diff options
| author | Jacques Vidrine <nectar@FreeBSD.org> | 2002-02-19 15:46:56 +0000 |
|---|---|---|
| committer | Jacques Vidrine <nectar@FreeBSD.org> | 2002-02-19 15:46:56 +0000 |
| commit | 4137ff4cc173ea2e05227027e1c9e0ea42bcc0dc (patch) | |
| tree | 85ecf91fd00875cec4b93111d3a8ed9eec9cddfe /crypto/heimdal/lib/krb5 | |
| parent | 5a83b025a988368a32c549e5bd9fd3e0478c0198 (diff) | |
Import of Heimdal Kerberos from KTH repository circa 2002/02/17.
Notes
Notes:
svn path=/vendor-crypto/heimdal/dist/; revision=90926
Diffstat (limited to 'crypto/heimdal/lib/krb5')
63 files changed, 3678 insertions, 1199 deletions
diff --git a/crypto/heimdal/lib/krb5/Makefile.am b/crypto/heimdal/lib/krb5/Makefile.am index bc3dd6e7af36..8dff3d11c087 100644 --- a/crypto/heimdal/lib/krb5/Makefile.am +++ b/crypto/heimdal/lib/krb5/Makefile.am @@ -1,13 +1,15 @@ -# $Id: Makefile.am,v 1.125 2001/05/16 23:51:50 assar Exp $ +# $Id: Makefile.am,v 1.141 2001/11/20 22:19:10 assar Exp $ include $(top_srcdir)/Makefile.am.common +INCLUDES += $(INCLUDE_krb4) $(INCLUDE_des) -I../com_err -I$(srcdir)/../com_err + bin_PROGRAMS = verify_krb5_conf -noinst_PROGRAMS = dump_config test_get_addrs +noinst_PROGRAMS = dump_config test_get_addrs krbhst-test check_PROGRAMS = n-fold-test string-to-key-test derived-key-test store-test -TESTS = n-fold-test string-to-key-test derived-key-test store-test +TESTS = n-fold-test string-to-key-test derived-key-test store-test LDADD = libkrb5.la \ $(LIB_des) \ @@ -22,13 +24,12 @@ libkrb5_la_LIBADD = \ lib_LTLIBRARIES = libkrb5.la -ERR_FILES = krb5_err.c heim_err.c +ERR_FILES = krb5_err.c heim_err.c k524_err.c libkrb5_la_SOURCES = \ acl.c \ add_et_list.c \ addr_families.c \ - address.c \ aname_to_localname.c \ appdefault.c \ asn1_glue.c \ @@ -121,7 +122,7 @@ libkrb5_la_SOURCES = \ write_message.c \ $(ERR_FILES) -libkrb5_la_LDFLAGS = -version-info 16:0:0 +libkrb5_la_LDFLAGS = -version-info 18:2:1 $(libkrb5_la_OBJECTS): $(srcdir)/krb5-protos.h $(srcdir)/krb5-private.h @@ -135,31 +136,44 @@ $(srcdir)/krb5-private.h: man_MANS = \ kerberos.8 \ + krb5.3 \ krb5.conf.5 \ krb5_425_conv_principal.3 \ krb5_appdefault.3 \ + krb5_auth_context.3 \ krb5_build_principal.3 \ krb5_config.3 \ + krb5_context.3 \ + krb5_create_checksum.3 \ + krb5_crypto_init.3 \ + krb5_encrypt.3 \ + krb5_free_addresses.3 \ krb5_free_principal.3 \ + krb5_get_all_client_addrs.3 \ + krb5_get_krbhst.3 \ + krb5_init_context.3 \ + krb5_keytab.3 \ + krb5_krbhst_init.3 \ krb5_openlog.3 \ krb5_parse_name.3 \ + krb5_principal_get_realm.3 \ krb5_sname_to_principal.3 \ + krb5_timeofday.3 \ krb5_unparse_name.3 \ + krb5_verify_user.3 \ krb5_warn.3 \ - verify_krb5_conf.8 \ - krb5_auth_context.3 \ - krb5_context.3 \ - krb5_init_context.3 \ - krb5_keytab.3 + verify_krb5_conf.8 -include_HEADERS = krb5.h krb5-protos.h krb5-private.h krb5_err.h heim_err.h +include_HEADERS = krb5.h krb5-protos.h krb5-private.h krb5_err.h heim_err.h k524_err.h -CLEANFILES = krb5_err.c krb5_err.h heim_err.c heim_err.h +CLEANFILES = krb5_err.c krb5_err.h heim_err.c heim_err.h k524_err.c k524_err.h -$(libkrb5_la_OBJECTS): krb5_err.h heim_err.h +$(libkrb5_la_OBJECTS): krb5_err.h heim_err.h k524_err.h # to help stupid solaris make krb5_err.h: krb5_err.et heim_err.h: heim_err.et + +k524_err.h: k524_err.et diff --git a/crypto/heimdal/lib/krb5/Makefile.in b/crypto/heimdal/lib/krb5/Makefile.in index 52925bb671d4..6c89b8bcbd8c 100644 --- a/crypto/heimdal/lib/krb5/Makefile.in +++ b/crypto/heimdal/lib/krb5/Makefile.in @@ -1,6 +1,6 @@ -# Makefile.in generated automatically by automake 1.4b from Makefile.am +# Makefile.in generated automatically by automake 1.5 from Makefile.am. -# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000 +# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 # Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -11,6 +11,16 @@ # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. +@SET_MAKE@ + +# $Id: Makefile.am,v 1.141 2001/11/20 22:19:10 assar Exp $ + + +# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $ + + +# $Id: Makefile.am.common,v 1.31 2001/09/01 11:12:18 assar Exp $ + SHELL = @SHELL@ srcdir = @srcdir@ @@ -31,11 +41,9 @@ infodir = @infodir@ mandir = @mandir@ includedir = @includedir@ oldincludedir = /usr/include - pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ - top_builddir = ../.. ACLOCAL = @ACLOCAL@ @@ -47,21 +55,17 @@ INSTALL = @INSTALL@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ -INSTALL_STRIP_FLAG = +INSTALL_HEADER = $(INSTALL_DATA) transform = @program_transform_name@ - NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : - -@SET_MAKE@ host_alias = @host_alias@ host_triplet = @host@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ -AMDEP = @AMDEP@ AMTAR = @AMTAR@ AS = @AS@ AWK = @AWK@ @@ -69,11 +73,11 @@ CANONICAL_HOST = @CANONICAL_HOST@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ DBLIB = @DBLIB@ DEPDIR = @DEPDIR@ +DIR_com_err = @DIR_com_err@ DIR_des = @DIR_des@ DIR_roken = @DIR_roken@ DLLTOOL = @DLLTOOL@ @@ -82,20 +86,27 @@ EXTRA_LIB45 = @EXTRA_LIB45@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_ = @INCLUDE_@ +INCLUDE_des = @INCLUDE_des@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LEX = @LEX@ LIBOBJS = @LIBOBJS@ LIBTOOL = @LIBTOOL@ LIB_ = @LIB_@ LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@ +LIB_NDBM = @LIB_NDBM@ +LIB_com_err = @LIB_com_err@ +LIB_com_err_a = @LIB_com_err_a@ +LIB_com_err_so = @LIB_com_err_so@ LIB_des = @LIB_des@ +LIB_des_a = @LIB_des_a@ LIB_des_appl = @LIB_des_appl@ +LIB_des_so = @LIB_des_so@ LIB_kdb = @LIB_kdb@ LIB_otp = @LIB_otp@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ -MAKEINFO = @MAKEINFO@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -103,38 +114,32 @@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ PACKAGE = @PACKAGE@ RANLIB = @RANLIB@ -STRIP = @STRIP@ VERSION = @VERSION@ VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ +X_CFLAGS = @X_CFLAGS@ +X_EXTRA_LIBS = @X_EXTRA_LIBS@ +X_LIBS = @X_LIBS@ +X_PRE_LIBS = @X_PRE_LIBS@ YACC = @YACC@ +am__include = @am__include@ +am__quote = @am__quote@ dpagaix_CFLAGS = @dpagaix_CFLAGS@ dpagaix_LDADD = @dpagaix_LDADD@ install_sh = @install_sh@ -# $Id: Makefile.am,v 1.125 2001/05/16 23:51:50 assar Exp $ - - -# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $ - - -# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $ - - -AUTOMAKE_OPTIONS = foreign no-dependencies +AUTOMAKE_OPTIONS = foreign no-dependencies 1.4b SUFFIXES = .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x -INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) +INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4) $(INCLUDE_des) -I../com_err -I$(srcdir)/../com_err -AM_CFLAGS = $(WFLAGS) +AM_CFLAGS = $(WFLAGS) CP = cp -COMPILE_ET = $(top_builddir)/lib/com_err/compile_et - buildinclude = $(top_builddir)/include LIB_XauReadAuth = @LIB_XauReadAuth@ @@ -152,8 +157,8 @@ LIB_getsockopt = @LIB_getsockopt@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ LIB_odm_initialize = @LIB_odm_initialize@ +LIB_openpty = @LIB_openpty@ LIB_pidfile = @LIB_pidfile@ -LIB_readline = @LIB_readline@ LIB_res_search = @LIB_res_search@ LIB_setpcred = @LIB_setpcred@ LIB_setsockopt = @LIB_setsockopt@ @@ -175,27 +180,29 @@ INCLUDE_openldap = @INCLUDE_openldap@ LIB_openldap = @LIB_openldap@ INCLUDE_readline = @INCLUDE_readline@ +LIB_readline = @LIB_readline@ LEXLIB = @LEXLIB@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = @KRB4_TRUE@$(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) -@KRB5_TRUE@LIB_krb5 = @KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \ +@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la -@KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la -@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la +@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la + +@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la CHECK_LOCAL = $(PROGRAMS) bin_PROGRAMS = verify_krb5_conf -noinst_PROGRAMS = dump_config test_get_addrs +noinst_PROGRAMS = dump_config test_get_addrs krbhst-test check_PROGRAMS = n-fold-test string-to-key-test derived-key-test store-test -TESTS = n-fold-test string-to-key-test derived-key-test store-test +TESTS = n-fold-test string-to-key-test derived-key-test store-test LDADD = libkrb5.la \ $(LIB_des) \ @@ -212,13 +219,12 @@ libkrb5_la_LIBADD = \ lib_LTLIBRARIES = libkrb5.la -ERR_FILES = krb5_err.c heim_err.c +ERR_FILES = krb5_err.c heim_err.c k524_err.c libkrb5_la_SOURCES = \ acl.c \ add_et_list.c \ addr_families.c \ - address.c \ aname_to_localname.c \ appdefault.c \ asn1_glue.c \ @@ -312,288 +318,275 @@ libkrb5_la_SOURCES = \ $(ERR_FILES) -libkrb5_la_LDFLAGS = -version-info 16:0:0 +libkrb5_la_LDFLAGS = -version-info 18:2:1 -#libkrb5_la_LIBADD = ../com_err/error.lo ../com_err/com_err.lo +#libkrb5_la_LIBADD = ../com_err/error.lo ../com_err/com_err.lo man_MANS = \ kerberos.8 \ + krb5.3 \ krb5.conf.5 \ krb5_425_conv_principal.3 \ krb5_appdefault.3 \ + krb5_auth_context.3 \ krb5_build_principal.3 \ krb5_config.3 \ + krb5_context.3 \ + krb5_create_checksum.3 \ + krb5_crypto_init.3 \ + krb5_encrypt.3 \ + krb5_free_addresses.3 \ krb5_free_principal.3 \ + krb5_get_all_client_addrs.3 \ + krb5_get_krbhst.3 \ + krb5_init_context.3 \ + krb5_keytab.3 \ + krb5_krbhst_init.3 \ krb5_openlog.3 \ krb5_parse_name.3 \ + krb5_principal_get_realm.3 \ krb5_sname_to_principal.3 \ + krb5_timeofday.3 \ krb5_unparse_name.3 \ + krb5_verify_user.3 \ krb5_warn.3 \ - verify_krb5_conf.8 \ - krb5_auth_context.3 \ - krb5_context.3 \ - krb5_init_context.3 \ - krb5_keytab.3 + verify_krb5_conf.8 -include_HEADERS = krb5.h krb5-protos.h krb5-private.h krb5_err.h heim_err.h +include_HEADERS = krb5.h krb5-protos.h krb5-private.h krb5_err.h heim_err.h k524_err.h -CLEANFILES = krb5_err.c krb5_err.h heim_err.c heim_err.h +CLEANFILES = krb5_err.c krb5_err.h heim_err.c heim_err.h k524_err.c k524_err.h subdir = lib/krb5 mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs -CONFIG_HEADER = ../../include/config.h -CONFIG_CLEAN_FILES = -LTLIBRARIES = $(lib_LTLIBRARIES) - - -DEFS = @DEFS@ -I. -I$(srcdir) -I../../include -CPPFLAGS = @CPPFLAGS@ -LDFLAGS = @LDFLAGS@ -X_CFLAGS = @X_CFLAGS@ -X_LIBS = @X_LIBS@ -X_EXTRA_LIBS = @X_EXTRA_LIBS@ -X_PRE_LIBS = @X_PRE_LIBS@ -libkrb5_la_DEPENDENCIES = ../com_err/error.lo ../com_err/com_err.lo \ -$(top_builddir)/lib/asn1/libasn1.la -am_libkrb5_la_OBJECTS = acl.lo add_et_list.lo addr_families.lo \ -address.lo aname_to_localname.lo appdefault.lo asn1_glue.lo \ -auth_context.lo build_ap_req.lo build_auth.lo cache.lo changepw.lo \ -codec.lo config_file.lo config_file_netinfo.lo convert_creds.lo \ -constants.lo context.lo copy_host_realm.lo crc.lo creds.lo crypto.lo \ -data.lo eai_to_heim_errno.lo error_string.lo expand_hostname.lo \ -fcache.lo free.lo free_host_realm.lo generate_seq_number.lo \ -generate_subkey.lo get_addrs.lo get_cred.lo get_default_principal.lo \ -get_default_realm.lo get_for_creds.lo get_host_realm.lo get_in_tkt.lo \ -get_in_tkt_pw.lo get_in_tkt_with_keytab.lo get_in_tkt_with_skey.lo \ -get_port.lo init_creds.lo init_creds_pw.lo keyblock.lo keytab.lo \ -keytab_any.lo keytab_file.lo keytab_memory.lo keytab_keyfile.lo \ -keytab_krb4.lo krbhst.lo kuserok.lo log.lo mcache.lo misc.lo \ -mk_error.lo mk_priv.lo mk_rep.lo mk_req.lo mk_req_ext.lo mk_safe.lo \ -net_read.lo net_write.lo n-fold.lo padata.lo principal.lo prog_setup.lo \ -prompter_posix.lo rd_cred.lo rd_error.lo rd_priv.lo rd_rep.lo rd_req.lo \ -rd_safe.lo read_message.lo recvauth.lo replay.lo send_to_kdc.lo \ -sendauth.lo set_default_realm.lo sock_principal.lo store.lo \ -store_emem.lo store_fd.lo store_mem.lo ticket.lo time.lo transited.lo \ -verify_init.lo verify_user.lo version.lo warn.lo write_message.lo \ -krb5_err.lo heim_err.lo -libkrb5_la_OBJECTS = $(am_libkrb5_la_OBJECTS) -bin_PROGRAMS = verify_krb5_conf$(EXEEXT) -check_PROGRAMS = n-fold-test$(EXEEXT) string-to-key-test$(EXEEXT) \ -derived-key-test$(EXEEXT) store-test$(EXEEXT) -noinst_PROGRAMS = dump_config$(EXEEXT) test_get_addrs$(EXEEXT) -PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS) +CONFIG_HEADER = $(top_builddir)/include/config.h +CONFIG_CLEAN_FILES = +LTLIBRARIES = $(lib_LTLIBRARIES) + +libkrb5_la_DEPENDENCIES = ../com_err/error.lo ../com_err/com_err.lo \ + $(top_builddir)/lib/asn1/libasn1.la +am_libkrb5_la_OBJECTS = acl.lo add_et_list.lo addr_families.lo \ + aname_to_localname.lo appdefault.lo asn1_glue.lo \ + auth_context.lo build_ap_req.lo build_auth.lo cache.lo \ + changepw.lo codec.lo config_file.lo config_file_netinfo.lo \ + convert_creds.lo constants.lo context.lo copy_host_realm.lo \ + crc.lo creds.lo crypto.lo data.lo eai_to_heim_errno.lo \ + error_string.lo expand_hostname.lo fcache.lo free.lo \ + free_host_realm.lo generate_seq_number.lo generate_subkey.lo \ + get_addrs.lo get_cred.lo get_default_principal.lo \ + get_default_realm.lo get_for_creds.lo get_host_realm.lo \ + get_in_tkt.lo get_in_tkt_pw.lo get_in_tkt_with_keytab.lo \ + get_in_tkt_with_skey.lo get_port.lo init_creds.lo \ + init_creds_pw.lo keyblock.lo keytab.lo keytab_any.lo \ + keytab_file.lo keytab_memory.lo keytab_keyfile.lo \ + keytab_krb4.lo krbhst.lo kuserok.lo log.lo mcache.lo misc.lo \ + mk_error.lo mk_priv.lo mk_rep.lo mk_req.lo mk_req_ext.lo \ + mk_safe.lo net_read.lo net_write.lo n-fold.lo padata.lo \ + principal.lo prog_setup.lo prompter_posix.lo rd_cred.lo \ + rd_error.lo rd_priv.lo rd_rep.lo rd_req.lo rd_safe.lo \ + read_message.lo recvauth.lo replay.lo send_to_kdc.lo \ + sendauth.lo set_default_realm.lo sock_principal.lo store.lo \ + store_emem.lo store_fd.lo store_mem.lo ticket.lo time.lo \ + transited.lo verify_init.lo verify_user.lo version.lo warn.lo \ + write_message.lo krb5_err.lo heim_err.lo k524_err.lo +libkrb5_la_OBJECTS = $(am_libkrb5_la_OBJECTS) +bin_PROGRAMS = verify_krb5_conf$(EXEEXT) +check_PROGRAMS = n-fold-test$(EXEEXT) string-to-key-test$(EXEEXT) \ + derived-key-test$(EXEEXT) store-test$(EXEEXT) +noinst_PROGRAMS = dump_config$(EXEEXT) test_get_addrs$(EXEEXT) \ + krbhst-test$(EXEEXT) +PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS) derived_key_test_SOURCES = derived-key-test.c -derived_key_test_OBJECTS = derived-key-test.$(OBJEXT) +derived_key_test_OBJECTS = derived-key-test.$(OBJEXT) derived_key_test_LDADD = $(LDADD) -derived_key_test_DEPENDENCIES = libkrb5.la \ -$(top_builddir)/lib/asn1/libasn1.la -derived_key_test_LDFLAGS = +derived_key_test_DEPENDENCIES = libkrb5.la \ + $(top_builddir)/lib/asn1/libasn1.la +derived_key_test_LDFLAGS = dump_config_SOURCES = dump_config.c -dump_config_OBJECTS = dump_config.$(OBJEXT) +dump_config_OBJECTS = dump_config.$(OBJEXT) dump_config_LDADD = $(LDADD) -dump_config_DEPENDENCIES = libkrb5.la \ -$(top_builddir)/lib/asn1/libasn1.la -dump_config_LDFLAGS = +dump_config_DEPENDENCIES = libkrb5.la \ + $(top_builddir)/lib/asn1/libasn1.la +dump_config_LDFLAGS = +krbhst_test_SOURCES = krbhst-test.c +krbhst_test_OBJECTS = krbhst-test.$(OBJEXT) +krbhst_test_LDADD = $(LDADD) +krbhst_test_DEPENDENCIES = libkrb5.la \ + $(top_builddir)/lib/asn1/libasn1.la +krbhst_test_LDFLAGS = n_fold_test_SOURCES = n-fold-test.c -n_fold_test_OBJECTS = n-fold-test.$(OBJEXT) +n_fold_test_OBJECTS = n-fold-test.$(OBJEXT) n_fold_test_LDADD = $(LDADD) -n_fold_test_DEPENDENCIES = libkrb5.la \ -$(top_builddir)/lib/asn1/libasn1.la -n_fold_test_LDFLAGS = +n_fold_test_DEPENDENCIES = libkrb5.la \ + $(top_builddir)/lib/asn1/libasn1.la +n_fold_test_LDFLAGS = store_test_SOURCES = store-test.c -store_test_OBJECTS = store-test.$(OBJEXT) +store_test_OBJECTS = store-test.$(OBJEXT) store_test_LDADD = $(LDADD) -store_test_DEPENDENCIES = libkrb5.la \ -$(top_builddir)/lib/asn1/libasn1.la -store_test_LDFLAGS = +store_test_DEPENDENCIES = libkrb5.la $(top_builddir)/lib/asn1/libasn1.la +store_test_LDFLAGS = string_to_key_test_SOURCES = string-to-key-test.c -string_to_key_test_OBJECTS = string-to-key-test.$(OBJEXT) +string_to_key_test_OBJECTS = string-to-key-test.$(OBJEXT) string_to_key_test_LDADD = $(LDADD) -string_to_key_test_DEPENDENCIES = libkrb5.la \ -$(top_builddir)/lib/asn1/libasn1.la -string_to_key_test_LDFLAGS = +string_to_key_test_DEPENDENCIES = libkrb5.la \ + $(top_builddir)/lib/asn1/libasn1.la +string_to_key_test_LDFLAGS = test_get_addrs_SOURCES = test_get_addrs.c -test_get_addrs_OBJECTS = test_get_addrs.$(OBJEXT) +test_get_addrs_OBJECTS = test_get_addrs.$(OBJEXT) test_get_addrs_LDADD = $(LDADD) -test_get_addrs_DEPENDENCIES = libkrb5.la \ -$(top_builddir)/lib/asn1/libasn1.la -test_get_addrs_LDFLAGS = +test_get_addrs_DEPENDENCIES = libkrb5.la \ + $(top_builddir)/lib/asn1/libasn1.la +test_get_addrs_LDFLAGS = verify_krb5_conf_SOURCES = verify_krb5_conf.c -verify_krb5_conf_OBJECTS = verify_krb5_conf.$(OBJEXT) +verify_krb5_conf_OBJECTS = verify_krb5_conf.$(OBJEXT) verify_krb5_conf_LDADD = $(LDADD) -verify_krb5_conf_DEPENDENCIES = libkrb5.la \ -$(top_builddir)/lib/asn1/libasn1.la -verify_krb5_conf_LDFLAGS = -COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -CFLAGS = @CFLAGS@ -CCLD = $(CC) -LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ -DIST_SOURCES = $(libkrb5_la_SOURCES) derived-key-test.c dump_config.c \ -n-fold-test.c store-test.c string-to-key-test.c test_get_addrs.c \ -verify_krb5_conf.c -man3dir = $(mandir)/man3 -man5dir = $(mandir)/man5 -man8dir = $(mandir)/man8 -MANS = $(man_MANS) -HEADERS = $(include_HEADERS) +verify_krb5_conf_DEPENDENCIES = libkrb5.la \ + $(top_builddir)/lib/asn1/libasn1.la +verify_krb5_conf_LDFLAGS = -depcomp = -DIST_COMMON = $(include_HEADERS) Makefile.am Makefile.in +DEFS = @DEFS@ +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include +CPPFLAGS = @CPPFLAGS@ +LDFLAGS = @LDFLAGS@ +depcomp = +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \ + $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +CFLAGS = @CFLAGS@ +DIST_SOURCES = $(libkrb5_la_SOURCES) derived-key-test.c dump_config.c \ + krbhst-test.c n-fold-test.c store-test.c string-to-key-test.c \ + test_get_addrs.c verify_krb5_conf.c +NROFF = nroff +MANS = $(man_MANS) +HEADERS = $(include_HEADERS) -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +DIST_COMMON = $(include_HEADERS) Makefile.am Makefile.in +SOURCES = $(libkrb5_la_SOURCES) derived-key-test.c dump_config.c krbhst-test.c n-fold-test.c store-test.c string-to-key-test.c test_get_addrs.c verify_krb5_conf.c -GZIP_ENV = --best -SOURCES = $(libkrb5_la_SOURCES) derived-key-test.c dump_config.c n-fold-test.c store-test.c string-to-key-test.c test_get_addrs.c verify_krb5_conf.c -OBJECTS = $(am_libkrb5_la_OBJECTS) derived-key-test.$(OBJEXT) dump_config.$(OBJEXT) n-fold-test.$(OBJEXT) store-test.$(OBJEXT) string-to-key-test.$(OBJEXT) test_get_addrs.$(OBJEXT) verify_krb5_conf.$(OBJEXT) +all: all-am -all: all-redirect .SUFFIXES: .SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common - cd $(top_srcdir) && $(AUTOMAKE) --foreign lib/krb5/Makefile - -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - cd $(top_builddir) \ - && CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= $(SHELL) ./config.status - - -mostlyclean-libLTLIBRARIES: -clean-libLTLIBRARIES: - -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) - -distclean-libLTLIBRARIES: +mostlyclean-libtool: + -rm -f *.lo -maintainer-clean-libLTLIBRARIES: +clean-libtool: + -rm -rf .libs _libs +distclean-libtool: + -rm -f libtool +$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) + cd $(top_srcdir) && \ + $(AUTOMAKE) --foreign lib/krb5/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + cd $(top_builddir) && \ + CONFIG_HEADERS= CONFIG_LINKS= \ + CONFIG_FILES=$(subdir)/$@ $(SHELL) ./config.status install-libLTLIBRARIES: $(lib_LTLIBRARIES) @$(NORMAL_INSTALL) $(mkinstalldirs) $(DESTDIR)$(libdir) @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ if test -f $$p; then \ - echo " $(LIBTOOL) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$p"; \ - $(LIBTOOL) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$p; \ + echo " $(LIBTOOL) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$p"; \ + $(LIBTOOL) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$p; \ else :; fi; \ done uninstall-libLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ - echo " $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p"; \ - $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p; \ + echo " $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p"; \ + $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p; \ done -mostlyclean-compile: - -rm -f *.o core *.core - -rm -f *.$(OBJEXT) - -clean-compile: - -distclean-compile: - -rm -f *.tab.c - -maintainer-clean-compile: - -mostlyclean-libtool: - -rm -f *.lo - -clean-libtool: - -rm -rf .libs _libs - -distclean-libtool: - -maintainer-clean-libtool: - -libkrb5.la: $(libkrb5_la_OBJECTS) $(libkrb5_la_DEPENDENCIES) +clean-libLTLIBRARIES: + -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) +libkrb5.la: $(libkrb5_la_OBJECTS) $(libkrb5_la_DEPENDENCIES) $(LINK) -rpath $(libdir) $(libkrb5_la_LDFLAGS) $(libkrb5_la_OBJECTS) $(libkrb5_la_LIBADD) $(LIBS) - -mostlyclean-binPROGRAMS: - -clean-binPROGRAMS: - -test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS) - -distclean-binPROGRAMS: - -maintainer-clean-binPROGRAMS: - install-binPROGRAMS: $(bin_PROGRAMS) @$(NORMAL_INSTALL) $(mkinstalldirs) $(DESTDIR)$(bindir) @list='$(bin_PROGRAMS)'; for p in $$list; do \ - if test -f $$p; then \ - f="`echo $$p|sed -e 's/$(EXEEXT)$$//' -e '$(transform)' -e 's/$$/$(EXEEXT)/'`"; \ - echo " $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(bindir)/$$f"; \ - $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(bindir)/$$f; \ + p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \ + if test -f $$p \ + || test -f $$p1 \ + ; then \ + f=`echo $$p1|sed '$(transform);s/$$/$(EXEEXT)/'`; \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $$p $(DESTDIR)$(bindir)/$$f"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $$p $(DESTDIR)$(bindir)/$$f; \ else :; fi; \ done uninstall-binPROGRAMS: @$(NORMAL_UNINSTALL) @list='$(bin_PROGRAMS)'; for p in $$list; do \ - f="`echo $$p|sed -e 's/$(EXEEXT)$$//' -e '$(transform)' -e 's/$$/$(EXEEXT)/'`"; \ + f=`echo $$p|sed 's/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \ echo " rm -f $(DESTDIR)$(bindir)/$$f"; \ rm -f $(DESTDIR)$(bindir)/$$f; \ done -mostlyclean-checkPROGRAMS: +clean-binPROGRAMS: + -test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS) clean-checkPROGRAMS: -test -z "$(check_PROGRAMS)" || rm -f $(check_PROGRAMS) -distclean-checkPROGRAMS: - -maintainer-clean-checkPROGRAMS: - -mostlyclean-noinstPROGRAMS: - clean-noinstPROGRAMS: -test -z "$(noinst_PROGRAMS)" || rm -f $(noinst_PROGRAMS) - -distclean-noinstPROGRAMS: - -maintainer-clean-noinstPROGRAMS: - -derived-key-test$(EXEEXT): $(derived_key_test_OBJECTS) $(derived_key_test_DEPENDENCIES) +derived-key-test$(EXEEXT): $(derived_key_test_OBJECTS) $(derived_key_test_DEPENDENCIES) @rm -f derived-key-test$(EXEEXT) $(LINK) $(derived_key_test_LDFLAGS) $(derived_key_test_OBJECTS) $(derived_key_test_LDADD) $(LIBS) - -dump_config$(EXEEXT): $(dump_config_OBJECTS) $(dump_config_DEPENDENCIES) +dump_config$(EXEEXT): $(dump_config_OBJECTS) $(dump_config_DEPENDENCIES) @rm -f dump_config$(EXEEXT) $(LINK) $(dump_config_LDFLAGS) $(dump_config_OBJECTS) $(dump_config_LDADD) $(LIBS) - -n-fold-test$(EXEEXT): $(n_fold_test_OBJECTS) $(n_fold_test_DEPENDENCIES) +krbhst-test$(EXEEXT): $(krbhst_test_OBJECTS) $(krbhst_test_DEPENDENCIES) + @rm -f krbhst-test$(EXEEXT) + $(LINK) $(krbhst_test_LDFLAGS) $(krbhst_test_OBJECTS) $(krbhst_test_LDADD) $(LIBS) +n-fold-test$(EXEEXT): $(n_fold_test_OBJECTS) $(n_fold_test_DEPENDENCIES) @rm -f n-fold-test$(EXEEXT) $(LINK) $(n_fold_test_LDFLAGS) $(n_fold_test_OBJECTS) $(n_fold_test_LDADD) $(LIBS) - -store-test$(EXEEXT): $(store_test_OBJECTS) $(store_test_DEPENDENCIES) +store-test$(EXEEXT): $(store_test_OBJECTS) $(store_test_DEPENDENCIES) @rm -f store-test$(EXEEXT) $(LINK) $(store_test_LDFLAGS) $(store_test_OBJECTS) $(store_test_LDADD) $(LIBS) - -string-to-key-test$(EXEEXT): $(string_to_key_test_OBJECTS) $(string_to_key_test_DEPENDENCIES) +string-to-key-test$(EXEEXT): $(string_to_key_test_OBJECTS) $(string_to_key_test_DEPENDENCIES) @rm -f string-to-key-test$(EXEEXT) $(LINK) $(string_to_key_test_LDFLAGS) $(string_to_key_test_OBJECTS) $(string_to_key_test_LDADD) $(LIBS) - -test_get_addrs$(EXEEXT): $(test_get_addrs_OBJECTS) $(test_get_addrs_DEPENDENCIES) +test_get_addrs$(EXEEXT): $(test_get_addrs_OBJECTS) $(test_get_addrs_DEPENDENCIES) @rm -f test_get_addrs$(EXEEXT) $(LINK) $(test_get_addrs_LDFLAGS) $(test_get_addrs_OBJECTS) $(test_get_addrs_LDADD) $(LIBS) - -verify_krb5_conf$(EXEEXT): $(verify_krb5_conf_OBJECTS) $(verify_krb5_conf_DEPENDENCIES) +verify_krb5_conf$(EXEEXT): $(verify_krb5_conf_OBJECTS) $(verify_krb5_conf_DEPENDENCIES) @rm -f verify_krb5_conf$(EXEEXT) $(LINK) $(verify_krb5_conf_LDFLAGS) $(verify_krb5_conf_OBJECTS) $(verify_krb5_conf_LDADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) core *.core + +distclean-compile: + -rm -f *.tab.c + .c.o: - $(COMPILE) -c $< + $(COMPILE) -c `test -f $< || echo '$(srcdir)/'`$< + .c.obj: $(COMPILE) -c `cygpath -w $<` + .c.lo: - $(LTCOMPILE) -c -o $@ $< + $(LTCOMPILE) -c -o $@ `test -f $< || echo '$(srcdir)/'`$< +uninstall-info-am: -install-man3: +man3dir = $(mandir)/man3 +install-man3: $(man3_MANS) $(man_MANS) + @$(NORMAL_INSTALL) $(mkinstalldirs) $(DESTDIR)$(man3dir) - @list='$(man3_MANS)'; \ - l2='$(man_MANS)'; for i in $$l2; do \ + @list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \ + l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ + for i in $$l2; do \ case "$$i" in \ *.3*) list="$$list $$i" ;; \ esac; \ @@ -608,10 +601,11 @@ install-man3: echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man3dir)/$$inst"; \ $(INSTALL_DATA) $$file $(DESTDIR)$(man3dir)/$$inst; \ done - uninstall-man3: - @list='$(man3_MANS)'; \ - l2='$(man_MANS)'; for i in $$l2; do \ + @$(NORMAL_UNINSTALL) + @list='$(man3_MANS) $(dist_man3_MANS) $(nodist_man3_MANS)'; \ + l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ + for i in $$l2; do \ case "$$i" in \ *.3*) list="$$list $$i" ;; \ esac; \ @@ -625,10 +619,13 @@ uninstall-man3: rm -f $(DESTDIR)$(man3dir)/$$inst; \ done -install-man5: +man5dir = $(mandir)/man5 +install-man5: $(man5_MANS) $(man_MANS) + @$(NORMAL_INSTALL) $(mkinstalldirs) $(DESTDIR)$(man5dir) - @list='$(man5_MANS)'; \ - l2='$(man_MANS)'; for i in $$l2; do \ + @list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \ + l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ + for i in $$l2; do \ case "$$i" in \ *.5*) list="$$list $$i" ;; \ esac; \ @@ -643,10 +640,11 @@ install-man5: echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man5dir)/$$inst"; \ $(INSTALL_DATA) $$file $(DESTDIR)$(man5dir)/$$inst; \ done - uninstall-man5: - @list='$(man5_MANS)'; \ - l2='$(man_MANS)'; for i in $$l2; do \ + @$(NORMAL_UNINSTALL) + @list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \ + l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ + for i in $$l2; do \ case "$$i" in \ *.5*) list="$$list $$i" ;; \ esac; \ @@ -660,10 +658,13 @@ uninstall-man5: rm -f $(DESTDIR)$(man5dir)/$$inst; \ done -install-man8: +man8dir = $(mandir)/man8 +install-man8: $(man8_MANS) $(man_MANS) + @$(NORMAL_INSTALL) $(mkinstalldirs) $(DESTDIR)$(man8dir) - @list='$(man8_MANS)'; \ - l2='$(man_MANS)'; for i in $$l2; do \ + @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ + l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ + for i in $$l2; do \ case "$$i" in \ *.8*) list="$$list $$i" ;; \ esac; \ @@ -678,10 +679,11 @@ install-man8: echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst"; \ $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst; \ done - uninstall-man8: - @list='$(man8_MANS)'; \ - l2='$(man_MANS)'; for i in $$l2; do \ + @$(NORMAL_UNINSTALL) + @list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \ + l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \ + for i in $$l2; do \ case "$$i" in \ *.8*) list="$$list $$i" ;; \ esac; \ @@ -694,21 +696,14 @@ uninstall-man8: echo " rm -f $(DESTDIR)$(man8dir)/$$inst"; \ rm -f $(DESTDIR)$(man8dir)/$$inst; \ done -install-man: $(MANS) - @$(NORMAL_INSTALL) - $(MAKE) $(AM_MAKEFLAGS) install-man3 install-man5 install-man8 -uninstall-man: - @$(NORMAL_UNINSTALL) - $(MAKE) $(AM_MAKEFLAGS) uninstall-man3 uninstall-man5 uninstall-man8 - install-includeHEADERS: $(include_HEADERS) @$(NORMAL_INSTALL) $(mkinstalldirs) $(DESTDIR)$(includedir) @list='$(include_HEADERS)'; for p in $$list; do \ - if test -f "$$p"; then d= ; else d="$(srcdir)/"; fi; \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ f="`echo $$p | sed -e 's|^.*/||'`"; \ - echo " $(INSTALL_DATA) $$d$$p $(DESTDIR)$(includedir)/$$f"; \ - $(INSTALL_DATA) $$d$$p $(DESTDIR)$(includedir)/$$f; \ + echo " $(INSTALL_HEADER) $$d$$p $(DESTDIR)$(includedir)/$$f"; \ + $(INSTALL_HEADER) $$d$$p $(DESTDIR)$(includedir)/$$f; \ done uninstall-includeHEADERS: @@ -746,16 +741,11 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ GTAGS: here=`CDPATH=: && cd $(top_builddir) && pwd` \ && cd $(top_srcdir) \ - && gtags -i $$here - -mostlyclean-tags: - -clean-tags: + && gtags -i $(GTAGS_ARGS) $$here distclean-tags: - -rm -f TAGS ID + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH -maintainer-clean-tags: check-TESTS: $(TESTS) @failed=0; all=0; xfail=0; xpass=0; \ srcdir=$(srcdir); export srcdir; \ @@ -811,11 +801,18 @@ check-TESTS: $(TESTS) test "$$failed" -eq 0; \ fi -distdir = $(top_builddir)/$(PACKAGE)-$(VERSION)/$(subdir) +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + +top_distdir = ../.. +distdir = $(top_distdir)/$(PACKAGE)-$(VERSION) distdir: $(DISTFILES) @for file in $(DISTFILES); do \ - d=$(srcdir); \ + if test -f $$file; then d=.; else d=$(srcdir); fi; \ + dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test "$$dir" != "$$file" && test "$$dir" != "."; then \ + $(mkinstalldirs) "$(distdir)/$$dir"; \ + fi; \ if test -d $$d/$$file; then \ cp -pR $$d/$$file $(distdir) \ || exit 1; \ @@ -825,108 +822,105 @@ distdir: $(DISTFILES) || exit 1; \ fi; \ done - $(MAKE) $(AM_MAKEFLAGS) top_distdir="$(top_distdir)" distdir="$(distdir)" dist-hook -info-am: -info: info-am -dvi-am: -dvi: dvi-am + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="${top_distdir}" distdir="$(distdir)" \ + dist-hook check-am: all-am $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) $(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local check: check-am -installcheck-am: -installcheck: installcheck-am +all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(MANS) $(HEADERS) all-local install-binPROGRAMS: install-libLTLIBRARIES -install-exec-am: install-libLTLIBRARIES install-binPROGRAMS - @$(NORMAL_INSTALL) - $(MAKE) $(AM_MAKEFLAGS) install-exec-hook -install-exec: install-exec-am -install-data-am: install-man install-includeHEADERS install-data-local -install-data: install-data-am +installdirs: + $(mkinstalldirs) $(DESTDIR)$(libdir) $(DESTDIR)$(bindir) $(DESTDIR)$(man3dir) $(DESTDIR)$(man5dir) $(DESTDIR)$(man8dir) $(DESTDIR)$(includedir) -install-am: all-am - @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am install: install-am -uninstall-am: uninstall-libLTLIBRARIES uninstall-binPROGRAMS \ - uninstall-man uninstall-includeHEADERS +install-exec: install-exec-am +install-data: install-data-am uninstall: uninstall-am -all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(MANS) $(HEADERS) all-local -all-redirect: all-am -install-strip: - $(MAKE) $(AM_MAKEFLAGS) INSTALL_STRIP_FLAG=-s install -installdirs: - $(mkinstalldirs) $(DESTDIR)$(libdir) $(DESTDIR)$(bindir) \ - $(DESTDIR)$(mandir)/man3 $(DESTDIR)$(mandir)/man5 \ - $(DESTDIR)$(mandir)/man8 $(DESTDIR)$(includedir) +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: - -rm -f Makefile $(CONFIG_CLEAN_FILES) - -rm -f config.cache config.log stamp-h stamp-h[0-9]* + -rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]* maintainer-clean-generic: - -rm -f Makefile.in -mostlyclean-am: mostlyclean-libLTLIBRARIES mostlyclean-compile \ - mostlyclean-libtool mostlyclean-binPROGRAMS \ - mostlyclean-checkPROGRAMS mostlyclean-noinstPROGRAMS \ - mostlyclean-tags mostlyclean-generic + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am -mostlyclean: mostlyclean-am +clean-am: clean-binPROGRAMS clean-checkPROGRAMS clean-generic \ + clean-libLTLIBRARIES clean-libtool clean-noinstPROGRAMS \ + mostlyclean-am + +distclean: distclean-am -clean-am: clean-libLTLIBRARIES clean-compile clean-libtool \ - clean-binPROGRAMS clean-checkPROGRAMS \ - clean-noinstPROGRAMS clean-tags clean-generic \ - mostlyclean-am +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-libtool distclean-tags -clean: clean-am +dvi: dvi-am -distclean-am: distclean-libLTLIBRARIES distclean-compile \ - distclean-libtool distclean-binPROGRAMS \ - distclean-checkPROGRAMS distclean-noinstPROGRAMS \ - distclean-tags distclean-generic clean-am - -rm -f libtool +dvi-am: -distclean: distclean-am +info: info-am -maintainer-clean-am: maintainer-clean-libLTLIBRARIES \ - maintainer-clean-compile maintainer-clean-libtool \ - maintainer-clean-binPROGRAMS \ - maintainer-clean-checkPROGRAMS \ - maintainer-clean-noinstPROGRAMS maintainer-clean-tags \ - maintainer-clean-generic distclean-am - @echo "This command is intended for maintainers to use;" - @echo "it deletes files that may require special tools to rebuild." +info-am: + +install-data-am: install-data-local install-includeHEADERS install-man + +install-exec-am: install-binPROGRAMS install-libLTLIBRARIES + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-exec-hook + +install-info: install-info-am + +install-man: install-man3 install-man5 install-man8 + +installcheck-am: maintainer-clean: maintainer-clean-am -.PHONY: mostlyclean-libLTLIBRARIES distclean-libLTLIBRARIES \ -clean-libLTLIBRARIES maintainer-clean-libLTLIBRARIES \ -uninstall-libLTLIBRARIES install-libLTLIBRARIES mostlyclean-compile \ -distclean-compile clean-compile maintainer-clean-compile \ -mostlyclean-libtool distclean-libtool clean-libtool \ -maintainer-clean-libtool mostlyclean-binPROGRAMS distclean-binPROGRAMS \ -clean-binPROGRAMS maintainer-clean-binPROGRAMS uninstall-binPROGRAMS \ -install-binPROGRAMS mostlyclean-checkPROGRAMS distclean-checkPROGRAMS \ -clean-checkPROGRAMS maintainer-clean-checkPROGRAMS \ -mostlyclean-noinstPROGRAMS distclean-noinstPROGRAMS \ -clean-noinstPROGRAMS maintainer-clean-noinstPROGRAMS install-man3 \ -uninstall-man3 install-man5 uninstall-man5 install-man8 uninstall-man8 \ -install-man uninstall-man uninstall-includeHEADERS \ -install-includeHEADERS tags mostlyclean-tags distclean-tags clean-tags \ -maintainer-clean-tags check-TESTS distdir info-am info dvi-am dvi \ -check-local check check-am installcheck-am installcheck install-exec-am \ -install-exec install-data-local install-data-am install-data install-am \ -install uninstall-am uninstall all-local all-redirect all-am all \ -install-strip installdirs mostlyclean-generic distclean-generic \ -clean-generic maintainer-clean-generic clean mostlyclean distclean \ -maintainer-clean +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +uninstall-am: uninstall-binPROGRAMS uninstall-includeHEADERS \ + uninstall-info-am uninstall-libLTLIBRARIES uninstall-man + +uninstall-man: uninstall-man3 uninstall-man5 uninstall-man8 + +.PHONY: GTAGS all all-am all-local check check-TESTS check-am \ + check-local clean clean-binPROGRAMS clean-checkPROGRAMS \ + clean-generic clean-libLTLIBRARIES clean-libtool \ + clean-noinstPROGRAMS distclean distclean-compile \ + distclean-generic distclean-libtool distclean-tags distdir dvi \ + dvi-am info info-am install install-am install-binPROGRAMS \ + install-data install-data-am install-data-local install-exec \ + install-exec-am install-includeHEADERS install-info \ + install-info-am install-libLTLIBRARIES install-man install-man3 \ + install-man5 install-man8 install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool tags uninstall \ + uninstall-am uninstall-binPROGRAMS uninstall-includeHEADERS \ + uninstall-info-am uninstall-libLTLIBRARIES uninstall-man \ + uninstall-man3 uninstall-man5 uninstall-man8 install-suid-programs: @@ -1065,7 +1059,7 @@ $(srcdir)/krb5-protos.h: $(srcdir)/krb5-private.h: cd $(srcdir); perl ../../cf/make-proto.pl -p krb5-private.h $(libkrb5_la_SOURCES) || rm -f krb5-private.h -$(libkrb5_la_OBJECTS): krb5_err.h heim_err.h +$(libkrb5_la_OBJECTS): krb5_err.h heim_err.h k524_err.h # to help stupid solaris make @@ -1073,6 +1067,7 @@ krb5_err.h: krb5_err.et heim_err.h: heim_err.et +k524_err.h: k524_err.et # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/lib/krb5/addr_families.c b/crypto/heimdal/lib/krb5/addr_families.c index 430fd1ee3693..43434406a15f 100644 --- a/crypto/heimdal/lib/krb5/addr_families.c +++ b/crypto/heimdal/lib/krb5/addr_families.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: addr_families.c,v 1.26 2001/05/14 22:49:55 assar Exp $"); +RCSID("$Id: addr_families.c,v 1.32 2001/09/03 19:53:51 assar Exp $"); struct addr_operations { int af; @@ -48,7 +48,10 @@ struct addr_operations { krb5_boolean (*uninteresting)(const struct sockaddr *); void (*anyaddr)(struct sockaddr *, int *, int); int (*print_addr)(const krb5_address *, char *, size_t); - int (*parse_addr)(const char*, krb5_address *); + int (*parse_addr)(krb5_context, const char*, krb5_address *); + int (*order_addr)(krb5_context, const krb5_address*, const krb5_address*); + int (*free_addr)(krb5_context, krb5_address*); + int (*copy_addr)(krb5_context, const krb5_address*, krb5_address*); }; /* @@ -152,7 +155,7 @@ ipv4_print_addr (const krb5_address *addr, char *str, size_t len) } static int -ipv4_parse_addr (const char *address, krb5_address *addr) +ipv4_parse_addr (krb5_context context, const char *address, krb5_address *addr) { const char *p; struct in_addr a; @@ -313,10 +316,20 @@ ipv6_print_addr (const krb5_address *addr, char *str, size_t len) } static int -ipv6_parse_addr (const char *address, krb5_address *addr) +ipv6_parse_addr (krb5_context context, const char *address, krb5_address *addr) { int ret; struct in6_addr in6; + const char *p; + + p = strchr(address, ':'); + if(p) { + p++; + if(strncasecmp(address, "ip6:", p - address) == 0 || + strncasecmp(address, "ipv6:", p - address) == 0 || + strncasecmp(address, "inet6:", p - address) == 0) + address = p; + } ret = inet_pton(AF_INET6, address, &in6.s6_addr); if(ret == 1) { @@ -336,6 +349,165 @@ ipv6_parse_addr (const char *address, krb5_address *addr) * table */ +#define KRB5_ADDRESS_ARANGE (-100) + +struct arange { + krb5_address low; + krb5_address high; +}; + +static int +arange_parse_addr (krb5_context context, + const char *address, krb5_address *addr) +{ + char buf[1024]; + krb5_addresses low, high; + struct arange *a; + krb5_error_code ret; + + if(strncasecmp(address, "RANGE:", 6) != 0) + return -1; + + address += 6; + + /* should handle netmasks */ + strsep_copy(&address, "-", buf, sizeof(buf)); + ret = krb5_parse_address(context, buf, &low); + if(ret) + return ret; + if(low.len != 1) { + krb5_free_addresses(context, &low); + return -1; + } + + strsep_copy(&address, "-", buf, sizeof(buf)); + ret = krb5_parse_address(context, buf, &high); + if(ret) { + krb5_free_addresses(context, &low); + return ret; + } + + if(high.len != 1 || high.val[0].addr_type != low.val[0].addr_type) { + krb5_free_addresses(context, &low); + krb5_free_addresses(context, &high); + return -1; + } + + krb5_data_alloc(&addr->address, sizeof(*a)); + addr->addr_type = KRB5_ADDRESS_ARANGE; + a = addr->address.data; + + if(krb5_address_order(context, &low.val[0], &high.val[0]) < 0) { + a->low = low.val[0]; + a->high = high.val[0]; + } else { + a->low = high.val[0]; + a->high = low.val[0]; + } + return 0; +} + +static int +arange_free (krb5_context context, krb5_address *addr) +{ + struct arange *a; + a = addr->address.data; + krb5_free_address(context, &a->low); + krb5_free_address(context, &a->high); + return 0; +} + + +static int +arange_copy (krb5_context context, const krb5_address *inaddr, + krb5_address *outaddr) +{ + krb5_error_code ret; + struct arange *i, *o; + + outaddr->addr_type = KRB5_ADDRESS_ARANGE; + ret = krb5_data_alloc(&outaddr->address, sizeof(*o)); + if(ret) + return ret; + i = inaddr->address.data; + o = outaddr->address.data; + ret = krb5_copy_address(context, &i->low, &o->low); + if(ret) { + krb5_data_free(&outaddr->address); + return ret; + } + ret = krb5_copy_address(context, &i->high, &o->high); + if(ret) { + krb5_free_address(context, &o->low); + krb5_data_free(&outaddr->address); + return ret; + } + return 0; +} + +static int +arange_print_addr (const krb5_address *addr, char *str, size_t len) +{ + struct arange *a; + krb5_error_code ret; + size_t l, ret_len = 0; + + a = addr->address.data; + + l = strlcpy(str, "RANGE:", len); + ret_len += l; + + ret = krb5_print_address (&a->low, str + ret_len, len - ret_len, &l); + ret_len += l; + + l = strlcat(str, "-", len); + ret_len += l; + + ret = krb5_print_address (&a->high, str + ret_len, len - ret_len, &l); + ret_len += l; + + return ret_len; +} + +static int +arange_order_addr(krb5_context context, + const krb5_address *addr1, + const krb5_address *addr2) +{ + int tmp1, tmp2, sign; + struct arange *a; + const krb5_address *a2; + + if(addr1->addr_type == KRB5_ADDRESS_ARANGE) { + a = addr1->address.data; + a2 = addr2; + sign = 1; + } else if(addr2->addr_type == KRB5_ADDRESS_ARANGE) { + a = addr2->address.data; + a2 = addr1; + sign = -1; + } else + abort(); + + if(a2->addr_type == KRB5_ADDRESS_ARANGE) { + struct arange *b = a2->address.data; + tmp1 = krb5_address_order(context, &a->low, &b->low); + if(tmp1 != 0) + return sign * tmp1; + return sign * krb5_address_order(context, &a->high, &b->high); + } else if(a2->addr_type == a->low.addr_type) { + tmp1 = krb5_address_order(context, &a->low, a2); + if(tmp1 > 0) + return sign; + tmp2 = krb5_address_order(context, &a->high, a2); + if(tmp2 < 0) + return -sign; + return 0; + } else { + return sign * (addr1->addr_type - addr2->addr_type); + } +} + static struct addr_operations at[] = { {AF_INET, KRB5_ADDRESS_INET, sizeof(struct sockaddr_in), ipv4_sockaddr2addr, @@ -351,8 +523,15 @@ static struct addr_operations at[] = { ipv6_addr2sockaddr, ipv6_h_addr2sockaddr, ipv6_h_addr2addr, - ipv6_uninteresting, ipv6_anyaddr, ipv6_print_addr, ipv6_parse_addr} + ipv6_uninteresting, ipv6_anyaddr, ipv6_print_addr, ipv6_parse_addr} , #endif + {KRB5_ADDRESS_ADDRPORT, KRB5_ADDRESS_ADDRPORT, 0, + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }, + /* fake address type */ + {KRB5_ADDRESS_ARANGE, KRB5_ADDRESS_ARANGE, sizeof(struct arange), + NULL, NULL, NULL, NULL, NULL, NULL, NULL, + arange_print_addr, arange_parse_addr, + arange_order_addr, arange_free, arange_copy } }; static int num_addrs = sizeof(at) / sizeof(at[0]); @@ -425,6 +604,11 @@ krb5_addr2sockaddr (krb5_context context, addr->addr_type); return KRB5_PROG_ATYPE_NOSUPP; } + if (a->addr2sockaddr == NULL) { + krb5_set_error_string (context, "Can't convert address type %d to sockaddr", + addr->addr_type); + return KRB5_PROG_ATYPE_NOSUPP; + } (*a->addr2sockaddr)(addr, sa, sa_size, port); return 0; } @@ -445,7 +629,7 @@ krb5_boolean krb5_sockaddr_uninteresting(const struct sockaddr *sa) { struct addr_operations *a = find_af(sa->sa_family); - if (a == NULL) + if (a == NULL || a->uninteresting == NULL) return TRUE; return (*a->uninteresting)(sa); } @@ -504,14 +688,19 @@ krb5_print_address (const krb5_address *addr, if (a == NULL) { char *s; - size_t l; + int l; int i; + s = str; l = snprintf(s, len, "TYPE_%d:", addr->addr_type); + if (l < 0) + return EINVAL; s += l; - len -= len; + len -= l; for(i = 0; i < addr->address.length; i++) { l = snprintf(s, len, "%02x", ((char*)addr->address.data)[i]); + if (l < 0) + return EINVAL; len -= l; s += l; } @@ -535,7 +724,7 @@ krb5_parse_address(krb5_context context, for(i = 0; i < num_addrs; i++) { if(at[i].parse_addr) { krb5_address a; - if((*at[i].parse_addr)(string, &a) == 0) { + if((*at[i].parse_addr)(context, string, &a) == 0) { ALLOC_SEQ(addresses, 1); addresses->val[0] = a; return 0; @@ -562,3 +751,189 @@ krb5_parse_address(krb5_context context, freeaddrinfo (ai); return 0; } + +int +krb5_address_order(krb5_context context, + const krb5_address *addr1, + const krb5_address *addr2) +{ + /* this sucks; what if both addresses have order functions, which + should we call? this works for now, though */ + struct addr_operations *a; + a = find_atype(addr1->addr_type); + if(a == NULL) { + krb5_set_error_string (context, "Address family %d not supported", + addr1->addr_type); + return KRB5_PROG_ATYPE_NOSUPP; + } + if(a->order_addr != NULL) + return (*a->order_addr)(context, addr1, addr2); + a = find_atype(addr2->addr_type); + if(a == NULL) { + krb5_set_error_string (context, "Address family %d not supported", + addr2->addr_type); + return KRB5_PROG_ATYPE_NOSUPP; + } + if(a->order_addr != NULL) + return (*a->order_addr)(context, addr1, addr2); + + if(addr1->addr_type != addr2->addr_type) + return addr1->addr_type - addr2->addr_type; + if(addr1->address.length != addr2->address.length) + return addr1->address.length - addr2->address.length; + return memcmp (addr1->address.data, + addr2->address.data, + addr1->address.length); +} + +krb5_boolean +krb5_address_compare(krb5_context context, + const krb5_address *addr1, + const krb5_address *addr2) +{ + return krb5_address_order (context, addr1, addr2) == 0; +} + +krb5_boolean +krb5_address_search(krb5_context context, + const krb5_address *addr, + const krb5_addresses *addrlist) +{ + int i; + + for (i = 0; i < addrlist->len; ++i) + if (krb5_address_compare (context, addr, &addrlist->val[i])) + return TRUE; + return FALSE; +} + +krb5_error_code +krb5_free_address(krb5_context context, + krb5_address *address) +{ + struct addr_operations *a = find_af (address->addr_type); + if(a != NULL && a->free_addr != NULL) + return (*a->free_addr)(context, address); + krb5_data_free (&address->address); + return 0; +} + +krb5_error_code +krb5_free_addresses(krb5_context context, + krb5_addresses *addresses) +{ + int i; + for(i = 0; i < addresses->len; i++) + krb5_free_address(context, &addresses->val[i]); + free(addresses->val); + return 0; +} + +krb5_error_code +krb5_copy_address(krb5_context context, + const krb5_address *inaddr, + krb5_address *outaddr) +{ + struct addr_operations *a = find_af (inaddr->addr_type); + if(a != NULL && a->copy_addr != NULL) + return (*a->copy_addr)(context, inaddr, outaddr); + return copy_HostAddress(inaddr, outaddr); +} + +krb5_error_code +krb5_copy_addresses(krb5_context context, + const krb5_addresses *inaddr, + krb5_addresses *outaddr) +{ + int i; + ALLOC_SEQ(outaddr, inaddr->len); + if(inaddr->len > 0 && outaddr->val == NULL) + return ENOMEM; + for(i = 0; i < inaddr->len; i++) + krb5_copy_address(context, &inaddr->val[i], &outaddr->val[i]); + return 0; +} + +krb5_error_code +krb5_append_addresses(krb5_context context, + krb5_addresses *dest, + const krb5_addresses *source) +{ + krb5_address *tmp; + krb5_error_code ret; + int i; + if(source->len > 0) { + tmp = realloc(dest->val, (dest->len + source->len) * sizeof(*tmp)); + if(tmp == NULL) { + krb5_set_error_string(context, "realloc: out of memory"); + return ENOMEM; + } + dest->val = tmp; + for(i = 0; i < source->len; i++) { + /* skip duplicates */ + if(krb5_address_search(context, &source->val[i], dest)) + continue; + ret = krb5_copy_address(context, + &source->val[i], + &dest->val[dest->len]); + if(ret) + return ret; + dest->len++; + } + } + return 0; +} + +/* + * Create an address of type KRB5_ADDRESS_ADDRPORT from (addr, port) + */ + +krb5_error_code +krb5_make_addrport (krb5_context context, + krb5_address **res, const krb5_address *addr, int16_t port) +{ + krb5_error_code ret; + size_t len = addr->address.length + 2 + 4 * 4; + u_char *p; + + *res = malloc (sizeof(**res)); + if (*res == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } + (*res)->addr_type = KRB5_ADDRESS_ADDRPORT; + ret = krb5_data_alloc (&(*res)->address, len); + if (ret) { + krb5_set_error_string(context, "malloc: out of memory"); + free (*res); + return ret; + } + p = (*res)->address.data; + *p++ = 0; + *p++ = 0; + *p++ = (addr->addr_type ) & 0xFF; + *p++ = (addr->addr_type >> 8) & 0xFF; + + *p++ = (addr->address.length ) & 0xFF; + *p++ = (addr->address.length >> 8) & 0xFF; + *p++ = (addr->address.length >> 16) & 0xFF; + *p++ = (addr->address.length >> 24) & 0xFF; + + memcpy (p, addr->address.data, addr->address.length); + p += addr->address.length; + + *p++ = 0; + *p++ = 0; + *p++ = (KRB5_ADDRESS_IPPORT ) & 0xFF; + *p++ = (KRB5_ADDRESS_IPPORT >> 8) & 0xFF; + + *p++ = (2 ) & 0xFF; + *p++ = (2 >> 8) & 0xFF; + *p++ = (2 >> 16) & 0xFF; + *p++ = (2 >> 24) & 0xFF; + + memcpy (p, &port, 2); + p += 2; + + return 0; +} diff --git a/crypto/heimdal/lib/krb5/appdefault.c b/crypto/heimdal/lib/krb5/appdefault.c index 12de15097950..831b6036bfed 100644 --- a/crypto/heimdal/lib/krb5/appdefault.c +++ b/crypto/heimdal/lib/krb5/appdefault.c @@ -33,16 +33,23 @@ #include "krb5_locl.h" -RCSID("$Id: appdefault.c,v 1.5 2001/05/14 06:14:44 assar Exp $"); +RCSID("$Id: appdefault.c,v 1.7 2001/09/16 04:48:55 assar Exp $"); void krb5_appdefault_boolean(krb5_context context, const char *appname, - krb5_realm realm, const char *option, + krb5_const_realm realm, const char *option, krb5_boolean def_val, krb5_boolean *ret_val) { if(appname == NULL) appname = getprogname(); + + def_val = krb5_config_get_bool_default(context, NULL, def_val, + "libdefaults", option, NULL); + if(realm != NULL) + def_val = krb5_config_get_bool_default(context, NULL, def_val, + "realms", realm, option, NULL); + def_val = krb5_config_get_bool_default(context, NULL, def_val, "appdefaults", option, @@ -72,11 +79,18 @@ krb5_appdefault_boolean(krb5_context context, const char *appname, void krb5_appdefault_string(krb5_context context, const char *appname, - krb5_realm realm, const char *option, + krb5_const_realm realm, const char *option, const char *def_val, char **ret_val) { if(appname == NULL) appname = getprogname(); + + def_val = krb5_config_get_string_default(context, NULL, def_val, + "libdefaults", option, NULL); + if(realm != NULL) + def_val = krb5_config_get_string_default(context, NULL, def_val, + "realms", realm, option, NULL); + def_val = krb5_config_get_string_default(context, NULL, def_val, "appdefaults", option, @@ -109,7 +123,7 @@ krb5_appdefault_string(krb5_context context, const char *appname, void krb5_appdefault_time(krb5_context context, const char *appname, - krb5_realm realm, const char *option, + krb5_const_realm realm, const char *option, time_t def_val, time_t *ret_val) { time_t t; diff --git a/crypto/heimdal/lib/krb5/auth_context.c b/crypto/heimdal/lib/krb5/auth_context.c index eca2e8787fc8..56561017539d 100644 --- a/crypto/heimdal/lib/krb5/auth_context.c +++ b/crypto/heimdal/lib/krb5/auth_context.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: auth_context.c,v 1.56 2001/05/14 06:14:44 assar Exp $"); +RCSID("$Id: auth_context.c,v 1.57 2001/06/17 23:12:34 assar Exp $"); krb5_error_code krb5_auth_con_init(krb5_context context, @@ -300,36 +300,36 @@ krb5_auth_con_setremotesubkey(krb5_context context, } krb5_error_code -krb5_auth_setcksumtype(krb5_context context, - krb5_auth_context auth_context, - krb5_cksumtype cksumtype) +krb5_auth_con_setcksumtype(krb5_context context, + krb5_auth_context auth_context, + krb5_cksumtype cksumtype) { auth_context->cksumtype = cksumtype; return 0; } krb5_error_code -krb5_auth_getcksumtype(krb5_context context, - krb5_auth_context auth_context, - krb5_cksumtype *cksumtype) +krb5_auth_con_getcksumtype(krb5_context context, + krb5_auth_context auth_context, + krb5_cksumtype *cksumtype) { *cksumtype = auth_context->cksumtype; return 0; } krb5_error_code -krb5_auth_setkeytype (krb5_context context, - krb5_auth_context auth_context, - krb5_keytype keytype) +krb5_auth_con_setkeytype (krb5_context context, + krb5_auth_context auth_context, + krb5_keytype keytype) { auth_context->keytype = keytype; return 0; } krb5_error_code -krb5_auth_getkeytype (krb5_context context, - krb5_auth_context auth_context, - krb5_keytype *keytype) +krb5_auth_con_getkeytype (krb5_context context, + krb5_auth_context auth_context, + krb5_keytype *keytype) { *keytype = auth_context->keytype; return 0; @@ -337,9 +337,9 @@ krb5_auth_getkeytype (krb5_context context, #if 0 krb5_error_code -krb5_auth_setenctype(krb5_context context, - krb5_auth_context auth_context, - krb5_enctype etype) +krb5_auth_con_setenctype(krb5_context context, + krb5_auth_context auth_context, + krb5_enctype etype) { if(auth_context->keyblock) krb5_free_keyblock(context, auth_context->keyblock); @@ -351,16 +351,16 @@ krb5_auth_setenctype(krb5_context context, } krb5_error_code -krb5_auth_getenctype(krb5_context context, - krb5_auth_context auth_context, - krb5_enctype *etype) +krb5_auth_con_getenctype(krb5_context context, + krb5_auth_context auth_context, + krb5_enctype *etype) { krb5_abortx(context, "unimplemented krb5_auth_getenctype called"); } #endif krb5_error_code -krb5_auth_getlocalseqnumber(krb5_context context, +krb5_auth_con_getlocalseqnumber(krb5_context context, krb5_auth_context auth_context, int32_t *seqnumber) { @@ -369,7 +369,7 @@ krb5_auth_getlocalseqnumber(krb5_context context, } krb5_error_code -krb5_auth_setlocalseqnumber (krb5_context context, +krb5_auth_con_setlocalseqnumber (krb5_context context, krb5_auth_context auth_context, int32_t seqnumber) { @@ -387,7 +387,7 @@ krb5_auth_getremoteseqnumber(krb5_context context, } krb5_error_code -krb5_auth_setremoteseqnumber (krb5_context context, +krb5_auth_con_setremoteseqnumber (krb5_context context, krb5_auth_context auth_context, int32_t seqnumber) { @@ -397,7 +397,7 @@ krb5_auth_setremoteseqnumber (krb5_context context, krb5_error_code -krb5_auth_getauthenticator(krb5_context context, +krb5_auth_con_getauthenticator(krb5_context context, krb5_auth_context auth_context, krb5_authenticator *authenticator) { diff --git a/crypto/heimdal/lib/krb5/changepw.c b/crypto/heimdal/lib/krb5/changepw.c index 309e972acb8c..35534f462fba 100644 --- a/crypto/heimdal/lib/krb5/changepw.c +++ b/crypto/heimdal/lib/krb5/changepw.c @@ -33,54 +33,13 @@ #include <krb5_locl.h> -RCSID("$Id: changepw.c,v 1.32 2001/05/14 22:49:55 assar Exp $"); - -static krb5_error_code -get_kdc_address (krb5_context context, - krb5_realm realm, - struct addrinfo **ai, - char **ret_host) -{ - krb5_error_code ret; - char **hostlist; - int port = 0; - int error; - char *host; - int save_errno; - - ret = krb5_get_krb_changepw_hst (context, - &realm, - &hostlist); - if (ret) - return ret; - - host = strdup(*hostlist); - krb5_free_krbhst(context, hostlist); - if (host == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - - port = ntohs(krb5_getportbyname (context, "kpasswd", "udp", KPASSWD_PORT)); - error = roken_getaddrinfo_hostspec2(host, SOCK_DGRAM, port, ai); - - if(error) { - save_errno = errno; - krb5_set_error_string(context, "resolving %s: %s", - host, gai_strerror(error)); - return krb5_eai_to_heim_errno(error, save_errno); - } - *ret_host = host; - return 0; -} +RCSID("$Id: changepw.c,v 1.34 2001/09/27 01:29:12 assar Exp $"); static krb5_error_code send_request (krb5_context context, krb5_auth_context *auth_context, krb5_creds *creds, int sock, - struct sockaddr *sa, - int sa_size, char *passwd, const char *host) { @@ -128,8 +87,8 @@ send_request (krb5_context context, *p++ = (ap_req_data.length >> 0) & 0xFF; memset(&msghdr, 0, sizeof(msghdr)); - msghdr.msg_name = (void *)sa; - msghdr.msg_namelen = sa_size; + msghdr.msg_name = NULL; + msghdr.msg_namelen = 0; msghdr.msg_iov = iov; msghdr.msg_iovlen = sizeof(iov)/sizeof(*iov); #if 0 @@ -294,96 +253,134 @@ krb5_change_password (krb5_context context, { krb5_error_code ret; krb5_auth_context auth_context = NULL; + krb5_krbhst_handle handle = NULL; + krb5_krbhst_info *hi; int sock; int i; - struct addrinfo *ai, *a; int done = 0; - char *host = NULL; + krb5_realm realm = creds->client->realm; ret = krb5_auth_con_init (context, &auth_context); if (ret) return ret; - ret = get_kdc_address (context, creds->client->realm, &ai, &host); + krb5_auth_con_setflags (context, auth_context, + KRB5_AUTH_CONTEXT_DO_SEQUENCE); + + ret = krb5_krbhst_init (context, realm, KRB5_KRBHST_CHANGEPW, &handle); if (ret) goto out; - for (a = ai; !done && a != NULL; a = a->ai_next) { - int replied = 0; + while (krb5_krbhst_next(context, handle, &hi) == 0) { + struct addrinfo *ai, *a; - sock = socket (a->ai_family, a->ai_socktype, a->ai_protocol); - if (sock < 0) + ret = krb5_krbhst_get_addrinfo(context, hi, &ai); + if (ret) continue; - for (i = 0; !done && i < 5; ++i) { - fd_set fdset; - struct timeval tv; - - if (!replied) { - replied = 0; - ret = send_request (context, - &auth_context, - creds, - sock, - a->ai_addr, - a->ai_addrlen, - newpw, - host); - if (ret) { - close(sock); - goto out; - } - } - - if (sock >= FD_SETSIZE) { - krb5_set_error_string(context, "fd %d too large", sock); - ret = ERANGE; + for (a = ai; !done && a != NULL; a = a->ai_next) { + int replied = 0; + + sock = socket (a->ai_family, a->ai_socktype, a->ai_protocol); + if (sock < 0) + continue; + + ret = connect(sock, a->ai_addr, a->ai_addrlen); + if (ret < 0) { close (sock); goto out; } - FD_ZERO(&fdset); - FD_SET(sock, &fdset); - tv.tv_usec = 0; - tv.tv_sec = 1 + (1 << i); - - ret = select (sock + 1, &fdset, NULL, NULL, &tv); - if (ret < 0 && errno != EINTR) { - close(sock); + ret = krb5_auth_con_genaddrs (context, auth_context, sock, + KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR); + if (ret) { + close (sock); goto out; } - if (ret == 1) { - ret = process_reply (context, - auth_context, - sock, - result_code, - result_code_string, - result_string, - host); - if (ret == 0) - done = 1; - else if (i > 0 && ret == KRB5KRB_AP_ERR_MUT_FAIL) - replied = 1; - } else { - ret = KRB5_KDC_UNREACH; + + for (i = 0; !done && i < 5; ++i) { + fd_set fdset; + struct timeval tv; + + if (!replied) { + replied = 0; + ret = send_request (context, + &auth_context, + creds, + sock, + newpw, + hi->hostname); + if (ret) { + close(sock); + goto out; + } + } + + if (sock >= FD_SETSIZE) { + krb5_set_error_string(context, "fd %d too large", sock); + ret = ERANGE; + close (sock); + goto out; + } + + FD_ZERO(&fdset); + FD_SET(sock, &fdset); + tv.tv_usec = 0; + tv.tv_sec = 1 + (1 << i); + + ret = select (sock + 1, &fdset, NULL, NULL, &tv); + if (ret < 0 && errno != EINTR) { + close(sock); + goto out; + } + if (ret == 1) { + ret = process_reply (context, + auth_context, + sock, + result_code, + result_code_string, + result_string, + hi->hostname); + if (ret == 0) + done = 1; + else if (i > 0 && ret == KRB5KRB_AP_ERR_MUT_FAIL) + replied = 1; + } else { + ret = KRB5_KDC_UNREACH; + } } + close (sock); } - close (sock); } - freeaddrinfo (ai); -out: + out: + krb5_krbhst_free (context, handle); krb5_auth_con_free (context, auth_context); - free (host); if (done) return 0; else { if (ret == KRB5_KDC_UNREACH) krb5_set_error_string(context, - "failed to reach kpasswd server %s " - "in realm %s", - host, creds->client->realm); - + "unable to reach any changepw server " + " in realm %s", realm); return ret; } } + +const char * +krb5_passwd_result_to_string (krb5_context context, + int result) +{ + static const char *strings[] = { + "Success", + "Malformed", + "Hard error", + "Auth error", + "Soft error" + }; + + if (result < 0 || result > KRB5_KPASSWD_SOFTERROR) + return "unknown result code"; + else + return strings[result]; +} diff --git a/crypto/heimdal/lib/krb5/context.c b/crypto/heimdal/lib/krb5/context.c index 2ba194ba9a6a..c8904013096b 100644 --- a/crypto/heimdal/lib/krb5/context.c +++ b/crypto/heimdal/lib/krb5/context.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: context.c,v 1.64 2001/05/16 22:24:42 assar Exp $"); +RCSID("$Id: context.c,v 1.73 2002/02/12 08:24:08 joda Exp $"); #define INIT_FIELD(C, T, E, D, F) \ (C)->E = krb5_config_get_ ## T ## _default ((C), NULL, (D), \ @@ -81,7 +81,9 @@ set_etypes (krb5_context context, static krb5_error_code init_context_from_config_file(krb5_context context) { + krb5_error_code ret; const char * tmp; + INIT_FIELD(context, time, max_skew, 5 * 60, "clockskew"); INIT_FIELD(context, time, kdc_timeout, 3, "kdc_timeout"); INIT_FIELD(context, int, max_retries, 3, "max_retries"); @@ -96,7 +98,7 @@ init_context_from_config_file(krb5_context context) KEYTAB_DEFAULT, "default_keytab_name"); INIT_FIELD(context, string, default_keytab_modify, - KEYTAB_DEFAULT_MODIFY, "default_keytab_modify_name"); + NULL, "default_keytab_modify_name"); INIT_FIELD(context, string, time_fmt, "%Y-%m-%dT%H:%M:%S", "time_format"); @@ -125,16 +127,31 @@ init_context_from_config_file(krb5_context context) NULL); memset(&addresses, 0, sizeof(addresses)); for(a = adr; a && *a; a++) { - krb5_parse_address(context, *a, &addresses); - krb5_add_extra_addresses(context, &addresses); - krb5_free_addresses(context, &addresses); + ret = krb5_parse_address(context, *a, &addresses); + if (ret == 0) { + krb5_add_extra_addresses(context, &addresses); + krb5_free_addresses(context, &addresses); + } + } + krb5_config_free_strings(adr); + + adr = krb5_config_get_strings(context, NULL, + "libdefaults", + "ignore_addresses", + NULL); + memset(&addresses, 0, sizeof(addresses)); + for(a = adr; a && *a; a++) { + ret = krb5_parse_address(context, *a, &addresses); + if (ret == 0) { + krb5_add_ignore_addresses(context, &addresses); + krb5_free_addresses(context, &addresses); + } } krb5_config_free_strings(adr); } INIT_FIELD(context, bool, scan_interfaces, TRUE, "scan_interfaces"); INIT_FIELD(context, bool, srv_lookup, TRUE, "srv_lookup"); - INIT_FIELD(context, bool, srv_try_txt, FALSE, "srv_try_txt"); INIT_FIELD(context, int, fcache_vno, 0, "fcache_version"); context->cc_ops = NULL; @@ -197,18 +214,23 @@ krb5_init_context(krb5_context *context) void krb5_free_context(krb5_context context) { - int i; + int i; - free(context->etypes); - free(context->etypes_des); - krb5_free_host_realm (context, context->default_realms); - krb5_config_file_free (context, context->cf); - free_error_table (context->et_list); - for(i = 0; i < context->num_cc_ops; ++i) - free(context->cc_ops[i].prefix); - free(context->cc_ops); - free(context->kt_types); - free(context); + free(context->etypes); + free(context->etypes_des); + krb5_free_host_realm (context, context->default_realms); + krb5_config_file_free (context, context->cf); + free_error_table (context->et_list); + for(i = 0; i < context->num_cc_ops; ++i) + free(context->cc_ops[i].prefix); + free(context->cc_ops); + free(context->kt_types); + krb5_clear_error_string(context); + if(context->warn_dest != NULL) + krb5_closelog(context, context->warn_dest); + krb5_set_extra_addresses(context, NULL); + krb5_set_ignore_addresses(context, NULL); + free(context); } /* @@ -295,7 +317,9 @@ krb5_get_default_in_tkt_etypes(krb5_context context, const char * krb5_get_err_text(krb5_context context, krb5_error_code code) { - const char *p = com_right(context->et_list, code); + const char *p = NULL; + if(context != NULL) + p = com_right(context->et_list, code); if(p == NULL) p = strerror(code); return p; @@ -308,6 +332,7 @@ krb5_init_ets(krb5_context context) krb5_add_et_list(context, initialize_krb5_error_table_r); krb5_add_et_list(context, initialize_asn1_error_table_r); krb5_add_et_list(context, initialize_heim_error_table_r); + krb5_add_et_list(context, initialize_k524_error_table_r); } } @@ -337,9 +362,15 @@ krb5_add_extra_addresses(krb5_context context, krb5_addresses *addresses) krb5_error_code krb5_set_extra_addresses(krb5_context context, const krb5_addresses *addresses) { - if(context->extra_addresses) { + if(context->extra_addresses) krb5_free_addresses(context, context->extra_addresses); - free(context->extra_addresses); + + if(addresses == NULL) { + if(context->extra_addresses != NULL) { + free(context->extra_addresses); + context->extra_addresses = NULL; + } + return 0; } if(context->extra_addresses == NULL) { context->extra_addresses = malloc(sizeof(*context->extra_addresses)); @@ -358,7 +389,50 @@ krb5_get_extra_addresses(krb5_context context, krb5_addresses *addresses) memset(addresses, 0, sizeof(*addresses)); return 0; } - return copy_HostAddresses(context->extra_addresses, addresses); + return krb5_copy_addresses(context,context->extra_addresses, addresses); +} + +krb5_error_code +krb5_add_ignore_addresses(krb5_context context, krb5_addresses *addresses) +{ + + if(context->ignore_addresses) + return krb5_append_addresses(context, + context->ignore_addresses, addresses); + else + return krb5_set_ignore_addresses(context, addresses); +} + +krb5_error_code +krb5_set_ignore_addresses(krb5_context context, const krb5_addresses *addresses) +{ + if(context->ignore_addresses) + krb5_free_addresses(context, context->ignore_addresses); + if(addresses == NULL) { + if(context->ignore_addresses != NULL) { + free(context->ignore_addresses); + context->ignore_addresses = NULL; + } + return 0; + } + if(context->ignore_addresses == NULL) { + context->ignore_addresses = malloc(sizeof(*context->ignore_addresses)); + if(context->ignore_addresses == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + } + return krb5_copy_addresses(context, addresses, context->ignore_addresses); +} + +krb5_error_code +krb5_get_ignore_addresses(krb5_context context, krb5_addresses *addresses) +{ + if(context->ignore_addresses == NULL) { + memset(addresses, 0, sizeof(*addresses)); + return 0; + } + return krb5_copy_addresses(context, context->ignore_addresses, addresses); } krb5_error_code diff --git a/crypto/heimdal/lib/krb5/convert_creds.c b/crypto/heimdal/lib/krb5/convert_creds.c index f248cd05a631..ecdcf9610a6f 100644 --- a/crypto/heimdal/lib/krb5/convert_creds.c +++ b/crypto/heimdal/lib/krb5/convert_creds.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: convert_creds.c,v 1.17 2001/05/14 06:14:45 assar Exp $"); +RCSID("$Id: convert_creds.c,v 1.24 2001/06/20 02:49:21 joda Exp $"); static krb5_error_code check_ticket_flags(TicketFlags f) @@ -121,7 +121,6 @@ _krb_time_to_life(time_t start, time_t end) krb5_error_code krb524_convert_creds_kdc(krb5_context context, - krb5_ccache ccache, krb5_creds *in_cred, struct credentials *v4creds) { @@ -132,67 +131,30 @@ krb524_convert_creds_kdc(krb5_context context, krb5_data ticket; char realm[REALM_SZ]; krb5_creds *v5_creds = in_cred; - krb5_keytype keytype; - - keytype = v5_creds->session.keytype; - - if (keytype != ENCTYPE_DES_CBC_CRC) { - /* MIT krb524d doesn't like nothing but des-cbc-crc tickets, - so go get one */ - krb5_creds template; - - memset (&template, 0, sizeof(template)); - template.session.keytype = ENCTYPE_DES_CBC_CRC; - ret = krb5_copy_principal (context, in_cred->client, &template.client); - if (ret) { - krb5_free_creds_contents (context, &template); - return ret; - } - ret = krb5_copy_principal (context, in_cred->server, &template.server); - if (ret) { - krb5_free_creds_contents (context, &template); - return ret; - } - - ret = krb5_get_credentials (context, 0, ccache, - &template, &v5_creds); - krb5_free_creds_contents (context, &template); - if (ret) - return ret; - } ret = check_ticket_flags(v5_creds->flags.b); if(ret) goto out2; { - char **hostlist; - int port; - port = krb5_getportbyname (context, "krb524", "udp", 4444); - - ret = krb5_get_krbhst (context, krb5_princ_realm(context, - v5_creds->server), - &hostlist); - if(ret) + krb5_krbhst_handle handle; + + ret = krb5_krbhst_init(context, + *krb5_princ_realm(context, + v5_creds->server), + KRB5_KRBHST_KRB524, + &handle); + if (ret) goto out2; - + ret = krb5_sendto (context, &v5_creds->ticket, - hostlist, - port, + handle, &reply); - if(ret == KRB5_KDC_UNREACH) { - port = krb5_getportbyname (context, "kerberos", "udp", 88); - ret = krb5_sendto (context, - &v5_creds->ticket, - hostlist, - port, - &reply); - } - krb5_free_krbhst (context, hostlist); + krb5_krbhst_free(context, handle); + if (ret) + goto out2; } - if (ret) - goto out2; sp = krb5_storage_from_mem(reply.data, reply.length); if(sp == NULL) { ret = ENOMEM; @@ -220,7 +182,7 @@ krb524_convert_creds_kdc(krb5_context context, v4creds->realm); if(ret) goto out; - v4creds->issue_date = v5_creds->times.authtime; + v4creds->issue_date = v5_creds->times.starttime; v4creds->lifetime = _krb_time_to_life(v4creds->issue_date, v5_creds->times.endtime); ret = krb5_524_conv_principal(context, v5_creds->client, @@ -230,6 +192,9 @@ krb524_convert_creds_kdc(krb5_context context, if(ret) goto out; memcpy(v4creds->session, v5_creds->session.keyvalue.data, 8); + } else { + krb5_set_error_string(context, "converting credentials: %s", + krb5_get_err_text(context, ret)); } out: krb5_storage_free(sp); @@ -239,3 +204,47 @@ out2: krb5_free_creds (context, v5_creds); return ret; } + +krb5_error_code +krb524_convert_creds_kdc_ccache(krb5_context context, + krb5_ccache ccache, + krb5_creds *in_cred, + struct credentials *v4creds) +{ + krb5_error_code ret; + krb5_creds *v5_creds = in_cred; + krb5_keytype keytype; + + keytype = v5_creds->session.keytype; + + if (keytype != ENCTYPE_DES_CBC_CRC) { + /* MIT krb524d doesn't like nothing but des-cbc-crc tickets, + so go get one */ + krb5_creds template; + + memset (&template, 0, sizeof(template)); + template.session.keytype = ENCTYPE_DES_CBC_CRC; + ret = krb5_copy_principal (context, in_cred->client, &template.client); + if (ret) { + krb5_free_creds_contents (context, &template); + return ret; + } + ret = krb5_copy_principal (context, in_cred->server, &template.server); + if (ret) { + krb5_free_creds_contents (context, &template); + return ret; + } + + ret = krb5_get_credentials (context, 0, ccache, + &template, &v5_creds); + krb5_free_creds_contents (context, &template); + if (ret) + return ret; + } + + ret = krb524_convert_creds_kdc(context, v5_creds, v4creds); + + if (v5_creds != in_cred) + krb5_free_creds (context, v5_creds); + return ret; +} diff --git a/crypto/heimdal/lib/krb5/crypto.c b/crypto/heimdal/lib/krb5/crypto.c index 186b384cba86..7ecd458667e4 100644 --- a/crypto/heimdal/lib/krb5/crypto.c +++ b/crypto/heimdal/lib/krb5/crypto.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: crypto.c,v 1.50 2001/05/14 06:14:45 assar Exp $"); +RCSID("$Id: crypto.c,v 1.60 2002/01/06 23:12:51 assar Exp $"); #undef CRYPTO_DEBUG #ifdef CRYPTO_DEBUG @@ -156,6 +156,37 @@ DES_schedule(krb5_context context, des_set_key(key->key->keyvalue.data, key->schedule->data); } +static void +DES_string_to_key_int(unsigned char *data, size_t length, des_cblock *key) +{ + des_key_schedule schedule; + int i; + int reverse = 0; + unsigned char *p; + + unsigned char swap[] = { 0x0, 0x8, 0x4, 0xc, 0x2, 0xa, 0x6, 0xe, + 0x1, 0x9, 0x5, 0xd, 0x3, 0xb, 0x7, 0xf }; + memset(key, 0, 8); + + p = (unsigned char*)key; + for (i = 0; i < length; i++) { + unsigned char tmp = data[i]; + if (!reverse) + *p++ ^= (tmp << 1); + else + *--p ^= (swap[tmp & 0xf] << 4) | swap[(tmp & 0xf0) >> 4]; + if((i % 8) == 7) + reverse = !reverse; + } + des_set_odd_parity(key); + if(des_is_weak_key(key)) + (*key)[7] ^= 0xF0; + des_set_key(key, schedule); + des_cbc_cksum((void*)data, key, length, schedule, key); + memset(schedule, 0, sizeof(schedule)); + des_set_odd_parity(key); +} + static krb5_error_code DES_string_to_key(krb5_context context, krb5_enctype enctype, @@ -163,20 +194,19 @@ DES_string_to_key(krb5_context context, krb5_salt salt, krb5_keyblock *key) { - char *s; + unsigned char *s; size_t len; des_cblock tmp; - len = password.length + salt.saltvalue.length + 1; + len = password.length + salt.saltvalue.length; s = malloc(len); - if(s == NULL) { + if(len > 0 && s == NULL) { krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; } memcpy(s, password.data, password.length); memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length); - s[len - 1] = '\0'; - des_string_to_key(s, &tmp); + DES_string_to_key_int(s, len, &tmp); key->keytype = enctype; krb5_data_copy(&key->keyvalue, tmp, sizeof(tmp)); memset(&tmp, 0, sizeof(tmp)); @@ -248,12 +278,12 @@ DES_AFS3_Transarc_string_to_key (krb5_data pw, memcpy(&temp_key, "kerberos", 8); des_set_odd_parity (&temp_key); des_set_key (&temp_key, schedule); - des_cbc_cksum ((des_cblock *)password, &ivec, passlen, schedule, &ivec); + des_cbc_cksum (password, &ivec, passlen, schedule, &ivec); memcpy(&temp_key, &ivec, 8); des_set_odd_parity (&temp_key); des_set_key (&temp_key, schedule); - des_cbc_cksum ((des_cblock *)password, key, passlen, schedule, &ivec); + des_cbc_cksum (password, key, passlen, schedule, &ivec); memset(&schedule, 0, sizeof(schedule)); memset(&temp_key, 0, sizeof(temp_key)); memset(&ivec, 0, sizeof(ivec)); @@ -359,8 +389,8 @@ DES3_string_to_key(krb5_context context, des_set_key(keys + i, s[i]); } memset(&ivec, 0, sizeof(ivec)); - des_ede3_cbc_encrypt((des_cblock *)tmp, - (des_cblock *)tmp, sizeof(tmp), + des_ede3_cbc_encrypt(tmp, + tmp, sizeof(tmp), s[0], s[1], s[2], &ivec, DES_ENCRYPT); memset(s, 0, sizeof(s)); memset(&ivec, 0, sizeof(ivec)); @@ -895,8 +925,8 @@ RSA_MD4_DES_checksum(krb5_context context, MD4_Update (&md4, data, len); MD4_Final (p + 8, &md4); memset (&ivec, 0, sizeof(ivec)); - des_cbc_encrypt((des_cblock*)p, - (des_cblock*)p, + des_cbc_encrypt(p, + p, 24, key->schedule->data, &ivec, @@ -970,8 +1000,8 @@ RSA_MD5_DES_checksum(krb5_context context, MD5_Update (&md5, data, len); MD5_Final (p + 8, &md5); memset (&ivec, 0, sizeof(ivec)); - des_cbc_encrypt((des_cblock*)p, - (des_cblock*)p, + des_cbc_encrypt(p, + p, 24, key->schedule->data, &ivec, @@ -1032,8 +1062,8 @@ RSA_MD5_DES3_checksum(krb5_context context, MD5_Update (&md5, data, len); MD5_Final (p + 8, &md5); memset (&ivec, 0, sizeof(ivec)); - des_ede3_cbc_encrypt((des_cblock*)p, - (des_cblock*)p, + des_ede3_cbc_encrypt(p, + p, 24, sched[0], sched[1], sched[2], &ivec, @@ -1447,7 +1477,7 @@ do_checksum (krb5_context context, static krb5_error_code create_checksum(krb5_context context, krb5_crypto crypto, - krb5_key_usage usage, /* not krb5_key_usage */ + unsigned usage, /* not krb5_key_usage */ krb5_cksumtype type, /* 0 -> pick from crypto */ void *data, size_t len, @@ -1725,7 +1755,7 @@ ARCFOUR_subencrypt(krb5_context context, krb5_keyblock kb; unsigned char t[4]; RC4_KEY rc4_key; - char *cdata = (char *)data; + unsigned char *cdata = data; unsigned char k1_c_data[16], k2_c_data[16], k3_c_data[16]; t[0] = (usage >> 0) & 0xFF; @@ -1781,7 +1811,7 @@ ARCFOUR_subdecrypt(krb5_context context, krb5_keyblock kb; unsigned char t[4]; RC4_KEY rc4_key; - char *cdata = (char *)data; + unsigned char *cdata = data; unsigned char k1_c_data[16], k2_c_data[16], k3_c_data[16]; unsigned char cksum_data[16]; @@ -1949,7 +1979,7 @@ static struct encryption_type enctype_arcfour_hmac_md5 = { 1, 8, &keytype_arcfour, - &checksum_hmac_md5_enc, + &checksum_hmac_md5, &checksum_hmac_md5_enc, F_SPECIAL, ARCFOUR_encrypt @@ -2143,18 +2173,18 @@ krb5_error_code krb5_keytype_to_enctypes (krb5_context context, krb5_keytype keytype, unsigned *len, - int **val) + krb5_enctype **val) { int i; unsigned n = 0; - int *ret; + krb5_enctype *ret; for (i = num_etypes - 1; i >= 0; --i) { if (etypes[i]->keytype->type == keytype && !(etypes[i]->flags & F_PSEUDO)) ++n; } - ret = malloc(n * sizeof(int)); + ret = malloc(n * sizeof(*ret)); if (ret == NULL && n != 0) { krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; @@ -2179,10 +2209,10 @@ krb5_error_code krb5_keytype_to_enctypes_default (krb5_context context, krb5_keytype keytype, unsigned *len, - int **val) + krb5_enctype **val) { int i, n; - int *ret; + krb5_enctype *ret; if (keytype != KEYTYPE_DES || context->etypes_des == NULL) return krb5_keytype_to_enctypes (context, keytype, len, val); @@ -2245,20 +2275,23 @@ encrypt_internal_derived(krb5_context context, krb5_data *result, void *ivec) { - size_t sz, block_sz, checksum_sz; + size_t sz, block_sz, checksum_sz, total_sz; Checksum cksum; unsigned char *p, *q; krb5_error_code ret; struct key_data *dkey; - struct encryption_type *et = crypto->et; + const struct encryption_type *et = crypto->et; checksum_sz = CHECKSUMSIZE(et->keyed_checksum); - sz = et->confoundersize + /* 4 - length */ len; + sz = et->confoundersize + len; block_sz = (sz + et->blocksize - 1) &~ (et->blocksize - 1); /* pad */ - p = calloc(1, block_sz + checksum_sz); - if(p == NULL) + total_sz = block_sz + checksum_sz; + p = calloc(1, total_sz); + if(p == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; + } q = p; krb5_generate_random_block(q, et->confoundersize); /* XXX */ @@ -2277,34 +2310,32 @@ encrypt_internal_derived(krb5_context context, krb5_clear_error_string (context); ret = KRB5_CRYPTO_INTERNAL; } - if(ret) { - memset(p, 0, block_sz + checksum_sz); - free(p); - return ret; - } + if(ret) + goto fail; memcpy(p + block_sz, cksum.checksum.data, cksum.checksum.length); free_Checksum (&cksum); ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey); - if(ret) { - memset(p, 0, block_sz + checksum_sz); - free(p); - return ret; - } + if(ret) + goto fail; ret = _key_schedule(context, dkey); - if(ret) { - memset(p, 0, block_sz); - free(p); - return ret; - } + if(ret) + goto fail; #ifdef CRYPTO_DEBUG krb5_crypto_debug(context, 1, block_sz, dkey->key); #endif - (*et->encrypt)(context, dkey, p, block_sz, 1, usage, ivec); + ret = (*et->encrypt)(context, dkey, p, block_sz, 1, usage, ivec); + if (ret) + goto fail; result->data = p; - result->length = block_sz + checksum_sz; + result->length = total_sz; return 0; + fail: + memset(p, 0, total_sz); + free(p); + return ret; } + static krb5_error_code encrypt_internal(krb5_context context, krb5_crypto crypto, @@ -2317,7 +2348,7 @@ encrypt_internal(krb5_context context, Checksum cksum; unsigned char *p, *q; krb5_error_code ret; - struct encryption_type *et = crypto->et; + const struct encryption_type *et = crypto->et; checksum_sz = CHECKSUMSIZE(et->checksum); @@ -2345,29 +2376,32 @@ encrypt_internal(krb5_context context, &cksum); if(ret == 0 && cksum.checksum.length != checksum_sz) { krb5_clear_error_string (context); - ret = KRB5_CRYPTO_INTERNAL; - } - if(ret) { - memset(p, 0, block_sz); - free(p); free_Checksum(&cksum); - return ret; + ret = KRB5_CRYPTO_INTERNAL; } + if(ret) + goto fail; memcpy(p + et->confoundersize, cksum.checksum.data, cksum.checksum.length); free_Checksum(&cksum); ret = _key_schedule(context, &crypto->key); - if(ret) { + if(ret) + goto fail; +#ifdef CRYPTO_DEBUG + krb5_crypto_debug(context, 1, block_sz, crypto->key.key); +#endif + ret = (*et->encrypt)(context, &crypto->key, p, block_sz, 1, 0, ivec); + if (ret) { memset(p, 0, block_sz); free(p); return ret; } -#ifdef CRYPTO_DEBUG - krb5_crypto_debug(context, 1, block_sz, crypto->key.key); -#endif - (*et->encrypt)(context, &crypto->key, p, block_sz, 1, 0, ivec); result->data = p; result->length = block_sz; return 0; + fail: + memset(p, 0, block_sz); + free(p); + return ret; } static krb5_error_code @@ -2383,6 +2417,7 @@ encrypt_internal_special(krb5_context context, size_t cksum_sz = CHECKSUMSIZE(et->checksum); size_t sz = len + cksum_sz + et->confoundersize; char *tmp, *p; + krb5_error_code ret; tmp = malloc (sz); if (tmp == NULL) { @@ -2395,7 +2430,12 @@ encrypt_internal_special(krb5_context context, krb5_generate_random_block(p, et->confoundersize); p += et->confoundersize; memcpy (p, data, len); - (*et->encrypt)(context, &crypto->key, tmp, sz, TRUE, usage, ivec); + ret = (*et->encrypt)(context, &crypto->key, tmp, sz, TRUE, usage, ivec); + if (ret) { + memset(tmp, 0, sz); + free(tmp); + return ret; + } result->data = tmp; result->length = sz; return 0; @@ -2446,7 +2486,11 @@ decrypt_internal_derived(krb5_context context, #ifdef CRYPTO_DEBUG krb5_crypto_debug(context, 0, len, dkey->key); #endif - (*et->encrypt)(context, dkey, p, len, 0, usage, ivec); + ret = (*et->encrypt)(context, dkey, p, len, 0, usage, ivec); + if (ret) { + free(p); + return ret; + } cksum.checksum.data = p + len; cksum.checksum.length = checksum_sz; @@ -2504,7 +2548,11 @@ decrypt_internal(krb5_context context, #ifdef CRYPTO_DEBUG krb5_crypto_debug(context, 0, len, crypto->key.key); #endif - (*et->encrypt)(context, &crypto->key, p, len, 0, 0, ivec); + ret = (*et->encrypt)(context, &crypto->key, p, len, 0, 0, ivec); + if (ret) { + free(p); + return ret; + } ret = krb5_data_copy(&cksum.checksum, p + et->confoundersize, checksum_sz); if(ret) { free(p); @@ -2544,6 +2592,7 @@ decrypt_internal_special(krb5_context context, size_t sz = len - cksum_sz - et->confoundersize; char *cdata = (char *)data; char *tmp; + krb5_error_code ret; tmp = malloc (sz); if (tmp == NULL) { @@ -2551,7 +2600,11 @@ decrypt_internal_special(krb5_context context, return ENOMEM; } - (*et->encrypt)(context, &crypto->key, data, len, FALSE, usage, ivec); + ret = (*et->encrypt)(context, &crypto->key, data, len, FALSE, usage, ivec); + if (ret) { + free(tmp); + return ret; + } memcpy (tmp, cdata + cksum_sz + et->confoundersize, sz); @@ -2655,7 +2708,7 @@ krb5_decrypt_EncryptedData(krb5_context context, * * ************************************************************/ -#ifdef HAVE_OPENSSL_DES_H +#ifdef HAVE_OPENSSL #include <openssl/rand.h> /* From openssl/crypto/rand/rand_lcl.h */ @@ -2664,7 +2717,6 @@ static int seed_something(void) { int fd = -1; - size_t len; char buf[1024], seedfile[256]; /* If there is a seed file, load it. But such a file cannot be trusted, @@ -2684,7 +2736,7 @@ seed_something(void) we do not have to deal with it. */ if (RAND_status() != 1) { krb5_context context; - char *p; + const char *p; /* Try using egd */ if (!krb5_init_context(&context)) { @@ -3000,6 +3052,7 @@ krb5_string_to_key_derived(krb5_context context, struct encryption_type *et = _find_enctype(etype); krb5_error_code ret; struct key_data kd; + size_t keylen = et->keytype->bits / 8; u_char *tmp; if(et == NULL) { @@ -3008,13 +3061,28 @@ krb5_string_to_key_derived(krb5_context context, return KRB5_PROG_ETYPE_NOSUPP; } ALLOC(kd.key, 1); + if(kd.key == NULL) { + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + ret = krb5_data_alloc(&kd.key->keyvalue, et->keytype->size); + if(ret) { + free(kd.key); + return ret; + } kd.key->keytype = etype; - tmp = malloc (et->keytype->bits / 8); - _krb5_n_fold(str, len, tmp, et->keytype->bits / 8); - krb5_data_alloc(&kd.key->keyvalue, et->keytype->size); + tmp = malloc (keylen); + if(tmp == NULL) { + krb5_free_keyblock(context, kd.key); + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + _krb5_n_fold(str, len, tmp, keylen); kd.schedule = NULL; - DES3_postproc (context, tmp, et->keytype->bits / 8, &kd); /* XXX */ - ret = derive_key(context, + DES3_postproc (context, tmp, keylen, &kd); /* XXX */ + memset(tmp, 0, keylen); + free(tmp); + ret = derive_key(context, et, &kd, "kerberos", /* XXX well known constant */ diff --git a/crypto/heimdal/lib/krb5/expand_hostname.c b/crypto/heimdal/lib/krb5/expand_hostname.c index 848c8ab5f72e..7ed2dd53f159 100644 --- a/crypto/heimdal/lib/krb5/expand_hostname.c +++ b/crypto/heimdal/lib/krb5/expand_hostname.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: expand_hostname.c,v 1.10 2001/05/14 06:14:46 assar Exp $"); +RCSID("$Id: expand_hostname.c,v 1.11 2001/09/18 09:35:47 joda Exp $"); static krb5_error_code copy_hostname(krb5_context context, @@ -148,5 +148,6 @@ krb5_expand_hostname_realms (krb5_context context, free (*new_hostname); } } + freeaddrinfo(ai); return vanilla_hostname (context, orig_hostname, new_hostname, realms); } diff --git a/crypto/heimdal/lib/krb5/get_addrs.c b/crypto/heimdal/lib/krb5/get_addrs.c index c05569fb285d..0638fa4e9de2 100644 --- a/crypto/heimdal/lib/krb5/get_addrs.c +++ b/crypto/heimdal/lib/krb5/get_addrs.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: get_addrs.c,v 1.41 2001/05/14 06:14:46 assar Exp $"); +RCSID("$Id: get_addrs.c,v 1.43 2001/07/03 18:43:57 assar Exp $"); #ifdef __osf__ /* hate */ @@ -102,6 +102,7 @@ find_all_addresses (krb5_context context, krb5_addresses *res, int flags) struct ifaddrs *ifa0, *ifa; krb5_error_code ret = ENXIO; int num, idx; + krb5_addresses ignore_addresses; res->val = NULL; @@ -123,9 +124,17 @@ find_all_addresses (krb5_context context, krb5_addresses *res, int flags) return (ENXIO); } + if (flags & EXTRA_ADDRESSES) { + /* we'll remove the addresses we don't care about */ + ret = krb5_get_ignore_addresses(context, &ignore_addresses); + if(ret) + return ret; + } + /* Allocate storage for them. */ res->val = calloc(num, sizeof(*res->val)); if (res->val == NULL) { + krb5_free_addresses(context, &ignore_addresses); freeifaddrs(ifa0); krb5_set_error_string (context, "malloc: out of memory"); return (ENOMEM); @@ -139,7 +148,6 @@ find_all_addresses (krb5_context context, krb5_addresses *res, int flags) continue; if (krb5_sockaddr_uninteresting(ifa->ifa_addr)) continue; - if ((ifa->ifa_flags & IFF_LOOPBACK) != 0) { /* We'll deal with the LOOP_IF_NONE case later. */ if ((flags & LOOP) == 0) @@ -156,6 +164,16 @@ find_all_addresses (krb5_context context, krb5_addresses *res, int flags) */ continue; } + /* possibly skip this address? */ + if((flags & EXTRA_ADDRESSES) && + krb5_address_search(context, &res->val[idx], &ignore_addresses)) { + krb5_free_address(context, &res->val[idx]); + flags &= ~LOOP_IF_NONE; /* we actually found an address, + so don't add any loop-back + addresses */ + continue; + } + idx++; } @@ -181,11 +199,19 @@ find_all_addresses (krb5_context context, krb5_addresses *res, int flags) */ continue; } + if((flags & EXTRA_ADDRESSES) && + krb5_address_search(context, &res->val[idx], + &ignore_addresses)) { + krb5_free_address(context, &res->val[idx]); + continue; + } idx++; } } } + if (flags & EXTRA_ADDRESSES) + krb5_free_addresses(context, &ignore_addresses); freeifaddrs(ifa0); if (ret) free(res->val); @@ -207,8 +233,8 @@ get_addrs_int (krb5_context context, krb5_addresses *res, int flags) ret = 0; if(ret == 0 && (flags & EXTRA_ADDRESSES)) { - /* append user specified addresses */ krb5_addresses a; + /* append user specified addresses */ ret = krb5_get_extra_addresses(context, &a); if(ret) { krb5_free_addresses(context, res); @@ -221,6 +247,10 @@ get_addrs_int (krb5_context context, krb5_addresses *res, int flags) } krb5_free_addresses(context, &a); } + if(res->len == 0) { + free(res->val); + res->val = NULL; + } return ret; } diff --git a/crypto/heimdal/lib/krb5/get_cred.c b/crypto/heimdal/lib/krb5/get_cred.c index 2af940c8e946..31aa7590d846 100644 --- a/crypto/heimdal/lib/krb5/get_cred.c +++ b/crypto/heimdal/lib/krb5/get_cred.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: get_cred.c,v 1.85 2001/05/14 06:14:46 assar Exp $"); +RCSID("$Id: get_cred.c,v 1.87 2001/07/03 18:45:03 assar Exp $"); /* * Take the `body' and encode it into `padata' using the credentials @@ -558,10 +558,13 @@ get_cred_kdc_la(krb5_context context, krb5_ccache id, krb5_kdc_flags flags, krb5_creds *out_creds) { krb5_error_code ret; - krb5_addresses addresses; + krb5_addresses addresses, *addrs = &addresses; krb5_get_all_client_addrs(context, &addresses); - ret = get_cred_kdc(context, id, flags, &addresses, + /* XXX this sucks. */ + if(addresses.len == 0) + addrs = NULL; + ret = get_cred_kdc(context, id, flags, addrs, in_creds, krbtgt, out_creds); krb5_free_addresses(context, &addresses); return ret; diff --git a/crypto/heimdal/lib/krb5/get_default_realm.c b/crypto/heimdal/lib/krb5/get_default_realm.c index c090cead12c8..74a880d144e5 100644 --- a/crypto/heimdal/lib/krb5/get_default_realm.c +++ b/crypto/heimdal/lib/krb5/get_default_realm.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: get_default_realm.c,v 1.9 2001/05/14 06:14:47 assar Exp $"); +RCSID("$Id: get_default_realm.c,v 1.10 2001/07/19 16:55:27 assar Exp $"); /* * Return a NULL-terminated list of default realms in `realms'. @@ -68,8 +68,10 @@ krb5_get_default_realm(krb5_context context, if (context->default_realms == NULL || context->default_realms[0] == NULL) { krb5_error_code ret = krb5_set_default_realm (context, NULL); - if (ret) + if (ret) { + krb5_set_error_string(context, "no default realm configured"); return KRB5_CONFIG_NODEFREALM; + } } res = strdup (context->default_realms[0]); diff --git a/crypto/heimdal/lib/krb5/get_for_creds.c b/crypto/heimdal/lib/krb5/get_for_creds.c index febd061f49bc..4317423bc88d 100644 --- a/crypto/heimdal/lib/krb5/get_for_creds.c +++ b/crypto/heimdal/lib/krb5/get_for_creds.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: get_for_creds.c,v 1.29 2001/05/14 22:49:55 assar Exp $"); +RCSID("$Id: get_for_creds.c,v 1.31 2001/07/19 17:33:22 assar Exp $"); static krb5_error_code add_addrs(krb5_context context, @@ -79,7 +79,10 @@ fail: } /* - * + * Forward credentials for `client' to host `hostname`, + * making them forwardable if `forwardable', and returning the + * blob of data to sent in `out_data'. + * If hostname == NULL, pick it from `server' */ krb5_error_code @@ -95,16 +98,39 @@ krb5_fwd_tgt_creds (krb5_context context, krb5_flags flags = 0; krb5_creds creds; krb5_error_code ret; + krb5_const_realm client_realm; flags |= KDC_OPT_FORWARDED; if (forwardable) flags |= KDC_OPT_FORWARDABLE; + if (hostname == NULL && + krb5_principal_get_type(context, server) == KRB5_NT_SRV_HST) { + const char *inst = krb5_principal_get_comp_string(context, server, 0); + const char *host = krb5_principal_get_comp_string(context, server, 1); + + if (inst != NULL && + strcmp(inst, "host") == 0 && + host != NULL && + krb5_principal_get_comp_string(context, server, 2) == NULL) + hostname = host; + } + + client_realm = krb5_principal_get_realm(context, client); memset (&creds, 0, sizeof(creds)); creds.client = client; - creds.server = server; + + ret = krb5_build_principal(context, + &creds.server, + strlen(client_realm), + client_realm, + KRB5_TGS_NAME, + client_realm, + NULL); + if (ret) + return ret; ret = krb5_get_forwarded_creds (context, auth_context, @@ -214,12 +240,20 @@ krb5_get_forwarded_creds (krb5_context context, *enc_krb_cred_part.usec = usec; if (auth_context->local_address && auth_context->local_port) { - ret = krb5_make_addrport (context, - &enc_krb_cred_part.s_address, - auth_context->local_address, - auth_context->local_port); - if (ret) - goto out4; + krb5_boolean noaddr; + const krb5_realm *realm; + + realm = krb5_princ_realm(context, out_creds->server); + krb5_appdefault_boolean(context, NULL, *realm, "no-addresses", FALSE, + &noaddr); + if (!noaddr) { + ret = krb5_make_addrport (context, + &enc_krb_cred_part.s_address, + auth_context->local_address, + auth_context->local_port); + if (ret) + goto out4; + } } if (auth_context->remote_address) { diff --git a/crypto/heimdal/lib/krb5/get_in_tkt.c b/crypto/heimdal/lib/krb5/get_in_tkt.c index bb023b1fabe4..aa72bbccab6c 100644 --- a/crypto/heimdal/lib/krb5/get_in_tkt.c +++ b/crypto/heimdal/lib/krb5/get_in_tkt.c @@ -33,12 +33,12 @@ #include "krb5_locl.h" -RCSID("$Id: get_in_tkt.c,v 1.100 2001/05/14 06:14:48 assar Exp $"); +RCSID("$Id: get_in_tkt.c,v 1.103 2002/01/06 23:10:06 assar Exp $"); krb5_error_code krb5_init_etype (krb5_context context, unsigned *len, - int **val, + krb5_enctype **val, const krb5_enctype *etypes) { int i; @@ -58,7 +58,7 @@ krb5_init_etype (krb5_context context, for (i = 0; tmp[i]; ++i) ; *len = i; - *val = malloc(i * sizeof(int)); + *val = malloc(i * sizeof(**val)); if (i != 0 && *val == NULL) { ret = ENOMEM; krb5_set_error_string(context, "malloc: out of memory"); @@ -370,14 +370,14 @@ add_padata(krb5_context context, krb5_principal client, krb5_key_proc key_proc, krb5_const_pointer keyseed, - int *enctypes, + krb5_enctype *enctypes, unsigned netypes, krb5_salt *salt) { krb5_error_code ret; PA_DATA *pa2; krb5_salt salt2; - int *ep; + krb5_enctype *ep; int i; if(salt == NULL) { @@ -386,7 +386,7 @@ add_padata(krb5_context context, salt = &salt2; } if (!enctypes) { - enctypes = (int *)context->etypes; /* XXX */ + enctypes = context->etypes; netypes = 0; for (ep = enctypes; *ep != ETYPE_NULL; ep++) netypes++; @@ -505,8 +505,13 @@ init_as_req (krb5_context context, if (addrs) ret = krb5_copy_addresses(context, addrs, a->req_body.addresses); - else + else { ret = krb5_get_all_client_addrs (context, a->req_body.addresses); + if(ret == 0 && a->req_body.addresses->len == 0) { + free(a->req_body.addresses); + a->req_body.addresses = NULL; + } + } if (ret) return ret; } @@ -726,6 +731,7 @@ krb5_get_in_cred(krb5_context context, done = 0; preauth = my_preauth; krb5_free_error_contents(context, &error); + krb5_clear_error_string(context); continue; } if(ret_as_reply) diff --git a/crypto/heimdal/lib/krb5/heim_err.et b/crypto/heimdal/lib/krb5/heim_err.et index 09145f2dea25..67642a53db55 100644 --- a/crypto/heimdal/lib/krb5/heim_err.et +++ b/crypto/heimdal/lib/krb5/heim_err.et @@ -3,7 +3,7 @@ # # This might look like a com_err file, but is not # -id "$Id: heim_err.et,v 1.10 2000/07/08 13:02:11 joda Exp $" +id "$Id: heim_err.et,v 1.12 2001/06/21 03:51:36 assar Exp $" error_table heim @@ -16,6 +16,7 @@ error_code NOHOST, "Host not found" error_code OPNOTSUPP, "Operation not supported" error_code EOF, "End of file" error_code BAD_MKEY, "Failed to get the master key" +error_code SERVICE_NOMATCH, "Unacceptable service used" index 128 prefix HEIM_EAI @@ -32,5 +33,4 @@ error_code NONAME, "nodename nor servname provided, or not known" error_code SERVICE, "servname not supported for ai_socktype" error_code SOCKTYPE, "ai_socktype not supported" error_code SYSTEM, "system error returned in errno" - end diff --git a/crypto/heimdal/lib/krb5/init_creds.c b/crypto/heimdal/lib/krb5/init_creds.c index f6c571adda7f..6f9300596ec2 100644 --- a/crypto/heimdal/lib/krb5/init_creds.c +++ b/crypto/heimdal/lib/krb5/init_creds.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: init_creds.c,v 1.5 2001/01/05 16:27:39 joda Exp $"); +RCSID("$Id: init_creds.c,v 1.9 2001/07/03 18:42:07 assar Exp $"); void krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt) @@ -42,29 +42,90 @@ krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt) opt->flags = 0; } +static int +get_config_time (krb5_context context, + const char *realm, + const char *name, + int def) +{ + int ret; + + ret = krb5_config_get_time (context, NULL, + "realms", + realm, + name, + NULL); + if (ret >= 0) + return ret; + ret = krb5_config_get_time (context, NULL, + "libdefaults", + name, + NULL); + if (ret >= 0) + return ret; + return def; +} + +static krb5_boolean +get_config_bool (krb5_context context, + const char *realm, + const char *name) +{ + return krb5_config_get_bool (context, + NULL, + "realms", + realm, + name, + NULL) + || krb5_config_get_bool (context, + NULL, + "libdefaults", + name, + NULL); +} + +/* + * set all the values in `opt' to the appropriate values for + * application `appname' (default to getprogname() if NULL), and realm + * `realm'. First looks in [appdefaults] but falls back to + * [realms] or [libdefaults] for some of the values. + */ + +static krb5_addresses no_addrs = {0, NULL}; + void krb5_get_init_creds_opt_set_default_flags(krb5_context context, const char *appname, - krb5_realm realm, + krb5_const_realm realm, krb5_get_init_creds_opt *opt) { krb5_boolean b; time_t t; - krb5_appdefault_boolean(context, appname, realm, "forwardable", FALSE, &b); + b = get_config_bool (context, realm, "forwardable"); + krb5_appdefault_boolean(context, appname, realm, "forwardable", b, &b); krb5_get_init_creds_opt_set_forwardable(opt, b); - krb5_appdefault_boolean(context, appname, realm, "proxiable", FALSE, &b); + b = get_config_bool (context, realm, "proxiable"); + krb5_appdefault_boolean(context, appname, realm, "proxiable", b, &b); krb5_get_init_creds_opt_set_proxiable (opt, b); - krb5_appdefault_time(context, appname, realm, "ticket_life", 0, &t); + krb5_appdefault_time(context, appname, realm, "ticket_lifetime", 0, &t); + if (t == 0) + t = get_config_time (context, realm, "ticket_lifetime", 0); if(t != 0) krb5_get_init_creds_opt_set_tkt_life(opt, t); - krb5_appdefault_time(context, appname, realm, "renewable_life", 0, &t); + krb5_appdefault_time(context, appname, realm, "renew_lifetime", 0, &t); + if (t == 0) + t = get_config_time (context, realm, "renew_lifetime", 0); if(t != 0) krb5_get_init_creds_opt_set_renew_life(opt, t); + krb5_appdefault_boolean(context, appname, realm, "no-addresses", FALSE, &b); + if (b) + krb5_get_init_creds_opt_set_address_list (opt, &no_addrs); + #if 0 krb5_appdefault_boolean(context, appname, realm, "anonymous", FALSE, &b); krb5_get_init_creds_opt_set_anonymous (opt, b); @@ -78,8 +139,6 @@ krb5_get_init_creds_opt_set_default_flags(krb5_context context, krb5_get_init_creds_opt_set_preauth_list(krb5_get_init_creds_opt *opt, krb5_preauthtype *preauth_list, int preauth_list_length); - krb5_get_init_creds_opt_set_address_list(krb5_get_init_creds_opt *opt, - krb5_addresses *addresses); #endif } diff --git a/crypto/heimdal/lib/krb5/init_creds_pw.c b/crypto/heimdal/lib/krb5/init_creds_pw.c index daa704febd05..e04d9f1c267a 100644 --- a/crypto/heimdal/lib/krb5/init_creds_pw.c +++ b/crypto/heimdal/lib/krb5/init_creds_pw.c @@ -33,12 +33,12 @@ #include "krb5_locl.h" -RCSID("$Id: init_creds_pw.c,v 1.47 2001/05/14 06:14:48 assar Exp $"); +RCSID("$Id: init_creds_pw.c,v 1.51 2001/09/18 09:36:39 joda Exp $"); static int get_config_time (krb5_context context, - char *realm, - char *name, + const char *realm, + const char *name, int def) { int ret; @@ -59,24 +59,6 @@ get_config_time (krb5_context context, return def; } -static krb5_boolean -get_config_bool (krb5_context context, - char *realm, - char *name) -{ - return krb5_config_get_bool (context, - NULL, - "realms", - realm, - name, - NULL) - || krb5_config_get_bool (context, - NULL, - "libdefaults", - name, - NULL); -} - static krb5_error_code init_cred (krb5_context context, krb5_creds *cred, @@ -111,22 +93,13 @@ init_cred (krb5_context context, if (options->flags & KRB5_GET_INIT_CREDS_OPT_TKT_LIFE) tmp = options->tkt_life; else - tmp = get_config_time (context, - *client_realm, - "ticket_lifetime", - 10 * 60 * 60); + tmp = 10 * 60 * 60; cred->times.endtime = now + tmp; - tmp = 0; - if (options->flags & KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE) - tmp = options->renew_life; - else - tmp = get_config_time (context, - *client_realm, - "renew_lifetime", - 0); - if (tmp) - cred->times.renew_till = now + tmp; + if ((options->flags & KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE) && + options->renew_life > 0) { + cred->times.renew_till = now + options->renew_life; + } if (in_tkt_service) { krb5_realm server_realm; @@ -135,7 +108,7 @@ init_cred (krb5_context context, if (ret) goto out; server_realm = strdup (*client_realm); - free (cred->server->realm); + free (*krb5_princ_realm(context, cred->server)); krb5_princ_set_realm (context, cred->server, &server_realm); } else { ret = krb5_make_principal(context, &cred->server, @@ -231,17 +204,9 @@ get_init_creds_common(krb5_context context, if (options->flags & KRB5_GET_INIT_CREDS_OPT_FORWARDABLE) flags->b.forwardable = options->forwardable; - else - flags->b.forwardable = get_config_bool (context, - *client_realm, - "forwardable"); if (options->flags & KRB5_GET_INIT_CREDS_OPT_PROXIABLE) flags->b.proxiable = options->proxiable; - else - flags->b.proxiable = get_config_bool (context, - *client_realm, - "proxiable"); if (start_time) flags->b.postdated = 1; @@ -292,7 +257,7 @@ change_password (krb5_context context, krb5_error_code ret; krb5_creds cpw_cred; char buf1[BUFSIZ], buf2[BUFSIZ]; - krb5_data password_data; + krb5_data password_data[2]; int result_code; krb5_data result_code_string; krb5_data result_string; @@ -326,20 +291,20 @@ change_password (krb5_context context, goto out; for(;;) { - password_data.data = buf1; - password_data.length = sizeof(buf1); + password_data[0].data = buf1; + password_data[0].length = sizeof(buf1); prompts[0].hidden = 1; prompts[0].prompt = "New password: "; - prompts[0].reply = &password_data; + prompts[0].reply = &password_data[0]; prompts[0].type = KRB5_PROMPT_TYPE_NEW_PASSWORD; - password_data.data = buf2; - password_data.length = sizeof(buf2); + password_data[1].data = buf2; + password_data[1].length = sizeof(buf2); prompts[1].hidden = 1; prompts[1].prompt = "Repeat new password: "; - prompts[1].reply = &password_data; + prompts[1].reply = &password_data[1]; prompts[1].type = KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN; ret = (*prompter) (context, data, NULL, "Changing password", @@ -561,6 +526,8 @@ krb5_get_init_creds_keytab(krb5_context context, NULL, &this_cred, NULL); + free (a); + if (ret) goto out; free (pre_auth_types); diff --git a/crypto/heimdal/lib/krb5/k524_err.et b/crypto/heimdal/lib/krb5/k524_err.et new file mode 100644 index 000000000000..2dc60f46ae2b --- /dev/null +++ b/crypto/heimdal/lib/krb5/k524_err.et @@ -0,0 +1,20 @@ +# +# Error messages for the k524 functions +# +# This might look like a com_err file, but is not +# +id "$Id: k524_err.et,v 1.1 2001/06/20 02:44:11 joda Exp $" + +error_table k524 + +prefix KRB524 +error_code BADKEY, "wrong keytype in ticket" +error_code BADADDR, "incorrect network address" +error_code BADPRINC, "cannot convert V5 principal" #unused +error_code BADREALM, "V5 realm name longer than V4 maximum" #unused +error_code V4ERR, "kerberos V4 error server" +error_code ENCFULL, "encoding too large at server" +error_code DECEMPTY, "decoding out of data" #unused +error_code NOTRESP, "service not responding" #unused +end + diff --git a/crypto/heimdal/lib/krb5/kerberos.8 b/crypto/heimdal/lib/krb5/kerberos.8 index 10f2dab75830..1d19152f144f 100644 --- a/crypto/heimdal/lib/krb5/kerberos.8 +++ b/crypto/heimdal/lib/krb5/kerberos.8 @@ -1,4 +1,4 @@ -.\" $Id: kerberos.8,v 1.2 2001/05/02 08:59:23 assar Exp $ +.\" $Id: kerberos.8,v 1.4 2001/07/12 08:42:27 assar Exp $ .\" .Dd September 1, 2000 .Dt KERBEROS 8 @@ -7,7 +7,7 @@ .Nm kerberos .Nd introduction to the Kerberos system .Sh DESCRIPTION -Kerberos is a network authentication system. It's purpose is to +Kerberos is a network authentication system. Its purpose is to securely authenticate users and services in an insecure network environment. .Pp @@ -46,7 +46,7 @@ questions see the Kerberos FAQ at .Pp For setup instructions see the Heimdal Texinfo manual. .Sh SEE ALSO -.Xr ftp 1 +.Xr ftp 1 , .Xr kdestroy 1 , .Xr kinit 1 , .Xr klist 1 , diff --git a/crypto/heimdal/lib/krb5/keytab.c b/crypto/heimdal/lib/krb5/keytab.c index bde443a91d24..815044bbca3f 100644 --- a/crypto/heimdal/lib/krb5/keytab.c +++ b/crypto/heimdal/lib/krb5/keytab.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab.c,v 1.50 2001/05/14 06:14:48 assar Exp $"); +RCSID("$Id: keytab.c,v 1.52 2002/01/30 10:09:35 joda Exp $"); /* * Register a new keytab in `ops' @@ -88,7 +88,7 @@ krb5_kt_resolve(krb5_context context, } for(i = 0; i < context->num_kt_types; i++) { - if(strncmp(type, context->kt_types[i].prefix, type_len) == 0) + if(strncasecmp(type, context->kt_types[i].prefix, type_len) == 0) break; } if(i == context->num_kt_types) { @@ -136,7 +136,23 @@ krb5_kt_default_name(krb5_context context, char *name, size_t namesize) krb5_error_code krb5_kt_default_modify_name(krb5_context context, char *name, size_t namesize) { - if (strlcpy (name, context->default_keytab_modify, namesize) >= namesize) { + const char *kt = NULL; + if(context->default_keytab_modify == NULL) { + if(strncasecmp(context->default_keytab, "ANY:", 4) != 0) + kt = context->default_keytab; + else { + size_t len = strcspn(context->default_keytab + 4, ","); + if(len >= namesize) { + krb5_clear_error_string(context); + return KRB5_CONFIG_NOTENUFSPACE; + } + strlcpy(name, context->default_keytab + 4, namesize); + name[len] = '\0'; + return 0; + } + } else + kt = context->default_keytab_modify; + if (strlcpy (name, kt, namesize) >= namesize) { krb5_clear_error_string (context); return KRB5_CONFIG_NOTENUFSPACE; } diff --git a/crypto/heimdal/lib/krb5/keytab_any.c b/crypto/heimdal/lib/krb5/keytab_any.c index 490a8f3ecd22..5c6dde84a488 100644 --- a/crypto/heimdal/lib/krb5/keytab_any.c +++ b/crypto/heimdal/lib/krb5/keytab_any.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001 Kungliga Tekniska Högskolan + * Copyright (c) 2001, 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_any.c,v 1.2 2001/05/14 06:14:48 assar Exp $"); +RCSID("$Id: keytab_any.c,v 1.5 2002/02/11 14:05:37 joda Exp $"); struct any_data { krb5_keytab kt; @@ -68,7 +68,7 @@ any_resolve(krb5_context context, const char *name, krb5_keytab id) } if (a0 == NULL) { a0 = a; - a->name = strdup(name); + a->name = strdup(buf); if (a->name == NULL) { krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; @@ -139,11 +139,9 @@ any_start_seq_get(krb5_context context, ed->a = a; ret = krb5_kt_start_seq_get(context, ed->a->kt, &ed->cursor); if (ret) { - free (ed); free (c->data); c->data = NULL; - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; + return ret; } return 0; } @@ -166,14 +164,15 @@ any_next_entry (krb5_context context, ret2 = krb5_kt_end_seq_get (context, ed->a->kt, &ed->cursor); if (ret2) return ret2; - ed->a = ed->a->next; + while ((ed->a = ed->a->next) != NULL) { + ret2 = krb5_kt_start_seq_get(context, ed->a->kt, &ed->cursor); + if (ret2 == 0) + break; + } if (ed->a == NULL) { krb5_clear_error_string (context); return KRB5_CC_END; } - ret2 = krb5_kt_start_seq_get(context, ed->a->kt, &ed->cursor); - if (ret2) - return ret2; } else return ret; } while (ret == KRB5_CC_END); @@ -196,6 +195,51 @@ any_end_seq_get(krb5_context context, return ret; } +static krb5_error_code +any_add_entry(krb5_context context, + krb5_keytab id, + krb5_keytab_entry *entry) +{ + struct any_data *a = id->data; + krb5_error_code ret; + while(a != NULL) { + ret = krb5_kt_add_entry(context, a->kt, entry); + if(ret != 0 && ret != KRB5_KT_NOWRITE) { + krb5_set_error_string(context, "failed to add entry to %s", + a->name); + return ret; + } + a = a->next; + } + return 0; +} + +static krb5_error_code +any_remove_entry(krb5_context context, + krb5_keytab id, + krb5_keytab_entry *entry) +{ + struct any_data *a = id->data; + krb5_error_code ret; + int found = 0; + while(a != NULL) { + ret = krb5_kt_remove_entry(context, a->kt, entry); + if(ret == 0) + found++; + else { + if(ret != KRB5_KT_NOWRITE && ret != KRB5_KT_NOTFOUND) { + krb5_set_error_string(context, "failed to remove entry from %s", + a->name); + return ret; + } + } + a = a->next; + } + if(!found) + return KRB5_KT_NOTFOUND; + return 0; +} + const krb5_kt_ops krb5_any_ops = { "ANY", any_resolve, @@ -205,6 +249,6 @@ const krb5_kt_ops krb5_any_ops = { any_start_seq_get, any_next_entry, any_end_seq_get, - NULL, /* add_entry */ - NULL /* remote_entry */ + any_add_entry, + any_remove_entry }; diff --git a/crypto/heimdal/lib/krb5/keytab_keyfile.c b/crypto/heimdal/lib/krb5/keytab_keyfile.c index 2403412a9d45..61e2bcae9fa5 100644 --- a/crypto/heimdal/lib/krb5/keytab_keyfile.c +++ b/crypto/heimdal/lib/krb5/keytab_keyfile.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_keyfile.c,v 1.11 2001/05/14 06:14:49 assar Exp $"); +RCSID("$Id: keytab_keyfile.c,v 1.12 2002/02/15 14:32:52 joda Exp $"); /* afs keyfile operations --------------------------------------- */ @@ -286,6 +286,13 @@ akf_add_entry(krb5_context context, struct akf_data *d = id->data; int fd, created = 0; krb5_error_code ret; + int32_t len; + krb5_storage *sp; + + + if (entry->keyblock.keyvalue.length != 8 + || entry->keyblock.keytype != ETYPE_DES_CBC_MD5) + return 0; fd = open (d->filename, O_RDWR | O_BINARY); if (fd < 0) { @@ -300,38 +307,15 @@ akf_add_entry(krb5_context context, created = 1; } - if (entry->keyblock.keyvalue.length == 8 - && entry->keyblock.keytype == ETYPE_DES_CBC_MD5) { - - int32_t len; - krb5_storage *sp; - - sp = krb5_storage_from_fd(fd); - if(sp == NULL) { - close(fd); - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - if (created) - len = 0; - else { - if((*sp->seek)(sp, 0, SEEK_SET) < 0) { - ret = errno; - krb5_storage_free(sp); - close(fd); - krb5_set_error_string (context, "seek: %s", strerror(ret)); - return ret; - } - - ret = krb5_ret_int32(sp, &len); - if(ret) { - krb5_storage_free(sp); - close(fd); - return ret; - } - } - len++; - + sp = krb5_storage_from_fd(fd); + if(sp == NULL) { + close(fd); + krb5_set_error_string (context, "malloc: out of memory"); + return ENOMEM; + } + if (created) + len = 0; + else { if((*sp->seek)(sp, 0, SEEK_SET) < 0) { ret = errno; krb5_storage_free(sp); @@ -339,40 +323,56 @@ akf_add_entry(krb5_context context, krb5_set_error_string (context, "seek: %s", strerror(ret)); return ret; } - - ret = krb5_store_int32(sp, len); + + ret = krb5_ret_int32(sp, &len); if(ret) { krb5_storage_free(sp); close(fd); return ret; } + } + len++; + + if((*sp->seek)(sp, 0, SEEK_SET) < 0) { + ret = errno; + krb5_storage_free(sp); + close(fd); + krb5_set_error_string (context, "seek: %s", strerror(ret)); + return ret; + } + + ret = krb5_store_int32(sp, len); + if(ret) { + krb5_storage_free(sp); + close(fd); + return ret; + } - if((*sp->seek)(sp, (len - 1) * (8 + 4), SEEK_CUR) < 0) { - ret = errno; - krb5_storage_free(sp); - close(fd); - krb5_set_error_string (context, "seek: %s", strerror(ret)); - return ret; - } + if((*sp->seek)(sp, (len - 1) * (8 + 4), SEEK_CUR) < 0) { + ret = errno; + krb5_storage_free(sp); + close(fd); + krb5_set_error_string (context, "seek: %s", strerror(ret)); + return ret; + } - ret = krb5_store_int32(sp, entry->vno); - if(ret) { - krb5_storage_free(sp); - close(fd); - return ret; - } - ret = sp->store(sp, entry->keyblock.keyvalue.data, - entry->keyblock.keyvalue.length); - if(ret != entry->keyblock.keyvalue.length) { - krb5_storage_free(sp); - close(fd); - if(ret < 0) - return errno; - return ENOTTY; - } + ret = krb5_store_int32(sp, entry->vno); + if(ret) { + krb5_storage_free(sp); + close(fd); + return ret; + } + ret = sp->store(sp, entry->keyblock.keyvalue.data, + entry->keyblock.keyvalue.length); + if(ret != entry->keyblock.keyvalue.length) { krb5_storage_free(sp); + close(fd); + if(ret < 0) + return errno; + return ENOTTY; } + krb5_storage_free(sp); close (fd); return 0; } diff --git a/crypto/heimdal/lib/krb5/keytab_krb4.c b/crypto/heimdal/lib/krb5/keytab_krb4.c index 6915cac39442..3fc955d0143a 100644 --- a/crypto/heimdal/lib/krb5/keytab_krb4.c +++ b/crypto/heimdal/lib/krb5/keytab_krb4.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_krb4.c,v 1.8 2001/05/16 22:23:31 assar Exp $"); +RCSID("$Id: keytab_krb4.c,v 1.9 2002/02/11 14:05:10 joda Exp $"); struct krb4_kt_data { char *filename; @@ -87,6 +87,31 @@ struct krb4_cursor_extra_data { int num; }; +static int +open_flock(const char *filename, int flags, int mode) +{ + int lock_mode; + int tries = 0; + int fd = open(filename, flags, mode); + if(fd < 0) + return fd; + if((flags & O_ACCMODE) == O_RDONLY) + lock_mode = LOCK_SH | LOCK_NB; + else + lock_mode = LOCK_EX | LOCK_NB; + while(flock(fd, lock_mode) < 0) { + if(++tries < 5) { + sleep(1); + } else { + close(fd); + return -1; + } + } + return fd; +} + + + static krb5_error_code krb4_kt_start_seq_get_int (krb5_context context, krb5_keytab id, @@ -105,7 +130,7 @@ krb4_kt_start_seq_get_int (krb5_context context, ed->entry.principal = NULL; ed->num = -1; c->data = ed; - c->fd = open (d->filename, flags); + c->fd = open_flock (d->filename, flags, 0); if (c->fd < 0) { ret = errno; free (ed); @@ -228,24 +253,45 @@ krb4_kt_end_seq_get (krb5_context context, } static krb5_error_code -krb4_kt_add_entry (krb5_context context, - krb5_keytab id, - krb5_keytab_entry *entry) +krb4_store_keytab_entry(krb5_context context, + krb5_keytab_entry *entry, + krb5_storage *sp) { - struct krb4_kt_data *d = id->data; krb5_error_code ret; - int fd; #define ANAME_SZ 40 #define INST_SZ 40 #define REALM_SZ 40 char service[ANAME_SZ]; char instance[INST_SZ]; char realm[REALM_SZ]; - int8_t kvno; + ret = krb5_524_conv_principal (context, entry->principal, + service, instance, realm); + if (ret) + return ret; + if (entry->keyblock.keyvalue.length == 8 + && entry->keyblock.keytype == ETYPE_DES_CBC_MD5) { + ret = krb5_store_stringz(sp, service); + ret = krb5_store_stringz(sp, instance); + ret = krb5_store_stringz(sp, realm); + ret = krb5_store_int8(sp, entry->vno); + ret = (*sp->store)(sp, entry->keyblock.keyvalue.data, 8); + } + return 0; +} - fd = open (d->filename, O_WRONLY | O_APPEND | O_BINARY); +static krb5_error_code +krb4_kt_add_entry (krb5_context context, + krb5_keytab id, + krb5_keytab_entry *entry) +{ + struct krb4_kt_data *d = id->data; + krb5_storage *sp; + krb5_error_code ret; + int fd; + + fd = open_flock (d->filename, O_WRONLY | O_APPEND | O_BINARY, 0); if (fd < 0) { - fd = open (d->filename, + fd = open_flock (d->filename, O_WRONLY | O_APPEND | O_BINARY | O_CREAT, 0600); if (fd < 0) { ret = errno; @@ -254,25 +300,104 @@ krb4_kt_add_entry (krb5_context context, return ret; } } - ret = krb5_524_conv_principal (context, entry->principal, - service, instance, realm); - if (ret) { - close (fd); - return ret; + sp = krb5_storage_from_fd(fd); + if(sp == NULL) { + close(fd); + return ENOMEM; } - if (entry->keyblock.keyvalue.length == 8 - && entry->keyblock.keytype == ETYPE_DES_CBC_MD5) { - write(fd, service, strlen(service)+1); - write(fd, instance, strlen(instance)+1); - write(fd, realm, strlen(realm)+1); - kvno = entry->vno; - write(fd, &kvno, sizeof(kvno)); - write(fd, entry->keyblock.keyvalue.data, 8); + ret = krb4_store_keytab_entry(context, entry, sp); + krb5_storage_free(sp); + if(close (fd) < 0) + return errno; + return ret; +} + +static krb5_error_code +krb4_kt_remove_entry(krb5_context context, + krb5_keytab id, + krb5_keytab_entry *entry) +{ + struct krb4_kt_data *d = id->data; + krb5_error_code ret; + krb5_keytab_entry e; + krb5_kt_cursor cursor; + krb5_storage *sp; + int remove_flag = 0; + + sp = krb5_storage_emem(); + ret = krb5_kt_start_seq_get(context, id, &cursor); + while(krb5_kt_next_entry(context, id, &e, &cursor) == 0) { + if(!krb5_kt_compare(context, &e, entry->principal, + entry->vno, entry->keyblock.keytype)) { + ret = krb4_store_keytab_entry(context, &e, sp); + if(ret) { + krb5_storage_free(sp); + return ret; + } + } else + remove_flag = 1; } - close (fd); - return 0; + krb5_kt_end_seq_get(context, id, &cursor); + if(remove_flag) { + int fd; + unsigned char buf[1024]; + ssize_t n; + krb5_data data; + struct stat st; + + krb5_storage_to_data(sp, &data); + krb5_storage_free(sp); + + fd = open_flock (d->filename, O_RDWR | O_BINARY, 0); + if(fd < 0) { + memset(data.data, 0, data.length); + krb5_data_free(&data); + if(errno == EACCES || errno == EROFS) + return KRB5_KT_NOWRITE; + return errno; + } + + if(write(fd, data.data, data.length) != data.length) { + memset(data.data, 0, data.length); + close(fd); + krb5_set_error_string(context, "failed writing to \"%s\"", d->filename); + return errno; + } + memset(data.data, 0, data.length); + if(fstat(fd, &st) < 0) { + close(fd); + krb5_set_error_string(context, "failed getting size of \"%s\"", d->filename); + return errno; + } + st.st_size -= data.length; + memset(buf, 0, sizeof(buf)); + while(st.st_size > 0) { + n = min(st.st_size, sizeof(buf)); + n = write(fd, buf, n); + if(n <= 0) { + close(fd); + krb5_set_error_string(context, "failed writing to \"%s\"", d->filename); + return errno; + + } + st.st_size -= n; + } + if(ftruncate(fd, data.length) < 0) { + close(fd); + krb5_set_error_string(context, "failed truncating \"%s\"", d->filename); + return errno; + } + krb5_data_free(&data); + if(close(fd) < 0) { + krb5_set_error_string(context, "error closing \"%s\"", d->filename); + return errno; + } + return 0; + } else + return KRB5_KT_NOTFOUND; } + const krb5_kt_ops krb4_fkt_ops = { "krb4", krb4_kt_resolve, @@ -283,7 +408,7 @@ const krb5_kt_ops krb4_fkt_ops = { krb4_kt_next_entry, krb4_kt_end_seq_get, krb4_kt_add_entry, /* add_entry */ - NULL /* remove_entry */ + krb4_kt_remove_entry /* remove_entry */ }; const krb5_kt_ops krb5_srvtab_fkt_ops = { @@ -296,5 +421,5 @@ const krb5_kt_ops krb5_srvtab_fkt_ops = { krb4_kt_next_entry, krb4_kt_end_seq_get, krb4_kt_add_entry, /* add_entry */ - NULL /* remove_entry */ + krb4_kt_remove_entry /* remove_entry */ }; diff --git a/crypto/heimdal/lib/krb5/krb5-protos.h b/crypto/heimdal/lib/krb5/krb5-protos.h index 1f0fdf9c3c34..d40889c534fd 100644 --- a/crypto/heimdal/lib/krb5/krb5-protos.h +++ b/crypto/heimdal/lib/krb5/krb5-protos.h @@ -20,6 +20,12 @@ krb5_error_code krb524_convert_creds_kdc __P(( krb5_context context, + krb5_creds *in_cred, + struct credentials *v4creds)); + +krb5_error_code +krb524_convert_creds_kdc_ccache __P(( + krb5_context context, krb5_ccache ccache, krb5_creds *in_cred, struct credentials *v4creds)); @@ -90,6 +96,11 @@ krb5_add_extra_addresses __P(( krb5_addresses *addresses)); krb5_error_code +krb5_add_ignore_addresses __P(( + krb5_context context, + krb5_addresses *addresses)); + +krb5_error_code krb5_addlog_dest __P(( krb5_context context, krb5_log_facility *f, @@ -150,7 +161,7 @@ void krb5_appdefault_boolean __P(( krb5_context context, const char *appname, - krb5_realm realm, + krb5_const_realm realm, const char *option, krb5_boolean def_val, krb5_boolean *ret_val)); @@ -159,7 +170,7 @@ void krb5_appdefault_string __P(( krb5_context context, const char *appname, - krb5_realm realm, + krb5_const_realm realm, const char *option, const char *def_val, char **ret_val)); @@ -168,7 +179,7 @@ void krb5_appdefault_time __P(( krb5_context context, const char *appname, - krb5_realm realm, + krb5_const_realm realm, const char *option, time_t def_val, time_t *ret_val)); @@ -199,6 +210,18 @@ krb5_auth_con_getaddrs __P(( krb5_address **remote_addr)); krb5_error_code +krb5_auth_con_getauthenticator __P(( + krb5_context context, + krb5_auth_context auth_context, + krb5_authenticator *authenticator)); + +krb5_error_code +krb5_auth_con_getcksumtype __P(( + krb5_context context, + krb5_auth_context auth_context, + krb5_cksumtype *cksumtype)); + +krb5_error_code krb5_auth_con_getflags __P(( krb5_context context, krb5_auth_context auth_context, @@ -211,6 +234,18 @@ krb5_auth_con_getkey __P(( krb5_keyblock **keyblock)); krb5_error_code +krb5_auth_con_getkeytype __P(( + krb5_context context, + krb5_auth_context auth_context, + krb5_keytype *keytype)); + +krb5_error_code +krb5_auth_con_getlocalseqnumber __P(( + krb5_context context, + krb5_auth_context auth_context, + int32_t *seqnumber)); + +krb5_error_code krb5_auth_con_getlocalsubkey __P(( krb5_context context, krb5_auth_context auth_context, @@ -247,64 +282,64 @@ krb5_auth_con_setaddrs_from_fd __P(( void *p_fd)); krb5_error_code -krb5_auth_con_setflags __P(( +krb5_auth_con_setcksumtype __P(( krb5_context context, krb5_auth_context auth_context, - int32_t flags)); + krb5_cksumtype cksumtype)); krb5_error_code -krb5_auth_con_setkey __P(( +krb5_auth_con_setflags __P(( krb5_context context, krb5_auth_context auth_context, - krb5_keyblock *keyblock)); + int32_t flags)); krb5_error_code -krb5_auth_con_setlocalsubkey __P(( +krb5_auth_con_setkey __P(( krb5_context context, krb5_auth_context auth_context, krb5_keyblock *keyblock)); krb5_error_code -krb5_auth_con_setrcache __P(( +krb5_auth_con_setkeytype __P(( krb5_context context, krb5_auth_context auth_context, - krb5_rcache rcache)); + krb5_keytype keytype)); krb5_error_code -krb5_auth_con_setremotesubkey __P(( +krb5_auth_con_setlocalseqnumber __P(( krb5_context context, krb5_auth_context auth_context, - krb5_keyblock *keyblock)); + int32_t seqnumber)); krb5_error_code -krb5_auth_con_setuserkey __P(( +krb5_auth_con_setlocalsubkey __P(( krb5_context context, krb5_auth_context auth_context, krb5_keyblock *keyblock)); krb5_error_code -krb5_auth_getauthenticator __P(( +krb5_auth_con_setrcache __P(( krb5_context context, krb5_auth_context auth_context, - krb5_authenticator *authenticator)); + krb5_rcache rcache)); krb5_error_code -krb5_auth_getcksumtype __P(( +krb5_auth_con_setremoteseqnumber __P(( krb5_context context, krb5_auth_context auth_context, - krb5_cksumtype *cksumtype)); + int32_t seqnumber)); krb5_error_code -krb5_auth_getkeytype __P(( +krb5_auth_con_setremotesubkey __P(( krb5_context context, krb5_auth_context auth_context, - krb5_keytype *keytype)); + krb5_keyblock *keyblock)); krb5_error_code -krb5_auth_getlocalseqnumber __P(( +krb5_auth_con_setuserkey __P(( krb5_context context, krb5_auth_context auth_context, - int32_t *seqnumber)); + krb5_keyblock *keyblock)); krb5_error_code krb5_auth_getremoteseqnumber __P(( @@ -313,30 +348,6 @@ krb5_auth_getremoteseqnumber __P(( int32_t *seqnumber)); krb5_error_code -krb5_auth_setcksumtype __P(( - krb5_context context, - krb5_auth_context auth_context, - krb5_cksumtype cksumtype)); - -krb5_error_code -krb5_auth_setkeytype __P(( - krb5_context context, - krb5_auth_context auth_context, - krb5_keytype keytype)); - -krb5_error_code -krb5_auth_setlocalseqnumber __P(( - krb5_context context, - krb5_auth_context auth_context, - int32_t seqnumber)); - -krb5_error_code -krb5_auth_setremoteseqnumber __P(( - krb5_context context, - krb5_auth_context auth_context, - int32_t seqnumber)); - -krb5_error_code krb5_build_ap_req __P(( krb5_context context, krb5_enctype enctype, @@ -1349,6 +1360,11 @@ krb5_get_host_realm_int __P(( krb5_realm **realms)); krb5_error_code +krb5_get_ignore_addresses __P(( + krb5_context context, + krb5_addresses *addresses)); + +krb5_error_code krb5_get_in_cred __P(( krb5_context context, krb5_flags options, @@ -1441,7 +1457,7 @@ void krb5_get_init_creds_opt_set_default_flags __P(( krb5_context context, const char *appname, - krb5_realm realm, + krb5_const_realm realm, krb5_get_init_creds_opt *opt)); void @@ -1504,6 +1520,12 @@ krb5_get_kdc_cred __P(( krb5_creds **out_creds )); krb5_error_code +krb5_get_krb524hst __P(( + krb5_context context, + const krb5_realm *realm, + char ***hostlist)); + +krb5_error_code krb5_get_krb_admin_hst __P(( krb5_context context, const krb5_realm *realm, @@ -1581,7 +1603,7 @@ krb5_error_code krb5_init_etype __P(( krb5_context context, unsigned *len, - int **val, + krb5_enctype **val, const krb5_enctype *etypes)); krb5_error_code @@ -1611,14 +1633,14 @@ krb5_keytype_to_enctypes __P(( krb5_context context, krb5_keytype keytype, unsigned *len, - int **val)); + krb5_enctype **val)); krb5_error_code krb5_keytype_to_enctypes_default __P(( krb5_context context, krb5_keytype keytype, unsigned *len, - int **val)); + krb5_enctype **val)); krb5_error_code krb5_keytype_to_string __P(( @@ -1627,6 +1649,49 @@ krb5_keytype_to_string __P(( char **string)); krb5_error_code +krb5_krbhst_format_string __P(( + krb5_context context, + const krb5_krbhst_info *host, + char *hostname, + size_t hostlen)); + +void +krb5_krbhst_free __P(( + krb5_context context, + krb5_krbhst_handle handle)); + +krb5_error_code +krb5_krbhst_get_addrinfo __P(( + krb5_context context, + krb5_krbhst_info *host, + struct addrinfo **ai)); + +krb5_error_code +krb5_krbhst_init __P(( + krb5_context context, + const char *realm, + unsigned int type, + krb5_krbhst_handle *handle)); + +krb5_error_code +krb5_krbhst_next __P(( + krb5_context context, + krb5_krbhst_handle handle, + krb5_krbhst_info **host)); + +krb5_error_code +krb5_krbhst_next_as_string __P(( + krb5_context context, + krb5_krbhst_handle handle, + char *hostname, + size_t hostlen)); + +void +krb5_krbhst_reset __P(( + krb5_context context, + krb5_krbhst_handle handle)); + +krb5_error_code krb5_kt_add_entry __P(( krb5_context context, krb5_keytab id, @@ -1883,6 +1948,11 @@ krb5_parse_name __P(( const char *name, krb5_principal *principal)); +const char * +krb5_passwd_result_to_string __P(( + krb5_context context, + int result)); + krb5_error_code krb5_password_key_proc __P(( krb5_context context, @@ -1919,6 +1989,22 @@ krb5_principal_compare_any_realm __P(( krb5_const_principal princ1, krb5_const_principal princ2)); +const char * +krb5_principal_get_comp_string __P(( + krb5_context context, + krb5_principal principal, + unsigned int component)); + +const char * +krb5_principal_get_realm __P(( + krb5_context context, + krb5_principal principal)); + +int +krb5_principal_get_type __P(( + krb5_context context, + krb5_principal principal)); + krb5_boolean krb5_principal_match __P(( krb5_context context, @@ -2232,8 +2318,7 @@ krb5_error_code krb5_sendto __P(( krb5_context context, const krb5_data *send, - char **hostlist, - int port, + krb5_krbhst_handle handle, krb5_data *receive)); krb5_error_code @@ -2259,7 +2344,7 @@ krb5_set_default_in_tkt_etypes __P(( krb5_error_code krb5_set_default_realm __P(( krb5_context context, - char *realm)); + const char *realm)); krb5_error_code krb5_set_error_string __P(( @@ -2278,6 +2363,11 @@ krb5_set_fcache_version __P(( krb5_context context, int version)); +krb5_error_code +krb5_set_ignore_addresses __P(( + krb5_context context, + const krb5_addresses *addresses)); + void krb5_set_use_admin_kdc __P(( krb5_context context, @@ -2752,7 +2842,6 @@ krb5_error_code krb5_write_safe_message __P(( krb5_context context, krb5_auth_context ac, - krb5_boolean priv, krb5_pointer p_fd, krb5_data *data)); diff --git a/crypto/heimdal/lib/krb5/krb5.3 b/crypto/heimdal/lib/krb5/krb5.3 new file mode 100644 index 000000000000..830ee66ed2a3 --- /dev/null +++ b/crypto/heimdal/lib/krb5/krb5.3 @@ -0,0 +1,150 @@ +.\" $Id: krb5.3,v 1.1 2001/11/20 22:19:10 assar Exp $ +.\" +.Dd November 8, 2001 +.Dt KRB5 3 +.Os +.Sh NAME +.Nm krb5 +.Nd kerberos 5 library +.Sh LIBRARY +Kerberos 5 Library (libkrb5, -lkrb5) +.Sh DESCRIPTION +These functions constitute the kerberos 5 library, +.Em libkrb5 . +Declarations for these functions may be obtained from the include file +.Pa krb5/krb5.h . +.Sh LIST OF FUNCTIONS +.sp 2 +.nf +.ta \w'krb5_checksum_is_collision_proof.3'u+2n +\w'Description goes here'u +\fIName/Page\fP \fIDescription\fP +.ta \w'krb5_checksum_is_collision_proof.3'u+2n +\w'Description goes here'u+6nC +.sp 5p +krb5_425_conv_principal.3 +krb5_425_conv_principal_ext.3 +krb5_524_conv_principal.3 +krb5_addlog_dest.3 +krb5_addlog_func.3 +krb5_appdefault_boolean.3 +krb5_appdefault_string.3 +krb5_appdefault_time.3 +krb5_auth_con_free.3 +krb5_auth_con_genaddrs.3 +krb5_auth_con_getaddrs.3 +krb5_auth_con_getflags.3 +krb5_auth_con_getkey.3 +krb5_auth_con_getlocalsubkey.3 +krb5_auth_con_getrcache.3 +krb5_auth_con_getremotesubkey.3 +krb5_auth_con_getuserkey.3 +krb5_auth_con_init.3 +krb5_auth_con_initivector.3 +krb5_auth_con_setaddrs.3 +krb5_auth_con_setaddrs_from_fd.3 +krb5_auth_con_setflags.3 +krb5_auth_con_setivector.3 +krb5_auth_con_setkey.3 +krb5_auth_con_setlocalsubkey.3 +krb5_auth_con_setrcache.3 +krb5_auth_con_setremotesubkey.3 +krb5_auth_con_setuserkey.3 +krb5_auth_context.3 +krb5_auth_getauthenticator.3 +krb5_auth_getcksumtype.3 +krb5_auth_getkeytype.3 +krb5_auth_getlocalseqnumber.3 +krb5_auth_getremoteseqnumber.3 +krb5_auth_setcksumtype.3 +krb5_auth_setkeytype.3 +krb5_auth_setlocalseqnumber.3 +krb5_auth_setremoteseqnumber.3 +krb5_build_principal.3 +krb5_build_principal_ext.3 +krb5_build_principal_va.3 +krb5_build_principal_va_ext.3 +krb5_checksum_is_collision_proof.3 +krb5_checksum_is_keyed.3 +krb5_checksumsize.3 +krb5_closelog.3 +krb5_config_get_bool_default.3 +krb5_config_get_int_default.3 +krb5_config_get_string_default.3 +krb5_config_get_time_default.3 +krb5_context.3 +krb5_create_checksum.3 +krb5_crypto_destroy.3 +krb5_crypto_init.3 +krb5_decrypt.3 +krb5_decrypt_EncryptedData.3 +krb5_encrypt.3 +krb5_encrypt_EncryptedData.3 +krb5_err.3 +krb5_errx.3 +krb5_free_context.3 +krb5_free_krbhst.3 +krb5_free_principal.3 +krb5_get_all_client_addrs.3 +krb5_get_all_server_addrs.3 +krb5_get_krb524hst.3 +krb5_get_krb_admin_hst.3 +krb5_get_krb_changepw_hst.3 +krb5_get_krbhst.3 +krb5_init_context.3 +krb5_initlog.3 +krb5_keytab_entry.3 +krb5_krbhst_format_string.3 +krb5_krbhst_free.3 +krb5_krbhst_get_addrinfo.3 +krb5_krbhst_init.3 +krb5_krbhst_next.3 +krb5_krbhst_next_as_string.3 +krb5_krbhst_reset.3 +krb5_kt_add_entry.3 +krb5_kt_close.3 +krb5_kt_compare.3 +krb5_kt_copy_entry_contents.3 +krb5_kt_cursor.3 +krb5_kt_cursor.3 +krb5_kt_default.3 +krb5_kt_default_name.3 +krb5_kt_end_seq_get.3 +krb5_kt_free_entry.3 +krb5_kt_get_entry.3 +krb5_kt_get_name.3 +krb5_kt_next_entry.3 +krb5_kt_ops.3 +krb5_kt_read_service_key.3 +krb5_kt_register.3 +krb5_kt_remove_entry.3 +krb5_kt_resolve.3.3 +krb5_kt_start_seq_get +krb5_log.3 +krb5_log_msg.3 +krb5_make_principal.3 +krb5_openlog.3 +krb5_parse_name.3 +krb5_principal.3 +krb5_principal_get_comp_string.3 +krb5_principal_get_realm.3 +krb5_set_warn_dest.3 +krb5_sname_to_principal.3 +krb5_sock_to_principal.3 +krb5_timeofday.3 +krb5_unparse_name.3 +krb5_us_timeofday.3 +krb5_verify_checksum.3 +krb5_verify_user.3 +krb5_verify_user_lrealm.3 +krb5_verr.3 +krb5_verrx.3 +krb5_vlog.3 +krb5_vlog_msg.3 +krb5_vwarn.3 +krb5_vwarnx.3 +krb5_warn.3 +krb5_warnx.3 +.ta +.Fi +.Sh SEE ALSO +.Xr krb5.conf 5 , +.Xr kerberos 8 diff --git a/crypto/heimdal/lib/krb5/krb5.conf.5 b/crypto/heimdal/lib/krb5/krb5.conf.5 index ca2d1e59cf62..c87526a75200 100644 --- a/crypto/heimdal/lib/krb5/krb5.conf.5 +++ b/crypto/heimdal/lib/krb5/krb5.conf.5 @@ -1,4 +1,4 @@ -.\" $Id: krb5.conf.5,v 1.17 2001/05/31 13:58:34 assar Exp $ +.\" $Id: krb5.conf.5,v 1.22 2001/08/30 18:54:01 joda Exp $ .\" .Dd April 11, 1999 .Dt KRB5.CONF 5 @@ -70,7 +70,7 @@ When obtaining initial credentials, make the credentials proxiable. .It Li no-addresses = Va boolean When obtaining initial credentials, request them for an empty set of addresses, making the tickets valid from any address. -.It Li ticket_life = Va time +.It Li ticket_lifetime = Va time Default ticket lifetime. .It Li renew_lifetime = Va time Default renewable ticket lifetime. @@ -153,8 +153,6 @@ How to print date strings in logs, this string is passed to Write log-entries using UTC instead of your local time zone. .It Li srv_lookup = Va boolean Use DNS SRV records to lookup realm configuration information. -.It Li srv_try_txt = Va boolean -If a SRV lookup fails, try looking up the same info in a DNS TXT record. .It Li scan_interfaces = Va boolean Scan all network interfaces for addresses, as opposed to simply using the address associated with the system's host name. @@ -162,7 +160,8 @@ the address associated with the system's host name. Use file credential cache format version specified. .It Li krb4_get_tickets = Va boolean Also get Kerberos 4 tickets in -.Nm kinit +.Nm kinit , +.Nm login , and other programs. This option is also valid in the [realms] section. .El @@ -192,6 +191,9 @@ to the database are perfomed. Points to the server where all the password changes are perfomed. If there is no such entry, the kpasswd port on the admin_server host will be tried. +.It Li krb524_server = Va Host[:port] +Points to the server that does 524 conversions. If it is not +mentioned, the krb524 port on the kdcs will be tried. .It Li v4_instance_convert .It Li v4_name_convert .It Li default_domain @@ -340,11 +342,10 @@ that reads .Nm and tries to emit useful diagnostics from parsing errors. Note that this program does not have any way of knowing what options are -actually used and thus cannot warn about unknown or misspelt ones. +actually used and thus cannot warn about unknown or misspelled ones. .Sh SEE ALSO -.Xr verify_krb5_conf 8 , -.Xr krb5_openlog 3 , +.Xr kinit 1 , .Xr krb5_425_conv_principal 3 , +.Xr krb5_openlog 3 , .Xr strftime 3 , -.Xr kinit 1 , -.Xr Source tm +.Xr verify_krb5_conf 8 diff --git a/crypto/heimdal/lib/krb5/krb5.h b/crypto/heimdal/lib/krb5/krb5.h index 32be06931cb7..cb4a3e59ea9d 100644 --- a/crypto/heimdal/lib/krb5/krb5.h +++ b/crypto/heimdal/lib/krb5/krb5.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5.h,v 1.190 2001/05/16 22:23:56 assar Exp $ */ +/* $Id: krb5.h,v 1.197 2001/09/27 01:31:53 assar Exp $ */ #ifndef __KRB5_H__ #define __KRB5_H__ @@ -42,6 +42,7 @@ #include <asn1_err.h> #include <krb5_err.h> #include <heim_err.h> +#include <k524_err.h> #include <krb5_asn1.h> @@ -291,8 +292,8 @@ typedef union { #define KRB5_VERIFY_AP_REQ_IGNORE_INVALID (1 << 0) -#define KRB5_GC_CACHED 1 -#define KRB5_GC_USER_USER 2 +#define KRB5_GC_CACHED (1U << 0) +#define KRB5_GC_USER_USER (1U << 1) /* constants for compare_creds (and cc_retrieve_cred) */ #define KRB5_TC_DONT_MATCH_REALM (1U << 31) @@ -377,7 +378,6 @@ typedef struct krb5_context_data { krb5_boolean scan_interfaces; /* `ifconfig -a' */ krb5_boolean srv_lookup; /* do SRV lookups */ krb5_boolean srv_try_txt; /* try TXT records also */ - krb5_boolean srv_try_rfc2052; /* try RFC2052 compatible records */ int32_t fcache_vno; /* create cache files w/ this version */ int num_kt_types; /* # of registered keytab types */ @@ -385,6 +385,7 @@ typedef struct krb5_context_data { const char *date_fmt; char *error_string; char error_buf[256]; + krb5_addresses *ignore_addresses; } krb5_context_data; typedef struct krb5_ticket { @@ -619,7 +620,8 @@ typedef struct krb5_verify_opt { const char *service; } krb5_verify_opt; -#define KRB5_VERIFY_LREALMS 1 +#define KRB5_VERIFY_LREALMS 1 +#define KRB5_VERIFY_NO_ADDRESSES 2 extern const krb5_cc_ops krb5_fcc_ops; extern const krb5_cc_ops krb5_mcc_ops; @@ -632,13 +634,34 @@ extern const krb5_kt_ops krb5_srvtab_fkt_ops; extern const krb5_kt_ops krb5_any_ops; #define KRB5_KPASSWD_SUCCESS 0 -#define KRB5_KPASSWD_MALFORMED 0 -#define KRB5_KPASSWD_HARDERROR 0 -#define KRB5_KPASSWD_AUTHERROR 0 -#define KRB5_KPASSWD_SOFTERROR 0 +#define KRB5_KPASSWD_MALFORMED 1 +#define KRB5_KPASSWD_HARDERROR 2 +#define KRB5_KPASSWD_AUTHERROR 3 +#define KRB5_KPASSWD_SOFTERROR 4 #define KPASSWD_PORT 464 +/* types for the new krbhst interface */ +struct krb5_krbhst_data; +typedef struct krb5_krbhst_data *krb5_krbhst_handle; + +#define KRB5_KRBHST_KDC 1 +#define KRB5_KRBHST_ADMIN 2 +#define KRB5_KRBHST_CHANGEPW 3 +#define KRB5_KRBHST_KRB524 4 + +typedef struct krb5_krbhst_info { + enum { KRB5_KRBHST_UDP, + KRB5_KRBHST_TCP, + KRB5_KRBHST_HTTP } proto; + unsigned short port; + unsigned short def_port; + struct addrinfo *ai; + struct krb5_krbhst_info *next; + char hostname[1]; /* has to come last */ +} krb5_krbhst_info; + + struct credentials; /* this is to keep the compiler happy */ struct getargs; diff --git a/crypto/heimdal/lib/krb5/krb5_appdefault.3 b/crypto/heimdal/lib/krb5/krb5_appdefault.3 index 975cc273b099..4f395cc9ef75 100644 --- a/crypto/heimdal/lib/krb5/krb5_appdefault.3 +++ b/crypto/heimdal/lib/krb5/krb5_appdefault.3 @@ -1,5 +1,5 @@ .\" Copyright (c) 2000 Kungliga Tekniska Högskolan -.\" $Id: krb5_appdefault.3,v 1.4 2001/05/02 08:59:23 assar Exp $ +.\" $Id: krb5_appdefault.3,v 1.5 2001/06/23 22:35:19 assar Exp $ .Dd July 25, 2000 .Dt KRB5_APPDEFAULT 3 .Os HEIMDAL @@ -42,11 +42,14 @@ in order of descending importance. } option = value .Ed -.Pp -If the realm is omitted it will not be used for resolving values. If -no value can be found, +.Fa appname +is the name of the application, and +.Fa realm +is the realm name. If the realm is omitted it will not be used for +resolving values. .Fa def_val -is returned instead. +is the value to return if no value is found in +.Xr krb5.conf 5 . .Sh SEE ALSO .Xr krb5_config 3 , .Xr krb5.conf 5 diff --git a/crypto/heimdal/lib/krb5/krb5_context.3 b/crypto/heimdal/lib/krb5/krb5_context.3 index 83a768d1a6b4..9b267979f800 100644 --- a/crypto/heimdal/lib/krb5/krb5_context.3 +++ b/crypto/heimdal/lib/krb5/krb5_context.3 @@ -1,10 +1,11 @@ .\" Copyright (c) 2001 Kungliga Tekniska Högskolan -.\" $Id: krb5_context.3,v 1.1 2001/01/28 21:39:29 assar Exp $ +.\" $Id: krb5_context.3,v 1.2 2001/06/24 00:52:53 assar Exp $ .Dd Jan 21, 2001 .Dt KRB5_CONTEXT 3 .Os HEIMDAL .Sh NAME .Nm krb5_context +.Nd krb5 state structure .Sh DESCRIPTION The .Nm diff --git a/crypto/heimdal/lib/krb5/krb5_encrypt.3 b/crypto/heimdal/lib/krb5/krb5_encrypt.3 index 291e5034d31b..aa7196a97fcb 100644 --- a/crypto/heimdal/lib/krb5/krb5_encrypt.3 +++ b/crypto/heimdal/lib/krb5/krb5_encrypt.3 @@ -1,5 +1,5 @@ .\" Copyright (c) 1999 Kungliga Tekniska Högskolan -.\" $Id: krb5_encrypt.3,v 1.2 2001/01/26 22:43:22 assar Exp $ +.\" $Id: krb5_encrypt.3,v 1.3 2001/07/12 08:42:28 assar Exp $ .Dd April 7, 1999 .Dt KRB5_ENCRYPT 3 .Os HEIMDAL @@ -50,5 +50,5 @@ works similarly. .\" .Sh EXAMPLE .\" .Sh BUGS .Sh SEE ALSO -.Xr krb5_crypto_init 3 , -.Xr krb5_create_checksum 3 +.Xr krb5_create_checksum 3 , +.Xr krb5_crypto_init 3 diff --git a/crypto/heimdal/lib/krb5/krb5_free_addresses.3 b/crypto/heimdal/lib/krb5/krb5_free_addresses.3 new file mode 100644 index 000000000000..8148d94b79d4 --- /dev/null +++ b/crypto/heimdal/lib/krb5/krb5_free_addresses.3 @@ -0,0 +1,20 @@ +.\" Copyright (c) 2001 Kungliga Tekniska Högskolan +.\" $Id: krb5_free_addresses.3,v 1.1 2001/11/20 20:50:52 assar Exp $ +.Dd November 20, 2001 +.Dt KRB5_FREE_ADDRESSES 3 +.Os HEIMDAL +.Sh NAME +.Nm krb5_free_addresses +.Nd free list of addresses +.Sh SYNOPSIS +.Fd #include <krb5.h> +.Ft void +.Fn krb5_free_addresses "krb5_context context" "krb5_addresses *addresses" +.Sh DESCRIPTION +The +.Fn krb5_free_addresses +will free a list of addresses that has been created with +.Fn krb5_get_all_client_addrs +or with some other function. +.Sh SEE ALSO +.Xr krb5_get_all_client_addrs 3 diff --git a/crypto/heimdal/lib/krb5/krb5_get_all_client_addrs.3 b/crypto/heimdal/lib/krb5/krb5_get_all_client_addrs.3 new file mode 100644 index 000000000000..eb1ac4b99216 --- /dev/null +++ b/crypto/heimdal/lib/krb5/krb5_get_all_client_addrs.3 @@ -0,0 +1,39 @@ +.\" $Id: krb5_get_all_client_addrs.3,v 1.2 2001/11/09 09:33:52 joda Exp $ +.Dd July 1, 2001 +.Dt KRB5_GET_ADDRS 3 +.Sh NAME +.Nm krb5_get_all_client_addrs , +.Nm krb5_get_all_server_addrs +.Nd return local addresses +.Sh SYNOPSIS +.Fd #include <krb5.h> +.Ft "krb5_error_code" +.Fn krb5_get_all_client_addrs "krb5_context context" "krb5_addresses *addrs" +.Ft "krb5_error_code" +.Fn krb5_get_all_server_addrs "krb5_context context" "krb5_addresses *addrs" +.Sh DESCRIPTION +These functions return in +.Fa addrs +a list of addresses associated with the local +host. +.Pp +The server variant returns all configured interface addresses (if +possible), including loop-back addresses. This is useful if you want +to create sockets to listen to. +.Pp +The client version will also scan local interfaces (can be turned off +by setting +.Li libdefaults/scan_interfaces +to false in +.Pa krb5.conf ) , +but will not include loop-back addresses, unless there are no other +addresses found. It will remove all addresses included in +.Li libdefaults/ignore_addresses +but will unconditionally include addresses in +.Li libdefaults/extra_addresses . +.Pp +The returned addresses should be freed by calling +.Fn krb5_free_addresses . +.\".Sh EXAMPLE +.Sh SEE ALSO +.Xr krb5_free_addresses 3 diff --git a/crypto/heimdal/lib/krb5/krb5_get_krbhst.3 b/crypto/heimdal/lib/krb5/krb5_get_krbhst.3 new file mode 100644 index 000000000000..f1918a8015a2 --- /dev/null +++ b/crypto/heimdal/lib/krb5/krb5_get_krbhst.3 @@ -0,0 +1,54 @@ +.\" Copyright (c) 2001 Kungliga Tekniska Högskolan +.\" $Id: krb5_get_krbhst.3,v 1.2 2001/11/09 09:34:46 joda Exp $ +.Dd June 17, 2001 +.Dt KRB5_GET_KRBHST 3 +.Os HEIMDAL +.Sh NAME +.Nm krb5_get_krbhst +.Nm krb5_get_krb_admin_hst +.Nm krb5_get_krb_changepw_hst +.Nm krb5_get_krb524hst +.Nm krb5_free_krbhst +.Nd lookup Kerberos KDC hosts +.Sh SYNOPSIS +.Fd #include <krb5.h> + +.Ft krb5_error_code +.Fn krb5_get_krbhst "krb5_context context" "const krb5_realm *realm" "char ***hostlist" +.Ft krb5_error_code +.Fn krb5_get_krb_admin_hst "krb5_context context" "const krb5_realm *realm" "char ***hostlist" +.Ft krb5_error_code +.Fn krb5_get_krb_changepw_hst "krb5_context context" "const krb5_realm *realm" "char ***hostlist" +.Ft krb5_error_code +.Fn krb5_get_krb524hst "krb5_context context" "const krb5_realm *realm" "char ***hostlist" +.Ft krb5_error_code +.Fn krb5_free_krbhst "krb5_context context" "char **hostlist" +.Sh DESCRIPTION +These functions implement the old API to get a list of Kerberos hosts, +and are thus similar to the +.Fn krb5_krbhst_init +functions. However, since these functions returns +.Em all +hosts in one go, they potentially have to do more lookups than +necessary. These functions remain for compatibility reasons. +.Pp +After a call to one of these functions, +.Fa hostlist +is a +.Dv NULL +terminated list of strings, pointing to the requested Kerberos hosts. These should be freed with +.Fn krb5_free_krbhst +when done with. +.Sh EXAMPLE +The following code will print the KDCs of the realm +.Dq MY.REALM . +.Bd -literal -offset indent +char **hosts, **p; +krb5_get_krbhst(context, "MY.REALM", &hosts); +for(p = hosts; *p; p++) + printf("%s\\n", *p); +krb5_free_krbhst(context, hosts); +.Ed +.\" .Sh BUGS +.Sh SEE ALSO +.Xr krb5_krbhst_init 3 diff --git a/crypto/heimdal/lib/krb5/krb5_init_context.3 b/crypto/heimdal/lib/krb5/krb5_init_context.3 index 54690de66daa..7a7741f56489 100644 --- a/crypto/heimdal/lib/krb5/krb5_init_context.3 +++ b/crypto/heimdal/lib/krb5/krb5_init_context.3 @@ -1,11 +1,12 @@ .\" Copyright (c) 2001 Kungliga Tekniska Högskolan -.\" $Id: krb5_init_context.3,v 1.2 2001/05/23 16:24:02 assar Exp $ +.\" $Id: krb5_init_context.3,v 1.4 2001/07/12 08:42:28 assar Exp $ .Dd Jan 21, 2001 .Dt KRB5_CONTEXT 3 .Os HEIMDAL .Sh NAME .Nm krb5_init_context , .Nm krb5_free_context +.Nd create and delete krb5_context structures .Sh SYNOPSIS .Fd #include <krb5.h> .Ft krb5_error_code @@ -33,6 +34,6 @@ Failure means either that something bad happened during initialization or that Kerberos should not be used .Bq ENXIO . .Sh SEE ALSO -.Xr krb5_context 3 , .Xr errno 2 , +.Xr krb5_context 3 , .Xr kerberos 8 diff --git a/crypto/heimdal/lib/krb5/krb5_keytab.3 b/crypto/heimdal/lib/krb5/krb5_keytab.3 index 6dc524e57b45..9aa9ffff99fa 100644 --- a/crypto/heimdal/lib/krb5/krb5_keytab.3 +++ b/crypto/heimdal/lib/krb5/krb5_keytab.3 @@ -1,10 +1,10 @@ .\" Copyright (c) 2001 Kungliga Tekniska Högskolan -.\" $Id: krb5_keytab.3,v 1.1 2001/02/05 18:17:46 assar Exp $ -.Dd Feb 5, 2001 +.\" $Id: krb5_keytab.3,v 1.3 2001/11/09 09:35:45 joda Exp $ +.Dd February 5, 2001 .Dt KRB5_KEYTAB 3 .Os HEIMDAL .Sh NAME -.Nm krb5_kt_ops, +.Nm krb5_kt_ops , .Nm krb5_keytab_entry , .Nm krb5_kt_cursor , .Nm krb5_kt_add_entry , @@ -266,7 +266,7 @@ frees the contents of sets .Fa cursor to point at the beginning of -.Fa id. +.Fa id . Returns 0 or an error. .Pp .Fn krb5_kt_next_entry @@ -284,7 +284,7 @@ releases all resources associated with .Pp .Fn krb5_kt_get_entry retrieves the keytab entry for -.Fa principal, +.Fa principal , .Fa kvno, .Fa enctype into @@ -354,5 +354,5 @@ main (int argc, char **argv) } .Ed .Sh SEE ALSO -.Xr kerberos 8 , -.Xr krb5.conf 5 +.Xr krb5.conf 5 , +.Xr kerberos 8 diff --git a/crypto/heimdal/lib/krb5/krb5_krbhst_init.3 b/crypto/heimdal/lib/krb5/krb5_krbhst_init.3 new file mode 100644 index 000000000000..109c64c9507c --- /dev/null +++ b/crypto/heimdal/lib/krb5/krb5_krbhst_init.3 @@ -0,0 +1,120 @@ +.\" Copyright (c) 2001 Kungliga Tekniska Högskolan +.\" $Id: krb5_krbhst_init.3,v 1.3 2001/11/09 09:36:24 joda Exp $ +.Dd June 17, 2001 +.Dt KRB5_KRBHST_INIT 3 +.Os HEIMDAL +.Sh NAME +.Nm krb5_krbhst_init , +.Nm krb5_krbhst_next , +.Nm krb5_krbhst_next_as_string , +.Nm krb5_krbhst_reset , +.Nm krb5_krbhst_free , +.Nm krb5_krbhst_format_string , +.Nm krb5_krbhst_get_addrinfo +.Nd lookup Kerberos KDC hosts +.Sh SYNOPSIS +.Fd #include <krb5.h> + +.Ft krb5_error_code +.Fn krb5_krbhst_init "krb5_context context" "const char *realm" "unsigned int type" "krb5_krbhst_handle *handle" +.Ft krb5_error_code +.Fn "krb5_krbhst_next" "krb5_context context" "krb5_krbhst_handle handle" "krb5_krbhst_info **host" +.Ft krb5_error_code +.Fn krb5_krbhst_next_as_string "krb5_context context" "krb5_krbhst_handle handle" "char *hostname" "size_t hostlen" +.Ft void +.Fn krb5_krbhst_reset "krb5_context context" "krb5_krbhst_handle handle" +.Ft void +.Fn krb5_krbhst_free "krb5_context context" "krb5_krbhst_handle handle" +.Ft krb5_error_code +.Fn krb5_krbhst_format_string "krb5_context context" "const krb5_krbhst_info *host" "char *hostname" "size_t hostlen" +.Ft krb5_error_code +.Fn krb5_krbhst_get_addrinfo "krb5_context context" "krb5_krbhst_info *host" "struct addrinfo **ai" +.Sh DESCRIPTION +These functions are used to sequence through all Kerberos hosts of a +particular realm and service. The service type can be the KDCs, the +administrative servers, the password changing servers, or the servers +for Kerberos 4 ticket conversion. +.Pp +First a handle to a particular service is obtained by calling +.Fn krb5_krbhst_init +with the +.Fa realm +of interest and the type of service to lookup. The +.Fa type +can be one of: +.Pp +.Bl -hang -compact -offset indent +.It KRB5_KRBHST_KDC +.It KRB5_KRBHST_ADMIN +.It KRB5_KRBHST_CHANGEPW +.It KRB5_KRBHST_KRB524 +.El +.Pp +The +.Fa handle +is returned to the caller, and should be passed to the other +functions. +.Pp +For each call to +.Fn krb5_krbhst_next +information a new host is returned. The former function returns in +.Fa host +a pointer to a structure containing information about the host, such +as protocol, hostname, and port: +.Bd -literal -offset indent +typedef struct krb5_krbhst_info { + enum { KRB5_KRBHST_UDP, + KRB5_KRBHST_TCP, + KRB5_KRBHST_HTTP } proto; + unsigned short port; + struct addrinfo *ai; + struct krb5_krbhst_info *next; + char hostname[1]; +} krb5_krbhst_info; +.Ed +.Pp +The related function, +.Fn krb5_krbhst_next_as_string , +return the same information as a url-like string. +.Pp +When there are no more hosts, these functions return +.Dv KRB5_KDC_UNREACH . +.Pp +To re-iterate over all hosts, call +.Fn krb5_krbhst_reset +and the next call to +.Fn krb5_krbhst_next +will return the first host. +.Pp +When done with the handle, +.Fn krb5_krbhst_free +should be called. +.Pp +To use a +.Va krb5_krbhst_info , +there are two functions: +.Fn krb5_krbhst_format_string +that will return a printable representation of that struct +and +.Fn krb5_krbhst_get_addrinfo +that will return a +.Va struct addrinfo +that can then be used for communicating with the server mentioned. +.Sh EXAMPLE +The following code will print the KDCs of the realm +.Dq MY.REALM . +.Bd -literal -offset indent +krb5_krbhst_handle handle; +char host[MAXHOSTNAMELEN]; +krb5_krbhst_init(context, "MY.REALM", KRB5_KRBHST_KDC, &handle); +while(krb5_krbhst_next_as_string(context, handle, + host, sizeof(host)) == 0) + printf("%s\\n", host); +krb5_krbhst_free(context, handle); +.Ed +.\" .Sh BUGS +.Sh HISTORY +These functions first appeared in Heimdal 0.3g. +.Sh SEE ALSO +.Xr getaddrinfo 3 , +.Xr krb5_get_krbhst 3 diff --git a/crypto/heimdal/lib/krb5/krb5_locl.h b/crypto/heimdal/lib/krb5/krb5_locl.h index 02bcfe48de5b..2ac70f28040f 100644 --- a/crypto/heimdal/lib/krb5/krb5_locl.h +++ b/crypto/heimdal/lib/krb5/krb5_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5_locl.h,v 1.66 2001/05/10 15:31:34 assar Exp $ */ +/* $Id: krb5_locl.h,v 1.67 2001/08/22 20:30:30 assar Exp $ */ #ifndef __KRB5_LOCL_H__ #define __KRB5_LOCL_H__ @@ -109,29 +109,17 @@ struct sockaddr_dl; #include <parse_time.h> #include <base64.h> -#ifdef HAVE_OPENSSL_DES_H +#ifdef HAVE_OPENSSL #include <openssl/des.h> -#else -#include <des.h> -#endif -#ifdef HAVE_OPENSSL_MD4_H #include <openssl/md4.h> -#else -#include <md4.h> -#endif -#ifdef HAVE_OPENSSL_MD5_H #include <openssl/md5.h> -#else -#include <md5.h> -#endif -#ifdef HAVE_OPENSSL_SHA_H #include <openssl/sha.h> -#else -#include <sha.h> -#endif -#ifdef HAVE_OPENSSL_RC4_H #include <openssl/rc4.h> #else +#include <des.h> +#include <md4.h> +#include <md5.h> +#include <sha.h> #include <rc4.h> #endif diff --git a/crypto/heimdal/lib/krb5/krb5_principal_get_realm.3 b/crypto/heimdal/lib/krb5/krb5_principal_get_realm.3 new file mode 100644 index 000000000000..07bffa47d86e --- /dev/null +++ b/crypto/heimdal/lib/krb5/krb5_principal_get_realm.3 @@ -0,0 +1,48 @@ +.\" Copyright (c) 2001 Kungliga Tekniska Högskolan +.\" $Id: krb5_principal_get_realm.3,v 1.2 2001/11/09 09:36:51 joda Exp $ +.Dd June 20, 2001 +.Dt KRB5_PRINCIPAL_GET_REALM 3 +.Os HEIMDAL +.Sh NAME +.Nm krb5_principal_get_realm , +.Nm krb5_principal_get_comp_string +.Nd decompose a principal +.Sh SYNOPSIS +.Fd #include <krb5.h> +.Ft "const char *" +.Fn krb5_principal_get_realm "krb5_context context" "krb5_principal principal" +.Ft "const char *" +.Fn krb5_principal_get_comp_string "krb5_context context" "krb5_principal principal" "unsigned int component" +.Sh DESCRIPTION +These functions return parts of the +.Fa principal , +either the realm or a specific component. The returned string points +to data inside the principal, so they are valid only as long as the +principal exists. +.Pp +The +.Fa component +argument to +.Fn krb5_principal_get_comp_string +is the component number to return, from zero to the total number of +components minus one. If a the requested component number is out of range, +.Dv NULL +is returned. +.Pp +These functions can be seen as a replacement for the +.Fn krb5_princ_realm , +.Fn krb5_princ_component +and related macros, described as intermal in the MIT API +specification. A difference is that these functions return strings, +not +.Dv krb5_data . +A reason to return +.Dv krb5_data +was that it was believed that principal components could contain +binary data, but this belief was unfounded, and it has been decided +that principal components are infact UTF8, so it's safe to use zero +terminated strings. +.Pp +It's generally not necessary to look at the components of a principal. +.Sh SEE ALSO +.Xr krb5_unparse_name 3 diff --git a/crypto/heimdal/lib/krb5/krb5_timeofday.3 b/crypto/heimdal/lib/krb5/krb5_timeofday.3 new file mode 100644 index 000000000000..7b061757643d --- /dev/null +++ b/crypto/heimdal/lib/krb5/krb5_timeofday.3 @@ -0,0 +1,23 @@ +.\" $Id: krb5_timeofday.3,v 1.1 2001/07/02 22:32:03 joda Exp $ +.Dd July 1, 2001 +.Dt KRB5_TIMEOFDAY 3 +.Sh NAME +.Nm krb5_timeofday , +.Nm krb5_us_timeofday +.Nd whatever these functions do +.Sh SYNOPSIS +.Fd #include <krb5.h> +.Ft "krb5_error_code" +.Fn krb5_timeofday "krb5_context context" "krb5_timestamp *timeret" +.Ft "krb5_error_code" +.Fn krb5_us_timeofday "krb5_context context" "int32_t *sec" "int32_t *usec" +.Sh DESCRIPTION +.Fn krb5_timeofday +returns the current time, but adjusted with the time difference +between the local host and the KDC. +.Fn krb5_us_timeofday +also returns microseconds. +.Pp +.\".Sh EXAMPLE +.Sh SEE ALSO +.Xr gettimeofday 2 diff --git a/crypto/heimdal/lib/krb5/krb5_verify_user.3 b/crypto/heimdal/lib/krb5/krb5_verify_user.3 new file mode 100644 index 000000000000..53385504d425 --- /dev/null +++ b/crypto/heimdal/lib/krb5/krb5_verify_user.3 @@ -0,0 +1,85 @@ +.\" Copyright (c) 2001 Kungliga Tekniska Högskolan +.\" $Id: krb5_verify_user.3,v 1.2 2001/11/09 09:38:29 joda Exp $ +.Dd June 27, 2001 +.Dt KRB5_VERIFY_USER 3 +.Os HEIMDAL +.Sh NAME +.Nm krb5_verify_user , +.Nm krb5_verify_user_lrealm +.Nd Heimdal password verifying functions +.Sh SYNOPSIS +.Fd #include <krb5.h> +.Ft krb5_error_code +.Fn "krb5_verify_user" "krb5_context context" " krb5_principal principal" "krb5_ccache ccache" "const char *password" "krb5_boolean secure" "const char *service" +.Ft krb5_error_code +.Fn "krb5_verify_user_lrealm" "krb5_context context" "krb5_principal principal" "krb5_ccache ccache" "const char *password" "krb5_boolean secure" "const char *service" +.Sh DESCRIPTION +The +.Nm krb5_verify_user +function verifies the password supplied by a user. +The principal whose +password will be verified is specified in +.Fa principal . +New tickets will be obtained as a side-effect and stored in +.Fa ccache +(if NULL, the default ccache is used). +If the password is not supplied in +.Fa password +(and is given as +.Dv NULL ) +the user will be prompted for it. +If +.Fa secure +the ticket will be verified against the locally stored service key +.Fa service +(by default +.Ql host +if given as +.Dv NULL +). +.Pp +The +.Nm krb5_verify_user_lrealm +function does the same, except that it ignores the realm in +.Fa principal +and tries all the local realms (see +.Xr krb5.conf 5 ) . +.Sh EXAMPLE +Here is a example program that verifies a password. it uses the +.Ql host/`hostname` +service principal in +.Pa krb5.keytab . +.Bd -literal +#include <krb5.h> + +int +main(int argc, char **argv) +{ + char *user; + krb5_error_code error; + krb5_principal princ; + krb5_context context; + + if (argc != 2) + errx(1, "usage: verify_passwd <principal-name>"); + + user = argv[1]; + + if (krb5_init_context(&context) < 0) + errx(1, "krb5_init_context"); + + if ((error = krb5_parse_name(context, user, &princ)) != 0) + krb5_err(context, 1, error, "krb5_parse_name"); + + error = krb5_verify_user(context, princ, NULL, NULL, TRUE, NULL); + if (error) + krb5_err(context, 1, error, "krb5_verify_user"); + + return 0; +} +.Ed +.Sh SEE ALSO +.Xr krb5_err 3 , +.Xr krb5_init_context 3 , +.Xr krb5_kt_default 3 , +.Xr krb5.conf 5 diff --git a/crypto/heimdal/lib/krb5/krbhst-test.c b/crypto/heimdal/lib/krb5/krbhst-test.c new file mode 100644 index 000000000000..de858eeb08d2 --- /dev/null +++ b/crypto/heimdal/lib/krb5/krbhst-test.c @@ -0,0 +1,64 @@ +/* + * Copyright (c) 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +RCSID("$Id: krbhst-test.c,v 1.2 2001/06/17 12:22:59 assar Exp $"); + +int +main(int argc, char **argv) +{ + int i, j; + krb5_context context; + int types[] = {KRB5_KRBHST_KDC, KRB5_KRBHST_ADMIN, KRB5_KRBHST_CHANGEPW, + KRB5_KRBHST_KRB524}; + const char *type_str[] = {"kdc", "admin", "changepw", "krb524"}; + + krb5_init_context (&context); + for(i = 1; i < argc; i++) { + krb5_krbhst_handle handle; + char host[MAXHOSTNAMELEN]; + + for (j = 0; j < sizeof(types)/sizeof(*types); ++j) { + printf ("%s for %s:\n", type_str[j], argv[i]); + + krb5_krbhst_init(context, argv[i], types[j], &handle); + while(krb5_krbhst_next_as_string(context, handle, + host, sizeof(host)) == 0) + printf("%s\n", host); + krb5_krbhst_reset(context, handle); + printf ("\n"); + } + } + return 0; +} diff --git a/crypto/heimdal/lib/krb5/krbhst.c b/crypto/heimdal/lib/krb5/krbhst.c index 86d67f60e0ad..e869c622ca9d 100644 --- a/crypto/heimdal/lib/krb5/krbhst.c +++ b/crypto/heimdal/lib/krb5/krbhst.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -34,142 +34,724 @@ #include "krb5_locl.h" #include <resolve.h> -RCSID("$Id: krbhst.c,v 1.26 2001/05/14 06:14:49 assar Exp $"); +RCSID("$Id: krbhst.c,v 1.40 2001/07/19 16:57:15 assar Exp $"); + +static int +string_to_proto(const char *string) +{ + if(strcasecmp(string, "udp") == 0) + return KRB5_KRBHST_UDP; + else if(strcasecmp(string, "tcp") == 0) + return KRB5_KRBHST_TCP; + else if(strcasecmp(string, "http") == 0) + return KRB5_KRBHST_HTTP; + return -1; +} /* - * assuming that `*res' contains `*count' strings, add a copy of `string'. + * set `res' and `count' to the result of looking up SRV RR in DNS for + * `proto', `proto', `realm' using `dns_type'. + * if `port' != 0, force that port number */ -static int -add_string(krb5_context context, char ***res, int *count, const char *string) +static krb5_error_code +srv_find_realm(krb5_context context, krb5_krbhst_info ***res, int *count, + const char *realm, const char *dns_type, + const char *proto, const char *service, int port) { - char **tmp = realloc(*res, (*count + 1) * sizeof(**res)); + char domain[1024]; + struct dns_reply *r; + struct resource_record *rr; + int num_srv; + int proto_num; + int def_port; + + proto_num = string_to_proto(proto); + if(proto_num < 0) { + krb5_set_error_string(context, "unknown protocol `%s'", proto); + return EINVAL; + } + + if(proto_num == KRB5_KRBHST_HTTP) + def_port = ntohs(krb5_getportbyname (context, "http", "tcp", 80)); + else if(port == 0) + def_port = ntohs(krb5_getportbyname (context, service, proto, 88)); + else + def_port = port; + + snprintf(domain, sizeof(domain), "_%s._%s.%s.", service, proto, realm); + + r = dns_lookup(domain, dns_type); + if(r == NULL) { + *res = NULL; + *count = 0; + return KRB5_KDC_UNREACH; + } + + for(num_srv = 0, rr = r->head; rr; rr = rr->next) + if(rr->type == T_SRV) + num_srv++; - if(tmp == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); + *res = malloc(num_srv * sizeof(**res)); + if(*res == NULL) { + dns_free_data(r); + krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; } - *res = tmp; - if(string) { - tmp[*count] = strdup(string); - if(tmp[*count] == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; + + dns_srv_order(r); + + for(num_srv = 0, rr = r->head; rr; rr = rr->next) + if(rr->type == T_SRV) { + krb5_krbhst_info *hi; + hi = calloc(1, sizeof(*hi) + strlen(rr->u.srv->target)); + if(hi == NULL) { + dns_free_data(r); + while(--num_srv >= 0) + free((*res)[num_srv]); + free(*res); + return ENOMEM; + } + (*res)[num_srv++] = hi; + + hi->proto = proto_num; + + hi->def_port = def_port; + if (port != 0) + hi->port = port; + else + hi->port = rr->u.srv->port; + + strcpy(hi->hostname, rr->u.srv->target); } - } else - tmp[*count] = NULL; - (*count)++; + + *count = num_srv; + + dns_free_data(r); return 0; } + +struct krb5_krbhst_data { + char *realm; + unsigned int flags; + int def_port; + int port; /* hardwired port number if != 0 */ +#define KD_CONFIG 1 +#define KD_SRV_UDP 2 +#define KD_SRV_TCP 4 +#define KD_SRV_HTTP 8 +#define KD_FALLBACK 16 +#define KD_CONFIG_EXISTS 32 + + krb5_error_code (*get_next)(krb5_context, struct krb5_krbhst_data *, + krb5_krbhst_info**); + + unsigned int fallback_count; + + struct krb5_krbhst_info *hosts, **index, **end; +}; + +static krb5_boolean +krbhst_empty(const struct krb5_krbhst_data *kd) +{ + return kd->index == &kd->hosts; +} + /* - * do a SRV lookup for `realm, proto, service' returning the result - * in `res, count' + * parse `spec' into a krb5_krbhst_info, defaulting the port to `def_port' + * and forcing it to `port' if port != 0 */ +static struct krb5_krbhst_info* +parse_hostspec(krb5_context context, const char *spec, int def_port, int port) +{ + const char *p = spec; + struct krb5_krbhst_info *hi; + + hi = calloc(1, sizeof(*hi) + strlen(spec)); + if(hi == NULL) + return NULL; + + hi->proto = KRB5_KRBHST_UDP; + + if(strncmp(p, "http://", 7) == 0){ + hi->proto = KRB5_KRBHST_HTTP; + p += 7; + } else if(strncmp(p, "http/", 5) == 0) { + hi->proto = KRB5_KRBHST_HTTP; + p += 5; + def_port = ntohs(krb5_getportbyname (context, "http", "tcp", 80)); + }else if(strncmp(p, "tcp/", 4) == 0){ + hi->proto = KRB5_KRBHST_TCP; + p += 4; + } else if(strncmp(p, "udp/", 4) == 0) { + p += 4; + } + + if(strsep_copy(&p, ":", hi->hostname, strlen(spec) + 1) < 0) { + free(hi); + return NULL; + } + /* get rid of trailing /, and convert to lower case */ + hi->hostname[strcspn(hi->hostname, "/")] = '\0'; + strlwr(hi->hostname); + + hi->port = hi->def_port = def_port; + if(p != NULL) { + char *end; + hi->port = strtol(p, &end, 0); + if(end == p) { + free(hi); + return NULL; + } + } + if (port) + hi->port = port; + return hi; +} + +static void +free_krbhst_info(krb5_krbhst_info *hi) +{ + if (hi->ai != NULL) + freeaddrinfo(hi->ai); + free(hi); +} + +static void +append_host_hostinfo(struct krb5_krbhst_data *kd, struct krb5_krbhst_info *host) +{ + struct krb5_krbhst_info *h; + + for(h = kd->hosts; h; h = h->next) + if(h->proto == host->proto && + h->port == host->port && + strcmp(h->hostname, host->hostname) == 0) { + free_krbhst_info(host); + return; + } + *kd->end = host; + kd->end = &host->next; +} + static krb5_error_code -srv_find_realm(krb5_context context, char ***res, int *count, - const char *realm, const char *proto, const char *service) +append_host_string(krb5_context context, struct krb5_krbhst_data *kd, + const char *host, int def_port, int port) { - char domain[1024]; - char alt_domain[1024]; - krb5_error_code ret; - struct dns_reply *r; - struct resource_record *rr; + struct krb5_krbhst_info *hi; - snprintf(domain, sizeof(domain), "_%s._%s.%s.", service, proto, realm); + hi = parse_hostspec(context, host, def_port, port); + if(hi == NULL) + return ENOMEM; - r = dns_lookup(domain, "srv"); - if(r == NULL && context->srv_try_rfc2052) { - snprintf(alt_domain, sizeof(alt_domain), "%s.%s.%s.", - service, proto, realm); - r = dns_lookup(alt_domain, "srv"); - } - if(r == NULL && context->srv_try_txt) - r = dns_lookup(domain, "txt"); - if(r == NULL && context->srv_try_rfc2052 && context->srv_try_txt) - r = dns_lookup(alt_domain, "txt"); - if(r == NULL) - return 0; + append_host_hostinfo(kd, hi); + return 0; +} - for(rr = r->head; rr; rr = rr->next){ - if(rr->type == T_SRV){ - char buf[1024]; - char **tmp; +/* + * return a readable representation of `host' in `hostname, hostlen' + */ - tmp = realloc(*res, (*count + 1) * sizeof(**res)); - if (tmp == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - *res = tmp; - snprintf (buf, sizeof(buf), - "%s/%s:%u", - proto, - rr->u.srv->target, - rr->u.srv->port); - ret = add_string(context, res, count, buf); - if(ret) - return ret; - }else if(rr->type == T_TXT) { - ret = add_string(context, res, count, rr->u.txt); - if(ret) - return ret; - } +krb5_error_code +krb5_krbhst_format_string(krb5_context context, const krb5_krbhst_info *host, + char *hostname, size_t hostlen) +{ + const char *proto = ""; + char portstr[7] = ""; + if(host->proto == KRB5_KRBHST_TCP) + proto = "tcp/"; + else if(host->proto == KRB5_KRBHST_HTTP) + proto = "http://"; + if(host->port != host->def_port) + snprintf(portstr, sizeof(portstr), ":%d", host->port); + snprintf(hostname, hostlen, "%s%s%s", proto, host->hostname, portstr); + return 0; +} + +/* + * create a getaddrinfo `hints' based on `proto' + */ + +static void +make_hints(struct addrinfo *hints, int proto) +{ + memset(hints, 0, sizeof(*hints)); + hints->ai_family = AF_UNSPEC; + switch(proto) { + case KRB5_KRBHST_UDP : + hints->ai_socktype = SOCK_DGRAM; + break; + case KRB5_KRBHST_HTTP : + case KRB5_KRBHST_TCP : + hints->ai_socktype = SOCK_STREAM; + break; } - dns_free_data(r); +} + +/* + * return an `struct addrinfo *' in `ai' corresponding to the information + * in `host'. free:ing is handled by krb5_krbhst_free. + */ + +krb5_error_code +krb5_krbhst_get_addrinfo(krb5_context context, krb5_krbhst_info *host, + struct addrinfo **ai) +{ + struct addrinfo hints; + char portstr[NI_MAXSERV]; + int ret; + + if (host->ai == NULL) { + make_hints(&hints, host->proto); + snprintf (portstr, sizeof(portstr), "%d", host->port); + ret = getaddrinfo(host->hostname, portstr, &hints, &host->ai); + if (ret) + return krb5_eai_to_heim_errno(ret, errno); + } + *ai = host->ai; return 0; } +static krb5_boolean +get_next(struct krb5_krbhst_data *kd, krb5_krbhst_info **host) +{ + struct krb5_krbhst_info *hi = *kd->index; + if(hi != NULL) { + *host = hi; + kd->index = &(*kd->index)->next; + return TRUE; + } + return FALSE; +} + +static void +srv_get_hosts(krb5_context context, struct krb5_krbhst_data *kd, + const char *proto, const char *service) +{ + krb5_krbhst_info **res; + int count, i; + + srv_find_realm(context, &res, &count, kd->realm, "SRV", proto, service, + kd->port); + for(i = 0; i < count; i++) + append_host_hostinfo(kd, res[i]); + free(res); +} + /* - * lookup the servers for realm `realm', looking for the config string - * `conf_string' in krb5.conf or for `serv_string' in SRV records. - * return a malloc-ed list of servers in hostlist. + * read the configuration for `conf_string', defaulting to kd->def_port and + * forcing it to `kd->port' if kd->port != 0 */ +static void +config_get_hosts(krb5_context context, struct krb5_krbhst_data *kd, + const char *conf_string) +{ + int i; + + char **hostlist; + hostlist = krb5_config_get_strings(context, NULL, + "realms", kd->realm, conf_string, NULL); + + if(hostlist == NULL) + return; + kd->flags |= KD_CONFIG_EXISTS; + for(i = 0; hostlist && hostlist[i] != NULL; i++) + append_host_string(context, kd, hostlist[i], kd->def_port, kd->port); + + krb5_config_free_strings(hostlist); +} + +/* + * as a fallback, look for `serv_string.kd->realm' (typically + * kerberos.REALM, kerberos-1.REALM, ... + * `port' is the default port for the service, and `proto' the + * protocol + */ + +static krb5_error_code +fallback_get_hosts(krb5_context context, struct krb5_krbhst_data *kd, + const char *serv_string, int port, int proto) +{ + char *host; + int ret; + struct addrinfo *ai; + struct addrinfo hints; + char portstr[NI_MAXSERV]; + + if(kd->fallback_count == 0) + asprintf(&host, "%s.%s.", serv_string, kd->realm); + else + asprintf(&host, "%s-%d.%s.", + serv_string, kd->fallback_count, kd->realm); + + if (host == NULL) + return ENOMEM; + + make_hints(&hints, proto); + snprintf(portstr, sizeof(portstr), "%d", port); + ret = getaddrinfo(host, portstr, &hints, &ai); + if (ret) { + /* no more hosts, so we're done here */ + free(host); + kd->flags |= KD_FALLBACK; + } else { + struct krb5_krbhst_info *hi; + size_t hostlen = strlen(host); + + hi = calloc(1, sizeof(*hi) + hostlen); + if(hi == NULL) { + free(host); + return ENOMEM; + } + + hi->proto = proto; + hi->port = hi->def_port = port; + hi->ai = ai; + memmove(hi->hostname, host, hostlen - 1); + hi->hostname[hostlen - 1] = '\0'; + free(host); + append_host_hostinfo(kd, hi); + kd->fallback_count++; + } + return 0; +} + static krb5_error_code -get_krbhst (krb5_context context, - const krb5_realm *realm, - const char *conf_string, - const char *serv_string, - char ***hostlist) -{ - char **res, **r; - int count; +kdc_get_next(krb5_context context, + struct krb5_krbhst_data *kd, + krb5_krbhst_info **host) +{ krb5_error_code ret; - res = krb5_config_get_strings(context, NULL, - "realms", *realm, conf_string, NULL); - for(r = res, count = 0; r && *r; r++, count++); - - if(count == 0 && context->srv_lookup) { - char *s[] = { "udp", "tcp", "http" }, **q; - for(q = s; q < s + sizeof(s) / sizeof(s[0]); q++) { - ret = srv_find_realm(context, &res, &count, *realm, *q, - serv_string); - if(ret) { - krb5_config_free_strings(res); - return ret; - } + if((kd->flags & KD_CONFIG) == 0) { + config_get_hosts(context, kd, "kdc"); + kd->flags |= KD_CONFIG; + if(get_next(kd, host)) + return 0; + } + + if (kd->flags & KD_CONFIG_EXISTS) + return KRB5_KDC_UNREACH; /* XXX */ + + if(context->srv_lookup) { + if((kd->flags & KD_SRV_UDP) == 0) { + srv_get_hosts(context, kd, "udp", "kerberos"); + kd->flags |= KD_SRV_UDP; + if(get_next(kd, host)) + return 0; + } + + if((kd->flags & KD_SRV_TCP) == 0) { + srv_get_hosts(context, kd, "tcp", "kerberos"); + kd->flags |= KD_SRV_TCP; + if(get_next(kd, host)) + return 0; + } + if((kd->flags & KD_SRV_HTTP) == 0) { + srv_get_hosts(context, kd, "http", "kerberos"); + kd->flags |= KD_SRV_HTTP; + if(get_next(kd, host)) + return 0; + } + } + + while((kd->flags & KD_FALLBACK) == 0) { + ret = fallback_get_hosts(context, kd, "kerberos", + kd->def_port, KRB5_KRBHST_UDP); + if(ret) + return ret; + if(get_next(kd, host)) + return 0; + } + + return KRB5_KDC_UNREACH; /* XXX */ +} + +static krb5_error_code +admin_get_next(krb5_context context, + struct krb5_krbhst_data *kd, + krb5_krbhst_info **host) +{ + krb5_error_code ret; + + if((kd->flags & KD_CONFIG) == 0) { + config_get_hosts(context, kd, "admin_server"); + kd->flags |= KD_CONFIG; + if(get_next(kd, host)) + return 0; + } + + if (kd->flags & KD_CONFIG_EXISTS) + return KRB5_KDC_UNREACH; /* XXX */ + + if(context->srv_lookup) { + if((kd->flags & KD_SRV_TCP) == 0) { + srv_get_hosts(context, kd, "tcp", "kerberos-adm"); + kd->flags |= KD_SRV_TCP; + if(get_next(kd, host)) + return 0; } } - if(count == 0) { - char buf[1024]; - snprintf(buf, sizeof(buf), "kerberos.%s", *realm); - ret = add_string(context, &res, &count, buf); - if(ret) { - krb5_config_free_strings(res); + if (krbhst_empty(kd) + && (kd->flags & KD_FALLBACK) == 0) { + ret = fallback_get_hosts(context, kd, "kerberos", + kd->def_port, KRB5_KRBHST_UDP); + if(ret) return ret; + kd->flags |= KD_FALLBACK; + if(get_next(kd, host)) + return 0; + } + + return KRB5_KDC_UNREACH; /* XXX */ +} + +static krb5_error_code +kpasswd_get_next(krb5_context context, + struct krb5_krbhst_data *kd, + krb5_krbhst_info **host) +{ + if((kd->flags & KD_CONFIG) == 0) { + config_get_hosts(context, kd, "kpasswd_server"); + if(get_next(kd, host)) + return 0; + } + + if (kd->flags & KD_CONFIG_EXISTS) + return KRB5_KDC_UNREACH; /* XXX */ + + if(context->srv_lookup) { + if((kd->flags & KD_SRV_UDP) == 0) { + srv_get_hosts(context, kd, "udp", "kpasswd"); + kd->flags |= KD_SRV_UDP; + if(get_next(kd, host)) + return 0; + } + } + + /* no matches -> try admin */ + + if (krbhst_empty(kd)) { + kd->flags = 0; + kd->port = kd->def_port; + kd->get_next = admin_get_next; + return (*kd->get_next)(context, kd, host); + } + + return KRB5_KDC_UNREACH; /* XXX */ +} + +static krb5_error_code +krb524_get_next(krb5_context context, + struct krb5_krbhst_data *kd, + krb5_krbhst_info **host) +{ + if((kd->flags & KD_CONFIG) == 0) { + config_get_hosts(context, kd, "krb524_server"); + if(get_next(kd, host)) + return 0; + kd->flags |= KD_CONFIG; + } + + if (kd->flags & KD_CONFIG_EXISTS) + return KRB5_KDC_UNREACH; /* XXX */ + + if(context->srv_lookup) { + if((kd->flags & KD_SRV_UDP) == 0) { + srv_get_hosts(context, kd, "udp", "krb524"); + kd->flags |= KD_SRV_UDP; + if(get_next(kd, host)) + return 0; + } + + if((kd->flags & KD_SRV_TCP) == 0) { + srv_get_hosts(context, kd, "tcp", "krb524"); + kd->flags |= KD_SRV_TCP; + if(get_next(kd, host)) + return 0; + } + } + + /* no matches -> try kdc */ + + if (krbhst_empty(kd)) { + kd->flags = 0; + kd->port = kd->def_port; + kd->get_next = kdc_get_next; + return (*kd->get_next)(context, kd, host); + } + + return KRB5_KDC_UNREACH; /* XXX */ +} + +static struct krb5_krbhst_data* +common_init(krb5_context context, + const char *realm) +{ + struct krb5_krbhst_data *kd; + + if((kd = calloc(1, sizeof(*kd))) == NULL) + return NULL; + + if((kd->realm = strdup(realm)) == NULL) { + free(kd); + return NULL; + } + + kd->end = kd->index = &kd->hosts; + return kd; +} + +/* + * initialize `handle' to look for hosts of type `type' in realm `realm' + */ + +krb5_error_code +krb5_krbhst_init(krb5_context context, + const char *realm, + unsigned int type, + krb5_krbhst_handle *handle) +{ + struct krb5_krbhst_data *kd; + krb5_error_code (*get_next)(krb5_context, struct krb5_krbhst_data *, + krb5_krbhst_info **); + int def_port; + + switch(type) { + case KRB5_KRBHST_KDC: + get_next = kdc_get_next; + def_port = ntohs(krb5_getportbyname (context, "kerberos", "udp", 88)); + break; + case KRB5_KRBHST_ADMIN: + get_next = admin_get_next; + def_port = ntohs(krb5_getportbyname (context, "kerberos-adm", + "tcp", 749)); + break; + case KRB5_KRBHST_CHANGEPW: + get_next = kpasswd_get_next; + def_port = ntohs(krb5_getportbyname (context, "kpasswd", "udp", + KPASSWD_PORT)); + break; + case KRB5_KRBHST_KRB524: + get_next = krb524_get_next; + def_port = ntohs(krb5_getportbyname (context, "krb524", "udp", 4444)); + break; + default: + krb5_set_error_string(context, "unknown krbhst type (%u)", type); + return ENOTTY; + } + if((kd = common_init(context, realm)) == NULL) + return ENOMEM; + kd->get_next = get_next; + kd->def_port = def_port; + *handle = kd; + return 0; +} + +/* + * return the next host information from `handle' in `host' + */ + +krb5_error_code +krb5_krbhst_next(krb5_context context, + krb5_krbhst_handle handle, + krb5_krbhst_info **host) +{ + if(get_next(handle, host)) + return 0; + + return (*handle->get_next)(context, handle, host); +} + +/* + * return the next host information from `handle' as a host name + * in `hostname' (or length `hostlen) + */ + +krb5_error_code +krb5_krbhst_next_as_string(krb5_context context, + krb5_krbhst_handle handle, + char *hostname, + size_t hostlen) +{ + krb5_error_code ret; + krb5_krbhst_info *host; + ret = krb5_krbhst_next(context, handle, &host); + if(ret) + return ret; + return krb5_krbhst_format_string(context, host, hostname, hostlen); +} + + +void +krb5_krbhst_reset(krb5_context context, krb5_krbhst_handle handle) +{ + handle->index = &handle->hosts; +} + +void +krb5_krbhst_free(krb5_context context, krb5_krbhst_handle handle) +{ + krb5_krbhst_info *h, *next; + + if (handle == NULL) + return; + + for (h = handle->hosts; h != NULL; h = next) { + next = h->next; + free_krbhst_info(h); + } + + free(handle->realm); + free(handle); +} + +/* backwards compatibility ahead */ + +static krb5_error_code +gethostlist(krb5_context context, const char *realm, + unsigned int type, char ***hostlist) +{ + krb5_error_code ret; + int nhost = 0; + krb5_krbhst_handle handle; + char host[MAXHOSTNAMELEN]; + krb5_krbhst_info *hostinfo; + + ret = krb5_krbhst_init(context, realm, type, &handle); + if (ret) + return ret; + + while(krb5_krbhst_next(context, handle, &hostinfo) == 0) + nhost++; + if(nhost == 0) + return KRB5_KDC_UNREACH; + *hostlist = calloc(nhost + 1, sizeof(**hostlist)); + if(*hostlist == NULL) { + krb5_krbhst_free(context, handle); + return ENOMEM; + } + + krb5_krbhst_reset(context, handle); + nhost = 0; + while(krb5_krbhst_next_as_string(context, handle, + host, sizeof(host)) == 0) { + if(((*hostlist)[nhost++] = strdup(host)) == NULL) { + krb5_free_krbhst(context, *hostlist); + krb5_krbhst_free(context, handle); + return ENOMEM; } } - add_string(context, &res, &count, NULL); - *hostlist = res; + (*hostlist)[nhost++] = NULL; + krb5_krbhst_free(context, handle); return 0; } /* - * set `hostlist' to a malloced list of kadmin servers. + * return an malloced list of kadmin-hosts for `realm' in `hostlist' */ krb5_error_code @@ -177,12 +759,11 @@ krb5_get_krb_admin_hst (krb5_context context, const krb5_realm *realm, char ***hostlist) { - return get_krbhst (context, realm, "admin_server", "kerberos-adm", - hostlist); + return gethostlist(context, *realm, KRB5_KRBHST_ADMIN, hostlist); } /* - * set `hostlist' to a malloced list of changepw servers. + * return an malloced list of changepw-hosts for `realm' in `hostlist' */ krb5_error_code @@ -190,19 +771,24 @@ krb5_get_krb_changepw_hst (krb5_context context, const krb5_realm *realm, char ***hostlist) { - krb5_error_code ret; + return gethostlist(context, *realm, KRB5_KRBHST_CHANGEPW, hostlist); +} - ret = get_krbhst (context, realm, "kpasswd_server", "kpasswd", - hostlist); - if (ret) - return ret; - ret = get_krbhst (context, realm, "admin_server", "kpasswd", - hostlist); - return ret; +/* + * return an malloced list of 524-hosts for `realm' in `hostlist' + */ + +krb5_error_code +krb5_get_krb524hst (krb5_context context, + const krb5_realm *realm, + char ***hostlist) +{ + return gethostlist(context, *realm, KRB5_KRBHST_KRB524, hostlist); } + /* - * set `hostlist' to a malloced list of kerberos servers. + * return an malloced list of KDC's for `realm' in `hostlist' */ krb5_error_code @@ -210,11 +796,11 @@ krb5_get_krbhst (krb5_context context, const krb5_realm *realm, char ***hostlist) { - return get_krbhst (context, realm, "kdc", "kerberos", hostlist); + return gethostlist(context, *realm, KRB5_KRBHST_KDC, hostlist); } /* - * free all memory associated with `hostlist' + * free all the memory allocated in `hostlist' */ krb5_error_code diff --git a/crypto/heimdal/lib/krb5/log.c b/crypto/heimdal/lib/krb5/log.c index 1a6d6b2368bb..64f2b84ec0c4 100644 --- a/crypto/heimdal/lib/krb5/log.c +++ b/crypto/heimdal/lib/krb5/log.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2000, 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: log.c,v 1.26 2001/05/14 06:14:49 assar Exp $"); +RCSID("$Id: log.c,v 1.27 2002/02/04 10:48:33 joda Exp $"); struct facility { int min; @@ -363,7 +363,7 @@ krb5_closelog(krb5_context context, { int i; for(i = 0; i < fac->len; i++) - (*fac->val[i].close)(&fac->val[i].data); + (*fac->val[i].close)(fac->val[i].data); return 0; } diff --git a/crypto/heimdal/lib/krb5/mcache.c b/crypto/heimdal/lib/krb5/mcache.c index 8c44b6e400d8..fb75ccea1dd8 100644 --- a/crypto/heimdal/lib/krb5/mcache.c +++ b/crypto/heimdal/lib/krb5/mcache.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: mcache.c,v 1.13 2001/05/14 06:14:49 assar Exp $"); +RCSID("$Id: mcache.c,v 1.14 2001/06/17 23:13:02 assar Exp $"); typedef struct krb5_mcache { char *name; @@ -294,7 +294,7 @@ mcc_remove_cred(krb5_context context, for(q = &m->creds, p = *q; p; p = *q) { if(krb5_compare_creds(context, which, mcreds, &p->cred)) { *q = p->next; - krb5_free_cred_contents(context, &p->cred); + krb5_free_creds_contents(context, &p->cred); free(p); } else q = &p->next; diff --git a/crypto/heimdal/lib/krb5/mk_priv.c b/crypto/heimdal/lib/krb5/mk_priv.c index 1de4a5c9e1ae..3f49a418af73 100644 --- a/crypto/heimdal/lib/krb5/mk_priv.c +++ b/crypto/heimdal/lib/krb5/mk_priv.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: mk_priv.c,v 1.29 2001/05/14 06:14:49 assar Exp $"); +RCSID("$Id: mk_priv.c,v 1.30 2001/06/18 02:44:54 assar Exp $"); /* * @@ -59,8 +59,6 @@ krb5_mk_priv(krb5_context context, int usec2; krb5_crypto crypto; - /* XXX - Is this right? */ - if (auth_context->local_subkey) key = auth_context->local_subkey; else if (auth_context->remote_subkey) diff --git a/crypto/heimdal/lib/krb5/mk_req.c b/crypto/heimdal/lib/krb5/mk_req.c index dbe7f3dbbf5d..a554123b0081 100644 --- a/crypto/heimdal/lib/krb5/mk_req.c +++ b/crypto/heimdal/lib/krb5/mk_req.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: mk_req.c,v 1.23 2001/05/14 06:14:49 assar Exp $"); +RCSID("$Id: mk_req.c,v 1.24 2001/06/18 20:05:52 joda Exp $"); krb5_error_code krb5_mk_req_exact(krb5_context context, @@ -69,12 +69,14 @@ krb5_mk_req_exact(krb5_context context, if (ret) return ret; - return krb5_mk_req_extended (context, - auth_context, - ap_req_options, - in_data, - cred, - outbuf); + ret = krb5_mk_req_extended (context, + auth_context, + ap_req_options, + in_data, + cred, + outbuf); + krb5_free_creds(context, cred); + return ret; } krb5_error_code diff --git a/crypto/heimdal/lib/krb5/mk_safe.c b/crypto/heimdal/lib/krb5/mk_safe.c index 085ebaf2a4f4..114aa8e8b17e 100644 --- a/crypto/heimdal/lib/krb5/mk_safe.c +++ b/crypto/heimdal/lib/krb5/mk_safe.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: mk_safe.c,v 1.26 2001/05/14 06:14:50 assar Exp $"); +RCSID("$Id: mk_safe.c,v 1.27 2001/06/18 02:45:15 assar Exp $"); krb5_error_code krb5_mk_safe(krb5_context context, @@ -53,6 +53,14 @@ krb5_mk_safe(krb5_context context, size_t len; u_int32_t tmp_seq; krb5_crypto crypto; + krb5_keyblock *key; + + if (auth_context->local_subkey) + key = auth_context->local_subkey; + else if (auth_context->remote_subkey) + key = auth_context->remote_subkey; + else + key = auth_context->keyblock; s.pvno = 5; s.msg_type = krb_safe; @@ -88,7 +96,7 @@ krb5_mk_safe(krb5_context context, free (buf); return ret; } - ret = krb5_crypto_init(context, auth_context->keyblock, 0, &crypto); + ret = krb5_crypto_init(context, key, 0, &crypto); if (ret) { free (buf); return ret; diff --git a/crypto/heimdal/lib/krb5/principal.c b/crypto/heimdal/lib/krb5/principal.c index 0bffef46ed42..5d59594b9cf2 100644 --- a/crypto/heimdal/lib/krb5/principal.c +++ b/crypto/heimdal/lib/krb5/principal.c @@ -41,7 +41,7 @@ #include <fnmatch.h> #include "resolve.h" -RCSID("$Id: principal.c,v 1.74 2001/05/14 06:14:50 assar Exp $"); +RCSID("$Id: principal.c,v 1.78 2001/09/20 09:46:20 joda Exp $"); #define princ_num_comp(P) ((P)->name.name_string.len) #define princ_type(P) ((P)->name.name_type) @@ -59,6 +59,30 @@ krb5_free_principal(krb5_context context, } } +int +krb5_principal_get_type(krb5_context context, + krb5_principal principal) +{ + return princ_type(principal); +} + +const char * +krb5_principal_get_realm(krb5_context context, + krb5_principal principal) +{ + return princ_realm(principal); +} + +const char * +krb5_principal_get_comp_string(krb5_context context, + krb5_principal principal, + unsigned int component) +{ + if(component >= princ_num_comp(principal)) + return NULL; + return princ_ncomp(principal, component); +} + krb5_error_code krb5_parse_name(krb5_context context, const char *name, @@ -599,6 +623,7 @@ struct v4_name_convert { { "pop", "pop" }, { "imap", "imap" }, { "rcmd", "host" }, + { "smtp", "smtp" }, { NULL, NULL } }; @@ -665,6 +690,7 @@ krb5_425_conv_principal_ext(krb5_context context, krb5_error_code ret; krb5_principal pr; char host[MAXHOSTNAMELEN]; + char local_hostname[MAXHOSTNAMELEN]; /* do the following: if the name is found in the `v4_name_convert:host' part, is is assumed to be a `host' type @@ -739,6 +765,30 @@ krb5_425_conv_principal_ext(krb5_context context, dns_free_data(r); #endif } + if(func != NULL) { + snprintf(host, sizeof(host), "%s.%s", instance, realm); + strlwr(host); + ret = krb5_make_principal(context, &pr, realm, name, host, NULL); + if((*func)(context, pr)){ + *princ = pr; + return 0; + } + krb5_free_principal(context, pr); + } + + /* + * if the instance is the first component of the local hostname, + * the converted host should be the long hostname. + */ + + if (func == NULL && + gethostname (local_hostname, sizeof(local_hostname)) == 0 && + strncmp(instance, local_hostname, strlen(instance)) == 0 && + local_hostname[strlen(instance)] == '.') { + strlcpy(host, local_hostname, sizeof(host)); + goto local_host; + } + { char **domains, **d; domains = krb5_config_get_strings(context, NULL, "realms", realm, @@ -755,7 +805,7 @@ krb5_425_conv_principal_ext(krb5_context context, } krb5_config_free_strings(domains); } - + p = krb5_config_get_string(context, NULL, "realms", realm, "default_domain", NULL); @@ -768,6 +818,7 @@ krb5_425_conv_principal_ext(krb5_context context, if (*p == '.') ++p; snprintf(host, sizeof(host), "%s.%s", instance, p); +local_host: ret = krb5_make_principal(context, &pr, realm, name, host, NULL); if(func == NULL || (*func)(context, pr)){ *princ = pr; diff --git a/crypto/heimdal/lib/krb5/rd_cred.c b/crypto/heimdal/lib/krb5/rd_cred.c index c7729b1adc1f..746e2d1d109a 100644 --- a/crypto/heimdal/lib/krb5/rd_cred.c +++ b/crypto/heimdal/lib/krb5/rd_cred.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: rd_cred.c,v 1.14 2001/05/14 06:14:50 assar Exp $"); +RCSID("$Id: rd_cred.c,v 1.15 2001/06/29 14:53:44 assar Exp $"); krb5_error_code krb5_rd_cred(krb5_context context, @@ -181,6 +181,12 @@ krb5_rd_cred(krb5_context context, *ret_creds = calloc(enc_krb_cred_part.ticket_info.len + 1, sizeof(**ret_creds)); + if (*ret_creds == NULL) { + ret = ENOMEM; + krb5_set_error_string (context, "malloc: out of memory"); + goto out; + } + for (i = 0; i < enc_krb_cred_part.ticket_info.len; ++i) { KrbCredInfo *kci = &enc_krb_cred_part.ticket_info.val[i]; krb5_creds *creds; diff --git a/crypto/heimdal/lib/krb5/rd_priv.c b/crypto/heimdal/lib/krb5/rd_priv.c index 1447c143aa0b..36ffed598067 100644 --- a/crypto/heimdal/lib/krb5/rd_priv.c +++ b/crypto/heimdal/lib/krb5/rd_priv.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: rd_priv.c,v 1.28 2001/05/14 06:14:50 assar Exp $"); +RCSID("$Id: rd_priv.c,v 1.29 2001/06/18 02:46:15 assar Exp $"); krb5_error_code krb5_rd_priv(krb5_context context, @@ -65,12 +65,10 @@ krb5_rd_priv(krb5_context context, goto failure; } - /* XXX - Is this right? */ - - if (auth_context->local_subkey) - key = auth_context->local_subkey; - else if (auth_context->remote_subkey) + if (auth_context->remote_subkey) key = auth_context->remote_subkey; + else if (auth_context->local_subkey) + key = auth_context->local_subkey; else key = auth_context->keyblock; diff --git a/crypto/heimdal/lib/krb5/rd_rep.c b/crypto/heimdal/lib/krb5/rd_rep.c index 7462b3d9033b..7f947de5e143 100644 --- a/crypto/heimdal/lib/krb5/rd_rep.c +++ b/crypto/heimdal/lib/krb5/rd_rep.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: rd_rep.c,v 1.21 2001/05/14 06:14:50 assar Exp $"); +RCSID("$Id: rd_rep.c,v 1.22 2001/06/18 02:46:53 assar Exp $"); krb5_error_code krb5_rd_rep(krb5_context context, @@ -97,7 +97,10 @@ krb5_rd_rep(krb5_context context, goto out; } if ((*repl)->seq_number) - auth_context->remote_seqnumber = *((*repl)->seq_number); + krb5_auth_con_setremoteseqnumber(context, auth_context, + *((*repl)->seq_number)); + if ((*repl)->subkey) + krb5_auth_con_setremotesubkey(context, auth_context, (*repl)->subkey); out: krb5_data_free (&data); diff --git a/crypto/heimdal/lib/krb5/rd_req.c b/crypto/heimdal/lib/krb5/rd_req.c index b7059e1efc1d..69fb059e4e63 100644 --- a/crypto/heimdal/lib/krb5/rd_req.c +++ b/crypto/heimdal/lib/krb5/rd_req.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: rd_req.c,v 1.45 2001/05/14 06:14:50 assar Exp $"); +RCSID("$Id: rd_req.c,v 1.47 2001/06/18 02:48:18 assar Exp $"); static krb5_error_code decrypt_tkt_enc_part (krb5_context context, @@ -181,7 +181,7 @@ krb5_verify_authenticator_checksum(krb5_context context, krb5_authenticator authenticator; krb5_crypto crypto; - ret = krb5_auth_getauthenticator (context, + ret = krb5_auth_con_getauthenticator (context, ac, &authenticator); if(ret) @@ -343,17 +343,16 @@ krb5_verify_ap_req2(krb5_context context, } if (ac->authenticator->seq_number) - ac->remote_seqnumber = *ac->authenticator->seq_number; + krb5_auth_con_setremoteseqnumber(context, ac, + *ac->authenticator->seq_number); /* XXX - Xor sequence numbers */ - /* XXX - subkeys? */ - /* And where should it be stored? */ - if (ac->authenticator->subkey) { - krb5_copy_keyblock(context, - ac->authenticator->subkey, - &ac->remote_subkey); + ret = krb5_auth_con_setremotesubkey(context, ac, + ac->authenticator->subkey); + if (ret) + goto out2; } if (ap_req_options) { diff --git a/crypto/heimdal/lib/krb5/rd_safe.c b/crypto/heimdal/lib/krb5/rd_safe.c index 62d36468971e..71271c667276 100644 --- a/crypto/heimdal/lib/krb5/rd_safe.c +++ b/crypto/heimdal/lib/krb5/rd_safe.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: rd_safe.c,v 1.24 2001/05/14 06:14:51 assar Exp $"); +RCSID("$Id: rd_safe.c,v 1.26 2002/02/14 12:47:47 joda Exp $"); static krb5_error_code verify_checksum(krb5_context context, @@ -46,13 +46,13 @@ verify_checksum(krb5_context context, size_t len; Checksum c; krb5_crypto crypto; + krb5_keyblock *key; c = safe->cksum; safe->cksum.cksumtype = 0; safe->cksum.checksum.data = NULL; safe->cksum.checksum.length = 0; - buf_size = length_KRB_SAFE(safe); buf = malloc(buf_size); @@ -66,7 +66,15 @@ verify_checksum(krb5_context context, buf_size, safe, &len); - ret = krb5_crypto_init(context, auth_context->keyblock, 0, &crypto); + + if (auth_context->remote_subkey) + key = auth_context->remote_subkey; + else if (auth_context->local_subkey) + key = auth_context->local_subkey; + else + key = auth_context->keyblock; + + ret = krb5_crypto_init(context, key, 0, &crypto); if (ret) goto out; ret = krb5_verify_checksum (context, diff --git a/crypto/heimdal/lib/krb5/replay.c b/crypto/heimdal/lib/krb5/replay.c index d4f556992e47..4298d12e2f1b 100644 --- a/crypto/heimdal/lib/krb5/replay.c +++ b/crypto/heimdal/lib/krb5/replay.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include <vis.h> -RCSID("$Id: replay.c,v 1.8 2001/05/14 06:14:51 assar Exp $"); +RCSID("$Id: replay.c,v 1.9 2001/07/03 19:33:13 assar Exp $"); struct krb5_rcache_data { char *name; @@ -285,7 +285,7 @@ krb5_get_server_rcache(krb5_context context, } strvisx(tmp, piece->data, piece->length, VIS_WHITE | VIS_OCTAL); #ifdef HAVE_GETEUID - asprintf(&name, "FILE:rc_%s_%u", tmp, geteuid()); + asprintf(&name, "FILE:rc_%s_%u", tmp, (unsigned)geteuid()); #else asprintf(&name, "FILE:rc_%s", tmp); #endif diff --git a/crypto/heimdal/lib/krb5/send_to_kdc.c b/crypto/heimdal/lib/krb5/send_to_kdc.c index 5a66f0279a9d..37ba96df2a15 100644 --- a/crypto/heimdal/lib/krb5/send_to_kdc.c +++ b/crypto/heimdal/lib/krb5/send_to_kdc.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: send_to_kdc.c,v 1.44 2001/05/14 22:49:56 assar Exp $"); +RCSID("$Id: send_to_kdc.c,v 1.47 2001/07/03 19:35:46 assar Exp $"); /* * send the data in `req' on the socket `fd' (which is datagram iff udp) @@ -237,7 +237,7 @@ init_port(const char *s, int fallback) static int send_via_proxy (krb5_context context, - const char *hostname, + const krb5_krbhst_info *hi, const krb5_data *send, krb5_data *receive) { @@ -248,7 +248,7 @@ send_via_proxy (krb5_context context, struct addrinfo hints; struct addrinfo *ai, *a; int ret; - int s; + int s = -1; char portstr[NI_MAXSERV]; if (proxy == NULL) @@ -285,7 +285,7 @@ send_via_proxy (krb5_context context, } freeaddrinfo (ai); - asprintf(&prefix, "http://%s/", hostname); + asprintf(&prefix, "http://%s/", hi->hostname); if(prefix == NULL) { close(s); return 1; @@ -300,66 +300,38 @@ send_via_proxy (krb5_context context, } /* - * Send the data `send' to one hots in `hostlist' and get back the reply + * Send the data `send' to one host from `handle` and get back the reply * in `receive'. */ krb5_error_code krb5_sendto (krb5_context context, const krb5_data *send, - char **hostlist, - int port, + krb5_krbhst_handle handle, krb5_data *receive) { krb5_error_code ret = 0; - char **hp, *p; int fd; int i; for (i = 0; i < context->max_retries; ++i) { - for (hp = hostlist; (p = *hp); ++hp) { - char *colon; - int http_flag = 0; - int tcp_flag = 0; + krb5_krbhst_info *hi; + + while (krb5_krbhst_next(context, handle, &hi) == 0) { + int ret; struct addrinfo *ai, *a; - struct addrinfo hints; - char portstr[NI_MAXSERV]; - - if(strncmp(p, "http://", 7) == 0){ - p += 7; - http_flag = 1; - port = htons(80); - } else if(strncmp(p, "http/", 5) == 0) { - p += 5; - http_flag = 1; - port = htons(80); - }else if(strncmp(p, "tcp/", 4) == 0){ - p += 4; - tcp_flag = 1; - } else if(strncmp(p, "udp/", 4) == 0) { - p += 4; - } - if(http_flag && context->http_proxy) { - if (send_via_proxy (context, p, send, receive)) + + if(hi->proto == KRB5_KRBHST_HTTP && context->http_proxy) { + if (send_via_proxy (context, hi, send, receive)) continue; else goto out; } - colon = strchr (p, ':'); - if (colon) - *colon++ = '\0'; - - memset (&hints, 0, sizeof(hints)); - hints.ai_family = PF_UNSPEC; - if (tcp_flag || http_flag) - hints.ai_socktype = SOCK_STREAM; - else - hints.ai_socktype = SOCK_DGRAM; - snprintf (portstr, sizeof(portstr), "%d", - ntohs(init_port (colon, port))); - ret = getaddrinfo (p, portstr, &hints, &ai); + + ret = krb5_krbhst_get_addrinfo(context, hi, &ai); if (ret) continue; + for (a = ai; a != NULL; a = a->ai_next) { fd = socket (a->ai_family, a->ai_socktype, a->ai_protocol); if (fd < 0) @@ -368,23 +340,26 @@ krb5_sendto (krb5_context context, close (fd); continue; } - if(http_flag) + switch (hi->proto) { + case KRB5_KRBHST_HTTP : ret = send_and_recv_http(fd, context->kdc_timeout, "", send, receive); - else if(tcp_flag) + break; + case KRB5_KRBHST_TCP : ret = send_and_recv_tcp (fd, context->kdc_timeout, send, receive); - else + break; + case KRB5_KRBHST_UDP : ret = send_and_recv_udp (fd, context->kdc_timeout, send, receive); + break; + } close (fd); - if(ret == 0 && receive->length != 0) { - freeaddrinfo(ai); + if(ret == 0 && receive->length != 0) goto out; - } } - freeaddrinfo(ai); } + krb5_krbhst_reset(context, handle); } krb5_clear_error_string (context); ret = KRB5_KDC_UNREACH; @@ -400,19 +375,20 @@ krb5_sendto_kdc2(krb5_context context, krb5_boolean master) { krb5_error_code ret; - char **hostlist; - int port; - - port = krb5_getportbyname (context, "kerberos", "udp", 88); - + krb5_krbhst_handle handle; + int type; + if (master || context->use_admin_kdc) - ret = krb5_get_krb_admin_hst (context, realm, &hostlist); + type = KRB5_KRBHST_ADMIN; else - ret = krb5_get_krbhst (context, realm, &hostlist); + type = KRB5_KRBHST_KDC; + + ret = krb5_krbhst_init(context, *realm, type, &handle); if (ret) return ret; - ret = krb5_sendto(context, send, hostlist, port, receive); - krb5_free_krbhst (context, hostlist); + + ret = krb5_sendto(context, send, handle, receive); + krb5_krbhst_free(context, handle); if (ret == KRB5_KDC_UNREACH) krb5_set_error_string(context, "unable to reach any KDC in realm %s", *realm); diff --git a/crypto/heimdal/lib/krb5/set_default_realm.c b/crypto/heimdal/lib/krb5/set_default_realm.c index 9cb49c398732..8b872dfaa8b6 100644 --- a/crypto/heimdal/lib/krb5/set_default_realm.c +++ b/crypto/heimdal/lib/krb5/set_default_realm.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: set_default_realm.c,v 1.12 2001/05/14 06:14:51 assar Exp $"); +RCSID("$Id: set_default_realm.c,v 1.13 2001/09/18 09:43:31 joda Exp $"); /* * Convert the simple string `s' into a NULL-terminated and freshly allocated @@ -67,7 +67,7 @@ string_to_list (krb5_context context, const char *s, krb5_realm **list) krb5_error_code krb5_set_default_realm(krb5_context context, - char *realm) + const char *realm) { krb5_error_code ret = 0; krb5_realm *realms = NULL; diff --git a/crypto/heimdal/lib/krb5/sock_principal.c b/crypto/heimdal/lib/krb5/sock_principal.c index d7a77a4426d6..7bb0bdfb022d 100644 --- a/crypto/heimdal/lib/krb5/sock_principal.c +++ b/crypto/heimdal/lib/krb5/sock_principal.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: sock_principal.c,v 1.13 2001/05/14 06:14:51 assar Exp $"); +RCSID("$Id: sock_principal.c,v 1.16 2001/07/26 09:05:30 assar Exp $"); krb5_error_code krb5_sock_to_principal (krb5_context context, @@ -43,48 +43,28 @@ krb5_sock_to_principal (krb5_context context, krb5_principal *ret_princ) { krb5_error_code ret; - krb5_address address; struct sockaddr_storage __ss; struct sockaddr *sa = (struct sockaddr *)&__ss; - socklen_t len = sizeof(__ss); - struct hostent *hostent; - int family; - char *hname = NULL; + socklen_t salen = sizeof(__ss); + char hostname[NI_MAXHOST]; - if (getsockname (sock, sa, &len) < 0) { + if (getsockname (sock, sa, &salen) < 0) { ret = errno; krb5_set_error_string (context, "getsockname: %s", strerror(ret)); return ret; } - family = sa->sa_family; - - ret = krb5_sockaddr2address (context, sa, &address); - if (ret) - return ret; - - hostent = roken_gethostbyaddr (address.address.data, - address.address.length, - family); - - if (hostent == NULL) { - krb5_set_error_string (context, "gethostbyaddr: %s", - hstrerror(h_errno)); - return krb5_h_errno_to_heim_errno(h_errno); - } - hname = hostent->h_name; - if (strchr(hname, '.') == NULL) { - char **a; + ret = getnameinfo (sa, salen, hostname, sizeof(hostname), NULL, 0, 0); + if (ret) { + int save_errno = errno; - for (a = hostent->h_aliases; a != NULL && *a != NULL; ++a) - if (strchr(*a, '.') != NULL) { - hname = *a; - break; - } + krb5_set_error_string (context, "getnameinfo: %s", gai_strerror(ret)); + return krb5_eai_to_heim_errno(ret, save_errno); } - return krb5_sname_to_principal (context, - hname, - sname, - type, - ret_princ); + ret = krb5_sname_to_principal (context, + hostname, + sname, + type, + ret_princ); + return ret; } diff --git a/crypto/heimdal/lib/krb5/store_emem.c b/crypto/heimdal/lib/krb5/store_emem.c index 4d531c6a10db..93a88119b28c 100644 --- a/crypto/heimdal/lib/krb5/store_emem.c +++ b/crypto/heimdal/lib/krb5/store_emem.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 200 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: store_emem.c,v 1.10 2000/05/19 14:39:49 assar Exp $"); +RCSID("$Id: store_emem.c,v 1.11 2002/02/11 13:03:25 joda Exp $"); typedef struct emem_storage{ unsigned char *base; @@ -104,7 +104,9 @@ emem_seek(krb5_storage *sp, off_t offset, int whence) static void emem_free(krb5_storage *sp) { - free(((emem_storage*)sp->data)->base); + emem_storage *s = sp->data; + memset(s->base, 0, s->len); + free(s->base); } krb5_storage * diff --git a/crypto/heimdal/lib/krb5/store_fd.c b/crypto/heimdal/lib/krb5/store_fd.c index 2c795bdd8817..91545d5ed03d 100644 --- a/crypto/heimdal/lib/krb5/store_fd.c +++ b/crypto/heimdal/lib/krb5/store_fd.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: store_fd.c,v 1.8 2001/01/29 02:32:35 assar Exp $"); +RCSID("$Id: store_fd.c,v 1.9 2001/06/24 05:39:51 assar Exp $"); typedef struct fd_storage{ int fd; @@ -63,7 +63,15 @@ krb5_storage * krb5_storage_from_fd(int fd) { krb5_storage *sp = malloc(sizeof(krb5_storage)); + + if (sp == NULL) + return NULL; + sp->data = malloc(sizeof(fd_storage)); + if (sp->data == NULL) { + free(sp); + return NULL; + } sp->flags = 0; FD(sp) = fd; sp->fetch = fd_fetch; diff --git a/crypto/heimdal/lib/krb5/verify_krb5_conf.8 b/crypto/heimdal/lib/krb5/verify_krb5_conf.8 index 5aba5d842544..009ff4ef3cfc 100644 --- a/crypto/heimdal/lib/krb5/verify_krb5_conf.8 +++ b/crypto/heimdal/lib/krb5/verify_krb5_conf.8 @@ -1,13 +1,11 @@ -.\" $Id: verify_krb5_conf.8,v 1.3 2001/05/02 08:59:23 assar Exp $ +.\" $Id: verify_krb5_conf.8,v 1.6 2002/02/15 12:58:19 joda Exp $ .\" -.Dd March 4, 2000 +.Dd August 30, 2001 .Dt VERIFY_KRB5_CONF 8 .Os HEIMDAL .Sh NAME .Nm verify_krb5_conf -.Nd does a crude test that -.Pa krb5.conf -does not contain any obvious syntax error +.Nd checks krb5.conf for obvious errors .Sh SYNOPSIS .Nm .Ar [config-file] @@ -17,16 +15,50 @@ reads the configuration file .Pa krb5.conf , or the file given on the command line, and parses it, thereby verifying that the syntax is not correctly wrong. -Since that file is read by almost all Kerberos programs but most of -them have no way of notifying the user that it could not be parsed, -this program is useful. +.Pp +If the file is syntactically correct, +.Nm +tries to verify that the contents of the file is of relevant nature. +.Sh DIAGNOSTICS +Possible output from +.Nm +include: +.Bl -tag -width "<path>" +.It "<path>: failed to parse <something> as size/time/number/boolean" +Usually means that <something> is misspelled, or that it contains +weird characters. The parsing done by +.Nm +is more strict than the one performed by libkrb5, and so strings that +work in real life, might be reported as bad. +.It "<path>: host not found (<hostname>)" +Means that <path> is supposed to point to a host, but it can't be +recognised as one. +.It <path>: unknown or wrong type +Means that <path> is either is a string when it should be a list, vice +versa, or just that +.Nm +is confused. +.It <path>: unknown entry +Means that <string> is not known by +.Nm "" . +.El .Sh ENVIRONMENT .Ev KRB5_CONFIG points to the configuration file to read. .Sh FILES -.Xr krb5.conf 5 +.Bl -tag -width /etc/krb5.conf -compact +.It Pa /etc/krb5.conf +Kerberos 5 configuration file +.El .Sh SEE ALSO .Xr krb5.conf 5 .Sh BUGS -It should know about what variables are actually used and warn about -unknown ones. +Since each application can put almost anything in the config file, +it's hard to come up with a water tight verification process. Most of +the default settings are sanity checked, but this does not mean that +every problem is discovered, or that everything that is reported as a +possible problem actually is one. This tool should thus be used with +some care. +.Pp +It should warn about obsolete data, or bad practice, but currently +doesn't. diff --git a/crypto/heimdal/lib/krb5/verify_krb5_conf.c b/crypto/heimdal/lib/krb5/verify_krb5_conf.c index e480324684f6..de9e51db6bd0 100644 --- a/crypto/heimdal/lib/krb5/verify_krb5_conf.c +++ b/crypto/heimdal/lib/krb5/verify_krb5_conf.c @@ -33,7 +33,9 @@ #include "krb5_locl.h" #include <getarg.h> -RCSID("$Id: verify_krb5_conf.c,v 1.5 2001/05/14 06:14:52 assar Exp $"); +#include <parse_bytes.h> +#include <err.h> +RCSID("$Id: verify_krb5_conf.c,v 1.7 2001/09/03 05:42:35 assar Exp $"); /* verify krb5.conf */ @@ -57,6 +59,263 @@ usage (int ret) exit (ret); } +static int +check_bytes(krb5_context context, const char *path, char *data) +{ + if(parse_bytes(data, NULL) == -1) { + krb5_warnx(context, "%s: failed to parse \"%s\" as size", path, data); + return 1; + } + return 0; +} + +static int +check_time(krb5_context context, const char *path, char *data) +{ + if(parse_time(data, NULL) == -1) { + krb5_warnx(context, "%s: failed to parse \"%s\" as time", path, data); + return 1; + } + return 0; +} + +static int +check_numeric(krb5_context context, const char *path, char *data) +{ + long int v; + char *end; + v = strtol(data, &end, 0); + if(*end != '\0') { + krb5_warnx(context, "%s: failed to parse \"%s\" as a number", + path, data); + return 1; + } + return 0; +} + +static int +check_boolean(krb5_context context, const char *path, char *data) +{ + long int v; + char *end; + if(strcasecmp(data, "yes") == 0 || + strcasecmp(data, "true") == 0 || + strcasecmp(data, "no") == 0 || + strcasecmp(data, "false") == 0) + return 0; + v = strtol(data, &end, 0); + if(*end != '\0') { + krb5_warnx(context, "%s: failed to parse \"%s\" as a boolean", + path, data); + return 1; + } + return 0; +} + +static int +check_host(krb5_context context, const char *path, char *data) +{ + int ret; + char hostname[128]; + const char *p = data; + struct addrinfo *ai; + /* XXX data could be a list of hosts that this code can't handle */ + /* XXX copied from krbhst.c */ + if(strncmp(p, "http://", 7) == 0){ + p += 7; + } else if(strncmp(p, "http/", 5) == 0) { + p += 5; + }else if(strncmp(p, "tcp/", 4) == 0){ + p += 4; + } else if(strncmp(p, "udp/", 4) == 0) { + p += 4; + } + if(strsep_copy(&p, ":", hostname, sizeof(hostname)) < 0) { + return 1; + } + hostname[strcspn(hostname, "/")] = '\0'; + ret = getaddrinfo(hostname, "telnet" /* XXX */, NULL, &ai); + if(ret != 0) { + if(ret == EAI_NODATA) + krb5_warnx(context, "%s: host not found (%s)", path, hostname); + else + krb5_warnx(context, "%s: %s (%s)", path, gai_strerror(ret), hostname); + return 1; + } + return 0; +} + +typedef int (*check_func_t)(krb5_context, const char*, char*); +struct entry { + const char *name; + int type; + void *check_data; +}; + +struct entry all_strings[] = { + { "", krb5_config_string, NULL }, + { NULL } +}; + +struct entry v4_name_convert_entries[] = { + { "host", krb5_config_list, all_strings }, + { "plain", krb5_config_list, all_strings }, + { NULL } +}; + +struct entry libdefaults_entries[] = { + { "accept_null_addresses", krb5_config_string, check_boolean }, + { "capath", krb5_config_list, all_strings }, + { "clockskew", krb5_config_string, check_time }, + { "date_format", krb5_config_string, NULL }, + { "default_etypes", krb5_config_string, NULL }, + { "default_etypes_des", krb5_config_string, NULL }, + { "default_keytab_modify_name", krb5_config_string, NULL }, + { "default_keytab_name", krb5_config_string, NULL }, + { "default_realm", krb5_config_string, NULL }, + { "dns_proxy", krb5_config_string, NULL }, + { "egd_socket", krb5_config_string, NULL }, + { "encrypt", krb5_config_string, check_boolean }, + { "extra_addresses", krb5_config_string, NULL }, + { "fcache_version", krb5_config_string, check_numeric }, + { "forward", krb5_config_string, check_boolean }, + { "forwardable", krb5_config_string, check_boolean }, + { "http_proxy", krb5_config_string, check_host /* XXX */ }, + { "ignore_addresses", krb5_config_string, NULL }, + { "kdc_timeout", krb5_config_string, check_time }, + { "kdc_timesync", krb5_config_string, check_boolean }, + { "krb4_get_tickets", krb5_config_string, check_boolean }, + { "log_utc", krb5_config_string, check_boolean }, + { "maxretries", krb5_config_string, check_numeric }, + { "scan_interfaces", krb5_config_string, check_boolean }, + { "srv_lookup", krb5_config_string, check_boolean }, + { "srv_try_txt", krb5_config_string, check_boolean }, + { "ticket_lifetime", krb5_config_string, check_time }, + { "time_format", krb5_config_string, NULL }, + { "transited_realms_reject", krb5_config_string, NULL }, + { "v4_instance_resolve", krb5_config_string, check_boolean }, + { "v4_name_convert", krb5_config_list, v4_name_convert_entries }, + { "verify_ap_req_nofail", krb5_config_string, check_boolean }, + { NULL } +}; + +struct entry appdefaults_entries[] = { + { "forwardable", krb5_config_string, check_boolean }, + { "proxiable", krb5_config_string, check_boolean }, + { "ticket_lifetime", krb5_config_string, check_time }, + { "renew_lifetime", krb5_config_string, check_time }, + { "no-addresses", krb5_config_string, check_boolean }, +#if 0 + { "anonymous", krb5_config_string, check_boolean }, +#endif + { "", krb5_config_list, appdefaults_entries }, + { NULL } +}; + +struct entry realms_entries[] = { + { "forwardable", krb5_config_string, check_boolean }, + { "proxiable", krb5_config_string, check_boolean }, + { "ticket_lifetime", krb5_config_string, check_time }, + { "renew_lifetime", krb5_config_string, check_time }, + { "warn_pwexpire", krb5_config_string, check_time }, + { "kdc", krb5_config_string, check_host }, + { "admin_server", krb5_config_string, check_host }, + { "kpasswd_server", krb5_config_string, check_host }, + { "krb524_server", krb5_config_string, check_host }, + { "v4_name_convert", krb5_config_list, v4_name_convert_entries }, + { "v4_instance_convert", krb5_config_list, all_strings }, + { "v4_domains", krb5_config_string, NULL }, + { "default_domain", krb5_config_string, NULL }, + { NULL } +}; + +struct entry realms_foobar[] = { + { "", krb5_config_list, realms_entries }, + { NULL } +}; + + +struct entry kdc_database_entries[] = { + { "realm", krb5_config_string, NULL }, + { "dbname", krb5_config_string, NULL }, + { "mkey_file", krb5_config_string, NULL }, + { NULL } +}; + +struct entry kdc_entries[] = { + { "database", krb5_config_list, kdc_database_entries }, + { "key-file", krb5_config_string, NULL }, + { "logging", krb5_config_string, NULL }, + { "max-request", krb5_config_string, check_bytes }, + { "require-preauth", krb5_config_string, check_boolean }, + { "ports", krb5_config_string, NULL }, + { "addresses", krb5_config_string, NULL }, + { "enable-kerberos4", krb5_config_string, check_boolean }, + { "enable-524", krb5_config_string, check_boolean }, + { "enable-http", krb5_config_string, check_boolean }, + { "check_ticket-addresses", krb5_config_string, check_boolean }, + { "allow-null-addresses", krb5_config_string, check_boolean }, + { "allow-anonymous", krb5_config_string, check_boolean }, + { "v4_realm", krb5_config_string, NULL }, + { "enable-kaserver", krb5_config_string, check_boolean }, + { "encode_as_rep_as_tgs_rep", krb5_config_string, check_boolean }, + { "kdc_warn_pwexpire", krb5_config_string, check_time }, + { NULL } +}; + +struct entry kadmin_entries[] = { + { "password_lifetime", krb5_config_string, check_time }, + { "default_keys", krb5_config_string, NULL }, + { "use_v4_salt", krb5_config_string, NULL }, + { NULL } +}; +struct entry toplevel_sections[] = { + { "libdefaults" , krb5_config_list, libdefaults_entries }, + { "realms", krb5_config_list, realms_foobar }, + { "domain_realm", krb5_config_list, all_strings }, + { "logging", krb5_config_list, all_strings }, + { "kdc", krb5_config_list, kdc_entries }, + { "kadmin", krb5_config_list, kadmin_entries }, + { "appdefaults", krb5_config_list, appdefaults_entries }, + { NULL } +}; + + +static int +check_section(krb5_context context, const char *path, krb5_config_section *cf, + struct entry *entries) +{ + int error = 0; + krb5_config_section *p; + struct entry *e; + + char *local; + + for(p = cf; p != NULL; p = p->next) { + asprintf(&local, "%s/%s", path, p->name); + for(e = entries; e->name != NULL; e++) { + if(*e->name == '\0' || strcmp(e->name, p->name) == 0) { + if(e->type != p->type) { + krb5_warnx(context, "%s: unknown or wrong type", local); + error |= 1; + } else if(p->type == krb5_config_string && e->check_data != NULL) { + error |= (*(check_func_t)e->check_data)(context, local, p->u.string); + } else if(p->type == krb5_config_list && e->check_data != NULL) { + error |= check_section(context, local, p->u.list, e->check_data); + } + break; + } + } + if(e->name == NULL) { + krb5_warnx(context, "%s: unknown entry", local); + error |= 1; + } + free(local); + } + return error; +} + + int main(int argc, char **argv) { @@ -97,8 +356,10 @@ main(int argc, char **argv) } ret = krb5_config_parse_file (context, config_file, &tmp_cf); - if (ret == 0) - return 0; - krb5_warn (context, ret, "krb5_config_parse_file"); - return 1; + if (ret != 0) { + krb5_warn (context, ret, "krb5_config_parse_file"); + return 1; + } + + return check_section(context, "", tmp_cf, toplevel_sections); } diff --git a/crypto/heimdal/lib/krb5/write_message.c b/crypto/heimdal/lib/krb5/write_message.c index 16a40f0e7642..3e23a3aaa951 100644 --- a/crypto/heimdal/lib/krb5/write_message.c +++ b/crypto/heimdal/lib/krb5/write_message.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: write_message.c,v 1.7 2001/05/14 06:14:52 assar Exp $"); +RCSID("$Id: write_message.c,v 1.8 2001/07/02 18:43:06 joda Exp $"); krb5_error_code krb5_write_message (krb5_context context, @@ -75,7 +75,6 @@ krb5_write_priv_message(krb5_context context, krb5_error_code krb5_write_safe_message(krb5_context context, krb5_auth_context ac, - krb5_boolean priv, krb5_pointer p_fd, krb5_data *data) { |