From be0348cb75cae58cd1683f6fdbff884cb9bc405b Mon Sep 17 00:00:00 2001 From: dfr Date: Wed, 7 May 2008 13:53:12 +0000 Subject: Fix conflicts after heimdal-1.1 import and add build infrastructure. Import all non-style changes made by heimdal to our own libgssapi. --- crypto/heimdal/FREEBSD-Xlist | 3 + crypto/heimdal/acinclude.m4 | 10 + crypto/heimdal/admin/ktutil_locl.h | 16 +- crypto/heimdal/appl/ftp/ftp/ftp_locl.h | 2 +- crypto/heimdal/appl/su/Makefile.am | 11 +- crypto/heimdal/appl/su/su.c | 183 +- crypto/heimdal/cf/broken-getnameinfo.m4 | 28 - crypto/heimdal/cf/check-declaration.m4 | 25 - crypto/heimdal/kadmin/kadmin_locl.h | 91 +- crypto/heimdal/kadmin/version4.c | 1016 ------- crypto/heimdal/kdc/headers.h | 19 +- crypto/heimdal/kuser/kauth_options.c | 40 - crypto/heimdal/kuser/kinit_options.c | 40 - crypto/heimdal/lib/asn1/gen.h | 38 - crypto/heimdal/lib/asn1/x509.asn1 | 23 - crypto/heimdal/lib/gssapi/8003.c | 251 -- crypto/heimdal/lib/gssapi/accept_sec_context.c | 445 ---- crypto/heimdal/lib/gssapi/acquire_cred.c | 309 --- crypto/heimdal/lib/gssapi/add_cred.c | 234 -- crypto/heimdal/lib/gssapi/add_oid_set_member.c | 69 - crypto/heimdal/lib/gssapi/address_to_krb5addr.c | 76 - crypto/heimdal/lib/gssapi/arcfour.c | 623 ----- crypto/heimdal/lib/gssapi/arcfour.h | 98 - crypto/heimdal/lib/gssapi/canonicalize_name.c | 46 - crypto/heimdal/lib/gssapi/compare_name.c | 51 - crypto/heimdal/lib/gssapi/compat.c | 113 - crypto/heimdal/lib/gssapi/context_time.c | 85 - crypto/heimdal/lib/gssapi/copy_ccache.c | 58 - crypto/heimdal/lib/gssapi/create_emtpy_oid_set.c | 52 - crypto/heimdal/lib/gssapi/decapsulate.c | 184 -- crypto/heimdal/lib/gssapi/delete_sec_context.c | 69 - crypto/heimdal/lib/gssapi/display_name.c | 73 - crypto/heimdal/lib/gssapi/display_status.c | 187 -- crypto/heimdal/lib/gssapi/duplicate_name.c | 59 - crypto/heimdal/lib/gssapi/encapsulate.c | 122 - crypto/heimdal/lib/gssapi/export_name.c | 94 - crypto/heimdal/lib/gssapi/export_sec_context.c | 223 -- crypto/heimdal/lib/gssapi/external.c | 235 -- crypto/heimdal/lib/gssapi/get_mic.c | 295 --- crypto/heimdal/lib/gssapi/gssapi_locl.h | 180 -- crypto/heimdal/lib/gssapi/import_name.c | 229 -- crypto/heimdal/lib/gssapi/import_sec_context.c | 212 -- crypto/heimdal/lib/gssapi/indicate_mechs.c | 55 - crypto/heimdal/lib/gssapi/init.c | 44 - crypto/heimdal/lib/gssapi/init_sec_context.c | 578 ---- crypto/heimdal/lib/gssapi/inquire_context.c | 85 - crypto/heimdal/lib/gssapi/inquire_cred.c | 97 - crypto/heimdal/lib/gssapi/inquire_cred_by_mech.c | 80 - crypto/heimdal/lib/gssapi/inquire_mechs_for_name.c | 57 - crypto/heimdal/lib/gssapi/inquire_names_for_mech.c | 80 - crypto/heimdal/lib/gssapi/process_context_token.c | 65 - crypto/heimdal/lib/gssapi/release_buffer.c | 48 - crypto/heimdal/lib/gssapi/release_cred.c | 68 - crypto/heimdal/lib/gssapi/release_name.c | 50 - crypto/heimdal/lib/gssapi/release_oid_set.c | 49 - .../heimdal/lib/gssapi/spnego/accept_sec_context.c | 38 +- crypto/heimdal/lib/gssapi/spnego/spnego_locl.h | 2 +- crypto/heimdal/lib/gssapi/test_oid_set_member.c | 55 - crypto/heimdal/lib/gssapi/unwrap.c | 422 --- crypto/heimdal/lib/gssapi/v1.c | 104 - crypto/heimdal/lib/gssapi/verify_mic.c | 322 --- crypto/heimdal/lib/gssapi/wrap.c | 454 ---- crypto/heimdal/lib/hdb/convert_db.c | 213 -- crypto/heimdal/lib/hdb/hdb_locl.h | 5 +- crypto/heimdal/lib/kadm5/dump_log.c | 273 -- crypto/heimdal/lib/kadm5/replay_log.c | 129 - crypto/heimdal/lib/kadm5/truncate_log.c | 89 - crypto/heimdal/lib/krb5/crypto.c | 1570 +++++++---- crypto/heimdal/lib/krb5/dump_config.c | 71 - crypto/heimdal/lib/krb5/krb5_build_principal.3 | 101 - crypto/heimdal/lib/krb5/krb5_free_addresses.3 | 53 - crypto/heimdal/lib/krb5/krb5_free_principal.3 | 58 - crypto/heimdal/lib/krb5/krb5_locl.h | 134 +- crypto/heimdal/lib/krb5/krb5_principal_get_realm.3 | 81 - crypto/heimdal/lib/krb5/krb5_sname_to_principal.3 | 85 - crypto/heimdal/lib/roken/acconfig.h | 36 - crypto/heimdal/lib/roken/acinclude.m4 | 9 - crypto/heimdal/lib/roken/print_version.c | 78 - crypto/heimdal/lib/roken/resource.h | 15 - crypto/heimdal/ltconfig | 2797 -------------------- crypto/heimdal/mkinstalldirs | 150 -- crypto/heimdal/tools/build.sh | 212 -- 82 files changed, 1343 insertions(+), 13786 deletions(-) create mode 100644 crypto/heimdal/acinclude.m4 delete mode 100644 crypto/heimdal/cf/broken-getnameinfo.m4 delete mode 100644 crypto/heimdal/cf/check-declaration.m4 delete mode 100644 crypto/heimdal/kadmin/version4.c delete mode 100644 crypto/heimdal/kuser/kauth_options.c delete mode 100644 crypto/heimdal/kuser/kinit_options.c delete mode 100644 crypto/heimdal/lib/asn1/gen.h delete mode 100644 crypto/heimdal/lib/asn1/x509.asn1 delete mode 100644 crypto/heimdal/lib/gssapi/8003.c delete mode 100644 crypto/heimdal/lib/gssapi/accept_sec_context.c delete mode 100644 crypto/heimdal/lib/gssapi/acquire_cred.c delete mode 100644 crypto/heimdal/lib/gssapi/add_cred.c delete mode 100644 crypto/heimdal/lib/gssapi/add_oid_set_member.c delete mode 100644 crypto/heimdal/lib/gssapi/address_to_krb5addr.c delete mode 100644 crypto/heimdal/lib/gssapi/arcfour.c delete mode 100644 crypto/heimdal/lib/gssapi/arcfour.h delete mode 100644 crypto/heimdal/lib/gssapi/canonicalize_name.c delete mode 100644 crypto/heimdal/lib/gssapi/compare_name.c delete mode 100644 crypto/heimdal/lib/gssapi/compat.c delete mode 100644 crypto/heimdal/lib/gssapi/context_time.c delete mode 100644 crypto/heimdal/lib/gssapi/copy_ccache.c delete mode 100644 crypto/heimdal/lib/gssapi/create_emtpy_oid_set.c delete mode 100644 crypto/heimdal/lib/gssapi/decapsulate.c delete mode 100644 crypto/heimdal/lib/gssapi/delete_sec_context.c delete mode 100644 crypto/heimdal/lib/gssapi/display_name.c delete mode 100644 crypto/heimdal/lib/gssapi/display_status.c delete mode 100644 crypto/heimdal/lib/gssapi/duplicate_name.c delete mode 100644 crypto/heimdal/lib/gssapi/encapsulate.c delete mode 100644 crypto/heimdal/lib/gssapi/export_name.c delete mode 100644 crypto/heimdal/lib/gssapi/export_sec_context.c delete mode 100644 crypto/heimdal/lib/gssapi/external.c delete mode 100644 crypto/heimdal/lib/gssapi/get_mic.c delete mode 100644 crypto/heimdal/lib/gssapi/gssapi_locl.h delete mode 100644 crypto/heimdal/lib/gssapi/import_name.c delete mode 100644 crypto/heimdal/lib/gssapi/import_sec_context.c delete mode 100644 crypto/heimdal/lib/gssapi/indicate_mechs.c delete mode 100644 crypto/heimdal/lib/gssapi/init.c delete mode 100644 crypto/heimdal/lib/gssapi/init_sec_context.c delete mode 100644 crypto/heimdal/lib/gssapi/inquire_context.c delete mode 100644 crypto/heimdal/lib/gssapi/inquire_cred.c delete mode 100644 crypto/heimdal/lib/gssapi/inquire_cred_by_mech.c delete mode 100644 crypto/heimdal/lib/gssapi/inquire_mechs_for_name.c delete mode 100644 crypto/heimdal/lib/gssapi/inquire_names_for_mech.c delete mode 100644 crypto/heimdal/lib/gssapi/process_context_token.c delete mode 100644 crypto/heimdal/lib/gssapi/release_buffer.c delete mode 100644 crypto/heimdal/lib/gssapi/release_cred.c delete mode 100644 crypto/heimdal/lib/gssapi/release_name.c delete mode 100644 crypto/heimdal/lib/gssapi/release_oid_set.c delete mode 100644 crypto/heimdal/lib/gssapi/test_oid_set_member.c delete mode 100644 crypto/heimdal/lib/gssapi/unwrap.c delete mode 100644 crypto/heimdal/lib/gssapi/v1.c delete mode 100644 crypto/heimdal/lib/gssapi/verify_mic.c delete mode 100644 crypto/heimdal/lib/gssapi/wrap.c delete mode 100644 crypto/heimdal/lib/hdb/convert_db.c delete mode 100644 crypto/heimdal/lib/kadm5/dump_log.c delete mode 100644 crypto/heimdal/lib/kadm5/replay_log.c delete mode 100644 crypto/heimdal/lib/kadm5/truncate_log.c delete mode 100644 crypto/heimdal/lib/krb5/dump_config.c delete mode 100644 crypto/heimdal/lib/krb5/krb5_build_principal.3 delete mode 100644 crypto/heimdal/lib/krb5/krb5_free_addresses.3 delete mode 100644 crypto/heimdal/lib/krb5/krb5_free_principal.3 delete mode 100644 crypto/heimdal/lib/krb5/krb5_principal_get_realm.3 delete mode 100644 crypto/heimdal/lib/krb5/krb5_sname_to_principal.3 delete mode 100644 crypto/heimdal/lib/roken/acconfig.h delete mode 100644 crypto/heimdal/lib/roken/acinclude.m4 delete mode 100644 crypto/heimdal/lib/roken/print_version.c delete mode 100644 crypto/heimdal/lib/roken/resource.h delete mode 100755 crypto/heimdal/ltconfig delete mode 100755 crypto/heimdal/mkinstalldirs delete mode 100755 crypto/heimdal/tools/build.sh (limited to 'crypto') diff --git a/crypto/heimdal/FREEBSD-Xlist b/crypto/heimdal/FREEBSD-Xlist index 6695918..e0f0e3b 100644 --- a/crypto/heimdal/FREEBSD-Xlist +++ b/crypto/heimdal/FREEBSD-Xlist @@ -12,3 +12,6 @@ lib/des lib/editline lib/kdfs lib/otp +lib/gssapi/mech +lib/hcrypto +ylwrap diff --git a/crypto/heimdal/acinclude.m4 b/crypto/heimdal/acinclude.m4 new file mode 100644 index 0000000..3133232 --- /dev/null +++ b/crypto/heimdal/acinclude.m4 @@ -0,0 +1,10 @@ +dnl $Id: acinclude.m4 13337 2004-02-12 14:19:16Z lha $ +dnl $FreeBSD$ +dnl +dnl Only put things that for some reason can't live in the `cf' +dnl directory in this file. +dnl + +dnl $xId: misc.m4,v 1.1 1997/12/14 15:59:04 joda Exp $ +dnl +m4_define([upcase],`echo $1 | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`)dnl diff --git a/crypto/heimdal/admin/ktutil_locl.h b/crypto/heimdal/admin/ktutil_locl.h index cf6a6f3..c2d5e88 100644 --- a/crypto/heimdal/admin/ktutil_locl.h +++ b/crypto/heimdal/admin/ktutil_locl.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,7 +32,7 @@ */ /* - * $Id: ktutil_locl.h,v 1.18 2002/09/10 20:03:45 joda Exp $ + * $Id: ktutil_locl.h 14799 2005-04-15 05:02:39Z lha $ * $FreeBSD$ */ @@ -62,6 +62,7 @@ #include #include +#include extern krb5_context context; @@ -70,15 +71,6 @@ extern char *keytab_string; krb5_keytab ktutil_open_keytab(void); -int kt_add (int argc, char **argv); -int kt_change (int argc, char **argv); -int kt_copy (int argc, char **argv); -int kt_get (int argc, char **argv); -int kt_list(int argc, char **argv); -int kt_purge(int argc, char **argv); -int kt_remove(int argc, char **argv); -int kt_rename(int argc, char **argv); -int srvconv(int argc, char **argv); -int srvcreate(int argc, char **argv); +#include "ktutil-commands.h" #endif /* __KTUTIL_LOCL_H__ */ diff --git a/crypto/heimdal/appl/ftp/ftp/ftp_locl.h b/crypto/heimdal/appl/ftp/ftp/ftp_locl.h index f371ca1..25362c0 100644 --- a/crypto/heimdal/appl/ftp/ftp/ftp_locl.h +++ b/crypto/heimdal/appl/ftp/ftp/ftp_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: ftp_locl.h,v 1.37 2002/09/10 20:03:46 joda Exp $ */ +/* $Id: ftp_locl.h 11444 2002-09-10 20:03:49Z joda $ */ /* $FreeBSD$ */ #ifndef __FTP_LOCL_H__ diff --git a/crypto/heimdal/appl/su/Makefile.am b/crypto/heimdal/appl/su/Makefile.am index 357152e..6bb584f 100644 --- a/crypto/heimdal/appl/su/Makefile.am +++ b/crypto/heimdal/appl/su/Makefile.am @@ -1,17 +1,20 @@ -# $Id: Makefile.am,v 1.7 2001/08/28 08:31:22 assar Exp $ +# $Id: Makefile.am 21986 2007-10-19 05:22:57Z lha $ # $FreeBSD$ include $(top_srcdir)/Makefile.am.common -INCLUDES += $(INCLUDE_krb4) $(INCLUDE_des) +AM_CPPFLAGS += $(INCLUDE_krb4) $(INCLUDE_hcrypto) bin_PROGRAMS = su bin_SUIDS = su -su_SOURCES = su.c +su_SOURCES = su.c supaths.h +man_MANS = su.1 LDADD = $(LIB_kafs) \ $(top_builddir)/lib/krb5/libkrb5.la \ $(LIB_krb4) \ - $(LIB_des) \ + $(LIB_hcrypto) \ $(top_builddir)/lib/asn1/libasn1.la \ $(LIB_roken) + +EXTRA_DIST = $(man_MANS) diff --git a/crypto/heimdal/appl/su/su.c b/crypto/heimdal/appl/su/su.c index 757f39d..e8e4783 100644 --- a/crypto/heimdal/appl/su/su.c +++ b/crypto/heimdal/appl/su/su.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 - 2003 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -36,7 +36,7 @@ #include -RCSID("$Id: su.c,v 1.26.2.1 2003/05/06 12:06:44 joda Exp $"); +RCSID("$Id: su.c 21988 2007-10-19 05:36:54Z lha $"); #include #include @@ -53,6 +53,9 @@ RCSID("$Id: su.c,v 1.26.2.1 2003/05/06 12:06:44 joda Exp $"); #endif #include +#ifdef HAVE_CRYPT_H +#include +#endif #include "crypto-headers.h" #ifdef KRB5 @@ -66,13 +69,7 @@ RCSID("$Id: su.c,v 1.26.2.1 2003/05/06 12:06:44 joda Exp $"); #include #include -#ifndef _PATH_DEFPATH -#define _PATH_DEFPATH "/usr/bin:/bin" -#endif - -#ifndef _PATH_BSHELL -#define _PATH_BSHELL "/bin/sh" -#endif +#include "supaths.h" int kerberos_flag = 1; int csh_f_flag; @@ -175,7 +172,9 @@ krb5_verify(const struct passwd *login_info, { krb5_error_code ret; krb5_principal p; + krb5_realm *realms, *r; char *login_name = NULL; + int user_ok = 0; #if defined(HAVE_GETLOGIN) && !defined(POSIX_GETLOGIN) login_name = getlogin(); @@ -188,50 +187,63 @@ krb5_verify(const struct passwd *login_info, return 1; } - if (login_name == NULL || strcmp (login_name, "root") == 0) - login_name = login_info->pw_name; - if (strcmp (su_info->pw_name, "root") == 0) - ret = krb5_make_principal(context, &p, NULL, - login_name, - kerberos_instance, - NULL); - else - ret = krb5_make_principal(context, &p, NULL, - su_info->pw_name, - NULL); - if(ret) + ret = krb5_get_default_realms(context, &realms); + if (ret) return 1; + + /* Check all local realms */ + for (r = realms; *r != NULL && !user_ok; r++) { + + if (login_name == NULL || strcmp (login_name, "root") == 0) + login_name = login_info->pw_name; + if (strcmp (su_info->pw_name, "root") == 0) + ret = krb5_make_principal(context, &p, *r, + login_name, + kerberos_instance, + NULL); + else + ret = krb5_make_principal(context, &p, *r, + su_info->pw_name, + NULL); + if (ret) { + krb5_free_host_realm(context, realms); + return 1; + } - if(su_info->pw_uid != 0 || krb5_kuserok(context, p, su_info->pw_name)) { + /* if we are su-ing too root, check with krb5_kuserok */ + if (su_info->pw_uid == 0 && !krb5_kuserok(context, p, su_info->pw_name)) + continue; + ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &ccache); if(ret) { -#if 1 - krb5_warn(context, ret, "krb5_cc_gen_new"); -#endif + krb5_free_host_realm(context, realms); krb5_free_principal (context, p); return 1; } - ret = krb5_verify_user_lrealm(context, p, ccache, NULL, TRUE, NULL); + ret = krb5_verify_user(context, p, ccache, NULL, TRUE, NULL); krb5_free_principal (context, p); - if(ret) { + switch (ret) { + case 0: + user_ok = 1; + break; + case KRB5_LIBOS_PWDINTR : krb5_cc_destroy(context, ccache); - switch (ret) { - case KRB5_LIBOS_PWDINTR : - break; - case KRB5KRB_AP_ERR_BAD_INTEGRITY: - case KRB5KRB_AP_ERR_MODIFIED: - krb5_warnx(context, "Password incorrect"); - break; - default : - krb5_warn(context, ret, "krb5_verify_user"); - break; - } - return 1; + break; + case KRB5KRB_AP_ERR_BAD_INTEGRITY: + case KRB5KRB_AP_ERR_MODIFIED: + krb5_cc_destroy(context, ccache); + krb5_warnx(context, "Password incorrect"); + break; + default : + krb5_cc_destroy(context, ccache); + krb5_warn(context, ret, "krb5_verify_user"); + break; } - return 0; } - krb5_free_principal (context, p); - return 1; + krb5_free_host_realm(context, realms); + if (!user_ok) + return 1; + return 0; } static int @@ -249,8 +261,10 @@ krb5_start_session(void) ret = krb5_cc_copy_cache(context, ccache, ccache2); - asprintf(&cc_name, "%s:%s", krb5_cc_get_type(context, ccache2), - krb5_cc_get_name(context, ccache2)); + ret = asprintf(&cc_name, "%s:%s", krb5_cc_get_type(context, ccache2), + krb5_cc_get_name(context, ccache2)); + if (ret == -1) + errx(1, "malloc - out of memory"); esetenv("KRB5CCNAME", cc_name, 1); /* we want to export this even if we don't directly support KRB4 */ @@ -300,10 +314,12 @@ krb_verify(const struct passwd *login_info, krb_kuserok(name, instance, realm, su_info->pw_name) == 0) { char password[128]; char *prompt; - asprintf (&prompt, + ret = asprintf (&prompt, "%s's Password: ", krb_unparse_name_long (name, instance, realm)); - if (des_read_pw_string (password, sizeof (password), prompt, 0)) { + if (ret == -1) + return (1); + if (UI_UTIL_read_pw_string (password, sizeof (password), prompt, 0)) { memset (password, 0, sizeof (password)); free(prompt); return (1); @@ -341,8 +357,29 @@ krb_start_session(void) } #endif +#define GROUP_MEMBER 0 +#define GROUP_MISSING 1 +#define GROUP_EMPTY 2 +#define GROUP_NOT_MEMBER 3 + +static int +group_member_p(const char *group, const char *user) +{ + struct group *g; + int i; + g = getgrnam(group); + if(g == NULL) + return GROUP_MISSING; + if(g->gr_mem[0] == NULL) + return GROUP_EMPTY; + for(i = 0; g->gr_mem[i] != NULL; i++) + if(strcmp(user, g->gr_mem[i]) == 0) + return GROUP_MEMBER; + return GROUP_NOT_MEMBER; +} + static int -verify_unix(struct passwd *su) +verify_unix(struct passwd *login, struct passwd *su) { char prompt[128]; char pw_buf[1024]; @@ -350,13 +387,31 @@ verify_unix(struct passwd *su) int r; if(su->pw_passwd != NULL && *su->pw_passwd != '\0') { snprintf(prompt, sizeof(prompt), "%s's password: ", su->pw_name); - r = des_read_pw_string(pw_buf, sizeof(pw_buf), prompt, 0); + r = UI_UTIL_read_pw_string(pw_buf, sizeof(pw_buf), prompt, 0); if(r != 0) exit(0); pw = crypt(pw_buf, su->pw_passwd); memset(pw_buf, 0, sizeof(pw_buf)); - if(strcmp(pw, su->pw_passwd) != 0) + if(strcmp(pw, su->pw_passwd) != 0) { + syslog (LOG_ERR | LOG_AUTH, "%s to %s: incorrect password", + login->pw_name, su->pw_name); + return 1; + } + } + /* if su:ing to root, check membership of group wheel or root; if + that group doesn't exist, or is empty, allow anyone to su + root */ + if(su->pw_uid == 0) { +#ifndef ROOT_GROUP +#define ROOT_GROUP "wheel" +#endif + int gs = group_member_p(ROOT_GROUP, login->pw_name); + if(gs == GROUP_NOT_MEMBER) { + syslog (LOG_ERR | LOG_AUTH, "%s to %s: not in group %s", + login->pw_name, su->pw_name, ROOT_GROUP); return 1; + } + return 0; } return 0; } @@ -398,6 +453,9 @@ main(int argc, char **argv) else su_user = argv[optind++]; + if (!issuid() && getuid() != 0) + warnx("Not setuid and you are root, expect this to fail"); + pwd = k_getpwnam(su_user); if(pwd == NULL) errx (1, "unknown login %s", su_user); @@ -434,7 +492,7 @@ main(int argc, char **argv) ok = 4; #endif - if(ok == 0 && login_info->pw_uid && verify_unix(su_info) != 0) { + if(ok == 0 && login_info->pw_uid && verify_unix(login_info, su_info) != 0) { printf("Sorry!\n"); exit(1); } @@ -473,7 +531,7 @@ main(int argc, char **argv) #endif { char *tty = ttyname (STDERR_FILENO); - syslog (LOG_NOTICE | LOG_AUTH, tty ? "%s to %s" : "%s to %s on %s", + syslog (LOG_NOTICE | LOG_AUTH, tty ? "%s to %s on %s" : "%s to %s", login_info->pw_name, su_info->pw_name, tty); } @@ -481,11 +539,23 @@ main(int argc, char **argv) if(!env_flag) { if(full_login) { char *t = getenv ("TERM"); - - environ = malloc (10 * sizeof (char *)); + char **newenv = NULL; + int i, j; + + i = read_environment(_PATH_ETC_ENVIRONMENT, &newenv); + + environ = malloc ((10 + i) * sizeof (char *)); if (environ == NULL) err (1, "malloc"); environ[0] = NULL; + + for (j = 0; j < i; j++) { + char *p = strchr(newenv[j], '='); + *p++ = 0; + esetenv (newenv[j], p, 1); + } + free(newenv); + esetenv ("PATH", _PATH_DEFPATH, 1); if (t) esetenv ("TERM", t, 1); @@ -516,9 +586,10 @@ main(int argc, char **argv) if (args == NULL) err (1, "malloc"); i = 0; - if(full_login) - asprintf(&args[i++], "-%s", p); - else + if(full_login) { + if (asprintf(&args[i++], "-%s", p) == -1) + errx (1, "malloc"); + } else args[i++] = p; if (cmd) { args[i++] = "-c"; diff --git a/crypto/heimdal/cf/broken-getnameinfo.m4 b/crypto/heimdal/cf/broken-getnameinfo.m4 deleted file mode 100644 index bf2897b..0000000 --- a/crypto/heimdal/cf/broken-getnameinfo.m4 +++ /dev/null @@ -1,28 +0,0 @@ -dnl $Id: broken-getnameinfo.m4,v 1.2.12.1 2004/04/01 07:27:32 joda Exp $ -dnl -dnl test for broken AIX getnameinfo - -AC_DEFUN([rk_BROKEN_GETNAMEINFO],[ -AC_CACHE_CHECK([if getnameinfo is broken], ac_cv_func_getnameinfo_broken, -AC_TRY_RUN([[#include -#include -#include -#include -#include - -int -main(int argc, char **argv) -{ - struct sockaddr_in sin; - char host[256]; - memset(&sin, 0, sizeof(sin)); -#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN - sin.sin_len = sizeof(sin); -#endif - sin.sin_family = AF_INET; - sin.sin_addr.s_addr = 0xffffffff; - sin.sin_port = 0; - return getnameinfo((struct sockaddr*)&sin, sizeof(sin), host, sizeof(host), - NULL, 0, 0); -} -]], ac_cv_func_getnameinfo_broken=no, ac_cv_func_getnameinfo_broken=yes))]) diff --git a/crypto/heimdal/cf/check-declaration.m4 b/crypto/heimdal/cf/check-declaration.m4 deleted file mode 100644 index 18bdf8a..0000000 --- a/crypto/heimdal/cf/check-declaration.m4 +++ /dev/null @@ -1,25 +0,0 @@ -dnl $Id: check-declaration.m4,v 1.3.34.1 2004/04/01 07:27:32 joda Exp $ -dnl -dnl -dnl Check if we need the declaration of a variable -dnl - -dnl AC_HAVE_DECLARATION(includes, variable) -AC_DEFUN([AC_CHECK_DECLARATION], [ -AC_MSG_CHECKING([if $2 is properly declared]) -AC_CACHE_VAL(ac_cv_var_$2_declaration, [ -AC_TRY_COMPILE([$1 -extern struct { int foo; } $2;], -[$2.foo = 1;], -eval "ac_cv_var_$2_declaration=no", -eval "ac_cv_var_$2_declaration=yes") -]) - -define(foo, [HAVE_]translit($2, [a-z], [A-Z])[_DECLARATION]) - -AC_MSG_RESULT($ac_cv_var_$2_declaration) -if eval "test \"\$ac_cv_var_$2_declaration\" = yes"; then - AC_DEFINE(foo, 1, [define if your system declares $2]) -fi -undefine([foo]) -]) diff --git a/crypto/heimdal/kadmin/kadmin_locl.h b/crypto/heimdal/kadmin/kadmin_locl.h index 0b36127..1707c45 100644 --- a/crypto/heimdal/kadmin/kadmin_locl.h +++ b/crypto/heimdal/kadmin/kadmin_locl.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,7 +32,7 @@ */ /* - * $Id: kadmin_locl.h,v 1.41 2002/09/10 20:04:45 joda Exp $ + * $Id: kadmin_locl.h 17580 2006-05-13 21:28:56Z lha $ * $FreeBSD$ */ @@ -91,92 +91,57 @@ #include #include #include +#include #include #include #include #include #include - extern krb5_context context; extern void * kadm_handle; -#define DECL(X) int X(int, char **) - -DECL(add_new_key); -DECL(cpw_entry); -DECL(del_entry); -DECL(del_enctype); -DECL(exit_kadmin); -DECL(ext_keytab); -DECL(get_entry); -DECL(get_privs); -DECL(help); -DECL(list_princs); -DECL(mod_entry); -DECL(rename_entry); -DECL(init); -DECL(dump); -DECL(load); -DECL(merge); - #undef ALLOC #define ALLOC(X) ((X) = malloc(sizeof(*(X)))) /* util.c */ -void attributes2str(krb5_flags attributes, char *str, size_t len); -int str2attributes(const char *str, krb5_flags *flags); -int parse_attributes (const char *resp, krb5_flags *attr, int *mask, int bit); -int edit_attributes (const char *prompt, krb5_flags *attr, int *mask, - int bit); - -void time_t2str(time_t t, char *str, size_t len, int include_time); -int str2time_t (const char *str, time_t *time); -int parse_timet (const char *resp, krb5_timestamp *value, int *mask, int bit); -int edit_timet (const char *prompt, krb5_timestamp *value, int *mask, - int bit); - -void deltat2str(unsigned t, char *str, size_t len); -int str2deltat(const char *str, krb5_deltat *delta); -int parse_deltat (const char *resp, krb5_deltat *value, int *mask, int bit); -int edit_deltat (const char *prompt, krb5_deltat *value, int *mask, int bit); - -int edit_entry(kadm5_principal_ent_t ent, int *mask, - kadm5_principal_ent_t default_ent, int default_mask); -void set_defaults(kadm5_principal_ent_t ent, int *mask, - kadm5_principal_ent_t default_ent, int default_mask); -int set_entry(krb5_context context, - kadm5_principal_ent_t ent, - int *mask, - const char *max_ticket_life, - const char *max_renewable_life, - const char *expiration, - const char *pw_expiration, - const char *attributes); +void attributes2str(krb5_flags, char *, size_t); +int str2attributes(const char *, krb5_flags *); +int parse_attributes (const char *, krb5_flags *, int *, int); +int edit_attributes (const char *, krb5_flags *, int *, int); + +void time_t2str(time_t, char *, size_t, int); +int str2time_t (const char *, time_t *); +int parse_timet (const char *, krb5_timestamp *, int *, int); +int edit_timet (const char *, krb5_timestamp *, int *, + int); + +void deltat2str(unsigned, char *, size_t); +int str2deltat(const char *, krb5_deltat *); +int parse_deltat (const char *, krb5_deltat *, int *, int); +int edit_deltat (const char *, krb5_deltat *, int *, int); + +int edit_entry(kadm5_principal_ent_t, int *, kadm5_principal_ent_t, int); +void set_defaults(kadm5_principal_ent_t, int *, kadm5_principal_ent_t, int); +int set_entry(krb5_context, kadm5_principal_ent_t, int *, + const char *, const char *, const char *, + const char *, const char *); int -foreach_principal(const char *exp, - int (*func)(krb5_principal, void*), - const char *funcname, - void *data); +foreach_principal(const char *, int (*)(krb5_principal, void*), + const char *, void *); -int parse_des_key (const char *key_string, - krb5_key_data *key_data, const char **err); +int parse_des_key (const char *, krb5_key_data *, const char **); /* server.c */ krb5_error_code kadmind_loop (krb5_context, krb5_auth_context, krb5_keytab, int); -/* version4.c */ - -void -handle_v4(krb5_context context, krb5_keytab keytab, int len, int fd); - /* random_password.c */ void -random_password(char *pw, size_t len); +random_password(char *, size_t); /* kadm_conn.c */ diff --git a/crypto/heimdal/kadmin/version4.c b/crypto/heimdal/kadmin/version4.c deleted file mode 100644 index ffa9c07..0000000 --- a/crypto/heimdal/kadmin/version4.c +++ /dev/null @@ -1,1016 +0,0 @@ -/* - * Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of KTH nor the names of its contributors may be - * used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY - * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - -#include "kadmin_locl.h" -#include - -#define Principal krb4_Principal -#define kadm_get krb4_kadm_get -#undef ALLOC -#include -#include -#include -#include - -RCSID("$Id: version4.c,v 1.29.2.1 2004/04/29 12:29:23 lha Exp $"); - -#define KADM_NO_OPCODE -1 -#define KADM_NO_ENCRYPT -2 - -/* - * make an error packet if we fail encrypting - */ - -static void -make_you_lose_packet(int code, krb5_data *reply) -{ - krb5_data_alloc(reply, KADM_VERSIZE + 4); - memcpy(reply->data, KADM_ULOSE, KADM_VERSIZE); - _krb5_put_int((char*)reply->data + KADM_VERSIZE, code, 4); -} - -static int -ret_fields(krb5_storage *sp, char *fields) -{ - return krb5_storage_read(sp, fields, FLDSZ); -} - -static int -store_fields(krb5_storage *sp, char *fields) -{ - return krb5_storage_write(sp, fields, FLDSZ); -} - -static void -ret_vals(krb5_storage *sp, Kadm_vals *vals) -{ - int field; - char *tmp_string; - - memset(vals, 0, sizeof(*vals)); - - ret_fields(sp, vals->fields); - - for(field = 31; field >= 0; field--) { - if(IS_FIELD(field, vals->fields)) { - switch(field) { - case KADM_NAME: - krb5_ret_stringz(sp, &tmp_string); - strlcpy(vals->name, tmp_string, sizeof(vals->name)); - free(tmp_string); - break; - case KADM_INST: - krb5_ret_stringz(sp, &tmp_string); - strlcpy(vals->instance, tmp_string, - sizeof(vals->instance)); - free(tmp_string); - break; - case KADM_EXPDATE: - krb5_ret_int32(sp, &vals->exp_date); - break; - case KADM_ATTR: - krb5_ret_int16(sp, &vals->attributes); - break; - case KADM_MAXLIFE: - krb5_ret_int8(sp, &vals->max_life); - break; - case KADM_DESKEY: - krb5_ret_int32(sp, &vals->key_high); - krb5_ret_int32(sp, &vals->key_low); - break; -#ifdef EXTENDED_KADM - case KADM_MODDATE: - krb5_ret_int32(sp, &vals->mod_date); - break; - case KADM_MODNAME: - krb5_ret_stringz(sp, &tmp_string); - strlcpy(vals->mod_name, tmp_string, - sizeof(vals->mod_name)); - free(tmp_string); - break; - case KADM_MODINST: - krb5_ret_stringz(sp, &tmp_string); - strlcpy(vals->mod_instance, tmp_string, - sizeof(vals->mod_instance)); - free(tmp_string); - break; - case KADM_KVNO: - krb5_ret_int8(sp, &vals->key_version); - break; -#endif - default: - break; - } - } - } -} - -static void -store_vals(krb5_storage *sp, Kadm_vals *vals) -{ - int field; - - store_fields(sp, vals->fields); - - for(field = 31; field >= 0; field--) { - if(IS_FIELD(field, vals->fields)) { - switch(field) { - case KADM_NAME: - krb5_store_stringz(sp, vals->name); - break; - case KADM_INST: - krb5_store_stringz(sp, vals->instance); - break; - case KADM_EXPDATE: - krb5_store_int32(sp, vals->exp_date); - break; - case KADM_ATTR: - krb5_store_int16(sp, vals->attributes); - break; - case KADM_MAXLIFE: - krb5_store_int8(sp, vals->max_life); - break; - case KADM_DESKEY: - krb5_store_int32(sp, vals->key_high); - krb5_store_int32(sp, vals->key_low); - break; -#ifdef EXTENDED_KADM - case KADM_MODDATE: - krb5_store_int32(sp, vals->mod_date); - break; - case KADM_MODNAME: - krb5_store_stringz(sp, vals->mod_name); - break; - case KADM_MODINST: - krb5_store_stringz(sp, vals->mod_instance); - break; - case KADM_KVNO: - krb5_store_int8(sp, vals->key_version); - break; -#endif - default: - break; - } - } - } -} - -static int -flags_4_to_5(char *flags) -{ - int i; - int32_t mask = 0; - for(i = 31; i >= 0; i--) { - if(IS_FIELD(i, flags)) - switch(i) { - case KADM_NAME: - case KADM_INST: - mask |= KADM5_PRINCIPAL; - case KADM_EXPDATE: - mask |= KADM5_PRINC_EXPIRE_TIME; - case KADM_MAXLIFE: - mask |= KADM5_MAX_LIFE; -#ifdef EXTENDED_KADM - case KADM_KVNO: - mask |= KADM5_KEY_DATA; - case KADM_MODDATE: - mask |= KADM5_MOD_TIME; - case KADM_MODNAME: - case KADM_MODINST: - mask |= KADM5_MOD_NAME; -#endif - } - } - return mask; -} - -static void -ent_to_values(krb5_context context, - kadm5_principal_ent_t ent, - int32_t mask, - Kadm_vals *vals) -{ - krb5_error_code ret; - char realm[REALM_SZ]; - time_t exp = 0; - - memset(vals, 0, sizeof(*vals)); - if(mask & KADM5_PRINCIPAL) { - ret = krb5_524_conv_principal(context, ent->principal, - vals->name, vals->instance, realm); - SET_FIELD(KADM_NAME, vals->fields); - SET_FIELD(KADM_INST, vals->fields); - } - if(mask & KADM5_PRINC_EXPIRE_TIME) { - if(ent->princ_expire_time != 0) - exp = ent->princ_expire_time; - } - if(mask & KADM5_PW_EXPIRATION) { - if(ent->pw_expiration != 0 && (exp == 0 || exp > ent->pw_expiration)) - exp = ent->pw_expiration; - } - if(exp) { - vals->exp_date = exp; - SET_FIELD(KADM_EXPDATE, vals->fields); - } - if(mask & KADM5_MAX_LIFE) { - if(ent->max_life == 0) - vals->max_life = 255; - else - vals->max_life = krb_time_to_life(0, ent->max_life); - SET_FIELD(KADM_MAXLIFE, vals->fields); - } - if(mask & KADM5_KEY_DATA) { - if(ent->n_key_data > 0) { -#ifdef EXTENDED_KADM - vals->key_version = ent->key_data[0].key_data_kvno; - SET_FIELD(KADM_KVNO, vals->fields); -#endif - } - /* XXX the key itself? */ - } -#ifdef EXTENDED_KADM - if(mask & KADM5_MOD_TIME) { - vals->mod_date = ent->mod_date; - SET_FIELD(KADM_MODDATE, vals->fields); - } - if(mask & KADM5_MOD_NAME) { - krb5_524_conv_principal(context, ent->mod_name, - vals->mod_name, vals->mod_instance, realm); - SET_FIELD(KADM_MODNAME, vals->fields); - SET_FIELD(KADM_MODINST, vals->fields); - } -#endif -} - -/* - * convert the kadm4 values in `vals' to `ent' (and `mask') - */ - -static krb5_error_code -values_to_ent(krb5_context context, - Kadm_vals *vals, - kadm5_principal_ent_t ent, - int32_t *mask) -{ - krb5_error_code ret; - *mask = 0; - memset(ent, 0, sizeof(*ent)); - - if(IS_FIELD(KADM_NAME, vals->fields)) { - char *inst = NULL; - if(IS_FIELD(KADM_INST, vals->fields)) - inst = vals->instance; - ret = krb5_425_conv_principal(context, - vals->name, - inst, - NULL, - &ent->principal); - if(ret) - return ret; - *mask |= KADM5_PRINCIPAL; - } - if(IS_FIELD(KADM_EXPDATE, vals->fields)) { - ent->princ_expire_time = vals->exp_date; - *mask |= KADM5_PRINC_EXPIRE_TIME; - } - if(IS_FIELD(KADM_MAXLIFE, vals->fields)) { - ent->max_life = krb_life_to_time(0, vals->max_life); - *mask |= KADM5_MAX_LIFE; - } - - if(IS_FIELD(KADM_DESKEY, vals->fields)) { - int i; - ent->key_data = calloc(3, sizeof(*ent->key_data)); - if(ent->key_data == NULL) - return ENOMEM; - for(i = 0; i < 3; i++) { - u_int32_t key_low, key_high; - - ent->key_data[i].key_data_ver = 2; -#ifdef EXTENDED_KADM - if(IS_FIELD(KADM_KVNO, vals->fields)) - ent->key_data[i].key_data_kvno = vals->key_version; -#endif - ent->key_data[i].key_data_type[0] = ETYPE_DES_CBC_MD5; - ent->key_data[i].key_data_length[0] = 8; - if((ent->key_data[i].key_data_contents[0] = malloc(8)) == NULL) - return ENOMEM; - - key_low = ntohl(vals->key_low); - key_high = ntohl(vals->key_high); - memcpy(ent->key_data[i].key_data_contents[0], - &key_low, 4); - memcpy((char*)ent->key_data[i].key_data_contents[0] + 4, - &key_high, 4); - ent->key_data[i].key_data_type[1] = KRB5_PW_SALT; - ent->key_data[i].key_data_length[1] = 0; - ent->key_data[i].key_data_contents[1] = NULL; - } - ent->key_data[1].key_data_type[0] = ETYPE_DES_CBC_MD4; - ent->key_data[2].key_data_type[0] = ETYPE_DES_CBC_CRC; - ent->n_key_data = 3; - *mask |= KADM5_KEY_DATA; - } - -#ifdef EXTENDED_KADM - if(IS_FIELD(KADM_MODDATE, vals->fields)) { - ent->mod_date = vals->mod_date; - *mask |= KADM5_MOD_TIME; - } - if(IS_FIELD(KADM_MODNAME, vals->fields)) { - char *inst = NULL; - if(IS_FIELD(KADM_MODINST, vals->fields)) - inst = vals->mod_instance; - ret = krb5_425_conv_principal(context, - vals->mod_name, - inst, - NULL, - &ent->mod_name); - if(ret) - return ret; - *mask |= KADM5_MOD_NAME; - } -#endif - return 0; -} - -/* - * Try to translate a KADM5 error code into a v4 kadmin one. - */ - -static int -error_code(int ret) -{ - switch (ret) { - case 0: - return 0; - case KADM5_FAILURE : - case KADM5_AUTH_GET : - case KADM5_AUTH_ADD : - case KADM5_AUTH_MODIFY : - case KADM5_AUTH_DELETE : - case KADM5_AUTH_INSUFFICIENT : - return KADM_UNAUTH; - case KADM5_BAD_DB : - return KADM_UK_RERROR; - case KADM5_DUP : - return KADM_INUSE; - case KADM5_RPC_ERROR : - case KADM5_NO_SRV : - return KADM_NO_SERV; - case KADM5_NOT_INIT : - return KADM_NO_CONN; - case KADM5_UNK_PRINC : - return KADM_NOENTRY; - case KADM5_PASS_Q_TOOSHORT : -#ifdef KADM_PASS_Q_TOOSHORT - return KADM_PASS_Q_TOOSHORT; -#else - return KADM_INSECURE_PW; -#endif - case KADM5_PASS_Q_CLASS : -#ifdef KADM_PASS_Q_CLASS - return KADM_PASS_Q_CLASS; -#else - return KADM_INSECURE_PW; -#endif - case KADM5_PASS_Q_DICT : -#ifdef KADM_PASS_Q_DICT - return KADM_PASS_Q_DICT; -#else - return KADM_INSECURE_PW; -#endif - case KADM5_PASS_REUSE : - case KADM5_PASS_TOOSOON : - case KADM5_BAD_PASSWORD : - return KADM_INSECURE_PW; - case KADM5_PROTECT_PRINCIPAL : - return KADM_IMMUTABLE; - case KADM5_POLICY_REF : - case KADM5_INIT : - case KADM5_BAD_HIST_KEY : - case KADM5_UNK_POLICY : - case KADM5_BAD_MASK : - case KADM5_BAD_CLASS : - case KADM5_BAD_LENGTH : - case KADM5_BAD_POLICY : - case KADM5_BAD_PRINCIPAL : - case KADM5_BAD_AUX_ATTR : - case KADM5_BAD_HISTORY : - case KADM5_BAD_MIN_PASS_LIFE : - case KADM5_BAD_SERVER_HANDLE : - case KADM5_BAD_STRUCT_VERSION : - case KADM5_OLD_STRUCT_VERSION : - case KADM5_NEW_STRUCT_VERSION : - case KADM5_BAD_API_VERSION : - case KADM5_OLD_LIB_API_VERSION : - case KADM5_OLD_SERVER_API_VERSION : - case KADM5_NEW_LIB_API_VERSION : - case KADM5_NEW_SERVER_API_VERSION : - case KADM5_SECURE_PRINC_MISSING : - case KADM5_NO_RENAME_SALT : - case KADM5_BAD_CLIENT_PARAMS : - case KADM5_BAD_SERVER_PARAMS : - case KADM5_AUTH_LIST : - case KADM5_AUTH_CHANGEPW : - case KADM5_BAD_TL_TYPE : - case KADM5_MISSING_CONF_PARAMS : - case KADM5_BAD_SERVER_NAME : - default : - return KADM_UNAUTH; /* XXX */ - } -} - -/* - * server functions - */ - -static int -kadm_ser_cpw(krb5_context context, - void *kadm_handle, - krb5_principal principal, - const char *principal_string, - krb5_storage *message, - krb5_storage *reply) -{ - char key[8]; - char *password = NULL; - krb5_error_code ret; - - krb5_warnx(context, "v4-compat %s: CHPASS %s", - principal_string, principal_string); - - ret = krb5_storage_read(message, key + 4, 4); - ret = krb5_storage_read(message, key, 4); - ret = krb5_ret_stringz(message, &password); - - if(password) { - krb5_data pwd_data; - const char *tmp; - - pwd_data.data = password; - pwd_data.length = strlen(password); - - tmp = kadm5_check_password_quality (context, principal, &pwd_data); - - if (tmp != NULL) { - krb5_store_stringz (reply, (char *)tmp); - ret = KADM5_PASS_Q_DICT; - goto fail; - } - ret = kadm5_chpass_principal(kadm_handle, principal, password); - } else { - krb5_key_data key_data[3]; - int i; - for(i = 0; i < 3; i++) { - key_data[i].key_data_ver = 2; - key_data[i].key_data_kvno = 0; - /* key */ - key_data[i].key_data_type[0] = ETYPE_DES_CBC_CRC; - key_data[i].key_data_length[0] = 8; - key_data[i].key_data_contents[0] = malloc(8); - memcpy(key_data[i].key_data_contents[0], &key, 8); - /* salt */ - key_data[i].key_data_type[1] = KRB5_PW_SALT; - key_data[i].key_data_length[1] = 0; - key_data[i].key_data_contents[1] = NULL; - } - key_data[0].key_data_type[0] = ETYPE_DES_CBC_MD5; - key_data[1].key_data_type[0] = ETYPE_DES_CBC_MD4; - ret = kadm5_s_chpass_principal_with_key(kadm_handle, - principal, 3, key_data); - } - - if(ret != 0) { - krb5_store_stringz(reply, (char*)krb5_get_err_text(context, ret)); - goto fail; - } - return 0; -fail: - krb5_warn(context, ret, "v4-compat CHPASS"); - return error_code(ret); -} - -static int -kadm_ser_add(krb5_context context, - void *kadm_handle, - krb5_principal principal, - const char *principal_string, - krb5_storage *message, - krb5_storage *reply) -{ - int32_t mask; - kadm5_principal_ent_rec ent, out; - Kadm_vals values; - krb5_error_code ret; - char name[128]; - - ret_vals(message, &values); - - ret = values_to_ent(context, &values, &ent, &mask); - if(ret) - goto fail; - - krb5_unparse_name_fixed(context, ent.principal, name, sizeof(name)); - krb5_warnx(context, "v4-compat %s: ADD %s", - principal_string, name); - - ret = _kadm5_acl_check_permission (kadm_handle, KADM5_PRIV_ADD, - ent.principal); - if (ret) - goto fail; - - ret = kadm5_s_create_principal_with_key(kadm_handle, &ent, mask); - if(ret) { - kadm5_free_principal_ent(kadm_handle, &ent); - goto fail; - } - - mask = KADM5_PRINCIPAL | KADM5_PRINC_EXPIRE_TIME | KADM5_MAX_LIFE | - KADM5_KEY_DATA | KADM5_MOD_TIME | KADM5_MOD_NAME; - - kadm5_get_principal(kadm_handle, ent.principal, &out, mask); - ent_to_values(context, &out, mask, &values); - kadm5_free_principal_ent(kadm_handle, &ent); - kadm5_free_principal_ent(kadm_handle, &out); - store_vals(reply, &values); - return 0; -fail: - krb5_warn(context, ret, "v4-compat ADD"); - return error_code(ret); -} - -static int -kadm_ser_get(krb5_context context, - void *kadm_handle, - krb5_principal principal, - const char *principal_string, - krb5_storage *message, - krb5_storage *reply) -{ - krb5_error_code ret; - Kadm_vals values; - kadm5_principal_ent_rec ent, out; - int32_t mask; - char flags[FLDSZ]; - char name[128]; - - ret_vals(message, &values); - /* XXX BRAIN DAMAGE! these flags are not stored in the same order - as in the header */ - krb5_ret_int8(message, &flags[3]); - krb5_ret_int8(message, &flags[2]); - krb5_ret_int8(message, &flags[1]); - krb5_ret_int8(message, &flags[0]); - ret = values_to_ent(context, &values, &ent, &mask); - if(ret) - goto fail; - - krb5_unparse_name_fixed(context, ent.principal, name, sizeof(name)); - krb5_warnx(context, "v4-compat %s: GET %s", - principal_string, name); - - ret = _kadm5_acl_check_permission (kadm_handle, KADM5_PRIV_GET, - ent.principal); - if (ret) - goto fail; - - mask = flags_4_to_5(flags); - - ret = kadm5_get_principal(kadm_handle, ent.principal, &out, mask); - kadm5_free_principal_ent(kadm_handle, &ent); - - if (ret) - goto fail; - - ent_to_values(context, &out, mask, &values); - - kadm5_free_principal_ent(kadm_handle, &out); - - store_vals(reply, &values); - return 0; -fail: - krb5_warn(context, ret, "v4-compat GET"); - return error_code(ret); -} - -static int -kadm_ser_mod(krb5_context context, - void *kadm_handle, - krb5_principal principal, - const char *principal_string, - krb5_storage *message, - krb5_storage *reply) -{ - Kadm_vals values1, values2; - kadm5_principal_ent_rec ent, out; - int32_t mask; - krb5_error_code ret; - char name[128]; - - ret_vals(message, &values1); - /* why are the old values sent? is the mask the same in the old and - the new entry? */ - ret_vals(message, &values2); - - ret = values_to_ent(context, &values2, &ent, &mask); - if(ret) - goto fail; - - krb5_unparse_name_fixed(context, ent.principal, name, sizeof(name)); - krb5_warnx(context, "v4-compat %s: MOD %s", - principal_string, name); - - ret = _kadm5_acl_check_permission (kadm_handle, KADM5_PRIV_MODIFY, - ent.principal); - if (ret) - goto fail; - - ret = kadm5_s_modify_principal(kadm_handle, &ent, mask); - if(ret) { - kadm5_free_principal_ent(kadm_handle, &ent); - krb5_warn(context, ret, "kadm5_s_modify_principal"); - goto fail; - } - - ret = kadm5_get_principal(kadm_handle, ent.principal, &out, mask); - if(ret) { - kadm5_free_principal_ent(kadm_handle, &ent); - krb5_warn(context, ret, "kadm5_s_modify_principal"); - goto fail; - } - - ent_to_values(context, &out, mask, &values1); - - kadm5_free_principal_ent(kadm_handle, &ent); - kadm5_free_principal_ent(kadm_handle, &out); - - store_vals(reply, &values1); - return 0; -fail: - krb5_warn(context, ret, "v4-compat MOD"); - return error_code(ret); -} - -static int -kadm_ser_del(krb5_context context, - void *kadm_handle, - krb5_principal principal, - const char *principal_string, - krb5_storage *message, - krb5_storage *reply) -{ - Kadm_vals values; - kadm5_principal_ent_rec ent; - int32_t mask; - krb5_error_code ret; - char name[128]; - - ret_vals(message, &values); - - ret = values_to_ent(context, &values, &ent, &mask); - if(ret) - goto fail; - - krb5_unparse_name_fixed(context, ent.principal, name, sizeof(name)); - krb5_warnx(context, "v4-compat %s: DEL %s", - principal_string, name); - - ret = _kadm5_acl_check_permission (kadm_handle, KADM5_PRIV_DELETE, - ent.principal); - if (ret) - goto fail; - - ret = kadm5_delete_principal(kadm_handle, ent.principal); - - kadm5_free_principal_ent(kadm_handle, &ent); - - if (ret) - goto fail; - - return 0; -fail: - krb5_warn(context, ret, "v4-compat ADD"); - return error_code(ret); -} - -static int -dispatch(krb5_context context, - void *kadm_handle, - krb5_principal principal, - const char *principal_string, - krb5_data msg, - krb5_data *reply) -{ - int retval; - int8_t command; - krb5_storage *sp_in, *sp_out; - - sp_in = krb5_storage_from_data(&msg); - krb5_ret_int8(sp_in, &command); - - sp_out = krb5_storage_emem(); - krb5_storage_write(sp_out, KADM_VERSTR, KADM_VERSIZE); - krb5_store_int32(sp_out, 0); - - switch(command) { - case CHANGE_PW: - retval = kadm_ser_cpw(context, kadm_handle, principal, - principal_string, - sp_in, sp_out); - break; - case ADD_ENT: - retval = kadm_ser_add(context, kadm_handle, principal, - principal_string, - sp_in, sp_out); - break; - case GET_ENT: - retval = kadm_ser_get(context, kadm_handle, principal, - principal_string, - sp_in, sp_out); - break; - case MOD_ENT: - retval = kadm_ser_mod(context, kadm_handle, principal, - principal_string, - sp_in, sp_out); - break; - case DEL_ENT: - retval = kadm_ser_del(context, kadm_handle, principal, - principal_string, - sp_in, sp_out); - break; - default: - krb5_warnx(context, "v4-compat %s: unknown opcode: %d", - principal_string, command); - retval = KADM_NO_OPCODE; - break; - } - krb5_storage_free(sp_in); - if(retval) { - krb5_storage_seek(sp_out, KADM_VERSIZE, SEEK_SET); - krb5_store_int32(sp_out, retval); - } - krb5_storage_to_data(sp_out, reply); - krb5_storage_free(sp_out); - return retval; -} - -/* - * Decode a v4 kadmin packet in `message' and create a reply in `reply' - */ - -static void -decode_packet(krb5_context context, - krb5_keytab keytab, - struct sockaddr_in *admin_addr, - struct sockaddr_in *client_addr, - krb5_data message, - krb5_data *reply) -{ - int ret; - KTEXT_ST authent; - AUTH_DAT ad; - MSG_DAT msg_dat; - off_t off = 0; - unsigned long rlen; - char sname[] = "changepw", sinst[] = "kerberos"; - unsigned long checksum; - des_key_schedule schedule; - char *msg = message.data; - void *kadm_handle; - krb5_principal client; - char *client_str; - krb5_keytab_entry entry; - - if(message.length < KADM_VERSIZE + 4 - || strncmp(msg, KADM_VERSTR, KADM_VERSIZE) != 0) { - make_you_lose_packet (KADM_BAD_VER, reply); - return; - } - - off = KADM_VERSIZE; - off += _krb5_get_int(msg + off, &rlen, 4); - memset(&authent, 0, sizeof(authent)); - authent.length = message.length - rlen - KADM_VERSIZE - 4; - - if(rlen > message.length - KADM_VERSIZE - 4 - || authent.length > MAX_KTXT_LEN) { - krb5_warnx(context, "received bad rlen (%lu)", (unsigned long)rlen); - make_you_lose_packet (KADM_LENGTH_ERROR, reply); - return; - } - - memcpy(authent.dat, (char*)msg + off, authent.length); - off += authent.length; - - { - krb5_principal principal; - krb5_keyblock *key; - - ret = krb5_make_principal(context, &principal, NULL, - "changepw", "kerberos", NULL); - if (ret) { - krb5_warn (context, ret, "krb5_make_principal"); - make_you_lose_packet (KADM_NOMEM, reply); - return; - } - ret = krb5_kt_get_entry (context, keytab, principal, 0, - ETYPE_DES_CBC_MD5, &entry); - krb5_kt_close (context, keytab); - if (ret) { - krb5_free_principal(context, principal); - make_you_lose_packet (KADM_NO_AUTH, reply); - return; - } - ret = krb5_copy_keyblock (context, &entry.keyblock,& key); - krb5_kt_free_entry(context, &entry); - krb5_free_principal(context, principal); - if(ret) { - if(ret == KRB5_KT_NOTFOUND) - make_you_lose_packet(KADM_NO_AUTH, reply); - else - /* XXX */ - make_you_lose_packet(KADM_NO_AUTH, reply); - krb5_warn(context, ret, "krb5_kt_read_service_key"); - return; - } - - if(key->keyvalue.length != 8) - krb5_abortx(context, "key has wrong length (%lu)", - (unsigned long)key->keyvalue.length); - krb_set_key(key->keyvalue.data, 0); - krb5_free_keyblock(context, key); - } - - ret = krb_rd_req(&authent, sname, sinst, - client_addr->sin_addr.s_addr, &ad, NULL); - - if(ret) { - make_you_lose_packet(ERROR_TABLE_BASE_krb + ret, reply); - krb5_warnx(context, "krb_rd_req: %d", ret); - return; - } - - ret = krb5_425_conv_principal(context, ad.pname, ad.pinst, ad.prealm, - &client); - if (ret) { - krb5_warnx (context, "krb5_425_conv_principal: %d", ret); - make_you_lose_packet (KADM_NOMEM, reply); - return; - } - - krb5_unparse_name(context, client, &client_str); - - ret = kadm5_init_with_password_ctx(context, - client_str, - NULL, - KADM5_ADMIN_SERVICE, - NULL, 0, 0, - &kadm_handle); - if (ret) { - krb5_warn (context, ret, "kadm5_init_with_password_ctx"); - make_you_lose_packet (KADM_NOMEM, reply); - goto out; - } - - checksum = des_quad_cksum((void *)(msg + off), NULL, rlen, 0, &ad.session); - if(checksum != ad.checksum) { - krb5_warnx(context, "decode_packet: bad checksum"); - make_you_lose_packet (KADM_BAD_CHK, reply); - goto out; - } - des_set_key(&ad.session, schedule); - ret = krb_rd_priv(msg + off, rlen, schedule, &ad.session, - client_addr, admin_addr, &msg_dat); - if (ret) { - make_you_lose_packet (ERROR_TABLE_BASE_krb + ret, reply); - krb5_warnx(context, "krb_rd_priv: %d", ret); - goto out; - } - - { - krb5_data d, r; - int retval; - - d.data = msg_dat.app_data; - d.length = msg_dat.app_length; - - retval = dispatch(context, kadm_handle, - client, client_str, d, &r); - krb5_data_alloc(reply, r.length + 26); - reply->length = krb_mk_priv(r.data, reply->data, r.length, - schedule, &ad.session, - admin_addr, client_addr); - if((ssize_t)reply->length < 0) { - make_you_lose_packet(KADM_NO_ENCRYPT, reply); - goto out; - } - } -out: - krb5_free_principal(context, client); - free(client_str); -} - -void -handle_v4(krb5_context context, - krb5_keytab keytab, - int len, - int fd) -{ - int first = 1; - struct sockaddr_in admin_addr, client_addr; - socklen_t addr_len; - krb5_data message, reply; - ssize_t n; - - addr_len = sizeof(client_addr); - if (getsockname(fd, (struct sockaddr*)&admin_addr, &addr_len) < 0) - krb5_errx (context, 1, "getsockname"); - addr_len = sizeof(client_addr); - if (getpeername(fd, (struct sockaddr*)&client_addr, &addr_len) < 0) - krb5_errx (context, 1, "getpeername"); - - while(1) { - doing_useful_work = 0; - if(term_flag) - exit(0); - if(first) { - if (len < 2) - krb5_errx(context, 1, "received too short len (%d < 2)", len); - /* first time around, we have already read len, and two - bytes of the version string */ - krb5_data_alloc(&message, len); - memcpy(message.data, "KA", 2); - n = krb5_net_read(context, &fd, (char*)message.data + 2, - len - 2); - if (n == 0) - exit (0); - if (n < 0) - krb5_err (context, 1, errno, "krb5_net_read"); - first = 0; - } else { - char buf[2]; - unsigned long tmp; - ssize_t n; - - n = krb5_net_read(context, &fd, buf, sizeof(2)); - if (n == 0) - exit (0); - if (n < 0) - krb5_err (context, 1, errno, "krb5_net_read"); - _krb5_get_int(buf, &tmp, 2); - krb5_data_alloc(&message, tmp); - n = krb5_net_read(context, &fd, message.data, message.length); - if (n == 0) - krb5_errx (context, 1, "EOF in krb5_net_read"); - if (n < 0) - krb5_err (context, 1, errno, "krb5_net_read"); - } - doing_useful_work = 1; - decode_packet(context, keytab, &admin_addr, &client_addr, - message, &reply); - krb5_data_free(&message); - { - char buf[2]; - - _krb5_put_int(buf, reply.length, sizeof(buf)); - n = krb5_net_write(context, &fd, buf, sizeof(buf)); - if (n < 0) - krb5_err (context, 1, errno, "krb5_net_write"); - n = krb5_net_write(context, &fd, reply.data, reply.length); - if (n < 0) - krb5_err (context, 1, errno, "krb5_net_write"); - krb5_data_free(&reply); - } - } -} diff --git a/crypto/heimdal/kdc/headers.h b/crypto/heimdal/kdc/headers.h index 96db924..bdbc156 100644 --- a/crypto/heimdal/kdc/headers.h +++ b/crypto/heimdal/kdc/headers.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,7 +32,7 @@ */ /* - * $Id: headers.h,v 1.15 2002/09/10 20:04:46 joda Exp $ + * $Id: headers.h 19658 2007-01-04 00:15:34Z lha $ * $FreeBSD$ */ @@ -73,6 +73,9 @@ #ifdef HAVE_ARPA_INET_H #include #endif +#ifdef HAVE_SYS_WAIT_H +#include +#endif #ifdef HAVE_NETDB_H #include #endif @@ -89,16 +92,14 @@ #include #include #include +#include +#include #include #include -#include /* copy_octet_string */ +#include -#ifdef KRB4 -#include -#include -#define Principal Principal4 -#include -#endif +#include +#include #undef ALLOC #define ALLOC(X) ((X) = malloc(sizeof(*(X)))) diff --git a/crypto/heimdal/kuser/kauth_options.c b/crypto/heimdal/kuser/kauth_options.c deleted file mode 100644 index c432d32..0000000 --- a/crypto/heimdal/kuser/kauth_options.c +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright (c) 1998 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "kuser_locl.h" -RCSID("$Id: kauth_options.c,v 1.2 1999/12/02 17:05:00 joda Exp $"); - -#ifdef KRB4 -int do_afslog = 1; -int get_v4_tgt = 1; -#endif diff --git a/crypto/heimdal/kuser/kinit_options.c b/crypto/heimdal/kuser/kinit_options.c deleted file mode 100644 index 5a7dcd9..0000000 --- a/crypto/heimdal/kuser/kinit_options.c +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright (c) 1998 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "kuser_locl.h" -RCSID("$Id: kinit_options.c,v 1.2 1999/12/02 17:05:01 joda Exp $"); - -#ifdef KRB4 -int do_afslog = 0; -int get_v4_tgt = 0; -#endif diff --git a/crypto/heimdal/lib/asn1/gen.h b/crypto/heimdal/lib/asn1/gen.h deleted file mode 100644 index 369b6e3..0000000 --- a/crypto/heimdal/lib/asn1/gen.h +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright (c) 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* $Id: gen.h,v 1.4 1999/12/02 17:05:02 joda Exp $ */ - -#include -#include "symbol.h" - diff --git a/crypto/heimdal/lib/asn1/x509.asn1 b/crypto/heimdal/lib/asn1/x509.asn1 deleted file mode 100644 index 4a15844..0000000 --- a/crypto/heimdal/lib/asn1/x509.asn1 +++ /dev/null @@ -1,23 +0,0 @@ -X509 DEFINITIONS ::= BEGIN - -CertificateSerialNumber ::= INTEGER -- X.509 '97 - -AttributeType ::= OBJECT-IDENTIFIER - -AttributeValue ::= OCTET STRING --ANY DEFINED BY AttributeType - -AttributeTypeAndValue ::= SEQUENCE { - type AttributeType, - value AttributeValue -} - -RelativeDistinguishedName ::= --SET -SEQUENCE OF AttributeTypeAndValue - -RDNSequence ::= SEQUENCE OF RelativeDistinguishedName - -Name ::= CHOICE { -- RFC2459 - x RDNSequence -} - -END \ No newline at end of file diff --git a/crypto/heimdal/lib/gssapi/8003.c b/crypto/heimdal/lib/gssapi/8003.c deleted file mode 100644 index 3b48182..0000000 --- a/crypto/heimdal/lib/gssapi/8003.c +++ /dev/null @@ -1,251 +0,0 @@ -/* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: 8003.c,v 1.12.2.2 2003/09/18 21:30:57 lha Exp $"); - -krb5_error_code -gssapi_encode_om_uint32(OM_uint32 n, u_char *p) -{ - p[0] = (n >> 0) & 0xFF; - p[1] = (n >> 8) & 0xFF; - p[2] = (n >> 16) & 0xFF; - p[3] = (n >> 24) & 0xFF; - return 0; -} - -krb5_error_code -gssapi_encode_be_om_uint32(OM_uint32 n, u_char *p) -{ - p[0] = (n >> 24) & 0xFF; - p[1] = (n >> 16) & 0xFF; - p[2] = (n >> 8) & 0xFF; - p[3] = (n >> 0) & 0xFF; - return 0; -} - -krb5_error_code -gssapi_decode_om_uint32(u_char *p, OM_uint32 *n) -{ - *n = (p[0] << 0) | (p[1] << 8) | (p[2] << 16) | (p[3] << 24); - return 0; -} - -krb5_error_code -gssapi_decode_be_om_uint32(u_char *p, OM_uint32 *n) -{ - *n = (p[0] <<24) | (p[1] << 16) | (p[2] << 8) | (p[3] << 0); - return 0; -} - -static krb5_error_code -hash_input_chan_bindings (const gss_channel_bindings_t b, - u_char *p) -{ - u_char num[4]; - MD5_CTX md5; - - MD5_Init(&md5); - gssapi_encode_om_uint32 (b->initiator_addrtype, num); - MD5_Update (&md5, num, sizeof(num)); - gssapi_encode_om_uint32 (b->initiator_address.length, num); - MD5_Update (&md5, num, sizeof(num)); - if (b->initiator_address.length) - MD5_Update (&md5, - b->initiator_address.value, - b->initiator_address.length); - gssapi_encode_om_uint32 (b->acceptor_addrtype, num); - MD5_Update (&md5, num, sizeof(num)); - gssapi_encode_om_uint32 (b->acceptor_address.length, num); - MD5_Update (&md5, num, sizeof(num)); - if (b->acceptor_address.length) - MD5_Update (&md5, - b->acceptor_address.value, - b->acceptor_address.length); - gssapi_encode_om_uint32 (b->application_data.length, num); - MD5_Update (&md5, num, sizeof(num)); - if (b->application_data.length) - MD5_Update (&md5, - b->application_data.value, - b->application_data.length); - MD5_Final (p, &md5); - return 0; -} - -/* - * create a checksum over the chanel bindings in - * `input_chan_bindings', `flags' and `fwd_data' and return it in - * `result' - */ - -OM_uint32 -gssapi_krb5_create_8003_checksum ( - OM_uint32 *minor_status, - const gss_channel_bindings_t input_chan_bindings, - OM_uint32 flags, - const krb5_data *fwd_data, - Checksum *result) -{ - u_char *p; - - /* - * see rfc1964 (section 1.1.1 (Initial Token), and the checksum value - * field's format) */ - result->cksumtype = 0x8003; - if (fwd_data->length > 0 && (flags & GSS_C_DELEG_FLAG)) - result->checksum.length = 24 + 4 + fwd_data->length; - else - result->checksum.length = 24; - result->checksum.data = malloc (result->checksum.length); - if (result->checksum.data == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - p = result->checksum.data; - gssapi_encode_om_uint32 (16, p); - p += 4; - if (input_chan_bindings == GSS_C_NO_CHANNEL_BINDINGS) { - memset (p, 0, 16); - } else { - hash_input_chan_bindings (input_chan_bindings, p); - } - p += 16; - gssapi_encode_om_uint32 (flags, p); - p += 4; - - if (fwd_data->length > 0 && (flags & GSS_C_DELEG_FLAG)) { -#if 0 - u_char *tmp; - - result->checksum.length = 28 + fwd_data->length; - tmp = realloc(result->checksum.data, result->checksum.length); - if (tmp == NULL) - return ENOMEM; - result->checksum.data = tmp; - - p = (u_char*)result->checksum.data + 24; -#endif - *p++ = (1 >> 0) & 0xFF; /* DlgOpt */ /* == 1 */ - *p++ = (1 >> 8) & 0xFF; /* DlgOpt */ /* == 0 */ - *p++ = (fwd_data->length >> 0) & 0xFF; /* Dlgth */ - *p++ = (fwd_data->length >> 8) & 0xFF; /* Dlgth */ - memcpy(p, (unsigned char *) fwd_data->data, fwd_data->length); - - p += fwd_data->length; - } - - return GSS_S_COMPLETE; -} - -/* - * verify the checksum in `cksum' over `input_chan_bindings' - * returning `flags' and `fwd_data' - */ - -OM_uint32 -gssapi_krb5_verify_8003_checksum( - OM_uint32 *minor_status, - const gss_channel_bindings_t input_chan_bindings, - const Checksum *cksum, - OM_uint32 *flags, - krb5_data *fwd_data) -{ - unsigned char hash[16]; - unsigned char *p; - OM_uint32 length; - int DlgOpt; - static unsigned char zeros[16]; - - /* XXX should handle checksums > 24 bytes */ - if(cksum->cksumtype != 0x8003 || cksum->checksum.length < 24) { - *minor_status = 0; - return GSS_S_BAD_BINDINGS; - } - - p = cksum->checksum.data; - gssapi_decode_om_uint32(p, &length); - if(length != sizeof(hash)) { - *minor_status = 0; - return GSS_S_BAD_BINDINGS; - } - - p += 4; - - if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS - && memcmp(p, zeros, sizeof(zeros)) != 0) { - if(hash_input_chan_bindings(input_chan_bindings, hash) != 0) { - *minor_status = 0; - return GSS_S_BAD_BINDINGS; - } - if(memcmp(hash, p, sizeof(hash)) != 0) { - *minor_status = 0; - return GSS_S_BAD_BINDINGS; - } - } - - p += sizeof(hash); - - gssapi_decode_om_uint32(p, flags); - p += 4; - - if (cksum->checksum.length > 24 && (*flags & GSS_C_DELEG_FLAG)) { - if(cksum->checksum.length < 28) { - *minor_status = 0; - return GSS_S_BAD_BINDINGS; - } - - DlgOpt = (p[0] << 0) | (p[1] << 8); - p += 2; - if (DlgOpt != 1) { - *minor_status = 0; - return GSS_S_BAD_BINDINGS; - } - - fwd_data->length = (p[0] << 0) | (p[1] << 8); - p += 2; - if(cksum->checksum.length < 28 + fwd_data->length) { - *minor_status = 0; - return GSS_S_BAD_BINDINGS; - } - fwd_data->data = malloc(fwd_data->length); - if (fwd_data->data == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - memcpy(fwd_data->data, p, fwd_data->length); - } - - return GSS_S_COMPLETE; -} diff --git a/crypto/heimdal/lib/gssapi/accept_sec_context.c b/crypto/heimdal/lib/gssapi/accept_sec_context.c deleted file mode 100644 index d923c36..0000000 --- a/crypto/heimdal/lib/gssapi/accept_sec_context.c +++ /dev/null @@ -1,445 +0,0 @@ -/* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: accept_sec_context.c,v 1.33.2.2 2003/12/19 00:37:06 lha Exp $"); - -krb5_keytab gssapi_krb5_keytab; - -OM_uint32 -gsskrb5_register_acceptor_identity (const char *identity) -{ - krb5_error_code ret; - char *p; - - ret = gssapi_krb5_init(); - if(ret) - return GSS_S_FAILURE; - - if(gssapi_krb5_keytab != NULL) { - krb5_kt_close(gssapi_krb5_context, gssapi_krb5_keytab); - gssapi_krb5_keytab = NULL; - } - asprintf(&p, "FILE:%s", identity); - if(p == NULL) - return GSS_S_FAILURE; - ret = krb5_kt_resolve(gssapi_krb5_context, p, &gssapi_krb5_keytab); - free(p); - if(ret) - return GSS_S_FAILURE; - return GSS_S_COMPLETE; -} - -OM_uint32 -gss_accept_sec_context - (OM_uint32 * minor_status, - gss_ctx_id_t * context_handle, - const gss_cred_id_t acceptor_cred_handle, - const gss_buffer_t input_token_buffer, - const gss_channel_bindings_t input_chan_bindings, - gss_name_t * src_name, - gss_OID * mech_type, - gss_buffer_t output_token, - OM_uint32 * ret_flags, - OM_uint32 * time_rec, - gss_cred_id_t * delegated_cred_handle - ) -{ - krb5_error_code kret; - OM_uint32 ret = GSS_S_COMPLETE; - krb5_data indata; - krb5_flags ap_options; - OM_uint32 flags; - krb5_ticket *ticket = NULL; - krb5_keytab keytab = NULL; - krb5_data fwd_data; - OM_uint32 minor; - - GSSAPI_KRB5_INIT(); - - krb5_data_zero (&fwd_data); - output_token->length = 0; - output_token->value = NULL; - - if (src_name != NULL) - *src_name = NULL; - if (mech_type) - *mech_type = GSS_KRB5_MECHANISM; - - if (*context_handle == GSS_C_NO_CONTEXT) { - *context_handle = malloc(sizeof(**context_handle)); - if (*context_handle == GSS_C_NO_CONTEXT) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - } - - (*context_handle)->auth_context = NULL; - (*context_handle)->source = NULL; - (*context_handle)->target = NULL; - (*context_handle)->flags = 0; - (*context_handle)->more_flags = 0; - (*context_handle)->ticket = NULL; - (*context_handle)->lifetime = GSS_C_INDEFINITE; - - kret = krb5_auth_con_init (gssapi_krb5_context, - &(*context_handle)->auth_context); - if (kret) { - ret = GSS_S_FAILURE; - *minor_status = kret; - gssapi_krb5_set_error_string (); - goto failure; - } - - if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS - && input_chan_bindings->application_data.length == - 2 * sizeof((*context_handle)->auth_context->local_port) - ) { - - /* Port numbers are expected to be in application_data.value, - * initator's port first */ - - krb5_address initiator_addr, acceptor_addr; - - memset(&initiator_addr, 0, sizeof(initiator_addr)); - memset(&acceptor_addr, 0, sizeof(acceptor_addr)); - - (*context_handle)->auth_context->remote_port = - *(int16_t *) input_chan_bindings->application_data.value; - - (*context_handle)->auth_context->local_port = - *((int16_t *) input_chan_bindings->application_data.value + 1); - - - kret = gss_address_to_krb5addr(input_chan_bindings->acceptor_addrtype, - &input_chan_bindings->acceptor_address, - (*context_handle)->auth_context->local_port, - &acceptor_addr); - if (kret) { - gssapi_krb5_set_error_string (); - ret = GSS_S_BAD_BINDINGS; - *minor_status = kret; - goto failure; - } - - kret = gss_address_to_krb5addr(input_chan_bindings->initiator_addrtype, - &input_chan_bindings->initiator_address, - (*context_handle)->auth_context->remote_port, - &initiator_addr); - if (kret) { - krb5_free_address (gssapi_krb5_context, &acceptor_addr); - gssapi_krb5_set_error_string (); - ret = GSS_S_BAD_BINDINGS; - *minor_status = kret; - goto failure; - } - - kret = krb5_auth_con_setaddrs(gssapi_krb5_context, - (*context_handle)->auth_context, - &acceptor_addr, /* local address */ - &initiator_addr); /* remote address */ - - krb5_free_address (gssapi_krb5_context, &initiator_addr); - krb5_free_address (gssapi_krb5_context, &acceptor_addr); - -#if 0 - free(input_chan_bindings->application_data.value); - input_chan_bindings->application_data.value = NULL; - input_chan_bindings->application_data.length = 0; -#endif - - if (kret) { - gssapi_krb5_set_error_string (); - ret = GSS_S_BAD_BINDINGS; - *minor_status = kret; - goto failure; - } - } - - - - { - int32_t tmp; - - krb5_auth_con_getflags(gssapi_krb5_context, - (*context_handle)->auth_context, - &tmp); - tmp |= KRB5_AUTH_CONTEXT_DO_SEQUENCE; - krb5_auth_con_setflags(gssapi_krb5_context, - (*context_handle)->auth_context, - tmp); - } - - ret = gssapi_krb5_decapsulate (minor_status, - input_token_buffer, - &indata, - "\x01\x00"); - if (ret) - goto failure; - - if (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) { - if (gssapi_krb5_keytab != NULL) { - keytab = gssapi_krb5_keytab; - } - } else if (acceptor_cred_handle->keytab != NULL) { - keytab = acceptor_cred_handle->keytab; - } - - kret = krb5_rd_req (gssapi_krb5_context, - &(*context_handle)->auth_context, - &indata, - (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) ? NULL - : acceptor_cred_handle->principal, - keytab, - &ap_options, - &ticket); - if (kret) { - ret = GSS_S_FAILURE; - *minor_status = kret; - gssapi_krb5_set_error_string (); - goto failure; - } - - kret = krb5_copy_principal (gssapi_krb5_context, - ticket->client, - &(*context_handle)->source); - if (kret) { - ret = GSS_S_FAILURE; - *minor_status = kret; - gssapi_krb5_set_error_string (); - goto failure; - } - - kret = krb5_copy_principal (gssapi_krb5_context, - ticket->server, - &(*context_handle)->target); - if (kret) { - ret = GSS_S_FAILURE; - *minor_status = kret; - gssapi_krb5_set_error_string (); - goto failure; - } - - ret = _gss_DES3_get_mic_compat(minor_status, *context_handle); - if (ret) - goto failure; - - if (src_name != NULL) { - kret = krb5_copy_principal (gssapi_krb5_context, - ticket->client, - src_name); - if (kret) { - ret = GSS_S_FAILURE; - *minor_status = kret; - gssapi_krb5_set_error_string (); - goto failure; - } - } - - { - krb5_authenticator authenticator; - - kret = krb5_auth_con_getauthenticator(gssapi_krb5_context, - (*context_handle)->auth_context, - &authenticator); - if(kret) { - ret = GSS_S_FAILURE; - *minor_status = kret; - gssapi_krb5_set_error_string (); - goto failure; - } - - ret = gssapi_krb5_verify_8003_checksum(minor_status, - input_chan_bindings, - authenticator->cksum, - &flags, - &fwd_data); - krb5_free_authenticator(gssapi_krb5_context, &authenticator); - if (ret) - goto failure; - } - - if (fwd_data.length > 0 && (flags & GSS_C_DELEG_FLAG)) { - krb5_ccache ccache; - int32_t ac_flags; - - if (delegated_cred_handle == NULL) - /* XXX Create a new delegated_cred_handle? */ - kret = krb5_cc_default (gssapi_krb5_context, &ccache); - else if (*delegated_cred_handle == NULL) { - if ((*delegated_cred_handle = - calloc(1, sizeof(**delegated_cred_handle))) == NULL) { - ret = GSS_S_FAILURE; - *minor_status = ENOMEM; - krb5_set_error_string(gssapi_krb5_context, "out of memory"); - gssapi_krb5_set_error_string(); - goto failure; - } - if ((ret = gss_duplicate_name(minor_status, ticket->client, - &(*delegated_cred_handle)->principal)) != 0) { - flags &= ~GSS_C_DELEG_FLAG; - free(*delegated_cred_handle); - *delegated_cred_handle = NULL; - goto end_fwd; - } - } - if (delegated_cred_handle != NULL && - (*delegated_cred_handle)->ccache == NULL) { - kret = krb5_cc_gen_new (gssapi_krb5_context, - &krb5_mcc_ops, - &(*delegated_cred_handle)->ccache); - ccache = (*delegated_cred_handle)->ccache; - } - if (delegated_cred_handle != NULL && - (*delegated_cred_handle)->mechanisms == NULL) { - ret = gss_create_empty_oid_set(minor_status, - &(*delegated_cred_handle)->mechanisms); - if (ret) - goto failure; - ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, - &(*delegated_cred_handle)->mechanisms); - if (ret) - goto failure; - } - - if (kret) { - flags &= ~GSS_C_DELEG_FLAG; - goto end_fwd; - } - - kret = krb5_cc_initialize(gssapi_krb5_context, - ccache, - *src_name); - if (kret) { - flags &= ~GSS_C_DELEG_FLAG; - goto end_fwd; - } - - krb5_auth_con_getflags(gssapi_krb5_context, - (*context_handle)->auth_context, - &ac_flags); - krb5_auth_con_setflags(gssapi_krb5_context, - (*context_handle)->auth_context, - ac_flags & ~KRB5_AUTH_CONTEXT_DO_TIME); - kret = krb5_rd_cred2(gssapi_krb5_context, - (*context_handle)->auth_context, - ccache, - &fwd_data); - krb5_auth_con_setflags(gssapi_krb5_context, - (*context_handle)->auth_context, - ac_flags); - if (kret) { - flags &= ~GSS_C_DELEG_FLAG; - goto end_fwd; - } - - end_fwd: - free(fwd_data.data); - } - - - flags |= GSS_C_TRANS_FLAG; - - if (ret_flags) - *ret_flags = flags; - (*context_handle)->lifetime = ticket->ticket.endtime; - (*context_handle)->flags = flags; - (*context_handle)->more_flags |= OPEN; - - if (mech_type) - *mech_type = GSS_KRB5_MECHANISM; - - if (time_rec) { - ret = gssapi_lifetime_left(minor_status, - (*context_handle)->lifetime, - time_rec); - if (ret) - goto failure; - } - - if(flags & GSS_C_MUTUAL_FLAG) { - krb5_data outbuf; - - kret = krb5_mk_rep (gssapi_krb5_context, - (*context_handle)->auth_context, - &outbuf); - if (kret) { - ret = GSS_S_FAILURE; - *minor_status = kret; - gssapi_krb5_set_error_string (); - goto failure; - } - ret = gssapi_krb5_encapsulate (minor_status, - &outbuf, - output_token, - "\x02\x00"); - krb5_data_free (&outbuf); - if (ret) - goto failure; - } else { - output_token->length = 0; - output_token->value = NULL; - } - - (*context_handle)->ticket = ticket; - ticket = NULL; - -#if 0 - krb5_free_ticket (context, ticket); -#endif - - *minor_status = 0; - return GSS_S_COMPLETE; - - failure: - if (fwd_data.length > 0) - free(fwd_data.data); - if (ticket != NULL) - krb5_free_ticket (gssapi_krb5_context, ticket); - krb5_auth_con_free (gssapi_krb5_context, - (*context_handle)->auth_context); - if((*context_handle)->source) - krb5_free_principal (gssapi_krb5_context, - (*context_handle)->source); - if((*context_handle)->target) - krb5_free_principal (gssapi_krb5_context, - (*context_handle)->target); - free (*context_handle); - if (src_name != NULL) { - gss_release_name (&minor, src_name); - *src_name = NULL; - } - *context_handle = GSS_C_NO_CONTEXT; - return ret; -} diff --git a/crypto/heimdal/lib/gssapi/acquire_cred.c b/crypto/heimdal/lib/gssapi/acquire_cred.c deleted file mode 100644 index dfe2b4c..0000000 --- a/crypto/heimdal/lib/gssapi/acquire_cred.c +++ /dev/null @@ -1,309 +0,0 @@ -/* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: acquire_cred.c,v 1.13.2.1 2003/08/15 14:18:24 lha Exp $"); - -static krb5_error_code -get_keytab(krb5_keytab *keytab) -{ - char kt_name[256]; - krb5_error_code kret; - - if (gssapi_krb5_keytab != NULL) { - kret = krb5_kt_get_name(gssapi_krb5_context, - gssapi_krb5_keytab, - kt_name, sizeof(kt_name)); - if (kret == 0) - kret = krb5_kt_resolve(gssapi_krb5_context, kt_name, keytab); - } else - kret = krb5_kt_default(gssapi_krb5_context, keytab); - return (kret); -} - -static OM_uint32 acquire_initiator_cred - (OM_uint32 * minor_status, - const gss_name_t desired_name, - OM_uint32 time_req, - const gss_OID_set desired_mechs, - gss_cred_usage_t cred_usage, - gss_cred_id_t handle, - gss_OID_set * actual_mechs, - OM_uint32 * time_rec - ) -{ - OM_uint32 ret; - krb5_creds cred; - krb5_principal def_princ; - krb5_get_init_creds_opt opt; - krb5_ccache ccache; - krb5_keytab keytab; - krb5_error_code kret; - - keytab = NULL; - ccache = NULL; - def_princ = NULL; - ret = GSS_S_FAILURE; - memset(&cred, 0, sizeof(cred)); - - kret = krb5_cc_default(gssapi_krb5_context, &ccache); - if (kret) - goto end; - kret = krb5_cc_get_principal(gssapi_krb5_context, ccache, - &def_princ); - if (kret != 0) { - /* we'll try to use a keytab below */ - krb5_cc_destroy(gssapi_krb5_context, ccache); - ccache = NULL; - kret = 0; - } else if (handle->principal == NULL) { - kret = krb5_copy_principal(gssapi_krb5_context, def_princ, - &handle->principal); - if (kret) - goto end; - } else if (handle->principal != NULL && - krb5_principal_compare(gssapi_krb5_context, handle->principal, - def_princ) == FALSE) { - /* Before failing, lets check the keytab */ - krb5_free_principal(gssapi_krb5_context, def_princ); - def_princ = NULL; - } - if (def_princ == NULL) { - /* We have no existing credentials cache, - * so attempt to get a TGT using a keytab. - */ - if (handle->principal == NULL) { - kret = krb5_get_default_principal(gssapi_krb5_context, - &handle->principal); - if (kret) - goto end; - } - kret = get_keytab(&keytab); - if (kret) - goto end; - krb5_get_init_creds_opt_init(&opt); - kret = krb5_get_init_creds_keytab(gssapi_krb5_context, &cred, - handle->principal, keytab, 0, NULL, &opt); - if (kret) - goto end; - kret = krb5_cc_gen_new(gssapi_krb5_context, &krb5_mcc_ops, - &ccache); - if (kret) - goto end; - kret = krb5_cc_initialize(gssapi_krb5_context, ccache, cred.client); - if (kret) - goto end; - kret = krb5_cc_store_cred(gssapi_krb5_context, ccache, &cred); - if (kret) - goto end; - handle->lifetime = cred.times.endtime; - } else { - krb5_creds in_cred, *out_cred; - krb5_const_realm realm; - - memset(&in_cred, 0, sizeof(in_cred)); - in_cred.client = handle->principal; - - realm = krb5_principal_get_realm(gssapi_krb5_context, - handle->principal); - if (realm == NULL) { - kret = KRB5_PRINC_NOMATCH; /* XXX */ - goto end; - } - - kret = krb5_make_principal(gssapi_krb5_context, &in_cred.server, - realm, KRB5_TGS_NAME, realm, NULL); - if (kret) - goto end; - - kret = krb5_get_credentials(gssapi_krb5_context, 0, - ccache, &in_cred, &out_cred); - krb5_free_principal(gssapi_krb5_context, in_cred.server); - if (kret) - goto end; - - handle->lifetime = out_cred->times.endtime; - krb5_free_creds(gssapi_krb5_context, out_cred); - } - - handle->ccache = ccache; - ret = GSS_S_COMPLETE; - -end: - if (cred.client != NULL) - krb5_free_creds_contents(gssapi_krb5_context, &cred); - if (def_princ != NULL) - krb5_free_principal(gssapi_krb5_context, def_princ); - if (keytab != NULL) - krb5_kt_close(gssapi_krb5_context, keytab); - if (ret != GSS_S_COMPLETE) { - if (ccache != NULL) - krb5_cc_close(gssapi_krb5_context, ccache); - if (kret != 0) { - *minor_status = kret; - gssapi_krb5_set_error_string (); - } - } - return (ret); -} - -static OM_uint32 acquire_acceptor_cred - (OM_uint32 * minor_status, - const gss_name_t desired_name, - OM_uint32 time_req, - const gss_OID_set desired_mechs, - gss_cred_usage_t cred_usage, - gss_cred_id_t handle, - gss_OID_set * actual_mechs, - OM_uint32 * time_rec - ) -{ - OM_uint32 ret; - krb5_error_code kret; - - kret = 0; - ret = GSS_S_FAILURE; - kret = get_keytab(&handle->keytab); - if (kret) - goto end; - ret = GSS_S_COMPLETE; - -end: - if (ret != GSS_S_COMPLETE) { - if (handle->keytab != NULL) - krb5_kt_close(gssapi_krb5_context, handle->keytab); - if (kret != 0) { - *minor_status = kret; - gssapi_krb5_set_error_string (); - } - } - return (ret); -} - -OM_uint32 gss_acquire_cred - (OM_uint32 * minor_status, - const gss_name_t desired_name, - OM_uint32 time_req, - const gss_OID_set desired_mechs, - gss_cred_usage_t cred_usage, - gss_cred_id_t * output_cred_handle, - gss_OID_set * actual_mechs, - OM_uint32 * time_rec - ) -{ - gss_cred_id_t handle; - OM_uint32 ret; - - GSSAPI_KRB5_INIT (); - - *output_cred_handle = NULL; - if (time_rec) - *time_rec = 0; - if (actual_mechs) - *actual_mechs = GSS_C_NO_OID_SET; - - if (desired_mechs) { - OM_uint32 present = 0; - - ret = gss_test_oid_set_member(minor_status, GSS_KRB5_MECHANISM, - desired_mechs, &present); - if (ret) - return ret; - if (!present) { - *minor_status = 0; - return GSS_S_BAD_MECH; - } - } - - handle = (gss_cred_id_t)malloc(sizeof(*handle)); - if (handle == GSS_C_NO_CREDENTIAL) { - *minor_status = ENOMEM; - return (GSS_S_FAILURE); - } - - memset(handle, 0, sizeof (*handle)); - - if (desired_name != GSS_C_NO_NAME) { - ret = gss_duplicate_name(minor_status, desired_name, - &handle->principal); - if (ret != GSS_S_COMPLETE) { - free(handle); - return (ret); - } - } - if (cred_usage == GSS_C_INITIATE || cred_usage == GSS_C_BOTH) { - ret = acquire_initiator_cred(minor_status, desired_name, time_req, - desired_mechs, cred_usage, handle, actual_mechs, time_rec); - if (ret != GSS_S_COMPLETE) { - free(handle); - return (ret); - } - } else if (cred_usage == GSS_C_ACCEPT || cred_usage == GSS_C_BOTH) { - ret = acquire_acceptor_cred(minor_status, desired_name, time_req, - desired_mechs, cred_usage, handle, actual_mechs, time_rec); - if (ret != GSS_S_COMPLETE) { - free(handle); - return (ret); - } - } else { - free(handle); - *minor_status = GSS_KRB5_S_G_BAD_USAGE; - return GSS_S_FAILURE; - } - ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms); - if (ret == GSS_S_COMPLETE) - ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, - &handle->mechanisms); - if (ret == GSS_S_COMPLETE) - ret = gss_inquire_cred(minor_status, handle, NULL, time_rec, NULL, - actual_mechs); - if (ret != GSS_S_COMPLETE) { - if (handle->mechanisms != NULL) - gss_release_oid_set(NULL, &handle->mechanisms); - free(handle); - return (ret); - } - *minor_status = 0; - if (time_rec) { - ret = gssapi_lifetime_left(minor_status, - handle->lifetime, - time_rec); - - if (ret) - return ret; - } - handle->usage = cred_usage; - *output_cred_handle = handle; - return (GSS_S_COMPLETE); -} diff --git a/crypto/heimdal/lib/gssapi/add_cred.c b/crypto/heimdal/lib/gssapi/add_cred.c deleted file mode 100644 index 53d4f33..0000000 --- a/crypto/heimdal/lib/gssapi/add_cred.c +++ /dev/null @@ -1,234 +0,0 @@ -/* - * Copyright (c) 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: add_cred.c,v 1.2.2.1 2003/10/21 21:00:47 lha Exp $"); - -OM_uint32 gss_add_cred ( - OM_uint32 *minor_status, - const gss_cred_id_t input_cred_handle, - const gss_name_t desired_name, - const gss_OID desired_mech, - gss_cred_usage_t cred_usage, - OM_uint32 initiator_time_req, - OM_uint32 acceptor_time_req, - gss_cred_id_t *output_cred_handle, - gss_OID_set *actual_mechs, - OM_uint32 *initiator_time_rec, - OM_uint32 *acceptor_time_rec) -{ - OM_uint32 ret, lifetime; - gss_cred_id_t cred, handle; - - handle = NULL; - cred = input_cred_handle; - - if (gss_oid_equal(desired_mech, GSS_KRB5_MECHANISM) == 0) { - *minor_status = 0; - return GSS_S_BAD_MECH; - } - - if (cred == GSS_C_NO_CREDENTIAL && output_cred_handle == NULL) { - *minor_status = 0; - return GSS_S_NO_CRED; - } - - /* check if requested output usage is compatible with output usage */ - if (output_cred_handle != NULL && - (cred->usage != cred_usage && cred->usage != GSS_C_BOTH)) { - *minor_status = GSS_KRB5_S_G_BAD_USAGE; - return(GSS_S_FAILURE); - } - - /* check that we have the same name */ - if (desired_name != GSS_C_NO_NAME && - krb5_principal_compare(gssapi_krb5_context, desired_name, - cred->principal) != FALSE) { - *minor_status = 0; - return GSS_S_BAD_NAME; - } - - /* make a copy */ - if (output_cred_handle) { - - handle = (gss_cred_id_t)malloc(sizeof(*handle)); - if (handle == GSS_C_NO_CREDENTIAL) { - *minor_status = ENOMEM; - return (GSS_S_FAILURE); - } - - memset(handle, 0, sizeof (*handle)); - - handle->usage = cred_usage; - handle->lifetime = cred->lifetime; - handle->principal = NULL; - handle->keytab = NULL; - handle->ccache = NULL; - handle->mechanisms = NULL; - - ret = GSS_S_FAILURE; - - ret = gss_duplicate_name(minor_status, cred->principal, - &handle->principal); - if (ret) { - free(handle); - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - if (cred->keytab) { - krb5_error_code kret; - char name[KRB5_KT_PREFIX_MAX_LEN + MAXPATHLEN]; - int len; - - ret = GSS_S_FAILURE; - - kret = krb5_kt_get_type(gssapi_krb5_context, cred->keytab, - name, KRB5_KT_PREFIX_MAX_LEN); - if (kret) { - *minor_status = kret; - goto failure; - } - len = strlen(name); - name[len++] = ':'; - - kret = krb5_kt_get_name(gssapi_krb5_context, cred->keytab, - name + len, - sizeof(name) - len); - if (kret) { - *minor_status = kret; - goto failure; - } - - kret = krb5_kt_resolve(gssapi_krb5_context, name, - &handle->keytab); - if (kret){ - *minor_status = kret; - goto failure; - } - } - - if (cred->ccache) { - krb5_error_code kret; - const char *type, *name; - char *type_name; - - ret = GSS_S_FAILURE; - - type = krb5_cc_get_type(gssapi_krb5_context, cred->ccache); - if (type == NULL){ - *minor_status = ENOMEM; - goto failure; - } - - if (strcmp(type, "MEMORY") == 0) { - ret = krb5_cc_gen_new(gssapi_krb5_context, &krb5_mcc_ops, - &handle->ccache); - if (ret) { - *minor_status = ret; - goto failure; - } - - ret = krb5_cc_copy_cache(gssapi_krb5_context, cred->ccache, - handle->ccache); - if (ret) { - *minor_status = ret; - goto failure; - } - - } else { - - name = krb5_cc_get_name(gssapi_krb5_context, cred->ccache); - if (name == NULL) { - *minor_status = ENOMEM; - goto failure; - } - - asprintf(&type_name, "%s:%s", type, name); - if (type_name == NULL) { - *minor_status = ENOMEM; - goto failure; - } - - kret = krb5_cc_resolve(gssapi_krb5_context, type_name, - &handle->ccache); - free(type_name); - if (kret) { - *minor_status = kret; - goto failure; - } - } - } - - ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms); - if (ret) - goto failure; - - ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, - &handle->mechanisms); - if (ret) - goto failure; - } - - ret = gss_inquire_cred(minor_status, cred, NULL, &lifetime, - NULL, actual_mechs); - if (ret) - goto failure; - - if (initiator_time_rec) - *initiator_time_rec = lifetime; - if (acceptor_time_rec) - *acceptor_time_rec = lifetime; - - if (output_cred_handle) - *output_cred_handle = handle; - - *minor_status = 0; - return ret; - - failure: - - if (handle) { - if (handle->principal) - gss_release_name(NULL, &handle->principal); - if (handle->keytab) - krb5_kt_close(gssapi_krb5_context, handle->keytab); - if (handle->ccache) - krb5_cc_destroy(gssapi_krb5_context, handle->ccache); - if (handle->mechanisms) - gss_release_oid_set(NULL, &handle->mechanisms); - free(handle); - } - return ret; -} diff --git a/crypto/heimdal/lib/gssapi/add_oid_set_member.c b/crypto/heimdal/lib/gssapi/add_oid_set_member.c deleted file mode 100644 index ed654fc..0000000 --- a/crypto/heimdal/lib/gssapi/add_oid_set_member.c +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: add_oid_set_member.c,v 1.8 2003/03/16 17:50:49 lha Exp $"); - -OM_uint32 gss_add_oid_set_member ( - OM_uint32 * minor_status, - const gss_OID member_oid, - gss_OID_set * oid_set - ) -{ - gss_OID tmp; - size_t n; - OM_uint32 res; - int present; - - res = gss_test_oid_set_member(minor_status, member_oid, *oid_set, &present); - if (res != GSS_S_COMPLETE) - return res; - - if (present) { - *minor_status = 0; - return GSS_S_COMPLETE; - } - - n = (*oid_set)->count + 1; - tmp = realloc ((*oid_set)->elements, n * sizeof(gss_OID_desc)); - if (tmp == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - (*oid_set)->elements = tmp; - (*oid_set)->count = n; - (*oid_set)->elements[n-1] = *member_oid; - *minor_status = 0; - return GSS_S_COMPLETE; -} diff --git a/crypto/heimdal/lib/gssapi/address_to_krb5addr.c b/crypto/heimdal/lib/gssapi/address_to_krb5addr.c deleted file mode 100644 index c8041aa..0000000 --- a/crypto/heimdal/lib/gssapi/address_to_krb5addr.c +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -#include - -krb5_error_code -gss_address_to_krb5addr(OM_uint32 gss_addr_type, - gss_buffer_desc *gss_addr, - int16_t port, - krb5_address *address) -{ - int addr_type; - struct sockaddr sa; - int sa_size = sizeof(sa); - krb5_error_code problem; - - if (gss_addr == NULL) - return GSS_S_FAILURE; - - switch (gss_addr_type) { -#ifdef HAVE_IPV6 - case GSS_C_AF_INET6: addr_type = AF_INET6; - break; -#endif /* HAVE_IPV6 */ - - case GSS_C_AF_INET: addr_type = AF_INET; - break; - default: - return GSS_S_FAILURE; - } - - problem = krb5_h_addr2sockaddr (gssapi_krb5_context, - addr_type, - gss_addr->value, - &sa, - &sa_size, - port); - if (problem) - return GSS_S_FAILURE; - - problem = krb5_sockaddr2address (gssapi_krb5_context, &sa, address); - - return problem; -} diff --git a/crypto/heimdal/lib/gssapi/arcfour.c b/crypto/heimdal/lib/gssapi/arcfour.c deleted file mode 100644 index 66d688c..0000000 --- a/crypto/heimdal/lib/gssapi/arcfour.c +++ /dev/null @@ -1,623 +0,0 @@ -/* - * Copyright (c) 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -/* - * Implements draft-brezak-win2k-krb-rc4-hmac-04.txt - */ - -RCSID("$Id: arcfour.c,v 1.12.2.3 2003/09/19 15:15:11 lha Exp $"); - -static krb5_error_code -arcfour_mic_key(krb5_context context, krb5_keyblock *key, - void *cksum_data, size_t cksum_size, - void *key6_data, size_t key6_size) -{ - krb5_error_code ret; - - Checksum cksum_k5; - krb5_keyblock key5; - char k5_data[16]; - - Checksum cksum_k6; - - char T[4]; - - memset(T, 0, 4); - cksum_k5.checksum.data = k5_data; - cksum_k5.checksum.length = sizeof(k5_data); - - if (key->keytype == KEYTYPE_ARCFOUR_56) { - char L40[14] = "fortybits"; - - memcpy(L40 + 10, T, sizeof(T)); - ret = krb5_hmac(context, CKSUMTYPE_RSA_MD5, - L40, 14, 0, key, &cksum_k5); - memset(&k5_data[7], 0xAB, 9); - } else { - ret = krb5_hmac(context, CKSUMTYPE_RSA_MD5, - T, 4, 0, key, &cksum_k5); - } - if (ret) - return ret; - - key5.keytype = KEYTYPE_ARCFOUR; - key5.keyvalue = cksum_k5.checksum; - - cksum_k6.checksum.data = key6_data; - cksum_k6.checksum.length = key6_size; - - return krb5_hmac(context, CKSUMTYPE_RSA_MD5, - cksum_data, cksum_size, 0, &key5, &cksum_k6); -} - - -static krb5_error_code -arcfour_mic_cksum(krb5_keyblock *key, unsigned usage, - u_char *sgn_cksum, size_t sgn_cksum_sz, - const char *v1, size_t l1, - const void *v2, size_t l2, - const void *v3, size_t l3) -{ - Checksum CKSUM; - u_char *ptr; - size_t len; - krb5_crypto crypto; - krb5_error_code ret; - - assert(sgn_cksum_sz == 8); - - len = l1 + l2 + l3; - - ptr = malloc(len); - if (ptr == NULL) - return ENOMEM; - - memcpy(ptr, v1, l1); - memcpy(ptr + l1, v2, l2); - memcpy(ptr + l1 + l2, v3, l3); - - ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto); - if (ret) { - free(ptr); - return ret; - } - - ret = krb5_create_checksum(gssapi_krb5_context, - crypto, - usage, - 0, - ptr, len, - &CKSUM); - free(ptr); - if (ret == 0) { - memcpy(sgn_cksum, CKSUM.checksum.data, sgn_cksum_sz); - free_Checksum(&CKSUM); - } - krb5_crypto_destroy(gssapi_krb5_context, crypto); - - return ret; -} - - -OM_uint32 -_gssapi_get_mic_arcfour(OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - gss_qop_t qop_req, - const gss_buffer_t message_buffer, - gss_buffer_t message_token, - krb5_keyblock *key) -{ - krb5_error_code ret; - int32_t seq_number; - size_t len, total_len; - u_char k6_data[16], *p0, *p; - RC4_KEY rc4_key; - - gssapi_krb5_encap_length (22, &len, &total_len); - - message_token->length = total_len; - message_token->value = malloc (total_len); - if (message_token->value == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - p0 = _gssapi_make_mech_header(message_token->value, - len); - p = p0; - - *p++ = 0x01; /* TOK_ID */ - *p++ = 0x01; - *p++ = 0x11; /* SGN_ALG */ - *p++ = 0x00; - *p++ = 0xff; /* Filler */ - *p++ = 0xff; - *p++ = 0xff; - *p++ = 0xff; - - p = NULL; - - ret = arcfour_mic_cksum(key, KRB5_KU_USAGE_SIGN, - p0 + 16, 8, /* SGN_CKSUM */ - p0, 8, /* TOK_ID, SGN_ALG, Filer */ - message_buffer->value, message_buffer->length, - NULL, 0); - if (ret) { - gss_release_buffer(minor_status, message_token); - *minor_status = ret; - return GSS_S_FAILURE; - } - - ret = arcfour_mic_key(gssapi_krb5_context, key, - p0 + 16, 8, /* SGN_CKSUM */ - k6_data, sizeof(k6_data)); - if (ret) { - gss_release_buffer(minor_status, message_token); - *minor_status = ret; - return GSS_S_FAILURE; - } - - krb5_auth_con_getlocalseqnumber (gssapi_krb5_context, - context_handle->auth_context, - &seq_number); - p = p0 + 8; /* SND_SEQ */ - gssapi_encode_be_om_uint32(seq_number, p); - - krb5_auth_con_setlocalseqnumber (gssapi_krb5_context, - context_handle->auth_context, - ++seq_number); - - memset (p + 4, (context_handle->more_flags & LOCAL) ? 0 : 0xff, 4); - - RC4_set_key (&rc4_key, sizeof(k6_data), k6_data); - RC4 (&rc4_key, 8, p, p); - - memset(&rc4_key, 0, sizeof(rc4_key)); - memset(k6_data, 0, sizeof(k6_data)); - - *minor_status = 0; - return GSS_S_COMPLETE; -} - - -OM_uint32 -_gssapi_verify_mic_arcfour(OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - const gss_buffer_t message_buffer, - const gss_buffer_t token_buffer, - gss_qop_t * qop_state, - krb5_keyblock *key, - char *type) -{ - krb5_error_code ret; - int32_t seq_number, seq_number2; - OM_uint32 omret; - char cksum_data[8], k6_data[16], SND_SEQ[8]; - u_char *p; - int cmp; - - if (qop_state) - *qop_state = 0; - - p = token_buffer->value; - omret = gssapi_krb5_verify_header (&p, - token_buffer->length, - type); - if (omret) - return omret; - - if (memcmp(p, "\x11\x00", 2) != 0) /* SGN_ALG = HMAC MD5 ARCFOUR */ - return GSS_S_BAD_SIG; - p += 2; - if (memcmp (p, "\xff\xff\xff\xff", 4) != 0) - return GSS_S_BAD_MIC; - p += 4; - - ret = arcfour_mic_cksum(key, KRB5_KU_USAGE_SIGN, - cksum_data, sizeof(cksum_data), - p - 8, 8, - message_buffer->value, message_buffer->length, - NULL, 0); - if (ret) { - *minor_status = ret; - return GSS_S_FAILURE; - } - - ret = arcfour_mic_key(gssapi_krb5_context, key, - cksum_data, sizeof(cksum_data), - k6_data, sizeof(k6_data)); - if (ret) { - *minor_status = ret; - return GSS_S_FAILURE; - } - - cmp = memcmp(cksum_data, p + 8, 8); - if (cmp) { - *minor_status = 0; - return GSS_S_BAD_MIC; - } - - { - RC4_KEY rc4_key; - - RC4_set_key (&rc4_key, sizeof(k6_data), k6_data); - RC4 (&rc4_key, 8, p, SND_SEQ); - - memset(&rc4_key, 0, sizeof(rc4_key)); - memset(k6_data, 0, sizeof(k6_data)); - } - - gssapi_decode_be_om_uint32(SND_SEQ, &seq_number); - - if (context_handle->more_flags & LOCAL) - cmp = memcmp(&SND_SEQ[4], "\xff\xff\xff\xff", 4); - else - cmp = memcmp(&SND_SEQ[4], "\x00\x00\x00\x00", 4); - - memset(SND_SEQ, 0, sizeof(SND_SEQ)); - if (cmp != 0) { - *minor_status = 0; - return GSS_S_BAD_MIC; - } - - krb5_auth_con_getlocalseqnumber (gssapi_krb5_context, - context_handle->auth_context, - &seq_number2); - - if (seq_number != seq_number2) { - *minor_status = 0; - return GSS_S_UNSEQ_TOKEN; - } - - krb5_auth_con_setlocalseqnumber (gssapi_krb5_context, - context_handle->auth_context, - ++seq_number2); - - *minor_status = 0; - return GSS_S_COMPLETE; -} - -OM_uint32 -_gssapi_wrap_arcfour(OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - int conf_req_flag, - gss_qop_t qop_req, - const gss_buffer_t input_message_buffer, - int * conf_state, - gss_buffer_t output_message_buffer, - krb5_keyblock *key) -{ - u_char Klocaldata[16], k6_data[16], *p, *p0; - size_t len, total_len, datalen; - krb5_keyblock Klocal; - krb5_error_code ret; - int32_t seq_number; - - if (conf_state) - *conf_state = 0; - - datalen = input_message_buffer->length + 1 /* padding */; - len = datalen + 30; - gssapi_krb5_encap_length (len, &len, &total_len); - - output_message_buffer->length = total_len; - output_message_buffer->value = malloc (total_len); - if (output_message_buffer->value == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - p0 = _gssapi_make_mech_header(output_message_buffer->value, - len); - p = p0; - - *p++ = 0x02; /* TOK_ID */ - *p++ = 0x01; - *p++ = 0x11; /* SGN_ALG */ - *p++ = 0x00; - if (conf_req_flag) { - *p++ = 0x10; /* SEAL_ALG */ - *p++ = 0x00; - } else { - *p++ = 0xff; /* SEAL_ALG */ - *p++ = 0xff; - } - *p++ = 0xff; /* Filler */ - *p++ = 0xff; - - p = NULL; - - krb5_auth_con_getlocalseqnumber (gssapi_krb5_context, - context_handle->auth_context, - &seq_number); - - gssapi_encode_be_om_uint32(seq_number, p0 + 8); - - krb5_auth_con_setlocalseqnumber (gssapi_krb5_context, - context_handle->auth_context, - ++seq_number); - - memset (p0 + 8 + 4, - (context_handle->more_flags & LOCAL) ? 0 : 0xff, - 4); - - krb5_generate_random_block(p0 + 24, 8); /* fill in Confounder */ - - /* p points to data */ - p = p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE; - memcpy(p, input_message_buffer->value, input_message_buffer->length); - p[input_message_buffer->length] = 1; /* PADDING */ - - ret = arcfour_mic_cksum(key, KRB5_KU_USAGE_SEAL, - p0 + 16, 8, /* SGN_CKSUM */ - p0, 8, /* TOK_ID, SGN_ALG, SEAL_ALG, Filler */ - p0 + 24, 8, /* Confounder */ - p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE, - datalen); - if (ret) { - *minor_status = ret; - gss_release_buffer(minor_status, output_message_buffer); - return GSS_S_FAILURE; - } - - { - int i; - - Klocal.keytype = key->keytype; - Klocal.keyvalue.data = Klocaldata; - Klocal.keyvalue.length = sizeof(Klocaldata); - - for (i = 0; i < 16; i++) - Klocaldata[i] = ((u_char *)key->keyvalue.data)[i] ^ 0xF0; - } - ret = arcfour_mic_key(gssapi_krb5_context, &Klocal, - p0 + 8, 4, /* SND_SEQ */ - k6_data, sizeof(k6_data)); - memset(Klocaldata, 0, sizeof(Klocaldata)); - if (ret) { - gss_release_buffer(minor_status, output_message_buffer); - *minor_status = ret; - return GSS_S_FAILURE; - } - - - if(conf_req_flag) { - RC4_KEY rc4_key; - - RC4_set_key (&rc4_key, sizeof(k6_data), k6_data); - /* XXX ? */ - RC4 (&rc4_key, 8 + datalen, p0 + 24, p0 + 24); /* Confounder + data */ - memset(&rc4_key, 0, sizeof(rc4_key)); - } - memset(k6_data, 0, sizeof(k6_data)); - - ret = arcfour_mic_key(gssapi_krb5_context, key, - p0 + 16, 8, /* SGN_CKSUM */ - k6_data, sizeof(k6_data)); - if (ret) { - gss_release_buffer(minor_status, output_message_buffer); - *minor_status = ret; - return GSS_S_FAILURE; - } - - { - RC4_KEY rc4_key; - - RC4_set_key (&rc4_key, sizeof(k6_data), k6_data); - RC4 (&rc4_key, 8, p0 + 8, p0 + 8); /* SND_SEQ */ - memset(&rc4_key, 0, sizeof(rc4_key)); - memset(k6_data, 0, sizeof(k6_data)); - } - - if (conf_state) - *conf_state = conf_req_flag; - - *minor_status = 0; - return GSS_S_COMPLETE; -} - -OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status, - const gss_ctx_id_t context_handle, - const gss_buffer_t input_message_buffer, - gss_buffer_t output_message_buffer, - int *conf_state, - gss_qop_t *qop_state, - krb5_keyblock *key) -{ - u_char Klocaldata[16]; - krb5_keyblock Klocal; - krb5_error_code ret; - int32_t seq_number, seq_number2; - size_t datalen; - OM_uint32 omret; - char k6_data[16], SND_SEQ[8], Confounder[8]; - char cksum_data[8]; - u_char *p, *p0; - int cmp; - int conf_flag; - size_t padlen; - - if (conf_state) - *conf_state = 0; - if (qop_state) - *qop_state = 0; - - p0 = input_message_buffer->value; - omret = _gssapi_verify_mech_header(&p0, - input_message_buffer->length); - if (omret) - return omret; - p = p0; - - datalen = input_message_buffer->length - - (p - ((u_char *)input_message_buffer->value)) - - GSS_ARCFOUR_WRAP_TOKEN_SIZE; - - if (memcmp(p, "\x02\x01", 2) != 0) - return GSS_S_BAD_SIG; - p += 2; - if (memcmp(p, "\x11\x00", 2) != 0) /* SGN_ALG = HMAC MD5 ARCFOUR */ - return GSS_S_BAD_SIG; - p += 2; - - if (memcmp (p, "\x10\x00", 2) == 0) - conf_flag = 1; - else if (memcmp (p, "\xff\xff", 2) == 0) - conf_flag = 0; - else - return GSS_S_BAD_SIG; - - p += 2; - if (memcmp (p, "\xff\xff", 2) != 0) - return GSS_S_BAD_MIC; - p = NULL; - - ret = arcfour_mic_key(gssapi_krb5_context, key, - p0 + 16, 8, /* SGN_CKSUM */ - k6_data, sizeof(k6_data)); - if (ret) { - *minor_status = ret; - return GSS_S_FAILURE; - } - - { - RC4_KEY rc4_key; - - RC4_set_key (&rc4_key, sizeof(k6_data), k6_data); - RC4 (&rc4_key, 8, p0 + 8, SND_SEQ); /* SND_SEQ */ - memset(&rc4_key, 0, sizeof(rc4_key)); - memset(k6_data, 0, sizeof(k6_data)); - } - - gssapi_decode_be_om_uint32(SND_SEQ, &seq_number); - - if (context_handle->more_flags & LOCAL) - cmp = memcmp(&SND_SEQ[4], "\xff\xff\xff\xff", 4); - else - cmp = memcmp(&SND_SEQ[4], "\x00\x00\x00\x00", 4); - - if (cmp != 0) { - *minor_status = 0; - return GSS_S_BAD_MIC; - } - - { - int i; - - Klocal.keytype = key->keytype; - Klocal.keyvalue.data = Klocaldata; - Klocal.keyvalue.length = sizeof(Klocaldata); - - for (i = 0; i < 16; i++) - Klocaldata[i] = ((u_char *)key->keyvalue.data)[i] ^ 0xF0; - } - ret = arcfour_mic_key(gssapi_krb5_context, &Klocal, - SND_SEQ, 4, - k6_data, sizeof(k6_data)); - memset(Klocaldata, 0, sizeof(Klocaldata)); - if (ret) { - *minor_status = ret; - return GSS_S_FAILURE; - } - - output_message_buffer->value = malloc(datalen); - if (output_message_buffer->value == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - output_message_buffer->length = datalen; - - if(conf_flag) { - RC4_KEY rc4_key; - - RC4_set_key (&rc4_key, sizeof(k6_data), k6_data); - RC4 (&rc4_key, 8, p0 + 24, Confounder); /* Confounder */ - RC4 (&rc4_key, datalen, p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE, - output_message_buffer->value); - memset(&rc4_key, 0, sizeof(rc4_key)); - } else { - memcpy(Confounder, p0 + 24, 8); /* Confounder */ - memcpy(output_message_buffer->value, - p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE, - datalen); - } - memset(k6_data, 0, sizeof(k6_data)); - - ret = _gssapi_verify_pad(output_message_buffer, datalen, &padlen); - if (ret) { - gss_release_buffer(minor_status, output_message_buffer); - *minor_status = 0; - return ret; - } - output_message_buffer->length -= padlen; - - ret = arcfour_mic_cksum(key, KRB5_KU_USAGE_SEAL, - cksum_data, sizeof(cksum_data), - p0, 8, - Confounder, sizeof(Confounder), - output_message_buffer->value, - output_message_buffer->length + padlen); - if (ret) { - gss_release_buffer(minor_status, output_message_buffer); - *minor_status = ret; - return GSS_S_FAILURE; - } - - cmp = memcmp(cksum_data, p0 + 16, 8); /* SGN_CKSUM */ - if (cmp) { - gss_release_buffer(minor_status, output_message_buffer); - *minor_status = 0; - return GSS_S_BAD_MIC; - } - - krb5_auth_getremoteseqnumber (gssapi_krb5_context, - context_handle->auth_context, - &seq_number2); - - if (seq_number != seq_number2) { - *minor_status = 0; - return GSS_S_UNSEQ_TOKEN; - } - - krb5_auth_con_setremoteseqnumber (gssapi_krb5_context, - context_handle->auth_context, - ++seq_number2); - - if (conf_state) - *conf_state = conf_flag; - - *minor_status = 0; - return GSS_S_COMPLETE; -} diff --git a/crypto/heimdal/lib/gssapi/arcfour.h b/crypto/heimdal/lib/gssapi/arcfour.h deleted file mode 100644 index 88bdfb1..0000000 --- a/crypto/heimdal/lib/gssapi/arcfour.h +++ /dev/null @@ -1,98 +0,0 @@ -/* - * Copyright (c) 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* $Id: arcfour.h,v 1.3.2.2 2003/09/19 15:14:14 lha Exp $ */ - -#ifndef GSSAPI_ARCFOUR_H_ -#define GSSAPI_ARCFOUR_H_ 1 - -/* - * The arcfour message have the following formats, these are only here - * for reference and is not used. - */ - -#if 0 -typedef struct gss_arcfour_mic_token { - u_char TOK_ID[2]; /* 01 01 */ - u_char SGN_ALG[2]; /* 11 00 */ - u_char Filler[4]; - u_char SND_SEQ[8]; - u_char SGN_CKSUM[8]; -} gss_arcfour_mic_token_desc, *gss_arcfour_mic_token; - -typedef struct gss_arcfour_wrap_token { - u_char TOK_ID[2]; /* 02 01 */ - u_char SGN_ALG[2]; - u_char SEAL_ALG[2]; - u_char Filler[2]; - u_char SND_SEQ[8]; - u_char SGN_CKSUM[8]; - u_char Confounder[8]; -} gss_arcfour_wrap_token_desc, *gss_arcfour_wrap_token; -#endif - -#define GSS_ARCFOUR_WRAP_TOKEN_SIZE 32 - -OM_uint32 _gssapi_wrap_arcfour(OM_uint32 *minor_status, - const gss_ctx_id_t context_handle, - int conf_req_flag, - gss_qop_t qop_req, - const gss_buffer_t input_message_buffer, - int *conf_state, - gss_buffer_t output_message_buffer, - krb5_keyblock *key); - -OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status, - const gss_ctx_id_t context_handle, - const gss_buffer_t input_message_buffer, - gss_buffer_t output_message_buffer, - int *conf_state, - gss_qop_t *qop_state, - krb5_keyblock *key); - -OM_uint32 _gssapi_get_mic_arcfour(OM_uint32 *minor_status, - const gss_ctx_id_t context_handle, - gss_qop_t qop_req, - const gss_buffer_t message_buffer, - gss_buffer_t message_token, - krb5_keyblock *key); - -OM_uint32 _gssapi_verify_mic_arcfour(OM_uint32 *minor_status, - const gss_ctx_id_t context_handle, - const gss_buffer_t message_buffer, - const gss_buffer_t token_buffer, - gss_qop_t *qop_state, - krb5_keyblock *key, - char *type); - -#endif /* GSSAPI_ARCFOUR_H_ */ diff --git a/crypto/heimdal/lib/gssapi/canonicalize_name.c b/crypto/heimdal/lib/gssapi/canonicalize_name.c deleted file mode 100644 index afa39f3..0000000 --- a/crypto/heimdal/lib/gssapi/canonicalize_name.c +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Copyright (c) 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: canonicalize_name.c,v 1.2 1999/12/02 17:05:03 joda Exp $"); - -OM_uint32 gss_canonicalize_name ( - OM_uint32 * minor_status, - const gss_name_t input_name, - const gss_OID mech_type, - gss_name_t * output_name - ) -{ - return gss_duplicate_name (minor_status, input_name, output_name); -} diff --git a/crypto/heimdal/lib/gssapi/compare_name.c b/crypto/heimdal/lib/gssapi/compare_name.c deleted file mode 100644 index da494b0..0000000 --- a/crypto/heimdal/lib/gssapi/compare_name.c +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: compare_name.c,v 1.4 2003/03/16 17:50:07 lha Exp $"); - -OM_uint32 gss_compare_name - (OM_uint32 * minor_status, - const gss_name_t name1, - const gss_name_t name2, - int * name_equal - ) -{ - GSSAPI_KRB5_INIT(); - - *name_equal = krb5_principal_compare (gssapi_krb5_context, - name1, name2); - *minor_status = 0; - return GSS_S_COMPLETE; -} diff --git a/crypto/heimdal/lib/gssapi/compat.c b/crypto/heimdal/lib/gssapi/compat.c deleted file mode 100644 index 311b1cb..0000000 --- a/crypto/heimdal/lib/gssapi/compat.c +++ /dev/null @@ -1,113 +0,0 @@ -/* - * Copyright (c) 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: compat.c,v 1.2.2.2 2003/04/28 13:58:09 lha Exp $"); - - -static krb5_error_code -check_compat(OM_uint32 *minor_status, gss_name_t name, - const char *option, krb5_boolean *compat, - krb5_boolean match_val) -{ - krb5_error_code ret = 0; - char **p, **q; - krb5_principal match; - - - p = krb5_config_get_strings(gssapi_krb5_context, NULL, "gssapi", - option, NULL); - if(p == NULL) - return 0; - - for(q = p; *q; q++) { - - ret = krb5_parse_name(gssapi_krb5_context, *q, &match); - if (ret) - break; - - if (krb5_principal_match(gssapi_krb5_context, name, match)) { - *compat = match_val; - break; - } - - krb5_free_principal(gssapi_krb5_context, match); - } - krb5_config_free_strings(p); - - if (ret) { - *minor_status = ret; - return GSS_S_FAILURE; - } - - return 0; -} - -OM_uint32 -_gss_DES3_get_mic_compat(OM_uint32 *minor_status, gss_ctx_id_t ctx) -{ - krb5_boolean use_compat = TRUE; - OM_uint32 ret; - - if ((ctx->more_flags & COMPAT_OLD_DES3_SELECTED) == 0) { - ret = check_compat(minor_status, ctx->target, - "broken_des3_mic", &use_compat, TRUE); - if (ret) - return ret; - ret = check_compat(minor_status, ctx->target, - "correct_des3_mic", &use_compat, FALSE); - if (ret) - return ret; - - if (use_compat) - ctx->more_flags |= COMPAT_OLD_DES3; - ctx->more_flags |= COMPAT_OLD_DES3_SELECTED; - } - return 0; -} - -OM_uint32 -gss_krb5_compat_des3_mic(OM_uint32 *minor_status, gss_ctx_id_t ctx, int on) -{ - *minor_status = 0; - - if (on) { - ctx->more_flags |= COMPAT_OLD_DES3; - } else { - ctx->more_flags &= ~COMPAT_OLD_DES3; - } - ctx->more_flags |= COMPAT_OLD_DES3_SELECTED; - - return 0; -} diff --git a/crypto/heimdal/lib/gssapi/context_time.c b/crypto/heimdal/lib/gssapi/context_time.c deleted file mode 100644 index daeb25f..0000000 --- a/crypto/heimdal/lib/gssapi/context_time.c +++ /dev/null @@ -1,85 +0,0 @@ -/* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: context_time.c,v 1.7.2.1 2003/08/15 14:25:50 lha Exp $"); - -OM_uint32 -gssapi_lifetime_left(OM_uint32 *minor_status, - OM_uint32 lifetime, - OM_uint32 *lifetime_rec) -{ - krb5_timestamp timeret; - krb5_error_code kret; - - kret = krb5_timeofday(gssapi_krb5_context, &timeret); - if (kret) { - *minor_status = kret; - gssapi_krb5_set_error_string (); - return GSS_S_FAILURE; - } - - if (lifetime < timeret) - *lifetime_rec = 0; - else - *lifetime_rec = lifetime - timeret; - - return GSS_S_COMPLETE; -} - - -OM_uint32 gss_context_time - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - OM_uint32 * time_rec - ) -{ - OM_uint32 lifetime; - OM_uint32 major_status; - - GSSAPI_KRB5_INIT (); - - lifetime = context_handle->lifetime; - - major_status = gssapi_lifetime_left(minor_status, lifetime, time_rec); - if (major_status != GSS_S_COMPLETE) - return major_status; - - *minor_status = 0; - - if (*time_rec == 0) - return GSS_S_CONTEXT_EXPIRED; - - return GSS_S_COMPLETE; -} diff --git a/crypto/heimdal/lib/gssapi/copy_ccache.c b/crypto/heimdal/lib/gssapi/copy_ccache.c deleted file mode 100644 index 2ffe065..0000000 --- a/crypto/heimdal/lib/gssapi/copy_ccache.c +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Copyright (c) 2000 - 2001, 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: copy_ccache.c,v 1.3 2003/03/16 17:47:44 lha Exp $"); - -OM_uint32 -gss_krb5_copy_ccache(OM_uint32 *minor_status, - gss_cred_id_t cred, - krb5_ccache out) -{ - krb5_error_code kret; - - if (cred->ccache == NULL) { - *minor_status = EINVAL; - return GSS_S_FAILURE; - } - - kret = krb5_cc_copy_cache(gssapi_krb5_context, cred->ccache, out); - if (kret) { - *minor_status = kret; - gssapi_krb5_set_error_string (); - return GSS_S_FAILURE; - } - *minor_status = 0; - return GSS_S_COMPLETE; -} diff --git a/crypto/heimdal/lib/gssapi/create_emtpy_oid_set.c b/crypto/heimdal/lib/gssapi/create_emtpy_oid_set.c deleted file mode 100644 index 1a25e0d..0000000 --- a/crypto/heimdal/lib/gssapi/create_emtpy_oid_set.c +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: create_emtpy_oid_set.c,v 1.5 2003/03/16 17:47:07 lha Exp $"); - -OM_uint32 gss_create_empty_oid_set ( - OM_uint32 * minor_status, - gss_OID_set * oid_set - ) -{ - *oid_set = malloc(sizeof(**oid_set)); - if (*oid_set == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - (*oid_set)->count = 0; - (*oid_set)->elements = NULL; - *minor_status = 0; - return GSS_S_COMPLETE; -} diff --git a/crypto/heimdal/lib/gssapi/decapsulate.c b/crypto/heimdal/lib/gssapi/decapsulate.c deleted file mode 100644 index 2425453..0000000 --- a/crypto/heimdal/lib/gssapi/decapsulate.c +++ /dev/null @@ -1,184 +0,0 @@ -/* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: decapsulate.c,v 1.7.6.1 2003/09/18 22:00:41 lha Exp $"); - -OM_uint32 -gssapi_krb5_verify_header(u_char **str, - size_t total_len, - char *type) -{ - size_t len, len_len, mech_len, foo; - int e; - u_char *p = *str; - - if (total_len < 1) - return GSS_S_DEFECTIVE_TOKEN; - if (*p++ != 0x60) - return GSS_S_DEFECTIVE_TOKEN; - e = der_get_length (p, total_len - 1, &len, &len_len); - if (e || 1 + len_len + len != total_len) - return GSS_S_DEFECTIVE_TOKEN; - p += len_len; - if (*p++ != 0x06) - return GSS_S_DEFECTIVE_TOKEN; - e = der_get_length (p, total_len - 1 - len_len - 1, - &mech_len, &foo); - if (e) - return GSS_S_DEFECTIVE_TOKEN; - p += foo; - if (mech_len != GSS_KRB5_MECHANISM->length) - return GSS_S_BAD_MECH; - if (memcmp(p, - GSS_KRB5_MECHANISM->elements, - GSS_KRB5_MECHANISM->length) != 0) - return GSS_S_BAD_MECH; - p += mech_len; - if (memcmp (p, type, 2) != 0) - return GSS_S_DEFECTIVE_TOKEN; - p += 2; - *str = p; - return GSS_S_COMPLETE; -} - -static ssize_t -gssapi_krb5_get_mech (const u_char *ptr, - size_t total_len, - const u_char **mech_ret) -{ - size_t len, len_len, mech_len, foo; - const u_char *p = ptr; - int e; - - if (total_len < 1) - return -1; - if (*p++ != 0x60) - return -1; - e = der_get_length (p, total_len - 1, &len, &len_len); - if (e || 1 + len_len + len != total_len) - return -1; - p += len_len; - if (*p++ != 0x06) - return -1; - e = der_get_length (p, total_len - 1 - len_len - 1, - &mech_len, &foo); - if (e) - return -1; - p += foo; - *mech_ret = p; - return mech_len; -} - -OM_uint32 -_gssapi_verify_mech_header(u_char **str, - size_t total_len) -{ - const u_char *p; - ssize_t mech_len; - - mech_len = gssapi_krb5_get_mech (*str, total_len, &p); - if (mech_len < 0) - return GSS_S_DEFECTIVE_TOKEN; - - if (mech_len != GSS_KRB5_MECHANISM->length) - return GSS_S_BAD_MECH; - if (memcmp(p, - GSS_KRB5_MECHANISM->elements, - GSS_KRB5_MECHANISM->length) != 0) - return GSS_S_BAD_MECH; - p += mech_len; - *str = (char *)p; - return GSS_S_COMPLETE; -} - -/* - * Remove the GSS-API wrapping from `in_token' giving `out_data. - * Does not copy data, so just free `in_token'. - */ - -OM_uint32 -gssapi_krb5_decapsulate( - OM_uint32 *minor_status, - gss_buffer_t input_token_buffer, - krb5_data *out_data, - char *type -) -{ - u_char *p; - OM_uint32 ret; - - p = input_token_buffer->value; - ret = gssapi_krb5_verify_header(&p, - input_token_buffer->length, - type); - if (ret) { - *minor_status = 0; - return ret; - } - - out_data->length = input_token_buffer->length - - (p - (u_char *)input_token_buffer->value); - out_data->data = p; - return GSS_S_COMPLETE; -} - -/* - * Verify padding of a gss wrapped message and return its length. - */ - -OM_uint32 -_gssapi_verify_pad(gss_buffer_t wrapped_token, - size_t datalen, - size_t *padlen) -{ - u_char *pad; - size_t padlength; - int i; - - pad = (u_char *)wrapped_token->value + wrapped_token->length - 1; - padlength = *pad; - - if (padlength > datalen) - return GSS_S_BAD_MECH; - - for (i = padlength; i > 0 && *pad == padlength; i--, pad--) - ; - if (i != 0) - return GSS_S_BAD_MIC; - - *padlen = padlength; - - return 0; -} diff --git a/crypto/heimdal/lib/gssapi/delete_sec_context.c b/crypto/heimdal/lib/gssapi/delete_sec_context.c deleted file mode 100644 index 2df1f39..0000000 --- a/crypto/heimdal/lib/gssapi/delete_sec_context.c +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: delete_sec_context.c,v 1.11 2003/03/16 17:46:40 lha Exp $"); - -OM_uint32 gss_delete_sec_context - (OM_uint32 * minor_status, - gss_ctx_id_t * context_handle, - gss_buffer_t output_token - ) -{ - GSSAPI_KRB5_INIT (); - - if (output_token) { - output_token->length = 0; - output_token->value = NULL; - } - - krb5_auth_con_free (gssapi_krb5_context, - (*context_handle)->auth_context); - if((*context_handle)->source) - krb5_free_principal (gssapi_krb5_context, - (*context_handle)->source); - if((*context_handle)->target) - krb5_free_principal (gssapi_krb5_context, - (*context_handle)->target); - if ((*context_handle)->ticket) { - krb5_free_ticket (gssapi_krb5_context, - (*context_handle)->ticket); - free((*context_handle)->ticket); - } - - free (*context_handle); - *context_handle = GSS_C_NO_CONTEXT; - *minor_status = 0; - return GSS_S_COMPLETE; -} diff --git a/crypto/heimdal/lib/gssapi/display_name.c b/crypto/heimdal/lib/gssapi/display_name.c deleted file mode 100644 index 27a232f..0000000 --- a/crypto/heimdal/lib/gssapi/display_name.c +++ /dev/null @@ -1,73 +0,0 @@ -/* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: display_name.c,v 1.9 2003/03/16 17:46:11 lha Exp $"); - -OM_uint32 gss_display_name - (OM_uint32 * minor_status, - const gss_name_t input_name, - gss_buffer_t output_name_buffer, - gss_OID * output_name_type - ) -{ - krb5_error_code kret; - char *buf; - size_t len; - - GSSAPI_KRB5_INIT (); - kret = krb5_unparse_name (gssapi_krb5_context, - input_name, - &buf); - if (kret) { - *minor_status = kret; - gssapi_krb5_set_error_string (); - return GSS_S_FAILURE; - } - len = strlen (buf); - output_name_buffer->length = len; - output_name_buffer->value = malloc(len + 1); - if (output_name_buffer->value == NULL) { - free (buf); - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - memcpy (output_name_buffer->value, buf, len); - ((char *)output_name_buffer->value)[len] = '\0'; - free (buf); - if (output_name_type) - *output_name_type = GSS_KRB5_NT_PRINCIPAL_NAME; - *minor_status = 0; - return GSS_S_COMPLETE; -} diff --git a/crypto/heimdal/lib/gssapi/display_status.c b/crypto/heimdal/lib/gssapi/display_status.c deleted file mode 100644 index d266fa4..0000000 --- a/crypto/heimdal/lib/gssapi/display_status.c +++ /dev/null @@ -1,187 +0,0 @@ -/* - * Copyright (c) 1998 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: display_status.c,v 1.9 2003/03/16 17:45:36 lha Exp $"); - -static char *krb5_error_string; - -static char * -calling_error(OM_uint32 v) -{ - static char *msgs[] = { - NULL, /* 0 */ - "A required input parameter could not be read.", /* */ - "A required output parameter could not be written.", /* */ - "A parameter was malformed" - }; - - v >>= GSS_C_CALLING_ERROR_OFFSET; - - if (v == 0) - return ""; - else if (v >= sizeof(msgs)/sizeof(*msgs)) - return "unknown calling error"; - else - return msgs[v]; -} - -static char * -routine_error(OM_uint32 v) -{ - static char *msgs[] = { - NULL, /* 0 */ - "An unsupported mechanism was requested", - "An invalid name was supplied", - "A supplied name was of an unsupported type", - "Incorrect channel bindings were supplied", - "An invalid status code was supplied", - "A token had an invalid MIC", - "No credentials were supplied, " - "or the credentials were unavailable or inaccessible.", - "No context has been established", - "A token was invalid", - "A credential was invalid", - "The referenced credentials have expired", - "The context has expired", - "Miscellaneous failure (see text)", - "The quality-of-protection requested could not be provide", - "The operation is forbidden by local security policy", - "The operation or option is not available", - "The requested credential element already exists", - "The provided name was not a mechanism name.", - }; - - v >>= GSS_C_ROUTINE_ERROR_OFFSET; - - if (v == 0) - return ""; - else if (v >= sizeof(msgs)/sizeof(*msgs)) - return "unknown routine error"; - else - return msgs[v]; -} - -static char * -supplementary_error(OM_uint32 v) -{ - static char *msgs[] = { - "normal completion", - "continuation call to routine required", - "duplicate per-message token detected", - "timed-out per-message token detected", - "reordered (early) per-message token detected", - "skipped predecessor token(s) detected" - }; - - v >>= GSS_C_SUPPLEMENTARY_OFFSET; - - if (v >= sizeof(msgs)/sizeof(*msgs)) - return "unknown routine error"; - else - return msgs[v]; -} - -void -gssapi_krb5_set_error_string (void) -{ - krb5_error_string = krb5_get_error_string(gssapi_krb5_context); -} - -char * -gssapi_krb5_get_error_string (void) -{ - char *ret = krb5_error_string; - krb5_error_string = NULL; - return ret; -} - -OM_uint32 gss_display_status - (OM_uint32 *minor_status, - OM_uint32 status_value, - int status_type, - const gss_OID mech_type, - OM_uint32 *message_context, - gss_buffer_t status_string) -{ - char *buf; - - GSSAPI_KRB5_INIT (); - - status_string->length = 0; - status_string->value = NULL; - - if (gss_oid_equal(mech_type, GSS_C_NO_OID) == 0 && - gss_oid_equal(mech_type, GSS_KRB5_MECHANISM) == 0) { - *minor_status = 0; - return GSS_C_GSS_CODE; - } - - if (status_type == GSS_C_GSS_CODE) { - if (GSS_SUPPLEMENTARY_INFO(status_value)) - asprintf(&buf, "%s", - supplementary_error(GSS_SUPPLEMENTARY_INFO(status_value))); - else - asprintf (&buf, "%s %s", - calling_error(GSS_CALLING_ERROR(status_value)), - routine_error(GSS_ROUTINE_ERROR(status_value))); - } else if (status_type == GSS_C_MECH_CODE) { - buf = gssapi_krb5_get_error_string (); - if (buf == NULL) { - const char *tmp = krb5_get_err_text (gssapi_krb5_context, - status_value); - if (tmp == NULL) - asprintf(&buf, "unknown mech error-code %u", - (unsigned)status_value); - else - buf = strdup(tmp); - } - } else { - *minor_status = EINVAL; - return GSS_S_BAD_STATUS; - } - - if (buf == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - *message_context = 0; - *minor_status = 0; - - status_string->length = strlen(buf); - status_string->value = buf; - - return GSS_S_COMPLETE; -} diff --git a/crypto/heimdal/lib/gssapi/duplicate_name.c b/crypto/heimdal/lib/gssapi/duplicate_name.c deleted file mode 100644 index 2b54e90..0000000 --- a/crypto/heimdal/lib/gssapi/duplicate_name.c +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: duplicate_name.c,v 1.7 2003/03/16 17:44:26 lha Exp $"); - -OM_uint32 gss_duplicate_name ( - OM_uint32 * minor_status, - const gss_name_t src_name, - gss_name_t * dest_name - ) -{ - krb5_error_code kret; - - GSSAPI_KRB5_INIT (); - - kret = krb5_copy_principal (gssapi_krb5_context, - src_name, - dest_name); - if (kret) { - *minor_status = kret; - gssapi_krb5_set_error_string (); - return GSS_S_FAILURE; - } else { - *minor_status = 0; - return GSS_S_COMPLETE; - } -} diff --git a/crypto/heimdal/lib/gssapi/encapsulate.c b/crypto/heimdal/lib/gssapi/encapsulate.c deleted file mode 100644 index f3cd1e4..0000000 --- a/crypto/heimdal/lib/gssapi/encapsulate.c +++ /dev/null @@ -1,122 +0,0 @@ -/* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: encapsulate.c,v 1.6.6.1 2003/09/18 21:47:44 lha Exp $"); - -void -gssapi_krb5_encap_length (size_t data_len, - size_t *len, - size_t *total_len) -{ - size_t len_len; - - *len = 1 + 1 + GSS_KRB5_MECHANISM->length + 2 + data_len; - - len_len = length_len(*len); - - *total_len = 1 + len_len + *len; -} - -u_char * -gssapi_krb5_make_header (u_char *p, - size_t len, - u_char *type) -{ - int e; - size_t len_len, foo; - - *p++ = 0x60; - len_len = length_len(len); - e = der_put_length (p + len_len - 1, len_len, len, &foo); - if(e || foo != len_len) - abort (); - p += len_len; - *p++ = 0x06; - *p++ = GSS_KRB5_MECHANISM->length; - memcpy (p, GSS_KRB5_MECHANISM->elements, GSS_KRB5_MECHANISM->length); - p += GSS_KRB5_MECHANISM->length; - memcpy (p, type, 2); - p += 2; - return p; -} - -u_char * -_gssapi_make_mech_header(u_char *p, - size_t len) -{ - int e; - size_t len_len, foo; - - *p++ = 0x60; - len_len = length_len(len); - e = der_put_length (p + len_len - 1, len_len, len, &foo); - if(e || foo != len_len) - abort (); - p += len_len; - *p++ = 0x06; - *p++ = GSS_KRB5_MECHANISM->length; - memcpy (p, GSS_KRB5_MECHANISM->elements, GSS_KRB5_MECHANISM->length); - p += GSS_KRB5_MECHANISM->length; - return p; -} - -/* - * Give it a krb5_data and it will encapsulate with extra GSS-API wrappings. - */ - -OM_uint32 -gssapi_krb5_encapsulate( - OM_uint32 *minor_status, - const krb5_data *in_data, - gss_buffer_t output_token, - u_char *type -) -{ - size_t len, outer_len; - u_char *p; - - gssapi_krb5_encap_length (in_data->length, &len, &outer_len); - - output_token->length = outer_len; - output_token->value = malloc (outer_len); - if (output_token->value == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - p = gssapi_krb5_make_header (output_token->value, len, type); - memcpy (p, in_data->data, in_data->length); - return GSS_S_COMPLETE; -} diff --git a/crypto/heimdal/lib/gssapi/export_name.c b/crypto/heimdal/lib/gssapi/export_name.c deleted file mode 100644 index c5fcbd4..0000000 --- a/crypto/heimdal/lib/gssapi/export_name.c +++ /dev/null @@ -1,94 +0,0 @@ -/* - * Copyright (c) 1997, 1999, 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: export_name.c,v 1.5 2003/03/16 17:34:46 lha Exp $"); - -OM_uint32 gss_export_name - (OM_uint32 * minor_status, - const gss_name_t input_name, - gss_buffer_t exported_name - ) -{ - krb5_error_code kret; - char *buf, *name; - size_t len; - - GSSAPI_KRB5_INIT (); - kret = krb5_unparse_name (gssapi_krb5_context, - input_name, - &name); - if (kret) { - *minor_status = kret; - gssapi_krb5_set_error_string (); - return GSS_S_FAILURE; - } - len = strlen (name); - - exported_name->length = 10 + len + GSS_KRB5_MECHANISM->length; - exported_name->value = malloc(exported_name->length); - if (exported_name->value == NULL) { - free (name); - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - /* TOK, MECH_OID_LEN, DER(MECH_OID), NAME_LEN, NAME */ - - buf = exported_name->value; - memcpy(buf, "\x04\x01", 2); - buf += 2; - buf[0] = ((GSS_KRB5_MECHANISM->length + 2) >> 8) & 0xff; - buf[1] = (GSS_KRB5_MECHANISM->length + 2) & 0xff; - buf+= 2; - buf[0] = 0x06; - buf[1] = (GSS_KRB5_MECHANISM->length) & 0xFF; - buf+= 2; - - memcpy(buf, GSS_KRB5_MECHANISM->elements, GSS_KRB5_MECHANISM->length); - buf += GSS_KRB5_MECHANISM->length; - - buf[0] = (len >> 24) & 0xff; - buf[1] = (len >> 16) & 0xff; - buf[2] = (len >> 8) & 0xff; - buf[3] = (len) & 0xff; - buf += 4; - - memcpy (buf, name, len); - - free (name); - - *minor_status = 0; - return GSS_S_COMPLETE; -} diff --git a/crypto/heimdal/lib/gssapi/export_sec_context.c b/crypto/heimdal/lib/gssapi/export_sec_context.c deleted file mode 100644 index c7e6265..0000000 --- a/crypto/heimdal/lib/gssapi/export_sec_context.c +++ /dev/null @@ -1,223 +0,0 @@ -/* - * Copyright (c) 1999 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: export_sec_context.c,v 1.6 2003/03/16 18:02:52 lha Exp $"); - -OM_uint32 -gss_export_sec_context ( - OM_uint32 * minor_status, - gss_ctx_id_t * context_handle, - gss_buffer_t interprocess_token - ) -{ - krb5_storage *sp; - krb5_auth_context ac; - OM_uint32 ret = GSS_S_COMPLETE; - krb5_data data; - gss_buffer_desc buffer; - int flags; - OM_uint32 minor; - krb5_error_code kret; - - GSSAPI_KRB5_INIT (); - if (!((*context_handle)->flags & GSS_C_TRANS_FLAG)) { - *minor_status = 0; - return GSS_S_UNAVAILABLE; - } - - sp = krb5_storage_emem (); - if (sp == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - ac = (*context_handle)->auth_context; - - /* flagging included fields */ - - flags = 0; - if (ac->local_address) - flags |= SC_LOCAL_ADDRESS; - if (ac->remote_address) - flags |= SC_REMOTE_ADDRESS; - if (ac->keyblock) - flags |= SC_KEYBLOCK; - if (ac->local_subkey) - flags |= SC_LOCAL_SUBKEY; - if (ac->remote_subkey) - flags |= SC_REMOTE_SUBKEY; - - kret = krb5_store_int32 (sp, flags); - if (kret) { - *minor_status = kret; - goto failure; - } - - /* marshall auth context */ - - kret = krb5_store_int32 (sp, ac->flags); - if (kret) { - *minor_status = kret; - goto failure; - } - if (ac->local_address) { - kret = krb5_store_address (sp, *ac->local_address); - if (kret) { - *minor_status = kret; - goto failure; - } - } - if (ac->remote_address) { - kret = krb5_store_address (sp, *ac->remote_address); - if (kret) { - *minor_status = kret; - goto failure; - } - } - kret = krb5_store_int16 (sp, ac->local_port); - if (kret) { - *minor_status = kret; - goto failure; - } - kret = krb5_store_int16 (sp, ac->remote_port); - if (kret) { - *minor_status = kret; - goto failure; - } - if (ac->keyblock) { - kret = krb5_store_keyblock (sp, *ac->keyblock); - if (kret) { - *minor_status = kret; - goto failure; - } - } - if (ac->local_subkey) { - kret = krb5_store_keyblock (sp, *ac->local_subkey); - if (kret) { - *minor_status = kret; - goto failure; - } - } - if (ac->remote_subkey) { - kret = krb5_store_keyblock (sp, *ac->remote_subkey); - if (kret) { - *minor_status = kret; - goto failure; - } - } - kret = krb5_store_int32 (sp, ac->local_seqnumber); - if (kret) { - *minor_status = kret; - goto failure; - } - kret = krb5_store_int32 (sp, ac->remote_seqnumber); - if (kret) { - *minor_status = kret; - goto failure; - } - - kret = krb5_store_int32 (sp, ac->keytype); - if (kret) { - *minor_status = kret; - goto failure; - } - kret = krb5_store_int32 (sp, ac->cksumtype); - if (kret) { - *minor_status = kret; - goto failure; - } - - /* names */ - - ret = gss_export_name (minor_status, (*context_handle)->source, &buffer); - if (ret) - goto failure; - data.data = buffer.value; - data.length = buffer.length; - kret = krb5_store_data (sp, data); - gss_release_buffer (&minor, &buffer); - if (kret) { - *minor_status = kret; - goto failure; - } - - ret = gss_export_name (minor_status, (*context_handle)->target, &buffer); - if (ret) - goto failure; - data.data = buffer.value; - data.length = buffer.length; - - ret = GSS_S_FAILURE; - - kret = krb5_store_data (sp, data); - gss_release_buffer (&minor, &buffer); - if (kret) { - *minor_status = kret; - goto failure; - } - - kret = krb5_store_int32 (sp, (*context_handle)->flags); - if (kret) { - *minor_status = kret; - goto failure; - } - kret = krb5_store_int32 (sp, (*context_handle)->more_flags); - if (kret) { - *minor_status = kret; - goto failure; - } - kret = krb5_store_int32 (sp, (*context_handle)->lifetime); - if (kret) { - *minor_status = kret; - goto failure; - } - - kret = krb5_storage_to_data (sp, &data); - krb5_storage_free (sp); - if (kret) { - *minor_status = kret; - return GSS_S_FAILURE; - } - interprocess_token->length = data.length; - interprocess_token->value = data.data; - ret = gss_delete_sec_context (minor_status, context_handle, - GSS_C_NO_BUFFER); - if (ret != GSS_S_COMPLETE) - gss_release_buffer (NULL, interprocess_token); - *minor_status = 0; - return ret; - failure: - krb5_storage_free (sp); - return ret; -} diff --git a/crypto/heimdal/lib/gssapi/external.c b/crypto/heimdal/lib/gssapi/external.c deleted file mode 100644 index dca35ea..0000000 --- a/crypto/heimdal/lib/gssapi/external.c +++ /dev/null @@ -1,235 +0,0 @@ -/* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: external.c,v 1.5 2000/07/22 03:45:28 assar Exp $"); - -/* - * The implementation must reserve static storage for a - * gss_OID_desc object containing the value - * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" - * "\x01\x02\x01\x01"}, - * corresponding to an object-identifier value of - * {iso(1) member-body(2) United States(840) mit(113554) - * infosys(1) gssapi(2) generic(1) user_name(1)}. The constant - * GSS_C_NT_USER_NAME should be initialized to point - * to that gss_OID_desc. - */ - -static gss_OID_desc gss_c_nt_user_name_oid_desc = -{10, (void *)"\x2a\x86\x48\x86\xf7\x12" - "\x01\x02\x01\x01"}; - -gss_OID GSS_C_NT_USER_NAME = &gss_c_nt_user_name_oid_desc; - -/* - * The implementation must reserve static storage for a - * gss_OID_desc object containing the value - * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" - * "\x01\x02\x01\x02"}, - * corresponding to an object-identifier value of - * {iso(1) member-body(2) United States(840) mit(113554) - * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}. - * The constant GSS_C_NT_MACHINE_UID_NAME should be - * initialized to point to that gss_OID_desc. - */ - -static gss_OID_desc gss_c_nt_machine_uid_name_oid_desc = -{10, (void *)"\x2a\x86\x48\x86\xf7\x12" - "\x01\x02\x01\x02"}; - -gss_OID GSS_C_NT_MACHINE_UID_NAME = &gss_c_nt_machine_uid_name_oid_desc; - -/* - * The implementation must reserve static storage for a - * gss_OID_desc object containing the value - * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" - * "\x01\x02\x01\x03"}, - * corresponding to an object-identifier value of - * {iso(1) member-body(2) United States(840) mit(113554) - * infosys(1) gssapi(2) generic(1) string_uid_name(3)}. - * The constant GSS_C_NT_STRING_UID_NAME should be - * initialized to point to that gss_OID_desc. - */ - -static gss_OID_desc gss_c_nt_string_uid_name_oid_desc = -{10, (void *)"\x2a\x86\x48\x86\xf7\x12" - "\x01\x02\x01\x03"}; - -gss_OID GSS_C_NT_STRING_UID_NAME = &gss_c_nt_string_uid_name_oid_desc; - -/* - * The implementation must reserve static storage for a - * gss_OID_desc object containing the value - * {6, (void *)"\x2b\x06\x01\x05\x06\x02"}, - * corresponding to an object-identifier value of - * {iso(1) org(3) dod(6) internet(1) security(5) - * nametypes(6) gss-host-based-services(2)). The constant - * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point - * to that gss_OID_desc. This is a deprecated OID value, and - * implementations wishing to support hostbased-service names - * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID, - * defined below, to identify such names; - * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym - * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input - * parameter, but should not be emitted by GSS-API - * implementations - */ - -static gss_OID_desc gss_c_nt_hostbased_service_x_oid_desc = -{6, (void *)"\x2b\x06\x01\x05\x06\x02"}; - -gss_OID GSS_C_NT_HOSTBASED_SERVICE_X = &gss_c_nt_hostbased_service_x_oid_desc; - -/* - * The implementation must reserve static storage for a - * gss_OID_desc object containing the value - * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" - * "\x01\x02\x01\x04"}, corresponding to an - * object-identifier value of {iso(1) member-body(2) - * Unites States(840) mit(113554) infosys(1) gssapi(2) - * generic(1) service_name(4)}. The constant - * GSS_C_NT_HOSTBASED_SERVICE should be initialized - * to point to that gss_OID_desc. - */ -static gss_OID_desc gss_c_nt_hostbased_service_oid_desc = -{10, (void *)"\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x04"}; - -gss_OID GSS_C_NT_HOSTBASED_SERVICE = &gss_c_nt_hostbased_service_oid_desc; - -/* - * The implementation must reserve static storage for a - * gss_OID_desc object containing the value - * {6, (void *)"\x2b\x06\01\x05\x06\x03"}, - * corresponding to an object identifier value of - * {1(iso), 3(org), 6(dod), 1(internet), 5(security), - * 6(nametypes), 3(gss-anonymous-name)}. The constant - * and GSS_C_NT_ANONYMOUS should be initialized to point - * to that gss_OID_desc. - */ - -static gss_OID_desc gss_c_nt_anonymous_oid_desc = -{6, (void *)"\x2b\x06\01\x05\x06\x03"}; - -gss_OID GSS_C_NT_ANONYMOUS = &gss_c_nt_anonymous_oid_desc; - -/* - * The implementation must reserve static storage for a - * gss_OID_desc object containing the value - * {6, (void *)"\x2b\x06\x01\x05\x06\x04"}, - * corresponding to an object-identifier value of - * {1(iso), 3(org), 6(dod), 1(internet), 5(security), - * 6(nametypes), 4(gss-api-exported-name)}. The constant - * GSS_C_NT_EXPORT_NAME should be initialized to point - * to that gss_OID_desc. - */ - -static gss_OID_desc gss_c_nt_export_name_oid_desc = -{6, (void *)"\x2b\x06\x01\x05\x06\x04"}; - -gss_OID GSS_C_NT_EXPORT_NAME = &gss_c_nt_export_name_oid_desc; - -/* - * This name form shall be represented by the Object Identifier {iso(1) - * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) - * krb5(2) krb5_name(1)}. The recommended symbolic name for this type - * is "GSS_KRB5_NT_PRINCIPAL_NAME". - */ - -static gss_OID_desc gss_krb5_nt_principal_name_oid_desc = -{10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01"}; - -gss_OID GSS_KRB5_NT_PRINCIPAL_NAME = &gss_krb5_nt_principal_name_oid_desc; - -/* - * This name form shall be represented by the Object Identifier {iso(1) - * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) - * generic(1) user_name(1)}. The recommended symbolic name for this - * type is "GSS_KRB5_NT_USER_NAME". - */ - -gss_OID GSS_KRB5_NT_USER_NAME = &gss_c_nt_user_name_oid_desc; - -/* - * This name form shall be represented by the Object Identifier {iso(1) - * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) - * generic(1) machine_uid_name(2)}. The recommended symbolic name for - * this type is "GSS_KRB5_NT_MACHINE_UID_NAME". - */ - -gss_OID GSS_KRB5_NT_MACHINE_UID_NAME = &gss_c_nt_machine_uid_name_oid_desc; - -/* - * This name form shall be represented by the Object Identifier {iso(1) - * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) - * generic(1) string_uid_name(3)}. The recommended symbolic name for - * this type is "GSS_KRB5_NT_STRING_UID_NAME". - */ - -gss_OID GSS_KRB5_NT_STRING_UID_NAME = &gss_c_nt_string_uid_name_oid_desc; - -/* - * To support ongoing experimentation, testing, and evolution of the - * specification, the Kerberos V5 GSS-API mechanism as defined in this - * and any successor memos will be identified with the following Object - * Identifier, as defined in RFC-1510, until the specification is - * advanced to the level of Proposed Standard RFC: - * - * {iso(1), org(3), dod(5), internet(1), security(5), kerberosv5(2)} - * - * Upon advancement to the level of Proposed Standard RFC, the Kerberos - * V5 GSS-API mechanism will be identified by an Object Identifier - * having the value: - * - * {iso(1) member-body(2) United States(840) mit(113554) infosys(1) - * gssapi(2) krb5(2)} - */ - -#if 0 /* This is the old OID */ - -static gss_OID_desc gss_krb5_mechanism_oid_desc = -{5, (void *)"\x2b\x05\x01\x05\x02"}; - -#endif - -static gss_OID_desc gss_krb5_mechanism_oid_desc = -{9, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"}; - -gss_OID GSS_KRB5_MECHANISM = &gss_krb5_mechanism_oid_desc; - -/* - * Context for krb5 calls. - */ - -krb5_context gssapi_krb5_context; diff --git a/crypto/heimdal/lib/gssapi/get_mic.c b/crypto/heimdal/lib/gssapi/get_mic.c deleted file mode 100644 index 7f5b37e..0000000 --- a/crypto/heimdal/lib/gssapi/get_mic.c +++ /dev/null @@ -1,295 +0,0 @@ -/* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: get_mic.c,v 1.21.2.1 2003/09/18 22:05:12 lha Exp $"); - -static OM_uint32 -mic_des - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - gss_qop_t qop_req, - const gss_buffer_t message_buffer, - gss_buffer_t message_token, - krb5_keyblock *key - ) -{ - u_char *p; - MD5_CTX md5; - u_char hash[16]; - des_key_schedule schedule; - des_cblock deskey; - des_cblock zero; - int32_t seq_number; - size_t len, total_len; - - gssapi_krb5_encap_length (22, &len, &total_len); - - message_token->length = total_len; - message_token->value = malloc (total_len); - if (message_token->value == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - p = gssapi_krb5_make_header(message_token->value, - len, - "\x01\x01"); /* TOK_ID */ - - memcpy (p, "\x00\x00", 2); /* SGN_ALG = DES MAC MD5 */ - p += 2; - - memcpy (p, "\xff\xff\xff\xff", 4); /* Filler */ - p += 4; - - /* Fill in later (SND-SEQ) */ - memset (p, 0, 16); - p += 16; - - /* checksum */ - MD5_Init (&md5); - MD5_Update (&md5, p - 24, 8); - MD5_Update (&md5, message_buffer->value, message_buffer->length); - MD5_Final (hash, &md5); - - memset (&zero, 0, sizeof(zero)); - memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); - des_set_key (&deskey, schedule); - des_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash), - schedule, &zero); - memcpy (p - 8, hash, 8); /* SGN_CKSUM */ - - /* sequence number */ - krb5_auth_con_getlocalseqnumber (gssapi_krb5_context, - context_handle->auth_context, - &seq_number); - - p -= 16; /* SND_SEQ */ - p[0] = (seq_number >> 0) & 0xFF; - p[1] = (seq_number >> 8) & 0xFF; - p[2] = (seq_number >> 16) & 0xFF; - p[3] = (seq_number >> 24) & 0xFF; - memset (p + 4, - (context_handle->more_flags & LOCAL) ? 0 : 0xFF, - 4); - - des_set_key (&deskey, schedule); - des_cbc_encrypt ((void *)p, (void *)p, 8, - schedule, (des_cblock *)(p + 8), DES_ENCRYPT); - - krb5_auth_con_setlocalseqnumber (gssapi_krb5_context, - context_handle->auth_context, - ++seq_number); - - memset (deskey, 0, sizeof(deskey)); - memset (schedule, 0, sizeof(schedule)); - - *minor_status = 0; - return GSS_S_COMPLETE; -} - -static OM_uint32 -mic_des3 - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - gss_qop_t qop_req, - const gss_buffer_t message_buffer, - gss_buffer_t message_token, - krb5_keyblock *key - ) -{ - u_char *p; - Checksum cksum; - u_char seq[8]; - - int32_t seq_number; - size_t len, total_len; - - krb5_crypto crypto; - krb5_error_code kret; - krb5_data encdata; - char *tmp; - char ivec[8]; - - gssapi_krb5_encap_length (36, &len, &total_len); - - message_token->length = total_len; - message_token->value = malloc (total_len); - if (message_token->value == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - p = gssapi_krb5_make_header(message_token->value, - len, - "\x01\x01"); /* TOK-ID */ - - memcpy (p, "\x04\x00", 2); /* SGN_ALG = HMAC SHA1 DES3-KD */ - p += 2; - - memcpy (p, "\xff\xff\xff\xff", 4); /* filler */ - p += 4; - - /* this should be done in parts */ - - tmp = malloc (message_buffer->length + 8); - if (tmp == NULL) { - free (message_token->value); - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - memcpy (tmp, p - 8, 8); - memcpy (tmp + 8, message_buffer->value, message_buffer->length); - - kret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto); - if (kret) { - free (message_token->value); - free (tmp); - gssapi_krb5_set_error_string (); - *minor_status = kret; - return GSS_S_FAILURE; - } - - kret = krb5_create_checksum (gssapi_krb5_context, - crypto, - KRB5_KU_USAGE_SIGN, - 0, - tmp, - message_buffer->length + 8, - &cksum); - free (tmp); - krb5_crypto_destroy (gssapi_krb5_context, crypto); - if (kret) { - free (message_token->value); - gssapi_krb5_set_error_string (); - *minor_status = kret; - return GSS_S_FAILURE; - } - - memcpy (p + 8, cksum.checksum.data, cksum.checksum.length); - - /* sequence number */ - krb5_auth_con_getlocalseqnumber (gssapi_krb5_context, - context_handle->auth_context, - &seq_number); - - seq[0] = (seq_number >> 0) & 0xFF; - seq[1] = (seq_number >> 8) & 0xFF; - seq[2] = (seq_number >> 16) & 0xFF; - seq[3] = (seq_number >> 24) & 0xFF; - memset (seq + 4, - (context_handle->more_flags & LOCAL) ? 0 : 0xFF, - 4); - - kret = krb5_crypto_init(gssapi_krb5_context, key, - ETYPE_DES3_CBC_NONE, &crypto); - if (kret) { - free (message_token->value); - gssapi_krb5_set_error_string (); - *minor_status = kret; - return GSS_S_FAILURE; - } - - if (context_handle->more_flags & COMPAT_OLD_DES3) - memset(ivec, 0, 8); - else - memcpy(ivec, p + 8, 8); - - kret = krb5_encrypt_ivec (gssapi_krb5_context, - crypto, - KRB5_KU_USAGE_SEQ, - seq, 8, &encdata, ivec); - krb5_crypto_destroy (gssapi_krb5_context, crypto); - if (kret) { - free (message_token->value); - gssapi_krb5_set_error_string (); - *minor_status = kret; - return GSS_S_FAILURE; - } - - assert (encdata.length == 8); - - memcpy (p, encdata.data, encdata.length); - krb5_data_free (&encdata); - - krb5_auth_con_setlocalseqnumber (gssapi_krb5_context, - context_handle->auth_context, - ++seq_number); - - free_Checksum (&cksum); - *minor_status = 0; - return GSS_S_COMPLETE; -} - -OM_uint32 gss_get_mic - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - gss_qop_t qop_req, - const gss_buffer_t message_buffer, - gss_buffer_t message_token - ) -{ - krb5_keyblock *key; - OM_uint32 ret; - krb5_keytype keytype; - - ret = gss_krb5_get_localkey(context_handle, &key); - if (ret) { - gssapi_krb5_set_error_string (); - *minor_status = ret; - return GSS_S_FAILURE; - } - krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype); - - switch (keytype) { - case KEYTYPE_DES : - ret = mic_des (minor_status, context_handle, qop_req, - message_buffer, message_token, key); - break; - case KEYTYPE_DES3 : - ret = mic_des3 (minor_status, context_handle, qop_req, - message_buffer, message_token, key); - break; - case KEYTYPE_ARCFOUR: - ret = _gssapi_get_mic_arcfour (minor_status, context_handle, qop_req, - message_buffer, message_token, key); - break; - default : - *minor_status = KRB5_PROG_ETYPE_NOSUPP; - ret = GSS_S_FAILURE; - break; - } - krb5_free_keyblock (gssapi_krb5_context, key); - return ret; -} diff --git a/crypto/heimdal/lib/gssapi/gssapi_locl.h b/crypto/heimdal/lib/gssapi/gssapi_locl.h deleted file mode 100644 index 5b2274f..0000000 --- a/crypto/heimdal/lib/gssapi/gssapi_locl.h +++ /dev/null @@ -1,180 +0,0 @@ -/* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* $Id: gssapi_locl.h,v 1.24.2.5 2003/09/18 22:01:52 lha Exp $ */ -/* $FreeBSD$ */ - -#ifndef GSSAPI_LOCL_H -#define GSSAPI_LOCL_H - -#ifdef HAVE_CONFIG_H -#include -#endif - -#include -#include "gssapi.h" -#include - -#include "arcfour.h" - -extern krb5_context gssapi_krb5_context; - -extern krb5_keytab gssapi_krb5_keytab; - -krb5_error_code gssapi_krb5_init (void); - -#define GSSAPI_KRB5_INIT() do { \ - krb5_error_code kret; \ - if((kret = gssapi_krb5_init ()) != 0) { \ - *minor_status = kret; \ - return GSS_S_FAILURE; \ - } \ -} while (0) - -OM_uint32 -gssapi_krb5_create_8003_checksum ( - OM_uint32 *minor_status, - const gss_channel_bindings_t input_chan_bindings, - OM_uint32 flags, - const krb5_data *fwd_data, - Checksum *result); - -OM_uint32 -gssapi_krb5_verify_8003_checksum ( - OM_uint32 *minor_status, - const gss_channel_bindings_t input_chan_bindings, - const Checksum *cksum, - OM_uint32 *flags, - krb5_data *fwd_data); - -OM_uint32 -gssapi_krb5_encapsulate( - OM_uint32 *minor_status, - const krb5_data *in_data, - gss_buffer_t output_token, - u_char *type); - -u_char * -_gssapi_make_mech_header(u_char *p, - size_t len); - -OM_uint32 -gssapi_krb5_decapsulate( - OM_uint32 *minor_status, - gss_buffer_t input_token_buffer, - krb5_data *out_data, - char *type); - -void -gssapi_krb5_encap_length (size_t data_len, - size_t *len, - size_t *total_len); - -u_char * -gssapi_krb5_make_header (u_char *p, - size_t len, - u_char *type); - -OM_uint32 -gssapi_krb5_verify_header(u_char **str, - size_t total_len, - char *type); - - -OM_uint32 -_gssapi_verify_mech_header(u_char **str, - size_t total_len); - -OM_uint32 -_gssapi_verify_pad(gss_buffer_t, size_t, size_t *); - -OM_uint32 -gss_verify_mic_internal(OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - const gss_buffer_t message_buffer, - const gss_buffer_t token_buffer, - gss_qop_t * qop_state, - char * type); - -OM_uint32 -gss_krb5_get_remotekey(const gss_ctx_id_t context_handle, - krb5_keyblock **key); - -OM_uint32 -gss_krb5_get_localkey(const gss_ctx_id_t context_handle, - krb5_keyblock **key); - -krb5_error_code -gss_address_to_krb5addr(OM_uint32 gss_addr_type, - gss_buffer_desc *gss_addr, - int16_t port, - krb5_address *address); - -/* sec_context flags */ - -#define SC_LOCAL_ADDRESS 0x01 -#define SC_REMOTE_ADDRESS 0x02 -#define SC_KEYBLOCK 0x04 -#define SC_LOCAL_SUBKEY 0x08 -#define SC_REMOTE_SUBKEY 0x10 - -int -gss_oid_equal(const gss_OID a, const gss_OID b); - -void -gssapi_krb5_set_error_string (void); - -char * -gssapi_krb5_get_error_string (void); - -OM_uint32 -_gss_DES3_get_mic_compat(OM_uint32 *minor_status, gss_ctx_id_t ctx); - -OM_uint32 -gssapi_lifetime_left(OM_uint32 *, OM_uint32, OM_uint32 *); - -/* 8003 */ - -krb5_error_code -gssapi_encode_om_uint32(OM_uint32, u_char *); - -krb5_error_code -gssapi_encode_be_om_uint32(OM_uint32, u_char *); - -krb5_error_code -gssapi_decode_om_uint32(u_char *, OM_uint32 *); - -krb5_error_code -gssapi_decode_be_om_uint32(u_char *, OM_uint32 *); - -#endif diff --git a/crypto/heimdal/lib/gssapi/import_name.c b/crypto/heimdal/lib/gssapi/import_name.c deleted file mode 100644 index 423e757..0000000 --- a/crypto/heimdal/lib/gssapi/import_name.c +++ /dev/null @@ -1,229 +0,0 @@ -/* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: import_name.c,v 1.13 2003/03/16 17:33:31 lha Exp $"); - -static OM_uint32 -parse_krb5_name (OM_uint32 *minor_status, - const char *name, - gss_name_t *output_name) -{ - krb5_error_code kerr; - - kerr = krb5_parse_name (gssapi_krb5_context, name, output_name); - - if (kerr == 0) - return GSS_S_COMPLETE; - else if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED) { - gssapi_krb5_set_error_string (); - *minor_status = kerr; - return GSS_S_BAD_NAME; - } else { - gssapi_krb5_set_error_string (); - *minor_status = kerr; - return GSS_S_FAILURE; - } -} - -static OM_uint32 -import_krb5_name (OM_uint32 *minor_status, - const gss_buffer_t input_name_buffer, - gss_name_t *output_name) -{ - OM_uint32 ret; - char *tmp; - - tmp = malloc (input_name_buffer->length + 1); - if (tmp == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - memcpy (tmp, - input_name_buffer->value, - input_name_buffer->length); - tmp[input_name_buffer->length] = '\0'; - - ret = parse_krb5_name(minor_status, tmp, output_name); - free(tmp); - - return ret; -} - -static OM_uint32 -import_hostbased_name (OM_uint32 *minor_status, - const gss_buffer_t input_name_buffer, - gss_name_t *output_name) -{ - krb5_error_code kerr; - char *tmp; - char *p; - char *host; - char local_hostname[MAXHOSTNAMELEN]; - - *output_name = NULL; - - tmp = malloc (input_name_buffer->length + 1); - if (tmp == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - memcpy (tmp, - input_name_buffer->value, - input_name_buffer->length); - tmp[input_name_buffer->length] = '\0'; - - p = strchr (tmp, '@'); - if (p != NULL) { - *p = '\0'; - host = p + 1; - } else { - if (gethostname(local_hostname, sizeof(local_hostname)) < 0) { - *minor_status = errno; - free (tmp); - return GSS_S_FAILURE; - } - host = local_hostname; - } - - kerr = krb5_sname_to_principal (gssapi_krb5_context, - host, - tmp, - KRB5_NT_SRV_HST, - output_name); - free (tmp); - *minor_status = kerr; - if (kerr == 0) - return GSS_S_COMPLETE; - else if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED) { - gssapi_krb5_set_error_string (); - *minor_status = kerr; - return GSS_S_BAD_NAME; - } else { - gssapi_krb5_set_error_string (); - *minor_status = kerr; - return GSS_S_FAILURE; - } -} - -static OM_uint32 -import_export_name (OM_uint32 *minor_status, - const gss_buffer_t input_name_buffer, - gss_name_t *output_name) -{ - unsigned char *p; - uint32_t length; - OM_uint32 ret; - char *name; - - if (input_name_buffer->length < 10 + GSS_KRB5_MECHANISM->length) - return GSS_S_BAD_NAME; - - /* TOK, MECH_OID_LEN, DER(MECH_OID), NAME_LEN, NAME */ - - p = input_name_buffer->value; - - if (memcmp(&p[0], "\x04\x01\x00", 3) != 0 || - p[3] != GSS_KRB5_MECHANISM->length + 2 || - p[4] != 0x06 || - p[5] != GSS_KRB5_MECHANISM->length || - memcmp(&p[6], GSS_KRB5_MECHANISM->elements, - GSS_KRB5_MECHANISM->length) != 0) - return GSS_S_BAD_NAME; - - p += 6 + GSS_KRB5_MECHANISM->length; - - length = p[0] << 24 | p[1] << 16 | p[2] << 8 | p[3]; - p += 4; - - if (length > input_name_buffer->length - 10 - GSS_KRB5_MECHANISM->length) - return GSS_S_BAD_NAME; - - name = malloc(length + 1); - if (name == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - memcpy(name, p, length); - name[length] = '\0'; - - ret = parse_krb5_name(minor_status, name, output_name); - free(name); - - return ret; -} - -int -gss_oid_equal(const gss_OID a, const gss_OID b) -{ - if (a == b) - return 1; - else if (a == GSS_C_NO_OID || b == GSS_C_NO_OID || a->length != b->length) - return 0; - else - return memcmp(a->elements, b->elements, a->length) == 0; -} - -OM_uint32 gss_import_name - (OM_uint32 * minor_status, - const gss_buffer_t input_name_buffer, - const gss_OID input_name_type, - gss_name_t * output_name - ) -{ - GSSAPI_KRB5_INIT (); - - *minor_status = 0; - *output_name = GSS_C_NO_NAME; - - if (gss_oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE)) - return import_hostbased_name (minor_status, - input_name_buffer, - output_name); - else if (gss_oid_equal(input_name_type, GSS_C_NO_OID) - || gss_oid_equal(input_name_type, GSS_C_NT_USER_NAME) - || gss_oid_equal(input_name_type, GSS_KRB5_NT_PRINCIPAL_NAME)) - /* default printable syntax */ - return import_krb5_name (minor_status, - input_name_buffer, - output_name); - else if (gss_oid_equal(input_name_type, GSS_C_NT_EXPORT_NAME)) { - return import_export_name(minor_status, - input_name_buffer, - output_name); - } else { - *minor_status = 0; - return GSS_S_BAD_NAMETYPE; - } -} diff --git a/crypto/heimdal/lib/gssapi/import_sec_context.c b/crypto/heimdal/lib/gssapi/import_sec_context.c deleted file mode 100644 index 2daa573..0000000 --- a/crypto/heimdal/lib/gssapi/import_sec_context.c +++ /dev/null @@ -1,212 +0,0 @@ -/* - * Copyright (c) 1999 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: import_sec_context.c,v 1.7 2003/03/16 18:01:32 lha Exp $"); - -OM_uint32 -gss_import_sec_context ( - OM_uint32 * minor_status, - const gss_buffer_t interprocess_token, - gss_ctx_id_t * context_handle - ) -{ - OM_uint32 ret = GSS_S_FAILURE; - krb5_error_code kret; - krb5_storage *sp; - krb5_auth_context ac; - krb5_address local, remote; - krb5_address *localp, *remotep; - krb5_data data; - gss_buffer_desc buffer; - krb5_keyblock keyblock; - int32_t tmp; - int32_t flags; - OM_uint32 minor; - - GSSAPI_KRB5_INIT (); - - localp = remotep = NULL; - - sp = krb5_storage_from_mem (interprocess_token->value, - interprocess_token->length); - if (sp == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - *context_handle = malloc(sizeof(**context_handle)); - if (*context_handle == NULL) { - *minor_status = ENOMEM; - krb5_storage_free (sp); - return GSS_S_FAILURE; - } - memset (*context_handle, 0, sizeof(**context_handle)); - - kret = krb5_auth_con_init (gssapi_krb5_context, - &(*context_handle)->auth_context); - if (kret) { - gssapi_krb5_set_error_string (); - *minor_status = kret; - ret = GSS_S_FAILURE; - goto failure; - } - - /* flags */ - - *minor_status = 0; - - if (krb5_ret_int32 (sp, &flags) != 0) - goto failure; - - /* retrieve the auth context */ - - ac = (*context_handle)->auth_context; - krb5_ret_int32 (sp, &ac->flags); - if (flags & SC_LOCAL_ADDRESS) { - if (krb5_ret_address (sp, localp = &local) != 0) - goto failure; - } - - if (flags & SC_REMOTE_ADDRESS) { - if (krb5_ret_address (sp, remotep = &remote) != 0) - goto failure; - } - - krb5_auth_con_setaddrs (gssapi_krb5_context, ac, localp, remotep); - if (localp) - krb5_free_address (gssapi_krb5_context, localp); - if (remotep) - krb5_free_address (gssapi_krb5_context, remotep); - localp = remotep = NULL; - - if (krb5_ret_int16 (sp, &ac->local_port) != 0) - goto failure; - - if (krb5_ret_int16 (sp, &ac->remote_port) != 0) - goto failure; - if (flags & SC_KEYBLOCK) { - if (krb5_ret_keyblock (sp, &keyblock) != 0) - goto failure; - krb5_auth_con_setkey (gssapi_krb5_context, ac, &keyblock); - krb5_free_keyblock_contents (gssapi_krb5_context, &keyblock); - } - if (flags & SC_LOCAL_SUBKEY) { - if (krb5_ret_keyblock (sp, &keyblock) != 0) - goto failure; - krb5_auth_con_setlocalsubkey (gssapi_krb5_context, ac, &keyblock); - krb5_free_keyblock_contents (gssapi_krb5_context, &keyblock); - } - if (flags & SC_REMOTE_SUBKEY) { - if (krb5_ret_keyblock (sp, &keyblock) != 0) - goto failure; - krb5_auth_con_setremotesubkey (gssapi_krb5_context, ac, &keyblock); - krb5_free_keyblock_contents (gssapi_krb5_context, &keyblock); - } - if (krb5_ret_int32 (sp, &ac->local_seqnumber)) - goto failure; - if (krb5_ret_int32 (sp, &ac->remote_seqnumber)) - goto failure; - - if (krb5_ret_int32 (sp, &tmp) != 0) - goto failure; - ac->keytype = tmp; - if (krb5_ret_int32 (sp, &tmp) != 0) - goto failure; - ac->cksumtype = tmp; - - /* names */ - - if (krb5_ret_data (sp, &data)) - goto failure; - buffer.value = data.data; - buffer.length = data.length; - - ret = gss_import_name (minor_status, &buffer, GSS_C_NT_EXPORT_NAME, - &(*context_handle)->source); - if (ret) { - ret = gss_import_name (minor_status, &buffer, GSS_C_NO_OID, - &(*context_handle)->source); - if (ret) { - krb5_data_free (&data); - goto failure; - } - } - krb5_data_free (&data); - - if (krb5_ret_data (sp, &data) != 0) - goto failure; - buffer.value = data.data; - buffer.length = data.length; - - ret = gss_import_name (minor_status, &buffer, GSS_C_NT_EXPORT_NAME, - &(*context_handle)->target); - if (ret) { - ret = gss_import_name (minor_status, &buffer, GSS_C_NO_OID, - &(*context_handle)->target); - if (ret) { - krb5_data_free (&data); - goto failure; - } - } - krb5_data_free (&data); - - if (krb5_ret_int32 (sp, &tmp)) - goto failure; - (*context_handle)->flags = tmp; - if (krb5_ret_int32 (sp, &tmp)) - goto failure; - (*context_handle)->more_flags = tmp; - if (krb5_ret_int32 (sp, &tmp) == 0) - (*context_handle)->lifetime = tmp; - else - (*context_handle)->lifetime = GSS_C_INDEFINITE; - - return GSS_S_COMPLETE; - -failure: - krb5_auth_con_free (gssapi_krb5_context, - (*context_handle)->auth_context); - if ((*context_handle)->source != NULL) - gss_release_name(&minor, &(*context_handle)->source); - if ((*context_handle)->target != NULL) - gss_release_name(&minor, &(*context_handle)->target); - if (localp) - krb5_free_address (gssapi_krb5_context, localp); - if (remotep) - krb5_free_address (gssapi_krb5_context, remotep); - free (*context_handle); - *context_handle = GSS_C_NO_CONTEXT; - return ret; -} diff --git a/crypto/heimdal/lib/gssapi/indicate_mechs.c b/crypto/heimdal/lib/gssapi/indicate_mechs.c deleted file mode 100644 index 89191bb..0000000 --- a/crypto/heimdal/lib/gssapi/indicate_mechs.c +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: indicate_mechs.c,v 1.5 2003/03/16 17:38:20 lha Exp $"); - -OM_uint32 gss_indicate_mechs - (OM_uint32 * minor_status, - gss_OID_set * mech_set - ) -{ - OM_uint32 ret; - - ret = gss_create_empty_oid_set(minor_status, mech_set); - if (ret) - return ret; - - ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, mech_set); - if (ret) - return ret; - - *minor_status = 0; - return GSS_S_COMPLETE; -} diff --git a/crypto/heimdal/lib/gssapi/init.c b/crypto/heimdal/lib/gssapi/init.c deleted file mode 100644 index ddc0d70..0000000 --- a/crypto/heimdal/lib/gssapi/init.c +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: init.c,v 1.6 2001/08/13 13:14:07 joda Exp $"); - -krb5_error_code -gssapi_krb5_init (void) -{ - if(gssapi_krb5_context == NULL) - return krb5_init_context (&gssapi_krb5_context); - return 0; -} diff --git a/crypto/heimdal/lib/gssapi/init_sec_context.c b/crypto/heimdal/lib/gssapi/init_sec_context.c deleted file mode 100644 index 72286a3..0000000 --- a/crypto/heimdal/lib/gssapi/init_sec_context.c +++ /dev/null @@ -1,578 +0,0 @@ -/* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: init_sec_context.c,v 1.36.2.1 2003/08/15 14:21:18 lha Exp $"); - -/* - * copy the addresses from `input_chan_bindings' (if any) to - * the auth context `ac' - */ - -static OM_uint32 -set_addresses (krb5_auth_context ac, - const gss_channel_bindings_t input_chan_bindings) -{ - /* Port numbers are expected to be in application_data.value, - * initator's port first */ - - krb5_address initiator_addr, acceptor_addr; - krb5_error_code kret; - - if (input_chan_bindings == GSS_C_NO_CHANNEL_BINDINGS - || input_chan_bindings->application_data.length != - 2 * sizeof(ac->local_port)) - return 0; - - memset(&initiator_addr, 0, sizeof(initiator_addr)); - memset(&acceptor_addr, 0, sizeof(acceptor_addr)); - - ac->local_port = - *(int16_t *) input_chan_bindings->application_data.value; - - ac->remote_port = - *((int16_t *) input_chan_bindings->application_data.value + 1); - - kret = gss_address_to_krb5addr(input_chan_bindings->acceptor_addrtype, - &input_chan_bindings->acceptor_address, - ac->remote_port, - &acceptor_addr); - if (kret) - return kret; - - kret = gss_address_to_krb5addr(input_chan_bindings->initiator_addrtype, - &input_chan_bindings->initiator_address, - ac->local_port, - &initiator_addr); - if (kret) { - krb5_free_address (gssapi_krb5_context, &acceptor_addr); - return kret; - } - - kret = krb5_auth_con_setaddrs(gssapi_krb5_context, - ac, - &initiator_addr, /* local address */ - &acceptor_addr); /* remote address */ - - krb5_free_address (gssapi_krb5_context, &initiator_addr); - krb5_free_address (gssapi_krb5_context, &acceptor_addr); - -#if 0 - free(input_chan_bindings->application_data.value); - input_chan_bindings->application_data.value = NULL; - input_chan_bindings->application_data.length = 0; -#endif - - return kret; -} - -/* - * handle delegated creds in init-sec-context - */ - -static void -do_delegation (krb5_auth_context ac, - krb5_ccache ccache, - krb5_creds *cred, - const gss_name_t target_name, - krb5_data *fwd_data, - int *flags) -{ - krb5_creds creds; - krb5_kdc_flags fwd_flags; - krb5_error_code kret; - - memset (&creds, 0, sizeof(creds)); - krb5_data_zero (fwd_data); - - kret = krb5_cc_get_principal(gssapi_krb5_context, ccache, &creds.client); - if (kret) - goto out; - - kret = krb5_build_principal(gssapi_krb5_context, - &creds.server, - strlen(creds.client->realm), - creds.client->realm, - KRB5_TGS_NAME, - creds.client->realm, - NULL); - if (kret) - goto out; - - creds.times.endtime = 0; - - fwd_flags.i = 0; - fwd_flags.b.forwarded = 1; - fwd_flags.b.forwardable = 1; - - if ( /*target_name->name.name_type != KRB5_NT_SRV_HST ||*/ - target_name->name.name_string.len < 2) - goto out; - - kret = krb5_get_forwarded_creds(gssapi_krb5_context, - ac, - ccache, - fwd_flags.i, - target_name->name.name_string.val[1], - &creds, - fwd_data); - - out: - if (kret) - *flags &= ~GSS_C_DELEG_FLAG; - else - *flags |= GSS_C_DELEG_FLAG; - - if (creds.client) - krb5_free_principal(gssapi_krb5_context, creds.client); - if (creds.server) - krb5_free_principal(gssapi_krb5_context, creds.server); -} - -/* - * first stage of init-sec-context - */ - -static OM_uint32 -init_auth -(OM_uint32 * minor_status, - const gss_cred_id_t initiator_cred_handle, - gss_ctx_id_t * context_handle, - const gss_name_t target_name, - const gss_OID mech_type, - OM_uint32 req_flags, - OM_uint32 time_req, - const gss_channel_bindings_t input_chan_bindings, - const gss_buffer_t input_token, - gss_OID * actual_mech_type, - gss_buffer_t output_token, - OM_uint32 * ret_flags, - OM_uint32 * time_rec - ) -{ - OM_uint32 ret = GSS_S_FAILURE; - krb5_error_code kret; - krb5_flags ap_options; - krb5_creds this_cred, *cred; - krb5_data outbuf; - krb5_ccache ccache; - u_int32_t flags; - Authenticator *auth; - krb5_data authenticator; - Checksum cksum; - krb5_enctype enctype; - krb5_data fwd_data; - OM_uint32 lifetime_rec; - - krb5_data_zero(&outbuf); - krb5_data_zero(&fwd_data); - - *minor_status = 0; - - *context_handle = malloc(sizeof(**context_handle)); - if (*context_handle == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - (*context_handle)->auth_context = NULL; - (*context_handle)->source = NULL; - (*context_handle)->target = NULL; - (*context_handle)->flags = 0; - (*context_handle)->more_flags = 0; - (*context_handle)->ticket = NULL; - (*context_handle)->lifetime = GSS_C_INDEFINITE; - - kret = krb5_auth_con_init (gssapi_krb5_context, - &(*context_handle)->auth_context); - if (kret) { - gssapi_krb5_set_error_string (); - *minor_status = kret; - ret = GSS_S_FAILURE; - goto failure; - } - - kret = set_addresses ((*context_handle)->auth_context, - input_chan_bindings); - if (kret) { - *minor_status = kret; - ret = GSS_S_BAD_BINDINGS; - goto failure; - } - - { - int32_t tmp; - - krb5_auth_con_getflags(gssapi_krb5_context, - (*context_handle)->auth_context, - &tmp); - tmp |= KRB5_AUTH_CONTEXT_DO_SEQUENCE; - krb5_auth_con_setflags(gssapi_krb5_context, - (*context_handle)->auth_context, - tmp); - } - - if (actual_mech_type) - *actual_mech_type = GSS_KRB5_MECHANISM; - - if (initiator_cred_handle == GSS_C_NO_CREDENTIAL) { - kret = krb5_cc_default (gssapi_krb5_context, &ccache); - if (kret) { - gssapi_krb5_set_error_string (); - *minor_status = kret; - ret = GSS_S_FAILURE; - goto failure; - } - } else - ccache = initiator_cred_handle->ccache; - - kret = krb5_cc_get_principal (gssapi_krb5_context, - ccache, - &(*context_handle)->source); - if (kret) { - gssapi_krb5_set_error_string (); - *minor_status = kret; - ret = GSS_S_FAILURE; - goto failure; - } - - kret = krb5_copy_principal (gssapi_krb5_context, - target_name, - &(*context_handle)->target); - if (kret) { - gssapi_krb5_set_error_string (); - *minor_status = kret; - ret = GSS_S_FAILURE; - goto failure; - } - - ret = _gss_DES3_get_mic_compat(minor_status, *context_handle); - if (ret) - goto failure; - - - memset(&this_cred, 0, sizeof(this_cred)); - this_cred.client = (*context_handle)->source; - this_cred.server = (*context_handle)->target; - if (time_req && time_req != GSS_C_INDEFINITE) { - krb5_timestamp ts; - - krb5_timeofday (gssapi_krb5_context, &ts); - this_cred.times.endtime = ts + time_req; - } else - this_cred.times.endtime = 0; - this_cred.session.keytype = 0; - - kret = krb5_get_credentials (gssapi_krb5_context, - KRB5_TC_MATCH_KEYTYPE, - ccache, - &this_cred, - &cred); - - if (kret) { - gssapi_krb5_set_error_string (); - *minor_status = kret; - ret = GSS_S_FAILURE; - goto failure; - } - - (*context_handle)->lifetime = cred->times.endtime; - - ret = gssapi_lifetime_left(minor_status, - (*context_handle)->lifetime, - &lifetime_rec); - if (ret) { - goto failure; - } - - if (lifetime_rec == 0) { - *minor_status = 0; - ret = GSS_S_CONTEXT_EXPIRED; - goto failure; - } - - krb5_auth_con_setkey(gssapi_krb5_context, - (*context_handle)->auth_context, - &cred->session); - - kret = krb5_auth_con_generatelocalsubkey(gssapi_krb5_context, - (*context_handle)->auth_context, - &cred->session); - if(kret) { - gssapi_krb5_set_error_string (); - *minor_status = kret; - ret = GSS_S_FAILURE; - goto failure; - } - - flags = 0; - ap_options = 0; - if (req_flags & GSS_C_DELEG_FLAG) - do_delegation ((*context_handle)->auth_context, - ccache, cred, target_name, &fwd_data, &flags); - - if (req_flags & GSS_C_MUTUAL_FLAG) { - flags |= GSS_C_MUTUAL_FLAG; - ap_options |= AP_OPTS_MUTUAL_REQUIRED; - } - - if (req_flags & GSS_C_REPLAY_FLAG) - ; /* XXX */ - if (req_flags & GSS_C_SEQUENCE_FLAG) - ; /* XXX */ - if (req_flags & GSS_C_ANON_FLAG) - ; /* XXX */ - flags |= GSS_C_CONF_FLAG; - flags |= GSS_C_INTEG_FLAG; - flags |= GSS_C_SEQUENCE_FLAG; - flags |= GSS_C_TRANS_FLAG; - - if (ret_flags) - *ret_flags = flags; - (*context_handle)->flags = flags; - (*context_handle)->more_flags |= LOCAL; - - ret = gssapi_krb5_create_8003_checksum (minor_status, - input_chan_bindings, - flags, - &fwd_data, - &cksum); - krb5_data_free (&fwd_data); - if (ret) - goto failure; - -#if 1 - enctype = (*context_handle)->auth_context->keyblock->keytype; -#else - if ((*context_handle)->auth_context->enctype) - enctype = (*context_handle)->auth_context->enctype; - else { - kret = krb5_keytype_to_enctype(gssapi_krb5_context, - (*context_handle)->auth_context->keyblock->keytype, - &enctype); - if (kret) - return kret; - } -#endif - - kret = krb5_build_authenticator (gssapi_krb5_context, - (*context_handle)->auth_context, - enctype, - cred, - &cksum, - &auth, - &authenticator, - KRB5_KU_AP_REQ_AUTH); - - if (kret) { - gssapi_krb5_set_error_string (); - *minor_status = kret; - ret = GSS_S_FAILURE; - goto failure; - } - - kret = krb5_build_ap_req (gssapi_krb5_context, - enctype, - cred, - ap_options, - authenticator, - &outbuf); - - if (kret) { - gssapi_krb5_set_error_string (); - *minor_status = kret; - ret = GSS_S_FAILURE; - goto failure; - } - - ret = gssapi_krb5_encapsulate (minor_status, &outbuf, output_token, - "\x01\x00"); - if (ret) - goto failure; - - krb5_data_free (&outbuf); - - if (flags & GSS_C_MUTUAL_FLAG) { - return GSS_S_CONTINUE_NEEDED; - } else { - if (time_rec) - *time_rec = lifetime_rec; - - (*context_handle)->more_flags |= OPEN; - return GSS_S_COMPLETE; - } - - failure: - krb5_auth_con_free (gssapi_krb5_context, - (*context_handle)->auth_context); - if((*context_handle)->source) - krb5_free_principal (gssapi_krb5_context, - (*context_handle)->source); - if((*context_handle)->target) - krb5_free_principal (gssapi_krb5_context, - (*context_handle)->target); - free (*context_handle); - krb5_data_free (&outbuf); - *context_handle = GSS_C_NO_CONTEXT; - return ret; -} - -static OM_uint32 -repl_mutual - (OM_uint32 * minor_status, - const gss_cred_id_t initiator_cred_handle, - gss_ctx_id_t * context_handle, - const gss_name_t target_name, - const gss_OID mech_type, - OM_uint32 req_flags, - OM_uint32 time_req, - const gss_channel_bindings_t input_chan_bindings, - const gss_buffer_t input_token, - gss_OID * actual_mech_type, - gss_buffer_t output_token, - OM_uint32 * ret_flags, - OM_uint32 * time_rec - ) -{ - OM_uint32 ret; - krb5_error_code kret; - krb5_data indata; - krb5_ap_rep_enc_part *repl; - - output_token->length = 0; - output_token->value = NULL; - - if (actual_mech_type) - *actual_mech_type = GSS_KRB5_MECHANISM; - - ret = gssapi_krb5_decapsulate (minor_status, input_token, &indata, - "\x02\x00"); - if (ret) - /* XXX - Handle AP_ERROR */ - return ret; - - kret = krb5_rd_rep (gssapi_krb5_context, - (*context_handle)->auth_context, - &indata, - &repl); - if (kret) { - gssapi_krb5_set_error_string (); - *minor_status = kret; - return GSS_S_FAILURE; - } - krb5_free_ap_rep_enc_part (gssapi_krb5_context, - repl); - - (*context_handle)->more_flags |= OPEN; - - *minor_status = 0; - if (time_rec) { - ret = gssapi_lifetime_left(minor_status, - (*context_handle)->lifetime, - time_rec); - } else { - ret = GSS_S_COMPLETE; - } - if (ret_flags) - *ret_flags = (*context_handle)->flags; - - return ret; -} - -/* - * gss_init_sec_context - */ - -OM_uint32 gss_init_sec_context - (OM_uint32 * minor_status, - const gss_cred_id_t initiator_cred_handle, - gss_ctx_id_t * context_handle, - const gss_name_t target_name, - const gss_OID mech_type, - OM_uint32 req_flags, - OM_uint32 time_req, - const gss_channel_bindings_t input_chan_bindings, - const gss_buffer_t input_token, - gss_OID * actual_mech_type, - gss_buffer_t output_token, - OM_uint32 * ret_flags, - OM_uint32 * time_rec - ) -{ - GSSAPI_KRB5_INIT (); - - output_token->length = 0; - output_token->value = NULL; - - if (ret_flags) - *ret_flags = 0; - if (time_rec) - *time_rec = 0; - - if (target_name == GSS_C_NO_NAME) { - if (actual_mech_type) - *actual_mech_type = GSS_C_NO_OID; - *minor_status = 0; - return GSS_S_BAD_NAME; - } - - if (input_token == GSS_C_NO_BUFFER || input_token->length == 0) - return init_auth (minor_status, - initiator_cred_handle, - context_handle, - target_name, - mech_type, - req_flags, - time_req, - input_chan_bindings, - input_token, - actual_mech_type, - output_token, - ret_flags, - time_rec); - else - return repl_mutual(minor_status, - initiator_cred_handle, - context_handle, - target_name, - mech_type, - req_flags, - time_req, - input_chan_bindings, - input_token, - actual_mech_type, - output_token, - ret_flags, - time_rec); -} diff --git a/crypto/heimdal/lib/gssapi/inquire_context.c b/crypto/heimdal/lib/gssapi/inquire_context.c deleted file mode 100644 index 95cd2c5..0000000 --- a/crypto/heimdal/lib/gssapi/inquire_context.c +++ /dev/null @@ -1,85 +0,0 @@ -/* - * Copyright (c) 1997, 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: inquire_context.c,v 1.5 2003/03/16 17:43:30 lha Exp $"); - -OM_uint32 gss_inquire_context ( - OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - gss_name_t * src_name, - gss_name_t * targ_name, - OM_uint32 * lifetime_rec, - gss_OID * mech_type, - OM_uint32 * ctx_flags, - int * locally_initiated, - int * open_context - ) -{ - OM_uint32 ret; - - if (src_name) { - ret = gss_duplicate_name (minor_status, - context_handle->source, - src_name); - if (ret) - return ret; - } - - if (targ_name) { - ret = gss_duplicate_name (minor_status, - context_handle->target, - targ_name); - if (ret) - return ret; - } - - if (lifetime_rec) - *lifetime_rec = context_handle->lifetime; - - if (mech_type) - *mech_type = GSS_KRB5_MECHANISM; - - if (ctx_flags) - *ctx_flags = context_handle->flags; - - if (locally_initiated) - *locally_initiated = context_handle->more_flags & LOCAL; - - if (open_context) - *open_context = context_handle->more_flags & OPEN; - - *minor_status = 0; - return GSS_S_COMPLETE; -} diff --git a/crypto/heimdal/lib/gssapi/inquire_cred.c b/crypto/heimdal/lib/gssapi/inquire_cred.c deleted file mode 100644 index 4938d56..0000000 --- a/crypto/heimdal/lib/gssapi/inquire_cred.c +++ /dev/null @@ -1,97 +0,0 @@ -/* - * Copyright (c) 1997, 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: inquire_cred.c,v 1.4 2003/03/16 17:42:14 lha Exp $"); - -OM_uint32 gss_inquire_cred - (OM_uint32 * minor_status, - const gss_cred_id_t cred_handle, - gss_name_t * name, - OM_uint32 * lifetime, - gss_cred_usage_t * cred_usage, - gss_OID_set * mechanisms - ) -{ - OM_uint32 ret; - - *minor_status = 0; - - if (name) - *name = NULL; - if (mechanisms) - *mechanisms = GSS_C_NO_OID_SET; - - if (cred_handle == GSS_C_NO_CREDENTIAL) { - return GSS_S_FAILURE; - } - - if (name != NULL) { - if (cred_handle->principal != NULL) { - ret = gss_duplicate_name(minor_status, cred_handle->principal, - name); - if (ret) - return ret; - } else if (cred_handle->usage == GSS_C_ACCEPT) { - *minor_status = krb5_sname_to_principal(gssapi_krb5_context, NULL, - NULL, KRB5_NT_SRV_HST, name); - if (*minor_status) - return GSS_S_FAILURE; - } else { - *minor_status = krb5_get_default_principal(gssapi_krb5_context, - name); - if (*minor_status) - return GSS_S_FAILURE; - } - } - if (lifetime != NULL) { - *lifetime = cred_handle->lifetime; - } - if (cred_usage != NULL) { - *cred_usage = cred_handle->usage; - } - if (mechanisms != NULL) { - ret = gss_create_empty_oid_set(minor_status, mechanisms); - if (ret) { - return ret; - } - ret = gss_add_oid_set_member(minor_status, - &cred_handle->mechanisms->elements[0], - mechanisms); - if (ret) { - return ret; - } - } - return GSS_S_COMPLETE; -} diff --git a/crypto/heimdal/lib/gssapi/inquire_cred_by_mech.c b/crypto/heimdal/lib/gssapi/inquire_cred_by_mech.c deleted file mode 100644 index b09d1e1..0000000 --- a/crypto/heimdal/lib/gssapi/inquire_cred_by_mech.c +++ /dev/null @@ -1,80 +0,0 @@ -/* - * Copyright (c) 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: inquire_cred_by_mech.c,v 1.1 2003/03/16 18:11:16 lha Exp $"); - -OM_uint32 gss_inquire_cred_by_mech ( - OM_uint32 * minor_status, - const gss_cred_id_t cred_handle, - const gss_OID mech_type, - gss_name_t * name, - OM_uint32 * initiator_lifetime, - OM_uint32 * acceptor_lifetime, - gss_cred_usage_t * cred_usage - ) -{ - OM_uint32 ret; - OM_uint32 lifetime; - - if (gss_oid_equal(mech_type, GSS_C_NO_OID) == 0 && - gss_oid_equal(mech_type, GSS_KRB5_MECHANISM) == 0) { - *minor_status = EINVAL; - return GSS_S_BAD_MECH; - } - - ret = gss_inquire_cred (minor_status, - cred_handle, - name, - &lifetime, - cred_usage, - NULL); - - if (ret == 0 && cred_handle != GSS_C_NO_CREDENTIAL) { - gss_cred_usage_t usage; - - usage = cred_handle->usage; - - if (initiator_lifetime) { - if (usage == GSS_C_INITIATE || usage == GSS_C_BOTH) - *initiator_lifetime = lifetime; - } - if (acceptor_lifetime) { - if (usage == GSS_C_ACCEPT || usage == GSS_C_BOTH) - *acceptor_lifetime = lifetime; - } - } - - return ret; -} diff --git a/crypto/heimdal/lib/gssapi/inquire_mechs_for_name.c b/crypto/heimdal/lib/gssapi/inquire_mechs_for_name.c deleted file mode 100644 index 67ebb04..0000000 --- a/crypto/heimdal/lib/gssapi/inquire_mechs_for_name.c +++ /dev/null @@ -1,57 +0,0 @@ -/* - * Copyright (c) 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: inquire_mechs_for_name.c,v 1.1 2003/03/16 18:12:33 lha Exp $"); - -OM_uint32 gss_inquire_mechs_for_name ( - OM_uint32 * minor_status, - const gss_name_t input_name, - gss_OID_set * mech_types - ) -{ - OM_uint32 ret; - - ret = gss_create_empty_oid_set(minor_status, mech_types); - if (ret) - return ret; - - ret = gss_add_oid_set_member(minor_status, - GSS_KRB5_MECHANISM, - mech_types); - if (ret) - gss_release_oid_set(NULL, mech_types); - - return ret; -} diff --git a/crypto/heimdal/lib/gssapi/inquire_names_for_mech.c b/crypto/heimdal/lib/gssapi/inquire_names_for_mech.c deleted file mode 100644 index 0e93de6..0000000 --- a/crypto/heimdal/lib/gssapi/inquire_names_for_mech.c +++ /dev/null @@ -1,80 +0,0 @@ -/* - * Copyright (c) 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: inquire_names_for_mech.c,v 1.1 2003/03/16 18:15:29 lha Exp $"); - - -static gss_OID *name_list[] = { - &GSS_C_NT_HOSTBASED_SERVICE, - &GSS_C_NT_USER_NAME, - &GSS_KRB5_NT_PRINCIPAL_NAME, - &GSS_C_NT_EXPORT_NAME, - NULL -}; - -OM_uint32 gss_inquire_names_for_mech ( - OM_uint32 * minor_status, - const gss_OID mechanism, - gss_OID_set * name_types - ) -{ - OM_uint32 ret; - int i; - - *minor_status = 0; - - if (gss_oid_equal(mechanism, GSS_KRB5_MECHANISM) == 0 && - gss_oid_equal(mechanism, GSS_C_NULL_OID) == 0) { - *name_types = GSS_C_NO_OID_SET; - return GSS_S_BAD_MECH; - } - - ret = gss_create_empty_oid_set(minor_status, name_types); - if (ret != GSS_S_COMPLETE) - return ret; - - for (i = 0; name_list[i] != NULL; i++) { - ret = gss_add_oid_set_member(minor_status, - *(name_list[i]), - name_types); - if (ret != GSS_S_COMPLETE) - break; - } - - if (ret != GSS_S_COMPLETE) - gss_release_oid_set(NULL, name_types); - - return GSS_S_COMPLETE; -} diff --git a/crypto/heimdal/lib/gssapi/process_context_token.c b/crypto/heimdal/lib/gssapi/process_context_token.c deleted file mode 100644 index 0cec33c..0000000 --- a/crypto/heimdal/lib/gssapi/process_context_token.c +++ /dev/null @@ -1,65 +0,0 @@ -/* - * Copyright (c) 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: process_context_token.c,v 1.1 2003/03/16 18:19:05 lha Exp $"); - -OM_uint32 gss_process_context_token ( - OM_uint32 *minor_status, - const gss_ctx_id_t context_handle, - const gss_buffer_t token_buffer - ) -{ - OM_uint32 ret = GSS_S_FAILURE; - gss_buffer_desc empty_buffer; - gss_qop_t qop_state; - - empty_buffer.length = 0; - empty_buffer.value = NULL; - - qop_state = GSS_C_QOP_DEFAULT; - - ret = gss_verify_mic_internal(minor_status, context_handle, - token_buffer, &empty_buffer, - GSS_C_QOP_DEFAULT, "\x01\x02"); - - if (ret == GSS_S_COMPLETE) - ret = gss_delete_sec_context(minor_status, - (gss_ctx_id_t *)&context_handle, - GSS_C_NO_BUFFER); - if (ret == GSS_S_COMPLETE) - *minor_status = 0; - - return ret; -} diff --git a/crypto/heimdal/lib/gssapi/release_buffer.c b/crypto/heimdal/lib/gssapi/release_buffer.c deleted file mode 100644 index 258b76f..0000000 --- a/crypto/heimdal/lib/gssapi/release_buffer.c +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Copyright (c) 1997 - 2000, 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: release_buffer.c,v 1.5 2003/03/16 17:58:20 lha Exp $"); - -OM_uint32 gss_release_buffer - (OM_uint32 * minor_status, - gss_buffer_t buffer - ) -{ - *minor_status = 0; - free (buffer->value); - buffer->value = NULL; - buffer->length = 0; - return GSS_S_COMPLETE; -} diff --git a/crypto/heimdal/lib/gssapi/release_cred.c b/crypto/heimdal/lib/gssapi/release_cred.c deleted file mode 100644 index 01cbb6a..0000000 --- a/crypto/heimdal/lib/gssapi/release_cred.c +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: release_cred.c,v 1.8.2.1 2003/10/07 01:08:21 lha Exp $"); - -OM_uint32 gss_release_cred - (OM_uint32 * minor_status, - gss_cred_id_t * cred_handle - ) -{ - *minor_status = 0; - - if (*cred_handle == GSS_C_NO_CREDENTIAL) { - return GSS_S_COMPLETE; - } - - GSSAPI_KRB5_INIT (); - - if ((*cred_handle)->principal != NULL) - krb5_free_principal(gssapi_krb5_context, (*cred_handle)->principal); - if ((*cred_handle)->keytab != NULL) - krb5_kt_close(gssapi_krb5_context, (*cred_handle)->keytab); - if ((*cred_handle)->ccache != NULL) { - const krb5_cc_ops *ops; - ops = krb5_cc_get_ops(gssapi_krb5_context, (*cred_handle)->ccache); - if (ops == &krb5_mcc_ops) - krb5_cc_destroy(gssapi_krb5_context, (*cred_handle)->ccache); - else - krb5_cc_close(gssapi_krb5_context, (*cred_handle)->ccache); - } - gss_release_oid_set(NULL, &(*cred_handle)->mechanisms); - free(*cred_handle); - *cred_handle = GSS_C_NO_CREDENTIAL; - return GSS_S_COMPLETE; -} - diff --git a/crypto/heimdal/lib/gssapi/release_name.c b/crypto/heimdal/lib/gssapi/release_name.c deleted file mode 100644 index 6894ffa..0000000 --- a/crypto/heimdal/lib/gssapi/release_name.c +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: release_name.c,v 1.7 2003/03/16 17:52:48 lha Exp $"); - -OM_uint32 gss_release_name - (OM_uint32 * minor_status, - gss_name_t * input_name - ) -{ - GSSAPI_KRB5_INIT (); - if (minor_status) - *minor_status = 0; - krb5_free_principal(gssapi_krb5_context, - *input_name); - *input_name = GSS_C_NO_NAME; - return GSS_S_COMPLETE; -} diff --git a/crypto/heimdal/lib/gssapi/release_oid_set.c b/crypto/heimdal/lib/gssapi/release_oid_set.c deleted file mode 100644 index 04eb015..0000000 --- a/crypto/heimdal/lib/gssapi/release_oid_set.c +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright (c) 1997 - 2000, 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: release_oid_set.c,v 1.5 2003/03/16 17:53:25 lha Exp $"); - -OM_uint32 gss_release_oid_set - (OM_uint32 * minor_status, - gss_OID_set * set - ) -{ - if (minor_status) - *minor_status = 0; - free ((*set)->elements); - free (*set); - *set = GSS_C_NO_OID_SET; - return GSS_S_COMPLETE; -} diff --git a/crypto/heimdal/lib/gssapi/spnego/accept_sec_context.c b/crypto/heimdal/lib/gssapi/spnego/accept_sec_context.c index 1afe26f..34e58a3 100644 --- a/crypto/heimdal/lib/gssapi/spnego/accept_sec_context.c +++ b/crypto/heimdal/lib/gssapi/spnego/accept_sec_context.c @@ -34,6 +34,7 @@ #include "spnego/spnego_locl.h" RCSID("$Id: accept_sec_context.c 21461 2007-07-10 14:01:13Z lha $"); +/* $FreeBSD$ */ static OM_uint32 send_reject (OM_uint32 *minor_status, @@ -376,6 +377,9 @@ select_mech(OM_uint32 *minor_status, MechType *mechType, int verify_p, char mechbuf[64]; size_t mech_len; gss_OID_desc oid; + gss_OID oidp; + gss_OID_set mechs; + int i; OM_uint32 ret, junk; ret = der_put_oid ((unsigned char *)mechbuf + sizeof(mechbuf) - 1, @@ -396,27 +400,29 @@ select_mech(OM_uint32 *minor_status, MechType *mechType, int verify_p, *minor_status = 0; /* Translate broken MS Kebreros OID */ - if (gss_oid_equal(&oid, &_gss_spnego_mskrb_mechanism_oid_desc)) { - gssapi_mech_interface mech; + if (gss_oid_equal(&oid, &_gss_spnego_mskrb_mechanism_oid_desc)) + oidp = &_gss_spnego_krb5_mechanism_oid_desc; + else + oidp = &oid; - mech = __gss_get_mechanism(&_gss_spnego_krb5_mechanism_oid_desc); - if (mech == NULL) - return GSS_S_BAD_MECH; - ret = gss_duplicate_oid(minor_status, - &_gss_spnego_mskrb_mechanism_oid_desc, - mech_p); - } else { - gssapi_mech_interface mech; + ret = gss_indicate_mechs(&junk, &mechs); + if (ret) + return (ret); - mech = __gss_get_mechanism(&oid); - if (mech == NULL) - return GSS_S_BAD_MECH; + for (i = 0; i < mechs->count; i++) + if (gss_oid_equal(&mechs->elements[i], oidp)) + break; - ret = gss_duplicate_oid(minor_status, - &mech->gm_mech_oid, - mech_p); + if (i == mechs->count) { + gss_release_oid_set(&junk, &mechs); + return GSS_S_BAD_MECH; } + gss_release_oid_set(&junk, &mechs); + + ret = gss_duplicate_oid(minor_status, + &oid, /* possibly this should be oidp */ + mech_p); if (verify_p) { gss_name_t name = GSS_C_NO_NAME; diff --git a/crypto/heimdal/lib/gssapi/spnego/spnego_locl.h b/crypto/heimdal/lib/gssapi/spnego/spnego_locl.h index 44b2468..1ec1704 100644 --- a/crypto/heimdal/lib/gssapi/spnego/spnego_locl.h +++ b/crypto/heimdal/lib/gssapi/spnego/spnego_locl.h @@ -31,6 +31,7 @@ */ /* $Id: spnego_locl.h 19411 2006-12-18 15:42:03Z lha $ */ +/* $FreeBSD$ */ #ifndef SPNEGO_LOCL_H #define SPNEGO_LOCL_H @@ -67,7 +68,6 @@ #include #include "spnego_asn1.h" -#include "mech/utils.h" #include #include diff --git a/crypto/heimdal/lib/gssapi/test_oid_set_member.c b/crypto/heimdal/lib/gssapi/test_oid_set_member.c deleted file mode 100644 index e747c5a..0000000 --- a/crypto/heimdal/lib/gssapi/test_oid_set_member.c +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Copyright (c) 1997, 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: test_oid_set_member.c,v 1.5 2003/03/16 17:54:06 lha Exp $"); - -OM_uint32 gss_test_oid_set_member ( - OM_uint32 * minor_status, - const gss_OID member, - const gss_OID_set set, - int * present - ) -{ - size_t i; - - *minor_status = 0; - *present = 0; - for (i = 0; i < set->count; ++i) - if (gss_oid_equal(member, &set->elements[i]) != 0) { - *present = 1; - break; - } - return GSS_S_COMPLETE; -} diff --git a/crypto/heimdal/lib/gssapi/unwrap.c b/crypto/heimdal/lib/gssapi/unwrap.c deleted file mode 100644 index b798438..0000000 --- a/crypto/heimdal/lib/gssapi/unwrap.c +++ /dev/null @@ -1,422 +0,0 @@ -/* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: unwrap.c,v 1.22.2.1 2003/09/18 22:05:22 lha Exp $"); - -OM_uint32 -gss_krb5_get_remotekey(const gss_ctx_id_t context_handle, - krb5_keyblock **key) -{ - krb5_keyblock *skey; - - krb5_auth_con_getremotesubkey(gssapi_krb5_context, - context_handle->auth_context, - &skey); - if(skey == NULL) - krb5_auth_con_getlocalsubkey(gssapi_krb5_context, - context_handle->auth_context, - &skey); - if(skey == NULL) - krb5_auth_con_getkey(gssapi_krb5_context, - context_handle->auth_context, - &skey); - if(skey == NULL) - return GSS_KRB5_S_KG_NO_SUBKEY; /* XXX */ - *key = skey; - return 0; -} - -static OM_uint32 -unwrap_des - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - const gss_buffer_t input_message_buffer, - gss_buffer_t output_message_buffer, - int * conf_state, - gss_qop_t * qop_state, - krb5_keyblock *key - ) -{ - u_char *p, *pad; - size_t len; - MD5_CTX md5; - u_char hash[16], seq_data[8]; - des_key_schedule schedule; - des_cblock deskey; - des_cblock zero; - int i; - int32_t seq_number; - size_t padlength; - OM_uint32 ret; - int cstate; - - p = input_message_buffer->value; - ret = gssapi_krb5_verify_header (&p, - input_message_buffer->length, - "\x02\x01"); - if (ret) - return ret; - - if (memcmp (p, "\x00\x00", 2) != 0) - return GSS_S_BAD_SIG; - p += 2; - if (memcmp (p, "\x00\x00", 2) == 0) { - cstate = 1; - } else if (memcmp (p, "\xFF\xFF", 2) == 0) { - cstate = 0; - } else - return GSS_S_BAD_MIC; - p += 2; - if(conf_state != NULL) - *conf_state = cstate; - if (memcmp (p, "\xff\xff", 2) != 0) - return GSS_S_DEFECTIVE_TOKEN; - p += 2; - p += 16; - - len = p - (u_char *)input_message_buffer->value; - - if(cstate) { - /* decrypt data */ - memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); - - for (i = 0; i < sizeof(deskey); ++i) - deskey[i] ^= 0xf0; - des_set_key (&deskey, schedule); - memset (&zero, 0, sizeof(zero)); - des_cbc_encrypt ((void *)p, - (void *)p, - input_message_buffer->length - len, - schedule, - &zero, - DES_DECRYPT); - - memset (deskey, 0, sizeof(deskey)); - memset (schedule, 0, sizeof(schedule)); - } - /* check pad */ - - pad = (u_char *)input_message_buffer->value + input_message_buffer->length - 1; - padlength = *pad; - - for (i = padlength; i > 0 && *pad == padlength; i--, pad--) - ; - if (i != 0) - return GSS_S_BAD_MIC; - - MD5_Init (&md5); - MD5_Update (&md5, p - 24, 8); - MD5_Update (&md5, p, input_message_buffer->length - len); - MD5_Final (hash, &md5); - - memset (&zero, 0, sizeof(zero)); - memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); - des_set_key (&deskey, schedule); - des_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash), - schedule, &zero); - if (memcmp (p - 8, hash, 8) != 0) - return GSS_S_BAD_MIC; - - /* verify sequence number */ - - krb5_auth_getremoteseqnumber (gssapi_krb5_context, - context_handle->auth_context, - &seq_number); - seq_data[0] = (seq_number >> 0) & 0xFF; - seq_data[1] = (seq_number >> 8) & 0xFF; - seq_data[2] = (seq_number >> 16) & 0xFF; - seq_data[3] = (seq_number >> 24) & 0xFF; - memset (seq_data + 4, - (context_handle->more_flags & LOCAL) ? 0xFF : 0, - 4); - - p -= 16; - des_set_key (&deskey, schedule); - des_cbc_encrypt ((void *)p, (void *)p, 8, - schedule, (des_cblock *)hash, DES_DECRYPT); - - memset (deskey, 0, sizeof(deskey)); - memset (schedule, 0, sizeof(schedule)); - - if (memcmp (p, seq_data, 8) != 0) { - return GSS_S_BAD_MIC; - } - - krb5_auth_con_setremoteseqnumber (gssapi_krb5_context, - context_handle->auth_context, - ++seq_number); - - /* copy out data */ - - output_message_buffer->length = input_message_buffer->length - - len - padlength - 8; - output_message_buffer->value = malloc(output_message_buffer->length); - if(output_message_buffer->length != 0 && output_message_buffer->value == NULL) - return GSS_S_FAILURE; - memcpy (output_message_buffer->value, - p + 24, - output_message_buffer->length); - return GSS_S_COMPLETE; -} - -static OM_uint32 -unwrap_des3 - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - const gss_buffer_t input_message_buffer, - gss_buffer_t output_message_buffer, - int * conf_state, - gss_qop_t * qop_state, - krb5_keyblock *key - ) -{ - u_char *p, *pad; - size_t len; - u_char seq[8]; - krb5_data seq_data; - u_char cksum[20]; - int i; - int32_t seq_number; - size_t padlength; - OM_uint32 ret; - int cstate; - krb5_crypto crypto; - Checksum csum; - int cmp; - - p = input_message_buffer->value; - ret = gssapi_krb5_verify_header (&p, - input_message_buffer->length, - "\x02\x01"); - if (ret) - return ret; - - if (memcmp (p, "\x04\x00", 2) != 0) /* HMAC SHA1 DES3_KD */ - return GSS_S_BAD_SIG; - p += 2; - if (memcmp (p, "\x02\x00", 2) == 0) { - cstate = 1; - } else if (memcmp (p, "\xff\xff", 2) == 0) { - cstate = 0; - } else - return GSS_S_BAD_MIC; - p += 2; - if(conf_state != NULL) - *conf_state = cstate; - if (memcmp (p, "\xff\xff", 2) != 0) - return GSS_S_DEFECTIVE_TOKEN; - p += 2; - p += 28; - - len = p - (u_char *)input_message_buffer->value; - - if(cstate) { - /* decrypt data */ - krb5_data tmp; - - ret = krb5_crypto_init(gssapi_krb5_context, key, - ETYPE_DES3_CBC_NONE, &crypto); - if (ret) { - gssapi_krb5_set_error_string (); - *minor_status = ret; - return GSS_S_FAILURE; - } - ret = krb5_decrypt(gssapi_krb5_context, crypto, KRB5_KU_USAGE_SEAL, - p, input_message_buffer->length - len, &tmp); - krb5_crypto_destroy(gssapi_krb5_context, crypto); - if (ret) { - gssapi_krb5_set_error_string (); - *minor_status = ret; - return GSS_S_FAILURE; - } - assert (tmp.length == input_message_buffer->length - len); - - memcpy (p, tmp.data, tmp.length); - krb5_data_free(&tmp); - } - /* check pad */ - - pad = (u_char *)input_message_buffer->value + input_message_buffer->length - 1; - padlength = *pad; - - for (i = padlength; i > 0 && *pad == padlength; i--, pad--) - ; - if (i != 0) - return GSS_S_BAD_MIC; - - /* verify sequence number */ - - krb5_auth_getremoteseqnumber (gssapi_krb5_context, - context_handle->auth_context, - &seq_number); - seq[0] = (seq_number >> 0) & 0xFF; - seq[1] = (seq_number >> 8) & 0xFF; - seq[2] = (seq_number >> 16) & 0xFF; - seq[3] = (seq_number >> 24) & 0xFF; - memset (seq + 4, - (context_handle->more_flags & LOCAL) ? 0xFF : 0, - 4); - - p -= 28; - - ret = krb5_crypto_init(gssapi_krb5_context, key, - ETYPE_DES3_CBC_NONE, &crypto); - if (ret) { - gssapi_krb5_set_error_string (); - *minor_status = ret; - return GSS_S_FAILURE; - } - { - des_cblock ivec; - - memcpy(&ivec, p + 8, 8); - ret = krb5_decrypt_ivec (gssapi_krb5_context, - crypto, - KRB5_KU_USAGE_SEQ, - p, 8, &seq_data, - &ivec); - } - krb5_crypto_destroy (gssapi_krb5_context, crypto); - if (ret) { - gssapi_krb5_set_error_string (); - *minor_status = ret; - return GSS_S_FAILURE; - } - if (seq_data.length != 8) { - krb5_data_free (&seq_data); - return GSS_S_BAD_MIC; - } - - cmp = memcmp (seq, seq_data.data, seq_data.length); - krb5_data_free (&seq_data); - if (cmp != 0) { - return GSS_S_BAD_MIC; - } - - krb5_auth_con_setremoteseqnumber (gssapi_krb5_context, - context_handle->auth_context, - ++seq_number); - - /* verify checksum */ - - memcpy (cksum, p + 8, 20); - - memcpy (p + 20, p - 8, 8); - - csum.cksumtype = CKSUMTYPE_HMAC_SHA1_DES3; - csum.checksum.length = 20; - csum.checksum.data = cksum; - - ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto); - if (ret) { - gssapi_krb5_set_error_string (); - *minor_status = ret; - return GSS_S_FAILURE; - } - - ret = krb5_verify_checksum (gssapi_krb5_context, crypto, - KRB5_KU_USAGE_SIGN, - p + 20, - input_message_buffer->length - len + 8, - &csum); - krb5_crypto_destroy (gssapi_krb5_context, crypto); - if (ret) { - gssapi_krb5_set_error_string (); - *minor_status = ret; - return GSS_S_FAILURE; - } - - /* copy out data */ - - output_message_buffer->length = input_message_buffer->length - - len - padlength - 8; - output_message_buffer->value = malloc(output_message_buffer->length); - if(output_message_buffer->length != 0 && output_message_buffer->value == NULL) - return GSS_S_FAILURE; - memcpy (output_message_buffer->value, - p + 36, - output_message_buffer->length); - return GSS_S_COMPLETE; -} - -OM_uint32 gss_unwrap - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - const gss_buffer_t input_message_buffer, - gss_buffer_t output_message_buffer, - int * conf_state, - gss_qop_t * qop_state - ) -{ - krb5_keyblock *key; - OM_uint32 ret; - krb5_keytype keytype; - - if (qop_state != NULL) - *qop_state = GSS_C_QOP_DEFAULT; - ret = gss_krb5_get_remotekey(context_handle, &key); - if (ret) { - gssapi_krb5_set_error_string (); - *minor_status = ret; - return GSS_S_FAILURE; - } - krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype); - - *minor_status = 0; - - switch (keytype) { - case KEYTYPE_DES : - ret = unwrap_des (minor_status, context_handle, - input_message_buffer, output_message_buffer, - conf_state, qop_state, key); - break; - case KEYTYPE_DES3 : - ret = unwrap_des3 (minor_status, context_handle, - input_message_buffer, output_message_buffer, - conf_state, qop_state, key); - break; - case KEYTYPE_ARCFOUR: - ret = _gssapi_unwrap_arcfour (minor_status, context_handle, - input_message_buffer, output_message_buffer, - conf_state, qop_state, key); - break; - default : - *minor_status = KRB5_PROG_ETYPE_NOSUPP; - ret = GSS_S_FAILURE; - break; - } - krb5_free_keyblock (gssapi_krb5_context, key); - return ret; -} diff --git a/crypto/heimdal/lib/gssapi/v1.c b/crypto/heimdal/lib/gssapi/v1.c deleted file mode 100644 index 34091ea..0000000 --- a/crypto/heimdal/lib/gssapi/v1.c +++ /dev/null @@ -1,104 +0,0 @@ -/* - * Copyright (c) 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: v1.c,v 1.2 1999/12/02 17:05:04 joda Exp $"); - -/* These functions are for V1 compatibility */ - -OM_uint32 gss_sign - (OM_uint32 * minor_status, - gss_ctx_id_t context_handle, - int qop_req, - gss_buffer_t message_buffer, - gss_buffer_t message_token - ) -{ - return gss_get_mic(minor_status, - context_handle, - (gss_qop_t)qop_req, - message_buffer, - message_token); -} - -OM_uint32 gss_verify - (OM_uint32 * minor_status, - gss_ctx_id_t context_handle, - gss_buffer_t message_buffer, - gss_buffer_t token_buffer, - int * qop_state - ) -{ - return gss_verify_mic(minor_status, - context_handle, - message_buffer, - token_buffer, - (gss_qop_t *)qop_state); -} - -OM_uint32 gss_seal - (OM_uint32 * minor_status, - gss_ctx_id_t context_handle, - int conf_req_flag, - int qop_req, - gss_buffer_t input_message_buffer, - int * conf_state, - gss_buffer_t output_message_buffer - ) -{ - return gss_wrap(minor_status, - context_handle, - conf_req_flag, - (gss_qop_t)qop_req, - input_message_buffer, - conf_state, - output_message_buffer); -} - -OM_uint32 gss_unseal - (OM_uint32 * minor_status, - gss_ctx_id_t context_handle, - gss_buffer_t input_message_buffer, - gss_buffer_t output_message_buffer, - int * conf_state, - int * qop_state - ) -{ - return gss_unwrap(minor_status, - context_handle, - input_message_buffer, - output_message_buffer, - conf_state, - (gss_qop_t *)qop_state); -} diff --git a/crypto/heimdal/lib/gssapi/verify_mic.c b/crypto/heimdal/lib/gssapi/verify_mic.c deleted file mode 100644 index aef2d07..0000000 --- a/crypto/heimdal/lib/gssapi/verify_mic.c +++ /dev/null @@ -1,322 +0,0 @@ -/* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: verify_mic.c,v 1.18.2.4 2003/09/18 22:05:34 lha Exp $"); - -static OM_uint32 -verify_mic_des - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - const gss_buffer_t message_buffer, - const gss_buffer_t token_buffer, - gss_qop_t * qop_state, - krb5_keyblock *key, - char *type - ) -{ - u_char *p; - MD5_CTX md5; - u_char hash[16], seq_data[8]; - des_key_schedule schedule; - des_cblock zero; - des_cblock deskey; - int32_t seq_number; - OM_uint32 ret; - - p = token_buffer->value; - ret = gssapi_krb5_verify_header (&p, - token_buffer->length, - type); - if (ret) - return ret; - - if (memcmp(p, "\x00\x00", 2) != 0) - return GSS_S_BAD_SIG; - p += 2; - if (memcmp (p, "\xff\xff\xff\xff", 4) != 0) - return GSS_S_BAD_MIC; - p += 4; - p += 16; - - /* verify checksum */ - MD5_Init (&md5); - MD5_Update (&md5, p - 24, 8); - MD5_Update (&md5, message_buffer->value, - message_buffer->length); - MD5_Final (hash, &md5); - - memset (&zero, 0, sizeof(zero)); - memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); - - des_set_key (&deskey, schedule); - des_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash), - schedule, &zero); - if (memcmp (p - 8, hash, 8) != 0) { - memset (deskey, 0, sizeof(deskey)); - memset (schedule, 0, sizeof(schedule)); - return GSS_S_BAD_MIC; - } - - /* verify sequence number */ - - krb5_auth_getremoteseqnumber (gssapi_krb5_context, - context_handle->auth_context, - &seq_number); - seq_data[0] = (seq_number >> 0) & 0xFF; - seq_data[1] = (seq_number >> 8) & 0xFF; - seq_data[2] = (seq_number >> 16) & 0xFF; - seq_data[3] = (seq_number >> 24) & 0xFF; - memset (seq_data + 4, - (context_handle->more_flags & LOCAL) ? 0xFF : 0, - 4); - - p -= 16; - des_set_key (&deskey, schedule); - des_cbc_encrypt ((void *)p, (void *)p, 8, - schedule, (des_cblock *)hash, DES_DECRYPT); - - memset (deskey, 0, sizeof(deskey)); - memset (schedule, 0, sizeof(schedule)); - - if (memcmp (p, seq_data, 8) != 0) { - return GSS_S_BAD_MIC; - } - - krb5_auth_con_setremoteseqnumber (gssapi_krb5_context, - context_handle->auth_context, - ++seq_number); - - return GSS_S_COMPLETE; -} - -static OM_uint32 -verify_mic_des3 - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - const gss_buffer_t message_buffer, - const gss_buffer_t token_buffer, - gss_qop_t * qop_state, - krb5_keyblock *key, - char *type - ) -{ - u_char *p; - u_char seq[8]; - int32_t seq_number; - OM_uint32 ret; - krb5_crypto crypto; - krb5_data seq_data; - int cmp, docompat; - Checksum csum; - char *tmp; - char ivec[8]; - - p = token_buffer->value; - ret = gssapi_krb5_verify_header (&p, - token_buffer->length, - type); - if (ret) - return ret; - - if (memcmp(p, "\x04\x00", 2) != 0) /* SGN_ALG = HMAC SHA1 DES3-KD */ - return GSS_S_BAD_SIG; - p += 2; - if (memcmp (p, "\xff\xff\xff\xff", 4) != 0) - return GSS_S_BAD_MIC; - p += 4; - - ret = krb5_crypto_init(gssapi_krb5_context, key, - ETYPE_DES3_CBC_NONE, &crypto); - if (ret){ - gssapi_krb5_set_error_string (); - *minor_status = ret; - return GSS_S_FAILURE; - } - - /* verify sequence number */ - docompat = 0; -retry: - if (docompat) - memset(ivec, 0, 8); - else - memcpy(ivec, p + 8, 8); - - ret = krb5_decrypt_ivec (gssapi_krb5_context, - crypto, - KRB5_KU_USAGE_SEQ, - p, 8, &seq_data, ivec); - if (ret) { - if (docompat++) { - gssapi_krb5_set_error_string (); - krb5_crypto_destroy (gssapi_krb5_context, crypto); - *minor_status = ret; - return GSS_S_FAILURE; - } else - goto retry; - } - - if (seq_data.length != 8) { - krb5_data_free (&seq_data); - if (docompat++) { - krb5_crypto_destroy (gssapi_krb5_context, crypto); - return GSS_S_BAD_MIC; - } else - goto retry; - } - - krb5_auth_getremoteseqnumber (gssapi_krb5_context, - context_handle->auth_context, - &seq_number); - seq[0] = (seq_number >> 0) & 0xFF; - seq[1] = (seq_number >> 8) & 0xFF; - seq[2] = (seq_number >> 16) & 0xFF; - seq[3] = (seq_number >> 24) & 0xFF; - memset (seq + 4, - (context_handle->more_flags & LOCAL) ? 0xFF : 0, - 4); - cmp = memcmp (seq, seq_data.data, seq_data.length); - krb5_data_free (&seq_data); - if (cmp != 0) { - if (docompat++) { - krb5_crypto_destroy (gssapi_krb5_context, crypto); - return GSS_S_BAD_MIC; - } else - goto retry; - } - - /* verify checksum */ - - tmp = malloc (message_buffer->length + 8); - if (tmp == NULL) { - krb5_crypto_destroy (gssapi_krb5_context, crypto); - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - memcpy (tmp, p - 8, 8); - memcpy (tmp + 8, message_buffer->value, message_buffer->length); - - csum.cksumtype = CKSUMTYPE_HMAC_SHA1_DES3; - csum.checksum.length = 20; - csum.checksum.data = p + 8; - - ret = krb5_verify_checksum (gssapi_krb5_context, crypto, - KRB5_KU_USAGE_SIGN, - tmp, message_buffer->length + 8, - &csum); - free (tmp); - if (ret) { - gssapi_krb5_set_error_string (); - krb5_crypto_destroy (gssapi_krb5_context, crypto); - *minor_status = ret; - return GSS_S_BAD_MIC; - } - - krb5_auth_con_setremoteseqnumber (gssapi_krb5_context, - context_handle->auth_context, - ++seq_number); - - krb5_crypto_destroy (gssapi_krb5_context, crypto); - return GSS_S_COMPLETE; -} - -OM_uint32 -gss_verify_mic_internal - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - const gss_buffer_t message_buffer, - const gss_buffer_t token_buffer, - gss_qop_t * qop_state, - char * type - ) -{ - krb5_keyblock *key; - OM_uint32 ret; - krb5_keytype keytype; - - ret = gss_krb5_get_remotekey(context_handle, &key); - if (ret) { - gssapi_krb5_set_error_string (); - *minor_status = ret; - return GSS_S_FAILURE; - } - *minor_status = 0; - krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype); - switch (keytype) { - case KEYTYPE_DES : - ret = verify_mic_des (minor_status, context_handle, - message_buffer, token_buffer, qop_state, key, - type); - break; - case KEYTYPE_DES3 : - ret = verify_mic_des3 (minor_status, context_handle, - message_buffer, token_buffer, qop_state, key, - type); - break; - case KEYTYPE_ARCFOUR : - ret = _gssapi_verify_mic_arcfour (minor_status, context_handle, - message_buffer, token_buffer, - qop_state, key, type); - break; - default : - *minor_status = KRB5_PROG_ETYPE_NOSUPP; - ret = GSS_S_FAILURE; - break; - } - krb5_free_keyblock (gssapi_krb5_context, key); - - return ret; -} - -OM_uint32 -gss_verify_mic - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - const gss_buffer_t message_buffer, - const gss_buffer_t token_buffer, - gss_qop_t * qop_state - ) -{ - OM_uint32 ret; - - if (qop_state != NULL) - *qop_state = GSS_C_QOP_DEFAULT; - - ret = gss_verify_mic_internal(minor_status, context_handle, - message_buffer, token_buffer, - qop_state, "\x01\x01"); - - return ret; -} diff --git a/crypto/heimdal/lib/gssapi/wrap.c b/crypto/heimdal/lib/gssapi/wrap.c deleted file mode 100644 index a0f9d2f..0000000 --- a/crypto/heimdal/lib/gssapi/wrap.c +++ /dev/null @@ -1,454 +0,0 @@ -/* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "gssapi_locl.h" - -RCSID("$Id: wrap.c,v 1.21.2.1 2003/09/18 22:05:45 lha Exp $"); - -OM_uint32 -gss_krb5_get_localkey(const gss_ctx_id_t context_handle, - krb5_keyblock **key) -{ - krb5_keyblock *skey; - - krb5_auth_con_getlocalsubkey(gssapi_krb5_context, - context_handle->auth_context, - &skey); - if(skey == NULL) - krb5_auth_con_getremotesubkey(gssapi_krb5_context, - context_handle->auth_context, - &skey); - if(skey == NULL) - krb5_auth_con_getkey(gssapi_krb5_context, - context_handle->auth_context, - &skey); - if(skey == NULL) - return GSS_S_FAILURE; - *key = skey; - return 0; -} - -static OM_uint32 -sub_wrap_size ( - OM_uint32 req_output_size, - OM_uint32 * max_input_size, - int blocksize, - int extrasize - ) -{ - size_t len, total_len, padlength; - padlength = blocksize - (req_output_size % blocksize); - len = req_output_size + 8 + padlength + extrasize; - gssapi_krb5_encap_length(len, &len, &total_len); - *max_input_size = (OM_uint32)total_len; - return GSS_S_COMPLETE; -} - -OM_uint32 -gss_wrap_size_limit ( - OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - int conf_req_flag, - gss_qop_t qop_req, - OM_uint32 req_output_size, - OM_uint32 * max_input_size - ) -{ - krb5_keyblock *key; - OM_uint32 ret; - krb5_keytype keytype; - - ret = gss_krb5_get_localkey(context_handle, &key); - if (ret) { - gssapi_krb5_set_error_string (); - *minor_status = ret; - return GSS_S_FAILURE; - } - krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype); - - switch (keytype) { - case KEYTYPE_DES : - case KEYTYPE_ARCFOUR: - ret = sub_wrap_size(req_output_size, max_input_size, 8, 22); - break; - case KEYTYPE_DES3 : - ret = sub_wrap_size(req_output_size, max_input_size, 8, 34); - break; - default : - *minor_status = KRB5_PROG_ETYPE_NOSUPP; - ret = GSS_S_FAILURE; - break; - } - krb5_free_keyblock (gssapi_krb5_context, key); - *minor_status = 0; - return ret; -} - -static OM_uint32 -wrap_des - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - int conf_req_flag, - gss_qop_t qop_req, - const gss_buffer_t input_message_buffer, - int * conf_state, - gss_buffer_t output_message_buffer, - krb5_keyblock *key - ) -{ - u_char *p; - MD5_CTX md5; - u_char hash[16]; - des_key_schedule schedule; - des_cblock deskey; - des_cblock zero; - int i; - int32_t seq_number; - size_t len, total_len, padlength, datalen; - - padlength = 8 - (input_message_buffer->length % 8); - datalen = input_message_buffer->length + padlength + 8; - len = datalen + 22; - gssapi_krb5_encap_length (len, &len, &total_len); - - output_message_buffer->length = total_len; - output_message_buffer->value = malloc (total_len); - if (output_message_buffer->value == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - p = gssapi_krb5_make_header(output_message_buffer->value, - len, - "\x02\x01"); /* TOK_ID */ - - /* SGN_ALG */ - memcpy (p, "\x00\x00", 2); - p += 2; - /* SEAL_ALG */ - if(conf_req_flag) - memcpy (p, "\x00\x00", 2); - else - memcpy (p, "\xff\xff", 2); - p += 2; - /* Filler */ - memcpy (p, "\xff\xff", 2); - p += 2; - - /* fill in later */ - memset (p, 0, 16); - p += 16; - - /* confounder + data + pad */ - krb5_generate_random_block(p, 8); - memcpy (p + 8, input_message_buffer->value, - input_message_buffer->length); - memset (p + 8 + input_message_buffer->length, padlength, padlength); - - /* checksum */ - MD5_Init (&md5); - MD5_Update (&md5, p - 24, 8); - MD5_Update (&md5, p, datalen); - MD5_Final (hash, &md5); - - memset (&zero, 0, sizeof(zero)); - memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); - des_set_key (&deskey, schedule); - des_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash), - schedule, &zero); - memcpy (p - 8, hash, 8); - - /* sequence number */ - krb5_auth_con_getlocalseqnumber (gssapi_krb5_context, - context_handle->auth_context, - &seq_number); - - p -= 16; - p[0] = (seq_number >> 0) & 0xFF; - p[1] = (seq_number >> 8) & 0xFF; - p[2] = (seq_number >> 16) & 0xFF; - p[3] = (seq_number >> 24) & 0xFF; - memset (p + 4, - (context_handle->more_flags & LOCAL) ? 0 : 0xFF, - 4); - - des_set_key (&deskey, schedule); - des_cbc_encrypt ((void *)p, (void *)p, 8, - schedule, (des_cblock *)(p + 8), DES_ENCRYPT); - - krb5_auth_con_setlocalseqnumber (gssapi_krb5_context, - context_handle->auth_context, - ++seq_number); - - /* encrypt the data */ - p += 16; - - if(conf_req_flag) { - memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); - - for (i = 0; i < sizeof(deskey); ++i) - deskey[i] ^= 0xf0; - des_set_key (&deskey, schedule); - memset (&zero, 0, sizeof(zero)); - des_cbc_encrypt ((void *)p, - (void *)p, - datalen, - schedule, - &zero, - DES_ENCRYPT); - - memset (deskey, 0, sizeof(deskey)); - memset (schedule, 0, sizeof(schedule)); - } - if(conf_state != NULL) - *conf_state = conf_req_flag; - *minor_status = 0; - return GSS_S_COMPLETE; -} - -static OM_uint32 -wrap_des3 - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - int conf_req_flag, - gss_qop_t qop_req, - const gss_buffer_t input_message_buffer, - int * conf_state, - gss_buffer_t output_message_buffer, - krb5_keyblock *key - ) -{ - u_char *p; - u_char seq[8]; - int32_t seq_number; - size_t len, total_len, padlength, datalen; - u_int32_t ret; - krb5_crypto crypto; - Checksum cksum; - krb5_data encdata; - - padlength = 8 - (input_message_buffer->length % 8); - datalen = input_message_buffer->length + padlength + 8; - len = datalen + 34; - gssapi_krb5_encap_length (len, &len, &total_len); - - output_message_buffer->length = total_len; - output_message_buffer->value = malloc (total_len); - if (output_message_buffer->value == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - - p = gssapi_krb5_make_header(output_message_buffer->value, - len, - "\x02\x01"); /* TOK_ID */ - - /* SGN_ALG */ - memcpy (p, "\x04\x00", 2); /* HMAC SHA1 DES3-KD */ - p += 2; - /* SEAL_ALG */ - if(conf_req_flag) - memcpy (p, "\x02\x00", 2); /* DES3-KD */ - else - memcpy (p, "\xff\xff", 2); - p += 2; - /* Filler */ - memcpy (p, "\xff\xff", 2); - p += 2; - - /* calculate checksum (the above + confounder + data + pad) */ - - memcpy (p + 20, p - 8, 8); - krb5_generate_random_block(p + 28, 8); - memcpy (p + 28 + 8, input_message_buffer->value, - input_message_buffer->length); - memset (p + 28 + 8 + input_message_buffer->length, padlength, padlength); - - ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto); - if (ret) { - gssapi_krb5_set_error_string (); - free (output_message_buffer->value); - *minor_status = ret; - return GSS_S_FAILURE; - } - - ret = krb5_create_checksum (gssapi_krb5_context, - crypto, - KRB5_KU_USAGE_SIGN, - 0, - p + 20, - datalen + 8, - &cksum); - krb5_crypto_destroy (gssapi_krb5_context, crypto); - if (ret) { - gssapi_krb5_set_error_string (); - free (output_message_buffer->value); - *minor_status = ret; - return GSS_S_FAILURE; - } - - /* zero out SND_SEQ + SGN_CKSUM in case */ - memset (p, 0, 28); - - memcpy (p + 8, cksum.checksum.data, cksum.checksum.length); - free_Checksum (&cksum); - - /* sequence number */ - krb5_auth_con_getlocalseqnumber (gssapi_krb5_context, - context_handle->auth_context, - &seq_number); - - seq[0] = (seq_number >> 0) & 0xFF; - seq[1] = (seq_number >> 8) & 0xFF; - seq[2] = (seq_number >> 16) & 0xFF; - seq[3] = (seq_number >> 24) & 0xFF; - memset (seq + 4, - (context_handle->more_flags & LOCAL) ? 0 : 0xFF, - 4); - - - ret = krb5_crypto_init(gssapi_krb5_context, key, ETYPE_DES3_CBC_NONE, - &crypto); - if (ret) { - free (output_message_buffer->value); - *minor_status = ret; - return GSS_S_FAILURE; - } - - { - des_cblock ivec; - - memcpy (&ivec, p + 8, 8); - ret = krb5_encrypt_ivec (gssapi_krb5_context, - crypto, - KRB5_KU_USAGE_SEQ, - seq, 8, &encdata, - &ivec); - } - krb5_crypto_destroy (gssapi_krb5_context, crypto); - if (ret) { - gssapi_krb5_set_error_string (); - free (output_message_buffer->value); - *minor_status = ret; - return GSS_S_FAILURE; - } - - assert (encdata.length == 8); - - memcpy (p, encdata.data, encdata.length); - krb5_data_free (&encdata); - - krb5_auth_con_setlocalseqnumber (gssapi_krb5_context, - context_handle->auth_context, - ++seq_number); - - /* encrypt the data */ - p += 28; - - if(conf_req_flag) { - krb5_data tmp; - - ret = krb5_crypto_init(gssapi_krb5_context, key, - ETYPE_DES3_CBC_NONE, &crypto); - if (ret) { - gssapi_krb5_set_error_string (); - free (output_message_buffer->value); - *minor_status = ret; - return GSS_S_FAILURE; - } - ret = krb5_encrypt(gssapi_krb5_context, crypto, KRB5_KU_USAGE_SEAL, - p, datalen, &tmp); - krb5_crypto_destroy(gssapi_krb5_context, crypto); - if (ret) { - gssapi_krb5_set_error_string (); - free (output_message_buffer->value); - *minor_status = ret; - return GSS_S_FAILURE; - } - assert (tmp.length == datalen); - - memcpy (p, tmp.data, datalen); - krb5_data_free(&tmp); - } - if(conf_state != NULL) - *conf_state = conf_req_flag; - *minor_status = 0; - return GSS_S_COMPLETE; -} - -OM_uint32 gss_wrap - (OM_uint32 * minor_status, - const gss_ctx_id_t context_handle, - int conf_req_flag, - gss_qop_t qop_req, - const gss_buffer_t input_message_buffer, - int * conf_state, - gss_buffer_t output_message_buffer - ) -{ - krb5_keyblock *key; - OM_uint32 ret; - krb5_keytype keytype; - - ret = gss_krb5_get_localkey(context_handle, &key); - if (ret) { - gssapi_krb5_set_error_string (); - *minor_status = ret; - return GSS_S_FAILURE; - } - krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype); - - switch (keytype) { - case KEYTYPE_DES : - ret = wrap_des (minor_status, context_handle, conf_req_flag, - qop_req, input_message_buffer, conf_state, - output_message_buffer, key); - break; - case KEYTYPE_DES3 : - ret = wrap_des3 (minor_status, context_handle, conf_req_flag, - qop_req, input_message_buffer, conf_state, - output_message_buffer, key); - break; - case KEYTYPE_ARCFOUR: - ret = _gssapi_wrap_arcfour (minor_status, context_handle, conf_req_flag, - qop_req, input_message_buffer, conf_state, - output_message_buffer, key); - break; - default : - *minor_status = KRB5_PROG_ETYPE_NOSUPP; - ret = GSS_S_FAILURE; - break; - } - krb5_free_keyblock (gssapi_krb5_context, key); - return ret; -} diff --git a/crypto/heimdal/lib/hdb/convert_db.c b/crypto/heimdal/lib/hdb/convert_db.c deleted file mode 100644 index 0b300a5..0000000 --- a/crypto/heimdal/lib/hdb/convert_db.c +++ /dev/null @@ -1,213 +0,0 @@ -/* - * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of KTH nor the names of its contributors may be - * used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY - * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - -/* Converts a database from version 0.0* to 0.1. This is done by - * making three copies of each DES key (DES-CBC-CRC, DES-CBC-MD4, and - * DES-CBC-MD5). - * - * Use with care. - */ - -#include "hdb_locl.h" -#include -#include - -RCSID("$Id: convert_db.c,v 1.12 2001/02/20 01:44:53 assar Exp $"); - -static krb5_error_code -update_keytypes(krb5_context context, HDB *db, hdb_entry *entry, void *data) -{ - int i; - int n = 0; - Key *k; - int save_len; - Key *save_val; - HDB *new = data; - krb5_error_code ret; - - for(i = 0; i < entry->keys.len; i++) - if(entry->keys.val[i].key.keytype == KEYTYPE_DES) - n += 2; - else if(entry->keys.val[i].key.keytype == KEYTYPE_DES3) - n += 1; - k = malloc(sizeof(*k) * (entry->keys.len + n)); - n = 0; - for(i = 0; i < entry->keys.len; i++) { - copy_Key(&entry->keys.val[i], &k[n]); - if(entry->keys.val[i].key.keytype == KEYTYPE_DES) { - copy_Key(&entry->keys.val[i], &k[n+1]); - k[n+1].key.keytype = ETYPE_DES_CBC_MD4; - copy_Key(&entry->keys.val[i], &k[n+2]); - k[n+2].key.keytype = ETYPE_DES_CBC_MD5; - n += 2; - } - else if(entry->keys.val[i].key.keytype == KEYTYPE_DES3) { - copy_Key(&entry->keys.val[i], &k[n+1]); - k[n+1].key.keytype = ETYPE_DES3_CBC_MD5; - n += 1; - } - n++; - } - save_len = entry->keys.len; - save_val = entry->keys.val; - entry->keys.len = n; - entry->keys.val = k; - ret = new->store(context, new, HDB_F_REPLACE, entry); - entry->keys.len = save_len; - entry->keys.val = save_val; - for(i = 0; i < n; i++) - free_Key(&k[i]); - free(k); - return 0; -} - -static krb5_error_code -update_version2(krb5_context context, HDB *db, hdb_entry *entry, void *data) -{ - HDB *new = data; - if(!db->master_key_set) { - int i; - for(i = 0; i < entry->keys.len; i++) { - free(entry->keys.val[i].mkvno); - entry->keys.val[i].mkvno = NULL; - } - } - new->store(context, new, HDB_F_REPLACE, entry); - return 0; -} - -char *old_database = HDB_DEFAULT_DB; -char *new_database = HDB_DEFAULT_DB ".new"; -char *mkeyfile; -int update_version; -int help_flag; -int version_flag; - -struct getargs args[] = { - { "old-database", 0, arg_string, &old_database, - "name of database to convert", "file" }, - { "new-database", 0, arg_string, &new_database, - "name of converted database", "file" }, - { "master-key", 0, arg_string, &mkeyfile, - "v5 master key file", "file" }, - { "update-version", 0, arg_flag, &update_version, - "update the database to the current version" }, - { "help", 'h', arg_flag, &help_flag }, - { "version", 0, arg_flag, &version_flag } -}; - -static int num_args = sizeof(args) / sizeof(args[0]); - -int -main(int argc, char **argv) -{ - krb5_error_code ret; - krb5_context context; - HDB *db, *new; - int optind = 0; - int master_key_set = 0; - - setprogname(argv[0]); - - if(getarg(args, num_args, argc, argv, &optind)) - krb5_std_usage(1, args, num_args); - - if(help_flag) - krb5_std_usage(0, args, num_args); - - if(version_flag){ - print_version(NULL); - exit(0); - } - - ret = krb5_init_context(&context); - if(ret != 0) - errx(1, "krb5_init_context failed: %d", ret); - - ret = hdb_create(context, &db, old_database); - if(ret != 0) - krb5_err(context, 1, ret, "hdb_create"); - - ret = hdb_set_master_keyfile(context, db, mkeyfile); - if (ret) - krb5_err(context, 1, ret, "hdb_set_master_keyfile"); - master_key_set = 1; - ret = hdb_create(context, &new, new_database); - if(ret != 0) - krb5_err(context, 1, ret, "hdb_create"); - if (master_key_set) { - ret = hdb_set_master_keyfile(context, new, mkeyfile); - if (ret) - krb5_err(context, 1, ret, "hdb_set_master_keyfile"); - } - ret = db->open(context, db, O_RDONLY, 0); - if(ret == HDB_ERR_BADVERSION) { - krb5_data tag; - krb5_data version; - int foo; - unsigned ver; - tag.data = HDB_DB_FORMAT_ENTRY; - tag.length = strlen(tag.data); - ret = (*db->_get)(context, db, tag, &version); - if(ret) - krb5_errx(context, 1, "database is wrong version, " - "but couldn't find version key (%s)", - HDB_DB_FORMAT_ENTRY); - foo = sscanf(version.data, "%u", &ver); - krb5_data_free (&version); - if(foo != 1) - krb5_errx(context, 1, "database version is not a number"); - if(ver == 1 && HDB_DB_FORMAT == 2) { - krb5_warnx(context, "will upgrade database from version %d to %d", - ver, HDB_DB_FORMAT); - krb5_warnx(context, "rerun to do other conversions"); - update_version = 1; - } else - krb5_errx(context, 1, - "don't know how to upgrade from version %d to %d", - ver, HDB_DB_FORMAT); - } else if(ret) - krb5_err(context, 1, ret, "%s", old_database); - ret = new->open(context, new, O_CREAT|O_EXCL|O_RDWR, 0600); - if(ret) - krb5_err(context, 1, ret, "%s", new_database); - if(update_version) - ret = hdb_foreach(context, db, 0, update_version2, new); - else - ret = hdb_foreach(context, db, 0, update_keytypes, new); - if(ret != 0) - krb5_err(context, 1, ret, "hdb_foreach"); - db->close(context, db); - new->close(context, new); - krb5_warnx(context, "wrote converted database to `%s'", new_database); - return 0; -} diff --git a/crypto/heimdal/lib/hdb/hdb_locl.h b/crypto/heimdal/lib/hdb/hdb_locl.h index c4f1ea2..0a67e54 100644 --- a/crypto/heimdal/lib/hdb/hdb_locl.h +++ b/crypto/heimdal/lib/hdb/hdb_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: hdb_locl.h,v 1.18.4.1 2003/09/10 22:04:39 lha Exp $ */ +/* $Id: hdb_locl.h 22209 2007-12-07 19:03:41Z lha $ */ /* $FreeBSD$ */ #ifndef __HDB_LOCL_H__ @@ -65,4 +65,7 @@ #include #include +#define HDB_DEFAULT_DB HDB_DB_DIR "/heimdal" +#define HDB_DB_FORMAT_ENTRY "hdb/db-format" + #endif /* __HDB_LOCL_H__ */ diff --git a/crypto/heimdal/lib/kadm5/dump_log.c b/crypto/heimdal/lib/kadm5/dump_log.c deleted file mode 100644 index f8309fb..0000000 --- a/crypto/heimdal/lib/kadm5/dump_log.c +++ /dev/null @@ -1,273 +0,0 @@ -/* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "iprop.h" -#include "parse_time.h" - -RCSID("$Id: dump_log.c,v 1.13 2003/04/16 17:56:02 lha Exp $"); - -static char *op_names[] = { - "get", - "delete", - "create", - "rename", - "chpass", - "modify", - "randkey", - "get_privs", - "get_princs", - "chpass_with_key", - "nop" -}; - -static void -print_entry(kadm5_server_context *server_context, - u_int32_t ver, - time_t timestamp, - enum kadm_ops op, - u_int32_t len, - krb5_storage *sp) -{ - char t[256]; - int32_t mask; - hdb_entry ent; - krb5_principal source; - char *name1, *name2; - krb5_data data; - krb5_context context = server_context->context; - - off_t end = krb5_storage_seek(sp, 0, SEEK_CUR) + len; - - krb5_error_code ret; - - strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S", localtime(×tamp)); - - if(op < kadm_get || op > kadm_nop) { - printf("unknown op: %d\n", op); - krb5_storage_seek(sp, end, SEEK_SET); - return; - } - - printf ("%s: ver = %u, timestamp = %s, len = %u\n", - op_names[op], ver, t, len); - switch(op) { - case kadm_delete: - krb5_ret_principal(sp, &source); - krb5_unparse_name(context, source, &name1); - printf(" %s\n", name1); - free(name1); - krb5_free_principal(context, source); - break; - case kadm_rename: - ret = krb5_data_alloc(&data, len); - if (ret) - krb5_err (context, 1, ret, "kadm_rename: data alloc: %d", len); - krb5_ret_principal(sp, &source); - krb5_storage_read(sp, data.data, data.length); - hdb_value2entry(context, &data, &ent); - krb5_unparse_name(context, source, &name1); - krb5_unparse_name(context, ent.principal, &name2); - printf(" %s -> %s\n", name1, name2); - free(name1); - free(name2); - krb5_free_principal(context, source); - hdb_free_entry(context, &ent); - break; - case kadm_create: - ret = krb5_data_alloc(&data, len); - if (ret) - krb5_err (context, 1, ret, "kadm_create: data alloc: %d", len); - krb5_storage_read(sp, data.data, data.length); - ret = hdb_value2entry(context, &data, &ent); - if(ret) - abort(); - mask = ~0; - goto foo; - case kadm_modify: - ret = krb5_data_alloc(&data, len); - if (ret) - krb5_err (context, 1, ret, "kadm_modify: data alloc: %d", len); - krb5_ret_int32(sp, &mask); - krb5_storage_read(sp, data.data, data.length); - ret = hdb_value2entry(context, &data, &ent); - if(ret) - abort(); - foo: - if(ent.principal /* mask & KADM5_PRINCIPAL */) { - krb5_unparse_name(context, ent.principal, &name1); - printf(" principal = %s\n", name1); - free(name1); - } - if(mask & KADM5_PRINC_EXPIRE_TIME) { - if(ent.valid_end == NULL) { - strcpy(t, "never"); - } else { - strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S", - localtime(ent.valid_end)); - } - printf(" expires = %s\n", t); - } - if(mask & KADM5_PW_EXPIRATION) { - if(ent.pw_end == NULL) { - strcpy(t, "never"); - } else { - strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S", - localtime(ent.pw_end)); - } - printf(" password exp = %s\n", t); - } - if(mask & KADM5_LAST_PWD_CHANGE) { - } - if(mask & KADM5_ATTRIBUTES) { - unparse_flags(HDBFlags2int(ent.flags), - HDBFlags_units, t, sizeof(t)); - printf(" attributes = %s\n", t); - } - if(mask & KADM5_MAX_LIFE) { - if(ent.max_life == NULL) - strcpy(t, "for ever"); - else - unparse_time(*ent.max_life, t, sizeof(t)); - printf(" max life = %s\n", t); - } - if(mask & KADM5_MAX_RLIFE) { - if(ent.max_renew == NULL) - strcpy(t, "for ever"); - else - unparse_time(*ent.max_renew, t, sizeof(t)); - printf(" max rlife = %s\n", t); - } - if(mask & KADM5_MOD_TIME) { - printf(" mod time\n"); - } - if(mask & KADM5_MOD_NAME) { - printf(" mod name\n"); - } - if(mask & KADM5_KVNO) { - printf(" kvno = %d\n", ent.kvno); - } - if(mask & KADM5_MKVNO) { - printf(" mkvno\n"); - } - if(mask & KADM5_AUX_ATTRIBUTES) { - printf(" aux attributes\n"); - } - if(mask & KADM5_POLICY) { - printf(" policy\n"); - } - if(mask & KADM5_POLICY_CLR) { - printf(" mod time\n"); - } - if(mask & KADM5_LAST_SUCCESS) { - printf(" last success\n"); - } - if(mask & KADM5_LAST_FAILED) { - printf(" last failed\n"); - } - if(mask & KADM5_FAIL_AUTH_COUNT) { - printf(" fail auth count\n"); - } - if(mask & KADM5_KEY_DATA) { - printf(" key data\n"); - } - if(mask & KADM5_TL_DATA) { - printf(" tl data\n"); - } - hdb_free_entry(context, &ent); - break; - case kadm_nop : - break; - default: - abort(); - } - krb5_storage_seek(sp, end, SEEK_SET); -} - -static char *realm; -static int version_flag; -static int help_flag; - -static struct getargs args[] = { - { "realm", 'r', arg_string, &realm }, - { "version", 0, arg_flag, &version_flag }, - { "help", 0, arg_flag, &help_flag } -}; -int num_args = sizeof(args) / sizeof(args[0]); - -int -main(int argc, char **argv) -{ - krb5_context context; - krb5_error_code ret; - void *kadm_handle; - kadm5_server_context *server_context; - kadm5_config_params conf; - - krb5_program_setup(&context, argc, argv, args, num_args, NULL); - - if(help_flag) - krb5_std_usage(0, args, num_args); - if(version_flag) { - print_version(NULL); - exit(0); - } - - memset(&conf, 0, sizeof(conf)); - if(realm) { - conf.mask |= KADM5_CONFIG_REALM; - conf.realm = realm; - } - ret = kadm5_init_with_password_ctx (context, - KADM5_ADMIN_SERVICE, - NULL, - KADM5_ADMIN_SERVICE, - &conf, 0, 0, - &kadm_handle); - if (ret) - krb5_err (context, 1, ret, "kadm5_init_with_password_ctx"); - - server_context = (kadm5_server_context *)kadm_handle; - - ret = kadm5_log_init (server_context); - if (ret) - krb5_err (context, 1, ret, "kadm5_log_init"); - - ret = kadm5_log_foreach (server_context, print_entry); - if(ret) - krb5_warn(context, ret, "kadm5_log_foreach"); - - ret = kadm5_log_end (server_context); - if (ret) - krb5_warn(context, ret, "kadm5_log_end"); - return 0; -} diff --git a/crypto/heimdal/lib/kadm5/replay_log.c b/crypto/heimdal/lib/kadm5/replay_log.c deleted file mode 100644 index 1b2d716..0000000 --- a/crypto/heimdal/lib/kadm5/replay_log.c +++ /dev/null @@ -1,129 +0,0 @@ -/* - * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "iprop.h" - -RCSID("$Id: replay_log.c,v 1.9 2002/05/24 15:19:22 joda Exp $"); - -int start_version = -1; -int end_version = -1; - -static void -apply_entry(kadm5_server_context *server_context, - u_int32_t ver, - time_t timestamp, - enum kadm_ops op, - u_int32_t len, - krb5_storage *sp) -{ - krb5_error_code ret; - - if((start_version != -1 && ver < start_version) || - (end_version != -1 && ver > end_version)) { - /* XXX skip this entry */ - krb5_storage_seek(sp, len, SEEK_CUR); - return; - } - printf ("ver %u... ", ver); - fflush (stdout); - - ret = kadm5_log_replay (server_context, - op, ver, len, sp); - if (ret) - krb5_warn (server_context->context, ret, "kadm5_log_replay"); - - - printf ("done\n"); -} - -int version_flag; -int help_flag; -struct getargs args[] = { - { "start-version", 0, arg_integer, &start_version, "start replay with this version" }, - { "end-version", 0, arg_integer, &end_version, "end replay with this version" }, - { "version", 0, arg_flag, &version_flag }, - { "help", 0, arg_flag, &help_flag } -}; -int num_args = sizeof(args) / sizeof(args[0]); - -int -main(int argc, char **argv) -{ - krb5_context context; - krb5_error_code ret; - void *kadm_handle; - kadm5_config_params conf; - kadm5_server_context *server_context; - - krb5_program_setup(&context, argc, argv, args, num_args, NULL); - - if(help_flag) - krb5_std_usage(0, args, num_args); - if(version_flag) { - print_version(NULL); - exit(0); - } - - memset(&conf, 0, sizeof(conf)); - ret = kadm5_init_with_password_ctx (context, - KADM5_ADMIN_SERVICE, - NULL, - KADM5_ADMIN_SERVICE, - &conf, 0, 0, - &kadm_handle); - if (ret) - krb5_err (context, 1, ret, "kadm5_init_with_password_ctx"); - - server_context = (kadm5_server_context *)kadm_handle; - - ret = server_context->db->open(context, - server_context->db, - O_RDWR | O_CREAT, 0); - if (ret) - krb5_err (context, 1, ret, "db->open"); - - ret = kadm5_log_init (server_context); - if (ret) - krb5_err (context, 1, ret, "kadm5_log_init"); - - ret = kadm5_log_foreach (server_context, apply_entry); - if(ret) - krb5_warn(context, ret, "kadm5_log_foreach"); - ret = kadm5_log_end (server_context); - if (ret) - krb5_warn(context, ret, "kadm5_log_end"); - ret = server_context->db->close (context, server_context->db); - if (ret) - krb5_err (context, 1, ret, "db->close"); - return 0; -} diff --git a/crypto/heimdal/lib/kadm5/truncate_log.c b/crypto/heimdal/lib/kadm5/truncate_log.c deleted file mode 100644 index cf4af26..0000000 --- a/crypto/heimdal/lib/kadm5/truncate_log.c +++ /dev/null @@ -1,89 +0,0 @@ -/* - * Copyright (c) 2000, 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "iprop.h" - -RCSID("$Id: truncate_log.c,v 1.1.8.1 2003/10/14 15:58:46 joda Exp $"); - -static char *realm; -static int version_flag; -static int help_flag; - -static struct getargs args[] = { - { "realm", 'r', arg_string, &realm }, - { "version", 0, arg_flag, &version_flag }, - { "help", 0, arg_flag, &help_flag } -}; - -static int num_args = sizeof(args) / sizeof(args[0]); - -int -main(int argc, char **argv) -{ - krb5_context context; - krb5_error_code ret; - void *kadm_handle; - kadm5_server_context *server_context; - kadm5_config_params conf; - - krb5_program_setup(&context, argc, argv, args, num_args, NULL); - - if(help_flag) - krb5_std_usage(0, args, num_args); - if(version_flag) { - print_version(NULL); - exit(0); - } - - memset(&conf, 0, sizeof(conf)); - if(realm) { - conf.mask |= KADM5_CONFIG_REALM; - conf.realm = realm; - } - - ret = kadm5_init_with_password_ctx (context, - KADM5_ADMIN_SERVICE, - NULL, - KADM5_ADMIN_SERVICE, - &conf, 0, 0, - &kadm_handle); - if (ret) - krb5_err (context, 1, ret, "kadm5_init_with_password_ctx"); - - server_context = (kadm5_server_context *)kadm_handle; - - ret = kadm5_log_truncate (server_context); - if(ret) - krb5_err (context, 1, ret, "kadm5_log_truncate"); - return 0; -} diff --git a/crypto/heimdal/lib/krb5/crypto.c b/crypto/heimdal/lib/krb5/crypto.c index d1c1c9d..21d1026 100644 --- a/crypto/heimdal/lib/krb5/crypto.c +++ b/crypto/heimdal/lib/krb5/crypto.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: crypto.c,v 1.73.2.4 2004/03/06 16:38:00 lha Exp $"); +RCSID("$Id: crypto.c 22200 2007-12-07 13:48:01Z lha $"); /* RCSID("$FreeBSD$"); */ #undef CRYPTO_DEBUG @@ -67,6 +67,7 @@ struct krb5_crypto_data { #define F_VARIANT 8 /* uses `variant' keys (6.4.3) */ #define F_PSEUDO 16 /* not a real protocol type */ #define F_SPECIAL 32 /* backwards */ +#define F_DISABLED 64 /* enctype/checksum disabled */ struct salt_type { krb5_salttype type; @@ -87,6 +88,7 @@ struct key_type { void (*random_key)(krb5_context, krb5_keyblock*); void (*schedule)(krb5_context, struct key_data *); struct salt_type *string_to_key; + void (*random_to_key)(krb5_context, krb5_keyblock*, const void*, size_t); }; struct checksum_type { @@ -110,6 +112,7 @@ struct checksum_type { struct encryption_type { krb5_enctype type; const char *name; + heim_oid *oid; size_t blocksize; size_t padsize; size_t confoundersize; @@ -120,9 +123,12 @@ struct encryption_type { krb5_error_code (*encrypt)(krb5_context context, struct key_data *key, void *data, size_t len, - krb5_boolean encrypt, + krb5_boolean encryptp, int usage, void *ivec); + size_t prf_length; + krb5_error_code (*prf)(krb5_context, + krb5_crypto, const krb5_data *, krb5_data *); }; #define ENCRYPTION_USAGE(U) (((U) << 8) | 0xAA) @@ -148,92 +154,38 @@ static krb5_error_code hmac(krb5_context context, struct key_data *keyblock, Checksum *result); static void free_key_data(krb5_context context, struct key_data *key); -static krb5_error_code usage2arcfour (krb5_context, int *); +static krb5_error_code usage2arcfour (krb5_context, unsigned *); +static void xor (DES_cblock *, const unsigned char *); /************************************************************ * * ************************************************************/ +static HEIMDAL_MUTEX crypto_mutex = HEIMDAL_MUTEX_INITIALIZER; + + static void krb5_DES_random_key(krb5_context context, krb5_keyblock *key) { - des_cblock *k = key->keyvalue.data; + DES_cblock *k = key->keyvalue.data; do { - krb5_generate_random_block(k, sizeof(des_cblock)); - des_set_odd_parity(k); - } while(des_is_weak_key(k)); + krb5_generate_random_block(k, sizeof(DES_cblock)); + DES_set_odd_parity(k); + } while(DES_is_weak_key(k)); } static void krb5_DES_schedule(krb5_context context, - struct key_data *key) + struct key_data *key) { - des_set_key(key->key->keyvalue.data, key->schedule->data); + DES_set_key(key->key->keyvalue.data, key->schedule->data); } -static void -DES_string_to_key_int(unsigned char *data, size_t length, des_cblock *key) -{ - des_key_schedule schedule; - int i; - int reverse = 0; - unsigned char *p; - - unsigned char swap[] = { 0x0, 0x8, 0x4, 0xc, 0x2, 0xa, 0x6, 0xe, - 0x1, 0x9, 0x5, 0xd, 0x3, 0xb, 0x7, 0xf }; - memset(key, 0, 8); - - p = (unsigned char*)key; - for (i = 0; i < length; i++) { - unsigned char tmp = data[i]; - if (!reverse) - *p++ ^= (tmp << 1); - else - *--p ^= (swap[tmp & 0xf] << 4) | swap[(tmp & 0xf0) >> 4]; - if((i % 8) == 7) - reverse = !reverse; - } - des_set_odd_parity(key); - if(des_is_weak_key(key)) - (*key)[7] ^= 0xF0; - des_set_key(key, schedule); - des_cbc_cksum((void*)data, key, length, schedule, key); - memset(schedule, 0, sizeof(schedule)); - des_set_odd_parity(key); -} - -static krb5_error_code -krb5_DES_string_to_key(krb5_context context, - krb5_enctype enctype, - krb5_data password, - krb5_salt salt, - krb5_data opaque, - krb5_keyblock *key) -{ - unsigned char *s; - size_t len; - des_cblock tmp; - - len = password.length + salt.saltvalue.length; - s = malloc(len); - if(len > 0 && s == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - memcpy(s, password.data, password.length); - memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length); - DES_string_to_key_int(s, len, &tmp); - key->keytype = enctype; - krb5_data_copy(&key->keyvalue, tmp, sizeof(tmp)); - memset(&tmp, 0, sizeof(tmp)); - memset(s, 0, len); - free(s); - return 0; -} +#ifdef ENABLE_AFS_STRING_TO_KEY /* This defines the Andrew string_to_key function. It accepts a password - * string as input and converts its via a one-way encryption algorithm to a DES + * string as input and converts it via a one-way encryption algorithm to a DES * encryption key. It is compatible with the original Andrew authentication * service password database. */ @@ -244,7 +196,7 @@ krb5_DES_string_to_key(krb5_context context, static void krb5_DES_AFS3_CMU_string_to_key (krb5_data pw, krb5_data cell, - des_cblock *key) + DES_cblock *key) { char password[8+1]; /* crypt is limited to 8 chars anyway */ int i; @@ -257,14 +209,14 @@ krb5_DES_AFS3_CMU_string_to_key (krb5_data pw, } password[8] = '\0'; - memcpy(key, crypt(password, "p1") + 2, sizeof(des_cblock)); + memcpy(key, crypt(password, "p1") + 2, sizeof(DES_cblock)); /* parity is inserted into the LSB so left shift each byte up one bit. This allows ascii characters with a zero MSB to retain as much significance as possible. */ - for (i = 0; i < sizeof(des_cblock); i++) + for (i = 0; i < sizeof(DES_cblock); i++) ((unsigned char*)key)[i] <<= 1; - des_set_odd_parity (key); + DES_set_odd_parity (key); } /* @@ -273,11 +225,11 @@ krb5_DES_AFS3_CMU_string_to_key (krb5_data pw, static void krb5_DES_AFS3_Transarc_string_to_key (krb5_data pw, krb5_data cell, - des_cblock *key) + DES_cblock *key) { - des_key_schedule schedule; - des_cblock temp_key; - des_cblock ivec; + DES_key_schedule schedule; + DES_cblock temp_key; + DES_cblock ivec; char password[512]; size_t passlen; @@ -293,20 +245,20 @@ krb5_DES_AFS3_Transarc_string_to_key (krb5_data pw, passlen = min(sizeof(password), pw.length + cell.length); memcpy(&ivec, "kerberos", 8); memcpy(&temp_key, "kerberos", 8); - des_set_odd_parity (&temp_key); - des_set_key (&temp_key, schedule); - des_cbc_cksum (password, &ivec, passlen, schedule, &ivec); + DES_set_odd_parity (&temp_key); + DES_set_key (&temp_key, &schedule); + DES_cbc_cksum ((void*)password, &ivec, passlen, &schedule, &ivec); memcpy(&temp_key, &ivec, 8); - des_set_odd_parity (&temp_key); - des_set_key (&temp_key, schedule); - des_cbc_cksum (password, key, passlen, schedule, &ivec); + DES_set_odd_parity (&temp_key); + DES_set_key (&temp_key, &schedule); + DES_cbc_cksum ((void*)password, key, passlen, &schedule, &ivec); memset(&schedule, 0, sizeof(schedule)); memset(&temp_key, 0, sizeof(temp_key)); memset(&ivec, 0, sizeof(ivec)); memset(password, 0, sizeof(password)); - des_set_odd_parity (key); + DES_set_odd_parity (key); } static krb5_error_code @@ -317,7 +269,7 @@ DES_AFS3_string_to_key(krb5_context context, krb5_data opaque, krb5_keyblock *key) { - des_cblock tmp; + DES_cblock tmp; if(password.length > 8) krb5_DES_AFS3_Transarc_string_to_key(password, salt.saltvalue, &tmp); else @@ -327,31 +279,121 @@ DES_AFS3_string_to_key(krb5_context context, memset(&key, 0, sizeof(key)); return 0; } +#endif /* ENABLE_AFS_STRING_TO_KEY */ + +static void +DES_string_to_key_int(unsigned char *data, size_t length, DES_cblock *key) +{ + DES_key_schedule schedule; + int i; + int reverse = 0; + unsigned char *p; + + unsigned char swap[] = { 0x0, 0x8, 0x4, 0xc, 0x2, 0xa, 0x6, 0xe, + 0x1, 0x9, 0x5, 0xd, 0x3, 0xb, 0x7, 0xf }; + memset(key, 0, 8); + + p = (unsigned char*)key; + for (i = 0; i < length; i++) { + unsigned char tmp = data[i]; + if (!reverse) + *p++ ^= (tmp << 1); + else + *--p ^= (swap[tmp & 0xf] << 4) | swap[(tmp & 0xf0) >> 4]; + if((i % 8) == 7) + reverse = !reverse; + } + DES_set_odd_parity(key); + if(DES_is_weak_key(key)) + (*key)[7] ^= 0xF0; + DES_set_key(key, &schedule); + DES_cbc_cksum((void*)data, key, length, &schedule, key); + memset(&schedule, 0, sizeof(schedule)); + DES_set_odd_parity(key); + if(DES_is_weak_key(key)) + (*key)[7] ^= 0xF0; +} + +static krb5_error_code +krb5_DES_string_to_key(krb5_context context, + krb5_enctype enctype, + krb5_data password, + krb5_salt salt, + krb5_data opaque, + krb5_keyblock *key) +{ + unsigned char *s; + size_t len; + DES_cblock tmp; + +#ifdef ENABLE_AFS_STRING_TO_KEY + if (opaque.length == 1) { + unsigned long v; + _krb5_get_int(opaque.data, &v, 1); + if (v == 1) + return DES_AFS3_string_to_key(context, enctype, password, + salt, opaque, key); + } +#endif + + len = password.length + salt.saltvalue.length; + s = malloc(len); + if(len > 0 && s == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + memcpy(s, password.data, password.length); + memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length); + DES_string_to_key_int(s, len, &tmp); + key->keytype = enctype; + krb5_data_copy(&key->keyvalue, tmp, sizeof(tmp)); + memset(&tmp, 0, sizeof(tmp)); + memset(s, 0, len); + free(s); + return 0; +} + +static void +krb5_DES_random_to_key(krb5_context context, + krb5_keyblock *key, + const void *data, + size_t size) +{ + DES_cblock *k = key->keyvalue.data; + memcpy(k, data, key->keyvalue.length); + DES_set_odd_parity(k); + if(DES_is_weak_key(k)) + xor(k, (const unsigned char*)"\0\0\0\0\0\0\0\xf0"); +} + +/* + * + */ static void DES3_random_key(krb5_context context, krb5_keyblock *key) { - des_cblock *k = key->keyvalue.data; + DES_cblock *k = key->keyvalue.data; do { - krb5_generate_random_block(k, 3 * sizeof(des_cblock)); - des_set_odd_parity(&k[0]); - des_set_odd_parity(&k[1]); - des_set_odd_parity(&k[2]); - } while(des_is_weak_key(&k[0]) || - des_is_weak_key(&k[1]) || - des_is_weak_key(&k[2])); + krb5_generate_random_block(k, 3 * sizeof(DES_cblock)); + DES_set_odd_parity(&k[0]); + DES_set_odd_parity(&k[1]); + DES_set_odd_parity(&k[2]); + } while(DES_is_weak_key(&k[0]) || + DES_is_weak_key(&k[1]) || + DES_is_weak_key(&k[2])); } static void DES3_schedule(krb5_context context, struct key_data *key) { - des_cblock *k = key->key->keyvalue.data; - des_key_schedule *s = key->schedule->data; - des_set_key(&k[0], s[0]); - des_set_key(&k[1], s[1]); - des_set_key(&k[2], s[2]); + DES_cblock *k = key->key->keyvalue.data; + DES_key_schedule *s = key->schedule->data; + DES_set_key(&k[0], &s[0]); + DES_set_key(&k[1], &s[1]); + DES_set_key(&k[2], &s[2]); } /* @@ -359,7 +401,7 @@ DES3_schedule(krb5_context context, */ static void -xor (des_cblock *key, const unsigned char *b) +xor (DES_cblock *key, const unsigned char *b) { unsigned char *a = (unsigned char*)key; a[0] ^= b[0]; @@ -383,7 +425,8 @@ DES3_string_to_key(krb5_context context, char *str; size_t len; unsigned char tmp[24]; - des_cblock keys[3]; + DES_cblock keys[3]; + krb5_error_code ret; len = password.length + salt.saltvalue.length; str = malloc(len); @@ -394,29 +437,35 @@ DES3_string_to_key(krb5_context context, memcpy(str, password.data, password.length); memcpy(str + password.length, salt.saltvalue.data, salt.saltvalue.length); { - des_cblock ivec; - des_key_schedule s[3]; + DES_cblock ivec; + DES_key_schedule s[3]; int i; - _krb5_n_fold(str, len, tmp, 24); + ret = _krb5_n_fold(str, len, tmp, 24); + if (ret) { + memset(str, 0, len); + free(str); + krb5_set_error_string(context, "out of memory"); + return ret; + } for(i = 0; i < 3; i++){ memcpy(keys + i, tmp + i * 8, sizeof(keys[i])); - des_set_odd_parity(keys + i); - if(des_is_weak_key(keys + i)) + DES_set_odd_parity(keys + i); + if(DES_is_weak_key(keys + i)) xor(keys + i, (const unsigned char*)"\0\0\0\0\0\0\0\xf0"); - des_set_key(keys + i, s[i]); + DES_set_key(keys + i, &s[i]); } memset(&ivec, 0, sizeof(ivec)); - des_ede3_cbc_encrypt(tmp, + DES_ede3_cbc_encrypt(tmp, tmp, sizeof(tmp), - s[0], s[1], s[2], &ivec, DES_ENCRYPT); + &s[0], &s[1], &s[2], &ivec, DES_ENCRYPT); memset(s, 0, sizeof(s)); memset(&ivec, 0, sizeof(ivec)); for(i = 0; i < 3; i++){ memcpy(keys + i, tmp + i * 8, sizeof(keys[i])); - des_set_odd_parity(keys + i); - if(des_is_weak_key(keys + i)) + DES_set_odd_parity(keys + i); + if(DES_is_weak_key(keys + i)) xor(keys + i, (const unsigned char*)"\0\0\0\0\0\0\0\xf0"); } memset(tmp, 0, sizeof(tmp)); @@ -458,19 +507,47 @@ DES3_string_to_key_derived(krb5_context context, return ret; } -/* - * ARCFOUR - */ - static void -ARCFOUR_random_key(krb5_context context, krb5_keyblock *key) +DES3_random_to_key(krb5_context context, + krb5_keyblock *key, + const void *data, + size_t size) { - krb5_generate_random_block (key->keyvalue.data, - key->keyvalue.length); + unsigned char *x = key->keyvalue.data; + const u_char *q = data; + DES_cblock *k; + int i, j; + + memset(x, 0, sizeof(x)); + for (i = 0; i < 3; ++i) { + unsigned char foo; + for (j = 0; j < 7; ++j) { + unsigned char b = q[7 * i + j]; + + x[8 * i + j] = b; + } + foo = 0; + for (j = 6; j >= 0; --j) { + foo |= q[7 * i + j] & 1; + foo <<= 1; + } + x[8 * i + 7] = foo; + } + k = key->keyvalue.data; + for (i = 0; i < 3; i++) { + DES_set_odd_parity(&k[i]); + if(DES_is_weak_key(&k[i])) + xor(&k[i], (const unsigned char*)"\0\0\0\0\0\0\0\xf0"); + } } +/* + * ARCFOUR + */ + static void -ARCFOUR_schedule(krb5_context context, struct key_data *kd) +ARCFOUR_schedule(krb5_context context, + struct key_data *kd) { RC4_set_key (kd->schedule->data, kd->key->keyvalue.length, kd->key->keyvalue.data); @@ -488,12 +565,14 @@ ARCFOUR_string_to_key(krb5_context context, size_t len; int i; MD4_CTX m; + krb5_error_code ret; len = 2 * password.length; s = malloc (len); if (len != 0 && s == NULL) { krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; + ret = ENOMEM; + goto out; } for (p = s, i = 0; i < password.length; ++i) { *p++ = ((char *)password.data)[i]; @@ -502,125 +581,24 @@ ARCFOUR_string_to_key(krb5_context context, MD4_Init (&m); MD4_Update (&m, s, len); key->keytype = enctype; - krb5_data_alloc (&key->keyvalue, 16); + ret = krb5_data_alloc (&key->keyvalue, 16); + if (ret) { + krb5_set_error_string(context, "malloc: out of memory"); + goto out; + } MD4_Final (key->keyvalue.data, &m); memset (s, 0, len); + ret = 0; +out: free (s); - return 0; + return ret; } -#ifdef ENABLE_AES /* * AES */ -/* iter is really 1 based, so iter == 0 will be 1 iteration */ - -krb5_error_code -krb5_PKCS5_PBKDF2(krb5_context context, krb5_cksumtype cktype, - krb5_data password, krb5_salt salt, u_int32_t iter, - krb5_keytype type, krb5_keyblock *key) -{ - struct checksum_type *c = _find_checksum(cktype); - struct key_type *kt; - size_t datalen, leftofkey; - krb5_error_code ret; - u_int32_t keypart; - struct key_data ksign; - krb5_keyblock kb; - Checksum result; - char *data, *tmpcksum; - int i, j; - char *p; - - if (c == NULL) { - krb5_set_error_string(context, "checksum %d not supported", cktype); - return KRB5_PROG_KEYTYPE_NOSUPP; - } - - kt = _find_keytype(type); - if (kt == NULL) { - krb5_set_error_string(context, "key type %d not supported", type); - return KRB5_PROG_KEYTYPE_NOSUPP; - } - - key->keytype = type; - ret = krb5_data_alloc (&key->keyvalue, kt->bits / 8); - if (ret) { - krb5_set_error_string(context, "malloc: out of memory"); - return ret; - } - - ret = krb5_data_alloc (&result.checksum, c->checksumsize); - if (ret) { - krb5_set_error_string(context, "malloc: out of memory"); - krb5_data_free (&key->keyvalue); - return ret; - } - - tmpcksum = malloc(c->checksumsize); - if (tmpcksum == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - krb5_data_free (&key->keyvalue); - krb5_data_free (&result.checksum); - return ENOMEM; - } - - datalen = salt.saltvalue.length + 4; - data = malloc(datalen); - if (data == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - free(tmpcksum); - krb5_data_free (&key->keyvalue); - krb5_data_free (&result.checksum); - return ENOMEM; - } - - kb.keyvalue = password; - ksign.key = &kb; - - memcpy(data, salt.saltvalue.data, salt.saltvalue.length); - - keypart = 1; - leftofkey = key->keyvalue.length; - p = key->keyvalue.data; - - while (leftofkey) { - int len; - - if (leftofkey > c->checksumsize) - len = c->checksumsize; - else - len = leftofkey; - - _krb5_put_int(data + datalen - 4, keypart, 4); - - ret = hmac(context, c, data, datalen, 0, &ksign, &result); - if (ret) - krb5_abortx(context, "hmac failed"); - memcpy(p, result.checksum.data, len); - memcpy(tmpcksum, result.checksum.data, result.checksum.length); - for (i = 0; i < iter; i++) { - ret = hmac(context, c, tmpcksum, result.checksum.length, - 0, &ksign, &result); - if (ret) - krb5_abortx(context, "hmac failed"); - memcpy(tmpcksum, result.checksum.data, result.checksum.length); - for (j = 0; j < len; j++) - p[j] ^= tmpcksum[j]; - } - - p += len; - leftofkey -= len; - keypart++; - } - - free(data); - free(tmpcksum); - krb5_data_free (&result.checksum); - - return 0; -} +int _krb5_AES_string_to_default_iterator = 4096; static krb5_error_code AES_string_to_key(krb5_context context, @@ -631,66 +609,132 @@ AES_string_to_key(krb5_context context, krb5_keyblock *key) { krb5_error_code ret; - u_int32_t iter; + uint32_t iter; struct encryption_type *et; struct key_data kd; if (opaque.length == 0) - iter = 45056 - 1; + iter = _krb5_AES_string_to_default_iterator; else if (opaque.length == 4) { unsigned long v; _krb5_get_int(opaque.data, &v, 4); - iter = ((u_int32_t)v) - 1; + iter = ((uint32_t)v); } else return KRB5_PROG_KEYTYPE_NOSUPP; /* XXX */ - et = _find_enctype(enctype); if (et == NULL) return KRB5_PROG_KEYTYPE_NOSUPP; - ret = krb5_PKCS5_PBKDF2(context, CKSUMTYPE_SHA1, password, salt, - iter, enctype, key); - if (ret) + kd.schedule = NULL; + ALLOC(kd.key, 1); + if(kd.key == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + kd.key->keytype = enctype; + ret = krb5_data_alloc(&kd.key->keyvalue, et->keytype->size); + if (ret) { + krb5_set_error_string(context, "Failed to allocate pkcs5 key"); return ret; + } - ret = krb5_copy_keyblock(context, key, &kd.key); - kd.schedule = NULL; + ret = PKCS5_PBKDF2_HMAC_SHA1(password.data, password.length, + salt.saltvalue.data, salt.saltvalue.length, + iter, + et->keytype->size, kd.key->keyvalue.data); + if (ret != 1) { + free_key_data(context, &kd); + krb5_set_error_string(context, "Error calculating s2k"); + return KRB5_PROG_KEYTYPE_NOSUPP; + } ret = derive_key(context, et, &kd, "kerberos", strlen("kerberos")); - - if (ret) { - krb5_data_free(&key->keyvalue); - } else { + if (ret == 0) ret = krb5_copy_keyblock_contents(context, kd.key, key); - free_key_data(context, &kd); - } + free_key_data(context, &kd); return ret; } +struct krb5_aes_schedule { + AES_KEY ekey; + AES_KEY dkey; +}; + static void -AES_schedule(krb5_context context, struct key_data *kd) +AES_schedule(krb5_context context, + struct key_data *kd) { - AES_KEY *key = kd->schedule->data; + struct krb5_aes_schedule *key = kd->schedule->data; int bits = kd->key->keyvalue.length * 8; - - AES_set_encrypt_key(kd->key->keyvalue.data, bits, &key[0]); - AES_set_decrypt_key(kd->key->keyvalue.data, bits, &key[1]); + + memset(key, 0, sizeof(*key)); + AES_set_encrypt_key(kd->key->keyvalue.data, bits, &key->ekey); + AES_set_decrypt_key(kd->key->keyvalue.data, bits, &key->dkey); } /* * */ -extern struct salt_type AES_salt[]; +static struct salt_type des_salt[] = { + { + KRB5_PW_SALT, + "pw-salt", + krb5_DES_string_to_key + }, +#ifdef ENABLE_AFS_STRING_TO_KEY + { + KRB5_AFS3_SALT, + "afs3-salt", + DES_AFS3_string_to_key + }, +#endif + { 0 } +}; -#endif /* ENABLE_AES */ +static struct salt_type des3_salt[] = { + { + KRB5_PW_SALT, + "pw-salt", + DES3_string_to_key + }, + { 0 } +}; -extern struct salt_type des_salt[], - des3_salt[], des3_salt_derived[], arcfour_salt[]; +static struct salt_type des3_salt_derived[] = { + { + KRB5_PW_SALT, + "pw-salt", + DES3_string_to_key_derived + }, + { 0 } +}; -struct key_type keytype_null = { +static struct salt_type AES_salt[] = { + { + KRB5_PW_SALT, + "pw-salt", + AES_string_to_key + }, + { 0 } +}; + +static struct salt_type arcfour_salt[] = { + { + KRB5_PW_SALT, + "pw-salt", + ARCFOUR_string_to_key + }, + { 0 } +}; + +/* + * + */ + +static struct key_type keytype_null = { KEYTYPE_NULL, "null", 0, @@ -701,83 +745,82 @@ struct key_type keytype_null = { NULL }; -struct key_type keytype_des = { +static struct key_type keytype_des = { KEYTYPE_DES, "des", 56, - sizeof(des_cblock), - sizeof(des_key_schedule), + sizeof(DES_cblock), + sizeof(DES_key_schedule), krb5_DES_random_key, krb5_DES_schedule, - des_salt + des_salt, + krb5_DES_random_to_key }; -struct key_type keytype_des3 = { +static struct key_type keytype_des3 = { KEYTYPE_DES3, "des3", 168, - 3 * sizeof(des_cblock), - 3 * sizeof(des_key_schedule), + 3 * sizeof(DES_cblock), + 3 * sizeof(DES_key_schedule), DES3_random_key, DES3_schedule, - des3_salt + des3_salt, + DES3_random_to_key }; -struct key_type keytype_des3_derived = { +static struct key_type keytype_des3_derived = { KEYTYPE_DES3, "des3", 168, - 3 * sizeof(des_cblock), - 3 * sizeof(des_key_schedule), + 3 * sizeof(DES_cblock), + 3 * sizeof(DES_key_schedule), DES3_random_key, DES3_schedule, - des3_salt_derived + des3_salt_derived, + DES3_random_to_key }; -#ifdef ENABLE_AES -struct key_type keytype_aes128 = { +static struct key_type keytype_aes128 = { KEYTYPE_AES128, "aes-128", 128, 16, - sizeof(AES_KEY) * 2, + sizeof(struct krb5_aes_schedule), NULL, AES_schedule, AES_salt }; -struct key_type keytype_aes256 = { +static struct key_type keytype_aes256 = { KEYTYPE_AES256, "aes-256", 256, - 16, - sizeof(AES_KEY) * 2, + 32, + sizeof(struct krb5_aes_schedule), NULL, AES_schedule, AES_salt }; -#endif /* ENABLE_AES */ -struct key_type keytype_arcfour = { +static struct key_type keytype_arcfour = { KEYTYPE_ARCFOUR, "arcfour", 128, 16, sizeof(RC4_KEY), - ARCFOUR_random_key, + NULL, ARCFOUR_schedule, arcfour_salt }; -struct key_type *keytypes[] = { +static struct key_type *keytypes[] = { &keytype_null, &keytype_des, &keytype_des3_derived, &keytype_des3, -#ifdef ENABLE_AES &keytype_aes128, &keytype_aes256, -#endif /* ENABLE_AES */ &keytype_arcfour }; @@ -794,59 +837,7 @@ _find_keytype(krb5_keytype type) } -struct salt_type des_salt[] = { - { - KRB5_PW_SALT, - "pw-salt", - krb5_DES_string_to_key - }, - { - KRB5_AFS3_SALT, - "afs3-salt", - DES_AFS3_string_to_key - }, - { 0 } -}; - -struct salt_type des3_salt[] = { - { - KRB5_PW_SALT, - "pw-salt", - DES3_string_to_key - }, - { 0 } -}; - -struct salt_type des3_salt_derived[] = { - { - KRB5_PW_SALT, - "pw-salt", - DES3_string_to_key_derived - }, - { 0 } -}; - -#ifdef ENABLE_AES -struct salt_type AES_salt[] = { - { - KRB5_PW_SALT, - "pw-salt", - AES_string_to_key - }, - { 0 } -}; -#endif /* ENABLE_AES */ - -struct salt_type arcfour_salt[] = { - { - KRB5_PW_SALT, - "pw-salt", - ARCFOUR_string_to_key - }, - { 0 } -}; - -krb5_error_code +krb5_error_code KRB5_LIB_FUNCTION krb5_salttype_to_string (krb5_context context, krb5_enctype etype, krb5_salttype stype, @@ -875,7 +866,7 @@ krb5_salttype_to_string (krb5_context context, return HEIM_ERR_SALTTYPE_NOSUPP; } -krb5_error_code +krb5_error_code KRB5_LIB_FUNCTION krb5_string_to_salttype (krb5_context context, krb5_enctype etype, const char *string, @@ -900,7 +891,7 @@ krb5_string_to_salttype (krb5_context context, return HEIM_ERR_SALTTYPE_NOSUPP; } -krb5_error_code +krb5_error_code KRB5_LIB_FUNCTION krb5_get_pw_salt(krb5_context context, krb5_const_principal principal, krb5_salt *salt) @@ -929,7 +920,7 @@ krb5_get_pw_salt(krb5_context context, return 0; } -krb5_error_code +krb5_error_code KRB5_LIB_FUNCTION krb5_free_salt(krb5_context context, krb5_salt salt) { @@ -937,7 +928,7 @@ krb5_free_salt(krb5_context context, return 0; } -krb5_error_code +krb5_error_code KRB5_LIB_FUNCTION krb5_string_to_key_data (krb5_context context, krb5_enctype enctype, krb5_data password, @@ -955,7 +946,7 @@ krb5_string_to_key_data (krb5_context context, return ret; } -krb5_error_code +krb5_error_code KRB5_LIB_FUNCTION krb5_string_to_key (krb5_context context, krb5_enctype enctype, const char *password, @@ -963,12 +954,12 @@ krb5_string_to_key (krb5_context context, krb5_keyblock *key) { krb5_data pw; - pw.data = (void*)password; + pw.data = rk_UNCONST(password); pw.length = strlen(password); return krb5_string_to_key_data(context, enctype, pw, principal, key); } -krb5_error_code +krb5_error_code KRB5_LIB_FUNCTION krb5_string_to_key_data_salt (krb5_context context, krb5_enctype enctype, krb5_data password, @@ -987,7 +978,7 @@ krb5_string_to_key_data_salt (krb5_context context, * `opaque'), returning the resulting key in `key' */ -krb5_error_code +krb5_error_code KRB5_LIB_FUNCTION krb5_string_to_key_data_salt_opaque (krb5_context context, krb5_enctype enctype, krb5_data password, @@ -1017,7 +1008,7 @@ krb5_string_to_key_data_salt_opaque (krb5_context context, * in `key' */ -krb5_error_code +krb5_error_code KRB5_LIB_FUNCTION krb5_string_to_key_salt (krb5_context context, krb5_enctype enctype, const char *password, @@ -1025,12 +1016,27 @@ krb5_string_to_key_salt (krb5_context context, krb5_keyblock *key) { krb5_data pw; - pw.data = (void*)password; + pw.data = rk_UNCONST(password); pw.length = strlen(password); return krb5_string_to_key_data_salt(context, enctype, pw, salt, key); } -krb5_error_code +krb5_error_code KRB5_LIB_FUNCTION +krb5_string_to_key_salt_opaque (krb5_context context, + krb5_enctype enctype, + const char *password, + krb5_salt salt, + krb5_data opaque, + krb5_keyblock *key) +{ + krb5_data pw; + pw.data = rk_UNCONST(password); + pw.length = strlen(password); + return krb5_string_to_key_data_salt_opaque(context, enctype, + pw, salt, opaque, key); +} + +krb5_error_code KRB5_LIB_FUNCTION krb5_keytype_to_string(krb5_context context, krb5_keytype keytype, char **string) @@ -1048,7 +1054,7 @@ krb5_keytype_to_string(krb5_context context, return 0; } -krb5_error_code +krb5_error_code KRB5_LIB_FUNCTION krb5_string_to_keytype(krb5_context context, const char *string, krb5_keytype *keytype) @@ -1063,7 +1069,7 @@ krb5_string_to_keytype(krb5_context context, return KRB5_PROG_KEYTYPE_NOSUPP; } -krb5_error_code +krb5_error_code KRB5_LIB_FUNCTION krb5_enctype_keysize(krb5_context context, krb5_enctype type, size_t *keysize) @@ -1078,7 +1084,22 @@ krb5_enctype_keysize(krb5_context context, return 0; } -krb5_error_code +krb5_error_code KRB5_LIB_FUNCTION +krb5_enctype_keybits(krb5_context context, + krb5_enctype type, + size_t *keybits) +{ + struct encryption_type *et = _find_enctype(type); + if(et == NULL) { + krb5_set_error_string(context, "encryption type %d not supported", + type); + return KRB5_PROG_ETYPE_NOSUPP; + } + *keybits = et->keytype->bits; + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION krb5_generate_random_keyblock(krb5_context context, krb5_enctype type, krb5_keyblock *key) @@ -1151,7 +1172,7 @@ CRC32_checksum(krb5_context context, unsigned usage, Checksum *C) { - u_int32_t crc; + uint32_t crc; unsigned char *r = C->checksum.data; _krb5_crc_init_table (); crc = _krb5_crc_update (data, len, 0); @@ -1185,7 +1206,7 @@ RSA_MD4_DES_checksum(krb5_context context, Checksum *cksum) { MD4_CTX md4; - des_cblock ivec; + DES_cblock ivec; unsigned char *p = cksum->checksum.data; krb5_generate_random_block(p, 8); @@ -1194,7 +1215,7 @@ RSA_MD4_DES_checksum(krb5_context context, MD4_Update (&md4, data, len); MD4_Final (p + 8, &md4); memset (&ivec, 0, sizeof(ivec)); - des_cbc_encrypt(p, + DES_cbc_encrypt(p, p, 24, key->schedule->data, @@ -1213,11 +1234,11 @@ RSA_MD4_DES_verify(krb5_context context, MD4_CTX md4; unsigned char tmp[24]; unsigned char res[16]; - des_cblock ivec; + DES_cblock ivec; krb5_error_code ret = 0; memset(&ivec, 0, sizeof(ivec)); - des_cbc_encrypt(C->checksum.data, + DES_cbc_encrypt(C->checksum.data, (void*)tmp, C->checksum.length, key->schedule->data, @@ -1260,7 +1281,7 @@ RSA_MD5_DES_checksum(krb5_context context, Checksum *C) { MD5_CTX md5; - des_cblock ivec; + DES_cblock ivec; unsigned char *p = C->checksum.data; krb5_generate_random_block(p, 8); @@ -1269,7 +1290,7 @@ RSA_MD5_DES_checksum(krb5_context context, MD5_Update (&md5, data, len); MD5_Final (p + 8, &md5); memset (&ivec, 0, sizeof(ivec)); - des_cbc_encrypt(p, + DES_cbc_encrypt(p, p, 24, key->schedule->data, @@ -1288,15 +1309,15 @@ RSA_MD5_DES_verify(krb5_context context, MD5_CTX md5; unsigned char tmp[24]; unsigned char res[16]; - des_cblock ivec; - des_key_schedule *sched = key->schedule->data; + DES_cblock ivec; + DES_key_schedule *sched = key->schedule->data; krb5_error_code ret = 0; memset(&ivec, 0, sizeof(ivec)); - des_cbc_encrypt(C->checksum.data, + DES_cbc_encrypt(C->checksum.data, (void*)tmp, C->checksum.length, - sched[0], + &sched[0], &ivec, DES_DECRYPT); MD5_Init (&md5); @@ -1321,9 +1342,9 @@ RSA_MD5_DES3_checksum(krb5_context context, Checksum *C) { MD5_CTX md5; - des_cblock ivec; + DES_cblock ivec; unsigned char *p = C->checksum.data; - des_key_schedule *sched = key->schedule->data; + DES_key_schedule *sched = key->schedule->data; krb5_generate_random_block(p, 8); MD5_Init (&md5); @@ -1331,10 +1352,10 @@ RSA_MD5_DES3_checksum(krb5_context context, MD5_Update (&md5, data, len); MD5_Final (p + 8, &md5); memset (&ivec, 0, sizeof(ivec)); - des_ede3_cbc_encrypt(p, + DES_ede3_cbc_encrypt(p, p, 24, - sched[0], sched[1], sched[2], + &sched[0], &sched[1], &sched[2], &ivec, DES_ENCRYPT); } @@ -1350,15 +1371,15 @@ RSA_MD5_DES3_verify(krb5_context context, MD5_CTX md5; unsigned char tmp[24]; unsigned char res[16]; - des_cblock ivec; - des_key_schedule *sched = key->schedule->data; + DES_cblock ivec; + DES_key_schedule *sched = key->schedule->data; krb5_error_code ret = 0; memset(&ivec, 0, sizeof(ivec)); - des_ede3_cbc_encrypt(C->checksum.data, + DES_ede3_cbc_encrypt(C->checksum.data, (void*)tmp, C->checksum.length, - sched[0], sched[1], sched[2], + &sched[0], &sched[1], &sched[2], &ivec, DES_DECRYPT); MD5_Init (&md5); @@ -1447,7 +1468,7 @@ hmac(krb5_context context, return 0; } -krb5_error_code +krb5_error_code KRB5_LIB_FUNCTION krb5_hmac(krb5_context context, krb5_cksumtype cktype, const void *data, @@ -1579,16 +1600,16 @@ HMAC_MD5_checksum_enc(krb5_context context, krb5_abortx(context, "hmac failed"); } -struct checksum_type checksum_none = { +static struct checksum_type checksum_none = { CKSUMTYPE_NONE, "none", 1, 0, - 0, + 0, NONE_checksum, NULL }; -struct checksum_type checksum_crc32 = { +static struct checksum_type checksum_crc32 = { CKSUMTYPE_CRC32, "crc32", 1, @@ -1597,7 +1618,7 @@ struct checksum_type checksum_crc32 = { CRC32_checksum, NULL }; -struct checksum_type checksum_rsa_md4 = { +static struct checksum_type checksum_rsa_md4 = { CKSUMTYPE_RSA_MD4, "rsa-md4", 64, @@ -1606,7 +1627,7 @@ struct checksum_type checksum_rsa_md4 = { RSA_MD4_checksum, NULL }; -struct checksum_type checksum_rsa_md4_des = { +static struct checksum_type checksum_rsa_md4_des = { CKSUMTYPE_RSA_MD4_DES, "rsa-md4-des", 64, @@ -1616,7 +1637,7 @@ struct checksum_type checksum_rsa_md4_des = { RSA_MD4_DES_verify }; #if 0 -struct checksum_type checksum_des_mac = { +static struct checksum_type checksum_des_mac = { CKSUMTYPE_DES_MAC, "des-mac", 0, @@ -1624,7 +1645,7 @@ struct checksum_type checksum_des_mac = { 0, DES_MAC_checksum }; -struct checksum_type checksum_des_mac_k = { +static struct checksum_type checksum_des_mac_k = { CKSUMTYPE_DES_MAC_K, "des-mac-k", 0, @@ -1632,7 +1653,7 @@ struct checksum_type checksum_des_mac_k = { 0, DES_MAC_K_checksum }; -struct checksum_type checksum_rsa_md4_des_k = { +static struct checksum_type checksum_rsa_md4_des_k = { CKSUMTYPE_RSA_MD4_DES_K, "rsa-md4-des-k", 0, @@ -1642,7 +1663,7 @@ struct checksum_type checksum_rsa_md4_des_k = { RSA_MD4_DES_K_verify }; #endif -struct checksum_type checksum_rsa_md5 = { +static struct checksum_type checksum_rsa_md5 = { CKSUMTYPE_RSA_MD5, "rsa-md5", 64, @@ -1651,7 +1672,7 @@ struct checksum_type checksum_rsa_md5 = { RSA_MD5_checksum, NULL }; -struct checksum_type checksum_rsa_md5_des = { +static struct checksum_type checksum_rsa_md5_des = { CKSUMTYPE_RSA_MD5_DES, "rsa-md5-des", 64, @@ -1660,7 +1681,7 @@ struct checksum_type checksum_rsa_md5_des = { RSA_MD5_DES_checksum, RSA_MD5_DES_verify }; -struct checksum_type checksum_rsa_md5_des3 = { +static struct checksum_type checksum_rsa_md5_des3 = { CKSUMTYPE_RSA_MD5_DES3, "rsa-md5-des3", 64, @@ -1669,7 +1690,7 @@ struct checksum_type checksum_rsa_md5_des3 = { RSA_MD5_DES3_checksum, RSA_MD5_DES3_verify }; -struct checksum_type checksum_sha1 = { +static struct checksum_type checksum_sha1 = { CKSUMTYPE_SHA1, "sha1", 64, @@ -1678,7 +1699,7 @@ struct checksum_type checksum_sha1 = { SHA1_checksum, NULL }; -struct checksum_type checksum_hmac_sha1_des3 = { +static struct checksum_type checksum_hmac_sha1_des3 = { CKSUMTYPE_HMAC_SHA1_DES3, "hmac-sha1-des3", 64, @@ -1688,8 +1709,7 @@ struct checksum_type checksum_hmac_sha1_des3 = { NULL }; -#ifdef ENABLE_AES -struct checksum_type checksum_hmac_sha1_aes128 = { +static struct checksum_type checksum_hmac_sha1_aes128 = { CKSUMTYPE_HMAC_SHA1_96_AES_128, "hmac-sha1-96-aes128", 64, @@ -1699,7 +1719,7 @@ struct checksum_type checksum_hmac_sha1_aes128 = { NULL }; -struct checksum_type checksum_hmac_sha1_aes256 = { +static struct checksum_type checksum_hmac_sha1_aes256 = { CKSUMTYPE_HMAC_SHA1_96_AES_256, "hmac-sha1-96-aes256", 64, @@ -1708,9 +1728,8 @@ struct checksum_type checksum_hmac_sha1_aes256 = { SP_HMAC_SHA1_checksum, NULL }; -#endif /* ENABLE_AES */ -struct checksum_type checksum_hmac_md5 = { +static struct checksum_type checksum_hmac_md5 = { CKSUMTYPE_HMAC_MD5, "hmac-md5", 64, @@ -1720,7 +1739,7 @@ struct checksum_type checksum_hmac_md5 = { NULL }; -struct checksum_type checksum_hmac_md5_enc = { +static struct checksum_type checksum_hmac_md5_enc = { CKSUMTYPE_HMAC_MD5_ENC, "hmac-md5-enc", 64, @@ -1730,7 +1749,7 @@ struct checksum_type checksum_hmac_md5_enc = { NULL }; -struct checksum_type *checksum_types[] = { +static struct checksum_type *checksum_types[] = { &checksum_none, &checksum_crc32, &checksum_rsa_md4, @@ -1745,10 +1764,8 @@ struct checksum_type *checksum_types[] = { &checksum_rsa_md5_des3, &checksum_sha1, &checksum_hmac_sha1_des3, -#ifdef ENABLE_AES &checksum_hmac_sha1_aes128, &checksum_hmac_sha1_aes256, -#endif &checksum_hmac_md5, &checksum_hmac_md5_enc }; @@ -1810,9 +1827,15 @@ create_checksum (krb5_context context, struct key_data *dkey; int keyed_checksum; + if (ct->flags & F_DISABLED) { + krb5_clear_error_string (context); + return KRB5_PROG_SUMTYPE_NOSUPP; + } keyed_checksum = (ct->flags & F_KEYED) != 0; if(keyed_checksum && crypto == NULL) { - krb5_clear_error_string (context); + krb5_set_error_string (context, "Checksum type %s is keyed " + "but no crypto context (key) was passed in", + ct->name); return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */ } if(keyed_checksum) { @@ -1822,7 +1845,9 @@ create_checksum (krb5_context context, } else dkey = NULL; result->cksumtype = ct->type; - krb5_data_alloc(&result->checksum, ct->checksumsize); + ret = krb5_data_alloc(&result->checksum, ct->checksumsize); + if (ret) + return (ret); (*ct->checksum)(context, dkey, data, len, usage, result); return 0; } @@ -1834,7 +1859,7 @@ arcfour_checksum_p(struct checksum_type *ct, krb5_crypto crypto) (crypto->key.key->keytype == KEYTYPE_ARCFOUR); } -krb5_error_code +krb5_error_code KRB5_LIB_FUNCTION krb5_create_checksum(krb5_context context, krb5_crypto crypto, krb5_key_usage usage, @@ -1886,7 +1911,7 @@ verify_checksum(krb5_context context, struct checksum_type *ct; ct = _find_checksum(cksum->cksumtype); - if (ct == NULL) { + if (ct == NULL || (ct->flags & F_DISABLED)) { krb5_set_error_string (context, "checksum type %d not supported", cksum->cksumtype); return KRB5_PROG_SUMTYPE_NOSUPP; @@ -1897,7 +1922,9 @@ verify_checksum(krb5_context context, } keyed_checksum = (ct->flags & F_KEYED) != 0; if(keyed_checksum && crypto == NULL) { - krb5_clear_error_string (context); + krb5_set_error_string (context, "Checksum type %s is keyed " + "but no crypto context (key) was passed in", + ct->name); return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */ } if(keyed_checksum) @@ -1924,7 +1951,7 @@ verify_checksum(krb5_context context, return ret; } -krb5_error_code +krb5_error_code KRB5_LIB_FUNCTION krb5_verify_checksum(krb5_context context, krb5_crypto crypto, krb5_key_usage usage, @@ -1952,7 +1979,31 @@ krb5_verify_checksum(krb5_context context, data, len, cksum); } -krb5_error_code +krb5_error_code KRB5_LIB_FUNCTION +krb5_crypto_get_checksum_type(krb5_context context, + krb5_crypto crypto, + krb5_cksumtype *type) +{ + struct checksum_type *ct = NULL; + + if (crypto != NULL) { + ct = crypto->et->keyed_checksum; + if (ct == NULL) + ct = crypto->et->checksum; + } + + if (ct == NULL) { + krb5_set_error_string (context, "checksum type not found"); + return KRB5_PROG_SUMTYPE_NOSUPP; + } + + *type = ct->type; + + return 0; +} + + +krb5_error_code KRB5_LIB_FUNCTION krb5_checksumsize(krb5_context context, krb5_cksumtype type, size_t *size) @@ -1967,32 +2018,49 @@ krb5_checksumsize(krb5_context context, return 0; } -krb5_boolean +krb5_boolean KRB5_LIB_FUNCTION krb5_checksum_is_keyed(krb5_context context, krb5_cksumtype type) { struct checksum_type *ct = _find_checksum(type); if(ct == NULL) { - krb5_set_error_string (context, "checksum type %d not supported", - type); + if (context) + krb5_set_error_string (context, "checksum type %d not supported", + type); return KRB5_PROG_SUMTYPE_NOSUPP; } return ct->flags & F_KEYED; } -krb5_boolean +krb5_boolean KRB5_LIB_FUNCTION krb5_checksum_is_collision_proof(krb5_context context, krb5_cksumtype type) { struct checksum_type *ct = _find_checksum(type); if(ct == NULL) { - krb5_set_error_string (context, "checksum type %d not supported", - type); + if (context) + krb5_set_error_string (context, "checksum type %d not supported", + type); return KRB5_PROG_SUMTYPE_NOSUPP; } return ct->flags & F_CPROOF; } +krb5_error_code KRB5_LIB_FUNCTION +krb5_checksum_disable(krb5_context context, + krb5_cksumtype type) +{ + struct checksum_type *ct = _find_checksum(type); + if(ct == NULL) { + if (context) + krb5_set_error_string (context, "checksum type %d not supported", + type); + return KRB5_PROG_SUMTYPE_NOSUPP; + } + ct->flags |= F_DISABLED; + return 0; +} + /************************************************************ * * ************************************************************/ @@ -2002,7 +2070,7 @@ NULL_encrypt(krb5_context context, struct key_data *key, void *data, size_t len, - krb5_boolean encrypt, + krb5_boolean encryptp, int usage, void *ivec) { @@ -2014,14 +2082,14 @@ DES_CBC_encrypt_null_ivec(krb5_context context, struct key_data *key, void *data, size_t len, - krb5_boolean encrypt, + krb5_boolean encryptp, int usage, void *ignore_ivec) { - des_cblock ivec; - des_key_schedule *s = key->schedule->data; + DES_cblock ivec; + DES_key_schedule *s = key->schedule->data; memset(&ivec, 0, sizeof(ivec)); - des_cbc_encrypt(data, data, len, *s, &ivec, encrypt); + DES_cbc_encrypt(data, data, len, s, &ivec, encryptp); return 0; } @@ -2030,14 +2098,14 @@ DES_CBC_encrypt_key_ivec(krb5_context context, struct key_data *key, void *data, size_t len, - krb5_boolean encrypt, + krb5_boolean encryptp, int usage, void *ignore_ivec) { - des_cblock ivec; - des_key_schedule *s = key->schedule->data; + DES_cblock ivec; + DES_key_schedule *s = key->schedule->data; memcpy(&ivec, key->key->keyvalue.data, sizeof(ivec)); - des_cbc_encrypt(data, data, len, *s, &ivec, encrypt); + DES_cbc_encrypt(data, data, len, s, &ivec, encryptp); return 0; } @@ -2046,17 +2114,17 @@ DES3_CBC_encrypt(krb5_context context, struct key_data *key, void *data, size_t len, - krb5_boolean encrypt, + krb5_boolean encryptp, int usage, void *ivec) { - des_cblock local_ivec; - des_key_schedule *s = key->schedule->data; + DES_cblock local_ivec; + DES_key_schedule *s = key->schedule->data; if(ivec == NULL) { ivec = &local_ivec; memset(local_ivec, 0, sizeof(local_ivec)); } - des_ede3_cbc_encrypt(data, data, len, s[0], s[1], s[2], ivec, encrypt); + DES_ede3_cbc_encrypt(data, data, len, &s[0], &s[1], &s[2], ivec, encryptp); return 0; } @@ -2065,16 +2133,16 @@ DES_CFB64_encrypt_null_ivec(krb5_context context, struct key_data *key, void *data, size_t len, - krb5_boolean encrypt, + krb5_boolean encryptp, int usage, void *ignore_ivec) { - des_cblock ivec; + DES_cblock ivec; int num = 0; - des_key_schedule *s = key->schedule->data; + DES_key_schedule *s = key->schedule->data; memset(&ivec, 0, sizeof(ivec)); - des_cfb64_encrypt(data, data, len, *s, &ivec, &num, encrypt); + DES_cfb64_encrypt(data, data, len, s, &ivec, &num, encryptp); return 0; } @@ -2083,31 +2151,28 @@ DES_PCBC_encrypt_key_ivec(krb5_context context, struct key_data *key, void *data, size_t len, - krb5_boolean encrypt, + krb5_boolean encryptp, int usage, void *ignore_ivec) { - des_cblock ivec; - des_key_schedule *s = key->schedule->data; + DES_cblock ivec; + DES_key_schedule *s = key->schedule->data; memcpy(&ivec, key->key->keyvalue.data, sizeof(ivec)); - des_pcbc_encrypt(data, data, len, *s, &ivec, encrypt); + DES_pcbc_encrypt(data, data, len, s, &ivec, encryptp); return 0; } -#ifdef ENABLE_AES - /* * AES draft-raeburn-krb-rijndael-krb-02 */ -void +void KRB5_LIB_FUNCTION _krb5_aes_cts_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const void *aes_key, - unsigned char *ivec, const int enc) + size_t len, const AES_KEY *key, + unsigned char *ivec, const int encryptp) { unsigned char tmp[AES_BLOCK_SIZE]; - const AES_KEY *key = aes_key; /* XXX remove this when we always have AES */ int i; /* @@ -2115,7 +2180,7 @@ _krb5_aes_cts_encrypt(const unsigned char *in, unsigned char *out, * then at least one blocksize. */ - if (enc == AES_ENCRYPT) { + if (encryptp) { while(len > AES_BLOCK_SIZE) { for (i = 0; i < AES_BLOCK_SIZE; i++) @@ -2135,10 +2200,11 @@ _krb5_aes_cts_encrypt(const unsigned char *in, unsigned char *out, AES_encrypt(tmp, out - AES_BLOCK_SIZE, key); memcpy(out, ivec, len); + memcpy(ivec, out - AES_BLOCK_SIZE, AES_BLOCK_SIZE); } else { - char tmp2[AES_BLOCK_SIZE]; - char tmp3[AES_BLOCK_SIZE]; + unsigned char tmp2[AES_BLOCK_SIZE]; + unsigned char tmp3[AES_BLOCK_SIZE]; while(len > AES_BLOCK_SIZE * 2) { memcpy(tmp, in, AES_BLOCK_SIZE); @@ -2153,6 +2219,7 @@ _krb5_aes_cts_encrypt(const unsigned char *in, unsigned char *out, len -= AES_BLOCK_SIZE; + memcpy(tmp, in, AES_BLOCK_SIZE); /* save last iv */ AES_decrypt(in, tmp2, key); memcpy(tmp3, in + AES_BLOCK_SIZE, len); @@ -2164,6 +2231,7 @@ _krb5_aes_cts_encrypt(const unsigned char *in, unsigned char *out, AES_decrypt(tmp3, out, key); for (i = 0; i < AES_BLOCK_SIZE; i++) out[i] ^= ivec[i]; + memcpy(ivec, tmp, AES_BLOCK_SIZE); } } @@ -2172,22 +2240,23 @@ AES_CTS_encrypt(krb5_context context, struct key_data *key, void *data, size_t len, - krb5_boolean encrypt, + krb5_boolean encryptp, int usage, void *ivec) { - AES_KEY *k = key->schedule->data; + struct krb5_aes_schedule *aeskey = key->schedule->data; char local_ivec[AES_BLOCK_SIZE]; + AES_KEY *k; - if (encrypt) - k = &k[0]; + if (encryptp) + k = &aeskey->ekey; else - k = &k[1]; + k = &aeskey->dkey; if (len < AES_BLOCK_SIZE) krb5_abortx(context, "invalid use of AES_CTS_encrypt"); if (len == AES_BLOCK_SIZE) { - if (encrypt) + if (encryptp) AES_encrypt(data, data, k); else AES_decrypt(data, data, k); @@ -2196,12 +2265,11 @@ AES_CTS_encrypt(krb5_context context, memset(local_ivec, 0, sizeof(local_ivec)); ivec = local_ivec; } - _krb5_aes_cts_encrypt(data, data, len, k, ivec, encrypt); + _krb5_aes_cts_encrypt(data, data, len, k, ivec, encryptp); } return 0; } -#endif /* ENABLE_AES */ /* * section 6 of draft-brezak-win2k-krb-rc4-hmac-03 @@ -2214,7 +2282,7 @@ ARCFOUR_subencrypt(krb5_context context, struct key_data *key, void *data, size_t len, - int usage, + unsigned usage, void *ivec) { struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5); @@ -2277,7 +2345,7 @@ ARCFOUR_subdecrypt(krb5_context context, struct key_data *key, void *data, size_t len, - int usage, + unsigned usage, void *ivec) { struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5); @@ -2350,7 +2418,7 @@ ARCFOUR_subdecrypt(krb5_context context, */ static krb5_error_code -usage2arcfour (krb5_context context, int *usage) +usage2arcfour (krb5_context context, unsigned *usage) { switch (*usage) { case KRB5_KU_AS_REP_ENC_PART : /* 3 */ @@ -2376,40 +2444,98 @@ ARCFOUR_encrypt(krb5_context context, struct key_data *key, void *data, size_t len, - krb5_boolean encrypt, + krb5_boolean encryptp, int usage, void *ivec) { krb5_error_code ret; - if((ret = usage2arcfour (context, &usage)) != 0) + unsigned keyusage = usage; + + if((ret = usage2arcfour (context, &keyusage)) != 0) return ret; - if (encrypt) - return ARCFOUR_subencrypt (context, key, data, len, usage, ivec); + if (encryptp) + return ARCFOUR_subencrypt (context, key, data, len, keyusage, ivec); else - return ARCFOUR_subdecrypt (context, key, data, len, usage, ivec); + return ARCFOUR_subdecrypt (context, key, data, len, keyusage, ivec); } /* + * + */ + +static krb5_error_code +AES_PRF(krb5_context context, + krb5_crypto crypto, + const krb5_data *in, + krb5_data *out) +{ + struct checksum_type *ct = crypto->et->checksum; + krb5_error_code ret; + Checksum result; + krb5_keyblock *derived; + + result.cksumtype = ct->type; + ret = krb5_data_alloc(&result.checksum, ct->checksumsize); + if (ret) { + krb5_set_error_string(context, "out memory"); + return ret; + } + + (*ct->checksum)(context, NULL, in->data, in->length, 0, &result); + + if (result.checksum.length < crypto->et->blocksize) + krb5_abortx(context, "internal prf error"); + + derived = NULL; + ret = krb5_derive_key(context, crypto->key.key, + crypto->et->type, "prf", 3, &derived); + if (ret) + krb5_abortx(context, "krb5_derive_key"); + + ret = krb5_data_alloc(out, crypto->et->blocksize); + if (ret) + krb5_abortx(context, "malloc failed"); + + { + AES_KEY key; + + AES_set_encrypt_key(derived->keyvalue.data, + crypto->et->keytype->bits, &key); + AES_encrypt(result.checksum.data, out->data, &key); + memset(&key, 0, sizeof(key)); + } + + krb5_data_free(&result.checksum); + krb5_free_keyblock(context, derived); + + return ret; +} + +/* * these should currently be in reverse preference order. * (only relevant for !F_PSEUDO) */ static struct encryption_type enctype_null = { ETYPE_NULL, "null", + NULL, 1, 1, 0, &keytype_null, &checksum_none, NULL, - 0, + F_DISABLED, NULL_encrypt, + 0, + NULL }; static struct encryption_type enctype_des_cbc_crc = { ETYPE_DES_CBC_CRC, "des-cbc-crc", + NULL, 8, 8, 8, @@ -2418,10 +2544,13 @@ static struct encryption_type enctype_des_cbc_crc = { NULL, 0, DES_CBC_encrypt_key_ivec, + 0, + NULL }; static struct encryption_type enctype_des_cbc_md4 = { ETYPE_DES_CBC_MD4, "des-cbc-md4", + NULL, 8, 8, 8, @@ -2430,10 +2559,13 @@ static struct encryption_type enctype_des_cbc_md4 = { &checksum_rsa_md4_des, 0, DES_CBC_encrypt_null_ivec, + 0, + NULL }; static struct encryption_type enctype_des_cbc_md5 = { ETYPE_DES_CBC_MD5, "des-cbc-md5", + NULL, 8, 8, 8, @@ -2442,22 +2574,28 @@ static struct encryption_type enctype_des_cbc_md5 = { &checksum_rsa_md5_des, 0, DES_CBC_encrypt_null_ivec, + 0, + NULL }; static struct encryption_type enctype_arcfour_hmac_md5 = { ETYPE_ARCFOUR_HMAC_MD5, "arcfour-hmac-md5", + NULL, 1, 1, 8, &keytype_arcfour, &checksum_hmac_md5, - /* &checksum_hmac_md5_enc */ NULL, + NULL, F_SPECIAL, - ARCFOUR_encrypt + ARCFOUR_encrypt, + 0, + NULL }; static struct encryption_type enctype_des3_cbc_md5 = { ETYPE_DES3_CBC_MD5, "des3-cbc-md5", + NULL, 8, 8, 8, @@ -2466,10 +2604,13 @@ static struct encryption_type enctype_des3_cbc_md5 = { &checksum_rsa_md5_des3, 0, DES3_CBC_encrypt, + 0, + NULL }; static struct encryption_type enctype_des3_cbc_sha1 = { ETYPE_DES3_CBC_SHA1, "des3-cbc-sha1", + NULL, 8, 8, 8, @@ -2478,10 +2619,13 @@ static struct encryption_type enctype_des3_cbc_sha1 = { &checksum_hmac_sha1_des3, F_DERIVED, DES3_CBC_encrypt, + 0, + NULL }; static struct encryption_type enctype_old_des3_cbc_sha1 = { ETYPE_OLD_DES3_CBC_SHA1, "old-des3-cbc-sha1", + NULL, 8, 8, 8, @@ -2490,36 +2634,43 @@ static struct encryption_type enctype_old_des3_cbc_sha1 = { &checksum_hmac_sha1_des3, 0, DES3_CBC_encrypt, + 0, + NULL }; -#ifdef ENABLE_AES static struct encryption_type enctype_aes128_cts_hmac_sha1 = { ETYPE_AES128_CTS_HMAC_SHA1_96, "aes128-cts-hmac-sha1-96", + NULL, 16, 1, 16, &keytype_aes128, &checksum_sha1, &checksum_hmac_sha1_aes128, - 0, + F_DERIVED, AES_CTS_encrypt, + 16, + AES_PRF }; static struct encryption_type enctype_aes256_cts_hmac_sha1 = { ETYPE_AES256_CTS_HMAC_SHA1_96, "aes256-cts-hmac-sha1-96", + NULL, 16, 1, 16, &keytype_aes256, &checksum_sha1, &checksum_hmac_sha1_aes256, - 0, + F_DERIVED, AES_CTS_encrypt, + 16, + AES_PRF }; -#endif /* ENABLE_AES */ static struct encryption_type enctype_des_cbc_none = { ETYPE_DES_CBC_NONE, "des-cbc-none", + NULL, 8, 8, 0, @@ -2528,10 +2679,13 @@ static struct encryption_type enctype_des_cbc_none = { NULL, F_PSEUDO, DES_CBC_encrypt_null_ivec, + 0, + NULL }; static struct encryption_type enctype_des_cfb64_none = { ETYPE_DES_CFB64_NONE, "des-cfb64-none", + NULL, 1, 1, 0, @@ -2540,10 +2694,13 @@ static struct encryption_type enctype_des_cfb64_none = { NULL, F_PSEUDO, DES_CFB64_encrypt_null_ivec, + 0, + NULL }; static struct encryption_type enctype_des_pcbc_none = { ETYPE_DES_PCBC_NONE, "des-pcbc-none", + NULL, 8, 8, 0, @@ -2552,10 +2709,13 @@ static struct encryption_type enctype_des_pcbc_none = { NULL, F_PSEUDO, DES_PCBC_encrypt_key_ivec, + 0, + NULL }; static struct encryption_type enctype_des3_cbc_none = { ETYPE_DES3_CBC_NONE, "des3-cbc-none", + NULL, 8, 8, 0, @@ -2564,6 +2724,8 @@ static struct encryption_type enctype_des3_cbc_none = { NULL, F_PSEUDO, DES3_CBC_encrypt, + 0, + NULL }; static struct encryption_type *etypes[] = { @@ -2575,10 +2737,8 @@ static struct encryption_type *etypes[] = { &enctype_des3_cbc_md5, &enctype_des3_cbc_sha1, &enctype_old_des3_cbc_sha1, -#ifdef ENABLE_AES &enctype_aes128_cts_hmac_sha1, &enctype_aes256_cts_hmac_sha1, -#endif &enctype_des_cbc_none, &enctype_des_cfb64_none, &enctype_des_pcbc_none, @@ -2599,7 +2759,7 @@ _find_enctype(krb5_enctype type) } -krb5_error_code +krb5_error_code KRB5_LIB_FUNCTION krb5_enctype_to_string(krb5_context context, krb5_enctype etype, char **string) @@ -2609,6 +2769,7 @@ krb5_enctype_to_string(krb5_context context, if(e == NULL) { krb5_set_error_string (context, "encryption type %d not supported", etype); + *string = NULL; return KRB5_PROG_ETYPE_NOSUPP; } *string = strdup(e->name); @@ -2619,7 +2780,7 @@ krb5_enctype_to_string(krb5_context context, return 0; } -krb5_error_code +krb5_error_code KRB5_LIB_FUNCTION krb5_string_to_enctype(krb5_context context, const char *string, krb5_enctype *etype) @@ -2635,7 +2796,42 @@ krb5_string_to_enctype(krb5_context context, return KRB5_PROG_ETYPE_NOSUPP; } -krb5_error_code +krb5_error_code KRB5_LIB_FUNCTION +_krb5_enctype_to_oid(krb5_context context, + krb5_enctype etype, + heim_oid *oid) +{ + struct encryption_type *et = _find_enctype(etype); + if(et == NULL) { + krb5_set_error_string (context, "encryption type %d not supported", + etype); + return KRB5_PROG_ETYPE_NOSUPP; + } + if(et->oid == NULL) { + krb5_set_error_string (context, "%s have not oid", et->name); + return KRB5_PROG_ETYPE_NOSUPP; + } + krb5_clear_error_string(context); + return der_copy_oid(et->oid, oid); +} + +krb5_error_code KRB5_LIB_FUNCTION +_krb5_oid_to_enctype(krb5_context context, + const heim_oid *oid, + krb5_enctype *etype) +{ + int i; + for(i = 0; i < num_etypes; i++) { + if(etypes[i]->oid && der_heim_oid_cmp(etypes[i]->oid, oid) == 0) { + *etype = etypes[i]->type; + return 0; + } + } + krb5_set_error_string(context, "enctype for oid not supported"); + return KRB5_PROG_ETYPE_NOSUPP; +} + +krb5_error_code KRB5_LIB_FUNCTION krb5_enctype_to_keytype(krb5_context context, krb5_enctype etype, krb5_keytype *keytype) @@ -2651,7 +2847,7 @@ krb5_enctype_to_keytype(krb5_context context, } #if 0 -krb5_error_code +krb5_error_code KRB5_LIB_FUNCTION krb5_keytype_to_enctype(krb5_context context, krb5_keytype keytype, krb5_enctype *etype) @@ -2665,7 +2861,7 @@ krb5_keytype_to_enctype(krb5_context context, } #endif -krb5_error_code +krb5_error_code KRB5_LIB_FUNCTION krb5_keytype_to_enctypes (krb5_context context, krb5_keytype keytype, unsigned *len, @@ -2701,7 +2897,7 @@ krb5_keytype_to_enctypes (krb5_context context, * else, do `krb5_keytype_to_enctypes'. */ -krb5_error_code +krb5_error_code KRB5_LIB_FUNCTION krb5_keytype_to_enctypes_default (krb5_context context, krb5_keytype keytype, unsigned *len, @@ -2727,15 +2923,45 @@ krb5_keytype_to_enctypes_default (krb5_context context, return 0; } -krb5_error_code +krb5_error_code KRB5_LIB_FUNCTION krb5_enctype_valid(krb5_context context, krb5_enctype etype) { - return _find_enctype(etype) != NULL; + struct encryption_type *e = _find_enctype(etype); + if(e == NULL) { + krb5_set_error_string (context, "encryption type %d not supported", + etype); + return KRB5_PROG_ETYPE_NOSUPP; + } + if (e->flags & F_DISABLED) { + krb5_set_error_string (context, "encryption type %s is disabled", + e->name); + return KRB5_PROG_ETYPE_NOSUPP; + } + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cksumtype_valid(krb5_context context, + krb5_cksumtype ctype) +{ + struct checksum_type *c = _find_checksum(ctype); + if (c == NULL) { + krb5_set_error_string (context, "checksum type %d not supported", + ctype); + return KRB5_PROG_SUMTYPE_NOSUPP; + } + if (c->flags & F_DISABLED) { + krb5_set_error_string (context, "checksum type %s is disabled", + c->name); + return KRB5_PROG_SUMTYPE_NOSUPP; + } + return 0; } + /* if two enctypes have compatible keys */ -krb5_boolean +krb5_boolean KRB5_LIB_FUNCTION krb5_enctypes_compatible_keys(krb5_context context, krb5_enctype etype1, krb5_enctype etype2) @@ -2766,7 +2992,7 @@ static krb5_error_code encrypt_internal_derived(krb5_context context, krb5_crypto crypto, unsigned usage, - void *data, + const void *data, size_t len, krb5_data *result, void *ivec) @@ -2835,7 +3061,7 @@ encrypt_internal_derived(krb5_context context, static krb5_error_code encrypt_internal(krb5_context context, krb5_crypto crypto, - void *data, + const void *data, size_t len, krb5_data *result, void *ivec) @@ -2904,7 +3130,7 @@ static krb5_error_code encrypt_internal_special(krb5_context context, krb5_crypto crypto, int usage, - void *data, + const void *data, size_t len, krb5_data *result, void *ivec) @@ -2955,9 +3181,10 @@ decrypt_internal_derived(krb5_context context, unsigned long l; checksum_sz = CHECKSUMSIZE(et->keyed_checksum); - if (len < checksum_sz) { - krb5_clear_error_string (context); - return EINVAL; /* XXX - better error code? */ + if (len < checksum_sz + et->confoundersize) { + krb5_set_error_string(context, "Encrypted data shorter then " + "checksum + confunder"); + return KRB5_BAD_MSIZE; } if (((len - checksum_sz) % et->padsize) != 0) { @@ -3010,7 +3237,7 @@ decrypt_internal_derived(krb5_context context, l = len - et->confoundersize; memmove(p, p + et->confoundersize, l); result->data = realloc(p, l); - if(result->data == NULL) { + if(result->data == NULL && l != 0) { free(p); krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; @@ -3075,7 +3302,7 @@ decrypt_internal(krb5_context context, l = len - et->confoundersize - checksum_sz; memmove(p, p + et->confoundersize + checksum_sz, l); result->data = realloc(p, l); - if(result->data == NULL) { + if(result->data == NULL && l != 0) { free(p); krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; @@ -3119,7 +3346,7 @@ decrypt_internal_special(krb5_context context, memmove (p, p + cksum_sz + et->confoundersize, sz); result->data = realloc(p, sz); - if(result->data == NULL) { + if(result->data == NULL && sz != 0) { free(p); krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; @@ -3129,11 +3356,11 @@ decrypt_internal_special(krb5_context context, } -krb5_error_code +krb5_error_code KRB5_LIB_FUNCTION krb5_encrypt_ivec(krb5_context context, krb5_crypto crypto, unsigned usage, - void *data, + const void *data, size_t len, krb5_data *result, void *ivec) @@ -3148,18 +3375,18 @@ krb5_encrypt_ivec(krb5_context context, return encrypt_internal(context, crypto, data, len, result, ivec); } -krb5_error_code +krb5_error_code KRB5_LIB_FUNCTION krb5_encrypt(krb5_context context, krb5_crypto crypto, unsigned usage, - void *data, + const void *data, size_t len, krb5_data *result) { return krb5_encrypt_ivec(context, crypto, usage, data, len, result, NULL); } -krb5_error_code +krb5_error_code KRB5_LIB_FUNCTION krb5_encrypt_EncryptedData(krb5_context context, krb5_crypto crypto, unsigned usage, @@ -3177,7 +3404,7 @@ krb5_encrypt_EncryptedData(krb5_context context, return krb5_encrypt(context, crypto, usage, data, len, &result->cipher); } -krb5_error_code +krb5_error_code KRB5_LIB_FUNCTION krb5_decrypt_ivec(krb5_context context, krb5_crypto crypto, unsigned usage, @@ -3196,7 +3423,7 @@ krb5_decrypt_ivec(krb5_context context, return decrypt_internal(context, crypto, data, len, result, ivec); } -krb5_error_code +krb5_error_code KRB5_LIB_FUNCTION krb5_decrypt(krb5_context context, krb5_crypto crypto, unsigned usage, @@ -3208,7 +3435,7 @@ krb5_decrypt(krb5_context context, NULL); } -krb5_error_code +krb5_error_code KRB5_LIB_FUNCTION krb5_decrypt_EncryptedData(krb5_context context, krb5_crypto crypto, unsigned usage, @@ -3223,25 +3450,24 @@ krb5_decrypt_EncryptedData(krb5_context context, * * ************************************************************/ -#ifdef HAVE_OPENSSL -#include +#define ENTROPY_NEEDED 128 -/* From openssl/crypto/rand/rand_lcl.h */ -#define ENTROPY_NEEDED 20 static int seed_something(void) { - int fd = -1; char buf[1024], seedfile[256]; /* If there is a seed file, load it. But such a file cannot be trusted, so use 0 for the entropy estimate */ if (RAND_file_name(seedfile, sizeof(seedfile))) { + int fd; fd = open(seedfile, O_RDONLY); if (fd >= 0) { - read(fd, buf, sizeof(buf)); - /* Use the full buffer anyway */ - RAND_add(buf, sizeof(buf), 0.0); + ssize_t ret; + ret = read(fd, buf, sizeof(buf)); + if (ret > 0) + RAND_add(buf, ret, 0.0); + close(fd); } else seedfile[0] = '\0'; } else @@ -3273,82 +3499,34 @@ seed_something(void) return -1; } -void +void KRB5_LIB_FUNCTION krb5_generate_random_block(void *buf, size_t len) { static int rng_initialized = 0; + HEIMDAL_MUTEX_lock(&crypto_mutex); if (!rng_initialized) { if (seed_something()) - krb5_abortx(NULL, "Fatal: could not seed the random number generator"); + krb5_abortx(NULL, "Fatal: could not seed the " + "random number generator"); rng_initialized = 1; } - RAND_bytes(buf, len); -} - -#else - -void -krb5_generate_random_block(void *buf, size_t len) -{ - des_cblock key, out; - static des_cblock counter; - static des_key_schedule schedule; - int i; - static int initialized = 0; - - if(!initialized) { - des_new_random_key(&key); - des_set_key(&key, schedule); - memset(&key, 0, sizeof(key)); - des_new_random_key(&counter); - } - while(len > 0) { - des_ecb_encrypt(&counter, &out, schedule, DES_ENCRYPT); - for(i = 7; i >=0; i--) - if(counter[i]++) - break; - memcpy(buf, out, min(len, sizeof(out))); - len -= min(len, sizeof(out)); - buf = (char*)buf + sizeof(out); - } + HEIMDAL_MUTEX_unlock(&crypto_mutex); + if (RAND_bytes(buf, len) != 1) + krb5_abortx(NULL, "Failed to generate random block"); } -#endif static void DES3_postproc(krb5_context context, unsigned char *k, size_t len, struct key_data *key) { - unsigned char x[24]; - int i, j; - - memset(x, 0, sizeof(x)); - for (i = 0; i < 3; ++i) { - unsigned char foo; - - for (j = 0; j < 7; ++j) { - unsigned char b = k[7 * i + j]; + DES3_random_to_key(context, key->key, k, len); - x[8 * i + j] = b; - } - foo = 0; - for (j = 6; j >= 0; --j) { - foo |= k[7 * i + j] & 1; - foo <<= 1; - } - x[8 * i + 7] = foo; - } - k = key->key->keyvalue.data; - memcpy(k, x, 24); - memset(x, 0, sizeof(x)); if (key->schedule) { krb5_free_data(context, key->schedule); key->schedule = NULL; } - des_set_odd_parity((des_cblock*)k); - des_set_odd_parity((des_cblock*)(k + 8)); - des_set_odd_parity((des_cblock*)(k + 16)); } static krb5_error_code @@ -3361,20 +3539,24 @@ derive_key(krb5_context context, unsigned char *k; unsigned int nblocks = 0, i; krb5_error_code ret = 0; - struct key_type *kt = et->keytype; + ret = _key_schedule(context, key); if(ret) return ret; - if(et->blocksize * 8 < kt->bits || - len != et->blocksize) { + if(et->blocksize * 8 < kt->bits || len != et->blocksize) { nblocks = (kt->bits + et->blocksize * 8 - 1) / (et->blocksize * 8); k = malloc(nblocks * et->blocksize); if(k == NULL) { krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; } - _krb5_n_fold(constant, len, k, et->blocksize); + ret = _krb5_n_fold(constant, len, k, et->blocksize); + if (ret) { + free(k); + krb5_set_error_string(context, "out of memory"); + return ret; + } for(i = 0; i < nblocks; i++) { if(i > 0) memcpy(k + i * et->blocksize, @@ -3400,7 +3582,12 @@ derive_key(krb5_context context, krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; } - _krb5_n_fold(c, len, k, res_len); + ret = _krb5_n_fold(c, len, k, res_len); + if (ret) { + free(k); + krb5_set_error_string(context, "out of memory"); + return ret; + } free(c); } @@ -3409,12 +3596,10 @@ derive_key(krb5_context context, case KEYTYPE_DES3: DES3_postproc(context, k, nblocks * et->blocksize, key); break; -#ifdef ENABLE_AES case KEYTYPE_AES128: case KEYTYPE_AES256: memcpy(key->key->keyvalue.data, k, key->key->keyvalue.length); break; -#endif /* ENABLE_AES */ default: krb5_set_error_string(context, "derive_key() called with unknown keytype (%u)", @@ -3422,6 +3607,10 @@ derive_key(krb5_context context, ret = KRB5_CRYPTO_INTERNAL; break; } + if (key->schedule) { + krb5_free_data(context, key->schedule); + key->schedule = NULL; + } memset(k, 0, nblocks * et->blocksize); free(k); return ret; @@ -3441,7 +3630,7 @@ _new_derived_key(krb5_crypto crypto, unsigned usage) return &d->key; } -krb5_error_code +krb5_error_code KRB5_LIB_FUNCTION krb5_derive_key(krb5_context context, const krb5_keyblock *key, krb5_enctype etype, @@ -3453,6 +3642,8 @@ krb5_derive_key(krb5_context context, struct encryption_type *et; struct key_data d; + *derived_key = NULL; + et = _find_enctype (etype); if (et == NULL) { krb5_set_error_string(context, "encryption type %d not supported", @@ -3460,16 +3651,15 @@ krb5_derive_key(krb5_context context, return KRB5_PROG_ETYPE_NOSUPP; } - ret = krb5_copy_keyblock(context, key, derived_key); + ret = krb5_copy_keyblock(context, key, &d.key); if (ret) return ret; - d.key = *derived_key; d.schedule = NULL; ret = derive_key(context, et, &d, constant, constant_len); - if (ret) - return ret; - ret = krb5_copy_keyblock(context, d.key, derived_key); + if (ret == 0) + ret = krb5_copy_keyblock(context, d.key, derived_key); + free_key_data(context, &d); return ret; } @@ -3501,7 +3691,7 @@ _get_derived_key(krb5_context context, } -krb5_error_code +krb5_error_code KRB5_LIB_FUNCTION krb5_crypto_init(krb5_context context, const krb5_keyblock *key, krb5_enctype etype, @@ -3516,20 +3706,23 @@ krb5_crypto_init(krb5_context context, if(etype == ETYPE_NULL) etype = key->keytype; (*crypto)->et = _find_enctype(etype); - if((*crypto)->et == NULL) { + if((*crypto)->et == NULL || ((*crypto)->et->flags & F_DISABLED)) { free(*crypto); + *crypto = NULL; krb5_set_error_string (context, "encryption type %d not supported", etype); return KRB5_PROG_ETYPE_NOSUPP; } if((*crypto)->et->keytype->size != key->keyvalue.length) { free(*crypto); + *crypto = NULL; krb5_set_error_string (context, "encryption key has bad length"); return KRB5_BAD_KEYSIZE; } ret = krb5_copy_keyblock(context, key, &(*crypto)->key.key); if(ret) { free(*crypto); + *crypto = NULL; return ret; } (*crypto)->key.schedule = NULL; @@ -3554,7 +3747,7 @@ free_key_usage(krb5_context context, struct key_usage *ku) free_key_data(context, &ku->key); } -krb5_error_code +krb5_error_code KRB5_LIB_FUNCTION krb5_crypto_destroy(krb5_context context, krb5_crypto crypto) { @@ -3568,7 +3761,7 @@ krb5_crypto_destroy(krb5_context context, return 0; } -krb5_error_code +krb5_error_code KRB5_LIB_FUNCTION krb5_crypto_getblocksize(krb5_context context, krb5_crypto crypto, size_t *blocksize) @@ -3577,7 +3770,49 @@ krb5_crypto_getblocksize(krb5_context context, return 0; } -krb5_error_code +krb5_error_code KRB5_LIB_FUNCTION +krb5_crypto_getenctype(krb5_context context, + krb5_crypto crypto, + krb5_enctype *enctype) +{ + *enctype = crypto->et->type; + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_crypto_getpadsize(krb5_context context, + krb5_crypto crypto, + size_t *padsize) +{ + *padsize = crypto->et->padsize; + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_crypto_getconfoundersize(krb5_context context, + krb5_crypto crypto, + size_t *confoundersize) +{ + *confoundersize = crypto->et->confoundersize; + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_enctype_disable(krb5_context context, + krb5_enctype enctype) +{ + struct encryption_type *et = _find_enctype(enctype); + if(et == NULL) { + if (context) + krb5_set_error_string (context, "encryption type %d not supported", + enctype); + return KRB5_PROG_ETYPE_NOSUPP; + } + et->flags |= F_DISABLED; + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION krb5_string_to_key_derived(krb5_context context, const void *str, size_t len, @@ -3587,7 +3822,7 @@ krb5_string_to_key_derived(krb5_context context, struct encryption_type *et = _find_enctype(etype); krb5_error_code ret; struct key_data kd; - size_t keylen = et->keytype->bits / 8; + size_t keylen; u_char *tmp; if(et == NULL) { @@ -3595,6 +3830,8 @@ krb5_string_to_key_derived(krb5_context context, etype); return KRB5_PROG_ETYPE_NOSUPP; } + keylen = et->keytype->bits / 8; + ALLOC(kd.key, 1); if(kd.key == NULL) { krb5_set_error_string (context, "malloc: out of memory"); @@ -3612,7 +3849,12 @@ krb5_string_to_key_derived(krb5_context context, krb5_set_error_string (context, "malloc: out of memory"); return ENOMEM; } - _krb5_n_fold(str, len, tmp, keylen); + ret = _krb5_n_fold(str, len, tmp, keylen); + if (ret) { + free(tmp); + krb5_set_error_string(context, "out of memory"); + return ret; + } kd.schedule = NULL; DES3_postproc (context, tmp, keylen, &kd); /* XXX */ memset(tmp, 0, keylen); @@ -3634,9 +3876,10 @@ wrapped_length (krb5_context context, { struct encryption_type *et = crypto->et; size_t padsize = et->padsize; + size_t checksumsize = CHECKSUMSIZE(et->checksum); size_t res; - res = et->confoundersize + et->checksum->checksumsize + data_len; + res = et->confoundersize + checksumsize + data_len; res = (res + padsize - 1) / padsize * padsize; return res; } @@ -3652,7 +3895,10 @@ wrapped_length_dervied (krb5_context context, res = et->confoundersize + data_len; res = (res + padsize - 1) / padsize * padsize; - res += et->checksum->checksumsize; + if (et->keyed_checksum) + res += et->keyed_checksum->checksumsize; + else + res += et->checksum->checksumsize; return res; } @@ -3671,12 +3917,185 @@ krb5_get_wrapped_length (krb5_context context, return wrapped_length (context, crypto, data_len); } +/* + * Return the size of an encrypted packet of length `data_len' + */ + +static size_t +crypto_overhead (krb5_context context, + krb5_crypto crypto) +{ + struct encryption_type *et = crypto->et; + size_t res; + + res = CHECKSUMSIZE(et->checksum); + res += et->confoundersize; + if (et->padsize > 1) + res += et->padsize; + return res; +} + +static size_t +crypto_overhead_dervied (krb5_context context, + krb5_crypto crypto) +{ + struct encryption_type *et = crypto->et; + size_t res; + + if (et->keyed_checksum) + res = CHECKSUMSIZE(et->keyed_checksum); + else + res = CHECKSUMSIZE(et->checksum); + res += et->confoundersize; + if (et->padsize > 1) + res += et->padsize; + return res; +} + +size_t +krb5_crypto_overhead (krb5_context context, krb5_crypto crypto) +{ + if (derived_crypto (context, crypto)) + return crypto_overhead_dervied (context, crypto); + else + return crypto_overhead (context, crypto); +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_random_to_key(krb5_context context, + krb5_enctype type, + const void *data, + size_t size, + krb5_keyblock *key) +{ + krb5_error_code ret; + struct encryption_type *et = _find_enctype(type); + if(et == NULL) { + krb5_set_error_string(context, "encryption type %d not supported", + type); + return KRB5_PROG_ETYPE_NOSUPP; + } + if ((et->keytype->bits + 7) / 8 > size) { + krb5_set_error_string(context, "encryption key %s needs %d bytes " + "of random to make an encryption key out of it", + et->name, (int)et->keytype->size); + return KRB5_PROG_ETYPE_NOSUPP; + } + ret = krb5_data_alloc(&key->keyvalue, et->keytype->size); + if(ret) + return ret; + key->keytype = type; + if (et->keytype->random_to_key) + (*et->keytype->random_to_key)(context, key, data, size); + else + memcpy(key->keyvalue.data, data, et->keytype->size); + + return 0; +} + +krb5_error_code +_krb5_pk_octetstring2key(krb5_context context, + krb5_enctype type, + const void *dhdata, + size_t dhsize, + const heim_octet_string *c_n, + const heim_octet_string *k_n, + krb5_keyblock *key) +{ + struct encryption_type *et = _find_enctype(type); + krb5_error_code ret; + size_t keylen, offset; + void *keydata; + unsigned char counter; + unsigned char shaoutput[20]; + + if(et == NULL) { + krb5_set_error_string(context, "encryption type %d not supported", + type); + return KRB5_PROG_ETYPE_NOSUPP; + } + keylen = (et->keytype->bits + 7) / 8; + + keydata = malloc(keylen); + if (keydata == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + + counter = 0; + offset = 0; + do { + SHA_CTX m; + + SHA1_Init(&m); + SHA1_Update(&m, &counter, 1); + SHA1_Update(&m, dhdata, dhsize); + if (c_n) + SHA1_Update(&m, c_n->data, c_n->length); + if (k_n) + SHA1_Update(&m, k_n->data, k_n->length); + SHA1_Final(shaoutput, &m); + + memcpy((unsigned char *)keydata + offset, + shaoutput, + min(keylen - offset, sizeof(shaoutput))); + + offset += sizeof(shaoutput); + counter++; + } while(offset < keylen); + memset(shaoutput, 0, sizeof(shaoutput)); + + ret = krb5_random_to_key(context, type, keydata, keylen, key); + memset(keydata, 0, sizeof(keylen)); + free(keydata); + return ret; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_crypto_prf_length(krb5_context context, + krb5_enctype type, + size_t *length) +{ + struct encryption_type *et = _find_enctype(type); + + if(et == NULL || et->prf_length == 0) { + krb5_set_error_string(context, "encryption type %d not supported", + type); + return KRB5_PROG_ETYPE_NOSUPP; + } + + *length = et->prf_length; + return 0; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_crypto_prf(krb5_context context, + const krb5_crypto crypto, + const krb5_data *input, + krb5_data *output) +{ + struct encryption_type *et = crypto->et; + + krb5_data_zero(output); + + if(et->prf == NULL) { + krb5_set_error_string(context, "kerberos prf for %s not supported", + et->name); + return KRB5_PROG_ETYPE_NOSUPP; + } + + return (*et->prf)(context, crypto, input, output); +} + + + + #ifdef CRYPTO_DEBUG static krb5_error_code krb5_get_keyid(krb5_context context, krb5_keyblock *key, - u_int32_t *keyid) + uint32_t *keyid) { MD5_CTX md5; unsigned char tmp[16]; @@ -3690,16 +4109,16 @@ krb5_get_keyid(krb5_context context, static void krb5_crypto_debug(krb5_context context, - int encrypt, + int encryptp, size_t len, krb5_keyblock *key) { - u_int32_t keyid; + uint32_t keyid; char *kt; krb5_get_keyid(context, key, &keyid); krb5_enctype_to_string(context, key->keytype, &kt); krb5_warnx(context, "%s %lu bytes with key-id %#x (%s)", - encrypt ? "encrypting" : "decrypting", + encryptp ? "encrypting" : "decrypting", (unsigned long)len, keyid, kt); @@ -3736,7 +4155,7 @@ main() d = _new_derived_key(crypto, usage); if(d == NULL) - return ENOMEM; + krb5_errx(context, 1, "_new_derived_key failed"); krb5_copy_keyblock(context, crypto->key.key, &d->key); _krb5_put_int(constant, usage, 4); derive_key(context, crypto->et, d, constant, sizeof(constant)); @@ -3762,11 +4181,10 @@ main() "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; */ key.keyvalue.length = 4; - d = calloc(1, sizeof(*d)); - + d = ecalloc(1, sizeof(*d)); d->key = &key; res.checksum.length = 20; - res.checksum.data = malloc(res.checksum.length); + res.checksum.data = emalloc(res.checksum.length); SP_HMAC_SHA1_checksum(context, d, data, 28, &res); return 0; diff --git a/crypto/heimdal/lib/krb5/dump_config.c b/crypto/heimdal/lib/krb5/dump_config.c deleted file mode 100644 index 074595e..0000000 --- a/crypto/heimdal/lib/krb5/dump_config.c +++ /dev/null @@ -1,71 +0,0 @@ -/* - * Copyright (c) 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of KTH nor the names of its contributors may be - * used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY - * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - -#include "krb5_locl.h" - -RCSID("$Id: dump_config.c,v 1.2 1999/10/28 23:22:41 assar Exp $"); - -/* print contents of krb5.conf */ - -static void -print_tree(struct krb5_config_binding *b, int level) -{ - if (b == NULL) - return; - - printf("%*s%s%s%s", level * 4, "", - (level == 0) ? "[" : "", b->name, (level == 0) ? "]" : ""); - if(b->type == krb5_config_list) { - if(level > 0) - printf(" = {"); - printf("\n"); - print_tree(b->u.list, level + 1); - if(level > 0) - printf("%*s}\n", level * 4, ""); - } else if(b->type == krb5_config_string) { - printf(" = %s\n", b->u.string); - } - if(b->next) - print_tree(b->next, level); -} - -int -main(int argc, char **argv) -{ - krb5_context context; - krb5_error_code ret = krb5_init_context(&context); - if(ret == 0) { - print_tree(context->cf, 0); - return 0; - } - return 1; -} diff --git a/crypto/heimdal/lib/krb5/krb5_build_principal.3 b/crypto/heimdal/lib/krb5/krb5_build_principal.3 deleted file mode 100644 index e74c754..0000000 --- a/crypto/heimdal/lib/krb5/krb5_build_principal.3 +++ /dev/null @@ -1,101 +0,0 @@ -.\" Copyright (c) 1997, 2001 - 2002 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $Id: krb5_build_principal.3,v 1.7 2003/04/16 13:58:14 lha Exp $ -.\" -.Dd August 8, 1997 -.Dt KRB5_BUILD_PRINCIPAL 3 -.Os HEIMDAL -.Sh NAME -.Nm krb5_build_principal , -.Nm krb5_build_principal_ext , -.Nm krb5_build_principal_va , -.Nm krb5_build_principal_va_ext , -.Nm krb5_make_principal -.Nd principal creation functions -.Sh LIBRARY -Kerberos 5 Library (libkrb5, -lkrb5) -.Sh SYNOPSIS -.In krb5.h -.Ft krb5_error_code -.Fn krb5_build_principal "krb5_context context" "krb5_principal *principal" "int realm_len" "krb5_const_realm realm" "..." -.Ft krb5_error_code -.Fn krb5_build_principal_ext "krb5_context context" "krb5_principal *principal" "int realm_len" "krb5_const_realm realm" "..." -.Ft krb5_error_code -.Fn krb5_build_principal_va "krb5_context context" "krb5_principal *principal" "int realm_len" "krb5_const_realm realm" "va_list ap" -.Ft krb5_error_code -.Fn krb5_build_principal_va_ext "krb5_context context" "krb5_principal *principal" "int realm_len" "krb5_const_realm realm" "va_list ap" -.Ft krb5_error_code -.Fn krb5_make_principal "krb5_context context" "krb5_principal *principal" "krb5_const_realm realm" "..." -.Sh DESCRIPTION -These functions create a Kerberos 5 principal from a realm and a list -of components. -All of these functions return an allocated principal in the -.Fa principal -parameter, this should be freed with -.Fn krb5_free_principal -after use. -.Pp -The -.Dq build -functions take a -.Fa realm -and the length of the realm. The -.Fn krb5_build_principal -and -.Fn krb5_build_principal_va -also takes a list of components (zero-terminated strings), terminated -with -.Dv NULL . -The -.Fn krb5_build_principal_ext -and -.Fn krb5_build_principal_va_ext -takes a list of length-value pairs, the list is terminated with a zero -length. -.Pp -The -.Fn krb5_make_principal -is a wrapper around -.Fn krb5_build_principal . -If the realm is -.Dv NULL , -the default realm will be used. -.Sh BUGS -You can not have a NUL in a component. Until someone can give a good -example of where it would be a good idea to have NUL's in a component, -this will not be fixed. -.Sh SEE ALSO -.Xr krb5_425_conv_principal 3 , -.Xr krb5_free_principal 3 , -.Xr krb5_parse_name 3 , -.Xr krb5_sname_to_principal 3 , -.Xr krb5_unparse_name 3 diff --git a/crypto/heimdal/lib/krb5/krb5_free_addresses.3 b/crypto/heimdal/lib/krb5/krb5_free_addresses.3 deleted file mode 100644 index 6ac46d4..0000000 --- a/crypto/heimdal/lib/krb5/krb5_free_addresses.3 +++ /dev/null @@ -1,53 +0,0 @@ -.\" Copyright (c) 2001 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $Id: krb5_free_addresses.3,v 1.5 2003/04/16 13:58:15 lha Exp $ -.\" -.Dd November 20, 2001 -.Dt KRB5_FREE_ADDRESSES 3 -.Os HEIMDAL -.Sh NAME -.Nm krb5_free_addresses -.Nd free list of addresses -.Sh LIBRARY -Kerberos 5 Library (libkrb5, -lkrb5) -.Sh SYNOPSIS -.In krb5.h -.Ft void -.Fn krb5_free_addresses "krb5_context context" "krb5_addresses *addresses" -.Sh DESCRIPTION -The -.Fn krb5_free_addresses -will free a list of addresses that has been created with -.Fn krb5_get_all_client_addrs -or with some other function. -.Sh SEE ALSO -.Xr krb5_get_all_client_addrs 3 diff --git a/crypto/heimdal/lib/krb5/krb5_free_principal.3 b/crypto/heimdal/lib/krb5/krb5_free_principal.3 deleted file mode 100644 index e9900a7..0000000 --- a/crypto/heimdal/lib/krb5/krb5_free_principal.3 +++ /dev/null @@ -1,58 +0,0 @@ -.\" Copyright (c) 1997, 2001 - 2002 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" Copyright (c) 1997 Kungliga Tekniska Högskolan -.\" $Id: krb5_free_principal.3,v 1.7 2003/04/16 13:58:11 lha Exp $ -.Dd August 8, 1997 -.Dt KRB5_FREE_PRINCIPAL 3 -.Os HEIMDAL -.Sh NAME -.Nm krb5_free_principal -.Nd principal free function -.Sh LIBRARY -Kerberos 5 Library (libkrb5, -lkrb5) -.Sh SYNOPSIS -.In krb5.h -.Ft void -.Fn krb5_free_principal "krb5_context context" "krb5_principal principal" -.Sh DESCRIPTION -The -.Fn krb5_free_principal -will free a principal that has been created with -.Fn krb5_build_principal , -.Fn krb5_parse_name , -or with some other function. -.Sh SEE ALSO -.Xr krb5_425_conv_principal 3 , -.Xr krb5_build_principal 3 , -.Xr krb5_parse_name 3 , -.Xr krb5_sname_to_principal 3 , -.Xr krb5_unparse_name 3 diff --git a/crypto/heimdal/lib/krb5/krb5_locl.h b/crypto/heimdal/lib/krb5/krb5_locl.h index be7997e..ef812da 100644 --- a/crypto/heimdal/lib/krb5/krb5_locl.h +++ b/crypto/heimdal/lib/krb5/krb5_locl.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2006 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5_locl.h,v 1.71 2002/09/10 20:10:45 joda Exp $ */ +/* $Id: krb5_locl.h 22226 2007-12-08 21:31:53Z lha $ */ /* $FreeBSD$ */ #ifndef __KRB5_LOCL_H__ @@ -51,6 +51,9 @@ #ifdef HAVE_SYS_TYPES_H #include #endif +#ifdef HAVE_SYS_MMAN_H +#include +#endif #ifdef HAVE_UNISTD_H #include #endif @@ -62,6 +65,9 @@ #include #endif #ifdef HAVE_PWD_H +#undef _POSIX_PTHREAD_SEMANTICS +/* This gets us the 5-arg getpwnam_r on Solaris 9. */ +#define _POSIX_PTHREAD_SEMANTICS #include #endif @@ -110,20 +116,51 @@ struct sockaddr_dl; #ifdef HAVE_SYS_FILE_H #include #endif + +#ifdef HAVE_CRYPT_H +#undef des_encrypt +#define des_encrypt wingless_pigs_mostly_fail_to_fly +#include +#undef des_encrypt +#endif + +#ifdef HAVE_DOOR_CREATE +#include +#endif + #include #include #include #include "crypto-headers.h" + #include + +struct send_to_kdc; + +/* XXX glue for pkinit */ +struct krb5_pk_identity; +struct krb5_pk_cert; +struct ContentInfo; +typedef struct krb5_pk_init_ctx_data *krb5_pk_init_ctx; +struct krb5_dh_moduli; + +/* v4 glue */ +struct _krb5_krb_auth_data; + #include #include #include #include +#ifdef PKINIT +#include +#endif #include +#include "heim_threads.h" + #define ALLOC(X, N) (X) = calloc((N), sizeof(*(X))) #define ALLOC_SEQ(X, N) do { (X)->len = (N); ALLOC((X)->val, (N)); } while(0) @@ -131,8 +168,101 @@ struct sockaddr_dl; #define KEYTAB_DEFAULT "ANY:FILE:" SYSCONFDIR "/krb5.keytab,krb4:" SYSCONFDIR "/srvtab" #define KEYTAB_DEFAULT_MODIFY "FILE:" SYSCONFDIR "/krb5.keytab" +#define MODULI_FILE SYSCONFDIR "/krb5.moduli" + #ifndef O_BINARY #define O_BINARY 0 #endif +#define KRB5_BUFSIZ 1024 + +typedef enum { + KRB5_INIT_CREDS_TRISTATE_UNSET = 0, + KRB5_INIT_CREDS_TRISTATE_TRUE, + KRB5_INIT_CREDS_TRISTATE_FALSE +} krb5_get_init_creds_tristate; + +struct _krb5_get_init_creds_opt_private { + int refcount; + /* ENC_TIMESTAMP */ + const char *password; + krb5_s2k_proc key_proc; + /* PA_PAC_REQUEST */ + krb5_get_init_creds_tristate req_pac; + /* PKINIT */ + krb5_pk_init_ctx pk_init_ctx; + KRB_ERROR *error; + krb5_get_init_creds_tristate addressless; + int flags; +#define KRB5_INIT_CREDS_CANONICALIZE 1 +#define KRB5_INIT_CREDS_NO_C_CANON_CHECK 2 +}; + +typedef struct krb5_context_data { + krb5_enctype *etypes; + krb5_enctype *etypes_des; + char **default_realms; + time_t max_skew; + time_t kdc_timeout; + unsigned max_retries; + int32_t kdc_sec_offset; + int32_t kdc_usec_offset; + krb5_config_section *cf; + struct et_list *et_list; + struct krb5_log_facility *warn_dest; + krb5_cc_ops *cc_ops; + int num_cc_ops; + const char *http_proxy; + const char *time_fmt; + krb5_boolean log_utc; + const char *default_keytab; + const char *default_keytab_modify; + krb5_boolean use_admin_kdc; + krb5_addresses *extra_addresses; + krb5_boolean scan_interfaces; /* `ifconfig -a' */ + krb5_boolean srv_lookup; /* do SRV lookups */ + krb5_boolean srv_try_txt; /* try TXT records also */ + int32_t fcache_vno; /* create cache files w/ this + version */ + int num_kt_types; /* # of registered keytab types */ + struct krb5_keytab_data *kt_types; /* registered keytab types */ + const char *date_fmt; + char *error_string; + char error_buf[256]; + krb5_addresses *ignore_addresses; + char *default_cc_name; + char *default_cc_name_env; + int default_cc_name_set; + void *mutex; /* protects error_string/error_buf */ + int large_msg_size; + int flags; +#define KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME 1 +#define KRB5_CTX_F_CHECK_PAC 2 + struct send_to_kdc *send_to_kdc; +} krb5_context_data; + +#define KRB5_DEFAULT_CCNAME_FILE "FILE:/tmp/krb5cc_%{uid}" +#define KRB5_DEFAULT_CCNAME_API "API:" +#define KRB5_DEFAULT_CCNAME_KCM "KCM:%{uid}" + +#define EXTRACT_TICKET_ALLOW_CNAME_MISMATCH 1 +#define EXTRACT_TICKET_ALLOW_SERVER_MISMATCH 2 +#define EXTRACT_TICKET_MATCH_REALM 4 + +/* + * Configurable options + */ + +#ifndef KRB5_DEFAULT_CCTYPE +#ifdef __APPLE__ +#define KRB5_DEFAULT_CCTYPE (&krb5_acc_ops) +#else +#define KRB5_DEFAULT_CCTYPE (&krb5_fcc_ops) +#endif +#endif + +#ifndef KRB5_ADDRESSLESS_DEFAULT +#define KRB5_ADDRESSLESS_DEFAULT TRUE +#endif + #endif /* __KRB5_LOCL_H__ */ diff --git a/crypto/heimdal/lib/krb5/krb5_principal_get_realm.3 b/crypto/heimdal/lib/krb5/krb5_principal_get_realm.3 deleted file mode 100644 index 1ece798..0000000 --- a/crypto/heimdal/lib/krb5/krb5_principal_get_realm.3 +++ /dev/null @@ -1,81 +0,0 @@ -.\" Copyright (c) 2001 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $Id: krb5_principal_get_realm.3,v 1.6 2003/04/16 13:58:17 lha Exp $ -.\" -.Dd June 20, 2001 -.Dt KRB5_PRINCIPAL_GET_REALM 3 -.Os HEIMDAL -.Sh NAME -.Nm krb5_principal_get_realm , -.Nm krb5_principal_get_comp_string -.Nd decompose a principal -.Sh LIBRARY -Kerberos 5 Library (libkrb5, -lkrb5) -.Sh SYNOPSIS -.In krb5.h -.Ft "const char *" -.Fn krb5_principal_get_realm "krb5_context context" "krb5_principal principal" -.Ft "const char *" -.Fn krb5_principal_get_comp_string "krb5_context context" "krb5_principal principal" "unsigned int component" -.Sh DESCRIPTION -These functions return parts of the -.Fa principal , -either the realm or a specific component. The returned string points -to data inside the principal, so they are valid only as long as the -principal exists. -.Pp -The -.Fa component -argument to -.Fn krb5_principal_get_comp_string -is the component number to return, from zero to the total number of -components minus one. If a the requested component number is out of range, -.Dv NULL -is returned. -.Pp -These functions can be seen as a replacement for the -.Fn krb5_princ_realm , -.Fn krb5_princ_component -and related macros, described as intermal in the MIT API -specification. A difference is that these functions return strings, -not -.Dv krb5_data . -A reason to return -.Dv krb5_data -was that it was believed that principal components could contain -binary data, but this belief was unfounded, and it has been decided -that principal components are infact UTF8, so it's safe to use zero -terminated strings. -.Pp -It's generally not necessary to look at the components of a principal. -.Sh SEE ALSO -.Xr krb5_unparse_name 3 diff --git a/crypto/heimdal/lib/krb5/krb5_sname_to_principal.3 b/crypto/heimdal/lib/krb5/krb5_sname_to_principal.3 deleted file mode 100644 index 5724ce1..0000000 --- a/crypto/heimdal/lib/krb5/krb5_sname_to_principal.3 +++ /dev/null @@ -1,85 +0,0 @@ -.\" Copyright (c) 1997 Kungliga Tekniska Högskolan -.\" (Royal Institute of Technology, Stockholm, Sweden). -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" 3. Neither the name of the Institute nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $Id: krb5_sname_to_principal.3,v 1.7 2003/04/16 13:58:17 lha Exp $ -.\" -.Dd August 8, 1997 -.Dt KRB5_PRINCIPAL 3 -.Os HEIMDAL -.Sh NAME -.Nm krb5_sname_to_principal , -.Nm krb5_sock_to_principal -.Nd create a service principal -.Sh LIBRARY -Kerberos 5 Library (libkrb5, -lkrb5) -.Sh SYNOPSIS -.In krb5.h -.Ft krb5_error_code -.Fn krb5_sname_to_principal "krb5_context context" "const char *hostname" "const char *sname" "int32_t type" "krb5_principal *principal" -.Ft krb5_error_code -.Fn krb5_sock_to_principal "krb5_context context" "int socket" "const char *sname" "int32_t type" "krb5_principal *principal" -.Sh DESCRIPTION -These functions create a -.Dq service -principal that can, for instance, be used to lookup a key in a keytab. For both these function the -.Fa sname -parameter will be used for the first component of the created principal. If -.Fa sname -is -.Dv NULL , -.Dq host -will be used instead. -.Fn krb5_sname_to_principal -will use the passed -.Fa hostname -for the second component. If type -.Dv KRB5_NT_SRV_HST -this name will be looked up with -.Fn gethostbyname . -If -.Fa hostname is -.Dv NULL , -the local hostname will be used. -.Pp -.Fn krb5_sock_to_principal -will use the -.Dq sockname -of the passed -.Fa socket , -which should be a bound -.Dv AF_INET -socket. -.Sh SEE ALSO -.Xr krb5_425_conv_principal 3 , -.Xr krb5_build_principal 3 , -.Xr krb5_free_principal 3 , -.Xr krb5_parse_name 3 , -.Xr krb5_unparse_name 3 diff --git a/crypto/heimdal/lib/roken/acconfig.h b/crypto/heimdal/lib/roken/acconfig.h deleted file mode 100644 index 5fbe685..0000000 --- a/crypto/heimdal/lib/roken/acconfig.h +++ /dev/null @@ -1,36 +0,0 @@ -@BOTTOM@ - -#ifdef BROKEN_REALLOC -#define realloc(X, Y) isoc_realloc((X), (Y)) -#define isoc_realloc(X, Y) ((X) ? realloc((X), (Y)) : malloc(Y)) -#endif - -#ifdef VOID_RETSIGTYPE -#define SIGRETURN(x) return -#else -#define SIGRETURN(x) return (RETSIGTYPE)(x) -#endif - -#define RCSID(msg) \ -static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg } - -#undef PROTOTYPES - -/* Maximum values on all known systems */ -#define MaxHostNameLen (64+4) -#define MaxPathLen (1024+4) - -/* - * Define NDBM if you are using the 4.3 ndbm library (which is part of - * libc). If not defined, 4.2 dbm will be assumed. - */ -#if defined(HAVE_DBM_FIRSTKEY) -#define NDBM -#endif - -/* - * Defining this enables lots of useful (and used) extensions on - * glibc-based systems such as Linux - */ - -#define _GNU_SOURCE diff --git a/crypto/heimdal/lib/roken/acinclude.m4 b/crypto/heimdal/lib/roken/acinclude.m4 deleted file mode 100644 index 1d0197c..0000000 --- a/crypto/heimdal/lib/roken/acinclude.m4 +++ /dev/null @@ -1,9 +0,0 @@ -dnl $Id$ -dnl -dnl Only put things that for some reason can't live in the `cf' -dnl directory in this file. -dnl - -dnl $xId: misc.m4,v 1.1 1997/12/14 15:59:04 joda Exp $ -dnl -define(upcase,`echo $1 | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`)dnl diff --git a/crypto/heimdal/lib/roken/print_version.c b/crypto/heimdal/lib/roken/print_version.c deleted file mode 100644 index b5ce816..0000000 --- a/crypto/heimdal/lib/roken/print_version.c +++ /dev/null @@ -1,78 +0,0 @@ -/* - * Copyright (c) 1998 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifdef HAVE_CONFIG_H -#include -RCSID("$Id: print_version.c,v 1.8 2001/02/20 01:44:55 assar Exp $"); -#endif -#include "roken.h" - -#include "print_version.h" - -void -print_version(const char *progname) -{ - const char *arg[] = VERSIONLIST; - const int num_args = sizeof(arg) / sizeof(arg[0]); - char *msg; - size_t len = 0; - int i; - - if(progname == NULL) - progname = getprogname(); - - if(num_args == 0) - msg = "no version information"; - else { - for(i = 0; i < num_args; i++) { - if(i > 0) - len += 2; - len += strlen(arg[i]); - } - msg = malloc(len + 1); - if(msg == NULL) { - fprintf(stderr, "%s: out of memory\n", progname); - return; - } - msg[0] = '\0'; - for(i = 0; i < num_args; i++) { - if(i > 0) - strcat(msg, ", "); - strcat(msg, arg[i]); - } - } - fprintf(stderr, "%s (%s)\n", progname, msg); - fprintf(stderr, "Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan\n"); - if(num_args != 0) - free(msg); -} diff --git a/crypto/heimdal/lib/roken/resource.h b/crypto/heimdal/lib/roken/resource.h deleted file mode 100644 index 01cd01d..0000000 --- a/crypto/heimdal/lib/roken/resource.h +++ /dev/null @@ -1,15 +0,0 @@ -//{{NO_DEPENDENCIES}} -// Microsoft Developer Studio generated include file. -// Used by roken.rc -// - -// Next default values for new objects -// -#ifdef APSTUDIO_INVOKED -#ifndef APSTUDIO_READONLY_SYMBOLS -#define _APS_NEXT_RESOURCE_VALUE 101 -#define _APS_NEXT_COMMAND_VALUE 40001 -#define _APS_NEXT_CONTROL_VALUE 1000 -#define _APS_NEXT_SYMED_VALUE 101 -#endif -#endif diff --git a/crypto/heimdal/ltconfig b/crypto/heimdal/ltconfig deleted file mode 100755 index 9190746..0000000 --- a/crypto/heimdal/ltconfig +++ /dev/null @@ -1,2797 +0,0 @@ -#! /bin/sh - -# ltconfig - Create a system-specific libtool. -# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001 -# Free Software Foundation, Inc. -# Originally by Gordon Matzigkeit , 1996 -# -# This file is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -# -# As a special exception to the GNU General Public License, if you -# distribute this file as part of a program that contains a -# configuration script generated by Autoconf, you may include it under -# the same distribution terms that you use for the rest of that program. - -# A lot of this script is taken from autoconf-2.10. - -# Check that we are running under the correct shell. -SHELL=${CONFIG_SHELL-/bin/sh} -echo=echo -if test "X$1" = X--no-reexec; then - # Discard the --no-reexec flag, and continue. - shift -elif test "X$1" = X--fallback-echo; then - # Avoid inline document here, it may be left over - : -elif test "X`($echo '\t') 2>/dev/null`" = 'X\t'; then - # Yippee, $echo works! - : -else - # Restart under the correct shell. - exec "$SHELL" "$0" --no-reexec ${1+"$@"} -fi - -if test "X$1" = X--fallback-echo; then - # used as fallback echo - shift - cat </dev/null`} - case X$UNAME in - *-DOS) PATH_SEPARATOR=';' ;; - *) PATH_SEPARATOR=':' ;; - esac -fi - -# The HP-UX ksh and POSIX shell print the target directory to stdout -# if CDPATH is set. -if test "X${CDPATH+set}" = Xset; then CDPATH=:; export CDPATH; fi - -if test "X${echo_test_string+set}" != Xset; then - # find a string as large as possible, as long as the shell can cope with it - for cmd in 'sed 50q "$0"' 'sed 20q "$0"' 'sed 10q "$0"' 'sed 2q "$0"' 'echo test'; do - # expected sizes: less than 2Kb, 1Kb, 512 bytes, 16 bytes, ... - if (echo_test_string="`eval $cmd`") 2>/dev/null && - echo_test_string="`eval $cmd`" && - (test "X$echo_test_string" = "X$echo_test_string") 2>/dev/null; then - break - fi - done -fi - -if test "X`($echo '\t') 2>/dev/null`" = 'X\t' && - echo_testing_string=`($echo "$echo_test_string") 2>/dev/null` && - test "X$echo_testing_string" = "X$echo_test_string"; then - : -else - # The Solaris, AIX, and Digital Unix default echo programs unquote - # backslashes. This makes it impossible to quote backslashes using - # echo "$something" | sed 's/\\/\\\\/g' - # - # So, first we look for a working echo in the user's PATH. - - IFS="${IFS= }"; save_ifs="$IFS"; IFS="${IFS}${PATH_SEPARATOR}" - for dir in $PATH /usr/ucb; do - if (test -f $dir/echo || test -f $dir/echo$ac_exeext) && - test "X`($dir/echo '\t') 2>/dev/null`" = 'X\t' && - echo_testing_string=`($dir/echo "$echo_test_string") 2>/dev/null` && - test "X$echo_testing_string" = "X$echo_test_string"; then - echo="$dir/echo" - break - fi - done - IFS="$save_ifs" - - if test "X$echo" = Xecho; then - # We didn't find a better echo, so look for alternatives. - if test "X`(print -r '\t') 2>/dev/null`" = 'X\t' && - echo_testing_string=`(print -r "$echo_test_string") 2>/dev/null` && - test "X$echo_testing_string" = "X$echo_test_string"; then - # This shell has a builtin print -r that does the trick. - echo='print -r' - elif (test -f /bin/ksh || test -f /bin/ksh$ac_exeext) && - test "X$CONFIG_SHELL" != X/bin/ksh; then - # If we have ksh, try running ltconfig again with it. - ORIGINAL_CONFIG_SHELL="${CONFIG_SHELL-/bin/sh}" - export ORIGINAL_CONFIG_SHELL - CONFIG_SHELL=/bin/ksh - export CONFIG_SHELL - exec "$CONFIG_SHELL" "$0" --no-reexec ${1+"$@"} - else - # Try using printf. - echo='printf %s\n' - if test "X`($echo '\t') 2>/dev/null`" = 'X\t' && - echo_testing_string=`($echo "$echo_test_string") 2>/dev/null` && - test "X$echo_testing_string" = "X$echo_test_string"; then - # Cool, printf works - : - elif echo_testing_string=`("$ORIGINAL_CONFIG_SHELL" "$0" --fallback-echo '\t') 2>/dev/null` && - test "X$echo_testing_string" = 'X\t' && - echo_testing_string=`("$ORIGINAL_CONFIG_SHELL" "$0" --fallback-echo "$echo_test_string") 2>/dev/null` && - test "X$echo_testing_string" = "X$echo_test_string"; then - CONFIG_SHELL="$ORIGINAL_CONFIG_SHELL" - export CONFIG_SHELL - SHELL="$CONFIG_SHELL" - export SHELL - echo="$CONFIG_SHELL $0 --fallback-echo" - elif echo_testing_string=`("$CONFIG_SHELL" "$0" --fallback-echo '\t') 2>/dev/null` && - test "X$echo_testing_string" = 'X\t' && - echo_testing_string=`("$CONFIG_SHELL" "$0" --fallback-echo "$echo_test_string") 2>/dev/null` && - test "X$echo_testing_string" = "X$echo_test_string"; then - echo="$CONFIG_SHELL $0 --fallback-echo" - else - # maybe with a smaller string... - prev=: - - for cmd in 'echo test' 'sed 2q "$0"' 'sed 10q "$0"' 'sed 20q "$0"' 'sed 50q "$0"'; do - if (test "X$echo_test_string" = "X`eval $cmd`") 2>/dev/null; then - break - fi - prev="$cmd" - done - - if test "$prev" != 'sed 50q "$0"'; then - echo_test_string=`eval $prev` - - export echo_test_string - exec "${ORIGINAL_CONFIG_SHELL-${CONFIG_SHELL-/bin/sh}}" "$0" ${1+"$@"} - else - # Oops. We lost completely, so just stick with echo. - echo=echo - fi - fi - fi - fi -fi - -# Sed substitution that helps us do robust quoting. It backslashifies -# metacharacters that are still active within double-quoted strings. -Xsed='sed -e s/^X//' -sed_quote_subst='s/\([\\"\\`$\\\\]\)/\\\1/g' - -# Same as above, but do not quote variable references. -double_quote_subst='s/\([\\"\\`\\\\]\)/\\\1/g' - -# Sed substitution to delay expansion of an escaped shell variable in a -# double_quote_subst'ed string. -delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g' - -# The name of this program. -progname=`$echo "X$0" | $Xsed -e 's%^.*/%%'` - -# Constants: -PROGRAM=ltconfig -PACKAGE=libtool -VERSION=1.4a -TIMESTAMP=" (1.641.2.255 2001/05/22 10:39:30)" -ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' -ac_link='${CC-cc} -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' -rm="rm -f" - -help="Try \`$progname --help' for more information." - -# Global variables: -default_ofile=libtool -can_build_shared=yes -enable_shared=yes -# All known linkers require a `.a' archive for static linking (except M$VC, -# which needs '.lib'). -enable_static=yes -enable_fast_install=yes -enable_dlopen=unknown -enable_win32_dll=no -pic_mode=default -ltmain= -silent= -srcdir= -ac_config_guess= -ac_config_sub= -host= -build=NONE -nonopt=NONE -ofile="$default_ofile" -verify_host=yes -tagname= -with_gcc=no -with_gnu_ld=no -need_locks=yes -ac_ext=c -libext=a -cache_file= -max_cmd_len= - -## Dependencies to place before and after the object being linked: -predep_objects= -postdep_objects= -predeps= -postdeps= -compiler_lib_search_path= - -## Link characteristics: -allow_undefined_flag= -no_undefined_flag= -need_lib_prefix=unknown -need_version=unknown -# when you set need_version to no, make sure it does not cause -set_version -# flags to be left without arguments -archive_cmds= -archive_expsym_cmds= -old_archive_from_new_cmds= -old_archive_from_expsyms_cmds= -striplib= -old_striplib= -export_dynamic_flag_spec= -whole_archive_flag_spec= -thread_safe_flag_spec= -hardcode_into_libs=no -hardcode_libdir_flag_spec= -hardcode_libdir_separator= -hardcode_direct=no -hardcode_minus_L=no -hardcode_shlibpath_var=unsupported -runpath_var= -link_all_deplibs=unknown -always_export_symbols=no -export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | sed '\''s/.* //'\'' | sort | uniq > $export_symbols' -# include_expsyms should be a list of space-separated symbols to be *always* -# included in the symbol list -include_expsyms= -# exclude_expsyms can be an egrep regular expression of symbols to exclude -# it will be wrapped by ` (' and `)$', so one must not match beginning or -# end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc', -# as well as any symbol that contains `d'. -exclude_expsyms="_GLOBAL_OFFSET_TABLE_" -# Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out -# platforms (ab)use it in PIC code, but their linkers get confused if -# the symbol is explicitly referenced. Since portable code cannot -# rely on this symbol name, it's probably fine to never include it in -# preloaded symbol tables. -extract_expsyms_cmds= - -## Tools: -old_AR="$AR" -old_AR_FLAGS="$AR_FLAGS" -old_CC="$CC" -old_CFLAGS="$CFLAGS" -old_CPPFLAGS="$CPPFLAGS" -old_LDFLAGS="$LDFLAGS" -old_LIBS="$LIBS" -old_MAGIC_CMD="$MAGIC_CMD" -old_LD="$LD" -old_LN_S="$LN_S" -old_LTCC="$LTCC" -old_NM="$NM" -old_RANLIB="$RANLIB" -old_STRIP="$STRIP" -old_AS="$AS" -old_DLLTOOL="$DLLTOOL" -old_OBJDUMP="$OBJDUMP" -old_OBJEXT="$OBJEXT" -old_EXEEXT="$EXEEXT" -old_reload_flag="$reload_flag" -old_deplibs_check_method="$deplibs_check_method" -old_file_magic_cmd="$file_magic_cmd" - -# Parse the command line options. -args= -prev= -for option -do - case $option in - -*=*) optarg=`echo "$option" | sed 's/[-_a-zA-Z0-9]*=//'` ;; - *) optarg= ;; - esac - - # If the previous option needs an argument, assign it. - if test -n "$prev"; then - eval "$prev=\$option" - prev= - continue - fi - - case $option in - --help) cat <&2 - echo "$help" 1>&2 - exit 1 - ;; - - *) - if test -z "$ltmain"; then - ltmain="$option" - elif test -z "$host"; then -# This generates an unnecessary warning for sparc-sun-solaris4.1.3_U1 -# if test -n "`echo $option| sed 's/[-a-z0-9.]//g'`"; then -# echo "$progname: warning \`$option' is not a valid host type" 1>&2 -# fi - host="$option" - else - echo "$progname: too many arguments" 1>&2 - echo "$help" 1>&2 - exit 1 - fi ;; - esac -done - -if test -z "$ltmain"; then - echo "$progname: you must specify a LTMAIN file" 1>&2 - echo "$help" 1>&2 - exit 1 -fi - -if test ! -f "$ltmain"; then - echo "$progname: \`$ltmain' does not exist" 1>&2 - echo "$help" 1>&2 - exit 1 -fi - -if test -n "$tagname"; then - # Check whether tagname contains only valid characters - case `$echo "X$tagname" | $Xsed -e 's/[-_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890,/]//g'` in - "") ;; - *) - echo "$progname: invalid tag name: $tagname" 1>&2 - exit 1 - ;; - esac - - if grep "^### BEGIN LIBTOOL TAG CONFIG: $tagname$" < "$ofile" > /dev/null; then - echo "$progname: tag name $tagname already exists" 1>&2 - exit 1 - fi - - if test ! -f "$ofile"; then - echo "$progname: warning: output file \`$ofile' does not exist" 1>&2 - fi - - if test -z "$LTCC"; then - eval "`$SHELL $ofile --config | grep '^LTCC='`" - if test -z "$LTCC"; then - echo "$progname: warning: output file \`$ofile' does not look like a libtool script" 1>&2 - else - echo "$progname: warning: using \`LTCC=$LTCC', extracted from \`$ofile'" 1>&2 - fi - fi -fi - -# Quote any args containing shell metacharacters. -ltconfig_args= -for arg -do - case $arg in - *" "*|*" "*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?]*) - ltconfig_args="$ltconfig_args '$arg'" ;; - *) ltconfig_args="$ltconfig_args $arg" ;; - esac -done - -# A relevant subset of AC_INIT. - -# File descriptor usage: -# 0 standard input -# 1 file creation -# 2 errors and warnings -# 3 some systems may open it to /dev/tty -# 4 used on the Kubota Titan -# 5 compiler messages saved in config.log -# 6 checking for... messages and results -if test "$silent" = yes; then - exec 6>/dev/null -else - exec 6>&1 -fi -exec 5>>./config.log - -# NLS nuisances. -# Only set LANG and LC_ALL to C if already set. -# These must not be set unconditionally because not all systems understand -# e.g. LANG=C (notably SCO). -if test "X${LC_ALL+set}" = Xset; then LC_ALL=C; export LC_ALL; fi -if test "X${LANG+set}" = Xset; then LANG=C; export LANG; fi - -if test -n "$cache_file" && test -r "$cache_file" && test -f "$cache_file"; then - echo "loading cache $cache_file within ltconfig" - . $cache_file -fi - -if (echo "testing\c"; echo 1,2,3) | grep c >/dev/null; then - # Stardent Vistra SVR4 grep lacks -e, says ghazi@caip.rutgers.edu. - if (echo -n testing; echo 1,2,3) | sed s/-n/xn/ | grep xn >/dev/null; then - ac_n= ac_c=' -' ac_t=' ' - else - ac_n=-n ac_c= ac_t= - fi -else - ac_n= ac_c='\c' ac_t= -fi - -if test -z "$srcdir"; then - # Assume the source directory is the same one as the path to LTMAIN. - srcdir=`$echo "X$ltmain" | $Xsed -e 's%/[^/]*$%%'` - test "$srcdir" = "$ltmain" && srcdir=. -fi - -trap "$rm conftest*; exit 1" 1 2 15 -if test "$verify_host" = yes; then - # Check for config.guess and config.sub. - ac_aux_dir= - for ac_dir in $srcdir $srcdir/.. $srcdir/../..; do - if test -f $ac_dir/config.guess; then - ac_aux_dir=$ac_dir - break - fi - done - if test -z "$ac_aux_dir"; then - echo "$progname: cannot find config.guess in $srcdir $srcdir/.. $srcdir/../.." 1>&2 - echo "$help" 1>&2 - exit 1 - fi - ac_config_guess=$ac_aux_dir/config.guess - ac_config_sub=$ac_aux_dir/config.sub - - # Make sure we can run config.sub. - if $SHELL $ac_config_sub sun4 >/dev/null 2>&1; then : - else - echo "$progname: cannot run $ac_config_sub" 1>&2 - echo "$help" 1>&2 - exit 1 - fi - - echo $ac_n "checking host system type""... $ac_c" 1>&6 - - host_alias=$host - case $host_alias in - "") - # Force config.guess to use the C compiler. - # CC_FOR_BUILD overrides the CC variable in config.guess but I had - # problems with it so do it this way for now. - CC="$LTCC" - - if host_alias=`$SHELL $ac_config_guess`; then : - else - echo "$progname: cannot guess host type; you must specify one" 1>&2 - echo "$help" 1>&2 - exit 1 - fi - - # Restore the C compiler. - CC="$old_CC" - ;; - esac - host=`$SHELL $ac_config_sub $host_alias` - echo "$ac_t$host" 1>&6 - - # Make sure the host verified. - test -z "$host" && exit 1 - - # Check for the build system type - echo $ac_n "checking build system type... $ac_c" 1>&6 - - build_alias=$build - case $build_alias in - NONE) - case $nonopt in - NONE) build_alias=$host_alias ;; - *) build_alias=$nonopt ;; - esac ;; - esac - - build=`$SHELL $ac_config_sub $build_alias` - build_cpu=`echo $build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'` - build_vendor=`echo $build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'` - build_os=`echo $build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` - echo "$ac_t""$build" 1>&6 - -elif test -z "$host"; then - echo "$progname: you must specify a host type if you use \`--no-verify'" 1>&2 - echo "$help" 1>&2 - exit 1 -else - host_alias=$host - build_alias=$host_alias - build=$host -fi - -if test x"$host" != x"$build"; then - ac_tool_prefix=${host_alias}- -else - ac_tool_prefix= -fi - -host_cpu=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'` -host_vendor=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'` -host_os=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` - -# Transform linux* to *-*-linux-gnu*, to support old configure scripts. -case $host_os in -linux-gnu*) ;; -linux*) host=`echo $host | sed 's/^\(.*-.*-linux\)\(.*\)$/\1-gnu\2/'` -esac - -case $host_os in -aix3*) - # AIX sometimes has problems with the GCC collect2 program. For some - # reason, if we set the COLLECT_NAMES environment variable, the problems - # vanish in a puff of smoke. - if test "X${COLLECT_NAMES+set}" != Xset; then - COLLECT_NAMES= - export COLLECT_NAMES - fi - ;; -esac - -# Determine commands to create old-style static archives. -old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs$old_deplibs' -old_postinstall_cmds='chmod 644 $oldlib' -old_postuninstall_cmds= - -if test -n "$RANLIB"; then - old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib" - old_postinstall_cmds="\$RANLIB \$oldlib~$old_postinstall_cmds" -fi - -# Source the script associated with the $tagname tag configuration. -if test -n "$tagname"; then - . $ltmain -else - # FIXME: We should use a variable here - # Configure for a C compiler - . $srcdir/ltcf-c.sh -fi - -# Set sane defaults for various variables -test -z "$AR" && AR=ar -test -z "$AR_FLAGS" && AR_FLAGS=cru -test -z "$AS" && AS=as -test -z "$CC" && CC=cc -test -z "$DLLTOOL" && DLLTOOL=dlltool -test -z "$MAGIC_CMD" && MAGIC_CMD=file -test -z "$LD" && LD=ld -test -z "$LN_S" && LN_S="ln -s" -test -z "$NM" && NM=nm -test -z "$OBJDUMP" && OBJDUMP=objdump -test -z "$RANLIB" && RANLIB=: -test -z "$STRIP" && STRIP=: -test -z "$objext" && objext=o - -echo $ac_n "checking for objdir... $ac_c" 1>&6 -rm -f .libs 2>/dev/null -mkdir .libs 2>/dev/null -if test -d .libs; then - objdir=.libs -else - # MS-DOS does not allow filenames that begin with a dot. - objdir=_libs -fi -rmdir .libs 2>/dev/null -echo "$ac_t$objdir" 1>&6 - -# If no C compiler was specified, use CC. -LTCC=${LTCC-"$CC"} - -# Allow CC to be a program name with arguments. -set dummy $CC -compiler="$2" - -# We assume here that the value for ac_cv_prog_cc_pic will not be cached -# in isolation, and that seeing it set (from the cache) indicates that -# the associated values are set (in the cache) correctly too. -echo $ac_n "checking for $compiler option to produce PIC... $ac_c" 1>&6 -echo "$progname:678:checking for $compiler option to produce PIC" 1>&5 - -if test -z "$ac_cv_prog_cc_pic"; then - echo "$ac_t"none 1>&6 -else - echo "$ac_t""$ac_cv_prog_cc_pic" 1>&6 - - # Check to make sure the pic_flag actually works. - echo $ac_n "checking if $compiler PIC flag $ac_cv_prog_cc_pic works... $ac_c" 1>&6 - echo "$progname:687:checking that $compiler PIC flag $ac_cv_prog_cc_pic works." 1>&5 - if test "X${ac_cv_prog_cc_pic_works+set}" = Xset && \ - test "X${ac_cv_prog_cc_pic_works}" != X; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - ac_cv_prog_cc_pic_works=yes - $rm conftest* - echo $lt_simple_compile_test_code > conftest.$ac_ext - save_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS $ac_cv_prog_cc_pic -DPIC" - if { (eval echo $progname:697: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>conftest.err; } && test -s conftest.$objext; then - # Append any warnings to the config.log. - cat conftest.err 1>&5 - - case $host_os in - hpux9* | hpux10* | hpux11*) - # On HP-UX, both CC and GCC only warn that PIC is supported... then - # they create non-PIC objects. So, if there were any warnings, we - # assume that PIC is not supported. - if test -s conftest.err; then - ac_cv_prog_cc_pic_works=no - ac_cv_prog_cc_can_build_shared=no - ac_cv_prog_cc_pic= - else - ac_cv_prog_cc_pic_works=yes - ac_cv_prog_cc_pic=" $ac_cv_prog_cc_pic" - fi - ;; - *) - ac_cv_prog_cc_pic_works=yes - ac_cv_prog_cc_pic=" $ac_cv_prog_cc_pic" - ;; - esac - else - # Append any errors to the config.log. - cat conftest.err 1>&5 - ac_cv_prog_cc_pic_works=no - ac_cv_prog_cc_can_build_shared=no - ac_cv_prog_cc_pic= - fi - CFLAGS="$save_CFLAGS" - $rm conftest* - fi - # Belt *and* braces to stop my trousers falling down: - if test "X$ac_cv_prog_cc_pic_works" = Xno; then - ac_cv_prog_cc_pic= - ac_cv_prog_cc_can_build_shared=no - fi - echo "$ac_t""$ac_cv_prog_cc_pic_works" 1>&6 -fi - -# Check for any special shared library compilation flags. -if test -n "$ac_cv_prog_cc_shlib"; then - echo "$progname: warning: \`$CC' requires \`$ac_cv_prog_cc_shlib' to build shared libraries" 1>&2 - if echo "$old_CC $old_CFLAGS " | egrep -e "[ ]$ac_cv_prog_cc_shlib[ ]" >/dev/null; then : - else - echo "$progname: add \`$ac_cv_prog_cc_shlib' to the CC or CFLAGS env variable and reconfigure" 1>&2 - ac_cv_prog_cc_can_build_shared=no - fi -fi - -echo $ac_n "checking if $compiler static flag $ac_cv_prog_cc_static works... $ac_c" 1>&6 -echo "$progname:749: checking if $compiler static flag $ac_cv_prog_cc_static works" >&5 -if test "X${ac_cv_prog_cc_static_works+set}" = Xset && \ - test "X${ac_cv_prog_cc_static_works}" != X; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - $rm conftest* - echo $lt_simple_link_test_code > conftest.$ac_ext - save_LDFLAGS="$LDFLAGS" - LDFLAGS="$LDFLAGS $ac_cv_prog_cc_static" - if { (eval echo $progname:758: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - ac_cv_prog_cc_static_works=yes - else - ac_cv_prog_cc_static_works=no - ac_cv_prog_cc_static= - fi - LDFLAGS="$save_LDFLAGS" - $rm conftest* -fi -# Belt *and* braces to stop my trousers falling down: -if test "X$ac_cv_prog_cc_static_works" = Xno; then - ac_cv_prog_cc_static= -fi -echo "$ac_t""$ac_cv_prog_cc_static_works" 1>&6 -pic_flag="$ac_cv_prog_cc_pic" -special_shlib_compile_flags="$ac_cv_prog_cc_shlib" -wl="$ac_cv_prog_cc_wl" -link_static_flag="$ac_cv_prog_cc_static" -no_builtin_flag="$ac_cv_prog_cc_no_builtin" -can_build_shared="$ac_cv_prog_cc_can_build_shared" - -# find the maximum length of command line arguments -echo "$progname:780: finding the maximum length of command line arguments" 1>&5 -echo $ac_n "finding the maximum length of command line arguments... $ac_c" 1>&6 -if test "${lt_cv_sys_max_cmd_len+set}" = set; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - i=0 - testring="ABCD" - # If test is not a shell built-in, we'll probably end up computing a - # maximum length that is only half of the actual maximum length, but - # we can't tell. - while test "X"`$CONFIG_SHELL $0 --fallback-echo "X$testring" 2>/dev/null` \ - = "XX$testring" && - new_result=`expr "X$testring" : ".*" 2>&1` && - lt_cv_sys_max_cmd_len=$new_result && - test $i != 18 # 1 MB should be enough - do - i=`expr $i + 1` - testring=$testring$testring - done - testring= - # add a significant safety factor because C++ compilers can tack on massive amounts - # of additional arguments before passing them to the linker. 1/4 should be good. - len=`expr $lt_cv_sys_max_cmd_len \/ 4` - lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len - $len` -fi -echo "$progname:@lineno@: result: $lt_cv_sys_max_cmd_len" 1>&5 -echo "${ac_t}$lt_cv_sys_max_cmd_len" 1>&6 - -if test -n $lt_cv_sys_max_cmd_len ; then - max_cmd_len=$lt_cv_sys_max_cmd_len -else - max_cmd_len=none -fi - -# Check to see if options -o and -c are simultaneously supported by compiler -echo $ac_n "checking if $compiler supports -c -o file.$objext... $ac_c" 1>&6 -if test "${lt_cv_compiler_c_o+set}" = set; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - $rm -r conftest 2>/dev/null - mkdir conftest - cd conftest - $rm conftest* - echo $lt_simple_compile_test_code > conftest.$ac_ext - mkdir out - # According to Tom Tromey, Ian Lance Taylor reported there are C compilers - # that will create temporary files in the current directory regardless of - # the output directory. Thus, making CWD read-only will cause this test - # to fail, enabling locking or at least warning the user not to do parallel - # builds. - chmod -w . - save_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS -o out/conftest2.$objext" - echo "$progname:833: checking if $compiler supports -c -o file.$objext" >&5 - if { (eval echo $progname:834: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>out/conftest.err; } && test -s out/conftest2.$objext; then - - # The compiler can only warn and ignore the option if not recognized - # So say no if there are warnings - if test -s out/conftest.err; then - lt_cv_compiler_c_o=no - else - lt_cv_compiler_c_o=yes - fi - else - # Append any errors to the config.log. - cat out/conftest.err 1>&5 - lt_cv_compiler_c_o=no - fi - CFLAGS="$save_CFLAGS" - chmod u+w . - $rm conftest* out/* - rmdir out - cd .. - rmdir conftest - $rm -r conftest 2>/dev/null -fi -compiler_c_o=$lt_cv_compiler_c_o -echo "${ac_t}$compiler_c_o" 1>&6 - -# Check to see if we can do hard links to lock some files if needed -hard_links="nottested" -if test "$compiler_c_o" = no && test "$need_locks" != no; then - # do not overwrite the value of need_locks provided by the user - echo $ac_n "checking if we can lock with hard links... $ac_c" 1>&6 - hard_links=yes - $rm conftest* - ln conftest.a conftest.b 2>/dev/null && hard_links=no - touch conftest.a - ln conftest.a conftest.b 2>&5 || hard_links=no - ln conftest.a conftest.b 2>/dev/null && hard_links=no - echo "$ac_t$hard_links" 1>&6 - $rm conftest* - if test "$hard_links" = no; then - echo "*** WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2 - need_locks=warn - fi -else - need_locks=no -fi - -if test "$with_gcc" = yes; then - # Check to see if options -fno-rtti -fno-exceptions are supported by compiler - echo $ac_n "checking if $compiler supports -fno-rtti -fno-exceptions ... $ac_c" 1>&6 - $rm conftest* - echo $lt_simple_compile_test_code > conftest.$ac_ext - save_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS -fno-rtti -fno-exceptions -c conftest.$ac_ext" - echo "$progname:887: checking if $compiler supports -fno-rtti -fno-exceptions" >&5 - if { (eval echo $progname:888: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>conftest.err; } && test -s conftest.$objext; then - - # The compiler can only warn and ignore the option if not recognized - # So say no if there are warnings - if test -s conftest.err; then - echo "$ac_t"no 1>&6 - compiler_rtti_exceptions=no - else - echo "$ac_t"yes 1>&6 - compiler_rtti_exceptions=yes - fi - else - # Append any errors to the config.log. - cat conftest.err 1>&5 - compiler_rtti_exceptions=no - echo "$ac_t"no 1>&6 - fi - CFLAGS="$save_CFLAGS" - $rm conftest* - - if test "$compiler_rtti_exceptions" = "yes"; then - no_builtin_flag=' -fno-builtin -fno-rtti -fno-exceptions' - else - no_builtin_flag=' -fno-builtin' - fi - -fi - -# See if the linker supports building shared libraries. -echo $ac_n "checking whether the linker ($LD) supports shared libraries... $ac_c" 1>&6 - -echo "$ac_t$ld_shlibs" 1>&6 -test "$ld_shlibs" = no && can_build_shared=no - -# Check hardcoding attributes. -echo $ac_n "checking how to hardcode library paths into programs... $ac_c" 1>&6 -hardcode_action= -if test -n "$hardcode_libdir_flag_spec" || \ - test -n "$runpath_var"; then - - # We can hardcode non-existant directories. - if test "$hardcode_direct" != no && - # If the only mechanism to avoid hardcoding is shlibpath_var, we - # have to relink, otherwise we might link with an installed library - # when we should be linking with a yet-to-be-installed one - ## test "$hardcode_shlibpath_var" != no && - test "$hardcode_minus_L" != no; then - # Linking always hardcodes the temporary library directory. - hardcode_action=relink - else - # We can link without hardcoding, and we can hardcode nonexisting dirs. - hardcode_action=immediate - fi -else - # We cannot hardcode anything, or else we can only hardcode existing - # directories. - hardcode_action=unsupported -fi -echo "$ac_t$hardcode_action" 1>&6 - -echo $ac_n "checking whether stripping libraries is possible... $ac_c" 1>&6 -if test -n "$STRIP" && $STRIP -V 2>&1 | grep "GNU strip" >/dev/null; then - test -z "$old_striplib" && old_striplib="$STRIP --strip-debug" - test -z "$striplib" && striplib="$STRIP --strip-unneeded" - echo "${ac_t}yes" 1>&6 -else - echo "${ac_t}no" 1>&6 -fi - -case $reload_flag in -"" | " "*) ;; -*) reload_flag=" $reload_flag" ;; -esac -reload_cmds='$LD$reload_flag -o $output$reload_objs' -test -z "$deplibs_check_method" && deplibs_check_method=unknown - -# PORTME Fill in your ld.so characteristics -library_names_spec= -libname_spec='lib$name' -soname_spec= -postinstall_cmds= -postuninstall_cmds= -finish_cmds= -finish_eval= -shlibpath_var= -shlibpath_overrides_runpath=unknown -version_type=none -dynamic_linker="$host_os ld.so" -sys_lib_dlsearch_path_spec="/lib /usr/lib" -sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" - -echo $ac_n "checking dynamic linker characteristics... $ac_c" 1>&6 -case $host_os in -aix3*) - version_type=linux - library_names_spec='${libname}${release}.so$versuffix $libname.a' - shlibpath_var=LIBPATH - - # AIX 3 has no versioning support, so we append a major version to the name. - soname_spec='${libname}${release}.so$major' - ;; - -aix4* | aix5*) - if test "$host_cpu" = ia64; then - # AIX 5 supports IA64 - library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so' - shlibpath_var=LD_LIBRARY_PATH - else - # AIX (on Power*) has no versioning support, so currently we can not hardcode correct - # soname into executable. Probably we can add versioning support to - # collect2, so additional links can be useful in future. - # We preserve .a as extension for shared libraries though AIX4.2 - # and later linker supports .so - if test "$aix_use_runtimelinking" = yes; then - # If using run time linking (on AIX 4.2 or later) use lib.so instead of - # lib.a to let people know that these are not typical AIX shared libraries. - library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so' - else - # We preserve .a as extension for shared libraries though AIX4.2 - # and later when we are not doing run time linking. - library_names_spec='${libname}${release}.a $libname.a' - soname_spec='${libname}${release}.so$major.o' - fi - # If we're using GNU nm, then we don't want the "-C" option. - # -C means demangle to AIX nm, but means don't demangle with GNU nm - if $NM -V 2>&1 | egrep '(GNU)' > /dev/null; then - export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols' - else - export_symbols_cmds='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols' - fi - shlibpath_var=LIBPATH - deplibs_check_method=pass_all - case $host_os in - aix4 | aix4.[01] | aix4.[01].*) - if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)' - echo ' yes ' - echo '#endif'; } | ${CC} -E - | grep yes > /dev/null; then - : - else - # With GCC up to 2.95.x, collect2 would create an import file - # for dependence libraries. The import file would start with - # the line `#! .'. This would cause the generated library to - # depend on `.', always an invalid library. This was fixed in - # development snapshots of GCC prior to 3.0. - can_build_shared=no - fi - ;; - esac - fi - ;; - -amigaos*) - library_names_spec='$libname.ixlibrary $libname.a' - # Create ${libname}_ixlibrary.a entries in /sys/libs. - finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$echo "X$lib" | $Xsed -e '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $rm /sys/libs/${libname}_ixlibrary.a; $show "(cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a)"; (cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a) || exit 1; done' - ;; - -beos*) - library_names_spec='${libname}.so' - dynamic_linker="$host_os ld.so" - shlibpath_var=LIBRARY_PATH - lt_cv_dlopen="load_add_on" - lt_cv_dlopen_libs= - lt_cv_dlopen_self=yes - ;; - -bsdi4*) - version_type=linux - need_version=no - library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so' - soname_spec='${libname}${release}.so$major' - finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir' - shlibpath_var=LD_LIBRARY_PATH - sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib" - sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib" - export_dynamic_flag_spec=-rdynamic - # the default ld.so.conf also contains /usr/contrib/lib and - # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow - # libtool to hard-code these into programs - ;; - -cygwin* | mingw* | pw32*) - version_type=windows - need_version=no - need_lib_prefix=no - case $with_gcc,$host_os in - yes,cygwin*) - library_names_spec='$libname.dll.a' - soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | [sed -e 's/[.]/-/g']`${versuffix}.dll' - postinstall_cmds='dlpath=`bash 2>&1 -c '\''. $dir/${file}i; echo \$dlname'\''`~ - dldir=$destdir/`dirname \$dlpath`~ - test -d \$dldir || mkdir -p \$dldir~ - $install_prog .libs/$dlname \$dldir/$dlname' - postuninstall_cmds='dldll=`bash 2>&1 -c '\''. $file; echo \$dlname'\''`~ - dlpath=$dir/\$dldll; $rm \$dlpath' - ;; - yes,mingw*) - library_names_spec='${libname}`echo ${release} | sed -e 's/[.]/-/g'`${versuffix}.dll' - sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | sed -e "s/^libraries://" -e "s/;/ /g"` - ;; - yes,pw32*) - library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | sed -e 's/[.]/-/g'`${versuffix}.dll' -;; - *) - library_names_spec='${libname}`echo ${release} | sed -e 's/[.]/-/g'`${versuffix}.dll $libname.lib' - ;; - esac - dynamic_linker='Win32 ld.exe' - # FIXME: first we should search . and the directory the executable is in - shlibpath_var=PATH - lt_cv_dlopen="LoadLibrary" - lt_cv_dlopen_libs= - ;; - -darwin* | rhapsody*) - dynamic_linker="$host_os dyld" - version_type=darwin - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}${versuffix}.`test .$module = .yes && echo so || echo dylib` ${libname}${release}${major}.`test .$module = .yes && echo so || echo dylib` ${libname}.`test .$module = .yes && echo so || echo dylib`' - soname_spec='${libname}${release}${major}.`test .$module = .yes && echo so || echo dylib`' - shlibpath_overrides_runpath=yes - shlibpath_var=DYLD_LIBRARY_PATH - ;; - -freebsd1*) - dynamic_linker=no - ;; - -freebsd*) - objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout` - version_type=sunos - case $objformat in - elf*) - library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so' - soname_spec='${libname}${release}.so$major' - need_version=no - need_lc=no - need_lib_prefix=no - ;; - *) - library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so' - need_version=yes - ;; - esac - shlibpath_var=LD_LIBRARY_PATH - case $host_os in - freebsd2*) - shlibpath_overrides_runpath=yes - ;; - *) - shlibpath_overrides_runpath=no - hardcode_into_libs=yes - ;; - esac - ;; - -gnu*) - version_type=linux - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so${major} ${libname}.so' - soname_spec='${libname}${release}.so$major' - shlibpath_var=LD_LIBRARY_PATH - hardcode_into_libs=yes - ;; - -hpux9* | hpux10* | hpux11*) - # Give a soname corresponding to the major version so that dld.sl refuses to - # link against other versions. - dynamic_linker="$host_os dld.sl" - version_type=sunos - need_lib_prefix=no - need_version=no - shlibpath_var=SHLIB_PATH - shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH - library_names_spec='${libname}${release}.sl$versuffix ${libname}${release}.sl$major $libname.sl' - soname_spec='${libname}${release}.sl$major' - # HP-UX runs *really* slowly unless shared libraries are mode 555. - postinstall_cmds='chmod 555 $lib' - ;; - -irix5* | irix6*) - version_type=sunos - need_lib_prefix=no - need_version=no - soname_spec='${libname}${release}.so$major' - library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major ${libname}${release}.so $libname.so' - case $host_os in - irix5*) - libsuff= shlibsuff= - ;; - *) - case $LD in # libtool.m4 will add one of these switches to LD - *-32|*"-32 ") libsuff= shlibsuff= libmagic=32-bit;; - *-n32|*"-n32 ") libsuff=32 shlibsuff=N32 libmagic=N32;; - *-64|*"-64 ") libsuff=64 shlibsuff=64 libmagic=64-bit;; - *) libsuff= shlibsuff= libmagic=never-match;; - esac - ;; - esac - shlibpath_var=LD_LIBRARY${shlibsuff}_PATH - shlibpath_overrides_runpath=no - sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}" - sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}" - ;; - -# No shared lib support for Linux oldld, aout, or coff. -linux-gnuoldld* | linux-gnuaout* | linux-gnucoff*) - dynamic_linker=no - ;; - -# This must be Linux ELF. -linux-gnu*) - version_type=sunos - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so' - soname_spec='${libname}${release}.so$major' - finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=no - # This implies no fast_install, which is unacceptable. - # Some rework will be needed to allow for fast_install - # before this can be enabled. - hardcode_into_libs=yes - - # We used to test for /lib/ld.so.1 and disable shared libraries on - # powerpc, because MkLinux only supported shared libraries with the - # GNU dynamic linker. Since this was broken with cross compilers, - # most powerpc-linux boxes support dynamic linking these days and - # people can always --disable-shared, the test was removed, and we - # assume the GNU/Linux dynamic linker is in use. - dynamic_linker='GNU/Linux ld.so' - ;; - -netbsd*) - need_lib_prefix=no - need_version=no - version_type=sunos - if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then - library_names_spec='${libname}${release}.so$versuffix ${libname}.so$versuffix' - finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' - dynamic_linker='NetBSD (a.out) ld.so' - else - library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major ${libname}${release}.so ${libname}.so' - soname_spec='${libname}${release}.so$major' - dynamic_linker='NetBSD ld.elf_so' - fi - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes - hardcode_into_libs=yes - sys_lib_dlsearch_path_spec="/usr/lib" - sys_lib_search_path_spec="/usr/lib" - ;; - -newsos6) - version_type=linux - library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes - ;; - -openbsd*) - version_type=sunos - if test "$with_gnu_ld" = yes; then - need_lib_prefix=no - need_version=no - fi - library_names_spec='${libname}${release}.so$versuffix ${libname}.so$versuffix' - finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' - shlibpath_var=LD_LIBRARY_PATH - ;; - -os2*) - libname_spec='$name' - need_lib_prefix=no - library_names_spec='$libname.dll $libname.a' - dynamic_linker='OS/2 ld.exe' - shlibpath_var=LIBPATH - ;; - -osf3* | osf4* | osf5*) - version_type=osf - need_version=no - soname_spec='${libname}${release}.so' - library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so $libname.so' - shlibpath_var=LD_LIBRARY_PATH - sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib" - sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec" - ;; - -sco3.2v5*) - version_type=osf - soname_spec='${libname}${release}.so$major' - library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so' - shlibpath_var=LD_LIBRARY_PATH - ;; - -solaris*) - version_type=sunos - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so' - soname_spec='${libname}${release}.so$major' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes - hardcode_into_libs=yes - # ldd complains unless libraries are executable - postinstall_cmds='chmod +x $lib' - ;; - -sunos4*) - version_type=sunos - library_names_spec='${libname}${release}.so$versuffix ${libname}.so$versuffix' - finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes - if test "$with_gnu_ld" = yes; then - need_lib_prefix=no - fi - need_version=yes - ;; - -sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*) - version_type=linux - library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so' - soname_spec='${libname}${release}.so$major' - shlibpath_var=LD_LIBRARY_PATH - case $host_vendor in - motorola) - need_lib_prefix=no - need_version=no - shlibpath_overrides_runpath=no - sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib' - ;; - esac - ;; - -uts4*) - version_type=linux - library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so' - soname_spec='${libname}${release}.so$major' - shlibpath_var=LD_LIBRARY_PATH - ;; - -dgux*) - version_type=linux - need_lib_prefix=no - need_version=no - library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so' - soname_spec='${libname}${release}.so$major' - shlibpath_var=LD_LIBRARY_PATH - ;; - -sysv4*MP*) - if test -d /usr/nec ;then - version_type=linux - library_names_spec='$libname.so.$versuffix $libname.so.$major $libname.so' - soname_spec='$libname.so.$major' - shlibpath_var=LD_LIBRARY_PATH - fi - ;; - -*) - dynamic_linker=no - ;; -esac -echo "$ac_t$dynamic_linker" 1>&6 -test "$dynamic_linker" = no && can_build_shared=no - -# Check for command to grab the raw symbol name followed by C symbol from nm. -echo $ac_n "checking command to parse $NM output... $ac_c" 1>&6 - -# These are sane defaults that work on at least a few old systems. -# [They come from Ultrix. What could be older than Ultrix?!! ;)] - -# Character class describing NM global symbol codes. -symcode='[BCDEGRST]' - -# Regexp to match symbols that can be accessed directly from C. -sympat='\([_A-Za-z][_A-Za-z0-9]*\)' - -# Transform the above into a raw symbol and a C symbol. -symxfrm='\1 \2\3 \3' - -# Transform an extracted symbol line into a proper C declaration -global_symbol_to_cdecl="sed -n -e 's/^. .* \(.*\)$/extern char \1;/p'" - -# Define system-specific variables. -case $host_os in -aix*) - symcode='[BCDT]' - ;; -cygwin* | mingw* | pw32*) - symcode='[ABCDGISTW]' - ;; -hpux*) # Its linker distinguishes data from code symbols - global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern char \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'" - ;; -irix*) - symcode='[BCDEGRST]' - ;; -solaris* | sysv5*) - symcode='[BDT]' - ;; -sysv4) - symcode='[DFNSTU]' - ;; -esac - -# Handle CRLF in mingw tool chain -opt_cr= -case $host_os in -mingw*) - opt_cr=`echo 'x\{0,1\}' | tr x '\015'` # option cr in regexp - ;; -esac - -# If we're using GNU nm, then use its standard symbol codes. -if $NM -V 2>&1 | egrep '(GNU|with BFD)' > /dev/null; then - symcode='[ABCDGISTW]' -fi - -# Try without a prefix undercore, then with it. -for ac_symprfx in "" "_"; do - - # Write the raw and C identifiers. - global_symbol_pipe="sed -n -e 's/^.*[ ]\($symcode$symcode*\)[ ][ ]*\($ac_symprfx\)$sympat$opt_cr$/$symxfrm/p'" - - # Check to see that the pipe works correctly. - pipe_works=no - $rm conftest* - cat > conftest.$ac_ext <&5 - if { (eval echo $progname:1434: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; } && test -s conftest.$objext; then - # Now try to grab the symbols. - nlist=conftest.nm - if { echo "$progname:1437: eval \"$NM conftest.$objext | $global_symbol_pipe > $nlist\"" >&5; eval "$NM conftest.$objext | $global_symbol_pipe > $nlist 2>&5"; } && test -s "$nlist"; then - - # Try sorting and uniquifying the output. - if sort "$nlist" | uniq > "$nlist"T; then - mv -f "$nlist"T "$nlist" - else - rm -f "$nlist"T - fi - - # Make sure that we snagged all the symbols we need. - if egrep ' nm_test_var$' "$nlist" >/dev/null; then - if egrep ' nm_test_func$' "$nlist" >/dev/null; then - cat < conftest.$ac_ext -#ifdef __cplusplus -extern "C" { -#endif - -EOF - # Now generate the symbol file. - eval "$global_symbol_to_cdecl"' < "$nlist" >> conftest.$ac_ext' - - cat <> conftest.$ac_ext -#if defined (__STDC__) && __STDC__ -# define lt_ptr_t void * -#else -# define lt_ptr_t char * -# define const -#endif - -/* The mapping between symbol names and symbols. */ -const struct { - const char *name; - lt_ptr_t address; -} -lt_preloaded_symbols[] = -{ -EOF - sed "s/^$symcode$symcode* \(.*\) \(.*\)$/ {\"\2\", (lt_ptr_t) \&\2},/" < "$nlist" >> conftest.$ac_ext - cat <<\EOF >> conftest.$ac_ext - {0, (lt_ptr_t) 0} -}; - -#ifdef __cplusplus -} -#endif -EOF - # Now try linking the two files. - mv conftest.$objext conftstm.$objext - save_LIBS="$LIBS" - save_CFLAGS="$CFLAGS" - LIBS="conftstm.$objext" - CFLAGS="$CFLAGS$no_builtin_flag" - if { (eval echo $progname:1489: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then - pipe_works=yes - else - echo "$progname: failed program was:" >&5 - cat conftest.$ac_ext >&5 - fi - LIBS="$save_LIBS" - else - echo "cannot find nm_test_func in $nlist" >&5 - fi - else - echo "cannot find nm_test_var in $nlist" >&5 - fi - else - echo "cannot run $global_symbol_pipe" >&5 - fi - else - echo "$progname: failed program was:" >&5 - cat conftest.$ac_ext >&5 - fi - $rm conftest* conftst* - - # Do not use the global_symbol_pipe unless it works. - if test "$pipe_works" = yes; then - break - else - global_symbol_pipe= - fi -done -if test "$pipe_works" = yes; then - echo "${ac_t}ok" 1>&6 -else - echo "${ac_t}failed" 1>&6 -fi - -if test -z "$global_symbol_pipe"; then - global_symbol_to_cdecl= -fi - -# Report the final consequences. -echo "checking if libtool supports shared libraries... $can_build_shared" 1>&6 - -# Only try to build win32 dlls if AC_LIBTOOL_WIN32_DLL was used in -# configure.in, otherwise build static only libraries. -case $host_os in -cygwin* | mingw* | pw32* | os2*) - if test x$can_build_shared = xyes; then - test x$enable_win32_dll = xno && can_build_shared=no - echo "checking if package supports dlls... $can_build_shared" 1>&6 - fi -;; -esac - -echo $ac_n "checking whether to build shared libraries... $ac_c" 1>&6 -test "$can_build_shared" = "no" && enable_shared=no - -# On AIX, shared libraries and static libraries use the same namespace, and -# are all built from PIC. -case $host_os in -aix3*) - test "$enable_shared" = yes && enable_static=no - if test -n "$RANLIB"; then - archive_cmds="$archive_cmds~\$RANLIB \$lib" - postinstall_cmds='$RANLIB $lib' - fi - ;; - -aix4*) - test "$enable_shared" = yes && enable_static=no - ;; -esac - -echo "$ac_t$enable_shared" 1>&6 - -# Make sure either enable_shared or enable_static is yes. -test "$enable_shared" = yes || enable_static=yes - -echo "checking whether to build static libraries... $enable_static" 1>&6 - -if test "$hardcode_action" = relink; then - # Fast installation is not supported - enable_fast_install=no -elif test "$shlibpath_overrides_runpath" = yes || - test "$enable_shared" = no; then - # Fast installation is not necessary - enable_fast_install=needless -fi - -variables_saved_for_relink="PATH $shlibpath_var $runpath_var" -if test "$with_gcc" = yes; then - variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH" -fi - -# Check whether we must set pic_mode to default -test -z "$pic_flag" && pic_mode=default - -if test "x$enable_dlopen" != xyes; then - enable_dlopen=unknown - enable_dlopen_self=unknown - enable_dlopen_self_static=unknown -else -if test "X${lt_cv_dlopen+set}" != Xset; then - lt_cv_dlopen=no lt_cv_dlopen_libs= -echo $ac_n "checking for dlopen in -ldl""... $ac_c" 1>&6 -echo "$progname:1593: checking for dlopen in -ldl" >&5 -if test "X${ac_cv_lib_dl_dlopen+set}" = Xset; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - ac_save_LIBS="$LIBS" -LIBS="-ldl $LIBS" -cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - ac_cv_lib_dl_dlopen=yes -else - echo "$progname: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - ac_cv_lib_dl_dlopen=no -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - -fi -if test "X$ac_cv_lib_dl_dlopen" = Xyes; then - echo "$ac_t""yes" 1>&6 - lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl" -else - echo "$ac_t""no" 1>&6 -echo $ac_n "checking for dlopen""... $ac_c" 1>&6 -echo "$progname:1632: checking for dlopen" >&5 -if test "X${ac_cv_func_dlopen+set}" = Xset; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext < -/* Override any gcc2 internal prototype to avoid an error. */ -/* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char dlopen(); - -int main() { - -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined (__stub_dlopen) || defined (__stub___dlopen) -choke me -#else -dlopen(); -#endif - -; return 0; } -EOF -if { (eval echo $progname:1662: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - ac_cv_func_dlopen=yes -else - echo "$progname: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - ac_cv_func_dlopen=no -fi -rm -f conftest* -fi -if test "X$ac_cv_func_dlopen" = Xyes; then - echo "$ac_t""yes" 1>&6 - lt_cv_dlopen="dlopen" -else - echo "$ac_t""no" 1>&6 -echo $ac_n "checking for dlopen in -lsvld""... $ac_c" 1>&6 -echo "$progname:1679: checking for dlopen in -lsvld" >&5 -if test "X${ac_cv_lib_svld_dlopen+set}" = Xset; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - ac_save_LIBS="$LIBS" -LIBS="-lsvld $LIBS" -cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - ac_cv_lib_svld_dlopen=yes -else - echo "$progname: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - ac_cv_lib_svld_dlopen=no -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - -fi -if test "X$ac_cv_lib_svld_dlopen" = Xyes; then - echo "$ac_t""yes" 1>&6 - lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld" -else - echo "$ac_t""no" 1>&6 -echo $ac_n "checking for dld_link in -ldld""... $ac_c" 1>&6 -echo "$progname:1718: checking for dld_link in -ldld" >&5 -if test "X${ac_cv_lib_dld_dld_link+set}" = Xset; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - ac_save_LIBS="$LIBS" -LIBS="-ldld $LIBS" -cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - ac_cv_lib_dld_dld_link=yes -else - echo "$progname: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - ac_cv_lib_dld_dld_link=no -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - -fi -if test "X$ac_cv_lib_dld_dld_link" = Xyes; then - echo "$ac_t""yes" 1>&6 - lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-ldld" -else - echo "$ac_t""no" 1>&6 -echo $ac_n "checking for shl_load""... $ac_c" 1>&6 -echo "$progname:1757: checking for shl_load" >&5 -if test "X${ac_cv_func_shl_load+set}" = Xset; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext < -/* Override any gcc2 internal prototype to avoid an error. */ -/* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char shl_load(); - -int main() { - -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined (__stub_shl_load) || defined (__stub___shl_load) -choke me -#else -shl_load(); -#endif - -; return 0; } -EOF -if { (eval echo $progname:1787: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - ac_cv_func_shl_load=yes -else - echo "$progname: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - ac_cv_func_shl_load=no -fi -rm -f conftest* -fi - -if test "X$ac_cv_func_shl_load" = Xyes; then - echo "$ac_t""yes" 1>&6 - lt_cv_dlopen="shl_load" -else - echo "$ac_t""no" 1>&6 -echo $ac_n "checking for shl_load in -ldld""... $ac_c" 1>&6 -echo "$progname:1805: checking for shl_load in -ldld" >&5 -if test "X${ac_cv_lib_dld_shl_load+set}" = Xset; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - ac_save_LIBS="$LIBS" -LIBS="-ldld $LIBS" -cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - ac_cv_lib_dld_shl_load=yes -else - echo "$progname: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - ac_cv_lib_dld_shl_load=no -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - -fi -if test "X$ac_cv_lib_dld_shl_load" = Xyes; then - echo "$ac_t""yes" 1>&6 - lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-ldld" -else - echo "$ac_t""no" 1>&6 -fi - - -fi - - -fi - - -fi - - -fi - -fi - -fi - - if test "x$lt_cv_dlopen" != xno; then - enable_dlopen=yes - else - enable_dlopen=no - fi - - case $lt_cv_dlopen in - dlopen) -for ac_hdr in dlfcn.h; do -ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` -echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "$progname:1873: checking for $ac_hdr" >&5 -if eval "test \"`echo 'X$''{'ac_cv_header_$ac_safe'+set}'`\" = Xset"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext < -int fnord = 0; -int main () { return(0); } -EOF -ac_try="$ac_compile >/dev/null 2>conftest.out" -{ (eval echo $progname:1884: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` -if test -z "$ac_err"; then - rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" -else - echo "$ac_err" >&5 - echo "$progname: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_header_$ac_safe=no" -fi -rm -f conftest* -fi -if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then - echo "$ac_t""yes" 1>&6 -else - echo "$ac_t""no" 1>&6 -fi -done - - if test "x$ac_cv_header_dlfcn_h" = xyes; then - CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H" - fi - eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\" - LIBS="$lt_cv_dlopen_libs $LIBS" - - echo $ac_n "checking whether a program can dlopen itself""... $ac_c" 1>&6 -echo "$progname:1912: checking whether a program can dlopen itself" >&5 -if test "X${lt_cv_dlopen_self+set}" = Xset; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - if test "$cross_compiling" = yes; then - lt_cv_dlopen_self=cross - else - cat > conftest.$ac_ext < -#endif - -#include - -#ifdef RTLD_GLOBAL -# define LTDL_GLOBAL RTLD_GLOBAL -#else -# ifdef DL_GLOBAL -# define LTDL_GLOBAL DL_GLOBAL -# else -# define LTDL_GLOBAL 0 -# endif -#endif - -/* We may have to define LTDL_LAZY_OR_NOW in the command line if we - find out it does not work in some platform. */ -#ifndef LTDL_LAZY_OR_NOW -# ifdef RTLD_LAZY -# define LTDL_LAZY_OR_NOW RTLD_LAZY -# else -# ifdef DL_LAZY -# define LTDL_LAZY_OR_NOW DL_LAZY -# else -# ifdef RTLD_NOW -# define LTDL_LAZY_OR_NOW RTLD_NOW -# else -# ifdef DL_NOW -# define LTDL_LAZY_OR_NOW DL_NOW -# else -# define LTDL_LAZY_OR_NOW 0 -# endif -# endif -# endif -# endif -#endif - -void fnord() { int i=42; } -int main() { - void *self, *ptr1, *ptr2; self=dlopen(0,LTDL_GLOBAL|LTDL_LAZY_OR_NOW); - if(self) { ptr1=dlsym(self,"fnord"); ptr2=dlsym(self,"_fnord"); - if(ptr1 || ptr2) { dlclose(self); exit(0); } } exit(1); } - -EOF -if { (eval echo $progname:1967: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null -then - lt_cv_dlopen_self=yes -else - echo "$progname: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -fr conftest* - lt_cv_dlopen_self=no -fi -rm -fr conftest* -fi - -fi - -echo "$ac_t""$lt_cv_dlopen_self" 1>&6 - - if test "$lt_cv_dlopen_self" = yes; then - LDFLAGS="$LDFLAGS $link_static_flag" - echo $ac_n "checking whether a statically linked program can dlopen itself""... $ac_c" 1>&6 -echo "$progname:1986: checking whether a statically linked program can dlopen itself" >&5 -if test "X${lt_cv_dlopen_self_static+set}" = Xset; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - if test "$cross_compiling" = yes; then - lt_cv_dlopen_self_static=cross - else - cat > conftest.$ac_ext < -#endif - -#include - -#ifdef RTLD_GLOBAL -# define LTDL_GLOBAL RTLD_GLOBAL -#else -# ifdef DL_GLOBAL -# define LTDL_GLOBAL DL_GLOBAL -# else -# define LTDL_GLOBAL 0 -# endif -#endif - -/* We may have to define LTDL_LAZY_OR_NOW in the command line if we - find out it does not work in some platform. */ -#ifndef LTDL_LAZY_OR_NOW -# ifdef RTLD_LAZY -# define LTDL_LAZY_OR_NOW RTLD_LAZY -# else -# ifdef DL_LAZY -# define LTDL_LAZY_OR_NOW DL_LAZY -# else -# ifdef RTLD_NOW -# define LTDL_LAZY_OR_NOW RTLD_NOW -# else -# ifdef DL_NOW -# define LTDL_LAZY_OR_NOW DL_NOW -# else -# define LTDL_LAZY_OR_NOW 0 -# endif -# endif -# endif -# endif -#endif - -void fnord() { int i=42; } -int main() { - void *self, *ptr1, *ptr2; self=dlopen(0,LTDL_GLOBAL|LTDL_LAZY_OR_NOW); - if(self) { ptr1=dlsym(self,"fnord"); ptr2=dlsym(self,"_fnord"); - if(ptr1 || ptr2) { dlclose(self); exit(0); } } exit(1); } - -EOF -if { (eval echo $progname:2041: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null -then - lt_cv_dlopen_self_static=yes -else - echo "$progname: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -fr conftest* - lt_cv_dlopen_self_static=no -fi -rm -fr conftest* -fi - -fi - -echo "$ac_t""$lt_cv_dlopen_self_static" 1>&6 -fi - ;; - esac - - case $lt_cv_dlopen_self in - yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;; - *) enable_dlopen_self=unknown ;; - esac - - case $lt_cv_dlopen_self_static in - yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;; - *) enable_dlopen_self_static=unknown ;; - esac -fi - -# Copy echo and quote the copy, instead of the original, because it is -# used later. -ltecho="$echo" -if test "X$ltecho" = "X$CONFIG_SHELL $0 --fallback-echo"; then - ltecho="$CONFIG_SHELL \$0 --fallback-echo" -fi -LTSHELL="$SHELL" - -LTCONFIG_VERSION="$VERSION" - -# Only quote variables if we're using ltmain.sh. -case $ltmain in -*.sh) - # Now quote all the things that may contain metacharacters. - for var in ltecho old_AR old_AR_FLAGS old_CC old_LTCC old_CFLAGS old_CPPFLAGS \ - old_MAGIC_CMD old_LD old_LDFLAGS old_LIBS \ - old_LN_S old_NM old_RANLIB old_STRIP \ - old_AS old_DLLTOOL old_OBJDUMP \ - old_OBJEXT old_EXEEXT old_reload_flag \ - old_deplibs_check_method old_file_magic_cmd \ - AR AR_FLAGS CC LTCC LD LN_S NM LTSHELL LTCONFIG_VERSION \ - reload_flag reload_cmds wl \ - pic_flag link_static_flag no_builtin_flag export_dynamic_flag_spec \ - thread_safe_flag_spec whole_archive_flag_spec libname_spec \ - library_names_spec soname_spec \ - RANLIB old_archive_cmds old_archive_from_new_cmds old_postinstall_cmds \ - old_postuninstall_cmds archive_cmds archive_expsym_cmds postinstall_cmds \ - postuninstall_cmds extract_expsyms_cmds old_archive_from_expsyms_cmds \ - predep_objects postdep_objects predeps postdeps compiler_lib_search_path \ - old_striplib striplib file_magic_cmd export_symbols_cmds \ - deplibs_check_method allow_undefined_flag no_undefined_flag \ - finish_cmds finish_eval global_symbol_pipe global_symbol_to_cdecl \ - hardcode_libdir_flag_spec hardcode_libdir_separator \ - sys_lib_search_path_spec sys_lib_dlsearch_path_spec \ - compiler_c_o need_locks exclude_expsyms include_expsyms; do - - case $var in - reload_cmds | old_archive_cmds | old_archive_from_new_cmds | \ - old_postinstall_cmds | old_postuninstall_cmds | \ - export_symbols_cmds | archive_cmds | archive_expsym_cmds | \ - extract_expsyms_cmds | old_archive_from_expsyms_cmds | \ - postinstall_cmds | postuninstall_cmds | \ - finish_cmds | sys_lib_search_path_spec | sys_lib_dlsearch_path_spec) - # Double-quote double-evaled strings. - eval "$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\"" ### testsuite: skip nested quoting test - ;; - *) - eval "$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\"" ### testsuite: skip nested quoting test - ;; - esac - done - - case $ltecho in - *'\$0 --fallback-echo"') - ltecho=`$echo "X$ltecho" | $Xsed -e 's/\\\\\\\$0 --fallback-echo"$/$0 --fallback-echo"/'` - ;; - esac - - if test -z "$tagname"; then - trap "$rm \"$ofile\"; exit 1" 1 2 15 - echo "creating $ofile" - $rm "$ofile" - cat < "$ofile" -#! $SHELL - -# `$echo "$ofile" | sed 's%^.*/%%'` - Provide generalized library-building support services. -# Generated automatically by $PROGRAM (GNU $PACKAGE $VERSION$TIMESTAMP) -# NOTE: Changes made to this file will be lost: look at ltconfig or ltmain.sh. -# -# Copyright (C) 1996-2000 Free Software Foundation, Inc. -# Originally by Gordon Matzigkeit , 1996 -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -# -# As a special exception to the GNU General Public License, if you -# distribute this file as part of a program that contains a -# configuration script generated by Autoconf, you may include it under -# the same distribution terms that you use for the rest of that program. - -# Sed that helps us avoid accidentally triggering echo(1) options like -n. -Xsed="sed -e s/^X//" - -# The HP-UX ksh and POSIX shell print the target directory to stdout -# if CDPATH is set. -if test "X\${CDPATH+set}" = Xset; then CDPATH=:; export CDPATH; fi - -# The names of the tagged configurations supported by this script. -available_tags= - -### BEGIN LIBTOOL CONFIG -EOF - else - echo "appending configuration tag \"$tagname\" to $ofile" - echo "### BEGIN LIBTOOL TAG CONFIG: $tagname" >> "$ofile" - fi - cfgfile="$ofile" - ;; - -*) - # Double-quote the variables that need it (for aesthetics). - for var in old_AR old_AR_FLAGS old_CC old_LTCC old_CFLAGS old_CPPFLAGS \ - old_MAGIC_CMD old_LD old_LDFLAGS old_LIBS \ - old_LN_S old_NM old_RANLIB old_STRIP \ - old_AS old_DLLTOOL old_OBJDUMP \ - old_OBJEXT old_EXEEXT old_reload_flag \ - old_deplibs_check_method old_file_magic_cmd; do - eval "$var=\\\"\$var\\\"" - done - - # Just create a config file. - cfgfile="$ofile.cfg" - if test -z "$tagname"; then - trap "$rm \"$cfgfile\"; exit 1" 1 2 15 - echo "creating $cfgfile" - $rm "$cfgfile" - cat < "$cfgfile" -# `$echo "$cfgfile" | sed 's%^.*/%%'` - Libtool configuration file. -# Generated automatically by $PROGRAM (GNU $PACKAGE $VERSION$TIMESTAMP) - -### BEGIN LIBTOOL CONFIG -EOF - else - echo "appending to $cfgfile" - echo "### BEGIN LIBTOOL TAG CONFIG: $tagname" >> "$ofile" - fi - ;; -esac - -cat <> "$cfgfile" -# Libtool was configured as follows, on host `(hostname || uname -n) 2>/dev/null | sed 1q`: -# -# AR=$old_AR AR_FLAGS=$old_AR_FLAGS LTCC=$old_LTCC CC=$old_CC \\ -# CFLAGS=$old_CFLAGS CPPFLAGS=$old_CPPFLAGS \\ -# MAGIC_CMD=$old_MAGIC_CMD LD=$old_LD LDFLAGS=$old_LDFLAGS LIBS=$old_LIBS \\ -# LN_S=$old_LN_S NM=$old_NM RANLIB=$old_RANLIB STRIP=$old_STRIP \\ -# AS=$old_AS DLLTOOL=$old_DLLTOOL OBJDUMP=$old_OBJDUMP \\ -# objext=$old_OBJEXT exeext=$old_EXEEXT reload_flag=$old_reload_flag \\ -# deplibs_check_method=$old_deplibs_check_method \\ -# file_magic_cmd=$old_file_magic_cmd \\ -# $0$ltconfig_args -# -# Compiler and other test output produced by $progname, useful for -# debugging $progname, is in ./config.log if it exists. - -# The version of $progname that generated this script. -LTCONFIG_VERSION=$LTCONFIG_VERSION - -# Shell to use when invoking shell scripts. -SHELL=$LTSHELL - -# Whether or not to build shared libraries. -build_libtool_libs=$enable_shared - -# Whether or not to add -lc for building shared libraries. -build_libtool_need_lc=$need_lc - -# Whether or not to build static libraries. -build_old_libs=$enable_static - -# Whether or not to optimize for fast installation. -fast_install=$enable_fast_install - -# The host system. -host_alias=$host_alias -host=$host - -# An echo program that does not interpret backslashes. -echo=$ltecho - -# The archiver. -AR=$AR -AR_FLAGS=$AR_FLAGS - -# A C compiler. -LTCC=$LTCC - -# A language-specific compiler. -CC=$CC - -# Is the compiler the GNU C compiler? -with_gcc=$with_gcc - -# The linker used to build libraries. -LD=$LD - -# Whether we need hard or soft links. -LN_S=$LN_S - -# A BSD-compatible nm program. -NM=$NM - -# A symbol stripping program -STRIP=$STRIP - -# Used to examine libraries when file_magic_cmd begins "file" -MAGIC_CMD=$MAGIC_CMD - -# Used on cygwin: DLL creation program. -DLLTOOL="$DLLTOOL" - -# Used on cygwin: object dumper. -OBJDUMP="$OBJDUMP" - -# Used on cygwin: assembler. -AS="$AS" - -# The name of the directory that contains temporary libtool files. -objdir=$objdir - -# How to create reloadable object files. -reload_flag=$reload_flag -reload_cmds=$reload_cmds - -# How to pass a linker flag through the compiler. -wl=$wl - -# Object file suffix (normally "o"). -objext="$objext" - -# Old archive suffix (normally "a"). -libext="$libext" - -# Executable file suffix (normally ""). -exeext="$exeext" - -# Additional compiler flags for building library objects. -pic_flag=$pic_flag -pic_mode=$pic_mode - -# What is the maximum length of a command? -max_cmd_len=$max_cmd_len - -# Does compiler simultaneously support -c and -o options? -compiler_c_o=$compiler_c_o - -# Must we lock files when doing compilation ? -need_locks=$need_locks - -# Do we need the lib prefix for modules? -need_lib_prefix=$need_lib_prefix - -# Do we need a version for libraries? -need_version=$need_version - -# Whether dlopen is supported. -dlopen_support=$enable_dlopen - -# Whether dlopen of programs is supported. -dlopen_self=$enable_dlopen_self - -# Whether dlopen of statically linked programs is supported. -dlopen_self_static=$enable_dlopen_self_static - -# Compiler flag to prevent dynamic linking. -link_static_flag=$link_static_flag - -# Compiler flag to turn off builtin functions. -no_builtin_flag=$no_builtin_flag - -# Compiler flag to allow reflexive dlopens. -export_dynamic_flag_spec=$export_dynamic_flag_spec - -# Compiler flag to generate shared objects directly from archives. -whole_archive_flag_spec=$whole_archive_flag_spec - -# Compiler flag to generate thread-safe objects. -thread_safe_flag_spec=$thread_safe_flag_spec - -# Library versioning type. -version_type=$version_type - -# Format of library name prefix. -libname_spec=$libname_spec - -# List of archive names. First name is the real one, the rest are links. -# The last name is the one that the linker finds with -lNAME. -library_names_spec=$library_names_spec - -# The coded name of the library, if different from the real name. -soname_spec=$soname_spec - -# Commands used to build and install an old-style archive. -RANLIB=$RANLIB -old_archive_cmds=$old_archive_cmds -old_postinstall_cmds=$old_postinstall_cmds -old_postuninstall_cmds=$old_postuninstall_cmds - -# Create an old-style archive from a shared archive. -old_archive_from_new_cmds=$old_archive_from_new_cmds - -# Create a temporary old-style archive to link instead of a shared archive. -old_archive_from_expsyms_cmds=$old_archive_from_expsyms_cmds - -# Commands used to build and install a shared archive. -archive_cmds=$archive_cmds -archive_expsym_cmds=$archive_expsym_cmds -postinstall_cmds=$postinstall_cmds -postuninstall_cmds=$postuninstall_cmds - -# Commands to strip libraries. -old_striplib=$old_striplib -striplib=$striplib - -# Dependencies to place before the objects being linked to create a -# shared library. -predep_objects=$predep_objects - -# Dependencies to place after the objects being linked to create a -# shared library. -postdep_objects=$postdep_objects - -# Dependencies to place before the objects being linked to create a -# shared library. -predeps=$predeps - -# Dependencies to place after the objects being linked to create a -# shared library. -postdeps=$postdeps - -# The library search path used internally by the compiler when linking -# a shared library. -compiler_lib_search_path=$compiler_lib_search_path - -# Method to check whether dependent libraries are shared objects. -deplibs_check_method=$deplibs_check_method - -# Command to use when deplibs_check_method == file_magic. -file_magic_cmd=$file_magic_cmd - -# Flag that allows shared libraries with undefined symbols to be built. -allow_undefined_flag=$allow_undefined_flag - -# Flag that forces no undefined symbols. -no_undefined_flag=$no_undefined_flag - -# Commands used to finish a libtool library installation in a directory. -finish_cmds=$finish_cmds - -# Same as above, but a single script fragment to be evaled but not shown. -finish_eval=$finish_eval - -# Take the output of nm and produce a listing of raw symbols and C names. -global_symbol_pipe=$global_symbol_pipe - -# Transform the output of nm in a proper C declaration -global_symbol_to_cdecl=$global_symbol_to_cdecl - -# This is the shared library runtime path variable. -runpath_var=$runpath_var - -# This is the shared library path variable. -shlibpath_var=$shlibpath_var - -# Is shlibpath searched before the hard-coded library search path? -shlibpath_overrides_runpath=$shlibpath_overrides_runpath - -# How to hardcode a shared library path into an executable. -hardcode_action=$hardcode_action - -# Whether we should hardcode library paths into libraries. -hardcode_into_libs=$hardcode_into_libs - -# Flag to hardcode \$libdir into a binary during linking. -# This must work even if \$libdir does not exist. -hardcode_libdir_flag_spec=$hardcode_libdir_flag_spec - -# Whether we need a single -rpath flag with a separated argument. -hardcode_libdir_separator=$hardcode_libdir_separator - -# Set to yes if using DIR/libNAME.so during linking hardcodes DIR into the -# resulting binary. -hardcode_direct=$hardcode_direct - -# Set to yes if using the -LDIR flag during linking hardcodes DIR into the -# resulting binary. -hardcode_minus_L=$hardcode_minus_L - -# Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into -# the resulting binary. -hardcode_shlibpath_var=$hardcode_shlibpath_var - -# Variables whose values should be saved in libtool wrapper scripts and -# restored at relink time. -variables_saved_for_relink="$variables_saved_for_relink" - -# Whether libtool must link a program against all its dependency libraries. -link_all_deplibs=$link_all_deplibs - -# Compile-time system search path for libraries -sys_lib_search_path_spec=$sys_lib_search_path_spec - -# Run-time system search path for libraries -sys_lib_dlsearch_path_spec=$sys_lib_dlsearch_path_spec - -# Fix the shell variable \$srcfile for the compiler. -fix_srcfile_path="$fix_srcfile_path" - -# Set to yes if exported symbols are required. -always_export_symbols=$always_export_symbols - -# The commands to list exported symbols. -export_symbols_cmds=$export_symbols_cmds - -# The commands to extract the exported symbol list from a shared archive. -extract_expsyms_cmds=$extract_expsyms_cmds - -# Symbols that should not be listed in the preloaded symbols. -exclude_expsyms=$exclude_expsyms - -# Symbols that must always be exported. -include_expsyms=$include_expsyms - -EOF - -if test -z "$tagname"; then - echo '### END LIBTOOL CONFIG' >> "$ofile" -else - echo "### END LIBTOOL TAG CONFIG: $tagname" >> "$ofile" -fi - -case $ltmain in -*.sh) - echo >> "$ofile" - if test -z "$tagname"; then - case $host_os in - aix3*) - cat <<\EOF >> "$ofile" - -# AIX sometimes has problems with the GCC collect2 program. For some -# reason, if we set the COLLECT_NAMES environment variable, the problems -# vanish in a puff of smoke. -if test "X${COLLECT_NAMES+set}" != Xset; then - COLLECT_NAMES= - export COLLECT_NAMES -fi -EOF - ;; - esac - case $host in - *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2*) - cat <<'EOF' >> "$ofile" - # This is a source program that is used to create dlls on Windows - # Don't remove nor modify the starting and closing comments -# /* ltdll.c starts here */ -# #define WIN32_LEAN_AND_MEAN -# #include -# #undef WIN32_LEAN_AND_MEAN -# #include -# -# #ifndef __CYGWIN__ -# # ifdef __CYGWIN32__ -# # define __CYGWIN__ __CYGWIN32__ -# # endif -# #endif -# -# #ifdef __cplusplus -# extern "C" { -# #endif -# BOOL APIENTRY DllMain (HINSTANCE hInst, DWORD reason, LPVOID reserved); -# #ifdef __cplusplus -# } -# #endif -# -# #ifdef __CYGWIN__ -# #include -# DECLARE_CYGWIN_DLL( DllMain ); -# #endif -# HINSTANCE __hDllInstance_base; -# -# BOOL APIENTRY -# DllMain (HINSTANCE hInst, DWORD reason, LPVOID reserved) -# { -# __hDllInstance_base = hInst; -# return TRUE; -# } -# /* ltdll.c ends here */ - # This is a source program that is used to create import libraries - # on Windows for dlls which lack them. Don't remove nor modify the - # starting and closing comments -# /* impgen.c starts here */ -# /* Copyright (C) 1999-2000 Free Software Foundation, Inc. -# -# This file is part of GNU libtool. -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -# */ -# -# #include /* for printf() */ -# #include /* for open(), lseek(), read() */ -# #include /* for O_RDONLY, O_BINARY */ -# #include /* for strdup() */ -# -# /* O_BINARY isn't required (or even defined sometimes) under Unix */ -# #ifndef O_BINARY -# #define O_BINARY 0 -# #endif -# -# static unsigned int -# pe_get16 (fd, offset) -# int fd; -# int offset; -# { -# unsigned char b[2]; -# lseek (fd, offset, SEEK_SET); -# read (fd, b, 2); -# return b[0] + (b[1]<<8); -# } -# -# static unsigned int -# pe_get32 (fd, offset) -# int fd; -# int offset; -# { -# unsigned char b[4]; -# lseek (fd, offset, SEEK_SET); -# read (fd, b, 4); -# return b[0] + (b[1]<<8) + (b[2]<<16) + (b[3]<<24); -# } -# -# static unsigned int -# pe_as32 (ptr) -# void *ptr; -# { -# unsigned char *b = ptr; -# return b[0] + (b[1]<<8) + (b[2]<<16) + (b[3]<<24); -# } -# -# int -# main (argc, argv) -# int argc; -# char *argv[]; -# { -# int dll; -# unsigned long pe_header_offset, opthdr_ofs, num_entries, i; -# unsigned long export_rva, export_size, nsections, secptr, expptr; -# unsigned long name_rvas, nexp; -# unsigned char *expdata, *erva; -# char *filename, *dll_name; -# -# filename = argv[1]; -# -# dll = open(filename, O_RDONLY|O_BINARY); -# if (dll < 1) -# return 1; -# -# dll_name = filename; -# -# for (i=0; filename[i]; i++) -# if (filename[i] == '/' || filename[i] == '\\' || filename[i] == ':') -# dll_name = filename + i +1; -# -# pe_header_offset = pe_get32 (dll, 0x3c); -# opthdr_ofs = pe_header_offset + 4 + 20; -# num_entries = pe_get32 (dll, opthdr_ofs + 92); -# -# if (num_entries < 1) /* no exports */ -# return 1; -# -# export_rva = pe_get32 (dll, opthdr_ofs + 96); -# export_size = pe_get32 (dll, opthdr_ofs + 100); -# nsections = pe_get16 (dll, pe_header_offset + 4 +2); -# secptr = (pe_header_offset + 4 + 20 + -# pe_get16 (dll, pe_header_offset + 4 + 16)); -# -# expptr = 0; -# for (i = 0; i < nsections; i++) -# { -# char sname[8]; -# unsigned long secptr1 = secptr + 40 * i; -# unsigned long vaddr = pe_get32 (dll, secptr1 + 12); -# unsigned long vsize = pe_get32 (dll, secptr1 + 16); -# unsigned long fptr = pe_get32 (dll, secptr1 + 20); -# lseek(dll, secptr1, SEEK_SET); -# read(dll, sname, 8); -# if (vaddr <= export_rva && vaddr+vsize > export_rva) -# { -# expptr = fptr + (export_rva - vaddr); -# if (export_rva + export_size > vaddr + vsize) -# export_size = vsize - (export_rva - vaddr); -# break; -# } -# } -# -# expdata = (unsigned char*)malloc(export_size); -# lseek (dll, expptr, SEEK_SET); -# read (dll, expdata, export_size); -# erva = expdata - export_rva; -# -# nexp = pe_as32 (expdata+24); -# name_rvas = pe_as32 (expdata+32); -# -# printf ("EXPORTS\n"); -# for (i = 0; i> "$ofile" || (rm -f "$ofile"; exit 1) - # We use sed instead of cat because bash on DJGPP gets confused if - # if finds mixed CR/LF and LF-only lines. Since sed operates in - # text mode, it properly converts lines to CR/LF. This bash problem - # is reportedly fixed, but why not run on old versions too? - - chmod +x "$ofile" - fi - ;; - -*) - # Compile the libtool program. - echo "FIXME: would compile $ltmain" - ;; -esac - -# Update the list of available tags. -if test -n "$tagname"; then - - # Extract list of available tagged configurations in $ofile. - # Note that this assumes the entire list is on one line. - available_tags=`grep "^available_tags=" $ofile | sed -e 's/available_tags=\(.*$\)/\1/' -e 's/\"//g'` - - # Append the new tag name to the list of available tags. - available_tags="$available_tags $tagname" - - # Now substitute the updated of available tags. - if eval "sed -e 's/^available_tags=.*\$/available_tags=\"$available_tags\"/' ${ofile} > ${ofile}.new"; then - mv ${ofile}.new ${ofile} - chmod +x "$ofile" - else - rm -f ${ofile}.new - echo "$progname: unable to update list of available tagged configurations." - exit 1 - fi -fi - -# Don't cache tagged configuration! -test -n "$cache_file" && test -z "$tagname" || exit 0 - -# AC_CACHE_SAVE -trap '' 1 2 15 -cat > confcache <<\EOF -# This file is a shell script that caches the results of configure -# tests run on this system so they can be shared between configure -# scripts and configure runs. It is not useful on other systems. -# If it contains results you don't want to keep, you may remove or edit it. -# -# By default, configure uses ./config.cache as the cache file, -# creating it if it does not exist already. You can give configure -# the --cache-file=FILE option to use a different cache file; that is -# what configure does when it calls configure scripts in -# subdirectories, so they share the cache. -# Giving --cache-file=/dev/null disables caching, for debugging configure. -# config.status only pays attention to the cache file if you give it the -# --recheck option to rerun configure. -# -EOF -# The following way of writing the cache mishandles newlines in values, -# but we know of no workaround that is simple, portable, and efficient. -# So, don't put newlines in cache variables' values. -# Ultrix sh set writes to stderr and can't be redirected directly, -# and sets the high bit in the cache file unless we assign to the vars. -(set) 2>&1 | - case `(ac_space=' '; set | grep ac_space) 2>&1` in - *ac_space=\ *) - # `set' does not quote correctly, so add quotes (double-quote substitution - # turns \\\\ into \\, and sed turns \\ into \). - sed -n \ - -e "s/'/'\\\\''/g" \ - -e "s/^\\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\\)=\\(.*\\)/\\1=\${\\1='\\2'}/p" - ;; - *) - # `set' quotes correctly as required by POSIX, so do not add quotes. - sed -n -e 's/^\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\)=\(.*\)/\1=${\1=\2}/p' - ;; - esac >> confcache -if cmp -s $cache_file confcache; then - : -else - if test -w $cache_file; then - echo "updating cache $cache_file" - cat confcache > $cache_file - else - echo "not updating unwritable cache $cache_file" - fi -fi -rm -f confcache - -exit 0 - -# Local Variables: -# mode:shell-script -# sh-indentation:2 -# End: diff --git a/crypto/heimdal/mkinstalldirs b/crypto/heimdal/mkinstalldirs deleted file mode 100755 index 6fbe5e1..0000000 --- a/crypto/heimdal/mkinstalldirs +++ /dev/null @@ -1,150 +0,0 @@ -#! /bin/sh -# mkinstalldirs --- make directory hierarchy - -scriptversion=2004-02-15.20 - -# Original author: Noah Friedman -# Created: 1993-05-16 -# Public domain. -# -# This file is maintained in Automake, please report -# bugs to or send patches to -# . - -errstatus=0 -dirmode="" - -usage="\ -Usage: mkinstalldirs [-h] [--help] [--version] [-m MODE] DIR ... - -Create each directory DIR (with mode MODE, if specified), including all -leading file name components. - -Report bugs to ." - -# process command line arguments -while test $# -gt 0 ; do - case $1 in - -h | --help | --h*) # -h for help - echo "$usage" - exit 0 - ;; - -m) # -m PERM arg - shift - test $# -eq 0 && { echo "$usage" 1>&2; exit 1; } - dirmode=$1 - shift - ;; - --version) - echo "$0 $scriptversion" - exit 0 - ;; - --) # stop option processing - shift - break - ;; - -*) # unknown option - echo "$usage" 1>&2 - exit 1 - ;; - *) # first non-opt arg - break - ;; - esac -done - -for file -do - if test -d "$file"; then - shift - else - break - fi -done - -case $# in - 0) exit 0 ;; -esac - -# Solaris 8's mkdir -p isn't thread-safe. If you mkdir -p a/b and -# mkdir -p a/c at the same time, both will detect that a is missing, -# one will create a, then the other will try to create a and die with -# a "File exists" error. This is a problem when calling mkinstalldirs -# from a parallel make. We use --version in the probe to restrict -# ourselves to GNU mkdir, which is thread-safe. -case $dirmode in - '') - if mkdir -p --version . >/dev/null 2>&1 && test ! -d ./--version; then - echo "mkdir -p -- $*" - exec mkdir -p -- "$@" - else - # On NextStep and OpenStep, the `mkdir' command does not - # recognize any option. It will interpret all options as - # directories to create, and then abort because `.' already - # exists. - test -d ./-p && rmdir ./-p - test -d ./--version && rmdir ./--version - fi - ;; - *) - if mkdir -m "$dirmode" -p --version . >/dev/null 2>&1 && - test ! -d ./--version; then - echo "mkdir -m $dirmode -p -- $*" - exec mkdir -m "$dirmode" -p -- "$@" - else - # Clean up after NextStep and OpenStep mkdir. - for d in ./-m ./-p ./--version "./$dirmode"; - do - test -d $d && rmdir $d - done - fi - ;; -esac - -for file -do - set fnord `echo ":$file" | sed -ne 's/^:\//#/;s/^://;s/\// /g;s/^#/\//;p'` - shift - - pathcomp= - for d - do - pathcomp="$pathcomp$d" - case $pathcomp in - -*) pathcomp=./$pathcomp ;; - esac - - if test ! -d "$pathcomp"; then - echo "mkdir $pathcomp" - - mkdir "$pathcomp" || lasterr=$? - - if test ! -d "$pathcomp"; then - errstatus=$lasterr - else - if test ! -z "$dirmode"; then - echo "chmod $dirmode $pathcomp" - lasterr="" - chmod "$dirmode" "$pathcomp" || lasterr=$? - - if test ! -z "$lasterr"; then - errstatus=$lasterr - fi - fi - fi - fi - - pathcomp="$pathcomp/" - done -done - -exit $errstatus - -# Local Variables: -# mode: shell-script -# sh-indentation: 2 -# eval: (add-hook 'write-file-hooks 'time-stamp) -# time-stamp-start: "scriptversion=" -# time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-end: "$" -# End: diff --git a/crypto/heimdal/tools/build.sh b/crypto/heimdal/tools/build.sh deleted file mode 100755 index fad8608..0000000 --- a/crypto/heimdal/tools/build.sh +++ /dev/null @@ -1,212 +0,0 @@ -#!/bin/sh -# -# Build many combinations of kth-krb/heimdal/openssl -# -# $Id: build.sh,v 1.8 2003/04/17 12:55:02 lha Exp $ - -opt_n= #: -make_f= #-j - -heimdal_versions="0.5.2 0.6pre4" -krb4_versions="1.2.2" -openssl_versions="0.9.6i 0.9.7a 0.9.7b" - -make_check_version=".*heimdal-0.6.*" - -# 0.5 dont eat 0.9.7 -dont_build="openssl-0.9.7.*heimdal-0.5.*" -# 1.2 dont eat 0.9.7 -dont_build="openssl-0.9.7.*krb4-1.2.* ${dont_build}" -#yacc problems -dont_build="openssl-0.9.6.*heimdal-0.5.*osf4.* ${dont_build}" -#local openssl 09.7 and broken kuser/Makefile.am -dont_build="openssl-0.9.6.*heimdal-0.5.*freebsd4.8.* ${dont_build}" -failed= - -# Allow override -for a in $HOME . /etc ; do - [ -f $a/.heimdal-build ] && . $a/.heimdal-build -done - -targetdir=${targetdir:-/scratch/heimdal-test} -logfile="${targetdir}/buildlog" - -distdirs="${distdirs} /afs/su.se/home/l/h/lha/Public/openssl" -distdirs="${distdirs} /afs/pdc.kth.se/public/ftp/pub/heimdal/src" -distdirs="${distdirs} /afs/pdc.kth.se/public/ftp/pub/heimdal/src/snapshots" -distdirs="${distdirs} /afs/pdc.kth.se/public/ftp/pub/krb/src" - - -logprint () { - d=`date '+%Y-%m-%d %H:%M:%S'` - echo "${d}: $*" - echo "${d}: --- $*" >> ${logfile} -} - -logerror () { - echo "$*" - exit 1 -} - -find_unzip_prog () { - unzip_prog= - oldIFS="$IFS" - IFS=: - set -- $PATH - IFS="$oldIFS" - for a in $* ; do - if [ -x $a/gzip ] ; then - unzip_prog="$a/gzip -dc" - break - elif [ -x $a/gunzip ] ; then - unzip_prog="$a/gunzip -c" - break - fi - done - [ "$unzip_prog" = "" ] && logerror failed to find unzip program -} - -find_canon_name () { - canon_name= - for a in ${distdirs} ; do - if [ -f $a/config.guess ] ; then - canon_name=`$a/config.guess` - fi - if [ "${canon_name}" != "" ] ; then - break - fi - done - [ "${canon_name}" = "" ] && logerror "cant find config.guess" -} - -do_check_p () { - eval check_var=\$"$1" - for a in ${check_var} ; do - expr "$2${canon_name}" : "${a}" > /dev/null 2>&1 && return 1 - done - return 0 -} - -unpack_tar () { - for a in ${distdirs} ; do - if [ -f $a/$1 ] ; then - ${opt_n} ${unzip_prog} ${a}/$1 | ${opt_n} tar xf - - return 0 - fi - done - logerror "did not find $1" -} - -build () { - real_ver=$1 - prog=$2 - ver=$3 - confprog=$4 - checks=$5 - pv=${prog}-${ver} - mkdir tmp || logerror "failed to build tmpdir" - cd tmp || logerror "failed to change dir to tmpdir" - do_check_p dont_build ${real_ver} || \ - { cd .. ; rmdir tmp ; logprint "not building $1" && return 0 ; } - cd .. || logerror "failed to change back from tmpdir" - rmdir tmp || logerror "failed to remove tmpdir" - logprint "preparing for ${pv}" - ${opt_n} rm -rf ${targetdir}/${prog}-${ver} - ${opt_n} rm -rf ${prog}-${ver} - unpack_tar ${pv}.tar.gz - ${opt_n} cd ${pv} || logerror directory ${pv} not there - logprint "configure ${prog} ${ver} (${confprog})" - ${opt_n} ./${confprog} \ - --prefix=${targetdir}/${pv} >> ${logfile} 2>&1 || \ - { logprint failed to configure ${pv} ; return 1 ; } - logprint "make ${prog} ${ver}" - ${opt_n} make ${make_f} >> ${logfile} 2>&1 || \ - { logprint failed to make ${pv} ; return 1 ; } - ${opt_n} make install >> ${logfile} 2>&1 || \ - { logprint failed to install ${pv} ; return 1 ; } - do_check_p make_check_version ${real_ver} || \ - { ${opt_n} make check >> ${logfile} 2>&1 || return 1 ; } - ${opt_n} cd .. - [ "${checks}" != "" ] && ${opt_n} ${checks} >> ${logfile} 2>&1 - return 0 -} - -find_canon_name - -logprint using host `hostname` -logprint `uname -a` -logprint canonical name ${canon_name} - -logprint clearing logfile -> ${logfile} - -find_unzip_prog - -logprint using target dir ${targetdir} -mkdir -p ${targetdir}/src -cd ${targetdir}/src || exit 1 -rm -rf heimdal* openssl* krb4* - -logprint === building openssl versions -for vo in ${openssl_versions} ; do - build openssl-${vo} openssl $vo config -done - -wssl="--with-openssl=${targetdir}/openssl" -wssli="--with-openssl-include=${targetdir}/openssl" #this is a hack for broken heimdal 0.5.x autoconf test -wossl="--without-openssl" -wk4c="--with-krb4-config=${targetdir}/krb4" -bk4c="/bin/krb4-config" -wok4="--without-krb4" - -logprint === building heimdal w/o krb4 versions -for vo in ${openssl_versions} ; do - for vh in ${heimdal_versions} ; do - v="openssl-${vo}-heimdal-${vh}" - build "${v}" \ - heimdal ${vh} \ - "configure ${wok4} ${wssl}-${vo} ${wssli}-${vo}/include" \ - "${targetdir}/heimdal-${vh}/bin/krb5-config --libs | grep lcrypto" \ || \ - { failed="${failed} ${v}" ; logprint ${v} failed ; } - done -done - -logprint === building krb4 -for vo in ${openssl_versions} ; do - for vk in ${krb4_versions} ; do - v="openssl-${vo}-krb4-${vk}" - build "${v}" \ - krb4 ${vk} \ - "configure ${wssl}-${vo}" \ - "${targetdir}/krb4-${vk}/bin/krb4-config --libs | grep lcrypto"|| \ - { failed="${failed} ${v}" ; logprint ${v} failed ; } - done -done - -logprint === building heimdal with krb4 versions -for vo in ${openssl_versions} ; do - for vk in ${krb4_versions} ; do - for vh in ${heimdal_versions} ; do - v="openssl-${vo}-krb4-${vk}-heimdal-${vh}" - build "${v}" \ - heimdal ${vh} \ - "configure ${wk4c}-${vk}${bk4c} ${wssl}-${vo} ${wssli}-${vo}/include" \ - "${targetdir}/heimdal-${vh}/bin/krb5-config --libs | grep lcrypto && ${targetdir}/heimdal-${vh}/bin/krb5-config --libs | grep krb4" \ - || \ - { failed="${failed} ${v}" ; logprint ${v} failed ; } - done - done -done - -logprint === building heimdal without krb4 and openssl versions -for vh in ${heimdal_versions} ; do - v="des-heimdal-${vh}" - build "${v}" \ - heimdal ${vh} \ - "configure ${wok4} ${wossl}" || \ - { failed="${failed} ${v}" ; logprint ${v} failed ; } -done - -logprint all done -[ "${failed}" != "" ] && logprint "failed: ${failed}" -exit 0 -- cgit v1.1