diff options
Diffstat (limited to 'crypto/heimdal/lib/gssapi')
-rw-r--r-- | crypto/heimdal/lib/gssapi/8003.c | 75 | ||||
-rw-r--r-- | crypto/heimdal/lib/gssapi/ChangeLog | 72 | ||||
-rw-r--r-- | crypto/heimdal/lib/gssapi/Makefile.am | 7 | ||||
-rw-r--r-- | crypto/heimdal/lib/gssapi/Makefile.in | 357 | ||||
-rw-r--r-- | crypto/heimdal/lib/gssapi/accept_sec_context.c | 106 | ||||
-rw-r--r-- | crypto/heimdal/lib/gssapi/acquire_cred.c | 22 | ||||
-rw-r--r-- | crypto/heimdal/lib/gssapi/decapsulate.c | 9 | ||||
-rw-r--r-- | crypto/heimdal/lib/gssapi/display_status.c | 22 | ||||
-rw-r--r-- | crypto/heimdal/lib/gssapi/encapsulate.c | 9 | ||||
-rw-r--r-- | crypto/heimdal/lib/gssapi/get_mic.c | 16 | ||||
-rw-r--r-- | crypto/heimdal/lib/gssapi/gssapi_locl.h | 26 | ||||
-rw-r--r-- | crypto/heimdal/lib/gssapi/init.c | 13 | ||||
-rw-r--r-- | crypto/heimdal/lib/gssapi/init_sec_context.c | 33 | ||||
-rw-r--r-- | crypto/heimdal/lib/gssapi/unwrap.c | 30 | ||||
-rw-r--r-- | crypto/heimdal/lib/gssapi/verify_mic.c | 18 | ||||
-rw-r--r-- | crypto/heimdal/lib/gssapi/wrap.c | 37 |
16 files changed, 514 insertions, 338 deletions
diff --git a/crypto/heimdal/lib/gssapi/8003.c b/crypto/heimdal/lib/gssapi/8003.c index c0d888165184..a4941ef1ede7 100644 --- a/crypto/heimdal/lib/gssapi/8003.c +++ b/crypto/heimdal/lib/gssapi/8003.c @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: 8003.c,v 1.8 2001/01/29 02:08:58 assar Exp $"); +RCSID("$Id: 8003.c,v 1.10 2001/08/29 02:21:09 assar Exp $"); static krb5_error_code encode_om_uint32(OM_uint32 n, u_char *p) @@ -86,27 +86,35 @@ hash_input_chan_bindings (const gss_channel_bindings_t b, return 0; } -krb5_error_code +/* + * create a checksum over the chanel bindings in + * `input_chan_bindings', `flags' and `fwd_data' and return it in + * `result' + */ + +OM_uint32 gssapi_krb5_create_8003_checksum ( + OM_uint32 *minor_status, const gss_channel_bindings_t input_chan_bindings, OM_uint32 flags, - krb5_data *fwd_data, + const krb5_data *fwd_data, Checksum *result) { u_char *p; /* * see rfc1964 (section 1.1.1 (Initial Token), and the checksum value - * field's format) - */ + * field's format) */ result->cksumtype = 0x8003; if (fwd_data->length > 0 && (flags & GSS_C_DELEG_FLAG)) result->checksum.length = 24 + 4 + fwd_data->length; else result->checksum.length = 24; result->checksum.data = malloc (result->checksum.length); - if (result->checksum.data == NULL) - return ENOMEM; + if (result->checksum.data == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } p = result->checksum.data; encode_om_uint32 (16, p); @@ -139,18 +147,21 @@ gssapi_krb5_create_8003_checksum ( memcpy(p, (unsigned char *) fwd_data->data, fwd_data->length); p += fwd_data->length; - - if (p - (u_char *)result->checksum.data != result->checksum.length) - abort(); } - - return 0; + + return GSS_S_COMPLETE; } -krb5_error_code +/* + * verify the checksum in `cksum' over `input_chan_bindings' + * returning `flags' and `fwd_data' + */ + +OM_uint32 gssapi_krb5_verify_8003_checksum( + OM_uint32 *minor_status, const gss_channel_bindings_t input_chan_bindings, - Checksum *cksum, + const Checksum *cksum, OM_uint32 *flags, krb5_data *fwd_data) { @@ -160,21 +171,29 @@ gssapi_krb5_verify_8003_checksum( int DlgOpt; /* XXX should handle checksums > 24 bytes */ - if(cksum->cksumtype != 0x8003) + if(cksum->cksumtype != 0x8003) { + *minor_status = 0; return GSS_S_BAD_BINDINGS; + } p = cksum->checksum.data; decode_om_uint32(p, &length); - if(length != sizeof(hash)) - return GSS_S_FAILURE; + if(length != sizeof(hash)) { + *minor_status = 0; + return GSS_S_BAD_BINDINGS; + } p += 4; if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS) { - if(hash_input_chan_bindings(input_chan_bindings, hash) != 0) - return GSS_S_FAILURE; - if(memcmp(hash, p, sizeof(hash)) != 0) - return GSS_S_FAILURE; + if(hash_input_chan_bindings(input_chan_bindings, hash) != 0) { + *minor_status = 0; + return GSS_S_BAD_BINDINGS; + } + if(memcmp(hash, p, sizeof(hash)) != 0) { + *minor_status = 0; + return GSS_S_BAD_BINDINGS; + } } p += sizeof(hash); @@ -186,18 +205,22 @@ gssapi_krb5_verify_8003_checksum( p += 4; DlgOpt = (p[0] << 0) | (p[1] << 8 ); - if (DlgOpt != 1) - return GSS_S_BAD_BINDINGS; + if (DlgOpt != 1) { + *minor_status = 0; + return GSS_S_BAD_BINDINGS; + } p += 2; fwd_data->length = (p[0] << 0) | (p[1] << 8); fwd_data->data = malloc(fwd_data->length); - if (fwd_data->data == NULL) - return ENOMEM; + if (fwd_data->data == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } p += 2; memcpy(fwd_data->data, p, fwd_data->length); } - return 0; + return GSS_S_COMPLETE; } diff --git a/crypto/heimdal/lib/gssapi/ChangeLog b/crypto/heimdal/lib/gssapi/ChangeLog index 99ab2710881b..85e864c09997 100644 --- a/crypto/heimdal/lib/gssapi/ChangeLog +++ b/crypto/heimdal/lib/gssapi/ChangeLog @@ -1,3 +1,75 @@ +2001-10-31 Jacques Vidrine <n@nectar.com> + + * get_mic.c (mic_des3): MIC computation using DES3/SHA1 + was bogusly appending the message buffer to the result, + overwriting a heap buffer in the process. + +2001-08-29 Assar Westerlund <assar@sics.se> + + * 8003.c (gssapi_krb5_verify_8003_checksum, + gssapi_krb5_create_8003_checksum): make more consistent by always + returning an gssapi error and setting minor status. update + callers + +2001-08-28 Jacques Vidrine <n@nectar.com> + + * accept_sec_context.c: Create a cache for delegated credentials + when needed. + +2001-08-28 Assar Westerlund <assar@sics.se> + + * Makefile.am (libgssapi_la_LDFLAGS): set version to 3:4:2 + +2001-08-23 Assar Westerlund <assar@sics.se> + + * *.c: handle minor_status more consistently + + * display_status.c (gss_display_status): handle krb5_get_err_text + failing + +2001-08-15 Johan Danielsson <joda@pdc.kth.se> + + * gssapi_locl.h: fix prototype for gssapi_krb5_init + +2001-08-13 Johan Danielsson <joda@pdc.kth.se> + + * accept_sec_context.c (gsskrb5_register_acceptor_identity): init + context and check return value from kt_resolve + + * init.c: return error code + +2001-07-19 Assar Westerlund <assar@sics.se> + + * Makefile.am (libgssapi_la_LDFLAGS): update to 3:3:2 + +2001-07-12 Assar Westerlund <assar@sics.se> + + * Makefile.am (libgssapi_la_LIBADD): add required library + dependencies + +2001-07-06 Assar Westerlund <assar@sics.se> + + * accept_sec_context.c (gsskrb5_register_acceptor_identity): set + the keytab to be used for gss_acquire_cred too' + +2001-07-03 Assar Westerlund <assar@sics.se> + + * Makefile.am (libgssapi_la_LDFLAGS): set version to 3:2:2 + +2001-06-18 Assar Westerlund <assar@sics.se> + + * wrap.c: replace gss_krb5_getsomekey with gss_krb5_get_localkey + and gss_krb5_get_remotekey + * verify_mic.c: update krb5_auth_con function names use + gss_krb5_get_remotekey + * unwrap.c: replace gss_krb5_getsomekey with gss_krb5_get_localkey + and gss_krb5_get_remotekey + * gssapi_locl.h (gss_krb5_get_remotekey, gss_krb5_get_localkey): + add prototypes + * get_mic.c: update krb5_auth_con function names. use + gss_krb5_get_localkey + * accept_sec_context.c: update krb5_auth_con function names + 2001-05-17 Assar Westerlund <assar@sics.se> * Makefile.am: bump version to 3:1:2 diff --git a/crypto/heimdal/lib/gssapi/Makefile.am b/crypto/heimdal/lib/gssapi/Makefile.am index 313204096f64..a7d4bec0a88c 100644 --- a/crypto/heimdal/lib/gssapi/Makefile.am +++ b/crypto/heimdal/lib/gssapi/Makefile.am @@ -1,11 +1,12 @@ -# $Id: Makefile.am,v 1.31 2001/05/16 23:52:27 assar Exp $ +# $Id: Makefile.am,v 1.36 2001/08/28 11:21:17 joda Exp $ include $(top_srcdir)/Makefile.am.common -INCLUDES += -I$(srcdir)/../krb5 $(INCLUDE_krb4) +INCLUDES += -I$(srcdir)/../krb5 $(INCLUDE_des) $(INCLUDE_krb4) lib_LTLIBRARIES = libgssapi.la -libgssapi_la_LDFLAGS = -version-info 3:1:2 +libgssapi_la_LDFLAGS = -version-info 3:4:2 +libgssapi_la_LIBADD = ../krb5/libkrb5.la $(LIB_des) ../asn1/libasn1.la ../roken/libroken.la include_HEADERS = gssapi.h diff --git a/crypto/heimdal/lib/gssapi/Makefile.in b/crypto/heimdal/lib/gssapi/Makefile.in index a71a183bc69a..5bdca2a96cba 100644 --- a/crypto/heimdal/lib/gssapi/Makefile.in +++ b/crypto/heimdal/lib/gssapi/Makefile.in @@ -1,6 +1,6 @@ -# Makefile.in generated automatically by automake 1.4b from Makefile.am +# Makefile.in generated automatically by automake 1.5 from Makefile.am. -# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000 +# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 # Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -11,6 +11,16 @@ # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. +@SET_MAKE@ + +# $Id: Makefile.am,v 1.36 2001/08/28 11:21:17 joda Exp $ + + +# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $ + + +# $Id: Makefile.am.common,v 1.31 2001/09/01 11:12:18 assar Exp $ + SHELL = @SHELL@ srcdir = @srcdir@ @@ -31,11 +41,9 @@ infodir = @infodir@ mandir = @mandir@ includedir = @includedir@ oldincludedir = /usr/include - pkgdatadir = $(datadir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ - top_builddir = ../.. ACLOCAL = @ACLOCAL@ @@ -47,21 +55,17 @@ INSTALL = @INSTALL@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ -INSTALL_STRIP_FLAG = +INSTALL_HEADER = $(INSTALL_DATA) transform = @program_transform_name@ - NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : - -@SET_MAKE@ host_alias = @host_alias@ host_triplet = @host@ AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ -AMDEP = @AMDEP@ AMTAR = @AMTAR@ AS = @AS@ AWK = @AWK@ @@ -69,11 +73,11 @@ CANONICAL_HOST = @CANONICAL_HOST@ CATMAN = @CATMAN@ CATMANEXT = @CATMANEXT@ CC = @CC@ +COMPILE_ET = @COMPILE_ET@ CPP = @CPP@ -CXX = @CXX@ -CXXCPP = @CXXCPP@ DBLIB = @DBLIB@ DEPDIR = @DEPDIR@ +DIR_com_err = @DIR_com_err@ DIR_des = @DIR_des@ DIR_roken = @DIR_roken@ DLLTOOL = @DLLTOOL@ @@ -82,20 +86,27 @@ EXTRA_LIB45 = @EXTRA_LIB45@ GROFF = @GROFF@ INCLUDES_roken = @INCLUDES_roken@ INCLUDE_ = @INCLUDE_@ +INCLUDE_des = @INCLUDE_des@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LEX = @LEX@ LIBOBJS = @LIBOBJS@ LIBTOOL = @LIBTOOL@ LIB_ = @LIB_@ LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@ +LIB_NDBM = @LIB_NDBM@ +LIB_com_err = @LIB_com_err@ +LIB_com_err_a = @LIB_com_err_a@ +LIB_com_err_so = @LIB_com_err_so@ LIB_des = @LIB_des@ +LIB_des_a = @LIB_des_a@ LIB_des_appl = @LIB_des_appl@ +LIB_des_so = @LIB_des_so@ LIB_kdb = @LIB_kdb@ LIB_otp = @LIB_otp@ LIB_roken = @LIB_roken@ LIB_security = @LIB_security@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ -MAKEINFO = @MAKEINFO@ NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ NROFF = @NROFF@ @@ -103,38 +114,32 @@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ PACKAGE = @PACKAGE@ RANLIB = @RANLIB@ -STRIP = @STRIP@ VERSION = @VERSION@ VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ WFLAGS = @WFLAGS@ WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ +X_CFLAGS = @X_CFLAGS@ +X_EXTRA_LIBS = @X_EXTRA_LIBS@ +X_LIBS = @X_LIBS@ +X_PRE_LIBS = @X_PRE_LIBS@ YACC = @YACC@ +am__include = @am__include@ +am__quote = @am__quote@ dpagaix_CFLAGS = @dpagaix_CFLAGS@ dpagaix_LDADD = @dpagaix_LDADD@ install_sh = @install_sh@ -# $Id: Makefile.am,v 1.31 2001/05/16 23:52:27 assar Exp $ - - -# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $ - - -# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $ - - -AUTOMAKE_OPTIONS = foreign no-dependencies +AUTOMAKE_OPTIONS = foreign no-dependencies 1.4b SUFFIXES = .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x -INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) -I$(srcdir)/../krb5 $(INCLUDE_krb4) +INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) -I$(srcdir)/../krb5 $(INCLUDE_des) $(INCLUDE_krb4) -AM_CFLAGS = $(WFLAGS) +AM_CFLAGS = $(WFLAGS) CP = cp -COMPILE_ET = $(top_builddir)/lib/com_err/compile_et - buildinclude = $(top_builddir)/include LIB_XauReadAuth = @LIB_XauReadAuth@ @@ -152,8 +157,8 @@ LIB_getsockopt = @LIB_getsockopt@ LIB_logout = @LIB_logout@ LIB_logwtmp = @LIB_logwtmp@ LIB_odm_initialize = @LIB_odm_initialize@ +LIB_openpty = @LIB_openpty@ LIB_pidfile = @LIB_pidfile@ -LIB_readline = @LIB_readline@ LIB_res_search = @LIB_res_search@ LIB_setpcred = @LIB_setpcred@ LIB_setsockopt = @LIB_setsockopt@ @@ -175,23 +180,26 @@ INCLUDE_openldap = @INCLUDE_openldap@ LIB_openldap = @LIB_openldap@ INCLUDE_readline = @INCLUDE_readline@ +LIB_readline = @LIB_readline@ LEXLIB = @LEXLIB@ NROFF_MAN = groff -mandoc -Tascii -@KRB4_TRUE@LIB_kafs = @KRB4_TRUE@$(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) +@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) -@KRB5_TRUE@LIB_krb5 = @KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \ +@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \ @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la -@KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la -@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la +@KRB5_TRUE@LIB_gssapi = $(top_builddir)/lib/gssapi/libgssapi.la + +@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la CHECK_LOCAL = $(PROGRAMS) lib_LTLIBRARIES = libgssapi.la -libgssapi_la_LDFLAGS = -version-info 3:1:2 +libgssapi_la_LDFLAGS = -version-info 3:4:2 +libgssapi_la_LIBADD = ../krb5/libkrb5.la $(LIB_des) ../asn1/libasn1.la ../roken/libroken.la include_HEADERS = gssapi.h @@ -237,123 +245,109 @@ libgssapi_la_SOURCES = \ subdir = lib/gssapi mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs -CONFIG_HEADER = ../../include/config.h -CONFIG_CLEAN_FILES = -LTLIBRARIES = $(lib_LTLIBRARIES) - - -DEFS = @DEFS@ -I. -I$(srcdir) -I../../include +CONFIG_HEADER = $(top_builddir)/include/config.h +CONFIG_CLEAN_FILES = +LTLIBRARIES = $(lib_LTLIBRARIES) + +libgssapi_la_DEPENDENCIES = ../krb5/libkrb5.la ../asn1/libasn1.la \ + ../roken/libroken.la +am_libgssapi_la_OBJECTS = 8003.lo accept_sec_context.lo acquire_cred.lo \ + add_oid_set_member.lo canonicalize_name.lo compare_name.lo \ + context_time.lo copy_ccache.lo create_emtpy_oid_set.lo \ + decapsulate.lo delete_sec_context.lo display_name.lo \ + display_status.lo duplicate_name.lo encapsulate.lo \ + export_sec_context.lo export_name.lo external.lo get_mic.lo \ + import_name.lo import_sec_context.lo indicate_mechs.lo init.lo \ + init_sec_context.lo inquire_context.lo inquire_cred.lo \ + release_buffer.lo release_cred.lo release_name.lo \ + release_oid_set.lo test_oid_set_member.lo unwrap.lo v1.lo \ + verify_mic.lo wrap.lo address_to_krb5addr.lo +libgssapi_la_OBJECTS = $(am_libgssapi_la_OBJECTS) + +DEFS = @DEFS@ +DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include CPPFLAGS = @CPPFLAGS@ LDFLAGS = @LDFLAGS@ -X_CFLAGS = @X_CFLAGS@ -X_LIBS = @X_LIBS@ -X_EXTRA_LIBS = @X_EXTRA_LIBS@ -X_PRE_LIBS = @X_PRE_LIBS@ -libgssapi_la_LIBADD = -am_libgssapi_la_OBJECTS = 8003.lo accept_sec_context.lo acquire_cred.lo \ -add_oid_set_member.lo canonicalize_name.lo compare_name.lo \ -context_time.lo copy_ccache.lo create_emtpy_oid_set.lo decapsulate.lo \ -delete_sec_context.lo display_name.lo display_status.lo \ -duplicate_name.lo encapsulate.lo export_sec_context.lo export_name.lo \ -external.lo get_mic.lo import_name.lo import_sec_context.lo \ -indicate_mechs.lo init.lo init_sec_context.lo inquire_context.lo \ -inquire_cred.lo release_buffer.lo release_cred.lo release_name.lo \ -release_oid_set.lo test_oid_set_member.lo unwrap.lo v1.lo verify_mic.lo \ -wrap.lo address_to_krb5addr.lo -libgssapi_la_OBJECTS = $(am_libgssapi_la_OBJECTS) -COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -CFLAGS = @CFLAGS@ +depcomp = +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) \ + $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) -LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ -DIST_SOURCES = $(libgssapi_la_SOURCES) -HEADERS = $(include_HEADERS) - -depcomp = -DIST_COMMON = $(include_HEADERS) ChangeLog Makefile.am Makefile.in - - -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +CFLAGS = @CFLAGS@ +DIST_SOURCES = $(libgssapi_la_SOURCES) +HEADERS = $(include_HEADERS) -GZIP_ENV = --best +DIST_COMMON = $(include_HEADERS) ChangeLog Makefile.am Makefile.in SOURCES = $(libgssapi_la_SOURCES) -OBJECTS = $(am_libgssapi_la_OBJECTS) -all: all-redirect +all: all-am + .SUFFIXES: .SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj -$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common - cd $(top_srcdir) && $(AUTOMAKE) --foreign lib/gssapi/Makefile - -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - cd $(top_builddir) \ - && CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= $(SHELL) ./config.status - - -mostlyclean-libLTLIBRARIES: -clean-libLTLIBRARIES: - -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) - -distclean-libLTLIBRARIES: +mostlyclean-libtool: + -rm -f *.lo -maintainer-clean-libLTLIBRARIES: +clean-libtool: + -rm -rf .libs _libs +distclean-libtool: + -rm -f libtool +$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4) + cd $(top_srcdir) && \ + $(AUTOMAKE) --foreign lib/gssapi/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + cd $(top_builddir) && \ + CONFIG_HEADERS= CONFIG_LINKS= \ + CONFIG_FILES=$(subdir)/$@ $(SHELL) ./config.status install-libLTLIBRARIES: $(lib_LTLIBRARIES) @$(NORMAL_INSTALL) $(mkinstalldirs) $(DESTDIR)$(libdir) @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ if test -f $$p; then \ - echo " $(LIBTOOL) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$p"; \ - $(LIBTOOL) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$p; \ + echo " $(LIBTOOL) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$p"; \ + $(LIBTOOL) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libdir)/$$p; \ else :; fi; \ done uninstall-libLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ - echo " $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p"; \ - $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p; \ + echo " $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p"; \ + $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$$p; \ done -mostlyclean-compile: - -rm -f *.o core *.core - -rm -f *.$(OBJEXT) +clean-libLTLIBRARIES: + -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) +libgssapi.la: $(libgssapi_la_OBJECTS) $(libgssapi_la_DEPENDENCIES) + $(LINK) -rpath $(libdir) $(libgssapi_la_LDFLAGS) $(libgssapi_la_OBJECTS) $(libgssapi_la_LIBADD) $(LIBS) -clean-compile: +mostlyclean-compile: + -rm -f *.$(OBJEXT) core *.core distclean-compile: -rm -f *.tab.c -maintainer-clean-compile: - -mostlyclean-libtool: - -rm -f *.lo - -clean-libtool: - -rm -rf .libs _libs - -distclean-libtool: - -maintainer-clean-libtool: - -libgssapi.la: $(libgssapi_la_OBJECTS) $(libgssapi_la_DEPENDENCIES) - $(LINK) -rpath $(libdir) $(libgssapi_la_LDFLAGS) $(libgssapi_la_OBJECTS) $(libgssapi_la_LIBADD) $(LIBS) .c.o: - $(COMPILE) -c $< + $(COMPILE) -c `test -f $< || echo '$(srcdir)/'`$< + .c.obj: $(COMPILE) -c `cygpath -w $<` -.c.lo: - $(LTCOMPILE) -c -o $@ $< +.c.lo: + $(LTCOMPILE) -c -o $@ `test -f $< || echo '$(srcdir)/'`$< +uninstall-info-am: install-includeHEADERS: $(include_HEADERS) @$(NORMAL_INSTALL) $(mkinstalldirs) $(DESTDIR)$(includedir) @list='$(include_HEADERS)'; for p in $$list; do \ - if test -f "$$p"; then d= ; else d="$(srcdir)/"; fi; \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ f="`echo $$p | sed -e 's|^.*/||'`"; \ - echo " $(INSTALL_DATA) $$d$$p $(DESTDIR)$(includedir)/$$f"; \ - $(INSTALL_DATA) $$d$$p $(DESTDIR)$(includedir)/$$f; \ + echo " $(INSTALL_HEADER) $$d$$p $(DESTDIR)$(includedir)/$$f"; \ + $(INSTALL_HEADER) $$d$$p $(DESTDIR)$(includedir)/$$f; \ done uninstall-includeHEADERS: @@ -391,22 +385,23 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ GTAGS: here=`CDPATH=: && cd $(top_builddir) && pwd` \ && cd $(top_srcdir) \ - && gtags -i $$here - -mostlyclean-tags: - -clean-tags: + && gtags -i $(GTAGS_ARGS) $$here distclean-tags: - -rm -f TAGS ID + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH -maintainer-clean-tags: +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -distdir = $(top_builddir)/$(PACKAGE)-$(VERSION)/$(subdir) +top_distdir = ../.. +distdir = $(top_distdir)/$(PACKAGE)-$(VERSION) distdir: $(DISTFILES) @for file in $(DISTFILES); do \ - d=$(srcdir); \ + if test -f $$file; then d=.; else d=$(srcdir); fi; \ + dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test "$$dir" != "$$file" && test "$$dir" != "."; then \ + $(mkinstalldirs) "$(distdir)/$$dir"; \ + fi; \ if test -d $$d/$$file; then \ cp -pR $$d/$$file $(distdir) \ || exit 1; \ @@ -416,87 +411,94 @@ distdir: $(DISTFILES) || exit 1; \ fi; \ done - $(MAKE) $(AM_MAKEFLAGS) top_distdir="$(top_distdir)" distdir="$(distdir)" dist-hook -info-am: -info: info-am -dvi-am: -dvi: dvi-am + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="${top_distdir}" distdir="$(distdir)" \ + dist-hook check-am: all-am $(MAKE) $(AM_MAKEFLAGS) check-local check: check-am -installcheck-am: -installcheck: installcheck-am -install-exec-am: install-libLTLIBRARIES - @$(NORMAL_INSTALL) - $(MAKE) $(AM_MAKEFLAGS) install-exec-hook -install-exec: install-exec-am +all-am: Makefile $(LTLIBRARIES) $(HEADERS) all-local -install-data-am: install-includeHEADERS install-data-local -install-data: install-data-am +installdirs: + $(mkinstalldirs) $(DESTDIR)$(libdir) $(DESTDIR)$(includedir) -install-am: all-am - @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am install: install-am -uninstall-am: uninstall-libLTLIBRARIES uninstall-includeHEADERS +install-exec: install-exec-am +install-data: install-data-am uninstall: uninstall-am -all-am: Makefile $(LTLIBRARIES) $(HEADERS) all-local -all-redirect: all-am -install-strip: - $(MAKE) $(AM_MAKEFLAGS) INSTALL_STRIP_FLAG=-s install -installdirs: - $(mkinstalldirs) $(DESTDIR)$(libdir) $(DESTDIR)$(includedir) +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: distclean-generic: - -rm -f Makefile $(CONFIG_CLEAN_FILES) - -rm -f config.cache config.log stamp-h stamp-h[0-9]* + -rm -f Makefile $(CONFIG_CLEAN_FILES) stamp-h stamp-h[0-9]* maintainer-clean-generic: - -rm -f Makefile.in -mostlyclean-am: mostlyclean-libLTLIBRARIES mostlyclean-compile \ - mostlyclean-libtool mostlyclean-tags \ - mostlyclean-generic + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am -mostlyclean: mostlyclean-am +clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ + mostlyclean-am + +distclean: distclean-am -clean-am: clean-libLTLIBRARIES clean-compile clean-libtool clean-tags \ - clean-generic mostlyclean-am +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-libtool distclean-tags -clean: clean-am +dvi: dvi-am -distclean-am: distclean-libLTLIBRARIES distclean-compile \ - distclean-libtool distclean-tags distclean-generic \ - clean-am - -rm -f libtool +dvi-am: -distclean: distclean-am +info: info-am -maintainer-clean-am: maintainer-clean-libLTLIBRARIES \ - maintainer-clean-compile maintainer-clean-libtool \ - maintainer-clean-tags maintainer-clean-generic \ - distclean-am - @echo "This command is intended for maintainers to use;" - @echo "it deletes files that may require special tools to rebuild." +info-am: + +install-data-am: install-data-local install-includeHEADERS + +install-exec-am: install-libLTLIBRARIES + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-exec-hook + +install-info: install-info-am + +install-man: + +installcheck-am: maintainer-clean: maintainer-clean-am -.PHONY: mostlyclean-libLTLIBRARIES distclean-libLTLIBRARIES \ -clean-libLTLIBRARIES maintainer-clean-libLTLIBRARIES \ -uninstall-libLTLIBRARIES install-libLTLIBRARIES mostlyclean-compile \ -distclean-compile clean-compile maintainer-clean-compile \ -mostlyclean-libtool distclean-libtool clean-libtool \ -maintainer-clean-libtool uninstall-includeHEADERS \ -install-includeHEADERS tags mostlyclean-tags distclean-tags clean-tags \ -maintainer-clean-tags distdir info-am info dvi-am dvi check-local check \ -check-am installcheck-am installcheck install-exec-am install-exec \ -install-data-local install-data-am install-data install-am install \ -uninstall-am uninstall all-local all-redirect all-am all install-strip \ -installdirs mostlyclean-generic distclean-generic clean-generic \ -maintainer-clean-generic clean mostlyclean distclean maintainer-clean +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +uninstall-am: uninstall-includeHEADERS uninstall-info-am \ + uninstall-libLTLIBRARIES + +.PHONY: GTAGS all all-am all-local check check-am check-local clean \ + clean-generic clean-libLTLIBRARIES clean-libtool distclean \ + distclean-compile distclean-generic distclean-libtool \ + distclean-tags distdir dvi dvi-am info info-am install \ + install-am install-data install-data-am install-data-local \ + install-exec install-exec-am install-includeHEADERS \ + install-info install-info-am install-libLTLIBRARIES install-man \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + tags uninstall uninstall-am uninstall-includeHEADERS \ + uninstall-info-am uninstall-libLTLIBRARIES install-suid-programs: @@ -626,7 +628,6 @@ check-local:: echo "$$dashes"; \ test "$$failed" -eq 0; \ fi - # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/lib/gssapi/accept_sec_context.c b/crypto/heimdal/lib/gssapi/accept_sec_context.c index 4cb242731913..23eb769ff01a 100644 --- a/crypto/heimdal/lib/gssapi/accept_sec_context.c +++ b/crypto/heimdal/lib/gssapi/accept_sec_context.c @@ -33,23 +33,31 @@ #include "gssapi_locl.h" -RCSID("$Id: accept_sec_context.c,v 1.24 2001/05/11 09:16:45 assar Exp $"); +RCSID("$Id: accept_sec_context.c,v 1.30 2001/08/29 02:21:09 assar Exp $"); -static krb5_keytab gss_keytab; +krb5_keytab gssapi_krb5_keytab; OM_uint32 gsskrb5_register_acceptor_identity (char *identity) { + krb5_error_code ret; char *p; - if(gss_keytab != NULL) { - krb5_kt_close(gssapi_krb5_context, gss_keytab); - gss_keytab = NULL; + + ret = gssapi_krb5_init(); + if(ret) + return GSS_S_FAILURE; + + if(gssapi_krb5_keytab != NULL) { + krb5_kt_close(gssapi_krb5_context, gssapi_krb5_keytab); + gssapi_krb5_keytab = NULL; } asprintf(&p, "FILE:%s", identity); if(p == NULL) return GSS_S_FAILURE; - krb5_kt_resolve(gssapi_krb5_context, p, &gss_keytab); + ret = krb5_kt_resolve(gssapi_krb5_context, p, &gssapi_krb5_keytab); free(p); + if(ret) + return GSS_S_FAILURE; return GSS_S_COMPLETE; } @@ -78,6 +86,7 @@ gss_accept_sec_context krb5_data fwd_data; OM_uint32 minor; + ret = 0; gssapi_krb5_init (); krb5_data_zero (&fwd_data); @@ -136,9 +145,9 @@ gss_accept_sec_context (*context_handle)->auth_context->local_port, &acceptor_addr); if (kret) { - *minor_status = kret; gssapi_krb5_set_error_string (); ret = GSS_S_BAD_BINDINGS; + *minor_status = kret; goto failure; } @@ -148,9 +157,9 @@ gss_accept_sec_context &initiator_addr); if (kret) { krb5_free_address (gssapi_krb5_context, &acceptor_addr); - *minor_status = kret; gssapi_krb5_set_error_string (); ret = GSS_S_BAD_BINDINGS; + *minor_status = kret; goto failure; } @@ -169,9 +178,9 @@ gss_accept_sec_context #endif if (kret) { - *minor_status = kret; gssapi_krb5_set_error_string (); ret = GSS_S_BAD_BINDINGS; + *minor_status = kret; goto failure; } } @@ -190,17 +199,16 @@ gss_accept_sec_context tmp); } - ret = gssapi_krb5_decapsulate (input_token_buffer, + ret = gssapi_krb5_decapsulate (minor_status, + input_token_buffer, &indata, "\x01\x00"); - if (ret) { - kret = 0; - goto failure; - } + if (ret) + goto failure; if (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) { - if (gss_keytab != NULL) { - keytab = gss_keytab; + if (gssapi_krb5_keytab != NULL) { + keytab = gssapi_krb5_keytab; } } else if (acceptor_cred_handle->keytab != NULL) { keytab = acceptor_cred_handle->keytab; @@ -256,7 +264,7 @@ gss_accept_sec_context { krb5_authenticator authenticator; - kret = krb5_auth_getauthenticator(gssapi_krb5_context, + kret = krb5_auth_con_getauthenticator(gssapi_krb5_context, (*context_handle)->auth_context, &authenticator); if(kret) { @@ -266,35 +274,59 @@ gss_accept_sec_context goto failure; } - kret = gssapi_krb5_verify_8003_checksum(input_chan_bindings, - authenticator->cksum, - &flags, - &fwd_data); + ret = gssapi_krb5_verify_8003_checksum(minor_status, + input_chan_bindings, + authenticator->cksum, + &flags, + &fwd_data); krb5_free_authenticator(gssapi_krb5_context, &authenticator); - if (kret) { - ret = GSS_S_FAILURE; - *minor_status = kret; - gssapi_krb5_set_error_string (); - goto failure; - } + if (ret) + goto failure; } if (fwd_data.length > 0 && (flags & GSS_C_DELEG_FLAG)) { krb5_ccache ccache; - if (delegated_cred_handle == NULL || *delegated_cred_handle == NULL) + if (delegated_cred_handle == NULL) /* XXX Create a new delegated_cred_handle? */ kret = krb5_cc_default (gssapi_krb5_context, &ccache); - - else { - if ((*delegated_cred_handle)->ccache == NULL) + else if (*delegated_cred_handle == NULL) { + if ((*delegated_cred_handle = + calloc(1, sizeof(**delegated_cred_handle))) == NULL) { + ret = GSS_S_FAILURE; + *minor_status = ENOMEM; + krb5_set_error_string(gssapi_krb5_context, "out of memory"); + gssapi_krb5_set_error_string(); + goto failure; + } + if ((ret = gss_duplicate_name(minor_status, ticket->client, + &(*delegated_cred_handle)->principal)) != 0) { + flags &= ~GSS_C_DELEG_FLAG; + free(*delegated_cred_handle); + *delegated_cred_handle = NULL; + goto end_fwd; + } + } + if (delegated_cred_handle != NULL && + (*delegated_cred_handle)->ccache == NULL) { kret = krb5_cc_gen_new (gssapi_krb5_context, &krb5_mcc_ops, &(*delegated_cred_handle)->ccache); ccache = (*delegated_cred_handle)->ccache; } - + if (delegated_cred_handle != NULL && + (*delegated_cred_handle)->mechanisms == NULL) { + ret = gss_create_empty_oid_set(minor_status, + &(*delegated_cred_handle)->mechanisms); + if (ret) + goto failure; + ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, + &(*delegated_cred_handle)->mechanisms); + if (ret) + goto failure; + } + if (kret) { flags &= ~GSS_C_DELEG_FLAG; goto end_fwd; @@ -347,14 +379,13 @@ end_fwd: gssapi_krb5_set_error_string (); goto failure; } - ret = gssapi_krb5_encapsulate (&outbuf, + ret = gssapi_krb5_encapsulate (minor_status, + &outbuf, output_token, "\x02\x00"); krb5_data_free (&outbuf); - if (ret) { - kret = 0; + if (ret) goto failure; - } } else { output_token->length = 0; } @@ -387,6 +418,5 @@ failure: *src_name = NULL; } *context_handle = GSS_C_NO_CONTEXT; - *minor_status = kret; - return GSS_S_FAILURE; + return ret; } diff --git a/crypto/heimdal/lib/gssapi/acquire_cred.c b/crypto/heimdal/lib/gssapi/acquire_cred.c index acc60a2fcf2a..0e6873ff2c11 100644 --- a/crypto/heimdal/lib/gssapi/acquire_cred.c +++ b/crypto/heimdal/lib/gssapi/acquire_cred.c @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: acquire_cred.c,v 1.6 2001/05/11 09:16:45 assar Exp $"); +RCSID("$Id: acquire_cred.c,v 1.7 2001/07/06 15:33:28 assar Exp $"); OM_uint32 gss_acquire_cred (OM_uint32 * minor_status, @@ -85,9 +85,23 @@ OM_uint32 gss_acquire_cred krb5_get_init_creds_opt opt; try_keytab: - kret = krb5_kt_default(gssapi_krb5_context, &handle->keytab); - if (kret != 0) - goto krb5_bad; + if (gssapi_krb5_keytab != NULL) { + char kt_name[256]; + + kret = krb5_kt_get_name(gssapi_krb5_context, + gssapi_krb5_keytab, + kt_name, sizeof(kt_name)); + if (kret) + goto krb5_bad; + kret = krb5_kt_resolve(gssapi_krb5_context, kt_name, + &handle->keytab); + if (kret) + goto krb5_bad; + } else { + kret = krb5_kt_default(gssapi_krb5_context, &handle->keytab); + if (kret != 0) + goto krb5_bad; + } krb5_get_init_creds_opt_init(&opt); memset(&cred, 0, sizeof(cred)); diff --git a/crypto/heimdal/lib/gssapi/decapsulate.c b/crypto/heimdal/lib/gssapi/decapsulate.c index b0a0f1ea513b..29c1f5bbf8ae 100644 --- a/crypto/heimdal/lib/gssapi/decapsulate.c +++ b/crypto/heimdal/lib/gssapi/decapsulate.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: decapsulate.c,v 1.6 2000/07/29 05:48:13 assar Exp $"); +RCSID("$Id: decapsulate.c,v 1.7 2001/08/23 04:35:54 assar Exp $"); OM_uint32 gssapi_krb5_verify_header(u_char **str, @@ -80,6 +80,7 @@ gssapi_krb5_verify_header(u_char **str, OM_uint32 gssapi_krb5_decapsulate( + OM_uint32 *minor_status, gss_buffer_t input_token_buffer, krb5_data *out_data, char *type @@ -92,8 +93,10 @@ gssapi_krb5_decapsulate( ret = gssapi_krb5_verify_header(&p, input_token_buffer->length, type); - if (ret) + if (ret) { + *minor_status = 0; return ret; + } out_data->length = input_token_buffer->length - (p - (u_char *)input_token_buffer->value); diff --git a/crypto/heimdal/lib/gssapi/display_status.c b/crypto/heimdal/lib/gssapi/display_status.c index 1fa05312d2f4..fc1451dd6691 100644 --- a/crypto/heimdal/lib/gssapi/display_status.c +++ b/crypto/heimdal/lib/gssapi/display_status.c @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: display_status.c,v 1.6 2001/05/11 09:16:46 assar Exp $"); +RCSID("$Id: display_status.c,v 1.7 2001/08/23 04:34:41 assar Exp $"); static char *krb5_error_string; @@ -129,21 +129,25 @@ OM_uint32 gss_display_status asprintf (&buf, "%s %s", calling_error(GSS_CALLING_ERROR(status_value)), routine_error(GSS_ROUTINE_ERROR(status_value))); - if (buf == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } } else if (status_type == GSS_C_MECH_CODE) { buf = gssapi_krb5_get_error_string (); - if (buf == NULL) - buf = strdup(krb5_get_err_text (gssapi_krb5_context, status_value)); if (buf == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; + const char *tmp = krb5_get_err_text (gssapi_krb5_context, + status_value); + if (tmp == NULL) + asprintf(&buf, "unknown mech error-code %u", + (unsigned)status_value); + else + buf = strdup(tmp); } } else return GSS_S_BAD_STATUS; + if (buf == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + *message_context = 0; status_string->length = strlen(buf); diff --git a/crypto/heimdal/lib/gssapi/encapsulate.c b/crypto/heimdal/lib/gssapi/encapsulate.c index 2732b23e090f..e7c67504e4e2 100644 --- a/crypto/heimdal/lib/gssapi/encapsulate.c +++ b/crypto/heimdal/lib/gssapi/encapsulate.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: encapsulate.c,v 1.5 2000/08/27 02:46:23 assar Exp $"); +RCSID("$Id: encapsulate.c,v 1.6 2001/08/23 04:35:54 assar Exp $"); void gssapi_krb5_encap_length (size_t data_len, @@ -78,6 +78,7 @@ gssapi_krb5_make_header (u_char *p, OM_uint32 gssapi_krb5_encapsulate( + OM_uint32 *minor_status, const krb5_data *in_data, gss_buffer_t output_token, u_char *type @@ -90,8 +91,10 @@ gssapi_krb5_encapsulate( output_token->length = outer_len; output_token->value = malloc (outer_len); - if (output_token->value == NULL) + if (output_token->value == NULL) { + *minor_status = ENOMEM; return GSS_S_FAILURE; + } p = gssapi_krb5_make_header (output_token->value, len, type); memcpy (p, in_data->data, in_data->length); diff --git a/crypto/heimdal/lib/gssapi/get_mic.c b/crypto/heimdal/lib/gssapi/get_mic.c index 751f56c39166..720a2ff9cdcd 100644 --- a/crypto/heimdal/lib/gssapi/get_mic.c +++ b/crypto/heimdal/lib/gssapi/get_mic.c @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: get_mic.c,v 1.17 2001/05/11 09:16:46 assar Exp $"); +RCSID("$Id: get_mic.c,v 1.19 2001/10/31 13:37:39 nectar Exp $"); static OM_uint32 mic_des @@ -91,7 +91,7 @@ mic_des memcpy (p - 8, hash, 8); /* SGN_CKSUM */ /* sequence number */ - krb5_auth_getlocalseqnumber (gssapi_krb5_context, + krb5_auth_con_getlocalseqnumber (gssapi_krb5_context, context_handle->auth_context, &seq_number); @@ -108,7 +108,7 @@ mic_des des_cbc_encrypt ((void *)p, (void *)p, 8, schedule, (des_cblock *)(p + 8), DES_ENCRYPT); - krb5_auth_setlocalseqnumber (gssapi_krb5_context, + krb5_auth_con_setlocalseqnumber (gssapi_krb5_context, context_handle->auth_context, ++seq_number); @@ -198,7 +198,7 @@ mic_des3 memcpy (p + 8, cksum.checksum.data, cksum.checksum.length); /* sequence number */ - krb5_auth_getlocalseqnumber (gssapi_krb5_context, + krb5_auth_con_getlocalseqnumber (gssapi_krb5_context, context_handle->auth_context, &seq_number); @@ -236,11 +236,7 @@ mic_des3 memcpy (p, encdata.data, encdata.length); krb5_data_free (&encdata); - p += 8 + cksum.checksum.length; - - memcpy (p, message_buffer->value, message_buffer->length); - - krb5_auth_setlocalseqnumber (gssapi_krb5_context, + krb5_auth_con_setlocalseqnumber (gssapi_krb5_context, context_handle->auth_context, ++seq_number); @@ -260,7 +256,7 @@ OM_uint32 gss_get_mic OM_uint32 ret; krb5_keytype keytype; - ret = gss_krb5_getsomekey(context_handle, &key); + ret = gss_krb5_get_localkey(context_handle, &key); if (ret) { gssapi_krb5_set_error_string (); *minor_status = ret; diff --git a/crypto/heimdal/lib/gssapi/gssapi_locl.h b/crypto/heimdal/lib/gssapi/gssapi_locl.h index e7450d4254cb..65bd2732f098 100644 --- a/crypto/heimdal/lib/gssapi/gssapi_locl.h +++ b/crypto/heimdal/lib/gssapi/gssapi_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: gssapi_locl.h,v 1.16 2001/05/11 09:16:46 assar Exp $ */ +/* $Id: gssapi_locl.h,v 1.21 2001/08/29 02:21:09 assar Exp $ */ #ifndef GSSAPI_LOCL_H #define GSSAPI_LOCL_H @@ -46,30 +46,36 @@ extern krb5_context gssapi_krb5_context; -void gssapi_krb5_init (void); +extern krb5_keytab gssapi_krb5_keytab; -krb5_error_code +krb5_error_code gssapi_krb5_init (void); + +OM_uint32 gssapi_krb5_create_8003_checksum ( + OM_uint32 *minor_status, const gss_channel_bindings_t input_chan_bindings, OM_uint32 flags, - krb5_data *fwd_data, + const krb5_data *fwd_data, Checksum *result); -krb5_error_code +OM_uint32 gssapi_krb5_verify_8003_checksum ( + OM_uint32 *minor_status, const gss_channel_bindings_t input_chan_bindings, - Checksum *cksum, + const Checksum *cksum, OM_uint32 *flags, krb5_data *fwd_data); OM_uint32 gssapi_krb5_encapsulate( + OM_uint32 *minor_status, const krb5_data *in_data, gss_buffer_t output_token, u_char *type); OM_uint32 gssapi_krb5_decapsulate( + OM_uint32 *minor_status, gss_buffer_t input_token_buffer, krb5_data *out_data, char *type); @@ -90,8 +96,12 @@ gssapi_krb5_verify_header(u_char **str, char *type); OM_uint32 -gss_krb5_getsomekey(const gss_ctx_id_t context_handle, - krb5_keyblock **key); +gss_krb5_get_remotekey(const gss_ctx_id_t context_handle, + krb5_keyblock **key); + +OM_uint32 +gss_krb5_get_localkey(const gss_ctx_id_t context_handle, + krb5_keyblock **key); krb5_error_code gss_address_to_krb5addr(OM_uint32 gss_addr_type, diff --git a/crypto/heimdal/lib/gssapi/init.c b/crypto/heimdal/lib/gssapi/init.c index 6b19c46e3c32..ddc0d7090a92 100644 --- a/crypto/heimdal/lib/gssapi/init.c +++ b/crypto/heimdal/lib/gssapi/init.c @@ -33,15 +33,12 @@ #include "gssapi_locl.h" -RCSID("$Id: init.c,v 1.5 2000/12/31 07:58:37 assar Exp $"); +RCSID("$Id: init.c,v 1.6 2001/08/13 13:14:07 joda Exp $"); -void +krb5_error_code gssapi_krb5_init (void) { - krb5_error_code ret; - - if(gssapi_krb5_context == NULL) { - ret = krb5_init_context (&gssapi_krb5_context); - /* and what do we do when that failed? */ - } + if(gssapi_krb5_context == NULL) + return krb5_init_context (&gssapi_krb5_context); + return 0; } diff --git a/crypto/heimdal/lib/gssapi/init_sec_context.c b/crypto/heimdal/lib/gssapi/init_sec_context.c index 392814399bb1..1be73e162d4a 100644 --- a/crypto/heimdal/lib/gssapi/init_sec_context.c +++ b/crypto/heimdal/lib/gssapi/init_sec_context.c @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: init_sec_context.c,v 1.27 2001/05/11 09:16:46 assar Exp $"); +RCSID("$Id: init_sec_context.c,v 1.29 2001/08/29 02:21:09 assar Exp $"); /* * copy the addresses from `input_chan_bindings' (if any) to @@ -344,17 +344,14 @@ init_auth (*context_handle)->flags = flags; (*context_handle)->more_flags = LOCAL; - kret = gssapi_krb5_create_8003_checksum (input_chan_bindings, - flags, - &fwd_data, - &cksum); + ret = gssapi_krb5_create_8003_checksum (minor_status, + input_chan_bindings, + flags, + &fwd_data, + &cksum); krb5_data_free (&fwd_data); - if (kret) { - gssapi_krb5_set_error_string (); - *minor_status = kret; - ret = GSS_S_FAILURE; + if (ret) goto failure; - } #if 1 enctype = (*context_handle)->auth_context->keyblock->keytype; @@ -400,11 +397,10 @@ init_auth goto failure; } - ret = gssapi_krb5_encapsulate (&outbuf, output_token, "\x01\x00"); - if (ret) { - *minor_status = kret; + ret = gssapi_krb5_encapsulate (minor_status, &outbuf, output_token, + "\x01\x00"); + if (ret) goto failure; - } krb5_data_free (&outbuf); @@ -452,12 +448,11 @@ repl_mutual krb5_data indata; krb5_ap_rep_enc_part *repl; - ret = gssapi_krb5_decapsulate (input_token, &indata, "\x02\x00"); - if (ret) { + ret = gssapi_krb5_decapsulate (minor_status, input_token, &indata, + "\x02\x00"); + if (ret) /* XXX - Handle AP_ERROR */ - *minor_status = 0; - return GSS_S_FAILURE; - } + return ret; kret = krb5_rd_rep (gssapi_krb5_context, (*context_handle)->auth_context, diff --git a/crypto/heimdal/lib/gssapi/unwrap.c b/crypto/heimdal/lib/gssapi/unwrap.c index 95f8e2154bc3..61de3462386d 100644 --- a/crypto/heimdal/lib/gssapi/unwrap.c +++ b/crypto/heimdal/lib/gssapi/unwrap.c @@ -33,21 +33,21 @@ #include "gssapi_locl.h" -RCSID("$Id: unwrap.c,v 1.17 2001/05/11 09:16:47 assar Exp $"); +RCSID("$Id: unwrap.c,v 1.19 2001/08/23 04:35:55 assar Exp $"); OM_uint32 -gss_krb5_getsomekey(const gss_ctx_id_t context_handle, - krb5_keyblock **key) +gss_krb5_get_remotekey(const gss_ctx_id_t context_handle, + krb5_keyblock **key) { - /* XXX this is ugly, and probably incorrect... */ krb5_keyblock *skey; - krb5_auth_con_getlocalsubkey(gssapi_krb5_context, - context_handle->auth_context, - &skey); + + krb5_auth_con_getremotesubkey(gssapi_krb5_context, + context_handle->auth_context, + &skey); if(skey == NULL) - krb5_auth_con_getremotesubkey(gssapi_krb5_context, - context_handle->auth_context, - &skey); + krb5_auth_con_getlocalsubkey(gssapi_krb5_context, + context_handle->auth_context, + &skey); if(skey == NULL) krb5_auth_con_getkey(gssapi_krb5_context, context_handle->auth_context, @@ -176,7 +176,7 @@ unwrap_des return GSS_S_BAD_MIC; } - krb5_auth_setremoteseqnumber (gssapi_krb5_context, + krb5_auth_con_setremoteseqnumber (gssapi_krb5_context, context_handle->auth_context, ++seq_number); @@ -222,8 +222,10 @@ unwrap_des3 ret = gssapi_krb5_verify_header (&p, input_message_buffer->length, "\x02\x01"); - if (ret) + if (ret) { + *minor_status = 0; return ret; + } if (memcmp (p, "\x04\x00", 2) != 0) /* HMAC SHA1 DES3_KD */ return GSS_S_BAD_SIG; @@ -327,7 +329,7 @@ unwrap_des3 return GSS_S_BAD_MIC; } - krb5_auth_setremoteseqnumber (gssapi_krb5_context, + krb5_auth_con_setremoteseqnumber (gssapi_krb5_context, context_handle->auth_context, ++seq_number); @@ -386,7 +388,7 @@ OM_uint32 gss_unwrap OM_uint32 ret; krb5_keytype keytype; - ret = gss_krb5_getsomekey(context_handle, &key); + ret = gss_krb5_get_remotekey(context_handle, &key); if (ret) { gssapi_krb5_set_error_string (); *minor_status = ret; diff --git a/crypto/heimdal/lib/gssapi/verify_mic.c b/crypto/heimdal/lib/gssapi/verify_mic.c index b39ae73a9778..e286d4a06819 100644 --- a/crypto/heimdal/lib/gssapi/verify_mic.c +++ b/crypto/heimdal/lib/gssapi/verify_mic.c @@ -33,7 +33,7 @@ #include "gssapi_locl.h" -RCSID("$Id: verify_mic.c,v 1.13 2001/05/11 09:16:47 assar Exp $"); +RCSID("$Id: verify_mic.c,v 1.15 2001/08/23 04:35:55 assar Exp $"); static OM_uint32 verify_mic_des @@ -58,8 +58,10 @@ verify_mic_des ret = gssapi_krb5_verify_header (&p, token_buffer->length, "\x01\x01"); - if (ret) + if (ret) { + *minor_status = 0; return ret; + } if (memcmp(p, "\x00\x00", 2) != 0) return GSS_S_BAD_SIG; @@ -113,7 +115,7 @@ verify_mic_des return GSS_S_BAD_MIC; } - krb5_auth_setremoteseqnumber (gssapi_krb5_context, + krb5_auth_con_setremoteseqnumber (gssapi_krb5_context, context_handle->auth_context, ++seq_number); @@ -144,8 +146,10 @@ verify_mic_des3 ret = gssapi_krb5_verify_header (&p, token_buffer->length, "\x01\x01"); - if (ret) + if (ret) { + *minor_status = 0; return ret; + } if (memcmp(p, "\x04\x00", 2) != 0) /* SGN_ALG = HMAC SHA1 DES3-KD */ return GSS_S_BAD_SIG; @@ -226,7 +230,7 @@ verify_mic_des3 return GSS_S_BAD_MIC; } - krb5_auth_setremoteseqnumber (gssapi_krb5_context, + krb5_auth_con_setremoteseqnumber (gssapi_krb5_context, context_handle->auth_context, ++seq_number); @@ -247,9 +251,7 @@ gss_verify_mic OM_uint32 ret; krb5_keytype keytype; - ret = krb5_auth_con_getremotesubkey (gssapi_krb5_context, - context_handle->auth_context, - &key); + ret = gss_krb5_get_remotekey(context_handle, &key); if (ret) { gssapi_krb5_set_error_string (); *minor_status = ret; diff --git a/crypto/heimdal/lib/gssapi/wrap.c b/crypto/heimdal/lib/gssapi/wrap.c index 3d282fd64c11..4e232c5caeca 100644 --- a/crypto/heimdal/lib/gssapi/wrap.c +++ b/crypto/heimdal/lib/gssapi/wrap.c @@ -33,7 +33,30 @@ #include "gssapi_locl.h" -RCSID("$Id: wrap.c,v 1.18 2001/05/11 09:16:47 assar Exp $"); +RCSID("$Id: wrap.c,v 1.19 2001/06/18 02:53:52 assar Exp $"); + +OM_uint32 +gss_krb5_get_localkey(const gss_ctx_id_t context_handle, + krb5_keyblock **key) +{ + krb5_keyblock *skey; + + krb5_auth_con_getlocalsubkey(gssapi_krb5_context, + context_handle->auth_context, + &skey); + if(skey == NULL) + krb5_auth_con_getremotesubkey(gssapi_krb5_context, + context_handle->auth_context, + &skey); + if(skey == NULL) + krb5_auth_con_getkey(gssapi_krb5_context, + context_handle->auth_context, + &skey); + if(skey == NULL) + return GSS_S_FAILURE; + *key = skey; + return 0; +} static OM_uint32 sub_wrap_size ( @@ -65,7 +88,7 @@ gss_wrap_size_limit ( OM_uint32 ret; krb5_keytype keytype; - ret = gss_krb5_getsomekey(context_handle, &key); + ret = gss_krb5_get_localkey(context_handle, &key); if (ret) { gssapi_krb5_set_error_string (); *minor_status = ret; @@ -162,7 +185,7 @@ wrap_des memcpy (p - 8, hash, 8); /* sequence number */ - krb5_auth_getlocalseqnumber (gssapi_krb5_context, + krb5_auth_con_getlocalseqnumber (gssapi_krb5_context, context_handle->auth_context, &seq_number); @@ -179,7 +202,7 @@ wrap_des des_cbc_encrypt ((void *)p, (void *)p, 8, schedule, (des_cblock *)(p + 8), DES_ENCRYPT); - krb5_auth_setlocalseqnumber (gssapi_krb5_context, + krb5_auth_con_setlocalseqnumber (gssapi_krb5_context, context_handle->auth_context, ++seq_number); @@ -294,7 +317,7 @@ wrap_des3 free_Checksum (&cksum); /* sequence number */ - krb5_auth_getlocalseqnumber (gssapi_krb5_context, + krb5_auth_con_getlocalseqnumber (gssapi_krb5_context, context_handle->auth_context, &seq_number); @@ -338,7 +361,7 @@ wrap_des3 memcpy (p, encdata.data, encdata.length); krb5_data_free (&encdata); - krb5_auth_setlocalseqnumber (gssapi_krb5_context, + krb5_auth_con_setlocalseqnumber (gssapi_krb5_context, context_handle->auth_context, ++seq_number); @@ -389,7 +412,7 @@ OM_uint32 gss_wrap OM_uint32 ret; krb5_keytype keytype; - ret = gss_krb5_getsomekey(context_handle, &key); + ret = gss_krb5_get_localkey(context_handle, &key); if (ret) { gssapi_krb5_set_error_string (); *minor_status = ret; |