diff options
author | nectar <nectar@FreeBSD.org> | 2002-09-16 21:04:40 +0000 |
---|---|---|
committer | nectar <nectar@FreeBSD.org> | 2002-09-16 21:04:40 +0000 |
commit | a876cfedd88823d520688032e9bde83b68098a88 (patch) | |
tree | dcd3a0c4ed207dd29fc2afc7e76bb2592c51d93a /crypto/heimdal/lib | |
parent | fece93f6bd7aed95bbd6edfb87765c3fcdbfedd5 (diff) | |
parent | 8707f886593c300d83c76654e92ec76bcea9b858 (diff) | |
download | FreeBSD-src-a876cfedd88823d520688032e9bde83b68098a88.zip FreeBSD-src-a876cfedd88823d520688032e9bde83b68098a88.tar.gz |
This commit was generated by cvs2svn to compensate for changes in r103423,
which included commits to RCS files with non-trunk default branches.
Diffstat (limited to 'crypto/heimdal/lib')
53 files changed, 1676 insertions, 567 deletions
diff --git a/crypto/heimdal/lib/asn1/der_get.c b/crypto/heimdal/lib/asn1/der_get.c index 5edb43a..429fd66 100644 --- a/crypto/heimdal/lib/asn1/der_get.c +++ b/crypto/heimdal/lib/asn1/der_get.c @@ -33,7 +33,7 @@ #include "der_locl.h" -RCSID("$Id: der_get.c,v 1.32 2002/08/22 19:11:07 assar Exp $"); +RCSID("$Id: der_get.c,v 1.33 2002/09/03 16:21:49 nectar Exp $"); #include <version.h> @@ -252,6 +252,8 @@ decode_integer (const unsigned char *p, size_t len, p += l; len -= l; ret += l; + if (reallen > len) + return ASN1_OVERRUN; e = der_get_int (p, reallen, num, &l); if (e) return e; p += l; @@ -279,6 +281,8 @@ decode_unsigned (const unsigned char *p, size_t len, p += l; len -= l; ret += l; + if (reallen > len) + return ASN1_OVERRUN; e = der_get_unsigned (p, reallen, num, &l); if (e) return e; p += l; diff --git a/crypto/heimdal/lib/asn1/gen.c b/crypto/heimdal/lib/asn1/gen.c index 6d03db6..5b85a48 100644 --- a/crypto/heimdal/lib/asn1/gen.c +++ b/crypto/heimdal/lib/asn1/gen.c @@ -33,7 +33,7 @@ #include "gen_locl.h" -RCSID("$Id: gen.c,v 1.48 2002/08/26 13:27:20 assar Exp $"); +RCSID("$Id: gen.c,v 1.49 2002/09/04 15:06:18 joda Exp $"); FILE *headerfile, *codefile, *logfile; @@ -102,20 +102,29 @@ init_generate (const char *filename, const char *base) " void *data;\n" "} octet_string;\n\n"); fprintf (headerfile, -#if 0 - "typedef struct general_string {\n" - " size_t length;\n" - " char *data;\n" - "} general_string;\n\n" -#else "typedef char *general_string;\n\n" -#endif ); fprintf (headerfile, "typedef struct oid {\n" " size_t length;\n" " unsigned *components;\n" "} oid;\n\n"); + fputs("#define ASN1_MALLOC_ENCODE(T, B, BL, S, L, R) \\\n" + " do { \\\n" + " (BL) = length_##T((S)); \\\n" + " (B) = malloc((BL)); \\\n" + " if((B) == NULL) { \\\n" + " (R) = ENOMEM; \\\n" + " } else { \\\n" + " (R) = encode_##T(((unsigned char*)(B)) + (BL) - 1, (BL), \\\n" + " (S), (L)); \\\n" + " if((R) != 0) { \\\n" + " free((B)); \\\n" + " (B) = NULL; \\\n" + " } \\\n" + " } \\\n" + " } while (0)\n\n", + headerfile); fprintf (headerfile, "#endif\n\n"); logfile = fopen(STEM "_files", "w"); if (logfile == NULL) diff --git a/crypto/heimdal/lib/asn1/k5.asn1 b/crypto/heimdal/lib/asn1/k5.asn1 index 381aaf6..53436c8 100644 --- a/crypto/heimdal/lib/asn1/k5.asn1 +++ b/crypto/heimdal/lib/asn1/k5.asn1 @@ -1,4 +1,4 @@ --- $Id: k5.asn1,v 1.26 2002/03/18 19:00:43 joda Exp $ +-- $Id: k5.asn1,v 1.27 2002/09/03 17:32:09 joda Exp $ KERBEROS5 DEFINITIONS ::= BEGIN @@ -97,8 +97,7 @@ ENCTYPE ::= INTEGER { ETYPE_DES_CBC_NONE(-0x1000), ETYPE_DES3_CBC_NONE(-0x1001), ETYPE_DES_CFB64_NONE(-0x1002), - ETYPE_DES_PCBC_NONE(-0x1003), - ETYPE_DES3_CBC_NONE_IVEC(-0x1004) + ETYPE_DES_PCBC_NONE(-0x1003) } -- this is sugar to make something ASN1 does not have: unsigned diff --git a/crypto/heimdal/lib/auth/pam/pam.c b/crypto/heimdal/lib/auth/pam/pam.c index eeb2d25..68446c3 100644 --- a/crypto/heimdal/lib/auth/pam/pam.c +++ b/crypto/heimdal/lib/auth/pam/pam.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include<config.h> -RCSID("$Id: pam.c,v 1.27 2001/02/15 04:30:05 assar Exp $"); +RCSID("$Id: pam.c,v 1.28 2002/09/09 15:57:24 joda Exp $"); #endif #include <stdio.h> @@ -128,7 +128,7 @@ pdeb(const char *format, ...) if (ctrl_off(KRB4_DEBUG)) return; va_start(args, format); - openlog("pam_krb4", LOG_CONS|LOG_PID, LOG_AUTH); + openlog("pam_krb4", LOG_PID, LOG_AUTH); vsyslog(LOG_DEBUG, format, args); va_end(args); closelog(); diff --git a/crypto/heimdal/lib/gssapi/ChangeLog b/crypto/heimdal/lib/gssapi/ChangeLog index a369cf8..cd9d9c1 100644 --- a/crypto/heimdal/lib/gssapi/ChangeLog +++ b/crypto/heimdal/lib/gssapi/ChangeLog @@ -1,3 +1,13 @@ +2002-09-03 Johan Danielsson <joda@pdc.kth.se> + + * wrap.c (wrap_des3): use ETYPE_DES3_CBC_NONE + + * unwrap.c (unwrap_des3): use ETYPE_DES3_CBC_NONE + +2002-09-02 Johan Danielsson <joda@pdc.kth.se> + + * init_sec_context.c: we need to generate a local subkey here + 2002-08-20 Jacques Vidrine <n@nectar.com> * acquire_cred.c, inquire_cred.c, release_cred.c: Use default diff --git a/crypto/heimdal/lib/gssapi/init_sec_context.c b/crypto/heimdal/lib/gssapi/init_sec_context.c index 1be73e1..2cef3a9 100644 --- a/crypto/heimdal/lib/gssapi/init_sec_context.c +++ b/crypto/heimdal/lib/gssapi/init_sec_context.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: init_sec_context.c,v 1.29 2001/08/29 02:21:09 assar Exp $"); +RCSID("$Id: init_sec_context.c,v 1.31 2002/09/02 17:16:12 joda Exp $"); /* * copy the addresses from `input_chan_bindings' (if any) to @@ -367,6 +367,16 @@ init_auth } #endif + kret = krb5_auth_con_generatelocalsubkey(gssapi_krb5_context, + (*context_handle)->auth_context, + &cred->session); + if(kret) { + gssapi_krb5_set_error_string (); + *minor_status = kret; + ret = GSS_S_FAILURE; + goto failure; + } + kret = krb5_build_authenticator (gssapi_krb5_context, (*context_handle)->auth_context, enctype, diff --git a/crypto/heimdal/lib/gssapi/unwrap.c b/crypto/heimdal/lib/gssapi/unwrap.c index e5e9695..5acb2e9 100644 --- a/crypto/heimdal/lib/gssapi/unwrap.c +++ b/crypto/heimdal/lib/gssapi/unwrap.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: unwrap.c,v 1.20 2002/05/20 15:14:00 nectar Exp $"); +RCSID("$Id: unwrap.c,v 1.21 2002/09/03 17:33:11 joda Exp $"); OM_uint32 gss_krb5_get_remotekey(const gss_ctx_id_t context_handle, @@ -296,7 +296,7 @@ unwrap_des3 p -= 28; ret = krb5_crypto_init(gssapi_krb5_context, key, - ETYPE_DES3_CBC_NONE_IVEC, &crypto); + ETYPE_DES3_CBC_NONE, &crypto); if (ret) { gssapi_krb5_set_error_string (); *minor_status = ret; diff --git a/crypto/heimdal/lib/gssapi/wrap.c b/crypto/heimdal/lib/gssapi/wrap.c index 4e232c5..1a9d7ea 100644 --- a/crypto/heimdal/lib/gssapi/wrap.c +++ b/crypto/heimdal/lib/gssapi/wrap.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: wrap.c,v 1.19 2001/06/18 02:53:52 assar Exp $"); +RCSID("$Id: wrap.c,v 1.20 2002/09/03 17:33:36 joda Exp $"); OM_uint32 gss_krb5_get_localkey(const gss_ctx_id_t context_handle, @@ -330,7 +330,7 @@ wrap_des3 4); - ret = krb5_crypto_init(gssapi_krb5_context, key, ETYPE_DES3_CBC_NONE_IVEC, + ret = krb5_crypto_init(gssapi_krb5_context, key, ETYPE_DES3_CBC_NONE, &crypto); if (ret) { free (output_message_buffer->value); diff --git a/crypto/heimdal/lib/hdb/common.c b/crypto/heimdal/lib/hdb/common.c index 73bddf2..9375525 100644 --- a/crypto/heimdal/lib/hdb/common.c +++ b/crypto/heimdal/lib/hdb/common.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,35 +33,21 @@ #include "hdb_locl.h" -RCSID("$Id: common.c,v 1.10 2001/07/13 06:30:41 assar Exp $"); +RCSID("$Id: common.c,v 1.11 2002/09/04 16:32:30 joda Exp $"); int hdb_principal2key(krb5_context context, krb5_principal p, krb5_data *key) { Principal new; size_t len; - unsigned char *buf; int ret; ret = copy_Principal(p, &new); - if(ret) - goto out; + if(ret) + return ret; new.name.name_type = 0; - len = length_Principal(&new); - buf = malloc(len); - if(buf == NULL){ - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - goto out; - } - ret = encode_Principal(buf + len - 1, len, &new, &len); - if(ret){ - free(buf); - goto out; - } - key->data = buf; - key->length = len; -out: + + ASN1_MALLOC_ENCODE(Principal, key->data, key->length, &new, &len, ret); free_Principal(&new); return ret; } @@ -75,24 +61,11 @@ hdb_key2principal(krb5_context context, krb5_data *key, krb5_principal p) int hdb_entry2value(krb5_context context, hdb_entry *ent, krb5_data *value) { - unsigned char *buf; size_t len; int ret; - - len = length_hdb_entry(ent); - buf = malloc(len); - if(buf == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - ret = encode_hdb_entry(buf + len - 1, len, ent, &len); - if(ret){ - free(buf); - return ret; - } - value->data = buf; - value->length = len; - return 0; + + ASN1_MALLOC_ENCODE(hdb_entry, value->data, value->length, ent, &len, ret); + return ret; } int diff --git a/crypto/heimdal/lib/hdb/hdb-ldap.c b/crypto/heimdal/lib/hdb/hdb-ldap.c index a92285c..8e90798 100644 --- a/crypto/heimdal/lib/hdb/hdb-ldap.c +++ b/crypto/heimdal/lib/hdb/hdb-ldap.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 - 2001, PADL Software Pty Ltd. + * Copyright (c) 1999-2001, PADL Software Pty Ltd. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -32,7 +32,7 @@ #include "hdb_locl.h" -RCSID("$Id: hdb-ldap.c,v 1.9 2001/08/31 18:19:49 joda Exp $"); +RCSID("$Id: hdb-ldap.c,v 1.10 2002/09/04 18:42:22 joda Exp $"); #ifdef OPENLDAP @@ -451,29 +451,10 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry * ent, for (i = 0; i < ent->keys.len; i++) { unsigned char *buf; size_t len; - Key new; - ret = copy_Key(&ent->keys.val[i], &new); - if (ret != 0) { - goto out; - } - - len = length_Key(&new); - buf = malloc(len); - if (buf == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - free_Key(&new); + ASN1_MALLOC_ENCODE(Key, buf, len, &ent->keys.val[i], &len, ret); + if (ret != 0) goto out; - } - - ret = encode_Key(buf + len - 1, len, &new, &len); - if (ret != 0) { - free(buf); - free_Key(&new); - goto out; - } - free_Key(&new); /* addmod_len _owns_ the key, doesn't need to copy it */ ret = LDAP_addmod_len(&mods, LDAP_MOD_ADD, "krb5Key", buf, len); diff --git a/crypto/heimdal/lib/krb5/Makefile.am b/crypto/heimdal/lib/krb5/Makefile.am index e88a28e..ae75808 100644 --- a/crypto/heimdal/lib/krb5/Makefile.am +++ b/crypto/heimdal/lib/krb5/Makefile.am @@ -1,4 +1,4 @@ -# $Id: Makefile.am,v 1.145 2002/08/29 04:02:24 assar Exp $ +# $Id: Makefile.am,v 1.147 2002/09/03 14:45:13 joda Exp $ include $(top_srcdir)/Makefile.am.common @@ -13,7 +13,8 @@ TESTS = \ string-to-key-test \ derived-key-test \ store-test \ - parse-name-test + parse-name-test \ + name-45-test check_PROGRAMS = $(TESTS) @@ -133,10 +134,10 @@ libkrb5_la_LDFLAGS = -version-info 18:3:1 $(libkrb5_la_OBJECTS): $(srcdir)/krb5-protos.h $(srcdir)/krb5-private.h -$(srcdir)/krb5-protos.h: $(ERR_FILES) +$(srcdir)/krb5-protos.h: cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -o krb5-protos.h $(libkrb5_la_SOURCES) || rm -f krb5-protos.h -$(srcdir)/krb5-private.h: $(ERR_FILES) +$(srcdir)/krb5-private.h: cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p krb5-private.h $(libkrb5_la_SOURCES) || rm -f krb5-private.h #libkrb5_la_LIBADD = ../com_err/error.lo ../com_err/com_err.lo diff --git a/crypto/heimdal/lib/krb5/Makefile.in b/crypto/heimdal/lib/krb5/Makefile.in index 7126546..80ce39f 100644 --- a/crypto/heimdal/lib/krb5/Makefile.in +++ b/crypto/heimdal/lib/krb5/Makefile.in @@ -14,7 +14,7 @@ @SET_MAKE@ -# $Id: Makefile.am,v 1.145 2002/08/29 04:02:24 assar Exp $ +# $Id: Makefile.am,v 1.147 2002/09/03 14:45:13 joda Exp $ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ @@ -211,7 +211,8 @@ TESTS = \ string-to-key-test \ derived-key-test \ store-test \ - parse-name-test + parse-name-test \ + name-45-test check_PROGRAMS = $(TESTS) @@ -406,7 +407,7 @@ libkrb5_la_OBJECTS = $(am_libkrb5_la_OBJECTS) bin_PROGRAMS = verify_krb5_conf$(EXEEXT) check_PROGRAMS = n-fold-test$(EXEEXT) string-to-key-test$(EXEEXT) \ derived-key-test$(EXEEXT) store-test$(EXEEXT) \ - parse-name-test$(EXEEXT) + parse-name-test$(EXEEXT) name-45-test$(EXEEXT) noinst_PROGRAMS = dump_config$(EXEEXT) test_get_addrs$(EXEEXT) \ krbhst-test$(EXEEXT) PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS) @@ -435,6 +436,12 @@ n_fold_test_LDADD = $(LDADD) n_fold_test_DEPENDENCIES = libkrb5.la \ $(top_builddir)/lib/asn1/libasn1.la n_fold_test_LDFLAGS = +name_45_test_SOURCES = name-45-test.c +name_45_test_OBJECTS = name-45-test.$(OBJEXT) +name_45_test_LDADD = $(LDADD) +name_45_test_DEPENDENCIES = libkrb5.la \ + $(top_builddir)/lib/asn1/libasn1.la +name_45_test_LDFLAGS = parse_name_test_SOURCES = parse-name-test.c parse_name_test_OBJECTS = parse-name-test.$(OBJEXT) parse_name_test_LDADD = $(LDADD) @@ -481,13 +488,14 @@ LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(AM_LDFLAGS) $(LDFLAGS) -o $@ CFLAGS = @CFLAGS@ DIST_SOURCES = $(libkrb5_la_SOURCES) derived-key-test.c dump_config.c \ - krbhst-test.c n-fold-test.c parse-name-test.c store-test.c \ - string-to-key-test.c test_get_addrs.c verify_krb5_conf.c + krbhst-test.c n-fold-test.c name-45-test.c parse-name-test.c \ + store-test.c string-to-key-test.c test_get_addrs.c \ + verify_krb5_conf.c MANS = $(man_MANS) HEADERS = $(include_HEADERS) DIST_COMMON = $(include_HEADERS) Makefile.am Makefile.in -SOURCES = $(libkrb5_la_SOURCES) derived-key-test.c dump_config.c krbhst-test.c n-fold-test.c parse-name-test.c store-test.c string-to-key-test.c test_get_addrs.c verify_krb5_conf.c +SOURCES = $(libkrb5_la_SOURCES) derived-key-test.c dump_config.c krbhst-test.c n-fold-test.c name-45-test.c parse-name-test.c store-test.c string-to-key-test.c test_get_addrs.c verify_krb5_conf.c all: all-am @@ -583,6 +591,9 @@ krbhst-test$(EXEEXT): $(krbhst_test_OBJECTS) $(krbhst_test_DEPENDENCIES) n-fold-test$(EXEEXT): $(n_fold_test_OBJECTS) $(n_fold_test_DEPENDENCIES) @rm -f n-fold-test$(EXEEXT) $(LINK) $(n_fold_test_LDFLAGS) $(n_fold_test_OBJECTS) $(n_fold_test_LDADD) $(LIBS) +name-45-test$(EXEEXT): $(name_45_test_OBJECTS) $(name_45_test_DEPENDENCIES) + @rm -f name-45-test$(EXEEXT) + $(LINK) $(name_45_test_LDFLAGS) $(name_45_test_OBJECTS) $(name_45_test_LDADD) $(LIBS) parse-name-test$(EXEEXT): $(parse_name_test_OBJECTS) $(parse_name_test_DEPENDENCIES) @rm -f parse-name-test$(EXEEXT) $(LINK) $(parse_name_test_LDFLAGS) $(parse_name_test_OBJECTS) $(parse_name_test_LDADD) $(LIBS) @@ -1121,10 +1132,10 @@ install-data-local: install-cat-mans $(libkrb5_la_OBJECTS): $(srcdir)/krb5-protos.h $(srcdir)/krb5-private.h -$(srcdir)/krb5-protos.h: $(ERR_FILES) +$(srcdir)/krb5-protos.h: cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -o krb5-protos.h $(libkrb5_la_SOURCES) || rm -f krb5-protos.h -$(srcdir)/krb5-private.h: $(ERR_FILES) +$(srcdir)/krb5-private.h: cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p krb5-private.h $(libkrb5_la_SOURCES) || rm -f krb5-private.h $(libkrb5_la_OBJECTS): krb5_err.h heim_err.h k524_err.h diff --git a/crypto/heimdal/lib/krb5/auth_context.c b/crypto/heimdal/lib/krb5/auth_context.c index 3b42ce7..2e7a8f4 100644 --- a/crypto/heimdal/lib/krb5/auth_context.c +++ b/crypto/heimdal/lib/krb5/auth_context.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: auth_context.c,v 1.58 2002/08/15 08:23:07 joda Exp $"); +RCSID("$Id: auth_context.c,v 1.59 2002/09/02 17:11:02 joda Exp $"); krb5_error_code krb5_auth_con_init(krb5_context context, @@ -292,6 +292,24 @@ krb5_auth_con_setlocalsubkey(krb5_context context, } krb5_error_code +krb5_auth_con_generatelocalsubkey(krb5_context context, + krb5_auth_context auth_context, + krb5_keyblock *key) +{ + krb5_error_code ret; + krb5_keyblock *subkey; + + ret = krb5_generate_subkey (context, key, &subkey); + if(ret) + return ret; + if(auth_context->local_subkey) + krb5_free_keyblock(context, auth_context->local_subkey); + auth_context->local_subkey = subkey; + return 0; +} + + +krb5_error_code krb5_auth_con_setremotesubkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock *keyblock) diff --git a/crypto/heimdal/lib/krb5/build_ap_req.c b/crypto/heimdal/lib/krb5/build_ap_req.c index e4f7d4e..cab5e6f 100644 --- a/crypto/heimdal/lib/krb5/build_ap_req.c +++ b/crypto/heimdal/lib/krb5/build_ap_req.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: build_ap_req.c,v 1.17 2001/05/14 06:14:44 assar Exp $"); +RCSID("$Id: build_ap_req.c,v 1.18 2002/09/04 16:26:04 joda Exp $"); krb5_error_code krb5_build_ap_req (krb5_context context, @@ -66,15 +66,10 @@ krb5_build_ap_req (krb5_context context, ap.authenticator.kvno = NULL; ap.authenticator.cipher = authenticator; - retdata->length = length_AP_REQ(&ap); - retdata->data = malloc(retdata->length); - if(retdata->data == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - } else - encode_AP_REQ((unsigned char *)retdata->data + retdata->length - 1, - retdata->length, &ap, &len); + ASN1_MALLOC_ENCODE(AP_REQ, retdata->data, retdata->length, + &ap, &len, ret); + free_AP_REQ(&ap); - return ret; + } diff --git a/crypto/heimdal/lib/krb5/build_auth.c b/crypto/heimdal/lib/krb5/build_auth.c index b1650fd..9a2ca3e 100644 --- a/crypto/heimdal/lib/krb5/build_auth.c +++ b/crypto/heimdal/lib/krb5/build_auth.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: build_auth.c,v 1.35 2001/05/14 06:14:44 assar Exp $"); +RCSID("$Id: build_auth.c,v 1.38 2002/09/04 16:26:04 joda Exp $"); krb5_error_code krb5_build_authenticator (krb5_context context, @@ -74,13 +74,6 @@ krb5_build_authenticator (krb5_context context, if(ret) goto fail; - if(auth->subkey == NULL) { - krb5_generate_subkey (context, &cred->session, &auth->subkey); - ret = krb5_auth_con_setlocalsubkey(context, auth_context, auth->subkey); - if(ret) - goto fail; - } - if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) { krb5_generate_seq_number (context, &cred->session, @@ -99,36 +92,10 @@ krb5_build_authenticator (krb5_context context, auth_context->authenticator->cusec = auth->cusec; } - buf_size = 1024; - buf = malloc (buf_size); - if (buf == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - goto fail; - } + ASN1_MALLOC_ENCODE(Authenticator, buf, buf_size, auth, &len, ret); - do { - ret = krb5_encode_Authenticator (context, - buf + buf_size - 1, - buf_size, - auth, &len); - if (ret) { - if (ret == ASN1_OVERFLOW) { - u_char *tmp; - - buf_size *= 2; - tmp = realloc (buf, buf_size); - if (tmp == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - goto fail; - } - buf = tmp; - } else { - goto fail; - } - } - } while(ret == ASN1_OVERFLOW); + if (ret) + goto fail; ret = krb5_crypto_init(context, &cred->session, enctype, &crypto); if (ret) diff --git a/crypto/heimdal/lib/krb5/changepw.c b/crypto/heimdal/lib/krb5/changepw.c index e930d87..f765a97 100644 --- a/crypto/heimdal/lib/krb5/changepw.c +++ b/crypto/heimdal/lib/krb5/changepw.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: changepw.c,v 1.35 2002/06/06 13:33:13 joda Exp $"); +RCSID("$Id: changepw.c,v 1.37 2002/09/03 16:14:34 nectar Exp $"); static krb5_error_code send_request (krb5_context context, @@ -57,7 +57,7 @@ send_request (krb5_context context, ret = krb5_mk_req_extended (context, auth_context, - AP_OPTS_MUTUAL_REQUIRED, + AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SUBKEY, NULL, /* in_data */ creds, &ap_req_data); @@ -144,7 +144,7 @@ process_reply (krb5_context context, u_char reply[BUFSIZ]; size_t len; u_int16_t pkt_len, pkt_ver; - krb5_data ap_rep_data; + krb5_data ap_rep_data, priv_data; int save_errno; ret = recvfrom (sock, reply, sizeof(reply), 0, NULL, NULL); @@ -173,10 +173,13 @@ process_reply (krb5_context context, ap_rep_data.data = reply + 6; ap_rep_data.length = (reply[4] << 8) | (reply[5]); + priv_data.data = (u_char*)ap_rep_data.data + ap_rep_data.length; + priv_data.length = len - ap_rep_data.length - 6; + if ((u_char *)priv_data.data + priv_data.length >= reply + len) + return KRB5_KPASSWD_MALFORMED; if (ap_rep_data.length) { krb5_ap_rep_enc_part *ap_rep; - krb5_data priv_data; u_char *p; ret = krb5_rd_rep (context, @@ -188,9 +191,6 @@ process_reply (krb5_context context, krb5_free_ap_rep_enc_part (context, ap_rep); - priv_data.data = (u_char*)ap_rep_data.data + ap_rep_data.length; - priv_data.length = len - ap_rep_data.length - 6; - ret = krb5_rd_priv (context, auth_context, &priv_data, diff --git a/crypto/heimdal/lib/krb5/config_file.c b/crypto/heimdal/lib/krb5/config_file.c index 77920a8..845b14c 100644 --- a/crypto/heimdal/lib/krb5/config_file.c +++ b/crypto/heimdal/lib/krb5/config_file.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: config_file.c,v 1.45 2002/08/14 17:35:03 joda Exp $"); +RCSID("$Id: config_file.c,v 1.46 2002/09/10 19:04:55 joda Exp $"); #ifndef HAVE_NETINFO @@ -341,7 +341,7 @@ vget_next(krb5_context context, { const char *p = va_arg(args, const char *); while(b != NULL) { - if(strcmp(b->name, name) == NULL) { + if(strcmp(b->name, name) == 0) { if(b->type == type && p == NULL) { *pointer = b; return b->u.generic; diff --git a/crypto/heimdal/lib/krb5/context.c b/crypto/heimdal/lib/krb5/context.c index d21ea71..75fe347 100644 --- a/crypto/heimdal/lib/krb5/context.c +++ b/crypto/heimdal/lib/krb5/context.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include <com_err.h> -RCSID("$Id: context.c,v 1.80 2002/08/28 15:27:24 joda Exp $"); +RCSID("$Id: context.c,v 1.81 2002/09/02 17:03:12 joda Exp $"); #define INIT_FIELD(C, T, E, D, F) \ (C)->E = krb5_config_get_ ## T ## _default ((C), NULL, (D), \ @@ -173,14 +173,9 @@ init_context_from_config_file(krb5_context context) INIT_FIELD(context, bool, scan_interfaces, TRUE, "scan_interfaces"); INIT_FIELD(context, int, fcache_vno, 0, "fcache_version"); - INIT_FIELD(context, bool, srv_lookup, TRUE, "dns_lookup_kdc"); - /* srv_lookup backwards compatibility. */ - { - const char **p; - p = krb5_config_get_strings(context, NULL, "libdefaults", "srv_lookup", NULL); - if (p != NULL) - INIT_FIELD(context, bool, srv_lookup, TRUE, "srv_lookup"); - } + /* prefer dns_lookup_kdc over srv_lookup. */ + INIT_FIELD(context, bool, srv_lookup, TRUE, "srv_lookup"); + INIT_FIELD(context, bool, srv_lookup, context->srv_lookup, "dns_lookup_kdc"); return 0; } diff --git a/crypto/heimdal/lib/krb5/get_cred.c b/crypto/heimdal/lib/krb5/get_cred.c index 256234b..7aa61a3 100644 --- a/crypto/heimdal/lib/krb5/get_cred.c +++ b/crypto/heimdal/lib/krb5/get_cred.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: get_cred.c,v 1.88 2002/03/10 23:11:29 assar Exp $"); +RCSID("$Id: get_cred.c,v 1.91 2002/09/04 21:12:46 joda Exp $"); /* * Take the `body' and encode it into `padata' using the credentials @@ -54,36 +54,14 @@ make_pa_tgs_req(krb5_context context, krb5_data in_data; krb5_error_code ret; - buf_size = 1024; - buf = malloc (buf_size); - if (buf == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - - do { - ret = encode_KDC_REQ_BODY(buf + buf_size - 1, buf_size, - body, &len); - if (ret){ - if (ret == ASN1_OVERFLOW) { - u_char *tmp; - - buf_size *= 2; - tmp = realloc (buf, buf_size); - if (tmp == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - goto out; - } - buf = tmp; - } else { - goto out; - } - } - } while (ret == ASN1_OVERFLOW); + ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, buf_size, body, &len, ret); + if (ret) + goto out; + if(buf_size != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); in_data.length = len; - in_data.data = buf + buf_size - len; + in_data.data = buf; ret = krb5_mk_req_internal(context, &ac, 0, &in_data, creds, &padata->padata_value, KRB5_KU_TGS_REQ_AUTH_CKSUM, @@ -113,18 +91,9 @@ set_auth_data (krb5_context context, krb5_crypto crypto; krb5_error_code ret; - len = length_AuthorizationData(authdata); - buf = malloc(len); - if (buf == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - ret = encode_AuthorizationData(buf + len - 1, - len, authdata, &len); - if (ret) { - free (buf); + ASN1_MALLOC_ENCODE(AuthorizationData, buf, len, authdata, &len, ret); + if (ret) return ret; - } ALLOC(req_body->enc_authorization_data, 1); if (req_body->enc_authorization_data == NULL) { @@ -173,16 +142,19 @@ init_tgs_req (krb5_context context, TGS_REQ *t, krb5_key_usage usage) { - krb5_error_code ret; + krb5_error_code ret = 0; memset(t, 0, sizeof(*t)); t->pvno = 5; t->msg_type = krb_tgs_req; if (in_creds->session.keytype) { - ret = krb5_keytype_to_enctypes_default (context, - in_creds->session.keytype, - &t->req_body.etype.len, - &t->req_body.etype.val); + ALLOC_SEQ(&t->req_body.etype, 1); + if(t->req_body.etype.val == NULL) { + ret = ENOMEM; + krb5_set_error_string(context, "malloc: out of memory"); + goto fail; + } + t->req_body.etype.val[0] = in_creds->session.keytype; } else { ret = krb5_init_etype(context, &t->req_body.etype.len, @@ -431,34 +403,11 @@ get_cred_kdc_usage(krb5_context context, if (ret) goto out; - buf_size = 1024; - buf = malloc (buf_size); - if (buf == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; + ASN1_MALLOC_ENCODE(TGS_REQ, buf, buf_size, &req, &enc.length, ret); + if (ret) goto out; - } - - do { - ret = encode_TGS_REQ (buf + buf_size - 1, buf_size, - &req, &enc.length); - if (ret) { - if (ret == ASN1_OVERFLOW) { - u_char *tmp; - - buf_size *= 2; - tmp = realloc (buf, buf_size); - if (tmp == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - goto out; - } - buf = tmp; - } else { - goto out; - } - } - } while (ret == ASN1_OVERFLOW); + if(enc.length != buf_size) + krb5_abortx(context, "internal error in ASN.1 encoder"); /* don't free addresses */ req.req_body.addresses = NULL; diff --git a/crypto/heimdal/lib/krb5/get_for_creds.c b/crypto/heimdal/lib/krb5/get_for_creds.c index 53a3f2b..2bec9f7 100644 --- a/crypto/heimdal/lib/krb5/get_for_creds.c +++ b/crypto/heimdal/lib/krb5/get_for_creds.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: get_for_creds.c,v 1.32 2002/03/10 23:12:23 assar Exp $"); +RCSID("$Id: get_for_creds.c,v 1.34 2002/09/04 16:26:04 joda Exp $"); static krb5_error_code add_addrs(krb5_context context, @@ -162,12 +162,14 @@ krb5_get_forwarded_creds (krb5_context context, KrbCredInfo *krb_cred_info; EncKrbCredPart enc_krb_cred_part; size_t len; - u_char buf[1024]; + unsigned char *buf; + size_t buf_size; int32_t sec, usec; krb5_kdc_flags kdc_flags; krb5_crypto crypto; struct addrinfo *ai; int save_errno; + krb5_keyblock *key; addrs.len = 0; addrs.val = NULL; @@ -319,45 +321,51 @@ krb5_get_forwarded_creds (krb5_context context, /* encode EncKrbCredPart */ - ret = krb5_encode_EncKrbCredPart (context, - buf + sizeof(buf) - 1, sizeof(buf), - &enc_krb_cred_part, &len); + ASN1_MALLOC_ENCODE(EncKrbCredPart, buf, buf_size, + &enc_krb_cred_part, &len, ret); free_EncKrbCredPart (&enc_krb_cred_part); if (ret) { free_KRB_CRED(&cred); return ret; - } + } + if(buf_size != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); + + if (auth_context->local_subkey) + key = auth_context->local_subkey; + else if (auth_context->remote_subkey) + key = auth_context->remote_subkey; + else + key = auth_context->keyblock; - ret = krb5_crypto_init(context, auth_context->local_subkey, 0, &crypto); + ret = krb5_crypto_init(context, key, 0, &crypto); if (ret) { + free(buf); free_KRB_CRED(&cred); return ret; } ret = krb5_encrypt_EncryptedData (context, crypto, KRB5_KU_KRB_CRED, - buf + sizeof(buf) - len, + buf, len, 0, &cred.enc_part); + free(buf); krb5_crypto_destroy(context, crypto); if (ret) { free_KRB_CRED(&cred); return ret; } - ret = encode_KRB_CRED (buf + sizeof(buf) - 1, sizeof(buf), - &cred, &len); + ASN1_MALLOC_ENCODE(KRB_CRED, buf, buf_size, &cred, &len, ret); free_KRB_CRED (&cred); if (ret) return ret; + if(buf_size != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); out_data->length = len; - out_data->data = malloc(len); - if (out_data->data == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - memcpy (out_data->data, buf + sizeof(buf) - len, len); + out_data->data = buf; return 0; out4: free_EncKrbCredPart(&enc_krb_cred_part); diff --git a/crypto/heimdal/lib/krb5/get_in_tkt.c b/crypto/heimdal/lib/krb5/get_in_tkt.c index 04587ea..74a0204 100644 --- a/crypto/heimdal/lib/krb5/get_in_tkt.c +++ b/crypto/heimdal/lib/krb5/get_in_tkt.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: get_in_tkt.c,v 1.104 2002/04/18 09:11:39 joda Exp $"); +RCSID("$Id: get_in_tkt.c,v 1.106 2002/09/04 16:26:04 joda Exp $"); krb5_error_code krb5_init_etype (krb5_context context, @@ -158,22 +158,12 @@ _krb5_extract_ticket(krb5_context context, creds->client = tmp_principal; /* extract ticket */ - { - unsigned char *buf; - size_t len; - len = length_Ticket(&rep->kdc_rep.ticket); - buf = malloc(len); - if(buf == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - goto out; - } - encode_Ticket(buf + len - 1, len, &rep->kdc_rep.ticket, &len); - creds->ticket.data = buf; - creds->ticket.length = len; - creds->second_ticket.length = 0; - creds->second_ticket.data = NULL; - } + ASN1_MALLOC_ENCODE(Ticket, creds->ticket.data, creds->ticket.length, + &rep->kdc_rep.ticket, &creds->ticket.length, ret); + if(ret) + goto out; + creds->second_ticket.length = 0; + creds->second_ticket.data = NULL; /* compare server */ @@ -223,7 +213,8 @@ _krb5_extract_ticket(krb5_context context, /* set kdc-offset */ krb5_timeofday (context, &sec_now); - if (context->kdc_sec_offset == 0 + if (rep->enc_part.flags.initial + && context->kdc_sec_offset == 0 && krb5_config_get_bool (context, NULL, "libdefaults", "kdc_timesync", @@ -314,7 +305,8 @@ make_pa_enc_timestamp(krb5_context context, PA_DATA *pa, krb5_enctype etype, krb5_keyblock *key) { PA_ENC_TS_ENC p; - u_char buf[1024]; + unsigned char *buf; + size_t buf_size; size_t len; EncryptedData encdata; krb5_error_code ret; @@ -327,39 +319,37 @@ make_pa_enc_timestamp(krb5_context context, PA_DATA *pa, usec2 = usec; p.pausec = &usec2; - ret = encode_PA_ENC_TS_ENC(buf + sizeof(buf) - 1, - sizeof(buf), - &p, - &len); + ASN1_MALLOC_ENCODE(PA_ENC_TS_ENC, buf, buf_size, &p, &len, ret); if (ret) return ret; - + if(buf_size != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); ret = krb5_crypto_init(context, key, 0, &crypto); - if (ret) + if (ret) { + free(buf); return ret; + } ret = krb5_encrypt_EncryptedData(context, crypto, KRB5_KU_PA_ENC_TIMESTAMP, - buf + sizeof(buf) - len, + buf, len, 0, &encdata); + free(buf); krb5_crypto_destroy(context, crypto); if (ret) return ret; - ret = encode_EncryptedData(buf + sizeof(buf) - 1, - sizeof(buf), - &encdata, - &len); + ASN1_MALLOC_ENCODE(EncryptedData, buf, buf_size, &encdata, &len, ret); free_EncryptedData(&encdata); if (ret) return ret; + if(buf_size != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); pa->padata_type = KRB5_PADATA_ENC_TIMESTAMP; - pa->padata_value.length = 0; - krb5_data_copy(&pa->padata_value, - buf + sizeof(buf) - len, - len); + pa->padata_value.length = len; + pa->padata_value.data = buf; return 0; } @@ -656,7 +646,7 @@ krb5_get_in_cred(krb5_context context, AS_REQ a; krb5_kdc_rep rep; krb5_data req, resp; - char buf[BUFSIZ]; + size_t len; krb5_salt salt; krb5_keyblock *key; size_t size; @@ -692,17 +682,15 @@ krb5_get_in_cred(krb5_context context, if (ret) return ret; - ret = encode_AS_REQ ((unsigned char*)buf + sizeof(buf) - 1, - sizeof(buf), - &a, - &req.length); + ASN1_MALLOC_ENCODE(AS_REQ, req.data, req.length, &a, &len, ret); free_AS_REQ(&a); if (ret) return ret; - - req.data = buf + sizeof(buf) - req.length; + if(len != req.length) + krb5_abortx(context, "internal error in ASN.1 encoder"); ret = krb5_sendto_kdc (context, &req, &creds->client->realm, &resp); + krb5_data_free(&req); if (ret) return ret; diff --git a/crypto/heimdal/lib/krb5/keytab_keyfile.c b/crypto/heimdal/lib/krb5/keytab_keyfile.c index 7dd0cd9..e4c4eb6 100644 --- a/crypto/heimdal/lib/krb5/keytab_keyfile.c +++ b/crypto/heimdal/lib/krb5/keytab_keyfile.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_keyfile.c,v 1.13 2002/04/18 14:04:21 joda Exp $"); +RCSID("$Id: keytab_keyfile.c,v 1.14 2002/09/09 14:22:26 nectar Exp $"); /* afs keyfile operations --------------------------------------- */ @@ -297,7 +297,7 @@ akf_add_entry(krb5_context context, fd = open (d->filename, O_RDWR | O_BINARY); if (fd < 0) { fd = open (d->filename, - O_RDWR | O_BINARY | O_CREAT, 0600); + O_RDWR | O_BINARY | O_CREAT | O_EXCL, 0600); if (fd < 0) { ret = errno; krb5_set_error_string(context, "open(%s): %s", d->filename, diff --git a/crypto/heimdal/lib/krb5/krb5-protos.h b/crypto/heimdal/lib/krb5/krb5-protos.h index 30ebf50..91a28f1 100644 --- a/crypto/heimdal/lib/krb5/krb5-protos.h +++ b/crypto/heimdal/lib/krb5/krb5-protos.h @@ -194,6 +194,12 @@ krb5_auth_con_genaddrs ( int /*flags*/); krb5_error_code +krb5_auth_con_generatelocalsubkey ( + krb5_context /*context*/, + krb5_auth_context /*auth_context*/, + krb5_keyblock */*key*/); + +krb5_error_code krb5_auth_con_getaddrs ( krb5_context /*context*/, krb5_auth_context /*auth_context*/, @@ -806,6 +812,12 @@ krb5_crypto_destroy ( krb5_crypto /*crypto*/); krb5_error_code +krb5_crypto_getblocksize ( + krb5_context /*context*/, + krb5_crypto /*crypto*/, + size_t */*blocksize*/); + +krb5_error_code krb5_crypto_init ( krb5_context /*context*/, const krb5_keyblock */*key*/, diff --git a/crypto/heimdal/lib/krb5/krb5.h b/crypto/heimdal/lib/krb5/krb5.h index c50833e..cb035bc 100644 --- a/crypto/heimdal/lib/krb5/krb5.h +++ b/crypto/heimdal/lib/krb5/krb5.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5.h,v 1.203 2002/08/22 10:06:20 joda Exp $ */ +/* $Id: krb5.h,v 1.205 2002/09/03 17:31:47 joda Exp $ */ #ifndef __KRB5_H__ #define __KRB5_H__ @@ -99,7 +99,6 @@ enum { ENCTYPE_DES3_CBC_NONE = ETYPE_DES3_CBC_NONE, ENCTYPE_DES_CFB64_NONE = ETYPE_DES_CFB64_NONE, ENCTYPE_DES_PCBC_NONE = ETYPE_DES_PCBC_NONE, - ENCTYPE_DES3_CBC_NONE_IVEC = ETYPE_DES3_CBC_NONE_IVEC }; typedef PADATA_TYPE krb5_preauthtype; @@ -208,7 +207,8 @@ typedef enum krb5_address_type { enum { AP_OPTS_USE_SESSION_KEY = 1, - AP_OPTS_MUTUAL_REQUIRED = 2 + AP_OPTS_MUTUAL_REQUIRED = 2, + AP_OPTS_USE_SUBKEY = 4 /* library internal */ }; typedef HostAddress krb5_address; diff --git a/crypto/heimdal/lib/krb5/krb5_appdefault.3 b/crypto/heimdal/lib/krb5/krb5_appdefault.3 index 750bb75..f82ec7a 100644 --- a/crypto/heimdal/lib/krb5/krb5_appdefault.3 +++ b/crypto/heimdal/lib/krb5/krb5_appdefault.3 @@ -1,5 +1,5 @@ .\" Copyright (c) 2000 Kungliga Tekniska Högskolan -.\" $Id: krb5_appdefault.3,v 1.7 2002/08/28 15:30:46 joda Exp $ +.\" $Id: krb5_appdefault.3,v 1.8 2002/09/13 14:49:31 joda Exp $ .Dd July 25, 2000 .Dt KRB5_APPDEFAULT 3 .Os HEIMDAL @@ -19,7 +19,7 @@ Kerberos 5 Library (libkrb5, -lkrb5) .Ft void .Fn krb5_appdefault_time "krb5_context context" "const char *appname" "krb5_realm realm" "const char *option" "time_t def_val" "time_t *ret_val" .Sh DESCRIPTION -These functions get application application defaults from the +These functions get application defaults from the .Dv appdefaults section of the .Xr krb5.conf 5 diff --git a/crypto/heimdal/lib/krb5/krb5_auth_context.3 b/crypto/heimdal/lib/krb5/krb5_auth_context.3 index afc81e8..2afaec5 100644 --- a/crypto/heimdal/lib/krb5/krb5_auth_context.3 +++ b/crypto/heimdal/lib/krb5/krb5_auth_context.3 @@ -1,5 +1,5 @@ .\" Copyright (c) 2001 Kungliga Tekniska Högskolan -.\" $Id: krb5_auth_context.3,v 1.4 2002/08/28 14:46:20 joda Exp $ +.\" $Id: krb5_auth_context.3,v 1.5 2002/09/02 12:42:00 joda Exp $ .Dd January 21, 2001 .Dt KRB5_AUTH_CONTEXT 3 .Os HEIMDAL @@ -34,7 +34,7 @@ .Nm krb5_auth_con_setrcache , .Nm krb5_auth_con_initivector , .Nm krb5_auth_con_setivector -.Nd manage authetication on connection level +.Nd manage authentication on connection level .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS diff --git a/crypto/heimdal/lib/krb5/krb5_context.3 b/crypto/heimdal/lib/krb5/krb5_context.3 index 6794f5a..a90ab72 100644 --- a/crypto/heimdal/lib/krb5/krb5_context.3 +++ b/crypto/heimdal/lib/krb5/krb5_context.3 @@ -1,5 +1,5 @@ .\" Copyright (c) 2001 Kungliga Tekniska Högskolan -.\" $Id: krb5_context.3,v 1.3 2002/08/28 15:30:48 joda Exp $ +.\" $Id: krb5_context.3,v 1.4 2002/09/02 12:42:00 joda Exp $ .Dd January 21, 2001 .Dt KRB5_CONTEXT 3 .Os HEIMDAL @@ -10,8 +10,8 @@ The .Nm structure is designed to hold all per thread state. All global -variables that are context specific are stored in this struture, -including default encryption types, credential-cache (ticket file), and +variables that are context specific are stored in this structure, +including default encryption types, credentials-cache (ticket file), and default realms. .Pp The internals of the structure should never be accessed directly, diff --git a/crypto/heimdal/lib/krb5/krb5_init_context.3 b/crypto/heimdal/lib/krb5/krb5_init_context.3 index e59b0d0..8a1141a 100644 --- a/crypto/heimdal/lib/krb5/krb5_init_context.3 +++ b/crypto/heimdal/lib/krb5/krb5_init_context.3 @@ -1,5 +1,5 @@ .\" Copyright (c) 2001 Kungliga Tekniska Högskolan -.\" $Id: krb5_init_context.3,v 1.5 2002/08/28 15:30:53 joda Exp $ +.\" $Id: krb5_init_context.3,v 1.6 2002/09/02 12:42:00 joda Exp $ .Dd January 21, 2001 .Dt KRB5_CONTEXT 3 .Os HEIMDAL @@ -20,7 +20,7 @@ The .Fn krb5_init_context function initializes the .Fa context -structure and reads the configration file +structure and reads the configuration file .Pa /etc/krb5.conf . .Pp The structure should be freed by calling diff --git a/crypto/heimdal/lib/krb5/krb5_parse_name.3 b/crypto/heimdal/lib/krb5/krb5_parse_name.3 index 1491117..285c4e2 100644 --- a/crypto/heimdal/lib/krb5/krb5_parse_name.3 +++ b/crypto/heimdal/lib/krb5/krb5_parse_name.3 @@ -1,5 +1,5 @@ .\" Copyright (c) 1997 Kungliga Tekniska Högskolan -.\" $Id: krb5_parse_name.3,v 1.5 2002/08/28 15:30:55 joda Exp $ +.\" $Id: krb5_parse_name.3,v 1.6 2002/09/02 12:42:00 joda Exp $ .Dd August 8, 1997 .Dt KRB5_PARSE_NAME 3 .Os HEIMDAL @@ -14,7 +14,7 @@ Kerberos 5 Library (libkrb5, -lkrb5) .Fn krb5_parse_name "krb5_context context" "const char *name" "krb5_principal *principal" .Sh DESCRIPTION .Fn krb5_parse_name -converts a string representation of a princpal name to +converts a string representation of a principal name to .Nm krb5_principal . The .Fa principal diff --git a/crypto/heimdal/lib/krb5/krb5_unparse_name.3 b/crypto/heimdal/lib/krb5/krb5_unparse_name.3 index 0eee63b..e58b911 100644 --- a/crypto/heimdal/lib/krb5/krb5_unparse_name.3 +++ b/crypto/heimdal/lib/krb5/krb5_unparse_name.3 @@ -1,5 +1,5 @@ .\" Copyright (c) 1997 Kungliga Tekniska Högskolan -.\" $Id: krb5_unparse_name.3,v 1.5 2002/08/28 15:30:57 joda Exp $ +.\" $Id: krb5_unparse_name.3,v 1.6 2002/09/02 12:42:00 joda Exp $ .Dd August 8, 1997 .Dt KRB5_UNPARSE_NAME 3 .Os HEIMDAL @@ -18,7 +18,8 @@ Kerberos 5 Library (libkrb5, -lkrb5) .Sh DESCRIPTION This function takes a .Fa principal , -and will convert in to a printable representation with the same syntax as decribed in +and will convert in to a printable representation with the same syntax +as described in .Xr krb5_parse_name 3 . .Fa *name will point to allocated data and should be freed by the caller. diff --git a/crypto/heimdal/lib/krb5/kuserok.c b/crypto/heimdal/lib/krb5/kuserok.c index ae8ddec..17770c1 100644 --- a/crypto/heimdal/lib/krb5/kuserok.c +++ b/crypto/heimdal/lib/krb5/kuserok.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: kuserok.c,v 1.5 1999/12/02 17:05:11 joda Exp $"); +RCSID("$Id: kuserok.c,v 1.6 2002/09/16 17:32:11 nectar Exp $"); /* * Return TRUE iff `principal' is allowed to login as `luser'. @@ -88,9 +88,7 @@ krb5_kuserok (krb5_context context, while (fgets (buf, sizeof(buf), f) != NULL) { krb5_principal tmp; - if(buf[strlen(buf) - 1] == '\n') - buf[strlen(buf) - 1] = '\0'; - + buf[strcspn(buf, "\n")] = '\0'; ret = krb5_parse_name (context, buf, &tmp); if (ret) { fclose (f); diff --git a/crypto/heimdal/lib/krb5/log.c b/crypto/heimdal/lib/krb5/log.c index ecdb753..bd7451b 100644 --- a/crypto/heimdal/lib/krb5/log.c +++ b/crypto/heimdal/lib/krb5/log.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: log.c,v 1.30 2002/08/20 09:49:09 joda Exp $"); +RCSID("$Id: log.c,v 1.31 2002/09/05 14:59:14 joda Exp $"); struct facility { int min; @@ -382,24 +382,33 @@ krb5_vlog_msg(krb5_context context, va_list ap) __attribute__((format (printf, 5, 0))) { - char *msg; - const char *actual; + + char *msg = NULL; + const char *actual = NULL; char buf[64]; - time_t t; + time_t t = 0; int i; - vasprintf(&msg, fmt, ap); - if (msg != NULL) - actual = msg; - else - actual = fmt; - t = time(NULL); - krb5_format_time(context, t, buf, sizeof(buf), TRUE); - for(i = 0; i < fac->len; i++) + for(i = 0; fac && i < fac->len; i++) if(fac->val[i].min <= level && - (fac->val[i].max < 0 || fac->val[i].max >= level)) + (fac->val[i].max < 0 || fac->val[i].max >= level)) { + if(t == 0) { + t = time(NULL); + krb5_format_time(context, t, buf, sizeof(buf), TRUE); + } + if(actual == NULL) { + vasprintf(&msg, fmt, ap); + if(msg == NULL) + actual = fmt; + else + actual = msg; + } (*fac->val[i].log)(buf, actual, fac->val[i].data); - *reply = msg; + } + if(reply == NULL) + free(msg); + else + *reply = msg; return 0; } @@ -411,12 +420,7 @@ krb5_vlog(krb5_context context, va_list ap) __attribute__((format (printf, 4, 0))) { - char *msg; - krb5_error_code ret; - - ret = krb5_vlog_msg(context, fac, &msg, level, fmt, ap); - free(msg); - return ret; + return krb5_vlog_msg(context, fac, NULL, level, fmt, ap); } krb5_error_code diff --git a/crypto/heimdal/lib/krb5/mk_error.c b/crypto/heimdal/lib/krb5/mk_error.c index 249f478..ae9e10a 100644 --- a/crypto/heimdal/lib/krb5/mk_error.c +++ b/crypto/heimdal/lib/krb5/mk_error.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: mk_error.c,v 1.17 2002/03/27 09:29:43 joda Exp $"); +RCSID("$Id: mk_error.c,v 1.18 2002/09/04 16:26:04 joda Exp $"); krb5_error_code krb5_mk_error(krb5_context context, @@ -47,8 +47,6 @@ krb5_mk_error(krb5_context context, krb5_data *reply) { KRB_ERROR msg; - u_char *buf; - size_t buf_size; int32_t sec, usec; size_t len; krb5_error_code ret = 0; @@ -84,45 +82,10 @@ krb5_mk_error(krb5_context context, msg.cname = &client->name; } - buf_size = 1024; - buf = malloc (buf_size); - if (buf == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - - do { - ret = encode_KRB_ERROR(buf + buf_size - 1, - buf_size, - &msg, - &len); - if (ret) { - if (ret == ASN1_OVERFLOW) { - u_char *tmp; - - buf_size *= 2; - tmp = realloc (buf, buf_size); - if (tmp == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); - ret = ENOMEM; - goto out; - } - buf = tmp; - } else { - goto out; - } - } - } while (ret == ASN1_OVERFLOW); - - reply->length = len; - reply->data = malloc(len); - if (reply->data == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); - ret = ENOMEM; - goto out; - } - memcpy (reply->data, buf + buf_size - len, len); -out: - free (buf); - return ret; + ASN1_MALLOC_ENCODE(KRB_ERROR, reply->data, reply->length, &msg, &len, ret); + if (ret) + return ret; + if(reply->length != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); + return 0; } diff --git a/crypto/heimdal/lib/krb5/mk_priv.c b/crypto/heimdal/lib/krb5/mk_priv.c index 3f49a41..b89f7e9 100644 --- a/crypto/heimdal/lib/krb5/mk_priv.c +++ b/crypto/heimdal/lib/krb5/mk_priv.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,12 +33,9 @@ #include <krb5_locl.h> -RCSID("$Id: mk_priv.c,v 1.30 2001/06/18 02:44:54 assar Exp $"); - -/* - * - */ +RCSID("$Id: mk_priv.c,v 1.31 2002/09/04 16:26:04 joda Exp $"); + krb5_error_code krb5_mk_priv(krb5_context context, krb5_auth_context auth_context, @@ -83,35 +80,11 @@ krb5_mk_priv(krb5_context context, part.s_address = auth_context->local_address; part.r_address = auth_context->remote_address; - buf_size = 1024; - buf = malloc (buf_size); - if (buf == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - krb5_data_zero (&s.enc_part.cipher); - do { - ret = encode_EncKrbPrivPart (buf + buf_size - 1, buf_size, - &part, &len); - if (ret) { - if (ret == ASN1_OVERFLOW) { - u_char *tmp; - - buf_size *= 2; - tmp = realloc (buf, buf_size); - if (tmp == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); - ret = ENOMEM; - goto fail; - } - buf = tmp; - } else { - goto fail; - } - } - } while(ret == ASN1_OVERFLOW); + ASN1_MALLOC_ENCODE(EncKrbPrivPart, buf, buf_size, &part, &len, ret); + if (ret) + goto fail; s.pvno = 5; s.msg_type = krb_priv; @@ -134,37 +107,21 @@ krb5_mk_priv(krb5_context context, free(buf); return ret; } + free(buf); + - do { - ret = encode_KRB_PRIV (buf + buf_size - 1, buf_size, &s, &len); - - if (ret){ - if (ret == ASN1_OVERFLOW) { - u_char *tmp; - - buf_size *= 2; - tmp = realloc (buf, buf_size); - if (tmp == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); - ret = ENOMEM; - goto fail; - } - buf = tmp; - } else { - goto fail; - } - } - } while(ret == ASN1_OVERFLOW); + ASN1_MALLOC_ENCODE(KRB_PRIV, buf, buf_size, &s, &len, ret); + + if(ret) + goto fail; krb5_data_free (&s.enc_part.cipher); - outbuf->length = len; - outbuf->data = malloc (len); - if (outbuf->data == NULL) { + ret = krb5_data_copy(outbuf, buf + buf_size - len, len); + if (ret) { krb5_set_error_string (context, "malloc: out of memory"); free(buf); return ENOMEM; } - memcpy (outbuf->data, buf + buf_size - len, len); free (buf); if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) auth_context->local_seqnumber = diff --git a/crypto/heimdal/lib/krb5/mk_rep.c b/crypto/heimdal/lib/krb5/mk_rep.c index fc6b4f2..b955555 100644 --- a/crypto/heimdal/lib/krb5/mk_rep.c +++ b/crypto/heimdal/lib/krb5/mk_rep.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: mk_rep.c,v 1.19 2001/05/14 06:14:49 assar Exp $"); +RCSID("$Id: mk_rep.c,v 1.20 2002/09/04 16:26:05 joda Exp $"); krb5_error_code krb5_mk_rep(krb5_context context, @@ -72,21 +72,10 @@ krb5_mk_rep(krb5_context context, ap.enc_part.etype = auth_context->keyblock->keytype; ap.enc_part.kvno = NULL; - buf_size = length_EncAPRepPart(&body); - buf = malloc (buf_size); - if (buf == NULL) { - free_EncAPRepPart (&body); - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - - ret = krb5_encode_EncAPRepPart (context, - buf + buf_size - 1, - buf_size, - &body, - &len); - + ASN1_MALLOC_ENCODE(EncAPRepPart, buf, buf_size, &body, &len, ret); free_EncAPRepPart (&body); + if(ret) + return ret; ret = krb5_crypto_init(context, auth_context->keyblock, 0 /* ap.enc_part.etype */, &crypto); if (ret) { @@ -105,20 +94,7 @@ krb5_mk_rep(krb5_context context, return ret; } - buf_size = length_AP_REP(&ap); - buf = realloc(buf, buf_size); - if(buf == NULL) { - free_AP_REP (&ap); - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - ret = encode_AP_REP (buf + buf_size - 1, buf_size, &ap, &len); - + ASN1_MALLOC_ENCODE(AP_REP, outbuf->data, outbuf->length, &ap, &len, ret); free_AP_REP (&ap); - - if(len != buf_size) - krb5_abortx(context, "krb5_mk_rep: encoded length != calculated length"); - outbuf->data = buf; - outbuf->length = len; - return 0; + return ret; } diff --git a/crypto/heimdal/lib/krb5/mk_req_ext.c b/crypto/heimdal/lib/krb5/mk_req_ext.c index 5ab7a1c..aa5e3c4 100644 --- a/crypto/heimdal/lib/krb5/mk_req_ext.c +++ b/crypto/heimdal/lib/krb5/mk_req_ext.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: mk_req_ext.c,v 1.25 2001/05/09 07:15:00 assar Exp $"); +RCSID("$Id: mk_req_ext.c,v 1.26 2002/09/02 17:13:52 joda Exp $"); krb5_error_code krb5_mk_req_internal(krb5_context context, @@ -62,6 +62,12 @@ krb5_mk_req_internal(krb5_context context, if(ret) return ret; + if(ac->local_subkey == NULL && (ap_req_options & AP_OPTS_USE_SUBKEY)) { + ret = krb5_auth_con_generatelocalsubkey(context, ac, &in_creds->session); + if(ret) + return ret; + } + #if 0 { /* This is somewhat bogus since we're possibly overwriting a diff --git a/crypto/heimdal/lib/krb5/mk_safe.c b/crypto/heimdal/lib/krb5/mk_safe.c index 114aa8e..a839df4 100644 --- a/crypto/heimdal/lib/krb5/mk_safe.c +++ b/crypto/heimdal/lib/krb5/mk_safe.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: mk_safe.c,v 1.27 2001/06/18 02:45:15 assar Exp $"); +RCSID("$Id: mk_safe.c,v 1.28 2002/09/04 16:26:05 joda Exp $"); krb5_error_code krb5_mk_safe(krb5_context context, @@ -48,7 +48,6 @@ krb5_mk_safe(krb5_context context, KerberosTime sec2; int usec2; u_char *buf = NULL; - void *tmp; size_t buf_size; size_t len; u_int32_t tmp_seq; @@ -85,17 +84,11 @@ krb5_mk_safe(krb5_context context, s.cksum.checksum.data = NULL; s.cksum.checksum.length = 0; - buf_size = length_KRB_SAFE(&s); - buf = malloc(buf_size + 128); /* add some for checksum */ - if(buf == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - ret = encode_KRB_SAFE (buf + buf_size - 1, buf_size, &s, &len); - if (ret) { - free (buf); + ASN1_MALLOC_ENCODE(KRB_SAFE, buf, buf_size, &s, &len, ret); + if (ret) return ret; - } + if(buf_size != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); ret = krb5_crypto_init(context, key, 0, &crypto); if (ret) { free (buf); @@ -105,7 +98,7 @@ krb5_mk_safe(krb5_context context, crypto, KRB5_KU_KRB_SAFE_CKSUM, 0, - buf + buf_size - len, + buf, len, &s.cksum); krb5_crypto_destroy(context, crypto); @@ -114,27 +107,16 @@ krb5_mk_safe(krb5_context context, return ret; } - buf_size = length_KRB_SAFE(&s); - tmp = realloc(buf, buf_size); - if(tmp == NULL) { - free(buf); - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - buf = tmp; - - ret = encode_KRB_SAFE (buf + buf_size - 1, buf_size, &s, &len); + free(buf); + ASN1_MALLOC_ENCODE(KRB_SAFE, buf, buf_size, &s, &len, ret); free_Checksum (&s.cksum); + if(ret) + return ret; + if(buf_size != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); outbuf->length = len; - outbuf->data = malloc (len); - if (outbuf->data == NULL) { - free (buf); - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - memcpy (outbuf->data, buf + buf_size - len, len); - free (buf); + outbuf->data = buf; if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) auth_context->local_seqnumber = (auth_context->local_seqnumber + 1) & 0xFFFFFFFF; diff --git a/crypto/heimdal/lib/krb5/name-45-test.c b/crypto/heimdal/lib/krb5/name-45-test.c new file mode 100644 index 0000000..373586e --- /dev/null +++ b/crypto/heimdal/lib/krb5/name-45-test.c @@ -0,0 +1,277 @@ +/* + * Copyright (c) 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of KTH nor the names of its contributors may be + * used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ + +#include "krb5_locl.h" + +RCSID("$Id: name-45-test.c,v 1.2 2002/08/31 03:33:07 assar Exp $"); + +enum { MAX_COMPONENTS = 3 }; + +static struct testcase { + const char *v4_name; + const char *v4_inst; + const char *v4_realm; + + krb5_realm v5_realm; + unsigned ncomponents; + char *comp_val[MAX_COMPONENTS]; + + const char *config_file; + krb5_error_code ret; /* expected error code from 524 */ + + krb5_error_code ret2; /* expected error code from 425 */ +} tests[] = { + {"", "", "", "", 1, {""}, NULL, 0, 0}, + {"a", "", "", "", 1, {"a"}, NULL, 0, 0}, + {"a", "b", "", "", 2, {"a", "b"}, NULL, 0, 0}, + {"a", "b", "c", "c", 2, {"a", "b"}, NULL, 0, 0}, + + {"krbtgt", "FOO.SE", "FOO.SE", "FOO.SE", 2, + {"krbtgt", "FOO.SE"}, NULL, 0, 0}, + + {"foo", "bar", "BAZ", "BAZ", 2, + {"foo", "bar"}, NULL, 0, 0}, + {"foo", "bar", "BAZ", "BAZ", 2, + {"foo", "bar"}, + "[libdefaults]\n" + " v4_name_convert = {\n" + " host = {\n" + " foo = foo5\n" + " }\n" + "}\n", + HEIM_ERR_V4_PRINC_NO_CONV, 0}, + {"foo", "bar", "BAZ", "BAZ", 2, + {"foo5", "bar.baz"}, + "[realms]\n" + " BAZ = {\n" + " v4_name_convert = {\n" + " host = {\n" + " foo = foo5\n" + " }\n" + " }\n" + " v4_instance_convert = {\n" + " bar = bar.baz\n" + " }\n" + " }\n", + 0, 0}, + + {"rcmd", "foo", "realm", "realm", 2, {"host", "foo"}, NULL, + HEIM_ERR_V4_PRINC_NO_CONV, 0}, + {"rcmd", "foo", "realm", "realm", 2, {"host", "foo.realm"}, + "[realms]\n" + " realm = {\n" + " v4_instance_convert = {\n" + " foo = foo.realm\n" + " }\n" + " }\n", + 0, 0}, + + {"pop", "mail0", "NADA.KTH.SE", "NADA.KTH.SE", 2, + {"pop", "mail0.nada.kth.se"}, NULL, HEIM_ERR_V4_PRINC_NO_CONV, 0}, + {"pop", "mail0", "NADA.KTH.SE", "NADA.KTH.SE", 2, + {"pop", "mail0.nada.kth.se"}, + "[realms]\n" + " NADA.KTH.SE = {\n" + " default_domain = nada.kth.se\n" + " }\n", + 0, 0}, + {"pop", "mail0", "NADA.KTH.SE", "NADA.KTH.SE", 2, + {"pop", "mail0.nada.kth.se"}, + "[libdefaults]\n" + " v4_instance_resolve = true\n", + HEIM_ERR_V4_PRINC_NO_CONV, 0}, + + {"rcmd", "ratatosk", "NADA.KTH.SE", "NADA.KTH.SE", 2, + {"host", "ratatosk.pdc.kth.se"}, NULL, HEIM_ERR_V4_PRINC_NO_CONV, 0}, + {"rcmd", "ratatosk", "NADA.KTH.SE", "NADA.KTH.SE", 2, + {"host", "ratatosk.pdc.kth.se"}, + "[libdefaults]\n" + " v4_instance_resolve = true\n" + "[realms]\n" + " NADA.KTH.SE = {\n" + " v4_name_convert = {\n" + " host = {\n" + " rcmd = host\n" + " }\n" + " }\n" + " default_domain = pdc.kth.se\n" + " }\n", + 0, 0}, + + {"0123456789012345678901234567890123456789", + "0123456789012345678901234567890123456789", + "0123456789012345678901234567890123456789", + "0123456789012345678901234567890123456789", + 2, {"0123456789012345678901234567890123456789", + "0123456789012345678901234567890123456789"}, NULL, + 0, KRB5_PARSE_MALFORMED}, + + {"012345678901234567890123456789012345678", + "012345678901234567890123456789012345678", + "012345678901234567890123456789012345678", + "012345678901234567890123456789012345678", + 2, {"012345678901234567890123456789012345678", + "012345678901234567890123456789012345678"}, NULL, + 0, 0}, + + {NULL, NULL, NULL, NULL, 0, {}, NULL, 0} +}; + +int +main(int argc, char **argv) +{ + struct testcase *t; + krb5_context context; + krb5_error_code ret; + int val = 0; + + for (t = tests; t->v4_name; ++t) { + krb5_principal princ; + int i; + char name[40], inst[40], realm[40]; + char printable_princ[256]; + + ret = krb5_init_context (&context); + if (ret) + errx (1, "krb5_init_context failed: %d", ret); + + if (t->config_file != NULL) { + char template[] = "/tmp/krb5-conf-XXXXXX"; + int fd = mkstemp(template); + char *files[2]; + + if (fd < 0) + krb5_err (context, 1, errno, "mkstemp %s", template); + + if (write (fd, t->config_file, strlen(t->config_file)) + != strlen(t->config_file)) + krb5_err (context, 1, errno, "write %s", template); + close (fd); + files[0] = template; + files[1] = NULL; + + ret = krb5_set_config_files (context, files); + unlink (template); + if (ret) + krb5_err (context, 1, ret, "krb5_set_config_files"); + } + + ret = krb5_425_conv_principal (context, + t->v4_name, + t->v4_inst, + t->v4_realm, + &princ); + if (ret) { + if (ret != t->ret) { + krb5_warn (context, ret, + "krb5_425_conv_principal %s.%s@%s", + t->v4_name, t->v4_inst, t->v4_realm); + val = 1; + } + } else { + if (t->ret) { + krb5_warnx (context, + "krb5_425_conv_principal %s.%s@%s " + "passed unexpected", + t->v4_name, t->v4_inst, t->v4_realm); + val = 1; + continue; + } + } + + if (ret) + continue; + + if (strcmp (t->v5_realm, princ->realm) != 0) { + printf ("wrong realm (\"%s\" should be \"%s\")" + " for \"%s.%s@%s\"\n", + princ->realm, t->v5_realm, + t->v4_name, + t->v4_inst, + t->v4_realm); + val = 1; + } + + if (t->ncomponents != princ->name.name_string.len) { + printf ("wrong number of components (%u should be %u)" + " for \"%s.%s@%s\"\n", + princ->name.name_string.len, t->ncomponents, + t->v4_name, + t->v4_inst, + t->v4_realm); + val = 1; + } else { + for (i = 0; i < t->ncomponents; ++i) { + if (strcmp(t->comp_val[i], + princ->name.name_string.val[i]) != 0) { + printf ("bad component %d (\"%s\" should be \"%s\")" + " for \"%s.%s@%s\"\n", + i, + princ->name.name_string.val[i], + t->comp_val[i], + t->v4_name, + t->v4_inst, + t->v4_realm); + val = 1; + } + } + } + ret = krb5_524_conv_principal (context, princ, + name, inst, realm); + if (krb5_unparse_name_fixed(context, princ, + printable_princ, sizeof(printable_princ))) + strlcpy(printable_princ, "unknown principal", + sizeof(printable_princ)); + if (ret) { + if (ret != t->ret2) { + krb5_warn (context, ret, + "krb5_524_conv_principal %s", printable_princ); + val = 1; + } + } else { + if (t->ret2) { + krb5_warnx (context, + "krb5_524_conv_principal %s " + "passed unexpected", printable_princ); + val = 1; + continue; + } + } + if (ret) { + krb5_free_principal (context, princ); + continue; + } + + krb5_free_principal (context, princ); + } + return val; +} diff --git a/crypto/heimdal/lib/krb5/prompter_posix.c b/crypto/heimdal/lib/krb5/prompter_posix.c index 4b9c573..4aea3a4 100644 --- a/crypto/heimdal/lib/krb5/prompter_posix.c +++ b/crypto/heimdal/lib/krb5/prompter_posix.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: prompter_posix.c,v 1.6 2001/05/11 20:26:49 assar Exp $"); +RCSID("$Id: prompter_posix.c,v 1.7 2002/09/16 17:32:11 nectar Exp $"); int krb5_prompter_posix (krb5_context context, @@ -65,8 +65,7 @@ krb5_prompter_posix (krb5_context context, prompts[i].reply->length, stdin) == NULL) return 1; - if(s[strlen(s) - 1] == '\n') - s[strlen(s) - 1] = '\0'; + s[strcspn(s, "\n")] = '\0'; } } return 0; diff --git a/crypto/heimdal/lib/krb5/rd_cred.c b/crypto/heimdal/lib/krb5/rd_cred.c index 401770b..4a7d74c 100644 --- a/crypto/heimdal/lib/krb5/rd_cred.c +++ b/crypto/heimdal/lib/krb5/rd_cred.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: rd_cred.c,v 1.17 2002/08/09 17:07:12 joda Exp $"); +RCSID("$Id: rd_cred.c,v 1.18 2002/09/04 16:26:05 joda Exp $"); krb5_error_code krb5_rd_cred(krb5_context context, @@ -214,7 +214,6 @@ krb5_rd_cred(krb5_context context, for (i = 0; i < enc_krb_cred_part.ticket_info.len; ++i) { KrbCredInfo *kci = &enc_krb_cred_part.ticket_info.val[i]; krb5_creds *creds; - u_char buf[1024]; size_t len; creds = calloc(1, sizeof(*creds)); @@ -224,12 +223,12 @@ krb5_rd_cred(krb5_context context, goto out; } - ret = encode_Ticket (buf + sizeof(buf) - 1, sizeof(buf), - &cred.tickets.val[i], - &len); + ASN1_MALLOC_ENCODE(Ticket, creds->ticket.data, creds->ticket.length, + &cred.tickets.val[i], &len, ret); if (ret) goto out; - krb5_data_copy (&creds->ticket, buf + sizeof(buf) - len, len); + if(creds->ticket.length != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); copy_EncryptionKey (&kci->key, &creds->session); if (kci->prealm && kci->pname) principalname2krb5_principal (&creds->client, diff --git a/crypto/heimdal/lib/krb5/rd_safe.c b/crypto/heimdal/lib/krb5/rd_safe.c index 71271c6..bbba237 100644 --- a/crypto/heimdal/lib/krb5/rd_safe.c +++ b/crypto/heimdal/lib/krb5/rd_safe.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: rd_safe.c,v 1.26 2002/02/14 12:47:47 joda Exp $"); +RCSID("$Id: rd_safe.c,v 1.27 2002/09/04 16:26:05 joda Exp $"); static krb5_error_code verify_checksum(krb5_context context, @@ -53,19 +53,11 @@ verify_checksum(krb5_context context, safe->cksum.checksum.data = NULL; safe->cksum.checksum.length = 0; - buf_size = length_KRB_SAFE(safe); - buf = malloc(buf_size); - - if (buf == NULL) { - ret = ENOMEM; - krb5_set_error_string (context, "malloc: out of memory"); - goto out; - } - - ret = encode_KRB_SAFE (buf + buf_size - 1, - buf_size, - safe, - &len); + ASN1_MALLOC_ENCODE(KRB_SAFE, buf, buf_size, safe, &len, ret); + if(ret) + return ret; + if(buf_size != len) + krb5_abortx(context, "internal error in ASN.1 encoder"); if (auth_context->remote_subkey) key = auth_context->remote_subkey; diff --git a/crypto/heimdal/lib/krb5/sendauth.c b/crypto/heimdal/lib/krb5/sendauth.c index 8f2c544..c2889ee 100644 --- a/crypto/heimdal/lib/krb5/sendauth.c +++ b/crypto/heimdal/lib/krb5/sendauth.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: sendauth.c,v 1.18 2001/05/14 06:14:51 assar Exp $"); +RCSID("$Id: sendauth.c,v 1.19 2002/09/04 21:34:43 joda Exp $"); /* * The format seems to be: @@ -86,6 +86,7 @@ krb5_sendauth(krb5_context context, krb5_principal this_client = NULL; krb5_creds *creds; ssize_t sret; + krb5_boolean my_ccache = FALSE; len = strlen(version) + 1; net_len = htonl(len); @@ -125,12 +126,16 @@ krb5_sendauth(krb5_context context, ret = krb5_cc_default (context, &ccache); if (ret) return ret; + my_ccache = TRUE; } if (client == NULL) { ret = krb5_cc_get_principal (context, ccache, &this_client); - if (ret) + if (ret) { + if(my_ccache) + krb5_cc_close(context, ccache); return ret; + } client = this_client; } memset(&this_cred, 0, sizeof(this_cred)); @@ -142,11 +147,16 @@ krb5_sendauth(krb5_context context, } if (in_creds->ticket.length == 0) { ret = krb5_get_credentials (context, 0, ccache, in_creds, &creds); - if (ret) + if (ret) { + if(my_ccache) + krb5_cc_close(context, ccache); return ret; + } } else { creds = in_creds; } + if(my_ccache) + krb5_cc_close(context, ccache); ret = krb5_mk_req_extended (context, auth_context, ap_req_options, diff --git a/crypto/heimdal/lib/krb5/transited.c b/crypto/heimdal/lib/krb5/transited.c index dbe6c80..b587c63 100644 --- a/crypto/heimdal/lib/krb5/transited.c +++ b/crypto/heimdal/lib/krb5/transited.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: transited.c,v 1.8 2001/05/14 06:14:52 assar Exp $"); +RCSID("$Id: transited.c,v 1.9 2002/09/09 14:03:03 nectar Exp $"); /* this is an attempt at one of the most horrible `compression' schemes that has ever been invented; it's so amazingly brain-dead @@ -318,8 +318,9 @@ krb5_domain_x500_decode(krb5_context context, if(ret) return ret; - /* remove empty components */ + /* remove empty components and count realms */ q = &r; + *num_realms = 0; for(p = r; p; ){ if(p->realm[0] == '\0'){ free(p->realm); @@ -329,22 +330,20 @@ krb5_domain_x500_decode(krb5_context context, }else{ q = &p->next; p = p->next; + (*num_realms)++; } } + if (*num_realms < 0 || *num_realms + 1 > UINT_MAX/sizeof(**realms)) + return ERANGE; + { char **R; - *realms = NULL; - *num_realms = 0; + R = malloc((*num_realms + 1) * sizeof(*R)); + if (R == NULL) + return ENOMEM; + *realms = R; while(r){ - R = realloc(*realms, (*num_realms + 1) * sizeof(**realms)); - if(R == NULL) { - free(*realms); - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - R[*num_realms] = r->realm; - (*num_realms)++; - *realms = R; + *R++ = r->realm; p = r->next; free(r); r = p; diff --git a/crypto/heimdal/lib/roken/ChangeLog b/crypto/heimdal/lib/roken/ChangeLog index 9f209a8..6097a89 100644 --- a/crypto/heimdal/lib/roken/ChangeLog +++ b/crypto/heimdal/lib/roken/ChangeLog @@ -1,3 +1,45 @@ +2002-09-10 Johan Danielsson <joda@pdc.kth.se> + + * roken.awk: include config.h before stdio.h (breaks with + _FILE_OFFSET_BITS on solaris otherwise) + +2002-09-09 Johan Danielsson <joda@pdc.kth.se> + + * resolve.c: fix res_nsearch call, but don't use it for now, AIX5 + has a broken version that trashes memory + + * roken-common.h: fix typo in previous + + * roken-common.h: change IRIX == 4 to IRIX4 + +2002-09-04 Assar Westerlund <assar@kth.se> + + * getifaddrs.c: remove some warnings from the linux-portion + + * getnameinfo_verified.c (getnameinfo_verified): handle the case + of forward but no backward DNS information, and also describe the + desired behaviour. from Love <lha@stacken.kth.se> + +2002-09-04 Johan Danielsson <joda@pdc.kth.se> + + * rtbl.c (rtbl_destroy): free whole table + + * resolve.c: use res_nsearch if we have it (from Larry Greenfield) + +2002-09-03 Assar Westerlund <assar@kth.se> + + * getifaddrs.c: add Linux AF_NETLINK getifaddrs from Hideaki + YOSHIFUJI of the Usagi project + + * parse_reply-test.c: make this build and return 77 if there is no + mmap + + * Makefile.am (parse_reply-test): add + * parse_reply-test.c: add a test case for parse_reply reading past + the given buffer + * resolve.c (parse_reply): update the arguments to more reasonable + types. allow parse_reply-test to call it + 2002-08-28 Johan Danielsson <joda@pdc.kth.se> * resolve.c (dns_srv_order): do alignment tricks with the random() diff --git a/crypto/heimdal/lib/roken/Makefile.am b/crypto/heimdal/lib/roken/Makefile.am index 13121ad..a1dc45d 100644 --- a/crypto/heimdal/lib/roken/Makefile.am +++ b/crypto/heimdal/lib/roken/Makefile.am @@ -1,4 +1,4 @@ -# $Id: Makefile.am,v 1.120 2002/05/31 02:44:37 assar Exp $ +# $Id: Makefile.am,v 1.122 2002/09/09 19:17:01 joda Exp $ include $(top_srcdir)/Makefile.am.common @@ -7,7 +7,7 @@ ACLOCAL_AMFLAGS = -I ../../cf CLEANFILES = roken.h make-roken.c $(XHEADERS) lib_LTLIBRARIES = libroken.la -libroken_la_LDFLAGS = -version-info 16:0:7 +libroken_la_LDFLAGS = -version-info 16:0:0 noinst_PROGRAMS = make-roken snprintf-test @@ -17,6 +17,7 @@ check_PROGRAMS = \ base64-test \ getaddrinfo-test \ parse_bytes-test \ + parse_reply-test \ snprintf-test \ strpftime-test @@ -29,6 +30,9 @@ noinst_LTLIBRARIES = libtest.la libtest_la_SOURCES = strftime.c strptime.c snprintf.c libtest_la_CFLAGS = -DTEST_SNPRINTF +parse_reply_test_SOURCES = parse_reply-test.c resolve.c +parse_reply_test_CFLAGS = -DTEST_RESOLVE + strpftime_test_SOURCES = strpftime-test.c strpftime_test_LDADD = libtest.la $(LDADD) snprintf_test_SOURCES = snprintf-test.c diff --git a/crypto/heimdal/lib/roken/Makefile.in b/crypto/heimdal/lib/roken/Makefile.in index 7969334..730821f 100644 --- a/crypto/heimdal/lib/roken/Makefile.in +++ b/crypto/heimdal/lib/roken/Makefile.in @@ -14,7 +14,7 @@ @SET_MAKE@ -# $Id: Makefile.am,v 1.120 2002/05/31 02:44:37 assar Exp $ +# $Id: Makefile.am,v 1.122 2002/09/09 19:17:01 joda Exp $ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ @@ -207,7 +207,7 @@ ACLOCAL_AMFLAGS = -I ../../cf CLEANFILES = roken.h make-roken.c $(XHEADERS) lib_LTLIBRARIES = libroken.la -libroken_la_LDFLAGS = -version-info 16:0:7 +libroken_la_LDFLAGS = -version-info 16:0:0 noinst_PROGRAMS = make-roken snprintf-test @@ -217,6 +217,7 @@ check_PROGRAMS = \ base64-test \ getaddrinfo-test \ parse_bytes-test \ + parse_reply-test \ snprintf-test \ strpftime-test @@ -230,6 +231,9 @@ noinst_LTLIBRARIES = libtest.la libtest_la_SOURCES = strftime.c strptime.c snprintf.c libtest_la_CFLAGS = -DTEST_SNPRINTF +parse_reply_test_SOURCES = parse_reply-test.c resolve.c +parse_reply_test_CFLAGS = -DTEST_RESOLVE + strpftime_test_SOURCES = strpftime-test.c strpftime_test_LDADD = libtest.la $(LDADD) snprintf_test_SOURCES = snprintf-test.c @@ -422,8 +426,8 @@ am_libtest_la_OBJECTS = libtest_la-strftime.lo libtest_la-strptime.lo \ libtest_la-snprintf.lo libtest_la_OBJECTS = $(am_libtest_la_OBJECTS) check_PROGRAMS = base64-test$(EXEEXT) getaddrinfo-test$(EXEEXT) \ - parse_bytes-test$(EXEEXT) snprintf-test$(EXEEXT) \ - strpftime-test$(EXEEXT) + parse_bytes-test$(EXEEXT) parse_reply-test$(EXEEXT) \ + snprintf-test$(EXEEXT) strpftime-test$(EXEEXT) noinst_PROGRAMS = make-roken$(EXEEXT) snprintf-test$(EXEEXT) PROGRAMS = $(noinst_PROGRAMS) @@ -446,6 +450,13 @@ parse_bytes_test_OBJECTS = parse_bytes-test.$(OBJEXT) parse_bytes_test_LDADD = $(LDADD) parse_bytes_test_DEPENDENCIES = libroken.la parse_bytes_test_LDFLAGS = +am_parse_reply_test_OBJECTS = \ + parse_reply_test-parse_reply-test.$(OBJEXT) \ + parse_reply_test-resolve.$(OBJEXT) +parse_reply_test_OBJECTS = $(am_parse_reply_test_OBJECTS) +parse_reply_test_LDADD = $(LDADD) +parse_reply_test_DEPENDENCIES = libroken.la +parse_reply_test_LDFLAGS = am_snprintf_test_OBJECTS = snprintf_test-snprintf-test.$(OBJEXT) snprintf_test_OBJECTS = $(am_snprintf_test_OBJECTS) snprintf_test_DEPENDENCIES = libtest.la libroken.la @@ -472,15 +483,15 @@ LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ CFLAGS = @CFLAGS@ DIST_SOURCES = $(libroken_la_SOURCES) $(EXTRA_libroken_la_SOURCES) \ $(libtest_la_SOURCES) base64-test.c getaddrinfo-test.c \ - parse_bytes-test.c $(snprintf_test_SOURCES) \ - $(strpftime_test_SOURCES) + parse_bytes-test.c $(parse_reply_test_SOURCES) \ + $(snprintf_test_SOURCES) $(strpftime_test_SOURCES) MANS = $(man_MANS) HEADERS = $(include_HEADERS) $(nodist_include_HEADERS) DIST_COMMON = $(include_HEADERS) ChangeLog Makefile.am Makefile.in \ acinclude.m4 freeaddrinfo.c getaddrinfo.c getcap.c \ getnameinfo.c glob.c install-sh missing mkinstalldirs -SOURCES = $(libroken_la_SOURCES) $(EXTRA_libroken_la_SOURCES) $(libtest_la_SOURCES) base64-test.c getaddrinfo-test.c $(nodist_make_roken_SOURCES) parse_bytes-test.c $(snprintf_test_SOURCES) $(strpftime_test_SOURCES) +SOURCES = $(libroken_la_SOURCES) $(EXTRA_libroken_la_SOURCES) $(libtest_la_SOURCES) base64-test.c getaddrinfo-test.c $(nodist_make_roken_SOURCES) parse_bytes-test.c $(parse_reply_test_SOURCES) $(snprintf_test_SOURCES) $(strpftime_test_SOURCES) all: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) all-am @@ -562,6 +573,11 @@ make-roken$(EXEEXT): $(make_roken_OBJECTS) $(make_roken_DEPENDENCIES) parse_bytes-test$(EXEEXT): $(parse_bytes_test_OBJECTS) $(parse_bytes_test_DEPENDENCIES) @rm -f parse_bytes-test$(EXEEXT) $(LINK) $(parse_bytes_test_LDFLAGS) $(parse_bytes_test_OBJECTS) $(parse_bytes_test_LDADD) $(LIBS) +parse_reply_test-parse_reply-test.$(OBJEXT): parse_reply-test.c +parse_reply_test-resolve.$(OBJEXT): resolve.c +parse_reply-test$(EXEEXT): $(parse_reply_test_OBJECTS) $(parse_reply_test_DEPENDENCIES) + @rm -f parse_reply-test$(EXEEXT) + $(LINK) $(parse_reply_test_LDFLAGS) $(parse_reply_test_OBJECTS) $(parse_reply_test_LDADD) $(LIBS) snprintf_test-snprintf-test.$(OBJEXT): snprintf-test.c snprintf-test$(EXEEXT): $(snprintf_test_OBJECTS) $(snprintf_test_DEPENDENCIES) @rm -f snprintf-test$(EXEEXT) @@ -612,6 +628,24 @@ libtest_la-snprintf.obj: snprintf.c libtest_la-snprintf.lo: snprintf.c $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -c -o libtest_la-snprintf.lo `test -f 'snprintf.c' || echo '$(srcdir)/'`snprintf.c +parse_reply_test-parse_reply-test.o: parse_reply-test.c + $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(parse_reply_test_CFLAGS) $(CFLAGS) -c -o parse_reply_test-parse_reply-test.o `test -f 'parse_reply-test.c' || echo '$(srcdir)/'`parse_reply-test.c + +parse_reply_test-parse_reply-test.obj: parse_reply-test.c + $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(parse_reply_test_CFLAGS) $(CFLAGS) -c -o parse_reply_test-parse_reply-test.obj `cygpath -w parse_reply-test.c` + +parse_reply_test-parse_reply-test.lo: parse_reply-test.c + $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(parse_reply_test_CFLAGS) $(CFLAGS) -c -o parse_reply_test-parse_reply-test.lo `test -f 'parse_reply-test.c' || echo '$(srcdir)/'`parse_reply-test.c + +parse_reply_test-resolve.o: resolve.c + $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(parse_reply_test_CFLAGS) $(CFLAGS) -c -o parse_reply_test-resolve.o `test -f 'resolve.c' || echo '$(srcdir)/'`resolve.c + +parse_reply_test-resolve.obj: resolve.c + $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(parse_reply_test_CFLAGS) $(CFLAGS) -c -o parse_reply_test-resolve.obj `cygpath -w resolve.c` + +parse_reply_test-resolve.lo: resolve.c + $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(parse_reply_test_CFLAGS) $(CFLAGS) -c -o parse_reply_test-resolve.lo `test -f 'resolve.c' || echo '$(srcdir)/'`resolve.c + snprintf_test-snprintf-test.o: snprintf-test.c $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(snprintf_test_CFLAGS) $(CFLAGS) -c -o snprintf_test-snprintf-test.o `test -f 'snprintf-test.c' || echo '$(srcdir)/'`snprintf-test.c diff --git a/crypto/heimdal/lib/roken/getifaddrs.c b/crypto/heimdal/lib/roken/getifaddrs.c index d8cf1eb..e8c53f8 100644 --- a/crypto/heimdal/lib/roken/getifaddrs.c +++ b/crypto/heimdal/lib/roken/getifaddrs.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 2000 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include <config.h> -RCSID("$Id: getifaddrs.c,v 1.7 2001/11/30 03:27:30 assar Exp $"); +RCSID("$Id: getifaddrs.c,v 1.9 2002/09/05 03:36:23 assar Exp $"); #endif #include "roken.h" @@ -56,6 +56,782 @@ struct mbuf; #include <ifaddrs.h> +#ifdef AF_NETLINK + +/* + * The linux - AF_NETLINK version of getifaddrs - from Usagi. + * Linux does not return v6 addresses from SIOCGIFCONF. + */ + +/* $USAGI: ifaddrs.c,v 1.18 2002/03/06 01:50:46 yoshfuji Exp $ */ + +/************************************************************************** + * ifaddrs.c + * Copyright (C)2000 Hideaki YOSHIFUJI, All Rights Reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the author nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "config.h" + +#include <string.h> +#include <time.h> +#include <malloc.h> +#include <errno.h> +#include <unistd.h> + +#include <sys/socket.h> +#include <asm/types.h> +#include <linux/netlink.h> +#include <linux/rtnetlink.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <netpacket/packet.h> +#include <net/ethernet.h> /* the L2 protocols */ +#include <sys/uio.h> +#include <net/if.h> +#include <net/if_arp.h> +#include <ifaddrs.h> +#include <netinet/in.h> + +#define __set_errno(e) (errno = (e)) +#define __close(fd) (close(fd)) +#undef ifa_broadaddr +#define ifa_broadaddr ifa_dstaddr +#define IFA_NETMASK + +/* ====================================================================== */ +struct nlmsg_list{ + struct nlmsg_list *nlm_next; + struct nlmsghdr *nlh; + int size; + time_t seq; +}; + +struct rtmaddr_ifamap { + void *address; + void *local; +#ifdef IFA_NETMASK + void *netmask; +#endif + void *broadcast; +#ifdef HAVE_IFADDRS_IFA_ANYCAST + void *anycast; +#endif + int address_len; + int local_len; +#ifdef IFA_NETMASK + int netmask_len; +#endif + int broadcast_len; +#ifdef HAVE_IFADDRS_IFA_ANYCAST + int anycast_len; +#endif +}; + +/* ====================================================================== */ +static size_t +ifa_sa_len(sa_family_t family, int len) +{ + size_t size; + switch(family){ + case AF_INET: + size = sizeof(struct sockaddr_in); + break; + case AF_INET6: + size = sizeof(struct sockaddr_in6); + break; + case AF_PACKET: + size = (size_t)(((struct sockaddr_ll *)NULL)->sll_addr) + len; + if (size < sizeof(struct sockaddr_ll)) + size = sizeof(struct sockaddr_ll); + break; + default: + size = (size_t)(((struct sockaddr *)NULL)->sa_data) + len; + if (size < sizeof(struct sockaddr)) + size = sizeof(struct sockaddr); + } + return size; +} + +static void +ifa_make_sockaddr(sa_family_t family, + struct sockaddr *sa, + void *p, size_t len, + uint32_t scope, uint32_t scopeid) +{ + if (sa == NULL) return; + switch(family){ + case AF_INET: + memcpy(&((struct sockaddr_in*)sa)->sin_addr, (char *)p, len); + break; + case AF_INET6: + memcpy(&((struct sockaddr_in6*)sa)->sin6_addr, (char *)p, len); + if (IN6_IS_ADDR_LINKLOCAL(p) || + IN6_IS_ADDR_MC_LINKLOCAL(p)){ + ((struct sockaddr_in6*)sa)->sin6_scope_id = scopeid; + } + break; + case AF_PACKET: + memcpy(((struct sockaddr_ll*)sa)->sll_addr, (char *)p, len); + ((struct sockaddr_ll*)sa)->sll_halen = len; + break; + default: + memcpy(sa->sa_data, p, len); /*XXX*/ + break; + } + sa->sa_family = family; +#ifdef HAVE_SOCKADDR_SA_LEN + sa->sa_len = ifa_sa_len(family, len); +#endif +} + +#ifndef IFA_NETMASK +static struct sockaddr * +ifa_make_sockaddr_mask(sa_family_t family, + struct sockaddr *sa, + uint32_t prefixlen) +{ + int i; + char *p = NULL, c; + uint32_t max_prefixlen = 0; + + if (sa == NULL) return NULL; + switch(family){ + case AF_INET: + memset(&((struct sockaddr_in*)sa)->sin_addr, 0, sizeof(((struct sockaddr_in*)sa)->sin_addr)); + p = (char *)&((struct sockaddr_in*)sa)->sin_addr; + max_prefixlen = 32; + break; + case AF_INET6: + memset(&((struct sockaddr_in6*)sa)->sin6_addr, 0, sizeof(((struct sockaddr_in6*)sa)->sin6_addr)); + p = (char *)&((struct sockaddr_in6*)sa)->sin6_addr; +#if 0 /* XXX: fill scope-id? */ + if (IN6_IS_ADDR_LINKLOCAL(p) || + IN6_IS_ADDR_MC_LINKLOCAL(p)){ + ((struct sockaddr_in6*)sa)->sin6_scope_id = scopeid; + } +#endif + max_prefixlen = 128; + break; + default: + return NULL; + } + sa->sa_family = family; +#ifdef HAVE_SOCKADDR_SA_LEN + sa->sa_len = ifa_sa_len(family, len); +#endif + if (p){ + if (prefixlen > max_prefixlen) + prefixlen = max_prefixlen; + for (i=0; i<(prefixlen / 8); i++) + *p++ = 0xff; + c = 0xff; + c <<= (8 - (prefixlen % 8)); + *p = c; + } + return sa; +} +#endif + +/* ====================================================================== */ +static int +nl_sendreq(int sd, int request, int flags, int *seq) +{ + char reqbuf[NLMSG_ALIGN(sizeof(struct nlmsghdr)) + + NLMSG_ALIGN(sizeof(struct rtgenmsg))]; + struct sockaddr_nl nladdr; + struct nlmsghdr *req_hdr; + struct rtgenmsg *req_msg; + time_t t = time(NULL); + + if (seq) *seq = t; + memset(&reqbuf, 0, sizeof(reqbuf)); + req_hdr = (struct nlmsghdr *)reqbuf; + req_msg = (struct rtgenmsg *)NLMSG_DATA(req_hdr); + req_hdr->nlmsg_len = NLMSG_LENGTH(sizeof(*req_msg)); + req_hdr->nlmsg_type = request; + req_hdr->nlmsg_flags = flags | NLM_F_REQUEST; + req_hdr->nlmsg_pid = 0; + req_hdr->nlmsg_seq = t; + req_msg->rtgen_family = AF_UNSPEC; + memset(&nladdr, 0, sizeof(nladdr)); + nladdr.nl_family = AF_NETLINK; + return (sendto(sd, (void *)req_hdr, req_hdr->nlmsg_len, 0, + (struct sockaddr *)&nladdr, sizeof(nladdr))); +} + +static int +nl_recvmsg(int sd, int request, int seq, + void *buf, size_t buflen, + int *flags) +{ + struct msghdr msg; + struct iovec iov = { buf, buflen }; + struct sockaddr_nl nladdr; + int read_len; + + for (;;){ + msg.msg_name = (void *)&nladdr; + msg.msg_namelen = sizeof(nladdr); + msg.msg_iov = &iov; + msg.msg_iovlen = 1; + msg.msg_control = NULL; + msg.msg_controllen = 0; + msg.msg_flags = 0; + read_len = recvmsg(sd, &msg, 0); + if ((read_len < 0 && errno == EINTR) || (msg.msg_flags & MSG_TRUNC)) + continue; + if (flags) *flags = msg.msg_flags; + break; + } + return read_len; +} + +static int +nl_getmsg(int sd, int request, int seq, + struct nlmsghdr **nlhp, + int *done) +{ + struct nlmsghdr *nh; + size_t bufsize = 65536, lastbufsize = 0; + void *buff = NULL; + int result = 0, read_size; + int msg_flags; + pid_t pid = getpid(); + for (;;){ + void *newbuff = realloc(buff, bufsize); + if (newbuff == NULL || bufsize < lastbufsize) { + result = -1; + break; + } + buff = newbuff; + result = read_size = nl_recvmsg(sd, request, seq, buff, bufsize, &msg_flags); + if (read_size < 0 || (msg_flags & MSG_TRUNC)){ + lastbufsize = bufsize; + bufsize *= 2; + continue; + } + if (read_size == 0) break; + nh = (struct nlmsghdr *)buff; + for (nh = (struct nlmsghdr *)buff; + NLMSG_OK(nh, read_size); + nh = (struct nlmsghdr *)NLMSG_NEXT(nh, read_size)){ + if (nh->nlmsg_pid != pid || + nh->nlmsg_seq != seq) + continue; + if (nh->nlmsg_type == NLMSG_DONE){ + (*done)++; + break; /* ok */ + } + if (nh->nlmsg_type == NLMSG_ERROR){ + struct nlmsgerr *nlerr = (struct nlmsgerr *)NLMSG_DATA(nh); + result = -1; + if (nh->nlmsg_len < NLMSG_LENGTH(sizeof(struct nlmsgerr))) + __set_errno(EIO); + else + __set_errno(-nlerr->error); + break; + } + } + break; + } + if (result < 0) + if (buff){ + int saved_errno = errno; + free(buff); + __set_errno(saved_errno); + } + *nlhp = (struct nlmsghdr *)buff; + return result; +} + +static int +nl_getlist(int sd, int seq, + int request, + struct nlmsg_list **nlm_list, + struct nlmsg_list **nlm_end) +{ + struct nlmsghdr *nlh = NULL; + int status; + int done = 0; + + status = nl_sendreq(sd, request, NLM_F_ROOT|NLM_F_MATCH, &seq); + if (status < 0) + return status; + if (seq == 0) + seq = (int)time(NULL); + while(!done){ + status = nl_getmsg(sd, request, seq, &nlh, &done); + if (status < 0) + return status; + if (nlh){ + struct nlmsg_list *nlm_next = (struct nlmsg_list *)malloc(sizeof(struct nlmsg_list)); + if (nlm_next == NULL){ + int saved_errno = errno; + free(nlh); + __set_errno(saved_errno); + status = -1; + } else { + nlm_next->nlm_next = NULL; + nlm_next->nlh = (struct nlmsghdr *)nlh; + nlm_next->size = status; + nlm_next->seq = seq; + if (*nlm_list == NULL){ + *nlm_list = nlm_next; + *nlm_end = nlm_next; + } else { + (*nlm_end)->nlm_next = nlm_next; + *nlm_end = nlm_next; + } + } + } + } + return status >= 0 ? seq : status; +} + +/* ---------------------------------------------------------------------- */ +static void +free_nlmsglist(struct nlmsg_list *nlm0) +{ + struct nlmsg_list *nlm; + int saved_errno; + if (!nlm0) + return; + saved_errno = errno; + for (nlm=nlm0; nlm; nlm=nlm->nlm_next){ + if (nlm->nlh) + free(nlm->nlh); + } + free(nlm0); + __set_errno(saved_errno); +} + +static void +free_data(void *data, void *ifdata) +{ + int saved_errno = errno; + if (data != NULL) free(data); + if (ifdata != NULL) free(ifdata); + __set_errno(saved_errno); +} + +/* ---------------------------------------------------------------------- */ +static void +nl_close(int sd) +{ + int saved_errno = errno; + if (sd >= 0) __close(sd); + __set_errno(saved_errno); +} + +/* ---------------------------------------------------------------------- */ +static int +nl_open(void) +{ + struct sockaddr_nl nladdr; + int sd; + + sd = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE); + if (sd < 0) return -1; + memset(&nladdr, 0, sizeof(nladdr)); + nladdr.nl_family = AF_NETLINK; + if (bind(sd, (struct sockaddr*)&nladdr, sizeof(nladdr)) < 0){ + nl_close(sd); + return -1; + } + return sd; +} + +/* ====================================================================== */ +int getifaddrs(struct ifaddrs **ifap) +{ + int sd; + struct nlmsg_list *nlmsg_list, *nlmsg_end, *nlm; + /* - - - - - - - - - - - - - - - */ + int icnt; + size_t dlen, xlen, nlen; + uint32_t max_ifindex = 0; + + pid_t pid = getpid(); + int seq; + int result; + int build ; /* 0 or 1 */ + +/* ---------------------------------- */ + /* initialize */ + icnt = dlen = xlen = nlen = 0; + nlmsg_list = nlmsg_end = NULL; + + if (ifap) + *ifap = NULL; + +/* ---------------------------------- */ + /* open socket and bind */ + sd = nl_open(); + if (sd < 0) + return -1; + +/* ---------------------------------- */ + /* gather info */ + if ((seq = nl_getlist(sd, 0, RTM_GETLINK, + &nlmsg_list, &nlmsg_end)) < 0){ + free_nlmsglist(nlmsg_list); + nl_close(sd); + return -1; + } + if ((seq = nl_getlist(sd, seq+1, RTM_GETADDR, + &nlmsg_list, &nlmsg_end)) < 0){ + free_nlmsglist(nlmsg_list); + nl_close(sd); + return -1; + } + +/* ---------------------------------- */ + /* Estimate size of result buffer and fill it */ + for (build=0; build<=1; build++){ + struct ifaddrs *ifl = NULL, *ifa = NULL; + struct nlmsghdr *nlh, *nlh0; + char *data = NULL, *xdata = NULL; + void *ifdata = NULL; + char *ifname = NULL, **iflist = NULL; + uint16_t *ifflist = NULL; + struct rtmaddr_ifamap ifamap; + + if (build){ + data = calloc(1, + NLMSG_ALIGN(sizeof(struct ifaddrs[icnt])) + + dlen + xlen + nlen); + ifa = (struct ifaddrs *)data; + ifdata = calloc(1, + NLMSG_ALIGN(sizeof(char *[max_ifindex+1])) + + NLMSG_ALIGN(sizeof(uint16_t [max_ifindex+1]))); + if (ifap != NULL) + *ifap = (ifdata != NULL) ? ifa : NULL; + else{ + free_data(data, ifdata); + result = 0; + break; + } + if (data == NULL || ifdata == NULL){ + free_data(data, ifdata); + result = -1; + break; + } + ifl = NULL; + data += NLMSG_ALIGN(sizeof(struct ifaddrs)) * icnt; + xdata = data + dlen; + ifname = xdata + xlen; + iflist = ifdata; + ifflist = (uint16_t *)(((char *)iflist) + NLMSG_ALIGN(sizeof(char *[max_ifindex+1]))); + } + + for (nlm=nlmsg_list; nlm; nlm=nlm->nlm_next){ + int nlmlen = nlm->size; + if (!(nlh0 = nlm->nlh)) + continue; + for (nlh = nlh0; + NLMSG_OK(nlh, nlmlen); + nlh=NLMSG_NEXT(nlh,nlmlen)){ + struct ifinfomsg *ifim = NULL; + struct ifaddrmsg *ifam = NULL; + struct rtattr *rta; + + size_t nlm_struct_size = 0; + sa_family_t nlm_family = 0; + uint32_t nlm_scope = 0, nlm_index = 0; + size_t sockaddr_size = 0; + uint32_t nlm_prefixlen = 0; + size_t rtasize; + + memset(&ifamap, 0, sizeof(ifamap)); + + /* check if the message is what we want */ + if (nlh->nlmsg_pid != pid || + nlh->nlmsg_seq != nlm->seq) + continue; + if (nlh->nlmsg_type == NLMSG_DONE){ + break; /* ok */ + } + switch (nlh->nlmsg_type){ + case RTM_NEWLINK: + ifim = (struct ifinfomsg *)NLMSG_DATA(nlh); + nlm_struct_size = sizeof(*ifim); + nlm_family = ifim->ifi_family; + nlm_scope = 0; + nlm_index = ifim->ifi_index; + nlm_prefixlen = 0; + if (build) + ifflist[nlm_index] = ifa->ifa_flags = ifim->ifi_flags; + break; + case RTM_NEWADDR: + ifam = (struct ifaddrmsg *)NLMSG_DATA(nlh); + nlm_struct_size = sizeof(*ifam); + nlm_family = ifam->ifa_family; + nlm_scope = ifam->ifa_scope; + nlm_index = ifam->ifa_index; + nlm_prefixlen = ifam->ifa_prefixlen; + if (build) + ifa->ifa_flags = ifflist[nlm_index]; + break; + default: + continue; + } + + if (!build){ + if (max_ifindex < nlm_index) + max_ifindex = nlm_index; + } else { + if (ifl != NULL) + ifl->ifa_next = ifa; + } + + rtasize = NLMSG_PAYLOAD(nlh, nlmlen) - NLMSG_ALIGN(nlm_struct_size); + for (rta = (struct rtattr *)(((char *)NLMSG_DATA(nlh)) + NLMSG_ALIGN(nlm_struct_size)); + RTA_OK(rta, rtasize); + rta = RTA_NEXT(rta, rtasize)){ + struct sockaddr **sap = NULL; + void *rtadata = RTA_DATA(rta); + size_t rtapayload = RTA_PAYLOAD(rta); + socklen_t sa_len; + + switch(nlh->nlmsg_type){ + case RTM_NEWLINK: + switch(rta->rta_type){ + case IFLA_ADDRESS: + case IFLA_BROADCAST: + if (build){ + sap = (rta->rta_type == IFLA_ADDRESS) ? &ifa->ifa_addr : &ifa->ifa_broadaddr; + *sap = (struct sockaddr *)data; + } + sa_len = ifa_sa_len(AF_PACKET, rtapayload); + if (rta->rta_type == IFLA_ADDRESS) + sockaddr_size = NLMSG_ALIGN(sa_len); + if (!build){ + dlen += NLMSG_ALIGN(sa_len); + } else { + memset(*sap, 0, sa_len); + ifa_make_sockaddr(AF_PACKET, *sap, rtadata,rtapayload, 0,0); + ((struct sockaddr_ll *)*sap)->sll_ifindex = nlm_index; + ((struct sockaddr_ll *)*sap)->sll_hatype = ifim->ifi_type; + data += NLMSG_ALIGN(sa_len); + } + break; + case IFLA_IFNAME:/* Name of Interface */ + if (!build) + nlen += NLMSG_ALIGN(rtapayload + 1); + else{ + ifa->ifa_name = ifname; + if (iflist[nlm_index] == NULL) + iflist[nlm_index] = ifa->ifa_name; + strncpy(ifa->ifa_name, rtadata, rtapayload); + ifa->ifa_name[rtapayload] = '\0'; + ifname += NLMSG_ALIGN(rtapayload + 1); + } + break; + case IFLA_STATS:/* Statistics of Interface */ + if (!build) + xlen += NLMSG_ALIGN(rtapayload); + else{ + ifa->ifa_data = xdata; + memcpy(ifa->ifa_data, rtadata, rtapayload); + xdata += NLMSG_ALIGN(rtapayload); + } + break; + case IFLA_UNSPEC: + break; + case IFLA_MTU: + break; + case IFLA_LINK: + break; + case IFLA_QDISC: + break; + default: + } + break; + case RTM_NEWADDR: + if (nlm_family == AF_PACKET) break; + switch(rta->rta_type){ + case IFA_ADDRESS: + ifamap.address = rtadata; + ifamap.address_len = rtapayload; + break; + case IFA_LOCAL: + ifamap.local = rtadata; + ifamap.local_len = rtapayload; + break; + case IFA_BROADCAST: + ifamap.broadcast = rtadata; + ifamap.broadcast_len = rtapayload; + break; +#ifdef HAVE_IFADDRS_IFA_ANYCAST + case IFA_ANYCAST: + ifamap.anycast = rtadata; + ifamap.anycast_len = rtapayload; + break; +#endif + case IFA_LABEL: + if (!build) + nlen += NLMSG_ALIGN(rtapayload + 1); + else{ + ifa->ifa_name = ifname; + if (iflist[nlm_index] == NULL) + iflist[nlm_index] = ifname; + strncpy(ifa->ifa_name, rtadata, rtapayload); + ifa->ifa_name[rtapayload] = '\0'; + ifname += NLMSG_ALIGN(rtapayload + 1); + } + break; + case IFA_UNSPEC: + break; + case IFA_CACHEINFO: + break; + default: + } + } + } + if (nlh->nlmsg_type == RTM_NEWADDR && + nlm_family != AF_PACKET) { + if (!ifamap.local) { + ifamap.local = ifamap.address; + ifamap.local_len = ifamap.address_len; + } + if (!ifamap.address) { + ifamap.address = ifamap.local; + ifamap.address_len = ifamap.local_len; + } + if (ifamap.address_len != ifamap.local_len || + (ifamap.address != NULL && + memcmp(ifamap.address, ifamap.local, ifamap.address_len))) { + /* p2p; address is peer and local is ours */ + ifamap.broadcast = ifamap.address; + ifamap.broadcast_len = ifamap.address_len; + ifamap.address = ifamap.local; + ifamap.address_len = ifamap.local_len; + } + if (ifamap.address) { +#ifndef IFA_NETMASK + sockaddr_size = NLMSG_ALIGN(ifa_sa_len(nlm_family,ifamap.address_len)); +#endif + if (!build) + dlen += NLMSG_ALIGN(ifa_sa_len(nlm_family,ifamap.address_len)); + else { + ifa->ifa_addr = (struct sockaddr *)data; + ifa_make_sockaddr(nlm_family, ifa->ifa_addr, ifamap.address, ifamap.address_len, + nlm_scope, nlm_index); + data += NLMSG_ALIGN(ifa_sa_len(nlm_family, ifamap.address_len)); + } + } +#ifdef IFA_NETMASK + if (ifamap.netmask) { + if (!build) + dlen += NLMSG_ALIGN(ifa_sa_len(nlm_family,ifamap.netmask_len)); + else { + ifa->ifa_netmask = (struct sockaddr *)data; + ifa_make_sockaddr(nlm_family, ifa->ifa_netmask, ifamap.netmask, ifamap.netmask_len, + nlm_scope, nlm_index); + data += NLMSG_ALIGN(ifa_sa_len(nlm_family, ifamap.netmask_len)); + } + } +#endif + if (ifamap.broadcast) { + if (!build) + dlen += NLMSG_ALIGN(ifa_sa_len(nlm_family,ifamap.broadcast_len)); + else { + ifa->ifa_broadaddr = (struct sockaddr *)data; + ifa_make_sockaddr(nlm_family, ifa->ifa_broadaddr, ifamap.broadcast, ifamap.broadcast_len, + nlm_scope, nlm_index); + data += NLMSG_ALIGN(ifa_sa_len(nlm_family, ifamap.broadcast_len)); + } + } +#ifdef HAVE_IFADDRS_IFA_ANYCAST + if (ifamap.anycast) { + if (!build) + dlen += NLMSG_ALIGN(ifa_sa_len(nlm_family,ifamap.anycast_len)); + else { + ifa->ifa_anycast = (struct sockaddr *)data; + ifa_make_sockaddr(nlm_family, ifa->ifa_anyaddr, ifamap.anycast, ifamap.anycast_len, + nlm_scope, nlm_index); + data += NLMSG_ALIGN(ifa_sa_len(nlm_family, ifamap.anycast_len)); + } + } +#endif + } + if (!build){ +#ifndef IFA_NETMASK + dlen += sockaddr_size; +#endif + icnt++; + } else { + if (ifa->ifa_name == NULL) + ifa->ifa_name = iflist[nlm_index]; +#ifndef IFA_NETMASK + if (ifa->ifa_addr && + ifa->ifa_addr->sa_family != AF_UNSPEC && + ifa->ifa_addr->sa_family != AF_PACKET){ + ifa->ifa_netmask = (struct sockaddr *)data; + ifa_make_sockaddr_mask(ifa->ifa_addr->sa_family, ifa->ifa_netmask, nlm_prefixlen); + } + data += sockaddr_size; +#endif + ifl = ifa++; + } + } + } + if (!build){ + if (icnt == 0 && (dlen + nlen + xlen == 0)){ + if (ifap != NULL) + *ifap = NULL; + break; /* cannot found any addresses */ + } + } + else + free_data(NULL, ifdata); + } + +/* ---------------------------------- */ + /* Finalize */ + free_nlmsglist(nlmsg_list); + nl_close(sd); + return 0; +} + +/* ---------------------------------------------------------------------- */ +void +freeifaddrs(struct ifaddrs *ifa) +{ + free(ifa); +} + + +#else /* !AF_NETLINK */ + +/* + * The generic SIOCGIFCONF version. + */ + static int getifaddrs2(struct ifaddrs **ifap, int af, int siocgifconf, int siocgifflags, @@ -355,6 +1131,8 @@ freeifaddrs(struct ifaddrs *ifp) } } +#endif /* !AF_NETLINK */ + #ifdef TEST void diff --git a/crypto/heimdal/lib/roken/getnameinfo_verified.c b/crypto/heimdal/lib/roken/getnameinfo_verified.c index de3c8bf..0145262 100644 --- a/crypto/heimdal/lib/roken/getnameinfo_verified.c +++ b/crypto/heimdal/lib/roken/getnameinfo_verified.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,11 +33,19 @@ #ifdef HAVE_CONFIG_H #include <config.h> -RCSID("$Id: getnameinfo_verified.c,v 1.5 2001/02/12 13:55:07 assar Exp $"); +RCSID("$Id: getnameinfo_verified.c,v 1.6 2002/09/05 01:36:27 assar Exp $"); #endif #include "roken.h" +/* + * Try to obtain a verified name for the address in `sa, salen' (much + * similar to getnameinfo). + * Verified in this context means that forwards and backwards lookups + * in DNS are consistent. If that fails, return an error if the + * NI_NAMEREQD flag is set or return the numeric address as a string. + */ + int getnameinfo_verified(const struct sockaddr *sa, socklen_t salen, char *host, size_t hostlen, @@ -60,13 +68,13 @@ getnameinfo_verified(const struct sockaddr *sa, socklen_t salen, ret = getnameinfo (sa, salen, host, hostlen, serv, servlen, flags | NI_NUMERICSERV); if (ret) - return ret; + goto fail; memset (&hints, 0, sizeof(hints)); hints.ai_socktype = SOCK_STREAM; ret = getaddrinfo (host, serv, &hints, &ai); if (ret) - return ret; + goto fail; for (a = ai; a != NULL; a = a->ai_next) { if (a->ai_addrlen == salen && memcmp (a->ai_addr, sa, salen) == 0) { @@ -75,6 +83,7 @@ getnameinfo_verified(const struct sockaddr *sa, socklen_t salen, } } freeaddrinfo (ai); + fail: if (flags & NI_NAMEREQD) return EAI_NONAME; ret = getnameinfo (sa, salen, host, hostlen, serv, servlen, diff --git a/crypto/heimdal/lib/roken/parse_reply-test.c b/crypto/heimdal/lib/roken/parse_reply-test.c new file mode 100644 index 0000000..47e12d1 --- /dev/null +++ b/crypto/heimdal/lib/roken/parse_reply-test.c @@ -0,0 +1,129 @@ +/* + * Copyright (c) 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: parse_reply-test.c,v 1.2 2002/09/04 03:25:06 assar Exp $"); +#endif + +#include <sys/types.h> +#ifdef HAVE_SYS_MMAN_H +#include <sys/mman.h> +#endif +#include <fcntl.h> + +#include "roken.h" +#include "resolve.h" + +struct dns_reply* +parse_reply(const unsigned char *, size_t); + +enum { MAX_BUF = 36}; + +static struct testcase { + unsigned char buf[MAX_BUF]; + size_t buf_len; +} tests[] = { + {{0x12, 0x67, 0x84, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, + 0x03, 'f', 'o', 'o', 0x00, + 0x00, 0x10, 0x00, 0x01, + 0x03, 'f', 'o', 'o', 0x00, + 0x00, 0x10, 0x00, 0x01, + 0x00, 0x00, 0x12, 0x67, 0xff, 0xff}, 36} +}; + +#ifndef MAP_FAILED +#define MAP_FAILED (-1) +#endif + +static sig_atomic_t val = 0; + +static RETSIGTYPE +segv_handler(int sig) +{ + val = 1; +} + +int +main(int argc, char **argv) +{ +#ifndef HAVE_MMAP + return 77; /* signal to automake that this test + cannot be run */ +#else /* HAVE_MMAP */ + int ret; + int i; + struct sigaction sa; + + sigemptyset (&sa.sa_mask); + sa.sa_flags = 0; + sa.sa_handler = segv_handler; + sigaction (SIGSEGV, &sa, NULL); + + for (i = 0; val == 0 && i < sizeof(tests)/sizeof(tests[0]); ++i) { + const struct testcase *t = &tests[i]; + unsigned char *p1, *p2; + int flags; + int fd; + size_t pagesize = getpagesize(); + unsigned char *buf; + +#ifdef MAP_ANON + flags = MAP_ANON; + fd = -1; +#else + flags = 0; + fd = open ("/dev/zero", O_RDONLY); + if(fd < 0) + err (1, "open /dev/zero"); +#endif + flags |= MAP_PRIVATE; + + p1 = (char *)mmap(0, 2 * pagesize, PROT_READ | PROT_WRITE, + flags, fd, 0); + if (p1 == (unsigned char *)MAP_FAILED) + err (1, "mmap"); + p2 = p1 + pagesize; + ret = mprotect (p2, pagesize, 0); + if (ret < 0) + err (1, "mprotect"); + buf = p2 - t->buf_len; + memcpy (buf, t->buf, t->buf_len); + parse_reply (buf, t->buf_len); + ret = munmap (p1, 2 * pagesize); + if (ret < 0) + err (1, "munmap"); + } + return val; +#endif /* HAVE_MMAP */ +} diff --git a/crypto/heimdal/lib/roken/resolve.c b/crypto/heimdal/lib/roken/resolve.c index f17ae4c..ac380d7 100644 --- a/crypto/heimdal/lib/roken/resolve.c +++ b/crypto/heimdal/lib/roken/resolve.c @@ -45,9 +45,10 @@ #include <assert.h> -RCSID("$Id: resolve.c,v 1.33 2002/08/28 20:07:24 joda Exp $"); +RCSID("$Id: resolve.c,v 1.36 2002/09/09 21:39:19 joda Exp $"); -#if defined(HAVE_RES_SEARCH) && defined(HAVE_DN_EXPAND) +#undef HAVE_RES_NSEARCH +#if (defined(HAVE_RES_SEARCH) || defined(HAVE_RES_NSEARCH)) && defined(HAVE_DN_EXPAND) #define DECL(X) {#X, T_##X} @@ -110,8 +111,11 @@ dns_free_data(struct dns_reply *r) free (r); } -static struct dns_reply* -parse_reply(unsigned char *data, int len) +#ifndef TEST_RESOLVE +static +#endif +struct dns_reply* +parse_reply(const unsigned char *data, size_t len) { const unsigned char *p; char host[128]; @@ -366,26 +370,40 @@ dns_lookup_int(const char *domain, int rr_class, int rr_type) { unsigned char reply[1024]; int len; -#ifdef HAVE__RES +#ifdef HAVE_RES_NSEARCH + struct __res_state stat; + memset(&stat, 0, sizeof(stat)); + if(res_ninit(&stat)) + return NULL; /* is this the best we can do? */ +#elif defined(HAVE__RES) u_long old_options = 0; #endif if (_resolve_debug) { -#ifdef HAVE__RES +#ifdef HAVE_RES_NSEARCH + stat.options |= RES_DEBUG; +#elif defined(HAVE__RES) old_options = _res.options; _res.options |= RES_DEBUG; #endif fprintf(stderr, "dns_lookup(%s, %d, %s)\n", domain, rr_class, dns_type_to_string(rr_type)); } +#ifdef HAVE_RES_NSEARCH + len = res_nsearch(&stat, domain, rr_class, rr_type, reply, sizeof(reply)); +#else len = res_search(domain, rr_class, rr_type, reply, sizeof(reply)); +#endif if (_resolve_debug) { -#ifdef HAVE__RES +#if defined(HAVE__RES) && !defined(HAVE_RES_NSEARCH) _res.options = old_options; #endif fprintf(stderr, "dns_lookup(%s, %d, %s) --> %d\n", domain, rr_class, dns_type_to_string(rr_type), len); } +#ifdef HAVE_RES_NSEARCH + res_nclose(&stat); +#endif if(len < 0) { return NULL; } else { diff --git a/crypto/heimdal/lib/roken/roken-common.h b/crypto/heimdal/lib/roken/roken-common.h index 2e604ac..6e29be8 100644 --- a/crypto/heimdal/lib/roken/roken-common.h +++ b/crypto/heimdal/lib/roken/roken-common.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: roken-common.h,v 1.49 2002/08/20 11:55:04 joda Exp $ */ +/* $Id: roken-common.h,v 1.51 2002/09/09 13:41:12 joda Exp $ */ #ifndef __ROKEN_COMMON_H__ #define __ROKEN_COMMON_H__ @@ -252,7 +252,7 @@ ROKEN_CPP_START -#if IRIX != 4 /* fix for compiler bug */ +#ifndef IRIX4 /* fix for compiler bug */ #ifdef RETSIGTYPE typedef RETSIGTYPE (*SigAction)(int); SigAction signal(int iSig, SigAction pAction); /* BSD compatible */ diff --git a/crypto/heimdal/lib/roken/roken.awk b/crypto/heimdal/lib/roken/roken.awk index 057b4fd..b6a181c 100644 --- a/crypto/heimdal/lib/roken/roken.awk +++ b/crypto/heimdal/lib/roken/roken.awk @@ -1,10 +1,10 @@ -# $Id: roken.awk,v 1.7 2001/03/26 09:26:35 joda Exp $ +# $Id: roken.awk,v 1.8 2002/09/10 20:05:55 joda Exp $ BEGIN { - print "#include <stdio.h>" print "#ifdef HAVE_CONFIG_H" print "#include <config.h>" print "#endif" + print "#include <stdio.h>" print "" print "int main()" print "{" diff --git a/crypto/heimdal/lib/roken/rtbl.c b/crypto/heimdal/lib/roken/rtbl.c index 098b601..5a3bc00 100644 --- a/crypto/heimdal/lib/roken/rtbl.c +++ b/crypto/heimdal/lib/roken/rtbl.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000 Kungliga Tekniska Högskolan + * Copyright (c) 2000, 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include <config.h> -RCSID ("$Id: rtbl.c,v 1.3 2000/07/20 14:42:31 assar Exp $"); +RCSID ("$Id: rtbl.c,v 1.4 2002/09/04 21:25:09 joda Exp $"); #endif #include "roken.h" #include "rtbl.h" @@ -83,12 +83,14 @@ rtbl_destroy (rtbl_t table) for (j = 0; j < c->num_rows; j++) free (c->rows[j].data); + free (c->rows); free (c->header); free (c->prefix); free (c); } free (table->column_prefix); free (table->columns); + free (table); } int |