diff options
Diffstat (limited to 'crypto/heimdal/lib/krb5')
-rw-r--r-- | crypto/heimdal/lib/krb5/Makefile.am | 4 | ||||
-rw-r--r-- | crypto/heimdal/lib/krb5/Makefile.in | 4 | ||||
-rw-r--r-- | crypto/heimdal/lib/krb5/changepw.c | 25 | ||||
-rw-r--r-- | crypto/heimdal/lib/krb5/context.c | 8 | ||||
-rw-r--r-- | crypto/heimdal/lib/krb5/krb5-protos.h | 9 | ||||
-rw-r--r-- | crypto/heimdal/lib/krb5/krb5_err.et | 8 | ||||
-rw-r--r-- | crypto/heimdal/lib/krb5/rd_req.c | 26 | ||||
-rw-r--r-- | crypto/heimdal/lib/krb5/transited.c | 31 |
8 files changed, 78 insertions, 37 deletions
diff --git a/crypto/heimdal/lib/krb5/Makefile.am b/crypto/heimdal/lib/krb5/Makefile.am index ab2182c..a5f60c0 100644 --- a/crypto/heimdal/lib/krb5/Makefile.am +++ b/crypto/heimdal/lib/krb5/Makefile.am @@ -1,4 +1,4 @@ -# $Id: Makefile.am,v 1.96 2000/02/07 03:26:21 assar Exp $ +# $Id: Makefile.am,v 1.97 2000/02/13 20:35:49 assar Exp $ include $(top_srcdir)/Makefile.am.common @@ -119,7 +119,7 @@ libkrb5_la_SOURCES = \ EXTRA_libkrb5_la_SOURCES = keytab_krb4.c -libkrb5_la_LDFLAGS = -version-info 8:0:0 +libkrb5_la_LDFLAGS = -version-info 9:0:0 $(libkrb5_la_OBJECTS): $(srcdir)/krb5-protos.h $(srcdir)/krb5-private.h diff --git a/crypto/heimdal/lib/krb5/Makefile.in b/crypto/heimdal/lib/krb5/Makefile.in index 33429d4..da4a0fb 100644 --- a/crypto/heimdal/lib/krb5/Makefile.in +++ b/crypto/heimdal/lib/krb5/Makefile.in @@ -10,7 +10,7 @@ # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. -# $Id: Makefile.am,v 1.96 2000/02/07 03:26:21 assar Exp $ +# $Id: Makefile.am,v 1.97 2000/02/13 20:35:49 assar Exp $ # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $ @@ -195,7 +195,7 @@ libkrb5_la_SOURCES = add_et_list.c addr_families.c address.c aname_to_local EXTRA_libkrb5_la_SOURCES = keytab_krb4.c -libkrb5_la_LDFLAGS = -version-info 8:0:0 +libkrb5_la_LDFLAGS = -version-info 9:0:0 libkrb5_la_LIBADD = ../com_err/error.lo ../com_err/com_err.lo diff --git a/crypto/heimdal/lib/krb5/changepw.c b/crypto/heimdal/lib/krb5/changepw.c index fd94440..56c89a0 100644 --- a/crypto/heimdal/lib/krb5/changepw.c +++ b/crypto/heimdal/lib/krb5/changepw.c @@ -33,21 +33,17 @@ #include <krb5_locl.h> -RCSID("$Id: changepw.c,v 1.19 1999/12/11 23:14:51 assar Exp $"); +RCSID("$Id: changepw.c,v 1.20 2000/02/07 13:40:18 joda Exp $"); static krb5_error_code get_kdc_address (krb5_context context, krb5_realm realm, struct addrinfo **ai) { - struct addrinfo hints; krb5_error_code ret; char **hostlist; int port = 0; - char portstr[NI_MAXSERV]; int error; - char *host; - char *dot; ret = krb5_get_krb_changepw_hst (context, &realm, @@ -55,24 +51,9 @@ get_kdc_address (krb5_context context, if (ret) return ret; - host = *hostlist; + port = ntohs(krb5_getportbyname (context, "kpasswd", "udp", KPASSWD_PORT)); + error = roken_getaddrinfo_hostspec(*hostlist, port, ai); - dot = strchr (host, ':'); - if (dot != NULL) { - char *end; - - *dot++ = '\0'; - port = strtol (dot, &end, 0); - } - if (port == 0) - port = krb5_getportbyname (context, "kpasswd", "udp", KPASSWD_PORT); - snprintf (portstr, sizeof(portstr), "%u", ntohs(port)); - - memset (&hints, 0, sizeof(hints)); - hints.ai_socktype = SOCK_DGRAM; - hints.ai_protocol = IPPROTO_UDP; - - error = getaddrinfo (host, portstr, &hints, ai); krb5_free_krbhst (context, hostlist); return error; } diff --git a/crypto/heimdal/lib/krb5/context.c b/crypto/heimdal/lib/krb5/context.c index 1a7e941..fb3fb61 100644 --- a/crypto/heimdal/lib/krb5/context.c +++ b/crypto/heimdal/lib/krb5/context.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: context.c,v 1.52 2000/02/04 17:10:26 joda Exp $"); +RCSID("$Id: context.c,v 1.53 2000/02/11 17:43:43 assar Exp $"); #define INIT_FIELD(C, T, E, D, F) \ (C)->E = krb5_config_get_ ## T ## _default ((C), NULL, (D), \ @@ -318,7 +318,7 @@ krb5_add_extra_addresses(krb5_context context, krb5_addresses *addresses) } krb5_error_code -krb5_set_extra_addresses(krb5_context context, krb5_addresses *addresses) +krb5_set_extra_addresses(krb5_context context, const krb5_addresses *addresses) { if(context->extra_addresses) { krb5_free_addresses(context, context->extra_addresses); @@ -329,7 +329,7 @@ krb5_set_extra_addresses(krb5_context context, krb5_addresses *addresses) if(context->extra_addresses == NULL) return ENOMEM; } - return copy_HostAddresses(addresses, context->extra_addresses); + return krb5_copy_addresses(context, addresses, context->extra_addresses); } krb5_error_code diff --git a/crypto/heimdal/lib/krb5/krb5-protos.h b/crypto/heimdal/lib/krb5/krb5-protos.h index 1b0abdb..59402a7 100644 --- a/crypto/heimdal/lib/krb5/krb5-protos.h +++ b/crypto/heimdal/lib/krb5/krb5-protos.h @@ -449,6 +449,13 @@ krb5_change_password __P(( krb5_data *result_code_string, krb5_data *result_string)); +krb5_error_code +krb5_check_transited_realms __P(( + krb5_context context, + const char *const *realms, + int num_realms, + int *bad_realm)); + krb5_boolean krb5_checksum_is_collision_proof __P(( krb5_context context, @@ -1948,7 +1955,7 @@ krb5_set_default_realm __P(( krb5_error_code krb5_set_extra_addresses __P(( krb5_context context, - krb5_addresses *addresses)); + const krb5_addresses *addresses)); krb5_error_code krb5_set_fcache_version __P(( diff --git a/crypto/heimdal/lib/krb5/krb5_err.et b/crypto/heimdal/lib/krb5/krb5_err.et index e8779df..895ae66 100644 --- a/crypto/heimdal/lib/krb5/krb5_err.et +++ b/crypto/heimdal/lib/krb5/krb5_err.et @@ -3,7 +3,7 @@ # # This might look like a com_err file, but is not # -id "$Id: krb5_err.et,v 1.7 1999/02/11 21:03:40 joda Exp $" +id "$Id: krb5_err.et,v 1.8 2000/02/07 12:54:17 joda Exp $" error_table krb5 @@ -51,7 +51,7 @@ error_code ERR_BADVERSION, "Protocol version mismatch" error_code ERR_MSG_TYPE, "Invalid message type" error_code ERR_MODIFIED, "Message stream modified" error_code ERR_BADORDER, "Message out of order" -error_code ERR_ILL_CR_TKT, "Illegal cross-realm ticket" +error_code ERR_ILL_CR_TKT, "Invalid cross-realm ticket" error_code ERR_BADKEYVER, "Key version is not available" error_code ERR_NOKEY, "Service key not available" error_code ERR_MUT_FAIL, "Mutual authentication failed" @@ -71,14 +71,14 @@ error_code FIELD_TOOLONG, "Field is too long for this implementation" # 62-127 are reserved index 128 prefix -error_code KRB5_ERR_RCSID, "$Id: krb5_err.et,v 1.7 1999/02/11 21:03:40 joda Exp $" +error_code KRB5_ERR_RCSID, "$Id: krb5_err.et,v 1.8 2000/02/07 12:54:17 joda Exp $" error_code KRB5_LIBOS_BADLOCKFLAG, "Invalid flag for file lock mode" error_code KRB5_LIBOS_CANTREADPWD, "Cannot read password" error_code KRB5_LIBOS_BADPWDMATCH, "Password mismatch" error_code KRB5_LIBOS_PWDINTR, "Password read interrupted" -error_code KRB5_PARSE_ILLCHAR, "Illegal character in component name" +error_code KRB5_PARSE_ILLCHAR, "Invalid character in component name" error_code KRB5_PARSE_MALFORMED, "Malformed representation of principal" error_code KRB5_CONFIG_CANTOPEN, "Can't open/find configuration file" diff --git a/crypto/heimdal/lib/krb5/rd_req.c b/crypto/heimdal/lib/krb5/rd_req.c index 236ecb4..bcf4ecf 100644 --- a/crypto/heimdal/lib/krb5/rd_req.c +++ b/crypto/heimdal/lib/krb5/rd_req.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: rd_req.c,v 1.40 2000/02/06 05:20:31 assar Exp $"); +RCSID("$Id: rd_req.c,v 1.41 2000/02/07 13:31:55 joda Exp $"); static krb5_error_code decrypt_tkt_enc_part (krb5_context context, @@ -188,6 +188,30 @@ out: return ret; } +#if 0 +static krb5_error_code +check_transited(krb5_context context, + krb5_ticket *ticket) +{ + char **realms; + int num_realms; + krb5_error_code ret; + + if(ticket->ticket.transited.tr_type != DOMAIN_X500_COMPRESS) + return KRB5KDC_ERR_TRTYPE_NOSUPP; + + ret = krb5_domain_x500_decode(ticket->ticket.transited.contents, + &realms, &num_realms, + ticket->client->realm, + ticket->server->realm); + if(ret) + return ret; + ret = krb5_check_transited_realms(context, realms, num_realms, NULL); + free(realms); + return ret; +} +#endif + krb5_error_code krb5_verify_ap_req(krb5_context context, krb5_auth_context *auth_context, diff --git a/crypto/heimdal/lib/krb5/transited.c b/crypto/heimdal/lib/krb5/transited.c index 2295551..1faf378 100644 --- a/crypto/heimdal/lib/krb5/transited.c +++ b/crypto/heimdal/lib/krb5/transited.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: transited.c,v 1.6 2000/02/07 03:19:43 assar Exp $"); +RCSID("$Id: transited.c,v 1.7 2000/02/07 13:30:41 joda Exp $"); /* this is an attempt at one of the most horrible `compression' schemes that has ever been invented; it's so amazingly brain-dead @@ -363,6 +363,35 @@ krb5_domain_x500_encode(char **realms, int num_realms, krb5_data *encoding) return 0; } +krb5_error_code +krb5_check_transited_realms(krb5_context context, + const char *const *realms, + int num_realms, + int *bad_realm) +{ + int i; + int ret = 0; + char **bad_realms = krb5_config_get_strings(context, NULL, + "libdefaults", + "transited_realms_reject", + NULL); + if(bad_realms == NULL) + return 0; + + for(i = 0; i < num_realms; i++) { + char **p; + for(p = bad_realms; *p; p++) + if(strcmp(*p, realms[i]) == 0) { + ret = KRB5KRB_AP_ERR_ILL_CR_TKT; + if(bad_realm) + *bad_realm = i; + break; + } + } + krb5_config_free_strings(bad_realms); + return ret; +} + #if 0 int main(int argc, char **argv) |