mirror of
https://github.com/freebsd/freebsd-src.git
synced 2024-11-30 21:43:34 +00:00
Import of Heimdal Kerberos from KTH repository circa 2002/09/16.
This commit is contained in:
parent
8373020d34
commit
0cadf2f4d7
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/vendor-crypto/heimdal/dist/; revision=103423
@ -1,3 +1,171 @@
|
||||
2002-09-16 Jacques Vidrine <nectar@kth.se>
|
||||
|
||||
* lib/krb5/kuserok.c, lib/krb5/prompter_posix.c: use strcspn
|
||||
to convert the newline to NUL in fgets results.
|
||||
|
||||
2002-09-13 Johan Danielsson <joda@pdc.kth.se>
|
||||
|
||||
* kuser/kinit.1: remove unneeded Ns
|
||||
|
||||
* lib/krb5/krb5_appdefault.3: remove extra "application"
|
||||
|
||||
* fix-export: remove autom4ate.cache
|
||||
|
||||
2002-09-10 Johan Danielsson <joda@pdc.kth.se>
|
||||
|
||||
* include/make_crypto.c: don't use function macros if possible
|
||||
|
||||
* lib/krb5/krb5_locl.h: get limits.h for UINT_MAX
|
||||
|
||||
* include/Makefile.am: use make_crypto to create crypto-headers.h
|
||||
|
||||
* include/make_crypto.c: crypto header generation tool
|
||||
|
||||
* configure.in: move crypto test to just after testing for krb4,
|
||||
and move roken tests to after both, this speeds up various failure
|
||||
cases with krb4
|
||||
|
||||
* lib/krb5/config_file.c: don't use NULL when we mean 0
|
||||
|
||||
* configure.in: we don't set package_libdir anymore, so no point
|
||||
in testing for it
|
||||
|
||||
* tools/Makefile.am: subst INCLUDE_des
|
||||
|
||||
* tools/krb5-config.in: add INCLUDE_des to cflags
|
||||
|
||||
* configure.in: use AC_CONFIG_SRCDIR
|
||||
|
||||
* fix-export: remove some unneeded stuff
|
||||
|
||||
* kuser/kinit.c (do_524init): free principals
|
||||
|
||||
2002-09-09 Jacques Vidrine <nectar@kth.se>
|
||||
|
||||
* kdc/kerberos5.c (get_pa_etype_info, fix_transited_encoding),
|
||||
kdc/kaserver.c (krb5_ret_xdr_data),
|
||||
lib/krb5/transited.c (krb5_domain_x500_decode): Validate some
|
||||
counts: Check that they are non-negative, and that they are small
|
||||
enough to avoid integer overflow when used in memory allocation
|
||||
calculations. Potential problem areas pointed out by
|
||||
Sebastian Krahmer <krahmer@suse.de>.
|
||||
|
||||
* lib/krb5/keytab_keyfile.c (akf_add_entry): Use O_EXCL when
|
||||
creating a new keyfile.
|
||||
|
||||
2002-09-09 Johan Danielsson <joda@pdc.kth.se>
|
||||
|
||||
* configure.in: don't try to build pam module
|
||||
|
||||
2002-09-05 Johan Danielsson <joda@pdc.kth.se>
|
||||
|
||||
* appl/kf/kf.c: fix warning string
|
||||
|
||||
* lib/krb5/log.c (krb5_vlog_msg): delay message formating till we
|
||||
know we need it
|
||||
|
||||
2002-09-04 Assar Westerlund <assar@kth.se>
|
||||
|
||||
* kdc/kerberos5.c (encode_reply): correct error logging
|
||||
|
||||
2002-09-04 Johan Danielsson <joda@pdc.kth.se>
|
||||
|
||||
* lib/krb5/sendauth.c: close ccache if we opened it
|
||||
|
||||
* appl/kf/kf.c: handle new protocol
|
||||
|
||||
* appl/kf/kfd.c: use krb5_err instead of sysloging directly,
|
||||
handle the new protocol, and bail out if an old client tries to
|
||||
connect
|
||||
|
||||
* appl/kf/kf_locl.h: we need a protocol version string
|
||||
|
||||
* lib/hdb/hdb-ldap.c: use ASN1_MALLOC_ENCODE
|
||||
|
||||
* kdc/kerberos5.c: use ASN1_MALLOC_ENCODE
|
||||
|
||||
* kdc/hprop.c: set AP_OPTS_USE_SUBKEY
|
||||
|
||||
* lib/hdb/common.c: use ASN1_MALLOC_ENCODE
|
||||
|
||||
* lib/asn1/gen.c: add convenience macro that allocates a buffer
|
||||
and encoded into that
|
||||
|
||||
* lib/krb5/get_cred.c (init_tgs_req): use
|
||||
in_creds->session.keytype literally instead of trying to convert
|
||||
to a list of enctypes (it should already be an enctype)
|
||||
|
||||
* lib/krb5/get_cred.c (init_tgs_req): init ret
|
||||
|
||||
2002-09-03 Johan Danielsson <joda@pdc.kth.se>
|
||||
|
||||
* lib/asn1/k5.asn1: remove ETYPE_DES3_CBC_NONE_IVEC
|
||||
|
||||
* lib/krb5/krb5.h: remove ENCTYPE_DES3_CBC_NONE_IVEC
|
||||
|
||||
* lib/krb5/crypto.c: get rid of DES3_CBC_encrypt_ivec, just use
|
||||
zero ivec in DES3_CBC_encrypt if passed ivec is NULL
|
||||
|
||||
* lib/krb5/Makefile.am: back out 1.144, since it will re-create
|
||||
krb5-protos.h at build-time, which requires perl, which is bad
|
||||
|
||||
* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): don't
|
||||
blindly use the local subkey
|
||||
|
||||
* lib/krb5/crypto.c: add function krb5_crypto_getblocksize that
|
||||
extracts the required blocksize from a crypto context
|
||||
|
||||
* lib/krb5/build_auth.c: just get the length of the encoded
|
||||
authenticator instead of trying to grow a buffer
|
||||
|
||||
2002-09-03 Assar Westerlund <assar@kth.se>
|
||||
|
||||
* configure.in: add --disable-mmap option, and tests for
|
||||
sys/mman.h and mmap
|
||||
|
||||
2002-09-03 Jacques Vidrine <nectar@kth.se>
|
||||
|
||||
* lib/krb5/changepw.c: verify lengths in response
|
||||
|
||||
* lib/asn1/der_get.c (decode_integer, decode_unsigned): check for
|
||||
truncated integers
|
||||
|
||||
2002-09-02 Johan Danielsson <joda@pdc.kth.se>
|
||||
|
||||
* lib/krb5/mk_req_ext.c: generate a local subkey if
|
||||
AP_OPTS_USE_SUBKEY is set
|
||||
|
||||
* lib/krb5/build_auth.c: we don't have enough information about
|
||||
whether to generate a local subkey here, so don't try to
|
||||
|
||||
* lib/krb5/auth_context.c: new function
|
||||
krb5_auth_con_generatelocalsubkey
|
||||
|
||||
* lib/krb5/get_in_tkt.c: only set kdc_sec_offset if looking at an
|
||||
initial ticket
|
||||
|
||||
* lib/krb5/context.c (init_context_from_config_file): simplify
|
||||
initialisation of srv_lookup
|
||||
|
||||
* lib/krb5/changepw.c (send_request): set AP_OPTS_USE_SUBKEY
|
||||
|
||||
* lib/krb5/krb5.h: add AP_OPTS_USE_SUBKEY
|
||||
|
||||
2002-08-30 Assar Westerlund <assar@kth.se>
|
||||
|
||||
* lib/krb5/name-45-test.c: also test krb5_524_conv_principal
|
||||
* lib/krb5/Makefile.am (TESTS): add name-45-test
|
||||
* lib/krb5/name-45-test.c: add testcases for
|
||||
krb5_425_conv_principal
|
||||
|
||||
2002-08-29 Assar Westerlund <assar@kth.se>
|
||||
|
||||
* lib/krb5/parse-name-test.c: also test unparse_short functions
|
||||
* lib/asn1/asn1_print.c: use com_err/error_message API
|
||||
* lib/krb5/Makefile.am: add parse-name-test
|
||||
* lib/krb5/parse-name-test.c: add a program for testing parsing
|
||||
and unparsing principal names
|
||||
|
||||
2002-08-28 Assar Westerlund <assar@kth.se>
|
||||
|
||||
* kdc/config.c: add missing ifdef DAEMON
|
||||
|
932
crypto/heimdal/aclocal.m4
vendored
932
crypto/heimdal/aclocal.m4
vendored
File diff suppressed because it is too large
Load Diff
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
|
||||
* Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -33,7 +33,7 @@
|
||||
|
||||
#include "ktutil_locl.h"
|
||||
|
||||
RCSID("$Id: add.c,v 1.3 2001/07/23 09:46:40 joda Exp $");
|
||||
RCSID("$Id: add.c,v 1.5 2002/09/10 19:26:52 joda Exp $");
|
||||
|
||||
int
|
||||
kt_add(int argc, char **argv)
|
||||
|
@ -32,7 +32,7 @@
|
||||
*/
|
||||
|
||||
/*
|
||||
* $Id: ktutil_locl.h,v 1.17 2001/08/22 20:30:18 assar Exp $
|
||||
* $Id: ktutil_locl.h,v 1.18 2002/09/10 20:03:45 joda Exp $
|
||||
*/
|
||||
|
||||
#ifndef __KTUTIL_LOCL_H__
|
||||
@ -54,12 +54,7 @@
|
||||
#include <parse_time.h>
|
||||
#include <roken.h>
|
||||
|
||||
#ifdef HAVE_OPENSSL
|
||||
#include <openssl/des.h>
|
||||
#else
|
||||
#include <des.h>
|
||||
#endif
|
||||
|
||||
#include "crypto-headers.h"
|
||||
#include <krb5.h>
|
||||
#include <kadm5/admin.h>
|
||||
#include <kadm5/kadm5_err.h>
|
||||
|
@ -1,3 +1,11 @@
|
||||
2002-09-05 Johan Danielsson <joda@pdc.kth.se>
|
||||
|
||||
* ftp/security.c (sec_vfprintf): free encoded data
|
||||
|
||||
* ftp/gssapi.c (gss_decode): release buffer
|
||||
|
||||
* ftp/ftp.c (active_mode): no need to allocate buffer for EPRT
|
||||
|
||||
2002-08-28 Johan Danielsson <joda@pdc.kth.se>
|
||||
|
||||
* ftp/ftp.c (command): clean up va_{start,end}ing (from NetBSD)
|
||||
|
@ -32,7 +32,7 @@
|
||||
*/
|
||||
|
||||
#include "ftp_locl.h"
|
||||
RCSID ("$Id: ftp.c,v 1.73 2002/08/28 16:10:39 joda Exp $");
|
||||
RCSID ("$Id: ftp.c,v 1.74 2002/09/04 22:00:12 joda Exp $");
|
||||
|
||||
struct sockaddr_storage hisctladdr_ss;
|
||||
struct sockaddr *hisctladdr = (struct sockaddr *)&hisctladdr_ss;
|
||||
@ -1284,7 +1284,6 @@ noport:
|
||||
if (listen (data, 1) < 0)
|
||||
warn ("listen");
|
||||
if (sendport) {
|
||||
char *cmd;
|
||||
char addr_str[256];
|
||||
int inet_af;
|
||||
int overbose;
|
||||
@ -1305,15 +1304,14 @@ noport:
|
||||
errx (1, "bad address family %d", data_addr->sa_family);
|
||||
}
|
||||
|
||||
asprintf (&cmd, "EPRT |%d|%s|%d|",
|
||||
inet_af, addr_str, ntohs(socket_get_port (data_addr)));
|
||||
|
||||
overbose = verbose;
|
||||
if (debug == 0)
|
||||
verbose = -1;
|
||||
|
||||
result = command (cmd);
|
||||
|
||||
result = command ("EPRT |%d|%s|%d|",
|
||||
inet_af, addr_str,
|
||||
ntohs(socket_get_port (data_addr)));
|
||||
verbose = overbose;
|
||||
|
||||
if (result == ERROR) {
|
||||
|
@ -31,7 +31,7 @@
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/* $Id: ftp_locl.h,v 1.36 2001/08/22 20:30:19 assar Exp $ */
|
||||
/* $Id: ftp_locl.h,v 1.37 2002/09/10 20:03:46 joda Exp $ */
|
||||
|
||||
#ifndef __FTP_LOCL_H__
|
||||
#define __FTP_LOCL_H__
|
||||
@ -131,11 +131,7 @@ struct hostent *gethostbyname(const char *);
|
||||
#include "security.h"
|
||||
|
||||
/* des_read_pw_string */
|
||||
#ifdef HAVE_OPENSSL
|
||||
#include <openssl/des.h>
|
||||
#else
|
||||
#include <des.h>
|
||||
#endif
|
||||
#include "crypto-headers.h"
|
||||
|
||||
#if defined(__sun__) && !defined(__svr4)
|
||||
int fclose(FILE*);
|
||||
|
@ -39,7 +39,7 @@
|
||||
#include <gssapi.h>
|
||||
#include <krb5_err.h>
|
||||
|
||||
RCSID("$Id: gssapi.c,v 1.19 2002/08/20 12:47:45 joda Exp $");
|
||||
RCSID("$Id: gssapi.c,v 1.20 2002/09/04 22:00:50 joda Exp $");
|
||||
|
||||
struct gss_data {
|
||||
gss_ctx_id_t context_hdl;
|
||||
@ -81,6 +81,7 @@ gss_decode(void *app_data, void *buf, int len, int level)
|
||||
gss_qop_t qop_state;
|
||||
int conf_state;
|
||||
struct gss_data *d = app_data;
|
||||
size_t ret_len;
|
||||
|
||||
input.length = len;
|
||||
input.value = buf;
|
||||
@ -93,7 +94,9 @@ gss_decode(void *app_data, void *buf, int len, int level)
|
||||
if(GSS_ERROR(maj_stat))
|
||||
return -1;
|
||||
memmove(buf, output.value, output.length);
|
||||
return output.length;
|
||||
ret_len = output.length;
|
||||
gss_release_buffer(&min_stat, &output);
|
||||
return ret_len;
|
||||
}
|
||||
|
||||
static int
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1998-2001 Kungliga Tekniska Högskolan
|
||||
* Copyright (c) 1998-2002 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -37,7 +37,7 @@
|
||||
#include "ftp_locl.h"
|
||||
#endif
|
||||
|
||||
RCSID("$Id: security.c,v 1.18 2001/02/07 10:49:43 assar Exp $");
|
||||
RCSID("$Id: security.c,v 1.19 2002/09/04 22:01:28 joda Exp $");
|
||||
|
||||
static enum protection_level command_prot;
|
||||
static enum protection_level data_prot;
|
||||
@ -387,9 +387,11 @@ sec_vfprintf(FILE *f, const char *fmt, va_list ap)
|
||||
return -1;
|
||||
}
|
||||
if(base64_encode(enc, len, &buf) < 0){
|
||||
free(enc);
|
||||
printf("Out of memory base64-encoding.\n");
|
||||
return -1;
|
||||
}
|
||||
free(enc);
|
||||
#ifdef FTP_SERVER
|
||||
if(command_prot == prot_safe)
|
||||
fprintf(f, "631 %s\r\n", buf);
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
|
||||
* Copyright (c) 1997 - 2000, 2002 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -32,13 +32,13 @@
|
||||
*/
|
||||
|
||||
#include "kf_locl.h"
|
||||
RCSID("$Id: kf.c,v 1.15 2001/02/20 01:44:44 assar Exp $");
|
||||
RCSID("$Id: kf.c,v 1.17 2002/09/05 15:00:03 joda Exp $");
|
||||
|
||||
krb5_context context;
|
||||
static int help_flag;
|
||||
static int version_flag;
|
||||
static char *port_str;
|
||||
const char *service = SERVICE;
|
||||
const char *service = KF_SERVICE;
|
||||
const char *remote_name = NULL;
|
||||
int forwardable = 0;
|
||||
const char *ccache_name = NULL;
|
||||
@ -107,7 +107,7 @@ client_setup(krb5_context *context, int *argc, char **argv)
|
||||
}
|
||||
|
||||
if (port == 0)
|
||||
port = krb5_getportbyname (*context, PORT, "tcp", PORT_NUM);
|
||||
port = krb5_getportbyname (*context, KF_PORT_NAME, "tcp", KF_PORT_NUM);
|
||||
|
||||
if(*argc - optind < 1)
|
||||
usage(1, args, num_args);
|
||||
@ -122,22 +122,19 @@ client_setup(krb5_context *context, int *argc, char **argv)
|
||||
*/
|
||||
|
||||
static int
|
||||
proto (int sock, const char *hostname, const char *service)
|
||||
proto (int sock, const char *hostname, const char *service,
|
||||
char *message, size_t len)
|
||||
{
|
||||
krb5_auth_context auth_context;
|
||||
krb5_error_code status;
|
||||
krb5_principal server;
|
||||
krb5_data data;
|
||||
krb5_data packet;
|
||||
krb5_data data_send;
|
||||
u_int32_t len, net_len;
|
||||
|
||||
krb5_ccache ccache;
|
||||
krb5_creds creds;
|
||||
krb5_kdc_flags flags;
|
||||
krb5_principal principal;
|
||||
char ret_string[10];
|
||||
ssize_t n;
|
||||
|
||||
status = krb5_auth_con_init (context, &auth_context);
|
||||
if (status) {
|
||||
@ -166,10 +163,10 @@ proto (int sock, const char *hostname, const char *service)
|
||||
status = krb5_sendauth (context,
|
||||
&auth_context,
|
||||
&sock,
|
||||
VERSION,
|
||||
KF_VERSION_1,
|
||||
NULL,
|
||||
server,
|
||||
AP_OPTS_MUTUAL_REQUIRED,
|
||||
AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SUBKEY,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
@ -181,27 +178,19 @@ proto (int sock, const char *hostname, const char *service)
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (remote_name == NULL) {
|
||||
remote_name = get_default_username ();
|
||||
if (remote_name == NULL)
|
||||
errx (1, "who are you?");
|
||||
}
|
||||
if (ccache_name == NULL)
|
||||
ccache_name = "";
|
||||
|
||||
krb5_data_zero(&data_send);
|
||||
data_send.data = (void *)remote_name;
|
||||
data_send.length = strlen(remote_name) + 1;
|
||||
status = krb5_write_message(context, &sock, &data_send);
|
||||
status = krb5_write_priv_message(context, auth_context, &sock, &data_send);
|
||||
if (status) {
|
||||
krb5_warn (context, status, "krb5_write_message");
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (ccache_name == NULL)
|
||||
ccache_name = "";
|
||||
|
||||
data_send.data = (void *)ccache_name;
|
||||
data_send.length = strlen(ccache_name)+1;
|
||||
status = krb5_write_message(context, &sock, &data_send);
|
||||
status = krb5_write_priv_message(context, auth_context, &sock, &data_send);
|
||||
if (status) {
|
||||
krb5_warn (context, status, "krb5_write_message");
|
||||
return 1;
|
||||
@ -223,16 +212,15 @@ proto (int sock, const char *hostname, const char *service)
|
||||
|
||||
creds.client = principal;
|
||||
|
||||
status = krb5_build_principal (context,
|
||||
&creds.server,
|
||||
strlen(principal->realm),
|
||||
principal->realm,
|
||||
KRB5_TGS_NAME,
|
||||
principal->realm,
|
||||
NULL);
|
||||
status = krb5_make_principal (context,
|
||||
&creds.server,
|
||||
principal->realm,
|
||||
KRB5_TGS_NAME,
|
||||
principal->realm,
|
||||
NULL);
|
||||
|
||||
if (status) {
|
||||
krb5_warn (context, status, "krb5_build_principal");
|
||||
krb5_warn (context, status, "krb5_make_principal");
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -254,60 +242,36 @@ proto (int sock, const char *hostname, const char *service)
|
||||
return 1;
|
||||
}
|
||||
|
||||
status = krb5_mk_priv (context,
|
||||
auth_context,
|
||||
&data,
|
||||
&packet,
|
||||
NULL);
|
||||
status = krb5_write_priv_message(context, auth_context, &sock, &data);
|
||||
|
||||
if (status) {
|
||||
krb5_warn (context, status, "krb5_mk_priv");
|
||||
return 1;
|
||||
}
|
||||
|
||||
len = packet.length;
|
||||
net_len = htonl(len);
|
||||
|
||||
if (krb5_net_write (context, &sock, &net_len, 4) != 4) {
|
||||
krb5_warn (context, errno, "krb5_net_write");
|
||||
return 1;
|
||||
}
|
||||
if (krb5_net_write (context, &sock, packet.data, len) != len) {
|
||||
krb5_warn (context, errno, "krb5_net_write");
|
||||
return 1;
|
||||
}
|
||||
|
||||
krb5_data_free (&data);
|
||||
|
||||
n = krb5_net_read (context, &sock, &net_len, 4);
|
||||
if (n == 0) {
|
||||
krb5_warnx (context, "EOF in krb5_net_read");
|
||||
status = krb5_read_priv_message(context, auth_context, &sock, &data);
|
||||
if (status) {
|
||||
krb5_warn (context, status, "krb5_mk_priv");
|
||||
return 1;
|
||||
}
|
||||
if (n < 0) {
|
||||
krb5_warn (context, errno, "krb5_net_read");
|
||||
return 1;
|
||||
if(data.length >= len) {
|
||||
krb5_warnx (context, "returned string is too long, truncating");
|
||||
memcpy(message, data.data, len);
|
||||
message[len - 1] = '\0';
|
||||
} else {
|
||||
memcpy(message, data.data, data.length);
|
||||
message[data.length] = '\0';
|
||||
}
|
||||
len = ntohl(net_len);
|
||||
if (len >= sizeof(ret_string)) {
|
||||
krb5_warnx (context, "too long string back from %s", hostname);
|
||||
return 1;
|
||||
}
|
||||
n = krb5_net_read (context, &sock, ret_string, len);
|
||||
if (n == 0) {
|
||||
krb5_warnx (context, "EOF in krb5_net_read");
|
||||
return 1;
|
||||
}
|
||||
if (n < 0) {
|
||||
krb5_warn (context, errno, "krb5_net_read");
|
||||
return 1;
|
||||
}
|
||||
ret_string[sizeof(ret_string) - 1] = '\0';
|
||||
krb5_data_free (&data);
|
||||
|
||||
return(strcmp(ret_string,"ok"));
|
||||
return(strcmp(message, "ok"));
|
||||
}
|
||||
|
||||
static int
|
||||
doit (const char *hostname, int port, const char *service)
|
||||
doit (const char *hostname, int port, const char *service,
|
||||
char *message, size_t len)
|
||||
{
|
||||
struct addrinfo *ai, *a;
|
||||
struct addrinfo hints;
|
||||
@ -337,7 +301,7 @@ doit (const char *hostname, int port, const char *service)
|
||||
continue;
|
||||
}
|
||||
freeaddrinfo (ai);
|
||||
return proto (s, hostname, service);
|
||||
return proto (s, hostname, service, message, len);
|
||||
}
|
||||
warnx ("failed to contact %s", hostname);
|
||||
freeaddrinfo (ai);
|
||||
@ -353,9 +317,19 @@ main(int argc, char **argv)
|
||||
argcc = argc;
|
||||
port = client_setup(&context, &argcc, argv);
|
||||
|
||||
if (remote_name == NULL) {
|
||||
remote_name = get_default_username ();
|
||||
if (remote_name == NULL)
|
||||
errx (1, "who are you?");
|
||||
}
|
||||
|
||||
for (i = argcc;i < argc; i++) {
|
||||
ret = doit (argv[i], port, service);
|
||||
warnx ("%s %s", argv[i], ret ? "failed" : "ok");
|
||||
char message[128];
|
||||
ret = doit (argv[i], port, service, message, sizeof(message));
|
||||
if(ret == 0)
|
||||
warnx ("%s: ok", argv[i]);
|
||||
else
|
||||
warnx ("%s: failed: %s", argv[i], message);
|
||||
}
|
||||
return(ret);
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan
|
||||
* Copyright (c) 1997 - 1999, 2002 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -31,7 +31,7 @@
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/* $Id: kf_locl.h,v 1.2 1999/12/02 17:04:55 joda Exp $ */
|
||||
/* $Id: kf_locl.h,v 1.3 2002/09/04 20:29:04 joda Exp $ */
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
@ -74,7 +74,8 @@
|
||||
#include <err.h>
|
||||
#include <krb5.h>
|
||||
|
||||
#define SERVICE "host"
|
||||
#define KF_SERVICE "host"
|
||||
|
||||
#define PORT "kf"
|
||||
#define PORT_NUM 2110
|
||||
#define KF_PORT_NAME "kf"
|
||||
#define KF_PORT_NUM 2110
|
||||
#define KF_VERSION_1 "KFWDV0.1"
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
|
||||
* Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -32,7 +32,7 @@
|
||||
*/
|
||||
|
||||
#include "kf_locl.h"
|
||||
RCSID("$Id: kfd.c,v 1.9 2001/02/20 01:44:44 assar Exp $");
|
||||
RCSID("$Id: kfd.c,v 1.10 2002/09/04 20:31:48 joda Exp $");
|
||||
|
||||
krb5_context context;
|
||||
char krb5_tkfile[MAXPATHLEN];
|
||||
@ -40,7 +40,7 @@ char krb5_tkfile[MAXPATHLEN];
|
||||
static int help_flag;
|
||||
static int version_flag;
|
||||
static char *port_str;
|
||||
char *service = SERVICE;
|
||||
char *service = KF_SERVICE;
|
||||
int do_inetd = 0;
|
||||
static char *regpag_str=NULL;
|
||||
|
||||
@ -92,7 +92,7 @@ server_setup(krb5_context *context, int argc, char **argv)
|
||||
}
|
||||
|
||||
if (port == 0)
|
||||
port = krb5_getportbyname (*context, PORT, "tcp", PORT_NUM);
|
||||
port = krb5_getportbyname (*context, KF_PORT_NAME, "tcp", KF_PORT_NUM);
|
||||
|
||||
if(argv[local_argc] != NULL)
|
||||
usage(1, args, num_args);
|
||||
@ -100,26 +100,23 @@ server_setup(krb5_context *context, int argc, char **argv)
|
||||
return port;
|
||||
}
|
||||
|
||||
static void
|
||||
syslog_and_die (const char *m, ...)
|
||||
static int protocol_version;
|
||||
|
||||
static krb5_boolean
|
||||
kfd_match_version(const void *arg, const char *version)
|
||||
{
|
||||
va_list args;
|
||||
|
||||
va_start(args, m);
|
||||
vsyslog (LOG_ERR, m, args);
|
||||
va_end(args);
|
||||
exit (1);
|
||||
}
|
||||
|
||||
static void
|
||||
syslog_and_cont (const char *m, ...)
|
||||
{
|
||||
va_list args;
|
||||
|
||||
va_start(args, m);
|
||||
vsyslog (LOG_ERR, m, args);
|
||||
va_end(args);
|
||||
return;
|
||||
if(strcmp(version, KF_VERSION_1) == 0) {
|
||||
protocol_version = 1;
|
||||
return TRUE;
|
||||
} else if (strlen(version) == 4 &&
|
||||
version[0] == '0' &&
|
||||
version[1] == '.' &&
|
||||
(version[2] == '4' || version[2] == '3') &&
|
||||
islower(version[3])) {
|
||||
protocol_version = 0;
|
||||
return TRUE;
|
||||
}
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
static int
|
||||
@ -132,31 +129,25 @@ proto (int sock, const char *service)
|
||||
char *name;
|
||||
char ret_string[10];
|
||||
char hostname[MAXHOSTNAMELEN];
|
||||
krb5_data packet;
|
||||
krb5_data data;
|
||||
krb5_data remotename;
|
||||
krb5_data tk_file;
|
||||
|
||||
u_int32_t len, net_len;
|
||||
krb5_ccache ccache;
|
||||
char ccname[MAXPATHLEN];
|
||||
struct passwd *pwd;
|
||||
ssize_t n;
|
||||
|
||||
status = krb5_auth_con_init (context, &auth_context);
|
||||
if (status)
|
||||
syslog_and_die("krb5_auth_con_init: %s",
|
||||
krb5_get_err_text(context, status));
|
||||
krb5_err(context, 1, status, "krb5_auth_con_init");
|
||||
|
||||
status = krb5_auth_con_setaddrs_from_fd (context,
|
||||
auth_context,
|
||||
&sock);
|
||||
if (status)
|
||||
syslog_and_die("krb5_auth_con_setaddr: %s",
|
||||
krb5_get_err_text(context, status));
|
||||
krb5_err(context, 1, status, "krb5_auth_con_setaddr");
|
||||
|
||||
if(gethostname (hostname, sizeof(hostname)) < 0)
|
||||
syslog_and_die("gethostname: %s",strerror(errno));
|
||||
krb5_err(context, 1, errno, "gethostname");
|
||||
|
||||
status = krb5_sname_to_principal (context,
|
||||
hostname,
|
||||
@ -164,88 +155,80 @@ proto (int sock, const char *service)
|
||||
KRB5_NT_SRV_HST,
|
||||
&server);
|
||||
if (status)
|
||||
syslog_and_die("krb5_sname_to_principal: %s",
|
||||
krb5_get_err_text(context, status));
|
||||
krb5_err(context, 1, status, "krb5_sname_to_principal");
|
||||
|
||||
status = krb5_recvauth (context,
|
||||
&auth_context,
|
||||
&sock,
|
||||
VERSION,
|
||||
server,
|
||||
0,
|
||||
NULL,
|
||||
&ticket);
|
||||
status = krb5_recvauth_match_version (context,
|
||||
&auth_context,
|
||||
&sock,
|
||||
kfd_match_version,
|
||||
NULL,
|
||||
server,
|
||||
0,
|
||||
NULL,
|
||||
&ticket);
|
||||
if (status)
|
||||
syslog_and_die("krb5_recvauth: %s",
|
||||
krb5_get_err_text(context, status));
|
||||
krb5_err(context, 1, status, "krb5_recvauth");
|
||||
|
||||
status = krb5_unparse_name (context,
|
||||
ticket->client,
|
||||
&name);
|
||||
if (status)
|
||||
syslog_and_die("krb5_unparse_name: %s",
|
||||
krb5_get_err_text(context, status));
|
||||
krb5_err(context, 1, status, "krb5_unparse_name");
|
||||
|
||||
status=krb5_read_message (context, &sock, &remotename);
|
||||
if (status) {
|
||||
syslog_and_die("krb5_read_message: %s",
|
||||
krb5_get_err_text(context, status));
|
||||
}
|
||||
status=krb5_read_message (context, &sock, &tk_file);
|
||||
if (status) {
|
||||
syslog_and_die("krb5_read_message: %s",
|
||||
krb5_get_err_text(context, status));
|
||||
if(protocol_version == 0) {
|
||||
data.data = "old clnt"; /* XXX old clients only had room for
|
||||
10 bytes of message, and also
|
||||
didn't show it to the user */
|
||||
data.length = strlen(data.data) + 1;
|
||||
krb5_write_message(context, &sock, &data);
|
||||
sleep(2); /* XXX give client time to finish */
|
||||
krb5_errx(context, 1, "old client; exiting");
|
||||
}
|
||||
|
||||
status=krb5_read_priv_message (context, auth_context,
|
||||
&sock, &remotename);
|
||||
if (status)
|
||||
krb5_err(context, 1, status, "krb5_read_message");
|
||||
status=krb5_read_priv_message (context, auth_context,
|
||||
&sock, &tk_file);
|
||||
if (status)
|
||||
krb5_err(context, 1, status, "krb5_read_message");
|
||||
|
||||
krb5_data_zero (&data);
|
||||
krb5_data_zero (&packet);
|
||||
|
||||
n = krb5_net_read (context, &sock, &net_len, 4);
|
||||
if (n < 0)
|
||||
syslog_and_die("krb5_net_read: %s", strerror(errno));
|
||||
if (n == 0)
|
||||
syslog_and_die("EOF in krb5_net_read");
|
||||
if(((char*)remotename.data)[remotename.length-1] != '\0')
|
||||
krb5_errx(context, 1, "unterminated received");
|
||||
if(((char*)tk_file.data)[tk_file.length-1] != '\0')
|
||||
krb5_errx(context, 1, "unterminated received");
|
||||
|
||||
len = ntohl(net_len);
|
||||
krb5_data_alloc (&packet, len);
|
||||
n = krb5_net_read (context, &sock, packet.data, len);
|
||||
if (n < 0)
|
||||
syslog_and_die("krb5_net_read: %s", strerror(errno));
|
||||
if (n == 0)
|
||||
syslog_and_die("EOF in krb5_net_read");
|
||||
status = krb5_read_priv_message(context, auth_context, &sock, &data);
|
||||
|
||||
status = krb5_rd_priv (context,
|
||||
auth_context,
|
||||
&packet,
|
||||
&data,
|
||||
NULL);
|
||||
if (status) {
|
||||
syslog_and_cont("krb5_rd_priv: %s",
|
||||
krb5_get_err_text(context, status));
|
||||
krb5_err(context, 1, errno, "krb5_read_priv_message");
|
||||
goto out;
|
||||
}
|
||||
|
||||
pwd = getpwnam ((char *)(remotename.data));
|
||||
if (pwd == NULL) {
|
||||
status=1;
|
||||
syslog_and_cont("getpwnam: %s failed",(char *)(remotename.data));
|
||||
krb5_warnx(context, "getpwnam: %s failed",(char *)(remotename.data));
|
||||
goto out;
|
||||
}
|
||||
|
||||
if(!krb5_kuserok (context,
|
||||
ticket->client,
|
||||
(char *)(remotename.data))) {
|
||||
ticket->client,
|
||||
(char *)(remotename.data))) {
|
||||
status=1;
|
||||
syslog_and_cont("krb5_kuserok: permission denied");
|
||||
krb5_warnx(context, "krb5_kuserok: permission denied");
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (setgid(pwd->pw_gid) < 0) {
|
||||
syslog_and_cont ("setgid: %s", strerror(errno));
|
||||
krb5_warn(context, errno, "setgid");
|
||||
goto out;
|
||||
}
|
||||
if (setuid(pwd->pw_uid) < 0) {
|
||||
syslog_and_cont ("setuid: %s", strerror(errno));
|
||||
krb5_warn(context, errno, "setuid");
|
||||
goto out;
|
||||
}
|
||||
|
||||
@ -256,49 +239,41 @@ proto (int sock, const char *service)
|
||||
|
||||
status = krb5_cc_resolve (context, ccname, &ccache);
|
||||
if (status) {
|
||||
syslog_and_cont("krb5_cc_resolve: %s",
|
||||
krb5_get_err_text(context, status));
|
||||
krb5_warn(context, status, "krb5_cc_resolve");
|
||||
goto out;
|
||||
}
|
||||
status = krb5_cc_initialize (context, ccache, ticket->client);
|
||||
if (status) {
|
||||
syslog_and_cont("krb5_cc_initialize: %s",
|
||||
krb5_get_err_text(context, status));
|
||||
krb5_warn(context, status, "krb5_cc_initialize");
|
||||
goto out;
|
||||
}
|
||||
status = krb5_rd_cred2 (context, auth_context, ccache, &data);
|
||||
krb5_cc_close (context, ccache);
|
||||
if (status) {
|
||||
syslog_and_cont("krb5_rd_cred: %s",
|
||||
krb5_get_err_text(context, status));
|
||||
krb5_warn(context, status, "krb5_rd_cred");
|
||||
goto out;
|
||||
|
||||
}
|
||||
strlcpy(krb5_tkfile,ccname,sizeof(krb5_tkfile));
|
||||
syslog_and_cont("%s forwarded ticket to %s,%s",
|
||||
name,
|
||||
(char *)(remotename.data),ccname);
|
||||
out:
|
||||
krb5_warnx(context, "%s forwarded ticket to %s,%s",
|
||||
name,
|
||||
(char *)(remotename.data),ccname);
|
||||
out:
|
||||
if (status) {
|
||||
strcpy(ret_string, "no");
|
||||
syslog_and_cont("failed");
|
||||
krb5_warnx(context, "failed");
|
||||
} else {
|
||||
strcpy(ret_string, "ok");
|
||||
}
|
||||
|
||||
krb5_data_free (&tk_file);
|
||||
krb5_data_free (&remotename);
|
||||
krb5_data_free (&packet);
|
||||
krb5_data_free (&data);
|
||||
free(name);
|
||||
|
||||
len = strlen(ret_string) + 1;
|
||||
net_len = htonl(len);
|
||||
if (krb5_net_write (context, &sock, &net_len, 4) != 4)
|
||||
return 1;
|
||||
if (krb5_net_write (context, &sock, ret_string, len) != len)
|
||||
return 1;
|
||||
return status;
|
||||
data.data = ret_string;
|
||||
data.length = strlen(ret_string) + 1;
|
||||
return krb5_write_priv_message(context, auth_context, &sock, &data);
|
||||
}
|
||||
|
||||
static int
|
||||
@ -314,10 +289,16 @@ main(int argc, char **argv)
|
||||
{
|
||||
int port;
|
||||
int ret;
|
||||
krb5_log_facility *fac;
|
||||
|
||||
setprogname (argv[0]);
|
||||
roken_openlog (argv[0], LOG_ODELAY | LOG_PID,LOG_AUTH);
|
||||
port = server_setup(&context, argc, argv);
|
||||
ret = krb5_openlog(context, "kfd", &fac);
|
||||
if(ret) krb5_err(context, 1, ret, "krb5_openlog");
|
||||
ret = krb5_set_warn_dest(context, fac);
|
||||
if(ret) krb5_err(context, 1, ret, "krb5_set_warn_dest");
|
||||
|
||||
ret = doit (port, service);
|
||||
closelog();
|
||||
if (ret == 0 && regpag_str != NULL)
|
||||
|
@ -1,3 +1,27 @@
|
||||
2002-09-04 Johan Danielsson <joda@pdc.kth.se>
|
||||
|
||||
* rsh.c: free some memory
|
||||
|
||||
2002-09-04 Assar Westerlund <assar@kth.se>
|
||||
|
||||
* common.c: krb5_crypto_block_size -> krb5_crypto_getblocksize
|
||||
|
||||
2002-09-04 Johan Danielsson <joda@pdc.kth.se>
|
||||
|
||||
* rsh.1: document -P
|
||||
|
||||
2002-09-03 Johan Danielsson <joda@pdc.kth.se>
|
||||
|
||||
* rsh.c: revert to protocol v1 if not asked for specific protocol
|
||||
|
||||
* rshd.c: handle protocol version 2
|
||||
|
||||
* rsh.c: handle protocol version 2
|
||||
|
||||
* common.c: handle protocol version 2
|
||||
|
||||
* rsh_locl.h: handle protocol version 2
|
||||
|
||||
2002-02-18 Johan Danielsson <joda@pdc.kth.se>
|
||||
|
||||
* rshd.c: don't show options that doesn't apply
|
||||
|
@ -32,14 +32,40 @@
|
||||
*/
|
||||
|
||||
#include "rsh_locl.h"
|
||||
RCSID("$Id: common.c,v 1.14 2002/02/18 20:01:05 joda Exp $");
|
||||
RCSID("$Id: common.c,v 1.16 2002/09/04 15:50:36 assar Exp $");
|
||||
|
||||
#if defined(KRB4) || defined(KRB5)
|
||||
|
||||
#ifdef KRB5
|
||||
int key_usage = 1026;
|
||||
|
||||
void *ivec_in[2];
|
||||
void *ivec_out[2];
|
||||
|
||||
void
|
||||
init_ivecs(int client)
|
||||
{
|
||||
size_t blocksize;
|
||||
|
||||
krb5_crypto_getblocksize(context, crypto, &blocksize);
|
||||
|
||||
ivec_in[0] = malloc(blocksize);
|
||||
memset(ivec_in[0], client, blocksize);
|
||||
|
||||
ivec_in[1] = malloc(blocksize);
|
||||
memset(ivec_in[1], 2 | client, blocksize);
|
||||
|
||||
ivec_out[0] = malloc(blocksize);
|
||||
memset(ivec_out[0], !client, blocksize);
|
||||
|
||||
ivec_out[1] = malloc(blocksize);
|
||||
memset(ivec_out[1], 2 | !client, blocksize);
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
ssize_t
|
||||
do_read (int fd,
|
||||
void *buf,
|
||||
size_t sz)
|
||||
do_read (int fd, void *buf, size_t sz, void *ivec)
|
||||
{
|
||||
if (do_encrypt) {
|
||||
#ifdef KRB4
|
||||
@ -61,7 +87,11 @@ do_read (int fd,
|
||||
len = ntohl(len);
|
||||
if (len > sz)
|
||||
abort ();
|
||||
outer_len = krb5_get_wrapped_length (context, crypto, len);
|
||||
/* ivec will be non null for protocol version 2 */
|
||||
if(ivec != NULL)
|
||||
outer_len = krb5_get_wrapped_length (context, crypto, len + 4);
|
||||
else
|
||||
outer_len = krb5_get_wrapped_length (context, crypto, len);
|
||||
edata = malloc (outer_len);
|
||||
if (edata == NULL)
|
||||
errx (1, "malloc: cannot allocate %u bytes", outer_len);
|
||||
@ -69,13 +99,22 @@ do_read (int fd,
|
||||
if (ret <= 0)
|
||||
return ret;
|
||||
|
||||
status = krb5_decrypt(context, crypto, KRB5_KU_OTHER_ENCRYPTED,
|
||||
edata, outer_len, &data);
|
||||
status = krb5_decrypt_ivec(context, crypto, key_usage,
|
||||
edata, outer_len, &data, ivec);
|
||||
free (edata);
|
||||
|
||||
if (status)
|
||||
errx (1, "%s", krb5_get_err_text (context, status));
|
||||
memcpy (buf, data.data, len);
|
||||
krb5_err (context, 1, status, "decrypting data");
|
||||
if(ivec != NULL) {
|
||||
unsigned long l;
|
||||
if(data.length < len + 4)
|
||||
errx (1, "data received is too short");
|
||||
_krb5_get_int(data.data, &l, 4);
|
||||
if(l != len)
|
||||
errx (1, "inconsistency in received data");
|
||||
memcpy (buf, (unsigned char *)data.data+4, len);
|
||||
} else
|
||||
memcpy (buf, data.data, len);
|
||||
krb5_data_free (&data);
|
||||
return len;
|
||||
} else
|
||||
@ -86,7 +125,7 @@ do_read (int fd,
|
||||
}
|
||||
|
||||
ssize_t
|
||||
do_write (int fd, void *buf, size_t sz)
|
||||
do_write (int fd, void *buf, size_t sz, void *ivec)
|
||||
{
|
||||
if (do_encrypt) {
|
||||
#ifdef KRB4
|
||||
@ -98,20 +137,27 @@ do_write (int fd, void *buf, size_t sz)
|
||||
if(auth_method == AUTH_KRB5) {
|
||||
krb5_error_code status;
|
||||
krb5_data data;
|
||||
u_int32_t len;
|
||||
unsigned char len[4];
|
||||
int ret;
|
||||
|
||||
status = krb5_encrypt(context, crypto, KRB5_KU_OTHER_ENCRYPTED,
|
||||
buf, sz, &data);
|
||||
|
||||
_krb5_put_int(len, sz, 4);
|
||||
if(ivec != NULL) {
|
||||
unsigned char *tmp = malloc(sz + 4);
|
||||
if(tmp == NULL)
|
||||
err(1, "malloc");
|
||||
_krb5_put_int(tmp, sz, 4);
|
||||
memcpy(tmp + 4, buf, sz);
|
||||
status = krb5_encrypt_ivec(context, crypto, key_usage,
|
||||
tmp, sz + 4, &data, ivec);
|
||||
free(tmp);
|
||||
} else
|
||||
status = krb5_encrypt_ivec(context, crypto, key_usage,
|
||||
buf, sz, &data, ivec);
|
||||
|
||||
if (status)
|
||||
errx (1, "%s", krb5_get_err_text(context, status));
|
||||
krb5_err(context, 1, status, "encrypting data");
|
||||
|
||||
assert (krb5_get_wrapped_length (context, crypto,
|
||||
sz) == data.length);
|
||||
|
||||
len = htonl(sz);
|
||||
ret = krb5_net_write (context, &fd, &len, 4);
|
||||
ret = krb5_net_write (context, &fd, len, 4);
|
||||
if (ret != 4)
|
||||
return ret;
|
||||
ret = krb5_net_write (context, &fd, data.data, data.length);
|
||||
|
@ -1,6 +1,6 @@
|
||||
.\" $Id: rsh.1,v 1.3 2002/08/20 17:07:08 joda Exp $
|
||||
.\" $Id: rsh.1,v 1.4 2002/09/04 13:01:52 joda Exp $
|
||||
.\"
|
||||
.Dd July 31, 2001
|
||||
.Dd September 4, 2002
|
||||
.Dt RSH 1
|
||||
.Os HEIMDAL
|
||||
.Sh NAME
|
||||
@ -13,6 +13,7 @@ remote shell
|
||||
.Op Fl U Pa string
|
||||
.Op Fl p Ar port
|
||||
.Op Fl l Ar username
|
||||
.Op Fl P Ar N|O
|
||||
.Ar host [command]
|
||||
.Sh DESCRIPTION
|
||||
.Nm
|
||||
@ -145,6 +146,22 @@ By default the remote username is the same as the local. The
|
||||
option or the
|
||||
.Pa username@host
|
||||
format allow the remote name to be specified.
|
||||
.It Xo
|
||||
.Fl P Ar N|O|1|2 ,
|
||||
.Fl -protocol= Ns Ar N|O|1|2
|
||||
.Xc
|
||||
Specifies which protocol version to use with Kerberos 5.
|
||||
.Ar N
|
||||
and
|
||||
.Ar 2
|
||||
selects protocol version 2, while
|
||||
.Ar O
|
||||
and
|
||||
.Ar 1
|
||||
selects version 1. Version 2 is beleived to be more secure, and is the
|
||||
default. Unless asked for a specific version,
|
||||
.Nm
|
||||
will try both. This behaviour may change in the future.
|
||||
.El
|
||||
.\".Pp
|
||||
.\"Without a
|
||||
@ -155,7 +172,7 @@ format allow the remote name to be specified.
|
||||
.\"with the same arguments.
|
||||
.Sh EXAMPLES
|
||||
Care should be taken when issuing commands containing shell meta
|
||||
characters. Without quoting these will be expanded on the local
|
||||
characters. Without quoting, these will be expanded on the local
|
||||
machine.
|
||||
.Pp
|
||||
The following command:
|
||||
|
@ -32,7 +32,7 @@
|
||||
*/
|
||||
|
||||
#include "rsh_locl.h"
|
||||
RCSID("$Id: rsh.c,v 1.65 2002/02/18 20:02:06 joda Exp $");
|
||||
RCSID("$Id: rsh.c,v 1.68 2002/09/04 21:40:04 joda Exp $");
|
||||
|
||||
enum auth_method auth_method;
|
||||
#if defined(KRB4) || defined(KRB5)
|
||||
@ -67,6 +67,8 @@ static const char *user;
|
||||
static int do_version;
|
||||
static int do_help;
|
||||
static int do_errsock = 1;
|
||||
static char *protocol_version_str;
|
||||
static int protocol_version = 2;
|
||||
|
||||
/*
|
||||
*
|
||||
@ -80,6 +82,11 @@ loop (int s, int errsock)
|
||||
fd_set real_readset;
|
||||
int count = 1;
|
||||
|
||||
#ifdef KRB5
|
||||
if(auth_method == AUTH_KRB5 && protocol_version == 2)
|
||||
init_ivecs(1);
|
||||
#endif
|
||||
|
||||
if (s >= FD_SETSIZE || errsock >= FD_SETSIZE)
|
||||
errx (1, "fd too large");
|
||||
|
||||
@ -106,7 +113,7 @@ loop (int s, int errsock)
|
||||
err (1, "select");
|
||||
}
|
||||
if (FD_ISSET(s, &readset)) {
|
||||
ret = do_read (s, buf, sizeof(buf));
|
||||
ret = do_read (s, buf, sizeof(buf), ivec_in[0]);
|
||||
if (ret < 0)
|
||||
err (1, "read");
|
||||
else if (ret == 0) {
|
||||
@ -118,7 +125,7 @@ loop (int s, int errsock)
|
||||
net_write (STDOUT_FILENO, buf, ret);
|
||||
}
|
||||
if (errsock != -1 && FD_ISSET(errsock, &readset)) {
|
||||
ret = do_read (errsock, buf, sizeof(buf));
|
||||
ret = do_read (errsock, buf, sizeof(buf), ivec_in[1]);
|
||||
if (ret < 0)
|
||||
err (1, "read");
|
||||
else if (ret == 0) {
|
||||
@ -138,7 +145,7 @@ loop (int s, int errsock)
|
||||
FD_CLR(STDIN_FILENO, &real_readset);
|
||||
shutdown (s, SHUT_WR);
|
||||
} else
|
||||
do_write (s, buf, ret);
|
||||
do_write (s, buf, ret, ivec_out[0]);
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -166,7 +173,7 @@ send_krb4_auth(int s,
|
||||
getpid(), &msg, &cred, schedule,
|
||||
(struct sockaddr_in *)thisaddr,
|
||||
(struct sockaddr_in *)thataddr,
|
||||
KCMD_VERSION);
|
||||
KCMD_OLD_VERSION);
|
||||
if (status != KSUCCESS) {
|
||||
warnx("%s: %s", hostname, krb_get_err_text(status));
|
||||
return 1;
|
||||
@ -267,6 +274,8 @@ krb5_forward_cred (krb5_auth_context auth_context,
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int sendauth_version_error;
|
||||
|
||||
static int
|
||||
send_krb5_auth(int s,
|
||||
struct sockaddr *thisaddr,
|
||||
@ -282,6 +291,8 @@ send_krb5_auth(int s,
|
||||
int status;
|
||||
size_t len;
|
||||
krb5_auth_context auth_context = NULL;
|
||||
const char *protocol_string = NULL;
|
||||
krb5_flags ap_opts;
|
||||
|
||||
status = krb5_sname_to_principal(context,
|
||||
hostname,
|
||||
@ -300,25 +311,53 @@ send_krb5_auth(int s,
|
||||
cmd,
|
||||
remote_user);
|
||||
|
||||
ap_opts = 0;
|
||||
|
||||
if(do_encrypt)
|
||||
ap_opts |= AP_OPTS_MUTUAL_REQUIRED;
|
||||
|
||||
switch(protocol_version) {
|
||||
case 2:
|
||||
ap_opts |= AP_OPTS_USE_SUBKEY;
|
||||
protocol_string = KCMD_NEW_VERSION;
|
||||
break;
|
||||
case 1:
|
||||
protocol_string = KCMD_OLD_VERSION;
|
||||
key_usage = KRB5_KU_OTHER_ENCRYPTED;
|
||||
break;
|
||||
default:
|
||||
abort();
|
||||
}
|
||||
|
||||
status = krb5_sendauth (context,
|
||||
&auth_context,
|
||||
&s,
|
||||
KCMD_VERSION,
|
||||
protocol_string,
|
||||
NULL,
|
||||
server,
|
||||
do_encrypt ? AP_OPTS_MUTUAL_REQUIRED : 0,
|
||||
ap_opts,
|
||||
&cksum_data,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL);
|
||||
|
||||
krb5_free_principal(context, server);
|
||||
krb5_data_free(&cksum_data);
|
||||
|
||||
if (status) {
|
||||
warnx("%s: %s", hostname, krb5_get_err_text(context, status));
|
||||
if(status == KRB5_SENDAUTH_REJECTED &&
|
||||
protocol_version == 2 && protocol_version_str == NULL)
|
||||
sendauth_version_error = 1;
|
||||
else
|
||||
krb5_warn(context, status, "%s", hostname);
|
||||
return 1;
|
||||
}
|
||||
|
||||
status = krb5_auth_con_getkey (context, auth_context, &keyblock);
|
||||
status = krb5_auth_con_getlocalsubkey (context, auth_context, &keyblock);
|
||||
if(keyblock == NULL)
|
||||
status = krb5_auth_con_getkey (context, auth_context, &keyblock);
|
||||
if (status) {
|
||||
warnx ("krb5_auth_con_getkey: %s", krb5_get_err_text(context, status));
|
||||
return 1;
|
||||
@ -552,7 +591,7 @@ proto (int s, int errsock,
|
||||
(void *)&one, sizeof(one)) < 0)
|
||||
warn("setsockopt stderr");
|
||||
}
|
||||
|
||||
|
||||
return loop (s, errsock2);
|
||||
}
|
||||
|
||||
@ -777,6 +816,8 @@ struct getargs args[] = {
|
||||
"port" },
|
||||
{ "user", 'l', arg_string, &user, "Run as this user", "login" },
|
||||
{ "stderr", 'e', arg_negative_flag, &do_errsock, "Don't open stderr"},
|
||||
{ "protocol", 'P', arg_string, &protocol_version_str,
|
||||
"Protocol version", "protocol" },
|
||||
{ "version", 0, arg_flag, &do_version, NULL },
|
||||
{ "help", 0, arg_flag, &do_help, NULL }
|
||||
};
|
||||
@ -840,7 +881,24 @@ main(int argc, char **argv)
|
||||
print_version (NULL);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
if(protocol_version_str != NULL) {
|
||||
if(strcasecmp(protocol_version_str, "N") == 0)
|
||||
protocol_version = 2;
|
||||
else if(strcasecmp(protocol_version_str, "O") == 0)
|
||||
protocol_version = 1;
|
||||
else {
|
||||
char *end;
|
||||
int v;
|
||||
v = strtol(protocol_version_str, &end, 0);
|
||||
if(*end != '\0' || (v != 1 && v != 2)) {
|
||||
errx(1, "unknown protocol version \"%s\"",
|
||||
protocol_version_str);
|
||||
}
|
||||
protocol_version = v;
|
||||
}
|
||||
}
|
||||
|
||||
#ifdef KRB5
|
||||
status = krb5_init_context (&context);
|
||||
if (status) {
|
||||
@ -978,9 +1036,15 @@ main(int argc, char **argv)
|
||||
errx (1, "getaddrinfo: %s", gai_strerror(error));
|
||||
|
||||
auth_method = AUTH_KRB5;
|
||||
again:
|
||||
ret = doit (host, ai, user, local_user, cmd, cmd_len,
|
||||
do_errsock,
|
||||
send_krb5_auth);
|
||||
if(ret != 0 && sendauth_version_error &&
|
||||
protocol_version == 2) {
|
||||
protocol_version = 1;
|
||||
goto again;
|
||||
}
|
||||
freeaddrinfo(ai);
|
||||
}
|
||||
#endif
|
||||
@ -1035,5 +1099,6 @@ main(int argc, char **argv)
|
||||
cmd, cmd_len);
|
||||
freeaddrinfo(ai);
|
||||
}
|
||||
free(cmd);
|
||||
return ret;
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997 - 2000, 2002 Kungliga Tekniska Högskolan
|
||||
* Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -31,7 +31,7 @@
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/* $Id: rsh_locl.h,v 1.27 2002/08/12 15:09:16 joda Exp $ */
|
||||
/* $Id: rsh_locl.h,v 1.28 2002/09/03 20:03:46 joda Exp $ */
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
@ -99,6 +99,7 @@
|
||||
#endif
|
||||
#ifdef KRB5
|
||||
#include <krb5.h>
|
||||
#include <krb5-private.h> /* for _krb5_{get,put}_int */
|
||||
#endif
|
||||
#ifdef KRB4
|
||||
#include <kafs.h>
|
||||
@ -132,25 +133,30 @@ extern int do_encrypt;
|
||||
extern krb5_context context;
|
||||
extern krb5_keyblock *keyblock;
|
||||
extern krb5_crypto crypto;
|
||||
extern int key_usage;
|
||||
extern void *ivec_in[2];
|
||||
extern void *ivec_out[2];
|
||||
void init_ivecs(int);
|
||||
#endif
|
||||
#ifdef KRB4
|
||||
extern des_key_schedule schedule;
|
||||
extern des_cblock iv;
|
||||
#endif
|
||||
|
||||
#define KCMD_VERSION "KCMDV0.1"
|
||||
#define KCMD_OLD_VERSION "KCMDV0.1"
|
||||
#define KCMD_NEW_VERSION "KCMDV0.2"
|
||||
|
||||
#define USERNAME_SZ 16
|
||||
#define COMMAND_SZ 1024
|
||||
|
||||
#define RSH_BUFSIZ (16 * 1024)
|
||||
#define RSH_BUFSIZ (5 * 1024) /* MIT kcmd can't handle larger buffers */
|
||||
|
||||
#define PATH_RSH BINDIR "/rsh"
|
||||
|
||||
#if defined(KRB4) || defined(KRB5)
|
||||
ssize_t do_read (int fd, void *buf, size_t sz);
|
||||
ssize_t do_write (int fd, void *buf, size_t sz);
|
||||
ssize_t do_read (int, void*, size_t, void*);
|
||||
ssize_t do_write (int, void*, size_t, void*);
|
||||
#else
|
||||
#define do_write(F, B, L) write((F), (B), (L))
|
||||
#define do_read(F, B, L) read((F), (B), (L))
|
||||
#define do_write(F, B, L, I) write((F), (B), (L))
|
||||
#define do_read(F, B, L, I) read((F), (B), (L))
|
||||
#endif
|
||||
|
@ -32,7 +32,7 @@
|
||||
*/
|
||||
|
||||
#include "rsh_locl.h"
|
||||
RCSID("$Id: rshd.c,v 1.46 2002/02/18 20:02:14 joda Exp $");
|
||||
RCSID("$Id: rshd.c,v 1.47 2002/09/03 20:03:26 joda Exp $");
|
||||
|
||||
int
|
||||
login_access( struct passwd *user, char *from);
|
||||
@ -199,7 +199,7 @@ recv_krb4_auth (int s, u_char *buf,
|
||||
version);
|
||||
if (status != KSUCCESS)
|
||||
syslog_and_die ("recvauth: %s", krb_get_err_text(status));
|
||||
if (strncmp (version, KCMD_VERSION, KRB_SENDAUTH_VLEN) != 0)
|
||||
if (strncmp (version, KCMD_OLD_VERSION, KRB_SENDAUTH_VLEN) != 0)
|
||||
syslog_and_die ("bad version: %s", version);
|
||||
|
||||
read_str (s, server_username, USERNAME_SZ, "remote username");
|
||||
@ -277,6 +277,24 @@ krb5_start_session (void)
|
||||
return;
|
||||
}
|
||||
|
||||
static int protocol_version;
|
||||
|
||||
static krb5_boolean
|
||||
match_kcmd_version(const void *data, const char *version)
|
||||
{
|
||||
if(strcmp(version, KCMD_NEW_VERSION) == 0) {
|
||||
protocol_version = 2;
|
||||
return TRUE;
|
||||
}
|
||||
if(strcmp(version, KCMD_OLD_VERSION) == 0) {
|
||||
protocol_version = 1;
|
||||
key_usage = KRB5_KU_OTHER_ENCRYPTED;
|
||||
return TRUE;
|
||||
}
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
recv_krb5_auth (int s, u_char *buf,
|
||||
struct sockaddr *thisaddr,
|
||||
@ -311,14 +329,15 @@ recv_krb5_auth (int s, u_char *buf,
|
||||
syslog_and_die ("krb5_sock_to_principal: %s",
|
||||
krb5_get_err_text(context, status));
|
||||
|
||||
status = krb5_recvauth(context,
|
||||
&auth_context,
|
||||
&s,
|
||||
KCMD_VERSION,
|
||||
server,
|
||||
KRB5_RECVAUTH_IGNORE_VERSION,
|
||||
NULL,
|
||||
&ticket);
|
||||
status = krb5_recvauth_match_version(context,
|
||||
&auth_context,
|
||||
&s,
|
||||
match_kcmd_version,
|
||||
NULL,
|
||||
server,
|
||||
KRB5_RECVAUTH_IGNORE_VERSION,
|
||||
NULL,
|
||||
&ticket);
|
||||
krb5_free_principal (context, server);
|
||||
if (status)
|
||||
syslog_and_die ("krb5_recvauth: %s",
|
||||
@ -328,8 +347,17 @@ recv_krb5_auth (int s, u_char *buf,
|
||||
read_str (s, cmd, COMMAND_SZ, "command");
|
||||
read_str (s, client_username, COMMAND_SZ, "local username");
|
||||
|
||||
status = krb5_auth_con_getkey (context, auth_context, &keyblock);
|
||||
if (status)
|
||||
if(protocol_version == 2) {
|
||||
status = krb5_auth_con_getremotesubkey(context, auth_context,
|
||||
&keyblock);
|
||||
if(status != 0 || keyblock == NULL)
|
||||
syslog_and_die("failed to get remote subkey");
|
||||
} else if(protocol_version == 1) {
|
||||
status = krb5_auth_con_getkey (context, auth_context, &keyblock);
|
||||
if(status != 0 || keyblock == NULL)
|
||||
syslog_and_die("failed to get key");
|
||||
}
|
||||
if (status != 0 || keyblock == NULL)
|
||||
syslog_and_die ("krb5_auth_con_getkey: %s",
|
||||
krb5_get_err_text(context, status));
|
||||
|
||||
@ -436,6 +464,11 @@ loop (int from0, int to0,
|
||||
if(from0 >= FD_SETSIZE || from1 >= FD_SETSIZE || from2 >= FD_SETSIZE)
|
||||
errx (1, "fd too large");
|
||||
|
||||
#ifdef KRB5
|
||||
if(auth_method == AUTH_KRB5 && protocol_version == 2)
|
||||
init_ivecs(0);
|
||||
#endif
|
||||
|
||||
FD_ZERO(&real_readset);
|
||||
FD_SET(from0, &real_readset);
|
||||
FD_SET(from1, &real_readset);
|
||||
@ -454,7 +487,7 @@ loop (int from0, int to0,
|
||||
syslog_and_die ("select: %m");
|
||||
}
|
||||
if (FD_ISSET(from0, &readset)) {
|
||||
ret = do_read (from0, buf, sizeof(buf));
|
||||
ret = do_read (from0, buf, sizeof(buf), ivec_in[0]);
|
||||
if (ret < 0)
|
||||
syslog_and_die ("read: %m");
|
||||
else if (ret == 0) {
|
||||
@ -475,7 +508,7 @@ loop (int from0, int to0,
|
||||
if (--count == 0)
|
||||
exit (0);
|
||||
} else
|
||||
do_write (to1, buf, ret);
|
||||
do_write (to1, buf, ret, ivec_out[0]);
|
||||
}
|
||||
if (FD_ISSET(from2, &readset)) {
|
||||
ret = read (from2, buf, sizeof(buf));
|
||||
@ -488,7 +521,7 @@ loop (int from0, int to0,
|
||||
if (--count == 0)
|
||||
exit (0);
|
||||
} else
|
||||
do_write (to2, buf, ret);
|
||||
do_write (to2, buf, ret, ivec_out[1]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -32,7 +32,7 @@
|
||||
|
||||
#include <config.h>
|
||||
|
||||
RCSID("$Id: su.c,v 1.24 2002/02/19 13:01:15 joda Exp $");
|
||||
RCSID("$Id: su.c,v 1.25 2002/09/10 20:03:47 joda Exp $");
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
@ -50,11 +50,7 @@ RCSID("$Id: su.c,v 1.24 2002/02/19 13:01:15 joda Exp $");
|
||||
|
||||
#include <pwd.h>
|
||||
|
||||
#ifdef HAVE_OPENSSL
|
||||
#include <openssl/des.h>
|
||||
#else
|
||||
#include <des.h>
|
||||
#endif
|
||||
#include "crypto-headers.h"
|
||||
#ifdef KRB5
|
||||
#include <krb5.h>
|
||||
#endif
|
||||
|
@ -1,5 +1,13 @@
|
||||
2002-09-02 Johan Danielsson <joda@pdc.kth.se>
|
||||
|
||||
* libtelnet/kerberos5.c: set AP_OPTS_USE_SUBKEY
|
||||
|
||||
2002-08-28 Johan Danielsson <joda@pdc.kth.se>
|
||||
|
||||
* telnet/commands.c: remove extra "Toggle"'s
|
||||
|
||||
* telnet/commands.c: IRIX == 4 -> IRIX4
|
||||
|
||||
* telnet/main.c: rename functions to what they're really called
|
||||
|
||||
* telnet/commands.c: kill some might be uninitialized warnings
|
||||
|
@ -33,7 +33,7 @@
|
||||
|
||||
#include <config.h>
|
||||
|
||||
RCSID("$Id: enc_des.c,v 1.20 2001/08/29 00:45:19 assar Exp $");
|
||||
RCSID("$Id: enc_des.c,v 1.21 2002/09/10 20:03:47 joda Exp $");
|
||||
|
||||
#if defined(AUTHENTICATION) && defined(ENCRYPTION) && defined(DES_ENCRYPTION)
|
||||
#include <arpa/telnet.h>
|
||||
@ -50,11 +50,7 @@ RCSID("$Id: enc_des.c,v 1.20 2001/08/29 00:45:19 assar Exp $");
|
||||
#include "encrypt.h"
|
||||
#include "misc-proto.h"
|
||||
|
||||
#ifdef HAVE_OPENSSL
|
||||
#include <openssl/des.h>
|
||||
#else
|
||||
#include <des.h>
|
||||
#endif
|
||||
#include "crypto-headers.h"
|
||||
|
||||
extern int encrypt_debug_mode;
|
||||
|
||||
|
@ -55,7 +55,7 @@
|
||||
* or implied warranty.
|
||||
*/
|
||||
|
||||
/* $Id: encrypt.h,v 1.7 2001/08/22 20:30:22 assar Exp $ */
|
||||
/* $Id: encrypt.h,v 1.8 2002/09/10 20:03:47 joda Exp $ */
|
||||
|
||||
#ifndef __ENCRYPT__
|
||||
#define __ENCRYPT__
|
||||
@ -90,11 +90,9 @@ typedef struct {
|
||||
|
||||
#define SK_DES 1 /* Matched Kerberos v5 KEYTYPE_DES */
|
||||
|
||||
#include "crypto-headers.h"
|
||||
#ifdef HAVE_OPENSSL
|
||||
#include <openssl/des.h>
|
||||
#define des_new_random_key des_random_key
|
||||
#else
|
||||
#include <des.h>
|
||||
#endif
|
||||
|
||||
#include "enc-proto.h"
|
||||
|
@ -53,7 +53,7 @@
|
||||
|
||||
#include <config.h>
|
||||
|
||||
RCSID("$Id: kerberos5.c,v 1.50 2002/08/28 20:55:53 joda Exp $");
|
||||
RCSID("$Id: kerberos5.c,v 1.51 2002/09/02 15:33:20 joda Exp $");
|
||||
|
||||
#ifdef KRB5
|
||||
|
||||
@ -206,6 +206,8 @@ kerberos5_send(char *name, Authenticator *ap)
|
||||
ap_opts = AP_OPTS_MUTUAL_REQUIRED;
|
||||
else
|
||||
ap_opts = 0;
|
||||
|
||||
ap_opts |= AP_OPTS_USE_SUBKEY;
|
||||
|
||||
ret = krb5_auth_con_init (context, &auth_context);
|
||||
if (ret) {
|
||||
|
@ -1,3 +1,31 @@
|
||||
2002-09-10 Johan Danielsson <joda@pdc.kth.se>
|
||||
|
||||
* crypto.m4: use m4 macros for test cases, also test for older
|
||||
hash names
|
||||
|
||||
* test-package.m4: include dep libraries in LIB_*
|
||||
|
||||
* crypto.m4: move krb4 test before test for openssl, and bail out
|
||||
if krb4 is requested, but the crypto library is not the same as
|
||||
krb4
|
||||
|
||||
* db.m4: filter contents of LDFLAGS
|
||||
|
||||
2002-09-09 Johan Danielsson <joda@pdc.kth.se>
|
||||
|
||||
* auth-modules.m4: rename to rk_AUTH_MODULES
|
||||
|
||||
* auth-modules.m4: only include modules explicitly asked for
|
||||
|
||||
2002-09-04 Johan Danielsson <joda@pdc.kth.se>
|
||||
|
||||
* roken-frag.m4: test for res_nsearch
|
||||
|
||||
2002-09-03 Assar Westerlund <assar@kth.se>
|
||||
|
||||
* roken-frag.m4: check for sys/mman.h and mmap (used by
|
||||
parse_reply-test)
|
||||
|
||||
2002-08-28 Assar Westerlund <assar@kth.se>
|
||||
|
||||
* krb-readline.m4: also add LIB_tgetent in the case of editline
|
||||
|
@ -1,16 +1,22 @@
|
||||
dnl $Id: auth-modules.m4,v 1.3 2002/08/28 15:04:57 nectar Exp $
|
||||
dnl $Id: auth-modules.m4,v 1.5 2002/09/09 13:31:45 joda Exp $
|
||||
dnl
|
||||
dnl Figure what authentication modules should be built
|
||||
dnl
|
||||
dnl rk_AUTH_MODULES(module-list)
|
||||
|
||||
AC_DEFUN(AC_AUTH_MODULES,[
|
||||
AC_MSG_CHECKING(which authentication modules should be built)
|
||||
AC_DEFUN(rk_AUTH_MODULES,[
|
||||
AC_MSG_CHECKING([which authentication modules should be built])
|
||||
|
||||
z='m4_ifval([$1], $1, [sia pam afskauthlib])'
|
||||
LIB_AUTH_SUBDIRS=
|
||||
|
||||
for i in $z; do
|
||||
case $i in
|
||||
sia)
|
||||
if test "$ac_cv_header_siad_h" = yes; then
|
||||
LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS sia"
|
||||
fi
|
||||
|
||||
;;
|
||||
pam)
|
||||
case "${host}" in
|
||||
*-*-freebsd*) ac_cv_want_pam_krb4=no ;;
|
||||
*) ac_cv_want_pam_krb4=yes ;;
|
||||
@ -21,12 +27,19 @@ if test "$ac_cv_want_pam_krb4" = yes -a \
|
||||
"$enable_shared" = yes; then
|
||||
LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS pam"
|
||||
fi
|
||||
|
||||
;;
|
||||
afskauthlib)
|
||||
case "${host}" in
|
||||
*-*-irix[[56]]*) LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS afskauthlib" ;;
|
||||
esac
|
||||
|
||||
AC_MSG_RESULT($LIB_AUTH_SUBDIRS)
|
||||
;;
|
||||
esac
|
||||
done
|
||||
if test "$LIB_AUTH_SUBDIRS"; then
|
||||
AC_MSG_RESULT($LIB_AUTH_SUBDIRS)
|
||||
else
|
||||
AC_MSG_RESULT(none)
|
||||
fi
|
||||
|
||||
AC_SUBST(LIB_AUTH_SUBDIRS)dnl
|
||||
])
|
||||
|
@ -1,10 +1,54 @@
|
||||
dnl $Id: crypto.m4,v 1.11 2002/08/28 23:09:05 assar Exp $
|
||||
dnl $Id: crypto.m4,v 1.13 2002/09/10 19:55:48 joda Exp $
|
||||
dnl
|
||||
dnl test for crypto libraries:
|
||||
dnl - libcrypto (from openssl)
|
||||
dnl - libdes (from krb4)
|
||||
dnl - own-built libdes
|
||||
|
||||
m4_define([test_headers], [
|
||||
#undef KRB5 /* makes md4.h et al unhappy */
|
||||
#ifdef HAVE_OPENSSL
|
||||
#include <openssl/md4.h>
|
||||
#include <openssl/md5.h>
|
||||
#include <openssl/sha.h>
|
||||
#include <openssl/des.h>
|
||||
#include <openssl/rc4.h>
|
||||
#else
|
||||
#include <md4.h>
|
||||
#include <md5.h>
|
||||
#include <sha.h>
|
||||
#include <des.h>
|
||||
#include <rc4.h>
|
||||
#endif
|
||||
#ifdef OLD_HASH_NAMES
|
||||
typedef struct md4 MD4_CTX;
|
||||
#define MD4_Init(C) md4_init((C))
|
||||
#define MD4_Update(C, D, L) md4_update((C), (D), (L))
|
||||
#define MD4_Final(D, C) md4_finito((C), (D))
|
||||
typedef struct md5 MD5_CTX;
|
||||
#define MD5_Init(C) md5_init((C))
|
||||
#define MD5_Update(C, D, L) md5_update((C), (D), (L))
|
||||
#define MD5_Final(D, C) md5_finito((C), (D))
|
||||
typedef struct sha SHA_CTX;
|
||||
#define SHA1_Init(C) sha_init((C))
|
||||
#define SHA1_Update(C, D, L) sha_update((C), (D), (L))
|
||||
#define SHA1_Final(D, C) sha_finito((C), (D))
|
||||
#endif
|
||||
])
|
||||
m4_define([test_body], [
|
||||
void *schedule = 0;
|
||||
MD4_CTX md4;
|
||||
MD5_CTX md5;
|
||||
SHA_CTX sha1;
|
||||
|
||||
MD4_Init(&md4);
|
||||
MD5_Init(&md5);
|
||||
SHA1_Init(&sha1);
|
||||
|
||||
des_cbc_encrypt(0, 0, 0, schedule, 0, 0);
|
||||
RC4(0, 0, 0, 0);])
|
||||
|
||||
|
||||
AC_DEFUN([KRB_CRYPTO],[
|
||||
crypto_lib=unknown
|
||||
AC_WITH_ALL([openssl])
|
||||
@ -14,49 +58,7 @@ DIR_des=
|
||||
AC_MSG_CHECKING([for crypto library])
|
||||
|
||||
openssl=no
|
||||
if test "$crypto_lib" = "unknown" -a "$with_openssl" != "no"; then
|
||||
|
||||
save_CPPFLAGS="$CPPFLAGS"
|
||||
save_LIBS="$LIBS"
|
||||
INCLUDE_des=
|
||||
LIB_des=
|
||||
if test "$with_openssl_include" != ""; then
|
||||
INCLUDE_des="-I${with_openssl}/include"
|
||||
fi
|
||||
if test "$with_openssl_lib" != ""; then
|
||||
LIB_des="-L${with_openssl}/lib"
|
||||
fi
|
||||
CPPFLAGS="${INCLUDE_des} ${CPPFLAGS}"
|
||||
LIB_des="${LIB_des} -lcrypto"
|
||||
LIB_des_a="$LIB_des"
|
||||
LIB_des_so="$LIB_des"
|
||||
LIB_des_appl="$LIB_des"
|
||||
LIBS="${LIBS} ${LIB_des}"
|
||||
AC_TRY_LINK([
|
||||
#include <openssl/md4.h>
|
||||
#include <openssl/md5.h>
|
||||
#include <openssl/sha.h>
|
||||
#include <openssl/des.h>
|
||||
#include <openssl/rc4.h>
|
||||
],
|
||||
[
|
||||
void *schedule = 0;
|
||||
MD4_CTX md4;
|
||||
MD5_CTX md5;
|
||||
SHA_CTX sha1;
|
||||
|
||||
MD4_Init(&md4);
|
||||
MD5_Init(&md5);
|
||||
SHA1_Init(&sha1);
|
||||
|
||||
des_cbc_encrypt(0, 0, 0, schedule, 0, 0);
|
||||
RC4(0, 0, 0, 0);
|
||||
], [
|
||||
crypto_lib=libcrypto openssl=yes
|
||||
AC_MSG_RESULT([libcrypto])])
|
||||
CPPFLAGS="$save_CPPFLAGS"
|
||||
LIBS="$save_LIBS"
|
||||
fi
|
||||
old_hash=no
|
||||
|
||||
if test "$crypto_lib" = "unknown" -a "$with_krb4" != "no"; then
|
||||
save_CPPFLAGS="$CPPFLAGS"
|
||||
@ -72,91 +74,22 @@ if test "$crypto_lib" = "unknown" -a "$with_krb4" != "no"; then
|
||||
|
||||
ires=
|
||||
for i in $INCLUDE_krb4; do
|
||||
CFLAGS="-DHAVE_OPENSSL $i $save_CFLAGS"
|
||||
AC_TRY_COMPILE(test_headers, test_body,
|
||||
openssl=yes ires="$i"; break)
|
||||
CFLAGS="$i $save_CFLAGS"
|
||||
AC_TRY_COMPILE([
|
||||
#undef KRB5 /* makes md4.h et al unhappy */
|
||||
#define KRB4
|
||||
#include <openssl/md4.h>
|
||||
#include <openssl/md5.h>
|
||||
#include <openssl/sha.h>
|
||||
#include <openssl/des.h>
|
||||
#include <openssl/rc4.h>
|
||||
], [
|
||||
MD4_CTX md4;
|
||||
MD5_CTX md5;
|
||||
SHA_CTX sha1;
|
||||
|
||||
MD4_Init(&md4);
|
||||
MD5_Init(&md5);
|
||||
SHA1_Init(&sha1);
|
||||
|
||||
des_cbc_encrypt(0, 0, 0, 0, 0, 0);
|
||||
RC4(0, 0, 0, 0);],openssl=yes ires="$i"; break)
|
||||
AC_TRY_COMPILE([
|
||||
#undef KRB5 /* makes md4.h et al unhappy */
|
||||
#define KRB4
|
||||
#include <md4.h>
|
||||
#include <md5.h>
|
||||
#include <sha.h>
|
||||
#include <des.h>
|
||||
#include <rc4.h>
|
||||
], [
|
||||
MD4_CTX md4;
|
||||
MD5_CTX md5;
|
||||
SHA_CTX sha1;
|
||||
|
||||
MD4_Init(&md4);
|
||||
MD5_Init(&md5);
|
||||
SHA1_Init(&sha1);
|
||||
|
||||
des_cbc_encrypt(0, 0, 0, 0, 0, 0);
|
||||
RC4(0, 0, 0, 0);],ires="$i"; break)
|
||||
AC_TRY_COMPILE(test_headers, test_body,
|
||||
openssl=no ires="$i"; break)
|
||||
CFLAGS="-DOLD_HASH_NAMES $i $save_CFLAGS"
|
||||
AC_TRY_COMPILE(test_headers, test_body,
|
||||
openssl=no ires="$i" old_hash=yes; break)
|
||||
done
|
||||
lres=
|
||||
for i in $cdirs; do
|
||||
for j in $clibs; do
|
||||
LIBS="$i $j $save_LIBS"
|
||||
if test "$openssl" = yes; then
|
||||
AC_TRY_LINK([
|
||||
#undef KRB5 /* makes md4.h et al unhappy */
|
||||
#define KRB4
|
||||
#include <openssl/md4.h>
|
||||
#include <openssl/md5.h>
|
||||
#include <openssl/sha.h>
|
||||
#include <openssl/des.h>
|
||||
#include <openssl/rc4.h>
|
||||
], [
|
||||
MD4_CTX md4;
|
||||
MD5_CTX md5;
|
||||
SHA_CTX sha1;
|
||||
|
||||
MD4_Init(&md4);
|
||||
MD5_Init(&md5);
|
||||
SHA1_Init(&sha1);
|
||||
|
||||
des_cbc_encrypt(0, 0, 0, 0, 0, 0);
|
||||
RC4(0, 0, 0, 0);],lres="$i $j"; break 2)
|
||||
else
|
||||
AC_TRY_LINK([
|
||||
#undef KRB5 /* makes md4.h et al unhappy */
|
||||
#define KRB4
|
||||
#include <md4.h>
|
||||
#include <md5.h>
|
||||
#include <sha.h>
|
||||
#include <des.h>
|
||||
#include <rc4.h>
|
||||
], [
|
||||
MD4_CTX md4;
|
||||
MD5_CTX md5;
|
||||
SHA_CTX sha1;
|
||||
|
||||
MD4_Init(&md4);
|
||||
MD5_Init(&md5);
|
||||
SHA1_Init(&sha1);
|
||||
|
||||
des_cbc_encrypt(0, 0, 0, 0, 0, 0);
|
||||
RC4(0, 0, 0, 0);],lres="$i $j"; break 2)
|
||||
fi
|
||||
AC_TRY_LINK(test_headers, test_body,
|
||||
lres="$i $j"; break 2)
|
||||
done
|
||||
done
|
||||
CFLAGS="$save_CFLAGS"
|
||||
@ -172,6 +105,31 @@ if test "$crypto_lib" = "unknown" -a "$with_krb4" != "no"; then
|
||||
fi
|
||||
fi
|
||||
|
||||
if test "$crypto_lib" = "unknown" -a "$with_openssl" != "no"; then
|
||||
save_CFLAGS="$CFLAGS"
|
||||
save_LIBS="$LIBS"
|
||||
INCLUDE_des=
|
||||
LIB_des=
|
||||
if test "$with_openssl_include" != ""; then
|
||||
INCLUDE_des="-I${with_openssl}/include"
|
||||
fi
|
||||
if test "$with_openssl_lib" != ""; then
|
||||
LIB_des="-L${with_openssl}/lib"
|
||||
fi
|
||||
CFLAGS="-DHAVE_OPENSSL ${INCLUDE_des} ${CFLAGS}"
|
||||
LIB_des="${LIB_des} -lcrypto"
|
||||
LIB_des_a="$LIB_des"
|
||||
LIB_des_so="$LIB_des"
|
||||
LIB_des_appl="$LIB_des"
|
||||
LIBS="${LIBS} ${LIB_des}"
|
||||
AC_TRY_LINK(test_headers, test_body, [
|
||||
crypto_lib=libcrypto openssl=yes
|
||||
AC_MSG_RESULT([libcrypto])
|
||||
])
|
||||
CFLAGS="$save_CFLAGS"
|
||||
LIBS="$save_LIBS"
|
||||
fi
|
||||
|
||||
if test "$crypto_lib" = "unknown"; then
|
||||
|
||||
DIR_des='des'
|
||||
@ -184,9 +142,19 @@ if test "$crypto_lib" = "unknown"; then
|
||||
|
||||
fi
|
||||
|
||||
if test "$with_krb4" != no -a "$crypto_lib" != krb4; then
|
||||
AC_MSG_ERROR([the crypto library used by krb4 lacks features
|
||||
required by Kerberos 5; to continue, you need to install a newer
|
||||
Kerberos 4 or configure --without-krb4])
|
||||
fi
|
||||
|
||||
if test "$openssl" = "yes"; then
|
||||
AC_DEFINE([HAVE_OPENSSL], 1, [define to use openssl's libcrypto])
|
||||
fi
|
||||
if test "$old_hash" = yes; then
|
||||
AC_DEFINE([HAVE_OLD_HASH_NAMES], 1,
|
||||
[define if you have hash functions like md4_finito()])
|
||||
fi
|
||||
AM_CONDITIONAL(HAVE_OPENSSL, test "$openssl" = yes)dnl
|
||||
|
||||
AC_SUBST(DIR_des)
|
||||
|
@ -1,4 +1,4 @@
|
||||
dnl $Id: db.m4,v 1.8 2002/05/17 15:32:21 joda Exp $
|
||||
dnl $Id: db.m4,v 1.9 2002/09/10 14:29:47 joda Exp $
|
||||
dnl
|
||||
dnl tests for various db libraries
|
||||
dnl
|
||||
@ -190,7 +190,15 @@ AM_CONDITIONAL(HAVE_DB1, test "$db_type" = db1)dnl
|
||||
AM_CONDITIONAL(HAVE_DB3, test "$db_type" = db3)dnl
|
||||
AM_CONDITIONAL(HAVE_NDBM, test "$db_type" = ndbm)dnl
|
||||
|
||||
DBLIB="$LDFLAGS $DBLIB"
|
||||
## it's probably not correct to include LDFLAGS here, but we might
|
||||
## need it, for now just add any possible -L
|
||||
z=""
|
||||
for i in $LDFLAGS; do
|
||||
case "$i" in
|
||||
-L*) z="$z $i";;
|
||||
esac
|
||||
done
|
||||
DBLIB="$z $DBLIB"
|
||||
AC_SUBST(DBLIB)dnl
|
||||
AC_SUBST(LIB_NDBM)dnl
|
||||
])
|
||||
|
@ -1,4 +1,4 @@
|
||||
dnl $Id: roken-frag.m4,v 1.42 2002/08/26 13:26:52 assar Exp $
|
||||
dnl $Id: roken-frag.m4,v 1.44 2002/09/04 20:57:30 joda Exp $
|
||||
dnl
|
||||
dnl some code to get roken working
|
||||
dnl
|
||||
@ -69,6 +69,7 @@ AC_CHECK_HEADERS([\
|
||||
shadow.h \
|
||||
sys/bswap.h \
|
||||
sys/ioctl.h \
|
||||
sys/mman.h \
|
||||
sys/param.h \
|
||||
sys/proc.h \
|
||||
sys/resource.h \
|
||||
@ -126,6 +127,24 @@ AC_FIND_FUNC(res_search, resolv,
|
||||
],
|
||||
[0,0,0,0,0])
|
||||
|
||||
AC_FIND_FUNC(res_nsearch, resolv,
|
||||
[
|
||||
#include <stdio.h>
|
||||
#ifdef HAVE_SYS_TYPES_H
|
||||
#include <sys/types.h>
|
||||
#endif
|
||||
#ifdef HAVE_NETINET_IN_H
|
||||
#include <netinet/in.h>
|
||||
#endif
|
||||
#ifdef HAVE_ARPA_NAMESER_H
|
||||
#include <arpa/nameser.h>
|
||||
#endif
|
||||
#ifdef HAVE_RESOLV_H
|
||||
#include <resolv.h>
|
||||
#endif
|
||||
],
|
||||
[0,0,0,0,0])
|
||||
|
||||
AC_FIND_FUNC(dn_expand, resolv,
|
||||
[
|
||||
#include <stdio.h>
|
||||
@ -205,6 +224,8 @@ fi
|
||||
|
||||
AC_REQUIRE([AC_FUNC_GETLOGIN])
|
||||
|
||||
AC_REQUIRE([AC_FUNC_MMAP])
|
||||
|
||||
AC_FIND_FUNC_NO_LIBS(getsockopt,,
|
||||
[#ifdef HAVE_SYS_TYPES_H
|
||||
#include <sys/types.h>
|
||||
|
@ -1,4 +1,4 @@
|
||||
dnl $Id: test-package.m4,v 1.11 2002/08/28 19:30:48 joda Exp $
|
||||
dnl $Id: test-package.m4,v 1.12 2002/09/10 15:23:38 joda Exp $
|
||||
dnl
|
||||
dnl rk_TEST_PACKAGE(package,headers,libraries,extra libs,
|
||||
dnl default locations, conditional, config-program)
|
||||
@ -101,7 +101,7 @@ if test "$with_$1" != no; then
|
||||
done
|
||||
if test "$ires" -a "$lres" -a "$with_$1" != "no"; then
|
||||
INCLUDE_$1="-I$ires"
|
||||
LIB_$1="-L$lres $3"
|
||||
LIB_$1="-L$lres $3 $4"
|
||||
found=yes
|
||||
AC_MSG_RESULT([headers $ires, libraries $lres])
|
||||
fi
|
||||
|
6074
crypto/heimdal/configure
vendored
6074
crypto/heimdal/configure
vendored
File diff suppressed because it is too large
Load Diff
@ -1,8 +1,9 @@
|
||||
dnl Process this file with autoconf to produce a configure script.
|
||||
AC_REVISION($Revision: 1.320 $)
|
||||
AC_REVISION($Revision: 1.325 $)
|
||||
AC_PREREQ(2.53)
|
||||
#test -z "$CFLAGS" && CFLAGS="-g"
|
||||
AC_INIT(Heimdal, 0.4f, heimdal-bugs@pdc.kth.se)
|
||||
AC_CONFIG_SRCDIR([kuser/kinit.c])
|
||||
AM_CONFIG_HEADER(include/config.h)
|
||||
|
||||
dnl Checks for programs.
|
||||
@ -21,6 +22,8 @@ AC_CANONICAL_HOST
|
||||
CANONICAL_HOST=$host
|
||||
AC_SUBST(CANONICAL_HOST)
|
||||
|
||||
AC_SYS_LARGEFILE
|
||||
|
||||
dnl
|
||||
dnl this is needed to run the configure tests against glibc
|
||||
dnl
|
||||
@ -48,22 +51,11 @@ AC_PROG_LIBTOOL
|
||||
|
||||
AC_WFLAGS(-Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs)
|
||||
|
||||
rk_DB
|
||||
|
||||
dnl AC_ROKEN(10,[/usr/heimdal /usr/athena],[lib/roken],[$(top_builddir)/lib/roken/libroken.la],[-I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken])
|
||||
|
||||
rk_ROKEN(lib/roken)
|
||||
LIB_roken="\$(top_builddir)/lib/vers/libvers.la $LIB_roken"
|
||||
|
||||
rk_TEST_PACKAGE(openldap,
|
||||
[#include <lber.h>
|
||||
#include <ldap.h>],
|
||||
[-lldap -llber],,,OPENLDAP)
|
||||
|
||||
if test "$openldap_libdir"; then
|
||||
LIB_openldap="-R $openldap_libdir $LIB_openldap"
|
||||
fi
|
||||
|
||||
rk_TEST_PACKAGE(krb4,[#include <krb.h>],-lkrb,-ldes,/usr/athena, KRB4, krb4-config)
|
||||
|
||||
LIB_kdb=
|
||||
@ -156,10 +148,6 @@ if test "$with_krb4" != "no"; then
|
||||
LIBS="$save_LIBS"
|
||||
CFLAGS="$save_CFLAGS"
|
||||
LIB_kdb="-lkdb -lkrb"
|
||||
if test "$krb4_libdir"; then
|
||||
LIB_krb4="-R $krb4_libdir $LIB_krb4"
|
||||
LIB_kdb="-R $krb4_libdir -L$krb4_libdir $LIB_kdb"
|
||||
fi
|
||||
fi
|
||||
AM_CONDITIONAL(KRB4, test "$with_krb4" != "no")
|
||||
AM_CONDITIONAL(KRB5, true)
|
||||
@ -168,6 +156,8 @@ AM_CONDITIONAL(do_roken_rename, true)
|
||||
AC_DEFINE(KRB5, 1, [Enable Kerberos 5 support in applications.])dnl
|
||||
AC_SUBST(LIB_kdb)dnl
|
||||
|
||||
KRB_CRYPTO
|
||||
|
||||
AC_ARG_ENABLE(dce,
|
||||
AC_HELP_STRING([--enable-dce],[if you want support for DCE/DFS PAG's]))
|
||||
if test "$enable_dce" = yes; then
|
||||
@ -189,10 +179,23 @@ AC_SUBST(dpagaix_cflags)
|
||||
AC_SUBST(dpagaix_ldadd)
|
||||
AC_SUBST(dpagaix_ldflags)
|
||||
|
||||
rk_DB
|
||||
|
||||
dnl AC_ROKEN(10,[/usr/heimdal /usr/athena],[lib/roken],[$(top_builddir)/lib/roken/libroken.la],[-I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken])
|
||||
|
||||
rk_ROKEN(lib/roken)
|
||||
LIB_roken="\$(top_builddir)/lib/vers/libvers.la $LIB_roken"
|
||||
|
||||
rk_OTP
|
||||
|
||||
AC_CHECK_OSFC2
|
||||
|
||||
AC_ARG_ENABLE(mmap,
|
||||
AC_HELP_STRING([--disable-mmap],[disable use of mmap]))
|
||||
if test "$enable_mmap" = "no"; then
|
||||
AC_DEFINE(NO_MMAP, 1, [Define if you don't want to use mmap.])
|
||||
fi
|
||||
|
||||
rk_CHECK_MAN
|
||||
|
||||
rk_TEST_PACKAGE(readline,
|
||||
@ -241,6 +244,7 @@ AC_CHECK_HEADERS([\
|
||||
libutil.h \
|
||||
limits.h \
|
||||
maillock.h \
|
||||
netgroup.h \
|
||||
netinet/in6_machtypes.h \
|
||||
netinfo/ni.h \
|
||||
pthread.h \
|
||||
@ -256,6 +260,7 @@ AC_CHECK_HEADERS([\
|
||||
sys/file.h \
|
||||
sys/filio.h \
|
||||
sys/ioccom.h \
|
||||
sys/mman.h \
|
||||
sys/pty.h \
|
||||
sys/ptyio.h \
|
||||
sys/ptyvar.h \
|
||||
@ -327,6 +332,8 @@ AC_CHECK_FUNCS([ \
|
||||
yp_get_default_domain \
|
||||
])
|
||||
|
||||
AC_FUNC_MMAP
|
||||
|
||||
KRB_CAPABILITIES
|
||||
|
||||
AC_CHECK_GETPWNAM_R_POSIX
|
||||
@ -369,8 +376,6 @@ AC_CHECK_TYPES([int8_t, int16_t, int32_t, int64_t,
|
||||
#endif
|
||||
])
|
||||
|
||||
KRB_CRYPTO
|
||||
|
||||
KRB_READLINE
|
||||
|
||||
rk_TELNET
|
||||
@ -378,7 +383,7 @@ rk_TELNET
|
||||
dnl Some operating systems already have com_err and compile_et
|
||||
CHECK_COMPILE_ET
|
||||
|
||||
AC_AUTH_MODULES
|
||||
rk_AUTH_MODULES([sia afskauthlib])
|
||||
|
||||
rk_DESTDIRS
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
@c $Id: ack.texi,v 1.14 2001/02/24 05:09:23 assar Exp $
|
||||
@c $Id: ack.texi,v 1.15 2002/09/04 01:03:35 assar Exp $
|
||||
|
||||
@node Acknowledgments, , Migration, Top
|
||||
@comment node-name, next, previous, up
|
||||
@ -19,6 +19,9 @@ of NetBSD/FreeBSD.
|
||||
|
||||
@code{editline} was written by Simmule Turner and Rich Salz.
|
||||
|
||||
The @code{getifaddrs} implementation for Linux was written by Hideaki
|
||||
YOSHIFUJI for the Usagi project.
|
||||
|
||||
Bugfixes, documentation, encouragement, and code has been contributed by:
|
||||
@table @asis
|
||||
@item Derrick J Brashear
|
||||
|
@ -1,4 +1,4 @@
|
||||
@c $Id: install.texi,v 1.17 2001/07/02 18:06:02 joda Exp $
|
||||
@c $Id: install.texi,v 1.18 2002/09/04 03:18:48 assar Exp $
|
||||
|
||||
@node Building and Installing, Setting up a realm, What is Kerberos?, Top
|
||||
@comment node-name, next, previous, up
|
||||
@ -98,4 +98,9 @@ On Irix there are three different ABIs that can be used (@samp{32},
|
||||
@samp{n32}, or @samp{64}). This option allows you to override the
|
||||
automatic selection.
|
||||
|
||||
@item @kbd{--disable-mmap}
|
||||
Do not use the mmap system call. Normally, configure detects if there
|
||||
is a working mmap and it is only used if there is one. Only try this
|
||||
option if it fails to work anyhow.
|
||||
|
||||
@end table
|
||||
|
@ -1,25 +1,30 @@
|
||||
# $Id: Makefile.am,v 1.32 2002/05/24 15:36:21 joda Exp $
|
||||
# $Id: Makefile.am,v 1.33 2002/09/10 19:59:25 joda Exp $
|
||||
|
||||
include $(top_srcdir)/Makefile.am.common
|
||||
|
||||
SUBDIRS = kadm5
|
||||
|
||||
noinst_PROGRAMS = bits
|
||||
noinst_PROGRAMS = bits make_crypto
|
||||
CHECK_LOCAL =
|
||||
|
||||
INCLUDES += -DHOST=\"$(CANONICAL_HOST)\"
|
||||
|
||||
include_HEADERS = krb5-types.h
|
||||
noinst_HEADERS = crypto-headers.h
|
||||
|
||||
krb5-types.h: bits$(EXEEXT)
|
||||
./bits$(EXEEXT) krb5-types.h
|
||||
|
||||
crypto-headers.h: make_crypto$(EXEEXT)
|
||||
./make_crypto$(EXEEXT) crypto-headers.h
|
||||
|
||||
CLEANFILES = \
|
||||
asn1.h \
|
||||
asn1_err.h \
|
||||
base64.h \
|
||||
com_err.h \
|
||||
com_right.h \
|
||||
crypto-headers.h\
|
||||
der.h \
|
||||
des.h \
|
||||
editline.h \
|
||||
|
@ -14,7 +14,7 @@
|
||||
|
||||
@SET_MAKE@
|
||||
|
||||
# $Id: Makefile.am,v 1.32 2002/05/24 15:36:21 joda Exp $
|
||||
# $Id: Makefile.am,v 1.33 2002/09/10 19:59:25 joda Exp $
|
||||
|
||||
# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
|
||||
|
||||
@ -204,10 +204,11 @@ NROFF_MAN = groff -mandoc -Tascii
|
||||
|
||||
SUBDIRS = kadm5
|
||||
|
||||
noinst_PROGRAMS = bits
|
||||
noinst_PROGRAMS = bits make_crypto
|
||||
CHECK_LOCAL =
|
||||
|
||||
include_HEADERS = krb5-types.h
|
||||
noinst_HEADERS = crypto-headers.h
|
||||
|
||||
CLEANFILES = \
|
||||
asn1.h \
|
||||
@ -215,6 +216,7 @@ CLEANFILES = \
|
||||
base64.h \
|
||||
com_err.h \
|
||||
com_right.h \
|
||||
crypto-headers.h\
|
||||
der.h \
|
||||
des.h \
|
||||
editline.h \
|
||||
@ -249,7 +251,7 @@ subdir = include
|
||||
mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
|
||||
CONFIG_HEADER = config.h
|
||||
CONFIG_CLEAN_FILES =
|
||||
noinst_PROGRAMS = bits$(EXEEXT)
|
||||
noinst_PROGRAMS = bits$(EXEEXT) make_crypto$(EXEEXT)
|
||||
PROGRAMS = $(noinst_PROGRAMS)
|
||||
|
||||
bits_SOURCES = bits.c
|
||||
@ -257,6 +259,11 @@ bits_OBJECTS = bits.$(OBJEXT)
|
||||
bits_LDADD = $(LDADD)
|
||||
bits_DEPENDENCIES =
|
||||
bits_LDFLAGS =
|
||||
make_crypto_SOURCES = make_crypto.c
|
||||
make_crypto_OBJECTS = make_crypto.$(OBJEXT)
|
||||
make_crypto_LDADD = $(LDADD)
|
||||
make_crypto_DEPENDENCIES =
|
||||
make_crypto_LDFLAGS =
|
||||
|
||||
DEFS = @DEFS@
|
||||
DEFAULT_INCLUDES = -I. -I$(srcdir) -I.
|
||||
@ -273,17 +280,18 @@ CCLD = $(CC)
|
||||
LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
|
||||
$(AM_LDFLAGS) $(LDFLAGS) -o $@
|
||||
CFLAGS = @CFLAGS@
|
||||
DIST_SOURCES = bits.c
|
||||
HEADERS = $(include_HEADERS)
|
||||
DIST_SOURCES = bits.c make_crypto.c
|
||||
HEADERS = $(include_HEADERS) $(noinst_HEADERS)
|
||||
|
||||
|
||||
RECURSIVE_TARGETS = info-recursive dvi-recursive install-info-recursive \
|
||||
uninstall-info-recursive all-recursive install-data-recursive \
|
||||
install-exec-recursive installdirs-recursive install-recursive \
|
||||
uninstall-recursive check-recursive installcheck-recursive
|
||||
DIST_COMMON = $(include_HEADERS) Makefile.am Makefile.in config.h.in
|
||||
DIST_COMMON = $(include_HEADERS) $(noinst_HEADERS) Makefile.am \
|
||||
Makefile.in
|
||||
DIST_SUBDIRS = $(SUBDIRS)
|
||||
SOURCES = bits.c
|
||||
SOURCES = bits.c make_crypto.c
|
||||
|
||||
all: config.h
|
||||
$(MAKE) $(AM_MAKEFLAGS) all-recursive
|
||||
@ -322,6 +330,9 @@ clean-noinstPROGRAMS:
|
||||
bits$(EXEEXT): $(bits_OBJECTS) $(bits_DEPENDENCIES)
|
||||
@rm -f bits$(EXEEXT)
|
||||
$(LINK) $(bits_LDFLAGS) $(bits_OBJECTS) $(bits_LDADD) $(LIBS)
|
||||
make_crypto$(EXEEXT): $(make_crypto_OBJECTS) $(make_crypto_DEPENDENCIES)
|
||||
@rm -f make_crypto$(EXEEXT)
|
||||
$(LINK) $(make_crypto_LDFLAGS) $(make_crypto_OBJECTS) $(make_crypto_LDADD) $(LIBS)
|
||||
|
||||
mostlyclean-compile:
|
||||
-rm -f *.$(OBJEXT) core *.core
|
||||
@ -731,6 +742,9 @@ install-data-local: install-cat-mans
|
||||
|
||||
krb5-types.h: bits$(EXEEXT)
|
||||
./bits$(EXEEXT) krb5-types.h
|
||||
|
||||
crypto-headers.h: make_crypto$(EXEEXT)
|
||||
./make_crypto$(EXEEXT) crypto-headers.h
|
||||
# Tell versions [3.59,3.63) of GNU make to not export all variables.
|
||||
# Otherwise a system limit (for SysV at least) may be exceeded.
|
||||
.NOEXPORT:
|
||||
|
@ -285,6 +285,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
|
||||
/* Define if you have the function `getopt'. */
|
||||
#undef HAVE_GETOPT
|
||||
|
||||
/* Define to 1 if you have the `getpagesize' function. */
|
||||
#undef HAVE_GETPAGESIZE
|
||||
|
||||
/* Define to 1 if you have the `getprogname' function. */
|
||||
#undef HAVE_GETPROGNAME
|
||||
|
||||
@ -448,6 +451,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
|
||||
/* Define to 1 if you have the `mktime' function. */
|
||||
#undef HAVE_MKTIME
|
||||
|
||||
/* Define to 1 if you have a working `mmap' system call. */
|
||||
#undef HAVE_MMAP
|
||||
|
||||
/* define if you have a ndbm library */
|
||||
#undef HAVE_NDBM
|
||||
|
||||
@ -457,6 +463,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
|
||||
/* Define to 1 if you have the <netdb.h> header file. */
|
||||
#undef HAVE_NETDB_H
|
||||
|
||||
/* Define to 1 if you have the <netgroup.h> header file. */
|
||||
#undef HAVE_NETGROUP_H
|
||||
|
||||
/* Define to 1 if you have the <netinet6/in6.h> header file. */
|
||||
#undef HAVE_NETINET6_IN6_H
|
||||
|
||||
@ -493,6 +502,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
|
||||
/* Define if NDBM really is DB (creates files *.db) */
|
||||
#undef HAVE_NEW_DB
|
||||
|
||||
/* define if you have hash functions like md4_finito() */
|
||||
#undef HAVE_OLD_HASH_NAMES
|
||||
|
||||
/* Define to 1 if you have the `on_exit' function. */
|
||||
#undef HAVE_ON_EXIT
|
||||
|
||||
@ -559,6 +571,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
|
||||
/* Define to 1 if you have the <resolv.h> header file. */
|
||||
#undef HAVE_RESOLV_H
|
||||
|
||||
/* Define to 1 if you have the `res_nsearch' function. */
|
||||
#undef HAVE_RES_NSEARCH
|
||||
|
||||
/* Define to 1 if you have the `res_search' function. */
|
||||
#undef HAVE_RES_SEARCH
|
||||
|
||||
@ -844,6 +859,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
|
||||
/* Define to 1 if you have the <sys/ioctl.h> header file. */
|
||||
#undef HAVE_SYS_IOCTL_H
|
||||
|
||||
/* Define to 1 if you have the <sys/mman.h> header file. */
|
||||
#undef HAVE_SYS_MMAN_H
|
||||
|
||||
/* Define to 1 if you have the <sys/param.h> header file. */
|
||||
#undef HAVE_SYS_PARAM_H
|
||||
|
||||
@ -1210,6 +1228,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
|
||||
/* define if the system is missing a prototype for vsnprintf() */
|
||||
#undef NEED_VSNPRINTF_PROTO
|
||||
|
||||
/* Define if you don't want to use mmap. */
|
||||
#undef NO_MMAP
|
||||
|
||||
/* Define this to enable old environment option in telnet. */
|
||||
#undef OLD_ENVIRON
|
||||
|
||||
@ -1290,9 +1311,15 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
|
||||
`char[]'. */
|
||||
#undef YYTEXT_POINTER
|
||||
|
||||
/* Number of bits in a file offset, on hosts where this is settable. */
|
||||
#undef _FILE_OFFSET_BITS
|
||||
|
||||
/* Define to enable extensions on glibc-based systems such as Linux. */
|
||||
#undef _GNU_SOURCE
|
||||
|
||||
/* Define for large files, on AIX-style hosts. */
|
||||
#undef _LARGE_FILES
|
||||
|
||||
/* Define to empty if `const' does not conform to ANSI C. */
|
||||
#undef const
|
||||
|
||||
@ -1321,6 +1348,13 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
|
||||
/* Define to `int' if <sys/types.h> doesn't define. */
|
||||
#undef uid_t
|
||||
|
||||
#if defined(HAVE_FOUR_VALUED_KRB_PUT_INT) || !defined(KRB4)
|
||||
#define KRB_PUT_INT(F, T, L, S) krb_put_int((F), (T), (L), (S))
|
||||
#else
|
||||
#define KRB_PUT_INT(F, T, L, S) krb_put_int((F), (T), (S))
|
||||
#endif
|
||||
|
||||
|
||||
|
||||
#if defined(ENCRYPTION) && !defined(AUTHENTICATION)
|
||||
#define AUTHENTICATION 1
|
||||
@ -1345,6 +1379,14 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
|
||||
#include "roken_rename.h"
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_KRB_KDCTIMEOFDAY
|
||||
#define krb_kdctimeofday(X) gettimeofday((X), NULL)
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_KRB_GET_KDC_TIME_DIFF
|
||||
#define krb_get_kdc_time_diff() (0)
|
||||
#endif
|
||||
|
||||
#ifdef VOID_RETSIGTYPE
|
||||
#define SIGRETURN(x) return
|
||||
#else
|
||||
@ -1356,21 +1398,6 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
|
||||
#define isoc_realloc(X, Y) ((X) ? realloc((X), (Y)) : malloc(Y))
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_FOUR_VALUED_KRB_PUT_INT) || !defined(KRB4)
|
||||
#define KRB_PUT_INT(F, T, L, S) krb_put_int((F), (T), (L), (S))
|
||||
#else
|
||||
#define KRB_PUT_INT(F, T, L, S) krb_put_int((F), (T), (S))
|
||||
#endif
|
||||
|
||||
|
||||
#ifndef HAVE_KRB_KDCTIMEOFDAY
|
||||
#define krb_kdctimeofday(X) gettimeofday((X), NULL)
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_KRB_GET_KDC_TIME_DIFF
|
||||
#define krb_get_kdc_time_diff() (0)
|
||||
#endif
|
||||
|
||||
|
||||
#if ENDIANESS_IN_SYS_PARAM_H
|
||||
# include <sys/types.h>
|
||||
|
95
crypto/heimdal/include/make_crypto.c
Normal file
95
crypto/heimdal/include/make_crypto.c
Normal file
@ -0,0 +1,95 @@
|
||||
/*
|
||||
* Copyright (c) 2002 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
RCSID("$Id");
|
||||
#endif
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <stdlib.h>
|
||||
#include <ctype.h>
|
||||
|
||||
int
|
||||
main(int argc, char **argv)
|
||||
{
|
||||
char *p;
|
||||
FILE *f;
|
||||
if(argc != 2) {
|
||||
fprintf(stderr, "Usage: make_crypto file\n");
|
||||
exit(1);
|
||||
}
|
||||
f = fopen(argv[1], "w");
|
||||
if(f == NULL) {
|
||||
perror(argv[1]);
|
||||
exit(1);
|
||||
}
|
||||
for(p = argv[1]; *p; p++)
|
||||
if(!isalnum((int)*p))
|
||||
*p = '_';
|
||||
fprintf(f, "#ifndef __%s__\n", argv[1]);
|
||||
fprintf(f, "#define __%s__\n", argv[1]);
|
||||
#ifdef HAVE_OPENSSL
|
||||
fputs("#include <openssl/des.h>\n", f);
|
||||
fputs("#include <openssl/rc4.h>\n", f);
|
||||
fputs("#include <openssl/md4.h>\n", f);
|
||||
fputs("#include <openssl/md5.h>\n", f);
|
||||
fputs("#include <openssl/sha.h>\n", f);
|
||||
#else
|
||||
fputs("#include <des.h>\n", f);
|
||||
fputs("#include <md4.h>\n", f);
|
||||
fputs("#include <md5.h>\n", f);
|
||||
fputs("#include <sha.h>\n", f);
|
||||
fputs("#include <rc4.h>\n", f);
|
||||
#ifdef HAVE_OLD_HASH_NAMES
|
||||
fputs("\n", f);
|
||||
fputs(" typedef struct md4 MD4_CTX;\n", f);
|
||||
fputs("#define MD4_Init md4_init\n", f);
|
||||
fputs("#define MD4_Update md4_update\n", f);
|
||||
fputs("#define MD4_Final(D, C) md4_finito((C), (D))\n", f);
|
||||
fputs("\n", f);
|
||||
fputs(" typedef struct md5 MD5_CTX;\n", f);
|
||||
fputs("#define MD5_Init md5_init\n", f);
|
||||
fputs("#define MD5_Update md5_update\n", f);
|
||||
fputs("#define MD5_Final(D, C) md5_finito((C), (D))\n", f);
|
||||
fputs("\n", f);
|
||||
fputs(" typedef struct sha SHA_CTX;\n", f);
|
||||
fputs("#define SHA1_Init sha_init\n", f);
|
||||
fputs("#define SHA1_Update sha_update\n", f);
|
||||
fputs("#define SHA1_Final(D, C) sha_finito((C), (D))\n", f);
|
||||
#endif
|
||||
#endif
|
||||
fprintf(f, "#endif /* __%s__ */\n", argv[1]);
|
||||
fclose(f);
|
||||
exit(0);
|
||||
}
|
@ -1,3 +1,21 @@
|
||||
2002-09-10 Johan Danielsson <joda@pdc.kth.se>
|
||||
|
||||
* server.c: constify match_appl_version()
|
||||
|
||||
* version4.c: change some lingering krb_err_base
|
||||
|
||||
2002-09-09 Jacques Vidrine <nectar@kth.se>
|
||||
|
||||
* server.c (kadmind_dispatch): while decoding arguments for
|
||||
kadm_chpass_with_key, sanity check the number of keys given.
|
||||
Potential problem pointed out by
|
||||
Sebastian Krahmer <krahmer@suse.de>.
|
||||
|
||||
2002-09-04 Johan Danielsson <joda@pdc.kth.se>
|
||||
|
||||
* load.c (parse_generation): return if there is no generation
|
||||
(spotted by Daniel Kouril)
|
||||
|
||||
2002-06-07 Jacques Vidrine <n@nectar.com>
|
||||
|
||||
* ank.c: do not attempt to free uninitialized pointer when
|
||||
|
@ -32,7 +32,7 @@
|
||||
*/
|
||||
|
||||
/*
|
||||
* $Id: kadmin_locl.h,v 1.40 2001/08/22 20:30:24 assar Exp $
|
||||
* $Id: kadmin_locl.h,v 1.41 2002/09/10 20:04:45 joda Exp $
|
||||
*/
|
||||
|
||||
#ifndef __ADMIN_LOCL_H__
|
||||
@ -86,11 +86,6 @@
|
||||
#endif
|
||||
#include <err.h>
|
||||
#include <roken.h>
|
||||
#ifdef HAVE_OPENSSL
|
||||
#include <openssl/des.h>
|
||||
#else
|
||||
#include <des.h>
|
||||
#endif
|
||||
#include <krb5.h>
|
||||
#include <krb5_locl.h>
|
||||
#include <hdb.h>
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997-2001 Kungliga Tekniska Högskolan
|
||||
* Copyright (c) 1997-2002 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -34,7 +34,7 @@
|
||||
#include "kadmin_locl.h"
|
||||
#include <kadm5/private.h>
|
||||
|
||||
RCSID("$Id: load.c,v 1.43 2001/08/10 13:52:22 joda Exp $");
|
||||
RCSID("$Id: load.c,v 1.44 2002/09/04 20:44:35 joda Exp $");
|
||||
|
||||
struct entry {
|
||||
char *principal;
|
||||
@ -288,8 +288,10 @@ parse_generation(char *str, GENERATION **gen)
|
||||
char *p;
|
||||
int v;
|
||||
|
||||
if(strcmp(str, "-") == 0 || *str == '\0')
|
||||
if(strcmp(str, "-") == 0 || *str == '\0') {
|
||||
*gen = NULL;
|
||||
return 0;
|
||||
}
|
||||
*gen = calloc(1, sizeof(**gen));
|
||||
|
||||
p = strsep(&str, ":");
|
||||
|
@ -34,7 +34,7 @@
|
||||
#include "kadmin_locl.h"
|
||||
#include <krb5-private.h>
|
||||
|
||||
RCSID("$Id: server.c,v 1.34 2002/05/24 15:23:42 joda Exp $");
|
||||
RCSID("$Id: server.c,v 1.36 2002/09/10 19:23:28 joda Exp $");
|
||||
|
||||
static kadm5_ret_t
|
||||
kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
|
||||
@ -255,6 +255,13 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
|
||||
krb5_free_principal(context->context, princ);
|
||||
goto fail;
|
||||
}
|
||||
/* n_key_data will be squeezed into an int16_t below. */
|
||||
if (n_key_data < 0 || n_key_data >= 1 << 16 ||
|
||||
n_key_data > UINT_MAX/sizeof(*key_data)) {
|
||||
ret = ERANGE;
|
||||
krb5_free_principal(context->context, princ);
|
||||
goto fail;
|
||||
}
|
||||
|
||||
key_data = malloc (n_key_data * sizeof(*key_data));
|
||||
if (key_data == NULL) {
|
||||
@ -440,7 +447,7 @@ v5_loop (krb5_context context,
|
||||
}
|
||||
|
||||
static krb5_boolean
|
||||
match_appl_version(void *data, const char *appl_version)
|
||||
match_appl_version(const void *data, const char *appl_version)
|
||||
{
|
||||
unsigned minor;
|
||||
if(sscanf(appl_version, "KADM0.%u", &minor) != 1)
|
||||
|
@ -41,7 +41,7 @@
|
||||
#include <krb_err.h>
|
||||
#include <kadm_err.h>
|
||||
|
||||
RCSID("$Id: version4.c,v 1.25 2002/05/24 15:23:43 joda Exp $");
|
||||
RCSID("$Id: version4.c,v 1.26 2002/09/10 15:20:46 joda Exp $");
|
||||
|
||||
#define KADM_NO_OPCODE -1
|
||||
#define KADM_NO_ENCRYPT -2
|
||||
@ -868,7 +868,7 @@ decode_packet(krb5_context context,
|
||||
client_addr->sin_addr.s_addr, &ad, NULL);
|
||||
|
||||
if(ret) {
|
||||
make_you_loose_packet(krb_err_base + ret, reply);
|
||||
make_you_loose_packet(ERROR_TABLE_BASE_krb + ret, reply);
|
||||
krb5_warnx(context, "krb_rd_req: %d", ret);
|
||||
return;
|
||||
}
|
||||
@ -905,7 +905,7 @@ decode_packet(krb5_context context,
|
||||
ret = krb_rd_priv(msg + off, rlen, schedule, &ad.session,
|
||||
client_addr, admin_addr, &msg_dat);
|
||||
if (ret) {
|
||||
make_you_loose_packet (krb_err_base + ret, reply);
|
||||
make_you_loose_packet (ERROR_TABLE_BASE_krb + ret, reply);
|
||||
krb5_warnx(context, "krb_rd_priv: %d", ret);
|
||||
goto out;
|
||||
}
|
||||
|
@ -32,7 +32,7 @@
|
||||
*/
|
||||
|
||||
/*
|
||||
* $Id: headers.h,v 1.13 2001/08/22 20:30:25 assar Exp $
|
||||
* $Id: headers.h,v 1.15 2002/09/10 20:04:46 joda Exp $
|
||||
*/
|
||||
|
||||
#ifndef __HEADERS_H__
|
||||
@ -41,6 +41,7 @@
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
#endif
|
||||
#include <limits.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
@ -85,11 +86,6 @@
|
||||
#include <getarg.h>
|
||||
#include <base64.h>
|
||||
#include <parse_units.h>
|
||||
#ifdef HAVE_OPENSSL
|
||||
#include <openssl/des.h>
|
||||
#else
|
||||
#include <des.h>
|
||||
#endif
|
||||
#include <krb5.h>
|
||||
#include <krb5_locl.h>
|
||||
#include <hdb.h>
|
||||
|
@ -33,7 +33,7 @@
|
||||
|
||||
#include "hprop.h"
|
||||
|
||||
RCSID("$Id: hprop.c,v 1.69 2002/04/18 10:18:35 joda Exp $");
|
||||
RCSID("$Id: hprop.c,v 1.70 2002/09/04 18:19:41 joda Exp $");
|
||||
|
||||
static int version_flag;
|
||||
static int help_flag;
|
||||
@ -691,7 +691,7 @@ propagate_database (krb5_context context, int type,
|
||||
HPROP_VERSION,
|
||||
NULL,
|
||||
server,
|
||||
AP_OPTS_MUTUAL_REQUIRED,
|
||||
AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SUBKEY,
|
||||
NULL, /* in_data */
|
||||
NULL, /* in_creds */
|
||||
ccache,
|
||||
|
@ -33,7 +33,7 @@
|
||||
|
||||
#include "kdc_locl.h"
|
||||
|
||||
RCSID("$Id: kaserver.c,v 1.19 2002/04/18 16:07:39 joda Exp $");
|
||||
RCSID("$Id: kaserver.c,v 1.20 2002/09/09 14:03:02 nectar Exp $");
|
||||
|
||||
|
||||
#include <rx.h>
|
||||
@ -186,6 +186,8 @@ krb5_ret_xdr_data(krb5_storage *sp,
|
||||
ret = krb5_ret_int32(sp, &size);
|
||||
if(ret)
|
||||
return ret;
|
||||
if(size < 0)
|
||||
return ERANGE;
|
||||
data->length = size;
|
||||
if (size) {
|
||||
u_char foo[4];
|
||||
|
@ -33,7 +33,7 @@
|
||||
|
||||
#include "kdc_locl.h"
|
||||
|
||||
RCSID("$Id: kerberos5.c,v 1.140 2002/07/31 09:42:43 joda Exp $");
|
||||
RCSID("$Id: kerberos5.c,v 1.143 2002/09/09 14:03:02 nectar Exp $");
|
||||
|
||||
#define MAX_TIME ((time_t)((1U << 31) - 1))
|
||||
|
||||
@ -156,51 +156,69 @@ encode_reply(KDC_REP *rep, EncTicketPart *et, EncKDCRepPart *ek,
|
||||
krb5_enctype etype,
|
||||
int skvno, EncryptionKey *skey,
|
||||
int ckvno, EncryptionKey *ckey,
|
||||
const char **e_text,
|
||||
krb5_data *reply)
|
||||
{
|
||||
unsigned char buf[8192]; /* XXX The data could be indefinite */
|
||||
unsigned char *buf;
|
||||
size_t buf_size;
|
||||
size_t len;
|
||||
krb5_error_code ret;
|
||||
krb5_crypto crypto;
|
||||
|
||||
ret = encode_EncTicketPart(buf + sizeof(buf) - 1, sizeof(buf), et, &len);
|
||||
ASN1_MALLOC_ENCODE(EncTicketPart, buf, buf_size, et, &len, ret);
|
||||
if(ret) {
|
||||
kdc_log(0, "Failed to encode ticket: %s",
|
||||
krb5_get_err_text(context, ret));
|
||||
return ret;
|
||||
}
|
||||
|
||||
if(buf_size != len) {
|
||||
free(buf);
|
||||
kdc_log(0, "Internal error in ASN.1 encoder");
|
||||
*e_text = "KDC internal error";
|
||||
return KRB5KRB_ERR_GENERIC;
|
||||
}
|
||||
|
||||
ret = krb5_crypto_init(context, skey, etype, &crypto);
|
||||
if (ret) {
|
||||
free(buf);
|
||||
kdc_log(0, "krb5_crypto_init failed: %s",
|
||||
krb5_get_err_text(context, ret));
|
||||
return ret;
|
||||
}
|
||||
|
||||
krb5_encrypt_EncryptedData(context,
|
||||
crypto,
|
||||
KRB5_KU_TICKET,
|
||||
buf + sizeof(buf) - len,
|
||||
len,
|
||||
skvno,
|
||||
&rep->ticket.enc_part);
|
||||
|
||||
ret = krb5_encrypt_EncryptedData(context,
|
||||
crypto,
|
||||
KRB5_KU_TICKET,
|
||||
buf,
|
||||
len,
|
||||
skvno,
|
||||
&rep->ticket.enc_part);
|
||||
free(buf);
|
||||
krb5_crypto_destroy(context, crypto);
|
||||
if(ret) {
|
||||
kdc_log(0, "Failed to encrypt data: %s",
|
||||
krb5_get_err_text(context, ret));
|
||||
return ret;
|
||||
}
|
||||
|
||||
if(rep->msg_type == krb_as_rep && !encode_as_rep_as_tgs_rep)
|
||||
ret = encode_EncASRepPart(buf + sizeof(buf) - 1, sizeof(buf),
|
||||
ek, &len);
|
||||
ASN1_MALLOC_ENCODE(EncASRepPart, buf, buf_size, ek, &len, ret);
|
||||
else
|
||||
ret = encode_EncTGSRepPart(buf + sizeof(buf) - 1, sizeof(buf),
|
||||
ek, &len);
|
||||
ASN1_MALLOC_ENCODE(EncTGSRepPart, buf, buf_size, ek, &len, ret);
|
||||
if(ret) {
|
||||
kdc_log(0, "Failed to encode KDC-REP: %s",
|
||||
krb5_get_err_text(context, ret));
|
||||
return ret;
|
||||
}
|
||||
if(buf_size != len) {
|
||||
free(buf);
|
||||
kdc_log(0, "Internal error in ASN.1 encoder");
|
||||
*e_text = "KDC internal error";
|
||||
return KRB5KRB_ERR_GENERIC;
|
||||
}
|
||||
ret = krb5_crypto_init(context, ckey, 0, &crypto);
|
||||
if (ret) {
|
||||
free(buf);
|
||||
kdc_log(0, "krb5_crypto_init failed: %s",
|
||||
krb5_get_err_text(context, ret));
|
||||
return ret;
|
||||
@ -209,20 +227,22 @@ encode_reply(KDC_REP *rep, EncTicketPart *et, EncKDCRepPart *ek,
|
||||
krb5_encrypt_EncryptedData(context,
|
||||
crypto,
|
||||
KRB5_KU_AS_REP_ENC_PART,
|
||||
buf + sizeof(buf) - len,
|
||||
buf,
|
||||
len,
|
||||
ckvno,
|
||||
&rep->enc_part);
|
||||
ret = encode_AS_REP(buf + sizeof(buf) - 1, sizeof(buf), rep, &len);
|
||||
free(buf);
|
||||
ASN1_MALLOC_ENCODE(AS_REP, buf, buf_size, rep, &len, ret);
|
||||
} else {
|
||||
krb5_encrypt_EncryptedData(context,
|
||||
crypto,
|
||||
KRB5_KU_TGS_REP_ENC_PART_SESSION,
|
||||
buf + sizeof(buf) - len,
|
||||
buf,
|
||||
len,
|
||||
ckvno,
|
||||
&rep->enc_part);
|
||||
ret = encode_TGS_REP(buf + sizeof(buf) - 1, sizeof(buf), rep, &len);
|
||||
free(buf);
|
||||
ASN1_MALLOC_ENCODE(TGS_REP, buf, buf_size, rep, &len, ret);
|
||||
}
|
||||
krb5_crypto_destroy(context, crypto);
|
||||
if(ret) {
|
||||
@ -230,7 +250,14 @@ encode_reply(KDC_REP *rep, EncTicketPart *et, EncKDCRepPart *ek,
|
||||
krb5_get_err_text(context, ret));
|
||||
return ret;
|
||||
}
|
||||
krb5_data_copy(reply, buf + sizeof(buf) - len, len);
|
||||
if(buf_size != len) {
|
||||
free(buf);
|
||||
kdc_log(0, "Internal error in ASN.1 encoder");
|
||||
*e_text = "KDC internal error";
|
||||
return KRB5KRB_ERR_GENERIC;
|
||||
}
|
||||
reply->data = buf;
|
||||
reply->length = buf_size;
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -297,6 +324,8 @@ get_pa_etype_info(METHOD_DATA *md, hdb_entry *client,
|
||||
|
||||
|
||||
pa.len = client->keys.len;
|
||||
if(pa.len > UINT_MAX/sizeof(*pa.val))
|
||||
return ERANGE;
|
||||
pa.val = malloc(pa.len * sizeof(*pa.val));
|
||||
if(pa.val == NULL)
|
||||
return ENOMEM;
|
||||
@ -333,18 +362,10 @@ get_pa_etype_info(METHOD_DATA *md, hdb_entry *client,
|
||||
pa.len = n;
|
||||
}
|
||||
|
||||
len = length_ETYPE_INFO(&pa);
|
||||
buf = malloc(len);
|
||||
if (buf == NULL) {
|
||||
free_ETYPE_INFO(&pa);
|
||||
return ENOMEM;
|
||||
}
|
||||
ret = encode_ETYPE_INFO(buf + len - 1, len, &pa, &len);
|
||||
ASN1_MALLOC_ENCODE(ETYPE_INFO, buf, len, &pa, &len, ret);
|
||||
free_ETYPE_INFO(&pa);
|
||||
if(ret) {
|
||||
free(buf);
|
||||
if(ret)
|
||||
return ret;
|
||||
}
|
||||
ret = realloc_method_data(md);
|
||||
if(ret) {
|
||||
free(buf);
|
||||
@ -657,15 +678,10 @@ as_rep(KDC_REQ *req,
|
||||
ret = get_pa_etype_info(&method_data, client,
|
||||
b->etype.val, b->etype.len); /* XXX check ret */
|
||||
|
||||
len = length_METHOD_DATA(&method_data);
|
||||
buf = malloc(len);
|
||||
encode_METHOD_DATA(buf + len - 1,
|
||||
len,
|
||||
&method_data,
|
||||
&len);
|
||||
ASN1_MALLOC_ENCODE(METHOD_DATA, buf, len, &method_data, &len, ret);
|
||||
free_METHOD_DATA(&method_data);
|
||||
foo_data.length = len;
|
||||
foo_data.data = buf;
|
||||
foo_data.length = len;
|
||||
|
||||
ret = KRB5KDC_ERR_PREAUTH_REQUIRED;
|
||||
krb5_mk_error(context,
|
||||
@ -895,7 +911,7 @@ as_rep(KDC_REQ *req,
|
||||
|
||||
set_salt_padata (&rep.padata, ckey->salt);
|
||||
ret = encode_reply(&rep, &et, &ek, setype, server->kvno, &skey->key,
|
||||
client->kvno, &ckey->key, reply);
|
||||
client->kvno, &ckey->key, &e_text, reply);
|
||||
free_EncTicketPart(&et);
|
||||
free_EncKDCRepPart(&ek);
|
||||
free_AS_REP(&rep);
|
||||
@ -1065,6 +1081,10 @@ fix_transited_encoding(TransitedEncoding *tr,
|
||||
return ret;
|
||||
}
|
||||
}
|
||||
if (num_realms < 0 || num_realms + 1 > UINT_MAX/sizeof(*realms)) {
|
||||
ret = ERANGE;
|
||||
goto free_realms;
|
||||
}
|
||||
tmp = realloc(realms, (num_realms + 1) * sizeof(*realms));
|
||||
if(tmp == NULL){
|
||||
ret = ENOMEM;
|
||||
@ -1101,6 +1121,7 @@ tgs_make_reply(KDC_REQ_BODY *b,
|
||||
krb5_principal client_principal,
|
||||
hdb_entry *krbtgt,
|
||||
krb5_enctype cetype,
|
||||
const char **e_text,
|
||||
krb5_data *reply)
|
||||
{
|
||||
KDC_REP rep;
|
||||
@ -1256,7 +1277,7 @@ tgs_make_reply(KDC_REQ_BODY *b,
|
||||
etype list, even if we don't want a session key with
|
||||
DES3? */
|
||||
ret = encode_reply(&rep, &et, &ek, etype, adtkt ? 0 : server->kvno, ekey,
|
||||
0, &tgt->key, reply);
|
||||
0, &tgt->key, e_text, reply);
|
||||
out:
|
||||
free_TGS_REP(&rep);
|
||||
free_TransitedEncoding(&et.transited);
|
||||
@ -1273,11 +1294,13 @@ out:
|
||||
static krb5_error_code
|
||||
tgs_check_authenticator(krb5_auth_context ac,
|
||||
KDC_REQ_BODY *b,
|
||||
const char **e_text,
|
||||
krb5_keyblock *key)
|
||||
{
|
||||
krb5_authenticator auth;
|
||||
size_t len;
|
||||
unsigned char buf[8192];
|
||||
unsigned char *buf;
|
||||
size_t buf_size;
|
||||
krb5_error_code ret;
|
||||
krb5_crypto crypto;
|
||||
|
||||
@ -1304,15 +1327,22 @@ tgs_check_authenticator(krb5_auth_context ac,
|
||||
}
|
||||
|
||||
/* XXX should not re-encode this */
|
||||
ret = encode_KDC_REQ_BODY(buf + sizeof(buf) - 1, sizeof(buf),
|
||||
b, &len);
|
||||
ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, buf_size, b, &len, ret);
|
||||
if(ret){
|
||||
kdc_log(0, "Failed to encode KDC-REQ-BODY: %s",
|
||||
krb5_get_err_text(context, ret));
|
||||
goto out;
|
||||
}
|
||||
if(buf_size != len) {
|
||||
free(buf);
|
||||
kdc_log(0, "Internal error in ASN.1 encoder");
|
||||
*e_text = "KDC internal error";
|
||||
ret = KRB5KRB_ERR_GENERIC;
|
||||
goto out;
|
||||
}
|
||||
ret = krb5_crypto_init(context, key, 0, &crypto);
|
||||
if (ret) {
|
||||
free(buf);
|
||||
kdc_log(0, "krb5_crypto_init failed: %s",
|
||||
krb5_get_err_text(context, ret));
|
||||
goto out;
|
||||
@ -1320,9 +1350,10 @@ tgs_check_authenticator(krb5_auth_context ac,
|
||||
ret = krb5_verify_checksum(context,
|
||||
crypto,
|
||||
KRB5_KU_TGS_REQ_AUTH_CKSUM,
|
||||
buf + sizeof(buf) - len,
|
||||
buf,
|
||||
len,
|
||||
auth->cksum);
|
||||
free(buf);
|
||||
krb5_crypto_destroy(context, crypto);
|
||||
if(ret){
|
||||
kdc_log(0, "Failed to verify checksum: %s",
|
||||
@ -1506,7 +1537,7 @@ tgs_rep2(KDC_REQ_BODY *b,
|
||||
|
||||
tgt = &ticket->ticket;
|
||||
|
||||
ret = tgs_check_authenticator(ac, b, &tgt->key);
|
||||
ret = tgs_check_authenticator(ac, b, &e_text, &tgt->key);
|
||||
|
||||
if (b->enc_authorization_data) {
|
||||
krb5_keyblock *subkey;
|
||||
@ -1723,6 +1754,7 @@ tgs_rep2(KDC_REQ_BODY *b,
|
||||
cp,
|
||||
krbtgt,
|
||||
cetype,
|
||||
&e_text,
|
||||
reply);
|
||||
|
||||
out:
|
||||
|
@ -31,7 +31,7 @@
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/* $Id: kpasswd_locl.h,v 1.12 2001/08/22 20:30:26 assar Exp $ */
|
||||
/* $Id: kpasswd_locl.h,v 1.13 2002/09/10 20:03:48 joda Exp $ */
|
||||
|
||||
#ifndef __KPASSWD_LOCL_H__
|
||||
#define __KPASSWD_LOCL_H__
|
||||
@ -98,11 +98,7 @@
|
||||
#include <err.h>
|
||||
#include <roken.h>
|
||||
#include <getarg.h>
|
||||
#ifdef HAVE_OPENSSL
|
||||
#include <openssl/des.h>
|
||||
#else
|
||||
#include <des.h>
|
||||
#endif
|
||||
#include <krb5.h>
|
||||
#include "crypto-headers.h" /* for des_read_pw_string */
|
||||
|
||||
#endif /* __KPASSWD_LOCL_H__ */
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" $Id: kinit.1,v 1.20 2002/08/28 16:09:36 joda Exp $
|
||||
.\" $Id: kinit.1,v 1.21 2002/09/13 14:50:27 joda Exp $
|
||||
.\"
|
||||
.Dd May 29, 1998
|
||||
.Dt KINIT 1
|
||||
@ -91,7 +91,7 @@ Get ticket that can be forwarded to another host.
|
||||
Don't ask for a password, but instead get the key from the specified
|
||||
keytab.
|
||||
.It Xo
|
||||
.Fl l Ar time Ns ,
|
||||
.Fl l Ar time ,
|
||||
.Fl -lifetime= Ns Ar time
|
||||
.Xc
|
||||
Specifies the lifetime of the ticket. The argument can either be in
|
||||
|
@ -32,7 +32,7 @@
|
||||
*/
|
||||
|
||||
#include "kuser_locl.h"
|
||||
RCSID("$Id: kinit.c,v 1.89 2002/08/21 12:21:31 joda Exp $");
|
||||
RCSID("$Id: kinit.c,v 1.90 2002/09/09 22:17:53 joda Exp $");
|
||||
|
||||
int forwardable_flag = -1;
|
||||
int proxiable_flag = -1;
|
||||
@ -290,9 +290,11 @@ do_524init(krb5_context context, krb5_ccache ccache,
|
||||
krb5_cc_get_principal(context, ccache, &client);
|
||||
memset(&in_creds, 0, sizeof(in_creds));
|
||||
ret = get_server(context, client, server, &in_creds.server);
|
||||
krb5_free_principal(context, client);
|
||||
if(ret)
|
||||
return ret;
|
||||
ret = krb5_get_credentials(context, 0, ccache, &in_creds, &real_creds);
|
||||
krb5_free_principal(context, in_creds.server);
|
||||
if(ret)
|
||||
return ret;
|
||||
}
|
||||
|
@ -33,7 +33,7 @@
|
||||
|
||||
#include "der_locl.h"
|
||||
|
||||
RCSID("$Id: der_get.c,v 1.32 2002/08/22 19:11:07 assar Exp $");
|
||||
RCSID("$Id: der_get.c,v 1.33 2002/09/03 16:21:49 nectar Exp $");
|
||||
|
||||
#include <version.h>
|
||||
|
||||
@ -252,6 +252,8 @@ decode_integer (const unsigned char *p, size_t len,
|
||||
p += l;
|
||||
len -= l;
|
||||
ret += l;
|
||||
if (reallen > len)
|
||||
return ASN1_OVERRUN;
|
||||
e = der_get_int (p, reallen, num, &l);
|
||||
if (e) return e;
|
||||
p += l;
|
||||
@ -279,6 +281,8 @@ decode_unsigned (const unsigned char *p, size_t len,
|
||||
p += l;
|
||||
len -= l;
|
||||
ret += l;
|
||||
if (reallen > len)
|
||||
return ASN1_OVERRUN;
|
||||
e = der_get_unsigned (p, reallen, num, &l);
|
||||
if (e) return e;
|
||||
p += l;
|
||||
|
@ -33,7 +33,7 @@
|
||||
|
||||
#include "gen_locl.h"
|
||||
|
||||
RCSID("$Id: gen.c,v 1.48 2002/08/26 13:27:20 assar Exp $");
|
||||
RCSID("$Id: gen.c,v 1.49 2002/09/04 15:06:18 joda Exp $");
|
||||
|
||||
FILE *headerfile, *codefile, *logfile;
|
||||
|
||||
@ -102,20 +102,29 @@ init_generate (const char *filename, const char *base)
|
||||
" void *data;\n"
|
||||
"} octet_string;\n\n");
|
||||
fprintf (headerfile,
|
||||
#if 0
|
||||
"typedef struct general_string {\n"
|
||||
" size_t length;\n"
|
||||
" char *data;\n"
|
||||
"} general_string;\n\n"
|
||||
#else
|
||||
"typedef char *general_string;\n\n"
|
||||
#endif
|
||||
);
|
||||
fprintf (headerfile,
|
||||
"typedef struct oid {\n"
|
||||
" size_t length;\n"
|
||||
" unsigned *components;\n"
|
||||
"} oid;\n\n");
|
||||
fputs("#define ASN1_MALLOC_ENCODE(T, B, BL, S, L, R) \\\n"
|
||||
" do { \\\n"
|
||||
" (BL) = length_##T((S)); \\\n"
|
||||
" (B) = malloc((BL)); \\\n"
|
||||
" if((B) == NULL) { \\\n"
|
||||
" (R) = ENOMEM; \\\n"
|
||||
" } else { \\\n"
|
||||
" (R) = encode_##T(((unsigned char*)(B)) + (BL) - 1, (BL), \\\n"
|
||||
" (S), (L)); \\\n"
|
||||
" if((R) != 0) { \\\n"
|
||||
" free((B)); \\\n"
|
||||
" (B) = NULL; \\\n"
|
||||
" } \\\n"
|
||||
" } \\\n"
|
||||
" } while (0)\n\n",
|
||||
headerfile);
|
||||
fprintf (headerfile, "#endif\n\n");
|
||||
logfile = fopen(STEM "_files", "w");
|
||||
if (logfile == NULL)
|
||||
|
@ -1,4 +1,4 @@
|
||||
-- $Id: k5.asn1,v 1.26 2002/03/18 19:00:43 joda Exp $
|
||||
-- $Id: k5.asn1,v 1.27 2002/09/03 17:32:09 joda Exp $
|
||||
|
||||
KERBEROS5 DEFINITIONS ::=
|
||||
BEGIN
|
||||
@ -97,8 +97,7 @@ ENCTYPE ::= INTEGER {
|
||||
ETYPE_DES_CBC_NONE(-0x1000),
|
||||
ETYPE_DES3_CBC_NONE(-0x1001),
|
||||
ETYPE_DES_CFB64_NONE(-0x1002),
|
||||
ETYPE_DES_PCBC_NONE(-0x1003),
|
||||
ETYPE_DES3_CBC_NONE_IVEC(-0x1004)
|
||||
ETYPE_DES_PCBC_NONE(-0x1003)
|
||||
}
|
||||
|
||||
-- this is sugar to make something ASN1 does not have: unsigned
|
||||
|
@ -33,7 +33,7 @@
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include<config.h>
|
||||
RCSID("$Id: pam.c,v 1.27 2001/02/15 04:30:05 assar Exp $");
|
||||
RCSID("$Id: pam.c,v 1.28 2002/09/09 15:57:24 joda Exp $");
|
||||
#endif
|
||||
|
||||
#include <stdio.h>
|
||||
@ -128,7 +128,7 @@ pdeb(const char *format, ...)
|
||||
if (ctrl_off(KRB4_DEBUG))
|
||||
return;
|
||||
va_start(args, format);
|
||||
openlog("pam_krb4", LOG_CONS|LOG_PID, LOG_AUTH);
|
||||
openlog("pam_krb4", LOG_PID, LOG_AUTH);
|
||||
vsyslog(LOG_DEBUG, format, args);
|
||||
va_end(args);
|
||||
closelog();
|
||||
|
@ -1,3 +1,13 @@
|
||||
2002-09-03 Johan Danielsson <joda@pdc.kth.se>
|
||||
|
||||
* wrap.c (wrap_des3): use ETYPE_DES3_CBC_NONE
|
||||
|
||||
* unwrap.c (unwrap_des3): use ETYPE_DES3_CBC_NONE
|
||||
|
||||
2002-09-02 Johan Danielsson <joda@pdc.kth.se>
|
||||
|
||||
* init_sec_context.c: we need to generate a local subkey here
|
||||
|
||||
2002-08-20 Jacques Vidrine <n@nectar.com>
|
||||
|
||||
* acquire_cred.c, inquire_cred.c, release_cred.c: Use default
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
|
||||
* Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -33,7 +33,7 @@
|
||||
|
||||
#include "gssapi_locl.h"
|
||||
|
||||
RCSID("$Id: init_sec_context.c,v 1.29 2001/08/29 02:21:09 assar Exp $");
|
||||
RCSID("$Id: init_sec_context.c,v 1.31 2002/09/02 17:16:12 joda Exp $");
|
||||
|
||||
/*
|
||||
* copy the addresses from `input_chan_bindings' (if any) to
|
||||
@ -367,6 +367,16 @@ init_auth
|
||||
}
|
||||
#endif
|
||||
|
||||
kret = krb5_auth_con_generatelocalsubkey(gssapi_krb5_context,
|
||||
(*context_handle)->auth_context,
|
||||
&cred->session);
|
||||
if(kret) {
|
||||
gssapi_krb5_set_error_string ();
|
||||
*minor_status = kret;
|
||||
ret = GSS_S_FAILURE;
|
||||
goto failure;
|
||||
}
|
||||
|
||||
kret = krb5_build_authenticator (gssapi_krb5_context,
|
||||
(*context_handle)->auth_context,
|
||||
enctype,
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
|
||||
* Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -33,7 +33,7 @@
|
||||
|
||||
#include "gssapi_locl.h"
|
||||
|
||||
RCSID("$Id: unwrap.c,v 1.20 2002/05/20 15:14:00 nectar Exp $");
|
||||
RCSID("$Id: unwrap.c,v 1.21 2002/09/03 17:33:11 joda Exp $");
|
||||
|
||||
OM_uint32
|
||||
gss_krb5_get_remotekey(const gss_ctx_id_t context_handle,
|
||||
@ -296,7 +296,7 @@ unwrap_des3
|
||||
p -= 28;
|
||||
|
||||
ret = krb5_crypto_init(gssapi_krb5_context, key,
|
||||
ETYPE_DES3_CBC_NONE_IVEC, &crypto);
|
||||
ETYPE_DES3_CBC_NONE, &crypto);
|
||||
if (ret) {
|
||||
gssapi_krb5_set_error_string ();
|
||||
*minor_status = ret;
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
|
||||
* Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -33,7 +33,7 @@
|
||||
|
||||
#include "gssapi_locl.h"
|
||||
|
||||
RCSID("$Id: wrap.c,v 1.19 2001/06/18 02:53:52 assar Exp $");
|
||||
RCSID("$Id: wrap.c,v 1.20 2002/09/03 17:33:36 joda Exp $");
|
||||
|
||||
OM_uint32
|
||||
gss_krb5_get_localkey(const gss_ctx_id_t context_handle,
|
||||
@ -330,7 +330,7 @@ wrap_des3
|
||||
4);
|
||||
|
||||
|
||||
ret = krb5_crypto_init(gssapi_krb5_context, key, ETYPE_DES3_CBC_NONE_IVEC,
|
||||
ret = krb5_crypto_init(gssapi_krb5_context, key, ETYPE_DES3_CBC_NONE,
|
||||
&crypto);
|
||||
if (ret) {
|
||||
free (output_message_buffer->value);
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997-2001 Kungliga Tekniska Högskolan
|
||||
* Copyright (c) 1997-2002 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -33,35 +33,21 @@
|
||||
|
||||
#include "hdb_locl.h"
|
||||
|
||||
RCSID("$Id: common.c,v 1.10 2001/07/13 06:30:41 assar Exp $");
|
||||
RCSID("$Id: common.c,v 1.11 2002/09/04 16:32:30 joda Exp $");
|
||||
|
||||
int
|
||||
hdb_principal2key(krb5_context context, krb5_principal p, krb5_data *key)
|
||||
{
|
||||
Principal new;
|
||||
size_t len;
|
||||
unsigned char *buf;
|
||||
int ret;
|
||||
|
||||
ret = copy_Principal(p, &new);
|
||||
if(ret)
|
||||
goto out;
|
||||
if(ret)
|
||||
return ret;
|
||||
new.name.name_type = 0;
|
||||
len = length_Principal(&new);
|
||||
buf = malloc(len);
|
||||
if(buf == NULL){
|
||||
krb5_set_error_string(context, "malloc: out of memory");
|
||||
ret = ENOMEM;
|
||||
goto out;
|
||||
}
|
||||
ret = encode_Principal(buf + len - 1, len, &new, &len);
|
||||
if(ret){
|
||||
free(buf);
|
||||
goto out;
|
||||
}
|
||||
key->data = buf;
|
||||
key->length = len;
|
||||
out:
|
||||
|
||||
ASN1_MALLOC_ENCODE(Principal, key->data, key->length, &new, &len, ret);
|
||||
free_Principal(&new);
|
||||
return ret;
|
||||
}
|
||||
@ -75,24 +61,11 @@ hdb_key2principal(krb5_context context, krb5_data *key, krb5_principal p)
|
||||
int
|
||||
hdb_entry2value(krb5_context context, hdb_entry *ent, krb5_data *value)
|
||||
{
|
||||
unsigned char *buf;
|
||||
size_t len;
|
||||
int ret;
|
||||
|
||||
len = length_hdb_entry(ent);
|
||||
buf = malloc(len);
|
||||
if(buf == NULL) {
|
||||
krb5_set_error_string(context, "malloc: out of memory");
|
||||
return ENOMEM;
|
||||
}
|
||||
ret = encode_hdb_entry(buf + len - 1, len, ent, &len);
|
||||
if(ret){
|
||||
free(buf);
|
||||
return ret;
|
||||
}
|
||||
value->data = buf;
|
||||
value->length = len;
|
||||
return 0;
|
||||
|
||||
ASN1_MALLOC_ENCODE(hdb_entry, value->data, value->length, ent, &len, ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
int
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1999 - 2001, PADL Software Pty Ltd.
|
||||
* Copyright (c) 1999-2001, PADL Software Pty Ltd.
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
@ -32,7 +32,7 @@
|
||||
|
||||
#include "hdb_locl.h"
|
||||
|
||||
RCSID("$Id: hdb-ldap.c,v 1.9 2001/08/31 18:19:49 joda Exp $");
|
||||
RCSID("$Id: hdb-ldap.c,v 1.10 2002/09/04 18:42:22 joda Exp $");
|
||||
|
||||
#ifdef OPENLDAP
|
||||
|
||||
@ -451,29 +451,10 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry * ent,
|
||||
for (i = 0; i < ent->keys.len; i++) {
|
||||
unsigned char *buf;
|
||||
size_t len;
|
||||
Key new;
|
||||
|
||||
ret = copy_Key(&ent->keys.val[i], &new);
|
||||
if (ret != 0) {
|
||||
ASN1_MALLOC_ENCODE(Key, buf, len, &ent->keys.val[i], &len, ret);
|
||||
if (ret != 0)
|
||||
goto out;
|
||||
}
|
||||
|
||||
len = length_Key(&new);
|
||||
buf = malloc(len);
|
||||
if (buf == NULL) {
|
||||
krb5_set_error_string(context, "malloc: out of memory");
|
||||
ret = ENOMEM;
|
||||
free_Key(&new);
|
||||
goto out;
|
||||
}
|
||||
|
||||
ret = encode_Key(buf + len - 1, len, &new, &len);
|
||||
if (ret != 0) {
|
||||
free(buf);
|
||||
free_Key(&new);
|
||||
goto out;
|
||||
}
|
||||
free_Key(&new);
|
||||
|
||||
/* addmod_len _owns_ the key, doesn't need to copy it */
|
||||
ret = LDAP_addmod_len(&mods, LDAP_MOD_ADD, "krb5Key", buf, len);
|
||||
|
@ -31,7 +31,7 @@
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/* $Id: hdb_locl.h,v 1.17 2001/08/22 20:30:28 assar Exp $ */
|
||||
/* $Id: hdb_locl.h,v 1.18 2002/09/10 20:03:48 joda Exp $ */
|
||||
|
||||
#ifndef __HDB_LOCL_H__
|
||||
#define __HDB_LOCL_H__
|
||||
@ -56,11 +56,7 @@
|
||||
#endif
|
||||
#include <roken.h>
|
||||
|
||||
#ifdef HAVE_OPENSSL
|
||||
#include <openssl/des.h>
|
||||
#else
|
||||
#include <des.h>
|
||||
#endif
|
||||
#include "crypto-headers.h"
|
||||
#include <krb5.h>
|
||||
#include <hdb.h>
|
||||
#include <hdb-private.h>
|
||||
|
@ -1,3 +1,11 @@
|
||||
2002-08-12 Johan Danielsson <joda@pdc.kth.se>
|
||||
|
||||
* k5dfspag.c: don't use ## in string concatenation
|
||||
|
||||
2002-03-11 Assar Westerlund <assar@sics.se>
|
||||
|
||||
* Makefile.am (libkdfs_la_LDFLAGS): set versoin to 0:2:0
|
||||
|
||||
2002-01-23 Assar Westerlund <assar@sics.se>
|
||||
|
||||
* k5dfspag.c: use SIG_DFL and not SIG_IGN for SIGCHLD.
|
||||
|
@ -1,4 +1,4 @@
|
||||
# $Id: Makefile.am,v 1.2 2000/12/11 00:46:47 assar Exp $
|
||||
# $Id: Makefile.am,v 1.3 2002/03/10 23:53:22 assar Exp $
|
||||
|
||||
include $(top_srcdir)/Makefile.am.common
|
||||
|
||||
@ -7,4 +7,4 @@ lib_LTLIBRARIES = libkdfs.la
|
||||
libkdfs_la_SOURCES = \
|
||||
k5dfspag.c
|
||||
|
||||
libkdfs_la_LDFLAGS = -version-info 0:1:0
|
||||
libkdfs_la_LDFLAGS = -version-info 0:2:0
|
||||
|
@ -1,6 +1,7 @@
|
||||
# Makefile.in generated automatically by automake 1.5 from Makefile.am.
|
||||
# Makefile.in generated by automake 1.6.3 from Makefile.am.
|
||||
# @configure_input@
|
||||
|
||||
# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001
|
||||
# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002
|
||||
# Free Software Foundation, Inc.
|
||||
# This Makefile.in is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
@ -13,14 +14,11 @@
|
||||
|
||||
@SET_MAKE@
|
||||
|
||||
# $Id: Makefile.am,v 1.2 2000/12/11 00:46:47 assar Exp $
|
||||
# $Id: Makefile.am,v 1.3 2002/03/10 23:53:22 assar Exp $
|
||||
|
||||
# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
|
||||
|
||||
# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
|
||||
|
||||
|
||||
# $Id: Makefile.am.common,v 1.31 2001/09/01 11:12:18 assar Exp $
|
||||
|
||||
# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
|
||||
SHELL = @SHELL@
|
||||
|
||||
srcdir = @srcdir@
|
||||
@ -51,9 +49,13 @@ AUTOCONF = @AUTOCONF@
|
||||
AUTOMAKE = @AUTOMAKE@
|
||||
AUTOHEADER = @AUTOHEADER@
|
||||
|
||||
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
|
||||
INSTALL = @INSTALL@
|
||||
INSTALL_PROGRAM = @INSTALL_PROGRAM@
|
||||
INSTALL_DATA = @INSTALL_DATA@
|
||||
install_sh_DATA = $(install_sh) -c -m 644
|
||||
install_sh_PROGRAM = $(install_sh) -c
|
||||
install_sh_SCRIPT = $(install_sh) -c
|
||||
INSTALL_SCRIPT = @INSTALL_SCRIPT@
|
||||
INSTALL_HEADER = $(INSTALL_DATA)
|
||||
transform = @program_transform_name@
|
||||
@ -65,6 +67,10 @@ PRE_UNINSTALL = :
|
||||
POST_UNINSTALL = :
|
||||
host_alias = @host_alias@
|
||||
host_triplet = @host@
|
||||
|
||||
EXEEXT = @EXEEXT@
|
||||
OBJEXT = @OBJEXT@
|
||||
PATH_SEPARATOR = @PATH_SEPARATOR@
|
||||
AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
|
||||
AMTAR = @AMTAR@
|
||||
AS = @AS@
|
||||
@ -81,7 +87,7 @@ DIR_com_err = @DIR_com_err@
|
||||
DIR_des = @DIR_des@
|
||||
DIR_roken = @DIR_roken@
|
||||
DLLTOOL = @DLLTOOL@
|
||||
EXEEXT = @EXEEXT@
|
||||
ECHO = @ECHO@
|
||||
EXTRA_LIB45 = @EXTRA_LIB45@
|
||||
GROFF = @GROFF@
|
||||
INCLUDES_roken = @INCLUDES_roken@
|
||||
@ -89,7 +95,9 @@ INCLUDE_ = @INCLUDE_@
|
||||
INCLUDE_des = @INCLUDE_des@
|
||||
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
|
||||
LEX = @LEX@
|
||||
LIBOBJS = @LIBOBJS@
|
||||
|
||||
LEXLIB = @LEXLIB@
|
||||
LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
|
||||
LIBTOOL = @LIBTOOL@
|
||||
LIB_ = @LIB_@
|
||||
LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
|
||||
@ -111,9 +119,9 @@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
|
||||
NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
|
||||
NROFF = @NROFF@
|
||||
OBJDUMP = @OBJDUMP@
|
||||
OBJEXT = @OBJEXT@
|
||||
PACKAGE = @PACKAGE@
|
||||
RANLIB = @RANLIB@
|
||||
STRIP = @STRIP@
|
||||
VERSION = @VERSION@
|
||||
VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
|
||||
WFLAGS = @WFLAGS@
|
||||
@ -126,16 +134,19 @@ X_PRE_LIBS = @X_PRE_LIBS@
|
||||
YACC = @YACC@
|
||||
am__include = @am__include@
|
||||
am__quote = @am__quote@
|
||||
dpagaix_CFLAGS = @dpagaix_CFLAGS@
|
||||
dpagaix_LDADD = @dpagaix_LDADD@
|
||||
dpagaix_cflags = @dpagaix_cflags@
|
||||
dpagaix_ldadd = @dpagaix_ldadd@
|
||||
dpagaix_ldflags = @dpagaix_ldflags@
|
||||
install_sh = @install_sh@
|
||||
|
||||
AUTOMAKE_OPTIONS = foreign no-dependencies 1.4b
|
||||
AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
|
||||
|
||||
SUFFIXES = .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x
|
||||
SUFFIXES = .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8
|
||||
|
||||
INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken)
|
||||
|
||||
@do_roken_rename_TRUE@ROKEN_RENAME = -DROKEN_RENAME
|
||||
|
||||
AM_CFLAGS = $(WFLAGS)
|
||||
|
||||
CP = cp
|
||||
@ -166,8 +177,6 @@ LIB_socket = @LIB_socket@
|
||||
LIB_syslog = @LIB_syslog@
|
||||
LIB_tgetent = @LIB_tgetent@
|
||||
|
||||
LIBS = @LIBS@
|
||||
|
||||
HESIODLIB = @HESIODLIB@
|
||||
HESIODINCLUDE = @HESIODINCLUDE@
|
||||
INCLUDE_hesiod = @INCLUDE_hesiod@
|
||||
@ -182,8 +191,6 @@ LIB_openldap = @LIB_openldap@
|
||||
INCLUDE_readline = @INCLUDE_readline@
|
||||
LIB_readline = @LIB_readline@
|
||||
|
||||
LEXLIB = @LEXLIB@
|
||||
|
||||
NROFF_MAN = groff -mandoc -Tascii
|
||||
|
||||
@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
|
||||
@ -195,15 +202,13 @@ NROFF_MAN = groff -mandoc -Tascii
|
||||
|
||||
@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
|
||||
|
||||
CHECK_LOCAL = $(PROGRAMS)
|
||||
|
||||
lib_LTLIBRARIES = libkdfs.la
|
||||
|
||||
libkdfs_la_SOURCES = \
|
||||
k5dfspag.c
|
||||
|
||||
|
||||
libkdfs_la_LDFLAGS = -version-info 0:1:0
|
||||
libkdfs_la_LDFLAGS = -version-info 0:2:0
|
||||
subdir = lib/kdfs
|
||||
mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
|
||||
CONFIG_HEADER = $(top_builddir)/include/config.h
|
||||
@ -218,7 +223,9 @@ DEFS = @DEFS@
|
||||
DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include
|
||||
CPPFLAGS = @CPPFLAGS@
|
||||
LDFLAGS = @LDFLAGS@
|
||||
LIBS = @LIBS@
|
||||
depcomp =
|
||||
am__depfiles_maybe =
|
||||
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
|
||||
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
|
||||
LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \
|
||||
@ -234,42 +241,40 @@ SOURCES = $(libkdfs_la_SOURCES)
|
||||
all: all-am
|
||||
|
||||
.SUFFIXES:
|
||||
.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj
|
||||
|
||||
mostlyclean-libtool:
|
||||
-rm -f *.lo
|
||||
|
||||
clean-libtool:
|
||||
-rm -rf .libs _libs
|
||||
|
||||
distclean-libtool:
|
||||
-rm -f libtool
|
||||
.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
|
||||
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
|
||||
cd $(top_srcdir) && \
|
||||
$(AUTOMAKE) --foreign lib/kdfs/Makefile
|
||||
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
|
||||
cd $(top_builddir) && \
|
||||
CONFIG_HEADERS= CONFIG_LINKS= \
|
||||
CONFIG_FILES=$(subdir)/$@ $(SHELL) ./config.status
|
||||
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
|
||||
libLTLIBRARIES_INSTALL = $(INSTALL)
|
||||
install-libLTLIBRARIES: $(lib_LTLIBRARIES)
|
||||
@$(NORMAL_INSTALL)
|
||||
$(mkinstalldirs) $(DESTDIR)$(libdir)
|
||||
@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
|
||||
if test -f $$p; then \
|
||||
echo " $(LIBTOOL) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$p"; \
|
||||
$(LIBTOOL) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$p; \
|
||||
f="`echo $$p | sed -e 's|^.*/||'`"; \
|
||||
echo " $(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f"; \
|
||||
$(LIBTOOL) --mode=install $(libLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$f; \
|
||||
else :; fi; \
|
||||
done
|
||||
|
||||
uninstall-libLTLIBRARIES:
|
||||
@$(NORMAL_UNINSTALL)
|
||||
@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
|
||||
p="`echo $$p | sed -e 's|^.*/||'`"; \
|
||||
echo " $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p"; \
|
||||
$(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p; \
|
||||
done
|
||||
|
||||
clean-libLTLIBRARIES:
|
||||
-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
|
||||
@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
|
||||
dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
|
||||
test -z "$dir" && dir=.; \
|
||||
echo "rm -f \"$${dir}/so_locations\""; \
|
||||
rm -f "$${dir}/so_locations"; \
|
||||
done
|
||||
libkdfs.la: $(libkdfs_la_OBJECTS) $(libkdfs_la_DEPENDENCIES)
|
||||
$(LINK) -rpath $(libdir) $(libkdfs_la_LDFLAGS) $(libkdfs_la_OBJECTS) $(libkdfs_la_LIBADD) $(LIBS)
|
||||
|
||||
@ -280,62 +285,79 @@ distclean-compile:
|
||||
-rm -f *.tab.c
|
||||
|
||||
.c.o:
|
||||
$(COMPILE) -c `test -f $< || echo '$(srcdir)/'`$<
|
||||
$(COMPILE) -c `test -f '$<' || echo '$(srcdir)/'`$<
|
||||
|
||||
.c.obj:
|
||||
$(COMPILE) -c `cygpath -w $<`
|
||||
|
||||
.c.lo:
|
||||
$(LTCOMPILE) -c -o $@ `test -f $< || echo '$(srcdir)/'`$<
|
||||
$(LTCOMPILE) -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
|
||||
|
||||
mostlyclean-libtool:
|
||||
-rm -f *.lo
|
||||
|
||||
clean-libtool:
|
||||
-rm -rf .libs _libs
|
||||
|
||||
distclean-libtool:
|
||||
-rm -f libtool
|
||||
uninstall-info-am:
|
||||
|
||||
ETAGS = etags
|
||||
ETAGSFLAGS =
|
||||
|
||||
tags: TAGS
|
||||
|
||||
ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
|
||||
list='$(SOURCES) $(HEADERS) $(TAGS_FILES)'; \
|
||||
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
|
||||
unique=`for i in $$list; do \
|
||||
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
|
||||
done | \
|
||||
$(AWK) ' { files[$$0] = 1; } \
|
||||
END { for (i in files) print i; }'`; \
|
||||
mkid -fID $$unique $(LISP)
|
||||
mkid -fID $$unique
|
||||
|
||||
TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
|
||||
$(TAGS_FILES) $(LISP)
|
||||
tags=; \
|
||||
here=`pwd`; \
|
||||
list='$(SOURCES) $(HEADERS) $(TAGS_FILES)'; \
|
||||
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
|
||||
unique=`for i in $$list; do \
|
||||
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
|
||||
done | \
|
||||
$(AWK) ' { files[$$0] = 1; } \
|
||||
END { for (i in files) print i; }'`; \
|
||||
test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
|
||||
|| etags $(ETAGS_ARGS) $$tags $$unique $(LISP)
|
||||
test -z "$(ETAGS_ARGS)$$tags$$unique" \
|
||||
|| $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
|
||||
$$tags $$unique
|
||||
|
||||
GTAGS:
|
||||
here=`CDPATH=: && cd $(top_builddir) && pwd` \
|
||||
here=`$(am__cd) $(top_builddir) && pwd` \
|
||||
&& cd $(top_srcdir) \
|
||||
&& gtags -i $(GTAGS_ARGS) $$here
|
||||
|
||||
distclean-tags:
|
||||
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH
|
||||
|
||||
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
|
||||
|
||||
top_distdir = ../..
|
||||
distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)
|
||||
|
||||
distdir: $(DISTFILES)
|
||||
@for file in $(DISTFILES); do \
|
||||
if test -f $$file; then d=.; else d=$(srcdir); fi; \
|
||||
@list='$(DISTFILES)'; for file in $$list; do \
|
||||
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
|
||||
dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
|
||||
if test "$$dir" != "$$file" && test "$$dir" != "."; then \
|
||||
$(mkinstalldirs) "$(distdir)/$$dir"; \
|
||||
dir="/$$dir"; \
|
||||
$(mkinstalldirs) "$(distdir)$$dir"; \
|
||||
else \
|
||||
dir=''; \
|
||||
fi; \
|
||||
if test -d $$d/$$file; then \
|
||||
cp -pR $$d/$$file $(distdir) \
|
||||
|| exit 1; \
|
||||
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
|
||||
cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
|
||||
fi; \
|
||||
cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
|
||||
else \
|
||||
test -f $(distdir)/$$file \
|
||||
|| cp -p $$d/$$file $(distdir)/$$file \
|
||||
@ -364,6 +386,7 @@ install-am: all-am
|
||||
installcheck: installcheck-am
|
||||
install-strip:
|
||||
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
|
||||
INSTALL_STRIP_FLAG=-s \
|
||||
`test -z '$(STRIP)' || \
|
||||
echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
|
||||
mostlyclean-generic:
|
||||
@ -371,7 +394,7 @@ mostlyclean-generic:
|
||||
clean-generic:
|
||||
|
||||
distclean-generic:
|
||||
-rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]*
|
||||
-rm -f Makefile $(CONFIG_CLEAN_FILES)
|
||||
|
||||
maintainer-clean-generic:
|
||||
@echo "This command is intended for maintainers to use"
|
||||
@ -443,7 +466,7 @@ install-suid-programs:
|
||||
install-exec-hook: install-suid-programs
|
||||
|
||||
install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
|
||||
@foo='$(include_HEADERS) $(build_HEADERZ)'; \
|
||||
@foo='$(include_HEADERS) $(nodist_include_HEADERS) $(build_HEADERZ)'; \
|
||||
for f in $$foo; do \
|
||||
f=`basename $$f`; \
|
||||
if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
|
||||
@ -456,6 +479,36 @@ install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
|
||||
done
|
||||
|
||||
all-local: install-build-headers
|
||||
|
||||
check-local::
|
||||
@if test '$(CHECK_LOCAL)'; then \
|
||||
foo='$(CHECK_LOCAL)'; else \
|
||||
foo='$(PROGRAMS)'; fi; \
|
||||
if test "$$foo"; then \
|
||||
failed=0; all=0; \
|
||||
for i in $$foo; do \
|
||||
all=`expr $$all + 1`; \
|
||||
if ./$$i --version > /dev/null 2>&1; then \
|
||||
echo "PASS: $$i"; \
|
||||
else \
|
||||
echo "FAIL: $$i"; \
|
||||
failed=`expr $$failed + 1`; \
|
||||
fi; \
|
||||
done; \
|
||||
if test "$$failed" -eq 0; then \
|
||||
banner="All $$all tests passed"; \
|
||||
else \
|
||||
banner="$$failed of $$all tests failed"; \
|
||||
fi; \
|
||||
dashes=`echo "$$banner" | sed s/./=/g`; \
|
||||
echo "$$dashes"; \
|
||||
echo "$$banner"; \
|
||||
echo "$$dashes"; \
|
||||
test "$$failed" -eq 0; \
|
||||
fi
|
||||
|
||||
.x.c:
|
||||
@cmp -s $< $@ 2> /dev/null || cp $< $@
|
||||
#NROFF_MAN = nroff -man
|
||||
.1.cat1:
|
||||
$(NROFF_MAN) $< > $@
|
||||
@ -529,34 +582,6 @@ install-data-local: install-cat-mans
|
||||
$(COMPILE_ET) $<
|
||||
.et.c:
|
||||
$(COMPILE_ET) $<
|
||||
|
||||
.x.c:
|
||||
@cmp -s $< $@ 2> /dev/null || cp $< $@
|
||||
|
||||
check-local::
|
||||
@foo='$(CHECK_LOCAL)'; \
|
||||
if test "$$foo"; then \
|
||||
failed=0; all=0; \
|
||||
for i in $$foo; do \
|
||||
all=`expr $$all + 1`; \
|
||||
if ./$$i --version > /dev/null 2>&1; then \
|
||||
echo "PASS: $$i"; \
|
||||
else \
|
||||
echo "FAIL: $$i"; \
|
||||
failed=`expr $$failed + 1`; \
|
||||
fi; \
|
||||
done; \
|
||||
if test "$$failed" -eq 0; then \
|
||||
banner="All $$all tests passed"; \
|
||||
else \
|
||||
banner="$$failed of $$all tests failed"; \
|
||||
fi; \
|
||||
dashes=`echo "$$banner" | sed s/./=/g`; \
|
||||
echo "$$dashes"; \
|
||||
echo "$$banner"; \
|
||||
echo "$$dashes"; \
|
||||
test "$$failed" -eq 0; \
|
||||
fi
|
||||
# Tell versions [3.59,3.63) of GNU make to not export all variables.
|
||||
# Otherwise a system limit (for SysV at least) may be exceeded.
|
||||
.NOEXPORT:
|
||||
|
@ -25,7 +25,7 @@
|
||||
#include <config.h>
|
||||
#endif
|
||||
|
||||
RCSID("$Id: k5dfspag.c,v 1.5 2002/01/23 01:49:34 assar Exp $");
|
||||
RCSID("$Id: k5dfspag.c,v 1.6 2002/08/12 15:11:58 joda Exp $");
|
||||
|
||||
#include <krb5.h>
|
||||
|
||||
@ -104,7 +104,7 @@ typedef krb5_sigtype sigtype;
|
||||
|
||||
#elif defined(_AIX)
|
||||
#ifndef DPAGAIX
|
||||
#define DPAGAIX LIBEXECDIR ## "/dpagaix"
|
||||
#define DPAGAIX LIBEXECDIR "/dpagaix"
|
||||
#endif
|
||||
int *load();
|
||||
static int (*dpagaix)(int, int, int, int, int, int) = 0;
|
||||
@ -124,7 +124,7 @@ static int (*dpagaix)(int, int, int, int, int, int) = 0;
|
||||
#endif /* WAIT_USES_INT */
|
||||
|
||||
#ifndef K5DCECON
|
||||
#define K5DCECON LIBEXECDIR ## "/k5dcecon"
|
||||
#define K5DCECON LIBEXECDIR "/k5dcecon"
|
||||
#endif
|
||||
|
||||
/*
|
||||
|
@ -1,4 +1,4 @@
|
||||
# $Id: Makefile.am,v 1.145 2002/08/29 04:02:24 assar Exp $
|
||||
# $Id: Makefile.am,v 1.147 2002/09/03 14:45:13 joda Exp $
|
||||
|
||||
include $(top_srcdir)/Makefile.am.common
|
||||
|
||||
@ -13,7 +13,8 @@ TESTS = \
|
||||
string-to-key-test \
|
||||
derived-key-test \
|
||||
store-test \
|
||||
parse-name-test
|
||||
parse-name-test \
|
||||
name-45-test
|
||||
|
||||
check_PROGRAMS = $(TESTS)
|
||||
|
||||
@ -133,10 +134,10 @@ libkrb5_la_LDFLAGS = -version-info 18:3:1
|
||||
|
||||
$(libkrb5_la_OBJECTS): $(srcdir)/krb5-protos.h $(srcdir)/krb5-private.h
|
||||
|
||||
$(srcdir)/krb5-protos.h: $(ERR_FILES)
|
||||
$(srcdir)/krb5-protos.h:
|
||||
cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -o krb5-protos.h $(libkrb5_la_SOURCES) || rm -f krb5-protos.h
|
||||
|
||||
$(srcdir)/krb5-private.h: $(ERR_FILES)
|
||||
$(srcdir)/krb5-private.h:
|
||||
cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p krb5-private.h $(libkrb5_la_SOURCES) || rm -f krb5-private.h
|
||||
|
||||
#libkrb5_la_LIBADD = ../com_err/error.lo ../com_err/com_err.lo
|
||||
|
@ -14,7 +14,7 @@
|
||||
|
||||
@SET_MAKE@
|
||||
|
||||
# $Id: Makefile.am,v 1.145 2002/08/29 04:02:24 assar Exp $
|
||||
# $Id: Makefile.am,v 1.147 2002/09/03 14:45:13 joda Exp $
|
||||
|
||||
# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
|
||||
|
||||
@ -211,7 +211,8 @@ TESTS = \
|
||||
string-to-key-test \
|
||||
derived-key-test \
|
||||
store-test \
|
||||
parse-name-test
|
||||
parse-name-test \
|
||||
name-45-test
|
||||
|
||||
|
||||
check_PROGRAMS = $(TESTS)
|
||||
@ -406,7 +407,7 @@ libkrb5_la_OBJECTS = $(am_libkrb5_la_OBJECTS)
|
||||
bin_PROGRAMS = verify_krb5_conf$(EXEEXT)
|
||||
check_PROGRAMS = n-fold-test$(EXEEXT) string-to-key-test$(EXEEXT) \
|
||||
derived-key-test$(EXEEXT) store-test$(EXEEXT) \
|
||||
parse-name-test$(EXEEXT)
|
||||
parse-name-test$(EXEEXT) name-45-test$(EXEEXT)
|
||||
noinst_PROGRAMS = dump_config$(EXEEXT) test_get_addrs$(EXEEXT) \
|
||||
krbhst-test$(EXEEXT)
|
||||
PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS)
|
||||
@ -435,6 +436,12 @@ n_fold_test_LDADD = $(LDADD)
|
||||
n_fold_test_DEPENDENCIES = libkrb5.la \
|
||||
$(top_builddir)/lib/asn1/libasn1.la
|
||||
n_fold_test_LDFLAGS =
|
||||
name_45_test_SOURCES = name-45-test.c
|
||||
name_45_test_OBJECTS = name-45-test.$(OBJEXT)
|
||||
name_45_test_LDADD = $(LDADD)
|
||||
name_45_test_DEPENDENCIES = libkrb5.la \
|
||||
$(top_builddir)/lib/asn1/libasn1.la
|
||||
name_45_test_LDFLAGS =
|
||||
parse_name_test_SOURCES = parse-name-test.c
|
||||
parse_name_test_OBJECTS = parse-name-test.$(OBJEXT)
|
||||
parse_name_test_LDADD = $(LDADD)
|
||||
@ -481,13 +488,14 @@ LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
|
||||
$(AM_LDFLAGS) $(LDFLAGS) -o $@
|
||||
CFLAGS = @CFLAGS@
|
||||
DIST_SOURCES = $(libkrb5_la_SOURCES) derived-key-test.c dump_config.c \
|
||||
krbhst-test.c n-fold-test.c parse-name-test.c store-test.c \
|
||||
string-to-key-test.c test_get_addrs.c verify_krb5_conf.c
|
||||
krbhst-test.c n-fold-test.c name-45-test.c parse-name-test.c \
|
||||
store-test.c string-to-key-test.c test_get_addrs.c \
|
||||
verify_krb5_conf.c
|
||||
MANS = $(man_MANS)
|
||||
HEADERS = $(include_HEADERS)
|
||||
|
||||
DIST_COMMON = $(include_HEADERS) Makefile.am Makefile.in
|
||||
SOURCES = $(libkrb5_la_SOURCES) derived-key-test.c dump_config.c krbhst-test.c n-fold-test.c parse-name-test.c store-test.c string-to-key-test.c test_get_addrs.c verify_krb5_conf.c
|
||||
SOURCES = $(libkrb5_la_SOURCES) derived-key-test.c dump_config.c krbhst-test.c n-fold-test.c name-45-test.c parse-name-test.c store-test.c string-to-key-test.c test_get_addrs.c verify_krb5_conf.c
|
||||
|
||||
all: all-am
|
||||
|
||||
@ -583,6 +591,9 @@ krbhst-test$(EXEEXT): $(krbhst_test_OBJECTS) $(krbhst_test_DEPENDENCIES)
|
||||
n-fold-test$(EXEEXT): $(n_fold_test_OBJECTS) $(n_fold_test_DEPENDENCIES)
|
||||
@rm -f n-fold-test$(EXEEXT)
|
||||
$(LINK) $(n_fold_test_LDFLAGS) $(n_fold_test_OBJECTS) $(n_fold_test_LDADD) $(LIBS)
|
||||
name-45-test$(EXEEXT): $(name_45_test_OBJECTS) $(name_45_test_DEPENDENCIES)
|
||||
@rm -f name-45-test$(EXEEXT)
|
||||
$(LINK) $(name_45_test_LDFLAGS) $(name_45_test_OBJECTS) $(name_45_test_LDADD) $(LIBS)
|
||||
parse-name-test$(EXEEXT): $(parse_name_test_OBJECTS) $(parse_name_test_DEPENDENCIES)
|
||||
@rm -f parse-name-test$(EXEEXT)
|
||||
$(LINK) $(parse_name_test_LDFLAGS) $(parse_name_test_OBJECTS) $(parse_name_test_LDADD) $(LIBS)
|
||||
@ -1121,10 +1132,10 @@ install-data-local: install-cat-mans
|
||||
|
||||
$(libkrb5_la_OBJECTS): $(srcdir)/krb5-protos.h $(srcdir)/krb5-private.h
|
||||
|
||||
$(srcdir)/krb5-protos.h: $(ERR_FILES)
|
||||
$(srcdir)/krb5-protos.h:
|
||||
cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -o krb5-protos.h $(libkrb5_la_SOURCES) || rm -f krb5-protos.h
|
||||
|
||||
$(srcdir)/krb5-private.h: $(ERR_FILES)
|
||||
$(srcdir)/krb5-private.h:
|
||||
cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p krb5-private.h $(libkrb5_la_SOURCES) || rm -f krb5-private.h
|
||||
|
||||
$(libkrb5_la_OBJECTS): krb5_err.h heim_err.h k524_err.h
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
|
||||
* Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -33,7 +33,7 @@
|
||||
|
||||
#include "krb5_locl.h"
|
||||
|
||||
RCSID("$Id: auth_context.c,v 1.58 2002/08/15 08:23:07 joda Exp $");
|
||||
RCSID("$Id: auth_context.c,v 1.59 2002/09/02 17:11:02 joda Exp $");
|
||||
|
||||
krb5_error_code
|
||||
krb5_auth_con_init(krb5_context context,
|
||||
@ -291,6 +291,24 @@ krb5_auth_con_setlocalsubkey(krb5_context context,
|
||||
return copy_key(context, keyblock, &auth_context->local_subkey);
|
||||
}
|
||||
|
||||
krb5_error_code
|
||||
krb5_auth_con_generatelocalsubkey(krb5_context context,
|
||||
krb5_auth_context auth_context,
|
||||
krb5_keyblock *key)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
krb5_keyblock *subkey;
|
||||
|
||||
ret = krb5_generate_subkey (context, key, &subkey);
|
||||
if(ret)
|
||||
return ret;
|
||||
if(auth_context->local_subkey)
|
||||
krb5_free_keyblock(context, auth_context->local_subkey);
|
||||
auth_context->local_subkey = subkey;
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
krb5_error_code
|
||||
krb5_auth_con_setremotesubkey(krb5_context context,
|
||||
krb5_auth_context auth_context,
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
|
||||
* Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -33,7 +33,7 @@
|
||||
|
||||
#include <krb5_locl.h>
|
||||
|
||||
RCSID("$Id: build_ap_req.c,v 1.17 2001/05/14 06:14:44 assar Exp $");
|
||||
RCSID("$Id: build_ap_req.c,v 1.18 2002/09/04 16:26:04 joda Exp $");
|
||||
|
||||
krb5_error_code
|
||||
krb5_build_ap_req (krb5_context context,
|
||||
@ -66,15 +66,10 @@ krb5_build_ap_req (krb5_context context,
|
||||
ap.authenticator.kvno = NULL;
|
||||
ap.authenticator.cipher = authenticator;
|
||||
|
||||
retdata->length = length_AP_REQ(&ap);
|
||||
retdata->data = malloc(retdata->length);
|
||||
if(retdata->data == NULL) {
|
||||
krb5_set_error_string(context, "malloc: out of memory");
|
||||
ret = ENOMEM;
|
||||
} else
|
||||
encode_AP_REQ((unsigned char *)retdata->data + retdata->length - 1,
|
||||
retdata->length, &ap, &len);
|
||||
ASN1_MALLOC_ENCODE(AP_REQ, retdata->data, retdata->length,
|
||||
&ap, &len, ret);
|
||||
|
||||
free_AP_REQ(&ap);
|
||||
|
||||
return ret;
|
||||
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
|
||||
* Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -33,7 +33,7 @@
|
||||
|
||||
#include <krb5_locl.h>
|
||||
|
||||
RCSID("$Id: build_auth.c,v 1.35 2001/05/14 06:14:44 assar Exp $");
|
||||
RCSID("$Id: build_auth.c,v 1.38 2002/09/04 16:26:04 joda Exp $");
|
||||
|
||||
krb5_error_code
|
||||
krb5_build_authenticator (krb5_context context,
|
||||
@ -74,13 +74,6 @@ krb5_build_authenticator (krb5_context context,
|
||||
if(ret)
|
||||
goto fail;
|
||||
|
||||
if(auth->subkey == NULL) {
|
||||
krb5_generate_subkey (context, &cred->session, &auth->subkey);
|
||||
ret = krb5_auth_con_setlocalsubkey(context, auth_context, auth->subkey);
|
||||
if(ret)
|
||||
goto fail;
|
||||
}
|
||||
|
||||
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
|
||||
krb5_generate_seq_number (context,
|
||||
&cred->session,
|
||||
@ -99,36 +92,10 @@ krb5_build_authenticator (krb5_context context,
|
||||
auth_context->authenticator->cusec = auth->cusec;
|
||||
}
|
||||
|
||||
buf_size = 1024;
|
||||
buf = malloc (buf_size);
|
||||
if (buf == NULL) {
|
||||
krb5_set_error_string(context, "malloc: out of memory");
|
||||
ret = ENOMEM;
|
||||
ASN1_MALLOC_ENCODE(Authenticator, buf, buf_size, auth, &len, ret);
|
||||
|
||||
if (ret)
|
||||
goto fail;
|
||||
}
|
||||
|
||||
do {
|
||||
ret = krb5_encode_Authenticator (context,
|
||||
buf + buf_size - 1,
|
||||
buf_size,
|
||||
auth, &len);
|
||||
if (ret) {
|
||||
if (ret == ASN1_OVERFLOW) {
|
||||
u_char *tmp;
|
||||
|
||||
buf_size *= 2;
|
||||
tmp = realloc (buf, buf_size);
|
||||
if (tmp == NULL) {
|
||||
krb5_set_error_string(context, "malloc: out of memory");
|
||||
ret = ENOMEM;
|
||||
goto fail;
|
||||
}
|
||||
buf = tmp;
|
||||
} else {
|
||||
goto fail;
|
||||
}
|
||||
}
|
||||
} while(ret == ASN1_OVERFLOW);
|
||||
|
||||
ret = krb5_crypto_init(context, &cred->session, enctype, &crypto);
|
||||
if (ret)
|
||||
|
@ -33,7 +33,7 @@
|
||||
|
||||
#include <krb5_locl.h>
|
||||
|
||||
RCSID("$Id: changepw.c,v 1.35 2002/06/06 13:33:13 joda Exp $");
|
||||
RCSID("$Id: changepw.c,v 1.37 2002/09/03 16:14:34 nectar Exp $");
|
||||
|
||||
static krb5_error_code
|
||||
send_request (krb5_context context,
|
||||
@ -57,7 +57,7 @@ send_request (krb5_context context,
|
||||
|
||||
ret = krb5_mk_req_extended (context,
|
||||
auth_context,
|
||||
AP_OPTS_MUTUAL_REQUIRED,
|
||||
AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SUBKEY,
|
||||
NULL, /* in_data */
|
||||
creds,
|
||||
&ap_req_data);
|
||||
@ -144,7 +144,7 @@ process_reply (krb5_context context,
|
||||
u_char reply[BUFSIZ];
|
||||
size_t len;
|
||||
u_int16_t pkt_len, pkt_ver;
|
||||
krb5_data ap_rep_data;
|
||||
krb5_data ap_rep_data, priv_data;
|
||||
int save_errno;
|
||||
|
||||
ret = recvfrom (sock, reply, sizeof(reply), 0, NULL, NULL);
|
||||
@ -173,10 +173,13 @@ process_reply (krb5_context context,
|
||||
|
||||
ap_rep_data.data = reply + 6;
|
||||
ap_rep_data.length = (reply[4] << 8) | (reply[5]);
|
||||
priv_data.data = (u_char*)ap_rep_data.data + ap_rep_data.length;
|
||||
priv_data.length = len - ap_rep_data.length - 6;
|
||||
if ((u_char *)priv_data.data + priv_data.length >= reply + len)
|
||||
return KRB5_KPASSWD_MALFORMED;
|
||||
|
||||
if (ap_rep_data.length) {
|
||||
krb5_ap_rep_enc_part *ap_rep;
|
||||
krb5_data priv_data;
|
||||
u_char *p;
|
||||
|
||||
ret = krb5_rd_rep (context,
|
||||
@ -188,9 +191,6 @@ process_reply (krb5_context context,
|
||||
|
||||
krb5_free_ap_rep_enc_part (context, ap_rep);
|
||||
|
||||
priv_data.data = (u_char*)ap_rep_data.data + ap_rep_data.length;
|
||||
priv_data.length = len - ap_rep_data.length - 6;
|
||||
|
||||
ret = krb5_rd_priv (context,
|
||||
auth_context,
|
||||
&priv_data,
|
||||
|
@ -32,7 +32,7 @@
|
||||
*/
|
||||
|
||||
#include "krb5_locl.h"
|
||||
RCSID("$Id: config_file.c,v 1.45 2002/08/14 17:35:03 joda Exp $");
|
||||
RCSID("$Id: config_file.c,v 1.46 2002/09/10 19:04:55 joda Exp $");
|
||||
|
||||
#ifndef HAVE_NETINFO
|
||||
|
||||
@ -341,7 +341,7 @@ vget_next(krb5_context context,
|
||||
{
|
||||
const char *p = va_arg(args, const char *);
|
||||
while(b != NULL) {
|
||||
if(strcmp(b->name, name) == NULL) {
|
||||
if(strcmp(b->name, name) == 0) {
|
||||
if(b->type == type && p == NULL) {
|
||||
*pointer = b;
|
||||
return b->u.generic;
|
||||
|
@ -34,7 +34,7 @@
|
||||
#include "krb5_locl.h"
|
||||
#include <com_err.h>
|
||||
|
||||
RCSID("$Id: context.c,v 1.80 2002/08/28 15:27:24 joda Exp $");
|
||||
RCSID("$Id: context.c,v 1.81 2002/09/02 17:03:12 joda Exp $");
|
||||
|
||||
#define INIT_FIELD(C, T, E, D, F) \
|
||||
(C)->E = krb5_config_get_ ## T ## _default ((C), NULL, (D), \
|
||||
@ -173,14 +173,9 @@ init_context_from_config_file(krb5_context context)
|
||||
|
||||
INIT_FIELD(context, bool, scan_interfaces, TRUE, "scan_interfaces");
|
||||
INIT_FIELD(context, int, fcache_vno, 0, "fcache_version");
|
||||
INIT_FIELD(context, bool, srv_lookup, TRUE, "dns_lookup_kdc");
|
||||
/* srv_lookup backwards compatibility. */
|
||||
{
|
||||
const char **p;
|
||||
p = krb5_config_get_strings(context, NULL, "libdefaults", "srv_lookup", NULL);
|
||||
if (p != NULL)
|
||||
INIT_FIELD(context, bool, srv_lookup, TRUE, "srv_lookup");
|
||||
}
|
||||
/* prefer dns_lookup_kdc over srv_lookup. */
|
||||
INIT_FIELD(context, bool, srv_lookup, TRUE, "srv_lookup");
|
||||
INIT_FIELD(context, bool, srv_lookup, context->srv_lookup, "dns_lookup_kdc");
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -32,7 +32,7 @@
|
||||
*/
|
||||
|
||||
#include "krb5_locl.h"
|
||||
RCSID("$Id: crypto.c,v 1.64 2002/04/29 16:31:54 joda Exp $");
|
||||
RCSID("$Id: crypto.c,v 1.66 2002/09/03 19:58:15 joda Exp $");
|
||||
|
||||
#undef CRYPTO_DEBUG
|
||||
#ifdef CRYPTO_DEBUG
|
||||
@ -1676,26 +1676,14 @@ DES3_CBC_encrypt(krb5_context context,
|
||||
size_t len,
|
||||
krb5_boolean encrypt,
|
||||
int usage,
|
||||
void *ignore_ivec)
|
||||
void *ivec)
|
||||
{
|
||||
des_cblock ivec;
|
||||
des_cblock local_ivec;
|
||||
des_key_schedule *s = key->schedule->data;
|
||||
memset(&ivec, 0, sizeof(ivec));
|
||||
des_ede3_cbc_encrypt(data, data, len, s[0], s[1], s[2], &ivec, encrypt);
|
||||
return 0;
|
||||
}
|
||||
|
||||
static krb5_error_code
|
||||
DES3_CBC_encrypt_ivec(krb5_context context,
|
||||
struct key_data *key,
|
||||
void *data,
|
||||
size_t len,
|
||||
krb5_boolean encrypt,
|
||||
int usage,
|
||||
void *ivec)
|
||||
{
|
||||
des_key_schedule *s = key->schedule->data;
|
||||
|
||||
if(ivec == NULL) {
|
||||
ivec = &local_ivec;
|
||||
memset(local_ivec, 0, sizeof(local_ivec));
|
||||
}
|
||||
des_ede3_cbc_encrypt(data, data, len, s[0], s[1], s[2], ivec, encrypt);
|
||||
return 0;
|
||||
}
|
||||
@ -2070,17 +2058,6 @@ static struct encryption_type enctype_des3_cbc_none = {
|
||||
F_PSEUDO,
|
||||
DES3_CBC_encrypt,
|
||||
};
|
||||
static struct encryption_type enctype_des3_cbc_none_ivec = {
|
||||
ETYPE_DES3_CBC_NONE_IVEC,
|
||||
"des3-cbc-none-ivec",
|
||||
8,
|
||||
0,
|
||||
&keytype_des3_derived,
|
||||
&checksum_none,
|
||||
NULL,
|
||||
F_PSEUDO,
|
||||
DES3_CBC_encrypt_ivec,
|
||||
};
|
||||
|
||||
static struct encryption_type *etypes[] = {
|
||||
&enctype_null,
|
||||
@ -2094,8 +2071,7 @@ static struct encryption_type *etypes[] = {
|
||||
&enctype_des_cbc_none,
|
||||
&enctype_des_cfb64_none,
|
||||
&enctype_des_pcbc_none,
|
||||
&enctype_des3_cbc_none,
|
||||
&enctype_des3_cbc_none_ivec
|
||||
&enctype_des3_cbc_none
|
||||
};
|
||||
|
||||
static unsigned num_etypes = sizeof(etypes) / sizeof(etypes[0]);
|
||||
@ -3056,6 +3032,15 @@ krb5_crypto_destroy(krb5_context context,
|
||||
return 0;
|
||||
}
|
||||
|
||||
krb5_error_code
|
||||
krb5_crypto_getblocksize(krb5_context context,
|
||||
krb5_crypto crypto,
|
||||
size_t *blocksize)
|
||||
{
|
||||
*blocksize = crypto->et->blocksize;
|
||||
return 0;
|
||||
}
|
||||
|
||||
krb5_error_code
|
||||
krb5_string_to_key_derived(krb5_context context,
|
||||
const void *str,
|
||||
|
@ -33,7 +33,7 @@
|
||||
|
||||
#include <krb5_locl.h>
|
||||
|
||||
RCSID("$Id: get_cred.c,v 1.88 2002/03/10 23:11:29 assar Exp $");
|
||||
RCSID("$Id: get_cred.c,v 1.91 2002/09/04 21:12:46 joda Exp $");
|
||||
|
||||
/*
|
||||
* Take the `body' and encode it into `padata' using the credentials
|
||||
@ -54,36 +54,14 @@ make_pa_tgs_req(krb5_context context,
|
||||
krb5_data in_data;
|
||||
krb5_error_code ret;
|
||||
|
||||
buf_size = 1024;
|
||||
buf = malloc (buf_size);
|
||||
if (buf == NULL) {
|
||||
krb5_set_error_string(context, "malloc: out of memory");
|
||||
return ENOMEM;
|
||||
}
|
||||
|
||||
do {
|
||||
ret = encode_KDC_REQ_BODY(buf + buf_size - 1, buf_size,
|
||||
body, &len);
|
||||
if (ret){
|
||||
if (ret == ASN1_OVERFLOW) {
|
||||
u_char *tmp;
|
||||
|
||||
buf_size *= 2;
|
||||
tmp = realloc (buf, buf_size);
|
||||
if (tmp == NULL) {
|
||||
krb5_set_error_string(context, "malloc: out of memory");
|
||||
ret = ENOMEM;
|
||||
goto out;
|
||||
}
|
||||
buf = tmp;
|
||||
} else {
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
} while (ret == ASN1_OVERFLOW);
|
||||
ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, buf_size, body, &len, ret);
|
||||
if (ret)
|
||||
goto out;
|
||||
if(buf_size != len)
|
||||
krb5_abortx(context, "internal error in ASN.1 encoder");
|
||||
|
||||
in_data.length = len;
|
||||
in_data.data = buf + buf_size - len;
|
||||
in_data.data = buf;
|
||||
ret = krb5_mk_req_internal(context, &ac, 0, &in_data, creds,
|
||||
&padata->padata_value,
|
||||
KRB5_KU_TGS_REQ_AUTH_CKSUM,
|
||||
@ -113,18 +91,9 @@ set_auth_data (krb5_context context,
|
||||
krb5_crypto crypto;
|
||||
krb5_error_code ret;
|
||||
|
||||
len = length_AuthorizationData(authdata);
|
||||
buf = malloc(len);
|
||||
if (buf == NULL) {
|
||||
krb5_set_error_string(context, "malloc: out of memory");
|
||||
return ENOMEM;
|
||||
}
|
||||
ret = encode_AuthorizationData(buf + len - 1,
|
||||
len, authdata, &len);
|
||||
if (ret) {
|
||||
free (buf);
|
||||
ASN1_MALLOC_ENCODE(AuthorizationData, buf, len, authdata, &len, ret);
|
||||
if (ret)
|
||||
return ret;
|
||||
}
|
||||
|
||||
ALLOC(req_body->enc_authorization_data, 1);
|
||||
if (req_body->enc_authorization_data == NULL) {
|
||||
@ -173,16 +142,19 @@ init_tgs_req (krb5_context context,
|
||||
TGS_REQ *t,
|
||||
krb5_key_usage usage)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
krb5_error_code ret = 0;
|
||||
|
||||
memset(t, 0, sizeof(*t));
|
||||
t->pvno = 5;
|
||||
t->msg_type = krb_tgs_req;
|
||||
if (in_creds->session.keytype) {
|
||||
ret = krb5_keytype_to_enctypes_default (context,
|
||||
in_creds->session.keytype,
|
||||
&t->req_body.etype.len,
|
||||
&t->req_body.etype.val);
|
||||
ALLOC_SEQ(&t->req_body.etype, 1);
|
||||
if(t->req_body.etype.val == NULL) {
|
||||
ret = ENOMEM;
|
||||
krb5_set_error_string(context, "malloc: out of memory");
|
||||
goto fail;
|
||||
}
|
||||
t->req_body.etype.val[0] = in_creds->session.keytype;
|
||||
} else {
|
||||
ret = krb5_init_etype(context,
|
||||
&t->req_body.etype.len,
|
||||
@ -431,34 +403,11 @@ get_cred_kdc_usage(krb5_context context,
|
||||
if (ret)
|
||||
goto out;
|
||||
|
||||
buf_size = 1024;
|
||||
buf = malloc (buf_size);
|
||||
if (buf == NULL) {
|
||||
krb5_set_error_string(context, "malloc: out of memory");
|
||||
ret = ENOMEM;
|
||||
ASN1_MALLOC_ENCODE(TGS_REQ, buf, buf_size, &req, &enc.length, ret);
|
||||
if (ret)
|
||||
goto out;
|
||||
}
|
||||
|
||||
do {
|
||||
ret = encode_TGS_REQ (buf + buf_size - 1, buf_size,
|
||||
&req, &enc.length);
|
||||
if (ret) {
|
||||
if (ret == ASN1_OVERFLOW) {
|
||||
u_char *tmp;
|
||||
|
||||
buf_size *= 2;
|
||||
tmp = realloc (buf, buf_size);
|
||||
if (tmp == NULL) {
|
||||
krb5_set_error_string(context, "malloc: out of memory");
|
||||
ret = ENOMEM;
|
||||
goto out;
|
||||
}
|
||||
buf = tmp;
|
||||
} else {
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
} while (ret == ASN1_OVERFLOW);
|
||||
if(enc.length != buf_size)
|
||||
krb5_abortx(context, "internal error in ASN.1 encoder");
|
||||
|
||||
/* don't free addresses */
|
||||
req.req_body.addresses = NULL;
|
||||
|
@ -33,7 +33,7 @@
|
||||
|
||||
#include <krb5_locl.h>
|
||||
|
||||
RCSID("$Id: get_for_creds.c,v 1.32 2002/03/10 23:12:23 assar Exp $");
|
||||
RCSID("$Id: get_for_creds.c,v 1.34 2002/09/04 16:26:04 joda Exp $");
|
||||
|
||||
static krb5_error_code
|
||||
add_addrs(krb5_context context,
|
||||
@ -162,12 +162,14 @@ krb5_get_forwarded_creds (krb5_context context,
|
||||
KrbCredInfo *krb_cred_info;
|
||||
EncKrbCredPart enc_krb_cred_part;
|
||||
size_t len;
|
||||
u_char buf[1024];
|
||||
unsigned char *buf;
|
||||
size_t buf_size;
|
||||
int32_t sec, usec;
|
||||
krb5_kdc_flags kdc_flags;
|
||||
krb5_crypto crypto;
|
||||
struct addrinfo *ai;
|
||||
int save_errno;
|
||||
krb5_keyblock *key;
|
||||
|
||||
addrs.len = 0;
|
||||
addrs.val = NULL;
|
||||
@ -319,45 +321,51 @@ krb5_get_forwarded_creds (krb5_context context,
|
||||
|
||||
/* encode EncKrbCredPart */
|
||||
|
||||
ret = krb5_encode_EncKrbCredPart (context,
|
||||
buf + sizeof(buf) - 1, sizeof(buf),
|
||||
&enc_krb_cred_part, &len);
|
||||
ASN1_MALLOC_ENCODE(EncKrbCredPart, buf, buf_size,
|
||||
&enc_krb_cred_part, &len, ret);
|
||||
free_EncKrbCredPart (&enc_krb_cred_part);
|
||||
if (ret) {
|
||||
free_KRB_CRED(&cred);
|
||||
return ret;
|
||||
}
|
||||
}
|
||||
if(buf_size != len)
|
||||
krb5_abortx(context, "internal error in ASN.1 encoder");
|
||||
|
||||
ret = krb5_crypto_init(context, auth_context->local_subkey, 0, &crypto);
|
||||
if (auth_context->local_subkey)
|
||||
key = auth_context->local_subkey;
|
||||
else if (auth_context->remote_subkey)
|
||||
key = auth_context->remote_subkey;
|
||||
else
|
||||
key = auth_context->keyblock;
|
||||
|
||||
ret = krb5_crypto_init(context, key, 0, &crypto);
|
||||
if (ret) {
|
||||
free(buf);
|
||||
free_KRB_CRED(&cred);
|
||||
return ret;
|
||||
}
|
||||
ret = krb5_encrypt_EncryptedData (context,
|
||||
crypto,
|
||||
KRB5_KU_KRB_CRED,
|
||||
buf + sizeof(buf) - len,
|
||||
buf,
|
||||
len,
|
||||
0,
|
||||
&cred.enc_part);
|
||||
free(buf);
|
||||
krb5_crypto_destroy(context, crypto);
|
||||
if (ret) {
|
||||
free_KRB_CRED(&cred);
|
||||
return ret;
|
||||
}
|
||||
|
||||
ret = encode_KRB_CRED (buf + sizeof(buf) - 1, sizeof(buf),
|
||||
&cred, &len);
|
||||
ASN1_MALLOC_ENCODE(KRB_CRED, buf, buf_size, &cred, &len, ret);
|
||||
free_KRB_CRED (&cred);
|
||||
if (ret)
|
||||
return ret;
|
||||
if(buf_size != len)
|
||||
krb5_abortx(context, "internal error in ASN.1 encoder");
|
||||
out_data->length = len;
|
||||
out_data->data = malloc(len);
|
||||
if (out_data->data == NULL) {
|
||||
krb5_set_error_string(context, "malloc: out of memory");
|
||||
return ENOMEM;
|
||||
}
|
||||
memcpy (out_data->data, buf + sizeof(buf) - len, len);
|
||||
out_data->data = buf;
|
||||
return 0;
|
||||
out4:
|
||||
free_EncKrbCredPart(&enc_krb_cred_part);
|
||||
|
@ -33,7 +33,7 @@
|
||||
|
||||
#include "krb5_locl.h"
|
||||
|
||||
RCSID("$Id: get_in_tkt.c,v 1.104 2002/04/18 09:11:39 joda Exp $");
|
||||
RCSID("$Id: get_in_tkt.c,v 1.106 2002/09/04 16:26:04 joda Exp $");
|
||||
|
||||
krb5_error_code
|
||||
krb5_init_etype (krb5_context context,
|
||||
@ -158,22 +158,12 @@ _krb5_extract_ticket(krb5_context context,
|
||||
creds->client = tmp_principal;
|
||||
|
||||
/* extract ticket */
|
||||
{
|
||||
unsigned char *buf;
|
||||
size_t len;
|
||||
len = length_Ticket(&rep->kdc_rep.ticket);
|
||||
buf = malloc(len);
|
||||
if(buf == NULL) {
|
||||
krb5_set_error_string(context, "malloc: out of memory");
|
||||
ret = ENOMEM;
|
||||
goto out;
|
||||
}
|
||||
encode_Ticket(buf + len - 1, len, &rep->kdc_rep.ticket, &len);
|
||||
creds->ticket.data = buf;
|
||||
creds->ticket.length = len;
|
||||
creds->second_ticket.length = 0;
|
||||
creds->second_ticket.data = NULL;
|
||||
}
|
||||
ASN1_MALLOC_ENCODE(Ticket, creds->ticket.data, creds->ticket.length,
|
||||
&rep->kdc_rep.ticket, &creds->ticket.length, ret);
|
||||
if(ret)
|
||||
goto out;
|
||||
creds->second_ticket.length = 0;
|
||||
creds->second_ticket.data = NULL;
|
||||
|
||||
/* compare server */
|
||||
|
||||
@ -223,7 +213,8 @@ _krb5_extract_ticket(krb5_context context,
|
||||
/* set kdc-offset */
|
||||
|
||||
krb5_timeofday (context, &sec_now);
|
||||
if (context->kdc_sec_offset == 0
|
||||
if (rep->enc_part.flags.initial
|
||||
&& context->kdc_sec_offset == 0
|
||||
&& krb5_config_get_bool (context, NULL,
|
||||
"libdefaults",
|
||||
"kdc_timesync",
|
||||
@ -314,7 +305,8 @@ make_pa_enc_timestamp(krb5_context context, PA_DATA *pa,
|
||||
krb5_enctype etype, krb5_keyblock *key)
|
||||
{
|
||||
PA_ENC_TS_ENC p;
|
||||
u_char buf[1024];
|
||||
unsigned char *buf;
|
||||
size_t buf_size;
|
||||
size_t len;
|
||||
EncryptedData encdata;
|
||||
krb5_error_code ret;
|
||||
@ -327,39 +319,37 @@ make_pa_enc_timestamp(krb5_context context, PA_DATA *pa,
|
||||
usec2 = usec;
|
||||
p.pausec = &usec2;
|
||||
|
||||
ret = encode_PA_ENC_TS_ENC(buf + sizeof(buf) - 1,
|
||||
sizeof(buf),
|
||||
&p,
|
||||
&len);
|
||||
ASN1_MALLOC_ENCODE(PA_ENC_TS_ENC, buf, buf_size, &p, &len, ret);
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
if(buf_size != len)
|
||||
krb5_abortx(context, "internal error in ASN.1 encoder");
|
||||
ret = krb5_crypto_init(context, key, 0, &crypto);
|
||||
if (ret)
|
||||
if (ret) {
|
||||
free(buf);
|
||||
return ret;
|
||||
}
|
||||
ret = krb5_encrypt_EncryptedData(context,
|
||||
crypto,
|
||||
KRB5_KU_PA_ENC_TIMESTAMP,
|
||||
buf + sizeof(buf) - len,
|
||||
buf,
|
||||
len,
|
||||
0,
|
||||
&encdata);
|
||||
free(buf);
|
||||
krb5_crypto_destroy(context, crypto);
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
ret = encode_EncryptedData(buf + sizeof(buf) - 1,
|
||||
sizeof(buf),
|
||||
&encdata,
|
||||
&len);
|
||||
ASN1_MALLOC_ENCODE(EncryptedData, buf, buf_size, &encdata, &len, ret);
|
||||
free_EncryptedData(&encdata);
|
||||
if (ret)
|
||||
return ret;
|
||||
if(buf_size != len)
|
||||
krb5_abortx(context, "internal error in ASN.1 encoder");
|
||||
pa->padata_type = KRB5_PADATA_ENC_TIMESTAMP;
|
||||
pa->padata_value.length = 0;
|
||||
krb5_data_copy(&pa->padata_value,
|
||||
buf + sizeof(buf) - len,
|
||||
len);
|
||||
pa->padata_value.length = len;
|
||||
pa->padata_value.data = buf;
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -656,7 +646,7 @@ krb5_get_in_cred(krb5_context context,
|
||||
AS_REQ a;
|
||||
krb5_kdc_rep rep;
|
||||
krb5_data req, resp;
|
||||
char buf[BUFSIZ];
|
||||
size_t len;
|
||||
krb5_salt salt;
|
||||
krb5_keyblock *key;
|
||||
size_t size;
|
||||
@ -692,17 +682,15 @@ krb5_get_in_cred(krb5_context context,
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
ret = encode_AS_REQ ((unsigned char*)buf + sizeof(buf) - 1,
|
||||
sizeof(buf),
|
||||
&a,
|
||||
&req.length);
|
||||
ASN1_MALLOC_ENCODE(AS_REQ, req.data, req.length, &a, &len, ret);
|
||||
free_AS_REQ(&a);
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
req.data = buf + sizeof(buf) - req.length;
|
||||
if(len != req.length)
|
||||
krb5_abortx(context, "internal error in ASN.1 encoder");
|
||||
|
||||
ret = krb5_sendto_kdc (context, &req, &creds->client->realm, &resp);
|
||||
krb5_data_free(&req);
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
|
@ -33,7 +33,7 @@
|
||||
|
||||
#include "krb5_locl.h"
|
||||
|
||||
RCSID("$Id: keytab_keyfile.c,v 1.13 2002/04/18 14:04:21 joda Exp $");
|
||||
RCSID("$Id: keytab_keyfile.c,v 1.14 2002/09/09 14:22:26 nectar Exp $");
|
||||
|
||||
/* afs keyfile operations --------------------------------------- */
|
||||
|
||||
@ -297,7 +297,7 @@ akf_add_entry(krb5_context context,
|
||||
fd = open (d->filename, O_RDWR | O_BINARY);
|
||||
if (fd < 0) {
|
||||
fd = open (d->filename,
|
||||
O_RDWR | O_BINARY | O_CREAT, 0600);
|
||||
O_RDWR | O_BINARY | O_CREAT | O_EXCL, 0600);
|
||||
if (fd < 0) {
|
||||
ret = errno;
|
||||
krb5_set_error_string(context, "open(%s): %s", d->filename,
|
||||
|
@ -193,6 +193,12 @@ krb5_auth_con_genaddrs (
|
||||
int /*fd*/,
|
||||
int /*flags*/);
|
||||
|
||||
krb5_error_code
|
||||
krb5_auth_con_generatelocalsubkey (
|
||||
krb5_context /*context*/,
|
||||
krb5_auth_context /*auth_context*/,
|
||||
krb5_keyblock */*key*/);
|
||||
|
||||
krb5_error_code
|
||||
krb5_auth_con_getaddrs (
|
||||
krb5_context /*context*/,
|
||||
@ -805,6 +811,12 @@ krb5_crypto_destroy (
|
||||
krb5_context /*context*/,
|
||||
krb5_crypto /*crypto*/);
|
||||
|
||||
krb5_error_code
|
||||
krb5_crypto_getblocksize (
|
||||
krb5_context /*context*/,
|
||||
krb5_crypto /*crypto*/,
|
||||
size_t */*blocksize*/);
|
||||
|
||||
krb5_error_code
|
||||
krb5_crypto_init (
|
||||
krb5_context /*context*/,
|
||||
|
@ -31,7 +31,7 @@
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/* $Id: krb5.h,v 1.203 2002/08/22 10:06:20 joda Exp $ */
|
||||
/* $Id: krb5.h,v 1.205 2002/09/03 17:31:47 joda Exp $ */
|
||||
|
||||
#ifndef __KRB5_H__
|
||||
#define __KRB5_H__
|
||||
@ -99,7 +99,6 @@ enum {
|
||||
ENCTYPE_DES3_CBC_NONE = ETYPE_DES3_CBC_NONE,
|
||||
ENCTYPE_DES_CFB64_NONE = ETYPE_DES_CFB64_NONE,
|
||||
ENCTYPE_DES_PCBC_NONE = ETYPE_DES_PCBC_NONE,
|
||||
ENCTYPE_DES3_CBC_NONE_IVEC = ETYPE_DES3_CBC_NONE_IVEC
|
||||
};
|
||||
|
||||
typedef PADATA_TYPE krb5_preauthtype;
|
||||
@ -208,7 +207,8 @@ typedef enum krb5_address_type {
|
||||
|
||||
enum {
|
||||
AP_OPTS_USE_SESSION_KEY = 1,
|
||||
AP_OPTS_MUTUAL_REQUIRED = 2
|
||||
AP_OPTS_MUTUAL_REQUIRED = 2,
|
||||
AP_OPTS_USE_SUBKEY = 4 /* library internal */
|
||||
};
|
||||
|
||||
typedef HostAddress krb5_address;
|
||||
|
@ -1,5 +1,5 @@
|
||||
.\" Copyright (c) 2000 Kungliga Tekniska Högskolan
|
||||
.\" $Id: krb5_appdefault.3,v 1.7 2002/08/28 15:30:46 joda Exp $
|
||||
.\" $Id: krb5_appdefault.3,v 1.8 2002/09/13 14:49:31 joda Exp $
|
||||
.Dd July 25, 2000
|
||||
.Dt KRB5_APPDEFAULT 3
|
||||
.Os HEIMDAL
|
||||
@ -19,7 +19,7 @@ Kerberos 5 Library (libkrb5, -lkrb5)
|
||||
.Ft void
|
||||
.Fn krb5_appdefault_time "krb5_context context" "const char *appname" "krb5_realm realm" "const char *option" "time_t def_val" "time_t *ret_val"
|
||||
.Sh DESCRIPTION
|
||||
These functions get application application defaults from the
|
||||
These functions get application defaults from the
|
||||
.Dv appdefaults
|
||||
section of the
|
||||
.Xr krb5.conf 5
|
||||
|
@ -1,5 +1,5 @@
|
||||
.\" Copyright (c) 2001 Kungliga Tekniska Högskolan
|
||||
.\" $Id: krb5_auth_context.3,v 1.4 2002/08/28 14:46:20 joda Exp $
|
||||
.\" $Id: krb5_auth_context.3,v 1.5 2002/09/02 12:42:00 joda Exp $
|
||||
.Dd January 21, 2001
|
||||
.Dt KRB5_AUTH_CONTEXT 3
|
||||
.Os HEIMDAL
|
||||
@ -34,7 +34,7 @@
|
||||
.Nm krb5_auth_con_setrcache ,
|
||||
.Nm krb5_auth_con_initivector ,
|
||||
.Nm krb5_auth_con_setivector
|
||||
.Nd manage authetication on connection level
|
||||
.Nd manage authentication on connection level
|
||||
.Sh LIBRARY
|
||||
Kerberos 5 Library (libkrb5, -lkrb5)
|
||||
.Sh SYNOPSIS
|
||||
|
@ -1,5 +1,5 @@
|
||||
.\" Copyright (c) 2001 Kungliga Tekniska Högskolan
|
||||
.\" $Id: krb5_context.3,v 1.3 2002/08/28 15:30:48 joda Exp $
|
||||
.\" $Id: krb5_context.3,v 1.4 2002/09/02 12:42:00 joda Exp $
|
||||
.Dd January 21, 2001
|
||||
.Dt KRB5_CONTEXT 3
|
||||
.Os HEIMDAL
|
||||
@ -10,8 +10,8 @@
|
||||
The
|
||||
.Nm
|
||||
structure is designed to hold all per thread state. All global
|
||||
variables that are context specific are stored in this struture,
|
||||
including default encryption types, credential-cache (ticket file), and
|
||||
variables that are context specific are stored in this structure,
|
||||
including default encryption types, credentials-cache (ticket file), and
|
||||
default realms.
|
||||
.Pp
|
||||
The internals of the structure should never be accessed directly,
|
||||
|
@ -1,5 +1,5 @@
|
||||
.\" Copyright (c) 2001 Kungliga Tekniska Högskolan
|
||||
.\" $Id: krb5_init_context.3,v 1.5 2002/08/28 15:30:53 joda Exp $
|
||||
.\" $Id: krb5_init_context.3,v 1.6 2002/09/02 12:42:00 joda Exp $
|
||||
.Dd January 21, 2001
|
||||
.Dt KRB5_CONTEXT 3
|
||||
.Os HEIMDAL
|
||||
@ -20,7 +20,7 @@ The
|
||||
.Fn krb5_init_context
|
||||
function initializes the
|
||||
.Fa context
|
||||
structure and reads the configration file
|
||||
structure and reads the configuration file
|
||||
.Pa /etc/krb5.conf .
|
||||
.Pp
|
||||
The structure should be freed by calling
|
||||
|
@ -31,7 +31,7 @@
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/* $Id: krb5_locl.h,v 1.69 2002/08/12 15:09:19 joda Exp $ */
|
||||
/* $Id: krb5_locl.h,v 1.71 2002/09/10 20:10:45 joda Exp $ */
|
||||
|
||||
#ifndef __KRB5_LOCL_H__
|
||||
#define __KRB5_LOCL_H__
|
||||
@ -45,6 +45,7 @@
|
||||
#include <string.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <limits.h>
|
||||
|
||||
#ifdef HAVE_SYS_TYPES_H
|
||||
#include <sys/types.h>
|
||||
@ -112,19 +113,7 @@ struct sockaddr_dl;
|
||||
#include <parse_time.h>
|
||||
#include <base64.h>
|
||||
|
||||
#ifdef HAVE_OPENSSL
|
||||
#include <openssl/des.h>
|
||||
#include <openssl/md4.h>
|
||||
#include <openssl/md5.h>
|
||||
#include <openssl/sha.h>
|
||||
#include <openssl/rc4.h>
|
||||
#else
|
||||
#include <des.h>
|
||||
#include <md4.h>
|
||||
#include <md5.h>
|
||||
#include <sha.h>
|
||||
#include <rc4.h>
|
||||
#endif
|
||||
#include "crypto-headers.h"
|
||||
|
||||
#include <krb5_asn1.h>
|
||||
#include <der.h>
|
||||
|
@ -1,5 +1,5 @@
|
||||
.\" Copyright (c) 1997 Kungliga Tekniska Högskolan
|
||||
.\" $Id: krb5_parse_name.3,v 1.5 2002/08/28 15:30:55 joda Exp $
|
||||
.\" $Id: krb5_parse_name.3,v 1.6 2002/09/02 12:42:00 joda Exp $
|
||||
.Dd August 8, 1997
|
||||
.Dt KRB5_PARSE_NAME 3
|
||||
.Os HEIMDAL
|
||||
@ -14,7 +14,7 @@ Kerberos 5 Library (libkrb5, -lkrb5)
|
||||
.Fn krb5_parse_name "krb5_context context" "const char *name" "krb5_principal *principal"
|
||||
.Sh DESCRIPTION
|
||||
.Fn krb5_parse_name
|
||||
converts a string representation of a princpal name to
|
||||
converts a string representation of a principal name to
|
||||
.Nm krb5_principal .
|
||||
The
|
||||
.Fa principal
|
||||
|
@ -1,5 +1,5 @@
|
||||
.\" Copyright (c) 1997 Kungliga Tekniska Högskolan
|
||||
.\" $Id: krb5_unparse_name.3,v 1.5 2002/08/28 15:30:57 joda Exp $
|
||||
.\" $Id: krb5_unparse_name.3,v 1.6 2002/09/02 12:42:00 joda Exp $
|
||||
.Dd August 8, 1997
|
||||
.Dt KRB5_UNPARSE_NAME 3
|
||||
.Os HEIMDAL
|
||||
@ -18,7 +18,8 @@ Kerberos 5 Library (libkrb5, -lkrb5)
|
||||
.Sh DESCRIPTION
|
||||
This function takes a
|
||||
.Fa principal ,
|
||||
and will convert in to a printable representation with the same syntax as decribed in
|
||||
and will convert in to a printable representation with the same syntax
|
||||
as described in
|
||||
.Xr krb5_parse_name 3 .
|
||||
.Fa *name
|
||||
will point to allocated data and should be freed by the caller.
|
||||
|
@ -33,7 +33,7 @@
|
||||
|
||||
#include "krb5_locl.h"
|
||||
|
||||
RCSID("$Id: kuserok.c,v 1.5 1999/12/02 17:05:11 joda Exp $");
|
||||
RCSID("$Id: kuserok.c,v 1.6 2002/09/16 17:32:11 nectar Exp $");
|
||||
|
||||
/*
|
||||
* Return TRUE iff `principal' is allowed to login as `luser'.
|
||||
@ -88,9 +88,7 @@ krb5_kuserok (krb5_context context,
|
||||
while (fgets (buf, sizeof(buf), f) != NULL) {
|
||||
krb5_principal tmp;
|
||||
|
||||
if(buf[strlen(buf) - 1] == '\n')
|
||||
buf[strlen(buf) - 1] = '\0';
|
||||
|
||||
buf[strcspn(buf, "\n")] = '\0';
|
||||
ret = krb5_parse_name (context, buf, &tmp);
|
||||
if (ret) {
|
||||
fclose (f);
|
||||
|
@ -33,7 +33,7 @@
|
||||
|
||||
#include "krb5_locl.h"
|
||||
|
||||
RCSID("$Id: log.c,v 1.30 2002/08/20 09:49:09 joda Exp $");
|
||||
RCSID("$Id: log.c,v 1.31 2002/09/05 14:59:14 joda Exp $");
|
||||
|
||||
struct facility {
|
||||
int min;
|
||||
@ -382,24 +382,33 @@ krb5_vlog_msg(krb5_context context,
|
||||
va_list ap)
|
||||
__attribute__((format (printf, 5, 0)))
|
||||
{
|
||||
char *msg;
|
||||
const char *actual;
|
||||
|
||||
char *msg = NULL;
|
||||
const char *actual = NULL;
|
||||
char buf[64];
|
||||
time_t t;
|
||||
time_t t = 0;
|
||||
int i;
|
||||
|
||||
vasprintf(&msg, fmt, ap);
|
||||
if (msg != NULL)
|
||||
actual = msg;
|
||||
else
|
||||
actual = fmt;
|
||||
t = time(NULL);
|
||||
krb5_format_time(context, t, buf, sizeof(buf), TRUE);
|
||||
for(i = 0; i < fac->len; i++)
|
||||
for(i = 0; fac && i < fac->len; i++)
|
||||
if(fac->val[i].min <= level &&
|
||||
(fac->val[i].max < 0 || fac->val[i].max >= level))
|
||||
(fac->val[i].max < 0 || fac->val[i].max >= level)) {
|
||||
if(t == 0) {
|
||||
t = time(NULL);
|
||||
krb5_format_time(context, t, buf, sizeof(buf), TRUE);
|
||||
}
|
||||
if(actual == NULL) {
|
||||
vasprintf(&msg, fmt, ap);
|
||||
if(msg == NULL)
|
||||
actual = fmt;
|
||||
else
|
||||
actual = msg;
|
||||
}
|
||||
(*fac->val[i].log)(buf, actual, fac->val[i].data);
|
||||
*reply = msg;
|
||||
}
|
||||
if(reply == NULL)
|
||||
free(msg);
|
||||
else
|
||||
*reply = msg;
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -411,12 +420,7 @@ krb5_vlog(krb5_context context,
|
||||
va_list ap)
|
||||
__attribute__((format (printf, 4, 0)))
|
||||
{
|
||||
char *msg;
|
||||
krb5_error_code ret;
|
||||
|
||||
ret = krb5_vlog_msg(context, fac, &msg, level, fmt, ap);
|
||||
free(msg);
|
||||
return ret;
|
||||
return krb5_vlog_msg(context, fac, NULL, level, fmt, ap);
|
||||
}
|
||||
|
||||
krb5_error_code
|
||||
|
@ -33,7 +33,7 @@
|
||||
|
||||
#include "krb5_locl.h"
|
||||
|
||||
RCSID("$Id: mk_error.c,v 1.17 2002/03/27 09:29:43 joda Exp $");
|
||||
RCSID("$Id: mk_error.c,v 1.18 2002/09/04 16:26:04 joda Exp $");
|
||||
|
||||
krb5_error_code
|
||||
krb5_mk_error(krb5_context context,
|
||||
@ -47,8 +47,6 @@ krb5_mk_error(krb5_context context,
|
||||
krb5_data *reply)
|
||||
{
|
||||
KRB_ERROR msg;
|
||||
u_char *buf;
|
||||
size_t buf_size;
|
||||
int32_t sec, usec;
|
||||
size_t len;
|
||||
krb5_error_code ret = 0;
|
||||
@ -84,45 +82,10 @@ krb5_mk_error(krb5_context context,
|
||||
msg.cname = &client->name;
|
||||
}
|
||||
|
||||
buf_size = 1024;
|
||||
buf = malloc (buf_size);
|
||||
if (buf == NULL) {
|
||||
krb5_set_error_string (context, "malloc: out of memory");
|
||||
return ENOMEM;
|
||||
}
|
||||
|
||||
do {
|
||||
ret = encode_KRB_ERROR(buf + buf_size - 1,
|
||||
buf_size,
|
||||
&msg,
|
||||
&len);
|
||||
if (ret) {
|
||||
if (ret == ASN1_OVERFLOW) {
|
||||
u_char *tmp;
|
||||
|
||||
buf_size *= 2;
|
||||
tmp = realloc (buf, buf_size);
|
||||
if (tmp == NULL) {
|
||||
krb5_set_error_string (context, "malloc: out of memory");
|
||||
ret = ENOMEM;
|
||||
goto out;
|
||||
}
|
||||
buf = tmp;
|
||||
} else {
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
} while (ret == ASN1_OVERFLOW);
|
||||
|
||||
reply->length = len;
|
||||
reply->data = malloc(len);
|
||||
if (reply->data == NULL) {
|
||||
krb5_set_error_string (context, "malloc: out of memory");
|
||||
ret = ENOMEM;
|
||||
goto out;
|
||||
}
|
||||
memcpy (reply->data, buf + buf_size - len, len);
|
||||
out:
|
||||
free (buf);
|
||||
return ret;
|
||||
ASN1_MALLOC_ENCODE(KRB_ERROR, reply->data, reply->length, &msg, &len, ret);
|
||||
if (ret)
|
||||
return ret;
|
||||
if(reply->length != len)
|
||||
krb5_abortx(context, "internal error in ASN.1 encoder");
|
||||
return 0;
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
|
||||
* Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -33,12 +33,9 @@
|
||||
|
||||
#include <krb5_locl.h>
|
||||
|
||||
RCSID("$Id: mk_priv.c,v 1.30 2001/06/18 02:44:54 assar Exp $");
|
||||
|
||||
/*
|
||||
*
|
||||
*/
|
||||
RCSID("$Id: mk_priv.c,v 1.31 2002/09/04 16:26:04 joda Exp $");
|
||||
|
||||
|
||||
krb5_error_code
|
||||
krb5_mk_priv(krb5_context context,
|
||||
krb5_auth_context auth_context,
|
||||
@ -83,35 +80,11 @@ krb5_mk_priv(krb5_context context,
|
||||
part.s_address = auth_context->local_address;
|
||||
part.r_address = auth_context->remote_address;
|
||||
|
||||
buf_size = 1024;
|
||||
buf = malloc (buf_size);
|
||||
if (buf == NULL) {
|
||||
krb5_set_error_string (context, "malloc: out of memory");
|
||||
return ENOMEM;
|
||||
}
|
||||
|
||||
krb5_data_zero (&s.enc_part.cipher);
|
||||
|
||||
do {
|
||||
ret = encode_EncKrbPrivPart (buf + buf_size - 1, buf_size,
|
||||
&part, &len);
|
||||
if (ret) {
|
||||
if (ret == ASN1_OVERFLOW) {
|
||||
u_char *tmp;
|
||||
|
||||
buf_size *= 2;
|
||||
tmp = realloc (buf, buf_size);
|
||||
if (tmp == NULL) {
|
||||
krb5_set_error_string (context, "malloc: out of memory");
|
||||
ret = ENOMEM;
|
||||
goto fail;
|
||||
}
|
||||
buf = tmp;
|
||||
} else {
|
||||
goto fail;
|
||||
}
|
||||
}
|
||||
} while(ret == ASN1_OVERFLOW);
|
||||
ASN1_MALLOC_ENCODE(EncKrbPrivPart, buf, buf_size, &part, &len, ret);
|
||||
if (ret)
|
||||
goto fail;
|
||||
|
||||
s.pvno = 5;
|
||||
s.msg_type = krb_priv;
|
||||
@ -134,37 +107,21 @@ krb5_mk_priv(krb5_context context,
|
||||
free(buf);
|
||||
return ret;
|
||||
}
|
||||
free(buf);
|
||||
|
||||
do {
|
||||
ret = encode_KRB_PRIV (buf + buf_size - 1, buf_size, &s, &len);
|
||||
|
||||
if (ret){
|
||||
if (ret == ASN1_OVERFLOW) {
|
||||
u_char *tmp;
|
||||
ASN1_MALLOC_ENCODE(KRB_PRIV, buf, buf_size, &s, &len, ret);
|
||||
|
||||
buf_size *= 2;
|
||||
tmp = realloc (buf, buf_size);
|
||||
if (tmp == NULL) {
|
||||
krb5_set_error_string (context, "malloc: out of memory");
|
||||
ret = ENOMEM;
|
||||
goto fail;
|
||||
}
|
||||
buf = tmp;
|
||||
} else {
|
||||
goto fail;
|
||||
}
|
||||
}
|
||||
} while(ret == ASN1_OVERFLOW);
|
||||
if(ret)
|
||||
goto fail;
|
||||
krb5_data_free (&s.enc_part.cipher);
|
||||
|
||||
outbuf->length = len;
|
||||
outbuf->data = malloc (len);
|
||||
if (outbuf->data == NULL) {
|
||||
ret = krb5_data_copy(outbuf, buf + buf_size - len, len);
|
||||
if (ret) {
|
||||
krb5_set_error_string (context, "malloc: out of memory");
|
||||
free(buf);
|
||||
return ENOMEM;
|
||||
}
|
||||
memcpy (outbuf->data, buf + buf_size - len, len);
|
||||
free (buf);
|
||||
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE)
|
||||
auth_context->local_seqnumber =
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
|
||||
* Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -33,7 +33,7 @@
|
||||
|
||||
#include <krb5_locl.h>
|
||||
|
||||
RCSID("$Id: mk_rep.c,v 1.19 2001/05/14 06:14:49 assar Exp $");
|
||||
RCSID("$Id: mk_rep.c,v 1.20 2002/09/04 16:26:05 joda Exp $");
|
||||
|
||||
krb5_error_code
|
||||
krb5_mk_rep(krb5_context context,
|
||||
@ -72,21 +72,10 @@ krb5_mk_rep(krb5_context context,
|
||||
ap.enc_part.etype = auth_context->keyblock->keytype;
|
||||
ap.enc_part.kvno = NULL;
|
||||
|
||||
buf_size = length_EncAPRepPart(&body);
|
||||
buf = malloc (buf_size);
|
||||
if (buf == NULL) {
|
||||
free_EncAPRepPart (&body);
|
||||
krb5_set_error_string (context, "malloc: out of memory");
|
||||
return ENOMEM;
|
||||
}
|
||||
|
||||
ret = krb5_encode_EncAPRepPart (context,
|
||||
buf + buf_size - 1,
|
||||
buf_size,
|
||||
&body,
|
||||
&len);
|
||||
|
||||
ASN1_MALLOC_ENCODE(EncAPRepPart, buf, buf_size, &body, &len, ret);
|
||||
free_EncAPRepPart (&body);
|
||||
if(ret)
|
||||
return ret;
|
||||
ret = krb5_crypto_init(context, auth_context->keyblock,
|
||||
0 /* ap.enc_part.etype */, &crypto);
|
||||
if (ret) {
|
||||
@ -105,20 +94,7 @@ krb5_mk_rep(krb5_context context,
|
||||
return ret;
|
||||
}
|
||||
|
||||
buf_size = length_AP_REP(&ap);
|
||||
buf = realloc(buf, buf_size);
|
||||
if(buf == NULL) {
|
||||
free_AP_REP (&ap);
|
||||
krb5_set_error_string (context, "malloc: out of memory");
|
||||
return ENOMEM;
|
||||
}
|
||||
ret = encode_AP_REP (buf + buf_size - 1, buf_size, &ap, &len);
|
||||
|
||||
ASN1_MALLOC_ENCODE(AP_REP, outbuf->data, outbuf->length, &ap, &len, ret);
|
||||
free_AP_REP (&ap);
|
||||
|
||||
if(len != buf_size)
|
||||
krb5_abortx(context, "krb5_mk_rep: encoded length != calculated length");
|
||||
outbuf->data = buf;
|
||||
outbuf->length = len;
|
||||
return 0;
|
||||
return ret;
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
|
||||
* Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -33,7 +33,7 @@
|
||||
|
||||
#include <krb5_locl.h>
|
||||
|
||||
RCSID("$Id: mk_req_ext.c,v 1.25 2001/05/09 07:15:00 assar Exp $");
|
||||
RCSID("$Id: mk_req_ext.c,v 1.26 2002/09/02 17:13:52 joda Exp $");
|
||||
|
||||
krb5_error_code
|
||||
krb5_mk_req_internal(krb5_context context,
|
||||
@ -62,6 +62,12 @@ krb5_mk_req_internal(krb5_context context,
|
||||
if(ret)
|
||||
return ret;
|
||||
|
||||
if(ac->local_subkey == NULL && (ap_req_options & AP_OPTS_USE_SUBKEY)) {
|
||||
ret = krb5_auth_con_generatelocalsubkey(context, ac, &in_creds->session);
|
||||
if(ret)
|
||||
return ret;
|
||||
}
|
||||
|
||||
#if 0
|
||||
{
|
||||
/* This is somewhat bogus since we're possibly overwriting a
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
|
||||
* Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -33,7 +33,7 @@
|
||||
|
||||
#include <krb5_locl.h>
|
||||
|
||||
RCSID("$Id: mk_safe.c,v 1.27 2001/06/18 02:45:15 assar Exp $");
|
||||
RCSID("$Id: mk_safe.c,v 1.28 2002/09/04 16:26:05 joda Exp $");
|
||||
|
||||
krb5_error_code
|
||||
krb5_mk_safe(krb5_context context,
|
||||
@ -48,7 +48,6 @@ krb5_mk_safe(krb5_context context,
|
||||
KerberosTime sec2;
|
||||
int usec2;
|
||||
u_char *buf = NULL;
|
||||
void *tmp;
|
||||
size_t buf_size;
|
||||
size_t len;
|
||||
u_int32_t tmp_seq;
|
||||
@ -85,17 +84,11 @@ krb5_mk_safe(krb5_context context,
|
||||
s.cksum.checksum.data = NULL;
|
||||
s.cksum.checksum.length = 0;
|
||||
|
||||
buf_size = length_KRB_SAFE(&s);
|
||||
buf = malloc(buf_size + 128); /* add some for checksum */
|
||||
if(buf == NULL) {
|
||||
krb5_set_error_string (context, "malloc: out of memory");
|
||||
return ENOMEM;
|
||||
}
|
||||
ret = encode_KRB_SAFE (buf + buf_size - 1, buf_size, &s, &len);
|
||||
if (ret) {
|
||||
free (buf);
|
||||
ASN1_MALLOC_ENCODE(KRB_SAFE, buf, buf_size, &s, &len, ret);
|
||||
if (ret)
|
||||
return ret;
|
||||
}
|
||||
if(buf_size != len)
|
||||
krb5_abortx(context, "internal error in ASN.1 encoder");
|
||||
ret = krb5_crypto_init(context, key, 0, &crypto);
|
||||
if (ret) {
|
||||
free (buf);
|
||||
@ -105,7 +98,7 @@ krb5_mk_safe(krb5_context context,
|
||||
crypto,
|
||||
KRB5_KU_KRB_SAFE_CKSUM,
|
||||
0,
|
||||
buf + buf_size - len,
|
||||
buf,
|
||||
len,
|
||||
&s.cksum);
|
||||
krb5_crypto_destroy(context, crypto);
|
||||
@ -114,27 +107,16 @@ krb5_mk_safe(krb5_context context,
|
||||
return ret;
|
||||
}
|
||||
|
||||
buf_size = length_KRB_SAFE(&s);
|
||||
tmp = realloc(buf, buf_size);
|
||||
if(tmp == NULL) {
|
||||
free(buf);
|
||||
krb5_set_error_string (context, "malloc: out of memory");
|
||||
return ENOMEM;
|
||||
}
|
||||
buf = tmp;
|
||||
|
||||
ret = encode_KRB_SAFE (buf + buf_size - 1, buf_size, &s, &len);
|
||||
free(buf);
|
||||
ASN1_MALLOC_ENCODE(KRB_SAFE, buf, buf_size, &s, &len, ret);
|
||||
free_Checksum (&s.cksum);
|
||||
if(ret)
|
||||
return ret;
|
||||
if(buf_size != len)
|
||||
krb5_abortx(context, "internal error in ASN.1 encoder");
|
||||
|
||||
outbuf->length = len;
|
||||
outbuf->data = malloc (len);
|
||||
if (outbuf->data == NULL) {
|
||||
free (buf);
|
||||
krb5_set_error_string (context, "malloc: out of memory");
|
||||
return ENOMEM;
|
||||
}
|
||||
memcpy (outbuf->data, buf + buf_size - len, len);
|
||||
free (buf);
|
||||
outbuf->data = buf;
|
||||
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE)
|
||||
auth_context->local_seqnumber =
|
||||
(auth_context->local_seqnumber + 1) & 0xFFFFFFFF;
|
||||
|
277
crypto/heimdal/lib/krb5/name-45-test.c
Normal file
277
crypto/heimdal/lib/krb5/name-45-test.c
Normal file
@ -0,0 +1,277 @@
|
||||
/*
|
||||
* Copyright (c) 2002 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of KTH nor the names of its contributors may be
|
||||
* used to endorse or promote products derived from this software without
|
||||
* specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
|
||||
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
|
||||
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
||||
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
||||
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
|
||||
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
||||
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
|
||||
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
||||
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
|
||||
|
||||
#include "krb5_locl.h"
|
||||
|
||||
RCSID("$Id: name-45-test.c,v 1.2 2002/08/31 03:33:07 assar Exp $");
|
||||
|
||||
enum { MAX_COMPONENTS = 3 };
|
||||
|
||||
static struct testcase {
|
||||
const char *v4_name;
|
||||
const char *v4_inst;
|
||||
const char *v4_realm;
|
||||
|
||||
krb5_realm v5_realm;
|
||||
unsigned ncomponents;
|
||||
char *comp_val[MAX_COMPONENTS];
|
||||
|
||||
const char *config_file;
|
||||
krb5_error_code ret; /* expected error code from 524 */
|
||||
|
||||
krb5_error_code ret2; /* expected error code from 425 */
|
||||
} tests[] = {
|
||||
{"", "", "", "", 1, {""}, NULL, 0, 0},
|
||||
{"a", "", "", "", 1, {"a"}, NULL, 0, 0},
|
||||
{"a", "b", "", "", 2, {"a", "b"}, NULL, 0, 0},
|
||||
{"a", "b", "c", "c", 2, {"a", "b"}, NULL, 0, 0},
|
||||
|
||||
{"krbtgt", "FOO.SE", "FOO.SE", "FOO.SE", 2,
|
||||
{"krbtgt", "FOO.SE"}, NULL, 0, 0},
|
||||
|
||||
{"foo", "bar", "BAZ", "BAZ", 2,
|
||||
{"foo", "bar"}, NULL, 0, 0},
|
||||
{"foo", "bar", "BAZ", "BAZ", 2,
|
||||
{"foo", "bar"},
|
||||
"[libdefaults]\n"
|
||||
" v4_name_convert = {\n"
|
||||
" host = {\n"
|
||||
" foo = foo5\n"
|
||||
" }\n"
|
||||
"}\n",
|
||||
HEIM_ERR_V4_PRINC_NO_CONV, 0},
|
||||
{"foo", "bar", "BAZ", "BAZ", 2,
|
||||
{"foo5", "bar.baz"},
|
||||
"[realms]\n"
|
||||
" BAZ = {\n"
|
||||
" v4_name_convert = {\n"
|
||||
" host = {\n"
|
||||
" foo = foo5\n"
|
||||
" }\n"
|
||||
" }\n"
|
||||
" v4_instance_convert = {\n"
|
||||
" bar = bar.baz\n"
|
||||
" }\n"
|
||||
" }\n",
|
||||
0, 0},
|
||||
|
||||
{"rcmd", "foo", "realm", "realm", 2, {"host", "foo"}, NULL,
|
||||
HEIM_ERR_V4_PRINC_NO_CONV, 0},
|
||||
{"rcmd", "foo", "realm", "realm", 2, {"host", "foo.realm"},
|
||||
"[realms]\n"
|
||||
" realm = {\n"
|
||||
" v4_instance_convert = {\n"
|
||||
" foo = foo.realm\n"
|
||||
" }\n"
|
||||
" }\n",
|
||||
0, 0},
|
||||
|
||||
{"pop", "mail0", "NADA.KTH.SE", "NADA.KTH.SE", 2,
|
||||
{"pop", "mail0.nada.kth.se"}, NULL, HEIM_ERR_V4_PRINC_NO_CONV, 0},
|
||||
{"pop", "mail0", "NADA.KTH.SE", "NADA.KTH.SE", 2,
|
||||
{"pop", "mail0.nada.kth.se"},
|
||||
"[realms]\n"
|
||||
" NADA.KTH.SE = {\n"
|
||||
" default_domain = nada.kth.se\n"
|
||||
" }\n",
|
||||
0, 0},
|
||||
{"pop", "mail0", "NADA.KTH.SE", "NADA.KTH.SE", 2,
|
||||
{"pop", "mail0.nada.kth.se"},
|
||||
"[libdefaults]\n"
|
||||
" v4_instance_resolve = true\n",
|
||||
HEIM_ERR_V4_PRINC_NO_CONV, 0},
|
||||
|
||||
{"rcmd", "ratatosk", "NADA.KTH.SE", "NADA.KTH.SE", 2,
|
||||
{"host", "ratatosk.pdc.kth.se"}, NULL, HEIM_ERR_V4_PRINC_NO_CONV, 0},
|
||||
{"rcmd", "ratatosk", "NADA.KTH.SE", "NADA.KTH.SE", 2,
|
||||
{"host", "ratatosk.pdc.kth.se"},
|
||||
"[libdefaults]\n"
|
||||
" v4_instance_resolve = true\n"
|
||||
"[realms]\n"
|
||||
" NADA.KTH.SE = {\n"
|
||||
" v4_name_convert = {\n"
|
||||
" host = {\n"
|
||||
" rcmd = host\n"
|
||||
" }\n"
|
||||
" }\n"
|
||||
" default_domain = pdc.kth.se\n"
|
||||
" }\n",
|
||||
0, 0},
|
||||
|
||||
{"0123456789012345678901234567890123456789",
|
||||
"0123456789012345678901234567890123456789",
|
||||
"0123456789012345678901234567890123456789",
|
||||
"0123456789012345678901234567890123456789",
|
||||
2, {"0123456789012345678901234567890123456789",
|
||||
"0123456789012345678901234567890123456789"}, NULL,
|
||||
0, KRB5_PARSE_MALFORMED},
|
||||
|
||||
{"012345678901234567890123456789012345678",
|
||||
"012345678901234567890123456789012345678",
|
||||
"012345678901234567890123456789012345678",
|
||||
"012345678901234567890123456789012345678",
|
||||
2, {"012345678901234567890123456789012345678",
|
||||
"012345678901234567890123456789012345678"}, NULL,
|
||||
0, 0},
|
||||
|
||||
{NULL, NULL, NULL, NULL, 0, {}, NULL, 0}
|
||||
};
|
||||
|
||||
int
|
||||
main(int argc, char **argv)
|
||||
{
|
||||
struct testcase *t;
|
||||
krb5_context context;
|
||||
krb5_error_code ret;
|
||||
int val = 0;
|
||||
|
||||
for (t = tests; t->v4_name; ++t) {
|
||||
krb5_principal princ;
|
||||
int i;
|
||||
char name[40], inst[40], realm[40];
|
||||
char printable_princ[256];
|
||||
|
||||
ret = krb5_init_context (&context);
|
||||
if (ret)
|
||||
errx (1, "krb5_init_context failed: %d", ret);
|
||||
|
||||
if (t->config_file != NULL) {
|
||||
char template[] = "/tmp/krb5-conf-XXXXXX";
|
||||
int fd = mkstemp(template);
|
||||
char *files[2];
|
||||
|
||||
if (fd < 0)
|
||||
krb5_err (context, 1, errno, "mkstemp %s", template);
|
||||
|
||||
if (write (fd, t->config_file, strlen(t->config_file))
|
||||
!= strlen(t->config_file))
|
||||
krb5_err (context, 1, errno, "write %s", template);
|
||||
close (fd);
|
||||
files[0] = template;
|
||||
files[1] = NULL;
|
||||
|
||||
ret = krb5_set_config_files (context, files);
|
||||
unlink (template);
|
||||
if (ret)
|
||||
krb5_err (context, 1, ret, "krb5_set_config_files");
|
||||
}
|
||||
|
||||
ret = krb5_425_conv_principal (context,
|
||||
t->v4_name,
|
||||
t->v4_inst,
|
||||
t->v4_realm,
|
||||
&princ);
|
||||
if (ret) {
|
||||
if (ret != t->ret) {
|
||||
krb5_warn (context, ret,
|
||||
"krb5_425_conv_principal %s.%s@%s",
|
||||
t->v4_name, t->v4_inst, t->v4_realm);
|
||||
val = 1;
|
||||
}
|
||||
} else {
|
||||
if (t->ret) {
|
||||
krb5_warnx (context,
|
||||
"krb5_425_conv_principal %s.%s@%s "
|
||||
"passed unexpected",
|
||||
t->v4_name, t->v4_inst, t->v4_realm);
|
||||
val = 1;
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
if (ret)
|
||||
continue;
|
||||
|
||||
if (strcmp (t->v5_realm, princ->realm) != 0) {
|
||||
printf ("wrong realm (\"%s\" should be \"%s\")"
|
||||
" for \"%s.%s@%s\"\n",
|
||||
princ->realm, t->v5_realm,
|
||||
t->v4_name,
|
||||
t->v4_inst,
|
||||
t->v4_realm);
|
||||
val = 1;
|
||||
}
|
||||
|
||||
if (t->ncomponents != princ->name.name_string.len) {
|
||||
printf ("wrong number of components (%u should be %u)"
|
||||
" for \"%s.%s@%s\"\n",
|
||||
princ->name.name_string.len, t->ncomponents,
|
||||
t->v4_name,
|
||||
t->v4_inst,
|
||||
t->v4_realm);
|
||||
val = 1;
|
||||
} else {
|
||||
for (i = 0; i < t->ncomponents; ++i) {
|
||||
if (strcmp(t->comp_val[i],
|
||||
princ->name.name_string.val[i]) != 0) {
|
||||
printf ("bad component %d (\"%s\" should be \"%s\")"
|
||||
" for \"%s.%s@%s\"\n",
|
||||
i,
|
||||
princ->name.name_string.val[i],
|
||||
t->comp_val[i],
|
||||
t->v4_name,
|
||||
t->v4_inst,
|
||||
t->v4_realm);
|
||||
val = 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
ret = krb5_524_conv_principal (context, princ,
|
||||
name, inst, realm);
|
||||
if (krb5_unparse_name_fixed(context, princ,
|
||||
printable_princ, sizeof(printable_princ)))
|
||||
strlcpy(printable_princ, "unknown principal",
|
||||
sizeof(printable_princ));
|
||||
if (ret) {
|
||||
if (ret != t->ret2) {
|
||||
krb5_warn (context, ret,
|
||||
"krb5_524_conv_principal %s", printable_princ);
|
||||
val = 1;
|
||||
}
|
||||
} else {
|
||||
if (t->ret2) {
|
||||
krb5_warnx (context,
|
||||
"krb5_524_conv_principal %s "
|
||||
"passed unexpected", printable_princ);
|
||||
val = 1;
|
||||
continue;
|
||||
}
|
||||
}
|
||||
if (ret) {
|
||||
krb5_free_principal (context, princ);
|
||||
continue;
|
||||
}
|
||||
|
||||
krb5_free_principal (context, princ);
|
||||
}
|
||||
return val;
|
||||
}
|
@ -33,7 +33,7 @@
|
||||
|
||||
#include "krb5_locl.h"
|
||||
|
||||
RCSID("$Id: prompter_posix.c,v 1.6 2001/05/11 20:26:49 assar Exp $");
|
||||
RCSID("$Id: prompter_posix.c,v 1.7 2002/09/16 17:32:11 nectar Exp $");
|
||||
|
||||
int
|
||||
krb5_prompter_posix (krb5_context context,
|
||||
@ -65,8 +65,7 @@ krb5_prompter_posix (krb5_context context,
|
||||
prompts[i].reply->length,
|
||||
stdin) == NULL)
|
||||
return 1;
|
||||
if(s[strlen(s) - 1] == '\n')
|
||||
s[strlen(s) - 1] = '\0';
|
||||
s[strcspn(s, "\n")] = '\0';
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
|
@ -33,7 +33,7 @@
|
||||
|
||||
#include <krb5_locl.h>
|
||||
|
||||
RCSID("$Id: rd_cred.c,v 1.17 2002/08/09 17:07:12 joda Exp $");
|
||||
RCSID("$Id: rd_cred.c,v 1.18 2002/09/04 16:26:05 joda Exp $");
|
||||
|
||||
krb5_error_code
|
||||
krb5_rd_cred(krb5_context context,
|
||||
@ -214,7 +214,6 @@ krb5_rd_cred(krb5_context context,
|
||||
for (i = 0; i < enc_krb_cred_part.ticket_info.len; ++i) {
|
||||
KrbCredInfo *kci = &enc_krb_cred_part.ticket_info.val[i];
|
||||
krb5_creds *creds;
|
||||
u_char buf[1024];
|
||||
size_t len;
|
||||
|
||||
creds = calloc(1, sizeof(*creds));
|
||||
@ -224,12 +223,12 @@ krb5_rd_cred(krb5_context context,
|
||||
goto out;
|
||||
}
|
||||
|
||||
ret = encode_Ticket (buf + sizeof(buf) - 1, sizeof(buf),
|
||||
&cred.tickets.val[i],
|
||||
&len);
|
||||
ASN1_MALLOC_ENCODE(Ticket, creds->ticket.data, creds->ticket.length,
|
||||
&cred.tickets.val[i], &len, ret);
|
||||
if (ret)
|
||||
goto out;
|
||||
krb5_data_copy (&creds->ticket, buf + sizeof(buf) - len, len);
|
||||
if(creds->ticket.length != len)
|
||||
krb5_abortx(context, "internal error in ASN.1 encoder");
|
||||
copy_EncryptionKey (&kci->key, &creds->session);
|
||||
if (kci->prealm && kci->pname)
|
||||
principalname2krb5_principal (&creds->client,
|
||||
|
@ -33,7 +33,7 @@
|
||||
|
||||
#include <krb5_locl.h>
|
||||
|
||||
RCSID("$Id: rd_safe.c,v 1.26 2002/02/14 12:47:47 joda Exp $");
|
||||
RCSID("$Id: rd_safe.c,v 1.27 2002/09/04 16:26:05 joda Exp $");
|
||||
|
||||
static krb5_error_code
|
||||
verify_checksum(krb5_context context,
|
||||
@ -53,19 +53,11 @@ verify_checksum(krb5_context context,
|
||||
safe->cksum.checksum.data = NULL;
|
||||
safe->cksum.checksum.length = 0;
|
||||
|
||||
buf_size = length_KRB_SAFE(safe);
|
||||
buf = malloc(buf_size);
|
||||
|
||||
if (buf == NULL) {
|
||||
ret = ENOMEM;
|
||||
krb5_set_error_string (context, "malloc: out of memory");
|
||||
goto out;
|
||||
}
|
||||
|
||||
ret = encode_KRB_SAFE (buf + buf_size - 1,
|
||||
buf_size,
|
||||
safe,
|
||||
&len);
|
||||
ASN1_MALLOC_ENCODE(KRB_SAFE, buf, buf_size, safe, &len, ret);
|
||||
if(ret)
|
||||
return ret;
|
||||
if(buf_size != len)
|
||||
krb5_abortx(context, "internal error in ASN.1 encoder");
|
||||
|
||||
if (auth_context->remote_subkey)
|
||||
key = auth_context->remote_subkey;
|
||||
|
@ -33,7 +33,7 @@
|
||||
|
||||
#include "krb5_locl.h"
|
||||
|
||||
RCSID("$Id: sendauth.c,v 1.18 2001/05/14 06:14:51 assar Exp $");
|
||||
RCSID("$Id: sendauth.c,v 1.19 2002/09/04 21:34:43 joda Exp $");
|
||||
|
||||
/*
|
||||
* The format seems to be:
|
||||
@ -86,6 +86,7 @@ krb5_sendauth(krb5_context context,
|
||||
krb5_principal this_client = NULL;
|
||||
krb5_creds *creds;
|
||||
ssize_t sret;
|
||||
krb5_boolean my_ccache = FALSE;
|
||||
|
||||
len = strlen(version) + 1;
|
||||
net_len = htonl(len);
|
||||
@ -125,12 +126,16 @@ krb5_sendauth(krb5_context context,
|
||||
ret = krb5_cc_default (context, &ccache);
|
||||
if (ret)
|
||||
return ret;
|
||||
my_ccache = TRUE;
|
||||
}
|
||||
|
||||
if (client == NULL) {
|
||||
ret = krb5_cc_get_principal (context, ccache, &this_client);
|
||||
if (ret)
|
||||
if (ret) {
|
||||
if(my_ccache)
|
||||
krb5_cc_close(context, ccache);
|
||||
return ret;
|
||||
}
|
||||
client = this_client;
|
||||
}
|
||||
memset(&this_cred, 0, sizeof(this_cred));
|
||||
@ -142,11 +147,16 @@ krb5_sendauth(krb5_context context,
|
||||
}
|
||||
if (in_creds->ticket.length == 0) {
|
||||
ret = krb5_get_credentials (context, 0, ccache, in_creds, &creds);
|
||||
if (ret)
|
||||
if (ret) {
|
||||
if(my_ccache)
|
||||
krb5_cc_close(context, ccache);
|
||||
return ret;
|
||||
}
|
||||
} else {
|
||||
creds = in_creds;
|
||||
}
|
||||
if(my_ccache)
|
||||
krb5_cc_close(context, ccache);
|
||||
ret = krb5_mk_req_extended (context,
|
||||
auth_context,
|
||||
ap_req_options,
|
||||
|
@ -33,7 +33,7 @@
|
||||
|
||||
#include "krb5_locl.h"
|
||||
|
||||
RCSID("$Id: transited.c,v 1.8 2001/05/14 06:14:52 assar Exp $");
|
||||
RCSID("$Id: transited.c,v 1.9 2002/09/09 14:03:03 nectar Exp $");
|
||||
|
||||
/* this is an attempt at one of the most horrible `compression'
|
||||
schemes that has ever been invented; it's so amazingly brain-dead
|
||||
@ -318,8 +318,9 @@ krb5_domain_x500_decode(krb5_context context,
|
||||
if(ret)
|
||||
return ret;
|
||||
|
||||
/* remove empty components */
|
||||
/* remove empty components and count realms */
|
||||
q = &r;
|
||||
*num_realms = 0;
|
||||
for(p = r; p; ){
|
||||
if(p->realm[0] == '\0'){
|
||||
free(p->realm);
|
||||
@ -329,22 +330,20 @@ krb5_domain_x500_decode(krb5_context context,
|
||||
}else{
|
||||
q = &p->next;
|
||||
p = p->next;
|
||||
(*num_realms)++;
|
||||
}
|
||||
}
|
||||
if (*num_realms < 0 || *num_realms + 1 > UINT_MAX/sizeof(**realms))
|
||||
return ERANGE;
|
||||
|
||||
{
|
||||
char **R;
|
||||
*realms = NULL;
|
||||
*num_realms = 0;
|
||||
R = malloc((*num_realms + 1) * sizeof(*R));
|
||||
if (R == NULL)
|
||||
return ENOMEM;
|
||||
*realms = R;
|
||||
while(r){
|
||||
R = realloc(*realms, (*num_realms + 1) * sizeof(**realms));
|
||||
if(R == NULL) {
|
||||
free(*realms);
|
||||
krb5_set_error_string (context, "malloc: out of memory");
|
||||
return ENOMEM;
|
||||
}
|
||||
R[*num_realms] = r->realm;
|
||||
(*num_realms)++;
|
||||
*realms = R;
|
||||
*R++ = r->realm;
|
||||
p = r->next;
|
||||
free(r);
|
||||
r = p;
|
||||
|
@ -1,3 +1,45 @@
|
||||
2002-09-10 Johan Danielsson <joda@pdc.kth.se>
|
||||
|
||||
* roken.awk: include config.h before stdio.h (breaks with
|
||||
_FILE_OFFSET_BITS on solaris otherwise)
|
||||
|
||||
2002-09-09 Johan Danielsson <joda@pdc.kth.se>
|
||||
|
||||
* resolve.c: fix res_nsearch call, but don't use it for now, AIX5
|
||||
has a broken version that trashes memory
|
||||
|
||||
* roken-common.h: fix typo in previous
|
||||
|
||||
* roken-common.h: change IRIX == 4 to IRIX4
|
||||
|
||||
2002-09-04 Assar Westerlund <assar@kth.se>
|
||||
|
||||
* getifaddrs.c: remove some warnings from the linux-portion
|
||||
|
||||
* getnameinfo_verified.c (getnameinfo_verified): handle the case
|
||||
of forward but no backward DNS information, and also describe the
|
||||
desired behaviour. from Love <lha@stacken.kth.se>
|
||||
|
||||
2002-09-04 Johan Danielsson <joda@pdc.kth.se>
|
||||
|
||||
* rtbl.c (rtbl_destroy): free whole table
|
||||
|
||||
* resolve.c: use res_nsearch if we have it (from Larry Greenfield)
|
||||
|
||||
2002-09-03 Assar Westerlund <assar@kth.se>
|
||||
|
||||
* getifaddrs.c: add Linux AF_NETLINK getifaddrs from Hideaki
|
||||
YOSHIFUJI of the Usagi project
|
||||
|
||||
* parse_reply-test.c: make this build and return 77 if there is no
|
||||
mmap
|
||||
|
||||
* Makefile.am (parse_reply-test): add
|
||||
* parse_reply-test.c: add a test case for parse_reply reading past
|
||||
the given buffer
|
||||
* resolve.c (parse_reply): update the arguments to more reasonable
|
||||
types. allow parse_reply-test to call it
|
||||
|
||||
2002-08-28 Johan Danielsson <joda@pdc.kth.se>
|
||||
|
||||
* resolve.c (dns_srv_order): do alignment tricks with the random()
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user