diff options
author | nectar <nectar@FreeBSD.org> | 2003-10-09 19:36:20 +0000 |
---|---|---|
committer | nectar <nectar@FreeBSD.org> | 2003-10-09 19:36:20 +0000 |
commit | 5c90662d441c12cd30c694eb1172d6fea2f8f282 (patch) | |
tree | cb08d962a1d1ff9fd191e67849a7057861f42a50 /crypto | |
parent | 12eb3dee85137da9effa7d2df35e855dd0a3814a (diff) | |
download | FreeBSD-src-5c90662d441c12cd30c694eb1172d6fea2f8f282.zip FreeBSD-src-5c90662d441c12cd30c694eb1172d6fea2f8f282.tar.gz |
Vendor import of Heimdal 0.6.
Diffstat (limited to 'crypto')
306 files changed, 13767 insertions, 3741 deletions
diff --git a/crypto/heimdal/ChangeLog b/crypto/heimdal/ChangeLog index 4773b98..c701be6b 100644 --- a/crypto/heimdal/ChangeLog +++ b/crypto/heimdal/ChangeLog @@ -1,671 +1,554 @@ -2002-10-21 Johan Danielsson <joda@pdc.kth.se> +2003-05-08 Johan Danielsson <joda@ratatosk.pdc.kth.se> - * lib/krb5/store_emem.c: pull up 1.13; limit how much we allocate + * Release 0.6 - * lib/krb5/principal.c: pull up 1.82; don't allow trailing - backslashes in components +2003-05-08 Love Hörnquist Åstrand <lha@it.su.se> - * lib/krb5/keytab_keyfile.c: pull up 1.15; more strcspn + * kuser/klist.c: 1.68->1.69: print tokens even if there isn't v4 + support - * lib/krb5/keytab_any.c: pull up 1.7; properly close the open - keytabs + * kuser/kdestroy.c: 1.14->1.15: destroy tokens even if there isn't + v4 support - * kdc/connect.c: pull up 1.87; check that %-quotes are followed by - two hex digits + * kuser/kinit.c: 1.90->1.91: print tokens even if there isn't v4 + support - * lib/krb5/prompter_posix.c: pull up 1.7; use strcspn to convert - the newline to NUL in fgets results. +2003-05-06 Johan Danielsson <joda@pdc.kth.se> - * lib/krb5/kuserok.c: pull up 1.6; use strcspn to convert the - newline to NUL in fgets results. + * lib/krb5/name-45-test.c: need to use empty krb5.conf for some + tests - * lib/krb5/keytab_file.c: pull up 1.12; check return value from - start_seq_get + * lib/asn1/check-gen.c: there is no \e escape sequence; replace + everything with hex-codes, and cast to unsigned char* to make some + compilers happy - * lib/krb5/context.c: pull up 1.82; return ENXIO instead of ENOENT - when "unconfigured" +2003-05-06 Love Hörnquist Åstrand <lha@it.su.se> - * lib/krb5/changepw.c: pull up 1.38; fix reply length check - calculation - - * kuser/klist.c: pull up 1.68; allow tokens up to size of buffer - - * kdc/kaserver.c: pull up 1.21; make sure life is positive - - * fix-export: pull up 1.28; remove autom4ate.cache - -2002-09-10 Johan Danielsson <joda@pdc.kth.se> - - * Release 0.5 - - * include/make_crypto.c: don't use function macros if possible - - * lib/krb5/krb5_locl.h: get limits.h for UINT_MAX - - * include/Makefile.am: use make_crypto to create crypto-headers.h - - * include/make_crypto.c: crypto header generation tool - - * configure.in: move crypto test to just after testing for krb4, - and move roken tests to after both, this speeds up various failure - cases with krb4 - - * lib/krb5/config_file.c: don't use NULL when we mean 0 - - * configure.in: we don't set package_libdir anymore, so no point - in testing for it - - * tools/Makefile.am: subst INCLUDE_des - - * tools/krb5-config.in: add INCLUDE_des to cflags - - * configure.in: use AC_CONFIG_SRCDIR - - * fix-export: remove some unneeded stuff - - * kuser/kinit.c (do_524init): free principals - -2002-09-09 Jacques Vidrine <nectar@kth.se> - - * kdc/kerberos5.c (get_pa_etype_info, fix_transited_encoding), - kdc/kaserver.c (krb5_ret_xdr_data), - lib/krb5/transited.c (krb5_domain_x500_decode): Validate some - counts: Check that they are non-negative, and that they are small - enough to avoid integer overflow when used in memory allocation - calculations. Potential problem areas pointed out by - Sebastian Krahmer <krahmer@suse.de>. - - * lib/krb5/keytab_keyfile.c (akf_add_entry): Use O_EXCL when - creating a new keyfile. - -2002-09-09 Johan Danielsson <joda@pdc.kth.se> - - * configure.in: don't try to build pam module - -2002-09-05 Johan Danielsson <joda@pdc.kth.se> - - * appl/kf/kf.c: fix warning string - - * lib/krb5/log.c (krb5_vlog_msg): delay message formating till we - know we need it - -2002-09-04 Assar Westerlund <assar@kth.se> - - * kdc/kerberos5.c (encode_reply): correct error logging - -2002-09-04 Johan Danielsson <joda@pdc.kth.se> - - * lib/krb5/sendauth.c: close ccache if we opened it - - * appl/kf/kf.c: handle new protocol - - * appl/kf/kfd.c: use krb5_err instead of sysloging directly, - handle the new protocol, and bail out if an old client tries to - connect - - * appl/kf/kf_locl.h: we need a protocol version string - - * lib/hdb/hdb-ldap.c: use ASN1_MALLOC_ENCODE - - * kdc/kerberos5.c: use ASN1_MALLOC_ENCODE - - * kdc/hprop.c: set AP_OPTS_USE_SUBKEY - - * lib/hdb/common.c: use ASN1_MALLOC_ENCODE - - * lib/asn1/gen.c: add convenience macro that allocates a buffer - and encoded into that - - * lib/krb5/get_cred.c (init_tgs_req): use - in_creds->session.keytype literally instead of trying to convert - to a list of enctypes (it should already be an enctype) + * lib/krb5/get_in_tkt.c (make_pa_enc_timestamp): make sure first + argument to krb5_us_timeofday have correct type - * lib/krb5/get_cred.c (init_tgs_req): init ret - -2002-09-03 Johan Danielsson <joda@pdc.kth.se> - - * lib/asn1/k5.asn1: remove ETYPE_DES3_CBC_NONE_IVEC - - * lib/krb5/krb5.h: remove ENCTYPE_DES3_CBC_NONE_IVEC - - * lib/krb5/crypto.c: get rid of DES3_CBC_encrypt_ivec, just use - zero ivec in DES3_CBC_encrypt if passed ivec is NULL - - * lib/krb5/Makefile.am: back out 1.144, since it will re-create - krb5-protos.h at build-time, which requires perl, which is bad - - * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): don't - blindly use the local subkey - - * lib/krb5/crypto.c: add function krb5_crypto_getblocksize that - extracts the required blocksize from a crypto context +2003-05-05 Assar Westerlund <assar@kth.se> - * lib/krb5/build_auth.c: just get the length of the encoded - authenticator instead of trying to grow a buffer + * include/make_crypto.c (main): include aes.h if ENABLE_AES -2002-09-03 Assar Westerlund <assar@kth.se> +2003-05-05 Love Hörnquist Åstrand <lha@it.su.se> - * configure.in: add --disable-mmap option, and tests for - sys/mman.h and mmap - -2002-09-03 Jacques Vidrine <nectar@kth.se> - - * lib/krb5/changepw.c: verify lengths in response - - * lib/asn1/der_get.c (decode_integer, decode_unsigned): check for - truncated integers - -2002-09-02 Johan Danielsson <joda@pdc.kth.se> - - * lib/krb5/mk_req_ext.c: generate a local subkey if - AP_OPTS_USE_SUBKEY is set - - * lib/krb5/build_auth.c: we don't have enough information about - whether to generate a local subkey here, so don't try to - - * lib/krb5/auth_context.c: new function - krb5_auth_con_generatelocalsubkey - - * lib/krb5/get_in_tkt.c: only set kdc_sec_offset if looking at an - initial ticket - - * lib/krb5/context.c (init_context_from_config_file): simplify - initialisation of srv_lookup - - * lib/krb5/changepw.c (send_request): set AP_OPTS_USE_SUBKEY - - * lib/krb5/krb5.h: add AP_OPTS_USE_SUBKEY - -2002-08-30 Assar Westerlund <assar@kth.se> - - * lib/krb5/name-45-test.c: also test krb5_524_conv_principal - * lib/krb5/Makefile.am (TESTS): add name-45-test - * lib/krb5/name-45-test.c: add testcases for - krb5_425_conv_principal - -2002-08-29 Assar Westerlund <assar@kth.se> - - * lib/krb5/parse-name-test.c: also test unparse_short functions - * lib/asn1/asn1_print.c: use com_err/error_message API - * lib/krb5/Makefile.am: add parse-name-test - * lib/krb5/parse-name-test.c: add a program for testing parsing - and unparsing principal names - -2002-08-28 Assar Westerlund <assar@kth.se> - - * kdc/config.c: add missing ifdef DAEMON - -2002-08-28 Johan Danielsson <joda@pdc.kth.se> - - * configure.in: use rk_SUNOS - - * kdc/config.c: add detach options - - * kdc/main.c: maybe detach from console? - - * kdc/kdc.8: markup changes - - * configure.in: AC_TEST_PACKAGE_NEW -> rk_TEST_PACKAGE - - * configure.in: use rk_TELNET, rename some other macros, and don't - add -ldes to krb4 link command - - * kuser/kinit.1: whitespace fix (from NetBSD) - - * include/bits.c: we may need unistd.h for ssize_t - -2002-08-26 Assar Westerlund <assar@kth.se> - - * lib/krb5/principal.c (krb5_425_conv_principal_ext): lookup AAAA - rrs before A ones when using the resolver to verify a mapping, - also use getaddrinfo when resolver is not available - - * lib/hdb/keytab.c (find_db): const-correctness in parameters to - krb5_config_get_next - - * lib/asn1/gen.c: include <string.h> in the generated files (for - memset) + * NEWS: 1.108->1.110: fix text about gssapi compat + +2003-04-28 Love Hörnquist Åstrand <lha@it.su.se> -2002-08-22 Assar Westerlund <assar@kth.se> + * kdc/v4_dump.c: 1.4->1.5: (v4_prop_dump): limit strings length, + from openbsd - * lib/krb5/test_get_addrs.c, lib/krb5/krbhst-test.c: make it use - getarg so that it can handle --help and --version (and thus make - check can pass) +2003-04-24 Love Hörnquist Åstrand <lha@it.su.se> - * lib/asn1/check-der.c: make this build again + * doc/programming.texi: 1.2-1.3: s/managment/management/, from jmc + <jmc@prioris.mini.pw.edu.pl> -2002-08-22 Assar Westerlund <assar@kth.se> +2003-04-22 Love Hörnquist Åstrand <lha@it.su.se> - * lib/asn1/der_get.c (der_get_int): handle len == 0. based on a - patch from Love <lha@stacken.kth.se> + * lib/krb5/krbhst.c: 1.43->1.44: copy NUL too, from janj@wenf.org + via openbsd -2002-08-22 Johan Danielsson <joda@pdc.kth.se> +2003-04-17 Love Hörnquist Åstrand <lha@it.su.se> - * lib/krb5/krb5.h: we seem to call KRB5KDC_ERR_KEY_EXP - KRB5KDC_ERR_KEY_EXPIRED, so define the former to the latter + * lib/asn1/der_copy.c (copy_general_string): use strdup + * lib/asn1/der_put.c: remove sprintf + * lib/asn1/gen.c: remove strcpy/sprintf - * kdc/kdc.8: add blurb about adding and removing addresses; update - kdc.conf section to match reality - - * configure.in: KRB_SENDAUTH_VLEN seems to always have existed, so - don't define it + * lib/krb5/name-45-test.c: use a more unique name then ratatosk so + that other (me) have such hosts in the local domain and the tests + fails, to take hokkigai.pdc.kth.se instead -2002-08-21 Assar Westerlund <assar@kth.se> + * lib/krb5/test_alname.c: add --version and --help - * lib/asn1/asn1_print.c: print OIDs too, based on a patch from - Love <lha@stacken.kth.se> +2003-04-16 Love Hörnquist Åstrand <lha@it.su.se> -2002-08-21 Johan Danielsson <joda@pdc.kth.se> - - * kuser/kinit.c (do_v4_fallback): don't use krb_get_pw_in_tkt2 - since it might not exist, and we don't actually care about the key + * lib/krb5/krb5_warn.3: add krb5_get_err_text -2002-08-20 Johan Danielsson <joda@pdc.kth.se> - - * lib/krb5/krb5.conf.5: correct documentation for - verify_ap_req_nofail - - * lib/krb5/log.c: rename syslog_data to avoid name conflicts (from - Mattias Amnefelt) - - * kuser/klist.c (display_tokens): increase token buffer size, and - add more checks of the kernel data (from Love) - -2002-08-19 Johan Danielsson <joda@pdc.kth.se> - - * fix-export: use make to parse Makefile.am instead of perl - - * configure.in: use argument-less AM_INIT_AUTOMAKE, now that it - groks AC_INIT with package name etc. - - * kpasswd/kpasswdd.c: include <kadm5/private.h> - - * lib/asn1/asn1_print.c: include com_right.h - - * lib/krb5/addr_families.c: socklen_t -> krb5_socklen_t - - * include/bits.c: define krb5_socklen_t type; this should really - go someplace else, but this was easy - - * lib/krb5/verify_krb5_conf.c: don't bail out if parsing of a file - fails, just warn about it - - * kdc/log.c (kdc_openlog): no need for a config_file parameter - - * kdc/config.c: just treat kdc.conf like any other config file - - * lib/krb5/context.c (krb5_get_default_config_files): ignore - duplicate files - -2002-08-16 Johan Danielsson <joda@pdc.kth.se> - - * lib/krb5/krb5.h: turn strings into pointers, so we can assign to - them - - * lib/krb5/constants.c: turn strings into pointers, so we can - assign to them - - * lib/krb5/get_addrs.c (get_addrs_int): initialise res if - SCAN_INTERFACES is not set - - * lib/krb5/context.c: fix various borked stuff in previous commits - -2002-08-16 Jacques Vidrine <n@nectar.com> - - * lib/krb5/krbhst.c (kpasswd_get_next): if we fall back to using - the `admin_server' entry for kpasswd, override the `proto' result - to be UDP. - -2002-08-15 Johan Danielsson <joda@pdc.kth.se> - - * lib/krb5/auth_context.c: check return value of - krb5_sockaddr2address - - * lib/krb5/addr_families.c: check return value of - krb5_sockaddr2address - - * lib/krb5/context.c: get the default keytab from KRB5_KTNAME - -2002-08-14 Johan Danielsson <joda@pdc.kth.se> - - * lib/krb5/verify_krb5_conf.c: allow parsing of more than one file - - * lib/krb5/context.c: allow changing config files with the - function krb5_set_config_files, there are also related functions - krb5_get_default_config_files and krb5_free_config_files; these - should work similar to their MIT counterparts - - * lib/krb5/config_file.c: allow the use of more than one config - file by using the new function krb5_config_parse_file_multi - -2002-08-12 Johan Danielsson <joda@pdc.kth.se> - - * use sysconfdir instead of /etc - - * configure.in: require autoconf 2.53; rename dpagaix_LDFLAGS etc - to appease automake; force sysconfdir and localstatedir to /etc - and /var/heimdal for now - - * kdc/connect.c (addr_to_string): check return value of - sockaddr2address - -2002-08-09 Johan Danielsson <joda@pdc.kth.se> - - * lib/krb5/rd_cred.c: if the remote address isn't an addrport, - don't try comparing to one; this should make old clients work with - new servers - - * lib/asn1/gen_decode.c: remove unused variable - -2002-07-31 Johan Danielsson <joda@pdc.kth.se> - - * kdc/{kerberos5,524}.c: ENOENT -> HDB_ERR_NOENTRY (from Derrick - Brashear) + * lib/krb5/transited.c: use strlcat/strlcpy, from openbsd + * lib/krb5/krbhst.c (srv_find_realm): use strlcpy, from openbsd + * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): use + strlcpy, from openbsd + * kdc/hpropd.c: s/strcat/strlcat/, inspired from openbsd + * appl/kf/kfd.c: use strlcpy, from openbsd + +2003-04-16 Johan Danielsson <joda@pdc.kth.se> - * lib/krb5/principal.c: actually lower case the lower case - instance name (spotted by Derrick Brashear) + * configure.in: fix for large file support in AIX, _LARGE_FILES + needs to be defined on the command line, since lex likes to + include stdio.h before we get to config.h -2002-07-24 Johan Danielsson <joda@pdc.kth.se> +2003-04-16 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/*.3: Change .Fd #include <header.h> to .In header.h, + from Thomas Klausner <wiz@netbsd.org> + + * lib/krb5/krb5.conf.5: spelling, from Thomas Klausner + <wiz@netbsd.org> - * fix-export: if DATEDVERSION is set, change the version to - current date +2003-04-15 Love Hörnquist Åstrand <lha@it.su.se> - * configure.in: don't use AC_PROG_RANLIB, and use magic foo to set - LTLIBOBJS + * kdc/kerberos5.c: fix some more memory leaks + +2003-04-11 Love Hörnquist Åstrand <lha@it.su.se> -2002-07-04 Johan Danielsson <joda@pdc.kth.se> + * appl/kf/kf.1: spelling, from jmc <jmc@prioris.mini.pw.edu.pl> + +2003-04-08 Love Hörnquist Åstrand <lha@it.su.se> - * kdc/connect.c: add some cache-control-foo to the http responses - (from Gombas Gabor) + * admin/ktutil.8: typos, from jmc <jmc@acn.waw.pl> + +2003-04-06 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/krb5.3: s/kerberos/Kerberos/ + * lib/krb5/krb5_data.3: s/kerberos/Kerberos/ + * lib/krb5/krb5_address.3: s/kerberos/Kerberos/ + * lib/krb5/krb5_ccache.3: s/kerberos/Kerberos/ + * lib/krb5/krb5.conf.5: s/kerberos/Kerberos/ + * kuser/kinit.1: s/kerberos/Kerberos/ + * kdc/kdc.8: s/kerberos/Kerberos/ + +2003-04-01 Love Hörnquist Åstrand <lha@it.su.se> - * lib/krb5/addr_families.c (krb5_print_address): don't copy size - if ret_len == NULL + * lib/krb5/test_alname.c: more krb5_aname_to_localname tests + + * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): when + converting too root, make sure user is ok according to + krb5_kuserok before allowing it. -2002-06-28 Johan Danielsson <joda@pdc.kth.se> + * lib/krb5/Makefile.am (noinst_PROGRAMS): += test_alname + + * lib/krb5/test_alname.c: add test for krb5_aname_to_localname + + * lib/krb5/crypto.c (krb5_DES_AFS3_CMU_string_to_key): used p1 + instead of the "illegal" salt #~, same change as kth-krb did + 1999. Problems occur with crypt() that behaves like AT&T crypt + (openssl does this). Pointed out by Marcus Watts. + + * admin/change.c (kt_change): collect all principals we are going + to change, and pick the highest kvno and use that to guess what + kvno the resulting kvno is going to be. Now two ktutil change in a + row works. XXX fix the protocol to pass the kvno back. + +2003-03-31 Love Hörnquist Åstrand <lha@it.su.se> - * kuser/klist.c (display_tokens): don't bail out before we get - EDOM (signaling the end of the tokens), the kernel can also return - ENOTCONN, meaning that the index does not exist anymore (for - example if the token has expired) + * appl/kf/kf.1: afs->AFS, from jmc <jmc@acn.waw.pl> + +2003-03-30 Love Hörnquist Åstrand <lha@it.su.se> -2002-06-06 Johan Danielsson <joda@pdc.kth.se> + * doc/setup.texi: add description on how to turn on v4, 524 and + kaserver support - * lib/krb5/changepw.c: make sure we return an error if there are - no changepw hosts found; from Wynn Wilkes +2003-03-29 Love Hörnquist Åstrand <lha@it.su.se> -2002-05-29 Johan Danielsson <joda@pdc.kth.se> + * lib/krb5/verify_krb5_conf.c (appdefaults_entries): add afslog + and afs-use-524 - * lib/krb5/cache.c (krb5_cc_register): break out of loop when the - same type is found; spotted by Wynn Wilkes +2003-03-28 Love Hörnquist Åstrand <lha@it.su.se> -2002-05-15 Johan Danielsson <joda@pdc.kth.se> + * kdc/kerberos5.c (as_rep): when the second enctype_to_string + failes, remember to free memory from the first enctype_to_string - * kdc/kerberos5.c: don't free encrypted padata until we're really - done with it + * lib/krb5/crypto.c (usage2arcfour): map KRB5_KU_TICKET to 2, + from Harald Joerg <harald.joerg@fujitsu-siemens.com> + (enctype_arcfour_hmac_md5): disable checksum_hmac_md5_enc -2002-05-07 Johan Danielsson <joda@pdc.kth.se> + * lib/hdb/mkey.c (hdb_unseal_keys_mkey): truncate key to the key + length when key is longer then expected length, its probably + longer since the encrypted data was padded, reported by Aidan + Cully <aidan@kublai.com> - * kdc/kerberos5.c: when decrypting pa-data, try all keys matching - enctype + * lib/krb5/crypto.c (krb5_enctype_keysize): return key size of + encyption type, inspired by Aidan Cully <aidan@kublai.com> + +2003-03-27 Love Hörnquist Åstrand <lha@it.su.se> - * kuser/kinit.1: document -a + * lib/krb5/keytab.c (krb5_kt_get_entry): avoid printing 0 + (wildcard kvno) after principal when the keytab entry isn't found, + reported by Chris Chiappa <chris@chiappa.net> + +2003-03-26 Love Hörnquist Åstrand <lha@it.su.se> - * kuser/kinit.c: add command line switch for extra addresses + * doc/misc.texi: update 2b example to match reality (from + mattiasa@e.kth.se) -2002-04-30 Johan Danielsson <joda@blubb.pdc.kth.se> + * doc/misc.texi: spelling and add `Configuring AFS clients' + subsection - * configure.in: remove some duplicate tests +2003-03-25 Love Hörnquist Åstrand <lha@it.su.se> - * configure.in: use AC_HELP_STRING + * lib/krb5/krb5.3: add krb5_free_data_contents.3 + + * lib/krb5/data.c: add krb5_free_data_contents for compat with MIT + API -2002-04-29 Johan Danielsson <joda@pdc.kth.se> + * lib/krb5/krb5_data.3: add krb5_free_data_contents for compat + with MIT API + + * lib/krb5/krb5_verify_user.3: write more about how the ccache + argument should be inited when used + +2003-03-25 Johan Danielsson <joda@pdc.kth.se> - * lib/krb5/crypto.c (usage2arcfour): don't abort if the usage is - unknown + * lib/krb5/addr_families.c (krb5_print_address): make sure + print_addr is defined for the given address type; make addrports + printable -2002-04-25 Johan Danielsson <joda@pdc.kth.se> + * kdc/string2key.c: print the used enctype for kerberos 5 keys - * configure.in: use rk_DESTDIRS +2003-03-25 Love Hörnquist Åstrand <lha@it.su.se> -2002-04-22 Johan Danielsson <joda@pdc.kth.se> + * lib/krb5/aes-test.c: add another arcfour test + +2003-03-22 Love Hörnquist Åstrand <lha@it.su.se> - * lib/krb5/krb5_verify_user.3: make it clear that _lrealm modifies - the principal + * lib/krb5/aes-test.c: sneek in a test for arcfour-hmac-md5 + +2003-03-20 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/krb5_ccache.3: update .Dd -2002-04-19 Johan Danielsson <joda@pdc.kth.se> + * lib/krb5/krb5.3: sort in krb5_data functions - * lib/krb5/verify_init.c: fix typo in error string + * lib/krb5/Makefile.am (man_MANS): += krb5_data.3 -2002-04-18 Johan Danielsson <joda@pdc.kth.se> + * lib/krb5/krb5_data.3: document krb5_data - * acconfig.h: remove some stuff that is defined elsewhere + * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): if + prompter is NULL, don't try to ask for a password to + change. reported by Iain Moffat @ ufl.edu via Howard Chu + <hyc@highlandsun.com> - * lib/krb5/krb5_locl.h: include <sys/file.h> +2003-03-19 Love Hörnquist Åstrand <lha@it.su.se> - * lib/krb5/acl.c: rename acl_string parameter + * lib/krb5/krb5_keytab.3: spelling, from + <jmc@prioris.mini.pw.edu.pl> - * lib/krb5/Makefile.am: remove __P from protos, and put parameter - names in comments + * lib/krb5/krb5.conf.5: . means new line + + * lib/krb5/krb5.conf.5: spelling, from + <jmc@prioris.mini.pw.edu.pl> - * kuser/klist.c: better align some headers + * lib/krb5/krb5_auth_context.3: spelling, from + <jmc@prioris.mini.pw.edu.pl> - * kdc/kerberos4.c: storage tweaks +2003-03-18 Love Hörnquist Åstrand <lha@it.su.se> - * kdc/kaserver.c: storage tweaks + * kuser/Makefile.am: INCLUDES: -I$(srcdir)/../lib/krb5 + + * lib/krb5/convert_creds.c: add _krb5_krb_life_to_time + + * lib/krb5/krb5-v4compat.h: add _krb5_krb_life_to_time - * kdc/524.c: storage tweaks + * kdc/kdc_locl.h: 524 is independent of kerberos 4, so move out + #ifdef KRB4 from enable_v4_cross_realm since 524 needs it + + * kdc/config.c: 524 is independent of kerberos 4, so move out + enable_v4_cross_realm from #ifdef KRB4 since 524 needs it + +2003-03-17 Assar Westerlund <assar@kth.se> - * lib/krb5/keytab_krb4.c: storage tweaks + * kdc/kdc.8: document --kerberos4-cross-realm + * kdc/kerberos4.c: pay attention to enable_v4_cross_realm + * kdc/kdc_locl.h (enable_v4_cross_realm): add + * kdc/524.c (encode_524_response): check the enable_v4_cross_realm + flag before giving out v4 tickets for foreign v5 principals + * kdc/config.c: add --enable-kerberos4-cross-realm option (default + to off) - * lib/krb5/keytab_keyfile.c: storage tweaks +2003-03-17 Love Hörnquist Åstrand <lha@it.su.se> - * lib/krb5/keytab_file.c: storage tweaks; also try to handle zero - sized keytab files + * lib/krb5/Makefile.am (man_MANS) += krb5_aname_to_localname.3 + + * lib/krb5/krb5_aname_to_localname.3: manpage for + krb5_aname_to_localname - * lib/krb5/keytab_any.c: use KRB5_KT_END instead of KRB5_CC_END + * lib/krb5/krb5_kuserok.3: s/KRB5_USEROK/KRB5_KUSEROK/ + +2003-03-16 Love Hörnquist Åstrand <lha@it.su.se> - * lib/krb5/fcache.c: storage tweaks + * lib/krb5/Makefile.am (man_MANS): add krb5_set_default_realm.3 - * lib/krb5/store_mem.c: make the krb5_storage opaque, and add - function wrappers for store/fetch/seek, and also make the eof-code - configurable + * lib/krb5/krb5.3: add manpages from krb5_set_default_realm.3 - * lib/krb5/store_fd.c: make the krb5_storage opaque, and add - function wrappers for store/fetch/seek, and also make the eof-code - configurable + * lib/krb5/krb5_set_default_realm.3: Manpage for + krb5_free_host_realm, krb5_get_default_realm, + krb5_get_default_realms, krb5_get_host_realm, and + krb5_set_default_realm. - * lib/krb5/store_emem.c: make the krb5_storage opaque, and add - function wrappers for store/fetch/seek, and also make the eof-code - configurable + * admin/ktutil.8: s/entype/enctype/, from Igor Sobrado + <sobrado@acm.org> via NetBSD - * lib/krb5/store.c: make the krb5_storage opaque, and add function - wrappers for store/fetch/seek, and also make the eof-code - configurable + * lib/krb5/krb5_keytab.3: add documention for krb5_kt_get_type + + * lib/krb5/keytab.c (krb5_kt_get_type): get prefix/type of keytab + + * lib/krb5/krb5.h (KRB5_KT_PREFIX_MAX_LEN): max length of prefix + + * lib/krb5/krb5_ccache.3: document krb5_cc_get_ops, add more + types, add krb5_fcc_ops and krb5_mcc_ops + + * lib/krb5/cache.c (krb5_cc_get_ops): new function, return ops for + a id - * lib/krb5/store-int.h: make the krb5_storage opaque, and add - function wrappers for store/fetch/seek, and also make the eof-code - configurable +2003-03-15 Love Hörnquist Åstrand <lha@it.su.se> - * lib/krb5/krb5.h: make the krb5_storage opaque, and add function - wrappers for store/fetch/seek, and also make the eof-code - configurable + * doc/intro.texi: add reference to source code, binaries and the + manual - * include/bits.c: include <sys/socket.h> to get socklen_t + * lib/krb5/krb5.3: krb5.h isn't in krb5 directory in heimdal + +2003-03-14 Love Hörnquist Åstrand <lha@it.su.se> - * kdc/kerberos5.c (get_pa_etype_info): sort ETYPE-INFOs by - requested KDC-REQ etypes + * kdc/kdc.8: better/difrent english - * kdc/hpropd.c: constify + * kdc/kdc.8: . -> .\n, copyright/license + + * kdc/kdc.8: changed configuration file -> restart kdc - * kdc/hprop.c: constify + * kdc/kerberos4.c: add krb4 into the most error messages written + to the logfile - * kdc/string2key.c: constify + * lib/krb5/krb5_ccache.3: add missing name of argument + (krb5_context) to most functions - * kdc/kdc_locl.h: make port_str const +2003-03-13 Love Hörnquist Åstrand <lha@it.su.se> - * kdc/config.c: constify + * lib/krb5/kuserok.c (krb5_kuserok): preserve old behviour of + function and return FALSE when there isn't a local account for + `luser'. - * lib/krb5/config_file.c: constify + * lib/krb5/krb5_kuserok.3: fix prototype, spelling and more text + describing the function - * kdc/kstash.c: constify +2003-03-12 Love Hörnquist Åstrand <lha@it.su.se> - * lib/krb5/verify_user.c: remove unnecessary cast + * lib/krb5/cache.c (krb5_cc_default): if krb5_cc_default_name + returned memory, don't return ENOMEM - * lib/krb5/recvauth.c: constify +2003-03-11 Love Hörnquist Åstrand <lha@it.su.se> - * lib/krb5/principal.c (krb5_parse_name): const qualify + * lib/krb5/krb5.3: add krb5_address stuff and sort + + * lib/krb5/krb5_address.3: fix krb5_addr2sockaddr description + + * lib/krb5/Makefile.am (man_MANS): += krb5_address.3 + + * lib/krb5/krb5_address.3: document types krb5_address and + krb5_addresses and their helper functions - * lib/krb5/mcache.c (mcc_get_name): constify return type +2003-03-10 Love Hörnquist Åstrand <lha@it.su.se> - * lib/krb5/context.c (krb5_free_context): don't try to free the - ccache prefix + * lib/krb5/Makefile.am (man_MANS): += krb5_kuserok.3 - * lib/krb5/cache.c (krb5_cc_register): don't make a copy of the - prefix + * lib/krb5/krb5_kuserok.3: spelling, from cizzi@it.su.se - * lib/krb5/krb5.h: constify some struct members + * lib/krb5/Makefile.am (man_MANS): += krb5_ccache.3 - * lib/krb5/log.c: constify + * lib/krb5/krb5_ccache.3: spelling, from cizzi@it.su.se + + * lib/krb5/krb5.3: add more functions + + * lib/krb5/krb5_ccache.3: document krb5_ccache and krb5_cc + functions - * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): const - qualify + * lib/krb5/krb5_kuserok.3: document krb5_kuserok + + * lib/krb5/krb5_verify_user.3: document + krb5_verify_opt_set_flags(opt, KRB5_VERIFY_LREALMS) behavior - * lib/krb5/get_in_tkt.c (krb5_init_etype): constify + * lib/krb5/krb5_verify_user.3: document krb5_verify_opt* and + krb5_verify_user_opt - * lib/krb5/crypto.c: constify some + * lib/krb5/*.[0-9]: add copyright/licenses on more manpages - * lib/krb5/config_file.c: constify + * kuser/kdestroy.c (main): handle that krb5_cc_default_name can + return NULL - * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): - constify local variable + * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump minor + (TESTS): add test_cc - * lib/krb5/addr_families.c (ipv4_sockaddr2port): constify + * lib/krb5/test_cc.c: test some + krb5_cc_default_name/krb5_cc_set_default_name combinations + + * lib/krb5/context.c (init_context_from_config_file): set + default_cc_name to NULL + (krb5_free_context): free default_cc_name if set -2002-04-17 Johan Danielsson <joda@pdc.kth.se> + * lib/krb5/cache.c (krb5_cc_set_default_name): new function + (krb5_cc_default_name): use krb5_cc_set_default_name - * lib/krb5/verify_krb5_conf.c: add some log checking + * lib/krb5/krb5.h (krb5_context_data): add default_cc_name - * lib/krb5/log.c (krb5_addlog_dest): reorganise syslog parsing +2003-02-25 Love Hörnquist Åstrand <lha@it.su.se> -2002-04-16 Johan Danielsson <joda@pdc.kth.se> + * appl/kf/kf.1: s/securly/securely/ from NetBSD + +2003-02-18 Love Hörnquist Åstrand <lha@it.su.se> - * lib/krb5/crypto.c (krb5_crypto_init): check that the key size - matches the expected length + * kdc/connect.c: s/intialize/initialize, from + <jmc@prioris.mini.pw.edu.pl> -2002-03-27 Johan Danielsson <joda@pdc.kth.se> +2003-02-17 Love Hörnquist Åstrand <lha@it.su.se> - * lib/krb5/send_to_kdc.c: rename send parameter to send_data + * configure.in: add AM_MAINTAINER_MODE + +2003-02-16 Love Hörnquist Åstrand <lha@it.su.se> - * lib/krb5/mk_error.c: rename ctime parameter to client_time + * **/*.[0-9]: add copyright/licenses on all manpages -2002-03-22 Johan Danielsson <joda@pdc.kth.se> +2003-14-16 Jacques Vidrine <nectar@kth.se> - * kdc/kerberos5.c (find_etype): unsigned -> krb5_enctype (from - Reinoud Zandijk) + * lib/krb5/get_in_tkt.c (init_as_req): Send only a single + PA-ENC-TIMESTAMP in the AS-REQ, using the first encryption + type specified by the KDC. -2002-03-18 Johan Danielsson <joda@pdc.kth.se> +2003-02-15 Love Hörnquist Åstrand <lha@it.su.se> - * lib/asn1/k5.asn1: add the GSS-API checksum type here + * fix-export: some autoconf put their version number in + autom4te.cache, so remove autom4te*.cache + + * fix-export: make sure $1 is a directory + +2003-02-04 Love Hörnquist Åstrand <lha@it.su.se> -2002-03-11 Assar Westerlund <assar@sics.se> + * kpasswd/kpasswdd.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl> - * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to - 18:3:1 - * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 7:5:0 - * lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump version to 6:0:0 + * kdc/kdc.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl> -2002-03-10 Assar Westerlund <assar@sics.se> +2003-01-31 Love Hörnquist Åstrand <lha@it.su.se> - * lib/krb5/rd_cred.c: handle addresses with port numbers + * kdc/hpropd.8: s/databases/a database/ s/Not/not/ - * lib/krb5/keytab_file.c, lib/krb5/keytab.c: - store the kvno % 256 as the byte and the complete 32 bit kvno after - the end of the current keytab entry - - * lib/krb5/init_creds_pw.c: - handle LR_PW_EXPTIME and LR_ACCT_EXPTIME in the same way + * kdc/hprop.8: add missing . + +2003-01-30 Love Hörnquist Åstrand <lha@it.su.se> - * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): - handle ports giving for the remote address + * lib/krb5/krb5.conf.5: documentation for of boolean, etypes, + address, write out encryption type in sentences, s/Host/host + +2003-01-26 Love Hörnquist Åstrand <lha@it.su.se> - * lib/krb5/get_cred.c: - get a ticket with no addresses if no-addresses is set + * lib/asn1/check-gen.c: add checks for Authenticator too + +2003-01-25 Love Hörnquist Åstrand <lha@it.su.se> - * lib/krb5/crypto.c: - rename functions DES_* to krb5_* to avoid colliding with modern - openssl + * doc/setup.texi: in the hprop example, use hprop and the first + component, not host - * lib/krb5/addr_families.c: - make all functions taking 'struct sockaddr' actually take a socklen_t - instead of int and that acts as an in-out parameter (indicating the - maximum length of the sockaddr to be written) + * lib/krb5/get_addrs.c (find_all_addresses): address-less + point-to-point might not have an address, just ignore + those. Reported by Harald Barth. - * kdc/kerberos4.c: - make the kvno's in the krb4 universe by the real one % 256, since they - cannot only be 8 bit, and the v5 ones are actually 32 bits +2003-01-23 Love Hörnquist Åstrand <lha@it.su.se> -2002-02-15 Johan Danielsson <joda@pdc.kth.se> + * lib/krb5/verify_krb5_conf.c (check_section): when key isn't + found, don't print out all known keys - * lib/krb5/keytab_keyfile.c (akf_add_entry): don't create the file - before we need to write to it - (from Åke Sandgren) + * lib/krb5/verify_krb5_conf.c (syslogvals): mark up where severity + and facility start resp + (check_log): find_value() returns -1 when key isn't found -2002-02-14 Johan Danielsson <joda@pdc.kth.se> + * lib/krb5/crypto.c (_krb5_aes_cts_encrypt): make key argument a + 'const void *' to avoid AES_KEY being exposed in krb5-private.h + + * lib/krb5/krb5.conf.5: add [kdc]use_2b - * configure.in: rk_RETSIGTYPE and rk_BROKEN_REALLOC are called via - rk_ROKEN (from Gombas Gabor); find inttypes by CHECK_TYPES - directly + * kdc/524.c (encode_524_response): its 2b not b2 + + * doc/misc.texi: quote @ where missing + + * lib/asn1/Makefile.am: add check-gen + + * lib/asn1/check-gen.c: add Principal check + + * lib/asn1/check-common.h: move generic asn1/der functions from + check-der.c to here - * lib/krb5/rd_safe.c: actually use the correct key (from Daniel - Kouril) + * lib/asn1/check-common.c: move generic asn1/der functions from + check-der.c to here -2002-02-12 Johan Danielsson <joda@pdc.kth.se> + * lib/asn1/check-der.c: move out the generic asn1/der functions to + a common file - * lib/krb5/context.c (krb5_get_err_text): protect against NULL - context +2003-01-22 Love Hörnquist Åstrand <lha@it.su.se> -2002-02-11 Johan Danielsson <joda@pdc.kth.se> + * doc/misc.texi: more text about afs, how to get get your KeyFile, + and how to start use 2b tokens - * admin/ktutil.c: no need to use the "modify" keytab anymore + * lib/krb5/krb5.conf.5: spelling, from Jason McIntyre + <jmc@cvs.openbsd.org> + +2003-01-21 Jacques Vidrine <nectar@kth.se> - * lib/krb5/keytab_any.c: implement add and remove + * kuser/kuser_locl.h: include crypto-headers.h for + des_read_pw_string prototype - * lib/krb5/keytab_krb4.c: implement add and remove +2003-01-16 Love Hörnquist Åstrand <lha@it.su.se> - * lib/krb5/store_emem.c (emem_free): clear memory before freeing - (this should perhaps be selectable with a flag) + * admin/ktutil.8: document -v, --verbose -2002-02-04 Johan Danielsson <joda@pdc.kth.se> + * admin/get.c (kt_get): make getarg usage consistent with other + other parts of ktutil - * kdc/config.c (get_dbinfo): if there are database specifications - in the config file, don't automatically try to use the default - values (from Gombas Gabor) + * admin/copy.c (kt_copy): remove adding verbose_flag to args + struct, since it will overrun the args array (from Sumit Bose) + +2003-01-15 Love Hörnquist Åstrand <lha@it.su.se> - * lib/krb5/log.c (krb5_closelog): don't pass pointer to pointer - (from Gombas Gabor) + * lib/krb5/krb5.conf.5: write more about [realms] REALM = { kdc = + ... } -2002-01-30 Johan Danielsson <joda@pdc.kth.se> + * lib/krb5/aes-test.c: test vectors in aes-draft + + * lib/krb5/Makefile.am: add aes-test.c - * admin/list.c: get the default keytab from krb5.conf, and list - all parts of an ANY type keytab + * lib/krb5/crypto.c: Add support for AES + (draft-raeburn-krb-rijndael-krb-02), not enabled by default. + (HMAC_SHA1_DES3_checksum): rename to SP_HMAC_SHA1_checksum and modify + to support checksumtype that are have a shorter wireformat then + their output block size. + + * lib/krb5/crypto.c (struct encryption_type): split the blocksize + into blocksize and padsize, padsize is the minimum padding + size. they are the same for now + (enctype_*): add padsize + (encrypt_internal): use padsize + (encrypt_internal_derived): use padsize + (wrapped_length): use padsize + (wrapped_length_dervied): use padsize + + * lib/krb5/crypto.c: add extra `opaque' argument to string_to_key + function for each enctype in preparation enctypes that uses + `Encryption and Checksum Specifications for Kerberos 5' draft + + * lib/asn1/k5.asn1: add checksum and enctype for AES from + draft-raeburn-krb-rijndael-krb-02.txt - * lib/krb5/context.c: default default_keytab_modify to NULL + * lib/krb5/krb5.h (krb5_keytype): add KEYTYPE_AES128, + KEYTYPE_AES256 - * lib/krb5/keytab.c (krb5_kt_default_modify_name): if no modify - name is specified take it from the first component of the default - keytab name +2003-01-14 Love Hörnquist Åstrand <lha@it.su.se> -2002-01-29 Johan Danielsson <joda@pdc.kth.se> + * lib/hdb/common.c (_hdb_fetch): handle error code from + hdb_value2entry - * lib/krb5/keytab.c: compare keytab types case insensitively + * kdc/Makefile.am: always include kerberos4.c and 524.c in + kdc_SOURCES to support 524 -2002-01-07 Assar Westerlund <assar@sics.se> + * kdc/524.c: always compile in support for 524 + + * kdc/kdc_locl.h: move out krb/524 protos from under #ifdef KRB4 + + * kdc/config.c: always compile in support for 524 + + * kdc/connect.c: always compile in support for 524 + + * kdc/kerberos4.c: export encode_v4_ticket() and get_des_key() + even when we build without kerberos 4, 524 needs them + + * lib/krb5/convert_creds.c, lib/krb5/krb5-v4compat.h: Split out + Kerberos 4 help functions/structures so other parts of the source + tree can use it (like the KDC) - * lib/krb5/crypto.c (create_checksum): make usage `unsigned' (it's - not really a krb5_key_usage). From Ben Harris <bjh21@netbsd.org> - * lib/krb5/get_in_tkt.c: use krb5_enctype consistently. From Ben - Harris <bjh21@netbsd.org> - * lib/krb5/crypto.c: use krb5_enctype consistently. From Ben - Harris <bjh21@netbsd.org> - * kdc/kerberos5.c: use krb5_enctype consistently. From Ben Harris - <bjh21@netbsd.org> diff --git a/crypto/heimdal/ChangeLog.2002 b/crypto/heimdal/ChangeLog.2002 new file mode 100644 index 0000000..37fda2e --- /dev/null +++ b/crypto/heimdal/ChangeLog.2002 @@ -0,0 +1,726 @@ +2002-12-19 Johan Danielsson <joda@pdc.kth.se> + + * lib/krb5/mk_rep.c: free allocated storage; reported by Howard + Chu + +2002-12-08 Johan Danielsson <joda@pdc.kth.se> + + * kdc/kdc_locl.h: remove old encrypt_v4_ticket prototype + +2002-12-02 Johan Danielsson <joda@pdc.kth.se> + + * kpasswd/kpasswdd.c (doit): initialise sa_size to size of + sockaddr_storage + + * kdc/connect.c (init_socket): initialise sa_size to size of + sockaddr_storage + +2002-11-15 Johan Danielsson <joda@pdc.kth.se> + + * lib/krb5/krb5.h: remove trailing comma in enum + +2002-11-07 Johan Danielsson <joda@pdc.kth.se> + + * kdc/524.c: implement crude b2 style (non-)conversion for use + with afs + + * kdc/kerberos4.c: move encrypt_v4_ticket to 524.c, since that's + where it's used + +2002-10-21 Johan Danielsson <joda@pdc.kth.se> + + * lib/krb5/keytab_keyfile.c: more strcspn + + * lib/krb5/store_emem.c (emem_store): limit how much we allocate + (from Olaf Kirch) + + * lib/krb5/principal.c: don't allow trailing backslashes in + components + + * kdc/connect.c: check that %-quotes are followed by two hex + digits + + * lib/krb5/keytab_any.c: properly close the open keytabs (from + Larry Greenfield) + + * kdc/kaserver.c: make sure life is positive (from John Godehn) + +2002-10-17 Johan Danielsson <joda@pdc.kth.se> + + * kuser/klist.c (display_tokens): allow tokens up to size of + buffer (from Magnus Holmberg) + +2002-09-29 Johan Danielsson <joda@pdc.kth.se> + + * lib/krb5/changepw.c (process_reply): fix reply length check + calculation (reported by various people) + +2002-09-24 Johan Danielsson <joda@pdc.kth.se> + + * lib/krb5/keytab_file.c (fkt_remove_entry): check return value + from start_seq_get (from Wynn Wilkes) + +2002-09-19 Johan Danielsson <joda@pdc.kth.se> + + * lib/krb5/context.c (krb5_set_config_files): return ENXIO instead + of ENOENT when "unconfigured" + +2002-09-16 Jacques Vidrine <nectar@kth.se> + + * lib/krb5/kuserok.c, lib/krb5/prompter_posix.c: use strcspn + to convert the newline to NUL in fgets results. + +2002-09-13 Johan Danielsson <joda@pdc.kth.se> + + * kuser/kinit.1: remove unneeded Ns + + * lib/krb5/krb5_appdefault.3: remove extra "application" + + * fix-export: remove autom4ate.cache + +2002-09-10 Johan Danielsson <joda@pdc.kth.se> + + * include/make_crypto.c: don't use function macros if possible + + * lib/krb5/krb5_locl.h: get limits.h for UINT_MAX + + * include/Makefile.am: use make_crypto to create crypto-headers.h + + * include/make_crypto.c: crypto header generation tool + + * configure.in: move crypto test to just after testing for krb4, + and move roken tests to after both, this speeds up various failure + cases with krb4 + + * lib/krb5/config_file.c: don't use NULL when we mean 0 + + * configure.in: we don't set package_libdir anymore, so no point + in testing for it + + * tools/Makefile.am: subst INCLUDE_des + + * tools/krb5-config.in: add INCLUDE_des to cflags + + * configure.in: use AC_CONFIG_SRCDIR + + * fix-export: remove some unneeded stuff + + * kuser/kinit.c (do_524init): free principals + +2002-09-09 Jacques Vidrine <nectar@kth.se> + + * kdc/kerberos5.c (get_pa_etype_info, fix_transited_encoding), + kdc/kaserver.c (krb5_ret_xdr_data), + lib/krb5/transited.c (krb5_domain_x500_decode): Validate some + counts: Check that they are non-negative, and that they are small + enough to avoid integer overflow when used in memory allocation + calculations. Potential problem areas pointed out by + Sebastian Krahmer <krahmer@suse.de>. + + * lib/krb5/keytab_keyfile.c (akf_add_entry): Use O_EXCL when + creating a new keyfile. + +2002-09-09 Johan Danielsson <joda@pdc.kth.se> + + * configure.in: don't try to build pam module + +2002-09-05 Johan Danielsson <joda@pdc.kth.se> + + * appl/kf/kf.c: fix warning string + + * lib/krb5/log.c (krb5_vlog_msg): delay message formating till we + know we need it + +2002-09-04 Assar Westerlund <assar@kth.se> + + * kdc/kerberos5.c (encode_reply): correct error logging + +2002-09-04 Johan Danielsson <joda@pdc.kth.se> + + * lib/krb5/sendauth.c: close ccache if we opened it + + * appl/kf/kf.c: handle new protocol + + * appl/kf/kfd.c: use krb5_err instead of sysloging directly, + handle the new protocol, and bail out if an old client tries to + connect + + * appl/kf/kf_locl.h: we need a protocol version string + + * lib/hdb/hdb-ldap.c: use ASN1_MALLOC_ENCODE + + * kdc/kerberos5.c: use ASN1_MALLOC_ENCODE + + * kdc/hprop.c: set AP_OPTS_USE_SUBKEY + + * lib/hdb/common.c: use ASN1_MALLOC_ENCODE + + * lib/asn1/gen.c: add convenience macro that allocates a buffer + and encoded into that + + * lib/krb5/get_cred.c (init_tgs_req): use + in_creds->session.keytype literally instead of trying to convert + to a list of enctypes (it should already be an enctype) + + * lib/krb5/get_cred.c (init_tgs_req): init ret + +2002-09-03 Johan Danielsson <joda@pdc.kth.se> + + * lib/asn1/k5.asn1: remove ETYPE_DES3_CBC_NONE_IVEC + + * lib/krb5/krb5.h: remove ENCTYPE_DES3_CBC_NONE_IVEC + + * lib/krb5/crypto.c: get rid of DES3_CBC_encrypt_ivec, just use + zero ivec in DES3_CBC_encrypt if passed ivec is NULL + + * lib/krb5/Makefile.am: back out 1.144, since it will re-create + krb5-protos.h at build-time, which requires perl, which is bad + + * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): don't + blindly use the local subkey + + * lib/krb5/crypto.c: add function krb5_crypto_getblocksize that + extracts the required blocksize from a crypto context + + * lib/krb5/build_auth.c: just get the length of the encoded + authenticator instead of trying to grow a buffer + +2002-09-03 Assar Westerlund <assar@kth.se> + + * configure.in: add --disable-mmap option, and tests for + sys/mman.h and mmap + +2002-09-03 Jacques Vidrine <nectar@kth.se> + + * lib/krb5/changepw.c: verify lengths in response + + * lib/asn1/der_get.c (decode_integer, decode_unsigned): check for + truncated integers + +2002-09-02 Johan Danielsson <joda@pdc.kth.se> + + * lib/krb5/mk_req_ext.c: generate a local subkey if + AP_OPTS_USE_SUBKEY is set + + * lib/krb5/build_auth.c: we don't have enough information about + whether to generate a local subkey here, so don't try to + + * lib/krb5/auth_context.c: new function + krb5_auth_con_generatelocalsubkey + + * lib/krb5/get_in_tkt.c: only set kdc_sec_offset if looking at an + initial ticket + + * lib/krb5/context.c (init_context_from_config_file): simplify + initialisation of srv_lookup + + * lib/krb5/changepw.c (send_request): set AP_OPTS_USE_SUBKEY + + * lib/krb5/krb5.h: add AP_OPTS_USE_SUBKEY + +2002-08-30 Assar Westerlund <assar@kth.se> + + * lib/krb5/name-45-test.c: also test krb5_524_conv_principal + * lib/krb5/Makefile.am (TESTS): add name-45-test + * lib/krb5/name-45-test.c: add testcases for + krb5_425_conv_principal + +2002-08-29 Assar Westerlund <assar@kth.se> + + * lib/krb5/parse-name-test.c: also test unparse_short functions + * lib/asn1/asn1_print.c: use com_err/error_message API + * lib/krb5/Makefile.am: add parse-name-test + * lib/krb5/parse-name-test.c: add a program for testing parsing + and unparsing principal names + +2002-08-28 Assar Westerlund <assar@kth.se> + + * kdc/config.c: add missing ifdef DAEMON + +2002-08-28 Johan Danielsson <joda@pdc.kth.se> + + * configure.in: use rk_SUNOS + + * kdc/config.c: add detach options + + * kdc/main.c: maybe detach from console? + + * kdc/kdc.8: markup changes + + * configure.in: AC_TEST_PACKAGE_NEW -> rk_TEST_PACKAGE + + * configure.in: use rk_TELNET, rename some other macros, and don't + add -ldes to krb4 link command + + * kuser/kinit.1: whitespace fix (from NetBSD) + + * include/bits.c: we may need unistd.h for ssize_t + +2002-08-26 Assar Westerlund <assar@kth.se> + + * lib/krb5/principal.c (krb5_425_conv_principal_ext): lookup AAAA + rrs before A ones when using the resolver to verify a mapping, + also use getaddrinfo when resolver is not available + + * lib/hdb/keytab.c (find_db): const-correctness in parameters to + krb5_config_get_next + + * lib/asn1/gen.c: include <string.h> in the generated files (for + memset) + +2002-08-22 Assar Westerlund <assar@kth.se> + + * lib/krb5/test_get_addrs.c, lib/krb5/krbhst-test.c: make it use + getarg so that it can handle --help and --version (and thus make + check can pass) + + * lib/asn1/check-der.c: make this build again + +2002-08-22 Assar Westerlund <assar@kth.se> + + * lib/asn1/der_get.c (der_get_int): handle len == 0. based on a + patch from Love <lha@stacken.kth.se> + +2002-08-22 Johan Danielsson <joda@pdc.kth.se> + + * lib/krb5/krb5.h: we seem to call KRB5KDC_ERR_KEY_EXP + KRB5KDC_ERR_KEY_EXPIRED, so define the former to the latter + + * kdc/kdc.8: add blurb about adding and removing addresses; update + kdc.conf section to match reality + + * configure.in: KRB_SENDAUTH_VLEN seems to always have existed, so + don't define it + +2002-08-21 Assar Westerlund <assar@kth.se> + + * lib/asn1/asn1_print.c: print OIDs too, based on a patch from + Love <lha@stacken.kth.se> + +2002-08-21 Johan Danielsson <joda@pdc.kth.se> + + * kuser/kinit.c (do_v4_fallback): don't use krb_get_pw_in_tkt2 + since it might not exist, and we don't actually care about the key + +2002-08-20 Johan Danielsson <joda@pdc.kth.se> + + * lib/krb5/krb5.conf.5: correct documentation for + verify_ap_req_nofail + + * lib/krb5/log.c: rename syslog_data to avoid name conflicts (from + Mattias Amnefelt) + + * kuser/klist.c (display_tokens): increase token buffer size, and + add more checks of the kernel data (from Love) + +2002-08-19 Johan Danielsson <joda@pdc.kth.se> + + * fix-export: use make to parse Makefile.am instead of perl + + * configure.in: use argument-less AM_INIT_AUTOMAKE, now that it + groks AC_INIT with package name etc. + + * kpasswd/kpasswdd.c: include <kadm5/private.h> + + * lib/asn1/asn1_print.c: include com_right.h + + * lib/krb5/addr_families.c: socklen_t -> krb5_socklen_t + + * include/bits.c: define krb5_socklen_t type; this should really + go someplace else, but this was easy + + * lib/krb5/verify_krb5_conf.c: don't bail out if parsing of a file + fails, just warn about it + + * kdc/log.c (kdc_openlog): no need for a config_file parameter + + * kdc/config.c: just treat kdc.conf like any other config file + + * lib/krb5/context.c (krb5_get_default_config_files): ignore + duplicate files + +2002-08-16 Johan Danielsson <joda@pdc.kth.se> + + * lib/krb5/krb5.h: turn strings into pointers, so we can assign to + them + + * lib/krb5/constants.c: turn strings into pointers, so we can + assign to them + + * lib/krb5/get_addrs.c (get_addrs_int): initialise res if + SCAN_INTERFACES is not set + + * lib/krb5/context.c: fix various borked stuff in previous commits + +2002-08-16 Jacques Vidrine <n@nectar.com> + + * lib/krb5/krbhst.c (kpasswd_get_next): if we fall back to using + the `admin_server' entry for kpasswd, override the `proto' result + to be UDP. + +2002-08-15 Johan Danielsson <joda@pdc.kth.se> + + * lib/krb5/auth_context.c: check return value of + krb5_sockaddr2address + + * lib/krb5/addr_families.c: check return value of + krb5_sockaddr2address + + * lib/krb5/context.c: get the default keytab from KRB5_KTNAME + +2002-08-14 Johan Danielsson <joda@pdc.kth.se> + + * lib/krb5/verify_krb5_conf.c: allow parsing of more than one file + + * lib/krb5/context.c: allow changing config files with the + function krb5_set_config_files, there are also related functions + krb5_get_default_config_files and krb5_free_config_files; these + should work similar to their MIT counterparts + + * lib/krb5/config_file.c: allow the use of more than one config + file by using the new function krb5_config_parse_file_multi + +2002-08-12 Johan Danielsson <joda@pdc.kth.se> + + * use sysconfdir instead of /etc + + * configure.in: require autoconf 2.53; rename dpagaix_LDFLAGS etc + to appease automake; force sysconfdir and localstatedir to /etc + and /var/heimdal for now + + * kdc/connect.c (addr_to_string): check return value of + sockaddr2address + +2002-08-09 Johan Danielsson <joda@pdc.kth.se> + + * lib/krb5/rd_cred.c: if the remote address isn't an addrport, + don't try comparing to one; this should make old clients work with + new servers + + * lib/asn1/gen_decode.c: remove unused variable + +2002-07-31 Johan Danielsson <joda@pdc.kth.se> + + * kdc/{kerberos5,524}.c: ENOENT -> HDB_ERR_NOENTRY (from Derrick + Brashear) + + * lib/krb5/principal.c: actually lower case the lower case + instance name (spotted by Derrick Brashear) + +2002-07-24 Johan Danielsson <joda@pdc.kth.se> + + * fix-export: if DATEDVERSION is set, change the version to + current date + + * configure.in: don't use AC_PROG_RANLIB, and use magic foo to set + LTLIBOBJS + +2002-07-04 Johan Danielsson <joda@pdc.kth.se> + + * kdc/connect.c: add some cache-control-foo to the http responses + (from Gombas Gabor) + + * lib/krb5/addr_families.c (krb5_print_address): don't copy size + if ret_len == NULL + +2002-06-28 Johan Danielsson <joda@pdc.kth.se> + + * kuser/klist.c (display_tokens): don't bail out before we get + EDOM (signaling the end of the tokens), the kernel can also return + ENOTCONN, meaning that the index does not exist anymore (for + example if the token has expired) + +2002-06-06 Johan Danielsson <joda@pdc.kth.se> + + * lib/krb5/changepw.c: make sure we return an error if there are + no changepw hosts found; from Wynn Wilkes + +2002-05-29 Johan Danielsson <joda@pdc.kth.se> + + * lib/krb5/cache.c (krb5_cc_register): break out of loop when the + same type is found; spotted by Wynn Wilkes + +2002-05-28 Johan Danielsson <joda@pdc.kth.se> + + * lib/krb5/keytab_file.c: check size of entry before trying to + read 32-bit kvno; also fix typo in previous + +2002-05-24 Johan Danielsson <joda@pdc.kth.se> + + * include/Makefile.am: only add to INCLUDES + + * lib/45/mk_req.c: fix for storage change + + * lib/hdb/print.c: fix for storage change + +2002-05-15 Johan Danielsson <joda@pdc.kth.se> + + * kdc/kerberos5.c: don't free encrypted padata until we're really + done with it + +2002-05-07 Johan Danielsson <joda@pdc.kth.se> + + * kdc/kerberos5.c: when decrypting pa-data, try all keys matching + enctype + + * kuser/kinit.1: document -a + + * kuser/kinit.c: add command line switch for extra addresses + +2002-04-30 Johan Danielsson <joda@blubb.pdc.kth.se> + + * configure.in: remove some duplicate tests + + * configure.in: use AC_HELP_STRING + +2002-04-29 Johan Danielsson <joda@pdc.kth.se> + + * lib/krb5/crypto.c (usage2arcfour): don't abort if the usage is + unknown + +2002-04-25 Johan Danielsson <joda@pdc.kth.se> + + * configure.in: use rk_DESTDIRS + +2002-04-22 Johan Danielsson <joda@pdc.kth.se> + + * lib/krb5/krb5_verify_user.3: make it clear that _lrealm modifies + the principal + +2002-04-19 Johan Danielsson <joda@pdc.kth.se> + + * lib/krb5/verify_init.c: fix typo in error string + +2002-04-18 Johan Danielsson <joda@pdc.kth.se> + + * acconfig.h: remove some stuff that is defined elsewhere + + * lib/krb5/krb5_locl.h: include <sys/file.h> + + * lib/krb5/acl.c: rename acl_string parameter + + * lib/krb5/Makefile.am: remove __P from protos, and put parameter + names in comments + + * kuser/klist.c: better align some headers + + * kdc/kerberos4.c: storage tweaks + + * kdc/kaserver.c: storage tweaks + + * kdc/524.c: storage tweaks + + * lib/krb5/keytab_krb4.c: storage tweaks + + * lib/krb5/keytab_keyfile.c: storage tweaks + + * lib/krb5/keytab_file.c: storage tweaks; also try to handle zero + sized keytab files + + * lib/krb5/keytab_any.c: use KRB5_KT_END instead of KRB5_CC_END + + * lib/krb5/fcache.c: storage tweaks + + * lib/krb5/store_mem.c: make the krb5_storage opaque, and add + function wrappers for store/fetch/seek, and also make the eof-code + configurable + + * lib/krb5/store_fd.c: make the krb5_storage opaque, and add + function wrappers for store/fetch/seek, and also make the eof-code + configurable + + * lib/krb5/store_emem.c: make the krb5_storage opaque, and add + function wrappers for store/fetch/seek, and also make the eof-code + configurable + + * lib/krb5/store.c: make the krb5_storage opaque, and add function + wrappers for store/fetch/seek, and also make the eof-code + configurable + + * lib/krb5/store-int.h: make the krb5_storage opaque, and add + function wrappers for store/fetch/seek, and also make the eof-code + configurable + + * lib/krb5/krb5.h: make the krb5_storage opaque, and add function + wrappers for store/fetch/seek, and also make the eof-code + configurable + + * include/bits.c: include <sys/socket.h> to get socklen_t + + * kdc/kerberos5.c (get_pa_etype_info): sort ETYPE-INFOs by + requested KDC-REQ etypes + + * kdc/hpropd.c: constify + + * kdc/hprop.c: constify + + * kdc/string2key.c: constify + + * kdc/kdc_locl.h: make port_str const + + * kdc/config.c: constify + + * lib/krb5/config_file.c: constify + + * kdc/kstash.c: constify + + * lib/krb5/verify_user.c: remove unnecessary cast + + * lib/krb5/recvauth.c: constify + + * lib/krb5/principal.c (krb5_parse_name): const qualify + + * lib/krb5/mcache.c (mcc_get_name): constify return type + + * lib/krb5/context.c (krb5_free_context): don't try to free the + ccache prefix + + * lib/krb5/cache.c (krb5_cc_register): don't make a copy of the + prefix + + * lib/krb5/krb5.h: constify some struct members + + * lib/krb5/log.c: constify + + * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): const + qualify + + * lib/krb5/get_in_tkt.c (krb5_init_etype): constify + + * lib/krb5/crypto.c: constify some + + * lib/krb5/config_file.c: constify + + * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): + constify local variable + + * lib/krb5/addr_families.c (ipv4_sockaddr2port): constify + +2002-04-17 Johan Danielsson <joda@pdc.kth.se> + + * lib/krb5/verify_krb5_conf.c: add some log checking + + * lib/krb5/log.c (krb5_addlog_dest): reorganise syslog parsing + +2002-04-16 Johan Danielsson <joda@pdc.kth.se> + + * lib/krb5/crypto.c (krb5_crypto_init): check that the key size + matches the expected length + +2002-03-27 Johan Danielsson <joda@pdc.kth.se> + + * lib/krb5/send_to_kdc.c: rename send parameter to send_data + + * lib/krb5/mk_error.c: rename ctime parameter to client_time + +2002-03-22 Johan Danielsson <joda@pdc.kth.se> + + * kdc/kerberos5.c (find_etype): unsigned -> krb5_enctype (from + Reinoud Zandijk) + +2002-03-18 Johan Danielsson <joda@pdc.kth.se> + + * lib/asn1/k5.asn1: add the GSS-API checksum type here + +2002-03-11 Assar Westerlund <assar@sics.se> + + * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to + 18:3:1 + * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 7:5:0 + * lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump version to 6:0:0 + +2002-03-10 Assar Westerlund <assar@sics.se> + + * lib/krb5/rd_cred.c: handle addresses with port numbers + + * lib/krb5/keytab_file.c, lib/krb5/keytab.c: + store the kvno % 256 as the byte and the complete 32 bit kvno after + the end of the current keytab entry + + * lib/krb5/init_creds_pw.c: + handle LR_PW_EXPTIME and LR_ACCT_EXPTIME in the same way + + * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): + handle ports giving for the remote address + + * lib/krb5/get_cred.c: + get a ticket with no addresses if no-addresses is set + + * lib/krb5/crypto.c: + rename functions DES_* to krb5_* to avoid colliding with modern + openssl + + * lib/krb5/addr_families.c: + make all functions taking 'struct sockaddr' actually take a socklen_t + instead of int and that acts as an in-out parameter (indicating the + maximum length of the sockaddr to be written) + + * kdc/kerberos4.c: + make the kvno's in the krb4 universe by the real one % 256, since they + cannot only be 8 bit, and the v5 ones are actually 32 bits + +2002-02-15 Johan Danielsson <joda@pdc.kth.se> + + * lib/krb5/keytab_keyfile.c (akf_add_entry): don't create the file + before we need to write to it + (from Åke Sandgren) + +2002-02-14 Johan Danielsson <joda@pdc.kth.se> + + * configure.in: rk_RETSIGTYPE and rk_BROKEN_REALLOC are called via + rk_ROKEN (from Gombas Gabor); find inttypes by CHECK_TYPES + directly + + * lib/krb5/rd_safe.c: actually use the correct key (from Daniel + Kouril) + +2002-02-12 Johan Danielsson <joda@pdc.kth.se> + + * lib/krb5/context.c (krb5_get_err_text): protect against NULL + context + +2002-02-11 Johan Danielsson <joda@pdc.kth.se> + + * admin/ktutil.c: no need to use the "modify" keytab anymore + + * lib/krb5/keytab_any.c: implement add and remove + + * lib/krb5/keytab_krb4.c: implement add and remove + + * lib/krb5/store_emem.c (emem_free): clear memory before freeing + (this should perhaps be selectable with a flag) + +2002-02-04 Johan Danielsson <joda@pdc.kth.se> + + * kdc/config.c (get_dbinfo): if there are database specifications + in the config file, don't automatically try to use the default + values (from Gombas Gabor) + + * lib/krb5/log.c (krb5_closelog): don't pass pointer to pointer + (from Gombas Gabor) + +2002-01-30 Johan Danielsson <joda@pdc.kth.se> + + * admin/list.c: get the default keytab from krb5.conf, and list + all parts of an ANY type keytab + + * lib/krb5/context.c: default default_keytab_modify to NULL + + * lib/krb5/keytab.c (krb5_kt_default_modify_name): if no modify + name is specified take it from the first component of the default + keytab name + +2002-01-29 Johan Danielsson <joda@pdc.kth.se> + + * lib/krb5/keytab.c: compare keytab types case insensitively + +2002-01-07 Assar Westerlund <assar@sics.se> + + * lib/krb5/crypto.c (create_checksum): make usage `unsigned' (it's + not really a krb5_key_usage). From Ben Harris <bjh21@netbsd.org> + * lib/krb5/get_in_tkt.c: use krb5_enctype consistently. From Ben + Harris <bjh21@netbsd.org> + * lib/krb5/crypto.c: use krb5_enctype consistently. From Ben + Harris <bjh21@netbsd.org> + * kdc/kerberos5.c: use krb5_enctype consistently. From Ben Harris + <bjh21@netbsd.org> diff --git a/crypto/heimdal/Makefile.in b/crypto/heimdal/Makefile.in index 2670fc7..5b3567f 100644 --- a/crypto/heimdal/Makefile.in +++ b/crypto/heimdal/Makefile.in @@ -18,7 +18,7 @@ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -236,18 +237,18 @@ all: all-recursive .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe) $(top_builddir)/config.status: $(srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) $(SHELL) ./config.status --recheck -$(srcdir)/configure: $(srcdir)/configure.in $(ACLOCAL_M4) $(CONFIGURE_DEPENDENCIES) +$(srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(srcdir)/configure.in $(ACLOCAL_M4) $(CONFIGURE_DEPENDENCIES) cd $(srcdir) && $(AUTOCONF) -$(ACLOCAL_M4): configure.in acinclude.m4 cf/aix.m4 cf/auth-modules.m4 cf/broken-getaddrinfo.m4 cf/broken-getnameinfo.m4 cf/broken-glob.m4 cf/broken-realloc.m4 cf/broken-snprintf.m4 cf/broken.m4 cf/broken2.m4 cf/c-attribute.m4 cf/c-function.m4 cf/capabilities.m4 cf/check-compile-et.m4 cf/check-declaration.m4 cf/check-getpwnam_r-posix.m4 cf/check-man.m4 cf/check-netinet-ip-and-tcp.m4 cf/check-type-extra.m4 cf/check-var.m4 cf/check-x.m4 cf/check-xau.m4 cf/crypto.m4 cf/db.m4 cf/destdirs.m4 cf/dlopen.m4 cf/find-func-no-libs.m4 cf/find-func-no-libs2.m4 cf/find-func.m4 cf/find-if-not-broken.m4 cf/have-pragma-weak.m4 cf/have-struct-field.m4 cf/have-type.m4 cf/have-types.m4 cf/irix.m4 cf/krb-bigendian.m4 cf/krb-func-getcwd-broken.m4 cf/krb-func-getlogin.m4 cf/krb-ipv6.m4 cf/krb-prog-ln-s.m4 cf/krb-prog-ranlib.m4 cf/krb-prog-yacc.m4 cf/krb-readline.m4 cf/krb-struct-spwd.m4 cf/krb-struct-winsize.m4 cf/krb-sys-aix.m4 cf/krb-sys-nextstep.m4 cf/krb-version.m4 cf/mips-abi.m4 cf/misc.m4 cf/need-proto.m4 cf/osfc2.m4 cf/otp.m4 cf/proto-compat.m4 cf/retsigtype.m4 cf/roken-frag.m4 cf/roken.m4 cf/sunos.m4 cf/telnet.m4 cf/test-package.m4 cf/wflags.m4 cf/with-all.m4 +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ configure.in acinclude.m4 cf/aix.m4 cf/auth-modules.m4 cf/broken-getaddrinfo.m4 cf/broken-getnameinfo.m4 cf/broken-glob.m4 cf/broken-realloc.m4 cf/broken-snprintf.m4 cf/broken.m4 cf/broken2.m4 cf/c-attribute.m4 cf/c-function.m4 cf/capabilities.m4 cf/check-compile-et.m4 cf/check-declaration.m4 cf/check-getpwnam_r-posix.m4 cf/check-man.m4 cf/check-netinet-ip-and-tcp.m4 cf/check-type-extra.m4 cf/check-var.m4 cf/check-x.m4 cf/check-xau.m4 cf/crypto.m4 cf/db.m4 cf/destdirs.m4 cf/dlopen.m4 cf/find-func-no-libs.m4 cf/find-func-no-libs2.m4 cf/find-func.m4 cf/find-if-not-broken.m4 cf/have-pragma-weak.m4 cf/have-struct-field.m4 cf/have-type.m4 cf/have-types.m4 cf/irix.m4 cf/krb-bigendian.m4 cf/krb-func-getcwd-broken.m4 cf/krb-func-getlogin.m4 cf/krb-ipv6.m4 cf/krb-prog-ln-s.m4 cf/krb-prog-ranlib.m4 cf/krb-prog-yacc.m4 cf/krb-readline.m4 cf/krb-struct-spwd.m4 cf/krb-struct-winsize.m4 cf/krb-sys-aix.m4 cf/krb-sys-nextstep.m4 cf/krb-version.m4 cf/mips-abi.m4 cf/misc.m4 cf/need-proto.m4 cf/osfc2.m4 cf/otp.m4 cf/proto-compat.m4 cf/retsigtype.m4 cf/roken-frag.m4 cf/roken.m4 cf/sunos.m4 cf/telnet.m4 cf/test-package.m4 cf/wflags.m4 cf/with-all.m4 cd $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS) mostlyclean-libtool: @@ -507,7 +508,9 @@ info: info-recursive info-am: -install-data-am: install-data-local +install-data-am: + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: @$(NORMAL_INSTALL) @@ -537,15 +540,14 @@ uninstall-info: uninstall-info-recursive distclean-libtool distclean-recursive distclean-tags \ distcleancheck distdir dvi dvi-am dvi-recursive info info-am \ info-recursive install install-am install-data install-data-am \ - install-data-local install-data-recursive install-exec \ - install-exec-am install-exec-recursive install-info \ - install-info-am install-info-recursive install-man \ - install-recursive install-strip installcheck installcheck-am \ - installdirs installdirs-am installdirs-recursive \ - maintainer-clean maintainer-clean-generic \ - maintainer-clean-recursive mostlyclean mostlyclean-generic \ - mostlyclean-libtool mostlyclean-recursive tags tags-recursive \ - uninstall uninstall-am uninstall-info-am \ + install-data-recursive install-exec install-exec-am \ + install-exec-recursive install-info install-info-am \ + install-info-recursive install-man install-recursive \ + install-strip installcheck installcheck-am installdirs \ + installdirs-am installdirs-recursive maintainer-clean \ + maintainer-clean-generic maintainer-clean-recursive mostlyclean \ + mostlyclean-generic mostlyclean-libtool mostlyclean-recursive \ + tags tags-recursive uninstall uninstall-am uninstall-info-am \ uninstall-info-recursive uninstall-recursive @@ -672,7 +674,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/NEWS b/crypto/heimdal/NEWS index 79d5cdc..7375207 100644 --- a/crypto/heimdal/NEWS +++ b/crypto/heimdal/NEWS @@ -1,3 +1,25 @@ +Changes in release 0.6 + +* The DES3 GSS-API mechanism has been changed to inter-operate with + other GSSAPI implementations. See man page for gssapi(3) how to turn + on generation of correct MIC messages. Next major release of heimdal + will generate correct MIC by default. + +* More complete GSS-API support + +* Better AFS support: kdc (524) supports 2b; 524 in kdc and AFS + support in applications no longer requires Kerberos 4 libs + +* Kerberos 4 support in kdc defaults to turned off (includes ka and 524) + +* other bug fixes + +Changes in release 0.5.2 + + * kdc: add option for disabling v4 cross-realm (defaults to off) + + * bug fixes + Changes in release 0.5.1 * kadmind: fix remote exploit diff --git a/crypto/heimdal/aclocal.m4 b/crypto/heimdal/aclocal.m4 index e672474..8741577 100644 --- a/crypto/heimdal/aclocal.m4 +++ b/crypto/heimdal/aclocal.m4 @@ -853,6 +853,43 @@ AC_CONFIG_COMMANDS_PRE( Usually this means the macro was only invoked conditionally.]) fi])]) +# Add --enable-maintainer-mode option to configure. +# From Jim Meyering + +# Copyright 1996, 1998, 2000, 2001 Free Software Foundation, Inc. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA +# 02111-1307, USA. + +# serial 1 + +AC_DEFUN([AM_MAINTAINER_MODE], +[AC_MSG_CHECKING([whether to enable maintainer-specific portions of Makefiles]) + dnl maintainer-mode is disabled by default + AC_ARG_ENABLE(maintainer-mode, +[ --enable-maintainer-mode enable make rules and dependencies not useful + (and sometimes confusing) to the casual installer], + USE_MAINTAINER_MODE=$enableval, + USE_MAINTAINER_MODE=no) + AC_MSG_RESULT([$USE_MAINTAINER_MODE]) + AM_CONDITIONAL(MAINTAINER_MODE, [test $USE_MAINTAINER_MODE = yes]) + MAINT=$MAINTAINER_MODE_TRUE + AC_SUBST(MAINT)dnl +] +) + # Copyright 1998, 1999, 2000, 2001, 2002 Free Software Foundation, Inc. @@ -4759,7 +4796,7 @@ esac AC_SUBST(LIB_$1) ]) -dnl $Id: crypto.m4,v 1.13 2002/09/10 19:55:48 joda Exp $ +dnl $Id: crypto.m4,v 1.16.2.1 2003/05/05 20:08:32 joda Exp $ dnl dnl test for crypto libraries: dnl - libcrypto (from openssl) @@ -4772,8 +4809,10 @@ m4_define([test_headers], [ #include <openssl/md4.h> #include <openssl/md5.h> #include <openssl/sha.h> + #define OPENSSL_DES_LIBDES_COMPATIBILITY #include <openssl/des.h> #include <openssl/rc4.h> + #include <openssl/rand.h> #else #include <md4.h> #include <md5.h> @@ -4805,6 +4844,9 @@ m4_define([test_body], [ MD4_Init(&md4); MD5_Init(&md5); SHA1_Init(&sha1); + #ifdef HAVE_OPENSSL + RAND_status(); + #endif des_cbc_encrypt(0, 0, 0, schedule, 0, 0); RC4(0, 0, 0, 0);]) @@ -4836,23 +4878,31 @@ if test "$crypto_lib" = "unknown" -a "$with_krb4" != "no"; then ires= for i in $INCLUDE_krb4; do CFLAGS="-DHAVE_OPENSSL $i $save_CFLAGS" - AC_TRY_COMPILE(test_headers, test_body, - openssl=yes ires="$i"; break) + for j in $cdirs; do + for k in $clibs; do + LIBS="$j $k $save_LIBS" + AC_TRY_LINK(test_headers, test_body, + openssl=yes ires="$i" lres="$j $k"; break 3) + done + done CFLAGS="$i $save_CFLAGS" - AC_TRY_COMPILE(test_headers, test_body, - openssl=no ires="$i"; break) - CFLAGS="-DOLD_HASH_NAMES $i $save_CFLAGS" - AC_TRY_COMPILE(test_headers, test_body, - openssl=no ires="$i" old_hash=yes; break) - done - lres= - for i in $cdirs; do - for j in $clibs; do - LIBS="$i $j $save_LIBS" - AC_TRY_LINK(test_headers, test_body, - lres="$i $j"; break 2) + for j in $cdirs; do + for k in $clibs; do + LIBS="$j $k $save_LIBS" + AC_TRY_LINK(test_headers, test_body, + openssl=no ires="$i" lres="$j $k"; break 3) + done + done + CFLAGS="-DHAVE_OLD_HASH_NAMES $i $save_CFLAGS" + for j in $cdirs; do + for k in $clibs; do + LIBS="$j $k $save_LIBS" + AC_TRY_LINK(test_headers, test_body, + openssl=no ires="$i" lres="$j $k"; break 3) + done done done + CFLAGS="$save_CFLAGS" LIBS="$save_LIBS" if test "$ires" -a "$lres"; then @@ -4872,21 +4922,27 @@ if test "$crypto_lib" = "unknown" -a "$with_openssl" != "no"; then INCLUDE_des= LIB_des= if test "$with_openssl_include" != ""; then - INCLUDE_des="-I${with_openssl}/include" + INCLUDE_des="-I${with_openssl_include}" fi if test "$with_openssl_lib" != ""; then - LIB_des="-L${with_openssl}/lib" + LIB_des="-L${with_openssl_lib}" fi CFLAGS="-DHAVE_OPENSSL ${INCLUDE_des} ${CFLAGS}" - LIB_des="${LIB_des} -lcrypto" - LIB_des_a="$LIB_des" - LIB_des_so="$LIB_des" - LIB_des_appl="$LIB_des" - LIBS="${LIBS} ${LIB_des}" - AC_TRY_LINK(test_headers, test_body, [ - crypto_lib=libcrypto openssl=yes - AC_MSG_RESULT([libcrypto]) - ]) + saved_LIB_des="$LIB_des" + for lres in "" "-lnsl -lsocket"; do + LIB_des="${saved_LIB_des} -lcrypto $lres" + LIB_des_a="$LIB_des" + LIB_des_so="$LIB_des" + LIB_des_appl="$LIB_des" + LIBS="${LIBS} ${LIB_des}" + AC_TRY_LINK(test_headers, test_body, [ + crypto_lib=libcrypto openssl=yes + AC_MSG_RESULT([libcrypto]) + ]) + if test "$crypto_lib" = libcrypto ; then + break; + fi + done CFLAGS="$save_CFLAGS" LIBS="$save_LIBS" fi @@ -5171,7 +5227,7 @@ AC_SUBST(DBLIB)dnl AC_SUBST(LIB_NDBM)dnl ]) -dnl $Id: roken-frag.m4,v 1.44 2002/09/04 20:57:30 joda Exp $ +dnl $Id: roken-frag.m4,v 1.45 2002/12/18 17:34:25 joda Exp $ dnl dnl some code to get roken working dnl @@ -5316,7 +5372,7 @@ AC_FIND_FUNC(res_nsearch, resolv, #include <resolv.h> #endif ], -[0,0,0,0,0]) +[0,0,0,0,0,0]) AC_FIND_FUNC(dn_expand, resolv, [ @@ -6054,16 +6110,23 @@ sin6.sin6_addr = in6addr_loopback; fi fi ]) -dnl $Id: check-var.m4,v 1.6 2001/08/21 12:00:16 joda Exp $ +dnl $Id: check-var.m4,v 1.7 2003/02/17 00:44:57 lha Exp $ dnl dnl rk_CHECK_VAR(variable, includes) AC_DEFUN([rk_CHECK_VAR], [ AC_MSG_CHECKING(for $1) AC_CACHE_VAL(ac_cv_var_$1, [ +m4_ifval([$2],[ + AC_TRY_LINK([$2 + void * foo() { return &$1; }], + [foo()], + ac_cv_var_$1=yes, ac_cv_var_$1=no)]) +if test "$ac_cv_var_$1" != yes ; then AC_TRY_LINK([extern int $1; int foo() { return $1; }], [foo()], ac_cv_var_$1=yes, ac_cv_var_$1=no) +fi ]) ac_foo=`eval echo \\$ac_cv_var_$1` AC_MSG_RESULT($ac_foo) @@ -6076,6 +6139,7 @@ fi AC_WARNING_ENABLE([obsolete]) AU_DEFUN([AC_CHECK_VAR], [rk_CHECK_VAR([$2], [$1])], [foo]) + dnl $Id: check-declaration.m4,v 1.3 1999/03/01 13:03:08 joda Exp $ dnl dnl @@ -6719,7 +6783,7 @@ AH_BOTTOM([ ]) dnl -dnl $Id: sunos.m4,v 1.1.4.1 2002/10/21 14:29:36 joda Exp $ +dnl $Id: sunos.m4,v 1.2 2002/10/16 14:42:13 joda Exp $ dnl AC_DEFUN([rk_SUNOS],[ @@ -7037,7 +7101,7 @@ AH_BOTTOM([ ]) ]) -dnl $Id: check-compile-et.m4,v 1.6 2001/09/02 17:08:48 assar Exp $ +dnl $Id: check-compile-et.m4,v 1.7 2003/03/12 16:48:52 lha Exp $ dnl dnl CHECK_COMPILE_ET AC_DEFUN([CHECK_COMPILE_ET], [ @@ -7045,6 +7109,7 @@ AC_DEFUN([CHECK_COMPILE_ET], [ AC_CHECK_PROG(COMPILE_ET, compile_et, [compile_et]) krb_cv_compile_et="no" +krb_cv_com_err_need_r="" if test "${COMPILE_ET}" = "compile_et"; then dnl We have compile_et. Now let's see if it supports `prefix' and `index'. @@ -7073,6 +7138,20 @@ int main(){return (CONFTEST_CODE2 - CONFTEST_CODE1) != 127;} ], [krb_cv_compile_et="yes"],[CPPFLAGS="${save_CPPFLAGS}"]) fi AC_MSG_RESULT(${krb_cv_compile_et}) +if test "${krb_cv_compile_et}" = "yes"; then + AC_MSG_CHECKING(for if com_err needs to have a initialize_error_table_r) + save2_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS" + AC_EGREP_CPP(initialize_error_table_r,[#include "conftest_et.c"], + [krb_cv_com_err_need_r="initialize_error_table_r(0,0,0,0);" + CPPFLAGS="$save2_CPPFLAGS"], + [CPPFLAGS="${save_CPPFLAGS}"]) + if test X"$krb_cv_com_err_need_r" = X ; then + AC_MSG_RESULT(no) + else + AC_MSG_RESULT(yes) + fi +fi rm -fr conftest* fi @@ -7084,6 +7163,7 @@ if test "${krb_cv_compile_et}" = "yes"; then AC_TRY_LINK([#include <com_err.h>],[ const char *p; p = error_message(0); + $krb_cv_com_err_need_r ],[krb_cv_com_err="yes"],[krb_cv_com_err="no"; CPPFLAGS="${save_CPPFLAGS}"]) AC_MSG_RESULT(${krb_cv_com_err}) LIBS="${krb_cv_save_LIBS}" diff --git a/crypto/heimdal/admin/Makefile.in b/crypto/heimdal/admin/Makefile.in index 87497ab..1a245ad 100644 --- a/crypto/heimdal/admin/Makefile.in +++ b/crypto/heimdal/admin/Makefile.in @@ -18,7 +18,7 @@ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -268,10 +269,10 @@ all: all-am .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign admin/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) sbinPROGRAMS_INSTALL = $(INSTALL_PROGRAM) install-sbinPROGRAMS: $(sbin_PROGRAMS) @@ -481,7 +482,9 @@ info: info-am info-am: -install-data-am: install-data-local install-man +install-data-am: install-man + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: install-sbinPROGRAMS @$(NORMAL_INSTALL) @@ -510,10 +513,10 @@ uninstall-man: uninstall-man8 clean-generic clean-libtool clean-sbinPROGRAMS distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am info info-am install \ - install-am install-data install-data-am install-data-local \ - install-exec install-exec-am install-info install-info-am \ - install-man install-man8 install-sbinPROGRAMS install-strip \ - installcheck installcheck-am installdirs maintainer-clean \ + install-am install-data install-data-am install-exec \ + install-exec-am install-info install-info-am install-man \ + install-man8 install-sbinPROGRAMS install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool tags uninstall \ uninstall-am uninstall-info-am uninstall-man uninstall-man8 \ @@ -643,7 +646,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/admin/change.c b/crypto/heimdal/admin/change.c index 15c15de..f790da3 100644 --- a/crypto/heimdal/admin/change.c +++ b/crypto/heimdal/admin/change.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,11 +33,11 @@ #include "ktutil_locl.h" -RCSID("$Id: change.c,v 1.4 2001/07/23 09:46:40 joda Exp $"); +RCSID("$Id: change.c,v 1.5 2003/04/01 15:04:49 lha Exp $"); static void change_entry (krb5_context context, krb5_keytab keytab, - krb5_keytab_entry *entry, + krb5_principal principal, krb5_kvno kvno, const char *realm, const char *admin_server, int server_port) { krb5_error_code ret; @@ -48,7 +48,7 @@ change_entry (krb5_context context, krb5_keytab keytab, int num_keys; int i; - ret = krb5_unparse_name (context, entry->principal, &client_name); + ret = krb5_unparse_name (context, principal, &client_name); if (ret) { krb5_warn (context, ret, "krb5_unparse_name"); return; @@ -59,7 +59,7 @@ change_entry (krb5_context context, krb5_keytab keytab, if(realm) conf.realm = (char *)realm; else - conf.realm = *krb5_princ_realm (context, entry->principal); + conf.realm = *krb5_princ_realm (context, principal); conf.mask |= KADM5_CONFIG_REALM; if (admin_server) { @@ -83,8 +83,7 @@ change_entry (krb5_context context, krb5_keytab keytab, krb5_warn (context, ret, "kadm5_c_init_with_skey_ctx"); return; } - ret = kadm5_randkey_principal (kadm_handle, entry->principal, - &keys, &num_keys); + ret = kadm5_randkey_principal (kadm_handle, principal, &keys, &num_keys); kadm5_destroy (kadm_handle); if (ret) { krb5_warn(context, ret, "kadm5_randkey_principal"); @@ -93,9 +92,9 @@ change_entry (krb5_context context, krb5_keytab keytab, for (i = 0; i < num_keys; ++i) { krb5_keytab_entry new_entry; - new_entry = *entry; + new_entry.principal = principal; new_entry.timestamp = time (NULL); - ++new_entry.vno; + new_entry.vno = kvno + 1; new_entry.keyblock = keys[i]; ret = krb5_kt_add_entry (context, keytab, &new_entry); @@ -110,6 +109,11 @@ change_entry (krb5_context context, krb5_keytab keytab, * their keys, writing the new keys */ +struct change_set { + krb5_principal principal; + krb5_kvno kvno; +}; + int kt_change (int argc, char **argv) { @@ -122,8 +126,8 @@ kt_change (int argc, char **argv) int server_port = 0; int help_flag = 0; int optind = 0; - int j, max; - krb5_principal *princs; + int i, j, max; + struct change_set *changeset; struct getargs args[] = { { "realm", 'r', arg_string, NULL, @@ -154,12 +158,8 @@ kt_change (int argc, char **argv) return 1; j = 0; - max = 10; - princs = malloc (max * sizeof(*princs)); - if (princs == NULL) { - krb5_warnx (context, "malloc: out of memory"); - goto out; - } + max = 0; + changeset = NULL; ret = krb5_kt_start_seq_get(context, keytab, &cursor); if(ret){ @@ -168,20 +168,21 @@ kt_change (int argc, char **argv) } while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0) { - int i; - int done = 0; + int add = 0; - for (i = 0; i < j; ++i) - if (krb5_principal_compare (context, princs[i], - entry.principal)) + for (i = 0; i < j; ++i) { + if (krb5_principal_compare (context, changeset[i].principal, + entry.principal)) { + if (changeset[i].kvno < entry.vno) + changeset[i].kvno = entry.vno; break; + } + } if (i < j) continue; if (optind == argc) { - change_entry (context, keytab, &entry, realm, admin_server, - server_port); - done = 1; + add = 1; } else { for (i = optind; i < argc; ++i) { krb5_principal princ; @@ -191,40 +192,64 @@ kt_change (int argc, char **argv) krb5_warn (context, ret, "krb5_parse_name %s", argv[i]); continue; } - if (krb5_principal_compare (context, princ, entry.principal)) { - change_entry (context, keytab, &entry, - realm, admin_server, server_port); - done = 1; - } + if (krb5_principal_compare (context, princ, entry.principal)) + add = 1; + krb5_free_principal (context, princ); } } - if (done) { + + if (add) { if (j >= max) { void *tmp; - max *= 2; - tmp = realloc (princs, max * sizeof(*princs)); + max = max(max * 2, 1); + tmp = realloc (changeset, max * sizeof(*changeset)); if (tmp == NULL) { krb5_kt_free_entry (context, &entry); krb5_warnx (context, "realloc: out of memory"); + ret = ENOMEM; break; } - princs = tmp; + changeset = tmp; } - ret = krb5_copy_principal (context, entry.principal, &princs[j]); + ret = krb5_copy_principal (context, entry.principal, + &changeset[j].principal); if (ret) { krb5_warn (context, ret, "krb5_copy_principal"); krb5_kt_free_entry (context, &entry); break; } + changeset[j].kvno = entry.vno; ++j; } krb5_kt_free_entry (context, &entry); } - while (j-- > 0) - krb5_free_principal (context, princs[j]); - free (princs); + + if (ret == KRB5_KT_END) { + for (i = 0; i < j; i++) { + if (verbose_flag) { + char *client_name; + + ret = krb5_unparse_name (context, changeset[i].principal, + &client_name); + if (ret) { + krb5_warn (context, ret, "krb5_unparse_name"); + } else { + printf("Changing %s kvno %d\n", + client_name, changeset[i].kvno); + free(client_name); + } + } + change_entry (context, keytab, + changeset[i].principal, changeset[i].kvno, + realm, admin_server, server_port); + } + } + for (i = 0; i < j; i++) + krb5_free_principal (context, changeset[i].principal); + free (changeset); + ret = krb5_kt_end_seq_get(context, keytab, &cursor); out: krb5_kt_close(context, keytab); diff --git a/crypto/heimdal/admin/copy.c b/crypto/heimdal/admin/copy.c index 3bb45d4..18b9d6e 100644 --- a/crypto/heimdal/admin/copy.c +++ b/crypto/heimdal/admin/copy.c @@ -33,7 +33,7 @@ #include "ktutil_locl.h" -RCSID("$Id: copy.c,v 1.8 2002/08/12 15:09:12 joda Exp $"); +RCSID("$Id: copy.c,v 1.9 2003/01/16 18:59:03 lha Exp $"); static krb5_boolean @@ -144,7 +144,6 @@ kt_copy (int argc, char **argv) int i = 0; args[i++].value = &help_flag; - args[i++].value = &verbose_flag; if(getarg(args, num_args, argc, argv, &optind)) { arg_printusage(args, num_args, "ktutil copy", diff --git a/crypto/heimdal/admin/get.c b/crypto/heimdal/admin/get.c index c411326..a9dfeec 100644 --- a/crypto/heimdal/admin/get.c +++ b/crypto/heimdal/admin/get.c @@ -33,7 +33,7 @@ #include "ktutil_locl.h" -RCSID("$Id: get.c,v 1.21 2001/10/29 12:53:52 nectar Exp $"); +RCSID("$Id: get.c,v 1.22 2003/01/16 19:03:23 lha Exp $"); static void* open_kadmin_connection(char *principal, @@ -89,7 +89,6 @@ kt_get(int argc, char **argv) int server_port = 0; int help_flag = 0; int optind = 0; - int i, j; struct getarg_strings etype_strs = {0, NULL}; krb5_enctype *etypes = NULL; size_t netypes = 0; @@ -111,13 +110,14 @@ kt_get(int argc, char **argv) }, { "help", 'h', arg_flag, NULL } }; + int i = 0, j; - args[0].value = &principal; - args[1].value = &etype_strs; - args[2].value = &realm; - args[3].value = &admin_server; - args[4].value = &server_port; - args[5].value = &help_flag; + args[i++].value = &principal; + args[i++].value = &etype_strs; + args[i++].value = &realm; + args[i++].value = &admin_server; + args[i++].value = &server_port; + args[i++].value = &help_flag; if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind) || help_flag) { diff --git a/crypto/heimdal/admin/ktutil.8 b/crypto/heimdal/admin/ktutil.8 index ecaa61c..f75a953 100644 --- a/crypto/heimdal/admin/ktutil.8 +++ b/crypto/heimdal/admin/ktutil.8 @@ -1,4 +1,35 @@ -.\" $Id: ktutil.8,v 1.15 2002/08/20 17:07:00 joda Exp $ +.\" Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: ktutil.8,v 1.19 2003/04/08 20:55:10 lha Exp $ .\" .Dd December 16, 2000 .Dt KTUTIL 8 @@ -20,6 +51,15 @@ .Sh DESCRIPTION .Nm is a program for managing keytabs. +Supported options: +.Bl -tag -width Ds +.It Xo +.Fl v , +.Fl -verbose +.Xc +Verbose output. +.El +.Pp .Ar command can be one of the following: .Bl -tag -width srvconvert @@ -28,7 +68,7 @@ can be one of the following: .Op Fl -principal= Ns Ar principal .Op Fl V Ar kvno .Op Fl -kvno= Ns Ar kvno -.Op Fl e Ar encype +.Op Fl e Ar enctype .Op Fl -enctype= Ns Ar enctype .Op Fl w Ar password .Op Fl -password= Ns Ar password @@ -52,7 +92,7 @@ command, which talks to the kadmin server. .Op Fl -server-port= Ns Ar port .Xc Update one or several keys to new versions. By default, use the admin -server for the realm of an keytab entry. Otherwise it will use the +server for the realm of a keytab entry. Otherwise it will use the values specified by the options. .Pp If no principals are given, all the ones in the keytab are updated. @@ -101,7 +141,7 @@ List the keys stored in the keytab. .Xc Removes the specified key or keys. Not specifying a .Ar kvno -removes keys with any version number. Not specifying a +removes keys with any version number. Not specifying an .Ar enctype removes keys of any type. .It rename Xo diff --git a/crypto/heimdal/appl/Makefile.in b/crypto/heimdal/appl/Makefile.in index ba2d1a3..e56fd84 100644 --- a/crypto/heimdal/appl/Makefile.in +++ b/crypto/heimdal/appl/Makefile.in @@ -18,7 +18,7 @@ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -247,10 +248,10 @@ all: all-recursive .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign appl/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) mostlyclean-libtool: @@ -448,7 +449,9 @@ info: info-recursive info-am: -install-data-am: install-data-local +install-data-am: + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: @$(NORMAL_INSTALL) @@ -477,15 +480,15 @@ uninstall-info: uninstall-info-recursive distclean distclean-generic distclean-libtool \ distclean-recursive distclean-tags distdir dvi dvi-am \ dvi-recursive info info-am info-recursive install install-am \ - install-data install-data-am install-data-local \ - install-data-recursive install-exec install-exec-am \ - install-exec-recursive install-info install-info-am \ - install-info-recursive install-man install-recursive \ - install-strip installcheck installcheck-am installdirs \ - installdirs-am installdirs-recursive maintainer-clean \ - maintainer-clean-generic maintainer-clean-recursive mostlyclean \ - mostlyclean-generic mostlyclean-libtool mostlyclean-recursive \ - tags tags-recursive uninstall uninstall-am uninstall-info-am \ + install-data install-data-am install-data-recursive \ + install-exec install-exec-am install-exec-recursive \ + install-info install-info-am install-info-recursive install-man \ + install-recursive install-strip installcheck installcheck-am \ + installdirs installdirs-am installdirs-recursive \ + maintainer-clean maintainer-clean-generic \ + maintainer-clean-recursive mostlyclean mostlyclean-generic \ + mostlyclean-libtool mostlyclean-recursive tags tags-recursive \ + uninstall uninstall-am uninstall-info-am \ uninstall-info-recursive uninstall-recursive @@ -612,7 +615,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/appl/afsutil/ChangeLog b/crypto/heimdal/appl/afsutil/ChangeLog index de94c52..a74403b 100644 --- a/crypto/heimdal/appl/afsutil/ChangeLog +++ b/crypto/heimdal/appl/afsutil/ChangeLog @@ -1,3 +1,36 @@ +2003-04-23 Love Hörnquist Åstrand <lha@it.su.se> + + * afslog.c: 1.21->1.22: (log_func): drop the error number + +2003-04-14 Love Hörnquist Åstrand <lha@it.su.se> + + * afslog.c: set kafs log function if verbose is turned on + +2003-03-18 Love Hörnquist Åstrand <lha@it.su.se> + + * Makefile.am (LDADD): use LIB_kafs + + * afslog.1: --no-v4, --no-v5 + + * Makefile.am: always build afsutils now + + * afslog.c: make build without KRB4 + +2002-11-26 Johan Danielsson <joda@pdc.kth.se> + + * afslog.c: remove plural form in help string + + * Makefile.am: add afslog manpage + + * afslog.1: manpage + + * afslog.c: try more files when trying to expand a cell name + + * afslog.c: create a list of cells to get tokens for, before + actually doing anything, and try to get tokens via krb4 if krb5 + fails, and give it a chance to work with krb4-only; also some bug + fixes, partially from Tomas Olsson. + 2002-08-23 Assar Westerlund <assar@kth.se> * pagsh.c: make it handle --version/--help diff --git a/crypto/heimdal/appl/afsutil/Makefile.am b/crypto/heimdal/appl/afsutil/Makefile.am index 8b0ca8c..0e6c4eb 100644 --- a/crypto/heimdal/appl/afsutil/Makefile.am +++ b/crypto/heimdal/appl/afsutil/Makefile.am @@ -1,18 +1,17 @@ -# $Id: Makefile.am,v 1.12 2000/11/15 22:51:07 assar Exp $ +# $Id: Makefile.am,v 1.15 2003/03/18 13:13:06 lha Exp $ include $(top_srcdir)/Makefile.am.common INCLUDES += $(INCLUDE_krb4) -if KRB4 -AFSPROGS = afslog pagsh -endif -bin_PROGRAMS = $(AFSPROGS) +bin_PROGRAMS = afslog pagsh afslog_SOURCES = afslog.c pagsh_SOURCES = pagsh.c +man_MANS = afslog.1 + LDADD = $(LIB_kafs) \ $(LIB_krb4) \ $(top_builddir)/lib/krb5/libkrb5.la \ diff --git a/crypto/heimdal/appl/afsutil/Makefile.in b/crypto/heimdal/appl/afsutil/Makefile.in index 2e57083..848a42d 100644 --- a/crypto/heimdal/appl/afsutil/Makefile.in +++ b/crypto/heimdal/appl/afsutil/Makefile.in @@ -14,11 +14,11 @@ @SET_MAKE@ -# $Id: Makefile.am,v 1.12 2000/11/15 22:51:07 assar Exp $ +# $Id: Makefile.am,v 1.15 2003/03/18 13:13:06 lha Exp $ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -201,13 +202,14 @@ NROFF_MAN = groff -mandoc -Tascii @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la -@KRB4_TRUE@AFSPROGS = afslog pagsh -bin_PROGRAMS = $(AFSPROGS) +bin_PROGRAMS = afslog pagsh afslog_SOURCES = afslog.c pagsh_SOURCES = pagsh.c +man_MANS = afslog.1 + LDADD = $(LIB_kafs) \ $(LIB_krb4) \ $(top_builddir)/lib/krb5/libkrb5.la \ @@ -219,27 +221,22 @@ subdir = appl/afsutil mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs CONFIG_HEADER = $(top_builddir)/include/config.h CONFIG_CLEAN_FILES = -@KRB4_TRUE@bin_PROGRAMS = afslog$(EXEEXT) pagsh$(EXEEXT) -@KRB4_FALSE@bin_PROGRAMS = +bin_PROGRAMS = afslog$(EXEEXT) pagsh$(EXEEXT) PROGRAMS = $(bin_PROGRAMS) am_afslog_OBJECTS = afslog.$(OBJEXT) afslog_OBJECTS = $(am_afslog_OBJECTS) afslog_LDADD = $(LDADD) -@KRB4_TRUE@afslog_DEPENDENCIES = $(top_builddir)/lib/kafs/libkafs.la \ -@KRB4_TRUE@ $(top_builddir)/lib/krb5/libkrb5.la \ -@KRB4_TRUE@ $(top_builddir)/lib/asn1/libasn1.la -@KRB4_FALSE@afslog_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \ -@KRB4_FALSE@ $(top_builddir)/lib/asn1/libasn1.la +afslog_DEPENDENCIES = $(top_builddir)/lib/kafs/libkafs.la \ + $(top_builddir)/lib/krb5/libkrb5.la \ + $(top_builddir)/lib/asn1/libasn1.la afslog_LDFLAGS = am_pagsh_OBJECTS = pagsh.$(OBJEXT) pagsh_OBJECTS = $(am_pagsh_OBJECTS) pagsh_LDADD = $(LDADD) -@KRB4_TRUE@pagsh_DEPENDENCIES = $(top_builddir)/lib/kafs/libkafs.la \ -@KRB4_TRUE@ $(top_builddir)/lib/krb5/libkrb5.la \ -@KRB4_TRUE@ $(top_builddir)/lib/asn1/libasn1.la -@KRB4_FALSE@pagsh_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \ -@KRB4_FALSE@ $(top_builddir)/lib/asn1/libasn1.la +pagsh_DEPENDENCIES = $(top_builddir)/lib/kafs/libkafs.la \ + $(top_builddir)/lib/krb5/libkrb5.la \ + $(top_builddir)/lib/asn1/libasn1.la pagsh_LDFLAGS = DEFS = @DEFS@ @@ -258,6 +255,7 @@ LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(AM_LDFLAGS) $(LDFLAGS) -o $@ CFLAGS = @CFLAGS@ DIST_SOURCES = $(afslog_SOURCES) $(pagsh_SOURCES) +MANS = $(man_MANS) DIST_COMMON = ChangeLog Makefile.am Makefile.in SOURCES = $(afslog_SOURCES) $(pagsh_SOURCES) @@ -265,10 +263,10 @@ all: all-am .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign appl/afsutil/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) binPROGRAMS_INSTALL = $(INSTALL_PROGRAM) install-binPROGRAMS: $(bin_PROGRAMS) @@ -329,6 +327,45 @@ distclean-libtool: -rm -f libtool uninstall-info-am: +man1dir = $(mandir)/man1 +install-man1: $(man1_MANS) $(man_MANS) + @$(NORMAL_INSTALL) + $(mkinstalldirs) $(DESTDIR)$(man1dir) + @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \ + l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ + for i in $$l2; do \ + case "$$i" in \ + *.1*) list="$$list $$i" ;; \ + esac; \ + done; \ + for i in $$list; do \ + if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ + else file=$$i; fi; \ + ext=`echo $$i | sed -e 's/^.*\\.//'`; \ + inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ + inst=`echo $$inst | sed -e 's/^.*\///'`; \ + inst=`echo $$inst | sed '$(transform)'`.$$ext; \ + echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst"; \ + $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst; \ + done +uninstall-man1: + @$(NORMAL_UNINSTALL) + @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \ + l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ + for i in $$l2; do \ + case "$$i" in \ + *.1*) list="$$list $$i" ;; \ + esac; \ + done; \ + for i in $$list; do \ + ext=`echo $$i | sed -e 's/^.*\\.//'`; \ + inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ + inst=`echo $$inst | sed -e 's/^.*\///'`; \ + inst=`echo $$inst | sed '$(transform)'`.$$ext; \ + echo " rm -f $(DESTDIR)$(man1dir)/$$inst"; \ + rm -f $(DESTDIR)$(man1dir)/$$inst; \ + done + ETAGS = etags ETAGSFLAGS = @@ -396,10 +433,10 @@ distdir: $(DISTFILES) check-am: all-am $(MAKE) $(AM_MAKEFLAGS) check-local check: check-am -all-am: Makefile $(PROGRAMS) all-local +all-am: Makefile $(PROGRAMS) $(MANS) all-local installdirs: - $(mkinstalldirs) $(DESTDIR)$(bindir) + $(mkinstalldirs) $(DESTDIR)$(bindir) $(DESTDIR)$(man1dir) install: install-am install-exec: install-exec-am @@ -442,7 +479,9 @@ info: info-am info-am: -install-data-am: install-data-local +install-data-am: install-man + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: install-binPROGRAMS @$(NORMAL_INSTALL) @@ -450,7 +489,7 @@ install-exec-am: install-binPROGRAMS install-info: install-info-am -install-man: +install-man: install-man1 installcheck-am: @@ -463,19 +502,22 @@ mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool -uninstall-am: uninstall-binPROGRAMS uninstall-info-am +uninstall-am: uninstall-binPROGRAMS uninstall-info-am uninstall-man + +uninstall-man: uninstall-man1 .PHONY: GTAGS all all-am all-local check check-am check-local clean \ clean-binPROGRAMS clean-generic clean-libtool distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am info info-am install \ install-am install-binPROGRAMS install-data install-data-am \ - install-data-local install-exec install-exec-am install-info \ - install-info-am install-man install-strip installcheck \ + install-exec install-exec-am install-info install-info-am \ + install-man install-man1 install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool tags uninstall \ - uninstall-am uninstall-binPROGRAMS uninstall-info-am + uninstall-am uninstall-binPROGRAMS uninstall-info-am \ + uninstall-man uninstall-man1 install-suid-programs: @@ -601,7 +643,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/appl/afsutil/afslog.1 b/crypto/heimdal/appl/afsutil/afslog.1 new file mode 100644 index 0000000..c0bfaac --- /dev/null +++ b/crypto/heimdal/appl/afsutil/afslog.1 @@ -0,0 +1,137 @@ +.\" Copyright (c) 2002 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: afslog.1,v 1.3 2003/03/18 04:29:34 lha Exp $ +.\" +.Dd November 26, 2002 +.Dt AFSLOG 1 +.Os HEIMDAL +.Sh NAME +.Nm afslog +.Nd +obtain AFS tokens +.Sh SYNOPSIS +.Nm +.Oo Fl c Ar cell \*(Ba Xo +.Fl -cell= Ns Ar cell +.Xc +.Oc +.Oo Fl p Ar path \*(Ba Xo +.Fl -file= Ns Ar path +.Xc +.Oc +.Oo Fl k Ar realm \*(Ba Xo +.Fl -realm= Ns Ar realm +.Xc +.Oc +.Op Fl -no-v4 +.Op Fl -no-v5 +.Op Fl u | Fl -unlog +.Op Fl v | Fl -verbose +.Op Fl -version +.Op Fl h | Fl -help +.Op Ar cell | path ... +.Sh DESCRIPTION +.Nm +obtains AFS tokens for a number of cells. What cells to get tokens for +can either be specified as an explicit list, as file paths to get +tokens for, or be left unspecified, in which case +.Nm +will use whatever magic +.Xr krb_afslog 3 +decides upon. +.Pp +Supported options: +.Bl -tag -width Ds +.It Xo +.Fl c Ar cell, +.Fl -cell= Ns Ar cell +.Xc +This specified one or more cell names to get tokens for. +.It Xo +.Fl p Ar path , +.Fl -file= Ns Ar path +.Xc +This specified one or more file paths for which tokens should be +obtained. +.It Xo +.Fl k Ar realm , +.Fl -realm= Ns Ar realm +.Xc +This is the Kerberos realm the AFS servers live in, this should +normally not be specified. +.It Fl -no-v4 +This makes +.Nm +not try using Kerberos 4. +.It Fl -no-v5 +This makes +.Nm +not try using Kerberos 5. +.It Xo +.Fl u , +.Fl -unlog +.Xc +Destroy tokens instead of obtaining new. If this is specified, all +other options are ignored (except for +.Fl -help +and +.Fl -version ) . +.It Xo +.Fl v , +.Fl -verbose +.Xc +Adds more verbosity for what is actually going on. +.El +Instead of using +.Fl c +and +.Fl p , +you may also pass a list of cells and file paths after any other +options. These arguments are considered files if they are either +the strings +.Do . Dc +or +.Dq .. +or they contain a slash, or if there exists a file by that name. +.Sh EXAMPLES +Assuming that there is no file called +.Dq openafs.org +in the current directory, and that +.Pa /afs/openafs.org +points to that cell, the follwing should be identical: +.Bd -literal -offset indent +$ afslog -c openafs.org +$ afslog openafs.org +$ afslog /afs/openafs.org/some/file +.Ed +.Sh SEE ALSO +.Xr krb_afslog 3 diff --git a/crypto/heimdal/appl/afsutil/afslog.c b/crypto/heimdal/appl/afsutil/afslog.c index 5451b22..fd104df 100644 --- a/crypto/heimdal/appl/afsutil/afslog.c +++ b/crypto/heimdal/appl/afsutil/afslog.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,10 +33,15 @@ #ifdef HAVE_CONFIG_H #include <config.h> -RCSID("$Id: afslog.c,v 1.16 2001/05/16 22:10:15 assar Exp $"); +RCSID("$Id: afslog.c,v 1.21.2.1 2003/04/23 18:04:26 lha Exp $"); #endif #include <ctype.h> +#ifdef KRB5 #include <krb5.h> +#endif +#ifdef KRB4 +#include <krb.h> +#endif #include <kafs.h> #include <roken.h> #include <getarg.h> @@ -52,12 +57,24 @@ static char *realm; static getarg_strings files; static int unlog_flag; static int verbose; +#ifdef KRB4 +static int use_krb4 = 1; +#endif +#ifdef KRB5 +static int use_krb5 = 1; +#endif struct getargs args[] = { - { "cell", 'c', arg_strings, &cells, "cells to get tokens for", "cells" }, - { "file", 'p', arg_strings, &files, "files to get tokens for", "paths" }, + { "cell", 'c', arg_strings, &cells, "cells to get tokens for", "cell" }, + { "file", 'p', arg_strings, &files, "files to get tokens for", "path" }, { "realm", 'k', arg_string, &realm, "realm for afs cell", "realm" }, { "unlog", 'u', arg_flag, &unlog_flag, "remove tokens" }, +#ifdef KRB4 + { "v4", 0, arg_negative_flag, &use_krb4, "use Kerberos 4" }, +#endif +#ifdef KRB5 + { "v5", 0, arg_negative_flag, &use_krb5, "use Kerberos 5" }, +#endif #if 0 { "create-user", 0, arg_flag, &create_user, "create user if not found" }, #endif @@ -68,29 +85,49 @@ struct getargs args[] = { static int num_args = sizeof(args) / sizeof(args[0]); +#ifdef KRB5 +krb5_context context; +krb5_ccache id; +#endif + static const char * -expand_cell_name(const char *cell) +expand_one_file(FILE *f, const char *cell) { - FILE *f; - static char buf[128]; + static char buf[1024]; char *p; - f = fopen(_PATH_CELLSERVDB, "r"); - if(f == NULL) - return cell; while (fgets (buf, sizeof(buf), f) != NULL) { - if(buf[0] == '>'){ - for(p=buf; *p && !isspace((unsigned char)*p) && *p != '#'; p++) + if(buf[0] == '>') { + for(p = buf; *p && !isspace((unsigned char)*p) && *p != '#'; p++) ; *p = '\0'; - if(strstr(buf, cell)){ - fclose(f); + if(strncmp(buf + 1, cell, strlen(cell)) == 0) return buf + 1; - } } - buf[0] = 0; + buf[0] = '\0'; + } + return NULL; +} + +static const char * +expand_cell_name(const char *cell) +{ + FILE *f; + const char *c; + const char **fn, *files[] = { _PATH_CELLSERVDB, + _PATH_ARLA_CELLSERVDB, + _PATH_OPENAFS_DEBIAN_CELLSERVDB, + _PATH_ARLA_DEBIAN_CELLSERVDB, + NULL }; + for(fn = files; *fn; fn++) { + f = fopen(*fn, "r"); + if(f == NULL) + continue; + c = expand_one_file(f, cell); + fclose(f); + if(c) + return c; } - fclose(f); return cell; } @@ -134,50 +171,109 @@ createuser (char *cell) static void usage(int ecode) { - arg_printusage(args, num_args, NULL, "[cell]... [path]..."); + arg_printusage(args, num_args, NULL, "[cell|path]..."); exit(ecode); } +struct cell_list { + char *cell; + struct cell_list *next; +} *cell_list; + static int -afslog_cell(krb5_context context, krb5_ccache id, - const char *cell, int expand) +afslog_cell(const char *cell, int expand) { + struct cell_list *p, **q; const char *c = cell; if(expand){ c = expand_cell_name(cell); if(c == NULL){ - krb5_warnx(context, "No cell matching \"%s\" found.", cell); + warnx("No cell matching \"%s\" found.", cell); return -1; } - if(verbose) - krb5_warnx(context, "Cell \"%s\" expanded to \"%s\"", cell, c); + if(verbose && strcmp(c, cell) != 0) + warnx("Cell \"%s\" expanded to \"%s\"", cell, c); } - return krb5_afslog(context, id, c, realm); + /* add to list of cells to get tokens for, and also remove + duplicates; the actual afslog takes place later */ + for(p = cell_list, q = &cell_list; p; q = &p->next, p = p->next) + if(strcmp(p->cell, c) == 0) + return 0; + p = malloc(sizeof(*p)); + if(p == NULL) + return -1; + p->cell = strdup(c); + if(p->cell == NULL) { + free(p); + return -1; + } + p->next = NULL; + *q = p; + return 0; } static int -afslog_file(krb5_context context, krb5_ccache id, - const char *path) +afslog_file(const char *path) { char cell[64]; if(k_afs_cell_of_file(path, cell, sizeof(cell))){ - krb5_warnx(context, "No cell found for file \"%s\".", path); + warnx("No cell found for file \"%s\".", path); return -1; } if(verbose) - krb5_warnx(context, "File \"%s\" lives in cell \"%s\"", path, cell); - return afslog_cell(context, id, cell, 0); + warnx("File \"%s\" lives in cell \"%s\"", path, cell); + return afslog_cell(cell, 0); +} + +static int +do_afslog(const char *cell) +{ + int k5ret, k4ret; + + k5ret = k4ret = 0; + +#ifdef KRB5 + if(context != NULL && id != NULL && use_krb5) { + k5ret = krb5_afslog(context, id, cell, NULL); + if(k5ret == 0) + return 0; + } +#endif +#if KRB4 + if (use_krb4) { + k4ret = krb_afslog(cell, NULL); + if(k4ret == 0) + return 0; + } +#endif +#ifdef KRB5 + if (k5ret) + warnx("krb5_afslog(%s): %s", cell, krb5_get_err_text(context, k5ret)); +#endif +#ifdef KRB4 + if (k4ret) + warnx("krb_afslog(%s): %s", cell, krb_get_err_text(k4ret)); +#endif + if (k5ret || k4ret) + return 1; + return 0; +} + +static void +log_func(void *ctx, const char *str) +{ + fprintf(stderr, "%s\n", str); } int main(int argc, char **argv) { int optind = 0; - krb5_context context; - krb5_ccache id; int i; int num; int ret = 0; + int failed = 0; + struct cell_list *p; setprogname(argv[0]); @@ -190,42 +286,56 @@ main(int argc, char **argv) exit(0); } - ret = krb5_init_context(&context); - if (ret) - errx (1, "krb5_init_context failed: %d", ret); if(!k_hasafs()) - krb5_errx(context, 1, - "AFS doesn't seem to be present on this machine"); + errx(1, "AFS does not seem to be present on this machine"); if(unlog_flag){ k_unlog(); exit(0); } - krb5_cc_default(context, &id); +#ifdef KRB5 + ret = krb5_init_context(&context); + if (ret) + context = NULL; + else + if(krb5_cc_default(context, &id) != 0) + id = NULL; +#endif + + if (verbose) + kafs_set_verbose(log_func, NULL); + num = 0; for(i = 0; i < files.num_strings; i++){ - afslog_file(context, id, files.strings[i]); + afslog_file(files.strings[i]); num++; - free_getarg_strings (&files); } + free_getarg_strings (&files); for(i = 0; i < cells.num_strings; i++){ - afslog_cell(context, id, cells.strings[i], 1); + afslog_cell(cells.strings[i], 1); num++; - free_getarg_strings (&cells); } + free_getarg_strings (&cells); for(i = optind; i < argc; i++){ num++; if(strcmp(argv[i], ".") == 0 || strcmp(argv[i], "..") == 0 || strchr(argv[i], '/') || access(argv[i], F_OK) == 0) - afslog_file(context, id, argv[i]); + afslog_file(argv[i]); else - afslog_cell(context, id, argv[i], 1); + afslog_cell(argv[i], 1); } if(num == 0) { - krb5_afslog(context, id, NULL, NULL); + if(do_afslog(NULL)) + failed++; + } else + for(p = cell_list; p; p = p->next) { + if(verbose) + warnx("Getting tokens for cell \"%s\"", p->cell); + if(do_afslog(p->cell)) + failed++; } - return ret; + return failed; } diff --git a/crypto/heimdal/appl/ftp/ChangeLog b/crypto/heimdal/appl/ftp/ChangeLog index d6bbfdd..63abb9e 100644 --- a/crypto/heimdal/appl/ftp/ChangeLog +++ b/crypto/heimdal/appl/ftp/ChangeLog @@ -1,6 +1,58 @@ -2002-10-21 Johan Danielsson <joda@pdc.kth.se> +2003-04-16 Love Hörnquist Åstrand <lha@it.su.se> - * ftp/ftp.c: pull up 1.75; fix parsing of epsv ports + * ftpd/ftpd.c: make sure argument to is* functions are unsigned + +2003-04-06 Love Hörnquist Åstrand <lha@it.su.se> + + * ftpd/ftpd.8: s/kerberos/Kerberos/ + +2003-03-23 Assar Westerlund <assar@kth.se> + + * ftpd/pathnames.h (_PATH_FTPUSERS): conditionalize + +2003-03-18 Love Hörnquist Åstrand <lha@it.su.se> + + * ftpd/ftpd.c (krb5_verify): always do krb5_afslog, remove setpag + (its done in main) + + * ftpd/gss_userok.c: drop setpag + + * ftpd/ftpd.c (main): set afs PAG + + * ftpd/gss_userok.c: always try krb5_afslog, and while here do a + setpag too + + * ftpd/ftpd_locl.h: always include kafs + +2003-03-16 Love Hörnquist Åstrand <lha@it.su.se> + + * ftp/gssapi.c (gss_adat): now that gss_export_name exports a + principal, bandaid with gss_display_name, and check that oid is + GSS_KRB5_NT_PRINCIPAL_NAME, also free memory + +2003-02-25 Love Hörnquist Åstrand <lha@it.su.se> + + * ftp/gssapi.c (gss_auth): print out the name we authenticated too + +2003-02-25 Love Hörnquist Åstrand <lha@it.su.se> + + * ftpd/ls.c: use readlink with bufsize - 1, From NetBSD + + * ftp/ftp.1: s/utilizes/uses/ from NetBSD + + * ftpd/ftpd.8: s/utilize/use/ from NetBSD + +2003-02-10 Assar Westerlund <assar@kth.se> + + * ftpd/ftpd.c (accept_with_timeout): use socklen_t + +2002-10-29 Johan Danielsson <joda@pdc.kth.se> + + * ftp/main.c: reinstate -n flag (from Torbjörn Granlund) + +2002-10-16 Johan Danielsson <joda@pdc.kth.se> + + * ftp/ftp.c: fix parsing of epsv ports (from Love) 2002-09-05 Johan Danielsson <joda@pdc.kth.se> diff --git a/crypto/heimdal/appl/ftp/Makefile.in b/crypto/heimdal/appl/ftp/Makefile.in index c3bada8..987bb1d 100644 --- a/crypto/heimdal/appl/ftp/Makefile.in +++ b/crypto/heimdal/appl/ftp/Makefile.in @@ -18,7 +18,7 @@ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -228,10 +229,10 @@ all: all-recursive .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign appl/ftp/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) mostlyclean-libtool: @@ -429,7 +430,9 @@ info: info-recursive info-am: -install-data-am: install-data-local +install-data-am: + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: @$(NORMAL_INSTALL) @@ -458,15 +461,15 @@ uninstall-info: uninstall-info-recursive distclean distclean-generic distclean-libtool \ distclean-recursive distclean-tags distdir dvi dvi-am \ dvi-recursive info info-am info-recursive install install-am \ - install-data install-data-am install-data-local \ - install-data-recursive install-exec install-exec-am \ - install-exec-recursive install-info install-info-am \ - install-info-recursive install-man install-recursive \ - install-strip installcheck installcheck-am installdirs \ - installdirs-am installdirs-recursive maintainer-clean \ - maintainer-clean-generic maintainer-clean-recursive mostlyclean \ - mostlyclean-generic mostlyclean-libtool mostlyclean-recursive \ - tags tags-recursive uninstall uninstall-am uninstall-info-am \ + install-data install-data-am install-data-recursive \ + install-exec install-exec-am install-exec-recursive \ + install-info install-info-am install-info-recursive install-man \ + install-recursive install-strip installcheck installcheck-am \ + installdirs installdirs-am installdirs-recursive \ + maintainer-clean maintainer-clean-generic \ + maintainer-clean-recursive mostlyclean mostlyclean-generic \ + mostlyclean-libtool mostlyclean-recursive tags tags-recursive \ + uninstall uninstall-am uninstall-info-am \ uninstall-info-recursive uninstall-recursive @@ -593,7 +596,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/appl/ftp/common/Makefile.in b/crypto/heimdal/appl/ftp/common/Makefile.in index 48d9b22..78958a1 100644 --- a/crypto/heimdal/appl/ftp/common/Makefile.in +++ b/crypto/heimdal/appl/ftp/common/Makefile.in @@ -18,7 +18,7 @@ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -242,10 +243,10 @@ all: all-am .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign appl/ftp/common/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) AR = ar @@ -395,7 +396,9 @@ info: info-am info-am: -install-data-am: install-data-local +install-data-am: + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: @$(NORMAL_INSTALL) @@ -422,13 +425,12 @@ uninstall-am: uninstall-info-am clean-generic clean-libtool clean-noinstLIBRARIES distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am info info-am install \ - install-am install-data install-data-am install-data-local \ - install-exec install-exec-am install-info install-info-am \ - install-man install-strip installcheck installcheck-am \ - installdirs maintainer-clean maintainer-clean-generic \ - mostlyclean mostlyclean-compile mostlyclean-generic \ - mostlyclean-libtool tags uninstall uninstall-am \ - uninstall-info-am + install-am install-data install-data-am install-exec \ + install-exec-am install-info install-info-am install-man \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + tags uninstall uninstall-am uninstall-info-am install-suid-programs: @@ -554,7 +556,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/appl/ftp/ftp/Makefile.in b/crypto/heimdal/appl/ftp/ftp/Makefile.in index 1764c13..363332d 100644 --- a/crypto/heimdal/appl/ftp/ftp/Makefile.in +++ b/crypto/heimdal/appl/ftp/ftp/Makefile.in @@ -18,7 +18,7 @@ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -285,10 +286,10 @@ all: all-am .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign appl/ftp/ftp/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) binPROGRAMS_INSTALL = $(INSTALL_PROGRAM) install-binPROGRAMS: $(bin_PROGRAMS) @@ -498,7 +499,9 @@ info: info-am info-am: -install-data-am: install-data-local install-man +install-data-am: install-man + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: install-binPROGRAMS @$(NORMAL_INSTALL) @@ -528,9 +531,9 @@ uninstall-man: uninstall-man1 distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am info info-am install \ install-am install-binPROGRAMS install-data install-data-am \ - install-data-local install-exec install-exec-am install-info \ - install-info-am install-man install-man1 install-strip \ - installcheck installcheck-am installdirs maintainer-clean \ + install-exec install-exec-am install-info install-info-am \ + install-man install-man1 install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool tags uninstall \ uninstall-am uninstall-binPROGRAMS uninstall-info-am \ @@ -660,7 +663,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/appl/ftp/ftp/ftp.1 b/crypto/heimdal/appl/ftp/ftp/ftp.1 index 7e2d95b..edee182 100644 --- a/crypto/heimdal/appl/ftp/ftp/ftp.1 +++ b/crypto/heimdal/appl/ftp/ftp/ftp.1 @@ -1163,7 +1163,7 @@ auto-login process. .El .Sh ENVIRONMENT .Nm Ftp -utilizes the following environment variables. +uses the following environment variables. .Bl -tag -width Fl .It Ev HOME For default location of a diff --git a/crypto/heimdal/appl/ftp/ftp/ftp.c b/crypto/heimdal/appl/ftp/ftp/ftp.c index 186aba8..7313388 100644 --- a/crypto/heimdal/appl/ftp/ftp/ftp.c +++ b/crypto/heimdal/appl/ftp/ftp/ftp.c @@ -32,7 +32,7 @@ */ #include "ftp_locl.h" -RCSID ("$Id: ftp.c,v 1.74.4.1 2002/10/21 14:26:31 joda Exp $"); +RCSID ("$Id: ftp.c,v 1.75 2002/10/16 15:46:43 joda Exp $"); struct sockaddr_storage hisctladdr_ss; struct sockaddr *hisctladdr = (struct sockaddr *)&hisctladdr_ss; diff --git a/crypto/heimdal/appl/ftp/ftp/gssapi.c b/crypto/heimdal/appl/ftp/ftp/gssapi.c index af04c1a..40a5910 100644 --- a/crypto/heimdal/appl/ftp/ftp/gssapi.c +++ b/crypto/heimdal/appl/ftp/ftp/gssapi.c @@ -39,7 +39,7 @@ #include <gssapi.h> #include <krb5_err.h> -RCSID("$Id: gssapi.c,v 1.20 2002/09/04 22:00:50 joda Exp $"); +RCSID("$Id: gssapi.c,v 1.22 2003/03/16 19:40:18 lha Exp $"); struct gss_data { gss_ctx_id_t context_hdl; @@ -214,18 +214,28 @@ gss_adat(void *app_data, void *buf, size_t len) if(maj_stat == GSS_S_COMPLETE){ char *name; gss_buffer_desc export_name; - maj_stat = gss_export_name(&min_stat, client_name, &export_name); + gss_OID oid; + + maj_stat = gss_display_name(&min_stat, client_name, + &export_name, &oid); if(maj_stat != 0) { - reply(500, "Error exporting name"); + reply(500, "Error displaying name"); + goto out; + } + /* XXX kerberos */ + if(oid != GSS_KRB5_NT_PRINCIPAL_NAME) { + reply(500, "OID not kerberos principal name"); + gss_release_buffer(&min_stat, &export_name); goto out; } name = realloc(export_name.value, export_name.length + 1); if(name == NULL) { reply(500, "Out of memory"); - free(export_name.value); + gss_release_buffer(&min_stat, &export_name); goto out; } name[export_name.length] = '\0'; + gss_release_buffer(&min_stat, &export_name); d->client_name = name; if(p) reply(235, "ADAT=%s", p); @@ -423,6 +433,35 @@ gss_auth(void *app_data, char *host) context_established = 1; } } + + { + gss_name_t targ_name; + + maj_stat = gss_inquire_context(&min_stat, + d->context_hdl, + NULL, + &targ_name, + NULL, + NULL, + NULL, + NULL, + NULL); + if (GSS_ERROR(maj_stat) == 0) { + gss_buffer_desc name; + maj_stat = gss_display_name (&min_stat, + targ_name, + &name, + NULL); + if (GSS_ERROR(maj_stat) == 0) { + printf("Authenticated to <%s>\n", (char *)name.value); + gss_release_buffer(&min_stat, &name); + } + gss_release_name(&min_stat, &targ_name); + } else + printf("Failed to get gss name of peer.\n"); + } + + return AUTH_OK; } diff --git a/crypto/heimdal/appl/ftp/ftp/main.c b/crypto/heimdal/appl/ftp/ftp/main.c index f0fc9fa..b6edaab 100644 --- a/crypto/heimdal/appl/ftp/ftp/main.c +++ b/crypto/heimdal/appl/ftp/ftp/main.c @@ -38,7 +38,7 @@ #include "ftp_locl.h" #include <getarg.h> -RCSID("$Id: main.c,v 1.32 2002/08/23 19:11:03 assar Exp $"); +RCSID("$Id: main.c,v 1.33 2002/10/29 09:47:51 joda Exp $"); static int help_flag; static int version_flag; @@ -53,6 +53,8 @@ struct getargs getargs[] = { "Turn off interactive prompting", NULL}, { NULL, 'l', arg_negative_flag, &lineedit, "Turn off line editing", NULL}, + { NULL, 'n', arg_negative_flag, &autologin, + "Turn off auto-login", NULL}, { NULL, 'p', arg_flag, &passivemode, "passive mode", NULL}, { NULL, 't', arg_counter, &trace, diff --git a/crypto/heimdal/appl/ftp/ftpd/Makefile.in b/crypto/heimdal/appl/ftp/ftpd/Makefile.in index 90f8209..33e3c36 100644 --- a/crypto/heimdal/appl/ftp/ftpd/Makefile.in +++ b/crypto/heimdal/appl/ftp/ftpd/Makefile.in @@ -18,7 +18,7 @@ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -251,18 +252,13 @@ am_ftpd_OBJECTS = ftpcmd.$(OBJEXT) ftpd.$(OBJEXT) logwtmp.$(OBJEXT) \ $(am__objects_1) $(am__objects_2) ftpd_OBJECTS = $(am_ftpd_OBJECTS) ftpd_LDADD = $(LDADD) -@KRB4_FALSE@@KRB5_TRUE@ftpd_DEPENDENCIES = ../common/libcommon.a \ -@KRB4_FALSE@@KRB5_TRUE@ $(top_builddir)/lib/gssapi/libgssapi.la \ -@KRB4_FALSE@@KRB5_TRUE@ $(top_builddir)/lib/krb5/libkrb5.la \ -@KRB4_FALSE@@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la -@KRB4_FALSE@@KRB5_FALSE@ftpd_DEPENDENCIES = ../common/libcommon.a -@KRB4_TRUE@@KRB5_TRUE@ftpd_DEPENDENCIES = ../common/libcommon.a \ -@KRB4_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/gssapi/libgssapi.la \ -@KRB4_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/krb5/libkrb5.la \ -@KRB4_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la \ -@KRB4_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/kafs/libkafs.la -@KRB4_TRUE@@KRB5_FALSE@ftpd_DEPENDENCIES = ../common/libcommon.a \ -@KRB4_TRUE@@KRB5_FALSE@ $(top_builddir)/lib/kafs/libkafs.la +@KRB5_TRUE@ftpd_DEPENDENCIES = ../common/libcommon.a \ +@KRB5_TRUE@ $(top_builddir)/lib/gssapi/libgssapi.la \ +@KRB5_TRUE@ $(top_builddir)/lib/krb5/libkrb5.la \ +@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la \ +@KRB5_TRUE@ $(top_builddir)/lib/kafs/libkafs.la +@KRB5_FALSE@ftpd_DEPENDENCIES = ../common/libcommon.a \ +@KRB5_FALSE@ $(top_builddir)/lib/kafs/libkafs.la ftpd_LDFLAGS = DEFS = @DEFS@ @@ -291,10 +287,10 @@ all: all-am .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj .y -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign appl/ftp/ftpd/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM) install-libexecPROGRAMS: $(libexec_PROGRAMS) @@ -565,7 +561,9 @@ info: info-am info-am: -install-data-am: install-data-local install-man +install-data-am: install-man + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: install-libexecPROGRAMS @$(NORMAL_INSTALL) @@ -594,8 +592,8 @@ uninstall-man: uninstall-man5 uninstall-man8 clean-generic clean-libexecPROGRAMS clean-libtool distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am info info-am install \ - install-am install-data install-data-am install-data-local \ - install-exec install-exec-am install-info install-info-am \ + install-am install-data install-data-am install-exec \ + install-exec-am install-info install-info-am \ install-libexecPROGRAMS install-man install-man5 install-man8 \ install-strip installcheck installcheck-am installdirs \ maintainer-clean maintainer-clean-generic mostlyclean \ @@ -728,7 +726,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpd.8 b/crypto/heimdal/appl/ftp/ftpd/ftpd.8 index 5539d56..01f6275 100644 --- a/crypto/heimdal/appl/ftp/ftpd/ftpd.8 +++ b/crypto/heimdal/appl/ftp/ftpd/ftpd.8 @@ -269,7 +269,7 @@ interprets file names according to the .Dq globbing conventions used by .Xr csh 1 . -This allows users to utilize the metacharacters +This allows users to use the metacharacters .Dq Li \&*?[]{}~ . .Pp .Nm Ftpd @@ -281,7 +281,7 @@ If Kerberos authentication is used, the user must pass valid tickets and the principal must be allowed to login as the remote user. .It The login name must be in the password data base, and not have a null -password (if kerberos is used the password field is not checked). In +password (if Kerberos is used the password field is not checked). In this case a password must be provided by the client before any file operations may be performed. If the user has an OTP key, the response from a successful USER command will include an OTP challenge. The diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpd.c b/crypto/heimdal/appl/ftp/ftpd/ftpd.c index c1720ba..9598362 100644 --- a/crypto/heimdal/appl/ftp/ftpd/ftpd.c +++ b/crypto/heimdal/appl/ftp/ftpd/ftpd.c @@ -38,7 +38,7 @@ #endif #include "getarg.h" -RCSID("$Id: ftpd.c,v 1.161 2002/02/28 15:50:14 joda Exp $"); +RCSID("$Id: ftpd.c,v 1.166 2003/04/16 15:02:05 lha Exp $"); static char version[] = "Version 6.00"; @@ -322,7 +322,7 @@ main(int argc, char **argv) if(sp) port = sp->s_port; else - if(isdigit(port_string[0])) + if(isdigit((unsigned char)port_string[0])) port = htons(atoi(port_string)); else warnx("bad value for -p"); @@ -871,12 +871,9 @@ krb5_verify(struct passwd *pwd, char *passwd) 1, NULL); krb5_free_principal(context, princ); -#ifdef KRB4 if (k_hasafs()) { - k_setpag(); krb5_afslog_uid_home(context, id,NULL, NULL,pwd->pw_uid, pwd->pw_dir); } -#endif /* KRB4 */ krb5_cc_destroy(context, id); krb5_free_context (context); if(ret) @@ -1106,9 +1103,9 @@ done: int filename_check(char *filename) { - char *p; + unsigned char *p; - p = strrchr(filename, '/'); + p = (unsigned char *)strrchr(filename, '/'); if(p) filename = p + 1; @@ -1248,7 +1245,7 @@ bad: static int accept_with_timeout(int socket, struct sockaddr *address, - size_t *address_len, + socklen_t *address_len, struct timeval *timeout) { int ret; diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpd_locl.h b/crypto/heimdal/appl/ftp/ftpd/ftpd_locl.h index 1497b43..67a02f5 100644 --- a/crypto/heimdal/appl/ftp/ftpd/ftpd_locl.h +++ b/crypto/heimdal/appl/ftp/ftpd/ftpd_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: ftpd_locl.h,v 1.12 2000/09/19 13:16:44 assar Exp $ */ +/* $Id: ftpd_locl.h,v 1.13 2003/03/18 13:37:13 lha Exp $ */ #ifndef __ftpd_locl_h__ #define __ftpd_locl_h__ @@ -148,6 +148,9 @@ #ifdef KRB4 #include <krb.h> +#endif + +#if defined(KRB4) || defined(KRB5) #include <kafs.h> #endif diff --git a/crypto/heimdal/appl/ftp/ftpd/gss_userok.c b/crypto/heimdal/appl/ftp/ftpd/gss_userok.c index ec263d0..11a2e75 100644 --- a/crypto/heimdal/appl/ftp/ftpd/gss_userok.c +++ b/crypto/heimdal/appl/ftp/ftpd/gss_userok.c @@ -35,7 +35,7 @@ #include <gssapi.h> #include <krb5.h> -RCSID("$Id: gss_userok.c,v 1.8 2001/08/05 06:38:57 assar Exp $"); +RCSID("$Id: gss_userok.c,v 1.10 2003/03/18 13:56:35 lha Exp $"); /* XXX a bit too much of krb5 dependency here... What is the correct way to do this? @@ -103,11 +103,9 @@ gss_userok(void *app_data, char *username) chown (ticketfile+5, pw->pw_uid, pw->pw_gid); -#ifdef KRB4 if (k_hasafs()) { - krb5_afslog(gssapi_krb5_context, ccache, 0, 0); + krb5_afslog(gssapi_krb5_context, ccache, 0, 0); } -#endif esetenv ("KRB5CCNAME", ticketfile, 1); fail: diff --git a/crypto/heimdal/appl/ftp/ftpd/ls.c b/crypto/heimdal/appl/ftp/ftpd/ls.c index 0a3c994..f8ec4ad 100644 --- a/crypto/heimdal/appl/ftp/ftpd/ls.c +++ b/crypto/heimdal/appl/ftp/ftpd/ls.c @@ -33,7 +33,7 @@ #ifndef TEST #include "ftpd_locl.h" -RCSID("$Id: ls.c,v 1.25 2002/08/22 08:31:03 joda Exp $"); +RCSID("$Id: ls.c,v 1.26 2003/02/25 10:51:30 lha Exp $"); #else #include <stdio.h> @@ -268,7 +268,7 @@ make_fileinfo(FILE *out, const char *filename, struct fileinfo *file, int flags) } if(S_ISLNK(st->st_mode)) { int n; - n = readlink((char *)filename, buf, sizeof(buf)); + n = readlink((char *)filename, buf, sizeof(buf) - 1); if(n >= 0) { buf[n] = '\0'; file->link = strdup(buf); diff --git a/crypto/heimdal/appl/ftp/ftpd/pathnames.h b/crypto/heimdal/appl/ftp/ftpd/pathnames.h index 62ce103..e4f5b44 100644 --- a/crypto/heimdal/appl/ftp/ftpd/pathnames.h +++ b/crypto/heimdal/appl/ftp/ftpd/pathnames.h @@ -49,7 +49,10 @@ #define _PATH_BSHELL "/bin/sh" #endif +#ifndef _PATH_FTPUSERS #define _PATH_FTPUSERS SYSCONFDIR "/ftpusers" +#endif + #define _PATH_FTPCHROOT SYSCONFDIR "/ftpchroot" #define _PATH_FTPWELCOME SYSCONFDIR "/ftpwelcome" #define _PATH_FTPLOGINMESG SYSCONFDIR "/motd" diff --git a/crypto/heimdal/appl/kf/Makefile.in b/crypto/heimdal/appl/kf/Makefile.in index c932138..90c9657 100644 --- a/crypto/heimdal/appl/kf/Makefile.in +++ b/crypto/heimdal/appl/kf/Makefile.in @@ -18,7 +18,7 @@ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -261,10 +262,10 @@ all: all-am .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign appl/kf/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) binPROGRAMS_INSTALL = $(INSTALL_PROGRAM) install-binPROGRAMS: $(bin_PROGRAMS) @@ -544,7 +545,9 @@ info: info-am info-am: -install-data-am: install-data-local install-man +install-data-am: install-man + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: install-binPROGRAMS install-libexecPROGRAMS @$(NORMAL_INSTALL) @@ -575,10 +578,10 @@ uninstall-man: uninstall-man1 uninstall-man8 clean-libtool distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am info \ info-am install install-am install-binPROGRAMS install-data \ - install-data-am install-data-local install-exec install-exec-am \ - install-info install-info-am install-libexecPROGRAMS \ - install-man install-man1 install-man8 install-strip \ - installcheck installcheck-am installdirs maintainer-clean \ + install-data-am install-exec install-exec-am install-info \ + install-info-am install-libexecPROGRAMS install-man \ + install-man1 install-man8 install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool tags uninstall \ uninstall-am uninstall-binPROGRAMS uninstall-info-am \ @@ -709,7 +712,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/appl/kf/kf.1 b/crypto/heimdal/appl/kf/kf.1 index 3836a07..2426063 100644 --- a/crypto/heimdal/appl/kf/kf.1 +++ b/crypto/heimdal/appl/kf/kf.1 @@ -1,14 +1,42 @@ -.\" Things to fix: -.\" * correct section, and operating system -.\" * remove Op from mandatory flags -.\" * use better macros for arguments (like .Pa for files) +.\" Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: kf.1,v 1.6 2003/04/11 12:43:57 lha Exp $ .\" .Dd July 2, 2000 .Dt KF 1 .Os Heimdal .Sh NAME .Nm kf -.Nd securly forward tickets +.Nd securely forward tickets .Sh SYNOPSIS .Nm .Oo @@ -31,7 +59,7 @@ .Sh DESCRIPTION The .Nm -program forwards tickets to a remove host through an authenticated +program forwards tickets to a remote host through an authenticated and encrypted stream. Options supported are: .Bl -tag -width indent @@ -60,16 +88,16 @@ do not forward forwardable credentials .Pp .Nm is useful when you do not want to enter your password on a remote host -but want to have your tickets one for example afs. +but want to have your tickets one for example AFS. .Pp In order for .Nm to work you will need to acquire your initial ticket with forwardable -flag, ie +flag, i.e. .Nm kinit Fl -forwardable . .Pp .Nm telnet -is able to forward ticket by itself. +is able to forward tickets by itself. .\".Sh ENVIRONMENT .\".Sh FILES .\".Sh EXAMPLES diff --git a/crypto/heimdal/appl/kf/kfd.8 b/crypto/heimdal/appl/kf/kfd.8 index 7276e3b..94d26cc 100644 --- a/crypto/heimdal/appl/kf/kfd.8 +++ b/crypto/heimdal/appl/kf/kfd.8 @@ -1,7 +1,35 @@ -.\" Things to fix: -.\" * correct section, and operating system -.\" * remove Op from mandatory flags -.\" * use better macros for arguments (like .Pa for files) +.\" Copyright (c) 2000 - 2002 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: kfd.8,v 1.4 2003/02/16 21:10:05 lha Exp $ .\" .Dd July 2, 2000 .Dt KFD 8 diff --git a/crypto/heimdal/appl/kf/kfd.c b/crypto/heimdal/appl/kf/kfd.c index 7f6ea28..c358b54 100644 --- a/crypto/heimdal/appl/kf/kfd.c +++ b/crypto/heimdal/appl/kf/kfd.c @@ -32,7 +32,7 @@ */ #include "kf_locl.h" -RCSID("$Id: kfd.c,v 1.10 2002/09/04 20:31:48 joda Exp $"); +RCSID("$Id: kfd.c,v 1.11 2003/04/16 15:40:24 lha Exp $"); krb5_context context; char krb5_tkfile[MAXPATHLEN]; @@ -260,10 +260,10 @@ proto (int sock, const char *service) (char *)(remotename.data),ccname); out: if (status) { - strcpy(ret_string, "no"); + strlcpy(ret_string, "no", sizeof(ret_string)); krb5_warnx(context, "failed"); } else { - strcpy(ret_string, "ok"); + strlcpy(ret_string, "ok", sizeof(ret_string)); } krb5_data_free (&tk_file); diff --git a/crypto/heimdal/appl/login/ChangeLog b/crypto/heimdal/appl/login/ChangeLog index 7c7fc1e..9fcd5d2 100644 --- a/crypto/heimdal/appl/login/ChangeLog +++ b/crypto/heimdal/appl/login/ChangeLog @@ -1,3 +1,18 @@ +2003-03-24 Johan Danielsson <joda@pdc.kth.se> + + * Makefile.am: install man pages + + * login.1: manpage for login + + * login.c: allow "welcome" as well as "motd" in login.conf + + * login.access.5: login.access manual page + +2003-03-18 Love Hörnquist Åstrand <lha@it.su.se> + + * login.c: also need pag_set + * login.c: if there is kerberos 5, call krb5_afslog\* + 2002-08-23 Johan Danielsson <joda@pdc.kth.se> * login.c: if motd is set in login.conf, output its contents diff --git a/crypto/heimdal/appl/login/Makefile.am b/crypto/heimdal/appl/login/Makefile.am index ccf9723..860ce70 100644 --- a/crypto/heimdal/appl/login/Makefile.am +++ b/crypto/heimdal/appl/login/Makefile.am @@ -1,9 +1,11 @@ -# $Id: Makefile.am,v 1.20 2002/08/19 17:00:36 joda Exp $ +# $Id: Makefile.am,v 1.21 2003/03/24 16:15:48 joda Exp $ include $(top_srcdir)/Makefile.am.common INCLUDES += $(INCLUDE_krb4) +man_MANS = login.1 login.access.5 + bin_PROGRAMS = login login_SOURCES = \ diff --git a/crypto/heimdal/appl/login/Makefile.in b/crypto/heimdal/appl/login/Makefile.in index a120639..3030ed1 100644 --- a/crypto/heimdal/appl/login/Makefile.in +++ b/crypto/heimdal/appl/login/Makefile.in @@ -14,11 +14,11 @@ @SET_MAKE@ -# $Id: Makefile.am,v 1.20 2002/08/19 17:00:36 joda Exp $ +# $Id: Makefile.am,v 1.21 2003/03/24 16:15:48 joda Exp $ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -201,6 +202,8 @@ NROFF_MAN = groff -mandoc -Tascii @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la +man_MANS = login.1 login.access.5 + bin_PROGRAMS = login login_SOURCES = \ @@ -242,11 +245,9 @@ am_login_OBJECTS = conf.$(OBJEXT) env.$(OBJEXT) login.$(OBJEXT) \ utmp_login.$(OBJEXT) utmpx_login.$(OBJEXT) login_OBJECTS = $(am_login_OBJECTS) login_LDADD = $(LDADD) -@KRB4_TRUE@login_DEPENDENCIES = $(top_builddir)/lib/kafs/libkafs.la \ -@KRB4_TRUE@ $(top_builddir)/lib/krb5/libkrb5.la \ -@KRB4_TRUE@ $(top_builddir)/lib/asn1/libasn1.la -@KRB4_FALSE@login_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \ -@KRB4_FALSE@ $(top_builddir)/lib/asn1/libasn1.la +login_DEPENDENCIES = $(top_builddir)/lib/kafs/libkafs.la \ + $(top_builddir)/lib/krb5/libkrb5.la \ + $(top_builddir)/lib/asn1/libasn1.la login_LDFLAGS = DEFS = @DEFS@ @@ -265,6 +266,7 @@ LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(AM_LDFLAGS) $(LDFLAGS) -o $@ CFLAGS = @CFLAGS@ DIST_SOURCES = $(login_SOURCES) +MANS = $(man_MANS) DIST_COMMON = ChangeLog Makefile.am Makefile.in SOURCES = $(login_SOURCES) @@ -272,10 +274,10 @@ all: all-am .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign appl/login/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) binPROGRAMS_INSTALL = $(INSTALL_PROGRAM) install-binPROGRAMS: $(bin_PROGRAMS) @@ -333,6 +335,84 @@ distclean-libtool: -rm -f libtool uninstall-info-am: +man1dir = $(mandir)/man1 +install-man1: $(man1_MANS) $(man_MANS) + @$(NORMAL_INSTALL) + $(mkinstalldirs) $(DESTDIR)$(man1dir) + @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \ + l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ + for i in $$l2; do \ + case "$$i" in \ + *.1*) list="$$list $$i" ;; \ + esac; \ + done; \ + for i in $$list; do \ + if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ + else file=$$i; fi; \ + ext=`echo $$i | sed -e 's/^.*\\.//'`; \ + inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ + inst=`echo $$inst | sed -e 's/^.*\///'`; \ + inst=`echo $$inst | sed '$(transform)'`.$$ext; \ + echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst"; \ + $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst; \ + done +uninstall-man1: + @$(NORMAL_UNINSTALL) + @list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \ + l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ + for i in $$l2; do \ + case "$$i" in \ + *.1*) list="$$list $$i" ;; \ + esac; \ + done; \ + for i in $$list; do \ + ext=`echo $$i | sed -e 's/^.*\\.//'`; \ + inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ + inst=`echo $$inst | sed -e 's/^.*\///'`; \ + inst=`echo $$inst | sed '$(transform)'`.$$ext; \ + echo " rm -f $(DESTDIR)$(man1dir)/$$inst"; \ + rm -f $(DESTDIR)$(man1dir)/$$inst; \ + done + +man5dir = $(mandir)/man5 +install-man5: $(man5_MANS) $(man_MANS) + @$(NORMAL_INSTALL) + $(mkinstalldirs) $(DESTDIR)$(man5dir) + @list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \ + l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ + for i in $$l2; do \ + case "$$i" in \ + *.5*) list="$$list $$i" ;; \ + esac; \ + done; \ + for i in $$list; do \ + if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ + else file=$$i; fi; \ + ext=`echo $$i | sed -e 's/^.*\\.//'`; \ + inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ + inst=`echo $$inst | sed -e 's/^.*\///'`; \ + inst=`echo $$inst | sed '$(transform)'`.$$ext; \ + echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man5dir)/$$inst"; \ + $(INSTALL_DATA) $$file $(DESTDIR)$(man5dir)/$$inst; \ + done +uninstall-man5: + @$(NORMAL_UNINSTALL) + @list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \ + l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ + for i in $$l2; do \ + case "$$i" in \ + *.5*) list="$$list $$i" ;; \ + esac; \ + done; \ + for i in $$list; do \ + ext=`echo $$i | sed -e 's/^.*\\.//'`; \ + inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ + inst=`echo $$inst | sed -e 's/^.*\///'`; \ + inst=`echo $$inst | sed '$(transform)'`.$$ext; \ + echo " rm -f $(DESTDIR)$(man5dir)/$$inst"; \ + rm -f $(DESTDIR)$(man5dir)/$$inst; \ + done + ETAGS = etags ETAGSFLAGS = @@ -400,10 +480,10 @@ distdir: $(DISTFILES) check-am: all-am $(MAKE) $(AM_MAKEFLAGS) check-local check: check-am -all-am: Makefile $(PROGRAMS) all-local +all-am: Makefile $(PROGRAMS) $(MANS) all-local installdirs: - $(mkinstalldirs) $(DESTDIR)$(bindir) + $(mkinstalldirs) $(DESTDIR)$(bindir) $(DESTDIR)$(man1dir) $(DESTDIR)$(man5dir) install: install-am install-exec: install-exec-am @@ -446,7 +526,9 @@ info: info-am info-am: -install-data-am: install-data-local +install-data-am: install-man + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: install-binPROGRAMS @$(NORMAL_INSTALL) @@ -454,7 +536,7 @@ install-exec-am: install-binPROGRAMS install-info: install-info-am -install-man: +install-man: install-man1 install-man5 installcheck-am: @@ -467,19 +549,22 @@ mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool -uninstall-am: uninstall-binPROGRAMS uninstall-info-am +uninstall-am: uninstall-binPROGRAMS uninstall-info-am uninstall-man + +uninstall-man: uninstall-man1 uninstall-man5 .PHONY: GTAGS all all-am all-local check check-am check-local clean \ clean-binPROGRAMS clean-generic clean-libtool distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am info info-am install \ install-am install-binPROGRAMS install-data install-data-am \ - install-data-local install-exec install-exec-am install-info \ - install-info-am install-man install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ + install-exec install-exec-am install-info install-info-am \ + install-man install-man1 install-man5 install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool tags uninstall \ - uninstall-am uninstall-binPROGRAMS uninstall-info-am + uninstall-am uninstall-binPROGRAMS uninstall-info-am \ + uninstall-man uninstall-man1 uninstall-man5 install-suid-programs: @@ -605,7 +690,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/appl/login/login.1 b/crypto/heimdal/appl/login/login.1 new file mode 100644 index 0000000..b0c9a6c --- /dev/null +++ b/crypto/heimdal/appl/login/login.1 @@ -0,0 +1,226 @@ +.\" $Id: login.1,v 1.1 2003/03/24 16:15:12 joda Exp $ +.\" +.Dd March 24, 2003 +.Dt LOGIN 1 +.Os HEIMDAL +.Sh NAME +.Nm login +.Nd +authenticate a user and start new session +.Sh SYNOPSIS +.Nm +.Op Fl fp +.Op Fl a Ar level +.Op Fl h Ar hostname +.Ar [username] +.Sh DESCRIPTION +This manual page documents the +.Nm login +program distributed with the Heimdal Kerberos 5 implementation, it may +differ in important ways from your system version. +.Pp +The +.Nm login +programs logs users into the system. It is intended to be run by +system daemons like +.Xr getty 8 +or +.Xr telnetd 8 . +If you are already logged in, but want to change to another user, you +should use +.Xr su 1 . +.Pp +A username can be given on the command line, else one will be prompted +for. +.Pp +A password is required to login, unless the +.Fl f +option is given (indicating that the calling program has already done +proper authentication). With +.Fl f +the user will be logged in without further questions. +.Pp +For password authentication Kerberos 5, Kerberos 4 (if compiled in), +OTP (if compiled in) and local +.No ( Pa /etc/passwd ) +passwords are supported. OTP will be used if the the user is +registered to use it, and +.Nm login +is given the option +.Fl a Li otp . +When using OTP, a challenge is shown to the user. +.Pp +Further options are: +.Bl -tag -width Ds +.It Fl a Ar string +Which authentication mode to use, the only supported value is +currently +.Dq otp . +.It Fl f +Indicates that the user is already authenticated. This happens, for +instance, when login is started by telnetd, and the user has proved +authentic via Kerberos. +.It Fl h Ar hostname +Indicates which host the user is logging in from. This is passed from +telnetd, and is entered into the login database. +.It Fl p +This tells +.Nm login +to preserve all environment variables. If not given, only the +.Dv TERM +and +.Dv TZ +variables are preserved. It could be a security risk to pass random +variables to +.Nm login +or the user shell, so the calling daemon should make sure it only +passes +.Dq safe +variables. +.El +.Pp +The process of logging user in proceeds as follows. +.Pp +First a check is made that logins are allowed at all. This usually +means checking +.Pa /etc/nologin . +If it exists, and the user trying to login is not root, the contents +is printed, and then login exits. +.Pp +Then various system parameters are set up, like changing the owner of +the tty to the user, setting up signals, setting the group list, and +user and group id. Also various machine specific tasks are performed. +.Pp +Next +.Nm login +changes to the users home directory, or if that fails, to +.Pa / . +The environment is setup, by adding some required variables (such as +.Dv PATH ) , +and also authentication related ones (such as +.Dv KRB5CCNAME ) . +If an environment file exists +.No ( Pa /etc/environment ) , +variables are set according to +it. +.Pp +If one or more login message files are configured, their contents is +printed to the terminal. +.Pp +If a login time command is configured, it is executed. A logout time +command can also be configured, which makes +.Nm login +fork, and wait for the user shell to exit, and then run the command. +This can be used to clean up user credentials. +.Pp +Finally, the user's shell is executed. If the user logging in is root, +and root's login shell does not exist, a default shell (usually +.Pa /bin/sh ) +is also tried before giving up. +.Sh ENVIRONMENT +These environment variables are set by login (not including ones set by +.Pa /etc/environment ) : +.Pp +.Bl -tag -compact -width USERXXLOGNAME +.It Dv PATH +the default system path +.It Dv HOME +the user's home directory (or possibly +.Pa / ) +.It Dv USER , Dv LOGNAME +both set to the username +.It Dv SHELL +the user's shell +.It Dv TERM , Dv TZ +set to whatever is passed to +.Nm login +.It Dv KRB5CCNAME +if the password is verified via Kerberos 5, this will point to the +credentials cache file +.It Dv KRBTKFILE +if the password is verified via Kerberos 4, this will point to the +ticket file +.El +.Sh FILES +.Bl -tag -compact -width Ds +.It Pa /etc/environment +Contains a set of environment variables that should be set in addition +to the ones above. It should contain sh-style assignments like +.Dq VARIABLE=value . +Note that they are not parsed the way a shell would. No variable +expansion is performed, and all strings are literal, and quotation +marks should not be used. Everything after a hash mark is considered a +comment. The following are all different (the last will set the +variable +.Dv BAR , +not +.Dv FOO ) . +.Bd -literal -offset indent +FOO=this is a string +FOO="this is a string" +BAR= FOO='this is a string' +.Ed +.It Pa /etc/login.access +See +.Xr login.access 5 . +.It Pa /etc/login.conf +This is a termcap style configuration file, that contains various +settings used by +.Nm login . +Currently only the +.Dq default +capability record is used. The possible capability strings include: +.Pp +.Bl -tag -compact -width Ds +.It Li environment +This is a comma separated list of environment files that are read in +the order specified. If this is missing the default +.Pa /etc/environment +is used. +.It Li login_program +This program will be executed just before the user's shell is started. +It will be called without arguments. +.It Li logout_program +This program will be executed just after the user's shell has +terminated. It will be called without arguments. This program will be +the parent process of the spawned shell. +.It Li motd +A comma separated list of text files that will be printed to the +user's terminal before starting the shell. The string +.Li welcome +works similarly, but points to a single file. +.El +.It Pa /etc/nologin +If it exists, login is denied to all but root. The contents of this +file is printed before login exits. +.El +.Pp +Other +.Nm login +programs typically print all sorts of information by default, such as +last time you logged in, if you have mail, and system message files. +This version of +.Nm login +does not, so there is no reason for +.Pa .hushlogin +files or similar. We feel that these tasks are best left to the user's +shell, but the +.Li login_program +facility allows for a shell independent solution, if that is desired. +.Sh EXAMPLES +A +.Pa login.conf +file could look like: +.Bd -literal -offset indent +default:\\ + :motd=/etc/motd,/etc/motd.local: +.Ed +.Sh SEE ALSO +.Xr su 1 , +.Xr login.access 5 , +.Xr getty 8 , +.Xr telnetd 8 +.Sh AUTHORS +This login program was written for the Heimdal Kerberos 5 +implementation. The login.access code was written by Wietse Venema. +.\".Sh BUGS diff --git a/crypto/heimdal/appl/login/login.access.5 b/crypto/heimdal/appl/login/login.access.5 new file mode 100644 index 0000000..be8828c --- /dev/null +++ b/crypto/heimdal/appl/login/login.access.5 @@ -0,0 +1,56 @@ +.\" $Id: login.access.5,v 1.1 2003/03/24 15:49:30 joda Exp $ +.\" +.Dd March 21, 2003 +.Dt LOGIN.ACCESS 5 +.Os HEIMDAL +.Sh NAME +.Nm login.access +.Nd +login access control table +.Sh DESCRIPTION +The +.Nm login.access +file specifies on which ttys or from which hosts certain users are +allowed to login. +.Pp +At login, the +.Pa /etc/login.access +file is checked for the first entry that matches a specific user/host +or user/tty combination. That entry can either allow or deny login +access to that user. +.Pp +Each entry have three fields separated by colon: +.Bl -bullet +.It +The first field indicates the permission given if the entry matches. +It can be either +.Dq + +(allow access) +or +.Dq - +(deny access) . +.It +The second field is a comma separated list of users or groups for +which the current entry applies. NIS netgroups can used (if +configured) if preceeded by @. The magic string ALL matches all users. +A group will match if the user is a member of that group, or it is the +user's primary group. +.It +The third field is a list of ttys, or network names. A network name +can be either a hostname, a domain (indicated by a starting period), +or a netgroup. As with the user list, ALL matches anything. LOCAL +matches a string not containing a period. +.El +.Pp +If the string EXCEPT is found in either the user or from list, the +rest of the list are exceptions to the list before EXCEPT. +.Sh BUGS +If there's a user and a group with the same name, there is no way to +make the group match if the user also matches. +.Sh SEE ALSO +.Xr login 1 +.Sh AUTHORS +The +.Fn login_access +function was written by +Wietse Venema. This manual page was written for Heimdal. diff --git a/crypto/heimdal/appl/login/login.c b/crypto/heimdal/appl/login/login.c index 4c777f9..ee5be48 100644 --- a/crypto/heimdal/appl/login/login.c +++ b/crypto/heimdal/appl/login/login.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -39,7 +39,7 @@ #include <sys/capability.h> #endif -RCSID("$Id: login.c,v 1.56 2002/08/23 12:11:09 joda Exp $"); +RCSID("$Id: login.c,v 1.59 2003/03/24 15:57:10 joda Exp $"); static int login_timeout = 60; @@ -142,9 +142,7 @@ otp_verify(struct passwd *pwd, const char *password) #endif /* OTP */ -#ifdef KRB4 static int pag_set = 0; -#endif #ifdef KRB5 static krb5_context context; @@ -269,8 +267,6 @@ krb5_finish (void) krb5_free_context(context); } -#ifdef KRB4 - static void krb5_get_afs_tokens (const struct passwd *pwd) { @@ -300,8 +296,6 @@ krb5_get_afs_tokens (const struct passwd *pwd) } } -#endif /* KRB4 */ - #endif /* KRB5 */ #ifdef KRB4 @@ -598,9 +592,10 @@ do_login(const struct passwd *pwd, char *tty, char *ttyn) krb5_cc_close (context, id); } } +#endif /* KRB4 */ krb5_get_afs_tokens (pwd); -#endif /* KRB4 */ + krb5_finish (); #endif /* KRB5 */ @@ -634,6 +629,10 @@ do_login(const struct passwd *pwd, char *tty, char *ttyn) continue; show_file(buf); } + } else { + str = login_conf_get_string("welcome"); + if(str != NULL) + show_file(str); } } add_env("HOME", home_dir); diff --git a/crypto/heimdal/appl/push/ChangeLog b/crypto/heimdal/appl/push/ChangeLog index edfc73d..e90e34e8 100644 --- a/crypto/heimdal/appl/push/ChangeLog +++ b/crypto/heimdal/appl/push/ChangeLog @@ -1,3 +1,12 @@ +2003-04-03 Assar Westerlund <assar@kth.se> + + * push.c: fixed one incorrect fprintf to stderr + +2003-03-18 Love Hörnquist Åstrand <lha@it.su.se> + + * push.c: add names of pop states, add some more debugging and use + fprintf(stderr) for all dbg stmts. + 2001-09-04 Assar Westerlund <assar@sics.se> * push.c (doit): check return values from snprintf being negative diff --git a/crypto/heimdal/appl/push/Makefile.in b/crypto/heimdal/appl/push/Makefile.in index 699a33a..992da1b 100644 --- a/crypto/heimdal/appl/push/Makefile.in +++ b/crypto/heimdal/appl/push/Makefile.in @@ -18,7 +18,7 @@ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -260,10 +261,10 @@ all: all-am .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign appl/push/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM) install-libexecPROGRAMS: $(libexec_PROGRAMS) @@ -535,7 +536,9 @@ info: info-am info-am: -install-data-am: install-data-local install-man +install-data-am: install-man + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: install-binSCRIPTS install-libexecPROGRAMS @$(NORMAL_INSTALL) @@ -566,15 +569,14 @@ uninstall-man: uninstall-man1 uninstall-man8 distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am info info-am install \ install-am install-binSCRIPTS install-data install-data-am \ - install-data-local install-exec install-exec-am install-info \ - install-info-am install-libexecPROGRAMS install-man \ - install-man1 install-man8 install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool tags uninstall \ - uninstall-am uninstall-binSCRIPTS uninstall-info-am \ - uninstall-libexecPROGRAMS uninstall-man uninstall-man1 \ - uninstall-man8 + install-exec install-exec-am install-info install-info-am \ + install-libexecPROGRAMS install-man install-man1 install-man8 \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + tags uninstall uninstall-am uninstall-binSCRIPTS \ + uninstall-info-am uninstall-libexecPROGRAMS uninstall-man \ + uninstall-man1 uninstall-man8 install-suid-programs: @@ -700,7 +702,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/appl/push/pfrom.1 b/crypto/heimdal/appl/push/pfrom.1 index ca80bc0..2d7983c 100644 --- a/crypto/heimdal/appl/push/pfrom.1 +++ b/crypto/heimdal/appl/push/pfrom.1 @@ -1,4 +1,35 @@ -.\" $Id: pfrom.1,v 1.4 2002/05/30 15:59:59 assar Exp $ +.\" Copyright (c) 2000 - 2002 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: pfrom.1,v 1.5 2003/02/16 21:10:11 lha Exp $ .\" .Dd March 4, 2000 .Dt PFROM 1 diff --git a/crypto/heimdal/appl/push/push.c b/crypto/heimdal/appl/push/push.c index 2f051ee..60d1654 100644 --- a/crypto/heimdal/appl/push/push.c +++ b/crypto/heimdal/appl/push/push.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2001, 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,7 +32,7 @@ */ #include "push_locl.h" -RCSID("$Id: push.c,v 1.45 2001/09/04 09:45:52 assar Exp $"); +RCSID("$Id: push.c,v 1.47 2003/04/04 02:10:17 assar Exp $"); #ifdef KRB4 static int use_v4 = -1; @@ -137,6 +137,11 @@ do_connect (const char *hostname, int port, int nodelay) typedef enum { INIT = 0, GREET, USER, PASS, STAT, RETR, TOP, DELE, XDELE, QUIT} pop_state; +static char *pop_state_string[] = { + "INIT", "GREET", "USER", "PASS", "STAT", "RETR", "TOP", + "DELE", "XDELE", "QUIT" +}; + #define PUSH_BUFSIZ 65536 #define STEP 16 @@ -267,7 +272,7 @@ doit(int s, if (net_write (s, out_buf, out_len) != out_len) err (1, "write"); if (verbose > 1) - write (STDERR_FILENO, out_buf, out_len); + fprintf (stderr, "%s", out_buf); if (!do_from) write_state_init (&write_state, out_fd); @@ -280,6 +285,13 @@ doit(int s, if (s >= FD_SETSIZE) errx (1, "fd too large"); FD_SET(s,&readset); + + if (verbose > 1) + fprintf (stderr, "state: %s count: %d asked_for: %d " + "retrieved: %d asked_deleted: %d\n", + pop_state_string[state], + count, asked_for, retrieved, asked_deleted); + if (((state == STAT || state == RETR || state == TOP) && asked_for < count) || (state == XDELE && !sent_xdele) @@ -331,7 +343,7 @@ doit(int s, state = QUIT; net_write (s, "QUIT\r\n", 6); if (verbose > 1) - net_write (STDERR_FILENO, "QUIT\r\n", 6); + fprintf (stderr, "QUIT\r\n"); } } rem -= p - beg + 2; @@ -354,7 +366,7 @@ doit(int s, state = QUIT; net_write (s, "QUIT\r\n", 6); if (verbose > 1) - net_write (STDERR_FILENO, "QUIT\r\n", 6); + fprintf (stderr, "QUIT\r\n"); } else { if (forkp) { pid_t pid; @@ -401,14 +413,14 @@ doit(int s, state = QUIT; net_write (s, "QUIT\r\n", 6); if (verbose > 1) - net_write (STDERR_FILENO, "QUIT\r\n", 6); + fprintf (stderr, "QUIT\r\n"); break; } else if (state == DELE) { if (++deleted == count) { state = QUIT; net_write (s, "QUIT\r\n", 6); if (verbose > 1) - net_write (STDERR_FILENO, "QUIT\r\n", 6); + fprintf (stderr, "QUIT\r\n"); break; } } else if (++state == STAT) { @@ -428,7 +440,7 @@ doit(int s, state = QUIT; net_write (s, "QUIT\r\n", 6); if (verbose > 1) - net_write (STDERR_FILENO, "QUIT\r\n", 6); + fprintf (stderr, "QUIT\r\n"); break; } } @@ -471,7 +483,7 @@ doit(int s, if (net_write (s, out_buf, out_len) != out_len) err (1, "write"); if (verbose > 1) - write (STDERR_FILENO, out_buf, out_len); + fprintf (stderr, "%s", out_buf); } } if (verbose) diff --git a/crypto/heimdal/appl/rcp/ChangeLog b/crypto/heimdal/appl/rcp/ChangeLog index eecb73d..6c830d6 100644 --- a/crypto/heimdal/appl/rcp/ChangeLog +++ b/crypto/heimdal/appl/rcp/ChangeLog @@ -1,3 +1,11 @@ +2003-04-16 Johan Danielsson <joda@pdc.kth.se> + + * rcp.1: add a HISTORY section + + * rcp.1: brief manpage + + * rcp.c: add a -4 option + 2001-09-24 Johan Danielsson <joda@pdc.kth.se> * rcp.c: more va_* fixing; from Thomas Klausner diff --git a/crypto/heimdal/appl/rcp/Makefile.in b/crypto/heimdal/appl/rcp/Makefile.in index 2efb884..23279b8 100644 --- a/crypto/heimdal/appl/rcp/Makefile.in +++ b/crypto/heimdal/appl/rcp/Makefile.in @@ -18,7 +18,7 @@ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -242,10 +243,10 @@ all: all-am .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign appl/rcp/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) binPROGRAMS_INSTALL = $(INSTALL_PROGRAM) install-binPROGRAMS: $(bin_PROGRAMS) @@ -416,7 +417,9 @@ info: info-am info-am: -install-data-am: install-data-local +install-data-am: + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: install-binPROGRAMS @$(NORMAL_INSTALL) @@ -444,12 +447,12 @@ uninstall-am: uninstall-binPROGRAMS uninstall-info-am distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am info info-am install \ install-am install-binPROGRAMS install-data install-data-am \ - install-data-local install-exec install-exec-am install-info \ - install-info-am install-man install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool tags uninstall \ - uninstall-am uninstall-binPROGRAMS uninstall-info-am + install-exec install-exec-am install-info install-info-am \ + install-man install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool tags uninstall uninstall-am \ + uninstall-binPROGRAMS uninstall-info-am install-suid-programs: @@ -575,7 +578,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/appl/rcp/rcp.1 b/crypto/heimdal/appl/rcp/rcp.1 new file mode 100644 index 0000000..5ce9527 --- /dev/null +++ b/crypto/heimdal/appl/rcp/rcp.1 @@ -0,0 +1,67 @@ +.\" $Id: rcp.1,v 1.2 2003/04/16 12:20:43 joda Exp $ +.\" +.Dd April 16, 2003 +.Dt RCP 1 +.Os HEIMDAL +.Sh NAME +.Nm rcp +.Nd +copy file to and from remote machines +.Sh SYNOPSIS +.Nm rcp +.Op Fl 45FKpxz +.Op Fl P Ar port +.Ar file1 file2 +.Nm rcp +.Op Fl 45FKprxz +.Op Fl P Ar port +.Ar file... directory +.Sh DESCRIPTION +.Nm rcp +copies files between machines. Each file argument is either a remote file name of the form +.Dq rname@rhost:path +or a local file (containing no colon or with a slash before the first +colon). +.Pp +Supported options: +.Bl -tag -width Ds +.It Xo +.Fl 4 , +.Fl 5 , +.Fl K , +.Fl F , +.Fl x , +.Fl z +.Xc +These options are passed on to +.Xr rsh 1 . +.It Fl P Ar port +This will pass the option +.Fl p Ar port +to +.Xr rsh 1 . +.It Fl p +Preserve file permissions. +.It Fl r +Copy source directories recursively. +.El +.\".Sh ENVIRONMENT +.\".Sh FILES +.\".Sh EXAMPLES +.Sh DIAGNOSTICS +.Nm rcp +is implemented as a protocol on top of +.Xr rsh 1 , +and thus requires a working rsh. If you intend to use Kerberos +authentication, rsh needs to be Kerberos aware, else you may see more +or less strange errors, such as "login incorrect", or "lost +connection". +.\".Sh SEE ALSO +.\".Sh STANDARDS +.Sh HISTORY +The +.Nm rcp +utility first appeared in 4.2BSD. This version is derived from +4.3BSD-Reno. +.\".Sh AUTHORS +.\".Sh BUGS diff --git a/crypto/heimdal/appl/rcp/rcp.c b/crypto/heimdal/appl/rcp/rcp.c index bfa700e..c54409a 100644 --- a/crypto/heimdal/appl/rcp/rcp.c +++ b/crypto/heimdal/appl/rcp/rcp.c @@ -41,7 +41,7 @@ uid_t userid; int errs, remin, remout; int pflag, iamremote, iamrecursive, targetshouldbedirectory; int doencrypt, noencrypt; -int usebroken, usekrb5, forwardtkt; +int usebroken, usekrb4, usekrb5, forwardtkt; char *port; #define CMDNEEDS 64 @@ -61,6 +61,7 @@ static int fflag, tflag; static int version_flag, help_flag; struct getargs args[] = { + { NULL, '4', arg_flag, &usekrb4, "use Kerberos 4 authentication" }, { NULL, '5', arg_flag, &usekrb5, "use Kerberos 5 authentication" }, { NULL, 'F', arg_flag, &forwardtkt, "forward credentials" }, { NULL, 'K', arg_flag, &usebroken, "use BSD authentication" }, @@ -751,6 +752,8 @@ do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout) i = 0; args[i++] = RSH_PROGRAM; + if (usekrb4) + args[i++] = "-4"; if (usekrb5) args[i++] = "-5"; if (usebroken) diff --git a/crypto/heimdal/appl/rsh/ChangeLog b/crypto/heimdal/appl/rsh/ChangeLog index ddac74f..1f33245 100644 --- a/crypto/heimdal/appl/rsh/ChangeLog +++ b/crypto/heimdal/appl/rsh/ChangeLog @@ -1,3 +1,32 @@ +2003-04-16 Johan Danielsson <joda@pdc.kth.se> + + * rsh.c: use krb5_appdefault to get defaults for forward and + encrypt + + * rshd.c: use ARG_MAX + 1 + + * rshd.c (read_str): return allocated string + + * rsh_locl.h: set NCARGS to 8k if undefined + +2003-03-23 Assar Westerlund <assar@kth.se> + + * rsh.c (loop): only check errsock if it's valid + +2003-03-18 Love Love Hörnquist Åstrand <lha@it.su.se> + + * rshd.c: do krb5_afslog when compling with afs support + + * rsh_locl.h: always include kafs.h + +2002-11-22 Johan Danielsson <joda@pdc.kth.se> + + * rshd.8: clarify -x and kerberos 5 + +2002-11-01 Johan Danielsson <joda@pdc.kth.se> + + * rsh_locl.h: bump COMMAND_SZ to NCARGS+1 + 2002-09-04 Johan Danielsson <joda@pdc.kth.se> * rsh.c: free some memory diff --git a/crypto/heimdal/appl/rsh/Makefile.in b/crypto/heimdal/appl/rsh/Makefile.in index c51a16e..cc8fda1 100644 --- a/crypto/heimdal/appl/rsh/Makefile.in +++ b/crypto/heimdal/appl/rsh/Makefile.in @@ -18,7 +18,7 @@ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -229,58 +230,38 @@ PROGRAMS = $(bin_PROGRAMS) $(libexec_PROGRAMS) am_rsh_OBJECTS = rsh.$(OBJEXT) common.$(OBJEXT) rsh_OBJECTS = $(am_rsh_OBJECTS) rsh_LDADD = $(LDADD) -@DCE_FALSE@@KRB4_FALSE@@KRB5_TRUE@rsh_DEPENDENCIES = \ -@DCE_FALSE@@KRB4_FALSE@@KRB5_TRUE@ $(top_builddir)/lib/krb5/libkrb5.la \ -@DCE_FALSE@@KRB4_FALSE@@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la -@DCE_FALSE@@KRB4_FALSE@@KRB5_FALSE@rsh_DEPENDENCIES = -@DCE_FALSE@@KRB4_TRUE@@KRB5_TRUE@rsh_DEPENDENCIES = \ -@DCE_FALSE@@KRB4_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/kafs/libkafs.la \ -@DCE_FALSE@@KRB4_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/krb5/libkrb5.la \ -@DCE_FALSE@@KRB4_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la -@DCE_FALSE@@KRB4_TRUE@@KRB5_FALSE@rsh_DEPENDENCIES = \ -@DCE_FALSE@@KRB4_TRUE@@KRB5_FALSE@ $(top_builddir)/lib/kafs/libkafs.la -@DCE_TRUE@@KRB4_FALSE@@KRB5_TRUE@rsh_DEPENDENCIES = \ -@DCE_TRUE@@KRB4_FALSE@@KRB5_TRUE@ $(top_builddir)/lib/krb5/libkrb5.la \ -@DCE_TRUE@@KRB4_FALSE@@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la \ -@DCE_TRUE@@KRB4_FALSE@@KRB5_TRUE@ $(top_builddir)/lib/kdfs/libkdfs.la -@DCE_TRUE@@KRB4_FALSE@@KRB5_FALSE@rsh_DEPENDENCIES = \ -@DCE_TRUE@@KRB4_FALSE@@KRB5_FALSE@ $(top_builddir)/lib/kdfs/libkdfs.la -@DCE_TRUE@@KRB4_TRUE@@KRB5_TRUE@rsh_DEPENDENCIES = \ -@DCE_TRUE@@KRB4_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/kafs/libkafs.la \ -@DCE_TRUE@@KRB4_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/krb5/libkrb5.la \ -@DCE_TRUE@@KRB4_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la \ -@DCE_TRUE@@KRB4_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/kdfs/libkdfs.la -@DCE_TRUE@@KRB4_TRUE@@KRB5_FALSE@rsh_DEPENDENCIES = \ -@DCE_TRUE@@KRB4_TRUE@@KRB5_FALSE@ $(top_builddir)/lib/kafs/libkafs.la \ -@DCE_TRUE@@KRB4_TRUE@@KRB5_FALSE@ $(top_builddir)/lib/kdfs/libkdfs.la +@DCE_FALSE@@KRB5_TRUE@rsh_DEPENDENCIES = \ +@DCE_FALSE@@KRB5_TRUE@ $(top_builddir)/lib/kafs/libkafs.la \ +@DCE_FALSE@@KRB5_TRUE@ $(top_builddir)/lib/krb5/libkrb5.la \ +@DCE_FALSE@@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la +@DCE_FALSE@@KRB5_FALSE@rsh_DEPENDENCIES = \ +@DCE_FALSE@@KRB5_FALSE@ $(top_builddir)/lib/kafs/libkafs.la +@DCE_TRUE@@KRB5_TRUE@rsh_DEPENDENCIES = \ +@DCE_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/kafs/libkafs.la \ +@DCE_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/krb5/libkrb5.la \ +@DCE_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la \ +@DCE_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/kdfs/libkdfs.la +@DCE_TRUE@@KRB5_FALSE@rsh_DEPENDENCIES = \ +@DCE_TRUE@@KRB5_FALSE@ $(top_builddir)/lib/kafs/libkafs.la \ +@DCE_TRUE@@KRB5_FALSE@ $(top_builddir)/lib/kdfs/libkdfs.la rsh_LDFLAGS = am_rshd_OBJECTS = rshd.$(OBJEXT) common.$(OBJEXT) login_access.$(OBJEXT) rshd_OBJECTS = $(am_rshd_OBJECTS) rshd_LDADD = $(LDADD) -@DCE_FALSE@@KRB4_FALSE@@KRB5_TRUE@rshd_DEPENDENCIES = \ -@DCE_FALSE@@KRB4_FALSE@@KRB5_TRUE@ $(top_builddir)/lib/krb5/libkrb5.la \ -@DCE_FALSE@@KRB4_FALSE@@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la -@DCE_FALSE@@KRB4_FALSE@@KRB5_FALSE@rshd_DEPENDENCIES = -@DCE_FALSE@@KRB4_TRUE@@KRB5_TRUE@rshd_DEPENDENCIES = \ -@DCE_FALSE@@KRB4_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/kafs/libkafs.la \ -@DCE_FALSE@@KRB4_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/krb5/libkrb5.la \ -@DCE_FALSE@@KRB4_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la -@DCE_FALSE@@KRB4_TRUE@@KRB5_FALSE@rshd_DEPENDENCIES = \ -@DCE_FALSE@@KRB4_TRUE@@KRB5_FALSE@ $(top_builddir)/lib/kafs/libkafs.la -@DCE_TRUE@@KRB4_FALSE@@KRB5_TRUE@rshd_DEPENDENCIES = \ -@DCE_TRUE@@KRB4_FALSE@@KRB5_TRUE@ $(top_builddir)/lib/krb5/libkrb5.la \ -@DCE_TRUE@@KRB4_FALSE@@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la \ -@DCE_TRUE@@KRB4_FALSE@@KRB5_TRUE@ $(top_builddir)/lib/kdfs/libkdfs.la -@DCE_TRUE@@KRB4_FALSE@@KRB5_FALSE@rshd_DEPENDENCIES = \ -@DCE_TRUE@@KRB4_FALSE@@KRB5_FALSE@ $(top_builddir)/lib/kdfs/libkdfs.la -@DCE_TRUE@@KRB4_TRUE@@KRB5_TRUE@rshd_DEPENDENCIES = \ -@DCE_TRUE@@KRB4_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/kafs/libkafs.la \ -@DCE_TRUE@@KRB4_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/krb5/libkrb5.la \ -@DCE_TRUE@@KRB4_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la \ -@DCE_TRUE@@KRB4_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/kdfs/libkdfs.la -@DCE_TRUE@@KRB4_TRUE@@KRB5_FALSE@rshd_DEPENDENCIES = \ -@DCE_TRUE@@KRB4_TRUE@@KRB5_FALSE@ $(top_builddir)/lib/kafs/libkafs.la \ -@DCE_TRUE@@KRB4_TRUE@@KRB5_FALSE@ $(top_builddir)/lib/kdfs/libkdfs.la +@DCE_FALSE@@KRB5_TRUE@rshd_DEPENDENCIES = \ +@DCE_FALSE@@KRB5_TRUE@ $(top_builddir)/lib/kafs/libkafs.la \ +@DCE_FALSE@@KRB5_TRUE@ $(top_builddir)/lib/krb5/libkrb5.la \ +@DCE_FALSE@@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la +@DCE_FALSE@@KRB5_FALSE@rshd_DEPENDENCIES = \ +@DCE_FALSE@@KRB5_FALSE@ $(top_builddir)/lib/kafs/libkafs.la +@DCE_TRUE@@KRB5_TRUE@rshd_DEPENDENCIES = \ +@DCE_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/kafs/libkafs.la \ +@DCE_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/krb5/libkrb5.la \ +@DCE_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la \ +@DCE_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/kdfs/libkdfs.la +@DCE_TRUE@@KRB5_FALSE@rshd_DEPENDENCIES = \ +@DCE_TRUE@@KRB5_FALSE@ $(top_builddir)/lib/kafs/libkafs.la \ +@DCE_TRUE@@KRB5_FALSE@ $(top_builddir)/lib/kdfs/libkdfs.la rshd_LDFLAGS = DEFS = @DEFS@ @@ -307,10 +288,10 @@ all: all-am .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign appl/rsh/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) binPROGRAMS_INSTALL = $(INSTALL_PROGRAM) install-binPROGRAMS: $(bin_PROGRAMS) @@ -590,7 +571,9 @@ info: info-am info-am: -install-data-am: install-data-local install-man +install-data-am: install-man + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: install-binPROGRAMS install-libexecPROGRAMS @$(NORMAL_INSTALL) @@ -621,10 +604,10 @@ uninstall-man: uninstall-man1 uninstall-man8 clean-libtool distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am info \ info-am install install-am install-binPROGRAMS install-data \ - install-data-am install-data-local install-exec install-exec-am \ - install-info install-info-am install-libexecPROGRAMS \ - install-man install-man1 install-man8 install-strip \ - installcheck installcheck-am installdirs maintainer-clean \ + install-data-am install-exec install-exec-am install-info \ + install-info-am install-libexecPROGRAMS install-man \ + install-man1 install-man8 install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool tags uninstall \ uninstall-am uninstall-binPROGRAMS uninstall-info-am \ @@ -755,7 +738,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/appl/rsh/rsh.1 b/crypto/heimdal/appl/rsh/rsh.1 index 46652d8..82c1f6c 100644 --- a/crypto/heimdal/appl/rsh/rsh.1 +++ b/crypto/heimdal/appl/rsh/rsh.1 @@ -1,4 +1,35 @@ -.\" $Id: rsh.1,v 1.4 2002/09/04 13:01:52 joda Exp $ +.\" Copyright (c) 2002 - 2003 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: rsh.1,v 1.6 2003/04/16 19:57:25 lha Exp $ .\" .Dd September 4, 2002 .Dt RSH 1 @@ -158,7 +189,7 @@ selects protocol version 2, while .Ar O and .Ar 1 -selects version 1. Version 2 is beleived to be more secure, and is the +selects version 1. Version 2 is believed to be more secure, and is the default. Unless asked for a specific version, .Nm will try both. This behaviour may change in the future. diff --git a/crypto/heimdal/appl/rsh/rsh.c b/crypto/heimdal/appl/rsh/rsh.c index 6ae9646..8af5096 100644 --- a/crypto/heimdal/appl/rsh/rsh.c +++ b/crypto/heimdal/appl/rsh/rsh.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,7 +32,7 @@ */ #include "rsh_locl.h" -RCSID("$Id: rsh.c,v 1.68 2002/09/04 21:40:04 joda Exp $"); +RCSID("$Id: rsh.c,v 1.71 2003/04/16 20:37:20 joda Exp $"); enum auth_method auth_method; #if defined(KRB4) || defined(KRB5) @@ -87,7 +87,7 @@ loop (int s, int errsock) init_ivecs(1); #endif - if (s >= FD_SETSIZE || errsock >= FD_SETSIZE) + if (s >= FD_SETSIZE || (errsock != -1 && errsock >= FD_SETSIZE)) errx (1, "fd too large"); FD_ZERO(&real_readset); @@ -167,7 +167,8 @@ send_krb4_auth(int s, int status; size_t len; - status = krb_sendauth (do_encrypt ? KOPT_DO_MUTUAL : 0, + /* the normal default for krb4 should be to disable encryption */ + status = krb_sendauth ((do_encrypt == 1) ? KOPT_DO_MUTUAL : 0, s, &text, "rcmd", (char *)hostname, krb_realmofhost (hostname), getpid(), &msg, &cred, schedule, @@ -304,6 +305,14 @@ send_krb5_auth(int s, return 1; } + if(do_encrypt == -1) { + krb5_appdefault_boolean(context, NULL, + krb5_principal_get_realm(context, server), + "encrypt", + FALSE, + &do_encrypt); + } + cksum_data.length = asprintf ((char **)&cksum_data.data, "%u:%s%s%s", ntohs(socket_get_port(thataddr)), @@ -343,6 +352,19 @@ send_krb5_auth(int s, NULL, NULL); + /* do this while we have a principal */ + if(do_forward == -1 || do_forwardable == -1) { + krb5_const_realm realm = krb5_principal_get_realm(context, server); + if (do_forwardable == -1) + krb5_appdefault_boolean(context, NULL, realm, + "forwardable", FALSE, + &do_forwardable); + if (do_forward == -1) + krb5_appdefault_boolean(context, NULL, realm, + "forward", FALSE, + &do_forward); + } + krb5_free_principal(context, server); krb5_data_free(&cksum_data); @@ -625,13 +647,23 @@ construct_command (char **res, int argc, char **argv) } static char * -print_addr (const struct sockaddr_in *sin) +print_addr (const struct sockaddr *sa) { char addr_str[256]; char *res; - - inet_ntop (AF_INET, &sin->sin_addr, addr_str, sizeof(addr_str)); - res = strdup(addr_str); + const char *as = NULL; + + if(sa->sa_family == AF_INET) + as = inet_ntop (sa->sa_family, &((struct sockaddr_in*)sa)->sin_addr, + addr_str, sizeof(addr_str)); +#ifdef HAVE_INET6 + else if(sa->sa_family == AF_INET6) + as = inet_ntop (sa->sa_family, &((struct sockaddr_in6*)sa)->sin6_addr, + addr_str, sizeof(addr_str)); +#endif + if(as == NULL) + return NULL; + res = strdup(as); if (res == NULL) errx (1, "malloc: out of memory"); return res; @@ -640,7 +672,7 @@ print_addr (const struct sockaddr_in *sin) static int doit_broken (int argc, char **argv, - int optind, + int hostindex, struct addrinfo *ai, const char *remote_user, const char *local_user, @@ -652,14 +684,16 @@ doit_broken (int argc, struct addrinfo *a; if (connect (priv_socket1, ai->ai_addr, ai->ai_addrlen) < 0) { - if (ai->ai_next == NULL) - return 1; - + int save_errno = errno; + close(priv_socket1); close(priv_socket2); for (a = ai->ai_next; a != NULL; a = a->ai_next) { pid_t pid; + char *adr = print_addr(a->ai_addr); + if(adr == NULL) + continue; pid = fork(); if (pid < 0) @@ -667,25 +701,25 @@ doit_broken (int argc, else if(pid == 0) { char **new_argv; int i = 0; - struct sockaddr_in *sin = (struct sockaddr_in *)a->ai_addr; new_argv = malloc((argc + 2) * sizeof(*new_argv)); if (new_argv == NULL) errx (1, "malloc: out of memory"); new_argv[i] = argv[i]; ++i; - if (optind == i) - new_argv[i++] = print_addr (sin); + if (hostindex == i) + new_argv[i++] = adr; new_argv[i++] = "-K"; for(; i <= argc; ++i) new_argv[i] = argv[i - 1]; - if (optind > 1) - new_argv[optind + 1] = print_addr(sin); + if (hostindex > 1) + new_argv[hostindex + 1] = adr; new_argv[argc + 1] = NULL; execv(PATH_RSH, new_argv); err(1, "execv(%s)", PATH_RSH); } else { int status; + free(adr); while(waitpid(pid, &status, 0) < 0) ; @@ -693,12 +727,14 @@ doit_broken (int argc, return 0; } } + errno = save_errno; + warn("%s", argv[hostindex]); return 1; } else { int ret; ret = proto (priv_socket1, priv_socket2, - argv[optind], + argv[hostindex], local_user, remote_user, cmd, cmd_len, send_broken_auth); @@ -841,7 +877,7 @@ main(int argc, char **argv) { int priv_port1, priv_port2; int priv_socket1, priv_socket2; - int optind = 0; + int argindex = 0; int error; struct addrinfo hints, *ai; int ret = 1; @@ -867,11 +903,11 @@ main(int argc, char **argv) if (argc >= 2 && argv[1][0] != '-') { host = argv[host_index = 1]; - optind = 1; + argindex = 1; } if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv, - &optind)) + &argindex)) usage (1); if (do_help) @@ -907,37 +943,12 @@ main(int argc, char **argv) else use_v5 = 0; } - - if (do_forwardable == -1) - do_forwardable = krb5_config_get_bool (context, NULL, - "libdefaults", - "forwardable", - NULL); - - if (do_forward == -1) - do_forward = krb5_config_get_bool (context, NULL, - "libdefaults", - "forward", - NULL); - else if (do_forward == 0) - do_forwardable = 0; - - if (do_forwardable) + + /* request for forwardable on the command line means we should + also forward */ + if (do_forwardable == 1) do_forward = 1; -#endif -#if defined(KRB4) || defined(KRB5) - if (do_encrypt == -1) { - /* we want to tell the -x flag from the default encryption - option */ -#ifdef KRB5 - /* the normal default for krb4 should be to disable encryption */ - if(!krb5_config_get_bool (context, NULL, - "libdefaults", - "encrypt", - NULL)) -#endif - do_encrypt = 0; - } + #endif #if defined(KRB4) && defined(KRB5) @@ -986,10 +997,10 @@ main(int argc, char **argv) #endif if (host == NULL) { - if (argc - optind < 1) + if (argc - argindex < 1) usage (1); else - host = argv[host_index = optind++]; + host = argv[host_index = argindex++]; } if((tmp = strchr(host, '@')) != NULL) { @@ -998,7 +1009,7 @@ main(int argc, char **argv) host = tmp; } - if (optind == argc) { + if (argindex == argc) { close (priv_socket1); close (priv_socket2); argv[0] = "rlogin"; @@ -1013,7 +1024,7 @@ main(int argc, char **argv) if (user == NULL) user = local_user; - cmd_len = construct_command(&cmd, argc - optind, argv + optind); + cmd_len = construct_command(&cmd, argc - argindex, argv + argindex); /* * Try all different authentication methods diff --git a/crypto/heimdal/appl/rsh/rsh_locl.h b/crypto/heimdal/appl/rsh/rsh_locl.h index 0d54a3e..151a888 100644 --- a/crypto/heimdal/appl/rsh/rsh_locl.h +++ b/crypto/heimdal/appl/rsh/rsh_locl.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: rsh_locl.h,v 1.28 2002/09/03 20:03:46 joda Exp $ */ +/* $Id: rsh_locl.h,v 1.33 2003/04/16 20:05:39 lha Exp $ */ #ifdef HAVE_CONFIG_H #include <config.h> @@ -78,6 +78,9 @@ #ifdef HAVE_NETDB_H #include <netdb.h> #endif +#ifdef HAVE_LIMITS_H +#include <limits.h> +#endif #include <errno.h> #ifdef HAVE_SYS_PARAM_H @@ -101,9 +104,7 @@ #include <krb5.h> #include <krb5-private.h> /* for _krb5_{get,put}_int */ #endif -#ifdef KRB4 #include <kafs.h> -#endif #ifndef _PATH_NOLOGIN #define _PATH_NOLOGIN "/etc/nologin" @@ -147,7 +148,9 @@ extern des_cblock iv; #define KCMD_NEW_VERSION "KCMDV0.2" #define USERNAME_SZ 16 -#define COMMAND_SZ 1024 +#ifndef ARG_MAX +#define ARG_MAX 8192 +#endif #define RSH_BUFSIZ (5 * 1024) /* MIT kcmd can't handle larger buffers */ diff --git a/crypto/heimdal/appl/rsh/rshd.8 b/crypto/heimdal/appl/rsh/rshd.8 index 22ad0fc..7c7a363 100644 --- a/crypto/heimdal/appl/rsh/rshd.8 +++ b/crypto/heimdal/appl/rsh/rshd.8 @@ -1,8 +1,37 @@ -.\" Things to fix: -.\" * remove Op from mandatory flags -.\" * use better macros for arguments (like .Pa for files) +.\" Copyright (c) 2001 - 2002 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. .\" -.Dd July 31, 2001 +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: rshd.8,v 1.7 2003/04/16 19:58:42 lha Exp $ +.\" +.Dd November 22, 2002 .Dt RSHD 8 .Os HEIMDAL .Sh NAME @@ -25,9 +54,9 @@ service. Supported options are: .Fl n , .Fl -no-keepalive .Xc -Disables keep-alive messages. Keep-alives are packets sent a certain -interval to make sure that the client is still there, even when it -doesn't send any data. +Disables keep-alive messages. +Keep-alives are packets sent at certain intervals to make sure that the +client is still there, even when it doesn't send any data. .It Xo .Fl k , .Fl -kerberos @@ -43,7 +72,10 @@ configuration. .Fl -encrypt .Xc For Kerberos 4 this means that the connections are encrypted. Kerberos -5 will negotiate encryption inline. This option implies +5 can negotiate encryption even without this option, but if it's +present +.Nm +will deny unencrypted connections. This option implies .Fl k . .\".It Xo .\".Fl l , diff --git a/crypto/heimdal/appl/rsh/rshd.c b/crypto/heimdal/appl/rsh/rshd.c index bec9bf4..c3c3d38 100644 --- a/crypto/heimdal/appl/rsh/rshd.c +++ b/crypto/heimdal/appl/rsh/rshd.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,7 +32,7 @@ */ #include "rsh_locl.h" -RCSID("$Id: rshd.c,v 1.47 2002/09/03 20:03:26 joda Exp $"); +RCSID("$Id: rshd.c,v 1.51 2003/04/16 19:50:49 joda Exp $"); int login_access( struct passwd *user, char *from); @@ -68,9 +68,7 @@ static int do_kerberos = 0; #define DO_KRB5 4 static int do_vacuous = 0; static int do_log = 1; -#ifdef KRB4 static int do_newpag = 1; -#endif static int do_addr_verify = 0; static int do_keepalive = 1; static int do_version; @@ -100,7 +98,7 @@ syslog_and_die (const char *m, ...) static void fatal (int, const char*, const char *, ...) - __attribute__ ((format (printf, 3, 4))); + __attribute__ ((noreturn, format (printf, 3, 4))); static void fatal (int sock, const char *what, const char *m, ...) @@ -122,38 +120,41 @@ fatal (int sock, const char *what, const char *m, ...) exit (1); } -static void -read_str (int s, char *str, size_t sz, char *expl) +static char * +read_str (int s, size_t sz, char *expl) { - while (sz > 0) { - if (net_read (s, str, 1) != 1) - syslog_and_die ("read: %m"); - if (*str == '\0') - return; - --sz; - ++str; + char *str = malloc(sz); + char *p = str; + if(str == NULL) + fatal(s, NULL, "%s too long", expl); + while(p < str + sz) { + if(net_read(s, p, 1) != 1) + syslog_and_die("read: %m"); + if(*p == '\0') + return str; + p++; } - fatal (s, NULL, "%s too long", expl); + fatal(s, NULL, "%s too long", expl); } static int recv_bsd_auth (int s, u_char *buf, struct sockaddr_in *thisaddr, struct sockaddr_in *thataddr, - char *client_username, - char *server_username, - char *cmd) + char **client_username, + char **server_username, + char **cmd) { struct passwd *pwd; - - read_str (s, client_username, USERNAME_SZ, "local username"); - read_str (s, server_username, USERNAME_SZ, "remote username"); - read_str (s, cmd, COMMAND_SZ, "command"); - pwd = getpwnam(server_username); + + *client_username = read_str (s, USERNAME_SZ, "local username"); + *server_username = read_str (s, USERNAME_SZ, "remote username"); + *cmd = read_str (s, ARG_MAX + 1, "command"); + pwd = getpwnam(*server_username); if (pwd == NULL) fatal(s, NULL, "Login incorrect."); if (iruserok(thataddr->sin_addr.s_addr, pwd->pw_uid == 0, - client_username, server_username)) + *client_username, *server_username)) fatal(s, NULL, "Login incorrect."); return 0; } @@ -163,9 +164,9 @@ static int recv_krb4_auth (int s, u_char *buf, struct sockaddr *thisaddr, struct sockaddr *thataddr, - char *client_username, - char *server_username, - char *cmd) + char **client_username, + char **server_username, + char **cmd) { int status; int32_t options; @@ -202,18 +203,18 @@ recv_krb4_auth (int s, u_char *buf, if (strncmp (version, KCMD_OLD_VERSION, KRB_SENDAUTH_VLEN) != 0) syslog_and_die ("bad version: %s", version); - read_str (s, server_username, USERNAME_SZ, "remote username"); - if (kuserok (&auth, server_username) != 0) + *server_username = read_str (s, USERNAME_SZ, "remote username"); + if (kuserok (&auth, *server_username) != 0) fatal (s, NULL, "Permission denied."); - read_str (s, cmd, COMMAND_SZ, "command"); + *cmd = read_str (s, ARG_MAX + 1, "command"); syslog(LOG_INFO|LOG_AUTH, "kerberos v4 shell from %s on %s as %s, cmd '%.80s'", krb_unparse_name_long(auth.pname, auth.pinst, auth.prealm), inet_ntoa(((struct sockaddr_in *)thataddr)->sin_addr), - server_username, - cmd); + *server_username, + *cmd); memcpy (iv, auth.session, sizeof(iv)); @@ -249,6 +250,9 @@ save_krb5_creds (int s, krb5_cc_initialize(context,ccache,client); ret = krb5_rd_cred2(context, auth_context, ccache, &remote_cred); + if(ret != 0) + syslog(LOG_INFO|LOG_AUTH, + "reading creds: %s", krb5_get_err_text(context, ret)); krb5_data_free (&remote_cred); if (ret) return 0; @@ -299,9 +303,9 @@ static int recv_krb5_auth (int s, u_char *buf, struct sockaddr *thisaddr, struct sockaddr *thataddr, - char *client_username, - char *server_username, - char *cmd) + char **client_username, + char **server_username, + char **cmd) { u_int32_t len; krb5_auth_context auth_context = NULL; @@ -343,9 +347,9 @@ recv_krb5_auth (int s, u_char *buf, syslog_and_die ("krb5_recvauth: %s", krb5_get_err_text(context, status)); - read_str (s, server_username, USERNAME_SZ, "remote username"); - read_str (s, cmd, COMMAND_SZ, "command"); - read_str (s, client_username, COMMAND_SZ, "local username"); + *server_username = read_str (s, USERNAME_SZ, "remote username"); + *cmd = read_str (s, ARG_MAX + 1, "command"); + *client_username = read_str (s, ARG_MAX + 1, "local username"); if(protocol_version == 2) { status = krb5_auth_con_getremotesubkey(context, auth_context, @@ -370,8 +374,8 @@ recv_krb5_auth (int s, u_char *buf, cksum_data.length = asprintf ((char **)&cksum_data.data, "%u:%s%s", ntohs(socket_get_port (thisaddr)), - cmd, - server_username); + *cmd, + *server_username); status = krb5_verify_authenticator_checksum(context, auth_context, @@ -384,38 +388,38 @@ recv_krb5_auth (int s, u_char *buf, free (cksum_data.data); - if (strncmp (client_username, "-u ", 3) == 0) { + if (strncmp (*client_username, "-u ", 3) == 0) { do_unique_tkfile = 1; - memmove (client_username, client_username + 3, - strlen(client_username) - 2); + memmove (*client_username, *client_username + 3, + strlen(*client_username) - 2); } - if (strncmp (client_username, "-U ", 3) == 0) { + if (strncmp (*client_username, "-U ", 3) == 0) { char *end, *temp_tkfile; do_unique_tkfile = 1; - if (strncmp (server_username + 3, "FILE:", 5) == 0) { + if (strncmp (*client_username + 3, "FILE:", 5) == 0) { temp_tkfile = tkfile; } else { strcpy (tkfile, "FILE:"); temp_tkfile = tkfile + 5; } - end = strchr(client_username + 3,' '); - strncpy(temp_tkfile, client_username + 3, end - client_username - 3); - temp_tkfile[end - client_username - 3] = '\0'; - memmove (client_username, end +1, strlen(end+1)+1); + end = strchr(*client_username + 3,' '); + strncpy(temp_tkfile, *client_username + 3, end - *client_username - 3); + temp_tkfile[end - *client_username - 3] = '\0'; + memmove (*client_username, end + 1, strlen(end+1)+1); } kerberos_status = save_krb5_creds (s, auth_context, ticket->client); if(!krb5_kuserok (context, - ticket->client, - server_username)) + ticket->client, + *server_username)) fatal (s, NULL, "Permission denied."); - if (strncmp (cmd, "-x ", 3) == 0) { + if (strncmp (*cmd, "-x ", 3) == 0) { do_encrypt = 1; - memmove (cmd, cmd + 3, strlen(cmd) - 2); + memmove (*cmd, *cmd + 3, strlen(*cmd) - 2); } else { if(do_encrypt) fatal (s, NULL, "Encryption is required."); @@ -438,8 +442,8 @@ recv_krb5_auth (int s, u_char *buf, "kerberos v5 shell from %s on %s as %s, cmd '%.80s'", name, addr_str, - server_username, - cmd); + *server_username, + *cmd); free (name); } } @@ -649,8 +653,7 @@ doit (void) socklen_t thisaddr_len, thataddr_len; int port; int errsock = -1; - char client_user[COMMAND_SZ], server_user[USERNAME_SZ]; - char cmd[COMMAND_SZ]; + char *client_user, *server_user, *cmd; struct passwd *pwd; int s = STDIN_FILENO; char **env; @@ -724,18 +727,18 @@ doit (void) #ifdef KRB4 if ((do_kerberos & DO_KRB4) && recv_krb4_auth (s, buf, thisaddr, thataddr, - client_user, - server_user, - cmd) == 0) + &client_user, + &server_user, + &cmd) == 0) auth_method = AUTH_KRB4; else #endif /* KRB4 */ #ifdef KRB5 if((do_kerberos & DO_KRB5) && recv_krb5_auth (s, buf, thisaddr, thataddr, - client_user, - server_user, - cmd) == 0) + &client_user, + &server_user, + &cmd) == 0) auth_method = AUTH_KRB5; else #endif /* KRB5 */ @@ -745,9 +748,9 @@ doit (void) if(recv_bsd_auth (s, buf, (struct sockaddr_in *)thisaddr, (struct sockaddr_in *)thataddr, - client_user, - server_user, - cmd) == 0) { + &client_user, + &server_user, + &cmd) == 0) { auth_method = AUTH_BROKEN; if(do_vacuous) { printf("Remote host requires Kerberos authentication\n"); @@ -864,16 +867,17 @@ doit (void) fatal (s, "net_write", "write failed"); } -#ifdef KRB4 +#if defined(KRB4) || defined(KRB5) if(k_hasafs()) { char cell[64]; if(do_newpag) k_setpag(); +#ifdef KRB4 if (k_afs_cell_of_file (pwd->pw_dir, cell, sizeof(cell)) == 0) krb_afslog_uid_home (cell, NULL, pwd->pw_uid, pwd->pw_dir); - krb_afslog_uid_home(NULL, NULL, pwd->pw_uid, pwd->pw_dir); +#endif #ifdef KRB5 /* XXX */ @@ -883,14 +887,17 @@ doit (void) status = krb5_cc_resolve (context, tkfile, &ccache); if (!status) { - krb5_afslog_uid_home(context,ccache,NULL,NULL, + if (k_afs_cell_of_file (pwd->pw_dir, cell, sizeof(cell)) == 0) + krb5_afslog_uid_home(context, ccache, cell, NULL, + pwd->pw_uid, pwd->pw_dir); + krb5_afslog_uid_home(context, ccache, NULL, NULL, pwd->pw_uid, pwd->pw_dir); krb5_cc_close (context, ccache); } } #endif /* KRB5 */ } -#endif /* KRB4 */ +#endif /* KRB5 || KRB4 */ execle (pwd->pw_shell, pwd->pw_shell, "-c", cmd, NULL, env); err(1, "exec %s", pwd->pw_shell); } diff --git a/crypto/heimdal/appl/su/ChangeLog b/crypto/heimdal/appl/su/ChangeLog index f8edb34..7420d85 100644 --- a/crypto/heimdal/appl/su/ChangeLog +++ b/crypto/heimdal/appl/su/ChangeLog @@ -1,3 +1,13 @@ +2003-05-06 Johan Danielsson <joda@pdc.kth.se> + + * su.c: remove accidentally committed code that prints the command + being executed + +2003-03-18 Love Hörnquist Åstrand <lha@it.su.se> + + * su.c (krb5_start_session): krb5_afslog doesn't depend on KRB4 + any more + 2002-02-19 Johan Danielsson <joda@pdc.kth.se> * su.c: make this build without krb5 diff --git a/crypto/heimdal/appl/su/Makefile.in b/crypto/heimdal/appl/su/Makefile.in index e5e7af8..a5495a6 100644 --- a/crypto/heimdal/appl/su/Makefile.in +++ b/crypto/heimdal/appl/su/Makefile.in @@ -18,7 +18,7 @@ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -222,11 +223,9 @@ PROGRAMS = $(bin_PROGRAMS) am_su_OBJECTS = su.$(OBJEXT) su_OBJECTS = $(am_su_OBJECTS) su_LDADD = $(LDADD) -@KRB4_TRUE@su_DEPENDENCIES = $(top_builddir)/lib/kafs/libkafs.la \ -@KRB4_TRUE@ $(top_builddir)/lib/krb5/libkrb5.la \ -@KRB4_TRUE@ $(top_builddir)/lib/asn1/libasn1.la -@KRB4_FALSE@su_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \ -@KRB4_FALSE@ $(top_builddir)/lib/asn1/libasn1.la +su_DEPENDENCIES = $(top_builddir)/lib/kafs/libkafs.la \ + $(top_builddir)/lib/krb5/libkrb5.la \ + $(top_builddir)/lib/asn1/libasn1.la su_LDFLAGS = DEFS = @DEFS@ @@ -252,10 +251,10 @@ all: all-am .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign appl/su/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) binPROGRAMS_INSTALL = $(INSTALL_PROGRAM) install-binPROGRAMS: $(bin_PROGRAMS) @@ -426,7 +425,9 @@ info: info-am info-am: -install-data-am: install-data-local +install-data-am: + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: install-binPROGRAMS @$(NORMAL_INSTALL) @@ -454,12 +455,12 @@ uninstall-am: uninstall-binPROGRAMS uninstall-info-am distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am info info-am install \ install-am install-binPROGRAMS install-data install-data-am \ - install-data-local install-exec install-exec-am install-info \ - install-info-am install-man install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool tags uninstall \ - uninstall-am uninstall-binPROGRAMS uninstall-info-am + install-exec install-exec-am install-info install-info-am \ + install-man install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool tags uninstall uninstall-am \ + uninstall-binPROGRAMS uninstall-info-am install-suid-programs: @@ -585,7 +586,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/appl/su/su.c b/crypto/heimdal/appl/su/su.c index 0750f4f..79324e9 100644 --- a/crypto/heimdal/appl/su/su.c +++ b/crypto/heimdal/appl/su/su.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,7 +32,7 @@ #include <config.h> -RCSID("$Id: su.c,v 1.25 2002/09/10 20:03:47 joda Exp $"); +RCSID("$Id: su.c,v 1.26.2.1 2003/05/06 12:06:44 joda Exp $"); #include <stdio.h> #include <stdlib.h> @@ -56,8 +56,8 @@ RCSID("$Id: su.c,v 1.25 2002/09/10 20:03:47 joda Exp $"); #endif #ifdef KRB4 #include <krb.h> -#include <kafs.h> #endif +#include <kafs.h> #include <err.h> #include <roken.h> #include <getarg.h> @@ -253,13 +253,11 @@ krb5_start_session(void) set_tkfile(); esetenv("KRBTKFILE", tkfile, 1); -#ifdef KRB4 /* convert creds? */ if(k_hasafs()) { if (k_setpag() == 0) krb5_afslog(context, ccache2, NULL, NULL); } -#endif krb5_cc_close(context, ccache2); krb5_cc_destroy(context, ccache); @@ -546,12 +544,6 @@ main(int argc, char **argv) if (ok == 4) krb_start_session(); #endif - { - char **p; - for(p = args; *p; p++) - printf("%s ", *p); - printf("\n"); - } execv(shell, args); } diff --git a/crypto/heimdal/appl/telnet/ChangeLog b/crypto/heimdal/appl/telnet/ChangeLog index d0c8894..f696871 100644 --- a/crypto/heimdal/appl/telnet/ChangeLog +++ b/crypto/heimdal/appl/telnet/ChangeLog @@ -1,10 +1,3 @@ -2002-10-21 Johan Danielsson <joda@pdc.kth.se> - - * libtelnet/kerberos5.c: pull up 1.52-1.53; also try to use the - session key (if this is really correct is beyond me, RFC2942 in - unclear on this point; - (kerberos5_is): check that the subkey is non-NULL - 2002-09-02 Johan Danielsson <joda@pdc.kth.se> * libtelnet/kerberos5.c: set AP_OPTS_USE_SUBKEY diff --git a/crypto/heimdal/appl/telnet/Makefile.in b/crypto/heimdal/appl/telnet/Makefile.in index 943254d..9eb725c 100644 --- a/crypto/heimdal/appl/telnet/Makefile.in +++ b/crypto/heimdal/appl/telnet/Makefile.in @@ -18,7 +18,7 @@ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -230,10 +231,10 @@ all: all-recursive .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign appl/telnet/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) mostlyclean-libtool: @@ -431,7 +432,9 @@ info: info-recursive info-am: -install-data-am: install-data-local +install-data-am: + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: @$(NORMAL_INSTALL) @@ -460,15 +463,15 @@ uninstall-info: uninstall-info-recursive distclean distclean-generic distclean-libtool \ distclean-recursive distclean-tags distdir dvi dvi-am \ dvi-recursive info info-am info-recursive install install-am \ - install-data install-data-am install-data-local \ - install-data-recursive install-exec install-exec-am \ - install-exec-recursive install-info install-info-am \ - install-info-recursive install-man install-recursive \ - install-strip installcheck installcheck-am installdirs \ - installdirs-am installdirs-recursive maintainer-clean \ - maintainer-clean-generic maintainer-clean-recursive mostlyclean \ - mostlyclean-generic mostlyclean-libtool mostlyclean-recursive \ - tags tags-recursive uninstall uninstall-am uninstall-info-am \ + install-data install-data-am install-data-recursive \ + install-exec install-exec-am install-exec-recursive \ + install-info install-info-am install-info-recursive install-man \ + install-recursive install-strip installcheck installcheck-am \ + installdirs installdirs-am installdirs-recursive \ + maintainer-clean maintainer-clean-generic \ + maintainer-clean-recursive mostlyclean mostlyclean-generic \ + mostlyclean-libtool mostlyclean-recursive tags tags-recursive \ + uninstall uninstall-am uninstall-info-am \ uninstall-info-recursive uninstall-recursive @@ -595,7 +598,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/appl/telnet/libtelnet/Makefile.in b/crypto/heimdal/appl/telnet/libtelnet/Makefile.in index 2b78505..4104da1 100644 --- a/crypto/heimdal/appl/telnet/libtelnet/Makefile.in +++ b/crypto/heimdal/appl/telnet/libtelnet/Makefile.in @@ -18,7 +18,7 @@ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -256,10 +257,10 @@ all: all-am .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign appl/telnet/libtelnet/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) AR = ar @@ -409,7 +410,9 @@ info: info-am info-am: -install-data-am: install-data-local +install-data-am: + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: @$(NORMAL_INSTALL) @@ -436,13 +439,12 @@ uninstall-am: uninstall-info-am clean-generic clean-libtool clean-noinstLIBRARIES distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am info info-am install \ - install-am install-data install-data-am install-data-local \ - install-exec install-exec-am install-info install-info-am \ - install-man install-strip installcheck installcheck-am \ - installdirs maintainer-clean maintainer-clean-generic \ - mostlyclean mostlyclean-compile mostlyclean-generic \ - mostlyclean-libtool tags uninstall uninstall-am \ - uninstall-info-am + install-am install-data install-data-am install-exec \ + install-exec-am install-info install-info-am install-man \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + tags uninstall uninstall-am uninstall-info-am install-suid-programs: @@ -568,7 +570,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/appl/telnet/libtelnet/kerberos5.c b/crypto/heimdal/appl/telnet/libtelnet/kerberos5.c index a4316fb..18677f2 100644 --- a/crypto/heimdal/appl/telnet/libtelnet/kerberos5.c +++ b/crypto/heimdal/appl/telnet/libtelnet/kerberos5.c @@ -53,7 +53,7 @@ #include <config.h> -RCSID("$Id: kerberos5.c,v 1.51.4.1 2002/10/21 14:28:31 joda Exp $"); +RCSID("$Id: kerberos5.c,v 1.53 2002/09/20 14:37:46 joda Exp $"); #ifdef KRB5 diff --git a/crypto/heimdal/appl/telnet/telnet/Makefile.in b/crypto/heimdal/appl/telnet/telnet/Makefile.in index 897cf3e..3a04cd4 100644 --- a/crypto/heimdal/appl/telnet/telnet/Makefile.in +++ b/crypto/heimdal/appl/telnet/telnet/Makefile.in @@ -18,7 +18,7 @@ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -268,10 +269,10 @@ all: all-am .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign appl/telnet/telnet/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) binPROGRAMS_INSTALL = $(INSTALL_PROGRAM) install-binPROGRAMS: $(bin_PROGRAMS) @@ -481,7 +482,9 @@ info: info-am info-am: -install-data-am: install-data-local install-man +install-data-am: install-man + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: install-binPROGRAMS @$(NORMAL_INSTALL) @@ -511,9 +514,9 @@ uninstall-man: uninstall-man1 distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am info info-am install \ install-am install-binPROGRAMS install-data install-data-am \ - install-data-local install-exec install-exec-am install-info \ - install-info-am install-man install-man1 install-strip \ - installcheck installcheck-am installdirs maintainer-clean \ + install-exec install-exec-am install-info install-info-am \ + install-man install-man1 install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool tags uninstall \ uninstall-am uninstall-binPROGRAMS uninstall-info-am \ @@ -643,7 +646,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/appl/telnet/telnetd/Makefile.in b/crypto/heimdal/appl/telnet/telnetd/Makefile.in index a947205..eabaabb 100644 --- a/crypto/heimdal/appl/telnet/telnetd/Makefile.in +++ b/crypto/heimdal/appl/telnet/telnetd/Makefile.in @@ -18,7 +18,7 @@ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -271,10 +272,10 @@ all: all-am .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign appl/telnet/telnetd/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM) install-libexecPROGRAMS: $(libexec_PROGRAMS) @@ -485,7 +486,9 @@ info: info-am info-am: -install-data-am: install-data-local install-man +install-data-am: install-man + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: install-libexecPROGRAMS @$(NORMAL_INSTALL) @@ -514,8 +517,8 @@ uninstall-man: uninstall-man8 clean-generic clean-libexecPROGRAMS clean-libtool distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am info info-am install \ - install-am install-data install-data-am install-data-local \ - install-exec install-exec-am install-info install-info-am \ + install-am install-data install-data-am install-exec \ + install-exec-am install-info install-info-am \ install-libexecPROGRAMS install-man install-man8 install-strip \ installcheck installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ @@ -647,7 +650,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/appl/test/Makefile.in b/crypto/heimdal/appl/test/Makefile.in index 932b267..097ba7d 100644 --- a/crypto/heimdal/appl/test/Makefile.in +++ b/crypto/heimdal/appl/test/Makefile.in @@ -18,7 +18,7 @@ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -327,10 +328,10 @@ all: all-am .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign appl/test/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) clean-noinstPROGRAMS: @@ -498,7 +499,9 @@ info: info-am info-am: -install-data-am: install-data-local +install-data-am: + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: @$(NORMAL_INSTALL) @@ -525,13 +528,12 @@ uninstall-am: uninstall-info-am clean-generic clean-libtool clean-noinstPROGRAMS distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am info info-am install \ - install-am install-data install-data-am install-data-local \ - install-exec install-exec-am install-info install-info-am \ - install-man install-strip installcheck installcheck-am \ - installdirs maintainer-clean maintainer-clean-generic \ - mostlyclean mostlyclean-compile mostlyclean-generic \ - mostlyclean-libtool tags uninstall uninstall-am \ - uninstall-info-am + install-am install-data install-data-am install-exec \ + install-exec-am install-info install-info-am install-man \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + tags uninstall uninstall-am uninstall-info-am install-suid-programs: @@ -657,7 +659,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/cf/ChangeLog b/crypto/heimdal/cf/ChangeLog index 5421d90..16787e1 100644 --- a/crypto/heimdal/cf/ChangeLog +++ b/crypto/heimdal/cf/ChangeLog @@ -1,3 +1,54 @@ +2003-05-08 Johan Danielsson <joda@pdc.kth.se> + + * Makefile.am.common: change install-data-local to + install-data-hook + +2003-05-05 Assar Westerlund <assar@kth.se> + + * crypto.m4: define OPENSSL_DES_LIBDES_COMPATIBILITY + +2003-04-03 Love Hörnquist Åstrand <lha@it.su.se> + + * crypto.m4: check if libcrypto needs -lnsl or -lsocket + +2003-04-02 Love Hörnquist Åstrand <lha@it.su.se> + + * crypto.m4: in the case where se don't link with kerberos 4, use + ${with_openssl_include} if its are set (not + ${with_openssl}/include) same for with_openssl_lib + +2003-03-18 Love Hörnquist Åstrand <lha@it.su.se> + + * Makefile.am.common: always define LIB_kafs + +2003-03-12 Love Hörnquist Åstrand <lha@it.su.se> + + * check-compile-et.m4: check if the output of compile_et needs + initialize_error_table_r + +2003-02-17 Love Hörnquist Åstrand <lha@it.su.se> + + * check-var.m4: add a check if the variable is avaible when we + include the headerfiles + +2002-12-18 Johan Danielsson <joda@pdc.kth.se> + + * roken-frag.m4: res_nsearch takes 6 parameters; spotted by Howard + Chu + +2002-10-25 Johan Danielsson <joda@pdc.kth.se> + + * crypto.m4: do a better job at matching headers to libraries + +2002-10-16 Johan Danielsson <joda@pdc.kth.se> + + * sunos.m4: more quoting + +2002-09-19 Johan Danielsson <joda@pdc.kth.se> + + * make-proto.pl: check the processed string for closing ), not the + source + 2002-09-10 Johan Danielsson <joda@pdc.kth.se> * crypto.m4: use m4 macros for test cases, also test for older diff --git a/crypto/heimdal/cf/Makefile.am.common b/crypto/heimdal/cf/Makefile.am.common index a59eed3..bd7a73d 100644 --- a/crypto/heimdal/cf/Makefile.am.common +++ b/crypto/heimdal/cf/Makefile.am.common @@ -1,4 +1,4 @@ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ AUTOMAKE_OPTIONS = foreign no-dependencies 1.6 @@ -190,7 +190,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: @@ -198,9 +198,7 @@ install-data-local: install-cat-mans .et.c: $(COMPILE_ET) $< -if KRB4 LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) -endif if KRB5 LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ diff --git a/crypto/heimdal/cf/check-compile-et.m4 b/crypto/heimdal/cf/check-compile-et.m4 index 080faeb..096b267 100644 --- a/crypto/heimdal/cf/check-compile-et.m4 +++ b/crypto/heimdal/cf/check-compile-et.m4 @@ -1,4 +1,4 @@ -dnl $Id: check-compile-et.m4,v 1.6 2001/09/02 17:08:48 assar Exp $ +dnl $Id: check-compile-et.m4,v 1.7 2003/03/12 16:48:52 lha Exp $ dnl dnl CHECK_COMPILE_ET AC_DEFUN([CHECK_COMPILE_ET], [ @@ -6,6 +6,7 @@ AC_DEFUN([CHECK_COMPILE_ET], [ AC_CHECK_PROG(COMPILE_ET, compile_et, [compile_et]) krb_cv_compile_et="no" +krb_cv_com_err_need_r="" if test "${COMPILE_ET}" = "compile_et"; then dnl We have compile_et. Now let's see if it supports `prefix' and `index'. @@ -34,6 +35,20 @@ int main(){return (CONFTEST_CODE2 - CONFTEST_CODE1) != 127;} ], [krb_cv_compile_et="yes"],[CPPFLAGS="${save_CPPFLAGS}"]) fi AC_MSG_RESULT(${krb_cv_compile_et}) +if test "${krb_cv_compile_et}" = "yes"; then + AC_MSG_CHECKING(for if com_err needs to have a initialize_error_table_r) + save2_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS" + AC_EGREP_CPP(initialize_error_table_r,[#include "conftest_et.c"], + [krb_cv_com_err_need_r="initialize_error_table_r(0,0,0,0);" + CPPFLAGS="$save2_CPPFLAGS"], + [CPPFLAGS="${save_CPPFLAGS}"]) + if test X"$krb_cv_com_err_need_r" = X ; then + AC_MSG_RESULT(no) + else + AC_MSG_RESULT(yes) + fi +fi rm -fr conftest* fi @@ -45,6 +60,7 @@ if test "${krb_cv_compile_et}" = "yes"; then AC_TRY_LINK([#include <com_err.h>],[ const char *p; p = error_message(0); + $krb_cv_com_err_need_r ],[krb_cv_com_err="yes"],[krb_cv_com_err="no"; CPPFLAGS="${save_CPPFLAGS}"]) AC_MSG_RESULT(${krb_cv_com_err}) LIBS="${krb_cv_save_LIBS}" diff --git a/crypto/heimdal/cf/check-var.m4 b/crypto/heimdal/cf/check-var.m4 index e409067..1960f72 100644 --- a/crypto/heimdal/cf/check-var.m4 +++ b/crypto/heimdal/cf/check-var.m4 @@ -1,13 +1,20 @@ -dnl $Id: check-var.m4,v 1.6 2001/08/21 12:00:16 joda Exp $ +dnl $Id: check-var.m4,v 1.7 2003/02/17 00:44:57 lha Exp $ dnl dnl rk_CHECK_VAR(variable, includes) AC_DEFUN([rk_CHECK_VAR], [ AC_MSG_CHECKING(for $1) AC_CACHE_VAL(ac_cv_var_$1, [ +m4_ifval([$2],[ + AC_TRY_LINK([$2 + void * foo() { return &$1; }], + [foo()], + ac_cv_var_$1=yes, ac_cv_var_$1=no)]) +if test "$ac_cv_var_$1" != yes ; then AC_TRY_LINK([extern int $1; int foo() { return $1; }], [foo()], ac_cv_var_$1=yes, ac_cv_var_$1=no) +fi ]) ac_foo=`eval echo \\$ac_cv_var_$1` AC_MSG_RESULT($ac_foo) @@ -19,4 +26,4 @@ fi ]) AC_WARNING_ENABLE([obsolete]) -AU_DEFUN([AC_CHECK_VAR], [rk_CHECK_VAR([$2], [$1])], [foo])
\ No newline at end of file +AU_DEFUN([AC_CHECK_VAR], [rk_CHECK_VAR([$2], [$1])], [foo]) diff --git a/crypto/heimdal/cf/crypto.m4 b/crypto/heimdal/cf/crypto.m4 index 4cd6ad0..c79ba4c 100644 --- a/crypto/heimdal/cf/crypto.m4 +++ b/crypto/heimdal/cf/crypto.m4 @@ -1,4 +1,4 @@ -dnl $Id: crypto.m4,v 1.13 2002/09/10 19:55:48 joda Exp $ +dnl $Id: crypto.m4,v 1.16.2.1 2003/05/05 20:08:32 joda Exp $ dnl dnl test for crypto libraries: dnl - libcrypto (from openssl) @@ -11,8 +11,10 @@ m4_define([test_headers], [ #include <openssl/md4.h> #include <openssl/md5.h> #include <openssl/sha.h> + #define OPENSSL_DES_LIBDES_COMPATIBILITY #include <openssl/des.h> #include <openssl/rc4.h> + #include <openssl/rand.h> #else #include <md4.h> #include <md5.h> @@ -44,6 +46,9 @@ m4_define([test_body], [ MD4_Init(&md4); MD5_Init(&md5); SHA1_Init(&sha1); + #ifdef HAVE_OPENSSL + RAND_status(); + #endif des_cbc_encrypt(0, 0, 0, schedule, 0, 0); RC4(0, 0, 0, 0);]) @@ -75,23 +80,31 @@ if test "$crypto_lib" = "unknown" -a "$with_krb4" != "no"; then ires= for i in $INCLUDE_krb4; do CFLAGS="-DHAVE_OPENSSL $i $save_CFLAGS" - AC_TRY_COMPILE(test_headers, test_body, - openssl=yes ires="$i"; break) + for j in $cdirs; do + for k in $clibs; do + LIBS="$j $k $save_LIBS" + AC_TRY_LINK(test_headers, test_body, + openssl=yes ires="$i" lres="$j $k"; break 3) + done + done CFLAGS="$i $save_CFLAGS" - AC_TRY_COMPILE(test_headers, test_body, - openssl=no ires="$i"; break) - CFLAGS="-DOLD_HASH_NAMES $i $save_CFLAGS" - AC_TRY_COMPILE(test_headers, test_body, - openssl=no ires="$i" old_hash=yes; break) - done - lres= - for i in $cdirs; do - for j in $clibs; do - LIBS="$i $j $save_LIBS" - AC_TRY_LINK(test_headers, test_body, - lres="$i $j"; break 2) + for j in $cdirs; do + for k in $clibs; do + LIBS="$j $k $save_LIBS" + AC_TRY_LINK(test_headers, test_body, + openssl=no ires="$i" lres="$j $k"; break 3) + done + done + CFLAGS="-DHAVE_OLD_HASH_NAMES $i $save_CFLAGS" + for j in $cdirs; do + for k in $clibs; do + LIBS="$j $k $save_LIBS" + AC_TRY_LINK(test_headers, test_body, + openssl=no ires="$i" lres="$j $k"; break 3) + done done done + CFLAGS="$save_CFLAGS" LIBS="$save_LIBS" if test "$ires" -a "$lres"; then @@ -111,21 +124,27 @@ if test "$crypto_lib" = "unknown" -a "$with_openssl" != "no"; then INCLUDE_des= LIB_des= if test "$with_openssl_include" != ""; then - INCLUDE_des="-I${with_openssl}/include" + INCLUDE_des="-I${with_openssl_include}" fi if test "$with_openssl_lib" != ""; then - LIB_des="-L${with_openssl}/lib" + LIB_des="-L${with_openssl_lib}" fi CFLAGS="-DHAVE_OPENSSL ${INCLUDE_des} ${CFLAGS}" - LIB_des="${LIB_des} -lcrypto" - LIB_des_a="$LIB_des" - LIB_des_so="$LIB_des" - LIB_des_appl="$LIB_des" - LIBS="${LIBS} ${LIB_des}" - AC_TRY_LINK(test_headers, test_body, [ - crypto_lib=libcrypto openssl=yes - AC_MSG_RESULT([libcrypto]) - ]) + saved_LIB_des="$LIB_des" + for lres in "" "-lnsl -lsocket"; do + LIB_des="${saved_LIB_des} -lcrypto $lres" + LIB_des_a="$LIB_des" + LIB_des_so="$LIB_des" + LIB_des_appl="$LIB_des" + LIBS="${LIBS} ${LIB_des}" + AC_TRY_LINK(test_headers, test_body, [ + crypto_lib=libcrypto openssl=yes + AC_MSG_RESULT([libcrypto]) + ]) + if test "$crypto_lib" = libcrypto ; then + break; + fi + done CFLAGS="$save_CFLAGS" LIBS="$save_LIBS" fi diff --git a/crypto/heimdal/cf/make-proto.pl b/crypto/heimdal/cf/make-proto.pl index dd386e4..769d96c 100644 --- a/crypto/heimdal/cf/make-proto.pl +++ b/crypto/heimdal/cf/make-proto.pl @@ -1,5 +1,5 @@ # Make prototypes from .c files -# $Id: make-proto.pl,v 1.15 2002/08/12 16:23:58 joda Exp $ +# $Id: make-proto.pl,v 1.16 2002/09/19 19:29:42 joda Exp $ ##use Getopt::Std; require 'getopts.pl'; @@ -49,9 +49,9 @@ while(<>) { s/\/\*(.|\n)*\ca//; } s/^\s*//; - s/\s$//; + s/\s*$//; s/\s+/ /g; - if($line =~ /\)\s$/){ + if($_ =~ /\)$/){ if(!/^static/ && !/^PRIVATE/){ if(/(.*)(__attribute__\s?\(.*\))/) { $attr = $2; diff --git a/crypto/heimdal/cf/roken-frag.m4 b/crypto/heimdal/cf/roken-frag.m4 index 21cf12c..fc263ad 100644 --- a/crypto/heimdal/cf/roken-frag.m4 +++ b/crypto/heimdal/cf/roken-frag.m4 @@ -1,4 +1,4 @@ -dnl $Id: roken-frag.m4,v 1.44 2002/09/04 20:57:30 joda Exp $ +dnl $Id: roken-frag.m4,v 1.45 2002/12/18 17:34:25 joda Exp $ dnl dnl some code to get roken working dnl @@ -143,7 +143,7 @@ AC_FIND_FUNC(res_nsearch, resolv, #include <resolv.h> #endif ], -[0,0,0,0,0]) +[0,0,0,0,0,0]) AC_FIND_FUNC(dn_expand, resolv, [ diff --git a/crypto/heimdal/cf/sunos.m4 b/crypto/heimdal/cf/sunos.m4 index c093278..6572d0b 100644 --- a/crypto/heimdal/cf/sunos.m4 +++ b/crypto/heimdal/cf/sunos.m4 @@ -1,5 +1,5 @@ dnl -dnl $Id: sunos.m4,v 1.1.4.1 2002/10/21 14:29:36 joda Exp $ +dnl $Id: sunos.m4,v 1.2 2002/10/16 14:42:13 joda Exp $ dnl AC_DEFUN([rk_SUNOS],[ diff --git a/crypto/heimdal/configure b/crypto/heimdal/configure index 59c2541..c2fecc8 100755 --- a/crypto/heimdal/configure +++ b/crypto/heimdal/configure @@ -1,7 +1,7 @@ #! /bin/sh -# From configure.in Revision: 1.325.2.2 . +# From configure.in Revision: 1.331.2.2 . # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.53 for Heimdal 0.5.1. +# Generated by GNU Autoconf 2.53 for Heimdal 0.6. # # Report bugs to <heimdal-bugs@pdc.kth.se>. # @@ -416,8 +416,8 @@ SHELL=${CONFIG_SHELL-/bin/sh} # Identity of this package. PACKAGE_NAME='Heimdal' PACKAGE_TARNAME='heimdal' -PACKAGE_VERSION='0.5.1' -PACKAGE_STRING='Heimdal 0.5.1' +PACKAGE_VERSION='0.6' +PACKAGE_STRING='Heimdal 0.6' PACKAGE_BUGREPORT='heimdal-bugs@pdc.kth.se' ac_unique_file="kuser/kinit.c" @@ -923,7 +923,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures Heimdal 0.5.1 to adapt to many kinds of systems. +\`configure' configures Heimdal 0.6 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -993,7 +993,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of Heimdal 0.5.1:";; + short | recursive ) echo "Configuration of Heimdal 0.6:";; esac cat <<\_ACEOF @@ -1002,6 +1002,8 @@ Optional Features: --enable-FEATURE[=ARG] include FEATURE [ARG=yes] --disable-dependency-tracking Speeds up one-time builds --enable-dependency-tracking Do not reject slow dependency extractors + --enable-maintainer-mode enable make rules and dependencies not useful + (and sometimes confusing) to the casual installer --disable-largefile omit support for large files --enable-shared=PKGS build shared libraries default=no --enable-static=PKGS build static libraries default=yes @@ -1127,7 +1129,7 @@ fi test -n "$ac_init_help" && exit 0 if $ac_init_version; then cat <<\_ACEOF -Heimdal configure 0.5.1 +Heimdal configure 0.6 generated by GNU Autoconf 2.53 Copyright 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, 2002 @@ -1142,7 +1144,7 @@ cat >&5 <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by Heimdal $as_me 0.5.1, which was +It was created by Heimdal $as_me 0.6, which was generated by GNU Autoconf 2.53. Invocation command line was $ $0 $@ @@ -2812,7 +2814,7 @@ fi # Define the identity of the package. PACKAGE=heimdal - VERSION=0.5.1 + VERSION=0.6 cat >>confdefs.h <<_ACEOF @@ -3007,6 +3009,30 @@ CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type +echo "$as_me:$LINENO: checking whether to enable maintainer-specific portions of Makefiles" >&5 +echo $ECHO_N "checking whether to enable maintainer-specific portions of Makefiles... $ECHO_C" >&6 + # Check whether --enable-maintainer-mode or --disable-maintainer-mode was given. +if test "${enable_maintainer_mode+set}" = set; then + enableval="$enable_maintainer_mode" + USE_MAINTAINER_MODE=$enableval +else + USE_MAINTAINER_MODE=no +fi; + echo "$as_me:$LINENO: result: $USE_MAINTAINER_MODE" >&5 +echo "${ECHO_T}$USE_MAINTAINER_MODE" >&6 + + +if test $USE_MAINTAINER_MODE = yes; then + MAINTAINER_MODE_TRUE= + MAINTAINER_MODE_FALSE='#' +else + MAINTAINER_MODE_TRUE='#' + MAINTAINER_MODE_FALSE= +fi + + MAINT=$MAINTAINER_MODE_TRUE + + @@ -3383,6 +3409,9 @@ fi rm -f conftest* fi +if test "$enable_largefile" != no -a "$ac_cv_sys_large_files" != no; then + CPPFLAGS="$CPPFLAGS -D_LARGE_FILES=$ac_cv_sys_large_files" +fi cat >>confdefs.h <<\_ACEOF @@ -5236,7 +5265,7 @@ test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes case $host in *-*-irix6*) # Find out which ABI we are using. - echo '#line 5239 "configure"' > conftest.$ac_ext + echo '#line 5268 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -5772,7 +5801,7 @@ chmod -w . save_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS -o out/conftest2.$ac_objext" compiler_c_o=no -if { (eval echo configure:5775: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>out/conftest.err; } && test -s out/conftest2.$ac_objext; then +if { (eval echo configure:5804: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>out/conftest.err; } && test -s out/conftest2.$ac_objext; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings if test -s out/conftest.err; then @@ -7565,7 +7594,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<EOF -#line 7568 "configure" +#line 7597 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -7663,7 +7692,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<EOF -#line 7666 "configure" +#line 7695 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -10253,7 +10282,10 @@ if test "$crypto_lib" = "unknown" -a "$with_krb4" != "no"; then ires= for i in $INCLUDE_krb4; do CFLAGS="-DHAVE_OPENSSL $i $save_CFLAGS" - cat >conftest.$ac_ext <<_ACEOF + for j in $cdirs; do + for k in $clibs; do + LIBS="$j $k $save_LIBS" + cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" #include "confdefs.h" @@ -10262,8 +10294,10 @@ if test "$crypto_lib" = "unknown" -a "$with_krb4" != "no"; then #include <openssl/md4.h> #include <openssl/md5.h> #include <openssl/sha.h> + #define OPENSSL_DES_LIBDES_COMPATIBILITY #include <openssl/des.h> #include <openssl/rc4.h> + #include <openssl/rand.h> #else #include <md4.h> #include <md5.h> @@ -10304,6 +10338,9 @@ main () MD4_Init(&md4); MD5_Init(&md5); SHA1_Init(&sha1); + #ifdef HAVE_OPENSSL + RAND_status(); + #endif des_cbc_encrypt(0, 0, 0, schedule, 0, 0); RC4(0, 0, 0, 0); @@ -10311,26 +10348,31 @@ main () return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 - (eval $ac_compile) 2>&5 +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -s conftest.$ac_objext' + { ac_try='test -s conftest$ac_exeext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then - openssl=yes ires="$i"; break + openssl=yes ires="$i" lres="$j $k"; break 3 else echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 fi -rm -f conftest.$ac_objext conftest.$ac_ext +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext + done + done CFLAGS="$i $save_CFLAGS" - cat >conftest.$ac_ext <<_ACEOF + for j in $cdirs; do + for k in $clibs; do + LIBS="$j $k $save_LIBS" + cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" #include "confdefs.h" @@ -10339,8 +10381,10 @@ rm -f conftest.$ac_objext conftest.$ac_ext #include <openssl/md4.h> #include <openssl/md5.h> #include <openssl/sha.h> + #define OPENSSL_DES_LIBDES_COMPATIBILITY #include <openssl/des.h> #include <openssl/rc4.h> + #include <openssl/rand.h> #else #include <md4.h> #include <md5.h> @@ -10381,114 +10425,41 @@ main () MD4_Init(&md4); MD5_Init(&md5); SHA1_Init(&sha1); - - des_cbc_encrypt(0, 0, 0, schedule, 0, 0); - RC4(0, 0, 0, 0); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 - (eval $ac_compile) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && - { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - openssl=no ires="$i"; break -else - echo "$as_me: failed program was:" >&5 -cat conftest.$ac_ext >&5 -fi -rm -f conftest.$ac_objext conftest.$ac_ext - CFLAGS="-DOLD_HASH_NAMES $i $save_CFLAGS" - cat >conftest.$ac_ext <<_ACEOF -#line $LINENO "configure" -#include "confdefs.h" - - #undef KRB5 /* makes md4.h et al unhappy */ #ifdef HAVE_OPENSSL - #include <openssl/md4.h> - #include <openssl/md5.h> - #include <openssl/sha.h> - #include <openssl/des.h> - #include <openssl/rc4.h> - #else - #include <md4.h> - #include <md5.h> - #include <sha.h> - #include <des.h> - #include <rc4.h> - #endif - #ifdef OLD_HASH_NAMES - typedef struct md4 MD4_CTX; - #define MD4_Init(C) md4_init((C)) - #define MD4_Update(C, D, L) md4_update((C), (D), (L)) - #define MD4_Final(D, C) md4_finito((C), (D)) - typedef struct md5 MD5_CTX; - #define MD5_Init(C) md5_init((C)) - #define MD5_Update(C, D, L) md5_update((C), (D), (L)) - #define MD5_Final(D, C) md5_finito((C), (D)) - typedef struct sha SHA_CTX; - #define SHA1_Init(C) sha_init((C)) - #define SHA1_Update(C, D, L) sha_update((C), (D), (L)) - #define SHA1_Final(D, C) sha_finito((C), (D)) + RAND_status(); #endif -#ifdef F77_DUMMY_MAIN -# ifdef __cplusplus - extern "C" -# endif - int F77_DUMMY_MAIN() { return 1; } -#endif -int -main () -{ - - void *schedule = 0; - MD4_CTX md4; - MD5_CTX md5; - SHA_CTX sha1; - - MD4_Init(&md4); - MD5_Init(&md5); - SHA1_Init(&sha1); - des_cbc_encrypt(0, 0, 0, schedule, 0, 0); RC4(0, 0, 0, 0); ; return 0; } _ACEOF -rm -f conftest.$ac_objext -if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 - (eval $ac_compile) 2>&5 +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && - { ac_try='test -s conftest.$ac_objext' + { ac_try='test -s conftest$ac_exeext' { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then - openssl=no ires="$i" old_hash=yes; break + openssl=no ires="$i" lres="$j $k"; break 3 else echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 fi -rm -f conftest.$ac_objext conftest.$ac_ext - done - lres= - for i in $cdirs; do - for j in $clibs; do - LIBS="$i $j $save_LIBS" - cat >conftest.$ac_ext <<_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext + done + done + CFLAGS="-DHAVE_OLD_HASH_NAMES $i $save_CFLAGS" + for j in $cdirs; do + for k in $clibs; do + LIBS="$j $k $save_LIBS" + cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" #include "confdefs.h" @@ -10497,8 +10468,10 @@ rm -f conftest.$ac_objext conftest.$ac_ext #include <openssl/md4.h> #include <openssl/md5.h> #include <openssl/sha.h> + #define OPENSSL_DES_LIBDES_COMPATIBILITY #include <openssl/des.h> #include <openssl/rc4.h> + #include <openssl/rand.h> #else #include <md4.h> #include <md5.h> @@ -10539,6 +10512,9 @@ main () MD4_Init(&md4); MD5_Init(&md5); SHA1_Init(&sha1); + #ifdef HAVE_OPENSSL + RAND_status(); + #endif des_cbc_encrypt(0, 0, 0, schedule, 0, 0); RC4(0, 0, 0, 0); @@ -10558,14 +10534,16 @@ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then - lres="$i $j"; break 2 + openssl=no ires="$i" lres="$j $k"; break 3 else echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext + done done done + CFLAGS="$save_CFLAGS" LIBS="$save_LIBS" if test "$ires" -a "$lres"; then @@ -10586,18 +10564,20 @@ if test "$crypto_lib" = "unknown" -a "$with_openssl" != "no"; then INCLUDE_des= LIB_des= if test "$with_openssl_include" != ""; then - INCLUDE_des="-I${with_openssl}/include" + INCLUDE_des="-I${with_openssl_include}" fi if test "$with_openssl_lib" != ""; then - LIB_des="-L${with_openssl}/lib" + LIB_des="-L${with_openssl_lib}" fi CFLAGS="-DHAVE_OPENSSL ${INCLUDE_des} ${CFLAGS}" - LIB_des="${LIB_des} -lcrypto" - LIB_des_a="$LIB_des" - LIB_des_so="$LIB_des" - LIB_des_appl="$LIB_des" - LIBS="${LIBS} ${LIB_des}" - cat >conftest.$ac_ext <<_ACEOF + saved_LIB_des="$LIB_des" + for lres in "" "-lnsl -lsocket"; do + LIB_des="${saved_LIB_des} -lcrypto $lres" + LIB_des_a="$LIB_des" + LIB_des_so="$LIB_des" + LIB_des_appl="$LIB_des" + LIBS="${LIBS} ${LIB_des}" + cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" #include "confdefs.h" @@ -10606,8 +10586,10 @@ if test "$crypto_lib" = "unknown" -a "$with_openssl" != "no"; then #include <openssl/md4.h> #include <openssl/md5.h> #include <openssl/sha.h> + #define OPENSSL_DES_LIBDES_COMPATIBILITY #include <openssl/des.h> #include <openssl/rc4.h> + #include <openssl/rand.h> #else #include <md4.h> #include <md5.h> @@ -10648,6 +10630,9 @@ main () MD4_Init(&md4); MD5_Init(&md5); SHA1_Init(&sha1); + #ifdef HAVE_OPENSSL + RAND_status(); + #endif des_cbc_encrypt(0, 0, 0, schedule, 0, 0); RC4(0, 0, 0, 0); @@ -10668,8 +10653,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then - crypto_lib=libcrypto openssl=yes - echo "$as_me:$LINENO: result: libcrypto" >&5 + crypto_lib=libcrypto openssl=yes + echo "$as_me:$LINENO: result: libcrypto" >&5 echo "${ECHO_T}libcrypto" >&6 else @@ -10677,6 +10662,10 @@ else cat conftest.$ac_ext >&5 fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext + if test "$crypto_lib" = libcrypto ; then + break; + fi + done CFLAGS="$save_CFLAGS" LIBS="$save_LIBS" fi @@ -15389,7 +15378,7 @@ if eval "test \"\$ac_cv_func_res_nsearch\" != yes" ; then int main () { -res_nsearch(0,0,0,0,0) +res_nsearch(0,0,0,0,0,0) ; return 0; } @@ -15754,6 +15743,58 @@ if test "${ac_cv_var__res+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else + + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +#include "confdefs.h" +#include <stdio.h> +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif +#ifdef HAVE_ARPA_NAMESER_H +#include <arpa/nameser.h> +#endif +#ifdef HAVE_RESOLV_H +#include <resolv.h> +#endif + void * foo() { return &_res; } +#ifdef F77_DUMMY_MAIN +# ifdef __cplusplus + extern "C" +# endif + int F77_DUMMY_MAIN() { return 1; } +#endif +int +main () +{ +foo() + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_var__res=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_var__res=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +if test "$ac_cv_var__res" != yes ; then cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" #include "confdefs.h" @@ -15792,6 +15833,7 @@ cat conftest.$ac_ext >&5 ac_cv_var__res=no fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi fi @@ -25440,6 +25482,51 @@ if test "${ac_cv_var_h_errno+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else + + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +#include "confdefs.h" +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_NETDB_H +#include <netdb.h> +#endif + void * foo() { return &h_errno; } +#ifdef F77_DUMMY_MAIN +# ifdef __cplusplus + extern "C" +# endif + int F77_DUMMY_MAIN() { return 1; } +#endif +int +main () +{ +foo() + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_var_h_errno=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_var_h_errno=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +if test "$ac_cv_var_h_errno" != yes ; then cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" #include "confdefs.h" @@ -25478,6 +25565,7 @@ cat conftest.$ac_ext >&5 ac_cv_var_h_errno=no fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi fi @@ -25567,6 +25655,48 @@ if test "${ac_cv_var_h_errlist+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else + + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +#include "confdefs.h" +#ifdef HAVE_NETDB_H +#include <netdb.h> +#endif + void * foo() { return &h_errlist; } +#ifdef F77_DUMMY_MAIN +# ifdef __cplusplus + extern "C" +# endif + int F77_DUMMY_MAIN() { return 1; } +#endif +int +main () +{ +foo() + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_var_h_errlist=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_var_h_errlist=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +if test "$ac_cv_var_h_errlist" != yes ; then cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" #include "confdefs.h" @@ -25605,6 +25735,7 @@ cat conftest.$ac_ext >&5 ac_cv_var_h_errlist=no fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi fi @@ -25691,6 +25822,48 @@ if test "${ac_cv_var_h_nerr+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else + + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +#include "confdefs.h" +#ifdef HAVE_NETDB_H +#include <netdb.h> +#endif + void * foo() { return &h_nerr; } +#ifdef F77_DUMMY_MAIN +# ifdef __cplusplus + extern "C" +# endif + int F77_DUMMY_MAIN() { return 1; } +#endif +int +main () +{ +foo() + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_var_h_nerr=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_var_h_nerr=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +if test "$ac_cv_var_h_nerr" != yes ; then cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" #include "confdefs.h" @@ -25729,6 +25902,7 @@ cat conftest.$ac_ext >&5 ac_cv_var_h_nerr=no fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi fi @@ -25815,6 +25989,48 @@ if test "${ac_cv_var___progname+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else + + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +#include "confdefs.h" +#ifdef HAVE_ERR_H +#include <err.h> +#endif + void * foo() { return &__progname; } +#ifdef F77_DUMMY_MAIN +# ifdef __cplusplus + extern "C" +# endif + int F77_DUMMY_MAIN() { return 1; } +#endif +int +main () +{ +foo() + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_var___progname=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_var___progname=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +if test "$ac_cv_var___progname" != yes ; then cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" #include "confdefs.h" @@ -25853,6 +26069,7 @@ cat conftest.$ac_ext >&5 ac_cv_var___progname=no fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi fi @@ -26384,6 +26601,46 @@ if test "${ac_cv_var_timezone+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else + + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +#include "confdefs.h" +#include <time.h> + void * foo() { return &timezone; } +#ifdef F77_DUMMY_MAIN +# ifdef __cplusplus + extern "C" +# endif + int F77_DUMMY_MAIN() { return 1; } +#endif +int +main () +{ +foo() + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_var_timezone=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_var_timezone=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +if test "$ac_cv_var_timezone" != yes ; then cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" #include "confdefs.h" @@ -26422,6 +26679,7 @@ cat conftest.$ac_ext >&5 ac_cv_var_timezone=no fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi fi @@ -26505,6 +26763,46 @@ if test "${ac_cv_var_altzone+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else + + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +#include "confdefs.h" +#include <time.h> + void * foo() { return &altzone; } +#ifdef F77_DUMMY_MAIN +# ifdef __cplusplus + extern "C" +# endif + int F77_DUMMY_MAIN() { return 1; } +#endif +int +main () +{ +foo() + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_var_altzone=yes +else + echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 +ac_cv_var_altzone=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +if test "$ac_cv_var_altzone" != yes ; then cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" #include "confdefs.h" @@ -26543,6 +26841,7 @@ cat conftest.$ac_ext >&5 ac_cv_var_altzone=no fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +fi fi @@ -35486,6 +35785,7 @@ fi krb_cv_compile_et="no" +krb_cv_com_err_need_r="" if test "${COMPILE_ET}" = "compile_et"; then echo "$as_me:$LINENO: checking whether compile_et has the features we need" >&5 @@ -35543,6 +35843,33 @@ fi fi echo "$as_me:$LINENO: result: ${krb_cv_compile_et}" >&5 echo "${ECHO_T}${krb_cv_compile_et}" >&6 +if test "${krb_cv_compile_et}" = "yes"; then + echo "$as_me:$LINENO: checking for if com_err needs to have a initialize_error_table_r" >&5 +echo $ECHO_N "checking for if com_err needs to have a initialize_error_table_r... $ECHO_C" >&6 + save2_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS" + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +#include "confdefs.h" +#include "conftest_et.c" +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "initialize_error_table_r" >/dev/null 2>&1; then + krb_cv_com_err_need_r="initialize_error_table_r(0,0,0,0);" + CPPFLAGS="$save2_CPPFLAGS" +else + CPPFLAGS="${save_CPPFLAGS}" +fi +rm -f conftest* + + if test X"$krb_cv_com_err_need_r" = X ; then + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 + else + echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6 + fi +fi rm -fr conftest* fi @@ -35567,6 +35894,7 @@ main () const char *p; p = error_message(0); + $krb_cv_com_err_need_r ; return 0; @@ -35830,6 +36158,13 @@ echo "$as_me: error: conditional \"AMDEP\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi +if test -z "${MAINTAINER_MODE_TRUE}" && test -z "${MAINTAINER_MODE_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"MAINTAINER_MODE\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"MAINTAINER_MODE\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi if test -z "${KRB4_TRUE}" && test -z "${KRB4_FALSE}"; then { { echo "$as_me:$LINENO: error: conditional \"KRB4\" was never defined. Usually this means the macro was only invoked conditionally." >&5 @@ -36240,7 +36575,7 @@ _ASBOX } >&5 cat >&5 <<_CSEOF -This file was extended by Heimdal $as_me 0.5.1, which was +This file was extended by Heimdal $as_me 0.6, which was generated by GNU Autoconf 2.53. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -36302,7 +36637,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF ac_cs_version="\\ -Heimdal config.status 0.5.1 +Heimdal config.status 0.6 configured by $0, generated by GNU Autoconf 2.53, with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\" @@ -36564,6 +36899,9 @@ s,@AMDEP_TRUE@,$AMDEP_TRUE,;t t s,@AMDEP_FALSE@,$AMDEP_FALSE,;t t s,@AMDEPBACKSLASH@,$AMDEPBACKSLASH,;t t s,@CCDEPMODE@,$CCDEPMODE,;t t +s,@MAINTAINER_MODE_TRUE@,$MAINTAINER_MODE_TRUE,;t t +s,@MAINTAINER_MODE_FALSE@,$MAINTAINER_MODE_FALSE,;t t +s,@MAINT@,$MAINT,;t t s,@build@,$build,;t t s,@build_cpu@,$build_cpu,;t t s,@build_vendor@,$build_vendor,;t t @@ -37305,7 +37643,7 @@ fi cat > include/newversion.h.in <<EOF const char *heimdal_long_version = "@(#)\$Version: $PACKAGE_STRING by @USER@ on @HOST@ ($host) @DATE@ \$"; -const char *heimdal_version = "Heimdal 0.5.1"; +const char *heimdal_version = "Heimdal 0.6"; EOF if test -f include/version.h && cmp -s include/newversion.h.in include/version.h.in; then diff --git a/crypto/heimdal/configure.in b/crypto/heimdal/configure.in index a7700af..fcd448f 100644 --- a/crypto/heimdal/configure.in +++ b/crypto/heimdal/configure.in @@ -1,8 +1,8 @@ dnl Process this file with autoconf to produce a configure script. -AC_REVISION($Revision: 1.325.2.2 $) +AC_REVISION($Revision: 1.331.2.2 $) AC_PREREQ(2.53) -#test -z "$CFLAGS" && CFLAGS="-g" -AC_INIT(Heimdal, 0.5.1, heimdal-bugs@pdc.kth.se) +##test -z "$CFLAGS" && CFLAGS="-g" +AC_INIT(Heimdal, 0.6, heimdal-bugs@pdc.kth.se) AC_CONFIG_SRCDIR([kuser/kinit.c]) AM_CONFIG_HEADER(include/config.h) @@ -12,6 +12,7 @@ AC_PROG_CPP AC_PROG_CC_STDC AM_INIT_AUTOMAKE +AM_MAINTAINER_MODE AC_PREFIX_DEFAULT(/usr/heimdal) @@ -23,6 +24,11 @@ CANONICAL_HOST=$host AC_SUBST(CANONICAL_HOST) AC_SYS_LARGEFILE +dnl need to set this on the command line, since it might otherwise break +dnl with generated code, such as lex +if test "$enable_largefile" != no -a "$ac_cv_sys_large_files" != no; then + CPPFLAGS="$CPPFLAGS -D_LARGE_FILES=$ac_cv_sys_large_files" +fi dnl dnl this is needed to run the configure tests against glibc diff --git a/crypto/heimdal/doc/Makefile.in b/crypto/heimdal/doc/Makefile.in index 43e3c93..9ebf564 100644 --- a/crypto/heimdal/doc/Makefile.in +++ b/crypto/heimdal/doc/Makefile.in @@ -18,7 +18,7 @@ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -226,10 +227,10 @@ all: all-am .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .dvi .info .ps .texi -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign doc/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) mostlyclean-libtool: @@ -390,7 +391,9 @@ info: info-am info-am: $(INFO_DEPS) -install-data-am: install-data-local install-info-am +install-data-am: install-info-am + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: @$(NORMAL_INSTALL) @@ -441,12 +444,12 @@ uninstall-am: uninstall-info-am clean-generic clean-libtool dist-info distclean \ distclean-generic distclean-libtool distdir dvi dvi-am info \ info-am install install-am install-data install-data-am \ - install-data-local install-exec install-exec-am install-info \ - install-info-am install-man install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-aminfo maintainer-clean-generic mostlyclean \ - mostlyclean-aminfo mostlyclean-generic mostlyclean-libtool \ - uninstall uninstall-am uninstall-info-am + install-exec install-exec-am install-info install-info-am \ + install-man install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-aminfo \ + maintainer-clean-generic mostlyclean mostlyclean-aminfo \ + mostlyclean-generic mostlyclean-libtool uninstall uninstall-am \ + uninstall-info-am install-suid-programs: @@ -572,7 +575,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/doc/ack.texi b/crypto/heimdal/doc/ack.texi index d28b816..458baa3 100644 --- a/crypto/heimdal/doc/ack.texi +++ b/crypto/heimdal/doc/ack.texi @@ -1,4 +1,4 @@ -@c $Id: ack.texi,v 1.15 2002/09/04 01:03:35 assar Exp $ +@c $Id: ack.texi,v 1.16 2003/03/15 14:21:41 lha Exp $ @node Acknowledgments, , Migration, Top @comment node-name, next, previous, up @@ -60,6 +60,8 @@ Bugfixes, documentation, encouragement, and code has been contributed by: @email{rnyberg@@it.su.se} @item Frank van der Linden @email{fvdl@@netbsd.org} +@item Cizzi Storm +@email{cizzi@@it.su.se} @item and we hope that those not mentioned here will forgive us. @end table diff --git a/crypto/heimdal/doc/intro.texi b/crypto/heimdal/doc/intro.texi index 6c6ff3a..c190fe2 100644 --- a/crypto/heimdal/doc/intro.texi +++ b/crypto/heimdal/doc/intro.texi @@ -1,4 +1,4 @@ -@c $Id: intro.texi,v 1.12 2001/01/28 22:11:22 assar Exp $ +@c $Id: intro.texi,v 1.13 2003/03/15 13:42:16 lha Exp $ @node Introduction, What is Kerberos?, Top, Top @c @node Introduction, What is Kerberos?, Top, Top @@ -93,3 +93,9 @@ There are two mailing lists with talk about Heimdal. @email{heimdal-announce@@sics.se} is a low-volume announcement list, while @email{heimdal-discuss@@sics.se} is for general discussion. Send a message to @email{majordomo@@sics.se} to subscribe. + +@heading Heimdal source code, binaries and the manual + +The source code for heimdal, links to binaries and the manual (this +document) can be found on our web-page at +@url{http://www.pdc.kth.se/heimdal/}. diff --git a/crypto/heimdal/doc/misc.texi b/crypto/heimdal/doc/misc.texi index 8b3f980..83c2a4a 100644 --- a/crypto/heimdal/doc/misc.texi +++ b/crypto/heimdal/doc/misc.texi @@ -1,4 +1,4 @@ -@c $Id: misc.texi,v 1.6 2001/02/24 05:09:24 assar Exp $ +@c $Id: misc.texi,v 1.13 2003/03/30 21:30:59 lha Exp $ @node Things in search for a better place, Kerberos 4 issues, Setting up a realm, Top @chapter Things in search for a better place @@ -37,7 +37,7 @@ says that people with `admin' instances should be given `enabled' shells when logging in. The numbers after the principal on the `srvtab' line are principal type, -timestamp (in seconds since 1970), key version number (4), keytype (1 == +time stamp (in seconds since 1970), key version number (4), keytype (1 == des), key length (always 8 with des), and then the key. To make the Heimdal KDC produce tickets that the Cisco can decode you @@ -57,8 +57,70 @@ A working solution would be to hook up a machine with a real operating system to the console of the Cisco and then use it as a backwards terminal server. -@section Making things work on Transarc AFS +@section Making things work on Transarc/OpenAFS AFS @subsection How to get a KeyFile @file{ktutil -k AFSKEYFILE:KeyFile get afs@@MY.REALM} + +or you can extract it with kadmin + +@example +kadmin> ext -k AFSKEYFILE:/usr/afs/etc/KeyFile afs@@My.CELL.NAME +@end example + +You have to make sure you have a @code{des-cbc-md5} encryption type since that +is the key that will be converted. + +@subsection How to convert a srvtab to a KeyFile + +You need a @file{/usr/vice/etc/ThisCell} containing the cellname of you +AFS-cell. + +@file{ktutil copy krb4:/root/afs-srvtab AFSKEYFILE:/usr/afs/etc/KeyFile}. + +If keyfile already exists, this will add the new key in afs-srvtab to +KeyFile. + +@section Using 2b tokens with AFS + +@subsection What is 2b ? + +2b is the name of the proposal that was implemented to give basic +Kerberos 5 support to AFS in rxkad. Its not real Kerberos 5 support +since it still uses fcrypt for data encryption and not Kerberos +encryption types. + +Its only possible (in all cases) to do this for DES encryption types because +only then the token (the AFS equivalent of a ticket) will be be smaller +than the maximum size that can fit in the token cache in +OpenAFS/Transarc client. Its so tight fit that some extra wrapping on the ASN1/DER encoding is removed from the Kerberos ticket. + +2b uses a Kerberos 5 EncTicketPart instead of a Kerberos 4 ditto for +the part of the ticket that is encrypted with the service's key. The +client doesn't know what's inside the encrypted data so to the client it doesn't matter. + +To differentiate between Kerberos 4 tickets and Kerberos 5 tickets 2b +uses a special kvno, 213 for 2b tokens and 255 for Kerberos 5 tokens. + +Its a requirement that all AFS servers that support 2b also support +native Kerberos 5 in rxkad. + +@subsection Configuring Heimdal to use 2b tokens + +Support for 2b tokens are turned on for specific principals by adding +them to the string list option @code{[kdc]use_2b} in the kdc's +@file{krb5.conf} file. + +@example +[kdc] + use_2b = @{ + afs@@SU.SE = yes + afs/it.su.se@@SU.SE = yes + @} +@end example + +@subsection Configuring AFS clients + +There is no need to configure AFS clients. The only software that +needs to be installed/upgrade is a Kerberos 5 enabled @file{afslog}. diff --git a/crypto/heimdal/doc/programming.texi b/crypto/heimdal/doc/programming.texi index ffcac21..63f0715 100644 --- a/crypto/heimdal/doc/programming.texi +++ b/crypto/heimdal/doc/programming.texi @@ -1,4 +1,4 @@ -@c $Id: programming.texi,v 1.2 2001/05/16 22:11:00 assar Exp $ +@c $Id: programming.texi,v 1.2.8.1 2003/04/24 11:55:45 lha Exp $ @node Programming with Kerberos @chapter Programming with Kerberos @@ -45,7 +45,7 @@ replay cache, and checksum types. See the manual page for @manpage{krb5_auth_context,3}. -@subsection Keytab managment +@subsection Keytab management A keytab is a storage for locally stored keys. Heimdal includes keytab support for Kerberos 5 keytabs, Kerberos 4 srvtab, AFS-KeyFile's, diff --git a/crypto/heimdal/doc/setup.texi b/crypto/heimdal/doc/setup.texi index 9cd96e8..c9ed938 100644 --- a/crypto/heimdal/doc/setup.texi +++ b/crypto/heimdal/doc/setup.texi @@ -1,4 +1,4 @@ -@c $Id: setup.texi,v 1.25 2001/08/24 05:24:33 assar Exp $ +@c $Id: setup.texi,v 1.27 2003/03/30 21:43:00 lha Exp $ @node Setting up a realm, Things in search for a better place, Building and Installing, Top @@ -8,6 +8,7 @@ * Configuration file:: * Creating the database:: * keytabs:: +* Serving Kerberos 4/524/kaserver:: * Remote administration:: * Password changing:: * Testing clients and servers:: @@ -165,7 +166,7 @@ krbtgt/MY.REALM@@MY.REALM 1:0:1:52b53b61c875ce16:-:0:7:c8943be ... kadmin/changepw@@MY.REALM 1:0:1:f48c8af2b340e9fb:-:0:7:e3e6088 ... @end smallexample -@node keytabs, Remote administration, Creating the database, Setting up a realm +@node keytabs, Serving Kerberos 4/524/kaserver, Creating the database, Setting up a realm @section keytabs To extract a service ticket from the database and put it in a keytab you @@ -187,7 +188,56 @@ Version Type Principal 1 des3-cbc-sha1 host/my.host.name@@MY.REALM @end example -@node Remote administration, Password changing, keytabs, Setting up a realm +@node Serving Kerberos 4/524/kaserver, Remote administration, keytabs, Setting up a realm +@section Serving Kerberos 4/524/kaserver + +Heimdal can be configured to support 524, Kerberos 4 or kaserver. All +theses services are default turned off. Kerberos 4 support also +depends on if Kerberos 4 support is compiled in with heimdal. + +@subsection 524 + +524 is a service that allows the kdc to convert Kerberos 5 tickets to +Kerberos 4 tickets for backward compatibility. See also Using 2b +tokens with AFS in @xref{Things in search for a better place}. + +524 can be turned on by adding this to the configuration file + +@example +[kdc] + enable-524 = yes +@end example + +@subsection Kerberos 4 + +Kerberos 4 is the predecessor to to Kerberos 5. It only support single +DES. You should only enable Kerberos 4 support if you have a need for +for compatibility with an installed base of Kerberos 4 clients/servers. + +Kerberos 4 can be turned on by adding this to the configuration file + +@example +[kdc] + enable-kerberos4 = yes +@end example + +@subsection kaserver + +Kaserver is a Kerberos 4 that is used in AFS, the protocol have some +features over plain Kerberos 4, but like kerberos 4 only use single +DES too. + +You should only enable Kerberos 4 support if you have a need for for +compatibility with an installed base of AFS machines. + +Kaserver can be turned on by adding this to the configuration file + +@example +[kdc] + enable-kaserver = yes +@end example + +@node Remote administration, Password changing, Serving Kerberos 4/524/kaserver, Setting up a realm @section Remote administration The administration server, @samp{kadmind}, can be started by @@ -314,7 +364,7 @@ Every slave needs a keytab with a principal, @code{propd}, as follows: @example -slave# ktutil get -p foo/admin host/`hostname` +slave# ktutil get -p foo/admin hprop/`hostname` slave# hpropd @end example @@ -434,8 +484,9 @@ Common types of salting includes @itemize @bullet @item @code{v4} (or @code{des:pw-salt:}) -The Kerberos 4 salting is using no salt att all. Reson there is colon -that the end is that +The Kerberos 4 salting is using no salt att all. Reason there is colon +that the end or the salt string is that it makes the salt the empty +string (same as no salt). @item @code{v5} (or @code{pw-salt}) diff --git a/crypto/heimdal/include/Makefile.in b/crypto/heimdal/include/Makefile.in index 8e9f5a6..ec98e00 100644 --- a/crypto/heimdal/include/Makefile.in +++ b/crypto/heimdal/include/Makefile.in @@ -18,7 +18,7 @@ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -297,10 +298,10 @@ all: config.h .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign include/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) config.h: stamp-h1 @@ -313,7 +314,7 @@ stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status @rm -f stamp-h1 cd $(top_builddir) && $(SHELL) ./config.status include/config.h -$(srcdir)/config.h.in: $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/config.h.in: @MAINTAINER_MODE_TRUE@ $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && $(AUTOHEADER) touch $(srcdir)/config.h.in @@ -560,7 +561,9 @@ info: info-recursive info-am: -install-data-am: install-data-local install-includeHEADERS +install-data-am: install-includeHEADERS + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: @$(NORMAL_INSTALL) @@ -591,17 +594,16 @@ uninstall-info: uninstall-info-recursive distclean-compile distclean-generic distclean-hdr \ distclean-libtool distclean-recursive distclean-tags distdir \ dvi dvi-am dvi-recursive info info-am info-recursive install \ - install-am install-data install-data-am install-data-local \ - install-data-recursive install-exec install-exec-am \ - install-exec-recursive install-includeHEADERS install-info \ - install-info-am install-info-recursive install-man \ - install-recursive install-strip installcheck installcheck-am \ - installdirs installdirs-am installdirs-recursive \ - maintainer-clean maintainer-clean-generic \ - maintainer-clean-recursive mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool mostlyclean-recursive \ - tags tags-recursive uninstall uninstall-am \ - uninstall-includeHEADERS uninstall-info-am \ + install-am install-data install-data-am install-data-recursive \ + install-exec install-exec-am install-exec-recursive \ + install-includeHEADERS install-info install-info-am \ + install-info-recursive install-man install-recursive \ + install-strip installcheck installcheck-am installdirs \ + installdirs-am installdirs-recursive maintainer-clean \ + maintainer-clean-generic maintainer-clean-recursive mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + mostlyclean-recursive tags tags-recursive uninstall \ + uninstall-am uninstall-includeHEADERS uninstall-info-am \ uninstall-info-recursive uninstall-recursive @@ -728,7 +730,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/include/kadm5/Makefile.in b/crypto/heimdal/include/kadm5/Makefile.in index 38d14fa..db1956d 100644 --- a/crypto/heimdal/include/kadm5/Makefile.in +++ b/crypto/heimdal/include/kadm5/Makefile.in @@ -18,7 +18,7 @@ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -222,10 +223,10 @@ all: all-am .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign include/kadm5/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) mostlyclean-libtool: @@ -317,7 +318,9 @@ info: info-am info-am: -install-data-am: install-data-local +install-data-am: + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: @$(NORMAL_INSTALL) @@ -342,12 +345,12 @@ uninstall-am: uninstall-info-am .PHONY: all all-am all-local check check-am check-local clean \ clean-generic clean-libtool distclean distclean-generic \ distclean-libtool distdir dvi dvi-am info info-am install \ - install-am install-data install-data-am install-data-local \ - install-exec install-exec-am install-info install-info-am \ - install-man install-strip installcheck installcheck-am \ - installdirs maintainer-clean maintainer-clean-generic \ - mostlyclean mostlyclean-generic mostlyclean-libtool uninstall \ - uninstall-am uninstall-info-am + install-am install-data install-data-am install-exec \ + install-exec-am install-info install-info-am install-man \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-generic mostlyclean-libtool uninstall uninstall-am \ + uninstall-info-am install-suid-programs: @@ -473,7 +476,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/include/make_crypto.c b/crypto/heimdal/include/make_crypto.c index 9e38cb7..2215f3f 100644 --- a/crypto/heimdal/include/make_crypto.c +++ b/crypto/heimdal/include/make_crypto.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002 Kungliga Tekniska Högskolan + * Copyright (c) 2002 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include <config.h> -RCSID("$Id: make_crypto.c,v 1.2.2.1 2002/10/21 14:30:04 joda Exp $"); +RCSID("$Id: make_crypto.c,v 1.4.2.1 2003/05/05 20:10:27 joda Exp $"); #endif #include <stdio.h> #include <string.h> @@ -60,11 +60,15 @@ main(int argc, char **argv) fprintf(f, "#ifndef __%s__\n", argv[1]); fprintf(f, "#define __%s__\n", argv[1]); #ifdef HAVE_OPENSSL + fputs("#define OPENSSL_DES_LIBDES_COMPATIBILITY\n", f); fputs("#include <openssl/des.h>\n", f); fputs("#include <openssl/rc4.h>\n", f); fputs("#include <openssl/md4.h>\n", f); fputs("#include <openssl/md5.h>\n", f); fputs("#include <openssl/sha.h>\n", f); +#if ENABLE_AES + fputs("#include <openssl/aes.h>\n", f); +#endif #else fputs("#include <des.h>\n", f); fputs("#include <md4.h>\n", f); diff --git a/crypto/heimdal/kadmin/ChangeLog b/crypto/heimdal/kadmin/ChangeLog index a457753..093835e 100644 --- a/crypto/heimdal/kadmin/ChangeLog +++ b/crypto/heimdal/kadmin/ChangeLog @@ -1,6 +1,42 @@ +2003-04-14 Love Hörquist Åstrand <lha@it.su.se> + + * util.c: cast argument to tolower to unsigned char, from + Christian Biere <christianbiere@gmx.de> via NetBSD + +2003-04-06 Love Hörquist Åstrand <lha@it.su.se> + + * kadmind.8: s/kerberos/Kerberos/ + +2003-03-31 Love Hörquist Åstrand <lha@it.su.se> + + * kadmin.8: initialises -> initializes, from Perry E. Metzger" + <perry@piermont.com> + + * kadmin.c: principal, not pricipal. From Thomas Klausner + <wiz@netbsd.org> + +2003-02-04 Love Hörquist Åstrand <lha@it.su.se> + + * kadmind.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl> + + * kadmin.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl> + +2003-01-29 Love Hörquist Åstrand <lha@it.su.se> + + * server.c (kadmind_dispatch): kadm_chpass: require the password + to pass the password quality check in case the user changes the + user's own password kadm_chpass_with_key: disallow the user to + change it own password to a key, since that password might violate + the password quality check. + +2002-10-23 Assar Westerlund <assar@kth.se> + + * version4.c (decode_packet): check the length of the version + string and that rlen has a reasonable value + 2002-10-21 Johan Danielsson <joda@pdc.kth.se> - * version4.c: pull up 1.27; check size of rlen + * version4.c: check size of rlen 2002-09-10 Johan Danielsson <joda@pdc.kth.se> diff --git a/crypto/heimdal/kadmin/Makefile.in b/crypto/heimdal/kadmin/Makefile.in index d2578f5..4739519 100644 --- a/crypto/heimdal/kadmin/Makefile.in +++ b/crypto/heimdal/kadmin/Makefile.in @@ -18,7 +18,7 @@ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -345,10 +346,10 @@ all: all-am .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign kadmin/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM) install-libexecPROGRAMS: $(libexec_PROGRAMS) @@ -595,7 +596,9 @@ info: info-am info-am: -install-data-am: install-data-local install-man +install-data-am: install-man + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: install-libexecPROGRAMS install-sbinPROGRAMS @$(NORMAL_INSTALL) @@ -626,8 +629,8 @@ uninstall-man: uninstall-man8 clean-noinstPROGRAMS clean-sbinPROGRAMS distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am info info-am install \ - install-am install-data install-data-am install-data-local \ - install-exec install-exec-am install-info install-info-am \ + install-am install-data install-data-am install-exec \ + install-exec-am install-info install-info-am \ install-libexecPROGRAMS install-man install-man8 \ install-sbinPROGRAMS install-strip installcheck installcheck-am \ installdirs maintainer-clean maintainer-clean-generic \ @@ -760,7 +763,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/kadmin/ank.c b/crypto/heimdal/kadmin/ank.c index 0dfdfad..a166fb2 100644 --- a/crypto/heimdal/kadmin/ank.c +++ b/crypto/heimdal/kadmin/ank.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kadmin_locl.h" -RCSID("$Id: ank.c,v 1.23 2002/06/07 19:05:38 nectar Exp $"); +RCSID("$Id: ank.c,v 1.25 2002/12/03 14:11:24 joda Exp $"); /* * fetch the default principal corresponding to `princ' @@ -112,7 +112,8 @@ add_one_principal (const char *name, if(use_defaults) set_defaults(&princ, &mask, default_ent, default_mask); else - edit_entry(&princ, &mask, default_ent, default_mask); + if(edit_entry(&princ, &mask, default_ent, default_mask)) + goto out; if(rand_key || key_data) { princ.attributes |= KRB5_KDB_DISALLOW_ALL_TIX; mask |= KADM5_ATTRIBUTES; @@ -136,8 +137,10 @@ add_one_principal (const char *name, } ret = kadm5_create_principal(kadm_handle, &princ, mask, password); - if(ret) + if(ret) { krb5_warn(context, ret, "kadm5_create_principal"); + goto out; + } if(rand_key) { krb5_keyblock *new_keys; int n_keys, i; diff --git a/crypto/heimdal/kadmin/init.c b/crypto/heimdal/kadmin/init.c index 2391a08..587458b 100644 --- a/crypto/heimdal/kadmin/init.c +++ b/crypto/heimdal/kadmin/init.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -34,7 +34,7 @@ #include "kadmin_locl.h" #include <kadm5/private.h> -RCSID("$Id: init.c,v 1.27 2000/09/10 19:20:16 joda Exp $"); +RCSID("$Id: init.c,v 1.29 2002/12/03 14:08:17 joda Exp $"); static kadm5_ret_t create_random_entry(krb5_principal princ, @@ -90,6 +90,7 @@ static struct getargs args[] = { "realm max ticket lifetime" }, { "realm-max-renewable-life", 0, arg_string, NULL, "realm max renewable lifetime" }, + { "help", 'h', arg_flag, NULL }, }; static int num_args = sizeof(args) / sizeof(args[0]); @@ -107,14 +108,16 @@ init(int argc, char **argv) int i; char *realm_max_life = NULL; char *realm_max_rlife = NULL; + int help_flag = 0; HDB *db; int optind = 0; krb5_deltat max_life, max_rlife; args[0].value = &realm_max_life; args[1].value = &realm_max_rlife; + args[2].value = &help_flag; - if(getarg(args, num_args, argc, argv, &optind)) { + if(getarg(args, num_args, argc, argv, &optind) || help_flag) { usage(); return 0; } @@ -150,16 +153,24 @@ init(int argc, char **argv) const char *realm = argv[i]; /* Create `krbtgt/REALM' */ - krb5_make_principal(context, &princ, realm, - KRB5_TGS_NAME, realm, NULL); + ret = krb5_make_principal(context, &princ, realm, + KRB5_TGS_NAME, realm, NULL); + if(ret) + return 0; if (realm_max_life == NULL) { max_life = 0; - edit_deltat ("Realm max ticket life", &max_life, NULL, 0); + if(edit_deltat ("Realm max ticket life", &max_life, NULL, 0)) { + krb5_free_principal(context, princ); + return 0; + } } if (realm_max_rlife == NULL) { max_rlife = 0; - edit_deltat("Realm max renewable ticket life", &max_rlife, - NULL, 0); + if(edit_deltat("Realm max renewable ticket life", &max_rlife, + NULL, 0)) { + krb5_free_principal(context, princ); + return 0; + } } create_random_entry(princ, max_life, max_rlife, 0); krb5_free_principal(context, princ); diff --git a/crypto/heimdal/kadmin/kadm_conn.c b/crypto/heimdal/kadmin/kadm_conn.c index f2b54de..ae44c43 100644 --- a/crypto/heimdal/kadmin/kadm_conn.c +++ b/crypto/heimdal/kadmin/kadm_conn.c @@ -36,7 +36,7 @@ #include <sys/wait.h> #endif -RCSID("$Id: kadm_conn.c,v 1.13.6.1 2002/10/21 14:53:39 joda Exp $"); +RCSID("$Id: kadm_conn.c,v 1.14 2002/10/21 13:21:24 joda Exp $"); struct kadm_port { char *port; diff --git a/crypto/heimdal/kadmin/kadmin.8 b/crypto/heimdal/kadmin/kadmin.8 index 66880f3..cf7ebe8 100644 --- a/crypto/heimdal/kadmin/kadmin.8 +++ b/crypto/heimdal/kadmin/kadmin.8 @@ -1,4 +1,35 @@ -.\" $Id: kadmin.8,v 1.7 2002/08/20 17:07:11 joda Exp $ +.\" Copyright (c) 2000 - 2003 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: kadmin.8,v 1.10 2003/03/31 10:42:32 lha Exp $ .\" .Dd September 10, 2000 .Dt KADMIN 8 @@ -43,7 +74,7 @@ .Sh DESCRIPTION The .Nm -program is used to make modification to the Kerberos database, either remotely via the +program is used to make modifications to the Kerberos database, either remotely via the .Xr kadmind 8 daemon, or locally (with the .Fl l @@ -60,7 +91,7 @@ principal to authenticate as .Fl K Ar string , .Fl -keytab= Ns Ar string .Xc -keytab for authentication pricipal +keytab for authentication principal .It Xo .Fl c Ar file , .Fl -config-file= Ns Ar file @@ -145,7 +176,7 @@ removes a principal .Ar principal enctypes... .Pp .Bd -ragged -offset indent -removes some enctypes from a principal, this can be useful the service +removes some enctypes from a principal. This can be useful the service belonging to the principal is known to not handle certain enctypes .Ed .Pp @@ -198,12 +229,12 @@ modifies certain attributes of a principal .Nm privileges .Pp .Bd -ragged -offset indent -lists the operations you are allowd to perform +lists the operations you are allowed to perform .Ed .Pp .Ed .Pp -When running in local mode, the following commands can also be used. +When running in local mode, the following commands can also be used: .Bd -ragged -offset indent .Nm dump .Op Fl d | Fl -decrypt @@ -221,7 +252,7 @@ form to the specified file, or standard out .Ar realm .Pp .Bd -ragged -offset indent -initialises the Kerberos database with entries for a new realm, it's +initializes the Kerberos database with entries for a new realm. It's possible to have more than one realm served by one server .Ed .Pp diff --git a/crypto/heimdal/kadmin/kadmin.c b/crypto/heimdal/kadmin/kadmin.c index ff2eec9..9438587 100644 --- a/crypto/heimdal/kadmin/kadmin.c +++ b/crypto/heimdal/kadmin/kadmin.c @@ -34,7 +34,7 @@ #include "kadmin_locl.h" #include <sl.h> -RCSID("$Id: kadmin.c,v 1.41 2001/08/10 08:06:13 joda Exp $"); +RCSID("$Id: kadmin.c,v 1.42 2003/03/31 10:20:19 lha Exp $"); static char *config_file; static char *keyfile; @@ -51,7 +51,7 @@ static struct getargs args[] = { { "principal", 'p', arg_string, &client_name, "principal to authenticate as" }, { "keytab", 'K', arg_string, &keytab, - "keytab for authentication pricipal" }, + "keytab for authentication principal" }, { "config-file", 'c', arg_string, &config_file, "location of config file", "file" diff --git a/crypto/heimdal/kadmin/kadmind.8 b/crypto/heimdal/kadmin/kadmind.8 index ac1fcd2..5663225 100644 --- a/crypto/heimdal/kadmin/kadmind.8 +++ b/crypto/heimdal/kadmin/kadmind.8 @@ -1,11 +1,42 @@ -.\" $Id: kadmind.8,v 1.10.2.1 2002/10/21 14:53:39 joda Exp $ +.\" Copyright (c) 2002 - 2003 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: kadmind.8,v 1.14 2003/04/06 17:47:57 lha Exp $ .\" .Dd March 5, 2002 .Dt KADMIND 8 .Os HEIMDAL .Sh NAME .Nm kadmind -.Nd "server for administrative access to kerberos database" +.Nd "server for administrative access to Kerberos database" .Sh SYNOPSIS .Nm .Oo Fl c Ar file \*(Ba Xo @@ -51,7 +82,7 @@ daemon is responsible for the Kerberos 5 password changing protocol .Xr kpasswd 1 ) . .Pp -This daemon should only be run on ther master server, and not on any +This daemon should only be run on the master server, and not on any slaves. .Pp Principals are always allowed to change their own password and list @@ -118,7 +149,7 @@ enable debugging .Fl p Ar port , .Fl -ports= Ns Ar port .Xc -ports to listen to. By default, if run as a daemon, it listen to ports +ports to listen to. By default, if run as a daemon, it listens to ports 749, and 751 (if Kerberos 4 support is built and enabled), but you can add any number of ports with this option. The port string is a whitespace separated list of port specifications, with the special diff --git a/crypto/heimdal/kadmin/kadmind.c b/crypto/heimdal/kadmin/kadmind.c index 5ef6349..2998ee6 100644 --- a/crypto/heimdal/kadmin/kadmind.c +++ b/crypto/heimdal/kadmin/kadmind.c @@ -33,7 +33,7 @@ #include "kadmin_locl.h" -RCSID("$Id: kadmind.c,v 1.27.6.1 2002/10/21 14:53:39 joda Exp $"); +RCSID("$Id: kadmind.c,v 1.28 2002/10/21 13:21:24 joda Exp $"); static char *check_library = NULL; static char *check_function = NULL; diff --git a/crypto/heimdal/kadmin/mod.c b/crypto/heimdal/kadmin/mod.c index 1ea9c86..0e9cd08 100644 --- a/crypto/heimdal/kadmin/mod.c +++ b/crypto/heimdal/kadmin/mod.c @@ -33,7 +33,7 @@ #include "kadmin_locl.h" -RCSID("$Id: mod.c,v 1.10 2000/07/11 14:34:56 joda Exp $"); +RCSID("$Id: mod.c,v 1.11 2002/12/03 14:12:30 joda Exp $"); static int parse_args (krb5_context context, kadm5_principal_ent_t ent, int argc, char **argv, int *optind, char *name, @@ -136,7 +136,8 @@ mod_entry(int argc, char **argv) printf ("no such principal: %s\n", argv[0]); return 0; } - edit_entry(&princ, &mask, NULL, 0); + if(edit_entry(&princ, &mask, NULL, 0)) + goto out; } else { princ.principal = princ_ent; } @@ -144,6 +145,7 @@ mod_entry(int argc, char **argv) ret = kadm5_modify_principal(kadm_handle, &princ, mask); if(ret) krb5_warn(context, ret, "kadm5_modify_principal"); + out: kadm5_free_principal_ent(kadm_handle, &princ); return 0; } diff --git a/crypto/heimdal/kadmin/server.c b/crypto/heimdal/kadmin/server.c index 82050bb..adaf6cf 100644 --- a/crypto/heimdal/kadmin/server.c +++ b/crypto/heimdal/kadmin/server.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -34,7 +34,7 @@ #include "kadmin_locl.h" #include <krb5-private.h> -RCSID("$Id: server.c,v 1.36.2.1 2002/10/21 14:53:39 joda Exp $"); +RCSID("$Id: server.c,v 1.38 2003/01/29 12:33:05 lha Exp $"); static kadm5_ret_t kadmind_dispatch(void *kadm_handle, krb5_boolean initial, @@ -217,19 +217,36 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, /* * The change is allowed if at least one of: - * a) it's for the principal him/herself and this was an initial ticket + + * a) it's for the principal him/herself and this was an + * initial ticket, but then, check with the password quality + * function. * b) the user is on the CPW ACL. */ if (initial && krb5_principal_compare (context->context, context->caller, princ)) - ret = 0; - else + { + krb5_data pwd_data; + const char *pwd_reason; + + pwd_data.data = password; + pwd_data.length = strlen(password); + + pwd_reason = kadm5_check_password_quality (context->context, + princ, &pwd_data); + if (pwd_reason != NULL) + ret = KADM5_PASS_Q_DICT; + else + ret = 0; + } else ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW, princ); if(ret) { krb5_free_principal(context->context, princ); + memset(password, 0, strlen(password)); + free(password); goto fail; } ret = kadm5_chpass_principal(kadm_handle, princ, password); @@ -286,18 +303,11 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, krb5_warnx(context->context, "%s: %s %s", client, op, name); /* - * The change is allowed if at least one of: - * a) it's for the principal him/herself and this was an initial ticket - * b) the user is on the CPW ACL. + * The change is only allowed if the user is on the CPW ACL, + * this it to force password quality check on the user. */ - if (initial - && krb5_principal_compare (context->context, context->caller, - princ)) - ret = 0; - else - ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW, princ); - + ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW, princ); if(ret) { int16_t dummy = n_key_data; diff --git a/crypto/heimdal/kadmin/util.c b/crypto/heimdal/kadmin/util.c index f1b9764..b25bf2a 100644 --- a/crypto/heimdal/kadmin/util.c +++ b/crypto/heimdal/kadmin/util.c @@ -34,7 +34,7 @@ #include "kadmin_locl.h" #include <parse_units.h> -RCSID("$Id: util.c,v 1.37 2002/06/07 18:28:46 joda Exp $"); +RCSID("$Id: util.c,v 1.39 2003/04/14 11:55:27 lha Exp $"); /* * util.c - functions for parsing, unparsing, and editing different @@ -556,6 +556,7 @@ get_response(const char *prompt, const char *def, char *buf, size_t len) osig = signal(SIGINT, interrupt); if(setjmp(jmpbuf)) { signal(SIGINT, osig); + printf("\n"); return 1; } @@ -586,7 +587,7 @@ hex2n (char c) static char hexdigits[] = "0123456789abcdef"; const char *p; - p = strchr (hexdigits, tolower((int)c)); + p = strchr (hexdigits, tolower((unsigned char)c)); if (p == NULL) return -1; else diff --git a/crypto/heimdal/kadmin/version4.c b/crypto/heimdal/kadmin/version4.c index 466ec3a..80bf927 100644 --- a/crypto/heimdal/kadmin/version4.c +++ b/crypto/heimdal/kadmin/version4.c @@ -41,7 +41,7 @@ #include <krb_err.h> #include <kadm_err.h> -RCSID("$Id: version4.c,v 1.26.2.1 2002/10/21 14:52:59 joda Exp $"); +RCSID("$Id: version4.c,v 1.29 2002/10/29 10:33:23 joda Exp $"); #define KADM_NO_OPCODE -1 #define KADM_NO_ENCRYPT -2 @@ -51,7 +51,7 @@ RCSID("$Id: version4.c,v 1.26.2.1 2002/10/21 14:52:59 joda Exp $"); */ static void -make_you_loose_packet(int code, krb5_data *reply) +make_you_lose_packet(int code, krb5_data *reply) { krb5_data_alloc(reply, KADM_VERSIZE + 4); memcpy(reply->data, KADM_ULOSE, KADM_VERSIZE); @@ -812,9 +812,9 @@ decode_packet(krb5_context context, char *client_str; krb5_keytab_entry entry; - if(message.length < KADM_VERSIZE + if(message.length < KADM_VERSIZE + 4 || strncmp(msg, KADM_VERSTR, KADM_VERSIZE) != 0) { - make_you_loose_packet (KADM_BAD_VER, reply); + make_you_lose_packet (KADM_BAD_VER, reply); return; } @@ -823,9 +823,10 @@ decode_packet(krb5_context context, memset(&authent, 0, sizeof(authent)); authent.length = message.length - rlen - KADM_VERSIZE - 4; - if(authent.length >= MAX_KTXT_LEN) { + if(rlen > message.length - KADM_VERSIZE - 4 + || authent.length > MAX_KTXT_LEN) { krb5_warnx(context, "received bad rlen (%lu)", (unsigned long)rlen); - make_you_loose_packet (KADM_LENGTH_ERROR, reply); + make_you_lose_packet (KADM_LENGTH_ERROR, reply); return; } @@ -840,7 +841,7 @@ decode_packet(krb5_context context, "changepw", "kerberos", NULL); if (ret) { krb5_warn (context, ret, "krb5_make_principal"); - make_you_loose_packet (KADM_NOMEM, reply); + make_you_lose_packet (KADM_NOMEM, reply); return; } ret = krb5_kt_get_entry (context, keytab, principal, 0, @@ -848,7 +849,7 @@ decode_packet(krb5_context context, krb5_kt_close (context, keytab); if (ret) { krb5_free_principal(context, principal); - make_you_loose_packet (KADM_NO_AUTH, reply); + make_you_lose_packet (KADM_NO_AUTH, reply); return; } ret = krb5_copy_keyblock (context, &entry.keyblock,& key); @@ -856,10 +857,10 @@ decode_packet(krb5_context context, krb5_free_principal(context, principal); if(ret) { if(ret == KRB5_KT_NOTFOUND) - make_you_loose_packet(KADM_NO_AUTH, reply); + make_you_lose_packet(KADM_NO_AUTH, reply); else /* XXX */ - make_you_loose_packet(KADM_NO_AUTH, reply); + make_you_lose_packet(KADM_NO_AUTH, reply); krb5_warn(context, ret, "krb5_kt_read_service_key"); return; } @@ -875,7 +876,7 @@ decode_packet(krb5_context context, client_addr->sin_addr.s_addr, &ad, NULL); if(ret) { - make_you_loose_packet(ERROR_TABLE_BASE_krb + ret, reply); + make_you_lose_packet(ERROR_TABLE_BASE_krb + ret, reply); krb5_warnx(context, "krb_rd_req: %d", ret); return; } @@ -884,7 +885,7 @@ decode_packet(krb5_context context, &client); if (ret) { krb5_warnx (context, "krb5_425_conv_principal: %d", ret); - make_you_loose_packet (KADM_NOMEM, reply); + make_you_lose_packet (KADM_NOMEM, reply); return; } @@ -898,21 +899,21 @@ decode_packet(krb5_context context, &kadm_handle); if (ret) { krb5_warn (context, ret, "kadm5_init_with_password_ctx"); - make_you_loose_packet (KADM_NOMEM, reply); + make_you_lose_packet (KADM_NOMEM, reply); goto out; } checksum = des_quad_cksum((void *)(msg + off), NULL, rlen, 0, &ad.session); if(checksum != ad.checksum) { krb5_warnx(context, "decode_packet: bad checksum"); - make_you_loose_packet (KADM_BAD_CHK, reply); + make_you_lose_packet (KADM_BAD_CHK, reply); goto out; } des_set_key(&ad.session, schedule); ret = krb_rd_priv(msg + off, rlen, schedule, &ad.session, client_addr, admin_addr, &msg_dat); if (ret) { - make_you_loose_packet (ERROR_TABLE_BASE_krb + ret, reply); + make_you_lose_packet (ERROR_TABLE_BASE_krb + ret, reply); krb5_warnx(context, "krb_rd_priv: %d", ret); goto out; } @@ -931,7 +932,7 @@ decode_packet(krb5_context context, schedule, &ad.session, admin_addr, client_addr); if((ssize_t)reply->length < 0) { - make_you_loose_packet(KADM_NO_ENCRYPT, reply); + make_you_lose_packet(KADM_NO_ENCRYPT, reply); goto out; } } diff --git a/crypto/heimdal/kdc/524.c b/crypto/heimdal/kdc/524.c index 21bc6a1..225594e 100644 --- a/crypto/heimdal/kdc/524.c +++ b/crypto/heimdal/kdc/524.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,9 +33,11 @@ #include "kdc_locl.h" -RCSID("$Id: 524.c,v 1.25 2002/07/31 09:43:20 joda Exp $"); +RCSID("$Id: 524.c,v 1.29 2003/03/17 05:35:47 assar Exp $"); -#ifdef KRB4 +#ifndef KRB4 +#include <krb5-v4compat.h> +#endif /* * fetch the server from `t', returning the name in malloced memory in @@ -173,6 +175,94 @@ set_address (EncTicketPart *et, return 0; } + +static krb5_error_code +encrypt_v4_ticket(void *buf, + size_t len, + krb5_keyblock *skey, + EncryptedData *reply) +{ + krb5_crypto crypto; + krb5_error_code ret; + ret = krb5_crypto_init(context, skey, ETYPE_DES_PCBC_NONE, &crypto); + if (ret) { + free(buf); + kdc_log(0, "krb5_crypto_init failed: %s", + krb5_get_err_text(context, ret)); + return ret; + } + + ret = krb5_encrypt_EncryptedData(context, + crypto, + KRB5_KU_TICKET, + buf, + len, + 0, + reply); + krb5_crypto_destroy(context, crypto); + if(ret) { + kdc_log(0, "Failed to encrypt data: %s", + krb5_get_err_text(context, ret)); + return ret; + } + return 0; +} + +static krb5_error_code +encode_524_response(const char *spn, const EncTicketPart et, const Ticket *t, + hdb_entry *server, EncryptedData *ticket, int *kvno) +{ + krb5_error_code ret; + int use_2b; + size_t len; + + use_2b = krb5_config_get_bool(context, NULL, "kdc", "use_2b", spn, NULL); + if(use_2b) { + ASN1_MALLOC_ENCODE(EncryptedData, + ticket->cipher.data, ticket->cipher.length, + &t->enc_part, &len, ret); + + if (ret) { + kdc_log(0, "Failed to encode v4 (2b) ticket (%s)", spn); + return ret; + } + + ticket->etype = 0; + ticket->kvno = NULL; + *kvno = 213; /* 2b's use this magic kvno */ + } else { + unsigned char buf[MAX_KTXT_LEN + 4 * 4]; + Key *skey; + + if (!enable_v4_cross_realm && strcmp (et.crealm, t->realm) != 0) { + kdc_log(0, "524 cross-realm %s -> %s disabled", et.crealm, + t->realm); + return KRB5KDC_ERR_POLICY; + } + + ret = encode_v4_ticket(buf + sizeof(buf) - 1, sizeof(buf), + &et, &t->sname, &len); + if(ret){ + kdc_log(0, "Failed to encode v4 ticket (%s)", spn); + return ret; + } + ret = get_des_key(server, TRUE, FALSE, &skey); + if(ret){ + kdc_log(0, "no suitable DES key for server (%s)", spn); + return ret; + } + ret = encrypt_v4_ticket(buf + sizeof(buf) - len, len, + &skey->key, ticket); + if(ret){ + kdc_log(0, "Failed to encrypt v4 ticket (%s)", spn); + return ret; + } + *kvno = server->kvno; + } + + return 0; +} + /* * process a 5->4 request, based on `t', and received `from, addr', * returning the reply in `reply' @@ -193,6 +283,7 @@ do_524(const Ticket *t, krb5_data *reply, char *spn = NULL; unsigned char buf[MAX_KTXT_LEN + 4 * 4]; size_t len; + int kvno; if(!enable_524) { ret = KRB5KDC_ERR_POLICY; @@ -251,31 +342,17 @@ do_524(const Ticket *t, krb5_data *reply, free_EncTicketPart(&et); goto out; } - ret = encode_v4_ticket(buf + sizeof(buf) - 1, sizeof(buf), - &et, &t->sname, &len); + + ret = encode_524_response(spn, et, t, server, &ticket, &kvno); free_EncTicketPart(&et); - if(ret){ - kdc_log(0, "Failed to encode v4 ticket (%s)", spn); - goto out; - } - ret = get_des_key(server, TRUE, FALSE, &skey); - if(ret){ - kdc_log(0, "no suitable DES key for server (%s)", spn); - goto out; - } - ret = encrypt_v4_ticket(buf + sizeof(buf) - len, len, - skey->key.keyvalue.data, &ticket); - if(ret){ - kdc_log(0, "Failed to encrypt v4 ticket (%s)", spn); - goto out; - } + out: /* make reply */ memset(buf, 0, sizeof(buf)); sp = krb5_storage_from_mem(buf, sizeof(buf)); krb5_store_int32(sp, ret); if(ret == 0){ - krb5_store_int32(sp, server->kvno); /* is this right? */ + krb5_store_int32(sp, kvno); krb5_store_data(sp, ticket.cipher); /* Aargh! This is coded as a KTEXT_ST. */ krb5_storage_seek(sp, MAX_KTXT_LEN - ticket.cipher.length, SEEK_CUR); @@ -292,5 +369,3 @@ out: free_ent (server); return ret; } - -#endif /* KRB4 */ diff --git a/crypto/heimdal/kdc/Makefile.am b/crypto/heimdal/kdc/Makefile.am index 3bb00f8..f41f46e 100644 --- a/crypto/heimdal/kdc/Makefile.am +++ b/crypto/heimdal/kdc/Makefile.am @@ -1,4 +1,4 @@ -# $Id: Makefile.am,v 1.43 2001/08/28 08:31:27 assar Exp $ +# $Id: Makefile.am,v 1.44 2003/01/14 05:47:06 lha Exp $ include $(top_srcdir)/Makefile.am.common @@ -20,9 +20,9 @@ kstash_SOURCES = kstash.c headers.h string2key_SOURCES = string2key.c headers.h if KRB4 -krb4_sources = 524.c kerberos4.c kaserver.c rx.h +krb4_sources = kaserver.c rx.h else -krb4_sources = +krb4_sources = endif kdc_SOURCES = \ @@ -33,6 +33,8 @@ kdc_SOURCES = \ log.c \ main.c \ misc.c \ + 524.c \ + kerberos4.c \ $(krb4_sources) diff --git a/crypto/heimdal/kdc/Makefile.in b/crypto/heimdal/kdc/Makefile.in index 429deea..298d382 100644 --- a/crypto/heimdal/kdc/Makefile.in +++ b/crypto/heimdal/kdc/Makefile.in @@ -14,11 +14,11 @@ @SET_MAKE@ -# $Id: Makefile.am,v 1.43 2001/08/28 08:31:27 assar Exp $ +# $Id: Makefile.am,v 1.44 2003/01/14 05:47:06 lha Exp $ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -216,7 +217,7 @@ kstash_SOURCES = kstash.c headers.h string2key_SOURCES = string2key.c headers.h -@KRB4_TRUE@krb4_sources = 524.c kerberos4.c kaserver.c rx.h +@KRB4_TRUE@krb4_sources = kaserver.c rx.h @KRB4_FALSE@krb4_sources = kdc_SOURCES = \ @@ -227,6 +228,8 @@ kdc_SOURCES = \ log.c \ main.c \ misc.c \ + 524.c \ + kerberos4.c \ $(krb4_sources) @@ -284,11 +287,11 @@ hpropd_DEPENDENCIES = $(top_builddir)/lib/hdb/libhdb.la \ $(top_builddir)/lib/krb5/libkrb5.la \ $(top_builddir)/lib/asn1/libasn1.la hpropd_LDFLAGS = -@KRB4_TRUE@am__objects_1 = 524.$(OBJEXT) kerberos4.$(OBJEXT) \ -@KRB4_TRUE@ kaserver.$(OBJEXT) +@KRB4_TRUE@am__objects_1 = kaserver.$(OBJEXT) @KRB4_FALSE@am__objects_1 = am_kdc_OBJECTS = config.$(OBJEXT) connect.$(OBJEXT) kerberos5.$(OBJEXT) \ - log.$(OBJEXT) main.$(OBJEXT) misc.$(OBJEXT) $(am__objects_1) + log.$(OBJEXT) main.$(OBJEXT) misc.$(OBJEXT) 524.$(OBJEXT) \ + kerberos4.$(OBJEXT) $(am__objects_1) kdc_OBJECTS = $(am_kdc_OBJECTS) kdc_DEPENDENCIES = $(top_builddir)/lib/hdb/libhdb.la \ $(top_builddir)/lib/krb5/libkrb5.la \ @@ -334,10 +337,10 @@ all: all-am .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign kdc/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) binPROGRAMS_INSTALL = $(INSTALL_PROGRAM) install-binPROGRAMS: $(bin_PROGRAMS) @@ -614,7 +617,9 @@ info: info-am info-am: -install-data-am: install-data-local install-man +install-data-am: install-man + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: install-binPROGRAMS install-libexecPROGRAMS \ install-sbinPROGRAMS @@ -646,14 +651,13 @@ uninstall-man: uninstall-man8 clean-libtool clean-sbinPROGRAMS distclean distclean-compile \ distclean-generic distclean-libtool distclean-tags distdir dvi \ dvi-am info info-am install install-am install-binPROGRAMS \ - install-data install-data-am install-data-local install-exec \ - install-exec-am install-info install-info-am \ - install-libexecPROGRAMS install-man install-man8 \ - install-sbinPROGRAMS install-strip installcheck installcheck-am \ - installdirs maintainer-clean maintainer-clean-generic \ - mostlyclean mostlyclean-compile mostlyclean-generic \ - mostlyclean-libtool tags uninstall uninstall-am \ - uninstall-binPROGRAMS uninstall-info-am \ + install-data install-data-am install-exec install-exec-am \ + install-info install-info-am install-libexecPROGRAMS \ + install-man install-man8 install-sbinPROGRAMS install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool tags uninstall \ + uninstall-am uninstall-binPROGRAMS uninstall-info-am \ uninstall-libexecPROGRAMS uninstall-man uninstall-man8 \ uninstall-sbinPROGRAMS @@ -781,7 +785,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/kdc/config.c b/crypto/heimdal/kdc/config.c index 165e309..dbe952f 100644 --- a/crypto/heimdal/kdc/config.c +++ b/crypto/heimdal/kdc/config.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -35,7 +35,7 @@ #include <getarg.h> #include <parse_bytes.h> -RCSID("$Id: config.c,v 1.43 2002/08/29 01:51:07 assar Exp $"); +RCSID("$Id: config.c,v 1.46 2003/03/18 00:22:23 lha Exp $"); static const char *config_file; /* location of kdc config file */ @@ -71,10 +71,12 @@ krb5_addresses explicit_addresses; #ifdef KRB4 char *v4_realm; int enable_v4 = -1; -int enable_524 = -1; int enable_kaserver = -1; #endif +int enable_524 = -1; +int enable_v4_cross_realm = -1; + static int help_flag; static int version_flag; @@ -98,22 +100,26 @@ static struct getargs args[] = { }, #endif { "enable-http", 'H', arg_flag, &enable_http, "turn on HTTP support" }, -#ifdef KRB4 - { "kerberos4", 0, arg_negative_flag, &enable_v4, - "don't respond to kerberos 4 requests" - }, { "524", 0, arg_negative_flag, &enable_524, "don't respond to 524 requests" }, - { - "v4-realm", 'r', arg_string, &v4_realm, - "realm to serve v4-requests for" - }, +#ifdef KRB4 { "kaserver", 'K', arg_flag, &enable_kaserver, "enable kaserver support" }, + { "kerberos4", 0, arg_flag, &enable_v4, + "respond to kerberos 4 requests" + }, + { + "v4-realm", 'r', arg_string, &v4_realm, + "realm to serve v4-requests for" + }, #endif + { "kerberos4-cross-realm", 0, arg_flag, + &enable_v4_cross_realm, + "respond to kerberos 4 requests from foreign realms" + }, { "ports", 'P', arg_string, &port_str, "ports to listen to", "portspec" }, @@ -332,12 +338,20 @@ configure(int argc, char **argv) #ifdef KRB4 if(enable_v4 == -1) - enable_v4 = krb5_config_get_bool_default(context, NULL, TRUE, "kdc", + enable_v4 = krb5_config_get_bool_default(context, NULL, FALSE, "kdc", "enable-kerberos4", NULL); +#else +#define enable_v4 0 +#endif + if(enable_v4_cross_realm == -1) + enable_v4_cross_realm = + krb5_config_get_bool_default(context, NULL, + FALSE, "kdc", + "enable-kerberos4-cross-realm", + NULL); if(enable_524 == -1) enable_524 = krb5_config_get_bool_default(context, NULL, enable_v4, "kdc", "enable-524", NULL); -#endif if(enable_http == -1) enable_http = krb5_config_get_bool(context, NULL, "kdc", @@ -358,8 +372,11 @@ configure(int argc, char **argv) "kdc", "v4-realm", NULL); - if(p) + if(p != NULL) { v4_realm = strdup(p); + if (v4_realm == NULL) + krb5_errx(context, 1, "out of memory"); + } } if (enable_kaserver == -1) enable_kaserver = krb5_config_get_bool_default(context, NULL, FALSE, @@ -394,6 +411,8 @@ configure(int argc, char **argv) #ifdef KRB4 if(v4_realm == NULL){ v4_realm = malloc(40); /* REALM_SZ */ + if (v4_realm == NULL) + krb5_errx(context, 1, "out of memory"); krb_get_lrealm(v4_realm, 1); } #endif diff --git a/crypto/heimdal/kdc/connect.c b/crypto/heimdal/kdc/connect.c index 54dff30..3ad1c1d 100644 --- a/crypto/heimdal/kdc/connect.c +++ b/crypto/heimdal/kdc/connect.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: connect.c,v 1.86.4.1 2002/10/21 16:05:17 joda Exp $"); +RCSID("$Id: connect.c,v 1.90 2003/02/18 15:39:10 lha Exp $"); /* * a tuple describing on what to listen @@ -131,15 +131,15 @@ add_standard_ports (int family) add_port_service(family, "kerberos-sec", 88, "tcp"); if(enable_http) add_port_service(family, "http", 80, "tcp"); + if(enable_524) { + add_port_service(family, "krb524", 4444, "udp"); + add_port_service(family, "krb524", 4444, "tcp"); + } #ifdef KRB4 if(enable_v4) { add_port_service(family, "kerberos-iv", 750, "udp"); add_port_service(family, "kerberos-iv", 750, "tcp"); } - if(enable_524) { - add_port_service(family, "krb524", 4444, "udp"); - add_port_service(family, "krb524", 4444, "tcp"); - } if (enable_kaserver) add_port_service(family, "afs3-kaserver", 7004, "udp"); #endif @@ -214,7 +214,7 @@ init_descr(struct descr *d) } /* - * re-intialize all `n' ->sa in `d'. + * re-initialize all `n' ->sa in `d'. */ static void @@ -236,7 +236,7 @@ init_socket(struct descr *d, krb5_address *a, int family, int type, int port) krb5_error_code ret; struct sockaddr_storage __ss; struct sockaddr *sa = (struct sockaddr *)&__ss; - int sa_size; + int sa_size = sizeof(__ss); init_descr (d); @@ -358,9 +358,7 @@ process_request(unsigned char *buf, struct sockaddr *addr) { KDC_REQ req; -#ifdef KRB4 Ticket ticket; -#endif krb5_error_code ret; size_t i; @@ -373,21 +371,20 @@ process_request(unsigned char *buf, ret = tgs_rep(&req, reply, from, addr); free_TGS_REQ(&req); return ret; - } -#ifdef KRB4 - else if(maybe_version4(buf, len)){ - *sendlength = 0; /* elbitapmoc sdrawkcab XXX */ - do_version4(buf, len, reply, from, (struct sockaddr_in*)addr); - return 0; }else if(decode_Ticket(buf, len, &ticket, &i) == 0){ ret = do_524(&ticket, reply, from, addr); free_Ticket(&ticket); return ret; +#ifdef KRB4 + } else if(maybe_version4(buf, len)){ + *sendlength = 0; /* elbitapmoc sdrawkcab XXX */ + do_version4(buf, len, reply, from, (struct sockaddr_in*)addr); + return 0; } else if (enable_kaserver) { ret = do_kaserver (buf, len, reply, from, (struct sockaddr_in*)addr); return ret; - } #endif + } return -1; } diff --git a/crypto/heimdal/kdc/hprop.8 b/crypto/heimdal/kdc/hprop.8 index f9b3ba7..f5e3879 100644 --- a/crypto/heimdal/kdc/hprop.8 +++ b/crypto/heimdal/kdc/hprop.8 @@ -1,4 +1,35 @@ -.\" $Id: hprop.8,v 1.16 2002/08/20 17:18:38 joda Exp $ +.\" Copyright (c) 2000 - 2003 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: hprop.8,v 1.18 2003/02/16 21:10:19 lha Exp $ .\" .Dd June 19, 2000 .Dt HPROP 8 @@ -125,7 +156,7 @@ is compiled with support for Kerberos 4 (kaserver). .Fl r Ar string , .Fl -v4-realm= Ns Ar string .Xc -v4 realm to use +v4 realm to use. .It Xo .Fl c Ar cell , .Fl -cell= Ns Ar cell diff --git a/crypto/heimdal/kdc/hpropd.8 b/crypto/heimdal/kdc/hpropd.8 index 2fa63f1..7bb2deb 100644 --- a/crypto/heimdal/kdc/hpropd.8 +++ b/crypto/heimdal/kdc/hpropd.8 @@ -1,4 +1,35 @@ -.\" $Id: hpropd.8,v 1.9 2002/08/20 16:37:13 joda Exp $ +.\" Copyright (c) 1997, 2000 - 2003 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: hpropd.8,v 1.11 2003/02/16 21:10:20 lha Exp $ .\" .Dd August 27, 1997 .Dt HPROPD 8 @@ -22,7 +53,7 @@ .Op Fl 4 | Fl -v4dump .Sh DESCRIPTION .Nm -receives databases sent by +receives a database sent by .Nm hprop . and writes it as a local database. .Pp @@ -58,7 +89,7 @@ print dump to stdout .Fl i , .Fl -no-inetd .Xc -Not started from inetd +not started from inetd .It Xo .Fl k Ar keytab , .Fl -keytab= Ns Ar keytab diff --git a/crypto/heimdal/kdc/hpropd.c b/crypto/heimdal/kdc/hpropd.c index b36ca4d..d27ff25 100644 --- a/crypto/heimdal/kdc/hpropd.c +++ b/crypto/heimdal/kdc/hpropd.c @@ -33,7 +33,7 @@ #include "hprop.h" -RCSID("$Id: hpropd.c,v 1.35 2002/04/18 10:18:50 joda Exp $"); +RCSID("$Id: hpropd.c,v 1.36 2003/04/16 15:46:32 lha Exp $"); #ifdef KRB4 static des_cblock mkey4; @@ -87,11 +87,11 @@ dump_krb4(krb5_context context, hdb_entry *ent, int fd) if (ent->max_life) { asprintf(&p, "%d", krb_time_to_life(0, *ent->max_life)); - strcat(buf, p); + strlcat(buf, p, sizeof(buf)); free(p); } else - strcat(buf, "255"); - strcat(buf, " "); + strlcat(buf, "255", sizeof(buf)); + strlcat(buf, " ", sizeof(buf)); i = 0; while (i < ent->keys.len && @@ -107,15 +107,15 @@ dump_krb4(krb5_context context, hdb_entry *ent, int fd) asprintf(&p, "%d ", *ent->keys.val[i].mkvno); else asprintf(&p, "%d ", 1); - strcat(buf, p); + strlcat(buf, p, sizeof(buf)); free(p); asprintf(&p, "%d ", ent->kvno); - strcat(buf, p); + strlcat(buf, p, sizeof(buf)); free(p); asprintf(&p, "%d ", 0); /* Attributes are always 0*/ - strcat(buf, p); + strlcat(buf, p, sizeof(buf)); free(p); { @@ -123,15 +123,15 @@ dump_krb4(krb5_context context, hdb_entry *ent, int fd) kdb_encrypt_key((des_cblock*)key, (des_cblock*)key, &mkey4, msched4, DES_ENCRYPT); asprintf(&p, "%x %x ", (int)htonl(*key), (int)htonl(*(key+1))); - strcat(buf, p); + strlcat(buf, p, sizeof(buf)); free(p); } if (ent->valid_end == NULL) - strcat(buf, time2str(60*60*24*365*50)); /* no expiration */ + strlcat(buf, time2str(60*60*24*365*50), sizeof(buf)); /*no expiration*/ else - strcat(buf, time2str(*ent->valid_end)); - strcat(buf, " "); + strlcat(buf, time2str(*ent->valid_end), sizeof(buf)); + strlcat(buf, " ", sizeof(buf)); if (ent->modified_by == NULL) modifier = &ent->created_by; @@ -149,7 +149,7 @@ dump_krb4(krb5_context context, hdb_entry *ent, int fd) asprintf(&p, "%s %s %s\n", time2str(modifier->time), (strlen(name) != 0) ? name : "*", (strlen(instance) != 0) ? instance : "*"); - strcat(buf, p); + strlcat(buf, p, sizeof(buf)); free(p); ret = write(fd, buf, strlen(buf)); diff --git a/crypto/heimdal/kdc/kaserver.c b/crypto/heimdal/kdc/kaserver.c index 7eeff8a..1a998ee 100644 --- a/crypto/heimdal/kdc/kaserver.c +++ b/crypto/heimdal/kdc/kaserver.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: kaserver.c,v 1.20.2.1 2002/10/21 14:30:51 joda Exp $"); +RCSID("$Id: kaserver.c,v 1.21 2002/10/21 12:59:41 joda Exp $"); #include <rx.h> diff --git a/crypto/heimdal/kdc/kdc.8 b/crypto/heimdal/kdc/kdc.8 index 20c180a..baae563 100644 --- a/crypto/heimdal/kdc/kdc.8 +++ b/crypto/heimdal/kdc/kdc.8 @@ -1,4 +1,35 @@ -.\" $Id: kdc.8,v 1.17 2002/08/28 21:09:05 joda Exp $ +.\" Copyright (c) 2003 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: kdc.8,v 1.23 2003/04/06 17:48:40 lha Exp $ .\" .Dd August 22, 2002 .Dt KDC 8 @@ -15,23 +46,26 @@ .Op Fl p | Fl -no-require-preauth .Op Fl -max-request= Ns Ar size .Op Fl H | Fl -enable-http +.Op Fl -no-524 +.Op Fl -kerberos4 +.Op Fl -kerberos4-cross-realm .Oo Fl r Ar string \*(Ba Xo .Fl -v4-realm= Ns Ar string .Xc .Oc -.Op Fl K | Fl -no-kaserver -.Op Fl r Ar realm -.Op Fl -v4-realm= Ns Ar realm -.Oo Fl P Ar string \*(Ba Xo -.Fl -ports= Ns Ar string +.Op Fl K | Fl -kaserver +.Oo Fl P Ar portspec \*(Ba Xo +.Fl -ports= Ns Ar portspec .Xc .Oc +.Op Fl -detach .Op Fl -addresses= Ns Ar list of addresses .Sh DESCRIPTION .Nm -serves requests for tickets. When it starts, it first checks the flags -passed, any options that are not specified with a command line flag is -taken from a config file, or from a default compiled-in value. +serves requests for tickets. +When it starts, it first checks the flags passed, any options that are +not specified with a command line flag are taken from a config file, +or from a default compiled-in value. .Pp Options supported: .Bl -tag -width Ds @@ -47,14 +81,17 @@ This is the only value that can't be specified in the config file. .Fl -no-require-preauth .Xc Turn off the requirement for pre-autentication in the initial AS-REQ -for all principals. The use of pre-authentication makes it more -difficult to do offline password attacks. You might want to turn it -off if you have clients that doesn't do pre-authentication. Since the -version 4 protocol doesn't support any pre-authentication, so serving -version 4 clients is just about the same as not requiring -pre-athentication. The default is to require -pre-authentication. Adding the require-preauth per principal is a more -flexible way of handling this. +for all principals. +The use of pre-authentication makes it more difficult to do offline +password attacks. +You might want to turn it off if you have clients +that don't support pre-authentication. +Since the version 4 protocol doesn't support any pre-authentication, +serving version 4 clients is just about the same as not requiring +pre-athentication. +The default is to require pre-authentication. +Adding the require-preauth per principal is a more flexible way of +handling this. .It Xo .Fl -max-request= Ns Ar size .Xc @@ -66,34 +103,53 @@ willing to handle. .Xc Makes the kdc listen on port 80 and handle requests encapsulated in HTTP. .It Xo -.Fl K , -.Fl -no-kaserver +.Fl -no-524 +.Xc +don't respond to 524 requests +.It Xo +.Fl -kerberos4 .Xc -Disables kaserver emulation (in case it's compiled in). +respond to Kerberos 4 requests .It Xo -.Fl r Ar realm , -.Fl -v4-realm= Ns Ar realm +.Fl -kerberos4-cross-realm +.Xc +respond to Kerberos 4 requests from foreign realms. +This is a known security hole and should not be enabled unless you +understand the consequences and are willing to live with them. +.It Xo +.Fl r Ar string , +.Fl -v4-realm= Ns Ar string .Xc What realm this server should act as when dealing with version 4 -requests. The database can contain any number of realms, but since the -version 4 protocol doesn't contain a realm for the server, it must be -explicitly specified. The default is whatever is returned by +requests. +The database can contain any number of realms, but since the version 4 +protocol doesn't contain a realm for the server, it must be explicitly +specified. +The default is whatever is returned by .Fn krb_get_lrealm . This option is only availabe if the KDC has been compiled with version 4 support. .It Xo -.Fl P Ar string , -.Fl -ports= Ns Ar string +.Fl K , +.Fl -kaserver .Xc -Specifies the set of ports the KDC should listen on. It is given as a +Enable kaserver emulation (in case it's compiled in). +.It Xo +.Fl P Ar portspec , +.Fl -ports= Ns Ar portspec +.Xc +Specifies the set of ports the KDC should listen on. +It is given as a white-space separated list of services or port numbers. .It Fl -addresses= Ns Ar list of addresses -The list of addresses to listen for requests on. By default, the kdc -will listen on all the locally configured addresses. If only a subset -is desired, or the automatic detection fails, this option might be used. +The list of addresses to listen for requests on. +By default, the kdc will listen on all the locally configured +addresses. +If only a subset is desired, or the automatic detection fails, this +option might be used. .El .Pp -All activities , are logged to one or more destinations, see +All activities are logged to one or more destinations, see .Xr krb5.conf 5 , and .Xr krb5_openlog 3 . @@ -104,13 +160,14 @@ The configuration file has the same syntax as .Xr krb5.conf 5 , but will be read before .Pa /etc/krb5.conf , -so it may override settings found there. Options specific to the KDC -only are found in the +so it may override settings found there. +Options specific to the KDC only are found in the .Dq [kdc] section. All the command-line options can preferably be added in the -configuration file. The only difference is the pre-authentication flag, -that has to be specified as: +configuration file. +The only difference is the pre-authentication flag, which has to be +specified as: .Pp .Dl require-preauth = no .Pp @@ -121,21 +178,28 @@ And there are some configuration options which do not have command-line equivalents: .Bl -tag -width "xxx" -offset indent .It Li check-ticket-addresses = Va boolean -Check the addresses in the ticket when processing TGS requests. The -default is FALSE. +Check the addresses in the ticket when processing TGS requests. +The default is FALSE. .It Li allow-null-ticket-addresses = Va boolean -Permit tickets with no addresses. This option is only relevant when -check-ticket-addresses is TRUE. +Permit tickets with no addresses. +This option is only relevant when check-ticket-addresses is TRUE. .It Li allow-anonymous = Va boolean Permit anonymous tickets with no addresses. .It encode_as_rep_as_tgs_rep = Va boolean -Encode AS-Rep as TGS-Rep to be bug-compatible with old DCE code. The -Heimdal clients allow both. +Encode AS-Rep as TGS-Rep to be bug-compatible with old DCE code. +The Heimdal clients allow both. .It kdc_warn_pwexpire = Va time How long before password/principal expiration the KDC should start sending out warning messages. .El .Pp +The configuration file is only read when the +.Nm +is started. +If changes made to the configuration file are to take effect, the +.Nm +needs to be restarted. +.Pp An example of a config file: .Bd -literal -offset indent [kdc] @@ -145,14 +209,15 @@ An example of a config file: .Ed .Sh BUGS If the machine running the KDC has new addresses added to it, the KDC -will have to be restarted to listen to them. The reason it doesn't -just listen to wildcarded (like INADDR_ANY) addresses, is that the -replies has to come from the same address they were sent to, and most -OS:es doesn't pass this information to the application. If your normal -mode of operation require that you add and remove addresses, the best -option is probably to listen to a wildcarded TCP socket, and make sure -your clients use TCP to connect. For instance, this will listen to -IPv4 TCP port 88 only: +will have to be restarted to listen to them. +The reason it doesn't just listen to wildcarded (like INADDR_ANY) +addresses, is that the replies has to come from the same address they +were sent to, and most OS:es doesn't pass this information to the +application. +If your normal mode of operation require that you add and remove +addresses, the best option is probably to listen to a wildcarded TCP +socket, and make sure your clients use TCP to connect. +For instance, this will listen to IPv4 TCP port 88 only: .Bd -literal -offset indent kdc --addresses=0.0.0.0 --ports="88/tcp" .Ed diff --git a/crypto/heimdal/kdc/kdc_locl.h b/crypto/heimdal/kdc/kdc_locl.h index 6ab28d0..9c19f54 100644 --- a/crypto/heimdal/kdc/kdc_locl.h +++ b/crypto/heimdal/kdc/kdc_locl.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,7 +32,7 @@ */ /* - * $Id: kdc_locl.h,v 1.54 2002/08/19 12:18:07 joda Exp $ + * $Id: kdc_locl.h,v 1.58 2003/03/18 00:23:06 lha Exp $ */ #ifndef __KDC_LOCL_H__ @@ -62,11 +62,12 @@ extern krb5_boolean encode_as_rep_as_tgs_rep; extern krb5_boolean check_ticket_addresses; extern krb5_boolean allow_null_ticket_addresses; extern krb5_boolean allow_anonymous; +extern int enable_524; +extern int enable_v4_cross_realm; #ifdef KRB4 extern char *v4_realm; extern int enable_v4; -extern int enable_524; extern krb5_boolean enable_kaserver; #endif @@ -96,15 +97,15 @@ krb5_error_code check_flags(hdb_entry *client, const char *client_name, hdb_entry *server, const char *server_name, krb5_boolean is_as_req); +krb5_error_code get_des_key(hdb_entry*, krb5_boolean, krb5_boolean, Key**); +krb5_error_code encode_v4_ticket (void*, size_t, const EncTicketPart*, + const PrincipalName*, size_t*); +krb5_error_code do_524 (const Ticket*, krb5_data*, const char*, struct sockaddr*); + #ifdef KRB4 krb5_error_code db_fetch4 (const char*, const char*, const char*, hdb_entry**); -krb5_error_code do_524 (const Ticket*, krb5_data*, const char*, struct sockaddr*); krb5_error_code do_version4 (unsigned char*, size_t, krb5_data*, const char*, struct sockaddr_in*); -krb5_error_code encode_v4_ticket (void*, size_t, const EncTicketPart*, - const PrincipalName*, size_t*); -krb5_error_code encrypt_v4_ticket (void*, size_t, des_cblock*, EncryptedData*); -krb5_error_code get_des_key(hdb_entry*, krb5_boolean, krb5_boolean, Key**); int maybe_version4 (unsigned char*, int); #endif diff --git a/crypto/heimdal/kdc/kerberos4.c b/crypto/heimdal/kdc/kerberos4.c index c3a851b..8c6c3f0 100644 --- a/crypto/heimdal/kdc/kerberos4.c +++ b/crypto/heimdal/kdc/kerberos4.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: kerberos4.c,v 1.41 2002/04/18 16:08:24 joda Exp $"); +RCSID("$Id: kerberos4.c,v 1.45 2003/03/17 05:37:55 assar Exp $"); #ifdef KRB4 @@ -108,67 +108,6 @@ db_fetch4(const char *name, const char *instance, const char *realm, return ret; } -krb5_error_code -get_des_key(hdb_entry *principal, krb5_boolean is_server, - krb5_boolean prefer_afs_key, Key **ret_key) -{ - Key *v5_key = NULL, *v4_key = NULL, *afs_key = NULL, *server_key = NULL; - int i; - krb5_enctype etypes[] = { ETYPE_DES_CBC_MD5, - ETYPE_DES_CBC_MD4, - ETYPE_DES_CBC_CRC }; - - for(i = 0; - i < sizeof(etypes)/sizeof(etypes[0]) - && (v5_key == NULL || v4_key == NULL || - afs_key == NULL || server_key == NULL); - ++i) { - Key *key = NULL; - while(hdb_next_enctype2key(context, principal, etypes[i], &key) == 0) { - if(key->salt == NULL) { - if(v5_key == NULL) - v5_key = key; - } else if(key->salt->type == hdb_pw_salt && - key->salt->salt.length == 0) { - if(v4_key == NULL) - v4_key = key; - } else if(key->salt->type == hdb_afs3_salt) { - if(afs_key == NULL) - afs_key = key; - } else if(server_key == NULL) - server_key = key; - } - } - - if(prefer_afs_key) { - if(afs_key) - *ret_key = afs_key; - else if(v4_key) - *ret_key = v4_key; - else if(v5_key) - *ret_key = v5_key; - else if(is_server && server_key) - *ret_key = server_key; - else - return KERB_ERR_NULL_KEY; - } else { - if(v4_key) - *ret_key = v4_key; - else if(afs_key) - *ret_key = afs_key; - else if(v5_key) - *ret_key = v5_key; - else if(is_server && server_key) - *ret_key = server_key; - else - return KERB_ERR_NULL_KEY; - } - - if((*ret_key)->key.keyvalue.length == 0) - return KERB_ERR_NULL_KEY; - return 0; -} - #define RCHECK(X, L) if(X){make_err_reply(reply, KFAILURE, "Packet too short"); goto L;} /* @@ -208,7 +147,7 @@ do_version4(unsigned char *buf, sp = krb5_storage_from_mem(buf, len); RCHECK(krb5_ret_int8(sp, &pvno), out); if(pvno != 4){ - kdc_log(0, "Protocol version mismatch (%d)", pvno); + kdc_log(0, "Protocol version mismatch (krb4) (%d)", pvno); make_err_reply(reply, KDC_PKT_VER, NULL); goto out; } @@ -231,7 +170,7 @@ do_version4(unsigned char *buf, snprintf (server_name, sizeof(server_name), "%s.%s@%s", sname, sinst, v4_realm); - kdc_log(0, "AS-REQ %s from %s for %s", + kdc_log(0, "AS-REQ (krb4) %s from %s for %s", client_name, from, server_name); ret = db_fetch4(name, inst, realm, &client); @@ -354,7 +293,7 @@ do_version4(unsigned char *buf, ret = krb5_425_conv_principal(context, "krbtgt", realm, v4_realm, &tgt_princ); if(ret){ - kdc_log(0, "Converting krbtgt principal: %s", + kdc_log(0, "Converting krbtgt principal (krb4): %s", krb5_get_err_text(context, ret)); make_err_reply(reply, KFAILURE, "Failed to convert v4 principal (krbtgt)"); @@ -365,7 +304,7 @@ do_version4(unsigned char *buf, if(ret){ char *s; s = kdc_log_msg(0, "Ticket-granting ticket not " - "found in database: krbtgt.%s@%s: %s", + "found in database (krb4): krbtgt.%s@%s: %s", realm, v4_realm, krb5_get_err_text(context, ret)); make_err_reply(reply, KFAILURE, s); @@ -374,7 +313,7 @@ do_version4(unsigned char *buf, } if(tgt->kvno % 256 != kvno){ - kdc_log(0, "tgs-req with old kvno %d (current %d) for " + kdc_log(0, "tgs-req (krb4) with old kvno %d (current %d) for " "krbtgt.%s@%s", kvno, tgt->kvno % 256, realm, v4_realm); make_err_reply(reply, KDC_AUTH_EXP, "old krbtgt kvno used"); @@ -383,7 +322,7 @@ do_version4(unsigned char *buf, ret = get_des_key(tgt, TRUE, FALSE, &tkey); if(ret){ - kdc_log(0, "no suitable DES key for krbtgt"); + kdc_log(0, "no suitable DES key for krbtgt (krb4)"); /* XXX */ make_err_reply(reply, KDC_NULL_KEY, "no suitable DES key for krbtgt"); @@ -420,18 +359,25 @@ do_version4(unsigned char *buf, "%s.%s@%s", sname, sinst, v4_realm); - kdc_log(0, "TGS-REQ %s.%s@%s from %s for %s", + kdc_log(0, "TGS-REQ (krb4) %s.%s@%s from %s for %s", ad.pname, ad.pinst, ad.prealm, from, server_name); if(strcmp(ad.prealm, realm)){ - kdc_log(0, "Can't hop realms %s -> %s", realm, ad.prealm); + kdc_log(0, "Can't hop realms (krb4) %s -> %s", realm, ad.prealm); + make_err_reply(reply, KERB_ERR_PRINCIPAL_UNKNOWN, + "Can't hop realms"); + goto out2; + } + + if (!enable_v4_cross_realm && strcmp(realm, v4_realm) != 0) { + kdc_log(0, "krb4 Cross-realm %s -> %s disabled", realm, v4_realm); make_err_reply(reply, KERB_ERR_PRINCIPAL_UNKNOWN, "Can't hop realms"); goto out2; } if(strcmp(sname, "changepw") == 0){ - kdc_log(0, "Bad request for changepw ticket"); + kdc_log(0, "Bad request for changepw ticket (krb4)"); make_err_reply(reply, KERB_ERR_PRINCIPAL_UNKNOWN, "Can't authorize password change based on TGT"); goto out2; @@ -441,7 +387,8 @@ do_version4(unsigned char *buf, ret = db_fetch4(ad.pname, ad.pinst, ad.prealm, &client); if(ret){ char *s; - s = kdc_log_msg(0, "Client not found in database: %s.%s@%s: %s", + s = kdc_log_msg(0, "Client not found in database: (krb4) " + "%s.%s@%s: %s", ad.pname, ad.pinst, ad.prealm, krb5_get_err_text(context, ret)); make_err_reply(reply, KERB_ERR_PRINCIPAL_UNKNOWN, s); @@ -453,7 +400,7 @@ do_version4(unsigned char *buf, ret = db_fetch4(sname, sinst, v4_realm, &server); if(ret){ char *s; - s = kdc_log_msg(0, "Server not found in database: %s: %s", + s = kdc_log_msg(0, "Server not found in database (krb4): %s: %s", server_name, krb5_get_err_text(context, ret)); make_err_reply(reply, KERB_ERR_PRINCIPAL_UNKNOWN, s); free(s); @@ -471,7 +418,7 @@ do_version4(unsigned char *buf, ret = get_des_key(server, TRUE, FALSE, &skey); if(ret){ - kdc_log(0, "no suitable DES key for server"); + kdc_log(0, "no suitable DES key for server (krb4)"); /* XXX */ make_err_reply(reply, KDC_NULL_KEY, "no suitable DES key for server"); @@ -494,6 +441,7 @@ do_version4(unsigned char *buf, KTEXT r; des_cblock session; des_new_random_key(&session); + krb_create_ticket(&ticket, 0, ad.pname, ad.pinst, ad.prealm, addr->sin_addr.s_addr, &session, life, kdc_time, sname, sinst, skey->key.keyvalue.data); @@ -522,7 +470,7 @@ do_version4(unsigned char *buf, case AUTH_MSG_ERR_REPLY: break; default: - kdc_log(0, "Unknown message type: %d from %s", + kdc_log(0, "Unknown message type (krb4): %d from %s", msg_type, from); make_err_reply(reply, KFAILURE, "Unknown message type"); @@ -546,30 +494,11 @@ out: return 0; } +#else /* KRB4 */ -#define ETYPE_DES_PCBC 17 /* XXX */ +#include <krb5-v4compat.h> -krb5_error_code -encrypt_v4_ticket(void *buf, size_t len, des_cblock *key, EncryptedData *reply) -{ - des_key_schedule schedule; - - reply->etype = ETYPE_DES_PCBC; - reply->kvno = NULL; - reply->cipher.length = len; - reply->cipher.data = malloc(len); - if(len != 0 && reply->cipher.data == NULL) - return ENOMEM; - des_set_key(key, schedule); - des_pcbc_encrypt(buf, - reply->cipher.data, - len, - schedule, - key, - DES_ENCRYPT); - memset(schedule, 0, sizeof(schedule)); - return 0; -} +#endif /* KRB4 */ krb5_error_code encode_v4_ticket(void *buf, size_t len, const EncTicketPart *et, @@ -658,4 +587,64 @@ encode_v4_ticket(void *buf, size_t len, const EncTicketPart *et, return 0; } -#endif /* KRB4 */ +krb5_error_code +get_des_key(hdb_entry *principal, krb5_boolean is_server, + krb5_boolean prefer_afs_key, Key **ret_key) +{ + Key *v5_key = NULL, *v4_key = NULL, *afs_key = NULL, *server_key = NULL; + int i; + krb5_enctype etypes[] = { ETYPE_DES_CBC_MD5, + ETYPE_DES_CBC_MD4, + ETYPE_DES_CBC_CRC }; + + for(i = 0; + i < sizeof(etypes)/sizeof(etypes[0]) + && (v5_key == NULL || v4_key == NULL || + afs_key == NULL || server_key == NULL); + ++i) { + Key *key = NULL; + while(hdb_next_enctype2key(context, principal, etypes[i], &key) == 0) { + if(key->salt == NULL) { + if(v5_key == NULL) + v5_key = key; + } else if(key->salt->type == hdb_pw_salt && + key->salt->salt.length == 0) { + if(v4_key == NULL) + v4_key = key; + } else if(key->salt->type == hdb_afs3_salt) { + if(afs_key == NULL) + afs_key = key; + } else if(server_key == NULL) + server_key = key; + } + } + + if(prefer_afs_key) { + if(afs_key) + *ret_key = afs_key; + else if(v4_key) + *ret_key = v4_key; + else if(v5_key) + *ret_key = v5_key; + else if(is_server && server_key) + *ret_key = server_key; + else + return KERB_ERR_NULL_KEY; + } else { + if(v4_key) + *ret_key = v4_key; + else if(afs_key) + *ret_key = afs_key; + else if(v5_key) + *ret_key = v5_key; + else if(is_server && server_key) + *ret_key = server_key; + else + return KERB_ERR_NULL_KEY; + } + + if((*ret_key)->key.keyvalue.length == 0) + return KERB_ERR_NULL_KEY; + return 0; +} + diff --git a/crypto/heimdal/kdc/kerberos5.c b/crypto/heimdal/kdc/kerberos5.c index 7ba9680..232c3ad 100644 --- a/crypto/heimdal/kdc/kerberos5.c +++ b/crypto/heimdal/kdc/kerberos5.c @@ -33,7 +33,7 @@ #include "kdc_locl.h" -RCSID("$Id: kerberos5.c,v 1.143 2002/09/09 14:03:02 nectar Exp $"); +RCSID("$Id: kerberos5.c,v 1.145 2003/04/15 11:07:39 lha Exp $"); #define MAX_TIME ((time_t)((1U << 31) - 1)) @@ -716,9 +716,10 @@ as_rep(KDC_REQ *req, if (ret == 0) { kdc_log(5, "Using %s/%s", cet, set); free(set); - } else - free(cet); - } else + } + free(cet); + } + if (ret != 0) kdc_log(5, "Using e-types %d/%d", cetype, setype); } @@ -914,8 +915,8 @@ as_rep(KDC_REQ *req, client->kvno, &ckey->key, &e_text, reply); free_EncTicketPart(&et); free_EncKDCRepPart(&ek); - free_AS_REP(&rep); out: + free_AS_REP(&rep); if(ret){ krb5_mk_error(context, ret, @@ -1172,18 +1173,15 @@ tgs_make_reply(KDC_REQ_BODY *b, ret = check_tgs_flags(b, tgt, &et); if(ret) - return ret; + goto out; copy_TransitedEncoding(&tgt->transited, &et.transited); ret = fix_transited_encoding(&et.transited, *krb5_princ_realm(context, client_principal), *krb5_princ_realm(context, server->principal), *krb5_princ_realm(context, krbtgt->principal)); - if(ret){ - free_TransitedEncoding(&et.transited); - return ret; - } - + if(ret) + goto out; copy_Realm(krb5_princ_realm(context, server->principal), &rep.ticket.realm); @@ -1457,6 +1455,7 @@ tgs_rep2(KDC_REQ_BODY *b, if(ret) { char *p; krb5_unparse_name(context, princ, &p); + krb5_free_principal(context, princ); kdc_log(0, "Ticket-granting ticket not found in database: %s: %s", p, krb5_get_err_text(context, ret)); free(p); @@ -1469,6 +1468,7 @@ tgs_rep2(KDC_REQ_BODY *b, char *p; krb5_unparse_name (context, princ, &p); + krb5_free_principal(context, princ); kdc_log(0, "Ticket kvno = %d, DB kvno = %d (%s)", *ap_req.ticket.enc_part.kvno, krbtgt->kvno, diff --git a/crypto/heimdal/kdc/string2key.8 b/crypto/heimdal/kdc/string2key.8 index 7b081d4..dc9d63b 100644 --- a/crypto/heimdal/kdc/string2key.8 +++ b/crypto/heimdal/kdc/string2key.8 @@ -1,4 +1,35 @@ -.\" $Id: string2key.8,v 1.5 2002/08/20 16:37:16 joda Exp $ +.\" Copyright (c) 2000 - 2002 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: string2key.8,v 1.6 2003/02/16 21:10:21 lha Exp $ .\" .Dd March 4, 2000 .Dt STRING2KEY 8 diff --git a/crypto/heimdal/kdc/string2key.c b/crypto/heimdal/kdc/string2key.c index 677ada6..8a38442 100644 --- a/crypto/heimdal/kdc/string2key.c +++ b/crypto/heimdal/kdc/string2key.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 1999, 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -34,7 +34,7 @@ #include "headers.h" #include <getarg.h> -RCSID("$Id: string2key.c,v 1.19 2002/04/18 10:18:07 joda Exp $"); +RCSID("$Id: string2key.c,v 1.20 2003/03/25 12:28:52 joda Exp $"); int version5; int version4; @@ -42,7 +42,7 @@ int afs; char *principal; char *cell; char *password; -const char *keytype_str = "des-cbc-md5"; +const char *keytype_str = "des3-cbc-sha1"; int version; int help; @@ -76,8 +76,11 @@ tokey(krb5_context context, { int i; krb5_keyblock key; + char *e; krb5_string_to_key_salt(context, enctype, password, salt, &key); - printf("%s: ", label); + krb5_enctype_to_string(context, enctype, &e); + printf(label, e); + printf(": "); for(i = 0; i < key.keyvalue.length; i++) printf("%02x", ((unsigned char*)key.keyvalue.data)[i]); printf("\n"); @@ -115,23 +118,35 @@ main(int argc, char **argv) version5 = 1; ret = krb5_string_to_enctype(context, keytype_str, &etype); -#if 0 if(ret) { krb5_keytype keytype; + int *etypes; + unsigned num; ret = krb5_string_to_keytype(context, keytype_str, &keytype); - ret = krb5_keytype_to_enctype(context, keytype, &etype); + if(ret) + krb5_err(context, 1, ret, "%s", keytype_str); + ret = krb5_keytype_to_enctypes(context, keytype, &num, &etypes); + if(ret) + krb5_err(context, 1, ret, "%s", keytype_str); + if(num == 0) + krb5_errx(context, 1, "there are no encryption types for that keytype"); + etype = etypes[0]; + krb5_enctype_to_string(context, etype, &keytype_str); + if(num > 1 && version5) + krb5_warnx(context, "ambiguous keytype, using %s", keytype_str); } -#endif - if(ret) - krb5_err(context, 1, ret, "%s", keytype_str); if((etype != ETYPE_DES_CBC_CRC && etype != ETYPE_DES_CBC_MD4 && etype != ETYPE_DES_CBC_MD5) && - (afs || version4)) - krb5_errx(context, 1, - "DES is the only valid keytype for AFS and Kerberos 4"); - + (afs || version4)) { + if(!version5) { + etype = ETYPE_DES_CBC_CRC; + } else { + krb5_errx(context, 1, + "DES is the only valid keytype for AFS and Kerberos 4"); + } + } if(version5 && principal == NULL){ printf("Kerberos v5 principal: "); @@ -160,20 +175,20 @@ main(int argc, char **argv) if(version5){ krb5_parse_name(context, principal, &princ); krb5_get_pw_salt(context, princ, &salt); - tokey(context, etype, password, salt, "Kerberos v5 key"); + tokey(context, etype, password, salt, "Kerberos 5 (%s)"); krb5_free_salt(context, salt); } if(version4){ salt.salttype = KRB5_PW_SALT; salt.saltvalue.length = 0; salt.saltvalue.data = NULL; - tokey(context, ETYPE_DES_CBC_MD5, password, salt, "Kerberos v4 key"); + tokey(context, ETYPE_DES_CBC_MD5, password, salt, "Kerberos 4"); } if(afs){ salt.salttype = KRB5_AFS3_SALT; salt.saltvalue.length = strlen(cell); salt.saltvalue.data = cell; - tokey(context, ETYPE_DES_CBC_MD5, password, salt, "AFS key"); + tokey(context, ETYPE_DES_CBC_MD5, password, salt, "AFS"); } return 0; } diff --git a/crypto/heimdal/kdc/v4_dump.c b/crypto/heimdal/kdc/v4_dump.c index dc0a8f2..ddf8222 100644 --- a/crypto/heimdal/kdc/v4_dump.c +++ b/crypto/heimdal/kdc/v4_dump.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000 Kungliga Tekniska Högskolan + * Copyright (c) 2000 - 2001, 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "hprop.h" -RCSID("$Id: v4_dump.c,v 1.4 2001/01/26 15:55:07 joda Exp $"); +RCSID("$Id: v4_dump.c,v 1.4.8.1 2003/04/28 12:24:54 lha Exp $"); static time_t time_parse(const char *cp) @@ -103,7 +103,7 @@ v4_prop_dump(void *arg, const char *file) memset(&pr, 0, sizeof(pr)); errno = 0; lineno++; - ret = sscanf(buf, "%s %s %d %d %d %d %lx %lx %s %s %s %s", + ret = sscanf(buf, "%63s %63s %d %d %d %d %lx %lx %63s %63s %63s %63s", pr.name, pr.instance, &pr.max_life, &pr.mkvno, &pr.kvno, &attributes, diff --git a/crypto/heimdal/kpasswd/Makefile.in b/crypto/heimdal/kpasswd/Makefile.in index 8a3afd6..e52643d 100644 --- a/crypto/heimdal/kpasswd/Makefile.in +++ b/crypto/heimdal/kpasswd/Makefile.in @@ -18,7 +18,7 @@ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -282,10 +283,10 @@ all: all-am .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign kpasswd/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) binPROGRAMS_INSTALL = $(INSTALL_PROGRAM) install-binPROGRAMS: $(bin_PROGRAMS) @@ -571,7 +572,9 @@ info: info-am info-am: -install-data-am: install-data-local install-man +install-data-am: install-man + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: install-binPROGRAMS install-libexecPROGRAMS @$(NORMAL_INSTALL) @@ -602,15 +605,15 @@ uninstall-man: uninstall-man1 uninstall-man8 clean-libtool clean-noinstPROGRAMS distclean distclean-compile \ distclean-generic distclean-libtool distclean-tags distdir dvi \ dvi-am info info-am install install-am install-binPROGRAMS \ - install-data install-data-am install-data-local install-exec \ - install-exec-am install-info install-info-am \ - install-libexecPROGRAMS install-man install-man1 install-man8 \ - install-strip installcheck installcheck-am installdirs \ - maintainer-clean maintainer-clean-generic mostlyclean \ - mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ - tags uninstall uninstall-am uninstall-binPROGRAMS \ - uninstall-info-am uninstall-libexecPROGRAMS uninstall-man \ - uninstall-man1 uninstall-man8 + install-data install-data-am install-exec install-exec-am \ + install-info install-info-am install-libexecPROGRAMS \ + install-man install-man1 install-man8 install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool tags uninstall \ + uninstall-am uninstall-binPROGRAMS uninstall-info-am \ + uninstall-libexecPROGRAMS uninstall-man uninstall-man1 \ + uninstall-man8 install-suid-programs: @@ -736,7 +739,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/kpasswd/kpasswd.1 b/crypto/heimdal/kpasswd/kpasswd.1 index 5d017a6..1c2e26c 100644 --- a/crypto/heimdal/kpasswd/kpasswd.1 +++ b/crypto/heimdal/kpasswd/kpasswd.1 @@ -1,4 +1,35 @@ -.\" $Id: kpasswd.1,v 1.4 2002/08/28 14:23:10 joda Exp $ +.\" Copyright (c) 1997, 2000 - 2002 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: kpasswd.1,v 1.5 2003/02/16 21:10:22 lha Exp $ .\" .Dd August 27, 1997 .Dt KPASSWD 1 diff --git a/crypto/heimdal/kpasswd/kpasswdd.8 b/crypto/heimdal/kpasswd/kpasswdd.8 index fb4d199..899b3a3 100644 --- a/crypto/heimdal/kpasswd/kpasswdd.8 +++ b/crypto/heimdal/kpasswd/kpasswdd.8 @@ -1,4 +1,4 @@ -.\" $Id: kpasswdd.8,v 1.7 2002/08/20 16:37:17 joda Exp $ +.\" $Id: kpasswdd.8,v 1.8 2003/02/04 21:48:01 lha Exp $ .\" .Dd April 19, 1999 .Dt KPASSWDD 8 @@ -59,17 +59,17 @@ is not zero terminated. .Fl k Ar kspec , .Fl -keytab= Ns Ar kspec .Xc -keytab to get authentication key from +Keytab to get authentication key from .It Xo .Fl r Ar realm , .Fl -realm= Ns Ar realm .Xc -default realm +Default realm .It Xo .Fl p Ar string , .Fl -port= Ns Ar string .Xc -port to listen on (default service kpasswd - 464). +Port to listen on (default service kpasswd - 464). .El .Sh DIAGNOSTICS If an error occurs, the error message is returned to the user and/or diff --git a/crypto/heimdal/kpasswd/kpasswdd.c b/crypto/heimdal/kpasswd/kpasswdd.c index d3a0a27..6b33732 100644 --- a/crypto/heimdal/kpasswd/kpasswdd.c +++ b/crypto/heimdal/kpasswd/kpasswdd.c @@ -32,7 +32,7 @@ */ #include "kpasswd_locl.h" -RCSID("$Id: kpasswdd.c,v 1.53 2002/08/19 15:07:31 joda Exp $"); +RCSID("$Id: kpasswdd.c,v 1.54 2002/12/02 14:31:52 joda Exp $"); #include <kadm5/admin.h> #ifdef HAVE_SYS_UN_H @@ -448,7 +448,7 @@ doit (krb5_keytab keytab, int port) maxfd = -1; FD_ZERO(&real_fdset); for (i = 0; i < n; ++i) { - int sa_size; + int sa_size = sizeof(__ss); krb5_addr2sockaddr (context, &addrs.val[i], sa, &sa_size, port); diff --git a/crypto/heimdal/kuser/Makefile.am b/crypto/heimdal/kuser/Makefile.am index b77ec28..e33b948 100644 --- a/crypto/heimdal/kuser/Makefile.am +++ b/crypto/heimdal/kuser/Makefile.am @@ -1,8 +1,8 @@ -# $Id: Makefile.am,v 1.30 2001/09/02 17:12:23 joda Exp $ +# $Id: Makefile.am,v 1.31 2003/03/18 13:15:27 lha Exp $ include $(top_srcdir)/Makefile.am.common -INCLUDES += $(INCLUDE_krb4) +INCLUDES += $(INCLUDE_krb4) $(INCLUDE_des) -I$(srcdir)/../lib/krb5 man_MANS = kinit.1 klist.1 kdestroy.1 kgetcred.1 diff --git a/crypto/heimdal/kuser/Makefile.in b/crypto/heimdal/kuser/Makefile.in index 89ca1b7..0a2324c 100644 --- a/crypto/heimdal/kuser/Makefile.in +++ b/crypto/heimdal/kuser/Makefile.in @@ -14,11 +14,11 @@ @SET_MAKE@ -# $Id: Makefile.am,v 1.30 2001/09/02 17:12:23 joda Exp $ +# $Id: Makefile.am,v 1.31 2003/03/18 13:15:27 lha Exp $ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -142,7 +143,7 @@ AUTOMAKE_OPTIONS = foreign no-dependencies 1.6 SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4) +INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4) $(INCLUDE_des) -I$(srcdir)/../lib/krb5 @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -250,11 +251,9 @@ kdecode_ticket_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \ kdecode_ticket_LDFLAGS = kdestroy_SOURCES = kdestroy.c kdestroy_OBJECTS = kdestroy.$(OBJEXT) -@KRB4_TRUE@kdestroy_DEPENDENCIES = $(top_builddir)/lib/kafs/libkafs.la \ -@KRB4_TRUE@ $(top_builddir)/lib/krb5/libkrb5.la \ -@KRB4_TRUE@ $(top_builddir)/lib/asn1/libasn1.la -@KRB4_FALSE@kdestroy_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \ -@KRB4_FALSE@ $(top_builddir)/lib/asn1/libasn1.la +kdestroy_DEPENDENCIES = $(top_builddir)/lib/kafs/libkafs.la \ + $(top_builddir)/lib/krb5/libkrb5.la \ + $(top_builddir)/lib/asn1/libasn1.la kdestroy_LDFLAGS = kgetcred_SOURCES = kgetcred.c kgetcred_OBJECTS = kgetcred.$(OBJEXT) @@ -264,19 +263,15 @@ kgetcred_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \ kgetcred_LDFLAGS = kinit_SOURCES = kinit.c kinit_OBJECTS = kinit.$(OBJEXT) -@KRB4_TRUE@kinit_DEPENDENCIES = $(top_builddir)/lib/kafs/libkafs.la \ -@KRB4_TRUE@ $(top_builddir)/lib/krb5/libkrb5.la \ -@KRB4_TRUE@ $(top_builddir)/lib/asn1/libasn1.la -@KRB4_FALSE@kinit_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \ -@KRB4_FALSE@ $(top_builddir)/lib/asn1/libasn1.la +kinit_DEPENDENCIES = $(top_builddir)/lib/kafs/libkafs.la \ + $(top_builddir)/lib/krb5/libkrb5.la \ + $(top_builddir)/lib/asn1/libasn1.la kinit_LDFLAGS = klist_SOURCES = klist.c klist_OBJECTS = klist.$(OBJEXT) -@KRB4_TRUE@klist_DEPENDENCIES = $(top_builddir)/lib/kafs/libkafs.la \ -@KRB4_TRUE@ $(top_builddir)/lib/krb5/libkrb5.la \ -@KRB4_TRUE@ $(top_builddir)/lib/asn1/libasn1.la -@KRB4_FALSE@klist_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \ -@KRB4_FALSE@ $(top_builddir)/lib/asn1/libasn1.la +klist_DEPENDENCIES = $(top_builddir)/lib/kafs/libkafs.la \ + $(top_builddir)/lib/krb5/libkrb5.la \ + $(top_builddir)/lib/asn1/libasn1.la klist_LDFLAGS = kverify_SOURCES = kverify.c kverify_OBJECTS = kverify.$(OBJEXT) @@ -310,10 +305,10 @@ all: all-am .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign kuser/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) binPROGRAMS_INSTALL = $(INSTALL_PROGRAM) install-binPROGRAMS: $(bin_PROGRAMS) @@ -545,7 +540,9 @@ info: info-am info-am: -install-data-am: install-data-local install-man +install-data-am: install-man + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: install-binPROGRAMS @$(NORMAL_INSTALL) @@ -575,14 +572,13 @@ uninstall-man: uninstall-man1 clean-noinstPROGRAMS distclean distclean-compile \ distclean-generic distclean-libtool distclean-tags distdir dvi \ dvi-am info info-am install install-am install-binPROGRAMS \ - install-data install-data-am install-data-local install-exec \ - install-exec-am install-info install-info-am install-man \ - install-man1 install-strip installcheck installcheck-am \ - installdirs maintainer-clean maintainer-clean-generic \ - mostlyclean mostlyclean-compile mostlyclean-generic \ - mostlyclean-libtool tags uninstall uninstall-am \ - uninstall-binPROGRAMS uninstall-info-am uninstall-man \ - uninstall-man1 + install-data install-data-am install-exec install-exec-am \ + install-info install-info-am install-man install-man1 \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + tags uninstall uninstall-am uninstall-binPROGRAMS \ + uninstall-info-am uninstall-man uninstall-man1 install-suid-programs: @@ -708,7 +704,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/kuser/kdestroy.1 b/crypto/heimdal/kuser/kdestroy.1 index 8d8b430..8910e9a 100644 --- a/crypto/heimdal/kuser/kdestroy.1 +++ b/crypto/heimdal/kuser/kdestroy.1 @@ -1,4 +1,35 @@ -.\" $Id: kdestroy.1,v 1.3 2001/05/02 08:59:22 assar Exp $ +.\" Copyright (c) 1997, 1999, 2001 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: kdestroy.1,v 1.4 2003/02/16 21:10:23 lha Exp $ .\" .Dd August 27, 1997 .Dt KDESTROY 1 diff --git a/crypto/heimdal/kuser/kdestroy.c b/crypto/heimdal/kuser/kdestroy.c index a1a5c0d..4d23245 100644 --- a/crypto/heimdal/kuser/kdestroy.c +++ b/crypto/heimdal/kuser/kdestroy.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2000, 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,7 +32,7 @@ */ #include "kuser_locl.h" -RCSID("$Id: kdestroy.c,v 1.13 2001/02/20 01:44:51 assar Exp $"); +RCSID("$Id: kdestroy.c,v 1.14.2.1 2003/05/08 18:59:17 lha Exp $"); static const char *cache; static int help_flag; @@ -91,8 +91,13 @@ main (int argc, char **argv) if (ret) errx (1, "krb5_init_context failed: %d", ret); - if(cache == NULL) + if(cache == NULL) { cache = krb5_cc_default_name(context); + if (cache == NULL) { + warnx ("krb5_cc_default_name: %s", krb5_get_err_text(context, ret)); + exit(1); + } + } ret = krb5_cc_resolve(context, cache, @@ -115,11 +120,11 @@ main (int argc, char **argv) #if KRB4 if(dest_tkt_flag && dest_tkt ()) exit_val = 1; +#endif if (unlog_flag && k_hasafs ()) { if (k_unlog ()) exit_val = 1; } -#endif return exit_val; } diff --git a/crypto/heimdal/kuser/kgetcred.1 b/crypto/heimdal/kuser/kgetcred.1 index 2aff7ec..f69e411 100644 --- a/crypto/heimdal/kuser/kgetcred.1 +++ b/crypto/heimdal/kuser/kgetcred.1 @@ -1,4 +1,35 @@ -.\" $Id: kgetcred.1,v 1.5 2002/08/20 16:37:19 joda Exp $ +.\" Copyright (c) 1999, 2001 - 2002 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: kgetcred.1,v 1.6 2003/02/16 21:10:24 lha Exp $ .\" .Dd May 14, 1999 .Dt KGETCRED 1 diff --git a/crypto/heimdal/kuser/kinit.1 b/crypto/heimdal/kuser/kinit.1 index 59c2e63..97ed2af 100644 --- a/crypto/heimdal/kuser/kinit.1 +++ b/crypto/heimdal/kuser/kinit.1 @@ -1,4 +1,35 @@ -.\" $Id: kinit.1,v 1.20 2002/08/28 16:09:36 joda Exp $ +.\" Copyright (c) 1998 - 2002 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: kinit.1,v 1.23 2003/04/06 17:49:05 lha Exp $ .\" .Dd May 29, 1998 .Dt KINIT 1 @@ -58,7 +89,7 @@ .Op Ar principal Op Ar command .Sh DESCRIPTION .Nm -is used to authenticate to the kerberos server as +is used to authenticate to the Kerberos server as .Ar principal , or if none is given, a system generated default (typically your login name at the default realm), and acquire a ticket granting ticket that @@ -91,7 +122,7 @@ Get ticket that can be forwarded to another host. Don't ask for a password, but instead get the key from the specified keytab. .It Xo -.Fl l Ar time Ns , +.Fl l Ar time , .Fl -lifetime= Ns Ar time .Xc Specifies the lifetime of the ticket. The argument can either be in diff --git a/crypto/heimdal/kuser/kinit.c b/crypto/heimdal/kuser/kinit.c index 5ce4642..0d40bbf 100644 --- a/crypto/heimdal/kuser/kinit.c +++ b/crypto/heimdal/kuser/kinit.c @@ -32,7 +32,7 @@ */ #include "kuser_locl.h" -RCSID("$Id: kinit.c,v 1.90 2002/09/09 22:17:53 joda Exp $"); +RCSID("$Id: kinit.c,v 1.90.4.1 2003/05/08 18:58:37 lha Exp $"); int forwardable_flag = -1; int proxiable_flag = -1; @@ -52,9 +52,9 @@ char *start_str = NULL; struct getarg_strings etype_str; int use_keytab = 0; char *keytab_str = NULL; +int do_afslog = -1; #ifdef KRB4 int get_v4_tgt = -1; -int do_afslog = -1; int convert_524; #endif int fcache_version; @@ -66,10 +66,10 @@ static struct getargs args[] = { { "524convert", '9', arg_flag, &convert_524, "only convert ticket to version 4" }, - +#endif { "afslog", 0 , arg_flag, &do_afslog, "obtain afs tokens" }, -#endif + { "cache", 'c', arg_string, &cred_cache, "credentials cache", "cachename" }, @@ -370,16 +370,15 @@ renew_validate(krb5_context context, } ret = krb5_cc_store_cred(context, cache, out); -#ifdef KRB4 if(ret == 0 && server == NULL) { +#ifdef KRB4 /* only do this if it's a general renew-my-tgt request */ if(get_v4_tgt) do_524init(context, cache, out, NULL); - +#endif if(do_afslog && k_hasafs()) krb5_afslog(context, cache, NULL, NULL); } -#endif krb5_free_creds (context, out); if(ret) { @@ -648,11 +647,11 @@ main (int argc, char **argv) krb5_appdefault_boolean(context, "kinit", krb5_principal_get_realm(context, principal), "krb4_get_tickets", TRUE, &get_v4_tgt); +#endif if(do_afslog == -1) krb5_appdefault_boolean(context, "kinit", krb5_principal_get_realm(context, principal), "afslog", TRUE, &do_afslog); -#endif if(!addrs_flag && extra_addresses.num_strings > 0) krb5_errx(context, 1, "specifying both extra addresses and " @@ -687,17 +686,17 @@ main (int argc, char **argv) #ifdef KRB4 if(get_v4_tgt) do_524init(context, ccache, NULL, server); +#endif if(do_afslog && k_hasafs()) krb5_afslog(context, ccache, NULL, NULL); -#endif if(argc > 1) { simple_execvp(argv[1], argv+1); krb5_cc_destroy(context, ccache); #ifdef KRB4 dest_tkt(); +#endif if(k_hasafs()) k_unlog(); -#endif } else krb5_cc_close (context, ccache); krb5_free_principal(context, principal); diff --git a/crypto/heimdal/kuser/klist.1 b/crypto/heimdal/kuser/klist.1 index a0997d7..a144365 100644 --- a/crypto/heimdal/kuser/klist.1 +++ b/crypto/heimdal/kuser/klist.1 @@ -1,4 +1,35 @@ -.\" $Id: klist.1,v 1.11 2002/08/20 17:07:14 joda Exp $ +.\" Copyright (c) 2000 - 2002 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: klist.1,v 1.12 2003/02/16 21:10:26 lha Exp $ .\" .Dd July 8, 2000 .Dt KLIST 1 diff --git a/crypto/heimdal/kuser/klist.c b/crypto/heimdal/kuser/klist.c index dbee058..79a1fa4 100644 --- a/crypto/heimdal/kuser/klist.c +++ b/crypto/heimdal/kuser/klist.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -34,7 +34,7 @@ #include "kuser_locl.h" #include "rtbl.h" -RCSID("$Id: klist.c,v 1.67.2.1 2002/10/21 14:31:27 joda Exp $"); +RCSID("$Id: klist.c,v 1.68.2.1 2003/05/08 18:59:56 lha Exp $"); static char* printable_time(time_t t) @@ -466,6 +466,7 @@ display_v4_tickets (int do_verbose) */ return 0; } +#endif /* KRB4 */ /* * Print a list of all AFS tokens @@ -500,7 +501,7 @@ display_tokens(int do_verbose) continue; if(parms.out_size < sizeof(size_secret_tok)) continue; - t[parms.out_size] = 0; + t[min(parms.out_size,sizeof(t)-1)] = 0; memcpy(&size_secret_tok, r, sizeof(size_secret_tok)); /* dont bother about the secret token */ r += size_secret_tok + sizeof(size_secret_tok); @@ -536,7 +537,6 @@ display_tokens(int do_verbose) putchar('\n'); } } -#endif /* KRB4 */ /* * display the ccache in `cred_cache' @@ -596,8 +596,8 @@ static int do_verbose = 0; static int do_test = 0; #ifdef KRB4 static int do_v4 = 1; -static int do_tokens = 0; #endif +static int do_tokens = 0; static int do_v5 = 1; static char *cred_cache; static int do_flags = 0; @@ -612,9 +612,9 @@ static struct getargs args[] = { #ifdef KRB4 { "v4", '4', arg_flag, &do_v4, "display v4 tickets", NULL }, +#endif { "tokens", 'T', arg_flag, &do_tokens, "display AFS tokens", NULL }, -#endif { "v5", '5', arg_flag, &do_v5, "display v5 cred cache", NULL}, { "verbose", 'v', arg_flag, &do_verbose, @@ -666,20 +666,24 @@ main (int argc, char **argv) exit_status = display_v5_ccache (cred_cache, do_test, do_verbose, do_flags); -#ifdef KRB4 if (!do_test) { +#ifdef KRB4 if (do_v4) { if (do_v5) printf ("\n"); display_v4_tickets (do_verbose); } +#endif if (do_tokens && k_hasafs ()) { - if (do_v4 || do_v5) + if (do_v5) printf ("\n"); +#ifdef KRB4 + else if (do_v4) + printf ("\n"); +#endif display_tokens (do_verbose); } } -#endif return exit_status; } diff --git a/crypto/heimdal/lib/45/Makefile.in b/crypto/heimdal/lib/45/Makefile.in index 190945c..2fd13fa 100644 --- a/crypto/heimdal/lib/45/Makefile.in +++ b/crypto/heimdal/lib/45/Makefile.in @@ -18,7 +18,7 @@ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -240,10 +241,10 @@ all: all-am .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign lib/45/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) AR = ar @@ -420,7 +421,9 @@ info: info-am info-am: -install-data-am: install-data-local +install-data-am: + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: install-libLIBRARIES @$(NORMAL_INSTALL) @@ -447,8 +450,8 @@ uninstall-am: uninstall-info-am uninstall-libLIBRARIES clean-generic clean-libLIBRARIES clean-libtool distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am info info-am install \ - install-am install-data install-data-am install-data-local \ - install-exec install-exec-am install-info install-info-am \ + install-am install-data install-data-am install-exec \ + install-exec-am install-info install-info-am \ install-libLIBRARIES install-man install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ @@ -579,7 +582,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/lib/Makefile.in b/crypto/heimdal/lib/Makefile.in index 37a9e6e..a8111e8 100644 --- a/crypto/heimdal/lib/Makefile.in +++ b/crypto/heimdal/lib/Makefile.in @@ -18,7 +18,7 @@ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -235,10 +236,10 @@ all: all-recursive .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign lib/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) mostlyclean-libtool: @@ -436,7 +437,9 @@ info: info-recursive info-am: -install-data-am: install-data-local +install-data-am: + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: @$(NORMAL_INSTALL) @@ -465,15 +468,15 @@ uninstall-info: uninstall-info-recursive distclean distclean-generic distclean-libtool \ distclean-recursive distclean-tags distdir dvi dvi-am \ dvi-recursive info info-am info-recursive install install-am \ - install-data install-data-am install-data-local \ - install-data-recursive install-exec install-exec-am \ - install-exec-recursive install-info install-info-am \ - install-info-recursive install-man install-recursive \ - install-strip installcheck installcheck-am installdirs \ - installdirs-am installdirs-recursive maintainer-clean \ - maintainer-clean-generic maintainer-clean-recursive mostlyclean \ - mostlyclean-generic mostlyclean-libtool mostlyclean-recursive \ - tags tags-recursive uninstall uninstall-am uninstall-info-am \ + install-data install-data-am install-data-recursive \ + install-exec install-exec-am install-exec-recursive \ + install-info install-info-am install-info-recursive install-man \ + install-recursive install-strip installcheck installcheck-am \ + installdirs installdirs-am installdirs-recursive \ + maintainer-clean maintainer-clean-generic \ + maintainer-clean-recursive mostlyclean mostlyclean-generic \ + mostlyclean-libtool mostlyclean-recursive tags tags-recursive \ + uninstall uninstall-am uninstall-info-am \ uninstall-info-recursive uninstall-recursive @@ -600,7 +603,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/lib/asn1/Makefile.am b/crypto/heimdal/lib/asn1/Makefile.am index e202697..36cd9f0 100644 --- a/crypto/heimdal/lib/asn1/Makefile.am +++ b/crypto/heimdal/lib/asn1/Makefile.am @@ -1,11 +1,11 @@ -# $Id: Makefile.am,v 1.68 2002/03/10 23:41:33 assar Exp $ +# $Id: Makefile.am,v 1.69.2.1 2003/05/12 15:20:44 joda Exp $ include $(top_srcdir)/Makefile.am.common YFLAGS = -d lib_LTLIBRARIES = libasn1.la -libasn1_la_LDFLAGS = -version-info 6:0:0 +libasn1_la_LDFLAGS = -version-info 6:1:0 libasn1_la_LIBADD = @LIB_com_err@ @@ -69,8 +69,12 @@ gen_files = \ noinst_PROGRAMS = asn1_compile asn1_print -check_PROGRAMS = check-der -TESTS = check-der +check_PROGRAMS = check-der check-gen +TESTS = check-der check-gen + +check_der_SOURCES = check-der.c check-common.c +check_gen_SOURCES = check-gen.c check-common.c + asn1_compile_SOURCES = \ gen.c \ @@ -102,6 +106,7 @@ check_der_LDADD = \ libasn1.la \ $(LIB_roken) +check_gen_LDADD = $(check_der_LDADD) asn1_print_LDADD = $(check_der_LDADD) CLEANFILES = lex.c parse.c parse.h krb5_asn1.h $(BUILT_SOURCES) \ diff --git a/crypto/heimdal/lib/asn1/Makefile.in b/crypto/heimdal/lib/asn1/Makefile.in index 8871e79..e97ee04 100644 --- a/crypto/heimdal/lib/asn1/Makefile.in +++ b/crypto/heimdal/lib/asn1/Makefile.in @@ -14,11 +14,11 @@ @SET_MAKE@ -# $Id: Makefile.am,v 1.68 2002/03/10 23:41:33 assar Exp $ +# $Id: Makefile.am,v 1.69.2.1 2003/05/12 15:20:44 joda Exp $ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -204,7 +205,7 @@ NROFF_MAN = groff -mandoc -Tascii YFLAGS = -d lib_LTLIBRARIES = libasn1.la -libasn1_la_LDFLAGS = -version-info 6:0:0 +libasn1_la_LDFLAGS = -version-info 6:1:0 libasn1_la_LIBADD = @LIB_com_err@ @@ -269,8 +270,11 @@ gen_files = \ noinst_PROGRAMS = asn1_compile asn1_print -check_PROGRAMS = check-der -TESTS = check-der +check_PROGRAMS = check-der check-gen +TESTS = check-der check-gen + +check_der_SOURCES = check-der.c check-common.c +check_gen_SOURCES = check-gen.c check-common.c asn1_compile_SOURCES = \ gen.c \ @@ -306,6 +310,7 @@ check_der_LDADD = \ $(LIB_roken) +check_gen_LDADD = $(check_der_LDADD) asn1_print_LDADD = $(check_der_LDADD) CLEANFILES = lex.c parse.c parse.h krb5_asn1.h $(BUILT_SOURCES) \ @@ -344,7 +349,7 @@ am__objects_5 = $(am__objects_6) asn1_err.lo am_libasn1_la_OBJECTS = der_get.lo der_put.lo der_free.lo der_length.lo \ der_copy.lo timegm.lo $(am__objects_5) libasn1_la_OBJECTS = $(am_libasn1_la_OBJECTS) -check_PROGRAMS = check-der$(EXEEXT) +check_PROGRAMS = check-der$(EXEEXT) check-gen$(EXEEXT) noinst_PROGRAMS = asn1_compile$(EXEEXT) asn1_print$(EXEEXT) PROGRAMS = $(noinst_PROGRAMS) @@ -359,10 +364,14 @@ asn1_print_SOURCES = asn1_print.c asn1_print_OBJECTS = asn1_print.$(OBJEXT) asn1_print_DEPENDENCIES = libasn1.la asn1_print_LDFLAGS = -check_der_SOURCES = check-der.c -check_der_OBJECTS = check-der.$(OBJEXT) +am_check_der_OBJECTS = check-der.$(OBJEXT) check-common.$(OBJEXT) +check_der_OBJECTS = $(am_check_der_OBJECTS) check_der_DEPENDENCIES = libasn1.la check_der_LDFLAGS = +am_check_gen_OBJECTS = check-gen.$(OBJEXT) check-common.$(OBJEXT) +check_gen_OBJECTS = $(am_check_gen_OBJECTS) +check_gen_DEPENDENCIES = libasn1.la +check_gen_LDFLAGS = DEFS = @DEFS@ DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include @@ -384,22 +393,22 @@ LTLEXCOMPILE = $(LIBTOOL) --mode=compile $(LEX) $(LFLAGS) $(AM_LFLAGS) YACCCOMPILE = $(YACC) $(YFLAGS) $(AM_YFLAGS) LTYACCCOMPILE = $(LIBTOOL) --mode=compile $(YACC) $(YFLAGS) $(AM_YFLAGS) DIST_SOURCES = $(libasn1_la_SOURCES) $(asn1_compile_SOURCES) \ - asn1_print.c check-der.c + asn1_print.c $(check_der_SOURCES) $(check_gen_SOURCES) HEADERS = $(include_HEADERS) DIST_COMMON = $(include_HEADERS) Makefile.am Makefile.in lex.c parse.c \ parse.h -SOURCES = $(libasn1_la_SOURCES) $(asn1_compile_SOURCES) asn1_print.c check-der.c +SOURCES = $(libasn1_la_SOURCES) $(asn1_compile_SOURCES) asn1_print.c $(check_der_SOURCES) $(check_gen_SOURCES) all: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) all-am .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .l .lo .o .obj .y -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign lib/asn1/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) libLTLIBRARIES_INSTALL = $(INSTALL) install-libLTLIBRARIES: $(lib_LTLIBRARIES) @@ -441,6 +450,9 @@ asn1_print$(EXEEXT): $(asn1_print_OBJECTS) $(asn1_print_DEPENDENCIES) check-der$(EXEEXT): $(check_der_OBJECTS) $(check_der_DEPENDENCIES) @rm -f check-der$(EXEEXT) $(LINK) $(check_der_LDFLAGS) $(check_der_OBJECTS) $(check_der_LDADD) $(LIBS) +check-gen$(EXEEXT): $(check_gen_OBJECTS) $(check_gen_DEPENDENCIES) + @rm -f check-gen$(EXEEXT) + $(LINK) $(check_gen_LDFLAGS) $(check_gen_OBJECTS) $(check_gen_LDADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) core *.core @@ -682,7 +694,9 @@ info: info-am info-am: -install-data-am: install-data-local install-includeHEADERS +install-data-am: install-includeHEADERS + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: install-libLTLIBRARIES @$(NORMAL_INSTALL) @@ -711,9 +725,9 @@ uninstall-am: uninstall-includeHEADERS uninstall-info-am \ clean-libLTLIBRARIES clean-libtool clean-noinstPROGRAMS \ distclean distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am info info-am install \ - install-am install-data install-data-am install-data-local \ - install-exec install-exec-am install-includeHEADERS \ - install-info install-info-am install-libLTLIBRARIES install-man \ + install-am install-data install-data-am install-exec \ + install-exec-am install-includeHEADERS install-info \ + install-info-am install-libLTLIBRARIES install-man \ install-strip installcheck installcheck-am installdirs \ maintainer-clean maintainer-clean-generic mostlyclean \ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ @@ -844,7 +858,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/lib/asn1/check-common.c b/crypto/heimdal/lib/asn1/check-common.c new file mode 100644 index 0000000..20a41ad --- /dev/null +++ b/crypto/heimdal/lib/asn1/check-common.c @@ -0,0 +1,125 @@ +/* + * Copyright (c) 1999 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif +#include <stdio.h> +#include <string.h> +#include <err.h> +#include <roken.h> + +#include "check-common.h" + +RCSID("$Id: check-common.c,v 1.1 2003/01/23 10:21:36 lha Exp $"); + +static void +print_bytes (unsigned const char *buf, size_t len) +{ + int i; + + for (i = 0; i < len; ++i) + printf ("%02x ", buf[i]); +} + +int +generic_test (const struct test_case *tests, + unsigned ntests, + size_t data_size, + int (*encode)(unsigned char *, size_t, void *, size_t *), + int (*length)(void *), + int (*decode)(unsigned char *, size_t, void *, size_t *), + int (*cmp)(void *a, void *b)) +{ + unsigned char buf[4711]; + int i; + int failures = 0; + void *val = malloc (data_size); + + if (data_size != 0 && val == NULL) + err (1, "malloc"); + + for (i = 0; i < ntests; ++i) { + int ret; + size_t sz, consumed_sz, length_sz; + unsigned char *beg; + + ret = (*encode) (buf + sizeof(buf) - 1, sizeof(buf), + tests[i].val, &sz); + beg = buf + sizeof(buf) - sz; + if (ret != 0) { + printf ("encoding of %s failed\n", tests[i].name); + ++failures; + } + if (sz != tests[i].byte_len) { + printf ("encoding of %s has wrong len (%lu != %lu)\n", + tests[i].name, + (unsigned long)sz, (unsigned long)tests[i].byte_len); + ++failures; + } + + length_sz = (*length) (tests[i].val); + if (sz != length_sz) { + printf ("length for %s is bad (%lu != %lu)\n", + tests[i].name, (unsigned long)length_sz, (unsigned long)sz); + ++failures; + } + + if (memcmp (beg, tests[i].bytes, tests[i].byte_len) != 0) { + printf ("encoding of %s has bad bytes:\n" + "correct: ", tests[i].name); + print_bytes (tests[i].bytes, tests[i].byte_len); + printf ("\nactual: "); + print_bytes (beg, sz); + printf ("\n"); + ++failures; + } + ret = (*decode) (beg, sz, val, &consumed_sz); + if (ret != 0) { + printf ("decoding of %s failed\n", tests[i].name); + ++failures; + } + if (sz != consumed_sz) { + printf ("different length decoding %s (%ld != %ld)\n", + tests[i].name, + (unsigned long)sz, (unsigned long)consumed_sz); + ++failures; + } + if ((*cmp)(val, tests[i].val) != 0) { + printf ("%s: comparison failed\n", tests[i].name); + ++failures; + } + } + free (val); + return failures; +} diff --git a/crypto/heimdal/lib/asn1/check-common.h b/crypto/heimdal/lib/asn1/check-common.h new file mode 100644 index 0000000..52d59cb --- /dev/null +++ b/crypto/heimdal/lib/asn1/check-common.h @@ -0,0 +1,53 @@ +/* + * Copyright (c) 1999 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +struct test_case { + void *val; + int byte_len; + const unsigned char *bytes; + char *name; +}; + +typedef int (*generic_encode)(unsigned char *, size_t, void *, size_t *); +typedef int (*generic_length)(void *); +typedef int (*generic_decode)(unsigned char *, size_t, void *, size_t *); + +int +generic_test (const struct test_case *tests, + unsigned ntests, + size_t data_size, + int (*encode)(unsigned char *, size_t, void *, size_t *), + int (*length)(void *), + int (*decode)(unsigned char *, size_t, void *, size_t *), + int (*cmp)(void *a, void *b)); + diff --git a/crypto/heimdal/lib/asn1/check-der.c b/crypto/heimdal/lib/asn1/check-der.c index 32e474e..7cb0577 100644 --- a/crypto/heimdal/lib/asn1/check-der.c +++ b/crypto/heimdal/lib/asn1/check-der.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -43,95 +43,9 @@ #include <asn1_err.h> #include <der.h> -RCSID("$Id: check-der.c,v 1.8 2002/08/23 03:17:34 assar Exp $"); +#include "check-common.h" -static void -print_bytes (unsigned const char *buf, size_t len) -{ - int i; - - for (i = 0; i < len; ++i) - printf ("%02x ", buf[i]); -} - -struct test_case { - void *val; - int byte_len; - const unsigned char *bytes; - char *name; -}; - -static int -generic_test (const struct test_case *tests, - unsigned ntests, - size_t data_size, - int (*encode)(unsigned char *, size_t, void *, size_t *), - int (*length)(void *), - int (*decode)(unsigned char *, size_t, void *, size_t *), - int (*cmp)(void *a, void *b)) -{ - unsigned char buf[4711]; - int i; - int failures = 0; - void *val = malloc (data_size); - - if (data_size != 0 && val == NULL) - err (1, "malloc"); - - for (i = 0; i < ntests; ++i) { - int ret; - size_t sz, consumed_sz, length_sz; - unsigned char *beg; - - ret = (*encode) (buf + sizeof(buf) - 1, sizeof(buf), - tests[i].val, &sz); - beg = buf + sizeof(buf) - sz; - if (ret != 0) { - printf ("encoding of %s failed\n", tests[i].name); - ++failures; - } - if (sz != tests[i].byte_len) { - printf ("encoding of %s has wrong len (%lu != %lu)\n", - tests[i].name, - (unsigned long)sz, (unsigned long)tests[i].byte_len); - ++failures; - } - - length_sz = (*length) (tests[i].val); - if (sz != length_sz) { - printf ("length for %s is bad (%lu != %lu)\n", - tests[i].name, (unsigned long)length_sz, (unsigned long)sz); - ++failures; - } - - if (memcmp (beg, tests[i].bytes, tests[i].byte_len) != 0) { - printf ("encoding of %s has bad bytes:\n" - "correct: ", tests[i].name); - print_bytes (tests[i].bytes, tests[i].byte_len); - printf ("\nactual: "); - print_bytes (beg, sz); - printf ("\n"); - ++failures; - } - ret = (*decode) (beg, sz, val, &consumed_sz); - if (ret != 0) { - printf ("decoding of %s failed\n", tests[i].name); - ++failures; - } - if (sz != consumed_sz) { - printf ("different length decoding %s (%ld != %ld)\n", - tests[i].name, - (unsigned long)sz, (unsigned long)consumed_sz); - ++failures; - } - if ((*cmp)(val, tests[i].val) != 0) { - printf ("%s: comparison failed\n", tests[i].name); - ++failures; - } - } - free (val); - return failures; -} +RCSID("$Id: check-der.c,v 1.9 2003/01/23 10:19:49 lha Exp $"); static int cmp_integer (void *a, void *b) @@ -170,11 +84,9 @@ test_integer (void) } return generic_test (tests, ntests, sizeof(int), - (int (*)(unsigned char *, size_t, - void *, size_t *))encode_integer, - (int (*)(void *))length_integer, - (int (*)(unsigned char *, size_t, - void *, size_t *))decode_integer, + (generic_encode)encode_integer, + (generic_length) length_integer, + (generic_decode)decode_integer, cmp_integer); } @@ -204,11 +116,9 @@ test_octet_string (void) asprintf (&tests[0].name, "a octet string"); return generic_test (tests, ntests, sizeof(octet_string), - (int (*)(unsigned char *, size_t, - void *, size_t *))encode_octet_string, - (int (*)(void *))length_octet_string, - (int (*)(unsigned char *, size_t, - void *, size_t *))decode_octet_string, + (generic_encode)encode_octet_string, + (generic_length)length_octet_string, + (generic_decode)decode_octet_string, cmp_octet_string); } @@ -235,11 +145,9 @@ test_general_string (void) asprintf (&tests[0].name, "the string \"%s\"", s1); return generic_test (tests, ntests, sizeof(unsigned char *), - (int (*)(unsigned char *, size_t, - void *, size_t *))encode_general_string, - (int (*)(void *))length_general_string, - (int (*)(unsigned char *, size_t, - void *, size_t *))decode_general_string, + (generic_encode)encode_general_string, + (generic_length)length_general_string, + (generic_decode)decode_general_string, cmp_general_string); } @@ -269,11 +177,9 @@ test_generalized_time (void) } return generic_test (tests, ntests, sizeof(time_t), - (int (*)(unsigned char *, size_t, - void *, size_t *))encode_generalized_time, - (int (*)(void *))length_generalized_time, - (int (*)(unsigned char *, size_t, - void *, size_t *))decode_generalized_time, + (generic_encode)encode_generalized_time, + (generic_length)length_generalized_time, + (generic_decode)decode_generalized_time, cmp_generalized_time); } diff --git a/crypto/heimdal/lib/asn1/check-gen.c b/crypto/heimdal/lib/asn1/check-gen.c new file mode 100644 index 0000000..0b0bec9 --- /dev/null +++ b/crypto/heimdal/lib/asn1/check-gen.c @@ -0,0 +1,193 @@ +/* + * Copyright (c) 1999 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif +#include <stdio.h> +#include <string.h> +#include <err.h> +#include <roken.h> + +#include <asn1-common.h> +#include <asn1_err.h> +#include <der.h> +#include <krb5_asn1.h> + +#include "check-common.h" + +RCSID("$Id: check-gen.c,v 1.2.2.1 2003/05/06 16:49:57 joda Exp $"); + +static char *lha_princ[] = { "lha" }; +static char *lharoot_princ[] = { "lha", "root" }; +static char *datan_princ[] = { "host", "nutcracker.e.kth.se" }; + + +#define COMPARE_STRING(ac,bc,e) \ + do { if (strcmp((ac)->e, (bc)->e) != 0) return 1; } while(0) +#define COMPARE_INTEGER(ac,bc,e) \ + do { if ((ac)->e != (bc)->e) return 1; } while(0) +#define COMPARE_MEM(ac,bc,e,len) \ + do { if (memcmp((ac)->e, (bc)->e,len) != 0) return 1; } while(0) + +static int +cmp_principal (void *a, void *b) +{ + Principal *pa = a; + Principal *pb = b; + int i; + + COMPARE_STRING(pa,pb,realm); + COMPARE_INTEGER(pa,pb,name.name_type); + COMPARE_INTEGER(pa,pb,name.name_string.len); + + for (i = 0; i < pa->name.name_string.len; i++) + COMPARE_STRING(pa,pb,name.name_string.val[i]); + + return 0; +} + +static int +test_principal (void) +{ + + struct test_case tests[] = { + { NULL, 29, + (unsigned char*)"\x30\x1b\xa0\x10\x30\x0e\xa0\x03\x02\x01\x01\xa1\x07\x30\x05\x1b" + "\x03\x6c\x68\x61\xa1\x07\x1b\x05\x53\x55\x2e\x53\x45" + }, + { NULL, 35, + (unsigned char*)"\x30\x21\xa0\x16\x30\x14\xa0\x03\x02\x01\x01\xa1\x0d\x30\x0b\x1b" + "\x03\x6c\x68\x61\x1b\x04\x72\x6f\x6f\x74\xa1\x07\x1b\x05\x53\x55" + "\x2e\x53\x45" + }, + { NULL, 54, + (unsigned char*)"\x30\x34\xa0\x26\x30\x24\xa0\x03\x02\x01\x03\xa1\x1d\x30\x1b\x1b" + "\x04\x68\x6f\x73\x74\x1b\x13\x6e\x75\x74\x63\x72\x61\x63\x6b\x65" + "\x72\x2e\x65\x2e\x6b\x74\x68\x2e\x73\x65\xa1\x0a\x1b\x08\x45\x2e" + "\x4b\x54\x48\x2e\x53\x45" + } + }; + + + Principal values[] = { + { { KRB5_NT_PRINCIPAL, { 1, lha_princ } }, "SU.SE" }, + { { KRB5_NT_PRINCIPAL, { 2, lharoot_princ } }, "SU.SE" }, + { { KRB5_NT_SRV_HST, { 2, datan_princ } }, "E.KTH.SE" } + }; + int i; + int ntests = sizeof(tests) / sizeof(*tests); + + for (i = 0; i < ntests; ++i) { + tests[i].val = &values[i]; + asprintf (&tests[i].name, "Principal %d", i); + } + + return generic_test (tests, ntests, sizeof(Principal), + (generic_encode)encode_Principal, + (generic_length)length_Principal, + (generic_decode)decode_Principal, + cmp_principal); +} + +static int +cmp_authenticator (void *a, void *b) +{ + Authenticator *aa = a; + Authenticator *ab = b; + int i; + + COMPARE_INTEGER(aa,ab,authenticator_vno); + COMPARE_STRING(aa,ab,crealm); + + COMPARE_INTEGER(aa,ab,cname.name_type); + COMPARE_INTEGER(aa,ab,cname.name_string.len); + + for (i = 0; i < aa->cname.name_string.len; i++) + COMPARE_STRING(aa,ab,cname.name_string.val[i]); + + return 0; +} + +static int +test_authenticator (void) +{ + struct test_case tests[] = { + { NULL, 63, + (unsigned char*)"\x62\x3d\x30\x3b\xa0\x03\x02\x01\x05\xa1\x0a\x1b\x08" + "\x45\x2e\x4b\x54\x48\x2e\x53\x45\xa2\x10\x30\x0e\xa0" + "\x03\x02\x01\x01\xa1\x07\x30\x05\x1b\x03\x6c\x68\x61" + "\xa4\x03\x02\x01\x0a\xa5\x11\x18\x0f\x31\x39\x37\x30" + "\x30\x31\x30\x31\x30\x30\x30\x31\x33\x39\x5a" + }, + { NULL, 67, + (unsigned char*)"\x62\x41\x30\x3f\xa0\x03\x02\x01\x05\xa1\x07\x1b\x05" + "\x53\x55\x2e\x53\x45\xa2\x16\x30\x14\xa0\x03\x02\x01" + "\x01\xa1\x0d\x30\x0b\x1b\x03\x6c\x68\x61\x1b\x04\x72" + "\x6f\x6f\x74\xa4\x04\x02\x02\x01\x24\xa5\x11\x18\x0f" + "\x31\x39\x37\x30\x30\x31\x30\x31\x30\x30\x31\x36\x33" + "\x39\x5a" + } + }; + + Authenticator values[] = { + { 5, "E.KTH.SE", { KRB5_NT_PRINCIPAL, { 1, lha_princ } }, + NULL, 10, 99, NULL, NULL, NULL }, + { 5, "SU.SE", { KRB5_NT_PRINCIPAL, { 2, lharoot_princ } }, + NULL, 292, 999, NULL, NULL, NULL } + }; + int i; + int ntests = sizeof(tests) / sizeof(*tests); + + for (i = 0; i < ntests; ++i) { + tests[i].val = &values[i]; + asprintf (&tests[i].name, "Authenticator %d", i); + } + + return generic_test (tests, ntests, sizeof(Authenticator), + (generic_encode)encode_Authenticator, + (generic_length)length_Authenticator, + (generic_decode)decode_Authenticator, + cmp_authenticator); +} + +int +main(int argc, char **argv) +{ + int ret = 0; + + ret += test_principal (); + ret += test_authenticator(); + + return ret; +} diff --git a/crypto/heimdal/lib/asn1/der_copy.c b/crypto/heimdal/lib/asn1/der_copy.c index 30027e1..eefc914 100644 --- a/crypto/heimdal/lib/asn1/der_copy.c +++ b/crypto/heimdal/lib/asn1/der_copy.c @@ -33,15 +33,14 @@ #include "der_locl.h" -RCSID("$Id: der_copy.c,v 1.9 2001/09/25 13:39:25 assar Exp $"); +RCSID("$Id: der_copy.c,v 1.10 2003/04/17 07:13:08 lha Exp $"); int copy_general_string (const general_string *from, general_string *to) { - *to = malloc(strlen(*from) + 1); + *to = strdup(*from); if(*to == NULL) return ENOMEM; - strcpy(*to, *from); return 0; } diff --git a/crypto/heimdal/lib/asn1/der_put.c b/crypto/heimdal/lib/asn1/der_put.c index 1dfafdc..41733c5 100644 --- a/crypto/heimdal/lib/asn1/der_put.c +++ b/crypto/heimdal/lib/asn1/der_put.c @@ -33,7 +33,7 @@ #include "der_locl.h" -RCSID("$Id: der_put.c,v 1.27 2001/09/25 23:37:25 assar Exp $"); +RCSID("$Id: der_put.c,v 1.28 2003/04/17 07:12:24 lha Exp $"); /* * All encoding functions take a pointer `p' to first position in @@ -375,15 +375,18 @@ int time2generalizedtime (time_t t, octet_string *s) { struct tm *tm; + size_t len; - s->data = malloc(16); + len = 15; + + s->data = malloc(len + 1); if (s->data == NULL) return ENOMEM; - s->length = 15; + s->length = len; tm = gmtime (&t); - sprintf (s->data, "%04d%02d%02d%02d%02d%02dZ", tm->tm_year + 1900, - tm->tm_mon + 1, tm->tm_mday, tm->tm_hour, tm->tm_min, - tm->tm_sec); + snprintf (s->data, len + 1, "%04d%02d%02d%02d%02d%02dZ", + tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, + tm->tm_hour, tm->tm_min, tm->tm_sec); return 0; } diff --git a/crypto/heimdal/lib/asn1/gen.c b/crypto/heimdal/lib/asn1/gen.c index 5b85a48..8580360 100644 --- a/crypto/heimdal/lib/asn1/gen.c +++ b/crypto/heimdal/lib/asn1/gen.c @@ -33,15 +33,15 @@ #include "gen_locl.h" -RCSID("$Id: gen.c,v 1.49 2002/09/04 15:06:18 joda Exp $"); +RCSID("$Id: gen.c,v 1.50 2003/04/17 07:09:18 lha Exp $"); FILE *headerfile, *codefile, *logfile; #define STEM "asn1" static const char *orig_filename; -static char header[1024]; -static char headerbase[1024] = STEM; +static char *header; +static char *headerbase = STEM; /* * list of all IMPORTs @@ -75,8 +75,8 @@ init_generate (const char *filename, const char *base) { orig_filename = filename; if(base) - strcpy(headerbase, base); - sprintf(header, "%s.h", headerbase); + asprintf(&headerbase, "%s", base); + asprintf(&header, "%s.h", headerbase); headerfile = fopen (header, "w"); if (headerfile == NULL) err (1, "open %s", header); diff --git a/crypto/heimdal/lib/asn1/k5.asn1 b/crypto/heimdal/lib/asn1/k5.asn1 index 53436c8..37c60a8 100644 --- a/crypto/heimdal/lib/asn1/k5.asn1 +++ b/crypto/heimdal/lib/asn1/k5.asn1 @@ -1,4 +1,4 @@ --- $Id: k5.asn1,v 1.27 2002/09/03 17:32:09 joda Exp $ +-- $Id: k5.asn1,v 1.28 2003/01/15 03:13:47 lha Exp $ KERBEROS5 DEFINITIONS ::= BEGIN @@ -70,7 +70,8 @@ CKSUMTYPE ::= INTEGER { CKSUMTYPE_RSA_MD5(7), CKSUMTYPE_RSA_MD5_DES(8), CKSUMTYPE_RSA_MD5_DES3(9), - -- CKSUMTYPE_SHA1(10), + CKSUMTYPE_HMAC_SHA1_96_AES_128(10), + CKSUMTYPE_HMAC_SHA1_96_AES_256(11), CKSUMTYPE_HMAC_SHA1_DES3(12), CKSUMTYPE_SHA1(1000), -- correct value? 10 (9 also) CKSUMTYPE_GSSAPI(0x8003), @@ -90,6 +91,8 @@ ENCTYPE ::= INTEGER { ETYPE_ENCRYPT_RSA_PRIV(9), ETYPE_ENCRYPT_RSA_PUB(10), ETYPE_DES3_CBC_SHA1(16), -- with key derivation + ETYPE_AES128_CTS_HMAC_SHA1_96(17), + ETYPE_AES256_CTS_HMAC_SHA1_96(18), ETYPE_ARCFOUR_HMAC_MD5(23), ETYPE_ARCFOUR_HMAC_MD5_56(24), ETYPE_ENCTYPE_PK_CROSS(48), diff --git a/crypto/heimdal/lib/auth/ChangeLog b/crypto/heimdal/lib/auth/ChangeLog index 1db4a5f..e221178 100644 --- a/crypto/heimdal/lib/auth/ChangeLog +++ b/crypto/heimdal/lib/auth/ChangeLog @@ -1,3 +1,12 @@ +2003-05-08 Love Hörnquist Åstrand <lha@it.su.se> + + * sia/Makefile.am: 1.15->1.16: inline COMPILE since (modern) + automake doesn't add it by itself for some reason + +2003-03-27 Love Hörnquist Åstrand <lha@it.su.se> + + * sia/Makefile.am: libkafs is always built now, lets include it + 2002-05-19 Johan Danielsson <joda@pdc.kth.se> * pam/Makefile.am: set SUFFIXES with += @@ -6,6 +15,11 @@ * pam/Makefile.am: actually build the pam module +2001-09-18 Johan Danielsson <joda@pdc.kth.se> + + * sia/Makefile.am: also don't compress krb5 library, at least + siacfg fails with compressed libraries + 2001-09-13 Assar Westerlund <assar@sics.se> * sia/sia.c: move krb5_error_code inside a ifdef KRB5 diff --git a/crypto/heimdal/lib/auth/Makefile.in b/crypto/heimdal/lib/auth/Makefile.in index 5a41cfd..77a5524 100644 --- a/crypto/heimdal/lib/auth/Makefile.in +++ b/crypto/heimdal/lib/auth/Makefile.in @@ -18,7 +18,7 @@ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -228,10 +229,10 @@ all: all-recursive .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign lib/auth/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) mostlyclean-libtool: @@ -429,7 +430,9 @@ info: info-recursive info-am: -install-data-am: install-data-local +install-data-am: + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: @$(NORMAL_INSTALL) @@ -458,15 +461,15 @@ uninstall-info: uninstall-info-recursive distclean distclean-generic distclean-libtool \ distclean-recursive distclean-tags distdir dvi dvi-am \ dvi-recursive info info-am info-recursive install install-am \ - install-data install-data-am install-data-local \ - install-data-recursive install-exec install-exec-am \ - install-exec-recursive install-info install-info-am \ - install-info-recursive install-man install-recursive \ - install-strip installcheck installcheck-am installdirs \ - installdirs-am installdirs-recursive maintainer-clean \ - maintainer-clean-generic maintainer-clean-recursive mostlyclean \ - mostlyclean-generic mostlyclean-libtool mostlyclean-recursive \ - tags tags-recursive uninstall uninstall-am uninstall-info-am \ + install-data install-data-am install-data-recursive \ + install-exec install-exec-am install-exec-recursive \ + install-info install-info-am install-info-recursive install-man \ + install-recursive install-strip installcheck installcheck-am \ + installdirs installdirs-am installdirs-recursive \ + maintainer-clean maintainer-clean-generic \ + maintainer-clean-recursive mostlyclean mostlyclean-generic \ + mostlyclean-libtool mostlyclean-recursive tags tags-recursive \ + uninstall uninstall-am uninstall-info-am \ uninstall-info-recursive uninstall-recursive @@ -593,7 +596,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/lib/auth/afskauthlib/Makefile.in b/crypto/heimdal/lib/auth/afskauthlib/Makefile.in index f97a1f0..b332159 100644 --- a/crypto/heimdal/lib/auth/afskauthlib/Makefile.in +++ b/crypto/heimdal/lib/auth/afskauthlib/Makefile.in @@ -18,7 +18,7 @@ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -251,10 +252,10 @@ all: all-am .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .o -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign lib/auth/afskauthlib/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) mostlyclean-libtool: @@ -365,7 +366,9 @@ info: info-am info-am: -install-data-am: install-data-local install-fooDATA +install-data-am: install-fooDATA + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: @$(NORMAL_INSTALL) @@ -390,13 +393,12 @@ uninstall-am: uninstall-fooDATA uninstall-info-am .PHONY: all all-am all-local check check-am check-local clean \ clean-generic clean-libtool distclean distclean-generic \ distclean-libtool distdir dvi dvi-am info info-am install \ - install-am install-data install-data-am install-data-local \ - install-exec install-exec-am install-fooDATA install-info \ - install-info-am install-man install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-generic \ - mostlyclean-libtool uninstall uninstall-am uninstall-fooDATA \ - uninstall-info-am + install-am install-data install-data-am install-exec \ + install-exec-am install-fooDATA install-info install-info-am \ + install-man install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-generic mostlyclean-libtool uninstall \ + uninstall-am uninstall-fooDATA uninstall-info-am install-suid-programs: @@ -522,7 +524,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/lib/auth/pam/Makefile.in b/crypto/heimdal/lib/auth/pam/Makefile.in index e21bf7c..0356846 100644 --- a/crypto/heimdal/lib/auth/pam/Makefile.in +++ b/crypto/heimdal/lib/auth/pam/Makefile.in @@ -18,7 +18,7 @@ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -193,7 +194,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -258,10 +259,10 @@ all: all-am .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .o -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign lib/auth/pam/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) mostlyclean-libtool: @@ -372,7 +373,9 @@ info: info-am info-am: -install-data-am: install-data-local install-fooDATA +install-data-am: install-fooDATA + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: @$(NORMAL_INSTALL) @@ -397,13 +400,12 @@ uninstall-am: uninstall-fooDATA uninstall-info-am .PHONY: all all-am all-local check check-am check-local clean \ clean-generic clean-libtool distclean distclean-generic \ distclean-libtool distdir dvi dvi-am info info-am install \ - install-am install-data install-data-am install-data-local \ - install-exec install-exec-am install-fooDATA install-info \ - install-info-am install-man install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-generic \ - mostlyclean-libtool uninstall uninstall-am uninstall-fooDATA \ - uninstall-info-am + install-am install-data install-data-am install-exec \ + install-exec-am install-fooDATA install-info install-info-am \ + install-man install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-generic mostlyclean-libtool uninstall \ + uninstall-am uninstall-fooDATA uninstall-info-am install-suid-programs: @@ -529,7 +531,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/lib/auth/sia/Makefile.am b/crypto/heimdal/lib/auth/sia/Makefile.am index 3182c68..30bf011 100644 --- a/crypto/heimdal/lib/auth/sia/Makefile.am +++ b/crypto/heimdal/lib/auth/sia/Makefile.am @@ -1,4 +1,4 @@ -# $Id: Makefile.am,v 1.14 2001/09/18 13:04:15 joda Exp $ +# $Id: Makefile.am,v 1.15.2.1 2003/05/08 10:31:48 lha Exp $ include $(top_srcdir)/Makefile.am.common @@ -12,10 +12,8 @@ DEFS = @DEFS@ ## unconditionally build shared libraries, and it does not allow us to ## link with non-installed libraries -if KRB4 KAFS=$(top_builddir)/lib/kafs/.libs/libkafs.a KAFS_S=$(top_builddir)/lib/kafs/.libs/libkafs.so -endif if KRB5 L = \ @@ -106,5 +104,9 @@ CLEANFILES = $(MOD) $(OBJS) so_locations SUFFIXES += .c .o +# XXX inline COMPILE since automake wont add it + .c.o: - $(COMPILE) -c $< + $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) \ + -c `test -f '$<' || echo '$(srcdir)/'`$< diff --git a/crypto/heimdal/lib/auth/sia/Makefile.in b/crypto/heimdal/lib/auth/sia/Makefile.in index 95c2e83..0999ee5 100644 --- a/crypto/heimdal/lib/auth/sia/Makefile.in +++ b/crypto/heimdal/lib/auth/sia/Makefile.in @@ -14,11 +14,11 @@ @SET_MAKE@ -# $Id: Makefile.am,v 1.14 2001/09/18 13:04:15 joda Exp $ +# $Id: Makefile.am,v 1.15.2.1 2003/05/08 10:31:48 lha Exp $ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -193,7 +194,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -204,8 +205,8 @@ NROFF_MAN = groff -mandoc -Tascii DEFS = @DEFS@ -@KRB4_TRUE@KAFS = $(top_builddir)/lib/kafs/.libs/libkafs.a -@KRB4_TRUE@KAFS_S = $(top_builddir)/lib/kafs/.libs/libkafs.so +KAFS = $(top_builddir)/lib/kafs/.libs/libkafs.a +KAFS_S = $(top_builddir)/lib/kafs/.libs/libkafs.so @KRB5_TRUE@L = \ @KRB5_TRUE@ $(KAFS) \ @@ -288,10 +289,10 @@ all: all-am .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .o -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign lib/auth/sia/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) mostlyclean-libtool: @@ -402,7 +403,9 @@ info: info-am info-am: -install-data-am: install-data-local install-fooDATA +install-data-am: install-fooDATA + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: @$(NORMAL_INSTALL) @@ -427,13 +430,12 @@ uninstall-am: uninstall-fooDATA uninstall-info-am .PHONY: all all-am all-local check check-am check-local clean \ clean-generic clean-libtool distclean distclean-generic \ distclean-libtool distdir dvi dvi-am info info-am install \ - install-am install-data install-data-am install-data-local \ - install-exec install-exec-am install-fooDATA install-info \ - install-info-am install-man install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-generic \ - mostlyclean-libtool uninstall uninstall-am uninstall-fooDATA \ - uninstall-info-am + install-am install-data install-data-am install-exec \ + install-exec-am install-fooDATA install-info install-info-am \ + install-man install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-generic mostlyclean-libtool uninstall \ + uninstall-am uninstall-fooDATA uninstall-info-am install-suid-programs: @@ -559,7 +561,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< @@ -590,8 +592,12 @@ libsia_krb4.so: $(OBJS) fi ostrip -x $@ +# XXX inline COMPILE since automake wont add it + .c.o: - $(COMPILE) -c $< + $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) \ + -c `test -f '$<' || echo '$(srcdir)/'`$< # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/lib/com_err/Makefile.in b/crypto/heimdal/lib/com_err/Makefile.in index 34dc1c4..08fdafe 100644 --- a/crypto/heimdal/lib/com_err/Makefile.in +++ b/crypto/heimdal/lib/com_err/Makefile.in @@ -18,7 +18,7 @@ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -268,10 +269,10 @@ all: all-am .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .l .lo .o .obj .y -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign lib/com_err/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) libLTLIBRARIES_INSTALL = $(INSTALL) install-libLTLIBRARIES: $(lib_LTLIBRARIES) @@ -515,7 +516,9 @@ info: info-am info-am: -install-data-am: install-data-local install-includeHEADERS +install-data-am: install-includeHEADERS + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: install-binPROGRAMS install-libLTLIBRARIES @$(NORMAL_INSTALL) @@ -544,7 +547,7 @@ uninstall-am: uninstall-binPROGRAMS uninstall-includeHEADERS \ clean-libtool distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am info \ info-am install install-am install-binPROGRAMS install-data \ - install-data-am install-data-local install-exec install-exec-am \ + install-data-am install-exec install-exec-am \ install-includeHEADERS install-info install-info-am \ install-libLTLIBRARIES install-man install-strip installcheck \ installcheck-am installdirs maintainer-clean \ @@ -677,7 +680,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/lib/gssapi/8003.c b/crypto/heimdal/lib/gssapi/8003.c index 03992a4..677a25a 100644 --- a/crypto/heimdal/lib/gssapi/8003.c +++ b/crypto/heimdal/lib/gssapi/8003.c @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: 8003.c,v 1.11 2002/03/10 23:47:39 assar Exp $"); +RCSID("$Id: 8003.c,v 1.12 2002/10/31 14:38:49 joda Exp $"); static krb5_error_code encode_om_uint32(OM_uint32 n, u_char *p) @@ -100,56 +100,56 @@ gssapi_krb5_create_8003_checksum ( const krb5_data *fwd_data, Checksum *result) { - u_char *p; - - /* - * see rfc1964 (section 1.1.1 (Initial Token), and the checksum value - * field's format) */ - result->cksumtype = 0x8003; - if (fwd_data->length > 0 && (flags & GSS_C_DELEG_FLAG)) - result->checksum.length = 24 + 4 + fwd_data->length; - else - result->checksum.length = 24; - result->checksum.data = malloc (result->checksum.length); - if (result->checksum.data == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } + u_char *p; + + /* + * see rfc1964 (section 1.1.1 (Initial Token), and the checksum value + * field's format) */ + result->cksumtype = 0x8003; + if (fwd_data->length > 0 && (flags & GSS_C_DELEG_FLAG)) + result->checksum.length = 24 + 4 + fwd_data->length; + else + result->checksum.length = 24; + result->checksum.data = malloc (result->checksum.length); + if (result->checksum.data == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } - p = result->checksum.data; - encode_om_uint32 (16, p); - p += 4; - if (input_chan_bindings == GSS_C_NO_CHANNEL_BINDINGS) { - memset (p, 0, 16); - } else { - hash_input_chan_bindings (input_chan_bindings, p); - } - p += 16; - encode_om_uint32 (flags, p); - p += 4; - - if (fwd_data->length > 0 && (flags & GSS_C_DELEG_FLAG)) { + p = result->checksum.data; + encode_om_uint32 (16, p); + p += 4; + if (input_chan_bindings == GSS_C_NO_CHANNEL_BINDINGS) { + memset (p, 0, 16); + } else { + hash_input_chan_bindings (input_chan_bindings, p); + } + p += 16; + encode_om_uint32 (flags, p); + p += 4; + + if (fwd_data->length > 0 && (flags & GSS_C_DELEG_FLAG)) { #if 0 - u_char *tmp; + u_char *tmp; - result->checksum.length = 28 + fwd_data->length; - tmp = realloc(result->checksum.data, result->checksum.length); - if (tmp == NULL) - return ENOMEM; - result->checksum.data = tmp; + result->checksum.length = 28 + fwd_data->length; + tmp = realloc(result->checksum.data, result->checksum.length); + if (tmp == NULL) + return ENOMEM; + result->checksum.data = tmp; - p = (u_char*)result->checksum.data + 24; + p = (u_char*)result->checksum.data + 24; #endif - *p++ = (1 >> 0) & 0xFF; /* DlgOpt */ /* == 1 */ - *p++ = (1 >> 8) & 0xFF; /* DlgOpt */ /* == 0 */ - *p++ = (fwd_data->length >> 0) & 0xFF; /* Dlgth */ - *p++ = (fwd_data->length >> 8) & 0xFF; /* Dlgth */ - memcpy(p, (unsigned char *) fwd_data->data, fwd_data->length); - - p += fwd_data->length; - } + *p++ = (1 >> 0) & 0xFF; /* DlgOpt */ /* == 1 */ + *p++ = (1 >> 8) & 0xFF; /* DlgOpt */ /* == 0 */ + *p++ = (fwd_data->length >> 0) & 0xFF; /* Dlgth */ + *p++ = (fwd_data->length >> 8) & 0xFF; /* Dlgth */ + memcpy(p, (unsigned char *) fwd_data->data, fwd_data->length); + + p += fwd_data->length; + } - return GSS_S_COMPLETE; + return GSS_S_COMPLETE; } /* @@ -172,7 +172,7 @@ gssapi_krb5_verify_8003_checksum( static unsigned char zeros[16]; /* XXX should handle checksums > 24 bytes */ - if(cksum->cksumtype != 0x8003) { + if(cksum->cksumtype != 0x8003 || cksum->checksum.length < 24) { *minor_status = 0; return GSS_S_BAD_BINDINGS; } @@ -201,27 +201,33 @@ gssapi_krb5_verify_8003_checksum( p += sizeof(hash); decode_om_uint32(p, flags); + p += 4; if (cksum->checksum.length > 24 && (*flags & GSS_C_DELEG_FLAG)) { + if(cksum->checksum.length < 28) { + *minor_status = 0; + return GSS_S_BAD_BINDINGS; + } - p += 4; - - DlgOpt = (p[0] << 0) | (p[1] << 8 ); - if (DlgOpt != 1) { - *minor_status = 0; - return GSS_S_BAD_BINDINGS; - } - - p += 2; - fwd_data->length = (p[0] << 0) | (p[1] << 8); - fwd_data->data = malloc(fwd_data->length); - if (fwd_data->data == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - p += 2; - memcpy(fwd_data->data, p, fwd_data->length); + DlgOpt = (p[0] << 0) | (p[1] << 8); + p += 2; + if (DlgOpt != 1) { + *minor_status = 0; + return GSS_S_BAD_BINDINGS; + } + + fwd_data->length = (p[0] << 0) | (p[1] << 8); + p += 2; + if(cksum->checksum.length < 28 + fwd_data->length) { + *minor_status = 0; + return GSS_S_BAD_BINDINGS; + } + fwd_data->data = malloc(fwd_data->length); + if (fwd_data->data == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + memcpy(fwd_data->data, p, fwd_data->length); } return GSS_S_COMPLETE; diff --git a/crypto/heimdal/lib/gssapi/ChangeLog b/crypto/heimdal/lib/gssapi/ChangeLog index cd9d9c1..d08f72b 100644 --- a/crypto/heimdal/lib/gssapi/ChangeLog +++ b/crypto/heimdal/lib/gssapi/ChangeLog @@ -1,3 +1,260 @@ +2003-05-07 Love Hörnquist Åstrand <lha@it.su.se> + + * gssapi.h: 1.27->1.28: + if __cplusplus, wrap the extern variable (just to be safe) and + functions in extern "C" { } + +2003-04-30 Love Hörnquist Åstrand <lha@it.su.se> + + * gssapi.3: more about the des3 mic mess + + * verify_mic.c 1.19->1.20 : (verify_mic_des3): always check if the + mic is the correct mic or the mic that old heimdal would have + generated + +2003-04-29 Jacques Vidrine <nectar@kth.se> + + * verify_mic.c: 1.18->1.19: verify_mic_des3: If MIC verification + fails, retry using the `old' MIC computation (with zero IV). + +2003-04-28 Love Hörnquist Åstrand <lha@it.su.se> + + * compat.c (_gss_DES3_get_mic_compat): default to use compat + + * gssapi.3: 1.5->1.6: document [gssapi]correct_des3_mic and + [gssapi]broken_des3_mic + + * compat.c: 1.2->1.4: + (gss_krb5_compat_des3_mci): return a value + (gss_krb5_compat_des3_mic): enable turning on/off des3 mic compat + (_gss_DES3_get_mic_compat): handle [gssapi]correct_des3_mic too + + * gssapi.h: 1.26->1.27: + (gss_krb5_compat_des3_mic): new function, turn on/off des3 mic compat + (GSS_C_KRB5_COMPAT_DES3_MIC): cpp symbol that exists if + gss_krb5_compat_des3_mic exists + +2003-04-23 Love Hörnquist Åstrand <lha@it.su.se> + + * Makefile.am: 1.44->1.45: test_acquire_cred_LDADD: use + libgssapi.la not ./libgssapi.la (makes make -jN work) + +2003-04-16 Love Hörnquist Åstrand <lha@it.su.se> + + * gssapi.3: spelling + + * gss_acquire_cred.3: Change .Fd #include <header.h> to .In + header.h, from Thomas Klausner <wiz@netbsd.org> + + +2003-04-06 Love Hörnquist Åstrand <lha@it.su.se> + + * gss_acquire_cred.3: spelling + + * Makefile.am: remove stuff that sneaked in with last commit + + * acquire_cred.c (acquire_initiator_cred): if the requested name + isn't in the ccache, also check keytab. Extact the krbtgt for the + default realm to check how long the credentials will last. + + * add_cred.c (gss_add_cred): don't create a new ccache, just open + the old one; better check if output handle is compatible with new + (copied) handle + + * test_acquire_cred.c: test gss_add_cred too + +2003-04-03 Love Hörnquist Åstrand <lha@it.su.se> + + * Makefile.am: build test_acquire_cred + + * test_acquire_cred.c: simple gss_acquire_cred test + +2003-04-02 Love Hörnquist Åstrand <lha@it.su.se> + + * gss_acquire_cred.3: s/gssapi/GSS-API/ + +2003-03-19 Love Hörnquist Åstrand <lha@it.su.se> + + * gss_acquire_cred.3: document v1 interface (and that they are + obsolete) + +2003-03-18 Love Hörnquist Åstrand <lha@it.su.se> + + * gss_acquire_cred.3: list supported mechanism and nametypes + +2003-03-16 Love Hörnquist Åstrand <lha@it.su.se> + + * gss_acquire_cred.3: text about gss_display_name + + * Makefile.am (libgssapi_la_LDFLAGS): bump to 3:6:2 + (libgssapi_la_SOURCES): add all new functions + + * gssapi.3: now that we have a functions, uncomment the missing + ones + + * gss_acquire_cred.3: now that we have a functions, uncomment the + missing ones + + * process_context_token.c: implement gss_process_context_token + + * inquire_names_for_mech.c: implement gss_inquire_names_for_mech + + * inquire_mechs_for_name.c: implement gss_inquire_mechs_for_name + + * inquire_cred_by_mech.c: implement gss_inquire_cred_by_mech + + * add_cred.c: implement gss_add_cred + + * acquire_cred.c (gss_acquire_cred): more testing of input + argument, make sure output arguments are ok, since we don't know + the time_rec (for now), set it to time_req + + * export_sec_context.c: send lifetime, also set minor_status + + * get_mic.c: set minor_status + + * import_sec_context.c (gss_import_sec_context): add error + checking, pick up lifetime (if there is no lifetime, use + GSS_C_INDEFINITE) + + * init_sec_context.c: take care to set export value to something + sane before we start so caller will have harmless values in them + if then function fails + + * release_buffer.c (gss_release_buffer): set minor_status + + * wrap.c: make sure minor_status get set + + * verify_mic.c (gss_verify_mic_internal): rename verify_mic to + gss_verify_mic_internal and let it take the type as an argument, + (gss_verify_mic): call gss_verify_mic_internal + set minor_status + + * unwrap.c: set minor_status + + * test_oid_set_member.c (gss_test_oid_set_member): use + gss_oid_equal + + * release_oid_set.c (gss_release_oid_set): set minor_status + + * release_name.c (gss_release_name): set minor_status + + * release_cred.c (gss_release_cred): set minor_status + + * add_oid_set_member.c (gss_add_oid_set_member): set minor_status + + * compare_name.c (gss_compare_name): set minor_status + + * compat.c (check_compat): make sure ret have a defined value + + * context_time.c (gss_context_time): set minor_status + + * copy_ccache.c (gss_krb5_copy_ccache): set minor_status + + * create_emtpy_oid_set.c (gss_create_empty_oid_set): set + minor_status + + * delete_sec_context.c (gss_delete_sec_context): set minor_status + + * display_name.c (gss_display_name): set minor_status + + * display_status.c (gss_display_status): use gss_oid_equal, handle + supplementary errors + + * duplicate_name.c (gss_duplicate_name): set minor_status + + * inquire_context.c (gss_inquire_context): set lifetime_rec now + when we know it, set minor_status + + * inquire_cred.c (gss_inquire_cred): take care to set export value + to something sane before we start so caller will have harmless + values in them if the function fails + + * accept_sec_context.c (gss_accept_sec_context): take care to set + export value to something sane before we start so caller will have + harmless values in them if then function fails, set lifetime from + ticket expiration date + + * indicate_mechs.c (gss_indicate_mechs): use + gss_create_empty_oid_set and gss_add_oid_set_member + + * gssapi.h (gss_ctx_id_t_desc): store the lifetime in the cred, + since there is no ticket transfered in the exported context + + * export_name.c (gss_export_name): export name with + GSS_C_NT_EXPORT_NAME wrapping, not just the principal + + * import_name.c (import_export_name): new function, parses a + GSS_C_NT_EXPORT_NAME + (import_krb5_name): factor out common code of parsing krb5 name + (gss_oid_equal): rename from oid_equal + + * gssapi_locl.h: add prototypes for gss_oid_equal and + gss_verify_mic_internal + + * gssapi.h: comment out the argument names + +2003-03-15 Love Hörnquist Åstrand <lha@it.su.se> + + * gssapi.3: add LIST OF FUNCTIONS and copyright/license + + * Makefile.am: s/gss_aquire_cred.3/gss_acquire_cred.3/ + + * Makefile.am: man_MANS += gss_aquire_cred.3 + +2003-03-14 Love Hörnquist Åstrand <lha@it.su.se> + + * gss_aquire_cred.3: the gssapi api manpage + +2003-03-03 Love Hörnquist Åstrand <lha@it.su.se> + + * inquire_context.c: (gss_inquire_context): rename argument open + to open_context + + * gssapi.h (gss_inquire_context): rename argument open to open_context + +2003-02-27 Love Hörnquist Åstrand <lha@it.su.se> + + * init_sec_context.c (do_delegation): remove unused variable + subkey + + * gssapi.3: all 0.5.x version had broken token delegation + +2003-02-21 Love Hörnquist Åstrand <lha@it.su.se> + + * (init_auth): only generate one subkey + +2003-01-27 Love Hörnquist Åstrand <lha@it.su.se> + + * verify_mic.c (verify_mic_des3): fix 3des verify_mic to conform + to rfc (and mit kerberos), provide backward compat hook + + * get_mic.c (mic_des3): fix 3des get_mic to conform to rfc (and + mit kerberos), provide backward compat hook + + * init_sec_context.c (init_auth): check if we need compat for + older get_mic/verify_mic + + * gssapi_locl.h: add prototype for _gss_DES3_get_mic_compat + + * gssapi.h (more_flags): add COMPAT_OLD_DES3 + + * Makefile.am: add gssapi.3 and compat.c + + * gssapi.3: add gssapi COMPATIBILITY documentation + + * accept_sec_context.c (gss_accept_sec_context): check if we need + compat for older get_mic/verify_mic + + * compat.c: check for compatiblity with other heimdal's 3des + get_mic/verify_mic + +2002-10-31 Johan Danielsson <joda@pdc.kth.se> + + * check return value from gssapi_krb5_init + + * 8003.c (gssapi_krb5_verify_8003_checksum): check size of input + 2002-09-03 Johan Danielsson <joda@pdc.kth.se> * wrap.c (wrap_des3): use ETYPE_DES3_CBC_NONE diff --git a/crypto/heimdal/lib/gssapi/Makefile.am b/crypto/heimdal/lib/gssapi/Makefile.am index 95ad40c..6d232e5 100644 --- a/crypto/heimdal/lib/gssapi/Makefile.am +++ b/crypto/heimdal/lib/gssapi/Makefile.am @@ -1,22 +1,26 @@ -# $Id: Makefile.am,v 1.38 2002/03/22 12:16:17 joda Exp $ +# $Id: Makefile.am,v 1.44.2.5 2003/05/12 15:20:46 joda Exp $ include $(top_srcdir)/Makefile.am.common INCLUDES += -I$(srcdir)/../krb5 $(INCLUDE_des) $(INCLUDE_krb4) lib_LTLIBRARIES = libgssapi.la -libgssapi_la_LDFLAGS = -version-info 3:5:2 +libgssapi_la_LDFLAGS = -version-info 4:0:3 libgssapi_la_LIBADD = ../krb5/libkrb5.la $(LIB_des) ../asn1/libasn1.la ../roken/libroken.la +man_MANS = gssapi.3 gss_acquire_cred.3 + include_HEADERS = gssapi.h libgssapi_la_SOURCES = \ 8003.c \ accept_sec_context.c \ acquire_cred.c \ + add_cred.c \ add_oid_set_member.c \ canonicalize_name.c \ compare_name.c \ + compat.c \ context_time.c \ copy_ccache.c \ create_emtpy_oid_set.c \ @@ -39,13 +43,23 @@ libgssapi_la_SOURCES = \ init_sec_context.c \ inquire_context.c \ inquire_cred.c \ + inquire_cred_by_mech.c \ + inquire_mechs_for_name.c \ + inquire_names_for_mech.c \ release_buffer.c \ release_cred.c \ release_name.c \ release_oid_set.c \ + process_context_token.c \ test_oid_set_member.c \ unwrap.c \ v1.c \ verify_mic.c \ wrap.c \ address_to_krb5addr.c + +#noinst_PROGRAMS = test_acquire_cred + +#test_acquire_cred_SOURCES = test_acquire_cred.c + +#test_acquire_cred_LDADD = libgssapi.la diff --git a/crypto/heimdal/lib/gssapi/Makefile.in b/crypto/heimdal/lib/gssapi/Makefile.in index c053595..7ce1a6e 100644 --- a/crypto/heimdal/lib/gssapi/Makefile.in +++ b/crypto/heimdal/lib/gssapi/Makefile.in @@ -14,11 +14,11 @@ @SET_MAKE@ -# $Id: Makefile.am,v 1.38 2002/03/22 12:16:17 joda Exp $ +# $Id: Makefile.am,v 1.44.2.5 2003/05/12 15:20:46 joda Exp $ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -202,18 +203,22 @@ NROFF_MAN = groff -mandoc -Tascii @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la lib_LTLIBRARIES = libgssapi.la -libgssapi_la_LDFLAGS = -version-info 3:5:2 +libgssapi_la_LDFLAGS = -version-info 4:0:3 libgssapi_la_LIBADD = ../krb5/libkrb5.la $(LIB_des) ../asn1/libasn1.la ../roken/libroken.la +man_MANS = gssapi.3 gss_acquire_cred.3 + include_HEADERS = gssapi.h libgssapi_la_SOURCES = \ 8003.c \ accept_sec_context.c \ acquire_cred.c \ + add_cred.c \ add_oid_set_member.c \ canonicalize_name.c \ compare_name.c \ + compat.c \ context_time.c \ copy_ccache.c \ create_emtpy_oid_set.c \ @@ -236,10 +241,14 @@ libgssapi_la_SOURCES = \ init_sec_context.c \ inquire_context.c \ inquire_cred.c \ + inquire_cred_by_mech.c \ + inquire_mechs_for_name.c \ + inquire_names_for_mech.c \ release_buffer.c \ release_cred.c \ release_name.c \ release_oid_set.c \ + process_context_token.c \ test_oid_set_member.c \ unwrap.c \ v1.c \ @@ -256,16 +265,19 @@ LTLIBRARIES = $(lib_LTLIBRARIES) libgssapi_la_DEPENDENCIES = ../krb5/libkrb5.la ../asn1/libasn1.la \ ../roken/libroken.la am_libgssapi_la_OBJECTS = 8003.lo accept_sec_context.lo acquire_cred.lo \ - add_oid_set_member.lo canonicalize_name.lo compare_name.lo \ - context_time.lo copy_ccache.lo create_emtpy_oid_set.lo \ - decapsulate.lo delete_sec_context.lo display_name.lo \ - display_status.lo duplicate_name.lo encapsulate.lo \ - export_sec_context.lo export_name.lo external.lo get_mic.lo \ - import_name.lo import_sec_context.lo indicate_mechs.lo init.lo \ - init_sec_context.lo inquire_context.lo inquire_cred.lo \ + add_cred.lo add_oid_set_member.lo canonicalize_name.lo \ + compare_name.lo compat.lo context_time.lo copy_ccache.lo \ + create_emtpy_oid_set.lo decapsulate.lo delete_sec_context.lo \ + display_name.lo display_status.lo duplicate_name.lo \ + encapsulate.lo export_sec_context.lo export_name.lo external.lo \ + get_mic.lo import_name.lo import_sec_context.lo \ + indicate_mechs.lo init.lo init_sec_context.lo \ + inquire_context.lo inquire_cred.lo inquire_cred_by_mech.lo \ + inquire_mechs_for_name.lo inquire_names_for_mech.lo \ release_buffer.lo release_cred.lo release_name.lo \ - release_oid_set.lo test_oid_set_member.lo unwrap.lo v1.lo \ - verify_mic.lo wrap.lo address_to_krb5addr.lo + release_oid_set.lo process_context_token.lo \ + test_oid_set_member.lo unwrap.lo v1.lo verify_mic.lo wrap.lo \ + address_to_krb5addr.lo libgssapi_la_OBJECTS = $(am_libgssapi_la_OBJECTS) DEFS = @DEFS@ @@ -284,6 +296,7 @@ LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(AM_LDFLAGS) $(LDFLAGS) -o $@ CFLAGS = @CFLAGS@ DIST_SOURCES = $(libgssapi_la_SOURCES) +MANS = $(man_MANS) HEADERS = $(include_HEADERS) DIST_COMMON = $(include_HEADERS) ChangeLog Makefile.am Makefile.in @@ -293,10 +306,10 @@ all: all-am .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign lib/gssapi/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) libLTLIBRARIES_INSTALL = $(INSTALL) install-libLTLIBRARIES: $(lib_LTLIBRARIES) @@ -347,6 +360,45 @@ clean-libtool: distclean-libtool: -rm -f libtool uninstall-info-am: + +man3dir = $(mandir)/man3 +install-man3: $(man3_MANS) $(man_MANS) + @$(NORMAL_INSTALL) + $(mkinstalldirs) $(DESTDIR)$(man3dir) + @list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \ + l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ + for i in $$l2; do \ + case "$$i" in \ + *.3*) list="$$list $$i" ;; \ + esac; \ + done; \ + for i in $$list; do \ + if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ + else file=$$i; fi; \ + ext=`echo $$i | sed -e 's/^.*\\.//'`; \ + inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ + inst=`echo $$inst | sed -e 's/^.*\///'`; \ + inst=`echo $$inst | sed '$(transform)'`.$$ext; \ + echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man3dir)/$$inst"; \ + $(INSTALL_DATA) $$file $(DESTDIR)$(man3dir)/$$inst; \ + done +uninstall-man3: + @$(NORMAL_UNINSTALL) + @list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \ + l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ + for i in $$l2; do \ + case "$$i" in \ + *.3*) list="$$list $$i" ;; \ + esac; \ + done; \ + for i in $$list; do \ + ext=`echo $$i | sed -e 's/^.*\\.//'`; \ + inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ + inst=`echo $$inst | sed -e 's/^.*\///'`; \ + inst=`echo $$inst | sed '$(transform)'`.$$ext; \ + echo " rm -f $(DESTDIR)$(man3dir)/$$inst"; \ + rm -f $(DESTDIR)$(man3dir)/$$inst; \ + done includeHEADERS_INSTALL = $(INSTALL_HEADER) install-includeHEADERS: $(include_HEADERS) @$(NORMAL_INSTALL) @@ -433,10 +485,10 @@ distdir: $(DISTFILES) check-am: all-am $(MAKE) $(AM_MAKEFLAGS) check-local check: check-am -all-am: Makefile $(LTLIBRARIES) $(HEADERS) all-local +all-am: Makefile $(LTLIBRARIES) $(MANS) $(HEADERS) all-local installdirs: - $(mkinstalldirs) $(DESTDIR)$(libdir) $(DESTDIR)$(includedir) + $(mkinstalldirs) $(DESTDIR)$(libdir) $(DESTDIR)$(man3dir) $(DESTDIR)$(includedir) install: install-am install-exec: install-exec-am @@ -480,7 +532,9 @@ info: info-am info-am: -install-data-am: install-data-local install-includeHEADERS +install-data-am: install-includeHEADERS install-man + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: install-libLTLIBRARIES @$(NORMAL_INSTALL) @@ -488,7 +542,7 @@ install-exec-am: install-libLTLIBRARIES install-info: install-info-am -install-man: +install-man: install-man3 installcheck-am: @@ -502,20 +556,23 @@ mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool uninstall-am: uninstall-includeHEADERS uninstall-info-am \ - uninstall-libLTLIBRARIES + uninstall-libLTLIBRARIES uninstall-man + +uninstall-man: uninstall-man3 .PHONY: GTAGS all all-am all-local check check-am check-local clean \ clean-generic clean-libLTLIBRARIES clean-libtool distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am info info-am install \ - install-am install-data install-data-am install-data-local \ - install-exec install-exec-am install-includeHEADERS \ - install-info install-info-am install-libLTLIBRARIES install-man \ + install-am install-data install-data-am install-exec \ + install-exec-am install-includeHEADERS install-info \ + install-info-am install-libLTLIBRARIES install-man install-man3 \ install-strip installcheck installcheck-am installdirs \ maintainer-clean maintainer-clean-generic mostlyclean \ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ tags uninstall uninstall-am uninstall-includeHEADERS \ - uninstall-info-am uninstall-libLTLIBRARIES + uninstall-info-am uninstall-libLTLIBRARIES uninstall-man \ + uninstall-man3 install-suid-programs: @@ -641,12 +698,18 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< .et.c: $(COMPILE_ET) $< + +#noinst_PROGRAMS = test_acquire_cred + +#test_acquire_cred_SOURCES = test_acquire_cred.c + +#test_acquire_cred_LDADD = libgssapi.la # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/lib/gssapi/accept_sec_context.c b/crypto/heimdal/lib/gssapi/accept_sec_context.c index 23eb769..62a0573 100644 --- a/crypto/heimdal/lib/gssapi/accept_sec_context.c +++ b/crypto/heimdal/lib/gssapi/accept_sec_context.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,12 +33,12 @@ #include "gssapi_locl.h" -RCSID("$Id: accept_sec_context.c,v 1.30 2001/08/29 02:21:09 assar Exp $"); +RCSID("$Id: accept_sec_context.c,v 1.33 2003/03/16 17:41:12 lha Exp $"); krb5_keytab gssapi_krb5_keytab; OM_uint32 -gsskrb5_register_acceptor_identity (char *identity) +gsskrb5_register_acceptor_identity (const char *identity) { krb5_error_code ret; char *p; @@ -76,347 +76,356 @@ gss_accept_sec_context gss_cred_id_t * delegated_cred_handle ) { - krb5_error_code kret; - OM_uint32 ret; - krb5_data indata; - krb5_flags ap_options; - OM_uint32 flags; - krb5_ticket *ticket = NULL; - krb5_keytab keytab = NULL; - krb5_data fwd_data; - OM_uint32 minor; - - ret = 0; - gssapi_krb5_init (); - - krb5_data_zero (&fwd_data); - output_token->length = 0; - output_token->value = NULL; - - if (*context_handle == GSS_C_NO_CONTEXT) { - *context_handle = malloc(sizeof(**context_handle)); + krb5_error_code kret; + OM_uint32 ret = GSS_S_COMPLETE; + krb5_data indata; + krb5_flags ap_options; + OM_uint32 flags; + krb5_ticket *ticket = NULL; + krb5_keytab keytab = NULL; + krb5_data fwd_data; + OM_uint32 minor; + + GSSAPI_KRB5_INIT(); + + krb5_data_zero (&fwd_data); + output_token->length = 0; + output_token->value = NULL; + + if (src_name != NULL) + *src_name = NULL; + if (mech_type) + *mech_type = GSS_KRB5_MECHANISM; + if (*context_handle == GSS_C_NO_CONTEXT) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; + *context_handle = malloc(sizeof(**context_handle)); + if (*context_handle == GSS_C_NO_CONTEXT) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + } + + (*context_handle)->auth_context = NULL; + (*context_handle)->source = NULL; + (*context_handle)->target = NULL; + (*context_handle)->flags = 0; + (*context_handle)->more_flags = 0; + (*context_handle)->ticket = NULL; + (*context_handle)->lifetime = GSS_C_INDEFINITE; + + kret = krb5_auth_con_init (gssapi_krb5_context, + &(*context_handle)->auth_context); + if (kret) { + ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); + goto failure; } - } - - (*context_handle)->auth_context = NULL; - (*context_handle)->source = NULL; - (*context_handle)->target = NULL; - (*context_handle)->flags = 0; - (*context_handle)->more_flags = 0; - (*context_handle)->ticket = NULL; - - if (src_name != NULL) - *src_name = NULL; - - kret = krb5_auth_con_init (gssapi_krb5_context, - &(*context_handle)->auth_context); - if (kret) { - ret = GSS_S_FAILURE; - *minor_status = kret; - gssapi_krb5_set_error_string (); - goto failure; - } - - if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS - && input_chan_bindings->application_data.length == - 2 * sizeof((*context_handle)->auth_context->local_port) - ) { + + if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS + && input_chan_bindings->application_data.length == + 2 * sizeof((*context_handle)->auth_context->local_port) + ) { - /* Port numbers are expected to be in application_data.value, - * initator's port first */ + /* Port numbers are expected to be in application_data.value, + * initator's port first */ - krb5_address initiator_addr, acceptor_addr; + krb5_address initiator_addr, acceptor_addr; - memset(&initiator_addr, 0, sizeof(initiator_addr)); - memset(&acceptor_addr, 0, sizeof(acceptor_addr)); + memset(&initiator_addr, 0, sizeof(initiator_addr)); + memset(&acceptor_addr, 0, sizeof(acceptor_addr)); - (*context_handle)->auth_context->remote_port = - *(int16_t *) input_chan_bindings->application_data.value; + (*context_handle)->auth_context->remote_port = + *(int16_t *) input_chan_bindings->application_data.value; - (*context_handle)->auth_context->local_port = - *((int16_t *) input_chan_bindings->application_data.value + 1); + (*context_handle)->auth_context->local_port = + *((int16_t *) input_chan_bindings->application_data.value + 1); - kret = gss_address_to_krb5addr(input_chan_bindings->acceptor_addrtype, - &input_chan_bindings->acceptor_address, - (*context_handle)->auth_context->local_port, - &acceptor_addr); - if (kret) { - gssapi_krb5_set_error_string (); - ret = GSS_S_BAD_BINDINGS; - *minor_status = kret; - goto failure; - } + kret = gss_address_to_krb5addr(input_chan_bindings->acceptor_addrtype, + &input_chan_bindings->acceptor_address, + (*context_handle)->auth_context->local_port, + &acceptor_addr); + if (kret) { + gssapi_krb5_set_error_string (); + ret = GSS_S_BAD_BINDINGS; + *minor_status = kret; + goto failure; + } - kret = gss_address_to_krb5addr(input_chan_bindings->initiator_addrtype, - &input_chan_bindings->initiator_address, - (*context_handle)->auth_context->remote_port, - &initiator_addr); - if (kret) { - krb5_free_address (gssapi_krb5_context, &acceptor_addr); - gssapi_krb5_set_error_string (); - ret = GSS_S_BAD_BINDINGS; - *minor_status = kret; - goto failure; - } + kret = gss_address_to_krb5addr(input_chan_bindings->initiator_addrtype, + &input_chan_bindings->initiator_address, + (*context_handle)->auth_context->remote_port, + &initiator_addr); + if (kret) { + krb5_free_address (gssapi_krb5_context, &acceptor_addr); + gssapi_krb5_set_error_string (); + ret = GSS_S_BAD_BINDINGS; + *minor_status = kret; + goto failure; + } - kret = krb5_auth_con_setaddrs(gssapi_krb5_context, - (*context_handle)->auth_context, - &acceptor_addr, /* local address */ - &initiator_addr); /* remote address */ + kret = krb5_auth_con_setaddrs(gssapi_krb5_context, + (*context_handle)->auth_context, + &acceptor_addr, /* local address */ + &initiator_addr); /* remote address */ - krb5_free_address (gssapi_krb5_context, &initiator_addr); - krb5_free_address (gssapi_krb5_context, &acceptor_addr); + krb5_free_address (gssapi_krb5_context, &initiator_addr); + krb5_free_address (gssapi_krb5_context, &acceptor_addr); #if 0 - free(input_chan_bindings->application_data.value); - input_chan_bindings->application_data.value = NULL; - input_chan_bindings->application_data.length = 0; + free(input_chan_bindings->application_data.value); + input_chan_bindings->application_data.value = NULL; + input_chan_bindings->application_data.length = 0; #endif - if (kret) { - gssapi_krb5_set_error_string (); - ret = GSS_S_BAD_BINDINGS; - *minor_status = kret; - goto failure; - } - } + if (kret) { + gssapi_krb5_set_error_string (); + ret = GSS_S_BAD_BINDINGS; + *minor_status = kret; + goto failure; + } + } - { - int32_t tmp; - - krb5_auth_con_getflags(gssapi_krb5_context, - (*context_handle)->auth_context, - &tmp); - tmp |= KRB5_AUTH_CONTEXT_DO_SEQUENCE; - krb5_auth_con_setflags(gssapi_krb5_context, - (*context_handle)->auth_context, - tmp); - } - - ret = gssapi_krb5_decapsulate (minor_status, - input_token_buffer, - &indata, - "\x01\x00"); - if (ret) - goto failure; - - if (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) { - if (gssapi_krb5_keytab != NULL) { - keytab = gssapi_krb5_keytab; - } - } else if (acceptor_cred_handle->keytab != NULL) { - keytab = acceptor_cred_handle->keytab; - } - - kret = krb5_rd_req (gssapi_krb5_context, - &(*context_handle)->auth_context, - &indata, - (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) ? NULL + { + int32_t tmp; + + krb5_auth_con_getflags(gssapi_krb5_context, + (*context_handle)->auth_context, + &tmp); + tmp |= KRB5_AUTH_CONTEXT_DO_SEQUENCE; + krb5_auth_con_setflags(gssapi_krb5_context, + (*context_handle)->auth_context, + tmp); + } + + ret = gssapi_krb5_decapsulate (minor_status, + input_token_buffer, + &indata, + "\x01\x00"); + if (ret) + goto failure; + + if (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) { + if (gssapi_krb5_keytab != NULL) { + keytab = gssapi_krb5_keytab; + } + } else if (acceptor_cred_handle->keytab != NULL) { + keytab = acceptor_cred_handle->keytab; + } + + kret = krb5_rd_req (gssapi_krb5_context, + &(*context_handle)->auth_context, + &indata, + (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) ? NULL : acceptor_cred_handle->principal, - keytab, - &ap_options, - &ticket); - if (kret) { - ret = GSS_S_FAILURE; - *minor_status = kret; - gssapi_krb5_set_error_string (); - goto failure; - } - - kret = krb5_copy_principal (gssapi_krb5_context, - ticket->client, - &(*context_handle)->source); - if (kret) { - ret = GSS_S_FAILURE; - *minor_status = kret; - gssapi_krb5_set_error_string (); - goto failure; - } - - kret = krb5_copy_principal (gssapi_krb5_context, - ticket->server, - &(*context_handle)->target); - if (kret) { - ret = GSS_S_FAILURE; - *minor_status = kret; - gssapi_krb5_set_error_string (); - goto failure; - } - - if (src_name != NULL) { + keytab, + &ap_options, + &ticket); + if (kret) { + ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); + goto failure; + } + kret = krb5_copy_principal (gssapi_krb5_context, ticket->client, - src_name); + &(*context_handle)->source); if (kret) { - ret = GSS_S_FAILURE; - *minor_status = kret; - gssapi_krb5_set_error_string (); - goto failure; + ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); + goto failure; } - } - { - krb5_authenticator authenticator; - - kret = krb5_auth_con_getauthenticator(gssapi_krb5_context, - (*context_handle)->auth_context, - &authenticator); - if(kret) { - ret = GSS_S_FAILURE; - *minor_status = kret; - gssapi_krb5_set_error_string (); - goto failure; - } - - ret = gssapi_krb5_verify_8003_checksum(minor_status, - input_chan_bindings, - authenticator->cksum, - &flags, - &fwd_data); - krb5_free_authenticator(gssapi_krb5_context, &authenticator); - if (ret) + kret = krb5_copy_principal (gssapi_krb5_context, + ticket->server, + &(*context_handle)->target); + if (kret) { + ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); goto failure; - } + } - if (fwd_data.length > 0 && (flags & GSS_C_DELEG_FLAG)) { - - krb5_ccache ccache; + ret = _gss_DES3_get_mic_compat(minor_status, *context_handle); + if (ret) + goto failure; + + if (src_name != NULL) { + kret = krb5_copy_principal (gssapi_krb5_context, + ticket->client, + src_name); + if (kret) { + ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); + goto failure; + } + } + + { + krb5_authenticator authenticator; - if (delegated_cred_handle == NULL) - /* XXX Create a new delegated_cred_handle? */ - kret = krb5_cc_default (gssapi_krb5_context, &ccache); - else if (*delegated_cred_handle == NULL) { - if ((*delegated_cred_handle = - calloc(1, sizeof(**delegated_cred_handle))) == NULL) { + kret = krb5_auth_con_getauthenticator(gssapi_krb5_context, + (*context_handle)->auth_context, + &authenticator); + if(kret) { ret = GSS_S_FAILURE; - *minor_status = ENOMEM; - krb5_set_error_string(gssapi_krb5_context, "out of memory"); - gssapi_krb5_set_error_string(); + *minor_status = kret; + gssapi_krb5_set_error_string (); goto failure; - } - if ((ret = gss_duplicate_name(minor_status, ticket->client, - &(*delegated_cred_handle)->principal)) != 0) { - flags &= ~GSS_C_DELEG_FLAG; - free(*delegated_cred_handle); - *delegated_cred_handle = NULL; - goto end_fwd; - } - } - if (delegated_cred_handle != NULL && - (*delegated_cred_handle)->ccache == NULL) { + } + + ret = gssapi_krb5_verify_8003_checksum(minor_status, + input_chan_bindings, + authenticator->cksum, + &flags, + &fwd_data); + krb5_free_authenticator(gssapi_krb5_context, &authenticator); + if (ret) + goto failure; + } + + if (fwd_data.length > 0 && (flags & GSS_C_DELEG_FLAG)) { + + krb5_ccache ccache; + + if (delegated_cred_handle == NULL) + /* XXX Create a new delegated_cred_handle? */ + kret = krb5_cc_default (gssapi_krb5_context, &ccache); + else if (*delegated_cred_handle == NULL) { + if ((*delegated_cred_handle = + calloc(1, sizeof(**delegated_cred_handle))) == NULL) { + ret = GSS_S_FAILURE; + *minor_status = ENOMEM; + krb5_set_error_string(gssapi_krb5_context, "out of memory"); + gssapi_krb5_set_error_string(); + goto failure; + } + if ((ret = gss_duplicate_name(minor_status, ticket->client, + &(*delegated_cred_handle)->principal)) != 0) { + flags &= ~GSS_C_DELEG_FLAG; + free(*delegated_cred_handle); + *delegated_cred_handle = NULL; + goto end_fwd; + } + } + if (delegated_cred_handle != NULL && + (*delegated_cred_handle)->ccache == NULL) { kret = krb5_cc_gen_new (gssapi_krb5_context, &krb5_mcc_ops, &(*delegated_cred_handle)->ccache); - ccache = (*delegated_cred_handle)->ccache; - } - if (delegated_cred_handle != NULL && - (*delegated_cred_handle)->mechanisms == NULL) { + ccache = (*delegated_cred_handle)->ccache; + } + if (delegated_cred_handle != NULL && + (*delegated_cred_handle)->mechanisms == NULL) { ret = gss_create_empty_oid_set(minor_status, - &(*delegated_cred_handle)->mechanisms); + &(*delegated_cred_handle)->mechanisms); if (ret) - goto failure; + goto failure; ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, - &(*delegated_cred_handle)->mechanisms); + &(*delegated_cred_handle)->mechanisms); if (ret) - goto failure; - } + goto failure; + } - if (kret) { - flags &= ~GSS_C_DELEG_FLAG; - goto end_fwd; - } + if (kret) { + flags &= ~GSS_C_DELEG_FLAG; + goto end_fwd; + } - kret = krb5_cc_initialize(gssapi_krb5_context, - ccache, - *src_name); - if (kret) { - flags &= ~GSS_C_DELEG_FLAG; - goto end_fwd; - } + kret = krb5_cc_initialize(gssapi_krb5_context, + ccache, + *src_name); + if (kret) { + flags &= ~GSS_C_DELEG_FLAG; + goto end_fwd; + } - kret = krb5_rd_cred2(gssapi_krb5_context, - (*context_handle)->auth_context, - ccache, - &fwd_data); - if (kret) { - flags &= ~GSS_C_DELEG_FLAG; - goto end_fwd; - } - -end_fwd: - free(fwd_data.data); - } + kret = krb5_rd_cred2(gssapi_krb5_context, + (*context_handle)->auth_context, + ccache, + &fwd_data); + if (kret) { + flags &= ~GSS_C_DELEG_FLAG; + goto end_fwd; + } + + end_fwd: + free(fwd_data.data); + } - flags |= GSS_C_TRANS_FLAG; + flags |= GSS_C_TRANS_FLAG; - if (ret_flags) - *ret_flags = flags; - (*context_handle)->flags = flags; - (*context_handle)->more_flags |= OPEN; + if (ret_flags) + *ret_flags = flags; + (*context_handle)->lifetime = ticket->ticket.endtime; + (*context_handle)->flags = flags; + (*context_handle)->more_flags |= OPEN; - if (mech_type) - *mech_type = GSS_KRB5_MECHANISM; + if (mech_type) + *mech_type = GSS_KRB5_MECHANISM; - if (time_rec) - *time_rec = GSS_C_INDEFINITE; + if (time_rec) + *time_rec = (*context_handle)->lifetime; - if(flags & GSS_C_MUTUAL_FLAG) { - krb5_data outbuf; + if(flags & GSS_C_MUTUAL_FLAG) { + krb5_data outbuf; - kret = krb5_mk_rep (gssapi_krb5_context, - (*context_handle)->auth_context, - &outbuf); - if (kret) { - ret = GSS_S_FAILURE; - *minor_status = kret; - gssapi_krb5_set_error_string (); - goto failure; + kret = krb5_mk_rep (gssapi_krb5_context, + (*context_handle)->auth_context, + &outbuf); + if (kret) { + ret = GSS_S_FAILURE; + *minor_status = kret; + gssapi_krb5_set_error_string (); + goto failure; + } + ret = gssapi_krb5_encapsulate (minor_status, + &outbuf, + output_token, + "\x02\x00"); + krb5_data_free (&outbuf); + if (ret) + goto failure; + } else { + output_token->length = 0; + output_token->value = NULL; } - ret = gssapi_krb5_encapsulate (minor_status, - &outbuf, - output_token, - "\x02\x00"); - krb5_data_free (&outbuf); - if (ret) - goto failure; - } else { - output_token->length = 0; - } - (*context_handle)->ticket = ticket; - ticket = NULL; + (*context_handle)->ticket = ticket; + ticket = NULL; #if 0 - krb5_free_ticket (context, ticket); + krb5_free_ticket (context, ticket); #endif - return GSS_S_COMPLETE; - -failure: - if (fwd_data.length > 0) - free(fwd_data.data); - if (ticket != NULL) - krb5_free_ticket (gssapi_krb5_context, ticket); - krb5_auth_con_free (gssapi_krb5_context, - (*context_handle)->auth_context); - if((*context_handle)->source) - krb5_free_principal (gssapi_krb5_context, - (*context_handle)->source); - if((*context_handle)->target) - krb5_free_principal (gssapi_krb5_context, - (*context_handle)->target); - free (*context_handle); - if (src_name != NULL) { - gss_release_name (&minor, src_name); - *src_name = NULL; - } - *context_handle = GSS_C_NO_CONTEXT; - return ret; + *minor_status = 0; + return GSS_S_COMPLETE; + + failure: + if (fwd_data.length > 0) + free(fwd_data.data); + if (ticket != NULL) + krb5_free_ticket (gssapi_krb5_context, ticket); + krb5_auth_con_free (gssapi_krb5_context, + (*context_handle)->auth_context); + if((*context_handle)->source) + krb5_free_principal (gssapi_krb5_context, + (*context_handle)->source); + if((*context_handle)->target) + krb5_free_principal (gssapi_krb5_context, + (*context_handle)->target); + free (*context_handle); + if (src_name != NULL) { + gss_release_name (&minor, src_name); + *src_name = NULL; + } + *context_handle = GSS_C_NO_CONTEXT; + return ret; } diff --git a/crypto/heimdal/lib/gssapi/acquire_cred.c b/crypto/heimdal/lib/gssapi/acquire_cred.c index 6940b26..503ac91 100644 --- a/crypto/heimdal/lib/gssapi/acquire_cred.c +++ b/crypto/heimdal/lib/gssapi/acquire_cred.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: acquire_cred.c,v 1.10 2002/08/20 12:02:45 nectar Exp $"); +RCSID("$Id: acquire_cred.c,v 1.13 2003/04/06 00:31:55 lha Exp $"); static krb5_error_code get_keytab(krb5_keytab *keytab) @@ -95,8 +95,9 @@ static OM_uint32 acquire_initiator_cred } else if (handle->principal != NULL && krb5_principal_compare(gssapi_krb5_context, handle->principal, def_princ) == FALSE) { - kret = KRB5_PRINC_NOMATCH; - goto end; + /* Before failing, lets check the keytab */ + krb5_free_principal(gssapi_krb5_context, def_princ); + def_princ = NULL; } if (def_princ == NULL) { /* We have no existing credentials cache, @@ -126,7 +127,36 @@ static OM_uint32 acquire_initiator_cred kret = krb5_cc_store_cred(gssapi_krb5_context, ccache, &cred); if (kret) goto end; + handle->lifetime = cred.times.endtime; + } else { + krb5_creds in_cred, *out_cred; + krb5_const_realm realm; + + memset(&in_cred, 0, sizeof(in_cred)); + in_cred.client = handle->principal; + + realm = krb5_principal_get_realm(gssapi_krb5_context, + handle->principal); + if (realm == NULL) { + kret = KRB5_PRINC_NOMATCH; /* XXX */ + goto end; + } + + kret = krb5_make_principal(gssapi_krb5_context, &in_cred.server, + realm, KRB5_TGS_NAME, realm, NULL); + if (kret) + goto end; + + kret = krb5_get_credentials(gssapi_krb5_context, 0, + ccache, &in_cred, &out_cred); + krb5_free_principal(gssapi_krb5_context, in_cred.server); + if (kret) + goto end; + + handle->lifetime = out_cred->times.endtime; + krb5_free_creds(gssapi_krb5_context, out_cred); } + handle->ccache = ccache; ret = GSS_S_COMPLETE; @@ -195,12 +225,32 @@ OM_uint32 gss_acquire_cred gss_cred_id_t handle; OM_uint32 ret; - gssapi_krb5_init (); + GSSAPI_KRB5_INIT (); + + *output_cred_handle = NULL; + if (time_rec) + *time_rec = 0; + if (actual_mechs) + *actual_mechs = GSS_C_NO_OID_SET; + + if (desired_mechs) { + OM_uint32 present = 0; + + ret = gss_test_oid_set_member(minor_status, GSS_KRB5_MECHANISM, + desired_mechs, &present); + if (ret) + return ret; + if (!present) { + *minor_status = 0; + return GSS_S_BAD_MECH; + } + } - *minor_status = 0; handle = (gss_cred_id_t)malloc(sizeof(*handle)); - if (handle == GSS_C_NO_CREDENTIAL) + if (handle == GSS_C_NO_CREDENTIAL) { + *minor_status = ENOMEM; return (GSS_S_FAILURE); + } memset(handle, 0, sizeof (*handle)); @@ -219,14 +269,17 @@ OM_uint32 gss_acquire_cred free(handle); return (ret); } - } - if (cred_usage == GSS_C_ACCEPT || cred_usage == GSS_C_BOTH) { + } else if (cred_usage == GSS_C_ACCEPT || cred_usage == GSS_C_BOTH) { ret = acquire_acceptor_cred(minor_status, desired_name, time_req, desired_mechs, cred_usage, handle, actual_mechs, time_rec); if (ret != GSS_S_COMPLETE) { free(handle); return (ret); } + } else { + free(handle); + *minor_status = GSS_KRB5_S_G_BAD_USAGE; + return GSS_S_FAILURE; } ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms); if (ret == GSS_S_COMPLETE) @@ -241,8 +294,9 @@ OM_uint32 gss_acquire_cred free(handle); return (ret); } - /* XXX */ - handle->lifetime = time_req; + *minor_status = 0; + if (time_rec) + *time_rec = handle->lifetime; handle->usage = cred_usage; *output_cred_handle = handle; return (GSS_S_COMPLETE); diff --git a/crypto/heimdal/lib/gssapi/add_cred.c b/crypto/heimdal/lib/gssapi/add_cred.c new file mode 100644 index 0000000..1e23a5b --- /dev/null +++ b/crypto/heimdal/lib/gssapi/add_cred.c @@ -0,0 +1,216 @@ +/* + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gssapi_locl.h" + +RCSID("$Id: add_cred.c,v 1.2 2003/04/06 00:29:17 lha Exp $"); + +OM_uint32 gss_add_cred ( + OM_uint32 *minor_status, + const gss_cred_id_t input_cred_handle, + const gss_name_t desired_name, + const gss_OID desired_mech, + gss_cred_usage_t cred_usage, + OM_uint32 initiator_time_req, + OM_uint32 acceptor_time_req, + gss_cred_id_t *output_cred_handle, + gss_OID_set *actual_mechs, + OM_uint32 *initiator_time_rec, + OM_uint32 *acceptor_time_rec) +{ + OM_uint32 ret, lifetime; + gss_cred_id_t cred, handle; + + handle = NULL; + cred = input_cred_handle; + + if (gss_oid_equal(desired_mech, GSS_KRB5_MECHANISM) == 0) { + *minor_status = 0; + return GSS_S_BAD_MECH; + } + + if (cred == GSS_C_NO_CREDENTIAL && output_cred_handle == NULL) { + *minor_status = 0; + return GSS_S_NO_CRED; + } + + /* check if requested output usage is compatible with output usage */ + if (output_cred_handle != NULL && + (cred->usage != cred_usage && cred->usage != GSS_C_BOTH)) { + *minor_status = GSS_KRB5_S_G_BAD_USAGE; + return(GSS_S_FAILURE); + } + + /* check that we have the same name */ + if (desired_name != GSS_C_NO_NAME && + krb5_principal_compare(gssapi_krb5_context, desired_name, + cred->principal) != FALSE) { + *minor_status = 0; + return GSS_S_BAD_NAME; + } + + /* make a copy */ + if (output_cred_handle) { + + handle = (gss_cred_id_t)malloc(sizeof(*handle)); + if (handle == GSS_C_NO_CREDENTIAL) { + *minor_status = ENOMEM; + return (GSS_S_FAILURE); + } + + memset(handle, 0, sizeof (*handle)); + + handle->usage = cred_usage; + handle->lifetime = cred->lifetime; + handle->principal = NULL; + handle->keytab = NULL; + handle->ccache = NULL; + handle->mechanisms = NULL; + + ret = GSS_S_FAILURE; + + ret = gss_duplicate_name(minor_status, cred->principal, + &handle->principal); + if (ret) { + free(handle); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + if (cred->keytab) { + krb5_error_code kret; + char name[KRB5_KT_PREFIX_MAX_LEN + MAXPATHLEN]; + int len; + + ret = GSS_S_FAILURE; + + kret = krb5_kt_get_type(gssapi_krb5_context, cred->keytab, + name, KRB5_KT_PREFIX_MAX_LEN); + if (kret) { + *minor_status = kret; + goto failure; + } + len = strlen(name); + name[len++] = ':'; + + kret = krb5_kt_get_name(gssapi_krb5_context, cred->keytab, + name + len, + sizeof(name) - len); + if (kret) { + *minor_status = kret; + goto failure; + } + + kret = krb5_kt_resolve(gssapi_krb5_context, name, + &handle->keytab); + if (kret){ + *minor_status = kret; + goto failure; + } + } + + if (cred->ccache) { + krb5_error_code kret; + const char *type, *name; + char *type_name; + + ret = GSS_S_FAILURE; + + type = krb5_cc_get_type(gssapi_krb5_context, cred->ccache); + if (type == NULL){ + *minor_status = ENOMEM; + goto failure; + } + + name = krb5_cc_get_name(gssapi_krb5_context, cred->ccache); + if (name == NULL) { + *minor_status = ENOMEM; + goto failure; + } + + asprintf(&type_name, "%s:%s", type, name); + if (type_name == NULL) { + *minor_status = ENOMEM; + goto failure; + } + + kret = krb5_cc_resolve(gssapi_krb5_context, type_name, + &handle->ccache); + free(type_name); + if (kret) { + *minor_status = kret; + goto failure; + } + } + + ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms); + if (ret) + goto failure; + + ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, + &handle->mechanisms); + if (ret) + goto failure; + } + + ret = gss_inquire_cred(minor_status, cred, NULL, &lifetime, + NULL, actual_mechs); + if (ret) + goto failure; + + if (initiator_time_rec) + *initiator_time_rec = lifetime; + if (acceptor_time_rec) + *acceptor_time_rec = lifetime; + + if (output_cred_handle) + *output_cred_handle = handle; + + *minor_status = 0; + return ret; + + failure: + + if (handle) { + if (handle->principal) + gss_release_name(NULL, &handle->principal); + if (handle->keytab) + krb5_kt_close(gssapi_krb5_context, handle->keytab); + if (handle->ccache) + krb5_cc_destroy(gssapi_krb5_context, handle->ccache); + if (handle->mechanisms) + gss_release_oid_set(NULL, &handle->mechanisms); + free(handle); + } + return ret; +} diff --git a/crypto/heimdal/lib/gssapi/add_oid_set_member.c b/crypto/heimdal/lib/gssapi/add_oid_set_member.c index baf70c5..ed654fc 100644 --- a/crypto/heimdal/lib/gssapi/add_oid_set_member.c +++ b/crypto/heimdal/lib/gssapi/add_oid_set_member.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: add_oid_set_member.c,v 1.7 2001/02/18 03:39:08 assar Exp $"); +RCSID("$Id: add_oid_set_member.c,v 1.8 2003/03/16 17:50:49 lha Exp $"); OM_uint32 gss_add_oid_set_member ( OM_uint32 * minor_status, @@ -50,8 +50,10 @@ OM_uint32 gss_add_oid_set_member ( if (res != GSS_S_COMPLETE) return res; - if (present) + if (present) { + *minor_status = 0; return GSS_S_COMPLETE; + } n = (*oid_set)->count + 1; tmp = realloc ((*oid_set)->elements, n * sizeof(gss_OID_desc)); @@ -62,5 +64,6 @@ OM_uint32 gss_add_oid_set_member ( (*oid_set)->elements = tmp; (*oid_set)->count = n; (*oid_set)->elements[n-1] = *member_oid; + *minor_status = 0; return GSS_S_COMPLETE; } diff --git a/crypto/heimdal/lib/gssapi/compare_name.c b/crypto/heimdal/lib/gssapi/compare_name.c index 5926b15..da494b0 100644 --- a/crypto/heimdal/lib/gssapi/compare_name.c +++ b/crypto/heimdal/lib/gssapi/compare_name.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: compare_name.c,v 1.2 1999/12/02 17:05:03 joda Exp $"); +RCSID("$Id: compare_name.c,v 1.4 2003/03/16 17:50:07 lha Exp $"); OM_uint32 gss_compare_name (OM_uint32 * minor_status, @@ -42,8 +42,10 @@ OM_uint32 gss_compare_name int * name_equal ) { - gssapi_krb5_init (); + GSSAPI_KRB5_INIT(); + *name_equal = krb5_principal_compare (gssapi_krb5_context, name1, name2); + *minor_status = 0; return GSS_S_COMPLETE; } diff --git a/crypto/heimdal/lib/gssapi/compat.c b/crypto/heimdal/lib/gssapi/compat.c new file mode 100644 index 0000000..311b1cb --- /dev/null +++ b/crypto/heimdal/lib/gssapi/compat.c @@ -0,0 +1,113 @@ +/* + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gssapi_locl.h" + +RCSID("$Id: compat.c,v 1.2.2.2 2003/04/28 13:58:09 lha Exp $"); + + +static krb5_error_code +check_compat(OM_uint32 *minor_status, gss_name_t name, + const char *option, krb5_boolean *compat, + krb5_boolean match_val) +{ + krb5_error_code ret = 0; + char **p, **q; + krb5_principal match; + + + p = krb5_config_get_strings(gssapi_krb5_context, NULL, "gssapi", + option, NULL); + if(p == NULL) + return 0; + + for(q = p; *q; q++) { + + ret = krb5_parse_name(gssapi_krb5_context, *q, &match); + if (ret) + break; + + if (krb5_principal_match(gssapi_krb5_context, name, match)) { + *compat = match_val; + break; + } + + krb5_free_principal(gssapi_krb5_context, match); + } + krb5_config_free_strings(p); + + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + + return 0; +} + +OM_uint32 +_gss_DES3_get_mic_compat(OM_uint32 *minor_status, gss_ctx_id_t ctx) +{ + krb5_boolean use_compat = TRUE; + OM_uint32 ret; + + if ((ctx->more_flags & COMPAT_OLD_DES3_SELECTED) == 0) { + ret = check_compat(minor_status, ctx->target, + "broken_des3_mic", &use_compat, TRUE); + if (ret) + return ret; + ret = check_compat(minor_status, ctx->target, + "correct_des3_mic", &use_compat, FALSE); + if (ret) + return ret; + + if (use_compat) + ctx->more_flags |= COMPAT_OLD_DES3; + ctx->more_flags |= COMPAT_OLD_DES3_SELECTED; + } + return 0; +} + +OM_uint32 +gss_krb5_compat_des3_mic(OM_uint32 *minor_status, gss_ctx_id_t ctx, int on) +{ + *minor_status = 0; + + if (on) { + ctx->more_flags |= COMPAT_OLD_DES3; + } else { + ctx->more_flags &= ~COMPAT_OLD_DES3; + } + ctx->more_flags |= COMPAT_OLD_DES3_SELECTED; + + return 0; +} diff --git a/crypto/heimdal/lib/gssapi/context_time.c b/crypto/heimdal/lib/gssapi/context_time.c index f933f9e..e947df6 100644 --- a/crypto/heimdal/lib/gssapi/context_time.c +++ b/crypto/heimdal/lib/gssapi/context_time.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: context_time.c,v 1.5 2001/05/11 09:16:45 assar Exp $"); +RCSID("$Id: context_time.c,v 1.7 2003/03/16 17:48:33 lha Exp $"); OM_uint32 gss_context_time (OM_uint32 * minor_status, @@ -46,7 +46,7 @@ OM_uint32 gss_context_time krb5_error_code kret; krb5_timestamp timeret; - gssapi_krb5_init(); + GSSAPI_KRB5_INIT (); ret = gss_inquire_context(minor_status, context_handle, NULL, NULL, &lifetime, NULL, NULL, NULL, NULL); @@ -62,5 +62,6 @@ OM_uint32 gss_context_time } *time_rec = lifetime - timeret; + *minor_status = 0; return GSS_S_COMPLETE; } diff --git a/crypto/heimdal/lib/gssapi/copy_ccache.c b/crypto/heimdal/lib/gssapi/copy_ccache.c index a6f53df..2ffe065 100644 --- a/crypto/heimdal/lib/gssapi/copy_ccache.c +++ b/crypto/heimdal/lib/gssapi/copy_ccache.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 2000 - 2001, 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,25 +33,26 @@ #include "gssapi_locl.h" -RCSID("$Id: copy_ccache.c,v 1.2 2001/05/11 09:16:45 assar Exp $"); +RCSID("$Id: copy_ccache.c,v 1.3 2003/03/16 17:47:44 lha Exp $"); OM_uint32 -gss_krb5_copy_ccache(OM_uint32 *minor, +gss_krb5_copy_ccache(OM_uint32 *minor_status, gss_cred_id_t cred, krb5_ccache out) { krb5_error_code kret; if (cred->ccache == NULL) { - *minor = EINVAL; + *minor_status = EINVAL; return GSS_S_FAILURE; } kret = krb5_cc_copy_cache(gssapi_krb5_context, cred->ccache, out); if (kret) { - *minor = kret; + *minor_status = kret; gssapi_krb5_set_error_string (); return GSS_S_FAILURE; } + *minor_status = 0; return GSS_S_COMPLETE; } diff --git a/crypto/heimdal/lib/gssapi/create_emtpy_oid_set.c b/crypto/heimdal/lib/gssapi/create_emtpy_oid_set.c index de71749..1a25e0d 100644 --- a/crypto/heimdal/lib/gssapi/create_emtpy_oid_set.c +++ b/crypto/heimdal/lib/gssapi/create_emtpy_oid_set.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: create_emtpy_oid_set.c,v 1.4 2001/02/18 03:39:08 assar Exp $"); +RCSID("$Id: create_emtpy_oid_set.c,v 1.5 2003/03/16 17:47:07 lha Exp $"); OM_uint32 gss_create_empty_oid_set ( OM_uint32 * minor_status, @@ -47,5 +47,6 @@ OM_uint32 gss_create_empty_oid_set ( } (*oid_set)->count = 0; (*oid_set)->elements = NULL; + *minor_status = 0; return GSS_S_COMPLETE; } diff --git a/crypto/heimdal/lib/gssapi/delete_sec_context.c b/crypto/heimdal/lib/gssapi/delete_sec_context.c index 06f44e3..2df1f39 100644 --- a/crypto/heimdal/lib/gssapi/delete_sec_context.c +++ b/crypto/heimdal/lib/gssapi/delete_sec_context.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: delete_sec_context.c,v 1.9 2001/05/10 15:23:04 assar Exp $"); +RCSID("$Id: delete_sec_context.c,v 1.11 2003/03/16 17:46:40 lha Exp $"); OM_uint32 gss_delete_sec_context (OM_uint32 * minor_status, @@ -41,28 +41,29 @@ OM_uint32 gss_delete_sec_context gss_buffer_t output_token ) { - gssapi_krb5_init (); + GSSAPI_KRB5_INIT (); - if (output_token) { - output_token->length = 0; - output_token->value = NULL; - } + if (output_token) { + output_token->length = 0; + output_token->value = NULL; + } - krb5_auth_con_free (gssapi_krb5_context, - (*context_handle)->auth_context); - if((*context_handle)->source) - krb5_free_principal (gssapi_krb5_context, - (*context_handle)->source); - if((*context_handle)->target) - krb5_free_principal (gssapi_krb5_context, - (*context_handle)->target); - if ((*context_handle)->ticket) { - krb5_free_ticket (gssapi_krb5_context, - (*context_handle)->ticket); - free((*context_handle)->ticket); - } + krb5_auth_con_free (gssapi_krb5_context, + (*context_handle)->auth_context); + if((*context_handle)->source) + krb5_free_principal (gssapi_krb5_context, + (*context_handle)->source); + if((*context_handle)->target) + krb5_free_principal (gssapi_krb5_context, + (*context_handle)->target); + if ((*context_handle)->ticket) { + krb5_free_ticket (gssapi_krb5_context, + (*context_handle)->ticket); + free((*context_handle)->ticket); + } - free (*context_handle); - *context_handle = GSS_C_NO_CONTEXT; - return GSS_S_COMPLETE; + free (*context_handle); + *context_handle = GSS_C_NO_CONTEXT; + *minor_status = 0; + return GSS_S_COMPLETE; } diff --git a/crypto/heimdal/lib/gssapi/display_name.c b/crypto/heimdal/lib/gssapi/display_name.c index 1c25e67..27a232f 100644 --- a/crypto/heimdal/lib/gssapi/display_name.c +++ b/crypto/heimdal/lib/gssapi/display_name.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: display_name.c,v 1.7 2001/05/11 09:16:46 assar Exp $"); +RCSID("$Id: display_name.c,v 1.9 2003/03/16 17:46:11 lha Exp $"); OM_uint32 gss_display_name (OM_uint32 * minor_status, @@ -42,31 +42,32 @@ OM_uint32 gss_display_name gss_OID * output_name_type ) { - krb5_error_code kret; - char *buf; - size_t len; + krb5_error_code kret; + char *buf; + size_t len; - gssapi_krb5_init (); - kret = krb5_unparse_name (gssapi_krb5_context, - input_name, - &buf); - if (kret) { - *minor_status = kret; - gssapi_krb5_set_error_string (); - return GSS_S_FAILURE; - } - len = strlen (buf); - output_name_buffer->length = len; - output_name_buffer->value = malloc(len + 1); - if (output_name_buffer->value == NULL) { + GSSAPI_KRB5_INIT (); + kret = krb5_unparse_name (gssapi_krb5_context, + input_name, + &buf); + if (kret) { + *minor_status = kret; + gssapi_krb5_set_error_string (); + return GSS_S_FAILURE; + } + len = strlen (buf); + output_name_buffer->length = len; + output_name_buffer->value = malloc(len + 1); + if (output_name_buffer->value == NULL) { + free (buf); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + memcpy (output_name_buffer->value, buf, len); + ((char *)output_name_buffer->value)[len] = '\0'; free (buf); - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - memcpy (output_name_buffer->value, buf, len); - ((char *)output_name_buffer->value)[len] = '\0'; - free (buf); - if (output_name_type) - *output_name_type = GSS_KRB5_NT_PRINCIPAL_NAME; - return GSS_S_COMPLETE; + if (output_name_type) + *output_name_type = GSS_KRB5_NT_PRINCIPAL_NAME; + *minor_status = 0; + return GSS_S_COMPLETE; } diff --git a/crypto/heimdal/lib/gssapi/display_status.c b/crypto/heimdal/lib/gssapi/display_status.c index fc1451d..d266fa4 100644 --- a/crypto/heimdal/lib/gssapi/display_status.c +++ b/crypto/heimdal/lib/gssapi/display_status.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1998 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: display_status.c,v 1.7 2001/08/23 04:34:41 assar Exp $"); +RCSID("$Id: display_status.c,v 1.9 2003/03/16 17:45:36 lha Exp $"); static char *krb5_error_string; @@ -93,6 +93,26 @@ routine_error(OM_uint32 v) return msgs[v]; } +static char * +supplementary_error(OM_uint32 v) +{ + static char *msgs[] = { + "normal completion", + "continuation call to routine required", + "duplicate per-message token detected", + "timed-out per-message token detected", + "reordered (early) per-message token detected", + "skipped predecessor token(s) detected" + }; + + v >>= GSS_C_SUPPLEMENTARY_OFFSET; + + if (v >= sizeof(msgs)/sizeof(*msgs)) + return "unknown routine error"; + else + return msgs[v]; +} + void gssapi_krb5_set_error_string (void) { @@ -117,18 +137,25 @@ OM_uint32 gss_display_status { char *buf; - gssapi_krb5_init (); + GSSAPI_KRB5_INIT (); - *minor_status = 0; + status_string->length = 0; + status_string->value = NULL; - if (mech_type != GSS_C_NO_OID && - mech_type != GSS_KRB5_MECHANISM) - return GSS_S_BAD_MECH; + if (gss_oid_equal(mech_type, GSS_C_NO_OID) == 0 && + gss_oid_equal(mech_type, GSS_KRB5_MECHANISM) == 0) { + *minor_status = 0; + return GSS_C_GSS_CODE; + } if (status_type == GSS_C_GSS_CODE) { - asprintf (&buf, "%s %s", - calling_error(GSS_CALLING_ERROR(status_value)), - routine_error(GSS_ROUTINE_ERROR(status_value))); + if (GSS_SUPPLEMENTARY_INFO(status_value)) + asprintf(&buf, "%s", + supplementary_error(GSS_SUPPLEMENTARY_INFO(status_value))); + else + asprintf (&buf, "%s %s", + calling_error(GSS_CALLING_ERROR(status_value)), + routine_error(GSS_ROUTINE_ERROR(status_value))); } else if (status_type == GSS_C_MECH_CODE) { buf = gssapi_krb5_get_error_string (); if (buf == NULL) { @@ -140,8 +167,10 @@ OM_uint32 gss_display_status else buf = strdup(tmp); } - } else + } else { + *minor_status = EINVAL; return GSS_S_BAD_STATUS; + } if (buf == NULL) { *minor_status = ENOMEM; @@ -149,6 +178,7 @@ OM_uint32 gss_display_status } *message_context = 0; + *minor_status = 0; status_string->length = strlen(buf); status_string->value = buf; diff --git a/crypto/heimdal/lib/gssapi/duplicate_name.c b/crypto/heimdal/lib/gssapi/duplicate_name.c index b0ecdf2..2b54e90 100644 --- a/crypto/heimdal/lib/gssapi/duplicate_name.c +++ b/crypto/heimdal/lib/gssapi/duplicate_name.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: duplicate_name.c,v 1.5 2001/05/11 09:16:46 assar Exp $"); +RCSID("$Id: duplicate_name.c,v 1.7 2003/03/16 17:44:26 lha Exp $"); OM_uint32 gss_duplicate_name ( OM_uint32 * minor_status, @@ -41,18 +41,19 @@ OM_uint32 gss_duplicate_name ( gss_name_t * dest_name ) { - krb5_error_code kret; + krb5_error_code kret; - gssapi_krb5_init (); + GSSAPI_KRB5_INIT (); - kret = krb5_copy_principal (gssapi_krb5_context, - src_name, - dest_name); - if (kret) { - *minor_status = kret; - gssapi_krb5_set_error_string (); - return GSS_S_FAILURE; - } else { - return GSS_S_COMPLETE; - } + kret = krb5_copy_principal (gssapi_krb5_context, + src_name, + dest_name); + if (kret) { + *minor_status = kret; + gssapi_krb5_set_error_string (); + return GSS_S_FAILURE; + } else { + *minor_status = 0; + return GSS_S_COMPLETE; + } } diff --git a/crypto/heimdal/lib/gssapi/export_name.c b/crypto/heimdal/lib/gssapi/export_name.c index efbd9c4..c5fcbd4 100644 --- a/crypto/heimdal/lib/gssapi/export_name.c +++ b/crypto/heimdal/lib/gssapi/export_name.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1997, 1999, 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: export_name.c,v 1.4 1999/12/02 17:05:03 joda Exp $"); +RCSID("$Id: export_name.c,v 1.5 2003/03/16 17:34:46 lha Exp $"); OM_uint32 gss_export_name (OM_uint32 * minor_status, @@ -41,8 +41,54 @@ OM_uint32 gss_export_name gss_buffer_t exported_name ) { - return gss_display_name(minor_status, - input_name, - exported_name, - NULL); + krb5_error_code kret; + char *buf, *name; + size_t len; + + GSSAPI_KRB5_INIT (); + kret = krb5_unparse_name (gssapi_krb5_context, + input_name, + &name); + if (kret) { + *minor_status = kret; + gssapi_krb5_set_error_string (); + return GSS_S_FAILURE; + } + len = strlen (name); + + exported_name->length = 10 + len + GSS_KRB5_MECHANISM->length; + exported_name->value = malloc(exported_name->length); + if (exported_name->value == NULL) { + free (name); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + /* TOK, MECH_OID_LEN, DER(MECH_OID), NAME_LEN, NAME */ + + buf = exported_name->value; + memcpy(buf, "\x04\x01", 2); + buf += 2; + buf[0] = ((GSS_KRB5_MECHANISM->length + 2) >> 8) & 0xff; + buf[1] = (GSS_KRB5_MECHANISM->length + 2) & 0xff; + buf+= 2; + buf[0] = 0x06; + buf[1] = (GSS_KRB5_MECHANISM->length) & 0xFF; + buf+= 2; + + memcpy(buf, GSS_KRB5_MECHANISM->elements, GSS_KRB5_MECHANISM->length); + buf += GSS_KRB5_MECHANISM->length; + + buf[0] = (len >> 24) & 0xff; + buf[1] = (len >> 16) & 0xff; + buf[2] = (len >> 8) & 0xff; + buf[3] = (len) & 0xff; + buf += 4; + + memcpy (buf, name, len); + + free (name); + + *minor_status = 0; + return GSS_S_COMPLETE; } diff --git a/crypto/heimdal/lib/gssapi/export_sec_context.c b/crypto/heimdal/lib/gssapi/export_sec_context.c index 30c5a11..c7e6265 100644 --- a/crypto/heimdal/lib/gssapi/export_sec_context.c +++ b/crypto/heimdal/lib/gssapi/export_sec_context.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: export_sec_context.c,v 1.4 2001/02/18 03:39:09 assar Exp $"); +RCSID("$Id: export_sec_context.c,v 1.6 2003/03/16 18:02:52 lha Exp $"); OM_uint32 gss_export_sec_context ( @@ -51,9 +51,11 @@ gss_export_sec_context ( OM_uint32 minor; krb5_error_code kret; - gssapi_krb5_init (); - if (!((*context_handle)->flags & GSS_C_TRANS_FLAG)) + GSSAPI_KRB5_INIT (); + if (!((*context_handle)->flags & GSS_C_TRANS_FLAG)) { + *minor_status = 0; return GSS_S_UNAVAILABLE; + } sp = krb5_storage_emem (); if (sp == NULL) { @@ -145,27 +147,6 @@ gss_export_sec_context ( goto failure; } -#if 0 - { - size_t sz; - unsigned char auth_buf[1024]; - - ret = encode_Authenticator (auth_buf, sizeof(auth_buf), - ac->authenticator, &sz); - if (ret) { - krb5_storage_free (sp); - *minor_status = ret; - return GSS_S_FAILURE; - } - data.data = auth_buf; - data.length = sz; - kret = krb5_store_data (sp, data); - if (kret) { - *minor_status = kret; - goto failure; - } - } -#endif kret = krb5_store_int32 (sp, ac->keytype); if (kret) { *minor_status = kret; @@ -196,6 +177,9 @@ gss_export_sec_context ( goto failure; data.data = buffer.value; data.length = buffer.length; + + ret = GSS_S_FAILURE; + kret = krb5_store_data (sp, data); gss_release_buffer (&minor, &buffer); if (kret) { @@ -213,6 +197,11 @@ gss_export_sec_context ( *minor_status = kret; goto failure; } + kret = krb5_store_int32 (sp, (*context_handle)->lifetime); + if (kret) { + *minor_status = kret; + goto failure; + } kret = krb5_storage_to_data (sp, &data); krb5_storage_free (sp); @@ -226,6 +215,7 @@ gss_export_sec_context ( GSS_C_NO_BUFFER); if (ret != GSS_S_COMPLETE) gss_release_buffer (NULL, interprocess_token); + *minor_status = 0; return ret; failure: krb5_storage_free (sp); diff --git a/crypto/heimdal/lib/gssapi/get_mic.c b/crypto/heimdal/lib/gssapi/get_mic.c index 720a2ff..e890b08 100644 --- a/crypto/heimdal/lib/gssapi/get_mic.c +++ b/crypto/heimdal/lib/gssapi/get_mic.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: get_mic.c,v 1.19 2001/10/31 13:37:39 nectar Exp $"); +RCSID("$Id: get_mic.c,v 1.21 2003/03/16 18:02:04 lha Exp $"); static OM_uint32 mic_des @@ -115,6 +115,7 @@ mic_des memset (deskey, 0, sizeof(deskey)); memset (schedule, 0, sizeof(schedule)); + *minor_status = 0; return GSS_S_COMPLETE; } @@ -139,6 +140,7 @@ mic_des3 krb5_error_code kret; krb5_data encdata; char *tmp; + char ivec[8]; gssapi_krb5_encap_length (36, &len, &total_len); @@ -219,10 +221,15 @@ mic_des3 return GSS_S_FAILURE; } - kret = krb5_encrypt (gssapi_krb5_context, - crypto, - KRB5_KU_USAGE_SEQ, - seq, 8, &encdata); + if (context_handle->more_flags & COMPAT_OLD_DES3) + memset(ivec, 0, 8); + else + memcpy(ivec, p + 8, 8); + + kret = krb5_encrypt_ivec (gssapi_krb5_context, + crypto, + KRB5_KU_USAGE_SEQ, + seq, 8, &encdata, ivec); krb5_crypto_destroy (gssapi_krb5_context, crypto); if (kret) { free (message_token->value); @@ -241,6 +248,7 @@ mic_des3 ++seq_number); free_Checksum (&cksum); + *minor_status = 0; return GSS_S_COMPLETE; } diff --git a/crypto/heimdal/lib/gssapi/gss_acquire_cred.3 b/crypto/heimdal/lib/gssapi/gss_acquire_cred.3 new file mode 100644 index 0000000..1d8c0a0 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/gss_acquire_cred.3 @@ -0,0 +1,465 @@ +.\" Copyright (c) 2003 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: gss_acquire_cred.3,v 1.8.2.1 2003/04/28 13:41:42 lha Exp $ +.\" +.Dd April 2, 2003 +.Dt GSS_ACQUIRE_CRED 3 +.Os HEIMDAL +.Sh NAME +.Nm gss_accept_sec_context , +.Nm gss_acquire_cred , +.Nm gss_add_cred , +.Nm gss_add_oid_set_member , +.Nm gss_canonicalize_name , +.Nm gss_compare_name , +.Nm gss_context_time , +.Nm gss_create_empty_oid_set , +.Nm gss_delete_sec_context , +.Nm gss_display_name , +.Nm gss_display_status , +.Nm gss_duplicate_name , +.Nm gss_export_name , +.Nm gss_export_sec_context , +.Nm gss_get_mic , +.Nm gss_import_name , +.Nm gss_import_sec_context , +.Nm gss_indicate_mechs , +.Nm gss_init_sec_context , +.Nm gss_inquire_context , +.Nm gss_inquire_cred , +.Nm gss_inquire_cred_by_mech , +.Nm gss_inquire_mechs_for_name , +.Nm gss_inquire_names_for_mech , +.Nm gss_krb5_copy_ccache , +.Nm gss_krb5_compat_des3_mic , +.Nm gss_process_context_token , +.Nm gss_release_buffer , +.Nm gss_release_cred , +.Nm gss_release_name , +.Nm gss_release_oid_set , +.Nm gss_seal , +.Nm gss_sign , +.Nm gss_test_oid_set_member , +.Nm gss_unseal , +.Nm gss_unwrap , +.Nm gss_verify , +.Nm gss_verify_mic , +.Nm gss_wrap , +.Nm gss_wrap_size_limit +.Nd Generic Security Service Application Program Interface library +.Sh LIBRARY +GSS-API library (libgssapi, -lgssapi) +.Sh SYNOPSIS +.In gssapi.h +.Pp +.Ft OM_uint32 +.Fo gss_accept_sec_context +.Fa "OM_uint32 * minor_status" +.Fa "gss_ctx_id_t * context_handle" +.Fa "const gss_cred_id_t acceptor_cred_handle" +.Fa "const gss_buffer_t input_token_buffer" +.Fa "const gss_channel_bindings_t input_chan_bindings" +.Fa "gss_name_t * src_name" +.Fa "gss_OID * mech_type" +.Fa "gss_buffer_t output_token" +.Fa "OM_uint32 * ret_flags" +.Fa "OM_uint32 * time_rec" +.Fa "gss_cred_id_t * delegated_cred_handle" +.Fc +.Pp +.Ft OM_uint32 +.Fo gss_acquire_cred +.Fa "OM_uint32 * minor_status" +.Fa "const gss_name_t desired_name" +.Fa "OM_uint32 time_req" +.Fa "const gss_OID_set desired_mechs" +.Fa "gss_cred_usage_t cred_usage" +.Fa "gss_cred_id_t * output_cred_handle" +.Fa "gss_OID_set * actual_mechs" +.Fa "OM_uint32 * time_rec" +.Fc +.\" .Fn gss_add_cred +.Ft OM_uint32 +.Fo gss_add_oid_set_member +.Fa "OM_uint32 * minor_status" +.Fa "const gss_OID member_oid" +.Fa "gss_OID_set * oid_set" +.Fc +.Ft OM_uint32 +.Fo gss_canonicalize_name +.Fa "OM_uint32 * minor_status" +.Fa "const gss_name_t input_name" +.Fa "const gss_OID mech_type" +.Fa "gss_name_t * output_name" +.Fc +.Ft OM_uint32 +.Fo gss_compare_name +.Fa "OM_uint32 * minor_status" +.Fa "const gss_name_t name1" +.Fa "const gss_name_t name2" +.Fa "int * name_equal" +.Fc +.Ft OM_uint32 +.Fo gss_context_time +.Fa "OM_uint32 * minor_status" +.Fa "const gss_ctx_id_t context_handle" +.Fa "OM_uint32 * time_rec" +.Fc +.Ft OM_uint32 +.Fo gss_create_empty_oid_set +.Fa "OM_uint32 * minor_status" +.Fa "gss_OID_set * oid_set" +.Fc +.Ft OM_uint32 +.Fo gss_delete_sec_context +.Fa "OM_uint32 * minor_status" +.Fa "gss_ctx_id_t * context_handle" +.Fa "gss_buffer_t output_token" +.Fc +.Ft OM_uint32 +.Fo gss_display_name +.Fa "OM_uint32 * minor_status" +.Fa "const gss_name_t input_name" +.Fa "gss_buffer_t output_name_buffer" +.Fa "gss_OID * output_name_type" +.Fc +.Ft OM_uint32 +.Fo gss_display_status +.Fa "OM_uint32 *minor_status" +.Fa "OM_uint32 status_value" +.Fa "int status_type" +.Fa "const gss_OID mech_type" +.Fa "OM_uint32 *message_context" +.Fa "gss_buffer_t status_string" +.Fc +.Ft OM_uint32 +.Fo gss_duplicate_name +.Fa "OM_uint32 * minor_status" +.Fa "const gss_name_t src_name" +.Fa "gss_name_t * dest_name" +.Fc +.Ft OM_uint32 +.Fo gss_export_name +.Fa "OM_uint32 * minor_status" +.Fa "const gss_name_t input_name" +.Fa "gss_buffer_t exported_name" +.Fc +.Ft OM_uint32 +.Fo gss_export_sec_context +.Fa "OM_uint32 * minor_status" +.Fa "gss_ctx_id_t * context_handle" +.Fa "gss_buffer_t interprocess_token" +.Fc +.Ft OM_uint32 +.Fo gss_get_mic +.Fa "OM_uint32 * minor_status" +.Fa "const gss_ctx_id_t context_handle" +.Fa "gss_qop_t qop_req" +.Fa "const gss_buffer_t message_buffer" +.Fa "gss_buffer_t message_token" +.Fc +.Ft OM_uint32 +.Fo gss_import_name +.Fa "OM_uint32 * minor_status, +.Fa "const gss_buffer_t input_name_buffer" +.Fa "const gss_OID input_name_type" +.Fa "gss_name_t * output_name" +.Fc +.Ft OM_uint32 +.Fo gss_import_sec_context +.Fa "OM_uint32 * minor_status" +.Fa "const gss_buffer_t interprocess_token" +.Fa "gss_ctx_id_t * context_handle" +.Fc +.Ft OM_uint32 +.Fo gss_indicate_mechs +.Fa "OM_uint32 * minor_status" +.Fa "gss_OID_set * mech_set" +.Fc +.Ft OM_uint32 +.Fo gss_init_sec_context +.Fa "OM_uint32 * minor_status" +.Fa "const gss_cred_id_t initiator_cred_handle" +.Fa "gss_ctx_id_t * context_handle" +.Fa "const gss_name_t target_name" +.Fa "const gss_OID mech_type" +.Fa "OM_uint32 req_flags" +.Fa "OM_uint32 time_req" +.Fa "const gss_channel_bindings_t input_chan_bindings" +.Fa "const gss_buffer_t input_token" +.Fa "gss_OID * actual_mech_type" +.Fa "gss_buffer_t output_token" +.Fa "OM_uint32 * ret_flags" +.Fa "OM_uint32 * time_rec" +.Fc +.Ft OM_uint32 +.Fo gss_inquire_context +.Fa "OM_uint32 * minor_status" +.Fa "const gss_ctx_id_t context_handle" +.Fa "gss_name_t * src_name" +.Fa "gss_name_t * targ_name" +.Fa "OM_uint32 * lifetime_rec" +.Fa "gss_OID * mech_type" +.Fa "OM_uint32 * ctx_flags" +.Fa "int * locally_initiated" +.Fa "int * open_context" +.Fc +.Ft OM_uint32 +.Fo gss_inquire_cred +.Fa "OM_uint32 * minor_status" +.Fa "const gss_cred_id_t cred_handle" +.Fa "gss_name_t * name" +.Fa "OM_uint32 * lifetime" +.Fa "gss_cred_usage_t * cred_usage" +.Fa "gss_OID_set * mechanisms" +.Fc +.Ft OM_uint32 +.Fo gss_inquire_cred_by_mech +.Fc +.Ft OM_uint32 +.Fo gss_inquire_mechs_for_name +.Fc +.Ft OM_uint32 +.Fo gss_inquire_names_for_mech +.Fc +.Ft OM_uint32 +.Fo gss_krb5_copy_ccache +.Fa "OM_uint32 *minor" +.Fa "gss_cred_id_t cred" +.Fa "krb5_ccache out" +.Fc +.Ft OM_uint32 +.Fo gss_krb5_compat_des3_mic +.Fa "OM_uint32 * minor_status" +.Fa "gss_ctx_id_t context_handle" +.Fa "int onoff" +.Fc +.Ft OM_uint32 +.Fo gss_process_context_token +.Fc +.Ft OM_uint32 +.Fo gss_release_buffer +.Fa "OM_uint32 * minor_status" +.Fa "gss_buffer_t buffer" +.Fc +.Ft OM_uint32 +.Fo gss_release_cred +.Fa "OM_uint32 * minor_status" +.Fa "gss_cred_id_t * cred_handle" +.Fc +.Ft OM_uint32 +.Fo gss_release_name +.Fa "OM_uint32 * minor_status" +.Fa "gss_name_t * input_name" +.Fc +.Ft +.Fo gss_release_oid_set +.Fa "OM_uint32 * minor_status" +.Fa "gss_OID_set * set" +.Fc +.Ft OM_uint32 +.Fo gss_seal +.Fa "OM_uint32 * minor_status" +.Fa "gss_ctx_id_t context_handle" +.Fa "int conf_req_flag" +.Fa "int qop_req" +.Fa "gss_buffer_t input_message_buffer" +.Fa "int * conf_state" +.Fa "gss_buffer_t output_message_buffer" +.Fc +.Ft OM_uint32 +.Fo gss_sign +.Fa "OM_uint32 * minor_status" +.Fa "gss_ctx_id_t context_handle" +.Fa "int qop_req" +.Fa "gss_buffer_t message_buffer" +.Fa "gss_buffer_t message_token" +.Fc +.Ft OM_uint32 +.Fo gss_test_oid_set_member +.Fa "OM_uint32 * minor_status" +.Fa "const gss_OID member" +.Fa "const gss_OID_set set" +.Fa "int * present" +.Fc +.Ft OM_uint32 +.Fo gss_unseal +.Fa "OM_uint32 * minor_status" +.Fa "gss_ctx_id_t context_handle" +.Fa "gss_buffer_t input_message_buffer" +.Fa "gss_buffer_t output_message_buffer" +.Fa "int * conf_state" +.Fa "int * qop_state" +.Fc +.Ft OM_uint32 +.Fo gss_unwrap +.Fa "OM_uint32 * minor_status" +.Fa "const gss_ctx_id_t context_handle" +.Fa "const gss_buffer_t input_message_buffer" +.Fa "gss_buffer_t output_message_buffer" +.Fa "int * conf_state" +.Fa "gss_qop_t * qop_state" +.Fc +.Ft OM_uint32 +.Fo gss_verify +.Fa "OM_uint32 * minor_status" +.Fa "gss_ctx_id_t context_handle" +.Fa "gss_buffer_t message_buffer" +.Fa "gss_buffer_t token_buffer" +.Fa "int * qop_state" +.Fc +.Ft OM_uint32 +.Fo gss_verify_mic +.Fa "OM_uint32 * minor_status" +.Fa "const gss_ctx_id_t context_handle" +.Fa "const gss_buffer_t message_buffer" +.Fa "const gss_buffer_t token_buffer" +.Fa "gss_qop_t * qop_state" +.Fc +.Ft +.Fo gss_wrap +.Fa "OM_uint32 * minor_status" +.Fa "const gss_ctx_id_t context_handle" +.Fa "int conf_req_flag" +.Fa "gss_qop_t qop_req" +.Fa "const gss_buffer_t input_message_buffer" +.Fa "int * conf_state" +.Fa "gss_buffer_t output_message_buffer" +.Fc +.Ft OM_uint32 +.Fo gss_wrap_size_limit +.Fa "OM_uint32 * minor_status" +.Fa "const gss_ctx_id_t context_handle" +.Fa "int conf_req_flag" +.Fa "gss_qop_t qop_req" +.Fa "OM_uint32 req_output_size" +.Fa "OM_uint32 * max_input_size" +.Fc +.Sh DESCRIPTION +Generic Security Service API (GSS-API) version 2, and its C binding, +is described in +.Li RFC2743 +and +.Li RFC2744 . +Version 1 (deprecated) of the C binding is described in +.Li RFC1509 . +.Pp +Heimdals GSS-API implementation supports the following mechanisms +.Bl -bullet +.It +.Li GSS_KRB5_MECHANISM +.El +.Pp +GSS-API have generic name types that all mechanism are supposed to +implement (if possible) +.Bl -bullet +.It +.Li GSS_C_NT_USER_NAME +.It +.Li GSS_C_NT_MACHINE_UID_NAME +.It +.Li GSS_C_NT_STRING_UID_NAME +.It +.Li GSS_C_NT_HOSTBASED_SERVICE +.It +.Li GSS_C_NT_ANONYMOUS +.It +.Li GSS_C_NT_EXPORT_NAME +.El +.Pp +GSS-API implementations that supports Kerberos 5 have some additional +name types +.Bl -bullet +.It +.Li GSS_KRB5_NT_PRINCIPAL_NAME +.It +.Li GSS_KRB5_NT_USER_NAME +.It +.Li GSS_KRB5_NT_MACHINE_UID_NAME +.It +.Li GSS_KRB5_NT_STRING_UID_NAME +.El +.Pp +.Fn gss_display_name +takes the gss name in +.Fa input_name +and put a printable form in +.Fa output_name_buffer . +.Fa output_name_buffer +should be freed when done using +.Fn gss_release_buffer . +.Fa output_name_type +can either be +.Dv NULL +or a pointer to a +.Li gss_OID +and will in the later case contain the OID type of the name. +The name should only be used for printing. +Access control should be done with the result of +.Fn gss_export_name . +.Pp +.Fn gss_sign , +.Fn gss_verify , +.Fn gss_seal , +and +.Fn gss_unseal +are part of the GSS-API V1 interface and are obsolete. The functions +should not be used for new applications. +They are provided so that version 1 applications can link against the +library. +.Pp +.Fn gss_krb5_copy_ccache +is an extension to the GSS-API API. +The function will extract the krb5 credential that are transfered from +the initiator to the acceptor when using token delegation in the +Kerberos mechanism. +The acceptor receives the delegated token in the last argument to +.Fn gss_accept_sec_context . +.Pp +.Nm gss_krb5_compat_des3_mic +turns on or off the compatibly with older version of Heimdal using +des3 get and verify mic, this is way to programmatically set the +[gssapi]broken_des3_mic and [gssapi]correct_des3_mic flags (see +COMPATIBILITY section in +.Xr gssapi 3 ) . +If the CPP symbol +.Dv GSS_C_KRB5_COMPAT_DES3_MIC +is present, +.Nm gss_krb5_compat_des3_mic +exists. +.Nm gss_krb5_compat_des3_mic +will be removed in a later version of the GSS-API library. +.Sh SEE ALSO +.Xr krb5 3 , +.Xr krb5_ccache 3 , +.Xr gssapi 3 , +.Xr kerberos 8 diff --git a/crypto/heimdal/lib/gssapi/gssapi.3 b/crypto/heimdal/lib/gssapi/gssapi.3 new file mode 100644 index 0000000..ff30042 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/gssapi.3 @@ -0,0 +1,158 @@ +.\" Copyright (c) 2003 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: gssapi.3,v 1.5.2.2 2003/04/30 09:56:26 lha Exp $ +.\" +.Dd January 23, 2003 +.Dt GSSAPI 3 +.Os +.Sh NAME +.Nm gssapi +.Nd Generic Security Service Application Program Interface library +.Sh LIBRARY +GSS-API Library (libgssapi, -lgssapi) +.Sh DESCRIPTION +The Generic Security Service Application Program Interface (GSS-API) +provides security services to callers in a generic fashion, +supportable with a range of underlying mechanisms and technologies and +hence allowing source-level portability of applications to different +environments. +.Sh LIST OF FUNCTIONS +These functions constitute the gssapi library, +.Em libgssapi . +Declarations for these functions may be obtained from the include file +.Pa gssapi.h . +.sp 2 +.nf +.ta \w'gss_inquire_names_for_mech'u+2n +\w'Description goes here'u +\fIName/Page\fP \fIDescription\fP +.ta \w'gss_inquire_names_for_mech'u+2n +\w'Description goes here'u+6nC +.sp 5p +gss_accept_sec_context.3 +gss_acquire_cred.3 +gss_add_cred.3 +gss_add_oid_set_member.3 +gss_canonicalize_name.3 +gss_compare_name.3 +gss_context_time.3 +gss_create_empty_oid_set.3 +gss_delete_sec_context.3 +gss_display_name.3 +gss_display_status.3 +gss_duplicate_name.3 +gss_export_name.3 +gss_export_sec_context.3 +gss_get_mic.3 +gss_import_name.3 +gss_import_sec_context.3 +gss_indicate_mechs.3 +gss_init_sec_context.3 +gss_inquire_context.3 +gss_inquire_cred.3 +gss_inquire_cred_by_mech.3 +gss_inquire_mechs_for_name.3 +gss_inquire_names_for_mech.3 +gss_krb5_copy_ccache.3 +gss_process_context_token.3 +gss_release_buffer.3 +gss_release_cred.3 +gss_release_name.3 +gss_release_oid_set.3 +gss_seal.3 +gss_sign.3 +gss_test_oid_set_member.3 +gss_unseal.3 +gss_unwrap.3 +gss_verify.3 +gss_verify_mic.3 +gss_wrap.3 +gss_wrap_size_limit.3 +.ta +.Fi +.Sh COMPATIBILITY +The +.Nm Heimdal +GSS-API implementation had a bug in releases before 0.6 that made it +fail to inter-operate when using DES3 with other GSS-API +implementations when using +.Fn gss_get_mic +/ +.Fn gss_verify_mic . +Its possible to modify the behavior of the generator of the MIC with +the +.Pa krb5.conf +configuration file so that old clients/servers will still +work. +.Pp +New clients/servers will try both the old and new MIC in Heimdal 0.6. +In 0.7 it will check only if configured and the compatibility code +will be removed in 0.8. +.Pp +Heimdal 0.6 still generates by default the broken GSS-API DES3 mic, +this will change in 0.7 to generate correct des3 mic. +.Pp +To turn on compatibility with older clients and servers, change the +.Nm [gssapi] +.Ar broken_des3_mic +in +.Pa krb5.conf +that contains a list of globbing expressions that will be matched +against the server name. +To turn off generation of the old (incompatible) mic of the MIC use +.Nm [gssapi] +.Ar correct_des3_mic . +.Pp +If a match for a entry is in both +.Nm [gssapi] +.Ar correct_des3_mic +and +.Nm [gssapi] +.Ar correct_des3_mic , +the later will override. +.Pp +This config option modifies behaviour for both clients and servers. +.Pp +Example: +.Bd -literal -offset indent +[gssapi] + broken_des3_mic = cvs/*@SU.SE + broken_des3_mic = host/*@E.KTH.SE + correct_des3_mic = host/*@SU.SE +.Ed +.Sh BUGS +All of 0.5.x versions of +.Nm heimdal +had broken token delegations in the client side, the server side was +correct. +.Sh SEE ALSO +.Xr krb5 3 , +.Xr krb5.conf 5 , +.Xr kerberos 8 diff --git a/crypto/heimdal/lib/gssapi/gssapi.h b/crypto/heimdal/lib/gssapi/gssapi.h index 82d4056..12ac426 100644 --- a/crypto/heimdal/lib/gssapi/gssapi.h +++ b/crypto/heimdal/lib/gssapi/gssapi.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: gssapi.h,v 1.21 2001/05/04 13:52:02 assar Exp $ */ +/* $Id: gssapi.h,v 1.26.2.2 2003/05/07 11:12:21 lha Exp $ */ #ifndef GSSAPI_H_ #define GSSAPI_H_ @@ -67,8 +67,10 @@ typedef struct gss_ctx_id_t_desc_struct { struct krb5_auth_context_data *auth_context; gss_name_t source, target; OM_uint32 flags; - enum { LOCAL = 1, OPEN = 2} more_flags; + enum { LOCAL = 1, OPEN = 2, + COMPAT_OLD_DES3 = 4, COMPAT_OLD_DES3_SELECTED = 8 } more_flags; struct krb5_ticket *ticket; + time_t lifetime; } gss_ctx_id_t_desc; typedef gss_ctx_id_t_desc *gss_ctx_id_t; @@ -211,6 +213,10 @@ typedef OM_uint32 gss_qop_t; */ #define GSS_C_INDEFINITE 0xfffffffful +#ifdef __cplusplus +extern "C" { +#endif + /* * The implementation must reserve static storage for a * gss_OID_desc object containing the value @@ -449,267 +455,267 @@ extern gss_OID GSS_KRB5_MECHANISM; */ OM_uint32 gss_acquire_cred - (OM_uint32 * minor_status, - const gss_name_t desired_name, - OM_uint32 time_req, - const gss_OID_set desired_mechs, - gss_cred_usage_t cred_usage, - gss_cred_id_t * output_cred_handle, - gss_OID_set * actual_mechs, - OM_uint32 * time_rec + (OM_uint32 * /*minor_status*/, + const gss_name_t /*desired_name*/, + OM_uint32 /*time_req*/, + const gss_OID_set /*desired_mechs*/, + gss_cred_usage_t /*cred_usage*/, + gss_cred_id_t * /*output_cred_handle*/, + gss_OID_set * /*actual_mechs*/, + OM_uint32 * /*time_rec*/ ); OM_uint32 gss_release_cred - (OM_uint32 * minor_status, - gss_cred_id_t * cred_handle + (OM_uint32 * /*minor_status*/, + gss_cred_id_t * /*cred_handle*/ ); OM_uint32 gss_init_sec_context - (OM_uint32 * minor_status, - const gss_cred_id_t initiator_cred_handle, - gss_ctx_id_t * context_handle, - const gss_name_t target_name, - const gss_OID mech_type, - OM_uint32 req_flags, - OM_uint32 time_req, - const gss_channel_bindings_t input_chan_bindings, - const gss_buffer_t input_token, - gss_OID * actual_mech_type, - gss_buffer_t output_token, - OM_uint32 * ret_flags, - OM_uint32 * time_rec + (OM_uint32 * /*minor_status*/, + const gss_cred_id_t /*initiator_cred_handle*/, + gss_ctx_id_t * /*context_handle*/, + const gss_name_t /*target_name*/, + const gss_OID /*mech_type*/, + OM_uint32 /*req_flags*/, + OM_uint32 /*time_req*/, + const gss_channel_bindings_t /*input_chan_bindings*/, + const gss_buffer_t /*input_token*/, + gss_OID * /*actual_mech_type*/, + gss_buffer_t /*output_token*/, + OM_uint32 * /*ret_flags*/, + OM_uint32 * /*time_rec*/ ); OM_uint32 gss_accept_sec_context - (OM_uint32 * minor_status, - gss_ctx_id_t * context_handle, - const gss_cred_id_t acceptor_cred_handle, - const gss_buffer_t input_token_buffer, - const gss_channel_bindings_t input_chan_bindings, - gss_name_t * src_name, - gss_OID * mech_type, - gss_buffer_t output_token, - OM_uint32 * ret_flags, - OM_uint32 * time_rec, - gss_cred_id_t * delegated_cred_handle + (OM_uint32 * /*minor_status*/, + gss_ctx_id_t * /*context_handle*/, + const gss_cred_id_t /*acceptor_cred_handle*/, + const gss_buffer_t /*input_token_buffer*/, + const gss_channel_bindings_t /*input_chan_bindings*/, + gss_name_t * /*src_name*/, + gss_OID * /*mech_type*/, + gss_buffer_t /*output_token*/, + OM_uint32 * /*ret_flags*/, + OM_uint32 * /*time_rec*/, + gss_cred_id_t * /*delegated_cred_handle*/ ); OM_uint32 gss_process_context_token - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - const gss_buffer_t token_buffer + (OM_uint32 * /*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + const gss_buffer_t /*token_buffer*/ ); OM_uint32 gss_delete_sec_context - (OM_uint32 * minor_status, - gss_ctx_id_t * context_handle, - gss_buffer_t output_token + (OM_uint32 * /*minor_status*/, + gss_ctx_id_t * /*context_handle*/, + gss_buffer_t /*output_token*/ ); OM_uint32 gss_context_time - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - OM_uint32 * time_rec + (OM_uint32 * /*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + OM_uint32 * /*time_rec*/ ); OM_uint32 gss_get_mic - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - gss_qop_t qop_req, - const gss_buffer_t message_buffer, - gss_buffer_t message_token + (OM_uint32 * /*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + gss_qop_t /*qop_req*/, + const gss_buffer_t /*message_buffer*/, + gss_buffer_t /*message_token*/ ); OM_uint32 gss_verify_mic - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - const gss_buffer_t message_buffer, - const gss_buffer_t token_buffer, - gss_qop_t * qop_state + (OM_uint32 * /*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + const gss_buffer_t /*message_buffer*/, + const gss_buffer_t /*token_buffer*/, + gss_qop_t * /*qop_state*/ ); OM_uint32 gss_wrap - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - int conf_req_flag, - gss_qop_t qop_req, - const gss_buffer_t input_message_buffer, - int * conf_state, - gss_buffer_t output_message_buffer + (OM_uint32 * /*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + int /*conf_req_flag*/, + gss_qop_t /*qop_req*/, + const gss_buffer_t /*input_message_buffer*/, + int * /*conf_state*/, + gss_buffer_t /*output_message_buffer*/ ); OM_uint32 gss_unwrap - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - const gss_buffer_t input_message_buffer, - gss_buffer_t output_message_buffer, - int * conf_state, - gss_qop_t * qop_state + (OM_uint32 * /*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + const gss_buffer_t /*input_message_buffer*/, + gss_buffer_t /*output_message_buffer*/, + int * /*conf_state*/, + gss_qop_t * /*qop_state*/ ); OM_uint32 gss_display_status - (OM_uint32 * minor_status, - OM_uint32 status_value, - int status_type, - const gss_OID mech_type, - OM_uint32 * message_context, - gss_buffer_t status_string + (OM_uint32 * /*minor_status*/, + OM_uint32 /*status_value*/, + int /*status_type*/, + const gss_OID /*mech_type*/, + OM_uint32 * /*message_context*/, + gss_buffer_t /*status_string*/ ); OM_uint32 gss_indicate_mechs - (OM_uint32 * minor_status, - gss_OID_set * mech_set + (OM_uint32 * /*minor_status*/, + gss_OID_set * /*mech_set*/ ); OM_uint32 gss_compare_name - (OM_uint32 * minor_status, - const gss_name_t name1, - const gss_name_t name2, - int * name_equal + (OM_uint32 * /*minor_status*/, + const gss_name_t /*name1*/, + const gss_name_t /*name2*/, + int * /*name_equal*/ ); OM_uint32 gss_display_name - (OM_uint32 * minor_status, - const gss_name_t input_name, - gss_buffer_t output_name_buffer, - gss_OID * output_name_type + (OM_uint32 * /*minor_status*/, + const gss_name_t /*input_name*/, + gss_buffer_t /*output_name_buffer*/, + gss_OID * /*output_name_type*/ ); OM_uint32 gss_import_name - (OM_uint32 * minor_status, - const gss_buffer_t input_name_buffer, - const gss_OID input_name_type, - gss_name_t * output_name + (OM_uint32 * /*minor_status*/, + const gss_buffer_t /*input_name_buffer*/, + const gss_OID /*input_name_type*/, + gss_name_t * /*output_name*/ ); OM_uint32 gss_export_name - (OM_uint32 * minor_status, - const gss_name_t input_name, - gss_buffer_t exported_name + (OM_uint32 * /*minor_status*/, + const gss_name_t /*input_name*/, + gss_buffer_t /*exported_name*/ ); OM_uint32 gss_release_name - (OM_uint32 * minor_status, - gss_name_t * input_name + (OM_uint32 * /*minor_status*/, + gss_name_t * /*input_name*/ ); OM_uint32 gss_release_buffer - (OM_uint32 * minor_status, - gss_buffer_t buffer + (OM_uint32 * /*minor_status*/, + gss_buffer_t /*buffer*/ ); OM_uint32 gss_release_oid_set - (OM_uint32 * minor_status, - gss_OID_set * set + (OM_uint32 * /*minor_status*/, + gss_OID_set * /*set*/ ); OM_uint32 gss_inquire_cred - (OM_uint32 * minor_status, - const gss_cred_id_t cred_handle, - gss_name_t * name, - OM_uint32 * lifetime, - gss_cred_usage_t * cred_usage, - gss_OID_set * mechanisms + (OM_uint32 * /*minor_status*/, + const gss_cred_id_t /*cred_handle*/, + gss_name_t * /*name*/, + OM_uint32 * /*lifetime*/, + gss_cred_usage_t * /*cred_usage*/, + gss_OID_set * /*mechanisms*/ ); OM_uint32 gss_inquire_context ( - OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - gss_name_t * src_name, - gss_name_t * targ_name, - OM_uint32 * lifetime_rec, - gss_OID * mech_type, - OM_uint32 * ctx_flags, - int * locally_initiated, - int * open + OM_uint32 * /*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + gss_name_t * /*src_name*/, + gss_name_t * /*targ_name*/, + OM_uint32 * /*lifetime_rec*/, + gss_OID * /*mech_type*/, + OM_uint32 * /*ctx_flags*/, + int * /*locally_initiated*/, + int * /*open_context*/ ); OM_uint32 gss_wrap_size_limit ( - OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - int conf_req_flag, - gss_qop_t qop_req, - OM_uint32 req_output_size, - OM_uint32 * max_input_size + OM_uint32 * /*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + int /*conf_req_flag*/, + gss_qop_t /*qop_req*/, + OM_uint32 /*req_output_size*/, + OM_uint32 * /*max_input_size*/ ); OM_uint32 gss_add_cred ( - OM_uint32 * minor_status, - const gss_cred_id_t input_cred_handle, - const gss_name_t desired_name, - const gss_OID desired_mech, - gss_cred_usage_t cred_usage, - OM_uint32 initiator_time_req, - OM_uint32 acceptor_time_req, - gss_cred_id_t * output_cred_handle, - gss_OID_set * actual_mechs, - OM_uint32 * initiator_time_rec, - OM_uint32 * acceptor_time_rec + OM_uint32 * /*minor_status*/, + const gss_cred_id_t /*input_cred_handle*/, + const gss_name_t /*desired_name*/, + const gss_OID /*desired_mech*/, + gss_cred_usage_t /*cred_usage*/, + OM_uint32 /*initiator_time_req*/, + OM_uint32 /*acceptor_time_req*/, + gss_cred_id_t * /*output_cred_handle*/, + gss_OID_set * /*actual_mechs*/, + OM_uint32 * /*initiator_time_rec*/, + OM_uint32 * /*acceptor_time_rec*/ ); OM_uint32 gss_inquire_cred_by_mech ( - OM_uint32 * minor_status, - const gss_cred_id_t cred_handle, - const gss_OID mech_type, - gss_name_t * name, - OM_uint32 * initiator_lifetime, - OM_uint32 * acceptor_lifetime, - gss_cred_usage_t * cred_usage + OM_uint32 * /*minor_status*/, + const gss_cred_id_t /*cred_handle*/, + const gss_OID /*mech_type*/, + gss_name_t * /*name*/, + OM_uint32 * /*initiator_lifetime*/, + OM_uint32 * /*acceptor_lifetime*/, + gss_cred_usage_t * /*cred_usage*/ ); OM_uint32 gss_export_sec_context ( - OM_uint32 * minor_status, - gss_ctx_id_t * context_handle, - gss_buffer_t interprocess_token + OM_uint32 * /*minor_status*/, + gss_ctx_id_t * /*context_handle*/, + gss_buffer_t /*interprocess_token*/ ); OM_uint32 gss_import_sec_context ( - OM_uint32 * minor_status, - const gss_buffer_t interprocess_token, - gss_ctx_id_t * context_handle + OM_uint32 * /*minor_status*/, + const gss_buffer_t /*interprocess_token*/, + gss_ctx_id_t * /*context_handle*/ ); OM_uint32 gss_create_empty_oid_set ( - OM_uint32 * minor_status, - gss_OID_set * oid_set + OM_uint32 * /*minor_status*/, + gss_OID_set * /*oid_set*/ ); OM_uint32 gss_add_oid_set_member ( - OM_uint32 * minor_status, - const gss_OID member_oid, - gss_OID_set * oid_set + OM_uint32 * /*minor_status*/, + const gss_OID /*member_oid*/, + gss_OID_set * /*oid_set*/ ); OM_uint32 gss_test_oid_set_member ( - OM_uint32 * minor_status, - const gss_OID member, - const gss_OID_set set, - int * present + OM_uint32 * /*minor_status*/, + const gss_OID /*member*/, + const gss_OID_set /*set*/, + int * /*present*/ ); OM_uint32 gss_inquire_names_for_mech ( - OM_uint32 * minor_status, - const gss_OID mechanism, - gss_OID_set * name_types + OM_uint32 * /*minor_status*/, + const gss_OID /*mechanism*/, + gss_OID_set * /*name_types*/ ); OM_uint32 gss_inquire_mechs_for_name ( - OM_uint32 * minor_status, - const gss_name_t input_name, - gss_OID_set * mech_types + OM_uint32 * /*minor_status*/, + const gss_name_t /*input_name*/, + gss_OID_set * /*mech_types*/ ); OM_uint32 gss_canonicalize_name ( - OM_uint32 * minor_status, - const gss_name_t input_name, - const gss_OID mech_type, - gss_name_t * output_name + OM_uint32 * /*minor_status*/, + const gss_name_t /*input_name*/, + const gss_OID /*mech_type*/, + gss_name_t * /*output_name*/ ); OM_uint32 gss_duplicate_name ( - OM_uint32 * minor_status, - const gss_name_t src_name, - gss_name_t * dest_name + OM_uint32 * /*minor_status*/, + const gss_name_t /*src_name*/, + gss_name_t * /*dest_name*/ ); /* @@ -724,38 +730,38 @@ OM_uint32 gss_duplicate_name ( */ OM_uint32 gss_sign - (OM_uint32 * minor_status, - gss_ctx_id_t context_handle, - int qop_req, - gss_buffer_t message_buffer, - gss_buffer_t message_token + (OM_uint32 * /*minor_status*/, + gss_ctx_id_t /*context_handle*/, + int /*qop_req*/, + gss_buffer_t /*message_buffer*/, + gss_buffer_t /*message_token*/ ); OM_uint32 gss_verify - (OM_uint32 * minor_status, - gss_ctx_id_t context_handle, - gss_buffer_t message_buffer, - gss_buffer_t token_buffer, - int * qop_state + (OM_uint32 * /*minor_status*/, + gss_ctx_id_t /*context_handle*/, + gss_buffer_t /*message_buffer*/, + gss_buffer_t /*token_buffer*/, + int * /*qop_state*/ ); OM_uint32 gss_seal - (OM_uint32 * minor_status, - gss_ctx_id_t context_handle, - int conf_req_flag, - int qop_req, - gss_buffer_t input_message_buffer, - int * conf_state, - gss_buffer_t output_message_buffer + (OM_uint32 * /*minor_status*/, + gss_ctx_id_t /*context_handle*/, + int /*conf_req_flag*/, + int /*qop_req*/, + gss_buffer_t /*input_message_buffer*/, + int * /*conf_state*/, + gss_buffer_t /*output_message_buffer*/ ); OM_uint32 gss_unseal - (OM_uint32 * minor_status, - gss_ctx_id_t context_handle, - gss_buffer_t input_message_buffer, - gss_buffer_t output_message_buffer, - int * conf_state, - int * qop_state + (OM_uint32 * /*minor_status*/, + gss_ctx_id_t /*context_handle*/, + gss_buffer_t /*input_message_buffer*/, + gss_buffer_t /*output_message_buffer*/, + int * /*conf_state*/, + int * /*qop_state*/ ); /* @@ -763,11 +769,20 @@ OM_uint32 gss_unseal */ OM_uint32 gsskrb5_register_acceptor_identity - (char *identity); + (const char */*identity*/); OM_uint32 gss_krb5_copy_ccache - (OM_uint32 *minor, - gss_cred_id_t cred, - struct krb5_ccache_data *out); + (OM_uint32 */*minor*/, + gss_cred_id_t /*cred*/, + struct krb5_ccache_data */*out*/); + +#define GSS_C_KRB5_COMPAT_DES3_MIC 1 + +OM_uint32 +gss_krb5_compat_des3_mic(OM_uint32 *, gss_ctx_id_t, int); + +#ifdef __cplusplus +} +#endif #endif /* GSSAPI_H_ */ diff --git a/crypto/heimdal/lib/gssapi/gssapi_locl.h b/crypto/heimdal/lib/gssapi/gssapi_locl.h index 65bd273..a27b27a 100644 --- a/crypto/heimdal/lib/gssapi/gssapi_locl.h +++ b/crypto/heimdal/lib/gssapi/gssapi_locl.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: gssapi_locl.h,v 1.21 2001/08/29 02:21:09 assar Exp $ */ +/* $Id: gssapi_locl.h,v 1.24 2003/03/16 17:30:15 lha Exp $ */ #ifndef GSSAPI_LOCL_H #define GSSAPI_LOCL_H @@ -50,6 +50,14 @@ extern krb5_keytab gssapi_krb5_keytab; krb5_error_code gssapi_krb5_init (void); +#define GSSAPI_KRB5_INIT() do { \ + krb5_error_code kret; \ + if((kret = gssapi_krb5_init ()) != 0) { \ + *minor_status = kret; \ + return GSS_S_FAILURE; \ + } \ +} while (0) + OM_uint32 gssapi_krb5_create_8003_checksum ( OM_uint32 *minor_status, @@ -96,6 +104,14 @@ gssapi_krb5_verify_header(u_char **str, char *type); OM_uint32 +gss_verify_mic_internal(OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + const gss_buffer_t message_buffer, + const gss_buffer_t token_buffer, + gss_qop_t * qop_state, + char * type); + +OM_uint32 gss_krb5_get_remotekey(const gss_ctx_id_t context_handle, krb5_keyblock **key); @@ -117,10 +133,16 @@ gss_address_to_krb5addr(OM_uint32 gss_addr_type, #define SC_LOCAL_SUBKEY 0x08 #define SC_REMOTE_SUBKEY 0x10 +int +gss_oid_equal(const gss_OID a, const gss_OID b); + void gssapi_krb5_set_error_string (void); char * gssapi_krb5_get_error_string (void); +OM_uint32 +_gss_DES3_get_mic_compat(OM_uint32 *minor_status, gss_ctx_id_t ctx); + #endif diff --git a/crypto/heimdal/lib/gssapi/import_name.c b/crypto/heimdal/lib/gssapi/import_name.c index 2f2ec1a..423e757 100644 --- a/crypto/heimdal/lib/gssapi/import_name.c +++ b/crypto/heimdal/lib/gssapi/import_name.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,14 +33,36 @@ #include "gssapi_locl.h" -RCSID("$Id: import_name.c,v 1.11 2002/06/20 20:05:42 nectar Exp $"); +RCSID("$Id: import_name.c,v 1.13 2003/03/16 17:33:31 lha Exp $"); + +static OM_uint32 +parse_krb5_name (OM_uint32 *minor_status, + const char *name, + gss_name_t *output_name) +{ + krb5_error_code kerr; + + kerr = krb5_parse_name (gssapi_krb5_context, name, output_name); + + if (kerr == 0) + return GSS_S_COMPLETE; + else if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED) { + gssapi_krb5_set_error_string (); + *minor_status = kerr; + return GSS_S_BAD_NAME; + } else { + gssapi_krb5_set_error_string (); + *minor_status = kerr; + return GSS_S_FAILURE; + } +} static OM_uint32 import_krb5_name (OM_uint32 *minor_status, const gss_buffer_t input_name_buffer, gss_name_t *output_name) { - krb5_error_code kerr; + OM_uint32 ret; char *tmp; tmp = malloc (input_name_buffer->length + 1); @@ -53,21 +75,10 @@ import_krb5_name (OM_uint32 *minor_status, input_name_buffer->length); tmp[input_name_buffer->length] = '\0'; - kerr = krb5_parse_name (gssapi_krb5_context, - tmp, - output_name); - free (tmp); - if (kerr == 0) - return GSS_S_COMPLETE; - else if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED) { - gssapi_krb5_set_error_string (); - *minor_status = kerr; - return GSS_S_BAD_NAME; - } else { - gssapi_krb5_set_error_string (); - *minor_status = kerr; - return GSS_S_FAILURE; - } + ret = parse_krb5_name(minor_status, tmp, output_name); + free(tmp); + + return ret; } static OM_uint32 @@ -81,6 +92,8 @@ import_hostbased_name (OM_uint32 *minor_status, char *host; char local_hostname[MAXHOSTNAMELEN]; + *output_name = NULL; + tmp = malloc (input_name_buffer->length + 1); if (tmp == NULL) { *minor_status = ENOMEM; @@ -124,8 +137,55 @@ import_hostbased_name (OM_uint32 *minor_status, } } -static int -oid_equal(const gss_OID a, const gss_OID b) +static OM_uint32 +import_export_name (OM_uint32 *minor_status, + const gss_buffer_t input_name_buffer, + gss_name_t *output_name) +{ + unsigned char *p; + uint32_t length; + OM_uint32 ret; + char *name; + + if (input_name_buffer->length < 10 + GSS_KRB5_MECHANISM->length) + return GSS_S_BAD_NAME; + + /* TOK, MECH_OID_LEN, DER(MECH_OID), NAME_LEN, NAME */ + + p = input_name_buffer->value; + + if (memcmp(&p[0], "\x04\x01\x00", 3) != 0 || + p[3] != GSS_KRB5_MECHANISM->length + 2 || + p[4] != 0x06 || + p[5] != GSS_KRB5_MECHANISM->length || + memcmp(&p[6], GSS_KRB5_MECHANISM->elements, + GSS_KRB5_MECHANISM->length) != 0) + return GSS_S_BAD_NAME; + + p += 6 + GSS_KRB5_MECHANISM->length; + + length = p[0] << 24 | p[1] << 16 | p[2] << 8 | p[3]; + p += 4; + + if (length > input_name_buffer->length - 10 - GSS_KRB5_MECHANISM->length) + return GSS_S_BAD_NAME; + + name = malloc(length + 1); + if (name == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + memcpy(name, p, length); + name[length] = '\0'; + + ret = parse_krb5_name(minor_status, name, output_name); + free(name); + + return ret; +} + +int +gss_oid_equal(const gss_OID a, const gss_OID b) { if (a == b) return 1; @@ -142,20 +202,27 @@ OM_uint32 gss_import_name gss_name_t * output_name ) { - gssapi_krb5_init (); + GSSAPI_KRB5_INIT (); - if (oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE)) + *minor_status = 0; + *output_name = GSS_C_NO_NAME; + + if (gss_oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE)) return import_hostbased_name (minor_status, input_name_buffer, output_name); - else if (input_name_type == GSS_C_NO_OID - || oid_equal(input_name_type, GSS_C_NT_USER_NAME) - || oid_equal(input_name_type, GSS_KRB5_NT_PRINCIPAL_NAME)) + else if (gss_oid_equal(input_name_type, GSS_C_NO_OID) + || gss_oid_equal(input_name_type, GSS_C_NT_USER_NAME) + || gss_oid_equal(input_name_type, GSS_KRB5_NT_PRINCIPAL_NAME)) /* default printable syntax */ return import_krb5_name (minor_status, input_name_buffer, output_name); - else { + else if (gss_oid_equal(input_name_type, GSS_C_NT_EXPORT_NAME)) { + return import_export_name(minor_status, + input_name_buffer, + output_name); + } else { *minor_status = 0; return GSS_S_BAD_NAMETYPE; } diff --git a/crypto/heimdal/lib/gssapi/import_sec_context.c b/crypto/heimdal/lib/gssapi/import_sec_context.c index c84f3b6..2daa573 100644 --- a/crypto/heimdal/lib/gssapi/import_sec_context.c +++ b/crypto/heimdal/lib/gssapi/import_sec_context.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: import_sec_context.c,v 1.5 2001/05/11 09:16:46 assar Exp $"); +RCSID("$Id: import_sec_context.c,v 1.7 2003/03/16 18:01:32 lha Exp $"); OM_uint32 gss_import_sec_context ( @@ -55,7 +55,9 @@ gss_import_sec_context ( int32_t flags; OM_uint32 minor; - gssapi_krb5_init (); + GSSAPI_KRB5_INIT (); + + localp = remotep = NULL; sp = krb5_storage_from_mem (interprocess_token->value, interprocess_token->length); @@ -83,99 +85,113 @@ gss_import_sec_context ( /* flags */ - krb5_ret_int32 (sp, &flags); + *minor_status = 0; + + if (krb5_ret_int32 (sp, &flags) != 0) + goto failure; /* retrieve the auth context */ ac = (*context_handle)->auth_context; krb5_ret_int32 (sp, &ac->flags); - if (flags & SC_LOCAL_ADDRESS) - krb5_ret_address (sp, localp = &local); - else - localp = NULL; - if (flags & SC_REMOTE_ADDRESS) - krb5_ret_address (sp, remotep = &remote); - else - remotep = NULL; + if (flags & SC_LOCAL_ADDRESS) { + if (krb5_ret_address (sp, localp = &local) != 0) + goto failure; + } + + if (flags & SC_REMOTE_ADDRESS) { + if (krb5_ret_address (sp, remotep = &remote) != 0) + goto failure; + } + krb5_auth_con_setaddrs (gssapi_krb5_context, ac, localp, remotep); if (localp) krb5_free_address (gssapi_krb5_context, localp); if (remotep) krb5_free_address (gssapi_krb5_context, remotep); - krb5_ret_int16 (sp, &ac->local_port); - krb5_ret_int16 (sp, &ac->remote_port); + localp = remotep = NULL; + + if (krb5_ret_int16 (sp, &ac->local_port) != 0) + goto failure; + + if (krb5_ret_int16 (sp, &ac->remote_port) != 0) + goto failure; if (flags & SC_KEYBLOCK) { - krb5_ret_keyblock (sp, &keyblock); + if (krb5_ret_keyblock (sp, &keyblock) != 0) + goto failure; krb5_auth_con_setkey (gssapi_krb5_context, ac, &keyblock); krb5_free_keyblock_contents (gssapi_krb5_context, &keyblock); } if (flags & SC_LOCAL_SUBKEY) { - krb5_ret_keyblock (sp, &keyblock); + if (krb5_ret_keyblock (sp, &keyblock) != 0) + goto failure; krb5_auth_con_setlocalsubkey (gssapi_krb5_context, ac, &keyblock); krb5_free_keyblock_contents (gssapi_krb5_context, &keyblock); } if (flags & SC_REMOTE_SUBKEY) { - krb5_ret_keyblock (sp, &keyblock); + if (krb5_ret_keyblock (sp, &keyblock) != 0) + goto failure; krb5_auth_con_setremotesubkey (gssapi_krb5_context, ac, &keyblock); krb5_free_keyblock_contents (gssapi_krb5_context, &keyblock); } - krb5_ret_int32 (sp, &ac->local_seqnumber); - krb5_ret_int32 (sp, &ac->remote_seqnumber); - -#if 0 - { - size_t sz; - - krb5_ret_data (sp, &data); - ac->authenticator = malloc (sizeof (*ac->authenticator)); - if (ac->authenticator == NULL) { - *minor_status = ENOMEM; - ret = GSS_S_FAILURE; - goto failure; - } - - kret = decode_Authenticator (data.data, data.length, - ac->authenticator, &sz); - krb5_data_free (&data); - if (kret) { - *minor_status = kret; - ret = GSS_S_FAILURE; - goto failure; - } - } -#endif + if (krb5_ret_int32 (sp, &ac->local_seqnumber)) + goto failure; + if (krb5_ret_int32 (sp, &ac->remote_seqnumber)) + goto failure; - krb5_ret_int32 (sp, &tmp); + if (krb5_ret_int32 (sp, &tmp) != 0) + goto failure; ac->keytype = tmp; - krb5_ret_int32 (sp, &tmp); + if (krb5_ret_int32 (sp, &tmp) != 0) + goto failure; ac->cksumtype = tmp; /* names */ - krb5_ret_data (sp, &data); + if (krb5_ret_data (sp, &data)) + goto failure; buffer.value = data.data; buffer.length = data.length; - ret = gss_import_name (minor_status, &buffer, GSS_C_NO_OID, + ret = gss_import_name (minor_status, &buffer, GSS_C_NT_EXPORT_NAME, &(*context_handle)->source); + if (ret) { + ret = gss_import_name (minor_status, &buffer, GSS_C_NO_OID, + &(*context_handle)->source); + if (ret) { + krb5_data_free (&data); + goto failure; + } + } krb5_data_free (&data); - if (ret) - goto failure; - krb5_ret_data (sp, &data); + if (krb5_ret_data (sp, &data) != 0) + goto failure; buffer.value = data.data; buffer.length = data.length; - ret = gss_import_name (minor_status, &buffer, GSS_C_NO_OID, + ret = gss_import_name (minor_status, &buffer, GSS_C_NT_EXPORT_NAME, &(*context_handle)->target); + if (ret) { + ret = gss_import_name (minor_status, &buffer, GSS_C_NO_OID, + &(*context_handle)->target); + if (ret) { + krb5_data_free (&data); + goto failure; + } + } krb5_data_free (&data); - if (ret) - goto failure; - krb5_ret_int32 (sp, &tmp); + if (krb5_ret_int32 (sp, &tmp)) + goto failure; (*context_handle)->flags = tmp; - krb5_ret_int32 (sp, &tmp); + if (krb5_ret_int32 (sp, &tmp)) + goto failure; (*context_handle)->more_flags = tmp; + if (krb5_ret_int32 (sp, &tmp) == 0) + (*context_handle)->lifetime = tmp; + else + (*context_handle)->lifetime = GSS_C_INDEFINITE; return GSS_S_COMPLETE; @@ -186,6 +202,10 @@ failure: gss_release_name(&minor, &(*context_handle)->source); if ((*context_handle)->target != NULL) gss_release_name(&minor, &(*context_handle)->target); + if (localp) + krb5_free_address (gssapi_krb5_context, localp); + if (remotep) + krb5_free_address (gssapi_krb5_context, remotep); free (*context_handle); *context_handle = GSS_C_NO_CONTEXT; return ret; diff --git a/crypto/heimdal/lib/gssapi/indicate_mechs.c b/crypto/heimdal/lib/gssapi/indicate_mechs.c index c77d177..89191bb 100644 --- a/crypto/heimdal/lib/gssapi/indicate_mechs.c +++ b/crypto/heimdal/lib/gssapi/indicate_mechs.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,25 +33,23 @@ #include "gssapi_locl.h" -RCSID("$Id: indicate_mechs.c,v 1.4 2001/02/18 03:39:09 assar Exp $"); +RCSID("$Id: indicate_mechs.c,v 1.5 2003/03/16 17:38:20 lha Exp $"); OM_uint32 gss_indicate_mechs (OM_uint32 * minor_status, gss_OID_set * mech_set ) { - *mech_set = malloc(sizeof(**mech_set)); - if (*mech_set == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - (*mech_set)->count = 1; - (*mech_set)->elements = malloc((*mech_set)->count * sizeof(gss_OID_desc)); - if ((*mech_set)->elements == NULL) { - free (*mech_set); - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - (*mech_set)->elements[0] = *GSS_KRB5_MECHANISM; + OM_uint32 ret; + + ret = gss_create_empty_oid_set(minor_status, mech_set); + if (ret) + return ret; + + ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, mech_set); + if (ret) + return ret; + + *minor_status = 0; return GSS_S_COMPLETE; } diff --git a/crypto/heimdal/lib/gssapi/init_sec_context.c b/crypto/heimdal/lib/gssapi/init_sec_context.c index 2cef3a9..6473038 100644 --- a/crypto/heimdal/lib/gssapi/init_sec_context.c +++ b/crypto/heimdal/lib/gssapi/init_sec_context.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: init_sec_context.c,v 1.31 2002/09/02 17:16:12 joda Exp $"); +RCSID("$Id: init_sec_context.c,v 1.36 2003/03/16 18:00:00 lha Exp $"); /* * copy the addresses from `input_chan_bindings' (if any) to @@ -111,21 +111,11 @@ do_delegation (krb5_auth_context ac, { krb5_creds creds; krb5_kdc_flags fwd_flags; - krb5_keyblock *subkey; krb5_error_code kret; memset (&creds, 0, sizeof(creds)); krb5_data_zero (fwd_data); - kret = krb5_generate_subkey (gssapi_krb5_context, &cred->session, &subkey); - if (kret) - goto out; - - kret = krb5_auth_con_setlocalsubkey(gssapi_krb5_context, ac, subkey); - krb5_free_keyblock (gssapi_krb5_context, subkey); - if (kret) - goto out; - kret = krb5_cc_get_principal(gssapi_krb5_context, ccache, &creds.client); if (kret) goto out; @@ -204,9 +194,6 @@ init_auth krb5_enctype enctype; krb5_data fwd_data; - output_token->length = 0; - output_token->value = NULL; - krb5_data_zero(&outbuf); krb5_data_zero(&fwd_data); @@ -224,6 +211,7 @@ init_auth (*context_handle)->flags = 0; (*context_handle)->more_flags = 0; (*context_handle)->ticket = NULL; + (*context_handle)->lifetime = GSS_C_INDEFINITE; kret = krb5_auth_con_init (gssapi_krb5_context, &(*context_handle)->auth_context); @@ -288,10 +276,15 @@ init_auth goto failure; } + ret = _gss_DES3_get_mic_compat(minor_status, *context_handle); + if (ret) + goto failure; + + memset(&this_cred, 0, sizeof(this_cred)); this_cred.client = (*context_handle)->source; this_cred.server = (*context_handle)->target; - if (time_req) { + if (time_req && time_req != GSS_C_INDEFINITE) { krb5_timestamp ts; krb5_timeofday (gssapi_krb5_context, &ts); @@ -313,10 +306,22 @@ init_auth goto failure; } + (*context_handle)->lifetime = cred->times.endtime; + krb5_auth_con_setkey(gssapi_krb5_context, (*context_handle)->auth_context, &cred->session); + kret = krb5_auth_con_generatelocalsubkey(gssapi_krb5_context, + (*context_handle)->auth_context, + &cred->session); + if(kret) { + gssapi_krb5_set_error_string (); + *minor_status = kret; + ret = GSS_S_FAILURE; + goto failure; + } + flags = 0; ap_options = 0; if (req_flags & GSS_C_DELEG_FLAG) @@ -342,7 +347,7 @@ init_auth if (ret_flags) *ret_flags = flags; (*context_handle)->flags = flags; - (*context_handle)->more_flags = LOCAL; + (*context_handle)->more_flags |= LOCAL; ret = gssapi_krb5_create_8003_checksum (minor_status, input_chan_bindings, @@ -367,16 +372,6 @@ init_auth } #endif - kret = krb5_auth_con_generatelocalsubkey(gssapi_krb5_context, - (*context_handle)->auth_context, - &cred->session); - if(kret) { - gssapi_krb5_set_error_string (); - *minor_status = kret; - ret = GSS_S_FAILURE; - goto failure; - } - kret = krb5_build_authenticator (gssapi_krb5_context, (*context_handle)->auth_context, enctype, @@ -417,6 +412,9 @@ init_auth if (flags & GSS_C_MUTUAL_FLAG) { return GSS_S_CONTINUE_NEEDED; } else { + if (time_rec) + *time_rec = (*context_handle)->lifetime; + (*context_handle)->more_flags |= OPEN; return GSS_S_COMPLETE; } @@ -458,6 +456,12 @@ repl_mutual krb5_data indata; krb5_ap_rep_enc_part *repl; + output_token->length = 0; + output_token->value = NULL; + + if (actual_mech_type) + *actual_mech_type = GSS_KRB5_MECHANISM; + ret = gssapi_krb5_decapsulate (minor_status, input_token, &indata, "\x02\x00"); if (ret) @@ -476,10 +480,14 @@ repl_mutual krb5_free_ap_rep_enc_part (gssapi_krb5_context, repl); - output_token->length = 0; - (*context_handle)->more_flags |= OPEN; + + if (time_rec) + *time_rec = (*context_handle)->lifetime; + if (ret_flags) + *ret_flags = (*context_handle)->flags; + *minor_status = 0; return GSS_S_COMPLETE; } @@ -503,7 +511,22 @@ OM_uint32 gss_init_sec_context OM_uint32 * time_rec ) { - gssapi_krb5_init (); + GSSAPI_KRB5_INIT (); + + output_token->length = 0; + output_token->value = NULL; + + if (ret_flags) + *ret_flags = 0; + if (time_rec) + *time_rec = 0; + + if (target_name == GSS_C_NO_NAME) { + if (actual_mech_type) + *actual_mech_type = GSS_C_NO_OID; + *minor_status = 0; + return GSS_S_BAD_NAME; + } if (input_token == GSS_C_NO_BUFFER || input_token->length == 0) return init_auth (minor_status, diff --git a/crypto/heimdal/lib/gssapi/inquire_context.c b/crypto/heimdal/lib/gssapi/inquire_context.c index 6463253..95cd2c5 100644 --- a/crypto/heimdal/lib/gssapi/inquire_context.c +++ b/crypto/heimdal/lib/gssapi/inquire_context.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1997, 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: inquire_context.c,v 1.3 1999/12/02 17:05:04 joda Exp $"); +RCSID("$Id: inquire_context.c,v 1.5 2003/03/16 17:43:30 lha Exp $"); OM_uint32 gss_inquire_context ( OM_uint32 * minor_status, @@ -44,7 +44,7 @@ OM_uint32 gss_inquire_context ( gss_OID * mech_type, OM_uint32 * ctx_flags, int * locally_initiated, - int * open + int * open_context ) { OM_uint32 ret; @@ -66,7 +66,7 @@ OM_uint32 gss_inquire_context ( } if (lifetime_rec) - *lifetime_rec = GSS_C_INDEFINITE; + *lifetime_rec = context_handle->lifetime; if (mech_type) *mech_type = GSS_KRB5_MECHANISM; @@ -77,8 +77,9 @@ OM_uint32 gss_inquire_context ( if (locally_initiated) *locally_initiated = context_handle->more_flags & LOCAL; - if (open) - *open = context_handle->more_flags & OPEN; + if (open_context) + *open_context = context_handle->more_flags & OPEN; + *minor_status = 0; return GSS_S_COMPLETE; } diff --git a/crypto/heimdal/lib/gssapi/inquire_cred.c b/crypto/heimdal/lib/gssapi/inquire_cred.c index 62f3f50..4938d56 100644 --- a/crypto/heimdal/lib/gssapi/inquire_cred.c +++ b/crypto/heimdal/lib/gssapi/inquire_cred.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1997, 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: inquire_cred.c,v 1.3 2002/08/20 12:02:45 nectar Exp $"); +RCSID("$Id: inquire_cred.c,v 1.4 2003/03/16 17:42:14 lha Exp $"); OM_uint32 gss_inquire_cred (OM_uint32 * minor_status, @@ -46,6 +46,13 @@ OM_uint32 gss_inquire_cred { OM_uint32 ret; + *minor_status = 0; + + if (name) + *name = NULL; + if (mechanisms) + *mechanisms = GSS_C_NO_OID_SET; + if (cred_handle == GSS_C_NO_CREDENTIAL) { return GSS_S_FAILURE; } diff --git a/crypto/heimdal/lib/gssapi/inquire_cred_by_mech.c b/crypto/heimdal/lib/gssapi/inquire_cred_by_mech.c new file mode 100644 index 0000000..b09d1e1 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/inquire_cred_by_mech.c @@ -0,0 +1,80 @@ +/* + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gssapi_locl.h" + +RCSID("$Id: inquire_cred_by_mech.c,v 1.1 2003/03/16 18:11:16 lha Exp $"); + +OM_uint32 gss_inquire_cred_by_mech ( + OM_uint32 * minor_status, + const gss_cred_id_t cred_handle, + const gss_OID mech_type, + gss_name_t * name, + OM_uint32 * initiator_lifetime, + OM_uint32 * acceptor_lifetime, + gss_cred_usage_t * cred_usage + ) +{ + OM_uint32 ret; + OM_uint32 lifetime; + + if (gss_oid_equal(mech_type, GSS_C_NO_OID) == 0 && + gss_oid_equal(mech_type, GSS_KRB5_MECHANISM) == 0) { + *minor_status = EINVAL; + return GSS_S_BAD_MECH; + } + + ret = gss_inquire_cred (minor_status, + cred_handle, + name, + &lifetime, + cred_usage, + NULL); + + if (ret == 0 && cred_handle != GSS_C_NO_CREDENTIAL) { + gss_cred_usage_t usage; + + usage = cred_handle->usage; + + if (initiator_lifetime) { + if (usage == GSS_C_INITIATE || usage == GSS_C_BOTH) + *initiator_lifetime = lifetime; + } + if (acceptor_lifetime) { + if (usage == GSS_C_ACCEPT || usage == GSS_C_BOTH) + *acceptor_lifetime = lifetime; + } + } + + return ret; +} diff --git a/crypto/heimdal/lib/gssapi/inquire_mechs_for_name.c b/crypto/heimdal/lib/gssapi/inquire_mechs_for_name.c new file mode 100644 index 0000000..67ebb04 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/inquire_mechs_for_name.c @@ -0,0 +1,57 @@ +/* + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gssapi_locl.h" + +RCSID("$Id: inquire_mechs_for_name.c,v 1.1 2003/03/16 18:12:33 lha Exp $"); + +OM_uint32 gss_inquire_mechs_for_name ( + OM_uint32 * minor_status, + const gss_name_t input_name, + gss_OID_set * mech_types + ) +{ + OM_uint32 ret; + + ret = gss_create_empty_oid_set(minor_status, mech_types); + if (ret) + return ret; + + ret = gss_add_oid_set_member(minor_status, + GSS_KRB5_MECHANISM, + mech_types); + if (ret) + gss_release_oid_set(NULL, mech_types); + + return ret; +} diff --git a/crypto/heimdal/lib/gssapi/inquire_names_for_mech.c b/crypto/heimdal/lib/gssapi/inquire_names_for_mech.c new file mode 100644 index 0000000..0e93de6 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/inquire_names_for_mech.c @@ -0,0 +1,80 @@ +/* + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gssapi_locl.h" + +RCSID("$Id: inquire_names_for_mech.c,v 1.1 2003/03/16 18:15:29 lha Exp $"); + + +static gss_OID *name_list[] = { + &GSS_C_NT_HOSTBASED_SERVICE, + &GSS_C_NT_USER_NAME, + &GSS_KRB5_NT_PRINCIPAL_NAME, + &GSS_C_NT_EXPORT_NAME, + NULL +}; + +OM_uint32 gss_inquire_names_for_mech ( + OM_uint32 * minor_status, + const gss_OID mechanism, + gss_OID_set * name_types + ) +{ + OM_uint32 ret; + int i; + + *minor_status = 0; + + if (gss_oid_equal(mechanism, GSS_KRB5_MECHANISM) == 0 && + gss_oid_equal(mechanism, GSS_C_NULL_OID) == 0) { + *name_types = GSS_C_NO_OID_SET; + return GSS_S_BAD_MECH; + } + + ret = gss_create_empty_oid_set(minor_status, name_types); + if (ret != GSS_S_COMPLETE) + return ret; + + for (i = 0; name_list[i] != NULL; i++) { + ret = gss_add_oid_set_member(minor_status, + *(name_list[i]), + name_types); + if (ret != GSS_S_COMPLETE) + break; + } + + if (ret != GSS_S_COMPLETE) + gss_release_oid_set(NULL, name_types); + + return GSS_S_COMPLETE; +} diff --git a/crypto/heimdal/lib/gssapi/process_context_token.c b/crypto/heimdal/lib/gssapi/process_context_token.c new file mode 100644 index 0000000..0cec33c --- /dev/null +++ b/crypto/heimdal/lib/gssapi/process_context_token.c @@ -0,0 +1,65 @@ +/* + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gssapi_locl.h" + +RCSID("$Id: process_context_token.c,v 1.1 2003/03/16 18:19:05 lha Exp $"); + +OM_uint32 gss_process_context_token ( + OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + const gss_buffer_t token_buffer + ) +{ + OM_uint32 ret = GSS_S_FAILURE; + gss_buffer_desc empty_buffer; + gss_qop_t qop_state; + + empty_buffer.length = 0; + empty_buffer.value = NULL; + + qop_state = GSS_C_QOP_DEFAULT; + + ret = gss_verify_mic_internal(minor_status, context_handle, + token_buffer, &empty_buffer, + GSS_C_QOP_DEFAULT, "\x01\x02"); + + if (ret == GSS_S_COMPLETE) + ret = gss_delete_sec_context(minor_status, + (gss_ctx_id_t *)&context_handle, + GSS_C_NO_BUFFER); + if (ret == GSS_S_COMPLETE) + *minor_status = 0; + + return ret; +} diff --git a/crypto/heimdal/lib/gssapi/release_buffer.c b/crypto/heimdal/lib/gssapi/release_buffer.c index f399a18..258b76f 100644 --- a/crypto/heimdal/lib/gssapi/release_buffer.c +++ b/crypto/heimdal/lib/gssapi/release_buffer.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2000, 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,13 +33,14 @@ #include "gssapi_locl.h" -RCSID("$Id: release_buffer.c,v 1.4 2000/04/12 09:47:23 assar Exp $"); +RCSID("$Id: release_buffer.c,v 1.5 2003/03/16 17:58:20 lha Exp $"); OM_uint32 gss_release_buffer (OM_uint32 * minor_status, gss_buffer_t buffer ) { + *minor_status = 0; free (buffer->value); buffer->value = NULL; buffer->length = 0; diff --git a/crypto/heimdal/lib/gssapi/release_cred.c b/crypto/heimdal/lib/gssapi/release_cred.c index a414a98..172b2eb 100644 --- a/crypto/heimdal/lib/gssapi/release_cred.c +++ b/crypto/heimdal/lib/gssapi/release_cred.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,18 +33,20 @@ #include "gssapi_locl.h" -RCSID("$Id: release_cred.c,v 1.6 2002/08/20 12:02:45 nectar Exp $"); +RCSID("$Id: release_cred.c,v 1.8 2003/03/16 17:52:19 lha Exp $"); OM_uint32 gss_release_cred (OM_uint32 * minor_status, gss_cred_id_t * cred_handle ) { + *minor_status = 0; + if (*cred_handle == GSS_C_NO_CREDENTIAL) { return GSS_S_COMPLETE; } - gssapi_krb5_init (); + GSSAPI_KRB5_INIT (); if ((*cred_handle)->principal != NULL) krb5_free_principal(gssapi_krb5_context, (*cred_handle)->principal); diff --git a/crypto/heimdal/lib/gssapi/release_name.c b/crypto/heimdal/lib/gssapi/release_name.c index ce18a91..6894ffa 100644 --- a/crypto/heimdal/lib/gssapi/release_name.c +++ b/crypto/heimdal/lib/gssapi/release_name.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,16 +33,18 @@ #include "gssapi_locl.h" -RCSID("$Id: release_name.c,v 1.5 2000/04/12 09:48:27 assar Exp $"); +RCSID("$Id: release_name.c,v 1.7 2003/03/16 17:52:48 lha Exp $"); OM_uint32 gss_release_name (OM_uint32 * minor_status, gss_name_t * input_name ) { - gssapi_krb5_init (); - krb5_free_principal(gssapi_krb5_context, - *input_name); - *input_name = GSS_C_NO_NAME; - return GSS_S_COMPLETE; + GSSAPI_KRB5_INIT (); + if (minor_status) + *minor_status = 0; + krb5_free_principal(gssapi_krb5_context, + *input_name); + *input_name = GSS_C_NO_NAME; + return GSS_S_COMPLETE; } diff --git a/crypto/heimdal/lib/gssapi/release_oid_set.c b/crypto/heimdal/lib/gssapi/release_oid_set.c index 4225788..04eb015 100644 --- a/crypto/heimdal/lib/gssapi/release_oid_set.c +++ b/crypto/heimdal/lib/gssapi/release_oid_set.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2000, 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,13 +33,15 @@ #include "gssapi_locl.h" -RCSID("$Id: release_oid_set.c,v 1.4 2000/04/19 13:06:13 assar Exp $"); +RCSID("$Id: release_oid_set.c,v 1.5 2003/03/16 17:53:25 lha Exp $"); OM_uint32 gss_release_oid_set (OM_uint32 * minor_status, gss_OID_set * set ) { + if (minor_status) + *minor_status = 0; free ((*set)->elements); free (*set); *set = GSS_C_NO_OID_SET; diff --git a/crypto/heimdal/lib/gssapi/test_acquire_cred.c b/crypto/heimdal/lib/gssapi/test_acquire_cred.c new file mode 100644 index 0000000..29ed830 --- /dev/null +++ b/crypto/heimdal/lib/gssapi/test_acquire_cred.c @@ -0,0 +1,98 @@ +/* + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of KTH nor the names of its contributors may be + * used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ + +#include "gssapi_locl.h" +#include <err.h> + +RCSID("$Id: test_acquire_cred.c,v 1.2 2003/04/06 00:20:37 lha Exp $"); + +static void +print_time(OM_uint32 time_rec) +{ + if (time_rec == GSS_C_INDEFINITE) { + printf("cred never expire\n"); + } else { + time_t t = time_rec; + printf("expiration time: %s", ctime(&t)); + } +} + +int +main(int argc, char **argv) +{ + OM_uint32 major_status, minor_status; + gss_cred_id_t cred_handle, copy_cred; + OM_uint32 time_rec; + + major_status = gss_acquire_cred(&minor_status, + GSS_C_NO_NAME, + 0, + NULL, + GSS_C_INITIATE, + &cred_handle, + NULL, + &time_rec); + if (GSS_ERROR(major_status)) + errx(1, "acquire_cred failed"); + + + print_time(time_rec); + + major_status = gss_add_cred (&minor_status, + cred_handle, + GSS_C_NO_NAME, + GSS_KRB5_MECHANISM, + GSS_C_INITIATE, + 0, + 0, + ©_cred, + NULL, + &time_rec, + NULL); + + if (GSS_ERROR(major_status)) + errx(1, "add_cred failed"); + + print_time(time_rec); + + major_status = gss_release_cred(&minor_status, + &cred_handle); + if (GSS_ERROR(major_status)) + errx(1, "release_cred failed"); + + major_status = gss_release_cred(&minor_status, + ©_cred); + if (GSS_ERROR(major_status)) + errx(1, "release_cred failed"); + + return 0; +} diff --git a/crypto/heimdal/lib/gssapi/test_oid_set_member.c b/crypto/heimdal/lib/gssapi/test_oid_set_member.c index 47e9fa7..e747c5a 100644 --- a/crypto/heimdal/lib/gssapi/test_oid_set_member.c +++ b/crypto/heimdal/lib/gssapi/test_oid_set_member.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1997, 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: test_oid_set_member.c,v 1.4 1999/12/02 17:05:04 joda Exp $"); +RCSID("$Id: test_oid_set_member.c,v 1.5 2003/03/16 17:54:06 lha Exp $"); OM_uint32 gss_test_oid_set_member ( OM_uint32 * minor_status, @@ -44,14 +44,12 @@ OM_uint32 gss_test_oid_set_member ( { size_t i; + *minor_status = 0; *present = 0; for (i = 0; i < set->count; ++i) - if (member->length == set->elements[i].length - && memcmp (member->elements, - set->elements[i].elements, - member->length) == 0) { - *present = 1; - break; - } + if (gss_oid_equal(member, &set->elements[i]) != 0) { + *present = 1; + break; + } return GSS_S_COMPLETE; } diff --git a/crypto/heimdal/lib/gssapi/unwrap.c b/crypto/heimdal/lib/gssapi/unwrap.c index 5acb2e9..f2009be 100644 --- a/crypto/heimdal/lib/gssapi/unwrap.c +++ b/crypto/heimdal/lib/gssapi/unwrap.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: unwrap.c,v 1.21 2002/09/03 17:33:11 joda Exp $"); +RCSID("$Id: unwrap.c,v 1.22 2003/03/16 17:54:43 lha Exp $"); OM_uint32 gss_krb5_get_remotekey(const gss_ctx_id_t context_handle, @@ -53,7 +53,7 @@ gss_krb5_get_remotekey(const gss_ctx_id_t context_handle, context_handle->auth_context, &skey); if(skey == NULL) - return GSS_S_FAILURE; + return GSS_KRB5_S_KG_NO_SUBKEY; /* XXX */ *key = skey; return 0; } @@ -86,10 +86,8 @@ unwrap_des ret = gssapi_krb5_verify_header (&p, input_message_buffer->length, "\x02\x01"); - if (ret) { - *minor_status = 0; + if (ret) return ret; - } if (memcmp (p, "\x00\x00", 2) != 0) return GSS_S_BAD_SIG; @@ -222,10 +220,8 @@ unwrap_des3 ret = gssapi_krb5_verify_header (&p, input_message_buffer->length, "\x02\x01"); - if (ret) { - *minor_status = 0; + if (ret) return ret; - } if (memcmp (p, "\x04\x00", 2) != 0) /* HMAC SHA1 DES3_KD */ return GSS_S_BAD_SIG; @@ -398,6 +394,8 @@ OM_uint32 gss_unwrap } krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype); + *minor_status = 0; + switch (keytype) { case KEYTYPE_DES : ret = unwrap_des (minor_status, context_handle, diff --git a/crypto/heimdal/lib/gssapi/verify_mic.c b/crypto/heimdal/lib/gssapi/verify_mic.c index 7915fa5..1775860 100644 --- a/crypto/heimdal/lib/gssapi/verify_mic.c +++ b/crypto/heimdal/lib/gssapi/verify_mic.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: verify_mic.c,v 1.16 2002/05/20 15:14:00 nectar Exp $"); +RCSID("$Id: verify_mic.c,v 1.18.2.2 2003/05/05 18:59:42 lha Exp $"); static OM_uint32 verify_mic_des @@ -42,7 +42,8 @@ verify_mic_des const gss_buffer_t message_buffer, const gss_buffer_t token_buffer, gss_qop_t * qop_state, - krb5_keyblock *key + krb5_keyblock *key, + char *type ) { u_char *p; @@ -57,7 +58,7 @@ verify_mic_des p = token_buffer->value; ret = gssapi_krb5_verify_header (&p, token_buffer->length, - "\x01\x01"); + type); if (ret) { *minor_status = 0; return ret; @@ -87,6 +88,7 @@ verify_mic_des if (memcmp (p - 8, hash, 8) != 0) { memset (deskey, 0, sizeof(deskey)); memset (schedule, 0, sizeof(schedule)); + *minor_status = 0; return GSS_S_BAD_MIC; } @@ -112,6 +114,7 @@ verify_mic_des memset (schedule, 0, sizeof(schedule)); if (memcmp (p, seq_data, 8) != 0) { + *minor_status = 0; return GSS_S_BAD_MIC; } @@ -119,6 +122,7 @@ verify_mic_des context_handle->auth_context, ++seq_number); + *minor_status = 0; return GSS_S_COMPLETE; } @@ -129,7 +133,8 @@ verify_mic_des3 const gss_buffer_t message_buffer, const gss_buffer_t token_buffer, gss_qop_t * qop_state, - krb5_keyblock *key + krb5_keyblock *key, + char *type ) { u_char *p; @@ -138,14 +143,15 @@ verify_mic_des3 OM_uint32 ret; krb5_crypto crypto; krb5_data seq_data; - int cmp; + int cmp, docompat; Checksum csum; char *tmp; + char ivec[8]; p = token_buffer->value; ret = gssapi_krb5_verify_header (&p, token_buffer->length, - "\x01\x01"); + type); if (ret) { *minor_status = 0; return ret; @@ -167,22 +173,34 @@ verify_mic_des3 } /* verify sequence number */ + docompat = 0; +retry: + if (docompat) + memset(ivec, 0, 8); + else + memcpy(ivec, p + 8, 8); - ret = krb5_decrypt (gssapi_krb5_context, - crypto, - KRB5_KU_USAGE_SEQ, - p, 8, &seq_data); + ret = krb5_decrypt_ivec (gssapi_krb5_context, + crypto, + KRB5_KU_USAGE_SEQ, + p, 8, &seq_data, ivec); if (ret) { - gssapi_krb5_set_error_string (); - krb5_crypto_destroy (gssapi_krb5_context, crypto); - *minor_status = ret; - return GSS_S_FAILURE; + if (docompat++) { + gssapi_krb5_set_error_string (); + krb5_crypto_destroy (gssapi_krb5_context, crypto); + *minor_status = ret; + return GSS_S_FAILURE; + } else + goto retry; } if (seq_data.length != 8) { - krb5_crypto_destroy (gssapi_krb5_context, crypto); krb5_data_free (&seq_data); - return GSS_S_BAD_MIC; + if (docompat++) { + krb5_crypto_destroy (gssapi_krb5_context, crypto); + return GSS_S_BAD_MIC; + } else + goto retry; } krb5_auth_getremoteseqnumber (gssapi_krb5_context, @@ -198,8 +216,11 @@ verify_mic_des3 cmp = memcmp (seq, seq_data.data, seq_data.length); krb5_data_free (&seq_data); if (cmp != 0) { - krb5_crypto_destroy (gssapi_krb5_context, crypto); - return GSS_S_BAD_MIC; + if (docompat++) { + krb5_crypto_destroy (gssapi_krb5_context, crypto); + return GSS_S_BAD_MIC; + } else + goto retry; } /* verify checksum */ @@ -235,24 +256,24 @@ verify_mic_des3 ++seq_number); krb5_crypto_destroy (gssapi_krb5_context, crypto); + *minor_status = 0; return GSS_S_COMPLETE; } OM_uint32 -gss_verify_mic +gss_verify_mic_internal (OM_uint32 * minor_status, const gss_ctx_id_t context_handle, const gss_buffer_t message_buffer, const gss_buffer_t token_buffer, - gss_qop_t * qop_state + gss_qop_t * qop_state, + char * type ) { krb5_keyblock *key; OM_uint32 ret; krb5_keytype keytype; - if (qop_state != NULL) - *qop_state = GSS_C_QOP_DEFAULT; ret = gss_krb5_get_remotekey(context_handle, &key); if (ret) { gssapi_krb5_set_error_string (); @@ -263,11 +284,13 @@ gss_verify_mic switch (keytype) { case KEYTYPE_DES : ret = verify_mic_des (minor_status, context_handle, - message_buffer, token_buffer, qop_state, key); + message_buffer, token_buffer, qop_state, key, + type); break; case KEYTYPE_DES3 : ret = verify_mic_des3 (minor_status, context_handle, - message_buffer, token_buffer, qop_state, key); + message_buffer, token_buffer, qop_state, key, + type); break; default : *minor_status = KRB5_PROG_ETYPE_NOSUPP; @@ -275,5 +298,27 @@ gss_verify_mic break; } krb5_free_keyblock (gssapi_krb5_context, key); + + return ret; +} + +OM_uint32 +gss_verify_mic + (OM_uint32 * minor_status, + const gss_ctx_id_t context_handle, + const gss_buffer_t message_buffer, + const gss_buffer_t token_buffer, + gss_qop_t * qop_state + ) +{ + OM_uint32 ret; + + if (qop_state != NULL) + *qop_state = GSS_C_QOP_DEFAULT; + + ret = gss_verify_mic_internal(minor_status, context_handle, + message_buffer, token_buffer, + qop_state, "\x01\x01"); + return ret; } diff --git a/crypto/heimdal/lib/gssapi/wrap.c b/crypto/heimdal/lib/gssapi/wrap.c index 1a9d7ea..203cc89 100644 --- a/crypto/heimdal/lib/gssapi/wrap.c +++ b/crypto/heimdal/lib/gssapi/wrap.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: wrap.c,v 1.20 2002/09/03 17:33:36 joda Exp $"); +RCSID("$Id: wrap.c,v 1.21 2003/03/16 17:57:48 lha Exp $"); OM_uint32 gss_krb5_get_localkey(const gss_ctx_id_t context_handle, @@ -109,6 +109,7 @@ gss_wrap_size_limit ( break; } krb5_free_keyblock (gssapi_krb5_context, key); + *minor_status = 0; return ret; } @@ -141,8 +142,10 @@ wrap_des output_message_buffer->length = total_len; output_message_buffer->value = malloc (total_len); - if (output_message_buffer->value == NULL) + if (output_message_buffer->value == NULL) { + *minor_status = ENOMEM; return GSS_S_FAILURE; + } p = gssapi_krb5_make_header(output_message_buffer->value, len, @@ -228,6 +231,7 @@ wrap_des } if(conf_state != NULL) *conf_state = conf_req_flag; + *minor_status = 0; return GSS_S_COMPLETE; } @@ -259,8 +263,10 @@ wrap_des3 output_message_buffer->length = total_len; output_message_buffer->value = malloc (total_len); - if (output_message_buffer->value == NULL) + if (output_message_buffer->value == NULL) { + *minor_status = ENOMEM; return GSS_S_FAILURE; + } p = gssapi_krb5_make_header(output_message_buffer->value, len, @@ -395,6 +401,7 @@ wrap_des3 } if(conf_state != NULL) *conf_state = conf_req_flag; + *minor_status = 0; return GSS_S_COMPLETE; } diff --git a/crypto/heimdal/lib/hdb/Makefile.am b/crypto/heimdal/lib/hdb/Makefile.am index c4b9d29..3bee373b 100644 --- a/crypto/heimdal/lib/hdb/Makefile.am +++ b/crypto/heimdal/lib/hdb/Makefile.am @@ -1,4 +1,4 @@ -# $Id: Makefile.am,v 1.53 2002/08/19 16:17:16 joda Exp $ +# $Id: Makefile.am,v 1.53.4.1 2003/05/12 15:20:46 joda Exp $ include $(top_srcdir)/Makefile.am.common @@ -20,7 +20,7 @@ LDADD = libhdb.la \ $(LIB_roken) lib_LTLIBRARIES = libhdb.la -libhdb_la_LDFLAGS = -version-info 7:5:0 +libhdb_la_LDFLAGS = -version-info 7:6:0 libhdb_la_SOURCES = \ common.c \ diff --git a/crypto/heimdal/lib/hdb/Makefile.in b/crypto/heimdal/lib/hdb/Makefile.in index 6581a63..bcd1d0b 100644 --- a/crypto/heimdal/lib/hdb/Makefile.in +++ b/crypto/heimdal/lib/hdb/Makefile.in @@ -14,11 +14,11 @@ @SET_MAKE@ -# $Id: Makefile.am,v 1.53 2002/08/19 16:17:16 joda Exp $ +# $Id: Makefile.am,v 1.53.4.1 2003/05/12 15:20:46 joda Exp $ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -219,7 +220,7 @@ LDADD = libhdb.la \ lib_LTLIBRARIES = libhdb.la -libhdb_la_LDFLAGS = -version-info 7:5:0 +libhdb_la_LDFLAGS = -version-info 7:6:0 libhdb_la_SOURCES = \ common.c \ @@ -286,10 +287,10 @@ all: $(BUILT_SOURCES) .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign lib/hdb/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) libLTLIBRARIES_INSTALL = $(INSTALL) install-libLTLIBRARIES: $(lib_LTLIBRARIES) @@ -481,7 +482,9 @@ info: info-am info-am: -install-data-am: install-data-local install-includeHEADERS +install-data-am: install-includeHEADERS + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: install-libLTLIBRARIES @$(NORMAL_INSTALL) @@ -510,7 +513,7 @@ uninstall-am: uninstall-includeHEADERS uninstall-info-am \ clean-noinstPROGRAMS distclean distclean-compile \ distclean-generic distclean-libtool distclean-tags distdir dvi \ dvi-am info info-am install install-am install-data \ - install-data-am install-data-local install-exec install-exec-am \ + install-data-am install-exec install-exec-am \ install-includeHEADERS install-info install-info-am \ install-libLTLIBRARIES install-man install-strip installcheck \ installcheck-am installdirs maintainer-clean \ @@ -643,7 +646,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/lib/hdb/common.c b/crypto/heimdal/lib/hdb/common.c index 9375525..6f0e730 100644 --- a/crypto/heimdal/lib/hdb/common.c +++ b/crypto/heimdal/lib/hdb/common.c @@ -33,7 +33,7 @@ #include "hdb_locl.h" -RCSID("$Id: common.c,v 1.11 2002/09/04 16:32:30 joda Exp $"); +RCSID("$Id: common.c,v 1.12 2003/01/14 06:54:32 lha Exp $"); int hdb_principal2key(krb5_context context, krb5_principal p, krb5_data *key) @@ -78,20 +78,22 @@ krb5_error_code _hdb_fetch(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry) { krb5_data key, value; - int code = 0; + int code; hdb_principal2key(context, entry->principal, &key); code = db->_get(context, db, key, &value); krb5_data_free(&key); if(code) return code; - hdb_value2entry(context, &value, entry); + code = hdb_value2entry(context, &value, entry); + krb5_data_free(&value); + if (code) + return code; if (db->master_key_set && (flags & HDB_F_DECRYPT)) { code = hdb_unseal_keys (context, db, entry); if (code) hdb_free_entry(context, entry); } - krb5_data_free(&value); return code; } diff --git a/crypto/heimdal/lib/hdb/mkey.c b/crypto/heimdal/lib/hdb/mkey.c index 13aae9d..92bcd86 100644 --- a/crypto/heimdal/lib/hdb/mkey.c +++ b/crypto/heimdal/lib/hdb/mkey.c @@ -36,7 +36,7 @@ #define O_BINARY 0 #endif -RCSID("$Id: mkey.c,v 1.14 2002/08/16 18:59:49 assar Exp $"); +RCSID("$Id: mkey.c,v 1.15 2003/03/28 02:01:33 lha Exp $"); struct hdb_master_key_data { krb5_keytab_entry keytab; @@ -377,6 +377,7 @@ hdb_unseal_keys_mkey(krb5_context context, hdb_entry *ent, hdb_master_key mkey) int i; krb5_error_code ret; krb5_data res; + size_t keysize; Key *k; for(i = 0; i < ent->keys.len; i++){ @@ -398,9 +399,21 @@ hdb_unseal_keys_mkey(krb5_context context, hdb_entry *ent, hdb_master_key mkey) if (ret) return ret; + /* fixup keylength if the key got padded when encrypting it */ + ret = krb5_enctype_keysize(context, k->key.keytype, &keysize); + if (ret) { + krb5_data_free(&res); + return ret; + } + if (keysize > res.length) { + krb5_data_free(&res); + return KRB5_BAD_KEYSIZE; + } + memset(k->key.keyvalue.data, 0, k->key.keyvalue.length); free(k->key.keyvalue.data); k->key.keyvalue = res; + k->key.keyvalue.length = keysize; free(k->mkvno); k->mkvno = NULL; } diff --git a/crypto/heimdal/lib/kadm5/ChangeLog b/crypto/heimdal/lib/kadm5/ChangeLog index d6fbe0d..1879c19 100644 --- a/crypto/heimdal/lib/kadm5/ChangeLog +++ b/crypto/heimdal/lib/kadm5/ChangeLog @@ -1,6 +1,33 @@ +2003-04-16 Love Hörnquist Åstrand <lha@it.su.se> + + * send_recv.c: check return values from krb5_data_alloc + * log.c: check return values from krb5_data_alloc + +2003-04-16 Love Hörnquist Åstrand <lha@it.su.se> + + * dump_log.c (print_entry): check return values from + krb5_data_alloc + +2003-04-01 Love Hörnquist Åstrand <lha@it.su.se> + + * init_c.c (kadm_connect): if a context realm was passed in, use + that to form the kadmin/admin principal + +2003-03-19 Love Hörnquist Åstrand <lha@it.su.se> + + * ipropd_master.c (main): make sure we don't consider dead slave + for select processing + (write_stats): use slave_stats_file variable, + check return value of strftime + (args): allow specifying slave stats file + (slave_dead): close the fd when the slave dies + 2002-10-21 Johan Danielsson <joda@pdc.kth.se> - * ipropd_slave.c: pull up 1.27; use a temporary database + * ipropd_slave.c (from Derrick Brashear): Propagating a large + database without this means the slave kdcs can get erroneous + HDB_NOENTRY and return the resulting errors. This creates a new db + handle, populates it, and moves it into place. 2002-08-26 Assar Westerlund <assar@kth.se> diff --git a/crypto/heimdal/lib/kadm5/Makefile.am b/crypto/heimdal/lib/kadm5/Makefile.am index 05621dd..9b0c49d 100644 --- a/crypto/heimdal/lib/kadm5/Makefile.am +++ b/crypto/heimdal/lib/kadm5/Makefile.am @@ -1,10 +1,10 @@ -# $Id: Makefile.am,v 1.51 2002/08/16 20:57:09 joda Exp $ +# $Id: Makefile.am,v 1.51.6.1 2003/05/12 15:20:46 joda Exp $ include $(top_srcdir)/Makefile.am.common lib_LTLIBRARIES = libkadm5srv.la libkadm5clnt.la -libkadm5srv_la_LDFLAGS = -version-info 7:5:0 -libkadm5clnt_la_LDFLAGS = -version-info 6:3:2 +libkadm5srv_la_LDFLAGS = -version-info 7:6:0 +libkadm5clnt_la_LDFLAGS = -version-info 6:4:2 sbin_PROGRAMS = dump_log replay_log truncate_log libkadm5srv_la_LIBADD = ../krb5/libkrb5.la ../hdb/libhdb.la ../roken/libroken.la diff --git a/crypto/heimdal/lib/kadm5/Makefile.in b/crypto/heimdal/lib/kadm5/Makefile.in index 7fc233f..22b3a55 100644 --- a/crypto/heimdal/lib/kadm5/Makefile.in +++ b/crypto/heimdal/lib/kadm5/Makefile.in @@ -14,11 +14,11 @@ @SET_MAKE@ -# $Id: Makefile.am,v 1.51 2002/08/16 20:57:09 joda Exp $ +# $Id: Makefile.am,v 1.51.6.1 2003/05/12 15:20:46 joda Exp $ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -202,8 +203,8 @@ NROFF_MAN = groff -mandoc -Tascii @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la lib_LTLIBRARIES = libkadm5srv.la libkadm5clnt.la -libkadm5srv_la_LDFLAGS = -version-info 7:5:0 -libkadm5clnt_la_LDFLAGS = -version-info 6:3:2 +libkadm5srv_la_LDFLAGS = -version-info 7:6:0 +libkadm5clnt_la_LDFLAGS = -version-info 6:4:2 sbin_PROGRAMS = dump_log replay_log truncate_log libkadm5srv_la_LIBADD = ../krb5/libkrb5.la ../hdb/libhdb.la ../roken/libroken.la @@ -399,10 +400,10 @@ all: all-am .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign lib/kadm5/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) libLTLIBRARIES_INSTALL = $(INSTALL) install-libLTLIBRARIES: $(lib_LTLIBRARIES) @@ -658,7 +659,9 @@ info: info-am info-am: -install-data-am: install-data-local install-kadm5includeHEADERS +install-data-am: install-kadm5includeHEADERS + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: install-libLTLIBRARIES install-libexecPROGRAMS \ install-sbinPROGRAMS @@ -689,8 +692,8 @@ uninstall-am: uninstall-info-am uninstall-kadm5includeHEADERS \ clean-libtool clean-sbinPROGRAMS distclean distclean-compile \ distclean-generic distclean-libtool distclean-tags distdir dvi \ dvi-am info info-am install install-am install-data \ - install-data-am install-data-local install-exec install-exec-am \ - install-info install-info-am install-kadm5includeHEADERS \ + install-data-am install-exec install-exec-am install-info \ + install-info-am install-kadm5includeHEADERS \ install-libLTLIBRARIES install-libexecPROGRAMS install-man \ install-sbinPROGRAMS install-strip installcheck installcheck-am \ installdirs maintainer-clean maintainer-clean-generic \ @@ -824,7 +827,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/lib/kadm5/dump_log.c b/crypto/heimdal/lib/kadm5/dump_log.c index 5689f35..f8309fb 100644 --- a/crypto/heimdal/lib/kadm5/dump_log.c +++ b/crypto/heimdal/lib/kadm5/dump_log.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -34,7 +34,7 @@ #include "iprop.h" #include "parse_time.h" -RCSID("$Id: dump_log.c,v 1.12 2002/05/24 15:19:18 joda Exp $"); +RCSID("$Id: dump_log.c,v 1.13 2003/04/16 17:56:02 lha Exp $"); static char *op_names[] = { "get", @@ -89,7 +89,9 @@ print_entry(kadm5_server_context *server_context, krb5_free_principal(context, source); break; case kadm_rename: - krb5_data_alloc(&data, len); + ret = krb5_data_alloc(&data, len); + if (ret) + krb5_err (context, 1, ret, "kadm_rename: data alloc: %d", len); krb5_ret_principal(sp, &source); krb5_storage_read(sp, data.data, data.length); hdb_value2entry(context, &data, &ent); @@ -102,7 +104,9 @@ print_entry(kadm5_server_context *server_context, hdb_free_entry(context, &ent); break; case kadm_create: - krb5_data_alloc(&data, len); + ret = krb5_data_alloc(&data, len); + if (ret) + krb5_err (context, 1, ret, "kadm_create: data alloc: %d", len); krb5_storage_read(sp, data.data, data.length); ret = hdb_value2entry(context, &data, &ent); if(ret) @@ -110,7 +114,9 @@ print_entry(kadm5_server_context *server_context, mask = ~0; goto foo; case kadm_modify: - krb5_data_alloc(&data, len); + ret = krb5_data_alloc(&data, len); + if (ret) + krb5_err (context, 1, ret, "kadm_modify: data alloc: %d", len); krb5_ret_int32(sp, &mask); krb5_storage_read(sp, data.data, data.length); ret = hdb_value2entry(context, &data, &ent); diff --git a/crypto/heimdal/lib/kadm5/init_c.c b/crypto/heimdal/lib/kadm5/init_c.c index c7236b6..0ed1df1 100644 --- a/crypto/heimdal/lib/kadm5/init_c.c +++ b/crypto/heimdal/lib/kadm5/init_c.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -37,7 +37,7 @@ #include <netinet/in.h> #include <netdb.h> -RCSID("$Id: init_c.c,v 1.44 2002/06/16 15:13:25 nectar Exp $"); +RCSID("$Id: init_c.c,v 1.45 2003/04/01 15:06:41 lha Exp $"); static void set_funcs(kadm5_client_context *c) @@ -335,6 +335,7 @@ kadm_connect(kadm5_client_context *ctx) int error; char portstr[NI_MAXSERV]; char *hostname, *slash; + char *service_name; krb5_context context = ctx->context; memset (&hints, 0, sizeof(hints)); @@ -377,7 +378,20 @@ kadm_connect(kadm5_client_context *ctx) close(s); return ret; } - ret = krb5_parse_name(context, KADM5_ADMIN_SERVICE, &server); + + if (ctx->realm) + asprintf(&service_name, "%s@%s", KADM5_ADMIN_SERVICE, ctx->realm); + else + asprintf(&service_name, "%s", KADM5_ADMIN_SERVICE); + + if (service_name == NULL) { + freeaddrinfo (ai); + close(s); + return ENOMEM; + } + + ret = krb5_parse_name(context, service_name, &server); + free(service_name); if(ret) { freeaddrinfo (ai); if(ctx->ccache == NULL) diff --git a/crypto/heimdal/lib/kadm5/ipropd_master.c b/crypto/heimdal/lib/kadm5/ipropd_master.c index 626e853..537d403 100644 --- a/crypto/heimdal/lib/kadm5/ipropd_master.c +++ b/crypto/heimdal/lib/kadm5/ipropd_master.c @@ -34,10 +34,12 @@ #include "iprop.h" #include <rtbl.h> -RCSID("$Id: ipropd_master.c,v 1.28 2002/08/16 18:27:53 joda Exp $"); +RCSID("$Id: ipropd_master.c,v 1.29 2003/03/19 11:56:38 lha Exp $"); static krb5_log_facility *log_facility; +const char *slave_stats_file = KADM5_SLAVE_STATS; + static int make_signal_socket (krb5_context context) { @@ -123,6 +125,10 @@ slave_seen(slave *s) static void slave_dead(slave *s) { + if (s->fd >= 0) { + close (s->fd); + s->fd = -1; + } s->flags |= SLAVE_F_DEAD; slave_seen(s); } @@ -406,12 +412,12 @@ process_msg (krb5_context context, slave *s, int log_fd, static void write_stats(krb5_context context, slave *slaves, u_int32_t current_version) { - char str[30]; + char str[100]; rtbl_t tbl; time_t t = time(NULL); FILE *fp; - fp = fopen(KADM5_SLAVE_STATS, "w"); + fp = fopen(slave_stats_file, "w"); if (fp == NULL) return; @@ -457,8 +463,9 @@ write_stats(krb5_context context, slave *slaves, u_int32_t current_version) else rtbl_add_column_entry(tbl, SLAVE_STATUS, "Up"); - strftime(str, sizeof(str), "%Y-%m-%d %H:%M:%S", - localtime(&slaves->seen)); + if (strftime(str, sizeof(str), "%Y-%m-%d %H:%M:%S %Z", + localtime(&slaves->seen)) == 0) + strlcpy(str, "Unknown time", sizeof(str)); rtbl_add_column_entry(tbl, SLAVE_SEEN, str); slaves = slaves->next; @@ -482,6 +489,7 @@ static struct getargs args[] = { { "keytab", 'k', arg_string, &keytab_str, "keytab to get authentication from", "kspec" }, { "database", 'd', arg_string, &database, "database", "file"}, + { "slave-stats-file", 0, arg_string, &slave_stats_file, "file"}, { "version", 0, arg_flag, &version_flag }, { "help", 0, arg_flag, &help_flag } }; @@ -566,6 +574,8 @@ main(int argc, char **argv) max_fd = max(max_fd, listen_fd); for (p = slaves; p != NULL; p = p->next) { + if (p->flags & SLAVE_F_DEAD) + continue; FD_SET(p->fd, &readset); max_fd = max(max_fd, p->fd); } @@ -584,8 +594,11 @@ main(int argc, char **argv) kadm5_log_get_version_fd (log_fd, ¤t_version); if (current_version > old_version) - for (p = slaves; p != NULL; p = p->next) + for (p = slaves; p != NULL; p = p->next) { + if (p->flags & SLAVE_F_DEAD) + continue; send_diffs (context, p, log_fd, database, current_version); + } } if (ret && FD_ISSET(signal_fd, &readset)) { @@ -604,12 +617,15 @@ main(int argc, char **argv) send_diffs (context, p, log_fd, database, current_version); } - for(p = slaves; ret && p != NULL; p = p->next) + for(p = slaves; ret && p != NULL; p = p->next) { + if (p->flags & SLAVE_F_DEAD) + continue; if (FD_ISSET(p->fd, &readset)) { --ret; if(process_msg (context, p, log_fd, database, current_version)) slave_dead(p); } + } if (ret && FD_ISSET(listen_fd, &readset)) { add_slave (context, keytab, &slaves, listen_fd); diff --git a/crypto/heimdal/lib/kadm5/ipropd_slave.c b/crypto/heimdal/lib/kadm5/ipropd_slave.c index 31ab429..f8846c0 100644 --- a/crypto/heimdal/lib/kadm5/ipropd_slave.c +++ b/crypto/heimdal/lib/kadm5/ipropd_slave.c @@ -33,7 +33,7 @@ #include "iprop.h" -RCSID("$Id: ipropd_slave.c,v 1.26.2.1 2002/10/21 16:06:25 joda Exp $"); +RCSID("$Id: ipropd_slave.c,v 1.27 2002/10/21 15:51:44 joda Exp $"); static krb5_log_facility *log_facility; diff --git a/crypto/heimdal/lib/kadm5/log.c b/crypto/heimdal/lib/kadm5/log.c index 01432c9..8ea3ca9 100644 --- a/crypto/heimdal/lib/kadm5/log.c +++ b/crypto/heimdal/lib/kadm5/log.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kadm5_locl.h" -RCSID("$Id: log.c,v 1.19 2002/05/24 15:19:21 joda Exp $"); +RCSID("$Id: log.c,v 1.20 2003/04/16 17:56:55 lha Exp $"); /* * A log record consists of: @@ -268,7 +268,9 @@ kadm5_log_replay_create (kadm5_server_context *context, krb5_data data; hdb_entry ent; - krb5_data_alloc (&data, len); + ret = krb5_data_alloc (&data, len); + if (ret) + return ret; krb5_storage_read (sp, data.data, len); ret = hdb_value2entry (context->context, &data, &ent); krb5_data_free(&data); @@ -421,7 +423,11 @@ kadm5_log_replay_rename (kadm5_server_context *context, krb5_ret_principal (sp, &source); princ_len = krb5_storage_seek(sp, 0, SEEK_CUR) - off; data_len = len - princ_len; - krb5_data_alloc (&value, data_len); + ret = krb5_data_alloc (&value, data_len); + if (ret) { + krb5_free_principal (context->context, source); + return ret; + } krb5_storage_read (sp, value.data, data_len); ret = hdb_value2entry (context->context, &value, &target_ent); krb5_data_free(&value); @@ -509,7 +515,9 @@ kadm5_log_replay_modify (kadm5_server_context *context, krb5_ret_int32 (sp, &mask); len -= 4; - krb5_data_alloc (&value, len); + ret = krb5_data_alloc (&value, len); + if (ret) + return ret; krb5_storage_read (sp, value.data, len); ret = hdb_value2entry (context->context, &value, &log_ent); krb5_data_free(&value); diff --git a/crypto/heimdal/lib/kadm5/send_recv.c b/crypto/heimdal/lib/kadm5/send_recv.c index c13f01b..fe44b76 100644 --- a/crypto/heimdal/lib/kadm5/send_recv.c +++ b/crypto/heimdal/lib/kadm5/send_recv.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kadm5_locl.h" -RCSID("$Id: send_recv.c,v 1.9 2002/05/24 15:19:23 joda Exp $"); +RCSID("$Id: send_recv.c,v 1.10 2003/04/16 17:58:59 lha Exp $"); kadm5_ret_t _kadm5_client_send(kadm5_client_context *context, krb5_storage *sp) @@ -47,6 +47,8 @@ _kadm5_client_send(kadm5_client_context *context, krb5_storage *sp) len = krb5_storage_seek(sp, 0, SEEK_CUR); ret = krb5_data_alloc(&msg, len); + if (ret) + return ret; krb5_storage_seek(sp, 0, SEEK_SET); krb5_storage_read(sp, msg.data, msg.length); diff --git a/crypto/heimdal/lib/kafs/ChangeLog b/crypto/heimdal/lib/kafs/ChangeLog index acb3669..4c125e1 100644 --- a/crypto/heimdal/lib/kafs/ChangeLog +++ b/crypto/heimdal/lib/kafs/ChangeLog @@ -1,3 +1,119 @@ +2003-04-23 Love Hörquist Åstrand <lha@it.su.se> + + * common.c, kafs.h: drop the int argument (the error code) from + the logging function + +2003-04-22 Johan Danielsson <joda@pdc.kth.se> + + * afskrb5.c (v5_convert): better match what other functions do + with values from krb5.conf, like case insensitivity + +2003-04-16 Love Hörquist Åstrand <lha@it.su.se> + + * kafs.3: Change .Fd #include <header.h> to .In header.h + from Thomas Klausner <wiz@netbsd.org> + +2003-04-14 Love Hörquist Åstrand <lha@it.su.se> + + * Makefile.am: (libkafs_la_LDFLAGS): update version + + * Makefile.am (ROKEN_SRCS): drop strupr.c + + * kafs.3: document kafs_set_verbose + + * common.c (kafs_set_verbose): add function that (re)sets the + logging function + (_kafs_try_get_cred): add function that does (krb_data->get_cred) to + make logging easier (that is now done in this function) + (*): use _kafs_try_get_cred + + * afskrb5.c (get_cred): handle that inst can be the empty string too + (v5_convert): use _kafs_foldup + (krb5_afslog_uid_home): set name + (krb5_afslog_uid_home): ditto + + * afskrb.c (krb_afslog_uid_home): set name + (krb_afslog_uid_home): ditto + + * kafs_locl.h (kafs_data): add name + (_kafs_foldup): internally export + +2003-04-11 Love Hörquist Åstrand <lha@it.su.se> + + * kafs.3: tell that cell-name is uppercased + + * Makefile.am: add INCLUDE_krb4 when using krb4, add INCLUDE_des + when using krb5, add strupr.c + + * afskrb5.c: Check the cell part of the name, not the realm part + when checking if 2b should be used. The reson is afs@REALM might + have updated their servers but not afs/cell@REALM. Add constant + KAFS_RXKAD_2B_KVNO. + +2003-04-06 Love Hörquist Åstrand <lha@it.su.se> + + * kafs.3: s/kerberos/Kerberos/ + +2003-03-19 Love Hörquist Åstrand <lha@it.su.se> + + * kafs.3: spelling, from <jmc@prioris.mini.pw.edu.pl> + + * kafs.3: document the kafs_settoken functions write about the + krb5_appdefault option for kerberos 5 afs tokens fix prototypes + +2003-03-18 Love Hörquist Åstrand <lha@it.su.se> + + * afskrb5.c (kafs_settoken5): change signature to include a + krb5_context, use v5_convert + (v5_convert): new function, converts a krb5_ccreds to a kafs_token in + three diffrent ways, not at all, local 524/2b, and using 524 + (v5_to_kt): add code to do local 524/2b + (get_cred): use v5_convert + + + * kafs.h (kafs_settoken5): change signature to include a + krb5_context + + * Makefile.am: always build the libkafs library now that the + kerberos 5 can stand on their own + + * kafs.3: expose the krb5 functions + + * common.c (kafs_settoken_rxkad): move all content kerberos + version from kafs_settoken to kafs_settoken_rxkad + (_kafs_fixup_viceid): move the fixup the timestamp to make client + happy code here. + (_kafs_v4_to_kt): move all the kerberos 4 dependant parts from + kafs_settoken here. + (*): adapt to kafs_token + + * afskrb5.c (kafs_settoken5): new function, inserts a krb5_creds + into kernel + (v5_to_kt): new function, stores a krb5_creds in struct kafs_token + (get_cred): add a appdefault boolean ("libkafs", realm, "afs-use-524") + that can used to toggle if there should v5 token should be used + directly or converted via 524 first. + + * afskrb.c: move kafs_settoken here, use struct kafs_token + + * kafs_locl.h: include krb5-v4compat.h if needed, define an + internal structure struct kafs_token that carries around for rxkad + data that is independant of kerberos version + +2003-02-18 Love Hörquist Åstrand <lha@it.su.se> + + * dlfcn.h: s/intialize/initialize, from + <jmc@prioris.mini.pw.edu.pl> + +2003-02-08 Assar Westerlund <assar@kth.se> + + * afssysdefs.h: fix FreeBSD section + +2003-02-06 Love Hörquist Åstrand <lha@it.su.se> + + * afssysdefs.h: use syscall 208 on openbsd (all version) use + syscall 339 on freebsd 5.0 and later, use 210 on 4.x and earlier + 2002-08-28 Johan Danielsson <joda@pdc.kth.se> * kafs.3: move around sections (from NetBSD) diff --git a/crypto/heimdal/lib/kafs/Makefile.am b/crypto/heimdal/lib/kafs/Makefile.am index a59b585..a08c477 100644 --- a/crypto/heimdal/lib/kafs/Makefile.am +++ b/crypto/heimdal/lib/kafs/Makefile.am @@ -1,12 +1,27 @@ -# $Id: Makefile.am,v 1.37 2002/08/19 15:08:37 joda Exp $ +# $Id: Makefile.am,v 1.43.2.1 2003/05/12 15:20:46 joda Exp $ include $(top_srcdir)/Makefile.am.common -INCLUDES += $(INCLUDE_krb4) $(AFS_EXTRA_DEFS) $(ROKEN_RENAME) +INCLUDES += $(AFS_EXTRA_DEFS) $(ROKEN_RENAME) if KRB4 -AFSLIBS = libkafs.la DEPLIB_krb4 = $(LIB_krb4) $(LIB_des) +krb4_am_workaround = $(INCLUDE_krb4) +else +DEPLIB_krb4 = +krb4_am_workaround = +endif # KRB4 +INCLUDES += $(krb4_am_workaround) + +if KRB5 +DEPLIB_krb5 = ../krb5/libkrb5.la +krb5_am_workaround = $(INCLUDE_des) -I$(top_srcdir)/lib/krb5 +else +DEPLIB_krb5 = +krb5_am_workaround = +endif # KRB5 +INCLUDES += $(krb5_am_workaround) + if AIX AFSL_EXP = $(srcdir)/afsl.exp @@ -36,19 +51,10 @@ AFSL_EXP = AIX_SRC = endif # AIX -else -AFSLIBS = -DEPLIB_krb4 = -endif # KRB4 - -if KRB5 -libkafs_la_LIBADD = ../krb5/libkrb5.la ../roken/libroken.la $(DEPLIB_krb4) -else -libkafs_la_LIBADD = ../roken/libroken.la $(DEPLIB_krb4) -endif # KRB5 +libkafs_la_LIBADD = $(DEPLIB_krb5) ../roken/libroken.la $(DEPLIB_krb4) -lib_LTLIBRARIES = $(AFSLIBS) -libkafs_la_LDFLAGS = -version-info 3:4:3 +lib_LTLIBRARIES = libkafs.la +libkafs_la_LDFLAGS = -version-info 4:0:4 foodir = $(libdir) foo_DATA = $(AFS_EXTRA_LIBS) # EXTRA_DATA = afslib.so @@ -61,13 +67,18 @@ if KRB5 afskrb5_c = afskrb5.c endif +if KRB4 +afskrb_c = afskrb.c +endif + + if do_roken_rename ROKEN_SRCS = resolve.c strtok_r.c strlcpy.c strsep.c endif libkafs_la_SOURCES = \ afssys.c \ - afskrb.c \ + $(afskrb_c) \ $(afskrb5_c) \ common.c \ $(AIX_SRC) \ @@ -77,7 +88,7 @@ libkafs_la_SOURCES = \ #afslib_so_SOURCES = afslib.c -EXTRA_libkafs_la_SOURCES = afskrb5.c dlfcn.c afslib.c dlfcn.h +EXTRA_libkafs_la_SOURCES = afskrb.c afskrb5.c dlfcn.c afslib.c dlfcn.h EXTRA_DIST = README.dlfcn afsl.exp afslib.exp diff --git a/crypto/heimdal/lib/kafs/Makefile.in b/crypto/heimdal/lib/kafs/Makefile.in index 974d44c..22b0121 100644 --- a/crypto/heimdal/lib/kafs/Makefile.in +++ b/crypto/heimdal/lib/kafs/Makefile.in @@ -14,11 +14,11 @@ @SET_MAKE@ -# $Id: Makefile.am,v 1.37 2002/08/19 15:08:37 joda Exp $ +# $Id: Makefile.am,v 1.43.2.1 2003/05/12 15:20:46 joda Exp $ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -142,7 +143,7 @@ AUTOMAKE_OPTIONS = foreign no-dependencies 1.6 SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4) $(AFS_EXTRA_DEFS) $(ROKEN_RENAME) +INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(AFS_EXTRA_DEFS) $(ROKEN_RENAME) $(krb4_am_workaround) $(krb5_am_workaround) @do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -201,31 +202,35 @@ NROFF_MAN = groff -mandoc -Tascii @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la -@KRB4_TRUE@AFSLIBS = libkafs.la -@KRB4_FALSE@AFSLIBS = @KRB4_TRUE@DEPLIB_krb4 = $(LIB_krb4) $(LIB_des) @KRB4_FALSE@DEPLIB_krb4 = +@KRB4_TRUE@krb4_am_workaround = $(INCLUDE_krb4) +@KRB4_FALSE@krb4_am_workaround = -@AIX_FALSE@@KRB4_TRUE@AFSL_EXP = -@AIX_TRUE@@KRB4_TRUE@AFSL_EXP = $(srcdir)/afsl.exp +@KRB5_TRUE@DEPLIB_krb5 = ../krb5/libkrb5.la +@KRB5_FALSE@DEPLIB_krb5 = +@KRB5_TRUE@krb5_am_workaround = $(INCLUDE_des) -I$(top_srcdir)/lib/krb5 +@KRB5_FALSE@krb5_am_workaround = -@AIX4_FALSE@@AIX_TRUE@@KRB4_TRUE@AFS_EXTRA_LD = -e _nostart -@AIX4_TRUE@@AIX_TRUE@@KRB4_TRUE@AFS_EXTRA_LD = -bnoentry +@AIX_TRUE@AFSL_EXP = $(srcdir)/afsl.exp +@AIX_FALSE@AFSL_EXP = -@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@KRB4_TRUE@AIX_SRC = afslib.c -@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@AIX_SRC = dlfcn.c -@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@AIX_SRC = -@AIX_FALSE@@KRB4_TRUE@AIX_SRC = -@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@KRB4_TRUE@AFS_EXTRA_LIBS = -@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@KRB4_TRUE@AFS_EXTRA_LIBS = afslib.so -@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@KRB4_TRUE@AFS_EXTRA_DEFS = -DSTATIC_AFS -@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@KRB4_TRUE@AFS_EXTRA_DEFS = +@AIX4_FALSE@@AIX_TRUE@AFS_EXTRA_LD = -e _nostart +@AIX4_TRUE@@AIX_TRUE@AFS_EXTRA_LD = -bnoentry -@KRB5_TRUE@libkafs_la_LIBADD = ../krb5/libkrb5.la ../roken/libroken.la $(DEPLIB_krb4) -@KRB5_FALSE@libkafs_la_LIBADD = ../roken/libroken.la $(DEPLIB_krb4) +@AIX_FALSE@AIX_SRC = +@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@AIX_SRC = afslib.c +@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@AIX_SRC = +@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@AIX_SRC = dlfcn.c +@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@AFS_EXTRA_LIBS = +@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@AFS_EXTRA_LIBS = afslib.so +@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@AFS_EXTRA_DEFS = -DSTATIC_AFS +@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@AFS_EXTRA_DEFS = -lib_LTLIBRARIES = $(AFSLIBS) -libkafs_la_LDFLAGS = -version-info 3:4:3 +libkafs_la_LIBADD = $(DEPLIB_krb5) ../roken/libroken.la $(DEPLIB_krb4) + +lib_LTLIBRARIES = libkafs.la +libkafs_la_LDFLAGS = -version-info 4:0:4 foodir = $(libdir) foo_DATA = $(AFS_EXTRA_LIBS) @@ -236,11 +241,13 @@ include_HEADERS = kafs.h @KRB5_TRUE@afskrb5_c = afskrb5.c +@KRB4_TRUE@afskrb_c = afskrb.c + @do_roken_rename_TRUE@ROKEN_SRCS = resolve.c strtok_r.c strlcpy.c strsep.c libkafs_la_SOURCES = \ afssys.c \ - afskrb.c \ + $(afskrb_c) \ $(afskrb5_c) \ common.c \ $(AIX_SRC) \ @@ -251,7 +258,7 @@ libkafs_la_SOURCES = \ #afslib_so_SOURCES = afslib.c -EXTRA_libkafs_la_SOURCES = afskrb5.c dlfcn.c afslib.c dlfcn.h +EXTRA_libkafs_la_SOURCES = afskrb.c afskrb5.c dlfcn.c afslib.c dlfcn.h EXTRA_DIST = README.dlfcn afsl.exp afslib.exp @@ -268,16 +275,17 @@ LTLIBRARIES = $(lib_LTLIBRARIES) @KRB4_TRUE@@KRB5_TRUE@libkafs_la_DEPENDENCIES = ../krb5/libkrb5.la \ @KRB4_TRUE@@KRB5_TRUE@ ../roken/libroken.la @KRB4_TRUE@@KRB5_FALSE@libkafs_la_DEPENDENCIES = ../roken/libroken.la -@KRB5_TRUE@am__objects_11 = afskrb5.lo -@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@@KRB4_TRUE@am__objects_12 = afslib.lo -@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@am__objects_12 = \ -@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@@KRB4_TRUE@ dlfcn.lo -@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@@KRB4_TRUE@am__objects_12 = -@AIX_FALSE@@KRB4_TRUE@am__objects_12 = -@do_roken_rename_TRUE@am__objects_13 = resolve.lo strtok_r.lo strlcpy.lo \ +@KRB4_TRUE@am__objects_11 = afskrb.lo +@KRB5_TRUE@am__objects_12 = afskrb5.lo +@AIX_FALSE@am__objects_13 = +@AIX_DYNAMIC_AFS_FALSE@@AIX_TRUE@am__objects_13 = afslib.lo +@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_TRUE@am__objects_13 = +@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@am__objects_13 = \ +@AIX_DYNAMIC_AFS_TRUE@@AIX_TRUE@@HAVE_DLOPEN_FALSE@ dlfcn.lo +@do_roken_rename_TRUE@am__objects_14 = resolve.lo strtok_r.lo strlcpy.lo \ @do_roken_rename_TRUE@ strsep.lo -am_libkafs_la_OBJECTS = afssys.lo afskrb.lo $(am__objects_11) common.lo \ - $(am__objects_12) $(am__objects_13) +am_libkafs_la_OBJECTS = afssys.lo $(am__objects_11) $(am__objects_12) \ + common.lo $(am__objects_13) $(am__objects_14) libkafs_la_OBJECTS = $(am_libkafs_la_OBJECTS) DEFS = @DEFS@ @@ -308,10 +316,10 @@ all: all-am .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign lib/kafs/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) libLTLIBRARIES_INSTALL = $(INSTALL) install-libLTLIBRARIES: $(lib_LTLIBRARIES) @@ -553,8 +561,9 @@ info: info-am info-am: -install-data-am: install-data-local install-fooDATA \ - install-includeHEADERS install-man +install-data-am: install-fooDATA install-includeHEADERS install-man + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: install-libLTLIBRARIES @$(NORMAL_INSTALL) @@ -584,16 +593,15 @@ uninstall-man: uninstall-man3 clean-generic clean-libLTLIBRARIES clean-libtool distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am info info-am install \ - install-am install-data install-data-am install-data-local \ - install-exec install-exec-am install-fooDATA \ - install-includeHEADERS install-info install-info-am \ - install-libLTLIBRARIES install-man install-man3 install-strip \ - installcheck installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool tags uninstall \ - uninstall-am uninstall-fooDATA uninstall-includeHEADERS \ - uninstall-info-am uninstall-libLTLIBRARIES uninstall-man \ - uninstall-man3 + install-am install-data install-data-am install-exec \ + install-exec-am install-fooDATA install-includeHEADERS \ + install-info install-info-am install-libLTLIBRARIES install-man \ + install-man3 install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool tags uninstall uninstall-am \ + uninstall-fooDATA uninstall-includeHEADERS uninstall-info-am \ + uninstall-libLTLIBRARIES uninstall-man uninstall-man3 install-suid-programs: @@ -719,7 +727,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/lib/kafs/afskrb.c b/crypto/heimdal/lib/kafs/afskrb.c index 038a2ad..523a7b9 100644 --- a/crypto/heimdal/lib/kafs/afskrb.c +++ b/crypto/heimdal/lib/kafs/afskrb.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2001, 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,9 @@ #include "kafs_locl.h" -RCSID("$Id: afskrb.c,v 1.15 2001/10/24 19:36:27 assar Exp $"); +RCSID("$Id: afskrb.c,v 1.17 2003/04/14 08:32:11 lha Exp $"); + +#ifdef KRB4 struct krb_kafs_data { const char *realm; @@ -41,16 +43,19 @@ struct krb_kafs_data { static int get_cred(kafs_data *data, const char *name, const char *inst, - const char *realm, CREDENTIALS *c) + const char *realm, uid_t uid, struct kafs_token *kt) { + CREDENTIALS c; KTEXT_ST tkt; - int ret = krb_get_cred((char*)name, (char*)inst, (char*)realm, c); + int ret = krb_get_cred((char*)name, (char*)inst, (char*)realm, &c); if (ret) { ret = krb_mk_req(&tkt, (char*)name, (char*)inst, (char*)realm, 0); if (ret == KSUCCESS) - ret = krb_get_cred((char*)name, (char*)inst, (char*)realm, c); + ret = krb_get_cred((char*)name, (char*)inst, (char*)realm, &c); } + if (ret == 0) + ret = _kafs_v4_to_kt(&c, uid, kt); return ret; } @@ -62,11 +67,13 @@ afslog_uid_int(kafs_data *data, const char *homedir) { int ret; - CREDENTIALS c; + struct kafs_token kt; char name[ANAME_SZ]; char inst[INST_SZ]; char realm[REALM_SZ]; + kt.ticket = NULL; + if (cell == 0 || cell[0] == 0) return _kafs_afslog_all_local_cells (data, uid, homedir); @@ -75,10 +82,13 @@ afslog_uid_int(kafs_data *data, if (ret != KSUCCESS) return ret; - ret = _kafs_get_cred(data, cell, realm_hint, realm, &c); + kt.ticket = NULL; + ret = _kafs_get_cred(data, cell, realm_hint, realm, uid, &kt); - if (ret == 0) - ret = kafs_settoken(cell, uid, &c); + if (ret == 0) { + ret = kafs_settoken_rxkad(cell, &kt.ct, kt.ticket, kt.ticket_len); + free(kt.ticket); + } return ret; } @@ -98,6 +108,7 @@ krb_afslog_uid_home(const char *cell, const char *realm_hint, uid_t uid, { kafs_data kd; + kd.name = "krb4"; kd.afslog_uid = afslog_uid_int; kd.get_cred = get_cred; kd.get_realm = get_realm; @@ -132,6 +143,31 @@ krb_realm_of_cell(const char *cell, char **realm) { kafs_data kd; + kd.name = "krb4"; kd.get_realm = get_realm; return _kafs_realm_of_cell(&kd, cell, realm); } + +int +kafs_settoken(const char *cell, uid_t uid, CREDENTIALS *c) +{ + struct kafs_token kt; + int ret; + + kt.ticket = NULL; + + ret = _kafs_v4_to_kt(c, uid, &kt); + if (ret) + return ret; + + if (kt.ct.EndTimestamp < time(NULL)) { + free(kt.ticket); + return 0; + } + + ret = kafs_settoken_rxkad(cell, &kt.ct, kt.ticket, kt.ticket_len); + free(kt.ticket); + return ret; +} + +#endif /* KRB4 */ diff --git a/crypto/heimdal/lib/kafs/afskrb5.c b/crypto/heimdal/lib/kafs/afskrb5.c index fe5f96a..d415db6 100644 --- a/crypto/heimdal/lib/kafs/afskrb5.c +++ b/crypto/heimdal/lib/kafs/afskrb5.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1995-2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kafs_locl.h" -RCSID("$Id: afskrb5.c,v 1.14 2001/06/18 13:11:32 assar Exp $"); +RCSID("$Id: afskrb5.c,v 1.18.2.1 2003/04/22 14:25:43 joda Exp $"); struct krb5_kafs_data { krb5_context context; @@ -41,9 +41,126 @@ struct krb5_kafs_data { krb5_const_realm realm; }; +enum { + KAFS_RXKAD_2B_KVNO = 213, + KAFS_RXKAD_K5_KVNO = 256 +}; + +static int +v5_to_kt(krb5_creds *cred, uid_t uid, struct kafs_token *kt, int local524) +{ + int kvno, ret; + + kt->ticket = NULL; + + /* check if des key */ + if (cred->session.keyvalue.length != 8) + return EINVAL; + + if (local524) { + Ticket t; + unsigned char *buf; + size_t buf_len; + size_t len; + + kvno = KAFS_RXKAD_2B_KVNO; + + ret = decode_Ticket(cred->ticket.data, cred->ticket.length, &t, &len); + if (ret) + return ret; + if (t.tkt_vno != 5) + return -1; + + ASN1_MALLOC_ENCODE(EncryptedData, buf, buf_len, &t.enc_part, + &len, ret); + free_Ticket(&t); + if (ret) + return ret; + if(buf_len != len) { + free(buf); + return KRB5KRB_ERR_GENERIC; + } + + kt->ticket = buf; + kt->ticket_len = buf_len; + + } else { + kvno = KAFS_RXKAD_K5_KVNO; + kt->ticket = malloc(cred->ticket.length); + if (kt->ticket == NULL) + return ENOMEM; + kt->ticket_len = cred->ticket.length; + memcpy(kt->ticket, cred->ticket.data, kt->ticket_len); + + ret = 0; + } + + + /* + * Build a struct ClearToken + */ + + kt->ct.AuthHandle = kvno; + memcpy(kt->ct.HandShakeKey, cred->session.keyvalue.data, 8); + kt->ct.ViceId = uid; + kt->ct.BeginTimestamp = cred->times.starttime; + kt->ct.EndTimestamp = cred->times.endtime; + + _kafs_fixup_viceid(&kt->ct, uid); + + return 0; +} + +static krb5_error_code +v5_convert(krb5_context context, krb5_ccache id, + krb5_creds *cred, uid_t uid, + const char *cell, + struct kafs_token *kt) +{ + krb5_error_code ret; + char *c, *val; + + c = strdup(cell); + if (c == NULL) + return ENOMEM; + _kafs_foldup(c, c); + krb5_appdefault_string (context, "libkafs", + c, + "afs-use-524", "yes", &val); + free(c); + + if (strcasecmp(val, "local") == 0 || + strcasecmp(val, "2b") == 0) + ret = v5_to_kt(cred, uid, kt, 1); + else if(strcasecmp(val, "yes") == 0 || + strcasecmp(val, "true") == 0 || + atoi(val)) { + struct credentials c; + + if (id == NULL) + ret = krb524_convert_creds_kdc(context, cred, &c); + else + ret = krb524_convert_creds_kdc_ccache(context, id, cred, &c); + if (ret) + goto out; + + ret = _kafs_v4_to_kt(&c, uid, kt); + } else + ret = v5_to_kt(cred, uid, kt, 0); + + out: + free(val); + return ret; +} + + +/* + * + */ + static int get_cred(kafs_data *data, const char *name, const char *inst, - const char *realm, CREDENTIALS *c) + const char *realm, uid_t uid, struct kafs_token *kt) { krb5_error_code ret; krb5_creds in_creds, *out_creds; @@ -65,8 +182,11 @@ get_cred(kafs_data *data, const char *name, const char *inst, krb5_free_principal(d->context, in_creds.client); if(ret) return ret; - ret = krb524_convert_creds_kdc_ccache(d->context, d->id, out_creds, c); + + ret = v5_convert(d->context, d->id, out_creds, uid, + (inst != NULL && inst[0] != '\0') ? inst : realm, kt); krb5_free_creds(d->context, out_creds); + return ret; } @@ -75,7 +195,7 @@ afslog_uid_int(kafs_data *data, const char *cell, const char *rh, uid_t uid, const char *homedir) { krb5_error_code ret; - CREDENTIALS c; + struct kafs_token kt; krb5_principal princ; krb5_realm *trealm; /* ticket realm */ struct krb5_kafs_data *d = data->data; @@ -94,12 +214,15 @@ afslog_uid_int(kafs_data *data, const char *cell, const char *rh, uid_t uid, krb5_free_principal (d->context, princ); } - ret = _kafs_get_cred(data, cell, d->realm, *trealm, &c); + kt.ticket = NULL; + ret = _kafs_get_cred(data, cell, d->realm, *trealm, uid, &kt); if(trealm) krb5_free_principal (d->context, princ); - if(ret == 0) - ret = kafs_settoken(cell, uid, &c); + if(ret == 0) { + ret = kafs_settoken_rxkad(cell, &kt.ct, kt.ticket, kt.ticket_len); + free(kt.ticket); + } return ret; } @@ -126,6 +249,7 @@ krb5_afslog_uid_home(krb5_context context, { kafs_data kd; struct krb5_kafs_data d; + kd.name = "krb5"; kd.afslog_uid = afslog_uid_int; kd.get_cred = get_cred; kd.get_realm = get_realm; @@ -174,6 +298,29 @@ krb5_realm_of_cell(const char *cell, char **realm) { kafs_data kd; + kd.name = "krb5"; kd.get_realm = get_realm; return _kafs_realm_of_cell(&kd, cell, realm); } + +/* + * + */ + +int +kafs_settoken5(krb5_context context, const char *cell, uid_t uid, + krb5_creds *cred) +{ + struct kafs_token kt; + int ret; + + ret = v5_convert(context, NULL, cred, uid, cell, &kt); + if (ret) + return ret; + + ret = kafs_settoken_rxkad(cell, &kt.ct, kt.ticket, kt.ticket_len); + + free(kt.ticket); + + return ret; +} diff --git a/crypto/heimdal/lib/kafs/afssys.c b/crypto/heimdal/lib/kafs/afssys.c index c64b382..84989a0 100644 --- a/crypto/heimdal/lib/kafs/afssys.c +++ b/crypto/heimdal/lib/kafs/afssys.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995 - 200 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2000, 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kafs_locl.h" -RCSID("$Id: afssys.c,v 1.67 2000/07/08 12:06:03 assar Exp $"); +RCSID("$Id: afssys.c,v 1.69 2003/03/18 04:18:45 lha Exp $"); int _kafs_debug; /* this should be done in a better way */ @@ -160,7 +160,7 @@ k_pioctl(char *a_path, errno = ENOSYS; #ifdef SIGSYS - kill(getpid(), SIGSYS); /* You loose! */ + kill(getpid(), SIGSYS); /* You lose! */ #endif #endif /* NO_AFS */ return -1; @@ -208,7 +208,7 @@ k_setpag(void) errno = ENOSYS; #ifdef SIGSYS - kill(getpid(), SIGSYS); /* You loose! */ + kill(getpid(), SIGSYS); /* You lose! */ #endif #endif /* NO_AFS */ return -1; diff --git a/crypto/heimdal/lib/kafs/afssysdefs.h b/crypto/heimdal/lib/kafs/afssysdefs.h index 800921f..bfda36a 100644 --- a/crypto/heimdal/lib/kafs/afssysdefs.h +++ b/crypto/heimdal/lib/kafs/afssysdefs.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: afssysdefs.h,v 1.24 2000/11/17 01:07:47 assar Exp $ */ +/* $Id: afssysdefs.h,v 1.26 2003/02/08 22:55:55 assar Exp $ */ /* * This section is for machines using single entry point AFS syscalls! @@ -82,7 +82,19 @@ #define AFS_SYSCALL 31 #endif -#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) +#if defined(__FreeBSD__) +#if __FreeBSD_version >= 500000 +#define AFS_SYSCALL 339 +#else +#define AFS_SYSCALL 210 +#endif +#endif /* __FreeBSD__ */ + +#ifdef __OpenBSD__ +#define AFS_SYSCALL 208 +#endif + +#if defined(__NetBSD__) #define AFS_SYSCALL 210 #endif diff --git a/crypto/heimdal/lib/kafs/common.c b/crypto/heimdal/lib/kafs/common.c index 0c448f5..291dcac 100644 --- a/crypto/heimdal/lib/kafs/common.c +++ b/crypto/heimdal/lib/kafs/common.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kafs_locl.h" -RCSID("$Id: common.c,v 1.24 2002/05/31 02:43:51 assar Exp $"); +RCSID("$Id: common.c,v 1.26.2.1 2003/04/23 18:03:20 lha Exp $"); #define AUTH_SUPERUSER "afs" @@ -45,8 +45,11 @@ RCSID("$Id: common.c,v 1.24 2002/05/31 02:43:51 assar Exp $"); #define ToAsciiUpper(c) ((c) - 'a' + 'A') -static void -foldup(char *a, const char *b) +static void (*kafs_verbose)(void *, const char *); +static void *kafs_verbose_ctx; + +void +_kafs_foldup(char *a, const char *b) { for (; *b; a++, b++) if (IsAsciiLower(*b)) @@ -56,62 +59,39 @@ foldup(char *a, const char *b) *a = '\0'; } +void +kafs_set_verbose(void (*f)(void *, const char *), void *ctx) +{ + if (f) { + kafs_verbose = f; + kafs_verbose_ctx = ctx; + } +} + int -kafs_settoken(const char *cell, uid_t uid, CREDENTIALS *c) +kafs_settoken_rxkad(const char *cell, struct ClearToken *ct, + void *ticket, size_t ticket_len) { struct ViceIoctl parms; - struct ClearToken ct; - int32_t sizeof_x; char buf[2048], *t; - int ret; + int32_t sizeof_x; - /* - * Build a struct ClearToken - */ - ct.AuthHandle = c->kvno; - memcpy (ct.HandShakeKey, c->session, sizeof(c->session)); - ct.ViceId = uid; - ct.BeginTimestamp = c->issue_date; - ct.EndTimestamp = krb_life_to_time(c->issue_date, c->lifetime); - if(ct.EndTimestamp < time(NULL)) - return 0; /* don't store tokens that has expired (and possibly - overwriting valid tokens)*/ - -#define ODD(x) ((x) & 1) - /* According to Transarc conventions ViceId is valid iff - * (EndTimestamp - BeginTimestamp) is odd. By decrementing EndTime - * the transformations: - * - * (issue_date, life) -> (StartTime, EndTime) -> (issue_date, life) - * preserves the original values. - */ - if (uid != 0) /* valid ViceId */ - { - if (!ODD(ct.EndTimestamp - ct.BeginTimestamp)) - ct.EndTimestamp--; - } - else /* not valid ViceId */ - { - if (ODD(ct.EndTimestamp - ct.BeginTimestamp)) - ct.EndTimestamp--; - } - t = buf; /* * length of secret token followed by secret token */ - sizeof_x = c->ticket_st.length; + sizeof_x = ticket_len; memcpy(t, &sizeof_x, sizeof(sizeof_x)); t += sizeof(sizeof_x); - memcpy(t, c->ticket_st.dat, sizeof_x); + memcpy(t, ticket, sizeof_x); t += sizeof_x; /* * length of clear token followed by clear token */ - sizeof_x = sizeof(ct); + sizeof_x = sizeof(*ct); memcpy(t, &sizeof_x, sizeof(sizeof_x)); t += sizeof(sizeof_x); - memcpy(t, &ct, sizeof_x); + memcpy(t, ct, sizeof_x); t += sizeof_x; /* @@ -134,8 +114,60 @@ kafs_settoken(const char *cell, uid_t uid, CREDENTIALS *c) parms.in_size = t - buf; parms.out = 0; parms.out_size = 0; - ret = k_pioctl(0, VIOCSETTOK, &parms, 0); - return ret; + + return k_pioctl(0, VIOCSETTOK, &parms, 0); +} + +void +_kafs_fixup_viceid(struct ClearToken *ct, uid_t uid) +{ +#define ODD(x) ((x) & 1) + /* According to Transarc conventions ViceId is valid iff + * (EndTimestamp - BeginTimestamp) is odd. By decrementing EndTime + * the transformations: + * + * (issue_date, life) -> (StartTime, EndTime) -> (issue_date, life) + * preserves the original values. + */ + if (uid != 0) /* valid ViceId */ + { + if (!ODD(ct->EndTimestamp - ct->BeginTimestamp)) + ct->EndTimestamp--; + } + else /* not valid ViceId */ + { + if (ODD(ct->EndTimestamp - ct->BeginTimestamp)) + ct->EndTimestamp--; + } +} + + +int +_kafs_v4_to_kt(CREDENTIALS *c, uid_t uid, struct kafs_token *kt) +{ + kt->ticket = NULL; + + if (c->ticket_st.length > MAX_KTXT_LEN) + return EINVAL; + + kt->ticket = malloc(c->ticket_st.length); + if (kt->ticket == NULL) + return ENOMEM; + kt->ticket_len = c->ticket_st.length; + memcpy(kt->ticket, c->ticket_st.dat, kt->ticket_len); + + /* + * Build a struct ClearToken + */ + kt->ct.AuthHandle = c->kvno; + memcpy (kt->ct.HandShakeKey, c->session, sizeof(c->session)); + kt->ct.ViceId = uid; + kt->ct.BeginTimestamp = c->issue_date; + kt->ct.EndTimestamp = krb_life_to_time(c->issue_date, c->lifetime); + + _kafs_fixup_viceid(&kt->ct, uid); + + return 0; } /* Try to get a db-server for an AFS cell from a AFSDB record */ @@ -330,12 +362,33 @@ _kafs_realm_of_cell(kafs_data *data, const char *cell, char **realm) return file_find_cell(data, cell, realm, 0); } +static int +_kafs_try_get_cred(kafs_data *data, const char *user, const char *cell, + const char *realm, uid_t uid, struct kafs_token *kt) +{ + int ret; + + ret = (*data->get_cred)(data, user, cell, realm, uid, kt); + if (kafs_verbose) { + char *str; + asprintf(&str, "%s tried afs%s%s@%s -> %d", + data->name, cell[0] == '\0' ? "" : "/", + cell, realm, ret); + (*kafs_verbose)(kafs_verbose_ctx, str); + free(str); + } + + return ret; +} + + int _kafs_get_cred(kafs_data *data, - const char *cell, - const char *realm_hint, - const char *realm, - CREDENTIALS *c) + const char *cell, + const char *realm_hint, + const char *realm, + uid_t uid, + struct kafs_token *kt) { int ret = -1; char *vl_realm; @@ -366,20 +419,23 @@ _kafs_get_cred(kafs_data *data, */ if (realm_hint) { - ret = (*data->get_cred)(data, AUTH_SUPERUSER, cell, realm_hint, c); + ret = _kafs_try_get_cred(data, AUTH_SUPERUSER, + cell, realm_hint, uid, kt); if (ret == 0) return 0; - ret = (*data->get_cred)(data, AUTH_SUPERUSER, "", realm_hint, c); + ret = _kafs_try_get_cred(data, AUTH_SUPERUSER, + "", realm_hint, uid, kt); if (ret == 0) return 0; } - foldup(CELL, cell); + _kafs_foldup(CELL, cell); /* * If cell == realm we don't need no cross-cell authentication. * Try afs@REALM. */ if (strcmp(CELL, realm) == 0) { - ret = (*data->get_cred)(data, AUTH_SUPERUSER, "", realm, c); + ret = _kafs_try_get_cred(data, AUTH_SUPERUSER, + "", realm, uid, kt); if (ret == 0) return 0; /* Try afs.cell@REALM below. */ } @@ -389,7 +445,8 @@ _kafs_get_cred(kafs_data *data, * REALM we still don't have to resort to cross-cell authentication. * Try afs.cell@REALM. */ - ret = (*data->get_cred)(data, AUTH_SUPERUSER, cell, realm, c); + ret = _kafs_try_get_cred(data, AUTH_SUPERUSER, + cell, realm, uid, kt); if (ret == 0) return 0; /* @@ -398,9 +455,11 @@ _kafs_get_cred(kafs_data *data, * Try afs@CELL. * Try afs.cell@CELL. */ - ret = (*data->get_cred)(data, AUTH_SUPERUSER, "", CELL, c); + ret = _kafs_try_get_cred(data, AUTH_SUPERUSER, + "", CELL, uid, kt); if (ret == 0) return 0; - ret = (*data->get_cred)(data, AUTH_SUPERUSER, cell, CELL, c); + ret = _kafs_try_get_cred(data, AUTH_SUPERUSER, + cell, CELL, uid, kt); if (ret == 0) return 0; /* @@ -412,9 +471,11 @@ _kafs_get_cred(kafs_data *data, if (_kafs_realm_of_cell(data, cell, &vl_realm) == 0 && strcmp(vl_realm, realm) != 0 && strcmp(vl_realm, CELL) != 0) { - ret = (*data->get_cred)(data, AUTH_SUPERUSER, cell, vl_realm, c); + ret = _kafs_try_get_cred(data, AUTH_SUPERUSER, + cell, vl_realm, uid, kt); if (ret) - ret = (*data->get_cred)(data, AUTH_SUPERUSER, "", vl_realm, c); + ret = _kafs_try_get_cred(data, AUTH_SUPERUSER, + "", vl_realm, uid, kt); free(vl_realm); if (ret == 0) return 0; } diff --git a/crypto/heimdal/lib/kafs/dlfcn.h b/crypto/heimdal/lib/kafs/dlfcn.h index 5671e9c..b8dfd98 100644 --- a/crypto/heimdal/lib/kafs/dlfcn.h +++ b/crypto/heimdal/lib/kafs/dlfcn.h @@ -19,7 +19,7 @@ extern "C" { #define RTLD_GLOBAL 0x100 /* allow symbols to be global */ /* - * To be able to intialize, a library may provide a dl_info structure + * To be able to initialize, a library may provide a dl_info structure * that contains functions to be called to initialize and terminate. */ struct dl_info { diff --git a/crypto/heimdal/lib/kafs/kafs.3 b/crypto/heimdal/lib/kafs/kafs.3 index 934d121..c6cff4d 100644 --- a/crypto/heimdal/lib/kafs/kafs.3 +++ b/crypto/heimdal/lib/kafs/kafs.3 @@ -1,7 +1,38 @@ -.\" $Id: kafs.3,v 1.8 2002/08/28 20:04:31 joda Exp $ +.\" Copyright (c) 1998 - 1999, 2001 - 2003 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. .\" -.Dd May 7, 1997 -.Os KTH-KRB +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: kafs.3,v 1.16 2003/04/16 13:58:27 lha Exp $ +.\" +.Dd Mar 17, 2003 +.Os HEIMDAL .Dt KAFS 3 .Sh NAME .Nm k_hasafs , @@ -9,33 +40,44 @@ .Nm k_unlog , .Nm k_setpag , .Nm k_afs_cell_of_file , +.Nm kafs_set_verbose , +.Nm kafs_settoken_rxkad , +.Nm kafs_settoken , .Nm krb_afslog , .Nm krb_afslog_uid -.\" .Nm krb5_afslog , -.\" .Nm krb5_afslog_uid +.Nm kafs_settoken5 , +.Nm krb5_afslog , +.Nm krb5_afslog_uid .Nd AFS library .Sh LIBRARY AFS cache manager access library (libkafs, -lkafs) .Sh SYNOPSIS -.Fd #include <kafs.h> +.In kafs.h .Ft int .Fn k_afs_cell_of_file "const char *path" "char *cell" "int len" .Ft int -.Fn k_hasafs +.Fn k_hasafs "void" .Ft int .Fn k_pioctl "char *a_path" "int o_opcode" "struct ViceIoctl *a_paramsP" "int a_followSymlinks" .Ft int -.Fn k_setpag +.Fn k_setpag "void" .Ft int -.Fn k_unlog +.Fn k_unlog "void" +.Ft void +.Fn kafs_set_verbose "void (*func)(void *, const char *, int)" "void *" .Ft int +.Fn kafs_settoken_rxkad "const char *cell" "struct ClearToken *token" "void *ticket" "size_t ticket_len" +.Ft int +.Fn kafs_settoken "const char *cell" "uid_t uid" "CREDENTIALS *c" .Fn krb_afslog "char *cell" "char *realm" .Ft int .Fn krb_afslog_uid "char *cell" "char *realm" "uid_t uid" -.\" .Ft krb5_error_code -.\" .Fn krb5_afslog_uid "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm" "uid_t uid" -.\" .Ft krb5_error_code -.\" .Fn krb5_afslog "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm" +.Ft krb5_error_code +.Fn krb5_afslog_uid "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm" "uid_t uid" +.Ft int +.Fn kafs_settoken5 "const char *cell" "uid_t uid" "krb5_creds *c" +.Ft krb5_error_code +.Fn krb5_afslog "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm" .Sh DESCRIPTION .Fn k_hasafs initializes some library internal structures, and tests for the @@ -44,6 +86,36 @@ called before .Fn k_hasafs is called, or if it fails. .Pp +.Fn kafs_set_verbose +set a log function that will be called each time the kafs library does +something important so that the application using libkafs can output +verbose logging. +Calling the function +.Fa kafs_set_verbose +with the function argument set to +.Dv NULL +will stop libkafs from calling the logging function (if set). +.Pp +.Fn kafs_settoken_rxkad +set +.Li rxkad +with the +.Fa token +and +.Fa ticket +(that have the length +.Fa ticket_len ) +for a given +.Fa cell . +.Pp +.Fn kafs_settoken +and +.Fn kafs_settoken5 +work the same way as +.Fn kafs_settoken_rxkad +but internally converts the Kerberos 4 or 5 credential to a afs +cleartoken and ticket. +.Pp .Fn krb_afslog , and .Fn krb_afslog_uid @@ -69,13 +141,54 @@ field in the token, will use .Fa uid . .Pp -.\" .Fn krb5_afslog , -.\" and -.\" .Fn krb5_afslog_uid -.\" are the Kerberos 5 equivalents of -.\" .Fn krb_afslog , -.\" and -.\" .Fn krb_afslog_uid . +.Fn krb5_afslog , +and +.Fn krb5_afslog_uid +are the Kerberos 5 equivalents of +.Fn krb_afslog , +and +.Fn krb_afslog_uid . +.Pp +.Fn krb5_afslog , +.Fn kafs_settoken5 +can be configured to behave diffrently via a +.Nm krb5_appdefault +option +.Li afs-use-524 +in +.Pa krb5.conf . +Possible values for +.Li afs-use-524 +are: +.Bl -tag -width local +.It yes +use the 524 server in the realm to convert the ticket +.It no +use the Kerberos 5 ticket directly, can be used with if the afs cell +support 2b token. +.It local, 2b +convert the Kerberos 5 credential to a 2b token locally (the same work +as a 2b 524 server should have done). +.El +.Pp +Example: +.Pp +.Bd -literal +[appdefaults] + SU.SE = { afs-use-524 = local } + PDC.KTH.SE = { afs-use-524 = yes } + afs-use-524 = yes +.Ed +.Pp +libkafs will use the +.Li libkafs +as application name when running the +.Nm krb5_appdefault +function call. +.Pp +The (uppercased) cellname is used as the realm to the +.Nm krb5_appdefault function. +.Pp .\" The extra arguments are the ubiquitous context, and the cache id where .\" to store any obtained tickets. Since AFS servers normally can't handle .\" Kerberos 5 tickets directly, these functions will first obtain version @@ -109,7 +222,7 @@ returns 1 if AFS is present in the kernel, 0 otherwise. .Fn krb_afslog and .Fn krb_afslog_uid -returns 0 on success, or a kerberos error number on failure. +returns 0 on success, or a Kerberos error number on failure. .Fn k_afs_cell_of_file , .Fn k_pioctl , .Fn k_setpag , @@ -145,7 +258,7 @@ if (k_hasafs()) { .Sh ERRORS If any of these functions (apart from .Fn k_hasafs ) -is called without AFS beeing present in the kernel, the process will +is called without AFS being present in the kernel, the process will usually (depending on the operating system) receive a SIGSYS signal. .Sh SEE ALSO .Rs @@ -154,6 +267,9 @@ usually (depending on the operating system) receive a SIGSYS signal. .%T File Server/Cache Manager Interface .%D 1991 .Re +.Pp +.Xr krb5_appdefaults 3 , +.Xr krb5.conf 5 .Sh BUGS .Ev AFS_SYSCALL has no effect under AIX. diff --git a/crypto/heimdal/lib/kafs/kafs.h b/crypto/heimdal/lib/kafs/kafs.h index b929121..f95b776 100644 --- a/crypto/heimdal/lib/kafs/kafs.h +++ b/crypto/heimdal/lib/kafs/kafs.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2001, 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: kafs.h,v 1.35 2001/09/10 16:05:31 assar Exp $ */ +/* $Id: kafs.h,v 1.39.2.1 2003/04/23 18:03:21 lha Exp $ */ #ifndef __KAFS_H #define __KAFS_H @@ -144,9 +144,16 @@ int k_afs_cell_of_file __P((const char *path, char *cell, int len)); #define KRB5_H_INCLUDED #endif +void kafs_set_verbose __P((void (*kafs_verbose)(void *, const char *), void *)); +int kafs_settoken_rxkad __P((const char *, struct ClearToken *, + void *ticket, size_t ticket_len)); #ifdef KRB_H_INCLUDED int kafs_settoken __P((const char*, uid_t, CREDENTIALS*)); #endif +#ifdef KRB5_H_INCLUDED +int kafs_settoken5 __P((krb5_context, const char*, uid_t, krb5_creds*)); +#endif + #ifdef KRB5_H_INCLUDED krb5_error_code krb5_afslog_uid __P((krb5_context context, diff --git a/crypto/heimdal/lib/kafs/kafs_locl.h b/crypto/heimdal/lib/kafs/kafs_locl.h index ac1c2f6..e82b81b 100644 --- a/crypto/heimdal/lib/kafs/kafs_locl.h +++ b/crypto/heimdal/lib/kafs/kafs_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: kafs_locl.h,v 1.15 1999/12/02 16:58:40 joda Exp $ */ +/* $Id: kafs_locl.h,v 1.17 2003/04/14 08:28:37 lha Exp $ */ #ifndef __KAFS_LOCL_H__ #define __KAFS_LOCL_H__ @@ -93,7 +93,13 @@ #endif #ifdef KRB4 #include <krb.h> -#endif +#else +#ifdef KRB5 +#include "crypto-headers.h" +#include <krb5-v4compat.h> +typedef struct credentials CREDENTIALS; +#endif /* KRB5 */ +#endif /* KRB4 */ #include <kafs.h> #include <resolve.h> @@ -101,31 +107,47 @@ #include "afssysdefs.h" struct kafs_data; +struct kafs_token; typedef int (*afslog_uid_func_t)(struct kafs_data *, - const char *cell, - const char *realm_hint, + const char *, + const char *, uid_t, - const char *homedir); + const char *); typedef int (*get_cred_func_t)(struct kafs_data*, const char*, const char*, - const char*, CREDENTIALS*); + const char*, uid_t, struct kafs_token *); typedef char* (*get_realm_func_t)(struct kafs_data*, const char*); typedef struct kafs_data { + const char *name; afslog_uid_func_t afslog_uid; get_cred_func_t get_cred; get_realm_func_t get_realm; void *data; } kafs_data; +struct kafs_token { + struct ClearToken ct; + void *ticket; + size_t ticket_len; +}; + +void _kafs_foldup(char *, const char *); + int _kafs_afslog_all_local_cells(kafs_data*, uid_t, const char*); int _kafs_get_cred(kafs_data*, const char*, const char*, const char *, - CREDENTIALS*); + uid_t, struct kafs_token *); int -_kafs_realm_of_cell(kafs_data *data, const char *cell, char **realm); +_kafs_realm_of_cell(kafs_data *, const char *, char **); + +int +_kafs_v4_to_kt(CREDENTIALS *, uid_t, struct kafs_token *); + +void +_kafs_fixup_viceid(struct ClearToken *, uid_t); #ifdef _AIX int aix_pioctl(char*, int, struct ViceIoctl*, int); diff --git a/crypto/heimdal/lib/kdfs/Makefile.in b/crypto/heimdal/lib/kdfs/Makefile.in index a346347..2115ecc 100644 --- a/crypto/heimdal/lib/kdfs/Makefile.in +++ b/crypto/heimdal/lib/kdfs/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.6.3 from Makefile.am. +# Makefile.in generated by automake 1.6.1 from Makefile.am. # @configure_input@ # Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002 @@ -18,7 +18,7 @@ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -55,7 +55,6 @@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_DATA = @INSTALL_DATA@ install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_HEADER = $(INSTALL_DATA) transform = @program_transform_name@ @@ -115,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -193,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -242,10 +242,10 @@ all: all-am .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign lib/kdfs/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) libLTLIBRARIES_INSTALL = $(INSTALL) install-libLTLIBRARIES: $(lib_LTLIBRARIES) @@ -269,12 +269,6 @@ uninstall-libLTLIBRARIES: clean-libLTLIBRARIES: -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ - dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ - test -z "$dir" && dir=.; \ - echo "rm -f \"$${dir}/so_locations\""; \ - rm -f "$${dir}/so_locations"; \ - done libkdfs.la: $(libkdfs_la_OBJECTS) $(libkdfs_la_DEPENDENCIES) $(LINK) -rpath $(libdir) $(libkdfs_la_LDFLAGS) $(libkdfs_la_OBJECTS) $(libkdfs_la_LIBADD) $(LIBS) @@ -344,7 +338,7 @@ top_distdir = ../.. distdir = $(top_distdir)/$(PACKAGE)-$(VERSION) distdir: $(DISTFILES) - @list='$(DISTFILES)'; for file in $$list; do \ + @for file in $(DISTFILES); do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \ if test "$$dir" != "$$file" && test "$$dir" != "."; then \ @@ -394,7 +388,7 @@ mostlyclean-generic: clean-generic: distclean-generic: - -rm -f Makefile $(CONFIG_CLEAN_FILES) + -rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]* maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -417,7 +411,9 @@ info: info-am info-am: -install-data-am: install-data-local +install-data-am: + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: install-libLTLIBRARIES @$(NORMAL_INSTALL) @@ -444,8 +440,8 @@ uninstall-am: uninstall-info-am uninstall-libLTLIBRARIES clean-generic clean-libLTLIBRARIES clean-libtool distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am info info-am install \ - install-am install-data install-data-am install-data-local \ - install-exec install-exec-am install-info install-info-am \ + install-am install-data install-data-am install-exec \ + install-exec-am install-info install-info-am \ install-libLTLIBRARIES install-man install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ @@ -576,7 +572,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/lib/krb5/Makefile.am b/crypto/heimdal/lib/krb5/Makefile.am index 6332935..6f5a8fc 100644 --- a/crypto/heimdal/lib/krb5/Makefile.am +++ b/crypto/heimdal/lib/krb5/Makefile.am @@ -1,4 +1,4 @@ -# $Id: Makefile.am,v 1.147.2.1 2002/10/21 15:03:14 joda Exp $ +# $Id: Makefile.am,v 1.156.2.1 2003/05/12 15:20:47 joda Exp $ include $(top_srcdir)/Makefile.am.common @@ -6,14 +6,16 @@ INCLUDES += $(INCLUDE_krb4) $(INCLUDE_des) -I../com_err -I$(srcdir)/../com_err bin_PROGRAMS = verify_krb5_conf -noinst_PROGRAMS = dump_config test_get_addrs krbhst-test +noinst_PROGRAMS = dump_config test_get_addrs krbhst-test test_alname TESTS = \ + aes-test \ n-fold-test \ string-to-key-test \ derived-key-test \ store-test \ parse-name-test \ + test_cc \ name-45-test check_PROGRAMS = $(TESTS) @@ -130,7 +132,7 @@ libkrb5_la_SOURCES = \ write_message.c \ $(ERR_FILES) -libkrb5_la_LDFLAGS = -version-info 18:4:1 +libkrb5_la_LDFLAGS = -version-info 19:0:2 $(libkrb5_la_OBJECTS): $(srcdir)/krb5-protos.h $(srcdir)/krb5-private.h @@ -147,13 +149,17 @@ man_MANS = \ krb5.3 \ krb5.conf.5 \ krb5_425_conv_principal.3 \ + krb5_address.3 \ + krb5_aname_to_localname.3 \ krb5_appdefault.3 \ krb5_auth_context.3 \ krb5_build_principal.3 \ + krb5_ccache.3 \ krb5_config.3 \ krb5_context.3 \ krb5_create_checksum.3 \ krb5_crypto_init.3 \ + krb5_data.3 \ krb5_encrypt.3 \ krb5_free_addresses.3 \ krb5_free_principal.3 \ @@ -162,9 +168,11 @@ man_MANS = \ krb5_init_context.3 \ krb5_keytab.3 \ krb5_krbhst_init.3 \ + krb5_kuserok.3 \ krb5_openlog.3 \ krb5_parse_name.3 \ krb5_principal_get_realm.3 \ + krb5_set_default_realm.3 \ krb5_sname_to_principal.3 \ krb5_timeofday.3 \ krb5_unparse_name.3 \ diff --git a/crypto/heimdal/lib/krb5/Makefile.in b/crypto/heimdal/lib/krb5/Makefile.in index 4613c46..5395352 100644 --- a/crypto/heimdal/lib/krb5/Makefile.in +++ b/crypto/heimdal/lib/krb5/Makefile.in @@ -14,11 +14,11 @@ @SET_MAKE@ -# $Id: Makefile.am,v 1.147.2.1 2002/10/21 15:03:14 joda Exp $ +# $Id: Makefile.am,v 1.156.2.1 2003/05/12 15:20:47 joda Exp $ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -203,14 +204,16 @@ NROFF_MAN = groff -mandoc -Tascii bin_PROGRAMS = verify_krb5_conf -noinst_PROGRAMS = dump_config test_get_addrs krbhst-test +noinst_PROGRAMS = dump_config test_get_addrs krbhst-test test_alname TESTS = \ + aes-test \ n-fold-test \ string-to-key-test \ derived-key-test \ store-test \ parse-name-test \ + test_cc \ name-45-test @@ -331,7 +334,7 @@ libkrb5_la_SOURCES = \ $(ERR_FILES) -libkrb5_la_LDFLAGS = -version-info 18:4:1 +libkrb5_la_LDFLAGS = -version-info 19:0:2 #libkrb5_la_LIBADD = ../com_err/error.lo ../com_err/com_err.lo @@ -340,13 +343,17 @@ man_MANS = \ krb5.3 \ krb5.conf.5 \ krb5_425_conv_principal.3 \ + krb5_address.3 \ + krb5_aname_to_localname.3 \ krb5_appdefault.3 \ krb5_auth_context.3 \ krb5_build_principal.3 \ + krb5_ccache.3 \ krb5_config.3 \ krb5_context.3 \ krb5_create_checksum.3 \ krb5_crypto_init.3 \ + krb5_data.3 \ krb5_encrypt.3 \ krb5_free_addresses.3 \ krb5_free_principal.3 \ @@ -355,9 +362,11 @@ man_MANS = \ krb5_init_context.3 \ krb5_keytab.3 \ krb5_krbhst_init.3 \ + krb5_kuserok.3 \ krb5_openlog.3 \ krb5_parse_name.3 \ krb5_principal_get_realm.3 \ + krb5_set_default_realm.3 \ krb5_sname_to_principal.3 \ krb5_timeofday.3 \ krb5_unparse_name.3 \ @@ -377,7 +386,7 @@ LTLIBRARIES = $(lib_LTLIBRARIES) libkrb5_la_DEPENDENCIES = ../com_err/error.lo ../com_err/com_err.lo \ $(top_builddir)/lib/asn1/libasn1.la -am__objects_14 = krb5_err.lo heim_err.lo k524_err.lo +am__objects_15 = krb5_err.lo heim_err.lo k524_err.lo am_libkrb5_la_OBJECTS = acl.lo add_et_list.lo addr_families.lo \ aname_to_localname.lo appdefault.lo asn1_glue.lo \ auth_context.lo build_ap_req.lo build_auth.lo cache.lo \ @@ -401,16 +410,22 @@ am_libkrb5_la_OBJECTS = acl.lo add_et_list.lo addr_families.lo \ sendauth.lo set_default_realm.lo sock_principal.lo store.lo \ store_emem.lo store_fd.lo store_mem.lo ticket.lo time.lo \ transited.lo verify_init.lo verify_user.lo version.lo warn.lo \ - write_message.lo $(am__objects_14) + write_message.lo $(am__objects_15) libkrb5_la_OBJECTS = $(am_libkrb5_la_OBJECTS) bin_PROGRAMS = verify_krb5_conf$(EXEEXT) -check_PROGRAMS = n-fold-test$(EXEEXT) string-to-key-test$(EXEEXT) \ - derived-key-test$(EXEEXT) store-test$(EXEEXT) \ - parse-name-test$(EXEEXT) name-45-test$(EXEEXT) +check_PROGRAMS = aes-test$(EXEEXT) n-fold-test$(EXEEXT) \ + string-to-key-test$(EXEEXT) derived-key-test$(EXEEXT) \ + store-test$(EXEEXT) parse-name-test$(EXEEXT) test_cc$(EXEEXT) \ + name-45-test$(EXEEXT) noinst_PROGRAMS = dump_config$(EXEEXT) test_get_addrs$(EXEEXT) \ - krbhst-test$(EXEEXT) + krbhst-test$(EXEEXT) test_alname$(EXEEXT) PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS) +aes_test_SOURCES = aes-test.c +aes_test_OBJECTS = aes-test.$(OBJEXT) +aes_test_LDADD = $(LDADD) +aes_test_DEPENDENCIES = libkrb5.la $(top_builddir)/lib/asn1/libasn1.la +aes_test_LDFLAGS = derived_key_test_SOURCES = derived-key-test.c derived_key_test_OBJECTS = derived-key-test.$(OBJEXT) derived_key_test_LDADD = $(LDADD) @@ -458,6 +473,17 @@ string_to_key_test_LDADD = $(LDADD) string_to_key_test_DEPENDENCIES = libkrb5.la \ $(top_builddir)/lib/asn1/libasn1.la string_to_key_test_LDFLAGS = +test_alname_SOURCES = test_alname.c +test_alname_OBJECTS = test_alname.$(OBJEXT) +test_alname_LDADD = $(LDADD) +test_alname_DEPENDENCIES = libkrb5.la \ + $(top_builddir)/lib/asn1/libasn1.la +test_alname_LDFLAGS = +test_cc_SOURCES = test_cc.c +test_cc_OBJECTS = test_cc.$(OBJEXT) +test_cc_LDADD = $(LDADD) +test_cc_DEPENDENCIES = libkrb5.la $(top_builddir)/lib/asn1/libasn1.la +test_cc_LDFLAGS = test_get_addrs_SOURCES = test_get_addrs.c test_get_addrs_OBJECTS = test_get_addrs.$(OBJEXT) test_get_addrs_LDADD = $(LDADD) @@ -486,24 +512,24 @@ CCLD = $(CC) LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(AM_LDFLAGS) $(LDFLAGS) -o $@ CFLAGS = @CFLAGS@ -DIST_SOURCES = $(libkrb5_la_SOURCES) derived-key-test.c dump_config.c \ - krbhst-test.c n-fold-test.c name-45-test.c parse-name-test.c \ - store-test.c string-to-key-test.c test_get_addrs.c \ - verify_krb5_conf.c +DIST_SOURCES = $(libkrb5_la_SOURCES) aes-test.c derived-key-test.c \ + dump_config.c krbhst-test.c n-fold-test.c name-45-test.c \ + parse-name-test.c store-test.c string-to-key-test.c \ + test_alname.c test_cc.c test_get_addrs.c verify_krb5_conf.c MANS = $(man_MANS) HEADERS = $(include_HEADERS) DIST_COMMON = $(include_HEADERS) Makefile.am Makefile.in -SOURCES = $(libkrb5_la_SOURCES) derived-key-test.c dump_config.c krbhst-test.c n-fold-test.c name-45-test.c parse-name-test.c store-test.c string-to-key-test.c test_get_addrs.c verify_krb5_conf.c +SOURCES = $(libkrb5_la_SOURCES) aes-test.c derived-key-test.c dump_config.c krbhst-test.c n-fold-test.c name-45-test.c parse-name-test.c store-test.c string-to-key-test.c test_alname.c test_cc.c test_get_addrs.c verify_krb5_conf.c all: all-am .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign lib/krb5/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) libLTLIBRARIES_INSTALL = $(INSTALL) install-libLTLIBRARIES: $(lib_LTLIBRARIES) @@ -562,6 +588,9 @@ clean-checkPROGRAMS: clean-noinstPROGRAMS: -test -z "$(noinst_PROGRAMS)" || rm -f $(noinst_PROGRAMS) +aes-test$(EXEEXT): $(aes_test_OBJECTS) $(aes_test_DEPENDENCIES) + @rm -f aes-test$(EXEEXT) + $(LINK) $(aes_test_LDFLAGS) $(aes_test_OBJECTS) $(aes_test_LDADD) $(LIBS) derived-key-test$(EXEEXT): $(derived_key_test_OBJECTS) $(derived_key_test_DEPENDENCIES) @rm -f derived-key-test$(EXEEXT) $(LINK) $(derived_key_test_LDFLAGS) $(derived_key_test_OBJECTS) $(derived_key_test_LDADD) $(LIBS) @@ -586,6 +615,12 @@ store-test$(EXEEXT): $(store_test_OBJECTS) $(store_test_DEPENDENCIES) string-to-key-test$(EXEEXT): $(string_to_key_test_OBJECTS) $(string_to_key_test_DEPENDENCIES) @rm -f string-to-key-test$(EXEEXT) $(LINK) $(string_to_key_test_LDFLAGS) $(string_to_key_test_OBJECTS) $(string_to_key_test_LDADD) $(LIBS) +test_alname$(EXEEXT): $(test_alname_OBJECTS) $(test_alname_DEPENDENCIES) + @rm -f test_alname$(EXEEXT) + $(LINK) $(test_alname_LDFLAGS) $(test_alname_OBJECTS) $(test_alname_LDADD) $(LIBS) +test_cc$(EXEEXT): $(test_cc_OBJECTS) $(test_cc_DEPENDENCIES) + @rm -f test_cc$(EXEEXT) + $(LINK) $(test_cc_LDFLAGS) $(test_cc_OBJECTS) $(test_cc_LDADD) $(LIBS) test_get_addrs$(EXEEXT): $(test_get_addrs_OBJECTS) $(test_get_addrs_DEPENDENCIES) @rm -f test_get_addrs$(EXEEXT) $(LINK) $(test_get_addrs_LDFLAGS) $(test_get_addrs_OBJECTS) $(test_get_addrs_LDADD) $(LIBS) @@ -927,7 +962,9 @@ info: info-am info-am: -install-data-am: install-data-local install-includeHEADERS install-man +install-data-am: install-includeHEADERS install-man + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: install-binPROGRAMS install-libLTLIBRARIES @$(NORMAL_INSTALL) @@ -959,14 +996,14 @@ uninstall-man: uninstall-man3 uninstall-man5 uninstall-man8 clean-noinstPROGRAMS distclean distclean-compile \ distclean-generic distclean-libtool distclean-tags distdir dvi \ dvi-am info info-am install install-am install-binPROGRAMS \ - install-data install-data-am install-data-local install-exec \ - install-exec-am install-includeHEADERS install-info \ - install-info-am install-libLTLIBRARIES install-man install-man3 \ - install-man5 install-man8 install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool tags uninstall \ - uninstall-am uninstall-binPROGRAMS uninstall-includeHEADERS \ + install-data install-data-am install-exec install-exec-am \ + install-includeHEADERS install-info install-info-am \ + install-libLTLIBRARIES install-man install-man3 install-man5 \ + install-man8 install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool tags uninstall uninstall-am \ + uninstall-binPROGRAMS uninstall-includeHEADERS \ uninstall-info-am uninstall-libLTLIBRARIES uninstall-man \ uninstall-man3 uninstall-man5 uninstall-man8 @@ -1094,7 +1131,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/lib/krb5/addr_families.c b/crypto/heimdal/lib/krb5/addr_families.c index 0fed2e7..be32458 100644 --- a/crypto/heimdal/lib/krb5/addr_families.c +++ b/crypto/heimdal/lib/krb5/addr_families.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: addr_families.c,v 1.37 2002/08/19 13:51:37 joda Exp $"); +RCSID("$Id: addr_families.c,v 1.38 2003/03/25 12:37:02 joda Exp $"); struct addr_operations { int af; @@ -515,6 +515,36 @@ arange_order_addr(krb5_context context, } } +static int +addrport_print_addr (const krb5_address *addr, char *str, size_t len) +{ + krb5_address addr1, addr2; + uint16_t port = 0; + size_t ret_len = 0, l; + krb5_storage *sp = krb5_storage_from_data((krb5_data*)&addr->address); + /* for totally obscure reasons, these are not in network byteorder */ + krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_LE); + + krb5_storage_seek(sp, 2, SEEK_CUR); /* skip first two bytes */ + krb5_ret_address(sp, &addr1); + + krb5_storage_seek(sp, 2, SEEK_CUR); /* skip two bytes */ + krb5_ret_address(sp, &addr2); + krb5_storage_free(sp); + if(addr2.addr_type == KRB5_ADDRESS_IPPORT && addr2.address.length == 2) { + unsigned long value; + _krb5_get_int(addr2.address.data, &value, 2); + port = value; + } + l = strlcpy(str, "ADDRPORT:", len); + ret_len += l; + krb5_print_address(&addr1, str + ret_len, len - ret_len, &l); + ret_len += l; + l = snprintf(str + ret_len, len - ret_len, ",PORT=%u", port); + ret_len += l; + return ret_len; +} + static struct addr_operations at[] = { {AF_INET, KRB5_ADDRESS_INET, sizeof(struct sockaddr_in), ipv4_sockaddr2addr, @@ -533,7 +563,8 @@ static struct addr_operations at[] = { ipv6_uninteresting, ipv6_anyaddr, ipv6_print_addr, ipv6_parse_addr} , #endif {KRB5_ADDRESS_ADDRPORT, KRB5_ADDRESS_ADDRPORT, 0, - NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }, + NULL, NULL, NULL, NULL, NULL, + NULL, NULL, addrport_print_addr, NULL, NULL, NULL, NULL }, /* fake address type */ {KRB5_ADDRESS_ARANGE, KRB5_ADDRESS_ARANGE, sizeof(struct arange), NULL, NULL, NULL, NULL, NULL, NULL, NULL, @@ -695,7 +726,7 @@ krb5_print_address (const krb5_address *addr, size_t ret; struct addr_operations *a = find_atype(addr->addr_type); - if (a == NULL) { + if (a == NULL || a->print_addr == NULL) { char *s; int l; int i; diff --git a/crypto/heimdal/lib/krb5/aes-test.c b/crypto/heimdal/lib/krb5/aes-test.c new file mode 100644 index 0000000..cfee8e2 --- /dev/null +++ b/crypto/heimdal/lib/krb5/aes-test.c @@ -0,0 +1,472 @@ +/* + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of KTH nor the names of its contributors may be + * used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ + +#include "krb5_locl.h" + +#ifdef HAVE_OPENSSL +#include <openssl/evp.h> +#endif + +RCSID("$Id: aes-test.c,v 1.3 2003/03/25 11:30:41 lha Exp $"); + +static int verbose = 0; + +static void +hex_dump_data(krb5_data *data) +{ + unsigned char *p = data->data; + int i, j; + + for (i = j = 0; i < data->length; i++, j++) { + printf("%02x ", p[i]); + if (j > 15) { + printf("\n"); + j = 0; + } + } + if (j != 0) + printf("\n"); +} + +struct { + char *password; + char *salt; + int saltlen; + int iterations; + krb5_enctype enctype; + int keylen; + char *pbkdf2; + char *key; +} keys[] = { +#ifdef ENABLE_AES + { + "password", "ATHENA.MIT.EDUraeburn", -1, + 1, + ETYPE_AES128_CTS_HMAC_SHA1_96, 16, + "\xcd\xed\xb5\x28\x1b\xb2\xf8\x01\x56\x5a\x11\x22\xb2\x56\x35\x15", + "\x42\x26\x3c\x6e\x89\xf4\xfc\x28\xb8\xdf\x68\xee\x09\x79\x9f\x15" + }, + { + "password", "ATHENA.MIT.EDUraeburn", -1, + 1, + ETYPE_AES256_CTS_HMAC_SHA1_96, 32, + "\xcd\xed\xb5\x28\x1b\xb2\xf8\x01\x56\x5a\x11\x22\xb2\x56\x35\x15" + "\x0a\xd1\xf7\xa0\x4b\xb9\xf3\xa3\x33\xec\xc0\xe2\xe1\xf7\x08\x37", + "\xfe\x69\x7b\x52\xbc\x0d\x3c\xe1\x44\x32\xba\x03\x6a\x92\xe6\x5b" + "\xbb\x52\x28\x09\x90\xa2\xfa\x27\x88\x39\x98\xd7\x2a\xf3\x01\x61" + }, + { + "password", "ATHENA.MIT.EDUraeburn", -1, + 2, + ETYPE_AES128_CTS_HMAC_SHA1_96, 16, + "\x01\xdb\xee\x7f\x4a\x9e\x24\x3e\x98\x8b\x62\xc7\x3c\xda\x93\x5d", + "\xc6\x51\xbf\x29\xe2\x30\x0a\xc2\x7f\xa4\x69\xd6\x93\xbd\xda\x13" + }, + { + "password", "ATHENA.MIT.EDUraeburn", -1, + 2, + ETYPE_AES256_CTS_HMAC_SHA1_96, 32, + "\x01\xdb\xee\x7f\x4a\x9e\x24\x3e\x98\x8b\x62\xc7\x3c\xda\x93\x5d" + "\xa0\x53\x78\xb9\x32\x44\xec\x8f\x48\xa9\x9e\x61\xad\x79\x9d\x86", + "\xa2\xe1\x6d\x16\xb3\x60\x69\xc1\x35\xd5\xe9\xd2\xe2\x5f\x89\x61" + "\x02\x68\x56\x18\xb9\x59\x14\xb4\x67\xc6\x76\x22\x22\x58\x24\xff" + }, + { + "password", "ATHENA.MIT.EDUraeburn", -1, + 1200, + ETYPE_AES128_CTS_HMAC_SHA1_96, 16, + "\x5c\x08\xeb\x61\xfd\xf7\x1e\x4e\x4e\xc3\xcf\x6b\xa1\xf5\x51\x2b", + "\x4c\x01\xcd\x46\xd6\x32\xd0\x1e\x6d\xbe\x23\x0a\x01\xed\x64\x2a" + }, + { + "password", "ATHENA.MIT.EDUraeburn", -1, + 1200, + ETYPE_AES256_CTS_HMAC_SHA1_96, 32, + "\x5c\x08\xeb\x61\xfd\xf7\x1e\x4e\x4e\xc3\xcf\x6b\xa1\xf5\x51\x2b" + "\xa7\xe5\x2d\xdb\xc5\xe5\x14\x2f\x70\x8a\x31\xe2\xe6\x2b\x1e\x13", + "\x55\xa6\xac\x74\x0a\xd1\x7b\x48\x46\x94\x10\x51\xe1\xe8\xb0\xa7" + "\x54\x8d\x93\xb0\xab\x30\xa8\xbc\x3f\xf1\x62\x80\x38\x2b\x8c\x2a" + }, + { + "password", "\x12\x34\x56\x78\x78\x56\x34\x12", 8, + 5, + ETYPE_AES128_CTS_HMAC_SHA1_96, 16, + "\xd1\xda\xa7\x86\x15\xf2\x87\xe6\xa1\xc8\xb1\x20\xd7\x06\x2a\x49", + "\xe9\xb2\x3d\x52\x27\x37\x47\xdd\x5c\x35\xcb\x55\xbe\x61\x9d\x8e" + }, + { + "password", "\x12\x34\x56\x78\x78\x56\x34\x12", 8, + 5, + ETYPE_AES256_CTS_HMAC_SHA1_96, 32, + "\xd1\xda\xa7\x86\x15\xf2\x87\xe6\xa1\xc8\xb1\x20\xd7\x06\x2a\x49" + "\x3f\x98\xd2\x03\xe6\xbe\x49\xa6\xad\xf4\xfa\x57\x4b\x6e\x64\xee", + "\x97\xa4\xe7\x86\xbe\x20\xd8\x1a\x38\x2d\x5e\xbc\x96\xd5\x90\x9c" + "\xab\xcd\xad\xc8\x7c\xa4\x8f\x57\x45\x04\x15\x9f\x16\xc3\x6e\x31" + }, + { + "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", + "pass phrase equals block size", -1, + 1200, + ETYPE_AES128_CTS_HMAC_SHA1_96, 16, + "\x13\x9c\x30\xc0\x96\x6b\xc3\x2b\xa5\x5f\xdb\xf2\x12\x53\x0a\xc9", + "\x59\xd1\xbb\x78\x9a\x82\x8b\x1a\xa5\x4e\xf9\xc2\x88\x3f\x69\xed" + }, + { + "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", + "pass phrase equals block size", -1, + 1200, + ETYPE_AES256_CTS_HMAC_SHA1_96, 32, + "\x13\x9c\x30\xc0\x96\x6b\xc3\x2b\xa5\x5f\xdb\xf2\x12\x53\x0a\xc9" + "\xc5\xec\x59\xf1\xa4\x52\xf5\xcc\x9a\xd9\x40\xfe\xa0\x59\x8e\xd1", + "\x89\xad\xee\x36\x08\xdb\x8b\xc7\x1f\x1b\xfb\xfe\x45\x94\x86\xb0" + "\x56\x18\xb7\x0c\xba\xe2\x20\x92\x53\x4e\x56\xc5\x53\xba\x4b\x34" + }, + { + "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", + "pass phrase exceeds block size", -1, + 1200, + ETYPE_AES128_CTS_HMAC_SHA1_96, 16, + "\x9c\xca\xd6\xd4\x68\x77\x0c\xd5\x1b\x10\xe6\xa6\x87\x21\xbe\x61", + "\xcb\x80\x05\xdc\x5f\x90\x17\x9a\x7f\x02\x10\x4c\x00\x18\x75\x1d" + }, + { + "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", + "pass phrase exceeds block size", -1, + 1200, + ETYPE_AES256_CTS_HMAC_SHA1_96, 32, + "\x9c\xca\xd6\xd4\x68\x77\x0c\xd5\x1b\x10\xe6\xa6\x87\x21\xbe\x61" + "\x1a\x8b\x4d\x28\x26\x01\xdb\x3b\x36\xbe\x92\x46\x91\x5e\xc8\x2a", + "\xd7\x8c\x5c\x9c\xb8\x72\xa8\xc9\xda\xd4\x69\x7f\x0b\xb5\xb2\xd2" + "\x14\x96\xc8\x2b\xeb\x2c\xae\xda\x21\x12\xfc\xee\xa0\x57\x40\x1b" + + }, + { + "\xf0\x9d\x84\x9e" /* g-clef */, "EXAMPLE.COMpianist", -1, + 50, + ETYPE_AES128_CTS_HMAC_SHA1_96, 16, + "\x6b\x9c\xf2\x6d\x45\x45\x5a\x43\xa5\xb8\xbb\x27\x6a\x40\x3b\x39", + "\xf1\x49\xc1\xf2\xe1\x54\xa7\x34\x52\xd4\x3e\x7f\xe6\x2a\x56\xe5" + }, + { + "\xf0\x9d\x84\x9e" /* g-clef */, "EXAMPLE.COMpianist", -1, + 50, + ETYPE_AES256_CTS_HMAC_SHA1_96, 32, + "\x6b\x9c\xf2\x6d\x45\x45\x5a\x43\xa5\xb8\xbb\x27\x6a\x40\x3b\x39" + "\xe7\xfe\x37\xa0\xc4\x1e\x02\xc2\x81\xff\x30\x69\xe1\xe9\x4f\x52", + "\x4b\x6d\x98\x39\xf8\x44\x06\xdf\x1f\x09\xcc\x16\x6d\xb4\xb8\x3c" + "\x57\x18\x48\xb7\x84\xa3\xd6\xbd\xc3\x46\x58\x9a\x3e\x39\x3f\x9e" + }, +#endif + { + "foo", "", -1, + 0, + ETYPE_ARCFOUR_HMAC_MD5, 16, + NULL, + "\xac\x8e\x65\x7f\x83\xdf\x82\xbe\xea\x5d\x43\xbd\xaf\x78\x00\xcc" + }, + { + "test", "", -1, + 0, + ETYPE_ARCFOUR_HMAC_MD5, 16, + NULL, + "\x0c\xb6\x94\x88\x05\xf7\x97\xbf\x2a\x82\x80\x79\x73\xb8\x95\x37" + } +}; + +static int +string_to_key_test(krb5_context context) +{ + krb5_data password, opaque; + krb5_error_code ret; + krb5_keyblock key; + krb5_salt salt; + int i, val = 0; + char iter[4]; + char keyout[32]; + + for (i = 0; i < sizeof(keys)/sizeof(keys[0]); i++) { + + password.data = keys[i].password; + password.length = strlen(password.data); + + salt.salttype = KRB5_PW_SALT; + salt.saltvalue.data = keys[i].salt; + if (keys[i].saltlen == -1) + salt.saltvalue.length = strlen(salt.saltvalue.data); + else + salt.saltvalue.length = keys[i].saltlen; + + opaque.data = iter; + opaque.length = sizeof(iter); + _krb5_put_int(iter, keys[i].iterations, 4); + + if (verbose) + printf("%d: password: %s salt: %s\n", + i, keys[i].password, keys[i].salt); + + if (keys[i].keylen > sizeof(keyout)) + abort(); + +#ifdef ENABLE_AES + if (keys[i].pbkdf2) { + +#ifdef HAVE_OPENSSL + PKCS5_PBKDF2_HMAC_SHA1(password.data, password.length, + salt.saltvalue.data, salt.saltvalue.length, + keys[i].iterations, + keys[i].keylen, keyout); + + if (memcmp(keyout, keys[i].pbkdf2, keys[i].keylen) != 0) { + krb5_warnx(context, "%d: openssl key pbkdf2", i); + val = 1; + continue; + } +#endif + + ret = krb5_PKCS5_PBKDF2(context, CKSUMTYPE_SHA1, password, salt, + keys[i].iterations - 1, + keys[i].enctype, + &key); + if (ret) { + krb5_warn(context, ret, "%d: krb5_PKCS5_PBKDF2", i); + val = 1; + continue; + } + + if (key.keyvalue.length != keys[i].keylen) { + krb5_warnx(context, "%d: size key pbkdf2", i); + val = 1; + continue; + } + + if (memcmp(key.keyvalue.data, keys[i].pbkdf2, keys[i].keylen) != 0) { + krb5_warnx(context, "%d: key pbkdf2 pl %d", + i, password.length); + val = 1; + continue; + } + + if (verbose) { + printf("PBKDF2:\n"); + hex_dump_data(&key.keyvalue); + } + + krb5_free_keyblock_contents(context, &key); + } +#endif + + ret = krb5_string_to_key_data_salt_opaque (context, keys[i].enctype, + password, salt, opaque, + &key); + if (ret) { + krb5_warn(context, ret, "%d: string_to_key_data_salt_opaque", i); + val = 1; + continue; + } + + if (key.keyvalue.length != keys[i].keylen) { + krb5_warnx(context, "%d: key wrong length (%d/%d)", + i, key.keyvalue.length, keys[i].keylen); + val = 1; + continue; + } + + if (memcmp(key.keyvalue.data, keys[i].key, keys[i].keylen) != 0) { + krb5_warnx(context, "%d: key wrong", i); + val = 1; + continue; + } + + if (verbose) { + printf("key:\n"); + hex_dump_data(&key.keyvalue); + } + krb5_free_keyblock_contents(context, &key); + } + return val; +} + +#ifdef ENABLE_AES + +struct { + size_t len; + char *input; + char *output; +} encs[] = { + { + 17, + "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" + "\x20", + "\xc6\x35\x35\x68\xf2\xbf\x8c\xb4\xd8\xa5\x80\x36\x2d\xa7\xff\x7f" + "\x97" + }, + { + 31, + "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" + "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20", + "\xfc\x00\x78\x3e\x0e\xfd\xb2\xc1\xd4\x45\xd4\xc8\xef\xf7\xed\x22" + "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5" + }, + { + 32, + "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" + "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43", + "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8" + "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84" + }, + { + 47, + "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" + "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43" + "\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c", + "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84" + "\xb3\xff\xfd\x94\x0c\x16\xa1\x8c\x1b\x55\x49\xd2\xf8\x38\x02\x9e" + "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5" + }, + { + 64, + "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" + "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43" + "\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20" + "\x61\x6e\x64\x20\x77\x6f\x6e\x74\x6f\x6e\x20\x73\x6f\x75\x70\x2e", + "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84" + "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8" + "\x48\x07\xef\xe8\x36\xee\x89\xa5\x26\x73\x0d\xbc\x2f\x7b\xc8\x40" + "\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8" + } +}; + +char *enc_key = + "\x63\x68\x69\x63\x6b\x65\x6e\x20\x74\x65\x72\x69\x79\x61\x6b\x69"; + +static int +samep(int testn, char *type, const char *p1, const char *p2, size_t len) +{ + size_t i; + int val = 1; + + for (i = 0; i < len; i++) { + if (p1[i] != p2[i]) { + if (verbose) + printf("M"); + val = 0; + } else { + if (verbose) + printf("."); + } + } + if (verbose) + printf("\n"); + return val; +} + +static int +encryption_test(krb5_context context) +{ + char iv[AES_BLOCK_SIZE]; + int i, val = 0; + AES_KEY ekey, dkey; + char *p; + + AES_set_encrypt_key(enc_key, 128, &ekey); + AES_set_decrypt_key(enc_key, 128, &dkey); + + for (i = 0; i < sizeof(encs)/sizeof(encs[0]); i++) { + if (verbose) + printf("test: %d\n", i); + memset(iv, 0, sizeof(iv)); + + p = malloc(encs[i].len + 1); + if (p == NULL) + krb5_errx(context, 1, "malloc"); + + p[encs[i].len] = '\0'; + + memcpy(p, encs[i].input, encs[i].len); + + _krb5_aes_cts_encrypt(p, p, encs[i].len, + &ekey, iv, AES_ENCRYPT); + + if (p[encs[i].len] != '\0') { + krb5_warnx(context, "%d: encrypt modified off end", i); + val = 1; + } + + if (!samep(i, "cipher", p, encs[i].output, encs[i].len)) + val = 1; + + memset(iv, 0, sizeof(iv)); + + _krb5_aes_cts_encrypt(p, p, encs[i].len, + &dkey, iv, AES_DECRYPT); + + if (p[encs[i].len] != '\0') { + krb5_warnx(context, "%d: decrypt modified off end", i); + val = 1; + } + + if (!samep(i, "clear", p, encs[i].input, encs[i].len)) + val = 1; + + free(p); + } + return val; +} + +#endif /* ENABLE_AES */ + +int +main(int argc, char **argv) +{ + krb5_error_code ret; + krb5_context context; + int val = 0; + + ret = krb5_init_context (&context); + if (ret) + errx (1, "krb5_init_context failed: %d", ret); + + val |= string_to_key_test(context); + +#ifdef ENABLE_AES + val |= encryption_test(context); +#endif + + if (verbose && val == 0) + printf("all ok\n"); + if (val) + printf("tests failed\n"); + + krb5_free_context(context); + + return val; +} diff --git a/crypto/heimdal/lib/krb5/aname_to_localname.c b/crypto/heimdal/lib/krb5/aname_to_localname.c index 052d4208..d5b5f87 100644 --- a/crypto/heimdal/lib/krb5/aname_to_localname.c +++ b/crypto/heimdal/lib/krb5/aname_to_localname.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: aname_to_localname.c,v 1.4 2002/04/18 08:56:40 joda Exp $"); +RCSID("$Id: aname_to_localname.c,v 1.6 2003/04/16 16:01:06 lha Exp $"); krb5_error_code krb5_aname_to_localname (krb5_context context, @@ -43,7 +43,7 @@ krb5_aname_to_localname (krb5_context context, { krb5_error_code ret; krb5_realm *lrealms, *r; - int foo = 1; + int valid; size_t len; const char *res; @@ -51,26 +51,42 @@ krb5_aname_to_localname (krb5_context context, if (ret) return ret; + valid = 0; for (r = lrealms; *r != NULL; ++r) { - foo = strcmp (*r, aname->realm); - if (foo == 0) + if (strcmp (*r, aname->realm) == 0) { + valid = 1; break; + } } krb5_free_host_realm (context, lrealms); - if (foo != 0) + if (valid == 0) return KRB5_NO_LOCALNAME; if (aname->name.name_string.len == 1) res = aname->name.name_string.val[0]; else if (aname->name.name_string.len == 2 - && strcmp (aname->name.name_string.val[1], "root") == 0) + && strcmp (aname->name.name_string.val[1], "root") == 0) { + krb5_principal rootprinc; + krb5_boolean userok; + res = "root"; - else + + ret = krb5_copy_principal(context, aname, &rootprinc); + if (ret) + return ret; + + userok = krb5_kuserok(context, rootprinc, res); + krb5_free_principal(context, rootprinc); + if (!userok) + return KRB5_NO_LOCALNAME; + + } else return KRB5_NO_LOCALNAME; len = strlen (res); if (len >= lnsize) return ERANGE; - strcpy (lname, res); + strlcpy (lname, res, lnsize); + return 0; } diff --git a/crypto/heimdal/lib/krb5/cache.c b/crypto/heimdal/lib/krb5/cache.c index d25a515..26cda9a 100644 --- a/crypto/heimdal/lib/krb5/cache.c +++ b/crypto/heimdal/lib/krb5/cache.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: cache.c,v 1.49 2002/05/29 16:08:23 joda Exp $"); +RCSID("$Id: cache.c,v 1.52 2003/03/16 18:23:59 lha Exp $"); /* * Add a new ccache type with operations `ops', overwriting any @@ -180,24 +180,57 @@ krb5_cc_get_type(krb5_context context, } /* - * Return a pointer to a static string containing the default ccache name. + * Return krb5_cc_ops of a the ccache `id'. + */ + +const krb5_cc_ops * +krb5_cc_get_ops(krb5_context context, krb5_ccache id) +{ + return id->ops; +} + +/* + * Set the default cc name for `context' to `name'. + */ + +krb5_error_code +krb5_cc_set_default_name(krb5_context context, const char *name) +{ + krb5_error_code ret = 0; + char *p; + + if (name == NULL) { + char *e; + e = getenv("KRB5CCNAME"); + if (e) + p = strdup(e); + else + asprintf(&p,"FILE:/tmp/krb5cc_%u", (unsigned)getuid()); + } else + p = strdup(name); + + if (p == NULL) + return ENOMEM; + + if (context->default_cc_name) + free(context->default_cc_name); + + context->default_cc_name = p; + + return ret; +} + +/* + * Return a pointer to a context static string containing the default ccache name. */ const char* krb5_cc_default_name(krb5_context context) { - static char name[1024]; - char *p; + if (context->default_cc_name == NULL) + krb5_cc_set_default_name(context, NULL); - p = getenv("KRB5CCNAME"); - if(p) - strlcpy (name, p, sizeof(name)); - else - snprintf(name, - sizeof(name), - "FILE:/tmp/krb5cc_%u", - (unsigned)getuid()); - return name; + return context->default_cc_name; } /* @@ -209,9 +242,11 @@ krb5_error_code krb5_cc_default(krb5_context context, krb5_ccache *id) { - return krb5_cc_resolve(context, - krb5_cc_default_name(context), - id); + const char *p = krb5_cc_default_name(context); + + if (p == NULL) + return ENOMEM; + return krb5_cc_resolve(context, p, id); } /* diff --git a/crypto/heimdal/lib/krb5/changepw.c b/crypto/heimdal/lib/krb5/changepw.c index 0dcce13..a17bf2b 100644 --- a/crypto/heimdal/lib/krb5/changepw.c +++ b/crypto/heimdal/lib/krb5/changepw.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: changepw.c,v 1.37.2.1 2002/10/21 14:31:58 joda Exp $"); +RCSID("$Id: changepw.c,v 1.38 2002/09/29 11:48:34 joda Exp $"); static krb5_error_code send_request (krb5_context context, diff --git a/crypto/heimdal/lib/krb5/context.c b/crypto/heimdal/lib/krb5/context.c index 096aff2..feb387d 100644 --- a/crypto/heimdal/lib/krb5/context.c +++ b/crypto/heimdal/lib/krb5/context.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include <com_err.h> -RCSID("$Id: context.c,v 1.81.2.1 2002/10/21 14:33:34 joda Exp $"); +RCSID("$Id: context.c,v 1.83 2003/03/10 00:24:13 lha Exp $"); #define INIT_FIELD(C, T, E, D, F) \ (C)->E = krb5_config_get_ ## T ## _default ((C), NULL, (D), \ @@ -176,6 +176,7 @@ init_context_from_config_file(krb5_context context) /* prefer dns_lookup_kdc over srv_lookup. */ INIT_FIELD(context, bool, srv_lookup, TRUE, "srv_lookup"); INIT_FIELD(context, bool, srv_lookup, context->srv_lookup, "dns_lookup_kdc"); + context->default_cc_name = NULL; return 0; } @@ -227,6 +228,8 @@ out: void krb5_free_context(krb5_context context) { + if (context->default_cc_name) + free(context->default_cc_name); free(context->etypes); free(context->etypes_des); krb5_free_host_realm (context, context->default_realms); diff --git a/crypto/heimdal/lib/krb5/convert_creds.c b/crypto/heimdal/lib/krb5/convert_creds.c index ecdcf96..0c119e7 100644 --- a/crypto/heimdal/lib/krb5/convert_creds.c +++ b/crypto/heimdal/lib/krb5/convert_creds.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,7 +32,9 @@ */ #include "krb5_locl.h" -RCSID("$Id: convert_creds.c,v 1.24 2001/06/20 02:49:21 joda Exp $"); +RCSID("$Id: convert_creds.c,v 1.26 2003/03/18 03:11:16 lha Exp $"); + +#include "krb5-v4compat.h" static krb5_error_code check_ticket_flags(TicketFlags f) @@ -42,42 +44,6 @@ check_ticket_flags(TicketFlags f) /* include this here, to avoid dependencies on libkrb */ -#define MAX_KTXT_LEN 1250 - -#define ANAME_SZ 40 -#define REALM_SZ 40 -#define SNAME_SZ 40 -#define INST_SZ 40 - -struct ktext { - unsigned int length; /* Length of the text */ - unsigned char dat[MAX_KTXT_LEN]; /* The data itself */ - u_int32_t mbz; /* zero to catch runaway strings */ -}; - -struct credentials { - char service[ANAME_SZ]; /* Service name */ - char instance[INST_SZ]; /* Instance */ - char realm[REALM_SZ]; /* Auth domain */ - des_cblock session; /* Session key */ - int lifetime; /* Lifetime */ - int kvno; /* Key version number */ - struct ktext ticket_st; /* The ticket itself */ - int32_t issue_date; /* The issue time */ - char pname[ANAME_SZ]; /* Principal's name */ - char pinst[INST_SZ]; /* Principal's instance */ -}; - - -#define TKTLIFENUMFIXED 64 -#define TKTLIFEMINFIXED 0x80 -#define TKTLIFEMAXFIXED 0xBF -#define TKTLIFENOEXPIRE 0xFF -#define MAXTKTLIFETIME (30*24*3600) /* 30 days */ -#ifndef NEVERDATE -#define NEVERDATE ((time_t)0x7fffffffL) -#endif - static const int _tkt_lifetimes[TKTLIFENUMFIXED] = { 38400, 41055, 43894, 46929, 50174, 53643, 57352, 61318, 65558, 70091, 74937, 80119, 85658, 91581, 97914, 104684, @@ -89,8 +55,8 @@ static const int _tkt_lifetimes[TKTLIFENUMFIXED] = { 1623226, 1735464, 1855462, 1983758, 2120925, 2267576, 2424367, 2592000 }; -static int -_krb_time_to_life(time_t start, time_t end) +int +_krb5_krb_time_to_life(time_t start, time_t end) { int i; time_t life = end - start; @@ -113,6 +79,26 @@ _krb_time_to_life(time_t start, time_t end) } +time_t +_krb5_krb_life_to_time(int start, int life_) +{ + unsigned char life = (unsigned char) life_; + +#if 0 + if (krb_no_long_lifetimes) + return start + life*5*60; +#endif + + if (life == TKTLIFENOEXPIRE) + return NEVERDATE; + if (life < TKTLIFEMINFIXED) + return start + life*5*60; + if (life > TKTLIFEMAXFIXED) + return start + MAXTKTLIFETIME; + return start + _tkt_lifetimes[life - TKTLIFEMINFIXED]; +} + + /* Convert the v5 credentials in `in_cred' to v4-dito in `v4creds'. * This is done by sending them to the 524 function in the KDC. If * `in_cred' doesn't contain a DES session key, then a new one is @@ -183,8 +169,8 @@ krb524_convert_creds_kdc(krb5_context context, if(ret) goto out; v4creds->issue_date = v5_creds->times.starttime; - v4creds->lifetime = _krb_time_to_life(v4creds->issue_date, - v5_creds->times.endtime); + v4creds->lifetime = _krb5_krb_time_to_life(v4creds->issue_date, + v5_creds->times.endtime); ret = krb5_524_conv_principal(context, v5_creds->client, v4creds->pname, v4creds->pinst, diff --git a/crypto/heimdal/lib/krb5/crypto.c b/crypto/heimdal/lib/krb5/crypto.c index 65fa793..a238c76 100644 --- a/crypto/heimdal/lib/krb5/crypto.c +++ b/crypto/heimdal/lib/krb5/crypto.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: crypto.c,v 1.66 2002/09/03 19:58:15 joda Exp $"); +RCSID("$Id: crypto.c,v 1.73 2003/04/01 16:51:54 lha Exp $"); #undef CRYPTO_DEBUG #ifdef CRYPTO_DEBUG @@ -71,7 +71,7 @@ struct salt_type { krb5_salttype type; const char *name; krb5_error_code (*string_to_key)(krb5_context, krb5_enctype, krb5_data, - krb5_salt, krb5_keyblock*); + krb5_salt, krb5_data, krb5_keyblock*); }; struct key_type { @@ -110,6 +110,7 @@ struct encryption_type { krb5_enctype type; const char *name; size_t blocksize; + size_t padsize; size_t confoundersize; struct key_type *keytype; struct checksum_type *checksum; @@ -133,6 +134,19 @@ static struct key_type *_find_keytype(krb5_keytype type); static krb5_error_code _get_derived_key(krb5_context, krb5_crypto, unsigned, struct key_data**); static struct key_data *_new_derived_key(krb5_crypto crypto, unsigned usage); +static krb5_error_code derive_key(krb5_context context, + struct encryption_type *et, + struct key_data *key, + const void *constant, + size_t len); +static void hmac(krb5_context context, + struct checksum_type *cm, + const void *data, + size_t len, + unsigned usage, + struct key_data *keyblock, + Checksum *result); +static void free_key_data(krb5_context context, struct key_data *key); /************************************************************ * * @@ -192,6 +206,7 @@ krb5_DES_string_to_key(krb5_context context, krb5_enctype enctype, krb5_data password, krb5_salt salt, + krb5_data opaque, krb5_keyblock *key) { unsigned char *s; @@ -240,7 +255,7 @@ krb5_DES_AFS3_CMU_string_to_key (krb5_data pw, } password[8] = '\0'; - memcpy(key, crypt(password, "#~") + 2, sizeof(des_cblock)); + memcpy(key, crypt(password, "p1") + 2, sizeof(des_cblock)); /* parity is inserted into the LSB so left shift each byte up one bit. This allows ascii characters with a zero MSB to retain as @@ -297,6 +312,7 @@ DES_AFS3_string_to_key(krb5_context context, krb5_enctype enctype, krb5_data password, krb5_salt salt, + krb5_data opaque, krb5_keyblock *key) { des_cblock tmp; @@ -359,6 +375,7 @@ DES3_string_to_key(krb5_context context, krb5_enctype enctype, krb5_data password, krb5_salt salt, + krb5_data opaque, krb5_keyblock *key) { char *str; @@ -415,6 +432,7 @@ DES3_string_to_key_derived(krb5_context context, krb5_enctype enctype, krb5_data password, krb5_salt salt, + krb5_data opaque, krb5_keyblock *key) { krb5_error_code ret; @@ -461,6 +479,7 @@ ARCFOUR_string_to_key(krb5_context context, krb5_enctype enctype, krb5_data password, krb5_salt salt, + krb5_data opaque, krb5_keyblock *key) { char *s, *p; @@ -488,6 +507,180 @@ ARCFOUR_string_to_key(krb5_context context, return 0; } +#ifdef ENABLE_AES +/* + * AES + */ + +/* iter is really 1 based, so iter == 0 will be 1 iteration */ + +krb5_error_code +krb5_PKCS5_PBKDF2(krb5_context context, krb5_cksumtype cktype, + krb5_data password, krb5_salt salt, u_int32_t iter, + krb5_keytype type, krb5_keyblock *key) +{ + struct checksum_type *c = _find_checksum(cktype); + struct key_type *kt; + size_t datalen, leftofkey; + krb5_error_code ret; + u_int32_t keypart; + struct key_data ksign; + krb5_keyblock kb; + Checksum result; + char *data, *tmpcksum; + int i, j; + char *p; + + if (c == NULL) { + krb5_set_error_string(context, "checksum %d not supported", cktype); + return KRB5_PROG_KEYTYPE_NOSUPP; + } + + kt = _find_keytype(type); + if (kt == NULL) { + krb5_set_error_string(context, "key type %d not supported", type); + return KRB5_PROG_KEYTYPE_NOSUPP; + } + + key->keytype = type; + ret = krb5_data_alloc (&key->keyvalue, kt->bits / 8); + if (ret) { + krb5_set_error_string(context, "malloc: out of memory"); + return ret; + } + + ret = krb5_data_alloc (&result.checksum, c->checksumsize); + if (ret) { + krb5_set_error_string(context, "malloc: out of memory"); + krb5_data_free (&key->keyvalue); + return ret; + } + + tmpcksum = malloc(c->checksumsize); + if (tmpcksum == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + krb5_data_free (&key->keyvalue); + krb5_data_free (&result.checksum); + return ENOMEM; + } + + datalen = salt.saltvalue.length + 4; + data = malloc(datalen); + if (data == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + free(tmpcksum); + krb5_data_free (&key->keyvalue); + krb5_data_free (&result.checksum); + return ENOMEM; + } + + kb.keyvalue = password; + ksign.key = &kb; + + memcpy(data, salt.saltvalue.data, salt.saltvalue.length); + + keypart = 1; + leftofkey = key->keyvalue.length; + p = key->keyvalue.data; + + while (leftofkey) { + int len; + + if (leftofkey > c->checksumsize) + len = c->checksumsize; + else + len = leftofkey; + + _krb5_put_int(data + datalen - 4, keypart, 4); + + hmac(context, c, data, datalen, 0, &ksign, &result); + memcpy(p, result.checksum.data, len); + memcpy(tmpcksum, result.checksum.data, result.checksum.length); + for (i = 0; i < iter; i++) { + hmac(context, c, tmpcksum, result.checksum.length, + 0, &ksign, &result); + memcpy(tmpcksum, result.checksum.data, result.checksum.length); + for (j = 0; j < len; j++) + p[j] ^= tmpcksum[j]; + } + + p += len; + leftofkey -= len; + keypart++; + } + + free(data); + free(tmpcksum); + krb5_data_free (&result.checksum); + + return 0; +} + +static krb5_error_code +AES_string_to_key(krb5_context context, + krb5_enctype enctype, + krb5_data password, + krb5_salt salt, + krb5_data opaque, + krb5_keyblock *key) +{ + krb5_error_code ret; + u_int32_t iter; + struct encryption_type *et; + struct key_data kd; + + if (opaque.length == 0) + iter = 45056 - 1; + else if (opaque.length == 4) { + unsigned long v; + _krb5_get_int(opaque.data, &v, 4); + iter = ((u_int32_t)v) - 1; + } else + return KRB5_PROG_KEYTYPE_NOSUPP; /* XXX */ + + + et = _find_enctype(enctype); + if (et == NULL) + return KRB5_PROG_KEYTYPE_NOSUPP; + + ret = krb5_PKCS5_PBKDF2(context, CKSUMTYPE_SHA1, password, salt, + iter, enctype, key); + if (ret) + return ret; + + ret = krb5_copy_keyblock(context, key, &kd.key); + kd.schedule = NULL; + + ret = derive_key(context, et, &kd, "kerberos", strlen("kerberos")); + + if (ret) { + krb5_data_free(&key->keyvalue); + } else { + ret = krb5_copy_keyblock_contents(context, kd.key, key); + free_key_data(context, &kd); + } + + return ret; +} + +static void +AES_schedule(krb5_context context, struct key_data *kd) +{ + AES_KEY *key = kd->schedule->data; + int bits = kd->key->keyvalue.length * 8; + + AES_set_encrypt_key(kd->key->keyvalue.data, bits, &key[0]); + AES_set_decrypt_key(kd->key->keyvalue.data, bits, &key[1]); +} + +/* + * + */ + +extern struct salt_type AES_salt[]; + +#endif /* ENABLE_AES */ + extern struct salt_type des_salt[], des3_salt[], des3_salt_derived[], arcfour_salt[]; @@ -535,6 +728,30 @@ struct key_type keytype_des3_derived = { des3_salt_derived }; +#ifdef ENABLE_AES +struct key_type keytype_aes128 = { + KEYTYPE_AES128, + "aes-128", + 128, + 16, + sizeof(AES_KEY) * 2, + NULL, + AES_schedule, + AES_salt +}; + +struct key_type keytype_aes256 = { + KEYTYPE_AES256, + "aes-256", + 256, + 16, + sizeof(AES_KEY) * 2, + NULL, + AES_schedule, + AES_salt +}; +#endif /* ENABLE_AES */ + struct key_type keytype_arcfour = { KEYTYPE_ARCFOUR, "arcfour", @@ -551,6 +768,10 @@ struct key_type *keytypes[] = { &keytype_des, &keytype_des3_derived, &keytype_des3, +#ifdef ENABLE_AES + &keytype_aes128, + &keytype_aes256, +#endif /* ENABLE_AES */ &keytype_arcfour }; @@ -599,6 +820,17 @@ struct salt_type des3_salt_derived[] = { { 0 } }; +#ifdef ENABLE_AES +struct salt_type AES_salt[] = { + { + KRB5_PW_SALT, + "pw-salt", + AES_string_to_key + }, + { 0 } +}; +#endif /* ENABLE_AES */ + struct salt_type arcfour_salt[] = { { KRB5_PW_SALT, @@ -730,11 +962,6 @@ krb5_string_to_key (krb5_context context, return krb5_string_to_key_data(context, enctype, pw, principal, key); } -/* - * Do a string -> key for encryption type `enctype' operation on - * `password' (with salt `salt'), returning the resulting key in `key' - */ - krb5_error_code krb5_string_to_key_data_salt (krb5_context context, krb5_enctype enctype, @@ -742,6 +969,26 @@ krb5_string_to_key_data_salt (krb5_context context, krb5_salt salt, krb5_keyblock *key) { + krb5_data opaque; + krb5_data_zero(&opaque); + return krb5_string_to_key_data_salt_opaque(context, enctype, password, + salt, opaque, key); +} + +/* + * Do a string -> key for encryption type `enctype' operation on + * `password' (with salt `salt' and the enctype specific data string + * `opaque'), returning the resulting key in `key' + */ + +krb5_error_code +krb5_string_to_key_data_salt_opaque (krb5_context context, + krb5_enctype enctype, + krb5_data password, + krb5_salt salt, + krb5_data opaque, + krb5_keyblock *key) +{ struct encryption_type *et =_find_enctype(enctype); struct salt_type *st; if(et == NULL) { @@ -751,7 +998,8 @@ krb5_string_to_key_data_salt (krb5_context context, } for(st = et->keytype->string_to_key; st && st->type; st++) if(st->type == salt.salttype) - return (*st->string_to_key)(context, enctype, password, salt, key); + return (*st->string_to_key)(context, enctype, password, + salt, opaque, key); krb5_set_error_string(context, "salt type %d not supported", salt.salttype); return HEIM_ERR_SALTTYPE_NOSUPP; @@ -810,6 +1058,21 @@ krb5_string_to_keytype(krb5_context context, } krb5_error_code +krb5_enctype_keysize(krb5_context context, + krb5_enctype type, + size_t *keysize) +{ + struct encryption_type *et = _find_enctype(type); + if(et == NULL) { + krb5_set_error_string(context, "encryption type %d not supported", + type); + return KRB5_PROG_ETYPE_NOSUPP; + } + *keysize = et->keytype->size; + return 0; +} + +krb5_error_code krb5_generate_random_keyblock(krb5_context context, krb5_enctype type, krb5_keyblock *key) @@ -1170,16 +1433,22 @@ hmac(krb5_context context, } static void -HMAC_SHA1_DES3_checksum(krb5_context context, - struct key_data *key, - const void *data, - size_t len, - unsigned usage, - Checksum *result) +SP_HMAC_SHA1_checksum(krb5_context context, + struct key_data *key, + const void *data, + size_t len, + unsigned usage, + Checksum *result) { struct checksum_type *c = _find_checksum(CKSUMTYPE_SHA1); + Checksum res; + char sha1_data[20]; + + res.checksum.data = sha1_data; + res.checksum.length = sizeof(sha1_data); - hmac(context, c, data, len, usage, key, result); + hmac(context, c, data, len, usage, key, &res); + memcpy(result->checksum.data, res.checksum.data, result->checksum.length); } /* @@ -1357,9 +1626,31 @@ struct checksum_type checksum_hmac_sha1_des3 = { 64, 20, F_KEYED | F_CPROOF | F_DERIVED, - HMAC_SHA1_DES3_checksum, + SP_HMAC_SHA1_checksum, + NULL +}; + +#ifdef ENABLE_AES +struct checksum_type checksum_hmac_sha1_aes128 = { + CKSUMTYPE_HMAC_SHA1_96_AES_128, + "hmac-sha1-96-aes128", + 64, + 12, + F_KEYED | F_CPROOF | F_DERIVED, + SP_HMAC_SHA1_checksum, + NULL +}; + +struct checksum_type checksum_hmac_sha1_aes256 = { + CKSUMTYPE_HMAC_SHA1_96_AES_256, + "hmac-sha1-96-aes256", + 64, + 12, + F_KEYED | F_CPROOF | F_DERIVED, + SP_HMAC_SHA1_checksum, NULL }; +#endif /* ENABLE_AES */ struct checksum_type checksum_hmac_md5 = { CKSUMTYPE_HMAC_MD5, @@ -1396,6 +1687,10 @@ struct checksum_type *checksum_types[] = { &checksum_rsa_md5_des3, &checksum_sha1, &checksum_hmac_sha1_des3, +#ifdef ENABLE_AES + &checksum_hmac_sha1_aes128, + &checksum_hmac_sha1_aes256, +#endif &checksum_hmac_md5, &checksum_hmac_md5_enc }; @@ -1723,6 +2018,114 @@ DES_PCBC_encrypt_key_ivec(krb5_context context, return 0; } +#ifdef ENABLE_AES + +/* + * AES draft-raeburn-krb-rijndael-krb-02 + */ + +void +_krb5_aes_cts_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *aes_key, + unsigned char *ivec, const int enc) +{ + unsigned char tmp[AES_BLOCK_SIZE]; + const AES_KEY *key = aes_key; /* XXX remove this when we always have AES */ + int i; + + /* + * In the framework of kerberos, the length can never be shorter + * then at least one blocksize. + */ + + if (enc == AES_ENCRYPT) { + + while(len > AES_BLOCK_SIZE) { + for (i = 0; i < AES_BLOCK_SIZE; i++) + tmp[i] = in[i] ^ ivec[i]; + AES_encrypt(tmp, out, key); + memcpy(ivec, out, AES_BLOCK_SIZE); + len -= AES_BLOCK_SIZE; + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; + } + + for (i = 0; i < len; i++) + tmp[i] = in[i] ^ ivec[i]; + for (; i < AES_BLOCK_SIZE; i++) + tmp[i] = 0 ^ ivec[i]; + + AES_encrypt(tmp, out - AES_BLOCK_SIZE, key); + + memcpy(out, ivec, len); + + } else { + char tmp2[AES_BLOCK_SIZE]; + char tmp3[AES_BLOCK_SIZE]; + + while(len > AES_BLOCK_SIZE * 2) { + memcpy(tmp, in, AES_BLOCK_SIZE); + AES_decrypt(in, out, key); + for (i = 0; i < AES_BLOCK_SIZE; i++) + out[i] ^= ivec[i]; + memcpy(ivec, tmp, AES_BLOCK_SIZE); + len -= AES_BLOCK_SIZE; + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; + } + + len -= AES_BLOCK_SIZE; + + AES_decrypt(in, tmp2, key); + + memcpy(tmp3, in + AES_BLOCK_SIZE, len); + memcpy(tmp3 + len, tmp2 + len, AES_BLOCK_SIZE - len); /* xor 0 */ + + for (i = 0; i < len; i++) + out[i + AES_BLOCK_SIZE] = tmp2[i] ^ tmp3[i]; + + AES_decrypt(tmp3, out, key); + for (i = 0; i < AES_BLOCK_SIZE; i++) + out[i] ^= ivec[i]; + } +} + +static krb5_error_code +AES_CTS_encrypt(krb5_context context, + struct key_data *key, + void *data, + size_t len, + krb5_boolean encrypt, + int usage, + void *ivec) +{ + AES_KEY *k = key->schedule->data; + char local_ivec[AES_BLOCK_SIZE]; + + if (encrypt) + k = &k[0]; + else + k = &k[1]; + + if (len < AES_BLOCK_SIZE) + abort(); + if (len == AES_BLOCK_SIZE) { + if (encrypt) + AES_encrypt(data, data, k); + else + AES_decrypt(data, data, k); + } else { + if(ivec == NULL) { + memset(local_ivec, 0, sizeof(local_ivec)); + ivec = local_ivec; + } + _krb5_aes_cts_encrypt(data, data, len, k, ivec, encrypt); + } + + return 0; +} +#endif /* ENABLE_AES */ + /* * section 6 of draft-brezak-win2k-krb-rc4-hmac-03 * @@ -1863,7 +2266,8 @@ usage2arcfour (krb5_context context, int *usage) *usage = 1; return 0; case KRB5_KU_TICKET : - *usage = 8; + *usage = 2; + return 0; case KRB5_KU_AS_REP_ENC_PART : *usage = 8; return 0; @@ -1930,6 +2334,7 @@ static struct encryption_type enctype_null = { ETYPE_NULL, "null", 1, + 1, 0, &keytype_null, &checksum_none, @@ -1942,6 +2347,7 @@ static struct encryption_type enctype_des_cbc_crc = { "des-cbc-crc", 8, 8, + 8, &keytype_des, &checksum_crc32, NULL, @@ -1953,6 +2359,7 @@ static struct encryption_type enctype_des_cbc_md4 = { "des-cbc-md4", 8, 8, + 8, &keytype_des, &checksum_rsa_md4, &checksum_rsa_md4_des, @@ -1964,6 +2371,7 @@ static struct encryption_type enctype_des_cbc_md5 = { "des-cbc-md5", 8, 8, + 8, &keytype_des, &checksum_rsa_md5, &checksum_rsa_md5_des, @@ -1974,10 +2382,11 @@ static struct encryption_type enctype_arcfour_hmac_md5 = { ETYPE_ARCFOUR_HMAC_MD5, "arcfour-hmac-md5", 1, + 1, 8, &keytype_arcfour, &checksum_hmac_md5, - &checksum_hmac_md5_enc, + /* &checksum_hmac_md5_enc */ NULL, F_SPECIAL, ARCFOUR_encrypt }; @@ -1986,6 +2395,7 @@ static struct encryption_type enctype_des3_cbc_md5 = { "des3-cbc-md5", 8, 8, + 8, &keytype_des3, &checksum_rsa_md5, &checksum_rsa_md5_des3, @@ -1997,6 +2407,7 @@ static struct encryption_type enctype_des3_cbc_sha1 = { "des3-cbc-sha1", 8, 8, + 8, &keytype_des3_derived, &checksum_sha1, &checksum_hmac_sha1_des3, @@ -2008,16 +2419,44 @@ static struct encryption_type enctype_old_des3_cbc_sha1 = { "old-des3-cbc-sha1", 8, 8, + 8, &keytype_des3, &checksum_sha1, &checksum_hmac_sha1_des3, 0, DES3_CBC_encrypt, }; +#ifdef ENABLE_AES +static struct encryption_type enctype_aes128_cts_hmac_sha1 = { + ETYPE_AES128_CTS_HMAC_SHA1_96, + "aes128-cts-hmac-sha1-96", + 16, + 1, + 16, + &keytype_aes128, + &checksum_sha1, + &checksum_hmac_sha1_aes128, + 0, + AES_CTS_encrypt, +}; +static struct encryption_type enctype_aes256_cts_hmac_sha1 = { + ETYPE_AES256_CTS_HMAC_SHA1_96, + "aes256-cts-hmac-sha1-96", + 16, + 1, + 16, + &keytype_aes256, + &checksum_sha1, + &checksum_hmac_sha1_aes256, + 0, + AES_CTS_encrypt, +}; +#endif /* ENABLE_AES */ static struct encryption_type enctype_des_cbc_none = { ETYPE_DES_CBC_NONE, "des-cbc-none", 8, + 8, 0, &keytype_des, &checksum_none, @@ -2029,6 +2468,7 @@ static struct encryption_type enctype_des_cfb64_none = { ETYPE_DES_CFB64_NONE, "des-cfb64-none", 1, + 1, 0, &keytype_des, &checksum_none, @@ -2040,6 +2480,7 @@ static struct encryption_type enctype_des_pcbc_none = { ETYPE_DES_PCBC_NONE, "des-pcbc-none", 8, + 8, 0, &keytype_des, &checksum_none, @@ -2051,6 +2492,7 @@ static struct encryption_type enctype_des3_cbc_none = { ETYPE_DES3_CBC_NONE, "des3-cbc-none", 8, + 8, 0, &keytype_des3_derived, &checksum_none, @@ -2068,6 +2510,10 @@ static struct encryption_type *etypes[] = { &enctype_des3_cbc_md5, &enctype_des3_cbc_sha1, &enctype_old_des3_cbc_sha1, +#ifdef ENABLE_AES + &enctype_aes128_cts_hmac_sha1, + &enctype_aes256_cts_hmac_sha1, +#endif &enctype_des_cbc_none, &enctype_des_cfb64_none, &enctype_des_pcbc_none, @@ -2270,7 +2716,7 @@ encrypt_internal_derived(krb5_context context, checksum_sz = CHECKSUMSIZE(et->keyed_checksum); sz = et->confoundersize + len; - block_sz = (sz + et->blocksize - 1) &~ (et->blocksize - 1); /* pad */ + block_sz = (sz + et->padsize - 1) &~ (et->padsize - 1); /* pad */ total_sz = block_sz + checksum_sz; p = calloc(1, total_sz); if(p == NULL) { @@ -2338,7 +2784,7 @@ encrypt_internal(krb5_context context, checksum_sz = CHECKSUMSIZE(et->checksum); sz = et->confoundersize + checksum_sz + len; - block_sz = (sz + et->blocksize - 1) &~ (et->blocksize - 1); /* pad */ + block_sz = (sz + et->padsize - 1) &~ (et->padsize - 1); /* pad */ p = calloc(1, block_sz); if(p == NULL) { krb5_set_error_string(context, "malloc: out of memory"); @@ -2879,6 +3325,12 @@ derive_key(krb5_context context, case KEYTYPE_DES3: DES3_postproc(context, k, nblocks * et->blocksize, key); break; +#ifdef ENABLE_AES + case KEYTYPE_AES128: + case KEYTYPE_AES256: + memcpy(key->key->keyvalue.data, k, key->key->keyvalue.length); + break; +#endif /* ENABLE_AES */ default: krb5_set_error_string(context, "derive_key() called with unknown keytype (%u)", @@ -3097,11 +3549,11 @@ wrapped_length (krb5_context context, size_t data_len) { struct encryption_type *et = crypto->et; - size_t blocksize = et->blocksize; + size_t padsize = et->padsize; size_t res; res = et->confoundersize + et->checksum->checksumsize + data_len; - res = (res + blocksize - 1) / blocksize * blocksize; + res = (res + padsize - 1) / padsize * padsize; return res; } @@ -3111,11 +3563,11 @@ wrapped_length_dervied (krb5_context context, size_t data_len) { struct encryption_type *et = crypto->et; - size_t blocksize = et->blocksize; + size_t padsize = et->padsize; size_t res; res = et->confoundersize + data_len; - res = (res + blocksize - 1) / blocksize * blocksize; + res = (res + padsize - 1) / padsize * padsize; res += et->checksum->checksumsize; return res; } @@ -3231,7 +3683,7 @@ main() d->key = &key; res.checksum.length = 20; res.checksum.data = malloc(res.checksum.length); - HMAC_SHA1_DES3_checksum(context, d, data, 28, &res); + SP_HMAC_SHA1_checksum(context, d, data, 28, &res); return 0; #endif diff --git a/crypto/heimdal/lib/krb5/data.c b/crypto/heimdal/lib/krb5/data.c index c6a5d75..d2bfeb2 100644 --- a/crypto/heimdal/lib/krb5/data.c +++ b/crypto/heimdal/lib/krb5/data.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: data.c,v 1.16 2001/05/14 06:14:46 assar Exp $"); +RCSID("$Id: data.c,v 1.17 2003/03/25 22:07:17 lha Exp $"); void krb5_data_zero(krb5_data *p) @@ -50,6 +50,12 @@ krb5_data_free(krb5_data *p) p->length = 0; } +void +krb5_free_data_contents(krb5_context context, krb5_data *data) +{ + krb5_data_free(data); +} + void krb5_free_data(krb5_context context, krb5_data *p) diff --git a/crypto/heimdal/lib/krb5/get_addrs.c b/crypto/heimdal/lib/krb5/get_addrs.c index f521de8..94a0350 100644 --- a/crypto/heimdal/lib/krb5/get_addrs.c +++ b/crypto/heimdal/lib/krb5/get_addrs.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: get_addrs.c,v 1.44 2002/08/16 20:50:15 joda Exp $"); +RCSID("$Id: get_addrs.c,v 1.45 2003/01/25 15:19:49 lha Exp $"); #ifdef __osf__ /* hate */ @@ -144,6 +144,8 @@ find_all_addresses (krb5_context context, krb5_addresses *res, int flags) for (ifa = ifa0, idx = 0; ifa != NULL; ifa = ifa->ifa_next) { if ((ifa->ifa_flags & IFF_UP) == 0) continue; + if (ifa->ifa_addr == NULL) + continue; if (memcmp(ifa->ifa_addr, &sa_zero, sizeof(sa_zero)) == 0) continue; if (krb5_sockaddr_uninteresting(ifa->ifa_addr)) @@ -185,6 +187,8 @@ find_all_addresses (krb5_context context, krb5_addresses *res, int flags) for (ifa = ifa0; ifa != NULL; ifa = ifa->ifa_next) { if ((ifa->ifa_flags & IFF_UP) == 0) continue; + if (ifa->ifa_addr == NULL) + continue; if (memcmp(ifa->ifa_addr, &sa_zero, sizeof(sa_zero)) == 0) continue; if (krb5_sockaddr_uninteresting(ifa->ifa_addr)) diff --git a/crypto/heimdal/lib/krb5/get_in_tkt.c b/crypto/heimdal/lib/krb5/get_in_tkt.c index 74a0204..0e75a95 100644 --- a/crypto/heimdal/lib/krb5/get_in_tkt.c +++ b/crypto/heimdal/lib/krb5/get_in_tkt.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: get_in_tkt.c,v 1.106 2002/09/04 16:26:04 joda Exp $"); +RCSID("$Id: get_in_tkt.c,v 1.107 2003/02/16 06:41:25 nectar Exp $"); krb5_error_code krb5_init_etype (krb5_context context, @@ -542,10 +542,12 @@ init_as_req (krb5_context context, sp = NULL; else krb5_data_zero(&salt.saltvalue); - add_padata(context, a->padata, creds->client, + ret = add_padata(context, a->padata, creds->client, key_proc, keyseed, &preauth->val[i].info.val[j].etype, 1, sp); + if (ret == 0) + break; } } } diff --git a/crypto/heimdal/lib/krb5/init_creds_pw.c b/crypto/heimdal/lib/krb5/init_creds_pw.c index 19b5b36..51bad53 100644 --- a/crypto/heimdal/lib/krb5/init_creds_pw.c +++ b/crypto/heimdal/lib/krb5/init_creds_pw.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: init_creds_pw.c,v 1.53 2002/04/18 09:14:51 joda Exp $"); +RCSID("$Id: init_creds_pw.c,v 1.55 2003/03/20 18:07:31 lha Exp $"); static int get_config_time (krb5_context context, @@ -452,6 +452,9 @@ krb5_get_init_creds_password(krb5_context context, case KRB5KDC_ERR_KEY_EXPIRED : /* try to avoid recursion */ + if (prompter == NULL) + goto out; + krb5_clear_error_string (context); if (in_tkt_service != NULL diff --git a/crypto/heimdal/lib/krb5/kerberos.8 b/crypto/heimdal/lib/krb5/kerberos.8 index 5f05284..b0b4980 100644 --- a/crypto/heimdal/lib/krb5/kerberos.8 +++ b/crypto/heimdal/lib/krb5/kerberos.8 @@ -1,4 +1,35 @@ -.\" $Id: kerberos.8,v 1.5 2002/08/20 17:07:17 joda Exp $ +.\" Copyright (c) 2000 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: kerberos.8,v 1.6 2003/03/10 02:19:23 lha Exp $ .\" .Dd September 1, 2000 .Dt KERBEROS 8 diff --git a/crypto/heimdal/lib/krb5/keytab.c b/crypto/heimdal/lib/krb5/keytab.c index f276d2e..9adf99b 100644 --- a/crypto/heimdal/lib/krb5/keytab.c +++ b/crypto/heimdal/lib/krb5/keytab.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab.c,v 1.53 2002/03/10 23:14:12 assar Exp $"); +RCSID("$Id: keytab.c,v 1.55 2003/03/27 03:45:01 lha Exp $"); /* * Register a new keytab in `ops' @@ -46,6 +46,11 @@ krb5_kt_register(krb5_context context, { struct krb5_keytab_data *tmp; + if (strlen(ops->prefix) > KRB5_KT_PREFIX_MAX_LEN - 1) { + krb5_set_error_string(context, "krb5_kt_register; prefix too long"); + return KRB5_KT_NAME_TOOLONG; + } + tmp = realloc(context->kt_types, (context->num_kt_types + 1) * sizeof(*context->kt_types)); if(tmp == NULL) { @@ -206,6 +211,21 @@ krb5_kt_read_service_key(krb5_context context, } /* + * Return the type of the `keytab' in the string `prefix of length + * `prefixsize'. + */ + +krb5_error_code +krb5_kt_get_type(krb5_context context, + krb5_keytab keytab, + char *prefix, + size_t prefixsize) +{ + strlcpy(prefix, keytab->prefix, prefixsize); + return 0; +} + +/* * Retrieve the name of the keytab `keytab' into `name', `namesize' * Return 0 or an error. */ @@ -308,17 +328,20 @@ krb5_kt_get_entry(krb5_context context, if (entry->vno) { return 0; } else { - char princ[256], kt_name[256]; + char princ[256], kt_name[256], kvno_str[25]; krb5_unparse_name_fixed (context, principal, princ, sizeof(princ)); krb5_kt_get_name (context, id, kt_name, sizeof(kt_name)); + if (kvno) + snprintf(kvno_str, sizeof(kvno_str), "(kvno %d)", kvno); + else + kvno_str[0] = '\0'; + krb5_set_error_string (context, - "failed to find %s%s%d%s in keytab %s", + "failed to find %s%s in keytab %s", princ, - kvno ? "(" : "", - kvno, - kvno ? ")" : "", + kvno_str, kt_name); return KRB5_KT_NOTFOUND; } diff --git a/crypto/heimdal/lib/krb5/keytab_any.c b/crypto/heimdal/lib/krb5/keytab_any.c index fe14d62..667788c 100644 --- a/crypto/heimdal/lib/krb5/keytab_any.c +++ b/crypto/heimdal/lib/krb5/keytab_any.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_any.c,v 1.6.4.1 2002/10/21 16:07:00 joda Exp $"); +RCSID("$Id: keytab_any.c,v 1.7 2002/10/21 13:36:59 joda Exp $"); struct any_data { krb5_keytab kt; diff --git a/crypto/heimdal/lib/krb5/keytab_file.c b/crypto/heimdal/lib/krb5/keytab_file.c index e9d9fd8..f2ff5386 100644 --- a/crypto/heimdal/lib/krb5/keytab_file.c +++ b/crypto/heimdal/lib/krb5/keytab_file.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_file.c,v 1.11.4.1 2002/10/21 14:35:47 joda Exp $"); +RCSID("$Id: keytab_file.c,v 1.12 2002/09/24 16:43:30 joda Exp $"); #define KRB5_KT_VNO_1 1 #define KRB5_KT_VNO_2 2 diff --git a/crypto/heimdal/lib/krb5/keytab_keyfile.c b/crypto/heimdal/lib/krb5/keytab_keyfile.c index 7bfc59c..aca930f 100644 --- a/crypto/heimdal/lib/krb5/keytab_keyfile.c +++ b/crypto/heimdal/lib/krb5/keytab_keyfile.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_keyfile.c,v 1.14.2.1 2002/10/21 16:07:26 joda Exp $"); +RCSID("$Id: keytab_keyfile.c,v 1.15 2002/10/21 15:42:06 joda Exp $"); /* afs keyfile operations --------------------------------------- */ diff --git a/crypto/heimdal/lib/krb5/krb5-private.h b/crypto/heimdal/lib/krb5/krb5-private.h index 6abac50..b247131 100644 --- a/crypto/heimdal/lib/krb5/krb5-private.h +++ b/crypto/heimdal/lib/krb5/krb5-private.h @@ -5,6 +5,15 @@ #include <stdarg.h> void +_krb5_aes_cts_encrypt ( + const unsigned char */*in*/, + unsigned char */*out*/, + size_t /*len*/, + const void */*aes_key*/, + unsigned char */*ivec*/, + const int /*enc*/); + +void _krb5_crc_init_table (void); u_int32_t @@ -34,6 +43,16 @@ _krb5_get_int ( unsigned long */*value*/, size_t /*size*/); +time_t +_krb5_krb_life_to_time ( + int /*start*/, + int /*life_*/); + +int +_krb5_krb_time_to_life ( + time_t /*start*/, + time_t /*end*/); + void _krb5_n_fold ( const void */*str*/, diff --git a/crypto/heimdal/lib/krb5/krb5-protos.h b/crypto/heimdal/lib/krb5/krb5-protos.h index 91a28f1..22fc669 100644 --- a/crypto/heimdal/lib/krb5/krb5-protos.h +++ b/crypto/heimdal/lib/krb5/krb5-protos.h @@ -48,6 +48,16 @@ krb5_524_conv_principal ( char */*realm*/); krb5_error_code +krb5_PKCS5_PBKDF2 ( + krb5_context /*context*/, + krb5_cksumtype /*cktype*/, + krb5_data /*password*/, + krb5_salt /*salt*/, + u_int32_t /*iter*/, + krb5_keytype /*type*/, + krb5_keyblock */*key*/); + +krb5_error_code krb5_abort ( krb5_context /*context*/, krb5_error_code /*code*/, @@ -437,6 +447,11 @@ krb5_cc_get_name ( krb5_context /*context*/, krb5_ccache /*id*/); +const krb5_cc_ops * +krb5_cc_get_ops ( + krb5_context /*context*/, + krb5_ccache /*id*/); + krb5_error_code krb5_cc_get_principal ( krb5_context /*context*/, @@ -494,6 +509,11 @@ krb5_cc_retrieve_cred ( krb5_creds */*creds*/); krb5_error_code +krb5_cc_set_default_name ( + krb5_context /*context*/, + const char */*name*/); + +krb5_error_code krb5_cc_set_flags ( krb5_context /*context*/, krb5_ccache /*id*/, @@ -1058,6 +1078,12 @@ krb5_encrypt_ivec ( void */*ivec*/); krb5_error_code +krb5_enctype_keysize ( + krb5_context /*context*/, + krb5_enctype /*type*/, + size_t */*keysize*/); + +krb5_error_code krb5_enctype_to_keytype ( krb5_context /*context*/, krb5_enctype /*etype*/, @@ -1178,6 +1204,11 @@ krb5_free_data ( krb5_data */*p*/); void +krb5_free_data_contents ( + krb5_context /*context*/, + krb5_data */*data*/); + +void krb5_free_error ( krb5_context /*context*/, krb5_error */*error*/); @@ -1776,6 +1807,13 @@ krb5_kt_get_name ( size_t /*namesize*/); krb5_error_code +krb5_kt_get_type ( + krb5_context /*context*/, + krb5_keytab /*keytab*/, + char */*prefix*/, + size_t /*prefixsize*/); + +krb5_error_code krb5_kt_next_entry ( krb5_context /*context*/, krb5_keytab /*id*/, @@ -2606,6 +2644,15 @@ krb5_string_to_key_data_salt ( krb5_keyblock */*key*/); krb5_error_code +krb5_string_to_key_data_salt_opaque ( + krb5_context /*context*/, + krb5_enctype /*enctype*/, + krb5_data /*password*/, + krb5_salt /*salt*/, + krb5_data /*opaque*/, + krb5_keyblock */*key*/); + +krb5_error_code krb5_string_to_key_derived ( krb5_context /*context*/, const void */*str*/, diff --git a/crypto/heimdal/lib/krb5/krb5-v4compat.h b/crypto/heimdal/lib/krb5/krb5-v4compat.h new file mode 100644 index 0000000..2f89281 --- /dev/null +++ b/crypto/heimdal/lib/krb5/krb5-v4compat.h @@ -0,0 +1,93 @@ +/* + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: krb5-v4compat.h,v 1.2 2003/03/18 03:08:20 lha Exp $ */ + +#ifndef __KRB5_V4COMPAT_H__ +#define __KRB5_V4COMPAT_H__ + +/* + * This file must only be included with v4 compat glue stuff in + * heimdal sources. + * + * It MUST NOT be installed. + */ + +#define MAX_KTXT_LEN 1250 + +#define ANAME_SZ 40 +#define REALM_SZ 40 +#define SNAME_SZ 40 +#define INST_SZ 40 + +struct ktext { + unsigned int length; /* Length of the text */ + unsigned char dat[MAX_KTXT_LEN]; /* The data itself */ + u_int32_t mbz; /* zero to catch runaway strings */ +}; + +struct credentials { + char service[ANAME_SZ]; /* Service name */ + char instance[INST_SZ]; /* Instance */ + char realm[REALM_SZ]; /* Auth domain */ + des_cblock session; /* Session key */ + int lifetime; /* Lifetime */ + int kvno; /* Key version number */ + struct ktext ticket_st; /* The ticket itself */ + int32_t issue_date; /* The issue time */ + char pname[ANAME_SZ]; /* Principal's name */ + char pinst[INST_SZ]; /* Principal's instance */ +}; + + +#define TKTLIFENUMFIXED 64 +#define TKTLIFEMINFIXED 0x80 +#define TKTLIFEMAXFIXED 0xBF +#define TKTLIFENOEXPIRE 0xFF +#define MAXTKTLIFETIME (30*24*3600) /* 30 days */ +#ifndef NEVERDATE +#define NEVERDATE ((time_t)0x7fffffffL) +#endif + +#define KERB_ERR_NULL_KEY 10 + +int +_krb5_krb_time_to_life(time_t start, time_t end); + +time_t +_krb5_krb_life_to_time(int start, int life_); + +#define krb_time_to_life _krb5_krb_time_to_life +#define krb_life_to_time _krb5_krb_life_to_time + +#endif /* __KRB5_V4COMPAT_H__ */ diff --git a/crypto/heimdal/lib/krb5/krb5.3 b/crypto/heimdal/lib/krb5/krb5.3 index 830ee66..8e169a0 100644 --- a/crypto/heimdal/lib/krb5/krb5.3 +++ b/crypto/heimdal/lib/krb5/krb5.3 @@ -1,6 +1,35 @@ -.\" $Id: krb5.3,v 1.1 2001/11/20 22:19:10 assar Exp $ +.\" Copyright (c) 2001, 2003 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. .\" -.Dd November 8, 2001 +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd March 20, 2003 .Dt KRB5 3 .Os .Sh NAME @@ -9,10 +38,10 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh DESCRIPTION -These functions constitute the kerberos 5 library, +These functions constitute the Kerberos 5 library, .Em libkrb5 . Declarations for these functions may be obtained from the include file -.Pa krb5/krb5.h . +.Pa krb5.h . .Sh LIST OF FUNCTIONS .sp 2 .nf @@ -25,9 +54,17 @@ krb5_425_conv_principal_ext.3 krb5_524_conv_principal.3 krb5_addlog_dest.3 krb5_addlog_func.3 +krb5_addr2sockaddr.3 +krb5_address.3 +krb5_address_compare.3 +krb5_address_order.3 +krb5_address_search.3 +krb5_addresses.3 +krb5_anyaddr.3 krb5_appdefault_boolean.3 krb5_appdefault_string.3 krb5_appdefault_time.3 +krb5_append_addresses.3 krb5_auth_con_free.3 krb5_auth_con_genaddrs.3 krb5_auth_con_getaddrs.3 @@ -62,6 +99,26 @@ krb5_build_principal.3 krb5_build_principal_ext.3 krb5_build_principal_va.3 krb5_build_principal_va_ext.3 +krb5_cc_close.3 +krb5_cc_copy_cache.3 +krb5_cc_default.3 +krb5_cc_default_name.3 +krb5_cc_destroy.3 +krb5_cc_end_seq_get.3 +krb5_cc_gen_new.3 +krb5_cc_get_name.3 +krb5_cc_get_principal.3 +krb5_cc_get_type.3 +krb5_cc_get_version.3 +krb5_cc_initialize.3 +krb5_cc_next_cred.3 +krb5_cc_register.3 +krb5_cc_remove_cred.3 +krb5_cc_resolve.3 +krb5_cc_retrieve_cred.3 +krb5_cc_set_default_name.3 +krb5_cc_set_flags.3 +krb5_cc_store_cred.3 krb5_checksum_is_collision_proof.3 krb5_checksum_is_keyed.3 krb5_checksumsize.3 @@ -71,24 +128,42 @@ krb5_config_get_int_default.3 krb5_config_get_string_default.3 krb5_config_get_time_default.3 krb5_context.3 +krb5_copy_address.3 +krb5_copy_addresses.3 +krb5_copy_data.3 krb5_create_checksum.3 krb5_crypto_destroy.3 krb5_crypto_init.3 +krb5_data_alloc.3 +krb5_data_copy.3 +krb5_data_free.3 +krb5_data_realloc.3 +krb5_data_zero.3 krb5_decrypt.3 krb5_decrypt_EncryptedData.3 krb5_encrypt.3 krb5_encrypt_EncryptedData.3 krb5_err.3 krb5_errx.3 +krb5_free_address.3 +krb5_free_addresses.3 krb5_free_context.3 +krb5_free_data.3 +krb5_free_data_contents.3 +krb5_free_host_realm.3 krb5_free_krbhst.3 krb5_free_principal.3 krb5_get_all_client_addrs.3 krb5_get_all_server_addrs.3 +krb5_get_default_realm.3 +krb5_get_default_realms.3 +krb5_get_host_realm.3 krb5_get_krb524hst.3 krb5_get_krb_admin_hst.3 krb5_get_krb_changepw_hst.3 krb5_get_krbhst.3 +krb5_h_addr2addr.3 +krb5_h_addr2sockaddr.3 krb5_init_context.3 krb5_initlog.3 krb5_keytab_entry.3 @@ -120,21 +195,35 @@ krb5_kt_resolve.3.3 krb5_kt_start_seq_get krb5_log.3 krb5_log_msg.3 +krb5_make_addrport.3 krb5_make_principal.3 +krb5_max_sockaddr_size.3 krb5_openlog.3 +krb5_parse_address.3 krb5_parse_name.3 krb5_principal.3 krb5_principal_get_comp_string.3 krb5_principal_get_realm.3 +krb5_print_address.3 +krb5_set_default_realm.3 krb5_set_warn_dest.3 krb5_sname_to_principal.3 krb5_sock_to_principal.3 +krb5_sockaddr2address.3 +krb5_sockaddr2port.3 +krb5_sockaddr_uninteresting.3 krb5_timeofday.3 krb5_unparse_name.3 krb5_us_timeofday.3 krb5_verify_checksum.3 +krb5_verify_opt_init.3 +krb5_verify_opt_set_flags.3 +krb5_verify_opt_set_keytab.3 +krb5_verify_opt_set_secure.3 +krb5_verify_opt_set_service.3 krb5_verify_user.3 krb5_verify_user_lrealm.3 +krb5_verify_user_opt.3 krb5_verr.3 krb5_verrx.3 krb5_vlog.3 @@ -143,6 +232,7 @@ krb5_vwarn.3 krb5_vwarnx.3 krb5_warn.3 krb5_warnx.3 +krn5_kuserok.3 .ta .Fi .Sh SEE ALSO diff --git a/crypto/heimdal/lib/krb5/krb5.conf.5 b/crypto/heimdal/lib/krb5/krb5.conf.5 index 0fc856a..9ee85aa 100644 --- a/crypto/heimdal/lib/krb5/krb5.conf.5 +++ b/crypto/heimdal/lib/krb5/krb5.conf.5 @@ -1,4 +1,35 @@ -.\" $Id: krb5.conf.5,v 1.25 2002/08/28 15:33:59 nectar Exp $ +.\" Copyright (c) 1999 - 2003 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5.conf.5,v 1.35 2003/04/16 13:26:13 lha Exp $ .\" .Dd April 11, 1999 .Dt KRB5.CONF 5 @@ -13,8 +44,10 @@ file specifies several configuration parameters for the Kerberos 5 library, as well as for some programs. .Pp The file consists of one or more sections, containing a number of -bindings. The value of each binding can be either a string or a list -of other bindings. The grammar looks like: +bindings. +The value of each binding can be either a string or a list of other +bindings. +The grammar looks like: .Bd -literal -offset indent file: /* empty */ @@ -43,13 +76,30 @@ name: .Ed .Li STRINGs -consists of one or more non-white space characters. +consists of one or more non-whitespace characters. +.Pp +STRINGs that are specified later in this man-page uses the following +notation. +.Bl -tag -width "xxx" -offset indent +.It boolean +values can be either yes/true or no/false. +.It time +values can be a list of year, month, day, hour, min, second. +Example: 1 month 2 days 30 min. +.It etypes +valid encryption types are: des-cbc-crc, des-cbc-md4, des-cbc-md5, +des3-cbc-sha1. +.It address +an address can be either a IPv4 or a IPv6 address. +.El +.Pp Currently recognised sections and bindings are: .Bl -tag -width "xxx" -offset indent .It Li [appdefaults] Specifies the default values to be used for Kerberos applications. You can specify defaults per application, realm, or a combination of -these. The preference order is: +these. +The preference order is: .Bl -enum -compact .It .Va application Va realm Va option @@ -84,12 +134,13 @@ The default is the result of .Fn krb5_get_host_realm "local hostname" . .It Li clockskew = Va time Maximum time differential (in seconds) allowed when comparing -times. Default is 300 seconds (five minutes). +times. +Default is 300 seconds (five minutes). .It Li kdc_timeout = Va time Maximum time to wait for a reply from the kdc, default is 3 seconds. .It v4_name_convert .It v4_instance_resolve -These are decribed in the +These are described in the .Xr krb5_425_conv_principal 3 manual page. .It Li capath = { @@ -111,11 +162,11 @@ This configuration should preferably be done on the KDC where it will help all its clients but can also be done on the client itself. .It Li } .It Li default_etypes = Va etypes... -A list of default etypes to use. +A list of default encryption types to use. .It Li default_etypes_des = Va etypes... -A list of default etypes to use when requesting a DES credential. +A list of default encryption types to use when requesting a DES credential. .It Li default_keytab_name = Va keytab -The keytab to use if none other is specified, default is +The keytab to use if no other is specified, default is .Dq FILE:/etc/krb5.keytab . .It Li dns_lookup_kdc = Va boolean Use DNS SRV records to lookup KDC services location. @@ -138,12 +189,15 @@ When obtaining initial credentials, make the credentials proxiable. This option is also valid in the [realms] section. .It Li verify_ap_req_nofail = Va boolean If enabled, failure to verify credentials against a local key is a -fatal error. The application has to be able to read the corresponding -service key for this to work. Some applications, like +fatal error. +The application has to be able to read the corresponding service key +for this to work. +Some applications, like .Xr su 8 , enable this option unconditionally. .It Li warn_pwexpire = Va time -How soon to warn for expiring password. Default is seven days. +How soon to warn for expiring password. +Default is seven days. .It Li http_proxy = Va proxy-spec A HTTP-proxy to use when talking to the KDC via HTTP. .It Li dns_proxy = Va proxy-spec @@ -171,14 +225,14 @@ and other programs. This option is also valid in the [realms] section. .El .It Li [domain_realm] -This is a list of mappings from DNS domain to Kerberos realm. Each -binding in this section looks like: +This is a list of mappings from DNS domain to Kerberos realm. +Each binding in this section looks like: .Pp .Dl domain = realm .Pp The domain can be either a full name of a host or a trailing component, in the latter case the domain-string should start with a -perid. +period. The realm may be the token `dns_locate', in which case the actual realm will be determined using DNS (independently of the setting of the `dns_lookup_realm' option). @@ -186,22 +240,44 @@ of the `dns_lookup_realm' option). .Bl -tag -width "xxx" -offset indent .It Va REALM Li = { .Bl -tag -width "xxx" -offset indent -.It Li kdc = Va host[:port] -Specifies a list of kdcs for this realm. If the optional port is absent, the +.It Li kdc = Va [service/]host[:port] +Specifies a list of kdcs for this realm. +If the optional +.Va port +is absent, the default value for the .Dq kerberos/udp -service will be used. +.Dq kerberos/tcp , +and +.Dq http/tcp +port (depending on service) will be used. The kdcs will be used in the order that they are specified. +.Pp +The optional +.Va service +specifies over what medium the kdc should be +contacted. +Possible services are +.Dq udp , +.Dq tcp , +and +.Dq http . +Http can also be written as +.Dq http:// . +Default service is +.Dq udp +and +.Dq tcp . .It Li admin_server = Va host[:port] Specifies the admin server for this realm, where all the modifications -to the database are perfomed. +to the database are performed. .It Li kpasswd_server = Va host[:port] -Points to the server where all the password changes are perfomed. +Points to the server where all the password changes are performed. If there is no such entry, the kpasswd port on the admin_server host will be tried. -.It Li krb524_server = Va Host[:port] -Points to the server that does 524 conversions. If it is not -mentioned, the krb524 port on the kdcs will be tried. +.It Li krb524_server = Va host[:port] +Points to the server that does 524 conversions. +If it is not mentioned, the krb524 port on the kdcs will be tried. .It Li v4_instance_convert .It Li v4_name_convert .It Li default_domain @@ -217,7 +293,8 @@ Specifies that .Va entity should use the specified .Li destination -for logging. See the +for logging. +See the .Xr krb5_openlog 3 manual page for a list of defined destinations. .El @@ -226,19 +303,19 @@ manual page for a list of defined destinations. .It database Li = { .Bl -tag -width "xxx" -offset indent .It dbname Li = Va DATABASENAME -use this database for this realm. +Use this database for this realm. .It realm Li = Va REALM -specifies the realm that will be stored in this database. +Specifies the realm that will be stored in this database. .It mkey_file Li = Pa FILENAME -use this keytab file for the master key of this database. +Use this keytab file for the master key of this database. If not specified .Va DATABASENAME Ns .mkey will be used. .It acl_file Li = PA FILENAME -use this file for the ACL list of this database. +Use this file for the ACL list of this database. .It log_file Li = Pa FILENAME -use this file as the log of changes performed to the database. This -file is used by +Use this file as the log of changes performed to the database. +This file is used by .Nm ipropd-master for propagating changes to slaves. .El @@ -246,39 +323,42 @@ for propagating changes to slaves. .It max-request = Va SIZE Maximum size of a kdc request. .It require-preauth = Va BOOL -If set pre-authentication is required. Since krb4 requests are not -pre-authenticated they will be rejected. +If set pre-authentication is required. +Since krb4 requests are not pre-authenticated they will be rejected. .It ports = Va "list of ports" -list of ports the kdc should listen to. +List of ports the kdc should listen to. .It addresses = Va "list of interfaces" -list of addresses the kdc should bind to. +List of addresses the kdc should bind to. .It enable-kerberos4 = Va BOOL -turn on kerberos4 support. +Turn on Kerberos 4 support. .It v4-realm = Va REALM -to what realm v4 requests should be mapped. +To what realm v4 requests should be mapped. .It enable-524 = Va BOOL -should the Kerberos 524 converting facility be turned on. Default is same as +Should the Kerberos 524 converting facility be turned on. +Default is same as .Va enable-kerberos4 . .It enable-http = Va BOOL -should the kdc answer kdc-requests over http. +Should the kdc answer kdc-requests over http. .It enable-kaserver = Va BOOL -if this kdc should emulate the AFS kaserver. +If this kdc should emulate the AFS kaserver. .It check-ticket-addresses = Va BOOL verify the addresses in the tickets used in tgs requests. .\" XXX .It allow-null-ticket-addresses = Va BOOL -allow addresses-less tickets. +Allow addresses-less tickets. .\" XXX .It allow-anonymous = Va BOOL -if the kdc is allowed to hand out anonymous tickets. +If the kdc is allowed to hand out anonymous tickets. .It encode_as_rep_as_tgs_rep = Va BOOL -encode as-rep as tgs-rep tobe compatible with mistakes older DCE secd did. +Encode as-rep as tgs-rep tobe compatible with mistakes older DCE secd did. .\" XXX .It kdc_warn_pwexpire = Va TIME -the time before expiration that the user should be warned that her +The time before expiration that the user should be warned that her password is about to expire. .It logging = Va Logging What type of logging the kdc should use, see also [logging]/kdc. +.It use_2b = Va principal list +List of principals to use AFS 2b tokens for. .El .It Li [kadmin] .Bl -tag -width "xxx" -offset indent @@ -293,15 +373,17 @@ syntax of this if something like: .Pp [(des|des3|etype):](pw-salt|afs3-salt)[:string] .Pp -if +If .Ar etype -is omitted it means everything, and if string is omitted is means the default string (for that principal). Additional special values of keyttypes are: +is omitted it means everything, and if string is omitted it means the +default salt string (for that principal and encryption type). +Additional special values of keytypes are: .Bl -tag -width "xxx" -offset indent .It v5 -The kerberos 5 salt +The Kerberos 5 salt .Va pw-salt .It v4 -The kerberos 4 type +The Kerberos 4 salt .Va des:pw-salt: .El .It use_v4_salt = Va BOOL @@ -309,7 +391,7 @@ When true, this is the same as .Pp .Va default_keys = Va des3:pw-salt Va v4 .Pp -and is only left for backwards compatability. +and is only left for backwards compatibility. .El .El .Sh ENVIRONMENT @@ -348,9 +430,10 @@ To help overcome this problem, there is a program .Nm verify_krb5_conf that reads .Nm -and tries to emit useful diagnostics from parsing errors. Note that -this program does not have any way of knowing what options are -actually used and thus cannot warn about unknown or misspelled ones. +and tries to emit useful diagnostics from parsing errors. +Note that this program does not have any way of knowing what options +are actually used and thus cannot warn about unknown or misspelled +ones. .Sh SEE ALSO .Xr kinit 1 , .Xr krb5_425_conv_principal 3 , diff --git a/crypto/heimdal/lib/krb5/krb5.h b/crypto/heimdal/lib/krb5/krb5.h index cb035bc..f157452 100644 --- a/crypto/heimdal/lib/krb5/krb5.h +++ b/crypto/heimdal/lib/krb5/krb5.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5.h,v 1.205 2002/09/03 17:31:47 joda Exp $ */ +/* $Id: krb5.h,v 1.209 2003/03/16 18:30:02 lha Exp $ */ #ifndef __KRB5_H__ #define __KRB5_H__ @@ -98,7 +98,7 @@ enum { ENCTYPE_DES_CBC_NONE = ETYPE_DES_CBC_NONE, ENCTYPE_DES3_CBC_NONE = ETYPE_DES3_CBC_NONE, ENCTYPE_DES_CFB64_NONE = ETYPE_DES_CFB64_NONE, - ENCTYPE_DES_PCBC_NONE = ETYPE_DES_PCBC_NONE, + ENCTYPE_DES_PCBC_NONE = ETYPE_DES_PCBC_NONE }; typedef PADATA_TYPE krb5_preauthtype; @@ -219,6 +219,8 @@ typedef enum krb5_keytype { KEYTYPE_NULL = 0, KEYTYPE_DES = 1, KEYTYPE_DES3 = 7, + KEYTYPE_AES128 = 17, + KEYTYPE_AES256 = 18, KEYTYPE_ARCFOUR = 23 } krb5_keytype; @@ -391,6 +393,7 @@ typedef struct krb5_context_data { char *error_string; char error_buf[256]; krb5_addresses *ignore_addresses; + char *default_cc_name; } krb5_context_data; typedef struct krb5_ticket { @@ -436,6 +439,8 @@ struct krb5_keytab_data; typedef struct krb5_keytab_data *krb5_keytab; +#define KRB5_KT_PREFIX_MAX_LEN 30 + struct krb5_keytab_data { const char *prefix; krb5_error_code (*resolve)(krb5_context, const char*, krb5_keytab); diff --git a/crypto/heimdal/lib/krb5/krb5_425_conv_principal.3 b/crypto/heimdal/lib/krb5/krb5_425_conv_principal.3 index bb7e578..78bb62c 100644 --- a/crypto/heimdal/lib/krb5/krb5_425_conv_principal.3 +++ b/crypto/heimdal/lib/krb5/krb5_425_conv_principal.3 @@ -1,5 +1,36 @@ .\" Copyright (c) 1997-2002 Kungliga Tekniska Högskolan -.\" $Id: krb5_425_conv_principal.3,v 1.8 2002/08/28 15:30:46 joda Exp $ +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_425_conv_principal.3,v 1.10 2003/04/16 13:58:13 lha Exp $ +.\" .Dd April 11, 1999 .Dt KRB5_425_CONV_PRINCIPAL 3 .Os HEIMDAL @@ -11,7 +42,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft krb5_error_code .Fn krb5_425_conv_principal "krb5_context context" "const char *name" "const char *instance" "const char *realm" "krb5_principal *principal" .Ft krb5_error_code diff --git a/crypto/heimdal/lib/krb5/krb5_address.3 b/crypto/heimdal/lib/krb5/krb5_address.3 new file mode 100644 index 0000000..dc780ad --- /dev/null +++ b/crypto/heimdal/lib/krb5/krb5_address.3 @@ -0,0 +1,355 @@ +.\" Copyright (c) 2003 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_address.3,v 1.4 2003/04/16 13:58:12 lha Exp $ +.\" +.Dd March 11, 2002 +.Dt KRB5_ADDRESS 3 +.Os HEIMDAL +.Sh NAME +.Nm krb5_address , +.Nm krb5_addresses , +.Nm krb5_sockaddr2address , +.Nm krb5_sockaddr2port , +.Nm krb5_addr2sockaddr , +.Nm krb5_max_sockaddr_size , +.Nm krb5_sockaddr_uninteresting , +.Nm krb5_h_addr2sockaddr , +.Nm krb5_h_addr2addr , +.Nm krb5_anyaddr , +.Nm krb5_print_address , +.Nm krb5_parse_address , +.Nm krb5_address_order , +.Nm krb5_address_compare , +.Nm krb5_address_search , +.Nm krb5_free_address , +.Nm krb5_free_addresses , +.Nm krb5_copy_address , +.Nm krb5_copy_addresses , +.Nm krb5_append_addresses , +.Nm krb5_make_addrport +.Nd mange addresses in Kerberos. +.Sh LIBRARY +Kerberos 5 Library (libkrb5, -lkrb5) +.Sh SYNOPSIS +.In krb5.h +.Pp +.Ft krb5_error_code +.Fo krb5_sockaddr2address +.Fa "krb5_context context" +.Fa "const struct sockaddr *sa" +.Fa "krb5_address *addr" +.Fc +.Ft krb5_error_code +.Fo krb5_sockaddr2port +.Fa "krb5_context context" +.Fa "const struct sockaddr *sa" +.Fa "int16_t *port" +.Fc +.Ft krb5_error_code +.Fo krb5_addr2sockaddr +.Fa "krb5_context context" +.Fa "const krb5_address *addr" +.Fa "struct sockaddr *sa" +.Fa "krb5_socklen_t *sa_size" +.Fa "int port" +.Fc +.Ft size_t +.Fo krb5_max_sockaddr_size +.Fa "void" +.Fc +.Ft "krb5_boolean" +.Fo krb5_sockaddr_uninteresting +.Fa "const struct sockaddr *sa" +.Fc +.Ft krb5_error_code +.Fo krb5_h_addr2sockaddr +.Fa "krb5_context context" +.Fa "int af" +.Fa "const char *addr" +.Fa "struct sockaddr *sa" +.Fa "krb5_socklen_t *sa_size" +.Fa "int port" +.Fc +.Ft krb5_error_code +.Fo krb5_h_addr2addr +.Fa "krb5_context context" +.Fa "int af" +.Fa "const char *haddr" +.Fa "krb5_address *addr" +.Fc +.Ft krb5_error_code +.Fo krb5_anyaddr +.Fa "krb5_context context" +.Fa "int af" +.Fa "struct sockaddr *sa" +.Fa "krb5_socklen_t *sa_size" +.Fa "int port" +.Fc +.Ft krb5_error_code +.Fo krb5_print_address +.Fa "const krb5_address *addr" +.Fa "char *str" +.Fa "size_t len" +.Fa "size_t *ret_len" +.Fc +.Ft krb5_error_code +.Fo krb5_parse_address +.Fa "krb5_context context" +.Fa "const char *string" +.Fa "krb5_addresses *addresses" +.Fc +.Ft int +.Fo "krb5_address_order" +.Fa "krb5_context context" +.Fa "const krb5_address *addr1" +.Fa "const krb5_address *addr2" +.Fc +.Ft "krb5_boolean" +.Fo krb5_address_compare +.Fa "krb5_context context" +.Fa "const krb5_address *addr1" +.Fa "const krb5_address *addr2" +.Fc +.Ft "krb5_boolean" +.Fo krb5_address_search +.Fa "krb5_context context" +.Fa "const krb5_address *addr" +.Fa "const krb5_addresses *addrlist" +.Fc +.Ft krb5_error_code +.Fo krb5_free_address +.Fa "krb5_context context" +.Fa "krb5_address *address" +.Fc +.Ft krb5_error_code +.Fo krb5_free_addresses +.Fa "krb5_context context" +.Fa "krb5_addresses *addresses" +.Fc +.Ft krb5_error_code +.Fo krb5_copy_address +.Fa "krb5_context context" +.Fa "const krb5_address *inaddr" +.Fa "krb5_address *outaddr" +.Fc +.Ft krb5_error_code +.Fo krb5_copy_addresses +.Fa "krb5_context context" +.Fa "const krb5_addresses *inaddr" +.Fa "krb5_addresses *outaddr" +.Fc +.Ft krb5_error_code +.Fo krb5_append_addresses +.Fa "krb5_context context" +.Fa "krb5_addresses *dest" +.Fa "const krb5_addresses *source" +.Fc +.Ft krb5_error_code +.Fo krb5_make_addrport +.Fa "krb5_context context" +.Fa "krb5_address **res" +.Fa "const krb5_address *addr" +.Fa "int16_t port" +.Fc +.Sh DESCRIPTION +The +.Li krb5_address +structure holds a address that can be used in Kerberos API +calls. There are help functions to set and extract address information +of the address. +.Pp +The +.Li krb5_addresses +structure holds a set of krb5_address:es. +.Pp +.Fn krb5_sockaddr2address +stores a address a +.Li "struct sockaddr" +.Fa sa +in the krb5_address +.Fa addr . +.Pp +.Fn krb5_sockaddr2port +extracts a +.Fa port +(if possible) from a +.Li "struct sockaddr" +.Fa sa . +.Pp +.Fn krb5_addr2sockaddr +sets the +struct sockaddr +.Fa sockaddr +from +.Fa addr +and +.Fa port . +.Fa Sa_size +should be initially contain the size of the +.Fa sa , +and after the call, it will contain the actual length of the address. +.Pp +.Fn krb5_max_sockaddr_size +returns the max size of the +.Li struct sockaddr +that the Kerberos library will return. +.Pp +.Fn krb5_sockaddr_uninteresting +returns +.Dv TRUE +for all +.Fa sa +that for that the kerberos library thinks are uninteresting. +One example are link local addresses. +.Pp +.Fn krb5_h_addr2sockaddr +initializes a +.Li "struct sockaddr" +.Fa sa +from +.Fa af +and the +.Li "struct hostent" +(see +.Xr gethostbyname 3 ) +.Fa h_addr_list +component. +.Fa Sa_size +should be initially contain the size of the +.Fa sa , +and after the call, it will contain the actual length of the address. +.Fa sa +argument. +.Pp +.Fn krb5_h_addr2addr +works like +.Fn krb5_h_addr2sockaddr +with the exception that it operates on a +.Li krb5_address +instead of a +.Li struct sockaddr +.Pp +.Fn krb5_anyaddr +fills in a +.Li "struct sockaddr" +.Fa sa +that can be used to +.Xf bind 3 +to. +.Fa Sa_size +should be initially contain the size of the +.Fa sa , +and after the call, it will contain the actual length of the address. +.Pp +.Fn krb5_print_address +prints the address in +.Fa addr +to the a string +.Fa string +that have the length +.Fa len . +If +.Fa ret_len +if not +.Dv NULL , +it will be filled in length of the string. +.Pp +.Fn krb5_parse_address +Returns the resolving a hostname in +.Fa string +to the +.Li krb5_addresses +.Fa addresses . +.Pp +.Fn krb5_address_order +compares to addresses +.Fa addr1 +and +.Fa addr2 +so that it can be used for sorting addresses. If the addresses are the +same address +.Fa krb5_address_order will be return 0. +.Pp +.Fn krb5_address_compare +compares the addresses +.Fa addr1 +and +.Fa addr2 . +returns +.Dv TRUE +if the two addresses are the same. +.Pp +.Fn krb5_address_search +checks if the address +.Fa addr +is a member of the address set list +.Fa addrlist . +.Pp +.Fn krb5_free_address +frees the data stored in the +.Fa address +that is alloced with any of the krb5_address functions. +.Pp +.Fn krb5_free_addresses +frees the data stored in the +.Fa addresses +that is alloced with any of the krb5_address functions. +.Pp +.Fn krb5_copy_address +copies the content of address +.Fa inaddr +to +.Fa outaddr . +.Pp +.Fn krb5_copy_addresses +copies the content of the address list +.Fa inaddr +to +.Fa outaddr . +.Pp +.Fn krb5_append_addresses +adds the set of addresses in +.Fa source +to +.Fa dest . +While copying the addresses, duplicates are also sorted out. +.Pp +.Fn krb5_make_addrport +allocates and creates an +krb5_address in +.Fa res +of type KRB5_ADDRESS_ADDRPORT from +.Fa ( addr , port ) . +.Sh SEE ALSO +.Xr krb5 3 , +.Xr krb5.conf 5 , +.Xr kerberos 8 diff --git a/crypto/heimdal/lib/krb5/krb5_aname_to_localname.3 b/crypto/heimdal/lib/krb5/krb5_aname_to_localname.3 new file mode 100644 index 0000000..900e1d9 --- /dev/null +++ b/crypto/heimdal/lib/krb5/krb5_aname_to_localname.3 @@ -0,0 +1,80 @@ +.\" Copyright (c) 2003 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_aname_to_localname.3,v 1.2 2003/04/16 13:58:13 lha Exp $ +.\" +.Dd March 17, 2003 +.Dt KRB5_ANAME_TO_LOCALNAME 3 +.Os HEIMDAL +.Sh NAME +.Nm krb5_aname_to_localname +.Nd converts a principal to a system local name. +.Sh LIBRARY +Kerberos 5 Library (libkrb5, -lkrb5) +.Sh SYNOPSIS +.In krb5.h +.Ft krb5_boolean +.Fo krb5_aname_to_localname +.Fa "krb5_context context" +.Fa "krb5_const_principal name" +.Fa "size_t lnsize" +.Fa "char *lname" +.Fc +.Sh DESCRIPTION +This function takes a principal +.Fa name , +verifies its in the local realm (using +.Fn krb5_get_default_realms ) +and then returns the local name of the principal. +.Pp +If +.Fa name +isn't in one of the local realms and error is returned. +.Pp +If size +.Fa ( lnsize ) +of the local name +.Fa ( lname ) +is to small, an error is returned. +.Pp +.Fn krb5_aname_to_localname +should only be use by application that implements protocols that +doesn't transport the login name and thus needs to convert a principal +to a local name. +.Pp +Protocols should be designed so that the it autheticates using +Kerberos, send over the login name and then verifies in the principal +that authenticated is allowed to login and the login name. +A way to check if a user is allowed to login is using the function +.Fn krb5_kuserok . +.Sh SEE ALSO +.Xr krb5_get_default_realms 3 , +.Xr krb5_kuserok 3 diff --git a/crypto/heimdal/lib/krb5/krb5_appdefault.3 b/crypto/heimdal/lib/krb5/krb5_appdefault.3 index 750bb75..f913fdc 100644 --- a/crypto/heimdal/lib/krb5/krb5_appdefault.3 +++ b/crypto/heimdal/lib/krb5/krb5_appdefault.3 @@ -1,5 +1,36 @@ .\" Copyright (c) 2000 Kungliga Tekniska Högskolan -.\" $Id: krb5_appdefault.3,v 1.7 2002/08/28 15:30:46 joda Exp $ +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_appdefault.3,v 1.10 2003/04/16 13:58:10 lha Exp $ +.\" .Dd July 25, 2000 .Dt KRB5_APPDEFAULT 3 .Os HEIMDAL @@ -11,7 +42,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft void .Fn krb5_appdefault_boolean "krb5_context context" "const char *appname" "krb5_realm realm" "const char *option" "krb5_boolean def_val" "krb5_boolean *ret_val" .Ft void @@ -19,7 +50,7 @@ Kerberos 5 Library (libkrb5, -lkrb5) .Ft void .Fn krb5_appdefault_time "krb5_context context" "const char *appname" "krb5_realm realm" "const char *option" "time_t def_val" "time_t *ret_val" .Sh DESCRIPTION -These functions get application application defaults from the +These functions get application defaults from the .Dv appdefaults section of the .Xr krb5.conf 5 diff --git a/crypto/heimdal/lib/krb5/krb5_auth_context.3 b/crypto/heimdal/lib/krb5/krb5_auth_context.3 index 2afaec5..69db324 100644 --- a/crypto/heimdal/lib/krb5/krb5_auth_context.3 +++ b/crypto/heimdal/lib/krb5/krb5_auth_context.3 @@ -1,5 +1,36 @@ -.\" Copyright (c) 2001 Kungliga Tekniska Högskolan -.\" $Id: krb5_auth_context.3,v 1.5 2002/09/02 12:42:00 joda Exp $ +.\" Copyright (c) 2001 - 2002 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_auth_context.3,v 1.8 2003/04/16 13:58:13 lha Exp $ +.\" .Dd January 21, 2001 .Dt KRB5_AUTH_CONTEXT 3 .Os HEIMDAL @@ -38,7 +69,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft krb5_error_code .Fo krb5_auth_con_init .Fa "krb5_context context" @@ -127,12 +158,12 @@ that holds the context for the thread or process. .Nm krb5_auth_context is used by various functions that are directly related to authentication between the server/client. Example of data that this -structure contains are varius flags, addresses of client and server, +structure contains are various flags, addresses of client and server, port numbers, keyblocks (and subkeys), sequence numbers, replay cache, and checksum-type. .Pp .Fn krb5_auth_con_init -allocates and initilizes the +allocates and initializes the .Nm krb5_auth_context structure. Default values can be changed with .Fn krb5_auth_con_setcksumtype diff --git a/crypto/heimdal/lib/krb5/krb5_build_principal.3 b/crypto/heimdal/lib/krb5/krb5_build_principal.3 index 6ff2cf3..e74c754 100644 --- a/crypto/heimdal/lib/krb5/krb5_build_principal.3 +++ b/crypto/heimdal/lib/krb5/krb5_build_principal.3 @@ -1,5 +1,36 @@ -.\" Copyright (c) 1997 Kungliga Tekniska Högskolan -.\" $Id: krb5_build_principal.3,v 1.5 2002/08/28 15:30:47 joda Exp $ +.\" Copyright (c) 1997, 2001 - 2002 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_build_principal.3,v 1.7 2003/04/16 13:58:14 lha Exp $ +.\" .Dd August 8, 1997 .Dt KRB5_BUILD_PRINCIPAL 3 .Os HEIMDAL @@ -13,7 +44,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft krb5_error_code .Fn krb5_build_principal "krb5_context context" "krb5_principal *principal" "int realm_len" "krb5_const_realm realm" "..." .Ft krb5_error_code diff --git a/crypto/heimdal/lib/krb5/krb5_ccache.3 b/crypto/heimdal/lib/krb5/krb5_ccache.3 new file mode 100644 index 0000000..ec48c5f --- /dev/null +++ b/crypto/heimdal/lib/krb5/krb5_ccache.3 @@ -0,0 +1,356 @@ +.\" Copyright (c) 2003 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_ccache.3,v 1.7 2003/04/16 13:58:12 lha Exp $ +.\" +.Dd March 16, 2003 +.Dt KRB5_CCACHE 3 +.Os HEIMDAL +.Sh NAME +.Nm krb5_ccache , +.Nm krb5_cc_cursor , +.Nm krb5_cc_ops , +.Nm krb5_fcc_ops , +.Nm krb5_mcc_ops , +.Nm krb5_cc_close , +.Nm krb5_cc_copy_cache , +.Nm krb5_cc_default , +.Nm krb5_cc_default_name , +.Nm krb5_cc_destroy , +.Nm krb5_cc_end_seq_get , +.Nm krb5_cc_gen_new , +.Nm krb5_cc_get_name , +.Nm krb5_cc_get_principal , +.Nm krb5_cc_get_type , +.Nm krb5_cc_get_ops , +.Nm krb5_cc_get_version , +.Nm krb5_cc_initialize , +.Nm krb5_cc_register , +.Nm krb5_cc_resolve , +.Nm krb5_cc_retrieve_cred , +.Nm krb5_cc_remove_cred , +.Nm krb5_cc_set_default_name , +.Nm krb5_cc_store_cred , +.Nm krb5_cc_set_flags , +.Nm krb5_cc_next_cred +.Nd mange credential cache. +.Sh LIBRARY +Kerberos 5 Library (libkrb5, -lkrb5) +.Sh SYNOPSIS +.In krb5.h +.Pp +.Li "struct krb5_ccache;" +.Pp +.Li "struct krb5_cc_cursor;" +.Pp +.Li "struct krb5_cc_ops;" +.Pp +.Li "struct krb5_cc_ops *krb5_fcc_ops;" +.Pp +.Li "struct krb5_cc_ops *krb5_mcc_ops;" +.Pp +.Ft krb5_error_code +.Fo krb5_cc_close +.Fa "krb5_context *context" +.Fa "krb5_ccache id" +.Fc +.Ft krb5_error_code +.Fo krb5_cc_copy_cache +.Fa "krb5_context *context" +.Fa "const krb5_ccache from" +.Fa "krb5_ccache to" +.Fc +.Ft krb5_error_code +.Fo krb5_cc_default +.Fa "krb5_context *context" +.Fa "krb5_ccache *id" +.Fc +.Ft "const char *" +.Fo krb5_cc_default_name +.Fa "krb5_context *context" +.Fc +.Ft krb5_error_code +.Fo krb5_cc_destroy +.Fa "krb5_context *context" +.Fa "krb5_ccache id" +.Fc +.Ft krb5_error_code +.Fo krb5_cc_end_seq_get +.Fa "krb5_context *context" +.Fa "const krb5_ccache id" +.Fa "krb5_cc_cursor *cursor" +.Fc +.Ft krb5_error_code +.Fo krb5_cc_gen_new +.Fa "krb5_context *context" +.Fa "const krb5_cc_ops *ops" +.Fa "krb5_ccache *id" +.Fc +.Ft "const char *" +.Fo krb5_cc_get_name +.Fa "krb5_context *context" +.Fa "krb5_ccache id" +.Fc +.Ft krb5_error_code +.Fo krb5_cc_get_principal +.Fa "krb5_context *context" +.Fa "krb5_ccache id" +.Fa "krb5_principal *principal" +.Fc +.Ft "const char *" +.Fo krb5_cc_get_type +.Fa "krb5_context *context" +.Fa "krb5_ccache id" +.Fc +.Ft "const krb5_cc_ops *" +.Fo krb5_cc_get_ops +.Fa "krb5_context *context" +.Fa "krb5_ccache id" +.Fc +.Ft krb5_error_code +.Fo krb5_cc_get_version +.Fa "krb5_context *context" +.Fa "const krb5_ccache id" +.Fc +.Ft krb5_error_code +.Fo krb5_cc_initialize +.Fa "krb5_context *context" +.Fa "krb5_ccache id" +.Fa "krb5_principal primary_principal" +.Fc +.Ft krb5_error_code +.Fo krb5_cc_register +.Fa "krb5_context *context" +.Fa "const krb5_cc_ops *ops" +.Fa "krb5_boolean override" +.Fc +.Ft krb5_error_code +.Fo krb5_cc_resolve +.Fa "krb5_context *context" +.Fa "const char *name" +.Fa "krb5_ccache *id" +.Fc +.Ft krb5_error_code +.Fo krb5_cc_retrieve_cred +.Fa "krb5_context *context" +.Fa "krb5_ccache id" +.Fa "krb5_flags whichfields" +.Fa "const krb5_creds *mcreds" +.Fa "krb5_creds *creds" +.Fc +.Ft krb5_error_code +.Fo krb5_cc_remove_cred +.Fa "krb5_context *context" +.Fa "krb5_ccache id" +.Fa "krb5_flags which" +.Fa "krb5_creds *cred" +.Fc +.Ft krb5_error_code +.Fo krb5_cc_set_default_name +.Fa "krb5_context *context" +.Fa "const char *name" +.Fc +.Ft krb5_error_code +.Fo krb5_cc_store_cred +.Fa "krb5_context *context" +.Fa "krb5_ccache id" +.Fa "krb5_creds *creds" +.Fc +.Ft krb5_error_code +.Fo krb5_cc_set_flags +.Fa "krb5_context *context" +.Fa "krb5_cc_set_flags id" +.Fa "krb5_flags flags" +.Fc +.Ft krb5_error_code +.Fo krb5_cc_next_cred +.Fa "krb5_context *context" +.Fa "const krb5_ccache id" +.Fa "krb5_cc_cursor *cursor" +.Fa "krb5_creds *creds" +.Fc +.Sh DESCRIPTION +The +.Li krb5_ccache +structure holds a Kerberos credential cache. +.Pp +The +.Li krb5_cc_cursor +structure holds current position in a credential cache when +iterating over the cache. +.Pp +The +.Li krb5_cc_ops +structure holds a set of operations that can me preformed on a +credential cache. +.Pp +There is no component inside +.Li krb5_ccache , +.Li krb5_cc_cursor +nor +.Li krb5_fcc_ops +that is directly referable. +.Pp +The +.Li krb5_creds +holds a Kerberos credential, see manpage for +.Xr krb5_creds 3 . +.Pp +.Fn krb5_cc_default_name +and +.Fn krb5_cc_set_default_name +gets and sets the default name for the +.Fa context . +.Pp +.Fn krb5_cc_default +opens the default ccache in +.Fa id . +Return 0 or an error code. +.Pp +.Fn krb5_cc_gen_new +generates a new ccache of type +.Fa ops +in +.Fa id . +Return 0 or an error code. +.Pp +.Fn krb5_cc_resolve +finds and allocates a ccache in +.Fa id +from the specification in +.Fa residual . +If the ccache name doesn't contain any colon (:), interpret it as a +file name. +Return 0 or an error code. +.Pp +.Fn krb5_cc_initialize +creates a new ccache in +.Fa id +for +.Fa primary_principal . +Return 0 or an error code. +.Pp +.Fn krb5_cc_close +stops using the ccache +.Fa id +and frees the related resources. +Return 0 or an error code. +.Fn krb5_cc_destroy +removes the ccache +and closes (by calling +.Fn krb5_cc_close ) +.Fa id . +Return 0 or an error code. +.Pp +.Fn krb5_cc_copy_cache +copys the contents of +.Fa from +to +.Fa to . +.Pp +.Fn krb5_cc_get_name +returns the name of the ccache +.Fa id . +.Pp +.Fn krb5_cc_get_principal +returns the principal of +.Fa id +in +.Fa principal . +Return 0 or an error code. +.Pp +.Fn krb5_cc_get_type +returns the type of the ccache +.Fa id . +.Pp +.Fn krb5_cc_get_ops +returns the ops of the ccache +.Fa id . +.Pp +.Fn krb5_cc_get_version +returns the version of +.Fa id . +.Pp +.Fn krb5_cc_register +Adds a new ccache type with operations +.Fa ops , +overwriting any existing one if +.Fa override . +Return an error code or 0. +.Pp +.Fn krb5_cc_remove_cred +removes the credential identified by +.Fa ( cred , +.Fa which ) +from +.Fa id . +.Pp +.Fn krb5_cc_store_cred +stores +.Fa creds +in the ccache +.Fa id . +Return 0 or an error code. +.Pp +.Fn krb5_cc_set_flags +sets the flags of +.Fa id +to +.Fa flags . +.Pp +.Fn krb5_cc_retrieve_cred , +retrieves the credential identified by +.Fa mcreds +(and +.Fa whichfields ) +from +.Fa id +in +.Fa creds . +Return 0 or an error code. +.Pp +.Fn krb5_cc_next_cred +retrieves the next cred pointed to by +.Fa ( id , +.Fa cursor ) +in +.Fa creds , +and advance +.Fa cursor . +Return 0 or an error code. +.Pp +.Fn krb5_cc_end_seq_get +Destroys the cursor +.Fa cursor . +.Sh SEE ALSO +.Xr krb5 3 , +.Xr krb5.conf 5 , +.Xr kerberos 8 diff --git a/crypto/heimdal/lib/krb5/krb5_config.3 b/crypto/heimdal/lib/krb5/krb5_config.3 index fe5f261..471389e 100644 --- a/crypto/heimdal/lib/krb5/krb5_config.3 +++ b/crypto/heimdal/lib/krb5/krb5_config.3 @@ -1,5 +1,5 @@ .\" Copyright (c) 2000 Kungliga Tekniska Högskolan -.\" $Id: krb5_config.3,v 1.4 2002/08/28 15:30:48 joda Exp $ +.\" $Id: krb5_config.3,v 1.5 2003/04/16 13:58:14 lha Exp $ .Dd July 25, 2000 .Dt KRB5_CONFIG 3 .Os HEIMDAL @@ -12,7 +12,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft krb5_boolean .Fn krb5_config_get_bool_default "krb5_context context" "krb5_config_section *c" "krb5_boolean def_value" "..." .Ft int diff --git a/crypto/heimdal/lib/krb5/krb5_context.3 b/crypto/heimdal/lib/krb5/krb5_context.3 index a90ab72..95d1120 100644 --- a/crypto/heimdal/lib/krb5/krb5_context.3 +++ b/crypto/heimdal/lib/krb5/krb5_context.3 @@ -1,5 +1,36 @@ -.\" Copyright (c) 2001 Kungliga Tekniska Högskolan -.\" $Id: krb5_context.3,v 1.4 2002/09/02 12:42:00 joda Exp $ +.\" Copyright (c) 2001 - 200 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_context.3,v 1.5 2003/03/10 02:19:28 lha Exp $ +.\" .Dd January 21, 2001 .Dt KRB5_CONTEXT 3 .Os HEIMDAL diff --git a/crypto/heimdal/lib/krb5/krb5_create_checksum.3 b/crypto/heimdal/lib/krb5/krb5_create_checksum.3 index 9a8a27b..6704113 100644 --- a/crypto/heimdal/lib/krb5/krb5_create_checksum.3 +++ b/crypto/heimdal/lib/krb5/krb5_create_checksum.3 @@ -1,5 +1,36 @@ .\" Copyright (c) 1999 Kungliga Tekniska Högskolan -.\" $Id: krb5_create_checksum.3,v 1.4 2002/08/28 15:30:49 joda Exp $ +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_create_checksum.3,v 1.6 2003/04/16 13:58:14 lha Exp $ +.\" .Dd April 7, 1999 .Dt NAME 3 .Os HEIMDAL @@ -13,7 +44,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft krb5_error_code .Fn krb5_create_checksum "krb5_context context" "krb5_crypto crypto" "unsigned usage_or_type" "void *data" "size_t len" "Checksum *result" .Ft krb5_error_code diff --git a/crypto/heimdal/lib/krb5/krb5_crypto_init.3 b/crypto/heimdal/lib/krb5/krb5_crypto_init.3 index 98e8c5c..4b0284c 100644 --- a/crypto/heimdal/lib/krb5/krb5_crypto_init.3 +++ b/crypto/heimdal/lib/krb5/krb5_crypto_init.3 @@ -1,5 +1,36 @@ .\" Copyright (c) 1999 Kungliga Tekniska Högskolan -.\" $Id: krb5_crypto_init.3,v 1.4 2002/08/28 15:30:50 joda Exp $ +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_crypto_init.3,v 1.6 2003/04/16 13:58:15 lha Exp $ +.\" .Dd April 7, 1999 .Dt NAME 3 .Os HEIMDAL @@ -10,7 +41,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft krb5_error_code .Fn krb5_crypto_init "krb5_context context" "krb5_keyblock *key" "krb5_enctype enctype" "krb5_crypto *crypto" .Ft krb5_error_code diff --git a/crypto/heimdal/lib/krb5/krb5_data.3 b/crypto/heimdal/lib/krb5/krb5_data.3 new file mode 100644 index 0000000..355d934 --- /dev/null +++ b/crypto/heimdal/lib/krb5/krb5_data.3 @@ -0,0 +1,149 @@ +.\" Copyright (c) 2003 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_data.3,v 1.4 2003/04/16 13:58:13 lha Exp $ +.\" +.Dd March 20, 2003 +.Dt KRB5_DATA 3 +.Os HEIMDAL +.Sh NAME +.Nm krb5_data +.Nm krb5_data_zero +.Nm krb5_data_free +.Nm krb5_free_data_contents +.Nm krb5_free_data +.Nm krb5_data_alloc +.Nm krb5_data_realloc +.Nm krb5_data_copy +.Nm krb5_copy_data +.Nd operates on the Kerberos datatype krb5_data. +.Sh LIBRARY +Kerberos 5 Library (libkrb5, -lkrb5) +.Sh SYNOPSIS +.In krb5.h +.Pp +.Li "struct krb5_data;" +.Ft void +.Fn krb5_data_zero "krb5_data *p" +.Ft void +.Fn krb5_data_free "krb5_data *p" +.Ft void +.Fn krb5_free_data_contents "krb5_context context" "krb5_data *p" +.Ft void +.Fn krb5_free_data "krb5_context context" "krb5_data *p" +.Ft krb5_error_code +.Fn krb5_data_alloc "krb5_data *p" "int len" +.Ft krb5_error_code +.Fn krb5_data_realloc "krb5_data *p" "int len" +.Ft krb5_error_code +.Fn krb5_data_copy "krb5_data *p" "const void *data" "size_t len" +.Ft krb5_error_code +.Fn krb5_copy_data "krb5_context context" "const krb5_data *indata" "krb5_data **outdata" +.Sh DESCRIPTION +The +.Li krb5_data +structure holds a data element. +The structure contains two public accessible elements +.Fa length +(the length of data) +and +.Fa data +(the data itself). +The structure must always be initiated and freed by the functions +documented in this manual. +.Pp +.Fn krb5_data_zero +resets the content of +.Fa p . +.Pp +.Fn krb5_data_free +free the data in +.Fa p . +.Pp +.Fn krb5_free_data_contents +works the same way as +.Fa krb5_data_free . +The diffrence is that krb5_free_data_contents is more portable (exists +in MIT api). +.Pp +.Fn krb5_free_data +frees the data in +.Fa p +and +.Fa p +itself . +.Pp +.Fn krb5_data_alloc +allocates +.Fa len +bytes in +.Fa p +Returns 0 or an error. +.Pp +.Fn krb5_data_realloc +reallocates the length of +.Fa p +to the length in +.Fa len . +Returns 0 or an error. +.Pp +.Fn krb5_data_copy +copies the +.Fa data +that have the length +.Fa len +into +.Fa p . +.Fa p +is not freed so the calling function should make sure the +.Fa p +doesn't contain anything needs to be freed. +Returns 0 or an error. +.Pp +.Fn krb5_copy_data +copies the +.Li krb5_data +in +.Fa indata +to +.Fa outdata . +.Fa outdata +is not freed so the calling function should make sure the +.Fa outdata +doesn't contain anything needs to be freed. +.Fa outdata +should be freed using +.Fn krb5_free_data . +Returns 0 or an error. +.Sh SEE ALSO +.Xr krb5 3 , +.Xr krb5_storage 3 , +.Xr kerberos 8 diff --git a/crypto/heimdal/lib/krb5/krb5_encrypt.3 b/crypto/heimdal/lib/krb5/krb5_encrypt.3 index 9b24588..84140bf 100644 --- a/crypto/heimdal/lib/krb5/krb5_encrypt.3 +++ b/crypto/heimdal/lib/krb5/krb5_encrypt.3 @@ -1,5 +1,36 @@ .\" Copyright (c) 1999 Kungliga Tekniska Högskolan -.\" $Id: krb5_encrypt.3,v 1.5 2002/08/28 15:30:50 joda Exp $ +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_encrypt.3,v 1.7 2003/04/16 13:58:15 lha Exp $ +.\" .Dd April 7, 1999 .Dt KRB5_ENCRYPT 3 .Os HEIMDAL @@ -12,7 +43,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft krb5_error_code .Fn krb5_encrypt "krb5_context context" "krb5_crypto crypto" "unsigned usage" "void *data" "size_t len" "krb5_data *result" .Ft krb5_error_code diff --git a/crypto/heimdal/lib/krb5/krb5_free_addresses.3 b/crypto/heimdal/lib/krb5/krb5_free_addresses.3 index 18e1cda..6ac46d4 100644 --- a/crypto/heimdal/lib/krb5/krb5_free_addresses.3 +++ b/crypto/heimdal/lib/krb5/krb5_free_addresses.3 @@ -1,5 +1,36 @@ .\" Copyright (c) 2001 Kungliga Tekniska Högskolan -.\" $Id: krb5_free_addresses.3,v 1.3 2002/08/28 15:30:51 joda Exp $ +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_free_addresses.3,v 1.5 2003/04/16 13:58:15 lha Exp $ +.\" .Dd November 20, 2001 .Dt KRB5_FREE_ADDRESSES 3 .Os HEIMDAL @@ -9,7 +40,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft void .Fn krb5_free_addresses "krb5_context context" "krb5_addresses *addresses" .Sh DESCRIPTION diff --git a/crypto/heimdal/lib/krb5/krb5_free_principal.3 b/crypto/heimdal/lib/krb5/krb5_free_principal.3 index f9c006c..e9900a7 100644 --- a/crypto/heimdal/lib/krb5/krb5_free_principal.3 +++ b/crypto/heimdal/lib/krb5/krb5_free_principal.3 @@ -1,5 +1,36 @@ +.\" Copyright (c) 1997, 2001 - 2002 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" .\" Copyright (c) 1997 Kungliga Tekniska Högskolan -.\" $Id: krb5_free_principal.3,v 1.5 2002/08/28 15:30:52 joda Exp $ +.\" $Id: krb5_free_principal.3,v 1.7 2003/04/16 13:58:11 lha Exp $ .Dd August 8, 1997 .Dt KRB5_FREE_PRINCIPAL 3 .Os HEIMDAL @@ -9,7 +40,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft void .Fn krb5_free_principal "krb5_context context" "krb5_principal principal" .Sh DESCRIPTION diff --git a/crypto/heimdal/lib/krb5/krb5_get_all_client_addrs.3 b/crypto/heimdal/lib/krb5/krb5_get_all_client_addrs.3 index 1821298..0aef63e3 100644 --- a/crypto/heimdal/lib/krb5/krb5_get_all_client_addrs.3 +++ b/crypto/heimdal/lib/krb5/krb5_get_all_client_addrs.3 @@ -1,4 +1,36 @@ -.\" $Id: krb5_get_all_client_addrs.3,v 1.4 2002/08/28 15:30:52 joda Exp $ +.\" Copyright (c) 2001 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_get_all_client_addrs.3,v 1.6 2003/04/16 13:58:16 lha Exp $ +.\" .Dd July 1, 2001 .Dt KRB5_GET_ADDRS 3 .Sh NAME @@ -8,7 +40,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft "krb5_error_code" .Fn krb5_get_all_client_addrs "krb5_context context" "krb5_addresses *addrs" .Ft "krb5_error_code" diff --git a/crypto/heimdal/lib/krb5/krb5_get_krbhst.3 b/crypto/heimdal/lib/krb5/krb5_get_krbhst.3 index fcdc8e1..76ad20b 100644 --- a/crypto/heimdal/lib/krb5/krb5_get_krbhst.3 +++ b/crypto/heimdal/lib/krb5/krb5_get_krbhst.3 @@ -1,5 +1,36 @@ .\" Copyright (c) 2001 Kungliga Tekniska Högskolan -.\" $Id: krb5_get_krbhst.3,v 1.4 2002/08/28 15:30:53 joda Exp $ +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_get_krbhst.3,v 1.6 2003/04/16 13:58:16 lha Exp $ +.\" .Dd June 17, 2001 .Dt KRB5_GET_KRBHST 3 .Os HEIMDAL @@ -13,7 +44,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft krb5_error_code .Fn krb5_get_krbhst "krb5_context context" "const krb5_realm *realm" "char ***hostlist" .Ft krb5_error_code diff --git a/crypto/heimdal/lib/krb5/krb5_init_context.3 b/crypto/heimdal/lib/krb5/krb5_init_context.3 index 8a1141a..76213fb 100644 --- a/crypto/heimdal/lib/krb5/krb5_init_context.3 +++ b/crypto/heimdal/lib/krb5/krb5_init_context.3 @@ -1,5 +1,36 @@ -.\" Copyright (c) 2001 Kungliga Tekniska Högskolan -.\" $Id: krb5_init_context.3,v 1.6 2002/09/02 12:42:00 joda Exp $ +.\" Copyright (c) 2001 - 2002 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_init_context.3,v 1.9 2003/04/16 13:58:11 lha Exp $ +.\" .Dd January 21, 2001 .Dt KRB5_CONTEXT 3 .Os HEIMDAL @@ -10,7 +41,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft krb5_error_code .Fn krb5_init_context "krb5_context *context" .Ft void diff --git a/crypto/heimdal/lib/krb5/krb5_keytab.3 b/crypto/heimdal/lib/krb5/krb5_keytab.3 index 9c7eacd..164eb49 100644 --- a/crypto/heimdal/lib/krb5/krb5_keytab.3 +++ b/crypto/heimdal/lib/krb5/krb5_keytab.3 @@ -1,5 +1,36 @@ -.\" Copyright (c) 2001 Kungliga Tekniska Högskolan -.\" $Id: krb5_keytab.3,v 1.5 2002/08/28 15:30:54 joda Exp $ +.\" Copyright (c) 2001 - 2003 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_keytab.3,v 1.9 2003/04/16 13:58:16 lha Exp $ +.\" .Dd February 5, 2001 .Dt KRB5_KEYTAB 3 .Os HEIMDAL @@ -17,6 +48,7 @@ .Nm krb5_kt_free_entry , .Nm krb5_kt_get_entry , .Nm krb5_kt_get_name , +.Nm krb5_kt_get_type , .Nm krb5_kt_next_entry , .Nm krb5_kt_read_service_key , .Nm krb5_kt_register , @@ -27,7 +59,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Pp .Ft krb5_error_code .Fo krb5_kt_add_entry @@ -93,6 +125,13 @@ Kerberos 5 Library (libkrb5, -lkrb5) .Fa "size_t namesize" .Fc .Ft krb5_error_code +.Fo krb5_kt_get_type +.Fa "krb5_context context" +.Fa "krb5_keytab keytab" +.Fa "char *prefix" +.Fa "size_t prefixsize" +.Fc +.Ft krb5_error_code .Fo krb5_kt_next_entry .Fa "krb5_context context" .Fa "krb5_keytab id" @@ -138,7 +177,7 @@ The .Li residual part is specific to each keytab-type. .Pp -When a keytab-name is resolved, the type is matched with an interal +When a keytab-name is resolved, the type is matched with an internal list of keytab types. If there is no matching keytab type, the default keytab is used. The current default type is .Nm file . @@ -195,7 +234,7 @@ structure is normally only used when doing a new keytab-type implementation. .Pp .Fn krb5_kt_resolve -is the equvalent of an +is the equivalent of an .Xr open 2 on keytab. Resolve the keytab name in .Fa name @@ -260,6 +299,18 @@ into .Fa namesize . Returns 0 or an error. .Pp +.Fn krb5_kt_get_type +retrieves the type of the keytab +.Fa keytab +and store the prefix/name for type of the keytab into +.Fa prefix , +.Fa prefixsize . +The prefix will have the maximum length of +.Dv KRB5_KT_PREFIX_MAX_LEN +(including terminating +.Dv NUL ) . +Returns 0 or an error. +.Pp .Fn krb5_kt_free_entry frees the contents of .Fa entry . diff --git a/crypto/heimdal/lib/krb5/krb5_krbhst_init.3 b/crypto/heimdal/lib/krb5/krb5_krbhst_init.3 index 6bcf07f..87ea3f9 100644 --- a/crypto/heimdal/lib/krb5/krb5_krbhst_init.3 +++ b/crypto/heimdal/lib/krb5/krb5_krbhst_init.3 @@ -1,5 +1,36 @@ .\" Copyright (c) 2001 Kungliga Tekniska Högskolan -.\" $Id: krb5_krbhst_init.3,v 1.5 2002/08/28 15:30:54 joda Exp $ +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_krbhst_init.3,v 1.7 2003/04/16 13:58:16 lha Exp $ +.\" .Dd June 17, 2001 .Dt KRB5_KRBHST_INIT 3 .Os HEIMDAL @@ -15,7 +46,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft krb5_error_code .Fn krb5_krbhst_init "krb5_context context" "const char *realm" "unsigned int type" "krb5_krbhst_handle *handle" .Ft krb5_error_code diff --git a/crypto/heimdal/lib/krb5/krb5_kuserok.3 b/crypto/heimdal/lib/krb5/krb5_kuserok.3 new file mode 100644 index 0000000..1539202 --- /dev/null +++ b/crypto/heimdal/lib/krb5/krb5_kuserok.3 @@ -0,0 +1,94 @@ +.\" Copyright (c) 2003 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_kuserok.3,v 1.5 2003/04/16 13:58:10 lha Exp $ +.\" +.Dd Oct 17, 2002 +.Dt KRB5_KUSEROK 3 +.Os HEIMDAL +.Sh NAME +.Nm krb5_kuserok +.Nd verifies if a principal can log in as a user +.Sh LIBRARY +Kerberos 5 Library (libkrb5, -lkrb5) +.Sh SYNOPSIS +.In krb5.h +.Ft krb5_boolean +.Fo krb5_kuserok +.Fa "krb5_context context" +.Fa "krb5_principal principal" +.Fa "const char *name" +.Fc +.Sh DESCRIPTION +This function takes a local user +.Fa name +and verifies if +.Fa principal +is allowed to log in as that user. +.Pp +First +.Nm +check if there is a local account name +.Fa username. +If there isn't, +.Nm +returns +.Dv FALSE . +.Pp +Then +.Nm +checks if principal is the same as user@realm in any of the default +realms. If that is the case, +.Nm +returns +.Dv TRUE . +.Pp +After that it reads the file +.Pa .k5login +(if it exists) in the users home directory and checks if +.Fa principal +is in the file. +If it does exists, +.Dv TRUE +is returned. +If neither of the above turns out to be true, +.DV FALSE +is returned. +.Pp +The +.Pa .k5login +should contain one principal per line. +.Sh SEE ALSO +.Xr krb5_get_default_realms 3 , +.Xr krb5_verify_user 3 , +.Xr krb5_verify_user_lrealm 3 , +.Xr krb5_verify_user_opt 3, +.Xr krb5.conf 5 diff --git a/crypto/heimdal/lib/krb5/krb5_openlog.3 b/crypto/heimdal/lib/krb5/krb5_openlog.3 index 8ed94fc..cb1ccc9 100644 --- a/crypto/heimdal/lib/krb5/krb5_openlog.3 +++ b/crypto/heimdal/lib/krb5/krb5_openlog.3 @@ -1,5 +1,35 @@ -.\" Copyright (c) 1997 Kungliga Tekniska Högskolan -.\" $Id: krb5_openlog.3,v 1.7 2002/08/28 15:30:55 joda Exp $ +.\" Copyright (c) 1997, 1999, 2001 - 2002 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_openlog.3,v 1.9 2003/04/16 13:58:12 lha Exp $ .Dd August 6, 1997 .Dt KRB5_OPENLOG 3 .Os HEIMDAL @@ -17,7 +47,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft "typedef void" .Fn "\*(lp*krb5_log_log_func_t\*(rp" "const char *time" "const char *message" "void *data" .Ft "typedef void" diff --git a/crypto/heimdal/lib/krb5/krb5_parse_name.3 b/crypto/heimdal/lib/krb5/krb5_parse_name.3 index 285c4e2..b936c63 100644 --- a/crypto/heimdal/lib/krb5/krb5_parse_name.3 +++ b/crypto/heimdal/lib/krb5/krb5_parse_name.3 @@ -1,5 +1,36 @@ .\" Copyright (c) 1997 Kungliga Tekniska Högskolan -.\" $Id: krb5_parse_name.3,v 1.6 2002/09/02 12:42:00 joda Exp $ +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_parse_name.3,v 1.8 2003/04/16 13:58:17 lha Exp $ +.\" .Dd August 8, 1997 .Dt KRB5_PARSE_NAME 3 .Os HEIMDAL @@ -9,7 +40,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft krb5_error_code .Fn krb5_parse_name "krb5_context context" "const char *name" "krb5_principal *principal" .Sh DESCRIPTION diff --git a/crypto/heimdal/lib/krb5/krb5_principal_get_realm.3 b/crypto/heimdal/lib/krb5/krb5_principal_get_realm.3 index bd02ce6..1ece798 100644 --- a/crypto/heimdal/lib/krb5/krb5_principal_get_realm.3 +++ b/crypto/heimdal/lib/krb5/krb5_principal_get_realm.3 @@ -1,5 +1,36 @@ .\" Copyright (c) 2001 Kungliga Tekniska Högskolan -.\" $Id: krb5_principal_get_realm.3,v 1.4 2002/08/28 15:30:56 joda Exp $ +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_principal_get_realm.3,v 1.6 2003/04/16 13:58:17 lha Exp $ +.\" .Dd June 20, 2001 .Dt KRB5_PRINCIPAL_GET_REALM 3 .Os HEIMDAL @@ -10,7 +41,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft "const char *" .Fn krb5_principal_get_realm "krb5_context context" "krb5_principal principal" .Ft "const char *" diff --git a/crypto/heimdal/lib/krb5/krb5_set_default_realm.3 b/crypto/heimdal/lib/krb5/krb5_set_default_realm.3 new file mode 100644 index 0000000..e4b9a36 --- /dev/null +++ b/crypto/heimdal/lib/krb5/krb5_set_default_realm.3 @@ -0,0 +1,144 @@ +.\" Copyright (c) 2003 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_set_default_realm.3,v 1.2 2003/04/16 13:58:11 lha Exp $ +.\" +.Dd Mar 16, 2003 +.Dt KRB5_SET_DEFAULT_REALM 3 +.Os HEIMDAL +.Sh NAME +.Nm krb5_free_host_realm +.Nm krb5_get_default_realm +.Nm krb5_get_default_realms +.Nm krb5_get_host_realm +.Nm krb5_set_default_realm +.Nd default and host realm read and manipulation routines +.Sh LIBRARY +Kerberos 5 Library (libkrb5, -lkrb5) +.Sh SYNOPSIS +.In krb5.h +.Ft krb5_error_code +.Fo krb5_free_host_realm +.Fa "krb5_context context" +.Fa "krb5_realm *realmlist" +.Fc +.Ft krb5_error_code +.Fo krb5_get_default_realm +.Fa "krb5_context context" +.Fa "krb5_realm *realm" +.Fc +.Ft krb5_error_code +.Fo krb5_get_default_realms +.Fa "krb5_context context" +.Fa "krb5_realm **realm" +.Fc +.Ft krb5_error_code +.Fo krb5_get_host_realm +.Fa "krb5_context context" +.Fa "const char *host" +.Fa "krb5_realm **realms" +.Fc +.Ft krb5_error_code +.Fo krb5_set_default_realm +.Fa "krb5_context context" +.Fa "const char *realm" +.Fc +.Sh DESCRIPTION +.Fn krb5_free_host_realm +frees all memory allocated by +.Fa realmlist . +.Pp +.Fn krb5_get_default_realm +returns the first default realm for this host. +The realm returned should be free with +.Fn free . +.Pp +.Fn krb5_get_default_realms +returns a +.Dv NULL +terminated list of default realms for this context. +Realms returned by +.Fn krb5_get_default_realms +should be free with +.Fn krb5_free_host_realm . +.Pp +.Fn krb5_get_host_realm +returns a +.Dv NULL +terminated list of realms for +.Fa host +by looking up the information in the +.Li [domain_realm] +in +.Pa krb5.conf +or in +.Li DNS . +If the mapping in +.Li [domain_realm] +results in the string +.Li dns_locate , +DNS is used to lookup the realm. +.Pp +When using +.Li DNS +to a resolve the domain for the host a.b.c, +.Fn krb5_get_host_realm +looks for a +.Dv TXT +resource record named +.Li _kerberos.a.b.c , +and if not found, it strips off the first component and tries a again +(_kerberos.b.c) until it reaches the root. +.Pp +If there is no configuration or DNS information found, +.Fn krb5_get_host_realm +assumes it can use the domain part of the +.Fa host +to form a realm. +.Pp +.Fn krb5_set_default_realm +sets the default realm for the +.Fa context . +If +.Dv NULL +is used as a +.Fa realm , +the +.Li [libdefaults]default_realm +stanza in +.Pa krb5.conf +is used. +If there is no such stanza in the configuration file, the +.Fn krb5_get_host_realm +function is used to form a default realm. +.Sh SEE ALSO +.Xr krb5.conf 5 , +.Xr free 3 diff --git a/crypto/heimdal/lib/krb5/krb5_sname_to_principal.3 b/crypto/heimdal/lib/krb5/krb5_sname_to_principal.3 index f5fff5f..5724ce1 100644 --- a/crypto/heimdal/lib/krb5/krb5_sname_to_principal.3 +++ b/crypto/heimdal/lib/krb5/krb5_sname_to_principal.3 @@ -1,5 +1,36 @@ .\" Copyright (c) 1997 Kungliga Tekniska Högskolan -.\" $Id: krb5_sname_to_principal.3,v 1.5 2002/08/28 15:30:56 joda Exp $ +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_sname_to_principal.3,v 1.7 2003/04/16 13:58:17 lha Exp $ +.\" .Dd August 8, 1997 .Dt KRB5_PRINCIPAL 3 .Os HEIMDAL @@ -10,7 +41,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft krb5_error_code .Fn krb5_sname_to_principal "krb5_context context" "const char *hostname" "const char *sname" "int32_t type" "krb5_principal *principal" .Ft krb5_error_code diff --git a/crypto/heimdal/lib/krb5/krb5_timeofday.3 b/crypto/heimdal/lib/krb5/krb5_timeofday.3 index b0e4b52..6d5dbb3 100644 --- a/crypto/heimdal/lib/krb5/krb5_timeofday.3 +++ b/crypto/heimdal/lib/krb5/krb5_timeofday.3 @@ -1,4 +1,36 @@ -.\" $Id: krb5_timeofday.3,v 1.3 2002/08/28 15:30:57 joda Exp $ +.\" Copyright (c) 2001 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_timeofday.3,v 1.5 2003/04/16 13:58:18 lha Exp $ +.\" .Dd July 1, 2001 .Dt KRB5_TIMEOFDAY 3 .Sh NAME @@ -8,7 +40,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft "krb5_error_code" .Fn krb5_timeofday "krb5_context context" "krb5_timestamp *timeret" .Ft "krb5_error_code" diff --git a/crypto/heimdal/lib/krb5/krb5_unparse_name.3 b/crypto/heimdal/lib/krb5/krb5_unparse_name.3 index e58b911..ed96c5d 100644 --- a/crypto/heimdal/lib/krb5/krb5_unparse_name.3 +++ b/crypto/heimdal/lib/krb5/krb5_unparse_name.3 @@ -1,5 +1,36 @@ .\" Copyright (c) 1997 Kungliga Tekniska Högskolan -.\" $Id: krb5_unparse_name.3,v 1.6 2002/09/02 12:42:00 joda Exp $ +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_unparse_name.3,v 1.8 2003/04/16 13:58:18 lha Exp $ +.\" .Dd August 8, 1997 .Dt KRB5_UNPARSE_NAME 3 .Os HEIMDAL @@ -10,7 +41,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft krb5_error_code .Fn krb5_unparse_name "krb5_context context" "krb5_principal principal" "char **name" .\" .Ft krb5_error_code diff --git a/crypto/heimdal/lib/krb5/krb5_verify_user.3 b/crypto/heimdal/lib/krb5/krb5_verify_user.3 index 0e9b108..1357ef1 100644 --- a/crypto/heimdal/lib/krb5/krb5_verify_user.3 +++ b/crypto/heimdal/lib/krb5/krb5_verify_user.3 @@ -1,30 +1,98 @@ -.\" Copyright (c) 2001 Kungliga Tekniska Högskolan -.\" $Id: krb5_verify_user.3,v 1.5 2002/08/28 15:30:58 joda Exp $ -.Dd June 27, 2001 +.\" Copyright (c) 2001 - 2003 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5_verify_user.3,v 1.10 2003/04/16 13:58:11 lha Exp $ +.\" +.Dd March 25, 2003 .Dt KRB5_VERIFY_USER 3 .Os HEIMDAL .Sh NAME .Nm krb5_verify_user , -.Nm krb5_verify_user_lrealm -.Nd Heimdal password verifying functions +.Nm krb5_verify_user_lrealm , +.Nm krb5_verify_user_opt , +.Nm krb5_verify_opt_init +.Nm krb5_verify_opt_set_flags , +.Nm krb5_verify_opt_set_service , +.Nm krb5_verify_opt_set_secure , +.Nm krb5_verify_opt_set_keytab +.Nd Heimdal password verifying functions. .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft krb5_error_code .Fn "krb5_verify_user" "krb5_context context" " krb5_principal principal" "krb5_ccache ccache" "const char *password" "krb5_boolean secure" "const char *service" .Ft krb5_error_code .Fn "krb5_verify_user_lrealm" "krb5_context context" "krb5_principal principal" "krb5_ccache ccache" "const char *password" "krb5_boolean secure" "const char *service" +.Ft void +.Fn krb5_verify_opt_init "krb5_verify_opt *opt" +.Ft void +.Fn krb5_verify_opt_set_ccache "krb5_verify_opt *opt" "krb5_ccache ccache" +.Ft void +.Fn krb5_verify_opt_set_keytab "krb5_verify_opt *opt" "krb5_keytab keytab" +.Ft void +.Fn krb5_verify_opt_set_secure "krb5_verify_opt *opt" "krb5_boolean secure" +.Ft void +.Fn krb5_verify_opt_set_service "krb5_verify_opt *opt" "const char *service" +.Ft void +.Fn krb5_verify_opt_set_flags "krb5_verify_opt *opt" "unsigned int flags" +.Ft krb5_error_code +.Fo krb5_verify_user_opt +.Fa "krb5_context context" +.Fa "krb5_principal principal" +.Fa "const char *password" +.Fa "krb5_verify_opt *opt" +.Fc .Sh DESCRIPTION The .Nm krb5_verify_user function verifies the password supplied by a user. -The principal whose -password will be verified is specified in +The principal whose password will be verified is specified in .Fa principal . New tickets will be obtained as a side-effect and stored in .Fa ccache -(if NULL, the default ccache is used). +(if +.Dv NULL , +the default ccache is used). +.Fn krb5_verify_user +will call +.Fn krb5_cc_initialize +on the given +.Fa ccache , +so +.Fa ccache +must only initialized with +.Fn krb5_cc_resolve +or +.Fn krb5_cc_gen_new . If the password is not supplied in .Fa password (and is given as @@ -50,6 +118,68 @@ After a successful return, the principal is set to the authenticated realm. If the call fails, the principal will not be meaningful, and should only be freed with .Xr krb5_free_principal 3 . +.Pp +.Fn krb5_verify_opt_init +resets all opt to default values. +.Pp +None of the krb5_verify_opt_set function makes a copy of the data +structure that they are called with. Its up the caller to free them +after the +.Fn krb5_verify_user_opt +is called. +.Pp +.Fn krb5_verify_opt_set_ccache +sets the +.Fa ccache +that user of +.Fa opt +will use. If not set, the default credential cache will be used. +.Pp +.Fn krb5_verify_opt_set_keytab +sets the +.Fa keytab +that user of +.Fa opt +will use. If not set, the default keytab will be used. +.Pp +.Fn krb5_verify_opt_set_secure +if +.Fa secure +if true, the password verification will require that the ticket will +be verified against the locally stored service key. If not set, +default value is true. +.Pp +.Fn krb5_verify_opt_set_service +sets the +.Fa service +principal that user of +.Fa opt +will use. If not set, the +.Ql host +service will be used. +.Pp +.Fn krb5_verify_opt_set_flags +sets +.Fa flags +that user of +.Fa opt +will use. +If the flag +.Dv KRB5_VERIFY_LREALMS +is used, the +.Fa principal +will be modified like +.Fn krb5_verify_user_lrealm +modifies it. +.Pp +.Fn krb5_verify_user_opt +function verifies the +.Fa password +supplied by a user. +The principal whose password will be verified is specified in +.Fa principal . +Options the to the verification process is pass in in +.Fa opt . .Sh EXAMPLE Here is a example program that verifies a password. it uses the .Ql host/`hostname` @@ -86,6 +216,9 @@ main(int argc, char **argv) .Ed .Sh SEE ALSO .Xr krb5_err 3 , +.Xr krb5_cc_gen_new 3 , +.Xr krb5_cc_resolve 3 , +.Xr krb5_cc_initialize 3 , .Xr krb5_free_principal 3 , .Xr krb5_init_context 3 , .Xr krb5_kt_default 3 , diff --git a/crypto/heimdal/lib/krb5/krb5_warn.3 b/crypto/heimdal/lib/krb5/krb5_warn.3 index 0a1302a..7ed4b31 100644 --- a/crypto/heimdal/lib/krb5/krb5_warn.3 +++ b/crypto/heimdal/lib/krb5/krb5_warn.3 @@ -1,5 +1,5 @@ .\" Copyright (c) 1997 Kungliga Tekniska Högskolan -.\" $Id: krb5_warn.3,v 1.5 2002/08/28 15:30:59 joda Exp $ +.\" $Id: krb5_warn.3,v 1.7 2003/04/16 19:31:49 lha Exp $ .Dd August 8, 1997 .Dt KRB5_WARN 3 .Os HEIMDAL @@ -17,7 +17,7 @@ .Sh LIBRARY Kerberos 5 Library (libkrb5, -lkrb5) .Sh SYNOPSIS -.Fd #include <krb5.h> +.In krb5.h .Ft krb5_error_code .Fn krb5_err "krb5_context context" "int eval" "krb5_error_code code" "const char *format" "..." .Ft krb5_error_code @@ -36,6 +36,8 @@ Kerberos 5 Library (libkrb5, -lkrb5) .Fn krb5_warnx "krb5_context context" "const char *format" "..." .Ft krb5_error_code .Fn krb5_set_warn_dest "krb5_context context" "krb5_log_facility *facility" +.Ft "char *" +.Fn krb5_get_err_text "krb5_context context" "krb5_error_code code" .Sh DESCRIPTION These functions prints a warning message to some destination. .Fa format @@ -59,5 +61,8 @@ Messages logged with the functions have a log level of 1, while the .Dq err functions logs with level 0. +.Pp +.Fn krb5_get_err_text +fetches the human readable strings describing the error-code. .Sh SEE ALSO .Xr krb5_openlog 3 diff --git a/crypto/heimdal/lib/krb5/krbhst.c b/crypto/heimdal/lib/krb5/krbhst.c index 8ffa6df..e0cc9f4 100644 --- a/crypto/heimdal/lib/krb5/krbhst.c +++ b/crypto/heimdal/lib/krb5/krbhst.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include <resolve.h> -RCSID("$Id: krbhst.c,v 1.41 2002/08/16 18:48:19 nectar Exp $"); +RCSID("$Id: krbhst.c,v 1.43.2.1 2003/04/22 15:00:38 lha Exp $"); static int string_to_proto(const char *string) @@ -104,7 +104,9 @@ srv_find_realm(krb5_context context, krb5_krbhst_info ***res, int *count, for(num_srv = 0, rr = r->head; rr; rr = rr->next) if(rr->type == T_SRV) { krb5_krbhst_info *hi; - hi = calloc(1, sizeof(*hi) + strlen(rr->u.srv->target)); + size_t len = strlen(rr->u.srv->target); + + hi = calloc(1, sizeof(*hi) + len); if(hi == NULL) { dns_free_data(r); while(--num_srv >= 0) @@ -122,7 +124,7 @@ srv_find_realm(krb5_context context, krb5_krbhst_info ***res, int *count, else hi->port = rr->u.srv->port; - strcpy(hi->hostname, rr->u.srv->target); + strlcpy(hi->hostname, rr->u.srv->target, len + 1); } *count = num_srv; diff --git a/crypto/heimdal/lib/krb5/kuserok.c b/crypto/heimdal/lib/krb5/kuserok.c index 95123699..a79532e 100644 --- a/crypto/heimdal/lib/krb5/kuserok.c +++ b/crypto/heimdal/lib/krb5/kuserok.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: kuserok.c,v 1.5.12.1 2002/10/21 14:37:55 joda Exp $"); +RCSID("$Id: kuserok.c,v 1.7 2003/03/13 19:53:43 lha Exp $"); /* * Return TRUE iff `principal' is allowed to login as `luser'. @@ -51,6 +51,10 @@ krb5_kuserok (krb5_context context, krb5_error_code ret; krb5_boolean b; + pwd = getpwnam (luser); /* XXX - Should use k_getpwnam? */ + if (pwd == NULL) + return FALSE; + ret = krb5_get_default_realms (context, &realms); if (ret) return FALSE; @@ -78,9 +82,6 @@ krb5_kuserok (krb5_context context, } krb5_free_host_realm (context, realms); - pwd = getpwnam (luser); /* XXX - Should use k_getpwnam? */ - if (pwd == NULL) - return FALSE; snprintf (buf, sizeof(buf), "%s/.k5login", pwd->pw_dir); f = fopen (buf, "r"); if (f == NULL) diff --git a/crypto/heimdal/lib/krb5/mk_rep.c b/crypto/heimdal/lib/krb5/mk_rep.c index b955555..1026df0 100644 --- a/crypto/heimdal/lib/krb5/mk_rep.c +++ b/crypto/heimdal/lib/krb5/mk_rep.c @@ -33,68 +33,67 @@ #include <krb5_locl.h> -RCSID("$Id: mk_rep.c,v 1.20 2002/09/04 16:26:05 joda Exp $"); +RCSID("$Id: mk_rep.c,v 1.21 2002/12/19 13:30:36 joda Exp $"); krb5_error_code krb5_mk_rep(krb5_context context, krb5_auth_context auth_context, krb5_data *outbuf) { - krb5_error_code ret; - AP_REP ap; - EncAPRepPart body; - u_char *buf = NULL; - size_t buf_size; - size_t len; - krb5_crypto crypto; + krb5_error_code ret; + AP_REP ap; + EncAPRepPart body; + u_char *buf = NULL; + size_t buf_size; + size_t len; + krb5_crypto crypto; - ap.pvno = 5; - ap.msg_type = krb_ap_rep; + ap.pvno = 5; + ap.msg_type = krb_ap_rep; - memset (&body, 0, sizeof(body)); + memset (&body, 0, sizeof(body)); - body.ctime = auth_context->authenticator->ctime; - body.cusec = auth_context->authenticator->cusec; - body.subkey = NULL; - if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) { - krb5_generate_seq_number (context, - auth_context->keyblock, - &auth_context->local_seqnumber); - body.seq_number = malloc (sizeof(*body.seq_number)); - if (body.seq_number == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - *(body.seq_number) = auth_context->local_seqnumber; - } else - body.seq_number = NULL; + body.ctime = auth_context->authenticator->ctime; + body.cusec = auth_context->authenticator->cusec; + body.subkey = NULL; + if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) { + krb5_generate_seq_number (context, + auth_context->keyblock, + &auth_context->local_seqnumber); + body.seq_number = malloc (sizeof(*body.seq_number)); + if (body.seq_number == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + *(body.seq_number) = auth_context->local_seqnumber; + } else + body.seq_number = NULL; - ap.enc_part.etype = auth_context->keyblock->keytype; - ap.enc_part.kvno = NULL; + ap.enc_part.etype = auth_context->keyblock->keytype; + ap.enc_part.kvno = NULL; - ASN1_MALLOC_ENCODE(EncAPRepPart, buf, buf_size, &body, &len, ret); - free_EncAPRepPart (&body); - if(ret) - return ret; - ret = krb5_crypto_init(context, auth_context->keyblock, - 0 /* ap.enc_part.etype */, &crypto); - if (ret) { - free (buf); - return ret; - } - ret = krb5_encrypt (context, - crypto, - KRB5_KU_AP_REQ_ENC_PART, - buf + buf_size - len, - len, - &ap.enc_part.cipher); - krb5_crypto_destroy(context, crypto); - if (ret) { - free(buf); - return ret; - } + ASN1_MALLOC_ENCODE(EncAPRepPart, buf, buf_size, &body, &len, ret); + free_EncAPRepPart (&body); + if(ret) + return ret; + ret = krb5_crypto_init(context, auth_context->keyblock, + 0 /* ap.enc_part.etype */, &crypto); + if (ret) { + free (buf); + return ret; + } + ret = krb5_encrypt (context, + crypto, + KRB5_KU_AP_REQ_ENC_PART, + buf + buf_size - len, + len, + &ap.enc_part.cipher); + krb5_crypto_destroy(context, crypto); + free(buf); + if (ret) + return ret; - ASN1_MALLOC_ENCODE(AP_REP, outbuf->data, outbuf->length, &ap, &len, ret); - free_AP_REP (&ap); - return ret; + ASN1_MALLOC_ENCODE(AP_REP, outbuf->data, outbuf->length, &ap, &len, ret); + free_AP_REP (&ap); + return ret; } diff --git a/crypto/heimdal/lib/krb5/name-45-test.c b/crypto/heimdal/lib/krb5/name-45-test.c index 373586e..f1455cd 100644 --- a/crypto/heimdal/lib/krb5/name-45-test.c +++ b/crypto/heimdal/lib/krb5/name-45-test.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002 Kungliga Tekniska Högskolan + * Copyright (c) 2002 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,7 +32,7 @@ #include "krb5_locl.h" -RCSID("$Id: name-45-test.c,v 1.2 2002/08/31 03:33:07 assar Exp $"); +RCSID("$Id: name-45-test.c,v 1.3.2.1 2003/05/06 16:49:14 joda Exp $"); enum { MAX_COMPONENTS = 3 }; @@ -96,7 +96,7 @@ static struct testcase { 0, 0}, {"pop", "mail0", "NADA.KTH.SE", "NADA.KTH.SE", 2, - {"pop", "mail0.nada.kth.se"}, NULL, HEIM_ERR_V4_PRINC_NO_CONV, 0}, + {"pop", "mail0.nada.kth.se"}, "", HEIM_ERR_V4_PRINC_NO_CONV, 0}, {"pop", "mail0", "NADA.KTH.SE", "NADA.KTH.SE", 2, {"pop", "mail0.nada.kth.se"}, "[realms]\n" @@ -110,10 +110,10 @@ static struct testcase { " v4_instance_resolve = true\n", HEIM_ERR_V4_PRINC_NO_CONV, 0}, - {"rcmd", "ratatosk", "NADA.KTH.SE", "NADA.KTH.SE", 2, - {"host", "ratatosk.pdc.kth.se"}, NULL, HEIM_ERR_V4_PRINC_NO_CONV, 0}, - {"rcmd", "ratatosk", "NADA.KTH.SE", "NADA.KTH.SE", 2, - {"host", "ratatosk.pdc.kth.se"}, + {"rcmd", "hokkigai", "NADA.KTH.SE", "NADA.KTH.SE", 2, + {"host", "hokkigai.pdc.kth.se"}, "", HEIM_ERR_V4_PRINC_NO_CONV, 0}, + {"rcmd", "hokkigai", "NADA.KTH.SE", "NADA.KTH.SE", 2, + {"host", "hokkigai.pdc.kth.se"}, "[libdefaults]\n" " v4_instance_resolve = true\n" "[realms]\n" @@ -143,7 +143,7 @@ static struct testcase { "012345678901234567890123456789012345678"}, NULL, 0, 0}, - {NULL, NULL, NULL, NULL, 0, {}, NULL, 0} + {NULL, NULL, NULL, NULL, 0, {NULL}, NULL, 0} }; int @@ -199,10 +199,13 @@ main(int argc, char **argv) } } else { if (t->ret) { + char *s; + krb5_unparse_name(context, princ, &s); krb5_warnx (context, "krb5_425_conv_principal %s.%s@%s " - "passed unexpected", - t->v4_name, t->v4_inst, t->v4_realm); + "passed unexpected: %s", + t->v4_name, t->v4_inst, t->v4_realm, s); + free(s); val = 1; continue; } diff --git a/crypto/heimdal/lib/krb5/principal.c b/crypto/heimdal/lib/krb5/principal.c index 400ce38..fd218a1 100644 --- a/crypto/heimdal/lib/krb5/principal.c +++ b/crypto/heimdal/lib/krb5/principal.c @@ -41,7 +41,7 @@ #include <fnmatch.h> #include "resolve.h" -RCSID("$Id: principal.c,v 1.81.2.1 2002/10/21 16:08:25 joda Exp $"); +RCSID("$Id: principal.c,v 1.82 2002/10/21 15:30:53 joda Exp $"); #define princ_num_comp(P) ((P)->name.name_string.len) #define princ_type(P) ((P)->name.name_type) diff --git a/crypto/heimdal/lib/krb5/prompter_posix.c b/crypto/heimdal/lib/krb5/prompter_posix.c index c6cc715..4aea3a4 100644 --- a/crypto/heimdal/lib/krb5/prompter_posix.c +++ b/crypto/heimdal/lib/krb5/prompter_posix.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: prompter_posix.c,v 1.6.6.1 2002/10/21 14:47:42 joda Exp $"); +RCSID("$Id: prompter_posix.c,v 1.7 2002/09/16 17:32:11 nectar Exp $"); int krb5_prompter_posix (krb5_context context, diff --git a/crypto/heimdal/lib/krb5/store_emem.c b/crypto/heimdal/lib/krb5/store_emem.c index 47ca1c8..526cf32 100644 --- a/crypto/heimdal/lib/krb5/store_emem.c +++ b/crypto/heimdal/lib/krb5/store_emem.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include "store-int.h" -RCSID("$Id: store_emem.c,v 1.12.4.1 2002/10/21 16:08:55 joda Exp $"); +RCSID("$Id: store_emem.c,v 1.13 2002/10/21 15:36:23 joda Exp $"); typedef struct emem_storage{ unsigned char *base; diff --git a/crypto/heimdal/lib/krb5/test_alname.c b/crypto/heimdal/lib/krb5/test_alname.c new file mode 100644 index 0000000..8a6ec6d --- /dev/null +++ b/crypto/heimdal/lib/krb5/test_alname.c @@ -0,0 +1,156 @@ +/* + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of KTH nor the names of its contributors may be + * used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ + +#include "krb5_locl.h" +#include <getarg.h> +#include <err.h> + +RCSID("$Id: test_alname.c,v 1.4 2003/04/17 05:46:45 lha Exp $"); + +static void +test_alname(krb5_context context, krb5_realm realm, + const char *user, const char *inst, + const char *localuser, int ok) +{ + krb5_principal p; + char localname[1024]; + krb5_error_code ret; + char *princ; + + ret = krb5_make_principal(context, &p, realm, user, inst, NULL); + if (ret) + krb5_err(context, 1, ret, "krb5_build_principal"); + + ret = krb5_unparse_name(context, p, &princ); + if (ret) + krb5_err(context, 1, ret, "krb5_unparse_name"); + + ret = krb5_aname_to_localname(context, p, sizeof(localname), localname); + krb5_free_principal(context, p); + free(princ); + if (ret) { + if (!ok) + return; + krb5_err(context, 1, ret, "krb5_aname_to_localname: %s -> %s", + princ, localuser); + } + + if (strcmp(localname, localuser) != 0) { + if (ok) + errx(1, "compared failed %s != %s (should have succeded)", + localname, localuser); + } else { + if (!ok) + errx(1, "compared failed %s == %s (should have failed)", + localname, localuser); + } + +} + +static int version_flag = 0; +static int help_flag = 0; + +static struct getargs args[] = { + {"version", 0, arg_flag, &version_flag, + "print version", NULL }, + {"help", 0, arg_flag, &help_flag, + NULL, NULL } +}; + +static void +usage (int ret) +{ + arg_printusage (args, + sizeof(args)/sizeof(*args), + NULL, + ""); + exit (ret); +} + +int +main(int argc, char **argv) +{ + krb5_context context; + krb5_error_code ret; + krb5_realm realm; + int optind = 0; + char *user; + + setprogname(argv[0]); + + if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind)) + usage(1); + + if (help_flag) + usage (0); + + if(version_flag){ + print_version(NULL); + exit(0); + } + + argc -= optind; + argv += optind; + + if (argc != 1) + errx(1, "first argument should be a local user that in root .k5login"); + + user = argv[0]; + + ret = krb5_init_context(&context); + if (ret) + errx (1, "krb5_init_context failed: %d", ret); + + ret = krb5_get_default_realm(context, &realm); + if (ret) + krb5_err(context, 1, ret, "krb5_get_default_realm"); + + test_alname(context, realm, user, NULL, user, 1); + test_alname(context, realm, user, "root", "root", 1); + + test_alname(context, "FOO.BAR.BAZ.KAKA", user, NULL, user, 0); + test_alname(context, "FOO.BAR.BAZ.KAKA", user, "root", "root", 0); + + test_alname(context, realm, user, NULL, + "not-same-as-user", 0); + test_alname(context, realm, user, "root", + "not-same-as-user", 0); + + test_alname(context, "FOO.BAR.BAZ.KAKA", user, NULL, + "not-same-as-user", 0); + test_alname(context, "FOO.BAR.BAZ.KAKA", user, "root", + "not-same-as-user", 0); + + krb5_free_context(context); + + return 0; +} diff --git a/crypto/heimdal/lib/krb5/test_cc.c b/crypto/heimdal/lib/krb5/test_cc.c new file mode 100644 index 0000000..15181f4 --- /dev/null +++ b/crypto/heimdal/lib/krb5/test_cc.c @@ -0,0 +1,86 @@ +/* + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of KTH nor the names of its contributors may be + * used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ + +#include "krb5_locl.h" +#include <err.h> + +RCSID("$Id: test_cc.c,v 1.1 2003/03/10 00:26:40 lha Exp $"); + +#define TEST_CC_NAME "/tmp/foo" + +int +main(int argc, char **argv) +{ + krb5_context context; + krb5_error_code ret; + char *p1, *p2, *p3; + const char *p; + + setprogname(argv[0]); + + ret = krb5_init_context(&context); + if (ret) + errx (1, "krb5_init_context failed: %d", ret); + + p = krb5_cc_default_name(context); + if (p == NULL) + krb5_errx (context, 1, "krb5_cc_default_name 1 failed"); + p1 = estrdup(p); + + ret = krb5_cc_set_default_name(context, NULL); + if (p == NULL) + krb5_errx (context, 1, "krb5_cc_set_default_name failed"); + + p = krb5_cc_default_name(context); + if (p == NULL) + krb5_errx (context, 1, "krb5_cc_default_name 2 failed"); + p2 = estrdup(p); + + if (strcmp(p1, p2) != 0) + krb5_errx (context, 1, "krb5_cc_default_name no longer same"); + + ret = krb5_cc_set_default_name(context, TEST_CC_NAME); + if (p == NULL) + krb5_errx (context, 1, "krb5_cc_set_default_name 1 failed"); + + p = krb5_cc_default_name(context); + if (p == NULL) + krb5_errx (context, 1, "krb5_cc_default_name 2 failed"); + p3 = estrdup(p); + + if (strcmp(p3, TEST_CC_NAME) != 0) + krb5_errx (context, 1, "krb5_cc_set_default_name 1 failed"); + + krb5_free_context(context); + + return 0; +} diff --git a/crypto/heimdal/lib/krb5/transited.c b/crypto/heimdal/lib/krb5/transited.c index b587c63..c7732cb 100644 --- a/crypto/heimdal/lib/krb5/transited.c +++ b/crypto/heimdal/lib/krb5/transited.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: transited.c,v 1.9 2002/09/09 14:03:03 nectar Exp $"); +RCSID("$Id: transited.c,v 1.10 2003/04/16 16:11:27 lha Exp $"); /* this is an attempt at one of the most horrible `compression' schemes that has ever been invented; it's so amazingly brain-dead @@ -166,28 +166,32 @@ expand_realms(krb5_context context, for(r = realms; r; r = r->next){ if(r->trailing_dot){ char *tmp; + size_t len = strlen(r->realm) + strlen(prev_realm) + 1; + if(prev_realm == NULL) prev_realm = client_realm; - tmp = realloc(r->realm, strlen(r->realm) + strlen(prev_realm) + 1); + tmp = realloc(r->realm, len); if(tmp == NULL){ free_realms(realms); krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } r->realm = tmp; - strcat(r->realm, prev_realm); + strlcat(r->realm, prev_realm, len); }else if(r->leading_slash && !r->leading_space && prev_realm){ /* yet another exception: if you use x500-names, the leading realm doesn't have to be "quoted" with a space */ char *tmp; - tmp = malloc(strlen(r->realm) + strlen(prev_realm) + 1); + size_t len = strlen(r->realm) + strlen(prev_realm) + 1; + + tmp = malloc(len); if(tmp == NULL){ free_realms(realms); krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } - strcpy(tmp, prev_realm); - strcat(tmp, r->realm); + strlcpy(tmp, prev_realm, len); + strlcat(tmp, r->realm, len); free(r->realm); r->realm = tmp; } @@ -368,10 +372,10 @@ krb5_domain_x500_encode(char **realms, int num_realms, krb5_data *encoding) *s = '\0'; for(i = 0; i < num_realms; i++){ if(i && i < num_realms - 1) - strcat(s, ","); + strlcat(s, ",", len + 1); if(realms[i][0] == '/') - strcat(s, " "); - strcat(s, realms[i]); + strlcat(s, " ", len + 1); + strlcat(s, realms[i], len + 1); } encoding->data = s; encoding->length = strlen(s); diff --git a/crypto/heimdal/lib/krb5/verify_krb5_conf.c b/crypto/heimdal/lib/krb5/verify_krb5_conf.c index 55d8a42..6f905bf 100644 --- a/crypto/heimdal/lib/krb5/verify_krb5_conf.c +++ b/crypto/heimdal/lib/krb5/verify_krb5_conf.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -35,7 +35,7 @@ #include <getarg.h> #include <parse_bytes.h> #include <err.h> -RCSID("$Id: verify_krb5_conf.c,v 1.14 2002/08/28 15:27:19 nectar Exp $"); +RCSID("$Id: verify_krb5_conf.c,v 1.17 2003/03/29 09:52:50 lha Exp $"); /* verify krb5.conf */ @@ -119,6 +119,20 @@ check_boolean(krb5_context context, const char *path, char *data) } static int +check_524(krb5_context context, const char *path, char *data) +{ + if(strcasecmp(data, "yes") == 0 || + strcasecmp(data, "no") == 0 || + strcasecmp(data, "2b") == 0 || + strcasecmp(data, "local") == 0) + return 0; + + krb5_warnx(context, "%s: didn't contain a valid option `%s'", + path, data); + return 1; +} + +static int check_host(krb5_context context, const char *path, char *data) { int ret; @@ -168,6 +182,7 @@ struct s2i { #define L(X) { #X, LOG_ ## X } static struct s2i syslogvals[] = { + /* severity */ L(EMERG), L(ALERT), L(CRIT), @@ -176,7 +191,7 @@ static struct s2i syslogvals[] = { L(NOTICE), L(INFO), L(DEBUG), - + /* facility */ L(AUTH), #ifdef LOG_AUTHPRIV L(AUTHPRIV), @@ -263,12 +278,12 @@ check_log(krb5_context context, const char *path, char *data) strlcpy(severity, "ERR", sizeof(severity)); if(*facility == '\0') strlcpy(facility, "AUTH", sizeof(facility)); - if(find_value(severity, syslogvals) == NULL) { + if(find_value(severity, syslogvals) == -1) { krb5_warnx(context, "%s: unknown syslog facility \"%s\"", path, facility); ret++; } - if(find_value(severity, syslogvals) == NULL) { + if(find_value(severity, syslogvals) == -1) { krb5_warnx(context, "%s: unknown syslog severity \"%s\"", path, severity); ret++; @@ -337,6 +352,8 @@ struct entry libdefaults_entries[] = { }; struct entry appdefaults_entries[] = { + { "afslog", krb5_config_string, check_boolean }, + { "afs-use-524", krb5_config_string, check_524 }, { "forwardable", krb5_config_string, check_boolean }, { "proxiable", krb5_config_string, check_boolean }, { "ticket_lifetime", krb5_config_string, check_time }, @@ -481,8 +498,6 @@ check_section(krb5_context context, const char *path, krb5_config_section *cf, } if(e->name == NULL) { krb5_warnx(context, "%s: unknown entry", local); - for(e = entries; e->name != NULL; e++) - krb5_warnx(context, " %s", e->name); error |= 1; } free(local); diff --git a/crypto/heimdal/lib/krb5/warn.c b/crypto/heimdal/lib/krb5/warn.c index ec009b2..72398bf 100644 --- a/crypto/heimdal/lib/krb5/warn.c +++ b/crypto/heimdal/lib/krb5/warn.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include <err.h> -RCSID("$Id: warn.c,v 1.13 2001/05/07 21:04:34 assar Exp $"); +RCSID("$Id: warn.c,v 1.14 2003/04/16 16:13:08 lha Exp $"); static krb5_error_code _warnerr(krb5_context context, int do_errtext, krb5_error_code code, int level, const char *fmt, va_list ap) @@ -52,9 +52,9 @@ _warnerr(krb5_context context, int do_errtext, args[0] = args[1] = NULL; arg = args; if(fmt){ - strcat(xfmt, "%s"); + strlcat(xfmt, "%s", sizeof(xfmt)); if(do_errtext) - strcat(xfmt, ": "); + strlcat(xfmt, ": ", sizeof(xfmt)); vasprintf(&msg, fmt, ap); if(msg == NULL) return ENOMEM; @@ -63,7 +63,7 @@ _warnerr(krb5_context context, int do_errtext, if(context && do_errtext){ const char *err_msg; - strcat(xfmt, "%s"); + strlcat(xfmt, "%s", sizeof(xfmt)); err_str = krb5_get_error_string(context); if (err_str != NULL) { diff --git a/crypto/heimdal/lib/roken/ChangeLog b/crypto/heimdal/lib/roken/ChangeLog index 93cce29..971bc90 100644 --- a/crypto/heimdal/lib/roken/ChangeLog +++ b/crypto/heimdal/lib/roken/ChangeLog @@ -1,6 +1,54 @@ -2002-10-21 Johan Danielsson <joda@pdc.kth.se> +2003-04-22 Love <lha@stacken.kth.se> - * resolve.c: pull up 1.37; check length of txt records + * resolve.c: 1.38->1.39: copy NUL too, from janj@wenf.org via + openbsd + +2003-04-16 Love <lha@stacken.kth.se> + + * parse_units.h: remove typedef for units to avoid problems with + shadowing + + * resolve.c: use strlcpy, from openbsd + + * getcap.c: use strlcpy, from openbsd + + * getarg.3: Change .Fd #include <header.h> to .In header.h + from Thomas Klausner <wiz@netbsd.org> + +2003-04-15 Love <lha@stacken.kth.se> + + * socket.c (socket_set_tos): if setsockopt failed with EINVAL + failed, just ignore it, sock was probably a just a non AF_INET + socket + +2003-04-14 Love <lha@stacken.kth.se> + + * strncasecmp.c: cast argument to toupper to unsigned char, from + Christian Biere <christianbiere@gmx.de> via NetBSD + + * strlwr.c: cast argument to tolower to unsigned char, from + Christian Biere <christianbiere@gmx.de> via NetBSD + + * strcasecmp.c: cast argument to toupper to unsigned char, from + Christian Biere <christianbiere@gmx.de> via NetBSD + +2003-03-19 Love <lha@stacken.kth.se> + + * getarg.3: spelling, from <jmc@prioris.mini.pw.edu.pl> + +2003-03-07 Love <lha@stacken.kth.se> + + * parse_bytes.c: use struct units instead of units + + * parse_time.c: use struct units instead of units + +2003-03-04 Love <lha@stacken.kth.se> + + * roken.awk: use full prototype for main + +2002-10-15 Johan Danielsson <joda@pdc.kth.se> + + * resolve.c: check length of txt records 2002-09-10 Johan Danielsson <joda@pdc.kth.se> diff --git a/crypto/heimdal/lib/roken/Makefile.am b/crypto/heimdal/lib/roken/Makefile.am index 7b3aa0a6..a850ee8 100644 --- a/crypto/heimdal/lib/roken/Makefile.am +++ b/crypto/heimdal/lib/roken/Makefile.am @@ -1,4 +1,4 @@ -# $Id: Makefile.am,v 1.122.4.1 2002/10/21 15:03:04 joda Exp $ +# $Id: Makefile.am,v 1.122.6.1 2003/05/12 15:20:47 joda Exp $ include $(top_srcdir)/Makefile.am.common @@ -7,7 +7,7 @@ ACLOCAL_AMFLAGS = -I ../../cf CLEANFILES = roken.h make-roken.c $(XHEADERS) lib_LTLIBRARIES = libroken.la -libroken_la_LDFLAGS = -version-info 16:1:0 +libroken_la_LDFLAGS = -version-info 16:2:0 noinst_PROGRAMS = make-roken snprintf-test diff --git a/crypto/heimdal/lib/roken/Makefile.in b/crypto/heimdal/lib/roken/Makefile.in index fe8bb61..192fb3b 100644 --- a/crypto/heimdal/lib/roken/Makefile.in +++ b/crypto/heimdal/lib/roken/Makefile.in @@ -14,11 +14,11 @@ @SET_MAKE@ -# $Id: Makefile.am,v 1.122.4.1 2002/10/21 15:03:04 joda Exp $ +# $Id: Makefile.am,v 1.122.6.1 2003/05/12 15:20:47 joda Exp $ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -206,7 +207,7 @@ ACLOCAL_AMFLAGS = -I ../../cf CLEANFILES = roken.h make-roken.c $(XHEADERS) lib_LTLIBRARIES = libroken.la -libroken_la_LDFLAGS = -version-info 16:1:0 +libroken_la_LDFLAGS = -version-info 16:2:0 noinst_PROGRAMS = make-roken snprintf-test @@ -497,10 +498,10 @@ all: $(BUILT_SOURCES) .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .hin .c .lo .o .obj -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign lib/roken/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) libLTLIBRARIES_INSTALL = $(INSTALL) install-libLTLIBRARIES: $(lib_LTLIBRARIES) @@ -892,8 +893,10 @@ info: info-am info-am: -install-data-am: install-data-local install-includeHEADERS install-man \ +install-data-am: install-includeHEADERS install-man \ install-nodist_includeHEADERS + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: install-libLTLIBRARIES @$(NORMAL_INSTALL) @@ -926,7 +929,7 @@ uninstall-man: uninstall-man3 clean-noinstPROGRAMS distclean distclean-compile \ distclean-generic distclean-libtool distclean-tags distdir dvi \ dvi-am info info-am install install-am install-data \ - install-data-am install-data-local install-exec install-exec-am \ + install-data-am install-exec install-exec-am \ install-includeHEADERS install-info install-info-am \ install-libLTLIBRARIES install-man install-man3 \ install-nodist_includeHEADERS install-strip installcheck \ @@ -1061,7 +1064,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/lib/roken/getarg.3 b/crypto/heimdal/lib/roken/getarg.3 index 25e2217..e2f0412 100644 --- a/crypto/heimdal/lib/roken/getarg.3 +++ b/crypto/heimdal/lib/roken/getarg.3 @@ -1,5 +1,35 @@ -.\" Copyright (c) 1999 Kungliga Tekniska Högskolan -.\" $Id: getarg.3,v 1.4 2002/08/20 17:07:29 joda Exp $ +.\" Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: getarg.3,v 1.7 2003/04/16 13:58:24 lha Exp $ .Dd September 24, 1999 .Dt GETARG 3 .Os ROKEN @@ -8,7 +38,7 @@ .Nm arg_printusage .Nd collect command line options .Sh SYNOPSIS -.Fd #include <getarg.h> +.In getarg.h .Ft int .Fn getarg "struct getargs *args" "size_t num_args" "int argc" "char **argv" "int *optind" .Ft void @@ -109,7 +139,7 @@ the argument is a flag, and should point to a .Fa int . It gets filled in with either zero or one, depending on how the option -is given, the normal case beeing one. Note that if the option isn't +is given, the normal case being one. Note that if the option isn't given, the value isn't altered, so it should be initialised to some useful default. .It Fa arg_negative_flag diff --git a/crypto/heimdal/lib/roken/getcap.c b/crypto/heimdal/lib/roken/getcap.c index 997fabf..8a29e1f 100644 --- a/crypto/heimdal/lib/roken/getcap.c +++ b/crypto/heimdal/lib/roken/getcap.c @@ -40,7 +40,7 @@ #include <config.h> #endif #include "roken.h" -RCSID("$Id: getcap.c,v 1.7 1999/11/17 21:11:58 assar Exp $"); +RCSID("$Id: getcap.c,v 1.8 2003/04/16 16:23:36 lha Exp $"); #include <sys/types.h> #include <ctype.h> @@ -251,11 +251,12 @@ getent(char **cap, size_t *len, char **db_array, int fd, * Check if we have a top record from cgetset(). */ if (depth == 0 && toprec != NULL && cgetmatch(toprec, name) == 0) { - if ((record = malloc (topreclen + BFRAG)) == NULL) { + size_t len = topreclen + BFRAG; + if ((record = malloc (len)) == NULL) { errno = ENOMEM; return (-2); } - (void)strcpy(record, toprec); /* XXX: strcpy is safe */ + (void)strlcpy(record, toprec, len); db_p = db_array; rp = record + topreclen + 1; r_end = rp + BFRAG; diff --git a/crypto/heimdal/lib/roken/parse_bytes.c b/crypto/heimdal/lib/roken/parse_bytes.c index 7793e07..b556ddc 100644 --- a/crypto/heimdal/lib/roken/parse_bytes.c +++ b/crypto/heimdal/lib/roken/parse_bytes.c @@ -33,13 +33,13 @@ #ifdef HAVE_CONFIG_H #include <config.h> -RCSID("$Id: parse_bytes.c,v 1.3 2001/09/04 09:56:00 assar Exp $"); +RCSID("$Id: parse_bytes.c,v 1.4 2003/03/07 15:51:53 lha Exp $"); #endif #include <parse_units.h> #include "parse_bytes.h" -static units bytes_units[] = { +static struct units bytes_units[] = { { "gigabyte", 1024 * 1024 * 1024 }, { "gbyte", 1024 * 1024 * 1024 }, { "GB", 1024 * 1024 * 1024 }, @@ -52,7 +52,7 @@ static units bytes_units[] = { { NULL, 0 } }; -static units bytes_short_units[] = { +static struct units bytes_short_units[] = { { "GB", 1024 * 1024 * 1024 }, { "MB", 1024 * 1024 }, { "KB", 1024 }, diff --git a/crypto/heimdal/lib/roken/parse_time.c b/crypto/heimdal/lib/roken/parse_time.c index a09ded7..deab102 100644 --- a/crypto/heimdal/lib/roken/parse_time.c +++ b/crypto/heimdal/lib/roken/parse_time.c @@ -33,13 +33,13 @@ #ifdef HAVE_CONFIG_H #include <config.h> -RCSID("$Id: parse_time.c,v 1.5 1999/12/02 16:58:51 joda Exp $"); +RCSID("$Id: parse_time.c,v 1.6 2003/03/07 15:51:06 lha Exp $"); #endif #include <parse_units.h> #include "parse_time.h" -static units time_units[] = { +static struct units time_units[] = { {"year", 365 * 24 * 60 * 60}, {"month", 30 * 24 * 60 * 60}, {"week", 7 * 24 * 60 * 60}, diff --git a/crypto/heimdal/lib/roken/parse_units.h b/crypto/heimdal/lib/roken/parse_units.h index 29c5779..2002625 100644 --- a/crypto/heimdal/lib/roken/parse_units.h +++ b/crypto/heimdal/lib/roken/parse_units.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: parse_units.h,v 1.7 2001/09/04 09:56:00 assar Exp $ */ +/* $Id: parse_units.h,v 1.8 2003/04/16 17:30:54 lha Exp $ */ #ifndef __PARSE_UNITS_H__ #define __PARSE_UNITS_H__ @@ -44,8 +44,6 @@ struct units { unsigned mult; }; -typedef struct units units; - int parse_units (const char *s, const struct units *units, const char *def_unit); diff --git a/crypto/heimdal/lib/roken/resolve.c b/crypto/heimdal/lib/roken/resolve.c index ddecb98..cdbc069 100644 --- a/crypto/heimdal/lib/roken/resolve.c +++ b/crypto/heimdal/lib/roken/resolve.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995 - 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -45,7 +45,7 @@ #include <assert.h> -RCSID("$Id: resolve.c,v 1.36.4.1 2002/10/21 14:48:15 joda Exp $"); +RCSID("$Id: resolve.c,v 1.38.2.1 2003/04/22 15:02:47 lha Exp $"); #undef HAVE_RES_NSEARCH #if (defined(HAVE_RES_SEARCH) || defined(HAVE_RES_NSEARCH)) && defined(HAVE_DN_EXPAND) @@ -166,6 +166,8 @@ parse_record(const unsigned char *data, const unsigned char *end_data, break; case T_MX: case T_AFSDB:{ + size_t hostlen; + status = dn_expand(data, end_data, p + 2, host, sizeof(host)); if(status < 0){ free(*rr); @@ -176,17 +178,19 @@ parse_record(const unsigned char *data, const unsigned char *end_data, return -1; } + hostlen = strlen(host); (*rr)->u.mx = (struct mx_record*)malloc(sizeof(struct mx_record) + - strlen(host)); + hostlen); if((*rr)->u.mx == NULL) { free(*rr); return -1; } (*rr)->u.mx->preference = (p[0] << 8) | p[1]; - strcpy((*rr)->u.mx->domain, host); + strlcpy((*rr)->u.mx->domain, host, hostlen + 1); break; } case T_SRV:{ + size_t hostlen; status = dn_expand(data, end_data, p + 6, host, sizeof(host)); if(status < 0){ free(*rr); @@ -197,9 +201,10 @@ parse_record(const unsigned char *data, const unsigned char *end_data, return -1; } + hostlen = strlen(host); (*rr)->u.srv = (struct srv_record*)malloc(sizeof(struct srv_record) + - strlen(host)); + hostlen); if((*rr)->u.srv == NULL) { free(*rr); return -1; @@ -207,7 +212,7 @@ parse_record(const unsigned char *data, const unsigned char *end_data, (*rr)->u.srv->priority = (p[0] << 8) | p[1]; (*rr)->u.srv->weight = (p[2] << 8) | p[3]; (*rr)->u.srv->port = (p[4] << 8) | p[5]; - strcpy((*rr)->u.srv->target, host); + strlcpy((*rr)->u.srv->target, host, hostlen + 1); break; } case T_TXT:{ @@ -247,7 +252,7 @@ parse_record(const unsigned char *data, const unsigned char *end_data, break; } case T_SIG : { - size_t sig_len; + size_t sig_len, hostlen; if(size <= 18) { free(*rr); @@ -269,8 +274,9 @@ parse_record(const unsigned char *data, const unsigned char *end_data, don't you just love C? */ sig_len = size - 18 - status; + hostlen = strlen(host); (*rr)->u.sig = malloc(sizeof(*(*rr)->u.sig) - + strlen(host) + sig_len); + + hostlen + sig_len); if ((*rr)->u.sig == NULL) { free(*rr); return -1; @@ -288,7 +294,7 @@ parse_record(const unsigned char *data, const unsigned char *end_data, (*rr)->u.sig->sig_len = sig_len; memcpy ((*rr)->u.sig->sig_data, p + 18 + status, sig_len); (*rr)->u.sig->signer = &(*rr)->u.sig->sig_data[sig_len]; - strcpy((*rr)->u.sig->signer, host); + strlcpy((*rr)->u.sig->signer, host, hostlen + 1); break; } diff --git a/crypto/heimdal/lib/roken/roken.awk b/crypto/heimdal/lib/roken/roken.awk index b6a181c..1c1e0c0 100644 --- a/crypto/heimdal/lib/roken/roken.awk +++ b/crypto/heimdal/lib/roken/roken.awk @@ -1,4 +1,4 @@ -# $Id: roken.awk,v 1.8 2002/09/10 20:05:55 joda Exp $ +# $Id: roken.awk,v 1.9 2003/03/04 10:37:26 lha Exp $ BEGIN { print "#ifdef HAVE_CONFIG_H" @@ -6,7 +6,7 @@ BEGIN { print "#endif" print "#include <stdio.h>" print "" - print "int main()" + print "int main(int argc, char **argv)" print "{" print "puts(\"/* This is an OS dependent, generated file */\");" print "puts(\"\\n\");" diff --git a/crypto/heimdal/lib/roken/snprintf.c b/crypto/heimdal/lib/roken/snprintf.c index 1a3b7be..5e4b85e9 100644 --- a/crypto/heimdal/lib/roken/snprintf.c +++ b/crypto/heimdal/lib/roken/snprintf.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995-2002 Kungliga Tekniska Högskolan + * Copyright (c) 1995-2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include <config.h> -RCSID("$Id: snprintf.c,v 1.34 2002/04/18 08:50:57 joda Exp $"); +RCSID("$Id: snprintf.c,v 1.35 2003/03/26 10:05:48 joda Exp $"); #endif #include <stdio.h> #include <stdarg.h> @@ -338,6 +338,8 @@ xyzprintf (struct snprintf_state *state, const char *char_format, va_list ap) flags |= alternate_flag; else if(c == '0') flags |= zero_flag; + else if(c == '\'') + ; /* just ignore */ else break; } diff --git a/crypto/heimdal/lib/roken/socket.c b/crypto/heimdal/lib/roken/socket.c index ad124fd..bd67013 100644 --- a/crypto/heimdal/lib/roken/socket.c +++ b/crypto/heimdal/lib/roken/socket.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include <config.h> -RCSID("$Id: socket.c,v 1.7 2001/09/03 12:04:23 joda Exp $"); +RCSID("$Id: socket.c,v 1.8 2003/04/15 03:26:51 lha Exp $"); #endif #include <roken.h> @@ -270,7 +270,8 @@ socket_set_tos (int sock, int tos) { #if defined(IP_TOS) && defined(HAVE_SETSOCKOPT) if (setsockopt (sock, IPPROTO_IP, IP_TOS, (void *) &tos, sizeof (int)) < 0) - warn ("setsockopt TOS (ignored)"); + if (errno != EINVAL) + warn ("setsockopt TOS (ignored)"); #endif } diff --git a/crypto/heimdal/lib/roken/strcasecmp.c b/crypto/heimdal/lib/roken/strcasecmp.c index b5e20e7..cde5b3b 100644 --- a/crypto/heimdal/lib/roken/strcasecmp.c +++ b/crypto/heimdal/lib/roken/strcasecmp.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include <config.h> -RCSID("$Id: strcasecmp.c,v 1.9 1999/12/02 16:58:52 joda Exp $"); +RCSID("$Id: strcasecmp.c,v 1.10 2003/04/14 11:26:27 lha Exp $"); #endif #include <string.h> @@ -46,13 +46,13 @@ RCSID("$Id: strcasecmp.c,v 1.9 1999/12/02 16:58:52 joda Exp $"); int strcasecmp(const char *s1, const char *s2) { - while(toupper(*s1) == toupper(*s2)) { + while(toupper((unsigned char)*s1) == toupper((unsigned char)*s2)) { if(*s1 == '\0') return 0; s1++; s2++; } - return toupper(*s1) - toupper(*s2); + return toupper((unsigned char)*s1) - toupper((unsigned char)*s2); } #endif diff --git a/crypto/heimdal/lib/roken/strlwr.c b/crypto/heimdal/lib/roken/strlwr.c index cb36789..f2c6a9f 100644 --- a/crypto/heimdal/lib/roken/strlwr.c +++ b/crypto/heimdal/lib/roken/strlwr.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include <config.h> -RCSID("$Id: strlwr.c,v 1.4 1999/12/02 16:58:53 joda Exp $"); +RCSID("$Id: strlwr.c,v 1.5 2003/04/14 11:44:34 lha Exp $"); #endif #include <string.h> #include <ctype.h> @@ -47,7 +47,7 @@ strlwr(char *str) char *s; for(s = str; *s; s++) - *s = tolower(*s); + *s = tolower((unsigned char)*s); return str; } #endif diff --git a/crypto/heimdal/lib/roken/strncasecmp.c b/crypto/heimdal/lib/roken/strncasecmp.c index 7c6474f..a08d9e8 100644 --- a/crypto/heimdal/lib/roken/strncasecmp.c +++ b/crypto/heimdal/lib/roken/strncasecmp.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include <config.h> -RCSID("$Id: strncasecmp.c,v 1.2 1999/12/02 16:58:53 joda Exp $"); +RCSID("$Id: strncasecmp.c,v 1.3 2003/04/14 11:46:04 lha Exp $"); #endif #include <string.h> @@ -45,7 +45,9 @@ RCSID("$Id: strncasecmp.c,v 1.2 1999/12/02 16:58:53 joda Exp $"); int strncasecmp(const char *s1, const char *s2, size_t n) { - while(n > 0 && toupper(*s1) == toupper(*s2)) { + while(n > 0 + && toupper((unsigned char)*s1) == toupper((unsigned char)*s2)) + { if(*s1 == '\0') return 0; s1++; @@ -54,7 +56,7 @@ strncasecmp(const char *s1, const char *s2, size_t n) } if(n == 0) return 0; - return toupper(*s1) - toupper(*s2); + return toupper((unsigned char)*s1) - toupper((unsigned char)*s2); } #endif diff --git a/crypto/heimdal/lib/roken/strupr.c b/crypto/heimdal/lib/roken/strupr.c index 96dd042..9d136e0 100644 --- a/crypto/heimdal/lib/roken/strupr.c +++ b/crypto/heimdal/lib/roken/strupr.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include <config.h> -RCSID("$Id: strupr.c,v 1.4 1999/12/02 16:58:53 joda Exp $"); +RCSID("$Id: strupr.c,v 1.5 2003/04/14 11:46:41 lha Exp $"); #endif #include <string.h> #include <ctype.h> @@ -47,7 +47,7 @@ strupr(char *str) char *s; for(s = str; *s; s++) - *s = toupper(*s); + *s = toupper((unsigned char)*s); return str; } #endif diff --git a/crypto/heimdal/lib/sl/Makefile.in b/crypto/heimdal/lib/sl/Makefile.in index df8b225..b4ed976 100644 --- a/crypto/heimdal/lib/sl/Makefile.in +++ b/crypto/heimdal/lib/sl/Makefile.in @@ -18,7 +18,7 @@ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -245,8 +246,8 @@ libsl_la_DEPENDENCIES = am_libsl_la_OBJECTS = sl.lo $(am__objects_8) libsl_la_OBJECTS = $(am_libsl_la_OBJECTS) libss_la_DEPENDENCIES = -am__objects_16 = sl.lo $(am__objects_8) -am_libss_la_OBJECTS = $(am__objects_16) ss.lo +am__objects_17 = sl.lo $(am__objects_8) +am_libss_la_OBJECTS = $(am__objects_17) ss.lo libss_la_OBJECTS = $(am_libss_la_OBJECTS) bin_PROGRAMS = mk_cmds$(EXEEXT) PROGRAMS = $(bin_PROGRAMS) @@ -287,10 +288,10 @@ all: all-am .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .l .lo .o .obj .y -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign lib/sl/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) libLTLIBRARIES_INSTALL = $(INSTALL) install-libLTLIBRARIES: $(lib_LTLIBRARIES) @@ -554,8 +555,9 @@ info: info-am info-am: -install-data-am: install-data-local install-includeHEADERS \ - install-ssincludeHEADERS +install-data-am: install-includeHEADERS install-ssincludeHEADERS + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: install-binPROGRAMS install-libLTLIBRARIES @$(NORMAL_INSTALL) @@ -585,7 +587,7 @@ uninstall-am: uninstall-binPROGRAMS uninstall-includeHEADERS \ clean-libtool distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am info \ info-am install install-am install-binPROGRAMS install-data \ - install-data-am install-data-local install-exec install-exec-am \ + install-data-am install-exec install-exec-am \ install-includeHEADERS install-info install-info-am \ install-libLTLIBRARIES install-man install-ssincludeHEADERS \ install-strip installcheck installcheck-am installdirs \ @@ -719,7 +721,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/lib/vers/ChangeLog b/crypto/heimdal/lib/vers/ChangeLog index ddc3d07..f5a869d 100644 --- a/crypto/heimdal/lib/vers/ChangeLog +++ b/crypto/heimdal/lib/vers/ChangeLog @@ -1,3 +1,10 @@ +2003-01-02 Johan Danielsson <joda@pdc.kth.se> + + * print_version.c: considerable clean up + + * make-print-version.c: make VERSIONLIST a string instead of an + array of strings + 2002-08-28 Assar Westerlund <assar@kth.se> * Makefile.am (make_print_version_LDADD): do not hardcode -ldes, diff --git a/crypto/heimdal/lib/vers/Makefile.in b/crypto/heimdal/lib/vers/Makefile.in index 294d056..949bd72 100644 --- a/crypto/heimdal/lib/vers/Makefile.in +++ b/crypto/heimdal/lib/vers/Makefile.in @@ -18,7 +18,7 @@ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -256,10 +257,10 @@ all: all-am .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign lib/vers/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) clean-noinstLTLIBRARIES: @@ -412,7 +413,9 @@ info: info-am info-am: -install-data-am: install-data-local +install-data-am: + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: @$(NORMAL_INSTALL) @@ -440,9 +443,9 @@ uninstall-am: uninstall-info-am clean-noinstPROGRAMS distclean distclean-compile \ distclean-generic distclean-libtool distclean-tags distdir dvi \ dvi-am info info-am install install-am install-data \ - install-data-am install-data-local install-exec install-exec-am \ - install-info install-info-am install-man install-strip \ - installcheck installcheck-am installdirs maintainer-clean \ + install-data-am install-exec install-exec-am install-info \ + install-info-am install-man install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool tags uninstall \ uninstall-am uninstall-info-am @@ -571,7 +574,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/lib/vers/make-print-version.c b/crypto/heimdal/lib/vers/make-print-version.c index 6102e75..eab167d 100644 --- a/crypto/heimdal/lib/vers/make-print-version.c +++ b/crypto/heimdal/lib/vers/make-print-version.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1998 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include <config.h> -RCSID("$Id: make-print-version.c,v 1.2 2000/07/08 10:46:36 assar Exp $"); +RCSID("$Id: make-print-version.c,v 1.3 2003/01/02 15:31:38 joda Exp $"); #endif #include <stdio.h> @@ -55,14 +55,17 @@ main(int argc, char **argv) f = fopen(argv[1], "w"); if(f == NULL) return 1; - fprintf(f, "#define VERSIONLIST { "); + fprintf(f, "#define VERSIONLIST \""); #ifdef KRB5 - fprintf(f, "\"%s\", ", heimdal_version); + fprintf(f, "%s", heimdal_version); #endif #ifdef KRB4 - fprintf(f, "\"%s\", ", krb4_version); +#ifdef KRB5 + fprintf(f, ", "); +#endif + fprintf(f, "%s", krb4_version); #endif - fprintf(f, "}\n"); + fprintf(f, "\"\n"); fclose(f); return 0; } diff --git a/crypto/heimdal/lib/vers/print_version.c b/crypto/heimdal/lib/vers/print_version.c index 15919ac..2376c81 100644 --- a/crypto/heimdal/lib/vers/print_version.c +++ b/crypto/heimdal/lib/vers/print_version.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998 - 2002 Kungliga Tekniska Högskolan + * Copyright (c) 1998 - 2003 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include <config.h> -RCSID("$Id: print_version.c,v 1.5 2002/08/19 15:57:49 joda Exp $"); +RCSID("$Id: print_version.c,v 1.6 2003/01/02 15:32:50 joda Exp $"); #endif #include "roken.h" @@ -42,38 +42,14 @@ RCSID("$Id: print_version.c,v 1.5 2002/08/19 15:57:49 joda Exp $"); void print_version(const char *progname) { - const char *arg[] = VERSIONLIST; - const int num_args = sizeof(arg) / sizeof(arg[0]); - char *msg; - size_t len = 0; - int i; + const char *package_list = VERSIONLIST; if(progname == NULL) progname = getprogname(); - if(num_args == 0) - msg = "no version information"; - else { - for(i = 0; i < num_args; i++) { - if(i > 0) - len += 2; - len += strlen(arg[i]); - } - msg = malloc(len + 1); - if(msg == NULL) { - fprintf(stderr, "%s: out of memory\n", progname); - return; - } - msg[0] = '\0'; - for(i = 0; i < num_args; i++) { - if(i > 0) - strcat(msg, ", "); - strcat(msg, arg[i]); - } - } - fprintf(stderr, "%s (%s)\n", progname, msg); - fprintf(stderr, "Copyright (c) 1999-2002 Kungliga Tekniska Högskolan\n"); + if(*package_list == '\0') + package_list = "no version information"; + fprintf(stderr, "%s (%s)\n", progname, package_list); + fprintf(stderr, "Copyright 1999-2003 Kungliga Tekniska Högskolan\n"); fprintf(stderr, "Send bug-reports to %s\n", PACKAGE_BUGREPORT); - if(num_args != 0) - free(msg); } diff --git a/crypto/heimdal/tools/Makefile.in b/crypto/heimdal/tools/Makefile.in index 9710e0d..e65c422 100644 --- a/crypto/heimdal/tools/Makefile.in +++ b/crypto/heimdal/tools/Makefile.in @@ -18,7 +18,7 @@ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ -# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $ +# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $ SHELL = @SHELL@ srcdir = @srcdir@ @@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +MAINT = @MAINT@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) @KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @@ -231,10 +232,10 @@ all: all-am .SUFFIXES: .SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) cd $(top_srcdir) && \ $(AUTOMAKE) --foreign tools/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status +Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe) install-binSCRIPTS: $(bin_SCRIPTS) @$(NORMAL_INSTALL) @@ -387,7 +388,9 @@ info: info-am info-am: -install-data-am: install-data-local install-man +install-data-am: install-man + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-exec-am: install-binSCRIPTS @$(NORMAL_INSTALL) @@ -415,9 +418,9 @@ uninstall-man: uninstall-man1 clean-generic clean-libtool distclean distclean-generic \ distclean-libtool distdir dvi dvi-am info info-am install \ install-am install-binSCRIPTS install-data install-data-am \ - install-data-local install-exec install-exec-am install-info \ - install-info-am install-man install-man1 install-strip \ - installcheck installcheck-am installdirs maintainer-clean \ + install-exec install-exec-am install-info install-info-am \ + install-man install-man1 install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic \ mostlyclean-libtool uninstall uninstall-am uninstall-binSCRIPTS \ uninstall-info-am uninstall-man uninstall-man1 @@ -546,7 +549,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans install-cat-mans: $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) -install-data-local: install-cat-mans +install-data-hook: install-cat-mans .et.h: $(COMPILE_ET) $< diff --git a/crypto/heimdal/tools/build.sh b/crypto/heimdal/tools/build.sh new file mode 100755 index 0000000..fad8608 --- /dev/null +++ b/crypto/heimdal/tools/build.sh @@ -0,0 +1,212 @@ +#!/bin/sh +# +# Build many combinations of kth-krb/heimdal/openssl +# +# $Id: build.sh,v 1.8 2003/04/17 12:55:02 lha Exp $ + +opt_n= #: +make_f= #-j + +heimdal_versions="0.5.2 0.6pre4" +krb4_versions="1.2.2" +openssl_versions="0.9.6i 0.9.7a 0.9.7b" + +make_check_version=".*heimdal-0.6.*" + +# 0.5 dont eat 0.9.7 +dont_build="openssl-0.9.7.*heimdal-0.5.*" +# 1.2 dont eat 0.9.7 +dont_build="openssl-0.9.7.*krb4-1.2.* ${dont_build}" +#yacc problems +dont_build="openssl-0.9.6.*heimdal-0.5.*osf4.* ${dont_build}" +#local openssl 09.7 and broken kuser/Makefile.am +dont_build="openssl-0.9.6.*heimdal-0.5.*freebsd4.8.* ${dont_build}" +failed= + +# Allow override +for a in $HOME . /etc ; do + [ -f $a/.heimdal-build ] && . $a/.heimdal-build +done + +targetdir=${targetdir:-/scratch/heimdal-test} +logfile="${targetdir}/buildlog" + +distdirs="${distdirs} /afs/su.se/home/l/h/lha/Public/openssl" +distdirs="${distdirs} /afs/pdc.kth.se/public/ftp/pub/heimdal/src" +distdirs="${distdirs} /afs/pdc.kth.se/public/ftp/pub/heimdal/src/snapshots" +distdirs="${distdirs} /afs/pdc.kth.se/public/ftp/pub/krb/src" + + +logprint () { + d=`date '+%Y-%m-%d %H:%M:%S'` + echo "${d}: $*" + echo "${d}: --- $*" >> ${logfile} +} + +logerror () { + echo "$*" + exit 1 +} + +find_unzip_prog () { + unzip_prog= + oldIFS="$IFS" + IFS=: + set -- $PATH + IFS="$oldIFS" + for a in $* ; do + if [ -x $a/gzip ] ; then + unzip_prog="$a/gzip -dc" + break + elif [ -x $a/gunzip ] ; then + unzip_prog="$a/gunzip -c" + break + fi + done + [ "$unzip_prog" = "" ] && logerror failed to find unzip program +} + +find_canon_name () { + canon_name= + for a in ${distdirs} ; do + if [ -f $a/config.guess ] ; then + canon_name=`$a/config.guess` + fi + if [ "${canon_name}" != "" ] ; then + break + fi + done + [ "${canon_name}" = "" ] && logerror "cant find config.guess" +} + +do_check_p () { + eval check_var=\$"$1" + for a in ${check_var} ; do + expr "$2${canon_name}" : "${a}" > /dev/null 2>&1 && return 1 + done + return 0 +} + +unpack_tar () { + for a in ${distdirs} ; do + if [ -f $a/$1 ] ; then + ${opt_n} ${unzip_prog} ${a}/$1 | ${opt_n} tar xf - + return 0 + fi + done + logerror "did not find $1" +} + +build () { + real_ver=$1 + prog=$2 + ver=$3 + confprog=$4 + checks=$5 + pv=${prog}-${ver} + mkdir tmp || logerror "failed to build tmpdir" + cd tmp || logerror "failed to change dir to tmpdir" + do_check_p dont_build ${real_ver} || \ + { cd .. ; rmdir tmp ; logprint "not building $1" && return 0 ; } + cd .. || logerror "failed to change back from tmpdir" + rmdir tmp || logerror "failed to remove tmpdir" + logprint "preparing for ${pv}" + ${opt_n} rm -rf ${targetdir}/${prog}-${ver} + ${opt_n} rm -rf ${prog}-${ver} + unpack_tar ${pv}.tar.gz + ${opt_n} cd ${pv} || logerror directory ${pv} not there + logprint "configure ${prog} ${ver} (${confprog})" + ${opt_n} ./${confprog} \ + --prefix=${targetdir}/${pv} >> ${logfile} 2>&1 || \ + { logprint failed to configure ${pv} ; return 1 ; } + logprint "make ${prog} ${ver}" + ${opt_n} make ${make_f} >> ${logfile} 2>&1 || \ + { logprint failed to make ${pv} ; return 1 ; } + ${opt_n} make install >> ${logfile} 2>&1 || \ + { logprint failed to install ${pv} ; return 1 ; } + do_check_p make_check_version ${real_ver} || \ + { ${opt_n} make check >> ${logfile} 2>&1 || return 1 ; } + ${opt_n} cd .. + [ "${checks}" != "" ] && ${opt_n} ${checks} >> ${logfile} 2>&1 + return 0 +} + +find_canon_name + +logprint using host `hostname` +logprint `uname -a` +logprint canonical name ${canon_name} + +logprint clearing logfile +> ${logfile} + +find_unzip_prog + +logprint using target dir ${targetdir} +mkdir -p ${targetdir}/src +cd ${targetdir}/src || exit 1 +rm -rf heimdal* openssl* krb4* + +logprint === building openssl versions +for vo in ${openssl_versions} ; do + build openssl-${vo} openssl $vo config +done + +wssl="--with-openssl=${targetdir}/openssl" +wssli="--with-openssl-include=${targetdir}/openssl" #this is a hack for broken heimdal 0.5.x autoconf test +wossl="--without-openssl" +wk4c="--with-krb4-config=${targetdir}/krb4" +bk4c="/bin/krb4-config" +wok4="--without-krb4" + +logprint === building heimdal w/o krb4 versions +for vo in ${openssl_versions} ; do + for vh in ${heimdal_versions} ; do + v="openssl-${vo}-heimdal-${vh}" + build "${v}" \ + heimdal ${vh} \ + "configure ${wok4} ${wssl}-${vo} ${wssli}-${vo}/include" \ + "${targetdir}/heimdal-${vh}/bin/krb5-config --libs | grep lcrypto" \ || \ + { failed="${failed} ${v}" ; logprint ${v} failed ; } + done +done + +logprint === building krb4 +for vo in ${openssl_versions} ; do + for vk in ${krb4_versions} ; do + v="openssl-${vo}-krb4-${vk}" + build "${v}" \ + krb4 ${vk} \ + "configure ${wssl}-${vo}" \ + "${targetdir}/krb4-${vk}/bin/krb4-config --libs | grep lcrypto"|| \ + { failed="${failed} ${v}" ; logprint ${v} failed ; } + done +done + +logprint === building heimdal with krb4 versions +for vo in ${openssl_versions} ; do + for vk in ${krb4_versions} ; do + for vh in ${heimdal_versions} ; do + v="openssl-${vo}-krb4-${vk}-heimdal-${vh}" + build "${v}" \ + heimdal ${vh} \ + "configure ${wk4c}-${vk}${bk4c} ${wssl}-${vo} ${wssli}-${vo}/include" \ + "${targetdir}/heimdal-${vh}/bin/krb5-config --libs | grep lcrypto && ${targetdir}/heimdal-${vh}/bin/krb5-config --libs | grep krb4" \ + || \ + { failed="${failed} ${v}" ; logprint ${v} failed ; } + done + done +done + +logprint === building heimdal without krb4 and openssl versions +for vh in ${heimdal_versions} ; do + v="des-heimdal-${vh}" + build "${v}" \ + heimdal ${vh} \ + "configure ${wok4} ${wossl}" || \ + { failed="${failed} ${v}" ; logprint ${v} failed ; } +done + +logprint all done +[ "${failed}" != "" ] && logprint "failed: ${failed}" +exit 0 diff --git a/crypto/heimdal/tools/krb5-config.1 b/crypto/heimdal/tools/krb5-config.1 index e87176c..222b760 100644 --- a/crypto/heimdal/tools/krb5-config.1 +++ b/crypto/heimdal/tools/krb5-config.1 @@ -1,4 +1,35 @@ -.\" $Id: krb5-config.1,v 1.4 2001/05/02 08:59:23 assar Exp $ +.\" Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan +.\" (Royal Institute of Technology, Stockholm, Sweden). +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" 3. Neither the name of the Institute nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: krb5-config.1,v 1.5 2003/02/16 21:10:32 lha Exp $ .\" .Dd November 30, 2000 .Dt KRB5-CONFIG 1 |