Vendor import of Heimdal 0.2p

author: markm <markm@FreeBSD.org> 2000-02-24 11:28:20 +0000
committer: markm <markm@FreeBSD.org> 2000-02-24 11:28:20 +0000
commit: 5ed96cd5daa48af752db4781418f32f9258cce94 (patch)
tree: cbf6e4300b6d10326e92349d0f71b9054f47c4f2 /crypto/heimdal/lib
parent: 69414e22b995b6d161fc19bcab66823585f1d394 (diff)
download: FreeBSD-src-5ed96cd5daa48af752db4781418f32f9258cce94.zip
FreeBSD-src-5ed96cd5daa48af752db4781418f32f9258cce94.tar.gz
10 files changed, 406 insertions, 183 deletions
diff --git a/crypto/heimdal/lib/auth/pam/pam.c b/crypto/heimdal/lib/auth/pam/pam.c
index d919bf8..1a385e0 100644
--- a/crypto/heimdal/lib/auth/pam/pam.c
+++ b/crypto/heimdal/lib/auth/pam/pam.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -31,13 +31,9 @@
  * SUCH DAMAGE.
  */
 
-/* This code is extremely ugly, and would probably be better off
-   beeing completely rewritten */
-
-
 #ifdef HAVE_CONFIG_H
 #include<config.h>
-RCSID("$Id: pam.c,v 1.22 1999/12/02 16:58:37 joda Exp $");
+RCSID("$Id: pam.c,v 1.24 2000/02/18 14:33:06 bg Exp $");
 #endif
 
 #include <stdio.h>
@@ -46,198 +42,384 @@ RCSID("$Id: pam.c,v 1.22 1999/12/02 16:58:37 joda Exp $");
 #include <pwd.h>
 #include <unistd.h>
 #include <sys/types.h>
+#include <syslog.h>
 
-#define PAM_SM_AUTH
-#define PAM_SM_SESSION
 #include <security/pam_appl.h>
 #include <security/pam_modules.h>
+#ifndef PAM_AUTHTOK_RECOVERY_ERR /* Fix linsux typo. */
+#define PAM_AUTHTOK_RECOVERY_ERR PAM_AUTHTOK_RECOVER_ERR
+#endif
 
 #include <netinet/in.h>
 #include <krb.h>
 #include <kafs.h>
 
-static int
-cleanup(pam_handle_t *pamh, void *data, int error_code)
+#if 0
+/* Debugging PAM modules is a royal pain, truss helps. */
+#define DEBUG(msg) (access(msg " at line", __LINE__))
+#endif
+
+static void
+log_error(int level, const char *format, ...)
 {
-    if(error_code != PAM_SUCCESS)
-	dest_tkt();
-    free(data);
-    return PAM_SUCCESS;
+  va_list args;
+  va_start(args, format);
+  openlog("pam_krb4", LOG_CONS|LOG_PID, LOG_AUTH);
+  vsyslog(level | LOG_AUTH, format, args);
+  va_end(args);
+  closelog();
 }
 
-static int
-doit(pam_handle_t *pamh, char *name, char *inst, char *pwd, char *tkt)
+enum {
+  KRB4_DEBUG,
+  KRB4_USE_FIRST_PASS,
+  KRB4_TRY_FIRST_PASS,
+  KRB4_IGNORE_ROOT,
+  KRB4_NO_VERIFY,
+  KRB4_REAFSLOG,
+  KRB4_CTRLS			/* Number of ctrl arguments defined. */
+};
+
+#define KRB4_DEFAULTS  0
+
+static int ctrl_flags = KRB4_DEFAULTS;
+#define ctrl_on(x)  (krb4_args[x].flag & ctrl_flags)
+#define ctrl_off(x) (!ctrl_on(x))
+
+typedef struct
 {
-    char realm[REALM_SZ];
-    int ret;
-
-    pam_set_data(pamh, "KRBTKFILE", strdup(tkt), cleanup);
-    krb_set_tkt_string(tkt);
-	
-    krb_get_lrealm(realm, 1);
-    ret = krb_verify_user(name, inst, realm, pwd, KRB_VERIFY_SECURE, NULL);
-    memset(pwd, 0, strlen(pwd));
-    switch(ret){
-    case KSUCCESS:
-	return PAM_SUCCESS;
-    case KDC_PR_UNKNOWN:
-	return PAM_USER_UNKNOWN;
-    case SKDC_CANT:
-    case SKDC_RETRY:
-    case RD_AP_TIME:
-	return PAM_AUTHINFO_UNAVAIL;
-    default:
-	return PAM_AUTH_ERR;
+  const char *token;
+  unsigned int flag;
+} krb4_ctrls_t;
+
+static krb4_ctrls_t krb4_args[KRB4_CTRLS] =
+{
+  /* KRB4_DEBUG          */ { "debug",          0x01 },
+  /* KRB4_USE_FIRST_PASS */ { "use_first_pass", 0x02 },
+  /* KRB4_TRY_FIRST_PASS */ { "try_first_pass", 0x04 },
+  /* KRB4_IGNORE_ROOT    */ { "ignore_root",    0x08 },
+  /* KRB4_NO_VERIFY      */ { "no_verify",      0x10 },
+  /* KRB4_REAFSLOG       */ { "reafslog",       0x20 },
+};
+
+static void
+parse_ctrl(int argc, const char **argv)
+{
+  int i, j;
+
+  ctrl_flags = KRB4_DEFAULTS;
+  for (i = 0; i < argc; i++)
+    {
+      for (j = 0; j < KRB4_CTRLS; j++)
+	if (strcmp(argv[i], krb4_args[j].token) == 0)
+	  break;
+    
+      if (j >= KRB4_CTRLS)
+	log_error(LOG_ALERT, "unrecognized option [%s]", *argv);
+      else
+	ctrl_flags |= krb4_args[j].flag;
     }
 }
 
-static int
-auth_login(pam_handle_t *pamh, int flags, char *user, struct pam_conv *conv)
+static void
+pdeb(const char *format, ...)
 {
-    int ret;
-    struct pam_message msg, *pmsg;
-    struct pam_response *resp;
-    char prompt[128];
-
-    pmsg = &msg;
-    msg.msg_style = PAM_PROMPT_ECHO_OFF;
-    snprintf(prompt, sizeof(prompt), "%s's Password: ", user);
-    msg.msg = prompt;
-
-    ret = conv->conv(1, (const struct pam_message**)&pmsg, 
-		     &resp, conv->appdata_ptr);
-    if(ret != PAM_SUCCESS)
-	return ret;
-    
+  va_list args;
+  if (ctrl_off(KRB4_DEBUG))
+    return;
+  va_start(args, format);
+  openlog("pam_krb4", LOG_PID, LOG_AUTH);
+  vsyslog(LOG_DEBUG | LOG_AUTH, format, args);
+  va_end(args);
+  closelog();
+}
+
+#define ENTRY(f) pdeb("%s() ruid = %d euid = %d", f, getuid(), geteuid())
+
+static void
+set_tkt_string(uid_t uid)
+{
+  char buf[128];
+
+  snprintf(buf, sizeof(buf), "%s%u", TKT_ROOT, (unsigned)uid);
+  krb_set_tkt_string(buf);
+
+#if 0
+  /* pam_set_data+pam_get_data are not guaranteed to work, grr. */
+  pam_set_data(pamh, "KRBTKFILE", strdup(t), cleanup);
+  if (pam_get_data(pamh, "KRBTKFILE", (const void**)&tkt) == PAM_SUCCESS)
     {
-	char tkt[1024];
-	struct passwd *pw = getpwnam(user);
-
-	if(pw){
-	    snprintf(tkt, sizeof(tkt),
-		     "%s%u", TKT_ROOT, (unsigned)pw->pw_uid);
-	    ret = doit(pamh, user, "", resp->resp, tkt);
-	    if(ret == PAM_SUCCESS)
-		chown(tkt, pw->pw_uid, pw->pw_gid);
-	}else
-	    ret = PAM_USER_UNKNOWN;
-	memset(resp->resp, 0, strlen(resp->resp));
-	free(resp->resp);
-	free(resp);
+      pam_putenv(pamh, var);
+    }
+#endif
+
+  /* We don't want to inherit this variable.
+   * If we still do, it must have a sane value. */
+  if (getenv("KRBTKFILE") != 0)
+    {
+      char *var = malloc(sizeof(buf));
+      snprintf(var, sizeof(buf), "KRBTKFILE=%s", tkt_string());
+      putenv(var);
+      /* free(var); XXX */
     }
-    return ret;
 }
 
 static int
-auth_su(pam_handle_t *pamh, int flags, char *user, struct pam_conv *conv)
+verify_pass(pam_handle_t *pamh,
+	    const char *name,
+	    const char *inst,
+	    const char *pass)
 {
-    int ret;
-    struct passwd *pw;
-    struct pam_message msg, *pmsg;
-    struct pam_response *resp;
-    char prompt[128];
-    krb_principal pr;
-    
-    pr.realm[0] = 0;
-    ret = pam_get_user(pamh, &user, "login: ");
-    if(ret != PAM_SUCCESS)
-	return ret;
-    
-    pw = getpwuid(getuid());
-    if(strcmp(user, "root") == 0){
-	strlcpy(pr.name, pw->pw_name, sizeof(pr.name));
-	strlcpy(pr.instance, "root", sizeof(pr.instance));
-    }else{
-	strlcpy(pr.name, user, sizeof(pr.name));
-	pr.instance[0] = 0;
+  char realm[REALM_SZ];
+  int ret, krb_verify, old_euid, old_ruid;
+
+  krb_get_lrealm(realm, 1);
+  if (ctrl_on(KRB4_NO_VERIFY))
+    krb_verify = KRB_VERIFY_SECURE_FAIL;
+  else
+    krb_verify = KRB_VERIFY_SECURE;
+  old_ruid = getuid();
+  old_euid = geteuid();
+  setreuid(0, 0);
+  ret = krb_verify_user(name, inst, realm, pass, krb_verify, NULL);
+  if (setreuid(old_ruid, old_euid) != 0)
+    {
+      log_error(LOG_ALERT , "setreuid(%d, %d) failed", old_ruid, old_euid);
+      exit(1);
     }
-    pmsg = &msg;
-    msg.msg_style = PAM_PROMPT_ECHO_OFF;
-    snprintf(prompt, sizeof(prompt), "%s's Password: ", krb_unparse_name(&pr));
-    msg.msg = prompt;
-
-    ret = conv->conv(1, (const struct pam_message**)&pmsg, 
-		     &resp, conv->appdata_ptr);
-    if(ret != PAM_SUCCESS)
-	return ret;
     
+  switch(ret) {
+  case KSUCCESS:
+    return PAM_SUCCESS;
+  case KDC_PR_UNKNOWN:
+    return PAM_USER_UNKNOWN;
+  case SKDC_CANT:
+  case SKDC_RETRY:
+  case RD_AP_TIME:
+    return PAM_AUTHINFO_UNAVAIL;
+  default:
+    return PAM_AUTH_ERR;
+  }
+}
+
+static int
+krb4_auth(pam_handle_t *pamh,
+	  int flags,
+	  const char *name,
+	  const char *inst,
+	  struct pam_conv *conv)
+{
+  struct pam_response *resp;
+  char prompt[128];
+  struct pam_message msg, *pmsg = &msg;
+  int ret;
+
+  if (ctrl_on(KRB4_TRY_FIRST_PASS) || ctrl_on(KRB4_USE_FIRST_PASS))
     {
-	char tkt[1024];
-
-	snprintf(tkt, sizeof(tkt),"%s_%s_to_%s",
-		 TKT_ROOT, pw->pw_name, user);
-	ret = doit(pamh, pr.name, pr.instance, resp->resp, tkt);
-	if(ret == PAM_SUCCESS)
-	    chown(tkt, pw->pw_uid, pw->pw_gid);
-	memset(resp->resp, 0, strlen(resp->resp));
-	free(resp->resp);
-	free(resp);
+      char *pass = 0;
+      ret = pam_get_item(pamh, PAM_AUTHTOK, (void **) &pass);
+      if (ret != PAM_SUCCESS)
+        {
+          log_error(LOG_ERR , "pam_get_item returned error to get-password");
+          return ret;
+        }
+      else if (pass != 0 && verify_pass(pamh, name, inst, pass) == PAM_SUCCESS)
+	return PAM_SUCCESS;
+      else if (ctrl_on(KRB4_USE_FIRST_PASS))
+	return PAM_AUTHTOK_RECOVERY_ERR;       /* Wrong password! */
+      else
+	/* We tried the first password but it didn't work, cont. */;
     }
+
+  msg.msg_style = PAM_PROMPT_ECHO_OFF;
+  if (*inst == 0)
+    snprintf(prompt, sizeof(prompt), "%s's Password: ", name);
+  else
+    snprintf(prompt, sizeof(prompt), "%s.%s's Password: ", name, inst);
+  msg.msg = prompt;
+
+  ret = conv->conv(1, &pmsg, &resp, conv->appdata_ptr);
+  if (ret != PAM_SUCCESS)
     return ret;
+
+  ret = verify_pass(pamh, name, inst, resp->resp);
+  if (ret == PAM_SUCCESS)
+    {
+      memset(resp->resp, 0, strlen(resp->resp)); /* Erase password! */
+      free(resp->resp);
+      free(resp);
+    }
+  else
+    {
+      pam_set_item(pamh, PAM_AUTHTOK, resp->resp); /* Save password. */
+      /* free(resp->resp); XXX */
+      /* free(resp); XXX */
+    }
+  
+  return ret;
 }
 
 int
-pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
+pam_sm_authenticate(pam_handle_t *pamh,
+		    int flags,
+		    int argc,
+		    const char **argv)
 {
-    char *user;
-    int ret;
-    struct pam_conv *conv;
-    ret = pam_get_user(pamh, &user, "login: ");
-    if(ret != PAM_SUCCESS)
-	return ret;
+  char *user;
+  int ret;
+  struct pam_conv *conv;
+  struct passwd *pw;
+  uid_t uid = -1;
+  const char *name, *inst;
+
+  parse_ctrl(argc, argv);
+  ENTRY("pam_sm_authenticate");
 
-    ret = pam_get_item(pamh, PAM_CONV, (void*)&conv);
-    if(ret != PAM_SUCCESS)
-	return ret;
+  ret = pam_get_user(pamh, &user, "login: ");
+  if (ret != PAM_SUCCESS)
+    return ret;
 
+  if (ctrl_on(KRB4_IGNORE_ROOT) && strcmp(user, "root") == 0)
+    return PAM_AUTHINFO_UNAVAIL;
+
+  ret = pam_get_item(pamh, PAM_CONV, (void*)&conv);
+  if (ret != PAM_SUCCESS)
+    return ret;
+
+  pw = getpwnam(user);
+  if (pw != 0)
+    {
+      uid = pw->pw_uid;
+      set_tkt_string(uid);
+    }
     
-    if(getuid() != geteuid())
-	return auth_su(pamh, flags, user, conv);
-    else
-	return auth_login(pamh, flags, user, conv);
+  if (strcmp(user, "root") == 0 && getuid() != 0)
+    {
+      pw = getpwuid(getuid());
+      if (pw != 0)
+	{
+	  name = strdup(pw->pw_name);
+	  inst = "root";
+	}
+    }
+  else
+    {
+      name = user;
+      inst = "";
+    }
+
+  ret = krb4_auth(pamh, flags, name, inst, conv);
+
+  /*
+   * The realm was lost inside krb_verify_user() so we can't simply do
+   * a krb_kuserok() when inst != "".
+   */
+  if (ret == PAM_SUCCESS && inst[0] != 0)
+    {
+      char realm[REALM_SZ];
+      uid_t old_euid = geteuid();
+      uid_t old_ruid = getuid();
+
+      realm[0] = 0;
+      setreuid(0, 0);		/* To read ticket file. */
+      if (krb_get_tf_fullname(tkt_string(), 0, 0, realm) != KSUCCESS)
+	ret = PAM_SERVICE_ERR;
+      else if (krb_kuserok(name, inst, realm, user) != KSUCCESS)
+	{
+	  setreuid(0, uid);	/*  To read ~/.klogin. */
+	  if (krb_kuserok(name, inst, realm, user) != KSUCCESS)
+	    ret = PAM_PERM_DENIED;
+	}
+
+      if (ret != PAM_SUCCESS)
+	{
+	  dest_tkt();		/* Passwd known, ok to kill ticket. */
+	  log_error(LOG_NOTICE,
+		    "%s.%s@%s is not allowed to log in as %s",
+		    name, inst, realm, user);
+	}
+
+      if (setreuid(old_ruid, old_euid) != 0)
+	{
+	  log_error(LOG_ALERT , "setreuid(%d, %d) failed", old_ruid, old_euid);
+	  exit(1);
+	}
+    }
+
+  if (ret == PAM_SUCCESS)
+    chown(tkt_string(), uid, -1);
+
+  /* Sun dtlogin unlock screen does not call any other pam_* funcs. */
+  if (ret == PAM_SUCCESS
+      && ctrl_on(KRB4_REAFSLOG)
+      && k_hasafs()
+      && (pw = getpwnam(user)) != 0)
+    krb_afslog_uid_home(/*cell*/ 0,/*realm_hint*/ 0, pw->pw_uid, pw->pw_dir);
+
+  return ret;
 }
 
 int 
 pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
 {
-    return PAM_SUCCESS;
-}
+  parse_ctrl(argc, argv);
+  ENTRY("pam_sm_setcred");
+  pdeb("flags = 0x%x", flags);
 
+  switch (flags & ~PAM_SILENT) {
+  case 0:
+  case PAM_ESTABLISH_CRED:
+    if (k_hasafs())
+      k_setpag();
+    /* Fill PAG with credentials below. */
+  case PAM_REINITIALIZE_CRED:
+  case PAM_REFRESH_CRED:
+    if (k_hasafs())
+      {
+	void *user = 0;
+
+	if (pam_get_item(pamh, PAM_USER, &user) == PAM_SUCCESS)
+	  {
+	    struct passwd *pw = getpwnam((char *)user);
+	    if (pw != 0)
+	      krb_afslog_uid_home(/*cell*/ 0,/*realm_hint*/ 0,
+				  pw->pw_uid, pw->pw_dir);
+	  }
+      }
+    break;
+  case PAM_DELETE_CRED:
+    dest_tkt();
+    if (k_hasafs())
+      k_unlog();
+    break;
+  default:
+    log_error(LOG_ALERT , "pam_sm_setcred: unknown flags 0x%x", flags);
+    break;
+  }
+  
+  return PAM_SUCCESS;
+}
 
 int
 pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
 {
-    char *tkt, *var;
-    void *user;
-    const char *homedir = NULL;
-
-    if(pam_get_item (pamh, PAM_USER, &user) == PAM_SUCCESS) {
-	struct passwd *pwd;
+  parse_ctrl(argc, argv);
+  ENTRY("pam_sm_open_session");
 
-	pwd = getpwnam ((char *)user);
-	if (pwd != NULL)
-	    homedir = pwd->pw_dir;
-    }
-
-    pam_get_data(pamh, "KRBTKFILE", (const void**)&tkt);
-    var = malloc(strlen("KRBTKFILE=") + strlen(tkt) + 1);
-    strcpy(var, "KRBTKFILE=");
-    strcat(var, tkt);
-    putenv(var);
-    pam_putenv(pamh, var);
-    if(k_hasafs()){
-	k_setpag();
-	krb_afslog_home(0, 0, homedir);
-    }
-    return PAM_SUCCESS;
+  return PAM_SUCCESS;
 }
 
 
 int
-pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
+pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char**argv)
 {
-    dest_tkt();
-    if(k_hasafs())
-	k_unlog();
-    return PAM_SUCCESS;
+  parse_ctrl(argc, argv);
+  ENTRY("pam_sm_close_session");
+
+  /* This isn't really kosher, but it's handy. */
+  dest_tkt();
+  if (k_hasafs())
+    k_unlog();
+
+  return PAM_SUCCESS;
 }
diff --git a/crypto/heimdal/lib/auth/pam/pam.conf.add b/crypto/heimdal/lib/auth/pam/pam.conf.add
index 42497d2..64a4915 100644
--- a/crypto/heimdal/lib/auth/pam/pam.conf.add
+++ b/crypto/heimdal/lib/auth/pam/pam.conf.add
@@ -1,8 +1,8 @@
 To enable PAM in dtlogin and /bin/login under SunOS 5.6 apply this patch:
 
 --- /etc/pam.conf.DIST	Mon Jul 20 15:37:46 1998
-+++ /etc/pam.conf	Tue Nov 30 18:47:22 1999
-@@ -4,12 +4,14 @@
++++ /etc/pam.conf	Tue Feb 15 19:39:12 2000
+@@ -4,15 +4,19 @@
  #
  # Authentication management
  #
@@ -17,12 +17,17 @@ To enable PAM in dtlogin and /bin/login under SunOS 5.6 apply this patch:
  dtlogin	auth required 	/usr/lib/security/pam_unix.so.1 
  #
  rsh	auth required	/usr/lib/security/pam_rhosts_auth.so.1
-@@ -24,6 +26,8 @@
++# Reafslog is for dtlogin lock display
++other	auth sufficient	/usr/athena/lib/pam_krb4.so reafslog
+ other	auth required	/usr/lib/security/pam_unix.so.1
+ #
+ # Account management
+@@ -24,6 +28,8 @@
  #
  # Session management
  #
-+dtlogin	session	required	/usr/athena/lib/pam_krb4.so
-+login	session	required	/usr/athena/lib/pam_krb4.so
++dtlogin	session required	/usr/athena/lib/pam_krb4.so
++login	session required	/usr/athena/lib/pam_krb4.so
  other	session required	/usr/lib/security/pam_unix.so.1 
  #
  # Password management
diff --git a/crypto/heimdal/lib/krb5/Makefile.am b/crypto/heimdal/lib/krb5/Makefile.am
index a5f60c0..df8ac6d 100644
--- a/crypto/heimdal/lib/krb5/Makefile.am
+++ b/crypto/heimdal/lib/krb5/Makefile.am
@@ -1,4 +1,4 @@
-# $Id: Makefile.am,v 1.97 2000/02/13 20:35:49 assar Exp $
+# $Id: Makefile.am,v 1.98 2000/02/19 18:53:56 assar Exp $
 
 include $(top_srcdir)/Makefile.am.common
 
@@ -119,7 +119,7 @@ libkrb5_la_SOURCES = \
 
 EXTRA_libkrb5_la_SOURCES = keytab_krb4.c
 
-libkrb5_la_LDFLAGS = -version-info 9:0:0
+libkrb5_la_LDFLAGS = -version-info 9:1:0
 
 $(libkrb5_la_OBJECTS): $(srcdir)/krb5-protos.h $(srcdir)/krb5-private.h
 
diff --git a/crypto/heimdal/lib/krb5/Makefile.in b/crypto/heimdal/lib/krb5/Makefile.in
index da4a0fb..dbca9de 100644
--- a/crypto/heimdal/lib/krb5/Makefile.in
+++ b/crypto/heimdal/lib/krb5/Makefile.in
@@ -10,7 +10,7 @@
 # even the implied warranty of MERCHANTABILITY or FITNESS FOR A
 # PARTICULAR PURPOSE.
 
-# $Id: Makefile.am,v 1.97 2000/02/13 20:35:49 assar Exp $
+# $Id: Makefile.am,v 1.98 2000/02/19 18:53:56 assar Exp $
 
 
 # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
@@ -195,7 +195,7 @@ libkrb5_la_SOURCES =  	add_et_list.c 	addr_families.c 	address.c 	aname_to_local
 
 EXTRA_libkrb5_la_SOURCES = keytab_krb4.c
 
-libkrb5_la_LDFLAGS = -version-info 9:0:0
+libkrb5_la_LDFLAGS = -version-info 9:1:0
 
 libkrb5_la_LIBADD = ../com_err/error.lo ../com_err/com_err.lo
 
diff --git a/crypto/heimdal/lib/krb5/addr_families.c b/crypto/heimdal/lib/krb5/addr_families.c
index e8214ba..9b17abd 100644
--- a/crypto/heimdal/lib/krb5/addr_families.c
+++ b/crypto/heimdal/lib/krb5/addr_families.c
@@ -33,7 +33,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: addr_families.c,v 1.22 1999/12/04 17:53:33 assar Exp $");
+RCSID("$Id: addr_families.c,v 1.23 2000/02/16 02:09:00 assar Exp $");
 
 struct addr_operations {
     int af;
@@ -532,12 +532,7 @@ krb5_parse_address(krb5_context context,
     ALLOC_SEQ(addresses, n);
 
     for (a = ai, i = 0; a != NULL; a = a->ai_next, ++i) {
-	struct addr_operations *aop = find_af (ai->ai_family);
-
-	addresses->val[i].addr_type = aop->atype;
-	krb5_data_copy (&addresses->val[i].address,
-			ai->ai_addr,
-			ai->ai_addrlen);
+	krb5_sockaddr2address (ai->ai_addr, &addresses->val[i]);
     }
     freeaddrinfo (ai);
     return 0;
diff --git a/crypto/heimdal/lib/krb5/expand_hostname.c b/crypto/heimdal/lib/krb5/expand_hostname.c
index 48e9709..3e98e88 100644
--- a/crypto/heimdal/lib/krb5/expand_hostname.c
+++ b/crypto/heimdal/lib/krb5/expand_hostname.c
@@ -33,7 +33,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: expand_hostname.c,v 1.7 2000/02/02 04:42:57 assar Exp $");
+RCSID("$Id: expand_hostname.c,v 1.8 2000/02/20 02:25:29 assar Exp $");
 
 static krb5_error_code
 copy_hostname(krb5_context context,
@@ -81,6 +81,31 @@ krb5_expand_hostname (krb5_context context,
 }
 
 /*
+ * handle the case of the hostname being unresolvable and thus identical
+ */
+
+static krb5_error_code
+vanilla_hostname (krb5_context context,
+		  const char *orig_hostname,
+		  char **new_hostname,
+		  char ***realms)
+{
+    krb5_error_code ret;
+
+    ret = copy_hostname (context, orig_hostname, new_hostname);
+    if (ret)
+	return ret;
+    strlwr (*new_hostname);
+
+    ret = krb5_get_host_realm (context, *new_hostname, realms);
+    if (ret) {
+	free (*new_hostname);
+	return ret;
+    }
+    return 0;
+}
+
+/*
  * expand `hostname' to a name we believe to be a hostname in newly
  * allocated space in `host' and return realms in `realms'.
  */
@@ -100,21 +125,24 @@ krb5_expand_hostname_realms (krb5_context context,
 
     error = getaddrinfo (orig_hostname, NULL, &hints, &ai);
     if (error)
-	return copy_hostname (context, orig_hostname, new_hostname);
+	return vanilla_hostname (context, orig_hostname, new_hostname,
+				 realms);
+
     for (a = ai; a != NULL; a = a->ai_next) {
 	if (a->ai_canonname != NULL) {
 	    ret = copy_hostname (context, orig_hostname, new_hostname);
-	    if (ret)
-		goto out;
+	    if (ret) {
+		freeaddrinfo (ai);
+		return ret;
+	    }
 	    strlwr (*new_hostname);
 	    ret = krb5_get_host_realm (context, *new_hostname, realms);
-	    if (ret == 0)
-		goto out;
+	    if (ret == 0) {
+		freeaddrinfo (ai);
+		return 0;
+	    }
 	    free (*new_hostname);
 	}
     }
-    ret = copy_hostname (context, orig_hostname, new_hostname);
- out:
-    freeaddrinfo (ai);
-    return ret;
+    return vanilla_hostname (context, orig_hostname, new_hostname, realms);
 }
diff --git a/crypto/heimdal/lib/roken/ChangeLog b/crypto/heimdal/lib/roken/ChangeLog
index b157494..6da4be0 100644
--- a/crypto/heimdal/lib/roken/ChangeLog
+++ b/crypto/heimdal/lib/roken/ChangeLog
@@ -1,3 +1,16 @@
+2000-02-19  Assar Westerlund  <assar@sics.se>
+
+	* Makefile.am: set version to 7:1:2
+	
+2000-02-16  Assar Westerlund  <assar@sics.se>
+
+	* snprintf.c (PARSE_INT_FORMAT): note that shorts are actually
+	transmitted as ints
+	(according to the integer protomotion rules) in variable arguments
+	lists.  Therefore, we should not call va_arg with short but rather
+	with int.  See <http://www.debian.org/Bugs/db/57/57919.html> for
+	original bug report
+
 2000-02-13  Assar Westerlund  <assar@sics.se>
 
 	* Makefile.am: bump version to 7:0:2
diff --git a/crypto/heimdal/lib/roken/Makefile.am b/crypto/heimdal/lib/roken/Makefile.am
index d23fcb3..3d303f8 100644
--- a/crypto/heimdal/lib/roken/Makefile.am
+++ b/crypto/heimdal/lib/roken/Makefile.am
@@ -1,11 +1,11 @@
-# $Id: Makefile.am,v 1.69 2000/02/13 20:34:03 assar Exp $
+# $Id: Makefile.am,v 1.70 2000/02/19 18:53:13 assar Exp $
 
 include $(top_srcdir)/Makefile.am.common
 
 CLEANFILES = roken.h make-roken.c print_version.h
 
 lib_LTLIBRARIES = libroken.la
-libroken_la_LDFLAGS = -version-info 7:0:2
+libroken_la_LDFLAGS = -version-info 7:1:2
 
 noinst_PROGRAMS = make-roken make-print-version
 
diff --git a/crypto/heimdal/lib/roken/Makefile.in b/crypto/heimdal/lib/roken/Makefile.in
index 65c3f99..6db3973 100644
--- a/crypto/heimdal/lib/roken/Makefile.in
+++ b/crypto/heimdal/lib/roken/Makefile.in
@@ -10,7 +10,7 @@
 # even the implied warranty of MERCHANTABILITY or FITNESS FOR A
 # PARTICULAR PURPOSE.
 
-# $Id: Makefile.am,v 1.69 2000/02/13 20:34:03 assar Exp $
+# $Id: Makefile.am,v 1.70 2000/02/19 18:53:13 assar Exp $
 
 
 # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
@@ -176,7 +176,7 @@ CHECK_LOCAL = $(PROGRAMS)
 CLEANFILES = roken.h make-roken.c print_version.h
 
 lib_LTLIBRARIES = libroken.la
-libroken_la_LDFLAGS = -version-info 7:0:2
+libroken_la_LDFLAGS = -version-info 7:1:2
 
 noinst_PROGRAMS = make-roken make-print-version
 
diff --git a/crypto/heimdal/lib/roken/snprintf.c b/crypto/heimdal/lib/roken/snprintf.c
index 0333e87..4f69e66 100644
--- a/crypto/heimdal/lib/roken/snprintf.c
+++ b/crypto/heimdal/lib/roken/snprintf.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995-1997, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995-2000 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  * 
@@ -33,7 +33,7 @@
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
-RCSID("$Id: snprintf.c,v 1.24 1999/12/02 16:58:52 joda Exp $");
+RCSID("$Id: snprintf.c,v 1.25 2000/02/16 01:38:52 assar Exp $");
 #endif
 #include <stdio.h>
 #include <stdarg.h>
@@ -265,7 +265,7 @@ append_char(struct state *state,
 if (long_flag) \
      res = (unsig long)va_arg(arg, unsig long); \
 else if (short_flag) \
-     res = (unsig short)va_arg(arg, unsig short); \
+     res = (unsig short)va_arg(arg, unsig int); \
 else \
      res = (unsig int)va_arg(arg, unsig int)
author	markm <markm@FreeBSD.org>	2000-02-24 11:28:20 +0000
committer	markm <markm@FreeBSD.org>	2000-02-24 11:28:20 +0000
commit	5ed96cd5daa48af752db4781418f32f9258cce94 (patch)
tree	cbf6e4300b6d10326e92349d0f71b9054f47c4f2 /crypto/heimdal/lib
parent	69414e22b995b6d161fc19bcab66823585f1d394 (diff)
download	FreeBSD-src-5ed96cd5daa48af752db4781418f32f9258cce94.zip FreeBSD-src-5ed96cd5daa48af752db4781418f32f9258cce94.tar.gz