From fa8b1a96d3a4e7cb6123f48b6c27b717a5ed86fe Mon Sep 17 00:00:00 2001 From: markm Date: Thu, 24 Feb 2000 11:07:16 +0000 Subject: Vendor import of Heimdal 0.2n --- crypto/heimdal/lib/krb5/Makefile.am | 4 +- crypto/heimdal/lib/krb5/Makefile.in | 4 +- crypto/heimdal/lib/krb5/context.c | 4 +- crypto/heimdal/lib/krb5/crypto.c | 131 ++++++++++++++++-------------- crypto/heimdal/lib/krb5/expand_hostname.c | 42 +++++++++- crypto/heimdal/lib/krb5/get_in_tkt.c | 6 +- crypto/heimdal/lib/krb5/init_creds_pw.c | 10 +-- crypto/heimdal/lib/krb5/keytab.c | 8 +- crypto/heimdal/lib/krb5/keytab_memory.c | 6 +- crypto/heimdal/lib/krb5/krb5-protos.h | 13 ++- crypto/heimdal/lib/krb5/krb5.h | 12 ++- crypto/heimdal/lib/krb5/mk_req.c | 50 ++++++------ crypto/heimdal/lib/krb5/principal.c | 47 ++++++----- crypto/heimdal/lib/krb5/rd_cred.c | 6 +- crypto/heimdal/lib/krb5/rd_priv.c | 18 ++-- crypto/heimdal/lib/krb5/rd_req.c | 14 ++-- crypto/heimdal/lib/krb5/rd_safe.c | 6 +- crypto/heimdal/lib/krb5/replay.c | 19 +++-- crypto/heimdal/lib/krb5/time.c | 14 +++- crypto/heimdal/lib/krb5/transited.c | 10 +-- crypto/heimdal/lib/krb5/verify_init.c | 12 +-- 21 files changed, 252 insertions(+), 184 deletions(-) (limited to 'crypto/heimdal/lib/krb5') diff --git a/crypto/heimdal/lib/krb5/Makefile.am b/crypto/heimdal/lib/krb5/Makefile.am index 17551cb..ab2182c 100644 --- a/crypto/heimdal/lib/krb5/Makefile.am +++ b/crypto/heimdal/lib/krb5/Makefile.am @@ -1,4 +1,4 @@ -# $Id: Makefile.am,v 1.95 2000/01/08 17:03:51 assar Exp $ +# $Id: Makefile.am,v 1.96 2000/02/07 03:26:21 assar Exp $ include $(top_srcdir)/Makefile.am.common @@ -119,7 +119,7 @@ libkrb5_la_SOURCES = \ EXTRA_libkrb5_la_SOURCES = keytab_krb4.c -libkrb5_la_LDFLAGS = -version-info 7:1:0 +libkrb5_la_LDFLAGS = -version-info 8:0:0 $(libkrb5_la_OBJECTS): $(srcdir)/krb5-protos.h $(srcdir)/krb5-private.h diff --git a/crypto/heimdal/lib/krb5/Makefile.in b/crypto/heimdal/lib/krb5/Makefile.in index 6f3652e..33429d4 100644 --- a/crypto/heimdal/lib/krb5/Makefile.in +++ b/crypto/heimdal/lib/krb5/Makefile.in @@ -10,7 +10,7 @@ # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. -# $Id: Makefile.am,v 1.95 2000/01/08 17:03:51 assar Exp $ +# $Id: Makefile.am,v 1.96 2000/02/07 03:26:21 assar Exp $ # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $ @@ -195,7 +195,7 @@ libkrb5_la_SOURCES = add_et_list.c addr_families.c address.c aname_to_local EXTRA_libkrb5_la_SOURCES = keytab_krb4.c -libkrb5_la_LDFLAGS = -version-info 7:1:0 +libkrb5_la_LDFLAGS = -version-info 8:0:0 libkrb5_la_LIBADD = ../com_err/error.lo ../com_err/com_err.lo diff --git a/crypto/heimdal/lib/krb5/context.c b/crypto/heimdal/lib/krb5/context.c index cf25f7b..1a7e941 100644 --- a/crypto/heimdal/lib/krb5/context.c +++ b/crypto/heimdal/lib/krb5/context.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: context.c,v 1.51 1999/12/02 17:05:08 joda Exp $"); +RCSID("$Id: context.c,v 1.52 2000/02/04 17:10:26 joda Exp $"); #define INIT_FIELD(C, T, E, D, F) \ (C)->E = krb5_config_get_ ## T ## _default ((C), NULL, (D), \ @@ -106,7 +106,7 @@ init_context_from_config_file(krb5_context context) context->time_fmt = krb5_config_get_string(context, NULL, "libdefaults", "time_format", NULL); if(context->time_fmt == NULL) - context->time_fmt = "%d-%b-%Y %H:%M:%S"; + context->time_fmt = "%Y-%m-%dT%H:%M:%S"; context->log_utc = krb5_config_get_bool(context, NULL, "libdefaults", "log_utc", NULL); diff --git a/crypto/heimdal/lib/krb5/crypto.c b/crypto/heimdal/lib/krb5/crypto.c index b6db6ce..aef45b1 100644 --- a/crypto/heimdal/lib/krb5/crypto.c +++ b/crypto/heimdal/lib/krb5/crypto.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: crypto.c,v 1.28 2000/01/06 20:21:13 assar Exp $"); +RCSID("$Id: crypto.c,v 1.29 2000/01/25 23:06:55 assar Exp $"); #undef CRYPTO_DEBUG #ifdef CRYPTO_DEBUG @@ -228,12 +228,14 @@ DES_AFS3_Transarc_string_to_key (krb5_data pw, memcpy(&temp_key, "kerberos", 8); des_set_odd_parity (&temp_key); des_set_key (&temp_key, schedule); - des_cbc_cksum ((des_cblock *)password, &ivec, passlen, schedule, &ivec); + des_cbc_cksum ((const void *)password, &ivec, passlen, + schedule, &ivec); memcpy(&temp_key, &ivec, 8); des_set_odd_parity (&temp_key); des_set_key (&temp_key, schedule); - des_cbc_cksum ((des_cblock *)password, key, passlen, schedule, &ivec); + des_cbc_cksum ((const void *)password, key, passlen, + schedule, &ivec); memset(&schedule, 0, sizeof(schedule)); memset(&temp_key, 0, sizeof(temp_key)); memset(&ivec, 0, sizeof(ivec)); @@ -337,7 +339,8 @@ DES3_string_to_key(krb5_context context, des_set_key(keys + i, s[i]); } memset(&ivec, 0, sizeof(ivec)); - des_ede3_cbc_encrypt((void*)tmp, (void*)tmp, sizeof(tmp), + des_ede3_cbc_encrypt((const void *)tmp, + (void *)tmp, sizeof(tmp), s[0], s[1], s[2], &ivec, DES_ENCRYPT); memset(s, 0, sizeof(s)); memset(&ivec, 0, sizeof(ivec)); @@ -411,7 +414,7 @@ ARCFOUR_string_to_key(krb5_context context, char *s, *p; size_t len; int i; - struct md4 m; + MD4_CTX m; len = 2 * (password.length + salt.saltvalue.length); s = malloc (len); @@ -425,11 +428,11 @@ ARCFOUR_string_to_key(krb5_context context, *p++ = ((char *)salt.saltvalue.data)[i]; *p++ = 0; } - md4_init(&m); - md4_update(&m, s, len); + MD4Init (&m); + MD4Update (&m, s, len); key->keytype = enctype; krb5_data_alloc (&key->keyvalue, 16); - md4_finito(&m, key->keyvalue.data); + MD4Final (key->keyvalue.data, &m); memset (s, 0, len); free (s); return 0; @@ -806,10 +809,11 @@ RSA_MD4_checksum(krb5_context context, size_t len, Checksum *C) { - struct md4 m; - md4_init(&m); - md4_update(&m, data, len); - md4_finito(&m, C->checksum.data); + MD4_CTX m; + + MD4Init (&m); + MD4Update (&m, data, len); + MD4Final (C->checksum.data, &m); } static void @@ -819,18 +823,18 @@ RSA_MD4_DES_checksum(krb5_context context, size_t len, Checksum *cksum) { - struct md4 md4; + MD4_CTX md4; des_cblock ivec; unsigned char *p = cksum->checksum.data; krb5_generate_random_block(p, 8); - md4_init(&md4); - md4_update(&md4, p, 8); - md4_update(&md4, data, len); - md4_finito(&md4, p + 8); + MD4Init (&md4); + MD4Update (&md4, p, 8); + MD4Update (&md4, data, len); + MD4Final (p + 8, &md4); memset (&ivec, 0, sizeof(ivec)); - des_cbc_encrypt((des_cblock*)p, - (des_cblock*)p, + des_cbc_encrypt((const void *)p, + (void *)p, 24, key->schedule->data, &ivec, @@ -844,23 +848,23 @@ RSA_MD4_DES_verify(krb5_context context, size_t len, Checksum *C) { - struct md4 md4; + MD4_CTX md4; unsigned char tmp[24]; unsigned char res[16]; des_cblock ivec; krb5_error_code ret = 0; memset(&ivec, 0, sizeof(ivec)); - des_cbc_encrypt(C->checksum.data, + des_cbc_encrypt(C->checksum.data, (void*)tmp, C->checksum.length, key->schedule->data, &ivec, DES_DECRYPT); - md4_init(&md4); - md4_update(&md4, tmp, 8); /* confounder */ - md4_update(&md4, data, len); - md4_finito(&md4, res); + MD4Init (&md4); + MD4Update (&md4, tmp, 8); /* confounder */ + MD4Update (&md4, data, len); + MD4Final (res, &md4); if(memcmp(res, tmp + 8, sizeof(res)) != 0) ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; memset(tmp, 0, sizeof(tmp)); @@ -875,10 +879,11 @@ RSA_MD5_checksum(krb5_context context, size_t len, Checksum *C) { - struct md5 m; - md5_init(&m); - md5_update(&m, data, len); - md5_finito(&m, C->checksum.data); + MD5_CTX m; + + MD5Init (&m); + MD5Update(&m, data, len); + MD5Final (C->checksum.data, &m); } static void @@ -888,18 +893,18 @@ RSA_MD5_DES_checksum(krb5_context context, size_t len, Checksum *C) { - struct md5 md5; + MD5_CTX md5; des_cblock ivec; unsigned char *p = C->checksum.data; krb5_generate_random_block(p, 8); - md5_init(&md5); - md5_update(&md5, p, 8); - md5_update(&md5, data, len); - md5_finito(&md5, p + 8); + MD5Init (&md5); + MD5Update (&md5, p, 8); + MD5Update (&md5, data, len); + MD5Final (p + 8, &md5); memset (&ivec, 0, sizeof(ivec)); - des_cbc_encrypt((des_cblock*)p, - (des_cblock*)p, + des_cbc_encrypt((const void *)p, + (void *)p, 24, key->schedule->data, &ivec, @@ -913,7 +918,7 @@ RSA_MD5_DES_verify(krb5_context context, size_t len, Checksum *C) { - struct md5 md5; + MD5_CTX md5; unsigned char tmp[24]; unsigned char res[16]; des_cblock ivec; @@ -927,10 +932,10 @@ RSA_MD5_DES_verify(krb5_context context, sched[0], &ivec, DES_DECRYPT); - md5_init(&md5); - md5_update(&md5, tmp, 8); /* confounder */ - md5_update(&md5, data, len); - md5_finito(&md5, res); + MD5Init (&md5); + MD5Update (&md5, tmp, 8); /* confounder */ + MD5Update (&md5, data, len); + MD5Final (res, &md5); if(memcmp(res, tmp + 8, sizeof(res)) != 0) ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; memset(tmp, 0, sizeof(tmp)); @@ -945,19 +950,19 @@ RSA_MD5_DES3_checksum(krb5_context context, size_t len, Checksum *C) { - struct md5 md5; + MD5_CTX md5; des_cblock ivec; unsigned char *p = C->checksum.data; des_key_schedule *sched = key->schedule->data; krb5_generate_random_block(p, 8); - md5_init(&md5); - md5_update(&md5, p, 8); - md5_update(&md5, data, len); - md5_finito(&md5, p + 8); + MD5Init (&md5); + MD5Update (&md5, p, 8); + MD5Update (&md5, data, len); + MD5Final (p + 8, &md5); memset (&ivec, 0, sizeof(ivec)); - des_ede3_cbc_encrypt((des_cblock*)p, - (des_cblock*)p, + des_ede3_cbc_encrypt((const void *)p, + (void *)p, 24, sched[0], sched[1], sched[2], &ivec, @@ -971,7 +976,7 @@ RSA_MD5_DES3_verify(krb5_context context, size_t len, Checksum *C) { - struct md5 md5; + MD5_CTX md5; unsigned char tmp[24]; unsigned char res[16]; des_cblock ivec; @@ -985,10 +990,10 @@ RSA_MD5_DES3_verify(krb5_context context, sched[0], sched[1], sched[2], &ivec, DES_DECRYPT); - md5_init(&md5); - md5_update(&md5, tmp, 8); /* confounder */ - md5_update(&md5, data, len); - md5_finito(&md5, res); + MD5Init (&md5); + MD5Update (&md5, tmp, 8); /* confounder */ + MD5Update (&md5, data, len); + MD5Final (res, &md5); if(memcmp(res, tmp + 8, sizeof(res)) != 0) ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; memset(tmp, 0, sizeof(tmp)); @@ -1003,10 +1008,11 @@ SHA1_checksum(krb5_context context, size_t len, Checksum *C) { - struct sha m; - sha_init(&m); - sha_update(&m, data, len); - sha_finito(&m, C->checksum.data); + SHA1_CTX m; + + SHA1Init(&m); + SHA1Update(&m, data, len); + SHA1Final(C->checksum.data, &m); } /* HMAC according to RFC2104 */ @@ -2284,11 +2290,12 @@ krb5_get_keyid(krb5_context context, krb5_keyblock *key, u_int32_t *keyid) { - struct md5 md5; + MD5_CTX md5; unsigned char tmp[16]; - md5_init(&md5); - md5_update(&md5, key->keyvalue.data, key->keyvalue.length); - md5_finito(&md5, tmp); + + MD5Init (&md5); + MD5Update (&md5, key->keyvalue.data, key->keyvalue.length); + MD5Final (tmp, &md5); *keyid = (tmp[12] << 24) | (tmp[13] << 16) | (tmp[14] << 8) | tmp[15]; return 0; } diff --git a/crypto/heimdal/lib/krb5/expand_hostname.c b/crypto/heimdal/lib/krb5/expand_hostname.c index 698b300..48e9709 100644 --- a/crypto/heimdal/lib/krb5/expand_hostname.c +++ b/crypto/heimdal/lib/krb5/expand_hostname.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: expand_hostname.c,v 1.5 2000/01/08 08:07:18 assar Exp $"); +RCSID("$Id: expand_hostname.c,v 1.7 2000/02/02 04:42:57 assar Exp $"); static krb5_error_code copy_hostname(krb5_context context, @@ -43,6 +43,7 @@ copy_hostname(krb5_context context, *new_hostname = strdup (orig_hostname); if (*new_hostname == NULL) return ENOMEM; + strlwr (*new_hostname); return 0; } @@ -78,3 +79,42 @@ krb5_expand_hostname (krb5_context context, freeaddrinfo (ai); return copy_hostname (context, orig_hostname, new_hostname); } + +/* + * expand `hostname' to a name we believe to be a hostname in newly + * allocated space in `host' and return realms in `realms'. + */ + +krb5_error_code +krb5_expand_hostname_realms (krb5_context context, + const char *orig_hostname, + char **new_hostname, + char ***realms) +{ + struct addrinfo *ai, *a, hints; + int error; + krb5_error_code ret = 0; + + memset (&hints, 0, sizeof(hints)); + hints.ai_flags = AI_CANONNAME; + + error = getaddrinfo (orig_hostname, NULL, &hints, &ai); + if (error) + return copy_hostname (context, orig_hostname, new_hostname); + for (a = ai; a != NULL; a = a->ai_next) { + if (a->ai_canonname != NULL) { + ret = copy_hostname (context, orig_hostname, new_hostname); + if (ret) + goto out; + strlwr (*new_hostname); + ret = krb5_get_host_realm (context, *new_hostname, realms); + if (ret == 0) + goto out; + free (*new_hostname); + } + } + ret = copy_hostname (context, orig_hostname, new_hostname); + out: + freeaddrinfo (ai); + return ret; +} diff --git a/crypto/heimdal/lib/krb5/get_in_tkt.c b/crypto/heimdal/lib/krb5/get_in_tkt.c index f65af47..e043d1d 100644 --- a/crypto/heimdal/lib/krb5/get_in_tkt.c +++ b/crypto/heimdal/lib/krb5/get_in_tkt.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: get_in_tkt.c,v 1.93 2000/01/06 20:36:28 assar Exp $"); +RCSID("$Id: get_in_tkt.c,v 1.94 2000/02/06 05:18:20 assar Exp $"); krb5_error_code krb5_init_etype (krb5_context context, @@ -131,7 +131,7 @@ _krb5_extract_ticket(krb5_context context, krb5_principal tmp_principal; int tmp; time_t tmp_time; - int32_t sec_now; + krb5_timestamp sec_now; /* compare client */ diff --git a/crypto/heimdal/lib/krb5/init_creds_pw.c b/crypto/heimdal/lib/krb5/init_creds_pw.c index 84b295f..3caf939 100644 --- a/crypto/heimdal/lib/krb5/init_creds_pw.c +++ b/crypto/heimdal/lib/krb5/init_creds_pw.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: init_creds_pw.c,v 1.36 1999/12/02 17:05:10 joda Exp $"); +RCSID("$Id: init_creds_pw.c,v 1.38 2000/02/07 03:17:20 assar Exp $"); static int get_config_time (krb5_context context, @@ -88,7 +88,7 @@ init_cred (krb5_context context, krb5_error_code ret; krb5_realm *client_realm; int tmp; - int32_t now; + krb5_timestamp now; krb5_timeofday (context, &now); @@ -164,7 +164,7 @@ print_expire (krb5_context context, { int i; LastReq *lr = &rep->enc_part.last_req; - int32_t sec; + krb5_timestamp sec; time_t t; krb5_timeofday (context, &sec); @@ -353,7 +353,7 @@ change_password (krb5_context context, ret = (*prompter) (context, data, p, 0, NULL); free (p); if (result_code == 0) { - strncpy (newpw, buf1, newpw_sz); + strlcpy (newpw, buf1, newpw_sz); ret = 0; } else ret = ENOTTY; diff --git a/crypto/heimdal/lib/krb5/keytab.c b/crypto/heimdal/lib/krb5/keytab.c index af853a4..36ef2f5 100644 --- a/crypto/heimdal/lib/krb5/keytab.c +++ b/crypto/heimdal/lib/krb5/keytab.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab.c,v 1.45 2000/01/02 00:31:20 assar Exp $"); +RCSID("$Id: keytab.c,v 1.46 2000/02/07 03:18:05 assar Exp $"); /* * Register a new keytab in `ops' @@ -114,8 +114,7 @@ krb5_kt_resolve(krb5_context context, krb5_error_code krb5_kt_default_name(krb5_context context, char *name, size_t namesize) { - strncpy(name, context->default_keytab, namesize); - if(strlen(context->default_keytab) >= namesize) + if (strlcpy (name, context->default_keytab, namesize) >= namesize) return KRB5_CONFIG_NOTENUFSPACE; return 0; } @@ -388,6 +387,7 @@ krb5_kt_add_entry(krb5_context context, { if(id->add == NULL) return KRB5_KT_NOWRITE; + entry->timestamp = time(NULL); return (*id->add)(context, id,entry); } diff --git a/crypto/heimdal/lib/krb5/keytab_memory.c b/crypto/heimdal/lib/krb5/keytab_memory.c index 924b4cd..9fde8d0 100644 --- a/crypto/heimdal/lib/krb5/keytab_memory.c +++ b/crypto/heimdal/lib/krb5/keytab_memory.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_memory.c,v 1.3 1999/12/02 17:05:10 joda Exp $"); +RCSID("$Id: keytab_memory.c,v 1.4 2000/02/07 03:18:39 assar Exp $"); /* memory operations -------------------------------------------- */ @@ -73,7 +73,7 @@ mkt_get_name(krb5_context context, char *name, size_t namesize) { - strncpy(name, "", namesize); + strlcpy(name, "", namesize); return 0; } diff --git a/crypto/heimdal/lib/krb5/krb5-protos.h b/crypto/heimdal/lib/krb5/krb5-protos.h index 8813c7a..1b0abdb 100644 --- a/crypto/heimdal/lib/krb5/krb5-protos.h +++ b/crypto/heimdal/lib/krb5/krb5-protos.h @@ -966,6 +966,13 @@ krb5_expand_hostname __P(( const char *orig_hostname, char **new_hostname)); +krb5_error_code +krb5_expand_hostname_realms __P(( + krb5_context context, + const char *orig_hostname, + char **new_hostname, + char ***realms)); + PA_DATA * krb5_find_padata __P(( PA_DATA *val, @@ -1617,8 +1624,8 @@ krb5_mk_req __P(( krb5_context context, krb5_auth_context *auth_context, const krb5_flags ap_req_options, - char *service, - char *hostname, + const char *service, + const char *hostname, krb5_data *in_data, krb5_ccache ccache, krb5_data *outbuf)); @@ -2157,7 +2164,7 @@ krb5_string_to_salttype __P(( krb5_error_code krb5_timeofday __P(( krb5_context context, - int32_t *timeret)); + krb5_timestamp *timeret)); krb5_error_code krb5_unparse_name __P(( diff --git a/crypto/heimdal/lib/krb5/krb5.h b/crypto/heimdal/lib/krb5/krb5.h index 11cabc6..15837e0 100644 --- a/crypto/heimdal/lib/krb5/krb5.h +++ b/crypto/heimdal/lib/krb5/krb5.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5.h,v 1.162 2000/01/02 00:19:24 assar Exp $ */ +/* $Id: krb5.h,v 1.164 2000/02/06 07:40:57 assar Exp $ */ #ifndef __KRB5_H__ #define __KRB5_H__ @@ -39,7 +39,6 @@ #include #include -#include #include #include #include @@ -83,7 +82,8 @@ typedef enum krb5_cksumtype { /* CKSUMTYPE_SHA1 = 10,*/ CKSUMTYPE_HMAC_SHA1_DES3 = 12, CKSUMTYPE_SHA1 = 1000, /* correct value? */ - CKSUMTYPE_HMAC_MD5 = -138 /* unofficial microsoft number */ + CKSUMTYPE_HMAC_MD5 = -138, /* unofficial microsoft number */ + CKSUMTYPE_HMAC_MD5_ENC = -1138 /* even more unofficial */ } krb5_cksumtype; @@ -236,6 +236,10 @@ typedef struct krb5_context_data *krb5_context; typedef Realm krb5_realm; typedef const char *krb5_const_realm; /* stupid language */ + +#define krb5_realm_length(r) strlen(r) +#define krb5_realm_data(r) (r) + typedef Principal krb5_principal_data; typedef struct Principal *krb5_principal; typedef const struct Principal *krb5_const_principal; diff --git a/crypto/heimdal/lib/krb5/mk_req.c b/crypto/heimdal/lib/krb5/mk_req.c index e92d326..55ecd46 100644 --- a/crypto/heimdal/lib/krb5/mk_req.c +++ b/crypto/heimdal/lib/krb5/mk_req.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,19 +33,19 @@ #include -RCSID("$Id: mk_req.c,v 1.18 1999/12/02 17:05:11 joda Exp $"); +RCSID("$Id: mk_req.c,v 1.20 2000/01/16 10:22:42 assar Exp $"); krb5_error_code krb5_mk_req(krb5_context context, krb5_auth_context *auth_context, const krb5_flags ap_req_options, - char *service, - char *hostname, + const char *service, + const char *hostname, krb5_data *in_data, krb5_ccache ccache, krb5_data *outbuf) { - krb5_error_code r; + krb5_error_code ret; krb5_creds this_cred, *cred; char **realms; krb5_data realm_data; @@ -53,45 +53,41 @@ krb5_mk_req(krb5_context context, memset(&this_cred, 0, sizeof(this_cred)); - r = krb5_cc_get_principal(context, ccache, &this_cred.client); + ret = krb5_cc_get_principal(context, ccache, &this_cred.client); - if(r) - return r; + if(ret) + return ret; - r = krb5_expand_hostname (context, hostname, &real_hostname); - if (r) { + ret = krb5_expand_hostname_realms (context, hostname, + &real_hostname, &realms); + if (ret) { krb5_free_principal (context, this_cred.client); - return r; + return ret; } - r = krb5_get_host_realm(context, real_hostname, &realms); - if (r) { - krb5_free_principal (context, this_cred.client); - return r; - } realm_data.length = strlen(*realms); realm_data.data = *realms; - r = krb5_build_principal (context, &this_cred.server, - strlen(*realms), - *realms, - service, - real_hostname, - NULL); + ret = krb5_build_principal (context, &this_cred.server, + strlen(*realms), + *realms, + service, + real_hostname, + NULL); free (real_hostname); krb5_free_host_realm (context, realms); - if (r) { + if (ret) { krb5_free_principal (context, this_cred.client); - return r; + return ret; } this_cred.times.endtime = 0; if (auth_context && *auth_context && (*auth_context)->keytype) this_cred.session.keytype = (*auth_context)->keytype; - r = krb5_get_credentials (context, 0, ccache, &this_cred, &cred); - if (r) - return r; + ret = krb5_get_credentials (context, 0, ccache, &this_cred, &cred); + if (ret) + return ret; return krb5_mk_req_extended (context, auth_context, diff --git a/crypto/heimdal/lib/krb5/principal.c b/crypto/heimdal/lib/krb5/principal.c index 3fd022d..2999868 100644 --- a/crypto/heimdal/lib/krb5/principal.c +++ b/crypto/heimdal/lib/krb5/principal.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -40,7 +40,7 @@ #endif #include "resolve.h" -RCSID("$Id: principal.c,v 1.57 2000/01/08 08:08:03 assar Exp $"); +RCSID("$Id: principal.c,v 1.63 2000/02/07 03:19:05 assar Exp $"); #define princ_num_comp(P) ((P)->name.name_string.len) #define princ_type(P) ((P)->name.name_type) @@ -119,7 +119,7 @@ krb5_parse_name(krb5_context context, ret = ENOMEM; goto exit; } - strncpy(comp[n], start, q - start); + memcpy(comp[n], start, q - start); comp[n][q - start] = 0; n++; } @@ -140,7 +140,7 @@ krb5_parse_name(krb5_context context, ret = ENOMEM; goto exit; } - strncpy(realm, start, q - start); + memcpy(realm, start, q - start); realm[q - start] = 0; }else{ ret = krb5_get_default_realm (context, &realm); @@ -152,7 +152,7 @@ krb5_parse_name(krb5_context context, ret = ENOMEM; goto exit; } - strncpy(comp[n], start, q - start); + memcpy(comp[n], start, q - start); comp[n][q - start] = 0; n++; } @@ -176,8 +176,8 @@ exit: return ret; } -static const char quotable_chars[] = "\n\t\b\\/@"; -static const char replace_chars[] = "ntb\\/@"; +static const char quotable_chars[] = " \n\t\b\\/@"; +static const char replace_chars[] = " ntb\\/@"; #define add_char(BASE, INDEX, LEN, C) do { if((INDEX) < (LEN)) (BASE)[(INDEX)++] = (C); }while(0); @@ -348,16 +348,19 @@ krb5_build_principal(krb5_context context, static krb5_error_code append_component(krb5_context context, krb5_principal p, - general_string comp, + const char *comp, size_t comp_len) { general_string *tmp; size_t len = princ_num_comp(p); + tmp = realloc(princ_comp(p), (len + 1) * sizeof(*tmp)); if(tmp == NULL) return ENOMEM; princ_comp(p) = tmp; princ_ncomp(p, len) = malloc(comp_len + 1); + if (princ_ncomp(p, len) == NULL) + return ENOMEM; memcpy (princ_ncomp(p, len), comp, comp_len); princ_ncomp(p, len)[comp_len] = '\0'; princ_num_comp(p)++; @@ -368,12 +371,12 @@ static void va_ext_princ(krb5_context context, krb5_principal p, va_list ap) { while(1){ - char *s; + const char *s; int len; len = va_arg(ap, int); if(len == 0) break; - s = va_arg(ap, char*); + s = va_arg(ap, const char*); append_component(context, p, s, len); } } @@ -382,8 +385,8 @@ static void va_princ(krb5_context context, krb5_principal p, va_list ap) { while(1){ - char *s; - s = va_arg(ap, char*); + const char *s; + s = va_arg(ap, const char*); if(s == NULL) break; append_component(context, p, s, strlen(s)); @@ -835,10 +838,11 @@ krb5_524_conv_principal(krb5_context context, if(type == KRB5_NT_SRV_HST){ char *p; - strncpy(tmpinst, i, sizeof(tmpinst)); - tmpinst[sizeof(tmpinst) - 1] = 0; + + strlcpy (tmpinst, i, sizeof(tmpinst)); p = strchr(tmpinst, '.'); - if(p) *p = 0; + if(p) + *p = 0; i = tmpinst; } @@ -856,8 +860,7 @@ krb5_524_conv_principal(krb5_context context, /* * Create a principal in `ret_princ' for the service `sname' running - * on host `hostname'. - */ + * on host `hostname'. */ krb5_error_code krb5_sname_to_principal (krb5_context context, @@ -879,15 +882,17 @@ krb5_sname_to_principal (krb5_context context, if(sname == NULL) sname = "host"; if(type == KRB5_NT_SRV_HST) { - ret = krb5_expand_hostname (context, hostname, &host); + ret = krb5_expand_hostname_realms (context, hostname, + &host, &realms); if (ret) return ret; strlwr(host); hostname = host; + } else { + ret = krb5_get_host_realm(context, hostname, &realms); + if(ret) + return ret; } - ret = krb5_get_host_realm(context, hostname, &realms); - if(ret) - return ret; ret = krb5_make_principal(context, ret_princ, realms[0], sname, hostname, NULL); diff --git a/crypto/heimdal/lib/krb5/rd_cred.c b/crypto/heimdal/lib/krb5/rd_cred.c index c330791..71b79b1 100644 --- a/crypto/heimdal/lib/krb5/rd_cred.c +++ b/crypto/heimdal/lib/krb5/rd_cred.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include -RCSID("$Id: rd_cred.c,v 1.8 1999/12/02 17:05:12 joda Exp $"); +RCSID("$Id: rd_cred.c,v 1.9 2000/02/06 05:19:52 assar Exp $"); krb5_error_code krb5_rd_cred (krb5_context context, @@ -122,7 +122,7 @@ krb5_rd_cred (krb5_context context, /* check timestamp */ if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) { - int32_t sec; + krb5_timestamp sec; krb5_timeofday (context, &sec); diff --git a/crypto/heimdal/lib/krb5/rd_priv.c b/crypto/heimdal/lib/krb5/rd_priv.c index 0bc8564..c4d7bea 100644 --- a/crypto/heimdal/lib/krb5/rd_priv.c +++ b/crypto/heimdal/lib/krb5/rd_priv.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include -RCSID("$Id: rd_priv.c,v 1.22 1999/12/02 17:05:12 joda Exp $"); +RCSID("$Id: rd_priv.c,v 1.23 2000/02/06 05:20:13 assar Exp $"); krb5_error_code krb5_rd_priv(krb5_context context, @@ -111,15 +111,15 @@ krb5_rd_priv(krb5_context context, /* check timestamp */ if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) { - int32_t sec; + krb5_timestamp sec; krb5_timeofday (context, &sec); - if (part.timestamp == NULL || - part.usec == NULL || - abs(*part.timestamp - sec) > context->max_skew) { - ret = KRB5KRB_AP_ERR_SKEW; - goto failure_part; - } + if (part.timestamp == NULL || + part.usec == NULL || + abs(*part.timestamp - sec) > context->max_skew) { + ret = KRB5KRB_AP_ERR_SKEW; + goto failure_part; + } } /* XXX - check replay cache */ diff --git a/crypto/heimdal/lib/krb5/rd_req.c b/crypto/heimdal/lib/krb5/rd_req.c index 9f8df1d..236ecb4 100644 --- a/crypto/heimdal/lib/krb5/rd_req.c +++ b/crypto/heimdal/lib/krb5/rd_req.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include -RCSID("$Id: rd_req.c,v 1.38 1999/12/02 17:05:12 joda Exp $"); +RCSID("$Id: rd_req.c,v 1.40 2000/02/06 05:20:31 assar Exp $"); static krb5_error_code decrypt_tkt_enc_part (krb5_context context, @@ -128,7 +128,7 @@ krb5_decrypt_ticket(krb5_context context, return ret; { - int32_t now; + krb5_timestamp now; time_t start = t.authtime; krb5_timeofday (context, &now); @@ -202,13 +202,13 @@ krb5_verify_ap_req(krb5_context context, krb5_auth_context ac; krb5_error_code ret; - if(auth_context){ + if(auth_context) { if(*auth_context == NULL){ krb5_auth_con_init(context, &ac); *auth_context = ac; }else ac = *auth_context; - }else + } else krb5_auth_con_init(context, &ac); if (ap_req->ap_options.use_session_key && ac->keyblock){ @@ -343,7 +343,7 @@ get_key_from_keytab(krb5_context context, krb5_ap_req *ap_req, krb5_const_principal server, krb5_keytab keytab, - krb5_keyblock **out) + krb5_keyblock **out_key) { krb5_keytab_entry entry; krb5_error_code ret; @@ -368,7 +368,7 @@ get_key_from_keytab(krb5_context context, &entry); if(ret) goto out; - ret = krb5_copy_keyblock(context, &entry.keyblock, out); + ret = krb5_copy_keyblock(context, &entry.keyblock, out_key); krb5_kt_free_entry (context, &entry); out: if(keytab == NULL) diff --git a/crypto/heimdal/lib/krb5/rd_safe.c b/crypto/heimdal/lib/krb5/rd_safe.c index aebf215..fb7cc2d 100644 --- a/crypto/heimdal/lib/krb5/rd_safe.c +++ b/crypto/heimdal/lib/krb5/rd_safe.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include -RCSID("$Id: rd_safe.c,v 1.18 1999/12/02 17:05:12 joda Exp $"); +RCSID("$Id: rd_safe.c,v 1.19 2000/02/06 05:20:51 assar Exp $"); static krb5_error_code verify_checksum(krb5_context context, @@ -131,7 +131,7 @@ krb5_rd_safe(krb5_context context, /* check timestamp */ if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) { - int32_t sec; + krb5_timestamp sec; krb5_timeofday (context, &sec); diff --git a/crypto/heimdal/lib/krb5/replay.c b/crypto/heimdal/lib/krb5/replay.c index 5adc3db..3ca68e8 100644 --- a/crypto/heimdal/lib/krb5/replay.c +++ b/crypto/heimdal/lib/krb5/replay.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -137,16 +137,17 @@ krb5_rc_close(krb5_context context, static void checksum_authenticator(Authenticator *auth, void *data) { - struct md5 md5; + MD5_CTX md5; int i; - md5_init(&md5); - md5_update(&md5, auth->crealm, strlen(auth->crealm)); + + MD5Init (&md5); + MD5Update (&md5, auth->crealm, strlen(auth->crealm)); for(i = 0; i < auth->cname.name_string.len; i++) - md5_update(&md5, auth->cname.name_string.val[i], - strlen(auth->cname.name_string.val[i])); - md5_update(&md5, &auth->ctime, sizeof(auth->ctime)); - md5_update(&md5, &auth->cusec, sizeof(auth->cusec)); - md5_finito(&md5, data); + MD5Update(&md5, auth->cname.name_string.val[i], + strlen(auth->cname.name_string.val[i])); + MD5Update (&md5, &auth->ctime, sizeof(auth->ctime)); + MD5Update (&md5, &auth->cusec, sizeof(auth->cusec)); + MD5Final (&md5, data); } krb5_error_code diff --git a/crypto/heimdal/lib/krb5/time.c b/crypto/heimdal/lib/krb5/time.c index 47a5f0b..e5a1185 100644 --- a/crypto/heimdal/lib/krb5/time.c +++ b/crypto/heimdal/lib/krb5/time.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,16 +33,24 @@ #include "krb5_locl.h" -RCSID("$Id: time.c,v 1.2 1999/12/02 17:05:13 joda Exp $"); +RCSID("$Id: time.c,v 1.3 2000/02/06 05:21:53 assar Exp $"); + +/* + * return ``corrected'' time in `timeret'. + */ krb5_error_code krb5_timeofday (krb5_context context, - int32_t *timeret) + krb5_timestamp *timeret) { *timeret = time(NULL) + context->kdc_sec_offset; return 0; } +/* + * like gettimeofday but with time correction to the KDC + */ + krb5_error_code krb5_us_timeofday (krb5_context context, int32_t *sec, diff --git a/crypto/heimdal/lib/krb5/transited.c b/crypto/heimdal/lib/krb5/transited.c index ed5a5b5..2295551 100644 --- a/crypto/heimdal/lib/krb5/transited.c +++ b/crypto/heimdal/lib/krb5/transited.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: transited.c,v 1.5 1999/12/02 17:05:13 joda Exp $"); +RCSID("$Id: transited.c,v 1.6 2000/02/07 03:19:43 assar Exp $"); /* this is an attempt at one of the most horrible `compression' schemes that has ever been invented; it's so amazingly brain-dead @@ -108,7 +108,7 @@ make_path(struct tr_realm *r, const char *from, const char *to) r->next = path; /* XXX */ return ENOMEM; } - strncpy(path->realm, from, p - from); + memcpy(path->realm, from, p - from); path->realm[p - from] = '\0'; p--; } @@ -256,7 +256,7 @@ decode_realms(const char *tr, int length, struct tr_realm **realms) } if(tr[i] == ','){ tmp = malloc(tr + i - start + 1); - strncpy(tmp, start, tr + i - start); + memcpy(tmp, start, tr + i - start); tmp[tr + i - start] = '\0'; r = make_realm(tmp); if(r == NULL){ @@ -268,7 +268,7 @@ decode_realms(const char *tr, int length, struct tr_realm **realms) } } tmp = malloc(tr + i - start + 1); - strncpy(tmp, start, tr + i - start); + memcpy(tmp, start, tr + i - start); tmp[tr + i - start] = '\0'; r = make_realm(tmp); if(r == NULL){ diff --git a/crypto/heimdal/lib/krb5/verify_init.c b/crypto/heimdal/lib/krb5/verify_init.c index 0f080ee..e7945ad 100644 --- a/crypto/heimdal/lib/krb5/verify_init.c +++ b/crypto/heimdal/lib/krb5/verify_init.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: verify_init.c,v 1.11 1999/12/02 17:05:13 joda Exp $"); +RCSID("$Id: verify_init.c,v 1.12 2000/01/21 05:47:35 assar Exp $"); void krb5_verify_init_creds_opt_init(krb5_verify_init_creds_opt *options) @@ -148,14 +148,14 @@ krb5_verify_init_creds(krb5_context context, ret = 0; goto cleanup; } - } else - new_creds = creds; + creds = new_creds; + } ret = krb5_mk_req_extended (context, &auth_context, 0, NULL, - new_creds, + creds, &req); krb5_auth_con_free (context, auth_context); @@ -179,7 +179,7 @@ cleanup: krb5_auth_con_free (context, auth_context); krb5_data_free (&req); krb5_kt_free_entry (context, &entry); - if (new_creds) + if (new_creds != NULL) krb5_free_creds (context, new_creds); if (ap_req_server == NULL && server) krb5_free_principal (context, server); -- cgit v1.1