diff options
| author | dfr <dfr@FreeBSD.org> | 2008-05-07 13:53:12 +0000 |
|---|---|---|
| committer | dfr <dfr@FreeBSD.org> | 2008-05-07 13:53:12 +0000 |
| commit | be0348cb75cae58cd1683f6fdbff884cb9bc405b (patch) | |
| tree | 1338a6c0e5d3e7c3b0da720ac15cd79fc72c6b5a /kerberos5 | |
| parent | 52bf09d8197dd1ec84e1ab72684f2058f0eae9e1 (diff) | |
| download | FreeBSD-src-be0348cb75cae58cd1683f6fdbff884cb9bc405b.zip FreeBSD-src-be0348cb75cae58cd1683f6fdbff884cb9bc405b.tar.gz | |
Fix conflicts after heimdal-1.1 import and add build infrastructure. Import
all non-style changes made by heimdal to our own libgssapi.
Diffstat (limited to 'kerberos5')
43 files changed, 2114 insertions, 292 deletions
diff --git a/kerberos5/Makefile.inc b/kerberos5/Makefile.inc index 2dc6739..2330979 100644 --- a/kerberos5/Makefile.inc +++ b/kerberos5/Makefile.inc @@ -25,7 +25,10 @@ ETSRCS= \ ${KRB5DIR}/lib/kadm5/kadm5_err.et \ ${KRB5DIR}/lib/krb5/heim_err.et \ ${KRB5DIR}/lib/krb5/k524_err.et \ - ${KRB5DIR}/lib/krb5/krb5_err.et + ${KRB5DIR}/lib/krb5/krb5_err.et \ + ${KRB5DIR}/lib/krb5/krb_err.et \ + ${KRB5DIR}/lib/gssapi/krb5/gkrb5_err.et \ + ${KRB5DIR}/lib/hx509/hx509_err.et .for ET in ${ETSRCS} .for _ET in ${ET:T:R} diff --git a/kerberos5/include/config.h b/kerberos5/include/config.h index fd7ad26..4484060 100644 --- a/kerberos5/include/config.h +++ b/kerberos5/include/config.h @@ -1,5 +1,5 @@ -/* include/config.h. Generated automatically by configure. */ -/* include/config.h.in. Generated automatically from configure.in by autoheader. */ +/* include/config.h. Generated from config.h.in by configure. */ +/* include/config.h.in. Generated from configure.in by autoheader. */ /* $FreeBSD$ */ @@ -10,34 +10,40 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } #endif -#define BINDIR "/usr/bin" -#define LIBDIR "/usr/lib" -#define LIBEXECDIR "/usr/libexec" -#define SBINDIR "/usr/sbin" -#define SYSCONFDIR "/etc" - -#define HAVE_INT8_T 1 -#define HAVE_INT16_T 1 -#define HAVE_INT32_T 1 -#define HAVE_INT64_T 1 -#define HAVE_U_INT8_T 1 -#define HAVE_U_INT16_T 1 -#define HAVE_U_INT32_T 1 -#define HAVE_U_INT64_T 1 -#define HAVE_UINT8_T 1 -#define HAVE_UINT16_T 1 -#define HAVE_UINT32_T 1 -#define HAVE_UINT64_T 1 - /* Maximum values on all known systems */ #define MaxHostNameLen (64+4) #define MaxPathLen (1024+4) +#ifdef BUILD_KRB5_LIB +#ifndef KRB5_LIB_FUNCTION +#ifdef _WIN32_ +#define KRB5_LIB_FUNCTION _export _stdcall +#else +#define KRB5_LIB_FUNCTION +#endif +#endif +#endif + + +#ifdef BUILD_ROKEN_LIB +#ifndef ROKEN_LIB_FUNCTION +#ifdef _WIN32_ +#define ROKEN_LIB_FUNCTION _export _stdcall +#else +#define ROKEN_LIB_FUNCTION +#endif +#endif +#endif + + /* Define if you want authentication support in telnet. */ #define AUTHENTICATION 1 +/* path to bin */ +#define BINDIR "/usr/bin" + /* Define if realloc(NULL) doesn't work. */ /* #undef BROKEN_REALLOC */ @@ -50,6 +56,12 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define this to enable diagnostics in telnet. */ #define DIAGNOSTICS 1 +/* Define if want to use the weak AFS string to key functions. */ +#define ENABLE_AFS_STRING_TO_KEY 1 + +/* Define if you want have a thread safe libraries */ +/* #undef ENABLE_PTHREAD_SUPPORT */ + /* Define if you want encryption support in telnet. */ #define ENCRYPTION 1 @@ -61,7 +73,7 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* define if prototype of gethostbyaddr is compatible with struct hostent *gethostbyaddr(const void *, size_t, int) */ -/* #undef GETHOSTBYADDR_PROTO_COMPATIBLE */ +#define GETHOSTBYADDR_PROTO_COMPATIBLE 1 /* define if prototype of gethostbyname is compatible with struct hostent *gethostbyname(const char *) */ @@ -78,8 +90,8 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define if you have the `altzone' variable. */ /* #undef HAVE_ALTZONE */ -/* define if your system declares altzone */ -/* #undef HAVE_ALTZONE_DECLARATION */ +/* Define to 1 if you have the `arc4random' function. */ +#define HAVE_ARC4RANDOM 1 /* Define to 1 if you have the <arpa/ftp.h> header file. */ #define HAVE_ARPA_FTP_H 1 @@ -126,6 +138,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define if you have the function `chown'. */ #define HAVE_CHOWN 1 +/* Define if you have the function `closefrom'. */ +/* #undef HAVE_CLOSEFROM */ + /* Define to 1 if you have the <config.h> header file. */ /* #undef HAVE_CONFIG_H */ @@ -177,6 +192,54 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* define if you have ndbm compat in db */ /* #undef HAVE_DB_NDBM */ +/* Define to 1 if you have the declaration of `altzone', and to 0 if you + don't. */ +/* #undef HAVE_DECL_ALTZONE */ + +/* Define to 1 if you have the declaration of `environ', and to 0 if you + don't. */ +#define HAVE_DECL_ENVIRON 0 + +/* Define to 1 if you have the declaration of `h_errlist', and to 0 if you + don't. */ +#define HAVE_DECL_H_ERRLIST 0 + +/* Define to 1 if you have the declaration of `h_errno', and to 0 if you + don't. */ +#define HAVE_DECL_H_ERRNO 1 + +/* Define to 1 if you have the declaration of `h_nerr', and to 0 if you don't. + */ +/* #undef HAVE_DECL_H_NERR */ + +/* Define to 1 if you have the declaration of `optarg', and to 0 if you don't. + */ +#define HAVE_DECL_OPTARG 1 + +/* Define to 1 if you have the declaration of `opterr', and to 0 if you don't. + */ +#define HAVE_DECL_OPTERR 1 + +/* Define to 1 if you have the declaration of `optind', and to 0 if you don't. + */ +#define HAVE_DECL_OPTIND 1 + +/* Define to 1 if you have the declaration of `optopt', and to 0 if you don't. + */ +#define HAVE_DECL_OPTOPT 1 + +/* Define to 1 if you have the declaration of `timezone', and to 0 if you + don't. */ +#define HAVE_DECL_TIMEZONE 1 + +/* Define to 1 if you have the declaration of `_res', and to 0 if you don't. + */ +#define HAVE_DECL__RES 1 + +/* Define to 1 if you have the declaration of `__progname', and to 0 if you + don't. */ +#define HAVE_DECL___PROGNAME 0 + /* Define to 1 if you have the <dirent.h> header file. */ #define HAVE_DIRENT_H 1 @@ -189,6 +252,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define to 1 if you have the `dn_expand' function. */ #define HAVE_DN_EXPAND 1 +/* Define to 1 if you have the `door_create' function. */ +/* #undef HAVE_DOOR_CREATE */ + /* Define if you have the function `ecalloc'. */ /* #undef HAVE_ECALLOC */ @@ -198,9 +264,6 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define if you have the function `emalloc'. */ /* #undef HAVE_EMALLOC */ -/* define if your system declares environ */ -/* #undef HAVE_ENVIRON_DECLARATION */ - /* Define if you have the function `erealloc'. */ /* #undef HAVE_EREALLOC */ @@ -238,12 +301,10 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } #define HAVE_FNMATCH_H 1 /* Define if el_init takes four arguments. */ -#if __FreeBSD_version >= 500024 #define HAVE_FOUR_VALUED_EL_INIT 1 -#endif -/* define if krb_put_int takes four arguments. */ -#define HAVE_FOUR_VALUED_KRB_PUT_INT 1 +/* Have -framework Security */ +/* #undef HAVE_FRAMEWORK_SECURITY */ /* Define to 1 if you have the `freeaddrinfo' function. */ #define HAVE_FREEADDRINFO 1 @@ -311,16 +372,17 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define to 1 if you have the `getpagesize' function. */ #define HAVE_GETPAGESIZE 1 +/* Define to 1 if you have the `getpeereid' function. */ +#define HAVE_GETPEEREID 1 + +/* Define to 1 if you have the `getpeerucred' function. */ +/* #undef HAVE_GETPEERUCRED */ + /* Define to 1 if you have the `getprogname' function. */ -#if (__FreeBSD_version >= 430002 && __FreeBSD_version < 500000) || \ - __FreeBSD_version >= 500019 #define HAVE_GETPROGNAME 1 -#endif /* Define to 1 if you have the `getpwnam_r' function. */ -#if __FreeBSD_version >= 500112 #define HAVE_GETPWNAM_R 1 -#endif /* Define to 1 if you have the `getrlimit' function. */ #define HAVE_GETRLIMIT 1 @@ -348,9 +410,7 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } #define HAVE_GLOB 1 /* Define to 1 if you have the `grantpt' function. */ -#if __FreeBSD_version >= 500100 #define HAVE_GRANTPT 1 -#endif /* Define to 1 if you have the <grp.h> header file. */ #define HAVE_GRP_H 1 @@ -361,20 +421,11 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define if you have the `h_errlist' variable. */ #define HAVE_H_ERRLIST 1 -/* define if your system declares h_errlist */ -/* #undef HAVE_H_ERRLIST_DECLARATION */ - /* Define if you have the `h_errno' variable. */ #define HAVE_H_ERRNO 1 -/* define if your system declares h_errno */ -#define HAVE_H_ERRNO_DECLARATION 1 - /* Define if you have the `h_nerr' variable. */ -#define HAVE_H_NERR 1 - -/* define if your system declares h_nerr */ -/* #undef HAVE_H_NERR_DECLARATION */ +/* #undef HAVE_H_NERR */ /* Define to 1 if you have the <ifaddrs.h> header file. */ #define HAVE_IFADDRS_H 1 @@ -400,6 +451,18 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define if you have the function `innetgr'. */ #define HAVE_INNETGR 1 +/* Define to 1 if the system has the type `int16_t'. */ +#define HAVE_INT16_T 1 + +/* Define to 1 if the system has the type `int32_t'. */ +#define HAVE_INT32_T 1 + +/* Define to 1 if the system has the type `int64_t'. */ +#define HAVE_INT64_T 1 + +/* Define to 1 if the system has the type `int8_t'. */ +#define HAVE_INT8_T 1 + /* Define to 1 if you have the <inttypes.h> header file. */ #define HAVE_INTTYPES_H 1 @@ -415,20 +478,8 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define to 1 if you have the `issetugid' function. */ #define HAVE_ISSETUGID 1 -/* Define to 1 if you have the `krb_disable_debug' function. */ -/* #undef HAVE_KRB_DISABLE_DEBUG */ - -/* Define to 1 if you have the `krb_enable_debug' function. */ -/* #undef HAVE_KRB_ENABLE_DEBUG */ - -/* Define to 1 if you have the `krb_get_kdc_time_diff' function. */ -/* #undef HAVE_KRB_GET_KDC_TIME_DIFF */ - -/* Define to 1 if you have the `krb_get_our_ip_for_realm' function. */ -/* #undef HAVE_KRB_GET_OUR_IP_FOR_REALM */ - -/* Define to 1 if you have the `krb_kdctimeofday' function. */ -/* #undef HAVE_KRB_KDCTIMEOFDAY */ +/* Define if you want to use the Kerberos Credentials Manager. */ +#define HAVE_KCM 1 /* Define to 1 if you have the <libutil.h> header file. */ #define HAVE_LIBUTIL_H 1 @@ -488,7 +539,7 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* #undef HAVE_NETINET6_IN6_H */ /* Define to 1 if you have the <netinet6/in6_var.h> header file. */ -#define HAVE_NETINET6_IN6_VAR_H 1 +/* #undef HAVE_NETINET6_IN6_VAR_H */ /* Define to 1 if you have the <netinet/in6.h> header file. */ /* #undef HAVE_NETINET_IN6_H */ @@ -520,9 +571,6 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define if NDBM really is DB (creates files *.db) */ #define HAVE_NEW_DB 1 -/* define if you have hash functions like md4_finito() */ -/* #undef HAVE_OLD_HASH_NAMES */ - /* Define to 1 if you have the `on_exit' function. */ /* #undef HAVE_ON_EXIT */ @@ -532,18 +580,6 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* define to use openssl's libcrypto */ #define HAVE_OPENSSL 1 -/* define if your system declares optarg */ -#define HAVE_OPTARG_DECLARATION 1 - -/* define if your system declares opterr */ -#define HAVE_OPTERR_DECLARATION 1 - -/* define if your system declares optind */ -#define HAVE_OPTIND_DECLARATION 1 - -/* define if your system declares optopt */ -#define HAVE_OPTOPT_DECLARATION 1 - /* Define to enable basic OSF C2 support. */ /* #undef HAVE_OSFC2 */ @@ -553,13 +589,17 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define to 1 if you have the `pidfile' function. */ /* #undef HAVE_PIDFILE */ +/* Define to 1 if you have the `poll' function. */ +#define HAVE_POLL 1 + +/* Define to 1 if you have the <poll.h> header file. */ +#define HAVE_POLL_H 1 + /* Define to 1 if you have the <pthread.h> header file. */ #define HAVE_PTHREAD_H 1 /* Define to 1 if you have the `ptsname' function. */ -#if __FreeBSD_version >= 500100 #define HAVE_PTSNAME 1 -#endif /* Define to 1 if you have the <pty.h> header file. */ /* #undef HAVE_PTY_H */ @@ -591,8 +631,11 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define to 1 if you have the <resolv.h> header file. */ #define HAVE_RESOLV_H 1 +/* Define to 1 if you have the `res_ndestroy' function. */ +#define HAVE_RES_NDESTROY 1 + /* Define to 1 if you have the `res_nsearch' function. */ -/* #undef HAVE_RES_NSEARCH */ +#define HAVE_RES_NSEARCH 1 /* Define to 1 if you have the `res_search' function. */ #define HAVE_RES_SEARCH 1 @@ -646,10 +689,7 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } #define HAVE_SETPROCTITLE 1 /* Define to 1 if you have the `setprogname' function. */ -#if (__FreeBSD_version >= 430002 && __FreeBSD_version < 500000) || \ - __FreeBSD_version >= 500019 #define HAVE_SETPROGNAME 1 -#endif /* Define to 1 if you have the `setregid' function. */ #define HAVE_SETREGID 1 @@ -709,9 +749,7 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* #undef HAVE_STANDARDS_H */ /* Define to 1 if you have the <stdint.h> header file. */ -#if __FreeBSD_version >= 500028 #define HAVE_STDINT_H 1 -#endif /* Define to 1 if you have the <stdlib.h> header file. */ #define HAVE_STDLIB_H 1 @@ -953,6 +991,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define to 1 if you have the <sys/types.h> header file. */ #define HAVE_SYS_TYPES_H 1 +/* Define to 1 if you have the <sys/ucred.h> header file. */ +#define HAVE_SYS_UCRED_H 1 + /* Define to 1 if you have the <sys/uio.h> header file. */ #define HAVE_SYS_UIO_H 1 @@ -980,15 +1021,12 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define to 1 if you have the `tgetent' function. */ #define HAVE_TGETENT 1 -/* Define to 1 if you have the `timegm' function. */ +/* Define if you have the function `timegm'. */ #define HAVE_TIMEGM 1 /* Define if you have the `timezone' variable. */ #define HAVE_TIMEZONE 1 -/* define if your system declares timezone */ -#define HAVE_TIMEZONE_DECLARATION 1 - /* Define to 1 if you have the <time.h> header file. */ #define HAVE_TIME_H 1 @@ -1004,6 +1042,21 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define to 1 if you have the <udb.h> header file. */ /* #undef HAVE_UDB_H */ +/* Define to 1 if the system has the type `uint16_t'. */ +#define HAVE_UINT16_T 1 + +/* Define to 1 if the system has the type `uint32_t'. */ +#define HAVE_UINT32_T 1 + +/* Define to 1 if the system has the type `uint64_t'. */ +#define HAVE_UINT64_T 1 + +/* Define to 1 if the system has the type `uint8_t'. */ +#define HAVE_UINT8_T 1 + +/* Define to 1 if the system has the type `uintptr_t'. */ +#define HAVE_UINTPTR_T 1 + /* Define to 1 if you have the `umask' function. */ #define HAVE_UMASK 1 @@ -1014,9 +1067,7 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } #define HAVE_UNISTD_H 1 /* Define to 1 if you have the `unlockpt' function. */ -#if __FreeBSD_version >= 500100 #define HAVE_UNLOCKPT 1 -#endif /* Define if you have the function `unsetenv'. */ #define HAVE_UNSETENV 1 @@ -1039,6 +1090,18 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define to 1 if you have the <utmp.h> header file. */ #define HAVE_UTMP_H 1 +/* Define to 1 if the system has the type `u_int16_t'. */ +#define HAVE_U_INT16_T 1 + +/* Define to 1 if the system has the type `u_int32_t'. */ +#define HAVE_U_INT32_T 1 + +/* Define to 1 if the system has the type `u_int64_t'. */ +#define HAVE_U_INT64_T 1 + +/* Define to 1 if the system has the type `u_int8_t'. */ +#define HAVE_U_INT8_T 1 + /* Define to 1 if you have the `vasnprintf' function. */ /* #undef HAVE_VASNPRINTF */ @@ -1105,9 +1168,6 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define if you have the `_res' variable. */ #define HAVE__RES 1 -/* define if your system declares _res */ -#define HAVE__RES_DECLARATION 1 - /* Define to 1 if you have the `_scrsize' function. */ /* #undef HAVE__SCRSIZE */ @@ -1117,9 +1177,6 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define if you have the `__progname' variable. */ #define HAVE___PROGNAME 1 -/* define if your system declares __progname */ -/* #undef HAVE___PROGNAME_DECLARATION */ - /* Define if you have the hesiod package. */ /* #undef HESIOD */ @@ -1129,20 +1186,14 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Enable Kerberos 5 support in applications. */ #define KRB5 1 -/* Define if krb_mk_req takes const char * */ -/* #undef KRB_MK_REQ_CONST */ - -/* This is the krb4 sendauth version. */ -/* #undef KRB_SENDAUTH_VERS */ - -/* Define to zero if your krb.h doesn't */ -/* #undef KRB_VERIFY_NOT_SECURE */ +/* path to lib */ +#define LIBDIR "/usr/lib" -/* Define to one if your krb.h doesn't */ -/* #undef KRB_VERIFY_SECURE */ +/* path to libexec */ +#define LIBEXECDIR "/usr/libexec" -/* Define to two if your krb.h doesn't */ -/* #undef KRB_VERIFY_SECURE_FAIL */ +/* path to localstate */ +#define LOCALSTATEDIR "/var/heimdal" /* define if the system is missing a prototype for asnprintf() */ #define NEED_ASNPRINTF_PROTO 1 @@ -1153,6 +1204,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* define if the system is missing a prototype for crypt() */ /* #undef NEED_CRYPT_PROTO */ +/* define if the system is missing a prototype for daemon() */ +#define NEED_DAEMON_PROTO 1 + /* define if the system is missing a prototype for gethostname() */ /* #undef NEED_GETHOSTNAME_PROTO */ @@ -1168,9 +1222,15 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* define if the system is missing a prototype for inet_aton() */ /* #undef NEED_INET_ATON_PROTO */ +/* define if the system is missing a prototype for iruserok() */ +/* #undef NEED_IRUSEROK_PROTO */ + /* define if the system is missing a prototype for mkstemp() */ /* #undef NEED_MKSTEMP_PROTO */ +/* define if the system is missing a prototype for SecKeyGetCSPHandle() */ +/* #undef NEED_SECKEYGETCSPHANDLE_PROTO */ + /* define if the system is missing a prototype for setenv() */ /* #undef NEED_SETENV_PROTO */ @@ -1219,6 +1279,12 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* define if the system is missing a prototype for vsnprintf() */ /* #undef NEED_VSNPRINTF_PROTO */ +/* Define if you don't wan't support for AFS. */ +/* #undef NO_AFS */ + +/* Define to 1 if your C compiler doesn't accept -c and -o together. */ +/* #undef NO_MINUS_C_MINUS_O */ + /* Define if you don't want to use mmap. */ /* #undef NO_MMAP */ @@ -1228,30 +1294,36 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define if you have the openldap package. */ /* #undef OPENLDAP */ +/* Define if you want support for hdb ldap module */ +/* #undef OPENLDAP_MODULE */ + /* define if prototype of openlog is compatible with void openlog(const char *, int, int) */ #define OPENLOG_PROTO_COMPATIBLE 1 /* Define if you want OTP support in applications. */ -/* #undef OTP */ +#define OTP 1 /* Name of package */ #define PACKAGE "heimdal" /* Define to the address where bug reports for this package should be sent. */ -#define PACKAGE_BUGREPORT "heimdal-bugs@pdc.kth.se" +#define PACKAGE_BUGREPORT "heimdal-bugs@h5l.org" /* Define to the full name of this package. */ #define PACKAGE_NAME "Heimdal" /* Define to the full name and version of this package. */ -#define PACKAGE_STRING "Heimdal 0.6.3 (FreeBSD)" +#define PACKAGE_STRING "Heimdal 1.1" /* Define to the one symbol short name of this package. */ #define PACKAGE_TARNAME "heimdal" /* Define to the version of this package. */ -#define PACKAGE_VERSION "0.6.3" +#define PACKAGE_VERSION "1.1" + +/* Define to enable PKINIT. */ +#define PKINIT 1 /* Define if getlogin has POSIX flavour (and not BSD). */ /* #undef POSIX_GETLOGIN */ @@ -1265,12 +1337,21 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define as the return type of signal handlers (`int' or `void'). */ #define RETSIGTYPE void +/* path to sbin */ +#define SBINDIR "/usr/sbin" + +/* Define if you want to use samba socket wrappers. */ +/* #undef SOCKET_WRAPPER_REPLACE */ + /* Define to 1 if you have the ANSI C header files. */ #define STDC_HEADERS 1 /* Define if you have streams ptys. */ /* #undef STREAMSPTY */ +/* path to sysconf */ +#define SYSCONFDIR "/etc" + /* Define to what version of SunOS you are running. */ /* #undef SunOS */ @@ -1281,7 +1362,7 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* #undef TM_IN_SYS_TIME */ /* Version number of package */ -#define VERSION "0.6.3" +#define VERSION "1.1" /* Define if signal handlers return void. */ #define VOID_RETSIGTYPE 1 @@ -1290,7 +1371,7 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* #undef WORDS_BIGENDIAN */ /* Define to 1 if the X Window System is missing or not being used. */ -/* #undef X_DISPLAY_MISSING */ +#define X_DISPLAY_MISSING 1 /* Define to 1 if `lex' declares `yytext' as a `char *' by default, not a `char[]'. */ @@ -1311,14 +1392,16 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define to `int' if <sys/types.h> doesn't define. */ /* #undef gid_t */ -/* Define as `__inline' if that's what the C compiler calls it, or to nothing - if it is not supported. */ +/* Define to `__inline__' or `__inline' if that's what the C compiler + calls it, or to nothing if 'inline' is not supported under any name. */ +#ifndef __cplusplus /* #undef inline */ +#endif /* Define this to what the type mode_t should be. */ /* #undef mode_t */ -/* Define to `long' if <sys/types.h> does not define. */ +/* Define to `long int' if <sys/types.h> does not define. */ /* #undef off_t */ /* Define to `int' if <sys/types.h> does not define. */ @@ -1327,45 +1410,16 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } /* Define this to what the type sig_atomic_t should be. */ /* #undef sig_atomic_t */ -/* Define to `unsigned' if <sys/types.h> does not define. */ +/* Define to `unsigned int' if <sys/types.h> does not define. */ /* #undef size_t */ /* Define to `int' if <sys/types.h> doesn't define. */ /* #undef uid_t */ -#define KRB_PUT_INT(F, T, L, S) krb_put_int((F), (T), (L), (S)) - -#if defined(ENCRYPTION) && !defined(AUTHENTICATION) -#define AUTHENTICATION 1 -#endif - -/* Set this to the default system lead string for telnetd - * can contain %-escapes: %s=sysname, %m=machine, %r=os-release - * %v=os-version, %t=tty, %h=hostname, %d=date and time - */ -/* #undef USE_IM */ - -/* Used with login -p */ -/* #undef LOGIN_ARGS */ - -/* set this to a sensible login */ -#ifndef LOGIN_PATH -#define LOGIN_PATH BINDIR "/login" -#endif - - #ifdef ROKEN_RENAME #include "roken_rename.h" #endif -#ifndef HAVE_KRB_KDCTIMEOFDAY -#define krb_kdctimeofday(X) gettimeofday((X), NULL) -#endif - -#ifndef HAVE_KRB_GET_KDC_TIME_DIFF -#define krb_get_kdc_time_diff() (0) -#endif - #ifdef VOID_RETSIGTYPE #define SIGRETURN(x) return #else @@ -1373,8 +1427,7 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg } #endif #ifdef BROKEN_REALLOC -#define realloc(X, Y) isoc_realloc((X), (Y)) -#define isoc_realloc(X, Y) ((X) ? realloc((X), (Y)) : malloc(Y)) +#define realloc(X, Y) rk_realloc((X), (Y)) #endif @@ -1402,3 +1455,23 @@ struct sockaddr_in; #define __STDC__ 0 #endif + + +#if defined(ENCRYPTION) && !defined(AUTHENTICATION) +#define AUTHENTICATION 1 +#endif + +/* Set this to the default system lead string for telnetd + * can contain %-escapes: %s=sysname, %m=machine, %r=os-release + * %v=os-version, %t=tty, %h=hostname, %d=date and time + */ +/* #undef USE_IM */ + +/* Used with login -p */ +/* #undef LOGIN_ARGS */ + +/* set this to a sensible login */ +#ifndef LOGIN_PATH +#define LOGIN_PATH BINDIR "/login" +#endif + diff --git a/kerberos5/include/crypto-headers.h b/kerberos5/include/crypto-headers.h index b224364..d84a5e4 100644 --- a/kerberos5/include/crypto-headers.h +++ b/kerberos5/include/crypto-headers.h @@ -2,9 +2,17 @@ #ifndef __crypto_headers_h__ #define __crypto_headers_h__ #define OPENSSL_DES_LIBDES_COMPATIBILITY +#include <openssl/evp.h> #include <openssl/des.h> #include <openssl/rc4.h> +#include <openssl/md2.h> #include <openssl/md4.h> #include <openssl/md5.h> #include <openssl/sha.h> +#include <openssl/aes.h> +#include <openssl/ui.h> +#include <openssl/rand.h> +#include <openssl/engine.h> +#include <openssl/pkcs12.h> +#include <openssl/hmac.h> #endif /* __crypto_headers_h__ */ diff --git a/kerberos5/lib/Makefile b/kerberos5/lib/Makefile index 1d07e0b..c629f24 100644 --- a/kerberos5/lib/Makefile +++ b/kerberos5/lib/Makefile @@ -1,6 +1,8 @@ + # $FreeBSD$ -SUBDIR= libasn1 libgssapi libhdb libkadm5clnt libkadm5srv \ - libkafs5 libkrb5 libroken libsl libvers +SUBDIR= libasn1 libgssapi_krb5 libgssapi_ntlm libgssapi_spnego libhdb \ + libheimntlm libhx509 libkadm5clnt libkadm5srv libkafs5 libkrb5 \ + libroken libsl libvers .include <bsd.subdir.mk> diff --git a/kerberos5/lib/Makefile.inc b/kerberos5/lib/Makefile.inc index 441a0ec..dc07383 100644 --- a/kerberos5/lib/Makefile.inc +++ b/kerberos5/lib/Makefile.inc @@ -1,5 +1,5 @@ # $FreeBSD$ -SHLIB_MAJOR?= 9 +SHLIB_MAJOR?= 10 .include "../Makefile.inc" diff --git a/kerberos5/lib/libasn1/Makefile b/kerberos5/lib/libasn1/Makefile index b42f802..4a9c21e 100644 --- a/kerberos5/lib/libasn1/Makefile +++ b/kerberos5/lib/libasn1/Makefile @@ -1,33 +1,247 @@ # $FreeBSD$ LIB= asn1 -INCS= asn1_err.h krb5_asn1.h +INCS= asn1_err.h heim_asn1.h SRCS= asn1_err.c \ asn1_err.h \ der_copy.c \ + der_cmp.c \ der_free.c \ + der_format.c \ der_get.c \ der_length.c \ der_put.c \ - krb5_asn1.h \ + extra.c \ timegm.c \ ${GEN:S/.x$/.c/} CFLAGS+=-I${KRB5DIR}/lib/asn1 -I${KRB5DIR}/lib/roken -I. -GEN= asn1_APOptions.x \ +GEN_RFC2459 = \ + asn1_Version.x \ + asn1_id_pkcs_1.x \ + asn1_id_pkcs1_rsaEncryption.x \ + asn1_id_pkcs1_md2WithRSAEncryption.x \ + asn1_id_pkcs1_md5WithRSAEncryption.x \ + asn1_id_pkcs1_sha1WithRSAEncryption.x \ + asn1_id_pkcs1_sha256WithRSAEncryption.x \ + asn1_id_pkcs1_sha384WithRSAEncryption.x \ + asn1_id_pkcs1_sha512WithRSAEncryption.x \ + asn1_id_heim_rsa_pkcs1_x509.x \ + asn1_id_pkcs_2.x \ + asn1_id_pkcs2_md2.x \ + asn1_id_pkcs2_md4.x \ + asn1_id_pkcs2_md5.x \ + asn1_id_rsa_digestAlgorithm.x \ + asn1_id_rsa_digest_md2.x \ + asn1_id_rsa_digest_md4.x \ + asn1_id_rsa_digest_md5.x \ + asn1_id_pkcs_3.x \ + asn1_id_pkcs3_rc2_cbc.x \ + asn1_id_pkcs3_rc4.x \ + asn1_id_pkcs3_des_ede3_cbc.x \ + asn1_id_rsadsi_encalg.x \ + asn1_id_rsadsi_rc2_cbc.x \ + asn1_id_rsadsi_des_ede3_cbc.x \ + asn1_id_secsig_sha_1.x \ + asn1_id_nistAlgorithm.x \ + asn1_id_nist_aes_algs.x \ + asn1_id_aes_128_cbc.x \ + asn1_id_aes_192_cbc.x \ + asn1_id_aes_256_cbc.x \ + asn1_id_nist_sha_algs.x \ + asn1_id_sha256.x \ + asn1_id_sha224.x \ + asn1_id_sha384.x \ + asn1_id_sha512.x \ + asn1_id_dhpublicnumber.x \ + asn1_id_x9_57.x \ + asn1_id_dsa.x \ + asn1_id_dsa_with_sha1.x \ + asn1_id_x520_at.x \ + asn1_id_at_commonName.x \ + asn1_id_at_surname.x \ + asn1_id_at_serialNumber.x \ + asn1_id_at_countryName.x \ + asn1_id_at_localityName.x \ + asn1_id_at_streetAddress.x \ + asn1_id_at_stateOrProvinceName.x \ + asn1_id_at_organizationName.x \ + asn1_id_at_organizationalUnitName.x \ + asn1_id_at_name.x \ + asn1_id_at_givenName.x \ + asn1_id_at_initials.x \ + asn1_id_at_generationQualifier.x \ + asn1_id_at_pseudonym.x \ + asn1_id_Userid.x \ + asn1_id_domainComponent.x \ + asn1_id_x509_ce.x \ + asn1_id_uspkicommon_card_id.x \ + asn1_id_uspkicommon_piv_interim.x \ + asn1_id_netscape.x \ + asn1_id_netscape_cert_comment.x \ + asn1_id_ms_cert_enroll_domaincontroller.x \ + asn1_id_ms_client_authentication.x \ + asn1_AlgorithmIdentifier.x \ + asn1_AttributeType.x \ + asn1_AttributeValue.x \ + asn1_TeletexStringx.x \ + asn1_DirectoryString.x \ + asn1_Attribute.x \ + asn1_AttributeTypeAndValue.x \ + asn1_AuthorityInfoAccessSyntax.x \ + asn1_AccessDescription.x \ + asn1_RelativeDistinguishedName.x \ + asn1_RDNSequence.x \ + asn1_Name.x \ + asn1_CertificateSerialNumber.x \ + asn1_Time.x \ + asn1_Validity.x \ + asn1_UniqueIdentifier.x \ + asn1_SubjectPublicKeyInfo.x \ + asn1_Extension.x \ + asn1_Extensions.x \ + asn1_TBSCertificate.x \ + asn1_Certificate.x \ + asn1_Certificates.x \ + asn1_ValidationParms.x \ + asn1_DomainParameters.x \ + asn1_DHPublicKey.x \ + asn1_OtherName.x \ + asn1_GeneralName.x \ + asn1_GeneralNames.x \ + asn1_id_x509_ce_keyUsage.x \ + asn1_KeyUsage.x \ + asn1_id_x509_ce_authorityKeyIdentifier.x \ + asn1_KeyIdentifier.x \ + asn1_AuthorityKeyIdentifier.x \ + asn1_id_x509_ce_subjectKeyIdentifier.x \ + asn1_SubjectKeyIdentifier.x \ + asn1_id_x509_ce_basicConstraints.x \ + asn1_BasicConstraints.x \ + asn1_id_x509_ce_nameConstraints.x \ + asn1_BaseDistance.x \ + asn1_GeneralSubtree.x \ + asn1_GeneralSubtrees.x \ + asn1_NameConstraints.x \ + asn1_id_x509_ce_privateKeyUsagePeriod.x \ + asn1_id_x509_ce_certificatePolicies.x \ + asn1_id_x509_ce_policyMappings.x \ + asn1_id_x509_ce_subjectAltName.x \ + asn1_id_x509_ce_issuerAltName.x \ + asn1_id_x509_ce_subjectDirectoryAttributes.x \ + asn1_id_x509_ce_policyConstraints.x \ + asn1_id_x509_ce_extKeyUsage.x \ + asn1_ExtKeyUsage.x \ + asn1_id_x509_ce_cRLDistributionPoints.x \ + asn1_id_x509_ce_deltaCRLIndicator.x \ + asn1_id_x509_ce_issuingDistributionPoint.x \ + asn1_id_x509_ce_holdInstructionCode.x \ + asn1_id_x509_ce_invalidityDate.x \ + asn1_id_x509_ce_certificateIssuer.x \ + asn1_id_x509_ce_inhibitAnyPolicy.x \ + asn1_DistributionPointReasonFlags.x \ + asn1_DistributionPointName.x \ + asn1_DistributionPoint.x \ + asn1_CRLDistributionPoints.x \ + asn1_DSASigValue.x \ + asn1_DSAPublicKey.x \ + asn1_DSAParams.x \ + asn1_RSAPublicKey.x \ + asn1_RSAPrivateKey.x \ + asn1_DigestInfo.x \ + asn1_TBSCRLCertList.x \ + asn1_CRLCertificateList.x \ + asn1_id_x509_ce_cRLNumber.x \ + asn1_id_x509_ce_freshestCRL.x \ + asn1_id_x509_ce_cRLReason.x \ + asn1_CRLReason.x \ + asn1_PKIXXmppAddr.x \ + asn1_id_pkix.x \ + asn1_id_pkix_on.x \ + asn1_id_pkix_on_dnsSRV.x \ + asn1_id_pkix_on_xmppAddr.x \ + asn1_id_pkix_kp.x \ + asn1_id_pkix_kp_serverAuth.x \ + asn1_id_pkix_kp_clientAuth.x \ + asn1_id_pkix_kp_emailProtection.x \ + asn1_id_pkix_kp_timeStamping.x \ + asn1_id_pkix_kp_OCSPSigning.x \ + asn1_id_pkix_pe.x \ + asn1_id_pkix_pe_authorityInfoAccess.x \ + asn1_id_pkix_pe_proxyCertInfo.x \ + asn1_id_pkix_ppl.x \ + asn1_id_pkix_ppl_anyLanguage.x \ + asn1_id_pkix_ppl_inheritAll.x \ + asn1_id_pkix_ppl_independent.x \ + asn1_ProxyPolicy.x \ + asn1_ProxyCertInfo.x + +GEN_CMS = \ + asn1_CMSAttributes.x \ + asn1_CMSCBCParameter.x \ + asn1_CMSEncryptedData.x \ + asn1_CMSIdentifier.x \ + asn1_CMSRC2CBCParameter.x \ + asn1_CMSVersion.x \ + asn1_CertificateList.x \ + asn1_CertificateRevocationLists.x \ + asn1_CertificateSet.x \ + asn1_ContentEncryptionAlgorithmIdentifier.x \ + asn1_ContentInfo.x \ + asn1_ContentType.x \ + asn1_DigestAlgorithmIdentifier.x \ + asn1_DigestAlgorithmIdentifiers.x \ + asn1_EncapsulatedContentInfo.x \ + asn1_EncryptedContent.x \ + asn1_EncryptedContentInfo.x \ + asn1_EncryptedKey.x \ + asn1_EnvelopedData.x \ + asn1_IssuerAndSerialNumber.x \ + asn1_KeyEncryptionAlgorithmIdentifier.x \ + asn1_KeyTransRecipientInfo.x \ + asn1_MessageDigest.x \ + asn1_OriginatorInfo.x \ + asn1_RecipientIdentifier.x \ + asn1_RecipientInfo.x \ + asn1_RecipientInfos.x \ + asn1_SignatureAlgorithmIdentifier.x \ + asn1_SignatureValue.x \ + asn1_SignedData.x \ + asn1_SignerIdentifier.x \ + asn1_SignerInfo.x \ + asn1_SignerInfos.x \ + asn1_id_pkcs7.x \ + asn1_id_pkcs7_data.x \ + asn1_id_pkcs7_digestedData.x \ + asn1_id_pkcs7_encryptedData.x \ + asn1_id_pkcs7_envelopedData.x \ + asn1_id_pkcs7_signedAndEnvelopedData.x \ + asn1_id_pkcs7_signedData.x \ + asn1_UnprotectedAttributes.x + +GEN_K5= asn1_AD_AND_OR.x \ + asn1_AD_IF_RELEVANT.x \ + asn1_AD_KDCIssued.x \ + asn1_AD_MANDATORY_FOR_KDC.x \ + asn1_AD_LoginAlias.x \ + asn1_APOptions.x \ asn1_AP_REP.x \ asn1_AP_REQ.x \ asn1_AS_REP.x \ asn1_AS_REQ.x \ + asn1_AUTHDATA_TYPE.x \ asn1_Authenticator.x \ asn1_AuthorizationData.x \ + asn1_AuthorizationDataElement.x \ asn1_CKSUMTYPE.x \ - asn1_Checksum.x \ asn1_ChangePasswdDataMS.x \ + asn1_Checksum.x \ asn1_ENCTYPE.x \ asn1_ETYPE_INFO.x \ + asn1_ETYPE_INFO2.x \ + asn1_ETYPE_INFO2_ENTRY.x \ asn1_ETYPE_INFO_ENTRY.x \ asn1_EncAPRepPart.x \ asn1_EncASRepPart.x \ @@ -38,6 +252,7 @@ GEN= asn1_APOptions.x \ asn1_EncTicketPart.x \ asn1_EncryptedData.x \ asn1_EncryptionKey.x \ + asn1_EtypeList.x \ asn1_HostAddress.x \ asn1_HostAddresses.x \ asn1_KDCOptions.x \ @@ -49,6 +264,7 @@ GEN= asn1_APOptions.x \ asn1_KRB_PRIV.x \ asn1_KRB_SAFE.x \ asn1_KRB_SAFE_BODY.x \ + asn1_KerberosString.x \ asn1_KerberosTime.x \ asn1_KrbCredInfo.x \ asn1_LR_TYPE.x \ @@ -58,22 +274,199 @@ GEN= asn1_APOptions.x \ asn1_NAME_TYPE.x \ asn1_PADATA_TYPE.x \ asn1_PA_DATA.x \ + asn1_PA_ENC_SAM_RESPONSE_ENC.x \ asn1_PA_ENC_TS_ENC.x \ + asn1_PA_PAC_REQUEST.x \ + asn1_PA_S4U2Self.x \ + asn1_PA_SAM_CHALLENGE_2.x \ + asn1_PA_SAM_CHALLENGE_2_BODY.x \ + asn1_PA_SAM_REDIRECT.x \ + asn1_PA_SAM_RESPONSE_2.x \ + asn1_PA_SAM_TYPE.x \ + asn1_PA_ClientCanonicalized.x \ + asn1_PA_ClientCanonicalizedNames.x \ + asn1_PA_SvrReferralData.x \ + asn1_PROV_SRV_LOCATION.x \ asn1_Principal.x \ asn1_PrincipalName.x \ asn1_Realm.x \ + asn1_SAMFlags.x \ asn1_TGS_REP.x \ asn1_TGS_REQ.x \ + asn1_TYPED_DATA.x \ asn1_Ticket.x \ asn1_TicketFlags.x \ asn1_TransitedEncoding.x \ - asn1_UNSIGNED.x + asn1_TypedData.x \ + asn1_krb5int32.x \ + asn1_krb5uint32.x \ + asn1_KRB5SignedPathData.x \ + asn1_KRB5SignedPathPrincipals.x \ + asn1_KRB5SignedPath.x + +GEN_PKINIT = \ + asn1_id_pkinit.x \ + asn1_id_pkauthdata.x \ + asn1_id_pkdhkeydata.x \ + asn1_id_pkrkeydata.x \ + asn1_id_pkekuoid.x \ + asn1_id_pkkdcekuoid.x \ + asn1_id_pkinit_san.x \ + asn1_id_pkinit_ms_eku.x \ + asn1_id_pkinit_ms_san.x \ + asn1_MS_UPN_SAN.x \ + asn1_DHNonce.x \ + asn1_KDFAlgorithmId.x \ + asn1_TrustedCA.x \ + asn1_ExternalPrincipalIdentifier.x \ + asn1_ExternalPrincipalIdentifiers.x \ + asn1_PA_PK_AS_REQ.x \ + asn1_PKAuthenticator.x \ + asn1_AuthPack.x \ + asn1_TD_TRUSTED_CERTIFIERS.x \ + asn1_TD_INVALID_CERTIFICATES.x \ + asn1_KRB5PrincipalName.x \ + asn1_AD_INITIAL_VERIFIED_CAS.x \ + asn1_DHRepInfo.x \ + asn1_PA_PK_AS_REP.x \ + asn1_KDCDHKeyInfo.x \ + asn1_ReplyKeyPack.x \ + asn1_TD_DH_PARAMETERS.x \ + asn1_PKAuthenticator_Win2k.x \ + asn1_AuthPack_Win2k.x \ + asn1_TrustedCA_Win2k.x \ + asn1_PA_PK_AS_REQ_Win2k.x \ + asn1_PA_PK_AS_REP_Win2k.x \ + asn1_KDCDHKeyInfo_Win2k.x \ + asn1_ReplyKeyPack_Win2k.x \ + asn1_PkinitSuppPubInfo.x + +GEN_PKCS8 = \ + asn1_PKCS8PrivateKeyAlgorithmIdentifier.x \ + asn1_PKCS8PrivateKey.x \ + asn1_PKCS8PrivateKeyInfo.x \ + asn1_PKCS8Attributes.x \ + asn1_PKCS8EncryptedPrivateKeyInfo.x \ + asn1_PKCS8EncryptedData.x + +GEN_PKCS9 = \ + asn1_id_pkcs_9.x \ + asn1_id_pkcs9_contentType.x \ + asn1_id_pkcs9_emailAddress.x \ + asn1_id_pkcs9_messageDigest.x \ + asn1_id_pkcs9_signingTime.x \ + asn1_id_pkcs9_countersignature.x \ + asn1_id_pkcs_9_at_friendlyName.x \ + asn1_id_pkcs_9_at_localKeyId.x \ + asn1_id_pkcs_9_at_certTypes.x \ + asn1_id_pkcs_9_at_certTypes_x509.x \ + asn1_PKCS9_BMPString.x \ + asn1_PKCS9_friendlyName.x + +GEN_PKCS12 = \ + asn1_id_pkcs_12.x \ + asn1_id_pkcs_12PbeIds.x \ + asn1_id_pbeWithSHAAnd128BitRC4.x \ + asn1_id_pbeWithSHAAnd40BitRC4.x \ + asn1_id_pbeWithSHAAnd3_KeyTripleDES_CBC.x \ + asn1_id_pbeWithSHAAnd2_KeyTripleDES_CBC.x \ + asn1_id_pbeWithSHAAnd128BitRC2_CBC.x \ + asn1_id_pbewithSHAAnd40BitRC2_CBC.x \ + asn1_id_pkcs12_bagtypes.x \ + asn1_id_pkcs12_keyBag.x \ + asn1_id_pkcs12_pkcs8ShroudedKeyBag.x \ + asn1_id_pkcs12_certBag.x \ + asn1_id_pkcs12_crlBag.x \ + asn1_id_pkcs12_secretBag.x \ + asn1_id_pkcs12_safeContentsBag.x \ + asn1_PKCS12_MacData.x \ + asn1_PKCS12_PFX.x \ + asn1_PKCS12_AuthenticatedSafe.x \ + asn1_PKCS12_CertBag.x \ + asn1_PKCS12_Attribute.x \ + asn1_PKCS12_Attributes.x \ + asn1_PKCS12_SafeBag.x \ + asn1_PKCS12_SafeContents.x \ + asn1_PKCS12_OctetString.x \ + asn1_PKCS12_PBEParams.x + +GEN_DIGEST= asn1_DigestError.x \ + asn1_DigestInit.x \ + asn1_DigestInitReply.x \ + asn1_DigestREP.x \ + asn1_DigestREQ.x \ + asn1_DigestRepInner.x \ + asn1_DigestReqInner.x \ + asn1_DigestRequest.x \ + asn1_DigestResponse.x \ + asn1_DigestTypes.x \ + asn1_NTLMInit.x \ + asn1_NTLMInitReply.x \ + asn1_NTLMRequest.x \ + asn1_NTLMResponse.x + +GEN_KX509 = \ + asn1_Kx509Response.x \ + asn1_Kx509Request.x + +GEN+= ${GEN_RFC2459} +GEN+= ${GEN_CMS} +GEN+= ${GEN_K5} +GEN+= ${GEN_PKINIT} +GEN+= ${GEN_PKCS8} +GEN+= ${GEN_PKCS9} +GEN+= ${GEN_PKCS12} +GEN+= ${GEN_DIGEST} +GEN+= ${GEN_KX509} + +CLEANFILES= ${GEN} ${GEN:S/.x$/.c/} *_asn1_files + +GEN_ASN1=cms_asn1.h rfc2459_asn1.h krb5_asn1.h pkinit_asn1.h +GEN_ASN1+=pkcs8_asn1.h pkcs9_asn1.h pkcs12_asn1.h digest_asn1.h kx509_asn1.h +SRCS+= ${GEN_ASN1} +INCS+= ${GEN_ASN1} +CLEANFILES+=${GEN_ASN1} + +.ORDER: ${GEN} ${GEN_ASN1} + +${GEN_CMS} cms_asn1.h: CMS.asn1 ../../tools/asn1_compile/asn1_compile + ../../tools/asn1_compile/asn1_compile ${.ALLSRC:M*.asn1} cms_asn1 + +${GEN_RFC2459} rfc2459_asn1.h: rfc2459.asn1 ../../tools/asn1_compile/asn1_compile + ../../tools/asn1_compile/asn1_compile \ + --preserve-binary=TBSCertificate \ + --preserve-binary=TBSCRLCertList \ + --preserve-binary=Name \ + --sequence=GeneralNames \ + --sequence=Extensions \ + --sequence=CRLDistributionPoints ${.ALLSRC:M*.asn1} rfc2459_asn1 + +${GEN_K5} krb5_asn1.h: k5.asn1 ../../tools/asn1_compile/asn1_compile + ../../tools/asn1_compile/asn1_compile \ + --encode-rfc1510-bit-string \ + --sequence=KRB5SignedPathPrincipals \ + --sequence=AuthorizationData \ + --sequence=METHOD-DATA \ + --sequence=ETYPE-INFO \ + --sequence=ETYPE-INFO2 ${.ALLSRC:M*.asn1} krb5_asn1 + +${GEN_PKINIT} pkinit_asn1.h: pkinit.asn1 ../../tools/asn1_compile/asn1_compile + ../../tools/asn1_compile/asn1_compile ${.ALLSRC:M*.asn1} pkinit_asn1 + +${GEN_PKCS8} pkcs8_asn1.h: pkcs8.asn1 ../../tools/asn1_compile/asn1_compile + ../../tools/asn1_compile/asn1_compile ${.ALLSRC:M*.asn1} pkcs8_asn1 + +${GEN_PKCS9} pkcs9_asn1.h: pkcs9.asn1 ../../tools/asn1_compile/asn1_compile + ../../tools/asn1_compile/asn1_compile ${.ALLSRC:M*.asn1} pkcs9_asn1 + +${GEN_PKCS12} pkcs12_asn1.h: pkcs12.asn1 ../../tools/asn1_compile/asn1_compile + ../../tools/asn1_compile/asn1_compile ${.ALLSRC:M*.asn1} pkcs12_asn1 -CLEANFILES= ${GEN} ${GEN:S/.x$/.c/} krb5_asn1.h asn1_files +${GEN_DIGEST} digest_asn1.h: digest.asn1 ../../tools/asn1_compile/asn1_compile + ../../tools/asn1_compile/asn1_compile ${.ALLSRC:M*.asn1} digest_asn1 -.ORDER: ${GEN} krb5_asn1.h -${GEN} krb5_asn1.h: k5.asn1 ../../tools/asn1_compile/asn1_compile - ../../tools/asn1_compile/asn1_compile ${.ALLSRC:M*.asn1} krb5_asn1 +${GEN_KX509} kx509_asn1.h: kx509.asn1 ../../tools/asn1_compile/asn1_compile + ../../tools/asn1_compile/asn1_compile ${.ALLSRC:M*.asn1} kx509_asn1 ../../tools/asn1_compile/asn1_compile: cd ${.CURDIR}/../../tools/asn1_compile && ${MAKE} diff --git a/kerberos5/lib/libgssapi/Makefile b/kerberos5/lib/libgssapi/Makefile deleted file mode 100644 index 518b445..0000000 --- a/kerberos5/lib/libgssapi/Makefile +++ /dev/null @@ -1,58 +0,0 @@ -# $FreeBSD$ - -LIB= gssapi_krb5 -LDFLAGS= -Wl,-Bsymbolic -LDADD= -lkrb5 -lcrypto -lroken -lasn1 -lcom_err -lcrypt -DPADD= ${LIBKRB5} ${LIBCRYPTO} ${LIBROKEN} ${LIBASN1} ${LIBCOM_ERR} \ - ${LIBCRYPT} - -SRCS= 8003.c \ - accept_sec_context.c \ - acquire_cred.c \ - add_cred.c \ - add_oid_set_member.c \ - address_to_krb5addr.c \ - arcfour.c \ - canonicalize_name.c \ - compare_name.c \ - compat.c \ - context_time.c \ - copy_ccache.c \ - create_emtpy_oid_set.c \ - decapsulate.c \ - delete_sec_context.c \ - display_name.c \ - display_status.c \ - duplicate_name.c \ - encapsulate.c \ - export_name.c \ - export_sec_context.c \ - external.c \ - get_mic.c \ - import_name.c \ - import_sec_context.c \ - indicate_mechs.c \ - init.c \ - init_sec_context.c \ - inquire_context.c \ - inquire_cred.c \ - inquire_cred_by_mech.c \ - inquire_mechs_for_name.c \ - inquire_names_for_mech.c \ - process_context_token.c \ - release_buffer.c \ - release_cred.c \ - release_name.c \ - release_oid_set.c \ - test_oid_set_member.c \ - unwrap.c \ - v1.c \ - verify_mic.c \ - wrap.c - -CFLAGS+=-I${KRB5DIR}/lib/gssapi -I${KRB5DIR}/lib/krb5 \ - -I${KRB5DIR}/lib/asn1 -I${KRB5DIR}/lib/roken -I. - -.include <bsd.lib.mk> - -.PATH: ${KRB5DIR}/lib/gssapi diff --git a/kerberos5/lib/libgssapi_krb5/Makefile b/kerberos5/lib/libgssapi_krb5/Makefile new file mode 100644 index 0000000..b866d1b --- /dev/null +++ b/kerberos5/lib/libgssapi_krb5/Makefile @@ -0,0 +1,79 @@ +# $FreeBSD$ + +LIB= gssapi_krb5 +LDFLAGS= -Wl,-Bsymbolic +LDADD= -lkrb5 -lhx509 -lcrypto -lroken -lasn1 -lcom_err -lcrypt +DPADD= ${LIBKRB5} ${LIBHX509} ${LIBCRYPTO} ${LIBROKEN} ${LIBASN1} \ + ${LIBCOM_ERR} ${LIBCRYPT} + +INCS= ${KRB5DIR}/lib/gssapi/gssapi/gssapi_krb5.h +INCSDIR= ${INCLUDEDIR}/gssapi + +SRCS= 8003.c \ + accept_sec_context.c \ + acquire_cred.c \ + add_cred.c \ + address_to_krb5addr.c \ + arcfour.c \ + canonicalize_name.c \ + ccache_name.c \ + cfx.c \ + compare_name.c \ + compat.c \ + context_time.c \ + copy_ccache.c \ + decapsulate.c \ + delete_sec_context.c \ + display_name.c \ + display_status.c \ + duplicate_name.c \ + encapsulate.c \ + export_name.c \ + export_sec_context.c \ + external.c \ + get_mic.c \ + gkrb5_err.c \ + gkrb5_err.h \ + import_name.c \ + import_sec_context.c \ + indicate_mechs.c \ + init.c \ + init_sec_context.c \ + inquire_context.c \ + inquire_cred.c \ + inquire_cred_by_mech.c \ + inquire_cred_by_oid.c \ + inquire_mechs_for_name.c \ + inquire_names_for_mech.c \ + inquire_sec_context_by_oid.c \ + prefix.c \ + prf.c \ + process_context_token.c \ + release_buffer.c \ + release_cred.c \ + release_name.c \ + sequence.c \ + set_cred_option.c \ + set_sec_context_option.c \ + unwrap.c \ + v1.c \ + verify_mic.c \ + wrap.c \ + gss_krb5.c + +#SRCS+= gss_add_oid_set_member.c \ +# gss_create_empty_oid_set.c \ +# gss_release_buffer.c \ +# gss_release_oid_set.c \ +# gss_test_oid_set_member.c \ +# gss_utils.c + +CFLAGS+=-I${KRB5DIR}/lib/gssapi +CFLAGS+=-I${KRB5DIR}/lib/gssapi/krb5 +CFLAGS+=-I${KRB5DIR}/lib/krb5 +CFLAGS+=-I${KRB5DIR}/lib/asn1 +CFLAGS+=-I${KRB5DIR}/lib/roken -I. + +.include <bsd.lib.mk> + +.PATH: ${KRB5DIR}/lib/gssapi/krb5 ${.CURDIR}/../../../lib/libgssapi diff --git a/kerberos5/lib/libgssapi_krb5/gss_krb5.c b/kerberos5/lib/libgssapi_krb5/gss_krb5.c new file mode 100644 index 0000000..308efd7 --- /dev/null +++ b/kerberos5/lib/libgssapi_krb5/gss_krb5.c @@ -0,0 +1,831 @@ +/*- + * Copyright (c) 2005 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#include <gssapi/gssapi.h> +#include <gssapi/gssapi_krb5.h> + +/* RCSID("$Id: gss_krb5.c 21889 2007-08-09 07:43:24Z lha $"); */ + +#include <krb5.h> +#include <roken.h> + +OM_uint32 +gss_krb5_copy_ccache(OM_uint32 *minor_status, + gss_cred_id_t cred, + krb5_ccache out) +{ + gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET; + krb5_context context; + krb5_error_code kret; + krb5_ccache id; + OM_uint32 ret; + char *str; + + ret = gss_inquire_cred_by_oid(minor_status, + cred, + GSS_KRB5_COPY_CCACHE_X, + &data_set); + if (ret) + return ret; + + if (data_set == GSS_C_NO_BUFFER_SET || data_set->count != 1) { + gss_release_buffer_set(minor_status, &data_set); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + kret = krb5_init_context(&context); + if (kret) { + *minor_status = kret; + gss_release_buffer_set(minor_status, &data_set); + return GSS_S_FAILURE; + } + + kret = asprintf(&str, "%.*s", (int)data_set->elements[0].length, + (char *)data_set->elements[0].value); + gss_release_buffer_set(minor_status, &data_set); + if (kret == -1) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + kret = krb5_cc_resolve(context, str, &id); + free(str); + if (kret) { + *minor_status = kret; + return GSS_S_FAILURE; + } + + kret = krb5_cc_copy_cache(context, id, out); + krb5_cc_close(context, id); + krb5_free_context(context); + if (kret) { + *minor_status = kret; + return GSS_S_FAILURE; + } + + return ret; +} + +OM_uint32 +gss_krb5_import_cred(OM_uint32 *minor_status, + krb5_ccache id, + krb5_principal keytab_principal, + krb5_keytab keytab, + gss_cred_id_t *cred) +{ + gss_buffer_desc buffer; + OM_uint32 major_status; + krb5_context context; + krb5_error_code ret; + krb5_storage *sp; + krb5_data data; + char *str; + + *cred = GSS_C_NO_CREDENTIAL; + + ret = krb5_init_context(&context); + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + + sp = krb5_storage_emem(); + if (sp == NULL) { + *minor_status = ENOMEM; + major_status = GSS_S_FAILURE; + goto out; + } + + if (id) { + ret = krb5_cc_get_full_name(context, id, &str); + if (ret == 0) { + ret = krb5_store_string(sp, str); + free(str); + } + } else + ret = krb5_store_string(sp, ""); + if (ret) { + *minor_status = ret; + major_status = GSS_S_FAILURE; + goto out; + } + + if (keytab_principal) { + ret = krb5_unparse_name(context, keytab_principal, &str); + if (ret == 0) { + ret = krb5_store_string(sp, str); + free(str); + } + } else + krb5_store_string(sp, ""); + if (ret) { + *minor_status = ret; + major_status = GSS_S_FAILURE; + goto out; + } + + + if (keytab) { + ret = krb5_kt_get_full_name(context, keytab, &str); + if (ret == 0) { + ret = krb5_store_string(sp, str); + free(str); + } + } else + krb5_store_string(sp, ""); + if (ret) { + *minor_status = ret; + major_status = GSS_S_FAILURE; + goto out; + } + + ret = krb5_storage_to_data(sp, &data); + if (ret) { + *minor_status = ret; + major_status = GSS_S_FAILURE; + goto out; + } + + buffer.value = data.data; + buffer.length = data.length; + + major_status = gss_set_cred_option(minor_status, + cred, + GSS_KRB5_IMPORT_CRED_X, + &buffer); + krb5_data_free(&data); +out: + if (sp) + krb5_storage_free(sp); + krb5_free_context(context); + return major_status; +} + +OM_uint32 +gsskrb5_register_acceptor_identity(const char *identity) +{ + gss_buffer_desc buffer; + OM_uint32 junk; + + buffer.value = rk_UNCONST(identity); + buffer.length = strlen(identity); + + gss_set_sec_context_option(&junk, NULL, + GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X, &buffer); + + return (GSS_S_COMPLETE); +} + +OM_uint32 +gsskrb5_set_dns_canonicalize(int flag) +{ + gss_buffer_desc buffer; + OM_uint32 junk; + char b = (flag != 0); + + buffer.value = &b; + buffer.length = sizeof(b); + + gss_set_sec_context_option(&junk, NULL, + GSS_KRB5_SET_DNS_CANONICALIZE_X, &buffer); + + return (GSS_S_COMPLETE); +} + + + +static krb5_error_code +set_key(krb5_keyblock *keyblock, gss_krb5_lucid_key_t *key) +{ + key->type = keyblock->keytype; + key->length = keyblock->keyvalue.length; + key->data = malloc(key->length); + if (key->data == NULL && key->length != 0) + return ENOMEM; + memcpy(key->data, keyblock->keyvalue.data, key->length); + return 0; +} + +static void +free_key(gss_krb5_lucid_key_t *key) +{ + memset(key->data, 0, key->length); + free(key->data); + memset(key, 0, sizeof(*key)); +} + +OM_uint32 +gss_krb5_export_lucid_sec_context(OM_uint32 *minor_status, + gss_ctx_id_t *context_handle, + OM_uint32 version, + void **rctx) +{ + krb5_context context = NULL; + krb5_error_code ret; + gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET; + OM_uint32 major_status; + gss_krb5_lucid_context_v1_t *ctx = NULL; + krb5_storage *sp = NULL; + uint32_t num; + + if (context_handle == NULL + || *context_handle == GSS_C_NO_CONTEXT + || version != 1) + { + ret = EINVAL; + return GSS_S_FAILURE; + } + + major_status = + gss_inquire_sec_context_by_oid (minor_status, + *context_handle, + GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X, + &data_set); + if (major_status) + return major_status; + + if (data_set == GSS_C_NO_BUFFER_SET || data_set->count != 1) { + gss_release_buffer_set(minor_status, &data_set); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + ret = krb5_init_context(&context); + if (ret) + goto out; + + ctx = calloc(1, sizeof(*ctx)); + if (ctx == NULL) { + ret = ENOMEM; + goto out; + } + + sp = krb5_storage_from_mem(data_set->elements[0].value, + data_set->elements[0].length); + if (sp == NULL) { + ret = ENOMEM; + goto out; + } + + ret = krb5_ret_uint32(sp, &num); + if (ret) goto out; + if (num != 1) { + ret = EINVAL; + goto out; + } + ctx->version = 1; + /* initiator */ + ret = krb5_ret_uint32(sp, &ctx->initiate); + if (ret) goto out; + /* endtime */ + ret = krb5_ret_uint32(sp, &ctx->endtime); + if (ret) goto out; + /* send_seq */ + ret = krb5_ret_uint32(sp, &num); + if (ret) goto out; + ctx->send_seq = ((uint64_t)num) << 32; + ret = krb5_ret_uint32(sp, &num); + if (ret) goto out; + ctx->send_seq |= num; + /* recv_seq */ + ret = krb5_ret_uint32(sp, &num); + if (ret) goto out; + ctx->recv_seq = ((uint64_t)num) << 32; + ret = krb5_ret_uint32(sp, &num); + if (ret) goto out; + ctx->recv_seq |= num; + /* protocol */ + ret = krb5_ret_uint32(sp, &ctx->protocol); + if (ret) goto out; + if (ctx->protocol == 0) { + krb5_keyblock key; + + /* sign_alg */ + ret = krb5_ret_uint32(sp, &ctx->rfc1964_kd.sign_alg); + if (ret) goto out; + /* seal_alg */ + ret = krb5_ret_uint32(sp, &ctx->rfc1964_kd.seal_alg); + if (ret) goto out; + /* ctx_key */ + ret = krb5_ret_keyblock(sp, &key); + if (ret) goto out; + ret = set_key(&key, &ctx->rfc1964_kd.ctx_key); + krb5_free_keyblock_contents(context, &key); + if (ret) goto out; + } else if (ctx->protocol == 1) { + krb5_keyblock key; + + /* acceptor_subkey */ + ret = krb5_ret_uint32(sp, &ctx->cfx_kd.have_acceptor_subkey); + if (ret) goto out; + /* ctx_key */ + ret = krb5_ret_keyblock(sp, &key); + if (ret) goto out; + ret = set_key(&key, &ctx->cfx_kd.ctx_key); + krb5_free_keyblock_contents(context, &key); + if (ret) goto out; + /* acceptor_subkey */ + if (ctx->cfx_kd.have_acceptor_subkey) { + ret = krb5_ret_keyblock(sp, &key); + if (ret) goto out; + ret = set_key(&key, &ctx->cfx_kd.acceptor_subkey); + krb5_free_keyblock_contents(context, &key); + if (ret) goto out; + } + } else { + ret = EINVAL; + goto out; + } + + *rctx = ctx; + +out: + gss_release_buffer_set(minor_status, &data_set); + if (sp) + krb5_storage_free(sp); + if (context) + krb5_free_context(context); + + if (ret) { + if (ctx) + gss_krb5_free_lucid_sec_context(NULL, ctx); + + *minor_status = ret; + return GSS_S_FAILURE; + } + *minor_status = 0; + return GSS_S_COMPLETE; +} + +OM_uint32 +gss_krb5_free_lucid_sec_context(OM_uint32 *minor_status, void *c) +{ + gss_krb5_lucid_context_v1_t *ctx = c; + + if (ctx->version != 1) { + if (minor_status) + *minor_status = 0; + return GSS_S_FAILURE; + } + + if (ctx->protocol == 0) { + free_key(&ctx->rfc1964_kd.ctx_key); + } else if (ctx->protocol == 1) { + free_key(&ctx->cfx_kd.ctx_key); + if (ctx->cfx_kd.have_acceptor_subkey) + free_key(&ctx->cfx_kd.acceptor_subkey); + } + free(ctx); + if (minor_status) + *minor_status = 0; + return GSS_S_COMPLETE; +} + +/* + * + */ + +OM_uint32 +gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status, + gss_cred_id_t cred, + OM_uint32 num_enctypes, + int32_t *enctypes) +{ + krb5_error_code ret; + OM_uint32 maj_status; + gss_buffer_desc buffer; + krb5_storage *sp; + krb5_data data; + int i; + + sp = krb5_storage_emem(); + if (sp == NULL) { + *minor_status = ENOMEM; + maj_status = GSS_S_FAILURE; + goto out; + } + + for (i = 0; i < num_enctypes; i++) { + ret = krb5_store_int32(sp, enctypes[i]); + if (ret) { + *minor_status = ret; + maj_status = GSS_S_FAILURE; + goto out; + } + } + + ret = krb5_storage_to_data(sp, &data); + if (ret) { + *minor_status = ret; + maj_status = GSS_S_FAILURE; + goto out; + } + + buffer.value = data.data; + buffer.length = data.length; + + maj_status = gss_set_cred_option(minor_status, + &cred, + GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X, + &buffer); + krb5_data_free(&data); +out: + if (sp) + krb5_storage_free(sp); + return maj_status; +} + +/* + * + */ + +OM_uint32 +gsskrb5_set_send_to_kdc(struct gsskrb5_send_to_kdc *c) +{ + gss_buffer_desc buffer; + OM_uint32 junk; + + if (c) { + buffer.value = c; + buffer.length = sizeof(*c); + } else { + buffer.value = NULL; + buffer.length = 0; + } + + gss_set_sec_context_option(&junk, NULL, + GSS_KRB5_SEND_TO_KDC_X, &buffer); + + return (GSS_S_COMPLETE); +} + +/* + * + */ + +OM_uint32 +gss_krb5_ccache_name(OM_uint32 *minor_status, + const char *name, + const char **out_name) +{ + gss_buffer_desc buffer; + OM_uint32 junk; + + if (out_name) + *out_name = NULL; + + buffer.value = rk_UNCONST(name); + buffer.length = strlen(name); + + gss_set_sec_context_option(&junk, NULL, + GSS_KRB5_CCACHE_NAME_X, &buffer); + + return (GSS_S_COMPLETE); +} + + +/* + * + */ + +OM_uint32 +gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + time_t *authtime) +{ + gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET; + OM_uint32 maj_stat; + + if (context_handle == GSS_C_NO_CONTEXT) { + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + maj_stat = + gss_inquire_sec_context_by_oid (minor_status, + context_handle, + GSS_KRB5_GET_AUTHTIME_X, + &data_set); + if (maj_stat) + return maj_stat; + + if (data_set == GSS_C_NO_BUFFER_SET) { + gss_release_buffer_set(minor_status, &data_set); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + if (data_set->count != 1) { + gss_release_buffer_set(minor_status, &data_set); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + if (data_set->elements[0].length != 4) { + gss_release_buffer_set(minor_status, &data_set); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + { + unsigned char *buf = data_set->elements[0].value; + *authtime = (buf[3] <<24) | (buf[2] << 16) | + (buf[1] << 8) | (buf[0] << 0); + } + + gss_release_buffer_set(minor_status, &data_set); + + *minor_status = 0; + return GSS_S_COMPLETE; +} + +/* + * + */ + +OM_uint32 +gsskrb5_extract_authz_data_from_sec_context(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int ad_type, + gss_buffer_t ad_data) +{ + gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET; + OM_uint32 maj_stat; + gss_OID_desc oid_flat; + heim_oid baseoid, oid; + size_t size; + + if (context_handle == GSS_C_NO_CONTEXT) { + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + /* All this to append an integer to an oid... */ + + if (der_get_oid(GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X->elements, + GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X->length, + &baseoid, NULL) != 0) { + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + oid.length = baseoid.length + 1; + oid.components = calloc(oid.length, sizeof(*oid.components)); + if (oid.components == NULL) { + der_free_oid(&baseoid); + + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + memcpy(oid.components, baseoid.components, + baseoid.length * sizeof(*baseoid.components)); + + der_free_oid(&baseoid); + + oid.components[oid.length - 1] = ad_type; + + oid_flat.length = der_length_oid(&oid); + oid_flat.elements = malloc(oid_flat.length); + if (oid_flat.elements == NULL) { + free(oid.components); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + if (der_put_oid((unsigned char *)oid_flat.elements + oid_flat.length - 1, + oid_flat.length, &oid, &size) != 0) { + free(oid.components); + free(oid_flat.elements); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + if (oid_flat.length != size) + abort(); + + free(oid.components); + + /* FINALLY, we have the OID */ + + maj_stat = gss_inquire_sec_context_by_oid (minor_status, + context_handle, + &oid_flat, + &data_set); + + free(oid_flat.elements); + + if (maj_stat) + return maj_stat; + + if (data_set == GSS_C_NO_BUFFER_SET || data_set->count != 1) { + gss_release_buffer_set(minor_status, &data_set); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + ad_data->value = malloc(data_set->elements[0].length); + if (ad_data->value == NULL) { + gss_release_buffer_set(minor_status, &data_set); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + ad_data->length = data_set->elements[0].length; + memcpy(ad_data->value, data_set->elements[0].value, ad_data->length); + gss_release_buffer_set(minor_status, &data_set); + + *minor_status = 0; + return GSS_S_COMPLETE; +} + +/* + * + */ + +static OM_uint32 +gsskrb5_extract_key(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + const gss_OID oid, + krb5_keyblock **keyblock) +{ + krb5_error_code ret; + gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET; + OM_uint32 major_status; + krb5_context context = NULL; + krb5_storage *sp = NULL; + + if (context_handle == GSS_C_NO_CONTEXT) { + ret = EINVAL; + return GSS_S_FAILURE; + } + + ret = krb5_init_context(&context); + if(ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + + major_status = + gss_inquire_sec_context_by_oid (minor_status, + context_handle, + oid, + &data_set); + if (major_status) + return major_status; + + if (data_set == GSS_C_NO_BUFFER_SET || data_set->count != 1) { + gss_release_buffer_set(minor_status, &data_set); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + sp = krb5_storage_from_mem(data_set->elements[0].value, + data_set->elements[0].length); + if (sp == NULL) { + ret = ENOMEM; + goto out; + } + + *keyblock = calloc(1, sizeof(**keyblock)); + if (keyblock == NULL) { + ret = ENOMEM; + goto out; + } + + ret = krb5_ret_keyblock(sp, *keyblock); + +out: + gss_release_buffer_set(minor_status, &data_set); + if (sp) + krb5_storage_free(sp); + if (ret && keyblock) { + krb5_free_keyblock(context, *keyblock); + *keyblock = NULL; + } + if (context) + krb5_free_context(context); + + *minor_status = ret; + if (ret) + return GSS_S_FAILURE; + + return GSS_S_COMPLETE; +} + +/* + * + */ + +OM_uint32 +gsskrb5_extract_service_keyblock(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + krb5_keyblock **keyblock) +{ + return gsskrb5_extract_key(minor_status, + context_handle, + GSS_KRB5_GET_SERVICE_KEYBLOCK_X, + keyblock); +} + +OM_uint32 +gsskrb5_get_initiator_subkey(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + krb5_keyblock **keyblock) +{ + return gsskrb5_extract_key(minor_status, + context_handle, + GSS_KRB5_GET_INITIATOR_SUBKEY_X, + keyblock); +} + +OM_uint32 +gsskrb5_get_subkey(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + krb5_keyblock **keyblock) +{ + return gsskrb5_extract_key(minor_status, + context_handle, + GSS_KRB5_GET_SUBKEY_X, + keyblock); +} + +OM_uint32 +gsskrb5_set_default_realm(const char *realm) +{ + gss_buffer_desc buffer; + OM_uint32 junk; + + buffer.value = rk_UNCONST(realm); + buffer.length = strlen(realm); + + gss_set_sec_context_option(&junk, NULL, + GSS_KRB5_SET_DEFAULT_REALM_X, &buffer); + + return (GSS_S_COMPLETE); +} + +OM_uint32 +gss_krb5_get_tkt_flags(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + OM_uint32 *tkt_flags) +{ + + OM_uint32 major_status; + gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET; + + if (context_handle == GSS_C_NO_CONTEXT) { + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + major_status = + gss_inquire_sec_context_by_oid (minor_status, + context_handle, + GSS_KRB5_GET_TKT_FLAGS_X, + &data_set); + if (major_status) + return major_status; + + if (data_set == GSS_C_NO_BUFFER_SET || + data_set->count != 1 || + data_set->elements[0].length < 4) { + gss_release_buffer_set(minor_status, &data_set); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + { + const u_char *p = data_set->elements[0].value; + *tkt_flags = (p[0] << 0) | (p[1] << 8) | (p[2] << 16) | (p[3] << 24); + } + + gss_release_buffer_set(minor_status, &data_set); + return GSS_S_COMPLETE; +} + diff --git a/kerberos5/lib/libgssapi_krb5/prefix.c b/kerberos5/lib/libgssapi_krb5/prefix.c new file mode 100644 index 0000000..086b744 --- /dev/null +++ b/kerberos5/lib/libgssapi_krb5/prefix.c @@ -0,0 +1,33 @@ +/*- + * Copyright (c) 2008 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +const char * +_gss_name_prefix(void) +{ + return "_gsskrb5"; +} diff --git a/kerberos5/lib/libgssapi_ntlm/Makefile b/kerberos5/lib/libgssapi_ntlm/Makefile new file mode 100644 index 0000000..cbecc2d --- /dev/null +++ b/kerberos5/lib/libgssapi_ntlm/Makefile @@ -0,0 +1,44 @@ +# $FreeBSD$ + +LIB= gssapi_ntlm +LDFLAGS= -Wl,-Bsymbolic +LDADD= -lkrb5 -lhx509 -lheimntlm -lroken +DPADD= ${LIBKRB5} ${LIBHX509} ${LIBHEIMNTLM} ${LIBROKEN} + +SRCS= accept_sec_context.c \ + acquire_cred.c \ + add_cred.c \ + canonicalize_name.c \ + compare_name.c \ + context_time.c \ + crypto.c \ + delete_sec_context.c \ + display_name.c \ + display_status.c \ + duplicate_name.c \ + export_name.c \ + export_sec_context.c \ + external.c \ + ntlm.h \ + ntlm-private.h \ + import_name.c \ + import_sec_context.c \ + indicate_mechs.c \ + init_sec_context.c \ + inquire_context.c \ + inquire_cred.c \ + inquire_cred_by_mech.c \ + inquire_mechs_for_name.c \ + inquire_names_for_mech.c \ + prefix.c \ + process_context_token.c \ + release_cred.c \ + release_name.c \ + digest.c + +CFLAGS+=-I${KRB5DIR}/lib/gssapi +CFLAGS+=-I${KRB5DIR}/lib/ntlm + +.include <bsd.lib.mk> + +.PATH: ${KRB5DIR}/lib/gssapi/ntlm ${.CURDIR}/../../../lib/libgssapi diff --git a/kerberos5/lib/libgssapi_ntlm/prefix.c b/kerberos5/lib/libgssapi_ntlm/prefix.c new file mode 100644 index 0000000..68db641 --- /dev/null +++ b/kerberos5/lib/libgssapi_ntlm/prefix.c @@ -0,0 +1,33 @@ +/*- + * Copyright (c) 2008 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +const char * +_gss_name_prefix(void) +{ + return "_gss_ntlm"; +} diff --git a/kerberos5/lib/libgssapi_spnego/Makefile b/kerberos5/lib/libgssapi_spnego/Makefile new file mode 100644 index 0000000..af98880 --- /dev/null +++ b/kerberos5/lib/libgssapi_spnego/Makefile @@ -0,0 +1,48 @@ +# $FreeBSD$ + +LIB= gssapi_spnego +LDFLAGS= -Wl,-Bsymbolic +LDADD= -lasn1 +DPADD= ${LIBASN1} + +SRCS= accept_sec_context.c \ + compat.c \ + context_stubs.c \ + cred_stubs.c \ + external.c \ + init_sec_context.c \ + prefix.c \ + spnego_asn1.h \ + ${GEN:S/.x$/.c/} + +GEN= asn1_ContextFlags.x \ + asn1_MechType.x \ + asn1_MechTypeList.x \ + asn1_NegotiationToken.x \ + asn1_NegotiationTokenWin.x \ + asn1_NegHints.x \ + asn1_NegTokenInit.x \ + asn1_NegTokenInitWin.x \ + asn1_NegTokenResp.x + +CFLAGS+=-I${KRB5DIR}/lib/gssapi +CFLAGS+=-I${KRB5DIR}/lib/asn1 +CFLAGS+=-I${KRB5DIR}/lib/roken -I. + +CLEANFILES= ${GEN} ${GEN:S/.x$/.c/} spnego_asn1.h asn1_files + +.ORDER: ${GEN} spnego_asn1.h +${GEN} spnego_asn1.h: spnego.asn1 ../../tools/asn1_compile/asn1_compile + ../../tools/asn1_compile/asn1_compile --sequence=MechTypeList ${.ALLSRC:M*.asn1} spnego_asn1 + +../../tools/asn1_compile/asn1_compile: + cd ${.CURDIR}/../../tools/asn1_compile && ${MAKE} + +.for I in ${GEN} +${I:R}.c: ${I} + cat ${.ALLSRC} > ${.TARGET} +.endfor + +.include <bsd.lib.mk> + +.PATH: ${KRB5DIR}/lib/gssapi/spnego ${.CURDIR}/../../../lib/libgssapi diff --git a/kerberos5/lib/libgssapi_spnego/prefix.c b/kerberos5/lib/libgssapi_spnego/prefix.c new file mode 100644 index 0000000..575c951 --- /dev/null +++ b/kerberos5/lib/libgssapi_spnego/prefix.c @@ -0,0 +1,45 @@ +/*- + * Copyright (c) 2008 Doug Rabson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#include <gssapi/gssapi.h> + +static gss_OID_desc gss_c_peer_has_updated_spnego_oid_desc = +{9, (void *)"\x2b\x06\x01\x04\x01\xa9\x4a\x13\x05"}; + +gss_OID GSS_C_PEER_HAS_UPDATED_SPNEGO = &gss_c_peer_has_updated_spnego_oid_desc; + +static gss_OID_desc gss_krb5_mechanism_oid_desc = +{9, (void *) "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"}; + +gss_OID GSS_KRB5_MECHANISM = &gss_krb5_mechanism_oid_desc; + +const char * +_gss_name_prefix(void) +{ + return "_gss_spnego"; +} diff --git a/kerberos5/lib/libhdb/Makefile b/kerberos5/lib/libhdb/Makefile index eef619f..75465d3 100644 --- a/kerberos5/lib/libhdb/Makefile +++ b/kerberos5/lib/libhdb/Makefile @@ -11,11 +11,14 @@ INCS= hdb-private.h \ SRCS= common.c \ db.c \ db3.c \ + dbinfo.c \ + ext.c \ hdb-ldap.c \ hdb.c \ hdb_asn1.h \ hdb_err.c \ hdb_err.h \ + keys.c \ keytab.c \ mkey.c \ ndbm.c \ @@ -24,13 +27,23 @@ SRCS= common.c \ CFLAGS+=-I${KRB5DIR}/lib/hdb -I${KRB5DIR}/lib/asn1 \ -I${KRB5DIR}/lib/roken -I. ${LDAPCFLAGS} +CFLAGS+=-DHDB_DB_DIR="\"/var/heimdal\"" -GEN= asn1_Event.x \ - asn1_GENERATION.x \ - asn1_HDBFlags.x \ +GEN= asn1_Salt.x \ asn1_Key.x \ - asn1_Salt.x \ - asn1_hdb_entry.x + asn1_Event.x \ + asn1_HDBFlags.x \ + asn1_GENERATION.x \ + asn1_HDB_Ext_PKINIT_acl.x \ + asn1_HDB_Ext_PKINIT_hash.x \ + asn1_HDB_Ext_Constrained_delegation_acl.x \ + asn1_HDB_Ext_Lan_Manager_OWF.x \ + asn1_HDB_Ext_Password.x \ + asn1_HDB_Ext_Aliases.x \ + asn1_HDB_extension.x \ + asn1_HDB_extensions.x \ + asn1_hdb_entry.x \ + asn1_hdb_entry_alias.x CLEANFILES= ${GEN} ${GEN:S/.x$/.c/} hdb_asn1.h asn1_files diff --git a/kerberos5/lib/libheimntlm/Makefile b/kerberos5/lib/libheimntlm/Makefile new file mode 100644 index 0000000..e223258 --- /dev/null +++ b/kerberos5/lib/libheimntlm/Makefile @@ -0,0 +1,11 @@ +# $FreeBSD$ + +LIB= heimntlm +SRCS= ntlm.c +INCS= heimntlm.h heimntlm-protos.h +CFLAGS+=-I${KRB5DIR}/lib/ntlm +VERSION_MAP= ${KRB5DIR}/lib/ntlm/version-script.map + +.include <bsd.lib.mk> + +.PATH: ${KRB5DIR}/lib/ntlm diff --git a/kerberos5/lib/libhx509/Makefile b/kerberos5/lib/libhx509/Makefile new file mode 100644 index 0000000..e94831a --- /dev/null +++ b/kerberos5/lib/libhx509/Makefile @@ -0,0 +1,103 @@ +# $FreeBSD$ + +LIB= hx509 +VERSION_MAP= ${KRB5DIR}/lib/hx509/version-script.map + +INCS= hx509-private.h \ + hx509-protos.h \ + hx509.h \ + hx509_err.h + +SRCS= ca.c \ + cert.c \ + cms.c \ + collector.c \ + crypto.c \ + doxygen.c \ + error.c \ + env.c \ + file.c \ + hx509-private.h \ + hx509-protos.h \ + hx509.h \ + hx_locl.h \ + keyset.c \ + ks_dir.c \ + ks_file.c \ + ks_mem.c \ + ks_null.c \ + ks_p11.c \ + ks_p12.c \ + ks_keychain.c \ + lock.c \ + name.c \ + peer.c \ + print.c \ + softp11.c \ + ref/pkcs11.h \ + req.c \ + revoke.c + +SRCS+= hx509_err.c \ + hx509_err.h + +SRCS+= ${GEN:S/.x$/.c/} + +CFLAGS+=-I${KRB5DIR}/lib/hx509 +CFLAGS+=-I${KRB5DIR}/lib/hx509/ref +CFLAGS+=-I${KRB5DIR}/lib/asn1 +CFLAGS+=-I${KRB5DIR}/lib/roken -I. + +GEN_OCSP= \ + asn1_OCSPBasicOCSPResponse.x \ + asn1_OCSPCertID.x \ + asn1_OCSPCertStatus.x \ + asn1_OCSPInnerRequest.x \ + asn1_OCSPKeyHash.x \ + asn1_OCSPRequest.x \ + asn1_OCSPResponderID.x \ + asn1_OCSPResponse.x \ + asn1_OCSPResponseBytes.x \ + asn1_OCSPResponseData.x \ + asn1_OCSPResponseStatus.x \ + asn1_OCSPSignature.x \ + asn1_OCSPSingleResponse.x \ + asn1_OCSPTBSRequest.x \ + asn1_OCSPVersion.x \ + asn1_id_pkix_ocsp.x \ + asn1_id_pkix_ocsp_basic.x \ + asn1_id_pkix_ocsp_nonce.x + +GEN_PKCS10= \ + asn1_CertificationRequestInfo.x \ + asn1_CertificationRequest.x + +GEN+= ${GEN_OCSP} +GEN+= ${GEN_PKCS10} + +CLEANFILES= ${GEN} ${GEN:S/.x$/.c/} asn1_files + +GEN_ASN1=ocsp_asn1.h pkcs10_asn1.h +CLEANFILES+=${GEN_ASN1} +SRCS+=${GEN_ASN1} +INCS+=${GEN_ASN1} + +.ORDER: ${GEN} ${GEN_ASN1} + +${GEN_OCSP} ocsp_asn1.h: ocsp.asn1 ../../tools/asn1_compile/asn1_compile + ../../tools/asn1_compile/asn1_compile --preserve-binary=OCSPTBSRequest --preserve-binary=OCSPResponseData ${.ALLSRC:M*.asn1} ocsp_asn1 + +${GEN_PKCS10} pkcs10_asn1.h: pkcs10.asn1 ../../tools/asn1_compile/asn1_compile + ../../tools/asn1_compile/asn1_compile ${.ALLSRC:M*.asn1} pkcs10_asn1 + +../../tools/asn1_compile/asn1_compile: + cd ${.CURDIR}/../../tools/asn1_compile && ${MAKE} + +.for I in ${GEN} +${I:R}.c: ${I} + cat ${.ALLSRC} > ${.TARGET} +.endfor + +.include <bsd.lib.mk> + +.PATH: ${KRB5DIR}/lib/hx509 ${KRB5DIR}/lib/asn1 diff --git a/kerberos5/lib/libkadm5clnt/Makefile b/kerberos5/lib/libkadm5clnt/Makefile index 32cc80b..3390866 100644 --- a/kerberos5/lib/libkadm5clnt/Makefile +++ b/kerberos5/lib/libkadm5clnt/Makefile @@ -10,7 +10,8 @@ INCS= admin.h \ INCSDIR=${INCLUDEDIR}/kadm5 -SRCS= chpass_c.c \ +SRCS= ad.c \ + chpass_c.c \ client_glue.c \ common_glue.c \ create_c.c \ diff --git a/kerberos5/lib/libkadm5srv/Makefile b/kerberos5/lib/libkadm5srv/Makefile index 086cb8f..c0be477 100644 --- a/kerberos5/lib/libkadm5srv/Makefile +++ b/kerberos5/lib/libkadm5srv/Makefile @@ -1,6 +1,7 @@ # $FreeBSD$ LIB= kadm5srv +VERSION_MAP= ${KRB5DIR}/lib/kadm5/version-script.map SRCS= acl.c \ bump_pw_expire.c \ diff --git a/kerberos5/lib/libkafs5/Makefile b/kerberos5/lib/libkafs5/Makefile index 337c642..e0e0b30 100644 --- a/kerberos5/lib/libkafs5/Makefile +++ b/kerberos5/lib/libkafs5/Makefile @@ -19,7 +19,7 @@ MLINKS= kafs5.3 k_afs_cell_of_file.3 \ kafs5.3 krb_afslog.3 \ kafs5.3 krb_afslog_uid.3 -SRCS= afssys.c afskrb5.c common.c +SRCS= afssys.c afskrb5.c common.c krb5_err.h CFLAGS+=-I${KRB5DIR}/lib/kafs -I${KRB5DIR}/lib/krb5 -I${KRB5DIR}/lib/roken CLEANFILES= kafs5.3 diff --git a/kerberos5/lib/libkrb5/Makefile b/kerberos5/lib/libkrb5/Makefile index 40cddc3..5ba011b 100644 --- a/kerberos5/lib/libkrb5/Makefile +++ b/kerberos5/lib/libkrb5/Makefile @@ -1,45 +1,76 @@ # $FreeBSD$ LIB= krb5 +VERSION_MAP= ${KRB5DIR}/lib/krb5/version-script.map INCS= heim_err.h \ + heim_threads.h \ k524_err.h \ krb5-protos.h \ krb5-types.h \ krb5.h \ - krb5_err.h + krb5_err.h \ + krb5-v4compat.h \ + krb_err.h MAN= krb5.3 \ + krb524_convert_creds_kdc.3 \ krb5_425_conv_principal.3 \ + krb5_acl_match_file.3 \ krb5_address.3 \ krb5_aname_to_localname.3 \ krb5_appdefault.3 \ krb5_auth_context.3 \ - krb5_build_principal.3 \ + krb5_c_make_checksum.3 \ krb5_ccache.3 \ + krb5_check_transited.3 \ + krb5_compare_creds.3 \ krb5_config.3 \ krb5_context.3 \ krb5_create_checksum.3 \ + krb5_creds.3 \ krb5_crypto_init.3 \ krb5_data.3 \ + krb5_digest.3 \ + krb5_eai_to_heim_errno.3 \ krb5_encrypt.3 \ - krb5_free_addresses.3 \ - krb5_free_principal.3 \ + krb5_expand_hostname.3 \ + krb5_find_padata.3 \ + krb5_generate_random_block.3 \ krb5_get_all_client_addrs.3 \ + krb5_get_credentials.3 \ + krb5_get_creds.3 \ + krb5_get_forwarded_creds.3 \ + krb5_get_in_cred.3 \ + krb5_get_init_creds.3 \ krb5_get_krbhst.3 \ + krb5_getportbyname.3 \ krb5_init_context.3 \ + krb5_is_thread_safe.3 \ + krb5_keyblock.3 \ krb5_keytab.3 \ krb5_krbhst_init.3 \ krb5_kuserok.3 \ + krb5_mk_req.3 \ + krb5_mk_safe.3 \ krb5_openlog.3 \ krb5_parse_name.3 \ - krb5_principal_get_realm.3 \ + krb5_principal.3 \ + krb5_rcache.3 \ + krb5_rd_error.3 \ + krb5_rd_safe.3 \ krb5_set_default_realm.3 \ - krb5_sname_to_principal.3 \ + krb5_set_password.3 \ + krb5_storage.3 \ + krb5_string_to_key.3 \ + krb5_ticket.3 \ krb5_timeofday.3 \ krb5_unparse_name.3 \ + krb5_verify_init_creds.3 \ krb5_verify_user.3 \ - krb5_warn.3 + krb5_warn.3 \ + verify_krb5_conf.8 + MAN+= krb5.conf.5 MAN+= kerberos.8 @@ -209,7 +240,8 @@ MLINKS= krb5_425_conv_principal.3 krb5_425_conv_principal_ext.3 \ krb5_warn.3 krb5_vwarnx.3 \ krb5_warn.3 krb5_warnx.3 -SRCS= acl.c \ +SRCS= acache.c \ + acl.c \ add_et_list.c \ addr_families.c \ aname_to_localname.c \ @@ -231,6 +263,7 @@ SRCS= acl.c \ creds.c \ crypto.c \ data.c \ + digest.c \ eai_to_heim_errno.c \ error_string.c \ expand_hostname.c \ @@ -250,12 +283,11 @@ SRCS= acl.c \ get_in_tkt_with_keytab.c \ get_in_tkt_with_skey.c \ get_port.c \ - heim_err.c \ - heim_err.h \ + heim_threads.h \ init_creds.c \ init_creds_pw.c \ - k524_err.c \ - k524_err.h \ + kcm.c \ + kcm.h \ keyblock.c \ keytab.c \ keytab_any.c \ @@ -263,8 +295,8 @@ SRCS= acl.c \ keytab_keyfile.c \ keytab_krb4.c \ keytab_memory.c \ - krb5_err.c \ - krb5_err.h \ + krb5_locl.h \ + krb5-v4compat.h \ krbhst.c \ kuserok.c \ log.c \ @@ -276,10 +308,13 @@ SRCS= acl.c \ mk_req.c \ mk_req_ext.c \ mk_safe.c \ + mit_glue.c \ n-fold.c \ net_read.c \ net_write.c \ + pac.c \ padata.c \ + pkinit.c \ principal.c \ prog_setup.c \ prompter_posix.c \ @@ -297,20 +332,32 @@ SRCS= acl.c \ set_default_realm.c \ sock_principal.c \ store.c \ + store-int.h \ store_emem.c \ store_fd.c \ store_mem.c \ + plugin.c \ ticket.c \ time.c \ transited.c \ + v4_glue.c \ verify_init.c \ verify_user.c \ version.c \ warn.c \ write_message.c +SRCS+= heim_err.c \ + heim_err.h \ + k524_err.c \ + k524_err.h \ + krb5_err.c \ + krb5_err.h \ + krb_err.c \ + krb_err.h + CFLAGS+=-I${KRB5DIR}/lib/krb5 -I${KRB5DIR}/lib/asn1 -I${KRB5DIR}/lib/roken -I. .include <bsd.lib.mk> -.PATH: ${KRB5DIR}/lib/krb5 ${.CURDIR}/../../include +.PATH: ${KRB5DIR}/lib/krb5 ${KRB5DIR}/lib/asn1 ${.CURDIR}/../../include diff --git a/kerberos5/lib/libroken/Makefile b/kerberos5/lib/libroken/Makefile index fceb6ec..952740e 100644 --- a/kerberos5/lib/libroken/Makefile +++ b/kerberos5/lib/libroken/Makefile @@ -1,13 +1,14 @@ # $FreeBSD$ LIB= roken -SHLIB_MAJOR= 9 INCS= roken.h roken-common.h SRCS= base64.c \ bswap.c \ + closefrom.c \ concat.c \ copyhostent.c \ + dumpdata.c \ ecalloc.c \ emalloc.c \ environment.c \ @@ -21,6 +22,7 @@ SRCS= base64.c \ getaddrinfo_hostspec.c \ getarg.c \ getnameinfo_verified.c \ + hex.c \ hostent_find_fqdn.c \ issuid.c \ k_getpwnam.c \ @@ -43,6 +45,7 @@ SRCS= base64.c \ strlwr.c \ strndup.c \ strnlen.c \ + strpool.c \ strsep_copy.c \ strupr.c \ timeval.c \ diff --git a/kerberos5/libexec/Makefile b/kerberos5/libexec/Makefile index 89baf6d..b61f99b 100644 --- a/kerberos5/libexec/Makefile +++ b/kerberos5/libexec/Makefile @@ -1,5 +1,5 @@ # $FreeBSD$ -SUBDIR= ipropd-master ipropd-slave hprop hpropd kadmind kdc kpasswdd +SUBDIR= ipropd-master ipropd-slave hprop hpropd kadmind kdc kpasswdd kcm .include <bsd.subdir.mk> diff --git a/kerberos5/libexec/hprop/Makefile b/kerberos5/libexec/hprop/Makefile index 84523cf..0639839 100644 --- a/kerberos5/libexec/hprop/Makefile +++ b/kerberos5/libexec/hprop/Makefile @@ -3,10 +3,16 @@ PROG= hprop MAN= hprop.8 SRCS= hprop.c mit_dump.c v4_dump.c -CFLAGS+=-I${KRB5DIR}/lib/roken -I${KRB5DIR}/lib/krb5 -I${KRB5DIR}/lib/asn1 -DPADD= ${LIBHDB} ${LIBKRB5} ${LIBROKEN} ${LIBVERS} \ +CFLAGS+=-I${KRB5DIR}/lib/roken +CFLAGS+=-I${KRB5DIR}/lib/krb5 +CFLAGS+=-I${KRB5DIR}/lib/asn1 +CFLAGS+=-I${KRB5DIR}/lib/hx509 +CFLAGS+=-I${KRB5DIR}/lib/ntlm +CFLAGS+=-I${KRB5DIR}/kdc +CFLAGS+=-I${.OBJDIR}/../../lib/libkrb5 +DPADD= ${LIBHDB} ${LIBKRB5} ${LIBHX509} ${LIBROKEN} ${LIBVERS} \ ${LIBASN1} ${LIBCRYPTO} ${LIBCRYPT} ${LIBCOM_ERR} ${LDAPDPADD} -LDADD= -lhdb -lkrb5 -lroken ${LIBVERS} \ +LDADD= -lhdb -lkrb5 -lhx509 -lroken ${LIBVERS} \ -lasn1 -lcrypto -lcrypt -lcom_err ${LDAPLDADD} LDFLAGS=${LDAPLDFLAGS} diff --git a/kerberos5/libexec/hpropd/Makefile b/kerberos5/libexec/hpropd/Makefile index 4db38fb..e0722bd 100644 --- a/kerberos5/libexec/hpropd/Makefile +++ b/kerberos5/libexec/hpropd/Makefile @@ -3,10 +3,10 @@ PROG= hpropd MAN= hpropd.8 CFLAGS+=-I${KRB5DIR}/lib/roken -I${KRB5DIR}/lib/krb5 -I${KRB5DIR}/lib/asn1 \ - ${LDAPCFLAGS} -DPADD= ${LIBHDB} ${LIBKRB5} ${LIBROKEN} ${LIBVERS} \ + -I${KRB5DIR}/kdc ${LDAPCFLAGS} +DPADD= ${LIBHDB} ${LIBKRB5} ${LIBHX509} ${LIBROKEN} ${LIBVERS} \ ${LIBASN1} ${LIBCRYPTO} ${LIBCRYPT} ${LIBCOM_ERR} ${LDAPDPADD} -LDADD= -lhdb -lkrb5 -lroken ${LIBVERS} \ +LDADD= -lhdb -lkrb5 -lhx509 -lroken ${LIBVERS} \ -lasn1 -lcrypto -lcrypt -lcom_err ${LDAPLDADD} LDFLAGS=${LDAPLDFLAGS} diff --git a/kerberos5/libexec/ipropd-master/Makefile b/kerberos5/libexec/ipropd-master/Makefile index 6cfa99d..bc1c19c 100644 --- a/kerberos5/libexec/ipropd-master/Makefile +++ b/kerberos5/libexec/ipropd-master/Makefile @@ -2,15 +2,18 @@ PROG= ipropd-master NO_MAN= -SRCS= ipropd_master.c kadm5_err.h +SRCS= ipropd_common.c ipropd_master.c kadm5_err.h CFLAGS+=-I${KRB5DIR}/lib/krb5 -I${KRB5DIR}/lib/asn1 -I${KRB5DIR}/lib/roken \ -I. ${LDAPCFLAGS} -DPADD= ${LIBKADM5SRV} ${LIBHDB} ${LIBKRB5} ${LIBROKEN} ${LIBVERS} \ +DPADD= ${LIBKADM5SRV} ${LIBHDB} ${LIBKRB5} ${LIBHX509} ${LIBROKEN} ${LIBVERS} \ ${LIBASN1} ${LIBCRYPTO} ${LIBCRYPT} ${LIBCOM_ERR} ${LDAPDPADD} -LDADD= -lkadm5srv -lhdb -lkrb5 -lroken ${LIBVERS} \ +LDADD= -lkadm5srv -lhdb -lkrb5 -lhx509 -lroken ${LIBVERS} \ -lasn1 -lcrypto -lcrypt -lcom_err ${LDAPLDADD} LDFLAGS=${LDAPLDFLAGS} +foo:: + echo ${LIBHX509} + .include <bsd.prog.mk> .PATH: ${KRB5DIR}/lib/kadm5 diff --git a/kerberos5/libexec/ipropd-slave/Makefile b/kerberos5/libexec/ipropd-slave/Makefile index 11e2bc3..e2141e7 100644 --- a/kerberos5/libexec/ipropd-slave/Makefile +++ b/kerberos5/libexec/ipropd-slave/Makefile @@ -2,12 +2,12 @@ PROG= ipropd-slave NO_MAN= -SRCS= ipropd_slave.c kadm5_err.h +SRCS= ipropd_common.c ipropd_slave.c kadm5_err.h CFLAGS+=-I${KRB5DIR}/lib/krb5 -I${KRB5DIR}/lib/asn1 -I${KRB5DIR}/lib/roken \ -I. ${LDAPCFLAGS} -DPADD= ${LIBKADM5SRV} ${LIBHDB} ${LIBKRB5} ${LIBROKEN} ${LIBVERS} \ +DPADD= ${LIBKADM5SRV} ${LIBHDB} ${LIBKRB5} ${LIBHX509} ${LIBROKEN} ${LIBVERS} \ ${LIBASN1} ${LIBCRYPTO} ${LIBCRYPT} ${LIBCOM_ERR} ${LDAPDPADD} -LDADD= -lkadm5srv -lhdb -lkrb5 -lroken ${LIBVERS} \ +LDADD= -lkadm5srv -lhdb -lkrb5 -lhx509 -lroken ${LIBVERS} \ -lasn1 -lcrypto -lcrypt -lcom_err ${LDAPLDADD} LDFLAGS=${LDAPLDFLAGS} diff --git a/kerberos5/libexec/kadmind/Makefile b/kerberos5/libexec/kadmind/Makefile index d0514a0..1ab2010 100644 --- a/kerberos5/libexec/kadmind/Makefile +++ b/kerberos5/libexec/kadmind/Makefile @@ -5,9 +5,9 @@ MAN= kadmind.8 SRCS= kadm_conn.c kadmind.c server.c CFLAGS+=-I${KRB5DIR}/lib/krb5 -I${KRB5DIR}/lib/asn1 -I${KRB5DIR}/lib/roken \ ${LDAPCFLAGS} -DPADD= ${LIBKADM5SRV} ${LIBHDB} ${LIBKRB5} ${LIBROKEN} ${LIBVERS} \ +DPADD= ${LIBKADM5SRV} ${LIBHDB} ${LIBKRB5} ${LIBHX509} ${LIBROKEN} ${LIBVERS} \ ${LIBASN1} ${LIBCRYPTO} ${LIBCRYPT} ${LIBCOM_ERR} ${LDAPDPADD} -LDADD= -lkadm5srv -lhdb -lkrb5 -lroken ${LIBVERS} \ +LDADD= -lkadm5srv -lhdb -lkrb5 -lhx509 -lroken ${LIBVERS} \ -lasn1 -lcrypto -lcrypt -lcom_err ${LDAPLDADD} LDFLAGS=${LDAPLDFLAGS} diff --git a/kerberos5/libexec/kcm/Makefile b/kerberos5/libexec/kcm/Makefile new file mode 100644 index 0000000..7961589 --- /dev/null +++ b/kerberos5/libexec/kcm/Makefile @@ -0,0 +1,33 @@ +# $FreeBSD$ + +PROG= kcm +MAN= kcm.8 + +SRCS= acl.c \ + acquire.c \ + cache.c \ + client.c \ + config.c \ + connect.c \ + cursor.c \ + events.c \ + glue.c \ + headers.h \ + kcm_locl.h \ + kcm_protos.h \ + log.c \ + main.c \ + protocol.c \ + renew.c + +CFLAGS+=-I${KRB5DIR}/lib/krb5 -I${KRB5DIR}/lib/asn1 -I${KRB5DIR}/lib/roken \ + -I${KRB5DIR}/kcm ${LDAPCFLAGS} +DPADD= ${LIBKRB5} ${LIBHX509} ${LIBROKEN} ${LIBVERS} \ + ${LIBASN1} ${LIBCRYPTO} ${LIBCRYPT} ${LIBCOM_ERR} ${LDAPDPADD} +LDADD= -lkrb5 -lhx509 -lroken ${LIBVERS} \ + -lasn1 -lcrypto -lcrypt -lcom_err ${LDAPLDADD} +LDFLAGS=${LDAPLDFLAGS} + +.include <bsd.prog.mk> + +.PATH: ${KRB5DIR}/kcm diff --git a/kerberos5/libexec/kdc/Makefile b/kerberos5/libexec/kdc/Makefile index 73a1efc..f94e88a 100644 --- a/kerberos5/libexec/kdc/Makefile +++ b/kerberos5/libexec/kdc/Makefile @@ -6,17 +6,26 @@ MAN= kdc.8 SRCS= 524.c \ config.c \ connect.c \ + default_config.c \ + digest.c \ + kaserver.c \ kerberos4.c \ kerberos5.c \ + krb5tgs.c \ + kx509.c \ log.c \ main.c \ - misc.c + misc.c \ + pkinit.c \ + process.c \ + set_dbinfo.c \ + windc.c CFLAGS+=-I${KRB5DIR}/lib/krb5 -I${KRB5DIR}/lib/asn1 -I${KRB5DIR}/lib/roken \ - ${LDAPCFLAGS} -DPADD= ${LIBHDB} ${LIBKRB5} ${LIBROKEN} ${LIBVERS} \ + -I${KRB5DIR}/kdc ${LDAPCFLAGS} +DPADD= ${LIBHDB} ${LIBKRB5} ${LIBHX509} ${LIBHEIMNTLM} ${LIBROKEN} ${LIBVERS} \ ${LIBASN1} ${LIBCRYPTO} ${LIBCRYPT} ${LIBCOM_ERR} ${LDAPDPADD} -LDADD= -lhdb -lkrb5 -lroken ${LIBVERS} \ +LDADD= -lhdb -lkrb5 -lhx509 -lheimntlm -lroken ${LIBVERS} \ -lasn1 -lcrypto -lcrypt -lcom_err ${LDAPLDADD} LDFLAGS=${LDAPLDFLAGS} diff --git a/kerberos5/libexec/kpasswdd/Makefile b/kerberos5/libexec/kpasswdd/Makefile index c0e6a1e..2287686 100644 --- a/kerberos5/libexec/kpasswdd/Makefile +++ b/kerberos5/libexec/kpasswdd/Makefile @@ -2,10 +2,10 @@ PROG= kpasswdd MAN= kpasswdd.8 -CFLAGS+=-I${KRB5DIR}/lib/roken ${LDAPCFLAGS} -DPADD= ${LIBKADM5SRV} ${LIBHDB} ${LIBKRB5} ${LIBROKEN} ${LIBVERS} \ +CFLAGS+=-I${KRB5DIR}/lib/roken -I../../lib/libhdb ${LDAPCFLAGS} +DPADD= ${LIBKADM5SRV} ${LIBHDB} ${LIBKRB5} ${LIBHX509} ${LIBROKEN} ${LIBVERS} \ ${LIBASN1} ${LIBCRYPTO} ${LIBCRYPT} ${LIBCOM_ERR} ${LDAPDPADD} -LDADD= -lkadm5srv -lhdb -lkrb5 -lroken ${LIBVERS} \ +LDADD= -lkadm5srv -lhdb -lkrb5 -lhx509 -lroken ${LIBVERS} \ -lasn1 -lcrypto -lcrypt -lcom_err ${LDAPLDADD} LDFLAGS=${LDAPLDFLAGS} diff --git a/kerberos5/tools/Makefile b/kerberos5/tools/Makefile index ed8d30a..271f511 100644 --- a/kerberos5/tools/Makefile +++ b/kerberos5/tools/Makefile @@ -1,5 +1,5 @@ # $FreeBSD$ -SUBDIR= make-print-version make-roken asn1_compile +SUBDIR= make-print-version make-roken asn1_compile slc .include <bsd.subdir.mk> diff --git a/kerberos5/tools/asn1_compile/Makefile b/kerberos5/tools/asn1_compile/Makefile index a8ffa32..8fc7b01 100644 --- a/kerberos5/tools/asn1_compile/Makefile +++ b/kerberos5/tools/asn1_compile/Makefile @@ -10,8 +10,11 @@ SRCS= gen.c \ gen_free.c \ gen_glue-fixed.c \ gen_length.c \ + gen_seq.c \ hash.c \ + ecalloc.c \ emalloc.c \ + estrdup.c \ main.c \ symbol.c \ getarg.c \ @@ -41,8 +44,8 @@ roken.h: ../make-roken/make-roken cd ${.CURDIR}/../make-roken && ${MAKE} gen_glue-fixed.c: gen_glue.c - sed -e '106s/"/"#ifdef __PARSE_UNITS_H__\\n/;'\ - -e '106s/",/\\n#endif\\n",/' ${.ALLSRC} > ${.TARGET} + sed -e '96s/"/"#ifdef __PARSE_UNITS_H__\\n/;'\ + -e '96s/",/\\n#endif\\n",/' ${.ALLSRC} > ${.TARGET} CLEANFILES+= gen_glue-fixed.c .include <bsd.prog.mk> diff --git a/kerberos5/tools/slc/Makefile b/kerberos5/tools/slc/Makefile new file mode 100644 index 0000000..6388628 --- /dev/null +++ b/kerberos5/tools/slc/Makefile @@ -0,0 +1,34 @@ +# $FreeBSD$ + +PROG= slc +NO_MAN= + +SRCS= get_window_size.c \ + getarg.c \ + slc-gram.y \ + slc-lex.l \ + slc.h \ + strupr.c + +SRCS+= print_version.c \ + print_version.h + +CFLAGS+=-I${KRB5DIR}/lib/roken -I${KRB5DIR}/lib/sl -I${KRB5DIR}/lib/vers -I. + +CLEANFILES= print_version.h roken.h + +print_version.h: ../make-print-version/make-print-version + ../make-print-version/make-print-version ${.TARGET} + +../make-print-version/make-print-version: .PHONY + cd ${.CURDIR}/../make-print-version && ${MAKE} + +roken.h: ../make-roken/make-roken + ../make-roken/make-roken > ${.TARGET} + +../make-roken/make-roken: .PHONY + cd ${.CURDIR}/../make-roken && ${MAKE} + +.include <bsd.prog.mk> + +.PATH: ${KRB5DIR}/lib/vers ${KRB5DIR}/lib/roken ${KRB5DIR}/lib/sl diff --git a/kerberos5/usr.bin/kadmin/Makefile b/kerberos5/usr.bin/kadmin/Makefile index b646c98..0c5e1a2 100644 --- a/kerberos5/usr.bin/kadmin/Makefile +++ b/kerberos5/usr.bin/kadmin/Makefile @@ -3,7 +3,9 @@ PROG= kadmin MAN= kadmin.8 -SRCS= ank.c \ +SRCS= add_enctype.c \ + ank.c \ + check.c \ cpw.c \ del.c \ del_enctype.c \ @@ -12,19 +14,23 @@ SRCS= ank.c \ get.c \ init.c \ kadmin.c \ + kadmin-commands.c \ + kadmin-commands.h \ load.c \ mod.c \ + pw_quality.c \ random_password.c \ rename.c \ + stash.c \ util.c CFLAGS+=-I${KRB5DIR}/lib/asn1 -I${KRB5DIR}/lib/krb5 -I${KRB5DIR}/lib/roken \ - -I${KRB5DIR}/lib/sl ${LDAPCFLAGS} -DPADD= ${LIBKADM5CLNT} ${LIBKADM5SRV} ${LIBHDB} ${LIBKRB5} \ + -I${KRB5DIR}/lib/sl -I. ${LDAPCFLAGS} +DPADD= ${LIBKADM5CLNT} ${LIBKADM5SRV} ${LIBHDB} ${LIBKRB5} ${LIBHX509} \ ${LIBSL} ${LIBROKEN} ${LIBVERS} ${LIBASN1} \ ${LIBCRYPTO} ${LIBCRYPT} ${LIBCOM_ERR} \ ${LIBREADLINE} ${LIBNCURSES} ${LDAPDPADD} -LDADD= -lkadm5clnt -lkadm5srv -lhdb -lkrb5 \ +LDADD= -lkadm5clnt -lkadm5srv -lhdb -lkrb5 -lhx509 \ ${LIBSL} -lroken ${LIBVERS} -lasn1 \ -lcrypto -lcrypt -lcom_err \ -lreadline -lncurses ${LDAPLDADD} @@ -32,4 +38,11 @@ LDFLAGS=${LDAPLDFLAGS} .include <bsd.prog.mk> +kadmin-commands.c kadmin-commands.h: ${KRB5DIR}/kadmin/kadmin-commands.in ../../tools/slc/slc + ../../tools/slc/slc ${.ALLSRC:M*.in} + +../../tools/slc/slc: + cd ${.CURDIR}/../../tools/slc && ${MAKE} + .PATH: ${KRB5DIR}/kadmin + diff --git a/kerberos5/usr.bin/kdestroy/Makefile b/kerberos5/usr.bin/kdestroy/Makefile index 60bc792..8ebb201 100644 --- a/kerberos5/usr.bin/kdestroy/Makefile +++ b/kerberos5/usr.bin/kdestroy/Makefile @@ -2,9 +2,9 @@ PROG= kdestroy CFLAGS+=-I${KRB5DIR}/lib/roken -DPADD= ${LIBKAFS5} ${LIBKRB5} ${LIBROKEN} ${LIBVERS} \ +DPADD= ${LIBKAFS5} ${LIBKRB5} ${LIBHX509) ${LIBROKEN} ${LIBVERS} \ ${LIBASN1} ${LIBCRYPTO} ${LIBCRYPT} ${LIBCOM_ERR} -LDADD= -lkafs5 -lkrb5 -lroken ${LIBVERS} \ +LDADD= -lkafs5 -lkrb5 -lhx509 -lroken ${LIBVERS} \ -lasn1 -lcrypto -lcrypt -lcom_err .include <bsd.prog.mk> diff --git a/kerberos5/usr.bin/kinit/Makefile b/kerberos5/usr.bin/kinit/Makefile index 172ad98..e80f06d 100644 --- a/kerberos5/usr.bin/kinit/Makefile +++ b/kerberos5/usr.bin/kinit/Makefile @@ -2,9 +2,9 @@ PROG= kinit CFLAGS+=-I${KRB5DIR}/lib/roken -DPADD= ${LIBKAFS5} ${LIBKRB5} ${LIBROKEN} ${LIBVERS} \ +DPADD= ${LIBKAFS5} ${LIBKRB5} ${LIBHX509} ${LIBHEIMNTLM} ${LIBROKEN} ${LIBVERS} \ ${LIBASN1} ${LIBCRYPTO} ${LIBCRYPT} ${LIBCOM_ERR} -LDADD= -lkafs5 -lkrb5 -lroken ${LIBVERS} \ +LDADD= -lkafs5 -lkrb5 -lhx509 -lheimntlm -lroken ${LIBVERS} \ -lasn1 -lcrypto -lcrypt -lcom_err .include <bsd.prog.mk> diff --git a/kerberos5/usr.bin/klist/Makefile b/kerberos5/usr.bin/klist/Makefile index c97d65f..a76cc0a 100644 --- a/kerberos5/usr.bin/klist/Makefile +++ b/kerberos5/usr.bin/klist/Makefile @@ -2,9 +2,9 @@ PROG= klist CFLAGS+=-I${KRB5DIR}/lib/roken -DPADD= ${LIBKAFS5} ${LIBKRB5} ${LIBROKEN} ${LIBVERS} \ +DPADD= ${LIBKAFS5} ${LIBKRB5} ${LIBHX509} ${LIBROKEN} ${LIBVERS} \ ${LIBASN1} ${LIBCRYPTO} ${LIBCRYPT} ${LIBCOM_ERR} -LDADD= -lkafs5 -lkrb5 -lroken ${LIBVERS} \ +LDADD= -lkafs5 -lkrb5 -lhx509 -lroken ${LIBVERS} \ -lasn1 -lcrypto -lcrypt -lcom_err .include <bsd.prog.mk> diff --git a/kerberos5/usr.bin/kpasswd/Makefile b/kerberos5/usr.bin/kpasswd/Makefile index 686c299..e4da769 100644 --- a/kerberos5/usr.bin/kpasswd/Makefile +++ b/kerberos5/usr.bin/kpasswd/Makefile @@ -2,9 +2,9 @@ PROG= kpasswd CFLAGS+=-I${KRB5DIR}/lib/roken -DPADD= ${LIBKRB5} ${LIBROKEN} ${LIBVERS} \ +DPADD= ${LIBKRB5} ${LIBHX509 ${LIBROKEN} ${LIBVERS} \ ${LIBASN1} ${LIBCRYPTO} ${LIBCRYPT} ${LIBCOM_ERR} -LDADD= -lkrb5 -lroken ${LIBVERS} \ +LDADD= -lkrb5 -lhx509 -lroken ${LIBVERS} \ -lasn1 -lcrypto -lcrypt -lcom_err .include <bsd.prog.mk> diff --git a/kerberos5/usr.bin/ksu/Makefile b/kerberos5/usr.bin/ksu/Makefile index cca520e..c6a0290 100644 --- a/kerberos5/usr.bin/ksu/Makefile +++ b/kerberos5/usr.bin/ksu/Makefile @@ -8,9 +8,9 @@ PRECIOUSPROG= NO_MAN= SRCS= su.c CFLAGS+=-I${KRB5DIR}/lib/roken -DPADD= ${LIBKAFS5} ${LIBKRB5} ${LIBROKEN} ${LIBVERS} \ +DPADD= ${LIBKAFS5} ${LIBKRB5} ${LIBHX509} ${LIBROKEN} ${LIBVERS} \ ${LIBASN1} ${LIBCRYPTO} ${LIBCRYPT} ${LIBCOM_ERR} -LDADD= -lkafs5 -lkrb5 -lroken ${LIBVERS} \ +LDADD= -lkafs5 -lkrb5 -lhx509 -lroken ${LIBVERS} \ -lasn1 -lcrypto -lcrypt -lcom_err .include <bsd.prog.mk> diff --git a/kerberos5/usr.bin/verify_krb5_conf/Makefile b/kerberos5/usr.bin/verify_krb5_conf/Makefile index 7acce0e..830e66a 100644 --- a/kerberos5/usr.bin/verify_krb5_conf/Makefile +++ b/kerberos5/usr.bin/verify_krb5_conf/Makefile @@ -3,9 +3,9 @@ PROG= verify_krb5_conf MAN= verify_krb5_conf.8 CFLAGS+=-I${KRB5DIR}/lib/asn1 -I${KRB5DIR}/lib/krb5 -I${KRB5DIR}/lib/roken -DPADD= ${LIBKAFS5} ${LIBKRB5} ${LIBROKEN} ${LIBVERS} \ +DPADD= ${LIBKAFS5} ${LIBKRB5} ${LIBHX509} ${LIBROKEN} ${LIBVERS} \ ${LIBASN1} ${LIBCRYPTO} ${LIBCRYPT} ${LIBCOM_ERR} -LDADD= -lkafs5 -lkrb5 -lroken ${LIBVERS} \ +LDADD= -lkafs5 -lkrb5 -lhx509 -lroken ${LIBVERS} \ -lasn1 -lcrypto -lcrypt -lcom_err .include <bsd.prog.mk> diff --git a/kerberos5/usr.sbin/kstash/Makefile b/kerberos5/usr.sbin/kstash/Makefile index d9c6d8d..ef85069 100644 --- a/kerberos5/usr.sbin/kstash/Makefile +++ b/kerberos5/usr.sbin/kstash/Makefile @@ -3,10 +3,10 @@ PROG= kstash MAN= kstash.8 CFLAGS+=-I${KRB5DIR}/lib/asn1 -I${KRB5DIR}/lib/krb5 -I${KRB5DIR}/lib/roken \ - ${LDAPCFLAGS} -DPADD= ${LIBHDB} ${LIBKRB5} ${LIBROKEN} ${LIBVERS} \ + -I${KRB5DIR}/kdc ${LDAPCFLAGS} +DPADD= ${LIBHDB} ${LIBKRB5} ${LIBHX509} ${LIBROKEN} ${LIBVERS} \ ${LIBASN1} ${LIBCRYPTO} ${LIBCRYPT} ${LIBCOM_ERR} ${LDAPDPADD} -LDADD= -lhdb -lkrb5 -lroken ${LIBVERS} \ +LDADD= -lhdb -lkrb5 -lhx509 -lroken ${LIBVERS} \ -lasn1 -lcrypto -lcrypt -lcom_err ${LDAPLDADD} LDFLAGS=${LDAPLDFLAGS} diff --git a/kerberos5/usr.sbin/ktutil/Makefile b/kerberos5/usr.sbin/ktutil/Makefile index e134cce..4320fb2 100644 --- a/kerberos5/usr.sbin/ktutil/Makefile +++ b/kerberos5/usr.sbin/ktutil/Makefile @@ -8,19 +8,27 @@ SRCS= add.c \ copy.c \ get.c \ ktutil.c \ + ktutil-commands.c \ + ktutil-commands.h \ list.c \ purge.c \ remove.c \ rename.c -CFLAGS+=-I${KRB5DIR}/lib/roken -I${KRB5DIR}/lib/sl -DPADD= ${LIBKADM5CLNT} ${LIBKRB5} ${LIBSL} ${LIBROKEN} ${LIBVERS} \ +CFLAGS+=-I${KRB5DIR}/lib/roken -I${KRB5DIR}/lib/sl -I. +DPADD= ${LIBKADM5CLNT} ${LIBKRB5} ${LIBHX509} ${LIBSL} ${LIBROKEN} ${LIBVERS} \ ${LIBASN1} ${LIBCRYPTO} ${LIBCRYPT} ${LIBCOM_ERR} \ ${LIBREADLINE} ${LIBNCURSES} -LDADD= -lkadm5clnt -lkrb5 ${LIBSL} -lroken ${LIBVERS} \ +LDADD= -lkadm5clnt -lkrb5 -lhx509 ${LIBSL} -lroken ${LIBVERS} \ -lasn1 -lcrypto -lcrypt -lcom_err \ -lreadline -lncurses .include <bsd.prog.mk> +ktutil-commands.c ktutil-commands.h: ${KRB5DIR}/admin/ktutil-commands.in ../../tools/slc/slc + ../../tools/slc/slc ${.ALLSRC:M*.in} + +../../tools/slc/slc: + cd ${.CURDIR}/../../tools/slc && ${MAKE} + .PATH: ${KRB5DIR}/admin |
