summaryrefslogtreecommitdiffstats
path: root/crypto/heimdal/kdc
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/heimdal/kdc')
-rw-r--r--crypto/heimdal/kdc/524.c4
-rw-r--r--crypto/heimdal/kdc/Makefile.in16
-rw-r--r--crypto/heimdal/kdc/config.c15
-rw-r--r--crypto/heimdal/kdc/connect.c24
-rw-r--r--crypto/heimdal/kdc/headers.h6
-rw-r--r--crypto/heimdal/kdc/hprop.820
-rw-r--r--crypto/heimdal/kdc/hprop.c12
-rw-r--r--crypto/heimdal/kdc/hprop.cat8103
-rw-r--r--crypto/heimdal/kdc/hpropd.88
-rw-r--r--crypto/heimdal/kdc/hpropd.c4
-rw-r--r--crypto/heimdal/kdc/hpropd.cat843
-rw-r--r--crypto/heimdal/kdc/kaserver.c33
-rw-r--r--crypto/heimdal/kdc/kdc.811
-rw-r--r--crypto/heimdal/kdc/kdc.cat8118
-rw-r--r--crypto/heimdal/kdc/kerberos5.c134
-rw-r--r--crypto/heimdal/kdc/kstash.88
-rw-r--r--crypto/heimdal/kdc/kstash.cat834
-rw-r--r--crypto/heimdal/kdc/main.c4
-rw-r--r--crypto/heimdal/kdc/string2key.814
-rw-r--r--crypto/heimdal/kdc/string2key.cat842
20 files changed, 553 insertions, 100 deletions
diff --git a/crypto/heimdal/kdc/524.c b/crypto/heimdal/kdc/524.c
index df70988..ebe747f 100644
--- a/crypto/heimdal/kdc/524.c
+++ b/crypto/heimdal/kdc/524.c
@@ -33,7 +33,7 @@
#include "kdc_locl.h"
-RCSID("$Id: 524.c,v 1.19 2001/01/30 01:44:07 assar Exp $");
+RCSID("$Id: 524.c,v 1.20 2001/05/14 06:17:47 assar Exp $");
#ifdef KRB4
@@ -136,7 +136,7 @@ set_address (EncTicketPart *et,
if (v4_addr == NULL)
return ENOMEM;
- ret = krb5_sockaddr2address(addr, v4_addr);
+ ret = krb5_sockaddr2address(context, addr, v4_addr);
if(ret) {
free (v4_addr);
kdc_log(0, "Failed to convert address (%s)", from);
diff --git a/crypto/heimdal/kdc/Makefile.in b/crypto/heimdal/kdc/Makefile.in
index d5c394d..90d7e04 100644
--- a/crypto/heimdal/kdc/Makefile.in
+++ b/crypto/heimdal/kdc/Makefile.in
@@ -1,6 +1,7 @@
-# Makefile.in generated automatically by automake 1.4a from Makefile.am
+# Makefile.in generated automatically by automake 1.4b from Makefile.am
-# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
+# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
+# Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
@@ -119,7 +120,7 @@ install_sh = @install_sh@
# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
-# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
+# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
AUTOMAKE_OPTIONS = foreign no-dependencies
@@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii
@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
+@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
+
CHECK_LOCAL = $(PROGRAMS)
bin_PROGRAMS = string2key
@@ -317,7 +320,7 @@ OBJECTS = $(am_hprop_OBJECTS) $(am_hpropd_OBJECTS) $(am_kdc_OBJECTS) $(am_kstash
all: all-redirect
.SUFFIXES:
-.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x
+.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
cd $(top_srcdir) && $(AUTOMAKE) --foreign kdc/Makefile
@@ -522,6 +525,11 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
|| etags $(ETAGS_ARGS) $$tags $$unique $(LISP)
+GTAGS:
+ here=`CDPATH=: && cd $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $$here
+
mostlyclean-tags:
clean-tags:
diff --git a/crypto/heimdal/kdc/config.c b/crypto/heimdal/kdc/config.c
index 0621db1..78f75d3 100644
--- a/crypto/heimdal/kdc/config.c
+++ b/crypto/heimdal/kdc/config.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -35,7 +35,7 @@
#include <getarg.h>
#include <parse_bytes.h>
-RCSID("$Id: config.c,v 1.33 2000/09/10 19:27:17 joda Exp $");
+RCSID("$Id: config.c,v 1.36 2001/05/17 07:13:43 joda Exp $");
static char *config_file; /* location of kdc config file */
@@ -250,7 +250,7 @@ configure(int argc, char **argv)
if(config_file == NULL)
config_file = _PATH_KDC_CONF;
- if(krb5_config_parse_file(config_file, &cf))
+ if(krb5_config_parse_file(context, config_file, &cf))
cf = NULL;
get_dbinfo(cf);
@@ -286,6 +286,7 @@ configure(int argc, char **argv)
for (i = 0; i < addresses_str.num_strings; ++i)
add_one_address (addresses_str.strings[i], i == 0);
+ free_getarg_strings (&addresses_str);
} else {
char **foo = krb5_config_get_strings (context, cf,
"kdc", "addresses", NULL);
@@ -310,11 +311,11 @@ configure(int argc, char **argv)
enable_http = krb5_config_get_bool(context, cf, "kdc",
"enable-http", NULL);
check_ticket_addresses =
- krb5_config_get_bool(context, cf, "kdc",
- "check-ticket-addresses", NULL);
+ krb5_config_get_bool_default(context, cf, TRUE, "kdc",
+ "check-ticket-addresses", NULL);
allow_null_ticket_addresses =
- krb5_config_get_bool(context, cf, "kdc",
- "allow-null-ticket-addresses", NULL);
+ krb5_config_get_bool_default(context, cf, TRUE, "kdc",
+ "allow-null-ticket-addresses", NULL);
allow_anonymous =
krb5_config_get_bool(context, cf, "kdc",
diff --git a/crypto/heimdal/kdc/connect.c b/crypto/heimdal/kdc/connect.c
index 4533cea..7f13310 100644
--- a/crypto/heimdal/kdc/connect.c
+++ b/crypto/heimdal/kdc/connect.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include "kdc_locl.h"
-RCSID("$Id: connect.c,v 1.80 2000/10/08 21:36:29 assar Exp $");
+RCSID("$Id: connect.c,v 1.82 2001/05/14 06:18:11 assar Exp $");
/*
* a tuple describing on what to listen
@@ -242,7 +242,7 @@ init_socket(struct descr *d, krb5_address *a, int family, int type, int port)
init_descr (d);
- ret = krb5_addr2sockaddr (a, sa, &sa_size, port);
+ ret = krb5_addr2sockaddr (context, a, sa, &sa_size, port);
if (ret) {
krb5_warn(context, ret, "krb5_addr2sockaddr");
close(d->s);
@@ -401,7 +401,7 @@ static void
addr_to_string(struct sockaddr *addr, size_t addr_len, char *str, size_t len)
{
krb5_address a;
- krb5_sockaddr2address(addr, &a);
+ krb5_sockaddr2address(context, addr, &a);
if(krb5_print_address(&a, str, len, &len) == 0) {
krb5_free_address(context, &a);
return;
@@ -462,7 +462,7 @@ handle_udp(struct descr *d)
buf = malloc(max_request);
if(buf == NULL){
- kdc_log(0, "Failed to allocate %u bytes", max_request);
+ kdc_log(0, "Failed to allocate %lu bytes", (unsigned long)max_request);
return;
}
@@ -556,14 +556,15 @@ grow_descr (struct descr *d, size_t n)
d->size += max(1024, d->len + n);
if (d->size >= max_request) {
- kdc_log(0, "Request exceeds max request size (%u bytes).",
- d->size);
+ kdc_log(0, "Request exceeds max request size (%lu bytes).",
+ (unsigned long)d->size);
clear_descr(d);
return -1;
}
tmp = realloc (d->buf, d->size);
if (tmp == NULL) {
- kdc_log(0, "Failed to re-allocate %u bytes.", d->size);
+ kdc_log(0, "Failed to re-allocate %lu bytes.",
+ (unsigned long)d->size);
clear_descr(d);
return -1;
}
@@ -632,7 +633,8 @@ handle_http_tcp (struct descr *d)
}
data = malloc(strlen(t));
if (data == NULL) {
- kdc_log(0, "Failed to allocate %u bytes", strlen(t));
+ kdc_log(0, "Failed to allocate %lu bytes",
+ (unsigned long)strlen(t));
return -1;
}
if(*t == '/')
@@ -750,8 +752,8 @@ loop(void)
if(d[i].s >= 0){
if(d[i].type == SOCK_STREAM &&
d[i].timeout && d[i].timeout < time(NULL)) {
- kdc_log(1, "TCP-connection from %s expired after %u bytes",
- d[i].addr_string, d[i].len);
+ kdc_log(1, "TCP-connection from %s expired after %lu bytes",
+ d[i].addr_string, (unsigned long)d[i].len);
clear_descr(&d[i]);
continue;
}
diff --git a/crypto/heimdal/kdc/headers.h b/crypto/heimdal/kdc/headers.h
index c4c8b5e..24442db 100644
--- a/crypto/heimdal/kdc/headers.h
+++ b/crypto/heimdal/kdc/headers.h
@@ -32,7 +32,7 @@
*/
/*
- * $Id: headers.h,v 1.10 2000/08/04 11:21:38 joda Exp $
+ * $Id: headers.h,v 1.11 2001/02/15 04:20:53 assar Exp $
*/
#ifndef __HEADERS_H__
@@ -82,7 +82,11 @@
#include <getarg.h>
#include <base64.h>
#include <parse_units.h>
+#ifdef HAVE_OPENSSL_DES_H
+#include <openssl/des.h>
+#else
#include <des.h>
+#endif
#include <krb5.h>
#include <krb5_locl.h>
#include <hdb.h>
diff --git a/crypto/heimdal/kdc/hprop.8 b/crypto/heimdal/kdc/hprop.8
index b1e1cd9..ae8ee85 100644
--- a/crypto/heimdal/kdc/hprop.8
+++ b/crypto/heimdal/kdc/hprop.8
@@ -1,4 +1,4 @@
-.\" $Id: hprop.8,v 1.8 2001/01/30 04:18:41 assar Exp $
+.\" $Id: hprop.8,v 1.10 2001/06/08 21:35:31 joda Exp $
.\"
.Dd June 19, 2000
.Dt HPROP 8
@@ -9,27 +9,33 @@
.Sh SYNOPSIS
.Nm
.Oo Fl m Ar file \*(Ba Xo
-.Fl -master-key= Ns Pa file Oc
+.Fl -master-key= Ns Pa file
.Xc
+.Oc
.Oo Fl d Ar file \*(Ba Xo
-.Fl -database= Ns Pa file Oc
+.Fl -database= Ns Pa file
.Xc
+.Oc
.Op Fl -source= Ns Ar heimdal|mit-dump|krb4-db|krb4-dump
.Op Fl 4 | Fl -v4-db
.Op Fl K | Fl -ka-db
.Oo Fl c Ar cell \*(Ba Xo
-.Fl -cell= Ns Ar cell Oc
+.Fl -cell= Ns Ar cell
.Xc
+.Oc
.Op Fl S | Fl -kaspecials
.Oo Fl r Ar string \*(Ba Xo
-.Fl -v4-realm= Ns Ar string Oc
+.Fl -v4-realm= Ns Ar string
.Xc
+.Oc
.Oo Fl k Ar keytab \*(Ba Xo
-.Fl -keytab= Ns Ar keytab Oc
+.Fl -keytab= Ns Ar keytab
.Xc
+.Oc
.Oo Fl R Ar string \*(Ba Xo
-.Fl -v5-realm= Ns Ar string Oc
+.Fl -v5-realm= Ns Ar string
.Xc
+.Oc
.Op Fl D | Fl -decrypt
.Op Fl E | Fl -encrypt
.Op Fl n | Fl -stdout
diff --git a/crypto/heimdal/kdc/hprop.c b/crypto/heimdal/kdc/hprop.c
index 8ce9f10..b5d1743 100644
--- a/crypto/heimdal/kdc/hprop.c
+++ b/crypto/heimdal/kdc/hprop.c
@@ -33,7 +33,7 @@
#include "hprop.h"
-RCSID("$Id: hprop.c,v 1.60 2001/02/05 03:40:00 assar Exp $");
+RCSID("$Id: hprop.c,v 1.62 2001/02/20 01:44:50 assar Exp $");
static int version_flag;
static int help_flag;
@@ -457,11 +457,11 @@ ka_dump(struct prop_data *pd, const char *file, const char *cell)
krb5_err(pd->context, 1, errno, "open(%s)", file);
read_block(pd->context, fd, 0, &header, sizeof(header));
if(header.version1 != header.version2)
- krb5_errx(pd->context, 1, "Version mismatch in header: %d/%d",
- ntohl(header.version1), ntohl(header.version2));
+ krb5_errx(pd->context, 1, "Version mismatch in header: %ld/%ld",
+ (long)ntohl(header.version1), (long)ntohl(header.version2));
if(ntohl(header.version1) != 5)
- krb5_errx(pd->context, 1, "Unknown database version %d (expected 5)",
- ntohl(header.version1));
+ krb5_errx(pd->context, 1, "Unknown database version %ld (expected 5)",
+ (long)ntohl(header.version1));
for(i = 0; i < ntohl(header.hashsize); i++){
int32_t pos = ntohl(header.hash[i]);
while(pos){
@@ -787,7 +787,7 @@ main(int argc, char **argv)
int type = 0;
- set_progname(argv[0]);
+ setprogname(argv[0]);
if(getarg(args, num_args, argc, argv, &optind))
usage(1);
diff --git a/crypto/heimdal/kdc/hprop.cat8 b/crypto/heimdal/kdc/hprop.cat8
new file mode 100644
index 0000000..f6c70b4
--- /dev/null
+++ b/crypto/heimdal/kdc/hprop.cat8
@@ -0,0 +1,103 @@
+
+HPROP(8) UNIX System Manager's Manual HPROP(8)
+
+NNAAMMEE
+ hhpprroopp - propagate the KDC database
+
+SSYYNNOOPPSSIISS
+ hhpprroopp [--mm _f_i_l_e | ----mmaasstteerr--kkeeyy==_f_i_l_e] [--dd _f_i_l_e | ----ddaattaabbaassee==_f_i_l_e]
+ [----ssoouurrccee==_h_e_i_m_d_a_l_|_m_i_t_-_d_u_m_p_|_k_r_b_4_-_d_b_|_k_r_b_4_-_d_u_m_p] [--44 | ----vv44--ddbb] [--KK |
+ ----kkaa--ddbb] [--cc _c_e_l_l | ----cceellll==_c_e_l_l] [--SS | ----kkaassppeecciiaallss] [--rr _s_t_r_i_n_g |
+ ----vv44--rreeaallmm==_s_t_r_i_n_g] [--kk _k_e_y_t_a_b | ----kkeeyyttaabb==_k_e_y_t_a_b] [--RR _s_t_r_i_n_g |
+ ----vv55--rreeaallmm==_s_t_r_i_n_g] [--DD | ----ddeeccrryypptt] [--EE | ----eennccrryypptt] [--nn | ----ssttddoouutt] [--vv
+ | ----vveerrbboossee] [----vveerrssiioonn] [--hh | ----hheellpp] _h_o_s_t[:_p_o_r_t] _._._.
+
+DDEESSCCRRIIPPTTIIOONN
+ hhpprroopp takes a principal database in a specified format and converts it
+ into a stream of Heimdal database records. This stream can either be
+ written to standard out, or (more commonly) be propagated to a hpropd(8)
+ server running on a different machine.
+
+ If propagating, it connects to all _h_o_s_t_s specified on the command by
+ opening a TCP connection to port 754 (service hprop) and sends the
+ database in encrypted form.
+
+ Supported options:
+
+ --mm _f_i_l_e, ----mmaasstteerr--kkeeyy==_f_i_l_e
+ Where to find the master key to encrypt or decrypt keys with.
+
+ --dd _f_i_l_e, ----ddaattaabbaassee==_f_i_l_e
+ The database to be propagated.
+
+ ----ssoouurrccee==_h_e_i_m_d_a_l_|_m_i_t_-_d_u_m_p_|_k_r_b_4_-_d_b_|_k_r_b_4_-_d_u_m_p
+ Specifies the type of the source database. Alternatives include:
+
+ heimdal a Heimdal database
+
+ mit-dump a MIT Kerberos 5 dump file
+
+ krb4-db a Kerberos 4 database
+
+ krb4-dump a Kerberos 4 dump file
+
+ kaserver a Transarc kaserver database
+
+ --kk _k_e_y_t_a_b, ----kkeeyyttaabb==_k_e_y_t_a_b
+ The keytab to use for fetching the key to be used for authenti-
+ cating to the propagation daemon(s). The key _k_a_d_m_i_n_/_h_p_r_o_p is used
+ from this keytab. The default is to fetch the key from the KDC
+ database.
+
+ --RR _s_t_r_i_n_g, ----vv55--rreeaallmm==_s_t_r_i_n_g
+ Local realm override.
+
+ --DD, ----ddeeccrryypptt
+ The encryption keys in the database can either be in clear, or
+ encrypted with a master key. This option thansmits the database
+ with unencrypted keys.
+
+ --EE, ----eennccrryypptt
+ This option thansmits the database with encrypted keys.
+
+ --nn, ----ssttddoouutt
+ Dump the database on stdout, in a format that can be fed to
+ hpropd.
+
+ The following options are only valid if hhpprroopp is compiled with support
+ for Kerberos 4 (kaserver).
+
+ --rr _s_t_r_i_n_g, ----vv44--rreeaallmm==_s_t_r_i_n_g
+ v4 realm to use
+
+ --cc _c_e_l_l, ----cceellll==_c_e_l_l
+ The AFS cell name, used if reading a kaserver database.
+
+ --SS, ----kkaassppeecciiaallss
+ Also dump the principals marked as special in the kaserver
+ database.
+
+ --44, ----vv44--ddbb
+ Deprecated, identical to `--source=krb4-db'.
+
+ --KK, ----kkaa--ddbb
+ Deprecated, identical to `--source=kaserver'.
+
+EEXXAAMMPPLLEESS
+ The following will propagate a database to another machine (which should
+ run hpropd(8):)
+
+ $ hprop slave-1 slave-2
+
+ Copy a Kerberos 4 database to a Kerberos 5 slave:
+
+ $ hprop --source=krb4-db -E krb5-slave
+
+ Convert a Kerberos 4 dump-file for use with a Heimdal KDC:
+
+ $ hprop -n --source=krb4-dump -d /var/kerberos/principal.dump -E | hpropd -n
+
+SSEEEE AALLSSOO
+ hpropd(8)
+
+ HEIMDAL June 19, 2000 2
diff --git a/crypto/heimdal/kdc/hpropd.8 b/crypto/heimdal/kdc/hpropd.8
index 35e416f..dd26547 100644
--- a/crypto/heimdal/kdc/hpropd.8
+++ b/crypto/heimdal/kdc/hpropd.8
@@ -1,4 +1,4 @@
-.\" $Id: hpropd.8,v 1.5 2000/11/12 15:37:33 joda Exp $
+.\" $Id: hpropd.8,v 1.7 2001/06/08 21:35:32 joda Exp $
.\"
.Dd August 27, 1997
.Dt HPROPD 8
@@ -9,14 +9,16 @@
.Sh SYNOPSIS
.Nm
.Oo Fl d Ar file \*(Ba Xo
-.Fl -database= Ns Ar file Oc
+.Fl -database= Ns Ar file
.Xc
+.Oc
.Op Fl n | Fl -stdin
.Op Fl -print
.Op Fl i | Fl -no-inetd
.Oo Fl k Ar keytab \*(Ba Xo
-.Fl -keytab= Ns Ar keytab Oc
+.Fl -keytab= Ns Ar keytab
.Xc
+.Oc
.Op Fl 4 | Fl -v4dump
.Sh DESCRIPTION
.Nm
diff --git a/crypto/heimdal/kdc/hpropd.c b/crypto/heimdal/kdc/hpropd.c
index 2cfdd15..da5498b 100644
--- a/crypto/heimdal/kdc/hpropd.c
+++ b/crypto/heimdal/kdc/hpropd.c
@@ -33,7 +33,7 @@
#include "hprop.h"
-RCSID("$Id: hpropd.c,v 1.31 2001/01/25 12:37:39 assar Exp $");
+RCSID("$Id: hpropd.c,v 1.32 2001/02/20 01:44:50 assar Exp $");
#ifdef KRB4
static des_cblock mkey4;
@@ -213,7 +213,7 @@ main(int argc, char **argv)
int fd_out = -1;
#endif
- set_progname(argv[0]);
+ setprogname(argv[0]);
ret = krb5_init_context(&context);
if(ret)
diff --git a/crypto/heimdal/kdc/hpropd.cat8 b/crypto/heimdal/kdc/hpropd.cat8
new file mode 100644
index 0000000..5218e6d
--- /dev/null
+++ b/crypto/heimdal/kdc/hpropd.cat8
@@ -0,0 +1,43 @@
+
+HPROPD(8) UNIX System Manager's Manual HPROPD(8)
+
+NNAAMMEE
+ hhpprrooppdd - receive a propagated database
+
+SSYYNNOOPPSSIISS
+ hhpprrooppdd [--dd _f_i_l_e | ----ddaattaabbaassee==_f_i_l_e] [--nn | ----ssttddiinn] [----pprriinntt] [--ii |
+ ----nnoo--iinneettdd] [--kk _k_e_y_t_a_b | ----kkeeyyttaabb==_k_e_y_t_a_b] [--44 | ----vv44dduummpp]
+
+DDEESSCCRRIIPPTTIIOONN
+ hhpprrooppdd receives databases sent by hhpprroopp. and writes it as a local
+ database.
+
+ By default, hhpprrooppdd expects to be started from iinneettdd if stdin is a socket
+ and expects to receive the dumped database over stdin otherwise. If the
+ database is sent over the network, it is authenticated and encrypted.
+ Only connections from kadmin/hprop are accepted.
+
+ Options supported:
+
+ --dd _f_i_l_e, ----ddaattaabbaassee==_f_i_l_e
+ database
+
+ --nn, ----ssttddiinn
+ read from stdin
+
+ ----pprriinntt
+ print dump to stdout
+
+ --ii, ----nnoo--iinneettdd
+ Not started from inetd
+
+ --kk _k_e_y_t_a_b, ----kkeeyyttaabb==_k_e_y_t_a_b
+ keytab to use for authentication
+
+ --44, ----vv44dduummpp
+ create v4 type DB
+
+SSEEEE AALLSSOO
+ hprop(8)
+
+ HEIMDAL August 27, 1997 1
diff --git a/crypto/heimdal/kdc/kaserver.c b/crypto/heimdal/kdc/kaserver.c
index 175ddb6..5920895 100644
--- a/crypto/heimdal/kdc/kaserver.c
+++ b/crypto/heimdal/kdc/kaserver.c
@@ -33,11 +33,10 @@
#include "kdc_locl.h"
-RCSID("$Id: kaserver.c,v 1.15 2001/01/28 21:51:05 assar Exp $");
+RCSID("$Id: kaserver.c,v 1.16 2001/02/05 10:49:43 assar Exp $");
#ifdef KASERVER
-#include "kerberos4.h"
#include <rx.h>
#define KA_AUTHENTICATION_SERVICE 731
@@ -406,10 +405,10 @@ do_authenticate (struct rx_header *hdr,
snprintf (client_name, sizeof(client_name), "%s.%s@%s",
name, instance, v4_realm);
- client_entry = db_fetch4 (name, instance, v4_realm);
- if (client_entry == NULL) {
- kdc_log(0, "Client not found in database: %s",
- client_name);
+ ret = db_fetch4 (name, instance, v4_realm, &client_entry);
+ if (ret) {
+ kdc_log(0, "Client not found in database: %s: %s",
+ client_name, krb5_get_err_text(context, ret));
make_error_reply (hdr, KANOENT, reply);
goto out;
}
@@ -417,9 +416,10 @@ do_authenticate (struct rx_header *hdr,
snprintf (server_name, sizeof(server_name), "%s.%s@%s",
"krbtgt", v4_realm, v4_realm);
- server_entry = db_fetch4 ("krbtgt", v4_realm, v4_realm);
- if (server_entry == NULL) {
- kdc_log(0, "Server not found in database: %s", server_name);
+ ret = db_fetch4 ("krbtgt", v4_realm, v4_realm, &server_entry);
+ if (ret) {
+ kdc_log(0, "Server not found in database: %s: %s",
+ server_name, krb5_get_err_text(context, ret));
make_error_reply (hdr, KANOENT, reply);
goto out;
}
@@ -599,9 +599,10 @@ do_getticket (struct rx_header *hdr,
snprintf (server_name, sizeof(server_name),
"%s.%s@%s", name, instance, v4_realm);
- server_entry = db_fetch4 (name, instance, v4_realm);
- if (server_entry == NULL) {
- kdc_log(0, "Server not found in database: %s", server_name);
+ ret = db_fetch4 (name, instance, v4_realm, &server_entry);
+ if (ret) {
+ kdc_log(0, "Server not found in database: %s: %s",
+ server_name, krb5_get_err_text(context, ret));
make_error_reply (hdr, KANOENT, reply);
goto out;
}
@@ -614,10 +615,10 @@ do_getticket (struct rx_header *hdr,
goto out;
}
- krbtgt_entry = db_fetch4 ("krbtgt", v4_realm, v4_realm);
- if (krbtgt_entry == NULL) {
- kdc_log(0, "Server not found in database: %s.%s@%s",
- "krbtgt", v4_realm, v4_realm);
+ ret = db_fetch4 ("krbtgt", v4_realm, v4_realm, &krbtgt_entry);
+ if (ret) {
+ kdc_log(0, "Server not found in database: %s.%s@%s: %s",
+ "krbtgt", v4_realm, v4_realm, krb5_get_err_text(context, ret));
make_error_reply (hdr, KANOENT, reply);
goto out;
}
diff --git a/crypto/heimdal/kdc/kdc.8 b/crypto/heimdal/kdc/kdc.8
index 1687dcd..8437c63 100644
--- a/crypto/heimdal/kdc/kdc.8
+++ b/crypto/heimdal/kdc/kdc.8
@@ -1,4 +1,4 @@
-.\" $Id: kdc.8,v 1.11 2001/01/26 22:46:28 assar Exp $
+.\" $Id: kdc.8,v 1.13 2001/06/08 21:35:32 joda Exp $
.\"
.Dd July 27, 1997
.Dt KDC 8
@@ -9,20 +9,23 @@
.Sh SYNOPSIS
.Nm
.Oo Fl c Ar file \*(Ba Xo
-.Fl -config-file= Ns Ar file Oc
+.Fl -config-file= Ns Ar file
.Xc
+.Oc
.Op Fl p | Fl -no-require-preauth
.Op Fl -max-request= Ns Ar size
.Op Fl H | Fl -enable-http
.Oo Fl r Ar string \*(Ba Xo
-.Fl -v4-realm= Ns Ar string Oc
+.Fl -v4-realm= Ns Ar string
.Xc
+.Oc
.Op Fl K | Fl -no-kaserver
.Op Fl r Ar realm
.Op Fl -v4-realm= Ns Ar realm
.Oo Fl P Ar string \*(Ba Xo
-.Fl -ports= Ns Ar string Oc
+.Fl -ports= Ns Ar string
.Xc
+.Oc
.Op Fl -addresses= Ns Ar list of addresses
.Sh DESCRIPTION
.Nm
diff --git a/crypto/heimdal/kdc/kdc.cat8 b/crypto/heimdal/kdc/kdc.cat8
new file mode 100644
index 0000000..234b76d
--- /dev/null
+++ b/crypto/heimdal/kdc/kdc.cat8
@@ -0,0 +1,118 @@
+
+KDC(8) UNIX System Manager's Manual KDC(8)
+
+NNAAMMEE
+ kkddcc - Kerberos 5 server
+
+SSYYNNOOPPSSIISS
+ kkddcc [--cc _f_i_l_e | ----ccoonnffiigg--ffiillee==_f_i_l_e] [--pp | ----nnoo--rreeqquuiirree--pprreeaauutthh]
+ [----mmaaxx--rreeqquueesstt==_s_i_z_e] [--HH | ----eennaabbllee--hhttttpp] [--rr _s_t_r_i_n_g | ----vv44--rreeaallmm==_s_t_r_i_n_g]
+ [--KK | ----nnoo--kkaasseerrvveerr] [--rr _r_e_a_l_m] [----vv44--rreeaallmm==_r_e_a_l_m] [--PP _s_t_r_i_n_g |
+ ----ppoorrttss==_s_t_r_i_n_g] [----aaddddrreesssseess==_l_i_s_t _o_f _a_d_d_r_e_s_s_e_s]
+
+DDEESSCCRRIIPPTTIIOONN
+ kkddcc serves requests for tickets. When it starts, it first checks the
+ flags passed, any options that are not specified with a command line flag
+ is taken from a config file, or from a default compiled-in value.
+
+ Options supported:
+
+ --cc _f_i_l_e
+
+ ----ccoonnffiigg--ffiillee==_f_i_l_e
+ Specifies the location of the config file, the default is
+ _/_v_a_r_/_h_e_i_m_d_a_l_/_k_d_c_._c_o_n_f. This is the only value that can't be spec-
+ ified in the config file.
+
+ --pp
+
+ ----nnoo--rreeqquuiirree--pprreeaauutthh
+ Turn off the requirement for pre-autentication in the initial AS-
+ REQ for all principals. The use of pre-authentication makes it
+ more difficult to do offline password attacks. You might want to
+ turn it off if you have clients that doesn't do pre-authentica-
+ tion. Since the version 4 protocol doesn't support any pre-au-
+ thentication, so serving version 4 clients is just about the same
+ as not requiring pre-athentication. The default is to require
+ pre-authentication. Adding the require-preauth per principal is a
+ more flexible way of handling this.
+
+ ----mmaaxx--rreeqquueesstt==_s_i_z_e
+ Gives an upper limit on the size of the requests that the kdc is
+ willing to handle.
+
+ --HH, ----eennaabbllee--hhttttpp
+ Makes the kdc listen on port 80 and handle requests encapsulated
+ in HTTP.
+
+ --KK, ----nnoo--kkaasseerrvveerr
+ Disables kaserver emulation (in case it's compiled in).
+
+ --rr _r_e_a_l_m
+
+ ----vv44--rreeaallmm==_r_e_a_l_m
+ What realm this server should act as when dealing with version 4
+ requests. The database can contain any number of realms, but
+ since the version 4 protocol doesn't contain a realm for the
+ server, it must be explicitly specified. The default is whatever
+ is returned by kkrrbb__ggeett__llrreeaallmm(). This option is only availabe if
+ the KDC has been compiled with version 4 support.
+
+ --PP _s_t_r_i_n_g, ----ppoorrttss==_s_t_r_i_n_g
+ Specifies the set of ports the KDC should listen on. It is given
+ as a white-space separated list of services or port numbers.
+
+ ----aaddddrreesssseess==_l_i_s_t _o_f _a_d_d_r_e_s_s_e_s
+ The list of addresses to listen for requests on. By default, the
+ kdc will listen on all the locally configured addresses. If only
+ a subset is desired, or the automatic detection fails, this op-
+ tion might be used.
+
+ All activities , are logged to one or more destinations, see
+ krb5.conf(5), and krb5_openlog(3). The entity used for logging is kkddcc.
+
+CCOONNFFIIGGUURRAATTIIOONN FFIILLEE
+ The configuration file has the same syntax as the _k_r_b_5_._c_o_n_f file (you can
+ actually put the configuration in _/_e_t_c_/_k_r_b_5_._c_o_n_f, and then start the KDC
+ with ----ccoonnffiigg--ffiillee==_/_e_t_c_/_k_r_b_5_._c_o_n_f). All options should be in a section
+ called ``kdc''. All the command-line options can preferably be added in
+ the configuration file. The only difference is the pre-authentication
+ flag, that has to be specified as:
+
+ require-preauth = no
+
+ (in fact you can specify the option as ----rreeqquuiirree--pprreeaauutthh==nnoo).
+
+ And there are some configuration options which do not have command-line
+ equivalents:
+
+ check-ticket-addresses = _b_o_o_l_e_a_n
+ Check the addresses in the ticket when processing TGS re-
+ quests. The default is FALSE.
+
+ allow-null-ticket-addresses = _b_o_o_l_e_a_n
+ Permit tickets with no addresses. This option is only rele-
+ vant when check-ticket-addresses is TRUE.
+
+ allow-anonymous = _b_o_o_l_e_a_n
+ Permit anonymous tickets with no addresses.
+
+ encode_as_rep_as_tgs_rep = _b_o_o_l_e_a_n
+ Encode AS-Rep as TGS-Rep to be bug-compatible with old DCE
+ code. The Heimdal clients allow both.
+
+ kdc_warn_pwexpire = _t_i_m_e
+ How long before password/principal expiration the KDC should
+ start sending out warning messages.
+
+ An example of a config file:
+
+ [kdc]
+ require-preauth = no
+ v4-realm = FOO.SE
+ key-file = /key-file
+
+SSEEEE AALLSSOO
+ kinit(1)
+
+ HEIMDAL July 27, 1997 2
diff --git a/crypto/heimdal/kdc/kerberos5.c b/crypto/heimdal/kdc/kerberos5.c
index 90cc49e..e540b12 100644
--- a/crypto/heimdal/kdc/kerberos5.c
+++ b/crypto/heimdal/kdc/kerberos5.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include "kdc_locl.h"
-RCSID("$Id: kerberos5.c,v 1.123 2001/01/30 01:44:08 assar Exp $");
+RCSID("$Id: kerberos5.c,v 1.133 2001/05/22 20:16:22 assar Exp $");
#define MAX_TIME ((time_t)((1U << 31) - 1))
@@ -415,7 +415,7 @@ check_addresses(HostAddresses *addresses, const struct sockaddr *from)
if(addresses == NULL)
return allow_null_ticket_addresses;
- ret = krb5_sockaddr2address (from, &addr);
+ ret = krb5_sockaddr2address (context, from, &addr);
if(ret)
return FALSE;
@@ -630,7 +630,8 @@ as_rep(KDC_REQ *req,
&foo_data,
client_princ,
server_princ,
- 0,
+ NULL,
+ NULL,
reply);
free(buf);
kdc_log(0, "No PA-ENC-TIMESTAMP -- %s", client_name);
@@ -804,17 +805,17 @@ as_rep(KDC_REQ *req,
if (client->pw_end
&& (kdc_warn_pwexpire == 0
|| kdc_time + kdc_warn_pwexpire <= *client->pw_end)) {
- ek.last_req.val[ek.last_req.len].lr_type = 6;
+ ek.last_req.val[ek.last_req.len].lr_type = LR_PW_EXPTIME;
ek.last_req.val[ek.last_req.len].lr_value = *client->pw_end;
++ek.last_req.len;
}
if (client->valid_end) {
- ek.last_req.val[ek.last_req.len].lr_type = 7;
+ ek.last_req.val[ek.last_req.len].lr_type = LR_ACCT_EXPTIME;
ek.last_req.val[ek.last_req.len].lr_value = *client->valid_end;
++ek.last_req.len;
}
if (ek.last_req.len == 0) {
- ek.last_req.val[ek.last_req.len].lr_type = 0;
+ ek.last_req.val[ek.last_req.len].lr_type = LR_NONE;
ek.last_req.val[ek.last_req.len].lr_value = 0;
++ek.last_req.len;
}
@@ -862,7 +863,8 @@ out:
NULL,
client_princ,
server_princ,
- 0,
+ NULL,
+ NULL,
reply);
ret = 0;
}
@@ -978,7 +980,9 @@ check_tgs_flags(KDC_REQ_BODY *b, EncTicketPart *tgt, EncTicketPart *et)
old_life -= *tgt->starttime;
else
old_life -= tgt->authtime;
- et->endtime = min(*et->renew_till, *et->starttime + old_life);
+ et->endtime = *et->starttime + old_life;
+ if (et->renew_till != NULL)
+ et->endtime = min(*et->renew_till, et->endtime);
}
/* checks for excess flags */
@@ -1006,7 +1010,8 @@ fix_transited_encoding(TransitedEncoding *tr,
tr->tr_type);
return KRB5KDC_ERR_TRTYPE_NOSUPP;
}
- ret = krb5_domain_x500_decode(tr->contents,
+ ret = krb5_domain_x500_decode(context,
+ tr->contents,
&realms,
&num_realms,
client_realm,
@@ -1285,10 +1290,15 @@ out:
return ret;
}
+/*
+ * return the realm of a krbtgt-ticket or NULL
+ */
+
static Realm
-is_krbtgt(PrincipalName *p)
+get_krbtgt_realm(const PrincipalName *p)
{
- if(p->name_string.len == 2 && strcmp(p->name_string.val[0], "krbtgt") == 0)
+ if(p->name_string.len == 2
+ && strcmp(p->name_string.val[0], KRB5_TGS_NAME) == 0)
return p->name_string.val[1];
else
return NULL;
@@ -1307,12 +1317,25 @@ find_rpath(Realm r)
}
+static krb5_boolean
+need_referral(krb5_principal server, krb5_realm **realms)
+{
+ if(server->name.name_type != KRB5_NT_SRV_INST ||
+ server->name.name_string.len != 2)
+ return FALSE;
+
+ return krb5_get_host_realm_int(context, server->name.name_string.val[1],
+ FALSE, realms) == 0;
+}
+
static krb5_error_code
tgs_rep2(KDC_REQ_BODY *b,
PA_DATA *tgs_req,
krb5_data *reply,
const char *from,
- struct sockaddr *from_addr)
+ const struct sockaddr *from_addr,
+ time_t **csec,
+ int **cusec)
{
krb5_ap_req ap_req;
krb5_error_code ret;
@@ -1332,6 +1355,9 @@ tgs_rep2(KDC_REQ_BODY *b,
krb5_principal sp = NULL;
AuthorizationData *auth_data = NULL;
+ *csec = NULL;
+ *cusec = NULL;
+
memset(&ap_req, 0, sizeof(ap_req));
ret = krb5_decode_ap_req(context, &tgs_req->padata_value, &ap_req);
if(ret){
@@ -1340,7 +1366,7 @@ tgs_rep2(KDC_REQ_BODY *b,
goto out2;
}
- if(!is_krbtgt(&ap_req.ticket.sname)){
+ if(!get_krbtgt_realm(&ap_req.ticket.sname)){
/* XXX check for ticket.sname == req.sname */
kdc_log(0, "PA-DATA is not a ticket-granting ticket");
ret = KRB5KDC_ERR_POLICY; /* ? */
@@ -1409,6 +1435,29 @@ tgs_rep2(KDC_REQ_BODY *b,
goto out2;
}
+ {
+ krb5_authenticator auth;
+
+ ret = krb5_auth_getauthenticator(context, ac, &auth);
+ if (ret == 0) {
+ *csec = malloc(sizeof(**csec));
+ if (*csec == NULL) {
+ krb5_free_authenticator(context, &auth);
+ kdc_log(0, "malloc failed");
+ goto out2;
+ }
+ **csec = auth->ctime;
+ *cusec = malloc(sizeof(**cusec));
+ if (*cusec == NULL) {
+ krb5_free_authenticator(context, &auth);
+ kdc_log(0, "malloc failed");
+ goto out2;
+ }
+ **csec = auth->cusec;
+ krb5_free_authenticator(context, &auth);
+ }
+ }
+
cetype = ap_req.authenticator.etype;
tgt = &ticket->ticket;
@@ -1506,7 +1555,7 @@ tgs_rep2(KDC_REQ_BODY *b,
goto out;
}
t = &b->additional_tickets->val[0];
- if(!is_krbtgt(&t->sname)){
+ if(!get_krbtgt_realm(&t->sname)){
kdc_log(0, "Additional ticket is not a ticket-granting ticket");
ret = KRB5KDC_ERR_POLICY;
goto out2;
@@ -1548,18 +1597,36 @@ tgs_rep2(KDC_REQ_BODY *b,
if(ret){
Realm req_rlm, new_rlm;
- if(loop++ < 2 && (req_rlm = is_krbtgt(&sp->name))){
- new_rlm = find_rpath(req_rlm);
- if(new_rlm) {
- kdc_log(5, "krbtgt for realm %s not found, trying %s",
- req_rlm, new_rlm);
+ krb5_realm *realms;
+
+ if ((req_rlm = get_krbtgt_realm(&sp->name)) != NULL) {
+ if(loop++ < 2) {
+ new_rlm = find_rpath(req_rlm);
+ if(new_rlm) {
+ kdc_log(5, "krbtgt for realm %s not found, trying %s",
+ req_rlm, new_rlm);
+ krb5_free_principal(context, sp);
+ free(spn);
+ krb5_make_principal(context, &sp, r,
+ KRB5_TGS_NAME, new_rlm, NULL);
+ krb5_unparse_name(context, sp, &spn);
+ goto server_lookup;
+ }
+ }
+ } else if(need_referral(sp, &realms)) {
+ if (strcmp(realms[0], sp->realm) != 0) {
+ kdc_log(5, "returning a referral to realm %s for "
+ "server %s that was not found",
+ realms[0], spn);
krb5_free_principal(context, sp);
free(spn);
- krb5_make_principal(context, &sp, r,
- "krbtgt", new_rlm, NULL);
- krb5_unparse_name(context, sp, &spn);
+ krb5_make_principal(context, &sp, r, KRB5_TGS_NAME,
+ realms[0], NULL);
+ krb5_unparse_name(context, sp, &spn);
+ krb5_free_host_realm(context, realms);
goto server_lookup;
}
+ krb5_free_host_realm(context, realms);
}
kdc_log(0, "Server not found in database: %s: %s", spn,
krb5_get_err_text(context, ret));
@@ -1624,15 +1691,21 @@ tgs_rep2(KDC_REQ_BODY *b,
free_ent(client);
}
out2:
- if(ret)
+ if(ret) {
krb5_mk_error(context,
ret,
e_text,
NULL,
cp,
sp,
- 0,
+ NULL,
+ NULL,
reply);
+ free(*csec);
+ free(*cusec);
+ *csec = NULL;
+ *cusec = NULL;
+ }
krb5_free_principal(context, cp);
krb5_free_principal(context, sp);
if (ticket) {
@@ -1647,6 +1720,7 @@ out2:
if(krbtgt)
free_ent(krbtgt);
+
return ret;
}
@@ -1660,6 +1734,8 @@ tgs_rep(KDC_REQ *req,
krb5_error_code ret;
int i = 0;
PA_DATA *tgs_req = NULL;
+ time_t *csec = NULL;
+ int *cusec = NULL;
if(req->padata == NULL){
ret = KRB5KDC_ERR_PREAUTH_REQUIRED; /* XXX ??? */
@@ -1675,7 +1751,8 @@ tgs_rep(KDC_REQ *req,
kdc_log(0, "TGS-REQ from %s without PA-TGS-REQ", from);
goto out;
}
- ret = tgs_rep2(&req->req_body, tgs_req, data, from, from_addr);
+ ret = tgs_rep2(&req->req_body, tgs_req, data, from, from_addr,
+ &csec, &cusec);
out:
if(ret && data->data == NULL){
krb5_mk_error(context,
@@ -1684,8 +1761,11 @@ out:
NULL,
NULL,
NULL,
- 0,
+ csec,
+ cusec,
data);
}
+ free(csec);
+ free(cusec);
return 0;
}
diff --git a/crypto/heimdal/kdc/kstash.8 b/crypto/heimdal/kdc/kstash.8
index a9d34c3..afbad1e 100644
--- a/crypto/heimdal/kdc/kstash.8
+++ b/crypto/heimdal/kdc/kstash.8
@@ -1,4 +1,4 @@
-.\" $Id: kstash.8,v 1.3 2000/09/01 16:37:52 joda Exp $
+.\" $Id: kstash.8,v 1.5 2001/06/08 21:35:32 joda Exp $
.\"
.Dd September 1, 2000
.Dt KSTASH 8
@@ -9,11 +9,13 @@
.Sh SYNOPSIS
.Nm
.Oo Fl e Ar string \*(Ba Xo
-.Fl -enctype= Ns Ar string Oc
+.Fl -enctype= Ns Ar string
.Xc
+.Oc
.Oo Fl k Ar file \*(Ba Xo
-.Fl -key-file= Ns Ar file Oc
+.Fl -key-file= Ns Ar file
.Xc
+.Oc
.Op Fl -convert-file
.Op Fl -master-key-fd= Ns Ar fd
.Op Fl h | Fl -help
diff --git a/crypto/heimdal/kdc/kstash.cat8 b/crypto/heimdal/kdc/kstash.cat8
new file mode 100644
index 0000000..7dd2c7a
--- /dev/null
+++ b/crypto/heimdal/kdc/kstash.cat8
@@ -0,0 +1,34 @@
+
+KSTASH(8) UNIX System Manager's Manual KSTASH(8)
+
+NNAAMMEE
+ kkssttaasshh - store the KDC master password in a file
+
+SSYYNNOOPPSSIISS
+ kkssttaasshh [--ee _s_t_r_i_n_g | ----eennccttyyppee==_s_t_r_i_n_g] [--kk _f_i_l_e | ----kkeeyy--ffiillee==_f_i_l_e]
+ [----ccoonnvveerrtt--ffiillee] [----mmaasstteerr--kkeeyy--ffdd==_f_d] [--hh | ----hheellpp] [----vveerrssiioonn]
+
+DDEESSCCRRIIPPTTIIOONN
+ kkssttaasshh reads the Kerberos master key and stores it in a file that will be
+ used by the KDC.
+
+ Supported options:
+
+ --ee _s_t_r_i_n_g, ----eennccttyyppee==_s_t_r_i_n_g
+ the encryption type to use, defaults to DES3-CBC-SHA1
+
+ --kk _f_i_l_e, ----kkeeyy--ffiillee==_f_i_l_e
+ the name of the master key file
+
+ ----ccoonnvveerrtt--ffiillee
+ don't ask for a new master key, just read an old master key file,
+ and writes it back in the new keyfile format
+
+ ----mmaasstteerr--kkeeyy--ffdd==_f_d
+ filedescriptor to read passphrase from, if not specified the
+ passphrase will be read from the terminal
+
+SSEEEE AALLSSOO
+ kdc(8)
+
+ HEIMDAL September 1, 2000 1
diff --git a/crypto/heimdal/kdc/main.c b/crypto/heimdal/kdc/main.c
index a14ae84..146bd91 100644
--- a/crypto/heimdal/kdc/main.c
+++ b/crypto/heimdal/kdc/main.c
@@ -33,7 +33,7 @@
#include "kdc_locl.h"
-RCSID("$Id: main.c,v 1.24 2000/12/31 07:46:14 assar Exp $");
+RCSID("$Id: main.c,v 1.25 2001/02/20 01:44:50 assar Exp $");
sig_atomic_t exit_flag = 0;
krb5_context context;
@@ -48,7 +48,7 @@ int
main(int argc, char **argv)
{
krb5_error_code ret;
- set_progname(argv[0]);
+ setprogname(argv[0]);
ret = krb5_init_context(&context);
if (ret)
diff --git a/crypto/heimdal/kdc/string2key.8 b/crypto/heimdal/kdc/string2key.8
index b286733..50d7c29 100644
--- a/crypto/heimdal/kdc/string2key.8
+++ b/crypto/heimdal/kdc/string2key.8
@@ -1,4 +1,4 @@
-.\" $Id: string2key.8,v 1.2 2000/03/04 14:02:55 assar Exp $
+.\" $Id: string2key.8,v 1.4 2001/06/08 21:35:32 joda Exp $
.\"
.Dd March 4, 2000
.Dt STRING2KEY 8
@@ -12,17 +12,21 @@
.Op Fl 4 | Fl -version4
.Op Fl a | Fl -afs
.Oo Fl c Ar cell \*(Ba Xo
-.Fl -cell= Ns Ar cell Oc
+.Fl -cell= Ns Ar cell
.Xc
+.Oc
.Oo Fl w Ar password \*(Ba Xo
-.Fl -password= Ns Ar password Oc
+.Fl -password= Ns Ar password
.Xc
+.Oc
.Oo Fl p Ar principal \*(Ba Xo
-.Fl -principal= Ns Ar principal Oc
+.Fl -principal= Ns Ar principal
.Xc
+.Oc
.Oo Fl k Ar string \*(Ba Xo
-.Fl -keytype= Ns Ar string Oc
+.Fl -keytype= Ns Ar string
.Xc
+.Oc
.Ar password
.Sh DESCRIPTION
.Nm
diff --git a/crypto/heimdal/kdc/string2key.cat8 b/crypto/heimdal/kdc/string2key.cat8
new file mode 100644
index 0000000..d70e150
--- /dev/null
+++ b/crypto/heimdal/kdc/string2key.cat8
@@ -0,0 +1,42 @@
+
+STRING2KEY(8) UNIX System Manager's Manual STRING2KEY(8)
+
+NNAAMMEE
+ ssttrriinngg22kkeeyy - map a password into a key
+
+SSYYNNOOPPSSIISS
+ ssttrriinngg22kkeeyy [--55 | ----vveerrssiioonn55] [--44 | ----vveerrssiioonn44] [--aa | ----aaffss] [--cc _c_e_l_l |
+ ----cceellll==_c_e_l_l] [--ww _p_a_s_s_w_o_r_d | ----ppaasssswwoorrdd==_p_a_s_s_w_o_r_d] [--pp _p_r_i_n_c_i_p_a_l |
+ ----pprriinncciippaall==_p_r_i_n_c_i_p_a_l] [--kk _s_t_r_i_n_g | ----kkeeyyttyyppee==_s_t_r_i_n_g] _p_a_s_s_w_o_r_d
+
+DDEESSCCRRIIPPTTIIOONN
+ ssttrriinngg22kkeeyy performs the string-to-key function. This is useful when you
+ want to handle the raw key instead of the password. Supported options:
+
+ --55, ----vveerrssiioonn55
+ Output Kerberos v5 string-to-key
+
+ --44, ----vveerrssiioonn44
+ Output Kerberos v4 string-to-key
+
+ --aa, ----aaffss
+ Output AFS string-to-key
+
+ --cc _c_e_l_l, ----cceellll==_c_e_l_l
+ AFS cell to use
+
+ --ww _p_a_s_s_w_o_r_d, ----ppaasssswwoorrdd==_p_a_s_s_w_o_r_d
+ Password to use
+
+ --pp _p_r_i_n_c_i_p_a_l, ----pprriinncciippaall==_p_r_i_n_c_i_p_a_l
+ Kerberos v5 principal to use
+
+ --kk _s_t_r_i_n_g, ----kkeeyyttyyppee==_s_t_r_i_n_g
+ Keytype
+
+ ----vveerrssiioonn
+ print version
+
+ ----hheellpp
+
+ HEIMDAL March 4, 2000 1
OpenPOWER on IntegriCloud