 06:14:52 assar Exp $"); krb5_error_code krb5_write_message (krb5_context context, @@ -42,12 +42,16 @@ krb5_write_message (krb5_context context, { u_int32_t len; u_int8_t buf[4]; + int ret; len = data->length; _krb5_put_int(buf, len, 4); if (krb5_net_write (context, p_fd, buf, 4) != 4 - || krb5_net_write (context, p_fd, data->data, len) != len) - return errno; + || krb5_net_write (context, p_fd, data->data, len) != len) { + ret = errno; + krb5_set_error_string (context, "write: %s", strerror(ret)); + return ret; + } return 0; } @@ -59,6 +63,7 @@ krb5_write_priv_message(krb5_context context, { krb5_error_code ret; krb5_data packet; + ret = krb5_mk_priv (context, ac, data, &packet, NULL); if(ret) return ret; |
