diff options
| author | nectar <nectar@FreeBSD.org> | 2003-10-09 19:36:20 +0000 |
|---|---|---|
| committer | nectar <nectar@FreeBSD.org> | 2003-10-09 19:36:20 +0000 |
| commit | 5c90662d441c12cd30c694eb1172d6fea2f8f282 (patch) | |
| tree | cb08d962a1d1ff9fd191e67849a7057861f42a50 /crypto/heimdal/lib | |
| parent | 12eb3dee85137da9effa7d2df35e855dd0a3814a (diff) | |
| download | FreeBSD-src-5c90662d441c12cd30c694eb1172d6fea2f8f282.zip FreeBSD-src-5c90662d441c12cd30c694eb1172d6fea2f8f282.tar.gz | |
Vendor import of Heimdal 0.6.
Diffstat (limited to 'crypto/heimdal/lib')
176 files changed, 8649 insertions, 1874 deletions
diff --git a/crypto/heimdal/lib/45/Makefile.in b/crypto/heimdal/lib/45/Makefile.in index 190945c..2fd13fa 100644 --- a/crypto/heimdal/lib/45/Makefile.in +++ b/crypto/heimdal/lib/45/Makefile.in @@ -18,7 +18,7 @@ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -240,10 +241,10 @@ all: all-am .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign lib/45/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) AR = ar @@ -420,7 +421,9 @@ info: info-am info-am: -install-data-am: install-data-local +install-data-am: + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: install-libLIBRARIES @$(NORMAL_INSTALL) @@ -447,8 +450,8 @@ uninstall-am: uninstall-info-am uninstall-libLIBRARIES clean-generic clean-libLIBRARIES clean-libtool distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am info info-am install \ - install-am install-data install-data-am install-data-local \ - install-exec install-exec-am install-info install-info-am \ + install-am install-data install-data-am install-exec \ + install-exec-am install-info install-info-am \ install-libLIBRARIES install-man install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ @@ -579,7 +582,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/lib/Makefile.in b/crypto/heimdal/lib/Makefile.in index 37a9e6e..a8111e8 100644 --- a/crypto/heimdal/lib/Makefile.in +++ b/crypto/heimdal/lib/Makefile.in @@ -18,7 +18,7 @@ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -235,10 +236,10 @@ all: all-recursive .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign lib/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) mostlyclean-libtool: @@ -436,7 +437,9 @@ info: info-recursive info-am: -install-data-am: install-data-local +install-data-am: + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: @$(NORMAL_INSTALL) @@ -465,15 +468,15 @@ uninstall-info: uninstall-info-recursive distclean distclean-generic distclean-libtool \ distclean-recursive distclean-tags distdir dvi dvi-am \ dvi-recursive info info-am info-recursive install install-am \ - install-data install-data-am install-data-local \ - install-data-recursive install-exec install-exec-am \ - install-exec-recursive install-info install-info-am \ - install-info-recursive install-man install-recursive \ - install-strip installcheck installcheck-am installdirs \ - installdirs-am installdirs-recursive maintainer-clean \ - maintainer-clean-generic maintainer-clean-recursive mostlyclean \ - mostlyclean-generic mostlyclean-libtool mostlyclean-recursive \ - tags tags-recursive uninstall uninstall-am uninstall-info-am \ + install-data install-data-am install-data-recursive \ + install-exec install-exec-am install-exec-recursive \ + install-info install-info-am install-info-recursive install-man \ + install-recursive install-strip installcheck installcheck-am \ + installdirs installdirs-am installdirs-recursive \ + maintainer-clean maintainer-clean-generic \ + maintainer-clean-recursive mostlyclean mostlyclean-generic \ + mostlyclean-libtool mostlyclean-recursive tags tags-recursive \ + uninstall uninstall-am uninstall-info-am \ uninstall-info-recursive uninstall-recursive @@ -600,7 +603,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/lib/asn1/Makefile.am b/crypto/heimdal/lib/asn1/Makefile.am index e202697..36cd9f0 100644 --- a/crypto/heimdal/lib/asn1/Makefile.am +++ b/crypto/heimdal/lib/asn1/Makefile.am @@ -1,11 +1,11 @@ -# $Id: Makefile.am,v 1.68 2002/03/10 23:41:33 assar Exp $ +# $Id: Makefile.am,v 1.69.2.1 2003/05/12 15:20:44 joda Exp $ include $(top_srcdir)/Makefile.am.common YFLAGS = -d lib_LTLIBRARIES = libasn1.la -libasn1_la_LDFLAGS = -version-info 6:0:0 +libasn1_la_LDFLAGS = -version-info 6:1:0 libasn1_la_LIBADD = @LIB_com_err@ @@ -69,8 +69,12 @@ gen_files = \ noinst_PROGRAMS = asn1_compile asn1_print -check_PROGRAMS = check-der -TESTS = check-der +check_PROGRAMS = check-der check-gen +TESTS = check-der check-gen + +check_der_SOURCES = check-der.c check-common.c +check_gen_SOURCES = check-gen.c check-common.c + asn1_compile_SOURCES = \ gen.c \ @@ -102,6 +106,7 @@ check_der_LDADD = \ libasn1.la \ $(LIB_roken) +check_gen_LDADD = $(check_der_LDADD) asn1_print_LDADD = $(check_der_LDADD) CLEANFILES = lex.c parse.c parse.h krb5_asn1.h $(BUILT_SOURCES) \ diff --git a/crypto/heimdal/lib/asn1/Makefile.in b/crypto/heimdal/lib/asn1/Makefile.in index 8871e79..e97ee04 100644 --- a/crypto/heimdal/lib/asn1/Makefile.in +++ b/crypto/heimdal/lib/asn1/Makefile.in @@ -14,11 +14,11 @@ @SET_MAKE@ -# $Id: Makefile.am,v 1.68 2002/03/10 23:41:33 assar Exp $ +# $Id: Makefile.am,v 1.69.2.1 2003/05/12 15:20:44 joda Exp $ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -204,7 +205,7 @@ NROFF_MAN = groff -mandoc -Tascii YFLAGS = -d lib_LTLIBRARIES = libasn1.la -libasn1_la_LDFLAGS = -version-info 6:0:0 +libasn1_la_LDFLAGS = -version-info 6:1:0 libasn1_la_LIBADD = @LIB_com_err@ @@ -269,8 +270,11 @@ gen_files = \ noinst_PROGRAMS = asn1_compile asn1_print -check_PROGRAMS = check-der -TESTS = check-der +check_PROGRAMS = check-der check-gen +TESTS = check-der check-gen + +check_der_SOURCES = check-der.c check-common.c +check_gen_SOURCES = check-gen.c check-common.c asn1_compile_SOURCES = \ gen.c \ @@ -306,6 +310,7 @@ check_der_LDADD = \ $(LIB_roken) +check_gen_LDADD = $(check_der_LDADD) asn1_print_LDADD = $(check_der_LDADD) CLEANFILES = lex.c parse.c parse.h krb5_asn1.h $(BUILT_SOURCES) \ @@ -344,7 +349,7 @@ am__objects_5 = $(am__objects_6) asn1_err.lo am_libasn1_la_OBJECTS = der_get.lo der_put.lo der_free.lo der_length.lo \ der_copy.lo timegm.lo $(am__objects_5) libasn1_la_OBJECTS = $(am_libasn1_la_OBJECTS) -check_PROGRAMS = check-der$(EXEEXT) +check_PROGRAMS = check-der$(EXEEXT) check-gen$(EXEEXT) noinst_PROGRAMS = asn1_compile$(EXEEXT) asn1_print$(EXEEXT) PROGRAMS = $(noinst_PROGRAMS) @@ -359,10 +364,14 @@ asn1_print_SOURCES = asn1_print.c asn1_print_OBJECTS = asn1_print.$(OBJEXT) asn1_print_DEPENDENCIES = libasn1.la asn1_print_LDFLAGS = -check_der_SOURCES = check-der.c -check_der_OBJECTS = check-der.$(OBJEXT) +am_check_der_OBJECTS = check-der.$(OBJEXT) check-common.$(OBJEXT) +check_der_OBJECTS = $(am_check_der_OBJECTS) check_der_DEPENDENCIES = libasn1.la check_der_LDFLAGS = +am_check_gen_OBJECTS = check-gen.$(OBJEXT) check-common.$(OBJEXT) +check_gen_OBJECTS = $(am_check_gen_OBJECTS) +check_gen_DEPENDENCIES = libasn1.la +check_gen_LDFLAGS = DEFS = @DEFS@ DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include @@ -384,22 +393,22 @@ LTLEXCOMPILE = $(LIBTOOL) --mode=compile $(LEX) $(LFLAGS) $(AM_LFLAGS) YACCCOMPILE = $(YACC) $(YFLAGS) $(AM_YFLAGS) LTYACCCOMPILE = $(LIBTOOL) --mode=compile $(YACC) $(YFLAGS) $(AM_YFLAGS) DIST_SOURCES = $(libasn1_la_SOURCES) $(asn1_compile_SOURCES) \ - asn1_print.c check-der.c + asn1_print.c $(check_der_SOURCES) $(check_gen_SOURCES) HEADERS = $(include_HEADERS) DIST_COMMON = $(include_HEADERS) Makefile.am Makefile.in lex.c parse.c \ parse.h -SOURCES = $(libasn1_la_SOURCES) $(asn1_compile_SOURCES) asn1_print.c check-der.c +SOURCES = $(libasn1_la_SOURCES) $(asn1_compile_SOURCES) asn1_print.c $(check_der_SOURCES) $(check_gen_SOURCES) all: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) all-am .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .l .lo .o .obj .y -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign lib/asn1/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) libLTLIBRARIES_INSTALL = $(INSTALL) install-libLTLIBRARIES: $(lib_LTLIBRARIES) @@ -441,6 +450,9 @@ asn1_print$(EXEEXT): $(asn1_print_OBJECTS) $(asn1_print_DEPENDENCIES) check-der$(EXEEXT): $(check_der_OBJECTS) $(check_der_DEPENDENCIES) @rm -f check-der$(EXEEXT) $(LINK) $(check_der_LDFLAGS) $(check_der_OBJECTS) $(check_der_LDADD) $(LIBS) +check-gen$(EXEEXT): $(check_gen_OBJECTS) $(check_gen_DEPENDENCIES) + @rm -f check-gen$(EXEEXT) + $(LINK) $(check_gen_LDFLAGS) $(check_gen_OBJECTS) $(check_gen_LDADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) core *.core @@ -682,7 +694,9 @@ info: info-am info-am: -install-data-am: install-data-local install-includeHEADERS +install-data-am: install-includeHEADERS + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: install-libLTLIBRARIES @$(NORMAL_INSTALL) @@ -711,9 +725,9 @@ uninstall-am: uninstall-includeHEADERS uninstall-info-am \ clean-libLTLIBRARIES clean-libtool clean-noinstPROGRAMS \ distclean distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am info info-am install \ - install-am install-data install-data-am install-data-local \ - install-exec install-exec-am install-includeHEADERS \ - install-info install-info-am install-libLTLIBRARIES install-man \ + install-am install-data install-data-am install-exec \ + install-exec-am install-includeHEADERS install-info \ + install-info-am install-libLTLIBRARIES install-man \ install-strip installcheck installcheck-am installdirs \ maintainer-clean maintainer-clean-generic mostlyclean \ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ @@ -844,7 +858,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/lib/asn1/check-common.c b/crypto/heimdal/lib/asn1/check-common.c new file mode 100644 index 0000000..20a41ad --- /dev/null +++ b/crypto/heimdal/lib/asn1/check-common.c @@ -0,0 +1,125 @@ +/* + * Copyright (c) 1999 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif +#include <stdio.h> +#include <string.h> +#include <err.h> +#include <roken.h> + +#include "check-common.h" + +RCSID("$Id: check-common.c,v 1.1 2003/01/23 10:21:36 lha Exp $"); + +static void +print_bytes (unsigned const char *buf, size_t len) +{ + int i; + + for (i = 0; i < len; ++i) + printf ("%02x ", buf[i]); +} + +int +generic_test (const struct test_case *tests, + unsigned ntests, + size_t data_size, + int (*encode)(unsigned char *, size_t, void *, size_t *), + int (*length)(void *), + int (*decode)(unsigned char *, size_t, void *, size_t *), + int (*cmp)(void *a, void *b)) +{ + unsigned char buf[4711]; + int i; + int failures = 0; + void *val = malloc (data_size); + + if (data_size != 0 && val == NULL) + err (1, "malloc"); + + for (i = 0; i < ntests; ++i) { + int ret; + size_t sz, consumed_sz, length_sz; + unsigned char *beg; + + ret = (*encode) (buf + sizeof(buf) - 1, sizeof(buf), + tests[i].val, &sz); + beg = buf + sizeof(buf) - sz; + if (ret != 0) { + printf ("encoding of %s failed\n", tests[i].name); + ++failures; + } + if (sz != tests[i].byte_len) { + printf ("encoding of %s has wrong len (%lu != %lu)\n", + tests[i].name, + (unsigned long)sz, (unsigned long)tests[i].byte_len); + ++failures; + } + + length_sz = (*length) (tests[i].val); + if (sz != length_sz) { + printf ("length for %s is bad (%lu != %lu)\n", + tests[i].name, (unsigned long)length_sz, (unsigned long)sz); + ++failures; + } + + if (memcmp (beg, tests[i].bytes, tests[i].byte_len) != 0) { + printf ("encoding of %s has bad bytes:\n" + "correct: ", tests[i].name); + print_bytes (tests[i].bytes, tests[i].byte_len); + printf ("\nactual: "); + print_bytes (beg, sz); + printf ("\n"); + ++failures; + } + ret = (*decode) (beg, sz, val, &consumed_sz); + if (ret != 0) { + printf ("decoding of %s failed\n", tests[i].name); + ++failures; + } + if (sz != consumed_sz) { + printf ("different length decoding %s (%ld != %ld)\n", + tests[i].name, + (unsigned long)sz, (unsigned long)consumed_sz); + ++failures; + } + if ((*cmp)(val, tests[i].val) != 0) { + printf ("%s: comparison failed\n", tests[i].name); + ++failures; + } + } + free (val); + return failures; +} diff --git a/crypto/heimdal/lib/asn1/check-common.h b/crypto/heimdal/lib/asn1/check-common.h new file mode 100644 index 0000000..52d59cb --- /dev/null +++ b/crypto/heimdal/lib/asn1/check-common.h @@ -0,0 +1,53 @@ +/* + * Copyright (c) 1999 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +struct test_case { + void *val; + int byte_len; + const unsigned char *bytes; + char *name; +}; + +typedef int (*generic_encode)(unsigned char *, size_t, void *, size_t *); +typedef int (*generic_length)(void *); +typedef int (*generic_decode)(unsigned char *, size_t, void *, size_t *); + +int +generic_test (const struct test_case *tests, + unsigned ntests, + size_t data_size, + int (*encode)(unsigned char *, size_t, void *, size_t *), + int (*length)(void *), + int (*decode)(unsigned char *, size_t, void *, size_t *), + int (*cmp)(void *a, void *b)); + diff --git a/crypto/heimdal/lib/asn1/check-der.c b/crypto/heimdal/lib/asn1/check-der.c index 32e474e..7cb0577 100644 --- a/crypto/heimdal/lib/asn1/check-der.c +++ b/crypto/heimdal/lib/asn1/check-der.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -43,95 +43,9 @@ #include <asn1_err.h> #include <der.h> -RCSID("$Id: check-der.c,v 1.8 2002/08/23 03:17:34 assar Exp $"); +#include "check-common.h" -static void -print_bytes (unsigned const char *buf, size_t len) -{ - int i; - - for (i = 0; i < len; ++i) - printf ("%02x ", buf[i]); -} - -struct test_case { - void *val; - int byte_len; - const unsigned char *bytes; - char *name; -}; - -static int -generic_test (const struct test_case *tests, - unsigned ntests, - size_t data_size, - int (*encode)(unsigned char *, size_t, void *, size_t *), - int (*length)(void *), - int (*decode)(unsigned char *, size_t, void *, size_t *), - int (*cmp)(void *a, void *b)) -{ - unsigned char buf[4711]; - int i; - int failures = 0; - void *val = malloc (data_size); - - if (data_size != 0 && val == NULL) - err (1, "malloc"); - - for (i = 0; i < ntests; ++i) { - int ret; - size_t sz, consumed_sz, length_sz; - unsigned char *beg; - - ret = (*encode) (buf + sizeof(buf) - 1, sizeof(buf), - tests[i].val, &sz); - beg = buf + sizeof(buf) - sz; - if (ret != 0) { - printf ("encoding of %s failed\n", tests[i].name); - ++failures; - } - if (sz != tests[i].byte_len) { - printf ("encoding of %s has wrong len (%lu != %lu)\n", - tests[i].name, - (unsigned long)sz, (unsigned long)tests[i].byte_len); - ++failures; - } - - length_sz = (*length) (tests[i].val); - if (sz != length_sz) { - printf ("length for %s is bad (%lu != %lu)\n", - tests[i].name, (unsigned long)length_sz, (unsigned long)sz); - ++failures; - } - - if (memcmp (beg, tests[i].bytes, tests[i].byte_len) != 0) { - printf ("encoding of %s has bad bytes:\n" - "correct: ", tests[i].name); - print_bytes (tests[i].bytes, tests[i].byte_len); - printf ("\nactual: "); - print_bytes (beg, sz); - printf ("\n"); - ++failures; - } - ret = (*decode) (beg, sz, val, &consumed_sz); - if (ret != 0) { - printf ("decoding of %s failed\n", tests[i].name); - ++failures; - } - if (sz != consumed_sz) { - printf ("different length decoding %s (%ld != %ld)\n", - tests[i].name, - (unsigned long)sz, (unsigned long)consumed_sz); - ++failures; - } - if ((*cmp)(val, tests[i].val) != 0) { - printf ("%s: comparison failed\n", tests[i].name); - ++failures; - } - } - free (val); - return failures; -} +RCSID("$Id: check-der.c,v 1.9 2003/01/23 10:19:49 lha Exp $"); static int cmp_integer (void *a, void *b) @@ -170,11 +84,9 @@ test_integer (void) } return generic_test (tests, ntests, sizeof(int), - (int (*)(unsigned char *, size_t, - void *, size_t *))encode_integer, - (int (*)(void *))length_integer, - (int (*)(unsigned char *, size_t, - void *, size_t *))decode_integer, + (generic_encode)encode_integer, + (generic_length) length_integer, + (generic_decode)decode_integer, cmp_integer); } @@ -204,11 +116,9 @@ test_octet_string (void) asprintf (&tests[0].name, "a octet string"); return generic_test (tests, ntests, sizeof(octet_string), - (int (*)(unsigned char *, size_t, - void *, size_t *))encode_octet_string, - (int (*)(void *))length_octet_string, - (int (*)(unsigned char *, size_t, - void *, size_t *))decode_octet_string, + (generic_encode)encode_octet_string, + (generic_length)length_octet_string, + (generic_decode)decode_octet_string, cmp_octet_string); } @@ -235,11 +145,9 @@ test_general_string (void) asprintf (&tests[0].name, "the string \"%s\"", s1); return generic_test (tests, ntests, sizeof(unsigned char *), - (int (*)(unsigned char *, size_t, - void *, size_t *))encode_general_string, - (int (*)(void *))length_general_string, - (int (*)(unsigned char *, size_t, - void *, size_t *))decode_general_string, + (generic_encode)encode_general_string, + (generic_length)length_general_string, + (generic_decode)decode_general_string, cmp_general_string); } @@ -269,11 +177,9 @@ test_generalized_time (void) } return generic_test (tests, ntests, sizeof(time_t), - (int (*)(unsigned char *, size_t, - void *, size_t *))encode_generalized_time, - (int (*)(void *))length_generalized_time, - (int (*)(unsigned char *, size_t, - void *, size_t *))decode_generalized_time, + (generic_encode)encode_generalized_time, + (generic_length)length_generalized_time, + (generic_decode)decode_generalized_time, cmp_generalized_time); } diff --git a/crypto/heimdal/lib/asn1/check-gen.c b/crypto/heimdal/lib/asn1/check-gen.c new file mode 100644 index 0000000..0b0bec9 --- /dev/null +++ b/crypto/heimdal/lib/asn1/check-gen.c @@ -0,0 +1,193 @@ +/* + * Copyright (c) 1999 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif +#include <stdio.h> +#include <string.h> +#include <err.h> +#include <roken.h> + +#include <asn1-common.h> +#include <asn1_err.h> +#include <der.h> +#include <krb5_asn1.h> + +#include "check-common.h" + +RCSID("$Id: check-gen.c,v 1.2.2.1 2003/05/06 16:49:57 joda Exp $"); + +static char *lha_princ[] = { "lha" }; +static char *lharoot_princ[] = { "lha", "root" }; +static char *datan_princ[] = { "host", "nutcracker.e.kth.se" }; + + +#define COMPARE_STRING(ac,bc,e) \ + do { if (strcmp((ac)->e, (bc)->e) != 0) return 1; } while(0) +#define COMPARE_INTEGER(ac,bc,e) \ + do { if ((ac)->e != (bc)->e) return 1; } while(0) +#define COMPARE_MEM(ac,bc,e,len) \ + do { if (memcmp((ac)->e, (bc)->e,len) != 0) return 1; } while(0) + +static int +cmp_principal (void *a, void *b) +{ + Principal *pa = a; + Principal *pb = b; + int i; + + COMPARE_STRING(pa,pb,realm); + COMPARE_INTEGER(pa,pb,name.name_type); + COMPARE_INTEGER(pa,pb,name.name_string.len); + + for (i = 0; i < pa->name.name_string.len; i++) + COMPARE_STRING(pa,pb,name.name_string.val[i]); + + return 0; +} + +static int +test_principal (void) +{ + + struct test_case tests[] = { + { NULL, 29, + (unsigned char*)"\x30\x1b\xa0\x10\x30\x0e\xa0\x03\x02\x01\x01\xa1\x07\x30\x05\x1b" + "\x03\x6c\x68\x61\xa1\x07\x1b\x05\x53\x55\x2e\x53\x45" + }, + { NULL, 35, + (unsigned char*)"\x30\x21\xa0\x16\x30\x14\xa0\x03\x02\x01\x01\xa1\x0d\x30\x0b\x1b" + "\x03\x6c\x68\x61\x1b\x04\x72\x6f\x6f\x74\xa1\x07\x1b\x05\x53\x55" + "\x2e\x53\x45" + }, + { NULL, 54, + (unsigned char*)"\x30\x34\xa0\x26\x30\x24\xa0\x03\x02\x01\x03\xa1\x1d\x30\x1b\x1b" + "\x04\x68\x6f\x73\x74\x1b\x13\x6e\x75\x74\x63\x72\x61\x63\x6b\x65" + "\x72\x2e\x65\x2e\x6b\x74\x68\x2e\x73\x65\xa1\x0a\x1b\x08\x45\x2e" + "\x4b\x54\x48\x2e\x53\x45" + } + }; + + + Principal values[] = { + { { KRB5_NT_PRINCIPAL, { 1, lha_princ } }, "SU.SE" }, + { { KRB5_NT_PRINCIPAL, { 2, lharoot_princ } }, "SU.SE" }, + { { KRB5_NT_SRV_HST, { 2, datan_princ } }, "E.KTH.SE" } + }; + int i; + int ntests = sizeof(tests) / sizeof(*tests); + + for (i = 0; i < ntests; ++i) { + tests[i].val = &values[i]; + asprintf (&tests[i].name, "Principal %d", i); + } + + return generic_test (tests, ntests, sizeof(Principal), + (generic_encode)encode_Principal, + (generic_length)length_Principal, + (generic_decode)decode_Principal, + cmp_principal); +} + +static int +cmp_authenticator (void *a, void *b) +{ + Authenticator *aa = a; + Authenticator *ab = b; + int i; + + COMPARE_INTEGER(aa,ab,authenticator_vno); + COMPARE_STRING(aa,ab,crealm); + + COMPARE_INTEGER(aa,ab,cname.name_type); + COMPARE_INTEGER(aa,ab,cname.name_string.len); + + for (i = 0; i < aa->cname.name_string.len; i++) + COMPARE_STRING(aa,ab,cname.name_string.val[i]); + + return 0; +} + +static int +test_authenticator (void) +{ + struct test_case tests[] = { + { NULL, 63, + (unsigned char*)"\x62\x3d\x30\x3b\xa0\x03\x02\x01\x05\xa1\x0a\x1b\x08" + "\x45\x2e\x4b\x54\x48\x2e\x53\x45\xa2\x10\x30\x0e\xa0" + "\x03\x02\x01\x01\xa1\x07\x30\x05\x1b\x03\x6c\x68\x61" + "\xa4\x03\x02\x01\x0a\xa5\x11\x18\x0f\x31\x39\x37\x30" + "\x30\x31\x30\x31\x30\x30\x30\x31\x33\x39\x5a" + }, + { NULL, 67, + (unsigned char*)"\x62\x41\x30\x3f\xa0\x03\x02\x01\x05\xa1\x07\x1b\x05" + "\x53\x55\x2e\x53\x45\xa2\x16\x30\x14\xa0\x03\x02\x01" + "\x01\xa1\x0d\x30\x0b\x1b\x03\x6c\x68\x61\x1b\x04\x72" + "\x6f\x6f\x74\xa4\x04\x02\x02\x01\x24\xa5\x11\x18\x0f" + "\x31\x39\x37\x30\x30\x31\x30\x31\x30\x30\x31\x36\x33" + "\x39\x5a" + } + }; + + Authenticator values[] = { + { 5, "E.KTH.SE", { KRB5_NT_PRINCIPAL, { 1, lha_princ } }, + NULL, 10, 99, NULL, NULL, NULL }, + { 5, "SU.SE", { KRB5_NT_PRINCIPAL, { 2, lharoot_princ } }, + NULL, 292, 999, NULL, NULL, NULL } + }; + int i; + int ntests = sizeof(tests) / sizeof(*tests); + + for (i = 0; i < ntests; ++i) { + tests[i].val = &values[i]; + asprintf (&tests[i].name, "Authenticator %d", i); + } + + return generic_test (tests, ntests, sizeof(Authenticator), + (generic_encode)encode_Authenticator, + (generic_length)length_Authenticator, + (generic_decode)decode_Authenticator, + cmp_authenticator); +} + +int +main(int argc, char **argv) +{ + int ret = 0; + + ret += test_principal (); + ret += test_authenticator(); + + return ret; +} diff --git a/crypto/heimdal/lib/asn1/der_copy.c b/crypto/heimdal/lib/asn1/der_copy.c index 30027e1..eefc914 100644 --- a/crypto/heimdal/lib/asn1/der_copy.c +++ b/crypto/heimdal/lib/asn1/der_copy.c @@ -33,15 +33,14 @@ #include "der_locl.h" -RCSID("$Id: der_copy.c,v 1.9 2001/09/25 13:39:25 assar Exp $"); +RCSID("$Id: der_copy.c,v 1.10 2003/04/17 07:13:08 lha Exp $"); int copy_general_string (const general_string *from, general_string *to) { - *to = malloc(strlen(*from) + 1); + *to = strdup(*from); if(*to == NULL) return ENOMEM; - strcpy(*to, *from); return 0; } diff --git a/crypto/heimdal/lib/asn1/der_put.c b/crypto/heimdal/lib/asn1/der_put.c index 1dfafdc..41733c5 100644 --- a/crypto/heimdal/lib/asn1/der_put.c +++ b/crypto/heimdal/lib/asn1/der_put.c @@ -33,7 +33,7 @@ #include "der_locl.h" -RCSID("$Id: der_put.c,v 1.27 2001/09/25 23:37:25 assar Exp $"); +RCSID("$Id: der_put.c,v 1.28 2003/04/17 07:12:24 lha Exp $"); /* * All encoding functions take a pointer `p' to first position in @@ -375,15 +375,18 @@ int time2generalizedtime (time_t t, octet_string *s) { struct tm *tm; + size_t len; - s->data = malloc(16); + len = 15; + + s->data = malloc(len + 1); if (s->data == NULL) return ENOMEM; - s->length = 15; + s->length = len; tm = gmtime (&t); - sprintf (s->data, "%04d%02d%02d%02d%02d%02dZ", tm->tm_year + 1900, - tm->tm_mon + 1, tm->tm_mday, tm->tm_hour, tm->tm_min, - tm->tm_sec); + snprintf (s->data, len + 1, "%04d%02d%02d%02d%02d%02dZ", + tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, + tm->tm_hour, tm->tm_min, tm->tm_sec); return 0; } diff --git a/crypto/heimdal/lib/asn1/gen.c b/crypto/heimdal/lib/asn1/gen.c index 5b85a48..8580360 100644 --- a/crypto/heimdal/lib/asn1/gen.c +++ b/crypto/heimdal/lib/asn1/gen.c @@ -33,15 +33,15 @@ #include "gen_locl.h" -RCSID("$Id: gen.c,v 1.49 2002/09/04 15:06:18 joda Exp $"); +RCSID("$Id: gen.c,v 1.50 2003/04/17 07:09:18 lha Exp $"); FILE *headerfile, *codefile, *logfile; #define STEM "asn1" static const char *orig_filename; -static char header[1024]; -static char headerbase[1024] = STEM; +static char *header; +static char *headerbase = STEM; /* * list of all IMPORTs @@ -75,8 +75,8 @@ init_generate (const char *filename, const char *base) { orig_filename = filename; if(base) - strcpy(headerbase, base); - sprintf(header, "%s.h", headerbase); + asprintf(&headerbase, "%s", base); + asprintf(&header, "%s.h", headerbase); headerfile = fopen (header, "w"); if (headerfile == NULL) err (1, "open %s", header); diff --git a/crypto/heimdal/lib/asn1/k5.asn1 b/crypto/heimdal/lib/asn1/k5.asn1 index 53436c8..37c60a8 100644 --- a/crypto/heimdal/lib/asn1/k5.asn1 +++ b/crypto/heimdal/lib/asn1/k5.asn1 @@ -1,4 +1,4 @@ --- $Id: k5.asn1,v 1.27 2002/09/03 17:32:09 joda Exp $ +-- $Id: k5.asn1,v 1.28 2003/01/15 03:13:47 lha Exp $ KERBEROS5 DEFINITIONS ::= BEGIN @@ -70,7 +70,8 @@ CKSUMTYPE ::= INTEGER { CKSUMTYPE_RSA_MD5(7), CKSUMTYPE_RSA_MD5_DES(8), CKSUMTYPE_RSA_MD5_DES3(9), - -- CKSUMTYPE_SHA1(10), + CKSUMTYPE_HMAC_SHA1_96_AES_128(10), + CKSUMTYPE_HMAC_SHA1_96_AES_256(11), CKSUMTYPE_HMAC_SHA1_DES3(12), CKSUMTYPE_SHA1(1000), -- correct value? 10 (9 also) CKSUMTYPE_GSSAPI(0x8003), @@ -90,6 +91,8 @@ ENCTYPE ::= INTEGER { ETYPE_ENCRYPT_RSA_PRIV(9), ETYPE_ENCRYPT_RSA_PUB(10), ETYPE_DES3_CBC_SHA1(16), -- with key derivation + ETYPE_AES128_CTS_HMAC_SHA1_96(17), + ETYPE_AES256_CTS_HMAC_SHA1_96(18), ETYPE_ARCFOUR_HMAC_MD5(23), ETYPE_ARCFOUR_HMAC_MD5_56(24), ETYPE_ENCTYPE_PK_CROSS(48), diff --git a/crypto/heimdal/lib/auth/ChangeLog b/crypto/heimdal/lib/auth/ChangeLog index 1db4a5f..e221178 100644 --- a/crypto/heimdal/lib/auth/ChangeLog +++ b/crypto/heimdal/lib/auth/ChangeLog @@ -1,3 +1,12 @@ +2003-05-08 Love Hörnquist Åstrand <lha@it.su.se> + + * sia/Makefile.am: 1.15->1.16: inline COMPILE since (modern) + automake doesn't add it by itself for some reason + +2003-03-27 Love Hörnquist Åstrand <lha@it.su.se> + + * sia/Makefile.am: libkafs is always built now, lets include it + 2002-05-19 Johan Danielsson <joda@pdc.kth.se> * pam/Makefile.am: set SUFFIXES with += @@ -6,6 +15,11 @@ * pam/Makefile.am: actually build the pam module +2001-09-18 Johan Danielsson <joda@pdc.kth.se> + + * sia/Makefile.am: also don't compress krb5 library, at least + siacfg fails with compressed libraries + 2001-09-13 Assar Westerlund <assar@sics.se> * sia/sia.c: move krb5_error_code inside a ifdef KRB5 diff --git a/crypto/heimdal/lib/auth/Makefile.in b/crypto/heimdal/lib/auth/Makefile.in index 5a41cfd..77a5524 100644 --- a/crypto/heimdal/lib/auth/Makefile.in +++ b/crypto/heimdal/lib/auth/Makefile.in @@ -18,7 +18,7 @@ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -228,10 +229,10 @@ all: all-recursive .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign lib/auth/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) mostlyclean-libtool: @@ -429,7 +430,9 @@ info: info-recursive info-am: -install-data-am: install-data-local +install-data-am: + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: @$(NORMAL_INSTALL) @@ -458,15 +461,15 @@ uninstall-info: uninstall-info-recursive distclean distclean-generic distclean-libtool \ distclean-recursive distclean-tags distdir dvi dvi-am \ dvi-recursive info info-am info-recursive install install-am \ - install-data install-data-am install-data-local \ - install-data-recursive install-exec install-exec-am \ - install-exec-recursive install-info install-info-am \ - install-info-recursive install-man install-recursive \ - install-strip installcheck installcheck-am installdirs \ - installdirs-am installdirs-recursive maintainer-clean \ - maintainer-clean-generic maintainer-clean-recursive mostlyclean \ - mostlyclean-generic mostlyclean-libtool mostlyclean-recursive \ - tags tags-recursive uninstall uninstall-am uninstall-info-am \ + install-data install-data-am install-data-recursive \ + install-exec install-exec-am install-exec-recursive \ + install-info install-info-am install-info-recursive install-man \ + install-recursive install-strip installcheck installcheck-am \ + installdirs installdirs-am installdirs-recursive \ + maintainer-clean maintainer-clean-generic \ + maintainer-clean-recursive mostlyclean mostlyclean-generic \ + mostlyclean-libtool mostlyclean-recursive tags tags-recursive \ + uninstall uninstall-am uninstall-info-am \ uninstall-info-recursive uninstall-recursive @@ -593,7 +596,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/lib/auth/afskauthlib/Makefile.in b/crypto/heimdal/lib/auth/afskauthlib/Makefile.in index f97a1f0..b332159 100644 --- a/crypto/heimdal/lib/auth/afskauthlib/Makefile.in +++ b/crypto/heimdal/lib/auth/afskauthlib/Makefile.in @@ -18,7 +18,7 @@ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -251,10 +252,10 @@ all: all-am .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .o -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign lib/auth/afskauthlib/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) mostlyclean-libtool: @@ -365,7 +366,9 @@ info: info-am info-am: -install-data-am: install-data-local install-fooDATA +install-data-am: install-fooDATA + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: @$(NORMAL_INSTALL) @@ -390,13 +393,12 @@ uninstall-am: uninstall-fooDATA uninstall-info-am .PHONY: all all-am all-local check check-am check-local clean \ clean-generic clean-libtool distclean distclean-generic \ distclean-libtool distdir dvi dvi-am info info-am install \ - install-am install-data install-data-am install-data-local \ - install-exec install-exec-am install-fooDATA install-info \ - install-info-am install-man install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-generic \ - mostlyclean-libtool uninstall uninstall-am uninstall-fooDATA \ - uninstall-info-am + install-am install-data install-data-am install-exec \ + install-exec-am install-fooDATA install-info install-info-am \ + install-man install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-generic mostlyclean-libtool uninstall \ + uninstall-am uninstall-fooDATA uninstall-info-am install-suid-programs: @@ -522,7 +524,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/lib/auth/pam/Makefile.in b/crypto/heimdal/lib/auth/pam/Makefile.in index e21bf7c..0356846 100644 --- a/crypto/heimdal/lib/auth/pam/Makefile.in +++ b/crypto/heimdal/lib/auth/pam/Makefile.in @@ -18,7 +18,7 @@ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -193,7 +194,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -258,10 +259,10 @@ all: all-am .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .o -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign lib/auth/pam/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) mostlyclean-libtool: @@ -372,7 +373,9 @@ info: info-am info-am: -install-data-am: install-data-local install-fooDATA +install-data-am: install-fooDATA + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: @$(NORMAL_INSTALL) @@ -397,13 +400,12 @@ uninstall-am: uninstall-fooDATA uninstall-info-am .PHONY: all all-am all-local check check-am check-local clean \ clean-generic clean-libtool distclean distclean-generic \ distclean-libtool distdir dvi dvi-am info info-am install \ - install-am install-data install-data-am install-data-local \ - install-exec install-exec-am install-fooDATA install-info \ - install-info-am install-man install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-generic \ - mostlyclean-libtool uninstall uninstall-am uninstall-fooDATA \ - uninstall-info-am + install-am install-data install-data-am install-exec \ + install-exec-am install-fooDATA install-info install-info-am \ + install-man install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-generic mostlyclean-libtool uninstall \ + uninstall-am uninstall-fooDATA uninstall-info-am install-suid-programs: @@ -529,7 +531,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/lib/auth/sia/Makefile.am b/crypto/heimdal/lib/auth/sia/Makefile.am index 3182c68..30bf011 100644 --- a/crypto/heimdal/lib/auth/sia/Makefile.am +++ b/crypto/heimdal/lib/auth/sia/Makefile.am @@ -1,4 +1,4 @@ -# $Id: Makefile.am,v 1.14 2001/09/18 13:04:15 joda Exp $ +# $Id: Makefile.am,v 1.15.2.1 2003/05/08 10:31:48 lha Exp $ include $(top_srcdir)/Makefile.am.common @@ -12,10 +12,8 @@ DEFS = @DEFS@ ## unconditionally build shared libraries, and it does not allow us to ## link with non-installed libraries -if KRB4 KAFS=$(top_builddir)/lib/kafs/.libs/libkafs.a KAFS_S=$(top_builddir)/lib/kafs/.libs/libkafs.so -endif if KRB5 L = \ @@ -106,5 +104,9 @@ CLEANFILES = $(MOD) $(OBJS) so_locations SUFFIXES += .c .o +# XXX inline COMPILE since automake wont add it + .c.o: - $(COMPILE) -c $< + $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) \ + -c `test -f '$<' || echo '$(srcdir)/'`$< diff --git a/crypto/heimdal/lib/auth/sia/Makefile.in b/crypto/heimdal/lib/auth/sia/Makefile.in index 95c2e83..0999ee5 100644 --- a/crypto/heimdal/lib/auth/sia/Makefile.in +++ b/crypto/heimdal/lib/auth/sia/Makefile.in @@ -14,11 +14,11 @@ @SET_MAKE@ -# $Id: Makefile.am,v 1.14 2001/09/18 13:04:15 joda Exp $ +# $Id: Makefile.am,v 1.15.2.1 2003/05/08 10:31:48 lha Exp $ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -193,7 +194,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -204,8 +205,8 @@ NROFF_MAN = groff -mandoc -Tascii DEFS = @DEFS@ -@KRB4_TRUE@KAFS = $(top_builddir)/lib/kafs/.libs/libkafs.a -@KRB4_TRUE@KAFS_S = $(top_builddir)/lib/kafs/.libs/libkafs.so +KAFS = $(top_builddir)/lib/kafs/.libs/libkafs.a +KAFS_S = $(top_builddir)/lib/kafs/.libs/libkafs.so @KRB5_TRUE@L = \ @KRB5_TRUE@ $(KAFS) \ @@ -288,10 +289,10 @@ all: all-am .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .o -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign lib/auth/sia/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) mostlyclean-libtool: @@ -402,7 +403,9 @@ info: info-am info-am: -install-data-am: install-data-local install-fooDATA +install-data-am: install-fooDATA + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: @$(NORMAL_INSTALL) @@ -427,13 +430,12 @@ uninstall-am: uninstall-fooDATA uninstall-info-am .PHONY: all all-am all-local check check-am check-local clean \ clean-generic clean-libtool distclean distclean-generic \ distclean-libtool distdir dvi dvi-am info info-am install \ - install-am install-data install-data-am install-data-local \ - install-exec install-exec-am install-fooDATA install-info \ - install-info-am install-man install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-generic \ - mostlyclean-libtool uninstall uninstall-am uninstall-fooDATA \ - uninstall-info-am + install-am install-data install-data-am install-exec \ + install-exec-am install-fooDATA install-info install-info-am \ + install-man install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-generic mostlyclean-libtool uninstall \ + uninstall-am uninstall-fooDATA uninstall-info-am install-suid-programs: @@ -559,7 +561,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< @@ -590,8 +592,12 @@ libsia_krb4.so: $(OBJS) fi ostrip -x $@ +# XXX inline COMPILE since automake wont add it + .c.o: - $(COMPILE) -c $< + $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) \ + -c `test -f '$<' || echo '$(srcdir)/'`$< # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/lib/com_err/Makefile.in b/crypto/heimdal/lib/com_err/Makefile.in index 34dc1c4..08fdafe 100644 --- a/crypto/heimdal/lib/com_err/Makefile.in +++ b/crypto/heimdal/lib/com_err/Makefile.in @@ -18,7 +18,7 @@ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -268,10 +269,10 @@ all: all-am .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .l .lo .o .obj .y -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign lib/com_err/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) libLTLIBRARIES_INSTALL = $(INSTALL) install-libLTLIBRARIES: $(lib_LTLIBRARIES) @@ -515,7 +516,9 @@ info: info-am info-am: -install-data-am: install-data-local install-includeHEADERS +install-data-am: install-includeHEADERS + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: install-binPROGRAMS install-libLTLIBRARIES @$(NORMAL_INSTALL) @@ -544,7 +547,7 @@ uninstall-am: uninstall-binPROGRAMS uninstall-includeHEADERS \ clean-libtool distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am info \ info-am install install-am install-binPROGRAMS install-data \ - install-data-am install-data-local install-exec install-exec-am \ + install-data-am install-exec install-exec-am \ install-includeHEADERS install-info install-info-am \ install-libLTLIBRARIES install-man install-strip installcheck \ installcheck-am installdirs maintainer-clean \ @@ -677,7 +680,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/lib/gssapi/8003.c b/crypto/heimdal/lib/gssapi/8003.c index 03992a4..677a25a 100644 --- a/crypto/heimdal/lib/gssapi/8003.c +++ b/crypto/heimdal/lib/gssapi/8003.c @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: 8003.c,v 1.11 2002/03/10 23:47:39 assar Exp $"); +RCSID("$Id: 8003.c,v 1.12 2002/10/31 14:38:49 joda Exp $"); static krb5_error_code encode_om_uint32(OM_uint32 n, u_char *p) @@ -100,56 +100,56 @@ gssapi_krb5_create_8003_checksum ( const krb5_data *fwd_data, Checksum *result) { - u_char *p; - - /* - * see rfc1964 (section 1.1.1 (Initial Token), and the checksum value - * field's format) */ - result->cksumtype = 0x8003; - if (fwd_data->length > 0 && (flags & GSS_C_DELEG_FLAG)) - result->checksum.length = 24 + 4 + fwd_data->length; - else - result->checksum.length = 24; - result->checksum.data = malloc (result->checksum.length); - if (result->checksum.data == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } + u_char *p; + + /* + * see rfc1964 (section 1.1.1 (Initial Token), and the checksum value + * field's format) */ + result->cksumtype = 0x8003; + if (fwd_data->length > 0 && (flags & GSS_C_DELEG_FLAG)) + result->checksum.length = 24 + 4 + fwd_data->length; + else + result->checksum.length = 24; + result->checksum.data = malloc (result->checksum.length); + if (result->checksum.data == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } - p = result->checksum.data; - encode_om_uint32 (16, p); - p += 4; - if (input_chan_bindings == GSS_C_NO_CHANNEL_BINDINGS) { - memset (p, 0, 16); - } else { - hash_input_chan_bindings (input_chan_bindings, p); - } - p += 16; - encode_om_uint32 (flags, p); - p += 4; - - if (fwd_data->length > 0 && (flags & GSS_C_DELEG_FLAG)) { + p = result->checksum.data; + encode_om_uint32 (16, p); + p += 4; + if (input_chan_bindings == GSS_C_NO_CHANNEL_BINDINGS) { + memset (p, 0, 16); + } else { + hash_input_chan_bindings (input_chan_bindings, p); + } + p += 16; + encode_om_uint32 (flags, p); + p += 4; + + if (fwd_data->length > 0 && (flags & GSS_C_DELEG_FLAG)) { #if 0 - u_char *tmp; + u_char *tmp; - result->checksum.length = 28 + fwd_data->length; - tmp = realloc(result->checksum.data, result->checksum.length); - if (tmp == NULL) - return ENOMEM; - result->checksum.data = tmp; + result->checksum.length = 28 + fwd_data->length; + tmp = realloc(result->checksum.data, result->checksum.length); + if (tmp == NULL) + return ENOMEM; + result->checksum.data = tmp; - p = (u_char*)result->checksum.data + 24; + p = (u_char*)result->checksum.data + 24; #endif - *p++ = (1 >> 0) & 0xFF; /* DlgOpt */ /* == 1 */ - *p++ = (1 >> 8) & 0xFF; /* DlgOpt */ /* == 0 */ - *p++ = (fwd_data->length >> 0) & 0xFF; /* Dlgth */ - *p++ = (fwd_data->length >> 8) & 0xFF; /* Dlgth */ - memcpy(p, (unsigned char *) fwd_data->data, fwd_data->length); - - p += fwd_data->length; - } + *p++ = (1 >> 0) & 0xFF; /* DlgOpt */ /* == 1 */ + *p++ = (1 >> 8) & 0xFF; /* DlgOpt */ /* == 0 */ + *p++ = (fwd_data->length >> 0) & 0xFF; /* Dlgth */ + *p++ = (fwd_data->length >> 8) & 0xFF; /* Dlgth */ + memcpy(p, (unsigned char *) fwd_data->data, fwd_data->length); + + p += fwd_data->length; + } - return GSS_S_COMPLETE; + return GSS_S_COMPLETE; } /* @@ -172,7 +172,7 @@ gssapi_krb5_verify_8003_checksum( static unsigned char zeros[16]; /* XXX should handle checksums > 24 bytes */ - if(cksum->cksumtype != 0x8003) { + if(cksum->cksumtype != 0x8003 || cksum->checksum.length < 24) { *minor_status = 0; return GSS_S_BAD_BINDINGS; } @@ -201,27 +201,33 @@ gssapi_krb5_verify_8003_checksum( p += sizeof(hash); decode_om_uint32(p, flags); + p += 4; if (cksum->checksum.length > 24 && (*flags & GSS_C_DELEG_FLAG)) { + if(cksum->checksum.length < 28) { + *minor_status = 0; + return GSS_S_BAD_BINDINGS; + } - p += 4; - - DlgOpt = (p[0] << 0) | (p[1] << 8 ); - if (DlgOpt != 1) { - *minor_status = 0; - return GSS_S_BAD_BINDINGS; - } - - p += 2; - fwd_data->length = (p[0] << 0) | (p[1] << 8); - fwd_data->data = malloc(fwd_data->length); - if (fwd_data->data == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - p += 2; - memcpy(fwd_data->data, p, fwd_data->length); + DlgOpt = (p[0] << 0) | (p[1] << 8); + p += 2; + if (DlgOpt != 1) { + *minor_status = 0; + return GSS_S_BAD_BINDINGS; + } + + fwd_data->length = (p[0] << 0) | (p[1] << 8); + p += 2; + if(cksum->checksum.length < 28 + fwd_data->length) { + *minor_status = 0; + return GSS_S_BAD_BINDINGS; + } + fwd_data->data = malloc(fwd_data->length); + if (fwd_data->data == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + memcpy(fwd_data->data, p, fwd_data->length); } return GSS_S_COMPLETE; diff --git a/crypto/heimdal/lib/gssapi/ChangeLog b/crypto/heimdal/lib/gssapi/ChangeLog index cd9d9c1..d08f72b 100644 --- a/crypto/heimdal/lib/gssapi/ChangeLog +++ b/crypto/heimdal/lib/gssapi/ChangeLog @@ -1,3 +1,260 @@ +2003-05-07 Love Hörnquist Åstrand <lha@it.su.se> + + * gssapi.h: 1.27->1.28: + if __cplusplus, wrap the extern variable (just to be safe) and + functions in extern "C" { } + +2003-04-30 Love Hörnquist Åstrand <lha@it.su.se> + + * gssapi.3: more about the des3 mic mess + + * verify_mic.c 1.19->1.20 : (verify_mic_des3): always check if the + mic is the correct mic or the mic that old heimdal would have + generated + +2003-04-29 Jacques Vidrine <nectar@kth.se> + + * verify_mic.c: 1.18->1.19: verify_mic_des3: If MIC verification + fails, retry using the `old' MIC computation (with zero IV). + +2003-04-28 Love Hörnquist Åstrand <lha@it.su.se> + + * compat.c (_gss_DES3_get_mic_compat): default to use compat + + * gssapi.3: 1.5->1.6: document [gssapi]correct_des3_mic and + [gssapi]broken_des3_mic + + * compat.c: 1.2->1.4: + (gss_krb5_compat_des3_mci): return a value + (gss_krb5_compat_des3_mic): enable turning on/off des3 mic compat + (_gss_DES3_get_mic_compat): handle [gssapi]correct_des3_mic too + + * gssapi.h: 1.26->1.27: + (gss_krb5_compat_des3_mic): new function, turn on/off des3 mic compat + (GSS_C_KRB5_COMPAT_DES3_MIC): cpp symbol that exists if + gss_krb5_compat_des3_mic exists + +2003-04-23 Love Hörnquist Åstrand <lha@it.su.se> + + * Makefile.am: 1.44->1.45: test_acquire_cred_LDADD: use + libgssapi.la not ./libgssapi.la (makes make -jN work) + +2003-04-16 Love Hörnquist Åstrand <lha@it.su.se> + + * gssapi.3: spelling + + * gss_acquire_cred.3: Change .Fd #include <header.h> to .In + header.h, from Thomas Klausner <wiz@netbsd.org> + + +2003-04-06 Love Hörnquist Åstrand <lha@it.su.se> + + * gss_acquire_cred.3: spelling + + * Makefile.am: remove stuff that sneaked in with last commit + + * acquire_cred.c (acquire_initiator_cred): if the requested name + isn't in the ccache, also check keytab. Extact the krbtgt for the + default realm to check how long the credentials will last. + + * add_cred.c (gss_add_cred): don't create a new ccache, just open + the old one; better check if output handle is compatible with new + (copied) handle + + * test_acquire_cred.c: test gss_add_cred too + +2003-04-03 Love Hörnquist Åstrand <lha@it.su.se> + + * Makefile.am: build test_acquire_cred + + * test_acquire_cred.c: simple gss_acquire_cred test + +2003-04-02 Love Hörnquist Åstrand <lha@it.su.se> + + * gss_acquire_cred.3: s/gssapi/GSS-API/ + +2003-03-19 Love Hörnquist Åstrand <lha@it.su.se> + + * gss_acquire_cred.3: document v1 interface (and that they are + obsolete) + +2003-03-18 Love Hörnquist Åstrand <lha@it.su.se> + + * gss_acquire_cred.3: list supported mechanism and nametypes + +2003-03-16 Love Hörnquist Åstrand <lha@it.su.se> + + * gss_acquire_cred.3: text about gss_display_name + + * Makefile.am (libgssapi_la_LDFLAGS): bump to 3:6:2 + (libgssapi_la_SOURCES): add all new functions + + * gssapi.3: now that we have a functions, uncomment the missing + ones + + * gss_acquire_cred.3: now that we have a functions, uncomment the + missing ones + + * process_context_token.c: implement gss_process_context_token + + * inquire_names_for_mech.c: implement gss_inquire_names_for_mech + + * inquire_mechs_for_name.c: implement gss_inquire_mechs_for_name + + * inquire_cred_by_mech.c: implement gss_inquire_cred_by_mech + + * add_cred.c: implement gss_add_cred + + * acquire_cred.c (gss_acquire_cred): more testing of input + argument, make sure output arguments are ok, since we don't know + the time_rec (for now), set it to time_req + + * export_sec_context.c: send lifetime, also set minor_status + + * get_mic.c: set minor_status + + * import_sec_context.c (gss_import_sec_context): add error + checking, pick up lifetime (if there is no lifetime, use + GSS_C_INDEFINITE) + + * init_sec_context.c: take care to set export value to something + sane before we start so caller will have harmless values in them + if then function fails + + * release_buffer.c (gss_release_buffer): set minor_status + + * wrap.c: make sure minor_status get set + + * verify_mic.c (gss_verify_mic_internal): rename verify_mic to + gss_verify_mic_internal and let it take the type as an argument, + (gss_verify_mic): call gss_verify_mic_internal + set minor_status + + * unwrap.c: set minor_status + + * test_oid_set_member.c (gss_test_oid_set_member): use + gss_oid_equal + + * release_oid_set.c (gss_release_oid_set): set minor_status + + * release_name.c (gss_release_name): set minor_status + + * release_cred.c (gss_release_cred): set minor_status + + * add_oid_set_member.c (gss_add_oid_set_member): set minor_status + + * compare_name.c (gss_compare_name): set minor_status + + * compat.c (check_compat): make sure ret have a defined value + + * context_time.c (gss_context_time): set minor_status + + * copy_ccache.c (gss_krb5_copy_ccache): set minor_status + + * create_emtpy_oid_set.c (gss_create_empty_oid_set): set + minor_status + + * delete_sec_context.c (gss_delete_sec_context): set minor_status + + * display_name.c (gss_display_name): set minor_status + + * display_status.c (gss_display_status): use gss_oid_equal, handle + supplementary errors + + * duplicate_name.c (gss_duplicate_name): set minor_status + + * inquire_context.c (gss_inquire_context): set lifetime_rec now + when we know it, set minor_status + + * inquire_cred.c (gss_inquire_cred): take care to set export value + to something sane before we start so caller will have harmless + values in them if the function fails + + * accept_sec_context.c (gss_accept_sec_context): take care to set + export value to something sane before we start so caller will have + harmless values in them if then function fails, set lifetime from + ticket expiration date + + * indicate_mechs.c (gss_indicate_mechs): use + gss_create_empty_oid_set and gss_add_oid_set_member + + * gssapi.h (gss_ctx_id_t_desc): store the lifetime in the cred, + since there is no ticket transfered in the exported context + + * export_name.c (gss_export_name): export name with + GSS_C_NT_EXPORT_NAME wrapping, not just the principal + + * import_name.c (import_export_name): new function, parses a + GSS_C_NT_EXPORT_NAME + (import_krb5_name): factor out common code of parsing krb5 name + (gss_oid_equal): rename from oid_equal + + * gssapi_locl.h: add prototypes for gss_oid_equal and + gss_verify_mic_internal + + * gssapi.h: comment out the argument names + +2003-03-15 Love Hörnquist Åstrand <lha@it.su.se> + + * gssapi.3: add LIST OF FUNCTIONS and copyright/license + + * Makefile.am: s/gss_aquire_cred.3/gss_acquire_cred.3/ + + * Makefile.am: man_MANS += gss_aquire_cred.3 + +2003-03-14 Love Hörnquist Åstrand <lha@it.su.se> + + * gss_aquire_cred.3: the gssapi api manpage + +2003-03-03 Love Hörnquist Åstrand <lha@it.su.se> + + * inquire_context.c: (gss_inquire_context): rename argument open + to open_context + + * gssapi.h (gss_inquire_context): rename argument open to open_context + +2003-02-27 Love Hörnquist Åstrand <lha@it.su.se> + + * init_sec_context.c (do_delegation): remove unused variable + subkey + + * gssapi.3: all 0.5.x version had broken token delegation + +2003-02-21 Love Hörnquist Åstrand <lha@it.su.se> + + * (init_auth): only generate one subkey + +2003-01-27 Love Hörnquist Åstrand <lha@it.su.se> + + * verify_mic.c (verify_mic_des3): fix 3des verify_mic to conform + to rfc (and mit kerberos), provide backward compat hook + + * get_mic.c (mic_des3): fix 3des get_mic to conform to rfc (and + mit kerberos), provide backward compat hook + + * init_sec_context.c (init_auth): check if we need compat for + older get_mic/verify_mic + + * gssapi_locl.h: add prototype for _gss_DES3_get_mic_compat + + * gssapi.h (more_flags): add COMPAT_OLD_DES3 + + * Makefile.am: add gssapi.3 and compat.c + + * gssapi.3: add gssapi COMPATIBILITY documentation + + * accept_sec_context.c (gss_accept_sec_context): check if we need + compat for older get_mic/verify_mic + + * compat.c: check for compatiblity with other heimdal's 3des + get_mic/verify_mic + +2002-10-31 Johan Danielsson <joda@pdc.kth.se> + + * check return value from gssapi_krb5_init + + * 8003.c (gssapi_krb5_verify_8003_checksum): check size of input + 2002-09-03 Johan Danielsson <joda@pdc.kth.se> * wrap.c (wrap_des3): use ETYPE_DES3_CBC_NONE diff --git a/crypto/heimdal/lib/gssapi/Makefile.am b/crypto/heimdal/lib/gssapi/Makefile.am index 95ad40c..6d232e5 100644 --- a/crypto/heimdal/lib/gssapi/Makefile.am +++ b/crypto/heimdal/lib/gssapi/Makefile.am @@ -1,22 +1,26 @@ -# $Id: Makefile.am,v 1.38 2002/03/22 12:16:17 joda Exp $ +# $Id: Makefile.am,v 1.44.2.5 2003/05/12 15:20:46 joda Exp $ include $(top_srcdir)/Makefile.am.common INCLUDES += -I$(srcdir)/../krb5 $(INCLUDE_des) $(INCLUDE_krb4) lib_LTLIBRARIES = libgssapi.la -libgssapi_la_LDFLAGS = -version-info 3:5:2 +libgssapi_la_LDFLAGS = -version-info 4:0:3 libgssapi_la_LIBADD = ../krb5/libkrb5.la $(LIB_des) ../asn1/libasn1.la ../roken/libroken.la +man_MANS = gssapi.3 gss_acquire_cred.3 + include_HEADERS = gssapi.h libgssapi_la_SOURCES = \ 8003.c \ accept_sec_context.c \ acquire_cred.c \ + add_cred.c \ add_oid_set_member.c \ canonicalize_name.c \ compare_name.c \ + compat.c \ context_time.c \ copy_ccache.c \ create_emtpy_oid_set.c \ @@ -39,13 +43,23 @@ libgssapi_la_SOURCES = \ init_sec_context.c \ inquire_context.c \ inquire_cred.c \ + inquire_cred_by_mech.c \ + inquire_mechs_for_name.c \ + inquire_names_for_mech.c \ release_buffer.c \ release_cred.c \ release_name.c \ release_oid_set.c \ + process_context_token.c \ test_oid_set_member.c \ unwrap.c \ v1.c \ verify_mic.c \ wrap.c \ address_to_krb5addr.c + +#noinst_PROGRAMS = test_acquire_cred + +#test_acquire_cred_SOURCES = test_acquire_cred.c + +#test_acquire_cred_LDADD = libgssapi.la diff --git a/crypto/heimdal/lib/gssapi/Makefile.in b/crypto/heimdal/lib/gssapi/Makefile.in index c053595..7ce1a6e 100644 --- a/crypto/heimdal/lib/gssapi/Makefile.in +++ b/crypto/heimdal/lib/gssapi/Makefile.in @@ -14,11 +14,11 @@ @SET_MAKE@ -# $Id: Makefile.am,v 1.38 2002/03/22 12:16:17 joda Exp $ +# $Id: Makefile.am,v 1.44.2.5 2003/05/12 15:20:46 joda Exp $ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -202,18 +203,22 @@ NROFF_MAN = groff -mandoc -Tascii @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la lib_LTLIBRARIES = libgssapi.la -libgssapi_la_LDFLAGS = -version-info 3:5:2 +libgssapi_la_LDFLAGS = -version-info 4:0:3 libgssapi_la_LIBADD = ../krb5/libkrb5.la $(LIB_des) ../asn1/libasn1.la ../roken/libroken.la +man_MANS = gssapi.3 gss_acquire_cred.3 + include_HEADERS = gssapi.h libgssapi_la_SOURCES = \ 8003.c \ accept_sec_context.c \ acquire_cred.c \ + add_cred.c \ add_oid_set_member.c \ canonicalize_name.c \ compare_name.c \ + compat.c \ context_time.c \ copy_ccache.c \ create_emtpy_oid_set.c \ @@ -236,10 +241,14 @@ libgssapi_la_SOURCES = \ init_sec_context.c \ inquire_context.c \ inquire_cred.c \ + inquire_cred_by_mech.c \ + inquire_mechs_for_name.c \ + inquire_names_for_mech.c \ release_buffer.c \ release_cred.c \ release_name.c \ release_oid_set.c \ + process_context_token.c \ test_oid_set_member.c \ unwrap.c \ v1.c \ @@ -256,16 +265,19 @@ LTLIBRARIES = $(lib_LTLIBRARIES) libgssapi_la_DEPENDENCIES = ../krb5/libkrb5.la ../asn1/libasn1.la \ ../roken/libroken.la am_libgssapi_la_OBJECTS = 8003.lo accept_sec_context.lo acquire_cred.lo \ - add_oid_set_member.lo canonicalize_name.lo compare_name.lo \ - context_time.lo copy_ccache.lo create_emtpy_oid_set.lo \ - decapsulate.lo delete_sec_context.lo display_name.lo \ - display_status.lo duplicate_name.lo encapsulate.lo \ - export_sec_context.lo export_name.lo external.lo get_mic.lo \ - import_name.lo import_sec_context.lo indicate_mechs.lo init.lo \ - init_sec_context.lo inquire_context.lo inquire_cred.lo \ + add_cred.lo add_oid_set_member.lo canonicalize_name.lo \ + compare_name.lo compat.lo context_time.lo copy_ccache.lo \ + create_emtpy_oid_set.lo decapsulate.lo delete_sec_context.lo \ + display_name.lo display_status.lo duplicate_name.lo \ + encapsulate.lo export_sec_context.lo export_name.lo external.lo \ + get_mic.lo import_name.lo import_sec_context.lo \ + indicate_mechs.lo init.lo init_sec_context.lo \ + inquire_context.lo inquire_cred.lo inquire_cred_by_mech.lo \ + inquire_mechs_for_name.lo inquire_names_for_mech.lo \ release_buffer.lo release_cred.lo release_name.lo \ - release_oid_set.lo test_oid_set_member.lo unwrap.lo v1.lo \ - verify_mic.lo wrap.lo address_to_krb5addr.lo + release_oid_set.lo process_context_token.lo \ + test_oid_set_member.lo unwrap.lo v1.lo verify_mic.lo wrap.lo \ + address_to_krb5addr.lo libgssapi_la_OBJECTS = $(am_libgssapi_la_OBJECTS) DEFS = @DEFS@ @@ -284,6 +296,7 @@ LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(AM_LDFLAGS) $(LDFLAGS) -o $@ CFLAGS = @CFLAGS@ DIST_SOURCES = $(libgssapi_la_SOURCES) +MANS = $(man_MANS) HEADERS = $(include_HEADERS) DIST_COMMON = $(include_HEADERS) ChangeLog Makefile.am Makefile.in @@ -293,10 +306,10 @@ all: all-am .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign lib/gssapi/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) libLTLIBRARIES_INSTALL = $(INSTALL) install-libLTLIBRARIES: $(lib_LTLIBRARIES) @@ -347,6 +360,45 @@ clean-libtool: distclean-libtool: -rm -f libtool uninstall-info-am: + +man3dir = $(mandir)/man3 +install-man3: $(man3_MANS) $(man_MANS) + @$(NORMAL_INSTALL) + $(mkinstalldirs) $(DESTDIR)$(man3dir) + @list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \ + l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ + for i in $$l2; do \ + case "$$i" in \ + *.3*) list="$$list $$i" ;; \ + esac; \ + done; \ + for i in $$list; do \ + if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ + else file=$$i; fi; \ + ext=`echo $$i | sed -e 's/^.*\\.//'`; \ + inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ + inst=`echo $$inst | sed -e 's/^.*\///'`; \ + inst=`echo $$inst | sed '$(transform)'`.$$ext; \ + echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man3dir)/$$inst"; \ + $(INSTALL_DATA) $$file $(DESTDIR)$(man3dir)/$$inst; \ + done +uninstall-man3: + @$(NORMAL_UNINSTALL) + @list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \ + l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ + for i in $$l2; do \ + case "$$i" in \ + *.3*) list="$$list $$i" ;; \ + esac; \ + done; \ + for i in $$list; do \ + ext=`echo $$i | sed -e 's/^.*\\.//'`; \ + inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ + inst=`echo $$inst | sed -e 's/^.*\///'`; \ + inst=`echo $$inst | sed '$(transform)'`.$$ext; \ + echo " rm -f $(DESTDIR)$(man3dir)/$$inst"; \ + rm -f $(DESTDIR)$(man3dir)/$$inst; \ + done includeHEADERS_INSTALL = $(INSTALL_HEADER) install-includeHEADERS: $(include_HEADERS) @$(NORMAL_INSTALL) @@ -433,10 +485,10 @@ distdir: $(DISTFILES) check-am: all-am $(MAKE) $(AM_MAKEFLAGS) check-local check: check-am -all-am: Makefile $(LTLIBRARIES) $(HEADERS) all-local +all-am: Makefile $(LTLIBRARIES) $(MANS) $(HEADERS) all-local installdirs: - $(mkinstalldirs) $(DESTDIR)$(libdir) $(DESTDIR)$(includedir) + $(mkinstalldirs) $(DESTDIR)$(libdir) $(DESTDIR)$(man3dir) $(DESTDIR)$(includedir) install: install-am install-exec: install-exec-am @@ -480,7 +532,9 @@ info: info-am info-am: -install-data-am: install-data-local install-includeHEADERS +install-data-am: install-includeHEADERS install-man + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: install-libLTLIBRARIES @$(NORMAL_INSTALL) @@ -488,7 +542,7 @@ install-exec-am: install-libLTLIBRARIES install-info: install-info-am -install-man: +install-man: install-man3 installcheck-am: @@ -502,20 +556,23 @@ mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool uninstall-am: uninstall-includeHEADERS uninstall-info-am \ - uninstall-libLTLIBRARIES + uninstall-libLTLIBRARIES uninstall-man + +uninstall-man: uninstall-man3 .PHONY: GTAGS all all-am all-local check check-am check-local clean \ clean-generic clean-libLTLIBRARIES clean-libtool distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am info info-am install \ - install-am install-data install-data-am install-data-local \ - install-exec install-exec-am install-includeHEADERS \ - install-info install-info-am install-libLTLIBRARIES install-man \ + install-am install-data install-data-am install-exec \ + install-exec-am install-includeHEADERS install-info \ + install-info-am install-libLTLIBRARIES install-man install-man3 \ install-strip installcheck installcheck-am installdirs \ maintainer-clean maintainer-clean-generic mostlyclean \ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ tags uninstall uninstall-am uninstall-includeHEADERS \ - uninstall-info-am uninstall-libLTLIBRARIES + uninstall-info-am uninstall-libLTLIBRARIES uninstall-man \ + uninstall-man3 install-suid-programs: @@ -641,12 +698,18 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< .et.c: $(COMPILE_ET) $< + +#noinst_PROGRAMS = test_acquire_cred + +#test_acquire_cred_SOURCES = test_acquire_cred.c + +#test_acquire_cred_LDADD = libgssapi.la # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/lib/gssapi/accept_sec_context.c b/crypto/heimdal/lib/gssapi/accept_sec_context.c index 23eb769..62a0573 100644 --- a/crypto/heimdal/lib/gssapi/accept_sec_context.c +++ b/crypto/heimdal/lib/gssapi/accept_sec_context.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,12 +33,12 @@ #include "gssapi_locl.h" -RCSID("$Id: accept_sec_context.c,v 1.30 2001/08/29 02:21:09 assar Exp $"); +RCSID("$Id: accept_sec_context.c,v 1.33 2003/03/16 17:41:12 lha Exp $"); krb5_keytab gssapi_krb5_keytab; OM_uint32 -gsskrb5_register_acceptor_identity (char *identity) +gsskrb5_register_acceptor_identity (const char *identity) { krb5_error_code ret; char *p; @@ -76,347 +76,356 @@ gss_accept_sec_context gss_cred_id_t * delegated_cred_handle ) { - krb5_error_code kret; - OM_uint32 ret; - krb5_data indata; - krb5_flags ap_options; - OM_uint32 flags; - krb5_ticket *ticket = NULL; - krb5_keytab keytab = NULL; - krb5_data fwd_data; - OM_uint32 minor; - - ret = 0; - gssapi_krb5_init (); - - krb5_data_zero (&fwd_data); - output_token->length = 0; - output_token->value = NULL; - - if (*context_handle == GSS_C_NO_CONTEXT) { - *context_handle = malloc(sizeof(**context_handle)); + krb5_error_code kret; + OM_uint32 ret = GSS_S_COMPLETE; + krb5_data indata; + krb5_flags ap_options; + OM_uint32 flags; + krb5_ticket *ticket = NULL; + krb5_keytab keytab = NULL; + krb5_data fwd_data; + OM_uint32 minor; + + GSSAPI_KRB5_INIT(); + + krb5_data_zero (&fwd_data); + output_token->length = 0; + output_token->value = NULL; + + if (src_name != NULL) + *src_name = NULL; + if (mech_type) + *mech_type = GSS_KRB5_MECHANISM; + if (*context_handle == GSS_C_NO_CONTEXT) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; + *context_handle = malloc(sizeof(**context_handle)); + if (*context_handle == GSS_C_NO_CONTEXT) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + } + + (*context_handle)->auth_context = NULL; + (*context_handle)->source = NULL; + (*context_handle)->target = NULL; + (*context_handle)->flags = 0; + (*context_handle)->more_flags = 0; + (*context_handle)->ticket = NULL; + (*context_handle)->lifetime = GSS_C_INDEFINITE; + + kret = krb5_auth_con_init (gssapi_krb5_context, + &(*context_handle)->auth_context); + if (kret) { + ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); + goto failure; } - } - - (*context_handle)->auth_context = NULL; - (*context_handle)->source = NULL; - (*context_handle)->target = NULL; - (*context_handle)->flags = 0; - (*context_handle)->more_flags = 0; - (*context_handle)->ticket = NULL; - - if (src_name != NULL) - *src_name = NULL; - - kret = krb5_auth_con_init (gssapi_krb5_context, - &(*context_handle)->auth_context); - if (kret) { - ret = GSS_S_FAILURE; - *minor_status = kret; - gssapi_krb5_set_error_string (); - goto failure; - } - - if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS - && input_chan_bindings->application_data.length == - 2 * sizeof((*context_handle)->auth_context->local_port) - ) { + + if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS + && input_chan_bindings->application_data.length == + 2 * sizeof((*context_handle)->auth_context->local_port) + ) { - /* Port numbers are expected to be in application_data.value, - * initator's port first */ + /* Port numbers are expected to be in application_data.value, + * initator's port first */ - krb5_address initiator_addr, acceptor_addr; + krb5_address initiator_addr, acceptor_addr; - memset(&initiator_addr, 0, sizeof(initiator_addr)); - memset(&acceptor_addr, 0, sizeof(acceptor_addr)); + memset(&initiator_addr, 0, sizeof(initiator_addr)); + memset(&acceptor_addr, 0, sizeof(acceptor_addr)); - (*context_handle)->auth_context->remote_port = - *(int16_t *) input_chan_bindings->application_data.value; + (*context_handle)->auth_context->remote_port = + *(int16_t *) input_chan_bindings->application_data.value; - (*context_handle)->auth_context->local_port = - *((int16_t *) input_chan_bindings->application_data.value + 1); + (*context_handle)->auth_context->local_port = + *((int16_t *) input_chan_bindings->application_data.value + 1); - kret = gss_address_to_krb5addr(input_chan_bindings->acceptor_addrtype, - &input_chan_bindings->acceptor_address, - (*context_handle)->auth_context->local_port, - &acceptor_addr); - if (kret) { - gssapi_krb5_set_error_string (); - ret = GSS_S_BAD_BINDINGS; - *minor_status = kret; - goto failure; - } + kret = gss_address_to_krb5addr(input_chan_bindings->acceptor_addrtype, + &input_chan_bindings->acceptor_address, + (*context_handle)->auth_context->local_port, + &acceptor_addr); + if (kret) { + gssapi_krb5_set_error_string (); + ret = GSS_S_BAD_BINDINGS; + *minor_status = kret; + goto failure; + } - kret = gss_address_to_krb5addr(input_chan_bindings->initiator_addrtype, - &input_chan_bindings->initiator_address, - (*context_handle)->auth_context->remote_port, - &initiator_addr); - if (kret) { - krb5_free_address (gssapi_krb5_context, &acceptor_addr); - gssapi_krb5_set_error_string (); - ret = GSS_S_BAD_BINDINGS; - *minor_status = kret; - goto failure; - } + kret = gss_address_to_krb5addr(input_chan_bindings->initiator_addrtype, + &input_chan_bindings->initiator_address, + (*context_handle)->auth_context->remote_port, + &initiator_addr); + if (kret) { + krb5_free_address (gssapi_krb5_context, &acceptor_addr); + gssapi_krb5_set_error_string (); + ret = GSS_S_BAD_BINDINGS; + *minor_status = kret; + goto failure; + } - kret = krb5_auth_con_setaddrs(gssapi_krb5_context, - (*context_handle)->auth_context, - &acceptor_addr, /* local address */ - &initiator_addr); /* remote address */ + kret = krb5_auth_con_setaddrs(gssapi_krb5_context, + (*context_handle)->auth_context, + &acceptor_addr, /* local address */ + &initiator_addr); /* remote address */ - krb5_free_address (gssapi_krb5_context, &initiator_addr); - krb5_free_address (gssapi_krb5_context, &acceptor_addr); + krb5_free_address (gssapi_krb5_context, &initiator_addr); + krb5_free_address (gssapi_krb5_context, &acceptor_addr); #if 0 - free(input_chan_bindings->application_data.value); - input_chan_bindings->application_data.value = NULL; - input_chan_bindings->application_data.length = 0; + free(input_chan_bindings->application_data.value); + input_chan_bindings->application_data.value = NULL; + input_chan_bindings->application_data.length = 0; #endif - if (kret) { - gssapi_krb5_set_error_string (); - ret = GSS_S_BAD_BINDINGS; - *minor_status = kret; - goto failure; - } - } + if (kret) { + gssapi_krb5_set_error_string (); + ret = GSS_S_BAD_BINDINGS; + *minor_status = kret; + goto failure; + } + } - { - int32_t tmp; - - krb5_auth_con_getflags(gssapi_krb5_context, - (*context_handle)->auth_context, - &tmp); - tmp |= KRB5_AUTH_CONTEXT_DO_SEQUENCE; - krb5_auth_con_setflags(gssapi_krb5_context, - (*context_handle)->auth_context, - tmp); - } - - ret = gssapi_krb5_decapsulate (minor_status, - input_token_buffer, - &indata, - "\x01\x00"); - if (ret) - goto failure; - - if (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) { - if (gssapi_krb5_keytab != NULL) { - keytab = gssapi_krb5_keytab; - } - } else if (acceptor_cred_handle->keytab != NULL) { - keytab = acceptor_cred_handle->keytab; - } - - kret = krb5_rd_req (gssapi_krb5_context, - &(*context_handle)->auth_context, - &indata, - (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) ? NULL + { + int32_t tmp; + + krb5_auth_con_getflags(gssapi_krb5_context, + (*context_handle)->auth_context, + &tmp); + tmp |= KRB5_AUTH_CONTEXT_DO_SEQUENCE; + krb5_auth_con_setflags(gssapi_krb5_context, + (*context_handle)->auth_context, + tmp); + } + + ret = gssapi_krb5_decapsulate (minor_status, + input_token_buffer, + &indata, + "\x01\x00"); + if (ret) + goto failure; + + if (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) { + if (gssapi_krb5_keytab != NULL) { + keytab = gssapi_krb5_keytab; + } + } else if (acceptor_cred_handle->keytab != NULL) { + keytab = acceptor_cred_handle->keytab; + } + + kret = krb5_rd_req (gssapi_krb5_context, + &(*context_handle)->auth_context, + &indata, + (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) ? NULL : acceptor_cred_handle->principal, - keytab, - &ap_options, - &ticket); - if (kret) { - ret = GSS_S_FAILURE; - *minor_status = kret; - gssapi_krb5_set_error_string (); - goto failure; - } - - kret = krb5_copy_principal (gssapi_krb5_context, - ticket->client, - &(*context_handle)->source); - if (kret) { - ret = GSS_S_FAILURE; - *minor_status = kret; - gssapi_krb5_set_error_string (); - goto failure; - } - - kret = krb5_copy_principal (gssapi_krb5_context, - ticket->server, - &(*context_handle)->target); - if (kret) { - ret = GSS_S_FAILURE; - *minor_status = kret; - gssapi_krb5_set_error_string (); - goto failure; - } - - if (src_name != NULL) { + keytab, + &ap_options, + &ticket); + if (kret) { + ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); + goto failure; + } + kret = krb5_copy_principal (gssapi_krb5_context, ticket->client, - src_name); + &(*context_handle)->source); if (kret) { - ret = GSS_S_FAILURE; - *minor_status = kret; - gssapi_krb5_set_error_string (); - goto failure; + ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); + goto failure; } - } - { - krb5_authenticator authenticator; - - kret = krb5_auth_con_getauthenticator(gssapi_krb5_context, - (*context_handle)->auth_context, - &authenticator); - if(kret) { - ret = GSS_S_FAILURE; - *minor_status = kret; - gssapi_krb5_set_error_string (); - goto failure; - } - - ret = gssapi_krb5_verify_8003_checksum(minor_status, - input_chan_bindings, - authenticator->cksum, - &flags, - &fwd_data); - krb5_free_authenticator(gssapi_krb5_context, &authenticator); - if (ret) + kret = krb5_copy_principal (gssapi_krb5_context, + ticket->server, + &(*context_handle)->target); + if (kret) { + ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); goto failure; - } + } - if (fwd_data.length > 0 && (flags & GSS_C_DELEG_FLAG)) { - - krb5_ccache ccache; + ret = _gss_DES3_get_mic_compat(minor_status, *context_handle); + if (ret) + goto failure; + + if (src_name != NULL) { + kret = krb5_copy_principal (gssapi_krb5_context, + ticket->client, + src_name); + if (kret) { + ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); + goto failure; + } + } + + { + krb5_authenticator authenticator; - if (delegated_cred_handle == NULL) - /* XXX Create a new delegated_cred_handle? */ - kret = krb5_cc_default (gssapi_krb5_context, &ccache); - else if (*delegated_cred_handle == NULL) { - if ((*delegated_cred_handle = - calloc(1, sizeof(**delegated_cred_handle))) == NULL) { + kret = krb5_auth_con_getauthenticator(gssapi_krb5_context, + (*context_handle)->auth_context, + &authenticator); + if(kret) { ret = GSS_S_FAILURE; - *minor_status = ENOMEM; - krb5_set_error_string(gssapi_krb5_context, "out of memory"); - gssapi_krb5_set_error_string(); + *minor_status = kret; + gssapi_krb5_set_error_string (); goto failure; - } - if ((ret = gss_duplicate_name(minor_status, ticket->client, - &(*delegated_cred_handle)->principal)) != 0) { - flags &= ~GSS_C_DELEG_FLAG; - free(*delegated_cred_handle); - *delegated_cred_handle = NULL; - goto end_fwd; - } - } - if (delegated_cred_handle != NULL && - (*delegated_cred_handle)->ccache == NULL) { + } + + ret = gssapi_krb5_verify_8003_checksum(minor_status, + input_chan_bindings, + authenticator->cksum, + &flags, + &fwd_data); + krb5_free_authenticator(gssapi_krb5_context, &authenticator); + if (ret) + goto failure; + } + + if (fwd_data.length > 0 && (flags & GSS_C_DELEG_FLAG)) { + + krb5_ccache ccache; + + if (delegated_cred_handle == NULL) + /* XXX Create a new delegated_cred_handle? */ + kret = krb5_cc_default (gssapi_krb5_context, &ccache); + else if (*delegated_cred_handle == NULL) { + if ((*delegated_cred_handle = + calloc(1, sizeof(**delegated_cred_handle))) == NULL) { + ret = GSS_S_FAILURE; + *minor_status = ENOMEM; + krb5_set_error_string(gssapi_krb5_context, "out of memory"); + gssapi_krb5_set_error_string(); + goto failure; + } + if ((ret = gss_duplicate_name(minor_status, ticket->client, + &(*delegated_cred_handle)->principal)) != 0) { + flags &= ~GSS_C_DELEG_FLAG; + free(*delegated_cred_handle); + *delegated_cred_handle = NULL; + goto end_fwd; + } + } + if (delegated_cred_handle != NULL && + (*delegated_cred_handle)->ccache == NULL) { kret = krb5_cc_gen_new (gssapi_krb5_context, &krb5_mcc_ops, &(*delegated_cred_handle)->ccache); - ccache = (*delegated_cred_handle)->ccache; - } - if (delegated_cred_handle != NULL && - (*delegated_cred_handle)->mechanisms == NULL) { + ccache = (*delegated_cred_handle)->ccache; + } + if (delegated_cred_handle != NULL && + (*delegated_cred_handle)->mechanisms == NULL) { ret = gss_create_empty_oid_set(minor_status, - &(*delegated_cred_handle)->mechanisms); + &(*delegated_cred_handle)->mechanisms); if (ret) - goto failure; + goto failure; ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, - &(*delegated_cred_handle)->mechanisms); + &(*delegated_cred_handle)->mechanisms); if (ret) - goto failure; - } + goto failure; + } - if (kret) { - flags &= ~GSS_C_DELEG_FLAG; - goto end_fwd; - } + if (kret) { + flags &= ~GSS_C_DELEG_FLAG; + goto end_fwd; + } - kret = krb5_cc_initialize(gssapi_krb5_context, - ccache, - *src_name); - if (kret) { - flags &= ~GSS_C_DELEG_FLAG; - goto end_fwd; - } + kret = krb5_cc_initialize(gssapi_krb5_context, + ccache, + *src_name); + if (kret) { + flags &= ~GSS_C_DELEG_FLAG; + goto end_fwd; + } - kret = krb5_rd_cred2(gssapi_krb5_context, - (*context_handle)->auth_context, - ccache, - &fwd_data); - if (kret) { - flags &= ~GSS_C_DELEG_FLAG; - goto end_fwd; - } - -end_fwd: - free(fwd_data.data); - } + kret = krb5_rd_cred2(gssapi_krb5_context, + (*context_handle)->auth_context, + ccache, + &fwd_data); + if (kret) { + flags &= ~GSS_C_DELEG_FLAG; + goto end_fwd; + } + + end_fwd: + free(fwd_data.data); + } - flags |= GSS_C_TRANS_FLAG; + flags |= GSS_C_TRANS_FLAG; - if (ret_flags) - *ret_flags = flags; - (*context_handle)->flags = flags; - (*context_handle)->more_flags |= OPEN; + if (ret_flags) + *ret_flags = flags; + (*context_handle)->lifetime = ticket->ticket.endtime; + (*context_handle)->flags = flags; + (*context_handle)->more_flags |= OPEN; - if (mech_type) - *mech_type = GSS_KRB5_MECHANISM; + if (mech_type) + *mech_type = GSS_KRB5_MECHANISM; - if (time_rec) - *time_rec = GSS_C_INDEFINITE; + if (time_rec) + *time_rec = (*context_handle)->lifetime; - if(flags & GSS_C_MUTUAL_FLAG) { - krb5_data outbuf; + if(flags & GSS_C_MUTUAL_FLAG) { + krb5_data outbuf; - kret = krb5_mk_rep (gssapi_krb5_context, - (*context_handle)->auth_context, - &outbuf); - if (kret) { - ret = GSS_S_FAILURE; - *minor_status = kret; - gssapi_krb5_set_error_string (); - goto failure; + kret = krb5_mk_rep (gssapi_krb5_context, + (*context_handle)->auth_context, + &outbuf); + if (kret) { + ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); + goto failure; + } + ret = gssapi_krb5_encapsulate (minor_status, + &outbuf, + output_token, + "\x02\x00"); + krb5_data_free (&outbuf); + if (ret) + goto failure; + } else { + output_token->length = 0; + output_token->value = NULL; } - ret = gssapi_krb5_encapsulate (minor_status, - &outbuf, - output_token, - "\x02\x00"); - krb5_data_free (&outbuf); - if (ret) - goto failure; - } else { - output_token->length = 0; - } - (*context_handle)->ticket = ticket; - ticket = NULL; + (*context_handle)->ticket = ticket; + ticket = NULL; #if 0 - krb5_free_ticket (context, ticket); + krb5_free_ticket (context, ticket); #endif - return GSS_S_COMPLETE; - -failure: - if (fwd_data.length > 0) - free(fwd_data.data); - if (ticket != NULL) - krb5_free_ticket (gssapi_krb5_context, ticket); - krb5_auth_con_free (gssapi_krb5_context, - (*context_handle)->auth_context); - if((*context_handle)->source) - krb5_free_principal (gssapi_krb5_context, - (*context_handle)->source); - if((*context_handle)->target) - krb5_free_principal (gssapi_krb5_context, - (*context_handle)->target); - free (*context_handle); - if (src_name != NULL) { - gss_release_name (&minor, src_name); - *src_name = NULL; - } - *context_handle = GSS_C_NO_CONTEXT; - return ret; + *minor_status = 0; + return GSS_S_COMPLETE; + + failure: + if (fwd_data.length > 0) + free(fwd_data.data); + if (ticket != NULL) + krb5_free_ticket (gssapi_krb5_context, ticket); + krb5_auth_con_free (gssapi_krb5_context, + (*context_handle)->auth_context); + if((*context_handle)->source) + krb5_free_principal (gssapi_krb5_context, + (*context_handle)->source); + if((*context_handle)->target) + krb5_free_principal (gssapi_krb5_context, + (*context_handle)->target); + free (*context_handle); + if (src_name != NULL) { + gss_release_name (&minor, src_name); + *src_name = NULL; + } + *context_handle = GSS_C_NO_CONTEXT; + return ret; } diff --git a/crypto/heimdal/lib/gssapi/acquire_cred.c b/crypto/heimdal/lib/gssapi/acquire_cred.c index 6940b26..503ac91 100644 --- a/crypto/heimdal/lib/gssapi/acquire_cred.c +++ b/crypto/heimdal/lib/gssapi/acquire_cred.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: acquire_cred.c,v 1.10 2002/08/20 12:02:45 nectar Exp $"); +RCSID("$Id: acquire_cred.c,v 1.13 2003/04/06 00:31:55 lha Exp $"); static krb5_error_code get_keytab(krb5_keytab *keytab) @@ -95,8 +95,9 @@ static OM_uint32 acquire_initiator_cred } else if (handle->principal != NULL && krb5_principal_compare(gssapi_krb5_context, handle->principal, def_princ) == FALSE) { - kret = KRB5_PRINC_NOMATCH; - goto end; + /* Before failing, lets check the keytab */ + krb5_free_principal(gssapi_krb5_context, def_princ); + def_princ = NULL; } if (def_princ == NULL) { /* We have no existing credentials cache, @@ -126,7 +127,36 @@ static OM_uint32 acquire_initiator_cred kret = krb5_cc_store_cred(gssapi_krb5_context, ccache, &cred); if (kret) goto end; + handle->lifetime = cred.times.endtime; + } else { + krb5_creds in_cred, *out_cred; + krb5_const_realm realm; + + memset(&in_cred, 0, sizeof(in_cred)); + in_cred.client = handle->principal; + + realm = krb5_principal_get_realm(gssapi_krb5_context, + handle->principal); + if (realm == NULL) { + kret = KRB5_PRINC_NOMATCH; /* XXX */ + goto end; + } + + kret = krb5_make_principal(gssapi_krb5_context, &in_cred.server, + realm, KRB5_TGS_NAME, realm, NULL); + if (kret) + goto end; + + kret = krb5_get_credentials(gssapi_krb5_context, 0, + ccache, &in_cred, &out_cred); + krb5_free_principal(gssapi_krb5_context, in_cred.server); + if (kret) + goto end; + + handle->lifetime = out_cred->times.endtime; + krb5_free_creds(gssapi_krb5_context, out_cred); } + handle->ccache = ccache; ret = GSS_S_COMPLETE; @@ -195,12 +225,32 @@ OM_uint32 gss_acquire_cred gss_cred_id_t handle; OM_uint32 ret; - gssapi_krb5_init (); + GSSAPI_KRB5_INIT (); + + *output_cred_handle = NULL; + if (time_rec) + *time_rec = 0; + if (actual_mechs) + *actual_mechs = GSS_C_NO_OID_SET; + + if (desired_mechs) { + OM_uint32 present = 0; + + ret = gss_test_oid_set_member(minor_status, GSS_KRB5_MECHANISM, + desired_mechs, &present); + if (ret) + return ret; + if (!present) { + *minor_status = 0; + return GSS_S_BAD_MECH; + } + } - *minor_status = 0; handle = (gss_cred_id_t)malloc(sizeof(*handle)); - if (handle == GSS_C_NO_CREDENTIAL) + if (handle == GSS_C_NO_CREDENTIAL) { + *minor_status = ENOMEM; return (GSS_S_FAILURE); + } memset(handle, 0, sizeof (*handle)); @@ -219,14 +269,17 @@ OM_uint32 gss_acquire_cred free(handle); return (ret); } - } - if (cred_usage == GSS_C_ACCEPT || cred_usage == GSS_C_BOTH) { + } else if (cred_usage == GSS_C_ACCEPT || cred_usage == GSS_C_BOTH) { ret = acquire_acceptor_cred(minor_status, desired_name, time_req, desired_mechs, cred_usage, handle, actual_mechs, time_rec); if (ret != GSS_S_COMPLETE) { free(handle); return (ret); } + } else { + free(handle); + *minor_status = GSS_KRB5_S_G_BAD_USAGE; + return GSS_S_FAILURE; } ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms); if (ret == GSS_S_COMPLETE) @@ -241,8 +294,9 @@ OM_uint32 gss_acquire_cred free(handle); return (ret); } - /* XXX */ - handle->lifetime = time_req; + *minor_status = 0; + if (time_rec) + *time_rec = handle->lifetime; handle->usage = cred_usage; *output_cred_handle = handle; return (GSS_S_COMPLETE); diff --git a/crypto/heimdal/lib/gssapi/add_cred.c b/crypto/heimdal/lib/gssapi/add_cred.c new file mode 100644 index 0000000..1e23a5b --- /dev/null +++ b/crypto/heimdal/lib/gssapi/add_cred.c @@ -0,0 +1,216 @@ +/* + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gssapi_locl.h" + +RCSID("$Id: add_cred.c,v 1.2 2003/04/06 00:29:17 lha Exp $"); + +OM_uint32 gss_add_cred ( + OM_uint32 *minor_status, + const gss_cred_id_t input_cred_handle, + const gss_name_t desired_name, + const gss_OID desired_mech, + gss_cred_usage_t cred_usage, + OM_uint32 initiator_time_req, + OM_uint32 acceptor_time_req, + gss_cred_id_t *output_cred_handle, + gss_OID_set *actual_mechs, + OM_uint32 *initiator_time_rec, + OM_uint32 *acceptor_time_rec) +{ + OM_uint32 ret, lifetime; + gss_cred_id_t cred, handle; + + handle = NULL; + cred = input_cred_handle; + + if (gss_oid_equal(desired_mech, GSS_KRB5_MECHANISM) == 0) { + *minor_status = 0; + return GSS_S_BAD_MECH; + } + + if (cred == GSS_C_NO_CREDENTIAL && output_cred_handle == NULL) { + *minor_status = 0; + return GSS_S_NO_CRED; + } + + /* check if requested output usage is compatible with output usage */ + if (output_cred_handle != NULL && + (cred->usage != cred_usage && cred->usage != GSS_C_BOTH)) { + *minor_status = GSS_KRB5_S_G_BAD_USAGE; + return(GSS_S_FAILURE); + } + + /* check that we have the same name */ + if (desired_name != GSS_C_NO_NAME && + krb5_principal_compare(gssapi_krb5_context, desired_name, + cred->principal) != FALSE) { + *minor_status = 0; + return GSS_S_BAD_NAME; + } + + /* make a copy */ + if (output_cred_handle) { + + handle = (gss_cred_id_t)malloc(sizeof(*handle)); + if (handle == GSS_C_NO_CREDENTIAL) { + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + + memset(handle, 0, sizeof (*handle)); + + handle->usage = cred_usage; + handle->lifetime = cred->lifetime; + handle->principal = NULL; + handle->keytab = NULL; + handle->ccache = NULL; + handle->mechanisms = NULL; + + ret = GSS_S_FAILURE; + + ret = gss_duplicate_name(minor_status, cred->principal, + &handle->principal); + if (ret) { + free(handle); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + if (cred->keytab) { + krb5_error_code kret; + char name[KRB5_KT_PREFIX_MAX_LEN + MAXPATHLEN]; + int len; + + ret = GSS_S_FAILURE; + + kret = krb5_kt_get_type(gssapi_krb5_context, cred->keytab, + name, KRB5_KT_PREFIX_MAX_LEN); + if (kret) { + *minor_status = kret; + goto failure; + } + len = strlen(name); + name[len++] = ':'; + + kret = krb5_kt_get_name(gssapi_krb5_context, cred->keytab, + name + len, + sizeof(name) - len); + if (kret) { + *minor_status = kret; + goto failure; + } + + kret = krb5_kt_resolve(gssapi_krb5_context, name, + &handle->keytab); + if (kret){ + *minor_status = kret; + goto failure; + } + } + + if (cred->ccache) { + krb5_error_code kret; + const char *type, *name; + char *type_name; + + ret = GSS_S_FAILURE; + + type = krb5_cc_get_type(gssapi_krb5_context, cred->ccache); + if (type == NULL){ + *minor_status = ENOMEM; + goto failure; + } + + name = krb5_cc_get_name(gssapi_krb5_context, cred->ccache); + if (name == NULL) { + *minor_status = ENOMEM; + goto failure; + } + + asprintf(&type_name, "%s:%s", type, name); + if (type_name == NULL) { + *minor_status = ENOMEM; + goto failure; + } + + kret = krb5_cc_resolve(gssapi_krb5_context, type_name, + &handle->ccache); + free(type_name); + if (kret) { + *minor_status = kret; + goto failure; + } + } + + ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms); + if (ret) + goto failure; + + ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, + &handle->mechanisms); + if (ret) + goto failure; + } + + ret = gss_inquire_cred(minor_status, cred, NULL, &lifetime, + NULL, actual_mechs); + if (ret) + goto failure; + + if (initiator_time_rec) + *initiator_time_rec = lifetime; + if (acceptor_time_rec) + *acceptor_time_rec = lifetime; + + if (output_cred_handle) + *output_cred_handle = handle; + + *minor_status = 0; + return ret; + + failure: + + if (handle) { + if (handle->principal) + gss_release_name(NULL, &handle->principal); + if (handle->keytab) + krb5_kt_close(gssapi_krb5_context, handle->keytab); + if (handle->ccache) + krb5_cc_destroy(gssapi_krb5_context, handle->ccache); + if (handle->mechanisms) + gss_release_oid_set(NULL, &handle->mechanisms); + free(handle); + } + return ret; +} diff --git a/crypto/heimdal/lib/gssapi/add_oid_set_member.c b/crypto/heimdal/lib/gssapi/add_oid_set_member.c index baf70c5..ed654fc 100644 --- a/crypto/heimdal/lib/gssapi/add_oid_set_member.c +++ b/crypto/heimdal/lib/gssapi/add_oid_set_member.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: add_oid_set_member.c,v 1.7 2001/02/18 03:39:08 assar Exp $"); +RCSID("$Id: add_oid_set_member.c,v 1.8 2003/03/16 17:50:49 lha Exp $"); OM_uint32 gss_add_oid_set_member ( OM_uint32 * minor_status, @@ -50,8 +50,10 @@ OM_uint32 gss_add_oid_set_member ( if (res != GSS_S_COMPLETE) return res; - if (present) + if (present) { + *minor_status = 0; return GSS_S_COMPLETE; + } n = (*oid_set)->count + 1; tmp = realloc ((*oid_set)->elements, n * sizeof(gss_OID_desc)); @@ -62,5 +64,6 @@ OM_uint32 gss_add_oid_set_member ( (*oid_set)->elements = tmp; (*oid_set)->count = n; (*oid_set)->elements[n-1] = *member_oid; + *minor_status = 0; return GSS_S_COMPLETE; } diff --git a/crypto/heimdal/lib/gssapi/compare_name.c b/crypto/heimdal/lib/gssapi/compare_name.c index 5926b15..da494b0 100644 --- a/crypto/heimdal/lib/gssapi/compare_name.c +++ b/crypto/heimdal/lib/gssapi/compare_name.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: compare_name.c,v 1.2 1999/12/02 17:05:03 joda Exp $"); +RCSID("$Id: compare_name.c,v 1.4 2003/03/16 17:50:07 lha Exp $"); OM_uint32 gss_compare_name (OM_uint32 * minor_status, @@ -42,8 +42,10 @@ OM_uint32 gss_compare_name int * name_equal ) { - gssapi_krb5_init (); + GSSAPI_KRB5_INIT(); + *name_equal = krb5_principal_compare (gssapi_krb5_context, name1, name2); + *minor_status = 0; return GSS_S_COMPLETE; } diff --git a/crypto/heimdal/lib/gssapi/compat.c b/crypto/heimdal/lib/gssapi/compat.c new file mode 100644 index 0000000..311b1cb --- /dev/null +++ b/crypto/heimdal/lib/gssapi/compat.c @@ -0,0 +1,113 @@ +/* + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gssapi_locl.h" + +RCSID("$Id: compat.c,v 1.2.2.2 2003/04/28 13:58:09 lha Exp $"); + + +static krb5_error_code +check_compat(OM_uint32 *minor_status, gss_name_t name, + const char *option, krb5_boolean *compat, + krb5_boolean match_val) +{ + krb5_error_code ret = 0; + char **p, **q; + krb5_principal match; + + + p = krb5_config_get_strings(gssapi_krb5_context, NULL, "gssapi", + option, NULL); + if(p == NULL) + return 0; + + for(q = p; *q; q++) { + + ret = krb5_parse_name(gssapi_krb5_context, *q, &match); + if (ret) + break; + + if (krb5_principal_match(gssapi_krb5_context, name, match)) { + *compat = match_val; + break; + } + + krb5_free_principal(gssapi_krb5_context, match); + } + krb5_config_free_strings(p); + + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + + return 0; +} + +OM_uint32 +_gss_DES3_get_mic_compat(OM_uint32 *minor_status, gss_ctx_id_t ctx) +{ + krb5_boolean use_compat = TRUE; + OM_uint32 ret; + + if ((ctx->more_flags & COMPAT_OLD_DES3_SELECTED) == 0) { + ret = check_compat(minor_status, ctx->target, + "broken_des3_mic", &use_compat, TRUE); + if (ret) + return ret; + ret = check_compat(minor_status, ctx->target, + "correct_des3_mic", &use_compat, FALSE); + if (ret) + return ret; + + if (use_compat) + ctx->more_flags |= COMPAT_OLD_DES3; + ctx->more_flags |= COMPAT_OLD_DES3_SELECTED; + } + return 0; +} + +OM_uint32 +gss_krb5_compat_des3_mic(OM_uint32 *minor_status, gss_ctx_id_t ctx, int on) +{ + *minor_status = 0; + + if (on) { + ctx->more_flags |= COMPAT_OLD_DES3; + } else { + ctx->more_flags &= ~COMPAT_OLD_DES3; + } + ctx->more_flags |= COMPAT_OLD_DES3_SELECTED; + + return 0; +} diff --git a/crypto/heimdal/lib/gssapi/context_time.c b/crypto/heimdal/lib/gssapi/context_time.c index f933f9e..e947df6 100644 --- a/crypto/heimdal/lib/gssapi/context_time.c +++ b/crypto/heimdal/lib/gssapi/context_time.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: context_time.c,v 1.5 2001/05/11 09:16:45 assar Exp $"); +RCSID("$Id: context_time.c,v 1.7 2003/03/16 17:48:33 lha Exp $"); OM_uint32 gss_context_time (OM_uint32 * minor_status, @@ -46,7 +46,7 @@ OM_uint32 gss_context_time krb5_error_code kret; krb5_timestamp timeret; - gssapi_krb5_init(); + GSSAPI_KRB5_INIT (); ret = gss_inquire_context(minor_status, context_handle, NULL, NULL, &lifetime, NULL, NULL, NULL, NULL); @@ -62,5 +62,6 @@ OM_uint32 gss_context_time } *time_rec = lifetime - timeret; + *minor_status = 0; return GSS_S_COMPLETE; } diff --git a/crypto/heimdal/lib/gssapi/copy_ccache.c b/crypto/heimdal/lib/gssapi/copy_ccache.c index a6f53df..2ffe065 100644 --- a/crypto/heimdal/lib/gssapi/copy_ccache.c +++ b/crypto/heimdal/lib/gssapi/copy_ccache.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 2000 - 2001, 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,25 +33,26 @@ #include "gssapi_locl.h" -RCSID("$Id: copy_ccache.c,v 1.2 2001/05/11 09:16:45 assar Exp $"); +RCSID("$Id: copy_ccache.c,v 1.3 2003/03/16 17:47:44 lha Exp $"); OM_uint32 -gss_krb5_copy_ccache(OM_uint32 *minor, +gss_krb5_copy_ccache(OM_uint32 *minor_status, gss_cred_id_t cred, krb5_ccache out) { krb5_error_code kret; if (cred->ccache == NULL) { - *minor = EINVAL; + *minor_status = EINVAL; return GSS_S_FAILURE; } kret = krb5_cc_copy_cache(gssapi_krb5_context, cred->ccache, out); if (kret) { - *minor = kret; + *minor_status = kret; gssapi_krb5_set_error_string (); return GSS_S_FAILURE; } + *minor_status = 0; return GSS_S_COMPLETE; } diff --git a/crypto/heimdal/lib/gssapi/create_emtpy_oid_set.c b/crypto/heimdal/lib/gssapi/create_emtpy_oid_set.c index de71749..1a25e0d 100644 --- a/crypto/heimdal/lib/gssapi/create_emtpy_oid_set.c +++ b/crypto/heimdal/lib/gssapi/create_emtpy_oid_set.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: create_emtpy_oid_set.c,v 1.4 2001/02/18 03:39:08 assar Exp $"); +RCSID("$Id: create_emtpy_oid_set.c,v 1.5 2003/03/16 17:47:07 lha Exp $"); OM_uint32 gss_create_empty_oid_set ( OM_uint32 * minor_status, @@ -47,5 +47,6 @@ OM_uint32 gss_create_empty_oid_set ( } (*oid_set)->count = 0; (*oid_set)->elements = NULL; + *minor_status = 0; return GSS_S_COMPLETE; } diff --git a/crypto/heimdal/lib/gssapi/delete_sec_context.c b/crypto/heimdal/lib/gssapi/delete_sec_context.c index 06f44e3..2df1f39 100644 --- a/crypto/heimdal/lib/gssapi/delete_sec_context.c +++ b/crypto/heimdal/lib/gssapi/delete_sec_context.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: delete_sec_context.c,v 1.9 2001/05/10 15:23:04 assar Exp $"); +RCSID("$Id: delete_sec_context.c,v 1.11 2003/03/16 17:46:40 lha Exp $"); OM_uint32 gss_delete_sec_context (OM_uint32 * minor_status, @@ -41,28 +41,29 @@ OM_uint32 gss_delete_sec_context gss_buffer_t output_token ) { - gssapi_krb5_init (); + GSSAPI_KRB5_INIT (); - if (output_token) { - output_token->length = 0; - output_token->value = NULL; - } + if (output_token) { + output_token->length = 0; + output_token->value = NULL; + } - krb5_auth_con_free (gssapi_krb5_context, - (*context_handle)->auth_context); - if((*context_handle)->source) - krb5_free_principal (gssapi_krb5_context, - (*context_handle)->source); - if((*context_handle)->target) - krb5_free_principal (gssapi_krb5_context, - (*context_handle)->target); - if ((*context_handle)->ticket) { - krb5_free_ticket (gssapi_krb5_context, - (*context_handle)->ticket); - free((*context_handle)->ticket); - } + krb5_auth_con_free (gssapi_krb5_context, + (*context_handle)->auth_context); + if((*context_handle)->source) + krb5_free_principal (gssapi_krb5_context, + (*context_handle)->source); + if((*context_handle)->target) + krb5_free_principal (gssapi_krb5_context, + (*context_handle)->target); + if ((*context_handle)->ticket) { + krb5_free_ticket (gssapi_krb5_context, + (*context_handle)->ticket); + free((*context_handle)->ticket); + } - free (*context_handle); - *context_handle = GSS_C_NO_CONTEXT; - return GSS_S_COMPLETE; + free (*context_handle); + *context_handle = GSS_C_NO_CONTEXT; + *minor_status = 0; + return GSS_S_COMPLETE; } diff --git a/crypto/heimdal/lib/gssapi/display_name.c b/crypto/heimdal/lib/gssapi/display_name.c index 1c25e67..27a232f 100644 --- a/crypto/heimdal/lib/gssapi/display_name.c +++ b/crypto/heimdal/lib/gssapi/display_name.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: display_name.c,v 1.7 2001/05/11 09:16:46 assar Exp $"); +RCSID("$Id: display_name.c,v 1.9 2003/03/16 17:46:11 lha Exp $"); OM_uint32 gss_display_name (OM_uint32 * minor_status, @@ -42,31 +42,32 @@ OM_uint32 gss_display_name gss_OID * output_name_type ) { - krb5_error_code kret; - char *buf; - size_t len; + krb5_error_code kret; + char *buf; + size_t len; - gssapi_krb5_init (); - kret = krb5_unparse_name (gssapi_krb5_context, - input_name, - &buf); - if (kret) { - *minor_status = kret; - gssapi_krb5_set_error_string (); - return GSS_S_FAILURE; - } - len = strlen (buf); - output_name_buffer->length = len; - output_name_buffer->value = malloc(len + 1); - if (output_name_buffer->value == NULL) { + GSSAPI_KRB5_INIT (); + kret = krb5_unparse_name (gssapi_krb5_context, + input_name, + &buf); + if (kret) { + *minor_status = kret; + gssapi_krb5_set_error_string (); + return GSS_S_FAILURE; + } + len = strlen (buf); + output_name_buffer->length = len; + output_name_buffer->value = malloc(len + 1); + if (output_name_buffer->value == NULL) { + free (buf); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + memcpy (output_name_buffer->value, buf, len); + ((char *)output_name_buffer->value)[len] = '\0'; free (buf); - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - memcpy (output_name_buffer->value, buf, len); - ((char *)output_name_buffer->value)[len] = '\0'; - free (buf); - if (output_name_type) - *output_name_type = GSS_KRB5_NT_PRINCIPAL_NAME; - return GSS_S_COMPLETE; + if (output_name_type) + *output_name_type = GSS_KRB5_NT_PRINCIPAL_NAME; + *minor_status = 0; + return GSS_S_COMPLETE; } diff --git a/crypto/heimdal/lib/gssapi/display_status.c b/crypto/heimdal/lib/gssapi/display_status.c index fc1451d..d266fa4 100644 --- a/crypto/heimdal/lib/gssapi/display_status.c +++ b/crypto/heimdal/lib/gssapi/display_status.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1998 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: display_status.c,v 1.7 2001/08/23 04:34:41 assar Exp $"); +RCSID("$Id: display_status.c,v 1.9 2003/03/16 17:45:36 lha Exp $"); static char *krb5_error_string; @@ -93,6 +93,26 @@ routine_error(OM_uint32 v) return msgs[v]; } +static char * +supplementary_error(OM_uint32 v) +{ + static char *msgs[] = { + "normal completion", + "continuation call to routine required", + "duplicate per-message token detected", + "timed-out per-message token detected", + "reordered (early) per-message token detected", + "skipped predecessor token(s) detected" + }; + + v >>= GSS_C_SUPPLEMENTARY_OFFSET; + + if (v >= sizeof(msgs)/sizeof(*msgs)) + return "unknown routine error"; + else + return msgs[v]; +} + void gssapi_krb5_set_error_string (void) { @@ -117,18 +137,25 @@ OM_uint32 gss_display_status { char *buf; - gssapi_krb5_init (); + GSSAPI_KRB5_INIT (); - *minor_status = 0; + status_string->length = 0; + status_string->value = NULL; - if (mech_type != GSS_C_NO_OID && - mech_type != GSS_KRB5_MECHANISM) - return GSS_S_BAD_MECH; + if (gss_oid_equal(mech_type, GSS_C_NO_OID) == 0 && + gss_oid_equal(mech_type, GSS_KRB5_MECHANISM) == 0) { + *minor_status = 0; + return GSS_C_GSS_CODE; + } if (status_type == GSS_C_GSS_CODE) { - asprintf (&buf, "%s %s", - calling_error(GSS_CALLING_ERROR(status_value)), - routine_error(GSS_ROUTINE_ERROR(status_value))); + if (GSS_SUPPLEMENTARY_INFO(status_value)) + asprintf(&buf, "%s", + supplementary_error(GSS_SUPPLEMENTARY_INFO(status_value))); + else + asprintf (&buf, "%s %s", + calling_error(GSS_CALLING_ERROR(status_value)), + routine_error(GSS_ROUTINE_ERROR(status_value))); } else if (status_type == GSS_C_MECH_CODE) { buf = gssapi_krb5_get_error_string (); if (buf == NULL) { @@ -140,8 +167,10 @@ OM_uint32 gss_display_status else buf = strdup(tmp); } - } else + } else { + *minor_status = EINVAL; return GSS_S_BAD_STATUS; + } if (buf == NULL) { *minor_status = ENOMEM; @@ -149,6 +178,7 @@ OM_uint32 gss_display_status } *message_context = 0; + *minor_status = 0; status_string->length = strlen(buf); status_string->value = buf; diff --git a/crypto/heimdal/lib/gssapi/duplicate_name.c b/crypto/heimdal/lib/gssapi/duplicate_name.c index b0ecdf2..2b54e90 100644 --- a/crypto/heimdal/lib/gssapi/duplicate_name.c +++ b/crypto/heimdal/lib/gssapi/duplicate_name.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: duplicate_name.c,v 1.5 2001/05/11 09:16:46 assar Exp $"); +RCSID("$Id: duplicate_name.c,v 1.7 2003/03/16 17:44:26 lha Exp $"); OM_uint32 gss_duplicate_name ( OM_uint32 * minor_status, @@ -41,18 +41,19 @@ OM_uint32 gss_duplicate_name ( gss_name_t * dest_name ) { - krb5_error_code kret; + krb5_error_code kret; - gssapi_krb5_init (); + GSSAPI_KRB5_INIT (); - kret = krb5_copy_principal (gssapi_krb5_context, - src_name, - dest_name); - if (kret) { - *minor_status = kret; - gssapi_krb5_set_error_string (); - return GSS_S_FAILURE; - } else { - return GSS_S_COMPLETE; - } + kret = krb5_copy_principal (gssapi_krb5_context, + src_name, + dest_name); + if (kret) { + *minor_status = kret; + gssapi_krb5_set_error_string (); + return GSS_S_FAILURE; + } else { + *minor_status = 0; + return GSS_S_COMPLETE; + } } diff --git a/crypto/heimdal/lib/gssapi/export_name.c b/crypto/heimdal/lib/gssapi/export_name.c index efbd9c4..c5fcbd4 100644 --- a/crypto/heimdal/lib/gssapi/export_name.c +++ b/crypto/heimdal/lib/gssapi/export_name.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1997, 1999, 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: export_name.c,v 1.4 1999/12/02 17:05:03 joda Exp $"); +RCSID("$Id: export_name.c,v 1.5 2003/03/16 17:34:46 lha Exp $"); OM_uint32 gss_export_name (OM_uint32 * minor_status, @@ -41,8 +41,54 @@ OM_uint32 gss_export_name gss_buffer_t exported_name ) { - return gss_display_name(minor_status, - input_name, - exported_name, - NULL); + krb5_error_code kret; + char *buf, *name; + size_t len; + + GSSAPI_KRB5_INIT (); + kret = krb5_unparse_name (gssapi_krb5_context, + input_name, + &name); + if (kret) { + *minor_status = kret; + gssapi_krb5_set_error_string (); + return GSS_S_FAILURE; + } + len = strlen (name); + + exported_name->length = 10 + len + GSS_KRB5_MECHANISM->length; + exported_name->value = malloc(exported_name->length); + if (exported_name->value == NULL) { + free (name); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + /* TOK, MECH_OID_LEN, DER(MECH_OID), NAME_LEN, NAME */ + + buf = exported_name->value; + memcpy(buf, "\x04\x01", 2); + buf += 2; + buf[0] = ((GSS_KRB5_MECHANISM->length + 2) >> 8) & 0xff; + buf[1] = (GSS_KRB5_MECHANISM->length + 2) & 0xff; + buf+= 2; + buf[0] = 0x06; + buf[1] = (GSS_KRB5_MECHANISM->length) & 0xFF; + buf+= 2; + + memcpy(buf, GSS_KRB5_MECHANISM->elements, GSS_KRB5_MECHANISM->length); + buf += GSS_KRB5_MECHANISM->length; + + buf[0] = (len >> 24) & 0xff; + buf[1] = (len >> 16) & 0xff; + buf[2] = (len >> 8) & 0xff; + buf[3] = (len) & 0xff; + buf += 4; + + memcpy (buf, name, len); + + free (name); + + *minor_status = 0; + return GSS_S_COMPLETE; } diff --git a/crypto/heimdal/lib/gssapi/export_sec_context.c b/crypto/heimdal/lib/gssapi/export_sec_context.c index 30c5a11..c7e6265 100644 --- a/crypto/heimdal/lib/gssapi/export_sec_context.c +++ b/crypto/heimdal/lib/gssapi/export_sec_context.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: export_sec_context.c,v 1.4 2001/02/18 03:39:09 assar Exp $"); +RCSID("$Id: export_sec_context.c,v 1.6 2003/03/16 18:02:52 lha Exp $"); OM_uint32 gss_export_sec_context ( @@ -51,9 +51,11 @@ gss_export_sec_context ( OM_uint32 minor; krb5_error_code kret; - gssapi_krb5_init (); - if (!((*context_handle)->flags & GSS_C_TRANS_FLAG)) + GSSAPI_KRB5_INIT (); + if (!((*context_handle)->flags & GSS_C_TRANS_FLAG)) { + *minor_status = 0; return GSS_S_UNAVAILABLE; + } sp = krb5_storage_emem (); if (sp == NULL) { @@ -145,27 +147,6 @@ gss_export_sec_context ( goto failure; } -#if 0 - { - size_t sz; - unsigned char auth_buf[1024]; - - ret = encode_Authenticator (auth_buf, sizeof(auth_buf), - ac->authenticator, &sz); - if (ret) { - krb5_storage_free (sp); - *minor_status = ret; - return GSS_S_FAILURE; - } - data.data = auth_buf; - data.length = sz; - kret = krb5_store_data (sp, data); - if (kret) { - *minor_status = kret; - goto failure; - } - } -#endif kret = krb5_store_int32 (sp, ac->keytype); if (kret) { *minor_status = kret; @@ -196,6 +177,9 @@ gss_export_sec_context ( goto failure; data.data = buffer.value; data.length = buffer.length; + + ret = GSS_S_FAILURE; + kret = krb5_store_data (sp, data); gss_release_buffer (&minor, &buffer); if (kret) { @@ -213,6 +197,11 @@ gss_export_sec_context ( *minor_status = kret; goto failure; } + kret = krb5_store_int32 (sp, (*context_handle)->lifetime); + if (kret) { + *minor_status = kret; + goto failure; + } kret = krb5_storage_to_data (sp, &data); krb5_storage_free (sp); @@ -226,6 +215,7 @@ gss_export_sec_context ( GSS_C_NO_BUFFER); if (ret != GSS_S_COMPLETE) gss_release_buffer (NULL, interprocess_token); + *minor_status = 0; return ret; failure: krb5_storage_free (sp); diff --git a/crypto/heimdal/lib/gssapi/get_mic.c b/crypto/heimdal/lib/gssapi/get_mic.c index 720a2ff..e890b08 100644 --- a/crypto/heimdal/lib/gssapi/get_mic.c +++ b/crypto/heimdal/lib/gssapi/get_mic.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: get_mic.c,v 1.19 2001/10/31 13:37:39 nectar Exp $"); +RCSID("$Id: get_mic.c,v 1.21 2003/03/16 18:02:04 lha Exp $"); static OM_uint32 mic_des @@ -115,6 +115,7 @@ mic_des memset (deskey, 0, sizeof(deskey)); memset (schedule, 0, sizeof(schedule)); + *minor_status = 0; return GSS_S_COMPLETE; } @@ -139,6 +140,7 @@ mic_des3 krb5_error_code kret; krb5_data encdata; char *tmp; + char ivec[8]; gssapi_krb5_encap_length (36, &len, &total_len); @@ -219,10 +221,15 @@ mic_des3 return GSS_S_FAILURE; } - kret = krb5_encrypt (gssapi_krb5_context, - crypto, - KRB5_KU_USAGE_SEQ, - seq, 8, &encdata); + if (context_handle->more_flags & COMPAT_OLD_DES3) + memset(ivec, 0, 8); + else + memcpy(ivec, p + 8, 8); + + kret = krb5_encrypt_ivec (gssapi_krb5_context, + crypto, + KRB5_KU_USAGE_SEQ, + seq, 8, &encdata, ivec); krb5_crypto_destroy (gssapi_krb5_context, crypto); if (kret) { free (message_token->value); @@ -241,6 +248,7 @@ mic_des3 ++seq_number); free_Checksum (&cksum); + *minor_status = 0; return GSS_S_COMPLETE; } diff --git a/crypto/heimdal/lib/gssapi/gss_acquire_cred.3 b/crypto/heimdal/lib/gssapi/gss_acquire_cred.3 new file mode 100644 index 0000000..1d8c0a0 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/gss_acquire_cred.3 @@ -0,0 +1,465 @@ +.\" Copyright (c) 2003 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: gss_acquire_cred.3,v 1.8.2.1 2003/04/28 13:41:42 lha Exp $ +.\" +.Dd April 2, 2003 +.Dt GSS_ACQUIRE_CRED 3 +.Os HEIMDAL +.Sh NAME +.Nm gss_accept_sec_context , +.Nm gss_acquire_cred , +.Nm gss_add_cred , +.Nm gss_add_oid_set_member , +.Nm gss_canonicalize_name , +.Nm gss_compare_name , +.Nm gss_context_time , +.Nm gss_create_empty_oid_set , +.Nm gss_delete_sec_context , +.Nm gss_display_name , +.Nm gss_display_status , +.Nm gss_duplicate_name , +.Nm gss_export_name , +.Nm gss_export_sec_context , +.Nm gss_get_mic , +.Nm gss_import_name , +.Nm gss_import_sec_context , +.Nm gss_indicate_mechs , +.Nm gss_init_sec_context , +.Nm gss_inquire_context , +.Nm gss_inquire_cred , +.Nm gss_inquire_cred_by_mech , +.Nm gss_inquire_mechs_for_name , +.Nm gss_inquire_names_for_mech , +.Nm gss_krb5_copy_ccache , +.Nm gss_krb5_compat_des3_mic , +.Nm gss_process_context_token , +.Nm gss_release_buffer , +.Nm gss_release_cred , +.Nm gss_release_name , +.Nm gss_release_oid_set , +.Nm gss_seal , +.Nm gss_sign , +.Nm gss_test_oid_set_member , +.Nm gss_unseal , +.Nm gss_unwrap , +.Nm gss_verify , +.Nm gss_verify_mic , +.Nm gss_wrap , +.Nm gss_wrap_size_limit +.Nd Generic Security Service Application Program Interface library +.Sh LIBRARY +GSS-API library (libgssapi, -lgssapi) +.Sh SYNOPSIS +.In gssapi.h +.Pp +.Ft OM_uint32 +.Fo gss_accept_sec_context +.Fa "OM_uint32 * minor_status" +.Fa "gss_ctx_id_t * context_handle" +.Fa "const gss_cred_id_t acceptor_cred_handle" +.Fa "const gss_buffer_t input_token_buffer" +.Fa "const gss_channel_bindings_t input_chan_bindings" +.Fa "gss_name_t * src_name" +.Fa "gss_OID * mech_type" +.Fa "gss_buffer_t output_token" +.Fa "OM_uint32 * ret_flags" +.Fa "OM_uint32 * time_rec" +.Fa "gss_cred_id_t * delegated_cred_handle" +.Fc +.Pp +.Ft OM_uint32 +.Fo gss_acquire_cred +.Fa "OM_uint32 * minor_status" +.Fa "const gss_name_t desired_name" +.Fa "OM_uint32 time_req" +.Fa "const gss_OID_set desired_mechs" +.Fa "gss_cred_usage_t cred_usage" +.Fa "gss_cred_id_t * output_cred_handle" +.Fa "gss_OID_set * actual_mechs" +.Fa "OM_uint32 * time_rec" +.Fc +.\" .Fn gss_add_cred +.Ft OM_uint32 +.Fo gss_add_oid_set_member +.Fa "OM_uint32 * minor_status" +.Fa "const gss_OID member_oid" +.Fa "gss_OID_set * oid_set" +.Fc +.Ft OM_uint32 +.Fo gss_canonicalize_name +.Fa "OM_uint32 * minor_status" +.Fa "const gss_name_t input_name" +.Fa "const gss_OID mech_type" +.Fa "gss_name_t * output_name" +.Fc +.Ft OM_uint32 +.Fo gss_compare_name +.Fa "OM_uint32 * minor_status" +.Fa "const gss_name_t name1" +.Fa "const gss_name_t name2" +.Fa "int * name_equal" +.Fc +.Ft OM_uint32 +.Fo gss_context_time +.Fa "OM_uint32 * minor_status" +.Fa "const gss_ctx_id_t context_handle" +.Fa "OM_uint32 * time_rec" +.Fc +.Ft OM_uint32 +.Fo gss_create_empty_oid_set +.Fa "OM_uint32 * minor_status" +.Fa "gss_OID_set * oid_set" +.Fc +.Ft OM_uint32 +.Fo gss_delete_sec_context +.Fa "OM_uint32 * minor_status" +.Fa "gss_ctx_id_t * context_handle" +.Fa "gss_buffer_t output_token" +.Fc +.Ft OM_uint32 +.Fo gss_display_name +.Fa "OM_uint32 * minor_status" +.Fa "const gss_name_t input_name" +.Fa "gss_buffer_t output_name_buffer" +.Fa "gss_OID * output_name_type" +.Fc +.Ft OM_uint32 +.Fo gss_display_status +.Fa "OM_uint32 *minor_status" +.Fa "OM_uint32 status_value" +.Fa "int status_type" +.Fa "const gss_OID mech_type" +.Fa "OM_uint32 *message_context" +.Fa "gss_buffer_t status_string" +.Fc +.Ft OM_uint32 +.Fo gss_duplicate_name +.Fa "OM_uint32 * minor_status" +.Fa "const gss_name_t src_name" +.Fa "gss_name_t * dest_name" +.Fc +.Ft OM_uint32 +.Fo gss_export_name +.Fa "OM_uint32 * minor_status" +.Fa "const gss_name_t input_name" +.Fa "gss_buffer_t exported_name" +.Fc +.Ft OM_uint32 +.Fo gss_export_sec_context +.Fa "OM_uint32 * minor_status" +.Fa "gss_ctx_id_t * context_handle" +.Fa "gss_buffer_t interprocess_token" +.Fc +.Ft OM_uint32 +.Fo gss_get_mic +.Fa "OM_uint32 * minor_status" +.Fa "const gss_ctx_id_t context_handle" +.Fa "gss_qop_t qop_req" +.Fa "const gss_buffer_t message_buffer" +.Fa "gss_buffer_t message_token" +.Fc +.Ft OM_uint32 +.Fo gss_import_name +.Fa "OM_uint32 * minor_status, +.Fa "const gss_buffer_t input_name_buffer" +.Fa "const gss_OID input_name_type" +.Fa "gss_name_t * output_name" +.Fc +.Ft OM_uint32 +.Fo gss_import_sec_context +.Fa "OM_uint32 * minor_status" +.Fa "const gss_buffer_t interprocess_token" +.Fa "gss_ctx_id_t * context_handle" +.Fc +.Ft OM_uint32 +.Fo gss_indicate_mechs +.Fa "OM_uint32 * minor_status" +.Fa "gss_OID_set * mech_set" +.Fc +.Ft OM_uint32 +.Fo gss_init_sec_context +.Fa "OM_uint32 * minor_status" +.Fa "const gss_cred_id_t initiator_cred_handle" +.Fa "gss_ctx_id_t * context_handle" +.Fa "const gss_name_t target_name" +.Fa "const gss_OID mech_type" +.Fa "OM_uint32 req_flags" +.Fa "OM_uint32 time_req" +.Fa "const gss_channel_bindings_t input_chan_bindings" +.Fa "const gss_buffer_t input_token" +.Fa "gss_OID * actual_mech_type" +.Fa "gss_buffer_t output_token" +.Fa "OM_uint32 * ret_flags" +.Fa "OM_uint32 * time_rec" +.Fc +.Ft OM_uint32 +.Fo gss_inquire_context +.Fa "OM_uint32 * minor_status" +.Fa "const gss_ctx_id_t context_handle" +.Fa "gss_name_t * src_name" +.Fa "gss_name_t * targ_name" +.Fa "OM_uint32 * lifetime_rec" +.Fa "gss_OID * mech_type" +.Fa "OM_uint32 * ctx_flags" +.Fa "int * locally_initiated" +.Fa "int * open_context" +.Fc +.Ft OM_uint32 +.Fo gss_inquire_cred +.Fa "OM_uint32 * minor_status" +.Fa "const gss_cred_id_t cred_handle" +.Fa "gss_name_t * name" +.Fa "OM_uint32 * lifetime" +.Fa "gss_cred_usage_t * cred_usage" +.Fa "gss_OID_set * mechanisms" +.Fc +.Ft OM_uint32 +.Fo gss_inquire_cred_by_mech +.Fc +.Ft OM_uint32 +.Fo gss_inquire_mechs_for_name +.Fc +.Ft OM_uint32 +.Fo gss_inquire_names_for_mech +.Fc +.Ft OM_uint32 +.Fo gss_krb5_copy_ccache +.Fa "OM_uint32 *minor" +.Fa "gss_cred_id_t cred" +.Fa "krb5_ccache out" +.Fc +.Ft OM_uint32 +.Fo gss_krb5_compat_des3_mic +.Fa "OM_uint32 * minor_status" +.Fa "gss_ctx_id_t context_handle" +.Fa "int onoff" +.Fc +.Ft OM_uint32 +.Fo gss_process_context_token +.Fc +.Ft OM_uint32 +.Fo gss_release_buffer +.Fa "OM_uint32 * minor_status" +.Fa "gss_buffer_t buffer" +.Fc +.Ft OM_uint32 +.Fo gss_release_cred +.Fa "OM_uint32 * minor_status" +.Fa "gss_cred_id_t * cred_handle" +.Fc +.Ft OM_uint32 +.Fo gss_release_name +.Fa "OM_uint32 * minor_status" +.Fa "gss_name_t * input_name" +.Fc +.Ft +.Fo gss_release_oid_set +.Fa "OM_uint32 * minor_status" +.Fa "gss_OID_set * set" +.Fc +.Ft OM_uint32 +.Fo gss_seal +.Fa "OM_uint32 * minor_status" +.Fa "gss_ctx_id_t context_handle" +.Fa "int conf_req_flag" +.Fa "int qop_req" +.Fa "gss_buffer_t input_message_buffer" +.Fa "int * conf_state" +.Fa "gss_buffer_t output_message_buffer" +.Fc +.Ft OM_uint32 +.Fo gss_sign +.Fa "OM_uint32 * minor_status" +.Fa "gss_ctx_id_t context_handle" +.Fa "int qop_req" +.Fa "gss_buffer_t message_buffer" +.Fa "gss_buffer_t message_token" +.Fc +.Ft OM_uint32 +.Fo gss_test_oid_set_member +.Fa "OM_uint32 * minor_status" +.Fa "const gss_OID member" +.Fa "const gss_OID_set set" +.Fa "int * present" +.Fc +.Ft OM_uint32 +.Fo gss_unseal +.Fa "OM_uint32 * minor_status" +.Fa "gss_ctx_id_t context_handle" +.Fa "gss_buffer_t input_message_buffer" +.Fa "gss_buffer_t output_message_buffer" +.Fa "int * conf_state" +.Fa "int * qop_state" +.Fc +.Ft OM_uint32 +.Fo gss_unwrap +.Fa "OM_uint32 * minor_status" +.Fa "const gss_ctx_id_t context_handle" +.Fa "const gss_buffer_t input_message_buffer" +.Fa "gss_buffer_t output_message_buffer" +.Fa "int * conf_state" +.Fa "gss_qop_t * qop_state" +.Fc +.Ft OM_uint32 +.Fo gss_verify +.Fa "OM_uint32 * minor_status" +.Fa "gss_ctx_id_t context_handle" +.Fa "gss_buffer_t message_buffer" +.Fa "gss_buffer_t token_buffer" +.Fa "int * qop_state" +.Fc +.Ft OM_uint32 +.Fo gss_verify_mic +.Fa "OM_uint32 * minor_status" +.Fa "const gss_ctx_id_t context_handle" +.Fa "const gss_buffer_t message_buffer" +.Fa "const gss_buffer_t token_buffer" +.Fa "gss_qop_t * qop_state" +.Fc +.Ft +.Fo gss_wrap +.Fa "OM_uint32 * minor_status" +.Fa "const gss_ctx_id_t context_handle" +.Fa "int conf_req_flag" +.Fa "gss_qop_t qop_req" +.Fa "const gss_buffer_t input_message_buffer" +.Fa "int * conf_state" +.Fa "gss_buffer_t output_message_buffer" +.Fc +.Ft OM_uint32 +.Fo gss_wrap_size_limit +.Fa "OM_uint32 * minor_status" +.Fa "const gss_ctx_id_t context_handle" +.Fa "int conf_req_flag" +.Fa "gss_qop_t qop_req" +.Fa "OM_uint32 req_output_size" +.Fa "OM_uint32 * max_input_size" +.Fc +.Sh DESCRIPTION +Generic Security Service API (GSS-API) version 2, and its C binding, +is described in +.Li RFC2743 +and +.Li RFC2744 . +Version 1 (deprecated) of the C binding is described in +.Li RFC1509 . +.Pp +Heimdals GSS-API implementation supports the following mechanisms +.Bl -bullet +.It +.Li GSS_KRB5_MECHANISM +.El +.Pp +GSS-API have generic name types that all mechanism are supposed to +implement (if possible) +.Bl -bullet +.It +.Li GSS_C_NT_USER_NAME +.It +.Li GSS_C_NT_MACHINE_UID_NAME +.It +.Li GSS_C_NT_STRING_UID_NAME +.It +.Li GSS_C_NT_HOSTBASED_SERVICE +.It +.Li GSS_C_NT_ANONYMOUS +.It +.Li GSS_C_NT_EXPORT_NAME +.El +.Pp +GSS-API implementations that supports Kerberos 5 have some additional +name types +.Bl -bullet +.It +.Li GSS_KRB5_NT_PRINCIPAL_NAME +.It +.Li GSS_KRB5_NT_USER_NAME +.It +.Li GSS_KRB5_NT_MACHINE_UID_NAME +.It +.Li GSS_KRB5_NT_STRING_UID_NAME +.El +.Pp +.Fn gss_display_name +takes the gss name in +.Fa input_name +and put a printable form in +.Fa output_name_buffer . +.Fa output_name_buffer +should be freed when done using +.Fn gss_release_buffer . +.Fa output_name_type +can either be +.Dv NULL +or a pointer to a +.Li gss_OID +and will in the later case contain the OID type of the name. +The name should only be used for printing. +Access control should be done with the result of +.Fn gss_export_name . +.Pp +.Fn gss_sign , +.Fn gss_verify , +.Fn gss_seal , +and +.Fn gss_unseal +are part of the GSS-API V1 interface and are obsolete. The functions +should not be used for new applications. +They are provided so that version 1 applications can link against the +library. +.Pp +.Fn gss_krb5_copy_ccache +is an extension to the GSS-API API. +The function will extract the krb5 credential that are transfered from +the initiator to the acceptor when using token delegation in the +Kerberos mechanism. +The acceptor receives the delegated token in the last argument to +.Fn gss_accept_sec_context . +.Pp +.Nm gss_krb5_compat_des3_mic +turns on or off the compatibly with older version of Heimdal using +des3 get and verify mic, this is way to programmatically set the +[gssapi]broken_des3_mic and [gssapi]correct_des3_mic flags (see +COMPATIBILITY section in +.Xr gssapi 3 ) . +If the CPP symbol +.Dv GSS_C_KRB5_COMPAT_DES3_MIC +is present, +.Nm gss_krb5_compat_des3_mic +exists. +.Nm gss_krb5_compat_des3_mic +will be removed in a later version of the GSS-API library. +.Sh SEE ALSO +.Xr krb5 3 , +.Xr krb5_ccache 3 , +.Xr gssapi 3 , +.Xr kerberos 8 diff --git a/crypto/heimdal/lib/gssapi/gssapi.3 b/crypto/heimdal/lib/gssapi/gssapi.3 new file mode 100644 index 0000000..ff30042 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/gssapi.3 @@ -0,0 +1,158 @@ +.\" Copyright (c) 2003 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: gssapi.3,v 1.5.2.2 2003/04/30 09:56:26 lha Exp $ +.\" +.Dd January 23, 2003 +.Dt GSSAPI 3 +.Os +.Sh NAME +.Nm gssapi +.Nd Generic Security Service Application Program Interface library +.Sh LIBRARY +GSS-API Library (libgssapi, -lgssapi) +.Sh DESCRIPTION +The Generic Security Service Application Program Interface (GSS-API) +provides security services to callers in a generic fashion, +supportable with a range of underlying mechanisms and technologies and +hence allowing source-level portability of applications to different +environments. +.Sh LIST OF FUNCTIONS +These functions constitute the gssapi library, +.Em libgssapi . +Declarations for these functions may be obtained from the include file +.Pa gssapi.h . +.sp 2 +.nf +.ta \w'gss_inquire_names_for_mech'u+2n +\w'Description goes here'u +\fIName/Page\fP \fIDescription\fP +.ta \w'gss_inquire_names_for_mech'u+2n +\w'Description goes here'u+6nC +.sp 5p +gss_accept_sec_context.3 +gss_acquire_cred.3 +gss_add_cred.3 +gss_add_oid_set_member.3 +gss_canonicalize_name.3 +gss_compare_name.3 +gss_context_time.3 +gss_create_empty_oid_set.3 +gss_delete_sec_context.3 +gss_display_name.3 +gss_display_status.3 +gss_duplicate_name.3 +gss_export_name.3 +gss_export_sec_context.3 +gss_get_mic.3 +gss_import_name.3 +gss_import_sec_context.3 +gss_indicate_mechs.3 +gss_init_sec_context.3 +gss_inquire_context.3 +gss_inquire_cred.3 +gss_inquire_cred_by_mech.3 +gss_inquire_mechs_for_name.3 +gss_inquire_names_for_mech.3 +gss_krb5_copy_ccache.3 +gss_process_context_token.3 +gss_release_buffer.3 +gss_release_cred.3 +gss_release_name.3 +gss_release_oid_set.3 +gss_seal.3 +gss_sign.3 +gss_test_oid_set_member.3 +gss_unseal.3 +gss_unwrap.3 +gss_verify.3 +gss_verify_mic.3 +gss_wrap.3 +gss_wrap_size_limit.3 +.ta +.Fi +.Sh COMPATIBILITY +The +.Nm Heimdal +GSS-API implementation had a bug in releases before 0.6 that made it +fail to inter-operate when using DES3 with other GSS-API +implementations when using +.Fn gss_get_mic +/ +.Fn gss_verify_mic . +Its possible to modify the behavior of the generator of the MIC with +the +.Pa krb5.conf +configuration file so that old clients/servers will still +work. +.Pp +New clients/servers will try both the old and new MIC in Heimdal 0.6. +In 0.7 it will check only if configured and the compatibility code +will be removed in 0.8. +.Pp +Heimdal 0.6 still generates by default the broken GSS-API DES3 mic, +this will change in 0.7 to generate correct des3 mic. +.Pp +To turn on compatibility with older clients and servers, change the +.Nm [gssapi] +.Ar broken_des3_mic +in +.Pa krb5.conf +that contains a list of globbing expressions that will be matched +against the server name. +To turn off generation of the old (incompatible) mic of the MIC use +.Nm [gssapi] +.Ar correct_des3_mic . +.Pp +If a match for a entry is in both +.Nm [gssapi] +.Ar correct_des3_mic +and +.Nm [gssapi] +.Ar correct_des3_mic , +the later will override. +.Pp +This config option modifies behaviour for both clients and servers. +.Pp +Example: +.Bd -literal -offset indent +[gssapi] + broken_des3_mic = cvs/*@SU.SE + broken_des3_mic = host/*@E.KTH.SE + correct_des3_mic = host/*@SU.SE +.Ed +.Sh BUGS +All of 0.5.x versions of +.Nm heimdal +had broken token delegations in the client side, the server side was +correct. +.Sh SEE ALSO +.Xr krb5 3 , +.Xr krb5.conf 5 , +.Xr kerberos 8 diff --git a/crypto/heimdal/lib/gssapi/gssapi.h b/crypto/heimdal/lib/gssapi/gssapi.h index 82d4056..12ac426 100644 --- a/crypto/heimdal/lib/gssapi/gssapi.h +++ b/crypto/heimdal/lib/gssapi/gssapi.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: gssapi.h,v 1.21 2001/05/04 13:52:02 assar Exp $ */ +/* $Id: gssapi.h,v 1.26.2.2 2003/05/07 11:12:21 lha Exp $ */ #ifndef GSSAPI_H_ #define GSSAPI_H_ @@ -67,8 +67,10 @@ typedef struct gss_ctx_id_t_desc_struct { struct krb5_auth_context_data *auth_context; gss_name_t source, target; OM_uint32 flags; - enum { LOCAL = 1, OPEN = 2} more_flags; + enum { LOCAL = 1, OPEN = 2, + COMPAT_OLD_DES3 = 4, COMPAT_OLD_DES3_SELECTED = 8 } more_flags; struct krb5_ticket *ticket; + time_t lifetime; } gss_ctx_id_t_desc; typedef gss_ctx_id_t_desc *gss_ctx_id_t; @@ -211,6 +213,10 @@ typedef OM_uint32 gss_qop_t; */ #define GSS_C_INDEFINITE 0xfffffffful +#ifdef __cplusplus +extern "C" { +#endif + /* * The implementation must reserve static storage for a * gss_OID_desc object containing the value @@ -449,267 +455,267 @@ extern gss_OID GSS_KRB5_MECHANISM; */ OM_uint32 gss_acquire_cred - (OM_uint32 * minor_status, - const gss_name_t desired_name, - OM_uint32 time_req, - const gss_OID_set desired_mechs, - gss_cred_usage_t cred_usage, - gss_cred_id_t * output_cred_handle, - gss_OID_set * actual_mechs, - OM_uint32 * time_rec + (OM_uint32 * /*minor_status*/, + const gss_name_t /*desired_name*/, + OM_uint32 /*time_req*/, + const gss_OID_set /*desired_mechs*/, + gss_cred_usage_t /*cred_usage*/, + gss_cred_id_t * /*output_cred_handle*/, + gss_OID_set * /*actual_mechs*/, + OM_uint32 * /*time_rec*/ ); OM_uint32 gss_release_cred - (OM_uint32 * minor_status, - gss_cred_id_t * cred_handle + (OM_uint32 * /*minor_status*/, + gss_cred_id_t * /*cred_handle*/ ); OM_uint32 gss_init_sec_context - (OM_uint32 * minor_status, - const gss_cred_id_t initiator_cred_handle, - gss_ctx_id_t * context_handle, - const gss_name_t target_name, - const gss_OID mech_type, - OM_uint32 req_flags, - OM_uint32 time_req, - const gss_channel_bindings_t input_chan_bindings, - const gss_buffer_t input_token, - gss_OID * actual_mech_type, - gss_buffer_t output_token, - OM_uint32 * ret_flags, - OM_uint32 * time_rec + (OM_uint32 * /*minor_status*/, + const gss_cred_id_t /*initiator_cred_handle*/, + gss_ctx_id_t * /*context_handle*/, + const gss_name_t /*target_name*/, + const gss_OID /*mech_type*/, + OM_uint32 /*req_flags*/, + OM_uint32 /*time_req*/, + const gss_channel_bindings_t /*input_chan_bindings*/, + const gss_buffer_t /*input_token*/, + gss_OID * /*actual_mech_type*/, + gss_buffer_t /*output_token*/, + OM_uint32 * /*ret_flags*/, + OM_uint32 * /*time_rec*/ ); OM_uint32 gss_accept_sec_context - (OM_uint32 * minor_status, - gss_ctx_id_t * context_handle, - const gss_cred_id_t acceptor_cred_handle, - const gss_buffer_t input_token_buffer, - const gss_channel_bindings_t input_chan_bindings, - gss_name_t * src_name, - gss_OID * mech_type, - gss_buffer_t output_token, - OM_uint32 * ret_flags, - OM_uint32 * time_rec, - gss_cred_id_t * delegated_cred_handle + (OM_uint32 * /*minor_status*/, + gss_ctx_id_t * /*context_handle*/, + const gss_cred_id_t /*acceptor_cred_handle*/, + const gss_buffer_t /*input_token_buffer*/, + const gss_channel_bindings_t /*input_chan_bindings*/, + gss_name_t * /*src_name*/, + gss_OID * /*mech_type*/, + gss_buffer_t /*output_token*/, + OM_uint32 * /*ret_flags*/, + OM_uint32 * /*time_rec*/, + gss_cred_id_t * /*delegated_cred_handle*/ ); OM_uint32 gss_process_context_token - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - const gss_buffer_t token_buffer + (OM_uint32 * /*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + const gss_buffer_t /*token_buffer*/ ); OM_uint32 gss_delete_sec_context - (OM_uint32 * minor_status, - gss_ctx_id_t * context_handle, - gss_buffer_t output_token + (OM_uint32 * /*minor_status*/, + gss_ctx_id_t * /*context_handle*/, + gss_buffer_t /*output_token*/ ); OM_uint32 gss_context_time - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - OM_uint32 * time_rec + (OM_uint32 * /*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + OM_uint32 * /*time_rec*/ ); OM_uint32 gss_get_mic - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - gss_qop_t qop_req, - const gss_buffer_t message_buffer, - gss_buffer_t message_token + (OM_uint32 * /*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + gss_qop_t /*qop_req*/, + const gss_buffer_t /*message_buffer*/, + gss_buffer_t /*message_token*/ ); OM_uint32 gss_verify_mic - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - const gss_buffer_t message_buffer, - const gss_buffer_t token_buffer, - gss_qop_t * qop_state + (OM_uint32 * /*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + const gss_buffer_t /*message_buffer*/, + const gss_buffer_t /*token_buffer*/, + gss_qop_t * /*qop_state*/ ); OM_uint32 gss_wrap - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - int conf_req_flag, - gss_qop_t qop_req, - const gss_buffer_t input_message_buffer, - int * conf_state, - gss_buffer_t output_message_buffer + (OM_uint32 * /*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + int /*conf_req_flag*/, + gss_qop_t /*qop_req*/, + const gss_buffer_t /*input_message_buffer*/, + int * /*conf_state*/, + gss_buffer_t /*output_message_buffer*/ ); OM_uint32 gss_unwrap - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - const gss_buffer_t input_message_buffer, - gss_buffer_t output_message_buffer, - int * conf_state, - gss_qop_t * qop_state + (OM_uint32 * /*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + const gss_buffer_t /*input_message_buffer*/, + gss_buffer_t /*output_message_buffer*/, + int * /*conf_state*/, + gss_qop_t * /*qop_state*/ ); OM_uint32 gss_display_status - (OM_uint32 * minor_status, - OM_uint32 status_value, - int status_type, - const gss_OID mech_type, - OM_uint32 * message_context, - gss_buffer_t status_string + (OM_uint32 * /*minor_status*/, + OM_uint32 /*status_value*/, + int /*status_type*/, + const gss_OID /*mech_type*/, + OM_uint32 * /*message_context*/, + gss_buffer_t /*status_string*/ ); OM_uint32 gss_indicate_mechs - (OM_uint32 * minor_status, - gss_OID_set * mech_set + (OM_uint32 * /*minor_status*/, + gss_OID_set * /*mech_set*/ ); OM_uint32 gss_compare_name - (OM_uint32 * minor_status, - const gss_name_t name1, - const gss_name_t name2, - int * name_equal + (OM_uint32 * /*minor_status*/, + const gss_name_t /*name1*/, + const gss_name_t /*name2*/, + int * /*name_equal*/ ); OM_uint32 gss_display_name - (OM_uint32 * minor_status, - const gss_name_t input_name, - gss_buffer_t output_name_buffer, - gss_OID * output_name_type + (OM_uint32 * /*minor_status*/, + const gss_name_t /*input_name*/, + gss_buffer_t /*output_name_buffer*/, + gss_OID * /*output_name_type*/ ); OM_uint32 gss_import_name - (OM_uint32 * minor_status, - const gss_buffer_t input_name_buffer, - const gss_OID input_name_type, - gss_name_t * output_name + (OM_uint32 * /*minor_status*/, + const gss_buffer_t /*input_name_buffer*/, + const gss_OID /*input_name_type*/, + gss_name_t * /*output_name*/ ); OM_uint32 gss_export_name - (OM_uint32 * minor_status, - const gss_name_t input_name, - gss_buffer_t exported_name + (OM_uint32 * /*minor_status*/, + const gss_name_t /*input_name*/, + gss_buffer_t /*exported_name*/ ); OM_uint32 gss_release_name - (OM_uint32 * minor_status, - gss_name_t * input_name + (OM_uint32 * /*minor_status*/, + gss_name_t * /*input_name*/ ); OM_uint32 gss_release_buffer - (OM_uint32 * minor_status, - gss_buffer_t buffer + (OM_uint32 * /*minor_status*/, + gss_buffer_t /*buffer*/ ); OM_uint32 gss_release_oid_set - (OM_uint32 * minor_status, - gss_OID_set * set + (OM_uint32 * /*minor_status*/, + gss_OID_set * /*set*/ ); OM_uint32 gss_inquire_cred - (OM_uint32 * minor_status, - const gss_cred_id_t cred_handle, - gss_name_t * name, - OM_uint32 * lifetime, - gss_cred_usage_t * cred_usage, - gss_OID_set * mechanisms + (OM_uint32 * /*minor_status*/, + const gss_cred_id_t /*cred_handle*/, + gss_name_t * /*name*/, + OM_uint32 * /*lifetime*/, + gss_cred_usage_t * /*cred_usage*/, + gss_OID_set * /*mechanisms*/ ); OM_uint32 gss_inquire_context ( - OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - gss_name_t * src_name, - gss_name_t * targ_name, - OM_uint32 * lifetime_rec, - gss_OID * mech_type, - OM_uint32 * ctx_flags, - int * locally_initiated, - int * open + OM_uint32 * /*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + gss_name_t * /*src_name*/, + gss_name_t * /*targ_name*/, + OM_uint32 * /*lifetime_rec*/, + gss_OID * /*mech_type*/, + OM_uint32 * /*ctx_flags*/, + int * /*locally_initiated*/, + int * /*open_context*/ ); OM_uint32 gss_wrap_size_limit ( - OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - int conf_req_flag, - gss_qop_t qop_req, - OM_uint32 req_output_size, - OM_uint32 * max_input_size + OM_uint32 * /*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + int /*conf_req_flag*/, + gss_qop_t /*qop_req*/, + OM_uint32 /*req_output_size*/, + OM_uint32 * /*max_input_size*/ ); OM_uint32 gss_add_cred ( - OM_uint32 * minor_status, - const gss_cred_id_t input_cred_handle, - const gss_name_t desired_name, - const gss_OID desired_mech, - gss_cred_usage_t cred_usage, - OM_uint32 initiator_time_req, - OM_uint32 acceptor_time_req, - gss_cred_id_t * output_cred_handle, - gss_OID_set * actual_mechs, - OM_uint32 * initiator_time_rec, - OM_uint32 * acceptor_time_rec + OM_uint32 * /*minor_status*/, + const gss_cred_id_t /*input_cred_handle*/, + const gss_name_t /*desired_name*/, + const gss_OID /*desired_mech*/, + gss_cred_usage_t /*cred_usage*/, + OM_uint32 /*initiator_time_req*/, + OM_uint32 /*acceptor_time_req*/, + gss_cred_id_t * /*output_cred_handle*/, + gss_OID_set * /*actual_mechs*/, + OM_uint32 * /*initiator_time_rec*/, + OM_uint32 * /*acceptor_time_rec*/ ); OM_uint32 gss_inquire_cred_by_mech ( - OM_uint32 * minor_status, - const gss_cred_id_t cred_handle, - const gss_OID mech_type, - gss_name_t * name, - OM_uint32 * initiator_lifetime, - OM_uint32 * acceptor_lifetime, - gss_cred_usage_t * cred_usage + OM_uint32 * /*minor_status*/, + const gss_cred_id_t /*cred_handle*/, + const gss_OID /*mech_type*/, + gss_name_t * /*name*/, + OM_uint32 * /*initiator_lifetime*/, + OM_uint32 * /*acceptor_lifetime*/, + gss_cred_usage_t * /*cred_usage*/ ); OM_uint32 gss_export_sec_context ( - OM_uint32 * minor_status, - gss_ctx_id_t * context_handle, - gss_buffer_t interprocess_token + OM_uint32 * /*minor_status*/, + gss_ctx_id_t * /*context_handle*/, + gss_buffer_t /*interprocess_token*/ ); OM_uint32 gss_import_sec_context ( - OM_uint32 * minor_status, - const gss_buffer_t interprocess_token, - gss_ctx_id_t * context_handle + OM_uint32 * /*minor_status*/, + const gss_buffer_t /*interprocess_token*/, + gss_ctx_id_t * /*context_handle*/ ); OM_uint32 gss_create_empty_oid_set ( - OM_uint32 * minor_status, - gss_OID_set * oid_set + OM_uint32 * /*minor_status*/, + gss_OID_set * /*oid_set*/ ); OM_uint32 gss_add_oid_set_member ( - OM_uint32 * minor_status, - const gss_OID member_oid, - gss_OID_set * oid_set + OM_uint32 * /*minor_status*/, + const gss_OID /*member_oid*/, + gss_OID_set * /*oid_set*/ ); OM_uint32 gss_test_oid_set_member ( - OM_uint32 * minor_status, - const gss_OID member, - const gss_OID_set set, - int * present + OM_uint32 * /*minor_status*/, + const gss_OID /*member*/, + const gss_OID_set /*set*/, + int * /*present*/ ); OM_uint32 gss_inquire_names_for_mech ( - OM_uint32 * minor_status, - const gss_OID mechanism, - gss_OID_set * name_types + OM_uint32 * /*minor_status*/, + const gss_OID /*mechanism*/, + gss_OID_set * /*name_types*/ ); OM_uint32 gss_inquire_mechs_for_name ( - OM_uint32 * minor_status, - const gss_name_t input_name, - gss_OID_set * mech_types + OM_uint32 * /*minor_status*/, + const gss_name_t /*input_name*/, + gss_OID_set * /*mech_types*/ ); OM_uint32 gss_canonicalize_name ( - OM_uint32 * minor_status, - const gss_name_t input_name, - const gss_OID mech_type, - gss_name_t * output_name + OM_uint32 * /*minor_status*/, + const gss_name_t /*input_name*/, + const gss_OID /*mech_type*/, + gss_name_t * /*output_name*/ ); OM_uint32 gss_duplicate_name ( - OM_uint32 * minor_status, - const gss_name_t src_name, - gss_name_t * dest_name + OM_uint32 * /*minor_status*/, + const gss_name_t /*src_name*/, + gss_name_t * /*dest_name*/ ); /* @@ -724,38 +730,38 @@ OM_uint32 gss_duplicate_name ( */ OM_uint32 gss_sign - (OM_uint32 * minor_status, - gss_ctx_id_t context_handle, - int qop_req, - gss_buffer_t message_buffer, - gss_buffer_t message_token + (OM_uint32 * /*minor_status*/, + gss_ctx_id_t /*context_handle*/, + int /*qop_req*/, + gss_buffer_t /*message_buffer*/, + gss_buffer_t /*message_token*/ ); OM_uint32 gss_verify - (OM_uint32 * minor_status, - gss_ctx_id_t context_handle, - gss_buffer_t message_buffer, - gss_buffer_t token_buffer, - int * qop_state + (OM_uint32 * /*minor_status*/, + gss_ctx_id_t /*context_handle*/, + gss_buffer_t /*message_buffer*/, + gss_buffer_t /*token_buffer*/, + int * /*qop_state*/ ); OM_uint32 gss_seal - (OM_uint32 * minor_status, - gss_ctx_id_t context_handle, - int conf_req_flag, - int qop_req, - gss_buffer_t input_message_buffer, - int * conf_state, - gss_buffer_t output_message_buffer + (OM_uint32 * /*minor_status*/, + gss_ctx_id_t /*context_handle*/, + int /*conf_req_flag*/, + int /*qop_req*/, + gss_buffer_t /*input_message_buffer*/, + int * /*conf_state*/, + gss_buffer_t /*output_message_buffer*/ ); OM_uint32 gss_unseal - (OM_uint32 * minor_status, - gss_ctx_id_t context_handle, - gss_buffer_t input_message_buffer, - gss_buffer_t output_message_buffer, - int * conf_state, - int * qop_state + (OM_uint32 * /*minor_status*/, + gss_ctx_id_t /*context_handle*/, + gss_buffer_t /*input_message_buffer*/, + gss_buffer_t /*output_message_buffer*/, + int * /*conf_state*/, + int * /*qop_state*/ ); /* @@ -763,11 +769,20 @@ OM_uint32 gss_unseal */ OM_uint32 gsskrb5_register_acceptor_identity - (char *identity); + (const char */*identity*/); OM_uint32 gss_krb5_copy_ccache - (OM_uint32 *minor, - gss_cred_id_t cred, - struct krb5_ccache_data *out); + (OM_uint32 */*minor*/, + gss_cred_id_t /*cred*/, + struct krb5_ccache_data */*out*/); + +#define GSS_C_KRB5_COMPAT_DES3_MIC 1 + +OM_uint32 +gss_krb5_compat_des3_mic(OM_uint32 *, gss_ctx_id_t, int); + +#ifdef __cplusplus +} +#endif #endif /* GSSAPI_H_ */ diff --git a/crypto/heimdal/lib/gssapi/gssapi_locl.h b/crypto/heimdal/lib/gssapi/gssapi_locl.h index 65bd273..a27b27a 100644 --- a/crypto/heimdal/lib/gssapi/gssapi_locl.h +++ b/crypto/heimdal/lib/gssapi/gssapi_locl.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: gssapi_locl.h,v 1.21 2001/08/29 02:21:09 assar Exp $ */ +/* $Id: gssapi_locl.h,v 1.24 2003/03/16 17:30:15 lha Exp $ */ #ifndef GSSAPI_LOCL_H #define GSSAPI_LOCL_H @@ -50,6 +50,14 @@ extern krb5_keytab gssapi_krb5_keytab; krb5_error_code gssapi_krb5_init (void); +#define GSSAPI_KRB5_INIT() do { \ + krb5_error_code kret; \ + if((kret = gssapi_krb5_init ()) != 0) { \ + *minor_status = kret; \ + return GSS_S_FAILURE; \ + } \ +} while (0) + OM_uint32 gssapi_krb5_create_8003_checksum ( OM_uint32 *minor_status, @@ -96,6 +104,14 @@ gssapi_krb5_verify_header(u_char **str, char *type); OM_uint32 +gss_verify_mic_internal(OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + const gss_buffer_t message_buffer, + const gss_buffer_t token_buffer, + gss_qop_t * qop_state, + char * type); + +OM_uint32 gss_krb5_get_remotekey(const gss_ctx_id_t context_handle, krb5_keyblock **key); @@ -117,10 +133,16 @@ gss_address_to_krb5addr(OM_uint32 gss_addr_type, #define SC_LOCAL_SUBKEY 0x08 #define SC_REMOTE_SUBKEY 0x10 +int +gss_oid_equal(const gss_OID a, const gss_OID b); + void gssapi_krb5_set_error_string (void); char * gssapi_krb5_get_error_string (void); +OM_uint32 +_gss_DES3_get_mic_compat(OM_uint32 *minor_status, gss_ctx_id_t ctx); + #endif diff --git a/crypto/heimdal/lib/gssapi/import_name.c b/crypto/heimdal/lib/gssapi/import_name.c index 2f2ec1a..423e757 100644 --- a/crypto/heimdal/lib/gssapi/import_name.c +++ b/crypto/heimdal/lib/gssapi/import_name.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,14 +33,36 @@ #include "gssapi_locl.h" -RCSID("$Id: import_name.c,v 1.11 2002/06/20 20:05:42 nectar Exp $"); +RCSID("$Id: import_name.c,v 1.13 2003/03/16 17:33:31 lha Exp $"); + +static OM_uint32 +parse_krb5_name (OM_uint32 *minor_status, + const char *name, + gss_name_t *output_name) +{ + krb5_error_code kerr; + + kerr = krb5_parse_name (gssapi_krb5_context, name, output_name); + + if (kerr == 0) + return GSS_S_COMPLETE; + else if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED) { + gssapi_krb5_set_error_string (); + *minor_status = kerr; + return GSS_S_BAD_NAME; + } else { + gssapi_krb5_set_error_string (); + *minor_status = kerr; + return GSS_S_FAILURE; + } +} static OM_uint32 import_krb5_name (OM_uint32 *minor_status, const gss_buffer_t input_name_buffer, gss_name_t *output_name) { - krb5_error_code kerr; + OM_uint32 ret; char *tmp; tmp = malloc (input_name_buffer->length + 1); @@ -53,21 +75,10 @@ import_krb5_name (OM_uint32 *minor_status, input_name_buffer->length); tmp[input_name_buffer->length] = '\0'; - kerr = krb5_parse_name (gssapi_krb5_context, - tmp, - output_name); - free (tmp); - if (kerr == 0) - return GSS_S_COMPLETE; - else if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED) { - gssapi_krb5_set_error_string (); - *minor_status = kerr; - return GSS_S_BAD_NAME; - } else { - gssapi_krb5_set_error_string (); - *minor_status = kerr; - return GSS_S_FAILURE; - } + ret = parse_krb5_name(minor_status, tmp, output_name); + free(tmp); + + return ret; } static OM_uint32 @@ -81,6 +92,8 @@ import_hostbased_name (OM_uint32 *minor_status, char *host; char local_hostname[MAXHOSTNAMELEN]; + *output_name = NULL; + tmp = malloc (input_name_buffer->length + 1); if (tmp == NULL) { *minor_status = ENOMEM; @@ -124,8 +137,55 @@ import_hostbased_name (OM_uint32 *minor_status, } } -static int -oid_equal(const gss_OID a, const gss_OID b) +static OM_uint32 +import_export_name (OM_uint32 *minor_status, + const gss_buffer_t input_name_buffer, + gss_name_t *output_name) +{ + unsigned char *p; + uint32_t length; + OM_uint32 ret; + char *name; + + if (input_name_buffer->length < 10 + GSS_KRB5_MECHANISM->length) + return GSS_S_BAD_NAME; + + /* TOK, MECH_OID_LEN, DER(MECH_OID), NAME_LEN, NAME */ + + p = input_name_buffer->value; + + if (memcmp(&p[0], "\x04\x01\x00", 3) != 0 || + p[3] != GSS_KRB5_MECHANISM->length + 2 || + p[4] != 0x06 || + p[5] != GSS_KRB5_MECHANISM->length || + memcmp(&p[6], GSS_KRB5_MECHANISM->elements, + GSS_KRB5_MECHANISM->length) != 0) + return GSS_S_BAD_NAME; + + p += 6 + GSS_KRB5_MECHANISM->length; + + length = p[0] << 24 | p[1] << 16 | p[2] << 8 | p[3]; + p += 4; + + if (length > input_name_buffer->length - 10 - GSS_KRB5_MECHANISM->length) + return GSS_S_BAD_NAME; + + name = malloc(length + 1); + if (name == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + memcpy(name, p, length); + name[length] = '\0'; + + ret = parse_krb5_name(minor_status, name, output_name); + free(name); + + return ret; +} + +int +gss_oid_equal(const gss_OID a, const gss_OID b) { if (a == b) return 1; @@ -142,20 +202,27 @@ OM_uint32 gss_import_name gss_name_t * output_name ) { - gssapi_krb5_init (); + GSSAPI_KRB5_INIT (); - if (oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE)) + *minor_status = 0; + *output_name = GSS_C_NO_NAME; + + if (gss_oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE)) return import_hostbased_name (minor_status, input_name_buffer, output_name); - else if (input_name_type == GSS_C_NO_OID - || oid_equal(input_name_type, GSS_C_NT_USER_NAME) - || oid_equal(input_name_type, GSS_KRB5_NT_PRINCIPAL_NAME)) + else if (gss_oid_equal(input_name_type, GSS_C_NO_OID) + || gss_oid_equal(input_name_type, GSS_C_NT_USER_NAME) + || gss_oid_equal(input_name_type, GSS_KRB5_NT_PRINCIPAL_NAME)) /* default printable syntax */ return import_krb5_name (minor_status, input_name_buffer, output_name); - else { + else if (gss_oid_equal(input_name_type, GSS_C_NT_EXPORT_NAME)) { + return import_export_name(minor_status, + input_name_buffer, + output_name); + } else { *minor_status = 0; return GSS_S_BAD_NAMETYPE; } diff --git a/crypto/heimdal/lib/gssapi/import_sec_context.c b/crypto/heimdal/lib/gssapi/import_sec_context.c index c84f3b6..2daa573 100644 --- a/crypto/heimdal/lib/gssapi/import_sec_context.c +++ b/crypto/heimdal/lib/gssapi/import_sec_context.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: import_sec_context.c,v 1.5 2001/05/11 09:16:46 assar Exp $"); +RCSID("$Id: import_sec_context.c,v 1.7 2003/03/16 18:01:32 lha Exp $"); OM_uint32 gss_import_sec_context ( @@ -55,7 +55,9 @@ gss_import_sec_context ( int32_t flags; OM_uint32 minor; - gssapi_krb5_init (); + GSSAPI_KRB5_INIT (); + + localp = remotep = NULL; sp = krb5_storage_from_mem (interprocess_token->value, interprocess_token->length); @@ -83,99 +85,113 @@ gss_import_sec_context ( /* flags */ - krb5_ret_int32 (sp, &flags); + *minor_status = 0; + + if (krb5_ret_int32 (sp, &flags) != 0) + goto failure; /* retrieve the auth context */ ac = (*context_handle)->auth_context; krb5_ret_int32 (sp, &ac->flags); - if (flags & SC_LOCAL_ADDRESS) - krb5_ret_address (sp, localp = &local); - else - localp = NULL; - if (flags & SC_REMOTE_ADDRESS) - krb5_ret_address (sp, remotep = &remote); - else - remotep = NULL; + if (flags & SC_LOCAL_ADDRESS) { + if (krb5_ret_address (sp, localp = &local) != 0) + goto failure; + } + + if (flags & SC_REMOTE_ADDRESS) { + if (krb5_ret_address (sp, remotep = &remote) != 0) + goto failure; + } + krb5_auth_con_setaddrs (gssapi_krb5_context, ac, localp, remotep); if (localp) krb5_free_address (gssapi_krb5_context, localp); if (remotep) krb5_free_address (gssapi_krb5_context, remotep); - krb5_ret_int16 (sp, &ac->local_port); - krb5_ret_int16 (sp, &ac->remote_port); + localp = remotep = NULL; + + if (krb5_ret_int16 (sp, &ac->local_port) != 0) + goto failure; + + if (krb5_ret_int16 (sp, &ac->remote_port) != 0) + goto failure; if (flags & SC_KEYBLOCK) { - krb5_ret_keyblock (sp, &keyblock); + if (krb5_ret_keyblock (sp, &keyblock) != 0) + goto failure; krb5_auth_con_setkey (gssapi_krb5_context, ac, &keyblock); krb5_free_keyblock_contents (gssapi_krb5_context, &keyblock); } if (flags & SC_LOCAL_SUBKEY) { - krb5_ret_keyblock (sp, &keyblock); + if (krb5_ret_keyblock (sp, &keyblock) != 0) + goto failure; krb5_auth_con_setlocalsubkey (gssapi_krb5_context, ac, &keyblock); krb5_free_keyblock_contents (gssapi_krb5_context, &keyblock); } if (flags & SC_REMOTE_SUBKEY) { - krb5_ret_keyblock (sp, &keyblock); + if (krb5_ret_keyblock (sp, &keyblock) != 0) + goto failure; krb5_auth_con_setremotesubkey (gssapi_krb5_context, ac, &keyblock); krb5_free_keyblock_contents (gssapi_krb5_context, &keyblock); } - krb5_ret_int32 (sp, &ac->local_seqnumber); - krb5_ret_int32 (sp, &ac->remote_seqnumber); - -#if 0 - { - size_t sz; - - krb5_ret_data (sp, &data); - ac->authenticator = malloc (sizeof (*ac->authenticator)); - if (ac->authenticator == NULL) { - *minor_status = ENOMEM; - ret = GSS_S_FAILURE; - goto failure; - } - - kret = decode_Authenticator (data.data, data.length, - ac->authenticator, &sz); - krb5_data_free (&data); - if (kret) { - *minor_status = kret; - ret = GSS_S_FAILURE; - goto failure; - } - } -#endif + if (krb5_ret_int32 (sp, &ac->local_seqnumber)) + goto failure; + if (krb5_ret_int32 (sp, &ac->remote_seqnumber)) + goto failure; - krb5_ret_int32 (sp, &tmp); + if (krb5_ret_int32 (sp, &tmp) != 0) + goto failure; ac->keytype = tmp; - krb5_ret_int32 (sp, &tmp); + if (krb5_ret_int32 (sp, &tmp) != 0) + goto failure; ac->cksumtype = tmp; /* names */ - krb5_ret_data (sp, &data); + if (krb5_ret_data (sp, &data)) + goto failure; buffer.value = data.data; buffer.length = data.length; - ret = gss_import_name (minor_status, &buffer, GSS_C_NO_OID, + ret = gss_import_name (minor_status, &buffer, GSS_C_NT_EXPORT_NAME, &(*context_handle)->source); + if (ret) { + ret = gss_import_name (minor_status, &buffer, GSS_C_NO_OID, + &(*context_handle)->source); + if (ret) { + krb5_data_free (&data); + goto failure; + } + } krb5_data_free (&data); - if (ret) - goto failure; - krb5_ret_data (sp, &data); + if (krb5_ret_data (sp, &data) != 0) + goto failure; buffer.value = data.data; buffer.length = data.length; - ret = gss_import_name (minor_status, &buffer, GSS_C_NO_OID, + ret = gss_import_name (minor_status, &buffer, GSS_C_NT_EXPORT_NAME, &(*context_handle)->target); + if (ret) { + ret = gss_import_name (minor_status, &buffer, GSS_C_NO_OID, + &(*context_handle)->target); + if (ret) { + krb5_data_free (&data); + goto failure; + } + } krb5_data_free (&data); - if (ret) - goto failure; - krb5_ret_int32 (sp, &tmp); + if (krb5_ret_int32 (sp, &tmp)) + goto failure; (*context_handle)->flags = tmp; - krb5_ret_int32 (sp, &tmp); + if (krb5_ret_int32 (sp, &tmp)) + goto failure; (*context_handle)->more_flags = tmp; + if (krb5_ret_int32 (sp, &tmp) == 0) + (*context_handle)->lifetime = tmp; + else + (*context_handle)->lifetime = GSS_C_INDEFINITE; return GSS_S_COMPLETE; @@ -186,6 +202,10 @@ failure: gss_release_name(&minor, &(*context_handle)->source); if ((*context_handle)->target != NULL) gss_release_name(&minor, &(*context_handle)->target); + if (localp) + krb5_free_address (gssapi_krb5_context, localp); + if (remotep) + krb5_free_address (gssapi_krb5_context, remotep); free (*context_handle); *context_handle = GSS_C_NO_CONTEXT; return ret; diff --git a/crypto/heimdal/lib/gssapi/indicate_mechs.c b/crypto/heimdal/lib/gssapi/indicate_mechs.c index c77d177..89191bb 100644 --- a/crypto/heimdal/lib/gssapi/indicate_mechs.c +++ b/crypto/heimdal/lib/gssapi/indicate_mechs.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,25 +33,23 @@ #include "gssapi_locl.h" -RCSID("$Id: indicate_mechs.c,v 1.4 2001/02/18 03:39:09 assar Exp $"); +RCSID("$Id: indicate_mechs.c,v 1.5 2003/03/16 17:38:20 lha Exp $"); OM_uint32 gss_indicate_mechs (OM_uint32 * minor_status, gss_OID_set * mech_set ) { - *mech_set = malloc(sizeof(**mech_set)); - if (*mech_set == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - (*mech_set)->count = 1; - (*mech_set)->elements = malloc((*mech_set)->count * sizeof(gss_OID_desc)); - if ((*mech_set)->elements == NULL) { - free (*mech_set); - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - (*mech_set)->elements[0] = *GSS_KRB5_MECHANISM; + OM_uint32 ret; + + ret = gss_create_empty_oid_set(minor_status, mech_set); + if (ret) + return ret; + + ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, mech_set); + if (ret) + return ret; + + *minor_status = 0; return GSS_S_COMPLETE; } diff --git a/crypto/heimdal/lib/gssapi/init_sec_context.c b/crypto/heimdal/lib/gssapi/init_sec_context.c index 2cef3a9..6473038 100644 --- a/crypto/heimdal/lib/gssapi/init_sec_context.c +++ b/crypto/heimdal/lib/gssapi/init_sec_context.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: init_sec_context.c,v 1.31 2002/09/02 17:16:12 joda Exp $"); +RCSID("$Id: init_sec_context.c,v 1.36 2003/03/16 18:00:00 lha Exp $"); /* * copy the addresses from `input_chan_bindings' (if any) to @@ -111,21 +111,11 @@ do_delegation (krb5_auth_context ac, { krb5_creds creds; krb5_kdc_flags fwd_flags; - krb5_keyblock *subkey; krb5_error_code kret; memset (&creds, 0, sizeof(creds)); krb5_data_zero (fwd_data); - kret = krb5_generate_subkey (gssapi_krb5_context, &cred->session, &subkey); - if (kret) - goto out; - - kret = krb5_auth_con_setlocalsubkey(gssapi_krb5_context, ac, subkey); - krb5_free_keyblock (gssapi_krb5_context, subkey); - if (kret) - goto out; - kret = krb5_cc_get_principal(gssapi_krb5_context, ccache, &creds.client); if (kret) goto out; @@ -204,9 +194,6 @@ init_auth krb5_enctype enctype; krb5_data fwd_data; - output_token->length = 0; - output_token->value = NULL; - krb5_data_zero(&outbuf); krb5_data_zero(&fwd_data); @@ -224,6 +211,7 @@ init_auth (*context_handle)->flags = 0; (*context_handle)->more_flags = 0; (*context_handle)->ticket = NULL; + (*context_handle)->lifetime = GSS_C_INDEFINITE; kret = krb5_auth_con_init (gssapi_krb5_context, &(*context_handle)->auth_context); @@ -288,10 +276,15 @@ init_auth goto failure; } + ret = _gss_DES3_get_mic_compat(minor_status, *context_handle); + if (ret) + goto failure; + + memset(&this_cred, 0, sizeof(this_cred)); this_cred.client = (*context_handle)->source; this_cred.server = (*context_handle)->target; - if (time_req) { + if (time_req && time_req != GSS_C_INDEFINITE) { krb5_timestamp ts; krb5_timeofday (gssapi_krb5_context, &ts); @@ -313,10 +306,22 @@ init_auth goto failure; } + (*context_handle)->lifetime = cred->times.endtime; + krb5_auth_con_setkey(gssapi_krb5_context, (*context_handle)->auth_context, &cred->session); + kret = krb5_auth_con_generatelocalsubkey(gssapi_krb5_context, + (*context_handle)->auth_context, + &cred->session); + if(kret) { + gssapi_krb5_set_error_string (); + *minor_status = kret; + ret = GSS_S_FAILURE; + goto failure; + } + flags = 0; ap_options = 0; if (req_flags & GSS_C_DELEG_FLAG) @@ -342,7 +347,7 @@ init_auth if (ret_flags) *ret_flags = flags; (*context_handle)->flags = flags; - (*context_handle)->more_flags = LOCAL; + (*context_handle)->more_flags |= LOCAL; ret = gssapi_krb5_create_8003_checksum (minor_status, input_chan_bindings, @@ -367,16 +372,6 @@ init_auth } #endif - kret = krb5_auth_con_generatelocalsubkey(gssapi_krb5_context, - (*context_handle)->auth_context, - &cred->session); - if(kret) { - gssapi_krb5_set_error_string (); - *minor_status = kret; - ret = GSS_S_FAILURE; - goto failure; - } - kret = krb5_build_authenticator (gssapi_krb5_context, (*context_handle)->auth_context, enctype, @@ -417,6 +412,9 @@ init_auth if (flags & GSS_C_MUTUAL_FLAG) { return GSS_S_CONTINUE_NEEDED; } else { + if (time_rec) + *time_rec = (*context_handle)->lifetime; + (*context_handle)->more_flags |= OPEN; return GSS_S_COMPLETE; } @@ -458,6 +456,12 @@ repl_mutual krb5_data indata; krb5_ap_rep_enc_part *repl; + output_token->length = 0; + output_token->value = NULL; + + if (actual_mech_type) + *actual_mech_type = GSS_KRB5_MECHANISM; + ret = gssapi_krb5_decapsulate (minor_status, input_token, &indata, "\x02\x00"); if (ret) @@ -476,10 +480,14 @@ repl_mutual krb5_free_ap_rep_enc_part (gssapi_krb5_context, repl); - output_token->length = 0; - (*context_handle)->more_flags |= OPEN; + + if (time_rec) + *time_rec = (*context_handle)->lifetime; + if (ret_flags) + *ret_flags = (*context_handle)->flags; + *minor_status = 0; return GSS_S_COMPLETE; } @@ -503,7 +511,22 @@ OM_uint32 gss_init_sec_context OM_uint32 * time_rec ) { - gssapi_krb5_init (); + GSSAPI_KRB5_INIT (); + + output_token->length = 0; + output_token->value = NULL; + + if (ret_flags) + *ret_flags = 0; + if (time_rec) + *time_rec = 0; + + if (target_name == GSS_C_NO_NAME) { + if (actual_mech_type) + *actual_mech_type = GSS_C_NO_OID; + *minor_status = 0; + return GSS_S_BAD_NAME; + } if (input_token == GSS_C_NO_BUFFER || input_token->length == 0) return init_auth (minor_status, diff --git a/crypto/heimdal/lib/gssapi/inquire_context.c b/crypto/heimdal/lib/gssapi/inquire_context.c index 6463253..95cd2c5 100644 --- a/crypto/heimdal/lib/gssapi/inquire_context.c +++ b/crypto/heimdal/lib/gssapi/inquire_context.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1997, 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: inquire_context.c,v 1.3 1999/12/02 17:05:04 joda Exp $"); +RCSID("$Id: inquire_context.c,v 1.5 2003/03/16 17:43:30 lha Exp $"); OM_uint32 gss_inquire_context ( OM_uint32 * minor_status, @@ -44,7 +44,7 @@ OM_uint32 gss_inquire_context ( gss_OID * mech_type, OM_uint32 * ctx_flags, int * locally_initiated, - int * open + int * open_context ) { OM_uint32 ret; @@ -66,7 +66,7 @@ OM_uint32 gss_inquire_context ( } if (lifetime_rec) - *lifetime_rec = GSS_C_INDEFINITE; + *lifetime_rec = context_handle->lifetime; if (mech_type) *mech_type = GSS_KRB5_MECHANISM; @@ -77,8 +77,9 @@ OM_uint32 gss_inquire_context ( if (locally_initiated) *locally_initiated = context_handle->more_flags & LOCAL; - if (open) - *open = context_handle->more_flags & OPEN; + if (open_context) + *open_context = context_handle->more_flags & OPEN; + *minor_status = 0; return GSS_S_COMPLETE; } diff --git a/crypto/heimdal/lib/gssapi/inquire_cred.c b/crypto/heimdal/lib/gssapi/inquire_cred.c index 62f3f50..4938d56 100644 --- a/crypto/heimdal/lib/gssapi/inquire_cred.c +++ b/crypto/heimdal/lib/gssapi/inquire_cred.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1997, 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: inquire_cred.c,v 1.3 2002/08/20 12:02:45 nectar Exp $"); +RCSID("$Id: inquire_cred.c,v 1.4 2003/03/16 17:42:14 lha Exp $"); OM_uint32 gss_inquire_cred (OM_uint32 * minor_status, @@ -46,6 +46,13 @@ OM_uint32 gss_inquire_cred { OM_uint32 ret; + *minor_status = 0; + + if (name) + *name = NULL; + if (mechanisms) + *mechanisms = GSS_C_NO_OID_SET; + if (cred_handle == GSS_C_NO_CREDENTIAL) { return GSS_S_FAILURE; } diff --git a/crypto/heimdal/lib/gssapi/inquire_cred_by_mech.c b/crypto/heimdal/lib/gssapi/inquire_cred_by_mech.c new file mode 100644 index 0000000..b09d1e1 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/inquire_cred_by_mech.c @@ -0,0 +1,80 @@ +/* + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gssapi_locl.h" + +RCSID("$Id: inquire_cred_by_mech.c,v 1.1 2003/03/16 18:11:16 lha Exp $"); + +OM_uint32 gss_inquire_cred_by_mech ( + OM_uint32 * minor_status, + const gss_cred_id_t cred_handle, + const gss_OID mech_type, + gss_name_t * name, + OM_uint32 * initiator_lifetime, + OM_uint32 * acceptor_lifetime, + gss_cred_usage_t * cred_usage + ) +{ + OM_uint32 ret; + OM_uint32 lifetime; + + if (gss_oid_equal(mech_type, GSS_C_NO_OID) == 0 && + gss_oid_equal(mech_type, GSS_KRB5_MECHANISM) == 0) { + *minor_status = EINVAL; + return GSS_S_BAD_MECH; + } + + ret = gss_inquire_cred (minor_status, + cred_handle, + name, + &lifetime, + cred_usage, + NULL); + + if (ret == 0 && cred_handle != GSS_C_NO_CREDENTIAL) { + gss_cred_usage_t usage; + + usage = cred_handle->usage; + + if (initiator_lifetime) { + if (usage == GSS_C_INITIATE || usage == GSS_C_BOTH) + *initiator_lifetime = lifetime; + } + if (acceptor_lifetime) { + if (usage == GSS_C_ACCEPT || usage == GSS_C_BOTH) + *acceptor_lifetime = lifetime; + } + } + + return ret; +} diff --git a/crypto/heimdal/lib/gssapi/inquire_mechs_for_name.c b/crypto/heimdal/lib/gssapi/inquire_mechs_for_name.c new file mode 100644 index 0000000..67ebb04 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/inquire_mechs_for_name.c @@ -0,0 +1,57 @@ +/* + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gssapi_locl.h" + +RCSID("$Id: inquire_mechs_for_name.c,v 1.1 2003/03/16 18:12:33 lha Exp $"); + +OM_uint32 gss_inquire_mechs_for_name ( + OM_uint32 * minor_status, + const gss_name_t input_name, + gss_OID_set * mech_types + ) +{ + OM_uint32 ret; + + ret = gss_create_empty_oid_set(minor_status, mech_types); + if (ret) + return ret; + + ret = gss_add_oid_set_member(minor_status, + GSS_KRB5_MECHANISM, + mech_types); + if (ret) + gss_release_oid_set(NULL, mech_types); + + return ret; +} diff --git a/crypto/heimdal/lib/gssapi/inquire_names_for_mech.c b/crypto/heimdal/lib/gssapi/inquire_names_for_mech.c new file mode 100644 index 0000000..0e93de6 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/inquire_names_for_mech.c @@ -0,0 +1,80 @@ +/* + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gssapi_locl.h" + +RCSID("$Id: inquire_names_for_mech.c,v 1.1 2003/03/16 18:15:29 lha Exp $"); + + +static gss_OID *name_list[] = { + &GSS_C_NT_HOSTBASED_SERVICE, + &GSS_C_NT_USER_NAME, + &GSS_KRB5_NT_PRINCIPAL_NAME, + &GSS_C_NT_EXPORT_NAME, + NULL +}; + +OM_uint32 gss_inquire_names_for_mech ( + OM_uint32 * minor_status, + const gss_OID mechanism, + gss_OID_set * name_types + ) +{ + OM_uint32 ret; + int i; + + *minor_status = 0; + + if (gss_oid_equal(mechanism, GSS_KRB5_MECHANISM) == 0 && + gss_oid_equal(mechanism, GSS_C_NULL_OID) == 0) { + *name_types = GSS_C_NO_OID_SET; + return GSS_S_BAD_MECH; + } + + ret = gss_create_empty_oid_set(minor_status, name_types); + if (ret != GSS_S_COMPLETE) + return ret; + + for (i = 0; name_list[i] != NULL; i++) { + ret = gss_add_oid_set_member(minor_status, + *(name_list[i]), + name_types); + if (ret != GSS_S_COMPLETE) + break; + } + + if (ret != GSS_S_COMPLETE) + gss_release_oid_set(NULL, name_types); + + return GSS_S_COMPLETE; +} diff --git a/crypto/heimdal/lib/gssapi/process_context_token.c b/crypto/heimdal/lib/gssapi/process_context_token.c new file mode 100644 index 0000000..0cec33c --- /dev/null +++ b/crypto/heimdal/lib/gssapi/process_context_token.c @@ -0,0 +1,65 @@ +/* + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gssapi_locl.h" + +RCSID("$Id: process_context_token.c,v 1.1 2003/03/16 18:19:05 lha Exp $"); + +OM_uint32 gss_process_context_token ( + OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + const gss_buffer_t token_buffer + ) +{ + OM_uint32 ret = GSS_S_FAILURE; + gss_buffer_desc empty_buffer; + gss_qop_t qop_state; + + empty_buffer.length = 0; + empty_buffer.value = NULL; + + qop_state = GSS_C_QOP_DEFAULT; + + ret = gss_verify_mic_internal(minor_status, context_handle, + token_buffer, &empty_buffer, + GSS_C_QOP_DEFAULT, "\x01\x02"); + + if (ret == GSS_S_COMPLETE) + ret = gss_delete_sec_context(minor_status, + (gss_ctx_id_t *)&context_handle, + GSS_C_NO_BUFFER); + if (ret == GSS_S_COMPLETE) + *minor_status = 0; + + return ret; +} diff --git a/crypto/heimdal/lib/gssapi/release_buffer.c b/crypto/heimdal/lib/gssapi/release_buffer.c index f399a18..258b76f 100644 --- a/crypto/heimdal/lib/gssapi/release_buffer.c +++ b/crypto/heimdal/lib/gssapi/release_buffer.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2000, 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,13 +33,14 @@ #include "gssapi_locl.h" -RCSID("$Id: release_buffer.c,v 1.4 2000/04/12 09:47:23 assar Exp $"); +RCSID("$Id: release_buffer.c,v 1.5 2003/03/16 17:58:20 lha Exp $"); OM_uint32 gss_release_buffer (OM_uint32 * minor_status, gss_buffer_t buffer ) { + *minor_status = 0; free (buffer->value); buffer->value = NULL; buffer->length = 0; diff --git a/crypto/heimdal/lib/gssapi/release_cred.c b/crypto/heimdal/lib/gssapi/release_cred.c index a414a98..172b2eb 100644 --- a/crypto/heimdal/lib/gssapi/release_cred.c +++ b/crypto/heimdal/lib/gssapi/release_cred.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,18 +33,20 @@ #include "gssapi_locl.h" -RCSID("$Id: release_cred.c,v 1.6 2002/08/20 12:02:45 nectar Exp $"); +RCSID("$Id: release_cred.c,v 1.8 2003/03/16 17:52:19 lha Exp $"); OM_uint32 gss_release_cred (OM_uint32 * minor_status, gss_cred_id_t * cred_handle ) { + *minor_status = 0; + if (*cred_handle == GSS_C_NO_CREDENTIAL) { return GSS_S_COMPLETE; } - gssapi_krb5_init (); + GSSAPI_KRB5_INIT (); if ((*cred_handle)->principal != NULL) krb5_free_principal(gssapi_krb5_context, (*cred_handle)->principal); diff --git a/crypto/heimdal/lib/gssapi/release_name.c b/crypto/heimdal/lib/gssapi/release_name.c index ce18a91..6894ffa 100644 --- a/crypto/heimdal/lib/gssapi/release_name.c +++ b/crypto/heimdal/lib/gssapi/release_name.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,16 +33,18 @@ #include "gssapi_locl.h" -RCSID("$Id: release_name.c,v 1.5 2000/04/12 09:48:27 assar Exp $"); +RCSID("$Id: release_name.c,v 1.7 2003/03/16 17:52:48 lha Exp $"); OM_uint32 gss_release_name (OM_uint32 * minor_status, gss_name_t * input_name ) { - gssapi_krb5_init (); - krb5_free_principal(gssapi_krb5_context, - *input_name); - *input_name = GSS_C_NO_NAME; - return GSS_S_COMPLETE; + GSSAPI_KRB5_INIT (); + if (minor_status) + *minor_status = 0; + krb5_free_principal(gssapi_krb5_context, + *input_name); + *input_name = GSS_C_NO_NAME; + return GSS_S_COMPLETE; } diff --git a/crypto/heimdal/lib/gssapi/release_oid_set.c b/crypto/heimdal/lib/gssapi/release_oid_set.c index 4225788..04eb015 100644 --- a/crypto/heimdal/lib/gssapi/release_oid_set.c +++ b/crypto/heimdal/lib/gssapi/release_oid_set.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2000, 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,13 +33,15 @@ #include "gssapi_locl.h" -RCSID("$Id: release_oid_set.c,v 1.4 2000/04/19 13:06:13 assar Exp $"); +RCSID("$Id: release_oid_set.c,v 1.5 2003/03/16 17:53:25 lha Exp $"); OM_uint32 gss_release_oid_set (OM_uint32 * minor_status, gss_OID_set * set ) { + if (minor_status) + *minor_status = 0; free ((*set)->elements); free (*set); *set = GSS_C_NO_OID_SET; diff --git a/crypto/heimdal/lib/gssapi/test_acquire_cred.c b/crypto/heimdal/lib/gssapi/test_acquire_cred.c new file mode 100644 index 0000000..29ed830 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/test_acquire_cred.c @@ -0,0 +1,98 @@ +/* + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of KTH nor the names of its contributors may be + * used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ + +#include "gssapi_locl.h" +#include <err.h> + +RCSID("$Id: test_acquire_cred.c,v 1.2 2003/04/06 00:20:37 lha Exp $"); + +static void +print_time(OM_uint32 time_rec) +{ + if (time_rec == GSS_C_INDEFINITE) { + printf("cred never expire\n"); + } else { + time_t t = time_rec; + printf("expiration time: %s", ctime(&t)); + } +} + +int +main(int argc, char **argv) +{ + OM_uint32 major_status, minor_status; + gss_cred_id_t cred_handle, copy_cred; + OM_uint32 time_rec; + + major_status = gss_acquire_cred(&minor_status, + GSS_C_NO_NAME, + 0, + NULL, + GSS_C_INITIATE, + &cred_handle, + NULL, + &time_rec); + if (GSS_ERROR(major_status)) + errx(1, "acquire_cred failed"); + + + print_time(time_rec); + + major_status = gss_add_cred (&minor_status, + cred_handle, + GSS_C_NO_NAME, + GSS_KRB5_MECHANISM, + GSS_C_INITIATE, + 0, + 0, + ©_cred, + NULL, + &time_rec, + NULL); + + if (GSS_ERROR(major_status)) + errx(1, "add_cred failed"); + + print_time(time_rec); + + major_status = gss_release_cred(&minor_status, + &cred_handle); + if (GSS_ERROR(major_status)) + errx(1, "release_cred failed"); + + major_status = gss_release_cred(&minor_status, + ©_cred); + if (GSS_ERROR(major_status)) + errx(1, "release_cred failed"); + + return 0; +} diff --git a/crypto/heimdal/lib/gssapi/test_oid_set_member.c b/crypto/heimdal/lib/gssapi/test_oid_set_member.c index 47e9fa7..e747c5a 100644 --- a/crypto/heimdal/lib/gssapi/test_oid_set_member.c +++ b/crypto/heimdal/lib/gssapi/test_oid_set_member.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1997, 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: test_oid_set_member.c,v 1.4 1999/12/02 17:05:04 joda Exp $"); +RCSID("$Id: test_oid_set_member.c,v 1.5 2003/03/16 17:54:06 lha Exp $"); OM_uint32 gss_test_oid_set_member ( OM_uint32 * minor_status, @@ -44,14 +44,12 @@ OM_uint32 gss_test_oid_set_member ( { size_t i; + *minor_status = 0; *present = 0; for (i = 0; i < set->count; ++i) - if (member->length == set->elements[i].length - && memcmp (member->elements, - set->elements[i].elements, - member->length) == 0) { - *present = 1; - break; - } + if (gss_oid_equal(member, &set->elements[i]) != 0) { + *present = 1; + break; + } return GSS_S_COMPLETE; } diff --git a/crypto/heimdal/lib/gssapi/unwrap.c b/crypto/heimdal/lib/gssapi/unwrap.c index 5acb2e9..f2009be 100644 --- a/crypto/heimdal/lib/gssapi/unwrap.c +++ b/crypto/heimdal/lib/gssapi/unwrap.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: unwrap.c,v 1.21 2002/09/03 17:33:11 joda Exp $"); +RCSID("$Id: unwrap.c,v 1.22 2003/03/16 17:54:43 lha Exp $"); OM_uint32 gss_krb5_get_remotekey(const gss_ctx_id_t context_handle, @@ -53,7 +53,7 @@ gss_krb5_get_remotekey(const gss_ctx_id_t context_handle, context_handle->auth_context, &skey); if(skey == NULL) - return GSS_S_FAILURE; + return GSS_KRB5_S_KG_NO_SUBKEY; /* XXX */ *key = skey; return 0; } @@ -86,10 +86,8 @@ unwrap_des ret = gssapi_krb5_verify_header (&p, input_message_buffer->length, "\x02\x01"); - if (ret) { - *minor_status = 0; + if (ret) return ret; - } if (memcmp (p, "\x00\x00", 2) != 0) return GSS_S_BAD_SIG; @@ -222,10 +220,8 @@ unwrap_des3 ret = gssapi_krb5_verify_header (&p, input_message_buffer->length, "\x02\x01"); - if (ret) { - *minor_status = 0; + if (ret) return ret; - } if (memcmp (p, "\x04\x00", 2) != 0) /* HMAC SHA1 DES3_KD */ return GSS_S_BAD_SIG; @@ -398,6 +394,8 @@ OM_uint32 gss_unwrap } krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype); + *minor_status = 0; + switch (keytype) { case KEYTYPE_DES : ret = unwrap_des (minor_status, context_handle, diff --git a/crypto/heimdal/lib/gssapi/verify_mic.c b/crypto/heimdal/lib/gssapi/verify_mic.c index 7915fa5..1775860 100644 --- a/crypto/heimdal/lib/gssapi/verify_mic.c +++ b/crypto/heimdal/lib/gssapi/verify_mic.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: verify_mic.c,v 1.16 2002/05/20 15:14:00 nectar Exp $"); +RCSID("$Id: verify_mic.c,v 1.18.2.2 2003/05/05 18:59:42 lha Exp $"); static OM_uint32 verify_mic_des @@ -42,7 +42,8 @@ verify_mic_des const gss_buffer_t message_buffer, const gss_buffer_t token_buffer, gss_qop_t * qop_state, - krb5_keyblock *key + krb5_keyblock *key, + char *type ) { u_char *p; @@ -57,7 +58,7 @@ verify_mic_des p = token_buffer->value; ret = gssapi_krb5_verify_header (&p, token_buffer->length, - "\x01\x01"); + type); if (ret) { *minor_status = 0; return ret; @@ -87,6 +88,7 @@ verify_mic_des if (memcmp (p - 8, hash, 8) != 0) { memset (deskey, 0, sizeof(deskey)); memset (schedule, 0, sizeof(schedule)); + *minor_status = 0; return GSS_S_BAD_MIC; } @@ -112,6 +114,7 @@ verify_mic_des memset (schedule, 0, sizeof(schedule)); if (memcmp (p, seq_data, 8) != 0) { + *minor_status = 0; return GSS_S_BAD_MIC; } @@ -119,6 +122,7 @@ verify_mic_des context_handle->auth_context, ++seq_number); + *minor_status = 0; return GSS_S_COMPLETE; } @@ -129,7 +133,8 @@ verify_mic_des3 const gss_buffer_t message_buffer, const gss_buffer_t token_buffer, gss_qop_t * qop_state, - krb5_keyblock *key + krb5_keyblock *key, + char *type ) { u_char *p; @@ -138,14 +143,15 @@ verify_mic_des3 OM_uint32 ret; krb5_crypto crypto; krb5_data seq_data; - int cmp; + int cmp, docompat; Checksum csum; char *tmp; + char ivec[8]; p = token_buffer->value; ret = gssapi_krb5_verify_header (&p, token_buffer->length, - "\x01\x01"); + type); if (ret) { *minor_status = 0; return ret; @@ -167,22 +173,34 @@ verify_mic_des3 } /* verify sequence number */ + docompat = 0; +retry: + if (docompat) + memset(ivec, 0, 8); + else + memcpy(ivec, p + 8, 8); - ret = krb5_decrypt (gssapi_krb5_context, - crypto, - KRB5_KU_USAGE_SEQ, - p, 8, &seq_data); + ret = krb5_decrypt_ivec (gssapi_krb5_context, + crypto, + KRB5_KU_USAGE_SEQ, + p, 8, &seq_data, ivec); if (ret) { - gssapi_krb5_set_error_string (); - krb5_crypto_destroy (gssapi_krb5_context, crypto); - *minor_status = ret; - return GSS_S_FAILURE; + if (docompat++) { + gssapi_krb5_set_error_string (); + krb5_crypto_destroy (gssapi_krb5_context, crypto); + *minor_status = ret; + return GSS_S_FAILURE; + } else + goto retry; } if (seq_data.length != 8) { - krb5_crypto_destroy (gssapi_krb5_context, crypto); krb5_data_free (&seq_data); - return GSS_S_BAD_MIC; + if (docompat++) { + krb5_crypto_destroy (gssapi_krb5_context, crypto); + return GSS_S_BAD_MIC; + } else + goto retry; } krb5_auth_getremoteseqnumber (gssapi_krb5_context, @@ -198,8 +216,11 @@ verify_mic_des3 cmp = memcmp (seq, seq_data.data, seq_data.length); krb5_data_free (&seq_data); if (cmp != 0) { - krb5_crypto_destroy (gssapi_krb5_context, crypto); - return GSS_S_BAD_MIC; + if (docompat++) { + krb5_crypto_destroy (gssapi_krb5_context, crypto); + return GSS_S_BAD_MIC; + } else + goto retry; } /* verify checksum */ @@ -235,24 +256,24 @@ verify_mic_des3 ++seq_number); krb5_crypto_destroy (gssapi_krb5_context, crypto); + *minor_status = 0; return GSS_S_COMPLETE; } OM_uint32 -gss_verify_mic +gss_verify_mic_internal (OM_uint32 * minor_status, const gss_ctx_id_t context_handle, const gss_buffer_t message_buffer, const gss_buffer_t token_buffer, - gss_qop_t * qop_state + gss_qop_t * qop_state, + char * type ) { krb5_keyblock *key; OM_uint32 ret; krb5_keytype keytype; - if (qop_state != NULL) - *qop_state = GSS_C_QOP_DEFAULT; ret = gss_krb5_get_remotekey(context_handle, &key); if (ret) { gssapi_krb5_set_error_string (); @@ -263,11 +284,13 @@ gss_verify_mic switch (keytype) { case KEYTYPE_DES : ret = verify_mic_des (minor_status, context_handle, - message_buffer, token_buffer, qop_state, key); + message_buffer, token_buffer, qop_state, key, + type); break; case KEYTYPE_DES3 : ret = verify_mic_des3 (minor_status, context_handle, - message_buffer, token_buffer, qop_state, key); + message_buffer, token_buffer, qop_state, key, + type); break; default : *minor_status = KRB5_PROG_ETYPE_NOSUPP; @@ -275,5 +298,27 @@ gss_verify_mic break; } krb5_free_keyblock (gssapi_krb5_context, key); + + return ret; +} + +OM_uint32 +gss_verify_mic + (OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + const gss_buffer_t message_buffer, + const gss_buffer_t token_buffer, + gss_qop_t * qop_state + ) +{ + OM_uint32 ret; + + if (qop_state != NULL) + *qop_state = GSS_C_QOP_DEFAULT; + + ret = gss_verify_mic_internal(minor_status, context_handle, + message_buffer, token_buffer, + qop_state, "\x01\x01"); + return ret; } diff --git a/crypto/heimdal/lib/gssapi/wrap.c b/crypto/heimdal/lib/gssapi/wrap.c index 1a9d7ea..203cc89 100644 --- a/crypto/heimdal/lib/gssapi/wrap.c +++ b/crypto/heimdal/lib/gssapi/wrap.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: wrap.c,v 1.20 2002/09/03 17:33:36 joda Exp $"); +RCSID("$Id: wrap.c,v 1.21 2003/03/16 17:57:48 lha Exp $"); OM_uint32 gss_krb5_get_localkey(const gss_ctx_id_t context_handle, @@ -109,6 +109,7 @@ gss_wrap_size_limit ( break; } krb5_free_keyblock (gssapi_krb5_context, key); + *minor_status = 0; return ret; } @@ -141,8 +142,10 @@ wrap_des output_message_buffer->length = total_len; output_message_buffer->value = malloc (total_len); - if (output_message_buffer->value == NULL) + if (output_message_buffer->value == NULL) { + *minor_status = ENOMEM; return GSS_S_FAILURE; + } p = gssapi_krb5_make_header(output_message_buffer->value, len, @@ -228,6 +231,7 @@ wrap_des } if(conf_state != NULL) *conf_state = conf_req_flag; + *minor_status = 0; return GSS_S_COMPLETE; } @@ -259,8 +263,10 @@ wrap_des3 output_message_buffer->length = total_len; output_message_buffer->value = malloc (total_len); - if (output_message_buffer->value == NULL) + if (output_message_buffer->value == NULL) { + *minor_status = ENOMEM; return GSS_S_FAILURE; + } p = gssapi_krb5_make_header(output_message_buffer->value, len, @@ -395,6 +401,7 @@ wrap_des3 } if(conf_state != NULL) *conf_state = conf_req_flag; + *minor_status = 0; return GSS_S_COMPLETE; } diff --git a/crypto/heimdal/lib/hdb/Makefile.am b/crypto/heimdal/lib/hdb/Makefile.am index c4b9d29..3bee373b 100644 --- a/crypto/heimdal/lib/hdb/Makefile.am +++ b/crypto/heimdal/lib/hdb/Makefile.am @@ -1,4 +1,4 @@ -# $Id: Makefile.am,v 1.53 2002/08/19 16:17:16 joda Exp $ +# $Id: Makefile.am,v 1.53.4.1 2003/05/12 15:20:46 joda Exp $ include $(top_srcdir)/Makefile.am.common @@ -20,7 +20,7 @@ LDADD = libhdb.la \ $(LIB_roken) lib_LTLIBRARIES = libhdb.la -libhdb_la_LDFLAGS = -version-info 7:5:0 +libhdb_la_LDFLAGS = -version-info 7:6:0 libhdb_la_SOURCES = \ common.c \ diff --git a/crypto/heimdal/lib/hdb/Makefile.in b/crypto/heimdal/lib/hdb/Makefile.in index 6581a63..bcd1d0b 100644 --- a/crypto/heimdal/lib/hdb/Makefile.in +++ b/crypto/heimdal/lib/hdb/Makefile.in @@ -14,11 +14,11 @@ @SET_MAKE@ -# $Id: Makefile.am,v 1.53 2002/08/19 16:17:16 joda Exp $ +# $Id: Makefile.am,v 1.53.4.1 2003/05/12 15:20:46 joda Exp $ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -219,7 +220,7 @@ LDADD = libhdb.la \ lib_LTLIBRARIES = libhdb.la -libhdb_la_LDFLAGS = -version-info 7:5:0 +libhdb_la_LDFLAGS = -version-info 7:6:0 libhdb_la_SOURCES = \ common.c \ @@ -286,10 +287,10 @@ all: $(BUILT_SOURCES) .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign lib/hdb/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) libLTLIBRARIES_INSTALL = $(INSTALL) install-libLTLIBRARIES: $(lib_LTLIBRARIES) @@ -481,7 +482,9 @@ info: info-am info-am: -install-data-am: install-data-local install-includeHEADERS +install-data-am: install-includeHEADERS + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: install-libLTLIBRARIES @$(NORMAL_INSTALL) @@ -510,7 +513,7 @@ uninstall-am: uninstall-includeHEADERS uninstall-info-am \ clean-noinstPROGRAMS distclean distclean-compile \ distclean-generic distclean-libtool distclean-tags distdir dvi \ dvi-am info info-am install install-am install-data \ - install-data-am install-data-local install-exec install-exec-am \ + install-data-am install-exec install-exec-am \ install-includeHEADERS install-info install-info-am \ install-libLTLIBRARIES install-man install-strip installcheck \ installcheck-am installdirs maintainer-clean \ @@ -643,7 +646,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/lib/hdb/common.c b/crypto/heimdal/lib/hdb/common.c index 9375525..6f0e730 100644 --- a/crypto/heimdal/lib/hdb/common.c +++ b/crypto/heimdal/lib/hdb/common.c @@ -33,7 +33,7 @@ #include "hdb_locl.h" -RCSID("$Id: common.c,v 1.11 2002/09/04 16:32:30 joda Exp $"); +RCSID("$Id: common.c,v 1.12 2003/01/14 06:54:32 lha Exp $"); int hdb_principal2key(krb5_context context, krb5_principal p, krb5_data *key) @@ -78,20 +78,22 @@ krb5_error_code _hdb_fetch(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry) { krb5_data key, value; - int code = 0; + int code; hdb_principal2key(context, entry->principal, &key); code = db->_get(context, db, key, &value); krb5_data_free(&key); if(code) return code; - hdb_value2entry(context, &value, entry); + code = hdb_value2entry(context, &value, entry); + krb5_data_free(&value); + if (code) + return code; if (db->master_key_set && (flags & HDB_F_DECRYPT)) { code = hdb_unseal_keys (context, db, entry); if (code) hdb_free_entry(context, entry); } - krb5_data_free(&value); return code; } diff --git a/crypto/heimdal/lib/hdb/mkey.c b/crypto/heimdal/lib/hdb/mkey.c index 13aae9d..92bcd86 100644 --- a/crypto/heimdal/lib/hdb/mkey.c +++ b/crypto/heimdal/lib/hdb/mkey.c @@ -36,7 +36,7 @@ #define O_BINARY 0 #endif -RCSID("$Id: mkey.c,v 1.14 2002/08/16 18:59:49 assar Exp $"); +RCSID("$Id: mkey.c,v 1.15 2003/03/28 02:01:33 lha Exp $"); struct hdb_master_key_data { krb5_keytab_entry keytab; @@ -377,6 +377,7 @@ hdb_unseal_keys_mkey(krb5_context context, hdb_entry *ent, hdb_master_key mkey) int i; krb5_error_code ret; krb5_data res; + size_t keysize; Key *k; for(i = 0; i < ent->keys.len; i++){ @@ -398,9 +399,21 @@ hdb_unseal_keys_mkey(krb5_context context, hdb_entry *ent, hdb_master_key mkey) if (ret) return ret; + /* fixup keylength if the key got padded when encrypting it */ + ret = krb5_enctype_keysize(context, k->key.keytype, &keysize); + if (ret) { + krb5_data_free(&res); + return ret; + } + if (keysize > res.length) { + krb5_data_free(&res); + return KRB5_BAD_KEYSIZE; + } + memset(k->key.keyvalue.data, 0, k->key.keyvalue.length); free(k->key.keyvalue.data); k->key.keyvalue = res; + k->key.keyvalue.length = keysize; free(k->mkvno); k->mkvno = NULL; } diff --git a/crypto/heimdal/lib/kadm5/ChangeLog b/crypto/heimdal/lib/kadm5/ChangeLog index d6fbe0d..1879c19 100644 --- a/crypto/heimdal/lib/kadm5/ChangeLog +++ b/crypto/heimdal/lib/kadm5/ChangeLog @@ -1,6 +1,33 @@ +2003-04-16 Love Hörnquist Åstrand <lha@it.su.se> + + * send_recv.c: check return values from krb5_data_alloc + * log.c: check return values from krb5_data_alloc + +2003-04-16 Love Hörnquist Åstrand <lha@it.su.se> + + * dump_log.c (print_entry): check return values from + krb5_data_alloc + +2003-04-01 Love Hörnquist Åstrand <lha@it.su.se> + + * init_c.c (kadm_connect): if a context realm was passed in, use + that to form the kadmin/admin principal + +2003-03-19 Love Hörnquist Åstrand <lha@it.su.se> + + * ipropd_master.c (main): make sure we don't consider dead slave + for select processing + (write_stats): use slave_stats_file variable, + check return value of strftime + (args): allow specifying slave stats file + (slave_dead): close the fd when the slave dies + 2002-10-21 Johan Danielsson <joda@pdc.kth.se> - * ipropd_slave.c: pull up 1.27; use a temporary database + * ipropd_slave.c (from Derrick Brashear): Propagating a large + database without this means the slave kdcs can get erroneous + HDB_NOENTRY and return the resulting errors. This creates a new db + handle, populates it, and moves it into place. 2002-08-26 Assar Westerlund <assar@kth.se> diff --git a/crypto/heimdal/lib/kadm5/Makefile.am b/crypto/heimdal/lib/kadm5/Makefile.am index 05621dd..9b0c49d 100644 --- a/crypto/heimdal/lib/kadm5/Makefile.am +++ b/crypto/heimdal/lib/kadm5/Makefile.am @@ -1,10 +1,10 @@ -# $Id: Makefile.am,v 1.51 2002/08/16 20:57:09 joda Exp $ +# $Id: Makefile.am,v 1.51.6.1 2003/05/12 15:20:46 joda Exp $ include $(top_srcdir)/Makefile.am.common lib_LTLIBRARIES = libkadm5srv.la libkadm5clnt.la -libkadm5srv_la_LDFLAGS = -version-info 7:5:0 -libkadm5clnt_la_LDFLAGS = -version-info 6:3:2 +libkadm5srv_la_LDFLAGS = -version-info 7:6:0 +libkadm5clnt_la_LDFLAGS = -version-info 6:4:2 sbin_PROGRAMS = dump_log replay_log truncate_log libkadm5srv_la_LIBADD = ../krb5/libkrb5.la ../hdb/libhdb.la ../roken/libroken.la diff --git a/crypto/heimdal/lib/kadm5/Makefile.in b/crypto/heimdal/lib/kadm5/Makefile.in index 7fc233f..22b3a55 100644 --- a/crypto/heimdal/lib/kadm5/Makefile.in +++ b/crypto/heimdal/lib/kadm5/Makefile.in @@ -14,11 +14,11 @@ @SET_MAKE@ -# $Id: Makefile.am,v 1.51 2002/08/16 20:57:09 joda Exp $ +# $Id: Makefile.am,v 1.51.6.1 2003/05/12 15:20:46 joda Exp $ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -202,8 +203,8 @@ NROFF_MAN = groff -mandoc -Tascii @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la lib_LTLIBRARIES = libkadm5srv.la libkadm5clnt.la -libkadm5srv_la_LDFLAGS = -version-info 7:5:0 -libkadm5clnt_la_LDFLAGS = -version-info 6:3:2 +libkadm5srv_la_LDFLAGS = -version-info 7:6:0 +libkadm5clnt_la_LDFLAGS = -version-info 6:4:2 sbin_PROGRAMS = dump_log replay_log truncate_log libkadm5srv_la_LIBADD = ../krb5/libkrb5.la ../hdb/libhdb.la ../roken/libroken.la @@ -399,10 +400,10 @@ all: all-am .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign lib/kadm5/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) libLTLIBRARIES_INSTALL = $(INSTALL) install-libLTLIBRARIES: $(lib_LTLIBRARIES) @@ -658,7 +659,9 @@ info: info-am info-am: -install-data-am: install-data-local install-kadm5includeHEADERS +install-data-am: install-kadm5includeHEADERS + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: install-libLTLIBRARIES install-libexecPROGRAMS \ install-sbinPROGRAMS @@ -689,8 +692,8 @@ uninstall-am: uninstall-info-am uninstall-kadm5includeHEADERS \ clean-libtool clean-sbinPROGRAMS distclean distclean-compile \ distclean-generic distclean-libtool distclean-tags distdir dvi \ dvi-am info info-am install install-am install-data \ - install-data-am install-data-local install-exec install-exec-am \ - install-info install-info-am install-kadm5includeHEADERS \ + install-data-am install-exec install-exec-am install-info \ + install-info-am install-kadm5includeHEADERS \ install-libLTLIBRARIES install-libexecPROGRAMS install-man \ install-sbinPROGRAMS install-strip installcheck installcheck-am \ installdirs maintainer-clean maintainer-clean-generic \ @@ -824,7 +827,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/lib/kadm5/dump_log.c b/crypto/heimdal/lib/kadm5/dump_log.c index 5689f35..f8309fb 100644 --- a/crypto/heimdal/lib/kadm5/dump_log.c +++ b/crypto/heimdal/lib/kadm5/dump_log.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -34,7 +34,7 @@ #include "iprop.h" #include "parse_time.h" -RCSID("$Id: dump_log.c,v 1.12 2002/05/24 15:19:18 joda Exp $"); +RCSID("$Id: dump_log.c,v 1.13 2003/04/16 17:56:02 lha Exp $"); static char *op_names[] = { "get", @@ -89,7 +89,9 @@ print_entry(kadm5_server_context *server_context, krb5_free_principal(context, source); break; case kadm_rename: - krb5_data_alloc(&data, len); + ret = krb5_data_alloc(&data, len); + if (ret) + krb5_err (context, 1, ret, "kadm_rename: data alloc: %d", len); krb5_ret_principal(sp, &source); krb5_storage_read(sp, data.data, data.length); hdb_value2entry(context, &data, &ent); @@ -102,7 +104,9 @@ print_entry(kadm5_server_context *server_context, hdb_free_entry(context, &ent); break; case kadm_create: - krb5_data_alloc(&data, len); + ret = krb5_data_alloc(&data, len); + if (ret) + krb5_err (context, 1, ret, "kadm_create: data alloc: %d", len); krb5_storage_read(sp, data.data, data.length); ret = hdb_value2entry(context, &data, &ent); if(ret) @@ -110,7 +114,9 @@ print_entry(kadm5_server_context *server_context, mask = ~0; goto foo; case kadm_modify: - krb5_data_alloc(&data, len); + ret = krb5_data_alloc(&data, len); + if (ret) + krb5_err (context, 1, ret, "kadm_modify: data alloc: %d", len); krb5_ret_int32(sp, &mask); krb5_storage_read(sp, data.data, data.length); ret = hdb_value2entry(context, &data, &ent); diff --git a/crypto/heimdal/lib/kadm5/init_c.c b/crypto/heimdal/lib/kadm5/init_c.c index c7236b6..0ed1df1 100644 --- a/crypto/heimdal/lib/kadm5/init_c.c +++ b/crypto/heimdal/lib/kadm5/init_c.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -37,7 +37,7 @@ #include <netinet/in.h> #include <netdb.h> -RCSID("$Id: init_c.c,v 1.44 2002/06/16 15:13:25 nectar Exp $"); +RCSID("$Id: init_c.c,v 1.45 2003/04/01 15:06:41 lha Exp $"); static void set_funcs(kadm5_client_context *c) @@ -335,6 +335,7 @@ kadm_connect(kadm5_client_context *ctx) int error; char portstr[NI_MAXSERV]; char *hostname, *slash; + char *service_name; krb5_context context = ctx->context; memset (&hints, 0, sizeof(hints)); @@ -377,7 +378,20 @@ kadm_connect(kadm5_client_context *ctx) close(s); return ret; } - ret = krb5_parse_name(context, KADM5_ADMIN_SERVICE, &server); + + if (ctx->realm) + asprintf(&service_name, "%s@%s", KADM5_ADMIN_SERVICE, ctx->realm); + else + asprintf(&service_name, "%s", KADM5_ADMIN_SERVICE); + + if (service_name == NULL) { + freeaddrinfo (ai); + close(s); + return ENOMEM; + } + + ret = krb5_parse_name(context, service_name, &server); + free(service_name); if(ret) { freeaddrinfo (ai); if(ctx->ccache == NULL) diff --git a/crypto/heimdal/lib/kadm5/ipropd_master.c b/crypto/heimdal/lib/kadm5/ipropd_master.c index 626e853..537d403 100644 --- a/crypto/heimdal/lib/kadm5/ipropd_master.c +++ b/crypto/heimdal/lib/kadm5/ipropd_master.c @@ -34,10 +34,12 @@ #include "iprop.h" #include <rtbl.h> -RCSID("$Id: ipropd_master.c,v 1.28 2002/08/16 18:27:53 joda Exp $"); +RCSID("$Id: ipropd_master.c,v 1.29 2003/03/19 11:56:38 lha Exp $"); static krb5_log_facility *log_facility; +const char *slave_stats_file = KADM5_SLAVE_STATS; + static int make_signal_socket (krb5_context context) { @@ -123,6 +125,10 @@ slave_seen(slave *s) static void slave_dead(slave *s) { + if (s->fd >= 0) { + close (s->fd); + s->fd = -1; + } s->flags |= SLAVE_F_DEAD; slave_seen(s); } @@ -406,12 +412,12 @@ process_msg (krb5_context context, slave *s, int log_fd, static void write_stats(krb5_context context, slave *slaves, u_int32_t current_version) { - char str[30]; + char str[100]; rtbl_t tbl; time_t t = time(NULL); FILE *fp; - fp = fopen(KADM5_SLAVE_STATS, "w"); + fp = fopen(slave_stats_file, "w"); if (fp == NULL) return; @@ -457,8 +463,9 @@ write_stats(krb5_context context, slave *slaves, u_int32_t current_version) else rtbl_add_column_entry(tbl, SLAVE_STATUS, "Up"); - strftime(str, sizeof(str), "%Y-%m-%d %H:%M:%S", - localtime(&slaves->seen)); + if (strftime(str, sizeof(str), "%Y-%m-%d %H:%M:%S %Z", + localtime(&slaves->seen)) == 0) + strlcpy(str, "Unknown time", sizeof(str)); rtbl_add_column_entry(tbl, SLAVE_SEEN, str); slaves = slaves->next; @@ -482,6 +489,7 @@ static struct getargs args[] = { { "keytab", 'k', arg_string, &keytab_str, "keytab to get authentication from", "kspec" }, { "database", 'd', arg_string, &database, "database", "file"}, + { "slave-stats-file", 0, arg_string, &slave_stats_file, "file"}, { "version", 0, arg_flag, &version_flag }, { "help", 0, arg_flag, &help_flag } }; @@ -566,6 +574,8 @@ main(int argc, char **argv) max_fd = max(max_fd, listen_fd); for (p = slaves; p != NULL; p = p->next) { + if (p->flags & SLAVE_F_DEAD) + continue; FD_SET(p->fd, &readset); max_fd = max(max_fd, p->fd); } @@ -584,8 +594,11 @@ main(int argc, char **argv) kadm5_log_get_version_fd (log_fd, ¤t_version); if (current_version > old_version) - for (p = slaves; p != NULL; p = p->next) + for (p = slaves; p != NULL; p = p->next) { + if (p->flags & SLAVE_F_DEAD) + continue; send_diffs (context, p, log_fd, database, current_version); + } } if (ret && FD_ISSET(signal_fd, &readset)) { @@ -604,12 +617,15 @@ main(int argc, char **argv) send_diffs (context, p, log_fd, database, current_version); } - for(p = slaves; ret && p != NULL; p = p->next) + for(p = slaves; ret && p != NULL; p = p->next) { + if (p->flags & SLAVE_F_DEAD) + continue; if (FD_ISSET(p->fd, &readset)) { --ret; if(process_msg (context, p, log_fd, database, current_version)) slave_dead(p); } + } if (ret && FD_ISSET(listen_fd, &readset)) { add_slave (context, keytab, &slaves, listen_fd); diff --git a/crypto/heimdal/lib/kadm5/ipropd_slave.c b/crypto/heimdal/lib/kadm5/ipropd_slave.c index 31ab429..f8846c0 100644 --- a/crypto/heimdal/lib/kadm5/ipropd_slave.c +++ b/crypto/heimdal/lib/kadm5/ipropd_slave.c @@ -33,7 +33,7 @@ #include "iprop.h" -RCSID("$Id: ipropd_slave.c,v 1.26.2.1 2002/10/21 16:06:25 joda Exp $"); +RCSID("$Id: ipropd_slave.c,v 1.27 2002/10/21 15:51:44 joda Exp $"); static krb5_log_facility *log_facility; diff --git a/crypto/heimdal/lib/kadm5/log.c b/crypto/heimdal/lib/kadm5/log.c index 01432c9..8ea3ca9 100644 --- a/crypto/heimdal/lib/kadm5/log.c +++ b/crypto/heimdal/lib/kadm5/log.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kadm5_locl.h" -RCSID("$Id: log.c,v 1.19 2002/05/24 15:19:21 joda Exp $"); +RCSID("$Id: log.c,v 1.20 2003/04/16 17:56:55 lha Exp $"); /* * A log record consists of: @@ -268,7 +268,9 @@ kadm5_log_replay_create (kadm5_server_context *context, krb5_data data; hdb_entry ent; - krb5_data_alloc (&data, len); + ret = krb5_data_alloc (&data, len); + if (ret) + return ret; krb5_storage_read (sp, data.data, len); ret = hdb_value2entry (context->context, &data, &ent); krb5_data_free(&data); @@ -421,7 +423,11 @@ kadm5_log_replay_rename (kadm5_server_context *context, krb5_ret_principal (sp, &source); princ_len = krb5_storage_seek(sp, 0, SEEK_CUR) - off; data_len = len - princ_len; - krb5_data_alloc (&value, data_len); + ret = krb5_data_alloc (&value, data_len); + if (ret) { + krb5_free_principal (context->context, source); + return ret; + } krb5_storage_read (sp, value.data, data_len); ret = hdb_value2entry (context->context, &value, &target_ent); krb5_data_free(&value); @@ -509,7 +515,9 @@ kadm5_log_replay_modify (kadm5_server_context *context, krb5_ret_int32 (sp, &mask); len -= 4; - krb5_data_alloc (&value, len); + ret = krb5_data_alloc (&value, len); + if (ret) + return ret; krb5_storage_read (sp, value.data, len); ret = hdb_value2entry (context->context, &value, &log_ent); krb5_data_free(&value); diff --git a/crypto/heimdal/lib/kadm5/send_recv.c b/crypto/heimdal/lib/kadm5/send_recv.c index c13f01b..fe44b76 100644 --- a/crypto/heimdal/lib/kadm5/send_recv.c +++ b/crypto/heimdal/lib/kadm5/send_recv.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kadm5_locl.h" -RCSID("$Id: send_recv.c,v 1.9 2002/05/24 15:19:23 joda Exp $"); +RCSID("$Id: send_recv.c,v 1.10 2003/04/16 17:58:59 lha Exp $"); kadm5_ret_t _kadm5_client_send(kadm5_client_context *context, krb5_storage *sp) @@ -47,6 +47,8 @@ _kadm5_client_send(kadm5_client_context *context, krb5_storage *sp) len = krb5_storage_seek(sp, 0, SEEK_CUR); ret = krb5_data_alloc(&msg, len); + if (ret) + return ret; krb5_storage_seek(sp, 0, SEEK_SET); krb5_storage_read(sp, msg.data, msg.length); diff --git a/crypto/heimdal/lib/kafs/ChangeLog b/crypto/heimdal/lib/kafs/ChangeLog index acb3669..4c125e1 100644 --- a/crypto/heimdal/lib/kafs/ChangeLog +++ b/crypto/heimdal/lib/kafs/ChangeLog @@ -1,3 +1,119 @@ +2003-04-23 Love Hörquist Åstrand <lha@it.su.se> + + * common.c, kafs.h: drop the int argument (the error code) from + the logging function + +2003-04-22 Johan Danielsson <joda@pdc.kth.se> + + * afskrb5.c (v5_convert): better match what other functions do + with values from krb5.conf, like case insensitivity + +2003-04-16 Love Hörquist Åstrand <lha@it.su.se> + + * kafs.3: Change .Fd #include <header.h> to .In header.h + from Thomas Klausner <wiz@netbsd.org> + +2003-04-14 Love Hörquist Åstrand <lha@it.su.se> + + * Makefile.am: (libkafs_la_LDFLAGS): update version + + * Makefile.am (ROKEN_SRCS): drop strupr.c + + * kafs.3: document kafs_set_verbose + + * common.c (kafs_set_verbose): add function that (re)sets the + logging function + (_kafs_try_get_cred): add function that does (krb_data->get_cred) to + make logging easier (that is now done in this function) + (*): use _kafs_try_get_cred + + * afskrb5.c (get_cred): handle that inst can be the empty string too + (v5_convert): use _kafs_foldup + (krb5_afslog_uid_home): set name + (krb5_afslog_uid_home): ditto + + * afskrb.c (krb_afslog_uid_home): set name + (krb_afslog_uid_home): ditto + + * kafs_locl.h (kafs_data): add name + (_kafs_foldup): internally export + +2003-04-11 Love Hörquist Åstrand <lha@it.su.se> + + * kafs.3: tell that cell-name is uppercased + + * Makefile.am: add INCLUDE_krb4 when using krb4, add INCLUDE_des + when using krb5, add strupr.c + + * afskrb5.c: Check the cell part of the name, not the realm part + when checking if 2b should be used. The reson is afs@REALM might + have updated their servers but not afs/cell@REALM. Add constant + KAFS_RXKAD_2B_KVNO. + +2003-04-06 Love Hörquist Åstrand <lha@it.su.se> + + * kafs.3: s/kerberos/Kerberos/ + +2003-03-19 Love Hörquist Åstrand <lha@it.su.se> + + * kafs.3: spelling, from <jmc@prioris.mini.pw.edu.pl> + + * kafs.3: document the kafs_settoken functions write about the + krb5_appdefault option for kerberos 5 afs tokens fix prototypes + +2003-03-18 Love Hörquist Åstrand <lha@it.su.se> + + * afskrb5.c (kafs_settoken5): change signature to include a + krb5_context, use v5_convert + (v5_convert): new function, converts a krb5_ccreds to a kafs_token in + three diffrent ways, not at all, local 524/2b, and using 524 + (v5_to_kt): add code to do local 524/2b + (get_cred): use v5_convert + + + * kafs.h (kafs_settoken5): change signature to include a + krb5_context + + * Makefile.am: always build the libkafs library now that the + kerberos 5 can stand on their own + + * kafs.3: expose the krb5 functions + + * common.c (kafs_settoken_rxkad): move all content kerberos + version from kafs_settoken to kafs_settoken_rxkad + (_kafs_fixup_viceid): move the fixup the timestamp to make client + happy code here. + (_kafs_v4_to_kt): move all the kerberos 4 dependant parts from + kafs_settoken here. + (*): adapt to kafs_token + + * afskrb5.c (kafs_settoken5): new function, inserts a krb5_creds + into kernel + (v5_to_kt): new function, stores a krb5_creds in struct kafs_token + (get_cred): add a appdefault boolean ("libkafs", realm, "afs-use-524") + that can used to toggle if there should v5 token should be used + directly or converted via 524 first. + + * afskrb.c: move kafs_settoken here, use struct kafs_token + + * kafs_locl.h: include krb5-v4compat.h if needed, define an + internal structure struct kafs_token that carries around for rxkad + data that is independant of kerberos version + +2003-02-18 Love Hörquist Åstrand <lha@it.su.se> + + * dlfcn.h: s/intialize/initialize, from + <jmc@prioris.mini.pw.edu.pl> + +2003-02-08 Assar Westerlund <assar@kth.se> + + * afssysdefs.h: fix FreeBSD section + +2003-02-06 Love Hörquist Åstrand <lha@it.su.se> + + * afssysdefs.h: use syscall 208 on openbsd (all version) use + syscall 339 on freebsd 5.0 and later, use 210 on 4.x and earlier + 2002-08-28 Johan Danielsson <joda@pdc.kth.se> * kafs.3: move around sections (from NetBSD) diff --git a/crypto/heimdal/lib/kafs/Makefile.am b/crypto/heimdal/lib/kafs/Makefile.am index a59b585..a08c477 100644 --- a/crypto/heimdal/lib/kafs/Makefile.am +++ b/crypto/heimdal/lib/kafs/Makefile.am @@ -1,12 +1,27 @@ -# $Id: Makefile.am,v 1.37 2002/08/19 15:08:37 joda Exp $ +# $Id: Makefile.am,v 1.43.2.1 2003/05/12 15:20:46 joda Exp $ include $(top_srcdir)/Makefile.am.common -INCLUDES += $(INCLUDE_krb4) $(AFS_EXTRA_DEFS) $(ROKEN_RENAME) +INCLUDES += $(AFS_EXTRA_DEFS) $(ROKEN_RENAME) if KRB4 -AFSLIBS = libkafs.la DEPLIB_krb4 = $(LIB_krb4) $(LIB_des) +krb4_am_workaround = $(INCLUDE_krb4) +else +DEPLIB_krb4 = +krb4_am_workaround = +endif # KRB4 +INCLUDES += $(krb4_am_workaround) + +if KRB5 +DEPLIB_krb5 = ../krb5/libkrb5.la +krb5_am_workaround = $(INCLUDE_des) -I$(top_srcdir)/lib/krb5 +else +DEPLIB_krb5 = +krb5_am_workaround = +endif # KRB5 +INCLUDES += $(krb5_am_workaround) + if AIX AFSL_EXP = $(srcdir)/afsl.exp @@ -36,19 +51,10 @@ AFSL_EXP = AIX_SRC = endif # AIX -else -AFSLIBS = -DEPLIB_krb4 = -endif # KRB4 - -if KRB5 -libkafs_la_LIBADD = ../krb5/libkrb5.la ../roken/libroken.la $(DEPLIB_krb4) -else -libkafs_la_LIBADD = ../roken/libroken.la $(DEPLIB_krb4) -endif # KRB5 +libkafs_la_LIBADD = $(DEPLIB_krb5) ../roken/libroken.la $(DEPLIB_krb4) -lib_LTLIBRARIES = $(AFSLIBS) -libkafs_la_LDFLAGS = -version-info 3:4:3 +lib_LTLIBRARIES = libkafs.la +libkafs_la_LDFLAGS = -version-info 4:0:4 foodir = $(libdir) foo_DATA = $(AFS_EXTRA_LIBS) # EXTRA_DATA = afslib.so @@ -61,13 +67,18 @@ if KRB5 afskrb5_c = afskrb5.c endif +if KRB4 +afskrb_c = afskrb.c +endif + + if do_roken_rename ROKEN_SRCS = resolve.c strtok_r.c strlcpy.c strsep.c endif libkafs_la_SOURCES = \ afssys.c \ - afskrb.c \ + $(afskrb_c) \ $(afskrb5_c) \ common.c \ $(AIX_SRC) \ @@ -77,7 +88,7 @@ libkafs_la_SOURCES = \ #afslib_so_SOURCES = afslib.c -EXTRA_libkafs_la_SOURCES = afskrb5.c dlfcn.c afslib.c dlfcn.h +EXTRA_libkafs_la_SOURCES = afskrb.c afskrb5.c dlfcn.c afslib.c dlfcn.h EXTRA_DIST = README.dlfcn afsl.exp afslib.exp diff --git a/crypto/heimdal/lib/kafs/Makefile.in b/crypto/heimdal/lib/kafs/Makefile.in index 974d44c..22b0121 100644 --- a/crypto/heimdal/lib/kafs/Makefile.in +++ b/crypto/heimdal/lib/kafs/Makefile.in @@ -14,11 +14,11 @@ @SET_MAKE@ -# $Id: Makefile.am,v 1.37 2002/08/19 15:08:37 joda Exp $ +# $Id: Makefile.am,v 1.43.2.1 2003/05/12 15:20:46 joda Exp $ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -142,7 +143,7 @@ AUTOMAKE_OPTIONS = foreign no-dependencies 1.6 SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4) $(AFS_EXTRA_DEFS) $(ROKEN_RENAME) +INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(AFS_EXTRA_DEFS) $(ROKEN_RENAME) $(krb4_am_workaround) $(krb5_am_workaround) @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -201,31 +202,35 @@ NROFF_MAN = groff -mandoc -Tascii @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la -@KRB4_TRUE@AFSLIBS = libkafs.la -@KRB4_FALSE@AFSLIBS = @KRB4_TRUE@DEPLIB_krb4 = $(LIB_krb4) $(LIB_des) @KRB4_FALSE@DEPLIB_krb4 = +@KRB4_TRUE@krb4_am_workaround = $(INCLUDE_krb4) +@KRB4_FALSE@krb4_am_workaround = -@AIX_FALSE@@KRB4_TRUE@AFSL_EXP = -@AIX_TRUE@@KRB4_TRUE@AFSL_EXP = $(srcdir)/afsl.exp +@KRB5_TRUE@DEPLIB_krb5 = ../krb5/libkrb5.la +@KRB5_FALSE@DEPLIB_krb5 = +@KRB5_TRUE@krb5_am_workaround = $(INCLUDE_des) -I$(top_srcdir)/lib/krb5 +@KRB5_FALSE@krb5_am_workaround = -@AIX4_FALSE@@AIX_TRUE@@KRB4_TRUE@AFS_EXTRA_LD = -e _nostart -@AIX4_TRUE@@AIX_TRUE@@KRB4_TRUE@AFS_EXTRA_LD = -bnoentry +@AIX_TRUE@AFSL_EXP = $(srcdir)/afsl.exp +@AIX_FALSE@AFSL_EXP = -@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@KRB4_TRUE@AIX_SRC = afslib.c -@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@AIX_SRC = dlfcn.c -@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@AIX_SRC = -@AIX_FALSE@@KRB4_TRUE@AIX_SRC = -@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@KRB4_TRUE@AFS_EXTRA_LIBS = -@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@KRB4_TRUE@AFS_EXTRA_LIBS = afslib.so -@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@KRB4_TRUE@AFS_EXTRA_DEFS = -DSTATIC_AFS -@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@KRB4_TRUE@AFS_EXTRA_DEFS = +@AIX4_FALSE@@AIX_TRUE@AFS_EXTRA_LD = -e _nostart +@AIX4_TRUE@@AIX_TRUE@AFS_EXTRA_LD = -bnoentry -@KRB5_TRUE@libkafs_la_LIBADD = ../krb5/libkrb5.la ../roken/libroken.la $(DEPLIB_krb4) -@KRB5_FALSE@libkafs_la_LIBADD = ../roken/libroken.la $(DEPLIB_krb4) +@AIX_FALSE@AIX_SRC = +@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@AIX_SRC = afslib.c +@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@AIX_SRC = +@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@AIX_SRC = dlfcn.c +@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@AFS_EXTRA_LIBS = +@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@AFS_EXTRA_LIBS = afslib.so +@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@AFS_EXTRA_DEFS = -DSTATIC_AFS +@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@AFS_EXTRA_DEFS = -lib_LTLIBRARIES = $(AFSLIBS) -libkafs_la_LDFLAGS = -version-info 3:4:3 +libkafs_la_LIBADD = $(DEPLIB_krb5) ../roken/libroken.la $(DEPLIB_krb4) + +lib_LTLIBRARIES = libkafs.la +libkafs_la_LDFLAGS = -version-info 4:0:4 foodir = $(libdir) foo_DATA = $(AFS_EXTRA_LIBS) @@ -236,11 +241,13 @@ include_HEADERS = kafs.h @KRB5_TRUE@afskrb5_c = afskrb5.c +@KRB4_TRUE@afskrb_c = afskrb.c + @do_roken_rename_TRUE@ROKEN_SRCS = resolve.c strtok_r.c strlcpy.c strsep.c libkafs_la_SOURCES = \ afssys.c \ - afskrb.c \ + $(afskrb_c) \ $(afskrb5_c) \ common.c \ $(AIX_SRC) \ @@ -251,7 +258,7 @@ libkafs_la_SOURCES = \ #afslib_so_SOURCES = afslib.c -EXTRA_libkafs_la_SOURCES = afskrb5.c dlfcn.c afslib.c dlfcn.h +EXTRA_libkafs_la_SOURCES = afskrb.c afskrb5.c dlfcn.c afslib.c dlfcn.h EXTRA_DIST = README.dlfcn afsl.exp afslib.exp @@ -268,16 +275,17 @@ LTLIBRARIES = $(lib_LTLIBRARIES) @KRB4_TRUE@@KRB5_TRUE@libkafs_la_DEPENDENCIES = ../krb5/libkrb5.la \ @KRB4_TRUE@@KRB5_TRUE@ ../roken/libroken.la @KRB4_TRUE@@KRB5_FALSE@libkafs_la_DEPENDENCIES = ../roken/libroken.la -@KRB5_TRUE@am__objects_11 = afskrb5.lo -@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@KRB4_TRUE@am__objects_12 = afslib.lo -@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@am__objects_12 = \ -@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@ dlfcn.lo -@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@am__objects_12 = -@AIX_FALSE@@KRB4_TRUE@am__objects_12 = -@do_roken_rename_TRUE@am__objects_13 = resolve.lo strtok_r.lo strlcpy.lo \ +@KRB4_TRUE@am__objects_11 = afskrb.lo +@KRB5_TRUE@am__objects_12 = afskrb5.lo +@AIX_FALSE@am__objects_13 = +@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@am__objects_13 = afslib.lo +@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@am__objects_13 = +@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@am__objects_13 = \ +@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@ dlfcn.lo +@do_roken_rename_TRUE@am__objects_14 = resolve.lo strtok_r.lo strlcpy.lo \ @do_roken_rename_TRUE@ strsep.lo -am_libkafs_la_OBJECTS = afssys.lo afskrb.lo $(am__objects_11) common.lo \ - $(am__objects_12) $(am__objects_13) +am_libkafs_la_OBJECTS = afssys.lo $(am__objects_11) $(am__objects_12) \ + common.lo $(am__objects_13) $(am__objects_14) libkafs_la_OBJECTS = $(am_libkafs_la_OBJECTS) DEFS = @DEFS@ @@ -308,10 +316,10 @@ all: all-am .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign lib/kafs/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) libLTLIBRARIES_INSTALL = $(INSTALL) install-libLTLIBRARIES: $(lib_LTLIBRARIES) @@ -553,8 +561,9 @@ info: info-am info-am: -install-data-am: install-data-local install-fooDATA \ - install-includeHEADERS install-man +install-data-am: install-fooDATA install-includeHEADERS install-man + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: install-libLTLIBRARIES @$(NORMAL_INSTALL) @@ -584,16 +593,15 @@ uninstall-man: uninstall-man3 clean-generic clean-libLTLIBRARIES clean-libtool distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am info info-am install \ - install-am install-data install-data-am install-data-local \ - install-exec install-exec-am install-fooDATA \ - install-includeHEADERS install-info install-info-am \ - install-libLTLIBRARIES install-man install-man3 install-strip \ - installcheck installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool tags uninstall \ - uninstall-am uninstall-fooDATA uninstall-includeHEADERS \ - uninstall-info-am uninstall-libLTLIBRARIES uninstall-man \ - uninstall-man3 + install-am install-data install-data-am install-exec \ + install-exec-am install-fooDATA install-includeHEADERS \ + install-info install-info-am install-libLTLIBRARIES install-man \ + install-man3 install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool tags uninstall uninstall-am \ + uninstall-fooDATA uninstall-includeHEADERS uninstall-info-am \ + uninstall-libLTLIBRARIES uninstall-man uninstall-man3 install-suid-programs: @@ -719,7 +727,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/lib/kafs/afskrb.c b/crypto/heimdal/lib/kafs/afskrb.c index 038a2ad..523a7b9 100644 --- a/crypto/heimdal/lib/kafs/afskrb.c +++ b/crypto/heimdal/lib/kafs/afskrb.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2001, 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,9 @@ #include "kafs_locl.h" -RCSID("$Id: afskrb.c,v 1.15 2001/10/24 19:36:27 assar Exp $"); +RCSID("$Id: afskrb.c,v 1.17 2003/04/14 08:32:11 lha Exp $"); + +#ifdef KRB4 struct krb_kafs_data { const char *realm; @@ -41,16 +43,19 @@ struct krb_kafs_data { static int get_cred(kafs_data *data, const char *name, const char *inst, - const char *realm, CREDENTIALS *c) + const char *realm, uid_t uid, struct kafs_token *kt) { + CREDENTIALS c; KTEXT_ST tkt; - int ret = krb_get_cred((char*)name, (char*)inst, (char*)realm, c); + int ret = krb_get_cred((char*)name, (char*)inst, (char*)realm, &c); if (ret) { ret = krb_mk_req(&tkt, (char*)name, (char*)inst, (char*)realm, 0); if (ret == KSUCCESS) - ret = krb_get_cred((char*)name, (char*)inst, (char*)realm, c); + ret = krb_get_cred((char*)name, (char*)inst, (char*)realm, &c); } + if (ret == 0) + ret = _kafs_v4_to_kt(&c, uid, kt); return ret; } @@ -62,11 +67,13 @@ afslog_uid_int(kafs_data *data, const char *homedir) { int ret; - CREDENTIALS c; + struct kafs_token kt; char name[ANAME_SZ]; char inst[INST_SZ]; char realm[REALM_SZ]; + kt.ticket = NULL; + if (cell == 0 || cell[0] == 0) return _kafs_afslog_all_local_cells (data, uid, homedir); @@ -75,10 +82,13 @@ afslog_uid_int(kafs_data *data, if (ret != KSUCCESS) return ret; - ret = _kafs_get_cred(data, cell, realm_hint, realm, &c); + kt.ticket = NULL; + ret = _kafs_get_cred(data, cell, realm_hint, realm, uid, &kt); - if (ret == 0) - ret = kafs_settoken(cell, uid, &c); + if (ret == 0) { + ret = kafs_settoken_rxkad(cell, &kt.ct, kt.ticket, kt.ticket_len); + free(kt.ticket); + } return ret; } @@ -98,6 +108,7 @@ krb_afslog_uid_home(const char *cell, const char *realm_hint, uid_t uid, { kafs_data kd; + kd.name = "krb4"; kd.afslog_uid = afslog_uid_int; kd.get_cred = get_cred; kd.get_realm = get_realm; @@ -132,6 +143,31 @@ krb_realm_of_cell(const char *cell, char **realm) { kafs_data kd; + kd.name = "krb4"; kd.get_realm = get_realm; return _kafs_realm_of_cell(&kd, cell, realm); } + +int +kafs_settoken(const char *cell, uid_t uid, CREDENTIALS *c) +{ + struct kafs_token kt; + int ret; + + kt.ticket = NULL; + + ret = _kafs_v4_to_kt(c, uid, &kt); + if (ret) + return ret; + + if (kt.ct.EndTimestamp < time(NULL)) { + free(kt.ticket); + return 0; + } + + ret = kafs_settoken_rxkad(cell, &kt.ct, kt.ticket, kt.ticket_len); + free(kt.ticket); + return ret; +} + +#endif /* KRB4 */ diff --git a/crypto/heimdal/lib/kafs/afskrb5.c b/crypto/heimdal/lib/kafs/afskrb5.c index fe5f96a..d415db6 100644 --- a/crypto/heimdal/lib/kafs/afskrb5.c +++ b/crypto/heimdal/lib/kafs/afskrb5.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1995-2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kafs_locl.h" -RCSID("$Id: afskrb5.c,v 1.14 2001/06/18 13:11:32 assar Exp $"); +RCSID("$Id: afskrb5.c,v 1.18.2.1 2003/04/22 14:25:43 joda Exp $"); struct krb5_kafs_data { krb5_context context; @@ -41,9 +41,126 @@ struct krb5_kafs_data { krb5_const_realm realm; }; +enum { + KAFS_RXKAD_2B_KVNO = 213, + KAFS_RXKAD_K5_KVNO = 256 +}; + +static int +v5_to_kt(krb5_creds *cred, uid_t uid, struct kafs_token *kt, int local524) +{ + int kvno, ret; + + kt->ticket = NULL; + + /* check if des key */ + if (cred->session.keyvalue.length != 8) + return EINVAL; + + if (local524) { + Ticket t; + unsigned char *buf; + size_t buf_len; + size_t len; + + kvno = KAFS_RXKAD_2B_KVNO; + + ret = decode_Ticket(cred->ticket.data, cred->ticket.length, &t, &len); + if (ret) + return ret; + if (t.tkt_vno != 5) + return -1; + + ASN1_MALLOC_ENCODE(EncryptedData, buf, buf_len, &t.enc_part, + &len, ret); + free_Ticket(&t); + if (ret) + return ret; + if(buf_len != len) { + free(buf); + return KRB5KRB_ERR_GENERIC; + } + + kt->ticket = buf; + kt->ticket_len = buf_len; + + } else { + kvno = KAFS_RXKAD_K5_KVNO; + kt->ticket = malloc(cred->ticket.length); + if (kt->ticket == NULL) + return ENOMEM; + kt->ticket_len = cred->ticket.length; + memcpy(kt->ticket, cred->ticket.data, kt->ticket_len); + + ret = 0; + } + + + /* + * Build a struct ClearToken + */ + + kt->ct.AuthHandle = kvno; + memcpy(kt->ct.HandShakeKey, cred->session.keyvalue.data, 8); + kt->ct.ViceId = uid; + kt->ct.BeginTimestamp = cred->times.starttime; + kt->ct.EndTimestamp = cred->times.endtime; + + _kafs_fixup_viceid(&kt->ct, uid); + + return 0; +} + +static krb5_error_code +v5_convert(krb5_context context, krb5_ccache id, + krb5_creds *cred, uid_t uid, + const char *cell, + struct kafs_token *kt) +{ + krb5_error_code ret; + char *c, *val; + + c = strdup(cell); + if (c == NULL) + return ENOMEM; + _kafs_foldup(c, c); + krb5_appdefault_string (context, "libkafs", + c, + "afs-use-524", "yes", &val); + free(c); + + if (strcasecmp(val, "local") == 0 || + strcasecmp(val, "2b") == 0) + ret = v5_to_kt(cred, uid, kt, 1); + else if(strcasecmp(val, "yes") == 0 || + strcasecmp(val, "true") == 0 || + atoi(val)) { + struct credentials c; + + if (id == NULL) + ret = krb524_convert_creds_kdc(context, cred, &c); + else + ret = krb524_convert_creds_kdc_ccache(context, id, cred, &c); + if (ret) + goto out; + + ret = _kafs_v4_to_kt(&c, uid, kt); + } else + ret = v5_to_kt(cred, uid, kt, 0); + + out: + free(val); + return ret; +} + + +/* + * + */ + static int get_cred(kafs_data *data, const char *name, const char *inst, - const char *realm, CREDENTIALS *c) + const char *realm, uid_t uid, struct kafs_token *kt) { krb5_error_code ret; krb5_creds in_creds, *out_creds; @@ -65,8 +182,11 @@ get_cred(kafs_data *data, const char *name, const char *inst, krb5_free_principal(d->context, in_creds.client); if(ret) return ret; - ret = krb524_convert_creds_kdc_ccache(d->context, d->id, out_creds, c); + + ret = v5_convert(d->context, d->id, out_creds, uid, + (inst != NULL && inst[0] != '\0') ? inst : realm, kt); krb5_free_creds(d->context, out_creds); + return ret; } @@ -75,7 +195,7 @@ afslog_uid_int(kafs_data *data, const char *cell, const char *rh, uid_t uid, const char *homedir) { krb5_error_code ret; - CREDENTIALS c; + struct kafs_token kt; krb5_principal princ; krb5_realm *trealm; /* ticket realm */ struct krb5_kafs_data *d = data->data; @@ -94,12 +214,15 @@ afslog_uid_int(kafs_data *data, const char *cell, const char *rh, uid_t uid, krb5_free_principal (d->context, princ); } - ret = _kafs_get_cred(data, cell, d->realm, *trealm, &c); + kt.ticket = NULL; + ret = _kafs_get_cred(data, cell, d->realm, *trealm, uid, &kt); if(trealm) krb5_free_principal (d->context, princ); - if(ret == 0) - ret = kafs_settoken(cell, uid, &c); + if(ret == 0) { + ret = kafs_settoken_rxkad(cell, &kt.ct, kt.ticket, kt.ticket_len); + free(kt.ticket); + } return ret; } @@ -126,6 +249,7 @@ krb5_afslog_uid_home(krb5_context context, { kafs_data kd; struct krb5_kafs_data d; + kd.name = "krb5"; kd.afslog_uid = afslog_uid_int; kd.get_cred = get_cred; kd.get_realm = get_realm; @@ -174,6 +298,29 @@ krb5_realm_of_cell(const char *cell, char **realm) { kafs_data kd; + kd.name = "krb5"; kd.get_realm = get_realm; return _kafs_realm_of_cell(&kd, cell, realm); } + +/* + * + */ + +int +kafs_settoken5(krb5_context context, const char *cell, uid_t uid, + krb5_creds *cred) +{ + struct kafs_token kt; + int ret; + + ret = v5_convert(context, NULL, cred, uid, cell, &kt); + if (ret) + return ret; + + ret = kafs_settoken_rxkad(cell, &kt.ct, kt.ticket, kt.ticket_len); + + free(kt.ticket); + + return ret; +} diff --git a/crypto/heimdal/lib/kafs/afssys.c b/crypto/heimdal/lib/kafs/afssys.c index c64b382..84989a0 100644 --- a/crypto/heimdal/lib/kafs/afssys.c +++ b/crypto/heimdal/lib/kafs/afssys.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995 - 200 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2000, 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kafs_locl.h" -RCSID("$Id: afssys.c,v 1.67 2000/07/08 12:06:03 assar Exp $"); +RCSID("$Id: afssys.c,v 1.69 2003/03/18 04:18:45 lha Exp $"); int _kafs_debug; /* this should be done in a better way */ @@ -160,7 +160,7 @@ k_pioctl(char *a_path, errno = ENOSYS; #ifdef SIGSYS - kill(getpid(), SIGSYS); /* You loose! */ + kill(getpid(), SIGSYS); /* You lose! */ #endif #endif /* NO_AFS */ return -1; @@ -208,7 +208,7 @@ k_setpag(void) errno = ENOSYS; #ifdef SIGSYS - kill(getpid(), SIGSYS); /* You loose! */ + kill(getpid(), SIGSYS); /* You lose! */ #endif #endif /* NO_AFS */ return -1; diff --git a/crypto/heimdal/lib/kafs/afssysdefs.h b/crypto/heimdal/lib/kafs/afssysdefs.h index 800921f..bfda36a 100644 --- a/crypto/heimdal/lib/kafs/afssysdefs.h +++ b/crypto/heimdal/lib/kafs/afssysdefs.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: afssysdefs.h,v 1.24 2000/11/17 01:07:47 assar Exp $ */ +/* $Id: afssysdefs.h,v 1.26 2003/02/08 22:55:55 assar Exp $ */ /* * This section is for machines using single entry point AFS syscalls! @@ -82,7 +82,19 @@ #define AFS_SYSCALL 31 #endif -#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) +#if defined(__FreeBSD__) +#if __FreeBSD_version >= 500000 +#define AFS_SYSCALL 339 +#else +#define AFS_SYSCALL 210 +#endif +#endif /* __FreeBSD__ */ + +#ifdef __OpenBSD__ +#define AFS_SYSCALL 208 +#endif + +#if defined(__NetBSD__) #define AFS_SYSCALL 210 #endif diff --git a/crypto/heimdal/lib/kafs/common.c b/crypto/heimdal/lib/kafs/common.c index 0c448f5..291dcac 100644 --- a/crypto/heimdal/lib/kafs/common.c +++ b/crypto/heimdal/lib/kafs/common.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kafs_locl.h" -RCSID("$Id: common.c,v 1.24 2002/05/31 02:43:51 assar Exp $"); +RCSID("$Id: common.c,v 1.26.2.1 2003/04/23 18:03:20 lha Exp $"); #define AUTH_SUPERUSER "afs" @@ -45,8 +45,11 @@ RCSID("$Id: common.c,v 1.24 2002/05/31 02:43:51 assar Exp $"); #define ToAsciiUpper(c) ((c) - 'a' + 'A') -static void -foldup(char *a, const char *b) +static void (*kafs_verbose)(void *, const char *); +static void *kafs_verbose_ctx; + +void +_kafs_foldup(char *a, const char *b) { for (; *b; a++, b++) if (IsAsciiLower(*b)) @@ -56,62 +59,39 @@ foldup(char *a, const char *b) *a = '\0'; } +void +kafs_set_verbose(void (*f)(void *, const char *), void *ctx) +{ + if (f) { + kafs_verbose = f; + kafs_verbose_ctx = ctx; + } +} + int -kafs_settoken(const char *cell, uid_t uid, CREDENTIALS *c) +kafs_settoken_rxkad(const char *cell, struct ClearToken *ct, + void *ticket, size_t ticket_len) { struct ViceIoctl parms; - struct ClearToken ct; - int32_t sizeof_x; char buf[2048], *t; - int ret; + int32_t sizeof_x; - /* - * Build a struct ClearToken - */ - ct.AuthHandle = c->kvno; - memcpy (ct.HandShakeKey, c->session, sizeof(c->session)); - ct.ViceId = uid; - ct.BeginTimestamp = c->issue_date; - ct.EndTimestamp = krb_life_to_time(c->issue_date, c->lifetime); - if(ct.EndTimestamp < time(NULL)) - return 0; /* don't store tokens that has expired (and possibly - overwriting valid tokens)*/ - -#define ODD(x) ((x) & 1) - /* According to Transarc conventions ViceId is valid iff - * (EndTimestamp - BeginTimestamp) is odd. By decrementing EndTime - * the transformations: - * - * (issue_date, life) -> (StartTime, EndTime) -> (issue_date, life) - * preserves the original values. - */ - if (uid != 0) /* valid ViceId */ - { - if (!ODD(ct.EndTimestamp - ct.BeginTimestamp)) - ct.EndTimestamp--; - } - else /* not valid ViceId */ - { - if (ODD(ct.EndTimestamp - ct.BeginTimestamp)) - ct.EndTimestamp--; - } - t = buf; /* * length of secret token followed by secret token */ - sizeof_x = c->ticket_st.length; + sizeof_x = ticket_len; memcpy(t, &sizeof_x, sizeof(sizeof_x)); t += sizeof(sizeof_x); - memcpy(t, c->ticket_st.dat, sizeof_x); + memcpy(t, ticket, sizeof_x); t += sizeof_x; /* * length of clear token followed by clear token */ - sizeof_x = sizeof(ct); + sizeof_x = sizeof(*ct); memcpy(t, &sizeof_x, sizeof(sizeof_x)); t += sizeof(sizeof_x); - memcpy(t, &ct, sizeof_x); + memcpy(t, ct, sizeof_x); t += sizeof_x; /* @@ -134,8 +114,60 @@ kafs_settoken(const char *cell, uid_t uid, CREDENTIALS *c) parms.in_size = t - buf; parms.out = 0; parms.out_size = 0; - ret = k_pioctl(0, VIOCSETTOK, &parms, 0); - return ret; + + return k_pioctl(0, VIOCSETTOK, &parms, 0); +} + +void +_kafs_fixup_viceid(struct ClearToken *ct, uid_t uid) +{ +#define ODD(x) ((x) & 1) + /* According to Transarc conventions ViceId is valid iff + * (EndTimestamp - BeginTimestamp) is odd. By decrementing EndTime + * the transformations: + * + * (issue_date, life) -> (StartTime, EndTime) -> (issue_date, life) + * preserves the original values. + */ + if (uid != 0) /* valid ViceId */ + { + if (!ODD(ct->EndTimestamp - ct->BeginTimestamp)) + ct->EndTimestamp--; + } + else /* not valid ViceId */ + { + if (ODD(ct->EndTimestamp - ct->BeginTimestamp)) + ct->EndTimestamp--; + } +} + + +int +_kafs_v4_to_kt(CREDENTIALS *c, uid_t uid, struct kafs_token *kt) +{ + kt->ticket = NULL; + + if (c->ticket_st.length > MAX_KTXT_LEN) + return EINVAL; + + kt->ticket = malloc(c->ticket_st.length); + if (kt->ticket == NULL) + return ENOMEM; + kt->ticket_len = c->ticket_st.length; + memcpy(kt->ticket, c->ticket_st.dat, kt->ticket_len); + + /* + * Build a struct ClearToken + */ + kt->ct.AuthHandle = c->kvno; + memcpy (kt->ct.HandShakeKey, c->session, sizeof(c->session)); + kt->ct.ViceId = uid; + kt->ct.BeginTimestamp = c->issue_date; + kt->ct.EndTimestamp = krb_life_to_time(c->issue_date, c->lifetime); + + _kafs_fixup_viceid(&kt->ct, uid); + + return 0; } /* Try to get a db-server for an AFS cell from a AFSDB record */ @@ -330,12 +362,33 @@ _kafs_realm_of_cell(kafs_data *data, const char *cell, char **realm) return file_find_cell(data, cell, realm, 0); } +static int +_kafs_try_get_cred(kafs_data *data, const char *user, const char *cell, + const char *realm, uid_t uid, struct kafs_token *kt) +{ + int ret; + + ret = (*data->get_cred)(data, user, cell, realm, uid, kt); + if (kafs_verbose) { + char *str; + asprintf(&str, "%s tried afs%s%s@%s -> %d", + data->name, cell[0] == '\0' ? "" : "/", + cell, realm, ret); + (*kafs_verbose)(kafs_verbose_ctx, str); + free(str); + } + + return ret; +} + + int _kafs_get_cred(kafs_data *data, - const char *cell, - const char *realm_hint, - const char *realm, - CREDENTIALS *c) + const char *cell, + const char *realm_hint, + const char *realm, + uid_t uid, + struct kafs_token *kt) { int ret = -1; char *vl_realm; @@ -366,20 +419,23 @@ _kafs_get_cred(kafs_data *data, */ if (realm_hint) { - ret = (*data->get_cred)(data, AUTH_SUPERUSER, cell, realm_hint, c); + ret = _kafs_try_get_cred(data, AUTH_SUPERUSER, + cell, realm_hint, uid, kt); if (ret == 0) return 0; - ret = (*data->get_cred)(data, AUTH_SUPERUSER, "", realm_hint, c); + ret = _kafs_try_get_cred(data, AUTH_SUPERUSER, + "", realm_hint, uid, kt); if (ret == 0) return 0; } - foldup(CELL, cell); + _kafs_foldup(CELL, cell); /* * If cell == realm we don't need no cross-cell authentication. * Try afs@REALM. */ if (strcmp(CELL, realm) == 0) { - ret = (*data->get_cred)(data, AUTH_SUPERUSER, "", realm, c); + ret = _kafs_try_get_cred(data, AUTH_SUPERUSER, + "", realm, uid, kt); if (ret == 0) return 0; /* Try afs.cell@REALM below. */ } @@ -389,7 +445,8 @@ _kafs_get_cred(kafs_data *data, * REALM we still don't have to resort to cross-cell authentication. * Try afs.cell@REALM. */ - ret = (*data->get_cred)(data, AUTH_SUPERUSER, cell, realm, c); + ret = _kafs_try_get_cred(data, AUTH_SUPERUSER, + cell, realm, uid, kt); if (ret == 0) return 0; /* @@ -398,9 +455,11 @@ _kafs_get_cred(kafs_data *data, * Try afs@CELL. * Try afs.cell@CELL. */ - ret = (*data->get_cred)(data, AUTH_SUPERUSER, "", CELL, c); + ret = _kafs_try_get_cred(data, AUTH_SUPERUSER, + "", CELL, uid, kt); if (ret == 0) return 0; - ret = (*data->get_cred)(data, AUTH_SUPERUSER, cell, CELL, c); + ret = _kafs_try_get_cred(data, AUTH_SUPERUSER, + cell, CELL, uid, kt); if (ret == 0) return 0; /* @@ -412,9 +471,11 @@ _kafs_get_cred(kafs_data *data, if (_kafs_realm_of_cell(data, cell, &vl_realm) == 0 && strcmp(vl_realm, realm) != 0 && strcmp(vl_realm, CELL) != 0) { - ret = (*data->get_cred)(data, AUTH_SUPERUSER, cell, vl_realm, c); + ret = _kafs_try_get_cred(data, AUTH_SUPERUSER, + cell, vl_realm, uid, kt); if (ret) - ret = (*data->get_cred)(data, AUTH_SUPERUSER, "", vl_realm, c); + ret = _kafs_try_get_cred(data, AUTH_SUPERUSER, + "", vl_realm, uid, kt); free(vl_realm); if (ret == 0) return 0; } diff --git a/crypto/heimdal/lib/kafs/dlfcn.h b/crypto/heimdal/lib/kafs/dlfcn.h index 5671e9c..b8dfd98 100644 --- a/crypto/heimdal/lib/kafs/dlfcn.h +++ b/crypto/heimdal/lib/kafs/dlfcn.h @@ -19,7 +19,7 @@ extern "C" { #define RTLD_GLOBAL 0x100 /* allow symbols to be global */ /* - * To be able to intialize, a library may provide a dl_info structure + * To be able to initialize, a library may provide a dl_info structure * that contains functions to be called to initialize and terminate. */ struct dl_info { diff --git a/crypto/heimdal/lib/kafs/kafs.3 b/crypto/heimdal/lib/kafs/kafs.3 index 934d121..c6cff4d 100644 --- a/crypto/heimdal/lib/kafs/kafs.3 +++ b/crypto/heimdal/lib/kafs/kafs.3 @@ -1,7 +1,38 @@ -.\" $Id: kafs.3,v 1.8 2002/08/28 20:04:31 joda Exp $ +.\" Copyright (c) 1998 - 1999, 2001 - 2003 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. .\" -.Dd May 7, 1997 -.Os KTH-KRB +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: kafs.3,v 1.16 2003/04/16 13:58:27 lha Exp $ +.\" +.Dd Mar 17, 2003 +.Os HEIMDAL .Dt KAFS 3 .Sh NAME .Nm k_hasafs , @@ -9,33 +40,44 @@ .Nm k_unlog , .Nm k_setpag , .Nm k_afs_cell_of_file , +.Nm kafs_set_verbose , +.Nm kafs_settoken_rxkad , +.Nm kafs_settoken , .Nm krb_afslog , .Nm krb_afslog_uid -.\" .Nm krb5_afslog , -.\" .Nm krb5_afslog_uid +.Nm kafs_settoken5 , +.Nm krb5_afslog , +.Nm krb5_afslog_uid .Nd AFS library .Sh LIBRARY AFS cache manager access library (libkafs, -lkafs) .Sh SYNOPSIS -.Fd #include <kafs.h> +.In kafs.h .Ft int .Fn k_afs_cell_of_file "const char *path" "char *cell" "int len" .Ft int -.Fn k_hasafs +.Fn k_hasafs "void" .Ft int .Fn k_pioctl "char *a_path" "int o_opcode" "struct ViceIoctl *a_paramsP" "int a_followSymlinks" .Ft int -.Fn k_setpag +.Fn k_setpag "void" .Ft int -.Fn k_unlog +.Fn k_unlog "void" +.Ft void +.Fn kafs_set_verbose "void (*func)(void *, const char *, int)" "void *" .Ft int +.Fn kafs_settoken_rxkad "const char *cell" "struct ClearToken *token" "void *ticket" "size_t ticket_len" +.Ft int +.Fn kafs_settoken "const char *cell" "uid_t uid" "CREDENTIALS *c" .Fn krb_afslog "char *cell" "char *realm" .Ft int .Fn krb_afslog_uid "char *cell" "char *realm" "uid_t uid" -.\" .Ft krb5_error_code -.\" .Fn krb5_afslog_uid "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm" "uid_t uid" -.\" .Ft krb5_error_code -.\" .Fn krb5_afslog "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm" +.Ft krb5_error_code +.Fn krb5_afslog_uid "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm" "uid_t uid" +.Ft int +.Fn kafs_settoken5 "const char *cell" "uid_t uid" "krb5_creds *c" +.Ft krb5_error_code +.Fn krb5_afslog "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm" .Sh DESCRIPTION .Fn k_hasafs initializes some library internal structures, and tests for the @@ -44,6 +86,36 @@ called before .Fn k_hasafs is called, or if it fails. .Pp +.Fn kafs_set_verbose +set a log function that will be called each time the kafs library does +something important so that the application using libkafs can output +verbose logging. +Calling the function +.Fa kafs_set_verbose +with the function argument set to +.Dv NULL +will stop libkafs from calling the logging function (if set). +.Pp +.Fn kafs_settoken_rxkad +set +.Li rxkad +with the +.Fa token +and +.Fa ticket +(that have the length +.Fa ticket_len ) +for a given +.Fa cell . +.Pp +.Fn kafs_settoken +and +.Fn kafs_settoken5 +work the same way as +.Fn kafs_settoken_rxkad +but internally converts the Kerberos 4 or 5 credential to a afs +cleartoken and ticket. +.Pp .Fn krb_afslog , and .Fn krb_afslog_uid @@ -69,13 +141,54 @@ field in the token, will use .Fa uid . .Pp -.\" .Fn krb5_afslog , -.\" and -.\" .Fn krb5_afslog_uid -.\" are the Kerberos 5 equivalents of -.\" .Fn krb_afslog , -.\" and -.\" .Fn krb_afslog_uid . +.Fn krb5_afslog , +and +.Fn krb5_afslog_uid +are the Kerberos 5 equivalents of +.Fn krb_afslog , +and +.Fn krb_afslog_uid . +.Pp +.Fn krb5_afslog , +.Fn kafs_settoken5 +can be configured to behave diffrently via a +.Nm krb5_appdefault +option +.Li afs-use-524 +in +.Pa krb5.conf . +Possible values for +.Li afs-use-524 +are: +.Bl -tag -width local +.It yes +use the 524 server in the realm to convert the ticket +.It no +use the Kerberos 5 ticket directly, can be used with if the afs cell +support 2b token. +.It local, 2b +convert the Kerberos 5 credential to a 2b token locally (the same work +as a 2b 524 server should have done). +.El +.Pp +Example: +.Pp +.Bd -literal +[appdefaults] + SU.SE = { afs-use-524 = local } + PDC.KTH.SE = { afs-use-524 = yes } + afs-use-524 = yes +.Ed +.Pp +libkafs will use the +.Li libkafs +as application name when running the +.Nm krb5_appdefault +function call. +.Pp +The (uppercased) cellname is used as the realm to the +.Nm krb5_appdefault function. +.Pp .\" The extra arguments are the ubiquitous context, and the cache id where .\" to store any obtained tickets. Since AFS servers normally can't handle .\" Kerberos 5 tickets directly, these functions will first obtain version @@ -109,7 +222,7 @@ returns 1 if AFS is present in the kernel, 0 otherwise. .Fn krb_afslog and .Fn krb_afslog_uid -returns 0 on success, or a kerberos error number on failure. +returns 0 on success, or a Kerberos error number on failure. .Fn k_afs_cell_of_file , .Fn k_pioctl , .Fn k_setpag , @@ -145,7 +258,7 @@ if (k_hasafs()) { .Sh ERRORS If any of these functions (apart from .Fn k_hasafs ) -is called without AFS beeing present in the kernel, the process will +is called without AFS being present in the kernel, the process will usually (depending on the operating system) receive a SIGSYS signal. .Sh SEE ALSO .Rs @@ -154,6 +267,9 @@ usually (depending on the operating system) receive a SIGSYS signal. .%T File Server/Cache Manager Interface .%D 1991 .Re +.Pp +.Xr krb5_appdefaults 3 , +.Xr krb5.conf 5 .Sh BUGS .Ev AFS_SYSCALL has no effect under AIX. diff --git a/crypto/heimdal/lib/kafs/kafs.h b/crypto/heimdal/lib/kafs/kafs.h index b929121..f95b776 100644 --- a/crypto/heimdal/lib/kafs/kafs.h +++ b/crypto/heimdal/lib/kafs/kafs.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2001, 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: kafs.h,v 1.35 2001/09/10 16:05:31 assar Exp $ */ +/* $Id: kafs.h,v 1.39.2.1 2003/04/23 18:03:21 lha Exp $ */ #ifndef __KAFS_H #define __KAFS_H @@ -144,9 +144,16 @@ int k_afs_cell_of_file __P((const char *path, char *cell, int len)); #define KRB5_H_INCLUDED #endif +void kafs_set_verbose __P((void (*kafs_verbose)(void *, const char *), void *)); +int kafs_settoken_rxkad __P((const char *, struct ClearToken *, + void *ticket, size_t ticket_len)); #ifdef KRB_H_INCLUDED int kafs_settoken __P((const char*, uid_t, CREDENTIALS*)); #endif +#ifdef KRB5_H_INCLUDED +int kafs_settoken5 __P((krb5_context, const char*, uid_t, krb5_creds*)); +#endif + #ifdef KRB5_H_INCLUDED krb5_error_code krb5_afslog_uid __P((krb5_context context, diff --git a/crypto/heimdal/lib/kafs/kafs_locl.h b/crypto/heimdal/lib/kafs/kafs_locl.h index ac1c2f6..e82b81b 100644 --- a/crypto/heimdal/lib/kafs/kafs_locl.h +++ b/crypto/heimdal/lib/kafs/kafs_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: kafs_locl.h,v 1.15 1999/12/02 16:58:40 joda Exp $ */ +/* $Id: kafs_locl.h,v 1.17 2003/04/14 08:28:37 lha Exp $ */ #ifndef __KAFS_LOCL_H__ #define __KAFS_LOCL_H__ @@ -93,7 +93,13 @@ #endif #ifdef KRB4 #include <krb.h> -#endif +#else +#ifdef KRB5 +#include "crypto-headers.h" +#include <krb5-v4compat.h> +typedef struct credentials CREDENTIALS; +#endif /* KRB5 */ +#endif /* KRB4 */ #include <kafs.h> #include <resolve.h> @@ -101,31 +107,47 @@ #include "afssysdefs.h" struct kafs_data; +struct kafs_token; typedef int (*afslog_uid_func_t)(struct kafs_data *, - const char *cell, - const char *realm_hint, + const char *, + const char *, uid_t, - const char *homedir); + const char *); typedef int (*get_cred_func_t)(struct kafs_data*, const char*, const char*, - const char*, CREDENTIALS*); + const char*, uid_t, struct kafs_token *); typedef char* (*get_realm_func_t)(struct kafs_data*, const char*); typedef struct kafs_data { + const char *name; afslog_uid_func_t afslog_uid; get_cred_func_t get_cred; get_realm_func_t get_realm; void *data; } kafs_data; +struct kafs_token { + struct ClearToken ct; + void *ticket; + size_t ticket_len; +}; + +void _kafs_foldup(char *, const char *); + int _kafs_afslog_all_local_cells(kafs_data*, uid_t, const char*); int _kafs_get_cred(kafs_data*, const char*, const char*, const char *, - CREDENTIALS*); + uid_t, struct kafs_token *); int -_kafs_realm_of_cell(kafs_data *data, const char *cell, char **realm); +_kafs_realm_of_cell(kafs_data *, const char *, char **); + +int +_kafs_v4_to_kt(CREDENTIALS *, uid_t, struct kafs_token *); + +void +_kafs_fixup_viceid(struct ClearToken *, uid_t); #ifdef _AIX int aix_pioctl(char*, int, struct ViceIoctl*, int); diff --git a/crypto/heimdal/lib/kdfs/Makefile.in b/crypto/heimdal/lib/kdfs/Makefile.in index a346347..2115ecc 100644 --- a/crypto/heimdal/lib/kdfs/Makefile.in +++ b/crypto/heimdal/lib/kdfs/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.6.3 from Makefile.am. +# Makefile.in generated by automake 1.6.1 from Makefile.am. # @configure_input@ # Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002 @@ -18,7 +18,7 @@ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -55,7 +55,6 @@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_DATA = @INSTALL_DATA@ install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_HEADER = $(INSTALL_DATA) transform = @program_transform_name@ @@ -115,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -193,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -242,10 +242,10 @@ all: all-am .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign lib/kdfs/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) libLTLIBRARIES_INSTALL = $(INSTALL) install-libLTLIBRARIES: $(lib_LTLIBRARIES) @@ -269,12 +269,6 @@ uninstall-libLTLIBRARIES: clean-libLTLIBRARIES: -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ - dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ - test -z "$dir" && dir=.; \ - echo "rm -f \"$${dir}/so_locations\""; \ - rm -f "$${dir}/so_locations"; \ - done libkdfs.la: $(libkdfs_la_OBJECTS) $(libkdfs_la_DEPENDENCIES) $(LINK) -rpath $(libdir) $(libkdfs_la_LDFLAGS) $(libkdfs_la_OBJECTS) $(libkdfs_la_LIBADD) $(LIBS) @@ -344,7 +338,7 @@ top_distdir = ../.. distdir = $(top_distdir)/$(PACKAGE)-$(VERSION) distdir: $(DISTFILES) - @list='$(DISTFILES)'; for file in $$list; do \ + @for file in $(DISTFILES); do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \ if test "$$dir" != "$$file" && test "$$dir" != "."; then \ @@ -394,7 +388,7 @@ mostlyclean-generic: clean-generic: distclean-generic: - -rm -f Makefile $(CONFIG_CLEAN_FILES) + -rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]* maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -417,7 +411,9 @@ info: info-am info-am: -install-data-am: install-data-local +install-data-am: + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: install-libLTLIBRARIES @$(NORMAL_INSTALL) @@ -444,8 +440,8 @@ uninstall-am: uninstall-info-am uninstall-libLTLIBRARIES clean-generic clean-libLTLIBRARIES clean-libtool distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am info info-am install \ - install-am install-data install-data-am install-data-local \ - install-exec install-exec-am install-info install-info-am \ + install-am install-data install-data-am install-exec \ + install-exec-am install-info install-info-am \ install-libLTLIBRARIES install-man install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ @@ -576,7 +572,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/lib/krb5/Makefile.am b/crypto/heimdal/lib/krb5/Makefile.am index 6332935..6f5a8fc 100644 --- a/crypto/heimdal/lib/krb5/Makefile.am +++ b/crypto/heimdal/lib/krb5/Makefile.am @@ -1,4 +1,4 @@ -# $Id: Makefile.am,v 1.147.2.1 2002/10/21 15:03:14 joda Exp $ +# $Id: Makefile.am,v 1.156.2.1 2003/05/12 15:20:47 joda Exp $ include $(top_srcdir)/Makefile.am.common @@ -6,14 +6,16 @@ INCLUDES += $(INCLUDE_krb4) $(INCLUDE_des) -I../com_err -I$(srcdir)/../com_err bin_PROGRAMS = verify_krb5_conf -noinst_PROGRAMS = dump_config test_get_addrs krbhst-test +noinst_PROGRAMS = dump_config test_get_addrs krbhst-test test_alname TESTS = \ + aes-test \ n-fold-test \ string-to-key-test \ derived-key-test \ store-test \ parse-name-test \ + test_cc \ name-45-test check_PROGRAMS = $(TESTS) @@ -130,7 +132,7 @@ libkrb5_la_SOURCES = \ write_message.c \ $(ERR_FILES) -libkrb5_la_LDFLAGS = -version-info 18:4:1 +libkrb5_la_LDFLAGS = -version-info 19:0:2 $(libkrb5_la_OBJECTS): $(srcdir)/krb5-protos.h $(srcdir)/krb5-private.h @@ -147,13 +149,17 @@ man_MANS = \ krb5.3 \ krb5.conf.5 \ krb5_425_conv_principal.3 \ + krb5_address.3 \ + krb5_aname_to_localname.3 \ krb5_appdefault.3 \ krb5_auth_context.3 \ krb5_build_principal.3 \ + krb5_ccache.3 \ krb5_config.3 \ krb5_context.3 \ krb5_create_checksum.3 \ krb5_crypto_init.3 \ + krb5_data.3 \ krb5_encrypt.3 \ krb5_free_addresses.3 \ krb5_free_principal.3 \ @@ -162,9 +168,11 @@ man_MANS = \ krb5_init_context.3 \ krb5_keytab.3 \ krb5_krbhst_init.3 \ + krb5_kuserok.3 \ krb5_openlog.3 \ krb5_parse_name.3 \ krb5_principal_get_realm.3 \ + krb5_set_default_realm.3 \ krb5_sname_to_principal.3 \ krb5_timeofday.3 \ krb5_unparse_name.3 \ diff --git a/crypto/heimdal/lib/krb5/Makefile.in b/crypto/heimdal/lib/krb5/Makefile.in index 4613c46..5395352 100644 --- a/crypto/heimdal/lib/krb5/Makefile.in +++ b/crypto/heimdal/lib/krb5/Makefile.in @@ -14,11 +14,11 @@ @SET_MAKE@ -# $Id: Makefile.am,v 1.147.2.1 2002/10/21 15:03:14 joda Exp $ +# $Id: Makefile.am,v 1.156.2.1 2003/05/12 15:20:47 joda Exp $ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -203,14 +204,16 @@ NROFF_MAN = groff -mandoc -Tascii bin_PROGRAMS = verify_krb5_conf -noinst_PROGRAMS = dump_config test_get_addrs krbhst-test +noinst_PROGRAMS = dump_config test_get_addrs krbhst-test test_alname TESTS = \ + aes-test \ n-fold-test \ string-to-key-test \ derived-key-test \ store-test \ parse-name-test \ + test_cc \ name-45-test @@ -331,7 +334,7 @@ libkrb5_la_SOURCES = \ $(ERR_FILES) -libkrb5_la_LDFLAGS = -version-info 18:4:1 +libkrb5_la_LDFLAGS = -version-info 19:0:2 #libkrb5_la_LIBADD = ../com_err/error.lo ../com_err/com_err.lo @@ -340,13 +343,17 @@ man_MANS = \ krb5.3 \ krb5.conf.5 \ krb5_425_conv_principal.3 \ + krb5_address.3 \ + krb5_aname_to_localname.3 \ krb5_appdefault.3 \ krb5_auth_context.3 \ krb5_build_principal.3 \ + krb5_ccache.3 \ krb5_config.3 \ krb5_context.3 \ krb5_create_checksum.3 \ krb5_crypto_init.3 \ + krb5_data.3 \ krb5_encrypt.3 \ krb5_free_addresses.3 \ krb5_free_principal.3 \ @@ -355,9 +362,11 @@ man_MANS = \ krb5_init_context.3 \ krb5_keytab.3 \ krb5_krbhst_init.3 \ + krb5_kuserok.3 \ krb5_openlog.3 \ krb5_parse_name.3 \ krb5_principal_get_realm.3 \ + krb5_set_default_realm.3 \ krb5_sname_to_principal.3 \ krb5_timeofday.3 \ krb5_unparse_name.3 \ @@ -377,7 +386,7 @@ LTLIBRARIES = $(lib_LTLIBRARIES) libkrb5_la_DEPENDENCIES = ../com_err/error.lo ../com_err/com_err.lo \ $(top_builddir)/lib/asn1/libasn1.la -am__objects_14 = krb5_err.lo heim_err.lo k524_err.lo +am__objects_15 = krb5_err.lo heim_err.lo k524_err.lo am_libkrb5_la_OBJECTS = acl.lo add_et_list.lo addr_families.lo \ aname_to_localname.lo appdefault.lo asn1_glue.lo \ auth_context.lo build_ap_req.lo build_auth.lo cache.lo \ @@ -401,16 +410,22 @@ am_libkrb5_la_OBJECTS = acl.lo add_et_list.lo addr_families.lo \ sendauth.lo set_default_realm.lo sock_principal.lo store.lo \ store_emem.lo store_fd.lo store_mem.lo ticket.lo time.lo \ transited.lo verify_init.lo verify_user.lo version.lo warn.lo \ - write_message.lo $(am__objects_14) + write_message.lo $(am__objects_15) libkrb5_la_OBJECTS = $(am_libkrb5_la_OBJECTS) bin_PROGRAMS = verify_krb5_conf$(EXEEXT) -check_PROGRAMS = n-fold-test$(EXEEXT) string-to-key-test$(EXEEXT) \ - derived-key-test$(EXEEXT) store-test$(EXEEXT) \ - parse-name-test$(EXEEXT) name-45-test$(EXEEXT) +check_PROGRAMS = aes-test$(EXEEXT) n-fold-test$(EXEEXT) \ + string-to-key-test$(EXEEXT) derived-key-test$(EXEEXT) \ + store-test$(EXEEXT) parse-name-test$(EXEEXT) test_cc$(EXEEXT) \ + name-45-test$(EXEEXT) noinst_PROGRAMS = dump_config$(EXEEXT) test_get_addrs$(EXEEXT) \ - krbhst-test$(EXEEXT) + krbhst-test$(EXEEXT) test_alname$(EXEEXT) PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS) +aes_test_SOURCES = aes-test.c +aes_test_OBJECTS = aes-test.$(OBJEXT) +aes_test_LDADD = $(LDADD) +aes_test_DEPENDENCIES = libkrb5.la $(top_builddir)/lib/asn1/libasn1.la +aes_test_LDFLAGS = derived_key_test_SOURCES = derived-key-test.c derived_key_test_OBJECTS = derived-key-test.$(OBJEXT) derived_key_test_LDADD = $(LDADD) @@ -458,6 +473,17 @@ string_to_key_test_LDADD = $(LDADD) string_to_key_test_DEPENDENCIES = libkrb5.la \ $(top_builddir)/lib/asn1/libasn1.la string_to_key_test_LDFLAGS = +test_alname_SOURCES = test_alname.c +test_alname_OBJECTS = test_alname.$(OBJEXT) +test_alname_LDADD = $(LDADD) +test_alname_DEPENDENCIES = libkrb5.la \ + $(top_builddir)/lib/asn1/libasn1.la +test_alname_LDFLAGS = +test_cc_SOURCES = test_cc.c +test_cc_OBJECTS = test_cc.$(OBJEXT) +test_cc_LDADD = $(LDADD) +test_cc_DEPENDENCIES = libkrb5.la $(top_builddir)/lib/asn1/libasn1.la +test_cc_LDFLAGS = test_get_addrs_SOURCES = test_get_addrs.c test_get_addrs_OBJECTS = test_get_addrs.$(OBJEXT) test_get_addrs_LDADD = $(LDADD) @@ -486,24 +512,24 @@ CCLD = $(CC) LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(AM_LDFLAGS) $(LDFLAGS) -o $@ CFLAGS = @CFLAGS@ -DIST_SOURCES = $(libkrb5_la_SOURCES) derived-key-test.c dump_config.c \ - krbhst-test.c n-fold-test.c name-45-test.c parse-name-test.c \ - store-test.c string-to-key-test.c test_get_addrs.c \ - verify_krb5_conf.c +DIST_SOURCES = $(libkrb5_la_SOURCES) aes-test.c derived-key-test.c \ + dump_config.c krbhst-test.c n-fold-test.c name-45-test.c \ + parse-name-test.c store-test.c string-to-key-test.c \ + test_alname.c test_cc.c test_get_addrs.c verify_krb5_conf.c MANS = $(man_MANS) HEADERS = $(include_HEADERS) DIST_COMMON = $(include_HEADERS) Makefile.am Makefile.in -SOURCES = $(libkrb5_la_SOURCES) derived-key-test.c dump_config.c krbhst-test.c n-fold-test.c name-45-test.c parse-name-test.c store-test.c string-to-key-test.c test_get_addrs.c verify_krb5_conf.c +SOURCES = $(libkrb5_la_SOURCES) aes-test.c derived-key-test.c dump_config.c krbhst-test.c n-fold-test.c name-45-test.c parse-name-test.c store-test.c string-to-key-test.c test_alname.c test_cc.c test_get_addrs.c verify_krb5_conf.c all: all-am .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign lib/krb5/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) libLTLIBRARIES_INSTALL = $(INSTALL) install-libLTLIBRARIES: $(lib_LTLIBRARIES) @@ -562,6 +588,9 @@ clean-checkPROGRAMS: clean-noinstPROGRAMS: -test -z "$(noinst_PROGRAMS)" || rm -f $(noinst_PROGRAMS) +aes-test$(EXEEXT): $(aes_test_OBJECTS) $(aes_test_DEPENDENCIES) + @rm -f aes-test$(EXEEXT) + $(LINK) $(aes_test_LDFLAGS) $(aes_test_OBJECTS) $(aes_test_LDADD) $(LIBS) derived-key-test$(EXEEXT): $(derived_key_test_OBJECTS) $(derived_key_test_DEPENDENCIES) @rm -f derived-key-test$(EXEEXT) $(LINK) $(derived_key_test_LDFLAGS) $(derived_key_test_OBJECTS) $(derived_key_test_LDADD) $(LIBS) @@ -586,6 +615,12 @@ store-test$(EXEEXT): $(store_test_OBJECTS) $(store_test_DEPENDENCIES) string-to-key-test$(EXEEXT): $(string_to_key_test_OBJECTS) $(string_to_key_test_DEPENDENCIES) @rm -f string-to-key-test$(EXEEXT) $(LINK) $(string_to_key_test_LDFLAGS) $(string_to_key_test_OBJECTS) $(string_to_key_test_LDADD) $(LIBS) +test_alname$(EXEEXT): $(test_alname_OBJECTS) $(test_alname_DEPENDENCIES) + @rm -f test_alname$(EXEEXT) + $(LINK) $(test_alname_LDFLAGS) $(test_alname_OBJECTS) $(test_alname_LDADD) $(LIBS) +test_cc$(EXEEXT): $(test_cc_OBJECTS) $(test_cc_DEPENDENCIES) + @rm -f test_cc$(EXEEXT) + $(LINK) $(test_cc_LDFLAGS) $(test_cc_OBJECTS) $(test_cc_LDADD) $(LIBS) test_get_addrs$(EXEEXT): $(test_get_addrs_OBJECTS) $(test_get_addrs_DEPENDENCIES) @rm -f test_get_addrs$(EXEEXT) $(LINK) $(test_get_addrs_LDFLAGS) $(test_get_addrs_OBJECTS) $(test_get_addrs_LDADD) $(LIBS) @@ -927,7 +962,9 @@ info: info-am info-am: -install-data-am: install-data-local install-includeHEADERS install-man +install-data-am: install-includeHEADERS install-man + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: install-binPROGRAMS install-libLTLIBRARIES @$(NORMAL_INSTALL) @@ -959,14 +996,14 @@ uninstall-man: uninstall-man3 uninstall-man5 uninstall-man8 clean-noinstPROGRAMS distclean distclean-compile \ distclean-generic distclean-libtool distclean-tags distdir dvi \ dvi-am info info-am install install-am install-binPROGRAMS \ - install-data install-data-am install-data-local install-exec \ - install-exec-am install-includeHEADERS install-info \ - install-info-am install-libLTLIBRARIES install-man install-man3 \ - install-man5 install-man8 install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool tags uninstall \ - uninstall-am uninstall-binPROGRAMS uninstall-includeHEADERS \ + install-data install-data-am install-exec install-exec-am \ + install-includeHEADERS install-info install-info-am \ + install-libLTLIBRARIES install-man install-man3 install-man5 \ + install-man8 install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool tags uninstall uninstall-am \ + uninstall-binPROGRAMS uninstall-includeHEADERS \ uninstall-info-am uninstall-libLTLIBRARIES uninstall-man \ uninstall-man3 uninstall-man5 uninstall-man8 @@ -1094,7 +1131,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/lib/krb5/addr_families.c b/crypto/heimdal/lib/krb5/addr_families.c index 0fed2e7..be32458 100644 --- a/crypto/heimdal/lib/krb5/addr_families.c +++ b/crypto/heimdal/lib/krb5/addr_families.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: addr_families.c,v 1.37 2002/08/19 13:51:37 joda Exp $"); +RCSID("$Id: addr_families.c,v 1.38 2003/03/25 12:37:02 joda Exp $"); struct addr_operations { int af; @@ -515,6 +515,36 @@ arange_order_addr(krb5_context context, } } +static int +addrport_print_addr (const krb5_address *addr, char *str, size_t len) +{ + krb5_address addr1, addr2; + uint16_t port = 0; + size_t ret_len = 0, l; + krb5_storage *sp = krb5_storage_from_data((krb5_data*)&addr->address); + /* for totally obscure reasons, these are not in network byteorder */ + krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_LE); + + krb5_storage_seek(sp, 2, SEEK_CUR); /* skip first two bytes */ + krb5_ret_address(sp, &addr1); + + krb5_storage_seek(sp, 2, SEEK_CUR); /* skip two bytes */ + krb5_ret_address(sp, &addr2); + krb5_storage_free(sp); + if(addr2.addr_type == KRB5_ADDRESS_IPPORT && addr2.address.length == 2) { + unsigned long value; + _krb5_get_int(addr2.address.data, &value, 2); + port = value; + } + l = strlcpy(str, "ADDRPORT:", len); + ret_len += l; + krb5_print_address(&addr1, str + ret_len, len - ret_len, &l); + ret_len += l; + l = snprintf(str + ret_len, len - ret_len, ",PORT=%u", port); + ret_len += l; + return ret_len; +} + static struct addr_operations at[] = { {AF_INET, KRB5_ADDRESS_INET, sizeof(struct sockaddr_in), ipv4_sockaddr2addr, @@ -533,7 +563,8 @@ static struct addr_operations at[] = { ipv6_uninteresting, ipv6_anyaddr, ipv6_print_addr, ipv6_parse_addr} , #endif {KRB5_ADDRESS_ADDRPORT, KRB5_ADDRESS_ADDRPORT, 0, - NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }, + NULL, NULL, NULL, NULL, NULL, + NULL, NULL, addrport_print_addr, NULL, NULL, NULL, NULL }, /* fake address type */ {KRB5_ADDRESS_ARANGE, KRB5_ADDRESS_ARANGE, sizeof(struct arange), NULL, NULL, NULL, NULL, NULL, NULL, NULL, @@ -695,7 +726,7 @@ krb5_print_address (const krb5_address *addr, size_t ret; struct addr_operations *a = find_atype(addr->addr_type); - if (a == NULL) { + if (a == NULL || a->print_addr == NULL) { char *s; int l; int i; diff --git a/crypto/heimdal/lib/krb5/aes-test.c b/crypto/heimdal/lib/krb5/aes-test.c new file mode 100644 index 0000000..cfee8e2 --- /dev/null +++ b/crypto/heimdal/lib/krb5/aes-test.c @@ -0,0 +1,472 @@ +/* + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of KTH nor the names of its contributors may be + * used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ + +#include "krb5_locl.h" + +#ifdef HAVE_OPENSSL +#include <openssl/evp.h> +#endif + +RCSID("$Id: aes-test.c,v 1.3 2003/03/25 11:30:41 lha Exp $"); + +static int verbose = 0; + +static void +hex_dump_data(krb5_data *data) +{ + unsigned char *p = data->data; + int i, j; + + for (i = j = 0; i < data->length; i++, j++) { + printf("%02x ", p[i]); + if (j > 15) { + printf("\n"); + j = 0; + } + } + if (j != 0) + printf("\n"); +} + +struct { + char *password; + char *salt; + int saltlen; + int iterations; + krb5_enctype enctype; + int keylen; + char *pbkdf2; + char *key; +} keys[] = { +#ifdef ENABLE_AES + { + "password", "ATHENA.MIT.EDUraeburn", -1, + 1, + ETYPE_AES128_CTS_HMAC_SHA1_96, 16, + "\xcd\xed\xb5\x28\x1b\xb2\xf8\x01\x56\x5a\x11\x22\xb2\x56\x35\x15", + "\x42\x26\x3c\x6e\x89\xf4\xfc\x28\xb8\xdf\x68\xee\x09\x79\x9f\x15" + }, + { + "password", "ATHENA.MIT.EDUraeburn", -1, + 1, + ETYPE_AES256_CTS_HMAC_SHA1_96, 32, + "\xcd\xed\xb5\x28\x1b\xb2\xf8\x01\x56\x5a\x11\x22\xb2\x56\x35\x15" + "\x0a\xd1\xf7\xa0\x4b\xb9\xf3\xa3\x33\xec\xc0\xe2\xe1\xf7\x08\x37", + "\xfe\x69\x7b\x52\xbc\x0d\x3c\xe1\x44\x32\xba\x03\x6a\x92\xe6\x5b" + "\xbb\x52\x28\x09\x90\xa2\xfa\x27\x88\x39\x98\xd7\x2a\xf3\x01\x61" + }, + { + "password", "ATHENA.MIT.EDUraeburn", -1, + 2, + ETYPE_AES128_CTS_HMAC_SHA1_96, 16, + "\x01\xdb\xee\x7f\x4a\x9e\x24\x3e\x98\x8b\x62\xc7\x3c\xda\x93\x5d", + "\xc6\x51\xbf\x29\xe2\x30\x0a\xc2\x7f\xa4\x69\xd6\x93\xbd\xda\x13" + }, + { + "password", "ATHENA.MIT.EDUraeburn", -1, + 2, + ETYPE_AES256_CTS_HMAC_SHA1_96, 32, + "\x01\xdb\xee\x7f\x4a\x9e\x24\x3e\x98\x8b\x62\xc7\x3c\xda\x93\x5d" + "\xa0\x53\x78\xb9\x32\x44\xec\x8f\x48\xa9\x9e\x61\xad\x79\x9d\x86", + "\xa2\xe1\x6d\x16\xb3\x60\x69\xc1\x35\xd5\xe9\xd2\xe2\x5f\x89\x61" + "\x02\x68\x56\x18\xb9\x59\x14\xb4\x67\xc6\x76\x22\x22\x58\x24\xff" + }, + { + "password", "ATHENA.MIT.EDUraeburn", -1, + 1200, + ETYPE_AES128_CTS_HMAC_SHA1_96, 16, + "\x5c\x08\xeb\x61\xfd\xf7\x1e\x4e\x4e\xc3\xcf\x6b\xa1\xf5\x51\x2b", + "\x4c\x01\xcd\x46\xd6\x32\xd0\x1e\x6d\xbe\x23\x0a\x01\xed\x64\x2a" + }, + { + "password", "ATHENA.MIT.EDUraeburn", -1, + 1200, + ETYPE_AES256_CTS_HMAC_SHA1_96, 32, + "\x5c\x08\xeb\x61\xfd\xf7\x1e\x4e\x4e\xc3\xcf\x6b\xa1\xf5\x51\x2b" + "\xa7\xe5\x2d\xdb\xc5\xe5\x14\x2f\x70\x8a\x31\xe2\xe6\x2b\x1e\x13", + "\x55\xa6\xac\x74\x0a\xd1\x7b\x48\x46\x94\x10\x51\xe1\xe8\xb0\xa7" + "\x54\x8d\x93\xb0\xab\x30\xa8\xbc\x3f\xf1\x62\x80\x38\x2b\x8c\x2a" + }, + { + "password", "\x12\x34\x56\x78\x78\x56\x34\x12", 8, + 5, + ETYPE_AES128_CTS_HMAC_SHA1_96, 16, + "\xd1\xda\xa7\x86\x15\xf2\x87\xe6\xa1\xc8\xb1\x20\xd7\x06\x2a\x49", + "\xe9\xb2\x3d\x52\x27\x37\x47\xdd\x5c\x35\xcb\x55\xbe\x61\x9d\x8e" + }, + { + "password", "\x12\x34\x56\x78\x78\x56\x34\x12", 8, + 5, + ETYPE_AES256_CTS_HMAC_SHA1_96, 32, + "\xd1\xda\xa7\x86\x15\xf2\x87\xe6\xa1\xc8\xb1\x20\xd7\x06\x2a\x49" + "\x3f\x98\xd2\x03\xe6\xbe\x49\xa6\xad\xf4\xfa\x57\x4b\x6e\x64\xee", + "\x97\xa4\xe7\x86\xbe\x20\xd8\x1a\x38\x2d\x5e\xbc\x96\xd5\x90\x9c" + "\xab\xcd\xad\xc8\x7c\xa4\x8f\x57\x45\x04\x15\x9f\x16\xc3\x6e\x31" + }, + { + "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", + "pass phrase equals block size", -1, + 1200, + ETYPE_AES128_CTS_HMAC_SHA1_96, 16, + "\x13\x9c\x30\xc0\x96\x6b\xc3\x2b\xa5\x5f\xdb\xf2\x12\x53\x0a\xc9", + "\x59\xd1\xbb\x78\x9a\x82\x8b\x1a\xa5\x4e\xf9\xc2\x88\x3f\x69\xed" + }, + { + "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", + "pass phrase equals block size", -1, + 1200, + ETYPE_AES256_CTS_HMAC_SHA1_96, 32, + "\x13\x9c\x30\xc0\x96\x6b\xc3\x2b\xa5\x5f\xdb\xf2\x12\x53\x0a\xc9" + "\xc5\xec\x59\xf1\xa4\x52\xf5\xcc\x9a\xd9\x40\xfe\xa0\x59\x8e\xd1", + "\x89\xad\xee\x36\x08\xdb\x8b\xc7\x1f\x1b\xfb\xfe\x45\x94\x86\xb0" + "\x56\x18\xb7\x0c\xba\xe2\x20\x92\x53\x4e\x56\xc5\x53\xba\x4b\x34" + }, + { + "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", + "pass phrase exceeds block size", -1, + 1200, + ETYPE_AES128_CTS_HMAC_SHA1_96, 16, + "\x9c\xca\xd6\xd4\x68\x77\x0c\xd5\x1b\x10\xe6\xa6\x87\x21\xbe\x61", + "\xcb\x80\x05\xdc\x5f\x90\x17\x9a\x7f\x02\x10\x4c\x00\x18\x75\x1d" + }, + { + "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", + "pass phrase exceeds block size", -1, + 1200, + ETYPE_AES256_CTS_HMAC_SHA1_96, 32, + "\x9c\xca\xd6\xd4\x68\x77\x0c\xd5\x1b\x10\xe6\xa6\x87\x21\xbe\x61" + "\x1a\x8b\x4d\x28\x26\x01\xdb\x3b\x36\xbe\x92\x46\x91\x5e\xc8\x2a", + "\xd7\x8c\x5c\x9c\xb8\x72\xa8\xc9\xda\xd4\x69\x7f\x0b\xb5\xb2\xd2" + "\x14\x96\xc8\x2b\xeb\x2c\xae\xda\x21\x12\xfc\xee\xa0\x57\x40\x1b" + + }, + { + "\xf0\x9d\x84\x9e" /* g-clef */, "EXAMPLE.COMpianist", -1, + 50, + ETYPE_AES128_CTS_HMAC_SHA1_96, 16, + "\x6b\x9c\xf2\x6d\x45\x45\x5a\x43\xa5\xb8\xbb\x27\x6a\x40\x3b\x39", + "\xf1\x49\xc1\xf2\xe1\x54\xa7\x34\x52\xd4\x3e\x7f\xe6\x2a\x56\xe5" + }, + { + "\xf0\x9d\x84\x9e" /* g-clef */, "EXAMPLE.COMpianist", -1, + 50, + ETYPE_AES256_CTS_HMAC_SHA1_96, 32, + "\x6b\x9c\xf2\x6d\x45\x45\x5a\x43\xa5\xb8\xbb\x27\x6a\x40\x3b\x39" + "\xe7\xfe\x37\xa0\xc4\x1e\x02\xc2\x81\xff\x30\x69\xe1\xe9\x4f\x52", + "\x4b\x6d\x98\x39\xf8\x44\x06\xdf\x1f\x09\xcc\x16\x6d\xb4\xb8\x3c" + "\x57\x18\x48\xb7\x84\xa3\xd6\xbd\xc3\x46\x58\x9a\x3e\x39\x3f\x9e" + }, +#endif + { + "foo", "", -1, + 0, + ETYPE_ARCFOUR_HMAC_MD5, 16, + NULL, + "\xac\x8e\x65\x7f\x83\xdf\x82\xbe\xea\x5d\x43\xbd\xaf\x78\x00\xcc" + }, + { + "test", "", -1, + 0, + ETYPE_ARCFOUR_HMAC_MD5, 16, + NULL, + "\x0c\xb6\x94\x88\x05\xf7\x97\xbf\x2a\x82\x80\x79\x73\xb8\x95\x37" + } +}; + +static int +string_to_key_test(krb5_context context) +{ + krb5_data password, opaque; + krb5_error_code ret; + krb5_keyblock key; + krb5_salt salt; + int i, val = 0; + char iter[4]; + char keyout[32]; + + for (i = 0; i < sizeof(keys)/sizeof(keys[0]); i++) { + + password.data = keys[i].password; + password.length = strlen(password.data); + + salt.salttype = KRB5_PW_SALT; + salt.saltvalue.data = keys[i].salt; + if (keys[i].saltlen == -1) + salt.saltvalue.length = strlen(salt.saltvalue.data); + else + salt.saltvalue.length = keys[i].saltlen; + + opaque.data = iter; + opaque.length = sizeof(iter); + _krb5_put_int(iter, keys[i].iterations, 4); + + if (verbose) + printf("%d: password: %s salt: %s\n", + i, keys[i].password, keys[i].salt); + + if (keys[i].keylen > sizeof(keyout)) + abort(); + +#ifdef ENABLE_AES + if (keys[i].pbkdf2) { + +#ifdef HAVE_OPENSSL + PKCS5_PBKDF2_HMAC_SHA1(password.data, password.length, + salt.saltvalue.data, salt.saltvalue.length, + keys[i].iterations, + keys[i].keylen, keyout); + + if (memcmp(keyout, keys[i].pbkdf2, keys[i].keylen) != 0) { + krb5_warnx(context, "%d: openssl key pbkdf2", i); + val = 1; + continue; + } +#endif + + ret = krb5_PKCS5_PBKDF2(context, CKSUMTYPE_SHA1, password, salt, + keys[i].iterations - 1, + keys[i].enctype, + &key); + if (ret) { + krb5_warn(context, ret, "%d: krb5_PKCS5_PBKDF2", i); + val = 1; + continue; + } + + if (key.keyvalue.length != keys[i].keylen) { + krb5_warnx(context, "%d: size key pbkdf2", i); + val = 1; + continue; + } + + if (memcmp(key.keyvalue.data, keys[i].pbkdf2, keys[i].keylen) != 0) { + krb5_warnx(context, "%d: key pbkdf2 pl %d", + i, password.length); + val = 1; + continue; + } + + if (verbose) { + printf("PBKDF2:\n"); + hex_dump_data(&key.keyvalue); + } + + krb5_free_keyblock_contents(context, &key); + } +#endif + + ret = krb5_string_to_key_data_salt_opaque (context, keys[i].enctype, + password, salt, opaque, + &key); + if (ret) { + krb5_warn(context, ret, "%d: string_to_key_data_salt_opaque", i); + val = 1; + continue; + } + + if (key.keyvalue.length != keys[i].keylen) { + krb5_warnx(context, "%d: key wrong length (%d/%d)", + i, key.keyvalue.length, keys[i].keylen); + val = 1; + continue; + } + + if (memcmp(key.keyvalue.data, keys[i].key, keys[i].keylen) != 0) { + krb5_warnx(context, "%d: key wrong", i); + val = 1; + continue; + } + + if (verbose) { + printf("key:\n"); + hex_dump_data(&key.keyvalue); + } + krb5_free_keyblock_contents(context, &key); + } + return val; +} + +#ifdef ENABLE_AES + +struct { + size_t len; + char *input; + char *output; +} encs[] = { + { + 17, + "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" + "\x20", + "\xc6\x35\x35\x68\xf2\xbf\x8c\xb4\xd8\xa5\x80\x36\x2d\xa7\xff\x7f" + "\x97" + }, + { + 31, + "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" + "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20", + "\xfc\x00\x78\x3e\x0e\xfd\xb2\xc1\xd4\x45\xd4\xc8\xef\xf7\xed\x22" + "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5" + }, + { + 32, + "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" + "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43", + "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8" + "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84" + }, + { + 47, + "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" + "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43" + "\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c", + "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84" + "\xb3\xff\xfd\x94\x0c\x16\xa1\x8c\x1b\x55\x49\xd2\xf8\x38\x02\x9e" + "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5" + }, + { + 64, + "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" + "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43" + "\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20" + "\x61\x6e\x64\x20\x77\x6f\x6e\x74\x6f\x6e\x20\x73\x6f\x75\x70\x2e", + "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84" + "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8" + "\x48\x07\xef\xe8\x36\xee\x89\xa5\x26\x73\x0d\xbc\x2f\x7b\xc8\x40" + "\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8" + } +}; + +char *enc_key = + "\x63\x68\x69\x63\x6b\x65\x6e\x20\x74\x65\x72\x69\x79\x61\x6b\x69"; + +static int +samep(int testn, char *type, const char *p1, const char *p2, size_t len) +{ + size_t i; + int val = 1; + + for (i = 0; i < len; i++) { + if (p1[i] != p2[i]) { + if (verbose) + printf("M"); + val = 0; + } else { + if (verbose) + printf("."); + } + } + if (verbose) + printf("\n"); + return val; +} + +static int +encryption_test(krb5_context context) +{ + char iv[AES_BLOCK_SIZE]; + int i, val = 0; + AES_KEY ekey, dkey; + char *p; + + AES_set_encrypt_key(enc_key, 128, &ekey); + AES_set_decrypt_key(enc_key, 128, &dkey); + + for (i = 0; i < sizeof(encs)/sizeof(encs[0]); i++) { + if (verbose) + printf("test: %d\n", i); + memset(iv, 0, sizeof(iv)); + + p = malloc(encs[i].len + 1); + if (p == NULL) + krb5_errx(context, 1, "malloc"); + + p[encs[i].len] = '\0'; + + memcpy(p, encs[i].input, encs[i].len); + + _krb5_aes_cts_encrypt(p, p, encs[i].len, + &ekey, iv, AES_ENCRYPT); + + if (p[encs[i].len] != '\0') { + krb5_warnx(context, "%d: encrypt modified off end", i); + val = 1; + } + + if (!samep(i, "cipher", p, encs[i].output, encs[i].len)) + val = 1; + + memset(iv, 0, sizeof(iv)); + + _krb5_aes_cts_encrypt(p, p, encs[i].len, + &dkey, iv, AES_DECRYPT); + + if (p[encs[i].len] != '\0') { + krb5_warnx(context, "%d: decrypt modified off end", i); + val = 1; + } + + if (!samep(i, "clear", p, encs[i].input, encs[i].len)) + val = 1; + + free(p); + } + return val; +} + +#endif /* ENABLE_AES */ + +int +main(int argc, char **argv) +{ + krb5_error_code ret; + krb5_context context; + int val = 0; + + ret = krb5_init_context (&context); + if (ret) + errx (1, "krb5_init_context failed: %d", ret); + + val |= string_to_key_test(context); + +#ifdef ENABLE_AES + val |= encryption_test(context); +#endif + + if (verbose && val == 0) + printf("all ok\n"); + if (val) + printf("tests failed\n"); + + krb5_free_context(context); + + return val; +} diff --git a/crypto/heimdal/lib/krb5/aname_to_localname.c b/crypto/heimdal/lib/krb5/aname_to_localname.c index 052d4208..d5b5f87 100644 --- a/crypto/heimdal/lib/krb5/aname_to_localname.c +++ b/crypto/heimdal/lib/krb5/aname_to_localname.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: aname_to_localname.c,v 1.4 2002/04/18 08:56:40 joda Exp $"); +RCSID("$Id: aname_to_localname.c,v 1.6 2003/04/16 16:01:06 lha Exp $"); krb5_error_code krb5_aname_to_localname (krb5_context context, @@ -43,7 +43,7 @@ krb5_aname_to_localname (krb5_context context, { krb5_error_code ret; krb5_realm *lrealms, *r; - int foo = 1; + int valid; size_t len; const char *res; @@ -51,26 +51,42 @@ krb5_aname_to_localname (krb5_context context, if (ret) return ret; + valid = 0; for (r = lrealms; *r != NULL; ++r) { - foo = strcmp (*r, aname->realm); - if (foo == 0) + if (strcmp (*r, aname->realm) == 0) { + valid = 1; break; + } } krb5_free_host_realm (context, lrealms); - if (foo != 0) + if (valid == 0) return KRB5_NO_LOCALNAME; if (aname->name.name_string.len == 1) res = aname->name.name_string.val[0]; else if (aname->name.name_string.len == 2 - && strcmp (aname->name.name_string.val[1], "root") == 0) + && strcmp (aname->name.name_string.val[1], "root") == 0) { + krb5_principal rootprinc; + krb5_boolean userok; + res = "root"; - else + + ret = krb5_copy_principal(context, aname, &rootprinc); + if (ret) + return ret; + + userok = krb5_kuserok(context, rootprinc, res); + krb5_free_principal(context, rootprinc); + if (!userok) + return KRB5_NO_LOCALNAME; + + } else return KRB5_NO_LOCALNAME; len = strlen (res); if (len >= lnsize) return ERANGE; - strcpy (lname, res); + strlcpy (lname, res, lnsize); + return 0; } diff --git a/crypto/heimdal/lib/krb5/cache.c b/crypto/heimdal/lib/krb5/cache.c index d25a515..26cda9a 100644 --- a/crypto/heimdal/lib/krb5/cache.c +++ b/crypto/heimdal/lib/krb5/cache.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: cache.c,v 1.49 2002/05/29 16:08:23 joda Exp $"); +RCSID("$Id: cache.c,v 1.52 2003/03/16 18:23:59 lha Exp $"); /* * Add a new ccache type with operations `ops', overwriting any @@ -180,24 +180,57 @@ krb5_cc_get_type(krb5_context context, } /* - * Return a pointer to a static string containing the default ccache name. + * Return krb5_cc_ops of a the ccache `id'. + */ + +const krb5_cc_ops * +krb5_cc_get_ops(krb5_context context, krb5_ccache id) +{ + return id->ops; +} + +/* + * Set the default cc name for `context' to `name'. + */ + +krb5_error_code +krb5_cc_set_default_name(krb5_context context, const char *name) +{ + krb5_error_code ret = 0; + char *p; + + if (name == NULL) { + char *e; + e = getenv("KRB5CCNAME"); + if (e) + p = strdup(e); + else + asprintf(&p,"FILE:/tmp/krb5cc_%u", (unsigned)getuid()); + } else + p = strdup(name); + + if (p == NULL) + return ENOMEM; + + if (context->default_cc_name) + free(context->default_cc_name); + + context->default_cc_name = p; + + return ret; +} + +/* + * Return a pointer to a context static string containing the default ccache name. */ const char* krb5_cc_default_name(krb5_context context) { - static char name[1024]; - char *p; + if (context->default_cc_name == NULL) + krb5_cc_set_default_name(context, NULL); - p = getenv("KRB5CCNAME"); - if(p) - strlcpy (name, p, sizeof(name)); - else - snprintf(name, - sizeof(name), - "FILE:/tmp/krb5cc_%u", - (unsigned)getuid()); - return name; + return context->default_cc_name; } /* @@ -209,9 +242,11 @@ krb5_error_code krb5_cc_default(krb5_context context, krb5_ccache *id) { - return krb5_cc_resolve(context, - krb5_cc_default_name(context), - id); + const char *p = krb5_cc_default_name(context); + + if (p == NULL) + return ENOMEM; + return krb5_cc_resolve(context, p, id); } /* diff --git a/crypto/heimdal/lib/krb5/changepw.c b/crypto/heimdal/lib/krb5/changepw.c index 0dcce13..a17bf2b 100644 --- a/crypto/heimdal/lib/krb5/changepw.c +++ b/crypto/heimdal/lib/krb5/changepw.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: changepw.c,v 1.37.2.1 2002/10/21 14:31:58 joda Exp $"); +RCSID("$Id: changepw.c,v 1.38 2002/09/29 11:48:34 joda Exp $"); static krb5_error_code send_request (krb5_context context, diff --git a/crypto/heimdal/lib/krb5/context.c b/crypto/heimdal/lib/krb5/context.c index 096aff2..feb387d 100644 --- a/crypto/heimdal/lib/krb5/context.c +++ b/crypto/heimdal/lib/krb5/context.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include <com_err.h> -RCSID("$Id: context.c,v 1.81.2.1 2002/10/21 14:33:34 joda Exp $"); +RCSID("$Id: context.c,v 1.83 2003/03/10 00:24:13 lha Exp $"); #define INIT_FIELD(C, T, E, D, F) \ (C)->E = krb5_config_get_ ## T ## _default ((C), NULL, (D), \ @@ -176,6 +176,7 @@ init_context_from_config_file(krb5_context context) /* prefer dns_lookup_kdc over srv_lookup. */ INIT_FIELD(context, bool, srv_lookup, TRUE, "srv_lookup"); INIT_FIELD(context, bool, srv_lookup, context->srv_lookup, "dns_lookup_kdc"); + context->default_cc_name = NULL; return 0; } @@ -227,6 +228,8 @@ out: void krb5_free_context(krb5_context context) { + if (context->default_cc_name) + free(context->default_cc_name); free(context->etypes); free(context->etypes_des); krb5_free_host_realm (context, context->default_realms); diff --git a/crypto/heimdal/lib/krb5/convert_creds.c b/crypto/heimdal/lib/krb5/convert_creds.c index ecdcf96..0c119e7 100644 --- a/crypto/heimdal/lib/krb5/convert_creds.c +++ b/crypto/heimdal/lib/krb5/convert_creds.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,7 +32,9 @@ */ #include "krb5_locl.h" -RCSID("$Id: convert_creds.c,v 1.24 2001/06/20 02:49:21 joda Exp $"); +RCSID("$Id: convert_creds.c,v 1.26 2003/03/18 03:11:16 lha Exp $"); + +#include "krb5-v4compat.h" static krb5_error_code check_ticket_flags(TicketFlags f) @@ -42,42 +44,6 @@ check_ticket_flags(TicketFlags f) /* include this here, to avoid dependencies on libkrb */ -#define MAX_KTXT_LEN 1250 - -#define ANAME_SZ 40 -#define REALM_SZ 40 -#define SNAME_SZ 40 -#define INST_SZ 40 - -struct ktext { - unsigned int length; /* Length of the text */ - unsigned char dat[MAX_KTXT_LEN]; /* The data itself */ - u_int32_t mbz; /* zero to catch runaway strings */ -}; - -struct credentials { - char service[ANAME_SZ]; /* Service name */ - char instance[INST_SZ]; /* Instance */ - char realm[REALM_SZ]; /* Auth domain */ - des_cblock session; /* Session key */ - int lifetime; /* Lifetime */ - int kvno; /* Key version number */ - struct ktext ticket_st; /* The ticket itself */ - int32_t issue_date; /* The issue time */ - char pname[ANAME_SZ]; /* Principal's name */ - char pinst[INST_SZ]; /* Principal's instance */ -}; - - -#define TKTLIFENUMFIXED 64 -#define TKTLIFEMINFIXED 0x80 -#define TKTLIFEMAXFIXED 0xBF -#define TKTLIFENOEXPIRE 0xFF -#define MAXTKTLIFETIME (30*24*3600) /* 30 days */ -#ifndef NEVERDATE -#define NEVERDATE ((time_t)0x7fffffffL) -#endif - static const int _tkt_lifetimes[TKTLIFENUMFIXED] = { 38400, 41055, 43894, 46929, 50174, 53643, 57352, 61318, 65558, 70091, 74937, 80119, 85658, 91581, 97914, 104684, @@ -89,8 +55,8 @@ static const int _tkt_lifetimes[TKTLIFENUMFIXED] = { 1623226, 1735464, 1855462, 1983758, 2120925, 2267576, 2424367, 2592000 }; -static int -_krb_time_to_life(time_t start, time_t end) +int +_krb5_krb_time_to_life(time_t start, time_t end) { int i; time_t life = end - start; @@ -113,6 +79,26 @@ _krb_time_to_life(time_t start, time_t end) } +time_t +_krb5_krb_life_to_time(int start, int life_) +{ + unsigned char life = (unsigned char) life_; + +#if 0 + if (krb_no_long_lifetimes) + return start + life*5*60; +#endif + + if (life == TKTLIFENOEXPIRE) + return NEVERDATE; + if (life < TKTLIFEMINFIXED) + return start + life*5*60; + if (life > TKTLIFEMAXFIXED) + return start + MAXTKTLIFETIME; + return start + _tkt_lifetimes[life - TKTLIFEMINFIXED]; +} + + /* Convert the v5 credentials in `in_cred' to v4-dito in `v4creds'. * This is done by sending them to the 524 function in the KDC. If * `in_cred' doesn't contain a DES session key, then a new one is @@ -183,8 +169,8 @@ krb524_convert_creds_kdc(krb5_context context, if(ret) goto out; v4creds->issue_date = v5_creds->times.starttime; - v4creds->lifetime = _krb_time_to_life(v4creds->issue_date, - v5_creds->times.endtime); + v4creds->lifetime = _krb5_krb_time_to_life(v4creds->issue_date, + v5_creds->times.endtime); ret = krb5_524_conv_principal(context, v5_creds->client, v4creds->pname, v4creds->pinst, diff --git a/crypto/heimdal/lib/krb5/crypto.c b/crypto/heimdal/lib/krb5/crypto.c index 65fa793..a238c76 100644 --- a/crypto/heimdal/lib/krb5/crypto.c +++ b/crypto/heimdal/lib/krb5/crypto.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: crypto.c,v 1.66 2002/09/03 19:58:15 joda Exp $"); +RCSID("$Id: crypto.c,v 1.73 2003/04/01 16:51:54 lha Exp $"); #undef CRYPTO_DEBUG #ifdef CRYPTO_DEBUG @@ -71,7 +71,7 @@ struct salt_type { krb5_salttype type; const char *name; krb5_error_code (*string_to_key)(krb5_context, krb5_enctype, krb5_data, - krb5_salt, krb5_keyblock*); + krb5_salt, krb5_data, krb5_keyblock*); }; struct key_type { @@ -110,6 +110,7 @@ struct encryption_type { krb5_enctype type; const char *name; size_t blocksize; + size_t padsize; size_t confoundersize; struct key_type *keytype; struct checksum_type *checksum; @@ -133,6 +134,19 @@ static struct key_type *_find_keytype(krb5_keytype type); static krb5_error_code _get_derived_key(krb5_context, krb5_crypto, unsigned, struct key_data**); static struct key_data *_new_derived_key(krb5_crypto crypto, unsigned usage); +static krb5_error_code derive_key(krb5_context context, + struct encryption_type *et, + struct key_data *key, + const void *constant, + size_t len); +static void hmac(krb5_context context, + struct checksum_type *cm, + const void *data, + size_t len, + unsigned usage, + struct key_data *keyblock, + Checksum *result); +static void free_key_data(krb5_context context, struct key_data *key); /************************************************************ * * @@ -192,6 +206,7 @@ krb5_DES_string_to_key(krb5_context context, krb5_enctype enctype, krb5_data password, krb5_salt salt, + krb5_data opaque, krb5_keyblock *key) { unsigned char *s; @@ -240,7 +255,7 @@ krb5_DES_AFS3_CMU_string_to_key (krb5_data pw, } password[8] = '\0'; - memcpy(key, crypt(password, "#~") + 2, sizeof(des_cblock)); + memcpy(key, crypt(password, "p1") + 2, sizeof(des_cblock)); /* parity is inserted into the LSB so left shift each byte up one bit. This allows ascii characters with a zero MSB to retain as @@ -297,6 +312,7 @@ DES_AFS3_string_to_key(krb5_context context, krb5_enctype enctype, krb5_data password, krb5_salt salt, + krb5_data opaque, krb5_keyblock *key) { des_cblock tmp; @@ -359,6 +375,7 @@ DES3_string_to_key(krb5_context context, krb5_enctype enctype, krb5_data password, krb5_salt salt, + krb5_data opaque, krb5_keyblock *key) { char *str; @@ -415,6 +432,7 @@ DES3_string_to_key_derived(krb5_context context, krb5_enctype enctype, krb5_data password, krb5_salt salt, + krb5_data opaque, krb5_keyblock *key) { krb5_error_code ret; @@ -461,6 +479,7 @@ ARCFOUR_string_to_key(krb5_context context, krb5_enctype enctype, krb5_data password, krb5_salt salt, + krb5_data opaque, krb5_keyblock *key) { char *s, *p; @@ -488,6 +507,180 @@ ARCFOUR_string_to_key(krb5_context context, return 0; } +#ifdef ENABLE_AES +/* + * AES + */ + +/* iter is really 1 based, so iter == 0 will be 1 iteration */ + +krb5_error_code +krb5_PKCS5_PBKDF2(krb5_context context, krb5_cksumtype cktype, + krb5_data password, krb5_salt salt, u_int32_t iter, + krb5_keytype type, krb5_keyblock *key) +{ + struct checksum_type *c = _find_checksum(cktype); + struct key_type *kt; + size_t datalen, leftofkey; + krb5_error_code ret; + u_int32_t keypart; + struct key_data ksign; + krb5_keyblock kb; + Checksum result; + char *data, *tmpcksum; + int i, j; + char *p; + + if (c == NULL) { + krb5_set_error_string(context, "checksum %d not supported", cktype); + return KRB5_PROG_KEYTYPE_NOSUPP; + } + + kt = _find_keytype(type); + if (kt == NULL) { + krb5_set_error_string(context, "key type %d not supported", type); + return KRB5_PROG_KEYTYPE_NOSUPP; + } + + key->keytype = type; + ret = krb5_data_alloc (&key->keyvalue, kt->bits / 8); + if (ret) { + krb5_set_error_string(context, "malloc: out of memory"); + return ret; + } + + ret = krb5_data_alloc (&result.checksum, c->checksumsize); + if (ret) { + krb5_set_error_string(context, "malloc: out of memory"); + krb5_data_free (&key->keyvalue); + return ret; + } + + tmpcksum = malloc(c->checksumsize); + if (tmpcksum == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + krb5_data_free (&key->keyvalue); + krb5_data_free (&result.checksum); + return ENOMEM; + } + + datalen = salt.saltvalue.length + 4; + data = malloc(datalen); + if (data == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + free(tmpcksum); + krb5_data_free (&key->keyvalue); + krb5_data_free (&result.checksum); + return ENOMEM; + } + + kb.keyvalue = password; + ksign.key = &kb; + + memcpy(data, salt.saltvalue.data, salt.saltvalue.length); + + keypart = 1; + leftofkey = key->keyvalue.length; + p = key->keyvalue.data; + + while (leftofkey) { + int len; + + if (leftofkey > c->checksumsize) + len = c->checksumsize; + else + len = leftofkey; + + _krb5_put_int(data + datalen - 4, keypart, 4); + + hmac(context, c, data, datalen, 0, &ksign, &result); + memcpy(p, result.checksum.data, len); + memcpy(tmpcksum, result.checksum.data, result.checksum.length); + for (i = 0; i < iter; i++) { + hmac(context, c, tmpcksum, result.checksum.length, + 0, &ksign, &result); + memcpy(tmpcksum, result.checksum.data, result.checksum.length); + for (j = 0; j < len; j++) + p[j] ^= tmpcksum[j]; + } + + p += len; + leftofkey -= len; + keypart++; + } + + free(data); + free(tmpcksum); + krb5_data_free (&result.checksum); + + return 0; +} + +static krb5_error_code +AES_string_to_key(krb5_context context, + krb5_enctype enctype, + krb5_data password, + krb5_salt salt, + krb5_data opaque, + krb5_keyblock *key) +{ + krb5_error_code ret; + u_int32_t iter; + struct encryption_type *et; + struct key_data kd; + + if (opaque.length == 0) + iter = 45056 - 1; + else if (opaque.length == 4) { + unsigned long v; + _krb5_get_int(opaque.data, &v, 4); + iter = ((u_int32_t)v) - 1; + } else + return KRB5_PROG_KEYTYPE_NOSUPP; /* XXX */ + + + et = _find_enctype(enctype); + if (et == NULL) + return KRB5_PROG_KEYTYPE_NOSUPP; + + ret = krb5_PKCS5_PBKDF2(context, CKSUMTYPE_SHA1, password, salt, + iter, enctype, key); + if (ret) + return ret; + + ret = krb5_copy_keyblock(context, key, &kd.key); + kd.schedule = NULL; + + ret = derive_key(context, et, &kd, "kerberos", strlen("kerberos")); + + if (ret) { + krb5_data_free(&key->keyvalue); + } else { + ret = krb5_copy_keyblock_contents(context, kd.key, key); + free_key_data(context, &kd); + } + + return ret; +} + +static void +AES_schedule(krb5_context context, struct key_data *kd) +{ + AES_KEY *key = kd->schedule->data; + int bits = kd->key->keyvalue.length * 8; + + AES_set_encrypt_key(kd->key->keyvalue.data, bits, &key[0]); + AES_set_decrypt_key(kd->key->keyvalue.data, bits, &key[1]); +} + +/* + * + */ + +extern struct salt_type AES_salt[]; + +#endif /* ENABLE_AES */ + extern struct salt_type des_salt[], des3_salt[], des3_salt_derived[], arcfour_salt[]; @@ -535,6 +728,30 @@ struct key_type keytype_des3_derived = { des3_salt_derived }; +#ifdef ENABLE_AES +struct key_type keytype_aes128 = { + KEYTYPE_AES128, + "aes-128", + 128, + 16, + sizeof(AES_KEY) * 2, + NULL, + AES_schedule, + AES_salt +}; + +struct key_type keytype_aes256 = { + KEYTYPE_AES256, + "aes-256", + 256, + 16, + sizeof(AES_KEY) * 2, + NULL, + AES_schedule, + AES_salt +}; +#endif /* ENABLE_AES */ + struct key_type keytype_arcfour = { KEYTYPE_ARCFOUR, "arcfour", @@ -551,6 +768,10 @@ struct key_type *keytypes[] = { &keytype_des, &keytype_des3_derived, &keytype_des3, +#ifdef ENABLE_AES + &keytype_aes128, + &keytype_aes256, +#endif /* ENABLE_AES */ &keytype_arcfour }; @@ -599,6 +820,17 @@ struct salt_type des3_salt_derived[] = { { 0 } }; +#ifdef ENABLE_AES +struct salt_type AES_salt[] = { + { + KRB5_PW_SALT, + "pw-salt", + AES_string_to_key + }, + { 0 } +}; +#endif /* ENABLE_AES */ + struct salt_type arcfour_salt[] = { { KRB5_PW_SALT, @@ -730,11 +962,6 @@ krb5_string_to_key (krb5_context context, return krb5_string_to_key_data(context, enctype, pw, principal, key); } -/* - * Do a string -> key for encryption type `enctype' operation on - * `password' (with salt `salt'), returning the resulting key in `key' - */ - krb5_error_code krb5_string_to_key_data_salt (krb5_context context, krb5_enctype enctype, @@ -742,6 +969,26 @@ krb5_string_to_key_data_salt (krb5_context context, krb5_salt salt, krb5_keyblock *key) { + krb5_data opaque; + krb5_data_zero(&opaque); + return krb5_string_to_key_data_salt_opaque(context, enctype, password, + salt, opaque, key); +} + +/* + * Do a string -> key for encryption type `enctype' operation on + * `password' (with salt `salt' and the enctype specific data string + * `opaque'), returning the resulting key in `key' + */ + +krb5_error_code +krb5_string_to_key_data_salt_opaque (krb5_context context, + krb5_enctype enctype, + krb5_data password, + krb5_salt salt, + krb5_data opaque, + krb5_keyblock *key) +{ struct encryption_type *et =_find_enctype(enctype); struct salt_type *st; if(et == NULL) { @@ -751,7 +998,8 @@ krb5_string_to_key_data_salt (krb5_context context, } for(st = et->keytype->string_to_key; st && st->type; st++) if(st->type == salt.salttype) - return (*st->string_to_key)(context, enctype, password, salt, key); + return (*st->string_to_key)(context, enctype, password, + salt, opaque, key); krb5_set_error_string(context, "salt type %d not supported", salt.salttype); return HEIM_ERR_SALTTYPE_NOSUPP; @@ -810,6 +1058,21 @@ krb5_string_to_keytype(krb5_context context, } krb5_error_code +krb5_enctype_keysize(krb5_context context, + krb5_enctype type, + size_t *keysize) +{ + struct encryption_type *et = _find_enctype(type); + if(et == NULL) { + krb5_set_error_string(context, "encryption type %d not supported", + type); + return KRB5_PROG_ETYPE_NOSUPP; + } + *keysize = et->keytype->size; + return 0; +} + +krb5_error_code krb5_generate_random_keyblock(krb5_context context, krb5_enctype type, krb5_keyblock *key) @@ -1170,16 +1433,22 @@ hmac(krb5_context context, } static void -HMAC_SHA1_DES3_checksum(krb5_context context, - struct key_data *key, - const void *data, - size_t len, - unsigned usage, - Checksum *result) +SP_HMAC_SHA1_checksum(krb5_context context, + struct key_data *key, + const void *data, + size_t len, + unsigned usage, + Checksum *result) { struct checksum_type *c = _find_checksum(CKSUMTYPE_SHA1); + Checksum res; + char sha1_data[20]; + + res.checksum.data = sha1_data; + res.checksum.length = sizeof(sha1_data); - hmac(context, c, data, len, usage, key, result); + hmac(context, c, data, len, usage, key, &res); + memcpy(result->checksum.data, res.checksum.data, result->checksum.length); } /* @@ -1357,9 +1626,31 @@ struct checksum_type checksum_hmac_sha1_des3 = { 64, 20, F_KEYED | F_CPROOF | F_DERIVED, - HMAC_SHA1_DES3_checksum, + SP_HMAC_SHA1_checksum, + NULL +}; + +#ifdef ENABLE_AES +struct checksum_type checksum_hmac_sha1_aes128 = { + CKSUMTYPE_HMAC_SHA1_96_AES_128, + "hmac-sha1-96-aes128", + 64, + 12, + F_KEYED | F_CPROOF | F_DERIVED, + SP_HMAC_SHA1_checksum, + NULL +}; + +struct checksum_type checksum_hmac_sha1_aes256 = { + CKSUMTYPE_HMAC_SHA1_96_AES_256, + "hmac-sha1-96-aes256", + 64, + 12, + F_KEYED | F_CPROOF | F_DERIVED, + SP_HMAC_SHA1_checksum, NULL }; +#endif /* ENABLE_AES */ struct checksum_type checksum_hmac_md5 = { CKSUMTYPE_HMAC_MD5, @@ -1396,6 +1687,10 @@ struct checksum_type *checksum_types[] = { &checksum_rsa_md5_des3, &checksum_sha1, &checksum_hmac_sha1_des3, +#ifdef ENABLE_AES + &checksum_hmac_sha1_aes128, + &checksum_hmac_sha1_aes256, +#endif &checksum_hmac_md5, &checksum_hmac_md5_enc }; @@ -1723,6 +2018,114 @@ DES_PCBC_encrypt_key_ivec(krb5_context context, return 0; } +#ifdef ENABLE_AES + +/* + * AES draft-raeburn-krb-rijndael-krb-02 + */ + +void +_krb5_aes_cts_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *aes_key, + unsigned char *ivec, const int enc) +{ + unsigned char tmp[AES_BLOCK_SIZE]; + const AES_KEY *key = aes_key; /* XXX remove this when we always have AES */ + int i; + + /* + * In the framework of kerberos, the length can never be shorter + * then at least one blocksize. + */ + + if (enc == AES_ENCRYPT) { + + while(len > AES_BLOCK_SIZE) { + for (i = 0; i < AES_BLOCK_SIZE; i++) + tmp[i] = in[i] ^ ivec[i]; + AES_encrypt(tmp, out, key); + memcpy(ivec, out, AES_BLOCK_SIZE); + len -= AES_BLOCK_SIZE; + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; + } + + for (i = 0; i < len; i++) + tmp[i] = in[i] ^ ivec[i]; + for (; i < AES_BLOCK_SIZE; i++) + tmp[i] = 0 ^ ivec[i]; + + AES_encrypt(tmp, out - AES_BLOCK_SIZE, key); + + memcpy(out, ivec, len); + + } else { + char tmp2[AES_BLOCK_SIZE]; + char tmp3[AES_BLOCK_SIZE]; + + while(len > AES_BLOCK_SIZE * 2) { + memcpy(tmp, in, AES_BLOCK_SIZE); + AES_decrypt(in, out, key); + for (i = 0; i < AES_BLOCK_SIZE; i++) + out[i] ^= ivec[i]; + memcpy(ivec, tmp, AES_BLOCK_SIZE); + len -= AES_BLOCK_SIZE; + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; + } + + len -= AES_BLOCK_SIZE; + + AES_decrypt(in, tmp2, key); + + memcpy(tmp3, in + AES_BLOCK_SIZE, len); + memcpy(tmp3 + len, tmp2 + len, AES_BLOCK_SIZE - len); /* xor 0 */ + + for (i = 0; i < len; i++) + out[i + AES_BLOCK_SIZE] = tmp2[i] ^ tmp3[i]; + + AES_decrypt(tmp3, out, key); + for (i = 0; i < AES_BLOCK_SIZE; i++) + out[i] ^= ivec[i]; + } +} + +static krb5_error_code +AES_CTS_encrypt(krb5_context context, + struct key_data *key, + void *data, + size_t len, + krb5_boolean encrypt, + int usage, + void *ivec) +{ + AES_KEY *k = key->schedule->data; + char local_ivec[AES_BLOCK_SIZE]; + + if (encrypt) + k = &k[0]; + else + k = &k[1]; + + if (len < AES_BLOCK_SIZE) + abort(); + if (len == AES_BLOCK_SIZE) { + if (encrypt) + AES_encrypt(data, data, k); + else + AES_decrypt(data, data, k); + } else { + if(ivec == NULL) { + memset(local_ivec, 0, sizeof(local_ivec)); + ivec = local_ivec; + } + _krb5_aes_cts_encrypt(data, data, len, k, ivec, encrypt); + } + + return 0; +} +#endif /* ENABLE_AES */ + /* * section 6 of draft-brezak-win2k-krb-rc4-hmac-03 * @@ -1863,7 +2266,8 @@ usage2arcfour (krb5_context context, int *usage) *usage = 1; return 0; case KRB5_KU_TICKET : - *usage = 8; + *usage = 2; + return 0; case KRB5_KU_AS_REP_ENC_PART : *usage = 8; return 0; @@ -1930,6 +2334,7 @@ static struct encryption_type enctype_null = { ETYPE_NULL, "null", 1, + 1, 0, &keytype_null, &checksum_none, @@ -1942,6 +2347,7 @@ static struct encryption_type enctype_des_cbc_crc = { "des-cbc-crc", 8, 8, + 8, &keytype_des, &checksum_crc32, NULL, @@ -1953,6 +2359,7 @@ static struct encryption_type enctype_des_cbc_md4 = { "des-cbc-md4", 8, 8, + 8, &keytype_des, &checksum_rsa_md4, &checksum_rsa_md4_des, @@ -1964,6 +2371,7 @@ static struct encryption_type enctype_des_cbc_md5 = { "des-cbc-md5", 8, 8, + 8, &keytype_des, &checksum_rsa_md5, &checksum_rsa_md5_des, @@ -1974,10 +2382,11 @@ static struct encryption_type enctype_arcfour_hmac_md5 = { ETYPE_ARCFOUR_HMAC_MD5, "arcfour-hmac-md5", 1, + 1, 8, &keytype_arcfour, &checksum_hmac_md5, - &checksum_hmac_md5_enc, + /* &checksum_hmac_md5_enc */ NULL, F_SPECIAL, ARCFOUR_encrypt }; @@ -1986,6 +2395,7 @@ static struct encryption_type enctype_des3_cbc_md5 = { "des3-cbc-md5", 8, 8, + 8, &keytype_des3, &checksum_rsa_md5, &checksum_rsa_md5_des3, @@ -1997,6 +2407,7 @@ static struct encryption_type enctype_des3_cbc_sha1 = { "des3-cbc-sha1", 8, 8, + 8, &keytype_des3_derived, &checksum_sha1, &checksum_hmac_sha1_des3, @@ -2008,16 +2419,44 @@ static struct encryption_type enctype_old_des3_cbc_sha1 = { "old-des3-cbc-sha1", 8, 8, + 8, &keytype_des3, &checksum_sha1, &checksum_hmac_sha1_des3, 0, DES3_CBC_encrypt, }; +#ifdef ENABLE_AES +static struct encryption_type enctype_aes128_cts_hmac_sha1 = { + ETYPE_AES128_CTS_HMAC_SHA1_96, + "aes128-cts-hmac-sha1-96", + 16, + 1, + 16, + &keytype_aes128, + &checksum_sha1, + &checksum_hmac_sha1_aes128, + 0, + AES_CTS_encrypt, +}; +static struct encryption_type enctype_aes256_cts_hmac_sha1 = { + ETYPE_AES256_CTS_HMAC_SHA1_96, + "aes256-cts-hmac-sha1-96", + 16, + 1, + 16, + &keytype_aes256, + &checksum_sha1, + &checksum_hmac_sha1_aes256, + 0, + AES_CTS_encrypt, +}; +#endif /* ENABLE_AES */ static struct encryption_type enctype_des_cbc_none = { ETYPE_DES_CBC_NONE, "des-cbc-none", 8, + 8, 0, &keytype_des, &checksum_none, @@ -2029,6 +2468,7 @@ static struct encryption_type enctype_des_cfb64_none = { ETYPE_DES_CFB64_NONE, "des-cfb64-none", 1, + 1, 0, &keytype_des, &checksum_none, @@ -2040,6 +2480,7 @@ static struct encryption_type enctype_des_pcbc_none = { ETYPE_DES_PCBC_NONE, "des-pcbc-none", 8, + 8, 0, &keytype_des, &checksum_none, @@ -2051,6 +2492,7 @@ static struct encryption_type enctype_des3_cbc_none = { ETYPE_DES3_CBC_NONE, "des3-cbc-none", 8, + 8, 0, &keytype_des3_derived, &checksum_none, @@ -2068,6 +2510,10 @@ static struct encryption_type *etypes[] = { &enctype_des3_cbc_md5, &enctype_des3_cbc_sha1, &enctype_old_des3_cbc_sha1, +#ifdef ENABLE_AES + &enctype_aes128_cts_hmac_sha1, + &enctype_aes256_cts_hmac_sha1, +#endif &enctype_des_cbc_none, &enctype_des_cfb64_none, &enctype_des_pcbc_none, @@ -2270,7 +2716,7 @@ encrypt_internal_derived(krb5_context context, checksum_sz = CHECKSUMSIZE(et->keyed_checksum); sz = et->confoundersize + len; - block_sz = (sz + et->blocksize - 1) &~ (et->blocksize - 1); /* pad */ + block_sz = (sz + et->padsize - 1) &~ (et->padsize - 1); /* pad */ total_sz = block_sz + checksum_sz; p = calloc(1, total_sz); if(p == NULL) { @@ -2338,7 +2784,7 @@ encrypt_internal(krb5_context context, checksum_sz = CHECKSUMSIZE(et->checksum); sz = et->confoundersize + checksum_sz + len; - block_sz = (sz + et->blocksize - 1) &~ (et->blocksize - 1); /* pad */ + block_sz = (sz + et->padsize - 1) &~ (et->padsize - 1); /* pad */ p = calloc(1, block_sz); if(p == NULL) { krb5_set_error_string(context, "malloc: out of memory"); @@ -2879,6 +3325,12 @@ derive_key(krb5_context context, case KEYTYPE_DES3: DES3_postproc(context, k, nblocks * et->blocksize, key); break; +#ifdef ENABLE_AES + case KEYTYPE_AES128: + case KEYTYPE_AES256: + memcpy(key->key->keyvalue.data, k, key->key->keyvalue.length); + break; +#endif /* ENABLE_AES */ default: krb5_set_error_string(context, "derive_key() called with unknown keytype (%u)", @@ -3097,11 +3549,11 @@ wrapped_length (krb5_context context, size_t data_len) { struct encryption_type *et = crypto->et; - size_t blocksize = et->blocksize; + size_t padsize = et->padsize; size_t res; res = et->confoundersize + et->checksum->checksumsize + data_len; - res = (res + blocksize - 1) / blocksize * blocksize; + res = (res + padsize - 1) / padsize * padsize; return res; } @@ -3111,11 +3563,11 @@ wrapped_length_dervied (krb5_context context, size_t data_len) { struct encryption_type *et = crypto->et; - size_t blocksize = et->blocksize; + size_t padsize = et->padsize; size_t res; res = et->confoundersize + data_len; - res = (res + blocksize - 1) / blocksize * blocksize; + res = (res + padsize - 1) / padsize * padsize; res += et->checksum->checksumsize; return res; } @@ -3231,7 +3683,7 @@ main() d->key = &key; res.checksum.length = 20; res.checksum.data = malloc(res.checksum.length); - HMAC_SHA1_DES3_checksum(context, d, data, 28, &res); + SP_HMAC_SHA1_checksum(context, d, data, 28, &res); return 0; #endif diff --git a/crypto/heimdal/lib/krb5/data.c b/crypto/heimdal/lib/krb5/data.c index c6a5d75..d2bfeb2 100644 --- a/crypto/heimdal/lib/krb5/data.c +++ b/crypto/heimdal/lib/krb5/data.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: data.c,v 1.16 2001/05/14 06:14:46 assar Exp $"); +RCSID("$Id: data.c,v 1.17 2003/03/25 22:07:17 lha Exp $"); void krb5_data_zero(krb5_data *p) @@ -50,6 +50,12 @@ krb5_data_free(krb5_data *p) p->length = 0; } +void +krb5_free_data_contents(krb5_context context, krb5_data *data) +{ + krb5_data_free(data); +} + void krb5_free_data(krb5_context context, krb5_data *p) diff --git a/crypto/heimdal/lib/krb5/get_addrs.c b/crypto/heimdal/lib/krb5/get_addrs.c index f521de8..94a0350 100644 --- a/crypto/heimdal/lib/krb5/get_addrs.c +++ b/crypto/heimdal/lib/krb5/get_addrs.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: get_addrs.c,v 1.44 2002/08/16 20:50:15 joda Exp $"); +RCSID("$Id: get_addrs.c,v 1.45 2003/01/25 15:19:49 lha Exp $"); #ifdef __osf__ /* hate */ @@ -144,6 +144,8 @@ find_all_addresses (krb5_context context, krb5_addresses *res, int flags) for (ifa = ifa0, idx = 0; ifa != NULL; ifa = ifa->ifa_next) { if ((ifa->ifa_flags & IFF_UP) == 0) continue; + if (ifa->ifa_addr == NULL) + continue; if (memcmp(ifa->ifa_addr, &sa_zero, sizeof(sa_zero)) == 0) continue; if (krb5_sockaddr_uninteresting(ifa->ifa_addr)) @@ -185,6 +187,8 @@ find_all_addresses (krb5_context context, krb5_addresses *res, int flags) for (ifa = ifa0; ifa != NULL; ifa = ifa->ifa_next) { if ((ifa->ifa_flags & IFF_UP) == 0) continue; + if (ifa->ifa_addr == NULL) + continue; if (memcmp(ifa->ifa_addr, &sa_zero, sizeof(sa_zero)) == 0) continue; if (krb5_sockaddr_uninteresting(ifa->ifa_addr)) diff --git a/crypto/heimdal/lib/krb5/get_in_tkt.c b/crypto/heimdal/lib/krb5/get_in_tkt.c index 74a0204..0e75a95 100644 --- a/crypto/heimdal/lib/krb5/get_in_tkt.c +++ b/crypto/heimdal/lib/krb5/get_in_tkt.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: get_in_tkt.c,v 1.106 2002/09/04 16:26:04 joda Exp $"); +RCSID("$Id: get_in_tkt.c,v 1.107 2003/02/16 06:41:25 nectar Exp $"); krb5_error_code krb5_init_etype (krb5_context context, @@ -542,10 +542,12 @@ init_as_req (krb5_context context, sp = NULL; else krb5_data_zero(&salt.saltvalue); - add_padata(context, a->padata, creds->client, + ret = add_padata(context, a->padata, creds->client, key_proc, keyseed, &preauth->val[i].info.val[j].etype, 1, sp); + if (ret == 0) + break; } } } diff --git a/crypto/heimdal/lib/krb5/init_creds_pw.c b/crypto/heimdal/lib/krb5/init_creds_pw.c index 19b5b36..51bad53 100644 --- a/crypto/heimdal/lib/krb5/init_creds_pw.c +++ b/crypto/heimdal/lib/krb5/init_creds_pw.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: init_creds_pw.c,v 1.53 2002/04/18 09:14:51 joda Exp $"); +RCSID("$Id: init_creds_pw.c,v 1.55 2003/03/20 18:07:31 lha Exp $"); static int get_config_time (krb5_context context, @@ -452,6 +452,9 @@ krb5_get_init_creds_password(krb5_context context, case KRB5KDC_ERR_KEY_EXPIRED : /* try to avoid recursion */ + if (prompter == NULL) + goto out; + krb5_clear_error_string (context); if (in_tkt_service != NULL diff --git a/crypto/heimdal/lib/krb5/kerberos.8 b/crypto/heimdal/lib/krb5/kerberos.8 index 5f05284..b0b4980 100644 --- a/crypto/heimdal/lib/krb5/kerberos.8 +++ b/crypto/heimdal/lib/krb5/kerberos.8 @@ -1,4 +1,35 @@ -.\" $Id: kerberos.8,v 1.5 2002/08/20 17:07:17 joda Exp $ +.\" Copyright (c) 2000 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: kerberos.8,v 1.6 2003/03/10 02:19:23 lha Exp $ .\" .Dd September 1, 2000 .Dt KERBEROS 8 diff --git a/crypto/heimdal/lib/krb5/keytab.c b/crypto/heimdal/lib/krb5/keytab.c index f276d2e..9adf99b 100644 --- a/crypto/heimdal/lib/krb5/keytab.c +++ b/crypto/heimdal/lib/krb5/keytab.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab.c,v 1.53 2002/03/10 23:14:12 assar Exp $"); +RCSID("$Id: keytab.c,v 1.55 2003/03/27 03:45:01 lha Exp $"); /* * Register a new keytab in `ops' @@ -46,6 +46,11 @@ krb5_kt_register(krb5_context context, { struct krb5_keytab_data *tmp; + if (strlen(ops->prefix) > KRB5_KT_PREFIX_MAX_LEN - 1) { + krb5_set_error_string(context, "krb5_kt_register; prefix too long"); + return KRB5_KT_NAME_TOOLONG; + } + tmp = realloc(context->kt_types, (context->num_kt_types + 1) * sizeof(*context->kt_types)); if(tmp == NULL) { @@ -206,6 +211,21 @@ krb5_kt_read_service_key(krb5_context context, } /* + * Return the type of the `keytab' in the string `prefix of length + * `prefixsize'. + */ + +krb5_error_code +krb5_kt_get_type(krb5_context context, + krb5_keytab keytab, + char *prefix, + size_t prefixsize) +{ + strlcpy(prefix, keytab->prefix, prefixsize); + return 0; +} + +/* * Retrieve the name of the keytab `keytab' into `name', `namesize' * Return 0 or an error. */ @@ -308,17 +328,20 @@ krb5_kt_get_entry(krb5_context context, if (entry->vno) { return 0; } else { - char princ[256], kt_name[256]; + char princ[256], kt_name[256], kvno_str[25]; krb5_unparse_name_fixed (context, principal, princ, sizeof(princ)); krb5_kt_get_name (context, id, kt_name, sizeof(kt_name)); + if (kvno) + snprintf(kvno_str, sizeof(kvno_str), "(kvno %d)", kvno); + else + kvno_str[0] = '\0'; + krb5_set_error_string (context, - "failed to find %s%s%d%s in keytab %s", + "failed to find %s%s in keytab %s", princ, - kvno ? "(" : "", - kvno, - kvno ? ")" : "", + kvno_str, kt_name); return KRB5_KT_NOTFOUND; } diff --git a/crypto/heimdal/lib/krb5/keytab_any.c b/crypto/heimdal/lib/krb5/keytab_any.c index fe14d62..667788c 100644 --- a/crypto/heimdal/lib/krb5/keytab_any.c +++ b/crypto/heimdal/lib/krb5/keytab_any.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_any.c,v 1.6.4.1 2002/10/21 16:07:00 joda Exp $"); +RCSID("$Id: keytab_any.c,v 1.7 2002/10/21 13:36:59 joda Exp $"); struct any_data { krb5_keytab kt; diff --git a/crypto/heimdal/lib/krb5/keytab_file.c b/crypto/heimdal/lib/krb5/keytab_file.c index e9d9fd8..f2ff5386 100644 --- a/crypto/heimdal/lib/krb5/keytab_file.c +++ b/crypto/heimdal/lib/krb5/keytab_file.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_file.c,v 1.11.4.1 2002/10/21 14:35:47 joda Exp $"); +RCSID("$Id: keytab_file.c,v 1.12 2002/09/24 16:43:30 joda Exp $"); #define KRB5_KT_VNO_1 1 #define KRB5_KT_VNO_2 2 diff --git a/crypto/heimdal/lib/krb5/keytab_keyfile.c b/crypto/heimdal/lib/krb5/keytab_keyfile.c index 7bfc59c..aca930f 100644 --- a/crypto/heimdal/lib/krb5/keytab_keyfile.c +++ b/crypto/heimdal/lib/krb5/keytab_keyfile.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_keyfile.c,v 1.14.2.1 2002/10/21 16:07:26 joda Exp $"); +RCSID("$Id: keytab_keyfile.c,v 1.15 2002/10/21 15:42:06 joda Exp $"); /* afs keyfile operations --------------------------------------- */ diff --git a/crypto/heimdal/lib/krb5/krb5-private.h b/crypto/heimdal/lib/krb5/krb5-private.h index 6abac50..b247131 100644 --- a/crypto/heimdal/lib/krb5/krb5-private.h +++ b/crypto/heimdal/lib/krb5/krb5-private.h @@ -5,6 +5,15 @@ #include <stdarg.h> void +_krb5_aes_cts_encrypt ( + const unsigned char */*in*/, + unsigned char */*out*/, + size_t /*len*/, + const void */*aes_key*/, + unsigned char */*ivec*/, + const int /*enc*/); + +void _krb5_crc_init_table (void); u_int32_t @@ -34,6 +43,16 @@ _krb5_get_int ( unsigned long */*value*/, size_t /*size*/); +time_t +_krb5_krb_life_to_time ( + int /*start*/, + int /*life_*/); + +int +_krb5_krb_time_to_life ( + time_t /*start*/, + time_t /*end*/); + void _krb5_n_fold ( const void */*str*/, diff --git a/crypto/heimdal/lib/krb5/krb5-protos.h b/crypto/heimdal/lib/krb5/krb5-protos.h index 91a28f1..22fc669 100644 --- a/crypto/heimdal/lib/krb5/krb5-protos.h +++ b/crypto/heimdal/lib/krb5/krb5-protos.h @@ -48,6 +48,16 @@ krb5_524_conv_principal ( char */*realm*/); krb5_error_code +krb5_PKCS5_PBKDF2 ( + krb5_context /*context*/, + krb5_cksumtype /*cktype*/, + krb5_data /*password*/, + krb5_salt /*salt*/, + u_int32_t /*iter*/, + krb5_keytype /*type*/, + krb5_keyblock */*key*/); + +krb5_error_code krb5_abort ( krb5_context /*context*/, krb5_error_code /*code*/, @@ -437,6 +447,11 @@ krb5_cc_get_name ( krb5_context /*context*/, krb5_ccache /*id*/); +const krb5_cc_ops * +krb5_cc_get_ops ( + krb5_context /*context*/, + krb5_ccache /*id*/); + krb5_error_code krb5_cc_get_principal ( krb5_context /*context*/, @@ -494,6 +509,11 @@ krb5_cc_retrieve_cred ( krb5_creds */*creds*/); krb5_error_code +krb5_cc_set_default_name ( + krb5_context /*context*/, + const char */*name*/); + +krb5_error_code krb5_cc_set_flags ( krb5_context /*context*/, krb5_ccache /*id*/, @@ -1058,6 +1078,12 @@ krb5_encrypt_ivec ( void */*ivec*/); krb5_error_code +krb5_enctype_keysize ( + krb5_context /*context*/, + krb5_enctype /*type*/, + size_t */*keysize*/); + +krb5_error_code krb5_enctype_to_keytype ( krb5_context /*context*/, krb5_enctype /*etype*/, @@ -1178,6 +1204,11 @@ krb5_free_data ( krb5_data */*p*/); void +krb5_free_data_contents ( + krb5_context /*context*/, + krb5_data */*data*/); + +void krb5_free_error ( krb5_context /*context*/, krb5_error */*error*/); @@ -1776,6 +1807,13 @@ krb5_kt_get_name ( size_t /*namesize*/); krb5_error_code +krb5_kt_get_type ( + krb5_context /*context*/, + krb5_keytab /*keytab*/, + char */*prefix*/, + size_t /*prefixsize*/); + +krb5_error_code krb5_kt_next_entry ( krb5_context /*context*/, krb5_keytab /*id*/, @@ -2606,6 +2644,15 @@ krb5_string_to_key_data_salt ( krb5_keyblock */*key*/); krb5_error_code +krb5_string_to_key_data_salt_opaque ( + krb5_context /*context*/, + krb5_enctype /*enctype*/, + krb5_data /*password*/, + krb5_salt /*salt*/, + krb5_data /*opaque*/, + krb5_keyblock */*key*/); + +krb5_error_code krb5_string_to_key_derived ( krb5_context /*context*/, const void */*str*/, diff --git a/crypto/heimdal/lib/krb5/krb5-v4compat.h b/crypto/heimdal/lib/krb5/krb5-v4compat.h new file mode 100644 index 0000000..2f89281 --- /dev/null +++ b/crypto/heimdal/lib/krb5/krb5-v4compat.h @@ -0,0 +1,93 @@ +/* + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: krb5-v4compat.h,v 1.2 2003/03/18 03:08:20 lha Exp $ */ + +#ifndef __KRB5_V4COMPAT_H__ +#define __KRB5_V4COMPAT_H__ + +/* + * This file must only be included with v4 compat glue stuff in + * heimdal sources. + * + * It MUST NOT be installed. + */ + +#define MAX_KTXT_LEN 1250 + +#define ANAME_SZ 40 +#define REALM_SZ 40 +#define SNAME_SZ 40 +#define INST_SZ 40 + +struct ktext { + unsigned int length; /* Length of the text */ + unsigned char dat[MAX_KTXT_LEN]; /* The data itself */ + u_int32_t mbz; /* zero to catch runaway strings */ +}; + +struct credentials { + char service[ANAME_SZ]; /* Service name */ + char instance[INST_SZ]; /* Instance */ + char realm[REALM_SZ]; /* Auth domain */ + des_cblock session; /* Session key */ + int lifetime; /* Lifetime */ + int kvno; /* Key version number */ + struct ktext ticket_st; /* The ticket itself */ + int32_t issue_date; /* The issue time */ + char pname[ANAME_SZ]; /* Principal's name */ + char pinst[INST_SZ]; /* Principal's instance */ +}; + + +#define TKTLIFENUMFIXED 64 +#define TKTLIFEMINFIXED 0x80 +#define TKTLIFEMAXFIXED 0xBF +#define TKTLIFENOEXPIRE 0xFF +#define MAXTKTLIFETIME (30*24*3600) /* 30 days */ +#ifndef NEVERDATE +#define NEVERDATE ((time_t)0x7fffffffL) +#endif + +#define KERB_ERR_NULL_KEY 10 + +int +_krb5_krb_time_to_life(time_t start, time_t end); + +time_t +_krb5_krb_life_to_time(int start, int life_); + +#define krb_time_to_life _krb5_krb_time_to_life +#define krb_life_to_time _krb5_krb_life_to_time + +#endif /* __KRB5_V4COMPAT_H__ */ diff --git a/crypto/heimdal/lib/krb5/krb5.3 b/crypto/heimdal/lib/krb5/krb5.3 index 830ee66..8e169a0 100644 --- a/crypto/heimdal/lib/krb5/krb5.3 +++ b/crypto/heimdal/lib/krb5/krb5.3 @@ -1,6 +1,35 @@ -.\" $Id: krb5.3,v 1.1 2001/11/20 22:19:10 assar Exp $ +.\" Copyright (c) 2001, 2003 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. .\" -.Dd November 8, 2001 +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd March 20, 2003 .Dt KRB5 3 .Os .Sh NAME @@ -9,10 +38,10 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh DESCRIPTION -These functions constitute the kerberos 5 library, +These functions constitute the Kerberos 5 library, .Em libkrb5 . Declarations for these functions may be obtained from the include file -.Pa krb5/krb5.h . +.Pa krb5.h . .Sh LIST OF FUNCTIONS .sp 2 .nf @@ -25,9 +54,17 @@ krb5_425_conv_principal_ext.3 krb5_524_conv_principal.3 krb5_addlog_dest.3 krb5_addlog_func.3 +krb5_addr2sockaddr.3 +krb5_address.3 +krb5_address_compare.3 +krb5_address_order.3 +krb5_address_search.3 +krb5_addresses.3 +krb5_anyaddr.3 krb5_appdefault_boolean.3 krb5_appdefault_string.3 krb5_appdefault_time.3 +krb5_append_addresses.3 krb5_auth_con_free.3 krb5_auth_con_genaddrs.3 krb5_auth_con_getaddrs.3 @@ -62,6 +99,26 @@ krb5_build_principal.3 krb5_build_principal_ext.3 krb5_build_principal_va.3 krb5_build_principal_va_ext.3 +krb5_cc_close.3 +krb5_cc_copy_cache.3 +krb5_cc_default.3 +krb5_cc_default_name.3 +krb5_cc_destroy.3 +krb5_cc_end_seq_get.3 +krb5_cc_gen_new.3 +krb5_cc_get_name.3 +krb5_cc_get_principal.3 +krb5_cc_get_type.3 +krb5_cc_get_version.3 +krb5_cc_initialize.3 +krb5_cc_next_cred.3 +krb5_cc_register.3 +krb5_cc_remove_cred.3 +krb5_cc_resolve.3 +krb5_cc_retrieve_cred.3 +krb5_cc_set_default_name.3 +krb5_cc_set_flags.3 +krb5_cc_store_cred.3 krb5_checksum_is_collision_proof.3 krb5_checksum_is_keyed.3 krb5_checksumsize.3 @@ -71,24 +128,42 @@ krb5_config_get_int_default.3 krb5_config_get_string_default.3 krb5_config_get_time_default.3 krb5_context.3 +krb5_copy_address.3 +krb5_copy_addresses.3 +krb5_copy_data.3 krb5_create_checksum.3 krb5_crypto_destroy.3 krb5_crypto_init.3 +krb5_data_alloc.3 +krb5_data_copy.3 +krb5_data_free.3 +krb5_data_realloc.3 +krb5_data_zero.3 krb5_decrypt.3 krb5_decrypt_EncryptedData.3 krb5_encrypt.3 krb5_encrypt_EncryptedData.3 krb5_err.3 krb5_errx.3 +krb5_free_address.3 +krb5_free_addresses.3 krb5_free_context.3 +krb5_free_data.3 +krb5_free_data_contents.3 +krb5_free_host_realm.3 krb5_free_krbhst.3 krb5_free_principal.3 krb5_get_all_client_addrs.3 krb5_get_all_server_addrs.3 +krb5_get_default_realm.3 +krb5_get_default_realms.3 +krb5_get_host_realm.3 krb5_get_krb524hst.3 krb5_get_krb_admin_hst.3 krb5_get_krb_changepw_hst.3 krb5_get_krbhst.3 +krb5_h_addr2addr.3 +krb5_h_addr2sockaddr.3 krb5_init_context.3 krb5_initlog.3 krb5_keytab_entry.3 @@ -120,21 +195,35 @@ krb5_kt_resolve.3.3 krb5_kt_start_seq_get krb5_log.3 krb5_log_msg.3 +krb5_make_addrport.3 krb5_make_principal.3 +krb5_max_sockaddr_size.3 krb5_openlog.3 +krb5_parse_address.3 krb5_parse_name.3 krb5_principal.3 krb5_principal_get_comp_string.3 krb5_principal_get_realm.3 +krb5_print_address.3 +krb5_set_default_realm.3 krb5_set_warn_dest.3 krb5_sname_to_principal.3 krb5_sock_to_principal.3 +krb5_sockaddr2address.3 +krb5_sockaddr2port.3 +krb5_sockaddr_uninteresting.3 krb5_timeofday.3 krb5_unparse_name.3 krb5_us_timeofday.3 krb5_verify_checksum.3 +krb5_verify_opt_init.3 +krb5_verify_opt_set_flags.3 +krb5_verify_opt_set_keytab.3 +krb5_verify_opt_set_secure.3 +krb5_verify_opt_set_service.3 krb5_verify_user.3 krb5_verify_user_lrealm.3 +krb5_verify_user_opt.3 krb5_verr.3 krb5_verrx.3 krb5_vlog.3 @@ -143,6 +232,7 @@ krb5_vwarn.3 krb5_vwarnx.3 krb5_warn.3 krb5_warnx.3 +krn5_kuserok.3 .ta .Fi .Sh SEE ALSO diff --git a/crypto/heimdal/lib/krb5/krb5.conf.5 b/crypto/heimdal/lib/krb5/krb5.conf.5 index 0fc856a..9ee85aa 100644 --- a/crypto/heimdal/lib/krb5/krb5.conf.5 +++ b/crypto/heimdal/lib/krb5/krb5.conf.5 @@ -1,4 +1,35 @@ -.\" $Id: krb5.conf.5,v 1.25 2002/08/28 15:33:59 nectar Exp $ +.\" Copyright (c) 1999 - 2003 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5.conf.5,v 1.35 2003/04/16 13:26:13 lha Exp $ .\" .Dd April 11, 1999 .Dt KRB5.CONF 5 @@ -13,8 +44,10 @@ file specifies several configuration parameters for the Kerberos 5 library, as well as for some programs. .Pp The file consists of one or more sections, containing a number of -bindings. The value of each binding can be either a string or a list -of other bindings. The grammar looks like: +bindings. +The value of each binding can be either a string or a list of other +bindings. +The grammar looks like: .Bd -literal -offset indent file: /* empty */ @@ -43,13 +76,30 @@ name: .Ed .Li STRINGs -consists of one or more non-white space characters. +consists of one or more non-whitespace characters. +.Pp +STRINGs that are specified later in this man-page uses the following +notation. +.Bl -tag -width "xxx" -offset indent +.It boolean +values can be either yes/true or no/false. +.It time +values can be a list of year, month, day, hour, min, second. +Example: 1 month 2 days 30 min. +.It etypes +valid encryption types are: des-cbc-crc, des-cbc-md4, des-cbc-md5, +des3-cbc-sha1. +.It address +an address can be either a IPv4 or a IPv6 address. +.El +.Pp Currently recognised sections and bindings are: .Bl -tag -width "xxx" -offset indent .It Li [appdefaults] Specifies the default values to be used for Kerberos applications. You can specify defaults per application, realm, or a combination of -these. The preference order is: +these. +The preference order is: .Bl -enum -compact .It .Va application Va realm Va option @@ -84,12 +134,13 @@ The default is the result of .Fn krb5_get_host_realm "local hostname" . .It Li clockskew = Va time Maximum time differential (in seconds) allowed when comparing -times. Default is 300 seconds (five minutes). +times. +Default is 300 seconds (five minutes). .It Li kdc_timeout = Va time Maximum time to wait for a reply from the kdc, default is 3 seconds. .It v4_name_convert .It v4_instance_resolve -These are decribed in the +These are described in the .Xr krb5_425_conv_principal 3 manual page. .It Li capath = { @@ -111,11 +162,11 @@ This configuration should preferably be done on the KDC where it will help all its clients but can also be done on the client itself. .It Li } .It Li default_etypes = Va etypes... -A list of default etypes to use. +A list of default encryption types to use. .It Li default_etypes_des = Va etypes... -A list of default etypes to use when requesting a DES credential. +A list of default encryption types to use when requesting a DES credential. .It Li default_keytab_name = Va keytab -The keytab to use if none other is specified, default is +The keytab to use if no other is specified, default is .Dq FILE:/etc/krb5.keytab . .It Li dns_lookup_kdc = Va boolean Use DNS SRV records to lookup KDC services location. @@ -138,12 +189,15 @@ When obtaining initial credentials, make the credentials proxiable. This option is also valid in the [realms] section. .It Li verify_ap_req_nofail = Va boolean If enabled, failure to verify credentials against a local key is a -fatal error. The application has to be able to read the corresponding -service key for this to work. Some applications, like +fatal error. +The application has to be able to read the corresponding service key +for this to work. +Some applications, like .Xr su 8 , enable this option unconditionally. .It Li warn_pwexpire = Va time -How soon to warn for expiring password. Default is seven days. +How soon to warn for expiring password. +Default is seven days. .It Li http_proxy = Va proxy-spec A HTTP-proxy to use when talking to the KDC via HTTP. .It Li dns_proxy = Va proxy-spec @@ -171,14 +225,14 @@ and other programs. This option is also valid in the [realms] section. .El .It Li [domain_realm] -This is a list of mappings from DNS domain to Kerberos realm. Each -binding in this section looks like: +This is a list of mappings from DNS domain to Kerberos realm. +Each binding in this section looks like: .Pp .Dl domain = realm .Pp The domain can be either a full name of a host or a trailing component, in the latter case the domain-string should start with a -perid. +period. The realm may be the token `dns_locate', in which case the actual realm will be determined using DNS (independently of the setting of the `dns_lookup_realm' option). @@ -186,22 +240,44 @@ of the `dns_lookup_realm' option). .Bl -tag -width "xxx" -offset indent .It Va REALM Li = { .Bl -tag -width "xxx" -offset indent -.It Li kdc = Va host[:port] -Specifies a list of kdcs for this realm. If the optional port is absent, the +.It Li kdc = Va [service/]host[:port] +Specifies a list of kdcs for this realm. +If the optional +.Va port +is absent, the default value for the .Dq kerberos/udp -service will be used. +.Dq kerberos/tcp , +and +.Dq http/tcp +port (depending on service) will be used. The kdcs will be used in the order that they are specified. +.Pp +The optional +.Va service +specifies over what medium the kdc should be +contacted. +Possible services are +.Dq udp , +.Dq tcp , +and +.Dq http . +Http can also be written as +.Dq http:// . +Default service is +.Dq udp +and +.Dq tcp . .It Li admin_server = Va host[:port] Specifies the admin server for this realm, where all the modifications -to the database are perfomed. +to the database are performed. .It Li kpasswd_server = Va host[:port] -Points to the server where all the password changes are perfomed. +Points to the server where all the password changes are performed. If there is no such entry, the kpasswd port on the admin_server host will be tried. -.It Li krb524_server = Va Host[:port] -Points to the server that does 524 conversions. If it is not -mentioned, the krb524 port on the kdcs will be tried. +.It Li krb524_server = Va host[:port] +Points to the server that does 524 conversions. +If it is not mentioned, the krb524 port on the kdcs will be tried. .It Li v4_instance_convert .It Li v4_name_convert .It Li default_domain @@ -217,7 +293,8 @@ Specifies that .Va entity should use the specified .Li destination -for logging. See the +for logging. +See the .Xr krb5_openlog 3 manual page for a list of defined destinations. .El @@ -226,19 +303,19 @@ manual page for a list of defined destinations. .It database Li = { .Bl -tag -width "xxx" -offset indent .It dbname Li = Va DATABASENAME -use this database for this realm. +Use this database for this realm. .It realm Li = Va REALM -specifies the realm that will be stored in this database. +Specifies the realm that will be stored in this database. .It mkey_file Li = Pa FILENAME -use this keytab file for the master key of this database. +Use this keytab file for the master key of this database. If not specified .Va DATABASENAME Ns .mkey will be used. .It acl_file Li = PA FILENAME -use this file for the ACL list of this database. +Use this file for the ACL list of this database. .It log_file Li = Pa FILENAME -use this file as the log of changes performed to the database. This -file is used by +Use this file as the log of changes performed to the database. +This file is used by .Nm ipropd-master for propagating changes to slaves. .El @@ -246,39 +323,42 @@ for propagating changes to slaves. .It max-request = Va SIZE Maximum size of a kdc request. .It require-preauth = Va BOOL -If set pre-authentication is required. Since krb4 requests are not -pre-authenticated they will be rejected. +If set pre-authentication is required. +Since krb4 requests are not pre-authenticated they will be rejected. .It ports = Va "list of ports" -list of ports the kdc should listen to. +List of ports the kdc should listen to. .It addresses = Va "list of interfaces" -list of addresses the kdc should bind to. +List of addresses the kdc should bind to. .It enable-kerberos4 = Va BOOL -turn on kerberos4 support. +Turn on Kerberos 4 support. .It v4-realm = Va REALM -to what realm v4 requests should be mapped. +To what realm v4 requests should be mapped. .It enable-524 = Va BOOL -should the Kerberos 524 converting facility be turned on. Default is same as +Should the Kerberos 524 converting facility be turned on. +Default is same as .Va enable-kerberos4 . .It enable-http = Va BOOL -should the kdc answer kdc-requests over http. +Should the kdc answer kdc-requests over http. .It enable-kaserver = Va BOOL -if this kdc should emulate the AFS kaserver. +If this kdc should emulate the AFS kaserver. .It check-ticket-addresses = Va BOOL verify the addresses in the tickets used in tgs requests. .\" XXX .It allow-null-ticket-addresses = Va BOOL -allow addresses-less tickets. +Allow addresses-less tickets. .\" XXX .It allow-anonymous = Va BOOL -if the kdc is allowed to hand out anonymous tickets. +If the kdc is allowed to hand out anonymous tickets. .It encode_as_rep_as_tgs_rep = Va BOOL -encode as-rep as tgs-rep tobe compatible with mistakes older DCE secd did. +Encode as-rep as tgs-rep tobe compatible with mistakes older DCE secd did. .\" XXX .It kdc_warn_pwexpire = Va TIME -the time before expiration that the user should be warned that her +The time before expiration that the user should be warned that her password is about to expire. .It logging = Va Logging What type of logging the kdc should use, see also [logging]/kdc. +.It use_2b = Va principal list +List of principals to use AFS 2b tokens for. .El .It Li [kadmin] .Bl -tag -width "xxx" -offset indent @@ -293,15 +373,17 @@ syntax of this if something like: .Pp [(des|des3|etype):](pw-salt|afs3-salt)[:string] .Pp -if +If .Ar etype -is omitted it means everything, and if string is omitted is means the default string (for that principal). Additional special values of keyttypes are: +is omitted it means everything, and if string is omitted it means the +default salt string (for that principal and encryption type). +Additional special values of keytypes are: .Bl -tag -width "xxx" -offset indent .It v5 -The kerberos 5 salt +The Kerberos 5 salt .Va pw-salt .It v4 -The kerberos 4 type +The Kerberos 4 salt .Va des:pw-salt: .El .It use_v4_salt = Va BOOL @@ -309,7 +391,7 @@ When true, this is the same as .Pp .Va default_keys = Va des3:pw-salt Va v4 .Pp -and is only left for backwards compatability. +and is only left for backwards compatibility. .El .El .Sh ENVIRONMENT @@ -348,9 +430,10 @@ To help overcome this problem, there is a program .Nm verify_krb5_conf that reads .Nm -and tries to emit useful diagnostics from parsing errors. Note that -this program does not have any way of knowing what options are -actually used and thus cannot warn about unknown or misspelled ones. +and tries to emit useful diagnostics from parsing errors. +Note that this program does not have any way of knowing what options +are actually used and thus cannot warn about unknown or misspelled +ones. .Sh SEE ALSO .Xr kinit 1 , .Xr krb5_425_conv_principal 3 , diff --git a/crypto/heimdal/lib/krb5/krb5.h b/crypto/heimdal/lib/krb5/krb5.h index cb035bc..f157452 100644 --- a/crypto/heimdal/lib/krb5/krb5.h +++ b/crypto/heimdal/lib/krb5/krb5.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5.h,v 1.205 2002/09/03 17:31:47 joda Exp $ */ +/* $Id: krb5.h,v 1.209 2003/03/16 18:30:02 lha Exp $ */ #ifndef __KRB5_H__ #define __KRB5_H__ @@ -98,7 +98,7 @@ enum { ENCTYPE_DES_CBC_NONE = ETYPE_DES_CBC_NONE, ENCTYPE_DES3_CBC_NONE = ETYPE_DES3_CBC_NONE, ENCTYPE_DES_CFB64_NONE = ETYPE_DES_CFB64_NONE, - ENCTYPE_DES_PCBC_NONE = ETYPE_DES_PCBC_NONE, + ENCTYPE_DES_PCBC_NONE = ETYPE_DES_PCBC_NONE }; typedef PADATA_TYPE krb5_preauthtype; @@ -219,6 +219,8 @@ typedef enum krb5_keytype { KEYTYPE_NULL = 0, KEYTYPE_DES = 1, KEYTYPE_DES3 = 7, + KEYTYPE_AES128 = 17, + KEYTYPE_AES256 = 18, KEYTYPE_ARCFOUR = 23 } krb5_keytype; @@ -391,6 +393,7 @@ typedef struct krb5_context_data { char *error_string; char error_buf[256]; krb5_addresses *ignore_addresses; + char *default_cc_name; } krb5_context_data; typedef struct krb5_ticket { @@ -436,6 +439,8 @@ struct krb5_keytab_data; typedef struct krb5_keytab_data *krb5_keytab; +#define KRB5_KT_PREFIX_MAX_LEN 30 + struct krb5_keytab_data { const char *prefix; krb5_error_code (*resolve)(krb5_context, const char*, krb5_keytab); diff --git a/crypto/heimdal/lib/krb5/krb5_425_conv_principal.3 b/crypto/heimdal/lib/krb5/krb5_425_conv_principal.3 index bb7e578..78bb62c 100644 --- a/crypto/heimdal/lib/krb5/krb5_425_conv_principal.3 +++ b/crypto/heimdal/lib/krb5/krb5_425_conv_principal.3 @@ -1,5 +1,36 @@ .\" Copyright (c) 1997-2002 Kungliga Tekniska Högskolan -.\" $Id: krb5_425_conv_principal.3,v 1.8 2002/08/28 15:30:46 joda Exp $ +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_425_conv_principal.3,v 1.10 2003/04/16 13:58:13 lha Exp $ +.\" .Dd April 11, 1999 .Dt KRB5_425_CONV_PRINCIPAL 3 .Os HEIMDAL @@ -11,7 +42,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft krb5_error_code .Fn krb5_425_conv_principal "krb5_context context" "const char *name" "const char *instance" "const char *realm" "krb5_principal *principal" .Ft krb5_error_code diff --git a/crypto/heimdal/lib/krb5/krb5_address.3 b/crypto/heimdal/lib/krb5/krb5_address.3 new file mode 100644 index 0000000..dc780ad --- /dev/null +++ b/crypto/heimdal/lib/krb5/krb5_address.3 @@ -0,0 +1,355 @@ +.\" Copyright (c) 2003 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_address.3,v 1.4 2003/04/16 13:58:12 lha Exp $ +.\" +.Dd March 11, 2002 +.Dt KRB5_ADDRESS 3 +.Os HEIMDAL +.Sh NAME +.Nm krb5_address , +.Nm krb5_addresses , +.Nm krb5_sockaddr2address , +.Nm krb5_sockaddr2port , +.Nm krb5_addr2sockaddr , +.Nm krb5_max_sockaddr_size , +.Nm krb5_sockaddr_uninteresting , +.Nm krb5_h_addr2sockaddr , +.Nm krb5_h_addr2addr , +.Nm krb5_anyaddr , +.Nm krb5_print_address , +.Nm krb5_parse_address , +.Nm krb5_address_order , +.Nm krb5_address_compare , +.Nm krb5_address_search , +.Nm krb5_free_address , +.Nm krb5_free_addresses , +.Nm krb5_copy_address , +.Nm krb5_copy_addresses , +.Nm krb5_append_addresses , +.Nm krb5_make_addrport +.Nd mange addresses in Kerberos. +.Sh LIBRARY +Kerberos 5 Library (libkrb5, -lkrb5) +.Sh SYNOPSIS +.In krb5.h +.Pp +.Ft krb5_error_code +.Fo krb5_sockaddr2address +.Fa "krb5_context context" +.Fa "const struct sockaddr *sa" +.Fa "krb5_address *addr" +.Fc +.Ft krb5_error_code +.Fo krb5_sockaddr2port +.Fa "krb5_context context" +.Fa "const struct sockaddr *sa" +.Fa "int16_t *port" +.Fc +.Ft krb5_error_code +.Fo krb5_addr2sockaddr +.Fa "krb5_context context" +.Fa "const krb5_address *addr" +.Fa "struct sockaddr *sa" +.Fa "krb5_socklen_t *sa_size" +.Fa "int port" +.Fc +.Ft size_t +.Fo krb5_max_sockaddr_size +.Fa "void" +.Fc +.Ft "krb5_boolean" +.Fo krb5_sockaddr_uninteresting +.Fa "const struct sockaddr *sa" +.Fc +.Ft krb5_error_code +.Fo krb5_h_addr2sockaddr +.Fa "krb5_context context" +.Fa "int af" +.Fa "const char *addr" +.Fa "struct sockaddr *sa" +.Fa "krb5_socklen_t *sa_size" +.Fa "int port" +.Fc +.Ft krb5_error_code +.Fo krb5_h_addr2addr +.Fa "krb5_context context" +.Fa "int af" +.Fa "const char *haddr" +.Fa "krb5_address *addr" +.Fc +.Ft krb5_error_code +.Fo krb5_anyaddr +.Fa "krb5_context context" +.Fa "int af" +.Fa "struct sockaddr *sa" +.Fa "krb5_socklen_t *sa_size" +.Fa "int port" +.Fc +.Ft krb5_error_code +.Fo krb5_print_address +.Fa "const krb5_address *addr" +.Fa "char *str" +.Fa "size_t len" +.Fa "size_t *ret_len" +.Fc +.Ft krb5_error_code +.Fo krb5_parse_address +.Fa "krb5_context context" +.Fa "const char *string" +.Fa "krb5_addresses *addresses" +.Fc +.Ft int +.Fo "krb5_address_order" +.Fa "krb5_context context" +.Fa "const krb5_address *addr1" +.Fa "const krb5_address *addr2" +.Fc +.Ft "krb5_boolean" +.Fo krb5_address_compare +.Fa "krb5_context context" +.Fa "const krb5_address *addr1" +.Fa "const krb5_address *addr2" +.Fc +.Ft "krb5_boolean" +.Fo krb5_address_search +.Fa "krb5_context context" +.Fa "const krb5_address *addr" +.Fa "const krb5_addresses *addrlist" +.Fc +.Ft krb5_error_code +.Fo krb5_free_address +.Fa "krb5_context context" +.Fa "krb5_address *address" +.Fc +.Ft krb5_error_code +.Fo krb5_free_addresses +.Fa "krb5_context context" +.Fa "krb5_addresses *addresses" +.Fc +.Ft krb5_error_code +.Fo krb5_copy_address +.Fa "krb5_context context" +.Fa "const krb5_address *inaddr" +.Fa "krb5_address *outaddr" +.Fc +.Ft krb5_error_code +.Fo krb5_copy_addresses +.Fa "krb5_context context" +.Fa "const krb5_addresses *inaddr" +.Fa "krb5_addresses *outaddr" +.Fc +.Ft krb5_error_code +.Fo krb5_append_addresses +.Fa "krb5_context context" +.Fa "krb5_addresses *dest" +.Fa "const krb5_addresses *source" +.Fc +.Ft krb5_error_code +.Fo krb5_make_addrport +.Fa "krb5_context context" +.Fa "krb5_address **res" +.Fa "const krb5_address *addr" +.Fa "int16_t port" +.Fc +.Sh DESCRIPTION +The +.Li krb5_address +structure holds a address that can be used in Kerberos API +calls. There are help functions to set and extract address information +of the address. +.Pp +The +.Li krb5_addresses +structure holds a set of krb5_address:es. +.Pp +.Fn krb5_sockaddr2address +stores a address a +.Li "struct sockaddr" +.Fa sa +in the krb5_address +.Fa addr . +.Pp +.Fn krb5_sockaddr2port +extracts a +.Fa port +(if possible) from a +.Li "struct sockaddr" +.Fa sa . +.Pp +.Fn krb5_addr2sockaddr +sets the +struct sockaddr +.Fa sockaddr +from +.Fa addr +and +.Fa port . +.Fa Sa_size +should be initially contain the size of the +.Fa sa , +and after the call, it will contain the actual length of the address. +.Pp +.Fn krb5_max_sockaddr_size +returns the max size of the +.Li struct sockaddr +that the Kerberos library will return. +.Pp +.Fn krb5_sockaddr_uninteresting +returns +.Dv TRUE +for all +.Fa sa +that for that the kerberos library thinks are uninteresting. +One example are link local addresses. +.Pp +.Fn krb5_h_addr2sockaddr +initializes a +.Li "struct sockaddr" +.Fa sa +from +.Fa af +and the +.Li "struct hostent" +(see +.Xr gethostbyname 3 ) +.Fa h_addr_list +component. +.Fa Sa_size +should be initially contain the size of the +.Fa sa , +and after the call, it will contain the actual length of the address. +.Fa sa +argument. +.Pp +.Fn krb5_h_addr2addr +works like +.Fn krb5_h_addr2sockaddr +with the exception that it operates on a +.Li krb5_address +instead of a +.Li struct sockaddr +.Pp +.Fn krb5_anyaddr +fills in a +.Li "struct sockaddr" +.Fa sa +that can be used to +.Xf bind 3 +to. +.Fa Sa_size +should be initially contain the size of the +.Fa sa , +and after the call, it will contain the actual length of the address. +.Pp +.Fn krb5_print_address +prints the address in +.Fa addr +to the a string +.Fa string +that have the length +.Fa len . +If +.Fa ret_len +if not +.Dv NULL , +it will be filled in length of the string. +.Pp +.Fn krb5_parse_address +Returns the resolving a hostname in +.Fa string +to the +.Li krb5_addresses +.Fa addresses . +.Pp +.Fn krb5_address_order +compares to addresses +.Fa addr1 +and +.Fa addr2 +so that it can be used for sorting addresses. If the addresses are the +same address +.Fa krb5_address_order will be return 0. +.Pp +.Fn krb5_address_compare +compares the addresses +.Fa addr1 +and +.Fa addr2 . +returns +.Dv TRUE +if the two addresses are the same. +.Pp +.Fn krb5_address_search +checks if the address +.Fa addr +is a member of the address set list +.Fa addrlist . +.Pp +.Fn krb5_free_address +frees the data stored in the +.Fa address +that is alloced with any of the krb5_address functions. +.Pp +.Fn krb5_free_addresses +frees the data stored in the +.Fa addresses +that is alloced with any of the krb5_address functions. +.Pp +.Fn krb5_copy_address +copies the content of address +.Fa inaddr +to +.Fa outaddr . +.Pp +.Fn krb5_copy_addresses +copies the content of the address list +.Fa inaddr +to +.Fa outaddr . +.Pp +.Fn krb5_append_addresses +adds the set of addresses in +.Fa source +to +.Fa dest . +While copying the addresses, duplicates are also sorted out. +.Pp +.Fn krb5_make_addrport +allocates and creates an +krb5_address in +.Fa res +of type KRB5_ADDRESS_ADDRPORT from +.Fa ( addr , port ) . +.Sh SEE ALSO +.Xr krb5 3 , +.Xr krb5.conf 5 , +.Xr kerberos 8 diff --git a/crypto/heimdal/lib/krb5/krb5_aname_to_localname.3 b/crypto/heimdal/lib/krb5/krb5_aname_to_localname.3 new file mode 100644 index 0000000..900e1d9 --- /dev/null +++ b/crypto/heimdal/lib/krb5/krb5_aname_to_localname.3 @@ -0,0 +1,80 @@ +.\" Copyright (c) 2003 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_aname_to_localname.3,v 1.2 2003/04/16 13:58:13 lha Exp $ +.\" +.Dd March 17, 2003 +.Dt KRB5_ANAME_TO_LOCALNAME 3 +.Os HEIMDAL +.Sh NAME +.Nm krb5_aname_to_localname +.Nd converts a principal to a system local name. +.Sh LIBRARY +Kerberos 5 Library (libkrb5, -lkrb5) +.Sh SYNOPSIS +.In krb5.h +.Ft krb5_boolean +.Fo krb5_aname_to_localname +.Fa "krb5_context context" +.Fa "krb5_const_principal name" +.Fa "size_t lnsize" +.Fa "char *lname" +.Fc +.Sh DESCRIPTION +This function takes a principal +.Fa name , +verifies its in the local realm (using +.Fn krb5_get_default_realms ) +and then returns the local name of the principal. +.Pp +If +.Fa name +isn't in one of the local realms and error is returned. +.Pp +If size +.Fa ( lnsize ) +of the local name +.Fa ( lname ) +is to small, an error is returned. +.Pp +.Fn krb5_aname_to_localname +should only be use by application that implements protocols that +doesn't transport the login name and thus needs to convert a principal +to a local name. +.Pp +Protocols should be designed so that the it autheticates using +Kerberos, send over the login name and then verifies in the principal +that authenticated is allowed to login and the login name. +A way to check if a user is allowed to login is using the function +.Fn krb5_kuserok . +.Sh SEE ALSO +.Xr krb5_get_default_realms 3 , +.Xr krb5_kuserok 3 diff --git a/crypto/heimdal/lib/krb5/krb5_appdefault.3 b/crypto/heimdal/lib/krb5/krb5_appdefault.3 index 750bb75..f913fdc 100644 --- a/crypto/heimdal/lib/krb5/krb5_appdefault.3 +++ b/crypto/heimdal/lib/krb5/krb5_appdefault.3 @@ -1,5 +1,36 @@ .\" Copyright (c) 2000 Kungliga Tekniska Högskolan -.\" $Id: krb5_appdefault.3,v 1.7 2002/08/28 15:30:46 joda Exp $ +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_appdefault.3,v 1.10 2003/04/16 13:58:10 lha Exp $ +.\" .Dd July 25, 2000 .Dt KRB5_APPDEFAULT 3 .Os HEIMDAL @@ -11,7 +42,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft void .Fn krb5_appdefault_boolean "krb5_context context" "const char *appname" "krb5_realm realm" "const char *option" "krb5_boolean def_val" "krb5_boolean *ret_val" .Ft void @@ -19,7 +50,7 @@ Kerberos 5 Library (libkrb5, -lkrb5) .Ft void .Fn krb5_appdefault_time "krb5_context context" "const char *appname" "krb5_realm realm" "const char *option" "time_t def_val" "time_t *ret_val" .Sh DESCRIPTION -These functions get application application defaults from the +These functions get application defaults from the .Dv appdefaults section of the .Xr krb5.conf 5 diff --git a/crypto/heimdal/lib/krb5/krb5_auth_context.3 b/crypto/heimdal/lib/krb5/krb5_auth_context.3 index 2afaec5..69db324 100644 --- a/crypto/heimdal/lib/krb5/krb5_auth_context.3 +++ b/crypto/heimdal/lib/krb5/krb5_auth_context.3 @@ -1,5 +1,36 @@ -.\" Copyright (c) 2001 Kungliga Tekniska Högskolan -.\" $Id: krb5_auth_context.3,v 1.5 2002/09/02 12:42:00 joda Exp $ +.\" Copyright (c) 2001 - 2002 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_auth_context.3,v 1.8 2003/04/16 13:58:13 lha Exp $ +.\" .Dd January 21, 2001 .Dt KRB5_AUTH_CONTEXT 3 .Os HEIMDAL @@ -38,7 +69,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft krb5_error_code .Fo krb5_auth_con_init .Fa "krb5_context context" @@ -127,12 +158,12 @@ that holds the context for the thread or process. .Nm krb5_auth_context is used by various functions that are directly related to authentication between the server/client. Example of data that this -structure contains are varius flags, addresses of client and server, +structure contains are various flags, addresses of client and server, port numbers, keyblocks (and subkeys), sequence numbers, replay cache, and checksum-type. .Pp .Fn krb5_auth_con_init -allocates and initilizes the +allocates and initializes the .Nm krb5_auth_context structure. Default values can be changed with .Fn krb5_auth_con_setcksumtype diff --git a/crypto/heimdal/lib/krb5/krb5_build_principal.3 b/crypto/heimdal/lib/krb5/krb5_build_principal.3 index 6ff2cf3..e74c754 100644 --- a/crypto/heimdal/lib/krb5/krb5_build_principal.3 +++ b/crypto/heimdal/lib/krb5/krb5_build_principal.3 @@ -1,5 +1,36 @@ -.\" Copyright (c) 1997 Kungliga Tekniska Högskolan -.\" $Id: krb5_build_principal.3,v 1.5 2002/08/28 15:30:47 joda Exp $ +.\" Copyright (c) 1997, 2001 - 2002 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_build_principal.3,v 1.7 2003/04/16 13:58:14 lha Exp $ +.\" .Dd August 8, 1997 .Dt KRB5_BUILD_PRINCIPAL 3 .Os HEIMDAL @@ -13,7 +44,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft krb5_error_code .Fn krb5_build_principal "krb5_context context" "krb5_principal *principal" "int realm_len" "krb5_const_realm realm" "..." .Ft krb5_error_code diff --git a/crypto/heimdal/lib/krb5/krb5_ccache.3 b/crypto/heimdal/lib/krb5/krb5_ccache.3 new file mode 100644 index 0000000..ec48c5f --- /dev/null +++ b/crypto/heimdal/lib/krb5/krb5_ccache.3 @@ -0,0 +1,356 @@ +.\" Copyright (c) 2003 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_ccache.3,v 1.7 2003/04/16 13:58:12 lha Exp $ +.\" +.Dd March 16, 2003 +.Dt KRB5_CCACHE 3 +.Os HEIMDAL +.Sh NAME +.Nm krb5_ccache , +.Nm krb5_cc_cursor , +.Nm krb5_cc_ops , +.Nm krb5_fcc_ops , +.Nm krb5_mcc_ops , +.Nm krb5_cc_close , +.Nm krb5_cc_copy_cache , +.Nm krb5_cc_default , +.Nm krb5_cc_default_name , +.Nm krb5_cc_destroy , +.Nm krb5_cc_end_seq_get , +.Nm krb5_cc_gen_new , +.Nm krb5_cc_get_name , +.Nm krb5_cc_get_principal , +.Nm krb5_cc_get_type , +.Nm krb5_cc_get_ops , +.Nm krb5_cc_get_version , +.Nm krb5_cc_initialize , +.Nm krb5_cc_register , +.Nm krb5_cc_resolve , +.Nm krb5_cc_retrieve_cred , +.Nm krb5_cc_remove_cred , +.Nm krb5_cc_set_default_name , +.Nm krb5_cc_store_cred , +.Nm krb5_cc_set_flags , +.Nm krb5_cc_next_cred +.Nd mange credential cache. +.Sh LIBRARY +Kerberos 5 Library (libkrb5, -lkrb5) +.Sh SYNOPSIS +.In krb5.h +.Pp +.Li "struct krb5_ccache;" +.Pp +.Li "struct krb5_cc_cursor;" +.Pp +.Li "struct krb5_cc_ops;" +.Pp +.Li "struct krb5_cc_ops *krb5_fcc_ops;" +.Pp +.Li "struct krb5_cc_ops *krb5_mcc_ops;" +.Pp +.Ft krb5_error_code +.Fo krb5_cc_close +.Fa "krb5_context *context" +.Fa "krb5_ccache id" +.Fc +.Ft krb5_error_code +.Fo krb5_cc_copy_cache +.Fa "krb5_context *context" +.Fa "const krb5_ccache from" +.Fa "krb5_ccache to" +.Fc +.Ft krb5_error_code +.Fo krb5_cc_default +.Fa "krb5_context *context" +.Fa "krb5_ccache *id" +.Fc +.Ft "const char *" +.Fo krb5_cc_default_name +.Fa "krb5_context *context" +.Fc +.Ft krb5_error_code +.Fo krb5_cc_destroy +.Fa "krb5_context *context" +.Fa "krb5_ccache id" +.Fc +.Ft krb5_error_code +.Fo krb5_cc_end_seq_get +.Fa "krb5_context *context" +.Fa "const krb5_ccache id" +.Fa "krb5_cc_cursor *cursor" +.Fc +.Ft krb5_error_code +.Fo krb5_cc_gen_new +.Fa "krb5_context *context" +.Fa "const krb5_cc_ops *ops" +.Fa "krb5_ccache *id" +.Fc +.Ft "const char *" +.Fo krb5_cc_get_name +.Fa "krb5_context *context" +.Fa "krb5_ccache id" +.Fc +.Ft krb5_error_code +.Fo krb5_cc_get_principal +.Fa "krb5_context *context" +.Fa "krb5_ccache id" +.Fa "krb5_principal *principal" +.Fc +.Ft "const char *" +.Fo krb5_cc_get_type +.Fa "krb5_context *context" +.Fa "krb5_ccache id" +.Fc +.Ft "const krb5_cc_ops *" +.Fo krb5_cc_get_ops +.Fa "krb5_context *context" +.Fa "krb5_ccache id" +.Fc +.Ft krb5_error_code +.Fo krb5_cc_get_version +.Fa "krb5_context *context" +.Fa "const krb5_ccache id" +.Fc +.Ft krb5_error_code +.Fo krb5_cc_initialize +.Fa "krb5_context *context" +.Fa "krb5_ccache id" +.Fa "krb5_principal primary_principal" +.Fc +.Ft krb5_error_code +.Fo krb5_cc_register +.Fa "krb5_context *context" +.Fa "const krb5_cc_ops *ops" +.Fa "krb5_boolean override" +.Fc +.Ft krb5_error_code +.Fo krb5_cc_resolve +.Fa "krb5_context *context" +.Fa "const char *name" +.Fa "krb5_ccache *id" +.Fc +.Ft krb5_error_code +.Fo krb5_cc_retrieve_cred +.Fa "krb5_context *context" +.Fa "krb5_ccache id" +.Fa "krb5_flags whichfields" +.Fa "const krb5_creds *mcreds" +.Fa "krb5_creds *creds" +.Fc +.Ft krb5_error_code +.Fo krb5_cc_remove_cred +.Fa "krb5_context *context" +.Fa "krb5_ccache id" +.Fa "krb5_flags which" +.Fa "krb5_creds *cred" +.Fc +.Ft krb5_error_code +.Fo krb5_cc_set_default_name +.Fa "krb5_context *context" +.Fa "const char *name" +.Fc +.Ft krb5_error_code +.Fo krb5_cc_store_cred +.Fa "krb5_context *context" +.Fa "krb5_ccache id" +.Fa "krb5_creds *creds" +.Fc +.Ft krb5_error_code +.Fo krb5_cc_set_flags +.Fa "krb5_context *context" +.Fa "krb5_cc_set_flags id" +.Fa "krb5_flags flags" +.Fc +.Ft krb5_error_code +.Fo krb5_cc_next_cred +.Fa "krb5_context *context" +.Fa "const krb5_ccache id" +.Fa "krb5_cc_cursor *cursor" +.Fa "krb5_creds *creds" +.Fc +.Sh DESCRIPTION +The +.Li krb5_ccache +structure holds a Kerberos credential cache. +.Pp +The +.Li krb5_cc_cursor +structure holds current position in a credential cache when +iterating over the cache. +.Pp +The +.Li krb5_cc_ops +structure holds a set of operations that can me preformed on a +credential cache. +.Pp +There is no component inside +.Li krb5_ccache , +.Li krb5_cc_cursor +nor +.Li krb5_fcc_ops +that is directly referable. +.Pp +The +.Li krb5_creds +holds a Kerberos credential, see manpage for +.Xr krb5_creds 3 . +.Pp +.Fn krb5_cc_default_name +and +.Fn krb5_cc_set_default_name +gets and sets the default name for the +.Fa context . +.Pp +.Fn krb5_cc_default +opens the default ccache in +.Fa id . +Return 0 or an error code. +.Pp +.Fn krb5_cc_gen_new +generates a new ccache of type +.Fa ops +in +.Fa id . +Return 0 or an error code. +.Pp +.Fn krb5_cc_resolve +finds and allocates a ccache in +.Fa id +from the specification in +.Fa residual . +If the ccache name doesn't contain any colon (:), interpret it as a +file name. +Return 0 or an error code. +.Pp +.Fn krb5_cc_initialize +creates a new ccache in +.Fa id +for +.Fa primary_principal . +Return 0 or an error code. +.Pp +.Fn krb5_cc_close +stops using the ccache +.Fa id +and frees the related resources. +Return 0 or an error code. +.Fn krb5_cc_destroy +removes the ccache +and closes (by calling +.Fn krb5_cc_close ) +.Fa id . +Return 0 or an error code. +.Pp +.Fn krb5_cc_copy_cache +copys the contents of +.Fa from +to +.Fa to . +.Pp +.Fn krb5_cc_get_name +returns the name of the ccache +.Fa id . +.Pp +.Fn krb5_cc_get_principal +returns the principal of +.Fa id +in +.Fa principal . +Return 0 or an error code. +.Pp +.Fn krb5_cc_get_type +returns the type of the ccache +.Fa id . +.Pp +.Fn krb5_cc_get_ops +returns the ops of the ccache +.Fa id . +.Pp +.Fn krb5_cc_get_version +returns the version of +.Fa id . +.Pp +.Fn krb5_cc_register +Adds a new ccache type with operations +.Fa ops , +overwriting any existing one if +.Fa override . +Return an error code or 0. +.Pp +.Fn krb5_cc_remove_cred +removes the credential identified by +.Fa ( cred , +.Fa which ) +from +.Fa id . +.Pp +.Fn krb5_cc_store_cred +stores +.Fa creds +in the ccache +.Fa id . +Return 0 or an error code. +.Pp +.Fn krb5_cc_set_flags +sets the flags of +.Fa id +to +.Fa flags . +.Pp +.Fn krb5_cc_retrieve_cred , +retrieves the credential identified by +.Fa mcreds +(and +.Fa whichfields ) +from +.Fa id +in +.Fa creds . +Return 0 or an error code. +.Pp +.Fn krb5_cc_next_cred +retrieves the next cred pointed to by +.Fa ( id , +.Fa cursor ) +in +.Fa creds , +and advance +.Fa cursor . +Return 0 or an error code. +.Pp +.Fn krb5_cc_end_seq_get +Destroys the cursor +.Fa cursor . +.Sh SEE ALSO +.Xr krb5 3 , +.Xr krb5.conf 5 , +.Xr kerberos 8 diff --git a/crypto/heimdal/lib/krb5/krb5_config.3 b/crypto/heimdal/lib/krb5/krb5_config.3 index fe5f261..471389e 100644 --- a/crypto/heimdal/lib/krb5/krb5_config.3 +++ b/crypto/heimdal/lib/krb5/krb5_config.3 @@ -1,5 +1,5 @@ .\" Copyright (c) 2000 Kungliga Tekniska Högskolan -.\" $Id: krb5_config.3,v 1.4 2002/08/28 15:30:48 joda Exp $ +.\" $Id: krb5_config.3,v 1.5 2003/04/16 13:58:14 lha Exp $ .Dd July 25, 2000 .Dt KRB5_CONFIG 3 .Os HEIMDAL @@ -12,7 +12,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft krb5_boolean .Fn krb5_config_get_bool_default "krb5_context context" "krb5_config_section *c" "krb5_boolean def_value" "..." .Ft int diff --git a/crypto/heimdal/lib/krb5/krb5_context.3 b/crypto/heimdal/lib/krb5/krb5_context.3 index a90ab72..95d1120 100644 --- a/crypto/heimdal/lib/krb5/krb5_context.3 +++ b/crypto/heimdal/lib/krb5/krb5_context.3 @@ -1,5 +1,36 @@ -.\" Copyright (c) 2001 Kungliga Tekniska Högskolan -.\" $Id: krb5_context.3,v 1.4 2002/09/02 12:42:00 joda Exp $ +.\" Copyright (c) 2001 - 200 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_context.3,v 1.5 2003/03/10 02:19:28 lha Exp $ +.\" .Dd January 21, 2001 .Dt KRB5_CONTEXT 3 .Os HEIMDAL diff --git a/crypto/heimdal/lib/krb5/krb5_create_checksum.3 b/crypto/heimdal/lib/krb5/krb5_create_checksum.3 index 9a8a27b..6704113 100644 --- a/crypto/heimdal/lib/krb5/krb5_create_checksum.3 +++ b/crypto/heimdal/lib/krb5/krb5_create_checksum.3 @@ -1,5 +1,36 @@ .\" Copyright (c) 1999 Kungliga Tekniska Högskolan -.\" $Id: krb5_create_checksum.3,v 1.4 2002/08/28 15:30:49 joda Exp $ +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_create_checksum.3,v 1.6 2003/04/16 13:58:14 lha Exp $ +.\" .Dd April 7, 1999 .Dt NAME 3 .Os HEIMDAL @@ -13,7 +44,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft krb5_error_code .Fn krb5_create_checksum "krb5_context context" "krb5_crypto crypto" "unsigned usage_or_type" "void *data" "size_t len" "Checksum *result" .Ft krb5_error_code diff --git a/crypto/heimdal/lib/krb5/krb5_crypto_init.3 b/crypto/heimdal/lib/krb5/krb5_crypto_init.3 index 98e8c5c..4b0284c 100644 --- a/crypto/heimdal/lib/krb5/krb5_crypto_init.3 +++ b/crypto/heimdal/lib/krb5/krb5_crypto_init.3 @@ -1,5 +1,36 @@ .\" Copyright (c) 1999 Kungliga Tekniska Högskolan -.\" $Id: krb5_crypto_init.3,v 1.4 2002/08/28 15:30:50 joda Exp $ +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_crypto_init.3,v 1.6 2003/04/16 13:58:15 lha Exp $ +.\" .Dd April 7, 1999 .Dt NAME 3 .Os HEIMDAL @@ -10,7 +41,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft krb5_error_code .Fn krb5_crypto_init "krb5_context context" "krb5_keyblock *key" "krb5_enctype enctype" "krb5_crypto *crypto" .Ft krb5_error_code diff --git a/crypto/heimdal/lib/krb5/krb5_data.3 b/crypto/heimdal/lib/krb5/krb5_data.3 new file mode 100644 index 0000000..355d934 --- /dev/null +++ b/crypto/heimdal/lib/krb5/krb5_data.3 @@ -0,0 +1,149 @@ +.\" Copyright (c) 2003 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_data.3,v 1.4 2003/04/16 13:58:13 lha Exp $ +.\" +.Dd March 20, 2003 +.Dt KRB5_DATA 3 +.Os HEIMDAL +.Sh NAME +.Nm krb5_data +.Nm krb5_data_zero +.Nm krb5_data_free +.Nm krb5_free_data_contents +.Nm krb5_free_data +.Nm krb5_data_alloc +.Nm krb5_data_realloc +.Nm krb5_data_copy +.Nm krb5_copy_data +.Nd operates on the Kerberos datatype krb5_data. +.Sh LIBRARY +Kerberos 5 Library (libkrb5, -lkrb5) +.Sh SYNOPSIS +.In krb5.h +.Pp +.Li "struct krb5_data;" +.Ft void +.Fn krb5_data_zero "krb5_data *p" +.Ft void +.Fn krb5_data_free "krb5_data *p" +.Ft void +.Fn krb5_free_data_contents "krb5_context context" "krb5_data *p" +.Ft void +.Fn krb5_free_data "krb5_context context" "krb5_data *p" +.Ft krb5_error_code +.Fn krb5_data_alloc "krb5_data *p" "int len" +.Ft krb5_error_code +.Fn krb5_data_realloc "krb5_data *p" "int len" +.Ft krb5_error_code +.Fn krb5_data_copy "krb5_data *p" "const void *data" "size_t len" +.Ft krb5_error_code +.Fn krb5_copy_data "krb5_context context" "const krb5_data *indata" "krb5_data **outdata" +.Sh DESCRIPTION +The +.Li krb5_data +structure holds a data element. +The structure contains two public accessible elements +.Fa length +(the length of data) +and +.Fa data +(the data itself). +The structure must always be initiated and freed by the functions +documented in this manual. +.Pp +.Fn krb5_data_zero +resets the content of +.Fa p . +.Pp +.Fn krb5_data_free +free the data in +.Fa p . +.Pp +.Fn krb5_free_data_contents +works the same way as +.Fa krb5_data_free . +The diffrence is that krb5_free_data_contents is more portable (exists +in MIT api). +.Pp +.Fn krb5_free_data +frees the data in +.Fa p +and +.Fa p +itself . +.Pp +.Fn krb5_data_alloc +allocates +.Fa len +bytes in +.Fa p +Returns 0 or an error. +.Pp +.Fn krb5_data_realloc +reallocates the length of +.Fa p +to the length in +.Fa len . +Returns 0 or an error. +.Pp +.Fn krb5_data_copy +copies the +.Fa data +that have the length +.Fa len +into +.Fa p . +.Fa p +is not freed so the calling function should make sure the +.Fa p +doesn't contain anything needs to be freed. +Returns 0 or an error. +.Pp +.Fn krb5_copy_data +copies the +.Li krb5_data +in +.Fa indata +to +.Fa outdata . +.Fa outdata +is not freed so the calling function should make sure the +.Fa outdata +doesn't contain anything needs to be freed. +.Fa outdata +should be freed using +.Fn krb5_free_data . +Returns 0 or an error. +.Sh SEE ALSO +.Xr krb5 3 , +.Xr krb5_storage 3 , +.Xr kerberos 8 diff --git a/crypto/heimdal/lib/krb5/krb5_encrypt.3 b/crypto/heimdal/lib/krb5/krb5_encrypt.3 index 9b24588..84140bf 100644 --- a/crypto/heimdal/lib/krb5/krb5_encrypt.3 +++ b/crypto/heimdal/lib/krb5/krb5_encrypt.3 @@ -1,5 +1,36 @@ .\" Copyright (c) 1999 Kungliga Tekniska Högskolan -.\" $Id: krb5_encrypt.3,v 1.5 2002/08/28 15:30:50 joda Exp $ +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_encrypt.3,v 1.7 2003/04/16 13:58:15 lha Exp $ +.\" .Dd April 7, 1999 .Dt KRB5_ENCRYPT 3 .Os HEIMDAL @@ -12,7 +43,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft krb5_error_code .Fn krb5_encrypt "krb5_context context" "krb5_crypto crypto" "unsigned usage" "void *data" "size_t len" "krb5_data *result" .Ft krb5_error_code diff --git a/crypto/heimdal/lib/krb5/krb5_free_addresses.3 b/crypto/heimdal/lib/krb5/krb5_free_addresses.3 index 18e1cda..6ac46d4 100644 --- a/crypto/heimdal/lib/krb5/krb5_free_addresses.3 +++ b/crypto/heimdal/lib/krb5/krb5_free_addresses.3 @@ -1,5 +1,36 @@ .\" Copyright (c) 2001 Kungliga Tekniska Högskolan -.\" $Id: krb5_free_addresses.3,v 1.3 2002/08/28 15:30:51 joda Exp $ +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_free_addresses.3,v 1.5 2003/04/16 13:58:15 lha Exp $ +.\" .Dd November 20, 2001 .Dt KRB5_FREE_ADDRESSES 3 .Os HEIMDAL @@ -9,7 +40,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft void .Fn krb5_free_addresses "krb5_context context" "krb5_addresses *addresses" .Sh DESCRIPTION diff --git a/crypto/heimdal/lib/krb5/krb5_free_principal.3 b/crypto/heimdal/lib/krb5/krb5_free_principal.3 index f9c006c..e9900a7 100644 --- a/crypto/heimdal/lib/krb5/krb5_free_principal.3 +++ b/crypto/heimdal/lib/krb5/krb5_free_principal.3 @@ -1,5 +1,36 @@ +.\" Copyright (c) 1997, 2001 - 2002 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" .\" Copyright (c) 1997 Kungliga Tekniska Högskolan -.\" $Id: krb5_free_principal.3,v 1.5 2002/08/28 15:30:52 joda Exp $ +.\" $Id: krb5_free_principal.3,v 1.7 2003/04/16 13:58:11 lha Exp $ .Dd August 8, 1997 .Dt KRB5_FREE_PRINCIPAL 3 .Os HEIMDAL @@ -9,7 +40,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft void .Fn krb5_free_principal "krb5_context context" "krb5_principal principal" .Sh DESCRIPTION diff --git a/crypto/heimdal/lib/krb5/krb5_get_all_client_addrs.3 b/crypto/heimdal/lib/krb5/krb5_get_all_client_addrs.3 index 1821298..0aef63e3 100644 --- a/crypto/heimdal/lib/krb5/krb5_get_all_client_addrs.3 +++ b/crypto/heimdal/lib/krb5/krb5_get_all_client_addrs.3 @@ -1,4 +1,36 @@ -.\" $Id: krb5_get_all_client_addrs.3,v 1.4 2002/08/28 15:30:52 joda Exp $ +.\" Copyright (c) 2001 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_get_all_client_addrs.3,v 1.6 2003/04/16 13:58:16 lha Exp $ +.\" .Dd July 1, 2001 .Dt KRB5_GET_ADDRS 3 .Sh NAME @@ -8,7 +40,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft "krb5_error_code" .Fn krb5_get_all_client_addrs "krb5_context context" "krb5_addresses *addrs" .Ft "krb5_error_code" diff --git a/crypto/heimdal/lib/krb5/krb5_get_krbhst.3 b/crypto/heimdal/lib/krb5/krb5_get_krbhst.3 index fcdc8e1..76ad20b 100644 --- a/crypto/heimdal/lib/krb5/krb5_get_krbhst.3 +++ b/crypto/heimdal/lib/krb5/krb5_get_krbhst.3 @@ -1,5 +1,36 @@ .\" Copyright (c) 2001 Kungliga Tekniska Högskolan -.\" $Id: krb5_get_krbhst.3,v 1.4 2002/08/28 15:30:53 joda Exp $ +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_get_krbhst.3,v 1.6 2003/04/16 13:58:16 lha Exp $ +.\" .Dd June 17, 2001 .Dt KRB5_GET_KRBHST 3 .Os HEIMDAL @@ -13,7 +44,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft krb5_error_code .Fn krb5_get_krbhst "krb5_context context" "const krb5_realm *realm" "char ***hostlist" .Ft krb5_error_code diff --git a/crypto/heimdal/lib/krb5/krb5_init_context.3 b/crypto/heimdal/lib/krb5/krb5_init_context.3 index 8a1141a..76213fb 100644 --- a/crypto/heimdal/lib/krb5/krb5_init_context.3 +++ b/crypto/heimdal/lib/krb5/krb5_init_context.3 @@ -1,5 +1,36 @@ -.\" Copyright (c) 2001 Kungliga Tekniska Högskolan -.\" $Id: krb5_init_context.3,v 1.6 2002/09/02 12:42:00 joda Exp $ +.\" Copyright (c) 2001 - 2002 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_init_context.3,v 1.9 2003/04/16 13:58:11 lha Exp $ +.\" .Dd January 21, 2001 .Dt KRB5_CONTEXT 3 .Os HEIMDAL @@ -10,7 +41,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft krb5_error_code .Fn krb5_init_context "krb5_context *context" .Ft void diff --git a/crypto/heimdal/lib/krb5/krb5_keytab.3 b/crypto/heimdal/lib/krb5/krb5_keytab.3 index 9c7eacd..164eb49 100644 --- a/crypto/heimdal/lib/krb5/krb5_keytab.3 +++ b/crypto/heimdal/lib/krb5/krb5_keytab.3 @@ -1,5 +1,36 @@ -.\" Copyright (c) 2001 Kungliga Tekniska Högskolan -.\" $Id: krb5_keytab.3,v 1.5 2002/08/28 15:30:54 joda Exp $ +.\" Copyright (c) 2001 - 2003 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_keytab.3,v 1.9 2003/04/16 13:58:16 lha Exp $ +.\" .Dd February 5, 2001 .Dt KRB5_KEYTAB 3 .Os HEIMDAL @@ -17,6 +48,7 @@ .Nm krb5_kt_free_entry , .Nm krb5_kt_get_entry , .Nm krb5_kt_get_name , +.Nm krb5_kt_get_type , .Nm krb5_kt_next_entry , .Nm krb5_kt_read_service_key , .Nm krb5_kt_register , @@ -27,7 +59,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Pp .Ft krb5_error_code .Fo krb5_kt_add_entry @@ -93,6 +125,13 @@ Kerberos 5 Library (libkrb5, -lkrb5) .Fa "size_t namesize" .Fc .Ft krb5_error_code +.Fo krb5_kt_get_type +.Fa "krb5_context context" +.Fa "krb5_keytab keytab" +.Fa "char *prefix" +.Fa "size_t prefixsize" +.Fc +.Ft krb5_error_code .Fo krb5_kt_next_entry .Fa "krb5_context context" .Fa "krb5_keytab id" @@ -138,7 +177,7 @@ The .Li residual part is specific to each keytab-type. .Pp -When a keytab-name is resolved, the type is matched with an interal +When a keytab-name is resolved, the type is matched with an internal list of keytab types. If there is no matching keytab type, the default keytab is used. The current default type is .Nm file . @@ -195,7 +234,7 @@ structure is normally only used when doing a new keytab-type implementation. .Pp .Fn krb5_kt_resolve -is the equvalent of an +is the equivalent of an .Xr open 2 on keytab. Resolve the keytab name in .Fa name @@ -260,6 +299,18 @@ into .Fa namesize . Returns 0 or an error. .Pp +.Fn krb5_kt_get_type +retrieves the type of the keytab +.Fa keytab +and store the prefix/name for type of the keytab into +.Fa prefix , +.Fa prefixsize . +The prefix will have the maximum length of +.Dv KRB5_KT_PREFIX_MAX_LEN +(including terminating +.Dv NUL ) . +Returns 0 or an error. +.Pp .Fn krb5_kt_free_entry frees the contents of .Fa entry . diff --git a/crypto/heimdal/lib/krb5/krb5_krbhst_init.3 b/crypto/heimdal/lib/krb5/krb5_krbhst_init.3 index 6bcf07f..87ea3f9 100644 --- a/crypto/heimdal/lib/krb5/krb5_krbhst_init.3 +++ b/crypto/heimdal/lib/krb5/krb5_krbhst_init.3 @@ -1,5 +1,36 @@ .\" Copyright (c) 2001 Kungliga Tekniska Högskolan -.\" $Id: krb5_krbhst_init.3,v 1.5 2002/08/28 15:30:54 joda Exp $ +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_krbhst_init.3,v 1.7 2003/04/16 13:58:16 lha Exp $ +.\" .Dd June 17, 2001 .Dt KRB5_KRBHST_INIT 3 .Os HEIMDAL @@ -15,7 +46,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft krb5_error_code .Fn krb5_krbhst_init "krb5_context context" "const char *realm" "unsigned int type" "krb5_krbhst_handle *handle" .Ft krb5_error_code diff --git a/crypto/heimdal/lib/krb5/krb5_kuserok.3 b/crypto/heimdal/lib/krb5/krb5_kuserok.3 new file mode 100644 index 0000000..1539202 --- /dev/null +++ b/crypto/heimdal/lib/krb5/krb5_kuserok.3 @@ -0,0 +1,94 @@ +.\" Copyright (c) 2003 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_kuserok.3,v 1.5 2003/04/16 13:58:10 lha Exp $ +.\" +.Dd Oct 17, 2002 +.Dt KRB5_KUSEROK 3 +.Os HEIMDAL +.Sh NAME +.Nm krb5_kuserok +.Nd verifies if a principal can log in as a user +.Sh LIBRARY +Kerberos 5 Library (libkrb5, -lkrb5) +.Sh SYNOPSIS +.In krb5.h +.Ft krb5_boolean +.Fo krb5_kuserok +.Fa "krb5_context context" +.Fa "krb5_principal principal" +.Fa "const char *name" +.Fc +.Sh DESCRIPTION +This function takes a local user +.Fa name +and verifies if +.Fa principal +is allowed to log in as that user. +.Pp +First +.Nm +check if there is a local account name +.Fa username. +If there isn't, +.Nm +returns +.Dv FALSE . +.Pp +Then +.Nm +checks if principal is the same as user@realm in any of the default +realms. If that is the case, +.Nm +returns +.Dv TRUE . +.Pp +After that it reads the file +.Pa .k5login +(if it exists) in the users home directory and checks if +.Fa principal +is in the file. +If it does exists, +.Dv TRUE +is returned. +If neither of the above turns out to be true, +.DV FALSE +is returned. +.Pp +The +.Pa .k5login +should contain one principal per line. +.Sh SEE ALSO +.Xr krb5_get_default_realms 3 , +.Xr krb5_verify_user 3 , +.Xr krb5_verify_user_lrealm 3 , +.Xr krb5_verify_user_opt 3, +.Xr krb5.conf 5 diff --git a/crypto/heimdal/lib/krb5/krb5_openlog.3 b/crypto/heimdal/lib/krb5/krb5_openlog.3 index 8ed94fc..cb1ccc9 100644 --- a/crypto/heimdal/lib/krb5/krb5_openlog.3 +++ b/crypto/heimdal/lib/krb5/krb5_openlog.3 @@ -1,5 +1,35 @@ -.\" Copyright (c) 1997 Kungliga Tekniska Högskolan -.\" $Id: krb5_openlog.3,v 1.7 2002/08/28 15:30:55 joda Exp $ +.\" Copyright (c) 1997, 1999, 2001 - 2002 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_openlog.3,v 1.9 2003/04/16 13:58:12 lha Exp $ .Dd August 6, 1997 .Dt KRB5_OPENLOG 3 .Os HEIMDAL @@ -17,7 +47,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft "typedef void" .Fn "\*(lp*krb5_log_log_func_t\*(rp" "const char *time" "const char *message" "void *data" .Ft "typedef void" diff --git a/crypto/heimdal/lib/krb5/krb5_parse_name.3 b/crypto/heimdal/lib/krb5/krb5_parse_name.3 index 285c4e2..b936c63 100644 --- a/crypto/heimdal/lib/krb5/krb5_parse_name.3 +++ b/crypto/heimdal/lib/krb5/krb5_parse_name.3 @@ -1,5 +1,36 @@ .\" Copyright (c) 1997 Kungliga Tekniska Högskolan -.\" $Id: krb5_parse_name.3,v 1.6 2002/09/02 12:42:00 joda Exp $ +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_parse_name.3,v 1.8 2003/04/16 13:58:17 lha Exp $ +.\" .Dd August 8, 1997 .Dt KRB5_PARSE_NAME 3 .Os HEIMDAL @@ -9,7 +40,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft krb5_error_code .Fn krb5_parse_name "krb5_context context" "const char *name" "krb5_principal *principal" .Sh DESCRIPTION diff --git a/crypto/heimdal/lib/krb5/krb5_principal_get_realm.3 b/crypto/heimdal/lib/krb5/krb5_principal_get_realm.3 index bd02ce6..1ece798 100644 --- a/crypto/heimdal/lib/krb5/krb5_principal_get_realm.3 +++ b/crypto/heimdal/lib/krb5/krb5_principal_get_realm.3 @@ -1,5 +1,36 @@ .\" Copyright (c) 2001 Kungliga Tekniska Högskolan -.\" $Id: krb5_principal_get_realm.3,v 1.4 2002/08/28 15:30:56 joda Exp $ +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_principal_get_realm.3,v 1.6 2003/04/16 13:58:17 lha Exp $ +.\" .Dd June 20, 2001 .Dt KRB5_PRINCIPAL_GET_REALM 3 .Os HEIMDAL @@ -10,7 +41,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft "const char *" .Fn krb5_principal_get_realm "krb5_context context" "krb5_principal principal" .Ft "const char *" diff --git a/crypto/heimdal/lib/krb5/krb5_set_default_realm.3 b/crypto/heimdal/lib/krb5/krb5_set_default_realm.3 new file mode 100644 index 0000000..e4b9a36 --- /dev/null +++ b/crypto/heimdal/lib/krb5/krb5_set_default_realm.3 @@ -0,0 +1,144 @@ +.\" Copyright (c) 2003 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_set_default_realm.3,v 1.2 2003/04/16 13:58:11 lha Exp $ +.\" +.Dd Mar 16, 2003 +.Dt KRB5_SET_DEFAULT_REALM 3 +.Os HEIMDAL +.Sh NAME +.Nm krb5_free_host_realm +.Nm krb5_get_default_realm +.Nm krb5_get_default_realms +.Nm krb5_get_host_realm +.Nm krb5_set_default_realm +.Nd default and host realm read and manipulation routines +.Sh LIBRARY +Kerberos 5 Library (libkrb5, -lkrb5) +.Sh SYNOPSIS +.In krb5.h +.Ft krb5_error_code +.Fo krb5_free_host_realm +.Fa "krb5_context context" +.Fa "krb5_realm *realmlist" +.Fc +.Ft krb5_error_code +.Fo krb5_get_default_realm +.Fa "krb5_context context" +.Fa "krb5_realm *realm" +.Fc +.Ft krb5_error_code +.Fo krb5_get_default_realms +.Fa "krb5_context context" +.Fa "krb5_realm **realm" +.Fc +.Ft krb5_error_code +.Fo krb5_get_host_realm +.Fa "krb5_context context" +.Fa "const char *host" +.Fa "krb5_realm **realms" +.Fc +.Ft krb5_error_code +.Fo krb5_set_default_realm +.Fa "krb5_context context" +.Fa "const char *realm" +.Fc +.Sh DESCRIPTION +.Fn krb5_free_host_realm +frees all memory allocated by +.Fa realmlist . +.Pp +.Fn krb5_get_default_realm +returns the first default realm for this host. +The realm returned should be free with +.Fn free . +.Pp +.Fn krb5_get_default_realms +returns a +.Dv NULL +terminated list of default realms for this context. +Realms returned by +.Fn krb5_get_default_realms +should be free with +.Fn krb5_free_host_realm . +.Pp +.Fn krb5_get_host_realm +returns a +.Dv NULL +terminated list of realms for +.Fa host +by looking up the information in the +.Li [domain_realm] +in +.Pa krb5.conf +or in +.Li DNS . +If the mapping in +.Li [domain_realm] +results in the string +.Li dns_locate , +DNS is used to lookup the realm. +.Pp +When using +.Li DNS +to a resolve the domain for the host a.b.c, +.Fn krb5_get_host_realm +looks for a +.Dv TXT +resource record named +.Li _kerberos.a.b.c , +and if not found, it strips off the first component and tries a again +(_kerberos.b.c) until it reaches the root. +.Pp +If there is no configuration or DNS information found, +.Fn krb5_get_host_realm +assumes it can use the domain part of the +.Fa host +to form a realm. +.Pp +.Fn krb5_set_default_realm +sets the default realm for the +.Fa context . +If +.Dv NULL +is used as a +.Fa realm , +the +.Li [libdefaults]default_realm +stanza in +.Pa krb5.conf +is used. +If there is no such stanza in the configuration file, the +.Fn krb5_get_host_realm +function is used to form a default realm. +.Sh SEE ALSO +.Xr krb5.conf 5 , +.Xr free 3 diff --git a/crypto/heimdal/lib/krb5/krb5_sname_to_principal.3 b/crypto/heimdal/lib/krb5/krb5_sname_to_principal.3 index f5fff5f..5724ce1 100644 --- a/crypto/heimdal/lib/krb5/krb5_sname_to_principal.3 +++ b/crypto/heimdal/lib/krb5/krb5_sname_to_principal.3 @@ -1,5 +1,36 @@ .\" Copyright (c) 1997 Kungliga Tekniska Högskolan -.\" $Id: krb5_sname_to_principal.3,v 1.5 2002/08/28 15:30:56 joda Exp $ +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_sname_to_principal.3,v 1.7 2003/04/16 13:58:17 lha Exp $ +.\" .Dd August 8, 1997 .Dt KRB5_PRINCIPAL 3 .Os HEIMDAL @@ -10,7 +41,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft krb5_error_code .Fn krb5_sname_to_principal "krb5_context context" "const char *hostname" "const char *sname" "int32_t type" "krb5_principal *principal" .Ft krb5_error_code diff --git a/crypto/heimdal/lib/krb5/krb5_timeofday.3 b/crypto/heimdal/lib/krb5/krb5_timeofday.3 index b0e4b52..6d5dbb3 100644 --- a/crypto/heimdal/lib/krb5/krb5_timeofday.3 +++ b/crypto/heimdal/lib/krb5/krb5_timeofday.3 @@ -1,4 +1,36 @@ -.\" $Id: krb5_timeofday.3,v 1.3 2002/08/28 15:30:57 joda Exp $ +.\" Copyright (c) 2001 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_timeofday.3,v 1.5 2003/04/16 13:58:18 lha Exp $ +.\" .Dd July 1, 2001 .Dt KRB5_TIMEOFDAY 3 .Sh NAME @@ -8,7 +40,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft "krb5_error_code" .Fn krb5_timeofday "krb5_context context" "krb5_timestamp *timeret" .Ft "krb5_error_code" diff --git a/crypto/heimdal/lib/krb5/krb5_unparse_name.3 b/crypto/heimdal/lib/krb5/krb5_unparse_name.3 index e58b911..ed96c5d 100644 --- a/crypto/heimdal/lib/krb5/krb5_unparse_name.3 +++ b/crypto/heimdal/lib/krb5/krb5_unparse_name.3 @@ -1,5 +1,36 @@ .\" Copyright (c) 1997 Kungliga Tekniska Högskolan -.\" $Id: krb5_unparse_name.3,v 1.6 2002/09/02 12:42:00 joda Exp $ +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_unparse_name.3,v 1.8 2003/04/16 13:58:18 lha Exp $ +.\" .Dd August 8, 1997 .Dt KRB5_UNPARSE_NAME 3 .Os HEIMDAL @@ -10,7 +41,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft krb5_error_code .Fn krb5_unparse_name "krb5_context context" "krb5_principal principal" "char **name" .\" .Ft krb5_error_code diff --git a/crypto/heimdal/lib/krb5/krb5_verify_user.3 b/crypto/heimdal/lib/krb5/krb5_verify_user.3 index 0e9b108..1357ef1 100644 --- a/crypto/heimdal/lib/krb5/krb5_verify_user.3 +++ b/crypto/heimdal/lib/krb5/krb5_verify_user.3 @@ -1,30 +1,98 @@ -.\" Copyright (c) 2001 Kungliga Tekniska Högskolan -.\" $Id: krb5_verify_user.3,v 1.5 2002/08/28 15:30:58 joda Exp $ -.Dd June 27, 2001 +.\" Copyright (c) 2001 - 2003 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_verify_user.3,v 1.10 2003/04/16 13:58:11 lha Exp $ +.\" +.Dd March 25, 2003 .Dt KRB5_VERIFY_USER 3 .Os HEIMDAL .Sh NAME .Nm krb5_verify_user , -.Nm krb5_verify_user_lrealm -.Nd Heimdal password verifying functions +.Nm krb5_verify_user_lrealm , +.Nm krb5_verify_user_opt , +.Nm krb5_verify_opt_init +.Nm krb5_verify_opt_set_flags , +.Nm krb5_verify_opt_set_service , +.Nm krb5_verify_opt_set_secure , +.Nm krb5_verify_opt_set_keytab +.Nd Heimdal password verifying functions. .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft krb5_error_code .Fn "krb5_verify_user" "krb5_context context" " krb5_principal principal" "krb5_ccache ccache" "const char *password" "krb5_boolean secure" "const char *service" .Ft krb5_error_code .Fn "krb5_verify_user_lrealm" "krb5_context context" "krb5_principal principal" "krb5_ccache ccache" "const char *password" "krb5_boolean secure" "const char *service" +.Ft void +.Fn krb5_verify_opt_init "krb5_verify_opt *opt" +.Ft void +.Fn krb5_verify_opt_set_ccache "krb5_verify_opt *opt" "krb5_ccache ccache" +.Ft void +.Fn krb5_verify_opt_set_keytab "krb5_verify_opt *opt" "krb5_keytab keytab" +.Ft void +.Fn krb5_verify_opt_set_secure "krb5_verify_opt *opt" "krb5_boolean secure" +.Ft void +.Fn krb5_verify_opt_set_service "krb5_verify_opt *opt" "const char *service" +.Ft void +.Fn krb5_verify_opt_set_flags "krb5_verify_opt *opt" "unsigned int flags" +.Ft krb5_error_code +.Fo krb5_verify_user_opt +.Fa "krb5_context context" +.Fa "krb5_principal principal" +.Fa "const char *password" +.Fa "krb5_verify_opt *opt" +.Fc .Sh DESCRIPTION The .Nm krb5_verify_user function verifies the password supplied by a user. -The principal whose -password will be verified is specified in +The principal whose password will be verified is specified in .Fa principal . New tickets will be obtained as a side-effect and stored in .Fa ccache -(if NULL, the default ccache is used). +(if +.Dv NULL , +the default ccache is used). +.Fn krb5_verify_user +will call +.Fn krb5_cc_initialize +on the given +.Fa ccache , +so +.Fa ccache +must only initialized with +.Fn krb5_cc_resolve +or +.Fn krb5_cc_gen_new . If the password is not supplied in .Fa password (and is given as @@ -50,6 +118,68 @@ After a successful return, the principal is set to the authenticated realm. If the call fails, the principal will not be meaningful, and should only be freed with .Xr krb5_free_principal 3 . +.Pp +.Fn krb5_verify_opt_init +resets all opt to default values. +.Pp +None of the krb5_verify_opt_set function makes a copy of the data +structure that they are called with. Its up the caller to free them +after the +.Fn krb5_verify_user_opt +is called. +.Pp +.Fn krb5_verify_opt_set_ccache +sets the +.Fa ccache +that user of +.Fa opt +will use. If not set, the default credential cache will be used. +.Pp +.Fn krb5_verify_opt_set_keytab +sets the +.Fa keytab +that user of +.Fa opt +will use. If not set, the default keytab will be used. +.Pp +.Fn krb5_verify_opt_set_secure +if +.Fa secure +if true, the password verification will require that the ticket will +be verified against the locally stored service key. If not set, +default value is true. +.Pp +.Fn krb5_verify_opt_set_service +sets the +.Fa service +principal that user of +.Fa opt +will use. If not set, the +.Ql host +service will be used. +.Pp +.Fn krb5_verify_opt_set_flags +sets +.Fa flags +that user of +.Fa opt +will use. +If the flag +.Dv KRB5_VERIFY_LREALMS +is used, the +.Fa principal +will be modified like +.Fn krb5_verify_user_lrealm +modifies it. +.Pp +.Fn krb5_verify_user_opt +function verifies the +.Fa password +supplied by a user. +The principal whose password will be verified is specified in +.Fa principal . +Options the to the verification process is pass in in +.Fa opt . .Sh EXAMPLE Here is a example program that verifies a password. it uses the .Ql host/`hostname` @@ -86,6 +216,9 @@ main(int argc, char **argv) .Ed .Sh SEE ALSO .Xr krb5_err 3 , +.Xr krb5_cc_gen_new 3 , +.Xr krb5_cc_resolve 3 , +.Xr krb5_cc_initialize 3 , .Xr krb5_free_principal 3 , .Xr krb5_init_context 3 , .Xr krb5_kt_default 3 , diff --git a/crypto/heimdal/lib/krb5/krb5_warn.3 b/crypto/heimdal/lib/krb5/krb5_warn.3 index 0a1302a..7ed4b31 100644 --- a/crypto/heimdal/lib/krb5/krb5_warn.3 +++ b/crypto/heimdal/lib/krb5/krb5_warn.3 @@ -1,5 +1,5 @@ .\" Copyright (c) 1997 Kungliga Tekniska Högskolan -.\" $Id: krb5_warn.3,v 1.5 2002/08/28 15:30:59 joda Exp $ +.\" $Id: krb5_warn.3,v 1.7 2003/04/16 19:31:49 lha Exp $ .Dd August 8, 1997 .Dt KRB5_WARN 3 .Os HEIMDAL @@ -17,7 +17,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft krb5_error_code .Fn krb5_err "krb5_context context" "int eval" "krb5_error_code code" "const char *format" "..." .Ft krb5_error_code @@ -36,6 +36,8 @@ Kerberos 5 Library (libkrb5, -lkrb5) .Fn krb5_warnx "krb5_context context" "const char *format" "..." .Ft krb5_error_code .Fn krb5_set_warn_dest "krb5_context context" "krb5_log_facility *facility" +.Ft "char *" +.Fn krb5_get_err_text "krb5_context context" "krb5_error_code code" .Sh DESCRIPTION These functions prints a warning message to some destination. .Fa format @@ -59,5 +61,8 @@ Messages logged with the functions have a log level of 1, while the .Dq err functions logs with level 0. +.Pp +.Fn krb5_get_err_text +fetches the human readable strings describing the error-code. .Sh SEE ALSO .Xr krb5_openlog 3 diff --git a/crypto/heimdal/lib/krb5/krbhst.c b/crypto/heimdal/lib/krb5/krbhst.c index 8ffa6df..e0cc9f4 100644 --- a/crypto/heimdal/lib/krb5/krbhst.c +++ b/crypto/heimdal/lib/krb5/krbhst.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include <resolve.h> -RCSID("$Id: krbhst.c,v 1.41 2002/08/16 18:48:19 nectar Exp $"); +RCSID("$Id: krbhst.c,v 1.43.2.1 2003/04/22 15:00:38 lha Exp $"); static int string_to_proto(const char *string) @@ -104,7 +104,9 @@ srv_find_realm(krb5_context context, krb5_krbhst_info ***res, int *count, for(num_srv = 0, rr = r->head; rr; rr = rr->next) if(rr->type == T_SRV) { krb5_krbhst_info *hi; - hi = calloc(1, sizeof(*hi) + strlen(rr->u.srv->target)); + size_t len = strlen(rr->u.srv->target); + + hi = calloc(1, sizeof(*hi) + len); if(hi == NULL) { dns_free_data(r); while(--num_srv >= 0) @@ -122,7 +124,7 @@ srv_find_realm(krb5_context context, krb5_krbhst_info ***res, int *count, else hi->port = rr->u.srv->port; - strcpy(hi->hostname, rr->u.srv->target); + strlcpy(hi->hostname, rr->u.srv->target, len + 1); } *count = num_srv; diff --git a/crypto/heimdal/lib/krb5/kuserok.c b/crypto/heimdal/lib/krb5/kuserok.c index 95123699..a79532e 100644 --- a/crypto/heimdal/lib/krb5/kuserok.c +++ b/crypto/heimdal/lib/krb5/kuserok.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: kuserok.c,v 1.5.12.1 2002/10/21 14:37:55 joda Exp $"); +RCSID("$Id: kuserok.c,v 1.7 2003/03/13 19:53:43 lha Exp $"); /* * Return TRUE iff `principal' is allowed to login as `luser'. @@ -51,6 +51,10 @@ krb5_kuserok (krb5_context context, krb5_error_code ret; krb5_boolean b; + pwd = getpwnam (luser); /* XXX - Should use k_getpwnam? */ + if (pwd == NULL) + return FALSE; + ret = krb5_get_default_realms (context, &realms); if (ret) return FALSE; @@ -78,9 +82,6 @@ krb5_kuserok (krb5_context context, } krb5_free_host_realm (context, realms); - pwd = getpwnam (luser); /* XXX - Should use k_getpwnam? */ - if (pwd == NULL) - return FALSE; snprintf (buf, sizeof(buf), "%s/.k5login", pwd->pw_dir); f = fopen (buf, "r"); if (f == NULL) diff --git a/crypto/heimdal/lib/krb5/mk_rep.c b/crypto/heimdal/lib/krb5/mk_rep.c index b955555..1026df0 100644 --- a/crypto/heimdal/lib/krb5/mk_rep.c +++ b/crypto/heimdal/lib/krb5/mk_rep.c @@ -33,68 +33,67 @@ #include <krb5_locl.h> -RCSID("$Id: mk_rep.c,v 1.20 2002/09/04 16:26:05 joda Exp $"); +RCSID("$Id: mk_rep.c,v 1.21 2002/12/19 13:30:36 joda Exp $"); krb5_error_code krb5_mk_rep(krb5_context context, krb5_auth_context auth_context, krb5_data *outbuf) { - krb5_error_code ret; - AP_REP ap; - EncAPRepPart body; - u_char *buf = NULL; - size_t buf_size; - size_t len; - krb5_crypto crypto; + krb5_error_code ret; + AP_REP ap; + EncAPRepPart body; + u_char *buf = NULL; + size_t buf_size; + size_t len; + krb5_crypto crypto; - ap.pvno = 5; - ap.msg_type = krb_ap_rep; + ap.pvno = 5; + ap.msg_type = krb_ap_rep; - memset (&body, 0, sizeof(body)); + memset (&body, 0, sizeof(body)); - body.ctime = auth_context->authenticator->ctime; - body.cusec = auth_context->authenticator->cusec; - body.subkey = NULL; - if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) { - krb5_generate_seq_number (context, - auth_context->keyblock, - &auth_context->local_seqnumber); - body.seq_number = malloc (sizeof(*body.seq_number)); - if (body.seq_number == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - *(body.seq_number) = auth_context->local_seqnumber; - } else - body.seq_number = NULL; + body.ctime = auth_context->authenticator->ctime; + body.cusec = auth_context->authenticator->cusec; + body.subkey = NULL; + if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) { + krb5_generate_seq_number (context, + auth_context->keyblock, + &auth_context->local_seqnumber); + body.seq_number = malloc (sizeof(*body.seq_number)); + if (body.seq_number == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + *(body.seq_number) = auth_context->local_seqnumber; + } else + body.seq_number = NULL; - ap.enc_part.etype = auth_context->keyblock->keytype; - ap.enc_part.kvno = NULL; + ap.enc_part.etype = auth_context->keyblock->keytype; + ap.enc_part.kvno = NULL; - ASN1_MALLOC_ENCODE(EncAPRepPart, buf, buf_size, &body, &len, ret); - free_EncAPRepPart (&body); - if(ret) - return ret; - ret = krb5_crypto_init(context, auth_context->keyblock, - 0 /* ap.enc_part.etype */, &crypto); - if (ret) { - free (buf); - return ret; - } - ret = krb5_encrypt (context, - crypto, - KRB5_KU_AP_REQ_ENC_PART, - buf + buf_size - len, - len, - &ap.enc_part.cipher); - krb5_crypto_destroy(context, crypto); - if (ret) { - free(buf); - return ret; - } + ASN1_MALLOC_ENCODE(EncAPRepPart, buf, buf_size, &body, &len, ret); + free_EncAPRepPart (&body); + if(ret) + return ret; + ret = krb5_crypto_init(context, auth_context->keyblock, + 0 /* ap.enc_part.etype */, &crypto); + if (ret) { + free (buf); + return ret; + } + ret = krb5_encrypt (context, + crypto, + KRB5_KU_AP_REQ_ENC_PART, + buf + buf_size - len, + len, + &ap.enc_part.cipher); + krb5_crypto_destroy(context, crypto); + free(buf); + if (ret) + return ret; - ASN1_MALLOC_ENCODE(AP_REP, outbuf->data, outbuf->length, &ap, &len, ret); - free_AP_REP (&ap); - return ret; + ASN1_MALLOC_ENCODE(AP_REP, outbuf->data, outbuf->length, &ap, &len, ret); + free_AP_REP (&ap); + return ret; } diff --git a/crypto/heimdal/lib/krb5/name-45-test.c b/crypto/heimdal/lib/krb5/name-45-test.c index 373586e..f1455cd 100644 --- a/crypto/heimdal/lib/krb5/name-45-test.c +++ b/crypto/heimdal/lib/krb5/name-45-test.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002 Kungliga Tekniska Högskolan + * Copyright (c) 2002 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,7 +32,7 @@ #include "krb5_locl.h" -RCSID("$Id: name-45-test.c,v 1.2 2002/08/31 03:33:07 assar Exp $"); +RCSID("$Id: name-45-test.c,v 1.3.2.1 2003/05/06 16:49:14 joda Exp $"); enum { MAX_COMPONENTS = 3 }; @@ -96,7 +96,7 @@ static struct testcase { 0, 0}, {"pop", "mail0", "NADA.KTH.SE", "NADA.KTH.SE", 2, - {"pop", "mail0.nada.kth.se"}, NULL, HEIM_ERR_V4_PRINC_NO_CONV, 0}, + {"pop", "mail0.nada.kth.se"}, "", HEIM_ERR_V4_PRINC_NO_CONV, 0}, {"pop", "mail0", "NADA.KTH.SE", "NADA.KTH.SE", 2, {"pop", "mail0.nada.kth.se"}, "[realms]\n" @@ -110,10 +110,10 @@ static struct testcase { " v4_instance_resolve = true\n", HEIM_ERR_V4_PRINC_NO_CONV, 0}, - {"rcmd", "ratatosk", "NADA.KTH.SE", "NADA.KTH.SE", 2, - {"host", "ratatosk.pdc.kth.se"}, NULL, HEIM_ERR_V4_PRINC_NO_CONV, 0}, - {"rcmd", "ratatosk", "NADA.KTH.SE", "NADA.KTH.SE", 2, - {"host", "ratatosk.pdc.kth.se"}, + {"rcmd", "hokkigai", "NADA.KTH.SE", "NADA.KTH.SE", 2, + {"host", "hokkigai.pdc.kth.se"}, "", HEIM_ERR_V4_PRINC_NO_CONV, 0}, + {"rcmd", "hokkigai", "NADA.KTH.SE", "NADA.KTH.SE", 2, + {"host", "hokkigai.pdc.kth.se"}, "[libdefaults]\n" " v4_instance_resolve = true\n" "[realms]\n" @@ -143,7 +143,7 @@ static struct testcase { "012345678901234567890123456789012345678"}, NULL, 0, 0}, - {NULL, NULL, NULL, NULL, 0, {}, NULL, 0} + {NULL, NULL, NULL, NULL, 0, {NULL}, NULL, 0} }; int @@ -199,10 +199,13 @@ main(int argc, char **argv) } } else { if (t->ret) { + char *s; + krb5_unparse_name(context, princ, &s); krb5_warnx (context, "krb5_425_conv_principal %s.%s@%s " - "passed unexpected", - t->v4_name, t->v4_inst, t->v4_realm); + "passed unexpected: %s", + t->v4_name, t->v4_inst, t->v4_realm, s); + free(s); val = 1; continue; } diff --git a/crypto/heimdal/lib/krb5/principal.c b/crypto/heimdal/lib/krb5/principal.c index 400ce38..fd218a1 100644 --- a/crypto/heimdal/lib/krb5/principal.c +++ b/crypto/heimdal/lib/krb5/principal.c @@ -41,7 +41,7 @@ #include <fnmatch.h> #include "resolve.h" -RCSID("$Id: principal.c,v 1.81.2.1 2002/10/21 16:08:25 joda Exp $"); +RCSID("$Id: principal.c,v 1.82 2002/10/21 15:30:53 joda Exp $"); #define princ_num_comp(P) ((P)->name.name_string.len) #define princ_type(P) ((P)->name.name_type) diff --git a/crypto/heimdal/lib/krb5/prompter_posix.c b/crypto/heimdal/lib/krb5/prompter_posix.c index c6cc715..4aea3a4 100644 --- a/crypto/heimdal/lib/krb5/prompter_posix.c +++ b/crypto/heimdal/lib/krb5/prompter_posix.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: prompter_posix.c,v 1.6.6.1 2002/10/21 14:47:42 joda Exp $"); +RCSID("$Id: prompter_posix.c,v 1.7 2002/09/16 17:32:11 nectar Exp $"); int krb5_prompter_posix (krb5_context context, diff --git a/crypto/heimdal/lib/krb5/store_emem.c b/crypto/heimdal/lib/krb5/store_emem.c index 47ca1c8..526cf32 100644 --- a/crypto/heimdal/lib/krb5/store_emem.c +++ b/crypto/heimdal/lib/krb5/store_emem.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include "store-int.h" -RCSID("$Id: store_emem.c,v 1.12.4.1 2002/10/21 16:08:55 joda Exp $"); +RCSID("$Id: store_emem.c,v 1.13 2002/10/21 15:36:23 joda Exp $"); typedef struct emem_storage{ unsigned char *base; diff --git a/crypto/heimdal/lib/krb5/test_alname.c b/crypto/heimdal/lib/krb5/test_alname.c new file mode 100644 index 0000000..8a6ec6d --- /dev/null +++ b/crypto/heimdal/lib/krb5/test_alname.c @@ -0,0 +1,156 @@ +/* + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of KTH nor the names of its contributors may be + * used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ + +#include "krb5_locl.h" +#include <getarg.h> +#include <err.h> + +RCSID("$Id: test_alname.c,v 1.4 2003/04/17 05:46:45 lha Exp $"); + +static void +test_alname(krb5_context context, krb5_realm realm, + const char *user, const char *inst, + const char *localuser, int ok) +{ + krb5_principal p; + char localname[1024]; + krb5_error_code ret; + char *princ; + + ret = krb5_make_principal(context, &p, realm, user, inst, NULL); + if (ret) + krb5_err(context, 1, ret, "krb5_build_principal"); + + ret = krb5_unparse_name(context, p, &princ); + if (ret) + krb5_err(context, 1, ret, "krb5_unparse_name"); + + ret = krb5_aname_to_localname(context, p, sizeof(localname), localname); + krb5_free_principal(context, p); + free(princ); + if (ret) { + if (!ok) + return; + krb5_err(context, 1, ret, "krb5_aname_to_localname: %s -> %s", + princ, localuser); + } + + if (strcmp(localname, localuser) != 0) { + if (ok) + errx(1, "compared failed %s != %s (should have succeded)", + localname, localuser); + } else { + if (!ok) + errx(1, "compared failed %s == %s (should have failed)", + localname, localuser); + } + +} + +static int version_flag = 0; +static int help_flag = 0; + +static struct getargs args[] = { + {"version", 0, arg_flag, &version_flag, + "print version", NULL }, + {"help", 0, arg_flag, &help_flag, + NULL, NULL } +}; + +static void +usage (int ret) +{ + arg_printusage (args, + sizeof(args)/sizeof(*args), + NULL, + ""); + exit (ret); +} + +int +main(int argc, char **argv) +{ + krb5_context context; + krb5_error_code ret; + krb5_realm realm; + int optind = 0; + char *user; + + setprogname(argv[0]); + + if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind)) + usage(1); + + if (help_flag) + usage (0); + + if(version_flag){ + print_version(NULL); + exit(0); + } + + argc -= optind; + argv += optind; + + if (argc != 1) + errx(1, "first argument should be a local user that in root .k5login"); + + user = argv[0]; + + ret = krb5_init_context(&context); + if (ret) + errx (1, "krb5_init_context failed: %d", ret); + + ret = krb5_get_default_realm(context, &realm); + if (ret) + krb5_err(context, 1, ret, "krb5_get_default_realm"); + + test_alname(context, realm, user, NULL, user, 1); + test_alname(context, realm, user, "root", "root", 1); + + test_alname(context, "FOO.BAR.BAZ.KAKA", user, NULL, user, 0); + test_alname(context, "FOO.BAR.BAZ.KAKA", user, "root", "root", 0); + + test_alname(context, realm, user, NULL, + "not-same-as-user", 0); + test_alname(context, realm, user, "root", + "not-same-as-user", 0); + + test_alname(context, "FOO.BAR.BAZ.KAKA", user, NULL, + "not-same-as-user", 0); + test_alname(context, "FOO.BAR.BAZ.KAKA", user, "root", + "not-same-as-user", 0); + + krb5_free_context(context); + + return 0; +} diff --git a/crypto/heimdal/lib/krb5/test_cc.c b/crypto/heimdal/lib/krb5/test_cc.c new file mode 100644 index 0000000..15181f4 --- /dev/null +++ b/crypto/heimdal/lib/krb5/test_cc.c @@ -0,0 +1,86 @@ +/* + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of KTH nor the names of its contributors may be + * used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ + +#include "krb5_locl.h" +#include <err.h> + +RCSID("$Id: test_cc.c,v 1.1 2003/03/10 00:26:40 lha Exp $"); + +#define TEST_CC_NAME "/tmp/foo" + +int +main(int argc, char **argv) +{ + krb5_context context; + krb5_error_code ret; + char *p1, *p2, *p3; + const char *p; + + setprogname(argv[0]); + + ret = krb5_init_context(&context); + if (ret) + errx (1, "krb5_init_context failed: %d", ret); + + p = krb5_cc_default_name(context); + if (p == NULL) + krb5_errx (context, 1, "krb5_cc_default_name 1 failed"); + p1 = estrdup(p); + + ret = krb5_cc_set_default_name(context, NULL); + if (p == NULL) + krb5_errx (context, 1, "krb5_cc_set_default_name failed"); + + p = krb5_cc_default_name(context); + if (p == NULL) + krb5_errx (context, 1, "krb5_cc_default_name 2 failed"); + p2 = estrdup(p); + + if (strcmp(p1, p2) != 0) + krb5_errx (context, 1, "krb5_cc_default_name no longer same"); + + ret = krb5_cc_set_default_name(context, TEST_CC_NAME); + if (p == NULL) + krb5_errx (context, 1, "krb5_cc_set_default_name 1 failed"); + + p = krb5_cc_default_name(context); + if (p == NULL) + krb5_errx (context, 1, "krb5_cc_default_name 2 failed"); + p3 = estrdup(p); + + if (strcmp(p3, TEST_CC_NAME) != 0) + krb5_errx (context, 1, "krb5_cc_set_default_name 1 failed"); + + krb5_free_context(context); + + return 0; +} diff --git a/crypto/heimdal/lib/krb5/transited.c b/crypto/heimdal/lib/krb5/transited.c index b587c63..c7732cb 100644 --- a/crypto/heimdal/lib/krb5/transited.c +++ b/crypto/heimdal/lib/krb5/transited.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: transited.c,v 1.9 2002/09/09 14:03:03 nectar Exp $"); +RCSID("$Id: transited.c,v 1.10 2003/04/16 16:11:27 lha Exp $"); /* this is an attempt at one of the most horrible `compression' schemes that has ever been invented; it's so amazingly brain-dead @@ -166,28 +166,32 @@ expand_realms(krb5_context context, for(r = realms; r; r = r->next){ if(r->trailing_dot){ char *tmp; + size_t len = strlen(r->realm) + strlen(prev_realm) + 1; + if(prev_realm == NULL) prev_realm = client_realm; - tmp = realloc(r->realm, strlen(r->realm) + strlen(prev_realm) + 1); + tmp = realloc(r->realm, len); if(tmp == NULL){ free_realms(realms); krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } r->realm = tmp; - strcat(r->realm, prev_realm); + strlcat(r->realm, prev_realm, len); }else if(r->leading_slash && !r->leading_space && prev_realm){ /* yet another exception: if you use x500-names, the leading realm doesn't have to be "quoted" with a space */ char *tmp; - tmp = malloc(strlen(r->realm) + strlen(prev_realm) + 1); + size_t len = strlen(r->realm) + strlen(prev_realm) + 1; + + tmp = malloc(len); if(tmp == NULL){ free_realms(realms); krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } - strcpy(tmp, prev_realm); - strcat(tmp, r->realm); + strlcpy(tmp, prev_realm, len); + strlcat(tmp, r->realm, len); free(r->realm); r->realm = tmp; } @@ -368,10 +372,10 @@ krb5_domain_x500_encode(char **realms, int num_realms, krb5_data *encoding) *s = '\0'; for(i = 0; i < num_realms; i++){ if(i && i < num_realms - 1) - strcat(s, ","); + strlcat(s, ",", len + 1); if(realms[i][0] == '/') - strcat(s, " "); - strcat(s, realms[i]); + strlcat(s, " ", len + 1); + strlcat(s, realms[i], len + 1); } encoding->data = s; encoding->length = strlen(s); diff --git a/crypto/heimdal/lib/krb5/verify_krb5_conf.c b/crypto/heimdal/lib/krb5/verify_krb5_conf.c index 55d8a42..6f905bf 100644 --- a/crypto/heimdal/lib/krb5/verify_krb5_conf.c +++ b/crypto/heimdal/lib/krb5/verify_krb5_conf.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -35,7 +35,7 @@ #include <getarg.h> #include <parse_bytes.h> #include <err.h> -RCSID("$Id: verify_krb5_conf.c,v 1.14 2002/08/28 15:27:19 nectar Exp $"); +RCSID("$Id: verify_krb5_conf.c,v 1.17 2003/03/29 09:52:50 lha Exp $"); /* verify krb5.conf */ @@ -119,6 +119,20 @@ check_boolean(krb5_context context, const char *path, char *data) } static int +check_524(krb5_context context, const char *path, char *data) +{ + if(strcasecmp(data, "yes") == 0 || + strcasecmp(data, "no") == 0 || + strcasecmp(data, "2b") == 0 || + strcasecmp(data, "local") == 0) + return 0; + + krb5_warnx(context, "%s: didn't contain a valid option `%s'", + path, data); + return 1; +} + +static int check_host(krb5_context context, const char *path, char *data) { int ret; @@ -168,6 +182,7 @@ struct s2i { #define L(X) { #X, LOG_ ## X } static struct s2i syslogvals[] = { + /* severity */ L(EMERG), L(ALERT), L(CRIT), @@ -176,7 +191,7 @@ static struct s2i syslogvals[] = { L(NOTICE), L(INFO), L(DEBUG), - + /* facility */ L(AUTH), #ifdef LOG_AUTHPRIV L(AUTHPRIV), @@ -263,12 +278,12 @@ check_log(krb5_context context, const char *path, char *data) strlcpy(severity, "ERR", sizeof(severity)); if(*facility == '\0') strlcpy(facility, "AUTH", sizeof(facility)); - if(find_value(severity, syslogvals) == NULL) { + if(find_value(severity, syslogvals) == -1) { krb5_warnx(context, "%s: unknown syslog facility \"%s\"", path, facility); ret++; } - if(find_value(severity, syslogvals) == NULL) { + if(find_value(severity, syslogvals) == -1) { krb5_warnx(context, "%s: unknown syslog severity \"%s\"", path, severity); ret++; @@ -337,6 +352,8 @@ struct entry libdefaults_entries[] = { }; struct entry appdefaults_entries[] = { + { "afslog", krb5_config_string, check_boolean }, + { "afs-use-524", krb5_config_string, check_524 }, { "forwardable", krb5_config_string, check_boolean }, { "proxiable", krb5_config_string, check_boolean }, { "ticket_lifetime", krb5_config_string, check_time }, @@ -481,8 +498,6 @@ check_section(krb5_context context, const char *path, krb5_config_section *cf, } if(e->name == NULL) { krb5_warnx(context, "%s: unknown entry", local); - for(e = entries; e->name != NULL; e++) - krb5_warnx(context, " %s", e->name); error |= 1; } free(local); diff --git a/crypto/heimdal/lib/krb5/warn.c b/crypto/heimdal/lib/krb5/warn.c index ec009b2..72398bf 100644 --- a/crypto/heimdal/lib/krb5/warn.c +++ b/crypto/heimdal/lib/krb5/warn.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include <err.h> -RCSID("$Id: warn.c,v 1.13 2001/05/07 21:04:34 assar Exp $"); +RCSID("$Id: warn.c,v 1.14 2003/04/16 16:13:08 lha Exp $"); static krb5_error_code _warnerr(krb5_context context, int do_errtext, krb5_error_code code, int level, const char *fmt, va_list ap) @@ -52,9 +52,9 @@ _warnerr(krb5_context context, int do_errtext, args[0] = args[1] = NULL; arg = args; if(fmt){ - strcat(xfmt, "%s"); + strlcat(xfmt, "%s", sizeof(xfmt)); if(do_errtext) - strcat(xfmt, ": "); + strlcat(xfmt, ": ", sizeof(xfmt)); vasprintf(&msg, fmt, ap); if(msg == NULL) return ENOMEM; @@ -63,7 +63,7 @@ _warnerr(krb5_context context, int do_errtext, if(context && do_errtext){ const char *err_msg; - strcat(xfmt, "%s"); + strlcat(xfmt, "%s", sizeof(xfmt)); err_str = krb5_get_error_string(context); if (err_str != NULL) { diff --git a/crypto/heimdal/lib/roken/ChangeLog b/crypto/heimdal/lib/roken/ChangeLog index 93cce29..971bc90 100644 --- a/crypto/heimdal/lib/roken/ChangeLog +++ b/crypto/heimdal/lib/roken/ChangeLog @@ -1,6 +1,54 @@ -2002-10-21 Johan Danielsson <joda@pdc.kth.se> +2003-04-22 Love <lha@stacken.kth.se> - * resolve.c: pull up 1.37; check length of txt records + * resolve.c: 1.38->1.39: copy NUL too, from janj@wenf.org via + openbsd + +2003-04-16 Love <lha@stacken.kth.se> + + * parse_units.h: remove typedef for units to avoid problems with + shadowing + + * resolve.c: use strlcpy, from openbsd + + * getcap.c: use strlcpy, from openbsd + + * getarg.3: Change .Fd #include <header.h> to .In header.h + from Thomas Klausner <wiz@netbsd.org> + +2003-04-15 Love <lha@stacken.kth.se> + + * socket.c (socket_set_tos): if setsockopt failed with EINVAL + failed, just ignore it, sock was probably a just a non AF_INET + socket + +2003-04-14 Love <lha@stacken.kth.se> + + * strncasecmp.c: cast argument to toupper to unsigned char, from + Christian Biere <christianbiere@gmx.de> via NetBSD + + * strlwr.c: cast argument to tolower to unsigned char, from + Christian Biere <christianbiere@gmx.de> via NetBSD + + * strcasecmp.c: cast argument to toupper to unsigned char, from + Christian Biere <christianbiere@gmx.de> via NetBSD + +2003-03-19 Love <lha@stacken.kth.se> + + * getarg.3: spelling, from <jmc@prioris.mini.pw.edu.pl> + +2003-03-07 Love <lha@stacken.kth.se> + + * parse_bytes.c: use struct units instead of units + + * parse_time.c: use struct units instead of units + +2003-03-04 Love <lha@stacken.kth.se> + + * roken.awk: use full prototype for main + +2002-10-15 Johan Danielsson <joda@pdc.kth.se> + + * resolve.c: check length of txt records 2002-09-10 Johan Danielsson <joda@pdc.kth.se> diff --git a/crypto/heimdal/lib/roken/Makefile.am b/crypto/heimdal/lib/roken/Makefile.am index 7b3aa0a6..a850ee8 100644 --- a/crypto/heimdal/lib/roken/Makefile.am +++ b/crypto/heimdal/lib/roken/Makefile.am @@ -1,4 +1,4 @@ -# $Id: Makefile.am,v 1.122.4.1 2002/10/21 15:03:04 joda Exp $ +# $Id: Makefile.am,v 1.122.6.1 2003/05/12 15:20:47 joda Exp $ include $(top_srcdir)/Makefile.am.common @@ -7,7 +7,7 @@ ACLOCAL_AMFLAGS = -I ../../cf CLEANFILES = roken.h make-roken.c $(XHEADERS) lib_LTLIBRARIES = libroken.la -libroken_la_LDFLAGS = -version-info 16:1:0 +libroken_la_LDFLAGS = -version-info 16:2:0 noinst_PROGRAMS = make-roken snprintf-test diff --git a/crypto/heimdal/lib/roken/Makefile.in b/crypto/heimdal/lib/roken/Makefile.in index fe8bb61..192fb3b 100644 --- a/crypto/heimdal/lib/roken/Makefile.in +++ b/crypto/heimdal/lib/roken/Makefile.in @@ -14,11 +14,11 @@ @SET_MAKE@ -# $Id: Makefile.am,v 1.122.4.1 2002/10/21 15:03:04 joda Exp $ +# $Id: Makefile.am,v 1.122.6.1 2003/05/12 15:20:47 joda Exp $ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -206,7 +207,7 @@ ACLOCAL_AMFLAGS = -I ../../cf CLEANFILES = roken.h make-roken.c $(XHEADERS) lib_LTLIBRARIES = libroken.la -libroken_la_LDFLAGS = -version-info 16:1:0 +libroken_la_LDFLAGS = -version-info 16:2:0 noinst_PROGRAMS = make-roken snprintf-test @@ -497,10 +498,10 @@ all: $(BUILT_SOURCES) .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .hin .c .lo .o .obj -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign lib/roken/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) libLTLIBRARIES_INSTALL = $(INSTALL) install-libLTLIBRARIES: $(lib_LTLIBRARIES) @@ -892,8 +893,10 @@ info: info-am info-am: -install-data-am: install-data-local install-includeHEADERS install-man \ +install-data-am: install-includeHEADERS install-man \ install-nodist_includeHEADERS + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: install-libLTLIBRARIES @$(NORMAL_INSTALL) @@ -926,7 +929,7 @@ uninstall-man: uninstall-man3 clean-noinstPROGRAMS distclean distclean-compile \ distclean-generic distclean-libtool distclean-tags distdir dvi \ dvi-am info info-am install install-am install-data \ - install-data-am install-data-local install-exec install-exec-am \ + install-data-am install-exec install-exec-am \ install-includeHEADERS install-info install-info-am \ install-libLTLIBRARIES install-man install-man3 \ install-nodist_includeHEADERS install-strip installcheck \ @@ -1061,7 +1064,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/lib/roken/getarg.3 b/crypto/heimdal/lib/roken/getarg.3 index 25e2217..e2f0412 100644 --- a/crypto/heimdal/lib/roken/getarg.3 +++ b/crypto/heimdal/lib/roken/getarg.3 @@ -1,5 +1,35 @@ -.\" Copyright (c) 1999 Kungliga Tekniska Högskolan -.\" $Id: getarg.3,v 1.4 2002/08/20 17:07:29 joda Exp $ +.\" Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: getarg.3,v 1.7 2003/04/16 13:58:24 lha Exp $ .Dd September 24, 1999 .Dt GETARG 3 .Os ROKEN @@ -8,7 +38,7 @@ .Nm arg_printusage .Nd collect command line options .Sh SYNOPSIS -.Fd #include <getarg.h> +.In getarg.h .Ft int .Fn getarg "struct getargs *args" "size_t num_args" "int argc" "char **argv" "int *optind" .Ft void @@ -109,7 +139,7 @@ the argument is a flag, and should point to a .Fa int . It gets filled in with either zero or one, depending on how the option -is given, the normal case beeing one. Note that if the option isn't +is given, the normal case being one. Note that if the option isn't given, the value isn't altered, so it should be initialised to some useful default. .It Fa arg_negative_flag diff --git a/crypto/heimdal/lib/roken/getcap.c b/crypto/heimdal/lib/roken/getcap.c index 997fabf..8a29e1f 100644 --- a/crypto/heimdal/lib/roken/getcap.c +++ b/crypto/heimdal/lib/roken/getcap.c @@ -40,7 +40,7 @@ #include <config.h> #endif #include "roken.h" -RCSID("$Id: getcap.c,v 1.7 1999/11/17 21:11:58 assar Exp $"); +RCSID("$Id: getcap.c,v 1.8 2003/04/16 16:23:36 lha Exp $"); #include <sys/types.h> #include <ctype.h> @@ -251,11 +251,12 @@ getent(char **cap, size_t *len, char **db_array, int fd, * Check if we have a top record from cgetset(). */ if (depth == 0 && toprec != NULL && cgetmatch(toprec, name) == 0) { - if ((record = malloc (topreclen + BFRAG)) == NULL) { + size_t len = topreclen + BFRAG; + if ((record = malloc (len)) == NULL) { errno = ENOMEM; return (-2); } - (void)strcpy(record, toprec); /* XXX: strcpy is safe */ + (void)strlcpy(record, toprec, len); db_p = db_array; rp = record + topreclen + 1; r_end = rp + BFRAG; diff --git a/crypto/heimdal/lib/roken/parse_bytes.c b/crypto/heimdal/lib/roken/parse_bytes.c index 7793e07..b556ddc 100644 --- a/crypto/heimdal/lib/roken/parse_bytes.c +++ b/crypto/heimdal/lib/roken/parse_bytes.c @@ -33,13 +33,13 @@ #ifdef HAVE_CONFIG_H #include <config.h> -RCSID("$Id: parse_bytes.c,v 1.3 2001/09/04 09:56:00 assar Exp $"); +RCSID("$Id: parse_bytes.c,v 1.4 2003/03/07 15:51:53 lha Exp $"); #endif #include <parse_units.h> #include "parse_bytes.h" -static units bytes_units[] = { +static struct units bytes_units[] = { { "gigabyte", 1024 * 1024 * 1024 }, { "gbyte", 1024 * 1024 * 1024 }, { "GB", 1024 * 1024 * 1024 }, @@ -52,7 +52,7 @@ static units bytes_units[] = { { NULL, 0 } }; -static units bytes_short_units[] = { +static struct units bytes_short_units[] = { { "GB", 1024 * 1024 * 1024 }, { "MB", 1024 * 1024 }, { "KB", 1024 }, diff --git a/crypto/heimdal/lib/roken/parse_time.c b/crypto/heimdal/lib/roken/parse_time.c index a09ded7..deab102 100644 --- a/crypto/heimdal/lib/roken/parse_time.c +++ b/crypto/heimdal/lib/roken/parse_time.c @@ -33,13 +33,13 @@ #ifdef HAVE_CONFIG_H #include <config.h> -RCSID("$Id: parse_time.c,v 1.5 1999/12/02 16:58:51 joda Exp $"); +RCSID("$Id: parse_time.c,v 1.6 2003/03/07 15:51:06 lha Exp $"); #endif #include <parse_units.h> #include "parse_time.h" -static units time_units[] = { +static struct units time_units[] = { {"year", 365 * 24 * 60 * 60}, {"month", 30 * 24 * 60 * 60}, {"week", 7 * 24 * 60 * 60}, diff --git a/crypto/heimdal/lib/roken/parse_units.h b/crypto/heimdal/lib/roken/parse_units.h index 29c5779..2002625 100644 --- a/crypto/heimdal/lib/roken/parse_units.h +++ b/crypto/heimdal/lib/roken/parse_units.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: parse_units.h,v 1.7 2001/09/04 09:56:00 assar Exp $ */ +/* $Id: parse_units.h,v 1.8 2003/04/16 17:30:54 lha Exp $ */ #ifndef __PARSE_UNITS_H__ #define __PARSE_UNITS_H__ @@ -44,8 +44,6 @@ struct units { unsigned mult; }; -typedef struct units units; - int parse_units (const char *s, const struct units *units, const char *def_unit); diff --git a/crypto/heimdal/lib/roken/resolve.c b/crypto/heimdal/lib/roken/resolve.c index ddecb98..cdbc069 100644 --- a/crypto/heimdal/lib/roken/resolve.c +++ b/crypto/heimdal/lib/roken/resolve.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995 - 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -45,7 +45,7 @@ #include <assert.h> -RCSID("$Id: resolve.c,v 1.36.4.1 2002/10/21 14:48:15 joda Exp $"); +RCSID("$Id: resolve.c,v 1.38.2.1 2003/04/22 15:02:47 lha Exp $"); #undef HAVE_RES_NSEARCH #if (defined(HAVE_RES_SEARCH) || defined(HAVE_RES_NSEARCH)) && defined(HAVE_DN_EXPAND) @@ -166,6 +166,8 @@ parse_record(const unsigned char *data, const unsigned char *end_data, break; case T_MX: case T_AFSDB:{ + size_t hostlen; + status = dn_expand(data, end_data, p + 2, host, sizeof(host)); if(status < 0){ free(*rr); @@ -176,17 +178,19 @@ parse_record(const unsigned char *data, const unsigned char *end_data, return -1; } + hostlen = strlen(host); (*rr)->u.mx = (struct mx_record*)malloc(sizeof(struct mx_record) + - strlen(host)); + hostlen); if((*rr)->u.mx == NULL) { free(*rr); return -1; } (*rr)->u.mx->preference = (p[0] << 8) | p[1]; - strcpy((*rr)->u.mx->domain, host); + strlcpy((*rr)->u.mx->domain, host, hostlen + 1); break; } case T_SRV:{ + size_t hostlen; status = dn_expand(data, end_data, p + 6, host, sizeof(host)); if(status < 0){ free(*rr); @@ -197,9 +201,10 @@ parse_record(const unsigned char *data, const unsigned char *end_data, return -1; } + hostlen = strlen(host); (*rr)->u.srv = (struct srv_record*)malloc(sizeof(struct srv_record) + - strlen(host)); + hostlen); if((*rr)->u.srv == NULL) { free(*rr); return -1; @@ -207,7 +212,7 @@ parse_record(const unsigned char *data, const unsigned char *end_data, (*rr)->u.srv->priority = (p[0] << 8) | p[1]; (*rr)->u.srv->weight = (p[2] << 8) | p[3]; (*rr)->u.srv->port = (p[4] << 8) | p[5]; - strcpy((*rr)->u.srv->target, host); + strlcpy((*rr)->u.srv->target, host, hostlen + 1); break; } case T_TXT:{ @@ -247,7 +252,7 @@ parse_record(const unsigned char *data, const unsigned char *end_data, break; } case T_SIG : { - size_t sig_len; + size_t sig_len, hostlen; if(size <= 18) { free(*rr); @@ -269,8 +274,9 @@ parse_record(const unsigned char *data, const unsigned char *end_data, don't you just love C? */ sig_len = size - 18 - status; + hostlen = strlen(host); (*rr)->u.sig = malloc(sizeof(*(*rr)->u.sig) - + strlen(host) + sig_len); + + hostlen + sig_len); if ((*rr)->u.sig == NULL) { free(*rr); return -1; @@ -288,7 +294,7 @@ parse_record(const unsigned char *data, const unsigned char *end_data, (*rr)->u.sig->sig_len = sig_len; memcpy ((*rr)->u.sig->sig_data, p + 18 + status, sig_len); (*rr)->u.sig->signer = &(*rr)->u.sig->sig_data[sig_len]; - strcpy((*rr)->u.sig->signer, host); + strlcpy((*rr)->u.sig->signer, host, hostlen + 1); break; } diff --git a/crypto/heimdal/lib/roken/roken.awk b/crypto/heimdal/lib/roken/roken.awk index b6a181c..1c1e0c0 100644 --- a/crypto/heimdal/lib/roken/roken.awk +++ b/crypto/heimdal/lib/roken/roken.awk @@ -1,4 +1,4 @@ -# $Id: roken.awk,v 1.8 2002/09/10 20:05:55 joda Exp $ +# $Id: roken.awk,v 1.9 2003/03/04 10:37:26 lha Exp $ BEGIN { print "#ifdef HAVE_CONFIG_H" @@ -6,7 +6,7 @@ BEGIN { print "#endif" print "#include <stdio.h>" print "" - print "int main()" + print "int main(int argc, char **argv)" print "{" print "puts(\"/* This is an OS dependent, generated file */\");" print "puts(\"\\n\");" diff --git a/crypto/heimdal/lib/roken/snprintf.c b/crypto/heimdal/lib/roken/snprintf.c index 1a3b7be..5e4b85e9 100644 --- a/crypto/heimdal/lib/roken/snprintf.c +++ b/crypto/heimdal/lib/roken/snprintf.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995-2002 Kungliga Tekniska Högskolan + * Copyright (c) 1995-2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include <config.h> -RCSID("$Id: snprintf.c,v 1.34 2002/04/18 08:50:57 joda Exp $"); +RCSID("$Id: snprintf.c,v 1.35 2003/03/26 10:05:48 joda Exp $"); #endif #include <stdio.h> #include <stdarg.h> @@ -338,6 +338,8 @@ xyzprintf (struct snprintf_state *state, const char *char_format, va_list ap) flags |= alternate_flag; else if(c == '0') flags |= zero_flag; + else if(c == '\'') + ; /* just ignore */ else break; } diff --git a/crypto/heimdal/lib/roken/socket.c b/crypto/heimdal/lib/roken/socket.c index ad124fd..bd67013 100644 --- a/crypto/heimdal/lib/roken/socket.c +++ b/crypto/heimdal/lib/roken/socket.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include <config.h> -RCSID("$Id: socket.c,v 1.7 2001/09/03 12:04:23 joda Exp $"); +RCSID("$Id: socket.c,v 1.8 2003/04/15 03:26:51 lha Exp $"); #endif #include <roken.h> @@ -270,7 +270,8 @@ socket_set_tos (int sock, int tos) { #if defined(IP_TOS) && defined(HAVE_SETSOCKOPT) if (setsockopt (sock, IPPROTO_IP, IP_TOS, (void *) &tos, sizeof (int)) < 0) - warn ("setsockopt TOS (ignored)"); + if (errno != EINVAL) + warn ("setsockopt TOS (ignored)"); #endif } diff --git a/crypto/heimdal/lib/roken/strcasecmp.c b/crypto/heimdal/lib/roken/strcasecmp.c index b5e20e7..cde5b3b 100644 --- a/crypto/heimdal/lib/roken/strcasecmp.c +++ b/crypto/heimdal/lib/roken/strcasecmp.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include <config.h> -RCSID("$Id: strcasecmp.c,v 1.9 1999/12/02 16:58:52 joda Exp $"); +RCSID("$Id: strcasecmp.c,v 1.10 2003/04/14 11:26:27 lha Exp $"); #endif #include <string.h> @@ -46,13 +46,13 @@ RCSID("$Id: strcasecmp.c,v 1.9 1999/12/02 16:58:52 joda Exp $"); int strcasecmp(const char *s1, const char *s2) { - while(toupper(*s1) == toupper(*s2)) { + while(toupper((unsigned char)*s1) == toupper((unsigned char)*s2)) { if(*s1 == '\0') return 0; s1++; s2++; } - return toupper(*s1) - toupper(*s2); + return toupper((unsigned char)*s1) - toupper((unsigned char)*s2); } #endif diff --git a/crypto/heimdal/lib/roken/strlwr.c b/crypto/heimdal/lib/roken/strlwr.c index cb36789..f2c6a9f 100644 --- a/crypto/heimdal/lib/roken/strlwr.c +++ b/crypto/heimdal/lib/roken/strlwr.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include <config.h> -RCSID("$Id: strlwr.c,v 1.4 1999/12/02 16:58:53 joda Exp $"); +RCSID("$Id: strlwr.c,v 1.5 2003/04/14 11:44:34 lha Exp $"); #endif #include <string.h> #include <ctype.h> @@ -47,7 +47,7 @@ strlwr(char *str) char *s; for(s = str; *s; s++) - *s = tolower(*s); + *s = tolower((unsigned char)*s); return str; } #endif diff --git a/crypto/heimdal/lib/roken/strncasecmp.c b/crypto/heimdal/lib/roken/strncasecmp.c index 7c6474f..a08d9e8 100644 --- a/crypto/heimdal/lib/roken/strncasecmp.c +++ b/crypto/heimdal/lib/roken/strncasecmp.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include <config.h> -RCSID("$Id: strncasecmp.c,v 1.2 1999/12/02 16:58:53 joda Exp $"); +RCSID("$Id: strncasecmp.c,v 1.3 2003/04/14 11:46:04 lha Exp $"); #endif #include <string.h> @@ -45,7 +45,9 @@ RCSID("$Id: strncasecmp.c,v 1.2 1999/12/02 16:58:53 joda Exp $"); int strncasecmp(const char *s1, const char *s2, size_t n) { - while(n > 0 && toupper(*s1) == toupper(*s2)) { + while(n > 0 + && toupper((unsigned char)*s1) == toupper((unsigned char)*s2)) + { if(*s1 == '\0') return 0; s1++; @@ -54,7 +56,7 @@ strncasecmp(const char *s1, const char *s2, size_t n) } if(n == 0) return 0; - return toupper(*s1) - toupper(*s2); + return toupper((unsigned char)*s1) - toupper((unsigned char)*s2); } #endif diff --git a/crypto/heimdal/lib/roken/strupr.c b/crypto/heimdal/lib/roken/strupr.c index 96dd042..9d136e0 100644 --- a/crypto/heimdal/lib/roken/strupr.c +++ b/crypto/heimdal/lib/roken/strupr.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include <config.h> -RCSID("$Id: strupr.c,v 1.4 1999/12/02 16:58:53 joda Exp $"); +RCSID("$Id: strupr.c,v 1.5 2003/04/14 11:46:41 lha Exp $"); #endif #include <string.h> #include <ctype.h> @@ -47,7 +47,7 @@ strupr(char *str) char *s; for(s = str; *s; s++) - *s = toupper(*s); + *s = toupper((unsigned char)*s); return str; } #endif diff --git a/crypto/heimdal/lib/sl/Makefile.in b/crypto/heimdal/lib/sl/Makefile.in index df8b225..b4ed976 100644 --- a/crypto/heimdal/lib/sl/Makefile.in +++ b/crypto/heimdal/lib/sl/Makefile.in @@ -18,7 +18,7 @@ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -245,8 +246,8 @@ libsl_la_DEPENDENCIES = am_libsl_la_OBJECTS = sl.lo $(am__objects_8) libsl_la_OBJECTS = $(am_libsl_la_OBJECTS) libss_la_DEPENDENCIES = -am__objects_16 = sl.lo $(am__objects_8) -am_libss_la_OBJECTS = $(am__objects_16) ss.lo +am__objects_17 = sl.lo $(am__objects_8) +am_libss_la_OBJECTS = $(am__objects_17) ss.lo libss_la_OBJECTS = $(am_libss_la_OBJECTS) bin_PROGRAMS = mk_cmds$(EXEEXT) PROGRAMS = $(bin_PROGRAMS) @@ -287,10 +288,10 @@ all: all-am .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .l .lo .o .obj .y -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign lib/sl/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) libLTLIBRARIES_INSTALL = $(INSTALL) install-libLTLIBRARIES: $(lib_LTLIBRARIES) @@ -554,8 +555,9 @@ info: info-am info-am: -install-data-am: install-data-local install-includeHEADERS \ - install-ssincludeHEADERS +install-data-am: install-includeHEADERS install-ssincludeHEADERS + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: install-binPROGRAMS install-libLTLIBRARIES @$(NORMAL_INSTALL) @@ -585,7 +587,7 @@ uninstall-am: uninstall-binPROGRAMS uninstall-includeHEADERS \ clean-libtool distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am info \ info-am install install-am install-binPROGRAMS install-data \ - install-data-am install-data-local install-exec install-exec-am \ + install-data-am install-exec install-exec-am \ install-includeHEADERS install-info install-info-am \ install-libLTLIBRARIES install-man install-ssincludeHEADERS \ install-strip installcheck installcheck-am installdirs \ @@ -719,7 +721,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/lib/vers/ChangeLog b/crypto/heimdal/lib/vers/ChangeLog index ddc3d07..f5a869d 100644 --- a/crypto/heimdal/lib/vers/ChangeLog +++ b/crypto/heimdal/lib/vers/ChangeLog @@ -1,3 +1,10 @@ +2003-01-02 Johan Danielsson <joda@pdc.kth.se> + + * print_version.c: considerable clean up + + * make-print-version.c: make VERSIONLIST a string instead of an + array of strings + 2002-08-28 Assar Westerlund <assar@kth.se> * Makefile.am (make_print_version_LDADD): do not hardcode -ldes, diff --git a/crypto/heimdal/lib/vers/Makefile.in b/crypto/heimdal/lib/vers/Makefile.in index 294d056..949bd72 100644 --- a/crypto/heimdal/lib/vers/Makefile.in +++ b/crypto/heimdal/lib/vers/Makefile.in @@ -18,7 +18,7 @@ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -256,10 +257,10 @@ all: all-am .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign lib/vers/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) clean-noinstLTLIBRARIES: @@ -412,7 +413,9 @@ info: info-am info-am: -install-data-am: install-data-local +install-data-am: + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: @$(NORMAL_INSTALL) @@ -440,9 +443,9 @@ uninstall-am: uninstall-info-am clean-noinstPROGRAMS distclean distclean-compile \ distclean-generic distclean-libtool distclean-tags distdir dvi \ dvi-am info info-am install install-am install-data \ - install-data-am install-data-local install-exec install-exec-am \ - install-info install-info-am install-man install-strip \ - installcheck installcheck-am installdirs maintainer-clean \ + install-data-am install-exec install-exec-am install-info \ + install-info-am install-man install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool tags uninstall \ uninstall-am uninstall-info-am @@ -571,7 +574,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/lib/vers/make-print-version.c b/crypto/heimdal/lib/vers/make-print-version.c index 6102e75..eab167d 100644 --- a/crypto/heimdal/lib/vers/make-print-version.c +++ b/crypto/heimdal/lib/vers/make-print-version.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1998 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include <config.h> -RCSID("$Id: make-print-version.c,v 1.2 2000/07/08 10:46:36 assar Exp $"); +RCSID("$Id: make-print-version.c,v 1.3 2003/01/02 15:31:38 joda Exp $"); #endif #include <stdio.h> @@ -55,14 +55,17 @@ main(int argc, char **argv) f = fopen(argv[1], "w"); if(f == NULL) return 1; - fprintf(f, "#define VERSIONLIST { "); + fprintf(f, "#define VERSIONLIST \""); #ifdef KRB5 - fprintf(f, "\"%s\", ", heimdal_version); + fprintf(f, "%s", heimdal_version); #endif #ifdef KRB4 - fprintf(f, "\"%s\", ", krb4_version); +#ifdef KRB5 + fprintf(f, ", "); +#endif + fprintf(f, "%s", krb4_version); #endif - fprintf(f, "}\n"); + fprintf(f, "\"\n"); fclose(f); return 0; } diff --git a/crypto/heimdal/lib/vers/print_version.c b/crypto/heimdal/lib/vers/print_version.c index 15919ac..2376c81 100644 --- a/crypto/heimdal/lib/vers/print_version.c +++ b/crypto/heimdal/lib/vers/print_version.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998 - 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1998 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include <config.h> -RCSID("$Id: print_version.c,v 1.5 2002/08/19 15:57:49 joda Exp $"); +RCSID("$Id: print_version.c,v 1.6 2003/01/02 15:32:50 joda Exp $"); #endif #include "roken.h" @@ -42,38 +42,14 @@ RCSID("$Id: print_version.c,v 1.5 2002/08/19 15:57:49 joda Exp $"); void print_version(const char *progname) { - const char *arg[] = VERSIONLIST; - const int num_args = sizeof(arg) / sizeof(arg[0]); - char *msg; - size_t len = 0; - int i; + const char *package_list = VERSIONLIST; if(progname == NULL) progname = getprogname(); - if(num_args == 0) - msg = "no version information"; - else { - for(i = 0; i < num_args; i++) { - if(i > 0) - len += 2; - len += strlen(arg[i]); - } - msg = malloc(len + 1); - if(msg == NULL) { - fprintf(stderr, "%s: out of memory\n", progname); - return; - } - msg[0] = '\0'; - for(i = 0; i < num_args; i++) { - if(i > 0) - strcat(msg, ", "); - strcat(msg, arg[i]); - } - } - fprintf(stderr, "%s (%s)\n", progname, msg); - fprintf(stderr, "Copyright (c) 1999-2002 Kungliga Tekniska Högskolan\n"); + if(*package_list == '\0') + package_list = "no version information"; + fprintf(stderr, "%s (%s)\n", progname, package_list); + fprintf(stderr, "Copyright 1999-2003 Kungliga Tekniska Högskolan\n"); fprintf(stderr, "Send bug-reports to %s\n", PACKAGE_BUGREPORT); - if(num_args != 0) - free(msg); } |
