d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

This commit was generated by cvs2svn to compensate for changes in r103423,

Browse Source 
which included commits to RCS files with non-trunk default branches.
This commit is contained in:
Jacques Vidrine 2002-09-16 21:04:40 +00:00
commit 18600429b3
101 changed files with 6979 additions and 3877 deletions

168
crypto/heimdal/ChangeLog

@ -1,3 +1,171 @@
2002-09-16 Jacques Vidrine <nectar@kth.se>
* lib/krb5/kuserok.c, lib/krb5/prompter_posix.c: use strcspn
to convert the newline to NUL in fgets results.
2002-09-13 Johan Danielsson <joda@pdc.kth.se>
* kuser/kinit.1: remove unneeded Ns
* lib/krb5/krb5_appdefault.3: remove extra "application"
* fix-export: remove autom4ate.cache
2002-09-10 Johan Danielsson <joda@pdc.kth.se>
* include/make_crypto.c: don't use function macros if possible
* lib/krb5/krb5_locl.h: get limits.h for UINT_MAX
* include/Makefile.am: use make_crypto to create crypto-headers.h
* include/make_crypto.c: crypto header generation tool
* configure.in: move crypto test to just after testing for krb4,
and move roken tests to after both, this speeds up various failure
cases with krb4
* lib/krb5/config_file.c: don't use NULL when we mean 0
* configure.in: we don't set package_libdir anymore, so no point
in testing for it
* tools/Makefile.am: subst INCLUDE_des
* tools/krb5-config.in: add INCLUDE_des to cflags
* configure.in: use AC_CONFIG_SRCDIR
* fix-export: remove some unneeded stuff
* kuser/kinit.c (do_524init): free principals
2002-09-09 Jacques Vidrine <nectar@kth.se>
* kdc/kerberos5.c (get_pa_etype_info, fix_transited_encoding),
kdc/kaserver.c (krb5_ret_xdr_data),
lib/krb5/transited.c (krb5_domain_x500_decode): Validate some
counts: Check that they are non-negative, and that they are small
enough to avoid integer overflow when used in memory allocation
calculations. Potential problem areas pointed out by
Sebastian Krahmer <krahmer@suse.de>.
* lib/krb5/keytab_keyfile.c (akf_add_entry): Use O_EXCL when
creating a new keyfile.
2002-09-09 Johan Danielsson <joda@pdc.kth.se>
* configure.in: don't try to build pam module
2002-09-05 Johan Danielsson <joda@pdc.kth.se>
* appl/kf/kf.c: fix warning string
* lib/krb5/log.c (krb5_vlog_msg): delay message formating till we
know we need it
2002-09-04 Assar Westerlund <assar@kth.se>
* kdc/kerberos5.c (encode_reply): correct error logging
2002-09-04 Johan Danielsson <joda@pdc.kth.se>
* lib/krb5/sendauth.c: close ccache if we opened it
* appl/kf/kf.c: handle new protocol
* appl/kf/kfd.c: use krb5_err instead of sysloging directly,
handle the new protocol, and bail out if an old client tries to
connect
* appl/kf/kf_locl.h: we need a protocol version string
* lib/hdb/hdb-ldap.c: use ASN1_MALLOC_ENCODE
* kdc/kerberos5.c: use ASN1_MALLOC_ENCODE
* kdc/hprop.c: set AP_OPTS_USE_SUBKEY
* lib/hdb/common.c: use ASN1_MALLOC_ENCODE
* lib/asn1/gen.c: add convenience macro that allocates a buffer
and encoded into that
* lib/krb5/get_cred.c (init_tgs_req): use
in_creds->session.keytype literally instead of trying to convert
to a list of enctypes (it should already be an enctype)
* lib/krb5/get_cred.c (init_tgs_req): init ret
2002-09-03 Johan Danielsson <joda@pdc.kth.se>
* lib/asn1/k5.asn1: remove ETYPE_DES3_CBC_NONE_IVEC
* lib/krb5/krb5.h: remove ENCTYPE_DES3_CBC_NONE_IVEC
* lib/krb5/crypto.c: get rid of DES3_CBC_encrypt_ivec, just use
zero ivec in DES3_CBC_encrypt if passed ivec is NULL
* lib/krb5/Makefile.am: back out 1.144, since it will re-create
krb5-protos.h at build-time, which requires perl, which is bad
* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): don't
blindly use the local subkey
* lib/krb5/crypto.c: add function krb5_crypto_getblocksize that
extracts the required blocksize from a crypto context
* lib/krb5/build_auth.c: just get the length of the encoded
authenticator instead of trying to grow a buffer
2002-09-03 Assar Westerlund <assar@kth.se>
* configure.in: add --disable-mmap option, and tests for
sys/mman.h and mmap
2002-09-03 Jacques Vidrine <nectar@kth.se>
* lib/krb5/changepw.c: verify lengths in response
* lib/asn1/der_get.c (decode_integer, decode_unsigned): check for
truncated integers
2002-09-02 Johan Danielsson <joda@pdc.kth.se>
* lib/krb5/mk_req_ext.c: generate a local subkey if
AP_OPTS_USE_SUBKEY is set
* lib/krb5/build_auth.c: we don't have enough information about
whether to generate a local subkey here, so don't try to
* lib/krb5/auth_context.c: new function
krb5_auth_con_generatelocalsubkey
* lib/krb5/get_in_tkt.c: only set kdc_sec_offset if looking at an
initial ticket
* lib/krb5/context.c (init_context_from_config_file): simplify
initialisation of srv_lookup
* lib/krb5/changepw.c (send_request): set AP_OPTS_USE_SUBKEY
* lib/krb5/krb5.h: add AP_OPTS_USE_SUBKEY
2002-08-30 Assar Westerlund <assar@kth.se>
* lib/krb5/name-45-test.c: also test krb5_524_conv_principal
* lib/krb5/Makefile.am (TESTS): add name-45-test
* lib/krb5/name-45-test.c: add testcases for
krb5_425_conv_principal
2002-08-29 Assar Westerlund <assar@kth.se>
* lib/krb5/parse-name-test.c: also test unparse_short functions
* lib/asn1/asn1_print.c: use com_err/error_message API
* lib/krb5/Makefile.am: add parse-name-test
* lib/krb5/parse-name-test.c: add a program for testing parsing
and unparsing principal names
2002-08-28 Assar Westerlund <assar@kth.se> 2002-08-28 Assar Westerlund <assar@kth.se>
* kdc/config.c: add missing ifdef DAEMON * kdc/config.c: add missing ifdef DAEMON

932
crypto/heimdal/aclocal.m4 vendored

File diff suppressed because it is too large Load Diff

4
crypto/heimdal/admin/add.c

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@ -33,7 +33,7 @@
#include "ktutil_locl.h" #include "ktutil_locl.h"
RCSID("$Id: add.c,v 1.3 2001/07/23 09:46:40 joda Exp $"); RCSID("$Id: add.c,v 1.5 2002/09/10 19:26:52 joda Exp $");
int int
kt_add(int argc, char **argv) kt_add(int argc, char **argv)

8
crypto/heimdal/appl/ftp/ChangeLog

@ -1,3 +1,11 @@
2002-09-05 Johan Danielsson <joda@pdc.kth.se>
* ftp/security.c (sec_vfprintf): free encoded data
* ftp/gssapi.c (gss_decode): release buffer
* ftp/ftp.c (active_mode): no need to allocate buffer for EPRT
2002-08-28 Johan Danielsson <joda@pdc.kth.se> 2002-08-28 Johan Danielsson <joda@pdc.kth.se>
* ftp/ftp.c (command): clean up va_{start,end}ing (from NetBSD) * ftp/ftp.c (command): clean up va_{start,end}ing (from NetBSD)

10
crypto/heimdal/appl/ftp/ftp/ftp.c

@ -32,7 +32,7 @@
*/ */
#include "ftp_locl.h" #include "ftp_locl.h"
RCSID ("$Id: ftp.c,v 1.73 2002/08/28 16:10:39 joda Exp $"); RCSID ("$Id: ftp.c,v 1.74 2002/09/04 22:00:12 joda Exp $");
struct sockaddr_storage hisctladdr_ss; struct sockaddr_storage hisctladdr_ss;
struct sockaddr *hisctladdr = (struct sockaddr *)&hisctladdr_ss; struct sockaddr *hisctladdr = (struct sockaddr *)&hisctladdr_ss;
@ -1284,7 +1284,6 @@ noport:
if (listen (data, 1) < 0) if (listen (data, 1) < 0)
warn ("listen"); warn ("listen");
if (sendport) { if (sendport) {
char *cmd;
char addr_str[256]; char addr_str[256];
int inet_af; int inet_af;
int overbose; int overbose;
@ -1305,15 +1304,14 @@ noport:
errx (1, "bad address family %d", data_addr->sa_family); errx (1, "bad address family %d", data_addr->sa_family);
} }
asprintf (&cmd, "EPRT |%d|%s|%d|",
inet_af, addr_str, ntohs(socket_get_port (data_addr)));
overbose = verbose; overbose = verbose;
if (debug == 0) if (debug == 0)
verbose = -1; verbose = -1;
result = command (cmd); result = command ("EPRT |%d|%s|%d|",
inet_af, addr_str,
ntohs(socket_get_port (data_addr)));
verbose = overbose; verbose = overbose;
if (result == ERROR) { if (result == ERROR) {

7
crypto/heimdal/appl/ftp/ftp/gssapi.c

@ -39,7 +39,7 @@
#include <gssapi.h> #include <gssapi.h>
#include <krb5_err.h> #include <krb5_err.h>
RCSID("$Id: gssapi.c,v 1.19 2002/08/20 12:47:45 joda Exp $"); RCSID("$Id: gssapi.c,v 1.20 2002/09/04 22:00:50 joda Exp $");
struct gss_data { struct gss_data {
gss_ctx_id_t context_hdl; gss_ctx_id_t context_hdl;
@ -81,6 +81,7 @@ gss_decode(void *app_data, void *buf, int len, int level)
gss_qop_t qop_state; gss_qop_t qop_state;
int conf_state; int conf_state;
struct gss_data *d = app_data; struct gss_data *d = app_data;
size_t ret_len;
input.length = len; input.length = len;
input.value = buf; input.value = buf;
@ -93,7 +94,9 @@ gss_decode(void *app_data, void *buf, int len, int level)
if(GSS_ERROR(maj_stat)) if(GSS_ERROR(maj_stat))
return -1; return -1;
memmove(buf, output.value, output.length); memmove(buf, output.value, output.length);
return output.length; ret_len = output.length;
gss_release_buffer(&min_stat, &output);
return ret_len;
} }
static int static int

6
crypto/heimdal/appl/ftp/ftp/security.c

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1998-2001 Kungliga Tekniska Högskolan * Copyright (c) 1998-2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@ -37,7 +37,7 @@
#include "ftp_locl.h" #include "ftp_locl.h"
#endif #endif
RCSID("$Id: security.c,v 1.18 2001/02/07 10:49:43 assar Exp $"); RCSID("$Id: security.c,v 1.19 2002/09/04 22:01:28 joda Exp $");
static enum protection_level command_prot; static enum protection_level command_prot;
static enum protection_level data_prot; static enum protection_level data_prot;
@ -387,9 +387,11 @@ sec_vfprintf(FILE *f, const char *fmt, va_list ap)
return -1; return -1;
} }
if(base64_encode(enc, len, &buf) < 0){ if(base64_encode(enc, len, &buf) < 0){
free(enc);
printf("Out of memory base64-encoding.\n"); printf("Out of memory base64-encoding.\n");
return -1; return -1;
} }
free(enc);
#ifdef FTP_SERVER #ifdef FTP_SERVER
if(command_prot == prot_safe) if(command_prot == prot_safe)
fprintf(f, "631 %s\r\n", buf); fprintf(f, "631 %s\r\n", buf);

122
crypto/heimdal/appl/kf/kf.c

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan * Copyright (c) 1997 - 2000, 2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@ -32,13 +32,13 @@
*/ */
#include "kf_locl.h" #include "kf_locl.h"
RCSID("$Id: kf.c,v 1.15 2001/02/20 01:44:44 assar Exp $"); RCSID("$Id: kf.c,v 1.17 2002/09/05 15:00:03 joda Exp $");
krb5_context context; krb5_context context;
static int help_flag; static int help_flag;
static int version_flag; static int version_flag;
static char *port_str; static char *port_str;
const char *service = SERVICE; const char *service = KF_SERVICE;
const char *remote_name = NULL; const char *remote_name = NULL;
int forwardable = 0; int forwardable = 0;
const char *ccache_name = NULL; const char *ccache_name = NULL;
@ -107,7 +107,7 @@ client_setup(krb5_context *context, int *argc, char **argv)
} }
if (port == 0) if (port == 0)
port = krb5_getportbyname (*context, PORT, "tcp", PORT_NUM); port = krb5_getportbyname (*context, KF_PORT_NAME, "tcp", KF_PORT_NUM);
if(*argc - optind < 1) if(*argc - optind < 1)
usage(1, args, num_args); usage(1, args, num_args);
@ -122,22 +122,19 @@ client_setup(krb5_context *context, int *argc, char **argv)
*/ */
static int static int
proto (int sock, const char *hostname, const char *service) proto (int sock, const char *hostname, const char *service,
char *message, size_t len)
{ {
krb5_auth_context auth_context; krb5_auth_context auth_context;
krb5_error_code status; krb5_error_code status;
krb5_principal server; krb5_principal server;
krb5_data data; krb5_data data;
krb5_data packet;
krb5_data data_send; krb5_data data_send;
u_int32_t len, net_len;
krb5_ccache ccache; krb5_ccache ccache;
krb5_creds creds; krb5_creds creds;
krb5_kdc_flags flags; krb5_kdc_flags flags;
krb5_principal principal; krb5_principal principal;
char ret_string[10];
ssize_t n;
status = krb5_auth_con_init (context, &auth_context); status = krb5_auth_con_init (context, &auth_context);
if (status) { if (status) {
@ -166,10 +163,10 @@ proto (int sock, const char *hostname, const char *service)
status = krb5_sendauth (context, status = krb5_sendauth (context,
&auth_context, &auth_context,
&sock, &sock,
VERSION, KF_VERSION_1,
NULL, NULL,
server, server,
AP_OPTS_MUTUAL_REQUIRED, AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SUBKEY,
NULL, NULL,
NULL, NULL,
NULL, NULL,
@ -181,27 +178,19 @@ proto (int sock, const char *hostname, const char *service)
return 1; return 1;
} }
if (remote_name == NULL) { if (ccache_name == NULL)
remote_name = get_default_username (); ccache_name = "";
if (remote_name == NULL)
errx (1, "who are you?");
}
krb5_data_zero(&data_send);
data_send.data = (void *)remote_name; data_send.data = (void *)remote_name;
data_send.length = strlen(remote_name) + 1; data_send.length = strlen(remote_name) + 1;
status = krb5_write_message(context, &sock, &data_send); status = krb5_write_priv_message(context, auth_context, &sock, &data_send);
if (status) { if (status) {
krb5_warn (context, status, "krb5_write_message"); krb5_warn (context, status, "krb5_write_message");
return 1; return 1;
} }
if (ccache_name == NULL)
ccache_name = "";
data_send.data = (void *)ccache_name; data_send.data = (void *)ccache_name;
data_send.length = strlen(ccache_name)+1; data_send.length = strlen(ccache_name)+1;
status = krb5_write_message(context, &sock, &data_send); status = krb5_write_priv_message(context, auth_context, &sock, &data_send);
if (status) { if (status) {
krb5_warn (context, status, "krb5_write_message"); krb5_warn (context, status, "krb5_write_message");
return 1; return 1;
@ -223,16 +212,15 @@ proto (int sock, const char *hostname, const char *service)
creds.client = principal; creds.client = principal;
status = krb5_build_principal (context, status = krb5_make_principal (context,
&creds.server, &creds.server,
strlen(principal->realm), principal->realm,
principal->realm, KRB5_TGS_NAME,
KRB5_TGS_NAME, principal->realm,
principal->realm, NULL);
NULL);
if (status) { if (status) {
krb5_warn (context, status, "krb5_build_principal"); krb5_warn (context, status, "krb5_make_principal");
return 1; return 1;
} }
@ -254,60 +242,36 @@ proto (int sock, const char *hostname, const char *service)
return 1; return 1;
} }
status = krb5_mk_priv (context, status = krb5_write_priv_message(context, auth_context, &sock, &data);
auth_context,
&data,
&packet,
NULL);
if (status) { if (status) {
krb5_warn (context, status, "krb5_mk_priv"); krb5_warn (context, status, "krb5_mk_priv");
return 1; return 1;
} }
len = packet.length;
net_len = htonl(len);
if (krb5_net_write (context, &sock, &net_len, 4) != 4) {
krb5_warn (context, errno, "krb5_net_write");
return 1;
}
if (krb5_net_write (context, &sock, packet.data, len) != len) {
krb5_warn (context, errno, "krb5_net_write");
return 1;
}
krb5_data_free (&data); krb5_data_free (&data);
n = krb5_net_read (context, &sock, &net_len, 4); status = krb5_read_priv_message(context, auth_context, &sock, &data);
if (n == 0) { if (status) {
krb5_warnx (context, "EOF in krb5_net_read"); krb5_warn (context, status, "krb5_mk_priv");
return 1; return 1;
} }
if (n < 0) { if(data.length >= len) {
krb5_warn (context, errno, "krb5_net_read"); krb5_warnx (context, "returned string is too long, truncating");
return 1; memcpy(message, data.data, len);
message[len - 1] = '\0';
} else {
memcpy(message, data.data, data.length);
message[data.length] = '\0';
} }
len = ntohl(net_len); krb5_data_free (&data);
if (len >= sizeof(ret_string)) {
krb5_warnx (context, "too long string back from %s", hostname);
return 1;
}
n = krb5_net_read (context, &sock, ret_string, len);
if (n == 0) {
krb5_warnx (context, "EOF in krb5_net_read");
return 1;
}
if (n < 0) {
krb5_warn (context, errno, "krb5_net_read");
return 1;
}
ret_string[sizeof(ret_string) - 1] = '\0';
return(strcmp(ret_string,"ok")); return(strcmp(message, "ok"));
} }
static int static int
doit (const char *hostname, int port, const char *service) doit (const char *hostname, int port, const char *service,
char *message, size_t len)
{ {
struct addrinfo *ai, *a; struct addrinfo *ai, *a;
struct addrinfo hints; struct addrinfo hints;
@ -337,7 +301,7 @@ doit (const char *hostname, int port, const char *service)
continue; continue;
} }
freeaddrinfo (ai); freeaddrinfo (ai);
return proto (s, hostname, service); return proto (s, hostname, service, message, len);
} }
warnx ("failed to contact %s", hostname); warnx ("failed to contact %s", hostname);
freeaddrinfo (ai); freeaddrinfo (ai);
@ -353,9 +317,19 @@ main(int argc, char **argv)
argcc = argc; argcc = argc;
port = client_setup(&context, &argcc, argv); port = client_setup(&context, &argcc, argv);
if (remote_name == NULL) {
remote_name = get_default_username ();
if (remote_name == NULL)
errx (1, "who are you?");
}
for (i = argcc;i < argc; i++) { for (i = argcc;i < argc; i++) {
ret = doit (argv[i], port, service); char message[128];
warnx ("%s %s", argv[i], ret ? "failed" : "ok"); ret = doit (argv[i], port, service, message, sizeof(message));
if(ret == 0)
warnx ("%s: ok", argv[i]);
else
warnx ("%s: failed: %s", argv[i], message);
} }
return(ret); return(ret);
} }

11
crypto/heimdal/appl/kf/kf_locl.h

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan * Copyright (c) 1997 - 1999, 2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@ -31,7 +31,7 @@
* SUCH DAMAGE. * SUCH DAMAGE.
*/ */
/* $Id: kf_locl.h,v 1.2 1999/12/02 17:04:55 joda Exp $ */ /* $Id: kf_locl.h,v 1.3 2002/09/04 20:29:04 joda Exp $ */
#ifdef HAVE_CONFIG_H #ifdef HAVE_CONFIG_H
#include <config.h> #include <config.h>
@ -74,7 +74,8 @@
#include <err.h> #include <err.h>
#include <krb5.h> #include <krb5.h>
#define SERVICE "host" #define KF_SERVICE "host"
#define PORT "kf" #define KF_PORT_NAME "kf"
#define PORT_NUM 2110 #define KF_PORT_NUM 2110
#define KF_VERSION_1 "KFWDV0.1"

181
crypto/heimdal/appl/kf/kfd.c

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@ -32,7 +32,7 @@
*/ */
#include "kf_locl.h" #include "kf_locl.h"
RCSID("$Id: kfd.c,v 1.9 2001/02/20 01:44:44 assar Exp $"); RCSID("$Id: kfd.c,v 1.10 2002/09/04 20:31:48 joda Exp $");
krb5_context context; krb5_context context;
char krb5_tkfile[MAXPATHLEN]; char krb5_tkfile[MAXPATHLEN];
@ -40,7 +40,7 @@ char krb5_tkfile[MAXPATHLEN];
static int help_flag; static int help_flag;
static int version_flag; static int version_flag;
static char *port_str; static char *port_str;
char *service = SERVICE; char *service = KF_SERVICE;
int do_inetd = 0; int do_inetd = 0;
static char *regpag_str=NULL; static char *regpag_str=NULL;
@ -92,7 +92,7 @@ server_setup(krb5_context *context, int argc, char **argv)
} }
if (port == 0) if (port == 0)
port = krb5_getportbyname (*context, PORT, "tcp", PORT_NUM); port = krb5_getportbyname (*context, KF_PORT_NAME, "tcp", KF_PORT_NUM);
if(argv[local_argc] != NULL) if(argv[local_argc] != NULL)
usage(1, args, num_args); usage(1, args, num_args);
@ -100,26 +100,23 @@ server_setup(krb5_context *context, int argc, char **argv)
return port; return port;
} }
static void static int protocol_version;
syslog_and_die (const char *m, ...)
static krb5_boolean
kfd_match_version(const void *arg, const char *version)
{ {
va_list args; if(strcmp(version, KF_VERSION_1) == 0) {
protocol_version = 1;
va_start(args, m); return TRUE;
vsyslog (LOG_ERR, m, args); } else if (strlen(version) == 4 &&
va_end(args); version[0] == '0' &&
exit (1); version[1] == '.' &&
} (version[2] == '4' || version[2] == '3') &&
islower(version[3])) {
static void protocol_version = 0;
syslog_and_cont (const char *m, ...) return TRUE;
{ }
va_list args; return FALSE;
va_start(args, m);
vsyslog (LOG_ERR, m, args);
va_end(args);
return;
} }
static int static int
@ -132,31 +129,25 @@ proto (int sock, const char *service)
char *name; char *name;
char ret_string[10]; char ret_string[10];
char hostname[MAXHOSTNAMELEN]; char hostname[MAXHOSTNAMELEN];
krb5_data packet;
krb5_data data; krb5_data data;
krb5_data remotename; krb5_data remotename;
krb5_data tk_file; krb5_data tk_file;
u_int32_t len, net_len;
krb5_ccache ccache; krb5_ccache ccache;
char ccname[MAXPATHLEN]; char ccname[MAXPATHLEN];
struct passwd *pwd; struct passwd *pwd;
ssize_t n;
status = krb5_auth_con_init (context, &auth_context); status = krb5_auth_con_init (context, &auth_context);
if (status) if (status)
syslog_and_die("krb5_auth_con_init: %s", krb5_err(context, 1, status, "krb5_auth_con_init");
krb5_get_err_text(context, status));
status = krb5_auth_con_setaddrs_from_fd (context, status = krb5_auth_con_setaddrs_from_fd (context,
auth_context, auth_context,
&sock); &sock);
if (status) if (status)
syslog_and_die("krb5_auth_con_setaddr: %s", krb5_err(context, 1, status, "krb5_auth_con_setaddr");
krb5_get_err_text(context, status));
if(gethostname (hostname, sizeof(hostname)) < 0) if(gethostname (hostname, sizeof(hostname)) < 0)
syslog_and_die("gethostname: %s",strerror(errno)); krb5_err(context, 1, errno, "gethostname");
status = krb5_sname_to_principal (context, status = krb5_sname_to_principal (context,
hostname, hostname,
@ -164,88 +155,80 @@ proto (int sock, const char *service)
KRB5_NT_SRV_HST, KRB5_NT_SRV_HST,
&server); &server);
if (status) if (status)
syslog_and_die("krb5_sname_to_principal: %s", krb5_err(context, 1, status, "krb5_sname_to_principal");
krb5_get_err_text(context, status));
status = krb5_recvauth (context, status = krb5_recvauth_match_version (context,
&auth_context, &auth_context,
&sock, &sock,
VERSION, kfd_match_version,
server, NULL,
0, server,
NULL, 0,
&ticket); NULL,
&ticket);
if (status) if (status)
syslog_and_die("krb5_recvauth: %s", krb5_err(context, 1, status, "krb5_recvauth");
krb5_get_err_text(context, status));
status = krb5_unparse_name (context, status = krb5_unparse_name (context,
ticket->client, ticket->client,
&name); &name);
if (status) if (status)
syslog_and_die("krb5_unparse_name: %s", krb5_err(context, 1, status, "krb5_unparse_name");
krb5_get_err_text(context, status));
status=krb5_read_message (context, &sock, &remotename); if(protocol_version == 0) {
if (status) { data.data = "old clnt"; /* XXX old clients only had room for
syslog_and_die("krb5_read_message: %s", 10 bytes of message, and also
krb5_get_err_text(context, status)); didn't show it to the user */
} data.length = strlen(data.data) + 1;
status=krb5_read_message (context, &sock, &tk_file); krb5_write_message(context, &sock, &data);
if (status) { sleep(2); /* XXX give client time to finish */
syslog_and_die("krb5_read_message: %s", krb5_errx(context, 1, "old client; exiting");
krb5_get_err_text(context, status));
} }
status=krb5_read_priv_message (context, auth_context,
&sock, &remotename);
if (status)
krb5_err(context, 1, status, "krb5_read_message");
status=krb5_read_priv_message (context, auth_context,
&sock, &tk_file);
if (status)
krb5_err(context, 1, status, "krb5_read_message");
krb5_data_zero (&data); krb5_data_zero (&data);
krb5_data_zero (&packet);
n = krb5_net_read (context, &sock, &net_len, 4); if(((char*)remotename.data)[remotename.length-1] != '\0')
if (n < 0) krb5_errx(context, 1, "unterminated received");
syslog_and_die("krb5_net_read: %s", strerror(errno)); if(((char*)tk_file.data)[tk_file.length-1] != '\0')
if (n == 0) krb5_errx(context, 1, "unterminated received");
syslog_and_die("EOF in krb5_net_read");
len = ntohl(net_len); status = krb5_read_priv_message(context, auth_context, &sock, &data);
krb5_data_alloc (&packet, len);
n = krb5_net_read (context, &sock, packet.data, len);
if (n < 0)
syslog_and_die("krb5_net_read: %s", strerror(errno));
if (n == 0)
syslog_and_die("EOF in krb5_net_read");
status = krb5_rd_priv (context,
auth_context,
&packet,
&data,
NULL);
if (status) { if (status) {
syslog_and_cont("krb5_rd_priv: %s", krb5_err(context, 1, errno, "krb5_read_priv_message");
krb5_get_err_text(context, status));
goto out; goto out;
} }
pwd = getpwnam ((char *)(remotename.data)); pwd = getpwnam ((char *)(remotename.data));
if (pwd == NULL) { if (pwd == NULL) {
status=1; status=1;
syslog_and_cont("getpwnam: %s failed",(char *)(remotename.data)); krb5_warnx(context, "getpwnam: %s failed",(char *)(remotename.data));
goto out; goto out;
} }
if(!krb5_kuserok (context, if(!krb5_kuserok (context,
ticket->client, ticket->client,
(char *)(remotename.data))) { (char *)(remotename.data))) {
status=1; status=1;
syslog_and_cont("krb5_kuserok: permission denied"); krb5_warnx(context, "krb5_kuserok: permission denied");
goto out; goto out;
} }
if (setgid(pwd->pw_gid) < 0) { if (setgid(pwd->pw_gid) < 0) {
syslog_and_cont ("setgid: %s", strerror(errno)); krb5_warn(context, errno, "setgid");
goto out; goto out;
} }
if (setuid(pwd->pw_uid) < 0) { if (setuid(pwd->pw_uid) < 0) {
syslog_and_cont ("setuid: %s", strerror(errno)); krb5_warn(context, errno, "setuid");
goto out; goto out;
} }
@ -256,49 +239,41 @@ proto (int sock, const char *service)
status = krb5_cc_resolve (context, ccname, &ccache); status = krb5_cc_resolve (context, ccname, &ccache);
if (status) { if (status) {
syslog_and_cont("krb5_cc_resolve: %s", krb5_warn(context, status, "krb5_cc_resolve");
krb5_get_err_text(context, status));
goto out; goto out;
} }
status = krb5_cc_initialize (context, ccache, ticket->client); status = krb5_cc_initialize (context, ccache, ticket->client);
if (status) { if (status) {
syslog_and_cont("krb5_cc_initialize: %s", krb5_warn(context, status, "krb5_cc_initialize");
krb5_get_err_text(context, status));
goto out; goto out;
} }
status = krb5_rd_cred2 (context, auth_context, ccache, &data); status = krb5_rd_cred2 (context, auth_context, ccache, &data);
krb5_cc_close (context, ccache); krb5_cc_close (context, ccache);
if (status) { if (status) {
syslog_and_cont("krb5_rd_cred: %s", krb5_warn(context, status, "krb5_rd_cred");
krb5_get_err_text(context, status));
goto out; goto out;
} }
strlcpy(krb5_tkfile,ccname,sizeof(krb5_tkfile)); strlcpy(krb5_tkfile,ccname,sizeof(krb5_tkfile));
syslog_and_cont("%s forwarded ticket to %s,%s", krb5_warnx(context, "%s forwarded ticket to %s,%s",
name, name,
(char *)(remotename.data),ccname); (char *)(remotename.data),ccname);
out: out:
if (status) { if (status) {
strcpy(ret_string, "no"); strcpy(ret_string, "no");
syslog_and_cont("failed"); krb5_warnx(context, "failed");
} else { } else {
strcpy(ret_string, "ok"); strcpy(ret_string, "ok");
} }
krb5_data_free (&tk_file); krb5_data_free (&tk_file);
krb5_data_free (&remotename); krb5_data_free (&remotename);
krb5_data_free (&packet);
krb5_data_free (&data); krb5_data_free (&data);
free(name); free(name);
len = strlen(ret_string) + 1; data.data = ret_string;
net_len = htonl(len); data.length = strlen(ret_string) + 1;
if (krb5_net_write (context, &sock, &net_len, 4) != 4) return krb5_write_priv_message(context, auth_context, &sock, &data);
return 1;
if (krb5_net_write (context, &sock, ret_string, len) != len)
return 1;
return status;
} }
static int static int
@ -314,10 +289,16 @@ main(int argc, char **argv)
{ {
int port; int port;
int ret; int ret;
krb5_log_facility *fac;
setprogname (argv[0]); setprogname (argv[0]);
roken_openlog (argv[0], LOG_ODELAY | LOG_PID,LOG_AUTH); roken_openlog (argv[0], LOG_ODELAY | LOG_PID,LOG_AUTH);
port = server_setup(&context, argc, argv); port = server_setup(&context, argc, argv);
ret = krb5_openlog(context, "kfd", &fac);
if(ret) krb5_err(context, 1, ret, "krb5_openlog");
ret = krb5_set_warn_dest(context, fac);
if(ret) krb5_err(context, 1, ret, "krb5_set_warn_dest");
ret = doit (port, service); ret = doit (port, service);
closelog(); closelog();
if (ret == 0 && regpag_str != NULL) if (ret == 0 && regpag_str != NULL)

24
crypto/heimdal/appl/rsh/ChangeLog

@ -1,3 +1,27 @@
2002-09-04 Johan Danielsson <joda@pdc.kth.se>
* rsh.c: free some memory
2002-09-04 Assar Westerlund <assar@kth.se>
* common.c: krb5_crypto_block_size -> krb5_crypto_getblocksize
2002-09-04 Johan Danielsson <joda@pdc.kth.se>
* rsh.1: document -P
2002-09-03 Johan Danielsson <joda@pdc.kth.se>
* rsh.c: revert to protocol v1 if not asked for specific protocol
* rshd.c: handle protocol version 2
* rsh.c: handle protocol version 2
* common.c: handle protocol version 2
* rsh_locl.h: handle protocol version 2
2002-02-18 Johan Danielsson <joda@pdc.kth.se> 2002-02-18 Johan Danielsson <joda@pdc.kth.se>
* rshd.c: don't show options that doesn't apply * rshd.c: don't show options that doesn't apply

84
crypto/heimdal/appl/rsh/common.c

@ -32,14 +32,40 @@
*/ */
#include "rsh_locl.h" #include "rsh_locl.h"
RCSID("$Id: common.c,v 1.14 2002/02/18 20:01:05 joda Exp $"); RCSID("$Id: common.c,v 1.16 2002/09/04 15:50:36 assar Exp $");
#if defined(KRB4) || defined(KRB5) #if defined(KRB4) || defined(KRB5)
#ifdef KRB5
int key_usage = 1026;
void *ivec_in[2];
void *ivec_out[2];
void
init_ivecs(int client)
{
size_t blocksize;
krb5_crypto_getblocksize(context, crypto, &blocksize);
ivec_in[0] = malloc(blocksize);
memset(ivec_in[0], client, blocksize);
ivec_in[1] = malloc(blocksize);
memset(ivec_in[1], 2 | client, blocksize);
ivec_out[0] = malloc(blocksize);
memset(ivec_out[0], !client, blocksize);
ivec_out[1] = malloc(blocksize);
memset(ivec_out[1], 2 | !client, blocksize);
}
#endif
ssize_t ssize_t
do_read (int fd, do_read (int fd, void *buf, size_t sz, void *ivec)
void *buf,
size_t sz)
{ {
if (do_encrypt) { if (do_encrypt) {
#ifdef KRB4 #ifdef KRB4
@ -61,7 +87,11 @@ do_read (int fd,
len = ntohl(len); len = ntohl(len);
if (len > sz) if (len > sz)
abort (); abort ();
outer_len = krb5_get_wrapped_length (context, crypto, len); /* ivec will be non null for protocol version 2 */
if(ivec != NULL)
outer_len = krb5_get_wrapped_length (context, crypto, len + 4);
else
outer_len = krb5_get_wrapped_length (context, crypto, len);
edata = malloc (outer_len); edata = malloc (outer_len);
if (edata == NULL) if (edata == NULL)
errx (1, "malloc: cannot allocate %u bytes", outer_len); errx (1, "malloc: cannot allocate %u bytes", outer_len);
@ -69,13 +99,22 @@ do_read (int fd,
if (ret <= 0) if (ret <= 0)
return ret; return ret;
status = krb5_decrypt(context, crypto, KRB5_KU_OTHER_ENCRYPTED, status = krb5_decrypt_ivec(context, crypto, key_usage,
edata, outer_len, &data); edata, outer_len, &data, ivec);
free (edata); free (edata);
if (status) if (status)
errx (1, "%s", krb5_get_err_text (context, status)); krb5_err (context, 1, status, "decrypting data");
memcpy (buf, data.data, len); if(ivec != NULL) {
unsigned long l;
if(data.length < len + 4)
errx (1, "data received is too short");
_krb5_get_int(data.data, &l, 4);
if(l != len)
errx (1, "inconsistency in received data");
memcpy (buf, (unsigned char *)data.data+4, len);
} else
memcpy (buf, data.data, len);
krb5_data_free (&data); krb5_data_free (&data);
return len; return len;
} else } else
@ -86,7 +125,7 @@ do_read (int fd,
} }
ssize_t ssize_t
do_write (int fd, void *buf, size_t sz) do_write (int fd, void *buf, size_t sz, void *ivec)
{ {
if (do_encrypt) { if (do_encrypt) {
#ifdef KRB4 #ifdef KRB4
@ -98,20 +137,27 @@ do_write (int fd, void *buf, size_t sz)
if(auth_method == AUTH_KRB5) { if(auth_method == AUTH_KRB5) {
krb5_error_code status; krb5_error_code status;
krb5_data data; krb5_data data;
u_int32_t len; unsigned char len[4];
int ret; int ret;
status = krb5_encrypt(context, crypto, KRB5_KU_OTHER_ENCRYPTED, _krb5_put_int(len, sz, 4);
buf, sz, &data); if(ivec != NULL) {
unsigned char *tmp = malloc(sz + 4);
if(tmp == NULL)
err(1, "malloc");
_krb5_put_int(tmp, sz, 4);
memcpy(tmp + 4, buf, sz);
status = krb5_encrypt_ivec(context, crypto, key_usage,
tmp, sz + 4, &data, ivec);
free(tmp);
} else
status = krb5_encrypt_ivec(context, crypto, key_usage,
buf, sz, &data, ivec);
if (status) if (status)
errx (1, "%s", krb5_get_err_text(context, status)); krb5_err(context, 1, status, "encrypting data");
assert (krb5_get_wrapped_length (context, crypto, ret = krb5_net_write (context, &fd, len, 4);
sz) == data.length);
len = htonl(sz);
ret = krb5_net_write (context, &fd, &len, 4);
if (ret != 4) if (ret != 4)
return ret; return ret;
ret = krb5_net_write (context, &fd, data.data, data.length); ret = krb5_net_write (context, &fd, data.data, data.length);

23
crypto/heimdal/appl/rsh/rsh.1

@ -1,6 +1,6 @@
.\" $Id: rsh.1,v 1.3 2002/08/20 17:07:08 joda Exp $ .\" $Id: rsh.1,v 1.4 2002/09/04 13:01:52 joda Exp $
.\" .\"
.Dd July 31, 2001 .Dd September 4, 2002
.Dt RSH 1 .Dt RSH 1
.Os HEIMDAL .Os HEIMDAL
.Sh NAME .Sh NAME
@ -13,6 +13,7 @@ remote shell
.Op Fl U Pa string .Op Fl U Pa string
.Op Fl p Ar port .Op Fl p Ar port
.Op Fl l Ar username .Op Fl l Ar username
.Op Fl P Ar N|O
.Ar host [command] .Ar host [command]
.Sh DESCRIPTION .Sh DESCRIPTION
.Nm .Nm
@ -145,6 +146,22 @@ By default the remote username is the same as the local. The
option or the option or the
.Pa username@host .Pa username@host
format allow the remote name to be specified. format allow the remote name to be specified.
.It Xo
.Fl P Ar N|O|1|2 ,
.Fl -protocol= Ns Ar N|O|1|2
.Xc
Specifies which protocol version to use with Kerberos 5.
.Ar N
and
.Ar 2
selects protocol version 2, while
.Ar O
and
.Ar 1
selects version 1. Version 2 is beleived to be more secure, and is the
default. Unless asked for a specific version,
.Nm
will try both. This behaviour may change in the future.
.El .El
.\".Pp .\".Pp
.\"Without a .\"Without a
@ -155,7 +172,7 @@ format allow the remote name to be specified.
.\"with the same arguments. .\"with the same arguments.
.Sh EXAMPLES .Sh EXAMPLES
Care should be taken when issuing commands containing shell meta Care should be taken when issuing commands containing shell meta
characters. Without quoting these will be expanded on the local characters. Without quoting, these will be expanded on the local
machine. machine.
.Pp .Pp
The following command: The following command:

83
crypto/heimdal/appl/rsh/rsh.c

@ -32,7 +32,7 @@
*/ */
#include "rsh_locl.h" #include "rsh_locl.h"
RCSID("$Id: rsh.c,v 1.65 2002/02/18 20:02:06 joda Exp $"); RCSID("$Id: rsh.c,v 1.68 2002/09/04 21:40:04 joda Exp $");
enum auth_method auth_method; enum auth_method auth_method;
#if defined(KRB4) || defined(KRB5) #if defined(KRB4) || defined(KRB5)
@ -67,6 +67,8 @@ static const char *user;
static int do_version; static int do_version;
static int do_help; static int do_help;
static int do_errsock = 1; static int do_errsock = 1;
static char *protocol_version_str;
static int protocol_version = 2;
/* /*
* *
@ -80,6 +82,11 @@ loop (int s, int errsock)
fd_set real_readset; fd_set real_readset;
int count = 1; int count = 1;
#ifdef KRB5
if(auth_method == AUTH_KRB5 && protocol_version == 2)
init_ivecs(1);
#endif
if (s >= FD_SETSIZE || errsock >= FD_SETSIZE) if (s >= FD_SETSIZE || errsock >= FD_SETSIZE)
errx (1, "fd too large"); errx (1, "fd too large");
@ -106,7 +113,7 @@ loop (int s, int errsock)
err (1, "select"); err (1, "select");
} }
if (FD_ISSET(s, &readset)) { if (FD_ISSET(s, &readset)) {
ret = do_read (s, buf, sizeof(buf)); ret = do_read (s, buf, sizeof(buf), ivec_in[0]);
if (ret < 0) if (ret < 0)
err (1, "read"); err (1, "read");
else if (ret == 0) { else if (ret == 0) {
@ -118,7 +125,7 @@ loop (int s, int errsock)
net_write (STDOUT_FILENO, buf, ret); net_write (STDOUT_FILENO, buf, ret);
} }
if (errsock != -1 && FD_ISSET(errsock, &readset)) { if (errsock != -1 && FD_ISSET(errsock, &readset)) {
ret = do_read (errsock, buf, sizeof(buf)); ret = do_read (errsock, buf, sizeof(buf), ivec_in[1]);
if (ret < 0) if (ret < 0)
err (1, "read"); err (1, "read");
else if (ret == 0) { else if (ret == 0) {
@ -138,7 +145,7 @@ loop (int s, int errsock)
FD_CLR(STDIN_FILENO, &real_readset); FD_CLR(STDIN_FILENO, &real_readset);
shutdown (s, SHUT_WR); shutdown (s, SHUT_WR);
} else } else
do_write (s, buf, ret); do_write (s, buf, ret, ivec_out[0]);
} }
} }
} }
@ -166,7 +173,7 @@ send_krb4_auth(int s,
getpid(), &msg, &cred, schedule, getpid(), &msg, &cred, schedule,
(struct sockaddr_in *)thisaddr, (struct sockaddr_in *)thisaddr,
(struct sockaddr_in *)thataddr, (struct sockaddr_in *)thataddr,
KCMD_VERSION); KCMD_OLD_VERSION);
if (status != KSUCCESS) { if (status != KSUCCESS) {
warnx("%s: %s", hostname, krb_get_err_text(status)); warnx("%s: %s", hostname, krb_get_err_text(status));
return 1; return 1;
@ -267,6 +274,8 @@ krb5_forward_cred (krb5_auth_context auth_context,
return 0; return 0;
} }
static int sendauth_version_error;
static int static int
send_krb5_auth(int s, send_krb5_auth(int s,
struct sockaddr *thisaddr, struct sockaddr *thisaddr,
@ -282,6 +291,8 @@ send_krb5_auth(int s,
int status; int status;
size_t len; size_t len;
krb5_auth_context auth_context = NULL; krb5_auth_context auth_context = NULL;
const char *protocol_string = NULL;
krb5_flags ap_opts;
status = krb5_sname_to_principal(context, status = krb5_sname_to_principal(context,
hostname, hostname,
@ -300,25 +311,53 @@ send_krb5_auth(int s,
cmd, cmd,
remote_user); remote_user);
ap_opts = 0;
if(do_encrypt)
ap_opts |= AP_OPTS_MUTUAL_REQUIRED;
switch(protocol_version) {
case 2:
ap_opts |= AP_OPTS_USE_SUBKEY;
protocol_string = KCMD_NEW_VERSION;
break;
case 1:
protocol_string = KCMD_OLD_VERSION;
key_usage = KRB5_KU_OTHER_ENCRYPTED;
break;
default:
abort();
}
status = krb5_sendauth (context, status = krb5_sendauth (context,
&auth_context, &auth_context,
&s, &s,
KCMD_VERSION, protocol_string,
NULL, NULL,
server, server,
do_encrypt ? AP_OPTS_MUTUAL_REQUIRED : 0, ap_opts,
&cksum_data, &cksum_data,
NULL, NULL,
NULL, NULL,
NULL, NULL,
NULL, NULL,
NULL); NULL);
krb5_free_principal(context, server);
krb5_data_free(&cksum_data);
if (status) { if (status) {
warnx("%s: %s", hostname, krb5_get_err_text(context, status)); if(status == KRB5_SENDAUTH_REJECTED &&
protocol_version == 2 && protocol_version_str == NULL)
sendauth_version_error = 1;
else
krb5_warn(context, status, "%s", hostname);
return 1; return 1;
} }
status = krb5_auth_con_getkey (context, auth_context, &keyblock); status = krb5_auth_con_getlocalsubkey (context, auth_context, &keyblock);
if(keyblock == NULL)
status = krb5_auth_con_getkey (context, auth_context, &keyblock);
if (status) { if (status) {
warnx ("krb5_auth_con_getkey: %s", krb5_get_err_text(context, status)); warnx ("krb5_auth_con_getkey: %s", krb5_get_err_text(context, status));
return 1; return 1;
@ -777,6 +816,8 @@ struct getargs args[] = {
"port" }, "port" },
{ "user", 'l', arg_string, &user, "Run as this user", "login" }, { "user", 'l', arg_string, &user, "Run as this user", "login" },
{ "stderr", 'e', arg_negative_flag, &do_errsock, "Don't open stderr"}, { "stderr", 'e', arg_negative_flag, &do_errsock, "Don't open stderr"},
{ "protocol", 'P', arg_string, &protocol_version_str,
"Protocol version", "protocol" },
{ "version", 0, arg_flag, &do_version, NULL }, { "version", 0, arg_flag, &do_version, NULL },
{ "help", 0, arg_flag, &do_help, NULL } { "help", 0, arg_flag, &do_help, NULL }
}; };
@ -841,6 +882,23 @@ main(int argc, char **argv)
return 0; return 0;
} }
if(protocol_version_str != NULL) {
if(strcasecmp(protocol_version_str, "N") == 0)
protocol_version = 2;
else if(strcasecmp(protocol_version_str, "O") == 0)
protocol_version = 1;
else {
char *end;
int v;
v = strtol(protocol_version_str, &end, 0);
if(*end != '\0' || (v != 1 && v != 2)) {
errx(1, "unknown protocol version \"%s\"",
protocol_version_str);
}
protocol_version = v;
}
}
#ifdef KRB5 #ifdef KRB5
status = krb5_init_context (&context); status = krb5_init_context (&context);
if (status) { if (status) {
@ -978,9 +1036,15 @@ main(int argc, char **argv)
errx (1, "getaddrinfo: %s", gai_strerror(error)); errx (1, "getaddrinfo: %s", gai_strerror(error));
auth_method = AUTH_KRB5; auth_method = AUTH_KRB5;
again:
ret = doit (host, ai, user, local_user, cmd, cmd_len, ret = doit (host, ai, user, local_user, cmd, cmd_len,
do_errsock, do_errsock,
send_krb5_auth); send_krb5_auth);
if(ret != 0 && sendauth_version_error &&
protocol_version == 2) {
protocol_version = 1;
goto again;
}
freeaddrinfo(ai); freeaddrinfo(ai);
} }
#endif #endif
@ -1035,5 +1099,6 @@ main(int argc, char **argv)
cmd, cmd_len); cmd, cmd_len);
freeaddrinfo(ai); freeaddrinfo(ai);
} }
free(cmd);
return ret; return ret;
} }

22
crypto/heimdal/appl/rsh/rsh_locl.h

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997 - 2000, 2002 Kungliga Tekniska Högskolan * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@ -31,7 +31,7 @@
* SUCH DAMAGE. * SUCH DAMAGE.
*/ */
/* $Id: rsh_locl.h,v 1.27 2002/08/12 15:09:16 joda Exp $ */ /* $Id: rsh_locl.h,v 1.28 2002/09/03 20:03:46 joda Exp $ */
#ifdef HAVE_CONFIG_H #ifdef HAVE_CONFIG_H
#include <config.h> #include <config.h>
@ -99,6 +99,7 @@
#endif #endif
#ifdef KRB5 #ifdef KRB5
#include <krb5.h> #include <krb5.h>
#include <krb5-private.h> /* for _krb5_{get,put}_int */
#endif #endif
#ifdef KRB4 #ifdef KRB4
#include <kafs.h> #include <kafs.h>
@ -132,25 +133,30 @@ extern int do_encrypt;
extern krb5_context context; extern krb5_context context;
extern krb5_keyblock *keyblock; extern krb5_keyblock *keyblock;
extern krb5_crypto crypto; extern krb5_crypto crypto;
extern int key_usage;
extern void *ivec_in[2];
extern void *ivec_out[2];
void init_ivecs(int);
#endif #endif
#ifdef KRB4 #ifdef KRB4
extern des_key_schedule schedule; extern des_key_schedule schedule;
extern des_cblock iv; extern des_cblock iv;
#endif #endif
#define KCMD_VERSION "KCMDV0.1" #define KCMD_OLD_VERSION "KCMDV0.1"
#define KCMD_NEW_VERSION "KCMDV0.2"
#define USERNAME_SZ 16 #define USERNAME_SZ 16
#define COMMAND_SZ 1024 #define COMMAND_SZ 1024
#define RSH_BUFSIZ (16 * 1024) #define RSH_BUFSIZ (5 * 1024) /* MIT kcmd can't handle larger buffers */
#define PATH_RSH BINDIR "/rsh" #define PATH_RSH BINDIR "/rsh"
#if defined(KRB4) || defined(KRB5) #if defined(KRB4) || defined(KRB5)
ssize_t do_read (int fd, void *buf, size_t sz); ssize_t do_read (int, void*, size_t, void*);
ssize_t do_write (int fd, void *buf, size_t sz); ssize_t do_write (int, void*, size_t, void*);
#else #else
#define do_write(F, B, L) write((F), (B), (L)) #define do_write(F, B, L, I) write((F), (B), (L))
#define do_read(F, B, L) read((F), (B), (L)) #define do_read(F, B, L, I) read((F), (B), (L))
#endif #endif

63
crypto/heimdal/appl/rsh/rshd.c

@ -32,7 +32,7 @@
*/ */
#include "rsh_locl.h" #include "rsh_locl.h"
RCSID("$Id: rshd.c,v 1.46 2002/02/18 20:02:14 joda Exp $"); RCSID("$Id: rshd.c,v 1.47 2002/09/03 20:03:26 joda Exp $");
int int
login_access( struct passwd *user, char *from); login_access( struct passwd *user, char *from);
@ -199,7 +199,7 @@ recv_krb4_auth (int s, u_char *buf,
version); version);
if (status != KSUCCESS) if (status != KSUCCESS)
syslog_and_die ("recvauth: %s", krb_get_err_text(status)); syslog_and_die ("recvauth: %s", krb_get_err_text(status));
if (strncmp (version, KCMD_VERSION, KRB_SENDAUTH_VLEN) != 0) if (strncmp (version, KCMD_OLD_VERSION, KRB_SENDAUTH_VLEN) != 0)
syslog_and_die ("bad version: %s", version); syslog_and_die ("bad version: %s", version);
read_str (s, server_username, USERNAME_SZ, "remote username"); read_str (s, server_username, USERNAME_SZ, "remote username");
@ -277,6 +277,24 @@ krb5_start_session (void)
return; return;
} }
static int protocol_version;
static krb5_boolean
match_kcmd_version(const void *data, const char *version)
{
if(strcmp(version, KCMD_NEW_VERSION) == 0) {
protocol_version = 2;
return TRUE;
}
if(strcmp(version, KCMD_OLD_VERSION) == 0) {
protocol_version = 1;
key_usage = KRB5_KU_OTHER_ENCRYPTED;
return TRUE;
}
return FALSE;
}
static int static int
recv_krb5_auth (int s, u_char *buf, recv_krb5_auth (int s, u_char *buf,
struct sockaddr *thisaddr, struct sockaddr *thisaddr,
@ -311,14 +329,15 @@ recv_krb5_auth (int s, u_char *buf,
syslog_and_die ("krb5_sock_to_principal: %s", syslog_and_die ("krb5_sock_to_principal: %s",
krb5_get_err_text(context, status)); krb5_get_err_text(context, status));
status = krb5_recvauth(context, status = krb5_recvauth_match_version(context,
&auth_context, &auth_context,
&s, &s,
KCMD_VERSION, match_kcmd_version,
server, NULL,
KRB5_RECVAUTH_IGNORE_VERSION, server,
NULL, KRB5_RECVAUTH_IGNORE_VERSION,
&ticket); NULL,
&ticket);
krb5_free_principal (context, server); krb5_free_principal (context, server);
if (status) if (status)
syslog_and_die ("krb5_recvauth: %s", syslog_and_die ("krb5_recvauth: %s",
@ -328,8 +347,17 @@ recv_krb5_auth (int s, u_char *buf,
read_str (s, cmd, COMMAND_SZ, "command"); read_str (s, cmd, COMMAND_SZ, "command");
read_str (s, client_username, COMMAND_SZ, "local username"); read_str (s, client_username, COMMAND_SZ, "local username");
status = krb5_auth_con_getkey (context, auth_context, &keyblock); if(protocol_version == 2) {
if (status) status = krb5_auth_con_getremotesubkey(context, auth_context,
&keyblock);
if(status != 0 || keyblock == NULL)
syslog_and_die("failed to get remote subkey");
} else if(protocol_version == 1) {
status = krb5_auth_con_getkey (context, auth_context, &keyblock);
if(status != 0 || keyblock == NULL)
syslog_and_die("failed to get key");
}
if (status != 0 || keyblock == NULL)
syslog_and_die ("krb5_auth_con_getkey: %s", syslog_and_die ("krb5_auth_con_getkey: %s",
krb5_get_err_text(context, status)); krb5_get_err_text(context, status));
@ -436,6 +464,11 @@ loop (int from0, int to0,
if(from0 >= FD_SETSIZE || from1 >= FD_SETSIZE || from2 >= FD_SETSIZE) if(from0 >= FD_SETSIZE || from1 >= FD_SETSIZE || from2 >= FD_SETSIZE)
errx (1, "fd too large"); errx (1, "fd too large");
#ifdef KRB5
if(auth_method == AUTH_KRB5 && protocol_version == 2)
init_ivecs(0);
#endif
FD_ZERO(&real_readset); FD_ZERO(&real_readset);
FD_SET(from0, &real_readset); FD_SET(from0, &real_readset);
FD_SET(from1, &real_readset); FD_SET(from1, &real_readset);
@ -454,7 +487,7 @@ loop (int from0, int to0,
syslog_and_die ("select: %m"); syslog_and_die ("select: %m");
} }
if (FD_ISSET(from0, &readset)) { if (FD_ISSET(from0, &readset)) {
ret = do_read (from0, buf, sizeof(buf)); ret = do_read (from0, buf, sizeof(buf), ivec_in[0]);
if (ret < 0) if (ret < 0)
syslog_and_die ("read: %m"); syslog_and_die ("read: %m");
else if (ret == 0) { else if (ret == 0) {
@ -475,7 +508,7 @@ loop (int from0, int to0,
if (--count == 0) if (--count == 0)
exit (0); exit (0);
} else } else
do_write (to1, buf, ret); do_write (to1, buf, ret, ivec_out[0]);
} }
if (FD_ISSET(from2, &readset)) { if (FD_ISSET(from2, &readset)) {
ret = read (from2, buf, sizeof(buf)); ret = read (from2, buf, sizeof(buf));
@ -488,7 +521,7 @@ loop (int from0, int to0,
if (--count == 0) if (--count == 0)
exit (0); exit (0);
} else } else
do_write (to2, buf, ret); do_write (to2, buf, ret, ivec_out[1]);
} }
} }
} }

8
crypto/heimdal/appl/su/su.c

@ -32,7 +32,7 @@
#include <config.h> #include <config.h>
RCSID("$Id: su.c,v 1.24 2002/02/19 13:01:15 joda Exp $"); RCSID("$Id: su.c,v 1.25 2002/09/10 20:03:47 joda Exp $");
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
@ -50,11 +50,7 @@ RCSID("$Id: su.c,v 1.24 2002/02/19 13:01:15 joda Exp $");
#include <pwd.h> #include <pwd.h>
#ifdef HAVE_OPENSSL #include "crypto-headers.h"
#include <openssl/des.h>
#else
#include <des.h>
#endif
#ifdef KRB5 #ifdef KRB5
#include <krb5.h> #include <krb5.h>
#endif #endif

8
crypto/heimdal/appl/telnet/ChangeLog

@ -1,5 +1,13 @@
2002-09-02 Johan Danielsson <joda@pdc.kth.se>
* libtelnet/kerberos5.c: set AP_OPTS_USE_SUBKEY
2002-08-28 Johan Danielsson <joda@pdc.kth.se> 2002-08-28 Johan Danielsson <joda@pdc.kth.se>
* telnet/commands.c: remove extra "Toggle"'s
* telnet/commands.c: IRIX == 4 -> IRIX4
* telnet/main.c: rename functions to what they're really called * telnet/main.c: rename functions to what they're really called
* telnet/commands.c: kill some might be uninitialized warnings * telnet/commands.c: kill some might be uninitialized warnings

8
crypto/heimdal/appl/telnet/libtelnet/enc_des.c

@ -33,7 +33,7 @@
#include <config.h> #include <config.h>
RCSID("$Id: enc_des.c,v 1.20 2001/08/29 00:45:19 assar Exp $"); RCSID("$Id: enc_des.c,v 1.21 2002/09/10 20:03:47 joda Exp $");
#if defined(AUTHENTICATION) && defined(ENCRYPTION) && defined(DES_ENCRYPTION) #if defined(AUTHENTICATION) && defined(ENCRYPTION) && defined(DES_ENCRYPTION)
#include <arpa/telnet.h> #include <arpa/telnet.h>
@ -50,11 +50,7 @@ RCSID("$Id: enc_des.c,v 1.20 2001/08/29 00:45:19 assar Exp $");
#include "encrypt.h" #include "encrypt.h"
#include "misc-proto.h" #include "misc-proto.h"
#ifdef HAVE_OPENSSL #include "crypto-headers.h"
#include <openssl/des.h>
#else
#include <des.h>
#endif
extern int encrypt_debug_mode; extern int encrypt_debug_mode;

6
crypto/heimdal/appl/telnet/libtelnet/encrypt.h

@ -55,7 +55,7 @@
* or implied warranty. * or implied warranty.
*/ */
/* $Id: encrypt.h,v 1.7 2001/08/22 20:30:22 assar Exp $ */ /* $Id: encrypt.h,v 1.8 2002/09/10 20:03:47 joda Exp $ */
#ifndef __ENCRYPT__ #ifndef __ENCRYPT__
#define __ENCRYPT__ #define __ENCRYPT__
@ -90,11 +90,9 @@ typedef struct {
#define SK_DES 1 /* Matched Kerberos v5 KEYTYPE_DES */ #define SK_DES 1 /* Matched Kerberos v5 KEYTYPE_DES */
#include "crypto-headers.h"
#ifdef HAVE_OPENSSL #ifdef HAVE_OPENSSL
#include <openssl/des.h>
#define des_new_random_key des_random_key #define des_new_random_key des_random_key
#else
#include <des.h>
#endif #endif
#include "enc-proto.h" #include "enc-proto.h"

4
crypto/heimdal/appl/telnet/libtelnet/kerberos5.c

@ -53,7 +53,7 @@
#include <config.h> #include <config.h>
RCSID("$Id: kerberos5.c,v 1.50 2002/08/28 20:55:53 joda Exp $"); RCSID("$Id: kerberos5.c,v 1.51 2002/09/02 15:33:20 joda Exp $");
#ifdef KRB5 #ifdef KRB5
@ -207,6 +207,8 @@ kerberos5_send(char *name, Authenticator *ap)
else else
ap_opts = 0; ap_opts = 0;
ap_opts |= AP_OPTS_USE_SUBKEY;
ret = krb5_auth_con_init (context, &auth_context); ret = krb5_auth_con_init (context, &auth_context);
if (ret) { if (ret) {
if (auth_debug_mode) { if (auth_debug_mode) {

28
crypto/heimdal/cf/ChangeLog

@ -1,3 +1,31 @@
2002-09-10 Johan Danielsson <joda@pdc.kth.se>
* crypto.m4: use m4 macros for test cases, also test for older
hash names
* test-package.m4: include dep libraries in LIB_*
* crypto.m4: move krb4 test before test for openssl, and bail out
if krb4 is requested, but the crypto library is not the same as
krb4
* db.m4: filter contents of LDFLAGS
2002-09-09 Johan Danielsson <joda@pdc.kth.se>
* auth-modules.m4: rename to rk_AUTH_MODULES
* auth-modules.m4: only include modules explicitly asked for
2002-09-04 Johan Danielsson <joda@pdc.kth.se>
* roken-frag.m4: test for res_nsearch
2002-09-03 Assar Westerlund <assar@kth.se>
* roken-frag.m4: check for sys/mman.h and mmap (used by
parse_reply-test)
2002-08-28 Assar Westerlund <assar@kth.se> 2002-08-28 Assar Westerlund <assar@kth.se>
* krb-readline.m4: also add LIB_tgetent in the case of editline * krb-readline.m4: also add LIB_tgetent in the case of editline

29
crypto/heimdal/cf/auth-modules.m4

@ -1,16 +1,22 @@
dnl $Id: auth-modules.m4,v 1.3 2002/08/28 15:04:57 nectar Exp $ dnl $Id: auth-modules.m4,v 1.5 2002/09/09 13:31:45 joda Exp $
dnl dnl
dnl Figure what authentication modules should be built dnl Figure what authentication modules should be built
dnl
dnl rk_AUTH_MODULES(module-list)
AC_DEFUN(AC_AUTH_MODULES,[ AC_DEFUN(rk_AUTH_MODULES,[
AC_MSG_CHECKING(which authentication modules should be built) AC_MSG_CHECKING([which authentication modules should be built])
z='m4_ifval([$1], $1, [sia pam afskauthlib])'
LIB_AUTH_SUBDIRS= LIB_AUTH_SUBDIRS=
for i in $z; do
case $i in
sia)
if test "$ac_cv_header_siad_h" = yes; then if test "$ac_cv_header_siad_h" = yes; then
LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS sia" LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS sia"
fi fi
;;
pam)
case "${host}" in case "${host}" in
*-*-freebsd*) ac_cv_want_pam_krb4=no ;; *-*-freebsd*) ac_cv_want_pam_krb4=no ;;
*) ac_cv_want_pam_krb4=yes ;; *) ac_cv_want_pam_krb4=yes ;;
@ -21,12 +27,19 @@ if test "$ac_cv_want_pam_krb4" = yes -a \
"$enable_shared" = yes; then "$enable_shared" = yes; then
LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS pam" LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS pam"
fi fi
;;
afskauthlib)
case "${host}" in case "${host}" in
*-*-irix[[56]]*) LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS afskauthlib" ;; *-*-irix[[56]]*) LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS afskauthlib" ;;
esac esac
;;
AC_MSG_RESULT($LIB_AUTH_SUBDIRS) esac
done
if test "$LIB_AUTH_SUBDIRS"; then
AC_MSG_RESULT($LIB_AUTH_SUBDIRS)
else
AC_MSG_RESULT(none)
fi
AC_SUBST(LIB_AUTH_SUBDIRS)dnl AC_SUBST(LIB_AUTH_SUBDIRS)dnl
]) ])

214
crypto/heimdal/cf/crypto.m4

@ -1,10 +1,54 @@
dnl $Id: crypto.m4,v 1.11 2002/08/28 23:09:05 assar Exp $ dnl $Id: crypto.m4,v 1.13 2002/09/10 19:55:48 joda Exp $
dnl dnl
dnl test for crypto libraries: dnl test for crypto libraries:
dnl - libcrypto (from openssl) dnl - libcrypto (from openssl)
dnl - libdes (from krb4) dnl - libdes (from krb4)
dnl - own-built libdes dnl - own-built libdes
m4_define([test_headers], [
#undef KRB5 /* makes md4.h et al unhappy */
#ifdef HAVE_OPENSSL
#include <openssl/md4.h>
#include <openssl/md5.h>
#include <openssl/sha.h>
#include <openssl/des.h>
#include <openssl/rc4.h>
#else
#include <md4.h>
#include <md5.h>
#include <sha.h>
#include <des.h>
#include <rc4.h>
#endif
#ifdef OLD_HASH_NAMES
typedef struct md4 MD4_CTX;
#define MD4_Init(C) md4_init((C))
#define MD4_Update(C, D, L) md4_update((C), (D), (L))
#define MD4_Final(D, C) md4_finito((C), (D))
typedef struct md5 MD5_CTX;
#define MD5_Init(C) md5_init((C))
#define MD5_Update(C, D, L) md5_update((C), (D), (L))
#define MD5_Final(D, C) md5_finito((C), (D))
typedef struct sha SHA_CTX;
#define SHA1_Init(C) sha_init((C))
#define SHA1_Update(C, D, L) sha_update((C), (D), (L))
#define SHA1_Final(D, C) sha_finito((C), (D))
#endif
])
m4_define([test_body], [
void *schedule = 0;
MD4_CTX md4;
MD5_CTX md5;
SHA_CTX sha1;
MD4_Init(&md4);
MD5_Init(&md5);
SHA1_Init(&sha1);
des_cbc_encrypt(0, 0, 0, schedule, 0, 0);
RC4(0, 0, 0, 0);])
AC_DEFUN([KRB_CRYPTO],[ AC_DEFUN([KRB_CRYPTO],[
crypto_lib=unknown crypto_lib=unknown
AC_WITH_ALL([openssl]) AC_WITH_ALL([openssl])
@ -14,49 +58,7 @@ DIR_des=
AC_MSG_CHECKING([for crypto library]) AC_MSG_CHECKING([for crypto library])
openssl=no openssl=no
if test "$crypto_lib" = "unknown" -a "$with_openssl" != "no"; then old_hash=no
save_CPPFLAGS="$CPPFLAGS"
save_LIBS="$LIBS"
INCLUDE_des=
LIB_des=
if test "$with_openssl_include" != ""; then
INCLUDE_des="-I${with_openssl}/include"
fi
if test "$with_openssl_lib" != ""; then
LIB_des="-L${with_openssl}/lib"
fi
CPPFLAGS="${INCLUDE_des} ${CPPFLAGS}"
LIB_des="${LIB_des} -lcrypto"
LIB_des_a="$LIB_des"
LIB_des_so="$LIB_des"
LIB_des_appl="$LIB_des"
LIBS="${LIBS} ${LIB_des}"
AC_TRY_LINK([
#include <openssl/md4.h>
#include <openssl/md5.h>
#include <openssl/sha.h>
#include <openssl/des.h>
#include <openssl/rc4.h>
],
[
void *schedule = 0;
MD4_CTX md4;
MD5_CTX md5;
SHA_CTX sha1;
MD4_Init(&md4);
MD5_Init(&md5);
SHA1_Init(&sha1);
des_cbc_encrypt(0, 0, 0, schedule, 0, 0);
RC4(0, 0, 0, 0);
], [
crypto_lib=libcrypto openssl=yes
AC_MSG_RESULT([libcrypto])])
CPPFLAGS="$save_CPPFLAGS"
LIBS="$save_LIBS"
fi
if test "$crypto_lib" = "unknown" -a "$with_krb4" != "no"; then if test "$crypto_lib" = "unknown" -a "$with_krb4" != "no"; then
save_CPPFLAGS="$CPPFLAGS" save_CPPFLAGS="$CPPFLAGS"
@ -72,91 +74,22 @@ if test "$crypto_lib" = "unknown" -a "$with_krb4" != "no"; then
ires= ires=
for i in $INCLUDE_krb4; do for i in $INCLUDE_krb4; do
CFLAGS="-DHAVE_OPENSSL $i $save_CFLAGS"
AC_TRY_COMPILE(test_headers, test_body,
openssl=yes ires="$i"; break)
CFLAGS="$i $save_CFLAGS" CFLAGS="$i $save_CFLAGS"
AC_TRY_COMPILE([ AC_TRY_COMPILE(test_headers, test_body,
#undef KRB5 /* makes md4.h et al unhappy */ openssl=no ires="$i"; break)
#define KRB4 CFLAGS="-DOLD_HASH_NAMES $i $save_CFLAGS"
#include <openssl/md4.h> AC_TRY_COMPILE(test_headers, test_body,
#include <openssl/md5.h> openssl=no ires="$i" old_hash=yes; break)
#include <openssl/sha.h>
#include <openssl/des.h>
#include <openssl/rc4.h>
], [
MD4_CTX md4;
MD5_CTX md5;
SHA_CTX sha1;
MD4_Init(&md4);
MD5_Init(&md5);
SHA1_Init(&sha1);
des_cbc_encrypt(0, 0, 0, 0, 0, 0);
RC4(0, 0, 0, 0);],openssl=yes ires="$i"; break)
AC_TRY_COMPILE([
#undef KRB5 /* makes md4.h et al unhappy */
#define KRB4
#include <md4.h>
#include <md5.h>
#include <sha.h>
#include <des.h>
#include <rc4.h>
], [
MD4_CTX md4;
MD5_CTX md5;
SHA_CTX sha1;
MD4_Init(&md4);
MD5_Init(&md5);
SHA1_Init(&sha1);
des_cbc_encrypt(0, 0, 0, 0, 0, 0);
RC4(0, 0, 0, 0);],ires="$i"; break)
done done
lres= lres=
for i in $cdirs; do for i in $cdirs; do
for j in $clibs; do for j in $clibs; do
LIBS="$i $j $save_LIBS" LIBS="$i $j $save_LIBS"
if test "$openssl" = yes; then AC_TRY_LINK(test_headers, test_body,
AC_TRY_LINK([ lres="$i $j"; break 2)
#undef KRB5 /* makes md4.h et al unhappy */
#define KRB4
#include <openssl/md4.h>
#include <openssl/md5.h>
#include <openssl/sha.h>
#include <openssl/des.h>
#include <openssl/rc4.h>
], [
MD4_CTX md4;
MD5_CTX md5;
SHA_CTX sha1;
MD4_Init(&md4);
MD5_Init(&md5);
SHA1_Init(&sha1);
des_cbc_encrypt(0, 0, 0, 0, 0, 0);
RC4(0, 0, 0, 0);],lres="$i $j"; break 2)
else
AC_TRY_LINK([
#undef KRB5 /* makes md4.h et al unhappy */
#define KRB4
#include <md4.h>
#include <md5.h>
#include <sha.h>
#include <des.h>
#include <rc4.h>
], [
MD4_CTX md4;
MD5_CTX md5;
SHA_CTX sha1;
MD4_Init(&md4);
MD5_Init(&md5);
SHA1_Init(&sha1);
des_cbc_encrypt(0, 0, 0, 0, 0, 0);
RC4(0, 0, 0, 0);],lres="$i $j"; break 2)
fi
done done
done done
CFLAGS="$save_CFLAGS" CFLAGS="$save_CFLAGS"
@ -172,6 +105,31 @@ if test "$crypto_lib" = "unknown" -a "$with_krb4" != "no"; then
fi fi
fi fi
if test "$crypto_lib" = "unknown" -a "$with_openssl" != "no"; then
save_CFLAGS="$CFLAGS"
save_LIBS="$LIBS"
INCLUDE_des=
LIB_des=
if test "$with_openssl_include" != ""; then
INCLUDE_des="-I${with_openssl}/include"
fi
if test "$with_openssl_lib" != ""; then
LIB_des="-L${with_openssl}/lib"
fi
CFLAGS="-DHAVE_OPENSSL ${INCLUDE_des} ${CFLAGS}"
LIB_des="${LIB_des} -lcrypto"
LIB_des_a="$LIB_des"
LIB_des_so="$LIB_des"
LIB_des_appl="$LIB_des"
LIBS="${LIBS} ${LIB_des}"
AC_TRY_LINK(test_headers, test_body, [
crypto_lib=libcrypto openssl=yes
AC_MSG_RESULT([libcrypto])
])
CFLAGS="$save_CFLAGS"
LIBS="$save_LIBS"
fi
if test "$crypto_lib" = "unknown"; then if test "$crypto_lib" = "unknown"; then
DIR_des='des' DIR_des='des'
@ -184,9 +142,19 @@ if test "$crypto_lib" = "unknown"; then
fi fi
if test "$with_krb4" != no -a "$crypto_lib" != krb4; then
AC_MSG_ERROR([the crypto library used by krb4 lacks features
required by Kerberos 5; to continue, you need to install a newer
Kerberos 4 or configure --without-krb4])
fi
if test "$openssl" = "yes"; then if test "$openssl" = "yes"; then
AC_DEFINE([HAVE_OPENSSL], 1, [define to use openssl's libcrypto]) AC_DEFINE([HAVE_OPENSSL], 1, [define to use openssl's libcrypto])
fi fi
if test "$old_hash" = yes; then
AC_DEFINE([HAVE_OLD_HASH_NAMES], 1,
[define if you have hash functions like md4_finito()])
fi
AM_CONDITIONAL(HAVE_OPENSSL, test "$openssl" = yes)dnl AM_CONDITIONAL(HAVE_OPENSSL, test "$openssl" = yes)dnl
AC_SUBST(DIR_des) AC_SUBST(DIR_des)

12
crypto/heimdal/cf/db.m4

@ -1,4 +1,4 @@
dnl $Id: db.m4,v 1.8 2002/05/17 15:32:21 joda Exp $ dnl $Id: db.m4,v 1.9 2002/09/10 14:29:47 joda Exp $
dnl dnl
dnl tests for various db libraries dnl tests for various db libraries
dnl dnl
@ -190,7 +190,15 @@ AM_CONDITIONAL(HAVE_DB1, test "$db_type" = db1)dnl
AM_CONDITIONAL(HAVE_DB3, test "$db_type" = db3)dnl AM_CONDITIONAL(HAVE_DB3, test "$db_type" = db3)dnl
AM_CONDITIONAL(HAVE_NDBM, test "$db_type" = ndbm)dnl AM_CONDITIONAL(HAVE_NDBM, test "$db_type" = ndbm)dnl
DBLIB="$LDFLAGS $DBLIB" ## it's probably not correct to include LDFLAGS here, but we might
## need it, for now just add any possible -L
z=""
for i in $LDFLAGS; do
case "$i" in
-L*) z="$z $i";;
esac
done
DBLIB="$z $DBLIB"
AC_SUBST(DBLIB)dnl AC_SUBST(DBLIB)dnl
AC_SUBST(LIB_NDBM)dnl AC_SUBST(LIB_NDBM)dnl
]) ])

23
crypto/heimdal/cf/roken-frag.m4

@ -1,4 +1,4 @@
dnl $Id: roken-frag.m4,v 1.42 2002/08/26 13:26:52 assar Exp $ dnl $Id: roken-frag.m4,v 1.44 2002/09/04 20:57:30 joda Exp $
dnl dnl
dnl some code to get roken working dnl some code to get roken working
dnl dnl
@ -69,6 +69,7 @@ AC_CHECK_HEADERS([\
shadow.h \ shadow.h \
sys/bswap.h \ sys/bswap.h \
sys/ioctl.h \ sys/ioctl.h \
sys/mman.h \
sys/param.h \ sys/param.h \
sys/proc.h \ sys/proc.h \
sys/resource.h \ sys/resource.h \
@ -126,6 +127,24 @@ AC_FIND_FUNC(res_search, resolv,
], ],
[0,0,0,0,0]) [0,0,0,0,0])
AC_FIND_FUNC(res_nsearch, resolv,
[
#include <stdio.h>
#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_NETINET_IN_H
#include <netinet/in.h>
#endif
#ifdef HAVE_ARPA_NAMESER_H
#include <arpa/nameser.h>
#endif
#ifdef HAVE_RESOLV_H
#include <resolv.h>
#endif
],
[0,0,0,0,0])
AC_FIND_FUNC(dn_expand, resolv, AC_FIND_FUNC(dn_expand, resolv,
[ [
#include <stdio.h> #include <stdio.h>
@ -205,6 +224,8 @@ fi
AC_REQUIRE([AC_FUNC_GETLOGIN]) AC_REQUIRE([AC_FUNC_GETLOGIN])
AC_REQUIRE([AC_FUNC_MMAP])
AC_FIND_FUNC_NO_LIBS(getsockopt,, AC_FIND_FUNC_NO_LIBS(getsockopt,,
[#ifdef HAVE_SYS_TYPES_H [#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h> #include <sys/types.h>

4
crypto/heimdal/cf/test-package.m4

@ -1,4 +1,4 @@
dnl $Id: test-package.m4,v 1.11 2002/08/28 19:30:48 joda Exp $ dnl $Id: test-package.m4,v 1.12 2002/09/10 15:23:38 joda Exp $
dnl dnl
dnl rk_TEST_PACKAGE(package,headers,libraries,extra libs, dnl rk_TEST_PACKAGE(package,headers,libraries,extra libs,
dnl default locations, conditional, config-program) dnl default locations, conditional, config-program)
@ -101,7 +101,7 @@ if test "$with_$1" != no; then
done done
if test "$ires" -a "$lres" -a "$with_$1" != "no"; then if test "$ires" -a "$lres" -a "$with_$1" != "no"; then
INCLUDE_$1="-I$ires" INCLUDE_$1="-I$ires"
LIB_$1="-L$lres $3" LIB_$1="-L$lres $3 $4"
found=yes found=yes
AC_MSG_RESULT([headers $ires, libraries $lres]) AC_MSG_RESULT([headers $ires, libraries $lres])
fi fi

6074
crypto/heimdal/configure vendored

File diff suppressed because it is too large Load Diff

43
crypto/heimdal/configure.in

@ -1,8 +1,9 @@
dnl Process this file with autoconf to produce a configure script. dnl Process this file with autoconf to produce a configure script.
AC_REVISION($Revision: 1.320 $) AC_REVISION($Revision: 1.325 $)
AC_PREREQ(2.53) AC_PREREQ(2.53)
#test -z "$CFLAGS" && CFLAGS="-g" #test -z "$CFLAGS" && CFLAGS="-g"
AC_INIT(Heimdal, 0.4f, heimdal-bugs@pdc.kth.se) AC_INIT(Heimdal, 0.4f, heimdal-bugs@pdc.kth.se)
AC_CONFIG_SRCDIR([kuser/kinit.c])
AM_CONFIG_HEADER(include/config.h) AM_CONFIG_HEADER(include/config.h)
dnl Checks for programs. dnl Checks for programs.
@ -21,6 +22,8 @@ AC_CANONICAL_HOST
CANONICAL_HOST=$host CANONICAL_HOST=$host
AC_SUBST(CANONICAL_HOST) AC_SUBST(CANONICAL_HOST)
AC_SYS_LARGEFILE
dnl dnl
dnl this is needed to run the configure tests against glibc dnl this is needed to run the configure tests against glibc
dnl dnl
@ -48,22 +51,11 @@ AC_PROG_LIBTOOL
AC_WFLAGS(-Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs) AC_WFLAGS(-Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs)
rk_DB
dnl AC_ROKEN(10,[/usr/heimdal /usr/athena],[lib/roken],[$(top_builddir)/lib/roken/libroken.la],[-I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken])
rk_ROKEN(lib/roken)
LIB_roken="\$(top_builddir)/lib/vers/libvers.la $LIB_roken"
rk_TEST_PACKAGE(openldap, rk_TEST_PACKAGE(openldap,
[#include <lber.h> [#include <lber.h>
#include <ldap.h>], #include <ldap.h>],
[-lldap -llber],,,OPENLDAP) [-lldap -llber],,,OPENLDAP)
if test "$openldap_libdir"; then
LIB_openldap="-R $openldap_libdir $LIB_openldap"
fi
rk_TEST_PACKAGE(krb4,[#include <krb.h>],-lkrb,-ldes,/usr/athena, KRB4, krb4-config) rk_TEST_PACKAGE(krb4,[#include <krb.h>],-lkrb,-ldes,/usr/athena, KRB4, krb4-config)
LIB_kdb= LIB_kdb=
@ -156,10 +148,6 @@ if test "$with_krb4" != "no"; then
LIBS="$save_LIBS" LIBS="$save_LIBS"
CFLAGS="$save_CFLAGS" CFLAGS="$save_CFLAGS"
LIB_kdb="-lkdb -lkrb" LIB_kdb="-lkdb -lkrb"
if test "$krb4_libdir"; then
LIB_krb4="-R $krb4_libdir $LIB_krb4"
LIB_kdb="-R $krb4_libdir -L$krb4_libdir $LIB_kdb"
fi
fi fi
AM_CONDITIONAL(KRB4, test "$with_krb4" != "no") AM_CONDITIONAL(KRB4, test "$with_krb4" != "no")
AM_CONDITIONAL(KRB5, true) AM_CONDITIONAL(KRB5, true)
@ -168,6 +156,8 @@ AM_CONDITIONAL(do_roken_rename, true)
AC_DEFINE(KRB5, 1, [Enable Kerberos 5 support in applications.])dnl AC_DEFINE(KRB5, 1, [Enable Kerberos 5 support in applications.])dnl
AC_SUBST(LIB_kdb)dnl AC_SUBST(LIB_kdb)dnl
KRB_CRYPTO
AC_ARG_ENABLE(dce, AC_ARG_ENABLE(dce,
AC_HELP_STRING([--enable-dce],[if you want support for DCE/DFS PAG's])) AC_HELP_STRING([--enable-dce],[if you want support for DCE/DFS PAG's]))
if test "$enable_dce" = yes; then if test "$enable_dce" = yes; then
@ -189,10 +179,23 @@ AC_SUBST(dpagaix_cflags)
AC_SUBST(dpagaix_ldadd) AC_SUBST(dpagaix_ldadd)
AC_SUBST(dpagaix_ldflags) AC_SUBST(dpagaix_ldflags)
rk_DB
dnl AC_ROKEN(10,[/usr/heimdal /usr/athena],[lib/roken],[$(top_builddir)/lib/roken/libroken.la],[-I$(top_builddir)/lib/roken -I$(top_srcdir)/lib/roken])
rk_ROKEN(lib/roken)
LIB_roken="\$(top_builddir)/lib/vers/libvers.la $LIB_roken"
rk_OTP rk_OTP
AC_CHECK_OSFC2 AC_CHECK_OSFC2
AC_ARG_ENABLE(mmap,
AC_HELP_STRING([--disable-mmap],[disable use of mmap]))
if test "$enable_mmap" = "no"; then
AC_DEFINE(NO_MMAP, 1, [Define if you don't want to use mmap.])
fi
rk_CHECK_MAN rk_CHECK_MAN
rk_TEST_PACKAGE(readline, rk_TEST_PACKAGE(readline,
@ -241,6 +244,7 @@ AC_CHECK_HEADERS([\
libutil.h \ libutil.h \
limits.h \ limits.h \
maillock.h \ maillock.h \
netgroup.h \
netinet/in6_machtypes.h \ netinet/in6_machtypes.h \
netinfo/ni.h \ netinfo/ni.h \
pthread.h \ pthread.h \
@ -256,6 +260,7 @@ AC_CHECK_HEADERS([\
sys/file.h \ sys/file.h \
sys/filio.h \ sys/filio.h \
sys/ioccom.h \ sys/ioccom.h \
sys/mman.h \
sys/pty.h \ sys/pty.h \
sys/ptyio.h \ sys/ptyio.h \
sys/ptyvar.h \ sys/ptyvar.h \
@ -327,6 +332,8 @@ AC_CHECK_FUNCS([ \
yp_get_default_domain \ yp_get_default_domain \
]) ])
AC_FUNC_MMAP
KRB_CAPABILITIES KRB_CAPABILITIES
AC_CHECK_GETPWNAM_R_POSIX AC_CHECK_GETPWNAM_R_POSIX
@ -369,8 +376,6 @@ AC_CHECK_TYPES([int8_t, int16_t, int32_t, int64_t,
#endif #endif
]) ])
KRB_CRYPTO
KRB_READLINE KRB_READLINE
rk_TELNET rk_TELNET
@ -378,7 +383,7 @@ rk_TELNET
dnl Some operating systems already have com_err and compile_et dnl Some operating systems already have com_err and compile_et
CHECK_COMPILE_ET CHECK_COMPILE_ET
AC_AUTH_MODULES rk_AUTH_MODULES([sia afskauthlib])
rk_DESTDIRS rk_DESTDIRS

5
crypto/heimdal/doc/ack.texi

@ -1,4 +1,4 @@
@c $Id: ack.texi,v 1.14 2001/02/24 05:09:23 assar Exp $ @c $Id: ack.texi,v 1.15 2002/09/04 01:03:35 assar Exp $
@node Acknowledgments, , Migration, Top @node Acknowledgments, , Migration, Top
@comment node-name, next, previous, up @comment node-name, next, previous, up
@ -19,6 +19,9 @@ of NetBSD/FreeBSD.
@code{editline} was written by Simmule Turner and Rich Salz. @code{editline} was written by Simmule Turner and Rich Salz.
The @code{getifaddrs} implementation for Linux was written by Hideaki
YOSHIFUJI for the Usagi project.
Bugfixes, documentation, encouragement, and code has been contributed by: Bugfixes, documentation, encouragement, and code has been contributed by:
@table @asis @table @asis
@item Derrick J Brashear @item Derrick J Brashear

7
crypto/heimdal/doc/install.texi

@ -1,4 +1,4 @@
@c $Id: install.texi,v 1.17 2001/07/02 18:06:02 joda Exp $ @c $Id: install.texi,v 1.18 2002/09/04 03:18:48 assar Exp $
@node Building and Installing, Setting up a realm, What is Kerberos?, Top @node Building and Installing, Setting up a realm, What is Kerberos?, Top
@comment node-name, next, previous, up @comment node-name, next, previous, up
@ -98,4 +98,9 @@ On Irix there are three different ABIs that can be used (@samp{32},
@samp{n32}, or @samp{64}). This option allows you to override the @samp{n32}, or @samp{64}). This option allows you to override the
automatic selection. automatic selection.
@item @kbd{--disable-mmap}
Do not use the mmap system call. Normally, configure detects if there
is a working mmap and it is only used if there is one. Only try this
option if it fails to work anyhow.
@end table @end table

9
crypto/heimdal/include/Makefile.am

@ -1,25 +1,30 @@
# $Id: Makefile.am,v 1.32 2002/05/24 15:36:21 joda Exp $ # $Id: Makefile.am,v 1.33 2002/09/10 19:59:25 joda Exp $
include $(top_srcdir)/Makefile.am.common include $(top_srcdir)/Makefile.am.common
SUBDIRS = kadm5 SUBDIRS = kadm5
noinst_PROGRAMS = bits noinst_PROGRAMS = bits make_crypto
CHECK_LOCAL = CHECK_LOCAL =
INCLUDES += -DHOST=\"$(CANONICAL_HOST)\" INCLUDES += -DHOST=\"$(CANONICAL_HOST)\"
include_HEADERS = krb5-types.h include_HEADERS = krb5-types.h
noinst_HEADERS = crypto-headers.h
krb5-types.h: bits$(EXEEXT) krb5-types.h: bits$(EXEEXT)
./bits$(EXEEXT) krb5-types.h ./bits$(EXEEXT) krb5-types.h
crypto-headers.h: make_crypto$(EXEEXT)
./make_crypto$(EXEEXT) crypto-headers.h
CLEANFILES = \ CLEANFILES = \
asn1.h \ asn1.h \
asn1_err.h \ asn1_err.h \
base64.h \ base64.h \
com_err.h \ com_err.h \
com_right.h \ com_right.h \
crypto-headers.h\
der.h \ der.h \
des.h \ des.h \
editline.h \ editline.h \

28
crypto/heimdal/include/Makefile.in

@ -14,7 +14,7 @@
@SET_MAKE@ @SET_MAKE@
# $Id: Makefile.am,v 1.32 2002/05/24 15:36:21 joda Exp $ # $Id: Makefile.am,v 1.33 2002/09/10 19:59:25 joda Exp $
# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
@ -204,10 +204,11 @@ NROFF_MAN = groff -mandoc -Tascii
SUBDIRS = kadm5 SUBDIRS = kadm5
noinst_PROGRAMS = bits noinst_PROGRAMS = bits make_crypto
CHECK_LOCAL = CHECK_LOCAL =
include_HEADERS = krb5-types.h include_HEADERS = krb5-types.h
noinst_HEADERS = crypto-headers.h
CLEANFILES = \ CLEANFILES = \
asn1.h \ asn1.h \
@ -215,6 +216,7 @@ CLEANFILES = \
base64.h \ base64.h \
com_err.h \ com_err.h \
com_right.h \ com_right.h \
crypto-headers.h\
der.h \ der.h \
des.h \ des.h \
editline.h \ editline.h \
@ -249,7 +251,7 @@ subdir = include
mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
CONFIG_HEADER = config.h CONFIG_HEADER = config.h
CONFIG_CLEAN_FILES = CONFIG_CLEAN_FILES =
noinst_PROGRAMS = bits$(EXEEXT) noinst_PROGRAMS = bits$(EXEEXT) make_crypto$(EXEEXT)
PROGRAMS = $(noinst_PROGRAMS) PROGRAMS = $(noinst_PROGRAMS)
bits_SOURCES = bits.c bits_SOURCES = bits.c
@ -257,6 +259,11 @@ bits_OBJECTS = bits.$(OBJEXT)
bits_LDADD = $(LDADD) bits_LDADD = $(LDADD)
bits_DEPENDENCIES = bits_DEPENDENCIES =
bits_LDFLAGS = bits_LDFLAGS =
make_crypto_SOURCES = make_crypto.c
make_crypto_OBJECTS = make_crypto.$(OBJEXT)
make_crypto_LDADD = $(LDADD)
make_crypto_DEPENDENCIES =
make_crypto_LDFLAGS =
DEFS = @DEFS@ DEFS = @DEFS@
DEFAULT_INCLUDES = -I. -I$(srcdir) -I. DEFAULT_INCLUDES = -I. -I$(srcdir) -I.
@ -273,17 +280,18 @@ CCLD = $(CC)
LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(AM_LDFLAGS) $(LDFLAGS) -o $@ $(AM_LDFLAGS) $(LDFLAGS) -o $@
CFLAGS = @CFLAGS@ CFLAGS = @CFLAGS@
DIST_SOURCES = bits.c DIST_SOURCES = bits.c make_crypto.c
HEADERS = $(include_HEADERS) HEADERS = $(include_HEADERS) $(noinst_HEADERS)
RECURSIVE_TARGETS = info-recursive dvi-recursive install-info-recursive \ RECURSIVE_TARGETS = info-recursive dvi-recursive install-info-recursive \
uninstall-info-recursive all-recursive install-data-recursive \ uninstall-info-recursive all-recursive install-data-recursive \
install-exec-recursive installdirs-recursive install-recursive \ install-exec-recursive installdirs-recursive install-recursive \
uninstall-recursive check-recursive installcheck-recursive uninstall-recursive check-recursive installcheck-recursive
DIST_COMMON = $(include_HEADERS) Makefile.am Makefile.in config.h.in DIST_COMMON = $(include_HEADERS) $(noinst_HEADERS) Makefile.am \
Makefile.in
DIST_SUBDIRS = $(SUBDIRS) DIST_SUBDIRS = $(SUBDIRS)
SOURCES = bits.c SOURCES = bits.c make_crypto.c
all: config.h all: config.h
$(MAKE) $(AM_MAKEFLAGS) all-recursive $(MAKE) $(AM_MAKEFLAGS) all-recursive
@ -322,6 +330,9 @@ clean-noinstPROGRAMS:
bits$(EXEEXT): $(bits_OBJECTS) $(bits_DEPENDENCIES) bits$(EXEEXT): $(bits_OBJECTS) $(bits_DEPENDENCIES)
@rm -f bits$(EXEEXT) @rm -f bits$(EXEEXT)
$(LINK) $(bits_LDFLAGS) $(bits_OBJECTS) $(bits_LDADD) $(LIBS) $(LINK) $(bits_LDFLAGS) $(bits_OBJECTS) $(bits_LDADD) $(LIBS)
make_crypto$(EXEEXT): $(make_crypto_OBJECTS) $(make_crypto_DEPENDENCIES)
@rm -f make_crypto$(EXEEXT)
$(LINK) $(make_crypto_LDFLAGS) $(make_crypto_OBJECTS) $(make_crypto_LDADD) $(LIBS)
mostlyclean-compile: mostlyclean-compile:
-rm -f *.$(OBJEXT) core *.core -rm -f *.$(OBJEXT) core *.core
@ -731,6 +742,9 @@ install-data-local: install-cat-mans
krb5-types.h: bits$(EXEEXT) krb5-types.h: bits$(EXEEXT)
./bits$(EXEEXT) krb5-types.h ./bits$(EXEEXT) krb5-types.h
crypto-headers.h: make_crypto$(EXEEXT)
./make_crypto$(EXEEXT) crypto-headers.h
# Tell versions [3.59,3.63) of GNU make to not export all variables. # Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded. # Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT: .NOEXPORT:

57
crypto/heimdal/include/config.h.in

@ -285,6 +285,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* Define if you have the function `getopt'. */ /* Define if you have the function `getopt'. */
#undef HAVE_GETOPT #undef HAVE_GETOPT
/* Define to 1 if you have the `getpagesize' function. */
#undef HAVE_GETPAGESIZE
/* Define to 1 if you have the `getprogname' function. */ /* Define to 1 if you have the `getprogname' function. */
#undef HAVE_GETPROGNAME #undef HAVE_GETPROGNAME
@ -448,6 +451,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* Define to 1 if you have the `mktime' function. */ /* Define to 1 if you have the `mktime' function. */
#undef HAVE_MKTIME #undef HAVE_MKTIME
/* Define to 1 if you have a working `mmap' system call. */
#undef HAVE_MMAP
/* define if you have a ndbm library */ /* define if you have a ndbm library */
#undef HAVE_NDBM #undef HAVE_NDBM
@ -457,6 +463,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* Define to 1 if you have the <netdb.h> header file. */ /* Define to 1 if you have the <netdb.h> header file. */
#undef HAVE_NETDB_H #undef HAVE_NETDB_H
/* Define to 1 if you have the <netgroup.h> header file. */
#undef HAVE_NETGROUP_H
/* Define to 1 if you have the <netinet6/in6.h> header file. */ /* Define to 1 if you have the <netinet6/in6.h> header file. */
#undef HAVE_NETINET6_IN6_H #undef HAVE_NETINET6_IN6_H
@ -493,6 +502,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* Define if NDBM really is DB (creates files *.db) */ /* Define if NDBM really is DB (creates files *.db) */
#undef HAVE_NEW_DB #undef HAVE_NEW_DB
/* define if you have hash functions like md4_finito() */
#undef HAVE_OLD_HASH_NAMES
/* Define to 1 if you have the `on_exit' function. */ /* Define to 1 if you have the `on_exit' function. */
#undef HAVE_ON_EXIT #undef HAVE_ON_EXIT
@ -559,6 +571,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* Define to 1 if you have the <resolv.h> header file. */ /* Define to 1 if you have the <resolv.h> header file. */
#undef HAVE_RESOLV_H #undef HAVE_RESOLV_H
/* Define to 1 if you have the `res_nsearch' function. */
#undef HAVE_RES_NSEARCH
/* Define to 1 if you have the `res_search' function. */ /* Define to 1 if you have the `res_search' function. */
#undef HAVE_RES_SEARCH #undef HAVE_RES_SEARCH
@ -844,6 +859,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* Define to 1 if you have the <sys/ioctl.h> header file. */ /* Define to 1 if you have the <sys/ioctl.h> header file. */
#undef HAVE_SYS_IOCTL_H #undef HAVE_SYS_IOCTL_H
/* Define to 1 if you have the <sys/mman.h> header file. */
#undef HAVE_SYS_MMAN_H
/* Define to 1 if you have the <sys/param.h> header file. */ /* Define to 1 if you have the <sys/param.h> header file. */
#undef HAVE_SYS_PARAM_H #undef HAVE_SYS_PARAM_H
@ -1210,6 +1228,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* define if the system is missing a prototype for vsnprintf() */ /* define if the system is missing a prototype for vsnprintf() */
#undef NEED_VSNPRINTF_PROTO #undef NEED_VSNPRINTF_PROTO
/* Define if you don't want to use mmap. */
#undef NO_MMAP
/* Define this to enable old environment option in telnet. */ /* Define this to enable old environment option in telnet. */
#undef OLD_ENVIRON #undef OLD_ENVIRON
@ -1290,9 +1311,15 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
`char[]'. */ `char[]'. */
#undef YYTEXT_POINTER #undef YYTEXT_POINTER
/* Number of bits in a file offset, on hosts where this is settable. */
#undef _FILE_OFFSET_BITS
/* Define to enable extensions on glibc-based systems such as Linux. */ /* Define to enable extensions on glibc-based systems such as Linux. */
#undef _GNU_SOURCE #undef _GNU_SOURCE
/* Define for large files, on AIX-style hosts. */
#undef _LARGE_FILES
/* Define to empty if `const' does not conform to ANSI C. */ /* Define to empty if `const' does not conform to ANSI C. */
#undef const #undef const
@ -1321,6 +1348,13 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* Define to `int' if <sys/types.h> doesn't define. */ /* Define to `int' if <sys/types.h> doesn't define. */
#undef uid_t #undef uid_t
#if defined(HAVE_FOUR_VALUED_KRB_PUT_INT) || !defined(KRB4)
#define KRB_PUT_INT(F, T, L, S) krb_put_int((F), (T), (L), (S))
#else
#define KRB_PUT_INT(F, T, L, S) krb_put_int((F), (T), (S))
#endif
#if defined(ENCRYPTION) && !defined(AUTHENTICATION) #if defined(ENCRYPTION) && !defined(AUTHENTICATION)
#define AUTHENTICATION 1 #define AUTHENTICATION 1
@ -1345,6 +1379,14 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
#include "roken_rename.h" #include "roken_rename.h"
#endif #endif
#ifndef HAVE_KRB_KDCTIMEOFDAY
#define krb_kdctimeofday(X) gettimeofday((X), NULL)
#endif
#ifndef HAVE_KRB_GET_KDC_TIME_DIFF
#define krb_get_kdc_time_diff() (0)
#endif
#ifdef VOID_RETSIGTYPE #ifdef VOID_RETSIGTYPE
#define SIGRETURN(x) return #define SIGRETURN(x) return
#else #else
@ -1356,21 +1398,6 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
#define isoc_realloc(X, Y) ((X) ? realloc((X), (Y)) : malloc(Y)) #define isoc_realloc(X, Y) ((X) ? realloc((X), (Y)) : malloc(Y))
#endif #endif
#if defined(HAVE_FOUR_VALUED_KRB_PUT_INT) || !defined(KRB4)
#define KRB_PUT_INT(F, T, L, S) krb_put_int((F), (T), (L), (S))
#else
#define KRB_PUT_INT(F, T, L, S) krb_put_int((F), (T), (S))
#endif
#ifndef HAVE_KRB_KDCTIMEOFDAY
#define krb_kdctimeofday(X) gettimeofday((X), NULL)
#endif
#ifndef HAVE_KRB_GET_KDC_TIME_DIFF
#define krb_get_kdc_time_diff() (0)
#endif
#if ENDIANESS_IN_SYS_PARAM_H #if ENDIANESS_IN_SYS_PARAM_H
# include <sys/types.h> # include <sys/types.h>

95
crypto/heimdal/include/make_crypto.c Normal file

@ -0,0 +1,95 @@
/*
* Copyright (c) 2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
RCSID("$Id");
#endif
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <ctype.h>
int
main(int argc, char **argv)
{
char *p;
FILE *f;
if(argc != 2) {
fprintf(stderr, "Usage: make_crypto file\n");
exit(1);
}
f = fopen(argv[1], "w");
if(f == NULL) {
perror(argv[1]);
exit(1);
}
for(p = argv[1]; *p; p++)
if(!isalnum((int)*p))
*p = '_';
fprintf(f, "#ifndef __%s__\n", argv[1]);
fprintf(f, "#define __%s__\n", argv[1]);
#ifdef HAVE_OPENSSL
fputs("#include <openssl/des.h>\n", f);
fputs("#include <openssl/rc4.h>\n", f);
fputs("#include <openssl/md4.h>\n", f);
fputs("#include <openssl/md5.h>\n", f);
fputs("#include <openssl/sha.h>\n", f);
#else
fputs("#include <des.h>\n", f);
fputs("#include <md4.h>\n", f);
fputs("#include <md5.h>\n", f);
fputs("#include <sha.h>\n", f);
fputs("#include <rc4.h>\n", f);
#ifdef HAVE_OLD_HASH_NAMES
fputs("\n", f);
fputs(" typedef struct md4 MD4_CTX;\n", f);
fputs("#define MD4_Init md4_init\n", f);
fputs("#define MD4_Update md4_update\n", f);
fputs("#define MD4_Final(D, C) md4_finito((C), (D))\n", f);
fputs("\n", f);
fputs(" typedef struct md5 MD5_CTX;\n", f);
fputs("#define MD5_Init md5_init\n", f);
fputs("#define MD5_Update md5_update\n", f);
fputs("#define MD5_Final(D, C) md5_finito((C), (D))\n", f);
fputs("\n", f);
fputs(" typedef struct sha SHA_CTX;\n", f);
fputs("#define SHA1_Init sha_init\n", f);
fputs("#define SHA1_Update sha_update\n", f);
fputs("#define SHA1_Final(D, C) sha_finito((C), (D))\n", f);
#endif
#endif
fprintf(f, "#endif /* __%s__ */\n", argv[1]);
fclose(f);
exit(0);
}

18
crypto/heimdal/kadmin/ChangeLog

@ -1,3 +1,21 @@
2002-09-10 Johan Danielsson <joda@pdc.kth.se>
* server.c: constify match_appl_version()
* version4.c: change some lingering krb_err_base
2002-09-09 Jacques Vidrine <nectar@kth.se>
* server.c (kadmind_dispatch): while decoding arguments for
kadm_chpass_with_key, sanity check the number of keys given.
Potential problem pointed out by
Sebastian Krahmer <krahmer@suse.de>.
2002-09-04 Johan Danielsson <joda@pdc.kth.se>
* load.c (parse_generation): return if there is no generation
(spotted by Daniel Kouril)
2002-06-07 Jacques Vidrine <n@nectar.com> 2002-06-07 Jacques Vidrine <n@nectar.com>
* ank.c: do not attempt to free uninitialized pointer when * ank.c: do not attempt to free uninitialized pointer when

8
crypto/heimdal/kadmin/load.c

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997-2001 Kungliga Tekniska Högskolan * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@ -34,7 +34,7 @@
#include "kadmin_locl.h" #include "kadmin_locl.h"
#include <kadm5/private.h> #include <kadm5/private.h>
RCSID("$Id: load.c,v 1.43 2001/08/10 13:52:22 joda Exp $"); RCSID("$Id: load.c,v 1.44 2002/09/04 20:44:35 joda Exp $");
struct entry { struct entry {
char *principal; char *principal;
@ -288,8 +288,10 @@ parse_generation(char *str, GENERATION **gen)
char *p; char *p;
int v; int v;
if(strcmp(str, "-") == 0 || *str == '\0') if(strcmp(str, "-") == 0 || *str == '\0') {
*gen = NULL; *gen = NULL;
return 0;
}
*gen = calloc(1, sizeof(**gen)); *gen = calloc(1, sizeof(**gen));
p = strsep(&str, ":"); p = strsep(&str, ":");

11
crypto/heimdal/kadmin/server.c

@ -34,7 +34,7 @@
#include "kadmin_locl.h" #include "kadmin_locl.h"
#include <krb5-private.h> #include <krb5-private.h>
RCSID("$Id: server.c,v 1.34 2002/05/24 15:23:42 joda Exp $"); RCSID("$Id: server.c,v 1.36 2002/09/10 19:23:28 joda Exp $");
static kadm5_ret_t static kadm5_ret_t
kadmind_dispatch(void *kadm_handle, krb5_boolean initial, kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
@ -255,6 +255,13 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
krb5_free_principal(context->context, princ); krb5_free_principal(context->context, princ);
goto fail; goto fail;
} }
/* n_key_data will be squeezed into an int16_t below. */
if (n_key_data < 0 || n_key_data >= 1 << 16 ||
n_key_data > UINT_MAX/sizeof(*key_data)) {
ret = ERANGE;
krb5_free_principal(context->context, princ);
goto fail;
}
key_data = malloc (n_key_data * sizeof(*key_data)); key_data = malloc (n_key_data * sizeof(*key_data));
if (key_data == NULL) { if (key_data == NULL) {
@ -440,7 +447,7 @@ v5_loop (krb5_context context,
} }
static krb5_boolean static krb5_boolean
match_appl_version(void *data, const char *appl_version) match_appl_version(const void *data, const char *appl_version)
{ {
unsigned minor; unsigned minor;
if(sscanf(appl_version, "KADM0.%u", &minor) != 1) if(sscanf(appl_version, "KADM0.%u", &minor) != 1)

6
crypto/heimdal/kadmin/version4.c

@ -41,7 +41,7 @@
#include <krb_err.h> #include <krb_err.h>
#include <kadm_err.h> #include <kadm_err.h>
RCSID("$Id: version4.c,v 1.25 2002/05/24 15:23:43 joda Exp $"); RCSID("$Id: version4.c,v 1.26 2002/09/10 15:20:46 joda Exp $");
#define KADM_NO_OPCODE -1 #define KADM_NO_OPCODE -1
#define KADM_NO_ENCRYPT -2 #define KADM_NO_ENCRYPT -2
@ -868,7 +868,7 @@ decode_packet(krb5_context context,
client_addr->sin_addr.s_addr, &ad, NULL); client_addr->sin_addr.s_addr, &ad, NULL);
if(ret) { if(ret) {
make_you_loose_packet(krb_err_base + ret, reply); make_you_loose_packet(ERROR_TABLE_BASE_krb + ret, reply);
krb5_warnx(context, "krb_rd_req: %d", ret); krb5_warnx(context, "krb_rd_req: %d", ret);
return; return;
} }
@ -905,7 +905,7 @@ decode_packet(krb5_context context,
ret = krb_rd_priv(msg + off, rlen, schedule, &ad.session, ret = krb_rd_priv(msg + off, rlen, schedule, &ad.session,
client_addr, admin_addr, &msg_dat); client_addr, admin_addr, &msg_dat);
if (ret) { if (ret) {
make_you_loose_packet (krb_err_base + ret, reply); make_you_loose_packet (ERROR_TABLE_BASE_krb + ret, reply);
krb5_warnx(context, "krb_rd_priv: %d", ret); krb5_warnx(context, "krb_rd_priv: %d", ret);
goto out; goto out;
} }

4
crypto/heimdal/kdc/hprop.c

@ -33,7 +33,7 @@
#include "hprop.h" #include "hprop.h"
RCSID("$Id: hprop.c,v 1.69 2002/04/18 10:18:35 joda Exp $"); RCSID("$Id: hprop.c,v 1.70 2002/09/04 18:19:41 joda Exp $");
static int version_flag; static int version_flag;
static int help_flag; static int help_flag;
@ -691,7 +691,7 @@ propagate_database (krb5_context context, int type,
HPROP_VERSION, HPROP_VERSION,
NULL, NULL,
server, server,
AP_OPTS_MUTUAL_REQUIRED, AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SUBKEY,
NULL, /* in_data */ NULL, /* in_data */
NULL, /* in_creds */ NULL, /* in_creds */
ccache, ccache,

4
crypto/heimdal/kdc/kaserver.c

@ -33,7 +33,7 @@
#include "kdc_locl.h" #include "kdc_locl.h"
RCSID("$Id: kaserver.c,v 1.19 2002/04/18 16:07:39 joda Exp $"); RCSID("$Id: kaserver.c,v 1.20 2002/09/09 14:03:02 nectar Exp $");
#include <rx.h> #include <rx.h>
@ -186,6 +186,8 @@ krb5_ret_xdr_data(krb5_storage *sp,
ret = krb5_ret_int32(sp, &size); ret = krb5_ret_int32(sp, &size);
if(ret) if(ret)
return ret; return ret;
if(size < 0)
return ERANGE;
data->length = size; data->length = size;
if (size) { if (size) {
u_char foo[4]; u_char foo[4];

122
crypto/heimdal/kdc/kerberos5.c

@ -33,7 +33,7 @@
#include "kdc_locl.h" #include "kdc_locl.h"
RCSID("$Id: kerberos5.c,v 1.140 2002/07/31 09:42:43 joda Exp $"); RCSID("$Id: kerberos5.c,v 1.143 2002/09/09 14:03:02 nectar Exp $");
#define MAX_TIME ((time_t)((1U << 31) - 1)) #define MAX_TIME ((time_t)((1U << 31) - 1))
@ -156,51 +156,69 @@ encode_reply(KDC_REP *rep, EncTicketPart *et, EncKDCRepPart *ek,
krb5_enctype etype, krb5_enctype etype,
int skvno, EncryptionKey *skey, int skvno, EncryptionKey *skey,
int ckvno, EncryptionKey *ckey, int ckvno, EncryptionKey *ckey,
const char **e_text,
krb5_data *reply) krb5_data *reply)
{ {
unsigned char buf[8192]; /* XXX The data could be indefinite */ unsigned char *buf;
size_t buf_size;
size_t len; size_t len;
krb5_error_code ret; krb5_error_code ret;
krb5_crypto crypto; krb5_crypto crypto;
ret = encode_EncTicketPart(buf + sizeof(buf) - 1, sizeof(buf), et, &len); ASN1_MALLOC_ENCODE(EncTicketPart, buf, buf_size, et, &len, ret);
if(ret) { if(ret) {
kdc_log(0, "Failed to encode ticket: %s", kdc_log(0, "Failed to encode ticket: %s",
krb5_get_err_text(context, ret)); krb5_get_err_text(context, ret));
return ret; return ret;
} }
if(buf_size != len) {
free(buf);
kdc_log(0, "Internal error in ASN.1 encoder");
*e_text = "KDC internal error";
return KRB5KRB_ERR_GENERIC;
}
ret = krb5_crypto_init(context, skey, etype, &crypto); ret = krb5_crypto_init(context, skey, etype, &crypto);
if (ret) { if (ret) {
free(buf);
kdc_log(0, "krb5_crypto_init failed: %s", kdc_log(0, "krb5_crypto_init failed: %s",
krb5_get_err_text(context, ret)); krb5_get_err_text(context, ret));
return ret; return ret;
} }
krb5_encrypt_EncryptedData(context, ret = krb5_encrypt_EncryptedData(context,
crypto, crypto,
KRB5_KU_TICKET, KRB5_KU_TICKET,
buf + sizeof(buf) - len, buf,
len, len,
skvno, skvno,
&rep->ticket.enc_part); &rep->ticket.enc_part);
free(buf);
krb5_crypto_destroy(context, crypto); krb5_crypto_destroy(context, crypto);
if(ret) {
kdc_log(0, "Failed to encrypt data: %s",
krb5_get_err_text(context, ret));
return ret;
}
if(rep->msg_type == krb_as_rep && !encode_as_rep_as_tgs_rep) if(rep->msg_type == krb_as_rep && !encode_as_rep_as_tgs_rep)
ret = encode_EncASRepPart(buf + sizeof(buf) - 1, sizeof(buf), ASN1_MALLOC_ENCODE(EncASRepPart, buf, buf_size, ek, &len, ret);
ek, &len);
else else
ret = encode_EncTGSRepPart(buf + sizeof(buf) - 1, sizeof(buf), ASN1_MALLOC_ENCODE(EncTGSRepPart, buf, buf_size, ek, &len, ret);
ek, &len);
if(ret) { if(ret) {
kdc_log(0, "Failed to encode KDC-REP: %s", kdc_log(0, "Failed to encode KDC-REP: %s",
krb5_get_err_text(context, ret)); krb5_get_err_text(context, ret));
return ret; return ret;
} }
if(buf_size != len) {
free(buf);
kdc_log(0, "Internal error in ASN.1 encoder");
*e_text = "KDC internal error";
return KRB5KRB_ERR_GENERIC;
}
ret = krb5_crypto_init(context, ckey, 0, &crypto); ret = krb5_crypto_init(context, ckey, 0, &crypto);
if (ret) { if (ret) {
free(buf);
kdc_log(0, "krb5_crypto_init failed: %s", kdc_log(0, "krb5_crypto_init failed: %s",
krb5_get_err_text(context, ret)); krb5_get_err_text(context, ret));
return ret; return ret;
@ -209,20 +227,22 @@ encode_reply(KDC_REP *rep, EncTicketPart *et, EncKDCRepPart *ek,
krb5_encrypt_EncryptedData(context, krb5_encrypt_EncryptedData(context,
crypto, crypto,
KRB5_KU_AS_REP_ENC_PART, KRB5_KU_AS_REP_ENC_PART,
buf + sizeof(buf) - len, buf,
len, len,
ckvno, ckvno,
&rep->enc_part); &rep->enc_part);
ret = encode_AS_REP(buf + sizeof(buf) - 1, sizeof(buf), rep, &len); free(buf);
ASN1_MALLOC_ENCODE(AS_REP, buf, buf_size, rep, &len, ret);
} else { } else {
krb5_encrypt_EncryptedData(context, krb5_encrypt_EncryptedData(context,
crypto, crypto,
KRB5_KU_TGS_REP_ENC_PART_SESSION, KRB5_KU_TGS_REP_ENC_PART_SESSION,
buf + sizeof(buf) - len, buf,
len, len,
ckvno, ckvno,
&rep->enc_part); &rep->enc_part);
ret = encode_TGS_REP(buf + sizeof(buf) - 1, sizeof(buf), rep, &len); free(buf);
ASN1_MALLOC_ENCODE(TGS_REP, buf, buf_size, rep, &len, ret);
} }
krb5_crypto_destroy(context, crypto); krb5_crypto_destroy(context, crypto);
if(ret) { if(ret) {
@ -230,7 +250,14 @@ encode_reply(KDC_REP *rep, EncTicketPart *et, EncKDCRepPart *ek,
krb5_get_err_text(context, ret)); krb5_get_err_text(context, ret));
return ret; return ret;
} }
krb5_data_copy(reply, buf + sizeof(buf) - len, len); if(buf_size != len) {
free(buf);
kdc_log(0, "Internal error in ASN.1 encoder");
*e_text = "KDC internal error";
return KRB5KRB_ERR_GENERIC;
}
reply->data = buf;
reply->length = buf_size;
return 0; return 0;
} }
@ -297,6 +324,8 @@ get_pa_etype_info(METHOD_DATA *md, hdb_entry *client,
pa.len = client->keys.len; pa.len = client->keys.len;
if(pa.len > UINT_MAX/sizeof(*pa.val))
return ERANGE;
pa.val = malloc(pa.len * sizeof(*pa.val)); pa.val = malloc(pa.len * sizeof(*pa.val));
if(pa.val == NULL) if(pa.val == NULL)
return ENOMEM; return ENOMEM;
@ -333,18 +362,10 @@ get_pa_etype_info(METHOD_DATA *md, hdb_entry *client,
pa.len = n; pa.len = n;
} }
len = length_ETYPE_INFO(&pa); ASN1_MALLOC_ENCODE(ETYPE_INFO, buf, len, &pa, &len, ret);
buf = malloc(len);
if (buf == NULL) {
free_ETYPE_INFO(&pa);
return ENOMEM;
}
ret = encode_ETYPE_INFO(buf + len - 1, len, &pa, &len);
free_ETYPE_INFO(&pa); free_ETYPE_INFO(&pa);
if(ret) { if(ret)
free(buf);
return ret; return ret;
}
ret = realloc_method_data(md); ret = realloc_method_data(md);
if(ret) { if(ret) {
free(buf); free(buf);
@ -657,15 +678,10 @@ as_rep(KDC_REQ *req,
ret = get_pa_etype_info(&method_data, client, ret = get_pa_etype_info(&method_data, client,
b->etype.val, b->etype.len); /* XXX check ret */ b->etype.val, b->etype.len); /* XXX check ret */
len = length_METHOD_DATA(&method_data); ASN1_MALLOC_ENCODE(METHOD_DATA, buf, len, &method_data, &len, ret);
buf = malloc(len);
encode_METHOD_DATA(buf + len - 1,
len,
&method_data,
&len);
free_METHOD_DATA(&method_data); free_METHOD_DATA(&method_data);
foo_data.length = len;
foo_data.data = buf; foo_data.data = buf;
foo_data.length = len;
ret = KRB5KDC_ERR_PREAUTH_REQUIRED; ret = KRB5KDC_ERR_PREAUTH_REQUIRED;
krb5_mk_error(context, krb5_mk_error(context,
@ -895,7 +911,7 @@ as_rep(KDC_REQ *req,
set_salt_padata (&rep.padata, ckey->salt); set_salt_padata (&rep.padata, ckey->salt);
ret = encode_reply(&rep, &et, &ek, setype, server->kvno, &skey->key, ret = encode_reply(&rep, &et, &ek, setype, server->kvno, &skey->key,
client->kvno, &ckey->key, reply); client->kvno, &ckey->key, &e_text, reply);
free_EncTicketPart(&et); free_EncTicketPart(&et);
free_EncKDCRepPart(&ek); free_EncKDCRepPart(&ek);
free_AS_REP(&rep); free_AS_REP(&rep);
@ -1065,6 +1081,10 @@ fix_transited_encoding(TransitedEncoding *tr,
return ret; return ret;
} }
} }
if (num_realms < 0 || num_realms + 1 > UINT_MAX/sizeof(*realms)) {
ret = ERANGE;
goto free_realms;
}
tmp = realloc(realms, (num_realms + 1) * sizeof(*realms)); tmp = realloc(realms, (num_realms + 1) * sizeof(*realms));
if(tmp == NULL){ if(tmp == NULL){
ret = ENOMEM; ret = ENOMEM;
@ -1101,6 +1121,7 @@ tgs_make_reply(KDC_REQ_BODY *b,
krb5_principal client_principal, krb5_principal client_principal,
hdb_entry *krbtgt, hdb_entry *krbtgt,
krb5_enctype cetype, krb5_enctype cetype,
const char **e_text,
krb5_data *reply) krb5_data *reply)
{ {
KDC_REP rep; KDC_REP rep;
@ -1256,7 +1277,7 @@ tgs_make_reply(KDC_REQ_BODY *b,
etype list, even if we don't want a session key with etype list, even if we don't want a session key with
DES3? */ DES3? */
ret = encode_reply(&rep, &et, &ek, etype, adtkt ? 0 : server->kvno, ekey, ret = encode_reply(&rep, &et, &ek, etype, adtkt ? 0 : server->kvno, ekey,
0, &tgt->key, reply); 0, &tgt->key, e_text, reply);
out: out:
free_TGS_REP(&rep); free_TGS_REP(&rep);
free_TransitedEncoding(&et.transited); free_TransitedEncoding(&et.transited);
@ -1273,11 +1294,13 @@ out:
static krb5_error_code static krb5_error_code
tgs_check_authenticator(krb5_auth_context ac, tgs_check_authenticator(krb5_auth_context ac,
KDC_REQ_BODY *b, KDC_REQ_BODY *b,
const char **e_text,
krb5_keyblock *key) krb5_keyblock *key)
{ {
krb5_authenticator auth; krb5_authenticator auth;
size_t len; size_t len;
unsigned char buf[8192]; unsigned char *buf;
size_t buf_size;
krb5_error_code ret; krb5_error_code ret;
krb5_crypto crypto; krb5_crypto crypto;
@ -1304,15 +1327,22 @@ tgs_check_authenticator(krb5_auth_context ac,
} }
/* XXX should not re-encode this */ /* XXX should not re-encode this */
ret = encode_KDC_REQ_BODY(buf + sizeof(buf) - 1, sizeof(buf), ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, buf_size, b, &len, ret);
b, &len);
if(ret){ if(ret){
kdc_log(0, "Failed to encode KDC-REQ-BODY: %s", kdc_log(0, "Failed to encode KDC-REQ-BODY: %s",
krb5_get_err_text(context, ret)); krb5_get_err_text(context, ret));
goto out; goto out;
} }
if(buf_size != len) {
free(buf);
kdc_log(0, "Internal error in ASN.1 encoder");
*e_text = "KDC internal error";
ret = KRB5KRB_ERR_GENERIC;
goto out;
}
ret = krb5_crypto_init(context, key, 0, &crypto); ret = krb5_crypto_init(context, key, 0, &crypto);
if (ret) { if (ret) {
free(buf);
kdc_log(0, "krb5_crypto_init failed: %s", kdc_log(0, "krb5_crypto_init failed: %s",
krb5_get_err_text(context, ret)); krb5_get_err_text(context, ret));
goto out; goto out;
@ -1320,9 +1350,10 @@ tgs_check_authenticator(krb5_auth_context ac,
ret = krb5_verify_checksum(context, ret = krb5_verify_checksum(context,
crypto, crypto,
KRB5_KU_TGS_REQ_AUTH_CKSUM, KRB5_KU_TGS_REQ_AUTH_CKSUM,
buf + sizeof(buf) - len, buf,
len, len,
auth->cksum); auth->cksum);
free(buf);
krb5_crypto_destroy(context, crypto); krb5_crypto_destroy(context, crypto);
if(ret){ if(ret){
kdc_log(0, "Failed to verify checksum: %s", kdc_log(0, "Failed to verify checksum: %s",
@ -1506,7 +1537,7 @@ tgs_rep2(KDC_REQ_BODY *b,
tgt = &ticket->ticket; tgt = &ticket->ticket;
ret = tgs_check_authenticator(ac, b, &tgt->key); ret = tgs_check_authenticator(ac, b, &e_text, &tgt->key);
if (b->enc_authorization_data) { if (b->enc_authorization_data) {
krb5_keyblock *subkey; krb5_keyblock *subkey;
@ -1723,6 +1754,7 @@ tgs_rep2(KDC_REQ_BODY *b,
cp, cp,
krbtgt, krbtgt,
cetype, cetype,
&e_text,
reply); reply);
out: out:

8
crypto/heimdal/kpasswd/kpasswd_locl.h

@ -31,7 +31,7 @@
* SUCH DAMAGE. * SUCH DAMAGE.
*/ */
/* $Id: kpasswd_locl.h,v 1.12 2001/08/22 20:30:26 assar Exp $ */ /* $Id: kpasswd_locl.h,v 1.13 2002/09/10 20:03:48 joda Exp $ */
#ifndef __KPASSWD_LOCL_H__ #ifndef __KPASSWD_LOCL_H__
#define __KPASSWD_LOCL_H__ #define __KPASSWD_LOCL_H__
@ -98,11 +98,7 @@
#include <err.h> #include <err.h>
#include <roken.h> #include <roken.h>
#include <getarg.h> #include <getarg.h>
#ifdef HAVE_OPENSSL
#include <openssl/des.h>
#else
#include <des.h>
#endif
#include <krb5.h> #include <krb5.h>
#include "crypto-headers.h" /* for des_read_pw_string */
#endif /* __KPASSWD_LOCL_H__ */ #endif /* __KPASSWD_LOCL_H__ */

4
crypto/heimdal/kuser/kinit.1

@ -1,4 +1,4 @@
.\" $Id: kinit.1,v 1.20 2002/08/28 16:09:36 joda Exp $ .\" $Id: kinit.1,v 1.21 2002/09/13 14:50:27 joda Exp $
.\" .\"
.Dd May 29, 1998 .Dd May 29, 1998
.Dt KINIT 1 .Dt KINIT 1
@ -91,7 +91,7 @@ Get ticket that can be forwarded to another host.
Don't ask for a password, but instead get the key from the specified Don't ask for a password, but instead get the key from the specified
keytab. keytab.
.It Xo .It Xo
.Fl l Ar time Ns , .Fl l Ar time ,
.Fl -lifetime= Ns Ar time .Fl -lifetime= Ns Ar time
.Xc .Xc
Specifies the lifetime of the ticket. The argument can either be in Specifies the lifetime of the ticket. The argument can either be in

4
crypto/heimdal/kuser/kinit.c

@ -32,7 +32,7 @@
*/ */
#include "kuser_locl.h" #include "kuser_locl.h"
RCSID("$Id: kinit.c,v 1.89 2002/08/21 12:21:31 joda Exp $"); RCSID("$Id: kinit.c,v 1.90 2002/09/09 22:17:53 joda Exp $");
int forwardable_flag = -1; int forwardable_flag = -1;
int proxiable_flag = -1; int proxiable_flag = -1;
@ -290,9 +290,11 @@ do_524init(krb5_context context, krb5_ccache ccache,
krb5_cc_get_principal(context, ccache, &client); krb5_cc_get_principal(context, ccache, &client);
memset(&in_creds, 0, sizeof(in_creds)); memset(&in_creds, 0, sizeof(in_creds));
ret = get_server(context, client, server, &in_creds.server); ret = get_server(context, client, server, &in_creds.server);
krb5_free_principal(context, client);
if(ret) if(ret)
return ret; return ret;
ret = krb5_get_credentials(context, 0, ccache, &in_creds, &real_creds); ret = krb5_get_credentials(context, 0, ccache, &in_creds, &real_creds);
krb5_free_principal(context, in_creds.server);
if(ret) if(ret)
return ret; return ret;
} }

6
crypto/heimdal/lib/asn1/der_get.c

@ -33,7 +33,7 @@
#include "der_locl.h" #include "der_locl.h"
RCSID("$Id: der_get.c,v 1.32 2002/08/22 19:11:07 assar Exp $"); RCSID("$Id: der_get.c,v 1.33 2002/09/03 16:21:49 nectar Exp $");
#include <version.h> #include <version.h>
@ -252,6 +252,8 @@ decode_integer (const unsigned char *p, size_t len,
p += l; p += l;
len -= l; len -= l;
ret += l; ret += l;
if (reallen > len)
return ASN1_OVERRUN;
e = der_get_int (p, reallen, num, &l); e = der_get_int (p, reallen, num, &l);
if (e) return e; if (e) return e;
p += l; p += l;
@ -279,6 +281,8 @@ decode_unsigned (const unsigned char *p, size_t len,
p += l; p += l;
len -= l; len -= l;
ret += l; ret += l;
if (reallen > len)
return ASN1_OVERRUN;
e = der_get_unsigned (p, reallen, num, &l); e = der_get_unsigned (p, reallen, num, &l);
if (e) return e; if (e) return e;
p += l; p += l;

25
crypto/heimdal/lib/asn1/gen.c

@ -33,7 +33,7 @@
#include "gen_locl.h" #include "gen_locl.h"
RCSID("$Id: gen.c,v 1.48 2002/08/26 13:27:20 assar Exp $"); RCSID("$Id: gen.c,v 1.49 2002/09/04 15:06:18 joda Exp $");
FILE *headerfile, *codefile, *logfile; FILE *headerfile, *codefile, *logfile;
@ -102,20 +102,29 @@ init_generate (const char *filename, const char *base)
" void *data;\n" " void *data;\n"
"} octet_string;\n\n"); "} octet_string;\n\n");
fprintf (headerfile, fprintf (headerfile,
#if 0
"typedef struct general_string {\n"
" size_t length;\n"
" char *data;\n"
"} general_string;\n\n"
#else
"typedef char *general_string;\n\n" "typedef char *general_string;\n\n"
#endif
); );
fprintf (headerfile, fprintf (headerfile,
"typedef struct oid {\n" "typedef struct oid {\n"
" size_t length;\n" " size_t length;\n"
" unsigned *components;\n" " unsigned *components;\n"
"} oid;\n\n"); "} oid;\n\n");
fputs("#define ASN1_MALLOC_ENCODE(T, B, BL, S, L, R) \\\n"
" do { \\\n"
" (BL) = length_##T((S)); \\\n"
" (B) = malloc((BL)); \\\n"
" if((B) == NULL) { \\\n"
" (R) = ENOMEM; \\\n"
" } else { \\\n"
" (R) = encode_##T(((unsigned char*)(B)) + (BL) - 1, (BL), \\\n"
" (S), (L)); \\\n"
" if((R) != 0) { \\\n"
" free((B)); \\\n"
" (B) = NULL; \\\n"
" } \\\n"
" } \\\n"
" } while (0)\n\n",
headerfile);
fprintf (headerfile, "#endif\n\n"); fprintf (headerfile, "#endif\n\n");
logfile = fopen(STEM "_files", "w"); logfile = fopen(STEM "_files", "w");
if (logfile == NULL) if (logfile == NULL)

5
crypto/heimdal/lib/asn1/k5.asn1

@ -1,4 +1,4 @@
-- $Id: k5.asn1,v 1.26 2002/03/18 19:00:43 joda Exp $ -- $Id: k5.asn1,v 1.27 2002/09/03 17:32:09 joda Exp $
KERBEROS5 DEFINITIONS ::= KERBEROS5 DEFINITIONS ::=
BEGIN BEGIN
@ -97,8 +97,7 @@ ENCTYPE ::= INTEGER {
ETYPE_DES_CBC_NONE(-0x1000), ETYPE_DES_CBC_NONE(-0x1000),
ETYPE_DES3_CBC_NONE(-0x1001), ETYPE_DES3_CBC_NONE(-0x1001),
ETYPE_DES_CFB64_NONE(-0x1002), ETYPE_DES_CFB64_NONE(-0x1002),
ETYPE_DES_PCBC_NONE(-0x1003), ETYPE_DES_PCBC_NONE(-0x1003)
ETYPE_DES3_CBC_NONE_IVEC(-0x1004)
} }
-- this is sugar to make something ASN1 does not have: unsigned -- this is sugar to make something ASN1 does not have: unsigned

4
crypto/heimdal/lib/auth/pam/pam.c

@ -33,7 +33,7 @@
#ifdef HAVE_CONFIG_H #ifdef HAVE_CONFIG_H
#include<config.h> #include<config.h>
RCSID("$Id: pam.c,v 1.27 2001/02/15 04:30:05 assar Exp $"); RCSID("$Id: pam.c,v 1.28 2002/09/09 15:57:24 joda Exp $");
#endif #endif
#include <stdio.h> #include <stdio.h>
@ -128,7 +128,7 @@ pdeb(const char *format, ...)
if (ctrl_off(KRB4_DEBUG)) if (ctrl_off(KRB4_DEBUG))
return; return;
va_start(args, format); va_start(args, format);
openlog("pam_krb4", LOG_CONS|LOG_PID, LOG_AUTH); openlog("pam_krb4", LOG_PID, LOG_AUTH);
vsyslog(LOG_DEBUG, format, args); vsyslog(LOG_DEBUG, format, args);
va_end(args); va_end(args);
closelog(); closelog();

10
crypto/heimdal/lib/gssapi/ChangeLog

@ -1,3 +1,13 @@
2002-09-03 Johan Danielsson <joda@pdc.kth.se>
* wrap.c (wrap_des3): use ETYPE_DES3_CBC_NONE
* unwrap.c (unwrap_des3): use ETYPE_DES3_CBC_NONE
2002-09-02 Johan Danielsson <joda@pdc.kth.se>
* init_sec_context.c: we need to generate a local subkey here
2002-08-20 Jacques Vidrine <n@nectar.com> 2002-08-20 Jacques Vidrine <n@nectar.com>
* acquire_cred.c, inquire_cred.c, release_cred.c: Use default * acquire_cred.c, inquire_cred.c, release_cred.c: Use default

14
crypto/heimdal/lib/gssapi/init_sec_context.c

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@ -33,7 +33,7 @@
#include "gssapi_locl.h" #include "gssapi_locl.h"
RCSID("$Id: init_sec_context.c,v 1.29 2001/08/29 02:21:09 assar Exp $"); RCSID("$Id: init_sec_context.c,v 1.31 2002/09/02 17:16:12 joda Exp $");
/* /*
* copy the addresses from `input_chan_bindings' (if any) to * copy the addresses from `input_chan_bindings' (if any) to
@ -367,6 +367,16 @@ init_auth
} }
#endif #endif
kret = krb5_auth_con_generatelocalsubkey(gssapi_krb5_context,
(*context_handle)->auth_context,
&cred->session);
if(kret) {
gssapi_krb5_set_error_string ();
*minor_status = kret;
ret = GSS_S_FAILURE;
goto failure;
}
kret = krb5_build_authenticator (gssapi_krb5_context, kret = krb5_build_authenticator (gssapi_krb5_context,
(*context_handle)->auth_context, (*context_handle)->auth_context,
enctype, enctype,

6
crypto/heimdal/lib/gssapi/unwrap.c

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@ -33,7 +33,7 @@
#include "gssapi_locl.h" #include "gssapi_locl.h"
RCSID("$Id: unwrap.c,v 1.20 2002/05/20 15:14:00 nectar Exp $"); RCSID("$Id: unwrap.c,v 1.21 2002/09/03 17:33:11 joda Exp $");
OM_uint32 OM_uint32
gss_krb5_get_remotekey(const gss_ctx_id_t context_handle, gss_krb5_get_remotekey(const gss_ctx_id_t context_handle,
@ -296,7 +296,7 @@ unwrap_des3
p -= 28; p -= 28;
ret = krb5_crypto_init(gssapi_krb5_context, key, ret = krb5_crypto_init(gssapi_krb5_context, key,
ETYPE_DES3_CBC_NONE_IVEC, &crypto); ETYPE_DES3_CBC_NONE, &crypto);
if (ret) { if (ret) {
gssapi_krb5_set_error_string (); gssapi_krb5_set_error_string ();
*minor_status = ret; *minor_status = ret;

6
crypto/heimdal/lib/gssapi/wrap.c

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@ -33,7 +33,7 @@
#include "gssapi_locl.h" #include "gssapi_locl.h"
RCSID("$Id: wrap.c,v 1.19 2001/06/18 02:53:52 assar Exp $"); RCSID("$Id: wrap.c,v 1.20 2002/09/03 17:33:36 joda Exp $");
OM_uint32 OM_uint32
gss_krb5_get_localkey(const gss_ctx_id_t context_handle, gss_krb5_get_localkey(const gss_ctx_id_t context_handle,
@ -330,7 +330,7 @@ wrap_des3
4); 4);
ret = krb5_crypto_init(gssapi_krb5_context, key, ETYPE_DES3_CBC_NONE_IVEC, ret = krb5_crypto_init(gssapi_krb5_context, key, ETYPE_DES3_CBC_NONE,
&crypto); &crypto);
if (ret) { if (ret) {
free (output_message_buffer->value); free (output_message_buffer->value);

41
crypto/heimdal/lib/hdb/common.c

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997-2001 Kungliga Tekniska Högskolan * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@ -33,35 +33,21 @@
#include "hdb_locl.h" #include "hdb_locl.h"
RCSID("$Id: common.c,v 1.10 2001/07/13 06:30:41 assar Exp $"); RCSID("$Id: common.c,v 1.11 2002/09/04 16:32:30 joda Exp $");
int int
hdb_principal2key(krb5_context context, krb5_principal p, krb5_data *key) hdb_principal2key(krb5_context context, krb5_principal p, krb5_data *key)
{ {
Principal new; Principal new;
size_t len; size_t len;
unsigned char *buf;
int ret; int ret;
ret = copy_Principal(p, &new); ret = copy_Principal(p, &new);
if(ret) if(ret)
goto out; return ret;
new.name.name_type = 0; new.name.name_type = 0;
len = length_Principal(&new);
buf = malloc(len); ASN1_MALLOC_ENCODE(Principal, key->data, key->length, &new, &len, ret);
if(buf == NULL){
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM;
goto out;
}
ret = encode_Principal(buf + len - 1, len, &new, &len);
if(ret){
free(buf);
goto out;
}
key->data = buf;
key->length = len;
out:
free_Principal(&new); free_Principal(&new);
return ret; return ret;
} }
@ -75,24 +61,11 @@ hdb_key2principal(krb5_context context, krb5_data *key, krb5_principal p)
int int
hdb_entry2value(krb5_context context, hdb_entry *ent, krb5_data *value) hdb_entry2value(krb5_context context, hdb_entry *ent, krb5_data *value)
{ {
unsigned char *buf;
size_t len; size_t len;
int ret; int ret;
len = length_hdb_entry(ent); ASN1_MALLOC_ENCODE(hdb_entry, value->data, value->length, ent, &len, ret);
buf = malloc(len); return ret;
if(buf == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
ret = encode_hdb_entry(buf + len - 1, len, ent, &len);
if(ret){
free(buf);
return ret;
}
value->data = buf;
value->length = len;
return 0;
} }
int int

27
crypto/heimdal/lib/hdb/hdb-ldap.c

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1999 - 2001, PADL Software Pty Ltd. * Copyright (c) 1999-2001, PADL Software Pty Ltd.
* All rights reserved. * All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
@ -32,7 +32,7 @@
#include "hdb_locl.h" #include "hdb_locl.h"
RCSID("$Id: hdb-ldap.c,v 1.9 2001/08/31 18:19:49 joda Exp $"); RCSID("$Id: hdb-ldap.c,v 1.10 2002/09/04 18:42:22 joda Exp $");
#ifdef OPENLDAP #ifdef OPENLDAP
@ -451,29 +451,10 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry * ent,
for (i = 0; i < ent->keys.len; i++) { for (i = 0; i < ent->keys.len; i++) {
unsigned char *buf; unsigned char *buf;
size_t len; size_t len;
Key new;
ret = copy_Key(&ent->keys.val[i], &new); ASN1_MALLOC_ENCODE(Key, buf, len, &ent->keys.val[i], &len, ret);
if (ret != 0) { if (ret != 0)
goto out; goto out;
}
len = length_Key(&new);
buf = malloc(len);
if (buf == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM;
free_Key(&new);
goto out;
}
ret = encode_Key(buf + len - 1, len, &new, &len);
if (ret != 0) {
free(buf);
free_Key(&new);
goto out;
}
free_Key(&new);
/* addmod_len _owns_ the key, doesn't need to copy it */ /* addmod_len _owns_ the key, doesn't need to copy it */
ret = LDAP_addmod_len(&mods, LDAP_MOD_ADD, "krb5Key", buf, len); ret = LDAP_addmod_len(&mods, LDAP_MOD_ADD, "krb5Key", buf, len);

9
crypto/heimdal/lib/krb5/Makefile.am

@ -1,4 +1,4 @@
# $Id: Makefile.am,v 1.145 2002/08/29 04:02:24 assar Exp $ # $Id: Makefile.am,v 1.147 2002/09/03 14:45:13 joda Exp $
include $(top_srcdir)/Makefile.am.common include $(top_srcdir)/Makefile.am.common
@ -13,7 +13,8 @@ TESTS = \
string-to-key-test \ string-to-key-test \
derived-key-test \ derived-key-test \
store-test \ store-test \
parse-name-test parse-name-test \
name-45-test
check_PROGRAMS = $(TESTS) check_PROGRAMS = $(TESTS)
@ -133,10 +134,10 @@ libkrb5_la_LDFLAGS = -version-info 18:3:1
$(libkrb5_la_OBJECTS): $(srcdir)/krb5-protos.h $(srcdir)/krb5-private.h $(libkrb5_la_OBJECTS): $(srcdir)/krb5-protos.h $(srcdir)/krb5-private.h
$(srcdir)/krb5-protos.h: $(ERR_FILES) $(srcdir)/krb5-protos.h:
cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -o krb5-protos.h $(libkrb5_la_SOURCES) || rm -f krb5-protos.h cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -o krb5-protos.h $(libkrb5_la_SOURCES) || rm -f krb5-protos.h
$(srcdir)/krb5-private.h: $(ERR_FILES) $(srcdir)/krb5-private.h:
cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p krb5-private.h $(libkrb5_la_SOURCES) || rm -f krb5-private.h cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p krb5-private.h $(libkrb5_la_SOURCES) || rm -f krb5-private.h
#libkrb5_la_LIBADD = ../com_err/error.lo ../com_err/com_err.lo #libkrb5_la_LIBADD = ../com_err/error.lo ../com_err/com_err.lo

27
crypto/heimdal/lib/krb5/Makefile.in

@ -14,7 +14,7 @@
@SET_MAKE@ @SET_MAKE@
# $Id: Makefile.am,v 1.145 2002/08/29 04:02:24 assar Exp $ # $Id: Makefile.am,v 1.147 2002/09/03 14:45:13 joda Exp $
# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
@ -211,7 +211,8 @@ TESTS = \
string-to-key-test \ string-to-key-test \
derived-key-test \ derived-key-test \
store-test \ store-test \
parse-name-test parse-name-test \
name-45-test
check_PROGRAMS = $(TESTS) check_PROGRAMS = $(TESTS)
@ -406,7 +407,7 @@ libkrb5_la_OBJECTS = $(am_libkrb5_la_OBJECTS)
bin_PROGRAMS = verify_krb5_conf$(EXEEXT) bin_PROGRAMS = verify_krb5_conf$(EXEEXT)
check_PROGRAMS = n-fold-test$(EXEEXT) string-to-key-test$(EXEEXT) \ check_PROGRAMS = n-fold-test$(EXEEXT) string-to-key-test$(EXEEXT) \
derived-key-test$(EXEEXT) store-test$(EXEEXT) \ derived-key-test$(EXEEXT) store-test$(EXEEXT) \
parse-name-test$(EXEEXT) parse-name-test$(EXEEXT) name-45-test$(EXEEXT)
noinst_PROGRAMS = dump_config$(EXEEXT) test_get_addrs$(EXEEXT) \ noinst_PROGRAMS = dump_config$(EXEEXT) test_get_addrs$(EXEEXT) \
krbhst-test$(EXEEXT) krbhst-test$(EXEEXT)
PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS) PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS)
@ -435,6 +436,12 @@ n_fold_test_LDADD = $(LDADD)
n_fold_test_DEPENDENCIES = libkrb5.la \ n_fold_test_DEPENDENCIES = libkrb5.la \
$(top_builddir)/lib/asn1/libasn1.la $(top_builddir)/lib/asn1/libasn1.la
n_fold_test_LDFLAGS = n_fold_test_LDFLAGS =
name_45_test_SOURCES = name-45-test.c
name_45_test_OBJECTS = name-45-test.$(OBJEXT)
name_45_test_LDADD = $(LDADD)
name_45_test_DEPENDENCIES = libkrb5.la \
$(top_builddir)/lib/asn1/libasn1.la
name_45_test_LDFLAGS =
parse_name_test_SOURCES = parse-name-test.c parse_name_test_SOURCES = parse-name-test.c
parse_name_test_OBJECTS = parse-name-test.$(OBJEXT) parse_name_test_OBJECTS = parse-name-test.$(OBJEXT)
parse_name_test_LDADD = $(LDADD) parse_name_test_LDADD = $(LDADD)
@ -481,13 +488,14 @@ LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(AM_LDFLAGS) $(LDFLAGS) -o $@ $(AM_LDFLAGS) $(LDFLAGS) -o $@
CFLAGS = @CFLAGS@ CFLAGS = @CFLAGS@
DIST_SOURCES = $(libkrb5_la_SOURCES) derived-key-test.c dump_config.c \ DIST_SOURCES = $(libkrb5_la_SOURCES) derived-key-test.c dump_config.c \
krbhst-test.c n-fold-test.c parse-name-test.c store-test.c \ krbhst-test.c n-fold-test.c name-45-test.c parse-name-test.c \
string-to-key-test.c test_get_addrs.c verify_krb5_conf.c store-test.c string-to-key-test.c test_get_addrs.c \
verify_krb5_conf.c
MANS = $(man_MANS) MANS = $(man_MANS)
HEADERS = $(include_HEADERS) HEADERS = $(include_HEADERS)
DIST_COMMON = $(include_HEADERS) Makefile.am Makefile.in DIST_COMMON = $(include_HEADERS) Makefile.am Makefile.in
SOURCES = $(libkrb5_la_SOURCES) derived-key-test.c dump_config.c krbhst-test.c n-fold-test.c parse-name-test.c store-test.c string-to-key-test.c test_get_addrs.c verify_krb5_conf.c SOURCES = $(libkrb5_la_SOURCES) derived-key-test.c dump_config.c krbhst-test.c n-fold-test.c name-45-test.c parse-name-test.c store-test.c string-to-key-test.c test_get_addrs.c verify_krb5_conf.c
all: all-am all: all-am
@ -583,6 +591,9 @@ krbhst-test$(EXEEXT): $(krbhst_test_OBJECTS) $(krbhst_test_DEPENDENCIES)
n-fold-test$(EXEEXT): $(n_fold_test_OBJECTS) $(n_fold_test_DEPENDENCIES) n-fold-test$(EXEEXT): $(n_fold_test_OBJECTS) $(n_fold_test_DEPENDENCIES)
@rm -f n-fold-test$(EXEEXT) @rm -f n-fold-test$(EXEEXT)
$(LINK) $(n_fold_test_LDFLAGS) $(n_fold_test_OBJECTS) $(n_fold_test_LDADD) $(LIBS) $(LINK) $(n_fold_test_LDFLAGS) $(n_fold_test_OBJECTS) $(n_fold_test_LDADD) $(LIBS)
name-45-test$(EXEEXT): $(name_45_test_OBJECTS) $(name_45_test_DEPENDENCIES)
@rm -f name-45-test$(EXEEXT)
$(LINK) $(name_45_test_LDFLAGS) $(name_45_test_OBJECTS) $(name_45_test_LDADD) $(LIBS)
parse-name-test$(EXEEXT): $(parse_name_test_OBJECTS) $(parse_name_test_DEPENDENCIES) parse-name-test$(EXEEXT): $(parse_name_test_OBJECTS) $(parse_name_test_DEPENDENCIES)
@rm -f parse-name-test$(EXEEXT) @rm -f parse-name-test$(EXEEXT)
$(LINK) $(parse_name_test_LDFLAGS) $(parse_name_test_OBJECTS) $(parse_name_test_LDADD) $(LIBS) $(LINK) $(parse_name_test_LDFLAGS) $(parse_name_test_OBJECTS) $(parse_name_test_LDADD) $(LIBS)
@ -1121,10 +1132,10 @@ install-data-local: install-cat-mans
$(libkrb5_la_OBJECTS): $(srcdir)/krb5-protos.h $(srcdir)/krb5-private.h $(libkrb5_la_OBJECTS): $(srcdir)/krb5-protos.h $(srcdir)/krb5-private.h
$(srcdir)/krb5-protos.h: $(ERR_FILES) $(srcdir)/krb5-protos.h:
cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -o krb5-protos.h $(libkrb5_la_SOURCES) || rm -f krb5-protos.h cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -o krb5-protos.h $(libkrb5_la_SOURCES) || rm -f krb5-protos.h
$(srcdir)/krb5-private.h: $(ERR_FILES) $(srcdir)/krb5-private.h:
cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p krb5-private.h $(libkrb5_la_SOURCES) || rm -f krb5-private.h cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p krb5-private.h $(libkrb5_la_SOURCES) || rm -f krb5-private.h
$(libkrb5_la_OBJECTS): krb5_err.h heim_err.h k524_err.h $(libkrb5_la_OBJECTS): krb5_err.h heim_err.h k524_err.h

22
crypto/heimdal/lib/krb5/auth_context.c

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@ -33,7 +33,7 @@
#include "krb5_locl.h" #include "krb5_locl.h"
RCSID("$Id: auth_context.c,v 1.58 2002/08/15 08:23:07 joda Exp $"); RCSID("$Id: auth_context.c,v 1.59 2002/09/02 17:11:02 joda Exp $");
krb5_error_code krb5_error_code
krb5_auth_con_init(krb5_context context, krb5_auth_con_init(krb5_context context,
@ -291,6 +291,24 @@ krb5_auth_con_setlocalsubkey(krb5_context context,
return copy_key(context, keyblock, &auth_context->local_subkey); return copy_key(context, keyblock, &auth_context->local_subkey);
} }
krb5_error_code
krb5_auth_con_generatelocalsubkey(krb5_context context,
krb5_auth_context auth_context,
krb5_keyblock *key)
{
krb5_error_code ret;
krb5_keyblock *subkey;
ret = krb5_generate_subkey (context, key, &subkey);
if(ret)
return ret;
if(auth_context->local_subkey)
krb5_free_keyblock(context, auth_context->local_subkey);
auth_context->local_subkey = subkey;
return 0;
}
krb5_error_code krb5_error_code
krb5_auth_con_setremotesubkey(krb5_context context, krb5_auth_con_setremotesubkey(krb5_context context,
krb5_auth_context auth_context, krb5_auth_context auth_context,

17
crypto/heimdal/lib/krb5/build_ap_req.c

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@ -33,7 +33,7 @@
#include <krb5_locl.h> #include <krb5_locl.h>
RCSID("$Id: build_ap_req.c,v 1.17 2001/05/14 06:14:44 assar Exp $"); RCSID("$Id: build_ap_req.c,v 1.18 2002/09/04 16:26:04 joda Exp $");
krb5_error_code krb5_error_code
krb5_build_ap_req (krb5_context context, krb5_build_ap_req (krb5_context context,
@ -66,15 +66,10 @@ krb5_build_ap_req (krb5_context context,
ap.authenticator.kvno = NULL; ap.authenticator.kvno = NULL;
ap.authenticator.cipher = authenticator; ap.authenticator.cipher = authenticator;
retdata->length = length_AP_REQ(&ap); ASN1_MALLOC_ENCODE(AP_REQ, retdata->data, retdata->length,
retdata->data = malloc(retdata->length); &ap, &len, ret);
if(retdata->data == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM;
} else
encode_AP_REQ((unsigned char *)retdata->data + retdata->length - 1,
retdata->length, &ap, &len);
free_AP_REQ(&ap);
free_AP_REQ(&ap);
return ret; return ret;
} }

43
crypto/heimdal/lib/krb5/build_auth.c

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@ -33,7 +33,7 @@
#include <krb5_locl.h> #include <krb5_locl.h>
RCSID("$Id: build_auth.c,v 1.35 2001/05/14 06:14:44 assar Exp $"); RCSID("$Id: build_auth.c,v 1.38 2002/09/04 16:26:04 joda Exp $");
krb5_error_code krb5_error_code
krb5_build_authenticator (krb5_context context, krb5_build_authenticator (krb5_context context,
@ -74,13 +74,6 @@ krb5_build_authenticator (krb5_context context,
if(ret) if(ret)
goto fail; goto fail;
if(auth->subkey == NULL) {
krb5_generate_subkey (context, &cred->session, &auth->subkey);
ret = krb5_auth_con_setlocalsubkey(context, auth_context, auth->subkey);
if(ret)
goto fail;
}
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) { if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
krb5_generate_seq_number (context, krb5_generate_seq_number (context,
&cred->session, &cred->session,
@ -99,36 +92,10 @@ krb5_build_authenticator (krb5_context context,
auth_context->authenticator->cusec = auth->cusec; auth_context->authenticator->cusec = auth->cusec;
} }
buf_size = 1024; ASN1_MALLOC_ENCODE(Authenticator, buf, buf_size, auth, &len, ret);
buf = malloc (buf_size);
if (buf == NULL) { if (ret)
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM;
goto fail; goto fail;
}
do {
ret = krb5_encode_Authenticator (context,
buf + buf_size - 1,
buf_size,
auth, &len);
if (ret) {
if (ret == ASN1_OVERFLOW) {
u_char *tmp;
buf_size *= 2;
tmp = realloc (buf, buf_size);
if (tmp == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM;
goto fail;
}
buf = tmp;
} else {
goto fail;
}
}
} while(ret == ASN1_OVERFLOW);
ret = krb5_crypto_init(context, &cred->session, enctype, &crypto); ret = krb5_crypto_init(context, &cred->session, enctype, &crypto);
if (ret) if (ret)

14
crypto/heimdal/lib/krb5/changepw.c

@ -33,7 +33,7 @@
#include <krb5_locl.h> #include <krb5_locl.h>
RCSID("$Id: changepw.c,v 1.35 2002/06/06 13:33:13 joda Exp $"); RCSID("$Id: changepw.c,v 1.37 2002/09/03 16:14:34 nectar Exp $");
static krb5_error_code static krb5_error_code
send_request (krb5_context context, send_request (krb5_context context,
@ -57,7 +57,7 @@ send_request (krb5_context context,
ret = krb5_mk_req_extended (context, ret = krb5_mk_req_extended (context,
auth_context, auth_context,
AP_OPTS_MUTUAL_REQUIRED, AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SUBKEY,
NULL, /* in_data */ NULL, /* in_data */
creds, creds,
&ap_req_data); &ap_req_data);
@ -144,7 +144,7 @@ process_reply (krb5_context context,
u_char reply[BUFSIZ]; u_char reply[BUFSIZ];
size_t len; size_t len;
u_int16_t pkt_len, pkt_ver; u_int16_t pkt_len, pkt_ver;
krb5_data ap_rep_data; krb5_data ap_rep_data, priv_data;
int save_errno; int save_errno;
ret = recvfrom (sock, reply, sizeof(reply), 0, NULL, NULL); ret = recvfrom (sock, reply, sizeof(reply), 0, NULL, NULL);
@ -173,10 +173,13 @@ process_reply (krb5_context context,
ap_rep_data.data = reply + 6; ap_rep_data.data = reply + 6;
ap_rep_data.length = (reply[4] << 8) | (reply[5]); ap_rep_data.length = (reply[4] << 8) | (reply[5]);
priv_data.data = (u_char*)ap_rep_data.data + ap_rep_data.length;
priv_data.length = len - ap_rep_data.length - 6;
if ((u_char *)priv_data.data + priv_data.length >= reply + len)
return KRB5_KPASSWD_MALFORMED;
if (ap_rep_data.length) { if (ap_rep_data.length) {
krb5_ap_rep_enc_part *ap_rep; krb5_ap_rep_enc_part *ap_rep;
krb5_data priv_data;
u_char *p; u_char *p;
ret = krb5_rd_rep (context, ret = krb5_rd_rep (context,
@ -188,9 +191,6 @@ process_reply (krb5_context context,
krb5_free_ap_rep_enc_part (context, ap_rep); krb5_free_ap_rep_enc_part (context, ap_rep);
priv_data.data = (u_char*)ap_rep_data.data + ap_rep_data.length;
priv_data.length = len - ap_rep_data.length - 6;
ret = krb5_rd_priv (context, ret = krb5_rd_priv (context,
auth_context, auth_context,
&priv_data, &priv_data,

4
crypto/heimdal/lib/krb5/config_file.c

@ -32,7 +32,7 @@
*/ */
#include "krb5_locl.h" #include "krb5_locl.h"
RCSID("$Id: config_file.c,v 1.45 2002/08/14 17:35:03 joda Exp $"); RCSID("$Id: config_file.c,v 1.46 2002/09/10 19:04:55 joda Exp $");
#ifndef HAVE_NETINFO #ifndef HAVE_NETINFO
@ -341,7 +341,7 @@ vget_next(krb5_context context,
{ {
const char *p = va_arg(args, const char *); const char *p = va_arg(args, const char *);
while(b != NULL) { while(b != NULL) {
if(strcmp(b->name, name) == NULL) { if(strcmp(b->name, name) == 0) {
if(b->type == type && p == NULL) { if(b->type == type && p == NULL) {
*pointer = b; *pointer = b;
return b->u.generic; return b->u.generic;

13
crypto/heimdal/lib/krb5/context.c

@ -34,7 +34,7 @@
#include "krb5_locl.h" #include "krb5_locl.h"
#include <com_err.h> #include <com_err.h>
RCSID("$Id: context.c,v 1.80 2002/08/28 15:27:24 joda Exp $"); RCSID("$Id: context.c,v 1.81 2002/09/02 17:03:12 joda Exp $");
#define INIT_FIELD(C, T, E, D, F) \ #define INIT_FIELD(C, T, E, D, F) \
(C)->E = krb5_config_get_ ## T ## _default ((C), NULL, (D), \ (C)->E = krb5_config_get_ ## T ## _default ((C), NULL, (D), \
@ -173,14 +173,9 @@ init_context_from_config_file(krb5_context context)
INIT_FIELD(context, bool, scan_interfaces, TRUE, "scan_interfaces"); INIT_FIELD(context, bool, scan_interfaces, TRUE, "scan_interfaces");
INIT_FIELD(context, int, fcache_vno, 0, "fcache_version"); INIT_FIELD(context, int, fcache_vno, 0, "fcache_version");
INIT_FIELD(context, bool, srv_lookup, TRUE, "dns_lookup_kdc"); /* prefer dns_lookup_kdc over srv_lookup. */
/* srv_lookup backwards compatibility. */ INIT_FIELD(context, bool, srv_lookup, TRUE, "srv_lookup");
{ INIT_FIELD(context, bool, srv_lookup, context->srv_lookup, "dns_lookup_kdc");
const char **p;
p = krb5_config_get_strings(context, NULL, "libdefaults", "srv_lookup", NULL);
if (p != NULL)
INIT_FIELD(context, bool, srv_lookup, TRUE, "srv_lookup");
}
return 0; return 0;
} }

93
crypto/heimdal/lib/krb5/get_cred.c

@ -33,7 +33,7 @@
#include <krb5_locl.h> #include <krb5_locl.h>
RCSID("$Id: get_cred.c,v 1.88 2002/03/10 23:11:29 assar Exp $"); RCSID("$Id: get_cred.c,v 1.91 2002/09/04 21:12:46 joda Exp $");
/* /*
* Take the `body' and encode it into `padata' using the credentials * Take the `body' and encode it into `padata' using the credentials
@ -54,36 +54,14 @@ make_pa_tgs_req(krb5_context context,
krb5_data in_data; krb5_data in_data;
krb5_error_code ret; krb5_error_code ret;
buf_size = 1024; ASN1_MALLOC_ENCODE(KDC_REQ_BODY, buf, buf_size, body, &len, ret);
buf = malloc (buf_size); if (ret)
if (buf == NULL) { goto out;
krb5_set_error_string(context, "malloc: out of memory"); if(buf_size != len)
return ENOMEM; krb5_abortx(context, "internal error in ASN.1 encoder");
}
do {
ret = encode_KDC_REQ_BODY(buf + buf_size - 1, buf_size,
body, &len);
if (ret){
if (ret == ASN1_OVERFLOW) {
u_char *tmp;
buf_size *= 2;
tmp = realloc (buf, buf_size);
if (tmp == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM;
goto out;
}
buf = tmp;
} else {
goto out;
}
}
} while (ret == ASN1_OVERFLOW);
in_data.length = len; in_data.length = len;
in_data.data = buf + buf_size - len; in_data.data = buf;
ret = krb5_mk_req_internal(context, &ac, 0, &in_data, creds, ret = krb5_mk_req_internal(context, &ac, 0, &in_data, creds,
&padata->padata_value, &padata->padata_value,
KRB5_KU_TGS_REQ_AUTH_CKSUM, KRB5_KU_TGS_REQ_AUTH_CKSUM,
@ -113,18 +91,9 @@ set_auth_data (krb5_context context,
krb5_crypto crypto; krb5_crypto crypto;
krb5_error_code ret; krb5_error_code ret;
len = length_AuthorizationData(authdata); ASN1_MALLOC_ENCODE(AuthorizationData, buf, len, authdata, &len, ret);
buf = malloc(len); if (ret)
if (buf == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
ret = encode_AuthorizationData(buf + len - 1,
len, authdata, &len);
if (ret) {
free (buf);
return ret; return ret;
}
ALLOC(req_body->enc_authorization_data, 1); ALLOC(req_body->enc_authorization_data, 1);
if (req_body->enc_authorization_data == NULL) { if (req_body->enc_authorization_data == NULL) {
@ -173,16 +142,19 @@ init_tgs_req (krb5_context context,
TGS_REQ *t, TGS_REQ *t,
krb5_key_usage usage) krb5_key_usage usage)
{ {
krb5_error_code ret; krb5_error_code ret = 0;
memset(t, 0, sizeof(*t)); memset(t, 0, sizeof(*t));
t->pvno = 5; t->pvno = 5;
t->msg_type = krb_tgs_req; t->msg_type = krb_tgs_req;
if (in_creds->session.keytype) { if (in_creds->session.keytype) {
ret = krb5_keytype_to_enctypes_default (context, ALLOC_SEQ(&t->req_body.etype, 1);
in_creds->session.keytype, if(t->req_body.etype.val == NULL) {
&t->req_body.etype.len, ret = ENOMEM;
&t->req_body.etype.val); krb5_set_error_string(context, "malloc: out of memory");
goto fail;
}
t->req_body.etype.val[0] = in_creds->session.keytype;
} else { } else {
ret = krb5_init_etype(context, ret = krb5_init_etype(context,
&t->req_body.etype.len, &t->req_body.etype.len,
@ -431,34 +403,11 @@ get_cred_kdc_usage(krb5_context context,
if (ret) if (ret)
goto out; goto out;
buf_size = 1024; ASN1_MALLOC_ENCODE(TGS_REQ, buf, buf_size, &req, &enc.length, ret);
buf = malloc (buf_size); if (ret)
if (buf == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM;
goto out; goto out;
} if(enc.length != buf_size)
krb5_abortx(context, "internal error in ASN.1 encoder");
do {
ret = encode_TGS_REQ (buf + buf_size - 1, buf_size,
&req, &enc.length);
if (ret) {
if (ret == ASN1_OVERFLOW) {
u_char *tmp;
buf_size *= 2;
tmp = realloc (buf, buf_size);
if (tmp == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM;
goto out;
}
buf = tmp;
} else {
goto out;
}
}
} while (ret == ASN1_OVERFLOW);
/* don't free addresses */ /* don't free addresses */
req.req_body.addresses = NULL; req.req_body.addresses = NULL;

38
crypto/heimdal/lib/krb5/get_for_creds.c

@ -33,7 +33,7 @@
#include <krb5_locl.h> #include <krb5_locl.h>
RCSID("$Id: get_for_creds.c,v 1.32 2002/03/10 23:12:23 assar Exp $"); RCSID("$Id: get_for_creds.c,v 1.34 2002/09/04 16:26:04 joda Exp $");
static krb5_error_code static krb5_error_code
add_addrs(krb5_context context, add_addrs(krb5_context context,
@ -162,12 +162,14 @@ krb5_get_forwarded_creds (krb5_context context,
KrbCredInfo *krb_cred_info; KrbCredInfo *krb_cred_info;
EncKrbCredPart enc_krb_cred_part; EncKrbCredPart enc_krb_cred_part;
size_t len; size_t len;
u_char buf[1024]; unsigned char *buf;
size_t buf_size;
int32_t sec, usec; int32_t sec, usec;
krb5_kdc_flags kdc_flags; krb5_kdc_flags kdc_flags;
krb5_crypto crypto; krb5_crypto crypto;
struct addrinfo *ai; struct addrinfo *ai;
int save_errno; int save_errno;
krb5_keyblock *key;
addrs.len = 0; addrs.len = 0;
addrs.val = NULL; addrs.val = NULL;
@ -319,45 +321,51 @@ krb5_get_forwarded_creds (krb5_context context,
/* encode EncKrbCredPart */ /* encode EncKrbCredPart */
ret = krb5_encode_EncKrbCredPart (context, ASN1_MALLOC_ENCODE(EncKrbCredPart, buf, buf_size,
buf + sizeof(buf) - 1, sizeof(buf), &enc_krb_cred_part, &len, ret);
&enc_krb_cred_part, &len);
free_EncKrbCredPart (&enc_krb_cred_part); free_EncKrbCredPart (&enc_krb_cred_part);
if (ret) { if (ret) {
free_KRB_CRED(&cred); free_KRB_CRED(&cred);
return ret; return ret;
} }
if(buf_size != len)
krb5_abortx(context, "internal error in ASN.1 encoder");
ret = krb5_crypto_init(context, auth_context->local_subkey, 0, &crypto); if (auth_context->local_subkey)
key = auth_context->local_subkey;
else if (auth_context->remote_subkey)
key = auth_context->remote_subkey;
else
key = auth_context->keyblock;
ret = krb5_crypto_init(context, key, 0, &crypto);
if (ret) { if (ret) {
free(buf);
free_KRB_CRED(&cred); free_KRB_CRED(&cred);
return ret; return ret;
} }
ret = krb5_encrypt_EncryptedData (context, ret = krb5_encrypt_EncryptedData (context,
crypto, crypto,
KRB5_KU_KRB_CRED, KRB5_KU_KRB_CRED,
buf + sizeof(buf) - len, buf,
len, len,
0, 0,
&cred.enc_part); &cred.enc_part);
free(buf);
krb5_crypto_destroy(context, crypto); krb5_crypto_destroy(context, crypto);
if (ret) { if (ret) {
free_KRB_CRED(&cred); free_KRB_CRED(&cred);
return ret; return ret;
} }
ret = encode_KRB_CRED (buf + sizeof(buf) - 1, sizeof(buf), ASN1_MALLOC_ENCODE(KRB_CRED, buf, buf_size, &cred, &len, ret);
&cred, &len);
free_KRB_CRED (&cred); free_KRB_CRED (&cred);
if (ret) if (ret)
return ret; return ret;
if(buf_size != len)
krb5_abortx(context, "internal error in ASN.1 encoder");
out_data->length = len; out_data->length = len;
out_data->data = malloc(len); out_data->data = buf;
if (out_data->data == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
memcpy (out_data->data, buf + sizeof(buf) - len, len);
return 0; return 0;
out4: out4:
free_EncKrbCredPart(&enc_krb_cred_part); free_EncKrbCredPart(&enc_krb_cred_part);

70
crypto/heimdal/lib/krb5/get_in_tkt.c

@ -33,7 +33,7 @@
#include "krb5_locl.h" #include "krb5_locl.h"
RCSID("$Id: get_in_tkt.c,v 1.104 2002/04/18 09:11:39 joda Exp $"); RCSID("$Id: get_in_tkt.c,v 1.106 2002/09/04 16:26:04 joda Exp $");
krb5_error_code krb5_error_code
krb5_init_etype (krb5_context context, krb5_init_etype (krb5_context context,
@ -158,22 +158,12 @@ _krb5_extract_ticket(krb5_context context,
creds->client = tmp_principal; creds->client = tmp_principal;
/* extract ticket */ /* extract ticket */
{ ASN1_MALLOC_ENCODE(Ticket, creds->ticket.data, creds->ticket.length,
unsigned char *buf; &rep->kdc_rep.ticket, &creds->ticket.length, ret);
size_t len; if(ret)
len = length_Ticket(&rep->kdc_rep.ticket); goto out;
buf = malloc(len); creds->second_ticket.length = 0;
if(buf == NULL) { creds->second_ticket.data = NULL;
krb5_set_error_string(context, "malloc: out of memory");
ret = ENOMEM;
goto out;
}
encode_Ticket(buf + len - 1, len, &rep->kdc_rep.ticket, &len);
creds->ticket.data = buf;
creds->ticket.length = len;
creds->second_ticket.length = 0;
creds->second_ticket.data = NULL;
}
/* compare server */ /* compare server */
@ -223,7 +213,8 @@ _krb5_extract_ticket(krb5_context context,
/* set kdc-offset */ /* set kdc-offset */
krb5_timeofday (context, &sec_now); krb5_timeofday (context, &sec_now);
if (context->kdc_sec_offset == 0 if (rep->enc_part.flags.initial
&& context->kdc_sec_offset == 0
&& krb5_config_get_bool (context, NULL, && krb5_config_get_bool (context, NULL,
"libdefaults", "libdefaults",
"kdc_timesync", "kdc_timesync",
@ -314,7 +305,8 @@ make_pa_enc_timestamp(krb5_context context, PA_DATA *pa,
krb5_enctype etype, krb5_keyblock *key) krb5_enctype etype, krb5_keyblock *key)
{ {
PA_ENC_TS_ENC p; PA_ENC_TS_ENC p;
u_char buf[1024]; unsigned char *buf;
size_t buf_size;
size_t len; size_t len;
EncryptedData encdata; EncryptedData encdata;
krb5_error_code ret; krb5_error_code ret;
@ -327,39 +319,37 @@ make_pa_enc_timestamp(krb5_context context, PA_DATA *pa,
usec2 = usec; usec2 = usec;
p.pausec = &usec2; p.pausec = &usec2;
ret = encode_PA_ENC_TS_ENC(buf + sizeof(buf) - 1, ASN1_MALLOC_ENCODE(PA_ENC_TS_ENC, buf, buf_size, &p, &len, ret);
sizeof(buf),
&p,
&len);
if (ret) if (ret)
return ret; return ret;
if(buf_size != len)
krb5_abortx(context, "internal error in ASN.1 encoder");
ret = krb5_crypto_init(context, key, 0, &crypto); ret = krb5_crypto_init(context, key, 0, &crypto);
if (ret) if (ret) {
free(buf);
return ret; return ret;
}
ret = krb5_encrypt_EncryptedData(context, ret = krb5_encrypt_EncryptedData(context,
crypto, crypto,
KRB5_KU_PA_ENC_TIMESTAMP, KRB5_KU_PA_ENC_TIMESTAMP,
buf + sizeof(buf) - len, buf,
len, len,
0, 0,
&encdata); &encdata);
free(buf);
krb5_crypto_destroy(context, crypto); krb5_crypto_destroy(context, crypto);
if (ret) if (ret)
return ret; return ret;
ret = encode_EncryptedData(buf + sizeof(buf) - 1, ASN1_MALLOC_ENCODE(EncryptedData, buf, buf_size, &encdata, &len, ret);
sizeof(buf),
&encdata,
&len);
free_EncryptedData(&encdata); free_EncryptedData(&encdata);
if (ret) if (ret)
return ret; return ret;
if(buf_size != len)
krb5_abortx(context, "internal error in ASN.1 encoder");
pa->padata_type = KRB5_PADATA_ENC_TIMESTAMP; pa->padata_type = KRB5_PADATA_ENC_TIMESTAMP;
pa->padata_value.length = 0; pa->padata_value.length = len;
krb5_data_copy(&pa->padata_value, pa->padata_value.data = buf;
buf + sizeof(buf) - len,
len);
return 0; return 0;
} }
@ -656,7 +646,7 @@ krb5_get_in_cred(krb5_context context,
AS_REQ a; AS_REQ a;
krb5_kdc_rep rep; krb5_kdc_rep rep;
krb5_data req, resp; krb5_data req, resp;
char buf[BUFSIZ]; size_t len;
krb5_salt salt; krb5_salt salt;
krb5_keyblock *key; krb5_keyblock *key;
size_t size; size_t size;
@ -692,17 +682,15 @@ krb5_get_in_cred(krb5_context context,
if (ret) if (ret)
return ret; return ret;
ret = encode_AS_REQ ((unsigned char*)buf + sizeof(buf) - 1, ASN1_MALLOC_ENCODE(AS_REQ, req.data, req.length, &a, &len, ret);
sizeof(buf),
&a,
&req.length);
free_AS_REQ(&a); free_AS_REQ(&a);
if (ret) if (ret)
return ret; return ret;
if(len != req.length)
req.data = buf + sizeof(buf) - req.length; krb5_abortx(context, "internal error in ASN.1 encoder");
ret = krb5_sendto_kdc (context, &req, &creds->client->realm, &resp); ret = krb5_sendto_kdc (context, &req, &creds->client->realm, &resp);
krb5_data_free(&req);
if (ret) if (ret)
return ret; return ret;

4
crypto/heimdal/lib/krb5/keytab_keyfile.c

@ -33,7 +33,7 @@
#include "krb5_locl.h" #include "krb5_locl.h"
RCSID("$Id: keytab_keyfile.c,v 1.13 2002/04/18 14:04:21 joda Exp $"); RCSID("$Id: keytab_keyfile.c,v 1.14 2002/09/09 14:22:26 nectar Exp $");
/* afs keyfile operations --------------------------------------- */ /* afs keyfile operations --------------------------------------- */
@ -297,7 +297,7 @@ akf_add_entry(krb5_context context,
fd = open (d->filename, O_RDWR | O_BINARY); fd = open (d->filename, O_RDWR | O_BINARY);
if (fd < 0) { if (fd < 0) {
fd = open (d->filename, fd = open (d->filename,
O_RDWR | O_BINARY | O_CREAT, 0600); O_RDWR | O_BINARY | O_CREAT | O_EXCL, 0600);
if (fd < 0) { if (fd < 0) {
ret = errno; ret = errno;
krb5_set_error_string(context, "open(%s): %s", d->filename, krb5_set_error_string(context, "open(%s): %s", d->filename,

12
crypto/heimdal/lib/krb5/krb5-protos.h

@ -193,6 +193,12 @@ krb5_auth_con_genaddrs (
int /*fd*/, int /*fd*/,
int /*flags*/); int /*flags*/);
krb5_error_code
krb5_auth_con_generatelocalsubkey (
krb5_context /*context*/,
krb5_auth_context /*auth_context*/,
krb5_keyblock */*key*/);
krb5_error_code krb5_error_code
krb5_auth_con_getaddrs ( krb5_auth_con_getaddrs (
krb5_context /*context*/, krb5_context /*context*/,
@ -805,6 +811,12 @@ krb5_crypto_destroy (
krb5_context /*context*/, krb5_context /*context*/,
krb5_crypto /*crypto*/); krb5_crypto /*crypto*/);
krb5_error_code
krb5_crypto_getblocksize (
krb5_context /*context*/,
krb5_crypto /*crypto*/,
size_t */*blocksize*/);
krb5_error_code krb5_error_code
krb5_crypto_init ( krb5_crypto_init (
krb5_context /*context*/, krb5_context /*context*/,

6
crypto/heimdal/lib/krb5/krb5.h

@ -31,7 +31,7 @@
* SUCH DAMAGE. * SUCH DAMAGE.
*/ */
/* $Id: krb5.h,v 1.203 2002/08/22 10:06:20 joda Exp $ */ /* $Id: krb5.h,v 1.205 2002/09/03 17:31:47 joda Exp $ */
#ifndef __KRB5_H__ #ifndef __KRB5_H__
#define __KRB5_H__ #define __KRB5_H__
@ -99,7 +99,6 @@ enum {
ENCTYPE_DES3_CBC_NONE = ETYPE_DES3_CBC_NONE, ENCTYPE_DES3_CBC_NONE = ETYPE_DES3_CBC_NONE,
ENCTYPE_DES_CFB64_NONE = ETYPE_DES_CFB64_NONE, ENCTYPE_DES_CFB64_NONE = ETYPE_DES_CFB64_NONE,
ENCTYPE_DES_PCBC_NONE = ETYPE_DES_PCBC_NONE, ENCTYPE_DES_PCBC_NONE = ETYPE_DES_PCBC_NONE,
ENCTYPE_DES3_CBC_NONE_IVEC = ETYPE_DES3_CBC_NONE_IVEC
}; };
typedef PADATA_TYPE krb5_preauthtype; typedef PADATA_TYPE krb5_preauthtype;
@ -208,7 +207,8 @@ typedef enum krb5_address_type {
enum { enum {
AP_OPTS_USE_SESSION_KEY = 1, AP_OPTS_USE_SESSION_KEY = 1,
AP_OPTS_MUTUAL_REQUIRED = 2 AP_OPTS_MUTUAL_REQUIRED = 2,
AP_OPTS_USE_SUBKEY = 4 /* library internal */
}; };
typedef HostAddress krb5_address; typedef HostAddress krb5_address;

4
crypto/heimdal/lib/krb5/krb5_appdefault.3

@ -1,5 +1,5 @@
.\" Copyright (c) 2000 Kungliga Tekniska Högskolan .\" Copyright (c) 2000 Kungliga Tekniska Högskolan
.\" $Id: krb5_appdefault.3,v 1.7 2002/08/28 15:30:46 joda Exp $ .\" $Id: krb5_appdefault.3,v 1.8 2002/09/13 14:49:31 joda Exp $
.Dd July 25, 2000 .Dd July 25, 2000
.Dt KRB5_APPDEFAULT 3 .Dt KRB5_APPDEFAULT 3
.Os HEIMDAL .Os HEIMDAL
@ -19,7 +19,7 @@ Kerberos 5 Library (libkrb5, -lkrb5)
.Ft void .Ft void
.Fn krb5_appdefault_time "krb5_context context" "const char *appname" "krb5_realm realm" "const char *option" "time_t def_val" "time_t *ret_val" .Fn krb5_appdefault_time "krb5_context context" "const char *appname" "krb5_realm realm" "const char *option" "time_t def_val" "time_t *ret_val"
.Sh DESCRIPTION .Sh DESCRIPTION
These functions get application application defaults from the These functions get application defaults from the
.Dv appdefaults .Dv appdefaults
section of the section of the
.Xr krb5.conf 5 .Xr krb5.conf 5

4
crypto/heimdal/lib/krb5/krb5_auth_context.3

@ -1,5 +1,5 @@
.\" Copyright (c) 2001 Kungliga Tekniska Högskolan .\" Copyright (c) 2001 Kungliga Tekniska Högskolan
.\" $Id: krb5_auth_context.3,v 1.4 2002/08/28 14:46:20 joda Exp $ .\" $Id: krb5_auth_context.3,v 1.5 2002/09/02 12:42:00 joda Exp $
.Dd January 21, 2001 .Dd January 21, 2001
.Dt KRB5_AUTH_CONTEXT 3 .Dt KRB5_AUTH_CONTEXT 3
.Os HEIMDAL .Os HEIMDAL
@ -34,7 +34,7 @@
.Nm krb5_auth_con_setrcache , .Nm krb5_auth_con_setrcache ,
.Nm krb5_auth_con_initivector , .Nm krb5_auth_con_initivector ,
.Nm krb5_auth_con_setivector .Nm krb5_auth_con_setivector
.Nd manage authetication on connection level .Nd manage authentication on connection level
.Sh LIBRARY .Sh LIBRARY
Kerberos 5 Library (libkrb5, -lkrb5) Kerberos 5 Library (libkrb5, -lkrb5)
.Sh SYNOPSIS .Sh SYNOPSIS

6
crypto/heimdal/lib/krb5/krb5_context.3

@ -1,5 +1,5 @@
.\" Copyright (c) 2001 Kungliga Tekniska Högskolan .\" Copyright (c) 2001 Kungliga Tekniska Högskolan
.\" $Id: krb5_context.3,v 1.3 2002/08/28 15:30:48 joda Exp $ .\" $Id: krb5_context.3,v 1.4 2002/09/02 12:42:00 joda Exp $
.Dd January 21, 2001 .Dd January 21, 2001
.Dt KRB5_CONTEXT 3 .Dt KRB5_CONTEXT 3
.Os HEIMDAL .Os HEIMDAL
@ -10,8 +10,8 @@
The The
.Nm .Nm
structure is designed to hold all per thread state. All global structure is designed to hold all per thread state. All global
variables that are context specific are stored in this struture, variables that are context specific are stored in this structure,
including default encryption types, credential-cache (ticket file), and including default encryption types, credentials-cache (ticket file), and
default realms. default realms.
.Pp .Pp
The internals of the structure should never be accessed directly, The internals of the structure should never be accessed directly,

4
crypto/heimdal/lib/krb5/krb5_init_context.3

@ -1,5 +1,5 @@
.\" Copyright (c) 2001 Kungliga Tekniska Högskolan .\" Copyright (c) 2001 Kungliga Tekniska Högskolan
.\" $Id: krb5_init_context.3,v 1.5 2002/08/28 15:30:53 joda Exp $ .\" $Id: krb5_init_context.3,v 1.6 2002/09/02 12:42:00 joda Exp $
.Dd January 21, 2001 .Dd January 21, 2001
.Dt KRB5_CONTEXT 3 .Dt KRB5_CONTEXT 3
.Os HEIMDAL .Os HEIMDAL
@ -20,7 +20,7 @@ The
.Fn krb5_init_context .Fn krb5_init_context
function initializes the function initializes the
.Fa context .Fa context
structure and reads the configration file structure and reads the configuration file
.Pa /etc/krb5.conf . .Pa /etc/krb5.conf .
.Pp .Pp
The structure should be freed by calling The structure should be freed by calling

4
crypto/heimdal/lib/krb5/krb5_parse_name.3

@ -1,5 +1,5 @@
.\" Copyright (c) 1997 Kungliga Tekniska Högskolan .\" Copyright (c) 1997 Kungliga Tekniska Högskolan
.\" $Id: krb5_parse_name.3,v 1.5 2002/08/28 15:30:55 joda Exp $ .\" $Id: krb5_parse_name.3,v 1.6 2002/09/02 12:42:00 joda Exp $
.Dd August 8, 1997 .Dd August 8, 1997
.Dt KRB5_PARSE_NAME 3 .Dt KRB5_PARSE_NAME 3
.Os HEIMDAL .Os HEIMDAL
@ -14,7 +14,7 @@ Kerberos 5 Library (libkrb5, -lkrb5)
.Fn krb5_parse_name "krb5_context context" "const char *name" "krb5_principal *principal" .Fn krb5_parse_name "krb5_context context" "const char *name" "krb5_principal *principal"
.Sh DESCRIPTION .Sh DESCRIPTION
.Fn krb5_parse_name .Fn krb5_parse_name
converts a string representation of a princpal name to converts a string representation of a principal name to
.Nm krb5_principal . .Nm krb5_principal .
The The
.Fa principal .Fa principal

5
crypto/heimdal/lib/krb5/krb5_unparse_name.3

@ -1,5 +1,5 @@
.\" Copyright (c) 1997 Kungliga Tekniska Högskolan .\" Copyright (c) 1997 Kungliga Tekniska Högskolan
.\" $Id: krb5_unparse_name.3,v 1.5 2002/08/28 15:30:57 joda Exp $ .\" $Id: krb5_unparse_name.3,v 1.6 2002/09/02 12:42:00 joda Exp $
.Dd August 8, 1997 .Dd August 8, 1997
.Dt KRB5_UNPARSE_NAME 3 .Dt KRB5_UNPARSE_NAME 3
.Os HEIMDAL .Os HEIMDAL
@ -18,7 +18,8 @@ Kerberos 5 Library (libkrb5, -lkrb5)
.Sh DESCRIPTION .Sh DESCRIPTION
This function takes a This function takes a
.Fa principal , .Fa principal ,
and will convert in to a printable representation with the same syntax as decribed in and will convert in to a printable representation with the same syntax
as described in
.Xr krb5_parse_name 3 . .Xr krb5_parse_name 3 .
.Fa *name .Fa *name
will point to allocated data and should be freed by the caller. will point to allocated data and should be freed by the caller.

6
crypto/heimdal/lib/krb5/kuserok.c

@ -33,7 +33,7 @@
#include "krb5_locl.h" #include "krb5_locl.h"
RCSID("$Id: kuserok.c,v 1.5 1999/12/02 17:05:11 joda Exp $"); RCSID("$Id: kuserok.c,v 1.6 2002/09/16 17:32:11 nectar Exp $");
/* /*
* Return TRUE iff `principal' is allowed to login as `luser'. * Return TRUE iff `principal' is allowed to login as `luser'.
@ -88,9 +88,7 @@ krb5_kuserok (krb5_context context,
while (fgets (buf, sizeof(buf), f) != NULL) { while (fgets (buf, sizeof(buf), f) != NULL) {
krb5_principal tmp; krb5_principal tmp;
if(buf[strlen(buf) - 1] == '\n') buf[strcspn(buf, "\n")] = '\0';
buf[strlen(buf) - 1] = '\0';
ret = krb5_parse_name (context, buf, &tmp); ret = krb5_parse_name (context, buf, &tmp);
if (ret) { if (ret) {
fclose (f); fclose (f);

44
crypto/heimdal/lib/krb5/log.c

@ -33,7 +33,7 @@
#include "krb5_locl.h" #include "krb5_locl.h"
RCSID("$Id: log.c,v 1.30 2002/08/20 09:49:09 joda Exp $"); RCSID("$Id: log.c,v 1.31 2002/09/05 14:59:14 joda Exp $");
struct facility { struct facility {
int min; int min;
@ -382,24 +382,33 @@ krb5_vlog_msg(krb5_context context,
va_list ap) va_list ap)
__attribute__((format (printf, 5, 0))) __attribute__((format (printf, 5, 0)))
{ {
char *msg;
const char *actual; char *msg = NULL;
const char *actual = NULL;
char buf[64]; char buf[64];
time_t t; time_t t = 0;
int i; int i;
vasprintf(&msg, fmt, ap); for(i = 0; fac && i < fac->len; i++)
if (msg != NULL)
actual = msg;
else
actual = fmt;
t = time(NULL);
krb5_format_time(context, t, buf, sizeof(buf), TRUE);
for(i = 0; i < fac->len; i++)
if(fac->val[i].min <= level && if(fac->val[i].min <= level &&
(fac->val[i].max < 0 || fac->val[i].max >= level)) (fac->val[i].max < 0 || fac->val[i].max >= level)) {
if(t == 0) {
t = time(NULL);
krb5_format_time(context, t, buf, sizeof(buf), TRUE);
}
if(actual == NULL) {
vasprintf(&msg, fmt, ap);
if(msg == NULL)
actual = fmt;
else
actual = msg;
}
(*fac->val[i].log)(buf, actual, fac->val[i].data); (*fac->val[i].log)(buf, actual, fac->val[i].data);
*reply = msg; }
if(reply == NULL)
free(msg);
else
*reply = msg;
return 0; return 0;
} }
@ -411,12 +420,7 @@ krb5_vlog(krb5_context context,
va_list ap) va_list ap)
__attribute__((format (printf, 4, 0))) __attribute__((format (printf, 4, 0)))
{ {
char *msg; return krb5_vlog_msg(context, fac, NULL, level, fmt, ap);
krb5_error_code ret;
ret = krb5_vlog_msg(context, fac, &msg, level, fmt, ap);
free(msg);
return ret;
} }
krb5_error_code krb5_error_code

51
crypto/heimdal/lib/krb5/mk_error.c

@ -33,7 +33,7 @@
#include "krb5_locl.h" #include "krb5_locl.h"
RCSID("$Id: mk_error.c,v 1.17 2002/03/27 09:29:43 joda Exp $"); RCSID("$Id: mk_error.c,v 1.18 2002/09/04 16:26:04 joda Exp $");
krb5_error_code krb5_error_code
krb5_mk_error(krb5_context context, krb5_mk_error(krb5_context context,
@ -47,8 +47,6 @@ krb5_mk_error(krb5_context context,
krb5_data *reply) krb5_data *reply)
{ {
KRB_ERROR msg; KRB_ERROR msg;
u_char *buf;
size_t buf_size;
int32_t sec, usec; int32_t sec, usec;
size_t len; size_t len;
krb5_error_code ret = 0; krb5_error_code ret = 0;
@ -84,45 +82,10 @@ krb5_mk_error(krb5_context context,
msg.cname = &client->name; msg.cname = &client->name;
} }
buf_size = 1024; ASN1_MALLOC_ENCODE(KRB_ERROR, reply->data, reply->length, &msg, &len, ret);
buf = malloc (buf_size); if (ret)
if (buf == NULL) { return ret;
krb5_set_error_string (context, "malloc: out of memory"); if(reply->length != len)
return ENOMEM; krb5_abortx(context, "internal error in ASN.1 encoder");
} return 0;
do {
ret = encode_KRB_ERROR(buf + buf_size - 1,
buf_size,
&msg,
&len);
if (ret) {
if (ret == ASN1_OVERFLOW) {
u_char *tmp;
buf_size *= 2;
tmp = realloc (buf, buf_size);
if (tmp == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
ret = ENOMEM;
goto out;
}
buf = tmp;
} else {
goto out;
}
}
} while (ret == ASN1_OVERFLOW);
reply->length = len;
reply->data = malloc(len);
if (reply->data == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
ret = ENOMEM;
goto out;
}
memcpy (reply->data, buf + buf_size - len, len);
out:
free (buf);
return ret;
} }

65
crypto/heimdal/lib/krb5/mk_priv.c

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@ -33,11 +33,8 @@
#include <krb5_locl.h> #include <krb5_locl.h>
RCSID("$Id: mk_priv.c,v 1.30 2001/06/18 02:44:54 assar Exp $"); RCSID("$Id: mk_priv.c,v 1.31 2002/09/04 16:26:04 joda Exp $");
/*
*
*/
krb5_error_code krb5_error_code
krb5_mk_priv(krb5_context context, krb5_mk_priv(krb5_context context,
@ -83,35 +80,11 @@ krb5_mk_priv(krb5_context context,
part.s_address = auth_context->local_address; part.s_address = auth_context->local_address;
part.r_address = auth_context->remote_address; part.r_address = auth_context->remote_address;
buf_size = 1024;
buf = malloc (buf_size);
if (buf == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
krb5_data_zero (&s.enc_part.cipher); krb5_data_zero (&s.enc_part.cipher);
do { ASN1_MALLOC_ENCODE(EncKrbPrivPart, buf, buf_size, &part, &len, ret);
ret = encode_EncKrbPrivPart (buf + buf_size - 1, buf_size, if (ret)
&part, &len); goto fail;
if (ret) {
if (ret == ASN1_OVERFLOW) {
u_char *tmp;
buf_size *= 2;
tmp = realloc (buf, buf_size);
if (tmp == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
ret = ENOMEM;
goto fail;
}
buf = tmp;
} else {
goto fail;
}
}
} while(ret == ASN1_OVERFLOW);
s.pvno = 5; s.pvno = 5;
s.msg_type = krb_priv; s.msg_type = krb_priv;
@ -134,37 +107,21 @@ krb5_mk_priv(krb5_context context,
free(buf); free(buf);
return ret; return ret;
} }
free(buf);
do {
ret = encode_KRB_PRIV (buf + buf_size - 1, buf_size, &s, &len);
if (ret){ ASN1_MALLOC_ENCODE(KRB_PRIV, buf, buf_size, &s, &len, ret);
if (ret == ASN1_OVERFLOW) {
u_char *tmp;
buf_size *= 2; if(ret)
tmp = realloc (buf, buf_size); goto fail;
if (tmp == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
ret = ENOMEM;
goto fail;
}
buf = tmp;
} else {
goto fail;
}
}
} while(ret == ASN1_OVERFLOW);
krb5_data_free (&s.enc_part.cipher); krb5_data_free (&s.enc_part.cipher);
outbuf->length = len; ret = krb5_data_copy(outbuf, buf + buf_size - len, len);
outbuf->data = malloc (len); if (ret) {
if (outbuf->data == NULL) {
krb5_set_error_string (context, "malloc: out of memory"); krb5_set_error_string (context, "malloc: out of memory");
free(buf); free(buf);
return ENOMEM; return ENOMEM;
} }
memcpy (outbuf->data, buf + buf_size - len, len);
free (buf); free (buf);
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE)
auth_context->local_seqnumber = auth_context->local_seqnumber =

38
crypto/heimdal/lib/krb5/mk_rep.c

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@ -33,7 +33,7 @@
#include <krb5_locl.h> #include <krb5_locl.h>
RCSID("$Id: mk_rep.c,v 1.19 2001/05/14 06:14:49 assar Exp $"); RCSID("$Id: mk_rep.c,v 1.20 2002/09/04 16:26:05 joda Exp $");
krb5_error_code krb5_error_code
krb5_mk_rep(krb5_context context, krb5_mk_rep(krb5_context context,
@ -72,21 +72,10 @@ krb5_mk_rep(krb5_context context,
ap.enc_part.etype = auth_context->keyblock->keytype; ap.enc_part.etype = auth_context->keyblock->keytype;
ap.enc_part.kvno = NULL; ap.enc_part.kvno = NULL;
buf_size = length_EncAPRepPart(&body); ASN1_MALLOC_ENCODE(EncAPRepPart, buf, buf_size, &body, &len, ret);
buf = malloc (buf_size);
if (buf == NULL) {
free_EncAPRepPart (&body);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
ret = krb5_encode_EncAPRepPart (context,
buf + buf_size - 1,
buf_size,
&body,
&len);
free_EncAPRepPart (&body); free_EncAPRepPart (&body);
if(ret)
return ret;
ret = krb5_crypto_init(context, auth_context->keyblock, ret = krb5_crypto_init(context, auth_context->keyblock,
0 /* ap.enc_part.etype */, &crypto); 0 /* ap.enc_part.etype */, &crypto);
if (ret) { if (ret) {
@ -105,20 +94,7 @@ krb5_mk_rep(krb5_context context,
return ret; return ret;
} }
buf_size = length_AP_REP(&ap); ASN1_MALLOC_ENCODE(AP_REP, outbuf->data, outbuf->length, &ap, &len, ret);
buf = realloc(buf, buf_size);
if(buf == NULL) {
free_AP_REP (&ap);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
ret = encode_AP_REP (buf + buf_size - 1, buf_size, &ap, &len);
free_AP_REP (&ap); free_AP_REP (&ap);
return ret;
if(len != buf_size)
krb5_abortx(context, "krb5_mk_rep: encoded length != calculated length");
outbuf->data = buf;
outbuf->length = len;
return 0;
} }

10
crypto/heimdal/lib/krb5/mk_req_ext.c

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@ -33,7 +33,7 @@
#include <krb5_locl.h> #include <krb5_locl.h>
RCSID("$Id: mk_req_ext.c,v 1.25 2001/05/09 07:15:00 assar Exp $"); RCSID("$Id: mk_req_ext.c,v 1.26 2002/09/02 17:13:52 joda Exp $");
krb5_error_code krb5_error_code
krb5_mk_req_internal(krb5_context context, krb5_mk_req_internal(krb5_context context,
@ -62,6 +62,12 @@ krb5_mk_req_internal(krb5_context context,
if(ret) if(ret)
return ret; return ret;
if(ac->local_subkey == NULL && (ap_req_options & AP_OPTS_USE_SUBKEY)) {
ret = krb5_auth_con_generatelocalsubkey(context, ac, &in_creds->session);
if(ret)
return ret;
}
#if 0 #if 0
{ {
/* This is somewhat bogus since we're possibly overwriting a /* This is somewhat bogus since we're possibly overwriting a

46
crypto/heimdal/lib/krb5/mk_safe.c

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@ -33,7 +33,7 @@
#include <krb5_locl.h> #include <krb5_locl.h>
RCSID("$Id: mk_safe.c,v 1.27 2001/06/18 02:45:15 assar Exp $"); RCSID("$Id: mk_safe.c,v 1.28 2002/09/04 16:26:05 joda Exp $");
krb5_error_code krb5_error_code
krb5_mk_safe(krb5_context context, krb5_mk_safe(krb5_context context,
@ -48,7 +48,6 @@ krb5_mk_safe(krb5_context context,
KerberosTime sec2; KerberosTime sec2;
int usec2; int usec2;
u_char *buf = NULL; u_char *buf = NULL;
void *tmp;
size_t buf_size; size_t buf_size;
size_t len; size_t len;
u_int32_t tmp_seq; u_int32_t tmp_seq;
@ -85,17 +84,11 @@ krb5_mk_safe(krb5_context context,
s.cksum.checksum.data = NULL; s.cksum.checksum.data = NULL;
s.cksum.checksum.length = 0; s.cksum.checksum.length = 0;
buf_size = length_KRB_SAFE(&s); ASN1_MALLOC_ENCODE(KRB_SAFE, buf, buf_size, &s, &len, ret);
buf = malloc(buf_size + 128); /* add some for checksum */ if (ret)
if(buf == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
ret = encode_KRB_SAFE (buf + buf_size - 1, buf_size, &s, &len);
if (ret) {
free (buf);
return ret; return ret;
} if(buf_size != len)
krb5_abortx(context, "internal error in ASN.1 encoder");
ret = krb5_crypto_init(context, key, 0, &crypto); ret = krb5_crypto_init(context, key, 0, &crypto);
if (ret) { if (ret) {
free (buf); free (buf);
@ -105,7 +98,7 @@ krb5_mk_safe(krb5_context context,
crypto, crypto,
KRB5_KU_KRB_SAFE_CKSUM, KRB5_KU_KRB_SAFE_CKSUM,
0, 0,
buf + buf_size - len, buf,
len, len,
&s.cksum); &s.cksum);
krb5_crypto_destroy(context, crypto); krb5_crypto_destroy(context, crypto);
@ -114,27 +107,16 @@ krb5_mk_safe(krb5_context context,
return ret; return ret;
} }
buf_size = length_KRB_SAFE(&s); free(buf);
tmp = realloc(buf, buf_size); ASN1_MALLOC_ENCODE(KRB_SAFE, buf, buf_size, &s, &len, ret);
if(tmp == NULL) {
free(buf);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
buf = tmp;
ret = encode_KRB_SAFE (buf + buf_size - 1, buf_size, &s, &len);
free_Checksum (&s.cksum); free_Checksum (&s.cksum);
if(ret)
return ret;
if(buf_size != len)
krb5_abortx(context, "internal error in ASN.1 encoder");
outbuf->length = len; outbuf->length = len;
outbuf->data = malloc (len); outbuf->data = buf;
if (outbuf->data == NULL) {
free (buf);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
memcpy (outbuf->data, buf + buf_size - len, len);
free (buf);
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE)
auth_context->local_seqnumber = auth_context->local_seqnumber =
(auth_context->local_seqnumber + 1) & 0xFFFFFFFF; (auth_context->local_seqnumber + 1) & 0xFFFFFFFF;

277
crypto/heimdal/lib/krb5/name-45-test.c Normal file

@ -0,0 +1,277 @@
/*
* Copyright (c) 2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of KTH nor the names of its contributors may be
* used to endorse or promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
#include "krb5_locl.h"
RCSID("$Id: name-45-test.c,v 1.2 2002/08/31 03:33:07 assar Exp $");
enum { MAX_COMPONENTS = 3 };
static struct testcase {
const char *v4_name;
const char *v4_inst;
const char *v4_realm;
krb5_realm v5_realm;
unsigned ncomponents;
char *comp_val[MAX_COMPONENTS];
const char *config_file;
krb5_error_code ret; /* expected error code from 524 */
krb5_error_code ret2; /* expected error code from 425 */
} tests[] = {
{"", "", "", "", 1, {""}, NULL, 0, 0},
{"a", "", "", "", 1, {"a"}, NULL, 0, 0},
{"a", "b", "", "", 2, {"a", "b"}, NULL, 0, 0},
{"a", "b", "c", "c", 2, {"a", "b"}, NULL, 0, 0},
{"krbtgt", "FOO.SE", "FOO.SE", "FOO.SE", 2,
{"krbtgt", "FOO.SE"}, NULL, 0, 0},
{"foo", "bar", "BAZ", "BAZ", 2,
{"foo", "bar"}, NULL, 0, 0},
{"foo", "bar", "BAZ", "BAZ", 2,
{"foo", "bar"},
"[libdefaults]\n"
" v4_name_convert = {\n"
" host = {\n"
" foo = foo5\n"
" }\n"
"}\n",
HEIM_ERR_V4_PRINC_NO_CONV, 0},
{"foo", "bar", "BAZ", "BAZ", 2,
{"foo5", "bar.baz"},
"[realms]\n"
" BAZ = {\n"
" v4_name_convert = {\n"
" host = {\n"
" foo = foo5\n"
" }\n"
" }\n"
" v4_instance_convert = {\n"
" bar = bar.baz\n"
" }\n"
" }\n",
0, 0},
{"rcmd", "foo", "realm", "realm", 2, {"host", "foo"}, NULL,
HEIM_ERR_V4_PRINC_NO_CONV, 0},
{"rcmd", "foo", "realm", "realm", 2, {"host", "foo.realm"},
"[realms]\n"
" realm = {\n"
" v4_instance_convert = {\n"
" foo = foo.realm\n"
" }\n"
" }\n",
0, 0},
{"pop", "mail0", "NADA.KTH.SE", "NADA.KTH.SE", 2,
{"pop", "mail0.nada.kth.se"}, NULL, HEIM_ERR_V4_PRINC_NO_CONV, 0},
{"pop", "mail0", "NADA.KTH.SE", "NADA.KTH.SE", 2,
{"pop", "mail0.nada.kth.se"},
"[realms]\n"
" NADA.KTH.SE = {\n"
" default_domain = nada.kth.se\n"
" }\n",
0, 0},
{"pop", "mail0", "NADA.KTH.SE", "NADA.KTH.SE", 2,
{"pop", "mail0.nada.kth.se"},
"[libdefaults]\n"
" v4_instance_resolve = true\n",
HEIM_ERR_V4_PRINC_NO_CONV, 0},
{"rcmd", "ratatosk", "NADA.KTH.SE", "NADA.KTH.SE", 2,
{"host", "ratatosk.pdc.kth.se"}, NULL, HEIM_ERR_V4_PRINC_NO_CONV, 0},
{"rcmd", "ratatosk", "NADA.KTH.SE", "NADA.KTH.SE", 2,
{"host", "ratatosk.pdc.kth.se"},
"[libdefaults]\n"
" v4_instance_resolve = true\n"
"[realms]\n"
" NADA.KTH.SE = {\n"
" v4_name_convert = {\n"
" host = {\n"
" rcmd = host\n"
" }\n"
" }\n"
" default_domain = pdc.kth.se\n"
" }\n",
0, 0},
{"0123456789012345678901234567890123456789",
"0123456789012345678901234567890123456789",
"0123456789012345678901234567890123456789",
"0123456789012345678901234567890123456789",
2, {"0123456789012345678901234567890123456789",
"0123456789012345678901234567890123456789"}, NULL,
0, KRB5_PARSE_MALFORMED},
{"012345678901234567890123456789012345678",
"012345678901234567890123456789012345678",
"012345678901234567890123456789012345678",
"012345678901234567890123456789012345678",
2, {"012345678901234567890123456789012345678",
"012345678901234567890123456789012345678"}, NULL,
0, 0},
{NULL, NULL, NULL, NULL, 0, {}, NULL, 0}
};
int
main(int argc, char **argv)
{
struct testcase *t;
krb5_context context;
krb5_error_code ret;
int val = 0;
for (t = tests; t->v4_name; ++t) {
krb5_principal princ;
int i;
char name[40], inst[40], realm[40];
char printable_princ[256];
ret = krb5_init_context (&context);
if (ret)
errx (1, "krb5_init_context failed: %d", ret);
if (t->config_file != NULL) {
char template[] = "/tmp/krb5-conf-XXXXXX";
int fd = mkstemp(template);
char *files[2];
if (fd < 0)
krb5_err (context, 1, errno, "mkstemp %s", template);
if (write (fd, t->config_file, strlen(t->config_file))
!= strlen(t->config_file))
krb5_err (context, 1, errno, "write %s", template);
close (fd);
files[0] = template;
files[1] = NULL;
ret = krb5_set_config_files (context, files);
unlink (template);
if (ret)
krb5_err (context, 1, ret, "krb5_set_config_files");
}
ret = krb5_425_conv_principal (context,
t->v4_name,
t->v4_inst,
t->v4_realm,
&princ);
if (ret) {
if (ret != t->ret) {
krb5_warn (context, ret,
"krb5_425_conv_principal %s.%s@%s",
t->v4_name, t->v4_inst, t->v4_realm);
val = 1;
}
} else {
if (t->ret) {
krb5_warnx (context,
"krb5_425_conv_principal %s.%s@%s "
"passed unexpected",
t->v4_name, t->v4_inst, t->v4_realm);
val = 1;
continue;
}
}
if (ret)
continue;
if (strcmp (t->v5_realm, princ->realm) != 0) {
printf ("wrong realm (\"%s\" should be \"%s\")"
" for \"%s.%s@%s\"\n",
princ->realm, t->v5_realm,
t->v4_name,
t->v4_inst,
t->v4_realm);
val = 1;
}
if (t->ncomponents != princ->name.name_string.len) {
printf ("wrong number of components (%u should be %u)"
" for \"%s.%s@%s\"\n",
princ->name.name_string.len, t->ncomponents,
t->v4_name,
t->v4_inst,
t->v4_realm);
val = 1;
} else {
for (i = 0; i < t->ncomponents; ++i) {
if (strcmp(t->comp_val[i],
princ->name.name_string.val[i]) != 0) {
printf ("bad component %d (\"%s\" should be \"%s\")"
" for \"%s.%s@%s\"\n",
i,
princ->name.name_string.val[i],
t->comp_val[i],
t->v4_name,
t->v4_inst,
t->v4_realm);
val = 1;
}
}
}
ret = krb5_524_conv_principal (context, princ,
name, inst, realm);
if (krb5_unparse_name_fixed(context, princ,
printable_princ, sizeof(printable_princ)))
strlcpy(printable_princ, "unknown principal",
sizeof(printable_princ));
if (ret) {
if (ret != t->ret2) {
krb5_warn (context, ret,
"krb5_524_conv_principal %s", printable_princ);
val = 1;
}
} else {
if (t->ret2) {
krb5_warnx (context,
"krb5_524_conv_principal %s "
"passed unexpected", printable_princ);
val = 1;
continue;
}
}
if (ret) {
krb5_free_principal (context, princ);
continue;
}
krb5_free_principal (context, princ);
}
return val;
}

5
crypto/heimdal/lib/krb5/prompter_posix.c

@ -33,7 +33,7 @@
#include "krb5_locl.h" #include "krb5_locl.h"
RCSID("$Id: prompter_posix.c,v 1.6 2001/05/11 20:26:49 assar Exp $"); RCSID("$Id: prompter_posix.c,v 1.7 2002/09/16 17:32:11 nectar Exp $");
int int
krb5_prompter_posix (krb5_context context, krb5_prompter_posix (krb5_context context,
@ -65,8 +65,7 @@ krb5_prompter_posix (krb5_context context,
prompts[i].reply->length, prompts[i].reply->length,
stdin) == NULL) stdin) == NULL)
return 1; return 1;
if(s[strlen(s) - 1] == '\n') s[strcspn(s, "\n")] = '\0';
s[strlen(s) - 1] = '\0';
} }
} }
return 0; return 0;

11
crypto/heimdal/lib/krb5/rd_cred.c

@ -33,7 +33,7 @@
#include <krb5_locl.h> #include <krb5_locl.h>
RCSID("$Id: rd_cred.c,v 1.17 2002/08/09 17:07:12 joda Exp $"); RCSID("$Id: rd_cred.c,v 1.18 2002/09/04 16:26:05 joda Exp $");
krb5_error_code krb5_error_code
krb5_rd_cred(krb5_context context, krb5_rd_cred(krb5_context context,
@ -214,7 +214,6 @@ krb5_rd_cred(krb5_context context,
for (i = 0; i < enc_krb_cred_part.ticket_info.len; ++i) { for (i = 0; i < enc_krb_cred_part.ticket_info.len; ++i) {
KrbCredInfo *kci = &enc_krb_cred_part.ticket_info.val[i]; KrbCredInfo *kci = &enc_krb_cred_part.ticket_info.val[i];
krb5_creds *creds; krb5_creds *creds;
u_char buf[1024];
size_t len; size_t len;
creds = calloc(1, sizeof(*creds)); creds = calloc(1, sizeof(*creds));
@ -224,12 +223,12 @@ krb5_rd_cred(krb5_context context,
goto out; goto out;
} }
ret = encode_Ticket (buf + sizeof(buf) - 1, sizeof(buf), ASN1_MALLOC_ENCODE(Ticket, creds->ticket.data, creds->ticket.length,
&cred.tickets.val[i], &cred.tickets.val[i], &len, ret);
&len);
if (ret) if (ret)
goto out; goto out;
krb5_data_copy (&creds->ticket, buf + sizeof(buf) - len, len); if(creds->ticket.length != len)
krb5_abortx(context, "internal error in ASN.1 encoder");
copy_EncryptionKey (&kci->key, &creds->session); copy_EncryptionKey (&kci->key, &creds->session);
if (kci->prealm && kci->pname) if (kci->prealm && kci->pname)
principalname2krb5_principal (&creds->client, principalname2krb5_principal (&creds->client,

20
crypto/heimdal/lib/krb5/rd_safe.c

@ -33,7 +33,7 @@
#include <krb5_locl.h> #include <krb5_locl.h>
RCSID("$Id: rd_safe.c,v 1.26 2002/02/14 12:47:47 joda Exp $"); RCSID("$Id: rd_safe.c,v 1.27 2002/09/04 16:26:05 joda Exp $");
static krb5_error_code static krb5_error_code
verify_checksum(krb5_context context, verify_checksum(krb5_context context,
@ -53,19 +53,11 @@ verify_checksum(krb5_context context,
safe->cksum.checksum.data = NULL; safe->cksum.checksum.data = NULL;
safe->cksum.checksum.length = 0; safe->cksum.checksum.length = 0;
buf_size = length_KRB_SAFE(safe); ASN1_MALLOC_ENCODE(KRB_SAFE, buf, buf_size, safe, &len, ret);
buf = malloc(buf_size); if(ret)
return ret;
if (buf == NULL) { if(buf_size != len)
ret = ENOMEM; krb5_abortx(context, "internal error in ASN.1 encoder");
krb5_set_error_string (context, "malloc: out of memory");
goto out;
}
ret = encode_KRB_SAFE (buf + buf_size - 1,
buf_size,
safe,
&len);
if (auth_context->remote_subkey) if (auth_context->remote_subkey)
key = auth_context->remote_subkey; key = auth_context->remote_subkey;

16
crypto/heimdal/lib/krb5/sendauth.c

@ -33,7 +33,7 @@
#include "krb5_locl.h" #include "krb5_locl.h"
RCSID("$Id: sendauth.c,v 1.18 2001/05/14 06:14:51 assar Exp $"); RCSID("$Id: sendauth.c,v 1.19 2002/09/04 21:34:43 joda Exp $");
/* /*
* The format seems to be: * The format seems to be:
@ -86,6 +86,7 @@ krb5_sendauth(krb5_context context,
krb5_principal this_client = NULL; krb5_principal this_client = NULL;
krb5_creds *creds; krb5_creds *creds;
ssize_t sret; ssize_t sret;
krb5_boolean my_ccache = FALSE;
len = strlen(version) + 1; len = strlen(version) + 1;
net_len = htonl(len); net_len = htonl(len);
@ -125,12 +126,16 @@ krb5_sendauth(krb5_context context,
ret = krb5_cc_default (context, &ccache); ret = krb5_cc_default (context, &ccache);
if (ret) if (ret)
return ret; return ret;
my_ccache = TRUE;
} }
if (client == NULL) { if (client == NULL) {
ret = krb5_cc_get_principal (context, ccache, &this_client); ret = krb5_cc_get_principal (context, ccache, &this_client);
if (ret) if (ret) {
if(my_ccache)
krb5_cc_close(context, ccache);
return ret; return ret;
}
client = this_client; client = this_client;
} }
memset(&this_cred, 0, sizeof(this_cred)); memset(&this_cred, 0, sizeof(this_cred));
@ -142,11 +147,16 @@ krb5_sendauth(krb5_context context,
} }
if (in_creds->ticket.length == 0) { if (in_creds->ticket.length == 0) {
ret = krb5_get_credentials (context, 0, ccache, in_creds, &creds); ret = krb5_get_credentials (context, 0, ccache, in_creds, &creds);
if (ret) if (ret) {
if(my_ccache)
krb5_cc_close(context, ccache);
return ret; return ret;
}
} else { } else {
creds = in_creds; creds = in_creds;
} }
if(my_ccache)
krb5_cc_close(context, ccache);
ret = krb5_mk_req_extended (context, ret = krb5_mk_req_extended (context,
auth_context, auth_context,
ap_req_options, ap_req_options,

25
crypto/heimdal/lib/krb5/transited.c

@ -33,7 +33,7 @@
#include "krb5_locl.h" #include "krb5_locl.h"
RCSID("$Id: transited.c,v 1.8 2001/05/14 06:14:52 assar Exp $"); RCSID("$Id: transited.c,v 1.9 2002/09/09 14:03:03 nectar Exp $");
/* this is an attempt at one of the most horrible `compression' /* this is an attempt at one of the most horrible `compression'
schemes that has ever been invented; it's so amazingly brain-dead schemes that has ever been invented; it's so amazingly brain-dead
@ -318,8 +318,9 @@ krb5_domain_x500_decode(krb5_context context,
if(ret) if(ret)
return ret; return ret;
/* remove empty components */ /* remove empty components and count realms */
q = &r; q = &r;
*num_realms = 0;
for(p = r; p; ){ for(p = r; p; ){
if(p->realm[0] == '\0'){ if(p->realm[0] == '\0'){
free(p->realm); free(p->realm);
@ -329,22 +330,20 @@ krb5_domain_x500_decode(krb5_context context,
}else{ }else{
q = &p->next; q = &p->next;
p = p->next; p = p->next;
(*num_realms)++;
} }
} }
if (*num_realms < 0 || *num_realms + 1 > UINT_MAX/sizeof(**realms))
return ERANGE;
{ {
char **R; char **R;
*realms = NULL; R = malloc((*num_realms + 1) * sizeof(*R));
*num_realms = 0; if (R == NULL)
return ENOMEM;
*realms = R;
while(r){ while(r){
R = realloc(*realms, (*num_realms + 1) * sizeof(**realms)); *R++ = r->realm;
if(R == NULL) {
free(*realms);
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
R[*num_realms] = r->realm;
(*num_realms)++;
*realms = R;
p = r->next; p = r->next;
free(r); free(r);
r = p; r = p;

42
crypto/heimdal/lib/roken/ChangeLog

@ -1,3 +1,45 @@
2002-09-10 Johan Danielsson <joda@pdc.kth.se>
* roken.awk: include config.h before stdio.h (breaks with
_FILE_OFFSET_BITS on solaris otherwise)
2002-09-09 Johan Danielsson <joda@pdc.kth.se>
* resolve.c: fix res_nsearch call, but don't use it for now, AIX5
has a broken version that trashes memory
* roken-common.h: fix typo in previous
* roken-common.h: change IRIX == 4 to IRIX4
2002-09-04 Assar Westerlund <assar@kth.se>
* getifaddrs.c: remove some warnings from the linux-portion
* getnameinfo_verified.c (getnameinfo_verified): handle the case
of forward but no backward DNS information, and also describe the
desired behaviour. from Love <lha@stacken.kth.se>
2002-09-04 Johan Danielsson <joda@pdc.kth.se>
* rtbl.c (rtbl_destroy): free whole table
* resolve.c: use res_nsearch if we have it (from Larry Greenfield)
2002-09-03 Assar Westerlund <assar@kth.se>
* getifaddrs.c: add Linux AF_NETLINK getifaddrs from Hideaki
YOSHIFUJI of the Usagi project
* parse_reply-test.c: make this build and return 77 if there is no
mmap
* Makefile.am (parse_reply-test): add
* parse_reply-test.c: add a test case for parse_reply reading past
the given buffer
* resolve.c (parse_reply): update the arguments to more reasonable
types. allow parse_reply-test to call it
2002-08-28 Johan Danielsson <joda@pdc.kth.se> 2002-08-28 Johan Danielsson <joda@pdc.kth.se>
* resolve.c (dns_srv_order): do alignment tricks with the random() * resolve.c (dns_srv_order): do alignment tricks with the random()

8
crypto/heimdal/lib/roken/Makefile.am

@ -1,4 +1,4 @@
# $Id: Makefile.am,v 1.120 2002/05/31 02:44:37 assar Exp $ # $Id: Makefile.am,v 1.122 2002/09/09 19:17:01 joda Exp $
include $(top_srcdir)/Makefile.am.common include $(top_srcdir)/Makefile.am.common
@ -7,7 +7,7 @@ ACLOCAL_AMFLAGS = -I ../../cf
CLEANFILES = roken.h make-roken.c $(XHEADERS) CLEANFILES = roken.h make-roken.c $(XHEADERS)
lib_LTLIBRARIES = libroken.la lib_LTLIBRARIES = libroken.la
libroken_la_LDFLAGS = -version-info 16:0:7 libroken_la_LDFLAGS = -version-info 16:0:0
noinst_PROGRAMS = make-roken snprintf-test noinst_PROGRAMS = make-roken snprintf-test
@ -17,6 +17,7 @@ check_PROGRAMS = \
base64-test \ base64-test \
getaddrinfo-test \ getaddrinfo-test \
parse_bytes-test \ parse_bytes-test \
parse_reply-test \
snprintf-test \ snprintf-test \
strpftime-test strpftime-test
@ -29,6 +30,9 @@ noinst_LTLIBRARIES = libtest.la
libtest_la_SOURCES = strftime.c strptime.c snprintf.c libtest_la_SOURCES = strftime.c strptime.c snprintf.c
libtest_la_CFLAGS = -DTEST_SNPRINTF libtest_la_CFLAGS = -DTEST_SNPRINTF
parse_reply_test_SOURCES = parse_reply-test.c resolve.c
parse_reply_test_CFLAGS = -DTEST_RESOLVE
strpftime_test_SOURCES = strpftime-test.c strpftime_test_SOURCES = strpftime-test.c
strpftime_test_LDADD = libtest.la $(LDADD) strpftime_test_LDADD = libtest.la $(LDADD)
snprintf_test_SOURCES = snprintf-test.c snprintf_test_SOURCES = snprintf-test.c

48
crypto/heimdal/lib/roken/Makefile.in

@ -14,7 +14,7 @@
@SET_MAKE@ @SET_MAKE@
# $Id: Makefile.am,v 1.120 2002/05/31 02:44:37 assar Exp $ # $Id: Makefile.am,v 1.122 2002/09/09 19:17:01 joda Exp $
# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
@ -207,7 +207,7 @@ ACLOCAL_AMFLAGS = -I ../../cf
CLEANFILES = roken.h make-roken.c $(XHEADERS) CLEANFILES = roken.h make-roken.c $(XHEADERS)
lib_LTLIBRARIES = libroken.la lib_LTLIBRARIES = libroken.la
libroken_la_LDFLAGS = -version-info 16:0:7 libroken_la_LDFLAGS = -version-info 16:0:0
noinst_PROGRAMS = make-roken snprintf-test noinst_PROGRAMS = make-roken snprintf-test
@ -217,6 +217,7 @@ check_PROGRAMS = \
base64-test \ base64-test \
getaddrinfo-test \ getaddrinfo-test \
parse_bytes-test \ parse_bytes-test \
parse_reply-test \
snprintf-test \ snprintf-test \
strpftime-test strpftime-test
@ -230,6 +231,9 @@ noinst_LTLIBRARIES = libtest.la
libtest_la_SOURCES = strftime.c strptime.c snprintf.c libtest_la_SOURCES = strftime.c strptime.c snprintf.c
libtest_la_CFLAGS = -DTEST_SNPRINTF libtest_la_CFLAGS = -DTEST_SNPRINTF
parse_reply_test_SOURCES = parse_reply-test.c resolve.c
parse_reply_test_CFLAGS = -DTEST_RESOLVE
strpftime_test_SOURCES = strpftime-test.c strpftime_test_SOURCES = strpftime-test.c
strpftime_test_LDADD = libtest.la $(LDADD) strpftime_test_LDADD = libtest.la $(LDADD)
snprintf_test_SOURCES = snprintf-test.c snprintf_test_SOURCES = snprintf-test.c
@ -422,8 +426,8 @@ am_libtest_la_OBJECTS = libtest_la-strftime.lo libtest_la-strptime.lo \
libtest_la-snprintf.lo libtest_la-snprintf.lo
libtest_la_OBJECTS = $(am_libtest_la_OBJECTS) libtest_la_OBJECTS = $(am_libtest_la_OBJECTS)
check_PROGRAMS = base64-test$(EXEEXT) getaddrinfo-test$(EXEEXT) \ check_PROGRAMS = base64-test$(EXEEXT) getaddrinfo-test$(EXEEXT) \
parse_bytes-test$(EXEEXT) snprintf-test$(EXEEXT) \ parse_bytes-test$(EXEEXT) parse_reply-test$(EXEEXT) \
strpftime-test$(EXEEXT) snprintf-test$(EXEEXT) strpftime-test$(EXEEXT)
noinst_PROGRAMS = make-roken$(EXEEXT) snprintf-test$(EXEEXT) noinst_PROGRAMS = make-roken$(EXEEXT) snprintf-test$(EXEEXT)
PROGRAMS = $(noinst_PROGRAMS) PROGRAMS = $(noinst_PROGRAMS)
@ -446,6 +450,13 @@ parse_bytes_test_OBJECTS = parse_bytes-test.$(OBJEXT)
parse_bytes_test_LDADD = $(LDADD) parse_bytes_test_LDADD = $(LDADD)
parse_bytes_test_DEPENDENCIES = libroken.la parse_bytes_test_DEPENDENCIES = libroken.la
parse_bytes_test_LDFLAGS = parse_bytes_test_LDFLAGS =
am_parse_reply_test_OBJECTS = \
parse_reply_test-parse_reply-test.$(OBJEXT) \
parse_reply_test-resolve.$(OBJEXT)
parse_reply_test_OBJECTS = $(am_parse_reply_test_OBJECTS)
parse_reply_test_LDADD = $(LDADD)
parse_reply_test_DEPENDENCIES = libroken.la
parse_reply_test_LDFLAGS =
am_snprintf_test_OBJECTS = snprintf_test-snprintf-test.$(OBJEXT) am_snprintf_test_OBJECTS = snprintf_test-snprintf-test.$(OBJEXT)
snprintf_test_OBJECTS = $(am_snprintf_test_OBJECTS) snprintf_test_OBJECTS = $(am_snprintf_test_OBJECTS)
snprintf_test_DEPENDENCIES = libtest.la libroken.la snprintf_test_DEPENDENCIES = libtest.la libroken.la
@ -472,15 +483,15 @@ LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
CFLAGS = @CFLAGS@ CFLAGS = @CFLAGS@
DIST_SOURCES = $(libroken_la_SOURCES) $(EXTRA_libroken_la_SOURCES) \ DIST_SOURCES = $(libroken_la_SOURCES) $(EXTRA_libroken_la_SOURCES) \
$(libtest_la_SOURCES) base64-test.c getaddrinfo-test.c \ $(libtest_la_SOURCES) base64-test.c getaddrinfo-test.c \
parse_bytes-test.c $(snprintf_test_SOURCES) \ parse_bytes-test.c $(parse_reply_test_SOURCES) \
$(strpftime_test_SOURCES) $(snprintf_test_SOURCES) $(strpftime_test_SOURCES)
MANS = $(man_MANS) MANS = $(man_MANS)
HEADERS = $(include_HEADERS) $(nodist_include_HEADERS) HEADERS = $(include_HEADERS) $(nodist_include_HEADERS)
DIST_COMMON = $(include_HEADERS) ChangeLog Makefile.am Makefile.in \ DIST_COMMON = $(include_HEADERS) ChangeLog Makefile.am Makefile.in \
acinclude.m4 freeaddrinfo.c getaddrinfo.c getcap.c \ acinclude.m4 freeaddrinfo.c getaddrinfo.c getcap.c \
getnameinfo.c glob.c install-sh missing mkinstalldirs getnameinfo.c glob.c install-sh missing mkinstalldirs
SOURCES = $(libroken_la_SOURCES) $(EXTRA_libroken_la_SOURCES) $(libtest_la_SOURCES) base64-test.c getaddrinfo-test.c $(nodist_make_roken_SOURCES) parse_bytes-test.c $(snprintf_test_SOURCES) $(strpftime_test_SOURCES) SOURCES = $(libroken_la_SOURCES) $(EXTRA_libroken_la_SOURCES) $(libtest_la_SOURCES) base64-test.c getaddrinfo-test.c $(nodist_make_roken_SOURCES) parse_bytes-test.c $(parse_reply_test_SOURCES) $(snprintf_test_SOURCES) $(strpftime_test_SOURCES)
all: $(BUILT_SOURCES) all: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) all-am $(MAKE) $(AM_MAKEFLAGS) all-am
@ -562,6 +573,11 @@ make-roken$(EXEEXT): $(make_roken_OBJECTS) $(make_roken_DEPENDENCIES)
parse_bytes-test$(EXEEXT): $(parse_bytes_test_OBJECTS) $(parse_bytes_test_DEPENDENCIES) parse_bytes-test$(EXEEXT): $(parse_bytes_test_OBJECTS) $(parse_bytes_test_DEPENDENCIES)
@rm -f parse_bytes-test$(EXEEXT) @rm -f parse_bytes-test$(EXEEXT)
$(LINK) $(parse_bytes_test_LDFLAGS) $(parse_bytes_test_OBJECTS) $(parse_bytes_test_LDADD) $(LIBS) $(LINK) $(parse_bytes_test_LDFLAGS) $(parse_bytes_test_OBJECTS) $(parse_bytes_test_LDADD) $(LIBS)
parse_reply_test-parse_reply-test.$(OBJEXT): parse_reply-test.c
parse_reply_test-resolve.$(OBJEXT): resolve.c
parse_reply-test$(EXEEXT): $(parse_reply_test_OBJECTS) $(parse_reply_test_DEPENDENCIES)
@rm -f parse_reply-test$(EXEEXT)
$(LINK) $(parse_reply_test_LDFLAGS) $(parse_reply_test_OBJECTS) $(parse_reply_test_LDADD) $(LIBS)
snprintf_test-snprintf-test.$(OBJEXT): snprintf-test.c snprintf_test-snprintf-test.$(OBJEXT): snprintf-test.c
snprintf-test$(EXEEXT): $(snprintf_test_OBJECTS) $(snprintf_test_DEPENDENCIES) snprintf-test$(EXEEXT): $(snprintf_test_OBJECTS) $(snprintf_test_DEPENDENCIES)
@rm -f snprintf-test$(EXEEXT) @rm -f snprintf-test$(EXEEXT)
@ -612,6 +628,24 @@ libtest_la-snprintf.obj: snprintf.c
libtest_la-snprintf.lo: snprintf.c libtest_la-snprintf.lo: snprintf.c
$(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -c -o libtest_la-snprintf.lo `test -f 'snprintf.c' || echo '$(srcdir)/'`snprintf.c $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -c -o libtest_la-snprintf.lo `test -f 'snprintf.c' || echo '$(srcdir)/'`snprintf.c
parse_reply_test-parse_reply-test.o: parse_reply-test.c
$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(parse_reply_test_CFLAGS) $(CFLAGS) -c -o parse_reply_test-parse_reply-test.o `test -f 'parse_reply-test.c' || echo '$(srcdir)/'`parse_reply-test.c
parse_reply_test-parse_reply-test.obj: parse_reply-test.c
$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(parse_reply_test_CFLAGS) $(CFLAGS) -c -o parse_reply_test-parse_reply-test.obj `cygpath -w parse_reply-test.c`
parse_reply_test-parse_reply-test.lo: parse_reply-test.c
$(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(parse_reply_test_CFLAGS) $(CFLAGS) -c -o parse_reply_test-parse_reply-test.lo `test -f 'parse_reply-test.c' || echo '$(srcdir)/'`parse_reply-test.c
parse_reply_test-resolve.o: resolve.c
$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(parse_reply_test_CFLAGS) $(CFLAGS) -c -o parse_reply_test-resolve.o `test -f 'resolve.c' || echo '$(srcdir)/'`resolve.c
parse_reply_test-resolve.obj: resolve.c
$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(parse_reply_test_CFLAGS) $(CFLAGS) -c -o parse_reply_test-resolve.obj `cygpath -w resolve.c`
parse_reply_test-resolve.lo: resolve.c
$(LIBTOOL) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(parse_reply_test_CFLAGS) $(CFLAGS) -c -o parse_reply_test-resolve.lo `test -f 'resolve.c' || echo '$(srcdir)/'`resolve.c
snprintf_test-snprintf-test.o: snprintf-test.c snprintf_test-snprintf-test.o: snprintf-test.c
$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(snprintf_test_CFLAGS) $(CFLAGS) -c -o snprintf_test-snprintf-test.o `test -f 'snprintf-test.c' || echo '$(srcdir)/'`snprintf-test.c $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(snprintf_test_CFLAGS) $(CFLAGS) -c -o snprintf_test-snprintf-test.o `test -f 'snprintf-test.c' || echo '$(srcdir)/'`snprintf-test.c

782
crypto/heimdal/lib/roken/getifaddrs.c

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan * Copyright (c) 2000 - 2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@ -33,7 +33,7 @@
#ifdef HAVE_CONFIG_H #ifdef HAVE_CONFIG_H
#include <config.h> #include <config.h>
RCSID("$Id: getifaddrs.c,v 1.7 2001/11/30 03:27:30 assar Exp $"); RCSID("$Id: getifaddrs.c,v 1.9 2002/09/05 03:36:23 assar Exp $");
#endif #endif
#include "roken.h" #include "roken.h"
@ -56,6 +56,782 @@ struct mbuf;
#include <ifaddrs.h> #include <ifaddrs.h>
#ifdef AF_NETLINK
/*
* The linux - AF_NETLINK version of getifaddrs - from Usagi.
* Linux does not return v6 addresses from SIOCGIFCONF.
*/
/* $USAGI: ifaddrs.c,v 1.18 2002/03/06 01:50:46 yoshfuji Exp $ */
/**************************************************************************
* ifaddrs.c
* Copyright (C)2000 Hideaki YOSHIFUJI, All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the author nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "config.h"
#include <string.h>
#include <time.h>
#include <malloc.h>
#include <errno.h>
#include <unistd.h>
#include <sys/socket.h>
#include <asm/types.h>
#include <linux/netlink.h>
#include <linux/rtnetlink.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netpacket/packet.h>
#include <net/ethernet.h> /* the L2 protocols */
#include <sys/uio.h>
#include <net/if.h>
#include <net/if_arp.h>
#include <ifaddrs.h>
#include <netinet/in.h>
#define __set_errno(e) (errno = (e))
#define __close(fd) (close(fd))
#undef ifa_broadaddr
#define ifa_broadaddr ifa_dstaddr
#define IFA_NETMASK
/* ====================================================================== */
struct nlmsg_list{
struct nlmsg_list *nlm_next;
struct nlmsghdr *nlh;
int size;
time_t seq;
};
struct rtmaddr_ifamap {
void *address;
void *local;
#ifdef IFA_NETMASK
void *netmask;
#endif
void *broadcast;
#ifdef HAVE_IFADDRS_IFA_ANYCAST
void *anycast;
#endif
int address_len;
int local_len;
#ifdef IFA_NETMASK
int netmask_len;
#endif
int broadcast_len;
#ifdef HAVE_IFADDRS_IFA_ANYCAST
int anycast_len;
#endif
};
/* ====================================================================== */
static size_t
ifa_sa_len(sa_family_t family, int len)
{
size_t size;
switch(family){
case AF_INET:
size = sizeof(struct sockaddr_in);
break;
case AF_INET6:
size = sizeof(struct sockaddr_in6);
break;
case AF_PACKET:
size = (size_t)(((struct sockaddr_ll *)NULL)->sll_addr) + len;
if (size < sizeof(struct sockaddr_ll))
size = sizeof(struct sockaddr_ll);
break;
default:
size = (size_t)(((struct sockaddr *)NULL)->sa_data) + len;
if (size < sizeof(struct sockaddr))
size = sizeof(struct sockaddr);
}
return size;
}
static void
ifa_make_sockaddr(sa_family_t family,
struct sockaddr *sa,
void *p, size_t len,
uint32_t scope, uint32_t scopeid)
{
if (sa == NULL) return;
switch(family){
case AF_INET:
memcpy(&((struct sockaddr_in*)sa)->sin_addr, (char *)p, len);
break;
case AF_INET6:
memcpy(&((struct sockaddr_in6*)sa)->sin6_addr, (char *)p, len);
if (IN6_IS_ADDR_LINKLOCAL(p) ||
IN6_IS_ADDR_MC_LINKLOCAL(p)){
((struct sockaddr_in6*)sa)->sin6_scope_id = scopeid;
}
break;
case AF_PACKET:
memcpy(((struct sockaddr_ll*)sa)->sll_addr, (char *)p, len);
((struct sockaddr_ll*)sa)->sll_halen = len;
break;
default:
memcpy(sa->sa_data, p, len); /*XXX*/
break;
}
sa->sa_family = family;
#ifdef HAVE_SOCKADDR_SA_LEN
sa->sa_len = ifa_sa_len(family, len);
#endif
}
#ifndef IFA_NETMASK
static struct sockaddr *
ifa_make_sockaddr_mask(sa_family_t family,
struct sockaddr *sa,
uint32_t prefixlen)
{
int i;
char *p = NULL, c;
uint32_t max_prefixlen = 0;
if (sa == NULL) return NULL;
switch(family){
case AF_INET:
memset(&((struct sockaddr_in*)sa)->sin_addr, 0, sizeof(((struct sockaddr_in*)sa)->sin_addr));
p = (char *)&((struct sockaddr_in*)sa)->sin_addr;
max_prefixlen = 32;
break;
case AF_INET6:
memset(&((struct sockaddr_in6*)sa)->sin6_addr, 0, sizeof(((struct sockaddr_in6*)sa)->sin6_addr));
p = (char *)&((struct sockaddr_in6*)sa)->sin6_addr;
#if 0 /* XXX: fill scope-id? */
if (IN6_IS_ADDR_LINKLOCAL(p) ||
IN6_IS_ADDR_MC_LINKLOCAL(p)){
((struct sockaddr_in6*)sa)->sin6_scope_id = scopeid;
}
#endif
max_prefixlen = 128;
break;
default:
return NULL;
}
sa->sa_family = family;
#ifdef HAVE_SOCKADDR_SA_LEN
sa->sa_len = ifa_sa_len(family, len);
#endif
if (p){
if (prefixlen > max_prefixlen)
prefixlen = max_prefixlen;
for (i=0; i<(prefixlen / 8); i++)
*p++ = 0xff;
c = 0xff;
c <<= (8 - (prefixlen % 8));
*p = c;
}
return sa;
}
#endif
/* ====================================================================== */
static int
nl_sendreq(int sd, int request, int flags, int *seq)
{
char reqbuf[NLMSG_ALIGN(sizeof(struct nlmsghdr)) +
NLMSG_ALIGN(sizeof(struct rtgenmsg))];
struct sockaddr_nl nladdr;
struct nlmsghdr *req_hdr;
struct rtgenmsg *req_msg;
time_t t = time(NULL);
if (seq) *seq = t;
memset(&reqbuf, 0, sizeof(reqbuf));
req_hdr = (struct nlmsghdr *)reqbuf;
req_msg = (struct rtgenmsg *)NLMSG_DATA(req_hdr);
req_hdr->nlmsg_len = NLMSG_LENGTH(sizeof(*req_msg));
req_hdr->nlmsg_type = request;
req_hdr->nlmsg_flags = flags | NLM_F_REQUEST;
req_hdr->nlmsg_pid = 0;
req_hdr->nlmsg_seq = t;
req_msg->rtgen_family = AF_UNSPEC;
memset(&nladdr, 0, sizeof(nladdr));
nladdr.nl_family = AF_NETLINK;
return (sendto(sd, (void *)req_hdr, req_hdr->nlmsg_len, 0,
(struct sockaddr *)&nladdr, sizeof(nladdr)));
}
static int
nl_recvmsg(int sd, int request, int seq,
void *buf, size_t buflen,
int *flags)
{
struct msghdr msg;
struct iovec iov = { buf, buflen };
struct sockaddr_nl nladdr;
int read_len;
for (;;){
msg.msg_name = (void *)&nladdr;
msg.msg_namelen = sizeof(nladdr);
msg.msg_iov = &iov;
msg.msg_iovlen = 1;
msg.msg_control = NULL;
msg.msg_controllen = 0;
msg.msg_flags = 0;
read_len = recvmsg(sd, &msg, 0);
if ((read_len < 0 && errno == EINTR) || (msg.msg_flags & MSG_TRUNC))
continue;
if (flags) *flags = msg.msg_flags;
break;
}
return read_len;
}
static int
nl_getmsg(int sd, int request, int seq,
struct nlmsghdr **nlhp,
int *done)
{
struct nlmsghdr *nh;
size_t bufsize = 65536, lastbufsize = 0;
void *buff = NULL;
int result = 0, read_size;
int msg_flags;
pid_t pid = getpid();
for (;;){
void *newbuff = realloc(buff, bufsize);
if (newbuff == NULL || bufsize < lastbufsize) {
result = -1;
break;
}
buff = newbuff;
result = read_size = nl_recvmsg(sd, request, seq, buff, bufsize, &msg_flags);
if (read_size < 0 || (msg_flags & MSG_TRUNC)){
lastbufsize = bufsize;
bufsize *= 2;
continue;
}
if (read_size == 0) break;
nh = (struct nlmsghdr *)buff;
for (nh = (struct nlmsghdr *)buff;
NLMSG_OK(nh, read_size);
nh = (struct nlmsghdr *)NLMSG_NEXT(nh, read_size)){
if (nh->nlmsg_pid != pid ||
nh->nlmsg_seq != seq)
continue;
if (nh->nlmsg_type == NLMSG_DONE){
(*done)++;
break; /* ok */
}
if (nh->nlmsg_type == NLMSG_ERROR){
struct nlmsgerr *nlerr = (struct nlmsgerr *)NLMSG_DATA(nh);
result = -1;
if (nh->nlmsg_len < NLMSG_LENGTH(sizeof(struct nlmsgerr)))
__set_errno(EIO);
else
__set_errno(-nlerr->error);
break;
}
}
break;
}
if (result < 0)
if (buff){
int saved_errno = errno;
free(buff);
__set_errno(saved_errno);
}
*nlhp = (struct nlmsghdr *)buff;
return result;
}
static int
nl_getlist(int sd, int seq,
int request,
struct nlmsg_list **nlm_list,
struct nlmsg_list **nlm_end)
{
struct nlmsghdr *nlh = NULL;
int status;
int done = 0;
status = nl_sendreq(sd, request, NLM_F_ROOT|NLM_F_MATCH, &seq);
if (status < 0)
return status;
if (seq == 0)
seq = (int)time(NULL);
while(!done){
status = nl_getmsg(sd, request, seq, &nlh, &done);
if (status < 0)
return status;
if (nlh){
struct nlmsg_list *nlm_next = (struct nlmsg_list *)malloc(sizeof(struct nlmsg_list));
if (nlm_next == NULL){
int saved_errno = errno;
free(nlh);
__set_errno(saved_errno);
status = -1;
} else {
nlm_next->nlm_next = NULL;
nlm_next->nlh = (struct nlmsghdr *)nlh;
nlm_next->size = status;
nlm_next->seq = seq;
if (*nlm_list == NULL){
*nlm_list = nlm_next;
*nlm_end = nlm_next;
} else {
(*nlm_end)->nlm_next = nlm_next;
*nlm_end = nlm_next;
}
}
}
}
return status >= 0 ? seq : status;
}
/* ---------------------------------------------------------------------- */
static void
free_nlmsglist(struct nlmsg_list *nlm0)
{
struct nlmsg_list *nlm;
int saved_errno;
if (!nlm0)
return;
saved_errno = errno;
for (nlm=nlm0; nlm; nlm=nlm->nlm_next){
if (nlm->nlh)
free(nlm->nlh);
}
free(nlm0);
__set_errno(saved_errno);
}
static void
free_data(void *data, void *ifdata)
{
int saved_errno = errno;
if (data != NULL) free(data);
if (ifdata != NULL) free(ifdata);
__set_errno(saved_errno);
}
/* ---------------------------------------------------------------------- */
static void
nl_close(int sd)
{
int saved_errno = errno;
if (sd >= 0) __close(sd);
__set_errno(saved_errno);
}
/* ---------------------------------------------------------------------- */
static int
nl_open(void)
{
struct sockaddr_nl nladdr;
int sd;
sd = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
if (sd < 0) return -1;
memset(&nladdr, 0, sizeof(nladdr));
nladdr.nl_family = AF_NETLINK;
if (bind(sd, (struct sockaddr*)&nladdr, sizeof(nladdr)) < 0){
nl_close(sd);
return -1;
}
return sd;
}
/* ====================================================================== */
int getifaddrs(struct ifaddrs **ifap)
{
int sd;
struct nlmsg_list *nlmsg_list, *nlmsg_end, *nlm;
/* - - - - - - - - - - - - - - - */
int icnt;
size_t dlen, xlen, nlen;
uint32_t max_ifindex = 0;
pid_t pid = getpid();
int seq;
int result;
int build ; /* 0 or 1 */
/* ---------------------------------- */
/* initialize */
icnt = dlen = xlen = nlen = 0;
nlmsg_list = nlmsg_end = NULL;
if (ifap)
*ifap = NULL;
/* ---------------------------------- */
/* open socket and bind */
sd = nl_open();
if (sd < 0)
return -1;
/* ---------------------------------- */
/* gather info */
if ((seq = nl_getlist(sd, 0, RTM_GETLINK,
&nlmsg_list, &nlmsg_end)) < 0){
free_nlmsglist(nlmsg_list);
nl_close(sd);
return -1;
}
if ((seq = nl_getlist(sd, seq+1, RTM_GETADDR,
&nlmsg_list, &nlmsg_end)) < 0){
free_nlmsglist(nlmsg_list);
nl_close(sd);
return -1;
}
/* ---------------------------------- */
/* Estimate size of result buffer and fill it */
for (build=0; build<=1; build++){
struct ifaddrs *ifl = NULL, *ifa = NULL;
struct nlmsghdr *nlh, *nlh0;
char *data = NULL, *xdata = NULL;
void *ifdata = NULL;
char *ifname = NULL, **iflist = NULL;
uint16_t *ifflist = NULL;
struct rtmaddr_ifamap ifamap;
if (build){
data = calloc(1,
NLMSG_ALIGN(sizeof(struct ifaddrs[icnt]))
+ dlen + xlen + nlen);
ifa = (struct ifaddrs *)data;
ifdata = calloc(1,
NLMSG_ALIGN(sizeof(char *[max_ifindex+1]))
+ NLMSG_ALIGN(sizeof(uint16_t [max_ifindex+1])));
if (ifap != NULL)
*ifap = (ifdata != NULL) ? ifa : NULL;
else{
free_data(data, ifdata);
result = 0;
break;
}
if (data == NULL || ifdata == NULL){
free_data(data, ifdata);
result = -1;
break;
}
ifl = NULL;
data += NLMSG_ALIGN(sizeof(struct ifaddrs)) * icnt;
xdata = data + dlen;
ifname = xdata + xlen;
iflist = ifdata;
ifflist = (uint16_t *)(((char *)iflist) + NLMSG_ALIGN(sizeof(char *[max_ifindex+1])));
}
for (nlm=nlmsg_list; nlm; nlm=nlm->nlm_next){
int nlmlen = nlm->size;
if (!(nlh0 = nlm->nlh))
continue;
for (nlh = nlh0;
NLMSG_OK(nlh, nlmlen);
nlh=NLMSG_NEXT(nlh,nlmlen)){
struct ifinfomsg *ifim = NULL;
struct ifaddrmsg *ifam = NULL;
struct rtattr *rta;
size_t nlm_struct_size = 0;
sa_family_t nlm_family = 0;
uint32_t nlm_scope = 0, nlm_index = 0;
size_t sockaddr_size = 0;
uint32_t nlm_prefixlen = 0;
size_t rtasize;
memset(&ifamap, 0, sizeof(ifamap));
/* check if the message is what we want */
if (nlh->nlmsg_pid != pid ||
nlh->nlmsg_seq != nlm->seq)
continue;
if (nlh->nlmsg_type == NLMSG_DONE){
break; /* ok */
}
switch (nlh->nlmsg_type){
case RTM_NEWLINK:
ifim = (struct ifinfomsg *)NLMSG_DATA(nlh);
nlm_struct_size = sizeof(*ifim);
nlm_family = ifim->ifi_family;
nlm_scope = 0;
nlm_index = ifim->ifi_index;
nlm_prefixlen = 0;
if (build)
ifflist[nlm_index] = ifa->ifa_flags = ifim->ifi_flags;
break;
case RTM_NEWADDR:
ifam = (struct ifaddrmsg *)NLMSG_DATA(nlh);
nlm_struct_size = sizeof(*ifam);
nlm_family = ifam->ifa_family;
nlm_scope = ifam->ifa_scope;
nlm_index = ifam->ifa_index;
nlm_prefixlen = ifam->ifa_prefixlen;
if (build)
ifa->ifa_flags = ifflist[nlm_index];
break;
default:
continue;
}
if (!build){
if (max_ifindex < nlm_index)
max_ifindex = nlm_index;
} else {
if (ifl != NULL)
ifl->ifa_next = ifa;
}
rtasize = NLMSG_PAYLOAD(nlh, nlmlen) - NLMSG_ALIGN(nlm_struct_size);
for (rta = (struct rtattr *)(((char *)NLMSG_DATA(nlh)) + NLMSG_ALIGN(nlm_struct_size));
RTA_OK(rta, rtasize);
rta = RTA_NEXT(rta, rtasize)){
struct sockaddr **sap = NULL;
void *rtadata = RTA_DATA(rta);
size_t rtapayload = RTA_PAYLOAD(rta);
socklen_t sa_len;
switch(nlh->nlmsg_type){
case RTM_NEWLINK:
switch(rta->rta_type){
case IFLA_ADDRESS:
case IFLA_BROADCAST:
if (build){
sap = (rta->rta_type == IFLA_ADDRESS) ? &ifa->ifa_addr : &ifa->ifa_broadaddr;
*sap = (struct sockaddr *)data;
}
sa_len = ifa_sa_len(AF_PACKET, rtapayload);
if (rta->rta_type == IFLA_ADDRESS)
sockaddr_size = NLMSG_ALIGN(sa_len);
if (!build){
dlen += NLMSG_ALIGN(sa_len);
} else {
memset(*sap, 0, sa_len);
ifa_make_sockaddr(AF_PACKET, *sap, rtadata,rtapayload, 0,0);
((struct sockaddr_ll *)*sap)->sll_ifindex = nlm_index;
((struct sockaddr_ll *)*sap)->sll_hatype = ifim->ifi_type;
data += NLMSG_ALIGN(sa_len);
}
break;
case IFLA_IFNAME:/* Name of Interface */
if (!build)
nlen += NLMSG_ALIGN(rtapayload + 1);
else{
ifa->ifa_name = ifname;
if (iflist[nlm_index] == NULL)
iflist[nlm_index] = ifa->ifa_name;
strncpy(ifa->ifa_name, rtadata, rtapayload);
ifa->ifa_name[rtapayload] = '\0';
ifname += NLMSG_ALIGN(rtapayload + 1);
}
break;
case IFLA_STATS:/* Statistics of Interface */
if (!build)
xlen += NLMSG_ALIGN(rtapayload);
else{
ifa->ifa_data = xdata;
memcpy(ifa->ifa_data, rtadata, rtapayload);
xdata += NLMSG_ALIGN(rtapayload);
}
break;
case IFLA_UNSPEC:
break;
case IFLA_MTU:
break;
case IFLA_LINK:
break;
case IFLA_QDISC:
break;
default:
}
break;
case RTM_NEWADDR:
if (nlm_family == AF_PACKET) break;
switch(rta->rta_type){
case IFA_ADDRESS:
ifamap.address = rtadata;
ifamap.address_len = rtapayload;
break;
case IFA_LOCAL:
ifamap.local = rtadata;
ifamap.local_len = rtapayload;
break;
case IFA_BROADCAST:
ifamap.broadcast = rtadata;
ifamap.broadcast_len = rtapayload;
break;
#ifdef HAVE_IFADDRS_IFA_ANYCAST
case IFA_ANYCAST:
ifamap.anycast = rtadata;
ifamap.anycast_len = rtapayload;
break;
#endif
case IFA_LABEL:
if (!build)
nlen += NLMSG_ALIGN(rtapayload + 1);
else{
ifa->ifa_name = ifname;
if (iflist[nlm_index] == NULL)
iflist[nlm_index] = ifname;
strncpy(ifa->ifa_name, rtadata, rtapayload);
ifa->ifa_name[rtapayload] = '\0';
ifname += NLMSG_ALIGN(rtapayload + 1);
}
break;
case IFA_UNSPEC:
break;
case IFA_CACHEINFO:
break;
default:
}
}
}
if (nlh->nlmsg_type == RTM_NEWADDR &&
nlm_family != AF_PACKET) {
if (!ifamap.local) {
ifamap.local = ifamap.address;
ifamap.local_len = ifamap.address_len;
}
if (!ifamap.address) {
ifamap.address = ifamap.local;
ifamap.address_len = ifamap.local_len;
}
if (ifamap.address_len != ifamap.local_len ||
(ifamap.address != NULL &&
memcmp(ifamap.address, ifamap.local, ifamap.address_len))) {
/* p2p; address is peer and local is ours */
ifamap.broadcast = ifamap.address;
ifamap.broadcast_len = ifamap.address_len;
ifamap.address = ifamap.local;
ifamap.address_len = ifamap.local_len;
}
if (ifamap.address) {
#ifndef IFA_NETMASK
sockaddr_size = NLMSG_ALIGN(ifa_sa_len(nlm_family,ifamap.address_len));
#endif
if (!build)
dlen += NLMSG_ALIGN(ifa_sa_len(nlm_family,ifamap.address_len));
else {
ifa->ifa_addr = (struct sockaddr *)data;
ifa_make_sockaddr(nlm_family, ifa->ifa_addr, ifamap.address, ifamap.address_len,
nlm_scope, nlm_index);
data += NLMSG_ALIGN(ifa_sa_len(nlm_family, ifamap.address_len));
}
}
#ifdef IFA_NETMASK
if (ifamap.netmask) {
if (!build)
dlen += NLMSG_ALIGN(ifa_sa_len(nlm_family,ifamap.netmask_len));
else {
ifa->ifa_netmask = (struct sockaddr *)data;
ifa_make_sockaddr(nlm_family, ifa->ifa_netmask, ifamap.netmask, ifamap.netmask_len,
nlm_scope, nlm_index);
data += NLMSG_ALIGN(ifa_sa_len(nlm_family, ifamap.netmask_len));
}
}
#endif
if (ifamap.broadcast) {
if (!build)
dlen += NLMSG_ALIGN(ifa_sa_len(nlm_family,ifamap.broadcast_len));
else {
ifa->ifa_broadaddr = (struct sockaddr *)data;
ifa_make_sockaddr(nlm_family, ifa->ifa_broadaddr, ifamap.broadcast, ifamap.broadcast_len,
nlm_scope, nlm_index);
data += NLMSG_ALIGN(ifa_sa_len(nlm_family, ifamap.broadcast_len));
}
}
#ifdef HAVE_IFADDRS_IFA_ANYCAST
if (ifamap.anycast) {
if (!build)
dlen += NLMSG_ALIGN(ifa_sa_len(nlm_family,ifamap.anycast_len));
else {
ifa->ifa_anycast = (struct sockaddr *)data;
ifa_make_sockaddr(nlm_family, ifa->ifa_anyaddr, ifamap.anycast, ifamap.anycast_len,
nlm_scope, nlm_index);
data += NLMSG_ALIGN(ifa_sa_len(nlm_family, ifamap.anycast_len));
}
}
#endif
}
if (!build){
#ifndef IFA_NETMASK
dlen += sockaddr_size;
#endif
icnt++;
} else {
if (ifa->ifa_name == NULL)
ifa->ifa_name = iflist[nlm_index];
#ifndef IFA_NETMASK
if (ifa->ifa_addr &&
ifa->ifa_addr->sa_family != AF_UNSPEC &&
ifa->ifa_addr->sa_family != AF_PACKET){
ifa->ifa_netmask = (struct sockaddr *)data;
ifa_make_sockaddr_mask(ifa->ifa_addr->sa_family, ifa->ifa_netmask, nlm_prefixlen);
}
data += sockaddr_size;
#endif
ifl = ifa++;
}
}
}
if (!build){
if (icnt == 0 && (dlen + nlen + xlen == 0)){
if (ifap != NULL)
*ifap = NULL;
break; /* cannot found any addresses */
}
}
else
free_data(NULL, ifdata);
}
/* ---------------------------------- */
/* Finalize */
free_nlmsglist(nlmsg_list);
nl_close(sd);
return 0;
}
/* ---------------------------------------------------------------------- */
void
freeifaddrs(struct ifaddrs *ifa)
{
free(ifa);
}
#else /* !AF_NETLINK */
/*
* The generic SIOCGIFCONF version.
*/
static int static int
getifaddrs2(struct ifaddrs **ifap, getifaddrs2(struct ifaddrs **ifap,
int af, int siocgifconf, int siocgifflags, int af, int siocgifconf, int siocgifflags,
@ -355,6 +1131,8 @@ freeifaddrs(struct ifaddrs *ifp)
} }
} }
#endif /* !AF_NETLINK */
#ifdef TEST #ifdef TEST
void void

17
crypto/heimdal/lib/roken/getnameinfo_verified.c

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan * Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@ -33,11 +33,19 @@
#ifdef HAVE_CONFIG_H #ifdef HAVE_CONFIG_H
#include <config.h> #include <config.h>
RCSID("$Id: getnameinfo_verified.c,v 1.5 2001/02/12 13:55:07 assar Exp $"); RCSID("$Id: getnameinfo_verified.c,v 1.6 2002/09/05 01:36:27 assar Exp $");
#endif #endif
#include "roken.h" #include "roken.h"
/*
* Try to obtain a verified name for the address in `sa, salen' (much
* similar to getnameinfo).
* Verified in this context means that forwards and backwards lookups
* in DNS are consistent. If that fails, return an error if the
* NI_NAMEREQD flag is set or return the numeric address as a string.
*/
int int
getnameinfo_verified(const struct sockaddr *sa, socklen_t salen, getnameinfo_verified(const struct sockaddr *sa, socklen_t salen,
char *host, size_t hostlen, char *host, size_t hostlen,
@ -60,13 +68,13 @@ getnameinfo_verified(const struct sockaddr *sa, socklen_t salen,
ret = getnameinfo (sa, salen, host, hostlen, serv, servlen, ret = getnameinfo (sa, salen, host, hostlen, serv, servlen,
flags | NI_NUMERICSERV); flags | NI_NUMERICSERV);
if (ret) if (ret)
return ret; goto fail;
memset (&hints, 0, sizeof(hints)); memset (&hints, 0, sizeof(hints));
hints.ai_socktype = SOCK_STREAM; hints.ai_socktype = SOCK_STREAM;
ret = getaddrinfo (host, serv, &hints, &ai); ret = getaddrinfo (host, serv, &hints, &ai);
if (ret) if (ret)
return ret; goto fail;
for (a = ai; a != NULL; a = a->ai_next) { for (a = ai; a != NULL; a = a->ai_next) {
if (a->ai_addrlen == salen if (a->ai_addrlen == salen
&& memcmp (a->ai_addr, sa, salen) == 0) { && memcmp (a->ai_addr, sa, salen) == 0) {
@ -75,6 +83,7 @@ getnameinfo_verified(const struct sockaddr *sa, socklen_t salen,
} }
} }
freeaddrinfo (ai); freeaddrinfo (ai);
fail:
if (flags & NI_NAMEREQD) if (flags & NI_NAMEREQD)
return EAI_NONAME; return EAI_NONAME;
ret = getnameinfo (sa, salen, host, hostlen, serv, servlen, ret = getnameinfo (sa, salen, host, hostlen, serv, servlen,

129
crypto/heimdal/lib/roken/parse_reply-test.c Normal file

@ -0,0 +1,129 @@
/*
* Copyright (c) 2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
RCSID("$Id: parse_reply-test.c,v 1.2 2002/09/04 03:25:06 assar Exp $");
#endif
#include <sys/types.h>
#ifdef HAVE_SYS_MMAN_H
#include <sys/mman.h>
#endif
#include <fcntl.h>
#include "roken.h"
#include "resolve.h"
struct dns_reply*
parse_reply(const unsigned char *, size_t);
enum { MAX_BUF = 36};
static struct testcase {
unsigned char buf[MAX_BUF];
size_t buf_len;
} tests[] = {
{{0x12, 0x67, 0x84, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
0x03, 'f', 'o', 'o', 0x00,
0x00, 0x10, 0x00, 0x01,
0x03, 'f', 'o', 'o', 0x00,
0x00, 0x10, 0x00, 0x01,
0x00, 0x00, 0x12, 0x67, 0xff, 0xff}, 36}
};
#ifndef MAP_FAILED
#define MAP_FAILED (-1)
#endif
static sig_atomic_t val = 0;
static RETSIGTYPE
segv_handler(int sig)
{
val = 1;
}
int
main(int argc, char **argv)
{
#ifndef HAVE_MMAP
return 77; /* signal to automake that this test
cannot be run */
#else /* HAVE_MMAP */
int ret;
int i;
struct sigaction sa;
sigemptyset (&sa.sa_mask);
sa.sa_flags = 0;
sa.sa_handler = segv_handler;
sigaction (SIGSEGV, &sa, NULL);
for (i = 0; val == 0 && i < sizeof(tests)/sizeof(tests[0]); ++i) {
const struct testcase *t = &tests[i];
unsigned char *p1, *p2;
int flags;
int fd;
size_t pagesize = getpagesize();
unsigned char *buf;
#ifdef MAP_ANON
flags = MAP_ANON;
fd = -1;
#else
flags = 0;
fd = open ("/dev/zero", O_RDONLY);
if(fd < 0)
err (1, "open /dev/zero");
#endif
flags |= MAP_PRIVATE;
p1 = (char *)mmap(0, 2 * pagesize, PROT_READ | PROT_WRITE,
flags, fd, 0);
if (p1 == (unsigned char *)MAP_FAILED)
err (1, "mmap");
p2 = p1 + pagesize;
ret = mprotect (p2, pagesize, 0);
if (ret < 0)
err (1, "mprotect");
buf = p2 - t->buf_len;
memcpy (buf, t->buf, t->buf_len);
parse_reply (buf, t->buf_len);
ret = munmap (p1, 2 * pagesize);
if (ret < 0)
err (1, "munmap");
}
return val;
#endif /* HAVE_MMAP */
}

32
crypto/heimdal/lib/roken/resolve.c

@ -45,9 +45,10 @@
#include <assert.h> #include <assert.h>
RCSID("$Id: resolve.c,v 1.33 2002/08/28 20:07:24 joda Exp $"); RCSID("$Id: resolve.c,v 1.36 2002/09/09 21:39:19 joda Exp $");
#if defined(HAVE_RES_SEARCH) && defined(HAVE_DN_EXPAND) #undef HAVE_RES_NSEARCH
#if (defined(HAVE_RES_SEARCH) || defined(HAVE_RES_NSEARCH)) && defined(HAVE_DN_EXPAND)
#define DECL(X) {#X, T_##X} #define DECL(X) {#X, T_##X}
@ -110,8 +111,11 @@ dns_free_data(struct dns_reply *r)
free (r); free (r);
} }
static struct dns_reply* #ifndef TEST_RESOLVE
parse_reply(unsigned char *data, int len) static
#endif
struct dns_reply*
parse_reply(const unsigned char *data, size_t len)
{ {
const unsigned char *p; const unsigned char *p;
char host[128]; char host[128];
@ -366,26 +370,40 @@ dns_lookup_int(const char *domain, int rr_class, int rr_type)
{ {
unsigned char reply[1024]; unsigned char reply[1024];
int len; int len;
#ifdef HAVE__RES #ifdef HAVE_RES_NSEARCH
struct __res_state stat;
memset(&stat, 0, sizeof(stat));
if(res_ninit(&stat))
return NULL; /* is this the best we can do? */
#elif defined(HAVE__RES)
u_long old_options = 0; u_long old_options = 0;
#endif #endif
if (_resolve_debug) { if (_resolve_debug) {
#ifdef HAVE__RES #ifdef HAVE_RES_NSEARCH
stat.options |= RES_DEBUG;
#elif defined(HAVE__RES)
old_options = _res.options; old_options = _res.options;
_res.options |= RES_DEBUG; _res.options |= RES_DEBUG;
#endif #endif
fprintf(stderr, "dns_lookup(%s, %d, %s)\n", domain, fprintf(stderr, "dns_lookup(%s, %d, %s)\n", domain,
rr_class, dns_type_to_string(rr_type)); rr_class, dns_type_to_string(rr_type));
} }
#ifdef HAVE_RES_NSEARCH
len = res_nsearch(&stat, domain, rr_class, rr_type, reply, sizeof(reply));
#else
len = res_search(domain, rr_class, rr_type, reply, sizeof(reply)); len = res_search(domain, rr_class, rr_type, reply, sizeof(reply));
#endif
if (_resolve_debug) { if (_resolve_debug) {
#ifdef HAVE__RES #if defined(HAVE__RES) && !defined(HAVE_RES_NSEARCH)
_res.options = old_options; _res.options = old_options;
#endif #endif
fprintf(stderr, "dns_lookup(%s, %d, %s) --> %d\n", fprintf(stderr, "dns_lookup(%s, %d, %s) --> %d\n",
domain, rr_class, dns_type_to_string(rr_type), len); domain, rr_class, dns_type_to_string(rr_type), len);
} }
#ifdef HAVE_RES_NSEARCH
res_nclose(&stat);
#endif
if(len < 0) { if(len < 0) {
return NULL; return NULL;
} else { } else {

6
crypto/heimdal/lib/roken/roken-common.h

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan * Copyright (c) 1995 - 2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@ -31,7 +31,7 @@
* SUCH DAMAGE. * SUCH DAMAGE.
*/ */
/* $Id: roken-common.h,v 1.49 2002/08/20 11:55:04 joda Exp $ */ /* $Id: roken-common.h,v 1.51 2002/09/09 13:41:12 joda Exp $ */
#ifndef __ROKEN_COMMON_H__ #ifndef __ROKEN_COMMON_H__
#define __ROKEN_COMMON_H__ #define __ROKEN_COMMON_H__
@ -252,7 +252,7 @@
ROKEN_CPP_START ROKEN_CPP_START
#if IRIX != 4 /* fix for compiler bug */ #ifndef IRIX4 /* fix for compiler bug */
#ifdef RETSIGTYPE #ifdef RETSIGTYPE
typedef RETSIGTYPE (*SigAction)(int); typedef RETSIGTYPE (*SigAction)(int);
SigAction signal(int iSig, SigAction pAction); /* BSD compatible */ SigAction signal(int iSig, SigAction pAction); /* BSD compatible */

4
crypto/heimdal/lib/roken/roken.awk

@ -1,10 +1,10 @@
# $Id: roken.awk,v 1.7 2001/03/26 09:26:35 joda Exp $ # $Id: roken.awk,v 1.8 2002/09/10 20:05:55 joda Exp $
BEGIN { BEGIN {
print "#include <stdio.h>"
print "#ifdef HAVE_CONFIG_H" print "#ifdef HAVE_CONFIG_H"
print "#include <config.h>" print "#include <config.h>"
print "#endif" print "#endif"
print "#include <stdio.h>"
print "" print ""
print "int main()" print "int main()"
print "{" print "{"

6
crypto/heimdal/lib/roken/rtbl.c

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2000 Kungliga Tekniska Högskolan * Copyright (c) 2000, 2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@ -33,7 +33,7 @@
#ifdef HAVE_CONFIG_H #ifdef HAVE_CONFIG_H
#include <config.h> #include <config.h>
RCSID ("$Id: rtbl.c,v 1.3 2000/07/20 14:42:31 assar Exp $"); RCSID ("$Id: rtbl.c,v 1.4 2002/09/04 21:25:09 joda Exp $");
#endif #endif
#include "roken.h" #include "roken.h"
#include "rtbl.h" #include "rtbl.h"
@ -83,12 +83,14 @@ rtbl_destroy (rtbl_t table)
for (j = 0; j < c->num_rows; j++) for (j = 0; j < c->num_rows; j++)
free (c->rows[j].data); free (c->rows[j].data);
free (c->rows);
free (c->header); free (c->header);
free (c->prefix); free (c->prefix);
free (c); free (c);
} }
free (table->column_prefix); free (table->column_prefix);
free (table->columns); free (table->columns);
free (table);
} }
int int

3
crypto/heimdal/tools/Makefile.am

@ -1,4 +1,4 @@
# $Id: Makefile.am,v 1.5 2001/01/29 06:56:33 assar Exp $ # $Id: Makefile.am,v 1.6 2002/09/09 22:29:26 joda Exp $
include $(top_srcdir)/Makefile.am.common include $(top_srcdir)/Makefile.am.common
@ -19,6 +19,7 @@ krb5-config: krb5-config.in
-e "s,@includedir\@,$(includedir),g" \ -e "s,@includedir\@,$(includedir),g" \
-e "s,@LIB_crypt\@,$(LIB_crypt),g" \ -e "s,@LIB_crypt\@,$(LIB_crypt),g" \
-e "s,@LIB_dbopen\@,$(LIB_dbopen),g" \ -e "s,@LIB_dbopen\@,$(LIB_dbopen),g" \
-e "s,@INCLUDE_des\@,$(INCLUDE_des),g" \
-e "s,@LIB_des_appl\@,$(LIB_des_appl),g" \ -e "s,@LIB_des_appl\@,$(LIB_des_appl),g" \
-e "s,@LIBS\@,$(LIBS),g" \ -e "s,@LIBS\@,$(LIBS),g" \
$(srcdir)/krb5-config.in > $@ $(srcdir)/krb5-config.in > $@

3
crypto/heimdal/tools/Makefile.in

@ -14,7 +14,7 @@
@SET_MAKE@ @SET_MAKE@
# $Id: Makefile.am,v 1.5 2001/01/29 06:56:33 assar Exp $ # $Id: Makefile.am,v 1.6 2002/09/09 22:29:26 joda Exp $
# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $ # $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
@ -566,6 +566,7 @@ krb5-config: krb5-config.in
-e "s,@includedir\@,$(includedir),g" \ -e "s,@includedir\@,$(includedir),g" \
-e "s,@LIB_crypt\@,$(LIB_crypt),g" \ -e "s,@LIB_crypt\@,$(LIB_crypt),g" \
-e "s,@LIB_dbopen\@,$(LIB_dbopen),g" \ -e "s,@LIB_dbopen\@,$(LIB_dbopen),g" \
-e "s,@INCLUDE_des\@,$(INCLUDE_des),g" \
-e "s,@LIB_des_appl\@,$(LIB_des_appl),g" \ -e "s,@LIB_des_appl\@,$(LIB_des_appl),g" \
-e "s,@LIBS\@,$(LIBS),g" \ -e "s,@LIBS\@,$(LIBS),g" \
$(srcdir)/krb5-config.in > $@ $(srcdir)/krb5-config.in > $@

Some files were not shown because too many files have changed in this diff Show More