d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Vendor import of Heimdal 0.2o

Browse Source
This commit is contained in:
Mark Murray 2000-02-24 11:19:29 +00:00
parent 13e3f4d6d9
commit 283d988c23
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/vendor-crypto/heimdal/dist/; revision=57419
svn path=/vendor-crypto/heimdal/0.2o/; revision=57421; tag=vendor/heimdal/0.2o
43 changed files with 12373 additions and 259 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
crypto/heimdal/ChangeLog
View File

@ -1,3 +1,43 @@
2000-02-14 Assar Westerlund <assar@sics.se>
* Release 0.2o
2000-02-13 Assar Westerlund <assar@sics.se>
* lib/krb5/Makefile.am: set version to 9:0:0
* kdc/kaserver.c (do_authenticate): return the kvno of the server
and not the client. Thanks to Brandon S. Allbery KF8NH
<allbery@kf8nh.apk.net> and Chaskiel M Grundman
<cg2v@andrew.cmu.edu> for debugging.
* kdc/kerberos4.c (do_version4): if an tgs-req is received with an
old kvno, return an error reply and write a message in the log.
2000-02-12 Assar Westerlund <assar@sics.se>
* appl/test/gssapi_server.c (proto): with `--fork', create a child
and send over/receive creds with export/import_sec_context
* appl/test/gssapi_client.c (proto): with `--fork', create a child
and send over/receive creds with export/import_sec_context
* appl/test/common.c: add `--fork' / `-f' (only used by gssapi)
2000-02-11 Assar Westerlund <assar@sics.se>
* kdc/kdc_locl.h: remove keyfile add explicit_addresses
* kdc/connect.c (init_sockets): pay attention to
explicit_addresses some more comments. better error messages.
* kdc/config.c: add some comments.
remove --key-file.
add --addresses.
* lib/krb5/context.c (krb5_set_extra_addresses): const-ize and use
proper abstraction
2000-02-07 Johan Danielsson <joda@pdc.kth.se>
* lib/krb5/changepw.c: use roken_getaddrinfo_hostspec
2000-02-07 Assar Westerlund <assar@sics.se>
* Release 0.2n

11
crypto/heimdal/NEWS
View File

@ -1,3 +1,14 @@
Changes in release 0.2o:
* gss_{import,export}_sec_context added to libgssapi
* new option --addresses to kdc (for listening on an explicit set of
addresses)
* bug fixes in the krb4 and kaserver emulation part of the kdc
* other bug fixes
Changes in release 0.2n:
* more robust parsing of dump files in kadmin

5
crypto/heimdal/appl/telnet/ChangeLog
View File

@ -1,3 +1,8 @@
2000-02-12 Assar Westerlund <assar@sics.se>
* telnet/commands.c (tn): only set tos for AF_INET. From
itojun@iijlab.net
2000-02-07 Assar Westerlund <assar@sics.se>
* libtelnet/kerberos.c (kerberos4_is): send a reject back to the

4
crypto/heimdal/appl/telnet/telnet/commands.c
View File

@ -33,7 +33,7 @@
#include "telnet_locl.h"
RCSID("$Id: commands.c,v 1.59 2000/01/08 08:04:16 assar Exp $");
RCSID("$Id: commands.c,v 1.60 2000/02/12 16:00:07 assar Exp $");
#if defined(IPPROTO_IP) && defined(IP_TOS)
int tos = -1;
@ -2201,7 +2201,7 @@ tn(int argc, char **argv)
perror("setsockopt (IP_OPTIONS)");
#endif
#if defined(IPPROTO_IP) && defined(IP_TOS)
{
if (a->ai_family == AF_INET) {
# if defined(HAVE_GETTOSBYNAME)
struct tosent *tp;
if (tos < 0 && (tp = gettosbyname("telnet", "tcp")))

6
crypto/heimdal/appl/test/common.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,16 +33,18 @@
#include "test_locl.h"
RCSID("$Id: common.c,v 1.9 1999/12/16 10:29:18 assar Exp $");
RCSID("$Id: common.c,v 1.10 2000/02/12 21:30:47 assar Exp $");
static int help_flag;
static int version_flag;
static char *port_str;
char *service = SERVICE;
int fork_flag;
static struct getargs args[] = {
{ "port", 'p', arg_string, &port_str, "port to listen to", "port" },
{ "service", 's', arg_string, &service, "service to use", "service" },
{ "fork", 'f', arg_flag, &fork_flag, "do fork" },
{ "help", 'h', arg_flag, &help_flag },
{ "version", 0, arg_flag, &version_flag }
};

6
crypto/heimdal/appl/test/gss_common.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -34,7 +34,7 @@
#include "test_locl.h"
#include <gssapi.h>
#include "gss_common.h"
RCSID("$Id: gss_common.c,v 1.6 1999/12/02 17:04:56 joda Exp $");
RCSID("$Id: gss_common.c,v 1.7 2000/02/12 21:31:38 assar Exp $");
void
write_token (int sock, gss_buffer_t buf)
@ -64,6 +64,8 @@ read_token (int sock, gss_buffer_t buf)
len = ntohl(net_len);
buf->length = len;
buf->value = malloc(len);
if (buf->value == NULL)
err (1, "malloc %u", len);
if (read (sock, buf->value, len) != len)
err (1, "read");
}

189
crypto/heimdal/appl/test/gssapi_client.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -34,82 +34,15 @@
#include "test_locl.h"
#include <gssapi.h>
#include "gss_common.h"
RCSID("$Id: gssapi_client.c,v 1.10 1999/12/04 18:15:50 assar Exp $");
RCSID("$Id: gssapi_client.c,v 1.12 2000/02/12 21:33:17 assar Exp $");
static int
proto (int sock, const char *hostname, const char *service)
do_trans (int sock, gss_ctx_id_t context_hdl)
{
struct sockaddr_in remote, local;
int addrlen;
int context_established = 0;
gss_ctx_id_t context_hdl = GSS_C_NO_CONTEXT;
gss_buffer_t input_token, output_token;
gss_buffer_desc real_input_token, real_output_token;
OM_uint32 maj_stat, min_stat;
gss_name_t server;
gss_buffer_desc name_token;
name_token.length = asprintf ((char **)&name_token.value,
"%s@%s", service, hostname);
maj_stat = gss_import_name (&min_stat,
&name_token,
GSS_C_NT_HOSTBASED_SERVICE,
&server);
if (GSS_ERROR(maj_stat))
gss_err (1, min_stat,
"Error importing name `%s@%s':\n", service, hostname);
addrlen = sizeof(local);
if (getsockname (sock, (struct sockaddr *)&local, &addrlen) < 0
|| addrlen != sizeof(local))
err (1, "getsockname(%s)", hostname);
addrlen = sizeof(remote);
if (getpeername (sock, (struct sockaddr *)&remote, &addrlen) < 0
|| addrlen != sizeof(remote))
err (1, "getpeername(%s)", hostname);
input_token = &real_input_token;
output_token = &real_output_token;
input_token->length = 0;
output_token->length = 0;
while(!context_established) {
maj_stat =
gss_init_sec_context(&min_stat,
GSS_C_NO_CREDENTIAL,
&context_hdl,
server,
GSS_C_NO_OID,
GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG,
0,
GSS_C_NO_CHANNEL_BINDINGS,
input_token,
NULL,
output_token,
NULL,
NULL);
if (GSS_ERROR(maj_stat))
gss_err (1, min_stat, "gss_init_sec_context");
if (output_token->length != 0)
write_token (sock, output_token);
if (GSS_ERROR(maj_stat)) {
if (context_hdl != GSS_C_NO_CONTEXT)
gss_delete_sec_context (&min_stat,
&context_hdl,
GSS_C_NO_BUFFER);
break;
}
if (maj_stat & GSS_S_CONTINUE_NEEDED) {
read_token (sock, input_token);
} else {
context_established = 1;
}
}
gss_buffer_desc real_input_token, real_output_token;
gss_buffer_t input_token = &real_input_token,
output_token = &real_output_token;
/* get_mic */
@ -148,6 +81,116 @@ proto (int sock, const char *hostname, const char *service)
return 0;
}
static int
proto (int sock, const char *hostname, const char *service)
{
struct sockaddr_in remote, local;
int addrlen;
int context_established = 0;
gss_ctx_id_t context_hdl = GSS_C_NO_CONTEXT;
gss_buffer_desc real_input_token, real_output_token;
gss_buffer_t input_token = &real_input_token,
output_token = &real_output_token;
OM_uint32 maj_stat, min_stat;
gss_name_t server;
gss_buffer_desc name_token;
name_token.length = asprintf ((char **)&name_token.value,
"%s@%s", service, hostname);
maj_stat = gss_import_name (&min_stat,
&name_token,
GSS_C_NT_HOSTBASED_SERVICE,
&server);
if (GSS_ERROR(maj_stat))
gss_err (1, min_stat,
"Error importing name `%s@%s':\n", service, hostname);
addrlen = sizeof(local);
if (getsockname (sock, (struct sockaddr *)&local, &addrlen) < 0
|| addrlen != sizeof(local))
err (1, "getsockname(%s)", hostname);
addrlen = sizeof(remote);
if (getpeername (sock, (struct sockaddr *)&remote, &addrlen) < 0
|| addrlen != sizeof(remote))
err (1, "getpeername(%s)", hostname);
input_token->length = 0;
output_token->length = 0;
while(!context_established) {
maj_stat =
gss_init_sec_context(&min_stat,
GSS_C_NO_CREDENTIAL,
&context_hdl,
server,
GSS_C_NO_OID,
GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG,
0,
GSS_C_NO_CHANNEL_BINDINGS,
input_token,
NULL,
output_token,
NULL,
NULL);
if (GSS_ERROR(maj_stat))
gss_err (1, min_stat, "gss_init_sec_context");
if (output_token->length != 0)
write_token (sock, output_token);
if (GSS_ERROR(maj_stat)) {
if (context_hdl != GSS_C_NO_CONTEXT)
gss_delete_sec_context (&min_stat,
&context_hdl,
GSS_C_NO_BUFFER);
break;
}
if (maj_stat & GSS_S_CONTINUE_NEEDED) {
read_token (sock, input_token);
} else {
context_established = 1;
}
}
if (fork_flag) {
pid_t pid;
int pipefd[2];
if (pipe (pipefd) < 0)
err (1, "pipe");
pid = fork ();
if (pid < 0)
err (1, "fork");
if (pid != 0) {
gss_buffer_desc buf;
maj_stat = gss_export_sec_context (&min_stat,
&context_hdl,
&buf);
if (GSS_ERROR(maj_stat))
gss_err (1, min_stat, "gss_export_sec_context");
write_token (pipefd[1], &buf);
exit (0);
} else {
gss_ctx_id_t context_hdl;
gss_buffer_desc buf;
close (pipefd[1]);
read_token (pipefd[0], &buf);
close (pipefd[0]);
maj_stat = gss_import_sec_context (&min_stat, &buf, &context_hdl);
if (GSS_ERROR(maj_stat))
gss_err (1, min_stat, "gss_import_sec_context");
gss_release_buffer (&min_stat, &buf);
return do_trans (sock, context_hdl);
}
} else {
return do_trans (sock, context_hdl);
}
}
int
main(int argc, char **argv)
{

147
crypto/heimdal/appl/test/gssapi_server.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -34,7 +34,72 @@
#include "test_locl.h"
#include <gssapi.h>
#include "gss_common.h"
RCSID("$Id: gssapi_server.c,v 1.10 1999/12/16 10:29:41 assar Exp $");
RCSID("$Id: gssapi_server.c,v 1.12 2000/02/12 21:34:11 assar Exp $");
static int
process_it(int sock,
gss_ctx_id_t context_hdl,
gss_name_t client_name
)
{
OM_uint32 maj_stat, min_stat;
gss_buffer_desc name_token;
gss_buffer_desc real_input_token, real_output_token;
gss_buffer_t input_token = &real_input_token,
output_token = &real_output_token;
maj_stat = gss_display_name (&min_stat,
client_name,
&name_token,
NULL);
if (GSS_ERROR(maj_stat))
gss_err (1, min_stat, "gss_display_name");
fprintf (stderr, "User is `%.*s'\n", (int)name_token.length,
(char *)name_token.value);
gss_release_buffer (&min_stat, &name_token);
/* gss_verify_mic */
read_token (sock, input_token);
read_token (sock, output_token);
maj_stat = gss_verify_mic (&min_stat,
context_hdl,
input_token,
output_token,
NULL);
if (GSS_ERROR(maj_stat))
gss_err (1, min_stat, "gss_verify_mic");
fprintf (stderr, "gss_verify_mic: %.*s\n", (int)input_token->length,
(char *)input_token->value);
gss_release_buffer (&min_stat, input_token);
gss_release_buffer (&min_stat, output_token);
/* gss_unwrap */
read_token (sock, input_token);
maj_stat = gss_unwrap (&min_stat,
context_hdl,
input_token,
output_token,
NULL,
NULL);
if(GSS_ERROR(maj_stat))
gss_err (1, min_stat, "gss_unwrap");
fprintf (stderr, "gss_unwrap: %.*s\n", (int)output_token->length,
(char *)output_token->value);
gss_release_buffer (&min_stat, input_token);
gss_release_buffer (&min_stat, output_token);
return 0;
}
static int
proto (int sock, const char *service)
@ -42,11 +107,11 @@ proto (int sock, const char *service)
struct sockaddr_in remote, local;
int addrlen;
gss_ctx_id_t context_hdl = GSS_C_NO_CONTEXT;
gss_buffer_t input_token, output_token;
gss_buffer_desc real_input_token, real_output_token;
gss_buffer_t input_token = &real_input_token,
output_token = &real_output_token;
OM_uint32 maj_stat, min_stat;
gss_name_t client_name;
gss_buffer_desc name_token;
addrlen = sizeof(local);
if (getsockname (sock, (struct sockaddr *)&local, &addrlen) < 0
@ -58,9 +123,6 @@ proto (int sock, const char *service)
|| addrlen != sizeof(remote))
err (1, "getpeername");
input_token = &real_input_token;
output_token = &real_output_token;
do {
read_token (sock, input_token);
maj_stat =
@ -88,49 +150,42 @@ proto (int sock, const char *service)
}
} while(maj_stat & GSS_S_CONTINUE_NEEDED);
maj_stat = gss_display_name (&min_stat,
client_name,
&name_token,
NULL);
if (GSS_ERROR(maj_stat))
gss_err (1, min_stat, "gss_display_name");
if (fork_flag) {
pid_t pid;
int pipefd[2];
fprintf (stderr, "User is `%.*s'\n", (int)name_token.length,
(char *)name_token.value);
if (pipe (pipefd) < 0)
err (1, "pipe");
/* gss_verify_mic */
pid = fork ();
if (pid < 0)
err (1, "fork");
if (pid != 0) {
gss_buffer_desc buf;
read_token (sock, input_token);
read_token (sock, output_token);
maj_stat = gss_export_sec_context (&min_stat,
&context_hdl,
&buf);
if (GSS_ERROR(maj_stat))
gss_err (1, min_stat, "gss_export_sec_context");
write_token (pipefd[1], &buf);
exit (0);
} else {
gss_ctx_id_t context_hdl;
gss_buffer_desc buf;
maj_stat = gss_verify_mic (&min_stat,
context_hdl,
input_token,
output_token,
NULL);
if (GSS_ERROR(maj_stat))
gss_err (1, min_stat, "gss_verify_mic");
fprintf (stderr, "gss_verify_mic: %.*s\n", (int)input_token->length,
(char *)input_token->value);
/* gss_unwrap */
read_token (sock, input_token);
maj_stat = gss_unwrap (&min_stat,
context_hdl,
input_token,
output_token,
NULL,
NULL);
if(GSS_ERROR(maj_stat))
gss_err (1, min_stat, "gss_unwrap");
fprintf (stderr, "gss_unwrap: %.*s\n", (int)output_token->length,
(char *)output_token->value);
return 0;
close (pipefd[1]);
read_token (pipefd[0], &buf);
close (pipefd[0]);
maj_stat = gss_import_sec_context (&min_stat, &buf, &context_hdl);
if (GSS_ERROR(maj_stat))
gss_err (1, min_stat, "gss_import_sec_context");
gss_release_buffer (&min_stat, &buf);
return process_it (sock, context_hdl, client_name);
}
} else {
return process_it (sock, context_hdl, client_name);
}
}
static int

5
crypto/heimdal/appl/test/test_locl.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
/* $Id: test_locl.h,v 1.7 1999/12/04 18:17:07 assar Exp $ */
/* $Id: test_locl.h,v 1.8 2000/02/14 02:52:55 assar Exp $ */
#ifdef HAVE_CONFIG_H
#include <config.h>
@ -79,6 +79,7 @@
#define PORT "test"
extern char *service;
extern int fork_flag;
int server_setup(krb5_context*, int, char**);
int client_setup(krb5_context*, int*, char**);
int client_doit (const char *hostname, int port, const char *service,

4
crypto/heimdal/configure vendored
View File

@ -1,6 +1,6 @@
#! /bin/sh
# From configure.in Revision: 1.216
# From configure.in Revision: 1.217
@ -911,7 +911,7 @@ fi
PACKAGE=heimdal
VERSION=0.2n
VERSION=0.2o
if test "`cd $srcdir && pwd`" != "`pwd`" && test -f $srcdir/config.status; then
{ echo "configure: error: source directory already configured; run "make distclean" there first" 1>&2; exit 1; }

4
crypto/heimdal/configure.in
View File

@ -1,9 +1,9 @@
dnl Process this file with autoconf to produce a configure script.
AC_REVISION($Revision: 1.216 $)
AC_REVISION($Revision: 1.217 $)
AC_INIT(lib/krb5/send_to_kdc.c)
AM_CONFIG_HEADER(include/config.h)
AM_INIT_AUTOMAKE(heimdal,0.2n)
AM_INIT_AUTOMAKE(heimdal,0.2o)
AC_PREFIX_DEFAULT(/usr/heimdal)

2
crypto/heimdal/doc/ack.texi
View File

@ -49,6 +49,8 @@ Bugfixes, documentation, encouragement, and code has been contributed by:
@email{ruda@@ics.muni.cz}
@item Brian A May
@email{bmay@@snoopy.apana.org.au}
@item Chaskiel M Grundman
@email{cg2v@@andrew.cmu.edu}
@item and we hope that those not mentioned here will forgive us.
@end table

5659
crypto/heimdal/doc/standardisation/rfc2743.txt Normal file
View File

File diff suppressed because it is too large Load Diff

5659
crypto/heimdal/doc/standardisation/rfc2744.txt Normal file
View File

File diff suppressed because it is too large Load Diff

76
crypto/heimdal/kdc/config.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997-1999 Kungliga Tekniska Högskolan
* Copyright (c) 1997-2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -35,24 +35,33 @@
#include <getarg.h>
#include <parse_bytes.h>
RCSID("$Id: config.c,v 1.28 1999/12/02 17:04:58 joda Exp $");
RCSID("$Id: config.c,v 1.30 2000/02/11 17:47:19 assar Exp $");
static char *config_file; /* location of kdc config file */
int require_preauth = -1; /* 1 == require preauth for all principals */
size_t max_request; /* maximal size of a request */
static char *max_request_str; /* `max_request' as a string */
time_t kdc_warn_pwexpire; /* time before expiration to print a warning */
static char *config_file;
int require_preauth = -1;
char *keyfile;
static char *max_request_str;
size_t max_request;
time_t kdc_warn_pwexpire;
struct dbinfo *databases;
HDB **db;
int num_db;
char *port_str;
int enable_http = -1;
krb5_boolean encode_as_rep_as_tgs_rep; /* bug compatibility */
krb5_boolean check_ticket_addresses;
krb5_boolean allow_null_ticket_addresses;
static struct getarg_strings addresses_str; /* addresses to listen on */
krb5_addresses explicit_addresses;
#ifdef KRB4
char *v4_realm;
#endif
@ -72,10 +81,6 @@ static struct getargs args[] = {
"require-preauth", 'p', arg_negative_flag, &require_preauth,
"don't require pa-data in as-reqs"
},
{
"key-file", 'k', arg_string, &keyfile,
"location of master key file", "file"
},
{
"max-request", 0, arg_string, &max_request,
"max size for a kdc-request", "size"
@ -102,6 +107,8 @@ static struct getargs args[] = {
{ "ports", 'P', arg_string, &port_str,
"ports to listen to"
},
{ "addresses", 0, arg_strings, &addresses_str,
"addresses to listen on", "list of addresses" },
{ "help", 'h', arg_flag, &help_flag },
{ "version", 'v', arg_flag, &version_flag }
};
@ -190,6 +197,22 @@ get_dbinfo(krb5_config_section *cf)
}
}
static void
add_one_address (const char *str, int first)
{
krb5_error_code ret;
krb5_addresses tmp;
ret = krb5_parse_address (context, str, &tmp);
if (ret)
krb5_err (context, 1, ret, "parse_address `%s'", str);
if (first)
krb5_copy_addresses(context, &tmp, &explicit_addresses);
else
krb5_append_addresses(context, &explicit_addresses, &tmp);
krb5_free_addresses (context, &tmp);
}
void
configure(int argc, char **argv)
{
@ -221,16 +244,6 @@ configure(int argc, char **argv)
if(krb5_config_parse_file(config_file, &cf))
cf = NULL;
if(keyfile == NULL){
p = krb5_config_get_string (context, cf,
"kdc",
"key-file",
NULL);
if(p)
keyfile = strdup(p);
}
get_dbinfo(cf);
if(max_request_str){
@ -256,6 +269,25 @@ configure(int argc, char **argv)
if (p != NULL)
port_str = strdup(p);
}
explicit_addresses.len = 0;
if (addresses_str.num_strings) {
int i;
for (i = 0; i < addresses_str.num_strings; ++i)
add_one_address (addresses_str.strings[i], i == 0);
} else {
char **foo = krb5_config_get_strings (context, cf,
"kdc", "addresses", NULL);
if (foo != NULL) {
add_one_address (*foo++, TRUE);
while (*foo)
add_one_address (*foo++, FALSE);
}
}
if(enable_http == -1)
enable_http = krb5_config_get_bool(context, cf, "kdc",
"enable-http", NULL);

74
crypto/heimdal/kdc/connect.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997-1999 Kungliga Tekniska Högskolan
* Copyright (c) 1997-2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,7 +33,11 @@
#include "kdc_locl.h"
RCSID("$Id: connect.c,v 1.68 1999/12/02 17:04:58 joda Exp $");
RCSID("$Id: connect.c,v 1.69 2000/02/11 17:45:45 assar Exp $");
/*
* a tuple describing on what to listen
*/
struct port_desc{
int family;
@ -41,9 +45,15 @@ struct port_desc{
int port;
};
/* the current ones */
static struct port_desc *ports;
static int num_ports;
/*
* add `family, port, protocol' to the list with duplicate suppresion.
*/
static void
add_port(int family, int port, const char *protocol)
{
@ -63,12 +73,19 @@ add_port(int family, int port, const char *protocol)
return;
}
ports = realloc(ports, (num_ports + 1) * sizeof(*ports));
if (ports == NULL)
krb5_err (context, 1, errno, "realloc");
ports[num_ports].family = family;
ports[num_ports].type = type;
ports[num_ports].port = port;
num_ports++;
}
/*
* add a triple but with service -> port lookup
* (this prints warnings for stuff that does not exist)
*/
static void
add_port_service(int family, const char *service, int port,
const char *protocol)
@ -77,6 +94,11 @@ add_port_service(int family, const char *service, int port,
add_port (family, port, protocol);
}
/*
* add the port with service -> port lookup or string -> number
* (no warning is printed)
*/
static void
add_port_string (int family, const char *port_str, const char *protocol)
{
@ -96,6 +118,10 @@ add_port_string (int family, const char *port_str, const char *protocol)
add_port (family, port, protocol);
}
/*
* add the standard collection of ports for `family'
*/
static void
add_standard_ports (int family)
{
@ -113,6 +139,12 @@ add_standard_ports (int family)
#endif
}
/*
* parse the set of space-delimited ports in `str' and add them.
* "+" => all the standard ones
* otherwise it's port|service[/protocol]
*/
static void
parse_ports(const char *str)
{
@ -150,6 +182,10 @@ parse_ports(const char *str)
free (str_copy);
}
/*
* every socket we listen on
*/
struct descr {
int s;
int type;
@ -176,7 +212,7 @@ init_socket(struct descr *d, krb5_address *a, int family, int type, int port)
ret = krb5_addr2sockaddr (a, sa, &sa_size, port);
if (ret) {
krb5_warn(context, ret, "krb5_anyaddr");
krb5_warn(context, ret, "krb5_addr2sockaddr");
close(d->s);
d->s = -1;
return;
@ -200,14 +236,23 @@ init_socket(struct descr *d, krb5_address *a, int family, int type, int port)
d->type = type;
if(bind(d->s, sa, sa_size) < 0){
krb5_warn(context, errno, "bind(%d)", ntohs(port));
char a_str[256];
size_t len;
krb5_print_address (a, a_str, sizeof(a_str), &len);
krb5_warn(context, errno, "bind %s/%d", a_str, ntohs(port));
close(d->s);
d->s = -1;
return;
}
if(type == SOCK_STREAM && listen(d->s, SOMAXCONN) < 0){
krb5_warn(context, errno, "listen");
char a_str[256];
size_t len;
krb5_print_address (a, a_str, sizeof(a_str), &len);
krb5_warn(context, errno, "listen %s/%d", a_str, ntohs(port));
close(d->s);
d->s = -1;
return;
}
}
@ -226,9 +271,13 @@ init_sockets(struct descr **desc)
int num = 0;
krb5_addresses addresses;
ret = krb5_get_all_server_addrs (context, &addresses);
if (ret)
krb5_err (context, 1, ret, "krb5_get_all_server_addrs");
if (explicit_addresses.len) {
addresses = explicit_addresses;
} else {
ret = krb5_get_all_server_addrs (context, &addresses);
if (ret)
krb5_err (context, 1, ret, "krb5_get_all_server_addrs");
}
parse_ports(port_str);
d = malloc(addresses.len * num_ports * sizeof(*d));
if (d == NULL)
@ -262,7 +311,11 @@ init_sockets(struct descr **desc)
return num;
}
/*
* handle the request in `buf, len', from `addr' (or `from' as a string),
* sending a reply in `reply'.
*/
static int
process_request(unsigned char *buf,
size_t len,
@ -711,7 +764,8 @@ loop(void)
case 0:
break;
case -1:
krb5_warn(context, errno, "select");
if (errno != EINTR)
krb5_warn(context, errno, "select");
break;
default:
for(i = 0; i < ndescr; i++)

6
crypto/heimdal/kdc/kaserver.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,7 +33,7 @@
#include "kdc_locl.h"
RCSID("$Id: kaserver.c,v 1.9 1999/12/02 17:04:59 joda Exp $");
RCSID("$Id: kaserver.c,v 1.10 2000/02/13 19:21:22 assar Exp $");
#ifdef KASERVER
@ -468,7 +468,7 @@ do_authenticate (struct rx_header *hdr,
create_reply_ticket (hdr, skey,
name, instance, v4_realm,
addr, life, client_entry->kvno,
addr, life, server_entry->kvno,
max_seq_len,
"krbtgt", v4_realm,
chal + 1, "tgsT",

63
crypto/heimdal/kdc/kdc.8
View File

@ -1,4 +1,4 @@
.\" $Id: kdc.8,v 1.3 1997/08/09 00:20:38 joda Exp $
.\" $Id: kdc.8,v 1.5 2000/02/13 21:04:32 assar Exp $
.\"
.Dd July 27, 1997
.Dt KDC 8
@ -11,12 +11,16 @@ Kerberos 5 server
.Nm
.Op Fl c Ar file
.Op Fl -config-file= Ns Ar file
.Op Fl k Ar file
.Op Fl -key-file= Ns Ar file
.Op Fl p
.Op Fl -no-require-preauth
.Op Fl p | Fl -no-require-preauth
.Op Fl -max-request= Ns Ar size
.Op Fl H | Fl -enable-http
.Op Fl K | Fl -no-kaserver
.Op Fl r Ar realm
.Op Fl -v4-realm= Ns Ar realm
.Oo Fl P Ar string \*(Ba Xo
.Fl -ports= Ns Ar string Oc
.Xc
.Op Fl -addresses= Ns Ar list of addresses
.Sh DESCRIPTION
.Nm
@ -31,21 +35,32 @@ Options supported:
Specifies the location of the config file, the default is
.Pa /var/heimdal/kdc.conf .
This is the only value that can't be specified in the config file.
.It Fl k Ar file
.It Fl -key-file= Ns Ar file
The location of the master-key file. All keys in the database is
encrypted with this master key. The use of a master key is currently
optional, so there is no default.
.Em "Don't specify a master key file if your database is not encrypted."
.It Fl p
.It Fl -no-require-preauth
Turn off the requirement for pre-autentication in the initial
AS-REQ. The use of pre-authentication makes it more difficult to do
offline password attacks. You might want to turn it off if you have
clients that doesn't do pre-authentication. Since the version 4
protocol doesn't support any pre-authentication, so serving version 4
clients is just about the same as not requiring pre-athentication. The
default is to require pre-authentication.
Turn off the requirement for pre-autentication in the initial AS-REQ
for all principals. The use of pre-authentication makes it more
difficult to do offline password attacks. You might want to turn it
off if you have clients that doesn't do pre-authentication. Since the
version 4 protocol doesn't support any pre-authentication, so serving
version 4 clients is just about the same as not requiring
pre-athentication. The default is to require
pre-authentication. Adding the require-preauth per principal is a more
flexible way of handling this.
.It Xo
.Fl -max-request= Ns Ar size
.Xc
Gives an upper limit on the size of the requests that the kdc is
willing to handle.
.It Xo
.Fl H Ns ,
.Fl -enable-http
.Xc
Makes the kdc listen on port 80 and handle requests encapsulated in HTTP.
.It Xo
.Fl K Ns ,
.Fl -no-kaserver
.Xc
Disables kaserver emulation (in case it's compiled in).
.It Fl r Ar realm
.It Fl -v4-realm= Ns Ar realm
What realm this server should act as when dealing with version 4
@ -55,6 +70,18 @@ explicitly specified. The default is whatever is returned by
.Fn krb_get_lrealm .
This option is only availabe if the KDC has been compiled with version
4 support.
.It Xo
.Fl P Ar string Ns ,
.Fl -ports= Ns Ar string
.Xc
Specifies the set of ports the KDC should listen on. It is given as a
white-space separated list of services or port numbers.
.It Xo
.Fl -addresses= Ns Ar list of addresses
.Xc
The list of addresses to listen for requests on. By default, the kdc
will listen on all the locally configured addresses. If only a subset
is desired, or the automatic detection fails, this option might be used.
.El
.Pp
All activities , are logged to one or more destinations, see

7
crypto/heimdal/kdc/kdc_locl.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997-1999 Kungliga Tekniska Högskolan
* Copyright (c) 1997-2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -32,7 +32,7 @@
*/
/*
* $Id: kdc_locl.h,v 1.39 1999/12/02 17:04:59 joda Exp $
* $Id: kdc_locl.h,v 1.40 2000/02/11 17:46:29 assar Exp $
*/
#ifndef __KDC_LOCL_H__
@ -44,7 +44,6 @@ extern krb5_context context;
extern int require_preauth;
extern sig_atomic_t exit_flag;
extern char *keyfile;
extern size_t max_request;
extern time_t kdc_warn_pwexpire;
extern struct dbinfo {
@ -56,6 +55,8 @@ extern struct dbinfo {
extern HDB **db;
extern int num_db;
extern char *port_str;
extern krb5_addresses explicit_addresses;
extern int enable_http;
extern krb5_boolean encode_as_rep_as_tgs_rep;
extern krb5_boolean check_ticket_addresses;

6
crypto/heimdal/kdc/kerberos4.c
View File

@ -33,7 +33,7 @@
#include "kdc_locl.h"
RCSID("$Id: kerberos4.c,v 1.26 2000/02/02 01:26:41 assar Exp $");
RCSID("$Id: kerberos4.c,v 1.27 2000/02/13 19:27:36 assar Exp $");
#ifdef KRB4
@ -307,6 +307,10 @@ do_version4(unsigned char *buf,
}
if(tgt->kvno != kvno){
kdc_log(0, "tgs-req with old kvno %d (current %d) for "
"krbtgt.%s@%s", kvno, tgt->kvno, realm, v4_realm);
make_err_reply(reply, KDC_AUTH_EXP,
"old krbtgt kvno used");
goto out2;
}

24
crypto/heimdal/lib/gssapi/ChangeLog
View File

@ -1,3 +1,27 @@
2000-02-13 Assar Westerlund <assar@sics.se>
* Makefile.am: set version to 1:0:1
2000-02-12 Assar Westerlund <assar@sics.se>
* gssapi_locl.h: add flags for import/export
* import_sec_context.c (import_sec_context: add flags for what
fields are included. do not include the authenticator for now.
* export_sec_context.c (export_sec_context: add flags for what
fields are included. do not include the authenticator for now.
* accept_sec_context.c (gss_accept_sec_context): set target in
context_handle
2000-02-11 Assar Westerlund <assar@sics.se>
* delete_sec_context.c (gss_delete_sec_context): set context to
GSS_C_NO_CONTEXT
* Makefile.am: add {export,import}_sec_context.c
* export_sec_context.c: new file
* import_sec_context.c: new file
* accept_sec_context.c (gss_accept_sec_context): set trans flag
2000-02-07 Assar Westerlund <assar@sics.se>
* Makefile.am: set version to 0:5:0

6
crypto/heimdal/lib/gssapi/Makefile.am
View File

@ -1,11 +1,11 @@
# $Id: Makefile.am,v 1.19 2000/02/07 04:00:51 assar Exp $
# $Id: Makefile.am,v 1.21 2000/02/13 20:34:49 assar Exp $
include $(top_srcdir)/Makefile.am.common
INCLUDES += -I$(srcdir)/../krb5
lib_LTLIBRARIES = libgssapi.la
libgssapi_la_LDFLAGS = -version-info 0:5:0
libgssapi_la_LDFLAGS = -version-info 1:0:1
include_HEADERS = gssapi.h
@ -24,12 +24,14 @@ libgssapi_la_SOURCES = \
display_status.c \
duplicate_name.c \
encapsulate.c \
export_sec_context.c \
export_name.c \
external.c \
get_mic.c \
gssapi.h \
gssapi_locl.h \
import_name.c \
import_sec_context.c \
indicate_mechs.c \
init.c \
init_sec_context.c \

17
crypto/heimdal/lib/gssapi/Makefile.in
View File

@ -10,7 +10,7 @@
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
# $Id: Makefile.am,v 1.19 2000/02/07 04:00:51 assar Exp $
# $Id: Makefile.am,v 1.21 2000/02/13 20:34:49 assar Exp $
# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
@ -174,11 +174,11 @@ NROFF_MAN = groff -mandoc -Tascii
CHECK_LOCAL = $(PROGRAMS)
lib_LTLIBRARIES = libgssapi.la
libgssapi_la_LDFLAGS = -version-info 0:5:0
libgssapi_la_LDFLAGS = -version-info 1:0:1
include_HEADERS = gssapi.h
libgssapi_la_SOURCES = 8003.c accept_sec_context.c acquire_cred.c add_oid_set_member.c canonicalize_name.c compare_name.c context_time.c create_emtpy_oid_set.c decapsulate.c delete_sec_context.c display_name.c display_status.c duplicate_name.c encapsulate.c export_name.c external.c get_mic.c gssapi.h gssapi_locl.h import_name.c indicate_mechs.c init.c init_sec_context.c inquire_context.c inquire_cred.c release_buffer.c release_cred.c release_name.c release_oid_set.c test_oid_set_member.c unwrap.c v1.c verify_mic.c wrap.c
libgssapi_la_SOURCES = 8003.c accept_sec_context.c acquire_cred.c add_oid_set_member.c canonicalize_name.c compare_name.c context_time.c create_emtpy_oid_set.c decapsulate.c delete_sec_context.c display_name.c display_status.c duplicate_name.c encapsulate.c export_sec_context.c export_name.c external.c get_mic.c gssapi.h gssapi_locl.h import_name.c import_sec_context.c indicate_mechs.c init.c init_sec_context.c inquire_context.c inquire_cred.c release_buffer.c release_cred.c release_name.c release_oid_set.c test_oid_set_member.c unwrap.c v1.c verify_mic.c wrap.c
mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
CONFIG_HEADER = ../../include/config.h
@ -199,11 +199,12 @@ libgssapi_la_OBJECTS = 8003.lo accept_sec_context.lo acquire_cred.lo \
add_oid_set_member.lo canonicalize_name.lo compare_name.lo \
context_time.lo create_emtpy_oid_set.lo decapsulate.lo \
delete_sec_context.lo display_name.lo display_status.lo \
duplicate_name.lo encapsulate.lo export_name.lo external.lo get_mic.lo \
import_name.lo indicate_mechs.lo init.lo init_sec_context.lo \
inquire_context.lo inquire_cred.lo release_buffer.lo release_cred.lo \
release_name.lo release_oid_set.lo test_oid_set_member.lo unwrap.lo \
v1.lo verify_mic.lo wrap.lo
duplicate_name.lo encapsulate.lo export_sec_context.lo export_name.lo \
external.lo get_mic.lo import_name.lo import_sec_context.lo \
indicate_mechs.lo init.lo init_sec_context.lo inquire_context.lo \
inquire_cred.lo release_buffer.lo release_cred.lo release_name.lo \
release_oid_set.lo test_oid_set_member.lo unwrap.lo v1.lo verify_mic.lo \
wrap.lo
CFLAGS = @CFLAGS@
COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)

17
crypto/heimdal/lib/gssapi/accept_sec_context.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,7 +33,7 @@
#include "gssapi_locl.h"
RCSID("$Id: accept_sec_context.c,v 1.15 1999/12/26 18:32:08 assar Exp $");
RCSID("$Id: accept_sec_context.c,v 1.17 2000/02/12 21:24:08 assar Exp $");
static krb5_keytab gss_keytab;
@ -53,7 +53,8 @@ gsskrb5_register_acceptor_identity (char *identity)
return GSS_S_COMPLETE;
}
OM_uint32 gss_accept_sec_context
OM_uint32
gss_accept_sec_context
(OM_uint32 * minor_status,
gss_ctx_id_t * context_handle,
const gss_cred_id_t acceptor_cred_handle,
@ -151,6 +152,14 @@ OM_uint32 gss_accept_sec_context
goto failure;
}
kret = krb5_copy_principal (gssapi_krb5_context,
ticket->server,
&(*context_handle)->target);
if (kret) {
ret = GSS_S_FAILURE;
goto failure;
}
if (src_name) {
kret = krb5_copy_principal (gssapi_krb5_context,
ticket->client,
@ -182,6 +191,8 @@ OM_uint32 gss_accept_sec_context
}
}
flags |= GSS_C_TRANS_FLAG;
if (ret_flags)
*ret_flags = flags;
(*context_handle)->flags = flags;

3
crypto/heimdal/lib/gssapi/delete_sec_context.c
View File

@ -33,7 +33,7 @@
#include "gssapi_locl.h"
RCSID("$Id: delete_sec_context.c,v 1.6 2000/01/26 00:45:46 assar Exp $");
RCSID("$Id: delete_sec_context.c,v 1.7 2000/02/11 23:00:48 assar Exp $");
OM_uint32 gss_delete_sec_context
(OM_uint32 * minor_status,
@ -60,5 +60,6 @@ OM_uint32 gss_delete_sec_context
krb5_free_ticket (gssapi_krb5_context,
(*context_handle)->ticket);
free (*context_handle);
*context_handle = GSS_C_NO_CONTEXT;
return GSS_S_COMPLETE;
}

142
crypto/heimdal/lib/gssapi/export_sec_context.c Normal file
View File

@ -0,0 +1,142 @@
/*
* Copyright (c) 1999 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "gssapi_locl.h"
RCSID("$Id: export_sec_context.c,v 1.2 2000/02/12 21:25:24 assar Exp $");
OM_uint32
gss_export_sec_context (
OM_uint32 * minor_status,
gss_ctx_id_t * context_handle,
gss_buffer_t interprocess_token
)
{
krb5_storage *sp;
krb5_auth_context ac;
unsigned char auth_buf[1024];
size_t sz;
int ret;
krb5_data data;
gss_buffer_desc buffer;
int flags;
gssapi_krb5_init ();
if (!((*context_handle)->flags & GSS_C_TRANS_FLAG))
return GSS_S_UNAVAILABLE;
sp = krb5_storage_emem ();
if (sp == NULL) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
ac = (*context_handle)->auth_context;
/* flagging included fields */
flags = 0;
if (ac->local_address)
flags |= SC_LOCAL_ADDRESS;
if (ac->remote_address)
flags |= SC_REMOTE_ADDRESS;
if (ac->keyblock)
flags |= SC_KEYBLOCK;
if (ac->local_subkey)
flags |= SC_LOCAL_SUBKEY;
if (ac->remote_subkey)
flags |= SC_REMOTE_SUBKEY;
krb5_store_int32 (sp, flags);
/* marshall auth context */
krb5_store_int32 (sp, ac->flags);
if (ac->local_address)
krb5_store_address (sp, *ac->local_address);
if (ac->remote_address)
krb5_store_address (sp, *ac->remote_address);
krb5_store_int16 (sp, ac->local_port);
krb5_store_int16 (sp, ac->remote_port);
if (ac->keyblock)
krb5_store_keyblock (sp, *ac->keyblock);
if (ac->local_subkey)
krb5_store_keyblock (sp, *ac->local_subkey);
if (ac->remote_subkey)
krb5_store_keyblock (sp, *ac->remote_subkey);
krb5_store_int32 (sp, ac->local_seqnumber);
krb5_store_int32 (sp, ac->remote_seqnumber);
#if 0
ret = encode_Authenticator (auth_buf, sizeof(auth_buf),
ac->authenticator, &sz);
if (ret) {
krb5_storage_free (sp);
*minor_status = ret;
return GSS_S_FAILURE;
}
data.data = auth_buf;
data.length = sz;
krb5_store_data (sp, data);
#endif
krb5_store_int32 (sp, ac->keytype);
krb5_store_int32 (sp, ac->cksumtype);
/* names */
gss_export_name (minor_status, (*context_handle)->source, &buffer);
data.data = buffer.value;
data.length = buffer.length;
krb5_store_data (sp, data);
gss_export_name (minor_status, (*context_handle)->target, &buffer);
data.data = buffer.value;
data.length = buffer.length;
krb5_store_data (sp, data);
krb5_store_int32 (sp, (*context_handle)->flags);
krb5_store_int32 (sp, (*context_handle)->more_flags);
ret = krb5_storage_to_data (sp, &data);
krb5_storage_free (sp);
if (ret) {
*minor_status = ret;
return GSS_S_FAILURE;
}
interprocess_token->length = data.length;
interprocess_token->value = data.data;
ret = gss_delete_sec_context (minor_status, context_handle,
GSS_C_NO_BUFFER);
if (ret != GSS_S_COMPLETE)
gss_release_buffer (NULL, interprocess_token);
return ret;
}

12
crypto/heimdal/lib/gssapi/gssapi_locl.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
/* $Id: gssapi_locl.h,v 1.11 1999/12/02 17:05:03 joda Exp $ */
/* $Id: gssapi_locl.h,v 1.12 2000/02/12 21:26:26 assar Exp $ */
#ifndef GSSAPI_LOCL_H
#define GSSAPI_LOCL_H
@ -86,4 +86,12 @@ OM_uint32
gss_krb5_getsomekey(const gss_ctx_id_t context_handle,
des_cblock *key);
/* sec_context flags */
#define SC_LOCAL_ADDRESS 0x01
#define SC_REMOTE_ADDRESS 0x02
#define SC_KEYBLOCK 0x04
#define SC_LOCAL_SUBKEY 0x08
#define SC_REMOTE_SUBKEY 0x10
#endif

180
crypto/heimdal/lib/gssapi/import_sec_context.c Normal file
View File

@ -0,0 +1,180 @@
/*
* Copyright (c) 1999 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "gssapi_locl.h"
RCSID("$Id: import_sec_context.c,v 1.2 2000/02/12 21:26:00 assar Exp $");
OM_uint32
gss_import_sec_context (
OM_uint32 * minor_status,
const gss_buffer_t interprocess_token,
gss_ctx_id_t * context_handle
)
{
OM_uint32 ret = GSS_S_FAILURE;
krb5_error_code kret;
krb5_storage *sp;
krb5_auth_context ac;
krb5_address local, remote;
krb5_address *localp, *remotep;
krb5_data data;
gss_buffer_desc buffer;
krb5_keyblock keyblock;
size_t sz;
int32_t tmp;
int32_t flags;
gssapi_krb5_init ();
sp = krb5_storage_from_mem (interprocess_token->value,
interprocess_token->length);
if (sp == NULL) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
*context_handle = malloc(sizeof(**context_handle));
if (*context_handle == NULL) {
*minor_status = ENOMEM;
krb5_storage_free (sp);
return GSS_S_FAILURE;
}
kret = krb5_auth_con_init (gssapi_krb5_context,
&(*context_handle)->auth_context);
if (kret) {
*minor_status = kret;
ret = GSS_S_FAILURE;
goto failure;
}
/* flags */
krb5_ret_int32 (sp, &flags);
/* retrieve the auth context */
ac = (*context_handle)->auth_context;
krb5_ret_int32 (sp, &ac->flags);
if (flags & SC_LOCAL_ADDRESS)
krb5_ret_address (sp, localp = &local);
else
localp = NULL;
if (flags & SC_REMOTE_ADDRESS)
krb5_ret_address (sp, remotep = &remote);
else
remotep = NULL;
krb5_auth_con_setaddrs (gssapi_krb5_context, ac, localp, remotep);
if (localp)
krb5_free_address (gssapi_krb5_context, localp);
if (remotep)
krb5_free_address (gssapi_krb5_context, remotep);
krb5_ret_int16 (sp, &ac->local_port);
krb5_ret_int16 (sp, &ac->remote_port);
if (flags & SC_KEYBLOCK) {
krb5_ret_keyblock (sp, &keyblock);
krb5_auth_con_setkey (gssapi_krb5_context, ac, &keyblock);
krb5_free_keyblock_contents (gssapi_krb5_context, &keyblock);
}
if (flags & SC_LOCAL_SUBKEY) {
krb5_ret_keyblock (sp, &keyblock);
krb5_auth_con_setlocalsubkey (gssapi_krb5_context, ac, &keyblock);
krb5_free_keyblock_contents (gssapi_krb5_context, &keyblock);
}
if (flags & SC_REMOTE_SUBKEY) {
krb5_ret_keyblock (sp, &keyblock);
krb5_auth_con_setremotesubkey (gssapi_krb5_context, ac, &keyblock);
krb5_free_keyblock_contents (gssapi_krb5_context, &keyblock);
}
krb5_ret_int32 (sp, &ac->local_seqnumber);
krb5_ret_int32 (sp, &ac->remote_seqnumber);
#if 0
krb5_ret_data (sp, &data);
ac->authenticator = malloc (sizeof (*ac->authenticator));
if (ac->authenticator == NULL) {
*minor_status = ENOMEM;
ret = GSS_S_FAILURE;
goto failure;
}
kret = decode_Authenticator (data.data, data.length,
ac->authenticator, &sz);
krb5_data_free (&data);
if (kret) {
*minor_status = kret;
ret = GSS_S_FAILURE;
goto failure;
}
#endif
krb5_ret_int32 (sp, &tmp);
ac->keytype = tmp;
krb5_ret_int32 (sp, &tmp);
ac->cksumtype = tmp;
/* names */
krb5_ret_data (sp, &data);
buffer.value = data.data;
buffer.length = data.length;
gss_import_name (minor_status, &buffer, GSS_C_NO_OID,
&(*context_handle)->source);
krb5_data_free (&data);
krb5_ret_data (sp, &data);
buffer.value = data.data;
buffer.length = data.length;
gss_import_name (minor_status, &buffer, GSS_C_NO_OID,
&(*context_handle)->target);
krb5_data_free (&data);
krb5_ret_int32 (sp, &tmp);
(*context_handle)->flags = tmp;
krb5_ret_int32 (sp, &tmp);
(*context_handle)->more_flags = tmp;
(*context_handle)->ticket = NULL;
return GSS_S_COMPLETE;
failure:
krb5_auth_con_free (gssapi_krb5_context,
(*context_handle)->auth_context);
free (*context_handle);
*context_handle = GSS_C_NO_CONTEXT;
return ret;
}

4
crypto/heimdal/lib/krb5/Makefile.am
View File

@ -1,4 +1,4 @@
# $Id: Makefile.am,v 1.96 2000/02/07 03:26:21 assar Exp $
# $Id: Makefile.am,v 1.97 2000/02/13 20:35:49 assar Exp $
include $(top_srcdir)/Makefile.am.common
@ -119,7 +119,7 @@ libkrb5_la_SOURCES = \
EXTRA_libkrb5_la_SOURCES = keytab_krb4.c
libkrb5_la_LDFLAGS = -version-info 8:0:0
libkrb5_la_LDFLAGS = -version-info 9:0:0
$(libkrb5_la_OBJECTS): $(srcdir)/krb5-protos.h $(srcdir)/krb5-private.h

4
crypto/heimdal/lib/krb5/Makefile.in
View File

@ -10,7 +10,7 @@
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
# $Id: Makefile.am,v 1.96 2000/02/07 03:26:21 assar Exp $
# $Id: Makefile.am,v 1.97 2000/02/13 20:35:49 assar Exp $
# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
@ -195,7 +195,7 @@ libkrb5_la_SOURCES = add_et_list.c addr_families.c address.c aname_to_local
EXTRA_libkrb5_la_SOURCES = keytab_krb4.c
libkrb5_la_LDFLAGS = -version-info 8:0:0
libkrb5_la_LDFLAGS = -version-info 9:0:0
libkrb5_la_LIBADD = ../com_err/error.lo ../com_err/com_err.lo

25
crypto/heimdal/lib/krb5/changepw.c
View File

@ -33,21 +33,17 @@
#include <krb5_locl.h>
RCSID("$Id: changepw.c,v 1.19 1999/12/11 23:14:51 assar Exp $");
RCSID("$Id: changepw.c,v 1.20 2000/02/07 13:40:18 joda Exp $");
static krb5_error_code
get_kdc_address (krb5_context context,
krb5_realm realm,
struct addrinfo **ai)
{
struct addrinfo hints;
krb5_error_code ret;
char **hostlist;
int port = 0;
char portstr[NI_MAXSERV];
int error;
char *host;
char *dot;
ret = krb5_get_krb_changepw_hst (context,
&realm,
@ -55,24 +51,9 @@ get_kdc_address (krb5_context context,
if (ret)
return ret;
host = *hostlist;
port = ntohs(krb5_getportbyname (context, "kpasswd", "udp", KPASSWD_PORT));
error = roken_getaddrinfo_hostspec(*hostlist, port, ai);
dot = strchr (host, ':');
if (dot != NULL) {
char *end;
*dot++ = '\0';
port = strtol (dot, &end, 0);
}
if (port == 0)
port = krb5_getportbyname (context, "kpasswd", "udp", KPASSWD_PORT);
snprintf (portstr, sizeof(portstr), "%u", ntohs(port));
memset (&hints, 0, sizeof(hints));
hints.ai_socktype = SOCK_DGRAM;
hints.ai_protocol = IPPROTO_UDP;
error = getaddrinfo (host, portstr, &hints, ai);
krb5_free_krbhst (context, hostlist);
return error;
}

8
crypto/heimdal/lib/krb5/context.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,7 +33,7 @@
#include "krb5_locl.h"
RCSID("$Id: context.c,v 1.52 2000/02/04 17:10:26 joda Exp $");
RCSID("$Id: context.c,v 1.53 2000/02/11 17:43:43 assar Exp $");
#define INIT_FIELD(C, T, E, D, F) \
(C)->E = krb5_config_get_ ## T ## _default ((C), NULL, (D), \
@ -318,7 +318,7 @@ krb5_add_extra_addresses(krb5_context context, krb5_addresses *addresses)
}
krb5_error_code
krb5_set_extra_addresses(krb5_context context, krb5_addresses *addresses)
krb5_set_extra_addresses(krb5_context context, const krb5_addresses *addresses)
{
if(context->extra_addresses) {
krb5_free_addresses(context, context->extra_addresses);
@ -329,7 +329,7 @@ krb5_set_extra_addresses(krb5_context context, krb5_addresses *addresses)
if(context->extra_addresses == NULL)
return ENOMEM;
}
return copy_HostAddresses(addresses, context->extra_addresses);
return krb5_copy_addresses(context, addresses, context->extra_addresses);
}
krb5_error_code

9
crypto/heimdal/lib/krb5/krb5-protos.h
View File

@ -449,6 +449,13 @@ krb5_change_password __P((
krb5_data *result_code_string,
krb5_data *result_string));
krb5_error_code
krb5_check_transited_realms __P((
krb5_context context,
const char *const *realms,
int num_realms,
int *bad_realm));
krb5_boolean
krb5_checksum_is_collision_proof __P((
krb5_context context,
@ -1948,7 +1955,7 @@ krb5_set_default_realm __P((
krb5_error_code
krb5_set_extra_addresses __P((
krb5_context context,
krb5_addresses *addresses));
const krb5_addresses *addresses));
krb5_error_code
krb5_set_fcache_version __P((

8
crypto/heimdal/lib/krb5/krb5_err.et
View File

@ -3,7 +3,7 @@
#
# This might look like a com_err file, but is not
#
id "$Id: krb5_err.et,v 1.7 1999/02/11 21:03:40 joda Exp $"
id "$Id: krb5_err.et,v 1.8 2000/02/07 12:54:17 joda Exp $"
error_table krb5
@ -51,7 +51,7 @@ error_code ERR_BADVERSION, "Protocol version mismatch"
error_code ERR_MSG_TYPE, "Invalid message type"
error_code ERR_MODIFIED, "Message stream modified"
error_code ERR_BADORDER, "Message out of order"
error_code ERR_ILL_CR_TKT, "Illegal cross-realm ticket"
error_code ERR_ILL_CR_TKT, "Invalid cross-realm ticket"
error_code ERR_BADKEYVER, "Key version is not available"
error_code ERR_NOKEY, "Service key not available"
error_code ERR_MUT_FAIL, "Mutual authentication failed"
@ -71,14 +71,14 @@ error_code FIELD_TOOLONG, "Field is too long for this implementation"
# 62-127 are reserved
index 128
prefix
error_code KRB5_ERR_RCSID, "$Id: krb5_err.et,v 1.7 1999/02/11 21:03:40 joda Exp $"
error_code KRB5_ERR_RCSID, "$Id: krb5_err.et,v 1.8 2000/02/07 12:54:17 joda Exp $"
error_code KRB5_LIBOS_BADLOCKFLAG, "Invalid flag for file lock mode"
error_code KRB5_LIBOS_CANTREADPWD, "Cannot read password"
error_code KRB5_LIBOS_BADPWDMATCH, "Password mismatch"
error_code KRB5_LIBOS_PWDINTR, "Password read interrupted"
error_code KRB5_PARSE_ILLCHAR, "Illegal character in component name"
error_code KRB5_PARSE_ILLCHAR, "Invalid character in component name"
error_code KRB5_PARSE_MALFORMED, "Malformed representation of principal"
error_code KRB5_CONFIG_CANTOPEN, "Can't open/find configuration file"

26
crypto/heimdal/lib/krb5/rd_req.c
View File

@ -33,7 +33,7 @@
#include <krb5_locl.h>
RCSID("$Id: rd_req.c,v 1.40 2000/02/06 05:20:31 assar Exp $");
RCSID("$Id: rd_req.c,v 1.41 2000/02/07 13:31:55 joda Exp $");
static krb5_error_code
decrypt_tkt_enc_part (krb5_context context,
@ -188,6 +188,30 @@ krb5_verify_authenticator_checksum(krb5_context context,
return ret;
}
#if 0
static krb5_error_code
check_transited(krb5_context context,
krb5_ticket *ticket)
{
char **realms;
int num_realms;
krb5_error_code ret;
if(ticket->ticket.transited.tr_type != DOMAIN_X500_COMPRESS)
return KRB5KDC_ERR_TRTYPE_NOSUPP;
ret = krb5_domain_x500_decode(ticket->ticket.transited.contents,
&realms, &num_realms,
ticket->client->realm,
ticket->server->realm);
if(ret)
return ret;
ret = krb5_check_transited_realms(context, realms, num_realms, NULL);
free(realms);
return ret;
}
#endif
krb5_error_code
krb5_verify_ap_req(krb5_context context,
krb5_auth_context *auth_context,

31
crypto/heimdal/lib/krb5/transited.c
View File

@ -33,7 +33,7 @@
#include "krb5_locl.h"
RCSID("$Id: transited.c,v 1.6 2000/02/07 03:19:43 assar Exp $");
RCSID("$Id: transited.c,v 1.7 2000/02/07 13:30:41 joda Exp $");
/* this is an attempt at one of the most horrible `compression'
schemes that has ever been invented; it's so amazingly brain-dead
@ -363,6 +363,35 @@ krb5_domain_x500_encode(char **realms, int num_realms, krb5_data *encoding)
return 0;
}
krb5_error_code
krb5_check_transited_realms(krb5_context context,
const char *const *realms,
int num_realms,
int *bad_realm)
{
int i;
int ret = 0;
char **bad_realms = krb5_config_get_strings(context, NULL,
"libdefaults",
"transited_realms_reject",
NULL);
if(bad_realms == NULL)
return 0;
for(i = 0; i < num_realms; i++) {
char **p;
for(p = bad_realms; *p; p++)
if(strcmp(*p, realms[i]) == 0) {
ret = KRB5KRB_AP_ERR_ILL_CR_TKT;
if(bad_realm)
*bad_realm = i;
break;
}
}
krb5_config_free_strings(bad_realms);
return ret;
}
#if 0
int
main(int argc, char **argv)

8
crypto/heimdal/lib/roken/ChangeLog
View File

@ -1,3 +1,11 @@
2000-02-13 Assar Westerlund <assar@sics.se>
* Makefile.am: bump version to 7:0:2
* getarg.c (mandoc_template): also fix no- prefix in .Sh OPTIONS
* getarg.c (mandoc_template): better man-stuff for negative
options
2000-02-07 Assar Westerlund <assar@sics.se>
* Makefile.am: set version to 6:0:1

5
crypto/heimdal/lib/roken/Makefile.am
View File

@ -1,11 +1,11 @@
# $Id: Makefile.am,v 1.67 2000/02/07 03:32:15 assar Exp $
# $Id: Makefile.am,v 1.69 2000/02/13 20:34:03 assar Exp $
include $(top_srcdir)/Makefile.am.common
CLEANFILES = roken.h make-roken.c print_version.h
lib_LTLIBRARIES = libroken.la
libroken_la_LDFLAGS = -version-info 6:0:1
libroken_la_LDFLAGS = -version-info 7:0:2
noinst_PROGRAMS = make-roken make-print-version
@ -32,6 +32,7 @@ libroken_la_SOURCES = \
erealloc.c \
estrdup.c \
ewrite.c \
getaddrinfo_hostspec.c \
get_default_username.c \
get_window_size.c \
getarg.c \

19
crypto/heimdal/lib/roken/Makefile.in
View File

@ -10,7 +10,7 @@
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
# $Id: Makefile.am,v 1.67 2000/02/07 03:32:15 assar Exp $
# $Id: Makefile.am,v 1.69 2000/02/13 20:34:03 assar Exp $
# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
@ -176,7 +176,7 @@ CHECK_LOCAL = $(PROGRAMS)
CLEANFILES = roken.h make-roken.c print_version.h
lib_LTLIBRARIES = libroken.la
libroken_la_LDFLAGS = -version-info 6:0:1
libroken_la_LDFLAGS = -version-info 7:0:2
noinst_PROGRAMS = make-roken make-print-version
@ -189,7 +189,7 @@ strpftime_test_SOURCES = strpftime-test.c strftime.c strptime.c snprintf.c
@KRB4_TRUE@@KRB5_TRUE@make_print_version_LDADD = $(LIB_krb4) -ldes
libroken_la_SOURCES = base64.c concat.c emalloc.c eread.c erealloc.c estrdup.c ewrite.c get_default_username.c get_window_size.c getarg.c getnameinfo_verified.c issuid.c k_getpwnam.c k_getpwuid.c mini_inetd.c net_read.c net_write.c parse_bytes.c parse_time.c parse_units.c print_version.c resolve.c roken_gethostby.c signal.c simple_exec.c snprintf.c socket.c strcollect.c tm2time.c verify.c warnerr.c xdbm.h
libroken_la_SOURCES = base64.c concat.c emalloc.c eread.c erealloc.c estrdup.c ewrite.c getaddrinfo_hostspec.c get_default_username.c get_window_size.c getarg.c getnameinfo_verified.c issuid.c k_getpwnam.c k_getpwuid.c mini_inetd.c net_read.c net_write.c parse_bytes.c parse_time.c parse_units.c print_version.c resolve.c roken_gethostby.c signal.c simple_exec.c snprintf.c socket.c strcollect.c tm2time.c verify.c warnerr.c xdbm.h
EXTRA_libroken_la_SOURCES = chown.c copyhostent.c daemon.c err.c err.h errx.c fchown.c flock.c fnmatch.c fnmatch.h freeaddrinfo.c freehostent.c gai_strerror.c getaddrinfo.c getdtablesize.c getegid.c geteuid.c getgid.c gethostname.c getipnodebyaddr.c getipnodebyname.c getnameinfo.c getopt.c gettimeofday.c getuid.c getusershell.c glob.h hstrerror.c inet_aton.c inet_ntop.c inet_pton.c initgroups.c innetgr.c iruserok.c lstat.c memmove.c mkstemp.c putenv.c rcmd.c readv.c recvmsg.c sendmsg.c setegid.c setenv.c seteuid.c strcasecmp.c strdup.c strerror.c strftime.c strlcat.c strlcpy.c strlwr.c strncasecmp.c strndup.c strnlen.c strptime.c strsep.c strtok_r.c strupr.c swab.c unsetenv.c verr.c verrx.c vsyslog.c vwarn.c vwarnx.c warn.c warnx.c writev.c
@ -226,12 +226,13 @@ X_EXTRA_LIBS = @X_EXTRA_LIBS@
X_PRE_LIBS = @X_PRE_LIBS@
libroken_la_DEPENDENCIES = @LTLIBOBJS@
libroken_la_OBJECTS = base64.lo concat.lo emalloc.lo eread.lo \
erealloc.lo estrdup.lo ewrite.lo get_default_username.lo \
get_window_size.lo getarg.lo getnameinfo_verified.lo issuid.lo \
k_getpwnam.lo k_getpwuid.lo mini_inetd.lo net_read.lo net_write.lo \
parse_bytes.lo parse_time.lo parse_units.lo print_version.lo resolve.lo \
roken_gethostby.lo signal.lo simple_exec.lo snprintf.lo socket.lo \
strcollect.lo tm2time.lo verify.lo warnerr.lo
erealloc.lo estrdup.lo ewrite.lo getaddrinfo_hostspec.lo \
get_default_username.lo get_window_size.lo getarg.lo \
getnameinfo_verified.lo issuid.lo k_getpwnam.lo k_getpwuid.lo \
mini_inetd.lo net_read.lo net_write.lo parse_bytes.lo parse_time.lo \
parse_units.lo print_version.lo resolve.lo roken_gethostby.lo signal.lo \
simple_exec.lo snprintf.lo socket.lo strcollect.lo tm2time.lo verify.lo \
warnerr.lo
check_PROGRAMS = parse_bytes-test$(EXEEXT) strpftime-test$(EXEEXT) \
getaddrinfo-test$(EXEEXT)
noinst_PROGRAMS = make-roken$(EXEEXT) make-print-version$(EXEEXT)

89
crypto/heimdal/lib/roken/getaddrinfo_hostspec.c Normal file
View File

@ -0,0 +1,89 @@
/*
* Copyright (c) 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
RCSID("$Id: getaddrinfo_hostspec.c,v 1.1 2000/02/07 13:38:22 joda Exp $");
#endif
#include "roken.h"
/* getaddrinfo via string specifying host and port */
int
roken_getaddrinfo_hostspec(const char *hostspec,
int port,
struct addrinfo **ai)
{
const char *p;
char portstr[NI_MAXSERV];
char host[MAXHOSTNAMELEN];
struct addrinfo hints;
struct hst {
const char *prefix;
int socktype;
int protocol;
int port;
} *hstp, hst[] = {
{ "http://", SOCK_STREAM, IPPROTO_TCP, 80 },
{ "http/", SOCK_STREAM, IPPROTO_TCP, 80 },
{ "tcp/", SOCK_STREAM, IPPROTO_TCP },
{ "udp/", SOCK_DGRAM, IPPROTO_UDP },
{ NULL }
};
memset(&hints, 0, sizeof(hints));
for(hstp = hst; hstp->prefix; hstp++) {
if(strncmp(hostspec, hstp->prefix, strlen(hstp->prefix)) == 0) {
hints.ai_socktype = hstp->socktype;
hints.ai_protocol = hstp->protocol;
if(port == 0)
port = hstp->port;
hostspec += strlen(hstp->prefix);
break;
}
}
p = strchr (hostspec, ':');
if (p != NULL) {
char *end;
port = strtol (p + 1, &end, 0);
}
snprintf (portstr, sizeof(portstr), "%u", port);
snprintf (host, sizeof(host), "%.*s", p - hostspec, hostspec);
return getaddrinfo (host, portstr, &hints, ai);
}

12
crypto/heimdal/lib/roken/getarg.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,7 +33,7 @@
#ifdef HAVE_CONFIG_H
#include <config.h>
RCSID("$Id: getarg.c,v 1.32 1999/12/02 16:58:46 joda Exp $");
RCSID("$Id: getarg.c,v 1.34 2000/02/13 21:06:43 assar Exp $");
#endif
#include <stdio.h>
@ -125,7 +125,9 @@ mandoc_template(struct getargs *args,
}
if(args[i].long_name) {
print_arg(buf, sizeof(buf), 1, 1, args + i);
printf("Fl -%s%s", args[i].long_name, buf);
printf("Fl -%s%s%s",
args[i].type == arg_negative_flag ? "no-" : "",
args[i].long_name, buf);
}
printf("\n");
} else {
@ -155,7 +157,9 @@ mandoc_template(struct getargs *args,
printf("\n");
}
if(args[i].long_name){
printf(".Fl -%s", args[i].long_name);
printf(".Fl -%s%s",
args[i].type == arg_negative_flag ? "no-" : "",
args[i].long_name);
print_arg(buf, sizeof(buf), 1, 1, args + i);
printf("%s\n", buf);
}

3
crypto/heimdal/lib/roken/roken-common.h
View File

@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
/* $Id: roken-common.h,v 1.25 2000/01/09 10:58:34 assar Exp $ */
/* $Id: roken-common.h,v 1.27 2000/02/14 02:24:44 assar Exp $ */
#ifndef __ROKEN_COMMON_H__
#define __ROKEN_COMMON_H__
@ -290,4 +290,5 @@ vstrcollect(va_list *ap);
char **
strcollect(char *first, ...);
#endif /* __ROKEN_COMMON_H__ */

7
crypto/heimdal/lib/roken/roken.h.in
View File

@ -1,6 +1,6 @@
/* -*- C -*- */
/*
* Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
* Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -32,7 +32,7 @@
* SUCH DAMAGE.
*/
/* $Id: roken.h.in,v 1.133 1999/12/30 02:22:54 assar Exp $ */
/* $Id: roken.h.in,v 1.135 2000/02/14 02:24:20 assar Exp $ */
#include <stdio.h>
#include <stdlib.h>
@ -521,6 +521,9 @@ getnameinfo_verified(const struct sockaddr *sa, socklen_t salen,
char *serv, size_t servlen,
int flags);
int
roken_getaddrinfo_hostspec(const char *, int, struct addrinfo **);
#ifndef HAVE_STRFTIME
size_t
strftime (char *buf, size_t maxsize, const char *format,