Import of Heimdal Kerberos from KTH repository circa 2002/09/16.

This commit is contained in:
Jacques Vidrine 2002-09-16 21:04:40 +00:00
parent 8373020d34
commit 0cadf2f4d7
Notes: svn2git 2020-12-20 02:59:44 +00:00
svn path=/vendor-crypto/heimdal/dist/; revision=103423
112 changed files with 7127 additions and 4040 deletions

View File

@ -1,3 +1,171 @@
2002-09-16 Jacques Vidrine <nectar@kth.se>
* lib/krb5/kuserok.c, lib/krb5/prompter_posix.c: use strcspn
to convert the newline to NUL in fgets results.
2002-09-13 Johan Danielsson <joda@pdc.kth.se>
* kuser/kinit.1: remove unneeded Ns
* lib/krb5/krb5_appdefault.3: remove extra "application"
* fix-export: remove autom4ate.cache
2002-09-10 Johan Danielsson <joda@pdc.kth.se>
* include/make_crypto.c: don't use function macros if possible
* lib/krb5/krb5_locl.h: get limits.h for UINT_MAX
* include/Makefile.am: use make_crypto to create crypto-headers.h
* include/make_crypto.c: crypto header generation tool
* configure.in: move crypto test to just after testing for krb4,
and move roken tests to after both, this speeds up various failure
cases with krb4
* lib/krb5/config_file.c: don't use NULL when we mean 0
* configure.in: we don't set package_libdir anymore, so no point
in testing for it
* tools/Makefile.am: subst INCLUDE_des
* tools/krb5-config.in: add INCLUDE_des to cflags
* configure.in: use AC_CONFIG_SRCDIR
* fix-export: remove some unneeded stuff
* kuser/kinit.c (do_524init): free principals
2002-09-09 Jacques Vidrine <nectar@kth.se>
* kdc/kerberos5.c (get_pa_etype_info, fix_transited_encoding),
kdc/kaserver.c (krb5_ret_xdr_data),
lib/krb5/transited.c (krb5_domain_x500_decode): Validate some
counts: Check that they are non-negative, and that they are small
enough to avoid integer overflow when used in memory allocation
calculations. Potential problem areas pointed out by
Sebastian Krahmer <krahmer@suse.de>.
* lib/krb5/keytab_keyfile.c (akf_add_entry): Use O_EXCL when
creating a new keyfile.
2002-09-09 Johan Danielsson <joda@pdc.kth.se>
* configure.in: don't try to build pam module
2002-09-05 Johan Danielsson <joda@pdc.kth.se>
* appl/kf/kf.c: fix warning string
* lib/krb5/log.c (krb5_vlog_msg): delay message formating till we
know we need it
2002-09-04 Assar Westerlund <assar@kth.se>
* kdc/kerberos5.c (encode_reply): correct error logging
2002-09-04 Johan Danielsson <joda@pdc.kth.se>
* lib/krb5/sendauth.c: close ccache if we opened it
* appl/kf/kf.c: handle new protocol
* appl/kf/kfd.c: use krb5_err instead of sysloging directly,
handle the new protocol, and bail out if an old client tries to
connect
* appl/kf/kf_locl.h: we need a protocol version string
* lib/hdb/hdb-ldap.c: use ASN1_MALLOC_ENCODE
* kdc/kerberos5.c: use ASN1_MALLOC_ENCODE
* kdc/hprop.c: set AP_OPTS_USE_SUBKEY
* lib/hdb/common.c: use ASN1_MALLOC_ENCODE
* lib/asn1/gen.c: add convenience macro that allocates a buffer
and encoded into that
* lib/krb5/get_cred.c (init_tgs_req): use
in_creds->session.keytype literally instead of trying to convert
to a list of enctypes (it should already be an enctype)
* lib/krb5/get_cred.c (init_tgs_req): init ret
2002-09-03 Johan Danielsson <joda@pdc.kth.se>
* lib/asn1/k5.asn1: remove ETYPE_DES3_CBC_NONE_IVEC
* lib/krb5/krb5.h: remove ENCTYPE_DES3_CBC_NONE_IVEC
* lib/krb5/crypto.c: get rid of DES3_CBC_encrypt_ivec, just use
zero ivec in DES3_CBC_encrypt if passed ivec is NULL
* lib/krb5/Makefile.am: back out 1.144, since it will re-create
krb5-protos.h at build-time, which requires perl, which is bad
* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): don't
blindly use the local subkey
* lib/krb5/crypto.c: add function krb5_crypto_getblocksize that
extracts the required blocksize from a crypto context
* lib/krb5/build_auth.c: just get the length of the encoded
authenticator instead of trying to grow a buffer
2002-09-03 Assar Westerlund <assar@kth.se>
* configure.in: add --disable-mmap option, and tests for
sys/mman.h and mmap
2002-09-03 Jacques Vidrine <nectar@kth.se>
* lib/krb5/changepw.c: verify lengths in response
* lib/asn1/der_get.c (decode_integer, decode_unsigned): check for
truncated integers
2002-09-02 Johan Danielsson <joda@pdc.kth.se>
* lib/krb5/mk_req_ext.c: generate a local subkey if
AP_OPTS_USE_SUBKEY is set
* lib/krb5/build_auth.c: we don't have enough information about
whether to generate a local subkey here, so don't try to
* lib/krb5/auth_context.c: new function
krb5_auth_con_generatelocalsubkey
* lib/krb5/get_in_tkt.c: only set kdc_sec_offset if looking at an
initial ticket
* lib/krb5/context.c (init_context_from_config_file): simplify
initialisation of srv_lookup
* lib/krb5/changepw.c (send_request): set AP_OPTS_USE_SUBKEY
* lib/krb5/krb5.h: add AP_OPTS_USE_SUBKEY
2002-08-30 Assar Westerlund <assar@kth.se>
* lib/krb5/name-45-test.c: also test krb5_524_conv_principal
* lib/krb5/Makefile.am (TESTS): add name-45-test
* lib/krb5/name-45-test.c: add testcases for
krb5_425_conv_principal
2002-08-29 Assar Westerlund <assar@kth.se>
* lib/krb5/parse-name-test.c: also test unparse_short functions
* lib/asn1/asn1_print.c: use com_err/error_message API
* lib/krb5/Makefile.am: add parse-name-test
* lib/krb5/parse-name-test.c: add a program for testing parsing
and unparsing principal names
2002-08-28 Assar Westerlund <assar@kth.se>
* kdc/config.c: add missing ifdef DAEMON

File diff suppressed because it is too large Load Diff

View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,7 +33,7 @@
#include "ktutil_locl.h"
RCSID("$Id: add.c,v 1.3 2001/07/23 09:46:40 joda Exp $");
RCSID("$Id: add.c,v 1.5 2002/09/10 19:26:52 joda Exp $");
int
kt_add(int argc, char **argv)

View File

@ -32,7 +32,7 @@
*/
/*
* $Id: ktutil_locl.h,v 1.17 2001/08/22 20:30:18 assar Exp $
* $Id: ktutil_locl.h,v 1.18 2002/09/10 20:03:45 joda Exp $
*/
#ifndef __KTUTIL_LOCL_H__
@ -54,12 +54,7 @@
#include <parse_time.h>
#include <roken.h>
#ifdef HAVE_OPENSSL
#include <openssl/des.h>
#else
#include <des.h>
#endif
#include "crypto-headers.h"
#include <krb5.h>
#include <kadm5/admin.h>
#include <kadm5/kadm5_err.h>

View File

@ -1,3 +1,11 @@
2002-09-05 Johan Danielsson <joda@pdc.kth.se>
* ftp/security.c (sec_vfprintf): free encoded data
* ftp/gssapi.c (gss_decode): release buffer
* ftp/ftp.c (active_mode): no need to allocate buffer for EPRT
2002-08-28 Johan Danielsson <joda@pdc.kth.se>
* ftp/ftp.c (command): clean up va_{start,end}ing (from NetBSD)

View File

@ -32,7 +32,7 @@
*/
#include "ftp_locl.h"
RCSID ("$Id: ftp.c,v 1.73 2002/08/28 16:10:39 joda Exp $");
RCSID ("$Id: ftp.c,v 1.74 2002/09/04 22:00:12 joda Exp $");
struct sockaddr_storage hisctladdr_ss;
struct sockaddr *hisctladdr = (struct sockaddr *)&hisctladdr_ss;
@ -1284,7 +1284,6 @@ noport:
if (listen (data, 1) < 0)
warn ("listen");
if (sendport) {
char *cmd;
char addr_str[256];
int inet_af;
int overbose;
@ -1305,15 +1304,14 @@ noport:
errx (1, "bad address family %d", data_addr->sa_family);
}
asprintf (&cmd, "EPRT |%d|%s|%d|",
inet_af, addr_str, ntohs(socket_get_port (data_addr)));
overbose = verbose;
if (debug == 0)
verbose = -1;
result = command (cmd);
result = command ("EPRT |%d|%s|%d|",
inet_af, addr_str,
ntohs(socket_get_port (data_addr)));
verbose = overbose;
if (result == ERROR) {

View File

@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
/* $Id: ftp_locl.h,v 1.36 2001/08/22 20:30:19 assar Exp $ */
/* $Id: ftp_locl.h,v 1.37 2002/09/10 20:03:46 joda Exp $ */
#ifndef __FTP_LOCL_H__
#define __FTP_LOCL_H__
@ -131,11 +131,7 @@ struct hostent *gethostbyname(const char *);
#include "security.h"
/* des_read_pw_string */
#ifdef HAVE_OPENSSL
#include <openssl/des.h>
#else
#include <des.h>
#endif
#include "crypto-headers.h"
#if defined(__sun__) && !defined(__svr4)
int fclose(FILE*);

View File

@ -39,7 +39,7 @@
#include <gssapi.h>
#include <krb5_err.h>
RCSID("$Id: gssapi.c,v 1.19 2002/08/20 12:47:45 joda Exp $");
RCSID("$Id: gssapi.c,v 1.20 2002/09/04 22:00:50 joda Exp $");
struct gss_data {
gss_ctx_id_t context_hdl;
@ -81,6 +81,7 @@ gss_decode(void *app_data, void *buf, int len, int level)
gss_qop_t qop_state;
int conf_state;
struct gss_data *d = app_data;
size_t ret_len;
input.length = len;
input.value = buf;
@ -93,7 +94,9 @@ gss_decode(void *app_data, void *buf, int len, int level)
if(GSS_ERROR(maj_stat))
return -1;
memmove(buf, output.value, output.length);
return output.length;
ret_len = output.length;
gss_release_buffer(&min_stat, &output);
return ret_len;
}
static int

View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1998-2001 Kungliga Tekniska Högskolan
* Copyright (c) 1998-2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -37,7 +37,7 @@
#include "ftp_locl.h"
#endif
RCSID("$Id: security.c,v 1.18 2001/02/07 10:49:43 assar Exp $");
RCSID("$Id: security.c,v 1.19 2002/09/04 22:01:28 joda Exp $");
static enum protection_level command_prot;
static enum protection_level data_prot;
@ -387,9 +387,11 @@ sec_vfprintf(FILE *f, const char *fmt, va_list ap)
return -1;
}
if(base64_encode(enc, len, &buf) < 0){
free(enc);
printf("Out of memory base64-encoding.\n");
return -1;
}
free(enc);
#ifdef FTP_SERVER
if(command_prot == prot_safe)
fprintf(f, "631 %s\r\n", buf);

View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2000, 2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -32,13 +32,13 @@
*/
#include "kf_locl.h"
RCSID("$Id: kf.c,v 1.15 2001/02/20 01:44:44 assar Exp $");
RCSID("$Id: kf.c,v 1.17 2002/09/05 15:00:03 joda Exp $");
krb5_context context;
static int help_flag;
static int version_flag;
static char *port_str;
const char *service = SERVICE;
const char *service = KF_SERVICE;
const char *remote_name = NULL;
int forwardable = 0;
const char *ccache_name = NULL;
@ -107,7 +107,7 @@ client_setup(krb5_context *context, int *argc, char **argv)
}
if (port == 0)
port = krb5_getportbyname (*context, PORT, "tcp", PORT_NUM);
port = krb5_getportbyname (*context, KF_PORT_NAME, "tcp", KF_PORT_NUM);
if(*argc - optind < 1)
usage(1, args, num_args);
@ -122,22 +122,19 @@ client_setup(krb5_context *context, int *argc, char **argv)
*/
static int
proto (int sock, const char *hostname, const char *service)
proto (int sock, const char *hostname, const char *service,
char *message, size_t len)
{
krb5_auth_context auth_context;
krb5_error_code status;
krb5_principal server;
krb5_data data;
krb5_data packet;
krb5_data data_send;
u_int32_t len, net_len;
krb5_ccache ccache;
krb5_creds creds;
krb5_kdc_flags flags;
krb5_principal principal;
char ret_string[10];
ssize_t n;
status = krb5_auth_con_init (context, &auth_context);
if (status) {
@ -166,10 +163,10 @@ proto (int sock, const char *hostname, const char *service)
status = krb5_sendauth (context,
&auth_context,
&sock,
VERSION,
KF_VERSION_1,
NULL,
server,
AP_OPTS_MUTUAL_REQUIRED,
AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SUBKEY,
NULL,
NULL,
NULL,
@ -181,27 +178,19 @@ proto (int sock, const char *hostname, const char *service)
return 1;
}
if (remote_name == NULL) {
remote_name = get_default_username ();
if (remote_name == NULL)
errx (1, "who are you?");
}
if (ccache_name == NULL)
ccache_name = "";
krb5_data_zero(&data_send);
data_send.data = (void *)remote_name;
data_send.length = strlen(remote_name) + 1;
status = krb5_write_message(context, &sock, &data_send);
status = krb5_write_priv_message(context, auth_context, &sock, &data_send);
if (status) {
krb5_warn (context, status, "krb5_write_message");
return 1;
}
if (ccache_name == NULL)
ccache_name = "";
data_send.data = (void *)ccache_name;
data_send.length = strlen(ccache_name)+1;
status = krb5_write_message(context, &sock, &data_send);
status = krb5_write_priv_message(context, auth_context, &sock, &data_send);
if (status) {
krb5_warn (context, status, "krb5_write_message");
return 1;
@ -223,16 +212,15 @@ proto (int sock, const char *hostname, const char *service)
creds.client = principal;
status = krb5_build_principal (context,
&creds.server,
strlen(principal->realm),
principal->realm,
KRB5_TGS_NAME,
principal->realm,
NULL);
status = krb5_make_principal (context,
&creds.server,
principal->realm,
KRB5_TGS_NAME,
principal->realm,
NULL);
if (status) {
krb5_warn (context, status, "krb5_build_principal");
krb5_warn (context, status, "krb5_make_principal");
return 1;
}
@ -254,60 +242,36 @@ proto (int sock, const char *hostname, const char *service)
return 1;
}
status = krb5_mk_priv (context,
auth_context,
&data,
&packet,
NULL);
status = krb5_write_priv_message(context, auth_context, &sock, &data);
if (status) {
krb5_warn (context, status, "krb5_mk_priv");
return 1;
}
len = packet.length;
net_len = htonl(len);
if (krb5_net_write (context, &sock, &net_len, 4) != 4) {
krb5_warn (context, errno, "krb5_net_write");
return 1;
}
if (krb5_net_write (context, &sock, packet.data, len) != len) {
krb5_warn (context, errno, "krb5_net_write");
return 1;
}
krb5_data_free (&data);
n = krb5_net_read (context, &sock, &net_len, 4);
if (n == 0) {
krb5_warnx (context, "EOF in krb5_net_read");
status = krb5_read_priv_message(context, auth_context, &sock, &data);
if (status) {
krb5_warn (context, status, "krb5_mk_priv");
return 1;
}
if (n < 0) {
krb5_warn (context, errno, "krb5_net_read");
return 1;
if(data.length >= len) {
krb5_warnx (context, "returned string is too long, truncating");
memcpy(message, data.data, len);
message[len - 1] = '\0';
} else {
memcpy(message, data.data, data.length);
message[data.length] = '\0';
}
len = ntohl(net_len);
if (len >= sizeof(ret_string)) {
krb5_warnx (context, "too long string back from %s", hostname);
return 1;
}
n = krb5_net_read (context, &sock, ret_string, len);
if (n == 0) {
krb5_warnx (context, "EOF in krb5_net_read");
return 1;
}
if (n < 0) {
krb5_warn (context, errno, "krb5_net_read");
return 1;
}
ret_string[sizeof(ret_string) - 1] = '\0';
krb5_data_free (&data);
return(strcmp(ret_string,"ok"));
return(strcmp(message, "ok"));
}
static int
doit (const char *hostname, int port, const char *service)
doit (const char *hostname, int port, const char *service,
char *message, size_t len)
{
struct addrinfo *ai, *a;
struct addrinfo hints;
@ -337,7 +301,7 @@ doit (const char *hostname, int port, const char *service)
continue;
}
freeaddrinfo (ai);
return proto (s, hostname, service);
return proto (s, hostname, service, message, len);
}
warnx ("failed to contact %s", hostname);
freeaddrinfo (ai);
@ -353,9 +317,19 @@ main(int argc, char **argv)
argcc = argc;
port = client_setup(&context, &argcc, argv);
if (remote_name == NULL) {
remote_name = get_default_username ();
if (remote_name == NULL)
errx (1, "who are you?");
}
for (i = argcc;i < argc; i++) {
ret = doit (argv[i], port, service);
warnx ("%s %s", argv[i], ret ? "failed" : "ok");
char message[128];
ret = doit (argv[i], port, service, message, sizeof(message));
if(ret == 0)
warnx ("%s: ok", argv[i]);
else
warnx ("%s: failed: %s", argv[i], message);
}
return(ret);
}

View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 1999, 2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
/* $Id: kf_locl.h,v 1.2 1999/12/02 17:04:55 joda Exp $ */
/* $Id: kf_locl.h,v 1.3 2002/09/04 20:29:04 joda Exp $ */
#ifdef HAVE_CONFIG_H
#include <config.h>
@ -74,7 +74,8 @@
#include <err.h>
#include <krb5.h>
#define SERVICE "host"
#define KF_SERVICE "host"
#define PORT "kf"
#define PORT_NUM 2110
#define KF_PORT_NAME "kf"
#define KF_PORT_NUM 2110
#define KF_VERSION_1 "KFWDV0.1"

View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -32,7 +32,7 @@
*/
#include "kf_locl.h"
RCSID("$Id: kfd.c,v 1.9 2001/02/20 01:44:44 assar Exp $");
RCSID("$Id: kfd.c,v 1.10 2002/09/04 20:31:48 joda Exp $");
krb5_context context;
char krb5_tkfile[MAXPATHLEN];
@ -40,7 +40,7 @@ char krb5_tkfile[MAXPATHLEN];
static int help_flag;
static int version_flag;
static char *port_str;
char *service = SERVICE;
char *service = KF_SERVICE;
int do_inetd = 0;
static char *regpag_str=NULL;
@ -92,7 +92,7 @@ server_setup(krb5_context *context, int argc, char **argv)
}
if (port == 0)
port = krb5_getportbyname (*context, PORT, "tcp", PORT_NUM);
port = krb5_getportbyname (*context, KF_PORT_NAME, "tcp", KF_PORT_NUM);
if(argv[local_argc] != NULL)
usage(1, args, num_args);
@ -100,26 +100,23 @@ server_setup(krb5_context *context, int argc, char **argv)
return port;
}
static void
syslog_and_die (const char *m, ...)
static int protocol_version;
static krb5_boolean
kfd_match_version(const void *arg, const char *version)
{
va_list args;
va_start(args, m);
vsyslog (LOG_ERR, m, args);
va_end(args);
exit (1);
}
static void
syslog_and_cont (const char *m, ...)
{
va_list args;
va_start(args, m);
vsyslog (LOG_ERR, m, args);
va_end(args);
return;
if(strcmp(version, KF_VERSION_1) == 0) {
protocol_version = 1;
return TRUE;
} else if (strlen(version) == 4 &&
version[0] == '0' &&
version[1] == '.' &&
(version[2] == '4' || version[2] == '3') &&
islower(version[3])) {
protocol_version = 0;
return TRUE;
}
return FALSE;
}
static int
@ -132,31 +129,25 @@ proto (int sock, const char *service)
char *name;
char ret_string[10];
char hostname[MAXHOSTNAMELEN];
krb5_data packet;
krb5_data data;
krb5_data remotename;
krb5_data tk_file;
u_int32_t len, net_len;
krb5_ccache ccache;
char ccname[MAXPATHLEN];
struct passwd *pwd;
ssize_t n;
status = krb5_auth_con_init (context, &auth_context);
if (status)
syslog_and_die("krb5_auth_con_init: %s",
krb5_get_err_text(context, status));
krb5_err(context, 1, status, "krb5_auth_con_init");
status = krb5_auth_con_setaddrs_from_fd (context,
auth_context,
&sock);
if (status)
syslog_and_die("krb5_auth_con_setaddr: %s",
krb5_get_err_text(context, status));
krb5_err(context, 1, status, "krb5_auth_con_setaddr");
if(gethostname (hostname, sizeof(hostname)) < 0)
syslog_and_die("gethostname: %s",strerror(errno));
krb5_err(context, 1, errno, "gethostname");
status = krb5_sname_to_principal (context,
hostname,
@ -164,88 +155,80 @@ proto (int sock, const char *service)
KRB5_NT_SRV_HST,
&server);
if (status)
syslog_and_die("krb5_sname_to_principal: %s",
krb5_get_err_text(context, status));
krb5_err(context, 1, status, "krb5_sname_to_principal");
status = krb5_recvauth (context,
&auth_context,
&sock,
VERSION,
server,
0,
NULL,
&ticket);
status = krb5_recvauth_match_version (context,
&auth_context,
&sock,
kfd_match_version,
NULL,
server,
0,
NULL,
&ticket);
if (status)
syslog_and_die("krb5_recvauth: %s",
krb5_get_err_text(context, status));
krb5_err(context, 1, status, "krb5_recvauth");
status = krb5_unparse_name (context,
ticket->client,
&name);
if (status)
syslog_and_die("krb5_unparse_name: %s",
krb5_get_err_text(context, status));
krb5_err(context, 1, status, "krb5_unparse_name");
status=krb5_read_message (context, &sock, &remotename);
if (status) {
syslog_and_die("krb5_read_message: %s",
krb5_get_err_text(context, status));
}
status=krb5_read_message (context, &sock, &tk_file);
if (status) {
syslog_and_die("krb5_read_message: %s",
krb5_get_err_text(context, status));
if(protocol_version == 0) {
data.data = "old clnt"; /* XXX old clients only had room for
10 bytes of message, and also
didn't show it to the user */
data.length = strlen(data.data) + 1;
krb5_write_message(context, &sock, &data);
sleep(2); /* XXX give client time to finish */
krb5_errx(context, 1, "old client; exiting");
}
status=krb5_read_priv_message (context, auth_context,
&sock, &remotename);
if (status)
krb5_err(context, 1, status, "krb5_read_message");
status=krb5_read_priv_message (context, auth_context,
&sock, &tk_file);
if (status)
krb5_err(context, 1, status, "krb5_read_message");
krb5_data_zero (&data);
krb5_data_zero (&packet);
n = krb5_net_read (context, &sock, &net_len, 4);
if (n < 0)
syslog_and_die("krb5_net_read: %s", strerror(errno));
if (n == 0)
syslog_and_die("EOF in krb5_net_read");
if(((char*)remotename.data)[remotename.length-1] != '\0')
krb5_errx(context, 1, "unterminated received");
if(((char*)tk_file.data)[tk_file.length-1] != '\0')
krb5_errx(context, 1, "unterminated received");
len = ntohl(net_len);
krb5_data_alloc (&packet, len);
n = krb5_net_read (context, &sock, packet.data, len);
if (n < 0)
syslog_and_die("krb5_net_read: %s", strerror(errno));
if (n == 0)
syslog_and_die("EOF in krb5_net_read");
status = krb5_read_priv_message(context, auth_context, &sock, &data);
status = krb5_rd_priv (context,
auth_context,
&packet,
&data,
NULL);
if (status) {
syslog_and_cont("krb5_rd_priv: %s",
krb5_get_err_text(context, status));
krb5_err(context, 1, errno, "krb5_read_priv_message");
goto out;
}
pwd = getpwnam ((char *)(remotename.data));
if (pwd == NULL) {
status=1;
syslog_and_cont("getpwnam: %s failed",(char *)(remotename.data));
krb5_warnx(context, "getpwnam: %s failed",(char *)(remotename.data));
goto out;
}
if(!krb5_kuserok (context,
ticket->client,
(char *)(remotename.data))) {
ticket->client,
(char *)(remotename.data))) {
status=1;
syslog_and_cont("krb5_kuserok: permission denied");
krb5_warnx(context, "krb5_kuserok: permission denied");
goto out;
}
if (setgid(pwd->pw_gid) < 0) {
syslog_and_cont ("setgid: %s", strerror(errno));
krb5_warn(context, errno, "setgid");
goto out;
}
if (setuid(pwd->pw_uid) < 0) {
syslog_and_cont ("setuid: %s", strerror(errno));
krb5_warn(context, errno, "setuid");
goto out;
}
@ -256,49 +239,41 @@ proto (int sock, const char *service)
status = krb5_cc_resolve (context, ccname, &ccache);
if (status) {
syslog_and_cont("krb5_cc_resolve: %s",
krb5_get_err_text(context, status));
krb5_warn(context, status, "krb5_cc_resolve");
goto out;
}
status = krb5_cc_initialize (context, ccache, ticket->client);
if (status) {
syslog_and_cont("krb5_cc_initialize: %s",
krb5_get_err_text(context, status));
krb5_warn(context, status, "krb5_cc_initialize");
goto out;
}
status = krb5_rd_cred2 (context, auth_context, ccache, &data);
krb5_cc_close (context, ccache);
if (status) {
syslog_and_cont("krb5_rd_cred: %s",
krb5_get_err_text(context, status));
krb5_warn(context, status, "krb5_rd_cred");
goto out;
}
strlcpy(krb5_tkfile,ccname,sizeof(krb5_tkfile));
syslog_and_cont("%s forwarded ticket to %s,%s",
name,
(char *)(remotename.data),ccname);
out:
krb5_warnx(context, "%s forwarded ticket to %s,%s",
name,
(char *)(remotename.data),ccname);
out:
if (status) {
strcpy(ret_string, "no");
syslog_and_cont("failed");
krb5_warnx(context, "failed");
} else {
strcpy(ret_string, "ok");
}
krb5_data_free (&tk_file);
krb5_data_free (&remotename);
krb5_data_free (&packet);
krb5_data_free (&data);
free(name);
len = strlen(ret_string) + 1;
net_len = htonl(len);
if (krb5_net_write (context, &sock, &net_len, 4) != 4)
return 1;
if (krb5_net_write (context, &sock, ret_string, len) != len)
return 1;
return status;
data.data = ret_string;
data.length = strlen(ret_string) + 1;
return krb5_write_priv_message(context, auth_context, &sock, &data);
}
static int
@ -314,10 +289,16 @@ main(int argc, char **argv)
{
int port;
int ret;
krb5_log_facility *fac;
setprogname (argv[0]);
roken_openlog (argv[0], LOG_ODELAY | LOG_PID,LOG_AUTH);
port = server_setup(&context, argc, argv);
ret = krb5_openlog(context, "kfd", &fac);
if(ret) krb5_err(context, 1, ret, "krb5_openlog");
ret = krb5_set_warn_dest(context, fac);
if(ret) krb5_err(context, 1, ret, "krb5_set_warn_dest");
ret = doit (port, service);
closelog();
if (ret == 0 && regpag_str != NULL)

View File

@ -1,3 +1,27 @@
2002-09-04 Johan Danielsson <joda@pdc.kth.se>
* rsh.c: free some memory
2002-09-04 Assar Westerlund <assar@kth.se>
* common.c: krb5_crypto_block_size -> krb5_crypto_getblocksize
2002-09-04 Johan Danielsson <joda@pdc.kth.se>
* rsh.1: document -P
2002-09-03 Johan Danielsson <joda@pdc.kth.se>
* rsh.c: revert to protocol v1 if not asked for specific protocol
* rshd.c: handle protocol version 2
* rsh.c: handle protocol version 2
* common.c: handle protocol version 2
* rsh_locl.h: handle protocol version 2
2002-02-18 Johan Danielsson <joda@pdc.kth.se>
* rshd.c: don't show options that doesn't apply

View File

@ -32,14 +32,40 @@
*/
#include "rsh_locl.h"
RCSID("$Id: common.c,v 1.14 2002/02/18 20:01:05 joda Exp $");
RCSID("$Id: common.c,v 1.16 2002/09/04 15:50:36 assar Exp $");
#if defined(KRB4) || defined(KRB5)
#ifdef KRB5
int key_usage = 1026;
void *ivec_in[2];
void *ivec_out[2];
void
init_ivecs(int client)
{
size_t blocksize;
krb5_crypto_getblocksize(context, crypto, &blocksize);
ivec_in[0] = malloc(blocksize);
memset(ivec_in[0], client, blocksize);
ivec_in[1] = malloc(blocksize);
memset(ivec_in[1], 2 | client, blocksize);
ivec_out[0] = malloc(blocksize);
memset(ivec_out[0], !client, blocksize);
ivec_out[1] = malloc(blocksize);
memset(ivec_out[1], 2 | !client, blocksize);
}
#endif
ssize_t
do_read (int fd,
void *buf,
size_t sz)
do_read (int fd, void *buf, size_t sz, void *ivec)
{
if (do_encrypt) {
#ifdef KRB4
@ -61,7 +87,11 @@ do_read (int fd,
len = ntohl(len);
if (len > sz)
abort ();
outer_len = krb5_get_wrapped_length (context, crypto, len);
/* ivec will be non null for protocol version 2 */
if(ivec != NULL)
outer_len = krb5_get_wrapped_length (context, crypto, len + 4);
else
outer_len = krb5_get_wrapped_length (context, crypto, len);
edata = malloc (outer_len);
if (edata == NULL)
errx (1, "malloc: cannot allocate %u bytes", outer_len);
@ -69,13 +99,22 @@ do_read (int fd,
if (ret <= 0)
return ret;
status = krb5_decrypt(context, crypto, KRB5_KU_OTHER_ENCRYPTED,
edata, outer_len, &data);
status = krb5_decrypt_ivec(context, crypto, key_usage,
edata, outer_len, &data, ivec);
free (edata);
if (status)
errx (1, "%s", krb5_get_err_text (context, status));
memcpy (buf, data.data, len);
krb5_err (context, 1, status, "decrypting data");
if(ivec != NULL) {
unsigned long l;
if(data.length < len + 4)
errx (1, "data received is too short");
_krb5_get_int(data.data, &l, 4);
if(l != len)
errx (1, "inconsistency in received data");
memcpy (buf, (unsigned char *)data.data+4, len);
} else
memcpy (buf, data.data, len);
krb5_data_free (&data);
return len;
} else
@ -86,7 +125,7 @@ do_read (int fd,
}
ssize_t
do_write (int fd, void *buf, size_t sz)
do_write (int fd, void *buf, size_t sz, void *ivec)
{
if (do_encrypt) {
#ifdef KRB4
@ -98,20 +137,27 @@ do_write (int fd, void *buf, size_t sz)
if(auth_method == AUTH_KRB5) {
krb5_error_code status;
krb5_data data;
u_int32_t len;
unsigned char len[4];
int ret;
status = krb5_encrypt(context, crypto, KRB5_KU_OTHER_ENCRYPTED,
buf, sz, &data);
_krb5_put_int(len, sz, 4);
if(ivec != NULL) {
unsigned char *tmp = malloc(sz + 4);
if(tmp == NULL)
err(1, "malloc");
_krb5_put_int(tmp, sz, 4);
memcpy(tmp + 4, buf, sz);
status = krb5_encrypt_ivec(context, crypto, key_usage,
tmp, sz + 4, &data, ivec);
free(tmp);
} else
status = krb5_encrypt_ivec(context, crypto, key_usage,
buf, sz, &data, ivec);
if (status)
errx (1, "%s", krb5_get_err_text(context, status));
krb5_err(context, 1, status, "encrypting data");
assert (krb5_get_wrapped_length (context, crypto,
sz) == data.length);
len = htonl(sz);
ret = krb5_net_write (context, &fd, &len, 4);
ret = krb5_net_write (context, &fd, len, 4);
if (ret != 4)
return ret;
ret = krb5_net_write (context, &fd, data.data, data.length);

View File

@ -1,6 +1,6 @@
.\" $Id: rsh.1,v 1.3 2002/08/20 17:07:08 joda Exp $
.\" $Id: rsh.1,v 1.4 2002/09/04 13:01:52 joda Exp $
.\"
.Dd July 31, 2001
.Dd September 4, 2002
.Dt RSH 1
.Os HEIMDAL
.Sh NAME
@ -13,6 +13,7 @@ remote shell
.Op Fl U Pa string
.Op Fl p Ar port
.Op Fl l Ar username
.Op Fl P Ar N|O
.Ar host [command]
.Sh DESCRIPTION
.Nm
@ -145,6 +146,22 @@ By default the remote username is the same as the local. The
option or the
.Pa username@host
format allow the remote name to be specified.
.It Xo
.Fl P Ar N|O|1|2 ,
.Fl -protocol= Ns Ar N|O|1|2
.Xc
Specifies which protocol version to use with Kerberos 5.
.Ar N
and
.Ar 2
selects protocol version 2, while
.Ar O
and
.Ar 1
selects version 1. Version 2 is beleived to be more secure, and is the
default. Unless asked for a specific version,
.Nm
will try both. This behaviour may change in the future.
.El
.\".Pp
.\"Without a
@ -155,7 +172,7 @@ format allow the remote name to be specified.
.\"with the same arguments.
.Sh EXAMPLES
Care should be taken when issuing commands containing shell meta
characters. Without quoting these will be expanded on the local
characters. Without quoting, these will be expanded on the local
machine.
.Pp
The following command:

View File

@ -32,7 +32,7 @@
*/
#include "rsh_locl.h"
RCSID("$Id: rsh.c,v 1.65 2002/02/18 20:02:06 joda Exp $");
RCSID("$Id: rsh.c,v 1.68 2002/09/04 21:40:04 joda Exp $");
enum auth_method auth_method;
#if defined(KRB4) || defined(KRB5)
@ -67,6 +67,8 @@ static const char *user;
static int do_version;
static int do_help;
static int do_errsock = 1;
static char *protocol_version_str;
static int protocol_version = 2;
/*
*
@ -80,6 +82,11 @@ loop (int s, int errsock)
fd_set real_readset;
int count = 1;
#ifdef KRB5
if(auth_method == AUTH_KRB5 && protocol_version == 2)
init_ivecs(1);
#endif
if (s >= FD_SETSIZE || errsock >= FD_SETSIZE)
errx (1, "fd too large");
@ -106,7 +113,7 @@ loop (int s, int errsock)
err (1, "select");
}
if (FD_ISSET(s, &readset)) {
ret = do_read (s, buf, sizeof(buf));
ret = do_read (s, buf, sizeof(buf), ivec_in[0]);
if (ret < 0)
err (1, "read");
else if (ret == 0) {
@ -118,7 +125,7 @@ loop (int s, int errsock)
net_write (STDOUT_FILENO, buf, ret);
}
if (errsock != -1 && FD_ISSET(errsock, &readset)) {
ret = do_read (errsock, buf, sizeof(buf));
ret = do_read (errsock, buf, sizeof(buf), ivec_in[1]);
if (ret < 0)
err (1, "read");
else if (ret == 0) {
@ -138,7 +145,7 @@ loop (int s, int errsock)
FD_CLR(STDIN_FILENO, &real_readset);
shutdown (s, SHUT_WR);
} else
do_write (s, buf, ret);
do_write (s, buf, ret, ivec_out[0]);
}
}
}
@ -166,7 +173,7 @@ send_krb4_auth(int s,
getpid(), &msg, &cred, schedule,
(struct sockaddr_in *)thisaddr,
(struct sockaddr_in *)thataddr,
KCMD_VERSION);
KCMD_OLD_VERSION);
if (status != KSUCCESS) {
warnx("%s: %s", hostname, krb_get_err_text(status));
return 1;
@ -267,6 +274,8 @@ krb5_forward_cred (krb5_auth_context auth_context,
return 0;
}
static int sendauth_version_error;
static int
send_krb5_auth(int s,
struct sockaddr *thisaddr,
@ -282,6 +291,8 @@ send_krb5_auth(int s,
int status;
size_t len;
krb5_auth_context auth_context = NULL;
const char *protocol_string = NULL;
krb5_flags ap_opts;
status = krb5_sname_to_principal(context,
hostname,
@ -300,25 +311,53 @@ send_krb5_auth(int s,
cmd,
remote_user);
ap_opts = 0;
if(do_encrypt)
ap_opts |= AP_OPTS_MUTUAL_REQUIRED;
switch(protocol_version) {
case 2:
ap_opts |= AP_OPTS_USE_SUBKEY;
protocol_string = KCMD_NEW_VERSION;
break;
case 1:
protocol_string = KCMD_OLD_VERSION;
key_usage = KRB5_KU_OTHER_ENCRYPTED;
break;
default:
abort();
}
status = krb5_sendauth (context,
&auth_context,
&s,
KCMD_VERSION,
protocol_string,
NULL,
server,
do_encrypt ? AP_OPTS_MUTUAL_REQUIRED : 0,
ap_opts,
&cksum_data,
NULL,
NULL,
NULL,
NULL,
NULL);
krb5_free_principal(context, server);
krb5_data_free(&cksum_data);
if (status) {
warnx("%s: %s", hostname, krb5_get_err_text(context, status));
if(status == KRB5_SENDAUTH_REJECTED &&
protocol_version == 2 && protocol_version_str == NULL)
sendauth_version_error = 1;
else
krb5_warn(context, status, "%s", hostname);
return 1;
}
status = krb5_auth_con_getkey (context, auth_context, &keyblock);
status = krb5_auth_con_getlocalsubkey (context, auth_context, &keyblock);
if(keyblock == NULL)
status = krb5_auth_con_getkey (context, auth_context, &keyblock);
if (status) {
warnx ("krb5_auth_con_getkey: %s", krb5_get_err_text(context, status));
return 1;
@ -552,7 +591,7 @@ proto (int s, int errsock,
(void *)&one, sizeof(one)) < 0)
warn("setsockopt stderr");
}
return loop (s, errsock2);
}
@ -777,6 +816,8 @@ struct getargs args[] = {
"port" },
{ "user", 'l', arg_string, &user, "Run as this user", "login" },
{ "stderr", 'e', arg_negative_flag, &do_errsock, "Don't open stderr"},
{ "protocol", 'P', arg_string, &protocol_version_str,
"Protocol version", "protocol" },
{ "version", 0, arg_flag, &do_version, NULL },
{ "help", 0, arg_flag, &do_help, NULL }
};
@ -840,7 +881,24 @@ main(int argc, char **argv)
print_version (NULL);
return 0;
}
if(protocol_version_str != NULL) {
if(strcasecmp(protocol_version_str, "N") == 0)
protocol_version = 2;
else if(strcasecmp(protocol_version_str, "O") == 0)
protocol_version = 1;
else {
char *end;
int v;
v = strtol(protocol_version_str, &end, 0);
if(*end != '\0' || (v != 1 && v != 2)) {
errx(1, "unknown protocol version \"%s\"",
protocol_version_str);
}
protocol_version = v;
}
}
#ifdef KRB5
status = krb5_init_context (&context);
if (status) {
@ -978,9 +1036,15 @@ main(int argc, char **argv)
errx (1, "getaddrinfo: %s", gai_strerror(error));
auth_method = AUTH_KRB5;
again:
ret = doit (host, ai, user, local_user, cmd, cmd_len,
do_errsock,
send_krb5_auth);
if(ret != 0 && sendauth_version_error &&
protocol_version == 2) {
protocol_version = 1;
goto again;
}
freeaddrinfo(ai);
}
#endif
@ -1035,5 +1099,6 @@ main(int argc, char **argv)
cmd, cmd_len);
freeaddrinfo(ai);
}
free(cmd);
return ret;
}

View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2000, 2002 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
/* $Id: rsh_locl.h,v 1.27 2002/08/12 15:09:16 joda Exp $ */
/* $Id: rsh_locl.h,v 1.28 2002/09/03 20:03:46 joda Exp $ */
#ifdef HAVE_CONFIG_H
#include <config.h>
@ -99,6 +99,7 @@
#endif
#ifdef KRB5
#include <krb5.h>
#include <krb5-private.h> /* for _krb5_{get,put}_int */
#endif
#ifdef KRB4
#include <kafs.h>
@ -132,25 +133,30 @@ extern int do_encrypt;
extern krb5_context context;
extern krb5_keyblock *keyblock;
extern krb5_crypto crypto;
extern int key_usage;
extern void *ivec_in[2];
extern void *ivec_out[2];
void init_ivecs(int);
#endif
#ifdef KRB4
extern des_key_schedule schedule;
extern des_cblock iv;
#endif
#define KCMD_VERSION "KCMDV0.1"
#define KCMD_OLD_VERSION "KCMDV0.1"
#define KCMD_NEW_VERSION "KCMDV0.2"
#define USERNAME_SZ 16
#define COMMAND_SZ 1024
#define RSH_BUFSIZ (16 * 1024)
#define RSH_BUFSIZ (5 * 1024) /* MIT kcmd can't handle larger buffers */
#define PATH_RSH BINDIR "/rsh"
#if defined(KRB4) || defined(KRB5)
ssize_t do_read (int fd, void *buf, size_t sz);
ssize_t do_write (int fd, void *buf, size_t sz);
ssize_t do_read (int, void*, size_t, void*);
ssize_t do_write (int, void*, size_t, void*);
#else
#define do_write(F, B, L) write((F), (B), (L))
#define do_read(F, B, L) read((F), (B), (L))
#define do_write(F, B, L, I) write((F), (B), (L))
#define do_read(F, B, L, I) read((F), (B), (L))
#endif

View File

@ -32,7 +32,7 @@
*/
#include "rsh_locl.h"
RCSID("$Id: rshd.c,v 1.46 2002/02/18 20:02:14 joda Exp $");
RCSID("$Id: rshd.c,v 1.47 2002/09/03 20:03:26 joda Exp $");
int
login_access( struct passwd *user, char *from);
@ -199,7 +199,7 @@ recv_krb4_auth (int s, u_char *buf,
version);
if (status != KSUCCESS)
syslog_and_die ("recvauth: %s", krb_get_err_text(status));
if (strncmp (version, KCMD_VERSION, KRB_SENDAUTH_VLEN) != 0)
if (strncmp (version, KCMD_OLD_VERSION, KRB_SENDAUTH_VLEN) != 0)
syslog_and_die ("bad version: %s", version);
read_str (s, server_username, USERNAME_SZ, "remote username");
@ -277,6 +277,24 @@ krb5_start_session (void)
return;
}
static int protocol_version;
static krb5_boolean
match_kcmd_version(const void *data, const char *version)
{
if(strcmp(version, KCMD_NEW_VERSION) == 0) {
protocol_version = 2;
return TRUE;
}
if(strcmp(version, KCMD_OLD_VERSION) == 0) {
protocol_version = 1;
key_usage = KRB5_KU_OTHER_ENCRYPTED;
return TRUE;
}
return FALSE;
}
static int
recv_krb5_auth (int s, u_char *buf,
struct sockaddr *thisaddr,
@ -311,14 +329,15 @@ recv_krb5_auth (int s, u_char *buf,
syslog_and_die ("krb5_sock_to_principal: %s",
krb5_get_err_text(context, status));
status = krb5_recvauth(context,
&auth_context,
&s,
KCMD_VERSION,
server,
KRB5_RECVAUTH_IGNORE_VERSION,
NULL,
&ticket);
status = krb5_recvauth_match_version(context,
&auth_context,
&s,
match_kcmd_version,
NULL,
server,
KRB5_RECVAUTH_IGNORE_VERSION,
NULL,
&ticket);
krb5_free_principal (context, server);
if (status)
syslog_and_die ("krb5_recvauth: %s",
@ -328,8 +347,17 @@ recv_krb5_auth (int s, u_char *buf,
read_str (s, cmd, COMMAND_SZ, "command");
read_str (s, client_username, COMMAND_SZ, "local username");
status = krb5_auth_con_getkey (context, auth_context, &keyblock);
if (status)
if(protocol_version == 2) {
status = krb5_auth_con_getremotesubkey(context, auth_context,
&keyblock);
if(status != 0 || keyblock == NULL)
syslog_and_die("failed to get remote subkey");
} else if(protocol_version == 1) {
status = krb5_auth_con_getkey (context, auth_context, &keyblock);
if(status != 0 || keyblock == NULL)
syslog_and_die("failed to get key");
}
if (status != 0 || keyblock == NULL)
syslog_and_die ("krb5_auth_con_getkey: %s",
krb5_get_err_text(context, status));
@ -436,6 +464,11 @@ loop (int from0, int to0,
if(from0 >= FD_SETSIZE || from1 >= FD_SETSIZE || from2 >= FD_SETSIZE)
errx (1, "fd too large");
#ifdef KRB5
if(auth_method == AUTH_KRB5 && protocol_version == 2)
init_ivecs(0);
#endif
FD_ZERO(&real_readset);
FD_SET(from0, &real_readset);
FD_SET(from1, &real_readset);
@ -454,7 +487,7 @@ loop (int from0, int to0,
syslog_and_die ("select: %m");
}
if (FD_ISSET(from0, &readset)) {
ret = do_read (from0, buf, sizeof(buf));
ret = do_read (from0, buf, sizeof(buf), ivec_in[0]);
if (ret < 0)
syslog_and_die ("read: %m");
else if (ret == 0) {
@ -475,7 +508,7 @@ loop (int from0, int to0,
if (--count == 0)
exit (0);
} else
do_write (to1, buf, ret);
do_write (to1, buf, ret, ivec_out[0]);
}
if (FD_ISSET(from2, &readset)) {
ret = read (from2, buf, sizeof(buf));
@ -488,7 +521,7 @@ loop (int from0, int to0,
if (--count == 0)
exit (0);
} else
do_write (to2, buf, ret);
do_write (to2, buf, ret, ivec_out[1]);
}
}
}

View File

@ -32,7 +32,7 @@
#include <config.h>
RCSID("$Id: su.c,v 1.24 2002/02/19 13:01:15 joda Exp $");
RCSID("$Id: su.c,v 1.25 2002/09/10 20:03:47 joda Exp $");
#include <stdio.h>
#include <stdlib.h>
@ -50,11 +50,7 @@ RCSID("$Id: su.c,v 1.24 2002/02/19 13:01:15 joda Exp $");
#include <pwd.h>
#ifdef HAVE_OPENSSL
#include <openssl/des.h>
#else
#include <des.h>
#endif
#include "crypto-headers.h"
#ifdef KRB5
#include <krb5.h>
#endif

View File

@ -1,5 +1,13 @@
2002-09-02 Johan Danielsson <joda@pdc.kth.se>
* libtelnet/kerberos5.c: set AP_OPTS_USE_SUBKEY
2002-08-28 Johan Danielsson <joda@pdc.kth.se>
* telnet/commands.c: remove extra "Toggle"'s
* telnet/commands.c: IRIX == 4 -> IRIX4
* telnet/main.c: rename functions to what they're really called
* telnet/commands.c: kill some might be uninitialized warnings

View File

@ -33,7 +33,7 @@
#include <config.h>
RCSID("$Id: enc_des.c,v 1.20 2001/08/29 00:45:19 assar Exp $");
RCSID("$Id: enc_des.c,v 1.21 2002/09/10 20:03:47 joda Exp $");
#if defined(AUTHENTICATION) && defined(ENCRYPTION) && defined(DES_ENCRYPTION)
#include <arpa/telnet.h>
@ -50,11 +50,7 @@ RCSID("$Id: enc_des.c,v 1.20 2001/08/29 00:45:19 assar Exp $");
#include "encrypt.h"
#include "misc-proto.h"
#ifdef HAVE_OPENSSL
#include <openssl/des.h>
#else
#include <des.h>
#endif
#include "crypto-headers.h"
extern int encrypt_debug_mode;

View File

@ -55,7 +55,7 @@
* or implied warranty.
*/
/* $Id: encrypt.h,v 1.7 2001/08/22 20:30:22 assar Exp $ */
/* $Id: encrypt.h,v 1.8 2002/09/10 20:03:47 joda Exp $ */
#ifndef __ENCRYPT__
#define __ENCRYPT__
@ -90,11 +90,9 @@ typedef struct {
#define SK_DES 1 /* Matched Kerberos v5 KEYTYPE_DES */
#include "crypto-headers.h"
#ifdef HAVE_OPENSSL
#include <openssl/des.h>
#define des_new_random_key des_random_key
#else
#include <des.h>
#endif
#include "enc-proto.h"

View File

@ -53,7 +53,7 @@
#include <config.h>
RCSID("$Id: kerberos5.c,v 1.50 2002/08/28 20:55:53 joda Exp $");
RCSID("$Id: kerberos5.c,v 1.51 2002/09/02 15:33:20 joda Exp $");
#ifdef KRB5
@ -206,6 +206,8 @@ kerberos5_send(char *name, Authenticator *ap)
ap_opts = AP_OPTS_MUTUAL_REQUIRED;
else
ap_opts = 0;
ap_opts |= AP_OPTS_USE_SUBKEY;
ret = krb5_auth_con_init (context, &auth_context);
if (ret) {

View File

@ -1,3 +1,31 @@
2002-09-10 Johan Danielsson <joda@pdc.kth.se>
* crypto.m4: use m4 macros for test cases, also test for older
hash names
* test-package.m4: include dep libraries in LIB_*
* crypto.m4: move krb4 test before test for openssl, and bail out
if krb4 is requested, but the crypto library is not the same as
krb4
* db.m4: filter contents of LDFLAGS
2002-09-09 Johan Danielsson <joda@pdc.kth.se>
* auth-modules.m4: rename to rk_AUTH_MODULES
* auth-modules.m4: only include modules explicitly asked for
2002-09-04 Johan Danielsson <joda@pdc.kth.se>
* roken-frag.m4: test for res_nsearch
2002-09-03 Assar Westerlund <assar@kth.se>
* roken-frag.m4: check for sys/mman.h and mmap (used by
parse_reply-test)
2002-08-28 Assar Westerlund <assar@kth.se>
* krb-readline.m4: also add LIB_tgetent in the case of editline

View File

@ -1,16 +1,22 @@
dnl $Id: auth-modules.m4,v 1.3 2002/08/28 15:04:57 nectar Exp $
dnl $Id: auth-modules.m4,v 1.5 2002/09/09 13:31:45 joda Exp $
dnl
dnl Figure what authentication modules should be built
dnl
dnl rk_AUTH_MODULES(module-list)
AC_DEFUN(AC_AUTH_MODULES,[
AC_MSG_CHECKING(which authentication modules should be built)
AC_DEFUN(rk_AUTH_MODULES,[
AC_MSG_CHECKING([which authentication modules should be built])
z='m4_ifval([$1], $1, [sia pam afskauthlib])'
LIB_AUTH_SUBDIRS=
for i in $z; do
case $i in
sia)
if test "$ac_cv_header_siad_h" = yes; then
LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS sia"
fi
;;
pam)
case "${host}" in
*-*-freebsd*) ac_cv_want_pam_krb4=no ;;
*) ac_cv_want_pam_krb4=yes ;;
@ -21,12 +27,19 @@ if test "$ac_cv_want_pam_krb4" = yes -a \
"$enable_shared" = yes; then
LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS pam"
fi
;;
afskauthlib)
case "${host}" in
*-*-irix[[56]]*) LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS afskauthlib" ;;
esac
AC_MSG_RESULT($LIB_AUTH_SUBDIRS)
;;
esac
done
if test "$LIB_AUTH_SUBDIRS"; then
AC_MSG_RESULT($LIB_AUTH_SUBDIRS)
else
AC_MSG_RESULT(none)
fi
AC_SUBST(LIB_AUTH_SUBDIRS)dnl
])

View File

@ -1,10 +1,54 @@
dnl $Id: crypto.m4,v 1.11 2002/08/28 23:09:05 assar Exp $
dnl $Id: crypto.m4,v 1.13 2002/09/10 19:55:48 joda Exp $
dnl
dnl test for crypto libraries:
dnl - libcrypto (from openssl)
dnl - libdes (from krb4)
dnl - own-built libdes
m4_define([test_headers], [
#undef KRB5 /* makes md4.h et al unhappy */
#ifdef HAVE_OPENSSL
#include <openssl/md4.h>
#include <openssl/md5.h>
#include <openssl/sha.h>
#include <openssl/des.h>
#include <openssl/rc4.h>
#else
#include <md4.h>
#include <md5.h>
#include <sha.h>
#include <des.h>
#include <rc4.h>
#endif
#ifdef OLD_HASH_NAMES
typedef struct md4 MD4_CTX;
#define MD4_Init(C) md4_init((C))
#define MD4_Update(C, D, L) md4_update((C), (D), (L))
#define MD4_Final(D, C) md4_finito((C), (D))
typedef struct md5 MD5_CTX;
#define MD5_Init(C) md5_init((C))
#define MD5_Update(C, D, L) md5_update((C), (D), (L))
#define MD5_Final(D, C) md5_finito((C), (D))
typedef struct sha SHA_CTX;
#define SHA1_Init(C) sha_init((C))
#define SHA1_Update(C, D, L) sha_update((C), (D), (L))
#define SHA1_Final(D, C) sha_finito((C), (D))
#endif
])
m4_define([test_body], [
void *schedule = 0;
MD4_CTX md4;
MD5_CTX md5;
SHA_CTX sha1;
MD4_Init(&md4);
MD5_Init(&md5);
SHA1_Init(&sha1);
des_cbc_encrypt(0, 0, 0, schedule, 0, 0);
RC4(0, 0, 0, 0);])
AC_DEFUN([KRB_CRYPTO],[
crypto_lib=unknown
AC_WITH_ALL([openssl])
@ -14,49 +58,7 @@ DIR_des=
AC_MSG_CHECKING([for crypto library])
openssl=no
if test "$crypto_lib" = "unknown" -a "$with_openssl" != "no"; then
save_CPPFLAGS="$CPPFLAGS"
save_LIBS="$LIBS"
INCLUDE_des=
LIB_des=
if test "$with_openssl_include" != ""; then
INCLUDE_des="-I${with_openssl}/include"
fi
if test "$with_openssl_lib" != ""; then
LIB_des="-L${with_openssl}/lib"
fi
CPPFLAGS="${INCLUDE_des} ${CPPFLAGS}"
LIB_des="${LIB_des} -lcrypto"
LIB_des_a="$LIB_des"
LIB_des_so="$LIB_des"
LIB_des_appl="$LIB_des"
LIBS="${LIBS} ${LIB_des}"
AC_TRY_LINK([
#include <openssl/md4.h>
#include <openssl/md5.h>
#include <openssl/sha.h>
#include <openssl/des.h>
#include <openssl/rc4.h>
],
[
void *schedule = 0;
MD4_CTX md4;
MD5_CTX md5;
SHA_CTX sha1;
MD4_Init(&md4);
MD5_Init(&md5);
SHA1_Init(&sha1);
des_cbc_encrypt(0, 0, 0, schedule, 0, 0);
RC4(0, 0, 0, 0);
], [
crypto_lib=libcrypto openssl=yes
AC_MSG_RESULT([libcrypto])])
CPPFLAGS="$save_CPPFLAGS"
LIBS="$save_LIBS"
fi
old_hash=no
if test "$crypto_lib" = "unknown" -a "$with_krb4" != "no"; then
save_CPPFLAGS="$CPPFLAGS"
@ -72,91 +74,22 @@ if test "$crypto_lib" = "unknown" -a "$with_krb4" != "no"; then
ires=
for i in $INCLUDE_krb4; do
CFLAGS="-DHAVE_OPENSSL $i $save_CFLAGS"
AC_TRY_COMPILE(test_headers, test_body,
openssl=yes ires="$i"; break)
CFLAGS="$i $save_CFLAGS"
AC_TRY_COMPILE([
#undef KRB5 /* makes md4.h et al unhappy */
#define KRB4
#include <openssl/md4.h>
#include <openssl/md5.h>
#include <openssl/sha.h>
#include <openssl/des.h>
#include <openssl/rc4.h>
], [
MD4_CTX md4;
MD5_CTX md5;
SHA_CTX sha1;
MD4_Init(&md4);
MD5_Init(&md5);
SHA1_Init(&sha1);
des_cbc_encrypt(0, 0, 0, 0, 0, 0);
RC4(0, 0, 0, 0);],openssl=yes ires="$i"; break)
AC_TRY_COMPILE([
#undef KRB5 /* makes md4.h et al unhappy */
#define KRB4
#include <md4.h>
#include <md5.h>
#include <sha.h>
#include <des.h>
#include <rc4.h>
], [
MD4_CTX md4;
MD5_CTX md5;
SHA_CTX sha1;
MD4_Init(&md4);
MD5_Init(&md5);
SHA1_Init(&sha1);
des_cbc_encrypt(0, 0, 0, 0, 0, 0);
RC4(0, 0, 0, 0);],ires="$i"; break)
AC_TRY_COMPILE(test_headers, test_body,
openssl=no ires="$i"; break)
CFLAGS="-DOLD_HASH_NAMES $i $save_CFLAGS"
AC_TRY_COMPILE(test_headers, test_body,
openssl=no ires="$i" old_hash=yes; break)
done
lres=
for i in $cdirs; do
for j in $clibs; do
LIBS="$i $j $save_LIBS"
if test "$openssl" = yes; then
AC_TRY_LINK([
#undef KRB5 /* makes md4.h et al unhappy */
#define KRB4
#include <openssl/md4.h>
#include <openssl/md5.h>
#include <openssl/sha.h>
#include <openssl/des.h>
#include <openssl/rc4.h>
], [
MD4_CTX md4;
MD5_CTX md5;
SHA_CTX sha1;
MD4_Init(&md4);
MD5_Init(&md5);
SHA1_Init(&sha1);
des_cbc_encrypt(0, 0, 0, 0, 0, 0);
RC4(0, 0, 0, 0);],lres="$i $j"; break 2)
else
AC_TRY_LINK([
#undef KRB5 /* makes md4.h et al unhappy */
#define KRB4
#include <md4.h>
#include <md5.h>
#include <sha.h>
#include <des.h>
#include <rc4.h>
], [
MD4_CTX md4;
MD5_CTX md5;
SHA_CTX sha1;
MD4_Init(&md4);
MD5_Init(&md5);
SHA1_Init(&sha1);
des_cbc_encrypt(0, 0, 0, 0, 0, 0);
RC4(0, 0, 0, 0);],lres="$i $j"; break 2)
fi
AC_TRY_LINK(test_headers, test_body,
lres="$i $j"; break 2)
done
done
CFLAGS="$save_CFLAGS"
@ -172,6 +105,31 @@ if test "$crypto_lib" = "unknown" -a "$with_krb4" != "no"; then
fi
fi
if test "$crypto_lib" = "unknown" -a "$with_openssl" != "no"; then
save_CFLAGS="$CFLAGS"
save_LIBS="$LIBS"
INCLUDE_des=
LIB_des=
if test "$with_openssl_include" != ""; then
INCLUDE_des="-I${with_openssl}/include"
fi
if test "$with_openssl_lib" != ""; then
LIB_des="-L${with_openssl}/lib"
fi
CFLAGS="-DHAVE_OPENSSL ${INCLUDE_des} ${CFLAGS}"
LIB_des="${LIB_des} -lcrypto"
LIB_des_a="$LIB_des"
LIB_des_so="$LIB_des"
LIB_des_appl="$LIB_des"
LIBS="${LIBS} ${LIB_des}"
AC_TRY_LINK(test_headers, test_body, [
crypto_lib=libcrypto openssl=yes
AC_MSG_RESULT([libcrypto])
])
CFLAGS="$save_CFLAGS"
LIBS="$save_LIBS"
fi
if test "$crypto_lib" = "unknown"; then
DIR_des='des'
@ -184,9 +142,19 @@ if test "$crypto_lib" = "unknown"; then
fi
if test "$with_krb4" != no -a "$crypto_lib" != krb4; then
AC_MSG_ERROR([the crypto library used by krb4 lacks features
required by Kerberos 5; to continue, you need to install a newer
Kerberos 4 or configure --without-krb4])
fi
if test "$openssl" = "yes"; then
AC_DEFINE([HAVE_OPENSSL], 1, [define to use openssl's libcrypto])
fi
if test "$old_hash" = yes; then
AC_DEFINE([HAVE_OLD_HASH_NAMES], 1,
[define if you have hash functions like md4_finito()])
fi
AM_CONDITIONAL(HAVE_OPENSSL, test "$openssl" = yes)dnl
AC_SUBST(DIR_des)

View File

@ -1,4 +1,4 @@
dnl $Id: db.m4,v 1.8 2002/05/17 15:32:21 joda Exp $
dnl $Id: db.m4,v 1.9 2002/09/10 14:29:47 joda Exp $
dnl
dnl tests for various db libraries
dnl
@ -190,7 +190,15 @@ AM_CONDITIONAL(HAVE_DB1, test "$db_type" = db1)dnl
AM_CONDITIONAL(HAVE_DB3, test "$db_type" = db3)dnl
AM_CONDITIONAL(HAVE_NDBM, test "$db_type" = ndbm)dnl
DBLIB="$LDFLAGS $DBLIB"
## it's probably not correct to include LDFLAGS here, but we might
## need it, for now just add any possible -L
z=""
for i in $LDFLAGS; do
case "$i" in
-L*) z="$z $i";;
esac
done
DBLIB="$z $DBLIB"
AC_SUBST(DBLIB)dnl
AC_SUBST(LIB_NDBM)dnl
])

View File

@ -1,4 +1,4 @@
dnl $Id: roken-frag.m4,v 1.42 2002/08/26 13:26:52 assar Exp $
dnl $Id: roken-frag.m4,v 1.44 2002/09/04 20:57:30 joda Exp $
dnl
dnl some code to get roken working
dnl
@ -69,6 +69,7 @@ AC_CHECK_HEADERS([\
shadow.h \
sys/bswap.h \
sys/ioctl.h \
sys/mman.h \
sys/param.h \
sys/proc.h \
sys/resource.h \
@ -126,6 +127,24 @@ AC_FIND_FUNC(res_search, resolv,
],
[0,0,0,0,0])
AC_FIND_FUNC(res_nsearch, resolv,
[
#include <stdio.h>
#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_NETINET_IN_H
#include <netinet/in.h>
#endif
#ifdef HAVE_ARPA_NAMESER_H
#include <arpa/nameser.h>
#endif
#ifdef HAVE_RESOLV_H
#include <resolv.h>
#endif
],
[0,0,0,0,0])
AC_FIND_FUNC(dn_expand, resolv,
[
#include <stdio.h>
@ -205,6 +224,8 @@ fi
AC_REQUIRE([AC_FUNC_GETLOGIN])
AC_REQUIRE([AC_FUNC_MMAP])
AC_FIND_FUNC_NO_LIBS(getsockopt,,
[#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>

View File

@ -1,4 +1,4 @@
dnl $Id: test-package.m4,v 1.11 2002/08/28 19:30:48 joda Exp $
dnl $Id: test-package.m4,v 1.12 2002/09/10 15:23:38 joda Exp $
dnl
dnl rk_TEST_PACKAGE(package,headers,libraries,extra libs,
dnl default locations, conditional, config-program)
@ -101,7 +101,7 @@ if test "$with_$1" != no; then
done
if test "$ires" -a "$lres" -a "$with_$1" != "no"; then
INCLUDE_$1="-I$ires"
LIB_$1="-L$lres $3"
LIB_$1="-L$lres $3 $4"
found=yes
AC_MSG_RESULT([headers $ires, libraries $lres])
fi

6074
crypto/heimdal/configure vendored

File diff suppressed because it is too large Load Diff

View File

@ -1,8 +1,9 @@
dnl Process this file with autoconf to produce a configure script.
AC_REVISION($Revision: 1.320 $)
AC_REVISION($Revision: 1.325 $)
AC_PREREQ(2.53)
#test -z "$CFLAGS" && CFLAGS="-g"
AC_INIT(Heimdal, 0.4f, heimdal-bugs@pdc.kth.se)
AC_CONFIG_SRCDIR([kuser/kinit.c])
AM_CONFIG_HEADER(include/config.h)
dnl Checks for programs.
@ -21,6 +22,8 @@ AC_CANONICAL_HOST
CANONICAL_HOST=$host
AC_SUBST(CANONICAL_HOST)
AC_SYS_LARGEFILE
dnl
dnl this is needed to run the configure tests against glibc
dnl
@ -48,22 +51,11 @@ AC_PROG_LIBTOOL
AC_WFLAGS(-Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs)
rk_DB
dnl AC_ROKEN(10,[/usr/heimdal /usr/athena],[lib/roken],[$(top_builddir)/lib/roken/libroken.la],[-I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken])
rk_ROKEN(lib/roken)
LIB_roken="\$(top_builddir)/lib/vers/libvers.la $LIB_roken"
rk_TEST_PACKAGE(openldap,
[#include <lber.h>
#include <ldap.h>],
[-lldap -llber],,,OPENLDAP)
if test "$openldap_libdir"; then
LIB_openldap="-R $openldap_libdir $LIB_openldap"
fi
rk_TEST_PACKAGE(krb4,[#include <krb.h>],-lkrb,-ldes,/usr/athena, KRB4, krb4-config)
LIB_kdb=
@ -156,10 +148,6 @@ if test "$with_krb4" != "no"; then
LIBS="$save_LIBS"
CFLAGS="$save_CFLAGS"
LIB_kdb="-lkdb -lkrb"
if test "$krb4_libdir"; then
LIB_krb4="-R $krb4_libdir $LIB_krb4"
LIB_kdb="-R $krb4_libdir -L$krb4_libdir $LIB_kdb"
fi
fi
AM_CONDITIONAL(KRB4, test "$with_krb4" != "no")
AM_CONDITIONAL(KRB5, true)
@ -168,6 +156,8 @@ AM_CONDITIONAL(do_roken_rename, true)
AC_DEFINE(KRB5, 1, [Enable Kerberos 5 support in applications.])dnl
AC_SUBST(LIB_kdb)dnl
KRB_CRYPTO
AC_ARG_ENABLE(dce,
AC_HELP_STRING([--enable-dce],[if you want support for DCE/DFS PAG's]))
if test "$enable_dce" = yes; then
@ -189,10 +179,23 @@ AC_SUBST(dpagaix_cflags)
AC_SUBST(dpagaix_ldadd)
AC_SUBST(dpagaix_ldflags)
rk_DB
dnl AC_ROKEN(10,[/usr/heimdal /usr/athena],[lib/roken],[$(top_builddir)/lib/roken/libroken.la],[-I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken])
rk_ROKEN(lib/roken)
LIB_roken="\$(top_builddir)/lib/vers/libvers.la $LIB_roken"
rk_OTP
AC_CHECK_OSFC2
AC_ARG_ENABLE(mmap,
AC_HELP_STRING([--disable-mmap],[disable use of mmap]))
if test "$enable_mmap" = "no"; then
AC_DEFINE(NO_MMAP, 1, [Define if you don't want to use mmap.])
fi
rk_CHECK_MAN
rk_TEST_PACKAGE(readline,
@ -241,6 +244,7 @@ AC_CHECK_HEADERS([\
libutil.h \
limits.h \
maillock.h \
netgroup.h \
netinet/in6_machtypes.h \
netinfo/ni.h \
pthread.h \
@ -256,6 +260,7 @@ AC_CHECK_HEADERS([\
sys/file.h \
sys/filio.h \
sys/ioccom.h \
sys/mman.h \
sys/pty.h \
sys/ptyio.h \
sys/ptyvar.h \
@ -327,6 +332,8 @@ AC_CHECK_FUNCS([ \
yp_get_default_domain \
])
AC_FUNC_MMAP
KRB_CAPABILITIES
AC_CHECK_GETPWNAM_R_POSIX
@ -369,8 +376,6 @@ AC_CHECK_TYPES([int8_t, int16_t, int32_t, int64_t,
#endif
])
KRB_CRYPTO
KRB_READLINE
rk_TELNET
@ -378,7 +383,7 @@ rk_TELNET
dnl Some operating systems already have com_err and compile_et
CHECK_COMPILE_ET
AC_AUTH_MODULES
rk_AUTH_MODULES([sia afskauthlib])
rk_DESTDIRS

View File

@ -1,4 +1,4 @@
@c $Id: ack.texi,v 1.14 2001/02/24 05:09:23 assar Exp $
@c $Id: ack.texi,v 1.15 2002/09/04 01:03:35 assar Exp $
@node Acknowledgments, , Migration, Top
@comment node-name, next, previous, up
@ -19,6 +19,9 @@ of NetBSD/FreeBSD.
@code{editline} was written by Simmule Turner and Rich Salz.
The @code{getifaddrs} implementation for Linux was written by Hideaki
YOSHIFUJI for the Usagi project.
Bugfixes, documentation, encouragement, and code has been contributed by:
@table @asis
@item Derrick J Brashear

View File

@ -1,4 +1,4 @@
@c $Id: install.texi,v 1.17 2001/07/02 18:06:02 joda Exp $
@c $Id: install.texi,v 1.18 2002/09/04 03:18:48 assar Exp $
@node Building and Installing, Setting up a realm, What is Kerberos?, Top
@comment node-name, next, previous, up
@ -98,4 +98,9 @@ On Irix there are three different ABIs that can be used (@samp{32},
@samp{n32}, or @samp{64}). This option allows you to override the
automatic selection.
@item @kbd{--disable-mmap}
Do not use the mmap system call. Normally, configure detects if there
is a working mmap and it is only used if there is one. Only try this
option if it fails to work anyhow.
@end table

View File

@ -1,25 +1,30 @@
# $Id: Makefile.am,v 1.32 2002/05/24 15:36:21 joda Exp $
# $Id: Makefile.am,v 1.33 2002/09/10 19:59:25 joda Exp $
include $(top_srcdir)/Makefile.am.common
SUBDIRS = kadm5
noinst_PROGRAMS = bits
noinst_PROGRAMS = bits make_crypto
CHECK_LOCAL =
INCLUDES += -DHOST=\"$(CANONICAL_HOST)\"
include_HEADERS = krb5-types.h
noinst_HEADERS = crypto-headers.h
krb5-types.h: bits$(EXEEXT)
./bits$(EXEEXT) krb5-types.h
crypto-headers.h: make_crypto$(EXEEXT)
./make_crypto$(EXEEXT) crypto-headers.h
CLEANFILES = \
asn1.h \
asn1_err.h \
base64.h \
com_err.h \
com_right.h \
crypto-headers.h\
der.h \
des.h \
editline.h \

View File

@ -14,7 +14,7 @@
@SET_MAKE@
# $Id: Makefile.am,v 1.32 2002/05/24 15:36:21 joda Exp $
# $Id: Makefile.am,v 1.33 2002/09/10 19:59:25 joda Exp $
# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
@ -204,10 +204,11 @@ NROFF_MAN = groff -mandoc -Tascii
SUBDIRS = kadm5
noinst_PROGRAMS = bits
noinst_PROGRAMS = bits make_crypto
CHECK_LOCAL =
include_HEADERS = krb5-types.h
noinst_HEADERS = crypto-headers.h
CLEANFILES = \
asn1.h \
@ -215,6 +216,7 @@ CLEANFILES = \
base64.h \
com_err.h \
com_right.h \
crypto-headers.h\
der.h \
des.h \
editline.h \
@ -249,7 +251,7 @@ subdir = include
mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
CONFIG_HEADER = config.h
CONFIG_CLEAN_FILES =
noinst_PROGRAMS = bits$(EXEEXT)
noinst_PROGRAMS = bits$(EXEEXT) make_crypto$(EXEEXT)
PROGRAMS = $(noinst_PROGRAMS)
bits_SOURCES = bits.c
@ -257,6 +259,11 @@ bits_OBJECTS = bits.$(OBJEXT)
bits_LDADD = $(LDADD)
bits_DEPENDENCIES =
bits_LDFLAGS =
make_crypto_SOURCES = make_crypto.c
make_crypto_OBJECTS = make_crypto.$(OBJEXT)
make_crypto_LDADD = $(LDADD)
make_crypto_DEPENDENCIES =
make_crypto_LDFLAGS =
DEFS = @DEFS@
DEFAULT_INCLUDES = -I. -I$(srcdir) -I.
@ -273,17 +280,18 @@ CCLD = $(CC)
LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(AM_LDFLAGS) $(LDFLAGS) -o $@
CFLAGS = @CFLAGS@
DIST_SOURCES = bits.c
HEADERS = $(include_HEADERS)
DIST_SOURCES = bits.c make_crypto.c
HEADERS = $(include_HEADERS) $(noinst_HEADERS)
RECURSIVE_TARGETS = info-recursive dvi-recursive install-info-recursive \
uninstall-info-recursive all-recursive install-data-recursive \
install-exec-recursive installdirs-recursive install-recursive \
uninstall-recursive check-recursive installcheck-recursive
DIST_COMMON = $(include_HEADERS) Makefile.am Makefile.in config.h.in
DIST_COMMON = $(include_HEADERS) $(noinst_HEADERS) Makefile.am \
Makefile.in
DIST_SUBDIRS = $(SUBDIRS)
SOURCES = bits.c
SOURCES = bits.c make_crypto.c
all: config.h
$(MAKE) $(AM_MAKEFLAGS) all-recursive
@ -322,6 +330,9 @@ clean-noinstPROGRAMS:
bits$(EXEEXT): $(bits_OBJECTS) $(bits_DEPENDENCIES)
@rm -f bits$(EXEEXT)
$(LINK) $(bits_LDFLAGS) $(bits_OBJECTS) $(bits_LDADD) $(LIBS)
make_crypto$(EXEEXT): $(make_crypto_OBJECTS) $(make_crypto_DEPENDENCIES)
@rm -f make_crypto$(EXEEXT)
$(LINK) $(make_crypto_LDFLAGS) $(make_crypto_OBJECTS) $(make_crypto_LDADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT) core *.core
@ -731,6 +742,9 @@ install-data-local: install-cat-mans
krb5-types.h: bits$(EXEEXT)
./bits$(EXEEXT) krb5-types.h
crypto-headers.h: make_crypto$(EXEEXT)
./make_crypto$(EXEEXT) crypto-headers.h
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:

View File

@ -285,6 +285,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* Define if you have the function `getopt'. */
#undef HAVE_GETOPT
/* Define to 1 if you have the `getpagesize' function. */
#undef HAVE_GETPAGESIZE
/* Define to 1 if you have the `getprogname' function. */
#undef HAVE_GETPROGNAME
@ -448,6 +451,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* Define to 1 if you have the `mktime' function. */
#undef HAVE_MKTIME
/* Define to 1 if you have a working `mmap' system call. */
#undef HAVE_MMAP
/* define if you have a ndbm library */
#undef HAVE_NDBM
@ -457,6 +463,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* Define to 1 if you have the <netdb.h> header file. */
#undef HAVE_NETDB_H
/* Define to 1 if you have the <netgroup.h> header file. */
#undef HAVE_NETGROUP_H
/* Define to 1 if you have the <netinet6/in6.h> header file. */
#undef HAVE_NETINET6_IN6_H
@ -493,6 +502,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* Define if NDBM really is DB (creates files *.db) */
#undef HAVE_NEW_DB
/* define if you have hash functions like md4_finito() */
#undef HAVE_OLD_HASH_NAMES
/* Define to 1 if you have the `on_exit' function. */
#undef HAVE_ON_EXIT
@ -559,6 +571,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* Define to 1 if you have the <resolv.h> header file. */
#undef HAVE_RESOLV_H
/* Define to 1 if you have the `res_nsearch' function. */
#undef HAVE_RES_NSEARCH
/* Define to 1 if you have the `res_search' function. */
#undef HAVE_RES_SEARCH
@ -844,6 +859,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* Define to 1 if you have the <sys/ioctl.h> header file. */
#undef HAVE_SYS_IOCTL_H
/* Define to 1 if you have the <sys/mman.h> header file. */
#undef HAVE_SYS_MMAN_H
/* Define to 1 if you have the <sys/param.h> header file. */
#undef HAVE_SYS_PARAM_H
@ -1210,6 +1228,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* define if the system is missing a prototype for vsnprintf() */
#undef NEED_VSNPRINTF_PROTO
/* Define if you don't want to use mmap. */
#undef NO_MMAP
/* Define this to enable old environment option in telnet. */
#undef OLD_ENVIRON
@ -1290,9 +1311,15 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
`char[]'. */
#undef YYTEXT_POINTER
/* Number of bits in a file offset, on hosts where this is settable. */
#undef _FILE_OFFSET_BITS
/* Define to enable extensions on glibc-based systems such as Linux. */
#undef _GNU_SOURCE
/* Define for large files, on AIX-style hosts. */
#undef _LARGE_FILES
/* Define to empty if `const' does not conform to ANSI C. */
#undef const
@ -1321,6 +1348,13 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* Define to `int' if <sys/types.h> doesn't define. */
#undef uid_t
#if defined(HAVE_FOUR_VALUED_KRB_PUT_INT) || !defined(KRB4)
#define KRB_PUT_INT(F, T, L, S) krb_put_int((F), (T), (L), (S))
#else
#define KRB_PUT_INT(F, T, L, S) krb_put_int((F), (T), (S))
#endif
#if defined(ENCRYPTION) && !defined(AUTHENTICATION)
#define AUTHENTICATION 1
@ -1345,6 +1379,14 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
#include "roken_rename.h"
#endif
#ifndef HAVE_KRB_KDCTIMEOFDAY
#define krb_kdctimeofday(X) gettimeofday((X), NULL)
#endif
#ifndef HAVE_KRB_GET_KDC_TIME_DIFF
#define krb_get_kdc_time_diff() (0)
#endif
#ifdef VOID_RETSIGTYPE
#define SIGRETURN(x) return
#else
@ -1356,21 +1398,6 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
#define isoc_realloc(X, Y) ((X) ? realloc((X), (Y)) : malloc(Y))
#endif
#if defined(HAVE_FOUR_VALUED_KRB_PUT_INT) || !defined(KRB4)
#define KRB_PUT_INT(F, T, L, S) krb_put_int((F), (T), (L), (S))
#else
#define KRB_PUT_INT(F, T, L, S) krb_put_int((F), (T), (S))
#endif
#ifndef HAVE_KRB_KDCTIMEOFDAY
#define krb_kdctimeofday(X) gettimeofday((X), NULL)
#endif
#ifndef HAVE_KRB_GET_KDC_TIME_DIFF
#define krb_get_kdc_time_diff() (0)
#endif
#if ENDIANESS_IN_SYS_PARAM_H
# include <sys/types.h>

View File

@ -0,0 +1,95 @@
/*
* Copyright (c) 2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
RCSID("$Id");
#endif
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <ctype.h>
int
main(int argc, char **argv)
{
char *p;
FILE *f;
if(argc != 2) {
fprintf(stderr, "Usage: make_crypto file\n");
exit(1);
}
f = fopen(argv[1], "w");
if(f == NULL) {
perror(argv[1]);
exit(1);
}
for(p = argv[1]; *p; p++)
if(!isalnum((int)*p))
*p = '_';
fprintf(f, "#ifndef __%s__\n", argv[1]);
fprintf(f, "#define __%s__\n", argv[1]);
#ifdef HAVE_OPENSSL
fputs("#include <openssl/des.h>\n", f);
fputs("#include <openssl/rc4.h>\n", f);
fputs("#include <openssl/md4.h>\n", f);
fputs("#include <openssl/md5.h>\n", f);
fputs("#include <openssl/sha.h>\n", f);
#else
fputs("#include <des.h>\n", f);
fputs("#include <md4.h>\n", f);
fputs("#include <md5.h>\n", f);
fputs("#include <sha.h>\n", f);
fputs("#include <rc4.h>\n", f);
#ifdef HAVE_OLD_HASH_NAMES
fputs("\n", f);
fputs(" typedef struct md4 MD4_CTX;\n", f);
fputs("#define MD4_Init md4_init\n", f);
fputs("#define MD4_Update md4_update\n", f);
fputs("#define MD4_Final(D, C) md4_finito((C), (D))\n", f);
fputs("\n", f);
fputs(" typedef struct md5 MD5_CTX;\n", f);
fputs("#define MD5_Init md5_init\n", f);
fputs("#define MD5_Update md5_update\n", f);
fputs("#define MD5_Final(D, C) md5_finito((C), (D))\n", f);
fputs("\n", f);
fputs(" typedef struct sha SHA_CTX;\n", f);
fputs("#define SHA1_Init sha_init\n", f);
fputs("#define SHA1_Update sha_update\n", f);
fputs("#define SHA1_Final(D, C) sha_finito((C), (D))\n", f);
#endif
#endif
fprintf(f, "#endif /* __%s__ */\n", argv[1]);
fclose(f);
exit(0);
}

View File

@ -1,3 +1,21 @@
2002-09-10 Johan Danielsson <joda@pdc.kth.se>
* server.c: constify match_appl_version()
* version4.c: change some lingering krb_err_base
2002-09-09 Jacques Vidrine <nectar@kth.se>
* server.c (kadmind_dispatch): while decoding arguments for
kadm_chpass_with_key, sanity check the number of keys given.
Potential problem pointed out by
Sebastian Krahmer <krahmer@suse.de>.
2002-09-04 Johan Danielsson <joda@pdc.kth.se>
* load.c (parse_generation): return if there is no generation
(spotted by Daniel Kouril)
2002-06-07 Jacques Vidrine <n@nectar.com>
* ank.c: do not attempt to free uninitialized pointer when

View File

@ -32,7 +32,7 @@
*/
/*
* $Id: kadmin_locl.h,v 1.40 2001/08/22 20:30:24 assar Exp $
* $Id: kadmin_locl.h,v 1.41 2002/09/10 20:04:45 joda Exp $
*/
#ifndef __ADMIN_LOCL_H__
@ -86,11 +86,6 @@
#endif
#include <err.h>
#include <roken.h>
#ifdef HAVE_OPENSSL
#include <openssl/des.h>
#else
#include <des.h>
#endif
#include <krb5.h>
#include <krb5_locl.h>
#include <hdb.h>

View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997-2001 Kungliga Tekniska Högskolan
* Copyright (c) 1997-2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -34,7 +34,7 @@
#include "kadmin_locl.h"
#include <kadm5/private.h>
RCSID("$Id: load.c,v 1.43 2001/08/10 13:52:22 joda Exp $");
RCSID("$Id: load.c,v 1.44 2002/09/04 20:44:35 joda Exp $");
struct entry {
char *principal;
@ -288,8 +288,10 @@ parse_generation(char *str, GENERATION **gen)
char *p;
int v;
if(strcmp(str, "-") == 0 || *str == '\0')
if(strcmp(str, "-") == 0 || *str == '\0') {
*gen = NULL;
return 0;
}
*gen = calloc(1, sizeof(**gen));
p = strsep(&str, ":");

View File

@ -34,7 +34,7 @@
#include "kadmin_locl.h"
#include <krb5-private.h>
RCSID("$Id: server.c,v 1.34 2002/05/24 15:23:42 joda Exp $");
RCSID("$Id: server.c,v 1.36 2002/09/10 19:23:28 joda Exp $");
static kadm5_ret_t
kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
@ -255,6 +255,13 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
krb5_free_principal(context->context, princ);
goto fail;
}
/* n_key_data will be squeezed into an int16_t below. */
if (n_key_data < 0 || n_key_data >= 1 << 16 ||
n_key_data > UINT_MAX/sizeof(*key_data)) {
ret = ERANGE;
krb5_free_principal(context->context, princ);
goto fail;
}
key_data = malloc (n_key_data * sizeof(*key_data));
if (key_data == NULL) {
@ -440,7 +447,7 @@ v5_loop (krb5_context context,
}
static krb5_boolean
match_appl_version(void *data, const char *appl_version)
match_appl_version(const void *data, const char *appl_version)
{
unsigned minor;
if(sscanf(appl_version, "KADM0.%u", &minor) != 1)

View File

@ -41,7 +41,7 @@
#include <krb_err.h>
#include <kadm_err.h>
RCSID("$Id: version4.c,v 1.25 2002/05/24 15:23:43 joda Exp $");
RCSID("$Id: version4.c,v 1.26 2002/09/10 15:20:46 joda Exp $");
#define KADM_NO_OPCODE -1
#define KADM_NO_ENCRYPT -2
@ -868,7 +868,7 @@ decode_packet(krb5_context context,
client_addr->sin_addr.s_addr, &ad, NULL);
if(ret) {
make_you_loose_packet(krb_err_base + ret, reply);
make_you_loose_packet(ERROR_TABLE_BASE_krb + ret, reply);
krb5_warnx(context, "krb_rd_req: %d", ret);
return;
}
@ -905,7 +905,7 @@ decode_packet(krb5_context context,
ret = krb_rd_priv(msg + off, rlen, schedule, &ad.session,
client_addr, admin_addr, &msg_dat);
if (ret) {
make_you_loose_packet (krb_err_base + ret, reply);
make_you_loose_packet (ERROR_TABLE_BASE_krb + ret, reply);
krb5_warnx(context, "krb_rd_priv: %d", ret);
goto out;
}

View File

@ -32,7 +32,7 @@
*/
/*
* $Id: headers.h,v 1.13 2001/08/22 20:30:25 assar Exp $
* $Id: headers.h,v 1.15 2002/09/10 20:04:46 joda Exp $
*/
#ifndef __HEADERS_H__
@ -41,6 +41,7 @@
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@ -85,11 +86,6 @@
#include <getarg.h>
#include <base64.h>
#include <parse_units.h>
#ifdef HAVE_OPENSSL
#include <openssl/des.h>
#else
#include <des.h>
#endif
#include <krb5.h>
#include <krb5_locl.h>
#include <hdb.h>

View File

@ -33,7 +33,7 @@
#include "hprop.h"
RCSID("$Id: hprop.c,v 1.69 2002/04/18 10:18:35 joda Exp $");
RCSID("$Id: hprop.c,v 1.70 2002/09/04 18:19:41 joda Exp $");
static int version_flag;
static int help_flag;
@ -691,7 +691,7 @@ propagate_database (krb5_context context, int type,
HPROP_VERSION,
NULL,
server,
AP_OPTS_MUTUAL_REQUIRED,
AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SUBKEY,
NULL, /* in_data */
NULL, /* in_creds */
ccache,

View File

@ -33,7 +33,7 @@
#include "kdc_locl.h"
RCSID("$Id: kaserver.c,v 1.19 2002/04/18 16:07:39 joda Exp $");
RCSID("$Id: kaserver.c,v 1.20 2002/09/09 14:03:02 nectar Exp $");
#include <rx.h>
@ -186,6 +186,8 @@ krb5_ret_xdr_data(krb5_storage *sp,
ret = krb5_ret_int32(sp, &size);
if(ret)
return ret;
if(size < 0)
return ERANGE;
data->length = size;
if (size) {
u_char foo[4];

View File

@ -33,7 +33,7 @@
#include "kdc_locl.h"
RCSID("$Id: kerberos5.c,v 1.140 2002/07/31 09:42:43 joda Exp $");
RCSID("$Id: kerberos5.c,v 1.143 2002/09/09 14:03:02 nectar Exp $");
#define MAX_TIME ((time_t)((1U << 31) - 1))
@ -156,51 +156,69 @@ encode_reply(KDC_REP *rep, EncTicketPart *et, EncKDCRepPart *ek,
krb5_enctype etype,
int skvno, EncryptionKey *skey,
int ckvno, EncryptionKey *ckey,
const char **e_text,
krb5_data *reply)
{
unsigned char buf[8192]; /* XXX The data could be indefinite */
unsigned char *buf;
size_t buf_size;
size_t len;
krb5_error_code ret;
krb5_crypto crypto;
ret = encode_EncTicketPart(buf + sizeof(buf) - 1, sizeof(buf), et, &len);
ASN1_MALLOC_ENCODE(EncTicketPart, buf, buf_size, et, &len, ret);
if(ret) {
kdc_log(0, "Failed to encode ticket: %s",
krb5_get_err_text(context, ret));
return ret;
}
if(buf_size != len) {
free(buf);
kdc_log(0, "Internal error in ASN.1 encoder");
*e_text = "KDC internal error";
return KRB5KRB_ERR_GENERIC;
}
ret = krb5_crypto_init(context, skey, etype, &crypto);
if (ret) {
free(buf);
kdc_log(0, "krb5_crypto_init failed: %s",
krb5_get_err_text(context, ret));
return ret;
}
krb5_encrypt_EncryptedData(context,
crypto,
KRB5_KU_TICKET,
buf + sizeof(buf) - len,
len,
skvno,
&rep->ticket.enc_part);
ret = krb5_encrypt_EncryptedData(context,
crypto,
KRB5_KU_TICKET,
buf,
len,
skvno,
&rep->ticket.enc_part);
free(buf);
krb5_crypto_destroy(context, crypto);
if(ret) {
kdc_log(0, "Failed to encrypt data: %s",
krb5_get_err_text(context, ret));
return ret;
}
if(rep->msg_type == krb_as_rep && !encode_as_rep_as_tgs_rep)
ret = encode_EncASRepPart(buf + sizeof(buf) - 1, sizeof(buf),
ek, &len);
ASN1_MALLOC_ENCODE(EncASRepPart, buf, buf_size, ek, &len, ret);
else
ret = encode_EncTGSRepPart(buf + sizeof(buf) - 1, sizeof(buf),
ek, &len);
ASN1_MALLOC_ENCODE(EncTGSRepPart, buf, buf_size, ek, &len, ret);
if(ret) {
kdc_log(0, "Failed to encode KDC-REP: %s",
krb5_get_err_text(context, ret));
return ret;
}
if(buf_size != len) {
free(buf);
kdc_log(0, "Internal error in ASN.1 encoder");
*e_text = "KDC internal error";
return KRB5KRB_ERR_GENERIC;
}
ret = krb5_crypto_init(context, ckey, 0, &crypto);
if (ret) {
free(buf);
kdc_log(0, "krb5_crypto_init failed: %s",
krb5_get_err_text(context, ret));
return ret;
@ -209,20 +227,22 @@ encode_reply(KDC_REP *rep, EncTicketPart *et, EncKDCRepPart *ek,
krb5_encrypt_EncryptedData(context,
crypto,
KRB5_KU_AS_REP_ENC_PART,
buf + sizeof(buf) - len,
buf,
len,
ckvno,
&rep->enc_part);
ret = encode_AS_REP(buf + sizeof(buf) - 1, sizeof(buf), rep, &len);
free(buf);
ASN1_MALLOC_ENCODE(AS_REP, buf, buf_size, rep, &len, ret);
} else {
krb5_encrypt_EncryptedData(context,
crypto,
KRB5_KU_TGS_REP_ENC_PART_SESSION,
buf + sizeof(buf) - len,
buf,
len,
ckvno,
&rep->enc_part);
ret = encode_TGS_REP(buf + sizeof(buf) - 1, sizeof(buf), rep, &len);
free(buf);
ASN1_MALLOC_ENCODE(TGS_REP, buf, buf_size, rep, &len, ret);
}
krb5_crypto_destroy(context, crypto);
if(ret) {
@ -230,7 +250,14 @@ encode_reply(KDC_REP *rep, EncTicketPart *et, EncKDCRepPart *ek,
krb5_get_err_text(context, ret));
return ret;
}
krb5_data_copy(reply, buf + sizeof(buf) - len, len);
if(buf_size != len) {
free(buf);
kdc_log(0, "Internal error in ASN.1 encoder");
*e_text = "KDC internal error";
return KRB5KRB_ERR_GENERIC;
}
reply->data = buf;
reply->length = buf_size;
return 0;
}
@ -297,6 +324,8 @@ get_pa_etype_info(METHOD_DATA *md, hdb_entry *client,
pa.len = client->keys.len;
if(pa.len > UINT_MAX/sizeof(*pa.val))
return ERANGE;
pa.val = malloc(pa.len * sizeof(*pa.val));
if(pa.val == NULL)
return ENOMEM;
@ -333,18 +362,10 @@ get_pa_etype_info(METHOD_DATA *md, hdb_entry *client,
pa.len = n;
}
len = length_ETYPE_INFO(&pa);
buf = malloc(len);
if (buf == NULL) {
free_ETYPE_INFO(&pa);
return ENOMEM;
}
ret = encode_ETYPE_INFO(buf + len - 1, len, &pa, &len);
ASN1_MALLOC_ENCODE(ETYPE_INFO, buf, len, &pa, &len, ret);
free_ETYPE_INFO(&pa);
if(ret) {
free(buf);
if(ret)
return ret;
}
ret = realloc_method_data(md);
if(ret) {
free(buf);
@ -657,15 +678,10 @@ as_rep(KDC_REQ *req,
ret = get_pa_etype_info(&method_data, client,
b->etype.val, b->etype.len); /* XXX check ret */
len = length_METHOD_DATA(&method_data);
buf = malloc(len);
encode_METHOD_DATA(buf + len - 1,
len,
&method_data,
&len);
ASN1_MALLOC_ENCODE(METHOD_DATA, buf, len, &method_data, &len, ret);
free_METHOD_DATA(&method_data);
foo_data.length = len;
foo_data.data = buf;
foo_data.length = len;
ret = KRB5KDC_ERR_PREAUTH_REQUIRED;
krb5_mk_error(context,
@ -895,7 +911,7 @@ as_rep(KDC_REQ *req,
set_salt_padata (&rep.padata, ckey->salt);
ret = encode_reply(&rep, &et, &ek, setype, server->kvno, &skey->key,
client->kvno, &ckey->key, reply);
client->kvno, &ckey->key, &e_text, reply);
free_EncTicketPart(&et);
free_EncKDCRepPart(&ek);
free_AS_REP(&rep);
@ -1065,6 +1081,10 @@ fix_transited_encoding(TransitedEncoding *tr,
return ret;
}
}
if (num_realms < 0 || num_realms + 1 > UINT_MAX/sizeof(*realms)) {
ret = ERANGE;
goto free_realms;
}
tmp = realloc(realms, (num_realms + 1) * sizeof(*realms));
if(tmp == NULL){
ret = ENOMEM;
@ -1101,6 +1121,7 @@ tgs_make_reply(KDC_REQ_BODY *b,
krb5_principal client_principal,
hdb_entry *krbtgt,
krb5_enctype cetype,
const char **e_text,
krb5_data *reply)
{
KDC_REP rep;
@ -1256,7 +1277,7 @@ tgs_make_reply(KDC_REQ_BODY *b,
etype list, even if we don't want a session key with
DES3? */
ret = encode_reply(&rep, &et, &ek, etype, adtkt ? 0 : server->kvno, ekey,
0, &tgt->key, reply);
0, &tgt->key, e_text, reply);
out:
free_TGS_REP(&rep);
free_TransitedEncoding(&et.transited);
@ -1273,11 +1294,13 @@ out:
static krb5_error_code
tgs_check_authenticator(krb5_auth_context ac,
KDC_REQ_BODY *b,
const char **e_text,
krb5_keyblock *key)
{
krb5_authenticator auth;
size_t len;
unsigned char buf[8192];
unsigned char *buf;
size_t buf_size;
krb5_error_code ret;
krb5_crypto crypto;
@ -1304,15 +1327,22 @@ tgs_check_authenticator(krb5_auth_context ac,
}
/* XXX should not re-encode this */
ret = encode_KDC_REQ_BODY(buf + sizeof(buf) - 1, sizeof(buf),
b, &len);
ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, buf_size, b, &len, ret);
if(ret){
kdc_log(0, "Failed to encode KDC-REQ-BODY: %s",
krb5_get_err_text(context, ret));
goto out;
}
if(buf_size != len) {
free(buf);
kdc_log(0, "Internal error in ASN.1 encoder");
*e_text = "KDC internal error";
ret = KRB5KRB_ERR_GENERIC;
goto out;
}
ret = krb5_crypto_init(context, key, 0, &crypto);
if (ret) {
free(buf);
kdc_log(0, "krb5_crypto_init failed: %s",
krb5_get_err_text(context, ret));
goto out;
@ -1320,9 +1350,10 @@ tgs_check_authenticator(krb5_auth_context ac,
ret = krb5_verify_checksum(context,
crypto,
KRB5_KU_TGS_REQ_AUTH_CKSUM,
buf + sizeof(buf) - len,
buf,
len,
auth->cksum);
free(buf);
krb5_crypto_destroy(context, crypto);
if(ret){
kdc_log(0, "Failed to verify checksum: %s",
@ -1506,7 +1537,7 @@ tgs_rep2(KDC_REQ_BODY *b,
tgt = &ticket->ticket;
ret = tgs_check_authenticator(ac, b, &tgt->key);
ret = tgs_check_authenticator(ac, b, &e_text, &tgt->key);
if (b->enc_authorization_data) {
krb5_keyblock *subkey;
@ -1723,6 +1754,7 @@ tgs_rep2(KDC_REQ_BODY *b,
cp,
krbtgt,
cetype,
&e_text,
reply);
out:

View File

@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
/* $Id: kpasswd_locl.h,v 1.12 2001/08/22 20:30:26 assar Exp $ */
/* $Id: kpasswd_locl.h,v 1.13 2002/09/10 20:03:48 joda Exp $ */
#ifndef __KPASSWD_LOCL_H__
#define __KPASSWD_LOCL_H__
@ -98,11 +98,7 @@
#include <err.h>
#include <roken.h>
#include <getarg.h>
#ifdef HAVE_OPENSSL
#include <openssl/des.h>
#else
#include <des.h>
#endif
#include <krb5.h>
#include "crypto-headers.h" /* for des_read_pw_string */
#endif /* __KPASSWD_LOCL_H__ */

View File

@ -1,4 +1,4 @@
.\" $Id: kinit.1,v 1.20 2002/08/28 16:09:36 joda Exp $
.\" $Id: kinit.1,v 1.21 2002/09/13 14:50:27 joda Exp $
.\"
.Dd May 29, 1998
.Dt KINIT 1
@ -91,7 +91,7 @@ Get ticket that can be forwarded to another host.
Don't ask for a password, but instead get the key from the specified
keytab.
.It Xo
.Fl l Ar time Ns ,
.Fl l Ar time ,
.Fl -lifetime= Ns Ar time
.Xc
Specifies the lifetime of the ticket. The argument can either be in

View File

@ -32,7 +32,7 @@
*/
#include "kuser_locl.h"
RCSID("$Id: kinit.c,v 1.89 2002/08/21 12:21:31 joda Exp $");
RCSID("$Id: kinit.c,v 1.90 2002/09/09 22:17:53 joda Exp $");
int forwardable_flag = -1;
int proxiable_flag = -1;
@ -290,9 +290,11 @@ do_524init(krb5_context context, krb5_ccache ccache,
krb5_cc_get_principal(context, ccache, &client);
memset(&in_creds, 0, sizeof(in_creds));
ret = get_server(context, client, server, &in_creds.server);
krb5_free_principal(context, client);
if(ret)
return ret;
ret = krb5_get_credentials(context, 0, ccache, &in_creds, &real_creds);
krb5_free_principal(context, in_creds.server);
if(ret)
return ret;
}

View File

@ -33,7 +33,7 @@
#include "der_locl.h"
RCSID("$Id: der_get.c,v 1.32 2002/08/22 19:11:07 assar Exp $");
RCSID("$Id: der_get.c,v 1.33 2002/09/03 16:21:49 nectar Exp $");
#include <version.h>
@ -252,6 +252,8 @@ decode_integer (const unsigned char *p, size_t len,
p += l;
len -= l;
ret += l;
if (reallen > len)
return ASN1_OVERRUN;
e = der_get_int (p, reallen, num, &l);
if (e) return e;
p += l;
@ -279,6 +281,8 @@ decode_unsigned (const unsigned char *p, size_t len,
p += l;
len -= l;
ret += l;
if (reallen > len)
return ASN1_OVERRUN;
e = der_get_unsigned (p, reallen, num, &l);
if (e) return e;
p += l;

View File

@ -33,7 +33,7 @@
#include "gen_locl.h"
RCSID("$Id: gen.c,v 1.48 2002/08/26 13:27:20 assar Exp $");
RCSID("$Id: gen.c,v 1.49 2002/09/04 15:06:18 joda Exp $");
FILE *headerfile, *codefile, *logfile;
@ -102,20 +102,29 @@ init_generate (const char *filename, const char *base)
" void *data;\n"
"} octet_string;\n\n");
fprintf (headerfile,
#if 0
"typedef struct general_string {\n"
" size_t length;\n"
" char *data;\n"
"} general_string;\n\n"
#else
"typedef char *general_string;\n\n"
#endif
);
fprintf (headerfile,
"typedef struct oid {\n"
" size_t length;\n"
" unsigned *components;\n"
"} oid;\n\n");
fputs("#define ASN1_MALLOC_ENCODE(T, B, BL, S, L, R) \\\n"
" do { \\\n"
" (BL) = length_##T((S)); \\\n"
" (B) = malloc((BL)); \\\n"
" if((B) == NULL) { \\\n"
" (R) = ENOMEM; \\\n"
" } else { \\\n"
" (R) = encode_##T(((unsigned char*)(B)) + (BL) - 1, (BL), \\\n"
" (S), (L)); \\\n"
" if((R) != 0) { \\\n"
" free((B)); \\\n"
" (B) = NULL; \\\n"
" } \\\n"
" } \\\n"
" } while (0)\n\n",
headerfile);
fprintf (headerfile, "#endif\n\n");
logfile = fopen(STEM "_files", "w");
if (logfile == NULL)

View File

@ -1,4 +1,4 @@
-- $Id: k5.asn1,v 1.26 2002/03/18 19:00:43 joda Exp $
-- $Id: k5.asn1,v 1.27 2002/09/03 17:32:09 joda Exp $
KERBEROS5 DEFINITIONS ::=
BEGIN
@ -97,8 +97,7 @@ ENCTYPE ::= INTEGER {
ETYPE_DES_CBC_NONE(-0x1000),
ETYPE_DES3_CBC_NONE(-0x1001),
ETYPE_DES_CFB64_NONE(-0x1002),
ETYPE_DES_PCBC_NONE(-0x1003),
ETYPE_DES3_CBC_NONE_IVEC(-0x1004)
ETYPE_DES_PCBC_NONE(-0x1003)
}
-- this is sugar to make something ASN1 does not have: unsigned

View File

@ -33,7 +33,7 @@
#ifdef HAVE_CONFIG_H
#include<config.h>
RCSID("$Id: pam.c,v 1.27 2001/02/15 04:30:05 assar Exp $");
RCSID("$Id: pam.c,v 1.28 2002/09/09 15:57:24 joda Exp $");
#endif
#include <stdio.h>
@ -128,7 +128,7 @@ pdeb(const char *format, ...)
if (ctrl_off(KRB4_DEBUG))
return;
va_start(args, format);
openlog("pam_krb4", LOG_CONS|LOG_PID, LOG_AUTH);
openlog("pam_krb4", LOG_PID, LOG_AUTH);
vsyslog(LOG_DEBUG, format, args);
va_end(args);
closelog();

View File

@ -1,3 +1,13 @@
2002-09-03 Johan Danielsson <joda@pdc.kth.se>
* wrap.c (wrap_des3): use ETYPE_DES3_CBC_NONE
* unwrap.c (unwrap_des3): use ETYPE_DES3_CBC_NONE
2002-09-02 Johan Danielsson <joda@pdc.kth.se>
* init_sec_context.c: we need to generate a local subkey here
2002-08-20 Jacques Vidrine <n@nectar.com>
* acquire_cred.c, inquire_cred.c, release_cred.c: Use default

View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,7 +33,7 @@
#include "gssapi_locl.h"
RCSID("$Id: init_sec_context.c,v 1.29 2001/08/29 02:21:09 assar Exp $");
RCSID("$Id: init_sec_context.c,v 1.31 2002/09/02 17:16:12 joda Exp $");
/*
* copy the addresses from `input_chan_bindings' (if any) to
@ -367,6 +367,16 @@ init_auth
}
#endif
kret = krb5_auth_con_generatelocalsubkey(gssapi_krb5_context,
(*context_handle)->auth_context,
&cred->session);
if(kret) {
gssapi_krb5_set_error_string ();
*minor_status = kret;
ret = GSS_S_FAILURE;
goto failure;
}
kret = krb5_build_authenticator (gssapi_krb5_context,
(*context_handle)->auth_context,
enctype,

View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,7 +33,7 @@
#include "gssapi_locl.h"
RCSID("$Id: unwrap.c,v 1.20 2002/05/20 15:14:00 nectar Exp $");
RCSID("$Id: unwrap.c,v 1.21 2002/09/03 17:33:11 joda Exp $");
OM_uint32
gss_krb5_get_remotekey(const gss_ctx_id_t context_handle,
@ -296,7 +296,7 @@ unwrap_des3
p -= 28;
ret = krb5_crypto_init(gssapi_krb5_context, key,
ETYPE_DES3_CBC_NONE_IVEC, &crypto);
ETYPE_DES3_CBC_NONE, &crypto);
if (ret) {
gssapi_krb5_set_error_string ();
*minor_status = ret;

View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,7 +33,7 @@
#include "gssapi_locl.h"
RCSID("$Id: wrap.c,v 1.19 2001/06/18 02:53:52 assar Exp $");
RCSID("$Id: wrap.c,v 1.20 2002/09/03 17:33:36 joda Exp $");
OM_uint32
gss_krb5_get_localkey(const gss_ctx_id_t context_handle,
@ -330,7 +330,7 @@ wrap_des3
4);
ret = krb5_crypto_init(gssapi_krb5_context, key, ETYPE_DES3_CBC_NONE_IVEC,
ret = krb5_crypto_init(gssapi_krb5_context, key, ETYPE_DES3_CBC_NONE,
&crypto);
if (ret) {
free (output_message_buffer->value);

View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997-2001 Kungliga Tekniska Högskolan
* Copyright (c) 1997-2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,35 +33,21 @@
#include "hdb_locl.h"
RCSID("$Id: common.c,v 1.10 2001/07/13 06:30:41 assar Exp $");
RCSID("$Id: common.c,v 1.11 2002/09/04 16:32:30 joda Exp $");
int
hdb_principal2key(krb5_context context, krb5_principal p, krb5_data *key)
{
Principal new;
size_t len;
unsigned char *buf;
int ret;
ret = copy_Principal(p, &new);
if(ret)
goto out;
if(ret)
return ret;
new.name.name_type = 0;
len = length_Principal(&new);
buf = malloc(len);
if(buf == NULL){
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM;
goto out;
}
ret = encode_Principal(buf + len - 1, len, &new, &len);
if(ret){
free(buf);
goto out;
}
key->data = buf;
key->length = len;
out:
ASN1_MALLOC_ENCODE(Principal, key->data, key->length, &new, &len, ret);
free_Principal(&new);
return ret;
}
@ -75,24 +61,11 @@ hdb_key2principal(krb5_context context, krb5_data *key, krb5_principal p)
int
hdb_entry2value(krb5_context context, hdb_entry *ent, krb5_data *value)
{
unsigned char *buf;
size_t len;
int ret;
len = length_hdb_entry(ent);
buf = malloc(len);
if(buf == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
ret = encode_hdb_entry(buf + len - 1, len, ent, &len);
if(ret){
free(buf);
return ret;
}
value->data = buf;
value->length = len;
return 0;
ASN1_MALLOC_ENCODE(hdb_entry, value->data, value->length, ent, &len, ret);
return ret;
}
int

View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999 - 2001, PADL Software Pty Ltd.
* Copyright (c) 1999-2001, PADL Software Pty Ltd.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@ -32,7 +32,7 @@
#include "hdb_locl.h"
RCSID("$Id: hdb-ldap.c,v 1.9 2001/08/31 18:19:49 joda Exp $");
RCSID("$Id: hdb-ldap.c,v 1.10 2002/09/04 18:42:22 joda Exp $");
#ifdef OPENLDAP
@ -451,29 +451,10 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry * ent,
for (i = 0; i < ent->keys.len; i++) {
unsigned char *buf;
size_t len;
Key new;
ret = copy_Key(&ent->keys.val[i], &new);
if (ret != 0) {
ASN1_MALLOC_ENCODE(Key, buf, len, &ent->keys.val[i], &len, ret);
if (ret != 0)
goto out;
}
len = length_Key(&new);
buf = malloc(len);
if (buf == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM;
free_Key(&new);
goto out;
}
ret = encode_Key(buf + len - 1, len, &new, &len);
if (ret != 0) {
free(buf);
free_Key(&new);
goto out;
}
free_Key(&new);
/* addmod_len _owns_ the key, doesn't need to copy it */
ret = LDAP_addmod_len(&mods, LDAP_MOD_ADD, "krb5Key", buf, len);

View File

@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
/* $Id: hdb_locl.h,v 1.17 2001/08/22 20:30:28 assar Exp $ */
/* $Id: hdb_locl.h,v 1.18 2002/09/10 20:03:48 joda Exp $ */
#ifndef __HDB_LOCL_H__
#define __HDB_LOCL_H__
@ -56,11 +56,7 @@
#endif
#include <roken.h>
#ifdef HAVE_OPENSSL
#include <openssl/des.h>
#else
#include <des.h>
#endif
#include "crypto-headers.h"
#include <krb5.h>
#include <hdb.h>
#include <hdb-private.h>

View File

@ -1,3 +1,11 @@
2002-08-12 Johan Danielsson <joda@pdc.kth.se>
* k5dfspag.c: don't use ## in string concatenation
2002-03-11 Assar Westerlund <assar@sics.se>
* Makefile.am (libkdfs_la_LDFLAGS): set versoin to 0:2:0
2002-01-23 Assar Westerlund <assar@sics.se>
* k5dfspag.c: use SIG_DFL and not SIG_IGN for SIGCHLD.

View File

@ -1,4 +1,4 @@
# $Id: Makefile.am,v 1.2 2000/12/11 00:46:47 assar Exp $
# $Id: Makefile.am,v 1.3 2002/03/10 23:53:22 assar Exp $
include $(top_srcdir)/Makefile.am.common
@ -7,4 +7,4 @@ lib_LTLIBRARIES = libkdfs.la
libkdfs_la_SOURCES = \
k5dfspag.c
libkdfs_la_LDFLAGS = -version-info 0:1:0
libkdfs_la_LDFLAGS = -version-info 0:2:0

View File

@ -1,6 +1,7 @@
# Makefile.in generated automatically by automake 1.5 from Makefile.am.
# Makefile.in generated by automake 1.6.3 from Makefile.am.
# @configure_input@
# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001
# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
# Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -13,14 +14,11 @@
@SET_MAKE@
# $Id: Makefile.am,v 1.2 2000/12/11 00:46:47 assar Exp $
# $Id: Makefile.am,v 1.3 2002/03/10 23:53:22 assar Exp $
# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
# $Id: Makefile.am.common,v 1.31 2001/09/01 11:12:18 assar Exp $
# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
SHELL = @SHELL@
srcdir = @srcdir@
@ -51,9 +49,13 @@ AUTOCONF = @AUTOCONF@
AUTOMAKE = @AUTOMAKE@
AUTOHEADER = @AUTOHEADER@
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
INSTALL = @INSTALL@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_DATA = @INSTALL_DATA@
install_sh_DATA = $(install_sh) -c -m 644
install_sh_PROGRAM = $(install_sh) -c
install_sh_SCRIPT = $(install_sh) -c
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_HEADER = $(INSTALL_DATA)
transform = @program_transform_name@
@ -65,6 +67,10 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
host_alias = @host_alias@
host_triplet = @host@
EXEEXT = @EXEEXT@
OBJEXT = @OBJEXT@
PATH_SEPARATOR = @PATH_SEPARATOR@
AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
AMTAR = @AMTAR@
AS = @AS@
@ -81,7 +87,7 @@ DIR_com_err = @DIR_com_err@
DIR_des = @DIR_des@
DIR_roken = @DIR_roken@
DLLTOOL = @DLLTOOL@
EXEEXT = @EXEEXT@
ECHO = @ECHO@
EXTRA_LIB45 = @EXTRA_LIB45@
GROFF = @GROFF@
INCLUDES_roken = @INCLUDES_roken@
@ -89,7 +95,9 @@ INCLUDE_ = @INCLUDE_@
INCLUDE_des = @INCLUDE_des@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
LEX = @LEX@
LIBOBJS = @LIBOBJS@
LEXLIB = @LEXLIB@
LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
LIBTOOL = @LIBTOOL@
LIB_ = @LIB_@
LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
@ -111,9 +119,9 @@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
NROFF = @NROFF@
OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
PACKAGE = @PACKAGE@
RANLIB = @RANLIB@
STRIP = @STRIP@
VERSION = @VERSION@
VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
WFLAGS = @WFLAGS@
@ -126,16 +134,19 @@ X_PRE_LIBS = @X_PRE_LIBS@
YACC = @YACC@
am__include = @am__include@
am__quote = @am__quote@
dpagaix_CFLAGS = @dpagaix_CFLAGS@
dpagaix_LDADD = @dpagaix_LDADD@
dpagaix_cflags = @dpagaix_cflags@
dpagaix_ldadd = @dpagaix_ldadd@
dpagaix_ldflags = @dpagaix_ldflags@
install_sh = @install_sh@
AUTOMAKE_OPTIONS = foreign no-dependencies 1.4b
AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
SUFFIXES = .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x
SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken)
@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
AM_CFLAGS = $(WFLAGS)
CP = cp
@ -166,8 +177,6 @@ LIB_socket = @LIB_socket@
LIB_syslog = @LIB_syslog@
LIB_tgetent = @LIB_tgetent@
LIBS = @LIBS@
HESIODLIB = @HESIODLIB@
HESIODINCLUDE = @HESIODINCLUDE@
INCLUDE_hesiod = @INCLUDE_hesiod@
@ -182,8 +191,6 @@ LIB_openldap = @LIB_openldap@
INCLUDE_readline = @INCLUDE_readline@
LIB_readline = @LIB_readline@
LEXLIB = @LEXLIB@
NROFF_MAN = groff -mandoc -Tascii
@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
@ -195,15 +202,13 @@ NROFF_MAN = groff -mandoc -Tascii
@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
CHECK_LOCAL = $(PROGRAMS)
lib_LTLIBRARIES = libkdfs.la
libkdfs_la_SOURCES = \
k5dfspag.c
libkdfs_la_LDFLAGS = -version-info 0:1:0
libkdfs_la_LDFLAGS = -version-info 0:2:0
subdir = lib/kdfs
mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
CONFIG_HEADER = $(top_builddir)/include/config.h
@ -218,7 +223,9 @@ DEFS = @DEFS@
DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include
CPPFLAGS = @CPPFLAGS@
LDFLAGS = @LDFLAGS@
LIBS = @LIBS@
depcomp =
am__depfiles_maybe =
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
@ -234,42 +241,40 @@ SOURCES = $(libkdfs_la_SOURCES)
all: all-am
.SUFFIXES:
.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj
mostlyclean-libtool:
-rm -f *.lo
clean-libtool:
-rm -rf .libs _libs
distclean-libtool:
-rm -f libtool
.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
cd $(top_srcdir) && \
$(AUTOMAKE) --foreign lib/kdfs/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
cd $(top_builddir) && \
CONFIG_HEADERS= CONFIG_LINKS= \
CONFIG_FILES=$(subdir)/$@ $(SHELL) ./config.status
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
libLTLIBRARIES_INSTALL = $(INSTALL)
install-libLTLIBRARIES: $(lib_LTLIBRARIES)
@$(NORMAL_INSTALL)
$(mkinstalldirs) $(DESTDIR)$(libdir)
@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
if test -f $$p; then \
echo " $(LIBTOOL) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$p"; \
$(LIBTOOL) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$p; \
f="`echo $$p | sed -e 's|^.*/||'`"; \
echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f"; \
$(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f; \
else :; fi; \
done
uninstall-libLTLIBRARIES:
@$(NORMAL_UNINSTALL)
@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
p="`echo $$p | sed -e 's|^.*/||'`"; \
echo " $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p"; \
$(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p; \
done
clean-libLTLIBRARIES:
-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
test -z "$dir" && dir=.; \
echo "rm -f \"$${dir}/so_locations\""; \
rm -f "$${dir}/so_locations"; \
done
libkdfs.la: $(libkdfs_la_OBJECTS) $(libkdfs_la_DEPENDENCIES)
$(LINK) -rpath $(libdir) $(libkdfs_la_LDFLAGS) $(libkdfs_la_OBJECTS) $(libkdfs_la_LIBADD) $(LIBS)
@ -280,62 +285,79 @@ distclean-compile:
-rm -f *.tab.c
.c.o:
$(COMPILE) -c `test -f $< || echo '$(srcdir)/'`$<
$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
.c.obj:
$(COMPILE) -c `cygpath -w $<`
.c.lo:
$(LTCOMPILE) -c -o $@ `test -f $< || echo '$(srcdir)/'`$<
$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
mostlyclean-libtool:
-rm -f *.lo
clean-libtool:
-rm -rf .libs _libs
distclean-libtool:
-rm -f libtool
uninstall-info-am:
ETAGS = etags
ETAGSFLAGS =
tags: TAGS
ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
list='$(SOURCES) $(HEADERS) $(TAGS_FILES)'; \
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) ' { files[$$0] = 1; } \
END { for (i in files) print i; }'`; \
mkid -fID $$unique $(LISP)
mkid -fID $$unique
TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
$(TAGS_FILES) $(LISP)
tags=; \
here=`pwd`; \
list='$(SOURCES) $(HEADERS) $(TAGS_FILES)'; \
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) ' { files[$$0] = 1; } \
END { for (i in files) print i; }'`; \
test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
|| etags $(ETAGS_ARGS) $$tags $$unique $(LISP)
test -z "$(ETAGS_ARGS)$$tags$$unique" \
|| $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
$$tags $$unique
GTAGS:
here=`CDPATH=: && cd $(top_builddir) && pwd` \
here=`$(am__cd) $(top_builddir) && pwd` \
&& cd $(top_srcdir) \
&& gtags -i $(GTAGS_ARGS) $$here
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
top_distdir = ../..
distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
distdir: $(DISTFILES)
@for file in $(DISTFILES); do \
if test -f $$file; then d=.; else d=$(srcdir); fi; \
@list='$(DISTFILES)'; for file in $$list; do \
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
if test "$$dir" != "$$file" && test "$$dir" != "."; then \
$(mkinstalldirs) "$(distdir)/$$dir"; \
dir="/$$dir"; \
$(mkinstalldirs) "$(distdir)$$dir"; \
else \
dir=''; \
fi; \
if test -d $$d/$$file; then \
cp -pR $$d/$$file $(distdir) \
|| exit 1; \
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
fi; \
cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
else \
test -f $(distdir)/$$file \
|| cp -p $$d/$$file $(distdir)/$$file \
@ -364,6 +386,7 @@ install-am: all-am
installcheck: installcheck-am
install-strip:
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
INSTALL_STRIP_FLAG=-s \
`test -z '$(STRIP)' || \
echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
mostlyclean-generic:
@ -371,7 +394,7 @@ mostlyclean-generic:
clean-generic:
distclean-generic:
-rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]*
-rm -f Makefile $(CONFIG_CLEAN_FILES)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@ -443,7 +466,7 @@ install-suid-programs:
install-exec-hook: install-suid-programs
install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
@foo='$(include_HEADERS) $(build_HEADERZ)'; \
@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
for f in $$foo; do \
f=`basename $$f`; \
if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
@ -456,6 +479,36 @@ install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
done
all-local: install-build-headers
check-local::
@if test '$(CHECK_LOCAL)'; then \
foo='$(CHECK_LOCAL)'; else \
foo='$(PROGRAMS)'; fi; \
if test "$$foo"; then \
failed=0; all=0; \
for i in $$foo; do \
all=`expr $$all + 1`; \
if ./$$i --version > /dev/null 2>&1; then \
echo "PASS: $$i"; \
else \
echo "FAIL: $$i"; \
failed=`expr $$failed + 1`; \
fi; \
done; \
if test "$$failed" -eq 0; then \
banner="All $$all tests passed"; \
else \
banner="$$failed of $$all tests failed"; \
fi; \
dashes=`echo "$$banner" | sed s/./=/g`; \
echo "$$dashes"; \
echo "$$banner"; \
echo "$$dashes"; \
test "$$failed" -eq 0; \
fi
.x.c:
@cmp -s $< $@ 2> /dev/null || cp $< $@
#NROFF_MAN = nroff -man
.1.cat1:
$(NROFF_MAN) $< > $@
@ -529,34 +582,6 @@ install-data-local: install-cat-mans
$(COMPILE_ET) $<
.et.c:
$(COMPILE_ET) $<
.x.c:
@cmp -s $< $@ 2> /dev/null || cp $< $@
check-local::
@foo='$(CHECK_LOCAL)'; \
if test "$$foo"; then \
failed=0; all=0; \
for i in $$foo; do \
all=`expr $$all + 1`; \
if ./$$i --version > /dev/null 2>&1; then \
echo "PASS: $$i"; \
else \
echo "FAIL: $$i"; \
failed=`expr $$failed + 1`; \
fi; \
done; \
if test "$$failed" -eq 0; then \
banner="All $$all tests passed"; \
else \
banner="$$failed of $$all tests failed"; \
fi; \
dashes=`echo "$$banner" | sed s/./=/g`; \
echo "$$dashes"; \
echo "$$banner"; \
echo "$$dashes"; \
test "$$failed" -eq 0; \
fi
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:

View File

@ -25,7 +25,7 @@
#include <config.h>
#endif
RCSID("$Id: k5dfspag.c,v 1.5 2002/01/23 01:49:34 assar Exp $");
RCSID("$Id: k5dfspag.c,v 1.6 2002/08/12 15:11:58 joda Exp $");
#include <krb5.h>
@ -104,7 +104,7 @@ typedef krb5_sigtype sigtype;
#elif defined(_AIX)
#ifndef DPAGAIX
#define DPAGAIX LIBEXECDIR ## "/dpagaix"
#define DPAGAIX LIBEXECDIR "/dpagaix"
#endif
int *load();
static int (*dpagaix)(int, int, int, int, int, int) = 0;
@ -124,7 +124,7 @@ static int (*dpagaix)(int, int, int, int, int, int) = 0;
#endif /* WAIT_USES_INT */
#ifndef K5DCECON
#define K5DCECON LIBEXECDIR ## "/k5dcecon"
#define K5DCECON LIBEXECDIR "/k5dcecon"
#endif
/*

View File

@ -1,4 +1,4 @@
# $Id: Makefile.am,v 1.145 2002/08/29 04:02:24 assar Exp $
# $Id: Makefile.am,v 1.147 2002/09/03 14:45:13 joda Exp $
include $(top_srcdir)/Makefile.am.common
@ -13,7 +13,8 @@ TESTS = \
string-to-key-test \
derived-key-test \
store-test \
parse-name-test
parse-name-test \
name-45-test
check_PROGRAMS = $(TESTS)
@ -133,10 +134,10 @@ libkrb5_la_LDFLAGS = -version-info 18:3:1
$(libkrb5_la_OBJECTS): $(srcdir)/krb5-protos.h $(srcdir)/krb5-private.h
$(srcdir)/krb5-protos.h: $(ERR_FILES)
$(srcdir)/krb5-protos.h:
cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -o krb5-protos.h $(libkrb5_la_SOURCES) || rm -f krb5-protos.h
$(srcdir)/krb5-private.h: $(ERR_FILES)
$(srcdir)/krb5-private.h:
cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p krb5-private.h $(libkrb5_la_SOURCES) || rm -f krb5-private.h
#libkrb5_la_LIBADD = ../com_err/error.lo ../com_err/com_err.lo

View File

@ -14,7 +14,7 @@
@SET_MAKE@
# $Id: Makefile.am,v 1.145 2002/08/29 04:02:24 assar Exp $
# $Id: Makefile.am,v 1.147 2002/09/03 14:45:13 joda Exp $
# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
@ -211,7 +211,8 @@ TESTS = \
string-to-key-test \
derived-key-test \
store-test \
parse-name-test
parse-name-test \
name-45-test
check_PROGRAMS = $(TESTS)
@ -406,7 +407,7 @@ libkrb5_la_OBJECTS = $(am_libkrb5_la_OBJECTS)
bin_PROGRAMS = verify_krb5_conf$(EXEEXT)
check_PROGRAMS = n-fold-test$(EXEEXT) string-to-key-test$(EXEEXT) \
derived-key-test$(EXEEXT) store-test$(EXEEXT) \
parse-name-test$(EXEEXT)
parse-name-test$(EXEEXT) name-45-test$(EXEEXT)
noinst_PROGRAMS = dump_config$(EXEEXT) test_get_addrs$(EXEEXT) \
krbhst-test$(EXEEXT)
PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS)
@ -435,6 +436,12 @@ n_fold_test_LDADD = $(LDADD)
n_fold_test_DEPENDENCIES = libkrb5.la \
$(top_builddir)/lib/asn1/libasn1.la
n_fold_test_LDFLAGS =
name_45_test_SOURCES = name-45-test.c
name_45_test_OBJECTS = name-45-test.$(OBJEXT)
name_45_test_LDADD = $(LDADD)
name_45_test_DEPENDENCIES = libkrb5.la \
$(top_builddir)/lib/asn1/libasn1.la
name_45_test_LDFLAGS =
parse_name_test_SOURCES = parse-name-test.c
parse_name_test_OBJECTS = parse-name-test.$(OBJEXT)
parse_name_test_LDADD = $(LDADD)
@ -481,13 +488,14 @@ LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(AM_LDFLAGS) $(LDFLAGS) -o $@
CFLAGS = @CFLAGS@
DIST_SOURCES = $(libkrb5_la_SOURCES) derived-key-test.c dump_config.c \
krbhst-test.c n-fold-test.c parse-name-test.c store-test.c \
string-to-key-test.c test_get_addrs.c verify_krb5_conf.c
krbhst-test.c n-fold-test.c name-45-test.c parse-name-test.c \
store-test.c string-to-key-test.c test_get_addrs.c \
verify_krb5_conf.c
MANS = $(man_MANS)
HEADERS = $(include_HEADERS)
DIST_COMMON = $(include_HEADERS) Makefile.am Makefile.in
SOURCES = $(libkrb5_la_SOURCES) derived-key-test.c dump_config.c krbhst-test.c n-fold-test.c parse-name-test.c store-test.c string-to-key-test.c test_get_addrs.c verify_krb5_conf.c
SOURCES = $(libkrb5_la_SOURCES) derived-key-test.c dump_config.c krbhst-test.c n-fold-test.c name-45-test.c parse-name-test.c store-test.c string-to-key-test.c test_get_addrs.c verify_krb5_conf.c
all: all-am
@ -583,6 +591,9 @@ krbhst-test$(EXEEXT): $(krbhst_test_OBJECTS) $(krbhst_test_DEPENDENCIES)
n-fold-test$(EXEEXT): $(n_fold_test_OBJECTS) $(n_fold_test_DEPENDENCIES)
@rm -f n-fold-test$(EXEEXT)
$(LINK) $(n_fold_test_LDFLAGS) $(n_fold_test_OBJECTS) $(n_fold_test_LDADD) $(LIBS)
name-45-test$(EXEEXT): $(name_45_test_OBJECTS) $(name_45_test_DEPENDENCIES)
@rm -f name-45-test$(EXEEXT)
$(LINK) $(name_45_test_LDFLAGS) $(name_45_test_OBJECTS) $(name_45_test_LDADD) $(LIBS)
parse-name-test$(EXEEXT): $(parse_name_test_OBJECTS) $(parse_name_test_DEPENDENCIES)
@rm -f parse-name-test$(EXEEXT)
$(LINK) $(parse_name_test_LDFLAGS) $(parse_name_test_OBJECTS) $(parse_name_test_LDADD) $(LIBS)
@ -1121,10 +1132,10 @@ install-data-local: install-cat-mans
$(libkrb5_la_OBJECTS): $(srcdir)/krb5-protos.h $(srcdir)/krb5-private.h
$(srcdir)/krb5-protos.h: $(ERR_FILES)
$(srcdir)/krb5-protos.h:
cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -o krb5-protos.h $(libkrb5_la_SOURCES) || rm -f krb5-protos.h
$(srcdir)/krb5-private.h: $(ERR_FILES)
$(srcdir)/krb5-private.h:
cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p krb5-private.h $(libkrb5_la_SOURCES) || rm -f krb5-private.h
$(libkrb5_la_OBJECTS): krb5_err.h heim_err.h k524_err.h

View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,7 +33,7 @@
#include "krb5_locl.h"
RCSID("$Id: auth_context.c,v 1.58 2002/08/15 08:23:07 joda Exp $");
RCSID("$Id: auth_context.c,v 1.59 2002/09/02 17:11:02 joda Exp $");
krb5_error_code
krb5_auth_con_init(krb5_context context,
@ -291,6 +291,24 @@ krb5_auth_con_setlocalsubkey(krb5_context context,
return copy_key(context, keyblock, &auth_context->local_subkey);
}
krb5_error_code
krb5_auth_con_generatelocalsubkey(krb5_context context,
krb5_auth_context auth_context,
krb5_keyblock *key)
{
krb5_error_code ret;
krb5_keyblock *subkey;
ret = krb5_generate_subkey (context, key, &subkey);
if(ret)
return ret;
if(auth_context->local_subkey)
krb5_free_keyblock(context, auth_context->local_subkey);
auth_context->local_subkey = subkey;
return 0;
}
krb5_error_code
krb5_auth_con_setremotesubkey(krb5_context context,
krb5_auth_context auth_context,

View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,7 +33,7 @@
#include <krb5_locl.h>
RCSID("$Id: build_ap_req.c,v 1.17 2001/05/14 06:14:44 assar Exp $");
RCSID("$Id: build_ap_req.c,v 1.18 2002/09/04 16:26:04 joda Exp $");
krb5_error_code
krb5_build_ap_req (krb5_context context,
@ -66,15 +66,10 @@ krb5_build_ap_req (krb5_context context,
ap.authenticator.kvno = NULL;
ap.authenticator.cipher = authenticator;
retdata->length = length_AP_REQ(&ap);
retdata->data = malloc(retdata->length);
if(retdata->data == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM;
} else
encode_AP_REQ((unsigned char *)retdata->data + retdata->length - 1,
retdata->length, &ap, &len);
ASN1_MALLOC_ENCODE(AP_REQ, retdata->data, retdata->length,
&ap, &len, ret);
free_AP_REQ(&ap);
return ret;
}

View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,7 +33,7 @@
#include <krb5_locl.h>
RCSID("$Id: build_auth.c,v 1.35 2001/05/14 06:14:44 assar Exp $");
RCSID("$Id: build_auth.c,v 1.38 2002/09/04 16:26:04 joda Exp $");
krb5_error_code
krb5_build_authenticator (krb5_context context,
@ -74,13 +74,6 @@ krb5_build_authenticator (krb5_context context,
if(ret)
goto fail;
if(auth->subkey == NULL) {
krb5_generate_subkey (context, &cred->session, &auth->subkey);
ret = krb5_auth_con_setlocalsubkey(context, auth_context, auth->subkey);
if(ret)
goto fail;
}
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
krb5_generate_seq_number (context,
&cred->session,
@ -99,36 +92,10 @@ krb5_build_authenticator (krb5_context context,
auth_context->authenticator->cusec = auth->cusec;
}
buf_size = 1024;
buf = malloc (buf_size);
if (buf == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM;
ASN1_MALLOC_ENCODE(Authenticator, buf, buf_size, auth, &len, ret);
if (ret)
goto fail;
}
do {
ret = krb5_encode_Authenticator (context,
buf + buf_size - 1,
buf_size,
auth, &len);
if (ret) {
if (ret == ASN1_OVERFLOW) {
u_char *tmp;
buf_size *= 2;
tmp = realloc (buf, buf_size);
if (tmp == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM;
goto fail;
}
buf = tmp;
} else {
goto fail;
}
}
} while(ret == ASN1_OVERFLOW);
ret = krb5_crypto_init(context, &cred->session, enctype, &crypto);
if (ret)

View File

@ -33,7 +33,7 @@
#include <krb5_locl.h>
RCSID("$Id: changepw.c,v 1.35 2002/06/06 13:33:13 joda Exp $");
RCSID("$Id: changepw.c,v 1.37 2002/09/03 16:14:34 nectar Exp $");
static krb5_error_code
send_request (krb5_context context,
@ -57,7 +57,7 @@ send_request (krb5_context context,
ret = krb5_mk_req_extended (context,
auth_context,
AP_OPTS_MUTUAL_REQUIRED,
AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SUBKEY,
NULL, /* in_data */
creds,
&ap_req_data);
@ -144,7 +144,7 @@ process_reply (krb5_context context,
u_char reply[BUFSIZ];
size_t len;
u_int16_t pkt_len, pkt_ver;
krb5_data ap_rep_data;
krb5_data ap_rep_data, priv_data;
int save_errno;
ret = recvfrom (sock, reply, sizeof(reply), 0, NULL, NULL);
@ -173,10 +173,13 @@ process_reply (krb5_context context,
ap_rep_data.data = reply + 6;
ap_rep_data.length = (reply[4] << 8) | (reply[5]);
priv_data.data = (u_char*)ap_rep_data.data + ap_rep_data.length;
priv_data.length = len - ap_rep_data.length - 6;
if ((u_char *)priv_data.data + priv_data.length >= reply + len)
return KRB5_KPASSWD_MALFORMED;
if (ap_rep_data.length) {
krb5_ap_rep_enc_part *ap_rep;
krb5_data priv_data;
u_char *p;
ret = krb5_rd_rep (context,
@ -188,9 +191,6 @@ process_reply (krb5_context context,
krb5_free_ap_rep_enc_part (context, ap_rep);
priv_data.data = (u_char*)ap_rep_data.data + ap_rep_data.length;
priv_data.length = len - ap_rep_data.length - 6;
ret = krb5_rd_priv (context,
auth_context,
&priv_data,

View File

@ -32,7 +32,7 @@
*/
#include "krb5_locl.h"
RCSID("$Id: config_file.c,v 1.45 2002/08/14 17:35:03 joda Exp $");
RCSID("$Id: config_file.c,v 1.46 2002/09/10 19:04:55 joda Exp $");
#ifndef HAVE_NETINFO
@ -341,7 +341,7 @@ vget_next(krb5_context context,
{
const char *p = va_arg(args, const char *);
while(b != NULL) {
if(strcmp(b->name, name) == NULL) {
if(strcmp(b->name, name) == 0) {
if(b->type == type && p == NULL) {
*pointer = b;
return b->u.generic;

View File

@ -34,7 +34,7 @@
#include "krb5_locl.h"
#include <com_err.h>
RCSID("$Id: context.c,v 1.80 2002/08/28 15:27:24 joda Exp $");
RCSID("$Id: context.c,v 1.81 2002/09/02 17:03:12 joda Exp $");
#define INIT_FIELD(C, T, E, D, F) \
(C)->E = krb5_config_get_ ## T ## _default ((C), NULL, (D), \
@ -173,14 +173,9 @@ init_context_from_config_file(krb5_context context)
INIT_FIELD(context, bool, scan_interfaces, TRUE, "scan_interfaces");
INIT_FIELD(context, int, fcache_vno, 0, "fcache_version");
INIT_FIELD(context, bool, srv_lookup, TRUE, "dns_lookup_kdc");
/* srv_lookup backwards compatibility. */
{
const char **p;
p = krb5_config_get_strings(context, NULL, "libdefaults", "srv_lookup", NULL);
if (p != NULL)
INIT_FIELD(context, bool, srv_lookup, TRUE, "srv_lookup");
}
/* prefer dns_lookup_kdc over srv_lookup. */
INIT_FIELD(context, bool, srv_lookup, TRUE, "srv_lookup");
INIT_FIELD(context, bool, srv_lookup, context->srv_lookup, "dns_lookup_kdc");
return 0;
}

View File

@ -32,7 +32,7 @@
*/
#include "krb5_locl.h"
RCSID("$Id: crypto.c,v 1.64 2002/04/29 16:31:54 joda Exp $");
RCSID("$Id: crypto.c,v 1.66 2002/09/03 19:58:15 joda Exp $");
#undef CRYPTO_DEBUG
#ifdef CRYPTO_DEBUG
@ -1676,26 +1676,14 @@ DES3_CBC_encrypt(krb5_context context,
size_t len,
krb5_boolean encrypt,
int usage,
void *ignore_ivec)
void *ivec)
{
des_cblock ivec;
des_cblock local_ivec;
des_key_schedule *s = key->schedule->data;
memset(&ivec, 0, sizeof(ivec));
des_ede3_cbc_encrypt(data, data, len, s[0], s[1], s[2], &ivec, encrypt);
return 0;
}
static krb5_error_code
DES3_CBC_encrypt_ivec(krb5_context context,
struct key_data *key,
void *data,
size_t len,
krb5_boolean encrypt,
int usage,
void *ivec)
{
des_key_schedule *s = key->schedule->data;
if(ivec == NULL) {
ivec = &local_ivec;
memset(local_ivec, 0, sizeof(local_ivec));
}
des_ede3_cbc_encrypt(data, data, len, s[0], s[1], s[2], ivec, encrypt);
return 0;
}
@ -2070,17 +2058,6 @@ static struct encryption_type enctype_des3_cbc_none = {
F_PSEUDO,
DES3_CBC_encrypt,
};
static struct encryption_type enctype_des3_cbc_none_ivec = {
ETYPE_DES3_CBC_NONE_IVEC,
"des3-cbc-none-ivec",
8,
0,
&keytype_des3_derived,
&checksum_none,
NULL,
F_PSEUDO,
DES3_CBC_encrypt_ivec,
};
static struct encryption_type *etypes[] = {
&enctype_null,
@ -2094,8 +2071,7 @@ static struct encryption_type *etypes[] = {
&enctype_des_cbc_none,
&enctype_des_cfb64_none,
&enctype_des_pcbc_none,
&enctype_des3_cbc_none,
&enctype_des3_cbc_none_ivec
&enctype_des3_cbc_none
};
static unsigned num_etypes = sizeof(etypes) / sizeof(etypes[0]);
@ -3056,6 +3032,15 @@ krb5_crypto_destroy(krb5_context context,
return 0;
}
krb5_error_code
krb5_crypto_getblocksize(krb5_context context,
krb5_crypto crypto,
size_t *blocksize)
{
*blocksize = crypto->et->blocksize;
return 0;
}
krb5_error_code
krb5_string_to_key_derived(krb5_context context,
const void *str,

View File

@ -33,7 +33,7 @@
#include <krb5_locl.h>
RCSID("$Id: get_cred.c,v 1.88 2002/03/10 23:11:29 assar Exp $");
RCSID("$Id: get_cred.c,v 1.91 2002/09/04 21:12:46 joda Exp $");
/*
* Take the `body' and encode it into `padata' using the credentials
@ -54,36 +54,14 @@ make_pa_tgs_req(krb5_context context,
krb5_data in_data;
krb5_error_code ret;
buf_size = 1024;
buf = malloc (buf_size);
if (buf == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
do {
ret = encode_KDC_REQ_BODY(buf + buf_size - 1, buf_size,
body, &len);
if (ret){
if (ret == ASN1_OVERFLOW) {
u_char *tmp;
buf_size *= 2;
tmp = realloc (buf, buf_size);
if (tmp == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM;
goto out;
}
buf = tmp;
} else {
goto out;
}
}
} while (ret == ASN1_OVERFLOW);
ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, buf_size, body, &len, ret);
if (ret)
goto out;
if(buf_size != len)
krb5_abortx(context, "internal error in ASN.1 encoder");
in_data.length = len;
in_data.data = buf + buf_size - len;
in_data.data = buf;
ret = krb5_mk_req_internal(context, &ac, 0, &in_data, creds,
&padata->padata_value,
KRB5_KU_TGS_REQ_AUTH_CKSUM,
@ -113,18 +91,9 @@ set_auth_data (krb5_context context,
krb5_crypto crypto;
krb5_error_code ret;
len = length_AuthorizationData(authdata);
buf = malloc(len);
if (buf == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
ret = encode_AuthorizationData(buf + len - 1,
len, authdata, &len);
if (ret) {
free (buf);
ASN1_MALLOC_ENCODE(AuthorizationData, buf, len, authdata, &len, ret);
if (ret)
return ret;
}
ALLOC(req_body->enc_authorization_data, 1);
if (req_body->enc_authorization_data == NULL) {
@ -173,16 +142,19 @@ init_tgs_req (krb5_context context,
TGS_REQ *t,
krb5_key_usage usage)
{
krb5_error_code ret;
krb5_error_code ret = 0;
memset(t, 0, sizeof(*t));
t->pvno = 5;
t->msg_type = krb_tgs_req;
if (in_creds->session.keytype) {
ret = krb5_keytype_to_enctypes_default (context,
in_creds->session.keytype,
&t->req_body.etype.len,
&t->req_body.etype.val);
ALLOC_SEQ(&t->req_body.etype, 1);
if(t->req_body.etype.val == NULL) {
ret = ENOMEM;
krb5_set_error_string(context, "malloc: out of memory");
goto fail;
}
t->req_body.etype.val[0] = in_creds->session.keytype;
} else {
ret = krb5_init_etype(context,
&t->req_body.etype.len,
@ -431,34 +403,11 @@ get_cred_kdc_usage(krb5_context context,
if (ret)
goto out;
buf_size = 1024;
buf = malloc (buf_size);
if (buf == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM;
ASN1_MALLOC_ENCODE(TGS_REQ, buf, buf_size, &req, &enc.length, ret);
if (ret)
goto out;
}
do {
ret = encode_TGS_REQ (buf + buf_size - 1, buf_size,
&req, &enc.length);
if (ret) {
if (ret == ASN1_OVERFLOW) {
u_char *tmp;
buf_size *= 2;
tmp = realloc (buf, buf_size);
if (tmp == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM;
goto out;
}
buf = tmp;
} else {
goto out;
}
}
} while (ret == ASN1_OVERFLOW);
if(enc.length != buf_size)
krb5_abortx(context, "internal error in ASN.1 encoder");
/* don't free addresses */
req.req_body.addresses = NULL;

View File

@ -33,7 +33,7 @@
#include <krb5_locl.h>
RCSID("$Id: get_for_creds.c,v 1.32 2002/03/10 23:12:23 assar Exp $");
RCSID("$Id: get_for_creds.c,v 1.34 2002/09/04 16:26:04 joda Exp $");
static krb5_error_code
add_addrs(krb5_context context,
@ -162,12 +162,14 @@ krb5_get_forwarded_creds (krb5_context context,
KrbCredInfo *krb_cred_info;
EncKrbCredPart enc_krb_cred_part;
size_t len;
u_char buf[1024];
unsigned char *buf;
size_t buf_size;
int32_t sec, usec;
krb5_kdc_flags kdc_flags;
krb5_crypto crypto;
struct addrinfo *ai;
int save_errno;
krb5_keyblock *key;
addrs.len = 0;
addrs.val = NULL;
@ -319,45 +321,51 @@ krb5_get_forwarded_creds (krb5_context context,
/* encode EncKrbCredPart */
ret = krb5_encode_EncKrbCredPart (context,
buf + sizeof(buf) - 1, sizeof(buf),
&enc_krb_cred_part, &len);
ASN1_MALLOC_ENCODE(EncKrbCredPart, buf, buf_size,
&enc_krb_cred_part, &len, ret);
free_EncKrbCredPart (&enc_krb_cred_part);
if (ret) {
free_KRB_CRED(&cred);
return ret;
}
}
if(buf_size != len)
krb5_abortx(context, "internal error in ASN.1 encoder");
ret = krb5_crypto_init(context, auth_context->local_subkey, 0, &crypto);
if (auth_context->local_subkey)
key = auth_context->local_subkey;
else if (auth_context->remote_subkey)
key = auth_context->remote_subkey;
else
key = auth_context->keyblock;
ret = krb5_crypto_init(context, key, 0, &crypto);
if (ret) {
free(buf);
free_KRB_CRED(&cred);
return ret;
}
ret = krb5_encrypt_EncryptedData (context,
crypto,
KRB5_KU_KRB_CRED,
buf + sizeof(buf) - len,
buf,
len,
0,
&cred.enc_part);
free(buf);
krb5_crypto_destroy(context, crypto);
if (ret) {
free_KRB_CRED(&cred);
return ret;
}
ret = encode_KRB_CRED (buf + sizeof(buf) - 1, sizeof(buf),
&cred, &len);
ASN1_MALLOC_ENCODE(KRB_CRED, buf, buf_size, &cred, &len, ret);
free_KRB_CRED (&cred);
if (ret)
return ret;
if(buf_size != len)
krb5_abortx(context, "internal error in ASN.1 encoder");
out_data->length = len;
out_data->data = malloc(len);
if (out_data->data == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
memcpy (out_data->data, buf + sizeof(buf) - len, len);
out_data->data = buf;
return 0;
out4:
free_EncKrbCredPart(&enc_krb_cred_part);

View File

@ -33,7 +33,7 @@
#include "krb5_locl.h"
RCSID("$Id: get_in_tkt.c,v 1.104 2002/04/18 09:11:39 joda Exp $");
RCSID("$Id: get_in_tkt.c,v 1.106 2002/09/04 16:26:04 joda Exp $");
krb5_error_code
krb5_init_etype (krb5_context context,
@ -158,22 +158,12 @@ _krb5_extract_ticket(krb5_context context,
creds->client = tmp_principal;
/* extract ticket */
{
unsigned char *buf;
size_t len;
len = length_Ticket(&rep->kdc_rep.ticket);
buf = malloc(len);
if(buf == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM;
goto out;
}
encode_Ticket(buf + len - 1, len, &rep->kdc_rep.ticket, &len);
creds->ticket.data = buf;
creds->ticket.length = len;
creds->second_ticket.length = 0;
creds->second_ticket.data = NULL;
}
ASN1_MALLOC_ENCODE(Ticket, creds->ticket.data, creds->ticket.length,
&rep->kdc_rep.ticket, &creds->ticket.length, ret);
if(ret)
goto out;
creds->second_ticket.length = 0;
creds->second_ticket.data = NULL;
/* compare server */
@ -223,7 +213,8 @@ _krb5_extract_ticket(krb5_context context,
/* set kdc-offset */
krb5_timeofday (context, &sec_now);
if (context->kdc_sec_offset == 0
if (rep->enc_part.flags.initial
&& context->kdc_sec_offset == 0
&& krb5_config_get_bool (context, NULL,
"libdefaults",
"kdc_timesync",
@ -314,7 +305,8 @@ make_pa_enc_timestamp(krb5_context context, PA_DATA *pa,
krb5_enctype etype, krb5_keyblock *key)
{
PA_ENC_TS_ENC p;
u_char buf[1024];
unsigned char *buf;
size_t buf_size;
size_t len;
EncryptedData encdata;
krb5_error_code ret;
@ -327,39 +319,37 @@ make_pa_enc_timestamp(krb5_context context, PA_DATA *pa,
usec2 = usec;
p.pausec = &usec2;
ret = encode_PA_ENC_TS_ENC(buf + sizeof(buf) - 1,
sizeof(buf),
&p,
&len);
ASN1_MALLOC_ENCODE(PA_ENC_TS_ENC, buf, buf_size, &p, &len, ret);
if (ret)
return ret;
if(buf_size != len)
krb5_abortx(context, "internal error in ASN.1 encoder");
ret = krb5_crypto_init(context, key, 0, &crypto);
if (ret)
if (ret) {
free(buf);
return ret;
}
ret = krb5_encrypt_EncryptedData(context,
crypto,
KRB5_KU_PA_ENC_TIMESTAMP,
buf + sizeof(buf) - len,
buf,
len,
0,
&encdata);
free(buf);
krb5_crypto_destroy(context, crypto);
if (ret)
return ret;
ret = encode_EncryptedData(buf + sizeof(buf) - 1,
sizeof(buf),
&encdata,
&len);
ASN1_MALLOC_ENCODE(EncryptedData, buf, buf_size, &encdata, &len, ret);
free_EncryptedData(&encdata);
if (ret)
return ret;
if(buf_size != len)
krb5_abortx(context, "internal error in ASN.1 encoder");
pa->padata_type = KRB5_PADATA_ENC_TIMESTAMP;
pa->padata_value.length = 0;
krb5_data_copy(&pa->padata_value,
buf + sizeof(buf) - len,
len);
pa->padata_value.length = len;
pa->padata_value.data = buf;
return 0;
}
@ -656,7 +646,7 @@ krb5_get_in_cred(krb5_context context,
AS_REQ a;
krb5_kdc_rep rep;
krb5_data req, resp;
char buf[BUFSIZ];
size_t len;
krb5_salt salt;
krb5_keyblock *key;
size_t size;
@ -692,17 +682,15 @@ krb5_get_in_cred(krb5_context context,
if (ret)
return ret;
ret = encode_AS_REQ ((unsigned char*)buf + sizeof(buf) - 1,
sizeof(buf),
&a,
&req.length);
ASN1_MALLOC_ENCODE(AS_REQ, req.data, req.length, &a, &len, ret);
free_AS_REQ(&a);
if (ret)
return ret;
req.data = buf + sizeof(buf) - req.length;
if(len != req.length)
krb5_abortx(context, "internal error in ASN.1 encoder");
ret = krb5_sendto_kdc (context, &req, &creds->client->realm, &resp);
krb5_data_free(&req);
if (ret)
return ret;

View File

@ -33,7 +33,7 @@
#include "krb5_locl.h"
RCSID("$Id: keytab_keyfile.c,v 1.13 2002/04/18 14:04:21 joda Exp $");
RCSID("$Id: keytab_keyfile.c,v 1.14 2002/09/09 14:22:26 nectar Exp $");
/* afs keyfile operations --------------------------------------- */
@ -297,7 +297,7 @@ akf_add_entry(krb5_context context,
fd = open (d->filename, O_RDWR | O_BINARY);
if (fd < 0) {
fd = open (d->filename,
O_RDWR | O_BINARY | O_CREAT, 0600);
O_RDWR | O_BINARY | O_CREAT | O_EXCL, 0600);
if (fd < 0) {
ret = errno;
krb5_set_error_string(context, "open(%s): %s", d->filename,

View File

@ -193,6 +193,12 @@ krb5_auth_con_genaddrs (
int /*fd*/,
int /*flags*/);
krb5_error_code
krb5_auth_con_generatelocalsubkey (
krb5_context /*context*/,
krb5_auth_context /*auth_context*/,
krb5_keyblock */*key*/);
krb5_error_code
krb5_auth_con_getaddrs (
krb5_context /*context*/,
@ -805,6 +811,12 @@ krb5_crypto_destroy (
krb5_context /*context*/,
krb5_crypto /*crypto*/);
krb5_error_code
krb5_crypto_getblocksize (
krb5_context /*context*/,
krb5_crypto /*crypto*/,
size_t */*blocksize*/);
krb5_error_code
krb5_crypto_init (
krb5_context /*context*/,

View File

@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
/* $Id: krb5.h,v 1.203 2002/08/22 10:06:20 joda Exp $ */
/* $Id: krb5.h,v 1.205 2002/09/03 17:31:47 joda Exp $ */
#ifndef __KRB5_H__
#define __KRB5_H__
@ -99,7 +99,6 @@ enum {
ENCTYPE_DES3_CBC_NONE = ETYPE_DES3_CBC_NONE,
ENCTYPE_DES_CFB64_NONE = ETYPE_DES_CFB64_NONE,
ENCTYPE_DES_PCBC_NONE = ETYPE_DES_PCBC_NONE,
ENCTYPE_DES3_CBC_NONE_IVEC = ETYPE_DES3_CBC_NONE_IVEC
};
typedef PADATA_TYPE krb5_preauthtype;
@ -208,7 +207,8 @@ typedef enum krb5_address_type {
enum {
AP_OPTS_USE_SESSION_KEY = 1,
AP_OPTS_MUTUAL_REQUIRED = 2
AP_OPTS_MUTUAL_REQUIRED = 2,
AP_OPTS_USE_SUBKEY = 4 /* library internal */
};
typedef HostAddress krb5_address;

View File

@ -1,5 +1,5 @@
.\" Copyright (c) 2000 Kungliga Tekniska Högskolan
.\" $Id: krb5_appdefault.3,v 1.7 2002/08/28 15:30:46 joda Exp $
.\" $Id: krb5_appdefault.3,v 1.8 2002/09/13 14:49:31 joda Exp $
.Dd July 25, 2000
.Dt KRB5_APPDEFAULT 3
.Os HEIMDAL
@ -19,7 +19,7 @@ Kerberos 5 Library (libkrb5, -lkrb5)
.Ft void
.Fn krb5_appdefault_time "krb5_context context" "const char *appname" "krb5_realm realm" "const char *option" "time_t def_val" "time_t *ret_val"
.Sh DESCRIPTION
These functions get application application defaults from the
These functions get application defaults from the
.Dv appdefaults
section of the
.Xr krb5.conf 5

View File

@ -1,5 +1,5 @@
.\" Copyright (c) 2001 Kungliga Tekniska Högskolan
.\" $Id: krb5_auth_context.3,v 1.4 2002/08/28 14:46:20 joda Exp $
.\" $Id: krb5_auth_context.3,v 1.5 2002/09/02 12:42:00 joda Exp $
.Dd January 21, 2001
.Dt KRB5_AUTH_CONTEXT 3
.Os HEIMDAL
@ -34,7 +34,7 @@
.Nm krb5_auth_con_setrcache ,
.Nm krb5_auth_con_initivector ,
.Nm krb5_auth_con_setivector
.Nd manage authetication on connection level
.Nd manage authentication on connection level
.Sh LIBRARY
Kerberos 5 Library (libkrb5, -lkrb5)
.Sh SYNOPSIS

View File

@ -1,5 +1,5 @@
.\" Copyright (c) 2001 Kungliga Tekniska Högskolan
.\" $Id: krb5_context.3,v 1.3 2002/08/28 15:30:48 joda Exp $
.\" $Id: krb5_context.3,v 1.4 2002/09/02 12:42:00 joda Exp $
.Dd January 21, 2001
.Dt KRB5_CONTEXT 3
.Os HEIMDAL
@ -10,8 +10,8 @@
The
.Nm
structure is designed to hold all per thread state. All global
variables that are context specific are stored in this struture,
including default encryption types, credential-cache (ticket file), and
variables that are context specific are stored in this structure,
including default encryption types, credentials-cache (ticket file), and
default realms.
.Pp
The internals of the structure should never be accessed directly,

View File

@ -1,5 +1,5 @@
.\" Copyright (c) 2001 Kungliga Tekniska Högskolan
.\" $Id: krb5_init_context.3,v 1.5 2002/08/28 15:30:53 joda Exp $
.\" $Id: krb5_init_context.3,v 1.6 2002/09/02 12:42:00 joda Exp $
.Dd January 21, 2001
.Dt KRB5_CONTEXT 3
.Os HEIMDAL
@ -20,7 +20,7 @@ The
.Fn krb5_init_context
function initializes the
.Fa context
structure and reads the configration file
structure and reads the configuration file
.Pa /etc/krb5.conf .
.Pp
The structure should be freed by calling

View File

@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
/* $Id: krb5_locl.h,v 1.69 2002/08/12 15:09:19 joda Exp $ */
/* $Id: krb5_locl.h,v 1.71 2002/09/10 20:10:45 joda Exp $ */
#ifndef __KRB5_LOCL_H__
#define __KRB5_LOCL_H__
@ -45,6 +45,7 @@
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include <limits.h>
#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
@ -112,19 +113,7 @@ struct sockaddr_dl;
#include <parse_time.h>
#include <base64.h>
#ifdef HAVE_OPENSSL
#include <openssl/des.h>
#include <openssl/md4.h>
#include <openssl/md5.h>
#include <openssl/sha.h>
#include <openssl/rc4.h>
#else
#include <des.h>
#include <md4.h>
#include <md5.h>
#include <sha.h>
#include <rc4.h>
#endif
#include "crypto-headers.h"
#include <krb5_asn1.h>
#include <der.h>

View File

@ -1,5 +1,5 @@
.\" Copyright (c) 1997 Kungliga Tekniska Högskolan
.\" $Id: krb5_parse_name.3,v 1.5 2002/08/28 15:30:55 joda Exp $
.\" $Id: krb5_parse_name.3,v 1.6 2002/09/02 12:42:00 joda Exp $
.Dd August 8, 1997
.Dt KRB5_PARSE_NAME 3
.Os HEIMDAL
@ -14,7 +14,7 @@ Kerberos 5 Library (libkrb5, -lkrb5)
.Fn krb5_parse_name "krb5_context context" "const char *name" "krb5_principal *principal"
.Sh DESCRIPTION
.Fn krb5_parse_name
converts a string representation of a princpal name to
converts a string representation of a principal name to
.Nm krb5_principal .
The
.Fa principal

View File

@ -1,5 +1,5 @@
.\" Copyright (c) 1997 Kungliga Tekniska Högskolan
.\" $Id: krb5_unparse_name.3,v 1.5 2002/08/28 15:30:57 joda Exp $
.\" $Id: krb5_unparse_name.3,v 1.6 2002/09/02 12:42:00 joda Exp $
.Dd August 8, 1997
.Dt KRB5_UNPARSE_NAME 3
.Os HEIMDAL
@ -18,7 +18,8 @@ Kerberos 5 Library (libkrb5, -lkrb5)
.Sh DESCRIPTION
This function takes a
.Fa principal ,
and will convert in to a printable representation with the same syntax as decribed in
and will convert in to a printable representation with the same syntax
as described in
.Xr krb5_parse_name 3 .
.Fa *name
will point to allocated data and should be freed by the caller.

View File

@ -33,7 +33,7 @@
#include "krb5_locl.h"
RCSID("$Id: kuserok.c,v 1.5 1999/12/02 17:05:11 joda Exp $");
RCSID("$Id: kuserok.c,v 1.6 2002/09/16 17:32:11 nectar Exp $");
/*
* Return TRUE iff `principal' is allowed to login as `luser'.
@ -88,9 +88,7 @@ krb5_kuserok (krb5_context context,
while (fgets (buf, sizeof(buf), f) != NULL) {
krb5_principal tmp;
if(buf[strlen(buf) - 1] == '\n')
buf[strlen(buf) - 1] = '\0';
buf[strcspn(buf, "\n")] = '\0';
ret = krb5_parse_name (context, buf, &tmp);
if (ret) {
fclose (f);

View File

@ -33,7 +33,7 @@
#include "krb5_locl.h"
RCSID("$Id: log.c,v 1.30 2002/08/20 09:49:09 joda Exp $");
RCSID("$Id: log.c,v 1.31 2002/09/05 14:59:14 joda Exp $");
struct facility {
int min;
@ -382,24 +382,33 @@ krb5_vlog_msg(krb5_context context,
va_list ap)
__attribute__((format (printf, 5, 0)))
{
char *msg;
const char *actual;
char *msg = NULL;
const char *actual = NULL;
char buf[64];
time_t t;
time_t t = 0;
int i;
vasprintf(&msg, fmt, ap);
if (msg != NULL)
actual = msg;
else
actual = fmt;
t = time(NULL);
krb5_format_time(context, t, buf, sizeof(buf), TRUE);
for(i = 0; i < fac->len; i++)
for(i = 0; fac && i < fac->len; i++)
if(fac->val[i].min <= level &&
(fac->val[i].max < 0 || fac->val[i].max >= level))
(fac->val[i].max < 0 || fac->val[i].max >= level)) {
if(t == 0) {
t = time(NULL);
krb5_format_time(context, t, buf, sizeof(buf), TRUE);
}
if(actual == NULL) {
vasprintf(&msg, fmt, ap);
if(msg == NULL)
actual = fmt;
else
actual = msg;
}
(*fac->val[i].log)(buf, actual, fac->val[i].data);
*reply = msg;
}
if(reply == NULL)
free(msg);
else
*reply = msg;
return 0;
}
@ -411,12 +420,7 @@ krb5_vlog(krb5_context context,
va_list ap)
__attribute__((format (printf, 4, 0)))
{
char *msg;
krb5_error_code ret;
ret = krb5_vlog_msg(context, fac, &msg, level, fmt, ap);
free(msg);
return ret;
return krb5_vlog_msg(context, fac, NULL, level, fmt, ap);
}
krb5_error_code

View File

@ -33,7 +33,7 @@
#include "krb5_locl.h"
RCSID("$Id: mk_error.c,v 1.17 2002/03/27 09:29:43 joda Exp $");
RCSID("$Id: mk_error.c,v 1.18 2002/09/04 16:26:04 joda Exp $");
krb5_error_code
krb5_mk_error(krb5_context context,
@ -47,8 +47,6 @@ krb5_mk_error(krb5_context context,
krb5_data *reply)
{
KRB_ERROR msg;
u_char *buf;
size_t buf_size;
int32_t sec, usec;
size_t len;
krb5_error_code ret = 0;
@ -84,45 +82,10 @@ krb5_mk_error(krb5_context context,
msg.cname = &client->name;
}
buf_size = 1024;
buf = malloc (buf_size);
if (buf == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
do {
ret = encode_KRB_ERROR(buf + buf_size - 1,
buf_size,
&msg,
&len);
if (ret) {
if (ret == ASN1_OVERFLOW) {
u_char *tmp;
buf_size *= 2;
tmp = realloc (buf, buf_size);
if (tmp == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
ret = ENOMEM;
goto out;
}
buf = tmp;
} else {
goto out;
}
}
} while (ret == ASN1_OVERFLOW);
reply->length = len;
reply->data = malloc(len);
if (reply->data == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
ret = ENOMEM;
goto out;
}
memcpy (reply->data, buf + buf_size - len, len);
out:
free (buf);
return ret;
ASN1_MALLOC_ENCODE(KRB_ERROR, reply->data, reply->length, &msg, &len, ret);
if (ret)
return ret;
if(reply->length != len)
krb5_abortx(context, "internal error in ASN.1 encoder");
return 0;
}

View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,12 +33,9 @@
#include <krb5_locl.h>
RCSID("$Id: mk_priv.c,v 1.30 2001/06/18 02:44:54 assar Exp $");
/*
*
*/
RCSID("$Id: mk_priv.c,v 1.31 2002/09/04 16:26:04 joda Exp $");
krb5_error_code
krb5_mk_priv(krb5_context context,
krb5_auth_context auth_context,
@ -83,35 +80,11 @@ krb5_mk_priv(krb5_context context,
part.s_address = auth_context->local_address;
part.r_address = auth_context->remote_address;
buf_size = 1024;
buf = malloc (buf_size);
if (buf == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
krb5_data_zero (&s.enc_part.cipher);
do {
ret = encode_EncKrbPrivPart (buf + buf_size - 1, buf_size,
&part, &len);
if (ret) {
if (ret == ASN1_OVERFLOW) {
u_char *tmp;
buf_size *= 2;
tmp = realloc (buf, buf_size);
if (tmp == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
ret = ENOMEM;
goto fail;
}
buf = tmp;
} else {
goto fail;
}
}
} while(ret == ASN1_OVERFLOW);
ASN1_MALLOC_ENCODE(EncKrbPrivPart, buf, buf_size, &part, &len, ret);
if (ret)
goto fail;
s.pvno = 5;
s.msg_type = krb_priv;
@ -134,37 +107,21 @@ krb5_mk_priv(krb5_context context,
free(buf);
return ret;
}
free(buf);
do {
ret = encode_KRB_PRIV (buf + buf_size - 1, buf_size, &s, &len);
if (ret){
if (ret == ASN1_OVERFLOW) {
u_char *tmp;
ASN1_MALLOC_ENCODE(KRB_PRIV, buf, buf_size, &s, &len, ret);
buf_size *= 2;
tmp = realloc (buf, buf_size);
if (tmp == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
ret = ENOMEM;
goto fail;
}
buf = tmp;
} else {
goto fail;
}
}
} while(ret == ASN1_OVERFLOW);
if(ret)
goto fail;
krb5_data_free (&s.enc_part.cipher);
outbuf->length = len;
outbuf->data = malloc (len);
if (outbuf->data == NULL) {
ret = krb5_data_copy(outbuf, buf + buf_size - len, len);
if (ret) {
krb5_set_error_string (context, "malloc: out of memory");
free(buf);
return ENOMEM;
}
memcpy (outbuf->data, buf + buf_size - len, len);
free (buf);
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE)
auth_context->local_seqnumber =

View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,7 +33,7 @@
#include <krb5_locl.h>
RCSID("$Id: mk_rep.c,v 1.19 2001/05/14 06:14:49 assar Exp $");
RCSID("$Id: mk_rep.c,v 1.20 2002/09/04 16:26:05 joda Exp $");
krb5_error_code
krb5_mk_rep(krb5_context context,
@ -72,21 +72,10 @@ krb5_mk_rep(krb5_context context,
ap.enc_part.etype = auth_context->keyblock->keytype;
ap.enc_part.kvno = NULL;
buf_size = length_EncAPRepPart(&body);
buf = malloc (buf_size);
if (buf == NULL) {
free_EncAPRepPart (&body);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
ret = krb5_encode_EncAPRepPart (context,
buf + buf_size - 1,
buf_size,
&body,
&len);
ASN1_MALLOC_ENCODE(EncAPRepPart, buf, buf_size, &body, &len, ret);
free_EncAPRepPart (&body);
if(ret)
return ret;
ret = krb5_crypto_init(context, auth_context->keyblock,
0 /* ap.enc_part.etype */, &crypto);
if (ret) {
@ -105,20 +94,7 @@ krb5_mk_rep(krb5_context context,
return ret;
}
buf_size = length_AP_REP(&ap);
buf = realloc(buf, buf_size);
if(buf == NULL) {
free_AP_REP (&ap);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
ret = encode_AP_REP (buf + buf_size - 1, buf_size, &ap, &len);
ASN1_MALLOC_ENCODE(AP_REP, outbuf->data, outbuf->length, &ap, &len, ret);
free_AP_REP (&ap);
if(len != buf_size)
krb5_abortx(context, "krb5_mk_rep: encoded length != calculated length");
outbuf->data = buf;
outbuf->length = len;
return 0;
return ret;
}

View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,7 +33,7 @@
#include <krb5_locl.h>
RCSID("$Id: mk_req_ext.c,v 1.25 2001/05/09 07:15:00 assar Exp $");
RCSID("$Id: mk_req_ext.c,v 1.26 2002/09/02 17:13:52 joda Exp $");
krb5_error_code
krb5_mk_req_internal(krb5_context context,
@ -62,6 +62,12 @@ krb5_mk_req_internal(krb5_context context,
if(ret)
return ret;
if(ac->local_subkey == NULL && (ap_req_options & AP_OPTS_USE_SUBKEY)) {
ret = krb5_auth_con_generatelocalsubkey(context, ac, &in_creds->session);
if(ret)
return ret;
}
#if 0
{
/* This is somewhat bogus since we're possibly overwriting a

View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,7 +33,7 @@
#include <krb5_locl.h>
RCSID("$Id: mk_safe.c,v 1.27 2001/06/18 02:45:15 assar Exp $");
RCSID("$Id: mk_safe.c,v 1.28 2002/09/04 16:26:05 joda Exp $");
krb5_error_code
krb5_mk_safe(krb5_context context,
@ -48,7 +48,6 @@ krb5_mk_safe(krb5_context context,
KerberosTime sec2;
int usec2;
u_char *buf = NULL;
void *tmp;
size_t buf_size;
size_t len;
u_int32_t tmp_seq;
@ -85,17 +84,11 @@ krb5_mk_safe(krb5_context context,
s.cksum.checksum.data = NULL;
s.cksum.checksum.length = 0;
buf_size = length_KRB_SAFE(&s);
buf = malloc(buf_size + 128); /* add some for checksum */
if(buf == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
ret = encode_KRB_SAFE (buf + buf_size - 1, buf_size, &s, &len);
if (ret) {
free (buf);
ASN1_MALLOC_ENCODE(KRB_SAFE, buf, buf_size, &s, &len, ret);
if (ret)
return ret;
}
if(buf_size != len)
krb5_abortx(context, "internal error in ASN.1 encoder");
ret = krb5_crypto_init(context, key, 0, &crypto);
if (ret) {
free (buf);
@ -105,7 +98,7 @@ krb5_mk_safe(krb5_context context,
crypto,
KRB5_KU_KRB_SAFE_CKSUM,
0,
buf + buf_size - len,
buf,
len,
&s.cksum);
krb5_crypto_destroy(context, crypto);
@ -114,27 +107,16 @@ krb5_mk_safe(krb5_context context,
return ret;
}
buf_size = length_KRB_SAFE(&s);
tmp = realloc(buf, buf_size);
if(tmp == NULL) {
free(buf);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
buf = tmp;
ret = encode_KRB_SAFE (buf + buf_size - 1, buf_size, &s, &len);
free(buf);
ASN1_MALLOC_ENCODE(KRB_SAFE, buf, buf_size, &s, &len, ret);
free_Checksum (&s.cksum);
if(ret)
return ret;
if(buf_size != len)
krb5_abortx(context, "internal error in ASN.1 encoder");
outbuf->length = len;
outbuf->data = malloc (len);
if (outbuf->data == NULL) {
free (buf);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
memcpy (outbuf->data, buf + buf_size - len, len);
free (buf);
outbuf->data = buf;
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE)
auth_context->local_seqnumber =
(auth_context->local_seqnumber + 1) & 0xFFFFFFFF;

View File

@ -0,0 +1,277 @@
/*
* Copyright (c) 2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of KTH nor the names of its contributors may be
* used to endorse or promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
#include "krb5_locl.h"
RCSID("$Id: name-45-test.c,v 1.2 2002/08/31 03:33:07 assar Exp $");
enum { MAX_COMPONENTS = 3 };
static struct testcase {
const char *v4_name;
const char *v4_inst;
const char *v4_realm;
krb5_realm v5_realm;
unsigned ncomponents;
char *comp_val[MAX_COMPONENTS];
const char *config_file;
krb5_error_code ret; /* expected error code from 524 */
krb5_error_code ret2; /* expected error code from 425 */
} tests[] = {
{"", "", "", "", 1, {""}, NULL, 0, 0},
{"a", "", "", "", 1, {"a"}, NULL, 0, 0},
{"a", "b", "", "", 2, {"a", "b"}, NULL, 0, 0},
{"a", "b", "c", "c", 2, {"a", "b"}, NULL, 0, 0},
{"krbtgt", "FOO.SE", "FOO.SE", "FOO.SE", 2,
{"krbtgt", "FOO.SE"}, NULL, 0, 0},
{"foo", "bar", "BAZ", "BAZ", 2,
{"foo", "bar"}, NULL, 0, 0},
{"foo", "bar", "BAZ", "BAZ", 2,
{"foo", "bar"},
"[libdefaults]\n"
" v4_name_convert = {\n"
" host = {\n"
" foo = foo5\n"
" }\n"
"}\n",
HEIM_ERR_V4_PRINC_NO_CONV, 0},
{"foo", "bar", "BAZ", "BAZ", 2,
{"foo5", "bar.baz"},
"[realms]\n"
" BAZ = {\n"
" v4_name_convert = {\n"
" host = {\n"
" foo = foo5\n"
" }\n"
" }\n"
" v4_instance_convert = {\n"
" bar = bar.baz\n"
" }\n"
" }\n",
0, 0},
{"rcmd", "foo", "realm", "realm", 2, {"host", "foo"}, NULL,
HEIM_ERR_V4_PRINC_NO_CONV, 0},
{"rcmd", "foo", "realm", "realm", 2, {"host", "foo.realm"},
"[realms]\n"
" realm = {\n"
" v4_instance_convert = {\n"
" foo = foo.realm\n"
" }\n"
" }\n",
0, 0},
{"pop", "mail0", "NADA.KTH.SE", "NADA.KTH.SE", 2,
{"pop", "mail0.nada.kth.se"}, NULL, HEIM_ERR_V4_PRINC_NO_CONV, 0},
{"pop", "mail0", "NADA.KTH.SE", "NADA.KTH.SE", 2,
{"pop", "mail0.nada.kth.se"},
"[realms]\n"
" NADA.KTH.SE = {\n"
" default_domain = nada.kth.se\n"
" }\n",
0, 0},
{"pop", "mail0", "NADA.KTH.SE", "NADA.KTH.SE", 2,
{"pop", "mail0.nada.kth.se"},
"[libdefaults]\n"
" v4_instance_resolve = true\n",
HEIM_ERR_V4_PRINC_NO_CONV, 0},
{"rcmd", "ratatosk", "NADA.KTH.SE", "NADA.KTH.SE", 2,
{"host", "ratatosk.pdc.kth.se"}, NULL, HEIM_ERR_V4_PRINC_NO_CONV, 0},
{"rcmd", "ratatosk", "NADA.KTH.SE", "NADA.KTH.SE", 2,
{"host", "ratatosk.pdc.kth.se"},
"[libdefaults]\n"
" v4_instance_resolve = true\n"
"[realms]\n"
" NADA.KTH.SE = {\n"
" v4_name_convert = {\n"
" host = {\n"
" rcmd = host\n"
" }\n"
" }\n"
" default_domain = pdc.kth.se\n"
" }\n",
0, 0},
{"0123456789012345678901234567890123456789",
"0123456789012345678901234567890123456789",
"0123456789012345678901234567890123456789",
"0123456789012345678901234567890123456789",
2, {"0123456789012345678901234567890123456789",
"0123456789012345678901234567890123456789"}, NULL,
0, KRB5_PARSE_MALFORMED},
{"012345678901234567890123456789012345678",
"012345678901234567890123456789012345678",
"012345678901234567890123456789012345678",
"012345678901234567890123456789012345678",
2, {"012345678901234567890123456789012345678",
"012345678901234567890123456789012345678"}, NULL,
0, 0},
{NULL, NULL, NULL, NULL, 0, {}, NULL, 0}
};
int
main(int argc, char **argv)
{
struct testcase *t;
krb5_context context;
krb5_error_code ret;
int val = 0;
for (t = tests; t->v4_name; ++t) {
krb5_principal princ;
int i;
char name[40], inst[40], realm[40];
char printable_princ[256];
ret = krb5_init_context (&context);
if (ret)
errx (1, "krb5_init_context failed: %d", ret);
if (t->config_file != NULL) {
char template[] = "/tmp/krb5-conf-XXXXXX";
int fd = mkstemp(template);
char *files[2];
if (fd < 0)
krb5_err (context, 1, errno, "mkstemp %s", template);
if (write (fd, t->config_file, strlen(t->config_file))
!= strlen(t->config_file))
krb5_err (context, 1, errno, "write %s", template);
close (fd);
files[0] = template;
files[1] = NULL;
ret = krb5_set_config_files (context, files);
unlink (template);
if (ret)
krb5_err (context, 1, ret, "krb5_set_config_files");
}
ret = krb5_425_conv_principal (context,
t->v4_name,
t->v4_inst,
t->v4_realm,
&princ);
if (ret) {
if (ret != t->ret) {
krb5_warn (context, ret,
"krb5_425_conv_principal %s.%s@%s",
t->v4_name, t->v4_inst, t->v4_realm);
val = 1;
}
} else {
if (t->ret) {
krb5_warnx (context,
"krb5_425_conv_principal %s.%s@%s "
"passed unexpected",
t->v4_name, t->v4_inst, t->v4_realm);
val = 1;
continue;
}
}
if (ret)
continue;
if (strcmp (t->v5_realm, princ->realm) != 0) {
printf ("wrong realm (\"%s\" should be \"%s\")"
" for \"%s.%s@%s\"\n",
princ->realm, t->v5_realm,
t->v4_name,
t->v4_inst,
t->v4_realm);
val = 1;
}
if (t->ncomponents != princ->name.name_string.len) {
printf ("wrong number of components (%u should be %u)"
" for \"%s.%s@%s\"\n",
princ->name.name_string.len, t->ncomponents,
t->v4_name,
t->v4_inst,
t->v4_realm);
val = 1;
} else {
for (i = 0; i < t->ncomponents; ++i) {
if (strcmp(t->comp_val[i],
princ->name.name_string.val[i]) != 0) {
printf ("bad component %d (\"%s\" should be \"%s\")"
" for \"%s.%s@%s\"\n",
i,
princ->name.name_string.val[i],
t->comp_val[i],
t->v4_name,
t->v4_inst,
t->v4_realm);
val = 1;
}
}
}
ret = krb5_524_conv_principal (context, princ,
name, inst, realm);
if (krb5_unparse_name_fixed(context, princ,
printable_princ, sizeof(printable_princ)))
strlcpy(printable_princ, "unknown principal",
sizeof(printable_princ));
if (ret) {
if (ret != t->ret2) {
krb5_warn (context, ret,
"krb5_524_conv_principal %s", printable_princ);
val = 1;
}
} else {
if (t->ret2) {
krb5_warnx (context,
"krb5_524_conv_principal %s "
"passed unexpected", printable_princ);
val = 1;
continue;
}
}
if (ret) {
krb5_free_principal (context, princ);
continue;
}
krb5_free_principal (context, princ);
}
return val;
}

View File

@ -33,7 +33,7 @@
#include "krb5_locl.h"
RCSID("$Id: prompter_posix.c,v 1.6 2001/05/11 20:26:49 assar Exp $");
RCSID("$Id: prompter_posix.c,v 1.7 2002/09/16 17:32:11 nectar Exp $");
int
krb5_prompter_posix (krb5_context context,
@ -65,8 +65,7 @@ krb5_prompter_posix (krb5_context context,
prompts[i].reply->length,
stdin) == NULL)
return 1;
if(s[strlen(s) - 1] == '\n')
s[strlen(s) - 1] = '\0';
s[strcspn(s, "\n")] = '\0';
}
}
return 0;

View File

@ -33,7 +33,7 @@
#include <krb5_locl.h>
RCSID("$Id: rd_cred.c,v 1.17 2002/08/09 17:07:12 joda Exp $");
RCSID("$Id: rd_cred.c,v 1.18 2002/09/04 16:26:05 joda Exp $");
krb5_error_code
krb5_rd_cred(krb5_context context,
@ -214,7 +214,6 @@ krb5_rd_cred(krb5_context context,
for (i = 0; i < enc_krb_cred_part.ticket_info.len; ++i) {
KrbCredInfo *kci = &enc_krb_cred_part.ticket_info.val[i];
krb5_creds *creds;
u_char buf[1024];
size_t len;
creds = calloc(1, sizeof(*creds));
@ -224,12 +223,12 @@ krb5_rd_cred(krb5_context context,
goto out;
}
ret = encode_Ticket (buf + sizeof(buf) - 1, sizeof(buf),
&cred.tickets.val[i],
&len);
ASN1_MALLOC_ENCODE(Ticket, creds->ticket.data, creds->ticket.length,
&cred.tickets.val[i], &len, ret);
if (ret)
goto out;
krb5_data_copy (&creds->ticket, buf + sizeof(buf) - len, len);
if(creds->ticket.length != len)
krb5_abortx(context, "internal error in ASN.1 encoder");
copy_EncryptionKey (&kci->key, &creds->session);
if (kci->prealm && kci->pname)
principalname2krb5_principal (&creds->client,

View File

@ -33,7 +33,7 @@
#include <krb5_locl.h>
RCSID("$Id: rd_safe.c,v 1.26 2002/02/14 12:47:47 joda Exp $");
RCSID("$Id: rd_safe.c,v 1.27 2002/09/04 16:26:05 joda Exp $");
static krb5_error_code
verify_checksum(krb5_context context,
@ -53,19 +53,11 @@ verify_checksum(krb5_context context,
safe->cksum.checksum.data = NULL;
safe->cksum.checksum.length = 0;
buf_size = length_KRB_SAFE(safe);
buf = malloc(buf_size);
if (buf == NULL) {
ret = ENOMEM;
krb5_set_error_string (context, "malloc: out of memory");
goto out;
}
ret = encode_KRB_SAFE (buf + buf_size - 1,
buf_size,
safe,
&len);
ASN1_MALLOC_ENCODE(KRB_SAFE, buf, buf_size, safe, &len, ret);
if(ret)
return ret;
if(buf_size != len)
krb5_abortx(context, "internal error in ASN.1 encoder");
if (auth_context->remote_subkey)
key = auth_context->remote_subkey;

View File

@ -33,7 +33,7 @@
#include "krb5_locl.h"
RCSID("$Id: sendauth.c,v 1.18 2001/05/14 06:14:51 assar Exp $");
RCSID("$Id: sendauth.c,v 1.19 2002/09/04 21:34:43 joda Exp $");
/*
* The format seems to be:
@ -86,6 +86,7 @@ krb5_sendauth(krb5_context context,
krb5_principal this_client = NULL;
krb5_creds *creds;
ssize_t sret;
krb5_boolean my_ccache = FALSE;
len = strlen(version) + 1;
net_len = htonl(len);
@ -125,12 +126,16 @@ krb5_sendauth(krb5_context context,
ret = krb5_cc_default (context, &ccache);
if (ret)
return ret;
my_ccache = TRUE;
}
if (client == NULL) {
ret = krb5_cc_get_principal (context, ccache, &this_client);
if (ret)
if (ret) {
if(my_ccache)
krb5_cc_close(context, ccache);
return ret;
}
client = this_client;
}
memset(&this_cred, 0, sizeof(this_cred));
@ -142,11 +147,16 @@ krb5_sendauth(krb5_context context,
}
if (in_creds->ticket.length == 0) {
ret = krb5_get_credentials (context, 0, ccache, in_creds, &creds);
if (ret)
if (ret) {
if(my_ccache)
krb5_cc_close(context, ccache);
return ret;
}
} else {
creds = in_creds;
}
if(my_ccache)
krb5_cc_close(context, ccache);
ret = krb5_mk_req_extended (context,
auth_context,
ap_req_options,

View File

@ -33,7 +33,7 @@
#include "krb5_locl.h"
RCSID("$Id: transited.c,v 1.8 2001/05/14 06:14:52 assar Exp $");
RCSID("$Id: transited.c,v 1.9 2002/09/09 14:03:03 nectar Exp $");
/* this is an attempt at one of the most horrible `compression'
schemes that has ever been invented; it's so amazingly brain-dead
@ -318,8 +318,9 @@ krb5_domain_x500_decode(krb5_context context,
if(ret)
return ret;
/* remove empty components */
/* remove empty components and count realms */
q = &r;
*num_realms = 0;
for(p = r; p; ){
if(p->realm[0] == '\0'){
free(p->realm);
@ -329,22 +330,20 @@ krb5_domain_x500_decode(krb5_context context,
}else{
q = &p->next;
p = p->next;
(*num_realms)++;
}
}
if (*num_realms < 0 || *num_realms + 1 > UINT_MAX/sizeof(**realms))
return ERANGE;
{
char **R;
*realms = NULL;
*num_realms = 0;
R = malloc((*num_realms + 1) * sizeof(*R));
if (R == NULL)
return ENOMEM;
*realms = R;
while(r){
R = realloc(*realms, (*num_realms + 1) * sizeof(**realms));
if(R == NULL) {
free(*realms);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
R[*num_realms] = r->realm;
(*num_realms)++;
*realms = R;
*R++ = r->realm;
p = r->next;
free(r);
r = p;

View File

@ -1,3 +1,45 @@
2002-09-10 Johan Danielsson <joda@pdc.kth.se>
* roken.awk: include config.h before stdio.h (breaks with
_FILE_OFFSET_BITS on solaris otherwise)
2002-09-09 Johan Danielsson <joda@pdc.kth.se>
* resolve.c: fix res_nsearch call, but don't use it for now, AIX5
has a broken version that trashes memory
* roken-common.h: fix typo in previous
* roken-common.h: change IRIX == 4 to IRIX4
2002-09-04 Assar Westerlund <assar@kth.se>
* getifaddrs.c: remove some warnings from the linux-portion
* getnameinfo_verified.c (getnameinfo_verified): handle the case
of forward but no backward DNS information, and also describe the
desired behaviour. from Love <lha@stacken.kth.se>
2002-09-04 Johan Danielsson <joda@pdc.kth.se>
* rtbl.c (rtbl_destroy): free whole table
* resolve.c: use res_nsearch if we have it (from Larry Greenfield)
2002-09-03 Assar Westerlund <assar@kth.se>
* getifaddrs.c: add Linux AF_NETLINK getifaddrs from Hideaki
YOSHIFUJI of the Usagi project
* parse_reply-test.c: make this build and return 77 if there is no
mmap
* Makefile.am (parse_reply-test): add
* parse_reply-test.c: add a test case for parse_reply reading past
the given buffer
* resolve.c (parse_reply): update the arguments to more reasonable
types. allow parse_reply-test to call it
2002-08-28 Johan Danielsson <joda@pdc.kth.se>
* resolve.c (dns_srv_order): do alignment tricks with the random()

Some files were not shown because too many files have changed in this diff Show More