diff options
Diffstat (limited to 'crypto/heimdal/lib/hdb')
23 files changed, 0 insertions, 8281 deletions
diff --git a/crypto/heimdal/lib/hdb/Makefile.am b/crypto/heimdal/lib/hdb/Makefile.am deleted file mode 100644 index f66cd06..0000000 --- a/crypto/heimdal/lib/hdb/Makefile.am +++ /dev/null @@ -1,115 +0,0 @@ -# $Id: Makefile.am 22490 2008-01-21 11:49:33Z lha $ - -include $(top_srcdir)/Makefile.am.common - -AM_CPPFLAGS += -I../asn1 -I$(srcdir)/../asn1 $(INCLUDE_hcrypto) - -BUILT_SOURCES = \ - $(gen_files_hdb:.x=.c) \ - hdb_err.c \ - hdb_err.h - -gen_files_hdb = \ - asn1_Salt.x \ - asn1_Key.x \ - asn1_Event.x \ - asn1_HDBFlags.x \ - asn1_GENERATION.x \ - asn1_HDB_Ext_PKINIT_acl.x \ - asn1_HDB_Ext_PKINIT_hash.x \ - asn1_HDB_Ext_Constrained_delegation_acl.x \ - asn1_HDB_Ext_Lan_Manager_OWF.x \ - asn1_HDB_Ext_Password.x \ - asn1_HDB_Ext_Aliases.x \ - asn1_HDB_extension.x \ - asn1_HDB_extensions.x \ - asn1_hdb_entry.x \ - asn1_hdb_entry_alias.x - -CLEANFILES = $(BUILT_SOURCES) $(gen_files_hdb) hdb_asn1.h hdb_asn1_files - -LDADD = libhdb.la \ - $(LIB_openldap) \ - ../krb5/libkrb5.la \ - ../asn1/libasn1.la \ - $(LIB_hcrypto) \ - $(LIB_roken) \ - $(LIB_ldopen) - -if OPENLDAP_MODULE - -ldap_so = hdb_ldap.la -hdb_ldap_la_SOURCES = hdb-ldap.c -hdb_ldap_la_LDFLAGS = -module - -else - -ldap = hdb-ldap.c - -endif - - -lib_LTLIBRARIES = libhdb.la $(ldap_so) -libhdb_la_LDFLAGS = -version-info 11:0:2 - -noinst_PROGRAMS = test_dbinfo - -dist_libhdb_la_SOURCES = \ - common.c \ - db.c \ - db3.c \ - ext.c \ - $(ldap) \ - hdb.c \ - hdb_locl.h \ - hdb-private.h \ - keys.c \ - keytab.c \ - dbinfo.c \ - mkey.c \ - ndbm.c \ - print.c - -nodist_libhdb_la_SOURCES = $(BUILT_SOURCES) - -AM_CPPFLAGS += $(INCLUDE_openldap) - -include_HEADERS = hdb.h hdb-protos.h -nodist_include_HEADERS = hdb_err.h hdb_asn1.h - -libhdb_la_CPPFLAGS = -DHDB_DB_DIR=\"$(DIR_hdbdir)\" - -libhdb_la_LIBADD = \ - $(LIB_com_err) \ - ../krb5/libkrb5.la \ - ../asn1/libasn1.la \ - $(LIBADD_roken) \ - $(LIB_openldap) \ - $(LIB_dlopen) \ - $(DBLIB) \ - $(LIB_NDBM) - -$(libhdb_la_OBJECTS): $(srcdir)/hdb-protos.h $(srcdir)/hdb-private.h - -$(srcdir)/hdb-protos.h: - cd $(srcdir); perl ../../cf/make-proto.pl -q -P comment -o hdb-protos.h $(dist_libhdb_la_SOURCES) || rm -f hdb-protos.h - -$(srcdir)/hdb-private.h: - cd $(srcdir); perl ../../cf/make-proto.pl -q -P comment -p hdb-private.h $(dist_libhdb_la_SOURCES) || rm -f hdb-private.h - -$(gen_files_hdb) hdb_asn1.h: hdb_asn1_files - -hdb_asn1_files: ../asn1/asn1_compile$(EXEEXT) $(srcdir)/hdb.asn1 - ../asn1/asn1_compile$(EXEEXT) $(srcdir)/hdb.asn1 hdb_asn1 - -$(libhdb_la_OBJECTS): hdb_asn1.h hdb_err.h - -test_dbinfo_SOURCES = test_dbinfo.c - -test_dbinfo_LIBS = libhdb.la - -# to help stupid solaris make - -hdb_err.h: hdb_err.et - -EXTRA_DIST = hdb.asn1 hdb_err.et hdb.schema diff --git a/crypto/heimdal/lib/hdb/Makefile.in b/crypto/heimdal/lib/hdb/Makefile.in deleted file mode 100644 index cb0f916..0000000 --- a/crypto/heimdal/lib/hdb/Makefile.in +++ /dev/null @@ -1,1060 +0,0 @@ -# Makefile.in generated by automake 1.10 from Makefile.am. -# @configure_input@ - -# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. -# This Makefile.in is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -# PARTICULAR PURPOSE. - -@SET_MAKE@ - -# $Id: Makefile.am 22490 2008-01-21 11:49:33Z lha $ - -# $Id: Makefile.am.common 10998 2002-05-19 18:35:37Z joda $ - -# $Id: Makefile.am.common 22488 2008-01-21 11:47:22Z lha $ - - - -VPATH = @srcdir@ -pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ -am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -install_sh_DATA = $(install_sh) -c -m 644 -install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c -INSTALL_HEADER = $(INSTALL_DATA) -transform = $(program_transform_name) -NORMAL_INSTALL = : -PRE_INSTALL = : -POST_INSTALL = : -NORMAL_UNINSTALL = : -PRE_UNINSTALL = : -POST_UNINSTALL = : -build_triplet = @build@ -host_triplet = @host@ -DIST_COMMON = $(include_HEADERS) $(srcdir)/Makefile.am \ - $(srcdir)/Makefile.in $(top_srcdir)/Makefile.am.common \ - $(top_srcdir)/cf/Makefile.am.common -noinst_PROGRAMS = test_dbinfo$(EXEEXT) -subdir = lib/hdb -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/cf/aix.m4 \ - $(top_srcdir)/cf/auth-modules.m4 $(top_srcdir)/cf/autobuild.m4 \ - $(top_srcdir)/cf/broken-getaddrinfo.m4 \ - $(top_srcdir)/cf/broken-glob.m4 \ - $(top_srcdir)/cf/broken-realloc.m4 \ - $(top_srcdir)/cf/broken-snprintf.m4 $(top_srcdir)/cf/broken.m4 \ - $(top_srcdir)/cf/broken2.m4 $(top_srcdir)/cf/c-attribute.m4 \ - $(top_srcdir)/cf/capabilities.m4 \ - $(top_srcdir)/cf/check-compile-et.m4 \ - $(top_srcdir)/cf/check-getpwnam_r-posix.m4 \ - $(top_srcdir)/cf/check-man.m4 \ - $(top_srcdir)/cf/check-netinet-ip-and-tcp.m4 \ - $(top_srcdir)/cf/check-type-extra.m4 \ - $(top_srcdir)/cf/check-var.m4 $(top_srcdir)/cf/check-x.m4 \ - $(top_srcdir)/cf/check-xau.m4 $(top_srcdir)/cf/crypto.m4 \ - $(top_srcdir)/cf/db.m4 $(top_srcdir)/cf/destdirs.m4 \ - $(top_srcdir)/cf/dlopen.m4 \ - $(top_srcdir)/cf/find-func-no-libs.m4 \ - $(top_srcdir)/cf/find-func-no-libs2.m4 \ - $(top_srcdir)/cf/find-func.m4 \ - $(top_srcdir)/cf/find-if-not-broken.m4 \ - $(top_srcdir)/cf/framework-security.m4 \ - $(top_srcdir)/cf/have-struct-field.m4 \ - $(top_srcdir)/cf/have-type.m4 $(top_srcdir)/cf/irix.m4 \ - $(top_srcdir)/cf/krb-bigendian.m4 \ - $(top_srcdir)/cf/krb-func-getlogin.m4 \ - $(top_srcdir)/cf/krb-ipv6.m4 $(top_srcdir)/cf/krb-prog-ln-s.m4 \ - $(top_srcdir)/cf/krb-readline.m4 \ - $(top_srcdir)/cf/krb-struct-spwd.m4 \ - $(top_srcdir)/cf/krb-struct-winsize.m4 \ - $(top_srcdir)/cf/largefile.m4 $(top_srcdir)/cf/mips-abi.m4 \ - $(top_srcdir)/cf/misc.m4 $(top_srcdir)/cf/need-proto.m4 \ - $(top_srcdir)/cf/osfc2.m4 $(top_srcdir)/cf/otp.m4 \ - $(top_srcdir)/cf/proto-compat.m4 $(top_srcdir)/cf/pthreads.m4 \ - $(top_srcdir)/cf/resolv.m4 $(top_srcdir)/cf/retsigtype.m4 \ - $(top_srcdir)/cf/roken-frag.m4 \ - $(top_srcdir)/cf/socket-wrapper.m4 $(top_srcdir)/cf/sunos.m4 \ - $(top_srcdir)/cf/telnet.m4 $(top_srcdir)/cf/test-package.m4 \ - $(top_srcdir)/cf/version-script.m4 $(top_srcdir)/cf/wflags.m4 \ - $(top_srcdir)/cf/win32.m4 $(top_srcdir)/cf/with-all.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.in -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -mkinstalldirs = $(install_sh) -d -CONFIG_HEADER = $(top_builddir)/include/config.h -CONFIG_CLEAN_FILES = -am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; -am__vpath_adj = case $$p in \ - $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ - *) f=$$p;; \ - esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; -am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(includedir)" \ - "$(DESTDIR)$(includedir)" -libLTLIBRARIES_INSTALL = $(INSTALL) -LTLIBRARIES = $(lib_LTLIBRARIES) -hdb_ldap_la_LIBADD = -am__hdb_ldap_la_SOURCES_DIST = hdb-ldap.c -@OPENLDAP_MODULE_TRUE@am_hdb_ldap_la_OBJECTS = hdb-ldap.lo -hdb_ldap_la_OBJECTS = $(am_hdb_ldap_la_OBJECTS) -hdb_ldap_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(hdb_ldap_la_LDFLAGS) $(LDFLAGS) -o $@ -@OPENLDAP_MODULE_TRUE@am_hdb_ldap_la_rpath = -rpath $(libdir) -am__DEPENDENCIES_1 = -libhdb_la_DEPENDENCIES = $(am__DEPENDENCIES_1) ../krb5/libkrb5.la \ - ../asn1/libasn1.la $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) -am__dist_libhdb_la_SOURCES_DIST = common.c db.c db3.c ext.c hdb-ldap.c \ - hdb.c hdb_locl.h hdb-private.h keys.c keytab.c dbinfo.c mkey.c \ - ndbm.c print.c -@OPENLDAP_MODULE_FALSE@am__objects_1 = libhdb_la-hdb-ldap.lo -dist_libhdb_la_OBJECTS = libhdb_la-common.lo libhdb_la-db.lo \ - libhdb_la-db3.lo libhdb_la-ext.lo $(am__objects_1) \ - libhdb_la-hdb.lo libhdb_la-keys.lo libhdb_la-keytab.lo \ - libhdb_la-dbinfo.lo libhdb_la-mkey.lo libhdb_la-ndbm.lo \ - libhdb_la-print.lo -am__objects_2 = libhdb_la-asn1_Salt.lo libhdb_la-asn1_Key.lo \ - libhdb_la-asn1_Event.lo libhdb_la-asn1_HDBFlags.lo \ - libhdb_la-asn1_GENERATION.lo \ - libhdb_la-asn1_HDB_Ext_PKINIT_acl.lo \ - libhdb_la-asn1_HDB_Ext_PKINIT_hash.lo \ - libhdb_la-asn1_HDB_Ext_Constrained_delegation_acl.lo \ - libhdb_la-asn1_HDB_Ext_Lan_Manager_OWF.lo \ - libhdb_la-asn1_HDB_Ext_Password.lo \ - libhdb_la-asn1_HDB_Ext_Aliases.lo \ - libhdb_la-asn1_HDB_extension.lo \ - libhdb_la-asn1_HDB_extensions.lo libhdb_la-asn1_hdb_entry.lo \ - libhdb_la-asn1_hdb_entry_alias.lo -am__objects_3 = $(am__objects_2) libhdb_la-hdb_err.lo -nodist_libhdb_la_OBJECTS = $(am__objects_3) -libhdb_la_OBJECTS = $(dist_libhdb_la_OBJECTS) \ - $(nodist_libhdb_la_OBJECTS) -libhdb_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(libhdb_la_LDFLAGS) $(LDFLAGS) -o $@ -PROGRAMS = $(noinst_PROGRAMS) -am_test_dbinfo_OBJECTS = test_dbinfo.$(OBJEXT) -test_dbinfo_OBJECTS = $(am_test_dbinfo_OBJECTS) -test_dbinfo_LDADD = $(LDADD) -test_dbinfo_DEPENDENCIES = libhdb.la $(am__DEPENDENCIES_1) \ - ../krb5/libkrb5.la ../asn1/libasn1.la $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) -DEFAULT_INCLUDES = -I. -I$(top_builddir)/include@am__isrc@ -depcomp = -am__depfiles_maybe = -COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ - --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ - $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -CCLD = $(CC) -LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ - --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ - $(LDFLAGS) -o $@ -SOURCES = $(hdb_ldap_la_SOURCES) $(dist_libhdb_la_SOURCES) \ - $(nodist_libhdb_la_SOURCES) $(test_dbinfo_SOURCES) -DIST_SOURCES = $(am__hdb_ldap_la_SOURCES_DIST) \ - $(am__dist_libhdb_la_SOURCES_DIST) $(test_dbinfo_SOURCES) -includeHEADERS_INSTALL = $(INSTALL_HEADER) -nodist_includeHEADERS_INSTALL = $(INSTALL_HEADER) -HEADERS = $(include_HEADERS) $(nodist_include_HEADERS) -ETAGS = etags -CTAGS = ctags -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -ACLOCAL = @ACLOCAL@ -AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ -AMTAR = @AMTAR@ -AR = @AR@ -AUTOCONF = @AUTOCONF@ -AUTOHEADER = @AUTOHEADER@ -AUTOMAKE = @AUTOMAKE@ -AWK = @AWK@ -CANONICAL_HOST = @CANONICAL_HOST@ -CATMAN = @CATMAN@ -CATMANEXT = @CATMANEXT@ -CC = @CC@ -CFLAGS = @CFLAGS@ -COMPILE_ET = @COMPILE_ET@ -CPP = @CPP@ -CPPFLAGS = @CPPFLAGS@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ -CXXFLAGS = @CXXFLAGS@ -CYGPATH_W = @CYGPATH_W@ -DBLIB = @DBLIB@ -DEFS = @DEFS@ -DIR_com_err = @DIR_com_err@ -DIR_hcrypto = @DIR_hcrypto@ -DIR_hdbdir = @DIR_hdbdir@ -DIR_roken = @DIR_roken@ -ECHO = @ECHO@ -ECHO_C = @ECHO_C@ -ECHO_N = @ECHO_N@ -ECHO_T = @ECHO_T@ -EGREP = @EGREP@ -EXEEXT = @EXEEXT@ -F77 = @F77@ -FFLAGS = @FFLAGS@ -GREP = @GREP@ -GROFF = @GROFF@ -INCLUDES_roken = @INCLUDES_roken@ -INCLUDE_hcrypto = @INCLUDE_hcrypto@ -INCLUDE_hesiod = @INCLUDE_hesiod@ -INCLUDE_krb4 = @INCLUDE_krb4@ -INCLUDE_openldap = @INCLUDE_openldap@ -INCLUDE_readline = @INCLUDE_readline@ -INSTALL = @INSTALL@ -INSTALL_DATA = @INSTALL_DATA@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ -INSTALL_SCRIPT = @INSTALL_SCRIPT@ -INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -LDFLAGS = @LDFLAGS@ -LDFLAGS_VERSION_SCRIPT = @LDFLAGS_VERSION_SCRIPT@ -LEX = @LEX@ -LEXLIB = @LEXLIB@ -LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBADD_roken = @LIBADD_roken@ -LIBOBJS = @LIBOBJS@ -LIBS = @LIBS@ -LIBTOOL = @LIBTOOL@ -LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@ -LIB_NDBM = @LIB_NDBM@ -LIB_XauFileName = @LIB_XauFileName@ -LIB_XauReadAuth = @LIB_XauReadAuth@ -LIB_XauWriteAuth = @LIB_XauWriteAuth@ -LIB_bswap16 = @LIB_bswap16@ -LIB_bswap32 = @LIB_bswap32@ -LIB_com_err = @LIB_com_err@ -LIB_com_err_a = @LIB_com_err_a@ -LIB_com_err_so = @LIB_com_err_so@ -LIB_crypt = @LIB_crypt@ -LIB_db_create = @LIB_db_create@ -LIB_dbm_firstkey = @LIB_dbm_firstkey@ -LIB_dbopen = @LIB_dbopen@ -LIB_dlopen = @LIB_dlopen@ -LIB_dn_expand = @LIB_dn_expand@ -LIB_door_create = @LIB_door_create@ -LIB_el_init = @LIB_el_init@ -LIB_freeaddrinfo = @LIB_freeaddrinfo@ -LIB_gai_strerror = @LIB_gai_strerror@ -LIB_getaddrinfo = @LIB_getaddrinfo@ -LIB_gethostbyname = @LIB_gethostbyname@ -LIB_gethostbyname2 = @LIB_gethostbyname2@ -LIB_getnameinfo = @LIB_getnameinfo@ -LIB_getpwnam_r = @LIB_getpwnam_r@ -LIB_getsockopt = @LIB_getsockopt@ -LIB_hcrypto = @LIB_hcrypto@ -LIB_hcrypto_a = @LIB_hcrypto_a@ -LIB_hcrypto_appl = @LIB_hcrypto_appl@ -LIB_hcrypto_so = @LIB_hcrypto_so@ -LIB_hesiod = @LIB_hesiod@ -LIB_hstrerror = @LIB_hstrerror@ -LIB_kdb = @LIB_kdb@ -LIB_krb4 = @LIB_krb4@ -LIB_loadquery = @LIB_loadquery@ -LIB_logout = @LIB_logout@ -LIB_logwtmp = @LIB_logwtmp@ -LIB_openldap = @LIB_openldap@ -LIB_openpty = @LIB_openpty@ -LIB_otp = @LIB_otp@ -LIB_pidfile = @LIB_pidfile@ -LIB_readline = @LIB_readline@ -LIB_res_ndestroy = @LIB_res_ndestroy@ -LIB_res_nsearch = @LIB_res_nsearch@ -LIB_res_search = @LIB_res_search@ -LIB_roken = @LIB_roken@ -LIB_security = @LIB_security@ -LIB_setsockopt = @LIB_setsockopt@ -LIB_socket = @LIB_socket@ -LIB_syslog = @LIB_syslog@ -LIB_tgetent = @LIB_tgetent@ -LN_S = @LN_S@ -LTLIBOBJS = @LTLIBOBJS@ -MAINT = @MAINT@ -MAKEINFO = @MAKEINFO@ -MKDIR_P = @MKDIR_P@ -NROFF = @NROFF@ -OBJEXT = @OBJEXT@ -PACKAGE = @PACKAGE@ -PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ -PACKAGE_NAME = @PACKAGE_NAME@ -PACKAGE_STRING = @PACKAGE_STRING@ -PACKAGE_TARNAME = @PACKAGE_TARNAME@ -PACKAGE_VERSION = @PACKAGE_VERSION@ -PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREADS_CFLAGS = @PTHREADS_CFLAGS@ -PTHREADS_LIBS = @PTHREADS_LIBS@ -RANLIB = @RANLIB@ -SET_MAKE = @SET_MAKE@ -SHELL = @SHELL@ -STRIP = @STRIP@ -VERSION = @VERSION@ -VERSIONING = @VERSIONING@ -VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ -WFLAGS = @WFLAGS@ -WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ -WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ -XMKMF = @XMKMF@ -X_CFLAGS = @X_CFLAGS@ -X_EXTRA_LIBS = @X_EXTRA_LIBS@ -X_LIBS = @X_LIBS@ -X_PRE_LIBS = @X_PRE_LIBS@ -YACC = @YACC@ -YFLAGS = @YFLAGS@ -abs_builddir = @abs_builddir@ -abs_srcdir = @abs_srcdir@ -abs_top_builddir = @abs_top_builddir@ -abs_top_srcdir = @abs_top_srcdir@ -ac_ct_CC = @ac_ct_CC@ -ac_ct_CXX = @ac_ct_CXX@ -ac_ct_F77 = @ac_ct_F77@ -am__leading_dot = @am__leading_dot@ -am__tar = @am__tar@ -am__untar = @am__untar@ -bindir = @bindir@ -build = @build@ -build_alias = @build_alias@ -build_cpu = @build_cpu@ -build_os = @build_os@ -build_vendor = @build_vendor@ -builddir = @builddir@ -datadir = @datadir@ -datarootdir = @datarootdir@ -docdir = @docdir@ -dpagaix_cflags = @dpagaix_cflags@ -dpagaix_ldadd = @dpagaix_ldadd@ -dpagaix_ldflags = @dpagaix_ldflags@ -dvidir = @dvidir@ -exec_prefix = @exec_prefix@ -host = @host@ -host_alias = @host_alias@ -host_cpu = @host_cpu@ -host_os = @host_os@ -host_vendor = @host_vendor@ -htmldir = @htmldir@ -includedir = @includedir@ -infodir = @infodir@ -install_sh = @install_sh@ -libdir = @libdir@ -libexecdir = @libexecdir@ -localedir = @localedir@ -localstatedir = @localstatedir@ -mandir = @mandir@ -mkdir_p = @mkdir_p@ -oldincludedir = @oldincludedir@ -pdfdir = @pdfdir@ -prefix = @prefix@ -program_transform_name = @program_transform_name@ -psdir = @psdir@ -sbindir = @sbindir@ -sharedstatedir = @sharedstatedir@ -srcdir = @srcdir@ -sysconfdir = @sysconfdir@ -target_alias = @target_alias@ -top_builddir = @top_builddir@ -top_srcdir = @top_srcdir@ -SUFFIXES = .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 -AM_CPPFLAGS = -I$(top_builddir)/include $(INCLUDES_roken) -I../asn1 \ - -I$(srcdir)/../asn1 $(INCLUDE_hcrypto) $(INCLUDE_openldap) -@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME -AM_CFLAGS = $(WFLAGS) -CP = cp -buildinclude = $(top_builddir)/include -LIB_getattr = @LIB_getattr@ -LIB_getpwent_r = @LIB_getpwent_r@ -LIB_odm_initialize = @LIB_odm_initialize@ -LIB_setpcred = @LIB_setpcred@ -HESIODLIB = @HESIODLIB@ -HESIODINCLUDE = @HESIODINCLUDE@ -NROFF_MAN = groff -mandoc -Tascii -LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) -@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ -@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la - -@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la -@KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la -@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la -BUILT_SOURCES = \ - $(gen_files_hdb:.x=.c) \ - hdb_err.c \ - hdb_err.h - -gen_files_hdb = \ - asn1_Salt.x \ - asn1_Key.x \ - asn1_Event.x \ - asn1_HDBFlags.x \ - asn1_GENERATION.x \ - asn1_HDB_Ext_PKINIT_acl.x \ - asn1_HDB_Ext_PKINIT_hash.x \ - asn1_HDB_Ext_Constrained_delegation_acl.x \ - asn1_HDB_Ext_Lan_Manager_OWF.x \ - asn1_HDB_Ext_Password.x \ - asn1_HDB_Ext_Aliases.x \ - asn1_HDB_extension.x \ - asn1_HDB_extensions.x \ - asn1_hdb_entry.x \ - asn1_hdb_entry_alias.x - -CLEANFILES = $(BUILT_SOURCES) $(gen_files_hdb) hdb_asn1.h hdb_asn1_files -LDADD = libhdb.la \ - $(LIB_openldap) \ - ../krb5/libkrb5.la \ - ../asn1/libasn1.la \ - $(LIB_hcrypto) \ - $(LIB_roken) \ - $(LIB_ldopen) - -@OPENLDAP_MODULE_TRUE@ldap_so = hdb_ldap.la -@OPENLDAP_MODULE_TRUE@hdb_ldap_la_SOURCES = hdb-ldap.c -@OPENLDAP_MODULE_TRUE@hdb_ldap_la_LDFLAGS = -module -@OPENLDAP_MODULE_FALSE@ldap = hdb-ldap.c -lib_LTLIBRARIES = libhdb.la $(ldap_so) -libhdb_la_LDFLAGS = -version-info 11:0:2 -dist_libhdb_la_SOURCES = \ - common.c \ - db.c \ - db3.c \ - ext.c \ - $(ldap) \ - hdb.c \ - hdb_locl.h \ - hdb-private.h \ - keys.c \ - keytab.c \ - dbinfo.c \ - mkey.c \ - ndbm.c \ - print.c - -nodist_libhdb_la_SOURCES = $(BUILT_SOURCES) -include_HEADERS = hdb.h hdb-protos.h -nodist_include_HEADERS = hdb_err.h hdb_asn1.h -libhdb_la_CPPFLAGS = -DHDB_DB_DIR=\"$(DIR_hdbdir)\" -libhdb_la_LIBADD = \ - $(LIB_com_err) \ - ../krb5/libkrb5.la \ - ../asn1/libasn1.la \ - $(LIBADD_roken) \ - $(LIB_openldap) \ - $(LIB_dlopen) \ - $(DBLIB) \ - $(LIB_NDBM) - -test_dbinfo_SOURCES = test_dbinfo.c -test_dbinfo_LIBS = libhdb.la -EXTRA_DIST = hdb.asn1 hdb_err.et hdb.schema -all: $(BUILT_SOURCES) - $(MAKE) $(AM_MAKEFLAGS) all-am - -.SUFFIXES: -.SUFFIXES: .et .h .x .z .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj -$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps lib/hdb/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --foreign --ignore-deps lib/hdb/Makefile -.PRECIOUS: Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -install-libLTLIBRARIES: $(lib_LTLIBRARIES) - @$(NORMAL_INSTALL) - test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ - if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(libdir)/$$f'"; \ - $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(libdir)/$$f"; \ - else :; fi; \ - done - -uninstall-libLTLIBRARIES: - @$(NORMAL_UNINSTALL) - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \ - $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \ - done - -clean-libLTLIBRARIES: - -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ - dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ - test "$$dir" != "$$p" || dir=.; \ - echo "rm -f \"$${dir}/so_locations\""; \ - rm -f "$${dir}/so_locations"; \ - done -hdb_ldap.la: $(hdb_ldap_la_OBJECTS) $(hdb_ldap_la_DEPENDENCIES) - $(hdb_ldap_la_LINK) $(am_hdb_ldap_la_rpath) $(hdb_ldap_la_OBJECTS) $(hdb_ldap_la_LIBADD) $(LIBS) -libhdb.la: $(libhdb_la_OBJECTS) $(libhdb_la_DEPENDENCIES) - $(libhdb_la_LINK) -rpath $(libdir) $(libhdb_la_OBJECTS) $(libhdb_la_LIBADD) $(LIBS) - -clean-noinstPROGRAMS: - @list='$(noinst_PROGRAMS)'; for p in $$list; do \ - f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f $$p $$f"; \ - rm -f $$p $$f ; \ - done -test_dbinfo$(EXEEXT): $(test_dbinfo_OBJECTS) $(test_dbinfo_DEPENDENCIES) - @rm -f test_dbinfo$(EXEEXT) - $(LINK) $(test_dbinfo_OBJECTS) $(test_dbinfo_LDADD) $(LIBS) - -mostlyclean-compile: - -rm -f *.$(OBJEXT) - -distclean-compile: - -rm -f *.tab.c - -.c.o: - $(COMPILE) -c $< - -.c.obj: - $(COMPILE) -c `$(CYGPATH_W) '$<'` - -.c.lo: - $(LTCOMPILE) -c -o $@ $< - -libhdb_la-common.lo: common.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-common.lo `test -f 'common.c' || echo '$(srcdir)/'`common.c - -libhdb_la-db.lo: db.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-db.lo `test -f 'db.c' || echo '$(srcdir)/'`db.c - -libhdb_la-db3.lo: db3.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-db3.lo `test -f 'db3.c' || echo '$(srcdir)/'`db3.c - -libhdb_la-ext.lo: ext.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-ext.lo `test -f 'ext.c' || echo '$(srcdir)/'`ext.c - -libhdb_la-hdb-ldap.lo: hdb-ldap.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-hdb-ldap.lo `test -f 'hdb-ldap.c' || echo '$(srcdir)/'`hdb-ldap.c - -libhdb_la-hdb.lo: hdb.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-hdb.lo `test -f 'hdb.c' || echo '$(srcdir)/'`hdb.c - -libhdb_la-keys.lo: keys.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-keys.lo `test -f 'keys.c' || echo '$(srcdir)/'`keys.c - -libhdb_la-keytab.lo: keytab.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-keytab.lo `test -f 'keytab.c' || echo '$(srcdir)/'`keytab.c - -libhdb_la-dbinfo.lo: dbinfo.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-dbinfo.lo `test -f 'dbinfo.c' || echo '$(srcdir)/'`dbinfo.c - -libhdb_la-mkey.lo: mkey.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-mkey.lo `test -f 'mkey.c' || echo '$(srcdir)/'`mkey.c - -libhdb_la-ndbm.lo: ndbm.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-ndbm.lo `test -f 'ndbm.c' || echo '$(srcdir)/'`ndbm.c - -libhdb_la-print.lo: print.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-print.lo `test -f 'print.c' || echo '$(srcdir)/'`print.c - -libhdb_la-asn1_Salt.lo: asn1_Salt.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_Salt.lo `test -f 'asn1_Salt.c' || echo '$(srcdir)/'`asn1_Salt.c - -libhdb_la-asn1_Key.lo: asn1_Key.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_Key.lo `test -f 'asn1_Key.c' || echo '$(srcdir)/'`asn1_Key.c - -libhdb_la-asn1_Event.lo: asn1_Event.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_Event.lo `test -f 'asn1_Event.c' || echo '$(srcdir)/'`asn1_Event.c - -libhdb_la-asn1_HDBFlags.lo: asn1_HDBFlags.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_HDBFlags.lo `test -f 'asn1_HDBFlags.c' || echo '$(srcdir)/'`asn1_HDBFlags.c - -libhdb_la-asn1_GENERATION.lo: asn1_GENERATION.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_GENERATION.lo `test -f 'asn1_GENERATION.c' || echo '$(srcdir)/'`asn1_GENERATION.c - -libhdb_la-asn1_HDB_Ext_PKINIT_acl.lo: asn1_HDB_Ext_PKINIT_acl.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_HDB_Ext_PKINIT_acl.lo `test -f 'asn1_HDB_Ext_PKINIT_acl.c' || echo '$(srcdir)/'`asn1_HDB_Ext_PKINIT_acl.c - -libhdb_la-asn1_HDB_Ext_PKINIT_hash.lo: asn1_HDB_Ext_PKINIT_hash.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_HDB_Ext_PKINIT_hash.lo `test -f 'asn1_HDB_Ext_PKINIT_hash.c' || echo '$(srcdir)/'`asn1_HDB_Ext_PKINIT_hash.c - -libhdb_la-asn1_HDB_Ext_Constrained_delegation_acl.lo: asn1_HDB_Ext_Constrained_delegation_acl.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_HDB_Ext_Constrained_delegation_acl.lo `test -f 'asn1_HDB_Ext_Constrained_delegation_acl.c' || echo '$(srcdir)/'`asn1_HDB_Ext_Constrained_delegation_acl.c - -libhdb_la-asn1_HDB_Ext_Lan_Manager_OWF.lo: asn1_HDB_Ext_Lan_Manager_OWF.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_HDB_Ext_Lan_Manager_OWF.lo `test -f 'asn1_HDB_Ext_Lan_Manager_OWF.c' || echo '$(srcdir)/'`asn1_HDB_Ext_Lan_Manager_OWF.c - -libhdb_la-asn1_HDB_Ext_Password.lo: asn1_HDB_Ext_Password.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_HDB_Ext_Password.lo `test -f 'asn1_HDB_Ext_Password.c' || echo '$(srcdir)/'`asn1_HDB_Ext_Password.c - -libhdb_la-asn1_HDB_Ext_Aliases.lo: asn1_HDB_Ext_Aliases.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_HDB_Ext_Aliases.lo `test -f 'asn1_HDB_Ext_Aliases.c' || echo '$(srcdir)/'`asn1_HDB_Ext_Aliases.c - -libhdb_la-asn1_HDB_extension.lo: asn1_HDB_extension.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_HDB_extension.lo `test -f 'asn1_HDB_extension.c' || echo '$(srcdir)/'`asn1_HDB_extension.c - -libhdb_la-asn1_HDB_extensions.lo: asn1_HDB_extensions.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_HDB_extensions.lo `test -f 'asn1_HDB_extensions.c' || echo '$(srcdir)/'`asn1_HDB_extensions.c - -libhdb_la-asn1_hdb_entry.lo: asn1_hdb_entry.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_hdb_entry.lo `test -f 'asn1_hdb_entry.c' || echo '$(srcdir)/'`asn1_hdb_entry.c - -libhdb_la-asn1_hdb_entry_alias.lo: asn1_hdb_entry_alias.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-asn1_hdb_entry_alias.lo `test -f 'asn1_hdb_entry_alias.c' || echo '$(srcdir)/'`asn1_hdb_entry_alias.c - -libhdb_la-hdb_err.lo: hdb_err.c - $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libhdb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libhdb_la-hdb_err.lo `test -f 'hdb_err.c' || echo '$(srcdir)/'`hdb_err.c - -mostlyclean-libtool: - -rm -f *.lo - -clean-libtool: - -rm -rf .libs _libs -install-includeHEADERS: $(include_HEADERS) - @$(NORMAL_INSTALL) - test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)" - @list='$(include_HEADERS)'; for p in $$list; do \ - if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ - echo " $(includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \ - $(includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \ - done - -uninstall-includeHEADERS: - @$(NORMAL_UNINSTALL) - @list='$(include_HEADERS)'; for p in $$list; do \ - f=$(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \ - rm -f "$(DESTDIR)$(includedir)/$$f"; \ - done -install-nodist_includeHEADERS: $(nodist_include_HEADERS) - @$(NORMAL_INSTALL) - test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)" - @list='$(nodist_include_HEADERS)'; for p in $$list; do \ - if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - f=$(am__strip_dir) \ - echo " $(nodist_includeHEADERS_INSTALL) '$$d$$p' '$(DESTDIR)$(includedir)/$$f'"; \ - $(nodist_includeHEADERS_INSTALL) "$$d$$p" "$(DESTDIR)$(includedir)/$$f"; \ - done - -uninstall-nodist_includeHEADERS: - @$(NORMAL_UNINSTALL) - @list='$(nodist_include_HEADERS)'; for p in $$list; do \ - f=$(am__strip_dir) \ - echo " rm -f '$(DESTDIR)$(includedir)/$$f'"; \ - rm -f "$(DESTDIR)$(includedir)/$$f"; \ - done - -ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - mkid -fID $$unique -tags: TAGS - -TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ - fi -ctags: CTAGS -CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) - tags=; \ - here=`pwd`; \ - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique - -GTAGS: - here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here - -distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - -distdir: $(DISTFILES) - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ - dist_files=`for file in $$list; do echo $$file; done | \ - sed -e "s|^$$srcdirstrip/||;t" \ - -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ - case $$dist_files in \ - */*) $(MKDIR_P) `echo "$$dist_files" | \ - sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ - sort -u` ;; \ - esac; \ - for file in $$dist_files; do \ - if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ - if test -d $$d/$$file; then \ - dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ - fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ - else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ - || exit 1; \ - fi; \ - done - $(MAKE) $(AM_MAKEFLAGS) \ - top_distdir="$(top_distdir)" distdir="$(distdir)" \ - dist-hook -check-am: all-am - $(MAKE) $(AM_MAKEFLAGS) check-local -check: $(BUILT_SOURCES) - $(MAKE) $(AM_MAKEFLAGS) check-am -all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(HEADERS) all-local -installdirs: - for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(includedir)" "$(DESTDIR)$(includedir)"; do \ - test -z "$$dir" || $(MKDIR_P) "$$dir"; \ - done -install: $(BUILT_SOURCES) - $(MAKE) $(AM_MAKEFLAGS) install-am -install-exec: install-exec-am -install-data: install-data-am -uninstall: uninstall-am - -install-am: all-am - @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am - -installcheck: installcheck-am -install-strip: - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - `test -z '$(STRIP)' || \ - echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -mostlyclean-generic: - -clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) - -distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -maintainer-clean-generic: - @echo "This command is intended for maintainers to use" - @echo "it deletes files that may require special tools to rebuild." - -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES) -clean: clean-am - -clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ - clean-noinstPROGRAMS mostlyclean-am - -distclean: distclean-am - -rm -f Makefile -distclean-am: clean-am distclean-compile distclean-generic \ - distclean-tags - -dvi: dvi-am - -dvi-am: - -html: html-am - -info: info-am - -info-am: - -install-data-am: install-includeHEADERS install-nodist_includeHEADERS - @$(NORMAL_INSTALL) - $(MAKE) $(AM_MAKEFLAGS) install-data-hook - -install-dvi: install-dvi-am - -install-exec-am: install-libLTLIBRARIES - @$(NORMAL_INSTALL) - $(MAKE) $(AM_MAKEFLAGS) install-exec-hook - -install-html: install-html-am - -install-info: install-info-am - -install-man: - -install-pdf: install-pdf-am - -install-ps: install-ps-am - -installcheck-am: - -maintainer-clean: maintainer-clean-am - -rm -f Makefile -maintainer-clean-am: distclean-am maintainer-clean-generic - -mostlyclean: mostlyclean-am - -mostlyclean-am: mostlyclean-compile mostlyclean-generic \ - mostlyclean-libtool - -pdf: pdf-am - -pdf-am: - -ps: ps-am - -ps-am: - -uninstall-am: uninstall-includeHEADERS uninstall-libLTLIBRARIES \ - uninstall-nodist_includeHEADERS - @$(NORMAL_INSTALL) - $(MAKE) $(AM_MAKEFLAGS) uninstall-hook - -.MAKE: install-am install-data-am install-exec-am install-strip \ - uninstall-am - -.PHONY: CTAGS GTAGS all all-am all-local check check-am check-local \ - clean clean-generic clean-libLTLIBRARIES clean-libtool \ - clean-noinstPROGRAMS ctags dist-hook distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am \ - install-data-hook install-dvi install-dvi-am install-exec \ - install-exec-am install-exec-hook install-html install-html-am \ - install-includeHEADERS install-info install-info-am \ - install-libLTLIBRARIES install-man \ - install-nodist_includeHEADERS install-pdf install-pdf-am \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-hook \ - uninstall-includeHEADERS uninstall-libLTLIBRARIES \ - uninstall-nodist_includeHEADERS - - -install-suid-programs: - @foo='$(bin_SUIDS)'; \ - for file in $$foo; do \ - x=$(DESTDIR)$(bindir)/$$file; \ - if chown 0:0 $$x && chmod u+s $$x; then :; else \ - echo "*"; \ - echo "* Failed to install $$x setuid root"; \ - echo "*"; \ - fi; done - -install-exec-hook: install-suid-programs - -install-build-headers:: $(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ) $(nobase_include_HEADERS) - @foo='$(include_HEADERS) $(dist_include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \ - for f in $$foo; do \ - f=`basename $$f`; \ - if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \ - else file="$$f"; fi; \ - if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \ - : ; else \ - echo " $(CP) $$file $(buildinclude)/$$f"; \ - $(CP) $$file $(buildinclude)/$$f; \ - fi ; \ - done ; \ - foo='$(nobase_include_HEADERS)'; \ - for f in $$foo; do \ - if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \ - else file="$$f"; fi; \ - $(mkdir_p) $(buildinclude)/`dirname $$f` ; \ - if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \ - : ; else \ - echo " $(CP) $$file $(buildinclude)/$$f"; \ - $(CP) $$file $(buildinclude)/$$f; \ - fi ; \ - done - -all-local: install-build-headers - -check-local:: - @if test '$(CHECK_LOCAL)' = "no-check-local"; then \ - foo=''; elif test '$(CHECK_LOCAL)'; then \ - foo='$(CHECK_LOCAL)'; else \ - foo='$(PROGRAMS)'; fi; \ - if test "$$foo"; then \ - failed=0; all=0; \ - for i in $$foo; do \ - all=`expr $$all + 1`; \ - if (./$$i --version && ./$$i --help) > /dev/null 2>&1; then \ - echo "PASS: $$i"; \ - else \ - echo "FAIL: $$i"; \ - failed=`expr $$failed + 1`; \ - fi; \ - done; \ - if test "$$failed" -eq 0; then \ - banner="All $$all tests passed"; \ - else \ - banner="$$failed of $$all tests failed"; \ - fi; \ - dashes=`echo "$$banner" | sed s/./=/g`; \ - echo "$$dashes"; \ - echo "$$banner"; \ - echo "$$dashes"; \ - test "$$failed" -eq 0 || exit 1; \ - fi - -.x.c: - @cmp -s $< $@ 2> /dev/null || cp $< $@ -#NROFF_MAN = nroff -man -.1.cat1: - $(NROFF_MAN) $< > $@ -.3.cat3: - $(NROFF_MAN) $< > $@ -.5.cat5: - $(NROFF_MAN) $< > $@ -.8.cat8: - $(NROFF_MAN) $< > $@ - -dist-cat1-mans: - @foo='$(man1_MANS)'; \ - bar='$(man_MANS)'; \ - for i in $$bar; do \ - case $$i in \ - *.1) foo="$$foo $$i";; \ - esac; done ;\ - for i in $$foo; do \ - x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \ - echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ - $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ - done - -dist-cat3-mans: - @foo='$(man3_MANS)'; \ - bar='$(man_MANS)'; \ - for i in $$bar; do \ - case $$i in \ - *.3) foo="$$foo $$i";; \ - esac; done ;\ - for i in $$foo; do \ - x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \ - echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ - $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ - done - -dist-cat5-mans: - @foo='$(man5_MANS)'; \ - bar='$(man_MANS)'; \ - for i in $$bar; do \ - case $$i in \ - *.5) foo="$$foo $$i";; \ - esac; done ;\ - for i in $$foo; do \ - x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \ - echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ - $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ - done - -dist-cat8-mans: - @foo='$(man8_MANS)'; \ - bar='$(man_MANS)'; \ - for i in $$bar; do \ - case $$i in \ - *.8) foo="$$foo $$i";; \ - esac; done ;\ - for i in $$foo; do \ - x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \ - echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ - $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ - done - -dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans - -install-cat-mans: - $(SHELL) $(top_srcdir)/cf/install-catman.sh install "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) - -uninstall-cat-mans: - $(SHELL) $(top_srcdir)/cf/install-catman.sh uninstall "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) - -install-data-hook: install-cat-mans -uninstall-hook: uninstall-cat-mans - -.et.h: - $(COMPILE_ET) $< -.et.c: - $(COMPILE_ET) $< - -# -# Useful target for debugging -# - -check-valgrind: - tobjdir=`cd $(top_builddir) && pwd` ; \ - tsrcdir=`cd $(top_srcdir) && pwd` ; \ - env TESTS_ENVIRONMENT="$${tobjdir}/libtool --mode execute valgrind --leak-check=full --trace-children=yes --quiet -q --num-callers=30 --suppressions=$${tsrcdir}/cf/valgrind-suppressions" make check - -# -# Target to please samba build farm, builds distfiles in-tree. -# Will break when automake changes... -# - -distdir-in-tree: $(DISTFILES) $(INFO_DEPS) - list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ - if test "$$subdir" != .; then \ - (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) distdir-in-tree) ; \ - fi ; \ - done - -$(libhdb_la_OBJECTS): $(srcdir)/hdb-protos.h $(srcdir)/hdb-private.h - -$(srcdir)/hdb-protos.h: - cd $(srcdir); perl ../../cf/make-proto.pl -q -P comment -o hdb-protos.h $(dist_libhdb_la_SOURCES) || rm -f hdb-protos.h - -$(srcdir)/hdb-private.h: - cd $(srcdir); perl ../../cf/make-proto.pl -q -P comment -p hdb-private.h $(dist_libhdb_la_SOURCES) || rm -f hdb-private.h - -$(gen_files_hdb) hdb_asn1.h: hdb_asn1_files - -hdb_asn1_files: ../asn1/asn1_compile$(EXEEXT) $(srcdir)/hdb.asn1 - ../asn1/asn1_compile$(EXEEXT) $(srcdir)/hdb.asn1 hdb_asn1 - -$(libhdb_la_OBJECTS): hdb_asn1.h hdb_err.h - -# to help stupid solaris make - -hdb_err.h: hdb_err.et -# Tell versions [3.59,3.63) of GNU make to not export all variables. -# Otherwise a system limit (for SysV at least) may be exceeded. -.NOEXPORT: diff --git a/crypto/heimdal/lib/hdb/common.c b/crypto/heimdal/lib/hdb/common.c deleted file mode 100644 index 680b666..0000000 --- a/crypto/heimdal/lib/hdb/common.c +++ /dev/null @@ -1,283 +0,0 @@ -/* - * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "hdb_locl.h" - -RCSID("$Id: common.c 20236 2007-02-16 23:52:29Z lha $"); - -int -hdb_principal2key(krb5_context context, krb5_const_principal p, krb5_data *key) -{ - Principal new; - size_t len; - int ret; - - ret = copy_Principal(p, &new); - if(ret) - return ret; - new.name.name_type = 0; - - ASN1_MALLOC_ENCODE(Principal, key->data, key->length, &new, &len, ret); - if (ret == 0 && key->length != len) - krb5_abortx(context, "internal asn.1 encoder error"); - free_Principal(&new); - return ret; -} - -int -hdb_key2principal(krb5_context context, krb5_data *key, krb5_principal p) -{ - return decode_Principal(key->data, key->length, p, NULL); -} - -int -hdb_entry2value(krb5_context context, const hdb_entry *ent, krb5_data *value) -{ - size_t len; - int ret; - - ASN1_MALLOC_ENCODE(hdb_entry, value->data, value->length, ent, &len, ret); - if (ret == 0 && value->length != len) - krb5_abortx(context, "internal asn.1 encoder error"); - return ret; -} - -int -hdb_value2entry(krb5_context context, krb5_data *value, hdb_entry *ent) -{ - return decode_hdb_entry(value->data, value->length, ent, NULL); -} - -int -hdb_entry_alias2value(krb5_context context, - const hdb_entry_alias *alias, - krb5_data *value) -{ - size_t len; - int ret; - - ASN1_MALLOC_ENCODE(hdb_entry_alias, value->data, value->length, - alias, &len, ret); - if (ret == 0 && value->length != len) - krb5_abortx(context, "internal asn.1 encoder error"); - return ret; -} - -int -hdb_value2entry_alias(krb5_context context, krb5_data *value, - hdb_entry_alias *ent) -{ - return decode_hdb_entry_alias(value->data, value->length, ent, NULL); -} - -krb5_error_code -_hdb_fetch(krb5_context context, HDB *db, krb5_const_principal principal, - unsigned flags, hdb_entry_ex *entry) -{ - krb5_data key, value; - int code; - - hdb_principal2key(context, principal, &key); - code = db->hdb__get(context, db, key, &value); - krb5_data_free(&key); - if(code) - return code; - code = hdb_value2entry(context, &value, &entry->entry); - if (code == ASN1_BAD_ID && (flags & HDB_F_CANON) == 0) { - krb5_data_free(&value); - return HDB_ERR_NOENTRY; - } else if (code == ASN1_BAD_ID) { - hdb_entry_alias alias; - - code = hdb_value2entry_alias(context, &value, &alias); - if (code) { - krb5_data_free(&value); - return code; - } - hdb_principal2key(context, alias.principal, &key); - krb5_data_free(&value); - free_hdb_entry_alias(&alias); - - code = db->hdb__get(context, db, key, &value); - krb5_data_free(&key); - if (code) - return code; - code = hdb_value2entry(context, &value, &entry->entry); - if (code) { - krb5_data_free(&value); - return code; - } - } - krb5_data_free(&value); - if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) { - code = hdb_unseal_keys (context, db, &entry->entry); - if (code) - hdb_free_entry(context, entry); - } - return code; -} - -static krb5_error_code -hdb_remove_aliases(krb5_context context, HDB *db, krb5_data *key) -{ - const HDB_Ext_Aliases *aliases; - krb5_error_code code; - hdb_entry oldentry; - krb5_data value; - int i; - - code = db->hdb__get(context, db, *key, &value); - if (code == HDB_ERR_NOENTRY) - return 0; - else if (code) - return code; - - code = hdb_value2entry(context, &value, &oldentry); - krb5_data_free(&value); - if (code) - return code; - - code = hdb_entry_get_aliases(&oldentry, &aliases); - if (code || aliases == NULL) { - free_hdb_entry(&oldentry); - return code; - } - for (i = 0; i < aliases->aliases.len; i++) { - krb5_data akey; - - hdb_principal2key(context, &aliases->aliases.val[i], &akey); - code = db->hdb__del(context, db, akey); - krb5_data_free(&akey); - if (code) { - free_hdb_entry(&oldentry); - return code; - } - } - free_hdb_entry(&oldentry); - return 0; -} - -static krb5_error_code -hdb_add_aliases(krb5_context context, HDB *db, - unsigned flags, hdb_entry_ex *entry) -{ - const HDB_Ext_Aliases *aliases; - krb5_error_code code; - krb5_data key, value; - int i; - - code = hdb_entry_get_aliases(&entry->entry, &aliases); - if (code || aliases == NULL) - return code; - - for (i = 0; i < aliases->aliases.len; i++) { - hdb_entry_alias entryalias; - entryalias.principal = entry->entry.principal; - - hdb_principal2key(context, &aliases->aliases.val[i], &key); - code = hdb_entry_alias2value(context, &entryalias, &value); - if (code) { - krb5_data_free(&key); - return code; - } - code = db->hdb__put(context, db, flags, key, value); - krb5_data_free(&key); - krb5_data_free(&value); - if (code) - return code; - } - return 0; -} - -krb5_error_code -_hdb_store(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry) -{ - krb5_data key, value; - int code; - - if(entry->entry.generation == NULL) { - struct timeval t; - entry->entry.generation = malloc(sizeof(*entry->entry.generation)); - if(entry->entry.generation == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - gettimeofday(&t, NULL); - entry->entry.generation->time = t.tv_sec; - entry->entry.generation->usec = t.tv_usec; - entry->entry.generation->gen = 0; - } else - entry->entry.generation->gen++; - hdb_principal2key(context, entry->entry.principal, &key); - code = hdb_seal_keys(context, db, &entry->entry); - if (code) { - krb5_data_free(&key); - return code; - } - - /* remove aliases */ - code = hdb_remove_aliases(context, db, &key); - if (code) { - krb5_data_free(&key); - return code; - } - hdb_entry2value(context, &entry->entry, &value); - code = db->hdb__put(context, db, flags & HDB_F_REPLACE, key, value); - krb5_data_free(&value); - krb5_data_free(&key); - if (code) - return code; - - code = hdb_add_aliases(context, db, flags, entry); - - return code; -} - -krb5_error_code -_hdb_remove(krb5_context context, HDB *db, krb5_const_principal principal) -{ - krb5_data key; - int code; - - hdb_principal2key(context, principal, &key); - - code = hdb_remove_aliases(context, db, &key); - if (code) { - krb5_data_free(&key); - return code; - } - code = db->hdb__del(context, db, key); - krb5_data_free(&key); - return code; -} - diff --git a/crypto/heimdal/lib/hdb/convert_db.c b/crypto/heimdal/lib/hdb/convert_db.c deleted file mode 100644 index 0b300a5..0000000 --- a/crypto/heimdal/lib/hdb/convert_db.c +++ /dev/null @@ -1,213 +0,0 @@ -/* - * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of KTH nor the names of its contributors may be - * used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY - * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - -/* Converts a database from version 0.0* to 0.1. This is done by - * making three copies of each DES key (DES-CBC-CRC, DES-CBC-MD4, and - * DES-CBC-MD5). - * - * Use with care. - */ - -#include "hdb_locl.h" -#include <getarg.h> -#include <err.h> - -RCSID("$Id: convert_db.c,v 1.12 2001/02/20 01:44:53 assar Exp $"); - -static krb5_error_code -update_keytypes(krb5_context context, HDB *db, hdb_entry *entry, void *data) -{ - int i; - int n = 0; - Key *k; - int save_len; - Key *save_val; - HDB *new = data; - krb5_error_code ret; - - for(i = 0; i < entry->keys.len; i++) - if(entry->keys.val[i].key.keytype == KEYTYPE_DES) - n += 2; - else if(entry->keys.val[i].key.keytype == KEYTYPE_DES3) - n += 1; - k = malloc(sizeof(*k) * (entry->keys.len + n)); - n = 0; - for(i = 0; i < entry->keys.len; i++) { - copy_Key(&entry->keys.val[i], &k[n]); - if(entry->keys.val[i].key.keytype == KEYTYPE_DES) { - copy_Key(&entry->keys.val[i], &k[n+1]); - k[n+1].key.keytype = ETYPE_DES_CBC_MD4; - copy_Key(&entry->keys.val[i], &k[n+2]); - k[n+2].key.keytype = ETYPE_DES_CBC_MD5; - n += 2; - } - else if(entry->keys.val[i].key.keytype == KEYTYPE_DES3) { - copy_Key(&entry->keys.val[i], &k[n+1]); - k[n+1].key.keytype = ETYPE_DES3_CBC_MD5; - n += 1; - } - n++; - } - save_len = entry->keys.len; - save_val = entry->keys.val; - entry->keys.len = n; - entry->keys.val = k; - ret = new->store(context, new, HDB_F_REPLACE, entry); - entry->keys.len = save_len; - entry->keys.val = save_val; - for(i = 0; i < n; i++) - free_Key(&k[i]); - free(k); - return 0; -} - -static krb5_error_code -update_version2(krb5_context context, HDB *db, hdb_entry *entry, void *data) -{ - HDB *new = data; - if(!db->master_key_set) { - int i; - for(i = 0; i < entry->keys.len; i++) { - free(entry->keys.val[i].mkvno); - entry->keys.val[i].mkvno = NULL; - } - } - new->store(context, new, HDB_F_REPLACE, entry); - return 0; -} - -char *old_database = HDB_DEFAULT_DB; -char *new_database = HDB_DEFAULT_DB ".new"; -char *mkeyfile; -int update_version; -int help_flag; -int version_flag; - -struct getargs args[] = { - { "old-database", 0, arg_string, &old_database, - "name of database to convert", "file" }, - { "new-database", 0, arg_string, &new_database, - "name of converted database", "file" }, - { "master-key", 0, arg_string, &mkeyfile, - "v5 master key file", "file" }, - { "update-version", 0, arg_flag, &update_version, - "update the database to the current version" }, - { "help", 'h', arg_flag, &help_flag }, - { "version", 0, arg_flag, &version_flag } -}; - -static int num_args = sizeof(args) / sizeof(args[0]); - -int -main(int argc, char **argv) -{ - krb5_error_code ret; - krb5_context context; - HDB *db, *new; - int optind = 0; - int master_key_set = 0; - - setprogname(argv[0]); - - if(getarg(args, num_args, argc, argv, &optind)) - krb5_std_usage(1, args, num_args); - - if(help_flag) - krb5_std_usage(0, args, num_args); - - if(version_flag){ - print_version(NULL); - exit(0); - } - - ret = krb5_init_context(&context); - if(ret != 0) - errx(1, "krb5_init_context failed: %d", ret); - - ret = hdb_create(context, &db, old_database); - if(ret != 0) - krb5_err(context, 1, ret, "hdb_create"); - - ret = hdb_set_master_keyfile(context, db, mkeyfile); - if (ret) - krb5_err(context, 1, ret, "hdb_set_master_keyfile"); - master_key_set = 1; - ret = hdb_create(context, &new, new_database); - if(ret != 0) - krb5_err(context, 1, ret, "hdb_create"); - if (master_key_set) { - ret = hdb_set_master_keyfile(context, new, mkeyfile); - if (ret) - krb5_err(context, 1, ret, "hdb_set_master_keyfile"); - } - ret = db->open(context, db, O_RDONLY, 0); - if(ret == HDB_ERR_BADVERSION) { - krb5_data tag; - krb5_data version; - int foo; - unsigned ver; - tag.data = HDB_DB_FORMAT_ENTRY; - tag.length = strlen(tag.data); - ret = (*db->_get)(context, db, tag, &version); - if(ret) - krb5_errx(context, 1, "database is wrong version, " - "but couldn't find version key (%s)", - HDB_DB_FORMAT_ENTRY); - foo = sscanf(version.data, "%u", &ver); - krb5_data_free (&version); - if(foo != 1) - krb5_errx(context, 1, "database version is not a number"); - if(ver == 1 && HDB_DB_FORMAT == 2) { - krb5_warnx(context, "will upgrade database from version %d to %d", - ver, HDB_DB_FORMAT); - krb5_warnx(context, "rerun to do other conversions"); - update_version = 1; - } else - krb5_errx(context, 1, - "don't know how to upgrade from version %d to %d", - ver, HDB_DB_FORMAT); - } else if(ret) - krb5_err(context, 1, ret, "%s", old_database); - ret = new->open(context, new, O_CREAT|O_EXCL|O_RDWR, 0600); - if(ret) - krb5_err(context, 1, ret, "%s", new_database); - if(update_version) - ret = hdb_foreach(context, db, 0, update_version2, new); - else - ret = hdb_foreach(context, db, 0, update_keytypes, new); - if(ret != 0) - krb5_err(context, 1, ret, "hdb_foreach"); - db->close(context, db); - new->close(context, new); - krb5_warnx(context, "wrote converted database to `%s'", new_database); - return 0; -} diff --git a/crypto/heimdal/lib/hdb/db.c b/crypto/heimdal/lib/hdb/db.c deleted file mode 100644 index 870f043..0000000 --- a/crypto/heimdal/lib/hdb/db.c +++ /dev/null @@ -1,337 +0,0 @@ -/* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "hdb_locl.h" - -RCSID("$Id: db.c 20215 2007-02-09 21:59:53Z lha $"); - -#if HAVE_DB1 - -#if defined(HAVE_DB_185_H) -#include <db_185.h> -#elif defined(HAVE_DB_H) -#include <db.h> -#endif - -static krb5_error_code -DB_close(krb5_context context, HDB *db) -{ - DB *d = (DB*)db->hdb_db; - (*d->close)(d); - return 0; -} - -static krb5_error_code -DB_destroy(krb5_context context, HDB *db) -{ - krb5_error_code ret; - - ret = hdb_clear_master_key (context, db); - free(db->hdb_name); - free(db); - return ret; -} - -static krb5_error_code -DB_lock(krb5_context context, HDB *db, int operation) -{ - DB *d = (DB*)db->hdb_db; - int fd = (*d->fd)(d); - if(fd < 0) { - krb5_set_error_string(context, - "Can't lock database: %s", db->hdb_name); - return HDB_ERR_CANT_LOCK_DB; - } - return hdb_lock(fd, operation); -} - -static krb5_error_code -DB_unlock(krb5_context context, HDB *db) -{ - DB *d = (DB*)db->hdb_db; - int fd = (*d->fd)(d); - if(fd < 0) { - krb5_set_error_string(context, - "Can't unlock database: %s", db->hdb_name); - return HDB_ERR_CANT_LOCK_DB; - } - return hdb_unlock(fd); -} - - -static krb5_error_code -DB_seq(krb5_context context, HDB *db, - unsigned flags, hdb_entry_ex *entry, int flag) -{ - DB *d = (DB*)db->hdb_db; - DBT key, value; - krb5_data key_data, data; - int code; - - code = db->hdb_lock(context, db, HDB_RLOCK); - if(code == -1) { - krb5_set_error_string(context, "Database %s in use", db->hdb_name); - return HDB_ERR_DB_INUSE; - } - code = (*d->seq)(d, &key, &value, flag); - db->hdb_unlock(context, db); /* XXX check value */ - if(code == -1) { - code = errno; - krb5_set_error_string(context, "Database %s seq error: %s", - db->hdb_name, strerror(code)); - return code; - } - if(code == 1) { - krb5_clear_error_string(context); - return HDB_ERR_NOENTRY; - } - - key_data.data = key.data; - key_data.length = key.size; - data.data = value.data; - data.length = value.size; - memset(entry, 0, sizeof(*entry)); - if (hdb_value2entry(context, &data, &entry->entry)) - return DB_seq(context, db, flags, entry, R_NEXT); - if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) { - code = hdb_unseal_keys (context, db, &entry->entry); - if (code) - hdb_free_entry (context, entry); - } - if (code == 0 && entry->entry.principal == NULL) { - entry->entry.principal = malloc(sizeof(*entry->entry.principal)); - if (entry->entry.principal == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - code = ENOMEM; - hdb_free_entry (context, entry); - } else { - hdb_key2principal(context, &key_data, entry->entry.principal); - } - } - return code; -} - - -static krb5_error_code -DB_firstkey(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry) -{ - return DB_seq(context, db, flags, entry, R_FIRST); -} - - -static krb5_error_code -DB_nextkey(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry) -{ - return DB_seq(context, db, flags, entry, R_NEXT); -} - -static krb5_error_code -DB_rename(krb5_context context, HDB *db, const char *new_name) -{ - int ret; - char *old, *new; - - asprintf(&old, "%s.db", db->hdb_name); - asprintf(&new, "%s.db", new_name); - ret = rename(old, new); - free(old); - free(new); - if(ret) - return errno; - - free(db->hdb_name); - db->hdb_name = strdup(new_name); - return 0; -} - -static krb5_error_code -DB__get(krb5_context context, HDB *db, krb5_data key, krb5_data *reply) -{ - DB *d = (DB*)db->hdb_db; - DBT k, v; - int code; - - k.data = key.data; - k.size = key.length; - code = db->hdb_lock(context, db, HDB_RLOCK); - if(code) - return code; - code = (*d->get)(d, &k, &v, 0); - db->hdb_unlock(context, db); - if(code < 0) { - code = errno; - krb5_set_error_string(context, "Database %s get error: %s", - db->hdb_name, strerror(code)); - return code; - } - if(code == 1) { - krb5_clear_error_string(context); - return HDB_ERR_NOENTRY; - } - - krb5_data_copy(reply, v.data, v.size); - return 0; -} - -static krb5_error_code -DB__put(krb5_context context, HDB *db, int replace, - krb5_data key, krb5_data value) -{ - DB *d = (DB*)db->hdb_db; - DBT k, v; - int code; - - k.data = key.data; - k.size = key.length; - v.data = value.data; - v.size = value.length; - code = db->hdb_lock(context, db, HDB_WLOCK); - if(code) - return code; - code = (*d->put)(d, &k, &v, replace ? 0 : R_NOOVERWRITE); - db->hdb_unlock(context, db); - if(code < 0) { - code = errno; - krb5_set_error_string(context, "Database %s put error: %s", - db->hdb_name, strerror(code)); - return code; - } - if(code == 1) { - krb5_clear_error_string(context); - return HDB_ERR_EXISTS; - } - return 0; -} - -static krb5_error_code -DB__del(krb5_context context, HDB *db, krb5_data key) -{ - DB *d = (DB*)db->hdb_db; - DBT k; - krb5_error_code code; - k.data = key.data; - k.size = key.length; - code = db->hdb_lock(context, db, HDB_WLOCK); - if(code) - return code; - code = (*d->del)(d, &k, 0); - db->hdb_unlock(context, db); - if(code == 1) { - code = errno; - krb5_set_error_string(context, "Database %s put error: %s", - db->hdb_name, strerror(code)); - return code; - } - if(code < 0) - return errno; - return 0; -} - -static krb5_error_code -DB_open(krb5_context context, HDB *db, int flags, mode_t mode) -{ - char *fn; - krb5_error_code ret; - - asprintf(&fn, "%s.db", db->hdb_name); - if (fn == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - db->hdb_db = dbopen(fn, flags, mode, DB_BTREE, NULL); - free(fn); - /* try to open without .db extension */ - if(db->hdb_db == NULL && errno == ENOENT) - db->hdb_db = dbopen(db->hdb_name, flags, mode, DB_BTREE, NULL); - if(db->hdb_db == NULL) { - ret = errno; - krb5_set_error_string(context, "dbopen (%s): %s", - db->hdb_name, strerror(ret)); - return ret; - } - if((flags & O_ACCMODE) == O_RDONLY) - ret = hdb_check_db_format(context, db); - else - ret = hdb_init_db(context, db); - if(ret == HDB_ERR_NOENTRY) { - krb5_clear_error_string(context); - return 0; - } - if (ret) { - DB_close(context, db); - krb5_set_error_string(context, "hdb_open: failed %s database %s", - (flags & O_ACCMODE) == O_RDONLY ? - "checking format of" : "initialize", - db->hdb_name); - } - return ret; -} - -krb5_error_code -hdb_db_create(krb5_context context, HDB **db, - const char *filename) -{ - *db = calloc(1, sizeof(**db)); - if (*db == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - - (*db)->hdb_db = NULL; - (*db)->hdb_name = strdup(filename); - if ((*db)->hdb_name == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - free(*db); - *db = NULL; - return ENOMEM; - } - (*db)->hdb_master_key_set = 0; - (*db)->hdb_openp = 0; - (*db)->hdb_open = DB_open; - (*db)->hdb_close = DB_close; - (*db)->hdb_fetch = _hdb_fetch; - (*db)->hdb_store = _hdb_store; - (*db)->hdb_remove = _hdb_remove; - (*db)->hdb_firstkey = DB_firstkey; - (*db)->hdb_nextkey= DB_nextkey; - (*db)->hdb_lock = DB_lock; - (*db)->hdb_unlock = DB_unlock; - (*db)->hdb_rename = DB_rename; - (*db)->hdb__get = DB__get; - (*db)->hdb__put = DB__put; - (*db)->hdb__del = DB__del; - (*db)->hdb_destroy = DB_destroy; - return 0; -} - -#endif /* HAVE_DB1 */ diff --git a/crypto/heimdal/lib/hdb/db3.c b/crypto/heimdal/lib/hdb/db3.c deleted file mode 100644 index 45ccbef..0000000 --- a/crypto/heimdal/lib/hdb/db3.c +++ /dev/null @@ -1,358 +0,0 @@ -/* - * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "hdb_locl.h" - -RCSID("$Id: db3.c 21610 2007-07-17 07:10:45Z lha $"); - -#if HAVE_DB3 - -#ifdef HAVE_DB4_DB_H -#include <db4/db.h> -#elif defined(HAVE_DB3_DB_H) -#include <db3/db.h> -#else -#include <db.h> -#endif - -static krb5_error_code -DB_close(krb5_context context, HDB *db) -{ - DB *d = (DB*)db->hdb_db; - DBC *dbcp = (DBC*)db->hdb_dbc; - - (*dbcp->c_close)(dbcp); - db->hdb_dbc = 0; - (*d->close)(d, 0); - return 0; -} - -static krb5_error_code -DB_destroy(krb5_context context, HDB *db) -{ - krb5_error_code ret; - - ret = hdb_clear_master_key (context, db); - free(db->hdb_name); - free(db); - return ret; -} - -static krb5_error_code -DB_lock(krb5_context context, HDB *db, int operation) -{ - DB *d = (DB*)db->hdb_db; - int fd; - if ((*d->fd)(d, &fd)) - return HDB_ERR_CANT_LOCK_DB; - return hdb_lock(fd, operation); -} - -static krb5_error_code -DB_unlock(krb5_context context, HDB *db) -{ - DB *d = (DB*)db->hdb_db; - int fd; - if ((*d->fd)(d, &fd)) - return HDB_ERR_CANT_LOCK_DB; - return hdb_unlock(fd); -} - - -static krb5_error_code -DB_seq(krb5_context context, HDB *db, - unsigned flags, hdb_entry_ex *entry, int flag) -{ - DBT key, value; - DBC *dbcp = db->hdb_dbc; - krb5_data key_data, data; - int code; - - memset(&key, 0, sizeof(DBT)); - memset(&value, 0, sizeof(DBT)); - if ((*db->hdb_lock)(context, db, HDB_RLOCK)) - return HDB_ERR_DB_INUSE; - code = (*dbcp->c_get)(dbcp, &key, &value, flag); - (*db->hdb_unlock)(context, db); /* XXX check value */ - if (code == DB_NOTFOUND) - return HDB_ERR_NOENTRY; - if (code) - return code; - - key_data.data = key.data; - key_data.length = key.size; - data.data = value.data; - data.length = value.size; - memset(entry, 0, sizeof(*entry)); - if (hdb_value2entry(context, &data, &entry->entry)) - return DB_seq(context, db, flags, entry, DB_NEXT); - if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) { - code = hdb_unseal_keys (context, db, &entry->entry); - if (code) - hdb_free_entry (context, entry); - } - if (entry->entry.principal == NULL) { - entry->entry.principal = malloc(sizeof(*entry->entry.principal)); - if (entry->entry.principal == NULL) { - hdb_free_entry (context, entry); - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } else { - hdb_key2principal(context, &key_data, entry->entry.principal); - } - } - return 0; -} - - -static krb5_error_code -DB_firstkey(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry) -{ - return DB_seq(context, db, flags, entry, DB_FIRST); -} - - -static krb5_error_code -DB_nextkey(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry) -{ - return DB_seq(context, db, flags, entry, DB_NEXT); -} - -static krb5_error_code -DB_rename(krb5_context context, HDB *db, const char *new_name) -{ - int ret; - char *old, *new; - - asprintf(&old, "%s.db", db->hdb_name); - asprintf(&new, "%s.db", new_name); - ret = rename(old, new); - free(old); - free(new); - if(ret) - return errno; - - free(db->hdb_name); - db->hdb_name = strdup(new_name); - return 0; -} - -static krb5_error_code -DB__get(krb5_context context, HDB *db, krb5_data key, krb5_data *reply) -{ - DB *d = (DB*)db->hdb_db; - DBT k, v; - int code; - - memset(&k, 0, sizeof(DBT)); - memset(&v, 0, sizeof(DBT)); - k.data = key.data; - k.size = key.length; - k.flags = 0; - if ((code = (*db->hdb_lock)(context, db, HDB_RLOCK))) - return code; - code = (*d->get)(d, NULL, &k, &v, 0); - (*db->hdb_unlock)(context, db); - if(code == DB_NOTFOUND) - return HDB_ERR_NOENTRY; - if(code) - return code; - - krb5_data_copy(reply, v.data, v.size); - return 0; -} - -static krb5_error_code -DB__put(krb5_context context, HDB *db, int replace, - krb5_data key, krb5_data value) -{ - DB *d = (DB*)db->hdb_db; - DBT k, v; - int code; - - memset(&k, 0, sizeof(DBT)); - memset(&v, 0, sizeof(DBT)); - k.data = key.data; - k.size = key.length; - k.flags = 0; - v.data = value.data; - v.size = value.length; - v.flags = 0; - if ((code = (*db->hdb_lock)(context, db, HDB_WLOCK))) - return code; - code = (*d->put)(d, NULL, &k, &v, replace ? 0 : DB_NOOVERWRITE); - (*db->hdb_unlock)(context, db); - if(code == DB_KEYEXIST) - return HDB_ERR_EXISTS; - if(code) - return errno; - return 0; -} - -static krb5_error_code -DB__del(krb5_context context, HDB *db, krb5_data key) -{ - DB *d = (DB*)db->hdb_db; - DBT k; - krb5_error_code code; - memset(&k, 0, sizeof(DBT)); - k.data = key.data; - k.size = key.length; - k.flags = 0; - code = (*db->hdb_lock)(context, db, HDB_WLOCK); - if(code) - return code; - code = (*d->del)(d, NULL, &k, 0); - (*db->hdb_unlock)(context, db); - if(code == DB_NOTFOUND) - return HDB_ERR_NOENTRY; - if(code) - return code; - return 0; -} - -static krb5_error_code -DB_open(krb5_context context, HDB *db, int flags, mode_t mode) -{ - DBC *dbc = NULL; - char *fn; - krb5_error_code ret; - DB *d; - int myflags = 0; - - if (flags & O_CREAT) - myflags |= DB_CREATE; - - if (flags & O_EXCL) - myflags |= DB_EXCL; - - if((flags & O_ACCMODE) == O_RDONLY) - myflags |= DB_RDONLY; - - if (flags & O_TRUNC) - myflags |= DB_TRUNCATE; - - asprintf(&fn, "%s.db", db->hdb_name); - if (fn == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - db_create(&d, NULL, 0); - db->hdb_db = d; - -#if (DB_VERSION_MAJOR >= 4) && (DB_VERSION_MINOR >= 1) - ret = (*d->open)(db->hdb_db, NULL, fn, NULL, DB_BTREE, myflags, mode); -#else - ret = (*d->open)(db->hdb_db, fn, NULL, DB_BTREE, myflags, mode); -#endif - - if (ret == ENOENT) { - /* try to open without .db extension */ -#if (DB_VERSION_MAJOR >= 4) && (DB_VERSION_MINOR >= 1) - ret = (*d->open)(db->hdb_db, NULL, db->hdb_name, NULL, DB_BTREE, - myflags, mode); -#else - ret = (*d->open)(db->hdb_db, db->hdb_name, NULL, DB_BTREE, - myflags, mode); -#endif - } - - if (ret) { - free(fn); - krb5_set_error_string(context, "opening %s: %s", - db->hdb_name, strerror(ret)); - return ret; - } - free(fn); - - ret = (*d->cursor)(d, NULL, &dbc, 0); - if (ret) { - krb5_set_error_string(context, "d->cursor: %s", strerror(ret)); - return ret; - } - db->hdb_dbc = dbc; - - if((flags & O_ACCMODE) == O_RDONLY) - ret = hdb_check_db_format(context, db); - else - ret = hdb_init_db(context, db); - if(ret == HDB_ERR_NOENTRY) - return 0; - if (ret) { - DB_close(context, db); - krb5_set_error_string(context, "hdb_open: failed %s database %s", - (flags & O_ACCMODE) == O_RDONLY ? - "checking format of" : "initialize", - db->hdb_name); - } - - return ret; -} - -krb5_error_code -hdb_db_create(krb5_context context, HDB **db, - const char *filename) -{ - *db = calloc(1, sizeof(**db)); - if (*db == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - - (*db)->hdb_db = NULL; - (*db)->hdb_name = strdup(filename); - if ((*db)->hdb_name == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - free(*db); - *db = NULL; - return ENOMEM; - } - (*db)->hdb_master_key_set = 0; - (*db)->hdb_openp = 0; - (*db)->hdb_open = DB_open; - (*db)->hdb_close = DB_close; - (*db)->hdb_fetch = _hdb_fetch; - (*db)->hdb_store = _hdb_store; - (*db)->hdb_remove = _hdb_remove; - (*db)->hdb_firstkey = DB_firstkey; - (*db)->hdb_nextkey= DB_nextkey; - (*db)->hdb_lock = DB_lock; - (*db)->hdb_unlock = DB_unlock; - (*db)->hdb_rename = DB_rename; - (*db)->hdb__get = DB__get; - (*db)->hdb__put = DB__put; - (*db)->hdb__del = DB__del; - (*db)->hdb_destroy = DB_destroy; - return 0; -} -#endif /* HAVE_DB3 */ diff --git a/crypto/heimdal/lib/hdb/dbinfo.c b/crypto/heimdal/lib/hdb/dbinfo.c deleted file mode 100644 index d43e31b..0000000 --- a/crypto/heimdal/lib/hdb/dbinfo.c +++ /dev/null @@ -1,266 +0,0 @@ -/* - * Copyright (c) 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "hdb_locl.h" - -RCSID("$Id: dbinfo.c 22306 2007-12-14 12:22:38Z lha $"); - -struct hdb_dbinfo { - char *label; - char *realm; - char *dbname; - char *mkey_file; - char *acl_file; - char *log_file; - const krb5_config_binding *binding; - struct hdb_dbinfo *next; -}; - -static int -get_dbinfo(krb5_context context, - const krb5_config_binding *db_binding, - const char *label, - struct hdb_dbinfo **db) -{ - struct hdb_dbinfo *di; - const char *p; - - *db = NULL; - - p = krb5_config_get_string(context, db_binding, "dbname", NULL); - if(p == NULL) - return 0; - - di = calloc(1, sizeof(*di)); - if (di == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - di->label = strdup(label); - di->dbname = strdup(p); - - p = krb5_config_get_string(context, db_binding, "realm", NULL); - if(p) - di->realm = strdup(p); - p = krb5_config_get_string(context, db_binding, "mkey_file", NULL); - if(p) - di->mkey_file = strdup(p); - p = krb5_config_get_string(context, db_binding, "acl_file", NULL); - if(p) - di->acl_file = strdup(p); - p = krb5_config_get_string(context, db_binding, "log_file", NULL); - if(p) - di->log_file = strdup(p); - - di->binding = db_binding; - - *db = di; - return 0; -} - - -int -hdb_get_dbinfo(krb5_context context, struct hdb_dbinfo **dbp) -{ - const krb5_config_binding *db_binding; - struct hdb_dbinfo *di, **dt, *databases; - const char *default_dbname = HDB_DEFAULT_DB; - const char *default_mkey = HDB_DB_DIR "/m-key"; - const char *default_acl = HDB_DB_DIR "/kadmind.acl"; - const char *p; - int ret; - - *dbp = NULL; - dt = NULL; - databases = NULL; - - db_binding = krb5_config_get(context, NULL, krb5_config_list, - "kdc", - "database", - NULL); - if (db_binding) { - - ret = get_dbinfo(context, db_binding, "default", &di); - if (ret == 0 && di) { - databases = di; - dt = &di->next; - } - - for ( ; db_binding != NULL; db_binding = db_binding->next) { - - if (db_binding->type != krb5_config_list) - continue; - - ret = get_dbinfo(context, db_binding->u.list, - db_binding->name, &di); - if (ret) - krb5_err(context, 1, ret, "failed getting realm"); - - if (di == NULL) - continue; - - if (dt) - *dt = di; - else - databases = di; - dt = &di->next; - - } - } - - if(databases == NULL) { - /* if there are none specified, create one and use defaults */ - di = calloc(1, sizeof(*di)); - databases = di; - di->label = strdup("default"); - } - - for(di = databases; di; di = di->next) { - if(di->dbname == NULL) { - di->dbname = strdup(default_dbname); - if (di->mkey_file == NULL) - di->mkey_file = strdup(default_mkey); - } - if(di->mkey_file == NULL) { - p = strrchr(di->dbname, '.'); - if(p == NULL || strchr(p, '/') != NULL) - /* final pathname component does not contain a . */ - asprintf(&di->mkey_file, "%s.mkey", di->dbname); - else - /* the filename is something.else, replace .else with - .mkey */ - asprintf(&di->mkey_file, "%.*s.mkey", - (int)(p - di->dbname), di->dbname); - } - if(di->acl_file == NULL) - di->acl_file = strdup(default_acl); - } - *dbp = databases; - return 0; -} - - -struct hdb_dbinfo * -hdb_dbinfo_get_next(struct hdb_dbinfo *dbp, struct hdb_dbinfo *dbprevp) -{ - if (dbprevp == NULL) - return dbp; - else - return dbprevp->next; -} - -const char * -hdb_dbinfo_get_label(krb5_context context, struct hdb_dbinfo *dbp) -{ - return dbp->label; -} - -const char * -hdb_dbinfo_get_realm(krb5_context context, struct hdb_dbinfo *dbp) -{ - return dbp->realm; -} - -const char * -hdb_dbinfo_get_dbname(krb5_context context, struct hdb_dbinfo *dbp) -{ - return dbp->dbname; -} - -const char * -hdb_dbinfo_get_mkey_file(krb5_context context, struct hdb_dbinfo *dbp) -{ - return dbp->mkey_file; -} - -const char * -hdb_dbinfo_get_acl_file(krb5_context context, struct hdb_dbinfo *dbp) -{ - return dbp->acl_file; -} - -const char * -hdb_dbinfo_get_log_file(krb5_context context, struct hdb_dbinfo *dbp) -{ - return dbp->log_file; -} - -const krb5_config_binding * -hdb_dbinfo_get_binding(krb5_context context, struct hdb_dbinfo *dbp) -{ - return dbp->binding; -} - -void -hdb_free_dbinfo(krb5_context context, struct hdb_dbinfo **dbp) -{ - struct hdb_dbinfo *di, *ndi; - - for(di = *dbp; di != NULL; di = ndi) { - ndi = di->next; - free (di->realm); - free (di->dbname); - if (di->mkey_file) - free (di->mkey_file); - free(di); - } - *dbp = NULL; -} - -/** - * Return the directory where the hdb database resides. - * - * @param context Kerberos 5 context. - * - * @return string pointing to directory. - */ - -const char * -hdb_db_dir(krb5_context context) -{ - return HDB_DB_DIR; -} - -/** - * Return the default hdb database resides. - * - * @param context Kerberos 5 context. - * - * @return string pointing to directory. - */ - -const char * -hdb_default_db(krb5_context context) -{ - return HDB_DEFAULT_DB; -} diff --git a/crypto/heimdal/lib/hdb/ext.c b/crypto/heimdal/lib/hdb/ext.c deleted file mode 100644 index 5f60999..0000000 --- a/crypto/heimdal/lib/hdb/ext.c +++ /dev/null @@ -1,418 +0,0 @@ -/* - * Copyright (c) 2004 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "hdb_locl.h" -#include <der.h> - -RCSID("$Id: ext.c 21113 2007-06-18 12:59:32Z lha $"); - -krb5_error_code -hdb_entry_check_mandatory(krb5_context context, const hdb_entry *ent) -{ - int i; - - if (ent->extensions == NULL) - return 0; - - /* - * check for unknown extensions and if they where tagged mandatory - */ - - for (i = 0; i < ent->extensions->len; i++) { - if (ent->extensions->val[i].data.element != - choice_HDB_extension_data_asn1_ellipsis) - continue; - if (ent->extensions->val[i].mandatory) { - krb5_set_error_string(context, "Principal have unknown " - "mandatory extension"); - return HDB_ERR_MANDATORY_OPTION; - } - } - return 0; -} - -HDB_extension * -hdb_find_extension(const hdb_entry *entry, int type) -{ - int i; - - if (entry->extensions == NULL) - return NULL; - - for (i = 0; i < entry->extensions->len; i++) - if (entry->extensions->val[i].data.element == type) - return &entry->extensions->val[i]; - return NULL; -} - -/* - * Replace the extension `ext' in `entry'. Make a copy of the - * extension, so the caller must still free `ext' on both success and - * failure. Returns 0 or error code. - */ - -krb5_error_code -hdb_replace_extension(krb5_context context, - hdb_entry *entry, - const HDB_extension *ext) -{ - HDB_extension *ext2; - HDB_extension *es; - int ret; - - ext2 = NULL; - - if (entry->extensions == NULL) { - entry->extensions = calloc(1, sizeof(*entry->extensions)); - if (entry->extensions == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - } else if (ext->data.element != choice_HDB_extension_data_asn1_ellipsis) { - ext2 = hdb_find_extension(entry, ext->data.element); - } else { - /* - * This is an unknown extention, and we are asked to replace a - * possible entry in `entry' that is of the same type. This - * might seem impossible, but ASN.1 CHOICE comes to our - * rescue. The first tag in each branch in the CHOICE is - * unique, so just find the element in the list that have the - * same tag was we are putting into the list. - */ - Der_class replace_class, list_class; - Der_type replace_type, list_type; - unsigned int replace_tag, list_tag; - size_t size; - int i; - - ret = der_get_tag(ext->data.u.asn1_ellipsis.data, - ext->data.u.asn1_ellipsis.length, - &replace_class, &replace_type, &replace_tag, - &size); - if (ret) { - krb5_set_error_string(context, "hdb: failed to decode " - "replacement hdb extention"); - return ret; - } - - for (i = 0; i < entry->extensions->len; i++) { - HDB_extension *ext3 = &entry->extensions->val[i]; - - if (ext3->data.element != choice_HDB_extension_data_asn1_ellipsis) - continue; - - ret = der_get_tag(ext3->data.u.asn1_ellipsis.data, - ext3->data.u.asn1_ellipsis.length, - &list_class, &list_type, &list_tag, - &size); - if (ret) { - krb5_set_error_string(context, "hdb: failed to decode " - "present hdb extention"); - return ret; - } - - if (MAKE_TAG(replace_class,replace_type,replace_type) == - MAKE_TAG(list_class,list_type,list_type)) { - ext2 = ext3; - break; - } - } - } - - if (ext2) { - free_HDB_extension(ext2); - ret = copy_HDB_extension(ext, ext2); - if (ret) - krb5_set_error_string(context, "hdb: failed to copy replacement " - "hdb extention"); - return ret; - } - - es = realloc(entry->extensions->val, - (entry->extensions->len+1)*sizeof(entry->extensions->val[0])); - if (es == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - entry->extensions->val = es; - - ret = copy_HDB_extension(ext, - &entry->extensions->val[entry->extensions->len]); - if (ret == 0) - entry->extensions->len++; - else - krb5_set_error_string(context, "hdb: failed to copy new extension"); - - return ret; -} - -krb5_error_code -hdb_clear_extension(krb5_context context, - hdb_entry *entry, - int type) -{ - int i; - - if (entry->extensions == NULL) - return 0; - - for (i = 0; i < entry->extensions->len; i++) { - if (entry->extensions->val[i].data.element == type) { - free_HDB_extension(&entry->extensions->val[i]); - memmove(&entry->extensions->val[i], - &entry->extensions->val[i + 1], - sizeof(entry->extensions->val[i]) * (entry->extensions->len - i - 1)); - entry->extensions->len--; - } - } - if (entry->extensions->len == 0) { - free(entry->extensions->val); - free(entry->extensions); - entry->extensions = NULL; - } - - return 0; -} - - -krb5_error_code -hdb_entry_get_pkinit_acl(const hdb_entry *entry, const HDB_Ext_PKINIT_acl **a) -{ - const HDB_extension *ext; - - ext = hdb_find_extension(entry, choice_HDB_extension_data_pkinit_acl); - if (ext) - *a = &ext->data.u.pkinit_acl; - else - *a = NULL; - - return 0; -} - -krb5_error_code -hdb_entry_get_pkinit_hash(const hdb_entry *entry, const HDB_Ext_PKINIT_hash **a) -{ - const HDB_extension *ext; - - ext = hdb_find_extension(entry, choice_HDB_extension_data_pkinit_cert_hash); - if (ext) - *a = &ext->data.u.pkinit_cert_hash; - else - *a = NULL; - - return 0; -} - -krb5_error_code -hdb_entry_get_pw_change_time(const hdb_entry *entry, time_t *t) -{ - const HDB_extension *ext; - - ext = hdb_find_extension(entry, choice_HDB_extension_data_last_pw_change); - if (ext) - *t = ext->data.u.last_pw_change; - else - *t = 0; - - return 0; -} - -krb5_error_code -hdb_entry_set_pw_change_time(krb5_context context, - hdb_entry *entry, - time_t t) -{ - HDB_extension ext; - - ext.mandatory = FALSE; - ext.data.element = choice_HDB_extension_data_last_pw_change; - if (t == 0) - t = time(NULL); - ext.data.u.last_pw_change = t; - - return hdb_replace_extension(context, entry, &ext); -} - -int -hdb_entry_get_password(krb5_context context, HDB *db, - const hdb_entry *entry, char **p) -{ - HDB_extension *ext; - char *str; - int ret; - - ext = hdb_find_extension(entry, choice_HDB_extension_data_password); - if (ext) { - heim_utf8_string str; - heim_octet_string pw; - - if (db->hdb_master_key_set && ext->data.u.password.mkvno) { - hdb_master_key key; - - key = _hdb_find_master_key(ext->data.u.password.mkvno, - db->hdb_master_key); - - if (key == NULL) { - krb5_set_error_string(context, "master key %d missing", - *ext->data.u.password.mkvno); - return HDB_ERR_NO_MKEY; - } - - ret = _hdb_mkey_decrypt(context, key, HDB_KU_MKEY, - ext->data.u.password.password.data, - ext->data.u.password.password.length, - &pw); - } else { - ret = der_copy_octet_string(&ext->data.u.password.password, &pw); - } - if (ret) { - krb5_clear_error_string(context); - return ret; - } - - str = pw.data; - if (str[pw.length - 1] != '\0') { - krb5_set_error_string(context, "password malformated"); - return EINVAL; - } - - *p = strdup(str); - - der_free_octet_string(&pw); - if (*p == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - return 0; - } - - ret = krb5_unparse_name(context, entry->principal, &str); - if (ret == 0) { - krb5_set_error_string(context, "no password attributefor %s", str); - free(str); - } else - krb5_clear_error_string(context); - - return ENOENT; -} - -int -hdb_entry_set_password(krb5_context context, HDB *db, - hdb_entry *entry, const char *p) -{ - HDB_extension ext; - hdb_master_key key; - int ret; - - ext.mandatory = FALSE; - ext.data.element = choice_HDB_extension_data_password; - - if (db->hdb_master_key_set) { - - key = _hdb_find_master_key(NULL, db->hdb_master_key); - if (key == NULL) { - krb5_set_error_string(context, "hdb_entry_set_password: " - "failed to find masterkey"); - return HDB_ERR_NO_MKEY; - } - - ret = _hdb_mkey_encrypt(context, key, HDB_KU_MKEY, - p, strlen(p) + 1, - &ext.data.u.password.password); - if (ret) - return ret; - - ext.data.u.password.mkvno = - malloc(sizeof(*ext.data.u.password.mkvno)); - if (ext.data.u.password.mkvno == NULL) { - free_HDB_extension(&ext); - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - *ext.data.u.password.mkvno = _hdb_mkey_version(key); - - } else { - ext.data.u.password.mkvno = NULL; - - ret = krb5_data_copy(&ext.data.u.password.password, - p, strlen(p) + 1); - if (ret) { - krb5_set_error_string(context, "malloc: out of memory"); - free_HDB_extension(&ext); - return ret; - } - } - - ret = hdb_replace_extension(context, entry, &ext); - - free_HDB_extension(&ext); - - return ret; -} - -int -hdb_entry_clear_password(krb5_context context, hdb_entry *entry) -{ - return hdb_clear_extension(context, entry, - choice_HDB_extension_data_password); -} - -krb5_error_code -hdb_entry_get_ConstrainedDelegACL(const hdb_entry *entry, - const HDB_Ext_Constrained_delegation_acl **a) -{ - const HDB_extension *ext; - - ext = hdb_find_extension(entry, - choice_HDB_extension_data_allowed_to_delegate_to); - if (ext) - *a = &ext->data.u.allowed_to_delegate_to; - else - *a = NULL; - - return 0; -} - -krb5_error_code -hdb_entry_get_aliases(const hdb_entry *entry, const HDB_Ext_Aliases **a) -{ - const HDB_extension *ext; - - ext = hdb_find_extension(entry, choice_HDB_extension_data_aliases); - if (ext) - *a = &ext->data.u.aliases; - else - *a = NULL; - - return 0; -} diff --git a/crypto/heimdal/lib/hdb/hdb-ldap.c b/crypto/heimdal/lib/hdb/hdb-ldap.c deleted file mode 100644 index c9f3d37..0000000 --- a/crypto/heimdal/lib/hdb/hdb-ldap.c +++ /dev/null @@ -1,1829 +0,0 @@ -/* - * Copyright (c) 1999-2001, 2003, PADL Software Pty Ltd. - * Copyright (c) 2004, Andrew Bartlett. - * Copyright (c) 2003 - 2007, Kungliga Tekniska Högskolan. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of PADL Software nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "hdb_locl.h" - -RCSID("$Id: hdb-ldap.c 22071 2007-11-14 20:04:50Z lha $"); - -#ifdef OPENLDAP - -#include <lber.h> -#include <ldap.h> -#include <sys/un.h> -#include <hex.h> - -static krb5_error_code LDAP__connect(krb5_context context, HDB *); -static krb5_error_code LDAP_close(krb5_context context, HDB *); - -static krb5_error_code -LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg, - hdb_entry_ex * ent); - -static const char *default_structural_object = "account"; -static char *structural_object; -static krb5_boolean samba_forwardable; - -struct hdbldapdb { - LDAP *h_lp; - int h_msgid; - char *h_base; - char *h_url; - char *h_createbase; -}; - -#define HDB2LDAP(db) (((struct hdbldapdb *)(db)->hdb_db)->h_lp) -#define HDB2MSGID(db) (((struct hdbldapdb *)(db)->hdb_db)->h_msgid) -#define HDBSETMSGID(db,msgid) \ - do { ((struct hdbldapdb *)(db)->hdb_db)->h_msgid = msgid; } while(0) -#define HDB2BASE(dn) (((struct hdbldapdb *)(db)->hdb_db)->h_base) -#define HDB2URL(dn) (((struct hdbldapdb *)(db)->hdb_db)->h_url) -#define HDB2CREATE(db) (((struct hdbldapdb *)(db)->hdb_db)->h_createbase) - -/* - * - */ - -static char * krb5kdcentry_attrs[] = { - "cn", - "createTimestamp", - "creatorsName", - "krb5EncryptionType", - "krb5KDCFlags", - "krb5Key", - "krb5KeyVersionNumber", - "krb5MaxLife", - "krb5MaxRenew", - "krb5PasswordEnd", - "krb5PrincipalName", - "krb5PrincipalRealm", - "krb5ValidEnd", - "krb5ValidStart", - "modifiersName", - "modifyTimestamp", - "objectClass", - "sambaAcctFlags", - "sambaKickoffTime", - "sambaNTPassword", - "sambaPwdLastSet", - "sambaPwdMustChange", - "uid", - NULL -}; - -static char *krb5principal_attrs[] = { - "cn", - "createTimestamp", - "creatorsName", - "krb5PrincipalName", - "krb5PrincipalRealm", - "modifiersName", - "modifyTimestamp", - "objectClass", - "uid", - NULL -}; - -static int -LDAP_no_size_limit(krb5_context context, LDAP *lp) -{ - int ret, limit = LDAP_NO_LIMIT; - - ret = ldap_set_option(lp, LDAP_OPT_SIZELIMIT, (const void *)&limit); - if (ret != LDAP_SUCCESS) { - krb5_set_error_string(context, "ldap_set_option: %s", - ldap_err2string(ret)); - return HDB_ERR_BADVERSION; - } - return 0; -} - -static int -check_ldap(krb5_context context, HDB *db, int ret) -{ - switch (ret) { - case LDAP_SUCCESS: - return 0; - case LDAP_SERVER_DOWN: - LDAP_close(context, db); - return 1; - default: - return 1; - } -} - -static krb5_error_code -LDAP__setmod(LDAPMod *** modlist, int modop, const char *attribute, - int *pIndex) -{ - int cMods; - - if (*modlist == NULL) { - *modlist = (LDAPMod **)ber_memcalloc(1, sizeof(LDAPMod *)); - if (*modlist == NULL) - return ENOMEM; - } - - for (cMods = 0; (*modlist)[cMods] != NULL; cMods++) { - if ((*modlist)[cMods]->mod_op == modop && - strcasecmp((*modlist)[cMods]->mod_type, attribute) == 0) { - break; - } - } - - *pIndex = cMods; - - if ((*modlist)[cMods] == NULL) { - LDAPMod *mod; - - *modlist = (LDAPMod **)ber_memrealloc(*modlist, - (cMods + 2) * sizeof(LDAPMod *)); - if (*modlist == NULL) - return ENOMEM; - - (*modlist)[cMods] = (LDAPMod *)ber_memalloc(sizeof(LDAPMod)); - if ((*modlist)[cMods] == NULL) - return ENOMEM; - - mod = (*modlist)[cMods]; - mod->mod_op = modop; - mod->mod_type = ber_strdup(attribute); - if (mod->mod_type == NULL) { - ber_memfree(mod); - (*modlist)[cMods] = NULL; - return ENOMEM; - } - - if (modop & LDAP_MOD_BVALUES) { - mod->mod_bvalues = NULL; - } else { - mod->mod_values = NULL; - } - - (*modlist)[cMods + 1] = NULL; - } - - return 0; -} - -static krb5_error_code -LDAP_addmod_len(LDAPMod *** modlist, int modop, const char *attribute, - unsigned char *value, size_t len) -{ - krb5_error_code ret; - int cMods, i = 0; - - ret = LDAP__setmod(modlist, modop | LDAP_MOD_BVALUES, attribute, &cMods); - if (ret) - return ret; - - if (value != NULL) { - struct berval **bv; - - bv = (*modlist)[cMods]->mod_bvalues; - if (bv != NULL) { - for (i = 0; bv[i] != NULL; i++) - ; - bv = ber_memrealloc(bv, (i + 2) * sizeof(*bv)); - } else - bv = ber_memalloc(2 * sizeof(*bv)); - if (bv == NULL) - return ENOMEM; - - (*modlist)[cMods]->mod_bvalues = bv; - - bv[i] = ber_memalloc(sizeof(*bv));; - if (bv[i] == NULL) - return ENOMEM; - - bv[i]->bv_val = (void *)value; - bv[i]->bv_len = len; - - bv[i + 1] = NULL; - } - - return 0; -} - -static krb5_error_code -LDAP_addmod(LDAPMod *** modlist, int modop, const char *attribute, - const char *value) -{ - int cMods, i = 0; - krb5_error_code ret; - - ret = LDAP__setmod(modlist, modop, attribute, &cMods); - if (ret) - return ret; - - if (value != NULL) { - char **bv; - - bv = (*modlist)[cMods]->mod_values; - if (bv != NULL) { - for (i = 0; bv[i] != NULL; i++) - ; - bv = ber_memrealloc(bv, (i + 2) * sizeof(*bv)); - } else - bv = ber_memalloc(2 * sizeof(*bv)); - if (bv == NULL) - return ENOMEM; - - (*modlist)[cMods]->mod_values = bv; - - bv[i] = ber_strdup(value); - if (bv[i] == NULL) - return ENOMEM; - - bv[i + 1] = NULL; - } - - return 0; -} - -static krb5_error_code -LDAP_addmod_generalized_time(LDAPMod *** mods, int modop, - const char *attribute, KerberosTime * time) -{ - char buf[22]; - struct tm *tm; - - /* XXX not threadsafe */ - tm = gmtime(time); - strftime(buf, sizeof(buf), "%Y%m%d%H%M%SZ", tm); - - return LDAP_addmod(mods, modop, attribute, buf); -} - -static krb5_error_code -LDAP_addmod_integer(krb5_context context, - LDAPMod *** mods, int modop, - const char *attribute, unsigned long l) -{ - krb5_error_code ret; - char *buf; - - ret = asprintf(&buf, "%ld", l); - if (ret < 0) { - krb5_set_error_string(context, "asprintf: out of memory:"); - return ret; - } - ret = LDAP_addmod(mods, modop, attribute, buf); - free (buf); - return ret; -} - -static krb5_error_code -LDAP_get_string_value(HDB * db, LDAPMessage * entry, - const char *attribute, char **ptr) -{ - char **vals; - int ret; - - vals = ldap_get_values(HDB2LDAP(db), entry, (char *) attribute); - if (vals == NULL) { - *ptr = NULL; - return HDB_ERR_NOENTRY; - } - - *ptr = strdup(vals[0]); - if (*ptr == NULL) - ret = ENOMEM; - else - ret = 0; - - ldap_value_free(vals); - - return ret; -} - -static krb5_error_code -LDAP_get_integer_value(HDB * db, LDAPMessage * entry, - const char *attribute, int *ptr) -{ - char **vals; - - vals = ldap_get_values(HDB2LDAP(db), entry, (char *) attribute); - if (vals == NULL) - return HDB_ERR_NOENTRY; - - *ptr = atoi(vals[0]); - ldap_value_free(vals); - return 0; -} - -static krb5_error_code -LDAP_get_generalized_time_value(HDB * db, LDAPMessage * entry, - const char *attribute, KerberosTime * kt) -{ - char *tmp, *gentime; - struct tm tm; - int ret; - - *kt = 0; - - ret = LDAP_get_string_value(db, entry, attribute, &gentime); - if (ret) - return ret; - - tmp = strptime(gentime, "%Y%m%d%H%M%SZ", &tm); - if (tmp == NULL) { - free(gentime); - return HDB_ERR_NOENTRY; - } - - free(gentime); - - *kt = timegm(&tm); - - return 0; -} - -static krb5_error_code -LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry_ex * ent, - LDAPMessage * msg, LDAPMod *** pmods) -{ - krb5_error_code ret; - krb5_boolean is_new_entry; - char *tmp = NULL; - LDAPMod **mods = NULL; - hdb_entry_ex orig; - unsigned long oflags, nflags; - int i; - - krb5_boolean is_samba_account = FALSE; - krb5_boolean is_account = FALSE; - krb5_boolean is_heimdal_entry = FALSE; - krb5_boolean is_heimdal_principal = FALSE; - - char **values; - - *pmods = NULL; - - if (msg != NULL) { - - ret = LDAP_message2entry(context, db, msg, &orig); - if (ret) - goto out; - - is_new_entry = FALSE; - - values = ldap_get_values(HDB2LDAP(db), msg, "objectClass"); - if (values) { - int num_objectclasses = ldap_count_values(values); - for (i=0; i < num_objectclasses; i++) { - if (strcasecmp(values[i], "sambaSamAccount") == 0) { - is_samba_account = TRUE; - } else if (strcasecmp(values[i], structural_object) == 0) { - is_account = TRUE; - } else if (strcasecmp(values[i], "krb5Principal") == 0) { - is_heimdal_principal = TRUE; - } else if (strcasecmp(values[i], "krb5KDCEntry") == 0) { - is_heimdal_entry = TRUE; - } - } - ldap_value_free(values); - } - - /* - * If this is just a "account" entry and no other objectclass - * is hanging on this entry, it's really a new entry. - */ - if (is_samba_account == FALSE && is_heimdal_principal == FALSE && - is_heimdal_entry == FALSE) { - if (is_account == TRUE) { - is_new_entry = TRUE; - } else { - ret = HDB_ERR_NOENTRY; - goto out; - } - } - } else - is_new_entry = TRUE; - - if (is_new_entry) { - - /* to make it perfectly obvious we're depending on - * orig being intiialized to zero */ - memset(&orig, 0, sizeof(orig)); - - ret = LDAP_addmod(&mods, LDAP_MOD_ADD, "objectClass", "top"); - if (ret) - goto out; - - /* account is the structural object class */ - if (is_account == FALSE) { - ret = LDAP_addmod(&mods, LDAP_MOD_ADD, "objectClass", - structural_object); - is_account = TRUE; - if (ret) - goto out; - } - - ret = LDAP_addmod(&mods, LDAP_MOD_ADD, "objectClass", "krb5Principal"); - is_heimdal_principal = TRUE; - if (ret) - goto out; - - ret = LDAP_addmod(&mods, LDAP_MOD_ADD, "objectClass", "krb5KDCEntry"); - is_heimdal_entry = TRUE; - if (ret) - goto out; - } - - if (is_new_entry || - krb5_principal_compare(context, ent->entry.principal, orig.entry.principal) - == FALSE) - { - if (is_heimdal_principal || is_heimdal_entry) { - - ret = krb5_unparse_name(context, ent->entry.principal, &tmp); - if (ret) - goto out; - - ret = LDAP_addmod(&mods, LDAP_MOD_REPLACE, - "krb5PrincipalName", tmp); - if (ret) { - free(tmp); - goto out; - } - free(tmp); - } - - if (is_account || is_samba_account) { - ret = krb5_unparse_name_short(context, ent->entry.principal, &tmp); - if (ret) - goto out; - ret = LDAP_addmod(&mods, LDAP_MOD_REPLACE, "uid", tmp); - if (ret) { - free(tmp); - goto out; - } - free(tmp); - } - } - - if (is_heimdal_entry && (ent->entry.kvno != orig.entry.kvno || is_new_entry)) { - ret = LDAP_addmod_integer(context, &mods, LDAP_MOD_REPLACE, - "krb5KeyVersionNumber", - ent->entry.kvno); - if (ret) - goto out; - } - - if (is_heimdal_entry && ent->entry.valid_start) { - if (orig.entry.valid_end == NULL - || (*(ent->entry.valid_start) != *(orig.entry.valid_start))) { - ret = LDAP_addmod_generalized_time(&mods, LDAP_MOD_REPLACE, - "krb5ValidStart", - ent->entry.valid_start); - if (ret) - goto out; - } - } - - if (ent->entry.valid_end) { - if (orig.entry.valid_end == NULL || (*(ent->entry.valid_end) != *(orig.entry.valid_end))) { - if (is_heimdal_entry) { - ret = LDAP_addmod_generalized_time(&mods, LDAP_MOD_REPLACE, - "krb5ValidEnd", - ent->entry.valid_end); - if (ret) - goto out; - } - if (is_samba_account) { - ret = LDAP_addmod_integer(context, &mods, LDAP_MOD_REPLACE, - "sambaKickoffTime", - *(ent->entry.valid_end)); - if (ret) - goto out; - } - } - } - - if (ent->entry.pw_end) { - if (orig.entry.pw_end == NULL || (*(ent->entry.pw_end) != *(orig.entry.pw_end))) { - if (is_heimdal_entry) { - ret = LDAP_addmod_generalized_time(&mods, LDAP_MOD_REPLACE, - "krb5PasswordEnd", - ent->entry.pw_end); - if (ret) - goto out; - } - - if (is_samba_account) { - ret = LDAP_addmod_integer(context, &mods, LDAP_MOD_REPLACE, - "sambaPwdMustChange", - *(ent->entry.pw_end)); - if (ret) - goto out; - } - } - } - - -#if 0 /* we we have last_pw_change */ - if (is_samba_account && ent->entry.last_pw_change) { - if (orig.entry.last_pw_change == NULL || (*(ent->entry.last_pw_change) != *(orig.entry.last_pw_change))) { - ret = LDAP_addmod_integer(context, &mods, LDAP_MOD_REPLACE, - "sambaPwdLastSet", - *(ent->entry.last_pw_change)); - if (ret) - goto out; - } - } -#endif - - if (is_heimdal_entry && ent->entry.max_life) { - if (orig.entry.max_life == NULL - || (*(ent->entry.max_life) != *(orig.entry.max_life))) { - - ret = LDAP_addmod_integer(context, &mods, LDAP_MOD_REPLACE, - "krb5MaxLife", - *(ent->entry.max_life)); - if (ret) - goto out; - } - } - - if (is_heimdal_entry && ent->entry.max_renew) { - if (orig.entry.max_renew == NULL - || (*(ent->entry.max_renew) != *(orig.entry.max_renew))) { - - ret = LDAP_addmod_integer(context, &mods, LDAP_MOD_REPLACE, - "krb5MaxRenew", - *(ent->entry.max_renew)); - if (ret) - goto out; - } - } - - oflags = HDBFlags2int(orig.entry.flags); - nflags = HDBFlags2int(ent->entry.flags); - - if (is_heimdal_entry && oflags != nflags) { - - ret = LDAP_addmod_integer(context, &mods, LDAP_MOD_REPLACE, - "krb5KDCFlags", - nflags); - if (ret) - goto out; - } - - /* Remove keys if they exists, and then replace keys. */ - if (!is_new_entry && orig.entry.keys.len > 0) { - values = ldap_get_values(HDB2LDAP(db), msg, "krb5Key"); - if (values) { - ldap_value_free(values); - - ret = LDAP_addmod(&mods, LDAP_MOD_DELETE, "krb5Key", NULL); - if (ret) - goto out; - } - } - - for (i = 0; i < ent->entry.keys.len; i++) { - - if (is_samba_account - && ent->entry.keys.val[i].key.keytype == ETYPE_ARCFOUR_HMAC_MD5) { - char *ntHexPassword; - char *nt; - - /* the key might have been 'sealed', but samba passwords - are clear in the directory */ - ret = hdb_unseal_key(context, db, &ent->entry.keys.val[i]); - if (ret) - goto out; - - nt = ent->entry.keys.val[i].key.keyvalue.data; - /* store in ntPassword, not krb5key */ - ret = hex_encode(nt, 16, &ntHexPassword); - if (ret < 0) { - krb5_set_error_string(context, "hdb-ldap: failed to " - "hex encode key"); - ret = ENOMEM; - goto out; - } - ret = LDAP_addmod(&mods, LDAP_MOD_REPLACE, "sambaNTPassword", - ntHexPassword); - free(ntHexPassword); - if (ret) - goto out; - - /* have to kill the LM passwod if it exists */ - values = ldap_get_values(HDB2LDAP(db), msg, "sambaLMPassword"); - if (values) { - ldap_value_free(values); - ret = LDAP_addmod(&mods, LDAP_MOD_DELETE, - "sambaLMPassword", NULL); - if (ret) - goto out; - } - - } else if (is_heimdal_entry) { - unsigned char *buf; - size_t len, buf_size; - - ASN1_MALLOC_ENCODE(Key, buf, buf_size, &ent->entry.keys.val[i], &len, ret); - if (ret) - goto out; - if(buf_size != len) - krb5_abortx(context, "internal error in ASN.1 encoder"); - - /* addmod_len _owns_ the key, doesn't need to copy it */ - ret = LDAP_addmod_len(&mods, LDAP_MOD_ADD, "krb5Key", buf, len); - if (ret) - goto out; - } - } - - if (ent->entry.etypes) { - int add_krb5EncryptionType = 0; - - /* - * Only add/modify krb5EncryptionType if it's a new heimdal - * entry or krb5EncryptionType already exists on the entry. - */ - - if (!is_new_entry) { - values = ldap_get_values(HDB2LDAP(db), msg, "krb5EncryptionType"); - if (values) { - ldap_value_free(values); - ret = LDAP_addmod(&mods, LDAP_MOD_DELETE, "krb5EncryptionType", - NULL); - if (ret) - goto out; - add_krb5EncryptionType = 1; - } - } else if (is_heimdal_entry) - add_krb5EncryptionType = 1; - - if (add_krb5EncryptionType) { - for (i = 0; i < ent->entry.etypes->len; i++) { - if (is_samba_account && - ent->entry.keys.val[i].key.keytype == ETYPE_ARCFOUR_HMAC_MD5) - { - ; - } else if (is_heimdal_entry) { - ret = LDAP_addmod_integer(context, &mods, LDAP_MOD_ADD, - "krb5EncryptionType", - ent->entry.etypes->val[i]); - if (ret) - goto out; - } - } - } - } - - /* for clarity */ - ret = 0; - - out: - - if (ret == 0) - *pmods = mods; - else if (mods != NULL) { - ldap_mods_free(mods, 1); - *pmods = NULL; - } - - if (msg) - hdb_free_entry(context, &orig); - - return ret; -} - -static krb5_error_code -LDAP_dn2principal(krb5_context context, HDB * db, const char *dn, - krb5_principal * principal) -{ - krb5_error_code ret; - int rc; - const char *filter = "(objectClass=krb5Principal)"; - char **values; - LDAPMessage *res = NULL, *e; - - ret = LDAP_no_size_limit(context, HDB2LDAP(db)); - if (ret) - goto out; - - rc = ldap_search_s(HDB2LDAP(db), dn, LDAP_SCOPE_SUBTREE, - filter, krb5principal_attrs, - 0, &res); - if (check_ldap(context, db, rc)) { - krb5_set_error_string(context, "ldap_search_s: filter: %s error: %s", - filter, ldap_err2string(rc)); - ret = HDB_ERR_NOENTRY; - goto out; - } - - e = ldap_first_entry(HDB2LDAP(db), res); - if (e == NULL) { - ret = HDB_ERR_NOENTRY; - goto out; - } - - values = ldap_get_values(HDB2LDAP(db), e, "krb5PrincipalName"); - if (values == NULL) { - ret = HDB_ERR_NOENTRY; - goto out; - } - - ret = krb5_parse_name(context, values[0], principal); - ldap_value_free(values); - - out: - if (res) - ldap_msgfree(res); - - return ret; -} - -static krb5_error_code -LDAP__lookup_princ(krb5_context context, - HDB *db, - const char *princname, - const char *userid, - LDAPMessage **msg) -{ - krb5_error_code ret; - int rc; - char *filter = NULL; - - ret = LDAP__connect(context, db); - if (ret) - return ret; - - rc = asprintf(&filter, - "(&(objectClass=krb5Principal)(krb5PrincipalName=%s))", - princname); - if (rc < 0) { - krb5_set_error_string(context, "asprintf: out of memory"); - ret = ENOMEM; - goto out; - } - - ret = LDAP_no_size_limit(context, HDB2LDAP(db)); - if (ret) - goto out; - - rc = ldap_search_s(HDB2LDAP(db), HDB2BASE(db), LDAP_SCOPE_SUBTREE, filter, - krb5kdcentry_attrs, 0, msg); - if (check_ldap(context, db, rc)) { - krb5_set_error_string(context, "ldap_search_s: filter: %s - error: %s", - filter, ldap_err2string(rc)); - ret = HDB_ERR_NOENTRY; - goto out; - } - - if (userid && ldap_count_entries(HDB2LDAP(db), *msg) == 0) { - free(filter); - filter = NULL; - ldap_msgfree(*msg); - *msg = NULL; - - rc = asprintf(&filter, - "(&(|(objectClass=sambaSamAccount)(objectClass=%s))(uid=%s))", - structural_object, userid); - if (rc < 0) { - krb5_set_error_string(context, "asprintf: out of memory"); - ret = ENOMEM; - goto out; - } - - ret = LDAP_no_size_limit(context, HDB2LDAP(db)); - if (ret) - goto out; - - rc = ldap_search_s(HDB2LDAP(db), HDB2BASE(db), LDAP_SCOPE_SUBTREE, - filter, krb5kdcentry_attrs, 0, msg); - if (check_ldap(context, db, rc)) { - krb5_set_error_string(context, - "ldap_search_s: filter: %s error: %s", - filter, ldap_err2string(rc)); - ret = HDB_ERR_NOENTRY; - goto out; - } - } - - ret = 0; - - out: - if (filter) - free(filter); - - return ret; -} - -static krb5_error_code -LDAP_principal2message(krb5_context context, HDB * db, - krb5_const_principal princ, LDAPMessage ** msg) -{ - char *name, *name_short = NULL; - krb5_error_code ret; - krb5_realm *r, *r0; - - *msg = NULL; - - ret = krb5_unparse_name(context, princ, &name); - if (ret) - return ret; - - ret = krb5_get_default_realms(context, &r0); - if(ret) { - free(name); - return ret; - } - for (r = r0; *r != NULL; r++) { - if(strcmp(krb5_principal_get_realm(context, princ), *r) == 0) { - ret = krb5_unparse_name_short(context, princ, &name_short); - if (ret) { - krb5_free_host_realm(context, r0); - free(name); - return ret; - } - break; - } - } - krb5_free_host_realm(context, r0); - - ret = LDAP__lookup_princ(context, db, name, name_short, msg); - free(name); - free(name_short); - - return ret; -} - -/* - * Construct an hdb_entry from a directory entry. - */ -static krb5_error_code -LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg, - hdb_entry_ex * ent) -{ - char *unparsed_name = NULL, *dn = NULL, *ntPasswordIN = NULL; - char *samba_acct_flags = NULL; - unsigned long tmp; - struct berval **keys; - char **values; - int tmp_time, i, ret, have_arcfour = 0; - - memset(ent, 0, sizeof(*ent)); - ent->entry.flags = int2HDBFlags(0); - - ret = LDAP_get_string_value(db, msg, "krb5PrincipalName", &unparsed_name); - if (ret == 0) { - ret = krb5_parse_name(context, unparsed_name, &ent->entry.principal); - if (ret) - goto out; - } else { - ret = LDAP_get_string_value(db, msg, "uid", - &unparsed_name); - if (ret == 0) { - ret = krb5_parse_name(context, unparsed_name, &ent->entry.principal); - if (ret) - goto out; - } else { - krb5_set_error_string(context, "hdb-ldap: ldap entry missing" - "principal name"); - return HDB_ERR_NOENTRY; - } - } - - { - int integer; - ret = LDAP_get_integer_value(db, msg, "krb5KeyVersionNumber", - &integer); - if (ret) - ent->entry.kvno = 0; - else - ent->entry.kvno = integer; - } - - keys = ldap_get_values_len(HDB2LDAP(db), msg, "krb5Key"); - if (keys != NULL) { - int i; - size_t l; - - ent->entry.keys.len = ldap_count_values_len(keys); - ent->entry.keys.val = (Key *) calloc(ent->entry.keys.len, sizeof(Key)); - if (ent->entry.keys.val == NULL) { - krb5_set_error_string(context, "calloc: out of memory"); - ret = ENOMEM; - goto out; - } - for (i = 0; i < ent->entry.keys.len; i++) { - decode_Key((unsigned char *) keys[i]->bv_val, - (size_t) keys[i]->bv_len, &ent->entry.keys.val[i], &l); - } - ber_bvecfree(keys); - } else { -#if 1 - /* - * This violates the ASN1 but it allows a principal to - * be related to a general directory entry without creating - * the keys. Hopefully it's OK. - */ - ent->entry.keys.len = 0; - ent->entry.keys.val = NULL; -#else - ret = HDB_ERR_NOENTRY; - goto out; -#endif - } - - values = ldap_get_values(HDB2LDAP(db), msg, "krb5EncryptionType"); - if (values != NULL) { - int i; - - ent->entry.etypes = malloc(sizeof(*(ent->entry.etypes))); - if (ent->entry.etypes == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - goto out; - } - ent->entry.etypes->len = ldap_count_values(values); - ent->entry.etypes->val = calloc(ent->entry.etypes->len, sizeof(int)); - if (ent->entry.etypes->val == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - goto out; - } - for (i = 0; i < ent->entry.etypes->len; i++) { - ent->entry.etypes->val[i] = atoi(values[i]); - } - ldap_value_free(values); - } - - for (i = 0; i < ent->entry.keys.len; i++) { - if (ent->entry.keys.val[i].key.keytype == ETYPE_ARCFOUR_HMAC_MD5) { - have_arcfour = 1; - break; - } - } - - /* manually construct the NT (type 23) key */ - ret = LDAP_get_string_value(db, msg, "sambaNTPassword", &ntPasswordIN); - if (ret == 0 && have_arcfour == 0) { - unsigned *etypes; - Key *keys; - int i; - - keys = realloc(ent->entry.keys.val, - (ent->entry.keys.len + 1) * sizeof(ent->entry.keys.val[0])); - if (keys == NULL) { - free(ntPasswordIN); - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - goto out; - } - ent->entry.keys.val = keys; - memset(&ent->entry.keys.val[ent->entry.keys.len], 0, sizeof(Key)); - ent->entry.keys.val[ent->entry.keys.len].key.keytype = ETYPE_ARCFOUR_HMAC_MD5; - ret = krb5_data_alloc (&ent->entry.keys.val[ent->entry.keys.len].key.keyvalue, 16); - if (ret) { - krb5_set_error_string(context, "malloc: out of memory"); - free(ntPasswordIN); - ret = ENOMEM; - goto out; - } - ret = hex_decode(ntPasswordIN, - ent->entry.keys.val[ent->entry.keys.len].key.keyvalue.data, 16); - ent->entry.keys.len++; - - if (ent->entry.etypes == NULL) { - ent->entry.etypes = malloc(sizeof(*(ent->entry.etypes))); - if (ent->entry.etypes == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - goto out; - } - ent->entry.etypes->val = NULL; - ent->entry.etypes->len = 0; - } - - for (i = 0; i < ent->entry.etypes->len; i++) - if (ent->entry.etypes->val[i] == ETYPE_ARCFOUR_HMAC_MD5) - break; - /* If there is no ARCFOUR enctype, add one */ - if (i == ent->entry.etypes->len) { - etypes = realloc(ent->entry.etypes->val, - (ent->entry.etypes->len + 1) * - sizeof(ent->entry.etypes->val[0])); - if (etypes == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - goto out; - } - ent->entry.etypes->val = etypes; - ent->entry.etypes->val[ent->entry.etypes->len] = - ETYPE_ARCFOUR_HMAC_MD5; - ent->entry.etypes->len++; - } - } - - ret = LDAP_get_generalized_time_value(db, msg, "createTimestamp", - &ent->entry.created_by.time); - if (ret) - ent->entry.created_by.time = time(NULL); - - ent->entry.created_by.principal = NULL; - - ret = LDAP_get_string_value(db, msg, "creatorsName", &dn); - if (ret == 0) { - if (LDAP_dn2principal(context, db, dn, &ent->entry.created_by.principal) - != 0) { - ent->entry.created_by.principal = NULL; - } - free(dn); - } - - ent->entry.modified_by = (Event *) malloc(sizeof(Event)); - if (ent->entry.modified_by == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - goto out; - } - ret = LDAP_get_generalized_time_value(db, msg, "modifyTimestamp", - &ent->entry.modified_by->time); - if (ret == 0) { - ret = LDAP_get_string_value(db, msg, "modifiersName", &dn); - if (LDAP_dn2principal(context, db, dn, &ent->entry.modified_by->principal)) - ent->entry.modified_by->principal = NULL; - free(dn); - } else { - free(ent->entry.modified_by); - ent->entry.modified_by = NULL; - } - - ent->entry.valid_start = malloc(sizeof(*ent->entry.valid_start)); - if (ent->entry.valid_start == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - goto out; - } - ret = LDAP_get_generalized_time_value(db, msg, "krb5ValidStart", - ent->entry.valid_start); - if (ret) { - /* OPTIONAL */ - free(ent->entry.valid_start); - ent->entry.valid_start = NULL; - } - - ent->entry.valid_end = malloc(sizeof(*ent->entry.valid_end)); - if (ent->entry.valid_end == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - goto out; - } - ret = LDAP_get_generalized_time_value(db, msg, "krb5ValidEnd", - ent->entry.valid_end); - if (ret) { - /* OPTIONAL */ - free(ent->entry.valid_end); - ent->entry.valid_end = NULL; - } - - ret = LDAP_get_integer_value(db, msg, "sambaKickoffTime", &tmp_time); - if (ret == 0) { - if (ent->entry.valid_end == NULL) { - ent->entry.valid_end = malloc(sizeof(*ent->entry.valid_end)); - if (ent->entry.valid_end == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - goto out; - } - } - *ent->entry.valid_end = tmp_time; - } - - ent->entry.pw_end = malloc(sizeof(*ent->entry.pw_end)); - if (ent->entry.pw_end == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - goto out; - } - ret = LDAP_get_generalized_time_value(db, msg, "krb5PasswordEnd", - ent->entry.pw_end); - if (ret) { - /* OPTIONAL */ - free(ent->entry.pw_end); - ent->entry.pw_end = NULL; - } - - ret = LDAP_get_integer_value(db, msg, "sambaPwdMustChange", &tmp_time); - if (ret == 0) { - if (ent->entry.pw_end == NULL) { - ent->entry.pw_end = malloc(sizeof(*ent->entry.pw_end)); - if (ent->entry.pw_end == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - goto out; - } - } - *ent->entry.pw_end = tmp_time; - } - - /* OPTIONAL */ - ret = LDAP_get_integer_value(db, msg, "sambaPwdLastSet", &tmp_time); - if (ret == 0) - hdb_entry_set_pw_change_time(context, &ent->entry, tmp_time); - - { - int max_life; - - ent->entry.max_life = malloc(sizeof(*ent->entry.max_life)); - if (ent->entry.max_life == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - goto out; - } - ret = LDAP_get_integer_value(db, msg, "krb5MaxLife", &max_life); - if (ret) { - free(ent->entry.max_life); - ent->entry.max_life = NULL; - } else - *ent->entry.max_life = max_life; - } - - { - int max_renew; - - ent->entry.max_renew = malloc(sizeof(*ent->entry.max_renew)); - if (ent->entry.max_renew == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - goto out; - } - ret = LDAP_get_integer_value(db, msg, "krb5MaxRenew", &max_renew); - if (ret) { - free(ent->entry.max_renew); - ent->entry.max_renew = NULL; - } else - *ent->entry.max_renew = max_renew; - } - - values = ldap_get_values(HDB2LDAP(db), msg, "krb5KDCFlags"); - if (values != NULL) { - errno = 0; - tmp = strtoul(values[0], (char **) NULL, 10); - if (tmp == ULONG_MAX && errno == ERANGE) { - krb5_set_error_string(context, "strtoul: could not convert flag"); - ret = ERANGE; - goto out; - } - } else { - tmp = 0; - } - - ent->entry.flags = int2HDBFlags(tmp); - - /* Try and find Samba flags to put into the mix */ - ret = LDAP_get_string_value(db, msg, "sambaAcctFlags", &samba_acct_flags); - if (ret == 0) { - /* parse the [UXW...] string: - - 'N' No password - 'D' Disabled - 'H' Homedir required - 'T' Temp account. - 'U' User account (normal) - 'M' MNS logon user account - what is this ? - 'W' Workstation account - 'S' Server account - 'L' Locked account - 'X' No Xpiry on password - 'I' Interdomain trust account - - */ - - int i; - int flags_len = strlen(samba_acct_flags); - - if (flags_len < 2) - goto out2; - - if (samba_acct_flags[0] != '[' - || samba_acct_flags[flags_len - 1] != ']') - goto out2; - - /* Allow forwarding */ - if (samba_forwardable) - ent->entry.flags.forwardable = TRUE; - - for (i=0; i < flags_len; i++) { - switch (samba_acct_flags[i]) { - case ' ': - case '[': - case ']': - break; - case 'N': - /* how to handle no password in kerberos? */ - break; - case 'D': - ent->entry.flags.invalid = TRUE; - break; - case 'H': - break; - case 'T': - /* temp duplicate */ - ent->entry.flags.invalid = TRUE; - break; - case 'U': - ent->entry.flags.client = TRUE; - break; - case 'M': - break; - case 'W': - case 'S': - ent->entry.flags.server = TRUE; - ent->entry.flags.client = TRUE; - break; - case 'L': - ent->entry.flags.invalid = TRUE; - break; - case 'X': - if (ent->entry.pw_end) { - free(ent->entry.pw_end); - ent->entry.pw_end = NULL; - } - break; - case 'I': - ent->entry.flags.server = TRUE; - ent->entry.flags.client = TRUE; - break; - } - } - out2: - free(samba_acct_flags); - } - - ret = 0; - -out: - if (unparsed_name) - free(unparsed_name); - - if (ret) - hdb_free_entry(context, ent); - - return ret; -} - -static krb5_error_code -LDAP_close(krb5_context context, HDB * db) -{ - if (HDB2LDAP(db)) { - ldap_unbind_ext(HDB2LDAP(db), NULL, NULL); - ((struct hdbldapdb *)db->hdb_db)->h_lp = NULL; - } - - return 0; -} - -static krb5_error_code -LDAP_lock(krb5_context context, HDB * db, int operation) -{ - return 0; -} - -static krb5_error_code -LDAP_unlock(krb5_context context, HDB * db) -{ - return 0; -} - -static krb5_error_code -LDAP_seq(krb5_context context, HDB * db, unsigned flags, hdb_entry_ex * entry) -{ - int msgid, rc, parserc; - krb5_error_code ret; - LDAPMessage *e; - - msgid = HDB2MSGID(db); - if (msgid < 0) - return HDB_ERR_NOENTRY; - - do { - rc = ldap_result(HDB2LDAP(db), msgid, LDAP_MSG_ONE, NULL, &e); - switch (rc) { - case LDAP_RES_SEARCH_REFERENCE: - ldap_msgfree(e); - ret = 0; - break; - case LDAP_RES_SEARCH_ENTRY: - /* We have an entry. Parse it. */ - ret = LDAP_message2entry(context, db, e, entry); - ldap_msgfree(e); - break; - case LDAP_RES_SEARCH_RESULT: - /* We're probably at the end of the results. If not, abandon. */ - parserc = - ldap_parse_result(HDB2LDAP(db), e, NULL, NULL, NULL, - NULL, NULL, 1); - if (parserc != LDAP_SUCCESS - && parserc != LDAP_MORE_RESULTS_TO_RETURN) { - krb5_set_error_string(context, "ldap_parse_result: %s", - ldap_err2string(parserc)); - ldap_abandon(HDB2LDAP(db), msgid); - } - ret = HDB_ERR_NOENTRY; - HDBSETMSGID(db, -1); - break; - case LDAP_SERVER_DOWN: - ldap_msgfree(e); - LDAP_close(context, db); - HDBSETMSGID(db, -1); - ret = ENETDOWN; - break; - default: - /* Some unspecified error (timeout?). Abandon. */ - ldap_msgfree(e); - ldap_abandon(HDB2LDAP(db), msgid); - ret = HDB_ERR_NOENTRY; - HDBSETMSGID(db, -1); - break; - } - } while (rc == LDAP_RES_SEARCH_REFERENCE); - - if (ret == 0) { - if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) { - ret = hdb_unseal_keys(context, db, &entry->entry); - if (ret) - hdb_free_entry(context, entry); - } - } - - return ret; -} - -static krb5_error_code -LDAP_firstkey(krb5_context context, HDB *db, unsigned flags, - hdb_entry_ex *entry) -{ - krb5_error_code ret; - int msgid; - - ret = LDAP__connect(context, db); - if (ret) - return ret; - - ret = LDAP_no_size_limit(context, HDB2LDAP(db)); - if (ret) - return ret; - - msgid = ldap_search(HDB2LDAP(db), HDB2BASE(db), - LDAP_SCOPE_SUBTREE, - "(|(objectClass=krb5Principal)(objectClass=sambaSamAccount))", - krb5kdcentry_attrs, 0); - if (msgid < 0) - return HDB_ERR_NOENTRY; - - HDBSETMSGID(db, msgid); - - return LDAP_seq(context, db, flags, entry); -} - -static krb5_error_code -LDAP_nextkey(krb5_context context, HDB * db, unsigned flags, - hdb_entry_ex * entry) -{ - return LDAP_seq(context, db, flags, entry); -} - -static krb5_error_code -LDAP__connect(krb5_context context, HDB * db) -{ - int rc, version = LDAP_VERSION3; - /* - * Empty credentials to do a SASL bind with LDAP. Note that empty - * different from NULL credentials. If you provide NULL - * credentials instead of empty credentials you will get a SASL - * bind in progress message. - */ - struct berval bv = { 0, "" }; - - if (HDB2LDAP(db)) { - /* connection has been opened. ping server. */ - struct sockaddr_un addr; - socklen_t len = sizeof(addr); - int sd; - - if (ldap_get_option(HDB2LDAP(db), LDAP_OPT_DESC, &sd) == 0 && - getpeername(sd, (struct sockaddr *) &addr, &len) < 0) { - /* the other end has died. reopen. */ - LDAP_close(context, db); - } - } - - if (HDB2LDAP(db) != NULL) /* server is UP */ - return 0; - - rc = ldap_initialize(&((struct hdbldapdb *)db->hdb_db)->h_lp, HDB2URL(db)); - if (rc != LDAP_SUCCESS) { - krb5_set_error_string(context, "ldap_initialize: %s", - ldap_err2string(rc)); - return HDB_ERR_NOENTRY; - } - - rc = ldap_set_option(HDB2LDAP(db), LDAP_OPT_PROTOCOL_VERSION, - (const void *)&version); - if (rc != LDAP_SUCCESS) { - krb5_set_error_string(context, "ldap_set_option: %s", - ldap_err2string(rc)); - LDAP_close(context, db); - return HDB_ERR_BADVERSION; - } - - rc = ldap_sasl_bind_s(HDB2LDAP(db), NULL, "EXTERNAL", &bv, - NULL, NULL, NULL); - if (rc != LDAP_SUCCESS) { - krb5_set_error_string(context, "ldap_sasl_bind_s: %s", - ldap_err2string(rc)); - LDAP_close(context, db); - return HDB_ERR_BADVERSION; - } - - return 0; -} - -static krb5_error_code -LDAP_open(krb5_context context, HDB * db, int flags, mode_t mode) -{ - /* Not the right place for this. */ -#ifdef HAVE_SIGACTION - struct sigaction sa; - - sa.sa_flags = 0; - sa.sa_handler = SIG_IGN; - sigemptyset(&sa.sa_mask); - - sigaction(SIGPIPE, &sa, NULL); -#else - signal(SIGPIPE, SIG_IGN); -#endif /* HAVE_SIGACTION */ - - return LDAP__connect(context, db); -} - -static krb5_error_code -LDAP_fetch(krb5_context context, HDB * db, krb5_const_principal principal, - unsigned flags, hdb_entry_ex * entry) -{ - LDAPMessage *msg, *e; - krb5_error_code ret; - - ret = LDAP_principal2message(context, db, principal, &msg); - if (ret) - return ret; - - e = ldap_first_entry(HDB2LDAP(db), msg); - if (e == NULL) { - ret = HDB_ERR_NOENTRY; - goto out; - } - - ret = LDAP_message2entry(context, db, e, entry); - if (ret == 0) { - if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) { - ret = hdb_unseal_keys(context, db, &entry->entry); - if (ret) - hdb_free_entry(context, entry); - } - } - - out: - ldap_msgfree(msg); - - return ret; -} - -static krb5_error_code -LDAP_store(krb5_context context, HDB * db, unsigned flags, - hdb_entry_ex * entry) -{ - LDAPMod **mods = NULL; - krb5_error_code ret; - const char *errfn; - int rc; - LDAPMessage *msg = NULL, *e = NULL; - char *dn = NULL, *name = NULL; - - ret = LDAP_principal2message(context, db, entry->entry.principal, &msg); - if (ret == 0) - e = ldap_first_entry(HDB2LDAP(db), msg); - - ret = krb5_unparse_name(context, entry->entry.principal, &name); - if (ret) { - free(name); - return ret; - } - - ret = hdb_seal_keys(context, db, &entry->entry); - if (ret) - goto out; - - /* turn new entry into LDAPMod array */ - ret = LDAP_entry2mods(context, db, entry, e, &mods); - if (ret) - goto out; - - if (e == NULL) { - ret = asprintf(&dn, "krb5PrincipalName=%s,%s", name, HDB2CREATE(db)); - if (ret < 0) { - krb5_set_error_string(context, "asprintf: out of memory"); - ret = ENOMEM; - goto out; - } - } else if (flags & HDB_F_REPLACE) { - /* Entry exists, and we're allowed to replace it. */ - dn = ldap_get_dn(HDB2LDAP(db), e); - } else { - /* Entry exists, but we're not allowed to replace it. Bail. */ - ret = HDB_ERR_EXISTS; - goto out; - } - - /* write entry into directory */ - if (e == NULL) { - /* didn't exist before */ - rc = ldap_add_s(HDB2LDAP(db), dn, mods); - errfn = "ldap_add_s"; - } else { - /* already existed, send deltas only */ - rc = ldap_modify_s(HDB2LDAP(db), dn, mods); - errfn = "ldap_modify_s"; - } - - if (check_ldap(context, db, rc)) { - char *ld_error = NULL; - ldap_get_option(HDB2LDAP(db), LDAP_OPT_ERROR_STRING, - &ld_error); - krb5_set_error_string(context, "%s: %s (DN=%s) %s: %s", - errfn, name, dn, ldap_err2string(rc), ld_error); - ret = HDB_ERR_CANT_LOCK_DB; - } else - ret = 0; - - out: - /* free stuff */ - if (dn) - free(dn); - if (msg) - ldap_msgfree(msg); - if (mods) - ldap_mods_free(mods, 1); - if (name) - free(name); - - return ret; -} - -static krb5_error_code -LDAP_remove(krb5_context context, HDB *db, krb5_const_principal principal) -{ - krb5_error_code ret; - LDAPMessage *msg, *e; - char *dn = NULL; - int rc, limit = LDAP_NO_LIMIT; - - ret = LDAP_principal2message(context, db, principal, &msg); - if (ret) - goto out; - - e = ldap_first_entry(HDB2LDAP(db), msg); - if (e == NULL) { - ret = HDB_ERR_NOENTRY; - goto out; - } - - dn = ldap_get_dn(HDB2LDAP(db), e); - if (dn == NULL) { - ret = HDB_ERR_NOENTRY; - goto out; - } - - rc = ldap_set_option(HDB2LDAP(db), LDAP_OPT_SIZELIMIT, (const void *)&limit); - if (rc != LDAP_SUCCESS) { - krb5_set_error_string(context, "ldap_set_option: %s", - ldap_err2string(rc)); - ret = HDB_ERR_BADVERSION; - goto out; - } - - rc = ldap_delete_s(HDB2LDAP(db), dn); - if (check_ldap(context, db, rc)) { - krb5_set_error_string(context, "ldap_delete_s: %s", - ldap_err2string(rc)); - ret = HDB_ERR_CANT_LOCK_DB; - } else - ret = 0; - - out: - if (dn != NULL) - free(dn); - if (msg != NULL) - ldap_msgfree(msg); - - return ret; -} - -static krb5_error_code -LDAP_destroy(krb5_context context, HDB * db) -{ - krb5_error_code ret; - - LDAP_close(context, db); - - ret = hdb_clear_master_key(context, db); - if (HDB2BASE(db)) - free(HDB2BASE(db)); - if (HDB2CREATE(db)) - free(HDB2CREATE(db)); - if (HDB2URL(db)) - free(HDB2URL(db)); - if (db->hdb_name) - free(db->hdb_name); - free(db->hdb_db); - free(db); - - return ret; -} - -krb5_error_code -hdb_ldap_common(krb5_context context, - HDB ** db, - const char *search_base, - const char *url) -{ - struct hdbldapdb *h; - const char *create_base = NULL; - - if (search_base == NULL && search_base[0] == '\0') { - krb5_set_error_string(context, "ldap search base not configured"); - return ENOMEM; /* XXX */ - } - - if (structural_object == NULL) { - const char *p; - - p = krb5_config_get_string(context, NULL, "kdc", - "hdb-ldap-structural-object", NULL); - if (p == NULL) - p = default_structural_object; - structural_object = strdup(p); - if (structural_object == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - } - - samba_forwardable = - krb5_config_get_bool_default(context, NULL, TRUE, - "kdc", "hdb-samba-forwardable", NULL); - - *db = calloc(1, sizeof(**db)); - if (*db == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - memset(*db, 0, sizeof(**db)); - - h = calloc(1, sizeof(*h)); - if (h == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - free(*db); - *db = NULL; - return ENOMEM; - } - (*db)->hdb_db = h; - - /* XXX */ - if (asprintf(&(*db)->hdb_name, "ldap:%s", search_base) == -1) { - LDAP_destroy(context, *db); - krb5_set_error_string(context, "strdup: out of memory"); - *db = NULL; - return ENOMEM; - } - - h->h_url = strdup(url); - h->h_base = strdup(search_base); - if (h->h_url == NULL || h->h_base == NULL) { - LDAP_destroy(context, *db); - krb5_set_error_string(context, "strdup: out of memory"); - *db = NULL; - return ENOMEM; - } - - create_base = krb5_config_get_string(context, NULL, "kdc", - "hdb-ldap-create-base", NULL); - if (create_base == NULL) - create_base = h->h_base; - - h->h_createbase = strdup(create_base); - if (h->h_createbase == NULL) { - LDAP_destroy(context, *db); - krb5_set_error_string(context, "strdup: out of memory"); - *db = NULL; - return ENOMEM; - } - - (*db)->hdb_master_key_set = 0; - (*db)->hdb_openp = 0; - (*db)->hdb_open = LDAP_open; - (*db)->hdb_close = LDAP_close; - (*db)->hdb_fetch = LDAP_fetch; - (*db)->hdb_store = LDAP_store; - (*db)->hdb_remove = LDAP_remove; - (*db)->hdb_firstkey = LDAP_firstkey; - (*db)->hdb_nextkey = LDAP_nextkey; - (*db)->hdb_lock = LDAP_lock; - (*db)->hdb_unlock = LDAP_unlock; - (*db)->hdb_rename = NULL; - (*db)->hdb__get = NULL; - (*db)->hdb__put = NULL; - (*db)->hdb__del = NULL; - (*db)->hdb_destroy = LDAP_destroy; - - return 0; -} - -krb5_error_code -hdb_ldap_create(krb5_context context, HDB ** db, const char *arg) -{ - return hdb_ldap_common(context, db, arg, "ldapi:///"); -} - -krb5_error_code -hdb_ldapi_create(krb5_context context, HDB ** db, const char *arg) -{ - krb5_error_code ret; - char *search_base, *p; - - asprintf(&p, "ldapi:%s", arg); - if (p == NULL) { - krb5_set_error_string(context, "out of memory"); - *db = NULL; - return ENOMEM; - } - search_base = strchr(p + strlen("ldapi://"), ':'); - if (search_base == NULL) { - krb5_set_error_string(context, "search base missing"); - *db = NULL; - return HDB_ERR_BADVERSION; - } - *search_base = '\0'; - search_base++; - - ret = hdb_ldap_common(context, db, search_base, p); - free(p); - return ret; -} - -#ifdef OPENLDAP_MODULE - -struct hdb_so_method hdb_ldap_interface = { - HDB_INTERFACE_VERSION, - "ldap", - hdb_ldap_create -}; - -struct hdb_so_method hdb_ldapi_interface = { - HDB_INTERFACE_VERSION, - "ldapi", - hdb_ldapi_create -}; - -#endif - -#endif /* OPENLDAP */ diff --git a/crypto/heimdal/lib/hdb/hdb-private.h b/crypto/heimdal/lib/hdb/hdb-private.h deleted file mode 100644 index 5147d8b..0000000 --- a/crypto/heimdal/lib/hdb/hdb-private.h +++ /dev/null @@ -1,54 +0,0 @@ -/* This is a generated file */ -#ifndef __hdb_private_h__ -#define __hdb_private_h__ - -#include <stdarg.h> - -krb5_error_code -_hdb_fetch ( - krb5_context /*context*/, - HDB */*db*/, - krb5_const_principal /*principal*/, - unsigned /*flags*/, - hdb_entry_ex */*entry*/); - -hdb_master_key -_hdb_find_master_key ( - uint32_t */*mkvno*/, - hdb_master_key /*mkey*/); - -int -_hdb_mkey_decrypt ( - krb5_context /*context*/, - hdb_master_key /*key*/, - krb5_key_usage /*usage*/, - void */*ptr*/, - size_t /*size*/, - krb5_data */*res*/); - -int -_hdb_mkey_encrypt ( - krb5_context /*context*/, - hdb_master_key /*key*/, - krb5_key_usage /*usage*/, - const void */*ptr*/, - size_t /*size*/, - krb5_data */*res*/); - -int -_hdb_mkey_version (hdb_master_key /*mkey*/); - -krb5_error_code -_hdb_remove ( - krb5_context /*context*/, - HDB */*db*/, - krb5_const_principal /*principal*/); - -krb5_error_code -_hdb_store ( - krb5_context /*context*/, - HDB */*db*/, - unsigned /*flags*/, - hdb_entry_ex */*entry*/); - -#endif /* __hdb_private_h__ */ diff --git a/crypto/heimdal/lib/hdb/hdb-protos.h b/crypto/heimdal/lib/hdb/hdb-protos.h deleted file mode 100644 index 4c3d3eb..0000000 --- a/crypto/heimdal/lib/hdb/hdb-protos.h +++ /dev/null @@ -1,400 +0,0 @@ -/* This is a generated file */ -#ifndef __hdb_protos_h__ -#define __hdb_protos_h__ - -#include <stdarg.h> - -#ifdef __cplusplus -extern "C" { -#endif - -krb5_error_code -hdb_add_master_key ( - krb5_context /*context*/, - krb5_keyblock */*key*/, - hdb_master_key */*inout*/); - -krb5_error_code -hdb_check_db_format ( - krb5_context /*context*/, - HDB */*db*/); - -krb5_error_code -hdb_clear_extension ( - krb5_context /*context*/, - hdb_entry */*entry*/, - int /*type*/); - -krb5_error_code -hdb_clear_master_key ( - krb5_context /*context*/, - HDB */*db*/); - -krb5_error_code -hdb_create ( - krb5_context /*context*/, - HDB **/*db*/, - const char */*filename*/); - -krb5_error_code -hdb_db_create ( - krb5_context /*context*/, - HDB **/*db*/, - const char */*filename*/); - -const char * -hdb_db_dir (krb5_context /*context*/); - -const char * -hdb_dbinfo_get_acl_file ( - krb5_context /*context*/, - struct hdb_dbinfo */*dbp*/); - -const krb5_config_binding * -hdb_dbinfo_get_binding ( - krb5_context /*context*/, - struct hdb_dbinfo */*dbp*/); - -const char * -hdb_dbinfo_get_dbname ( - krb5_context /*context*/, - struct hdb_dbinfo */*dbp*/); - -const char * -hdb_dbinfo_get_label ( - krb5_context /*context*/, - struct hdb_dbinfo */*dbp*/); - -const char * -hdb_dbinfo_get_log_file ( - krb5_context /*context*/, - struct hdb_dbinfo */*dbp*/); - -const char * -hdb_dbinfo_get_mkey_file ( - krb5_context /*context*/, - struct hdb_dbinfo */*dbp*/); - -struct hdb_dbinfo * -hdb_dbinfo_get_next ( - struct hdb_dbinfo */*dbp*/, - struct hdb_dbinfo */*dbprevp*/); - -const char * -hdb_dbinfo_get_realm ( - krb5_context /*context*/, - struct hdb_dbinfo */*dbp*/); - -const char * -hdb_default_db (krb5_context /*context*/); - -krb5_error_code -hdb_enctype2key ( - krb5_context /*context*/, - hdb_entry */*e*/, - krb5_enctype /*enctype*/, - Key **/*key*/); - -krb5_error_code -hdb_entry2string ( - krb5_context /*context*/, - hdb_entry */*ent*/, - char **/*str*/); - -int -hdb_entry2value ( - krb5_context /*context*/, - const hdb_entry */*ent*/, - krb5_data */*value*/); - -int -hdb_entry_alias2value ( - krb5_context /*context*/, - const hdb_entry_alias */*alias*/, - krb5_data */*value*/); - -krb5_error_code -hdb_entry_check_mandatory ( - krb5_context /*context*/, - const hdb_entry */*ent*/); - -int -hdb_entry_clear_password ( - krb5_context /*context*/, - hdb_entry */*entry*/); - -krb5_error_code -hdb_entry_get_ConstrainedDelegACL ( - const hdb_entry */*entry*/, - const HDB_Ext_Constrained_delegation_acl **/*a*/); - -krb5_error_code -hdb_entry_get_aliases ( - const hdb_entry */*entry*/, - const HDB_Ext_Aliases **/*a*/); - -int -hdb_entry_get_password ( - krb5_context /*context*/, - HDB */*db*/, - const hdb_entry */*entry*/, - char **/*p*/); - -krb5_error_code -hdb_entry_get_pkinit_acl ( - const hdb_entry */*entry*/, - const HDB_Ext_PKINIT_acl **/*a*/); - -krb5_error_code -hdb_entry_get_pkinit_hash ( - const hdb_entry */*entry*/, - const HDB_Ext_PKINIT_hash **/*a*/); - -krb5_error_code -hdb_entry_get_pw_change_time ( - const hdb_entry */*entry*/, - time_t */*t*/); - -int -hdb_entry_set_password ( - krb5_context /*context*/, - HDB */*db*/, - hdb_entry */*entry*/, - const char */*p*/); - -krb5_error_code -hdb_entry_set_pw_change_time ( - krb5_context /*context*/, - hdb_entry */*entry*/, - time_t /*t*/); - -HDB_extension * -hdb_find_extension ( - const hdb_entry */*entry*/, - int /*type*/); - -krb5_error_code -hdb_foreach ( - krb5_context /*context*/, - HDB */*db*/, - unsigned /*flags*/, - hdb_foreach_func_t /*func*/, - void */*data*/); - -void -hdb_free_dbinfo ( - krb5_context /*context*/, - struct hdb_dbinfo **/*dbp*/); - -void -hdb_free_entry ( - krb5_context /*context*/, - hdb_entry_ex */*ent*/); - -void -hdb_free_key (Key */*key*/); - -void -hdb_free_keys ( - krb5_context /*context*/, - int /*len*/, - Key */*keys*/); - -void -hdb_free_master_key ( - krb5_context /*context*/, - hdb_master_key /*mkey*/); - -krb5_error_code -hdb_generate_key_set ( - krb5_context /*context*/, - krb5_principal /*principal*/, - Key **/*ret_key_set*/, - size_t */*nkeyset*/, - int /*no_salt*/); - -krb5_error_code -hdb_generate_key_set_password ( - krb5_context /*context*/, - krb5_principal /*principal*/, - const char */*password*/, - Key **/*keys*/, - size_t */*num_keys*/); - -int -hdb_get_dbinfo ( - krb5_context /*context*/, - struct hdb_dbinfo **/*dbp*/); - -krb5_error_code -hdb_init_db ( - krb5_context /*context*/, - HDB */*db*/); - -int -hdb_key2principal ( - krb5_context /*context*/, - krb5_data */*key*/, - krb5_principal /*p*/); - -krb5_error_code -hdb_ldap_common ( - krb5_context /*context*/, - HDB ** /*db*/, - const char */*search_base*/, - const char */*url*/); - -krb5_error_code -hdb_ldap_create ( - krb5_context /*context*/, - HDB ** /*db*/, - const char */*arg*/); - -krb5_error_code -hdb_ldapi_create ( - krb5_context /*context*/, - HDB ** /*db*/, - const char */*arg*/); - -krb5_error_code -hdb_list_builtin ( - krb5_context /*context*/, - char **/*list*/); - -krb5_error_code -hdb_lock ( - int /*fd*/, - int /*operation*/); - -krb5_error_code -hdb_ndbm_create ( - krb5_context /*context*/, - HDB **/*db*/, - const char */*filename*/); - -krb5_error_code -hdb_next_enctype2key ( - krb5_context /*context*/, - const hdb_entry */*e*/, - krb5_enctype /*enctype*/, - Key **/*key*/); - -int -hdb_principal2key ( - krb5_context /*context*/, - krb5_const_principal /*p*/, - krb5_data */*key*/); - -krb5_error_code -hdb_print_entry ( - krb5_context /*context*/, - HDB */*db*/, - hdb_entry_ex */*entry*/, - void */*data*/); - -krb5_error_code -hdb_process_master_key ( - krb5_context /*context*/, - int /*kvno*/, - krb5_keyblock */*key*/, - krb5_enctype /*etype*/, - hdb_master_key */*mkey*/); - -krb5_error_code -hdb_read_master_key ( - krb5_context /*context*/, - const char */*filename*/, - hdb_master_key */*mkey*/); - -krb5_error_code -hdb_replace_extension ( - krb5_context /*context*/, - hdb_entry */*entry*/, - const HDB_extension */*ext*/); - -krb5_error_code -hdb_seal_key ( - krb5_context /*context*/, - HDB */*db*/, - Key */*k*/); - -krb5_error_code -hdb_seal_key_mkey ( - krb5_context /*context*/, - Key */*k*/, - hdb_master_key /*mkey*/); - -krb5_error_code -hdb_seal_keys ( - krb5_context /*context*/, - HDB */*db*/, - hdb_entry */*ent*/); - -krb5_error_code -hdb_seal_keys_mkey ( - krb5_context /*context*/, - hdb_entry */*ent*/, - hdb_master_key /*mkey*/); - -krb5_error_code -hdb_set_master_key ( - krb5_context /*context*/, - HDB */*db*/, - krb5_keyblock */*key*/); - -krb5_error_code -hdb_set_master_keyfile ( - krb5_context /*context*/, - HDB */*db*/, - const char */*keyfile*/); - -krb5_error_code -hdb_unlock (int /*fd*/); - -krb5_error_code -hdb_unseal_key ( - krb5_context /*context*/, - HDB */*db*/, - Key */*k*/); - -krb5_error_code -hdb_unseal_key_mkey ( - krb5_context /*context*/, - Key */*k*/, - hdb_master_key /*mkey*/); - -krb5_error_code -hdb_unseal_keys ( - krb5_context /*context*/, - HDB */*db*/, - hdb_entry */*ent*/); - -krb5_error_code -hdb_unseal_keys_mkey ( - krb5_context /*context*/, - hdb_entry */*ent*/, - hdb_master_key /*mkey*/); - -int -hdb_value2entry ( - krb5_context /*context*/, - krb5_data */*value*/, - hdb_entry */*ent*/); - -int -hdb_value2entry_alias ( - krb5_context /*context*/, - krb5_data */*value*/, - hdb_entry_alias */*ent*/); - -krb5_error_code -hdb_write_master_key ( - krb5_context /*context*/, - const char */*filename*/, - hdb_master_key /*mkey*/); - -#ifdef __cplusplus -} -#endif - -#endif /* __hdb_protos_h__ */ diff --git a/crypto/heimdal/lib/hdb/hdb.asn1 b/crypto/heimdal/lib/hdb/hdb.asn1 deleted file mode 100644 index acd8f61..0000000 --- a/crypto/heimdal/lib/hdb/hdb.asn1 +++ /dev/null @@ -1,127 +0,0 @@ --- $Id: hdb.asn1 20236 2007-02-16 23:52:29Z lha $ -HDB DEFINITIONS ::= -BEGIN - -IMPORTS EncryptionKey, KerberosTime, Principal FROM krb5; - -HDB_DB_FORMAT INTEGER ::= 2 -- format of database, - -- update when making changes - --- these must have the same value as the pa-* counterparts -hdb-pw-salt INTEGER ::= 3 -hdb-afs3-salt INTEGER ::= 10 - -Salt ::= SEQUENCE { - type[0] INTEGER (0..4294967295), - salt[1] OCTET STRING -} - -Key ::= SEQUENCE { - mkvno[0] INTEGER (0..4294967295) OPTIONAL, -- master key version number - key[1] EncryptionKey, - salt[2] Salt OPTIONAL -} - -Event ::= SEQUENCE { - time[0] KerberosTime, - principal[1] Principal OPTIONAL -} - -HDBFlags ::= BIT STRING { - initial(0), -- require as-req - forwardable(1), -- may issue forwardable - proxiable(2), -- may issue proxiable - renewable(3), -- may issue renewable - postdate(4), -- may issue postdatable - server(5), -- may be server - client(6), -- may be client - invalid(7), -- entry is invalid - require-preauth(8), -- must use preauth - change-pw(9), -- change password service - require-hwauth(10), -- must use hwauth - ok-as-delegate(11), -- as in TicketFlags - user-to-user(12), -- may use user-to-user auth - immutable(13), -- may not be deleted - trusted-for-delegation(14), -- Trusted to print forwardabled tickets - allow-kerberos4(15), -- Allow Kerberos 4 requests - allow-digest(16) -- Allow digest requests -} - -GENERATION ::= SEQUENCE { - time[0] KerberosTime, -- timestamp - usec[1] INTEGER (0..4294967295), -- microseconds - gen[2] INTEGER (0..4294967295) -- generation number -} - -HDB-Ext-PKINIT-acl ::= SEQUENCE OF SEQUENCE { - subject[0] UTF8String, - issuer[1] UTF8String OPTIONAL, - anchor[2] UTF8String OPTIONAL -} - -HDB-Ext-PKINIT-hash ::= SEQUENCE OF SEQUENCE { - digest-type[0] OBJECT IDENTIFIER, - digest[1] OCTET STRING -} - -HDB-Ext-Constrained-delegation-acl ::= SEQUENCE OF Principal - --- hdb-ext-referrals ::= PA-SERVER-REFERRAL-DATA - -HDB-Ext-Lan-Manager-OWF ::= OCTET STRING - -HDB-Ext-Password ::= SEQUENCE { - mkvno[0] INTEGER (0..4294967295) OPTIONAL, -- master key version number - password OCTET STRING -} - -HDB-Ext-Aliases ::= SEQUENCE { - case-insensitive[0] BOOLEAN, -- case insensitive name allowed - aliases[1] SEQUENCE OF Principal -- all names, inc primary -} - - -HDB-extension ::= SEQUENCE { - mandatory[0] BOOLEAN, -- kdc MUST understand this extension, - -- if not the whole entry must - -- be rejected - data[1] CHOICE { - pkinit-acl[0] HDB-Ext-PKINIT-acl, - pkinit-cert-hash[1] HDB-Ext-PKINIT-hash, - allowed-to-delegate-to[2] HDB-Ext-Constrained-delegation-acl, --- referral-info[3] HDB-Ext-Referrals, - lm-owf[4] HDB-Ext-Lan-Manager-OWF, - password[5] HDB-Ext-Password, - aliases[6] HDB-Ext-Aliases, - last-pw-change[7] KerberosTime, - ... - }, - ... -} - -HDB-extensions ::= SEQUENCE OF HDB-extension - - -hdb_entry ::= SEQUENCE { - principal[0] Principal OPTIONAL, -- this is optional only - -- for compatibility with libkrb5 - kvno[1] INTEGER (0..4294967295), - keys[2] SEQUENCE OF Key, - created-by[3] Event, - modified-by[4] Event OPTIONAL, - valid-start[5] KerberosTime OPTIONAL, - valid-end[6] KerberosTime OPTIONAL, - pw-end[7] KerberosTime OPTIONAL, - max-life[8] INTEGER (0..4294967295) OPTIONAL, - max-renew[9] INTEGER (0..4294967295) OPTIONAL, - flags[10] HDBFlags, - etypes[11] SEQUENCE OF INTEGER (0..4294967295) OPTIONAL, - generation[12] GENERATION OPTIONAL, - extensions[13] HDB-extensions OPTIONAL -} - -hdb_entry_alias ::= [APPLICATION 0] SEQUENCE { - principal[0] Principal OPTIONAL -} - -END diff --git a/crypto/heimdal/lib/hdb/hdb.c b/crypto/heimdal/lib/hdb/hdb.c deleted file mode 100644 index a515709..0000000 --- a/crypto/heimdal/lib/hdb/hdb.c +++ /dev/null @@ -1,412 +0,0 @@ -/* - * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "hdb_locl.h" - -RCSID("$Id: hdb.c 20214 2007-02-09 21:51:10Z lha $"); - -#ifdef HAVE_DLFCN_H -#include <dlfcn.h> -#endif - -struct hdb_method { - const char *prefix; - krb5_error_code (*create)(krb5_context, HDB **, const char *filename); -}; - -static struct hdb_method methods[] = { -#if HAVE_DB1 || HAVE_DB3 - {"db:", hdb_db_create}, -#endif -#if HAVE_NDBM - {"ndbm:", hdb_ndbm_create}, -#endif -#if defined(OPENLDAP) && !defined(OPENLDAP_MODULE) - {"ldap:", hdb_ldap_create}, - {"ldapi:", hdb_ldapi_create}, -#endif -#ifdef HAVE_LDB /* Used for integrated samba build */ - {"ldb:", hdb_ldb_create}, -#endif - {NULL, NULL} -}; - -#if HAVE_DB1 || HAVE_DB3 -static struct hdb_method dbmetod = {"", hdb_db_create }; -#elif defined(HAVE_NDBM) -static struct hdb_method dbmetod = {"", hdb_ndbm_create }; -#endif - - -krb5_error_code -hdb_next_enctype2key(krb5_context context, - const hdb_entry *e, - krb5_enctype enctype, - Key **key) -{ - Key *k; - - for (k = *key ? (*key) + 1 : e->keys.val; - k < e->keys.val + e->keys.len; - k++) - { - if(k->key.keytype == enctype){ - *key = k; - return 0; - } - } - krb5_set_error_string(context, "No next enctype %d for hdb-entry", - (int)enctype); - return KRB5_PROG_ETYPE_NOSUPP; /* XXX */ -} - -krb5_error_code -hdb_enctype2key(krb5_context context, - hdb_entry *e, - krb5_enctype enctype, - Key **key) -{ - *key = NULL; - return hdb_next_enctype2key(context, e, enctype, key); -} - -void -hdb_free_key(Key *key) -{ - memset(key->key.keyvalue.data, - 0, - key->key.keyvalue.length); - free_Key(key); - free(key); -} - - -krb5_error_code -hdb_lock(int fd, int operation) -{ - int i, code = 0; - - for(i = 0; i < 3; i++){ - code = flock(fd, (operation == HDB_RLOCK ? LOCK_SH : LOCK_EX) | LOCK_NB); - if(code == 0 || errno != EWOULDBLOCK) - break; - sleep(1); - } - if(code == 0) - return 0; - if(errno == EWOULDBLOCK) - return HDB_ERR_DB_INUSE; - return HDB_ERR_CANT_LOCK_DB; -} - -krb5_error_code -hdb_unlock(int fd) -{ - int code; - code = flock(fd, LOCK_UN); - if(code) - return 4711 /* XXX */; - return 0; -} - -void -hdb_free_entry(krb5_context context, hdb_entry_ex *ent) -{ - int i; - - if (ent->free_entry) - (*ent->free_entry)(context, ent); - - for(i = 0; i < ent->entry.keys.len; ++i) { - Key *k = &ent->entry.keys.val[i]; - - memset (k->key.keyvalue.data, 0, k->key.keyvalue.length); - } - free_hdb_entry(&ent->entry); -} - -krb5_error_code -hdb_foreach(krb5_context context, - HDB *db, - unsigned flags, - hdb_foreach_func_t func, - void *data) -{ - krb5_error_code ret; - hdb_entry_ex entry; - ret = db->hdb_firstkey(context, db, flags, &entry); - if (ret == 0) - krb5_clear_error_string(context); - while(ret == 0){ - ret = (*func)(context, db, &entry, data); - hdb_free_entry(context, &entry); - if(ret == 0) - ret = db->hdb_nextkey(context, db, flags, &entry); - } - if(ret == HDB_ERR_NOENTRY) - ret = 0; - return ret; -} - -krb5_error_code -hdb_check_db_format(krb5_context context, HDB *db) -{ - krb5_data tag; - krb5_data version; - krb5_error_code ret, ret2; - unsigned ver; - int foo; - - ret = db->hdb_lock(context, db, HDB_RLOCK); - if (ret) - return ret; - - tag.data = HDB_DB_FORMAT_ENTRY; - tag.length = strlen(tag.data); - ret = (*db->hdb__get)(context, db, tag, &version); - ret2 = db->hdb_unlock(context, db); - if(ret) - return ret; - if (ret2) - return ret2; - foo = sscanf(version.data, "%u", &ver); - krb5_data_free (&version); - if (foo != 1) - return HDB_ERR_BADVERSION; - if(ver != HDB_DB_FORMAT) - return HDB_ERR_BADVERSION; - return 0; -} - -krb5_error_code -hdb_init_db(krb5_context context, HDB *db) -{ - krb5_error_code ret, ret2; - krb5_data tag; - krb5_data version; - char ver[32]; - - ret = hdb_check_db_format(context, db); - if(ret != HDB_ERR_NOENTRY) - return ret; - - ret = db->hdb_lock(context, db, HDB_WLOCK); - if (ret) - return ret; - - tag.data = HDB_DB_FORMAT_ENTRY; - tag.length = strlen(tag.data); - snprintf(ver, sizeof(ver), "%u", HDB_DB_FORMAT); - version.data = ver; - version.length = strlen(version.data) + 1; /* zero terminated */ - ret = (*db->hdb__put)(context, db, 0, tag, version); - ret2 = db->hdb_unlock(context, db); - if (ret) { - if (ret2) - krb5_clear_error_string(context); - return ret; - } - return ret2; -} - -#ifdef HAVE_DLOPEN - - /* - * Load a dynamic backend from /usr/heimdal/lib/hdb_NAME.so, - * looking for the hdb_NAME_create symbol. - */ - -static const struct hdb_method * -find_dynamic_method (krb5_context context, - const char *filename, - const char **rest) -{ - static struct hdb_method method; - struct hdb_so_method *mso; - char *prefix, *path, *symbol; - const char *p; - void *dl; - size_t len; - - p = strchr(filename, ':'); - - /* if no prefix, don't know what module to load, just ignore it */ - if (p == NULL) - return NULL; - - len = p - filename; - *rest = filename + len + 1; - - prefix = strndup(filename, len); - if (prefix == NULL) - krb5_errx(context, 1, "out of memory"); - - if (asprintf(&path, LIBDIR "/hdb_%s.so", prefix) == -1) - krb5_errx(context, 1, "out of memory"); - -#ifndef RTLD_NOW -#define RTLD_NOW 0 -#endif -#ifndef RTLD_GLOBAL -#define RTLD_GLOBAL 0 -#endif - - dl = dlopen(path, RTLD_NOW | RTLD_GLOBAL); - if (dl == NULL) { - krb5_warnx(context, "error trying to load dynamic module %s: %s\n", - path, dlerror()); - free(prefix); - free(path); - return NULL; - } - - if (asprintf(&symbol, "hdb_%s_interface", prefix) == -1) - krb5_errx(context, 1, "out of memory"); - - mso = dlsym(dl, symbol); - if (mso == NULL) { - krb5_warnx(context, "error finding symbol %s in %s: %s\n", - symbol, path, dlerror()); - dlclose(dl); - free(symbol); - free(prefix); - free(path); - return NULL; - } - free(path); - free(symbol); - - if (mso->version != HDB_INTERFACE_VERSION) { - krb5_warnx(context, - "error wrong version in shared module %s " - "version: %d should have been %d\n", - prefix, mso->version, HDB_INTERFACE_VERSION); - dlclose(dl); - free(prefix); - return NULL; - } - - if (mso->create == NULL) { - krb5_errx(context, 1, - "no entry point function in shared mod %s ", - prefix); - dlclose(dl); - free(prefix); - return NULL; - } - - method.create = mso->create; - method.prefix = prefix; - - return &method; -} -#endif /* HAVE_DLOPEN */ - -/* - * find the relevant method for `filename', returning a pointer to the - * rest in `rest'. - * return NULL if there's no such method. - */ - -static const struct hdb_method * -find_method (const char *filename, const char **rest) -{ - const struct hdb_method *h; - - for (h = methods; h->prefix != NULL; ++h) { - if (strncmp (filename, h->prefix, strlen(h->prefix)) == 0) { - *rest = filename + strlen(h->prefix); - return h; - } - } -#if defined(HAVE_DB1) || defined(HAVE_DB3) || defined(HAVE_NDBM) - if (strncmp(filename, "/", 1) == 0 - || strncmp(filename, "./", 2) == 0 - || strncmp(filename, "../", 3) == 0) - { - *rest = filename; - return &dbmetod; - } -#endif - - return NULL; -} - -krb5_error_code -hdb_list_builtin(krb5_context context, char **list) -{ - const struct hdb_method *h; - size_t len = 0; - char *buf = NULL; - - for (h = methods; h->prefix != NULL; ++h) { - if (h->prefix[0] == '\0') - continue; - len += strlen(h->prefix) + 2; - } - - len += 1; - buf = malloc(len); - if (buf == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - buf[0] = '\0'; - - for (h = methods; h->prefix != NULL; ++h) { - if (h != methods) - strlcat(buf, ", ", len); - strlcat(buf, h->prefix, len); - } - *list = buf; - return 0; -} - -krb5_error_code -hdb_create(krb5_context context, HDB **db, const char *filename) -{ - const struct hdb_method *h; - const char *residual; - - if(filename == NULL) - filename = HDB_DEFAULT_DB; - krb5_add_et_list(context, initialize_hdb_error_table_r); - h = find_method (filename, &residual); -#ifdef HAVE_DLOPEN - if (h == NULL) - h = find_dynamic_method (context, filename, &residual); -#endif - if (h == NULL) - krb5_errx(context, 1, "No database support for %s", filename); - return (*h->create)(context, db, residual); -} diff --git a/crypto/heimdal/lib/hdb/hdb.h b/crypto/heimdal/lib/hdb/hdb.h deleted file mode 100644 index 742b924..0000000 --- a/crypto/heimdal/lib/hdb/hdb.h +++ /dev/null @@ -1,144 +0,0 @@ -/* - * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* $Id: hdb.h 22198 2007-12-07 13:09:25Z lha $ */ - -#ifndef __HDB_H__ -#define __HDB_H__ - -#include <hdb_err.h> - -#include <heim_asn1.h> -#include <hdb_asn1.h> - -struct hdb_dbinfo; - -enum hdb_lockop{ HDB_RLOCK, HDB_WLOCK }; - -/* flags for various functions */ -#define HDB_F_DECRYPT 1 /* decrypt keys */ -#define HDB_F_REPLACE 2 /* replace entry */ -#define HDB_F_GET_CLIENT 4 /* fetch client */ -#define HDB_F_GET_SERVER 8 /* fetch server */ -#define HDB_F_GET_KRBTGT 16 /* fetch krbtgt */ -#define HDB_F_GET_ANY 28 /* fetch any of client,server,krbtgt */ -#define HDB_F_CANON 32 /* want canonicalition */ - -/* key usage for master key */ -#define HDB_KU_MKEY 0x484442 - -typedef struct hdb_master_key_data *hdb_master_key; - -typedef struct hdb_entry_ex { - void *ctx; - hdb_entry entry; - void (*free_entry)(krb5_context, struct hdb_entry_ex *); -} hdb_entry_ex; - - -typedef struct HDB{ - void *hdb_db; - void *hdb_dbc; - char *hdb_name; - int hdb_master_key_set; - hdb_master_key hdb_master_key; - int hdb_openp; - - krb5_error_code (*hdb_open)(krb5_context, - struct HDB*, - int, - mode_t); - krb5_error_code (*hdb_close)(krb5_context, - struct HDB*); - void (*hdb_free)(krb5_context, - struct HDB*, - hdb_entry_ex*); - krb5_error_code (*hdb_fetch)(krb5_context, - struct HDB*, - krb5_const_principal, - unsigned, - hdb_entry_ex*); - krb5_error_code (*hdb_store)(krb5_context, - struct HDB*, - unsigned, - hdb_entry_ex*); - krb5_error_code (*hdb_remove)(krb5_context, - struct HDB*, - krb5_const_principal); - krb5_error_code (*hdb_firstkey)(krb5_context, - struct HDB*, - unsigned, - hdb_entry_ex*); - krb5_error_code (*hdb_nextkey)(krb5_context, - struct HDB*, - unsigned, - hdb_entry_ex*); - krb5_error_code (*hdb_lock)(krb5_context, - struct HDB*, - int operation); - krb5_error_code (*hdb_unlock)(krb5_context, - struct HDB*); - krb5_error_code (*hdb_rename)(krb5_context, - struct HDB*, - const char*); - krb5_error_code (*hdb__get)(krb5_context, - struct HDB*, - krb5_data, - krb5_data*); - krb5_error_code (*hdb__put)(krb5_context, - struct HDB*, - int, - krb5_data, - krb5_data); - krb5_error_code (*hdb__del)(krb5_context, - struct HDB*, - krb5_data); - krb5_error_code (*hdb_destroy)(krb5_context, - struct HDB*); -}HDB; - -#define HDB_INTERFACE_VERSION 4 - -struct hdb_so_method { - int version; - const char *prefix; - krb5_error_code (*create)(krb5_context, HDB **, const char *filename); -}; - -typedef krb5_error_code (*hdb_foreach_func_t)(krb5_context, HDB*, - hdb_entry_ex*, void*); -extern krb5_kt_ops hdb_kt_ops; - -#include <hdb-protos.h> - -#endif /* __HDB_H__ */ diff --git a/crypto/heimdal/lib/hdb/hdb.schema b/crypto/heimdal/lib/hdb/hdb.schema deleted file mode 100644 index 6e5c0f7..0000000 --- a/crypto/heimdal/lib/hdb/hdb.schema +++ /dev/null @@ -1,139 +0,0 @@ -# Definitions for a Kerberos V KDC schema -# -# $Id: hdb.schema 14958 2005-04-25 17:33:40Z lha $ -# -# This version is compatible with OpenLDAP 1.8 -# -# OID Base is iso(1) org(3) dod(6) internet(1) private(4) enterprise(1) padl(5322) kdcSchema(10) -# -# Syntaxes are under 1.3.6.1.4.1.5322.10.0 -# Attributes types are under 1.3.6.1.4.1.5322.10.1 -# Object classes are under 1.3.6.1.4.1.5322.10.2 - -# Syntax definitions - -#krb5KDCFlagsSyntax SYNTAX ::= { -# WITH SYNTAX INTEGER -#-- initial(0), -- require as-req -#-- forwardable(1), -- may issue forwardable -#-- proxiable(2), -- may issue proxiable -#-- renewable(3), -- may issue renewable -#-- postdate(4), -- may issue postdatable -#-- server(5), -- may be server -#-- client(6), -- may be client -#-- invalid(7), -- entry is invalid -#-- require-preauth(8), -- must use preauth -#-- change-pw(9), -- change password service -#-- require-hwauth(10), -- must use hwauth -#-- ok-as-delegate(11), -- as in TicketFlags -#-- user-to-user(12), -- may use user-to-user auth -#-- immutable(13) -- may not be deleted -# ID { 1.3.6.1.4.1.5322.10.0.1 } -#} - -#krb5PrincipalNameSyntax SYNTAX ::= { -# WITH SYNTAX OCTET STRING -#-- String representations of distinguished names as per RFC1510 -# ID { 1.3.6.1.4.1.5322.10.0.2 } -#} - -# Attribute type definitions - -attributetype ( 1.3.6.1.4.1.5322.10.1.1 - NAME 'krb5PrincipalName' - DESC 'The unparsed Kerberos principal name' - EQUALITY caseExactIA5Match - SINGLE-VALUE - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -attributetype ( 1.3.6.1.4.1.5322.10.1.2 - NAME 'krb5KeyVersionNumber' - EQUALITY integerMatch - SINGLE-VALUE - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) - -attributetype ( 1.3.6.1.4.1.5322.10.1.3 - NAME 'krb5MaxLife' - EQUALITY integerMatch - SINGLE-VALUE - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) - -attributetype ( 1.3.6.1.4.1.5322.10.1.4 - NAME 'krb5MaxRenew' - EQUALITY integerMatch - SINGLE-VALUE - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) - -attributetype ( 1.3.6.1.4.1.5322.10.1.5 - NAME 'krb5KDCFlags' - EQUALITY integerMatch - SINGLE-VALUE - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) - -attributetype ( 1.3.6.1.4.1.5322.10.1.6 - NAME 'krb5EncryptionType' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) - -attributetype ( 1.3.6.1.4.1.5322.10.1.7 - NAME 'krb5ValidStart' - EQUALITY generalizedTimeMatch - ORDERING generalizedTimeOrderingMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 - SINGLE-VALUE ) - -attributetype ( 1.3.6.1.4.1.5322.10.1.8 - NAME 'krb5ValidEnd' - EQUALITY generalizedTimeMatch - ORDERING generalizedTimeOrderingMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 - SINGLE-VALUE ) - -attributetype ( 1.3.6.1.4.1.5322.10.1.9 - NAME 'krb5PasswordEnd' - EQUALITY generalizedTimeMatch - ORDERING generalizedTimeOrderingMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 - SINGLE-VALUE ) - -# this is temporary; keys will eventually -# be child entries or compound attributes. -attributetype ( 1.3.6.1.4.1.5322.10.1.10 - NAME 'krb5Key' - DESC 'Encoded ASN1 Key as an octet string' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ) - -attributetype ( 1.3.6.1.4.1.5322.10.1.11 - NAME 'krb5PrincipalRealm' - DESC 'Distinguished name of krb5Realm entry' - SUP distinguishedName ) - -attributetype ( 1.3.6.1.4.1.5322.10.1.12 - NAME 'krb5RealmName' - EQUALITY octetStringMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} ) - -# Object class definitions - -objectclass ( 1.3.6.1.4.1.5322.10.2.1 - NAME 'krb5Principal' - SUP top - AUXILIARY - MUST ( krb5PrincipalName ) - MAY ( cn $ krb5PrincipalRealm ) ) - -objectclass ( 1.3.6.1.4.1.5322.10.2.2 - NAME 'krb5KDCEntry' - SUP krb5Principal - AUXILIARY - MUST ( krb5KeyVersionNumber ) - MAY ( krb5ValidStart $ krb5ValidEnd $ krb5PasswordEnd $ - krb5MaxLife $ krb5MaxRenew $ krb5KDCFlags $ - krb5EncryptionType $ krb5Key ) ) - -objectclass ( 1.3.6.1.4.1.5322.10.2.3 - NAME 'krb5Realm' - SUP top - AUXILIARY - MUST ( krb5RealmName ) ) - diff --git a/crypto/heimdal/lib/hdb/hdb_err.et b/crypto/heimdal/lib/hdb/hdb_err.et deleted file mode 100644 index 5c5b80b..0000000 --- a/crypto/heimdal/lib/hdb/hdb_err.et +++ /dev/null @@ -1,28 +0,0 @@ -# -# Error messages for the hdb library -# -# This might look like a com_err file, but is not -# -id "$Id: hdb_err.et 15878 2005-08-11 13:17:22Z lha $" - -error_table hdb - -prefix HDB_ERR - -index 1 -#error_code INUSE, "Entry already exists in database" -error_code UK_SERROR, "Database store error" -error_code UK_RERROR, "Database read error" -error_code NOENTRY, "No such entry in the database" -error_code DB_INUSE, "Database is locked or in use--try again later" -error_code DB_CHANGED, "Database was modified during read" -error_code RECURSIVELOCK, "Attempt to lock database twice" -error_code NOTLOCKED, "Attempt to unlock database when not locked" -error_code BADLOCKMODE, "Invalid kdb lock mode" -error_code CANT_LOCK_DB, "Insufficient access to lock database" -error_code EXISTS, "Entry already exists in database" -error_code BADVERSION, "Wrong database version" -error_code NO_MKEY, "No correct master key" -error_code MANDATORY_OPTION, "Entry contains unknown mandatory extension" - -end diff --git a/crypto/heimdal/lib/hdb/hdb_locl.h b/crypto/heimdal/lib/hdb/hdb_locl.h deleted file mode 100644 index abb4cd4..0000000 --- a/crypto/heimdal/lib/hdb/hdb_locl.h +++ /dev/null @@ -1,70 +0,0 @@ -/* - * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* $Id: hdb_locl.h 22209 2007-12-07 19:03:41Z lha $ */ - -#ifndef __HDB_LOCL_H__ -#define __HDB_LOCL_H__ - -#include <config.h> - -#include <stdio.h> -#include <string.h> -#include <stdlib.h> -#include <errno.h> -#ifdef HAVE_SYS_TYPES_H -#include <sys/types.h> -#endif -#ifdef HAVE_UNISTD_H -#include <unistd.h> -#endif -#ifdef HAVE_FCNTL_H -#include <fcntl.h> -#endif -#ifdef HAVE_SYS_FILE_H -#include <sys/file.h> -#endif -#ifdef HAVE_LIMITS_H -#include <limits.h> -#endif -#include <roken.h> - -#include "crypto-headers.h" -#include <krb5.h> -#include <hdb.h> -#include <hdb-private.h> - -#define HDB_DEFAULT_DB HDB_DB_DIR "/heimdal" -#define HDB_DB_FORMAT_ENTRY "hdb/db-format" - -#endif /* __HDB_LOCL_H__ */ diff --git a/crypto/heimdal/lib/hdb/keys.c b/crypto/heimdal/lib/hdb/keys.c deleted file mode 100644 index 60a5867..0000000 --- a/crypto/heimdal/lib/hdb/keys.c +++ /dev/null @@ -1,398 +0,0 @@ -/* - * Copyright (c) 1997 - 2001, 2003 - 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "hdb_locl.h" - -RCSID("$Id: keys.c 22071 2007-11-14 20:04:50Z lha $"); - -/* - * free all the memory used by (len, keys) - */ - -void -hdb_free_keys (krb5_context context, int len, Key *keys) -{ - int i; - - for (i = 0; i < len; i++) { - free(keys[i].mkvno); - keys[i].mkvno = NULL; - if (keys[i].salt != NULL) { - free_Salt(keys[i].salt); - free(keys[i].salt); - keys[i].salt = NULL; - } - krb5_free_keyblock_contents(context, &keys[i].key); - } - free (keys); -} - -/* - * for each entry in `default_keys' try to parse it as a sequence - * of etype:salttype:salt, syntax of this if something like: - * [(des|des3|etype):](pw-salt|afs3)[:string], if etype is omitted it - * means all etypes, and if string is omitted is means the default - * string (for that principal). Additional special values: - * v5 == pw-salt, and - * v4 == des:pw-salt: - * afs or afs3 == des:afs3-salt - */ - -/* the 3 DES types must be first */ -static const krb5_enctype all_etypes[] = { - ETYPE_DES_CBC_MD5, - ETYPE_DES_CBC_MD4, - ETYPE_DES_CBC_CRC, - ETYPE_AES256_CTS_HMAC_SHA1_96, - ETYPE_ARCFOUR_HMAC_MD5, - ETYPE_DES3_CBC_SHA1 -}; - -static krb5_error_code -parse_key_set(krb5_context context, const char *key, - krb5_enctype **ret_enctypes, size_t *ret_num_enctypes, - krb5_salt *salt, krb5_principal principal) -{ - const char *p; - char buf[3][256]; - int num_buf = 0; - int i, num_enctypes = 0; - krb5_enctype e; - const krb5_enctype *enctypes = NULL; - krb5_error_code ret; - - p = key; - - *ret_enctypes = NULL; - *ret_num_enctypes = 0; - - /* split p in a list of :-separated strings */ - for(num_buf = 0; num_buf < 3; num_buf++) - if(strsep_copy(&p, ":", buf[num_buf], sizeof(buf[num_buf])) == -1) - break; - - salt->saltvalue.data = NULL; - salt->saltvalue.length = 0; - - for(i = 0; i < num_buf; i++) { - if(enctypes == NULL && num_buf > 1) { - /* this might be a etype specifier */ - /* XXX there should be a string_to_etypes handling - special cases like `des' and `all' */ - if(strcmp(buf[i], "des") == 0) { - enctypes = all_etypes; - num_enctypes = 3; - } else if(strcmp(buf[i], "des3") == 0) { - e = ETYPE_DES3_CBC_SHA1; - enctypes = &e; - num_enctypes = 1; - } else { - ret = krb5_string_to_enctype(context, buf[i], &e); - if (ret == 0) { - enctypes = &e; - num_enctypes = 1; - } else - return ret; - } - continue; - } - if(salt->salttype == 0) { - /* interpret string as a salt specifier, if no etype - is set, this sets default values */ - /* XXX should perhaps use string_to_salttype, but that - interface sucks */ - if(strcmp(buf[i], "pw-salt") == 0) { - if(enctypes == NULL) { - enctypes = all_etypes; - num_enctypes = sizeof(all_etypes)/sizeof(all_etypes[0]); - } - salt->salttype = KRB5_PW_SALT; - } else if(strcmp(buf[i], "afs3-salt") == 0) { - if(enctypes == NULL) { - enctypes = all_etypes; - num_enctypes = 3; - } - salt->salttype = KRB5_AFS3_SALT; - } - continue; - } - - { - /* if there is a final string, use it as the string to - salt with, this is mostly useful with null salt for - v4 compat, and a cell name for afs compat */ - salt->saltvalue.data = strdup(buf[i]); - if (salt->saltvalue.data == NULL) { - krb5_set_error_string(context, "out of memory"); - return ENOMEM; - } - salt->saltvalue.length = strlen(buf[i]); - } - } - - if(enctypes == NULL || salt->salttype == 0) { - krb5_set_error_string(context, "bad value for default_keys `%s'", key); - return EINVAL; - } - - /* if no salt was specified make up default salt */ - if(salt->saltvalue.data == NULL) { - if(salt->salttype == KRB5_PW_SALT) - ret = krb5_get_pw_salt(context, principal, salt); - else if(salt->salttype == KRB5_AFS3_SALT) { - krb5_realm *realm = krb5_princ_realm(context, principal); - salt->saltvalue.data = strdup(*realm); - if(salt->saltvalue.data == NULL) { - krb5_set_error_string(context, "out of memory while " - "parsing salt specifiers"); - return ENOMEM; - } - strlwr(salt->saltvalue.data); - salt->saltvalue.length = strlen(*realm); - } - } - - *ret_enctypes = malloc(sizeof(enctypes[0]) * num_enctypes); - if (*ret_enctypes == NULL) { - krb5_free_salt(context, *salt); - krb5_set_error_string(context, "out of memory"); - return ENOMEM; - } - memcpy(*ret_enctypes, enctypes, sizeof(enctypes[0]) * num_enctypes); - *ret_num_enctypes = num_enctypes; - - return 0; -} - -static krb5_error_code -add_enctype_to_key_set(Key **key_set, size_t *nkeyset, - krb5_enctype enctype, krb5_salt *salt) -{ - krb5_error_code ret; - Key key, *tmp; - - memset(&key, 0, sizeof(key)); - - tmp = realloc(*key_set, (*nkeyset + 1) * sizeof((*key_set)[0])); - if (tmp == NULL) - return ENOMEM; - - *key_set = tmp; - - key.key.keytype = enctype; - key.key.keyvalue.length = 0; - key.key.keyvalue.data = NULL; - - if (salt) { - key.salt = malloc(sizeof(*key.salt)); - if (key.salt == NULL) { - free_Key(&key); - return ENOMEM; - } - - key.salt->type = salt->salttype; - krb5_data_zero (&key.salt->salt); - - ret = krb5_data_copy(&key.salt->salt, - salt->saltvalue.data, - salt->saltvalue.length); - if (ret) { - free_Key(&key); - return ret; - } - } else - key.salt = NULL; - - (*key_set)[*nkeyset] = key; - - *nkeyset += 1; - - return 0; -} - - -/* - * Generate the `key_set' from the [kadmin]default_keys statement. If - * `no_salt' is set, salt is not important (and will not be set) since - * it's random keys that is going to be created. - */ - -krb5_error_code -hdb_generate_key_set(krb5_context context, krb5_principal principal, - Key **ret_key_set, size_t *nkeyset, int no_salt) -{ - char **ktypes, **kp; - krb5_error_code ret; - Key *k, *key_set; - int i, j; - char *default_keytypes[] = { - "des:pw-salt", - "aes256-cts-hmac-sha1-96:pw-salt", - "des3-cbc-sha1:pw-salt", - "arcfour-hmac-md5:pw-salt", - NULL - }; - - ktypes = krb5_config_get_strings(context, NULL, "kadmin", - "default_keys", NULL); - if (ktypes == NULL) - ktypes = default_keytypes; - - if (ktypes == NULL) - abort(); - - *ret_key_set = key_set = NULL; - *nkeyset = 0; - - ret = 0; - - for(kp = ktypes; kp && *kp; kp++) { - const char *p; - krb5_salt salt; - krb5_enctype *enctypes; - size_t num_enctypes; - - p = *kp; - /* check alias */ - if(strcmp(p, "v5") == 0) - p = "pw-salt"; - else if(strcmp(p, "v4") == 0) - p = "des:pw-salt:"; - else if(strcmp(p, "afs") == 0 || strcmp(p, "afs3") == 0) - p = "des:afs3-salt"; - else if (strcmp(p, "arcfour-hmac-md5") == 0) - p = "arcfour-hmac-md5:pw-salt"; - - memset(&salt, 0, sizeof(salt)); - - ret = parse_key_set(context, p, - &enctypes, &num_enctypes, &salt, principal); - if (ret) { - krb5_warn(context, ret, "bad value for default_keys `%s'", *kp); - ret = 0; - continue; - } - - for (i = 0; i < num_enctypes; i++) { - /* find duplicates */ - for (j = 0; j < *nkeyset; j++) { - - k = &key_set[j]; - - if (k->key.keytype == enctypes[i]) { - if (no_salt) - break; - if (k->salt == NULL && salt.salttype == KRB5_PW_SALT) - break; - if (k->salt->type == salt.salttype && - k->salt->salt.length == salt.saltvalue.length && - memcmp(k->salt->salt.data, salt.saltvalue.data, - salt.saltvalue.length) == 0) - break; - } - } - /* not a duplicate, lets add it */ - if (j == *nkeyset) { - ret = add_enctype_to_key_set(&key_set, nkeyset, enctypes[i], - no_salt ? NULL : &salt); - if (ret) { - free(enctypes); - krb5_free_salt(context, salt); - goto out; - } - } - } - free(enctypes); - krb5_free_salt(context, salt); - } - - *ret_key_set = key_set; - - out: - if (ktypes != default_keytypes) - krb5_config_free_strings(ktypes); - - if (ret) { - krb5_warn(context, ret, - "failed to parse the [kadmin]default_keys values"); - - for (i = 0; i < *nkeyset; i++) - free_Key(&key_set[i]); - free(key_set); - } else if (*nkeyset == 0) { - krb5_warnx(context, - "failed to parse any of the [kadmin]default_keys values"); - ret = EINVAL; /* XXX */ - } - - return ret; -} - - -krb5_error_code -hdb_generate_key_set_password(krb5_context context, - krb5_principal principal, - const char *password, - Key **keys, size_t *num_keys) -{ - krb5_error_code ret; - int i; - - ret = hdb_generate_key_set(context, principal, - keys, num_keys, 0); - if (ret) - return ret; - - for (i = 0; i < (*num_keys); i++) { - krb5_salt salt; - - salt.salttype = (*keys)[i].salt->type; - salt.saltvalue.length = (*keys)[i].salt->salt.length; - salt.saltvalue.data = (*keys)[i].salt->salt.data; - - ret = krb5_string_to_key_salt (context, - (*keys)[i].key.keytype, - password, - salt, - &(*keys)[i].key); - - if(ret) - break; - } - - if(ret) { - hdb_free_keys (context, *num_keys, *keys); - return ret; - } - return ret; -} diff --git a/crypto/heimdal/lib/hdb/keytab.c b/crypto/heimdal/lib/hdb/keytab.c deleted file mode 100644 index e319bb5..0000000 --- a/crypto/heimdal/lib/hdb/keytab.c +++ /dev/null @@ -1,272 +0,0 @@ -/* - * Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "hdb_locl.h" - -/* keytab backend for HDB databases */ - -RCSID("$Id: keytab.c 18380 2006-10-09 12:36:40Z lha $"); - -struct hdb_data { - char *dbname; - char *mkey; -}; - -/* - * the format for HDB keytabs is: - * HDB:[database:file:mkey] - */ - -static krb5_error_code -hdb_resolve(krb5_context context, const char *name, krb5_keytab id) -{ - struct hdb_data *d; - const char *db, *mkey; - - d = malloc(sizeof(*d)); - if(d == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - db = name; - mkey = strchr(name, ':'); - if(mkey == NULL || mkey[1] == '\0') { - if(*name == '\0') - d->dbname = NULL; - else { - d->dbname = strdup(name); - if(d->dbname == NULL) { - free(d); - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - } - d->mkey = NULL; - } else { - if((mkey - db) == 0) { - d->dbname = NULL; - } else { - d->dbname = malloc(mkey - db + 1); - if(d->dbname == NULL) { - free(d); - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - memmove(d->dbname, db, mkey - db); - d->dbname[mkey - db] = '\0'; - } - d->mkey = strdup(mkey + 1); - if(d->mkey == NULL) { - free(d->dbname); - free(d); - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - } - id->data = d; - return 0; -} - -static krb5_error_code -hdb_close(krb5_context context, krb5_keytab id) -{ - struct hdb_data *d = id->data; - - free(d->dbname); - free(d->mkey); - free(d); - return 0; -} - -static krb5_error_code -hdb_get_name(krb5_context context, - krb5_keytab id, - char *name, - size_t namesize) -{ - struct hdb_data *d = id->data; - - snprintf(name, namesize, "%s%s%s", - d->dbname ? d->dbname : "", - (d->dbname || d->mkey) ? ":" : "", - d->mkey ? d->mkey : ""); - return 0; -} - -static void -set_config (krb5_context context, - const krb5_config_binding *binding, - const char **dbname, - const char **mkey) -{ - *dbname = krb5_config_get_string(context, binding, "dbname", NULL); - *mkey = krb5_config_get_string(context, binding, "mkey_file", NULL); -} - -/* - * try to figure out the database (`dbname') and master-key (`mkey') - * that should be used for `principal'. - */ - -static void -find_db (krb5_context context, - const char **dbname, - const char **mkey, - krb5_const_principal principal) -{ - const krb5_config_binding *top_bind = NULL; - const krb5_config_binding *default_binding = NULL; - const krb5_config_binding *db; - krb5_realm *prealm = krb5_princ_realm(context, rk_UNCONST(principal)); - - *dbname = *mkey = NULL; - - while ((db = - krb5_config_get_next(context, - NULL, - &top_bind, - krb5_config_list, - "kdc", - "database", - NULL)) != NULL) { - const char *p; - - p = krb5_config_get_string (context, db, "realm", NULL); - if (p == NULL) { - if(default_binding) { - krb5_warnx(context, "WARNING: more than one realm-less " - "database specification"); - krb5_warnx(context, "WARNING: using the first encountered"); - } else - default_binding = db; - } else if (strcmp (*prealm, p) == 0) { - set_config (context, db, dbname, mkey); - break; - } - } - if (*dbname == NULL && default_binding != NULL) - set_config (context, default_binding, dbname, mkey); - if (*dbname == NULL) - *dbname = HDB_DEFAULT_DB; -} - -/* - * find the keytab entry in `id' for `principal, kvno, enctype' and return - * it in `entry'. return 0 or an error code - */ - -static krb5_error_code -hdb_get_entry(krb5_context context, - krb5_keytab id, - krb5_const_principal principal, - krb5_kvno kvno, - krb5_enctype enctype, - krb5_keytab_entry *entry) -{ - hdb_entry_ex ent; - krb5_error_code ret; - struct hdb_data *d = id->data; - int i; - HDB *db; - const char *dbname = d->dbname; - const char *mkey = d->mkey; - - memset(&ent, 0, sizeof(ent)); - - if (dbname == NULL) - find_db (context, &dbname, &mkey, principal); - - ret = hdb_create (context, &db, dbname); - if (ret) - return ret; - ret = hdb_set_master_keyfile (context, db, mkey); - if (ret) { - (*db->hdb_destroy)(context, db); - return ret; - } - - ret = (*db->hdb_open)(context, db, O_RDONLY, 0); - if (ret) { - (*db->hdb_destroy)(context, db); - return ret; - } - ret = (*db->hdb_fetch)(context, db, principal, - HDB_F_DECRYPT| - HDB_F_GET_CLIENT|HDB_F_GET_SERVER|HDB_F_GET_KRBTGT, - &ent); - - if(ret == HDB_ERR_NOENTRY) { - ret = KRB5_KT_NOTFOUND; - goto out; - }else if(ret) - goto out; - - if(kvno && ent.entry.kvno != kvno) { - hdb_free_entry(context, &ent); - ret = KRB5_KT_NOTFOUND; - goto out; - } - if(enctype == 0) - if(ent.entry.keys.len > 0) - enctype = ent.entry.keys.val[0].key.keytype; - ret = KRB5_KT_NOTFOUND; - for(i = 0; i < ent.entry.keys.len; i++) { - if(ent.entry.keys.val[i].key.keytype == enctype) { - krb5_copy_principal(context, principal, &entry->principal); - entry->vno = ent.entry.kvno; - krb5_copy_keyblock_contents(context, - &ent.entry.keys.val[i].key, - &entry->keyblock); - ret = 0; - break; - } - } - hdb_free_entry(context, &ent); -out: - (*db->hdb_close)(context, db); - (*db->hdb_destroy)(context, db); - return ret; -} - -krb5_kt_ops hdb_kt_ops = { - "HDB", - hdb_resolve, - hdb_get_name, - hdb_close, - hdb_get_entry, - NULL, /* start_seq_get */ - NULL, /* next_entry */ - NULL, /* end_seq_get */ - NULL, /* add */ - NULL /* remove */ -}; diff --git a/crypto/heimdal/lib/hdb/mkey.c b/crypto/heimdal/lib/hdb/mkey.c deleted file mode 100644 index 05cf71c..0000000 --- a/crypto/heimdal/lib/hdb/mkey.c +++ /dev/null @@ -1,603 +0,0 @@ -/* - * Copyright (c) 2000 - 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "hdb_locl.h" -#ifndef O_BINARY -#define O_BINARY 0 -#endif - -RCSID("$Id: mkey.c 21745 2007-07-31 16:11:25Z lha $"); - -struct hdb_master_key_data { - krb5_keytab_entry keytab; - krb5_crypto crypto; - struct hdb_master_key_data *next; -}; - -void -hdb_free_master_key(krb5_context context, hdb_master_key mkey) -{ - struct hdb_master_key_data *ptr; - while(mkey) { - krb5_kt_free_entry(context, &mkey->keytab); - if (mkey->crypto) - krb5_crypto_destroy(context, mkey->crypto); - ptr = mkey; - mkey = mkey->next; - free(ptr); - } -} - -krb5_error_code -hdb_process_master_key(krb5_context context, - int kvno, krb5_keyblock *key, krb5_enctype etype, - hdb_master_key *mkey) -{ - krb5_error_code ret; - - *mkey = calloc(1, sizeof(**mkey)); - if(*mkey == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - (*mkey)->keytab.vno = kvno; - ret = krb5_parse_name(context, "K/M", &(*mkey)->keytab.principal); - if(ret) - goto fail; - ret = krb5_copy_keyblock_contents(context, key, &(*mkey)->keytab.keyblock); - if(ret) - goto fail; - if(etype != 0) - (*mkey)->keytab.keyblock.keytype = etype; - (*mkey)->keytab.timestamp = time(NULL); - ret = krb5_crypto_init(context, key, etype, &(*mkey)->crypto); - if(ret) - goto fail; - return 0; - fail: - hdb_free_master_key(context, *mkey); - *mkey = NULL; - return ret; -} - -krb5_error_code -hdb_add_master_key(krb5_context context, krb5_keyblock *key, - hdb_master_key *inout) -{ - int vno = 0; - hdb_master_key p; - krb5_error_code ret; - - for(p = *inout; p; p = p->next) - vno = max(vno, p->keytab.vno); - vno++; - ret = hdb_process_master_key(context, vno, key, 0, &p); - if(ret) - return ret; - p->next = *inout; - *inout = p; - return 0; -} - -static krb5_error_code -read_master_keytab(krb5_context context, const char *filename, - hdb_master_key *mkey) -{ - krb5_error_code ret; - krb5_keytab id; - krb5_kt_cursor cursor; - krb5_keytab_entry entry; - hdb_master_key p; - - ret = krb5_kt_resolve(context, filename, &id); - if(ret) - return ret; - - ret = krb5_kt_start_seq_get(context, id, &cursor); - if(ret) - goto out; - *mkey = NULL; - while(krb5_kt_next_entry(context, id, &entry, &cursor) == 0) { - p = calloc(1, sizeof(*p)); - if(p == NULL) { - krb5_kt_end_seq_get(context, id, &cursor); - ret = ENOMEM; - goto out; - } - p->keytab = entry; - ret = krb5_crypto_init(context, &p->keytab.keyblock, 0, &p->crypto); - p->next = *mkey; - *mkey = p; - } - krb5_kt_end_seq_get(context, id, &cursor); - out: - krb5_kt_close(context, id); - return ret; -} - -/* read a MIT master keyfile */ -static krb5_error_code -read_master_mit(krb5_context context, const char *filename, - hdb_master_key *mkey) -{ - int fd; - krb5_error_code ret; - krb5_storage *sp; - int16_t enctype; - krb5_keyblock key; - - fd = open(filename, O_RDONLY | O_BINARY); - if(fd < 0) { - int save_errno = errno; - krb5_set_error_string(context, "failed to open %s: %s", filename, - strerror(save_errno)); - return save_errno; - } - sp = krb5_storage_from_fd(fd); - if(sp == NULL) { - close(fd); - return errno; - } - krb5_storage_set_flags(sp, KRB5_STORAGE_HOST_BYTEORDER); -#if 0 - /* could possibly use ret_keyblock here, but do it with more - checks for now */ - ret = krb5_ret_keyblock(sp, &key); -#else - ret = krb5_ret_int16(sp, &enctype); - if((htons(enctype) & 0xff00) == 0x3000) { - krb5_set_error_string(context, "unknown keytype in %s: %#x, expected %#x", - filename, htons(enctype), 0x3000); - ret = HEIM_ERR_BAD_MKEY; - goto out; - } - key.keytype = enctype; - ret = krb5_ret_data(sp, &key.keyvalue); - if(ret) - goto out; -#endif - ret = hdb_process_master_key(context, 0, &key, 0, mkey); - krb5_free_keyblock_contents(context, &key); - out: - krb5_storage_free(sp); - close(fd); - return ret; -} - -/* read an old master key file */ -static krb5_error_code -read_master_encryptionkey(krb5_context context, const char *filename, - hdb_master_key *mkey) -{ - int fd; - krb5_keyblock key; - krb5_error_code ret; - unsigned char buf[256]; - ssize_t len; - size_t ret_len; - - fd = open(filename, O_RDONLY | O_BINARY); - if(fd < 0) { - int save_errno = errno; - krb5_set_error_string(context, "failed to open %s: %s", - filename, strerror(save_errno)); - return save_errno; - } - - len = read(fd, buf, sizeof(buf)); - close(fd); - if(len < 0) { - int save_errno = errno; - krb5_set_error_string(context, "error reading %s: %s", - filename, strerror(save_errno)); - return save_errno; - } - - ret = decode_EncryptionKey(buf, len, &key, &ret_len); - memset(buf, 0, sizeof(buf)); - if(ret) - return ret; - - /* Originally, the keytype was just that, and later it got changed - to des-cbc-md5, but we always used des in cfb64 mode. This - should cover all cases, but will break if someone has hacked - this code to really use des-cbc-md5 -- but then that's not my - problem. */ - if(key.keytype == KEYTYPE_DES || key.keytype == ETYPE_DES_CBC_MD5) - key.keytype = ETYPE_DES_CFB64_NONE; - - ret = hdb_process_master_key(context, 0, &key, 0, mkey); - krb5_free_keyblock_contents(context, &key); - return ret; -} - -/* read a krb4 /.k style file */ -static krb5_error_code -read_master_krb4(krb5_context context, const char *filename, - hdb_master_key *mkey) -{ - int fd; - krb5_keyblock key; - krb5_error_code ret; - unsigned char buf[256]; - ssize_t len; - - fd = open(filename, O_RDONLY | O_BINARY); - if(fd < 0) { - int save_errno = errno; - krb5_set_error_string(context, "failed to open %s: %s", - filename, strerror(save_errno)); - return save_errno; - } - - len = read(fd, buf, sizeof(buf)); - close(fd); - if(len < 0) { - int save_errno = errno; - krb5_set_error_string(context, "error reading %s: %s", - filename, strerror(save_errno)); - return save_errno; - } - if(len != 8) { - krb5_set_error_string(context, "bad contents of %s", filename); - return HEIM_ERR_EOF; /* XXX file might be too large */ - } - - memset(&key, 0, sizeof(key)); - key.keytype = ETYPE_DES_PCBC_NONE; - ret = krb5_data_copy(&key.keyvalue, buf, len); - memset(buf, 0, sizeof(buf)); - if(ret) - return ret; - - ret = hdb_process_master_key(context, 0, &key, 0, mkey); - krb5_free_keyblock_contents(context, &key); - return ret; -} - -krb5_error_code -hdb_read_master_key(krb5_context context, const char *filename, - hdb_master_key *mkey) -{ - FILE *f; - unsigned char buf[16]; - krb5_error_code ret; - - off_t len; - - *mkey = NULL; - - if(filename == NULL) - filename = HDB_DB_DIR "/m-key"; - - f = fopen(filename, "r"); - if(f == NULL) { - int save_errno = errno; - krb5_set_error_string(context, "failed to open %s: %s", - filename, strerror(save_errno)); - return save_errno; - } - - if(fread(buf, 1, 2, f) != 2) { - krb5_set_error_string(context, "end of file reading %s", filename); - fclose(f); - return HEIM_ERR_EOF; - } - - fseek(f, 0, SEEK_END); - len = ftell(f); - - if(fclose(f) != 0) - return errno; - - if(len < 0) - return errno; - - if(len == 8) { - ret = read_master_krb4(context, filename, mkey); - } else if(buf[0] == 0x30 && len <= 127 && buf[1] == len - 2) { - ret = read_master_encryptionkey(context, filename, mkey); - } else if(buf[0] == 5 && buf[1] >= 1 && buf[1] <= 2) { - ret = read_master_keytab(context, filename, mkey); - } else { - ret = read_master_mit(context, filename, mkey); - } - return ret; -} - -krb5_error_code -hdb_write_master_key(krb5_context context, const char *filename, - hdb_master_key mkey) -{ - krb5_error_code ret; - hdb_master_key p; - krb5_keytab kt; - - if(filename == NULL) - filename = HDB_DB_DIR "/m-key"; - - ret = krb5_kt_resolve(context, filename, &kt); - if(ret) - return ret; - - for(p = mkey; p; p = p->next) { - ret = krb5_kt_add_entry(context, kt, &p->keytab); - } - - krb5_kt_close(context, kt); - - return ret; -} - -hdb_master_key -_hdb_find_master_key(uint32_t *mkvno, hdb_master_key mkey) -{ - hdb_master_key ret = NULL; - while(mkey) { - if(ret == NULL && mkey->keytab.vno == 0) - ret = mkey; - if(mkvno == NULL) { - if(ret == NULL || mkey->keytab.vno > ret->keytab.vno) - ret = mkey; - } else if(mkey->keytab.vno == *mkvno) - return mkey; - mkey = mkey->next; - } - return ret; -} - -int -_hdb_mkey_version(hdb_master_key mkey) -{ - return mkey->keytab.vno; -} - -int -_hdb_mkey_decrypt(krb5_context context, hdb_master_key key, - krb5_key_usage usage, - void *ptr, size_t size, krb5_data *res) -{ - return krb5_decrypt(context, key->crypto, usage, - ptr, size, res); -} - -int -_hdb_mkey_encrypt(krb5_context context, hdb_master_key key, - krb5_key_usage usage, - const void *ptr, size_t size, krb5_data *res) -{ - return krb5_encrypt(context, key->crypto, usage, - ptr, size, res); -} - -krb5_error_code -hdb_unseal_key_mkey(krb5_context context, Key *k, hdb_master_key mkey) -{ - - krb5_error_code ret; - krb5_data res; - size_t keysize; - - hdb_master_key key; - - if(k->mkvno == NULL) - return 0; - - key = _hdb_find_master_key(k->mkvno, mkey); - - if (key == NULL) - return HDB_ERR_NO_MKEY; - - ret = _hdb_mkey_decrypt(context, key, HDB_KU_MKEY, - k->key.keyvalue.data, - k->key.keyvalue.length, - &res); - if(ret == KRB5KRB_AP_ERR_BAD_INTEGRITY) { - /* try to decrypt with MIT key usage */ - ret = _hdb_mkey_decrypt(context, key, 0, - k->key.keyvalue.data, - k->key.keyvalue.length, - &res); - } - if (ret) - return ret; - - /* fixup keylength if the key got padded when encrypting it */ - ret = krb5_enctype_keysize(context, k->key.keytype, &keysize); - if (ret) { - krb5_data_free(&res); - return ret; - } - if (keysize > res.length) { - krb5_data_free(&res); - return KRB5_BAD_KEYSIZE; - } - - memset(k->key.keyvalue.data, 0, k->key.keyvalue.length); - free(k->key.keyvalue.data); - k->key.keyvalue = res; - k->key.keyvalue.length = keysize; - free(k->mkvno); - k->mkvno = NULL; - - return 0; -} - -krb5_error_code -hdb_unseal_keys_mkey(krb5_context context, hdb_entry *ent, hdb_master_key mkey) -{ - int i; - - for(i = 0; i < ent->keys.len; i++){ - krb5_error_code ret; - - ret = hdb_unseal_key_mkey(context, &ent->keys.val[i], mkey); - if (ret) - return ret; - } - return 0; -} - -krb5_error_code -hdb_unseal_keys(krb5_context context, HDB *db, hdb_entry *ent) -{ - if (db->hdb_master_key_set == 0) - return 0; - return hdb_unseal_keys_mkey(context, ent, db->hdb_master_key); -} - -krb5_error_code -hdb_unseal_key(krb5_context context, HDB *db, Key *k) -{ - if (db->hdb_master_key_set == 0) - return 0; - return hdb_unseal_key_mkey(context, k, db->hdb_master_key); -} - -krb5_error_code -hdb_seal_key_mkey(krb5_context context, Key *k, hdb_master_key mkey) -{ - krb5_error_code ret; - krb5_data res; - hdb_master_key key; - - if(k->mkvno != NULL) - return 0; - - key = _hdb_find_master_key(k->mkvno, mkey); - - if (key == NULL) - return HDB_ERR_NO_MKEY; - - ret = _hdb_mkey_encrypt(context, key, HDB_KU_MKEY, - k->key.keyvalue.data, - k->key.keyvalue.length, - &res); - if (ret) - return ret; - - memset(k->key.keyvalue.data, 0, k->key.keyvalue.length); - free(k->key.keyvalue.data); - k->key.keyvalue = res; - - if (k->mkvno == NULL) { - k->mkvno = malloc(sizeof(*k->mkvno)); - if (k->mkvno == NULL) - return ENOMEM; - } - *k->mkvno = key->keytab.vno; - - return 0; -} - -krb5_error_code -hdb_seal_keys_mkey(krb5_context context, hdb_entry *ent, hdb_master_key mkey) -{ - int i; - for(i = 0; i < ent->keys.len; i++){ - krb5_error_code ret; - - ret = hdb_seal_key_mkey(context, &ent->keys.val[i], mkey); - if (ret) - return ret; - } - return 0; -} - -krb5_error_code -hdb_seal_keys(krb5_context context, HDB *db, hdb_entry *ent) -{ - if (db->hdb_master_key_set == 0) - return 0; - - return hdb_seal_keys_mkey(context, ent, db->hdb_master_key); -} - -krb5_error_code -hdb_seal_key(krb5_context context, HDB *db, Key *k) -{ - if (db->hdb_master_key_set == 0) - return 0; - - return hdb_seal_key_mkey(context, k, db->hdb_master_key); -} - -krb5_error_code -hdb_set_master_key (krb5_context context, - HDB *db, - krb5_keyblock *key) -{ - krb5_error_code ret; - hdb_master_key mkey; - - ret = hdb_process_master_key(context, 0, key, 0, &mkey); - if (ret) - return ret; - db->hdb_master_key = mkey; -#if 0 /* XXX - why? */ - des_set_random_generator_seed(key.keyvalue.data); -#endif - db->hdb_master_key_set = 1; - return 0; -} - -krb5_error_code -hdb_set_master_keyfile (krb5_context context, - HDB *db, - const char *keyfile) -{ - hdb_master_key key; - krb5_error_code ret; - - ret = hdb_read_master_key(context, keyfile, &key); - if (ret) { - if (ret != ENOENT) - return ret; - krb5_clear_error_string(context); - return 0; - } - db->hdb_master_key = key; - db->hdb_master_key_set = 1; - return ret; -} - -krb5_error_code -hdb_clear_master_key (krb5_context context, - HDB *db) -{ - if (db->hdb_master_key_set) { - hdb_free_master_key(context, db->hdb_master_key); - db->hdb_master_key_set = 0; - } - return 0; -} diff --git a/crypto/heimdal/lib/hdb/ndbm.c b/crypto/heimdal/lib/hdb/ndbm.c deleted file mode 100644 index 6575b8a..0000000 --- a/crypto/heimdal/lib/hdb/ndbm.c +++ /dev/null @@ -1,370 +0,0 @@ -/* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "hdb_locl.h" - -RCSID("$Id: ndbm.c 16395 2005-12-13 11:54:10Z lha $"); - -#if HAVE_NDBM - -#if defined(HAVE_GDBM_NDBM_H) -#include <gdbm/ndbm.h> -#elif defined(HAVE_NDBM_H) -#include <ndbm.h> -#elif defined(HAVE_DBM_H) -#include <dbm.h> -#endif - -struct ndbm_db { - DBM *db; - int lock_fd; -}; - -static krb5_error_code -NDBM_destroy(krb5_context context, HDB *db) -{ - krb5_error_code ret; - - ret = hdb_clear_master_key (context, db); - free(db->hdb_name); - free(db); - return 0; -} - -static krb5_error_code -NDBM_lock(krb5_context context, HDB *db, int operation) -{ - struct ndbm_db *d = db->hdb_db; - return hdb_lock(d->lock_fd, operation); -} - -static krb5_error_code -NDBM_unlock(krb5_context context, HDB *db) -{ - struct ndbm_db *d = db->hdb_db; - return hdb_unlock(d->lock_fd); -} - -static krb5_error_code -NDBM_seq(krb5_context context, HDB *db, - unsigned flags, hdb_entry_ex *entry, int first) - -{ - struct ndbm_db *d = (struct ndbm_db *)db->hdb_db; - datum key, value; - krb5_data key_data, data; - krb5_error_code ret = 0; - - if(first) - key = dbm_firstkey(d->db); - else - key = dbm_nextkey(d->db); - if(key.dptr == NULL) - return HDB_ERR_NOENTRY; - key_data.data = key.dptr; - key_data.length = key.dsize; - ret = db->hdb_lock(context, db, HDB_RLOCK); - if(ret) return ret; - value = dbm_fetch(d->db, key); - db->hdb_unlock(context, db); - data.data = value.dptr; - data.length = value.dsize; - memset(entry, 0, sizeof(*entry)); - if(hdb_value2entry(context, &data, &entry->entry)) - return NDBM_seq(context, db, flags, entry, 0); - if (db->hdb_master_key_set && (flags & HDB_F_DECRYPT)) { - ret = hdb_unseal_keys (context, db, &entry->entry); - if (ret) - hdb_free_entry (context, entry); - } - if (ret == 0 && entry->entry.principal == NULL) { - entry->entry.principal = malloc (sizeof(*entry->entry.principal)); - if (entry->entry.principal == NULL) { - ret = ENOMEM; - hdb_free_entry (context, entry); - krb5_set_error_string(context, "malloc: out of memory"); - } else { - hdb_key2principal (context, &key_data, entry->entry.principal); - } - } - return ret; -} - - -static krb5_error_code -NDBM_firstkey(krb5_context context, HDB *db,unsigned flags,hdb_entry_ex *entry) -{ - return NDBM_seq(context, db, flags, entry, 1); -} - - -static krb5_error_code -NDBM_nextkey(krb5_context context, HDB *db, unsigned flags,hdb_entry_ex *entry) -{ - return NDBM_seq(context, db, flags, entry, 0); -} - -static krb5_error_code -NDBM_rename(krb5_context context, HDB *db, const char *new_name) -{ - /* XXX this function will break */ - struct ndbm_db *d = db->hdb_db; - - int ret; - char *old_dir, *old_pag, *new_dir, *new_pag; - char *new_lock; - int lock_fd; - - /* lock old and new databases */ - ret = db->hdb_lock(context, db, HDB_WLOCK); - if(ret) - return ret; - asprintf(&new_lock, "%s.lock", new_name); - if(new_lock == NULL) { - db->hdb_unlock(context, db); - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - lock_fd = open(new_lock, O_RDWR | O_CREAT, 0600); - if(lock_fd < 0) { - ret = errno; - db->hdb_unlock(context, db); - krb5_set_error_string(context, "open(%s): %s", new_lock, - strerror(ret)); - free(new_lock); - return ret; - } - free(new_lock); - ret = hdb_lock(lock_fd, HDB_WLOCK); - if(ret) { - db->hdb_unlock(context, db); - close(lock_fd); - return ret; - } - - asprintf(&old_dir, "%s.dir", db->hdb_name); - asprintf(&old_pag, "%s.pag", db->hdb_name); - asprintf(&new_dir, "%s.dir", new_name); - asprintf(&new_pag, "%s.pag", new_name); - - ret = rename(old_dir, new_dir) || rename(old_pag, new_pag); - free(old_dir); - free(old_pag); - free(new_dir); - free(new_pag); - hdb_unlock(lock_fd); - db->hdb_unlock(context, db); - - if(ret) { - ret = errno; - close(lock_fd); - krb5_set_error_string(context, "rename: %s", strerror(ret)); - return ret; - } - - close(d->lock_fd); - d->lock_fd = lock_fd; - - free(db->hdb_name); - db->hdb_name = strdup(new_name); - return 0; -} - -static krb5_error_code -NDBM__get(krb5_context context, HDB *db, krb5_data key, krb5_data *reply) -{ - struct ndbm_db *d = (struct ndbm_db *)db->hdb_db; - datum k, v; - int code; - - k.dptr = key.data; - k.dsize = key.length; - code = db->hdb_lock(context, db, HDB_RLOCK); - if(code) - return code; - v = dbm_fetch(d->db, k); - db->hdb_unlock(context, db); - if(v.dptr == NULL) - return HDB_ERR_NOENTRY; - - krb5_data_copy(reply, v.dptr, v.dsize); - return 0; -} - -static krb5_error_code -NDBM__put(krb5_context context, HDB *db, int replace, - krb5_data key, krb5_data value) -{ - struct ndbm_db *d = (struct ndbm_db *)db->hdb_db; - datum k, v; - int code; - - k.dptr = key.data; - k.dsize = key.length; - v.dptr = value.data; - v.dsize = value.length; - - code = db->hdb_lock(context, db, HDB_WLOCK); - if(code) - return code; - code = dbm_store(d->db, k, v, replace ? DBM_REPLACE : DBM_INSERT); - db->hdb_unlock(context, db); - if(code == 1) - return HDB_ERR_EXISTS; - if (code < 0) - return code; - return 0; -} - -static krb5_error_code -NDBM__del(krb5_context context, HDB *db, krb5_data key) -{ - struct ndbm_db *d = (struct ndbm_db *)db->hdb_db; - datum k; - int code; - krb5_error_code ret; - - k.dptr = key.data; - k.dsize = key.length; - ret = db->hdb_lock(context, db, HDB_WLOCK); - if(ret) return ret; - code = dbm_delete(d->db, k); - db->hdb_unlock(context, db); - if(code < 0) - return errno; - return 0; -} - - -static krb5_error_code -NDBM_close(krb5_context context, HDB *db) -{ - struct ndbm_db *d = db->hdb_db; - dbm_close(d->db); - close(d->lock_fd); - free(d); - return 0; -} - -static krb5_error_code -NDBM_open(krb5_context context, HDB *db, int flags, mode_t mode) -{ - krb5_error_code ret; - struct ndbm_db *d = malloc(sizeof(*d)); - char *lock_file; - - if(d == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - asprintf(&lock_file, "%s.lock", (char*)db->hdb_name); - if(lock_file == NULL) { - free(d); - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - d->db = dbm_open((char*)db->hdb_name, flags, mode); - if(d->db == NULL){ - ret = errno; - free(d); - free(lock_file); - krb5_set_error_string(context, "dbm_open(%s): %s", db->hdb_name, - strerror(ret)); - return ret; - } - d->lock_fd = open(lock_file, O_RDWR | O_CREAT, 0600); - if(d->lock_fd < 0){ - ret = errno; - dbm_close(d->db); - free(d); - krb5_set_error_string(context, "open(%s): %s", lock_file, - strerror(ret)); - free(lock_file); - return ret; - } - free(lock_file); - db->hdb_db = d; - if((flags & O_ACCMODE) == O_RDONLY) - ret = hdb_check_db_format(context, db); - else - ret = hdb_init_db(context, db); - if(ret == HDB_ERR_NOENTRY) - return 0; - if (ret) { - NDBM_close(context, db); - krb5_set_error_string(context, "hdb_open: failed %s database %s", - (flags & O_ACCMODE) == O_RDONLY ? - "checking format of" : "initialize", - db->hdb_name); - } - return ret; -} - -krb5_error_code -hdb_ndbm_create(krb5_context context, HDB **db, - const char *filename) -{ - *db = calloc(1, sizeof(**db)); - if (*db == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - - (*db)->hdb_db = NULL; - (*db)->hdb_name = strdup(filename); - if ((*db)->hdb_name == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - free(*db); - *db = NULL; - return ENOMEM; - } - (*db)->hdb_master_key_set = 0; - (*db)->hdb_openp = 0; - (*db)->hdb_open = NDBM_open; - (*db)->hdb_close = NDBM_close; - (*db)->hdb_fetch = _hdb_fetch; - (*db)->hdb_store = _hdb_store; - (*db)->hdb_remove = _hdb_remove; - (*db)->hdb_firstkey = NDBM_firstkey; - (*db)->hdb_nextkey= NDBM_nextkey; - (*db)->hdb_lock = NDBM_lock; - (*db)->hdb_unlock = NDBM_unlock; - (*db)->hdb_rename = NDBM_rename; - (*db)->hdb__get = NDBM__get; - (*db)->hdb__put = NDBM__put; - (*db)->hdb__del = NDBM__del; - (*db)->hdb_destroy = NDBM_destroy; - return 0; -} - -#endif /* HAVE_NDBM */ diff --git a/crypto/heimdal/lib/hdb/print.c b/crypto/heimdal/lib/hdb/print.c deleted file mode 100644 index 60b7e8d..0000000 --- a/crypto/heimdal/lib/hdb/print.c +++ /dev/null @@ -1,294 +0,0 @@ -/* - * Copyright (c) 1999-2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of KTH nor the names of its contributors may be - * used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY - * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - -#include "hdb_locl.h" -#include <hex.h> -#include <ctype.h> - -RCSID("$Id: print.c 16378 2005-12-12 12:40:12Z lha $"); - -/* - This is the present contents of a dump line. This might change at - any time. Fields are separated by white space. - - principal - keyblock - kvno - keys... - mkvno - enctype - keyvalue - salt (- means use normal salt) - creation date and principal - modification date and principal - principal valid from date (not used) - principal valid end date (not used) - principal key expires (not used) - max ticket life - max renewable life - flags - generation number - */ - -static krb5_error_code -append_string(krb5_context context, krb5_storage *sp, const char *fmt, ...) -{ - krb5_error_code ret; - char *s; - va_list ap; - va_start(ap, fmt); - vasprintf(&s, fmt, ap); - va_end(ap); - if(s == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - ret = krb5_storage_write(sp, s, strlen(s)); - free(s); - return ret; -} - -static krb5_error_code -append_hex(krb5_context context, krb5_storage *sp, krb5_data *data) -{ - int i, printable = 1; - char *p; - - p = data->data; - for(i = 0; i < data->length; i++) - if(!isalnum((unsigned char)p[i]) && p[i] != '.'){ - printable = 0; - break; - } - if(printable) - return append_string(context, sp, "\"%.*s\"", - data->length, data->data); - hex_encode(data->data, data->length, &p); - append_string(context, sp, "%s", p); - free(p); - return 0; -} - -static char * -time2str(time_t t) -{ - static char buf[128]; - strftime(buf, sizeof(buf), "%Y%m%d%H%M%S", gmtime(&t)); - return buf; -} - -static krb5_error_code -append_event(krb5_context context, krb5_storage *sp, Event *ev) -{ - char *pr = NULL; - krb5_error_code ret; - if(ev == NULL) - return append_string(context, sp, "- "); - if (ev->principal != NULL) { - ret = krb5_unparse_name(context, ev->principal, &pr); - if(ret) - return ret; - } - ret = append_string(context, sp, "%s:%s ", - time2str(ev->time), pr ? pr : "UNKNOWN"); - free(pr); - return ret; -} - -static krb5_error_code -entry2string_int (krb5_context context, krb5_storage *sp, hdb_entry *ent) -{ - char *p; - int i; - krb5_error_code ret; - - /* --- principal */ - ret = krb5_unparse_name(context, ent->principal, &p); - if(ret) - return ret; - append_string(context, sp, "%s ", p); - free(p); - /* --- kvno */ - append_string(context, sp, "%d", ent->kvno); - /* --- keys */ - for(i = 0; i < ent->keys.len; i++){ - /* --- mkvno, keytype */ - if(ent->keys.val[i].mkvno) - append_string(context, sp, ":%d:%d:", - *ent->keys.val[i].mkvno, - ent->keys.val[i].key.keytype); - else - append_string(context, sp, "::%d:", - ent->keys.val[i].key.keytype); - /* --- keydata */ - append_hex(context, sp, &ent->keys.val[i].key.keyvalue); - append_string(context, sp, ":"); - /* --- salt */ - if(ent->keys.val[i].salt){ - append_string(context, sp, "%u/", ent->keys.val[i].salt->type); - append_hex(context, sp, &ent->keys.val[i].salt->salt); - }else - append_string(context, sp, "-"); - } - append_string(context, sp, " "); - /* --- created by */ - append_event(context, sp, &ent->created_by); - /* --- modified by */ - append_event(context, sp, ent->modified_by); - - /* --- valid start */ - if(ent->valid_start) - append_string(context, sp, "%s ", time2str(*ent->valid_start)); - else - append_string(context, sp, "- "); - - /* --- valid end */ - if(ent->valid_end) - append_string(context, sp, "%s ", time2str(*ent->valid_end)); - else - append_string(context, sp, "- "); - - /* --- password ends */ - if(ent->pw_end) - append_string(context, sp, "%s ", time2str(*ent->pw_end)); - else - append_string(context, sp, "- "); - - /* --- max life */ - if(ent->max_life) - append_string(context, sp, "%d ", *ent->max_life); - else - append_string(context, sp, "- "); - - /* --- max renewable life */ - if(ent->max_renew) - append_string(context, sp, "%d ", *ent->max_renew); - else - append_string(context, sp, "- "); - - /* --- flags */ - append_string(context, sp, "%d ", HDBFlags2int(ent->flags)); - - /* --- generation number */ - if(ent->generation) { - append_string(context, sp, "%s:%d:%d ", time2str(ent->generation->time), - ent->generation->usec, - ent->generation->gen); - } else - append_string(context, sp, "- "); - - /* --- extensions */ - if(ent->extensions && ent->extensions->len > 0) { - for(i = 0; i < ent->extensions->len; i++) { - void *d; - size_t size, sz; - - ASN1_MALLOC_ENCODE(HDB_extension, d, size, - &ent->extensions->val[i], &sz, ret); - if (ret) { - krb5_clear_error_string(context); - return ret; - } - if(size != sz) - krb5_abortx(context, "internal asn.1 encoder error"); - - if (hex_encode(d, size, &p) < 0) { - free(d); - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - - free(d); - append_string(context, sp, "%s%s", p, - ent->extensions->len - 1 != i ? ":" : ""); - free(p); - } - } else - append_string(context, sp, "-"); - - - return 0; -} - -krb5_error_code -hdb_entry2string (krb5_context context, hdb_entry *ent, char **str) -{ - krb5_error_code ret; - krb5_data data; - krb5_storage *sp; - - sp = krb5_storage_emem(); - if(sp == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - - ret = entry2string_int(context, sp, ent); - if(ret) { - krb5_storage_free(sp); - return ret; - } - - krb5_storage_write(sp, "\0", 1); - krb5_storage_to_data(sp, &data); - krb5_storage_free(sp); - *str = data.data; - return 0; -} - -/* print a hdb_entry to (FILE*)data; suitable for hdb_foreach */ - -krb5_error_code -hdb_print_entry(krb5_context context, HDB *db, hdb_entry_ex *entry, void *data) -{ - krb5_error_code ret; - krb5_storage *sp; - - FILE *f = data; - - fflush(f); - sp = krb5_storage_from_fd(fileno(f)); - if(sp == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - - ret = entry2string_int(context, sp, &entry->entry); - if(ret) { - krb5_storage_free(sp); - return ret; - } - - krb5_storage_write(sp, "\n", 1); - krb5_storage_free(sp); - return 0; -} diff --git a/crypto/heimdal/lib/hdb/test_dbinfo.c b/crypto/heimdal/lib/hdb/test_dbinfo.c deleted file mode 100644 index d92a538..0000000 --- a/crypto/heimdal/lib/hdb/test_dbinfo.c +++ /dev/null @@ -1,91 +0,0 @@ -/* - * Copyright (c) 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "hdb_locl.h" -#include <getarg.h> - -RCSID("$Id: test_dbinfo.c 20575 2007-04-27 20:20:32Z lha $"); - -static int help_flag; -static int version_flag; - -struct getargs args[] = { - { "help", 'h', arg_flag, &help_flag }, - { "version", 0, arg_flag, &version_flag } -}; - -static int num_args = sizeof(args) / sizeof(args[0]); - -int -main(int argc, char **argv) -{ - struct hdb_dbinfo *info, *d; - krb5_context context; - int ret, o = 0; - - setprogname(argv[0]); - - if(getarg(args, num_args, argc, argv, &o)) - krb5_std_usage(1, args, num_args); - - if(help_flag) - krb5_std_usage(0, args, num_args); - - if(version_flag){ - print_version(NULL); - exit(0); - } - - ret = krb5_init_context(&context); - if (ret) - errx (1, "krb5_init_context failed: %d", ret); - - ret = hdb_get_dbinfo(context, &info); - if (ret) - krb5_err(context, 1, ret, "hdb_get_dbinfo"); - - d = NULL; - while ((d = hdb_dbinfo_get_next(info, d)) != NULL) { - printf("label: %s\n", hdb_dbinfo_get_label(context, d)); - printf("\trealm: %s\n", hdb_dbinfo_get_realm(context, d)); - printf("\tdbname: %s\n", hdb_dbinfo_get_dbname(context, d)); - printf("\tmkey_file: %s\n", hdb_dbinfo_get_mkey_file(context, d)); - printf("\tacl_file: %s\n", hdb_dbinfo_get_acl_file(context, d)); - } - - hdb_free_dbinfo(context, &info); - - krb5_free_context(context); - - return 0; -} |
