d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

This commit was generated by cvs2svn to compensate for changes in r57419,

Browse Source 
which included commits to RCS files with non-trunk default branches.
This commit is contained in:
markm 2000-02-24 11:19:29 +00:00
commit 6ec6c4e167
43 changed files with 12373 additions and 259 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
crypto/heimdal/ChangeLog
View File

@ -1,3 +1,43 @@
2000-02-14 Assar Westerlund <assar@sics.se>
* Release 0.2o
2000-02-13 Assar Westerlund <assar@sics.se>
* lib/krb5/Makefile.am: set version to 9:0:0
* kdc/kaserver.c (do_authenticate): return the kvno of the server
and not the client. Thanks to Brandon S. Allbery KF8NH
<allbery@kf8nh.apk.net> and Chaskiel M Grundman
<cg2v@andrew.cmu.edu> for debugging.
* kdc/kerberos4.c (do_version4): if an tgs-req is received with an
old kvno, return an error reply and write a message in the log.
2000-02-12 Assar Westerlund <assar@sics.se>
* appl/test/gssapi_server.c (proto): with `--fork', create a child
and send over/receive creds with export/import_sec_context
* appl/test/gssapi_client.c (proto): with `--fork', create a child
and send over/receive creds with export/import_sec_context
* appl/test/common.c: add `--fork' / `-f' (only used by gssapi)
2000-02-11 Assar Westerlund <assar@sics.se>
* kdc/kdc_locl.h: remove keyfile add explicit_addresses
* kdc/connect.c (init_sockets): pay attention to
explicit_addresses some more comments. better error messages.
* kdc/config.c: add some comments.
remove --key-file.
add --addresses.
* lib/krb5/context.c (krb5_set_extra_addresses): const-ize and use
proper abstraction
2000-02-07 Johan Danielsson <joda@pdc.kth.se>
* lib/krb5/changepw.c: use roken_getaddrinfo_hostspec
2000-02-07 Assar Westerlund <assar@sics.se>
* Release 0.2n

11
crypto/heimdal/NEWS
View File

@ -1,3 +1,14 @@
Changes in release 0.2o:
* gss_{import,export}_sec_context added to libgssapi
* new option --addresses to kdc (for listening on an explicit set of
addresses)
* bug fixes in the krb4 and kaserver emulation part of the kdc
* other bug fixes
Changes in release 0.2n:
* more robust parsing of dump files in kadmin

5
crypto/heimdal/appl/telnet/ChangeLog
View File

@ -1,3 +1,8 @@
2000-02-12 Assar Westerlund <assar@sics.se>
* telnet/commands.c (tn): only set tos for AF_INET. From
itojun@iijlab.net
2000-02-07 Assar Westerlund <assar@sics.se>
* libtelnet/kerberos.c (kerberos4_is): send a reject back to the

4
crypto/heimdal/appl/telnet/telnet/commands.c
View File

@ -33,7 +33,7 @@
#include "telnet_locl.h"
RCSID("$Id: commands.c,v 1.59 2000/01/08 08:04:16 assar Exp $");
RCSID("$Id: commands.c,v 1.60 2000/02/12 16:00:07 assar Exp $");
#if defined(IPPROTO_IP) && defined(IP_TOS)
int tos = -1;
@ -2201,7 +2201,7 @@ tn(int argc, char **argv)
perror("setsockopt (IP_OPTIONS)");
#endif
#if defined(IPPROTO_IP) && defined(IP_TOS)
{
if (a->ai_family == AF_INET) {
# if defined(HAVE_GETTOSBYNAME)
struct tosent *tp;
if (tos < 0 && (tp = gettosbyname("telnet", "tcp")))

6
crypto/heimdal/appl/test/common.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,16 +33,18 @@
#include "test_locl.h"
RCSID("$Id: common.c,v 1.9 1999/12/16 10:29:18 assar Exp $");
RCSID("$Id: common.c,v 1.10 2000/02/12 21:30:47 assar Exp $");
static int help_flag;
static int version_flag;
static char *port_str;
char *service = SERVICE;
int fork_flag;
static struct getargs args[] = {
{ "port", 'p', arg_string, &port_str, "port to listen to", "port" },
{ "service", 's', arg_string, &service, "service to use", "service" },
{ "fork", 'f', arg_flag, &fork_flag, "do fork" },
{ "help", 'h', arg_flag, &help_flag },
{ "version", 0, arg_flag, &version_flag }
};

6
crypto/heimdal/appl/test/gss_common.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -34,7 +34,7 @@
#include "test_locl.h"
#include <gssapi.h>
#include "gss_common.h"
RCSID("$Id: gss_common.c,v 1.6 1999/12/02 17:04:56 joda Exp $");
RCSID("$Id: gss_common.c,v 1.7 2000/02/12 21:31:38 assar Exp $");
void
write_token (int sock, gss_buffer_t buf)
@ -64,6 +64,8 @@ read_token (int sock, gss_buffer_t buf)
len = ntohl(net_len);
buf->length = len;
buf->value = malloc(len);
if (buf->value == NULL)
err (1, "malloc %u", len);
if (read (sock, buf->value, len) != len)
err (1, "read");
}

189
crypto/heimdal/appl/test/gssapi_client.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -34,82 +34,15 @@
#include "test_locl.h"
#include <gssapi.h>
#include "gss_common.h"
RCSID("$Id: gssapi_client.c,v 1.10 1999/12/04 18:15:50 assar Exp $");
RCSID("$Id: gssapi_client.c,v 1.12 2000/02/12 21:33:17 assar Exp $");
static int
proto (int sock, const char *hostname, const char *service)
do_trans (int sock, gss_ctx_id_t context_hdl)
{
struct sockaddr_in remote, local;
int addrlen;
int context_established = 0;
gss_ctx_id_t context_hdl = GSS_C_NO_CONTEXT;
gss_buffer_t input_token, output_token;
gss_buffer_desc real_input_token, real_output_token;
OM_uint32 maj_stat, min_stat;
gss_name_t server;
gss_buffer_desc name_token;
name_token.length = asprintf ((char **)&name_token.value,
"%s@%s", service, hostname);
maj_stat = gss_import_name (&min_stat,
&name_token,
GSS_C_NT_HOSTBASED_SERVICE,
&server);
if (GSS_ERROR(maj_stat))
gss_err (1, min_stat,
"Error importing name `%s@%s':\n", service, hostname);
addrlen = sizeof(local);
if (getsockname (sock, (struct sockaddr *)&local, &addrlen) < 0
|| addrlen != sizeof(local))
err (1, "getsockname(%s)", hostname);
addrlen = sizeof(remote);
if (getpeername (sock, (struct sockaddr *)&remote, &addrlen) < 0
|| addrlen != sizeof(remote))
err (1, "getpeername(%s)", hostname);
input_token = &real_input_token;
output_token = &real_output_token;
input_token->length = 0;
output_token->length = 0;
while(!context_established) {
maj_stat =
gss_init_sec_context(&min_stat,
GSS_C_NO_CREDENTIAL,
&context_hdl,
server,
GSS_C_NO_OID,
GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG,
0,
GSS_C_NO_CHANNEL_BINDINGS,
input_token,
NULL,
output_token,
NULL,
NULL);
if (GSS_ERROR(maj_stat))
gss_err (1, min_stat, "gss_init_sec_context");
if (output_token->length != 0)
write_token (sock, output_token);
if (GSS_ERROR(maj_stat)) {
if (context_hdl != GSS_C_NO_CONTEXT)
gss_delete_sec_context (&min_stat,
&context_hdl,
GSS_C_NO_BUFFER);
break;
}
if (maj_stat & GSS_S_CONTINUE_NEEDED) {
read_token (sock, input_token);
} else {
context_established = 1;
}
}
gss_buffer_desc real_input_token, real_output_token;
gss_buffer_t input_token = &real_input_token,
output_token = &real_output_token;
/* get_mic */
@ -148,6 +81,116 @@ proto (int sock, const char *hostname, const char *service)
return 0;
}
static int
proto (int sock, const char *hostname, const char *service)
{
struct sockaddr_in remote, local;
int addrlen;
int context_established = 0;
gss_ctx_id_t context_hdl = GSS_C_NO_CONTEXT;
gss_buffer_desc real_input_token, real_output_token;
gss_buffer_t input_token = &real_input_token,
output_token = &real_output_token;
OM_uint32 maj_stat, min_stat;
gss_name_t server;
gss_buffer_desc name_token;
name_token.length = asprintf ((char **)&name_token.value,
"%s@%s", service, hostname);
maj_stat = gss_import_name (&min_stat,
&name_token,
GSS_C_NT_HOSTBASED_SERVICE,
&server);
if (GSS_ERROR(maj_stat))
gss_err (1, min_stat,
"Error importing name `%s@%s':\n", service, hostname);
addrlen = sizeof(local);
if (getsockname (sock, (struct sockaddr *)&local, &addrlen) < 0
|| addrlen != sizeof(local))
err (1, "getsockname(%s)", hostname);
addrlen = sizeof(remote);
if (getpeername (sock, (struct sockaddr *)&remote, &addrlen) < 0
|| addrlen != sizeof(remote))
err (1, "getpeername(%s)", hostname);
input_token->length = 0;
output_token->length = 0;
while(!context_established) {
maj_stat =
gss_init_sec_context(&min_stat,
GSS_C_NO_CREDENTIAL,
&context_hdl,
server,
GSS_C_NO_OID,
GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG,
0,
GSS_C_NO_CHANNEL_BINDINGS,
input_token,
NULL,
output_token,
NULL,
NULL);
if (GSS_ERROR(maj_stat))
gss_err (1, min_stat, "gss_init_sec_context");
if (output_token->length != 0)
write_token (sock, output_token);
if (GSS_ERROR(maj_stat)) {
if (context_hdl != GSS_C_NO_CONTEXT)
gss_delete_sec_context (&min_stat,
&context_hdl,
GSS_C_NO_BUFFER);
break;
}
if (maj_stat & GSS_S_CONTINUE_NEEDED) {
read_token (sock, input_token);
} else {
context_established = 1;
}
}
if (fork_flag) {
pid_t pid;
int pipefd[2];
if (pipe (pipefd) < 0)
err (1, "pipe");
pid = fork ();
if (pid < 0)
err (1, "fork");
if (pid != 0) {
gss_buffer_desc buf;
maj_stat = gss_export_sec_context (&min_stat,
&context_hdl,
&buf);
if (GSS_ERROR(maj_stat))
gss_err (1, min_stat, "gss_export_sec_context");
write_token (pipefd[1], &buf);
exit (0);
} else {
gss_ctx_id_t context_hdl;
gss_buffer_desc buf;
close (pipefd[1]);
read_token (pipefd[0], &buf);
close (pipefd[0]);
maj_stat = gss_import_sec_context (&min_stat, &buf, &context_hdl);
if (GSS_ERROR(maj_stat))
gss_err (1, min_stat, "gss_import_sec_context");
gss_release_buffer (&min_stat, &buf);
return do_trans (sock, context_hdl);
}
} else {
return do_trans (sock, context_hdl);
}
}
int
main(int argc, char **argv)
{

147
crypto/heimdal/appl/test/gssapi_server.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -34,7 +34,72 @@
#include "test_locl.h"
#include <gssapi.h>
#include "gss_common.h"
RCSID("$Id: gssapi_server.c,v 1.10 1999/12/16 10:29:41 assar Exp $");
RCSID("$Id: gssapi_server.c,v 1.12 2000/02/12 21:34:11 assar Exp $");
static int
process_it(int sock,
gss_ctx_id_t context_hdl,
gss_name_t client_name
)
{
OM_uint32 maj_stat, min_stat;
gss_buffer_desc name_token;
gss_buffer_desc real_input_token, real_output_token;
gss_buffer_t input_token = &real_input_token,
output_token = &real_output_token;
maj_stat = gss_display_name (&min_stat,
client_name,
&name_token,
NULL);
if (GSS_ERROR(maj_stat))
gss_err (1, min_stat, "gss_display_name");
fprintf (stderr, "User is `%.*s'\n", (int)name_token.length,
(char *)name_token.value);
gss_release_buffer (&min_stat, &name_token);
/* gss_verify_mic */
read_token (sock, input_token);
read_token (sock, output_token);
maj_stat = gss_verify_mic (&min_stat,
context_hdl,
input_token,
output_token,
NULL);
if (GSS_ERROR(maj_stat))
gss_err (1, min_stat, "gss_verify_mic");
fprintf (stderr, "gss_verify_mic: %.*s\n", (int)input_token->length,
(char *)input_token->value);
gss_release_buffer (&min_stat, input_token);
gss_release_buffer (&min_stat, output_token);
/* gss_unwrap */
read_token (sock, input_token);
maj_stat = gss_unwrap (&min_stat,
context_hdl,
input_token,
output_token,
NULL,
NULL);
if(GSS_ERROR(maj_stat))
gss_err (1, min_stat, "gss_unwrap");
fprintf (stderr, "gss_unwrap: %.*s\n", (int)output_token->length,
(char *)output_token->value);
gss_release_buffer (&min_stat, input_token);
gss_release_buffer (&min_stat, output_token);
return 0;
}
static int
proto (int sock, const char *service)
@ -42,11 +107,11 @@ proto (int sock, const char *service)
struct sockaddr_in remote, local;
int addrlen;
gss_ctx_id_t context_hdl = GSS_C_NO_CONTEXT;
gss_buffer_t input_token, output_token;
gss_buffer_desc real_input_token, real_output_token;
gss_buffer_t input_token = &real_input_token,
output_token = &real_output_token;
OM_uint32 maj_stat, min_stat;
gss_name_t client_name;
gss_buffer_desc name_token;
addrlen = sizeof(local);
if (getsockname (sock, (struct sockaddr *)&local, &addrlen) < 0
@ -58,9 +123,6 @@ proto (int sock, const char *service)
|| addrlen != sizeof(remote))
err (1, "getpeername");
input_token = &real_input_token;
output_token = &real_output_token;
do {
read_token (sock, input_token);
maj_stat =
@ -88,49 +150,42 @@ proto (int sock, const char *service)
}
} while(maj_stat & GSS_S_CONTINUE_NEEDED);
maj_stat = gss_display_name (&min_stat,
client_name,
&name_token,
NULL);
if (GSS_ERROR(maj_stat))
gss_err (1, min_stat, "gss_display_name");
if (fork_flag) {
pid_t pid;
int pipefd[2];
fprintf (stderr, "User is `%.*s'\n", (int)name_token.length,
(char *)name_token.value);
if (pipe (pipefd) < 0)
err (1, "pipe");
/* gss_verify_mic */
pid = fork ();
if (pid < 0)
err (1, "fork");
if (pid != 0) {
gss_buffer_desc buf;
read_token (sock, input_token);
read_token (sock, output_token);
maj_stat = gss_export_sec_context (&min_stat,
&context_hdl,
&buf);
if (GSS_ERROR(maj_stat))
gss_err (1, min_stat, "gss_export_sec_context");
write_token (pipefd[1], &buf);
exit (0);
} else {
gss_ctx_id_t context_hdl;
gss_buffer_desc buf;
maj_stat = gss_verify_mic (&min_stat,
context_hdl,
input_token,
output_token,
NULL);
if (GSS_ERROR(maj_stat))
gss_err (1, min_stat, "gss_verify_mic");
fprintf (stderr, "gss_verify_mic: %.*s\n", (int)input_token->length,
(char *)input_token->value);
/* gss_unwrap */
read_token (sock, input_token);
maj_stat = gss_unwrap (&min_stat,
context_hdl,
input_token,
output_token,
NULL,
NULL);
if(GSS_ERROR(maj_stat))
gss_err (1, min_stat, "gss_unwrap");
fprintf (stderr, "gss_unwrap: %.*s\n", (int)output_token->length,
(char *)output_token->value);
return 0;
close (pipefd[1]);
read_token (pipefd[0], &buf);
close (pipefd[0]);
maj_stat = gss_import_sec_context (&min_stat, &buf, &context_hdl);
if (GSS_ERROR(maj_stat))
gss_err (1, min_stat, "gss_import_sec_context");
gss_release_buffer (&min_stat, &buf);
return process_it (sock, context_hdl, client_name);
}
} else {
return process_it (sock, context_hdl, client_name);
}
}
static int

5
crypto/heimdal/appl/test/test_locl.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
/* $Id: test_locl.h,v 1.7 1999/12/04 18:17:07 assar Exp $ */
/* $Id: test_locl.h,v 1.8 2000/02/14 02:52:55 assar Exp $ */
#ifdef HAVE_CONFIG_H
#include <config.h>
@ -79,6 +79,7 @@
#define PORT "test"
extern char *service;
extern int fork_flag;
int server_setup(krb5_context*, int, char**);
int client_setup(krb5_context*, int*, char**);
int client_doit (const char *hostname, int port, const char *service,

4
crypto/heimdal/configure vendored
View File

@ -1,6 +1,6 @@
#! /bin/sh
# From configure.in Revision: 1.216
# From configure.in Revision: 1.217
@ -911,7 +911,7 @@ fi
PACKAGE=heimdal
VERSION=0.2n
VERSION=0.2o
if test "`cd $srcdir && pwd`" != "`pwd`" && test -f $srcdir/config.status; then
{ echo "configure: error: source directory already configured; run "make distclean" there first" 1>&2; exit 1; }

4
crypto/heimdal/configure.in
View File

@ -1,9 +1,9 @@
dnl Process this file with autoconf to produce a configure script.
AC_REVISION($Revision: 1.216 $)
AC_REVISION($Revision: 1.217 $)
AC_INIT(lib/krb5/send_to_kdc.c)
AM_CONFIG_HEADER(include/config.h)
AM_INIT_AUTOMAKE(heimdal,0.2n)
AM_INIT_AUTOMAKE(heimdal,0.2o)
AC_PREFIX_DEFAULT(/usr/heimdal)

2
crypto/heimdal/doc/ack.texi
View File

@ -49,6 +49,8 @@ Bugfixes, documentation, encouragement, and code has been contributed by:
@email{ruda@@ics.muni.cz}
@item Brian A May
@email{bmay@@snoopy.apana.org.au}
@item Chaskiel M Grundman
@email{cg2v@@andrew.cmu.edu}
@item and we hope that those not mentioned here will forgive us.
@end table

5659
crypto/heimdal/doc/standardisation/rfc2743.txt Normal file
View File

File diff suppressed because it is too large Load Diff

5659
crypto/heimdal/doc/standardisation/rfc2744.txt Normal file
View File

File diff suppressed because it is too large Load Diff

76
crypto/heimdal/kdc/config.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997-1999 Kungliga Tekniska Högskolan
* Copyright (c) 1997-2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -35,24 +35,33 @@
#include <getarg.h>
#include <parse_bytes.h>
RCSID("$Id: config.c,v 1.28 1999/12/02 17:04:58 joda Exp $");
RCSID("$Id: config.c,v 1.30 2000/02/11 17:47:19 assar Exp $");
static char *config_file; /* location of kdc config file */
int require_preauth = -1; /* 1 == require preauth for all principals */
size_t max_request; /* maximal size of a request */
static char *max_request_str; /* `max_request' as a string */
time_t kdc_warn_pwexpire; /* time before expiration to print a warning */
static char *config_file;
int require_preauth = -1;
char *keyfile;
static char *max_request_str;
size_t max_request;
time_t kdc_warn_pwexpire;
struct dbinfo *databases;
HDB **db;
int num_db;
char *port_str;
int enable_http = -1;
krb5_boolean encode_as_rep_as_tgs_rep; /* bug compatibility */
krb5_boolean check_ticket_addresses;
krb5_boolean allow_null_ticket_addresses;
static struct getarg_strings addresses_str; /* addresses to listen on */
krb5_addresses explicit_addresses;
#ifdef KRB4
char *v4_realm;
#endif
@ -72,10 +81,6 @@ static struct getargs args[] = {
"require-preauth", 'p', arg_negative_flag, &require_preauth,
"don't require pa-data in as-reqs"
},
{
"key-file", 'k', arg_string, &keyfile,
"location of master key file", "file"
},
{
"max-request", 0, arg_string, &max_request,
"max size for a kdc-request", "size"
@ -102,6 +107,8 @@ static struct getargs args[] = {
{ "ports", 'P', arg_string, &port_str,
"ports to listen to"
},
{ "addresses", 0, arg_strings, &addresses_str,
"addresses to listen on", "list of addresses" },
{ "help", 'h', arg_flag, &help_flag },
{ "version", 'v', arg_flag, &version_flag }
};
@ -190,6 +197,22 @@ get_dbinfo(krb5_config_section *cf)
}
}
static void
add_one_address (const char *str, int first)
{
krb5_error_code ret;
krb5_addresses tmp;
ret = krb5_parse_address (context, str, &tmp);
if (ret)
krb5_err (context, 1, ret, "parse_address `%s'", str);
if (first)
krb5_copy_addresses(context, &tmp, &explicit_addresses);
else
krb5_append_addresses(context, &explicit_addresses, &tmp);
krb5_free_addresses (context, &tmp);
}
void
configure(int argc, char **argv)
{
@ -221,16 +244,6 @@ configure(int argc, char **argv)
if(krb5_config_parse_file(config_file, &cf))
cf = NULL;
if(keyfile == NULL){
p = krb5_config_get_string (context, cf,
"kdc",
"key-file",
NULL);
if(p)
keyfile = strdup(p);
}
get_dbinfo(cf);
if(max_request_str){
@ -256,6 +269,25 @@ configure(int argc, char **argv)
if (p != NULL)
port_str = strdup(p);
}
explicit_addresses.len = 0;
if (addresses_str.num_strings) {
int i;
for (i = 0; i < addresses_str.num_strings; ++i)
add_one_address (addresses_str.strings[i], i == 0);
} else {
char **foo = krb5_config_get_strings (context, cf,
"kdc", "addresses", NULL);
if (foo != NULL) {
add_one_address (*foo++, TRUE);
while (*foo)
add_one_address (*foo++, FALSE);
}
}
if(enable_http == -1)
enable_http = krb5_config_get_bool(context, cf, "kdc",
"enable-http", NULL);

74
crypto/heimdal/kdc/connect.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997-1999 Kungliga Tekniska Högskolan
* Copyright (c) 1997-2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,7 +33,11 @@
#include "kdc_locl.h"
RCSID("$Id: connect.c,v 1.68 1999/12/02 17:04:58 joda Exp $");
RCSID("$Id: connect.c,v 1.69 2000/02/11 17:45:45 assar Exp $");
/*
* a tuple describing on what to listen
*/
struct port_desc{
int family;
@ -41,9 +45,15 @@ struct port_desc{
int port;
};
/* the current ones */
static struct port_desc *ports;
static int num_ports;
/*
* add `family, port, protocol' to the list with duplicate suppresion.
*/
static void
add_port(int family, int port, const char *protocol)
{
@ -63,12 +73,19 @@ add_port(int family, int port, const char *protocol)
return;
}
ports = realloc(ports, (num_ports + 1) * sizeof(*ports));
if (ports == NULL)
krb5_err (context, 1, errno, "realloc");
ports[num_ports].family = family;
ports[num_ports].type = type;
ports[num_ports].port = port;
num_ports++;
}
/*
* add a triple but with service -> port lookup
* (this prints warnings for stuff that does not exist)
*/
static void
add_port_service(int family, const char *service, int port,
const char *protocol)
@ -77,6 +94,11 @@ add_port_service(int family, const char *service, int port,
add_port (family, port, protocol);
}
/*
* add the port with service -> port lookup or string -> number
* (no warning is printed)
*/
static void
add_port_string (int family, const char *port_str, const char *protocol)
{
@ -96,6 +118,10 @@ add_port_string (int family, const char *port_str, const char *protocol)
add_port (family, port, protocol);
}
/*
* add the standard collection of ports for `family'
*/
static void
add_standard_ports (int family)
{
@ -113,6 +139,12 @@ add_standard_ports (int family)
#endif
}
/*
* parse the set of space-delimited ports in `str' and add them.
* "+" => all the standard ones
* otherwise it's port|service[/protocol]
*/
static void
parse_ports(const char *str)
{
@ -150,6 +182,10 @@ parse_ports(const char *str)
free (str_copy);
}
/*
* every socket we listen on
*/
struct descr {
int s;
int type;
@ -176,7 +212,7 @@ init_socket(struct descr *d, krb5_address *a, int family, int type, int port)
ret = krb5_addr2sockaddr (a, sa, &sa_size, port);
if (ret) {
krb5_warn(context, ret, "krb5_anyaddr");
krb5_warn(context, ret, "krb5_addr2sockaddr");
close(d->s);
d->s = -1;
return;
@ -200,14 +236,23 @@ init_socket(struct descr *d, krb5_address *a, int family, int type, int port)
d->type = type;
if(bind(d->s, sa, sa_size) < 0){
krb5_warn(context, errno, "bind(%d)", ntohs(port));
char a_str[256];
size_t len;
krb5_print_address (a, a_str, sizeof(a_str), &len);
krb5_warn(context, errno, "bind %s/%d", a_str, ntohs(port));
close(d->s);
d->s = -1;
return;
}
if(type == SOCK_STREAM && listen(d->s, SOMAXCONN) < 0){
krb5_warn(context, errno, "listen");
char a_str[256];
size_t len;
krb5_print_address (a, a_str, sizeof(a_str), &len);
krb5_warn(context, errno, "listen %s/%d", a_str, ntohs(port));
close(d->s);
d->s = -1;
return;
}
}
@ -226,9 +271,13 @@ init_sockets(struct descr **desc)
int num = 0;
krb5_addresses addresses;
ret = krb5_get_all_server_addrs (context, &addresses);
if (ret)
krb5_err (context, 1, ret, "krb5_get_all_server_addrs");
if (explicit_addresses.len) {
addresses = explicit_addresses;
} else {
ret = krb5_get_all_server_addrs (context, &addresses);
if (ret)
krb5_err (context, 1, ret, "krb5_get_all_server_addrs");
}
parse_ports(port_str);
d = malloc(addresses.len * num_ports * sizeof(*d));
if (d == NULL)
@ -262,7 +311,11 @@ init_sockets(struct descr **desc)
return num;
}
/*
* handle the request in `buf, len', from `addr' (or `from' as a string),
* sending a reply in `reply'.
*/
static int
process_request(unsigned char *buf,
size_t len,
@ -711,7 +764,8 @@ loop(void)
case 0:
break;
case -1:
krb5_warn(context, errno, "select");
if (errno != EINTR)
krb5_warn(context, errno, "select");
break;
default:
for(i = 0; i < ndescr; i++)

6
crypto/heimdal/kdc/kaserver.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,7 +33,7 @@
#include "kdc_locl.h"
RCSID("$Id: kaserver.c,v 1.9 1999/12/02 17:04:59 joda Exp $");
RCSID("$Id: kaserver.c,v 1.10 2000/02/13 19:21:22 assar Exp $");
#ifdef KASERVER
@ -468,7 +468,7 @@ do_authenticate (struct rx_header *hdr,
create_reply_ticket (hdr, skey,
name, instance, v4_realm,
addr, life, client_entry->kvno,
addr, life, server_entry->kvno,
max_seq_len,
"krbtgt", v4_realm,
chal + 1, "tgsT",

63
crypto/heimdal/kdc/kdc.8
View File

@ -1,4 +1,4 @@
.\" $Id: kdc.8,v 1.3 1997/08/09 00:20:38 joda Exp $
.\" $Id: kdc.8,v 1.5 2000/02/13 21:04:32 assar Exp $
.\"
.Dd July 27, 1997
.Dt KDC 8
@ -11,12 +11,16 @@ Kerberos 5 server
.Nm
.Op Fl c Ar file
.Op Fl -config-file= Ns Ar file
.Op Fl k Ar file
.Op Fl -key-file= Ns Ar file
.Op Fl p
.Op Fl -no-require-preauth
.Op Fl p | Fl -no-require-preauth
.Op Fl -max-request= Ns Ar size
.Op Fl H | Fl -enable-http
.Op Fl K | Fl -no-kaserver
.Op Fl r Ar realm
.Op Fl -v4-realm= Ns Ar realm
.Oo Fl P Ar string \*(Ba Xo
.Fl -ports= Ns Ar string Oc
.Xc
.Op Fl -addresses= Ns Ar list of addresses
.Sh DESCRIPTION
.Nm
@ -31,21 +35,32 @@ Options supported:
Specifies the location of the config file, the default is
.Pa /var/heimdal/kdc.conf .
This is the only value that can't be specified in the config file.
.It Fl k Ar file
.It Fl -key-file= Ns Ar file
The location of the master-key file. All keys in the database is
encrypted with this master key. The use of a master key is currently
optional, so there is no default.
.Em "Don't specify a master key file if your database is not encrypted."
.It Fl p
.It Fl -no-require-preauth
Turn off the requirement for pre-autentication in the initial
AS-REQ. The use of pre-authentication makes it more difficult to do
offline password attacks. You might want to turn it off if you have
clients that doesn't do pre-authentication. Since the version 4
protocol doesn't support any pre-authentication, so serving version 4
clients is just about the same as not requiring pre-athentication. The
default is to require pre-authentication.
Turn off the requirement for pre-autentication in the initial AS-REQ
for all principals. The use of pre-authentication makes it more
difficult to do offline password attacks. You might want to turn it
off if you have clients that doesn't do pre-authentication. Since the
version 4 protocol doesn't support any pre-authentication, so serving
version 4 clients is just about the same as not requiring
pre-athentication. The default is to require
pre-authentication. Adding the require-preauth per principal is a more
flexible way of handling this.
.It Xo
.Fl -max-request= Ns Ar size
.Xc
Gives an upper limit on the size of the requests that the kdc is
willing to handle.
.It Xo
.Fl H Ns ,
.Fl -enable-http
.Xc
Makes the kdc listen on port 80 and handle requests encapsulated in HTTP.
.It Xo
.Fl K Ns ,
.Fl -no-kaserver
.Xc
Disables kaserver emulation (in case it's compiled in).
.It Fl r Ar realm
.It Fl -v4-realm= Ns Ar realm
What realm this server should act as when dealing with version 4
@ -55,6 +70,18 @@ explicitly specified. The default is whatever is returned by
.Fn krb_get_lrealm .
This option is only availabe if the KDC has been compiled with version
4 support.
.It Xo
.Fl P Ar string Ns ,
.Fl -ports= Ns Ar string
.Xc
Specifies the set of ports the KDC should listen on. It is given as a
white-space separated list of services or port numbers.
.It Xo
.Fl -addresses= Ns Ar list of addresses
.Xc
The list of addresses to listen for requests on. By default, the kdc
will listen on all the locally configured addresses. If only a subset
is desired, or the automatic detection fails, this option might be used.
.El
.Pp
All activities , are logged to one or more destinations, see

7
crypto/heimdal/kdc/kdc_locl.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997-1999 Kungliga Tekniska Högskolan
* Copyright (c) 1997-2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -32,7 +32,7 @@
*/
/*
* $Id: kdc_locl.h,v 1.39 1999/12/02 17:04:59 joda Exp $
* $Id: kdc_locl.h,v 1.40 2000/02/11 17:46:29 assar Exp $
*/
#ifndef __KDC_LOCL_H__
@ -44,7 +44,6 @@ extern krb5_context context;
extern int require_preauth;
extern sig_atomic_t exit_flag;
extern char *keyfile;
extern size_t max_request;
extern time_t kdc_warn_pwexpire;
extern struct dbinfo {
@ -56,6 +55,8 @@ extern struct dbinfo {
extern HDB **db;
extern int num_db;
extern char *port_str;
extern krb5_addresses explicit_addresses;
extern int enable_http;
extern krb5_boolean encode_as_rep_as_tgs_rep;
extern krb5_boolean check_ticket_addresses;

6
crypto/heimdal/kdc/kerberos4.c
View File

@ -33,7 +33,7 @@
#include "kdc_locl.h"
RCSID("$Id: kerberos4.c,v 1.26 2000/02/02 01:26:41 assar Exp $");
RCSID("$Id: kerberos4.c,v 1.27 2000/02/13 19:27:36 assar Exp $");
#ifdef KRB4
@ -307,6 +307,10 @@ do_version4(unsigned char *buf,
}
if(tgt->kvno != kvno){
kdc_log(0, "tgs-req with old kvno %d (current %d) for "
"krbtgt.%s@%s", kvno, tgt->kvno, realm, v4_realm);
make_err_reply(reply, KDC_AUTH_EXP,
"old krbtgt kvno used");
goto out2;
}

24
crypto/heimdal/lib/gssapi/ChangeLog
View File

@ -1,3 +1,27 @@
2000-02-13 Assar Westerlund <assar@sics.se>
* Makefile.am: set version to 1:0:1
2000-02-12 Assar Westerlund <assar@sics.se>
* gssapi_locl.h: add flags for import/export
* import_sec_context.c (import_sec_context: add flags for what
fields are included. do not include the authenticator for now.
* export_sec_context.c (export_sec_context: add flags for what
fields are included. do not include the authenticator for now.
* accept_sec_context.c (gss_accept_sec_context): set target in
context_handle
2000-02-11 Assar Westerlund <assar@sics.se>
* delete_sec_context.c (gss_delete_sec_context): set context to
GSS_C_NO_CONTEXT
* Makefile.am: add {export,import}_sec_context.c
* export_sec_context.c: new file
* import_sec_context.c: new file
* accept_sec_context.c (gss_accept_sec_context): set trans flag
2000-02-07 Assar Westerlund <assar@sics.se>
* Makefile.am: set version to 0:5:0

6
crypto/heimdal/lib/gssapi/Makefile.am
View File

@ -1,11 +1,11 @@
# $Id: Makefile.am,v 1.19 2000/02/07 04:00:51 assar Exp $
# $Id: Makefile.am,v 1.21 2000/02/13 20:34:49 assar Exp $
include $(top_srcdir)/Makefile.am.common
INCLUDES += -I$(srcdir)/../krb5
lib_LTLIBRARIES = libgssapi.la
libgssapi_la_LDFLAGS = -version-info 0:5:0
libgssapi_la_LDFLAGS = -version-info 1:0:1
include_HEADERS = gssapi.h
@ -24,12 +24,14 @@ libgssapi_la_SOURCES = \
display_status.c \
duplicate_name.c \
encapsulate.c \
export_sec_context.c \
export_name.c \
external.c \
get_mic.c \
gssapi.h \
gssapi_locl.h \
import_name.c \
import_sec_context.c \
indicate_mechs.c \
init.c \
init_sec_context.c \

17
crypto/heimdal/lib/gssapi/Makefile.in
View File

@ -10,7 +10,7 @@
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
# $Id: Makefile.am,v 1.19 2000/02/07 04:00:51 assar Exp $
# $Id: Makefile.am,v 1.21 2000/02/13 20:34:49 assar Exp $
# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
@ -174,11 +174,11 @@ NROFF_MAN = groff -mandoc -Tascii
CHECK_LOCAL = $(PROGRAMS)
lib_LTLIBRARIES = libgssapi.la
libgssapi_la_LDFLAGS = -version-info 0:5:0
libgssapi_la_LDFLAGS = -version-info 1:0:1
include_HEADERS = gssapi.h
libgssapi_la_SOURCES = 8003.c accept_sec_context.c acquire_cred.c add_oid_set_member.c canonicalize_name.c compare_name.c context_time.c create_emtpy_oid_set.c decapsulate.c delete_sec_context.c display_name.c display_status.c duplicate_name.c encapsulate.c export_name.c external.c get_mic.c gssapi.h gssapi_locl.h import_name.c indicate_mechs.c init.c init_sec_context.c inquire_context.c inquire_cred.c release_buffer.c release_cred.c release_name.c release_oid_set.c test_oid_set_member.c unwrap.c v1.c verify_mic.c wrap.c
libgssapi_la_SOURCES = 8003.c accept_sec_context.c acquire_cred.c add_oid_set_member.c canonicalize_name.c compare_name.c context_time.c create_emtpy_oid_set.c decapsulate.c delete_sec_context.c display_name.c display_status.c duplicate_name.c encapsulate.c export_sec_context.c export_name.c external.c get_mic.c gssapi.h gssapi_locl.h import_name.c import_sec_context.c indicate_mechs.c init.c init_sec_context.c inquire_context.c inquire_cred.c release_buffer.c release_cred.c release_name.c release_oid_set.c test_oid_set_member.c unwrap.c v1.c verify_mic.c wrap.c
mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
CONFIG_HEADER = ../../include/config.h
@ -199,11 +199,12 @@ libgssapi_la_OBJECTS = 8003.lo accept_sec_context.lo acquire_cred.lo \
add_oid_set_member.lo canonicalize_name.lo compare_name.lo \
context_time.lo create_emtpy_oid_set.lo decapsulate.lo \
delete_sec_context.lo display_name.lo display_status.lo \
duplicate_name.lo encapsulate.lo export_name.lo external.lo get_mic.lo \
import_name.lo indicate_mechs.lo init.lo init_sec_context.lo \
inquire_context.lo inquire_cred.lo release_buffer.lo release_cred.lo \
release_name.lo release_oid_set.lo test_oid_set_member.lo unwrap.lo \
v1.lo verify_mic.lo wrap.lo
duplicate_name.lo encapsulate.lo export_sec_context.lo export_name.lo \
external.lo get_mic.lo import_name.lo import_sec_context.lo \
indicate_mechs.lo init.lo init_sec_context.lo inquire_context.lo \
inquire_cred.lo release_buffer.lo release_cred.lo release_name.lo \
release_oid_set.lo test_oid_set_member.lo unwrap.lo v1.lo verify_mic.lo \
wrap.lo
CFLAGS = @CFLAGS@
COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)

17
crypto/heimdal/lib/gssapi/accept_sec_context.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,7 +33,7 @@
#include "gssapi_locl.h"
RCSID("$Id: accept_sec_context.c,v 1.15 1999/12/26 18:32:08 assar Exp $");
RCSID("$Id: accept_sec_context.c,v 1.17 2000/02/12 21:24:08 assar Exp $");
static krb5_keytab gss_keytab;
@ -53,7 +53,8 @@ gsskrb5_register_acceptor_identity (char *identity)
return GSS_S_COMPLETE;
}
OM_uint32 gss_accept_sec_context
OM_uint32
gss_accept_sec_context
(OM_uint32 * minor_status,
gss_ctx_id_t * context_handle,
const gss_cred_id_t acceptor_cred_handle,
@ -151,6 +152,14 @@ OM_uint32 gss_accept_sec_context
goto failure;
}
kret = krb5_copy_principal (gssapi_krb5_context,
ticket->server,
&(*context_handle)->target);
if (kret) {
ret = GSS_S_FAILURE;
goto failure;
}
if (src_name) {
kret = krb5_copy_principal (gssapi_krb5_context,
ticket->client,
@ -182,6 +191,8 @@ OM_uint32 gss_accept_sec_context
}
}
flags |= GSS_C_TRANS_FLAG;
if (ret_flags)
*ret_flags = flags;
(*context_handle)->flags = flags;

3
crypto/heimdal/lib/gssapi/delete_sec_context.c
View File

@ -33,7 +33,7 @@
#include "gssapi_locl.h"
RCSID("$Id: delete_sec_context.c,v 1.6 2000/01/26 00:45:46 assar Exp $");
RCSID("$Id: delete_sec_context.c,v 1.7 2000/02/11 23:00:48 assar Exp $");
OM_uint32 gss_delete_sec_context
(OM_uint32 * minor_status,
@ -60,5 +60,6 @@ OM_uint32 gss_delete_sec_context
krb5_free_ticket (gssapi_krb5_context,
(*context_handle)->ticket);
free (*context_handle);
*context_handle = GSS_C_NO_CONTEXT;
return GSS_S_COMPLETE;
}

142
crypto/heimdal/lib/gssapi/export_sec_context.c Normal file
View File

@ -0,0 +1,142 @@
/*
* Copyright (c) 1999 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "gssapi_locl.h"
RCSID("$Id: export_sec_context.c,v 1.2 2000/02/12 21:25:24 assar Exp $");
OM_uint32
gss_export_sec_context (
OM_uint32 * minor_status,
gss_ctx_id_t * context_handle,
gss_buffer_t interprocess_token
)
{
krb5_storage *sp;
krb5_auth_context ac;
unsigned char auth_buf[1024];
size_t sz;
int ret;
krb5_data data;
gss_buffer_desc buffer;
int flags;
gssapi_krb5_init ();
if (!((*context_handle)->flags & GSS_C_TRANS_FLAG))
return GSS_S_UNAVAILABLE;
sp = krb5_storage_emem ();
if (sp == NULL) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
ac = (*context_handle)->auth_context;
/* flagging included fields */
flags = 0;
if (ac->local_address)
flags |= SC_LOCAL_ADDRESS;
if (ac->remote_address)
flags |= SC_REMOTE_ADDRESS;
if (ac->keyblock)
flags |= SC_KEYBLOCK;
if (ac->local_subkey)
flags |= SC_LOCAL_SUBKEY;
if (ac->remote_subkey)
flags |= SC_REMOTE_SUBKEY;
krb5_store_int32 (sp, flags);
/* marshall auth context */
krb5_store_int32 (sp, ac->flags);
if (ac->local_address)
krb5_store_address (sp, *ac->local_address);
if (ac->remote_address)
krb5_store_address (sp, *ac->remote_address);
krb5_store_int16 (sp, ac->local_port);
krb5_store_int16 (sp, ac->remote_port);
if (ac->keyblock)
krb5_store_keyblock (sp, *ac->keyblock);
if (ac->local_subkey)
krb5_store_keyblock (sp, *ac->local_subkey);
if (ac->remote_subkey)
krb5_store_keyblock (sp, *ac->remote_subkey);
krb5_store_int32 (sp, ac->local_seqnumber);
krb5_store_int32 (sp, ac->remote_seqnumber);
#if 0
ret = encode_Authenticator (auth_buf, sizeof(auth_buf),
ac->authenticator, &sz);
if (ret) {
krb5_storage_free (sp);
*minor_status = ret;
return GSS_S_FAILURE;
}
data.data = auth_buf;
data.length = sz;
krb5_store_data (sp, data);
#endif
krb5_store_int32 (sp, ac->keytype);
krb5_store_int32 (sp, ac->cksumtype);
/* names */
gss_export_name (minor_status, (*context_handle)->source, &buffer);
data.data = buffer.value;
data.length = buffer.length;
krb5_store_data (sp, data);
gss_export_name (minor_status, (*context_handle)->target, &buffer);
data.data = buffer.value;
data.length = buffer.length;
krb5_store_data (sp, data);
krb5_store_int32 (sp, (*context_handle)->flags);
krb5_store_int32 (sp, (*context_handle)->more_flags);
ret = krb5_storage_to_data (sp, &data);
krb5_storage_free (sp);
if (ret) {
*minor_status = ret;
return GSS_S_FAILURE;
}
interprocess_token->length = data.length;
interprocess_token->value = data.data;
ret = gss_delete_sec_context (minor_status, context_handle,
GSS_C_NO_BUFFER);
if (ret != GSS_S_COMPLETE)
gss_release_buffer (NULL, interprocess_token);
return ret;
}

12
crypto/heimdal/lib/gssapi/gssapi_locl.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
/* $Id: gssapi_locl.h,v 1.11 1999/12/02 17:05:03 joda Exp $ */
/* $Id: gssapi_locl.h,v 1.12 2000/02/12 21:26:26 assar Exp $ */
#ifndef GSSAPI_LOCL_H
#define GSSAPI_LOCL_H
@ -86,4 +86,12 @@ OM_uint32
gss_krb5_getsomekey(const gss_ctx_id_t context_handle,
des_cblock *key);
/* sec_context flags */
#define SC_LOCAL_ADDRESS 0x01
#define SC_REMOTE_ADDRESS 0x02
#define SC_KEYBLOCK 0x04
#define SC_LOCAL_SUBKEY 0x08
#define SC_REMOTE_SUBKEY 0x10
#endif

180
crypto/heimdal/lib/gssapi/import_sec_context.c Normal file
View File

@ -0,0 +1,180 @@
/*
* Copyright (c) 1999 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "gssapi_locl.h"
RCSID("$Id: import_sec_context.c,v 1.2 2000/02/12 21:26:00 assar Exp $");
OM_uint32
gss_import_sec_context (
OM_uint32 * minor_status,
const gss_buffer_t interprocess_token,
gss_ctx_id_t * context_handle
)
{
OM_uint32 ret = GSS_S_FAILURE;
krb5_error_code kret;
krb5_storage *sp;
krb5_auth_context ac;
krb5_address local, remote;
krb5_address *localp, *remotep;
krb5_data data;
gss_buffer_desc buffer;
krb5_keyblock keyblock;
size_t sz;
int32_t tmp;
int32_t flags;
gssapi_krb5_init ();
sp = krb5_storage_from_mem (interprocess_token->value,
interprocess_token->length);
if (sp == NULL) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
*context_handle = malloc(sizeof(**context_handle));
if (*context_handle == NULL) {
*minor_status = ENOMEM;
krb5_storage_free (sp);
return GSS_S_FAILURE;
}
kret = krb5_auth_con_init (gssapi_krb5_context,
&(*context_handle)->auth_context);
if (kret) {
*minor_status = kret;
ret = GSS_S_FAILURE;
goto failure;
}
/* flags */
krb5_ret_int32 (sp, &flags);
/* retrieve the auth context */
ac = (*context_handle)->auth_context;
krb5_ret_int32 (sp, &ac->flags);
if (flags & SC_LOCAL_ADDRESS)
krb5_ret_address (sp, localp = &local);
else
localp = NULL;
if (flags & SC_REMOTE_ADDRESS)
krb5_ret_address (sp, remotep = &remote);
else
remotep = NULL;
krb5_auth_con_setaddrs (gssapi_krb5_context, ac, localp, remotep);
if (localp)
krb5_free_address (gssapi_krb5_context, localp);
if (remotep)
krb5_free_address (gssapi_krb5_context, remotep);
krb5_ret_int16 (sp, &ac->local_port);
krb5_ret_int16 (sp, &ac->remote_port);
if (flags & SC_KEYBLOCK) {
krb5_ret_keyblock (sp, &keyblock);
krb5_auth_con_setkey (gssapi_krb5_context, ac, &keyblock);
krb5_free_keyblock_contents (gssapi_krb5_context, &keyblock);
}
if (flags & SC_LOCAL_SUBKEY) {
krb5_ret_keyblock (sp, &keyblock);
krb5_auth_con_setlocalsubkey (gssapi_krb5_context, ac, &keyblock);
krb5_free_keyblock_contents (gssapi_krb5_context, &keyblock);
}
if (flags & SC_REMOTE_SUBKEY) {
krb5_ret_keyblock (sp, &keyblock);
krb5_auth_con_setremotesubkey (gssapi_krb5_context, ac, &keyblock);
krb5_free_keyblock_contents (gssapi_krb5_context, &keyblock);
}
krb5_ret_int32 (sp, &ac->local_seqnumber);
krb5_ret_int32 (sp, &ac->remote_seqnumber);
#if 0
krb5_ret_data (sp, &data);
ac->authenticator = malloc (sizeof (*ac->authenticator));
if (ac->authenticator == NULL) {
*minor_status = ENOMEM;
ret = GSS_S_FAILURE;
goto failure;
}
kret = decode_Authenticator (data.data, data.length,
ac->authenticator, &sz);
krb5_data_free (&data);
if (kret) {
*minor_status = kret;
ret = GSS_S_FAILURE;
goto failure;
}
#endif
krb5_ret_int32 (sp, &tmp);
ac->keytype = tmp;
krb5_ret_int32 (sp, &tmp);
ac->cksumtype = tmp;
/* names */
krb5_ret_data (sp, &data);
buffer.value = data.data;
buffer.length = data.length;
gss_import_name (minor_status, &buffer, GSS_C_NO_OID,
&(*context_handle)->source);
krb5_data_free (&data);
krb5_ret_data (sp, &data);
buffer.value = data.data;
buffer.length = data.length;
gss_import_name (minor_status, &buffer, GSS_C_NO_OID,
&(*context_handle)->target);
krb5_data_free (&data);
krb5_ret_int32 (sp, &tmp);
(*context_handle)->flags = tmp;
krb5_ret_int32 (sp, &tmp);
(*context_handle)->more_flags = tmp;
(*context_handle)->ticket = NULL;
return GSS_S_COMPLETE;
failure:
krb5_auth_con_free (gssapi_krb5_context,
(*context_handle)->auth_context);
free (*context_handle);
*context_handle = GSS_C_NO_CONTEXT;
return ret;
}

4
crypto/heimdal/lib/krb5/Makefile.am
View File

@ -1,4 +1,4 @@
# $Id: Makefile.am,v 1.96 2000/02/07 03:26:21 assar Exp $
# $Id: Makefile.am,v 1.97 2000/02/13 20:35:49 assar Exp $
include $(top_srcdir)/Makefile.am.common
@ -119,7 +119,7 @@ libkrb5_la_SOURCES = \
EXTRA_libkrb5_la_SOURCES = keytab_krb4.c
libkrb5_la_LDFLAGS = -version-info 8:0:0
libkrb5_la_LDFLAGS = -version-info 9:0:0
$(libkrb5_la_OBJECTS): $(srcdir)/krb5-protos.h $(srcdir)/krb5-private.h

4
crypto/heimdal/lib/krb5/Makefile.in
View File

@ -10,7 +10,7 @@
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
# $Id: Makefile.am,v 1.96 2000/02/07 03:26:21 assar Exp $
# $Id: Makefile.am,v 1.97 2000/02/13 20:35:49 assar Exp $
# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
@ -195,7 +195,7 @@ libkrb5_la_SOURCES = add_et_list.c addr_families.c address.c aname_to_local
EXTRA_libkrb5_la_SOURCES = keytab_krb4.c
libkrb5_la_LDFLAGS = -version-info 8:0:0
libkrb5_la_LDFLAGS = -version-info 9:0:0
libkrb5_la_LIBADD = ../com_err/error.lo ../com_err/com_err.lo

25
crypto/heimdal/lib/krb5/changepw.c
View File

@ -33,21 +33,17 @@
#include <krb5_locl.h>
RCSID("$Id: changepw.c,v 1.19 1999/12/11 23:14:51 assar Exp $");
RCSID("$Id: changepw.c,v 1.20 2000/02/07 13:40:18 joda Exp $");
static krb5_error_code
get_kdc_address (krb5_context context,
krb5_realm realm,
struct addrinfo **ai)
{
struct addrinfo hints;
krb5_error_code ret;
char **hostlist;
int port = 0;
char portstr[NI_MAXSERV];
int error;
char *host;
char *dot;
ret = krb5_get_krb_changepw_hst (context,
&realm,
@ -55,24 +51,9 @@ get_kdc_address (krb5_context context,
if (ret)
return ret;
host = *hostlist;
port = ntohs(krb5_getportbyname (context, "kpasswd", "udp", KPASSWD_PORT));
error = roken_getaddrinfo_hostspec(*hostlist, port, ai);
dot = strchr (host, ':');
if (dot != NULL) {
char *end;
*dot++ = '\0';
port = strtol (dot, &end, 0);
}
if (port == 0)
port = krb5_getportbyname (context, "kpasswd", "udp", KPASSWD_PORT);
snprintf (portstr, sizeof(portstr), "%u", ntohs(port));
memset (&hints, 0, sizeof(hints));
hints.ai_socktype = SOCK_DGRAM;
hints.ai_protocol = IPPROTO_UDP;
error = getaddrinfo (host, portstr, &hints, ai);
krb5_free_krbhst (context, hostlist);
return error;
}

8
crypto/heimdal/lib/krb5/context.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,7 +33,7 @@
#include "krb5_locl.h"
RCSID("$Id: context.c,v 1.52 2000/02/04 17:10:26 joda Exp $");
RCSID("$Id: context.c,v 1.53 2000/02/11 17:43:43 assar Exp $");
#define INIT_FIELD(C, T, E, D, F) \
(C)->E = krb5_config_get_ ## T ## _default ((C), NULL, (D), \
@ -318,7 +318,7 @@ krb5_add_extra_addresses(krb5_context context, krb5_addresses *addresses)
}
krb5_error_code
krb5_set_extra_addresses(krb5_context context, krb5_addresses *addresses)
krb5_set_extra_addresses(krb5_context context, const krb5_addresses *addresses)
{
if(context->extra_addresses) {
krb5_free_addresses(context, context->extra_addresses);
@ -329,7 +329,7 @@ krb5_set_extra_addresses(krb5_context context, krb5_addresses *addresses)
if(context->extra_addresses == NULL)
return ENOMEM;
}
return copy_HostAddresses(addresses, context->extra_addresses);
return krb5_copy_addresses(context, addresses, context->extra_addresses);
}
krb5_error_code

9
crypto/heimdal/lib/krb5/krb5-protos.h
View File

@ -449,6 +449,13 @@ krb5_change_password __P((
krb5_data *result_code_string,
krb5_data *result_string));
krb5_error_code
krb5_check_transited_realms __P((
krb5_context context,
const char *const *realms,
int num_realms,
int *bad_realm));
krb5_boolean
krb5_checksum_is_collision_proof __P((
krb5_context context,
@ -1948,7 +1955,7 @@ krb5_set_default_realm __P((
krb5_error_code
krb5_set_extra_addresses __P((
krb5_context context,
krb5_addresses *addresses));
const krb5_addresses *addresses));
krb5_error_code
krb5_set_fcache_version __P((

8
crypto/heimdal/lib/krb5/krb5_err.et
View File

@ -3,7 +3,7 @@
#
# This might look like a com_err file, but is not
#
id "$Id: krb5_err.et,v 1.7 1999/02/11 21:03:40 joda Exp $"
id "$Id: krb5_err.et,v 1.8 2000/02/07 12:54:17 joda Exp $"
error_table krb5
@ -51,7 +51,7 @@ error_code ERR_BADVERSION, "Protocol version mismatch"
error_code ERR_MSG_TYPE, "Invalid message type"
error_code ERR_MODIFIED, "Message stream modified"
error_code ERR_BADORDER, "Message out of order"
error_code ERR_ILL_CR_TKT, "Illegal cross-realm ticket"
error_code ERR_ILL_CR_TKT, "Invalid cross-realm ticket"
error_code ERR_BADKEYVER, "Key version is not available"
error_code ERR_NOKEY, "Service key not available"
error_code ERR_MUT_FAIL, "Mutual authentication failed"
@ -71,14 +71,14 @@ error_code FIELD_TOOLONG, "Field is too long for this implementation"
# 62-127 are reserved
index 128
prefix
error_code KRB5_ERR_RCSID, "$Id: krb5_err.et,v 1.7 1999/02/11 21:03:40 joda Exp $"
error_code KRB5_ERR_RCSID, "$Id: krb5_err.et,v 1.8 2000/02/07 12:54:17 joda Exp $"
error_code KRB5_LIBOS_BADLOCKFLAG, "Invalid flag for file lock mode"
error_code KRB5_LIBOS_CANTREADPWD, "Cannot read password"
error_code KRB5_LIBOS_BADPWDMATCH, "Password mismatch"
error_code KRB5_LIBOS_PWDINTR, "Password read interrupted"
error_code KRB5_PARSE_ILLCHAR, "Illegal character in component name"
error_code KRB5_PARSE_ILLCHAR, "Invalid character in component name"
error_code KRB5_PARSE_MALFORMED, "Malformed representation of principal"
error_code KRB5_CONFIG_CANTOPEN, "Can't open/find configuration file"

26
crypto/heimdal/lib/krb5/rd_req.c
View File

@ -33,7 +33,7 @@
#include <krb5_locl.h>
RCSID("$Id: rd_req.c,v 1.40 2000/02/06 05:20:31 assar Exp $");
RCSID("$Id: rd_req.c,v 1.41 2000/02/07 13:31:55 joda Exp $");
static krb5_error_code
decrypt_tkt_enc_part (krb5_context context,
@ -188,6 +188,30 @@ krb5_verify_authenticator_checksum(krb5_context context,
return ret;
}
#if 0
static krb5_error_code
check_transited(krb5_context context,
krb5_ticket *ticket)
{
char **realms;
int num_realms;
krb5_error_code ret;
if(ticket->ticket.transited.tr_type != DOMAIN_X500_COMPRESS)
return KRB5KDC_ERR_TRTYPE_NOSUPP;
ret = krb5_domain_x500_decode(ticket->ticket.transited.contents,
&realms, &num_realms,
ticket->client->realm,
ticket->server->realm);
if(ret)
return ret;
ret = krb5_check_transited_realms(context, realms, num_realms, NULL);
free(realms);
return ret;
}
#endif
krb5_error_code
krb5_verify_ap_req(krb5_context context,
krb5_auth_context *auth_context,

31
crypto/heimdal/lib/krb5/transited.c
View File

@ -33,7 +33,7 @@
#include "krb5_locl.h"
RCSID("$Id: transited.c,v 1.6 2000/02/07 03:19:43 assar Exp $");
RCSID("$Id: transited.c,v 1.7 2000/02/07 13:30:41 joda Exp $");
/* this is an attempt at one of the most horrible `compression'
schemes that has ever been invented; it's so amazingly brain-dead
@ -363,6 +363,35 @@ krb5_domain_x500_encode(char **realms, int num_realms, krb5_data *encoding)
return 0;
}
krb5_error_code
krb5_check_transited_realms(krb5_context context,
const char *const *realms,
int num_realms,
int *bad_realm)
{
int i;
int ret = 0;
char **bad_realms = krb5_config_get_strings(context, NULL,
"libdefaults",
"transited_realms_reject",
NULL);
if(bad_realms == NULL)
return 0;
for(i = 0; i < num_realms; i++) {
char **p;
for(p = bad_realms; *p; p++)
if(strcmp(*p, realms[i]) == 0) {
ret = KRB5KRB_AP_ERR_ILL_CR_TKT;
if(bad_realm)
*bad_realm = i;
break;
}
}
krb5_config_free_strings(bad_realms);
return ret;
}
#if 0
int
main(int argc, char **argv)

8
crypto/heimdal/lib/roken/ChangeLog
View File

@ -1,3 +1,11 @@
2000-02-13 Assar Westerlund <assar@sics.se>
* Makefile.am: bump version to 7:0:2
* getarg.c (mandoc_template): also fix no- prefix in .Sh OPTIONS
* getarg.c (mandoc_template): better man-stuff for negative
options
2000-02-07 Assar Westerlund <assar@sics.se>
* Makefile.am: set version to 6:0:1

5
crypto/heimdal/lib/roken/Makefile.am
View File

@ -1,11 +1,11 @@
# $Id: Makefile.am,v 1.67 2000/02/07 03:32:15 assar Exp $
# $Id: Makefile.am,v 1.69 2000/02/13 20:34:03 assar Exp $
include $(top_srcdir)/Makefile.am.common
CLEANFILES = roken.h make-roken.c print_version.h
lib_LTLIBRARIES = libroken.la
libroken_la_LDFLAGS = -version-info 6:0:1
libroken_la_LDFLAGS = -version-info 7:0:2
noinst_PROGRAMS = make-roken make-print-version
@ -32,6 +32,7 @@ libroken_la_SOURCES = \
erealloc.c \
estrdup.c \
ewrite.c \
getaddrinfo_hostspec.c \
get_default_username.c \
get_window_size.c \
getarg.c \

19
crypto/heimdal/lib/roken/Makefile.in
View File

@ -10,7 +10,7 @@
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
# $Id: Makefile.am,v 1.67 2000/02/07 03:32:15 assar Exp $
# $Id: Makefile.am,v 1.69 2000/02/13 20:34:03 assar Exp $
# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
@ -176,7 +176,7 @@ CHECK_LOCAL = $(PROGRAMS)
CLEANFILES = roken.h make-roken.c print_version.h
lib_LTLIBRARIES = libroken.la
libroken_la_LDFLAGS = -version-info 6:0:1
libroken_la_LDFLAGS = -version-info 7:0:2
noinst_PROGRAMS = make-roken make-print-version
@ -189,7 +189,7 @@ strpftime_test_SOURCES = strpftime-test.c strftime.c strptime.c snprintf.c
@KRB4_TRUE@@KRB5_TRUE@make_print_version_LDADD = $(LIB_krb4) -ldes
libroken_la_SOURCES = base64.c concat.c emalloc.c eread.c erealloc.c estrdup.c ewrite.c get_default_username.c get_window_size.c getarg.c getnameinfo_verified.c issuid.c k_getpwnam.c k_getpwuid.c mini_inetd.c net_read.c net_write.c parse_bytes.c parse_time.c parse_units.c print_version.c resolve.c roken_gethostby.c signal.c simple_exec.c snprintf.c socket.c strcollect.c tm2time.c verify.c warnerr.c xdbm.h
libroken_la_SOURCES = base64.c concat.c emalloc.c eread.c erealloc.c estrdup.c ewrite.c getaddrinfo_hostspec.c get_default_username.c get_window_size.c getarg.c getnameinfo_verified.c issuid.c k_getpwnam.c k_getpwuid.c mini_inetd.c net_read.c net_write.c parse_bytes.c parse_time.c parse_units.c print_version.c resolve.c roken_gethostby.c signal.c simple_exec.c snprintf.c socket.c strcollect.c tm2time.c verify.c warnerr.c xdbm.h
EXTRA_libroken_la_SOURCES = chown.c copyhostent.c daemon.c err.c err.h errx.c fchown.c flock.c fnmatch.c fnmatch.h freeaddrinfo.c freehostent.c gai_strerror.c getaddrinfo.c getdtablesize.c getegid.c geteuid.c getgid.c gethostname.c getipnodebyaddr.c getipnodebyname.c getnameinfo.c getopt.c gettimeofday.c getuid.c getusershell.c glob.h hstrerror.c inet_aton.c inet_ntop.c inet_pton.c initgroups.c innetgr.c iruserok.c lstat.c memmove.c mkstemp.c putenv.c rcmd.c readv.c recvmsg.c sendmsg.c setegid.c setenv.c seteuid.c strcasecmp.c strdup.c strerror.c strftime.c strlcat.c strlcpy.c strlwr.c strncasecmp.c strndup.c strnlen.c strptime.c strsep.c strtok_r.c strupr.c swab.c unsetenv.c verr.c verrx.c vsyslog.c vwarn.c vwarnx.c warn.c warnx.c writev.c
@ -226,12 +226,13 @@ X_EXTRA_LIBS = @X_EXTRA_LIBS@
X_PRE_LIBS = @X_PRE_LIBS@
libroken_la_DEPENDENCIES = @LTLIBOBJS@
libroken_la_OBJECTS = base64.lo concat.lo emalloc.lo eread.lo \
erealloc.lo estrdup.lo ewrite.lo get_default_username.lo \
get_window_size.lo getarg.lo getnameinfo_verified.lo issuid.lo \
k_getpwnam.lo k_getpwuid.lo mini_inetd.lo net_read.lo net_write.lo \
parse_bytes.lo parse_time.lo parse_units.lo print_version.lo resolve.lo \
roken_gethostby.lo signal.lo simple_exec.lo snprintf.lo socket.lo \
strcollect.lo tm2time.lo verify.lo warnerr.lo
erealloc.lo estrdup.lo ewrite.lo getaddrinfo_hostspec.lo \
get_default_username.lo get_window_size.lo getarg.lo \
getnameinfo_verified.lo issuid.lo k_getpwnam.lo k_getpwuid.lo \
mini_inetd.lo net_read.lo net_write.lo parse_bytes.lo parse_time.lo \
parse_units.lo print_version.lo resolve.lo roken_gethostby.lo signal.lo \
simple_exec.lo snprintf.lo socket.lo strcollect.lo tm2time.lo verify.lo \
warnerr.lo
check_PROGRAMS = parse_bytes-test$(EXEEXT) strpftime-test$(EXEEXT) \
getaddrinfo-test$(EXEEXT)
noinst_PROGRAMS = make-roken$(EXEEXT) make-print-version$(EXEEXT)

89
crypto/heimdal/lib/roken/getaddrinfo_hostspec.c Normal file
View File

@ -0,0 +1,89 @@
/*
* Copyright (c) 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
RCSID("$Id: getaddrinfo_hostspec.c,v 1.1 2000/02/07 13:38:22 joda Exp $");
#endif
#include "roken.h"
/* getaddrinfo via string specifying host and port */
int
roken_getaddrinfo_hostspec(const char *hostspec,
int port,
struct addrinfo **ai)
{
const char *p;
char portstr[NI_MAXSERV];
char host[MAXHOSTNAMELEN];
struct addrinfo hints;
struct hst {
const char *prefix;
int socktype;
int protocol;
int port;
} *hstp, hst[] = {
{ "http://", SOCK_STREAM, IPPROTO_TCP, 80 },
{ "http/", SOCK_STREAM, IPPROTO_TCP, 80 },
{ "tcp/", SOCK_STREAM, IPPROTO_TCP },
{ "udp/", SOCK_DGRAM, IPPROTO_UDP },
{ NULL }
};
memset(&hints, 0, sizeof(hints));
for(hstp = hst; hstp->prefix; hstp++) {
if(strncmp(hostspec, hstp->prefix, strlen(hstp->prefix)) == 0) {
hints.ai_socktype = hstp->socktype;
hints.ai_protocol = hstp->protocol;
if(port == 0)
port = hstp->port;
hostspec += strlen(hstp->prefix);
break;
}
}
p = strchr (hostspec, ':');
if (p != NULL) {
char *end;
port = strtol (p + 1, &end, 0);
}
snprintf (portstr, sizeof(portstr), "%u", port);
snprintf (host, sizeof(host), "%.*s", p - hostspec, hostspec);
return getaddrinfo (host, portstr, &hints, ai);
}

12
crypto/heimdal/lib/roken/getarg.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,7 +33,7 @@
#ifdef HAVE_CONFIG_H
#include <config.h>
RCSID("$Id: getarg.c,v 1.32 1999/12/02 16:58:46 joda Exp $");
RCSID("$Id: getarg.c,v 1.34 2000/02/13 21:06:43 assar Exp $");
#endif
#include <stdio.h>
@ -125,7 +125,9 @@ mandoc_template(struct getargs *args,
}
if(args[i].long_name) {
print_arg(buf, sizeof(buf), 1, 1, args + i);
printf("Fl -%s%s", args[i].long_name, buf);
printf("Fl -%s%s%s",
args[i].type == arg_negative_flag ? "no-" : "",
args[i].long_name, buf);
}
printf("\n");
} else {
@ -155,7 +157,9 @@ mandoc_template(struct getargs *args,
printf("\n");
}
if(args[i].long_name){
printf(".Fl -%s", args[i].long_name);
printf(".Fl -%s%s",
args[i].type == arg_negative_flag ? "no-" : "",
args[i].long_name);
print_arg(buf, sizeof(buf), 1, 1, args + i);
printf("%s\n", buf);
}

3
crypto/heimdal/lib/roken/roken-common.h
View File

@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
/* $Id: roken-common.h,v 1.25 2000/01/09 10:58:34 assar Exp $ */
/* $Id: roken-common.h,v 1.27 2000/02/14 02:24:44 assar Exp $ */
#ifndef __ROKEN_COMMON_H__
#define __ROKEN_COMMON_H__
@ -290,4 +290,5 @@ vstrcollect(va_list *ap);
char **
strcollect(char *first, ...);
#endif /* __ROKEN_COMMON_H__ */

7
crypto/heimdal/lib/roken/roken.h.in
View File

@ -1,6 +1,6 @@
/* -*- C -*- */
/*
* Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
* Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -32,7 +32,7 @@
* SUCH DAMAGE.
*/
/* $Id: roken.h.in,v 1.133 1999/12/30 02:22:54 assar Exp $ */
/* $Id: roken.h.in,v 1.135 2000/02/14 02:24:20 assar Exp $ */
#include <stdio.h>
#include <stdlib.h>
@ -521,6 +521,9 @@ getnameinfo_verified(const struct sockaddr *sa, socklen_t salen,
char *serv, size_t servlen,
int flags);
int
roken_getaddrinfo_hostspec(const char *, int, struct addrinfo **);
#ifndef HAVE_STRFTIME
size_t
strftime (char *buf, size_t maxsize, const char *format,