src - FreeBSD source tree

diff options


context:
space:
mode:

author	Jacques Vidrine <nectar@FreeBSD.org>	2002-02-19 15:46:56 +0000
committer	Jacques Vidrine <nectar@FreeBSD.org>	2002-02-19 15:46:56 +0000
commit	4137ff4cc173ea2e05227027e1c9e0ea42bcc0dc (patch)
tree	85ecf91fd00875cec4b93111d3a8ed9eec9cddfe /crypto/heimdal/lib/gssapi
parent	5a83b025a988368a32c549e5bd9fd3e0478c0198 (diff)
download	src-4137ff4cc173ea2e05227027e1c9e0ea42bcc0dc.tar.gz src-4137ff4cc173ea2e05227027e1c9e0ea42bcc0dc.zip

Import of Heimdal Kerberos from KTH repository circa 2002/02/17.

Notes

Notes: svn path=/vendor-crypto/heimdal/dist/; revision=90926

Diffstat (limited to 'crypto/heimdal/lib/gssapi')

-rw-r--r--

crypto/heimdal/lib/gssapi/8003.c

-rw-r--r--

crypto/heimdal/lib/gssapi/ChangeLog

-rw-r--r--

crypto/heimdal/lib/gssapi/Makefile.am

-rw-r--r--

crypto/heimdal/lib/gssapi/Makefile.in

357

-rw-r--r--

crypto/heimdal/lib/gssapi/accept_sec_context.c

106

-rw-r--r--

crypto/heimdal/lib/gssapi/acquire_cred.c

-rw-r--r--

crypto/heimdal/lib/gssapi/decapsulate.c

-rw-r--r--

crypto/heimdal/lib/gssapi/display_status.c

-rw-r--r--

crypto/heimdal/lib/gssapi/encapsulate.c

-rw-r--r--

crypto/heimdal/lib/gssapi/get_mic.c

-rw-r--r--

crypto/heimdal/lib/gssapi/gssapi_locl.h

-rw-r--r--

crypto/heimdal/lib/gssapi/init.c

-rw-r--r--

crypto/heimdal/lib/gssapi/init_sec_context.c

-rw-r--r--

crypto/heimdal/lib/gssapi/unwrap.c

-rw-r--r--

crypto/heimdal/lib/gssapi/verify_mic.c

-rw-r--r--

crypto/heimdal/lib/gssapi/wrap.c

16 files changed, 514 insertions, 338 deletions

diff --git a/crypto/heimdal/lib/gssapi/8003.c b/crypto/heimdal/lib/gssapi/8003.c
index c0d888165184..a4941ef1ede7 100644
--- a/crypto/heimdal/lib/gssapi/8003.c
+++ b/crypto/heimdal/lib/gssapi/8003.c

@@ -33,7 +33,7 @@

#include "gssapi_locl.h"

-RCSID("$Id: 8003.c,v 1.8 2001/01/29 02:08:58 assar Exp $");

+RCSID("$Id: 8003.c,v 1.10 2001/08/29 02:21:09 assar Exp $");

static krb5_error_code

encode_om_uint32(OM_uint32 n, u_char *p)

@@ -86,27 +86,35 @@ hash_input_chan_bindings (const gss_channel_bindings_t b,

return 0;

}

-krb5_error_code

+/*

+ * create a checksum over the chanel bindings in

+ * `input_chan_bindings', `flags' and `fwd_data' and return it in

+ * `result'

+ */

+OM_uint32

gssapi_krb5_create_8003_checksum (

+ OM_uint32 *minor_status,

const gss_channel_bindings_t input_chan_bindings,

OM_uint32 flags,

- krb5_data *fwd_data,

+ const krb5_data *fwd_data,

Checksum *result)

{

u_char *p;

* see rfc1964 (section 1.1.1 (Initial Token), and the checksum value

- * field's format)

- */

+ * field's format) */

result->cksumtype = 0x8003;

if (fwd_data->length > 0 && (flags & GSS_C_DELEG_FLAG))

result->checksum.length = 24 + 4 + fwd_data->length;

else

result->checksum.length = 24;

result->checksum.data = malloc (result->checksum.length);

- if (result->checksum.data == NULL)

- return ENOMEM;

+ if (result->checksum.data == NULL) {

+ *minor_status = ENOMEM;

+ return GSS_S_FAILURE;

+ }

p = result->checksum.data;

encode_om_uint32 (16, p);

@@ -139,18 +147,21 @@ gssapi_krb5_create_8003_checksum (

memcpy(p, (unsigned char *) fwd_data->data, fwd_data->length);

p += fwd_data->length;

- if (p - (u_char *)result->checksum.data != result->checksum.length)

- abort();

}

- return 0;

+ return GSS_S_COMPLETE;

}

-krb5_error_code

+/*

+ * verify the checksum in `cksum' over `input_chan_bindings'

+ * returning `flags' and `fwd_data'

+ */

+OM_uint32

gssapi_krb5_verify_8003_checksum(

+ OM_uint32 *minor_status,

const gss_channel_bindings_t input_chan_bindings,

- Checksum *cksum,

+ const Checksum *cksum,

OM_uint32 *flags,

krb5_data *fwd_data)

{

@@ -160,21 +171,29 @@ gssapi_krb5_verify_8003_checksum(

int DlgOpt;

/* XXX should handle checksums > 24 bytes */

- if(cksum->cksumtype != 0x8003)

+ if(cksum->cksumtype != 0x8003) {

+ *minor_status = 0;

return GSS_S_BAD_BINDINGS;

+ }

p = cksum->checksum.data;

decode_om_uint32(p, &length);

- if(length != sizeof(hash))

- return GSS_S_FAILURE;

+ if(length != sizeof(hash)) {

+ *minor_status = 0;

+ return GSS_S_BAD_BINDINGS;

+ }

p += 4;

if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS) {

- if(hash_input_chan_bindings(input_chan_bindings, hash) != 0)

- return GSS_S_FAILURE;

- if(memcmp(hash, p, sizeof(hash)) != 0)

- return GSS_S_FAILURE;

+ if(hash_input_chan_bindings(input_chan_bindings, hash) != 0) {

+ *minor_status = 0;

+ return GSS_S_BAD_BINDINGS;

+ }

+ if(memcmp(hash, p, sizeof(hash)) != 0) {

+ *minor_status = 0;

+ return GSS_S_BAD_BINDINGS;

+ }

}

p += sizeof(hash);

@@ -186,18 +205,22 @@ gssapi_krb5_verify_8003_checksum(

p += 4;

DlgOpt = (p[0] << 0) | (p[1] << 8 );

- if (DlgOpt != 1)

- return GSS_S_BAD_BINDINGS;

+ if (DlgOpt != 1) {

+ *minor_status = 0;

+ return GSS_S_BAD_BINDINGS;

+ }

p += 2;

fwd_data->length = (p[0] << 0) | (p[1] << 8);

fwd_data->data = malloc(fwd_data->length);

- if (fwd_data->data == NULL)

- return ENOMEM;

+ if (fwd_data->data == NULL) {

+ *minor_status = ENOMEM;

+ return GSS_S_FAILURE;

+ }

p += 2;

memcpy(fwd_data->data, p, fwd_data->length);

}

- return 0;

+ return GSS_S_COMPLETE;

}

diff --git a/crypto/heimdal/lib/gssapi/ChangeLog b/crypto/heimdal/lib/gssapi/ChangeLog
index 99ab2710881b..85e864c09997 100644
--- a/crypto/heimdal/lib/gssapi/ChangeLog
+++ b/crypto/heimdal/lib/gssapi/ChangeLog

@@ -1,3 +1,75 @@

+2001-10-31 Jacques Vidrine <n@nectar.com>

+ * get_mic.c (mic_des3): MIC computation using DES3/SHA1

+ was bogusly appending the message buffer to the result,

+ overwriting a heap buffer in the process.

+2001-08-29 Assar Westerlund <assar@sics.se>

+ * 8003.c (gssapi_krb5_verify_8003_checksum,

+ gssapi_krb5_create_8003_checksum): make more consistent by always

+ returning an gssapi error and setting minor status. update

+ callers

+2001-08-28 Jacques Vidrine <n@nectar.com>

+ * accept_sec_context.c: Create a cache for delegated credentials

+ when needed.

+2001-08-28 Assar Westerlund <assar@sics.se>

+ * Makefile.am (libgssapi_la_LDFLAGS): set version to 3:4:2

+2001-08-23 Assar Westerlund <assar@sics.se>

+ * *.c: handle minor_status more consistently

+ * display_status.c (gss_display_status): handle krb5_get_err_text

+ failing

+2001-08-15 Johan Danielsson <joda@pdc.kth.se>

+ * gssapi_locl.h: fix prototype for gssapi_krb5_init

+2001-08-13 Johan Danielsson <joda@pdc.kth.se>

+ * accept_sec_context.c (gsskrb5_register_acceptor_identity): init

+ context and check return value from kt_resolve

+ * init.c: return error code

+2001-07-19 Assar Westerlund <assar@sics.se>

+ * Makefile.am (libgssapi_la_LDFLAGS): update to 3:3:2

+2001-07-12 Assar Westerlund <assar@sics.se>

+ * Makefile.am (libgssapi_la_LIBADD): add required library

+ dependencies

+2001-07-06 Assar Westerlund <assar@sics.se>

+ * accept_sec_context.c (gsskrb5_register_acceptor_identity): set

+ the keytab to be used for gss_acquire_cred too'

+2001-07-03 Assar Westerlund <assar@sics.se>

+ * Makefile.am (libgssapi_la_LDFLAGS): set version to 3:2:2

+2001-06-18 Assar Westerlund <assar@sics.se>

+ * wrap.c: replace gss_krb5_getsomekey with gss_krb5_get_localkey

+ and gss_krb5_get_remotekey

+ * verify_mic.c: update krb5_auth_con function names use

+ gss_krb5_get_remotekey

+ * unwrap.c: replace gss_krb5_getsomekey with gss_krb5_get_localkey

+ and gss_krb5_get_remotekey

+ * gssapi_locl.h (gss_krb5_get_remotekey, gss_krb5_get_localkey):

+ add prototypes

+ * get_mic.c: update krb5_auth_con function names. use

+ gss_krb5_get_localkey

+ * accept_sec_context.c: update krb5_auth_con function names

2001-05-17 Assar Westerlund <assar@sics.se>

* Makefile.am: bump version to 3:1:2

diff --git a/crypto/heimdal/lib/gssapi/Makefile.am b/crypto/heimdal/lib/gssapi/Makefile.am
index 313204096f64..a7d4bec0a88c 100644
--- a/crypto/heimdal/lib/gssapi/Makefile.am
+++ b/crypto/heimdal/lib/gssapi/Makefile.am

@@ -1,11 +1,12 @@

-# $Id: Makefile.am,v 1.31 2001/05/16 23:52:27 assar Exp $

+# $Id: Makefile.am,v 1.36 2001/08/28 11:21:17 joda Exp $

include $(top_srcdir)/Makefile.am.common

-INCLUDES += -I$(srcdir)/../krb5 $(INCLUDE_krb4)

+INCLUDES += -I$(srcdir)/../krb5 $(INCLUDE_des) $(INCLUDE_krb4)

lib_LTLIBRARIES = libgssapi.la

-libgssapi_la_LDFLAGS = -version-info 3:1:2

+libgssapi_la_LDFLAGS = -version-info 3:4:2

+libgssapi_la_LIBADD = ../krb5/libkrb5.la $(LIB_des) ../asn1/libasn1.la ../roken/libroken.la

include_HEADERS = gssapi.h

diff --git a/crypto/heimdal/lib/gssapi/Makefile.in b/crypto/heimdal/lib/gssapi/Makefile.in
index a71a183bc69a..5bdca2a96cba 100644
--- a/crypto/heimdal/lib/gssapi/Makefile.in
+++ b/crypto/heimdal/lib/gssapi/Makefile.in

@@ -1,6 +1,6 @@

-# Makefile.in generated automatically by automake 1.4b from Makefile.am

+# Makefile.in generated automatically by automake 1.5 from Makefile.am.

# Free Software Foundation, Inc.

# This Makefile.in is free software; the Free Software Foundation

# gives unlimited permission to copy and/or distribute it,

@@ -11,6 +11,16 @@

# even the implied warranty of MERCHANTABILITY or FITNESS FOR A

# PARTICULAR PURPOSE.

+@SET_MAKE@

+# $Id: Makefile.am,v 1.36 2001/08/28 11:21:17 joda Exp $

+# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $

+# $Id: Makefile.am.common,v 1.31 2001/09/01 11:12:18 assar Exp $

SHELL = @SHELL@

srcdir = @srcdir@

@@ -31,11 +41,9 @@ infodir = @infodir@

mandir = @mandir@

includedir = @includedir@

oldincludedir = /usr/include

pkgdatadir = $(datadir)/@PACKAGE@

pkglibdir = $(libdir)/@PACKAGE@

pkgincludedir = $(includedir)/@PACKAGE@

top_builddir = ../..

ACLOCAL = @ACLOCAL@

@@ -47,21 +55,17 @@ INSTALL = @INSTALL@

INSTALL_PROGRAM = @INSTALL_PROGRAM@

INSTALL_DATA = @INSTALL_DATA@

INSTALL_SCRIPT = @INSTALL_SCRIPT@

-INSTALL_STRIP_FLAG =

+INSTALL_HEADER = $(INSTALL_DATA)

transform = @program_transform_name@

NORMAL_INSTALL = :

PRE_INSTALL = :

POST_INSTALL = :

NORMAL_UNINSTALL = :

PRE_UNINSTALL = :

POST_UNINSTALL = :

-@SET_MAKE@

host_alias = @host_alias@

host_triplet = @host@

AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@

-AMDEP = @AMDEP@

AMTAR = @AMTAR@

AS = @AS@

AWK = @AWK@

@@ -69,11 +73,11 @@ CANONICAL_HOST = @CANONICAL_HOST@

CATMAN = @CATMAN@

CATMANEXT = @CATMANEXT@

CC = @CC@

+COMPILE_ET = @COMPILE_ET@

CPP = @CPP@

-CXX = @CXX@

-CXXCPP = @CXXCPP@

DBLIB = @DBLIB@

DEPDIR = @DEPDIR@

+DIR_com_err = @DIR_com_err@

DIR_des = @DIR_des@

DIR_roken = @DIR_roken@

DLLTOOL = @DLLTOOL@

@@ -82,20 +86,27 @@ EXTRA_LIB45 = @EXTRA_LIB45@

GROFF = @GROFF@

INCLUDES_roken = @INCLUDES_roken@

INCLUDE_ = @INCLUDE_@

+INCLUDE_des = @INCLUDE_des@

+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@

LEX = @LEX@

LIBOBJS = @LIBOBJS@

LIBTOOL = @LIBTOOL@

LIB_ = @LIB_@

LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@

+LIB_NDBM = @LIB_NDBM@

+LIB_com_err = @LIB_com_err@

+LIB_com_err_a = @LIB_com_err_a@

+LIB_com_err_so = @LIB_com_err_so@

LIB_des = @LIB_des@

+LIB_des_a = @LIB_des_a@

LIB_des_appl = @LIB_des_appl@

+LIB_des_so = @LIB_des_so@

LIB_kdb = @LIB_kdb@

LIB_otp = @LIB_otp@

LIB_roken = @LIB_roken@

LIB_security = @LIB_security@

LN_S = @LN_S@

LTLIBOBJS = @LTLIBOBJS@

-MAKEINFO = @MAKEINFO@

NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@

NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@

NROFF = @NROFF@

@@ -103,38 +114,32 @@ OBJDUMP = @OBJDUMP@

OBJEXT = @OBJEXT@

PACKAGE = @PACKAGE@

RANLIB = @RANLIB@

-STRIP = @STRIP@

VERSION = @VERSION@

VOID_RETSIGTYPE = @VOID_RETSIGTYPE@

WFLAGS = @WFLAGS@

WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@

WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@

+X_CFLAGS = @X_CFLAGS@

+X_EXTRA_LIBS = @X_EXTRA_LIBS@

+X_LIBS = @X_LIBS@

+X_PRE_LIBS = @X_PRE_LIBS@

YACC = @YACC@

+am__include = @am__include@

+am__quote = @am__quote@

dpagaix_CFLAGS = @dpagaix_CFLAGS@

dpagaix_LDADD = @dpagaix_LDADD@

install_sh = @install_sh@

-# $Id: Makefile.am,v 1.31 2001/05/16 23:52:27 assar Exp $

-# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $

-# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $

-AUTOMAKE_OPTIONS = foreign no-dependencies

+AUTOMAKE_OPTIONS = foreign no-dependencies 1.4b

SUFFIXES = .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x

-INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) -I$(srcdir)/../krb5 $(INCLUDE_krb4)

+INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) -I$(srcdir)/../krb5 $(INCLUDE_des) $(INCLUDE_krb4)

-AM_CFLAGS = $(WFLAGS)

+AM_CFLAGS = $(WFLAGS)

CP = cp

-COMPILE_ET = $(top_builddir)/lib/com_err/compile_et

buildinclude = $(top_builddir)/include

LIB_XauReadAuth = @LIB_XauReadAuth@

@@ -152,8 +157,8 @@ LIB_getsockopt = @LIB_getsockopt@

LIB_logout = @LIB_logout@

LIB_logwtmp = @LIB_logwtmp@

LIB_odm_initialize = @LIB_odm_initialize@

+LIB_openpty = @LIB_openpty@

LIB_pidfile = @LIB_pidfile@

-LIB_readline = @LIB_readline@

LIB_res_search = @LIB_res_search@

LIB_setpcred = @LIB_setpcred@

LIB_setsockopt = @LIB_setsockopt@

@@ -175,23 +180,26 @@ INCLUDE_openldap = @INCLUDE_openldap@

LIB_openldap = @LIB_openldap@

INCLUDE_readline = @INCLUDE_readline@

+LIB_readline = @LIB_readline@

LEXLIB = @LEXLIB@

NROFF_MAN = groff -mandoc -Tascii

-@KRB4_TRUE@LIB_kafs = @KRB4_TRUE@$(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)

+@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)

-@KRB5_TRUE@LIB_krb5 = @KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \

+@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \

@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la

-@KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la

-@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la

+@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la

+@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la

CHECK_LOCAL = $(PROGRAMS)

lib_LTLIBRARIES = libgssapi.la

-libgssapi_la_LDFLAGS = -version-info 3:1:2

+libgssapi_la_LDFLAGS = -version-info 3:4:2

+libgssapi_la_LIBADD = ../krb5/libkrb5.la $(LIB_des) ../asn1/libasn1.la ../roken/libroken.la

include_HEADERS = gssapi.h

@@ -237,123 +245,109 @@ libgssapi_la_SOURCES = \

subdir = lib/gssapi

mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs

-CONFIG_HEADER = ../../include/config.h

-CONFIG_CLEAN_FILES =

-LTLIBRARIES = $(lib_LTLIBRARIES)

-DEFS = @DEFS@ -I. -I$(srcdir) -I../../include

+CONFIG_HEADER = $(top_builddir)/include/config.h

+CONFIG_CLEAN_FILES =

+LTLIBRARIES = $(lib_LTLIBRARIES)

+libgssapi_la_DEPENDENCIES = ../krb5/libkrb5.la ../asn1/libasn1.la \

+ ../roken/libroken.la

+am_libgssapi_la_OBJECTS = 8003.lo accept_sec_context.lo acquire_cred.lo \

+ add_oid_set_member.lo canonicalize_name.lo compare_name.lo \

+ context_time.lo copy_ccache.lo create_emtpy_oid_set.lo \

+ decapsulate.lo delete_sec_context.lo display_name.lo \

+ display_status.lo duplicate_name.lo encapsulate.lo \

+ export_sec_context.lo export_name.lo external.lo get_mic.lo \

+ import_name.lo import_sec_context.lo indicate_mechs.lo init.lo \

+ init_sec_context.lo inquire_context.lo inquire_cred.lo \

+ release_buffer.lo release_cred.lo release_name.lo \

+ release_oid_set.lo test_oid_set_member.lo unwrap.lo v1.lo \

+ verify_mic.lo wrap.lo address_to_krb5addr.lo

+libgssapi_la_OBJECTS = $(am_libgssapi_la_OBJECTS)

+DEFS = @DEFS@

+DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include

CPPFLAGS = @CPPFLAGS@

LDFLAGS = @LDFLAGS@

-X_CFLAGS = @X_CFLAGS@

-X_LIBS = @X_LIBS@

-X_EXTRA_LIBS = @X_EXTRA_LIBS@

-X_PRE_LIBS = @X_PRE_LIBS@

-libgssapi_la_LIBADD =

-am_libgssapi_la_OBJECTS = 8003.lo accept_sec_context.lo acquire_cred.lo \

-add_oid_set_member.lo canonicalize_name.lo compare_name.lo \

-context_time.lo copy_ccache.lo create_emtpy_oid_set.lo decapsulate.lo \

-delete_sec_context.lo display_name.lo display_status.lo \

-duplicate_name.lo encapsulate.lo export_sec_context.lo export_name.lo \

-external.lo get_mic.lo import_name.lo import_sec_context.lo \

-indicate_mechs.lo init.lo init_sec_context.lo inquire_context.lo \

-inquire_cred.lo release_buffer.lo release_cred.lo release_name.lo \

-release_oid_set.lo test_oid_set_member.lo unwrap.lo v1.lo verify_mic.lo \

-wrap.lo address_to_krb5addr.lo

-libgssapi_la_OBJECTS = $(am_libgssapi_la_OBJECTS)

-COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)

-LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)

-CFLAGS = @CFLAGS@

+depcomp =

+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \

+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)

+LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \

+ $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)

CCLD = $(CC)

-LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@

-DIST_SOURCES = $(libgssapi_la_SOURCES)

-HEADERS = $(include_HEADERS)

-depcomp =

-DIST_COMMON = $(include_HEADERS) ChangeLog Makefile.am Makefile.in

-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)

+LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \

+ $(AM_LDFLAGS) $(LDFLAGS) -o $@

+CFLAGS = @CFLAGS@

+DIST_SOURCES = $(libgssapi_la_SOURCES)

+HEADERS = $(include_HEADERS)

-GZIP_ENV = --best

+DIST_COMMON = $(include_HEADERS) ChangeLog Makefile.am Makefile.in

SOURCES = $(libgssapi_la_SOURCES)

-OBJECTS = $(am_libgssapi_la_OBJECTS)

-all: all-redirect

+all: all-am

.SUFFIXES:

.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj

-$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common

- cd $(top_srcdir) && $(AUTOMAKE) --foreign lib/gssapi/Makefile

-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status

- cd $(top_builddir) \

- && CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= $(SHELL) ./config.status

-mostlyclean-libLTLIBRARIES:

-clean-libLTLIBRARIES:

- -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)

-distclean-libLTLIBRARIES:

+mostlyclean-libtool:

+ -rm -f *.lo

-maintainer-clean-libLTLIBRARIES:

+clean-libtool:

+ -rm -rf .libs _libs

+distclean-libtool:

+ -rm -f libtool

+$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)

+ cd $(top_srcdir) && \

+ $(AUTOMAKE) --foreign lib/gssapi/Makefile

+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status

+ cd $(top_builddir) && \

+ CONFIG_HEADERS= CONFIG_LINKS= \

+ CONFIG_FILES=$(subdir)/$@ $(SHELL) ./config.status

install-libLTLIBRARIES: $(lib_LTLIBRARIES)

@$(NORMAL_INSTALL)

$(mkinstalldirs) $(DESTDIR)$(libdir)

@list='$(lib_LTLIBRARIES)'; for p in $$list; do \

if test -f $$p; then \

- echo " $(LIBTOOL) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$p"; \

- $(LIBTOOL) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$p; \

+ echo " $(LIBTOOL) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$p"; \

+ $(LIBTOOL) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$p; \

else :; fi; \

done

uninstall-libLTLIBRARIES:

@$(NORMAL_UNINSTALL)

@list='$(lib_LTLIBRARIES)'; for p in $$list; do \

- echo " $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p"; \

- $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p; \

+ echo " $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p"; \

+ $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p; \

done

-mostlyclean-compile:

- -rm -f *.o core *.core

- -rm -f *.$(OBJEXT)

+clean-libLTLIBRARIES:

+ -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)

+libgssapi.la: $(libgssapi_la_OBJECTS) $(libgssapi_la_DEPENDENCIES)

+ $(LINK) -rpath $(libdir) $(libgssapi_la_LDFLAGS) $(libgssapi_la_OBJECTS) $(libgssapi_la_LIBADD) $(LIBS)

-clean-compile:

+mostlyclean-compile:

+ -rm -f *.$(OBJEXT) core *.core

distclean-compile:

-rm -f *.tab.c

-maintainer-clean-compile:

-mostlyclean-libtool:

- -rm -f *.lo

-clean-libtool:

- -rm -rf .libs _libs

-distclean-libtool:

-maintainer-clean-libtool:

-libgssapi.la: $(libgssapi_la_OBJECTS) $(libgssapi_la_DEPENDENCIES)

- $(LINK) -rpath $(libdir) $(libgssapi_la_LDFLAGS) $(libgssapi_la_OBJECTS) $(libgssapi_la_LIBADD) $(LIBS)

.c.o:

- $(COMPILE) -c $<

+ $(COMPILE) -c `test -f $< || echo '$(srcdir)/'`$<

.c.obj:

$(COMPILE) -c `cygpath -w $<`

-.c.lo:

- $(LTCOMPILE) -c -o $@ $<

+.c.lo:

+ $(LTCOMPILE) -c -o $@ `test -f $< || echo '$(srcdir)/'`$<

+uninstall-info-am:

install-includeHEADERS: $(include_HEADERS)

@$(NORMAL_INSTALL)

$(mkinstalldirs) $(DESTDIR)$(includedir)

@list='$(include_HEADERS)'; for p in $$list; do \

- if test -f "$$p"; then d= ; else d="$(srcdir)/"; fi; \

+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \

f="`echo $$p | sed -e 's|^.*/||'`"; \

- echo " $(INSTALL_DATA) $$d$$p $(DESTDIR)$(includedir)/$$f"; \

- $(INSTALL_DATA) $$d$$p $(DESTDIR)$(includedir)/$$f; \

+ echo " $(INSTALL_HEADER) $$d$$p $(DESTDIR)$(includedir)/$$f"; \

+ $(INSTALL_HEADER) $$d$$p $(DESTDIR)$(includedir)/$$f; \

done

uninstall-includeHEADERS:

@@ -391,22 +385,23 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \

GTAGS:

here=`CDPATH=: && cd $(top_builddir) && pwd` \

&& cd $(top_srcdir) \

- && gtags -i $$here

-mostlyclean-tags:

-clean-tags:

+ && gtags -i $(GTAGS_ARGS) $$here

distclean-tags:

- -rm -f TAGS ID

+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH

-maintainer-clean-tags:

+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)

-distdir = $(top_builddir)/$(PACKAGE)-$(VERSION)/$(subdir)

+top_distdir = ../..

+distdir = $(top_distdir)/$(PACKAGE)-$(VERSION)

distdir: $(DISTFILES)

@for file in $(DISTFILES); do \

- d=$(srcdir); \

+ if test -f $$file; then d=.; else d=$(srcdir); fi; \

+ dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \

+ if test "$$dir" != "$$file" && test "$$dir" != "."; then \

+ $(mkinstalldirs) "$(distdir)/$$dir"; \

+ fi; \

if test -d $$d/$$file; then \

cp -pR $$d/$$file $(distdir) \

|| exit 1; \

@@ -416,87 +411,94 @@ distdir: $(DISTFILES)

|| exit 1; \

fi; \

done

- $(MAKE) $(AM_MAKEFLAGS) top_distdir="$(top_distdir)" distdir="$(distdir)" dist-hook

-info-am:

-info: info-am

-dvi-am:

-dvi: dvi-am

+ $(MAKE) $(AM_MAKEFLAGS) \

+ top_distdir="${top_distdir}" distdir="$(distdir)" \

+ dist-hook

check-am: all-am

$(MAKE) $(AM_MAKEFLAGS) check-local

check: check-am

-installcheck-am:

-installcheck: installcheck-am

-install-exec-am: install-libLTLIBRARIES

- @$(NORMAL_INSTALL)

- $(MAKE) $(AM_MAKEFLAGS) install-exec-hook

-install-exec: install-exec-am

+all-am: Makefile $(LTLIBRARIES) $(HEADERS) all-local

-install-data-am: install-includeHEADERS install-data-local

-install-data: install-data-am

+installdirs:

+ $(mkinstalldirs) $(DESTDIR)$(libdir) $(DESTDIR)$(includedir)

-install-am: all-am

- @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am

install: install-am

-uninstall-am: uninstall-libLTLIBRARIES uninstall-includeHEADERS

+install-exec: install-exec-am

+install-data: install-data-am

uninstall: uninstall-am

-all-am: Makefile $(LTLIBRARIES) $(HEADERS) all-local

-all-redirect: all-am

-install-strip:

- $(MAKE) $(AM_MAKEFLAGS) INSTALL_STRIP_FLAG=-s install

-installdirs:

- $(mkinstalldirs) $(DESTDIR)$(libdir) $(DESTDIR)$(includedir)

+install-am: all-am

+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am

+installcheck: installcheck-am

+install-strip:

+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \

+ `test -z '$(STRIP)' || \

+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install

mostlyclean-generic:

clean-generic:

distclean-generic:

- -rm -f Makefile $(CONFIG_CLEAN_FILES)

- -rm -f config.cache config.log stamp-h stamp-h[0-9]*

+ -rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]*

maintainer-clean-generic:

- -rm -f Makefile.in

-mostlyclean-am: mostlyclean-libLTLIBRARIES mostlyclean-compile \

- mostlyclean-libtool mostlyclean-tags \

- mostlyclean-generic

+ @echo "This command is intended for maintainers to use"

+ @echo "it deletes files that may require special tools to rebuild."

+clean: clean-am

-mostlyclean: mostlyclean-am

+clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \

+ mostlyclean-am

+distclean: distclean-am

-clean-am: clean-libLTLIBRARIES clean-compile clean-libtool clean-tags \

- clean-generic mostlyclean-am

+distclean-am: clean-am distclean-compile distclean-generic \

+ distclean-libtool distclean-tags

-clean: clean-am

+dvi: dvi-am

-distclean-am: distclean-libLTLIBRARIES distclean-compile \

- distclean-libtool distclean-tags distclean-generic \

- clean-am

- -rm -f libtool

+dvi-am:

-distclean: distclean-am

+info: info-am

-maintainer-clean-am: maintainer-clean-libLTLIBRARIES \

- maintainer-clean-compile maintainer-clean-libtool \

- maintainer-clean-tags maintainer-clean-generic \

- distclean-am

- @echo "This command is intended for maintainers to use;"

- @echo "it deletes files that may require special tools to rebuild."

+info-am:

+install-data-am: install-data-local install-includeHEADERS

+install-exec-am: install-libLTLIBRARIES

+ @$(NORMAL_INSTALL)

+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook

+install-info: install-info-am

+install-man:

+installcheck-am:

maintainer-clean: maintainer-clean-am

-.PHONY: mostlyclean-libLTLIBRARIES distclean-libLTLIBRARIES \

-clean-libLTLIBRARIES maintainer-clean-libLTLIBRARIES \

-uninstall-libLTLIBRARIES install-libLTLIBRARIES mostlyclean-compile \

-distclean-compile clean-compile maintainer-clean-compile \

-mostlyclean-libtool distclean-libtool clean-libtool \

-maintainer-clean-libtool uninstall-includeHEADERS \

-install-includeHEADERS tags mostlyclean-tags distclean-tags clean-tags \

-maintainer-clean-tags distdir info-am info dvi-am dvi check-local check \

-check-am installcheck-am installcheck install-exec-am install-exec \

-install-data-local install-data-am install-data install-am install \

-uninstall-am uninstall all-local all-redirect all-am all install-strip \

-installdirs mostlyclean-generic distclean-generic clean-generic \

-maintainer-clean-generic clean mostlyclean distclean maintainer-clean

+maintainer-clean-am: distclean-am maintainer-clean-generic

+mostlyclean: mostlyclean-am

+mostlyclean-am: mostlyclean-compile mostlyclean-generic \

+ mostlyclean-libtool

+uninstall-am: uninstall-includeHEADERS uninstall-info-am \

+ uninstall-libLTLIBRARIES

+.PHONY: GTAGS all all-am all-local check check-am check-local clean \

+ clean-generic clean-libLTLIBRARIES clean-libtool distclean \

+ distclean-compile distclean-generic distclean-libtool \

+ distclean-tags distdir dvi dvi-am info info-am install \

+ install-am install-data install-data-am install-data-local \

+ install-exec install-exec-am install-includeHEADERS \

+ install-info install-info-am install-libLTLIBRARIES install-man \

+ install-strip installcheck installcheck-am installdirs \

+ maintainer-clean maintainer-clean-generic mostlyclean \

+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \

+ tags uninstall uninstall-am uninstall-includeHEADERS \

+ uninstall-info-am uninstall-libLTLIBRARIES

install-suid-programs:

@@ -626,7 +628,6 @@ check-local::

echo "$$dashes"; \

test "$$failed" -eq 0; \

# Tell versions [3.59,3.63) of GNU make to not export all variables.

# Otherwise a system limit (for SysV at least) may be exceeded.

.NOEXPORT:

diff --git a/crypto/heimdal/lib/gssapi/accept_sec_context.c b/crypto/heimdal/lib/gssapi/accept_sec_context.c
index 4cb242731913..23eb769ff01a 100644
--- a/crypto/heimdal/lib/gssapi/accept_sec_context.c
+++ b/crypto/heimdal/lib/gssapi/accept_sec_context.c

@@ -33,23 +33,31 @@

#include "gssapi_locl.h"

-RCSID("$Id: accept_sec_context.c,v 1.24 2001/05/11 09:16:45 assar Exp $");

+RCSID("$Id: accept_sec_context.c,v 1.30 2001/08/29 02:21:09 assar Exp $");

-static krb5_keytab gss_keytab;

+krb5_keytab gssapi_krb5_keytab;

OM_uint32

gsskrb5_register_acceptor_identity (char *identity)

{

+ krb5_error_code ret;

char *p;

- if(gss_keytab != NULL) {

- krb5_kt_close(gssapi_krb5_context, gss_keytab);

- gss_keytab = NULL;

+ ret = gssapi_krb5_init();

+ if(ret)

+ return GSS_S_FAILURE;

+ if(gssapi_krb5_keytab != NULL) {

+ krb5_kt_close(gssapi_krb5_context, gssapi_krb5_keytab);

+ gssapi_krb5_keytab = NULL;

}

asprintf(&p, "FILE:%s", identity);

if(p == NULL)

return GSS_S_FAILURE;

- krb5_kt_resolve(gssapi_krb5_context, p, &gss_keytab);

+ ret = krb5_kt_resolve(gssapi_krb5_context, p, &gssapi_krb5_keytab);

free(p);

+ if(ret)

+ return GSS_S_FAILURE;

return GSS_S_COMPLETE;

}

@@ -78,6 +86,7 @@ gss_accept_sec_context

krb5_data fwd_data;

OM_uint32 minor;

+ ret = 0;

gssapi_krb5_init ();

krb5_data_zero (&fwd_data);

@@ -136,9 +145,9 @@ gss_accept_sec_context

(*context_handle)->auth_context->local_port,

&acceptor_addr);

if (kret) {

- *minor_status = kret;

gssapi_krb5_set_error_string ();

ret = GSS_S_BAD_BINDINGS;

+ *minor_status = kret;

goto failure;

}

@@ -148,9 +157,9 @@ gss_accept_sec_context

&initiator_addr);

if (kret) {

krb5_free_address (gssapi_krb5_context, &acceptor_addr);

- *minor_status = kret;

gssapi_krb5_set_error_string ();

ret = GSS_S_BAD_BINDINGS;

+ *minor_status = kret;

goto failure;

}

@@ -169,9 +178,9 @@ gss_accept_sec_context

#endif

if (kret) {

- *minor_status = kret;

gssapi_krb5_set_error_string ();

ret = GSS_S_BAD_BINDINGS;

+ *minor_status = kret;

goto failure;

}

@@ -190,17 +199,16 @@ gss_accept_sec_context

tmp);

}

- ret = gssapi_krb5_decapsulate (input_token_buffer,

+ ret = gssapi_krb5_decapsulate (minor_status,

+ input_token_buffer,

&indata,

"\x01\x00");

- if (ret) {

- kret = 0;

- goto failure;

- }

+ if (ret)

+ goto failure;

if (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) {

- if (gss_keytab != NULL) {

- keytab = gss_keytab;

+ if (gssapi_krb5_keytab != NULL) {

+ keytab = gssapi_krb5_keytab;

}

} else if (acceptor_cred_handle->keytab != NULL) {

keytab = acceptor_cred_handle->keytab;

@@ -256,7 +264,7 @@ gss_accept_sec_context

{

krb5_authenticator authenticator;

- kret = krb5_auth_getauthenticator(gssapi_krb5_context,

+ kret = krb5_auth_con_getauthenticator(gssapi_krb5_context,

(*context_handle)->auth_context,

&authenticator);

if(kret) {

@@ -266,35 +274,59 @@ gss_accept_sec_context

goto failure;

}

- kret = gssapi_krb5_verify_8003_checksum(input_chan_bindings,

- authenticator->cksum,

- &flags,

- &fwd_data);

+ ret = gssapi_krb5_verify_8003_checksum(minor_status,

+ input_chan_bindings,

+ authenticator->cksum,

+ &flags,

+ &fwd_data);

krb5_free_authenticator(gssapi_krb5_context, &authenticator);

- if (kret) {

- ret = GSS_S_FAILURE;

- *minor_status = kret;

- gssapi_krb5_set_error_string ();

- goto failure;

- }

+ if (ret)

+ goto failure;

}

if (fwd_data.length > 0 && (flags & GSS_C_DELEG_FLAG)) {

krb5_ccache ccache;

- if (delegated_cred_handle == NULL || *delegated_cred_handle == NULL)

+ if (delegated_cred_handle == NULL)

/* XXX Create a new delegated_cred_handle? */

kret = krb5_cc_default (gssapi_krb5_context, &ccache);

- else {

- if ((*delegated_cred_handle)->ccache == NULL)

+ else if (*delegated_cred_handle == NULL) {

+ if ((*delegated_cred_handle =

+ calloc(1, sizeof(**delegated_cred_handle))) == NULL) {

+ ret = GSS_S_FAILURE;

+ *minor_status = ENOMEM;

+ krb5_set_error_string(gssapi_krb5_context, "out of memory");

+ gssapi_krb5_set_error_string();

+ goto failure;

+ }

+ if ((ret = gss_duplicate_name(minor_status, ticket->client,

+ &(*delegated_cred_handle)->principal)) != 0) {

+ flags &= ~GSS_C_DELEG_FLAG;

+ free(*delegated_cred_handle);

+ *delegated_cred_handle = NULL;

+ goto end_fwd;

+ }

+ if (delegated_cred_handle != NULL &&

+ (*delegated_cred_handle)->ccache == NULL) {

kret = krb5_cc_gen_new (gssapi_krb5_context,

&krb5_mcc_ops,

&(*delegated_cred_handle)->ccache);

ccache = (*delegated_cred_handle)->ccache;

}

+ if (delegated_cred_handle != NULL &&

+ (*delegated_cred_handle)->mechanisms == NULL) {

+ ret = gss_create_empty_oid_set(minor_status,

+ &(*delegated_cred_handle)->mechanisms);

+ if (ret)

+ goto failure;

+ ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM,

+ &(*delegated_cred_handle)->mechanisms);

+ if (ret)

+ goto failure;

+ }

if (kret) {

flags &= ~GSS_C_DELEG_FLAG;

goto end_fwd;

@@ -347,14 +379,13 @@ end_fwd:

gssapi_krb5_set_error_string ();

goto failure;

}

- ret = gssapi_krb5_encapsulate (&outbuf,

+ ret = gssapi_krb5_encapsulate (minor_status,

+ &outbuf,

output_token,

"\x02\x00");

krb5_data_free (&outbuf);

- if (ret) {

- kret = 0;

+ if (ret)

goto failure;

- }

} else {

output_token->length = 0;

}

@@ -387,6 +418,5 @@ failure:

*src_name = NULL;

}

*context_handle = GSS_C_NO_CONTEXT;

- *minor_status = kret;

- return GSS_S_FAILURE;

+ return ret;

}

diff --git a/crypto/heimdal/lib/gssapi/acquire_cred.c b/crypto/heimdal/lib/gssapi/acquire_cred.c
index acc60a2fcf2a..0e6873ff2c11 100644
--- a/crypto/heimdal/lib/gssapi/acquire_cred.c
+++ b/crypto/heimdal/lib/gssapi/acquire_cred.c

@@ -33,7 +33,7 @@

#include "gssapi_locl.h"

-RCSID("$Id: acquire_cred.c,v 1.6 2001/05/11 09:16:45 assar Exp $");

+RCSID("$Id: acquire_cred.c,v 1.7 2001/07/06 15:33:28 assar Exp $");

OM_uint32 gss_acquire_cred

(OM_uint32 * minor_status,

@@ -85,9 +85,23 @@ OM_uint32 gss_acquire_cred

krb5_get_init_creds_opt opt;

try_keytab:

- kret = krb5_kt_default(gssapi_krb5_context, &handle->keytab);

- if (kret != 0)

- goto krb5_bad;

+ if (gssapi_krb5_keytab != NULL) {

+ char kt_name[256];

+ kret = krb5_kt_get_name(gssapi_krb5_context,

+ gssapi_krb5_keytab,

+ kt_name, sizeof(kt_name));

+ if (kret)

+ goto krb5_bad;

+ kret = krb5_kt_resolve(gssapi_krb5_context, kt_name,

+ &handle->keytab);

+ if (kret)

+ goto krb5_bad;

+ } else {

+ kret = krb5_kt_default(gssapi_krb5_context, &handle->keytab);

+ if (kret != 0)

+ goto krb5_bad;

+ }

krb5_get_init_creds_opt_init(&opt);

memset(&cred, 0, sizeof(cred));

diff --git a/crypto/heimdal/lib/gssapi/decapsulate.c b/crypto/heimdal/lib/gssapi/decapsulate.c
index b0a0f1ea513b..29c1f5bbf8ae 100644
--- a/crypto/heimdal/lib/gssapi/decapsulate.c
+++ b/crypto/heimdal/lib/gssapi/decapsulate.c

@@ -1,5 +1,5 @@

* (Royal Institute of Technology, Stockholm, Sweden).

@@ -33,7 +33,7 @@

#include "gssapi_locl.h"

-RCSID("$Id: decapsulate.c,v 1.6 2000/07/29 05:48:13 assar Exp $");

+RCSID("$Id: decapsulate.c,v 1.7 2001/08/23 04:35:54 assar Exp $");

OM_uint32

gssapi_krb5_verify_header(u_char **str,

@@ -80,6 +80,7 @@ gssapi_krb5_verify_header(u_char **str,

OM_uint32

gssapi_krb5_decapsulate(

+ OM_uint32 *minor_status,

gss_buffer_t input_token_buffer,

krb5_data *out_data,

char *type

@@ -92,8 +93,10 @@ gssapi_krb5_decapsulate(

ret = gssapi_krb5_verify_header(&p,

input_token_buffer->length,

type);

- if (ret)

+ if (ret) {

+ *minor_status = 0;

return ret;

+ }

out_data->length = input_token_buffer->length -

(p - (u_char *)input_token_buffer->value);

diff --git a/crypto/heimdal/lib/gssapi/display_status.c b/crypto/heimdal/lib/gssapi/display_status.c
index 1fa05312d2f4..fc1451dd6691 100644
--- a/crypto/heimdal/lib/gssapi/display_status.c
+++ b/crypto/heimdal/lib/gssapi/display_status.c

@@ -33,7 +33,7 @@

#include "gssapi_locl.h"

-RCSID("$Id: display_status.c,v 1.6 2001/05/11 09:16:46 assar Exp $");

+RCSID("$Id: display_status.c,v 1.7 2001/08/23 04:34:41 assar Exp $");

static char *krb5_error_string;

@@ -129,21 +129,25 @@ OM_uint32 gss_display_status

asprintf (&buf, "%s %s",

calling_error(GSS_CALLING_ERROR(status_value)),

routine_error(GSS_ROUTINE_ERROR(status_value)));

- if (buf == NULL) {

- *minor_status = ENOMEM;

- return GSS_S_FAILURE;

- }

} else if (status_type == GSS_C_MECH_CODE) {

buf = gssapi_krb5_get_error_string ();

- if (buf == NULL)

- buf = strdup(krb5_get_err_text (gssapi_krb5_context, status_value));

if (buf == NULL) {

- *minor_status = ENOMEM;

- return GSS_S_FAILURE;

+ const char *tmp = krb5_get_err_text (gssapi_krb5_context,

+ status_value);

+ if (tmp == NULL)

+ asprintf(&buf, "unknown mech error-code %u",

+ (unsigned)status_value);

+ else

+ buf = strdup(tmp);

}

} else

return GSS_S_BAD_STATUS;

+ if (buf == NULL) {

+ *minor_status = ENOMEM;

+ return GSS_S_FAILURE;

+ }

*message_context = 0;

status_string->length = strlen(buf);

diff --git a/crypto/heimdal/lib/gssapi/encapsulate.c b/crypto/heimdal/lib/gssapi/encapsulate.c
index 2732b23e090f..e7c67504e4e2 100644
--- a/crypto/heimdal/lib/gssapi/encapsulate.c
+++ b/crypto/heimdal/lib/gssapi/encapsulate.c

@@ -1,5 +1,5 @@

* (Royal Institute of Technology, Stockholm, Sweden).

@@ -33,7 +33,7 @@

#include "gssapi_locl.h"

-RCSID("$Id: encapsulate.c,v 1.5 2000/08/27 02:46:23 assar Exp $");

+RCSID("$Id: encapsulate.c,v 1.6 2001/08/23 04:35:54 assar Exp $");

void

gssapi_krb5_encap_length (size_t data_len,

@@ -78,6 +78,7 @@ gssapi_krb5_make_header (u_char *p,

OM_uint32

gssapi_krb5_encapsulate(

+ OM_uint32 *minor_status,

const krb5_data *in_data,

gss_buffer_t output_token,

u_char *type

@@ -90,8 +91,10 @@ gssapi_krb5_encapsulate(

output_token->length = outer_len;

output_token->value = malloc (outer_len);

- if (output_token->value == NULL)

+ if (output_token->value == NULL) {

+ *minor_status = ENOMEM;

return GSS_S_FAILURE;

+ }

p = gssapi_krb5_make_header (output_token->value, len, type);

memcpy (p, in_data->data, in_data->length);

diff --git a/crypto/heimdal/lib/gssapi/get_mic.c b/crypto/heimdal/lib/gssapi/get_mic.c
index 751f56c39166..720a2ff9cdcd 100644
--- a/crypto/heimdal/lib/gssapi/get_mic.c
+++ b/crypto/heimdal/lib/gssapi/get_mic.c

@@ -33,7 +33,7 @@

#include "gssapi_locl.h"

-RCSID("$Id: get_mic.c,v 1.17 2001/05/11 09:16:46 assar Exp $");

+RCSID("$Id: get_mic.c,v 1.19 2001/10/31 13:37:39 nectar Exp $");

static OM_uint32

mic_des

@@ -91,7 +91,7 @@ mic_des

memcpy (p - 8, hash, 8); /* SGN_CKSUM */

/* sequence number */

- krb5_auth_getlocalseqnumber (gssapi_krb5_context,

+ krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,

context_handle->auth_context,

&seq_number);

@@ -108,7 +108,7 @@ mic_des

des_cbc_encrypt ((void *)p, (void *)p, 8,

schedule, (des_cblock *)(p + 8), DES_ENCRYPT);

- krb5_auth_setlocalseqnumber (gssapi_krb5_context,

+ krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,

context_handle->auth_context,

++seq_number);

@@ -198,7 +198,7 @@ mic_des3

memcpy (p + 8, cksum.checksum.data, cksum.checksum.length);

/* sequence number */

- krb5_auth_getlocalseqnumber (gssapi_krb5_context,

+ krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,

context_handle->auth_context,

&seq_number);

@@ -236,11 +236,7 @@ mic_des3

memcpy (p, encdata.data, encdata.length);

krb5_data_free (&encdata);

- p += 8 + cksum.checksum.length;

- memcpy (p, message_buffer->value, message_buffer->length);

- krb5_auth_setlocalseqnumber (gssapi_krb5_context,

+ krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,

context_handle->auth_context,

++seq_number);

@@ -260,7 +256,7 @@ OM_uint32 gss_get_mic

OM_uint32 ret;

krb5_keytype keytype;

- ret = gss_krb5_getsomekey(context_handle, &key);

+ ret = gss_krb5_get_localkey(context_handle, &key);

if (ret) {

gssapi_krb5_set_error_string ();

*minor_status = ret;

diff --git a/crypto/heimdal/lib/gssapi/gssapi_locl.h b/crypto/heimdal/lib/gssapi/gssapi_locl.h
index e7450d4254cb..65bd2732f098 100644
--- a/crypto/heimdal/lib/gssapi/gssapi_locl.h
+++ b/crypto/heimdal/lib/gssapi/gssapi_locl.h

@@ -31,7 +31,7 @@

* SUCH DAMAGE.

-/* $Id: gssapi_locl.h,v 1.16 2001/05/11 09:16:46 assar Exp $ */

+/* $Id: gssapi_locl.h,v 1.21 2001/08/29 02:21:09 assar Exp $ */

#ifndef GSSAPI_LOCL_H

#define GSSAPI_LOCL_H

@@ -46,30 +46,36 @@

extern krb5_context gssapi_krb5_context;

-void gssapi_krb5_init (void);

+extern krb5_keytab gssapi_krb5_keytab;

-krb5_error_code

+krb5_error_code gssapi_krb5_init (void);

+OM_uint32

gssapi_krb5_create_8003_checksum (

+ OM_uint32 *minor_status,

const gss_channel_bindings_t input_chan_bindings,

OM_uint32 flags,

- krb5_data *fwd_data,

+ const krb5_data *fwd_data,

Checksum *result);

-krb5_error_code

+OM_uint32

gssapi_krb5_verify_8003_checksum (

+ OM_uint32 *minor_status,

const gss_channel_bindings_t input_chan_bindings,

- Checksum *cksum,

+ const Checksum *cksum,

OM_uint32 *flags,

krb5_data *fwd_data);

OM_uint32

gssapi_krb5_encapsulate(

+ OM_uint32 *minor_status,

const krb5_data *in_data,

gss_buffer_t output_token,

u_char *type);

OM_uint32

gssapi_krb5_decapsulate(

+ OM_uint32 *minor_status,

gss_buffer_t input_token_buffer,

krb5_data *out_data,

char *type);

@@ -90,8 +96,12 @@ gssapi_krb5_verify_header(u_char **str,

char *type);

OM_uint32

-gss_krb5_getsomekey(const gss_ctx_id_t context_handle,

- krb5_keyblock **key);

+gss_krb5_get_remotekey(const gss_ctx_id_t context_handle,

+ krb5_keyblock **key);

+OM_uint32

+gss_krb5_get_localkey(const gss_ctx_id_t context_handle,

+ krb5_keyblock **key);

krb5_error_code

gss_address_to_krb5addr(OM_uint32 gss_addr_type,

diff --git a/crypto/heimdal/lib/gssapi/init.c b/crypto/heimdal/lib/gssapi/init.c
index 6b19c46e3c32..ddc0d7090a92 100644
--- a/crypto/heimdal/lib/gssapi/init.c
+++ b/crypto/heimdal/lib/gssapi/init.c

@@ -33,15 +33,12 @@

#include "gssapi_locl.h"

-RCSID("$Id: init.c,v 1.5 2000/12/31 07:58:37 assar Exp $");

+RCSID("$Id: init.c,v 1.6 2001/08/13 13:14:07 joda Exp $");

-void

+krb5_error_code

gssapi_krb5_init (void)

{

- krb5_error_code ret;

- if(gssapi_krb5_context == NULL) {

- ret = krb5_init_context (&gssapi_krb5_context);

- /* and what do we do when that failed? */

- }

+ if(gssapi_krb5_context == NULL)

+ return krb5_init_context (&gssapi_krb5_context);

+ return 0;

}

diff --git a/crypto/heimdal/lib/gssapi/init_sec_context.c b/crypto/heimdal/lib/gssapi/init_sec_context.c
index 392814399bb1..1be73e162d4a 100644
--- a/crypto/heimdal/lib/gssapi/init_sec_context.c
+++ b/crypto/heimdal/lib/gssapi/init_sec_context.c

@@ -33,7 +33,7 @@

#include "gssapi_locl.h"

-RCSID("$Id: init_sec_context.c,v 1.27 2001/05/11 09:16:46 assar Exp $");

+RCSID("$Id: init_sec_context.c,v 1.29 2001/08/29 02:21:09 assar Exp $");

* copy the addresses from `input_chan_bindings' (if any) to

@@ -344,17 +344,14 @@ init_auth

(*context_handle)->flags = flags;

(*context_handle)->more_flags = LOCAL;

- kret = gssapi_krb5_create_8003_checksum (input_chan_bindings,

- flags,

- &fwd_data,

- &cksum);

+ ret = gssapi_krb5_create_8003_checksum (minor_status,

+ input_chan_bindings,

+ flags,

+ &fwd_data,

+ &cksum);

krb5_data_free (&fwd_data);

- if (kret) {

- gssapi_krb5_set_error_string ();

- *minor_status = kret;

- ret = GSS_S_FAILURE;

+ if (ret)

goto failure;

- }

#if 1

enctype = (*context_handle)->auth_context->keyblock->keytype;

@@ -400,11 +397,10 @@ init_auth

goto failure;

}

- ret = gssapi_krb5_encapsulate (&outbuf, output_token, "\x01\x00");

- if (ret) {

- *minor_status = kret;

+ ret = gssapi_krb5_encapsulate (minor_status, &outbuf, output_token,

+ "\x01\x00");

+ if (ret)

goto failure;

- }

krb5_data_free (&outbuf);

@@ -452,12 +448,11 @@ repl_mutual

krb5_data indata;

krb5_ap_rep_enc_part *repl;

- ret = gssapi_krb5_decapsulate (input_token, &indata, "\x02\x00");

- if (ret) {

+ ret = gssapi_krb5_decapsulate (minor_status, input_token, &indata,

+ "\x02\x00");

+ if (ret)

/* XXX - Handle AP_ERROR */

- *minor_status = 0;

- return GSS_S_FAILURE;

- }

+ return ret;

kret = krb5_rd_rep (gssapi_krb5_context,

(*context_handle)->auth_context,

diff --git a/crypto/heimdal/lib/gssapi/unwrap.c b/crypto/heimdal/lib/gssapi/unwrap.c
index 95f8e2154bc3..61de3462386d 100644
--- a/crypto/heimdal/lib/gssapi/unwrap.c
+++ b/crypto/heimdal/lib/gssapi/unwrap.c

@@ -33,21 +33,21 @@

#include "gssapi_locl.h"

-RCSID("$Id: unwrap.c,v 1.17 2001/05/11 09:16:47 assar Exp $");

+RCSID("$Id: unwrap.c,v 1.19 2001/08/23 04:35:55 assar Exp $");

OM_uint32

-gss_krb5_getsomekey(const gss_ctx_id_t context_handle,

- krb5_keyblock **key)

+gss_krb5_get_remotekey(const gss_ctx_id_t context_handle,

+ krb5_keyblock **key)

{

- /* XXX this is ugly, and probably incorrect... */

krb5_keyblock *skey;

- krb5_auth_con_getlocalsubkey(gssapi_krb5_context,

- context_handle->auth_context,

- &skey);

+ krb5_auth_con_getremotesubkey(gssapi_krb5_context,

+ context_handle->auth_context,

+ &skey);

if(skey == NULL)

- krb5_auth_con_getremotesubkey(gssapi_krb5_context,

- context_handle->auth_context,

- &skey);

+ krb5_auth_con_getlocalsubkey(gssapi_krb5_context,

+ context_handle->auth_context,

+ &skey);

if(skey == NULL)

krb5_auth_con_getkey(gssapi_krb5_context,

context_handle->auth_context,

@@ -176,7 +176,7 @@ unwrap_des

return GSS_S_BAD_MIC;

}

- krb5_auth_setremoteseqnumber (gssapi_krb5_context,

+ krb5_auth_con_setremoteseqnumber (gssapi_krb5_context,

context_handle->auth_context,

++seq_number);

@@ -222,8 +222,10 @@ unwrap_des3

ret = gssapi_krb5_verify_header (&p,

input_message_buffer->length,

"\x02\x01");

- if (ret)

+ if (ret) {

+ *minor_status = 0;

return ret;

+ }

if (memcmp (p, "\x04\x00", 2) != 0) /* HMAC SHA1 DES3_KD */

return GSS_S_BAD_SIG;

@@ -327,7 +329,7 @@ unwrap_des3

return GSS_S_BAD_MIC;

}

- krb5_auth_setremoteseqnumber (gssapi_krb5_context,

+ krb5_auth_con_setremoteseqnumber (gssapi_krb5_context,

context_handle->auth_context,

++seq_number);

@@ -386,7 +388,7 @@ OM_uint32 gss_unwrap

OM_uint32 ret;

krb5_keytype keytype;

- ret = gss_krb5_getsomekey(context_handle, &key);

+ ret = gss_krb5_get_remotekey(context_handle, &key);

if (ret) {

gssapi_krb5_set_error_string ();

*minor_status = ret;

diff --git a/crypto/heimdal/lib/gssapi/verify_mic.c b/crypto/heimdal/lib/gssapi/verify_mic.c
index b39ae73a9778..e286d4a06819 100644
--- a/crypto/heimdal/lib/gssapi/verify_mic.c
+++ b/crypto/heimdal/lib/gssapi/verify_mic.c

@@ -33,7 +33,7 @@

#include "gssapi_locl.h"

-RCSID("$Id: verify_mic.c,v 1.13 2001/05/11 09:16:47 assar Exp $");

+RCSID("$Id: verify_mic.c,v 1.15 2001/08/23 04:35:55 assar Exp $");

static OM_uint32

verify_mic_des

@@ -58,8 +58,10 @@ verify_mic_des

ret = gssapi_krb5_verify_header (&p,

token_buffer->length,

"\x01\x01");

- if (ret)

+ if (ret) {

+ *minor_status = 0;

return ret;

+ }

if (memcmp(p, "\x00\x00", 2) != 0)

return GSS_S_BAD_SIG;

@@ -113,7 +115,7 @@ verify_mic_des

return GSS_S_BAD_MIC;

}

- krb5_auth_setremoteseqnumber (gssapi_krb5_context,

+ krb5_auth_con_setremoteseqnumber (gssapi_krb5_context,

context_handle->auth_context,

++seq_number);

@@ -144,8 +146,10 @@ verify_mic_des3

ret = gssapi_krb5_verify_header (&p,

token_buffer->length,

"\x01\x01");

- if (ret)

+ if (ret) {

+ *minor_status = 0;

return ret;

+ }

if (memcmp(p, "\x04\x00", 2) != 0) /* SGN_ALG = HMAC SHA1 DES3-KD */

return GSS_S_BAD_SIG;

@@ -226,7 +230,7 @@ verify_mic_des3

return GSS_S_BAD_MIC;

}

- krb5_auth_setremoteseqnumber (gssapi_krb5_context,

+ krb5_auth_con_setremoteseqnumber (gssapi_krb5_context,

context_handle->auth_context,

++seq_number);

@@ -247,9 +251,7 @@ gss_verify_mic

OM_uint32 ret;

krb5_keytype keytype;

- ret = krb5_auth_con_getremotesubkey (gssapi_krb5_context,

- context_handle->auth_context,

- &key);

+ ret = gss_krb5_get_remotekey(context_handle, &key);

if (ret) {

gssapi_krb5_set_error_string ();

*minor_status = ret;

diff --git a/crypto/heimdal/lib/gssapi/wrap.c b/crypto/heimdal/lib/gssapi/wrap.c
index 3d282fd64c11..4e232c5caeca 100644
--- a/crypto/heimdal/lib/gssapi/wrap.c
+++ b/crypto/heimdal/lib/gssapi/wrap.c

@@ -33,7 +33,30 @@

#include "gssapi_locl.h"

-RCSID("$Id: wrap.c,v 1.18 2001/05/11 09:16:47 assar Exp $");

+RCSID("$Id: wrap.c,v 1.19 2001/06/18 02:53:52 assar Exp $");

+OM_uint32

+gss_krb5_get_localkey(const gss_ctx_id_t context_handle,

+ krb5_keyblock **key)

+ krb5_keyblock *skey;

+ krb5_auth_con_getlocalsubkey(gssapi_krb5_context,

+ context_handle->auth_context,

+ &skey);

+ if(skey == NULL)

+ krb5_auth_con_getremotesubkey(gssapi_krb5_context,

+ context_handle->auth_context,

+ &skey);

+ if(skey == NULL)

+ krb5_auth_con_getkey(gssapi_krb5_context,

+ context_handle->auth_context,

+ &skey);

+ if(skey == NULL)

+ return GSS_S_FAILURE;

+ *key = skey;

+ return 0;

static OM_uint32

sub_wrap_size (

@@ -65,7 +88,7 @@ gss_wrap_size_limit (

OM_uint32 ret;

krb5_keytype keytype;

- ret = gss_krb5_getsomekey(context_handle, &key);

+ ret = gss_krb5_get_localkey(context_handle, &key);

if (ret) {

gssapi_krb5_set_error_string ();

*minor_status = ret;

@@ -162,7 +185,7 @@ wrap_des

memcpy (p - 8, hash, 8);

/* sequence number */

- krb5_auth_getlocalseqnumber (gssapi_krb5_context,

+ krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,

context_handle->auth_context,

&seq_number);

@@ -179,7 +202,7 @@ wrap_des

des_cbc_encrypt ((void *)p, (void *)p, 8,

schedule, (des_cblock *)(p + 8), DES_ENCRYPT);

- krb5_auth_setlocalseqnumber (gssapi_krb5_context,

+ krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,

context_handle->auth_context,

++seq_number);

@@ -294,7 +317,7 @@ wrap_des3

free_Checksum (&cksum);

/* sequence number */

- krb5_auth_getlocalseqnumber (gssapi_krb5_context,

+ krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,

context_handle->auth_context,

&seq_number);

@@ -338,7 +361,7 @@ wrap_des3

memcpy (p, encdata.data, encdata.length);

krb5_data_free (&encdata);

- krb5_auth_setlocalseqnumber (gssapi_krb5_context,

+ krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,

context_handle->auth_context,

++seq_number);

@@ -389,7 +412,7 @@ OM_uint32 gss_wrap

OM_uint32 ret;

krb5_keytype keytype;

- ret = gss_krb5_getsomekey(context_handle, &key);

+ ret = gss_krb5_get_localkey(context_handle, &key);

if (ret) {

gssapi_krb5_set_error_string ();

*minor_status = ret;