diff options
author | dfr <dfr@FreeBSD.org> | 2008-05-07 13:53:12 +0000 |
---|---|---|
committer | dfr <dfr@FreeBSD.org> | 2008-05-07 13:53:12 +0000 |
commit | be0348cb75cae58cd1683f6fdbff884cb9bc405b (patch) | |
tree | 1338a6c0e5d3e7c3b0da720ac15cd79fc72c6b5a /kerberos5/lib | |
parent | 52bf09d8197dd1ec84e1ab72684f2058f0eae9e1 (diff) | |
download | FreeBSD-src-be0348cb75cae58cd1683f6fdbff884cb9bc405b.zip FreeBSD-src-be0348cb75cae58cd1683f6fdbff884cb9bc405b.tar.gz |
Fix conflicts after heimdal-1.1 import and add build infrastructure. Import
all non-style changes made by heimdal to our own libgssapi.
Diffstat (limited to 'kerberos5/lib')
-rw-r--r-- | kerberos5/lib/Makefile | 6 | ||||
-rw-r--r-- | kerberos5/lib/Makefile.inc | 2 | ||||
-rw-r--r-- | kerberos5/lib/libasn1/Makefile | 411 | ||||
-rw-r--r-- | kerberos5/lib/libgssapi/Makefile | 58 | ||||
-rw-r--r-- | kerberos5/lib/libgssapi_krb5/Makefile | 79 | ||||
-rw-r--r-- | kerberos5/lib/libgssapi_krb5/gss_krb5.c | 831 | ||||
-rw-r--r-- | kerberos5/lib/libgssapi_krb5/prefix.c | 33 | ||||
-rw-r--r-- | kerberos5/lib/libgssapi_ntlm/Makefile | 44 | ||||
-rw-r--r-- | kerberos5/lib/libgssapi_ntlm/prefix.c | 33 | ||||
-rw-r--r-- | kerberos5/lib/libgssapi_spnego/Makefile | 48 | ||||
-rw-r--r-- | kerberos5/lib/libgssapi_spnego/prefix.c | 45 | ||||
-rw-r--r-- | kerberos5/lib/libhdb/Makefile | 23 | ||||
-rw-r--r-- | kerberos5/lib/libheimntlm/Makefile | 11 | ||||
-rw-r--r-- | kerberos5/lib/libhx509/Makefile | 103 | ||||
-rw-r--r-- | kerberos5/lib/libkadm5clnt/Makefile | 3 | ||||
-rw-r--r-- | kerberos5/lib/libkadm5srv/Makefile | 1 | ||||
-rw-r--r-- | kerberos5/lib/libkafs5/Makefile | 2 | ||||
-rw-r--r-- | kerberos5/lib/libkrb5/Makefile | 77 | ||||
-rw-r--r-- | kerberos5/lib/libroken/Makefile | 5 |
19 files changed, 1722 insertions, 93 deletions
diff --git a/kerberos5/lib/Makefile b/kerberos5/lib/Makefile index 1d07e0b..c629f24 100644 --- a/kerberos5/lib/Makefile +++ b/kerberos5/lib/Makefile @@ -1,6 +1,8 @@ + # $FreeBSD$ -SUBDIR= libasn1 libgssapi libhdb libkadm5clnt libkadm5srv \ - libkafs5 libkrb5 libroken libsl libvers +SUBDIR= libasn1 libgssapi_krb5 libgssapi_ntlm libgssapi_spnego libhdb \ + libheimntlm libhx509 libkadm5clnt libkadm5srv libkafs5 libkrb5 \ + libroken libsl libvers .include <bsd.subdir.mk> diff --git a/kerberos5/lib/Makefile.inc b/kerberos5/lib/Makefile.inc index 441a0ec..dc07383 100644 --- a/kerberos5/lib/Makefile.inc +++ b/kerberos5/lib/Makefile.inc @@ -1,5 +1,5 @@ # $FreeBSD$ -SHLIB_MAJOR?= 9 +SHLIB_MAJOR?= 10 .include "../Makefile.inc" diff --git a/kerberos5/lib/libasn1/Makefile b/kerberos5/lib/libasn1/Makefile index b42f802..4a9c21e 100644 --- a/kerberos5/lib/libasn1/Makefile +++ b/kerberos5/lib/libasn1/Makefile @@ -1,33 +1,247 @@ # $FreeBSD$ LIB= asn1 -INCS= asn1_err.h krb5_asn1.h +INCS= asn1_err.h heim_asn1.h SRCS= asn1_err.c \ asn1_err.h \ der_copy.c \ + der_cmp.c \ der_free.c \ + der_format.c \ der_get.c \ der_length.c \ der_put.c \ - krb5_asn1.h \ + extra.c \ timegm.c \ ${GEN:S/.x$/.c/} CFLAGS+=-I${KRB5DIR}/lib/asn1 -I${KRB5DIR}/lib/roken -I. -GEN= asn1_APOptions.x \ +GEN_RFC2459 = \ + asn1_Version.x \ + asn1_id_pkcs_1.x \ + asn1_id_pkcs1_rsaEncryption.x \ + asn1_id_pkcs1_md2WithRSAEncryption.x \ + asn1_id_pkcs1_md5WithRSAEncryption.x \ + asn1_id_pkcs1_sha1WithRSAEncryption.x \ + asn1_id_pkcs1_sha256WithRSAEncryption.x \ + asn1_id_pkcs1_sha384WithRSAEncryption.x \ + asn1_id_pkcs1_sha512WithRSAEncryption.x \ + asn1_id_heim_rsa_pkcs1_x509.x \ + asn1_id_pkcs_2.x \ + asn1_id_pkcs2_md2.x \ + asn1_id_pkcs2_md4.x \ + asn1_id_pkcs2_md5.x \ + asn1_id_rsa_digestAlgorithm.x \ + asn1_id_rsa_digest_md2.x \ + asn1_id_rsa_digest_md4.x \ + asn1_id_rsa_digest_md5.x \ + asn1_id_pkcs_3.x \ + asn1_id_pkcs3_rc2_cbc.x \ + asn1_id_pkcs3_rc4.x \ + asn1_id_pkcs3_des_ede3_cbc.x \ + asn1_id_rsadsi_encalg.x \ + asn1_id_rsadsi_rc2_cbc.x \ + asn1_id_rsadsi_des_ede3_cbc.x \ + asn1_id_secsig_sha_1.x \ + asn1_id_nistAlgorithm.x \ + asn1_id_nist_aes_algs.x \ + asn1_id_aes_128_cbc.x \ + asn1_id_aes_192_cbc.x \ + asn1_id_aes_256_cbc.x \ + asn1_id_nist_sha_algs.x \ + asn1_id_sha256.x \ + asn1_id_sha224.x \ + asn1_id_sha384.x \ + asn1_id_sha512.x \ + asn1_id_dhpublicnumber.x \ + asn1_id_x9_57.x \ + asn1_id_dsa.x \ + asn1_id_dsa_with_sha1.x \ + asn1_id_x520_at.x \ + asn1_id_at_commonName.x \ + asn1_id_at_surname.x \ + asn1_id_at_serialNumber.x \ + asn1_id_at_countryName.x \ + asn1_id_at_localityName.x \ + asn1_id_at_streetAddress.x \ + asn1_id_at_stateOrProvinceName.x \ + asn1_id_at_organizationName.x \ + asn1_id_at_organizationalUnitName.x \ + asn1_id_at_name.x \ + asn1_id_at_givenName.x \ + asn1_id_at_initials.x \ + asn1_id_at_generationQualifier.x \ + asn1_id_at_pseudonym.x \ + asn1_id_Userid.x \ + asn1_id_domainComponent.x \ + asn1_id_x509_ce.x \ + asn1_id_uspkicommon_card_id.x \ + asn1_id_uspkicommon_piv_interim.x \ + asn1_id_netscape.x \ + asn1_id_netscape_cert_comment.x \ + asn1_id_ms_cert_enroll_domaincontroller.x \ + asn1_id_ms_client_authentication.x \ + asn1_AlgorithmIdentifier.x \ + asn1_AttributeType.x \ + asn1_AttributeValue.x \ + asn1_TeletexStringx.x \ + asn1_DirectoryString.x \ + asn1_Attribute.x \ + asn1_AttributeTypeAndValue.x \ + asn1_AuthorityInfoAccessSyntax.x \ + asn1_AccessDescription.x \ + asn1_RelativeDistinguishedName.x \ + asn1_RDNSequence.x \ + asn1_Name.x \ + asn1_CertificateSerialNumber.x \ + asn1_Time.x \ + asn1_Validity.x \ + asn1_UniqueIdentifier.x \ + asn1_SubjectPublicKeyInfo.x \ + asn1_Extension.x \ + asn1_Extensions.x \ + asn1_TBSCertificate.x \ + asn1_Certificate.x \ + asn1_Certificates.x \ + asn1_ValidationParms.x \ + asn1_DomainParameters.x \ + asn1_DHPublicKey.x \ + asn1_OtherName.x \ + asn1_GeneralName.x \ + asn1_GeneralNames.x \ + asn1_id_x509_ce_keyUsage.x \ + asn1_KeyUsage.x \ + asn1_id_x509_ce_authorityKeyIdentifier.x \ + asn1_KeyIdentifier.x \ + asn1_AuthorityKeyIdentifier.x \ + asn1_id_x509_ce_subjectKeyIdentifier.x \ + asn1_SubjectKeyIdentifier.x \ + asn1_id_x509_ce_basicConstraints.x \ + asn1_BasicConstraints.x \ + asn1_id_x509_ce_nameConstraints.x \ + asn1_BaseDistance.x \ + asn1_GeneralSubtree.x \ + asn1_GeneralSubtrees.x \ + asn1_NameConstraints.x \ + asn1_id_x509_ce_privateKeyUsagePeriod.x \ + asn1_id_x509_ce_certificatePolicies.x \ + asn1_id_x509_ce_policyMappings.x \ + asn1_id_x509_ce_subjectAltName.x \ + asn1_id_x509_ce_issuerAltName.x \ + asn1_id_x509_ce_subjectDirectoryAttributes.x \ + asn1_id_x509_ce_policyConstraints.x \ + asn1_id_x509_ce_extKeyUsage.x \ + asn1_ExtKeyUsage.x \ + asn1_id_x509_ce_cRLDistributionPoints.x \ + asn1_id_x509_ce_deltaCRLIndicator.x \ + asn1_id_x509_ce_issuingDistributionPoint.x \ + asn1_id_x509_ce_holdInstructionCode.x \ + asn1_id_x509_ce_invalidityDate.x \ + asn1_id_x509_ce_certificateIssuer.x \ + asn1_id_x509_ce_inhibitAnyPolicy.x \ + asn1_DistributionPointReasonFlags.x \ + asn1_DistributionPointName.x \ + asn1_DistributionPoint.x \ + asn1_CRLDistributionPoints.x \ + asn1_DSASigValue.x \ + asn1_DSAPublicKey.x \ + asn1_DSAParams.x \ + asn1_RSAPublicKey.x \ + asn1_RSAPrivateKey.x \ + asn1_DigestInfo.x \ + asn1_TBSCRLCertList.x \ + asn1_CRLCertificateList.x \ + asn1_id_x509_ce_cRLNumber.x \ + asn1_id_x509_ce_freshestCRL.x \ + asn1_id_x509_ce_cRLReason.x \ + asn1_CRLReason.x \ + asn1_PKIXXmppAddr.x \ + asn1_id_pkix.x \ + asn1_id_pkix_on.x \ + asn1_id_pkix_on_dnsSRV.x \ + asn1_id_pkix_on_xmppAddr.x \ + asn1_id_pkix_kp.x \ + asn1_id_pkix_kp_serverAuth.x \ + asn1_id_pkix_kp_clientAuth.x \ + asn1_id_pkix_kp_emailProtection.x \ + asn1_id_pkix_kp_timeStamping.x \ + asn1_id_pkix_kp_OCSPSigning.x \ + asn1_id_pkix_pe.x \ + asn1_id_pkix_pe_authorityInfoAccess.x \ + asn1_id_pkix_pe_proxyCertInfo.x \ + asn1_id_pkix_ppl.x \ + asn1_id_pkix_ppl_anyLanguage.x \ + asn1_id_pkix_ppl_inheritAll.x \ + asn1_id_pkix_ppl_independent.x \ + asn1_ProxyPolicy.x \ + asn1_ProxyCertInfo.x + +GEN_CMS = \ + asn1_CMSAttributes.x \ + asn1_CMSCBCParameter.x \ + asn1_CMSEncryptedData.x \ + asn1_CMSIdentifier.x \ + asn1_CMSRC2CBCParameter.x \ + asn1_CMSVersion.x \ + asn1_CertificateList.x \ + asn1_CertificateRevocationLists.x \ + asn1_CertificateSet.x \ + asn1_ContentEncryptionAlgorithmIdentifier.x \ + asn1_ContentInfo.x \ + asn1_ContentType.x \ + asn1_DigestAlgorithmIdentifier.x \ + asn1_DigestAlgorithmIdentifiers.x \ + asn1_EncapsulatedContentInfo.x \ + asn1_EncryptedContent.x \ + asn1_EncryptedContentInfo.x \ + asn1_EncryptedKey.x \ + asn1_EnvelopedData.x \ + asn1_IssuerAndSerialNumber.x \ + asn1_KeyEncryptionAlgorithmIdentifier.x \ + asn1_KeyTransRecipientInfo.x \ + asn1_MessageDigest.x \ + asn1_OriginatorInfo.x \ + asn1_RecipientIdentifier.x \ + asn1_RecipientInfo.x \ + asn1_RecipientInfos.x \ + asn1_SignatureAlgorithmIdentifier.x \ + asn1_SignatureValue.x \ + asn1_SignedData.x \ + asn1_SignerIdentifier.x \ + asn1_SignerInfo.x \ + asn1_SignerInfos.x \ + asn1_id_pkcs7.x \ + asn1_id_pkcs7_data.x \ + asn1_id_pkcs7_digestedData.x \ + asn1_id_pkcs7_encryptedData.x \ + asn1_id_pkcs7_envelopedData.x \ + asn1_id_pkcs7_signedAndEnvelopedData.x \ + asn1_id_pkcs7_signedData.x \ + asn1_UnprotectedAttributes.x + +GEN_K5= asn1_AD_AND_OR.x \ + asn1_AD_IF_RELEVANT.x \ + asn1_AD_KDCIssued.x \ + asn1_AD_MANDATORY_FOR_KDC.x \ + asn1_AD_LoginAlias.x \ + asn1_APOptions.x \ asn1_AP_REP.x \ asn1_AP_REQ.x \ asn1_AS_REP.x \ asn1_AS_REQ.x \ + asn1_AUTHDATA_TYPE.x \ asn1_Authenticator.x \ asn1_AuthorizationData.x \ + asn1_AuthorizationDataElement.x \ asn1_CKSUMTYPE.x \ - asn1_Checksum.x \ asn1_ChangePasswdDataMS.x \ + asn1_Checksum.x \ asn1_ENCTYPE.x \ asn1_ETYPE_INFO.x \ + asn1_ETYPE_INFO2.x \ + asn1_ETYPE_INFO2_ENTRY.x \ asn1_ETYPE_INFO_ENTRY.x \ asn1_EncAPRepPart.x \ asn1_EncASRepPart.x \ @@ -38,6 +252,7 @@ GEN= asn1_APOptions.x \ asn1_EncTicketPart.x \ asn1_EncryptedData.x \ asn1_EncryptionKey.x \ + asn1_EtypeList.x \ asn1_HostAddress.x \ asn1_HostAddresses.x \ asn1_KDCOptions.x \ @@ -49,6 +264,7 @@ GEN= asn1_APOptions.x \ asn1_KRB_PRIV.x \ asn1_KRB_SAFE.x \ asn1_KRB_SAFE_BODY.x \ + asn1_KerberosString.x \ asn1_KerberosTime.x \ asn1_KrbCredInfo.x \ asn1_LR_TYPE.x \ @@ -58,22 +274,199 @@ GEN= asn1_APOptions.x \ asn1_NAME_TYPE.x \ asn1_PADATA_TYPE.x \ asn1_PA_DATA.x \ + asn1_PA_ENC_SAM_RESPONSE_ENC.x \ asn1_PA_ENC_TS_ENC.x \ + asn1_PA_PAC_REQUEST.x \ + asn1_PA_S4U2Self.x \ + asn1_PA_SAM_CHALLENGE_2.x \ + asn1_PA_SAM_CHALLENGE_2_BODY.x \ + asn1_PA_SAM_REDIRECT.x \ + asn1_PA_SAM_RESPONSE_2.x \ + asn1_PA_SAM_TYPE.x \ + asn1_PA_ClientCanonicalized.x \ + asn1_PA_ClientCanonicalizedNames.x \ + asn1_PA_SvrReferralData.x \ + asn1_PROV_SRV_LOCATION.x \ asn1_Principal.x \ asn1_PrincipalName.x \ asn1_Realm.x \ + asn1_SAMFlags.x \ asn1_TGS_REP.x \ asn1_TGS_REQ.x \ + asn1_TYPED_DATA.x \ asn1_Ticket.x \ asn1_TicketFlags.x \ asn1_TransitedEncoding.x \ - asn1_UNSIGNED.x + asn1_TypedData.x \ + asn1_krb5int32.x \ + asn1_krb5uint32.x \ + asn1_KRB5SignedPathData.x \ + asn1_KRB5SignedPathPrincipals.x \ + asn1_KRB5SignedPath.x + +GEN_PKINIT = \ + asn1_id_pkinit.x \ + asn1_id_pkauthdata.x \ + asn1_id_pkdhkeydata.x \ + asn1_id_pkrkeydata.x \ + asn1_id_pkekuoid.x \ + asn1_id_pkkdcekuoid.x \ + asn1_id_pkinit_san.x \ + asn1_id_pkinit_ms_eku.x \ + asn1_id_pkinit_ms_san.x \ + asn1_MS_UPN_SAN.x \ + asn1_DHNonce.x \ + asn1_KDFAlgorithmId.x \ + asn1_TrustedCA.x \ + asn1_ExternalPrincipalIdentifier.x \ + asn1_ExternalPrincipalIdentifiers.x \ + asn1_PA_PK_AS_REQ.x \ + asn1_PKAuthenticator.x \ + asn1_AuthPack.x \ + asn1_TD_TRUSTED_CERTIFIERS.x \ + asn1_TD_INVALID_CERTIFICATES.x \ + asn1_KRB5PrincipalName.x \ + asn1_AD_INITIAL_VERIFIED_CAS.x \ + asn1_DHRepInfo.x \ + asn1_PA_PK_AS_REP.x \ + asn1_KDCDHKeyInfo.x \ + asn1_ReplyKeyPack.x \ + asn1_TD_DH_PARAMETERS.x \ + asn1_PKAuthenticator_Win2k.x \ + asn1_AuthPack_Win2k.x \ + asn1_TrustedCA_Win2k.x \ + asn1_PA_PK_AS_REQ_Win2k.x \ + asn1_PA_PK_AS_REP_Win2k.x \ + asn1_KDCDHKeyInfo_Win2k.x \ + asn1_ReplyKeyPack_Win2k.x \ + asn1_PkinitSuppPubInfo.x + +GEN_PKCS8 = \ + asn1_PKCS8PrivateKeyAlgorithmIdentifier.x \ + asn1_PKCS8PrivateKey.x \ + asn1_PKCS8PrivateKeyInfo.x \ + asn1_PKCS8Attributes.x \ + asn1_PKCS8EncryptedPrivateKeyInfo.x \ + asn1_PKCS8EncryptedData.x + +GEN_PKCS9 = \ + asn1_id_pkcs_9.x \ + asn1_id_pkcs9_contentType.x \ + asn1_id_pkcs9_emailAddress.x \ + asn1_id_pkcs9_messageDigest.x \ + asn1_id_pkcs9_signingTime.x \ + asn1_id_pkcs9_countersignature.x \ + asn1_id_pkcs_9_at_friendlyName.x \ + asn1_id_pkcs_9_at_localKeyId.x \ + asn1_id_pkcs_9_at_certTypes.x \ + asn1_id_pkcs_9_at_certTypes_x509.x \ + asn1_PKCS9_BMPString.x \ + asn1_PKCS9_friendlyName.x + +GEN_PKCS12 = \ + asn1_id_pkcs_12.x \ + asn1_id_pkcs_12PbeIds.x \ + asn1_id_pbeWithSHAAnd128BitRC4.x \ + asn1_id_pbeWithSHAAnd40BitRC4.x \ + asn1_id_pbeWithSHAAnd3_KeyTripleDES_CBC.x \ + asn1_id_pbeWithSHAAnd2_KeyTripleDES_CBC.x \ + asn1_id_pbeWithSHAAnd128BitRC2_CBC.x \ + asn1_id_pbewithSHAAnd40BitRC2_CBC.x \ + asn1_id_pkcs12_bagtypes.x \ + asn1_id_pkcs12_keyBag.x \ + asn1_id_pkcs12_pkcs8ShroudedKeyBag.x \ + asn1_id_pkcs12_certBag.x \ + asn1_id_pkcs12_crlBag.x \ + asn1_id_pkcs12_secretBag.x \ + asn1_id_pkcs12_safeContentsBag.x \ + asn1_PKCS12_MacData.x \ + asn1_PKCS12_PFX.x \ + asn1_PKCS12_AuthenticatedSafe.x \ + asn1_PKCS12_CertBag.x \ + asn1_PKCS12_Attribute.x \ + asn1_PKCS12_Attributes.x \ + asn1_PKCS12_SafeBag.x \ + asn1_PKCS12_SafeContents.x \ + asn1_PKCS12_OctetString.x \ + asn1_PKCS12_PBEParams.x + +GEN_DIGEST= asn1_DigestError.x \ + asn1_DigestInit.x \ + asn1_DigestInitReply.x \ + asn1_DigestREP.x \ + asn1_DigestREQ.x \ + asn1_DigestRepInner.x \ + asn1_DigestReqInner.x \ + asn1_DigestRequest.x \ + asn1_DigestResponse.x \ + asn1_DigestTypes.x \ + asn1_NTLMInit.x \ + asn1_NTLMInitReply.x \ + asn1_NTLMRequest.x \ + asn1_NTLMResponse.x + +GEN_KX509 = \ + asn1_Kx509Response.x \ + asn1_Kx509Request.x + +GEN+= ${GEN_RFC2459} +GEN+= ${GEN_CMS} +GEN+= ${GEN_K5} +GEN+= ${GEN_PKINIT} +GEN+= ${GEN_PKCS8} +GEN+= ${GEN_PKCS9} +GEN+= ${GEN_PKCS12} +GEN+= ${GEN_DIGEST} +GEN+= ${GEN_KX509} + +CLEANFILES= ${GEN} ${GEN:S/.x$/.c/} *_asn1_files + +GEN_ASN1=cms_asn1.h rfc2459_asn1.h krb5_asn1.h pkinit_asn1.h +GEN_ASN1+=pkcs8_asn1.h pkcs9_asn1.h pkcs12_asn1.h digest_asn1.h kx509_asn1.h +SRCS+= ${GEN_ASN1} +INCS+= ${GEN_ASN1} +CLEANFILES+=${GEN_ASN1} + +.ORDER: ${GEN} ${GEN_ASN1} + +${GEN_CMS} cms_asn1.h: CMS.asn1 ../../tools/asn1_compile/asn1_compile + ../../tools/asn1_compile/asn1_compile ${.ALLSRC:M*.asn1} cms_asn1 + +${GEN_RFC2459} rfc2459_asn1.h: rfc2459.asn1 ../../tools/asn1_compile/asn1_compile + ../../tools/asn1_compile/asn1_compile \ + --preserve-binary=TBSCertificate \ + --preserve-binary=TBSCRLCertList \ + --preserve-binary=Name \ + --sequence=GeneralNames \ + --sequence=Extensions \ + --sequence=CRLDistributionPoints ${.ALLSRC:M*.asn1} rfc2459_asn1 + +${GEN_K5} krb5_asn1.h: k5.asn1 ../../tools/asn1_compile/asn1_compile + ../../tools/asn1_compile/asn1_compile \ + --encode-rfc1510-bit-string \ + --sequence=KRB5SignedPathPrincipals \ + --sequence=AuthorizationData \ + --sequence=METHOD-DATA \ + --sequence=ETYPE-INFO \ + --sequence=ETYPE-INFO2 ${.ALLSRC:M*.asn1} krb5_asn1 + +${GEN_PKINIT} pkinit_asn1.h: pkinit.asn1 ../../tools/asn1_compile/asn1_compile + ../../tools/asn1_compile/asn1_compile ${.ALLSRC:M*.asn1} pkinit_asn1 + +${GEN_PKCS8} pkcs8_asn1.h: pkcs8.asn1 ../../tools/asn1_compile/asn1_compile + ../../tools/asn1_compile/asn1_compile ${.ALLSRC:M*.asn1} pkcs8_asn1 + +${GEN_PKCS9} pkcs9_asn1.h: pkcs9.asn1 ../../tools/asn1_compile/asn1_compile + ../../tools/asn1_compile/asn1_compile ${.ALLSRC:M*.asn1} pkcs9_asn1 + +${GEN_PKCS12} pkcs12_asn1.h: pkcs12.asn1 ../../tools/asn1_compile/asn1_compile + ../../tools/asn1_compile/asn1_compile ${.ALLSRC:M*.asn1} pkcs12_asn1 -CLEANFILES= ${GEN} ${GEN:S/.x$/.c/} krb5_asn1.h asn1_files +${GEN_DIGEST} digest_asn1.h: digest.asn1 ../../tools/asn1_compile/asn1_compile + ../../tools/asn1_compile/asn1_compile ${.ALLSRC:M*.asn1} digest_asn1 -.ORDER: ${GEN} krb5_asn1.h -${GEN} krb5_asn1.h: k5.asn1 ../../tools/asn1_compile/asn1_compile - ../../tools/asn1_compile/asn1_compile ${.ALLSRC:M*.asn1} krb5_asn1 +${GEN_KX509} kx509_asn1.h: kx509.asn1 ../../tools/asn1_compile/asn1_compile + ../../tools/asn1_compile/asn1_compile ${.ALLSRC:M*.asn1} kx509_asn1 ../../tools/asn1_compile/asn1_compile: cd ${.CURDIR}/../../tools/asn1_compile && ${MAKE} diff --git a/kerberos5/lib/libgssapi/Makefile b/kerberos5/lib/libgssapi/Makefile deleted file mode 100644 index 518b445..0000000 --- a/kerberos5/lib/libgssapi/Makefile +++ /dev/null @@ -1,58 +0,0 @@ -# $FreeBSD$ - -LIB= gssapi_krb5 -LDFLAGS= -Wl,-Bsymbolic -LDADD= -lkrb5 -lcrypto -lroken -lasn1 -lcom_err -lcrypt -DPADD= ${LIBKRB5} ${LIBCRYPTO} ${LIBROKEN} ${LIBASN1} ${LIBCOM_ERR} \ - ${LIBCRYPT} - -SRCS= 8003.c \ - accept_sec_context.c \ - acquire_cred.c \ - add_cred.c \ - add_oid_set_member.c \ - address_to_krb5addr.c \ - arcfour.c \ - canonicalize_name.c \ - compare_name.c \ - compat.c \ - context_time.c \ - copy_ccache.c \ - create_emtpy_oid_set.c \ - decapsulate.c \ - delete_sec_context.c \ - display_name.c \ - display_status.c \ - duplicate_name.c \ - encapsulate.c \ - export_name.c \ - export_sec_context.c \ - external.c \ - get_mic.c \ - import_name.c \ - import_sec_context.c \ - indicate_mechs.c \ - init.c \ - init_sec_context.c \ - inquire_context.c \ - inquire_cred.c \ - inquire_cred_by_mech.c \ - inquire_mechs_for_name.c \ - inquire_names_for_mech.c \ - process_context_token.c \ - release_buffer.c \ - release_cred.c \ - release_name.c \ - release_oid_set.c \ - test_oid_set_member.c \ - unwrap.c \ - v1.c \ - verify_mic.c \ - wrap.c - -CFLAGS+=-I${KRB5DIR}/lib/gssapi -I${KRB5DIR}/lib/krb5 \ - -I${KRB5DIR}/lib/asn1 -I${KRB5DIR}/lib/roken -I. - -.include <bsd.lib.mk> - -.PATH: ${KRB5DIR}/lib/gssapi diff --git a/kerberos5/lib/libgssapi_krb5/Makefile b/kerberos5/lib/libgssapi_krb5/Makefile new file mode 100644 index 0000000..b866d1b --- /dev/null +++ b/kerberos5/lib/libgssapi_krb5/Makefile @@ -0,0 +1,79 @@ +# $FreeBSD$ + +LIB= gssapi_krb5 +LDFLAGS= -Wl,-Bsymbolic +LDADD= -lkrb5 -lhx509 -lcrypto -lroken -lasn1 -lcom_err -lcrypt +DPADD= ${LIBKRB5} ${LIBHX509} ${LIBCRYPTO} ${LIBROKEN} ${LIBASN1} \ + ${LIBCOM_ERR} ${LIBCRYPT} + +INCS= ${KRB5DIR}/lib/gssapi/gssapi/gssapi_krb5.h +INCSDIR= ${INCLUDEDIR}/gssapi + +SRCS= 8003.c \ + accept_sec_context.c \ + acquire_cred.c \ + add_cred.c \ + address_to_krb5addr.c \ + arcfour.c \ + canonicalize_name.c \ + ccache_name.c \ + cfx.c \ + compare_name.c \ + compat.c \ + context_time.c \ + copy_ccache.c \ + decapsulate.c \ + delete_sec_context.c \ + display_name.c \ + display_status.c \ + duplicate_name.c \ + encapsulate.c \ + export_name.c \ + export_sec_context.c \ + external.c \ + get_mic.c \ + gkrb5_err.c \ + gkrb5_err.h \ + import_name.c \ + import_sec_context.c \ + indicate_mechs.c \ + init.c \ + init_sec_context.c \ + inquire_context.c \ + inquire_cred.c \ + inquire_cred_by_mech.c \ + inquire_cred_by_oid.c \ + inquire_mechs_for_name.c \ + inquire_names_for_mech.c \ + inquire_sec_context_by_oid.c \ + prefix.c \ + prf.c \ + process_context_token.c \ + release_buffer.c \ + release_cred.c \ + release_name.c \ + sequence.c \ + set_cred_option.c \ + set_sec_context_option.c \ + unwrap.c \ + v1.c \ + verify_mic.c \ + wrap.c \ + gss_krb5.c + +#SRCS+= gss_add_oid_set_member.c \ +# gss_create_empty_oid_set.c \ +# gss_release_buffer.c \ +# gss_release_oid_set.c \ +# gss_test_oid_set_member.c \ +# gss_utils.c + +CFLAGS+=-I${KRB5DIR}/lib/gssapi +CFLAGS+=-I${KRB5DIR}/lib/gssapi/krb5 +CFLAGS+=-I${KRB5DIR}/lib/krb5 +CFLAGS+=-I${KRB5DIR}/lib/asn1 +CFLAGS+=-I${KRB5DIR}/lib/roken -I. + +.include <bsd.lib.mk> + +.PATH: ${KRB5DIR}/lib/gssapi/krb5 ${.CURDIR}/../../../lib/libgssapi diff --git a/kerberos5/lib/libgssapi_krb5/gss_krb5.c b/kerberos5/lib/libgssapi_krb5/gss_krb5.c new file mode 100644 index 0000000..308efd7 --- /dev/null +++ b/kerberos5/lib/libgssapi_krb5/gss_krb5.c @@ -0,0 +1,831 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#include <gssapi/gssapi.h> +#include <gssapi/gssapi_krb5.h> + +/* RCSID("$Id: gss_krb5.c 21889 2007-08-09 07:43:24Z lha $"); */ + +#include <krb5.h> +#include <roken.h> + +OM_uint32 +gss_krb5_copy_ccache(OM_uint32 *minor_status, + gss_cred_id_t cred, + krb5_ccache out) +{ + gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET; + krb5_context context; + krb5_error_code kret; + krb5_ccache id; + OM_uint32 ret; + char *str; + + ret = gss_inquire_cred_by_oid(minor_status, + cred, + GSS_KRB5_COPY_CCACHE_X, + &data_set); + if (ret) + return ret; + + if (data_set == GSS_C_NO_BUFFER_SET || data_set->count != 1) { + gss_release_buffer_set(minor_status, &data_set); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + kret = krb5_init_context(&context); + if (kret) { + *minor_status = kret; + gss_release_buffer_set(minor_status, &data_set); + return GSS_S_FAILURE; + } + + kret = asprintf(&str, "%.*s", (int)data_set->elements[0].length, + (char *)data_set->elements[0].value); + gss_release_buffer_set(minor_status, &data_set); + if (kret == -1) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + kret = krb5_cc_resolve(context, str, &id); + free(str); + if (kret) { + *minor_status = kret; + return GSS_S_FAILURE; + } + + kret = krb5_cc_copy_cache(context, id, out); + krb5_cc_close(context, id); + krb5_free_context(context); + if (kret) { + *minor_status = kret; + return GSS_S_FAILURE; + } + + return ret; +} + +OM_uint32 +gss_krb5_import_cred(OM_uint32 *minor_status, + krb5_ccache id, + krb5_principal keytab_principal, + krb5_keytab keytab, + gss_cred_id_t *cred) +{ + gss_buffer_desc buffer; + OM_uint32 major_status; + krb5_context context; + krb5_error_code ret; + krb5_storage *sp; + krb5_data data; + char *str; + + *cred = GSS_C_NO_CREDENTIAL; + + ret = krb5_init_context(&context); + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + + sp = krb5_storage_emem(); + if (sp == NULL) { + *minor_status = ENOMEM; + major_status = GSS_S_FAILURE; + goto out; + } + + if (id) { + ret = krb5_cc_get_full_name(context, id, &str); + if (ret == 0) { + ret = krb5_store_string(sp, str); + free(str); + } + } else + ret = krb5_store_string(sp, ""); + if (ret) { + *minor_status = ret; + major_status = GSS_S_FAILURE; + goto out; + } + + if (keytab_principal) { + ret = krb5_unparse_name(context, keytab_principal, &str); + if (ret == 0) { + ret = krb5_store_string(sp, str); + free(str); + } + } else + krb5_store_string(sp, ""); + if (ret) { + *minor_status = ret; + major_status = GSS_S_FAILURE; + goto out; + } + + + if (keytab) { + ret = krb5_kt_get_full_name(context, keytab, &str); + if (ret == 0) { + ret = krb5_store_string(sp, str); + free(str); + } + } else + krb5_store_string(sp, ""); + if (ret) { + *minor_status = ret; + major_status = GSS_S_FAILURE; + goto out; + } + + ret = krb5_storage_to_data(sp, &data); + if (ret) { + *minor_status = ret; + major_status = GSS_S_FAILURE; + goto out; + } + + buffer.value = data.data; + buffer.length = data.length; + + major_status = gss_set_cred_option(minor_status, + cred, + GSS_KRB5_IMPORT_CRED_X, + &buffer); + krb5_data_free(&data); +out: + if (sp) + krb5_storage_free(sp); + krb5_free_context(context); + return major_status; +} + +OM_uint32 +gsskrb5_register_acceptor_identity(const char *identity) +{ + gss_buffer_desc buffer; + OM_uint32 junk; + + buffer.value = rk_UNCONST(identity); + buffer.length = strlen(identity); + + gss_set_sec_context_option(&junk, NULL, + GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X, &buffer); + + return (GSS_S_COMPLETE); +} + +OM_uint32 +gsskrb5_set_dns_canonicalize(int flag) +{ + gss_buffer_desc buffer; + OM_uint32 junk; + char b = (flag != 0); + + buffer.value = &b; + buffer.length = sizeof(b); + + gss_set_sec_context_option(&junk, NULL, + GSS_KRB5_SET_DNS_CANONICALIZE_X, &buffer); + + return (GSS_S_COMPLETE); +} + + + +static krb5_error_code +set_key(krb5_keyblock *keyblock, gss_krb5_lucid_key_t *key) +{ + key->type = keyblock->keytype; + key->length = keyblock->keyvalue.length; + key->data = malloc(key->length); + if (key->data == NULL && key->length != 0) + return ENOMEM; + memcpy(key->data, keyblock->keyvalue.data, key->length); + return 0; +} + +static void +free_key(gss_krb5_lucid_key_t *key) +{ + memset(key->data, 0, key->length); + free(key->data); + memset(key, 0, sizeof(*key)); +} + +OM_uint32 +gss_krb5_export_lucid_sec_context(OM_uint32 *minor_status, + gss_ctx_id_t *context_handle, + OM_uint32 version, + void **rctx) +{ + krb5_context context = NULL; + krb5_error_code ret; + gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET; + OM_uint32 major_status; + gss_krb5_lucid_context_v1_t *ctx = NULL; + krb5_storage *sp = NULL; + uint32_t num; + + if (context_handle == NULL + || *context_handle == GSS_C_NO_CONTEXT + || version != 1) + { + ret = EINVAL; + return GSS_S_FAILURE; + } + + major_status = + gss_inquire_sec_context_by_oid (minor_status, + *context_handle, + GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X, + &data_set); + if (major_status) + return major_status; + + if (data_set == GSS_C_NO_BUFFER_SET || data_set->count != 1) { + gss_release_buffer_set(minor_status, &data_set); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + ret = krb5_init_context(&context); + if (ret) + goto out; + + ctx = calloc(1, sizeof(*ctx)); + if (ctx == NULL) { + ret = ENOMEM; + goto out; + } + + sp = krb5_storage_from_mem(data_set->elements[0].value, + data_set->elements[0].length); + if (sp == NULL) { + ret = ENOMEM; + goto out; + } + + ret = krb5_ret_uint32(sp, &num); + if (ret) goto out; + if (num != 1) { + ret = EINVAL; + goto out; + } + ctx->version = 1; + /* initiator */ + ret = krb5_ret_uint32(sp, &ctx->initiate); + if (ret) goto out; + /* endtime */ + ret = krb5_ret_uint32(sp, &ctx->endtime); + if (ret) goto out; + /* send_seq */ + ret = krb5_ret_uint32(sp, &num); + if (ret) goto out; + ctx->send_seq = ((uint64_t)num) << 32; + ret = krb5_ret_uint32(sp, &num); + if (ret) goto out; + ctx->send_seq |= num; + /* recv_seq */ + ret = krb5_ret_uint32(sp, &num); + if (ret) goto out; + ctx->recv_seq = ((uint64_t)num) << 32; + ret = krb5_ret_uint32(sp, &num); + if (ret) goto out; + ctx->recv_seq |= num; + /* protocol */ + ret = krb5_ret_uint32(sp, &ctx->protocol); + if (ret) goto out; + if (ctx->protocol == 0) { + krb5_keyblock key; + + /* sign_alg */ + ret = krb5_ret_uint32(sp, &ctx->rfc1964_kd.sign_alg); + if (ret) goto out; + /* seal_alg */ + ret = krb5_ret_uint32(sp, &ctx->rfc1964_kd.seal_alg); + if (ret) goto out; + /* ctx_key */ + ret = krb5_ret_keyblock(sp, &key); + if (ret) goto out; + ret = set_key(&key, &ctx->rfc1964_kd.ctx_key); + krb5_free_keyblock_contents(context, &key); + if (ret) goto out; + } else if (ctx->protocol == 1) { + krb5_keyblock key; + + /* acceptor_subkey */ + ret = krb5_ret_uint32(sp, &ctx->cfx_kd.have_acceptor_subkey); + if (ret) goto out; + /* ctx_key */ + ret = krb5_ret_keyblock(sp, &key); + if (ret) goto out; + ret = set_key(&key, &ctx->cfx_kd.ctx_key); + krb5_free_keyblock_contents(context, &key); + if (ret) goto out; + /* acceptor_subkey */ + if (ctx->cfx_kd.have_acceptor_subkey) { + ret = krb5_ret_keyblock(sp, &key); + if (ret) goto out; + ret = set_key(&key, &ctx->cfx_kd.acceptor_subkey); + krb5_free_keyblock_contents(context, &key); + if (ret) goto out; + } + } else { + ret = EINVAL; + goto out; + } + + *rctx = ctx; + +out: + gss_release_buffer_set(minor_status, &data_set); + if (sp) + krb5_storage_free(sp); + if (context) + krb5_free_context(context); + + if (ret) { + if (ctx) + gss_krb5_free_lucid_sec_context(NULL, ctx); + + *minor_status = ret; + return GSS_S_FAILURE; + } + *minor_status = 0; + return GSS_S_COMPLETE; +} + +OM_uint32 +gss_krb5_free_lucid_sec_context(OM_uint32 *minor_status, void *c) +{ + gss_krb5_lucid_context_v1_t *ctx = c; + + if (ctx->version != 1) { + if (minor_status) + *minor_status = 0; + return GSS_S_FAILURE; + } + + if (ctx->protocol == 0) { + free_key(&ctx->rfc1964_kd.ctx_key); + } else if (ctx->protocol == 1) { + free_key(&ctx->cfx_kd.ctx_key); + if (ctx->cfx_kd.have_acceptor_subkey) + free_key(&ctx->cfx_kd.acceptor_subkey); + } + free(ctx); + if (minor_status) + *minor_status = 0; + return GSS_S_COMPLETE; +} + +/* + * + */ + +OM_uint32 +gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status, + gss_cred_id_t cred, + OM_uint32 num_enctypes, + int32_t *enctypes) +{ + krb5_error_code ret; + OM_uint32 maj_status; + gss_buffer_desc buffer; + krb5_storage *sp; + krb5_data data; + int i; + + sp = krb5_storage_emem(); + if (sp == NULL) { + *minor_status = ENOMEM; + maj_status = GSS_S_FAILURE; + goto out; + } + + for (i = 0; i < num_enctypes; i++) { + ret = krb5_store_int32(sp, enctypes[i]); + if (ret) { + *minor_status = ret; + maj_status = GSS_S_FAILURE; + goto out; + } + } + + ret = krb5_storage_to_data(sp, &data); + if (ret) { + *minor_status = ret; + maj_status = GSS_S_FAILURE; + goto out; + } + + buffer.value = data.data; + buffer.length = data.length; + + maj_status = gss_set_cred_option(minor_status, + &cred, + GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X, + &buffer); + krb5_data_free(&data); +out: + if (sp) + krb5_storage_free(sp); + return maj_status; +} + +/* + * + */ + +OM_uint32 +gsskrb5_set_send_to_kdc(struct gsskrb5_send_to_kdc *c) +{ + gss_buffer_desc buffer; + OM_uint32 junk; + + if (c) { + buffer.value = c; + buffer.length = sizeof(*c); + } else { + buffer.value = NULL; + buffer.length = 0; + } + + gss_set_sec_context_option(&junk, NULL, + GSS_KRB5_SEND_TO_KDC_X, &buffer); + + return (GSS_S_COMPLETE); +} + +/* + * + */ + +OM_uint32 +gss_krb5_ccache_name(OM_uint32 *minor_status, + const char *name, + const char **out_name) +{ + gss_buffer_desc buffer; + OM_uint32 junk; + + if (out_name) + *out_name = NULL; + + buffer.value = rk_UNCONST(name); + buffer.length = strlen(name); + + gss_set_sec_context_option(&junk, NULL, + GSS_KRB5_CCACHE_NAME_X, &buffer); + + return (GSS_S_COMPLETE); +} + + +/* + * + */ + +OM_uint32 +gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + time_t *authtime) +{ + gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET; + OM_uint32 maj_stat; + + if (context_handle == GSS_C_NO_CONTEXT) { + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + maj_stat = + gss_inquire_sec_context_by_oid (minor_status, + context_handle, + GSS_KRB5_GET_AUTHTIME_X, + &data_set); + if (maj_stat) + return maj_stat; + + if (data_set == GSS_C_NO_BUFFER_SET) { + gss_release_buffer_set(minor_status, &data_set); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + if (data_set->count != 1) { + gss_release_buffer_set(minor_status, &data_set); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + if (data_set->elements[0].length != 4) { + gss_release_buffer_set(minor_status, &data_set); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + { + unsigned char *buf = data_set->elements[0].value; + *authtime = (buf[3] <<24) | (buf[2] << 16) | + (buf[1] << 8) | (buf[0] << 0); + } + + gss_release_buffer_set(minor_status, &data_set); + + *minor_status = 0; + return GSS_S_COMPLETE; +} + +/* + * + */ + +OM_uint32 +gsskrb5_extract_authz_data_from_sec_context(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int ad_type, + gss_buffer_t ad_data) +{ + gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET; + OM_uint32 maj_stat; + gss_OID_desc oid_flat; + heim_oid baseoid, oid; + size_t size; + + if (context_handle == GSS_C_NO_CONTEXT) { + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + /* All this to append an integer to an oid... */ + + if (der_get_oid(GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X->elements, + GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X->length, + &baseoid, NULL) != 0) { + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + oid.length = baseoid.length + 1; + oid.components = calloc(oid.length, sizeof(*oid.components)); + if (oid.components == NULL) { + der_free_oid(&baseoid); + + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + memcpy(oid.components, baseoid.components, + baseoid.length * sizeof(*baseoid.components)); + + der_free_oid(&baseoid); + + oid.components[oid.length - 1] = ad_type; + + oid_flat.length = der_length_oid(&oid); + oid_flat.elements = malloc(oid_flat.length); + if (oid_flat.elements == NULL) { + free(oid.components); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + if (der_put_oid((unsigned char *)oid_flat.elements + oid_flat.length - 1, + oid_flat.length, &oid, &size) != 0) { + free(oid.components); + free(oid_flat.elements); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + if (oid_flat.length != size) + abort(); + + free(oid.components); + + /* FINALLY, we have the OID */ + + maj_stat = gss_inquire_sec_context_by_oid (minor_status, + context_handle, + &oid_flat, + &data_set); + + free(oid_flat.elements); + + if (maj_stat) + return maj_stat; + + if (data_set == GSS_C_NO_BUFFER_SET || data_set->count != 1) { + gss_release_buffer_set(minor_status, &data_set); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + ad_data->value = malloc(data_set->elements[0].length); + if (ad_data->value == NULL) { + gss_release_buffer_set(minor_status, &data_set); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + ad_data->length = data_set->elements[0].length; + memcpy(ad_data->value, data_set->elements[0].value, ad_data->length); + gss_release_buffer_set(minor_status, &data_set); + + *minor_status = 0; + return GSS_S_COMPLETE; +} + +/* + * + */ + +static OM_uint32 +gsskrb5_extract_key(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + const gss_OID oid, + krb5_keyblock **keyblock) +{ + krb5_error_code ret; + gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET; + OM_uint32 major_status; + krb5_context context = NULL; + krb5_storage *sp = NULL; + + if (context_handle == GSS_C_NO_CONTEXT) { + ret = EINVAL; + return GSS_S_FAILURE; + } + + ret = krb5_init_context(&context); + if(ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + + major_status = + gss_inquire_sec_context_by_oid (minor_status, + context_handle, + oid, + &data_set); + if (major_status) + return major_status; + + if (data_set == GSS_C_NO_BUFFER_SET || data_set->count != 1) { + gss_release_buffer_set(minor_status, &data_set); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + sp = krb5_storage_from_mem(data_set->elements[0].value, + data_set->elements[0].length); + if (sp == NULL) { + ret = ENOMEM; + goto out; + } + + *keyblock = calloc(1, sizeof(**keyblock)); + if (keyblock == NULL) { + ret = ENOMEM; + goto out; + } + + ret = krb5_ret_keyblock(sp, *keyblock); + +out: + gss_release_buffer_set(minor_status, &data_set); + if (sp) + krb5_storage_free(sp); + if (ret && keyblock) { + krb5_free_keyblock(context, *keyblock); + *keyblock = NULL; + } + if (context) + krb5_free_context(context); + + *minor_status = ret; + if (ret) + return GSS_S_FAILURE; + + return GSS_S_COMPLETE; +} + +/* + * + */ + +OM_uint32 +gsskrb5_extract_service_keyblock(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + krb5_keyblock **keyblock) +{ + return gsskrb5_extract_key(minor_status, + context_handle, + GSS_KRB5_GET_SERVICE_KEYBLOCK_X, + keyblock); +} + +OM_uint32 +gsskrb5_get_initiator_subkey(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + krb5_keyblock **keyblock) +{ + return gsskrb5_extract_key(minor_status, + context_handle, + GSS_KRB5_GET_INITIATOR_SUBKEY_X, + keyblock); +} + +OM_uint32 +gsskrb5_get_subkey(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + krb5_keyblock **keyblock) +{ + return gsskrb5_extract_key(minor_status, + context_handle, + GSS_KRB5_GET_SUBKEY_X, + keyblock); +} + +OM_uint32 +gsskrb5_set_default_realm(const char *realm) +{ + gss_buffer_desc buffer; + OM_uint32 junk; + + buffer.value = rk_UNCONST(realm); + buffer.length = strlen(realm); + + gss_set_sec_context_option(&junk, NULL, + GSS_KRB5_SET_DEFAULT_REALM_X, &buffer); + + return (GSS_S_COMPLETE); +} + +OM_uint32 +gss_krb5_get_tkt_flags(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + OM_uint32 *tkt_flags) +{ + + OM_uint32 major_status; + gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET; + + if (context_handle == GSS_C_NO_CONTEXT) { + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + major_status = + gss_inquire_sec_context_by_oid (minor_status, + context_handle, + GSS_KRB5_GET_TKT_FLAGS_X, + &data_set); + if (major_status) + return major_status; + + if (data_set == GSS_C_NO_BUFFER_SET || + data_set->count != 1 || + data_set->elements[0].length < 4) { + gss_release_buffer_set(minor_status, &data_set); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + { + const u_char *p = data_set->elements[0].value; + *tkt_flags = (p[0] << 0) | (p[1] << 8) | (p[2] << 16) | (p[3] << 24); + } + + gss_release_buffer_set(minor_status, &data_set); + return GSS_S_COMPLETE; +} + diff --git a/kerberos5/lib/libgssapi_krb5/prefix.c b/kerberos5/lib/libgssapi_krb5/prefix.c new file mode 100644 index 0000000..086b744 --- /dev/null +++ b/kerberos5/lib/libgssapi_krb5/prefix.c @@ -0,0 +1,33 @@ +/*- + * Copyright (c) 2008 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +const char * +_gss_name_prefix(void) +{ + return "_gsskrb5"; +} diff --git a/kerberos5/lib/libgssapi_ntlm/Makefile b/kerberos5/lib/libgssapi_ntlm/Makefile new file mode 100644 index 0000000..cbecc2d --- /dev/null +++ b/kerberos5/lib/libgssapi_ntlm/Makefile @@ -0,0 +1,44 @@ +# $FreeBSD$ + +LIB= gssapi_ntlm +LDFLAGS= -Wl,-Bsymbolic +LDADD= -lkrb5 -lhx509 -lheimntlm -lroken +DPADD= ${LIBKRB5} ${LIBHX509} ${LIBHEIMNTLM} ${LIBROKEN} + +SRCS= accept_sec_context.c \ + acquire_cred.c \ + add_cred.c \ + canonicalize_name.c \ + compare_name.c \ + context_time.c \ + crypto.c \ + delete_sec_context.c \ + display_name.c \ + display_status.c \ + duplicate_name.c \ + export_name.c \ + export_sec_context.c \ + external.c \ + ntlm.h \ + ntlm-private.h \ + import_name.c \ + import_sec_context.c \ + indicate_mechs.c \ + init_sec_context.c \ + inquire_context.c \ + inquire_cred.c \ + inquire_cred_by_mech.c \ + inquire_mechs_for_name.c \ + inquire_names_for_mech.c \ + prefix.c \ + process_context_token.c \ + release_cred.c \ + release_name.c \ + digest.c + +CFLAGS+=-I${KRB5DIR}/lib/gssapi +CFLAGS+=-I${KRB5DIR}/lib/ntlm + +.include <bsd.lib.mk> + +.PATH: ${KRB5DIR}/lib/gssapi/ntlm ${.CURDIR}/../../../lib/libgssapi diff --git a/kerberos5/lib/libgssapi_ntlm/prefix.c b/kerberos5/lib/libgssapi_ntlm/prefix.c new file mode 100644 index 0000000..68db641 --- /dev/null +++ b/kerberos5/lib/libgssapi_ntlm/prefix.c @@ -0,0 +1,33 @@ +/*- + * Copyright (c) 2008 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +const char * +_gss_name_prefix(void) +{ + return "_gss_ntlm"; +} diff --git a/kerberos5/lib/libgssapi_spnego/Makefile b/kerberos5/lib/libgssapi_spnego/Makefile new file mode 100644 index 0000000..af98880 --- /dev/null +++ b/kerberos5/lib/libgssapi_spnego/Makefile @@ -0,0 +1,48 @@ +# $FreeBSD$ + +LIB= gssapi_spnego +LDFLAGS= -Wl,-Bsymbolic +LDADD= -lasn1 +DPADD= ${LIBASN1} + +SRCS= accept_sec_context.c \ + compat.c \ + context_stubs.c \ + cred_stubs.c \ + external.c \ + init_sec_context.c \ + prefix.c \ + spnego_asn1.h \ + ${GEN:S/.x$/.c/} + +GEN= asn1_ContextFlags.x \ + asn1_MechType.x \ + asn1_MechTypeList.x \ + asn1_NegotiationToken.x \ + asn1_NegotiationTokenWin.x \ + asn1_NegHints.x \ + asn1_NegTokenInit.x \ + asn1_NegTokenInitWin.x \ + asn1_NegTokenResp.x + +CFLAGS+=-I${KRB5DIR}/lib/gssapi +CFLAGS+=-I${KRB5DIR}/lib/asn1 +CFLAGS+=-I${KRB5DIR}/lib/roken -I. + +CLEANFILES= ${GEN} ${GEN:S/.x$/.c/} spnego_asn1.h asn1_files + +.ORDER: ${GEN} spnego_asn1.h +${GEN} spnego_asn1.h: spnego.asn1 ../../tools/asn1_compile/asn1_compile + ../../tools/asn1_compile/asn1_compile --sequence=MechTypeList ${.ALLSRC:M*.asn1} spnego_asn1 + +../../tools/asn1_compile/asn1_compile: + cd ${.CURDIR}/../../tools/asn1_compile && ${MAKE} + +.for I in ${GEN} +${I:R}.c: ${I} + cat ${.ALLSRC} > ${.TARGET} +.endfor + +.include <bsd.lib.mk> + +.PATH: ${KRB5DIR}/lib/gssapi/spnego ${.CURDIR}/../../../lib/libgssapi diff --git a/kerberos5/lib/libgssapi_spnego/prefix.c b/kerberos5/lib/libgssapi_spnego/prefix.c new file mode 100644 index 0000000..575c951 --- /dev/null +++ b/kerberos5/lib/libgssapi_spnego/prefix.c @@ -0,0 +1,45 @@ +/*- + * Copyright (c) 2008 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#include <gssapi/gssapi.h> + +static gss_OID_desc gss_c_peer_has_updated_spnego_oid_desc = +{9, (void *)"\x2b\x06\x01\x04\x01\xa9\x4a\x13\x05"}; + +gss_OID GSS_C_PEER_HAS_UPDATED_SPNEGO = &gss_c_peer_has_updated_spnego_oid_desc; + +static gss_OID_desc gss_krb5_mechanism_oid_desc = +{9, (void *) "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"}; + +gss_OID GSS_KRB5_MECHANISM = &gss_krb5_mechanism_oid_desc; + +const char * +_gss_name_prefix(void) +{ + return "_gss_spnego"; +} diff --git a/kerberos5/lib/libhdb/Makefile b/kerberos5/lib/libhdb/Makefile index eef619f..75465d3 100644 --- a/kerberos5/lib/libhdb/Makefile +++ b/kerberos5/lib/libhdb/Makefile @@ -11,11 +11,14 @@ INCS= hdb-private.h \ SRCS= common.c \ db.c \ db3.c \ + dbinfo.c \ + ext.c \ hdb-ldap.c \ hdb.c \ hdb_asn1.h \ hdb_err.c \ hdb_err.h \ + keys.c \ keytab.c \ mkey.c \ ndbm.c \ @@ -24,13 +27,23 @@ SRCS= common.c \ CFLAGS+=-I${KRB5DIR}/lib/hdb -I${KRB5DIR}/lib/asn1 \ -I${KRB5DIR}/lib/roken -I. ${LDAPCFLAGS} +CFLAGS+=-DHDB_DB_DIR="\"/var/heimdal\"" -GEN= asn1_Event.x \ - asn1_GENERATION.x \ - asn1_HDBFlags.x \ +GEN= asn1_Salt.x \ asn1_Key.x \ - asn1_Salt.x \ - asn1_hdb_entry.x + asn1_Event.x \ + asn1_HDBFlags.x \ + asn1_GENERATION.x \ + asn1_HDB_Ext_PKINIT_acl.x \ + asn1_HDB_Ext_PKINIT_hash.x \ + asn1_HDB_Ext_Constrained_delegation_acl.x \ + asn1_HDB_Ext_Lan_Manager_OWF.x \ + asn1_HDB_Ext_Password.x \ + asn1_HDB_Ext_Aliases.x \ + asn1_HDB_extension.x \ + asn1_HDB_extensions.x \ + asn1_hdb_entry.x \ + asn1_hdb_entry_alias.x CLEANFILES= ${GEN} ${GEN:S/.x$/.c/} hdb_asn1.h asn1_files diff --git a/kerberos5/lib/libheimntlm/Makefile b/kerberos5/lib/libheimntlm/Makefile new file mode 100644 index 0000000..e223258 --- /dev/null +++ b/kerberos5/lib/libheimntlm/Makefile @@ -0,0 +1,11 @@ +# $FreeBSD$ + +LIB= heimntlm +SRCS= ntlm.c +INCS= heimntlm.h heimntlm-protos.h +CFLAGS+=-I${KRB5DIR}/lib/ntlm +VERSION_MAP= ${KRB5DIR}/lib/ntlm/version-script.map + +.include <bsd.lib.mk> + +.PATH: ${KRB5DIR}/lib/ntlm diff --git a/kerberos5/lib/libhx509/Makefile b/kerberos5/lib/libhx509/Makefile new file mode 100644 index 0000000..e94831a --- /dev/null +++ b/kerberos5/lib/libhx509/Makefile @@ -0,0 +1,103 @@ +# $FreeBSD$ + +LIB= hx509 +VERSION_MAP= ${KRB5DIR}/lib/hx509/version-script.map + +INCS= hx509-private.h \ + hx509-protos.h \ + hx509.h \ + hx509_err.h + +SRCS= ca.c \ + cert.c \ + cms.c \ + collector.c \ + crypto.c \ + doxygen.c \ + error.c \ + env.c \ + file.c \ + hx509-private.h \ + hx509-protos.h \ + hx509.h \ + hx_locl.h \ + keyset.c \ + ks_dir.c \ + ks_file.c \ + ks_mem.c \ + ks_null.c \ + ks_p11.c \ + ks_p12.c \ + ks_keychain.c \ + lock.c \ + name.c \ + peer.c \ + print.c \ + softp11.c \ + ref/pkcs11.h \ + req.c \ + revoke.c + +SRCS+= hx509_err.c \ + hx509_err.h + +SRCS+= ${GEN:S/.x$/.c/} + +CFLAGS+=-I${KRB5DIR}/lib/hx509 +CFLAGS+=-I${KRB5DIR}/lib/hx509/ref +CFLAGS+=-I${KRB5DIR}/lib/asn1 +CFLAGS+=-I${KRB5DIR}/lib/roken -I. + +GEN_OCSP= \ + asn1_OCSPBasicOCSPResponse.x \ + asn1_OCSPCertID.x \ + asn1_OCSPCertStatus.x \ + asn1_OCSPInnerRequest.x \ + asn1_OCSPKeyHash.x \ + asn1_OCSPRequest.x \ + asn1_OCSPResponderID.x \ + asn1_OCSPResponse.x \ + asn1_OCSPResponseBytes.x \ + asn1_OCSPResponseData.x \ + asn1_OCSPResponseStatus.x \ + asn1_OCSPSignature.x \ + asn1_OCSPSingleResponse.x \ + asn1_OCSPTBSRequest.x \ + asn1_OCSPVersion.x \ + asn1_id_pkix_ocsp.x \ + asn1_id_pkix_ocsp_basic.x \ + asn1_id_pkix_ocsp_nonce.x + +GEN_PKCS10= \ + asn1_CertificationRequestInfo.x \ + asn1_CertificationRequest.x + +GEN+= ${GEN_OCSP} +GEN+= ${GEN_PKCS10} + +CLEANFILES= ${GEN} ${GEN:S/.x$/.c/} asn1_files + +GEN_ASN1=ocsp_asn1.h pkcs10_asn1.h +CLEANFILES+=${GEN_ASN1} +SRCS+=${GEN_ASN1} +INCS+=${GEN_ASN1} + +.ORDER: ${GEN} ${GEN_ASN1} + +${GEN_OCSP} ocsp_asn1.h: ocsp.asn1 ../../tools/asn1_compile/asn1_compile + ../../tools/asn1_compile/asn1_compile --preserve-binary=OCSPTBSRequest --preserve-binary=OCSPResponseData ${.ALLSRC:M*.asn1} ocsp_asn1 + +${GEN_PKCS10} pkcs10_asn1.h: pkcs10.asn1 ../../tools/asn1_compile/asn1_compile + ../../tools/asn1_compile/asn1_compile ${.ALLSRC:M*.asn1} pkcs10_asn1 + +../../tools/asn1_compile/asn1_compile: + cd ${.CURDIR}/../../tools/asn1_compile && ${MAKE} + +.for I in ${GEN} +${I:R}.c: ${I} + cat ${.ALLSRC} > ${.TARGET} +.endfor + +.include <bsd.lib.mk> + +.PATH: ${KRB5DIR}/lib/hx509 ${KRB5DIR}/lib/asn1 diff --git a/kerberos5/lib/libkadm5clnt/Makefile b/kerberos5/lib/libkadm5clnt/Makefile index 32cc80b..3390866 100644 --- a/kerberos5/lib/libkadm5clnt/Makefile +++ b/kerberos5/lib/libkadm5clnt/Makefile @@ -10,7 +10,8 @@ INCS= admin.h \ INCSDIR=${INCLUDEDIR}/kadm5 -SRCS= chpass_c.c \ +SRCS= ad.c \ + chpass_c.c \ client_glue.c \ common_glue.c \ create_c.c \ diff --git a/kerberos5/lib/libkadm5srv/Makefile b/kerberos5/lib/libkadm5srv/Makefile index 086cb8f..c0be477 100644 --- a/kerberos5/lib/libkadm5srv/Makefile +++ b/kerberos5/lib/libkadm5srv/Makefile @@ -1,6 +1,7 @@ # $FreeBSD$ LIB= kadm5srv +VERSION_MAP= ${KRB5DIR}/lib/kadm5/version-script.map SRCS= acl.c \ bump_pw_expire.c \ diff --git a/kerberos5/lib/libkafs5/Makefile b/kerberos5/lib/libkafs5/Makefile index 337c642..e0e0b30 100644 --- a/kerberos5/lib/libkafs5/Makefile +++ b/kerberos5/lib/libkafs5/Makefile @@ -19,7 +19,7 @@ MLINKS= kafs5.3 k_afs_cell_of_file.3 \ kafs5.3 krb_afslog.3 \ kafs5.3 krb_afslog_uid.3 -SRCS= afssys.c afskrb5.c common.c +SRCS= afssys.c afskrb5.c common.c krb5_err.h CFLAGS+=-I${KRB5DIR}/lib/kafs -I${KRB5DIR}/lib/krb5 -I${KRB5DIR}/lib/roken CLEANFILES= kafs5.3 diff --git a/kerberos5/lib/libkrb5/Makefile b/kerberos5/lib/libkrb5/Makefile index 40cddc3..5ba011b 100644 --- a/kerberos5/lib/libkrb5/Makefile +++ b/kerberos5/lib/libkrb5/Makefile @@ -1,45 +1,76 @@ # $FreeBSD$ LIB= krb5 +VERSION_MAP= ${KRB5DIR}/lib/krb5/version-script.map INCS= heim_err.h \ + heim_threads.h \ k524_err.h \ krb5-protos.h \ krb5-types.h \ krb5.h \ - krb5_err.h + krb5_err.h \ + krb5-v4compat.h \ + krb_err.h MAN= krb5.3 \ + krb524_convert_creds_kdc.3 \ krb5_425_conv_principal.3 \ + krb5_acl_match_file.3 \ krb5_address.3 \ krb5_aname_to_localname.3 \ krb5_appdefault.3 \ krb5_auth_context.3 \ - krb5_build_principal.3 \ + krb5_c_make_checksum.3 \ krb5_ccache.3 \ + krb5_check_transited.3 \ + krb5_compare_creds.3 \ krb5_config.3 \ krb5_context.3 \ krb5_create_checksum.3 \ + krb5_creds.3 \ krb5_crypto_init.3 \ krb5_data.3 \ + krb5_digest.3 \ + krb5_eai_to_heim_errno.3 \ krb5_encrypt.3 \ - krb5_free_addresses.3 \ - krb5_free_principal.3 \ + krb5_expand_hostname.3 \ + krb5_find_padata.3 \ + krb5_generate_random_block.3 \ krb5_get_all_client_addrs.3 \ + krb5_get_credentials.3 \ + krb5_get_creds.3 \ + krb5_get_forwarded_creds.3 \ + krb5_get_in_cred.3 \ + krb5_get_init_creds.3 \ krb5_get_krbhst.3 \ + krb5_getportbyname.3 \ krb5_init_context.3 \ + krb5_is_thread_safe.3 \ + krb5_keyblock.3 \ krb5_keytab.3 \ krb5_krbhst_init.3 \ krb5_kuserok.3 \ + krb5_mk_req.3 \ + krb5_mk_safe.3 \ krb5_openlog.3 \ krb5_parse_name.3 \ - krb5_principal_get_realm.3 \ + krb5_principal.3 \ + krb5_rcache.3 \ + krb5_rd_error.3 \ + krb5_rd_safe.3 \ krb5_set_default_realm.3 \ - krb5_sname_to_principal.3 \ + krb5_set_password.3 \ + krb5_storage.3 \ + krb5_string_to_key.3 \ + krb5_ticket.3 \ krb5_timeofday.3 \ krb5_unparse_name.3 \ + krb5_verify_init_creds.3 \ krb5_verify_user.3 \ - krb5_warn.3 + krb5_warn.3 \ + verify_krb5_conf.8 + MAN+= krb5.conf.5 MAN+= kerberos.8 @@ -209,7 +240,8 @@ MLINKS= krb5_425_conv_principal.3 krb5_425_conv_principal_ext.3 \ krb5_warn.3 krb5_vwarnx.3 \ krb5_warn.3 krb5_warnx.3 -SRCS= acl.c \ +SRCS= acache.c \ + acl.c \ add_et_list.c \ addr_families.c \ aname_to_localname.c \ @@ -231,6 +263,7 @@ SRCS= acl.c \ creds.c \ crypto.c \ data.c \ + digest.c \ eai_to_heim_errno.c \ error_string.c \ expand_hostname.c \ @@ -250,12 +283,11 @@ SRCS= acl.c \ get_in_tkt_with_keytab.c \ get_in_tkt_with_skey.c \ get_port.c \ - heim_err.c \ - heim_err.h \ + heim_threads.h \ init_creds.c \ init_creds_pw.c \ - k524_err.c \ - k524_err.h \ + kcm.c \ + kcm.h \ keyblock.c \ keytab.c \ keytab_any.c \ @@ -263,8 +295,8 @@ SRCS= acl.c \ keytab_keyfile.c \ keytab_krb4.c \ keytab_memory.c \ - krb5_err.c \ - krb5_err.h \ + krb5_locl.h \ + krb5-v4compat.h \ krbhst.c \ kuserok.c \ log.c \ @@ -276,10 +308,13 @@ SRCS= acl.c \ mk_req.c \ mk_req_ext.c \ mk_safe.c \ + mit_glue.c \ n-fold.c \ net_read.c \ net_write.c \ + pac.c \ padata.c \ + pkinit.c \ principal.c \ prog_setup.c \ prompter_posix.c \ @@ -297,20 +332,32 @@ SRCS= acl.c \ set_default_realm.c \ sock_principal.c \ store.c \ + store-int.h \ store_emem.c \ store_fd.c \ store_mem.c \ + plugin.c \ ticket.c \ time.c \ transited.c \ + v4_glue.c \ verify_init.c \ verify_user.c \ version.c \ warn.c \ write_message.c +SRCS+= heim_err.c \ + heim_err.h \ + k524_err.c \ + k524_err.h \ + krb5_err.c \ + krb5_err.h \ + krb_err.c \ + krb_err.h + CFLAGS+=-I${KRB5DIR}/lib/krb5 -I${KRB5DIR}/lib/asn1 -I${KRB5DIR}/lib/roken -I. .include <bsd.lib.mk> -.PATH: ${KRB5DIR}/lib/krb5 ${.CURDIR}/../../include +.PATH: ${KRB5DIR}/lib/krb5 ${KRB5DIR}/lib/asn1 ${.CURDIR}/../../include diff --git a/kerberos5/lib/libroken/Makefile b/kerberos5/lib/libroken/Makefile index fceb6ec..952740e 100644 --- a/kerberos5/lib/libroken/Makefile +++ b/kerberos5/lib/libroken/Makefile @@ -1,13 +1,14 @@ # $FreeBSD$ LIB= roken -SHLIB_MAJOR= 9 INCS= roken.h roken-common.h SRCS= base64.c \ bswap.c \ + closefrom.c \ concat.c \ copyhostent.c \ + dumpdata.c \ ecalloc.c \ emalloc.c \ environment.c \ @@ -21,6 +22,7 @@ SRCS= base64.c \ getaddrinfo_hostspec.c \ getarg.c \ getnameinfo_verified.c \ + hex.c \ hostent_find_fqdn.c \ issuid.c \ k_getpwnam.c \ @@ -43,6 +45,7 @@ SRCS= base64.c \ strlwr.c \ strndup.c \ strnlen.c \ + strpool.c \ strsep_copy.c \ strupr.c \ timeval.c \ |