summaryrefslogtreecommitdiffstats
path: root/crypto/heimdal/lib/krb5
diff options
context:
space:
mode:
authorassar <assar@FreeBSD.org>2001-02-13 16:46:19 +0000
committerassar <assar@FreeBSD.org>2001-02-13 16:46:19 +0000
commitebfe6dc471c206300fd82c7c0fd145f683aa52f6 (patch)
treee66aa570ad1d12c43b32a7313b0f8e28971bf8a9 /crypto/heimdal/lib/krb5
parente5f617598c2db0dd51906a38ecea9208123a8b70 (diff)
downloadFreeBSD-src-ebfe6dc471c206300fd82c7c0fd145f683aa52f6.zip
FreeBSD-src-ebfe6dc471c206300fd82c7c0fd145f683aa52f6.tar.gz
import of heimdal 0.3e
Diffstat (limited to 'crypto/heimdal/lib/krb5')
-rw-r--r--crypto/heimdal/lib/krb5/Makefile.am54
-rw-r--r--crypto/heimdal/lib/krb5/Makefile.in716
-rw-r--r--crypto/heimdal/lib/krb5/acl.c189
-rw-r--r--crypto/heimdal/lib/krb5/addr_families.c4
-rw-r--r--crypto/heimdal/lib/krb5/appdefault.c123
-rw-r--r--crypto/heimdal/lib/krb5/auth_context.c114
-rw-r--r--crypto/heimdal/lib/krb5/build_auth.c11
-rw-r--r--crypto/heimdal/lib/krb5/cache.c8
-rw-r--r--crypto/heimdal/lib/krb5/changepw.c93
-rw-r--r--crypto/heimdal/lib/krb5/config_file.c50
-rw-r--r--crypto/heimdal/lib/krb5/constants.c6
-rw-r--r--crypto/heimdal/lib/krb5/context.c49
-rw-r--r--crypto/heimdal/lib/krb5/convert_creds.c28
-rw-r--r--crypto/heimdal/lib/krb5/crc.c6
-rw-r--r--crypto/heimdal/lib/krb5/crypto.c895
-rw-r--r--crypto/heimdal/lib/krb5/eai_to_heim_errno.c69
-rw-r--r--crypto/heimdal/lib/krb5/expand_hostname.c4
-rw-r--r--crypto/heimdal/lib/krb5/fcache.c137
-rw-r--r--crypto/heimdal/lib/krb5/generate_seq_number.c6
-rw-r--r--crypto/heimdal/lib/krb5/get_addrs.c285
-rw-r--r--crypto/heimdal/lib/krb5/get_cred.c60
-rw-r--r--crypto/heimdal/lib/krb5/get_for_creds.c57
-rw-r--r--crypto/heimdal/lib/krb5/get_in_tkt.c46
-rw-r--r--crypto/heimdal/lib/krb5/get_port.c6
-rw-r--r--crypto/heimdal/lib/krb5/heim_err.et20
-rw-r--r--crypto/heimdal/lib/krb5/init_creds.c54
-rw-r--r--crypto/heimdal/lib/krb5/init_creds_pw.c27
-rw-r--r--crypto/heimdal/lib/krb5/kerberos.873
-rw-r--r--crypto/heimdal/lib/krb5/keyblock.c4
-rw-r--r--crypto/heimdal/lib/krb5/keytab_keyfile.c79
-rw-r--r--crypto/heimdal/lib/krb5/keytab_krb4.c8
-rw-r--r--crypto/heimdal/lib/krb5/krb5-private.h3
-rw-r--r--crypto/heimdal/lib/krb5/krb5-protos.h295
-rw-r--r--crypto/heimdal/lib/krb5/krb5.conf.5139
-rw-r--r--crypto/heimdal/lib/krb5/krb5.h107
-rw-r--r--crypto/heimdal/lib/krb5/krb5_425_conv_principal.311
-rw-r--r--crypto/heimdal/lib/krb5/krb5_appdefault.357
-rw-r--r--crypto/heimdal/lib/krb5/krb5_auth_context.3284
-rw-r--r--crypto/heimdal/lib/krb5/krb5_build_principal.312
-rw-r--r--crypto/heimdal/lib/krb5/krb5_config.371
-rw-r--r--crypto/heimdal/lib/krb5/krb5_context.320
-rw-r--r--crypto/heimdal/lib/krb5/krb5_create_checksum.38
-rw-r--r--crypto/heimdal/lib/krb5/krb5_crypto_init.36
-rw-r--r--crypto/heimdal/lib/krb5/krb5_encrypt.38
-rw-r--r--crypto/heimdal/lib/krb5/krb5_err.et26
-rw-r--r--crypto/heimdal/lib/krb5/krb5_free_principal.37
-rw-r--r--crypto/heimdal/lib/krb5/krb5_init_context.338
-rw-r--r--crypto/heimdal/lib/krb5/krb5_locl.h24
-rw-r--r--crypto/heimdal/lib/krb5/krb5_openlog.325
-rw-r--r--crypto/heimdal/lib/krb5/krb5_parse_name.36
-rw-r--r--crypto/heimdal/lib/krb5/krb5_sname_to_principal.38
-rw-r--r--crypto/heimdal/lib/krb5/krb5_unparse_name.38
-rw-r--r--crypto/heimdal/lib/krb5/krb5_warn.314
-rw-r--r--crypto/heimdal/lib/krb5/krbhst.c38
-rw-r--r--crypto/heimdal/lib/krb5/log.c18
-rw-r--r--crypto/heimdal/lib/krb5/mcache.c163
-rw-r--r--crypto/heimdal/lib/krb5/mk_priv.c17
-rw-r--r--crypto/heimdal/lib/krb5/mk_rep.c28
-rw-r--r--crypto/heimdal/lib/krb5/mk_req.c78
-rw-r--r--crypto/heimdal/lib/krb5/mk_req_ext.c25
-rw-r--r--crypto/heimdal/lib/krb5/mk_safe.c20
-rw-r--r--crypto/heimdal/lib/krb5/principal.c93
-rw-r--r--crypto/heimdal/lib/krb5/prog_setup.c10
-rw-r--r--crypto/heimdal/lib/krb5/rd_cred.c142
-rw-r--r--crypto/heimdal/lib/krb5/rd_priv.c26
-rw-r--r--crypto/heimdal/lib/krb5/rd_rep.c6
-rw-r--r--crypto/heimdal/lib/krb5/rd_req.c103
-rw-r--r--crypto/heimdal/lib/krb5/rd_safe.c21
-rw-r--r--crypto/heimdal/lib/krb5/read_message.c42
-rw-r--r--crypto/heimdal/lib/krb5/recvauth.c6
-rw-r--r--crypto/heimdal/lib/krb5/replay.c57
-rw-r--r--crypto/heimdal/lib/krb5/send_to_kdc.c77
-rw-r--r--crypto/heimdal/lib/krb5/sock_principal.c20
-rw-r--r--crypto/heimdal/lib/krb5/store.c53
-rw-r--r--crypto/heimdal/lib/krb5/store_emem.c6
-rw-r--r--crypto/heimdal/lib/krb5/store_fd.c10
-rw-r--r--crypto/heimdal/lib/krb5/store_mem.c6
-rw-r--r--crypto/heimdal/lib/krb5/string-to-key-test.c11
-rw-r--r--crypto/heimdal/lib/krb5/test_get_addrs.c78
-rw-r--r--crypto/heimdal/lib/krb5/time.c15
-rw-r--r--crypto/heimdal/lib/krb5/verify_krb5_conf.833
-rw-r--r--crypto/heimdal/lib/krb5/verify_user.c10
-rw-r--r--crypto/heimdal/lib/krb5/warn.c5
-rw-r--r--crypto/heimdal/lib/krb5/write_message.c40
84 files changed, 4357 insertions, 1358 deletions
diff --git a/crypto/heimdal/lib/krb5/Makefile.am b/crypto/heimdal/lib/krb5/Makefile.am
index df8ac6d..395f29d 100644
--- a/crypto/heimdal/lib/krb5/Makefile.am
+++ b/crypto/heimdal/lib/krb5/Makefile.am
@@ -1,24 +1,22 @@
-# $Id: Makefile.am,v 1.98 2000/02/19 18:53:56 assar Exp $
+# $Id: Makefile.am,v 1.119 2001/01/30 01:50:52 assar Exp $
include $(top_srcdir)/Makefile.am.common
-INCLUDES += $(INCLUDE_krb4)
-
bin_PROGRAMS = verify_krb5_conf
-noinst_PROGRAMS = dump_config
+noinst_PROGRAMS = dump_config test_get_addrs
check_PROGRAMS = n-fold-test string-to-key-test
TESTS = n-fold-test string-to-key-test
-if KRB4
-KRB4LIB = $(LIB_krb4)
-keytab_krb4_c = keytab_krb4.c
-endif
-
LDADD = libkrb5.la \
- $(KRB4LIB) \
- $(top_builddir)/lib/des/libdes.la \
+ $(LIB_des) \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(LIB_roken)
+
+libkrb5_la_LIBADD = \
+ ../com_err/error.lo ../com_err/com_err.lo \
+ $(LIB_des) \
$(top_builddir)/lib/asn1/libasn1.la \
$(LIB_roken)
@@ -27,10 +25,12 @@ lib_LTLIBRARIES = libkrb5.la
ERR_FILES = krb5_err.c heim_err.c
libkrb5_la_SOURCES = \
+ acl.c \
add_et_list.c \
addr_families.c \
address.c \
aname_to_localname.c \
+ appdefault.c \
asn1_glue.c \
auth_context.c \
build_ap_req.c \
@@ -48,6 +48,7 @@ libkrb5_la_SOURCES = \
creds.c \
crypto.c \
data.c \
+ eai_to_heim_errno.c \
expand_hostname.c \
fcache.c \
free.c \
@@ -71,8 +72,8 @@ libkrb5_la_SOURCES = \
keytab.c \
keytab_file.c \
keytab_memory.c \
- $(keytab_krb4_c) \
keytab_keyfile.c \
+ keytab_krb4.c \
krbhst.c \
kuserok.c \
log.c \
@@ -99,6 +100,7 @@ libkrb5_la_SOURCES = \
rd_safe.c \
read_message.c \
recvauth.c \
+ replay.c \
send_to_kdc.c \
sendauth.c \
set_default_realm.c \
@@ -117,9 +119,7 @@ libkrb5_la_SOURCES = \
write_message.c \
$(ERR_FILES)
-EXTRA_libkrb5_la_SOURCES = keytab_krb4.c
-
-libkrb5_la_LDFLAGS = -version-info 9:1:0
+libkrb5_la_LDFLAGS = -version-info 15:0:0
$(libkrb5_la_OBJECTS): $(srcdir)/krb5-protos.h $(srcdir)/krb5-private.h
@@ -129,11 +129,25 @@ $(srcdir)/krb5-protos.h:
$(srcdir)/krb5-private.h:
cd $(srcdir); perl ../../cf/make-proto.pl -p krb5-private.h $(libkrb5_la_SOURCES) || rm -f krb5-private.h
-libkrb5_la_LIBADD = ../com_err/error.lo ../com_err/com_err.lo
-
-man_MANS = krb5.conf.5 krb5_warn.3 krb5_openlog.3 \
- krb5_425_conv_principal.3 krb5_build_principal.3 krb5_free_principal.3 \
- krb5_parse_name.3 krb5_sname_to_principal.3 krb5_unparse_name.3
+#libkrb5_la_LIBADD = ../com_err/error.lo ../com_err/com_err.lo
+
+man_MANS = \
+ kerberos.8 \
+ krb5.conf.5 \
+ krb5_425_conv_principal.3 \
+ krb5_appdefault.3 \
+ krb5_build_principal.3 \
+ krb5_config.3 \
+ krb5_free_principal.3 \
+ krb5_openlog.3 \
+ krb5_parse_name.3 \
+ krb5_sname_to_principal.3 \
+ krb5_unparse_name.3 \
+ krb5_warn.3 \
+ verify_krb5_conf.8 \
+ krb5_auth_context.3 \
+ krb5_context.3 \
+ krb5_init_context.3
include_HEADERS = krb5.h krb5-protos.h krb5-private.h krb5_err.h heim_err.h
diff --git a/crypto/heimdal/lib/krb5/Makefile.in b/crypto/heimdal/lib/krb5/Makefile.in
index dbca9de..be103d2 100644
--- a/crypto/heimdal/lib/krb5/Makefile.in
+++ b/crypto/heimdal/lib/krb5/Makefile.in
@@ -1,6 +1,6 @@
-# Makefile.in generated automatically by automake 1.4 from Makefile.am
+# Makefile.in generated automatically by automake 1.4a from Makefile.am
-# Copyright (C) 1994, 1995-8, 1999 Free Software Foundation, Inc.
+# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
@@ -10,15 +10,6 @@
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
-# $Id: Makefile.am,v 1.98 2000/02/19 18:53:56 assar Exp $
-
-
-# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
-
-
-# $Id: Makefile.am.common,v 1.13 1999/11/01 03:19:58 assar Exp $
-
-
SHELL = @SHELL@
srcdir = @srcdir@
@@ -40,8 +31,6 @@ mandir = @mandir@
includedir = @includedir@
oldincludedir = /usr/include
-DESTDIR =
-
pkgdatadir = $(datadir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
@@ -54,9 +43,10 @@ AUTOMAKE = @AUTOMAKE@
AUTOHEADER = @AUTOHEADER@
INSTALL = @INSTALL@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@ $(AM_INSTALL_PROGRAM_FLAGS)
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_FLAG =
transform = @program_transform_name@
NORMAL_INSTALL = :
@@ -65,26 +55,39 @@ POST_INSTALL = :
NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
+
+@SET_MAKE@
host_alias = @host_alias@
host_triplet = @host@
-AFS_EXTRA_LD = @AFS_EXTRA_LD@
AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
+AMDEP = @AMDEP@
+AMTAR = @AMTAR@
+AS = @AS@
AWK = @AWK@
CANONICAL_HOST = @CANONICAL_HOST@
CATMAN = @CATMAN@
CATMANEXT = @CATMANEXT@
CC = @CC@
+CPP = @CPP@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
DBLIB = @DBLIB@
+DEPDIR = @DEPDIR@
+DIR_des = @DIR_des@
+DIR_roken = @DIR_roken@
+DLLTOOL = @DLLTOOL@
EXEEXT = @EXEEXT@
EXTRA_LIB45 = @EXTRA_LIB45@
GROFF = @GROFF@
+INCLUDES_roken = @INCLUDES_roken@
INCLUDE_ = @INCLUDE_@
-LD = @LD@
LEX = @LEX@
LIBOBJS = @LIBOBJS@
LIBTOOL = @LIBTOOL@
LIB_ = @LIB_@
LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
+LIB_des = @LIB_des@
+LIB_des_appl = @LIB_des_appl@
LIB_kdb = @LIB_kdb@
LIB_otp = @LIB_otp@
LIB_roken = @LIB_roken@
@@ -92,31 +95,43 @@ LIB_security = @LIB_security@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
-MAKE_X_PROGS_BIN_PROGS = @MAKE_X_PROGS_BIN_PROGS@
-MAKE_X_PROGS_BIN_SCRPTS = @MAKE_X_PROGS_BIN_SCRPTS@
-MAKE_X_PROGS_LIBEXEC_PROGS = @MAKE_X_PROGS_LIBEXEC_PROGS@
NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
-NM = @NM@
NROFF = @NROFF@
+OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
PACKAGE = @PACKAGE@
RANLIB = @RANLIB@
+STRIP = @STRIP@
VERSION = @VERSION@
VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
WFLAGS = @WFLAGS@
WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
YACC = @YACC@
+dpagaix_CFLAGS = @dpagaix_CFLAGS@
+dpagaix_LDADD = @dpagaix_LDADD@
+install_sh = @install_sh@
+
+# $Id: Makefile.am,v 1.119 2001/01/30 01:50:52 assar Exp $
+
+
+# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
+
+
+# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
+
AUTOMAKE_OPTIONS = foreign no-dependencies
SUFFIXES = .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x
-INCLUDES = -I$(top_builddir)/include $(INCLUDE_krb4)
+INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken)
AM_CFLAGS = $(WFLAGS)
+CP = cp
+
COMPILE_ET = $(top_builddir)/lib/com_err/compile_et
buildinclude = $(top_builddir)/include
@@ -136,6 +151,7 @@ LIB_getsockopt = @LIB_getsockopt@
LIB_logout = @LIB_logout@
LIB_logwtmp = @LIB_logwtmp@
LIB_odm_initialize = @LIB_odm_initialize@
+LIB_pidfile = @LIB_pidfile@
LIB_readline = @LIB_readline@
LIB_res_search = @LIB_res_search@
LIB_setpcred = @LIB_setpcred@
@@ -144,6 +160,8 @@ LIB_socket = @LIB_socket@
LIB_syslog = @LIB_syslog@
LIB_tgetent = @LIB_tgetent@
+LIBS = @LIBS@
+
HESIODLIB = @HESIODLIB@
HESIODINCLUDE = @HESIODINCLUDE@
INCLUDE_hesiod = @INCLUDE_hesiod@
@@ -152,59 +170,170 @@ LIB_hesiod = @LIB_hesiod@
INCLUDE_krb4 = @INCLUDE_krb4@
LIB_krb4 = @LIB_krb4@
+INCLUDE_openldap = @INCLUDE_openldap@
+LIB_openldap = @LIB_openldap@
+
INCLUDE_readline = @INCLUDE_readline@
LEXLIB = @LEXLIB@
-cat1dir = $(mandir)/cat1
-cat3dir = $(mandir)/cat3
-cat5dir = $(mandir)/cat5
-cat8dir = $(mandir)/cat8
-
-MANRX = \(.*\)\.\([0-9]\)
-CATSUFFIX = @CATSUFFIX@
-
NROFF_MAN = groff -mandoc -Tascii
-@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
+@KRB4_TRUE@LIB_kafs = @KRB4_TRUE@$(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
-@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la $(top_builddir)/lib/asn1/libasn1.la
-@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la
+@KRB5_TRUE@LIB_krb5 = @KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \
+@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
+@KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
CHECK_LOCAL = $(PROGRAMS)
bin_PROGRAMS = verify_krb5_conf
-noinst_PROGRAMS = dump_config
+noinst_PROGRAMS = dump_config test_get_addrs
check_PROGRAMS = n-fold-test string-to-key-test
TESTS = n-fold-test string-to-key-test
-@KRB4_TRUE@KRB4LIB = $(LIB_krb4)
-@KRB4_TRUE@keytab_krb4_c = keytab_krb4.c
+LDADD = libkrb5.la \
+ $(LIB_des) \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(LIB_roken)
+
-LDADD = libkrb5.la $(KRB4LIB) $(top_builddir)/lib/des/libdes.la $(top_builddir)/lib/asn1/libasn1.la $(LIB_roken)
+libkrb5_la_LIBADD = \
+ ../com_err/error.lo ../com_err/com_err.lo \
+ $(LIB_des) \
+ $(top_builddir)/lib/asn1/libasn1.la \
+ $(LIB_roken)
lib_LTLIBRARIES = libkrb5.la
ERR_FILES = krb5_err.c heim_err.c
-libkrb5_la_SOURCES = add_et_list.c addr_families.c address.c aname_to_localname.c asn1_glue.c auth_context.c build_ap_req.c build_auth.c cache.c changepw.c codec.c config_file.c config_file_netinfo.c convert_creds.c constants.c context.c copy_host_realm.c crc.c creds.c crypto.c data.c expand_hostname.c fcache.c free.c free_host_realm.c generate_seq_number.c generate_subkey.c get_addrs.c get_cred.c get_default_principal.c get_default_realm.c get_for_creds.c get_host_realm.c get_in_tkt.c get_in_tkt_pw.c get_in_tkt_with_keytab.c get_in_tkt_with_skey.c get_port.c init_creds.c init_creds_pw.c keyblock.c keytab.c keytab_file.c keytab_memory.c $(keytab_krb4_c) keytab_keyfile.c krbhst.c kuserok.c log.c mcache.c misc.c mk_error.c mk_priv.c mk_rep.c mk_req.c mk_req_ext.c mk_safe.c net_read.c net_write.c n-fold.c padata.c principal.c prog_setup.c prompter_posix.c rd_cred.c rd_error.c rd_priv.c rd_rep.c rd_req.c rd_safe.c read_message.c recvauth.c send_to_kdc.c sendauth.c set_default_realm.c sock_principal.c store.c store_emem.c store_fd.c store_mem.c ticket.c time.c transited.c verify_init.c verify_user.c version.c warn.c write_message.c $(ERR_FILES)
-
-
-EXTRA_libkrb5_la_SOURCES = keytab_krb4.c
-
-libkrb5_la_LDFLAGS = -version-info 9:1:0
-
-libkrb5_la_LIBADD = ../com_err/error.lo ../com_err/com_err.lo
-
-man_MANS = krb5.conf.5 krb5_warn.3 krb5_openlog.3 krb5_425_conv_principal.3 krb5_build_principal.3 krb5_free_principal.3 krb5_parse_name.3 krb5_sname_to_principal.3 krb5_unparse_name.3
+libkrb5_la_SOURCES = \
+ acl.c \
+ add_et_list.c \
+ addr_families.c \
+ address.c \
+ aname_to_localname.c \
+ appdefault.c \
+ asn1_glue.c \
+ auth_context.c \
+ build_ap_req.c \
+ build_auth.c \
+ cache.c \
+ changepw.c \
+ codec.c \
+ config_file.c \
+ config_file_netinfo.c \
+ convert_creds.c \
+ constants.c \
+ context.c \
+ copy_host_realm.c \
+ crc.c \
+ creds.c \
+ crypto.c \
+ data.c \
+ eai_to_heim_errno.c \
+ expand_hostname.c \
+ fcache.c \
+ free.c \
+ free_host_realm.c \
+ generate_seq_number.c \
+ generate_subkey.c \
+ get_addrs.c \
+ get_cred.c \
+ get_default_principal.c \
+ get_default_realm.c \
+ get_for_creds.c \
+ get_host_realm.c \
+ get_in_tkt.c \
+ get_in_tkt_pw.c \
+ get_in_tkt_with_keytab.c \
+ get_in_tkt_with_skey.c \
+ get_port.c \
+ init_creds.c \
+ init_creds_pw.c \
+ keyblock.c \
+ keytab.c \
+ keytab_file.c \
+ keytab_memory.c \
+ keytab_keyfile.c \
+ keytab_krb4.c \
+ krbhst.c \
+ kuserok.c \
+ log.c \
+ mcache.c \
+ misc.c \
+ mk_error.c \
+ mk_priv.c \
+ mk_rep.c \
+ mk_req.c \
+ mk_req_ext.c \
+ mk_safe.c \
+ net_read.c \
+ net_write.c \
+ n-fold.c \
+ padata.c \
+ principal.c \
+ prog_setup.c \
+ prompter_posix.c \
+ rd_cred.c \
+ rd_error.c \
+ rd_priv.c \
+ rd_rep.c \
+ rd_req.c \
+ rd_safe.c \
+ read_message.c \
+ recvauth.c \
+ replay.c \
+ send_to_kdc.c \
+ sendauth.c \
+ set_default_realm.c \
+ sock_principal.c \
+ store.c \
+ store_emem.c \
+ store_fd.c \
+ store_mem.c \
+ ticket.c \
+ time.c \
+ transited.c \
+ verify_init.c \
+ verify_user.c \
+ version.c \
+ warn.c \
+ write_message.c \
+ $(ERR_FILES)
+
+
+libkrb5_la_LDFLAGS = -version-info 15:0:0
+
+#libkrb5_la_LIBADD = ../com_err/error.lo ../com_err/com_err.lo
+
+man_MANS = \
+ kerberos.8 \
+ krb5.conf.5 \
+ krb5_425_conv_principal.3 \
+ krb5_appdefault.3 \
+ krb5_build_principal.3 \
+ krb5_config.3 \
+ krb5_free_principal.3 \
+ krb5_openlog.3 \
+ krb5_parse_name.3 \
+ krb5_sname_to_principal.3 \
+ krb5_unparse_name.3 \
+ krb5_warn.3 \
+ verify_krb5_conf.8 \
+ krb5_auth_context.3 \
+ krb5_context.3 \
+ krb5_init_context.3
include_HEADERS = krb5.h krb5-protos.h krb5-private.h krb5_err.h heim_err.h
CLEANFILES = krb5_err.c krb5_err.h heim_err.c heim_err.h
+subdir = lib/krb5
mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
CONFIG_HEADER = ../../include/config.h
CONFIG_CLEAN_FILES =
@@ -214,128 +343,94 @@ LTLIBRARIES = $(lib_LTLIBRARIES)
DEFS = @DEFS@ -I. -I$(srcdir) -I../../include
CPPFLAGS = @CPPFLAGS@
LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
X_CFLAGS = @X_CFLAGS@
X_LIBS = @X_LIBS@
X_EXTRA_LIBS = @X_EXTRA_LIBS@
X_PRE_LIBS = @X_PRE_LIBS@
-libkrb5_la_DEPENDENCIES = ../com_err/error.lo ../com_err/com_err.lo
-@KRB4_TRUE@libkrb5_la_OBJECTS = add_et_list.lo addr_families.lo \
-@KRB4_TRUE@address.lo aname_to_localname.lo asn1_glue.lo \
-@KRB4_TRUE@auth_context.lo build_ap_req.lo build_auth.lo cache.lo \
-@KRB4_TRUE@changepw.lo codec.lo config_file.lo config_file_netinfo.lo \
-@KRB4_TRUE@convert_creds.lo constants.lo context.lo copy_host_realm.lo \
-@KRB4_TRUE@crc.lo creds.lo crypto.lo data.lo expand_hostname.lo \
-@KRB4_TRUE@fcache.lo free.lo free_host_realm.lo generate_seq_number.lo \
-@KRB4_TRUE@generate_subkey.lo get_addrs.lo get_cred.lo \
-@KRB4_TRUE@get_default_principal.lo get_default_realm.lo \
-@KRB4_TRUE@get_for_creds.lo get_host_realm.lo get_in_tkt.lo \
-@KRB4_TRUE@get_in_tkt_pw.lo get_in_tkt_with_keytab.lo \
-@KRB4_TRUE@get_in_tkt_with_skey.lo get_port.lo init_creds.lo \
-@KRB4_TRUE@init_creds_pw.lo keyblock.lo keytab.lo keytab_file.lo \
-@KRB4_TRUE@keytab_memory.lo keytab_krb4.lo keytab_keyfile.lo krbhst.lo \
-@KRB4_TRUE@kuserok.lo log.lo mcache.lo misc.lo mk_error.lo mk_priv.lo \
-@KRB4_TRUE@mk_rep.lo mk_req.lo mk_req_ext.lo mk_safe.lo net_read.lo \
-@KRB4_TRUE@net_write.lo n-fold.lo padata.lo principal.lo prog_setup.lo \
-@KRB4_TRUE@prompter_posix.lo rd_cred.lo rd_error.lo rd_priv.lo \
-@KRB4_TRUE@rd_rep.lo rd_req.lo rd_safe.lo read_message.lo recvauth.lo \
-@KRB4_TRUE@send_to_kdc.lo sendauth.lo set_default_realm.lo \
-@KRB4_TRUE@sock_principal.lo store.lo store_emem.lo store_fd.lo \
-@KRB4_TRUE@store_mem.lo ticket.lo time.lo transited.lo verify_init.lo \
-@KRB4_TRUE@verify_user.lo version.lo warn.lo write_message.lo \
-@KRB4_TRUE@krb5_err.lo heim_err.lo
-@KRB4_FALSE@libkrb5_la_OBJECTS = add_et_list.lo addr_families.lo \
-@KRB4_FALSE@address.lo aname_to_localname.lo asn1_glue.lo \
-@KRB4_FALSE@auth_context.lo build_ap_req.lo build_auth.lo cache.lo \
-@KRB4_FALSE@changepw.lo codec.lo config_file.lo config_file_netinfo.lo \
-@KRB4_FALSE@convert_creds.lo constants.lo context.lo copy_host_realm.lo \
-@KRB4_FALSE@crc.lo creds.lo crypto.lo data.lo expand_hostname.lo \
-@KRB4_FALSE@fcache.lo free.lo free_host_realm.lo generate_seq_number.lo \
-@KRB4_FALSE@generate_subkey.lo get_addrs.lo get_cred.lo \
-@KRB4_FALSE@get_default_principal.lo get_default_realm.lo \
-@KRB4_FALSE@get_for_creds.lo get_host_realm.lo get_in_tkt.lo \
-@KRB4_FALSE@get_in_tkt_pw.lo get_in_tkt_with_keytab.lo \
-@KRB4_FALSE@get_in_tkt_with_skey.lo get_port.lo init_creds.lo \
-@KRB4_FALSE@init_creds_pw.lo keyblock.lo keytab.lo keytab_file.lo \
-@KRB4_FALSE@keytab_memory.lo keytab_keyfile.lo krbhst.lo kuserok.lo \
-@KRB4_FALSE@log.lo mcache.lo misc.lo mk_error.lo mk_priv.lo mk_rep.lo \
-@KRB4_FALSE@mk_req.lo mk_req_ext.lo mk_safe.lo net_read.lo net_write.lo \
-@KRB4_FALSE@n-fold.lo padata.lo principal.lo prog_setup.lo \
-@KRB4_FALSE@prompter_posix.lo rd_cred.lo rd_error.lo rd_priv.lo \
-@KRB4_FALSE@rd_rep.lo rd_req.lo rd_safe.lo read_message.lo recvauth.lo \
-@KRB4_FALSE@send_to_kdc.lo sendauth.lo set_default_realm.lo \
-@KRB4_FALSE@sock_principal.lo store.lo store_emem.lo store_fd.lo \
-@KRB4_FALSE@store_mem.lo ticket.lo time.lo transited.lo verify_init.lo \
-@KRB4_FALSE@verify_user.lo version.lo warn.lo write_message.lo \
-@KRB4_FALSE@krb5_err.lo heim_err.lo
+libkrb5_la_DEPENDENCIES = ../com_err/error.lo ../com_err/com_err.lo \
+$(top_builddir)/lib/asn1/libasn1.la
+am_libkrb5_la_OBJECTS = acl.lo add_et_list.lo addr_families.lo \
+address.lo aname_to_localname.lo appdefault.lo asn1_glue.lo \
+auth_context.lo build_ap_req.lo build_auth.lo cache.lo changepw.lo \
+codec.lo config_file.lo config_file_netinfo.lo convert_creds.lo \
+constants.lo context.lo copy_host_realm.lo crc.lo creds.lo crypto.lo \
+data.lo eai_to_heim_errno.lo expand_hostname.lo fcache.lo free.lo \
+free_host_realm.lo generate_seq_number.lo generate_subkey.lo \
+get_addrs.lo get_cred.lo get_default_principal.lo get_default_realm.lo \
+get_for_creds.lo get_host_realm.lo get_in_tkt.lo get_in_tkt_pw.lo \
+get_in_tkt_with_keytab.lo get_in_tkt_with_skey.lo get_port.lo \
+init_creds.lo init_creds_pw.lo keyblock.lo keytab.lo keytab_file.lo \
+keytab_memory.lo keytab_keyfile.lo keytab_krb4.lo krbhst.lo kuserok.lo \
+log.lo mcache.lo misc.lo mk_error.lo mk_priv.lo mk_rep.lo mk_req.lo \
+mk_req_ext.lo mk_safe.lo net_read.lo net_write.lo n-fold.lo padata.lo \
+principal.lo prog_setup.lo prompter_posix.lo rd_cred.lo rd_error.lo \
+rd_priv.lo rd_rep.lo rd_req.lo rd_safe.lo read_message.lo recvauth.lo \
+replay.lo send_to_kdc.lo sendauth.lo set_default_realm.lo \
+sock_principal.lo store.lo store_emem.lo store_fd.lo store_mem.lo \
+ticket.lo time.lo transited.lo verify_init.lo verify_user.lo version.lo \
+warn.lo write_message.lo krb5_err.lo heim_err.lo
+libkrb5_la_OBJECTS = $(am_libkrb5_la_OBJECTS)
bin_PROGRAMS = verify_krb5_conf$(EXEEXT)
check_PROGRAMS = n-fold-test$(EXEEXT) string-to-key-test$(EXEEXT)
-noinst_PROGRAMS = dump_config$(EXEEXT)
+noinst_PROGRAMS = dump_config$(EXEEXT) test_get_addrs$(EXEEXT)
PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS)
-verify_krb5_conf_SOURCES = verify_krb5_conf.c
-verify_krb5_conf_OBJECTS = verify_krb5_conf.$(OBJEXT)
-verify_krb5_conf_LDADD = $(LDADD)
-@KRB4_TRUE@verify_krb5_conf_DEPENDENCIES = libkrb5.la \
-@KRB4_TRUE@$(top_builddir)/lib/des/libdes.la \
-@KRB4_TRUE@$(top_builddir)/lib/asn1/libasn1.la
-@KRB4_FALSE@verify_krb5_conf_DEPENDENCIES = libkrb5.la \
-@KRB4_FALSE@$(top_builddir)/lib/des/libdes.la \
-@KRB4_FALSE@$(top_builddir)/lib/asn1/libasn1.la
-verify_krb5_conf_LDFLAGS =
+dump_config_SOURCES = dump_config.c
+dump_config_OBJECTS = dump_config.$(OBJEXT)
+dump_config_LDADD = $(LDADD)
+dump_config_DEPENDENCIES = libkrb5.la \
+$(top_builddir)/lib/asn1/libasn1.la
+dump_config_LDFLAGS =
n_fold_test_SOURCES = n-fold-test.c
n_fold_test_OBJECTS = n-fold-test.$(OBJEXT)
n_fold_test_LDADD = $(LDADD)
-@KRB4_TRUE@n_fold_test_DEPENDENCIES = libkrb5.la \
-@KRB4_TRUE@$(top_builddir)/lib/des/libdes.la \
-@KRB4_TRUE@$(top_builddir)/lib/asn1/libasn1.la
-@KRB4_FALSE@n_fold_test_DEPENDENCIES = libkrb5.la \
-@KRB4_FALSE@$(top_builddir)/lib/des/libdes.la \
-@KRB4_FALSE@$(top_builddir)/lib/asn1/libasn1.la
+n_fold_test_DEPENDENCIES = libkrb5.la \
+$(top_builddir)/lib/asn1/libasn1.la
n_fold_test_LDFLAGS =
string_to_key_test_SOURCES = string-to-key-test.c
string_to_key_test_OBJECTS = string-to-key-test.$(OBJEXT)
string_to_key_test_LDADD = $(LDADD)
-@KRB4_TRUE@string_to_key_test_DEPENDENCIES = libkrb5.la \
-@KRB4_TRUE@$(top_builddir)/lib/des/libdes.la \
-@KRB4_TRUE@$(top_builddir)/lib/asn1/libasn1.la
-@KRB4_FALSE@string_to_key_test_DEPENDENCIES = libkrb5.la \
-@KRB4_FALSE@$(top_builddir)/lib/des/libdes.la \
-@KRB4_FALSE@$(top_builddir)/lib/asn1/libasn1.la
+string_to_key_test_DEPENDENCIES = libkrb5.la \
+$(top_builddir)/lib/asn1/libasn1.la
string_to_key_test_LDFLAGS =
-dump_config_SOURCES = dump_config.c
-dump_config_OBJECTS = dump_config.$(OBJEXT)
-dump_config_LDADD = $(LDADD)
-@KRB4_TRUE@dump_config_DEPENDENCIES = libkrb5.la \
-@KRB4_TRUE@$(top_builddir)/lib/des/libdes.la \
-@KRB4_TRUE@$(top_builddir)/lib/asn1/libasn1.la
-@KRB4_FALSE@dump_config_DEPENDENCIES = libkrb5.la \
-@KRB4_FALSE@$(top_builddir)/lib/des/libdes.la \
-@KRB4_FALSE@$(top_builddir)/lib/asn1/libasn1.la
-dump_config_LDFLAGS =
-CFLAGS = @CFLAGS@
+test_get_addrs_SOURCES = test_get_addrs.c
+test_get_addrs_OBJECTS = test_get_addrs.$(OBJEXT)
+test_get_addrs_LDADD = $(LDADD)
+test_get_addrs_DEPENDENCIES = libkrb5.la \
+$(top_builddir)/lib/asn1/libasn1.la
+test_get_addrs_LDFLAGS =
+verify_krb5_conf_SOURCES = verify_krb5_conf.c
+verify_krb5_conf_OBJECTS = verify_krb5_conf.$(OBJEXT)
+verify_krb5_conf_LDADD = $(LDADD)
+verify_krb5_conf_DEPENDENCIES = libkrb5.la \
+$(top_builddir)/lib/asn1/libasn1.la
+verify_krb5_conf_LDFLAGS =
COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CFLAGS = @CFLAGS@
CCLD = $(CC)
-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(LDFLAGS) -o $@
+LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+DIST_SOURCES = $(libkrb5_la_SOURCES) dump_config.c n-fold-test.c \
+string-to-key-test.c test_get_addrs.c verify_krb5_conf.c
man3dir = $(mandir)/man3
man5dir = $(mandir)/man5
+man8dir = $(mandir)/man8
MANS = $(man_MANS)
HEADERS = $(include_HEADERS)
-DIST_COMMON = Makefile.am Makefile.in
+depcomp =
+DIST_COMMON = $(include_HEADERS) Makefile.am Makefile.in
-DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-TAR = tar
GZIP_ENV = --best
-SOURCES = $(libkrb5_la_SOURCES) $(EXTRA_libkrb5_la_SOURCES) verify_krb5_conf.c n-fold-test.c string-to-key-test.c dump_config.c
-OBJECTS = $(libkrb5_la_OBJECTS) verify_krb5_conf.$(OBJEXT) n-fold-test.$(OBJEXT) string-to-key-test.$(OBJEXT) dump_config.$(OBJEXT)
+SOURCES = $(libkrb5_la_SOURCES) dump_config.c n-fold-test.c string-to-key-test.c test_get_addrs.c verify_krb5_conf.c
+OBJECTS = $(am_libkrb5_la_OBJECTS) dump_config.$(OBJEXT) n-fold-test.$(OBJEXT) string-to-key-test.$(OBJEXT) test_get_addrs.$(OBJEXT) verify_krb5_conf.$(OBJEXT)
all: all-redirect
.SUFFIXES:
-.SUFFIXES: .1 .3 .5 .8 .S .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .s .x
+.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
cd $(top_srcdir) && $(AUTOMAKE) --foreign lib/krb5/Makefile
@@ -358,31 +453,18 @@ install-libLTLIBRARIES: $(lib_LTLIBRARIES)
$(mkinstalldirs) $(DESTDIR)$(libdir)
@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
if test -f $$p; then \
- echo "$(LIBTOOL) --mode=install $(INSTALL) $$p $(DESTDIR)$(libdir)/$$p"; \
- $(LIBTOOL) --mode=install $(INSTALL) $$p $(DESTDIR)$(libdir)/$$p; \
+ echo " $(LIBTOOL) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$p"; \
+ $(LIBTOOL) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$p; \
else :; fi; \
done
uninstall-libLTLIBRARIES:
@$(NORMAL_UNINSTALL)
- list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ echo " $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p"; \
$(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p; \
done
-.c.o:
- $(COMPILE) -c $<
-
-# FIXME: We should only use cygpath when building on Windows,
-# and only if it is available.
-.c.obj:
- $(COMPILE) -c `cygpath -w $<`
-
-.s.o:
- $(COMPILE) -c $<
-
-.S.o:
- $(COMPILE) -c $<
-
mostlyclean-compile:
-rm -f *.o core *.core
-rm -f *.$(OBJEXT)
@@ -394,15 +476,6 @@ distclean-compile:
maintainer-clean-compile:
-.c.lo:
- $(LIBTOOL) --mode=compile $(COMPILE) -c $<
-
-.s.lo:
- $(LIBTOOL) --mode=compile $(COMPILE) -c $<
-
-.S.lo:
- $(LIBTOOL) --mode=compile $(COMPILE) -c $<
-
mostlyclean-libtool:
-rm -f *.lo
@@ -430,15 +503,18 @@ install-binPROGRAMS: $(bin_PROGRAMS)
$(mkinstalldirs) $(DESTDIR)$(bindir)
@list='$(bin_PROGRAMS)'; for p in $$list; do \
if test -f $$p; then \
- echo " $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $$p $(DESTDIR)$(bindir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`"; \
- $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $$p $(DESTDIR)$(bindir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`; \
+ f="`echo $$p|sed -e 's/$(EXEEXT)$$//' -e '$(transform)' -e 's/$$/$(EXEEXT)/'`"; \
+ echo " $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(bindir)/$$f"; \
+ $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(bindir)/$$f; \
else :; fi; \
done
uninstall-binPROGRAMS:
@$(NORMAL_UNINSTALL)
- list='$(bin_PROGRAMS)'; for p in $$list; do \
- rm -f $(DESTDIR)$(bindir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`; \
+ @list='$(bin_PROGRAMS)'; for p in $$list; do \
+ f="`echo $$p|sed -e 's/$(EXEEXT)$$//' -e '$(transform)' -e 's/$$/$(EXEEXT)/'`"; \
+ echo " rm -f $(DESTDIR)$(bindir)/$$f"; \
+ rm -f $(DESTDIR)$(bindir)/$$f; \
done
mostlyclean-checkPROGRAMS:
@@ -459,9 +535,9 @@ distclean-noinstPROGRAMS:
maintainer-clean-noinstPROGRAMS:
-verify_krb5_conf$(EXEEXT): $(verify_krb5_conf_OBJECTS) $(verify_krb5_conf_DEPENDENCIES)
- @rm -f verify_krb5_conf$(EXEEXT)
- $(LINK) $(verify_krb5_conf_LDFLAGS) $(verify_krb5_conf_OBJECTS) $(verify_krb5_conf_LDADD) $(LIBS)
+dump_config$(EXEEXT): $(dump_config_OBJECTS) $(dump_config_DEPENDENCIES)
+ @rm -f dump_config$(EXEEXT)
+ $(LINK) $(dump_config_LDFLAGS) $(dump_config_OBJECTS) $(dump_config_LDADD) $(LIBS)
n-fold-test$(EXEEXT): $(n_fold_test_OBJECTS) $(n_fold_test_DEPENDENCIES)
@rm -f n-fold-test$(EXEEXT)
@@ -471,9 +547,19 @@ string-to-key-test$(EXEEXT): $(string_to_key_test_OBJECTS) $(string_to_key_test_
@rm -f string-to-key-test$(EXEEXT)
$(LINK) $(string_to_key_test_LDFLAGS) $(string_to_key_test_OBJECTS) $(string_to_key_test_LDADD) $(LIBS)
-dump_config$(EXEEXT): $(dump_config_OBJECTS) $(dump_config_DEPENDENCIES)
- @rm -f dump_config$(EXEEXT)
- $(LINK) $(dump_config_LDFLAGS) $(dump_config_OBJECTS) $(dump_config_LDADD) $(LIBS)
+test_get_addrs$(EXEEXT): $(test_get_addrs_OBJECTS) $(test_get_addrs_DEPENDENCIES)
+ @rm -f test_get_addrs$(EXEEXT)
+ $(LINK) $(test_get_addrs_LDFLAGS) $(test_get_addrs_OBJECTS) $(test_get_addrs_LDADD) $(LIBS)
+
+verify_krb5_conf$(EXEEXT): $(verify_krb5_conf_OBJECTS) $(verify_krb5_conf_DEPENDENCIES)
+ @rm -f verify_krb5_conf$(EXEEXT)
+ $(LINK) $(verify_krb5_conf_LDFLAGS) $(verify_krb5_conf_OBJECTS) $(verify_krb5_conf_LDADD) $(LIBS)
+.c.o:
+ $(COMPILE) -c $<
+.c.obj:
+ $(COMPILE) -c `cygpath -w $<`
+.c.lo:
+ $(LTCOMPILE) -c -o $@ $<
install-man3:
$(mkinstalldirs) $(DESTDIR)$(man3dir)
@@ -488,6 +574,7 @@ install-man3:
else file=$$i; fi; \
ext=`echo $$i | sed -e 's/^.*\\.//'`; \
inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
inst=`echo $$inst | sed '$(transform)'`.$$ext; \
echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man3dir)/$$inst"; \
$(INSTALL_DATA) $$file $(DESTDIR)$(man3dir)/$$inst; \
@@ -503,6 +590,7 @@ uninstall-man3:
for i in $$list; do \
ext=`echo $$i | sed -e 's/^.*\\.//'`; \
inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
inst=`echo $$inst | sed '$(transform)'`.$$ext; \
echo " rm -f $(DESTDIR)$(man3dir)/$$inst"; \
rm -f $(DESTDIR)$(man3dir)/$$inst; \
@@ -521,6 +609,7 @@ install-man5:
else file=$$i; fi; \
ext=`echo $$i | sed -e 's/^.*\\.//'`; \
inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
inst=`echo $$inst | sed '$(transform)'`.$$ext; \
echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man5dir)/$$inst"; \
$(INSTALL_DATA) $$file $(DESTDIR)$(man5dir)/$$inst; \
@@ -536,51 +625,94 @@ uninstall-man5:
for i in $$list; do \
ext=`echo $$i | sed -e 's/^.*\\.//'`; \
inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
inst=`echo $$inst | sed '$(transform)'`.$$ext; \
echo " rm -f $(DESTDIR)$(man5dir)/$$inst"; \
rm -f $(DESTDIR)$(man5dir)/$$inst; \
done
+
+install-man8:
+ $(mkinstalldirs) $(DESTDIR)$(man8dir)
+ @list='$(man8_MANS)'; \
+ l2='$(man_MANS)'; for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+ else file=$$i; fi; \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst"; \
+ $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst; \
+ done
+
+uninstall-man8:
+ @list='$(man8_MANS)'; \
+ l2='$(man_MANS)'; for i in $$l2; do \
+ case "$$i" in \
+ *.8*) list="$$list $$i" ;; \
+ esac; \
+ done; \
+ for i in $$list; do \
+ ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+ inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+ inst=`echo $$inst | sed -e 's/^.*\///'`; \
+ inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+ echo " rm -f $(DESTDIR)$(man8dir)/$$inst"; \
+ rm -f $(DESTDIR)$(man8dir)/$$inst; \
+ done
install-man: $(MANS)
@$(NORMAL_INSTALL)
- $(MAKE) $(AM_MAKEFLAGS) install-man3 install-man5
+ $(MAKE) $(AM_MAKEFLAGS) install-man3 install-man5 install-man8
uninstall-man:
@$(NORMAL_UNINSTALL)
- $(MAKE) $(AM_MAKEFLAGS) uninstall-man3 uninstall-man5
+ $(MAKE) $(AM_MAKEFLAGS) uninstall-man3 uninstall-man5 uninstall-man8
install-includeHEADERS: $(include_HEADERS)
@$(NORMAL_INSTALL)
$(mkinstalldirs) $(DESTDIR)$(includedir)
@list='$(include_HEADERS)'; for p in $$list; do \
if test -f "$$p"; then d= ; else d="$(srcdir)/"; fi; \
- echo " $(INSTALL_DATA) $$d$$p $(DESTDIR)$(includedir)/$$p"; \
- $(INSTALL_DATA) $$d$$p $(DESTDIR)$(includedir)/$$p; \
+ f="`echo $$p | sed -e 's|^.*/||'`"; \
+ echo " $(INSTALL_DATA) $$d$$p $(DESTDIR)$(includedir)/$$f"; \
+ $(INSTALL_DATA) $$d$$p $(DESTDIR)$(includedir)/$$f; \
done
uninstall-includeHEADERS:
@$(NORMAL_UNINSTALL)
- list='$(include_HEADERS)'; for p in $$list; do \
- rm -f $(DESTDIR)$(includedir)/$$p; \
+ @list='$(include_HEADERS)'; for p in $$list; do \
+ f="`echo $$p | sed -e 's|^.*/||'`"; \
+ echo " rm -f $(DESTDIR)$(includedir)/$$f"; \
+ rm -f $(DESTDIR)$(includedir)/$$f; \
done
tags: TAGS
-ID: $(HEADERS) $(SOURCES) $(LISP)
- list='$(SOURCES) $(HEADERS)'; \
- unique=`for i in $$list; do echo $$i; done | \
- awk ' { files[$$0] = 1; } \
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
END { for (i in files) print i; }'`; \
- here=`pwd` && cd $(srcdir) \
- && mkid -f$$here/ID $$unique $(LISP)
+ mkid -fID $$unique $(LISP)
-TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) $(LISP)
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
tags=; \
here=`pwd`; \
- list='$(SOURCES) $(HEADERS)'; \
- unique=`for i in $$list; do echo $$i; done | \
- awk ' { files[$$0] = 1; } \
+ list='$(SOURCES) $(HEADERS) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) ' { files[$$0] = 1; } \
END { for (i in files) print i; }'`; \
test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
- || (cd $(srcdir) && etags $(ETAGS_ARGS) $$tags $$unique $(LISP) -o $$here/TAGS)
+ || etags $(ETAGS_ARGS) $$tags $$unique $(LISP)
mostlyclean-tags:
@@ -590,48 +722,76 @@ distclean-tags:
-rm -f TAGS ID
maintainer-clean-tags:
+check-TESTS: $(TESTS)
+ @failed=0; all=0; xfail=0; xpass=0; \
+ srcdir=$(srcdir); export srcdir; \
+ list='$(TESTS)'; \
+ if test -n "$$list"; then \
+ for tst in $$list; do \
+ if test -f ./$$tst; then dir=./; \
+ elif test -f $$tst; then dir=; \
+ else dir="$(srcdir)/"; fi; \
+ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *" $$tst "*) \
+ xpass=`expr $$xpass + 1`; \
+ failed=`expr $$failed + 1`; \
+ echo "XPASS: $$tst"; \
+ ;; \
+ *) \
+ echo "PASS: $$tst"; \
+ ;; \
+ esac; \
+ elif test $$? -ne 77; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *" $$tst "*) \
+ xfail=`expr $$xfail + 1`; \
+ echo "XFAIL: $$tst"; \
+ ;; \
+ *) \
+ failed=`expr $$failed + 1`; \
+ echo "FAIL: $$tst"; \
+ ;; \
+ esac; \
+ fi; \
+ done; \
+ if test "$$failed" -eq 0; then \
+ if test "$$xfail" -eq 0; then \
+ banner="All $$all tests passed"; \
+ else \
+ banner="All $$all tests behaved as expected ($$xfail expected failures)"; \
+ fi; \
+ else \
+ if test "$$xpass" -eq 0; then \
+ banner="$$failed of $$all tests failed"; \
+ else \
+ banner="$$failed of $$all tests did not behave as expected ($$xpass unexpected passes)"; \
+ fi; \
+ fi; \
+ dashes=`echo "$$banner" | sed s/./=/g`; \
+ echo "$$dashes"; \
+ echo "$$banner"; \
+ echo "$$dashes"; \
+ test "$$failed" -eq 0; \
+ fi
distdir = $(top_builddir)/$(PACKAGE)-$(VERSION)/$(subdir)
-subdir = lib/krb5
-
distdir: $(DISTFILES)
@for file in $(DISTFILES); do \
d=$(srcdir); \
if test -d $$d/$$file; then \
- cp -pr $$/$$file $(distdir)/$$file; \
+ cp -pR $$d/$$file $(distdir) \
+ || exit 1; \
else \
test -f $(distdir)/$$file \
- || ln $$d/$$file $(distdir)/$$file 2> /dev/null \
- || cp -p $$d/$$file $(distdir)/$$file || :; \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
fi; \
done
$(MAKE) $(AM_MAKEFLAGS) top_distdir="$(top_distdir)" distdir="$(distdir)" dist-hook
-check-TESTS: $(TESTS)
- @failed=0; all=0; \
- srcdir=$(srcdir); export srcdir; \
- for tst in $(TESTS); do \
- if test -f $$tst; then dir=.; \
- else dir="$(srcdir)"; fi; \
- if $(TESTS_ENVIRONMENT) $$dir/$$tst; then \
- all=`expr $$all + 1`; \
- echo "PASS: $$tst"; \
- elif test $$? -ne 77; then \
- all=`expr $$all + 1`; \
- failed=`expr $$failed + 1`; \
- echo "FAIL: $$tst"; \
- fi; \
- done; \
- if test "$$failed" -eq 0; then \
- banner="All $$all tests passed"; \
- else \
- banner="$$failed of $$all tests failed"; \
- fi; \
- dashes=`echo "$$banner" | sed s/./=/g`; \
- echo "$$dashes"; \
- echo "$$banner"; \
- echo "$$dashes"; \
- test "$$failed" -eq 0
info-am:
info: info-am
dvi-am:
@@ -659,11 +819,11 @@ uninstall: uninstall-am
all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(MANS) $(HEADERS) all-local
all-redirect: all-am
install-strip:
- $(MAKE) $(AM_MAKEFLAGS) AM_INSTALL_PROGRAM_FLAGS=-s install
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_STRIP_FLAG=-s install
installdirs:
$(mkinstalldirs) $(DESTDIR)$(libdir) $(DESTDIR)$(bindir) \
$(DESTDIR)$(mandir)/man3 $(DESTDIR)$(mandir)/man5 \
- $(DESTDIR)$(includedir)
+ $(DESTDIR)$(mandir)/man8 $(DESTDIR)$(includedir)
mostlyclean-generic:
@@ -676,6 +836,7 @@ distclean-generic:
-rm -f config.cache config.log stamp-h stamp-h[0-9]*
maintainer-clean-generic:
+ -rm -f Makefile.in
mostlyclean-am: mostlyclean-libLTLIBRARIES mostlyclean-compile \
mostlyclean-libtool mostlyclean-binPROGRAMS \
mostlyclean-checkPROGRAMS mostlyclean-noinstPROGRAMS \
@@ -720,15 +881,16 @@ install-binPROGRAMS mostlyclean-checkPROGRAMS distclean-checkPROGRAMS \
clean-checkPROGRAMS maintainer-clean-checkPROGRAMS \
mostlyclean-noinstPROGRAMS distclean-noinstPROGRAMS \
clean-noinstPROGRAMS maintainer-clean-noinstPROGRAMS install-man3 \
-uninstall-man3 install-man5 uninstall-man5 install-man uninstall-man \
-uninstall-includeHEADERS install-includeHEADERS tags mostlyclean-tags \
-distclean-tags clean-tags maintainer-clean-tags distdir check-TESTS \
-info-am info dvi-am dvi check-local check check-am installcheck-am \
-installcheck install-exec-am install-exec install-data-local \
-install-data-am install-data install-am install uninstall-am uninstall \
-all-local all-redirect all-am all installdirs mostlyclean-generic \
-distclean-generic clean-generic maintainer-clean-generic clean \
-mostlyclean distclean maintainer-clean
+uninstall-man3 install-man5 uninstall-man5 install-man8 uninstall-man8 \
+install-man uninstall-man uninstall-includeHEADERS \
+install-includeHEADERS tags mostlyclean-tags distclean-tags clean-tags \
+maintainer-clean-tags check-TESTS distdir info-am info dvi-am dvi \
+check-local check check-am installcheck-am installcheck install-exec-am \
+install-exec install-data-local install-data-am install-data install-am \
+install uninstall-am uninstall all-local all-redirect all-am all \
+install-strip installdirs mostlyclean-generic distclean-generic \
+clean-generic maintainer-clean-generic clean mostlyclean distclean \
+maintainer-clean
install-suid-programs:
@@ -736,7 +898,10 @@ install-suid-programs:
for file in $$foo; do \
x=$(DESTDIR)$(bindir)/$$file; \
if chown 0:0 $$x && chmod u+s $$x; then :; else \
- chmod 0 $$x; fi; done
+ echo "*"; \
+ echo "* Failed to install $$x setuid root"; \
+ echo "*"; \
+ fi; done
install-exec-hook: install-suid-programs
@@ -748,8 +913,8 @@ install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
else file="$$f"; fi; \
if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
: ; else \
- echo " cp $$file $(buildinclude)/$$f"; \
- cp $$file $(buildinclude)/$$f; \
+ echo " $(CP) $$file $(buildinclude)/$$f"; \
+ $(CP) $$file $(buildinclude)/$$f; \
fi ; \
done
@@ -818,87 +983,8 @@ dist-cat8-mans:
dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
-install-cat1-mans:
- @ext=1;\
- foo='$(man1_MANS)'; \
- bar='$(man_MANS)'; \
- for i in $$bar; do \
- case $$i in \
- *.1) foo="$$foo $$i";; \
- esac; done; \
- if test "$$foo"; then \
- $(mkinstalldirs) $(DESTDIR)$(cat1dir); \
- for x in $$foo; do \
- f=`echo $$x | sed 's/\.[^.]*$$/.cat1/'`; \
- if test -f "$(srcdir)/$$f"; then \
- b=`echo $$x | sed 's!$(MANRX)!\1!'`; \
- echo "$(INSTALL_DATA) $(srcdir)/$$f $(DESTDIR)$(cat1dir)/$$b.$(CATSUFFIX)";\
- $(INSTALL_DATA) $(srcdir)/$$g $(DESTDIR)$(cat1dir)/$$b.$(CATSUFFIX);\
- fi; \
- done ;\
- fi
-
-install-cat3-mans:
- @ext=3;\
- foo='$(man3_MANS)'; \
- bar='$(man_MANS)'; \
- for i in $$bar; do \
- case $$i in \
- *.3) foo="$$foo $$i";; \
- esac; done; \
- if test "$$foo"; then \
- $(mkinstalldirs) $(DESTDIR)$(cat3dir); \
- for x in $$foo; do \
- f=`echo $$x | sed 's/\.[^.]*$$/.cat3/'`; \
- if test -f "$(srcdir)/$$f"; then \
- b=`echo $$x | sed 's!$(MANRX)!\1!'`; \
- echo "$(INSTALL_DATA) $(srcdir)/$$f $(DESTDIR)$(cat3dir)/$$b.$(CATSUFFIX)";\
- $(INSTALL_DATA) $(srcdir)/$$g $(DESTDIR)$(cat3dir)/$$b.$(CATSUFFIX);\
- fi; \
- done ;\
- fi
-
-install-cat5-mans:
- @ext=5;\
- foo='$(man5_MANS)'; \
- bar='$(man_MANS)'; \
- for i in $$bar; do \
- case $$i in \
- *.5) foo="$$foo $$i";; \
- esac; done; \
- if test "$$foo"; then \
- $(mkinstalldirs) $(DESTDIR)$(cat5dir); \
- for x in $$foo; do \
- f=`echo $$x | sed 's/\.[^.]*$$/.cat5/'`; \
- if test -f "$(srcdir)/$$f"; then \
- b=`echo $$x | sed 's!$(MANRX)!\1!'`; \
- echo "$(INSTALL_DATA) $(srcdir)/$$f $(DESTDIR)$(cat5dir)/$$b.$(CATSUFFIX)";\
- $(INSTALL_DATA) $(srcdir)/$$g $(DESTDIR)$(cat5dir)/$$b.$(CATSUFFIX);\
- fi; \
- done ;\
- fi
-
-install-cat8-mans:
- @ext=8;\
- foo='$(man8_MANS)'; \
- bar='$(man_MANS)'; \
- for i in $$bar; do \
- case $$i in \
- *.8) foo="$$foo $$i";; \
- esac; done; \
- if test "$$foo"; then \
- $(mkinstalldirs) $(DESTDIR)$(cat8dir); \
- for x in $$foo; do \
- f=`echo $$x | sed 's/\.[^.]*$$/.cat8/'`; \
- if test -f "$(srcdir)/$$f"; then \
- b=`echo $$x | sed 's!$(MANRX)!\1!'`; \
- echo "$(INSTALL_DATA) $(srcdir)/$$f $(DESTDIR)$(cat8dir)/$$b.$(CATSUFFIX)";\
- $(INSTALL_DATA) $(srcdir)/$$g $(DESTDIR)$(cat8dir)/$$b.$(CATSUFFIX);\
- fi; \
- done ;\
- fi
-
-install-cat-mans: install-cat1-mans install-cat3-mans install-cat5-mans install-cat8-mans
+install-cat-mans:
+ $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
install-data-local: install-cat-mans
diff --git a/crypto/heimdal/lib/krb5/acl.c b/crypto/heimdal/lib/krb5/acl.c
new file mode 100644
index 0000000..0106251
--- /dev/null
+++ b/crypto/heimdal/lib/krb5/acl.c
@@ -0,0 +1,189 @@
+/*
+ * Copyright (c) 2000 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+#include <fnmatch.h>
+
+RCSID("$Id: acl.c,v 1.1 2000/06/12 11:17:52 joda Exp $");
+
+struct acl_field {
+ enum { acl_string, acl_fnmatch, acl_retval } type;
+ union {
+ const char *cstr;
+ char **retv;
+ } u;
+ struct acl_field *next, **last;
+};
+
+static void
+acl_free_list(struct acl_field *acl)
+{
+ struct acl_field *next;
+ while(acl != NULL) {
+ next = acl->next;
+ free(acl);
+ acl = next;
+ }
+}
+
+static krb5_error_code
+acl_parse_format(krb5_context context,
+ struct acl_field **acl_ret,
+ const char *format,
+ va_list ap)
+{
+ const char *p;
+ struct acl_field *acl = NULL, *tmp;
+
+ for(p = format; *p != '\0'; p++) {
+ tmp = malloc(sizeof(*tmp));
+ if(tmp == NULL) {
+ acl_free_list(acl);
+ return ENOMEM;
+ }
+ if(*p == 's') {
+ tmp->type = acl_string;
+ tmp->u.cstr = va_arg(ap, const char*);
+ } else if(*p == 'f') {
+ tmp->type = acl_fnmatch;
+ tmp->u.cstr = va_arg(ap, const char*);
+ } else if(*p == 'r') {
+ tmp->type = acl_retval;
+ tmp->u.retv = va_arg(ap, char **);
+ }
+ tmp->next = NULL;
+ if(acl == NULL)
+ acl = tmp;
+ else
+ *acl->last = tmp;
+ acl->last = &tmp->next;
+ }
+ *acl_ret = acl;
+ return 0;
+}
+
+static krb5_boolean
+acl_match_field(krb5_context context,
+ const char *string,
+ struct acl_field *field)
+{
+ if(field->type == acl_string) {
+ return !strcmp(string, field->u.cstr);
+ } else if(field->type == acl_fnmatch) {
+ return !fnmatch(string, field->u.cstr, 0);
+ } else if(field->type == acl_retval) {
+ *field->u.retv = strdup(string);
+ return TRUE;
+ }
+ return FALSE;
+}
+
+static krb5_boolean
+acl_match_acl(krb5_context context,
+ struct acl_field *acl,
+ const char *string)
+{
+ char buf[256];
+ for(;strsep_copy(&string, " \t", buf, sizeof(buf)) != -1;
+ acl = acl->next) {
+ if(buf[0] == '\0')
+ continue; /* skip ws */
+ if(!acl_match_field(context, buf, acl)) {
+ return FALSE;
+ }
+ }
+ return TRUE;
+}
+
+
+krb5_error_code
+krb5_acl_match_string(krb5_context context,
+ const char *acl_string,
+ const char *format,
+ ...)
+{
+ krb5_error_code ret;
+ struct acl_field *acl;
+
+ va_list ap;
+ va_start(ap, format);
+ ret = acl_parse_format(context, &acl, format, ap);
+ va_end(ap);
+ if(ret)
+ return ret;
+
+ ret = acl_match_acl(context, acl, acl_string);
+
+ acl_free_list(acl);
+ return ret ? 0 : EACCES;
+}
+
+krb5_error_code
+krb5_acl_match_file(krb5_context context,
+ const char *file,
+ const char *format,
+ ...)
+{
+ krb5_error_code ret;
+ struct acl_field *acl;
+ char buf[256];
+ va_list ap;
+ FILE *f;
+
+ f = fopen(file, "r");
+ if(f == NULL)
+ return errno;
+
+ va_start(ap, format);
+ ret = acl_parse_format(context, &acl, format, ap);
+ va_end(ap);
+ if(ret) {
+ fclose(f);
+ return ret;
+ }
+
+ ret = EACCES; /* XXX */
+ while(fgets(buf, sizeof(buf), f)) {
+ if(buf[0] == '#')
+ continue;
+ if(acl_match_acl(context, acl, buf)) {
+ ret = 0;
+ goto out;
+ }
+ }
+
+ out:
+ fclose(f);
+ acl_free_list(acl);
+ return ret;
+}
diff --git a/crypto/heimdal/lib/krb5/addr_families.c b/crypto/heimdal/lib/krb5/addr_families.c
index 9b17abd..339d23b 100644
--- a/crypto/heimdal/lib/krb5/addr_families.c
+++ b/crypto/heimdal/lib/krb5/addr_families.c
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: addr_families.c,v 1.23 2000/02/16 02:09:00 assar Exp $");
+RCSID("$Id: addr_families.c,v 1.24 2000/07/08 13:05:43 joda Exp $");
struct addr_operations {
int af;
@@ -523,7 +523,7 @@ krb5_parse_address(krb5_context context,
error = getaddrinfo (string, NULL, NULL, &ai);
if (error)
- return -1;
+ return krb5_eai_to_heim_errno(error);
n = 0;
for (a = ai; a != NULL; a = a->ai_next)
diff --git a/crypto/heimdal/lib/krb5/appdefault.c b/crypto/heimdal/lib/krb5/appdefault.c
new file mode 100644
index 0000000..081dec0
--- /dev/null
+++ b/crypto/heimdal/lib/krb5/appdefault.c
@@ -0,0 +1,123 @@
+/*
+ * Copyright (c) 2000, 2001 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "krb5_locl.h"
+
+RCSID("$Id: appdefault.c,v 1.3 2001/01/10 00:19:58 assar Exp $");
+
+void
+krb5_appdefault_boolean(krb5_context context, const char *appname,
+ krb5_realm realm, const char *option,
+ krb5_boolean def_val, krb5_boolean *ret_val)
+{
+
+ if(appname == NULL)
+ appname = __progname;
+ def_val = krb5_config_get_bool_default(context, NULL, def_val,
+ "appdefaults",
+ option,
+ NULL);
+ if(realm != NULL)
+ def_val = krb5_config_get_bool_default(context, NULL, def_val,
+ "appdefaults",
+ realm,
+ option,
+ NULL);
+ if(appname != NULL) {
+ def_val = krb5_config_get_bool_default(context, NULL, def_val,
+ "appdefaults",
+ appname,
+ option,
+ NULL);
+ if(realm != NULL)
+ def_val = krb5_config_get_bool_default(context, NULL, def_val,
+ "appdefaults",
+ appname,
+ realm,
+ option,
+ NULL);
+ }
+ *ret_val = def_val;
+}
+
+void
+krb5_appdefault_string(krb5_context context, const char *appname,
+ krb5_realm realm, const char *option,
+ const char *def_val, char **ret_val)
+{
+ if(appname == NULL)
+ appname = __progname;
+ def_val = krb5_config_get_string_default(context, NULL, def_val,
+ "appdefaults",
+ option,
+ NULL);
+ if(realm != NULL)
+ def_val = krb5_config_get_string_default(context, NULL, def_val,
+ "appdefaults",
+ realm,
+ option,
+ NULL);
+ if(appname != NULL) {
+ def_val = krb5_config_get_string_default(context, NULL, def_val,
+ "appdefaults",
+ appname,
+ option,
+ NULL);
+ if(realm != NULL)
+ def_val = krb5_config_get_string_default(context, NULL, def_val,
+ "appdefaults",
+ appname,
+ realm,
+ option,
+ NULL);
+ }
+ if(def_val != NULL)
+ *ret_val = strdup(def_val);
+ else
+ *ret_val = NULL;
+}
+
+void
+krb5_appdefault_time(krb5_context context, const char *appname,
+ krb5_realm realm, const char *option,
+ time_t def_val, time_t *ret_val)
+{
+ time_t t;
+ char tstr[32];
+ char *val;
+ snprintf(tstr, sizeof(tstr), "%ld", (long)def_val);
+ krb5_appdefault_string(context, appname, realm, option, tstr, &val);
+ t = parse_time (val, NULL);
+ free(val);
+ *ret_val = t;
+}
diff --git a/crypto/heimdal/lib/krb5/auth_context.c b/crypto/heimdal/lib/krb5/auth_context.c
index 94b1376..a37c4dd 100644
--- a/crypto/heimdal/lib/krb5/auth_context.c
+++ b/crypto/heimdal/lib/krb5/auth_context.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: auth_context.c,v 1.50 1999/12/02 17:05:07 joda Exp $");
+RCSID("$Id: auth_context.c,v 1.55 2000/12/10 20:01:05 assar Exp $");
krb5_error_code
krb5_auth_con_init(krb5_context context,
@@ -67,20 +67,21 @@ krb5_error_code
krb5_auth_con_free(krb5_context context,
krb5_auth_context auth_context)
{
- krb5_free_authenticator(context, &auth_context->authenticator);
- if(auth_context->local_address){
- free_HostAddress(auth_context->local_address);
- free(auth_context->local_address);
- }
- if(auth_context->remote_address){
- free_HostAddress(auth_context->remote_address);
- free(auth_context->remote_address);
- }
- if(auth_context->keyblock)
+ if (auth_context != NULL) {
+ krb5_free_authenticator(context, &auth_context->authenticator);
+ if(auth_context->local_address){
+ free_HostAddress(auth_context->local_address);
+ free(auth_context->local_address);
+ }
+ if(auth_context->remote_address){
+ free_HostAddress(auth_context->remote_address);
+ free(auth_context->remote_address);
+ }
krb5_free_keyblock(context, auth_context->keyblock);
- krb5_free_keyblock(context, auth_context->remote_subkey);
- krb5_free_keyblock(context, auth_context->local_subkey);
- free (auth_context);
+ krb5_free_keyblock(context, auth_context->remote_subkey);
+ krb5_free_keyblock(context, auth_context->local_subkey);
+ free (auth_context);
+ }
return 0;
}
@@ -128,49 +129,71 @@ krb5_auth_con_setaddrs(krb5_context context,
}
krb5_error_code
-krb5_auth_con_setaddrs_from_fd (krb5_context context,
- krb5_auth_context auth_context,
- void *p_fd)
+krb5_auth_con_genaddrs(krb5_context context,
+ krb5_auth_context auth_context,
+ int fd, int flags)
{
- int fd = *((int *)p_fd);
krb5_error_code ret;
krb5_address local_k_address, remote_k_address;
krb5_address *lptr = NULL, *rptr = NULL;
struct sockaddr_storage ss_local, ss_remote;
struct sockaddr *local = (struct sockaddr *)&ss_local;
struct sockaddr *remote = (struct sockaddr *)&ss_remote;
- int len;
-
- if (auth_context->local_address == NULL) {
- len = sizeof(ss_local);
- if(getsockname(fd, local, &len) < 0) {
- ret = errno;
- goto out;
+ socklen_t len;
+
+ if(flags & KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR) {
+ if (auth_context->local_address == NULL) {
+ len = sizeof(ss_local);
+ if(getsockname(fd, local, &len) < 0) {
+ ret = errno;
+ goto out;
+ }
+ krb5_sockaddr2address (local, &local_k_address);
+ if(flags & KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR) {
+ krb5_sockaddr2port (local, &auth_context->local_port);
+ } else
+ auth_context->local_port = 0;
+ lptr = &local_k_address;
}
- krb5_sockaddr2address (local, &local_k_address);
- krb5_sockaddr2port (local, &auth_context->local_port);
- lptr = &local_k_address;
}
- if (auth_context->remote_address == NULL) {
+ if(flags & KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR) {
len = sizeof(ss_remote);
if(getpeername(fd, remote, &len) < 0) {
ret = errno;
goto out;
}
krb5_sockaddr2address (remote, &remote_k_address);
- krb5_sockaddr2port (remote, &auth_context->remote_port);
+ if(flags & KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR) {
+ krb5_sockaddr2port (remote, &auth_context->remote_port);
+ } else
+ auth_context->remote_port = 0;
rptr = &remote_k_address;
}
ret = krb5_auth_con_setaddrs (context,
auth_context,
lptr,
rptr);
-out:
+ out:
if (lptr)
krb5_free_address (context, lptr);
if (rptr)
krb5_free_address (context, rptr);
return ret;
+
+}
+
+krb5_error_code
+krb5_auth_con_setaddrs_from_fd (krb5_context context,
+ krb5_auth_context auth_context,
+ void *p_fd)
+{
+ int fd = *(int*)p_fd;
+ int flags = 0;
+ if(auth_context->local_address == NULL)
+ flags |= KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR;
+ if(auth_context->remote_address == NULL)
+ flags |= KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR;
+ return krb5_auth_con_genaddrs(context, auth_context, fd, flags);
}
krb5_error_code
@@ -396,6 +419,24 @@ krb5_auth_con_setuserkey(krb5_context context,
return krb5_copy_keyblock(context, keyblock, &auth_context->keyblock);
}
+krb5_error_code
+krb5_auth_con_getrcache(krb5_context context,
+ krb5_auth_context auth_context,
+ krb5_rcache *rcache)
+{
+ *rcache = auth_context->rcache;
+ return 0;
+}
+
+krb5_error_code
+krb5_auth_con_setrcache(krb5_context context,
+ krb5_auth_context auth_context,
+ krb5_rcache rcache)
+{
+ auth_context->rcache = rcache;
+ return 0;
+}
+
#if 0 /* not implemented */
krb5_error_code
@@ -414,13 +455,4 @@ krb5_auth_con_setivector(krb5_context context,
krb5_abortx(context, "unimplemented krb5_auth_con_setivector called");
}
-
-krb5_error_code
-krb5_auth_con_setrcache(krb5_context context,
- krb5_auth_context auth_context,
- krb5_rcache rcache)
-{
- krb5_abortx(context, "unimplemented krb5_auth_con_setrcache called");
-}
-
#endif /* not implemented */
diff --git a/crypto/heimdal/lib/krb5/build_auth.c b/crypto/heimdal/lib/krb5/build_auth.c
index a38393b..c75b2f1 100644
--- a/crypto/heimdal/lib/krb5/build_auth.c
+++ b/crypto/heimdal/lib/krb5/build_auth.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include <krb5_locl.h>
-RCSID("$Id: build_auth.c,v 1.32 1999/12/02 17:05:08 joda Exp $");
+RCSID("$Id: build_auth.c,v 1.34 2000/11/15 06:58:51 assar Exp $");
krb5_error_code
krb5_build_authenticator (krb5_context context,
@@ -42,7 +42,8 @@ krb5_build_authenticator (krb5_context context,
krb5_creds *cred,
Checksum *cksum,
Authenticator **auth_result,
- krb5_data *result)
+ krb5_data *result,
+ krb5_key_usage usage)
{
Authenticator *auth;
u_char *buf = NULL;
@@ -126,9 +127,11 @@ krb5_build_authenticator (krb5_context context,
} while(ret == ASN1_OVERFLOW);
ret = krb5_crypto_init(context, &cred->session, enctype, &crypto);
+ if (ret)
+ goto fail;
ret = krb5_encrypt (context,
crypto,
- KRB5_KU_AP_REQ_AUTH,
+ usage /* KRB5_KU_AP_REQ_AUTH */,
buf + buf_size - len,
len,
result);
diff --git a/crypto/heimdal/lib/krb5/cache.c b/crypto/heimdal/lib/krb5/cache.c
index e78d4de..121f44f 100644
--- a/crypto/heimdal/lib/krb5/cache.c
+++ b/crypto/heimdal/lib/krb5/cache.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997-1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: cache.c,v 1.44 1999/12/02 17:05:08 joda Exp $");
+RCSID("$Id: cache.c,v 1.45 2000/12/05 09:18:29 joda Exp $");
/*
* Add a new ccache type with operations `ops', overwriting any
@@ -356,7 +356,9 @@ krb5_cc_remove_cred(krb5_context context,
krb5_flags which,
krb5_creds *cred)
{
- return id->ops->remove_cred(context, id, which, cred);
+ if(id->ops->remove_cred == NULL)
+ return EACCES; /* XXX */
+ return (*id->ops->remove_cred)(context, id, which, cred);
}
/*
diff --git a/crypto/heimdal/lib/krb5/changepw.c b/crypto/heimdal/lib/krb5/changepw.c
index 56c89a0..407abf0 100644
--- a/crypto/heimdal/lib/krb5/changepw.c
+++ b/crypto/heimdal/lib/krb5/changepw.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include <krb5_locl.h>
-RCSID("$Id: changepw.c,v 1.20 2000/02/07 13:40:18 joda Exp $");
+RCSID("$Id: changepw.c,v 1.30 2000/12/10 23:10:10 assar Exp $");
static krb5_error_code
get_kdc_address (krb5_context context,
@@ -52,10 +52,12 @@ get_kdc_address (krb5_context context,
return ret;
port = ntohs(krb5_getportbyname (context, "kpasswd", "udp", KPASSWD_PORT));
- error = roken_getaddrinfo_hostspec(*hostlist, port, ai);
+ error = roken_getaddrinfo_hostspec2(*hostlist, SOCK_DGRAM, port, ai);
krb5_free_krbhst (context, hostlist);
- return error;
+ if(error)
+ return krb5_eai_to_heim_errno(error);
+ return 0;
}
static krb5_error_code
@@ -138,7 +140,12 @@ out2:
static void
str2data (krb5_data *d,
- char *fmt,
+ const char *fmt,
+ ...) __attribute__ ((format (printf, 2, 3)));
+
+static void
+str2data (krb5_data *d,
+ const char *fmt,
...)
{
va_list args;
@@ -261,6 +268,7 @@ krb5_change_password (krb5_context context,
int sock;
int i;
struct addrinfo *ai, *a;
+ int done = 0;
ret = krb5_auth_con_init (context, &auth_context);
if (ret)
@@ -270,58 +278,71 @@ krb5_change_password (krb5_context context,
if (ret)
goto out;
- krb5_auth_con_setflags (context, auth_context,
- KRB5_AUTH_CONTEXT_DO_SEQUENCE);
+ for (a = ai; !done && a != NULL; a = a->ai_next) {
+ int replied = 0;
- for (a = ai; a != NULL; a = a->ai_next) {
sock = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
if (sock < 0)
continue;
- for (i = 0; i < 5; ++i) {
+ for (i = 0; !done && i < 5; ++i) {
fd_set fdset;
struct timeval tv;
- ret = send_request (context,
- &auth_context,
- creds,
- sock,
- a->ai_addr,
- a->ai_addrlen,
- newpw);
- if (ret)
+ if (!replied) {
+ replied = 0;
+ ret = send_request (context,
+ &auth_context,
+ creds,
+ sock,
+ a->ai_addr,
+ a->ai_addrlen,
+ newpw);
+ if (ret) {
+ close(sock);
+ goto out;
+ }
+ }
+
+ if (sock >= FD_SETSIZE) {
+ ret = ERANGE;
+ close (sock);
goto out;
+ }
FD_ZERO(&fdset);
FD_SET(sock, &fdset);
tv.tv_usec = 0;
- tv.tv_sec = 1 << i;
+ tv.tv_sec = 1 + (1 << i);
ret = select (sock + 1, &fdset, NULL, NULL, &tv);
- if (ret < 0 && errno != EINTR)
+ if (ret < 0 && errno != EINTR) {
+ close(sock);
goto out;
- if (ret == 1)
- break;
- }
- if (i == 5) {
- ret = KRB5_KDC_UNREACH;
- close (sock);
- continue;
+ }
+ if (ret == 1) {
+ ret = process_reply (context,
+ auth_context,
+ sock,
+ result_code,
+ result_code_string,
+ result_string);
+ if (ret == 0)
+ done = 1;
+ else if (i > 0 && ret == KRB5KRB_AP_ERR_MUT_FAIL)
+ replied = 1;
+ } else {
+ ret = KRB5_KDC_UNREACH;
+ }
}
-
- ret = process_reply (context,
- auth_context,
- sock,
- result_code,
- result_code_string,
- result_string);
close (sock);
- if (ret == 0)
- break;
}
freeaddrinfo (ai);
out:
krb5_auth_con_free (context, auth_context);
- return ret;
+ if (done)
+ return 0;
+ else
+ return ret;
}
diff --git a/crypto/heimdal/lib/krb5/config_file.c b/crypto/heimdal/lib/krb5/config_file.c
index 3d1ff1e..d5d8a42 100644
--- a/crypto/heimdal/lib/krb5/config_file.c
+++ b/crypto/heimdal/lib/krb5/config_file.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997, 1998, 1999, 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -32,7 +32,7 @@
*/
#include "krb5_locl.h"
-RCSID("$Id: config_file.c,v 1.38 1999/12/02 17:05:08 joda Exp $");
+RCSID("$Id: config_file.c,v 1.41 2000/08/16 07:40:36 assar Exp $");
#ifndef HAVE_NETINFO
@@ -210,7 +210,7 @@ krb5_config_parse_file_debug (const char *fname,
krb5_config_section *s;
krb5_config_binding *b;
char buf[BUFSIZ];
- int ret;
+ int ret = 0;
s = NULL;
b = NULL;
@@ -218,7 +218,7 @@ krb5_config_parse_file_debug (const char *fname,
f = fopen (fname, "r");
if (f == NULL) {
*error_message = "cannot open file";
- return -1;
+ return ENOENT;
}
*res = NULL;
while (fgets(buf, sizeof(buf), f) != NULL) {
@@ -234,20 +234,23 @@ krb5_config_parse_file_debug (const char *fname,
continue;
if (*p == '[') {
ret = parse_section(p, &s, res, error_message);
- if (ret)
- return ret;
+ if (ret) {
+ goto out;
+ }
b = NULL;
} else if (*p == '}') {
*error_message = "unmatched }";
- return -1;
+ ret = -1;
+ goto out;
} else if(*p != '\0') {
ret = parse_binding(f, lineno, p, &b, &s->u.list, error_message);
if (ret)
- return ret;
+ goto out;
}
}
+out:
fclose (f);
- return 0;
+ return ret;
}
krb5_error_code
@@ -422,6 +425,35 @@ krb5_config_vget_string (krb5_context context,
return krb5_config_vget (context, c, krb5_config_string, args);
}
+const char *
+krb5_config_vget_string_default (krb5_context context,
+ krb5_config_section *c,
+ const char *def_value,
+ va_list args)
+{
+ const char *ret;
+
+ ret = krb5_config_vget_string (context, c, args);
+ if (ret == NULL)
+ ret = def_value;
+ return ret;
+}
+
+const char *
+krb5_config_get_string_default (krb5_context context,
+ krb5_config_section *c,
+ const char *def_value,
+ ...)
+{
+ const char *ret;
+ va_list args;
+
+ va_start(args, def_value);
+ ret = krb5_config_vget_string_default (context, c, def_value, args);
+ va_end(args);
+ return ret;
+}
+
char **
krb5_config_vget_strings(krb5_context context,
krb5_config_section *c,
diff --git a/crypto/heimdal/lib/krb5/constants.c b/crypto/heimdal/lib/krb5/constants.c
index 8314c26..946fd4d 100644
--- a/crypto/heimdal/lib/krb5/constants.c
+++ b/crypto/heimdal/lib/krb5/constants.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: constants.c,v 1.4 1999/12/02 17:05:08 joda Exp $");
+RCSID("$Id: constants.c,v 1.5 2000/07/14 21:53:01 joda Exp $");
const char krb5_config_file[] = "/etc/krb5.conf";
-const char krb5_defkeyname[] = "/etc/v5srvtab";
+const char krb5_defkeyname[] = KEYTAB_DEFAULT;
diff --git a/crypto/heimdal/lib/krb5/context.c b/crypto/heimdal/lib/krb5/context.c
index fb3fb61..0cfac9a 100644
--- a/crypto/heimdal/lib/krb5/context.c
+++ b/crypto/heimdal/lib/krb5/context.c
@@ -33,16 +33,12 @@
#include "krb5_locl.h"
-RCSID("$Id: context.c,v 1.53 2000/02/11 17:43:43 assar Exp $");
+RCSID("$Id: context.c,v 1.59 2000/12/15 17:11:51 joda Exp $");
#define INIT_FIELD(C, T, E, D, F) \
(C)->E = krb5_config_get_ ## T ## _default ((C), NULL, (D), \
"libdefaults", F, NULL)
-#ifdef KRB4
-extern krb5_kt_ops krb4_fkt_ops;
-#endif
-
/*
* Set the list of etypes `ret_etypes' from the configuration variable
* `name'
@@ -89,27 +85,26 @@ init_context_from_config_file(krb5_context context)
INIT_FIELD(context, time, kdc_timeout, 3, "kdc_timeout");
INIT_FIELD(context, int, max_retries, 3, "max_retries");
- context->http_proxy = krb5_config_get_string(context, NULL, "libdefaults",
- "http_proxy", NULL);
+ INIT_FIELD(context, string, http_proxy, NULL, "http_proxy");
set_etypes (context, "default_etypes", &context->etypes);
set_etypes (context, "default_etypes_des", &context->etypes_des);
/* default keytab name */
- context->default_keytab = krb5_config_get_string(context, NULL,
- "libdefaults",
- "default_keytab_name",
- NULL);
- if(context->default_keytab == NULL)
- context->default_keytab = KEYTAB_DEFAULT;
-
- context->time_fmt = krb5_config_get_string(context, NULL, "libdefaults",
- "time_format", NULL);
- if(context->time_fmt == NULL)
- context->time_fmt = "%Y-%m-%dT%H:%M:%S";
- context->log_utc = krb5_config_get_bool(context, NULL, "libdefaults",
- "log_utc", NULL);
+ INIT_FIELD(context, string, default_keytab,
+ KEYTAB_DEFAULT, "default_keytab_name");
+
+ INIT_FIELD(context, string, time_fmt,
+ "%Y-%m-%dT%H:%M:%S", "time_format");
+
+ INIT_FIELD(context, string, date_fmt,
+ "%Y-%m-%d", "date_format");
+ INIT_FIELD(context, bool, log_utc,
+ FALSE, "log_utc");
+
+
+
/* init dns-proxy slime */
tmp = krb5_config_get_string(context, NULL, "libdefaults",
"dns_proxy", NULL);
@@ -136,7 +131,6 @@ init_context_from_config_file(krb5_context context)
INIT_FIELD(context, bool, scan_interfaces, TRUE, "scan_interfaces");
INIT_FIELD(context, bool, srv_lookup, TRUE, "srv_lookup");
INIT_FIELD(context, bool, srv_try_txt, FALSE, "srv_try_txt");
- INIT_FIELD(context, bool, srv_try_rfc2052, TRUE, "srv_try_rfc2052");
INIT_FIELD(context, int, fcache_vno, 0, "fcache_version");
context->cc_ops = NULL;
@@ -148,10 +142,8 @@ init_context_from_config_file(krb5_context context)
context->kt_types = NULL;
krb5_kt_register (context, &krb5_fkt_ops);
krb5_kt_register (context, &krb5_mkt_ops);
-#ifdef KRB4
- krb5_kt_register (context, &krb4_fkt_ops);
-#endif
krb5_kt_register (context, &krb5_akf_ops);
+ krb5_kt_register (context, &krb4_fkt_ops);
return 0;
}
@@ -187,8 +179,10 @@ krb5_init_context(krb5_context *context)
#endif
ret = init_context_from_config_file(p);
- if(ret)
+ if(ret) {
+ krb5_free_context(p);
return ret;
+ }
*context = p;
return 0;
@@ -211,12 +205,17 @@ krb5_free_context(krb5_context context)
free(context);
}
+/*
+ * set `etype' to a malloced list of the default enctypes
+ */
+
static krb5_error_code
default_etypes(krb5_enctype **etype)
{
krb5_enctype p[] = {
ETYPE_DES3_CBC_SHA1,
ETYPE_DES3_CBC_MD5,
+ ETYPE_ARCFOUR_HMAC_MD5,
ETYPE_DES_CBC_MD5,
ETYPE_DES_CBC_MD4,
ETYPE_DES_CBC_CRC,
diff --git a/crypto/heimdal/lib/krb5/convert_creds.c b/crypto/heimdal/lib/krb5/convert_creds.c
index 24dea0b..8459ee3 100644
--- a/crypto/heimdal/lib/krb5/convert_creds.c
+++ b/crypto/heimdal/lib/krb5/convert_creds.c
@@ -32,7 +32,7 @@
*/
#include "krb5_locl.h"
-RCSID("$Id: convert_creds.c,v 1.13 1999/12/02 17:05:08 joda Exp $");
+RCSID("$Id: convert_creds.c,v 1.15 2000/07/11 19:30:04 joda Exp $");
static krb5_error_code
check_ticket_flags(TicketFlags f)
@@ -166,10 +166,32 @@ krb524_convert_creds_kdc(krb5_context context,
if(ret)
goto out2;
- ret = krb5_sendto_kdc (context,
+ {
+ char **hostlist;
+ int port;
+ port = krb5_getportbyname (context, "krb524", "udp", 4444);
+
+ ret = krb5_get_krbhst (context, krb5_princ_realm(context,
+ v5_creds->server),
+ &hostlist);
+ if(ret)
+ goto out2;
+
+ ret = krb5_sendto (context,
&v5_creds->ticket,
- krb5_princ_realm(context, v5_creds->server),
+ hostlist,
+ port,
&reply);
+ if(ret == KRB5_KDC_UNREACH) {
+ port = krb5_getportbyname (context, "kerberos", "udp", 88);
+ ret = krb5_sendto (context,
+ &v5_creds->ticket,
+ hostlist,
+ port,
+ &reply);
+ }
+ krb5_free_krbhst (context, hostlist);
+ }
if (ret)
goto out2;
sp = krb5_storage_from_mem(reply.data, reply.length);
diff --git a/crypto/heimdal/lib/krb5/crc.c b/crypto/heimdal/lib/krb5/crc.c
index 2f9ef95..c7cedd8 100644
--- a/crypto/heimdal/lib/krb5/crc.c
+++ b/crypto/heimdal/lib/krb5/crc.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: crc.c,v 1.8 1999/12/02 17:05:08 joda Exp $");
+RCSID("$Id: crc.c,v 1.9 2000/08/03 01:45:14 assar Exp $");
static u_long table[256];
@@ -63,7 +63,7 @@ _krb5_crc_init_table(void)
}
u_int32_t
-_krb5_crc_update (char *p, size_t len, u_int32_t res)
+_krb5_crc_update (const char *p, size_t len, u_int32_t res)
{
while (len--)
res = table[(res ^ *p++) & 0xFF] ^ (res >> 8);
diff --git a/crypto/heimdal/lib/krb5/crypto.c b/crypto/heimdal/lib/krb5/crypto.c
index aef45b1..0415542 100644
--- a/crypto/heimdal/lib/krb5/crypto.c
+++ b/crypto/heimdal/lib/krb5/crypto.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -32,7 +32,7 @@
*/
#include "krb5_locl.h"
-RCSID("$Id: crypto.c,v 1.29 2000/01/25 23:06:55 assar Exp $");
+RCSID("$Id: crypto.c,v 1.43 2001/01/30 17:10:55 assar Exp $");
#undef CRYPTO_DEBUG
#ifdef CRYPTO_DEBUG
@@ -65,6 +65,7 @@ struct krb5_crypto_data {
#define F_DERIVED 4 /* uses derived keys */
#define F_VARIANT 8 /* uses `variant' keys (6.4.3) */
#define F_PSEUDO 16 /* not a real protocol type */
+#define F_SPECIAL 32 /* backwards */
struct salt_type {
krb5_salttype type;
@@ -93,9 +94,16 @@ struct checksum_type {
size_t blocksize;
size_t checksumsize;
unsigned flags;
- void (*checksum)(krb5_context, struct key_data*, void*, size_t, Checksum*);
- krb5_error_code (*verify)(krb5_context, struct key_data*,
- void*, size_t, Checksum*);
+ void (*checksum)(krb5_context context,
+ struct key_data *key,
+ const void *buf, size_t len,
+ unsigned usage,
+ Checksum *csum);
+ krb5_error_code (*verify)(krb5_context context,
+ struct key_data *key,
+ const void *buf, size_t len,
+ unsigned usage,
+ Checksum *csum);
};
struct encryption_type {
@@ -107,7 +115,11 @@ struct encryption_type {
struct checksum_type *cksumtype;
struct checksum_type *keyed_checksum;
unsigned flags;
- void (*encrypt)(struct key_data *, void *, size_t, int);
+ krb5_error_code (*encrypt)(struct key_data *key,
+ void *data, size_t len,
+ krb5_boolean encrypt,
+ int usage,
+ void *ivec);
};
#define ENCRYPTION_USAGE(U) (((U) << 8) | 0xAA)
@@ -189,7 +201,8 @@ DES_AFS3_CMU_string_to_key (krb5_data pw,
for(i = 0; i < 8; i++) {
char c = ((i < pw.length) ? ((char*)pw.data)[i] : 0) ^
- ((i < cell.length) ? ((char*)cell.data)[i] : 0);
+ ((i < cell.length) ?
+ tolower(((unsigned char*)cell.data)[i]) : 0);
password[i] = c ? c : 'X';
}
password[8] = '\0';
@@ -219,23 +232,25 @@ DES_AFS3_Transarc_string_to_key (krb5_data pw,
size_t passlen;
memcpy(password, pw.data, min(pw.length, sizeof(password)));
- if(pw.length < sizeof(password))
- memcpy(password + pw.length,
- cell.data, min(cell.length,
- sizeof(password) - pw.length));
+ if(pw.length < sizeof(password)) {
+ int len = min(cell.length, sizeof(password) - pw.length);
+ int i;
+
+ memcpy(password + pw.length, cell.data, len);
+ for (i = pw.length; i < pw.length + len; ++i)
+ password[i] = tolower((unsigned char)password[i]);
+ }
passlen = min(sizeof(password), pw.length + cell.length);
memcpy(&ivec, "kerberos", 8);
memcpy(&temp_key, "kerberos", 8);
des_set_odd_parity (&temp_key);
des_set_key (&temp_key, schedule);
- des_cbc_cksum ((const void *)password, &ivec, passlen,
- schedule, &ivec);
+ des_cbc_cksum ((des_cblock *)password, &ivec, passlen, schedule, &ivec);
memcpy(&temp_key, &ivec, 8);
des_set_odd_parity (&temp_key);
des_set_key (&temp_key, schedule);
- des_cbc_cksum ((const void *)password, key, passlen,
- schedule, &ivec);
+ des_cbc_cksum ((des_cblock *)password, key, passlen, schedule, &ivec);
memset(&schedule, 0, sizeof(schedule));
memset(&temp_key, 0, sizeof(temp_key));
memset(&ivec, 0, sizeof(ivec));
@@ -339,8 +354,8 @@ DES3_string_to_key(krb5_context context,
des_set_key(keys + i, s[i]);
}
memset(&ivec, 0, sizeof(ivec));
- des_ede3_cbc_encrypt((const void *)tmp,
- (void *)tmp, sizeof(tmp),
+ des_ede3_cbc_encrypt((des_cblock *)tmp,
+ (des_cblock *)tmp, sizeof(tmp),
s[0], s[1], s[2], &ivec, DES_ENCRYPT);
memset(s, 0, sizeof(s));
memset(&ivec, 0, sizeof(ivec));
@@ -416,7 +431,7 @@ ARCFOUR_string_to_key(krb5_context context,
int i;
MD4_CTX m;
- len = 2 * (password.length + salt.saltvalue.length);
+ len = 2 * password.length;
s = malloc (len);
if (len != 0 && s == NULL)
return ENOMEM;
@@ -424,15 +439,11 @@ ARCFOUR_string_to_key(krb5_context context,
*p++ = ((char *)password.data)[i];
*p++ = 0;
}
- for (i = 0; i < salt.saltvalue.length; ++i) {
- *p++ = ((char *)salt.saltvalue.data)[i];
- *p++ = 0;
- }
- MD4Init (&m);
- MD4Update (&m, s, len);
+ MD4_Init (&m);
+ MD4_Update (&m, s, len);
key->keytype = enctype;
krb5_data_alloc (&key->keyvalue, 16);
- MD4Final (key->keyvalue.data, &m);
+ MD4_Final (key->keyvalue.data, &m);
memset (s, 0, len);
free (s);
return 0;
@@ -670,6 +681,11 @@ krb5_string_to_key (krb5_context context,
return krb5_string_to_key_data(context, enctype, pw, principal, key);
}
+/*
+ * Do a string -> key for encryption type `enctype' operation on
+ * `password' (with salt `salt'), returning the resulting key in `key'
+ */
+
krb5_error_code
krb5_string_to_key_data_salt (krb5_context context,
krb5_enctype enctype,
@@ -687,6 +703,12 @@ krb5_string_to_key_data_salt (krb5_context context,
return HEIM_ERR_SALTTYPE_NOSUPP;
}
+/*
+ * Do a string -> key for encryption type `enctype' operation on the
+ * string `password' (with salt `salt'), returning the resulting key
+ * in `key'
+ */
+
krb5_error_code
krb5_string_to_key_salt (krb5_context context,
krb5_enctype enctype,
@@ -759,6 +781,8 @@ _key_schedule(krb5_context context,
if(kt->schedule == NULL)
return 0;
+ if (key->schedule != NULL)
+ return 0;
ALLOC(key->schedule, 1);
if(key->schedule == NULL)
return ENOMEM;
@@ -779,8 +803,9 @@ _key_schedule(krb5_context context,
static void
NONE_checksum(krb5_context context,
struct key_data *key,
- void *data,
+ const void *data,
size_t len,
+ unsigned usage,
Checksum *C)
{
}
@@ -788,8 +813,9 @@ NONE_checksum(krb5_context context,
static void
CRC32_checksum(krb5_context context,
struct key_data *key,
- void *data,
+ const void *data,
size_t len,
+ unsigned usage,
Checksum *C)
{
u_int32_t crc;
@@ -805,22 +831,24 @@ CRC32_checksum(krb5_context context,
static void
RSA_MD4_checksum(krb5_context context,
struct key_data *key,
- void *data,
+ const void *data,
size_t len,
+ unsigned usage,
Checksum *C)
{
MD4_CTX m;
- MD4Init (&m);
- MD4Update (&m, data, len);
- MD4Final (C->checksum.data, &m);
+ MD4_Init (&m);
+ MD4_Update (&m, data, len);
+ MD4_Final (C->checksum.data, &m);
}
static void
RSA_MD4_DES_checksum(krb5_context context,
struct key_data *key,
- void *data,
+ const void *data,
size_t len,
+ unsigned usage,
Checksum *cksum)
{
MD4_CTX md4;
@@ -828,13 +856,13 @@ RSA_MD4_DES_checksum(krb5_context context,
unsigned char *p = cksum->checksum.data;
krb5_generate_random_block(p, 8);
- MD4Init (&md4);
- MD4Update (&md4, p, 8);
- MD4Update (&md4, data, len);
- MD4Final (p + 8, &md4);
+ MD4_Init (&md4);
+ MD4_Update (&md4, p, 8);
+ MD4_Update (&md4, data, len);
+ MD4_Final (p + 8, &md4);
memset (&ivec, 0, sizeof(ivec));
- des_cbc_encrypt((const void *)p,
- (void *)p,
+ des_cbc_encrypt((des_cblock*)p,
+ (des_cblock*)p,
24,
key->schedule->data,
&ivec,
@@ -844,8 +872,9 @@ RSA_MD4_DES_checksum(krb5_context context,
static krb5_error_code
RSA_MD4_DES_verify(krb5_context context,
struct key_data *key,
- void *data,
+ const void *data,
size_t len,
+ unsigned usage,
Checksum *C)
{
MD4_CTX md4;
@@ -861,10 +890,10 @@ RSA_MD4_DES_verify(krb5_context context,
key->schedule->data,
&ivec,
DES_DECRYPT);
- MD4Init (&md4);
- MD4Update (&md4, tmp, 8); /* confounder */
- MD4Update (&md4, data, len);
- MD4Final (res, &md4);
+ MD4_Init (&md4);
+ MD4_Update (&md4, tmp, 8); /* confounder */
+ MD4_Update (&md4, data, len);
+ MD4_Final (res, &md4);
if(memcmp(res, tmp + 8, sizeof(res)) != 0)
ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
memset(tmp, 0, sizeof(tmp));
@@ -875,22 +904,24 @@ RSA_MD4_DES_verify(krb5_context context,
static void
RSA_MD5_checksum(krb5_context context,
struct key_data *key,
- void *data,
+ const void *data,
size_t len,
+ unsigned usage,
Checksum *C)
{
MD5_CTX m;
- MD5Init (&m);
- MD5Update(&m, data, len);
- MD5Final (C->checksum.data, &m);
+ MD5_Init (&m);
+ MD5_Update(&m, data, len);
+ MD5_Final (C->checksum.data, &m);
}
static void
RSA_MD5_DES_checksum(krb5_context context,
struct key_data *key,
- void *data,
+ const void *data,
size_t len,
+ unsigned usage,
Checksum *C)
{
MD5_CTX md5;
@@ -898,13 +929,13 @@ RSA_MD5_DES_checksum(krb5_context context,
unsigned char *p = C->checksum.data;
krb5_generate_random_block(p, 8);
- MD5Init (&md5);
- MD5Update (&md5, p, 8);
- MD5Update (&md5, data, len);
- MD5Final (p + 8, &md5);
+ MD5_Init (&md5);
+ MD5_Update (&md5, p, 8);
+ MD5_Update (&md5, data, len);
+ MD5_Final (p + 8, &md5);
memset (&ivec, 0, sizeof(ivec));
- des_cbc_encrypt((const void *)p,
- (void *)p,
+ des_cbc_encrypt((des_cblock*)p,
+ (des_cblock*)p,
24,
key->schedule->data,
&ivec,
@@ -914,8 +945,9 @@ RSA_MD5_DES_checksum(krb5_context context,
static krb5_error_code
RSA_MD5_DES_verify(krb5_context context,
struct key_data *key,
- void *data,
+ const void *data,
size_t len,
+ unsigned usage,
Checksum *C)
{
MD5_CTX md5;
@@ -932,10 +964,10 @@ RSA_MD5_DES_verify(krb5_context context,
sched[0],
&ivec,
DES_DECRYPT);
- MD5Init (&md5);
- MD5Update (&md5, tmp, 8); /* confounder */
- MD5Update (&md5, data, len);
- MD5Final (res, &md5);
+ MD5_Init (&md5);
+ MD5_Update (&md5, tmp, 8); /* confounder */
+ MD5_Update (&md5, data, len);
+ MD5_Final (res, &md5);
if(memcmp(res, tmp + 8, sizeof(res)) != 0)
ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
memset(tmp, 0, sizeof(tmp));
@@ -946,8 +978,9 @@ RSA_MD5_DES_verify(krb5_context context,
static void
RSA_MD5_DES3_checksum(krb5_context context,
struct key_data *key,
- void *data,
+ const void *data,
size_t len,
+ unsigned usage,
Checksum *C)
{
MD5_CTX md5;
@@ -956,13 +989,13 @@ RSA_MD5_DES3_checksum(krb5_context context,
des_key_schedule *sched = key->schedule->data;
krb5_generate_random_block(p, 8);
- MD5Init (&md5);
- MD5Update (&md5, p, 8);
- MD5Update (&md5, data, len);
- MD5Final (p + 8, &md5);
+ MD5_Init (&md5);
+ MD5_Update (&md5, p, 8);
+ MD5_Update (&md5, data, len);
+ MD5_Final (p + 8, &md5);
memset (&ivec, 0, sizeof(ivec));
- des_ede3_cbc_encrypt((const void *)p,
- (void *)p,
+ des_ede3_cbc_encrypt((des_cblock*)p,
+ (des_cblock*)p,
24,
sched[0], sched[1], sched[2],
&ivec,
@@ -972,8 +1005,9 @@ RSA_MD5_DES3_checksum(krb5_context context,
static krb5_error_code
RSA_MD5_DES3_verify(krb5_context context,
struct key_data *key,
- void *data,
+ const void *data,
size_t len,
+ unsigned usage,
Checksum *C)
{
MD5_CTX md5;
@@ -990,10 +1024,10 @@ RSA_MD5_DES3_verify(krb5_context context,
sched[0], sched[1], sched[2],
&ivec,
DES_DECRYPT);
- MD5Init (&md5);
- MD5Update (&md5, tmp, 8); /* confounder */
- MD5Update (&md5, data, len);
- MD5Final (res, &md5);
+ MD5_Init (&md5);
+ MD5_Update (&md5, tmp, 8); /* confounder */
+ MD5_Update (&md5, data, len);
+ MD5_Final (res, &md5);
if(memcmp(res, tmp + 8, sizeof(res)) != 0)
ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
memset(tmp, 0, sizeof(tmp));
@@ -1004,23 +1038,25 @@ RSA_MD5_DES3_verify(krb5_context context,
static void
SHA1_checksum(krb5_context context,
struct key_data *key,
- void *data,
+ const void *data,
size_t len,
+ unsigned usage,
Checksum *C)
{
- SHA1_CTX m;
+ SHA_CTX m;
- SHA1Init(&m);
- SHA1Update(&m, data, len);
- SHA1Final(C->checksum.data, &m);
+ SHA1_Init(&m);
+ SHA1_Update(&m, data, len);
+ SHA1_Final(C->checksum.data, &m);
}
/* HMAC according to RFC2104 */
static void
hmac(krb5_context context,
struct checksum_type *cm,
- void *data,
+ const void *data,
size_t len,
+ unsigned usage,
struct key_data *keyblock,
Checksum *result)
{
@@ -1034,6 +1070,7 @@ hmac(krb5_context context,
keyblock,
keyblock->key->keyvalue.data,
keyblock->key->keyvalue.length,
+ usage,
result);
key = result->checksum.data;
key_len = result->checksum.length;
@@ -1050,11 +1087,12 @@ hmac(krb5_context context,
opad[i] ^= key[i];
}
memcpy(ipad + cm->blocksize, data, len);
- (*cm->checksum)(context, keyblock, ipad, cm->blocksize + len, result);
+ (*cm->checksum)(context, keyblock, ipad, cm->blocksize + len,
+ usage, result);
memcpy(opad + cm->blocksize, result->checksum.data,
result->checksum.length);
(*cm->checksum)(context, keyblock, opad,
- cm->blocksize + cm->checksumsize, result);
+ cm->blocksize + cm->checksumsize, usage, result);
memset(ipad, 0, cm->blocksize + len);
free(ipad);
memset(opad, 0, cm->blocksize + cm->checksumsize);
@@ -1064,13 +1102,84 @@ hmac(krb5_context context,
static void
HMAC_SHA1_DES3_checksum(krb5_context context,
struct key_data *key,
- void *data,
+ const void *data,
size_t len,
+ unsigned usage,
Checksum *result)
{
struct checksum_type *c = _find_checksum(CKSUMTYPE_SHA1);
- hmac(context, c, data, len, key, result);
+ hmac(context, c, data, len, usage, key, result);
+}
+
+/*
+ * checksum according to section 5. of draft-brezak-win2k-krb-rc4-hmac-03.txt
+ */
+
+static void
+HMAC_MD5_checksum(krb5_context context,
+ struct key_data *key,
+ const void *data,
+ size_t len,
+ unsigned usage,
+ Checksum *result)
+{
+ MD5_CTX md5;
+ struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5);
+ const char signature[] = "signaturekey";
+ Checksum ksign_c;
+ struct key_data ksign;
+ krb5_keyblock kb;
+ unsigned char t[4];
+ unsigned char tmp[16];
+ unsigned char ksign_c_data[16];
+
+ ksign_c.checksum.length = sizeof(ksign_c_data);
+ ksign_c.checksum.data = ksign_c_data;
+ hmac(context, c, signature, sizeof(signature), 0, key, &ksign_c);
+ ksign.key = &kb;
+ kb.keyvalue = ksign_c.checksum;
+ MD5_Init (&md5);
+ t[0] = (usage >> 0) & 0xFF;
+ t[1] = (usage >> 8) & 0xFF;
+ t[2] = (usage >> 16) & 0xFF;
+ t[3] = (usage >> 24) & 0xFF;
+ MD5_Update (&md5, t, 4);
+ MD5_Update (&md5, data, len);
+ MD5_Final (tmp, &md5);
+ hmac(context, c, tmp, sizeof(tmp), 0, &ksign, result);
+}
+
+/*
+ * same as previous but being used while encrypting.
+ */
+
+static void
+HMAC_MD5_checksum_enc(krb5_context context,
+ struct key_data *key,
+ const void *data,
+ size_t len,
+ unsigned usage,
+ Checksum *result)
+{
+ struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5);
+ Checksum ksign_c;
+ struct key_data ksign;
+ krb5_keyblock kb;
+ unsigned char t[4];
+ unsigned char ksign_c_data[16];
+
+ t[0] = (usage >> 0) & 0xFF;
+ t[1] = (usage >> 8) & 0xFF;
+ t[2] = (usage >> 16) & 0xFF;
+ t[3] = (usage >> 24) & 0xFF;
+
+ ksign_c.checksum.length = sizeof(ksign_c_data);
+ ksign_c.checksum.data = ksign_c_data;
+ hmac(context, c, t, sizeof(t), 0, key, &ksign_c);
+ ksign.key = &kb;
+ kb.keyvalue = ksign_c.checksum;
+ hmac(context, c, data, len, 0, &ksign, result);
}
struct checksum_type checksum_none = {
@@ -1116,7 +1225,7 @@ struct checksum_type checksum_des_mac = {
0,
0,
0,
- DES_MAC_checksum,
+ DES_MAC_checksum
};
struct checksum_type checksum_des_mac_k = {
CKSUMTYPE_DES_MAC_K,
@@ -1124,7 +1233,7 @@ struct checksum_type checksum_des_mac_k = {
0,
0,
0,
- DES_MAC_K_checksum,
+ DES_MAC_K_checksum
};
struct checksum_type checksum_rsa_md4_des_k = {
CKSUMTYPE_RSA_MD4_DES_K,
@@ -1132,8 +1241,8 @@ struct checksum_type checksum_rsa_md4_des_k = {
0,
0,
0,
- RSA_MD4_DES_K_checksum,
- RSA_MD4_DES_K_verify,
+ RSA_MD4_DES_K_checksum,
+ RSA_MD4_DES_K_verify
};
#endif
struct checksum_type checksum_rsa_md5 = {
@@ -1152,7 +1261,7 @@ struct checksum_type checksum_rsa_md5_des = {
24,
F_KEYED | F_CPROOF | F_VARIANT,
RSA_MD5_DES_checksum,
- RSA_MD5_DES_verify,
+ RSA_MD5_DES_verify
};
struct checksum_type checksum_rsa_md5_des3 = {
CKSUMTYPE_RSA_MD5_DES3,
@@ -1161,7 +1270,7 @@ struct checksum_type checksum_rsa_md5_des3 = {
24,
F_KEYED | F_CPROOF | F_VARIANT,
RSA_MD5_DES3_checksum,
- RSA_MD5_DES3_verify,
+ RSA_MD5_DES3_verify
};
struct checksum_type checksum_sha1 = {
CKSUMTYPE_SHA1,
@@ -1182,6 +1291,26 @@ struct checksum_type checksum_hmac_sha1_des3 = {
NULL
};
+struct checksum_type checksum_hmac_md5 = {
+ CKSUMTYPE_HMAC_MD5,
+ "hmac-md5",
+ 64,
+ 16,
+ F_KEYED | F_CPROOF,
+ HMAC_MD5_checksum,
+ NULL
+};
+
+struct checksum_type checksum_hmac_md5_enc = {
+ CKSUMTYPE_HMAC_MD5_ENC,
+ "hmac-md5-enc",
+ 64,
+ 16,
+ F_KEYED | F_CPROOF | F_PSEUDO,
+ HMAC_MD5_checksum_enc,
+ NULL
+};
+
struct checksum_type *checksum_types[] = {
&checksum_none,
&checksum_crc32,
@@ -1196,7 +1325,9 @@ struct checksum_type *checksum_types[] = {
&checksum_rsa_md5_des,
&checksum_rsa_md5_des3,
&checksum_sha1,
- &checksum_hmac_sha1_des3
+ &checksum_hmac_sha1_des3,
+ &checksum_hmac_md5,
+ &checksum_hmac_md5_enc
};
static int num_checksums = sizeof(checksum_types) / sizeof(checksum_types[0]);
@@ -1257,13 +1388,15 @@ do_checksum (krb5_context context,
keyed_checksum = (ct->flags & F_KEYED) != 0;
if(keyed_checksum && crypto == NULL)
return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */
- if(keyed_checksum)
+ if(keyed_checksum) {
ret = get_checksum_key(context, crypto, usage, ct, &dkey);
- else
+ if (ret)
+ return ret;
+ } else
dkey = NULL;
result->cksumtype = ct->type;
krb5_data_alloc(&result->checksum, ct->checksumsize);
- (*ct->checksum)(context, dkey, data, len, result);
+ (*ct->checksum)(context, dkey, data, len, usage, result);
return 0;
}
@@ -1329,13 +1462,13 @@ verify_checksum(krb5_context context,
else
dkey = NULL;
if(ct->verify)
- return (*ct->verify)(context, dkey, data, len, cksum);
+ return (*ct->verify)(context, dkey, data, len, usage, cksum);
ret = krb5_data_alloc (&c.checksum, ct->checksumsize);
if (ret)
return ret;
- (*ct->checksum)(context, dkey, data, len, &c);
+ (*ct->checksum)(context, dkey, data, len, usage, &c);
if(c.checksum.length != cksum->checksum.length ||
memcmp(c.checksum.data, cksum->checksum.data, c.checksum.length))
@@ -1394,62 +1527,297 @@ krb5_checksum_is_collision_proof(krb5_context context,
* *
************************************************************/
-static void
+static krb5_error_code
NULL_encrypt(struct key_data *key,
void *data,
size_t len,
- krb5_boolean encrypt)
+ krb5_boolean encrypt,
+ int usage,
+ void *ivec)
{
+ return 0;
}
-static void
+static krb5_error_code
DES_CBC_encrypt_null_ivec(struct key_data *key,
void *data,
size_t len,
- krb5_boolean encrypt)
+ krb5_boolean encrypt,
+ int usage,
+ void *ignore_ivec)
{
des_cblock ivec;
des_key_schedule *s = key->schedule->data;
memset(&ivec, 0, sizeof(ivec));
des_cbc_encrypt(data, data, len, *s, &ivec, encrypt);
+ return 0;
}
-static void
+static krb5_error_code
DES_CBC_encrypt_key_ivec(struct key_data *key,
void *data,
size_t len,
- krb5_boolean encrypt)
+ krb5_boolean encrypt,
+ int usage,
+ void *ignore_ivec)
{
des_cblock ivec;
des_key_schedule *s = key->schedule->data;
memcpy(&ivec, key->key->keyvalue.data, sizeof(ivec));
des_cbc_encrypt(data, data, len, *s, &ivec, encrypt);
+ return 0;
}
-static void
+static krb5_error_code
DES3_CBC_encrypt(struct key_data *key,
void *data,
size_t len,
- krb5_boolean encrypt)
+ krb5_boolean encrypt,
+ int usage,
+ void *ignore_ivec)
{
des_cblock ivec;
des_key_schedule *s = key->schedule->data;
memset(&ivec, 0, sizeof(ivec));
des_ede3_cbc_encrypt(data, data, len, s[0], s[1], s[2], &ivec, encrypt);
+ return 0;
}
-static void
+static krb5_error_code
+DES3_CBC_encrypt_ivec(struct key_data *key,
+ void *data,
+ size_t len,
+ krb5_boolean encrypt,
+ int usage,
+ void *ivec)
+{
+ des_key_schedule *s = key->schedule->data;
+
+ des_ede3_cbc_encrypt(data, data, len, s[0], s[1], s[2], ivec, encrypt);
+ return 0;
+}
+
+static krb5_error_code
+DES_CFB64_encrypt_null_ivec(struct key_data *key,
+ void *data,
+ size_t len,
+ krb5_boolean encrypt,
+ int usage,
+ void *ignore_ivec)
+{
+ des_cblock ivec;
+ int num = 0;
+ des_key_schedule *s = key->schedule->data;
+ memset(&ivec, 0, sizeof(ivec));
+
+ des_cfb64_encrypt(data, data, len, *s, &ivec, &num, encrypt);
+ return 0;
+}
+
+static krb5_error_code
+DES_PCBC_encrypt_key_ivec(struct key_data *key,
+ void *data,
+ size_t len,
+ krb5_boolean encrypt,
+ int usage,
+ void *ignore_ivec)
+{
+ des_cblock ivec;
+ des_key_schedule *s = key->schedule->data;
+ memcpy(&ivec, key->key->keyvalue.data, sizeof(ivec));
+
+ des_pcbc_encrypt(data, data, len, *s, &ivec, encrypt);
+ return 0;
+}
+
+/*
+ * section 6 of draft-brezak-win2k-krb-rc4-hmac-03
+ *
+ * warning: not for small children
+ */
+
+static krb5_error_code
+ARCFOUR_subencrypt(struct key_data *key,
+ void *data,
+ size_t len,
+ int usage,
+ void *ivec)
+{
+ struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5);
+ Checksum k1_c, k2_c, k3_c, cksum;
+ struct key_data ke;
+ krb5_keyblock kb;
+ unsigned char t[4];
+ RC4_KEY rc4_key;
+ char *cdata = (char *)data;
+ unsigned char k1_c_data[16], k2_c_data[16], k3_c_data[16];
+
+ t[0] = (usage >> 0) & 0xFF;
+ t[1] = (usage >> 8) & 0xFF;
+ t[2] = (usage >> 16) & 0xFF;
+ t[3] = (usage >> 24) & 0xFF;
+
+ k1_c.checksum.length = sizeof(k1_c_data);
+ k1_c.checksum.data = k1_c_data;
+
+ hmac(NULL, c, t, sizeof(t), 0, key, &k1_c);
+
+ memcpy (k2_c_data, k1_c_data, sizeof(k1_c_data));
+
+ k2_c.checksum.length = sizeof(k2_c_data);
+ k2_c.checksum.data = k2_c_data;
+
+ ke.key = &kb;
+ kb.keyvalue = k2_c.checksum;
+
+ cksum.checksum.length = 16;
+ cksum.checksum.data = data;
+
+ hmac(NULL, c, cdata + 16, len - 16, 0, &ke, &cksum);
+
+ ke.key = &kb;
+ kb.keyvalue = k1_c.checksum;
+
+ k3_c.checksum.length = sizeof(k3_c_data);
+ k3_c.checksum.data = k3_c_data;
+
+ hmac(NULL, c, data, 16, 0, &ke, &k3_c);
+
+ RC4_set_key (&rc4_key, k3_c.checksum.length, k3_c.checksum.data);
+ RC4 (&rc4_key, len - 16, cdata + 16, cdata + 16);
+ memset (k1_c_data, 0, sizeof(k1_c_data));
+ memset (k2_c_data, 0, sizeof(k2_c_data));
+ memset (k3_c_data, 0, sizeof(k3_c_data));
+ return 0;
+}
+
+static krb5_error_code
+ARCFOUR_subdecrypt(struct key_data *key,
+ void *data,
+ size_t len,
+ int usage,
+ void *ivec)
+{
+ struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5);
+ Checksum k1_c, k2_c, k3_c, cksum;
+ struct key_data ke;
+ krb5_keyblock kb;
+ unsigned char t[4];
+ RC4_KEY rc4_key;
+ char *cdata = (char *)data;
+ unsigned char k1_c_data[16], k2_c_data[16], k3_c_data[16];
+ unsigned char cksum_data[16];
+
+ t[0] = (usage >> 0) & 0xFF;
+ t[1] = (usage >> 8) & 0xFF;
+ t[2] = (usage >> 16) & 0xFF;
+ t[3] = (usage >> 24) & 0xFF;
+
+ k1_c.checksum.length = sizeof(k1_c_data);
+ k1_c.checksum.data = k1_c_data;
+
+ hmac(NULL, c, t, sizeof(t), 0, key, &k1_c);
+
+ memcpy (k2_c_data, k1_c_data, sizeof(k1_c_data));
+
+ k2_c.checksum.length = sizeof(k2_c_data);
+ k2_c.checksum.data = k2_c_data;
+
+ ke.key = &kb;
+ kb.keyvalue = k1_c.checksum;
+
+ k3_c.checksum.length = sizeof(k3_c_data);
+ k3_c.checksum.data = k3_c_data;
+
+ hmac(NULL, c, cdata, 16, 0, &ke, &k3_c);
+
+ RC4_set_key (&rc4_key, k3_c.checksum.length, k3_c.checksum.data);
+ RC4 (&rc4_key, len - 16, cdata + 16, cdata + 16);
+
+ ke.key = &kb;
+ kb.keyvalue = k2_c.checksum;
+
+ cksum.checksum.length = 16;
+ cksum.checksum.data = cksum_data;
+
+ hmac(NULL, c, cdata + 16, len - 16, 0, &ke, &cksum);
+
+ memset (k1_c_data, 0, sizeof(k1_c_data));
+ memset (k2_c_data, 0, sizeof(k2_c_data));
+ memset (k3_c_data, 0, sizeof(k3_c_data));
+
+ if (memcmp (cksum.checksum.data, data, 16) != 0)
+ return KRB5KRB_AP_ERR_BAD_INTEGRITY;
+ else
+ return 0;
+}
+
+/*
+ * convert the usage numbers used in
+ * draft-ietf-cat-kerb-key-derivation-00.txt to the ones in
+ * draft-brezak-win2k-krb-rc4-hmac-03.txt
+ */
+
+static int
+usage2arcfour (int usage)
+{
+ switch (usage) {
+ case KRB5_KU_PA_ENC_TIMESTAMP :
+ return 1;
+ case KRB5_KU_TICKET :
+ return 8;
+ case KRB5_KU_AS_REP_ENC_PART :
+ return 8;
+ case KRB5_KU_TGS_REQ_AUTH_DAT_SESSION :
+ case KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY :
+ case KRB5_KU_TGS_REQ_AUTH_CKSUM :
+ case KRB5_KU_TGS_REQ_AUTH :
+ return 7;
+ case KRB5_KU_TGS_REP_ENC_PART_SESSION :
+ case KRB5_KU_TGS_REP_ENC_PART_SUB_KEY :
+ return 8;
+ case KRB5_KU_AP_REQ_AUTH_CKSUM :
+ case KRB5_KU_AP_REQ_AUTH :
+ case KRB5_KU_AP_REQ_ENC_PART :
+ return 11;
+ case KRB5_KU_KRB_PRIV :
+ return 0;
+ case KRB5_KU_KRB_CRED :
+ case KRB5_KU_KRB_SAFE_CKSUM :
+ case KRB5_KU_OTHER_ENCRYPTED :
+ case KRB5_KU_OTHER_CKSUM :
+ case KRB5_KU_KRB_ERROR :
+ case KRB5_KU_AD_KDC_ISSUED :
+ case KRB5_KU_MANDATORY_TICKET_EXTENSION :
+ case KRB5_KU_AUTH_DATA_TICKET_EXTENSION :
+ case KRB5_KU_USAGE_SEAL :
+ case KRB5_KU_USAGE_SIGN :
+ case KRB5_KU_USAGE_SEQ :
+ default :
+ abort ();
+ }
+}
+
+static krb5_error_code
ARCFOUR_encrypt(struct key_data *key,
void *data,
size_t len,
- krb5_boolean encrypt)
+ krb5_boolean encrypt,
+ int usage,
+ void *ivec)
{
+ usage = usage2arcfour (usage);
+ if (encrypt)
+ return ARCFOUR_subencrypt (key, data, len, usage, ivec);
+ else
+ return ARCFOUR_subdecrypt (key, data, len, usage, ivec);
}
+
/*
* these should currently be in reverse preference order.
- */
+ * (only relevant for !F_PSEUDO) */
static struct encryption_type etypes[] = {
{
@@ -1496,6 +1864,17 @@ static struct encryption_type etypes[] = {
0,
DES_CBC_encrypt_null_ivec,
},
+ {
+ ETYPE_ARCFOUR_HMAC_MD5,
+ "arcfour-hmac-md5",
+ 1,
+ 8,
+ &keytype_arcfour,
+ &checksum_hmac_md5_enc,
+ &checksum_hmac_md5_enc,
+ F_SPECIAL,
+ ARCFOUR_encrypt
+ },
{
ETYPE_DES3_CBC_MD5,
"des3-cbc-md5",
@@ -1541,6 +1920,28 @@ static struct encryption_type etypes[] = {
DES_CBC_encrypt_null_ivec,
},
{
+ ETYPE_DES_CFB64_NONE,
+ "des-cfb64-none",
+ 1,
+ 0,
+ &keytype_des,
+ &checksum_none,
+ NULL,
+ F_PSEUDO,
+ DES_CFB64_encrypt_null_ivec,
+ },
+ {
+ ETYPE_DES_PCBC_NONE,
+ "des-pcbc-none",
+ 8,
+ 0,
+ &keytype_des,
+ &checksum_none,
+ NULL,
+ F_PSEUDO,
+ DES_PCBC_encrypt_key_ivec,
+ },
+ {
ETYPE_DES3_CBC_NONE,
"des3-cbc-none",
8,
@@ -1549,8 +1950,19 @@ static struct encryption_type etypes[] = {
&checksum_none,
NULL,
F_PSEUDO,
- DES_CBC_encrypt_null_ivec,
+ DES3_CBC_encrypt,
},
+ {
+ ETYPE_DES3_CBC_NONE_IVEC,
+ "des3-cbc-none-ivec",
+ 8,
+ 0,
+ &keytype_des3_derived,
+ &checksum_none,
+ NULL,
+ F_PSEUDO,
+ DES3_CBC_encrypt_ivec,
+ }
};
static unsigned num_etypes = sizeof(etypes) / sizeof(etypes[0]);
@@ -1706,6 +2118,12 @@ derived_crypto(krb5_context context,
return (crypto->et->flags & F_DERIVED) != 0;
}
+static krb5_boolean
+special_crypto(krb5_context context,
+ krb5_crypto crypto)
+{
+ return (crypto->et->flags & F_SPECIAL) != 0;
+}
#define CHECKSUMSIZE(C) ((C)->checksumsize)
#define CHECKSUMTYPE(C) ((C)->type)
@@ -1716,7 +2134,8 @@ encrypt_internal_derived(krb5_context context,
unsigned usage,
void *data,
size_t len,
- krb5_data *result)
+ krb5_data *result,
+ void *ivec)
{
size_t sz, block_sz, checksum_sz;
Checksum cksum;
@@ -1745,14 +2164,17 @@ encrypt_internal_derived(krb5_context context,
p,
block_sz,
&cksum);
- if(ret == 0 && cksum.checksum.length != checksum_sz)
- ret = KRB5_CRYPTO_INTERNAL;
+ if(ret == 0 && cksum.checksum.length != checksum_sz) {
+ free_Checksum (&cksum);
+ ret = KRB5_CRYPTO_INTERNAL;
+ }
if(ret) {
memset(p, 0, block_sz + checksum_sz);
free(p);
return ret;
}
memcpy(p + block_sz, cksum.checksum.data, cksum.checksum.length);
+ free_Checksum (&cksum);
ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey);
if(ret) {
memset(p, 0, block_sz + checksum_sz);
@@ -1768,7 +2190,7 @@ encrypt_internal_derived(krb5_context context,
#ifdef CRYPTO_DEBUG
krb5_crypto_debug(context, 1, block_sz, dkey->key);
#endif
- (*et->encrypt)(dkey, p, block_sz, 1);
+ (*et->encrypt)(dkey, p, block_sz, 1, usage, ivec);
result->data = p;
result->length = block_sz + checksum_sz;
return 0;
@@ -1779,7 +2201,8 @@ encrypt_internal(krb5_context context,
krb5_crypto crypto,
void *data,
size_t len,
- krb5_data *result)
+ krb5_data *result,
+ void *ivec)
{
size_t sz, block_sz, checksum_sz;
Checksum cksum;
@@ -1830,19 +2253,49 @@ encrypt_internal(krb5_context context,
#ifdef CRYPTO_DEBUG
krb5_crypto_debug(context, 1, block_sz, crypto->key.key);
#endif
- (*et->encrypt)(&crypto->key, p, block_sz, 1);
+ (*et->encrypt)(&crypto->key, p, block_sz, 1, 0, ivec);
result->data = p;
result->length = block_sz;
return 0;
}
static krb5_error_code
+encrypt_internal_special(krb5_context context,
+ krb5_crypto crypto,
+ int usage,
+ void *data,
+ size_t len,
+ krb5_data *result,
+ void *ivec)
+{
+ struct encryption_type *et = crypto->et;
+ size_t cksum_sz = CHECKSUMSIZE(et->cksumtype);
+ size_t sz = len + cksum_sz + et->confoundersize;
+ char *tmp, *p;
+
+ tmp = malloc (sz);
+ if (tmp == NULL)
+ return ENOMEM;
+ p = tmp;
+ memset (p, 0, cksum_sz);
+ p += cksum_sz;
+ krb5_generate_random_block(p, et->confoundersize);
+ p += et->confoundersize;
+ memcpy (p, data, len);
+ (*et->encrypt)(&crypto->key, tmp, sz, TRUE, usage, ivec);
+ result->data = tmp;
+ result->length = sz;
+ return 0;
+}
+
+static krb5_error_code
decrypt_internal_derived(krb5_context context,
krb5_crypto crypto,
unsigned usage,
void *data,
size_t len,
- krb5_data *result)
+ krb5_data *result,
+ void *ivec)
{
size_t checksum_sz;
Checksum cksum;
@@ -1852,12 +2305,15 @@ decrypt_internal_derived(krb5_context context,
struct encryption_type *et = crypto->et;
unsigned long l;
+ checksum_sz = CHECKSUMSIZE(et->keyed_checksum);
+ if (len < checksum_sz)
+ return EINVAL; /* better error code? */
+
p = malloc(len);
if(len != 0 && p == NULL)
return ENOMEM;
memcpy(p, data, len);
- checksum_sz = CHECKSUMSIZE(et->keyed_checksum);
len -= checksum_sz;
ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey);
@@ -1873,7 +2329,7 @@ decrypt_internal_derived(krb5_context context,
#ifdef CRYPTO_DEBUG
krb5_crypto_debug(context, 0, len, dkey->key);
#endif
- (*et->encrypt)(dkey, p, len, 0);
+ (*et->encrypt)(dkey, p, len, 0, usage, ivec);
cksum.checksum.data = p + len;
cksum.checksum.length = checksum_sz;
@@ -1905,7 +2361,8 @@ decrypt_internal(krb5_context context,
krb5_crypto crypto,
void *data,
size_t len,
- krb5_data *result)
+ krb5_data *result,
+ void *ivec)
{
krb5_error_code ret;
unsigned char *p;
@@ -1927,11 +2384,11 @@ decrypt_internal(krb5_context context,
#ifdef CRYPTO_DEBUG
krb5_crypto_debug(context, 0, len, crypto->key.key);
#endif
- (*et->encrypt)(&crypto->key, p, len, 0);
+ (*et->encrypt)(&crypto->key, p, len, 0, 0, ivec);
ret = krb5_data_copy(&cksum.checksum, p + et->confoundersize, checksum_sz);
if(ret) {
- free(p);
- return ret;
+ free(p);
+ return ret;
}
memset(p + et->confoundersize, 0, checksum_sz);
cksum.cksumtype = CHECKSUMTYPE(et->cksumtype);
@@ -1952,6 +2409,54 @@ decrypt_internal(krb5_context context,
return 0;
}
+static krb5_error_code
+decrypt_internal_special(krb5_context context,
+ krb5_crypto crypto,
+ int usage,
+ void *data,
+ size_t len,
+ krb5_data *result,
+ void *ivec)
+{
+ struct encryption_type *et = crypto->et;
+ size_t cksum_sz = CHECKSUMSIZE(et->cksumtype);
+ size_t sz = len - cksum_sz - et->confoundersize;
+ char *cdata = (char *)data;
+ char *tmp;
+
+ tmp = malloc (sz);
+ if (tmp == NULL)
+ return ENOMEM;
+
+ (*et->encrypt)(&crypto->key, data, len, FALSE, usage, ivec);
+
+ memcpy (tmp, cdata + cksum_sz + et->confoundersize, sz);
+
+ result->data = tmp;
+ result->length = sz;
+ return 0;
+}
+
+
+krb5_error_code
+krb5_encrypt_ivec(krb5_context context,
+ krb5_crypto crypto,
+ unsigned usage,
+ void *data,
+ size_t len,
+ krb5_data *result,
+ void *ivec)
+{
+ if(derived_crypto(context, crypto))
+ return encrypt_internal_derived(context, crypto, usage,
+ data, len, result, ivec);
+ else if (special_crypto(context, crypto))
+ return encrypt_internal_special (context, crypto, usage,
+ data, len, result, ivec);
+ else
+ return encrypt_internal(context, crypto, data, len, result, ivec);
+}
+
krb5_error_code
krb5_encrypt(krb5_context context,
krb5_crypto crypto,
@@ -1960,11 +2465,7 @@ krb5_encrypt(krb5_context context,
size_t len,
krb5_data *result)
{
- if(derived_crypto(context, crypto))
- return encrypt_internal_derived(context, crypto, usage,
- data, len, result);
- else
- return encrypt_internal(context, crypto, data, len, result);
+ return krb5_encrypt_ivec(context, crypto, usage, data, len, result, NULL);
}
krb5_error_code
@@ -1986,6 +2487,25 @@ krb5_encrypt_EncryptedData(krb5_context context,
}
krb5_error_code
+krb5_decrypt_ivec(krb5_context context,
+ krb5_crypto crypto,
+ unsigned usage,
+ void *data,
+ size_t len,
+ krb5_data *result,
+ void *ivec)
+{
+ if(derived_crypto(context, crypto))
+ return decrypt_internal_derived(context, crypto, usage,
+ data, len, result, ivec);
+ else if (special_crypto (context, crypto))
+ return decrypt_internal_special(context, crypto, usage,
+ data, len, result, ivec);
+ else
+ return decrypt_internal(context, crypto, data, len, result, ivec);
+}
+
+krb5_error_code
krb5_decrypt(krb5_context context,
krb5_crypto crypto,
unsigned usage,
@@ -1993,18 +2513,15 @@ krb5_decrypt(krb5_context context,
size_t len,
krb5_data *result)
{
- if(derived_crypto(context, crypto))
- return decrypt_internal_derived(context, crypto, usage,
- data, len, result);
- else
- return decrypt_internal(context, crypto, data, len, result);
+ return krb5_decrypt_ivec (context, crypto, usage, data, len, result,
+ NULL);
}
krb5_error_code
krb5_decrypt_EncryptedData(krb5_context context,
krb5_crypto crypto,
unsigned usage,
- EncryptedData *e,
+ const EncryptedData *e,
krb5_data *result)
{
return krb5_decrypt(context, crypto, usage,
@@ -2091,7 +2608,7 @@ derive_key(krb5_context context,
ret = _key_schedule(context, key);
if(ret)
return ret;
- if(et->blocksize * 8 < kt->bits ||
+ if(et->blocksize * 8 < kt->bits ||
len != et->blocksize) {
nblocks = (kt->bits + et->blocksize * 8 - 1) / (et->blocksize * 8);
k = malloc(nblocks * et->blocksize);
@@ -2103,16 +2620,18 @@ derive_key(krb5_context context,
memcpy(k + i * et->blocksize,
k + (i - 1) * et->blocksize,
et->blocksize);
- (*et->encrypt)(key, k + i * et->blocksize, et->blocksize, 1);
+ (*et->encrypt)(key, k + i * et->blocksize, et->blocksize, 1, 0,
+ NULL);
}
} else {
+ /* this case is probably broken, but won't be run anyway */
void *c = malloc(len);
size_t res_len = (kt->bits + 7) / 8;
if(len != 0 && c == NULL)
return ENOMEM;
memcpy(c, constant, len);
- (*et->encrypt)(key, c, len, 1);
+ (*et->encrypt)(key, c, len, 1, 0, NULL);
k = malloc(res_len);
if(res_len != 0 && k == NULL)
return ENOMEM;
@@ -2265,6 +2784,35 @@ krb5_string_to_key_derived(krb5_context context,
return ret;
}
+static size_t
+wrapped_length (krb5_context context,
+ krb5_crypto crypto,
+ size_t data_len)
+{
+ struct encryption_type *et = crypto->et;
+ size_t blocksize = et->blocksize;
+ size_t res;
+
+ res = et->confoundersize + et->cksumtype->checksumsize + data_len;
+ res = (res + blocksize - 1) / blocksize * blocksize;
+ return res;
+}
+
+static size_t
+wrapped_length_dervied (krb5_context context,
+ krb5_crypto crypto,
+ size_t data_len)
+{
+ struct encryption_type *et = crypto->et;
+ size_t blocksize = et->blocksize;
+ size_t res;
+
+ res = et->confoundersize + data_len;
+ res = (res + blocksize - 1) / blocksize * blocksize;
+ res += et->cksumtype->checksumsize;
+ return res;
+}
+
/*
* Return the size of an encrypted packet of length `data_len'
*/
@@ -2274,13 +2822,10 @@ krb5_get_wrapped_length (krb5_context context,
krb5_crypto crypto,
size_t data_len)
{
- struct encryption_type *et = crypto->et;
- size_t blocksize = et->blocksize;
- size_t res;
-
- res = (data_len + blocksize - 1) / blocksize * blocksize;
- res = res + et->confoundersize + et->cksumtype->checksumsize;
- return res;
+ if (derived_crypto (context, crypto))
+ return wrapped_length_dervied (context, crypto, data_len);
+ else
+ return wrapped_length (context, crypto, data_len);
}
#ifdef CRYPTO_DEBUG
@@ -2293,9 +2838,9 @@ krb5_get_keyid(krb5_context context,
MD5_CTX md5;
unsigned char tmp[16];
- MD5Init (&md5);
- MD5Update (&md5, key->keyvalue.data, key->keyvalue.length);
- MD5Final (tmp, &md5);
+ MD5_Init (&md5);
+ MD5_Update (&md5, key->keyvalue.data, key->keyvalue.length);
+ MD5_Final (tmp, &md5);
*keyid = (tmp[12] << 24) | (tmp[13] << 16) | (tmp[14] << 8) | tmp[15];
return 0;
}
@@ -2319,3 +2864,69 @@ krb5_crypto_debug(krb5_context context,
}
#endif /* CRYPTO_DEBUG */
+
+#if 0
+int
+main()
+{
+#if 0
+ int i;
+ krb5_context context;
+ krb5_crypto crypto;
+ struct key_data *d;
+ krb5_keyblock key;
+ char constant[4];
+ unsigned usage = ENCRYPTION_USAGE(3);
+ krb5_error_code ret;
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
+
+ key.keytype = ETYPE_NEW_DES3_CBC_SHA1;
+ key.keyvalue.data = "\xb3\x85\x58\x94\xd9\xdc\x7c\xc8"
+ "\x25\xe9\x85\xab\x3e\xb5\xfb\x0e"
+ "\xc8\xdf\xab\x26\x86\x64\x15\x25";
+ key.keyvalue.length = 24;
+
+ krb5_crypto_init(context, &key, 0, &crypto);
+
+ d = _new_derived_key(crypto, usage);
+ if(d == NULL)
+ return ENOMEM;
+ krb5_copy_keyblock(context, crypto->key.key, &d->key);
+ _krb5_put_int(constant, usage, 4);
+ derive_key(context, crypto->et, d, constant, sizeof(constant));
+ return 0;
+#else
+ int i;
+ krb5_context context;
+ krb5_crypto crypto;
+ struct key_data *d;
+ krb5_keyblock key;
+ krb5_error_code ret;
+ Checksum res;
+
+ char *data = "what do ya want for nothing?";
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
+
+ key.keytype = ETYPE_NEW_DES3_CBC_SHA1;
+ key.keyvalue.data = "Jefe";
+ /* "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
+ "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; */
+ key.keyvalue.length = 4;
+
+ d = calloc(1, sizeof(*d));
+
+ d->key = &key;
+ res.checksum.length = 20;
+ res.checksum.data = malloc(res.checksum.length);
+ HMAC_SHA1_DES3_checksum(context, d, data, 28, &res);
+
+ return 0;
+#endif
+}
+#endif
diff --git a/crypto/heimdal/lib/krb5/eai_to_heim_errno.c b/crypto/heimdal/lib/krb5/eai_to_heim_errno.c
new file mode 100644
index 0000000..b9272dd
--- /dev/null
+++ b/crypto/heimdal/lib/krb5/eai_to_heim_errno.c
@@ -0,0 +1,69 @@
+/*
+ * Copyright (c) 2000 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <krb5_locl.h>
+
+RCSID("$Id: eai_to_heim_errno.c,v 1.1 2000/07/08 13:03:36 joda Exp $");
+
+krb5_error_code
+krb5_eai_to_heim_errno(int eai_errno)
+{
+ switch(eai_errno) {
+ case EAI_NOERROR:
+ return 0;
+ case EAI_ADDRFAMILY:
+ return HEIM_EAI_ADDRFAMILY;
+ case EAI_AGAIN:
+ return HEIM_EAI_AGAIN;
+ case EAI_BADFLAGS:
+ return HEIM_EAI_BADFLAGS;
+ case EAI_FAIL:
+ return HEIM_EAI_FAIL;
+ case EAI_FAMILY:
+ return HEIM_EAI_FAMILY;
+ case EAI_MEMORY:
+ return HEIM_EAI_MEMORY;
+ case EAI_NODATA:
+ return HEIM_EAI_NODATA;
+ case EAI_NONAME:
+ return HEIM_EAI_NONAME;
+ case EAI_SERVICE:
+ return HEIM_EAI_SERVICE;
+ case EAI_SOCKTYPE:
+ return HEIM_EAI_SOCKTYPE;
+ case EAI_SYSTEM:
+ return errno;
+ default:
+ return HEIM_EAI_UNKNOWN; /* XXX */
+ }
+}
diff --git a/crypto/heimdal/lib/krb5/expand_hostname.c b/crypto/heimdal/lib/krb5/expand_hostname.c
index 3e98e88..72c5718 100644
--- a/crypto/heimdal/lib/krb5/expand_hostname.c
+++ b/crypto/heimdal/lib/krb5/expand_hostname.c
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: expand_hostname.c,v 1.8 2000/02/20 02:25:29 assar Exp $");
+RCSID("$Id: expand_hostname.c,v 1.9 2000/02/23 03:12:07 assar Exp $");
static krb5_error_code
copy_hostname(krb5_context context,
@@ -130,7 +130,7 @@ krb5_expand_hostname_realms (krb5_context context,
for (a = ai; a != NULL; a = a->ai_next) {
if (a->ai_canonname != NULL) {
- ret = copy_hostname (context, orig_hostname, new_hostname);
+ ret = copy_hostname (context, a->ai_canonname, new_hostname);
if (ret) {
freeaddrinfo (ai);
return ret;
diff --git a/crypto/heimdal/lib/krb5/fcache.c b/crypto/heimdal/lib/krb5/fcache.c
index df88e6f..fbdb3a1 100644
--- a/crypto/heimdal/lib/krb5/fcache.c
+++ b/crypto/heimdal/lib/krb5/fcache.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: fcache.c,v 1.22 1999/12/02 17:05:09 joda Exp $");
+RCSID("$Id: fcache.c,v 1.31 2000/12/05 09:15:10 joda Exp $");
typedef struct krb5_fcache{
char *filename;
@@ -83,28 +83,86 @@ fcc_resolve(krb5_context context, krb5_ccache *id, const char *res)
return 0;
}
+/*
+ * Try to scrub the contents of `filename' safely.
+ */
+
+static int
+scrub_file (int fd)
+{
+ off_t pos;
+ char buf[128];
+
+ pos = lseek(fd, 0, SEEK_END);
+ if (pos < 0)
+ return errno;
+ if (lseek(fd, 0, SEEK_SET) < 0)
+ return errno;
+ memset(buf, 0, sizeof(buf));
+ while(pos > 0) {
+ ssize_t tmp = write(fd, buf, min(sizeof(buf), pos));
+
+ if (tmp < 0)
+ return errno;
+ pos -= tmp;
+ }
+ fsync (fd);
+ return 0;
+}
+
+/*
+ * Erase `filename' if it exists, trying to remove the contents if
+ * it's `safe'. We always try to remove the file, it it exists. It's
+ * only overwritten if it's a regular file (not a symlink and not a
+ * hardlink)
+ */
+
static krb5_error_code
erase_file(const char *filename)
{
int fd;
- off_t pos;
- char buf[128];
+ struct stat sb1, sb2;
+ int ret;
+
+ ret = lstat (filename, &sb1);
+ if (ret < 0)
+ return errno;
fd = open(filename, O_RDWR | O_BINARY);
- if(fd < 0){
+ if(fd < 0) {
if(errno == ENOENT)
return 0;
else
return errno;
}
- pos = lseek(fd, 0, SEEK_END);
- lseek(fd, 0, SEEK_SET);
- memset(buf, 0, sizeof(buf));
- while(pos > 0)
- pos -= write(fd, buf, sizeof(buf));
- close(fd);
- unlink(filename);
- return 0;
+ if (unlink(filename) < 0) {
+ close (fd);
+ return errno;
+ }
+
+ ret = fstat (fd, &sb2);
+ if (ret < 0) {
+ close (fd);
+ return errno;
+ }
+
+ /* check if someone was playing with symlinks */
+
+ if (sb1.st_dev != sb2.st_dev || sb1.st_ino != sb2.st_ino) {
+ close (fd);
+ return EPERM;
+ }
+
+ /* there are still hard links to this file */
+
+ if (sb2.st_nlink != 0) {
+ close (fd);
+ return 0;
+ }
+
+ ret = scrub_file (fd);
+ close (fd);
+ return ret;
}
static krb5_error_code
@@ -116,7 +174,7 @@ fcc_gen_new(krb5_context context, krb5_ccache *id)
f = malloc(sizeof(*f));
if(f == NULL)
return KRB5_CC_NOMEM;
- asprintf(&file, "/tmp/krb5cc_XXXXXX"); /* XXX */
+ asprintf (&file, "%sXXXXXX", KRB5_DEFAULT_CCFILE_ROOT);
if(file == NULL) {
free(f);
return KRB5_CC_NOMEM;
@@ -166,12 +224,11 @@ fcc_initialize(krb5_context context,
krb5_principal primary_principal)
{
krb5_fcache *f = FCACHE(id);
- int ret;
+ int ret = 0;
int fd;
char *filename = f->filename;
- if((ret = erase_file(filename)))
- return ret;
+ unlink (filename);
fd = open(filename, O_RDWR | O_CREAT | O_EXCL | O_BINARY, 0600);
if(fd == -1)
@@ -183,27 +240,29 @@ fcc_initialize(krb5_context context,
f->version = context->fcache_vno;
else
f->version = KRB5_FCC_FVNO_4;
- krb5_store_int8(sp, 5);
- krb5_store_int8(sp, f->version);
+ ret |= krb5_store_int8(sp, 5);
+ ret |= krb5_store_int8(sp, f->version);
storage_set_flags(context, sp, f->version);
- if(f->version == KRB5_FCC_FVNO_4) {
+ if(f->version == KRB5_FCC_FVNO_4 && ret == 0) {
/* V4 stuff */
if (context->kdc_sec_offset) {
- krb5_store_int16 (sp, 12); /* length */
- krb5_store_int16 (sp, FCC_TAG_DELTATIME); /* Tag */
- krb5_store_int16 (sp, 8); /* length of data */
- krb5_store_int32 (sp, context->kdc_sec_offset);
- krb5_store_int32 (sp, context->kdc_usec_offset);
+ ret |= krb5_store_int16 (sp, 12); /* length */
+ ret |= krb5_store_int16 (sp, FCC_TAG_DELTATIME); /* Tag */
+ ret |= krb5_store_int16 (sp, 8); /* length of data */
+ ret |= krb5_store_int32 (sp, context->kdc_sec_offset);
+ ret |= krb5_store_int32 (sp, context->kdc_usec_offset);
} else {
- krb5_store_int16 (sp, 0);
+ ret |= krb5_store_int16 (sp, 0);
}
}
- krb5_store_principal(sp, primary_principal);
+ ret |= krb5_store_principal(sp, primary_principal);
krb5_storage_free(sp);
}
- close(fd);
+ if(close(fd) < 0)
+ if (ret == 0)
+ ret = errno;
- return 0;
+ return ret;
}
static krb5_error_code
@@ -232,6 +291,7 @@ fcc_store_cred(krb5_context context,
krb5_ccache id,
krb5_creds *creds)
{
+ int ret;
int fd;
char *f;
@@ -244,11 +304,13 @@ fcc_store_cred(krb5_context context,
krb5_storage *sp;
sp = krb5_storage_from_fd(fd);
storage_set_flags(context, sp, FCACHE(id)->version);
- krb5_store_creds(sp, creds);
+ ret = krb5_store_creds(sp, creds);
krb5_storage_free(sp);
}
- close(fd);
- return 0; /* XXX */
+ if (close(fd) < 0)
+ if (ret == 0)
+ ret = errno;
+ return ret;
}
static krb5_error_code
@@ -274,12 +336,17 @@ init_fcc (krb5_context context,
int fd;
int8_t pvno, tag;
krb5_storage *sp;
+ krb5_error_code ret;
fd = open(fcache->filename, O_RDONLY | O_BINARY);
if(fd < 0)
return errno;
sp = krb5_storage_from_fd(fd);
- krb5_ret_int8(sp, &pvno);
+ ret = krb5_ret_int8(sp, &pvno);
+ if(ret == KRB5_CC_END)
+ return ENOENT;
+ if(ret)
+ return ret;
if(pvno != 5) {
krb5_storage_free(sp);
close(fd);
@@ -341,10 +408,10 @@ fcc_get_principal(krb5_context context,
ret = init_fcc (context, f, &sp, &fd);
if (ret)
return ret;
- krb5_ret_principal(sp, principal);
+ ret = krb5_ret_principal(sp, principal);
krb5_storage_free(sp);
close(fd);
- return 0;
+ return ret;
}
static krb5_error_code
diff --git a/crypto/heimdal/lib/krb5/generate_seq_number.c b/crypto/heimdal/lib/krb5/generate_seq_number.c
index a000ea1..3ebe562 100644
--- a/crypto/heimdal/lib/krb5/generate_seq_number.c
+++ b/crypto/heimdal/lib/krb5/generate_seq_number.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,12 +33,12 @@
#include <krb5_locl.h>
-RCSID("$Id: generate_seq_number.c,v 1.6 1999/12/02 17:05:09 joda Exp $");
+RCSID("$Id: generate_seq_number.c,v 1.7 2000/04/08 21:20:45 assar Exp $");
krb5_error_code
krb5_generate_seq_number(krb5_context context,
const krb5_keyblock *key,
- int32_t *seqno)
+ u_int32_t *seqno)
{
krb5_error_code ret;
krb5_keyblock *subkey;
diff --git a/crypto/heimdal/lib/krb5/get_addrs.c b/crypto/heimdal/lib/krb5/get_addrs.c
index 65a1b3c..7b9d74c 100644
--- a/crypto/heimdal/lib/krb5/get_addrs.c
+++ b/crypto/heimdal/lib/krb5/get_addrs.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: get_addrs.c,v 1.35 1999/12/02 17:05:09 joda Exp $");
+RCSID("$Id: get_addrs.c,v 1.40 2000/12/10 20:07:05 assar Exp $");
#ifdef __osf__
/* hate */
@@ -43,42 +43,35 @@ struct mbuf;
#ifdef HAVE_NET_IF_H
#include <net/if.h>
#endif
-
-#ifdef HAVE_SYS_SOCKIO_H
-#include <sys/sockio.h>
-#endif /* HAVE_SYS_SOCKIO_H */
-
-#ifdef HAVE_NETINET_IN6_VAR_H
-#include <netinet/in6_var.h>
-#endif /* HAVE_NETINET_IN6_VAR_H */
+#include <ifaddrs.h>
static krb5_error_code
gethostname_fallback (krb5_addresses *res)
{
- krb5_error_code err;
- char hostname[MAXHOSTNAMELEN];
- struct hostent *hostent;
-
- if (gethostname (hostname, sizeof(hostname)))
- return errno;
- hostent = roken_gethostbyname (hostname);
- if (hostent == NULL)
- return errno;
- res->len = 1;
- res->val = malloc (sizeof(*res->val));
- if (res->val == NULL)
- return ENOMEM;
- res->val[0].addr_type = hostent->h_addrtype;
- res->val[0].address.data = NULL;
- res->val[0].address.length = 0;
- err = krb5_data_copy (&res->val[0].address,
- hostent->h_addr,
- hostent->h_length);
- if (err) {
- free (res->val);
- return err;
- }
- return 0;
+ krb5_error_code err;
+ char hostname[MAXHOSTNAMELEN];
+ struct hostent *hostent;
+
+ if (gethostname (hostname, sizeof(hostname)))
+ return errno;
+ hostent = roken_gethostbyname (hostname);
+ if (hostent == NULL)
+ return errno;
+ res->len = 1;
+ res->val = malloc (sizeof(*res->val));
+ if (res->val == NULL)
+ return ENOMEM;
+ res->val[0].addr_type = hostent->h_addrtype;
+ res->val[0].address.data = NULL;
+ res->val[0].address.length = 0;
+ err = krb5_data_copy (&res->val[0].address,
+ hostent->h_addr,
+ hostent->h_length);
+ if (err) {
+ free (res->val);
+ return err;
+ }
+ return 0;
}
enum {
@@ -94,143 +87,96 @@ enum {
*/
static krb5_error_code
-find_all_addresses (krb5_context context,
- krb5_addresses *res, int flags,
- int af, int siocgifconf, int siocgifflags,
- size_t ifreq_sz)
+find_all_addresses (krb5_context context, krb5_addresses *res, int flags)
{
- krb5_error_code ret;
- int fd;
- size_t buf_size;
- char *buf;
- struct ifconf ifconf;
- int num, j = 0;
- char *p;
- size_t sz;
- struct sockaddr sa_zero;
- struct ifreq *ifr;
- krb5_address lo_addr;
- int got_lo = FALSE;
-
- buf = NULL;
- res->val = NULL;
-
- memset (&sa_zero, 0, sizeof(sa_zero));
- fd = socket(af, SOCK_DGRAM, 0);
- if (fd < 0)
- return -1;
+ struct sockaddr sa_zero;
+ struct ifaddrs *ifa0, *ifa;
+ krb5_error_code ret = ENXIO;
+ int num, idx;
- buf_size = 8192;
- for (;;) {
- buf = malloc(buf_size);
- if (buf == NULL) {
- ret = ENOMEM;
- goto error_out;
- }
- ifconf.ifc_len = buf_size;
- ifconf.ifc_buf = buf;
- if (ioctl (fd, siocgifconf, &ifconf) < 0) {
- ret = errno;
- goto error_out;
- }
- /*
- * Can the difference between a full and a overfull buf
- * be determined?
- */
+ res->val = NULL;
- if (ifconf.ifc_len < buf_size)
- break;
- free (buf);
- buf_size *= 2;
- }
+ if (getifaddrs(&ifa0) == -1)
+ return (errno);
- num = ifconf.ifc_len / ifreq_sz;
- res->len = num;
- res->val = calloc(num, sizeof(*res->val));
- if (res->val == NULL) {
- ret = ENOMEM;
- goto error_out;
- }
-
- j = 0;
- for (p = ifconf.ifc_buf;
- p < ifconf.ifc_buf + ifconf.ifc_len;
- p += sz) {
- struct ifreq ifreq;
- struct sockaddr *sa;
-
- ifr = (struct ifreq *)p;
- sa = &ifr->ifr_addr;
-
- sz = ifreq_sz;
-#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
- sz = max(sz, sizeof(ifr->ifr_name) + sa->sa_len);
-#endif
-#ifdef SA_LEN
- sz = max(sz, SA_LEN(sa));
-#endif
- memcpy (ifreq.ifr_name, ifr->ifr_name, sizeof(ifr->ifr_name));
+ memset(&sa_zero, 0, sizeof(sa_zero));
- if (ioctl(fd, siocgifflags, &ifreq) < 0) {
- ret = errno;
- goto error_out;
- }
+ /* First, count all the ifaddrs. */
+ for (ifa = ifa0, num = 0; ifa != NULL; ifa = ifa->ifa_next, num++)
+ /* nothing */;
- if (!(ifreq.ifr_flags & IFF_UP))
- continue;
- if (memcmp (sa, &sa_zero, sizeof(sa_zero)) == 0)
- continue;
- if (krb5_sockaddr_uninteresting (sa))
- continue;
+ if (num == 0) {
+ freeifaddrs(ifa0);
+ return (ENXIO);
+ }
- if (ifreq.ifr_flags & IFF_LOOPBACK) {
- if (flags & LOOP_IF_NONE) {
- ret = krb5_sockaddr2address (sa, &lo_addr);
- if (ret)
- goto error_out;
- got_lo = TRUE;
- continue;
- } else if((flags & LOOP) == 0)
- continue;
- }
+ /* Allocate storage for them. */
+ res->val = calloc(num, sizeof(*res->val));
+ if (res->val == NULL) {
+ freeifaddrs(ifa0);
+ return (ENOMEM);
+ }
- ret = krb5_sockaddr2address (sa, &res->val[j]);
- if (ret)
- goto error_out;
- ++j;
- }
- if ((flags & LOOP_IF_NONE) && got_lo) {
- if (j == 0)
- res->val[j++] = lo_addr;
- else
- krb5_free_address (context, &lo_addr);
- }
+ /* Now traverse the list. */
+ for (ifa = ifa0, idx = 0; ifa != NULL; ifa = ifa->ifa_next) {
+ if ((ifa->ifa_flags & IFF_UP) == 0)
+ continue;
+ if (memcmp(ifa->ifa_addr, &sa_zero, sizeof(sa_zero)) == 0)
+ continue;
+ if (krb5_sockaddr_uninteresting(ifa->ifa_addr))
+ continue;
+
+ if ((ifa->ifa_flags & IFF_LOOPBACK) != 0) {
+ /* We'll deal with the LOOP_IF_NONE case later. */
+ if ((flags & LOOP) == 0)
+ continue;
+ }
- if (j != num) {
- void *tmp;
+ ret = krb5_sockaddr2address(ifa->ifa_addr, &res->val[idx]);
+ if (ret) {
+ /*
+ * The most likely error here is going to be "Program
+ * lacks support for address type". This is no big
+ * deal -- just continue, and we'll listen on the
+ * addresses who's type we *do* support.
+ */
+ continue;
+ }
+ idx++;
+ }
- res->len = j;
- tmp = realloc (res->val, j * sizeof(*res->val));
- if (j != 0 && tmp == NULL) {
- ret = ENOMEM;
- goto error_out;
- }
- res->val = tmp;
- }
- ret = 0;
- goto cleanup;
+ /*
+ * If no addresses were found, and LOOP_IF_NONE is set, then find
+ * the loopback addresses and add them to our list.
+ */
+ if ((flags & LOOP_IF_NONE) != 0 && idx == 0) {
+ for (ifa = ifa0; ifa != NULL; ifa = ifa->ifa_next) {
+ if ((ifa->ifa_flags & IFF_UP) == 0)
+ continue;
+ if (memcmp(ifa->ifa_addr, &sa_zero, sizeof(sa_zero)) == 0)
+ continue;
+ if (krb5_sockaddr_uninteresting(ifa->ifa_addr))
+ continue;
+
+ if ((ifa->ifa_flags & IFF_LOOPBACK) != 0) {
+ ret = krb5_sockaddr2address(ifa->ifa_addr, &res->val[idx]);
+ if (ret) {
+ /*
+ * See comment above.
+ */
+ continue;
+ }
+ idx++;
+ }
+ }
+ }
-error_out:
- if (got_lo)
- krb5_free_address (context, &lo_addr);
- while(j--) {
- krb5_free_address (context, &res->val[j]);
- }
- free (res->val);
-cleanup:
- close (fd);
- free (buf);
- return ret;
+ freeifaddrs(ifa0);
+ if (ret)
+ free(res->val);
+ else
+ res->len = idx; /* Now a count. */
+ return (ret);
}
static krb5_error_code
@@ -239,26 +185,9 @@ get_addrs_int (krb5_context context, krb5_addresses *res, int flags)
krb5_error_code ret = -1;
if (flags & SCAN_INTERFACES) {
-#if defined(AF_INET6) && defined(SIOCGIF6CONF) && defined(SIOCGIF6FLAGS)
- if (ret)
- ret = find_all_addresses (context, res, flags,
- AF_INET6, SIOCGIF6CONF, SIOCGIF6FLAGS,
- sizeof(struct in6_ifreq));
-#endif
-#if defined(HAVE_IPV6) && defined(SIOCGIFCONF)
- if (ret)
- ret = find_all_addresses (context, res, flags,
- AF_INET6, SIOCGIFCONF, SIOCGIFFLAGS,
- sizeof(struct ifreq));
-#endif
-#if defined(AF_INET) && defined(SIOCGIFCONF) && defined(SIOCGIFFLAGS)
- if (ret)
- ret = find_all_addresses (context, res, flags,
- AF_INET, SIOCGIFCONF, SIOCGIFFLAGS,
- sizeof(struct ifreq));
+ ret = find_all_addresses (context, res, flags);
if(ret || res->len == 0)
ret = gethostname_fallback (res);
-#endif
} else
ret = 0;
diff --git a/crypto/heimdal/lib/krb5/get_cred.c b/crypto/heimdal/lib/krb5/get_cred.c
index 61951c1..e649cfe 100644
--- a/crypto/heimdal/lib/krb5/get_cred.c
+++ b/crypto/heimdal/lib/krb5/get_cred.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include <krb5_locl.h>
-RCSID("$Id: get_cred.c,v 1.75 1999/12/02 17:05:09 joda Exp $");
+RCSID("$Id: get_cred.c,v 1.82 2001/01/19 04:29:44 assar Exp $");
/*
* Take the `body' and encode it into `padata' using the credentials
@@ -82,12 +82,13 @@ make_pa_tgs_req(krb5_context context,
in_data.data = buf + buf_size - len;
ret = krb5_mk_req_internal(context, &ac, 0, &in_data, creds,
&padata->padata_value,
- KRB5_KU_TGS_REQ_AUTH_CKSUM);
+ KRB5_KU_TGS_REQ_AUTH_CKSUM,
+ KRB5_KU_TGS_REQ_AUTH);
out:
free (buf);
if(ret)
return ret;
- padata->padata_type = pa_tgs_req;
+ padata->padata_type = KRB5_PADATA_TGS_REQ;
return 0;
}
@@ -191,6 +192,10 @@ init_tgs_req (krb5_context context,
ret = ENOMEM;
goto fail;
}
+
+ /* some versions of some code might require that the client be
+ present in TGS-REQs, but this is clearly against the spec */
+
ret = copy_PrincipalName(&in_creds->server->name, t->req_body.sname);
if (ret)
goto fail;
@@ -273,6 +278,7 @@ init_tgs_req (krb5_context context,
}
fail:
if (ret)
+ /* XXX - don't free addresses? */
free_TGS_REQ (t);
return ret;
}
@@ -320,7 +326,9 @@ decrypt_tkt_with_subkey (krb5_context context,
size_t size;
krb5_crypto crypto;
- krb5_crypto_init(context, key, 0, &crypto);
+ ret = krb5_crypto_init(context, key, 0, &crypto);
+ if (ret)
+ return ret;
ret = krb5_decrypt_EncryptedData (context,
crypto,
usage,
@@ -329,7 +337,9 @@ decrypt_tkt_with_subkey (krb5_context context,
krb5_crypto_destroy(context, crypto);
if(ret && subkey){
/* DCE compat -- try to decrypt with subkey */
- krb5_crypto_init(context, (krb5_keyblock*)subkey, 0, &crypto);
+ ret = krb5_crypto_init(context, (krb5_keyblock*)subkey, 0, &crypto);
+ if (ret)
+ return ret;
ret = krb5_decrypt_EncryptedData (context,
crypto,
KRB5_KU_TGS_REP_ENC_PART_SUB_KEY,
@@ -471,6 +481,7 @@ get_cred_kdc(krb5_context context,
&krbtgt->addresses,
nonce,
TRUE,
+ flags.b.request_anonymous,
decrypt_tkt_with_subkey,
subkey);
krb5_free_kdc_rep(context, &rep);
@@ -610,7 +621,7 @@ get_cred_from_kdc_flags(krb5_context context,
{
krb5_error_code ret;
krb5_creds *tgt, tmp_creds;
- krb5_realm client_realm, server_realm;
+ krb5_const_realm client_realm, server_realm, try_realm;
*out_creds = NULL;
@@ -620,9 +631,15 @@ get_cred_from_kdc_flags(krb5_context context,
ret = krb5_copy_principal(context, in_creds->client, &tmp_creds.client);
if(ret)
return ret;
+
+ try_realm = krb5_config_get_string(context, NULL, "libdefaults",
+ "capath", server_realm, NULL);
+ if (try_realm == NULL)
+ try_realm = client_realm;
+
ret = krb5_make_principal(context,
&tmp_creds.server,
- client_realm,
+ try_realm,
KRB5_TGS_NAME,
server_realm,
NULL);
@@ -642,8 +659,10 @@ get_cred_from_kdc_flags(krb5_context context,
else {
ret = get_cred_kdc_la(context, ccache, flags,
in_creds, &tgts, *out_creds);
- if (ret)
+ if (ret) {
free (*out_creds);
+ *out_creds = NULL;
+ }
}
krb5_free_creds_contents(context, &tgts);
krb5_free_principal(context, tmp_creds.server);
@@ -656,8 +675,7 @@ get_cred_from_kdc_flags(krb5_context context,
/* XXX this can loop forever */
while(1){
general_string tgt_inst;
- krb5_kdc_flags f;
- f.i = 0;
+
ret = get_cred_from_kdc_flags(context, flags, ccache, &tmp_creds,
&tgt, ret_tgts);
if(ret) {
@@ -698,8 +716,10 @@ get_cred_from_kdc_flags(krb5_context context,
else {
ret = get_cred_kdc_la(context, ccache, flags,
in_creds, tgt, *out_creds);
- if (ret)
+ if (ret) {
free (*out_creds);
+ *out_creds = NULL;
+ }
}
krb5_free_creds(context, tgt);
return ret;
@@ -729,20 +749,24 @@ krb5_get_credentials_with_flags(krb5_context context,
{
krb5_error_code ret;
krb5_creds **tgts;
+ krb5_creds *res_creds;
int i;
- *out_creds = calloc(1, sizeof(**out_creds));
- if (*out_creds == NULL)
+ *out_creds = NULL;
+ res_creds = calloc(1, sizeof(*res_creds));
+ if (res_creds == NULL)
return ENOMEM;
ret = krb5_cc_retrieve_cred(context,
ccache,
in_creds->session.keytype ?
KRB5_TC_MATCH_KEYTYPE : 0,
- in_creds, *out_creds);
- if(ret == 0)
+ in_creds, res_creds);
+ if(ret == 0) {
+ *out_creds = res_creds;
return 0;
- free(*out_creds);
+ }
+ free(res_creds);
if(ret != KRB5_CC_END)
return ret;
if(options & KRB5_GC_CACHED)
@@ -752,7 +776,7 @@ krb5_get_credentials_with_flags(krb5_context context,
tgts = NULL;
ret = get_cred_from_kdc_flags(context, flags, ccache,
in_creds, out_creds, &tgts);
- for(i = 0; tgts && tgts[i]; i++){
+ for(i = 0; tgts && tgts[i]; i++) {
krb5_cc_store_cred(context, ccache, tgts[i]);
krb5_free_creds(context, tgts[i]);
}
diff --git a/crypto/heimdal/lib/krb5/get_for_creds.c b/crypto/heimdal/lib/krb5/get_for_creds.c
index 977515f..103b757 100644
--- a/crypto/heimdal/lib/krb5/get_for_creds.c
+++ b/crypto/heimdal/lib/krb5/get_for_creds.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include <krb5_locl.h>
-RCSID("$Id: get_for_creds.c,v 1.21 1999/12/20 00:57:37 assar Exp $");
+RCSID("$Id: get_for_creds.c,v 1.27 2000/08/18 06:47:40 assar Exp $");
static krb5_error_code
add_addrs(krb5_context context,
@@ -41,7 +41,7 @@ add_addrs(krb5_context context,
struct addrinfo *ai)
{
krb5_error_code ret;
- unsigned n, i;
+ unsigned n, i, j;
void *tmp;
struct addrinfo *a;
@@ -57,11 +57,18 @@ add_addrs(krb5_context context,
goto fail;
}
addr->val = tmp;
+ for (j = i; j < addr->len; ++j) {
+ addr->val[i].addr_type = 0;
+ krb5_data_zero(&addr->val[i].address);
+ }
for (a = ai; a != NULL; a = a->ai_next) {
- ret = krb5_sockaddr2address (a->ai_addr, &addr->val[i++]);
- if (ret)
+ ret = krb5_sockaddr2address (a->ai_addr, &addr->val[i]);
+ if (ret == 0)
+ ++i;
+ else if (ret != KRB5_PROG_ATYPE_NOSUPP)
goto fail;
}
+ addr->len = i;
return 0;
fail:
krb5_free_addresses (context, addr);
@@ -137,7 +144,7 @@ krb5_get_forwarded_creds (krb5_context context,
ret = getaddrinfo (hostname, NULL, NULL, &ai);
if (ret)
- return ret;
+ return krb5_eai_to_heim_errno(ret);
ret = add_addrs (context, &addrs, ai);
freeaddrinfo (ai);
@@ -194,22 +201,26 @@ krb5_get_forwarded_creds (krb5_context context,
}
*enc_krb_cred_part.usec = usec;
- ret = krb5_make_addrport (&enc_krb_cred_part.s_address,
- auth_context->local_address,
- auth_context->local_port);
- if (ret)
- goto out4;
-
- ALLOC(enc_krb_cred_part.r_address, 1);
- if (enc_krb_cred_part.r_address == NULL) {
- ret = ENOMEM;
- goto out4;
+ if (auth_context->local_address && auth_context->local_port) {
+ ret = krb5_make_addrport (&enc_krb_cred_part.s_address,
+ auth_context->local_address,
+ auth_context->local_port);
+ if (ret)
+ goto out4;
}
- ret = krb5_copy_address (context, auth_context->remote_address,
- enc_krb_cred_part.r_address);
- if (ret)
- goto out4;
+ if (auth_context->remote_address) {
+ ALLOC(enc_krb_cred_part.r_address, 1);
+ if (enc_krb_cred_part.r_address == NULL) {
+ ret = ENOMEM;
+ goto out4;
+ }
+
+ ret = krb5_copy_address (context, auth_context->remote_address,
+ enc_krb_cred_part.r_address);
+ if (ret)
+ goto out4;
+ }
/* fill ticket_info.val[0] */
@@ -252,7 +263,11 @@ krb5_get_forwarded_creds (krb5_context context,
return ret;
}
- krb5_crypto_init(context, auth_context->local_subkey, 0, &crypto);
+ ret = krb5_crypto_init(context, auth_context->local_subkey, 0, &crypto);
+ if (ret) {
+ free_KRB_CRED(&cred);
+ return ret;
+ }
ret = krb5_encrypt_EncryptedData (context,
crypto,
KRB5_KU_KRB_CRED,
diff --git a/crypto/heimdal/lib/krb5/get_in_tkt.c b/crypto/heimdal/lib/krb5/get_in_tkt.c
index e043d1d..84afe5e 100644
--- a/crypto/heimdal/lib/krb5/get_in_tkt.c
+++ b/crypto/heimdal/lib/krb5/get_in_tkt.c
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: get_in_tkt.c,v 1.94 2000/02/06 05:18:20 assar Exp $");
+RCSID("$Id: get_in_tkt.c,v 1.97 2000/08/18 06:47:54 assar Exp $");
krb5_error_code
krb5_init_etype (krb5_context context,
@@ -85,7 +85,9 @@ decrypt_tkt (krb5_context context,
size_t size;
krb5_crypto crypto;
- krb5_crypto_init(context, key, 0, &crypto);
+ ret = krb5_crypto_init(context, key, 0, &crypto);
+ if (ret)
+ return ret;
ret = krb5_decrypt_EncryptedData (context,
crypto,
@@ -124,6 +126,7 @@ _krb5_extract_ticket(krb5_context context,
krb5_addresses *addrs,
unsigned nonce,
krb5_boolean allow_server_mismatch,
+ krb5_boolean ignore_cname,
krb5_decrypt_proc decrypt_proc,
krb5_const_pointer decryptarg)
{
@@ -133,20 +136,26 @@ _krb5_extract_ticket(krb5_context context,
time_t tmp_time;
krb5_timestamp sec_now;
- /* compare client */
-
ret = principalname2krb5_principal (&tmp_principal,
rep->kdc_rep.cname,
rep->kdc_rep.crealm);
if (ret)
goto out;
- tmp = krb5_principal_compare (context, tmp_principal, creds->client);
- krb5_free_principal (context, tmp_principal);
- if (!tmp) {
- ret = KRB5KRB_AP_ERR_MODIFIED;
- goto out;
+
+ /* compare client */
+
+ if (!ignore_cname) {
+ tmp = krb5_principal_compare (context, tmp_principal, creds->client);
+ if (!tmp) {
+ krb5_free_principal (context, tmp_principal);
+ ret = KRB5KRB_AP_ERR_MODIFIED;
+ goto out;
+ }
}
-
+
+ krb5_free_principal (context, creds->client);
+ creds->client = tmp_principal;
+
/* extract ticket */
{
unsigned char *buf;
@@ -314,7 +323,9 @@ make_pa_enc_timestamp(krb5_context context, PA_DATA *pa,
if (ret)
return ret;
- krb5_crypto_init(context, key, 0, &crypto);
+ ret = krb5_crypto_init(context, key, 0, &crypto);
+ if (ret)
+ return ret;
ret = krb5_encrypt_EncryptedData(context,
crypto,
KRB5_KU_PA_ENC_TIMESTAMP,
@@ -333,7 +344,7 @@ make_pa_enc_timestamp(krb5_context context, PA_DATA *pa,
free_EncryptedData(&encdata);
if (ret)
return ret;
- pa->padata_type = pa_enc_timestamp;
+ pa->padata_type = KRB5_PADATA_ENC_TIMESTAMP;
pa->padata_value.length = 0;
krb5_data_copy(&pa->padata_value,
buf + sizeof(buf) - len,
@@ -575,10 +586,10 @@ set_ptypes(krb5_context context,
NULL);
for(i = 0; i < md.len; i++){
switch(md.val[i].padata_type){
- case pa_enc_timestamp:
+ case KRB5_PADATA_ENC_TIMESTAMP:
*ptypes = ptypes2;
break;
- case pa_etype_info:
+ case KRB5_PADATA_ETYPE_INFO:
*preauth = &preauth2;
ALLOC_SEQ(*preauth, 1);
(*preauth)->val[0].type = KRB5_PADATA_ENC_TIMESTAMP;
@@ -588,6 +599,8 @@ set_ptypes(krb5_context context,
&(*preauth)->val[0].info,
NULL);
break;
+ default:
+ break;
}
}
free_METHOD_DATA(&md);
@@ -707,12 +720,12 @@ krb5_get_in_cred(krb5_context context,
if(rep.kdc_rep.padata){
int index = 0;
pa = krb5_find_padata(rep.kdc_rep.padata->val, rep.kdc_rep.padata->len,
- pa_pw_salt, &index);
+ KRB5_PADATA_PW_SALT, &index);
if(pa == NULL) {
index = 0;
pa = krb5_find_padata(rep.kdc_rep.padata->val,
rep.kdc_rep.padata->len,
- pa_afs3_salt, &index);
+ KRB5_PADATA_AFS3_SALT, &index);
}
}
if(pa) {
@@ -741,6 +754,7 @@ krb5_get_in_cred(krb5_context context,
NULL,
nonce,
FALSE,
+ opts.b.request_anonymous,
decrypt_proc,
decryptarg);
memset (key->keyvalue.data, 0, key->keyvalue.length);
diff --git a/crypto/heimdal/lib/krb5/get_port.c b/crypto/heimdal/lib/krb5/get_port.c
index 17bb45f..6c51741 100644
--- a/crypto/heimdal/lib/krb5/get_port.c
+++ b/crypto/heimdal/lib/krb5/get_port.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include <krb5_locl.h>
-RCSID("$Id: get_port.c,v 1.7 1999/12/02 17:05:10 joda Exp $");
+RCSID("$Id: get_port.c,v 1.8 2001/01/27 19:24:34 joda Exp $");
int
krb5_getportbyname (krb5_context context,
@@ -44,8 +44,10 @@ krb5_getportbyname (krb5_context context,
struct servent *sp;
if ((sp = roken_getservbyname (service, proto)) == NULL) {
+#if 0
krb5_warnx(context, "%s/%s unknown service, using default port %d",
service, proto, default_port);
+#endif
return htons(default_port);
} else
return sp->s_port;
diff --git a/crypto/heimdal/lib/krb5/heim_err.et b/crypto/heimdal/lib/krb5/heim_err.et
index 5ec3543..09145f2 100644
--- a/crypto/heimdal/lib/krb5/heim_err.et
+++ b/crypto/heimdal/lib/krb5/heim_err.et
@@ -3,7 +3,7 @@
#
# This might look like a com_err file, but is not
#
-id "$Id: heim_err.et,v 1.7 1999/08/25 20:49:17 joda Exp $"
+id "$Id: heim_err.et,v 1.10 2000/07/08 13:02:11 joda Exp $"
error_table heim
@@ -14,5 +14,23 @@ error_code V4_PRINC_NO_CONV, "Failed to convert v4 principal"
error_code SALTTYPE_NOSUPP, "Salt type is not supported by enctype"
error_code NOHOST, "Host not found"
error_code OPNOTSUPP, "Operation not supported"
+error_code EOF, "End of file"
+error_code BAD_MKEY, "Failed to get the master key"
+
+index 128
+prefix HEIM_EAI
+#error_code NOERROR, "no error"
+error_code UNKNOWN, "unknown error from getaddrinfo"
+error_code ADDRFAMILY, "address family for nodename not supported"
+error_code AGAIN, "temporary failure in name resolution"
+error_code BADFLAGS, "invalid value for ai_flags"
+error_code FAIL, "non-recoverable failure in name resolution"
+error_code FAMILY, "ai_family not supported"
+error_code MEMORY, "memory allocation failure"
+error_code NODATA, "no address associated with nodename"
+error_code NONAME, "nodename nor servname provided, or not known"
+error_code SERVICE, "servname not supported for ai_socktype"
+error_code SOCKTYPE, "ai_socktype not supported"
+error_code SYSTEM, "system error returned in errno"
end
diff --git a/crypto/heimdal/lib/krb5/init_creds.c b/crypto/heimdal/lib/krb5/init_creds.c
index 404fa5a..f6c571a 100644
--- a/crypto/heimdal/lib/krb5/init_creds.c
+++ b/crypto/heimdal/lib/krb5/init_creds.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: init_creds.c,v 1.2 1999/12/02 17:05:10 joda Exp $");
+RCSID("$Id: init_creds.c,v 1.5 2001/01/05 16:27:39 joda Exp $");
void
krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt)
@@ -43,6 +43,48 @@ krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt)
}
void
+krb5_get_init_creds_opt_set_default_flags(krb5_context context,
+ const char *appname,
+ krb5_realm realm,
+ krb5_get_init_creds_opt *opt)
+{
+ krb5_boolean b;
+ time_t t;
+
+ krb5_appdefault_boolean(context, appname, realm, "forwardable", FALSE, &b);
+ krb5_get_init_creds_opt_set_forwardable(opt, b);
+
+ krb5_appdefault_boolean(context, appname, realm, "proxiable", FALSE, &b);
+ krb5_get_init_creds_opt_set_proxiable (opt, b);
+
+ krb5_appdefault_time(context, appname, realm, "ticket_life", 0, &t);
+ if(t != 0)
+ krb5_get_init_creds_opt_set_tkt_life(opt, t);
+
+ krb5_appdefault_time(context, appname, realm, "renewable_life", 0, &t);
+ if(t != 0)
+ krb5_get_init_creds_opt_set_renew_life(opt, t);
+
+#if 0
+ krb5_appdefault_boolean(context, appname, realm, "anonymous", FALSE, &b);
+ krb5_get_init_creds_opt_set_anonymous (opt, b);
+
+ krb5_get_init_creds_opt_set_etype_list(opt, enctype,
+ etype_str.num_strings);
+
+ krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt *opt,
+ krb5_data *salt);
+
+ krb5_get_init_creds_opt_set_preauth_list(krb5_get_init_creds_opt *opt,
+ krb5_preauthtype *preauth_list,
+ int preauth_list_length);
+ krb5_get_init_creds_opt_set_address_list(krb5_get_init_creds_opt *opt,
+ krb5_addresses *addresses);
+#endif
+}
+
+
+void
krb5_get_init_creds_opt_set_tkt_life(krb5_get_init_creds_opt *opt,
krb5_deltat tkt_life)
{
@@ -109,3 +151,11 @@ krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt *opt,
opt->flags |= KRB5_GET_INIT_CREDS_OPT_SALT;
opt->salt = salt;
}
+
+void
+krb5_get_init_creds_opt_set_anonymous(krb5_get_init_creds_opt *opt,
+ int anonymous)
+{
+ opt->flags |= KRB5_GET_INIT_CREDS_OPT_ANONYMOUS;
+ opt->anonymous = anonymous;
+}
diff --git a/crypto/heimdal/lib/krb5/init_creds_pw.c b/crypto/heimdal/lib/krb5/init_creds_pw.c
index 3caf939..8881d13 100644
--- a/crypto/heimdal/lib/krb5/init_creds_pw.c
+++ b/crypto/heimdal/lib/krb5/init_creds_pw.c
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: init_creds_pw.c,v 1.38 2000/02/07 03:17:20 assar Exp $");
+RCSID("$Id: init_creds_pw.c,v 1.44 2000/07/24 03:46:40 assar Exp $");
static int
get_config_time (krb5_context context,
@@ -178,9 +178,9 @@ print_expire (krb5_context context,
if (lr->val[i].lr_type == 6
&& lr->val[i].lr_value <= t) {
char *p;
+ time_t tmp = lr->val[i].lr_value;
- asprintf (&p, "Your password will expire at %s",
- ctime(&lr->val[i].lr_value));
+ asprintf (&p, "Your password will expire at %s", ctime(&tmp));
(*prompter) (context, data, p, 0, NULL);
free (p);
return;
@@ -190,9 +190,9 @@ print_expire (krb5_context context,
if (rep->enc_part.key_expiration
&& *rep->enc_part.key_expiration <= t) {
char *p;
+ time_t t = *rep->enc_part.key_expiration;
- asprintf (&p, "Your password/account will expire at %s",
- ctime(rep->enc_part.key_expiration));
+ asprintf (&p, "Your password/account will expire at %s", ctime(&t));
(*prompter) (context, data, p, 0, NULL);
free (p);
}
@@ -263,6 +263,8 @@ get_init_creds_common(krb5_context context,
}
if (options->flags & KRB5_GET_INIT_CREDS_OPT_SALT)
; /* XXX */
+ if (options->flags & KRB5_GET_INIT_CREDS_OPT_ANONYMOUS)
+ flags->b.request_anonymous = options->anonymous;
return 0;
}
@@ -291,9 +293,12 @@ change_password (krb5_context context,
krb5_get_init_creds_opt_init (&options);
krb5_get_init_creds_opt_set_tkt_life (&options, 60);
- krb5_get_init_creds_opt_set_preauth_list (&options,
- old_options->preauth_list,
- old_options->preauth_list_length);
+ krb5_get_init_creds_opt_set_forwardable (&options, FALSE);
+ krb5_get_init_creds_opt_set_proxiable (&options, FALSE);
+ if (old_options->flags & KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST)
+ krb5_get_init_creds_opt_set_preauth_list (&options,
+ old_options->preauth_list,
+ old_options->preauth_list_length);
krb5_data_zero (&result_code_string);
krb5_data_zero (&result_string);
@@ -438,6 +443,12 @@ krb5_get_init_creds_password(krb5_context context,
done = 1;
break;
case KRB5KDC_ERR_KEY_EXPIRED :
+ /* try to avoid recursion */
+
+ if (in_tkt_service != NULL
+ && strcmp (in_tkt_service, "kadmin/changepw") == 0)
+ goto out;
+
ret = change_password (context,
client,
password,
diff --git a/crypto/heimdal/lib/krb5/kerberos.8 b/crypto/heimdal/lib/krb5/kerberos.8
new file mode 100644
index 0000000..1b2ec91
--- /dev/null
+++ b/crypto/heimdal/lib/krb5/kerberos.8
@@ -0,0 +1,73 @@
+.\" $Id: kerberos.8,v 1.1 2000/09/01 15:52:24 joda Exp $
+.\"
+.Dd September 1, 2000
+.Dt KERBEROS 8
+.Os HEIMDAL
+.Sh NAME
+.Nm kerberos
+.Nd introduction to the Kerberos system
+.Sh DESCRIPTION
+Kerberos is a network authentication system. It's purpose is to
+securely authenticate users and services in an insecure network
+environment.
+.Pp
+This is done with a Kerberos server acting as a trusted third party,
+keeping a database with secret keys for all users and services
+(collectively called
+.Em principals ) .
+.Pp
+Each principal belongs to exactly one
+.Em realm ,
+which is the administrative domain in Kerberos. A realm usually
+corresponds to an organisation, and the realm should normally be
+derived from that organisation's domain name. A realm is served by one
+or more Kerberos servers.
+.Pp
+The authentication process involves exchange of
+.Sq tickets
+and
+.Sq authenticators
+which together prove the principal's identity.
+.Pp
+When you login to the Kerberos system, either through the normal
+system login or with the
+.Xr kinit 1
+program, you acquire a
+.Em ticket granting ticket
+which allows you to get new tickets for other services, such as
+.Ic telnet
+or
+.Ic ftp ,
+without giving your password.
+.Pp
+For more information on how Kerberos works, and other general Kerberos
+questions see the Kerberos FAQ at
+.Ad http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html .
+
+For setup instructions see the Heimdal Texinfo manual.
+.Sh SEE ALSO
+.Xr ftp 1
+.Xr kdestroy 1 ,
+.Xr kinit 1 ,
+.Xr klist 1 ,
+.Xr kpasswd 1 ,
+.Xr telnet 1
+.Sh HISTORY
+The Kerberos authentication system was developed in the late 1980's as
+part of the Athena Project at the Massachusetts Institute of
+Technology. Versions one through three never reached outside MIT, but
+version 4 was (and still is) quite popular, especially in the academic
+community, but is also used in commercial products like the AFS
+filesystem.
+.Pp
+The problems with version 4 are that it has many limitations, the code
+was not too well written (since it had been developed over a long
+time), and it has a number of known security problems. To resolve many
+of these issues work on version five started, and resulted in IETF
+RFC1510 in 1993. Since then much work has been put into the further
+development, and a new RFC will hopefully appear soon.
+.Pp
+This manual manual page is part of the
+.Nm Heimdal
+Kerberos 5 distribution, which has been in development at the Royal
+Institute of Technology in Stockholm, Sweden, since about 1997.
diff --git a/crypto/heimdal/lib/krb5/keyblock.c b/crypto/heimdal/lib/krb5/keyblock.c
index 89732a0..124d9bc 100644
--- a/crypto/heimdal/lib/krb5/keyblock.c
+++ b/crypto/heimdal/lib/krb5/keyblock.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,6 +33,8 @@
#include "krb5_locl.h"
+RCSID("$Id: keyblock.c,v 1.11 2000/03/23 03:38:25 assar Exp $");
+
void
krb5_free_keyblock_contents(krb5_context context,
krb5_keyblock *keyblock)
diff --git a/crypto/heimdal/lib/krb5/keytab_keyfile.c b/crypto/heimdal/lib/krb5/keytab_keyfile.c
index fa14e62..ffdf35c 100644
--- a/crypto/heimdal/lib/krb5/keytab_keyfile.c
+++ b/crypto/heimdal/lib/krb5/keytab_keyfile.c
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: keytab_keyfile.c,v 1.7 2000/01/02 04:00:22 assar Exp $");
+RCSID("$Id: keytab_keyfile.c,v 1.9 2000/07/02 16:14:16 assar Exp $");
/* afs keyfile operations --------------------------------------- */
@@ -221,7 +221,7 @@ akf_next_entry(krb5_context context,
goto out;
}
- entry->vno = (int8_t) kvno;
+ entry->vno = kvno;
entry->keyblock.keytype = ETYPE_DES_CBC_MD5;
entry->keyblock.keyvalue.length = 8;
@@ -235,6 +235,8 @@ akf_next_entry(krb5_context context,
ret = cursor->sp->fetch(cursor->sp, entry->keyblock.keyvalue.data, 8);
if(ret != 8)
ret = (ret < 0) ? errno : KRB5_KT_END;
+ else
+ ret = 0;
entry->timestamp = time(NULL);
@@ -260,7 +262,7 @@ akf_add_entry(krb5_context context,
{
struct akf_data *d = id->data;
int fd, created = 0;
- int32_t kvno;
+ krb5_error_code ret;
fd = open (d->filename, O_RDWR | O_BINARY);
if (fd < 0) {
@@ -274,29 +276,68 @@ akf_add_entry(krb5_context context,
if (entry->keyblock.keyvalue.length == 8
&& entry->keyblock.keytype == ETYPE_DES_CBC_MD5) {
- int32_t len = 0;
+ int32_t len;
+ krb5_storage *sp;
- if (!created) {
- if (lseek (fd, 0, SEEK_SET))
+ sp = krb5_storage_from_fd(fd);
+ if(sp == NULL) {
+ close(fd);
+ return ENOMEM;
+ }
+ if (created)
+ len = 0;
+ else {
+ if((*sp->seek)(sp, 0, SEEK_SET) < 0) {
+ krb5_storage_free(sp);
+ close(fd);
return errno;
+ }
- if (read (fd, &len, sizeof(len)) != sizeof(len))
- return errno;
+ ret = krb5_ret_int32(sp, &len);
+ if(ret) {
+ krb5_storage_free(sp);
+ close(fd);
+ return ret;
+ }
}
- len += 1;
-
- if (lseek (fd, 0, SEEK_SET))
- return errno;
-
- if (write (fd, &len, sizeof(len)) != sizeof(len))
+ len++;
+
+ if((*sp->seek)(sp, 0, SEEK_SET) < 0) {
+ krb5_storage_free(sp);
+ close(fd);
return errno;
+ }
+
+ ret = krb5_store_int32(sp, len);
+ if(ret) {
+ krb5_storage_free(sp);
+ close(fd);
+ return ret;
+ }
+
- if (lseek (fd, 4 + (len-1) * (8+4), SEEK_SET))
+ if((*sp->seek)(sp, (len - 1) * (8 + 4), SEEK_CUR) < 0) {
+ krb5_storage_free(sp);
+ close(fd);
return errno;
-
- kvno = entry->vno;
- write(fd, &kvno, sizeof(kvno));
- write(fd, entry->keyblock.keyvalue.data, 8);
+ }
+
+ ret = krb5_store_int32(sp, entry->vno);
+ if(ret) {
+ krb5_storage_free(sp);
+ close(fd);
+ return ret;
+ }
+ ret = sp->store(sp, entry->keyblock.keyvalue.data,
+ entry->keyblock.keyvalue.length);
+ if(ret != entry->keyblock.keyvalue.length) {
+ krb5_storage_free(sp);
+ close(fd);
+ if(ret < 0)
+ return errno;
+ return ENOTTY;
+ }
+ krb5_storage_free(sp);
}
close (fd);
return 0;
diff --git a/crypto/heimdal/lib/krb5/keytab_krb4.c b/crypto/heimdal/lib/krb5/keytab_krb4.c
index b1f425c..e41f849 100644
--- a/crypto/heimdal/lib/krb5/keytab_krb4.c
+++ b/crypto/heimdal/lib/krb5/keytab_krb4.c
@@ -32,9 +32,8 @@
*/
#include "krb5_locl.h"
-#include <krb.h>
-RCSID("$Id: keytab_krb4.c,v 1.5 2000/01/06 08:04:58 assar Exp $");
+RCSID("$Id: keytab_krb4.c,v 1.6 2000/12/15 17:10:40 joda Exp $");
struct krb4_kt_data {
char *filename;
@@ -227,6 +226,9 @@ krb4_kt_add_entry (krb5_context context,
struct krb4_kt_data *d = id->data;
krb5_error_code ret;
int fd;
+#define ANAME_SZ 40
+#define INST_SZ 40
+#define REALM_SZ 40
char service[ANAME_SZ];
char instance[INST_SZ];
char realm[REALM_SZ];
@@ -258,7 +260,7 @@ krb4_kt_add_entry (krb5_context context,
return 0;
}
-krb5_kt_ops krb4_fkt_ops = {
+const krb5_kt_ops krb4_fkt_ops = {
"krb4",
krb4_kt_resolve,
krb4_kt_get_name,
diff --git a/crypto/heimdal/lib/krb5/krb5-private.h b/crypto/heimdal/lib/krb5/krb5-private.h
index b24328a..c653695 100644
--- a/crypto/heimdal/lib/krb5/krb5-private.h
+++ b/crypto/heimdal/lib/krb5/krb5-private.h
@@ -18,7 +18,7 @@ _krb5_crc_init_table __P((void));
u_int32_t
_krb5_crc_update __P((
- char *p,
+ const char *p,
size_t len,
u_int32_t res));
@@ -33,6 +33,7 @@ _krb5_extract_ticket __P((
krb5_addresses *addrs,
unsigned nonce,
krb5_boolean allow_server_mismatch,
+ krb5_boolean ignore_cname,
krb5_decrypt_proc decrypt_proc,
krb5_const_pointer decryptarg));
diff --git a/crypto/heimdal/lib/krb5/krb5-protos.h b/crypto/heimdal/lib/krb5/krb5-protos.h
index 59402a7..628f560 100644
--- a/crypto/heimdal/lib/krb5/krb5-protos.h
+++ b/crypto/heimdal/lib/krb5/krb5-protos.h
@@ -66,6 +66,20 @@ krb5_abortx __P((
__attribute__ ((noreturn, format (printf, 2, 3)));
krb5_error_code
+krb5_acl_match_file __P((
+ krb5_context context,
+ const char *file,
+ const char *format,
+ ...));
+
+krb5_error_code
+krb5_acl_match_string __P((
+ krb5_context context,
+ const char *acl_string,
+ const char *format,
+ ...));
+
+krb5_error_code
krb5_add_et_list __P((
krb5_context context,
void (*func)(struct et_list **)));
@@ -130,6 +144,33 @@ krb5_anyaddr __P((
int *sa_size,
int port));
+void
+krb5_appdefault_boolean __P((
+ krb5_context context,
+ const char *appname,
+ krb5_realm realm,
+ const char *option,
+ krb5_boolean def_val,
+ krb5_boolean *ret_val));
+
+void
+krb5_appdefault_string __P((
+ krb5_context context,
+ const char *appname,
+ krb5_realm realm,
+ const char *option,
+ const char *def_val,
+ char **ret_val));
+
+void
+krb5_appdefault_time __P((
+ krb5_context context,
+ const char *appname,
+ krb5_realm realm,
+ const char *option,
+ time_t def_val,
+ time_t *ret_val));
+
krb5_error_code
krb5_append_addresses __P((
krb5_context context,
@@ -142,6 +183,13 @@ krb5_auth_con_free __P((
krb5_auth_context auth_context));
krb5_error_code
+krb5_auth_con_genaddrs __P((
+ krb5_context context,
+ krb5_auth_context auth_context,
+ int fd,
+ int flags));
+
+krb5_error_code
krb5_auth_con_getaddrs __P((
krb5_context context,
krb5_auth_context auth_context,
@@ -167,6 +215,12 @@ krb5_auth_con_getlocalsubkey __P((
krb5_keyblock **keyblock));
krb5_error_code
+krb5_auth_con_getrcache __P((
+ krb5_context context,
+ krb5_auth_context auth_context,
+ krb5_rcache *rcache));
+
+krb5_error_code
krb5_auth_con_getremotesubkey __P((
krb5_context context,
krb5_auth_context auth_context,
@@ -209,6 +263,12 @@ krb5_auth_con_setlocalsubkey __P((
krb5_keyblock *keyblock));
krb5_error_code
+krb5_auth_con_setrcache __P((
+ krb5_context context,
+ krb5_auth_context auth_context,
+ krb5_rcache rcache));
+
+krb5_error_code
krb5_auth_con_setremotesubkey __P((
krb5_context context,
krb5_auth_context auth_context,
@@ -291,7 +351,8 @@ krb5_build_authenticator __P((
krb5_creds *cred,
Checksum *cksum,
Authenticator **auth_result,
- krb5_data *result));
+ krb5_data *result,
+ krb5_key_usage usage));
krb5_error_code
krb5_build_principal __P((
@@ -545,6 +606,13 @@ krb5_config_get_string __P((
krb5_config_section *c,
...));
+const char *
+krb5_config_get_string_default __P((
+ krb5_context context,
+ krb5_config_section *c,
+ const char *def_value,
+ ...));
+
char**
krb5_config_get_strings __P((
krb5_context context,
@@ -629,6 +697,13 @@ krb5_config_vget_string __P((
krb5_config_section *c,
va_list args));
+const char *
+krb5_config_vget_string_default __P((
+ krb5_context context,
+ krb5_config_section *c,
+ const char *def_value,
+ va_list args));
+
char **
krb5_config_vget_strings __P((
krb5_context context,
@@ -827,10 +902,20 @@ krb5_decrypt_EncryptedData __P((
krb5_context context,
krb5_crypto crypto,
unsigned usage,
- EncryptedData *e,
+ const EncryptedData *e,
krb5_data *result));
krb5_error_code
+krb5_decrypt_ivec __P((
+ krb5_context context,
+ krb5_crypto crypto,
+ unsigned usage,
+ void *data,
+ size_t len,
+ krb5_data *result,
+ void *ivec));
+
+krb5_error_code
krb5_decrypt_ticket __P((
krb5_context context,
Ticket *ticket,
@@ -853,6 +938,9 @@ krb5_domain_x500_encode __P((
krb5_data *encoding));
krb5_error_code
+krb5_eai_to_heim_errno __P((int eai_errno));
+
+krb5_error_code
krb5_encode_Authenticator __P((
krb5_context context,
void *data,
@@ -928,6 +1016,16 @@ krb5_encrypt_EncryptedData __P((
EncryptedData *result));
krb5_error_code
+krb5_encrypt_ivec __P((
+ krb5_context context,
+ krb5_crypto crypto,
+ unsigned usage,
+ void *data,
+ size_t len,
+ krb5_data *result,
+ void *ivec));
+
+krb5_error_code
krb5_enctype_to_keytype __P((
krb5_context context,
krb5_enctype etype,
@@ -988,6 +1086,14 @@ krb5_find_padata __P((
int *index));
krb5_error_code
+krb5_format_time __P((
+ krb5_context context,
+ time_t t,
+ char *s,
+ size_t len,
+ krb5_boolean include_time));
+
+krb5_error_code
krb5_free_address __P((
krb5_context context,
krb5_address *address));
@@ -1106,7 +1212,7 @@ krb5_error_code
krb5_generate_seq_number __P((
krb5_context context,
const krb5_keyblock *key,
- int32_t *seqno));
+ u_int32_t *seqno));
krb5_error_code
krb5_generate_subkey __P((
@@ -1291,6 +1397,18 @@ krb5_get_init_creds_opt_set_address_list __P((
krb5_addresses *addresses));
void
+krb5_get_init_creds_opt_set_anonymous __P((
+ krb5_get_init_creds_opt *opt,
+ int anonymous));
+
+void
+krb5_get_init_creds_opt_set_default_flags __P((
+ krb5_context context,
+ const char *appname,
+ krb5_realm realm,
+ krb5_get_init_creds_opt *opt));
+
+void
krb5_get_init_creds_opt_set_etype_list __P((
krb5_get_init_creds_opt *opt,
krb5_enctype *etype_list,
@@ -1373,6 +1491,12 @@ krb5_get_pw_salt __P((
krb5_const_principal principal,
krb5_salt *salt));
+krb5_error_code
+krb5_get_server_rcache __P((
+ krb5_context context,
+ const krb5_data *piece,
+ krb5_rcache *id));
+
krb5_boolean
krb5_get_use_admin_kdc __P((krb5_context context));
@@ -1623,7 +1747,7 @@ krb5_mk_priv __P((
krb5_error_code
krb5_mk_rep __P((
krb5_context context,
- krb5_auth_context *auth_context,
+ krb5_auth_context auth_context,
krb5_data *outbuf));
krb5_error_code
@@ -1638,6 +1762,16 @@ krb5_mk_req __P((
krb5_data *outbuf));
krb5_error_code
+krb5_mk_req_exact __P((
+ krb5_context context,
+ krb5_auth_context *auth_context,
+ const krb5_flags ap_req_options,
+ const krb5_principal server,
+ krb5_data *in_data,
+ krb5_ccache ccache,
+ krb5_data *outbuf));
+
+krb5_error_code
krb5_mk_req_extended __P((
krb5_context context,
krb5_auth_context *auth_context,
@@ -1654,7 +1788,8 @@ krb5_mk_req_internal __P((
krb5_data *in_data,
krb5_creds *in_creds,
krb5_data *outbuf,
- krb5_key_usage usage));
+ krb5_key_usage checksum_usage,
+ krb5_key_usage encrypt_usage));
krb5_error_code
krb5_mk_safe __P((
@@ -1732,6 +1867,12 @@ krb5_principal_compare_any_realm __P((
krb5_const_principal princ1,
krb5_const_principal princ2));
+krb5_boolean
+krb5_principal_match __P((
+ krb5_context context,
+ krb5_const_principal princ,
+ krb5_const_principal pattern));
+
krb5_error_code
krb5_print_address __P((
const krb5_address *addr,
@@ -1757,9 +1898,94 @@ krb5_prompter_posix __P((
krb5_prompt prompts[]));
krb5_error_code
+krb5_rc_close __P((
+ krb5_context context,
+ krb5_rcache id));
+
+krb5_error_code
+krb5_rc_default __P((
+ krb5_context context,
+ krb5_rcache *id));
+
+const char *
+krb5_rc_default_name __P((krb5_context context));
+
+const char *
+krb5_rc_default_type __P((krb5_context context));
+
+krb5_error_code
+krb5_rc_destroy __P((
+ krb5_context context,
+ krb5_rcache id));
+
+krb5_error_code
+krb5_rc_expunge __P((
+ krb5_context context,
+ krb5_rcache id));
+
+krb5_error_code
+krb5_rc_get_lifespan __P((
+ krb5_context context,
+ krb5_rcache id,
+ krb5_deltat *auth_lifespan));
+
+const char*
+krb5_rc_get_name __P((
+ krb5_context context,
+ krb5_rcache id));
+
+const char*
+krb5_rc_get_type __P((
+ krb5_context context,
+ krb5_rcache id));
+
+krb5_error_code
+krb5_rc_initialize __P((
+ krb5_context context,
+ krb5_rcache id,
+ krb5_deltat auth_lifespan));
+
+krb5_error_code
+krb5_rc_recover __P((
+ krb5_context context,
+ krb5_rcache id));
+
+krb5_error_code
+krb5_rc_resolve __P((
+ krb5_context context,
+ krb5_rcache id,
+ const char *name));
+
+krb5_error_code
+krb5_rc_resolve_full __P((
+ krb5_context context,
+ krb5_rcache *id,
+ const char *string_name));
+
+krb5_error_code
+krb5_rc_resolve_type __P((
+ krb5_context context,
+ krb5_rcache *id,
+ const char *type));
+
+krb5_error_code
+krb5_rc_store __P((
+ krb5_context context,
+ krb5_rcache id,
+ krb5_donot_replay *rep));
+
+krb5_error_code
krb5_rd_cred __P((
krb5_context context,
krb5_auth_context auth_context,
+ krb5_data *in_data,
+ krb5_creds ***ret_creds,
+ krb5_replay_data *out_data));
+
+krb5_error_code
+krb5_rd_cred2 __P((
+ krb5_context context,
+ krb5_auth_context auth_context,
krb5_ccache ccache,
krb5_data *in_data));
@@ -1818,6 +2044,20 @@ krb5_read_message __P((
krb5_pointer p_fd,
krb5_data *data));
+krb5_error_code
+krb5_read_priv_message __P((
+ krb5_context context,
+ krb5_auth_context ac,
+ krb5_pointer p_fd,
+ krb5_data *data));
+
+krb5_error_code
+krb5_read_safe_message __P((
+ krb5_context context,
+ krb5_auth_context ac,
+ krb5_pointer p_fd,
+ krb5_data *data));
+
krb5_boolean
krb5_realm_compare __P((
krb5_context context,
@@ -1936,6 +2176,14 @@ krb5_sendauth __P((
krb5_creds **out_creds));
krb5_error_code
+krb5_sendto __P((
+ krb5_context context,
+ const krb5_data *send,
+ char **hostlist,
+ int port,
+ krb5_data *receive));
+
+krb5_error_code
krb5_sendto_kdc __P((
krb5_context context,
const krb5_data *send,
@@ -1943,6 +2191,14 @@ krb5_sendto_kdc __P((
krb5_data *receive));
krb5_error_code
+krb5_sendto_kdc2 __P((
+ krb5_context context,
+ const krb5_data *send,
+ const krb5_realm *realm,
+ krb5_data *receive,
+ krb5_boolean master));
+
+krb5_error_code
krb5_set_default_in_tkt_etypes __P((
krb5_context context,
const krb5_enctype *etypes));
@@ -2102,7 +2358,7 @@ krb5_store_string __P((
krb5_error_code
krb5_store_stringz __P((
krb5_storage *sp,
- char *s));
+ const char *s));
krb5_error_code
krb5_store_times __P((
@@ -2232,6 +2488,18 @@ krb5_verify_ap_req __P((
krb5_ticket **ticket));
krb5_error_code
+krb5_verify_ap_req2 __P((
+ krb5_context context,
+ krb5_auth_context *auth_context,
+ krb5_ap_req *ap_req,
+ krb5_const_principal server,
+ krb5_keyblock *keyblock,
+ krb5_flags flags,
+ krb5_flags *ap_req_options,
+ krb5_ticket **ticket,
+ krb5_key_usage usage));
+
+krb5_error_code
krb5_verify_authenticator_checksum __P((
krb5_context context,
krb5_auth_context ac,
@@ -2355,6 +2623,21 @@ krb5_write_message __P((
krb5_data *data));
krb5_error_code
+krb5_write_priv_message __P((
+ krb5_context context,
+ krb5_auth_context ac,
+ krb5_pointer p_fd,
+ krb5_data *data));
+
+krb5_error_code
+krb5_write_safe_message __P((
+ krb5_context context,
+ krb5_auth_context ac,
+ krb5_boolean priv,
+ krb5_pointer p_fd,
+ krb5_data *data));
+
+krb5_error_code
krb5_xfree __P((void *ptr));
krb5_error_code
diff --git a/crypto/heimdal/lib/krb5/krb5.conf.5 b/crypto/heimdal/lib/krb5/krb5.conf.5
index 2a0adb6..51f6cfb 100644
--- a/crypto/heimdal/lib/krb5/krb5.conf.5
+++ b/crypto/heimdal/lib/krb5/krb5.conf.5
@@ -1,4 +1,4 @@
-.\" $Id: krb5.conf.5,v 1.7 1999/11/04 01:57:28 assar Exp $
+.\" $Id: krb5.conf.5,v 1.12 2001/01/19 04:53:24 assar Exp $
.\"
.Dd April 11, 1999
.Dt KRB5.CONF 5
@@ -46,7 +46,6 @@ name:
.Li STRINGs
consists of one or more non-white space characters.
Currently recognised sections and bindings are:
-
.Bl -tag -width "xxx" -offset indent
.It Li [libdefaults]
.Bl -tag -width "xxx" -offset indent
@@ -65,7 +64,24 @@ Maximum time to wait for a reply from the kdc, default is 3 seconds.
These are decribed in the
.Xr krb5_425_conv_principal 3
manual page.
-.It Li capath = Va realm-routing-table
+.It Li capath = {
+.Bl -tag -width "xxx" -offset indent
+.It Va destination-realm Li = Va next-hop-realm
+.It ...
+.El
+Normally, all requests to realms different from the one of the current
+client are sent to this KDC to get cross-realm tickets.
+If this KDC does not have a cross-realm key with the desired realm and
+the hierarchical path to that realm does not work, a path can be
+configured using this directive.
+The text shown above instructs the KDC to try to obtain a cross-realm
+ticket to
+.Va next-hop-realm
+when the desired realm is
+.Va destination-realm .
+This configuration should preferably be done on the KDC where it will
+help all its clients but can also be done on the client itself.
+.It Li }
.It Li default_etypes = Va etypes...
A list of default etypes to use.
.It Li default_etypes_des = Va etypes...
@@ -113,10 +129,18 @@ perid.
.It Va REALM Li = {
.Bl -tag -width "xxx" -offset indent
.It Li kdc = Va host[:port]
-Specifies a kdc for this realm. If the optional port is absent, the
+Specifies a list of kdcs for this realm. If the optional port is absent, the
default value for the
.Dq kerberos/udp
service will be used.
+The kdcs will be used in the order that they are specified.
+.It Li admin_server = Va host[:port]
+Specifies the admin server for this realm, where all the modifications
+to the database are perfomed.
+.It Li kpasswd_server = Va host[:port]
+Points to the server where all the password changes are perfomed.
+If there is no such entry, the kpasswd port on the admin_server host
+will be tried.
.It Li v4_instance_convert
.It Li v4_name_convert
.It Li default_domain
@@ -136,7 +160,100 @@ for logging. See the
.Xr krb5_openlog 3
manual page for a list of defined destinations.
.El
+.It Li [kdc]
+.Bl -tag -width "xxx" -offset indent
+.It database Li = {
+.Bl -tag -width "xxx" -offset indent
+.It dbname Li = Va DATABASENAME
+use this database for this realm.
+.It realm Li = Va REALM
+specifies the realm that will be stored in this database.
+.It mkey_file Li = Pa FILENAME
+use this keytab file for the master key of this database.
+If not specified
+.Va DATABASENAME Ns .mkey
+will be used.
+.It acl_file Li = PA FILENAME
+use this file for the ACL list of this database.
+.It log_file Li = Pa FILENAME
+use this file as the log of changes performed to the database. This
+file is used by
+.Nm ipropd-master
+for propagating changes to slaves.
+.El
+.It Li }
+.It max-request = Va SIZE
+Maximum size of a kdc request.
+.It require-preauth = Va BOOL
+If set pre-authentication is required. Since krb4 requests are not
+pre-authenticated they will be rejected.
+.It ports = Va "list of ports"
+list of ports the kdc should listen to.
+.It addresses = Va "list of interfaces"
+list of addresses the kdc should bind to.
+.It enable-kerberos4 = Va BOOL
+turn on kerberos4 support.
+.It v4-realm = Va REALM
+to what realm v4 requests should be mapped.
+.It enable-524 = Va BOOL
+should the Kerberos 524 converting facility be turned on. Default is same as
+.Va enable-kerberos4 .
+.It enable-http = Va BOOL
+should the kdc answer kdc-requests over http.
+.It enable-kaserver = Va BOOL
+if this kdc should emulate the AFS kaserver.
+.It check-ticket-addresses = Va BOOL
+verify the addresses in the tickets used in tgs requests.
+.\" XXX
+.It allow-null-ticket-addresses = Va BOOL
+allow addresses-less tickets.
+.\" XXX
+.It allow-anonymous = Va BOOL
+if the kdc is allowed to hand out anonymous tickets.
+.It encode_as_rep_as_tgs_rep = Va BOOL
+encode as-rep as tgs-rep tobe compatible with mistakes older DCE secd did.
+.\" XXX
+.It kdc_warn_pwexpire = Va TIME
+the time before expiration that the user should be warned that her
+password is about to expire.
+.It logging = Va Logging
+What type of logging the kdc should use, see also [logging]/kdc.
.El
+.It Li [kadmin]
+.Bl -tag -width "xxx" -offset indent
+.It require-preauth = Va BOOL
+If pre-authentication is required to talk to the kadmin server.
+.It default_keys = Va keytypes...
+for each entry in
+.Va default_keys
+try to parse it as a sequence of
+.Va etype:salttype:salt
+syntax of this if something like:
+.Pp
+[(des|des3|etype):](pw-salt|afs3-salt)[:string]
+.Pp
+if
+.Ar etype
+is omitted it means everything, and if string is omitted is means the default string (for that principal). Additional special values of keyttypes are:
+.Bl -tag -width "xxx" -offset indent
+.It v5
+The kerberos 5 salt
+.Va pw-salt
+.It v4
+The kerberos 4 type
+.Va des:pw-salt:
+.El
+.It use_v4_salt = Va BOOL
+When true, this is the same as
+.Pp
+.Va default_keys = Va des3:pw-salt Va v4
+.Pp
+and is only left for backwards compatability.
+.El
+.El
+.Sh ENVIRONMENT
+.Ev KRB5_CONFIG
+points to the configuration file to read.
.Sh EXAMPLE
.Bd -literal -offset indent
[lib_defaults]
@@ -160,7 +277,21 @@ manual page for a list of defined destinations.
kdc = SYSLOG:INFO
default = SYSLOG:INFO:USER
.Ed
+.Sh DIAGNOSTICS
+Since
+.Nm
+is read and parsed by the krb5 library, there is not a lot of
+opportunities for programs to report parsing errors in any useful
+format.
+To help overcome this problem, there is a program
+.Nm verify_krb5_conf
+that reads
+.Nm
+and tries to emit useful diagnostics from parsing errors. Note that
+this program does not have any way of knowing what options are
+actually used and thus cannot warn about unknown or misspelt ones.
.Sh SEE ALSO
+.Xr verify_krb5_conf 8 ,
.Xr krb5_openlog 3 ,
.Xr krb5_425_conv_principal 3 ,
.Xr strftime 3 ,
diff --git a/crypto/heimdal/lib/krb5/krb5.h b/crypto/heimdal/lib/krb5/krb5.h
index 15837e0..65a8a16 100644
--- a/crypto/heimdal/lib/krb5/krb5.h
+++ b/crypto/heimdal/lib/krb5/krb5.h
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
-/* $Id: krb5.h,v 1.164 2000/02/06 07:40:57 assar Exp $ */
+/* $Id: krb5.h,v 1.179 2000/12/15 17:11:12 joda Exp $ */
#ifndef __KRB5_H__
#define __KRB5_H__
@@ -68,24 +68,7 @@ typedef octet_string krb5_data;
struct krb5_crypto_data;
typedef struct krb5_crypto_data *krb5_crypto;
-typedef enum krb5_cksumtype {
- CKSUMTYPE_NONE = 0,
- CKSUMTYPE_CRC32 = 1,
- CKSUMTYPE_RSA_MD4 = 2,
- CKSUMTYPE_RSA_MD4_DES = 3,
- CKSUMTYPE_DES_MAC = 4,
- CKSUMTYPE_DES_MAC_K = 5,
- CKSUMTYPE_RSA_MD4_DES_K = 6,
- CKSUMTYPE_RSA_MD5 = 7,
- CKSUMTYPE_RSA_MD5_DES = 8,
- CKSUMTYPE_RSA_MD5_DES3 = 9,
-/* CKSUMTYPE_SHA1 = 10,*/
- CKSUMTYPE_HMAC_SHA1_DES3 = 12,
- CKSUMTYPE_SHA1 = 1000, /* correct value? */
- CKSUMTYPE_HMAC_MD5 = -138, /* unofficial microsoft number */
- CKSUMTYPE_HMAC_MD5_ENC = -1138 /* even more unofficial */
-} krb5_cksumtype;
-
+typedef CKSUMTYPE krb5_cksumtype;
typedef enum krb5_enctype {
ETYPE_NULL = 0,
@@ -101,17 +84,14 @@ typedef enum krb5_enctype {
ETYPE_ARCFOUR_HMAC_MD5 = 23,
ETYPE_ARCFOUR_HMAC_MD5_56 = 24,
ETYPE_ENCTYPE_PK_CROSS = 48,
- ETYPE_DES_CBC_NONE = 0x1000,
- ETYPE_DES3_CBC_NONE = 0x1001
+ ETYPE_DES_CBC_NONE = -0x1000,
+ ETYPE_DES3_CBC_NONE = -0x1001,
+ ETYPE_DES_CFB64_NONE = -0x1002,
+ ETYPE_DES_PCBC_NONE = -0x1003,
+ ETYPE_DES3_CBC_NONE_IVEC = -0x1004
} krb5_enctype;
-typedef enum krb5_preauthtype {
- KRB5_PADATA_NONE = 0,
- KRB5_PADATA_AP_REQ,
- KRB5_PADATA_TGS_REQ = 1,
- KRB5_PADATA_ENC_TIMESTAMP = 2,
- KRB5_PADATA_ENC_SECURID
-} krb5_preauthtype;
+typedef PADATA_TYPE krb5_preauthtype;
typedef enum krb5_key_usage {
KRB5_KU_PA_ENC_TIMESTAMP = 1,
@@ -165,14 +145,28 @@ typedef enum krb5_key_usage {
KRB5_KU_OTHER_ENCRYPTED = 16,
/* Data which is defined in some specification outside of
Kerberos to be encrypted using an RFC1510 encryption type. */
- KRB5_KU_OTHER_CKSUM = 17
+ KRB5_KU_OTHER_CKSUM = 17,
/* Data which is defined in some specification outside of
Kerberos to be checksummed using an RFC1510 checksum type. */
+ KRB5_KU_KRB_ERROR = 18,
+ /* Krb-error checksum */
+ KRB5_KU_AD_KDC_ISSUED = 19,
+ /* AD-KDCIssued checksum */
+ KRB5_KU_MANDATORY_TICKET_EXTENSION = 20,
+ /* Checksum for Mandatory Ticket Extensions */
+ KRB5_KU_AUTH_DATA_TICKET_EXTENSION = 21,
+ /* Checksum in Authorization Data in Ticket Extensions */
+ KRB5_KU_USAGE_SEAL = 22,
+ /* seal in GSSAPI krb5 mechanism */
+ KRB5_KU_USAGE_SIGN = 23,
+ /* sign in GSSAPI krb5 mechanism */
+ KRB5_KU_USAGE_SEQ = 24
+ /* SEQ in GSSAPI krb5 mechanism */
} krb5_key_usage;
typedef enum krb5_salttype {
- KRB5_PW_SALT = pa_pw_salt,
- KRB5_AFS3_SALT = pa_afs3_salt
+ KRB5_PW_SALT = KRB5_PADATA_PW_SALT,
+ KRB5_AFS3_SALT = KRB5_PADATA_AFS3_SALT
}krb5_salttype;
typedef struct krb5_salt {
@@ -221,7 +215,14 @@ typedef AP_REQ krb5_ap_req;
struct krb5_cc_ops;
-#define KRB5_DEFAULT_CCROOT "FILE:/tmp/krb5cc_"
+#define KRB5_DEFAULT_CCFILE_ROOT "/tmp/krb5cc_"
+
+#define KRB5_DEFAULT_CCROOT "FILE:" KRB5_DEFAULT_CCFILE_ROOT
+
+#define KRB5_ACCEPT_NULL_ADDRESSES(C) \
+ krb5_config_get_bool_default((C), NULL, TRUE, \
+ "libdefaults", "accept_null_addresses", \
+ NULL)
typedef void *krb5_cc_cursor;
@@ -373,18 +374,9 @@ typedef struct krb5_context_data {
version */
int num_kt_types; /* # of registered keytab types */
struct krb5_keytab_data *kt_types; /* registered keytab types */
+ const char *date_fmt;
} krb5_context_data;
-enum {
- KRB5_NT_UNKNOWN = 0,
- KRB5_NT_PRINCIPAL = 1,
- KRB5_NT_SRV_INST = 2,
- KRB5_NT_SRV_HST = 3,
- KRB5_NT_SRV_XHST = 4,
- KRB5_NT_UID = 5
-};
-
-
typedef struct krb5_ticket {
EncTicketPart ticket;
krb5_principal client;
@@ -397,7 +389,7 @@ typedef krb5_authenticator_data *krb5_authenticator;
struct krb5_rcache_data;
typedef struct krb5_rcache_data *krb5_rcache;
-typedef Authenticator krb5_donot_reply;
+typedef Authenticator krb5_donot_replay;
#define KRB5_STORAGE_HOST_BYTEORDER 0x01
#define KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS 0x02
@@ -407,7 +399,7 @@ typedef Authenticator krb5_donot_reply;
typedef struct krb5_storage {
void *data;
ssize_t (*fetch)(struct krb5_storage*, void*, size_t);
- ssize_t (*store)(struct krb5_storage*, void*, size_t);
+ ssize_t (*store)(struct krb5_storage*, const void*, size_t);
off_t (*seek)(struct krb5_storage*, off_t, int);
void (*free)(struct krb5_storage*);
krb5_flags flags;
@@ -456,11 +448,27 @@ struct krb5_keytab_key_proc_args {
typedef struct krb5_keytab_key_proc_args krb5_keytab_key_proc_args;
+typedef struct krb5_replay_data {
+ krb5_timestamp timestamp;
+ u_int32_t usec;
+ u_int32_t seq;
+} krb5_replay_data;
+
+/* flags for krb5_auth_con_setflags */
enum {
KRB5_AUTH_CONTEXT_DO_TIME = 1,
KRB5_AUTH_CONTEXT_RET_TIME = 2,
KRB5_AUTH_CONTEXT_DO_SEQUENCE = 4,
- KRB5_AUTH_CONTEXT_RET_SEQUENCE = 8
+ KRB5_AUTH_CONTEXT_RET_SEQUENCE = 8,
+ KRB5_AUTH_CONTEXT_PERMIT_ALL = 16
+};
+
+/* flags for krb5_auth_con_genaddrs */
+enum {
+ KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR = 1,
+ KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR = 3,
+ KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR = 4,
+ KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR = 12
};
typedef struct krb5_auth_context_data {
@@ -474,8 +482,8 @@ typedef struct krb5_auth_context_data {
krb5_keyblock *local_subkey;
krb5_keyblock *remote_subkey;
- int32_t local_seqnumber;
- int32_t remote_seqnumber;
+ u_int32_t local_seqnumber;
+ u_int32_t remote_seqnumber;
krb5_authenticator authenticator;
@@ -494,7 +502,7 @@ typedef struct {
KRB_ERROR error;
} krb5_kdc_rep;
-extern char *heimdal_version, *heimdal_long_version;
+extern const char *heimdal_version, *heimdal_long_version;
typedef void (*krb5_log_log_func_t)(const char*, const char*, void*);
typedef void (*krb5_log_close_func_t)(void*);
@@ -549,6 +557,7 @@ typedef struct _krb5_get_init_creds_opt {
krb5_deltat renew_life;
int forwardable;
int proxiable;
+ int anonymous;
krb5_enctype *etype_list;
int etype_list_length;
krb5_addresses *address_list;
@@ -570,6 +579,7 @@ typedef struct _krb5_get_init_creds_opt {
#define KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST 0x0020
#define KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST 0x0040
#define KRB5_GET_INIT_CREDS_OPT_SALT 0x0080
+#define KRB5_GET_INIT_CREDS_OPT_ANONYMOUS 0x0100
typedef struct _krb5_verify_init_creds_opt {
krb5_flags flags;
@@ -584,6 +594,7 @@ extern const krb5_cc_ops krb5_mcc_ops;
extern const krb5_kt_ops krb5_fkt_ops;
extern const krb5_kt_ops krb5_mkt_ops;
extern const krb5_kt_ops krb5_akf_ops;
+extern const krb5_kt_ops krb4_fkt_ops;
#define KRB5_KPASSWD_SUCCESS 0
#define KRB5_KPASSWD_MALFORMED 0
diff --git a/crypto/heimdal/lib/krb5/krb5_425_conv_principal.3 b/crypto/heimdal/lib/krb5/krb5_425_conv_principal.3
index 231c3ff..ff90c64 100644
--- a/crypto/heimdal/lib/krb5/krb5_425_conv_principal.3
+++ b/crypto/heimdal/lib/krb5/krb5_425_conv_principal.3
@@ -1,5 +1,5 @@
.\" Copyright (c) 1997 Kungliga Tekniska Högskolan
-.\" $Id: krb5_425_conv_principal.3,v 1.3 1999/04/11 01:47:22 joda Exp $
+.\" $Id: krb5_425_conv_principal.3,v 1.4 2001/01/26 22:43:21 assar Exp $
.Dd April 11, 1999
.Dt KRB5_425_CONV_PRINCIPAL 3
.Os HEIMDAL
@@ -8,21 +8,15 @@
.Nm krb5_425_conv_principal_ext ,
.Nm krb5_524_conv_principal
.Nd Converts to and from version 4 principals
-
.Sh SYNOPSIS
.Fd #include <krb5.h>
-
.Ft krb5_error_code
.Fn krb5_425_conv_principal "krb5_context context" "const char *name" "const char *instance" "const char *realm" "krb5_principal *principal"
-
.Ft krb5_error_code
.Fn krb5_425_conv_principal_ext "krb5_context context" "const char *name" "const char *instance" "const char *realm" "krb5_boolean (*func)(krb5_context, krb5_principal)" "krb5_boolean resolve" "krb5_principal *principal"
-
.Ft krb5_error_code
.Fn krb5_524_conv_principal "krb5_context context" "const krb5_principal principal" "char *name" "char *instance" "char *realm"
-
.Sh DESCRIPTION
-
Converting between version 4 and version 5 principals can at best be
described as a mess.
.Pp
@@ -124,9 +118,7 @@ instances found to belong to a host principal. The
and
.Fa realm
should be at least 40 characters long.
-
.Sh EXAMPLES
-
Since this is confusing an example is in place.
.Pp
Assume that we have the
@@ -188,7 +180,6 @@ the second example will result in
.Dq ftp/b-host.foo.com
(because of the default domain). And all of this is of course only
valid if you have working name resolving.
-
.Sh SEE ALSO
.Xr krb5_build_principal 3 ,
.Xr krb5_free_principal 3 ,
diff --git a/crypto/heimdal/lib/krb5/krb5_appdefault.3 b/crypto/heimdal/lib/krb5/krb5_appdefault.3
new file mode 100644
index 0000000..3ce6fc9
--- /dev/null
+++ b/crypto/heimdal/lib/krb5/krb5_appdefault.3
@@ -0,0 +1,57 @@
+.\" Copyright (c) 2000 Kungliga Tekniska Högskolan
+.\" $Id: krb5_appdefault.3,v 1.3 2001/01/05 16:29:42 joda Exp $
+.Dd July 25, 2000
+.Dt KRB5_APPDEFAULT 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_appdefault_boolean ,
+.Nm krb5_appdefault_string ,
+.Nm krb5_appdefault_time
+.Nd Get application configuration value
+
+.Sh SYNOPSIS
+.Fd #include <krb5.h>
+
+.Ft void
+.Fn krb5_appdefault_boolean "krb5_context context" "const char *appname" "krb5_realm realm" "const char *option" "krb5_boolean def_val" "krb5_boolean *ret_val"
+.Ft void
+.Fn krb5_appdefault_string "krb5_context context" "const char *appname" "krb5_realm realm" "const char *option" "const char *def_val" "char **ret_val"
+.Ft void
+.Fn krb5_appdefault_time "krb5_context context" "const char *appname" "krb5_realm realm" "const char *option" "time_t def_val" "time_t *ret_val"
+
+.Sh DESCRIPTION
+
+These functions get application application defaults from the
+.Dv appdefaults
+section of the
+.Xr krb5.conf 5
+configuration file. These defaults can be specified per application,
+and/or per realm.
+
+These values will be looked for in
+.Xr krb5.conf 5 ,
+in order of descending importance.
+.Bd -literal -offset indent
+[appdefaults]
+ appname = {
+ realm = {
+ option = value
+ }
+ }
+ appname = {
+ option = value
+ }
+ realm = {
+ option = value
+ }
+ option = value
+.Ed
+
+If the realm is omitted it will not be used for resolving values. If
+no value can be found,
+.Fa def_val
+is returned instead.
+
+.Sh SEE ALSO
+.Xr krb5_config 3 ,
+.Xr krb5.conf 5
diff --git a/crypto/heimdal/lib/krb5/krb5_auth_context.3 b/crypto/heimdal/lib/krb5/krb5_auth_context.3
new file mode 100644
index 0000000..42a96ec
--- /dev/null
+++ b/crypto/heimdal/lib/krb5/krb5_auth_context.3
@@ -0,0 +1,284 @@
+.\" Copyright (c) 2001 Kungliga Tekniska Högskolan
+.\" $Id: krb5_auth_context.3,v 1.1 2001/01/28 19:47:33 assar Exp $
+.Dd Jan 21, 2001
+.Dt KRB5_AUTH_CONTEXT 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_auth_context ,
+.Nm krb5_auth_con_init ,
+.Nm krb5_auth_con_free ,
+.Nm krb5_auth_con_setflags ,
+.Nm krb5_auth_con_getflags ,
+.Nm krb5_auth_con_setaddrs ,
+.Nm krb5_auth_con_setaddrs_from_fd ,
+.Nm krb5_auth_con_getaddrs ,
+.Nm krb5_auth_con_genaddrs ,
+.Nm krb5_auth_con_getkey ,
+.Nm krb5_auth_con_setkey ,
+.Nm krb5_auth_con_getuserkey ,
+.Nm krb5_auth_con_setuserkey ,
+.Nm krb5_auth_con_getlocalsubkey ,
+.Nm krb5_auth_con_setlocalsubkey ,
+.Nm krb5_auth_con_getremotesubkey ,
+.Nm krb5_auth_con_setremotesubkey ,
+.Nm krb5_auth_setcksumtype ,
+.Nm krb5_auth_getcksumtype ,
+.Nm krb5_auth_setkeytype ,
+.Nm krb5_auth_getkeytype ,
+.Nm krb5_auth_getlocalseqnumber ,
+.Nm krb5_auth_setlocalseqnumber ,
+.Nm krb5_auth_getremoteseqnumber ,
+.Nm krb5_auth_setremoteseqnumber ,
+.Nm krb5_auth_getauthenticator ,
+.Nm krb5_auth_con_getrcache ,
+.Nm krb5_auth_con_setrcache ,
+.Nm krb5_auth_con_initivector ,
+.Nm krb5_auth_con_setivector
+.Nd manage authetication on connection level.
+.Sh SYNOPSIS
+.Fd #include <krb5.h>
+.Ft krb5_error_code
+.Fo krb5_auth_con_init
+.Fa "krb5_context context"
+.Fa "krb5_auth_context *auth_context"
+.Fc
+.Ft void
+.Fo krb5_auth_con_free
+.Fa "krb5_context context"
+.Fa "krb5_auth_context auth_context"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_auth_con_setflags
+.Fa "krb5_context context"
+.Fa "krb5_auth_context auth_context"
+.Fa "int32_t flags"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_auth_con_getflags
+.Fa "krb5_context context"
+.Fa "krb5_auth_context auth_context"
+.Fa "int32_t *flags"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_auth_con_setaddrs
+.Fa "krb5_context context"
+.Fa "krb5_auth_context auth_context"
+.Fa "krb5_address *local_addr"
+.Fa "krb5_address *remote_addr"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_auth_con_getaddrs
+.Fa "krb5_context context"
+.Fa "krb5_auth_context auth_context"
+.Fa "krb5_address **local_addr"
+.Fa "krb5_address **remote_addr"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_auth_con_genaddrs
+.Fa "krb5_context context"
+.Fa "krb5_auth_context auth_context"
+.Fa "int fd"
+.Fa "int flags"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_auth_con_setaddrs_from_fd
+.Fa "krb5_context context"
+.Fa "krb5_auth_context auth_context"
+.Fa "void *p_fd"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_auth_con_getkey
+.Fa "krb5_context context"
+.Fa "krb5_auth_context auth_context"
+.Fa "krb5_keyblock **keyblock"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_auth_con_getlocalsubkey
+.Fa "krb5_context context"
+.Fa "krb5_auth_context auth_context"
+.Fa "krb5_keyblock **keyblock"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_auth_con_getremotesubkey
+.Fa "krb5_context context"
+.Fa "krb5_auth_context auth_context"
+.Fa "krb5_keyblock **keyblock"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_auth_con_initivector
+.Fa "krb5_context context"
+.Fa "krb5_auth_context auth_context"
+.Fc
+.Ft krb5_error_code
+.Fo krb5_auth_con_setivector
+.Fa "krb5_context context"
+.Fa "krb5_auth_context *auth_context"
+.Fa "krb5_pointer ivector"
+.Fc
+.Sh DESCRIPTION
+The
+.Nm krb5_auth_context
+structure holds all context related to an authenticated connection, in
+a similar way to
+.Nm krb5_context
+that holds the context for the thread or process.
+.Nm krb5_auth_context
+is used by various functions that are directly related to
+authentication between the server/client. Example of data that this
+structure contains are varius flags, addresses of client and server,
+port numbers, keyblocks (and subkeys), sequence numbers, replay cache,
+and checksum-type.
+.Pp
+.Fn krb5_auth_con_init
+allocates and initilizes the
+.Nm krb5_auth_context
+structure. Default values can be changed with
+.Fn krb5_auth_con_setcksumtype
+and
+.Fn krb5_auth_con_setflags .
+The
+.Nm auth_context
+structure must be freed by
+.Fn krb5_auth_con_free .
+.Pp
+.Fn krb5_auth_con_getflags
+and
+.Fn krb5_auth_con_setflags
+gets and modifies the flags for a
+.Nm krb5_auth_context
+structure. Possible flags to set are:
+.Bl -tag -width Ds
+.It Dv KRB5_AUTH_CONTEXT_DO_TIME
+check timestamp on incoming packets.
+.\".It Dv KRB5_AUTH_CONTEXT_RET_TIME
+.It Dv KRB5_AUTH_CONTEXT_DO_SEQUENCE
+Generate and check sequence-number on each packet.
+.\".It Dv KRB5_AUTH_CONTEXT_RET_SEQUENCE
+.\".It Dv KRB5_AUTH_CONTEXT_PERMIT_ALL
+.El
+.Pp
+.Fn krb5_auth_con_setaddrs ,
+.Fn krb5_auth_con_setaddrs_from_fd
+and
+.Fn krb5_auth_con_getaddrs
+gets and sets the addresses that are checked when a packet is received.
+It is mandatory to set an address for the remote
+host. If the local address is not set, it iss deduced from the underlaying
+operating system.
+.Fn krb5_auth_con_getaddrs
+will call
+.Fn krb5_free_address
+on any address that is passed in
+.Fa local_addr
+or
+.Fa remote_addr .
+.Fn krb5_auth_con_setaddr
+allows passing in a
+.Dv NULL
+pointer as
+.Fa local_addr
+and
+.Fa remote_addr ,
+in that case it will just not set that address.
+.Pp
+.Fn krb5_auth_con_setaddrs_from_fd
+fetches the addresses from a file descriptor.
+.Pp
+.Fn krb5_auth_con_genaddrs
+fetches the address information from the given file descriptor
+.Fa fd
+depending on the bitmap argument
+.Fa flags .
+.Pp
+Possible values on
+.Fa flags
+are:
+.Bl -tag -width Ds
+.It Va KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR
+fetches the local address from
+.Fa fd .
+.It Va KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR
+fetches the remote address from
+.Fa fd .
+.El
+.Pp
+.Fn krb5_auth_con_setkey ,
+.Fn krb5_auth_con_setuserkey
+and
+.Fn krb5_auth_con_getkey
+gets and sets the key used for this auth context. The keyblock returned by
+.Fn krb5_auth_con_getkey
+should be freed with
+.Fn krb5_free_keyblock .
+The keyblock send into
+.Fn krb5_auth_con_setkey
+is copied into the
+.Nm krb5_auth_context ,
+and thus no special handling is needed.
+.Dv NULL
+is not a valid keyblock to
+.Fn krb5_auth_con_setkey .
+.Pp
+.Fn krb5_auth_con_setuserkey
+is only useful when doing user to user authentication.
+.Fn krb5_auth_con_setkey
+is equivalent to
+.Fn krb5_auth_con_setuserkey .
+.Pp
+.Fn krb5_auth_con_getlocalsubkey ,
+.Fn krb5_auth_con_setlocalsubkey ,
+.Fn krb5_auth_con_getremotesubkey
+and
+.Fn krb5_auth_con_setremotesubkey
+gets and sets the keyblock for the local and remote subkey. The keyblock returned by
+.Fn krb5_auth_con_getlocalsubkey
+and
+.Fn krb5_auth_con_getremotesubkey
+must be freed with
+.Fn krb5_free_keyblock .
+.Pp
+.Fn krb5_auth_setcksumtype
+and
+.Fn krb5_auth_getcksumtype
+sets and gets the checksum type that should be used for this
+connection.
+.Pp
+.Fn krb5_auth_getremoteseqnumber
+.Fn krb5_auth_setremoteseqnumber ,
+.Fn krb5_auth_getlocalseqnumber
+and
+.Fn krb5_auth_setlocalseqnumber
+gets and sets the sequence-number for the local and remote
+sequence-number counter.
+.Pp
+.Fn krb5_auth_setkeytype
+and
+.Fn krb5_auth_getkeytype
+gets and gets the keytype of the keyblock in
+.Nm krb5_auth_context .
+.Pp
+.Fn krb5_auth_getauthenticator
+Retrieves the authenticator that was used during mutual
+authentication. The
+.Dv authenticator
+returned should be freed by calling
+.Fn krb5_free_authenticator .
+.Pp
+.Fn krb5_auth_con_getrcache
+and
+.Fn krb5_auth_con_setrcache
+gets and sets the replay-cache.
+.Pp
+.Fn krb5_auth_con_initivector
+allocates memory for and zeros the initial vector in the
+.Fa auth_context
+keyblock.
+.Pp
+.Fn krb5_auth_con_setivector
+sets the i_vector portion of
+.Fa auth_context
+to
+.Fa ivector .
+.Sh SEE ALSO
+.Xr krb5_context 3 ,
+.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5_build_principal.3 b/crypto/heimdal/lib/krb5/krb5_build_principal.3
index 16ccf72..db703a4 100644
--- a/crypto/heimdal/lib/krb5/krb5_build_principal.3
+++ b/crypto/heimdal/lib/krb5/krb5_build_principal.3
@@ -1,5 +1,5 @@
.\" Copyright (c) 1997 Kungliga Tekniska Högskolan
-.\" $Id: krb5_build_principal.3,v 1.1 1997/08/14 00:03:16 joda Exp $
+.\" $Id: krb5_build_principal.3,v 1.2 2001/01/26 22:43:21 assar Exp $
.Dd August 8, 1997
.Dt KRB5_BUILD_PRINCIPAL 3
.Os HEIMDAL
@@ -10,28 +10,19 @@
.Nm krb5_build_principal_va_ext ,
.Nm krb5_make_principal
.Nd Principal creation functions
-
.Sh SYNOPSIS
.Fd #include <krb5.h>
-
.Ft krb5_error_code
.Fn krb5_build_principal "krb5_context context" "krb5_principal *principal" "int realm_len" "krb5_const_realm realm" "..."
-
.Ft krb5_error_code
.Fn krb5_build_principal_ext "krb5_context context" "krb5_principal *principal" "int realm_len" "krb5_const_realm realm" "..."
-
.Ft krb5_error_code
.Fn krb5_build_principal_va "krb5_context context" "krb5_principal *principal" "int realm_len" "krb5_const_realm realm" "va_list ap"
-
.Ft krb5_error_code
.Fn krb5_build_principal_va_ext "krb5_context context" "krb5_principal *principal" "int realm_len" "krb5_const_realm realm" "va_list ap"
-
.Ft krb5_error_code
.Fn krb5_make_principal "krb5_context context" "krb5_principal *principal" "krb5_const_realm realm" "..."
-
-
.Sh DESCRIPTION
-
These functions create a Kerberos 5 principal from a realm and a list
of components.
All of these functions return an allocated principal in the
@@ -65,7 +56,6 @@ is a wrapper around
If the realm is
.Dv NULL ,
the default realm will be used.
-
.Sh BUGS
You can not have a NUL in a component. Until someone can give a good
example of where it would be a good idea to have NUL's in a component,
diff --git a/crypto/heimdal/lib/krb5/krb5_config.3 b/crypto/heimdal/lib/krb5/krb5_config.3
new file mode 100644
index 0000000..b5a74db
--- /dev/null
+++ b/crypto/heimdal/lib/krb5/krb5_config.3
@@ -0,0 +1,71 @@
+.\" Copyright (c) 2000 Kungliga Tekniska Högskolan
+.\" $Id: krb5_config.3,v 1.1 2000/07/25 10:22:46 joda Exp $
+.Dd July 25, 2000
+.Dt KRB5_CONFIG 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_config_get_bool_default ,
+.Nm krb5_config_get_int_default ,
+.Nm krb5_config_get_string_default ,
+.Nm krb5_config_get_time_default
+.Nd Get configuration value
+
+.Sh SYNOPSIS
+.Fd #include <krb5.h>
+
+.Ft krb5_boolean
+.Fn krb5_config_get_bool_default "krb5_context context" "krb5_config_section *c" "krb5_boolean def_value" "..."
+.Ft int
+.Fn krb5_config_get_int_default "krb5_context context" "krb5_config_section *c" "int def_value" "..."
+.Ft const char*
+.Fn krb5_config_get_string_default "krb5_context context" "krb5_config_section *c" "const char *def_value" "..."
+.Ft int
+.Fn krb5_config_get_time_default "krb5_context context" "krb5_config_section *c" "int def_value" "..."
+
+.Sh DESCRIPTION
+
+These functions get values from the
+.Xr krb5.conf 5
+configuration file, or another configuration database specified by the
+.Fa c
+parameter.
+
+The variable arguments should be a list of strings naming each
+subsection to look for. For example:
+
+.Bd -literal -offset indent
+krb5_config_get_bool_default(context, NULL, FALSE, "libdefaults", "log_utc", NULL)
+.Ed
+
+gets the boolean value for the
+.Dv log_utc
+option, defaulting to
+.Dv FALSE .
+
+.Fn krb5_config_get_bool_default
+will convert the option value to a boolean value, where
+.Sq yes ,
+.Sq true ,
+and any non-zero number means
+.Dv TRUE ,
+and any other value
+.Dv FALSE .
+
+.Fn krb5_config_get_int_default
+will convert the value to an integer.
+
+.Fn krb5_config_get_time_default
+will convert the value to a period of time (not a time stamp) in
+seconds, so the string
+.Sq 2 weeks
+will be converted to
+1209600 (2 * 7 * 24 * 60 * 60).
+
+.Sh BUGS
+
+Other than for the string case, there's no way to tell whether there
+was a value specified or not.
+
+.Sh SEE ALSO
+.Xr krb5_appdefault 3 ,
+.Xr krb5.conf 5
diff --git a/crypto/heimdal/lib/krb5/krb5_context.3 b/crypto/heimdal/lib/krb5/krb5_context.3
new file mode 100644
index 0000000..83a768d
--- /dev/null
+++ b/crypto/heimdal/lib/krb5/krb5_context.3
@@ -0,0 +1,20 @@
+.\" Copyright (c) 2001 Kungliga Tekniska Högskolan
+.\" $Id: krb5_context.3,v 1.1 2001/01/28 21:39:29 assar Exp $
+.Dd Jan 21, 2001
+.Dt KRB5_CONTEXT 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_context
+.Sh DESCRIPTION
+The
+.Nm
+structure is designed to hold all per thread state. All global
+variables that are context specific are stored in this struture,
+including default encryption types, credential-cache (ticket file), and
+default realms.
+.Pp
+The internals of the structure should never be accessed directly,
+functions exist for extracting information.
+.Sh SEE ALSO
+.Xr krb5_init_context 3 ,
+.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5_create_checksum.3 b/crypto/heimdal/lib/krb5/krb5_create_checksum.3
index e2362a9..9472ed6 100644
--- a/crypto/heimdal/lib/krb5/krb5_create_checksum.3
+++ b/crypto/heimdal/lib/krb5/krb5_create_checksum.3
@@ -1,5 +1,5 @@
.\" Copyright (c) 1999 Kungliga Tekniska Högskolan
-.\" $Id: krb5_create_checksum.3,v 1.1 1999/04/18 13:47:11 joda Exp $
+.\" $Id: krb5_create_checksum.3,v 1.2 2001/01/26 22:43:21 assar Exp $
.Dd April 7, 1999
.Dt NAME 3
.Os HEIMDAL
@@ -12,19 +12,14 @@
.Nd creates and verifies checksums
.Sh SYNOPSIS
.Fd #include <krb5.h>
-
.Ft krb5_error_code
.Fn krb5_create_checksum "krb5_context context" "krb5_crypto crypto" "unsigned usage_or_type" "void *data" "size_t len" "Checksum *result"
-
.Ft krb5_error_code
.Fn krb5_verify_checksum "krb5_context context" "krb5_crypto crypto" "krb5_key_usage usage" "void *data" "size_t len" "Checksum *cksum"
-
.Ft krb5_boolean
.Fn krb5_checksum_is_collision_proof "krb5_context context" "krb5_cksumtype type"
-
.Ft krb5_boolean
.Fn krb5_checksum_is_keyed "krb5_context context" "krb5_cksumtype type"
-
.Sh DESCRIPTION
These functions are used to create and verify checksums.
.Fn krb5_create_checksum
@@ -60,7 +55,6 @@ value is a function of both the data, and a separate key). Examples of
keyed hash algorithms are HMAC-SHA1-DES3, and RSA-MD5-DES. The
.Dq plain
hash functions MD5, and SHA1 are not keyed.
-
.\" .Sh EXAMPLE
.\" .Sh BUGS
.Sh SEE ALSO
diff --git a/crypto/heimdal/lib/krb5/krb5_crypto_init.3 b/crypto/heimdal/lib/krb5/krb5_crypto_init.3
index 29db8c1..7d46567 100644
--- a/crypto/heimdal/lib/krb5/krb5_crypto_init.3
+++ b/crypto/heimdal/lib/krb5/krb5_crypto_init.3
@@ -1,5 +1,5 @@
.\" Copyright (c) 1999 Kungliga Tekniska Högskolan
-.\" $Id: krb5_crypto_init.3,v 1.1 1999/04/18 13:47:21 joda Exp $
+.\" $Id: krb5_crypto_init.3,v 1.2 2001/01/26 22:43:22 assar Exp $
.Dd April 7, 1999
.Dt NAME 3
.Os HEIMDAL
@@ -9,13 +9,10 @@
.Nd initialize encryption context
.Sh SYNOPSIS
.Fd #include <krb5.h>
-
.Ft krb5_error_code
.Fn krb5_crypto_init "krb5_context context" "krb5_keyblock *key" "krb5_enctype enctype" "krb5_crypto *crypto"
-
.Ft krb5_error_code
.Fn krb5_crypto_destroy "krb5_context context" "krb5_crypto crypto"
-
.Sh DESCRIPTION
These functions are used to initialize an encryption context that can
be used to encrypt or checksum data.
@@ -33,7 +30,6 @@ with the
.Pp
.Fn krb5_crypto_destroy
frees a previously allocated encrypion context.
-
.\" .Sh EXAMPLE
.\" .Sh BUGS
.Sh SEE ALSO
diff --git a/crypto/heimdal/lib/krb5/krb5_encrypt.3 b/crypto/heimdal/lib/krb5/krb5_encrypt.3
index d8cc89e..291e503 100644
--- a/crypto/heimdal/lib/krb5/krb5_encrypt.3
+++ b/crypto/heimdal/lib/krb5/krb5_encrypt.3
@@ -1,5 +1,5 @@
.\" Copyright (c) 1999 Kungliga Tekniska Högskolan
-.\" $Id: krb5_encrypt.3,v 1.1 1999/04/18 13:47:30 joda Exp $
+.\" $Id: krb5_encrypt.3,v 1.2 2001/01/26 22:43:22 assar Exp $
.Dd April 7, 1999
.Dt KRB5_ENCRYPT 3
.Os HEIMDAL
@@ -11,19 +11,14 @@
.Nd encrypt and decrypt data
.Sh SYNOPSIS
.Fd #include <krb5.h>
-
.Ft krb5_error_code
.Fn krb5_encrypt "krb5_context context" "krb5_crypto crypto" "unsigned usage" "void *data" "size_t len" "krb5_data *result"
-
.Ft krb5_error_code
.Fn krb5_encrypt_EncryptedData "krb5_context context" "krb5_crypto crypto" "unsigned usage" "void *data" "size_t len" "int kvno" "EncryptedData *result"
-
.Ft krb5_error_code
.Fn krb5_decrypt "krb5_context context" "krb5_crypto crypto" "unsigned usage" "void *data" "size_t len" "krb5_data *result"
-
.Ft krb5_error_code
.Fn krb5_decrypt_EncryptedData "krb5_context context" "krb5_crypto crypto" "unsigned usage" "EncryptedData *e" "krb5_data *result"
-
.Sh DESCRIPTION
These functions are used to encrypt and decrypt data.
.Pp
@@ -52,7 +47,6 @@ is not zero, it will be put in the
and
.Fn krb5_decrypt_EncryptedData
works similarly.
-
.\" .Sh EXAMPLE
.\" .Sh BUGS
.Sh SEE ALSO
diff --git a/crypto/heimdal/lib/krb5/krb5_err.et b/crypto/heimdal/lib/krb5/krb5_err.et
index 895ae66..3427923 100644
--- a/crypto/heimdal/lib/krb5/krb5_err.et
+++ b/crypto/heimdal/lib/krb5/krb5_err.et
@@ -3,7 +3,7 @@
#
# This might look like a com_err file, but is not
#
-id "$Id: krb5_err.et,v 1.8 2000/02/07 12:54:17 joda Exp $"
+id "$Id: krb5_err.et,v 1.9 2000/04/06 00:41:37 assar Exp $"
error_table krb5
@@ -68,10 +68,30 @@ index 60
error_code GENERIC, "Generic error (see e-text)"
error_code FIELD_TOOLONG, "Field is too long for this implementation"
-# 62-127 are reserved
+# pkinit
+index 62
+prefix KDC_ERROR
+error_code CLIENT_NOT_TRUSTED, "Client not trusted"
+error_code KDC_NOT_TRUSTED, "KDC not trusted"
+error_code INVALID_SIG, "Invalid signature"
+error_code KEY_TOO_WEAK, "Key too weak"
+error_code CERTIFICATE_MISMATCH, "Certificate mismatch"
+prefix KRB5_AP_ERR
+error_code USER_TO_USER_REQUIRED, "User to user required"
+prefix KDC_ERROR
+error_code CANT_VERIFY_CERTIFICATE, "Cannot verify certificate"
+error_code INVALID_CERTIFICATE, "Invalid certificate"
+error_code REVOKED_CERTIFICATE, "Revoked certificate"
+error_code REVOCATION_STATUS_UNKNOWN, "Revocation status unknown"
+error_code REVOCATION_STATUS_UNAVAILABLE,"Revocation status unavailable"
+error_code CLIENT_NAME_MISMATCH, "Client name mismatch"
+error_code KDC_NAME_MISMATCH, "KDC name mismatch"
+
+# 77-127 are reserved
+
index 128
prefix
-error_code KRB5_ERR_RCSID, "$Id: krb5_err.et,v 1.8 2000/02/07 12:54:17 joda Exp $"
+error_code KRB5_ERR_RCSID, "$Id: krb5_err.et,v 1.9 2000/04/06 00:41:37 assar Exp $"
error_code KRB5_LIBOS_BADLOCKFLAG, "Invalid flag for file lock mode"
error_code KRB5_LIBOS_CANTREADPWD, "Cannot read password"
diff --git a/crypto/heimdal/lib/krb5/krb5_free_principal.3 b/crypto/heimdal/lib/krb5/krb5_free_principal.3
index ba5888a..1f318cc 100644
--- a/crypto/heimdal/lib/krb5/krb5_free_principal.3
+++ b/crypto/heimdal/lib/krb5/krb5_free_principal.3
@@ -1,27 +1,22 @@
.\" Copyright (c) 1997 Kungliga Tekniska Högskolan
-.\" $Id: krb5_free_principal.3,v 1.1 1997/08/14 00:03:17 joda Exp $
+.\" $Id: krb5_free_principal.3,v 1.2 2001/01/26 22:43:22 assar Exp $
.Dd August 8, 1997
.Dt KRB5_FREE_PRINCIPAL 3
.Os HEIMDAL
.Sh NAME
.Nm krb5_free_principal
.Nd Principal free function
-
.Sh SYNOPSIS
.Fd #include <krb5.h>
-
.Ft void
.Fn krb5_free_principal "krb5_context context" "krb5_principal principal"
-
.Sh DESCRIPTION
-
The
.Fn krb5_free_principal
will free a principal that has been created with
.Fn krb5_build_principal ,
.Fn krb5_parse_name ,
or with some other function.
-
.Sh SEE ALSO
.Xr krb5_425_conv_principal 3 ,
.Xr krb5_build_principal 3 ,
diff --git a/crypto/heimdal/lib/krb5/krb5_init_context.3 b/crypto/heimdal/lib/krb5/krb5_init_context.3
new file mode 100644
index 0000000..7e27ec2
--- /dev/null
+++ b/crypto/heimdal/lib/krb5/krb5_init_context.3
@@ -0,0 +1,38 @@
+.\" Copyright (c) 2001 Kungliga Tekniska Högskolan
+.\" $Id: krb5_init_context.3,v 1.1 2001/01/28 21:39:29 assar Exp $
+.Dd Jan 21, 2001
+.Dt KRB5_CONTEXT 3
+.Os HEIMDAL
+.Sh NAME
+.Nm krb5_init_context ,
+.Nm krb5_free_context
+.Sh SYNOPSIS
+.Fd #include <krb5.h>
+.Ft krb5_error_code
+.Fn krb5_init_context "krb5_context *context"
+.Ft void
+.Fn krb5_free_context "krb5_context *context"
+.Sh DESCRIPTION
+The
+.Fn krb5_init_context
+function initializes the
+.Fa context
+structure and reads the configration file
+.Pa /etc/krb5.conf .
+.Pp
+The structure should be freed by calling
+.Fn krb5_free_context
+when it is no longer being used.
+.Sh RETURN VALUES
+.Fn krb5_init_context
+returns 0 to indicate success.
+Otherwise an errno code is returned.
+Failure means either that something bad happened during initialization
+(typically
+.Bq ENOMEM )
+or that Kerberos should not be used
+.Bq ENXIO .
+.Sh SEE ALSO
+.Xr krb5_context 3 ,
+.Xr errno 2 ,
+.Xr kerberos 8
diff --git a/crypto/heimdal/lib/krb5/krb5_locl.h b/crypto/heimdal/lib/krb5/krb5_locl.h
index b7093b1..7ea9038 100644
--- a/crypto/heimdal/lib/krb5/krb5_locl.h
+++ b/crypto/heimdal/lib/krb5/krb5_locl.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997-1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
-/* $Id: krb5_locl.h,v 1.63 1999/12/02 17:05:11 joda Exp $ */
+/* $Id: krb5_locl.h,v 1.64 2001/01/29 02:09:00 assar Exp $ */
#ifndef __KRB5_LOCL_H__
#define __KRB5_LOCL_H__
@@ -109,11 +109,31 @@ struct sockaddr_dl;
#include <parse_time.h>
#include <base64.h>
+#ifdef HAVE_OPENSSL_DES_H
+#include <openssl/des.h>
+#else
#include <des.h>
+#endif
+#ifdef HAVE_OPENSSL_MD4_H
+#include <openssl/md4.h>
+#else
#include <md4.h>
+#endif
+#ifdef HAVE_OPENSSL_MD5_H
+#include <openssl/md5.h>
+#else
#include <md5.h>
+#endif
+#ifdef HAVE_OPENSSL_SHA_H
+#include <openssl/sha.h>
+#else
#include <sha.h>
+#endif
+#ifdef HAVE_OPENSSL_RC4_H
+#include <openssl/rc4.h>
+#else
#include <rc4.h>
+#endif
#include <asn1.h>
#include <der.h>
diff --git a/crypto/heimdal/lib/krb5/krb5_openlog.3 b/crypto/heimdal/lib/krb5/krb5_openlog.3
index 87040ba..5576475 100644
--- a/crypto/heimdal/lib/krb5/krb5_openlog.3
+++ b/crypto/heimdal/lib/krb5/krb5_openlog.3
@@ -1,5 +1,5 @@
.\" Copyright (c) 1997 Kungliga Tekniska Högskolan
-.\" $Id: krb5_openlog.3,v 1.4 1999/04/07 14:06:32 joda Exp $
+.\" $Id: krb5_openlog.3,v 1.5 2001/01/26 22:43:22 assar Exp $
.Dd August 6, 1997
.Dt KRB5_OPENLOG 3
.Os HEIMDAL
@@ -16,40 +16,28 @@
.Nd Heimdal logging functions
.Sh SYNOPSIS
.Fd #include <krb5.h>
-
-.\" ouch!
-.ds xx \\*(fP\fR(\fP\\*(lI*\\*(fP
-.ds xy \fR)\|\fP
-.Fn "\\*(lItypedef void \\*(xxkrb5_log_log_func_t\\*(xy" "const char *time" "const char *message" "void *data"
-.Fn "\\*(lItypedef void \\*(xxkrb5_log_close_func_t\\*(xy" "void *data"
-
+.Ft "typedef void"
+.Fn "\*(lp*krb5_log_log_func_t\*(rp" "const char *time" "const char *message" "void *data"
+.Ft "typedef void"
+.Fn "\*(lp*krb5_log_close_func_t\*(rp" "void *data"
.Ft krb5_error_code
.Fn krb5_addlog_dest "krb5_context context" "krb5_log_facility *facility" "const char *destination"
-
.Ft krb5_error_code
.Fn krb5_addlog_func "krb5_context context" "krb5_log_facility *facility" "int min" "int max" "krb5_log_log_func_t log" "krb5_log_close_func_t close" "void *data"
-
.Ft krb5_error_code
.Fn krb5_closelog "krb5_context context" "krb5_log_facility *facility"
-
.Ft krb5_error_code
.Fn krb5_initlog "krb5_context context" "const char *program" "krb5_log_facility **facility"
-
.Ft krb5_error_code
.Fn krb5_log "krb5_context context" "krb5_log_facility *facility" "int level" "const char *format" "..."
-
.Ft krb5_error_code
.Fn krb5_log_msg "krb5_context context" "krb5_log_facility *facility" "char **reply" "int level" "const char *format" "..."
-
.Ft krb5_error_code
.Fn krb5_openlog "krb5_context context" "const char *program" "krb5_log_facility **facility"
-
.Ft krb5_error_code
.Fn krb5_vlog "krb5_context context" "krb5_log_facility *facility" "int level" "const char *format" "va_list arglist"
-
.Ft krb5_error_code
.Fn krb5_vlog_msg "krb5_context context" "krb5_log_facility *facility" "char **reply" "int level" "const char *format" "va_list arglist"
-
.Sh DESCRIPTION
These functions logs messages to one or more destinations.
.Pp
@@ -97,7 +85,6 @@ is a standard
.Fn printf
style format string (but see the BUGS section).
.Pp
-
If you want better control of where things gets logged, you can instead of using
.Fn krb5_openlog
call
@@ -135,9 +122,7 @@ calls
and then calls
.Fn krb5_addlog_dest
for each destination found.
-
.Ss Destinations
-
The defined destinations (as specified in
.Pa krb5.conf )
follows:
diff --git a/crypto/heimdal/lib/krb5/krb5_parse_name.3 b/crypto/heimdal/lib/krb5/krb5_parse_name.3
index db9236c..c5b0c1d 100644
--- a/crypto/heimdal/lib/krb5/krb5_parse_name.3
+++ b/crypto/heimdal/lib/krb5/krb5_parse_name.3
@@ -1,20 +1,16 @@
.\" Copyright (c) 1997 Kungliga Tekniska Högskolan
-.\" $Id: krb5_parse_name.3,v 1.1 1997/08/14 00:03:17 joda Exp $
+.\" $Id: krb5_parse_name.3,v 1.2 2001/01/26 22:43:22 assar Exp $
.Dd August 8, 1997
.Dt KRB5_PARSE_NAME 3
.Os HEIMDAL
.Sh NAME
.Nm krb5_parse_name
.Nd String to principal conversion
-
.Sh SYNOPSIS
.Fd #include <krb5.h>
-
.Ft krb5_error_code
.Fn krb5_parse_name "krb5_context context" "const char *name" "krb5_principal *principal"
-
.Sh DESCRIPTION
-
.Fn krb5_parse_name
converts a string representation of a princpal name to
.Nm krb5_principal .
diff --git a/crypto/heimdal/lib/krb5/krb5_sname_to_principal.3 b/crypto/heimdal/lib/krb5/krb5_sname_to_principal.3
index aea4150..2c9f405 100644
--- a/crypto/heimdal/lib/krb5/krb5_sname_to_principal.3
+++ b/crypto/heimdal/lib/krb5/krb5_sname_to_principal.3
@@ -1,5 +1,5 @@
.\" Copyright (c) 1997 Kungliga Tekniska Högskolan
-.\" $Id: krb5_sname_to_principal.3,v 1.1 1997/08/14 00:03:18 joda Exp $
+.\" $Id: krb5_sname_to_principal.3,v 1.2 2001/01/26 22:43:22 assar Exp $
.Dd August 8, 1997
.Dt KRB5_PRINCIPAL 3
.Os HEIMDAL
@@ -7,18 +7,13 @@
.Nm krb5_sname_to_principal ,
.Nm krb5_sock_to_principal
.Nd Create a service principal
-
.Sh SYNOPSIS
.Fd #include <krb5.h>
-
.Ft krb5_error_code
.Fn krb5_sname_to_principal "krb5_context context" "const char *hostname" "const char *sname" "int32_t type" "krb5_principal *principal"
-
.Ft krb5_error_code
.Fn krb5_sock_to_principal "krb5_context context" "int socket" "const char *sname" "int32_t type" "krb5_principal *principal"
-
.Sh DESCRIPTION
-
These functions create a
.Dq service
principal that can, for instance, be used to lookup a key in a keytab. For both these function the
@@ -49,7 +44,6 @@ of the passed
which should be a bound
.Dv AF_INET
socket.
-
.Sh SEE ALSO
.Xr krb5_425_conv_principal 3 ,
.Xr krb5_build_principal 3 ,
diff --git a/crypto/heimdal/lib/krb5/krb5_unparse_name.3 b/crypto/heimdal/lib/krb5/krb5_unparse_name.3
index 13277d6..5a744af 100644
--- a/crypto/heimdal/lib/krb5/krb5_unparse_name.3
+++ b/crypto/heimdal/lib/krb5/krb5_unparse_name.3
@@ -1,5 +1,5 @@
.\" Copyright (c) 1997 Kungliga Tekniska Högskolan
-.\" $Id: krb5_unparse_name.3,v 1.1 1997/08/14 00:03:19 joda Exp $
+.\" $Id: krb5_unparse_name.3,v 1.2 2001/01/26 22:43:22 assar Exp $
.Dd August 8, 1997
.Dt KRB5_UNPARSE_NAME 3
.Os HEIMDAL
@@ -7,25 +7,19 @@
.Nm krb5_unparse_name
.\" .Nm krb5_unparse_name_ext
.Nd Principal to string conversion
-
.Sh SYNOPSIS
.Fd #include <krb5.h>
-
.Ft krb5_error_code
.Fn krb5_unparse_name "krb5_context context" "krb5_principal principal" "char **name"
-
.\" .Ft krb5_error_code
.\" .Fn krb5_unparse_name_ext "krb5_context context" "krb5_const_principal principal" "char **name" "size_t *size"
-
.Sh DESCRIPTION
-
This function takes a
.Fa principal ,
and will convert in to a printable representation with the same syntax as decribed in
.Xr krb5_parse_name 3 .
.Fa *name
will point to allocated data and should be freed by the caller.
-
.Sh SEE ALSO
.Xr krb5_425_conv_principal 3 ,
.Xr krb5_build_principal 3 ,
diff --git a/crypto/heimdal/lib/krb5/krb5_warn.3 b/crypto/heimdal/lib/krb5/krb5_warn.3
index 521da0e..ae3a330 100644
--- a/crypto/heimdal/lib/krb5/krb5_warn.3
+++ b/crypto/heimdal/lib/krb5/krb5_warn.3
@@ -1,5 +1,5 @@
.\" Copyright (c) 1997 Kungliga Tekniska Högskolan
-.\" $Id: krb5_warn.3,v 1.2 1997/08/08 03:45:55 joda Exp $
+.\" $Id: krb5_warn.3,v 1.3 2001/01/26 22:43:23 assar Exp $
.Dd August 8, 1997
.Dt KRB5_WARN 3
.Os HEIMDAL
@@ -16,36 +16,25 @@
.Nd Heimdal warning and error functions
.Sh SYNOPSIS
.Fd #include <krb5.h>
-
.Ft krb5_error_code
.Fn krb5_err "krb5_context context" "int eval" "krb5_error_code code" "const char *format" "..."
-
.Ft krb5_error_code
.Fn krb5_errx "krb5_context context" "int eval" "const char *format" "..."
-
.Ft krb5_error_code
.Fn krb5_verr "krb5_context context" "int eval" "krb5_error_code code" "const char *format" "va_list ap"
-
.Ft krb5_error_code
.Fn krb5_verrx "krb5_context context" "int eval" "const char *format" "va_list ap"
-
.Ft krb5_error_code
.Fn krb5_vwarn "krb5_context context" "krb5_error_code code" "const char *format" "va_list ap"
-
.Ft krb5_error_code
.Fn krb5_vwarnx "krb5_context context" "const char *format" "va_list ap"
-
.Ft krb5_error_code
.Fn krb5_warn "krb5_context context" "krb5_error_code code" "const char *format" "..."
-
.Ft krb5_error_code
.Fn krb5_warnx "krb5_context context" "const char *format" "..."
-
.Ft krb5_error_code
.Fn krb5_set_warn_dest "krb5_context context" "krb5_log_facility *facility"
-
.Sh DESCRIPTION
-
These functions prints a warning message to some destination.
.Fa format
is a printf style format specifying the message to print. The forms not ending in an
@@ -68,6 +57,5 @@ Messages logged with the
functions have a log level of 1, while the
.Dq err
functions logs with level 0.
-
.Sh SEE ALSO
.Xr krb5_openlog 3
diff --git a/crypto/heimdal/lib/krb5/krbhst.c b/crypto/heimdal/lib/krb5/krbhst.c
index 8d5c4e4..b257e8b 100644
--- a/crypto/heimdal/lib/krb5/krbhst.c
+++ b/crypto/heimdal/lib/krb5/krbhst.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -34,7 +34,7 @@
#include "krb5_locl.h"
#include <resolve.h>
-RCSID("$Id: krbhst.c,v 1.23 1999/12/11 23:14:25 assar Exp $");
+RCSID("$Id: krbhst.c,v 1.25 2001/01/19 04:30:54 assar Exp $");
/*
* assuming that `*res' contains `*count' strings, add a copy of `string'.
@@ -58,6 +58,11 @@ add_string(char ***res, int *count, const char *string)
return 0;
}
+/*
+ * do a SRV lookup for `realm, proto, service' returning the result
+ * in `res, count'
+ */
+
static krb5_error_code
srv_find_realm(krb5_context context, char ***res, int *count,
const char *realm, const char *proto, const char *service)
@@ -131,7 +136,7 @@ get_krbhst (krb5_context context,
"realms", *realm, conf_string, NULL);
for(r = res, count = 0; r && *r; r++, count++);
- if(context->srv_lookup) {
+ if(count == 0 && context->srv_lookup) {
char *s[] = { "udp", "tcp", "http" }, **q;
for(q = s; q < s + sizeof(s) / sizeof(s[0]); q++) {
ret = srv_find_realm(context, &res, &count, *realm, *q,
@@ -157,6 +162,10 @@ get_krbhst (krb5_context context,
return 0;
}
+/*
+ * set `hostlist' to a malloced list of kadmin servers.
+ */
+
krb5_error_code
krb5_get_krb_admin_hst (krb5_context context,
const krb5_realm *realm,
@@ -166,15 +175,30 @@ krb5_get_krb_admin_hst (krb5_context context,
hostlist);
}
+/*
+ * set `hostlist' to a malloced list of changepw servers.
+ */
+
krb5_error_code
krb5_get_krb_changepw_hst (krb5_context context,
const krb5_realm *realm,
char ***hostlist)
{
- return get_krbhst (context, realm, "admin_server", "kpasswd",
- hostlist);
+ krb5_error_code ret;
+
+ ret = get_krbhst (context, realm, "kpasswd_server", "kpasswd",
+ hostlist);
+ if (ret)
+ return ret;
+ ret = get_krbhst (context, realm, "admin_server", "kpasswd",
+ hostlist);
+ return ret;
}
+/*
+ * set `hostlist' to a malloced list of kerberos servers.
+ */
+
krb5_error_code
krb5_get_krbhst (krb5_context context,
const krb5_realm *realm,
@@ -183,6 +207,10 @@ krb5_get_krbhst (krb5_context context,
return get_krbhst (context, realm, "kdc", "kerberos", hostlist);
}
+/*
+ * free all memory associated with `hostlist'
+ */
+
krb5_error_code
krb5_free_krbhst (krb5_context context,
char **hostlist)
diff --git a/crypto/heimdal/lib/krb5/log.c b/crypto/heimdal/lib/krb5/log.c
index e1511e2..37bff1d 100644
--- a/crypto/heimdal/lib/krb5/log.c
+++ b/crypto/heimdal/lib/krb5/log.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997-1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: log.c,v 1.21 1999/12/02 17:05:11 joda Exp $");
+RCSID("$Id: log.c,v 1.25 2000/09/17 21:46:07 assar Exp $");
struct facility {
int min;
@@ -56,14 +56,14 @@ log_realloc(krb5_log_facility *f)
return fp;
}
-struct s2i{
+struct s2i {
char *s;
int val;
};
#define L(X) { #X, LOG_ ## X }
-struct s2i syslogvals[] = {
+static struct s2i syslogvals[] = {
L(EMERG),
L(ALERT),
L(CRIT),
@@ -356,18 +356,22 @@ krb5_vlog_msg(krb5_context context,
__attribute__((format (printf, 5, 0)))
{
char *msg;
+ const char *actual;
char buf[64];
time_t t;
int i;
vasprintf(&msg, fmt, ap);
+ if (msg != NULL)
+ actual = msg;
+ else
+ actual = fmt;
t = time(NULL);
- strftime(buf, sizeof(buf), context->time_fmt,
- context->log_utc ? gmtime(&t) : localtime(&t));
+ krb5_format_time(context, t, buf, sizeof(buf), TRUE);
for(i = 0; i < fac->len; i++)
if(fac->val[i].min <= level &&
(fac->val[i].max < 0 || fac->val[i].max >= level))
- (*fac->val[i].log)(buf, msg, fac->val[i].data);
+ (*fac->val[i].log)(buf, actual, fac->val[i].data);
*reply = msg;
return 0;
}
diff --git a/crypto/heimdal/lib/krb5/mcache.c b/crypto/heimdal/lib/krb5/mcache.c
index d45deea..29c5cfd 100644
--- a/crypto/heimdal/lib/krb5/mcache.c
+++ b/crypto/heimdal/lib/krb5/mcache.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997-1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,43 +33,97 @@
#include "krb5_locl.h"
-RCSID("$Id: mcache.c,v 1.10 1999/12/02 17:05:11 joda Exp $");
+RCSID("$Id: mcache.c,v 1.12 2000/11/15 02:12:51 assar Exp $");
typedef struct krb5_mcache {
+ char *name;
+ unsigned int refcnt;
krb5_principal primary_principal;
struct link {
krb5_creds cred;
struct link *next;
} *creds;
+ struct krb5_mcache *next;
} krb5_mcache;
+static struct krb5_mcache *mcc_head;
+
+#define MCACHE(X) ((krb5_mcache *)(X)->data.data)
+
+#define MISDEAD(X) ((X)->primary_principal == NULL)
+
#define MCC_CURSOR(C) ((struct link*)(C))
static char*
mcc_get_name(krb5_context context,
krb5_ccache id)
{
- return ""; /* XXX */
+ return MCACHE(id)->name;
+}
+
+static krb5_mcache *
+mcc_alloc(const char *name)
+{
+ krb5_mcache *m;
+ ALLOC(m, 1);
+ if(m == NULL)
+ return NULL;
+ if(name == NULL)
+ asprintf(&m->name, "%p", m);
+ else
+ m->name = strdup(name);
+ if(m->name == NULL) {
+ free(m);
+ return NULL;
+ }
+ m->refcnt = 1;
+ m->primary_principal = NULL;
+ m->creds = NULL;
+ m->next = mcc_head;
+ mcc_head = m;
+ return m;
}
static krb5_error_code
mcc_resolve(krb5_context context, krb5_ccache *id, const char *res)
{
- krb5_abortx(context, "unimplemented mcc_resolve called");
+ krb5_mcache *m;
+
+ for (m = mcc_head; m != NULL; m = m->next)
+ if (strcmp(m->name, res) == 0)
+ break;
+
+ if (m != NULL) {
+ m->refcnt++;
+ (*id)->data.data = m;
+ (*id)->data.length = sizeof(*m);
+ return 0;
+ }
+
+ m = mcc_alloc(res);
+ if (m == NULL)
+ return KRB5_CC_NOMEM;
+
+ (*id)->data.data = m;
+ (*id)->data.length = sizeof(*m);
+
+ return 0;
}
+
static krb5_error_code
mcc_gen_new(krb5_context context, krb5_ccache *id)
{
krb5_mcache *m;
- m = malloc (sizeof(*m));
+ m = mcc_alloc(NULL);
+
if (m == NULL)
return KRB5_CC_NOMEM;
- m->primary_principal = NULL;
- m->creds = NULL;
+
(*id)->data.data = m;
(*id)->data.length = sizeof(*m);
+
return 0;
}
@@ -78,37 +132,25 @@ mcc_initialize(krb5_context context,
krb5_ccache id,
krb5_principal primary_principal)
{
- krb5_error_code ret;
- krb5_mcache *m;
-
- m = (krb5_mcache *)id->data.data;
-
- ret = krb5_copy_principal (context,
- primary_principal,
- &m->primary_principal);
- if (ret)
- return ret;
- return 0;
+ return krb5_copy_principal (context,
+ primary_principal,
+ &MCACHE(id)->primary_principal);
}
static krb5_error_code
mcc_close(krb5_context context,
krb5_ccache id)
{
- krb5_mcache *m = (krb5_mcache *)id->data.data;
- struct link *l;
+ krb5_mcache *m = MCACHE(id);
- krb5_free_principal (context, m->primary_principal);
- l = m->creds;
- while (l != NULL) {
- struct link *old;
+ if (--m->refcnt != 0)
+ return 0;
- krb5_free_creds_contents (context, &l->cred);
- old = l;
- l = l->next;
- free (old);
+ if (MISDEAD(m)) {
+ free (m->name);
+ krb5_data_free(&id->data);
}
- krb5_data_free(&id->data);
+
return 0;
}
@@ -116,6 +158,35 @@ static krb5_error_code
mcc_destroy(krb5_context context,
krb5_ccache id)
{
+ krb5_mcache **n, *m = MCACHE(id);
+ struct link *l;
+
+ if (m->refcnt == 0)
+ krb5_abortx(context, "mcc_destroy: refcnt already 0");
+
+ if (!MISDEAD(m)) {
+ /* if this is an active mcache, remove it from the linked
+ list, and free all data */
+ for(n = &mcc_head; n && *n; n = &(*n)->next) {
+ if(m == *n) {
+ *n = m->next;
+ break;
+ }
+ }
+ krb5_free_principal (context, m->primary_principal);
+ m->primary_principal = NULL;
+
+ l = m->creds;
+ while (l != NULL) {
+ struct link *old;
+
+ krb5_free_creds_contents (context, &l->cred);
+ old = l;
+ l = l->next;
+ free (old);
+ }
+ m->creds = NULL;
+ }
return 0;
}
@@ -124,10 +195,13 @@ mcc_store_cred(krb5_context context,
krb5_ccache id,
krb5_creds *creds)
{
+ krb5_mcache *m = MCACHE(id);
krb5_error_code ret;
- krb5_mcache *m = (krb5_mcache *)id->data.data;
struct link *l;
+ if (MISDEAD(m))
+ return ENOENT;
+
l = malloc (sizeof(*l));
if (l == NULL)
return KRB5_CC_NOMEM;
@@ -148,7 +222,10 @@ mcc_get_principal(krb5_context context,
krb5_ccache id,
krb5_principal *principal)
{
- krb5_mcache *m = (krb5_mcache *)id->data.data;
+ krb5_mcache *m = MCACHE(id);
+
+ if (MISDEAD(m))
+ return ENOENT;
return krb5_copy_principal (context,
m->primary_principal,
@@ -160,7 +237,11 @@ mcc_get_first (krb5_context context,
krb5_ccache id,
krb5_cc_cursor *cursor)
{
- krb5_mcache *m = (krb5_mcache *)id->data.data;
+ krb5_mcache *m = MCACHE(id);
+
+ if (MISDEAD(m))
+ return ENOENT;
+
*cursor = m->creds;
return 0;
}
@@ -171,8 +252,12 @@ mcc_get_next (krb5_context context,
krb5_cc_cursor *cursor,
krb5_creds *creds)
{
+ krb5_mcache *m = MCACHE(id);
struct link *l;
+ if (MISDEAD(m))
+ return ENOENT;
+
l = *cursor;
if (l != NULL) {
*cursor = l->next;
@@ -195,9 +280,19 @@ static krb5_error_code
mcc_remove_cred(krb5_context context,
krb5_ccache id,
krb5_flags which,
- krb5_creds *cred)
+ krb5_creds *mcreds)
{
- return 0; /* XXX */
+ krb5_mcache *m = MCACHE(id);
+ struct link **q, *p;
+ for(q = &m->creds, p = *q; p; p = *q) {
+ if(krb5_compare_creds(context, which, mcreds, &p->cred)) {
+ *q = p->next;
+ krb5_free_cred_contents(context, &p->cred);
+ free(p);
+ } else
+ q = &p->next;
+ }
+ return 0;
}
static krb5_error_code
diff --git a/crypto/heimdal/lib/krb5/mk_priv.c b/crypto/heimdal/lib/krb5/mk_priv.c
index 1ee2bed..c880f10 100644
--- a/crypto/heimdal/lib/krb5/mk_priv.c
+++ b/crypto/heimdal/lib/krb5/mk_priv.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include <krb5_locl.h>
-RCSID("$Id: mk_priv.c,v 1.25 1999/12/02 17:05:11 joda Exp $");
+RCSID("$Id: mk_priv.c,v 1.28 2000/08/18 06:48:07 assar Exp $");
/*
*
@@ -52,7 +52,7 @@ krb5_mk_priv(krb5_context context,
u_char *buf;
size_t buf_size;
size_t len;
- int tmp_seq;
+ u_int32_t tmp_seq;
krb5_keyblock *key;
int32_t sec, usec;
KerberosTime sec2;
@@ -76,7 +76,7 @@ krb5_mk_priv(krb5_context context,
usec2 = usec;
part.usec = &usec2;
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
- tmp_seq = ++auth_context->local_seqnumber;
+ tmp_seq = auth_context->local_seqnumber;
part.seq_number = &tmp_seq;
} else {
part.seq_number = NULL;
@@ -117,7 +117,11 @@ krb5_mk_priv(krb5_context context,
s.enc_part.etype = key->keytype;
s.enc_part.kvno = NULL;
- krb5_crypto_init(context, key, 0, &crypto);
+ ret = krb5_crypto_init(context, key, 0, &crypto);
+ if (ret) {
+ free (buf);
+ return ret;
+ }
ret = krb5_encrypt (context,
crypto,
KRB5_KU_KRB_PRIV,
@@ -159,6 +163,9 @@ krb5_mk_priv(krb5_context context,
}
memcpy (outbuf->data, buf + buf_size - len, len);
free (buf);
+ if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE)
+ auth_context->local_seqnumber =
+ (auth_context->local_seqnumber + 1) & 0xFFFFFFFF;
return 0;
fail:
diff --git a/crypto/heimdal/lib/krb5/mk_rep.c b/crypto/heimdal/lib/krb5/mk_rep.c
index 060be03..ad750b0 100644
--- a/crypto/heimdal/lib/krb5/mk_rep.c
+++ b/crypto/heimdal/lib/krb5/mk_rep.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997-1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,11 +33,11 @@
#include <krb5_locl.h>
-RCSID("$Id: mk_rep.c,v 1.16 1999/12/02 17:05:11 joda Exp $");
+RCSID("$Id: mk_rep.c,v 1.18 2000/12/06 20:57:23 joda Exp $");
krb5_error_code
krb5_mk_rep(krb5_context context,
- krb5_auth_context *auth_context,
+ krb5_auth_context auth_context,
krb5_data *outbuf)
{
krb5_error_code ret;
@@ -53,21 +53,21 @@ krb5_mk_rep(krb5_context context,
memset (&body, 0, sizeof(body));
- body.ctime = (*auth_context)->authenticator->ctime;
- body.cusec = (*auth_context)->authenticator->cusec;
+ body.ctime = auth_context->authenticator->ctime;
+ body.cusec = auth_context->authenticator->cusec;
body.subkey = NULL;
- if ((*auth_context)->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
+ if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
krb5_generate_seq_number (context,
- (*auth_context)->keyblock,
- &(*auth_context)->local_seqnumber);
+ auth_context->keyblock,
+ &auth_context->local_seqnumber);
body.seq_number = malloc (sizeof(*body.seq_number));
if (body.seq_number == NULL)
return ENOMEM;
- *(body.seq_number) = (*auth_context)->local_seqnumber;
+ *(body.seq_number) = auth_context->local_seqnumber;
} else
body.seq_number = NULL;
- ap.enc_part.etype = (*auth_context)->keyblock->keytype;
+ ap.enc_part.etype = auth_context->keyblock->keytype;
ap.enc_part.kvno = NULL;
buf_size = length_EncAPRepPart(&body);
@@ -84,8 +84,12 @@ krb5_mk_rep(krb5_context context,
&len);
free_EncAPRepPart (&body);
- krb5_crypto_init(context, (*auth_context)->keyblock,
- 0 /* ap.enc_part.etype */, &crypto);
+ ret = krb5_crypto_init(context, auth_context->keyblock,
+ 0 /* ap.enc_part.etype */, &crypto);
+ if (ret) {
+ free (buf);
+ return ret;
+ }
ret = krb5_encrypt (context,
crypto,
KRB5_KU_AP_REQ_ENC_PART,
diff --git a/crypto/heimdal/lib/krb5/mk_req.c b/crypto/heimdal/lib/krb5/mk_req.c
index 55ecd46..a30c19e 100644
--- a/crypto/heimdal/lib/krb5/mk_req.c
+++ b/crypto/heimdal/lib/krb5/mk_req.c
@@ -33,23 +33,19 @@
#include <krb5_locl.h>
-RCSID("$Id: mk_req.c,v 1.20 2000/01/16 10:22:42 assar Exp $");
+RCSID("$Id: mk_req.c,v 1.22 2000/11/15 06:50:53 assar Exp $");
krb5_error_code
-krb5_mk_req(krb5_context context,
- krb5_auth_context *auth_context,
- const krb5_flags ap_req_options,
- const char *service,
- const char *hostname,
- krb5_data *in_data,
- krb5_ccache ccache,
- krb5_data *outbuf)
+krb5_mk_req_exact(krb5_context context,
+ krb5_auth_context *auth_context,
+ const krb5_flags ap_req_options,
+ const krb5_principal server,
+ krb5_data *in_data,
+ krb5_ccache ccache,
+ krb5_data *outbuf)
{
krb5_error_code ret;
krb5_creds this_cred, *cred;
- char **realms;
- krb5_data realm_data;
- char *real_hostname;
memset(&this_cred, 0, sizeof(this_cred));
@@ -58,34 +54,18 @@ krb5_mk_req(krb5_context context,
if(ret)
return ret;
- ret = krb5_expand_hostname_realms (context, hostname,
- &real_hostname, &realms);
+ ret = krb5_copy_principal (context, server, &this_cred.server);
if (ret) {
- krb5_free_principal (context, this_cred.client);
+ krb5_free_creds_contents (context, &this_cred);
return ret;
}
- realm_data.length = strlen(*realms);
- realm_data.data = *realms;
-
- ret = krb5_build_principal (context, &this_cred.server,
- strlen(*realms),
- *realms,
- service,
- real_hostname,
- NULL);
- free (real_hostname);
- krb5_free_host_realm (context, realms);
-
- if (ret) {
- krb5_free_principal (context, this_cred.client);
- return ret;
- }
this_cred.times.endtime = 0;
if (auth_context && *auth_context && (*auth_context)->keytype)
this_cred.session.keytype = (*auth_context)->keytype;
ret = krb5_get_credentials (context, 0, ccache, &this_cred, &cred);
+ krb5_free_creds_contents(context, &this_cred);
if (ret)
return ret;
@@ -96,3 +76,39 @@ krb5_mk_req(krb5_context context,
cred,
outbuf);
}
+
+krb5_error_code
+krb5_mk_req(krb5_context context,
+ krb5_auth_context *auth_context,
+ const krb5_flags ap_req_options,
+ const char *service,
+ const char *hostname,
+ krb5_data *in_data,
+ krb5_ccache ccache,
+ krb5_data *outbuf)
+{
+ krb5_error_code ret;
+ char **realms;
+ char *real_hostname;
+ krb5_principal server;
+
+ ret = krb5_expand_hostname_realms (context, hostname,
+ &real_hostname, &realms);
+ if (ret)
+ return ret;
+
+ ret = krb5_build_principal (context, &server,
+ strlen(*realms),
+ *realms,
+ service,
+ real_hostname,
+ NULL);
+ free (real_hostname);
+ krb5_free_host_realm (context, realms);
+ if (ret)
+ return ret;
+ ret = krb5_mk_req_exact (context, auth_context, ap_req_options,
+ server, in_data, ccache, outbuf);
+ krb5_free_principal (context, server);
+ return ret;
+}
diff --git a/crypto/heimdal/lib/krb5/mk_req_ext.c b/crypto/heimdal/lib/krb5/mk_req_ext.c
index 2b7b886..f0f572c 100644
--- a/crypto/heimdal/lib/krb5/mk_req_ext.c
+++ b/crypto/heimdal/lib/krb5/mk_req_ext.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include <krb5_locl.h>
-RCSID("$Id: mk_req_ext.c,v 1.21 1999/12/02 17:05:11 joda Exp $");
+RCSID("$Id: mk_req_ext.c,v 1.24 2000/11/15 07:01:26 assar Exp $");
krb5_error_code
krb5_mk_req_internal(krb5_context context,
@@ -42,7 +42,8 @@ krb5_mk_req_internal(krb5_context context,
krb5_data *in_data,
krb5_creds *in_creds,
krb5_data *outbuf,
- krb5_key_usage usage)
+ krb5_key_usage checksum_usage,
+ krb5_key_usage encrypt_usage)
{
krb5_error_code ret;
krb5_data authenticator;
@@ -88,6 +89,11 @@ krb5_mk_req_internal(krb5_context context,
krb5_free_keyblock(context, ac->keyblock);
krb5_copy_keyblock(context, &in_creds->session, &ac->keyblock);
+ /* it's unclear what type of checksum we can use. try the best one, except:
+ * a) if it's configured differently for the current realm, or
+ * b) if the session key is des-cbc-crc
+ */
+
if (in_data) {
if(ac->keyblock->keytype == ETYPE_DES_CBC_CRC) {
/* this is to make DCE secd (and older MIT kdcs?) happy */
@@ -99,10 +105,13 @@ krb5_mk_req_internal(krb5_context context,
&c);
} else {
krb5_crypto crypto;
- krb5_crypto_init(context, ac->keyblock, 0, &crypto);
+
+ ret = krb5_crypto_init(context, ac->keyblock, 0, &crypto);
+ if (ret)
+ return ret;
ret = krb5_create_checksum(context,
crypto,
- usage,
+ checksum_usage,
in_data->data,
in_data->length,
&c);
@@ -120,7 +129,8 @@ krb5_mk_req_internal(krb5_context context,
in_creds,
c_opt,
NULL,
- &authenticator);
+ &authenticator,
+ encrypt_usage);
if (c_opt)
free_Checksum (c_opt);
if (ret)
@@ -147,5 +157,6 @@ krb5_mk_req_extended(krb5_context context,
in_data,
in_creds,
outbuf,
- KRB5_KU_AP_REQ_AUTH_CKSUM);
+ KRB5_KU_AP_REQ_AUTH_CKSUM,
+ KRB5_KU_AP_REQ_AUTH);
}
diff --git a/crypto/heimdal/lib/krb5/mk_safe.c b/crypto/heimdal/lib/krb5/mk_safe.c
index 4d848a6..2803d38 100644
--- a/crypto/heimdal/lib/krb5/mk_safe.c
+++ b/crypto/heimdal/lib/krb5/mk_safe.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include <krb5_locl.h>
-RCSID("$Id: mk_safe.c,v 1.20 1999/12/02 17:05:11 joda Exp $");
+RCSID("$Id: mk_safe.c,v 1.24 2000/08/18 06:48:40 assar Exp $");
krb5_error_code
krb5_mk_safe(krb5_context context,
@@ -50,7 +50,7 @@ krb5_mk_safe(krb5_context context,
u_char *buf = NULL;
size_t buf_size;
size_t len;
- int tmp_seq;
+ u_int32_t tmp_seq;
krb5_crypto crypto;
s.pvno = 5;
@@ -64,7 +64,7 @@ krb5_mk_safe(krb5_context context,
usec2 = usec2;
s.safe_body.usec = &usec2;
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
- tmp_seq = ++auth_context->local_seqnumber;
+ tmp_seq = auth_context->local_seqnumber;
s.safe_body.seq_number = &tmp_seq;
} else
s.safe_body.seq_number = NULL;
@@ -76,13 +76,20 @@ krb5_mk_safe(krb5_context context,
s.cksum.checksum.data = NULL;
s.cksum.checksum.length = 0;
-
buf_size = length_KRB_SAFE(&s);
buf = malloc(buf_size + 128); /* add some for checksum */
if(buf == NULL)
return ENOMEM;
ret = encode_KRB_SAFE (buf + buf_size - 1, buf_size, &s, &len);
+ if (ret) {
+ free (buf);
+ return ret;
+ }
ret = krb5_crypto_init(context, auth_context->keyblock, 0, &crypto);
+ if (ret) {
+ free (buf);
+ return ret;
+ }
ret = krb5_create_checksum(context,
crypto,
KRB5_KU_KRB_SAFE_CKSUM,
@@ -111,5 +118,8 @@ krb5_mk_safe(krb5_context context,
}
memcpy (outbuf->data, buf + buf_size - len, len);
free (buf);
+ if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE)
+ auth_context->local_seqnumber =
+ (auth_context->local_seqnumber + 1) & 0xFFFFFFFF;
return 0;
}
diff --git a/crypto/heimdal/lib/krb5/principal.c b/crypto/heimdal/lib/krb5/principal.c
index 2999868..7be1d93 100644
--- a/crypto/heimdal/lib/krb5/principal.c
+++ b/crypto/heimdal/lib/krb5/principal.c
@@ -38,9 +38,10 @@
#ifdef HAVE_ARPA_NAMESER_H
#include <arpa/nameser.h>
#endif
+#include <fnmatch.h>
#include "resolve.h"
-RCSID("$Id: principal.c,v 1.63 2000/02/07 03:19:05 assar Exp $");
+RCSID("$Id: principal.c,v 1.73 2000/10/16 03:42:14 assar Exp $");
#define princ_num_comp(P) ((P)->name.name_string.len)
#define princ_type(P) ((P)->name.name_type)
@@ -494,6 +495,9 @@ krb5_copy_principal(krb5_context context,
return 0;
}
+/*
+ * return TRUE iff princ1 == princ2 (without considering the realm)
+ */
krb5_boolean
krb5_principal_compare_any_realm(krb5_context context,
@@ -510,6 +514,10 @@ krb5_principal_compare_any_realm(krb5_context context,
return TRUE;
}
+/*
+ * return TRUE iff princ1 == princ2
+ */
+
krb5_boolean
krb5_principal_compare(krb5_context context,
krb5_const_principal princ1,
@@ -520,6 +528,9 @@ krb5_principal_compare(krb5_context context,
return krb5_principal_compare_any_realm(context, princ1, princ2);
}
+/*
+ * return TRUE iff realm(princ1) == realm(princ2)
+ */
krb5_boolean
krb5_realm_compare(krb5_context context,
@@ -529,22 +540,52 @@ krb5_realm_compare(krb5_context context,
return strcmp(princ_realm(princ1), princ_realm(princ2)) == 0;
}
+/*
+ * return TRUE iff princ matches pattern
+ */
+
+krb5_boolean
+krb5_principal_match(krb5_context context,
+ krb5_const_principal princ,
+ krb5_const_principal pattern)
+{
+ int i;
+ if(princ_num_comp(princ) != princ_num_comp(pattern))
+ return FALSE;
+ if(fnmatch(princ_realm(pattern), princ_realm(princ), 0) != 0)
+ return FALSE;
+ for(i = 0; i < princ_num_comp(princ); i++){
+ if(fnmatch(princ_ncomp(pattern, i), princ_ncomp(princ, i), 0) != 0)
+ return FALSE;
+ }
+ return TRUE;
+}
+
+
struct v4_name_convert {
const char *from;
const char *to;
} default_v4_name_convert[] = {
- { "ftp", "ftp" },
- { "hprop", "hprop" },
- { "pop", "pop" },
- { "rcmd", "host" },
+ { "ftp", "ftp" },
+ { "hprop", "hprop" },
+ { "pop", "pop" },
+ { "imap", "imap" },
+ { "rcmd", "host" },
{ NULL, NULL }
};
+/*
+ * return the converted instance name of `name' in `realm'.
+ * look in the configuration file and then in the default set above.
+ * return NULL if no conversion is appropriate.
+ */
+
static const char*
get_name_conversion(krb5_context context, const char *realm, const char *name)
{
struct v4_name_convert *q;
const char *p;
+
p = krb5_config_get_string(context, NULL, "realms", realm,
"v4_name_convert", "host", name, NULL);
if(p == NULL)
@@ -577,6 +618,12 @@ get_name_conversion(krb5_context context, const char *realm, const char *name)
return NULL;
}
+/*
+ * convert the v4 principal `name.instance@realm' to a v5 principal in `princ'.
+ * if `resolve', use DNS.
+ * if `func', use that function for validating the conversion
+ */
+
krb5_error_code
krb5_425_conv_principal_ext(krb5_context context,
const char *name,
@@ -589,7 +636,7 @@ krb5_425_conv_principal_ext(krb5_context context,
const char *p;
krb5_error_code ret;
krb5_principal pr;
- char host[128];
+ char host[MAXHOSTNAMELEN];
/* do the following: if the name is found in the
`v4_name_convert:host' part, is is assumed to be a `host' type
@@ -635,7 +682,17 @@ krb5_425_conv_principal_ext(krb5_context context,
inst = hp->h_name;
#endif
if(inst) {
- ret = krb5_make_principal(context, &pr, realm, name, inst, NULL);
+ char *low_inst = strdup(inst);
+
+ if (low_inst == NULL) {
+#ifdef USE_RESOLVER
+ dns_free_data(r);
+#endif
+ return ENOMEM;
+ }
+ ret = krb5_make_principal(context, &pr, realm, name, low_inst,
+ NULL);
+ free (low_inst);
if(ret == 0) {
if(func == NULL || (*func)(context, pr)){
*princ = pr;
@@ -673,8 +730,7 @@ krb5_425_conv_principal_ext(krb5_context context,
p = krb5_config_get_string(context, NULL, "realms", realm,
"default_domain", NULL);
if(p == NULL){
- /* should this be an error or should it silently
- succeed? */
+ /* this should be an error, just faking a name is not good */
return HEIM_ERR_V4_PRINC_NO_CONV;
}
@@ -801,6 +857,13 @@ name_convert(krb5_context context, const char *name, const char *realm,
return -1;
}
+/*
+ * convert the v5 principal in `principal' into a v4 corresponding one
+ * in `name, instance, realm'
+ * this is limited interface since there's no length given for these
+ * three parameters. They have to be 40 bytes each (ANAME_SZ).
+ */
+
krb5_error_code
krb5_524_conv_principal(krb5_context context,
const krb5_principal principal,
@@ -811,6 +874,7 @@ krb5_524_conv_principal(krb5_context context,
const char *n, *i, *r;
char tmpinst[40];
int type = princ_type(principal);
+ const int aname_sz = 40;
r = principal->realm;
@@ -846,15 +910,12 @@ krb5_524_conv_principal(krb5_context context,
i = tmpinst;
}
- if(strlen(r) >= 40)
+ if (strlcpy (name, n, aname_sz) >= aname_sz)
return KRB5_PARSE_MALFORMED;
- if(strlen(n) >= 40)
+ if (strlcpy (instance, i, aname_sz) >= aname_sz)
return KRB5_PARSE_MALFORMED;
- if(strlen(i) >= 40)
+ if (strlcpy (realm, r, aname_sz) >= aname_sz)
return KRB5_PARSE_MALFORMED;
- strcpy(realm, r);
- strcpy(name, n);
- strcpy(instance, i);
return 0;
}
@@ -870,7 +931,7 @@ krb5_sname_to_principal (krb5_context context,
krb5_principal *ret_princ)
{
krb5_error_code ret;
- char localhost[128];
+ char localhost[MAXHOSTNAMELEN];
char **realms, *host = NULL;
if(type != KRB5_NT_SRV_HST && type != KRB5_NT_UNKNOWN)
diff --git a/crypto/heimdal/lib/krb5/prog_setup.c b/crypto/heimdal/lib/krb5/prog_setup.c
index 4693d08..dc3b119 100644
--- a/crypto/heimdal/lib/krb5/prog_setup.c
+++ b/crypto/heimdal/lib/krb5/prog_setup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,8 +33,9 @@
#include "krb5_locl.h"
#include <getarg.h>
+#include <err.h>
-RCSID("$Id: prog_setup.c,v 1.6 1999/12/02 17:05:11 joda Exp $");
+RCSID("$Id: prog_setup.c,v 1.8 2001/01/25 11:20:32 assar Exp $");
void
krb5_std_usage(int code, struct getargs *args, int num_args)
@@ -48,13 +49,16 @@ krb5_program_setup(krb5_context *context, int argc, char **argv,
struct getargs *args, int num_args,
void (*usage)(int, struct getargs*, int))
{
+ krb5_error_code ret;
int optind = 0;
if(usage == NULL)
usage = krb5_std_usage;
set_progname(argv[0]);
- krb5_init_context(context);
+ ret = krb5_init_context(context);
+ if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
if(getarg(args, num_args, argc, argv, &optind))
(*usage)(1, args, num_args);
diff --git a/crypto/heimdal/lib/krb5/rd_cred.c b/crypto/heimdal/lib/krb5/rd_cred.c
index 71b79b1..ca8ff02 100644
--- a/crypto/heimdal/lib/krb5/rd_cred.c
+++ b/crypto/heimdal/lib/krb5/rd_cred.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,13 +33,14 @@
#include <krb5_locl.h>
-RCSID("$Id: rd_cred.c,v 1.9 2000/02/06 05:19:52 assar Exp $");
+RCSID("$Id: rd_cred.c,v 1.12 2001/01/04 16:19:00 joda Exp $");
krb5_error_code
-krb5_rd_cred (krb5_context context,
- krb5_auth_context auth_context,
- krb5_ccache ccache,
- krb5_data *in_data)
+krb5_rd_cred(krb5_context context,
+ krb5_auth_context auth_context,
+ krb5_data *in_data,
+ krb5_creds ***ret_creds,
+ krb5_replay_data *out_data)
{
krb5_error_code ret;
size_t len;
@@ -49,9 +50,9 @@ krb5_rd_cred (krb5_context context,
krb5_crypto crypto;
int i;
- ret = decode_KRB_CRED (in_data->data, in_data->length,
- &cred, &len);
- if (ret)
+ ret = decode_KRB_CRED(in_data->data, in_data->length,
+ &cred, &len);
+ if(ret)
return ret;
if (cred.pvno != 5) {
@@ -64,16 +65,32 @@ krb5_rd_cred (krb5_context context,
goto out;
}
- krb5_crypto_init(context, auth_context->remote_subkey, 0, &crypto);
- ret = krb5_decrypt_EncryptedData(context,
- crypto,
- KRB5_KU_KRB_CRED,
- &cred.enc_part,
- &enc_krb_cred_part_data);
- krb5_crypto_destroy(context, crypto);
- if (ret)
- goto out;
-
+ if (cred.enc_part.etype == ETYPE_NULL) {
+ /* DK: MIT GSS-API Compatibility */
+ enc_krb_cred_part_data.length = cred.enc_part.cipher.length;
+ enc_krb_cred_part_data.data = cred.enc_part.cipher.data;
+ } else {
+ if (auth_context->remote_subkey)
+ ret = krb5_crypto_init(context, auth_context->remote_subkey,
+ 0, &crypto);
+ else
+ ret = krb5_crypto_init(context, auth_context->keyblock,
+ 0, &crypto);
+ /* DK: MIT rsh */
+
+ if (ret)
+ goto out;
+
+ ret = krb5_decrypt_EncryptedData(context,
+ crypto,
+ KRB5_KU_KRB_CRED,
+ &cred.enc_part,
+ &enc_krb_cred_part_data);
+
+ krb5_crypto_destroy(context, crypto);
+ if (ret)
+ goto out;
+ }
ret = krb5_decode_EncKrbCredPart (context,
enc_krb_cred_part_data.data,
@@ -86,7 +103,8 @@ krb5_rd_cred (krb5_context context,
/* check sender address */
if (enc_krb_cred_part.s_address
- && auth_context->remote_address) {
+ && auth_context->remote_address
+ && auth_context->remote_port) {
krb5_address *a;
int cmp;
@@ -113,6 +131,7 @@ krb5_rd_cred (krb5_context context,
/* check receiver address */
if (enc_krb_cred_part.r_address
+ && auth_context->local_address
&& !krb5_address_compare (context,
auth_context->local_address,
enc_krb_cred_part.r_address)) {
@@ -135,51 +154,104 @@ krb5_rd_cred (krb5_context context,
}
}
- /* XXX - check replay cache */
+ if(out_data != NULL) {
+ if(enc_krb_cred_part.timestamp)
+ out_data->timestamp = *enc_krb_cred_part.timestamp;
+ else
+ out_data->timestamp = 0;
+ if(enc_krb_cred_part.usec)
+ out_data->usec = *enc_krb_cred_part.usec;
+ else
+ out_data->usec = 0;
+ if(enc_krb_cred_part.nonce)
+ out_data->seq = *enc_krb_cred_part.nonce;
+ else
+ out_data->seq = 0;
+ }
+
+ /* Convert to NULL terminated list of creds */
- /* Store the creds in the ccache */
+ *ret_creds = calloc(enc_krb_cred_part.ticket_info.len + 1,
+ sizeof(**ret_creds));
for (i = 0; i < enc_krb_cred_part.ticket_info.len; ++i) {
KrbCredInfo *kci = &enc_krb_cred_part.ticket_info.val[i];
- krb5_creds creds;
+ krb5_creds *creds;
u_char buf[1024];
size_t len;
- memset (&creds, 0, sizeof(creds));
+ creds = calloc(1, sizeof(*creds));
+ if(creds == NULL) {
+ ret = ENOMEM;
+ goto out;
+ }
ret = encode_Ticket (buf + sizeof(buf) - 1, sizeof(buf),
&cred.tickets.val[i],
&len);
if (ret)
goto out;
- krb5_data_copy (&creds.ticket, buf + sizeof(buf) - len, len);
- copy_EncryptionKey (&kci->key, &creds.session);
+ krb5_data_copy (&creds->ticket, buf + sizeof(buf) - len, len);
+ copy_EncryptionKey (&kci->key, &creds->session);
if (kci->prealm && kci->pname)
- principalname2krb5_principal (&creds.client,
+ principalname2krb5_principal (&creds->client,
*kci->pname,
*kci->prealm);
if (kci->flags)
- creds.flags.b = *kci->flags;
+ creds->flags.b = *kci->flags;
if (kci->authtime)
- creds.times.authtime = *kci->authtime;
+ creds->times.authtime = *kci->authtime;
if (kci->starttime)
- creds.times.starttime = *kci->starttime;
+ creds->times.starttime = *kci->starttime;
if (kci->endtime)
- creds.times.endtime = *kci->endtime;
+ creds->times.endtime = *kci->endtime;
if (kci->renew_till)
- creds.times.renew_till = *kci->renew_till;
+ creds->times.renew_till = *kci->renew_till;
if (kci->srealm && kci->sname)
- principalname2krb5_principal (&creds.server,
+ principalname2krb5_principal (&creds->server,
*kci->sname,
*kci->srealm);
if (kci->caddr)
krb5_copy_addresses (context,
kci->caddr,
- &creds.addresses);
- krb5_cc_store_cred (context, ccache, &creds);
+ &creds->addresses);
+
+ (*ret_creds)[i] = creds;
+
}
+ (*ret_creds)[i] = NULL;
+ return 0;
out:
free_KRB_CRED (&cred);
+ if(*ret_creds) {
+ for(i = 0; (*ret_creds)[i]; i++)
+ krb5_free_creds(context, (*ret_creds)[i]);
+ free(*ret_creds);
+ }
return ret;
}
+
+krb5_error_code
+krb5_rd_cred2 (krb5_context context,
+ krb5_auth_context auth_context,
+ krb5_ccache ccache,
+ krb5_data *in_data)
+{
+ krb5_error_code ret;
+ krb5_creds **creds;
+ int i;
+
+ ret = krb5_rd_cred(context, auth_context, in_data, &creds, NULL);
+ if(ret)
+ return ret;
+
+ /* Store the creds in the ccache */
+
+ for(i = 0; creds && creds[i]; i++) {
+ krb5_cc_store_cred(context, ccache, creds[i]);
+ krb5_free_creds(context, creds[i]);
+ }
+ free(creds);
+ return 0;
+}
diff --git a/crypto/heimdal/lib/krb5/rd_priv.c b/crypto/heimdal/lib/krb5/rd_priv.c
index c4d7bea..62350ba 100644
--- a/crypto/heimdal/lib/krb5/rd_priv.c
+++ b/crypto/heimdal/lib/krb5/rd_priv.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include <krb5_locl.h>
-RCSID("$Id: rd_priv.c,v 1.23 2000/02/06 05:20:13 assar Exp $");
+RCSID("$Id: rd_priv.c,v 1.27 2001/01/19 04:27:09 assar Exp $");
krb5_error_code
krb5_rd_priv(krb5_context context,
@@ -72,7 +72,9 @@ krb5_rd_priv(krb5_context context,
else
key = auth_context->keyblock;
- krb5_crypto_init(context, key, 0, &crypto);
+ ret = krb5_crypto_init(context, key, 0, &crypto);
+ if (ret)
+ goto failure;
ret = krb5_decrypt_EncryptedData(context,
crypto,
KRB5_KU_KRB_PRIV,
@@ -124,13 +126,19 @@ krb5_rd_priv(krb5_context context,
/* XXX - check replay cache */
- /* check sequence number */
+ /* check sequence number. since MIT krb5 cannot generate a sequence
+ number of zero but instead generates no sequence number, we accept that
+ */
+
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
- if (part.seq_number == NULL ||
- *part.seq_number != ++auth_context->remote_seqnumber) {
- ret = KRB5KRB_AP_ERR_BADORDER;
- goto failure_part;
- }
+ if ((part.seq_number == NULL
+ && auth_context->remote_seqnumber != 0)
+ || (part.seq_number != NULL
+ && *part.seq_number != auth_context->remote_seqnumber)) {
+ ret = KRB5KRB_AP_ERR_BADORDER;
+ goto failure_part;
+ }
+ auth_context->remote_seqnumber++;
}
ret = krb5_data_copy (outbuf, part.user_data.data, part.user_data.length);
diff --git a/crypto/heimdal/lib/krb5/rd_rep.c b/crypto/heimdal/lib/krb5/rd_rep.c
index e2c401c..20f2033 100644
--- a/crypto/heimdal/lib/krb5/rd_rep.c
+++ b/crypto/heimdal/lib/krb5/rd_rep.c
@@ -33,7 +33,7 @@
#include <krb5_locl.h>
-RCSID("$Id: rd_rep.c,v 1.19 1999/12/02 17:05:12 joda Exp $");
+RCSID("$Id: rd_rep.c,v 1.20 2000/08/18 06:49:03 assar Exp $");
krb5_error_code
krb5_rd_rep(krb5_context context,
@@ -62,7 +62,9 @@ krb5_rd_rep(krb5_context context,
goto out;
}
- krb5_crypto_init(context, auth_context->keyblock, 0, &crypto);
+ ret = krb5_crypto_init(context, auth_context->keyblock, 0, &crypto);
+ if (ret)
+ goto out;
ret = krb5_decrypt_EncryptedData (context,
crypto,
KRB5_KU_AP_REQ_ENC_PART,
diff --git a/crypto/heimdal/lib/krb5/rd_req.c b/crypto/heimdal/lib/krb5/rd_req.c
index bcf4ecf..922137a 100644
--- a/crypto/heimdal/lib/krb5/rd_req.c
+++ b/crypto/heimdal/lib/krb5/rd_req.c
@@ -33,7 +33,7 @@
#include <krb5_locl.h>
-RCSID("$Id: rd_req.c,v 1.41 2000/02/07 13:31:55 joda Exp $");
+RCSID("$Id: rd_req.c,v 1.44 2000/11/15 23:16:28 assar Exp $");
static krb5_error_code
decrypt_tkt_enc_part (krb5_context context,
@@ -46,7 +46,9 @@ decrypt_tkt_enc_part (krb5_context context,
size_t len;
krb5_crypto crypto;
- krb5_crypto_init(context, key, 0, &crypto);
+ ret = krb5_crypto_init(context, key, 0, &crypto);
+ if (ret)
+ return ret;
ret = krb5_decrypt_EncryptedData (context,
crypto,
KRB5_KU_TICKET,
@@ -66,19 +68,29 @@ static krb5_error_code
decrypt_authenticator (krb5_context context,
EncryptionKey *key,
EncryptedData *enc_part,
- Authenticator *authenticator)
+ Authenticator *authenticator,
+ krb5_key_usage usage)
{
krb5_error_code ret;
krb5_data plain;
size_t len;
krb5_crypto crypto;
- krb5_crypto_init(context, key, 0, &crypto);
+ ret = krb5_crypto_init(context, key, 0, &crypto);
+ if (ret)
+ return ret;
ret = krb5_decrypt_EncryptedData (context,
crypto,
- KRB5_KU_AP_REQ_AUTH,
+ usage /* KRB5_KU_AP_REQ_AUTH */,
enc_part,
&plain);
+ /* for backwards compatibility, also try the old usage */
+ if (ret && usage == KRB5_KU_TGS_REQ_AUTH)
+ ret = krb5_decrypt_EncryptedData (context,
+ crypto,
+ KRB5_KU_AP_REQ_AUTH,
+ enc_part,
+ &plain);
krb5_crypto_destroy(context, crypto);
if (ret)
return ret;
@@ -136,10 +148,14 @@ krb5_decrypt_ticket(krb5_context context,
start = *t.starttime;
if(start - now > context->max_skew
|| (t.flags.invalid
- && !(flags & KRB5_VERIFY_AP_REQ_IGNORE_INVALID)))
+ && !(flags & KRB5_VERIFY_AP_REQ_IGNORE_INVALID))) {
+ free_EncTicketPart(&t);
return KRB5KRB_AP_ERR_TKT_NYV;
- if(now - t.endtime > context->max_skew)
+ }
+ if(now - t.endtime > context->max_skew) {
+ free_EncTicketPart(&t);
return KRB5KRB_AP_ERR_TKT_EXPIRED;
+ }
}
if(out)
@@ -222,19 +238,40 @@ krb5_verify_ap_req(krb5_context context,
krb5_flags *ap_req_options,
krb5_ticket **ticket)
{
+ return krb5_verify_ap_req2 (context,
+ auth_context,
+ ap_req,
+ server,
+ keyblock,
+ flags,
+ ap_req_options,
+ ticket,
+ KRB5_KU_AP_REQ_AUTH);
+}
+
+krb5_error_code
+krb5_verify_ap_req2(krb5_context context,
+ krb5_auth_context *auth_context,
+ krb5_ap_req *ap_req,
+ krb5_const_principal server,
+ krb5_keyblock *keyblock,
+ krb5_flags flags,
+ krb5_flags *ap_req_options,
+ krb5_ticket **ticket,
+ krb5_key_usage usage)
+{
krb5_ticket t;
krb5_auth_context ac;
krb5_error_code ret;
- if(auth_context) {
- if(*auth_context == NULL){
- krb5_auth_con_init(context, &ac);
- *auth_context = ac;
- }else
- ac = *auth_context;
- } else
- krb5_auth_con_init(context, &ac);
-
+ if (auth_context && *auth_context) {
+ ac = *auth_context;
+ } else {
+ ret = krb5_auth_con_init (context, &ac);
+ if (ret)
+ return ret;
+ }
+
if (ap_req->ap_options.use_session_key && ac->keyblock){
ret = krb5_decrypt_ticket(context, &ap_req->ticket,
ac->keyblock,
@@ -249,7 +286,7 @@ krb5_verify_ap_req(krb5_context context,
flags);
if(ret)
- return ret;
+ goto out;
principalname2krb5_principal(&t.server, ap_req->ticket.sname,
ap_req->ticket.realm);
@@ -263,11 +300,10 @@ krb5_verify_ap_req(krb5_context context,
ret = decrypt_authenticator (context,
&t.ticket.key,
&ap_req->authenticator,
- ac->authenticator);
- if (ret){
- /* XXX free data */
- return ret;
- }
+ ac->authenticator,
+ usage);
+ if (ret)
+ goto out2;
{
krb5_principal p1, p2;
@@ -282,8 +318,10 @@ krb5_verify_ap_req(krb5_context context,
res = krb5_principal_compare (context, p1, p2);
krb5_free_principal (context, p1);
krb5_free_principal (context, p2);
- if (!res)
- return KRB5KRB_AP_ERR_BADMATCH;
+ if (!res) {
+ ret = KRB5KRB_AP_ERR_BADMATCH;
+ goto out2;
+ }
}
/* check addresses */
@@ -292,8 +330,10 @@ krb5_verify_ap_req(krb5_context context,
&& ac->remote_address
&& !krb5_address_search (context,
ac->remote_address,
- t.ticket.caddr))
- return KRB5KRB_AP_ERR_BADADDR;
+ t.ticket.caddr)) {
+ ret = KRB5KRB_AP_ERR_BADADDR;
+ goto out2;
+ }
if (ac->authenticator->seq_number)
ac->remote_seqnumber = *ac->authenticator->seq_number;
@@ -322,7 +362,18 @@ krb5_verify_ap_req(krb5_context context,
**ticket = t;
} else
krb5_free_ticket (context, &t);
+ if (auth_context) {
+ if (*auth_context == NULL)
+ *auth_context = ac;
+ } else
+ krb5_auth_con_free (context, ac);
return 0;
+ out2:
+ krb5_free_ticket (context, &t);
+ out:
+ if (auth_context == NULL || *auth_context == NULL)
+ krb5_auth_con_free (context, ac);
+ return ret;
}
diff --git a/crypto/heimdal/lib/krb5/rd_safe.c b/crypto/heimdal/lib/krb5/rd_safe.c
index fb7cc2d..07628d9 100644
--- a/crypto/heimdal/lib/krb5/rd_safe.c
+++ b/crypto/heimdal/lib/krb5/rd_safe.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include <krb5_locl.h>
-RCSID("$Id: rd_safe.c,v 1.19 2000/02/06 05:20:51 assar Exp $");
+RCSID("$Id: rd_safe.c,v 1.23 2001/01/19 04:25:37 assar Exp $");
static krb5_error_code
verify_checksum(krb5_context context,
@@ -65,7 +65,9 @@ verify_checksum(krb5_context context,
buf_size,
safe,
&len);
- krb5_crypto_init(context, auth_context->keyblock, 0, &crypto);
+ ret = krb5_crypto_init(context, auth_context->keyblock, 0, &crypto);
+ if (ret)
+ goto out;
ret = krb5_verify_checksum (context,
crypto,
KRB5_KU_KRB_SAFE_CKSUM,
@@ -144,13 +146,20 @@ krb5_rd_safe(krb5_context context,
}
/* XXX - check replay cache */
- /* check sequence number */
+ /* check sequence number. since MIT krb5 cannot generate a sequence
+ number of zero but instead generates no sequence number, we accept that
+ */
+
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
- if (safe.safe_body.seq_number == NULL ||
- *safe.safe_body.seq_number != ++auth_context->remote_seqnumber) {
+ if ((safe.safe_body.seq_number == NULL
+ && auth_context->remote_seqnumber != 0)
+ || (safe.safe_body.seq_number != NULL
+ && *safe.safe_body.seq_number !=
+ auth_context->remote_seqnumber)) {
ret = KRB5KRB_AP_ERR_BADORDER;
goto failure;
}
+ auth_context->remote_seqnumber++;
}
ret = verify_checksum (context, auth_context, &safe);
diff --git a/crypto/heimdal/lib/krb5/read_message.c b/crypto/heimdal/lib/krb5/read_message.c
index f2cae03..45d6b62 100644
--- a/crypto/heimdal/lib/krb5/read_message.c
+++ b/crypto/heimdal/lib/krb5/read_message.c
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: read_message.c,v 1.5 1999/12/02 17:05:12 joda Exp $");
+RCSID("$Id: read_message.c,v 1.7 2000/07/21 22:54:09 joda Exp $");
krb5_error_code
krb5_read_message (krb5_context context,
@@ -49,7 +49,7 @@ krb5_read_message (krb5_context context,
return errno;
if(ret < 4) {
data->length = 0;
- return 0;
+ return HEIM_ERR_EOF;
}
len = (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
ret = krb5_data_alloc (data, len);
@@ -61,3 +61,41 @@ krb5_read_message (krb5_context context,
}
return 0;
}
+
+krb5_error_code
+krb5_read_priv_message(krb5_context context,
+ krb5_auth_context ac,
+ krb5_pointer p_fd,
+ krb5_data *data)
+{
+ krb5_error_code ret;
+ krb5_data packet;
+
+ ret = krb5_read_message(context, p_fd, &packet);
+ if(ret)
+ return ret;
+ ret = krb5_rd_priv (context, ac, &packet, data, NULL);
+ krb5_data_free(&packet);
+ if(ret)
+ return ret;
+ return ret;
+}
+
+krb5_error_code
+krb5_read_safe_message(krb5_context context,
+ krb5_auth_context ac,
+ krb5_pointer p_fd,
+ krb5_data *data)
+{
+ krb5_error_code ret;
+ krb5_data packet;
+
+ ret = krb5_read_message(context, p_fd, &packet);
+ if(ret)
+ return ret;
+ ret = krb5_rd_safe (context, ac, &packet, data, NULL);
+ krb5_data_free(&packet);
+ if(ret)
+ return ret;
+ return ret;
+}
diff --git a/crypto/heimdal/lib/krb5/recvauth.c b/crypto/heimdal/lib/krb5/recvauth.c
index 49fe7b6..3c11254 100644
--- a/crypto/heimdal/lib/krb5/recvauth.c
+++ b/crypto/heimdal/lib/krb5/recvauth.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: recvauth.c,v 1.12 1999/12/02 17:05:12 joda Exp $");
+RCSID("$Id: recvauth.c,v 1.13 2000/12/06 20:59:05 joda Exp $");
/*
* See `sendauth.c' for the format.
@@ -177,7 +177,7 @@ krb5_recvauth_match_version(krb5_context context,
return errno;
if (ap_options & AP_OPTS_MUTUAL_REQUIRED) {
- ret = krb5_mk_rep (context, auth_context, &data);
+ ret = krb5_mk_rep (context, *auth_context, &data);
if (ret)
return ret;
diff --git a/crypto/heimdal/lib/krb5/replay.c b/crypto/heimdal/lib/krb5/replay.c
index 3ca68e8..2935cfc 100644
--- a/crypto/heimdal/lib/krb5/replay.c
+++ b/crypto/heimdal/lib/krb5/replay.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -32,6 +32,9 @@
*/
#include "krb5_locl.h"
+#include <vis.h>
+
+RCSID("$Id: replay.c,v 1.7 2001/01/29 02:09:00 assar Exp $");
struct krb5_rcache_data {
char *name;
@@ -82,6 +85,12 @@ krb5_rc_default_name(krb5_context context)
return "FILE:/var/run/default_rcache";
}
+const char *
+krb5_rc_default_type(krb5_context context)
+{
+ return "FILE";
+}
+
krb5_error_code
krb5_rc_default(krb5_context context,
krb5_rcache *id)
@@ -140,20 +149,20 @@ checksum_authenticator(Authenticator *auth, void *data)
MD5_CTX md5;
int i;
- MD5Init (&md5);
- MD5Update (&md5, auth->crealm, strlen(auth->crealm));
+ MD5_Init (&md5);
+ MD5_Update (&md5, auth->crealm, strlen(auth->crealm));
for(i = 0; i < auth->cname.name_string.len; i++)
- MD5Update(&md5, auth->cname.name_string.val[i],
- strlen(auth->cname.name_string.val[i]));
- MD5Update (&md5, &auth->ctime, sizeof(auth->ctime));
- MD5Update (&md5, &auth->cusec, sizeof(auth->cusec));
- MD5Final (&md5, data);
+ MD5_Update(&md5, auth->cname.name_string.val[i],
+ strlen(auth->cname.name_string.val[i]));
+ MD5_Update (&md5, &auth->ctime, sizeof(auth->ctime));
+ MD5_Update (&md5, &auth->cusec, sizeof(auth->cusec));
+ MD5_Final (data, &md5);
}
krb5_error_code
krb5_rc_store(krb5_context context,
krb5_rcache id,
- krb5_donot_reply *rep)
+ krb5_donot_replay *rep)
{
struct rc_entry ent, tmp;
time_t t;
@@ -209,6 +218,7 @@ krb5_rc_get_lifespan(krb5_context context,
}
return KRB5_RC_IO_UNKNOWN;
}
+
const char*
krb5_rc_get_name(krb5_context context,
krb5_rcache id)
@@ -223,3 +233,32 @@ krb5_rc_get_type(krb5_context context,
return "FILE";
}
+krb5_error_code
+krb5_get_server_rcache(krb5_context context,
+ const krb5_data *piece,
+ krb5_rcache *id)
+{
+ krb5_rcache rcache;
+ krb5_error_code ret;
+
+ char *tmp = malloc(4 * piece->length + 1);
+ char *name;
+ if(tmp == NULL)
+ return ENOMEM;
+ strvisx(tmp, piece->data, piece->length, VIS_WHITE | VIS_OCTAL);
+#ifdef HAVE_GETEUID
+ asprintf(&name, "FILE:rc_%s_%u", tmp, geteuid());
+#else
+ asprintf(&name, "FILE:rc_%s", tmp);
+#endif
+ free(tmp);
+ if(name == NULL)
+ return ENOMEM;
+
+ ret = krb5_rc_resolve_full(context, &rcache, name);
+ free(name);
+ if(ret)
+ return ret;
+ *id = rcache;
+ return ret;
+}
diff --git a/crypto/heimdal/lib/krb5/send_to_kdc.c b/crypto/heimdal/lib/krb5/send_to_kdc.c
index 2872322..e2b884d 100644
--- a/crypto/heimdal/lib/krb5/send_to_kdc.c
+++ b/crypto/heimdal/lib/krb5/send_to_kdc.c
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: send_to_kdc.c,v 1.36 2000/01/06 07:59:11 assar Exp $");
+RCSID("$Id: send_to_kdc.c,v 1.40 2000/11/15 01:48:23 assar Exp $");
/*
* send the data in `req' on the socket `fd' (which is datagram iff udp)
@@ -54,6 +54,10 @@ recv_loop (int fd,
int ret;
int nbytes;
+ if (fd >= FD_SETSIZE) {
+ return -1;
+ }
+
krb5_data_zero(rep);
do {
FD_ZERO(&fdset);
@@ -237,7 +241,8 @@ send_via_proxy (krb5_context context,
const krb5_data *send,
krb5_data *receive)
{
- char *proxy = strdup(context->http_proxy);
+ char *proxy2 = strdup(context->http_proxy);
+ char *proxy = proxy2;
char *prefix;
char *colon;
struct addrinfo hints;
@@ -246,6 +251,11 @@ send_via_proxy (krb5_context context,
int s;
char portstr[NI_MAXSERV];
+ if (proxy == NULL)
+ return ENOMEM;
+ if (strncmp (proxy, "http://", 7) == 0)
+ proxy += 7;
+
colon = strchr(proxy, ':');
if(colon != NULL)
*colon++ = '\0';
@@ -254,10 +264,10 @@ send_via_proxy (krb5_context context,
hints.ai_socktype = SOCK_STREAM;
snprintf (portstr, sizeof(portstr), "%d",
ntohs(init_port (colon, htons(80))));
- ret = getaddrinfo (proxy, portstr, NULL, &ai);
- free (proxy);
+ ret = getaddrinfo (proxy, portstr, &hints, &ai);
+ free (proxy2);
if (ret)
- return ret;
+ return krb5_eai_to_heim_errno(ret);
for (a = ai; a != NULL; a = a->ai_next) {
s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
@@ -295,26 +305,17 @@ send_via_proxy (krb5_context context,
*/
krb5_error_code
-krb5_sendto_kdc (krb5_context context,
- const krb5_data *send,
- const krb5_realm *realm,
- krb5_data *receive)
+krb5_sendto (krb5_context context,
+ const krb5_data *send,
+ char **hostlist,
+ int port,
+ krb5_data *receive)
{
- krb5_error_code ret;
- char **hostlist, **hp, *p;
+ krb5_error_code ret = 0;
+ char **hp, *p;
int fd;
- int port;
int i;
- port = krb5_getportbyname (context, "kerberos", "udp", 88);
-
- if (context->use_admin_kdc)
- ret = krb5_get_krb_admin_hst (context, realm, &hostlist);
- else
- ret = krb5_get_krbhst (context, realm, &hostlist);
- if (ret)
- return ret;
-
for (i = 0; i < context->max_retries; ++i)
for (hp = hostlist; (p = *hp); ++hp) {
char *colon;
@@ -390,6 +391,38 @@ krb5_sendto_kdc (krb5_context context,
}
ret = KRB5_KDC_UNREACH;
out:
- krb5_free_krbhst (context, hostlist);
return ret;
}
+
+krb5_error_code
+krb5_sendto_kdc2(krb5_context context,
+ const krb5_data *send,
+ const krb5_realm *realm,
+ krb5_data *receive,
+ krb5_boolean master)
+{
+ krb5_error_code ret;
+ char **hostlist;
+ int port;
+
+ port = krb5_getportbyname (context, "kerberos", "udp", 88);
+
+ if (master || context->use_admin_kdc)
+ ret = krb5_get_krb_admin_hst (context, realm, &hostlist);
+ else
+ ret = krb5_get_krbhst (context, realm, &hostlist);
+ if (ret)
+ return ret;
+ ret = krb5_sendto(context, send, hostlist, port, receive);
+ krb5_free_krbhst (context, hostlist);
+ return ret;
+}
+
+krb5_error_code
+krb5_sendto_kdc(krb5_context context,
+ const krb5_data *send,
+ const krb5_realm *realm,
+ krb5_data *receive)
+{
+ return krb5_sendto_kdc2(context, send, realm, receive, FALSE);
+}
diff --git a/crypto/heimdal/lib/krb5/sock_principal.c b/crypto/heimdal/lib/krb5/sock_principal.c
index bfd4eb4..477622d 100644
--- a/crypto/heimdal/lib/krb5/sock_principal.c
+++ b/crypto/heimdal/lib/krb5/sock_principal.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: sock_principal.c,v 1.9 1999/12/02 17:05:12 joda Exp $");
+RCSID("$Id: sock_principal.c,v 1.11 2000/08/09 20:53:11 assar Exp $");
krb5_error_code
krb5_sock_to_principal (krb5_context context,
@@ -46,10 +46,11 @@ krb5_sock_to_principal (krb5_context context,
krb5_address address;
struct sockaddr_storage __ss;
struct sockaddr *sa = (struct sockaddr *)&__ss;
- int len = sizeof(__ss);
+ socklen_t len = sizeof(__ss);
struct hostent *hostent;
int family;
char hname[256];
+ char *tmp;
if (getsockname (sock, sa, &len) < 0)
return errno;
@@ -65,7 +66,18 @@ krb5_sock_to_principal (krb5_context context,
if (hostent == NULL)
return h_errno;
- strlcpy(hname, hostent->h_name, sizeof(hname));
+ tmp = hostent->h_name;
+ if (strchr(tmp, '.') == NULL) {
+ char **a;
+
+ for (a = hostent->h_aliases; a != NULL && *a != NULL; ++a)
+ if (strchr(*a, '.') != NULL) {
+ tmp = *a;
+ break;
+ }
+ }
+
+ strlcpy(hname, tmp, sizeof(hname));
return krb5_sname_to_principal (context,
hname,
sname,
diff --git a/crypto/heimdal/lib/krb5/store.c b/crypto/heimdal/lib/krb5/store.c
index 17b1547..5f9d659 100644
--- a/crypto/heimdal/lib/krb5/store.c
+++ b/crypto/heimdal/lib/krb5/store.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997-1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: store.c,v 1.32 1999/12/02 17:05:12 joda Exp $");
+RCSID("$Id: store.c,v 1.34 2000/04/11 00:46:09 assar Exp $");
void
krb5_storage_set_flags(krb5_storage *sp, krb5_flags flags)
@@ -275,8 +275,7 @@ krb5_ret_string(krb5_storage *sp,
}
krb5_error_code
-krb5_store_stringz(krb5_storage *sp,
- char *s)
+krb5_store_stringz(krb5_storage *sp, const char *s)
{
size_t len = strlen(s) + 1;
ssize_t ret;
@@ -554,20 +553,46 @@ krb5_ret_authdata(krb5_storage *sp, krb5_authdata *auth)
return ret;
}
+/*
+ * store `creds' on `sp' returning error or zero
+ */
+
krb5_error_code
krb5_store_creds(krb5_storage *sp, krb5_creds *creds)
{
- krb5_store_principal(sp, creds->client);
- krb5_store_principal(sp, creds->server);
- krb5_store_keyblock(sp, creds->session);
- krb5_store_times(sp, creds->times);
- krb5_store_int8(sp, 0); /* this is probably the
+ int ret;
+
+ ret = krb5_store_principal(sp, creds->client);
+ if (ret)
+ return ret;
+ ret = krb5_store_principal(sp, creds->server);
+ if (ret)
+ return ret;
+ ret = krb5_store_keyblock(sp, creds->session);
+ if (ret)
+ return ret;
+ ret = krb5_store_times(sp, creds->times);
+ if (ret)
+ return ret;
+ ret = krb5_store_int8(sp, 0); /* this is probably the
enc-tkt-in-skey bit from KDCOptions */
- krb5_store_int32(sp, creds->flags.i);
- krb5_store_addrs(sp, creds->addresses);
- krb5_store_authdata(sp, creds->authdata);
- krb5_store_data(sp, creds->ticket);
- krb5_store_data(sp, creds->second_ticket);
+ if (ret)
+ return ret;
+ ret = krb5_store_int32(sp, creds->flags.i);
+ if (ret)
+ return ret;
+ ret = krb5_store_addrs(sp, creds->addresses);
+ if (ret)
+ return ret;
+ ret = krb5_store_authdata(sp, creds->authdata);
+ if (ret)
+ return ret;
+ ret = krb5_store_data(sp, creds->ticket);
+ if (ret)
+ return ret;
+ ret = krb5_store_data(sp, creds->second_ticket);
+ if (ret)
+ return ret;
return 0;
}
diff --git a/crypto/heimdal/lib/krb5/store_emem.c b/crypto/heimdal/lib/krb5/store_emem.c
index d2497ef..4d531c6 100644
--- a/crypto/heimdal/lib/krb5/store_emem.c
+++ b/crypto/heimdal/lib/krb5/store_emem.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 200 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: store_emem.c,v 1.9 1999/12/02 17:05:12 joda Exp $");
+RCSID("$Id: store_emem.c,v 1.10 2000/05/19 14:39:49 assar Exp $");
typedef struct emem_storage{
unsigned char *base;
@@ -54,7 +54,7 @@ emem_fetch(krb5_storage *sp, void *data, size_t size)
}
static ssize_t
-emem_store(krb5_storage *sp, void *data, size_t size)
+emem_store(krb5_storage *sp, const void *data, size_t size)
{
emem_storage *s = (emem_storage*)sp->data;
if(size > s->base + s->size - s->ptr){
diff --git a/crypto/heimdal/lib/krb5/store_fd.c b/crypto/heimdal/lib/krb5/store_fd.c
index e4c507c..2c795bd 100644
--- a/crypto/heimdal/lib/krb5/store_fd.c
+++ b/crypto/heimdal/lib/krb5/store_fd.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: store_fd.c,v 1.6 1999/12/02 17:05:13 joda Exp $");
+RCSID("$Id: store_fd.c,v 1.8 2001/01/29 02:32:35 assar Exp $");
typedef struct fd_storage{
int fd;
@@ -44,13 +44,13 @@ typedef struct fd_storage{
static ssize_t
fd_fetch(krb5_storage *sp, void *data, size_t size)
{
- return read(FD(sp), data, size);
+ return net_read(FD(sp), data, size);
}
static ssize_t
-fd_store(krb5_storage *sp, void *data, size_t size)
+fd_store(krb5_storage *sp, const void *data, size_t size)
{
- return write(FD(sp), data, size);
+ return net_write(FD(sp), data, size);
}
static off_t
diff --git a/crypto/heimdal/lib/krb5/store_mem.c b/crypto/heimdal/lib/krb5/store_mem.c
index a8019e6..e6c277a 100644
--- a/crypto/heimdal/lib/krb5/store_mem.c
+++ b/crypto/heimdal/lib/krb5/store_mem.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: store_mem.c,v 1.9 1999/12/02 17:05:13 joda Exp $");
+RCSID("$Id: store_mem.c,v 1.10 2000/05/19 14:39:02 assar Exp $");
typedef struct mem_storage{
unsigned char *base;
@@ -53,7 +53,7 @@ mem_fetch(krb5_storage *sp, void *data, size_t size)
}
static ssize_t
-mem_store(krb5_storage *sp, void *data, size_t size)
+mem_store(krb5_storage *sp, const void *data, size_t size)
{
mem_storage *s = (mem_storage*)sp->data;
if(size > s->base + s->size - s->ptr)
diff --git a/crypto/heimdal/lib/krb5/string-to-key-test.c b/crypto/heimdal/lib/krb5/string-to-key-test.c
index 0e884d0..6e6c0b6 100644
--- a/crypto/heimdal/lib/krb5/string-to-key-test.c
+++ b/crypto/heimdal/lib/krb5/string-to-key-test.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1999 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -32,7 +32,7 @@
#include "krb5_locl.h"
-RCSID("$Id: string-to-key-test.c,v 1.2 1999/10/28 23:10:38 assar Exp $");
+RCSID("$Id: string-to-key-test.c,v 1.4 2000/12/31 08:03:54 assar Exp $");
enum { MAXSIZE = 24 };
@@ -60,6 +60,9 @@ static struct testcase {
{0x7f, 0x40, 0x67, 0xb9, 0xbc, 0xc4, 0x40, 0xfb, 0x43, 0x73, 0xd9,
0xd3, 0xcd, 0x7c, 0xc7, 0x67, 0xe6, 0x79, 0x94, 0xd0, 0xa8, 0x34,
0xdf, 0x62}},
+ {"does/not@MATTER", "foo", ETYPE_ARCFOUR_HMAC_MD5,
+ {0xac, 0x8e, 0x65, 0x7f, 0x83, 0xdf, 0x82, 0xbe,
+ 0xea, 0x5d, 0x43, 0xbd, 0xaf, 0x78, 0x00, 0xcc}},
{NULL}
};
@@ -71,7 +74,9 @@ main(int argc, char **argv)
krb5_error_code ret;
int val = 0;
- krb5_init_context (&context);
+ ret = krb5_init_context (&context);
+ if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
for (t = tests; t->principal_name; ++t) {
krb5_keyblock key;
diff --git a/crypto/heimdal/lib/krb5/test_get_addrs.c b/crypto/heimdal/lib/krb5/test_get_addrs.c
new file mode 100644
index 0000000..96a8f89
--- /dev/null
+++ b/crypto/heimdal/lib/krb5/test_get_addrs.c
@@ -0,0 +1,78 @@
+/*
+ * Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of KTH nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#include "krb5_locl.h"
+#include <err.h>
+
+RCSID("$Id: test_get_addrs.c,v 1.3 2001/01/25 12:45:15 assar Exp $");
+
+/* print all addresses that we find */
+
+static void
+print_addresses (krb5_context context, const krb5_addresses *addrs)
+{
+ int i;
+ char buf[256];
+ size_t len;
+
+ for (i = 0; i < addrs->len; ++i) {
+ krb5_print_address (&addrs->val[i], buf, sizeof(buf), &len);
+ printf ("%s\n", buf);
+ }
+}
+
+int
+main(int argc, char **argv)
+{
+ krb5_context context;
+ krb5_error_code ret;
+ krb5_addresses addrs;
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ errx (1, "krb5_init_context failed: %d", ret);
+
+ ret = krb5_get_all_client_addrs (context, &addrs);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_get_all_client_addrs");
+ printf ("client addresses\n");
+ print_addresses (context, &addrs);
+ krb5_free_addresses (context, &addrs);
+
+ ret = krb5_get_all_server_addrs (context, &addrs);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_get_all_server_addrs");
+ printf ("server addresses\n");
+ print_addresses (context, &addrs);
+ krb5_free_addresses (context, &addrs);
+ return 0;
+}
diff --git a/crypto/heimdal/lib/krb5/time.c b/crypto/heimdal/lib/krb5/time.c
index e5a1185..98121b4 100644
--- a/crypto/heimdal/lib/krb5/time.c
+++ b/crypto/heimdal/lib/krb5/time.c
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: time.c,v 1.3 2000/02/06 05:21:53 assar Exp $");
+RCSID("$Id: time.c,v 1.4 2000/06/29 08:20:52 joda Exp $");
/*
* return ``corrected'' time in `timeret'.
@@ -64,3 +64,16 @@ krb5_us_timeofday (krb5_context context,
*usec = tv.tv_usec; /* XXX */
return 0;
}
+
+krb5_error_code
+krb5_format_time(krb5_context context, time_t t,
+ char *s, size_t len, krb5_boolean include_time)
+{
+ struct tm *tm;
+ if(context->log_utc)
+ tm = gmtime (&t);
+ else
+ tm = localtime(&t);
+ strftime(s, len, include_time ? context->time_fmt : context->date_fmt, tm);
+ return 0;
+}
diff --git a/crypto/heimdal/lib/krb5/verify_krb5_conf.8 b/crypto/heimdal/lib/krb5/verify_krb5_conf.8
new file mode 100644
index 0000000..55cdc92
--- /dev/null
+++ b/crypto/heimdal/lib/krb5/verify_krb5_conf.8
@@ -0,0 +1,33 @@
+.\" $Id: verify_krb5_conf.8,v 1.2 2000/03/04 14:07:50 assar Exp $
+.\"
+.Dd March 4, 2000
+.Dt VERIFY_KRB5_CONF 8
+.Os HEIMDAL
+.Sh NAME
+.Nm verify_krb5_conf
+.Nd
+does a crude test that
+.Pa krb5.conf
+does not contain any obvious syntax error
+.Sh SYNOPSIS
+.Nm
+.Ar [config-file]
+.Sh DESCRIPTION
+.Nm
+reads the configuration file
+.Pa krb5.conf ,
+or the file given on the command line,
+and parses it, thereby verifying that the syntax is not correctly wrong.
+Since that file is read by almost all Kerberos programs but most of
+them have no way of notifying the user that it could not be parsed,
+this program is useful.
+.Sh ENVIRONMENT
+.Ev KRB5_CONFIG
+points to the configuration file to read.
+.Sh FILES
+.Xr krb5.conf 5
+.Sh SEE ALSO
+.Xr krb5.conf 5
+.Sh BUGS
+It should know about what variables are actually used and warn about
+unknown ones.
diff --git a/crypto/heimdal/lib/krb5/verify_user.c b/crypto/heimdal/lib/krb5/verify_user.c
index 10c22cb..758bc60 100644
--- a/crypto/heimdal/lib/krb5/verify_user.c
+++ b/crypto/heimdal/lib/krb5/verify_user.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: verify_user.c,v 1.11 1999/12/02 17:05:13 joda Exp $");
+RCSID("$Id: verify_user.c,v 1.12 2001/01/04 17:40:00 joda Exp $");
static krb5_error_code
verify_common (krb5_context context,
@@ -101,6 +101,9 @@ krb5_verify_user(krb5_context context,
krb5_creds cred;
krb5_get_init_creds_opt_init (&opt);
+ krb5_get_init_creds_opt_set_default_flags(context, NULL,
+ *krb5_princ_realm(context, principal),
+ &opt);
ret = krb5_get_init_creds_password (context,
&cred,
@@ -152,6 +155,9 @@ krb5_verify_user_lrealm(krb5_context context,
free (*krb5_princ_realm (context, principal));
krb5_princ_set_realm (context, principal, &tmp);
+ krb5_get_init_creds_opt_set_default_flags(context, NULL,
+ *krb5_princ_realm(context, principal),
+ &opt);
ret = krb5_get_init_creds_password (context,
&cred,
principal,
diff --git a/crypto/heimdal/lib/krb5/warn.c b/crypto/heimdal/lib/krb5/warn.c
index b202f7d..1f594fb 100644
--- a/crypto/heimdal/lib/krb5/warn.c
+++ b/crypto/heimdal/lib/krb5/warn.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -34,7 +34,7 @@
#include "krb5_locl.h"
#include <err.h>
-RCSID("$Id: warn.c,v 1.10 1999/12/02 17:05:13 joda Exp $");
+RCSID("$Id: warn.c,v 1.11 2000/08/16 07:37:41 assar Exp $");
static krb5_error_code
_warnerr(krb5_context context, int do_errtext,
@@ -44,6 +44,7 @@ _warnerr(krb5_context context, int do_errtext,
const char *args[2], **arg;
char *msg = NULL;
+ args[0] = args[1] = NULL;
arg = args;
if(fmt){
strcat(xfmt, "%s");
diff --git a/crypto/heimdal/lib/krb5/write_message.c b/crypto/heimdal/lib/krb5/write_message.c
index b7f2c28..2e394b6 100644
--- a/crypto/heimdal/lib/krb5/write_message.c
+++ b/crypto/heimdal/lib/krb5/write_message.c
@@ -33,7 +33,7 @@
#include "krb5_locl.h"
-RCSID("$Id: write_message.c,v 1.4 1999/12/02 17:05:13 joda Exp $");
+RCSID("$Id: write_message.c,v 1.6 2000/07/21 23:49:09 joda Exp $");
krb5_error_code
krb5_write_message (krb5_context context,
@@ -44,12 +44,42 @@ krb5_write_message (krb5_context context,
u_int8_t buf[4];
len = data->length;
- buf[0] = (len >> 24) & 0xFF;
- buf[1] = (len >> 16) & 0xFF;
- buf[2] = (len >> 8) & 0xFF;
- buf[3] = (len >> 0) & 0xFF;
+ _krb5_put_int(buf, len, 4);
if (krb5_net_write (context, p_fd, buf, 4) != 4
|| krb5_net_write (context, p_fd, data->data, len) != len)
return errno;
return 0;
}
+
+krb5_error_code
+krb5_write_priv_message(krb5_context context,
+ krb5_auth_context ac,
+ krb5_pointer p_fd,
+ krb5_data *data)
+{
+ krb5_error_code ret;
+ krb5_data packet;
+ ret = krb5_mk_priv (context, ac, data, &packet, NULL);
+ if(ret)
+ return ret;
+ ret = krb5_write_message(context, p_fd, &packet);
+ krb5_data_free(&packet);
+ return ret;
+}
+
+krb5_error_code
+krb5_write_safe_message(krb5_context context,
+ krb5_auth_context ac,
+ krb5_boolean priv,
+ krb5_pointer p_fd,
+ krb5_data *data)
+{
+ krb5_error_code ret;
+ krb5_data packet;
+ ret = krb5_mk_safe (context, ac, data, &packet, NULL);
+ if(ret)
+ return ret;
+ ret = krb5_write_message(context, p_fd, &packet);
+ krb5_data_free(&packet);
+ return ret;
+}
OpenPOWER on IntegriCloud