diff options
| author | nectar <nectar@FreeBSD.org> | 2003-10-09 19:36:20 +0000 |
|---|---|---|
| committer | nectar <nectar@FreeBSD.org> | 2003-10-09 19:36:20 +0000 |
| commit | 5c90662d441c12cd30c694eb1172d6fea2f8f282 (patch) | |
| tree | cb08d962a1d1ff9fd191e67849a7057861f42a50 /crypto/heimdal/lib/krb5 | |
| parent | 12eb3dee85137da9effa7d2df35e855dd0a3814a (diff) | |
| download | FreeBSD-src-5c90662d441c12cd30c694eb1172d6fea2f8f282.zip FreeBSD-src-5c90662d441c12cd30c694eb1172d6fea2f8f282.tar.gz | |
Vendor import of Heimdal 0.6.
Diffstat (limited to 'crypto/heimdal/lib/krb5')
67 files changed, 4063 insertions, 363 deletions
diff --git a/crypto/heimdal/lib/krb5/Makefile.am b/crypto/heimdal/lib/krb5/Makefile.am index 6332935..6f5a8fc 100644 --- a/crypto/heimdal/lib/krb5/Makefile.am +++ b/crypto/heimdal/lib/krb5/Makefile.am @@ -1,4 +1,4 @@ -# $Id: Makefile.am,v 1.147.2.1 2002/10/21 15:03:14 joda Exp $ +# $Id: Makefile.am,v 1.156.2.1 2003/05/12 15:20:47 joda Exp $ include $(top_srcdir)/Makefile.am.common @@ -6,14 +6,16 @@ INCLUDES += $(INCLUDE_krb4) $(INCLUDE_des) -I../com_err -I$(srcdir)/../com_err bin_PROGRAMS = verify_krb5_conf -noinst_PROGRAMS = dump_config test_get_addrs krbhst-test +noinst_PROGRAMS = dump_config test_get_addrs krbhst-test test_alname TESTS = \ + aes-test \ n-fold-test \ string-to-key-test \ derived-key-test \ store-test \ parse-name-test \ + test_cc \ name-45-test check_PROGRAMS = $(TESTS) @@ -130,7 +132,7 @@ libkrb5_la_SOURCES = \ write_message.c \ $(ERR_FILES) -libkrb5_la_LDFLAGS = -version-info 18:4:1 +libkrb5_la_LDFLAGS = -version-info 19:0:2 $(libkrb5_la_OBJECTS): $(srcdir)/krb5-protos.h $(srcdir)/krb5-private.h @@ -147,13 +149,17 @@ man_MANS = \ krb5.3 \ krb5.conf.5 \ krb5_425_conv_principal.3 \ + krb5_address.3 \ + krb5_aname_to_localname.3 \ krb5_appdefault.3 \ krb5_auth_context.3 \ krb5_build_principal.3 \ + krb5_ccache.3 \ krb5_config.3 \ krb5_context.3 \ krb5_create_checksum.3 \ krb5_crypto_init.3 \ + krb5_data.3 \ krb5_encrypt.3 \ krb5_free_addresses.3 \ krb5_free_principal.3 \ @@ -162,9 +168,11 @@ man_MANS = \ krb5_init_context.3 \ krb5_keytab.3 \ krb5_krbhst_init.3 \ + krb5_kuserok.3 \ krb5_openlog.3 \ krb5_parse_name.3 \ krb5_principal_get_realm.3 \ + krb5_set_default_realm.3 \ krb5_sname_to_principal.3 \ krb5_timeofday.3 \ krb5_unparse_name.3 \ diff --git a/crypto/heimdal/lib/krb5/Makefile.in b/crypto/heimdal/lib/krb5/Makefile.in index 4613c46..5395352 100644 --- a/crypto/heimdal/lib/krb5/Makefile.in +++ b/crypto/heimdal/lib/krb5/Makefile.in @@ -14,11 +14,11 @@ @SET_MAKE@ -# $Id: Makefile.am,v 1.147.2.1 2002/10/21 15:03:14 joda Exp $ +# $Id: Makefile.am,v 1.156.2.1 2003/05/12 15:20:47 joda Exp $ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -203,14 +204,16 @@ NROFF_MAN = groff -mandoc -Tascii bin_PROGRAMS = verify_krb5_conf -noinst_PROGRAMS = dump_config test_get_addrs krbhst-test +noinst_PROGRAMS = dump_config test_get_addrs krbhst-test test_alname TESTS = \ + aes-test \ n-fold-test \ string-to-key-test \ derived-key-test \ store-test \ parse-name-test \ + test_cc \ name-45-test @@ -331,7 +334,7 @@ libkrb5_la_SOURCES = \ $(ERR_FILES) -libkrb5_la_LDFLAGS = -version-info 18:4:1 +libkrb5_la_LDFLAGS = -version-info 19:0:2 #libkrb5_la_LIBADD = ../com_err/error.lo ../com_err/com_err.lo @@ -340,13 +343,17 @@ man_MANS = \ krb5.3 \ krb5.conf.5 \ krb5_425_conv_principal.3 \ + krb5_address.3 \ + krb5_aname_to_localname.3 \ krb5_appdefault.3 \ krb5_auth_context.3 \ krb5_build_principal.3 \ + krb5_ccache.3 \ krb5_config.3 \ krb5_context.3 \ krb5_create_checksum.3 \ krb5_crypto_init.3 \ + krb5_data.3 \ krb5_encrypt.3 \ krb5_free_addresses.3 \ krb5_free_principal.3 \ @@ -355,9 +362,11 @@ man_MANS = \ krb5_init_context.3 \ krb5_keytab.3 \ krb5_krbhst_init.3 \ + krb5_kuserok.3 \ krb5_openlog.3 \ krb5_parse_name.3 \ krb5_principal_get_realm.3 \ + krb5_set_default_realm.3 \ krb5_sname_to_principal.3 \ krb5_timeofday.3 \ krb5_unparse_name.3 \ @@ -377,7 +386,7 @@ LTLIBRARIES = $(lib_LTLIBRARIES) libkrb5_la_DEPENDENCIES = ../com_err/error.lo ../com_err/com_err.lo \ $(top_builddir)/lib/asn1/libasn1.la -am__objects_14 = krb5_err.lo heim_err.lo k524_err.lo +am__objects_15 = krb5_err.lo heim_err.lo k524_err.lo am_libkrb5_la_OBJECTS = acl.lo add_et_list.lo addr_families.lo \ aname_to_localname.lo appdefault.lo asn1_glue.lo \ auth_context.lo build_ap_req.lo build_auth.lo cache.lo \ @@ -401,16 +410,22 @@ am_libkrb5_la_OBJECTS = acl.lo add_et_list.lo addr_families.lo \ sendauth.lo set_default_realm.lo sock_principal.lo store.lo \ store_emem.lo store_fd.lo store_mem.lo ticket.lo time.lo \ transited.lo verify_init.lo verify_user.lo version.lo warn.lo \ - write_message.lo $(am__objects_14) + write_message.lo $(am__objects_15) libkrb5_la_OBJECTS = $(am_libkrb5_la_OBJECTS) bin_PROGRAMS = verify_krb5_conf$(EXEEXT) -check_PROGRAMS = n-fold-test$(EXEEXT) string-to-key-test$(EXEEXT) \ - derived-key-test$(EXEEXT) store-test$(EXEEXT) \ - parse-name-test$(EXEEXT) name-45-test$(EXEEXT) +check_PROGRAMS = aes-test$(EXEEXT) n-fold-test$(EXEEXT) \ + string-to-key-test$(EXEEXT) derived-key-test$(EXEEXT) \ + store-test$(EXEEXT) parse-name-test$(EXEEXT) test_cc$(EXEEXT) \ + name-45-test$(EXEEXT) noinst_PROGRAMS = dump_config$(EXEEXT) test_get_addrs$(EXEEXT) \ - krbhst-test$(EXEEXT) + krbhst-test$(EXEEXT) test_alname$(EXEEXT) PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS) +aes_test_SOURCES = aes-test.c +aes_test_OBJECTS = aes-test.$(OBJEXT) +aes_test_LDADD = $(LDADD) +aes_test_DEPENDENCIES = libkrb5.la $(top_builddir)/lib/asn1/libasn1.la +aes_test_LDFLAGS = derived_key_test_SOURCES = derived-key-test.c derived_key_test_OBJECTS = derived-key-test.$(OBJEXT) derived_key_test_LDADD = $(LDADD) @@ -458,6 +473,17 @@ string_to_key_test_LDADD = $(LDADD) string_to_key_test_DEPENDENCIES = libkrb5.la \ $(top_builddir)/lib/asn1/libasn1.la string_to_key_test_LDFLAGS = +test_alname_SOURCES = test_alname.c +test_alname_OBJECTS = test_alname.$(OBJEXT) +test_alname_LDADD = $(LDADD) +test_alname_DEPENDENCIES = libkrb5.la \ + $(top_builddir)/lib/asn1/libasn1.la +test_alname_LDFLAGS = +test_cc_SOURCES = test_cc.c +test_cc_OBJECTS = test_cc.$(OBJEXT) +test_cc_LDADD = $(LDADD) +test_cc_DEPENDENCIES = libkrb5.la $(top_builddir)/lib/asn1/libasn1.la +test_cc_LDFLAGS = test_get_addrs_SOURCES = test_get_addrs.c test_get_addrs_OBJECTS = test_get_addrs.$(OBJEXT) test_get_addrs_LDADD = $(LDADD) @@ -486,24 +512,24 @@ CCLD = $(CC) LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(AM_LDFLAGS) $(LDFLAGS) -o $@ CFLAGS = @CFLAGS@ -DIST_SOURCES = $(libkrb5_la_SOURCES) derived-key-test.c dump_config.c \ - krbhst-test.c n-fold-test.c name-45-test.c parse-name-test.c \ - store-test.c string-to-key-test.c test_get_addrs.c \ - verify_krb5_conf.c +DIST_SOURCES = $(libkrb5_la_SOURCES) aes-test.c derived-key-test.c \ + dump_config.c krbhst-test.c n-fold-test.c name-45-test.c \ + parse-name-test.c store-test.c string-to-key-test.c \ + test_alname.c test_cc.c test_get_addrs.c verify_krb5_conf.c MANS = $(man_MANS) HEADERS = $(include_HEADERS) DIST_COMMON = $(include_HEADERS) Makefile.am Makefile.in -SOURCES = $(libkrb5_la_SOURCES) derived-key-test.c dump_config.c krbhst-test.c n-fold-test.c name-45-test.c parse-name-test.c store-test.c string-to-key-test.c test_get_addrs.c verify_krb5_conf.c +SOURCES = $(libkrb5_la_SOURCES) aes-test.c derived-key-test.c dump_config.c krbhst-test.c n-fold-test.c name-45-test.c parse-name-test.c store-test.c string-to-key-test.c test_alname.c test_cc.c test_get_addrs.c verify_krb5_conf.c all: all-am .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign lib/krb5/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) libLTLIBRARIES_INSTALL = $(INSTALL) install-libLTLIBRARIES: $(lib_LTLIBRARIES) @@ -562,6 +588,9 @@ clean-checkPROGRAMS: clean-noinstPROGRAMS: -test -z "$(noinst_PROGRAMS)" || rm -f $(noinst_PROGRAMS) +aes-test$(EXEEXT): $(aes_test_OBJECTS) $(aes_test_DEPENDENCIES) + @rm -f aes-test$(EXEEXT) + $(LINK) $(aes_test_LDFLAGS) $(aes_test_OBJECTS) $(aes_test_LDADD) $(LIBS) derived-key-test$(EXEEXT): $(derived_key_test_OBJECTS) $(derived_key_test_DEPENDENCIES) @rm -f derived-key-test$(EXEEXT) $(LINK) $(derived_key_test_LDFLAGS) $(derived_key_test_OBJECTS) $(derived_key_test_LDADD) $(LIBS) @@ -586,6 +615,12 @@ store-test$(EXEEXT): $(store_test_OBJECTS) $(store_test_DEPENDENCIES) string-to-key-test$(EXEEXT): $(string_to_key_test_OBJECTS) $(string_to_key_test_DEPENDENCIES) @rm -f string-to-key-test$(EXEEXT) $(LINK) $(string_to_key_test_LDFLAGS) $(string_to_key_test_OBJECTS) $(string_to_key_test_LDADD) $(LIBS) +test_alname$(EXEEXT): $(test_alname_OBJECTS) $(test_alname_DEPENDENCIES) + @rm -f test_alname$(EXEEXT) + $(LINK) $(test_alname_LDFLAGS) $(test_alname_OBJECTS) $(test_alname_LDADD) $(LIBS) +test_cc$(EXEEXT): $(test_cc_OBJECTS) $(test_cc_DEPENDENCIES) + @rm -f test_cc$(EXEEXT) + $(LINK) $(test_cc_LDFLAGS) $(test_cc_OBJECTS) $(test_cc_LDADD) $(LIBS) test_get_addrs$(EXEEXT): $(test_get_addrs_OBJECTS) $(test_get_addrs_DEPENDENCIES) @rm -f test_get_addrs$(EXEEXT) $(LINK) $(test_get_addrs_LDFLAGS) $(test_get_addrs_OBJECTS) $(test_get_addrs_LDADD) $(LIBS) @@ -927,7 +962,9 @@ info: info-am info-am: -install-data-am: install-data-local install-includeHEADERS install-man +install-data-am: install-includeHEADERS install-man + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: install-binPROGRAMS install-libLTLIBRARIES @$(NORMAL_INSTALL) @@ -959,14 +996,14 @@ uninstall-man: uninstall-man3 uninstall-man5 uninstall-man8 clean-noinstPROGRAMS distclean distclean-compile \ distclean-generic distclean-libtool distclean-tags distdir dvi \ dvi-am info info-am install install-am install-binPROGRAMS \ - install-data install-data-am install-data-local install-exec \ - install-exec-am install-includeHEADERS install-info \ - install-info-am install-libLTLIBRARIES install-man install-man3 \ - install-man5 install-man8 install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool tags uninstall \ - uninstall-am uninstall-binPROGRAMS uninstall-includeHEADERS \ + install-data install-data-am install-exec install-exec-am \ + install-includeHEADERS install-info install-info-am \ + install-libLTLIBRARIES install-man install-man3 install-man5 \ + install-man8 install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool tags uninstall uninstall-am \ + uninstall-binPROGRAMS uninstall-includeHEADERS \ uninstall-info-am uninstall-libLTLIBRARIES uninstall-man \ uninstall-man3 uninstall-man5 uninstall-man8 @@ -1094,7 +1131,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/lib/krb5/addr_families.c b/crypto/heimdal/lib/krb5/addr_families.c index 0fed2e7..be32458 100644 --- a/crypto/heimdal/lib/krb5/addr_families.c +++ b/crypto/heimdal/lib/krb5/addr_families.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: addr_families.c,v 1.37 2002/08/19 13:51:37 joda Exp $"); +RCSID("$Id: addr_families.c,v 1.38 2003/03/25 12:37:02 joda Exp $"); struct addr_operations { int af; @@ -515,6 +515,36 @@ arange_order_addr(krb5_context context, } } +static int +addrport_print_addr (const krb5_address *addr, char *str, size_t len) +{ + krb5_address addr1, addr2; + uint16_t port = 0; + size_t ret_len = 0, l; + krb5_storage *sp = krb5_storage_from_data((krb5_data*)&addr->address); + /* for totally obscure reasons, these are not in network byteorder */ + krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_LE); + + krb5_storage_seek(sp, 2, SEEK_CUR); /* skip first two bytes */ + krb5_ret_address(sp, &addr1); + + krb5_storage_seek(sp, 2, SEEK_CUR); /* skip two bytes */ + krb5_ret_address(sp, &addr2); + krb5_storage_free(sp); + if(addr2.addr_type == KRB5_ADDRESS_IPPORT && addr2.address.length == 2) { + unsigned long value; + _krb5_get_int(addr2.address.data, &value, 2); + port = value; + } + l = strlcpy(str, "ADDRPORT:", len); + ret_len += l; + krb5_print_address(&addr1, str + ret_len, len - ret_len, &l); + ret_len += l; + l = snprintf(str + ret_len, len - ret_len, ",PORT=%u", port); + ret_len += l; + return ret_len; +} + static struct addr_operations at[] = { {AF_INET, KRB5_ADDRESS_INET, sizeof(struct sockaddr_in), ipv4_sockaddr2addr, @@ -533,7 +563,8 @@ static struct addr_operations at[] = { ipv6_uninteresting, ipv6_anyaddr, ipv6_print_addr, ipv6_parse_addr} , #endif {KRB5_ADDRESS_ADDRPORT, KRB5_ADDRESS_ADDRPORT, 0, - NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }, + NULL, NULL, NULL, NULL, NULL, + NULL, NULL, addrport_print_addr, NULL, NULL, NULL, NULL }, /* fake address type */ {KRB5_ADDRESS_ARANGE, KRB5_ADDRESS_ARANGE, sizeof(struct arange), NULL, NULL, NULL, NULL, NULL, NULL, NULL, @@ -695,7 +726,7 @@ krb5_print_address (const krb5_address *addr, size_t ret; struct addr_operations *a = find_atype(addr->addr_type); - if (a == NULL) { + if (a == NULL || a->print_addr == NULL) { char *s; int l; int i; diff --git a/crypto/heimdal/lib/krb5/aes-test.c b/crypto/heimdal/lib/krb5/aes-test.c new file mode 100644 index 0000000..cfee8e2 --- /dev/null +++ b/crypto/heimdal/lib/krb5/aes-test.c @@ -0,0 +1,472 @@ +/* + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of KTH nor the names of its contributors may be + * used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ + +#include "krb5_locl.h" + +#ifdef HAVE_OPENSSL +#include <openssl/evp.h> +#endif + +RCSID("$Id: aes-test.c,v 1.3 2003/03/25 11:30:41 lha Exp $"); + +static int verbose = 0; + +static void +hex_dump_data(krb5_data *data) +{ + unsigned char *p = data->data; + int i, j; + + for (i = j = 0; i < data->length; i++, j++) { + printf("%02x ", p[i]); + if (j > 15) { + printf("\n"); + j = 0; + } + } + if (j != 0) + printf("\n"); +} + +struct { + char *password; + char *salt; + int saltlen; + int iterations; + krb5_enctype enctype; + int keylen; + char *pbkdf2; + char *key; +} keys[] = { +#ifdef ENABLE_AES + { + "password", "ATHENA.MIT.EDUraeburn", -1, + 1, + ETYPE_AES128_CTS_HMAC_SHA1_96, 16, + "\xcd\xed\xb5\x28\x1b\xb2\xf8\x01\x56\x5a\x11\x22\xb2\x56\x35\x15", + "\x42\x26\x3c\x6e\x89\xf4\xfc\x28\xb8\xdf\x68\xee\x09\x79\x9f\x15" + }, + { + "password", "ATHENA.MIT.EDUraeburn", -1, + 1, + ETYPE_AES256_CTS_HMAC_SHA1_96, 32, + "\xcd\xed\xb5\x28\x1b\xb2\xf8\x01\x56\x5a\x11\x22\xb2\x56\x35\x15" + "\x0a\xd1\xf7\xa0\x4b\xb9\xf3\xa3\x33\xec\xc0\xe2\xe1\xf7\x08\x37", + "\xfe\x69\x7b\x52\xbc\x0d\x3c\xe1\x44\x32\xba\x03\x6a\x92\xe6\x5b" + "\xbb\x52\x28\x09\x90\xa2\xfa\x27\x88\x39\x98\xd7\x2a\xf3\x01\x61" + }, + { + "password", "ATHENA.MIT.EDUraeburn", -1, + 2, + ETYPE_AES128_CTS_HMAC_SHA1_96, 16, + "\x01\xdb\xee\x7f\x4a\x9e\x24\x3e\x98\x8b\x62\xc7\x3c\xda\x93\x5d", + "\xc6\x51\xbf\x29\xe2\x30\x0a\xc2\x7f\xa4\x69\xd6\x93\xbd\xda\x13" + }, + { + "password", "ATHENA.MIT.EDUraeburn", -1, + 2, + ETYPE_AES256_CTS_HMAC_SHA1_96, 32, + "\x01\xdb\xee\x7f\x4a\x9e\x24\x3e\x98\x8b\x62\xc7\x3c\xda\x93\x5d" + "\xa0\x53\x78\xb9\x32\x44\xec\x8f\x48\xa9\x9e\x61\xad\x79\x9d\x86", + "\xa2\xe1\x6d\x16\xb3\x60\x69\xc1\x35\xd5\xe9\xd2\xe2\x5f\x89\x61" + "\x02\x68\x56\x18\xb9\x59\x14\xb4\x67\xc6\x76\x22\x22\x58\x24\xff" + }, + { + "password", "ATHENA.MIT.EDUraeburn", -1, + 1200, + ETYPE_AES128_CTS_HMAC_SHA1_96, 16, + "\x5c\x08\xeb\x61\xfd\xf7\x1e\x4e\x4e\xc3\xcf\x6b\xa1\xf5\x51\x2b", + "\x4c\x01\xcd\x46\xd6\x32\xd0\x1e\x6d\xbe\x23\x0a\x01\xed\x64\x2a" + }, + { + "password", "ATHENA.MIT.EDUraeburn", -1, + 1200, + ETYPE_AES256_CTS_HMAC_SHA1_96, 32, + "\x5c\x08\xeb\x61\xfd\xf7\x1e\x4e\x4e\xc3\xcf\x6b\xa1\xf5\x51\x2b" + "\xa7\xe5\x2d\xdb\xc5\xe5\x14\x2f\x70\x8a\x31\xe2\xe6\x2b\x1e\x13", + "\x55\xa6\xac\x74\x0a\xd1\x7b\x48\x46\x94\x10\x51\xe1\xe8\xb0\xa7" + "\x54\x8d\x93\xb0\xab\x30\xa8\xbc\x3f\xf1\x62\x80\x38\x2b\x8c\x2a" + }, + { + "password", "\x12\x34\x56\x78\x78\x56\x34\x12", 8, + 5, + ETYPE_AES128_CTS_HMAC_SHA1_96, 16, + "\xd1\xda\xa7\x86\x15\xf2\x87\xe6\xa1\xc8\xb1\x20\xd7\x06\x2a\x49", + "\xe9\xb2\x3d\x52\x27\x37\x47\xdd\x5c\x35\xcb\x55\xbe\x61\x9d\x8e" + }, + { + "password", "\x12\x34\x56\x78\x78\x56\x34\x12", 8, + 5, + ETYPE_AES256_CTS_HMAC_SHA1_96, 32, + "\xd1\xda\xa7\x86\x15\xf2\x87\xe6\xa1\xc8\xb1\x20\xd7\x06\x2a\x49" + "\x3f\x98\xd2\x03\xe6\xbe\x49\xa6\xad\xf4\xfa\x57\x4b\x6e\x64\xee", + "\x97\xa4\xe7\x86\xbe\x20\xd8\x1a\x38\x2d\x5e\xbc\x96\xd5\x90\x9c" + "\xab\xcd\xad\xc8\x7c\xa4\x8f\x57\x45\x04\x15\x9f\x16\xc3\x6e\x31" + }, + { + "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", + "pass phrase equals block size", -1, + 1200, + ETYPE_AES128_CTS_HMAC_SHA1_96, 16, + "\x13\x9c\x30\xc0\x96\x6b\xc3\x2b\xa5\x5f\xdb\xf2\x12\x53\x0a\xc9", + "\x59\xd1\xbb\x78\x9a\x82\x8b\x1a\xa5\x4e\xf9\xc2\x88\x3f\x69\xed" + }, + { + "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", + "pass phrase equals block size", -1, + 1200, + ETYPE_AES256_CTS_HMAC_SHA1_96, 32, + "\x13\x9c\x30\xc0\x96\x6b\xc3\x2b\xa5\x5f\xdb\xf2\x12\x53\x0a\xc9" + "\xc5\xec\x59\xf1\xa4\x52\xf5\xcc\x9a\xd9\x40\xfe\xa0\x59\x8e\xd1", + "\x89\xad\xee\x36\x08\xdb\x8b\xc7\x1f\x1b\xfb\xfe\x45\x94\x86\xb0" + "\x56\x18\xb7\x0c\xba\xe2\x20\x92\x53\x4e\x56\xc5\x53\xba\x4b\x34" + }, + { + "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", + "pass phrase exceeds block size", -1, + 1200, + ETYPE_AES128_CTS_HMAC_SHA1_96, 16, + "\x9c\xca\xd6\xd4\x68\x77\x0c\xd5\x1b\x10\xe6\xa6\x87\x21\xbe\x61", + "\xcb\x80\x05\xdc\x5f\x90\x17\x9a\x7f\x02\x10\x4c\x00\x18\x75\x1d" + }, + { + "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", + "pass phrase exceeds block size", -1, + 1200, + ETYPE_AES256_CTS_HMAC_SHA1_96, 32, + "\x9c\xca\xd6\xd4\x68\x77\x0c\xd5\x1b\x10\xe6\xa6\x87\x21\xbe\x61" + "\x1a\x8b\x4d\x28\x26\x01\xdb\x3b\x36\xbe\x92\x46\x91\x5e\xc8\x2a", + "\xd7\x8c\x5c\x9c\xb8\x72\xa8\xc9\xda\xd4\x69\x7f\x0b\xb5\xb2\xd2" + "\x14\x96\xc8\x2b\xeb\x2c\xae\xda\x21\x12\xfc\xee\xa0\x57\x40\x1b" + + }, + { + "\xf0\x9d\x84\x9e" /* g-clef */, "EXAMPLE.COMpianist", -1, + 50, + ETYPE_AES128_CTS_HMAC_SHA1_96, 16, + "\x6b\x9c\xf2\x6d\x45\x45\x5a\x43\xa5\xb8\xbb\x27\x6a\x40\x3b\x39", + "\xf1\x49\xc1\xf2\xe1\x54\xa7\x34\x52\xd4\x3e\x7f\xe6\x2a\x56\xe5" + }, + { + "\xf0\x9d\x84\x9e" /* g-clef */, "EXAMPLE.COMpianist", -1, + 50, + ETYPE_AES256_CTS_HMAC_SHA1_96, 32, + "\x6b\x9c\xf2\x6d\x45\x45\x5a\x43\xa5\xb8\xbb\x27\x6a\x40\x3b\x39" + "\xe7\xfe\x37\xa0\xc4\x1e\x02\xc2\x81\xff\x30\x69\xe1\xe9\x4f\x52", + "\x4b\x6d\x98\x39\xf8\x44\x06\xdf\x1f\x09\xcc\x16\x6d\xb4\xb8\x3c" + "\x57\x18\x48\xb7\x84\xa3\xd6\xbd\xc3\x46\x58\x9a\x3e\x39\x3f\x9e" + }, +#endif + { + "foo", "", -1, + 0, + ETYPE_ARCFOUR_HMAC_MD5, 16, + NULL, + "\xac\x8e\x65\x7f\x83\xdf\x82\xbe\xea\x5d\x43\xbd\xaf\x78\x00\xcc" + }, + { + "test", "", -1, + 0, + ETYPE_ARCFOUR_HMAC_MD5, 16, + NULL, + "\x0c\xb6\x94\x88\x05\xf7\x97\xbf\x2a\x82\x80\x79\x73\xb8\x95\x37" + } +}; + +static int +string_to_key_test(krb5_context context) +{ + krb5_data password, opaque; + krb5_error_code ret; + krb5_keyblock key; + krb5_salt salt; + int i, val = 0; + char iter[4]; + char keyout[32]; + + for (i = 0; i < sizeof(keys)/sizeof(keys[0]); i++) { + + password.data = keys[i].password; + password.length = strlen(password.data); + + salt.salttype = KRB5_PW_SALT; + salt.saltvalue.data = keys[i].salt; + if (keys[i].saltlen == -1) + salt.saltvalue.length = strlen(salt.saltvalue.data); + else + salt.saltvalue.length = keys[i].saltlen; + + opaque.data = iter; + opaque.length = sizeof(iter); + _krb5_put_int(iter, keys[i].iterations, 4); + + if (verbose) + printf("%d: password: %s salt: %s\n", + i, keys[i].password, keys[i].salt); + + if (keys[i].keylen > sizeof(keyout)) + abort(); + +#ifdef ENABLE_AES + if (keys[i].pbkdf2) { + +#ifdef HAVE_OPENSSL + PKCS5_PBKDF2_HMAC_SHA1(password.data, password.length, + salt.saltvalue.data, salt.saltvalue.length, + keys[i].iterations, + keys[i].keylen, keyout); + + if (memcmp(keyout, keys[i].pbkdf2, keys[i].keylen) != 0) { + krb5_warnx(context, "%d: openssl key pbkdf2", i); + val = 1; + continue; + } +#endif + + ret = krb5_PKCS5_PBKDF2(context, CKSUMTYPE_SHA1, password, salt, + keys[i].iterations - 1, + keys[i].enctype, + &key); + if (ret) { + krb5_warn(context, ret, "%d: krb5_PKCS5_PBKDF2", i); + val = 1; + continue; + } + + if (key.keyvalue.length != keys[i].keylen) { + krb5_warnx(context, "%d: size key pbkdf2", i); + val = 1; + continue; + } + + if (memcmp(key.keyvalue.data, keys[i].pbkdf2, keys[i].keylen) != 0) { + krb5_warnx(context, "%d: key pbkdf2 pl %d", + i, password.length); + val = 1; + continue; + } + + if (verbose) { + printf("PBKDF2:\n"); + hex_dump_data(&key.keyvalue); + } + + krb5_free_keyblock_contents(context, &key); + } +#endif + + ret = krb5_string_to_key_data_salt_opaque (context, keys[i].enctype, + password, salt, opaque, + &key); + if (ret) { + krb5_warn(context, ret, "%d: string_to_key_data_salt_opaque", i); + val = 1; + continue; + } + + if (key.keyvalue.length != keys[i].keylen) { + krb5_warnx(context, "%d: key wrong length (%d/%d)", + i, key.keyvalue.length, keys[i].keylen); + val = 1; + continue; + } + + if (memcmp(key.keyvalue.data, keys[i].key, keys[i].keylen) != 0) { + krb5_warnx(context, "%d: key wrong", i); + val = 1; + continue; + } + + if (verbose) { + printf("key:\n"); + hex_dump_data(&key.keyvalue); + } + krb5_free_keyblock_contents(context, &key); + } + return val; +} + +#ifdef ENABLE_AES + +struct { + size_t len; + char *input; + char *output; +} encs[] = { + { + 17, + "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" + "\x20", + "\xc6\x35\x35\x68\xf2\xbf\x8c\xb4\xd8\xa5\x80\x36\x2d\xa7\xff\x7f" + "\x97" + }, + { + 31, + "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" + "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20", + "\xfc\x00\x78\x3e\x0e\xfd\xb2\xc1\xd4\x45\xd4\xc8\xef\xf7\xed\x22" + "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5" + }, + { + 32, + "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" + "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43", + "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8" + "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84" + }, + { + 47, + "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" + "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43" + "\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c", + "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84" + "\xb3\xff\xfd\x94\x0c\x16\xa1\x8c\x1b\x55\x49\xd2\xf8\x38\x02\x9e" + "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5" + }, + { + 64, + "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" + "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43" + "\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20" + "\x61\x6e\x64\x20\x77\x6f\x6e\x74\x6f\x6e\x20\x73\x6f\x75\x70\x2e", + "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84" + "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8" + "\x48\x07\xef\xe8\x36\xee\x89\xa5\x26\x73\x0d\xbc\x2f\x7b\xc8\x40" + "\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8" + } +}; + +char *enc_key = + "\x63\x68\x69\x63\x6b\x65\x6e\x20\x74\x65\x72\x69\x79\x61\x6b\x69"; + +static int +samep(int testn, char *type, const char *p1, const char *p2, size_t len) +{ + size_t i; + int val = 1; + + for (i = 0; i < len; i++) { + if (p1[i] != p2[i]) { + if (verbose) + printf("M"); + val = 0; + } else { + if (verbose) + printf("."); + } + } + if (verbose) + printf("\n"); + return val; +} + +static int +encryption_test(krb5_context context) +{ + char iv[AES_BLOCK_SIZE]; + int i, val = 0; + AES_KEY ekey, dkey; + char *p; + + AES_set_encrypt_key(enc_key, 128, &ekey); + AES_set_decrypt_key(enc_key, 128, &dkey); + + for (i = 0; i < sizeof(encs)/sizeof(encs[0]); i++) { + if (verbose) + printf("test: %d\n", i); + memset(iv, 0, sizeof(iv)); + + p = malloc(encs[i].len + 1); + if (p == NULL) + krb5_errx(context, 1, "malloc"); + + p[encs[i].len] = '\0'; + + memcpy(p, encs[i].input, encs[i].len); + + _krb5_aes_cts_encrypt(p, p, encs[i].len, + &ekey, iv, AES_ENCRYPT); + + if (p[encs[i].len] != '\0') { + krb5_warnx(context, "%d: encrypt modified off end", i); + val = 1; + } + + if (!samep(i, "cipher", p, encs[i].output, encs[i].len)) + val = 1; + + memset(iv, 0, sizeof(iv)); + + _krb5_aes_cts_encrypt(p, p, encs[i].len, + &dkey, iv, AES_DECRYPT); + + if (p[encs[i].len] != '\0') { + krb5_warnx(context, "%d: decrypt modified off end", i); + val = 1; + } + + if (!samep(i, "clear", p, encs[i].input, encs[i].len)) + val = 1; + + free(p); + } + return val; +} + +#endif /* ENABLE_AES */ + +int +main(int argc, char **argv) +{ + krb5_error_code ret; + krb5_context context; + int val = 0; + + ret = krb5_init_context (&context); + if (ret) + errx (1, "krb5_init_context failed: %d", ret); + + val |= string_to_key_test(context); + +#ifdef ENABLE_AES + val |= encryption_test(context); +#endif + + if (verbose && val == 0) + printf("all ok\n"); + if (val) + printf("tests failed\n"); + + krb5_free_context(context); + + return val; +} diff --git a/crypto/heimdal/lib/krb5/aname_to_localname.c b/crypto/heimdal/lib/krb5/aname_to_localname.c index 052d4208..d5b5f87 100644 --- a/crypto/heimdal/lib/krb5/aname_to_localname.c +++ b/crypto/heimdal/lib/krb5/aname_to_localname.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: aname_to_localname.c,v 1.4 2002/04/18 08:56:40 joda Exp $"); +RCSID("$Id: aname_to_localname.c,v 1.6 2003/04/16 16:01:06 lha Exp $"); krb5_error_code krb5_aname_to_localname (krb5_context context, @@ -43,7 +43,7 @@ krb5_aname_to_localname (krb5_context context, { krb5_error_code ret; krb5_realm *lrealms, *r; - int foo = 1; + int valid; size_t len; const char *res; @@ -51,26 +51,42 @@ krb5_aname_to_localname (krb5_context context, if (ret) return ret; + valid = 0; for (r = lrealms; *r != NULL; ++r) { - foo = strcmp (*r, aname->realm); - if (foo == 0) + if (strcmp (*r, aname->realm) == 0) { + valid = 1; break; + } } krb5_free_host_realm (context, lrealms); - if (foo != 0) + if (valid == 0) return KRB5_NO_LOCALNAME; if (aname->name.name_string.len == 1) res = aname->name.name_string.val[0]; else if (aname->name.name_string.len == 2 - && strcmp (aname->name.name_string.val[1], "root") == 0) + && strcmp (aname->name.name_string.val[1], "root") == 0) { + krb5_principal rootprinc; + krb5_boolean userok; + res = "root"; - else + + ret = krb5_copy_principal(context, aname, &rootprinc); + if (ret) + return ret; + + userok = krb5_kuserok(context, rootprinc, res); + krb5_free_principal(context, rootprinc); + if (!userok) + return KRB5_NO_LOCALNAME; + + } else return KRB5_NO_LOCALNAME; len = strlen (res); if (len >= lnsize) return ERANGE; - strcpy (lname, res); + strlcpy (lname, res, lnsize); + return 0; } diff --git a/crypto/heimdal/lib/krb5/cache.c b/crypto/heimdal/lib/krb5/cache.c index d25a515..26cda9a 100644 --- a/crypto/heimdal/lib/krb5/cache.c +++ b/crypto/heimdal/lib/krb5/cache.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: cache.c,v 1.49 2002/05/29 16:08:23 joda Exp $"); +RCSID("$Id: cache.c,v 1.52 2003/03/16 18:23:59 lha Exp $"); /* * Add a new ccache type with operations `ops', overwriting any @@ -180,24 +180,57 @@ krb5_cc_get_type(krb5_context context, } /* - * Return a pointer to a static string containing the default ccache name. + * Return krb5_cc_ops of a the ccache `id'. + */ + +const krb5_cc_ops * +krb5_cc_get_ops(krb5_context context, krb5_ccache id) +{ + return id->ops; +} + +/* + * Set the default cc name for `context' to `name'. + */ + +krb5_error_code +krb5_cc_set_default_name(krb5_context context, const char *name) +{ + krb5_error_code ret = 0; + char *p; + + if (name == NULL) { + char *e; + e = getenv("KRB5CCNAME"); + if (e) + p = strdup(e); + else + asprintf(&p,"FILE:/tmp/krb5cc_%u", (unsigned)getuid()); + } else + p = strdup(name); + + if (p == NULL) + return ENOMEM; + + if (context->default_cc_name) + free(context->default_cc_name); + + context->default_cc_name = p; + + return ret; +} + +/* + * Return a pointer to a context static string containing the default ccache name. */ const char* krb5_cc_default_name(krb5_context context) { - static char name[1024]; - char *p; + if (context->default_cc_name == NULL) + krb5_cc_set_default_name(context, NULL); - p = getenv("KRB5CCNAME"); - if(p) - strlcpy (name, p, sizeof(name)); - else - snprintf(name, - sizeof(name), - "FILE:/tmp/krb5cc_%u", - (unsigned)getuid()); - return name; + return context->default_cc_name; } /* @@ -209,9 +242,11 @@ krb5_error_code krb5_cc_default(krb5_context context, krb5_ccache *id) { - return krb5_cc_resolve(context, - krb5_cc_default_name(context), - id); + const char *p = krb5_cc_default_name(context); + + if (p == NULL) + return ENOMEM; + return krb5_cc_resolve(context, p, id); } /* diff --git a/crypto/heimdal/lib/krb5/changepw.c b/crypto/heimdal/lib/krb5/changepw.c index 0dcce13..a17bf2b 100644 --- a/crypto/heimdal/lib/krb5/changepw.c +++ b/crypto/heimdal/lib/krb5/changepw.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: changepw.c,v 1.37.2.1 2002/10/21 14:31:58 joda Exp $"); +RCSID("$Id: changepw.c,v 1.38 2002/09/29 11:48:34 joda Exp $"); static krb5_error_code send_request (krb5_context context, diff --git a/crypto/heimdal/lib/krb5/context.c b/crypto/heimdal/lib/krb5/context.c index 096aff2..feb387d 100644 --- a/crypto/heimdal/lib/krb5/context.c +++ b/crypto/heimdal/lib/krb5/context.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include <com_err.h> -RCSID("$Id: context.c,v 1.81.2.1 2002/10/21 14:33:34 joda Exp $"); +RCSID("$Id: context.c,v 1.83 2003/03/10 00:24:13 lha Exp $"); #define INIT_FIELD(C, T, E, D, F) \ (C)->E = krb5_config_get_ ## T ## _default ((C), NULL, (D), \ @@ -176,6 +176,7 @@ init_context_from_config_file(krb5_context context) /* prefer dns_lookup_kdc over srv_lookup. */ INIT_FIELD(context, bool, srv_lookup, TRUE, "srv_lookup"); INIT_FIELD(context, bool, srv_lookup, context->srv_lookup, "dns_lookup_kdc"); + context->default_cc_name = NULL; return 0; } @@ -227,6 +228,8 @@ out: void krb5_free_context(krb5_context context) { + if (context->default_cc_name) + free(context->default_cc_name); free(context->etypes); free(context->etypes_des); krb5_free_host_realm (context, context->default_realms); diff --git a/crypto/heimdal/lib/krb5/convert_creds.c b/crypto/heimdal/lib/krb5/convert_creds.c index ecdcf96..0c119e7 100644 --- a/crypto/heimdal/lib/krb5/convert_creds.c +++ b/crypto/heimdal/lib/krb5/convert_creds.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,7 +32,9 @@ */ #include "krb5_locl.h" -RCSID("$Id: convert_creds.c,v 1.24 2001/06/20 02:49:21 joda Exp $"); +RCSID("$Id: convert_creds.c,v 1.26 2003/03/18 03:11:16 lha Exp $"); + +#include "krb5-v4compat.h" static krb5_error_code check_ticket_flags(TicketFlags f) @@ -42,42 +44,6 @@ check_ticket_flags(TicketFlags f) /* include this here, to avoid dependencies on libkrb */ -#define MAX_KTXT_LEN 1250 - -#define ANAME_SZ 40 -#define REALM_SZ 40 -#define SNAME_SZ 40 -#define INST_SZ 40 - -struct ktext { - unsigned int length; /* Length of the text */ - unsigned char dat[MAX_KTXT_LEN]; /* The data itself */ - u_int32_t mbz; /* zero to catch runaway strings */ -}; - -struct credentials { - char service[ANAME_SZ]; /* Service name */ - char instance[INST_SZ]; /* Instance */ - char realm[REALM_SZ]; /* Auth domain */ - des_cblock session; /* Session key */ - int lifetime; /* Lifetime */ - int kvno; /* Key version number */ - struct ktext ticket_st; /* The ticket itself */ - int32_t issue_date; /* The issue time */ - char pname[ANAME_SZ]; /* Principal's name */ - char pinst[INST_SZ]; /* Principal's instance */ -}; - - -#define TKTLIFENUMFIXED 64 -#define TKTLIFEMINFIXED 0x80 -#define TKTLIFEMAXFIXED 0xBF -#define TKTLIFENOEXPIRE 0xFF -#define MAXTKTLIFETIME (30*24*3600) /* 30 days */ -#ifndef NEVERDATE -#define NEVERDATE ((time_t)0x7fffffffL) -#endif - static const int _tkt_lifetimes[TKTLIFENUMFIXED] = { 38400, 41055, 43894, 46929, 50174, 53643, 57352, 61318, 65558, 70091, 74937, 80119, 85658, 91581, 97914, 104684, @@ -89,8 +55,8 @@ static const int _tkt_lifetimes[TKTLIFENUMFIXED] = { 1623226, 1735464, 1855462, 1983758, 2120925, 2267576, 2424367, 2592000 }; -static int -_krb_time_to_life(time_t start, time_t end) +int +_krb5_krb_time_to_life(time_t start, time_t end) { int i; time_t life = end - start; @@ -113,6 +79,26 @@ _krb_time_to_life(time_t start, time_t end) } +time_t +_krb5_krb_life_to_time(int start, int life_) +{ + unsigned char life = (unsigned char) life_; + +#if 0 + if (krb_no_long_lifetimes) + return start + life*5*60; +#endif + + if (life == TKTLIFENOEXPIRE) + return NEVERDATE; + if (life < TKTLIFEMINFIXED) + return start + life*5*60; + if (life > TKTLIFEMAXFIXED) + return start + MAXTKTLIFETIME; + return start + _tkt_lifetimes[life - TKTLIFEMINFIXED]; +} + + /* Convert the v5 credentials in `in_cred' to v4-dito in `v4creds'. * This is done by sending them to the 524 function in the KDC. If * `in_cred' doesn't contain a DES session key, then a new one is @@ -183,8 +169,8 @@ krb524_convert_creds_kdc(krb5_context context, if(ret) goto out; v4creds->issue_date = v5_creds->times.starttime; - v4creds->lifetime = _krb_time_to_life(v4creds->issue_date, - v5_creds->times.endtime); + v4creds->lifetime = _krb5_krb_time_to_life(v4creds->issue_date, + v5_creds->times.endtime); ret = krb5_524_conv_principal(context, v5_creds->client, v4creds->pname, v4creds->pinst, diff --git a/crypto/heimdal/lib/krb5/crypto.c b/crypto/heimdal/lib/krb5/crypto.c index 65fa793..a238c76 100644 --- a/crypto/heimdal/lib/krb5/crypto.c +++ b/crypto/heimdal/lib/krb5/crypto.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: crypto.c,v 1.66 2002/09/03 19:58:15 joda Exp $"); +RCSID("$Id: crypto.c,v 1.73 2003/04/01 16:51:54 lha Exp $"); #undef CRYPTO_DEBUG #ifdef CRYPTO_DEBUG @@ -71,7 +71,7 @@ struct salt_type { krb5_salttype type; const char *name; krb5_error_code (*string_to_key)(krb5_context, krb5_enctype, krb5_data, - krb5_salt, krb5_keyblock*); + krb5_salt, krb5_data, krb5_keyblock*); }; struct key_type { @@ -110,6 +110,7 @@ struct encryption_type { krb5_enctype type; const char *name; size_t blocksize; + size_t padsize; size_t confoundersize; struct key_type *keytype; struct checksum_type *checksum; @@ -133,6 +134,19 @@ static struct key_type *_find_keytype(krb5_keytype type); static krb5_error_code _get_derived_key(krb5_context, krb5_crypto, unsigned, struct key_data**); static struct key_data *_new_derived_key(krb5_crypto crypto, unsigned usage); +static krb5_error_code derive_key(krb5_context context, + struct encryption_type *et, + struct key_data *key, + const void *constant, + size_t len); +static void hmac(krb5_context context, + struct checksum_type *cm, + const void *data, + size_t len, + unsigned usage, + struct key_data *keyblock, + Checksum *result); +static void free_key_data(krb5_context context, struct key_data *key); /************************************************************ * * @@ -192,6 +206,7 @@ krb5_DES_string_to_key(krb5_context context, krb5_enctype enctype, krb5_data password, krb5_salt salt, + krb5_data opaque, krb5_keyblock *key) { unsigned char *s; @@ -240,7 +255,7 @@ krb5_DES_AFS3_CMU_string_to_key (krb5_data pw, } password[8] = '\0'; - memcpy(key, crypt(password, "#~") + 2, sizeof(des_cblock)); + memcpy(key, crypt(password, "p1") + 2, sizeof(des_cblock)); /* parity is inserted into the LSB so left shift each byte up one bit. This allows ascii characters with a zero MSB to retain as @@ -297,6 +312,7 @@ DES_AFS3_string_to_key(krb5_context context, krb5_enctype enctype, krb5_data password, krb5_salt salt, + krb5_data opaque, krb5_keyblock *key) { des_cblock tmp; @@ -359,6 +375,7 @@ DES3_string_to_key(krb5_context context, krb5_enctype enctype, krb5_data password, krb5_salt salt, + krb5_data opaque, krb5_keyblock *key) { char *str; @@ -415,6 +432,7 @@ DES3_string_to_key_derived(krb5_context context, krb5_enctype enctype, krb5_data password, krb5_salt salt, + krb5_data opaque, krb5_keyblock *key) { krb5_error_code ret; @@ -461,6 +479,7 @@ ARCFOUR_string_to_key(krb5_context context, krb5_enctype enctype, krb5_data password, krb5_salt salt, + krb5_data opaque, krb5_keyblock *key) { char *s, *p; @@ -488,6 +507,180 @@ ARCFOUR_string_to_key(krb5_context context, return 0; } +#ifdef ENABLE_AES +/* + * AES + */ + +/* iter is really 1 based, so iter == 0 will be 1 iteration */ + +krb5_error_code +krb5_PKCS5_PBKDF2(krb5_context context, krb5_cksumtype cktype, + krb5_data password, krb5_salt salt, u_int32_t iter, + krb5_keytype type, krb5_keyblock *key) +{ + struct checksum_type *c = _find_checksum(cktype); + struct key_type *kt; + size_t datalen, leftofkey; + krb5_error_code ret; + u_int32_t keypart; + struct key_data ksign; + krb5_keyblock kb; + Checksum result; + char *data, *tmpcksum; + int i, j; + char *p; + + if (c == NULL) { + krb5_set_error_string(context, "checksum %d not supported", cktype); + return KRB5_PROG_KEYTYPE_NOSUPP; + } + + kt = _find_keytype(type); + if (kt == NULL) { + krb5_set_error_string(context, "key type %d not supported", type); + return KRB5_PROG_KEYTYPE_NOSUPP; + } + + key->keytype = type; + ret = krb5_data_alloc (&key->keyvalue, kt->bits / 8); + if (ret) { + krb5_set_error_string(context, "malloc: out of memory"); + return ret; + } + + ret = krb5_data_alloc (&result.checksum, c->checksumsize); + if (ret) { + krb5_set_error_string(context, "malloc: out of memory"); + krb5_data_free (&key->keyvalue); + return ret; + } + + tmpcksum = malloc(c->checksumsize); + if (tmpcksum == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + krb5_data_free (&key->keyvalue); + krb5_data_free (&result.checksum); + return ENOMEM; + } + + datalen = salt.saltvalue.length + 4; + data = malloc(datalen); + if (data == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + free(tmpcksum); + krb5_data_free (&key->keyvalue); + krb5_data_free (&result.checksum); + return ENOMEM; + } + + kb.keyvalue = password; + ksign.key = &kb; + + memcpy(data, salt.saltvalue.data, salt.saltvalue.length); + + keypart = 1; + leftofkey = key->keyvalue.length; + p = key->keyvalue.data; + + while (leftofkey) { + int len; + + if (leftofkey > c->checksumsize) + len = c->checksumsize; + else + len = leftofkey; + + _krb5_put_int(data + datalen - 4, keypart, 4); + + hmac(context, c, data, datalen, 0, &ksign, &result); + memcpy(p, result.checksum.data, len); + memcpy(tmpcksum, result.checksum.data, result.checksum.length); + for (i = 0; i < iter; i++) { + hmac(context, c, tmpcksum, result.checksum.length, + 0, &ksign, &result); + memcpy(tmpcksum, result.checksum.data, result.checksum.length); + for (j = 0; j < len; j++) + p[j] ^= tmpcksum[j]; + } + + p += len; + leftofkey -= len; + keypart++; + } + + free(data); + free(tmpcksum); + krb5_data_free (&result.checksum); + + return 0; +} + +static krb5_error_code +AES_string_to_key(krb5_context context, + krb5_enctype enctype, + krb5_data password, + krb5_salt salt, + krb5_data opaque, + krb5_keyblock *key) +{ + krb5_error_code ret; + u_int32_t iter; + struct encryption_type *et; + struct key_data kd; + + if (opaque.length == 0) + iter = 45056 - 1; + else if (opaque.length == 4) { + unsigned long v; + _krb5_get_int(opaque.data, &v, 4); + iter = ((u_int32_t)v) - 1; + } else + return KRB5_PROG_KEYTYPE_NOSUPP; /* XXX */ + + + et = _find_enctype(enctype); + if (et == NULL) + return KRB5_PROG_KEYTYPE_NOSUPP; + + ret = krb5_PKCS5_PBKDF2(context, CKSUMTYPE_SHA1, password, salt, + iter, enctype, key); + if (ret) + return ret; + + ret = krb5_copy_keyblock(context, key, &kd.key); + kd.schedule = NULL; + + ret = derive_key(context, et, &kd, "kerberos", strlen("kerberos")); + + if (ret) { + krb5_data_free(&key->keyvalue); + } else { + ret = krb5_copy_keyblock_contents(context, kd.key, key); + free_key_data(context, &kd); + } + + return ret; +} + +static void +AES_schedule(krb5_context context, struct key_data *kd) +{ + AES_KEY *key = kd->schedule->data; + int bits = kd->key->keyvalue.length * 8; + + AES_set_encrypt_key(kd->key->keyvalue.data, bits, &key[0]); + AES_set_decrypt_key(kd->key->keyvalue.data, bits, &key[1]); +} + +/* + * + */ + +extern struct salt_type AES_salt[]; + +#endif /* ENABLE_AES */ + extern struct salt_type des_salt[], des3_salt[], des3_salt_derived[], arcfour_salt[]; @@ -535,6 +728,30 @@ struct key_type keytype_des3_derived = { des3_salt_derived }; +#ifdef ENABLE_AES +struct key_type keytype_aes128 = { + KEYTYPE_AES128, + "aes-128", + 128, + 16, + sizeof(AES_KEY) * 2, + NULL, + AES_schedule, + AES_salt +}; + +struct key_type keytype_aes256 = { + KEYTYPE_AES256, + "aes-256", + 256, + 16, + sizeof(AES_KEY) * 2, + NULL, + AES_schedule, + AES_salt +}; +#endif /* ENABLE_AES */ + struct key_type keytype_arcfour = { KEYTYPE_ARCFOUR, "arcfour", @@ -551,6 +768,10 @@ struct key_type *keytypes[] = { &keytype_des, &keytype_des3_derived, &keytype_des3, +#ifdef ENABLE_AES + &keytype_aes128, + &keytype_aes256, +#endif /* ENABLE_AES */ &keytype_arcfour }; @@ -599,6 +820,17 @@ struct salt_type des3_salt_derived[] = { { 0 } }; +#ifdef ENABLE_AES +struct salt_type AES_salt[] = { + { + KRB5_PW_SALT, + "pw-salt", + AES_string_to_key + }, + { 0 } +}; +#endif /* ENABLE_AES */ + struct salt_type arcfour_salt[] = { { KRB5_PW_SALT, @@ -730,11 +962,6 @@ krb5_string_to_key (krb5_context context, return krb5_string_to_key_data(context, enctype, pw, principal, key); } -/* - * Do a string -> key for encryption type `enctype' operation on - * `password' (with salt `salt'), returning the resulting key in `key' - */ - krb5_error_code krb5_string_to_key_data_salt (krb5_context context, krb5_enctype enctype, @@ -742,6 +969,26 @@ krb5_string_to_key_data_salt (krb5_context context, krb5_salt salt, krb5_keyblock *key) { + krb5_data opaque; + krb5_data_zero(&opaque); + return krb5_string_to_key_data_salt_opaque(context, enctype, password, + salt, opaque, key); +} + +/* + * Do a string -> key for encryption type `enctype' operation on + * `password' (with salt `salt' and the enctype specific data string + * `opaque'), returning the resulting key in `key' + */ + +krb5_error_code +krb5_string_to_key_data_salt_opaque (krb5_context context, + krb5_enctype enctype, + krb5_data password, + krb5_salt salt, + krb5_data opaque, + krb5_keyblock *key) +{ struct encryption_type *et =_find_enctype(enctype); struct salt_type *st; if(et == NULL) { @@ -751,7 +998,8 @@ krb5_string_to_key_data_salt (krb5_context context, } for(st = et->keytype->string_to_key; st && st->type; st++) if(st->type == salt.salttype) - return (*st->string_to_key)(context, enctype, password, salt, key); + return (*st->string_to_key)(context, enctype, password, + salt, opaque, key); krb5_set_error_string(context, "salt type %d not supported", salt.salttype); return HEIM_ERR_SALTTYPE_NOSUPP; @@ -810,6 +1058,21 @@ krb5_string_to_keytype(krb5_context context, } krb5_error_code +krb5_enctype_keysize(krb5_context context, + krb5_enctype type, + size_t *keysize) +{ + struct encryption_type *et = _find_enctype(type); + if(et == NULL) { + krb5_set_error_string(context, "encryption type %d not supported", + type); + return KRB5_PROG_ETYPE_NOSUPP; + } + *keysize = et->keytype->size; + return 0; +} + +krb5_error_code krb5_generate_random_keyblock(krb5_context context, krb5_enctype type, krb5_keyblock *key) @@ -1170,16 +1433,22 @@ hmac(krb5_context context, } static void -HMAC_SHA1_DES3_checksum(krb5_context context, - struct key_data *key, - const void *data, - size_t len, - unsigned usage, - Checksum *result) +SP_HMAC_SHA1_checksum(krb5_context context, + struct key_data *key, + const void *data, + size_t len, + unsigned usage, + Checksum *result) { struct checksum_type *c = _find_checksum(CKSUMTYPE_SHA1); + Checksum res; + char sha1_data[20]; + + res.checksum.data = sha1_data; + res.checksum.length = sizeof(sha1_data); - hmac(context, c, data, len, usage, key, result); + hmac(context, c, data, len, usage, key, &res); + memcpy(result->checksum.data, res.checksum.data, result->checksum.length); } /* @@ -1357,9 +1626,31 @@ struct checksum_type checksum_hmac_sha1_des3 = { 64, 20, F_KEYED | F_CPROOF | F_DERIVED, - HMAC_SHA1_DES3_checksum, + SP_HMAC_SHA1_checksum, + NULL +}; + +#ifdef ENABLE_AES +struct checksum_type checksum_hmac_sha1_aes128 = { + CKSUMTYPE_HMAC_SHA1_96_AES_128, + "hmac-sha1-96-aes128", + 64, + 12, + F_KEYED | F_CPROOF | F_DERIVED, + SP_HMAC_SHA1_checksum, + NULL +}; + +struct checksum_type checksum_hmac_sha1_aes256 = { + CKSUMTYPE_HMAC_SHA1_96_AES_256, + "hmac-sha1-96-aes256", + 64, + 12, + F_KEYED | F_CPROOF | F_DERIVED, + SP_HMAC_SHA1_checksum, NULL }; +#endif /* ENABLE_AES */ struct checksum_type checksum_hmac_md5 = { CKSUMTYPE_HMAC_MD5, @@ -1396,6 +1687,10 @@ struct checksum_type *checksum_types[] = { &checksum_rsa_md5_des3, &checksum_sha1, &checksum_hmac_sha1_des3, +#ifdef ENABLE_AES + &checksum_hmac_sha1_aes128, + &checksum_hmac_sha1_aes256, +#endif &checksum_hmac_md5, &checksum_hmac_md5_enc }; @@ -1723,6 +2018,114 @@ DES_PCBC_encrypt_key_ivec(krb5_context context, return 0; } +#ifdef ENABLE_AES + +/* + * AES draft-raeburn-krb-rijndael-krb-02 + */ + +void +_krb5_aes_cts_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *aes_key, + unsigned char *ivec, const int enc) +{ + unsigned char tmp[AES_BLOCK_SIZE]; + const AES_KEY *key = aes_key; /* XXX remove this when we always have AES */ + int i; + + /* + * In the framework of kerberos, the length can never be shorter + * then at least one blocksize. + */ + + if (enc == AES_ENCRYPT) { + + while(len > AES_BLOCK_SIZE) { + for (i = 0; i < AES_BLOCK_SIZE; i++) + tmp[i] = in[i] ^ ivec[i]; + AES_encrypt(tmp, out, key); + memcpy(ivec, out, AES_BLOCK_SIZE); + len -= AES_BLOCK_SIZE; + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; + } + + for (i = 0; i < len; i++) + tmp[i] = in[i] ^ ivec[i]; + for (; i < AES_BLOCK_SIZE; i++) + tmp[i] = 0 ^ ivec[i]; + + AES_encrypt(tmp, out - AES_BLOCK_SIZE, key); + + memcpy(out, ivec, len); + + } else { + char tmp2[AES_BLOCK_SIZE]; + char tmp3[AES_BLOCK_SIZE]; + + while(len > AES_BLOCK_SIZE * 2) { + memcpy(tmp, in, AES_BLOCK_SIZE); + AES_decrypt(in, out, key); + for (i = 0; i < AES_BLOCK_SIZE; i++) + out[i] ^= ivec[i]; + memcpy(ivec, tmp, AES_BLOCK_SIZE); + len -= AES_BLOCK_SIZE; + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; + } + + len -= AES_BLOCK_SIZE; + + AES_decrypt(in, tmp2, key); + + memcpy(tmp3, in + AES_BLOCK_SIZE, len); + memcpy(tmp3 + len, tmp2 + len, AES_BLOCK_SIZE - len); /* xor 0 */ + + for (i = 0; i < len; i++) + out[i + AES_BLOCK_SIZE] = tmp2[i] ^ tmp3[i]; + + AES_decrypt(tmp3, out, key); + for (i = 0; i < AES_BLOCK_SIZE; i++) + out[i] ^= ivec[i]; + } +} + +static krb5_error_code +AES_CTS_encrypt(krb5_context context, + struct key_data *key, + void *data, + size_t len, + krb5_boolean encrypt, + int usage, + void *ivec) +{ + AES_KEY *k = key->schedule->data; + char local_ivec[AES_BLOCK_SIZE]; + + if (encrypt) + k = &k[0]; + else + k = &k[1]; + + if (len < AES_BLOCK_SIZE) + abort(); + if (len == AES_BLOCK_SIZE) { + if (encrypt) + AES_encrypt(data, data, k); + else + AES_decrypt(data, data, k); + } else { + if(ivec == NULL) { + memset(local_ivec, 0, sizeof(local_ivec)); + ivec = local_ivec; + } + _krb5_aes_cts_encrypt(data, data, len, k, ivec, encrypt); + } + + return 0; +} +#endif /* ENABLE_AES */ + /* * section 6 of draft-brezak-win2k-krb-rc4-hmac-03 * @@ -1863,7 +2266,8 @@ usage2arcfour (krb5_context context, int *usage) *usage = 1; return 0; case KRB5_KU_TICKET : - *usage = 8; + *usage = 2; + return 0; case KRB5_KU_AS_REP_ENC_PART : *usage = 8; return 0; @@ -1930,6 +2334,7 @@ static struct encryption_type enctype_null = { ETYPE_NULL, "null", 1, + 1, 0, &keytype_null, &checksum_none, @@ -1942,6 +2347,7 @@ static struct encryption_type enctype_des_cbc_crc = { "des-cbc-crc", 8, 8, + 8, &keytype_des, &checksum_crc32, NULL, @@ -1953,6 +2359,7 @@ static struct encryption_type enctype_des_cbc_md4 = { "des-cbc-md4", 8, 8, + 8, &keytype_des, &checksum_rsa_md4, &checksum_rsa_md4_des, @@ -1964,6 +2371,7 @@ static struct encryption_type enctype_des_cbc_md5 = { "des-cbc-md5", 8, 8, + 8, &keytype_des, &checksum_rsa_md5, &checksum_rsa_md5_des, @@ -1974,10 +2382,11 @@ static struct encryption_type enctype_arcfour_hmac_md5 = { ETYPE_ARCFOUR_HMAC_MD5, "arcfour-hmac-md5", 1, + 1, 8, &keytype_arcfour, &checksum_hmac_md5, - &checksum_hmac_md5_enc, + /* &checksum_hmac_md5_enc */ NULL, F_SPECIAL, ARCFOUR_encrypt }; @@ -1986,6 +2395,7 @@ static struct encryption_type enctype_des3_cbc_md5 = { "des3-cbc-md5", 8, 8, + 8, &keytype_des3, &checksum_rsa_md5, &checksum_rsa_md5_des3, @@ -1997,6 +2407,7 @@ static struct encryption_type enctype_des3_cbc_sha1 = { "des3-cbc-sha1", 8, 8, + 8, &keytype_des3_derived, &checksum_sha1, &checksum_hmac_sha1_des3, @@ -2008,16 +2419,44 @@ static struct encryption_type enctype_old_des3_cbc_sha1 = { "old-des3-cbc-sha1", 8, 8, + 8, &keytype_des3, &checksum_sha1, &checksum_hmac_sha1_des3, 0, DES3_CBC_encrypt, }; +#ifdef ENABLE_AES +static struct encryption_type enctype_aes128_cts_hmac_sha1 = { + ETYPE_AES128_CTS_HMAC_SHA1_96, + "aes128-cts-hmac-sha1-96", + 16, + 1, + 16, + &keytype_aes128, + &checksum_sha1, + &checksum_hmac_sha1_aes128, + 0, + AES_CTS_encrypt, +}; +static struct encryption_type enctype_aes256_cts_hmac_sha1 = { + ETYPE_AES256_CTS_HMAC_SHA1_96, + "aes256-cts-hmac-sha1-96", + 16, + 1, + 16, + &keytype_aes256, + &checksum_sha1, + &checksum_hmac_sha1_aes256, + 0, + AES_CTS_encrypt, +}; +#endif /* ENABLE_AES */ static struct encryption_type enctype_des_cbc_none = { ETYPE_DES_CBC_NONE, "des-cbc-none", 8, + 8, 0, &keytype_des, &checksum_none, @@ -2029,6 +2468,7 @@ static struct encryption_type enctype_des_cfb64_none = { ETYPE_DES_CFB64_NONE, "des-cfb64-none", 1, + 1, 0, &keytype_des, &checksum_none, @@ -2040,6 +2480,7 @@ static struct encryption_type enctype_des_pcbc_none = { ETYPE_DES_PCBC_NONE, "des-pcbc-none", 8, + 8, 0, &keytype_des, &checksum_none, @@ -2051,6 +2492,7 @@ static struct encryption_type enctype_des3_cbc_none = { ETYPE_DES3_CBC_NONE, "des3-cbc-none", 8, + 8, 0, &keytype_des3_derived, &checksum_none, @@ -2068,6 +2510,10 @@ static struct encryption_type *etypes[] = { &enctype_des3_cbc_md5, &enctype_des3_cbc_sha1, &enctype_old_des3_cbc_sha1, +#ifdef ENABLE_AES + &enctype_aes128_cts_hmac_sha1, + &enctype_aes256_cts_hmac_sha1, +#endif &enctype_des_cbc_none, &enctype_des_cfb64_none, &enctype_des_pcbc_none, @@ -2270,7 +2716,7 @@ encrypt_internal_derived(krb5_context context, checksum_sz = CHECKSUMSIZE(et->keyed_checksum); sz = et->confoundersize + len; - block_sz = (sz + et->blocksize - 1) &~ (et->blocksize - 1); /* pad */ + block_sz = (sz + et->padsize - 1) &~ (et->padsize - 1); /* pad */ total_sz = block_sz + checksum_sz; p = calloc(1, total_sz); if(p == NULL) { @@ -2338,7 +2784,7 @@ encrypt_internal(krb5_context context, checksum_sz = CHECKSUMSIZE(et->checksum); sz = et->confoundersize + checksum_sz + len; - block_sz = (sz + et->blocksize - 1) &~ (et->blocksize - 1); /* pad */ + block_sz = (sz + et->padsize - 1) &~ (et->padsize - 1); /* pad */ p = calloc(1, block_sz); if(p == NULL) { krb5_set_error_string(context, "malloc: out of memory"); @@ -2879,6 +3325,12 @@ derive_key(krb5_context context, case KEYTYPE_DES3: DES3_postproc(context, k, nblocks * et->blocksize, key); break; +#ifdef ENABLE_AES + case KEYTYPE_AES128: + case KEYTYPE_AES256: + memcpy(key->key->keyvalue.data, k, key->key->keyvalue.length); + break; +#endif /* ENABLE_AES */ default: krb5_set_error_string(context, "derive_key() called with unknown keytype (%u)", @@ -3097,11 +3549,11 @@ wrapped_length (krb5_context context, size_t data_len) { struct encryption_type *et = crypto->et; - size_t blocksize = et->blocksize; + size_t padsize = et->padsize; size_t res; res = et->confoundersize + et->checksum->checksumsize + data_len; - res = (res + blocksize - 1) / blocksize * blocksize; + res = (res + padsize - 1) / padsize * padsize; return res; } @@ -3111,11 +3563,11 @@ wrapped_length_dervied (krb5_context context, size_t data_len) { struct encryption_type *et = crypto->et; - size_t blocksize = et->blocksize; + size_t padsize = et->padsize; size_t res; res = et->confoundersize + data_len; - res = (res + blocksize - 1) / blocksize * blocksize; + res = (res + padsize - 1) / padsize * padsize; res += et->checksum->checksumsize; return res; } @@ -3231,7 +3683,7 @@ main() d->key = &key; res.checksum.length = 20; res.checksum.data = malloc(res.checksum.length); - HMAC_SHA1_DES3_checksum(context, d, data, 28, &res); + SP_HMAC_SHA1_checksum(context, d, data, 28, &res); return 0; #endif diff --git a/crypto/heimdal/lib/krb5/data.c b/crypto/heimdal/lib/krb5/data.c index c6a5d75..d2bfeb2 100644 --- a/crypto/heimdal/lib/krb5/data.c +++ b/crypto/heimdal/lib/krb5/data.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: data.c,v 1.16 2001/05/14 06:14:46 assar Exp $"); +RCSID("$Id: data.c,v 1.17 2003/03/25 22:07:17 lha Exp $"); void krb5_data_zero(krb5_data *p) @@ -50,6 +50,12 @@ krb5_data_free(krb5_data *p) p->length = 0; } +void +krb5_free_data_contents(krb5_context context, krb5_data *data) +{ + krb5_data_free(data); +} + void krb5_free_data(krb5_context context, krb5_data *p) diff --git a/crypto/heimdal/lib/krb5/get_addrs.c b/crypto/heimdal/lib/krb5/get_addrs.c index f521de8..94a0350 100644 --- a/crypto/heimdal/lib/krb5/get_addrs.c +++ b/crypto/heimdal/lib/krb5/get_addrs.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: get_addrs.c,v 1.44 2002/08/16 20:50:15 joda Exp $"); +RCSID("$Id: get_addrs.c,v 1.45 2003/01/25 15:19:49 lha Exp $"); #ifdef __osf__ /* hate */ @@ -144,6 +144,8 @@ find_all_addresses (krb5_context context, krb5_addresses *res, int flags) for (ifa = ifa0, idx = 0; ifa != NULL; ifa = ifa->ifa_next) { if ((ifa->ifa_flags & IFF_UP) == 0) continue; + if (ifa->ifa_addr == NULL) + continue; if (memcmp(ifa->ifa_addr, &sa_zero, sizeof(sa_zero)) == 0) continue; if (krb5_sockaddr_uninteresting(ifa->ifa_addr)) @@ -185,6 +187,8 @@ find_all_addresses (krb5_context context, krb5_addresses *res, int flags) for (ifa = ifa0; ifa != NULL; ifa = ifa->ifa_next) { if ((ifa->ifa_flags & IFF_UP) == 0) continue; + if (ifa->ifa_addr == NULL) + continue; if (memcmp(ifa->ifa_addr, &sa_zero, sizeof(sa_zero)) == 0) continue; if (krb5_sockaddr_uninteresting(ifa->ifa_addr)) diff --git a/crypto/heimdal/lib/krb5/get_in_tkt.c b/crypto/heimdal/lib/krb5/get_in_tkt.c index 74a0204..0e75a95 100644 --- a/crypto/heimdal/lib/krb5/get_in_tkt.c +++ b/crypto/heimdal/lib/krb5/get_in_tkt.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: get_in_tkt.c,v 1.106 2002/09/04 16:26:04 joda Exp $"); +RCSID("$Id: get_in_tkt.c,v 1.107 2003/02/16 06:41:25 nectar Exp $"); krb5_error_code krb5_init_etype (krb5_context context, @@ -542,10 +542,12 @@ init_as_req (krb5_context context, sp = NULL; else krb5_data_zero(&salt.saltvalue); - add_padata(context, a->padata, creds->client, + ret = add_padata(context, a->padata, creds->client, key_proc, keyseed, &preauth->val[i].info.val[j].etype, 1, sp); + if (ret == 0) + break; } } } diff --git a/crypto/heimdal/lib/krb5/init_creds_pw.c b/crypto/heimdal/lib/krb5/init_creds_pw.c index 19b5b36..51bad53 100644 --- a/crypto/heimdal/lib/krb5/init_creds_pw.c +++ b/crypto/heimdal/lib/krb5/init_creds_pw.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: init_creds_pw.c,v 1.53 2002/04/18 09:14:51 joda Exp $"); +RCSID("$Id: init_creds_pw.c,v 1.55 2003/03/20 18:07:31 lha Exp $"); static int get_config_time (krb5_context context, @@ -452,6 +452,9 @@ krb5_get_init_creds_password(krb5_context context, case KRB5KDC_ERR_KEY_EXPIRED : /* try to avoid recursion */ + if (prompter == NULL) + goto out; + krb5_clear_error_string (context); if (in_tkt_service != NULL diff --git a/crypto/heimdal/lib/krb5/kerberos.8 b/crypto/heimdal/lib/krb5/kerberos.8 index 5f05284..b0b4980 100644 --- a/crypto/heimdal/lib/krb5/kerberos.8 +++ b/crypto/heimdal/lib/krb5/kerberos.8 @@ -1,4 +1,35 @@ -.\" $Id: kerberos.8,v 1.5 2002/08/20 17:07:17 joda Exp $ +.\" Copyright (c) 2000 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: kerberos.8,v 1.6 2003/03/10 02:19:23 lha Exp $ .\" .Dd September 1, 2000 .Dt KERBEROS 8 diff --git a/crypto/heimdal/lib/krb5/keytab.c b/crypto/heimdal/lib/krb5/keytab.c index f276d2e..9adf99b 100644 --- a/crypto/heimdal/lib/krb5/keytab.c +++ b/crypto/heimdal/lib/krb5/keytab.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab.c,v 1.53 2002/03/10 23:14:12 assar Exp $"); +RCSID("$Id: keytab.c,v 1.55 2003/03/27 03:45:01 lha Exp $"); /* * Register a new keytab in `ops' @@ -46,6 +46,11 @@ krb5_kt_register(krb5_context context, { struct krb5_keytab_data *tmp; + if (strlen(ops->prefix) > KRB5_KT_PREFIX_MAX_LEN - 1) { + krb5_set_error_string(context, "krb5_kt_register; prefix too long"); + return KRB5_KT_NAME_TOOLONG; + } + tmp = realloc(context->kt_types, (context->num_kt_types + 1) * sizeof(*context->kt_types)); if(tmp == NULL) { @@ -206,6 +211,21 @@ krb5_kt_read_service_key(krb5_context context, } /* + * Return the type of the `keytab' in the string `prefix of length + * `prefixsize'. + */ + +krb5_error_code +krb5_kt_get_type(krb5_context context, + krb5_keytab keytab, + char *prefix, + size_t prefixsize) +{ + strlcpy(prefix, keytab->prefix, prefixsize); + return 0; +} + +/* * Retrieve the name of the keytab `keytab' into `name', `namesize' * Return 0 or an error. */ @@ -308,17 +328,20 @@ krb5_kt_get_entry(krb5_context context, if (entry->vno) { return 0; } else { - char princ[256], kt_name[256]; + char princ[256], kt_name[256], kvno_str[25]; krb5_unparse_name_fixed (context, principal, princ, sizeof(princ)); krb5_kt_get_name (context, id, kt_name, sizeof(kt_name)); + if (kvno) + snprintf(kvno_str, sizeof(kvno_str), "(kvno %d)", kvno); + else + kvno_str[0] = '\0'; + krb5_set_error_string (context, - "failed to find %s%s%d%s in keytab %s", + "failed to find %s%s in keytab %s", princ, - kvno ? "(" : "", - kvno, - kvno ? ")" : "", + kvno_str, kt_name); return KRB5_KT_NOTFOUND; } diff --git a/crypto/heimdal/lib/krb5/keytab_any.c b/crypto/heimdal/lib/krb5/keytab_any.c index fe14d62..667788c 100644 --- a/crypto/heimdal/lib/krb5/keytab_any.c +++ b/crypto/heimdal/lib/krb5/keytab_any.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_any.c,v 1.6.4.1 2002/10/21 16:07:00 joda Exp $"); +RCSID("$Id: keytab_any.c,v 1.7 2002/10/21 13:36:59 joda Exp $"); struct any_data { krb5_keytab kt; diff --git a/crypto/heimdal/lib/krb5/keytab_file.c b/crypto/heimdal/lib/krb5/keytab_file.c index e9d9fd8..f2ff5386 100644 --- a/crypto/heimdal/lib/krb5/keytab_file.c +++ b/crypto/heimdal/lib/krb5/keytab_file.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_file.c,v 1.11.4.1 2002/10/21 14:35:47 joda Exp $"); +RCSID("$Id: keytab_file.c,v 1.12 2002/09/24 16:43:30 joda Exp $"); #define KRB5_KT_VNO_1 1 #define KRB5_KT_VNO_2 2 diff --git a/crypto/heimdal/lib/krb5/keytab_keyfile.c b/crypto/heimdal/lib/krb5/keytab_keyfile.c index 7bfc59c..aca930f 100644 --- a/crypto/heimdal/lib/krb5/keytab_keyfile.c +++ b/crypto/heimdal/lib/krb5/keytab_keyfile.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_keyfile.c,v 1.14.2.1 2002/10/21 16:07:26 joda Exp $"); +RCSID("$Id: keytab_keyfile.c,v 1.15 2002/10/21 15:42:06 joda Exp $"); /* afs keyfile operations --------------------------------------- */ diff --git a/crypto/heimdal/lib/krb5/krb5-private.h b/crypto/heimdal/lib/krb5/krb5-private.h index 6abac50..b247131 100644 --- a/crypto/heimdal/lib/krb5/krb5-private.h +++ b/crypto/heimdal/lib/krb5/krb5-private.h @@ -5,6 +5,15 @@ #include <stdarg.h> void +_krb5_aes_cts_encrypt ( + const unsigned char */*in*/, + unsigned char */*out*/, + size_t /*len*/, + const void */*aes_key*/, + unsigned char */*ivec*/, + const int /*enc*/); + +void _krb5_crc_init_table (void); u_int32_t @@ -34,6 +43,16 @@ _krb5_get_int ( unsigned long */*value*/, size_t /*size*/); +time_t +_krb5_krb_life_to_time ( + int /*start*/, + int /*life_*/); + +int +_krb5_krb_time_to_life ( + time_t /*start*/, + time_t /*end*/); + void _krb5_n_fold ( const void */*str*/, diff --git a/crypto/heimdal/lib/krb5/krb5-protos.h b/crypto/heimdal/lib/krb5/krb5-protos.h index 91a28f1..22fc669 100644 --- a/crypto/heimdal/lib/krb5/krb5-protos.h +++ b/crypto/heimdal/lib/krb5/krb5-protos.h @@ -48,6 +48,16 @@ krb5_524_conv_principal ( char */*realm*/); krb5_error_code +krb5_PKCS5_PBKDF2 ( + krb5_context /*context*/, + krb5_cksumtype /*cktype*/, + krb5_data /*password*/, + krb5_salt /*salt*/, + u_int32_t /*iter*/, + krb5_keytype /*type*/, + krb5_keyblock */*key*/); + +krb5_error_code krb5_abort ( krb5_context /*context*/, krb5_error_code /*code*/, @@ -437,6 +447,11 @@ krb5_cc_get_name ( krb5_context /*context*/, krb5_ccache /*id*/); +const krb5_cc_ops * +krb5_cc_get_ops ( + krb5_context /*context*/, + krb5_ccache /*id*/); + krb5_error_code krb5_cc_get_principal ( krb5_context /*context*/, @@ -494,6 +509,11 @@ krb5_cc_retrieve_cred ( krb5_creds */*creds*/); krb5_error_code +krb5_cc_set_default_name ( + krb5_context /*context*/, + const char */*name*/); + +krb5_error_code krb5_cc_set_flags ( krb5_context /*context*/, krb5_ccache /*id*/, @@ -1058,6 +1078,12 @@ krb5_encrypt_ivec ( void */*ivec*/); krb5_error_code +krb5_enctype_keysize ( + krb5_context /*context*/, + krb5_enctype /*type*/, + size_t */*keysize*/); + +krb5_error_code krb5_enctype_to_keytype ( krb5_context /*context*/, krb5_enctype /*etype*/, @@ -1178,6 +1204,11 @@ krb5_free_data ( krb5_data */*p*/); void +krb5_free_data_contents ( + krb5_context /*context*/, + krb5_data */*data*/); + +void krb5_free_error ( krb5_context /*context*/, krb5_error */*error*/); @@ -1776,6 +1807,13 @@ krb5_kt_get_name ( size_t /*namesize*/); krb5_error_code +krb5_kt_get_type ( + krb5_context /*context*/, + krb5_keytab /*keytab*/, + char */*prefix*/, + size_t /*prefixsize*/); + +krb5_error_code krb5_kt_next_entry ( krb5_context /*context*/, krb5_keytab /*id*/, @@ -2606,6 +2644,15 @@ krb5_string_to_key_data_salt ( krb5_keyblock */*key*/); krb5_error_code +krb5_string_to_key_data_salt_opaque ( + krb5_context /*context*/, + krb5_enctype /*enctype*/, + krb5_data /*password*/, + krb5_salt /*salt*/, + krb5_data /*opaque*/, + krb5_keyblock */*key*/); + +krb5_error_code krb5_string_to_key_derived ( krb5_context /*context*/, const void */*str*/, diff --git a/crypto/heimdal/lib/krb5/krb5-v4compat.h b/crypto/heimdal/lib/krb5/krb5-v4compat.h new file mode 100644 index 0000000..2f89281 --- /dev/null +++ b/crypto/heimdal/lib/krb5/krb5-v4compat.h @@ -0,0 +1,93 @@ +/* + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: krb5-v4compat.h,v 1.2 2003/03/18 03:08:20 lha Exp $ */ + +#ifndef __KRB5_V4COMPAT_H__ +#define __KRB5_V4COMPAT_H__ + +/* + * This file must only be included with v4 compat glue stuff in + * heimdal sources. + * + * It MUST NOT be installed. + */ + +#define MAX_KTXT_LEN 1250 + +#define ANAME_SZ 40 +#define REALM_SZ 40 +#define SNAME_SZ 40 +#define INST_SZ 40 + +struct ktext { + unsigned int length; /* Length of the text */ + unsigned char dat[MAX_KTXT_LEN]; /* The data itself */ + u_int32_t mbz; /* zero to catch runaway strings */ +}; + +struct credentials { + char service[ANAME_SZ]; /* Service name */ + char instance[INST_SZ]; /* Instance */ + char realm[REALM_SZ]; /* Auth domain */ + des_cblock session; /* Session key */ + int lifetime; /* Lifetime */ + int kvno; /* Key version number */ + struct ktext ticket_st; /* The ticket itself */ + int32_t issue_date; /* The issue time */ + char pname[ANAME_SZ]; /* Principal's name */ + char pinst[INST_SZ]; /* Principal's instance */ +}; + + +#define TKTLIFENUMFIXED 64 +#define TKTLIFEMINFIXED 0x80 +#define TKTLIFEMAXFIXED 0xBF +#define TKTLIFENOEXPIRE 0xFF +#define MAXTKTLIFETIME (30*24*3600) /* 30 days */ +#ifndef NEVERDATE +#define NEVERDATE ((time_t)0x7fffffffL) +#endif + +#define KERB_ERR_NULL_KEY 10 + +int +_krb5_krb_time_to_life(time_t start, time_t end); + +time_t +_krb5_krb_life_to_time(int start, int life_); + +#define krb_time_to_life _krb5_krb_time_to_life +#define krb_life_to_time _krb5_krb_life_to_time + +#endif /* __KRB5_V4COMPAT_H__ */ diff --git a/crypto/heimdal/lib/krb5/krb5.3 b/crypto/heimdal/lib/krb5/krb5.3 index 830ee66..8e169a0 100644 --- a/crypto/heimdal/lib/krb5/krb5.3 +++ b/crypto/heimdal/lib/krb5/krb5.3 @@ -1,6 +1,35 @@ -.\" $Id: krb5.3,v 1.1 2001/11/20 22:19:10 assar Exp $ +.\" Copyright (c) 2001, 2003 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. .\" -.Dd November 8, 2001 +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd March 20, 2003 .Dt KRB5 3 .Os .Sh NAME @@ -9,10 +38,10 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh DESCRIPTION -These functions constitute the kerberos 5 library, +These functions constitute the Kerberos 5 library, .Em libkrb5 . Declarations for these functions may be obtained from the include file -.Pa krb5/krb5.h . +.Pa krb5.h . .Sh LIST OF FUNCTIONS .sp 2 .nf @@ -25,9 +54,17 @@ krb5_425_conv_principal_ext.3 krb5_524_conv_principal.3 krb5_addlog_dest.3 krb5_addlog_func.3 +krb5_addr2sockaddr.3 +krb5_address.3 +krb5_address_compare.3 +krb5_address_order.3 +krb5_address_search.3 +krb5_addresses.3 +krb5_anyaddr.3 krb5_appdefault_boolean.3 krb5_appdefault_string.3 krb5_appdefault_time.3 +krb5_append_addresses.3 krb5_auth_con_free.3 krb5_auth_con_genaddrs.3 krb5_auth_con_getaddrs.3 @@ -62,6 +99,26 @@ krb5_build_principal.3 krb5_build_principal_ext.3 krb5_build_principal_va.3 krb5_build_principal_va_ext.3 +krb5_cc_close.3 +krb5_cc_copy_cache.3 +krb5_cc_default.3 +krb5_cc_default_name.3 +krb5_cc_destroy.3 +krb5_cc_end_seq_get.3 +krb5_cc_gen_new.3 +krb5_cc_get_name.3 +krb5_cc_get_principal.3 +krb5_cc_get_type.3 +krb5_cc_get_version.3 +krb5_cc_initialize.3 +krb5_cc_next_cred.3 +krb5_cc_register.3 +krb5_cc_remove_cred.3 +krb5_cc_resolve.3 +krb5_cc_retrieve_cred.3 +krb5_cc_set_default_name.3 +krb5_cc_set_flags.3 +krb5_cc_store_cred.3 krb5_checksum_is_collision_proof.3 krb5_checksum_is_keyed.3 krb5_checksumsize.3 @@ -71,24 +128,42 @@ krb5_config_get_int_default.3 krb5_config_get_string_default.3 krb5_config_get_time_default.3 krb5_context.3 +krb5_copy_address.3 +krb5_copy_addresses.3 +krb5_copy_data.3 krb5_create_checksum.3 krb5_crypto_destroy.3 krb5_crypto_init.3 +krb5_data_alloc.3 +krb5_data_copy.3 +krb5_data_free.3 +krb5_data_realloc.3 +krb5_data_zero.3 krb5_decrypt.3 krb5_decrypt_EncryptedData.3 krb5_encrypt.3 krb5_encrypt_EncryptedData.3 krb5_err.3 krb5_errx.3 +krb5_free_address.3 +krb5_free_addresses.3 krb5_free_context.3 +krb5_free_data.3 +krb5_free_data_contents.3 +krb5_free_host_realm.3 krb5_free_krbhst.3 krb5_free_principal.3 krb5_get_all_client_addrs.3 krb5_get_all_server_addrs.3 +krb5_get_default_realm.3 +krb5_get_default_realms.3 +krb5_get_host_realm.3 krb5_get_krb524hst.3 krb5_get_krb_admin_hst.3 krb5_get_krb_changepw_hst.3 krb5_get_krbhst.3 +krb5_h_addr2addr.3 +krb5_h_addr2sockaddr.3 krb5_init_context.3 krb5_initlog.3 krb5_keytab_entry.3 @@ -120,21 +195,35 @@ krb5_kt_resolve.3.3 krb5_kt_start_seq_get krb5_log.3 krb5_log_msg.3 +krb5_make_addrport.3 krb5_make_principal.3 +krb5_max_sockaddr_size.3 krb5_openlog.3 +krb5_parse_address.3 krb5_parse_name.3 krb5_principal.3 krb5_principal_get_comp_string.3 krb5_principal_get_realm.3 +krb5_print_address.3 +krb5_set_default_realm.3 krb5_set_warn_dest.3 krb5_sname_to_principal.3 krb5_sock_to_principal.3 +krb5_sockaddr2address.3 +krb5_sockaddr2port.3 +krb5_sockaddr_uninteresting.3 krb5_timeofday.3 krb5_unparse_name.3 krb5_us_timeofday.3 krb5_verify_checksum.3 +krb5_verify_opt_init.3 +krb5_verify_opt_set_flags.3 +krb5_verify_opt_set_keytab.3 +krb5_verify_opt_set_secure.3 +krb5_verify_opt_set_service.3 krb5_verify_user.3 krb5_verify_user_lrealm.3 +krb5_verify_user_opt.3 krb5_verr.3 krb5_verrx.3 krb5_vlog.3 @@ -143,6 +232,7 @@ krb5_vwarn.3 krb5_vwarnx.3 krb5_warn.3 krb5_warnx.3 +krn5_kuserok.3 .ta .Fi .Sh SEE ALSO diff --git a/crypto/heimdal/lib/krb5/krb5.conf.5 b/crypto/heimdal/lib/krb5/krb5.conf.5 index 0fc856a..9ee85aa 100644 --- a/crypto/heimdal/lib/krb5/krb5.conf.5 +++ b/crypto/heimdal/lib/krb5/krb5.conf.5 @@ -1,4 +1,35 @@ -.\" $Id: krb5.conf.5,v 1.25 2002/08/28 15:33:59 nectar Exp $ +.\" Copyright (c) 1999 - 2003 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5.conf.5,v 1.35 2003/04/16 13:26:13 lha Exp $ .\" .Dd April 11, 1999 .Dt KRB5.CONF 5 @@ -13,8 +44,10 @@ file specifies several configuration parameters for the Kerberos 5 library, as well as for some programs. .Pp The file consists of one or more sections, containing a number of -bindings. The value of each binding can be either a string or a list -of other bindings. The grammar looks like: +bindings. +The value of each binding can be either a string or a list of other +bindings. +The grammar looks like: .Bd -literal -offset indent file: /* empty */ @@ -43,13 +76,30 @@ name: .Ed .Li STRINGs -consists of one or more non-white space characters. +consists of one or more non-whitespace characters. +.Pp +STRINGs that are specified later in this man-page uses the following +notation. +.Bl -tag -width "xxx" -offset indent +.It boolean +values can be either yes/true or no/false. +.It time +values can be a list of year, month, day, hour, min, second. +Example: 1 month 2 days 30 min. +.It etypes +valid encryption types are: des-cbc-crc, des-cbc-md4, des-cbc-md5, +des3-cbc-sha1. +.It address +an address can be either a IPv4 or a IPv6 address. +.El +.Pp Currently recognised sections and bindings are: .Bl -tag -width "xxx" -offset indent .It Li [appdefaults] Specifies the default values to be used for Kerberos applications. You can specify defaults per application, realm, or a combination of -these. The preference order is: +these. +The preference order is: .Bl -enum -compact .It .Va application Va realm Va option @@ -84,12 +134,13 @@ The default is the result of .Fn krb5_get_host_realm "local hostname" . .It Li clockskew = Va time Maximum time differential (in seconds) allowed when comparing -times. Default is 300 seconds (five minutes). +times. +Default is 300 seconds (five minutes). .It Li kdc_timeout = Va time Maximum time to wait for a reply from the kdc, default is 3 seconds. .It v4_name_convert .It v4_instance_resolve -These are decribed in the +These are described in the .Xr krb5_425_conv_principal 3 manual page. .It Li capath = { @@ -111,11 +162,11 @@ This configuration should preferably be done on the KDC where it will help all its clients but can also be done on the client itself. .It Li } .It Li default_etypes = Va etypes... -A list of default etypes to use. +A list of default encryption types to use. .It Li default_etypes_des = Va etypes... -A list of default etypes to use when requesting a DES credential. +A list of default encryption types to use when requesting a DES credential. .It Li default_keytab_name = Va keytab -The keytab to use if none other is specified, default is +The keytab to use if no other is specified, default is .Dq FILE:/etc/krb5.keytab . .It Li dns_lookup_kdc = Va boolean Use DNS SRV records to lookup KDC services location. @@ -138,12 +189,15 @@ When obtaining initial credentials, make the credentials proxiable. This option is also valid in the [realms] section. .It Li verify_ap_req_nofail = Va boolean If enabled, failure to verify credentials against a local key is a -fatal error. The application has to be able to read the corresponding -service key for this to work. Some applications, like +fatal error. +The application has to be able to read the corresponding service key +for this to work. +Some applications, like .Xr su 8 , enable this option unconditionally. .It Li warn_pwexpire = Va time -How soon to warn for expiring password. Default is seven days. +How soon to warn for expiring password. +Default is seven days. .It Li http_proxy = Va proxy-spec A HTTP-proxy to use when talking to the KDC via HTTP. .It Li dns_proxy = Va proxy-spec @@ -171,14 +225,14 @@ and other programs. This option is also valid in the [realms] section. .El .It Li [domain_realm] -This is a list of mappings from DNS domain to Kerberos realm. Each -binding in this section looks like: +This is a list of mappings from DNS domain to Kerberos realm. +Each binding in this section looks like: .Pp .Dl domain = realm .Pp The domain can be either a full name of a host or a trailing component, in the latter case the domain-string should start with a -perid. +period. The realm may be the token `dns_locate', in which case the actual realm will be determined using DNS (independently of the setting of the `dns_lookup_realm' option). @@ -186,22 +240,44 @@ of the `dns_lookup_realm' option). .Bl -tag -width "xxx" -offset indent .It Va REALM Li = { .Bl -tag -width "xxx" -offset indent -.It Li kdc = Va host[:port] -Specifies a list of kdcs for this realm. If the optional port is absent, the +.It Li kdc = Va [service/]host[:port] +Specifies a list of kdcs for this realm. +If the optional +.Va port +is absent, the default value for the .Dq kerberos/udp -service will be used. +.Dq kerberos/tcp , +and +.Dq http/tcp +port (depending on service) will be used. The kdcs will be used in the order that they are specified. +.Pp +The optional +.Va service +specifies over what medium the kdc should be +contacted. +Possible services are +.Dq udp , +.Dq tcp , +and +.Dq http . +Http can also be written as +.Dq http:// . +Default service is +.Dq udp +and +.Dq tcp . .It Li admin_server = Va host[:port] Specifies the admin server for this realm, where all the modifications -to the database are perfomed. +to the database are performed. .It Li kpasswd_server = Va host[:port] -Points to the server where all the password changes are perfomed. +Points to the server where all the password changes are performed. If there is no such entry, the kpasswd port on the admin_server host will be tried. -.It Li krb524_server = Va Host[:port] -Points to the server that does 524 conversions. If it is not -mentioned, the krb524 port on the kdcs will be tried. +.It Li krb524_server = Va host[:port] +Points to the server that does 524 conversions. +If it is not mentioned, the krb524 port on the kdcs will be tried. .It Li v4_instance_convert .It Li v4_name_convert .It Li default_domain @@ -217,7 +293,8 @@ Specifies that .Va entity should use the specified .Li destination -for logging. See the +for logging. +See the .Xr krb5_openlog 3 manual page for a list of defined destinations. .El @@ -226,19 +303,19 @@ manual page for a list of defined destinations. .It database Li = { .Bl -tag -width "xxx" -offset indent .It dbname Li = Va DATABASENAME -use this database for this realm. +Use this database for this realm. .It realm Li = Va REALM -specifies the realm that will be stored in this database. +Specifies the realm that will be stored in this database. .It mkey_file Li = Pa FILENAME -use this keytab file for the master key of this database. +Use this keytab file for the master key of this database. If not specified .Va DATABASENAME Ns .mkey will be used. .It acl_file Li = PA FILENAME -use this file for the ACL list of this database. +Use this file for the ACL list of this database. .It log_file Li = Pa FILENAME -use this file as the log of changes performed to the database. This -file is used by +Use this file as the log of changes performed to the database. +This file is used by .Nm ipropd-master for propagating changes to slaves. .El @@ -246,39 +323,42 @@ for propagating changes to slaves. .It max-request = Va SIZE Maximum size of a kdc request. .It require-preauth = Va BOOL -If set pre-authentication is required. Since krb4 requests are not -pre-authenticated they will be rejected. +If set pre-authentication is required. +Since krb4 requests are not pre-authenticated they will be rejected. .It ports = Va "list of ports" -list of ports the kdc should listen to. +List of ports the kdc should listen to. .It addresses = Va "list of interfaces" -list of addresses the kdc should bind to. +List of addresses the kdc should bind to. .It enable-kerberos4 = Va BOOL -turn on kerberos4 support. +Turn on Kerberos 4 support. .It v4-realm = Va REALM -to what realm v4 requests should be mapped. +To what realm v4 requests should be mapped. .It enable-524 = Va BOOL -should the Kerberos 524 converting facility be turned on. Default is same as +Should the Kerberos 524 converting facility be turned on. +Default is same as .Va enable-kerberos4 . .It enable-http = Va BOOL -should the kdc answer kdc-requests over http. +Should the kdc answer kdc-requests over http. .It enable-kaserver = Va BOOL -if this kdc should emulate the AFS kaserver. +If this kdc should emulate the AFS kaserver. .It check-ticket-addresses = Va BOOL verify the addresses in the tickets used in tgs requests. .\" XXX .It allow-null-ticket-addresses = Va BOOL -allow addresses-less tickets. +Allow addresses-less tickets. .\" XXX .It allow-anonymous = Va BOOL -if the kdc is allowed to hand out anonymous tickets. +If the kdc is allowed to hand out anonymous tickets. .It encode_as_rep_as_tgs_rep = Va BOOL -encode as-rep as tgs-rep tobe compatible with mistakes older DCE secd did. +Encode as-rep as tgs-rep tobe compatible with mistakes older DCE secd did. .\" XXX .It kdc_warn_pwexpire = Va TIME -the time before expiration that the user should be warned that her +The time before expiration that the user should be warned that her password is about to expire. .It logging = Va Logging What type of logging the kdc should use, see also [logging]/kdc. +.It use_2b = Va principal list +List of principals to use AFS 2b tokens for. .El .It Li [kadmin] .Bl -tag -width "xxx" -offset indent @@ -293,15 +373,17 @@ syntax of this if something like: .Pp [(des|des3|etype):](pw-salt|afs3-salt)[:string] .Pp -if +If .Ar etype -is omitted it means everything, and if string is omitted is means the default string (for that principal). Additional special values of keyttypes are: +is omitted it means everything, and if string is omitted it means the +default salt string (for that principal and encryption type). +Additional special values of keytypes are: .Bl -tag -width "xxx" -offset indent .It v5 -The kerberos 5 salt +The Kerberos 5 salt .Va pw-salt .It v4 -The kerberos 4 type +The Kerberos 4 salt .Va des:pw-salt: .El .It use_v4_salt = Va BOOL @@ -309,7 +391,7 @@ When true, this is the same as .Pp .Va default_keys = Va des3:pw-salt Va v4 .Pp -and is only left for backwards compatability. +and is only left for backwards compatibility. .El .El .Sh ENVIRONMENT @@ -348,9 +430,10 @@ To help overcome this problem, there is a program .Nm verify_krb5_conf that reads .Nm -and tries to emit useful diagnostics from parsing errors. Note that -this program does not have any way of knowing what options are -actually used and thus cannot warn about unknown or misspelled ones. +and tries to emit useful diagnostics from parsing errors. +Note that this program does not have any way of knowing what options +are actually used and thus cannot warn about unknown or misspelled +ones. .Sh SEE ALSO .Xr kinit 1 , .Xr krb5_425_conv_principal 3 , diff --git a/crypto/heimdal/lib/krb5/krb5.h b/crypto/heimdal/lib/krb5/krb5.h index cb035bc..f157452 100644 --- a/crypto/heimdal/lib/krb5/krb5.h +++ b/crypto/heimdal/lib/krb5/krb5.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5.h,v 1.205 2002/09/03 17:31:47 joda Exp $ */ +/* $Id: krb5.h,v 1.209 2003/03/16 18:30:02 lha Exp $ */ #ifndef __KRB5_H__ #define __KRB5_H__ @@ -98,7 +98,7 @@ enum { ENCTYPE_DES_CBC_NONE = ETYPE_DES_CBC_NONE, ENCTYPE_DES3_CBC_NONE = ETYPE_DES3_CBC_NONE, ENCTYPE_DES_CFB64_NONE = ETYPE_DES_CFB64_NONE, - ENCTYPE_DES_PCBC_NONE = ETYPE_DES_PCBC_NONE, + ENCTYPE_DES_PCBC_NONE = ETYPE_DES_PCBC_NONE }; typedef PADATA_TYPE krb5_preauthtype; @@ -219,6 +219,8 @@ typedef enum krb5_keytype { KEYTYPE_NULL = 0, KEYTYPE_DES = 1, KEYTYPE_DES3 = 7, + KEYTYPE_AES128 = 17, + KEYTYPE_AES256 = 18, KEYTYPE_ARCFOUR = 23 } krb5_keytype; @@ -391,6 +393,7 @@ typedef struct krb5_context_data { char *error_string; char error_buf[256]; krb5_addresses *ignore_addresses; + char *default_cc_name; } krb5_context_data; typedef struct krb5_ticket { @@ -436,6 +439,8 @@ struct krb5_keytab_data; typedef struct krb5_keytab_data *krb5_keytab; +#define KRB5_KT_PREFIX_MAX_LEN 30 + struct krb5_keytab_data { const char *prefix; krb5_error_code (*resolve)(krb5_context, const char*, krb5_keytab); diff --git a/crypto/heimdal/lib/krb5/krb5_425_conv_principal.3 b/crypto/heimdal/lib/krb5/krb5_425_conv_principal.3 index bb7e578..78bb62c 100644 --- a/crypto/heimdal/lib/krb5/krb5_425_conv_principal.3 +++ b/crypto/heimdal/lib/krb5/krb5_425_conv_principal.3 @@ -1,5 +1,36 @@ .\" Copyright (c) 1997-2002 Kungliga Tekniska Högskolan -.\" $Id: krb5_425_conv_principal.3,v 1.8 2002/08/28 15:30:46 joda Exp $ +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_425_conv_principal.3,v 1.10 2003/04/16 13:58:13 lha Exp $ +.\" .Dd April 11, 1999 .Dt KRB5_425_CONV_PRINCIPAL 3 .Os HEIMDAL @@ -11,7 +42,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft krb5_error_code .Fn krb5_425_conv_principal "krb5_context context" "const char *name" "const char *instance" "const char *realm" "krb5_principal *principal" .Ft krb5_error_code diff --git a/crypto/heimdal/lib/krb5/krb5_address.3 b/crypto/heimdal/lib/krb5/krb5_address.3 new file mode 100644 index 0000000..dc780ad --- /dev/null +++ b/crypto/heimdal/lib/krb5/krb5_address.3 @@ -0,0 +1,355 @@ +.\" Copyright (c) 2003 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_address.3,v 1.4 2003/04/16 13:58:12 lha Exp $ +.\" +.Dd March 11, 2002 +.Dt KRB5_ADDRESS 3 +.Os HEIMDAL +.Sh NAME +.Nm krb5_address , +.Nm krb5_addresses , +.Nm krb5_sockaddr2address , +.Nm krb5_sockaddr2port , +.Nm krb5_addr2sockaddr , +.Nm krb5_max_sockaddr_size , +.Nm krb5_sockaddr_uninteresting , +.Nm krb5_h_addr2sockaddr , +.Nm krb5_h_addr2addr , +.Nm krb5_anyaddr , +.Nm krb5_print_address , +.Nm krb5_parse_address , +.Nm krb5_address_order , +.Nm krb5_address_compare , +.Nm krb5_address_search , +.Nm krb5_free_address , +.Nm krb5_free_addresses , +.Nm krb5_copy_address , +.Nm krb5_copy_addresses , +.Nm krb5_append_addresses , +.Nm krb5_make_addrport +.Nd mange addresses in Kerberos. +.Sh LIBRARY +Kerberos 5 Library (libkrb5, -lkrb5) +.Sh SYNOPSIS +.In krb5.h +.Pp +.Ft krb5_error_code +.Fo krb5_sockaddr2address +.Fa "krb5_context context" +.Fa "const struct sockaddr *sa" +.Fa "krb5_address *addr" +.Fc +.Ft krb5_error_code +.Fo krb5_sockaddr2port +.Fa "krb5_context context" +.Fa "const struct sockaddr *sa" +.Fa "int16_t *port" +.Fc +.Ft krb5_error_code +.Fo krb5_addr2sockaddr +.Fa "krb5_context context" +.Fa "const krb5_address *addr" +.Fa "struct sockaddr *sa" +.Fa "krb5_socklen_t *sa_size" +.Fa "int port" +.Fc +.Ft size_t +.Fo krb5_max_sockaddr_size +.Fa "void" +.Fc +.Ft "krb5_boolean" +.Fo krb5_sockaddr_uninteresting +.Fa "const struct sockaddr *sa" +.Fc +.Ft krb5_error_code +.Fo krb5_h_addr2sockaddr +.Fa "krb5_context context" +.Fa "int af" +.Fa "const char *addr" +.Fa "struct sockaddr *sa" +.Fa "krb5_socklen_t *sa_size" +.Fa "int port" +.Fc +.Ft krb5_error_code +.Fo krb5_h_addr2addr +.Fa "krb5_context context" +.Fa "int af" +.Fa "const char *haddr" +.Fa "krb5_address *addr" +.Fc +.Ft krb5_error_code +.Fo krb5_anyaddr +.Fa "krb5_context context" +.Fa "int af" +.Fa "struct sockaddr *sa" +.Fa "krb5_socklen_t *sa_size" +.Fa "int port" +.Fc +.Ft krb5_error_code +.Fo krb5_print_address +.Fa "const krb5_address *addr" +.Fa "char *str" +.Fa "size_t len" +.Fa "size_t *ret_len" +.Fc +.Ft krb5_error_code +.Fo krb5_parse_address +.Fa "krb5_context context" +.Fa "const char *string" +.Fa "krb5_addresses *addresses" +.Fc +.Ft int +.Fo "krb5_address_order" +.Fa "krb5_context context" +.Fa "const krb5_address *addr1" +.Fa "const krb5_address *addr2" +.Fc +.Ft "krb5_boolean" +.Fo krb5_address_compare +.Fa "krb5_context context" +.Fa "const krb5_address *addr1" +.Fa "const krb5_address *addr2" +.Fc +.Ft "krb5_boolean" +.Fo krb5_address_search +.Fa "krb5_context context" +.Fa "const krb5_address *addr" +.Fa "const krb5_addresses *addrlist" +.Fc +.Ft krb5_error_code +.Fo krb5_free_address +.Fa "krb5_context context" +.Fa "krb5_address *address" +.Fc +.Ft krb5_error_code +.Fo krb5_free_addresses +.Fa "krb5_context context" +.Fa "krb5_addresses *addresses" +.Fc +.Ft krb5_error_code +.Fo krb5_copy_address +.Fa "krb5_context context" +.Fa "const krb5_address *inaddr" +.Fa "krb5_address *outaddr" +.Fc +.Ft krb5_error_code +.Fo krb5_copy_addresses +.Fa "krb5_context context" +.Fa "const krb5_addresses *inaddr" +.Fa "krb5_addresses *outaddr" +.Fc +.Ft krb5_error_code +.Fo krb5_append_addresses +.Fa "krb5_context context" +.Fa "krb5_addresses *dest" +.Fa "const krb5_addresses *source" +.Fc +.Ft krb5_error_code +.Fo krb5_make_addrport +.Fa "krb5_context context" +.Fa "krb5_address **res" +.Fa "const krb5_address *addr" +.Fa "int16_t port" +.Fc +.Sh DESCRIPTION +The +.Li krb5_address +structure holds a address that can be used in Kerberos API +calls. There are help functions to set and extract address information +of the address. +.Pp +The +.Li krb5_addresses +structure holds a set of krb5_address:es. +.Pp +.Fn krb5_sockaddr2address +stores a address a +.Li "struct sockaddr" +.Fa sa +in the krb5_address +.Fa addr . +.Pp +.Fn krb5_sockaddr2port +extracts a +.Fa port +(if possible) from a +.Li "struct sockaddr" +.Fa sa . +.Pp +.Fn krb5_addr2sockaddr +sets the +struct sockaddr +.Fa sockaddr +from +.Fa addr +and +.Fa port . +.Fa Sa_size +should be initially contain the size of the +.Fa sa , +and after the call, it will contain the actual length of the address. +.Pp +.Fn krb5_max_sockaddr_size +returns the max size of the +.Li struct sockaddr +that the Kerberos library will return. +.Pp +.Fn krb5_sockaddr_uninteresting +returns +.Dv TRUE +for all +.Fa sa +that for that the kerberos library thinks are uninteresting. +One example are link local addresses. +.Pp +.Fn krb5_h_addr2sockaddr +initializes a +.Li "struct sockaddr" +.Fa sa +from +.Fa af +and the +.Li "struct hostent" +(see +.Xr gethostbyname 3 ) +.Fa h_addr_list +component. +.Fa Sa_size +should be initially contain the size of the +.Fa sa , +and after the call, it will contain the actual length of the address. +.Fa sa +argument. +.Pp +.Fn krb5_h_addr2addr +works like +.Fn krb5_h_addr2sockaddr +with the exception that it operates on a +.Li krb5_address +instead of a +.Li struct sockaddr +.Pp +.Fn krb5_anyaddr +fills in a +.Li "struct sockaddr" +.Fa sa +that can be used to +.Xf bind 3 +to. +.Fa Sa_size +should be initially contain the size of the +.Fa sa , +and after the call, it will contain the actual length of the address. +.Pp +.Fn krb5_print_address +prints the address in +.Fa addr +to the a string +.Fa string +that have the length +.Fa len . +If +.Fa ret_len +if not +.Dv NULL , +it will be filled in length of the string. +.Pp +.Fn krb5_parse_address +Returns the resolving a hostname in +.Fa string +to the +.Li krb5_addresses +.Fa addresses . +.Pp +.Fn krb5_address_order +compares to addresses +.Fa addr1 +and +.Fa addr2 +so that it can be used for sorting addresses. If the addresses are the +same address +.Fa krb5_address_order will be return 0. +.Pp +.Fn krb5_address_compare +compares the addresses +.Fa addr1 +and +.Fa addr2 . +returns +.Dv TRUE +if the two addresses are the same. +.Pp +.Fn krb5_address_search +checks if the address +.Fa addr +is a member of the address set list +.Fa addrlist . +.Pp +.Fn krb5_free_address +frees the data stored in the +.Fa address +that is alloced with any of the krb5_address functions. +.Pp +.Fn krb5_free_addresses +frees the data stored in the +.Fa addresses +that is alloced with any of the krb5_address functions. +.Pp +.Fn krb5_copy_address +copies the content of address +.Fa inaddr +to +.Fa outaddr . +.Pp +.Fn krb5_copy_addresses +copies the content of the address list +.Fa inaddr +to +.Fa outaddr . +.Pp +.Fn krb5_append_addresses +adds the set of addresses in +.Fa source +to +.Fa dest . +While copying the addresses, duplicates are also sorted out. +.Pp +.Fn krb5_make_addrport +allocates and creates an +krb5_address in +.Fa res +of type KRB5_ADDRESS_ADDRPORT from +.Fa ( addr , port ) . +.Sh SEE ALSO +.Xr krb5 3 , +.Xr krb5.conf 5 , +.Xr kerberos 8 diff --git a/crypto/heimdal/lib/krb5/krb5_aname_to_localname.3 b/crypto/heimdal/lib/krb5/krb5_aname_to_localname.3 new file mode 100644 index 0000000..900e1d9 --- /dev/null +++ b/crypto/heimdal/lib/krb5/krb5_aname_to_localname.3 @@ -0,0 +1,80 @@ +.\" Copyright (c) 2003 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_aname_to_localname.3,v 1.2 2003/04/16 13:58:13 lha Exp $ +.\" +.Dd March 17, 2003 +.Dt KRB5_ANAME_TO_LOCALNAME 3 +.Os HEIMDAL +.Sh NAME +.Nm krb5_aname_to_localname +.Nd converts a principal to a system local name. +.Sh LIBRARY +Kerberos 5 Library (libkrb5, -lkrb5) +.Sh SYNOPSIS +.In krb5.h +.Ft krb5_boolean +.Fo krb5_aname_to_localname +.Fa "krb5_context context" +.Fa "krb5_const_principal name" +.Fa "size_t lnsize" +.Fa "char *lname" +.Fc +.Sh DESCRIPTION +This function takes a principal +.Fa name , +verifies its in the local realm (using +.Fn krb5_get_default_realms ) +and then returns the local name of the principal. +.Pp +If +.Fa name +isn't in one of the local realms and error is returned. +.Pp +If size +.Fa ( lnsize ) +of the local name +.Fa ( lname ) +is to small, an error is returned. +.Pp +.Fn krb5_aname_to_localname +should only be use by application that implements protocols that +doesn't transport the login name and thus needs to convert a principal +to a local name. +.Pp +Protocols should be designed so that the it autheticates using +Kerberos, send over the login name and then verifies in the principal +that authenticated is allowed to login and the login name. +A way to check if a user is allowed to login is using the function +.Fn krb5_kuserok . +.Sh SEE ALSO +.Xr krb5_get_default_realms 3 , +.Xr krb5_kuserok 3 diff --git a/crypto/heimdal/lib/krb5/krb5_appdefault.3 b/crypto/heimdal/lib/krb5/krb5_appdefault.3 index 750bb75..f913fdc 100644 --- a/crypto/heimdal/lib/krb5/krb5_appdefault.3 +++ b/crypto/heimdal/lib/krb5/krb5_appdefault.3 @@ -1,5 +1,36 @@ .\" Copyright (c) 2000 Kungliga Tekniska Högskolan -.\" $Id: krb5_appdefault.3,v 1.7 2002/08/28 15:30:46 joda Exp $ +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_appdefault.3,v 1.10 2003/04/16 13:58:10 lha Exp $ +.\" .Dd July 25, 2000 .Dt KRB5_APPDEFAULT 3 .Os HEIMDAL @@ -11,7 +42,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft void .Fn krb5_appdefault_boolean "krb5_context context" "const char *appname" "krb5_realm realm" "const char *option" "krb5_boolean def_val" "krb5_boolean *ret_val" .Ft void @@ -19,7 +50,7 @@ Kerberos 5 Library (libkrb5, -lkrb5) .Ft void .Fn krb5_appdefault_time "krb5_context context" "const char *appname" "krb5_realm realm" "const char *option" "time_t def_val" "time_t *ret_val" .Sh DESCRIPTION -These functions get application application defaults from the +These functions get application defaults from the .Dv appdefaults section of the .Xr krb5.conf 5 diff --git a/crypto/heimdal/lib/krb5/krb5_auth_context.3 b/crypto/heimdal/lib/krb5/krb5_auth_context.3 index 2afaec5..69db324 100644 --- a/crypto/heimdal/lib/krb5/krb5_auth_context.3 +++ b/crypto/heimdal/lib/krb5/krb5_auth_context.3 @@ -1,5 +1,36 @@ -.\" Copyright (c) 2001 Kungliga Tekniska Högskolan -.\" $Id: krb5_auth_context.3,v 1.5 2002/09/02 12:42:00 joda Exp $ +.\" Copyright (c) 2001 - 2002 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_auth_context.3,v 1.8 2003/04/16 13:58:13 lha Exp $ +.\" .Dd January 21, 2001 .Dt KRB5_AUTH_CONTEXT 3 .Os HEIMDAL @@ -38,7 +69,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft krb5_error_code .Fo krb5_auth_con_init .Fa "krb5_context context" @@ -127,12 +158,12 @@ that holds the context for the thread or process. .Nm krb5_auth_context is used by various functions that are directly related to authentication between the server/client. Example of data that this -structure contains are varius flags, addresses of client and server, +structure contains are various flags, addresses of client and server, port numbers, keyblocks (and subkeys), sequence numbers, replay cache, and checksum-type. .Pp .Fn krb5_auth_con_init -allocates and initilizes the +allocates and initializes the .Nm krb5_auth_context structure. Default values can be changed with .Fn krb5_auth_con_setcksumtype diff --git a/crypto/heimdal/lib/krb5/krb5_build_principal.3 b/crypto/heimdal/lib/krb5/krb5_build_principal.3 index 6ff2cf3..e74c754 100644 --- a/crypto/heimdal/lib/krb5/krb5_build_principal.3 +++ b/crypto/heimdal/lib/krb5/krb5_build_principal.3 @@ -1,5 +1,36 @@ -.\" Copyright (c) 1997 Kungliga Tekniska Högskolan -.\" $Id: krb5_build_principal.3,v 1.5 2002/08/28 15:30:47 joda Exp $ +.\" Copyright (c) 1997, 2001 - 2002 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_build_principal.3,v 1.7 2003/04/16 13:58:14 lha Exp $ +.\" .Dd August 8, 1997 .Dt KRB5_BUILD_PRINCIPAL 3 .Os HEIMDAL @@ -13,7 +44,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft krb5_error_code .Fn krb5_build_principal "krb5_context context" "krb5_principal *principal" "int realm_len" "krb5_const_realm realm" "..." .Ft krb5_error_code diff --git a/crypto/heimdal/lib/krb5/krb5_ccache.3 b/crypto/heimdal/lib/krb5/krb5_ccache.3 new file mode 100644 index 0000000..ec48c5f --- /dev/null +++ b/crypto/heimdal/lib/krb5/krb5_ccache.3 @@ -0,0 +1,356 @@ +.\" Copyright (c) 2003 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_ccache.3,v 1.7 2003/04/16 13:58:12 lha Exp $ +.\" +.Dd March 16, 2003 +.Dt KRB5_CCACHE 3 +.Os HEIMDAL +.Sh NAME +.Nm krb5_ccache , +.Nm krb5_cc_cursor , +.Nm krb5_cc_ops , +.Nm krb5_fcc_ops , +.Nm krb5_mcc_ops , +.Nm krb5_cc_close , +.Nm krb5_cc_copy_cache , +.Nm krb5_cc_default , +.Nm krb5_cc_default_name , +.Nm krb5_cc_destroy , +.Nm krb5_cc_end_seq_get , +.Nm krb5_cc_gen_new , +.Nm krb5_cc_get_name , +.Nm krb5_cc_get_principal , +.Nm krb5_cc_get_type , +.Nm krb5_cc_get_ops , +.Nm krb5_cc_get_version , +.Nm krb5_cc_initialize , +.Nm krb5_cc_register , +.Nm krb5_cc_resolve , +.Nm krb5_cc_retrieve_cred , +.Nm krb5_cc_remove_cred , +.Nm krb5_cc_set_default_name , +.Nm krb5_cc_store_cred , +.Nm krb5_cc_set_flags , +.Nm krb5_cc_next_cred +.Nd mange credential cache. +.Sh LIBRARY +Kerberos 5 Library (libkrb5, -lkrb5) +.Sh SYNOPSIS +.In krb5.h +.Pp +.Li "struct krb5_ccache;" +.Pp +.Li "struct krb5_cc_cursor;" +.Pp +.Li "struct krb5_cc_ops;" +.Pp +.Li "struct krb5_cc_ops *krb5_fcc_ops;" +.Pp +.Li "struct krb5_cc_ops *krb5_mcc_ops;" +.Pp +.Ft krb5_error_code +.Fo krb5_cc_close +.Fa "krb5_context *context" +.Fa "krb5_ccache id" +.Fc +.Ft krb5_error_code +.Fo krb5_cc_copy_cache +.Fa "krb5_context *context" +.Fa "const krb5_ccache from" +.Fa "krb5_ccache to" +.Fc +.Ft krb5_error_code +.Fo krb5_cc_default +.Fa "krb5_context *context" +.Fa "krb5_ccache *id" +.Fc +.Ft "const char *" +.Fo krb5_cc_default_name +.Fa "krb5_context *context" +.Fc +.Ft krb5_error_code +.Fo krb5_cc_destroy +.Fa "krb5_context *context" +.Fa "krb5_ccache id" +.Fc +.Ft krb5_error_code +.Fo krb5_cc_end_seq_get +.Fa "krb5_context *context" +.Fa "const krb5_ccache id" +.Fa "krb5_cc_cursor *cursor" +.Fc +.Ft krb5_error_code +.Fo krb5_cc_gen_new +.Fa "krb5_context *context" +.Fa "const krb5_cc_ops *ops" +.Fa "krb5_ccache *id" +.Fc +.Ft "const char *" +.Fo krb5_cc_get_name +.Fa "krb5_context *context" +.Fa "krb5_ccache id" +.Fc +.Ft krb5_error_code +.Fo krb5_cc_get_principal +.Fa "krb5_context *context" +.Fa "krb5_ccache id" +.Fa "krb5_principal *principal" +.Fc +.Ft "const char *" +.Fo krb5_cc_get_type +.Fa "krb5_context *context" +.Fa "krb5_ccache id" +.Fc +.Ft "const krb5_cc_ops *" +.Fo krb5_cc_get_ops +.Fa "krb5_context *context" +.Fa "krb5_ccache id" +.Fc +.Ft krb5_error_code +.Fo krb5_cc_get_version +.Fa "krb5_context *context" +.Fa "const krb5_ccache id" +.Fc +.Ft krb5_error_code +.Fo krb5_cc_initialize +.Fa "krb5_context *context" +.Fa "krb5_ccache id" +.Fa "krb5_principal primary_principal" +.Fc +.Ft krb5_error_code +.Fo krb5_cc_register +.Fa "krb5_context *context" +.Fa "const krb5_cc_ops *ops" +.Fa "krb5_boolean override" +.Fc +.Ft krb5_error_code +.Fo krb5_cc_resolve +.Fa "krb5_context *context" +.Fa "const char *name" +.Fa "krb5_ccache *id" +.Fc +.Ft krb5_error_code +.Fo krb5_cc_retrieve_cred +.Fa "krb5_context *context" +.Fa "krb5_ccache id" +.Fa "krb5_flags whichfields" +.Fa "const krb5_creds *mcreds" +.Fa "krb5_creds *creds" +.Fc +.Ft krb5_error_code +.Fo krb5_cc_remove_cred +.Fa "krb5_context *context" +.Fa "krb5_ccache id" +.Fa "krb5_flags which" +.Fa "krb5_creds *cred" +.Fc +.Ft krb5_error_code +.Fo krb5_cc_set_default_name +.Fa "krb5_context *context" +.Fa "const char *name" +.Fc +.Ft krb5_error_code +.Fo krb5_cc_store_cred +.Fa "krb5_context *context" +.Fa "krb5_ccache id" +.Fa "krb5_creds *creds" +.Fc +.Ft krb5_error_code +.Fo krb5_cc_set_flags +.Fa "krb5_context *context" +.Fa "krb5_cc_set_flags id" +.Fa "krb5_flags flags" +.Fc +.Ft krb5_error_code +.Fo krb5_cc_next_cred +.Fa "krb5_context *context" +.Fa "const krb5_ccache id" +.Fa "krb5_cc_cursor *cursor" +.Fa "krb5_creds *creds" +.Fc +.Sh DESCRIPTION +The +.Li krb5_ccache +structure holds a Kerberos credential cache. +.Pp +The +.Li krb5_cc_cursor +structure holds current position in a credential cache when +iterating over the cache. +.Pp +The +.Li krb5_cc_ops +structure holds a set of operations that can me preformed on a +credential cache. +.Pp +There is no component inside +.Li krb5_ccache , +.Li krb5_cc_cursor +nor +.Li krb5_fcc_ops +that is directly referable. +.Pp +The +.Li krb5_creds +holds a Kerberos credential, see manpage for +.Xr krb5_creds 3 . +.Pp +.Fn krb5_cc_default_name +and +.Fn krb5_cc_set_default_name +gets and sets the default name for the +.Fa context . +.Pp +.Fn krb5_cc_default +opens the default ccache in +.Fa id . +Return 0 or an error code. +.Pp +.Fn krb5_cc_gen_new +generates a new ccache of type +.Fa ops +in +.Fa id . +Return 0 or an error code. +.Pp +.Fn krb5_cc_resolve +finds and allocates a ccache in +.Fa id +from the specification in +.Fa residual . +If the ccache name doesn't contain any colon (:), interpret it as a +file name. +Return 0 or an error code. +.Pp +.Fn krb5_cc_initialize +creates a new ccache in +.Fa id +for +.Fa primary_principal . +Return 0 or an error code. +.Pp +.Fn krb5_cc_close +stops using the ccache +.Fa id +and frees the related resources. +Return 0 or an error code. +.Fn krb5_cc_destroy +removes the ccache +and closes (by calling +.Fn krb5_cc_close ) +.Fa id . +Return 0 or an error code. +.Pp +.Fn krb5_cc_copy_cache +copys the contents of +.Fa from +to +.Fa to . +.Pp +.Fn krb5_cc_get_name +returns the name of the ccache +.Fa id . +.Pp +.Fn krb5_cc_get_principal +returns the principal of +.Fa id +in +.Fa principal . +Return 0 or an error code. +.Pp +.Fn krb5_cc_get_type +returns the type of the ccache +.Fa id . +.Pp +.Fn krb5_cc_get_ops +returns the ops of the ccache +.Fa id . +.Pp +.Fn krb5_cc_get_version +returns the version of +.Fa id . +.Pp +.Fn krb5_cc_register +Adds a new ccache type with operations +.Fa ops , +overwriting any existing one if +.Fa override . +Return an error code or 0. +.Pp +.Fn krb5_cc_remove_cred +removes the credential identified by +.Fa ( cred , +.Fa which ) +from +.Fa id . +.Pp +.Fn krb5_cc_store_cred +stores +.Fa creds +in the ccache +.Fa id . +Return 0 or an error code. +.Pp +.Fn krb5_cc_set_flags +sets the flags of +.Fa id +to +.Fa flags . +.Pp +.Fn krb5_cc_retrieve_cred , +retrieves the credential identified by +.Fa mcreds +(and +.Fa whichfields ) +from +.Fa id +in +.Fa creds . +Return 0 or an error code. +.Pp +.Fn krb5_cc_next_cred +retrieves the next cred pointed to by +.Fa ( id , +.Fa cursor ) +in +.Fa creds , +and advance +.Fa cursor . +Return 0 or an error code. +.Pp +.Fn krb5_cc_end_seq_get +Destroys the cursor +.Fa cursor . +.Sh SEE ALSO +.Xr krb5 3 , +.Xr krb5.conf 5 , +.Xr kerberos 8 diff --git a/crypto/heimdal/lib/krb5/krb5_config.3 b/crypto/heimdal/lib/krb5/krb5_config.3 index fe5f261..471389e 100644 --- a/crypto/heimdal/lib/krb5/krb5_config.3 +++ b/crypto/heimdal/lib/krb5/krb5_config.3 @@ -1,5 +1,5 @@ .\" Copyright (c) 2000 Kungliga Tekniska Högskolan -.\" $Id: krb5_config.3,v 1.4 2002/08/28 15:30:48 joda Exp $ +.\" $Id: krb5_config.3,v 1.5 2003/04/16 13:58:14 lha Exp $ .Dd July 25, 2000 .Dt KRB5_CONFIG 3 .Os HEIMDAL @@ -12,7 +12,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft krb5_boolean .Fn krb5_config_get_bool_default "krb5_context context" "krb5_config_section *c" "krb5_boolean def_value" "..." .Ft int diff --git a/crypto/heimdal/lib/krb5/krb5_context.3 b/crypto/heimdal/lib/krb5/krb5_context.3 index a90ab72..95d1120 100644 --- a/crypto/heimdal/lib/krb5/krb5_context.3 +++ b/crypto/heimdal/lib/krb5/krb5_context.3 @@ -1,5 +1,36 @@ -.\" Copyright (c) 2001 Kungliga Tekniska Högskolan -.\" $Id: krb5_context.3,v 1.4 2002/09/02 12:42:00 joda Exp $ +.\" Copyright (c) 2001 - 200 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_context.3,v 1.5 2003/03/10 02:19:28 lha Exp $ +.\" .Dd January 21, 2001 .Dt KRB5_CONTEXT 3 .Os HEIMDAL diff --git a/crypto/heimdal/lib/krb5/krb5_create_checksum.3 b/crypto/heimdal/lib/krb5/krb5_create_checksum.3 index 9a8a27b..6704113 100644 --- a/crypto/heimdal/lib/krb5/krb5_create_checksum.3 +++ b/crypto/heimdal/lib/krb5/krb5_create_checksum.3 @@ -1,5 +1,36 @@ .\" Copyright (c) 1999 Kungliga Tekniska Högskolan -.\" $Id: krb5_create_checksum.3,v 1.4 2002/08/28 15:30:49 joda Exp $ +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_create_checksum.3,v 1.6 2003/04/16 13:58:14 lha Exp $ +.\" .Dd April 7, 1999 .Dt NAME 3 .Os HEIMDAL @@ -13,7 +44,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft krb5_error_code .Fn krb5_create_checksum "krb5_context context" "krb5_crypto crypto" "unsigned usage_or_type" "void *data" "size_t len" "Checksum *result" .Ft krb5_error_code diff --git a/crypto/heimdal/lib/krb5/krb5_crypto_init.3 b/crypto/heimdal/lib/krb5/krb5_crypto_init.3 index 98e8c5c..4b0284c 100644 --- a/crypto/heimdal/lib/krb5/krb5_crypto_init.3 +++ b/crypto/heimdal/lib/krb5/krb5_crypto_init.3 @@ -1,5 +1,36 @@ .\" Copyright (c) 1999 Kungliga Tekniska Högskolan -.\" $Id: krb5_crypto_init.3,v 1.4 2002/08/28 15:30:50 joda Exp $ +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_crypto_init.3,v 1.6 2003/04/16 13:58:15 lha Exp $ +.\" .Dd April 7, 1999 .Dt NAME 3 .Os HEIMDAL @@ -10,7 +41,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft krb5_error_code .Fn krb5_crypto_init "krb5_context context" "krb5_keyblock *key" "krb5_enctype enctype" "krb5_crypto *crypto" .Ft krb5_error_code diff --git a/crypto/heimdal/lib/krb5/krb5_data.3 b/crypto/heimdal/lib/krb5/krb5_data.3 new file mode 100644 index 0000000..355d934 --- /dev/null +++ b/crypto/heimdal/lib/krb5/krb5_data.3 @@ -0,0 +1,149 @@ +.\" Copyright (c) 2003 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_data.3,v 1.4 2003/04/16 13:58:13 lha Exp $ +.\" +.Dd March 20, 2003 +.Dt KRB5_DATA 3 +.Os HEIMDAL +.Sh NAME +.Nm krb5_data +.Nm krb5_data_zero +.Nm krb5_data_free +.Nm krb5_free_data_contents +.Nm krb5_free_data +.Nm krb5_data_alloc +.Nm krb5_data_realloc +.Nm krb5_data_copy +.Nm krb5_copy_data +.Nd operates on the Kerberos datatype krb5_data. +.Sh LIBRARY +Kerberos 5 Library (libkrb5, -lkrb5) +.Sh SYNOPSIS +.In krb5.h +.Pp +.Li "struct krb5_data;" +.Ft void +.Fn krb5_data_zero "krb5_data *p" +.Ft void +.Fn krb5_data_free "krb5_data *p" +.Ft void +.Fn krb5_free_data_contents "krb5_context context" "krb5_data *p" +.Ft void +.Fn krb5_free_data "krb5_context context" "krb5_data *p" +.Ft krb5_error_code +.Fn krb5_data_alloc "krb5_data *p" "int len" +.Ft krb5_error_code +.Fn krb5_data_realloc "krb5_data *p" "int len" +.Ft krb5_error_code +.Fn krb5_data_copy "krb5_data *p" "const void *data" "size_t len" +.Ft krb5_error_code +.Fn krb5_copy_data "krb5_context context" "const krb5_data *indata" "krb5_data **outdata" +.Sh DESCRIPTION +The +.Li krb5_data +structure holds a data element. +The structure contains two public accessible elements +.Fa length +(the length of data) +and +.Fa data +(the data itself). +The structure must always be initiated and freed by the functions +documented in this manual. +.Pp +.Fn krb5_data_zero +resets the content of +.Fa p . +.Pp +.Fn krb5_data_free +free the data in +.Fa p . +.Pp +.Fn krb5_free_data_contents +works the same way as +.Fa krb5_data_free . +The diffrence is that krb5_free_data_contents is more portable (exists +in MIT api). +.Pp +.Fn krb5_free_data +frees the data in +.Fa p +and +.Fa p +itself . +.Pp +.Fn krb5_data_alloc +allocates +.Fa len +bytes in +.Fa p +Returns 0 or an error. +.Pp +.Fn krb5_data_realloc +reallocates the length of +.Fa p +to the length in +.Fa len . +Returns 0 or an error. +.Pp +.Fn krb5_data_copy +copies the +.Fa data +that have the length +.Fa len +into +.Fa p . +.Fa p +is not freed so the calling function should make sure the +.Fa p +doesn't contain anything needs to be freed. +Returns 0 or an error. +.Pp +.Fn krb5_copy_data +copies the +.Li krb5_data +in +.Fa indata +to +.Fa outdata . +.Fa outdata +is not freed so the calling function should make sure the +.Fa outdata +doesn't contain anything needs to be freed. +.Fa outdata +should be freed using +.Fn krb5_free_data . +Returns 0 or an error. +.Sh SEE ALSO +.Xr krb5 3 , +.Xr krb5_storage 3 , +.Xr kerberos 8 diff --git a/crypto/heimdal/lib/krb5/krb5_encrypt.3 b/crypto/heimdal/lib/krb5/krb5_encrypt.3 index 9b24588..84140bf 100644 --- a/crypto/heimdal/lib/krb5/krb5_encrypt.3 +++ b/crypto/heimdal/lib/krb5/krb5_encrypt.3 @@ -1,5 +1,36 @@ .\" Copyright (c) 1999 Kungliga Tekniska Högskolan -.\" $Id: krb5_encrypt.3,v 1.5 2002/08/28 15:30:50 joda Exp $ +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_encrypt.3,v 1.7 2003/04/16 13:58:15 lha Exp $ +.\" .Dd April 7, 1999 .Dt KRB5_ENCRYPT 3 .Os HEIMDAL @@ -12,7 +43,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft krb5_error_code .Fn krb5_encrypt "krb5_context context" "krb5_crypto crypto" "unsigned usage" "void *data" "size_t len" "krb5_data *result" .Ft krb5_error_code diff --git a/crypto/heimdal/lib/krb5/krb5_free_addresses.3 b/crypto/heimdal/lib/krb5/krb5_free_addresses.3 index 18e1cda..6ac46d4 100644 --- a/crypto/heimdal/lib/krb5/krb5_free_addresses.3 +++ b/crypto/heimdal/lib/krb5/krb5_free_addresses.3 @@ -1,5 +1,36 @@ .\" Copyright (c) 2001 Kungliga Tekniska Högskolan -.\" $Id: krb5_free_addresses.3,v 1.3 2002/08/28 15:30:51 joda Exp $ +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_free_addresses.3,v 1.5 2003/04/16 13:58:15 lha Exp $ +.\" .Dd November 20, 2001 .Dt KRB5_FREE_ADDRESSES 3 .Os HEIMDAL @@ -9,7 +40,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft void .Fn krb5_free_addresses "krb5_context context" "krb5_addresses *addresses" .Sh DESCRIPTION diff --git a/crypto/heimdal/lib/krb5/krb5_free_principal.3 b/crypto/heimdal/lib/krb5/krb5_free_principal.3 index f9c006c..e9900a7 100644 --- a/crypto/heimdal/lib/krb5/krb5_free_principal.3 +++ b/crypto/heimdal/lib/krb5/krb5_free_principal.3 @@ -1,5 +1,36 @@ +.\" Copyright (c) 1997, 2001 - 2002 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" .\" Copyright (c) 1997 Kungliga Tekniska Högskolan -.\" $Id: krb5_free_principal.3,v 1.5 2002/08/28 15:30:52 joda Exp $ +.\" $Id: krb5_free_principal.3,v 1.7 2003/04/16 13:58:11 lha Exp $ .Dd August 8, 1997 .Dt KRB5_FREE_PRINCIPAL 3 .Os HEIMDAL @@ -9,7 +40,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft void .Fn krb5_free_principal "krb5_context context" "krb5_principal principal" .Sh DESCRIPTION diff --git a/crypto/heimdal/lib/krb5/krb5_get_all_client_addrs.3 b/crypto/heimdal/lib/krb5/krb5_get_all_client_addrs.3 index 1821298..0aef63e3 100644 --- a/crypto/heimdal/lib/krb5/krb5_get_all_client_addrs.3 +++ b/crypto/heimdal/lib/krb5/krb5_get_all_client_addrs.3 @@ -1,4 +1,36 @@ -.\" $Id: krb5_get_all_client_addrs.3,v 1.4 2002/08/28 15:30:52 joda Exp $ +.\" Copyright (c) 2001 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_get_all_client_addrs.3,v 1.6 2003/04/16 13:58:16 lha Exp $ +.\" .Dd July 1, 2001 .Dt KRB5_GET_ADDRS 3 .Sh NAME @@ -8,7 +40,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft "krb5_error_code" .Fn krb5_get_all_client_addrs "krb5_context context" "krb5_addresses *addrs" .Ft "krb5_error_code" diff --git a/crypto/heimdal/lib/krb5/krb5_get_krbhst.3 b/crypto/heimdal/lib/krb5/krb5_get_krbhst.3 index fcdc8e1..76ad20b 100644 --- a/crypto/heimdal/lib/krb5/krb5_get_krbhst.3 +++ b/crypto/heimdal/lib/krb5/krb5_get_krbhst.3 @@ -1,5 +1,36 @@ .\" Copyright (c) 2001 Kungliga Tekniska Högskolan -.\" $Id: krb5_get_krbhst.3,v 1.4 2002/08/28 15:30:53 joda Exp $ +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_get_krbhst.3,v 1.6 2003/04/16 13:58:16 lha Exp $ +.\" .Dd June 17, 2001 .Dt KRB5_GET_KRBHST 3 .Os HEIMDAL @@ -13,7 +44,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft krb5_error_code .Fn krb5_get_krbhst "krb5_context context" "const krb5_realm *realm" "char ***hostlist" .Ft krb5_error_code diff --git a/crypto/heimdal/lib/krb5/krb5_init_context.3 b/crypto/heimdal/lib/krb5/krb5_init_context.3 index 8a1141a..76213fb 100644 --- a/crypto/heimdal/lib/krb5/krb5_init_context.3 +++ b/crypto/heimdal/lib/krb5/krb5_init_context.3 @@ -1,5 +1,36 @@ -.\" Copyright (c) 2001 Kungliga Tekniska Högskolan -.\" $Id: krb5_init_context.3,v 1.6 2002/09/02 12:42:00 joda Exp $ +.\" Copyright (c) 2001 - 2002 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_init_context.3,v 1.9 2003/04/16 13:58:11 lha Exp $ +.\" .Dd January 21, 2001 .Dt KRB5_CONTEXT 3 .Os HEIMDAL @@ -10,7 +41,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft krb5_error_code .Fn krb5_init_context "krb5_context *context" .Ft void diff --git a/crypto/heimdal/lib/krb5/krb5_keytab.3 b/crypto/heimdal/lib/krb5/krb5_keytab.3 index 9c7eacd..164eb49 100644 --- a/crypto/heimdal/lib/krb5/krb5_keytab.3 +++ b/crypto/heimdal/lib/krb5/krb5_keytab.3 @@ -1,5 +1,36 @@ -.\" Copyright (c) 2001 Kungliga Tekniska Högskolan -.\" $Id: krb5_keytab.3,v 1.5 2002/08/28 15:30:54 joda Exp $ +.\" Copyright (c) 2001 - 2003 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_keytab.3,v 1.9 2003/04/16 13:58:16 lha Exp $ +.\" .Dd February 5, 2001 .Dt KRB5_KEYTAB 3 .Os HEIMDAL @@ -17,6 +48,7 @@ .Nm krb5_kt_free_entry , .Nm krb5_kt_get_entry , .Nm krb5_kt_get_name , +.Nm krb5_kt_get_type , .Nm krb5_kt_next_entry , .Nm krb5_kt_read_service_key , .Nm krb5_kt_register , @@ -27,7 +59,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Pp .Ft krb5_error_code .Fo krb5_kt_add_entry @@ -93,6 +125,13 @@ Kerberos 5 Library (libkrb5, -lkrb5) .Fa "size_t namesize" .Fc .Ft krb5_error_code +.Fo krb5_kt_get_type +.Fa "krb5_context context" +.Fa "krb5_keytab keytab" +.Fa "char *prefix" +.Fa "size_t prefixsize" +.Fc +.Ft krb5_error_code .Fo krb5_kt_next_entry .Fa "krb5_context context" .Fa "krb5_keytab id" @@ -138,7 +177,7 @@ The .Li residual part is specific to each keytab-type. .Pp -When a keytab-name is resolved, the type is matched with an interal +When a keytab-name is resolved, the type is matched with an internal list of keytab types. If there is no matching keytab type, the default keytab is used. The current default type is .Nm file . @@ -195,7 +234,7 @@ structure is normally only used when doing a new keytab-type implementation. .Pp .Fn krb5_kt_resolve -is the equvalent of an +is the equivalent of an .Xr open 2 on keytab. Resolve the keytab name in .Fa name @@ -260,6 +299,18 @@ into .Fa namesize . Returns 0 or an error. .Pp +.Fn krb5_kt_get_type +retrieves the type of the keytab +.Fa keytab +and store the prefix/name for type of the keytab into +.Fa prefix , +.Fa prefixsize . +The prefix will have the maximum length of +.Dv KRB5_KT_PREFIX_MAX_LEN +(including terminating +.Dv NUL ) . +Returns 0 or an error. +.Pp .Fn krb5_kt_free_entry frees the contents of .Fa entry . diff --git a/crypto/heimdal/lib/krb5/krb5_krbhst_init.3 b/crypto/heimdal/lib/krb5/krb5_krbhst_init.3 index 6bcf07f..87ea3f9 100644 --- a/crypto/heimdal/lib/krb5/krb5_krbhst_init.3 +++ b/crypto/heimdal/lib/krb5/krb5_krbhst_init.3 @@ -1,5 +1,36 @@ .\" Copyright (c) 2001 Kungliga Tekniska Högskolan -.\" $Id: krb5_krbhst_init.3,v 1.5 2002/08/28 15:30:54 joda Exp $ +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_krbhst_init.3,v 1.7 2003/04/16 13:58:16 lha Exp $ +.\" .Dd June 17, 2001 .Dt KRB5_KRBHST_INIT 3 .Os HEIMDAL @@ -15,7 +46,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft krb5_error_code .Fn krb5_krbhst_init "krb5_context context" "const char *realm" "unsigned int type" "krb5_krbhst_handle *handle" .Ft krb5_error_code diff --git a/crypto/heimdal/lib/krb5/krb5_kuserok.3 b/crypto/heimdal/lib/krb5/krb5_kuserok.3 new file mode 100644 index 0000000..1539202 --- /dev/null +++ b/crypto/heimdal/lib/krb5/krb5_kuserok.3 @@ -0,0 +1,94 @@ +.\" Copyright (c) 2003 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_kuserok.3,v 1.5 2003/04/16 13:58:10 lha Exp $ +.\" +.Dd Oct 17, 2002 +.Dt KRB5_KUSEROK 3 +.Os HEIMDAL +.Sh NAME +.Nm krb5_kuserok +.Nd verifies if a principal can log in as a user +.Sh LIBRARY +Kerberos 5 Library (libkrb5, -lkrb5) +.Sh SYNOPSIS +.In krb5.h +.Ft krb5_boolean +.Fo krb5_kuserok +.Fa "krb5_context context" +.Fa "krb5_principal principal" +.Fa "const char *name" +.Fc +.Sh DESCRIPTION +This function takes a local user +.Fa name +and verifies if +.Fa principal +is allowed to log in as that user. +.Pp +First +.Nm +check if there is a local account name +.Fa username. +If there isn't, +.Nm +returns +.Dv FALSE . +.Pp +Then +.Nm +checks if principal is the same as user@realm in any of the default +realms. If that is the case, +.Nm +returns +.Dv TRUE . +.Pp +After that it reads the file +.Pa .k5login +(if it exists) in the users home directory and checks if +.Fa principal +is in the file. +If it does exists, +.Dv TRUE +is returned. +If neither of the above turns out to be true, +.DV FALSE +is returned. +.Pp +The +.Pa .k5login +should contain one principal per line. +.Sh SEE ALSO +.Xr krb5_get_default_realms 3 , +.Xr krb5_verify_user 3 , +.Xr krb5_verify_user_lrealm 3 , +.Xr krb5_verify_user_opt 3, +.Xr krb5.conf 5 diff --git a/crypto/heimdal/lib/krb5/krb5_openlog.3 b/crypto/heimdal/lib/krb5/krb5_openlog.3 index 8ed94fc..cb1ccc9 100644 --- a/crypto/heimdal/lib/krb5/krb5_openlog.3 +++ b/crypto/heimdal/lib/krb5/krb5_openlog.3 @@ -1,5 +1,35 @@ -.\" Copyright (c) 1997 Kungliga Tekniska Högskolan -.\" $Id: krb5_openlog.3,v 1.7 2002/08/28 15:30:55 joda Exp $ +.\" Copyright (c) 1997, 1999, 2001 - 2002 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_openlog.3,v 1.9 2003/04/16 13:58:12 lha Exp $ .Dd August 6, 1997 .Dt KRB5_OPENLOG 3 .Os HEIMDAL @@ -17,7 +47,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft "typedef void" .Fn "\*(lp*krb5_log_log_func_t\*(rp" "const char *time" "const char *message" "void *data" .Ft "typedef void" diff --git a/crypto/heimdal/lib/krb5/krb5_parse_name.3 b/crypto/heimdal/lib/krb5/krb5_parse_name.3 index 285c4e2..b936c63 100644 --- a/crypto/heimdal/lib/krb5/krb5_parse_name.3 +++ b/crypto/heimdal/lib/krb5/krb5_parse_name.3 @@ -1,5 +1,36 @@ .\" Copyright (c) 1997 Kungliga Tekniska Högskolan -.\" $Id: krb5_parse_name.3,v 1.6 2002/09/02 12:42:00 joda Exp $ +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_parse_name.3,v 1.8 2003/04/16 13:58:17 lha Exp $ +.\" .Dd August 8, 1997 .Dt KRB5_PARSE_NAME 3 .Os HEIMDAL @@ -9,7 +40,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft krb5_error_code .Fn krb5_parse_name "krb5_context context" "const char *name" "krb5_principal *principal" .Sh DESCRIPTION diff --git a/crypto/heimdal/lib/krb5/krb5_principal_get_realm.3 b/crypto/heimdal/lib/krb5/krb5_principal_get_realm.3 index bd02ce6..1ece798 100644 --- a/crypto/heimdal/lib/krb5/krb5_principal_get_realm.3 +++ b/crypto/heimdal/lib/krb5/krb5_principal_get_realm.3 @@ -1,5 +1,36 @@ .\" Copyright (c) 2001 Kungliga Tekniska Högskolan -.\" $Id: krb5_principal_get_realm.3,v 1.4 2002/08/28 15:30:56 joda Exp $ +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_principal_get_realm.3,v 1.6 2003/04/16 13:58:17 lha Exp $ +.\" .Dd June 20, 2001 .Dt KRB5_PRINCIPAL_GET_REALM 3 .Os HEIMDAL @@ -10,7 +41,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft "const char *" .Fn krb5_principal_get_realm "krb5_context context" "krb5_principal principal" .Ft "const char *" diff --git a/crypto/heimdal/lib/krb5/krb5_set_default_realm.3 b/crypto/heimdal/lib/krb5/krb5_set_default_realm.3 new file mode 100644 index 0000000..e4b9a36 --- /dev/null +++ b/crypto/heimdal/lib/krb5/krb5_set_default_realm.3 @@ -0,0 +1,144 @@ +.\" Copyright (c) 2003 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_set_default_realm.3,v 1.2 2003/04/16 13:58:11 lha Exp $ +.\" +.Dd Mar 16, 2003 +.Dt KRB5_SET_DEFAULT_REALM 3 +.Os HEIMDAL +.Sh NAME +.Nm krb5_free_host_realm +.Nm krb5_get_default_realm +.Nm krb5_get_default_realms +.Nm krb5_get_host_realm +.Nm krb5_set_default_realm +.Nd default and host realm read and manipulation routines +.Sh LIBRARY +Kerberos 5 Library (libkrb5, -lkrb5) +.Sh SYNOPSIS +.In krb5.h +.Ft krb5_error_code +.Fo krb5_free_host_realm +.Fa "krb5_context context" +.Fa "krb5_realm *realmlist" +.Fc +.Ft krb5_error_code +.Fo krb5_get_default_realm +.Fa "krb5_context context" +.Fa "krb5_realm *realm" +.Fc +.Ft krb5_error_code +.Fo krb5_get_default_realms +.Fa "krb5_context context" +.Fa "krb5_realm **realm" +.Fc +.Ft krb5_error_code +.Fo krb5_get_host_realm +.Fa "krb5_context context" +.Fa "const char *host" +.Fa "krb5_realm **realms" +.Fc +.Ft krb5_error_code +.Fo krb5_set_default_realm +.Fa "krb5_context context" +.Fa "const char *realm" +.Fc +.Sh DESCRIPTION +.Fn krb5_free_host_realm +frees all memory allocated by +.Fa realmlist . +.Pp +.Fn krb5_get_default_realm +returns the first default realm for this host. +The realm returned should be free with +.Fn free . +.Pp +.Fn krb5_get_default_realms +returns a +.Dv NULL +terminated list of default realms for this context. +Realms returned by +.Fn krb5_get_default_realms +should be free with +.Fn krb5_free_host_realm . +.Pp +.Fn krb5_get_host_realm +returns a +.Dv NULL +terminated list of realms for +.Fa host +by looking up the information in the +.Li [domain_realm] +in +.Pa krb5.conf +or in +.Li DNS . +If the mapping in +.Li [domain_realm] +results in the string +.Li dns_locate , +DNS is used to lookup the realm. +.Pp +When using +.Li DNS +to a resolve the domain for the host a.b.c, +.Fn krb5_get_host_realm +looks for a +.Dv TXT +resource record named +.Li _kerberos.a.b.c , +and if not found, it strips off the first component and tries a again +(_kerberos.b.c) until it reaches the root. +.Pp +If there is no configuration or DNS information found, +.Fn krb5_get_host_realm +assumes it can use the domain part of the +.Fa host +to form a realm. +.Pp +.Fn krb5_set_default_realm +sets the default realm for the +.Fa context . +If +.Dv NULL +is used as a +.Fa realm , +the +.Li [libdefaults]default_realm +stanza in +.Pa krb5.conf +is used. +If there is no such stanza in the configuration file, the +.Fn krb5_get_host_realm +function is used to form a default realm. +.Sh SEE ALSO +.Xr krb5.conf 5 , +.Xr free 3 diff --git a/crypto/heimdal/lib/krb5/krb5_sname_to_principal.3 b/crypto/heimdal/lib/krb5/krb5_sname_to_principal.3 index f5fff5f..5724ce1 100644 --- a/crypto/heimdal/lib/krb5/krb5_sname_to_principal.3 +++ b/crypto/heimdal/lib/krb5/krb5_sname_to_principal.3 @@ -1,5 +1,36 @@ .\" Copyright (c) 1997 Kungliga Tekniska Högskolan -.\" $Id: krb5_sname_to_principal.3,v 1.5 2002/08/28 15:30:56 joda Exp $ +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_sname_to_principal.3,v 1.7 2003/04/16 13:58:17 lha Exp $ +.\" .Dd August 8, 1997 .Dt KRB5_PRINCIPAL 3 .Os HEIMDAL @@ -10,7 +41,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft krb5_error_code .Fn krb5_sname_to_principal "krb5_context context" "const char *hostname" "const char *sname" "int32_t type" "krb5_principal *principal" .Ft krb5_error_code diff --git a/crypto/heimdal/lib/krb5/krb5_timeofday.3 b/crypto/heimdal/lib/krb5/krb5_timeofday.3 index b0e4b52..6d5dbb3 100644 --- a/crypto/heimdal/lib/krb5/krb5_timeofday.3 +++ b/crypto/heimdal/lib/krb5/krb5_timeofday.3 @@ -1,4 +1,36 @@ -.\" $Id: krb5_timeofday.3,v 1.3 2002/08/28 15:30:57 joda Exp $ +.\" Copyright (c) 2001 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_timeofday.3,v 1.5 2003/04/16 13:58:18 lha Exp $ +.\" .Dd July 1, 2001 .Dt KRB5_TIMEOFDAY 3 .Sh NAME @@ -8,7 +40,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft "krb5_error_code" .Fn krb5_timeofday "krb5_context context" "krb5_timestamp *timeret" .Ft "krb5_error_code" diff --git a/crypto/heimdal/lib/krb5/krb5_unparse_name.3 b/crypto/heimdal/lib/krb5/krb5_unparse_name.3 index e58b911..ed96c5d 100644 --- a/crypto/heimdal/lib/krb5/krb5_unparse_name.3 +++ b/crypto/heimdal/lib/krb5/krb5_unparse_name.3 @@ -1,5 +1,36 @@ .\" Copyright (c) 1997 Kungliga Tekniska Högskolan -.\" $Id: krb5_unparse_name.3,v 1.6 2002/09/02 12:42:00 joda Exp $ +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_unparse_name.3,v 1.8 2003/04/16 13:58:18 lha Exp $ +.\" .Dd August 8, 1997 .Dt KRB5_UNPARSE_NAME 3 .Os HEIMDAL @@ -10,7 +41,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft krb5_error_code .Fn krb5_unparse_name "krb5_context context" "krb5_principal principal" "char **name" .\" .Ft krb5_error_code diff --git a/crypto/heimdal/lib/krb5/krb5_verify_user.3 b/crypto/heimdal/lib/krb5/krb5_verify_user.3 index 0e9b108..1357ef1 100644 --- a/crypto/heimdal/lib/krb5/krb5_verify_user.3 +++ b/crypto/heimdal/lib/krb5/krb5_verify_user.3 @@ -1,30 +1,98 @@ -.\" Copyright (c) 2001 Kungliga Tekniska Högskolan -.\" $Id: krb5_verify_user.3,v 1.5 2002/08/28 15:30:58 joda Exp $ -.Dd June 27, 2001 +.\" Copyright (c) 2001 - 2003 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_verify_user.3,v 1.10 2003/04/16 13:58:11 lha Exp $ +.\" +.Dd March 25, 2003 .Dt KRB5_VERIFY_USER 3 .Os HEIMDAL .Sh NAME .Nm krb5_verify_user , -.Nm krb5_verify_user_lrealm -.Nd Heimdal password verifying functions +.Nm krb5_verify_user_lrealm , +.Nm krb5_verify_user_opt , +.Nm krb5_verify_opt_init +.Nm krb5_verify_opt_set_flags , +.Nm krb5_verify_opt_set_service , +.Nm krb5_verify_opt_set_secure , +.Nm krb5_verify_opt_set_keytab +.Nd Heimdal password verifying functions. .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft krb5_error_code .Fn "krb5_verify_user" "krb5_context context" " krb5_principal principal" "krb5_ccache ccache" "const char *password" "krb5_boolean secure" "const char *service" .Ft krb5_error_code .Fn "krb5_verify_user_lrealm" "krb5_context context" "krb5_principal principal" "krb5_ccache ccache" "const char *password" "krb5_boolean secure" "const char *service" +.Ft void +.Fn krb5_verify_opt_init "krb5_verify_opt *opt" +.Ft void +.Fn krb5_verify_opt_set_ccache "krb5_verify_opt *opt" "krb5_ccache ccache" +.Ft void +.Fn krb5_verify_opt_set_keytab "krb5_verify_opt *opt" "krb5_keytab keytab" +.Ft void +.Fn krb5_verify_opt_set_secure "krb5_verify_opt *opt" "krb5_boolean secure" +.Ft void +.Fn krb5_verify_opt_set_service "krb5_verify_opt *opt" "const char *service" +.Ft void +.Fn krb5_verify_opt_set_flags "krb5_verify_opt *opt" "unsigned int flags" +.Ft krb5_error_code +.Fo krb5_verify_user_opt +.Fa "krb5_context context" +.Fa "krb5_principal principal" +.Fa "const char *password" +.Fa "krb5_verify_opt *opt" +.Fc .Sh DESCRIPTION The .Nm krb5_verify_user function verifies the password supplied by a user. -The principal whose -password will be verified is specified in +The principal whose password will be verified is specified in .Fa principal . New tickets will be obtained as a side-effect and stored in .Fa ccache -(if NULL, the default ccache is used). +(if +.Dv NULL , +the default ccache is used). +.Fn krb5_verify_user +will call +.Fn krb5_cc_initialize +on the given +.Fa ccache , +so +.Fa ccache +must only initialized with +.Fn krb5_cc_resolve +or +.Fn krb5_cc_gen_new . If the password is not supplied in .Fa password (and is given as @@ -50,6 +118,68 @@ After a successful return, the principal is set to the authenticated realm. If the call fails, the principal will not be meaningful, and should only be freed with .Xr krb5_free_principal 3 . +.Pp +.Fn krb5_verify_opt_init +resets all opt to default values. +.Pp +None of the krb5_verify_opt_set function makes a copy of the data +structure that they are called with. Its up the caller to free them +after the +.Fn krb5_verify_user_opt +is called. +.Pp +.Fn krb5_verify_opt_set_ccache +sets the +.Fa ccache +that user of +.Fa opt +will use. If not set, the default credential cache will be used. +.Pp +.Fn krb5_verify_opt_set_keytab +sets the +.Fa keytab +that user of +.Fa opt +will use. If not set, the default keytab will be used. +.Pp +.Fn krb5_verify_opt_set_secure +if +.Fa secure +if true, the password verification will require that the ticket will +be verified against the locally stored service key. If not set, +default value is true. +.Pp +.Fn krb5_verify_opt_set_service +sets the +.Fa service +principal that user of +.Fa opt +will use. If not set, the +.Ql host +service will be used. +.Pp +.Fn krb5_verify_opt_set_flags +sets +.Fa flags +that user of +.Fa opt +will use. +If the flag +.Dv KRB5_VERIFY_LREALMS +is used, the +.Fa principal +will be modified like +.Fn krb5_verify_user_lrealm +modifies it. +.Pp +.Fn krb5_verify_user_opt +function verifies the +.Fa password +supplied by a user. +The principal whose password will be verified is specified in +.Fa principal . +Options the to the verification process is pass in in +.Fa opt . .Sh EXAMPLE Here is a example program that verifies a password. it uses the .Ql host/`hostname` @@ -86,6 +216,9 @@ main(int argc, char **argv) .Ed .Sh SEE ALSO .Xr krb5_err 3 , +.Xr krb5_cc_gen_new 3 , +.Xr krb5_cc_resolve 3 , +.Xr krb5_cc_initialize 3 , .Xr krb5_free_principal 3 , .Xr krb5_init_context 3 , .Xr krb5_kt_default 3 , diff --git a/crypto/heimdal/lib/krb5/krb5_warn.3 b/crypto/heimdal/lib/krb5/krb5_warn.3 index 0a1302a..7ed4b31 100644 --- a/crypto/heimdal/lib/krb5/krb5_warn.3 +++ b/crypto/heimdal/lib/krb5/krb5_warn.3 @@ -1,5 +1,5 @@ .\" Copyright (c) 1997 Kungliga Tekniska Högskolan -.\" $Id: krb5_warn.3,v 1.5 2002/08/28 15:30:59 joda Exp $ +.\" $Id: krb5_warn.3,v 1.7 2003/04/16 19:31:49 lha Exp $ .Dd August 8, 1997 .Dt KRB5_WARN 3 .Os HEIMDAL @@ -17,7 +17,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft krb5_error_code .Fn krb5_err "krb5_context context" "int eval" "krb5_error_code code" "const char *format" "..." .Ft krb5_error_code @@ -36,6 +36,8 @@ Kerberos 5 Library (libkrb5, -lkrb5) .Fn krb5_warnx "krb5_context context" "const char *format" "..." .Ft krb5_error_code .Fn krb5_set_warn_dest "krb5_context context" "krb5_log_facility *facility" +.Ft "char *" +.Fn krb5_get_err_text "krb5_context context" "krb5_error_code code" .Sh DESCRIPTION These functions prints a warning message to some destination. .Fa format @@ -59,5 +61,8 @@ Messages logged with the functions have a log level of 1, while the .Dq err functions logs with level 0. +.Pp +.Fn krb5_get_err_text +fetches the human readable strings describing the error-code. .Sh SEE ALSO .Xr krb5_openlog 3 diff --git a/crypto/heimdal/lib/krb5/krbhst.c b/crypto/heimdal/lib/krb5/krbhst.c index 8ffa6df..e0cc9f4 100644 --- a/crypto/heimdal/lib/krb5/krbhst.c +++ b/crypto/heimdal/lib/krb5/krbhst.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include <resolve.h> -RCSID("$Id: krbhst.c,v 1.41 2002/08/16 18:48:19 nectar Exp $"); +RCSID("$Id: krbhst.c,v 1.43.2.1 2003/04/22 15:00:38 lha Exp $"); static int string_to_proto(const char *string) @@ -104,7 +104,9 @@ srv_find_realm(krb5_context context, krb5_krbhst_info ***res, int *count, for(num_srv = 0, rr = r->head; rr; rr = rr->next) if(rr->type == T_SRV) { krb5_krbhst_info *hi; - hi = calloc(1, sizeof(*hi) + strlen(rr->u.srv->target)); + size_t len = strlen(rr->u.srv->target); + + hi = calloc(1, sizeof(*hi) + len); if(hi == NULL) { dns_free_data(r); while(--num_srv >= 0) @@ -122,7 +124,7 @@ srv_find_realm(krb5_context context, krb5_krbhst_info ***res, int *count, else hi->port = rr->u.srv->port; - strcpy(hi->hostname, rr->u.srv->target); + strlcpy(hi->hostname, rr->u.srv->target, len + 1); } *count = num_srv; diff --git a/crypto/heimdal/lib/krb5/kuserok.c b/crypto/heimdal/lib/krb5/kuserok.c index 95123699..a79532e 100644 --- a/crypto/heimdal/lib/krb5/kuserok.c +++ b/crypto/heimdal/lib/krb5/kuserok.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: kuserok.c,v 1.5.12.1 2002/10/21 14:37:55 joda Exp $"); +RCSID("$Id: kuserok.c,v 1.7 2003/03/13 19:53:43 lha Exp $"); /* * Return TRUE iff `principal' is allowed to login as `luser'. @@ -51,6 +51,10 @@ krb5_kuserok (krb5_context context, krb5_error_code ret; krb5_boolean b; + pwd = getpwnam (luser); /* XXX - Should use k_getpwnam? */ + if (pwd == NULL) + return FALSE; + ret = krb5_get_default_realms (context, &realms); if (ret) return FALSE; @@ -78,9 +82,6 @@ krb5_kuserok (krb5_context context, } krb5_free_host_realm (context, realms); - pwd = getpwnam (luser); /* XXX - Should use k_getpwnam? */ - if (pwd == NULL) - return FALSE; snprintf (buf, sizeof(buf), "%s/.k5login", pwd->pw_dir); f = fopen (buf, "r"); if (f == NULL) diff --git a/crypto/heimdal/lib/krb5/mk_rep.c b/crypto/heimdal/lib/krb5/mk_rep.c index b955555..1026df0 100644 --- a/crypto/heimdal/lib/krb5/mk_rep.c +++ b/crypto/heimdal/lib/krb5/mk_rep.c @@ -33,68 +33,67 @@ #include <krb5_locl.h> -RCSID("$Id: mk_rep.c,v 1.20 2002/09/04 16:26:05 joda Exp $"); +RCSID("$Id: mk_rep.c,v 1.21 2002/12/19 13:30:36 joda Exp $"); krb5_error_code krb5_mk_rep(krb5_context context, krb5_auth_context auth_context, krb5_data *outbuf) { - krb5_error_code ret; - AP_REP ap; - EncAPRepPart body; - u_char *buf = NULL; - size_t buf_size; - size_t len; - krb5_crypto crypto; + krb5_error_code ret; + AP_REP ap; + EncAPRepPart body; + u_char *buf = NULL; + size_t buf_size; + size_t len; + krb5_crypto crypto; - ap.pvno = 5; - ap.msg_type = krb_ap_rep; + ap.pvno = 5; + ap.msg_type = krb_ap_rep; - memset (&body, 0, sizeof(body)); + memset (&body, 0, sizeof(body)); - body.ctime = auth_context->authenticator->ctime; - body.cusec = auth_context->authenticator->cusec; - body.subkey = NULL; - if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) { - krb5_generate_seq_number (context, - auth_context->keyblock, - &auth_context->local_seqnumber); - body.seq_number = malloc (sizeof(*body.seq_number)); - if (body.seq_number == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - *(body.seq_number) = auth_context->local_seqnumber; - } else - body.seq_number = NULL; + body.ctime = auth_context->authenticator->ctime; + body.cusec = auth_context->authenticator->cusec; + body.subkey = NULL; + if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) { + krb5_generate_seq_number (context, + auth_context->keyblock, + &auth_context->local_seqnumber); + body.seq_number = malloc (sizeof(*body.seq_number)); + if (body.seq_number == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + *(body.seq_number) = auth_context->local_seqnumber; + } else + body.seq_number = NULL; - ap.enc_part.etype = auth_context->keyblock->keytype; - ap.enc_part.kvno = NULL; + ap.enc_part.etype = auth_context->keyblock->keytype; + ap.enc_part.kvno = NULL; - ASN1_MALLOC_ENCODE(EncAPRepPart, buf, buf_size, &body, &len, ret); - free_EncAPRepPart (&body); - if(ret) - return ret; - ret = krb5_crypto_init(context, auth_context->keyblock, - 0 /* ap.enc_part.etype */, &crypto); - if (ret) { - free (buf); - return ret; - } - ret = krb5_encrypt (context, - crypto, - KRB5_KU_AP_REQ_ENC_PART, - buf + buf_size - len, - len, - &ap.enc_part.cipher); - krb5_crypto_destroy(context, crypto); - if (ret) { - free(buf); - return ret; - } + ASN1_MALLOC_ENCODE(EncAPRepPart, buf, buf_size, &body, &len, ret); + free_EncAPRepPart (&body); + if(ret) + return ret; + ret = krb5_crypto_init(context, auth_context->keyblock, + 0 /* ap.enc_part.etype */, &crypto); + if (ret) { + free (buf); + return ret; + } + ret = krb5_encrypt (context, + crypto, + KRB5_KU_AP_REQ_ENC_PART, + buf + buf_size - len, + len, + &ap.enc_part.cipher); + krb5_crypto_destroy(context, crypto); + free(buf); + if (ret) + return ret; - ASN1_MALLOC_ENCODE(AP_REP, outbuf->data, outbuf->length, &ap, &len, ret); - free_AP_REP (&ap); - return ret; + ASN1_MALLOC_ENCODE(AP_REP, outbuf->data, outbuf->length, &ap, &len, ret); + free_AP_REP (&ap); + return ret; } diff --git a/crypto/heimdal/lib/krb5/name-45-test.c b/crypto/heimdal/lib/krb5/name-45-test.c index 373586e..f1455cd 100644 --- a/crypto/heimdal/lib/krb5/name-45-test.c +++ b/crypto/heimdal/lib/krb5/name-45-test.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002 Kungliga Tekniska Högskolan + * Copyright (c) 2002 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,7 +32,7 @@ #include "krb5_locl.h" -RCSID("$Id: name-45-test.c,v 1.2 2002/08/31 03:33:07 assar Exp $"); +RCSID("$Id: name-45-test.c,v 1.3.2.1 2003/05/06 16:49:14 joda Exp $"); enum { MAX_COMPONENTS = 3 }; @@ -96,7 +96,7 @@ static struct testcase { 0, 0}, {"pop", "mail0", "NADA.KTH.SE", "NADA.KTH.SE", 2, - {"pop", "mail0.nada.kth.se"}, NULL, HEIM_ERR_V4_PRINC_NO_CONV, 0}, + {"pop", "mail0.nada.kth.se"}, "", HEIM_ERR_V4_PRINC_NO_CONV, 0}, {"pop", "mail0", "NADA.KTH.SE", "NADA.KTH.SE", 2, {"pop", "mail0.nada.kth.se"}, "[realms]\n" @@ -110,10 +110,10 @@ static struct testcase { " v4_instance_resolve = true\n", HEIM_ERR_V4_PRINC_NO_CONV, 0}, - {"rcmd", "ratatosk", "NADA.KTH.SE", "NADA.KTH.SE", 2, - {"host", "ratatosk.pdc.kth.se"}, NULL, HEIM_ERR_V4_PRINC_NO_CONV, 0}, - {"rcmd", "ratatosk", "NADA.KTH.SE", "NADA.KTH.SE", 2, - {"host", "ratatosk.pdc.kth.se"}, + {"rcmd", "hokkigai", "NADA.KTH.SE", "NADA.KTH.SE", 2, + {"host", "hokkigai.pdc.kth.se"}, "", HEIM_ERR_V4_PRINC_NO_CONV, 0}, + {"rcmd", "hokkigai", "NADA.KTH.SE", "NADA.KTH.SE", 2, + {"host", "hokkigai.pdc.kth.se"}, "[libdefaults]\n" " v4_instance_resolve = true\n" "[realms]\n" @@ -143,7 +143,7 @@ static struct testcase { "012345678901234567890123456789012345678"}, NULL, 0, 0}, - {NULL, NULL, NULL, NULL, 0, {}, NULL, 0} + {NULL, NULL, NULL, NULL, 0, {NULL}, NULL, 0} }; int @@ -199,10 +199,13 @@ main(int argc, char **argv) } } else { if (t->ret) { + char *s; + krb5_unparse_name(context, princ, &s); krb5_warnx (context, "krb5_425_conv_principal %s.%s@%s " - "passed unexpected", - t->v4_name, t->v4_inst, t->v4_realm); + "passed unexpected: %s", + t->v4_name, t->v4_inst, t->v4_realm, s); + free(s); val = 1; continue; } diff --git a/crypto/heimdal/lib/krb5/principal.c b/crypto/heimdal/lib/krb5/principal.c index 400ce38..fd218a1 100644 --- a/crypto/heimdal/lib/krb5/principal.c +++ b/crypto/heimdal/lib/krb5/principal.c @@ -41,7 +41,7 @@ #include <fnmatch.h> #include "resolve.h" -RCSID("$Id: principal.c,v 1.81.2.1 2002/10/21 16:08:25 joda Exp $"); +RCSID("$Id: principal.c,v 1.82 2002/10/21 15:30:53 joda Exp $"); #define princ_num_comp(P) ((P)->name.name_string.len) #define princ_type(P) ((P)->name.name_type) diff --git a/crypto/heimdal/lib/krb5/prompter_posix.c b/crypto/heimdal/lib/krb5/prompter_posix.c index c6cc715..4aea3a4 100644 --- a/crypto/heimdal/lib/krb5/prompter_posix.c +++ b/crypto/heimdal/lib/krb5/prompter_posix.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: prompter_posix.c,v 1.6.6.1 2002/10/21 14:47:42 joda Exp $"); +RCSID("$Id: prompter_posix.c,v 1.7 2002/09/16 17:32:11 nectar Exp $"); int krb5_prompter_posix (krb5_context context, diff --git a/crypto/heimdal/lib/krb5/store_emem.c b/crypto/heimdal/lib/krb5/store_emem.c index 47ca1c8..526cf32 100644 --- a/crypto/heimdal/lib/krb5/store_emem.c +++ b/crypto/heimdal/lib/krb5/store_emem.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include "store-int.h" -RCSID("$Id: store_emem.c,v 1.12.4.1 2002/10/21 16:08:55 joda Exp $"); +RCSID("$Id: store_emem.c,v 1.13 2002/10/21 15:36:23 joda Exp $"); typedef struct emem_storage{ unsigned char *base; diff --git a/crypto/heimdal/lib/krb5/test_alname.c b/crypto/heimdal/lib/krb5/test_alname.c new file mode 100644 index 0000000..8a6ec6d --- /dev/null +++ b/crypto/heimdal/lib/krb5/test_alname.c @@ -0,0 +1,156 @@ +/* + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of KTH nor the names of its contributors may be + * used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ + +#include "krb5_locl.h" +#include <getarg.h> +#include <err.h> + +RCSID("$Id: test_alname.c,v 1.4 2003/04/17 05:46:45 lha Exp $"); + +static void +test_alname(krb5_context context, krb5_realm realm, + const char *user, const char *inst, + const char *localuser, int ok) +{ + krb5_principal p; + char localname[1024]; + krb5_error_code ret; + char *princ; + + ret = krb5_make_principal(context, &p, realm, user, inst, NULL); + if (ret) + krb5_err(context, 1, ret, "krb5_build_principal"); + + ret = krb5_unparse_name(context, p, &princ); + if (ret) + krb5_err(context, 1, ret, "krb5_unparse_name"); + + ret = krb5_aname_to_localname(context, p, sizeof(localname), localname); + krb5_free_principal(context, p); + free(princ); + if (ret) { + if (!ok) + return; + krb5_err(context, 1, ret, "krb5_aname_to_localname: %s -> %s", + princ, localuser); + } + + if (strcmp(localname, localuser) != 0) { + if (ok) + errx(1, "compared failed %s != %s (should have succeded)", + localname, localuser); + } else { + if (!ok) + errx(1, "compared failed %s == %s (should have failed)", + localname, localuser); + } + +} + +static int version_flag = 0; +static int help_flag = 0; + +static struct getargs args[] = { + {"version", 0, arg_flag, &version_flag, + "print version", NULL }, + {"help", 0, arg_flag, &help_flag, + NULL, NULL } +}; + +static void +usage (int ret) +{ + arg_printusage (args, + sizeof(args)/sizeof(*args), + NULL, + ""); + exit (ret); +} + +int +main(int argc, char **argv) +{ + krb5_context context; + krb5_error_code ret; + krb5_realm realm; + int optind = 0; + char *user; + + setprogname(argv[0]); + + if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind)) + usage(1); + + if (help_flag) + usage (0); + + if(version_flag){ + print_version(NULL); + exit(0); + } + + argc -= optind; + argv += optind; + + if (argc != 1) + errx(1, "first argument should be a local user that in root .k5login"); + + user = argv[0]; + + ret = krb5_init_context(&context); + if (ret) + errx (1, "krb5_init_context failed: %d", ret); + + ret = krb5_get_default_realm(context, &realm); + if (ret) + krb5_err(context, 1, ret, "krb5_get_default_realm"); + + test_alname(context, realm, user, NULL, user, 1); + test_alname(context, realm, user, "root", "root", 1); + + test_alname(context, "FOO.BAR.BAZ.KAKA", user, NULL, user, 0); + test_alname(context, "FOO.BAR.BAZ.KAKA", user, "root", "root", 0); + + test_alname(context, realm, user, NULL, + "not-same-as-user", 0); + test_alname(context, realm, user, "root", + "not-same-as-user", 0); + + test_alname(context, "FOO.BAR.BAZ.KAKA", user, NULL, + "not-same-as-user", 0); + test_alname(context, "FOO.BAR.BAZ.KAKA", user, "root", + "not-same-as-user", 0); + + krb5_free_context(context); + + return 0; +} diff --git a/crypto/heimdal/lib/krb5/test_cc.c b/crypto/heimdal/lib/krb5/test_cc.c new file mode 100644 index 0000000..15181f4 --- /dev/null +++ b/crypto/heimdal/lib/krb5/test_cc.c @@ -0,0 +1,86 @@ +/* + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of KTH nor the names of its contributors may be + * used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ + +#include "krb5_locl.h" +#include <err.h> + +RCSID("$Id: test_cc.c,v 1.1 2003/03/10 00:26:40 lha Exp $"); + +#define TEST_CC_NAME "/tmp/foo" + +int +main(int argc, char **argv) +{ + krb5_context context; + krb5_error_code ret; + char *p1, *p2, *p3; + const char *p; + + setprogname(argv[0]); + + ret = krb5_init_context(&context); + if (ret) + errx (1, "krb5_init_context failed: %d", ret); + + p = krb5_cc_default_name(context); + if (p == NULL) + krb5_errx (context, 1, "krb5_cc_default_name 1 failed"); + p1 = estrdup(p); + + ret = krb5_cc_set_default_name(context, NULL); + if (p == NULL) + krb5_errx (context, 1, "krb5_cc_set_default_name failed"); + + p = krb5_cc_default_name(context); + if (p == NULL) + krb5_errx (context, 1, "krb5_cc_default_name 2 failed"); + p2 = estrdup(p); + + if (strcmp(p1, p2) != 0) + krb5_errx (context, 1, "krb5_cc_default_name no longer same"); + + ret = krb5_cc_set_default_name(context, TEST_CC_NAME); + if (p == NULL) + krb5_errx (context, 1, "krb5_cc_set_default_name 1 failed"); + + p = krb5_cc_default_name(context); + if (p == NULL) + krb5_errx (context, 1, "krb5_cc_default_name 2 failed"); + p3 = estrdup(p); + + if (strcmp(p3, TEST_CC_NAME) != 0) + krb5_errx (context, 1, "krb5_cc_set_default_name 1 failed"); + + krb5_free_context(context); + + return 0; +} diff --git a/crypto/heimdal/lib/krb5/transited.c b/crypto/heimdal/lib/krb5/transited.c index b587c63..c7732cb 100644 --- a/crypto/heimdal/lib/krb5/transited.c +++ b/crypto/heimdal/lib/krb5/transited.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: transited.c,v 1.9 2002/09/09 14:03:03 nectar Exp $"); +RCSID("$Id: transited.c,v 1.10 2003/04/16 16:11:27 lha Exp $"); /* this is an attempt at one of the most horrible `compression' schemes that has ever been invented; it's so amazingly brain-dead @@ -166,28 +166,32 @@ expand_realms(krb5_context context, for(r = realms; r; r = r->next){ if(r->trailing_dot){ char *tmp; + size_t len = strlen(r->realm) + strlen(prev_realm) + 1; + if(prev_realm == NULL) prev_realm = client_realm; - tmp = realloc(r->realm, strlen(r->realm) + strlen(prev_realm) + 1); + tmp = realloc(r->realm, len); if(tmp == NULL){ free_realms(realms); krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } r->realm = tmp; - strcat(r->realm, prev_realm); + strlcat(r->realm, prev_realm, len); }else if(r->leading_slash && !r->leading_space && prev_realm){ /* yet another exception: if you use x500-names, the leading realm doesn't have to be "quoted" with a space */ char *tmp; - tmp = malloc(strlen(r->realm) + strlen(prev_realm) + 1); + size_t len = strlen(r->realm) + strlen(prev_realm) + 1; + + tmp = malloc(len); if(tmp == NULL){ free_realms(realms); krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } - strcpy(tmp, prev_realm); - strcat(tmp, r->realm); + strlcpy(tmp, prev_realm, len); + strlcat(tmp, r->realm, len); free(r->realm); r->realm = tmp; } @@ -368,10 +372,10 @@ krb5_domain_x500_encode(char **realms, int num_realms, krb5_data *encoding) *s = '\0'; for(i = 0; i < num_realms; i++){ if(i && i < num_realms - 1) - strcat(s, ","); + strlcat(s, ",", len + 1); if(realms[i][0] == '/') - strcat(s, " "); - strcat(s, realms[i]); + strlcat(s, " ", len + 1); + strlcat(s, realms[i], len + 1); } encoding->data = s; encoding->length = strlen(s); diff --git a/crypto/heimdal/lib/krb5/verify_krb5_conf.c b/crypto/heimdal/lib/krb5/verify_krb5_conf.c index 55d8a42..6f905bf 100644 --- a/crypto/heimdal/lib/krb5/verify_krb5_conf.c +++ b/crypto/heimdal/lib/krb5/verify_krb5_conf.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -35,7 +35,7 @@ #include <getarg.h> #include <parse_bytes.h> #include <err.h> -RCSID("$Id: verify_krb5_conf.c,v 1.14 2002/08/28 15:27:19 nectar Exp $"); +RCSID("$Id: verify_krb5_conf.c,v 1.17 2003/03/29 09:52:50 lha Exp $"); /* verify krb5.conf */ @@ -119,6 +119,20 @@ check_boolean(krb5_context context, const char *path, char *data) } static int +check_524(krb5_context context, const char *path, char *data) +{ + if(strcasecmp(data, "yes") == 0 || + strcasecmp(data, "no") == 0 || + strcasecmp(data, "2b") == 0 || + strcasecmp(data, "local") == 0) + return 0; + + krb5_warnx(context, "%s: didn't contain a valid option `%s'", + path, data); + return 1; +} + +static int check_host(krb5_context context, const char *path, char *data) { int ret; @@ -168,6 +182,7 @@ struct s2i { #define L(X) { #X, LOG_ ## X } static struct s2i syslogvals[] = { + /* severity */ L(EMERG), L(ALERT), L(CRIT), @@ -176,7 +191,7 @@ static struct s2i syslogvals[] = { L(NOTICE), L(INFO), L(DEBUG), - + /* facility */ L(AUTH), #ifdef LOG_AUTHPRIV L(AUTHPRIV), @@ -263,12 +278,12 @@ check_log(krb5_context context, const char *path, char *data) strlcpy(severity, "ERR", sizeof(severity)); if(*facility == '\0') strlcpy(facility, "AUTH", sizeof(facility)); - if(find_value(severity, syslogvals) == NULL) { + if(find_value(severity, syslogvals) == -1) { krb5_warnx(context, "%s: unknown syslog facility \"%s\"", path, facility); ret++; } - if(find_value(severity, syslogvals) == NULL) { + if(find_value(severity, syslogvals) == -1) { krb5_warnx(context, "%s: unknown syslog severity \"%s\"", path, severity); ret++; @@ -337,6 +352,8 @@ struct entry libdefaults_entries[] = { }; struct entry appdefaults_entries[] = { + { "afslog", krb5_config_string, check_boolean }, + { "afs-use-524", krb5_config_string, check_524 }, { "forwardable", krb5_config_string, check_boolean }, { "proxiable", krb5_config_string, check_boolean }, { "ticket_lifetime", krb5_config_string, check_time }, @@ -481,8 +498,6 @@ check_section(krb5_context context, const char *path, krb5_config_section *cf, } if(e->name == NULL) { krb5_warnx(context, "%s: unknown entry", local); - for(e = entries; e->name != NULL; e++) - krb5_warnx(context, " %s", e->name); error |= 1; } free(local); diff --git a/crypto/heimdal/lib/krb5/warn.c b/crypto/heimdal/lib/krb5/warn.c index ec009b2..72398bf 100644 --- a/crypto/heimdal/lib/krb5/warn.c +++ b/crypto/heimdal/lib/krb5/warn.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include <err.h> -RCSID("$Id: warn.c,v 1.13 2001/05/07 21:04:34 assar Exp $"); +RCSID("$Id: warn.c,v 1.14 2003/04/16 16:13:08 lha Exp $"); static krb5_error_code _warnerr(krb5_context context, int do_errtext, krb5_error_code code, int level, const char *fmt, va_list ap) @@ -52,9 +52,9 @@ _warnerr(krb5_context context, int do_errtext, args[0] = args[1] = NULL; arg = args; if(fmt){ - strcat(xfmt, "%s"); + strlcat(xfmt, "%s", sizeof(xfmt)); if(do_errtext) - strcat(xfmt, ": "); + strlcat(xfmt, ": ", sizeof(xfmt)); vasprintf(&msg, fmt, ap); if(msg == NULL) return ENOMEM; @@ -63,7 +63,7 @@ _warnerr(krb5_context context, int do_errtext, if(context && do_errtext){ const char *err_msg; - strcat(xfmt, "%s"); + strlcat(xfmt, "%s", sizeof(xfmt)); err_str = krb5_get_error_string(context); if (err_str != NULL) { |
