Fix conflicts after heimdal-1.1 import and add build infrastructure. Import

all non-style changes made by heimdal to our own libgssapi.
This commit is contained in:
Doug Rabson 2008-05-07 13:53:12 +00:00
parent 4fe54d7c6a
commit 33f1219925
184 changed files with 5476 additions and 14407 deletions

View File

@ -1036,7 +1036,8 @@ _startup_libs+= lib/libc
gnu/lib/libgcc__L: lib/libc__L
_prebuild_libs= ${_kerberos5_lib_libasn1} ${_kerberos5_lib_libkrb5} \
${_kerberos5_lib_libroken} \
${_kerberos5_lib_libhx509} ${_kerberos5_lib_libroken} \
${_kerberos5_lib_libheimntlm} ${_kerberos5_lib_libgssapi_krb5} \
lib/libbz2 lib/libcom_err lib/libcrypt lib/libexpat \
${_lib_libgssapi} ${_lib_libipx} \
lib/libkiconv lib/libkvm lib/libmd \
@ -1068,9 +1069,11 @@ lib/libradius__L secure/lib/libssl__L: secure/lib/libcrypto__L
_secure_lib_libssh= secure/lib/libssh
secure/lib/libssh__L: lib/libz__L secure/lib/libcrypto__L lib/libcrypt__L
.if ${MK_KERBEROS} != "no"
secure/lib/libssh__L: lib/libgssapi__L kerberos5/lib/libkrb5__L \
kerberos5/lib/libasn1__L lib/libcom_err__L lib/libmd__L \
kerberos5/lib/libroken__L
kerberos5/lib/libgssapi_krb5__L: kerberos5/lib/libkrb5__L \
kerberos5/lib/libhx509__L kerberos5/lib/libasn1__L lib/libcom_err__L \
lib/libmd__L kerberos5/lib/libroken__L secure/lib/libcrypto__L \
lib/libcrypt__L
secure/lib/libssh__L: lib/libgssapi__L kerberos5/lib/libgssapi_krb5__L
.endif
.endif
.endif
@ -1085,7 +1088,10 @@ _lib_libipx= lib/libipx
_kerberos5_lib= kerberos5/lib
_kerberos5_lib_libasn1= kerberos5/lib/libasn1
_kerberos5_lib_libkrb5= kerberos5/lib/libkrb5
_kerberos5_lib_libhx509= kerberos5/lib/libhx509
_kerberos5_lib_libroken= kerberos5/lib/libroken
_kerberos5_lib_libheimntlm= kerberos5/lib/libheimntlm
_kerberos5_lib_libgssapi_krb5= kerberos5/lib/libgssapi_krb5
_lib_libgssapi= lib/libgssapi
.endif

View File

@ -12,3 +12,6 @@ lib/des
lib/editline
lib/kdfs
lib/otp
lib/gssapi/mech
lib/hcrypto
ylwrap

View File

@ -0,0 +1,10 @@
dnl $Id: acinclude.m4 13337 2004-02-12 14:19:16Z lha $
dnl $FreeBSD$
dnl
dnl Only put things that for some reason can't live in the `cf'
dnl directory in this file.
dnl
dnl $xId: misc.m4,v 1.1 1997/12/14 15:59:04 joda Exp $
dnl
m4_define([upcase],`echo $1 | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`)dnl

View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* Copyright (c) 1997-2004 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -32,7 +32,7 @@
*/
/*
* $Id: ktutil_locl.h,v 1.18 2002/09/10 20:03:45 joda Exp $
* $Id: ktutil_locl.h 14799 2005-04-15 05:02:39Z lha $
* $FreeBSD$
*/
@ -62,6 +62,7 @@
#include <sl.h>
#include <getarg.h>
#include <hex.h>
extern krb5_context context;
@ -70,15 +71,6 @@ extern char *keytab_string;
krb5_keytab ktutil_open_keytab(void);
int kt_add (int argc, char **argv);
int kt_change (int argc, char **argv);
int kt_copy (int argc, char **argv);
int kt_get (int argc, char **argv);
int kt_list(int argc, char **argv);
int kt_purge(int argc, char **argv);
int kt_remove(int argc, char **argv);
int kt_rename(int argc, char **argv);
int srvconv(int argc, char **argv);
int srvcreate(int argc, char **argv);
#include "ktutil-commands.h"
#endif /* __KTUTIL_LOCL_H__ */

View File

@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
/* $Id: ftp_locl.h,v 1.37 2002/09/10 20:03:46 joda Exp $ */
/* $Id: ftp_locl.h 11444 2002-09-10 20:03:49Z joda $ */
/* $FreeBSD$ */
#ifndef __FTP_LOCL_H__

View File

@ -1,17 +1,20 @@
# $Id: Makefile.am,v 1.7 2001/08/28 08:31:22 assar Exp $
# $Id: Makefile.am 21986 2007-10-19 05:22:57Z lha $
# $FreeBSD$
include $(top_srcdir)/Makefile.am.common
INCLUDES += $(INCLUDE_krb4) $(INCLUDE_des)
AM_CPPFLAGS += $(INCLUDE_krb4) $(INCLUDE_hcrypto)
bin_PROGRAMS = su
bin_SUIDS = su
su_SOURCES = su.c
su_SOURCES = su.c supaths.h
man_MANS = su.1
LDADD = $(LIB_kafs) \
$(top_builddir)/lib/krb5/libkrb5.la \
$(LIB_krb4) \
$(LIB_des) \
$(LIB_hcrypto) \
$(top_builddir)/lib/asn1/libasn1.la \
$(LIB_roken)
EXTRA_DIST = $(man_MANS)

View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999 - 2003 Kungliga Tekniska Högskolan
* Copyright (c) 1999 - 2007 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -36,7 +36,7 @@
#include <config.h>
RCSID("$Id: su.c,v 1.26.2.1 2003/05/06 12:06:44 joda Exp $");
RCSID("$Id: su.c 21988 2007-10-19 05:36:54Z lha $");
#include <stdio.h>
#include <stdlib.h>
@ -53,6 +53,9 @@ RCSID("$Id: su.c,v 1.26.2.1 2003/05/06 12:06:44 joda Exp $");
#endif
#include <pwd.h>
#ifdef HAVE_CRYPT_H
#include <crypt.h>
#endif
#include "crypto-headers.h"
#ifdef KRB5
@ -66,13 +69,7 @@ RCSID("$Id: su.c,v 1.26.2.1 2003/05/06 12:06:44 joda Exp $");
#include <roken.h>
#include <getarg.h>
#ifndef _PATH_DEFPATH
#define _PATH_DEFPATH "/usr/bin:/bin"
#endif
#ifndef _PATH_BSHELL
#define _PATH_BSHELL "/bin/sh"
#endif
#include "supaths.h"
int kerberos_flag = 1;
int csh_f_flag;
@ -175,7 +172,9 @@ krb5_verify(const struct passwd *login_info,
{
krb5_error_code ret;
krb5_principal p;
krb5_realm *realms, *r;
char *login_name = NULL;
int user_ok = 0;
#if defined(HAVE_GETLOGIN) && !defined(POSIX_GETLOGIN)
login_name = getlogin();
@ -188,51 +187,64 @@ krb5_verify(const struct passwd *login_info,
return 1;
}
ret = krb5_get_default_realms(context, &realms);
if (ret)
return 1;
/* Check all local realms */
for (r = realms; *r != NULL && !user_ok; r++) {
if (login_name == NULL || strcmp (login_name, "root") == 0)
login_name = login_info->pw_name;
if (strcmp (su_info->pw_name, "root") == 0)
ret = krb5_make_principal(context, &p, NULL,
ret = krb5_make_principal(context, &p, *r,
login_name,
kerberos_instance,
NULL);
else
ret = krb5_make_principal(context, &p, NULL,
ret = krb5_make_principal(context, &p, *r,
su_info->pw_name,
NULL);
if(ret)
if (ret) {
krb5_free_host_realm(context, realms);
return 1;
}
/* if we are su-ing too root, check with krb5_kuserok */
if (su_info->pw_uid == 0 && !krb5_kuserok(context, p, su_info->pw_name))
continue;
if(su_info->pw_uid != 0 || krb5_kuserok(context, p, su_info->pw_name)) {
ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &ccache);
if(ret) {
#if 1
krb5_warn(context, ret, "krb5_cc_gen_new");
#endif
krb5_free_host_realm(context, realms);
krb5_free_principal (context, p);
return 1;
}
ret = krb5_verify_user_lrealm(context, p, ccache, NULL, TRUE, NULL);
ret = krb5_verify_user(context, p, ccache, NULL, TRUE, NULL);
krb5_free_principal (context, p);
if(ret) {
krb5_cc_destroy(context, ccache);
switch (ret) {
case 0:
user_ok = 1;
break;
case KRB5_LIBOS_PWDINTR :
krb5_cc_destroy(context, ccache);
break;
case KRB5KRB_AP_ERR_BAD_INTEGRITY:
case KRB5KRB_AP_ERR_MODIFIED:
krb5_cc_destroy(context, ccache);
krb5_warnx(context, "Password incorrect");
break;
default :
krb5_cc_destroy(context, ccache);
krb5_warn(context, ret, "krb5_verify_user");
break;
}
return 1;
}
krb5_free_host_realm(context, realms);
if (!user_ok)
return 1;
return 0;
}
krb5_free_principal (context, p);
return 1;
}
static int
krb5_start_session(void)
@ -249,8 +261,10 @@ krb5_start_session(void)
ret = krb5_cc_copy_cache(context, ccache, ccache2);
asprintf(&cc_name, "%s:%s", krb5_cc_get_type(context, ccache2),
ret = asprintf(&cc_name, "%s:%s", krb5_cc_get_type(context, ccache2),
krb5_cc_get_name(context, ccache2));
if (ret == -1)
errx(1, "malloc - out of memory");
esetenv("KRB5CCNAME", cc_name, 1);
/* we want to export this even if we don't directly support KRB4 */
@ -300,10 +314,12 @@ krb_verify(const struct passwd *login_info,
krb_kuserok(name, instance, realm, su_info->pw_name) == 0) {
char password[128];
char *prompt;
asprintf (&prompt,
ret = asprintf (&prompt,
"%s's Password: ",
krb_unparse_name_long (name, instance, realm));
if (des_read_pw_string (password, sizeof (password), prompt, 0)) {
if (ret == -1)
return (1);
if (UI_UTIL_read_pw_string (password, sizeof (password), prompt, 0)) {
memset (password, 0, sizeof (password));
free(prompt);
return (1);
@ -341,8 +357,29 @@ krb_start_session(void)
}
#endif
#define GROUP_MEMBER 0
#define GROUP_MISSING 1
#define GROUP_EMPTY 2
#define GROUP_NOT_MEMBER 3
static int
verify_unix(struct passwd *su)
group_member_p(const char *group, const char *user)
{
struct group *g;
int i;
g = getgrnam(group);
if(g == NULL)
return GROUP_MISSING;
if(g->gr_mem[0] == NULL)
return GROUP_EMPTY;
for(i = 0; g->gr_mem[i] != NULL; i++)
if(strcmp(user, g->gr_mem[i]) == 0)
return GROUP_MEMBER;
return GROUP_NOT_MEMBER;
}
static int
verify_unix(struct passwd *login, struct passwd *su)
{
char prompt[128];
char pw_buf[1024];
@ -350,14 +387,32 @@ verify_unix(struct passwd *su)
int r;
if(su->pw_passwd != NULL && *su->pw_passwd != '\0') {
snprintf(prompt, sizeof(prompt), "%s's password: ", su->pw_name);
r = des_read_pw_string(pw_buf, sizeof(pw_buf), prompt, 0);
r = UI_UTIL_read_pw_string(pw_buf, sizeof(pw_buf), prompt, 0);
if(r != 0)
exit(0);
pw = crypt(pw_buf, su->pw_passwd);
memset(pw_buf, 0, sizeof(pw_buf));
if(strcmp(pw, su->pw_passwd) != 0)
if(strcmp(pw, su->pw_passwd) != 0) {
syslog (LOG_ERR | LOG_AUTH, "%s to %s: incorrect password",
login->pw_name, su->pw_name);
return 1;
}
}
/* if su:ing to root, check membership of group wheel or root; if
that group doesn't exist, or is empty, allow anyone to su
root */
if(su->pw_uid == 0) {
#ifndef ROOT_GROUP
#define ROOT_GROUP "wheel"
#endif
int gs = group_member_p(ROOT_GROUP, login->pw_name);
if(gs == GROUP_NOT_MEMBER) {
syslog (LOG_ERR | LOG_AUTH, "%s to %s: not in group %s",
login->pw_name, su->pw_name, ROOT_GROUP);
return 1;
}
return 0;
}
return 0;
}
@ -398,6 +453,9 @@ main(int argc, char **argv)
else
su_user = argv[optind++];
if (!issuid() && getuid() != 0)
warnx("Not setuid and you are root, expect this to fail");
pwd = k_getpwnam(su_user);
if(pwd == NULL)
errx (1, "unknown login %s", su_user);
@ -434,7 +492,7 @@ main(int argc, char **argv)
ok = 4;
#endif
if(ok == 0 && login_info->pw_uid && verify_unix(su_info) != 0) {
if(ok == 0 && login_info->pw_uid && verify_unix(login_info, su_info) != 0) {
printf("Sorry!\n");
exit(1);
}
@ -473,7 +531,7 @@ main(int argc, char **argv)
#endif
{
char *tty = ttyname (STDERR_FILENO);
syslog (LOG_NOTICE | LOG_AUTH, tty ? "%s to %s" : "%s to %s on %s",
syslog (LOG_NOTICE | LOG_AUTH, tty ? "%s to %s on %s" : "%s to %s",
login_info->pw_name, su_info->pw_name, tty);
}
@ -481,11 +539,23 @@ main(int argc, char **argv)
if(!env_flag) {
if(full_login) {
char *t = getenv ("TERM");
char **newenv = NULL;
int i, j;
environ = malloc (10 * sizeof (char *));
i = read_environment(_PATH_ETC_ENVIRONMENT, &newenv);
environ = malloc ((10 + i) * sizeof (char *));
if (environ == NULL)
err (1, "malloc");
environ[0] = NULL;
for (j = 0; j < i; j++) {
char *p = strchr(newenv[j], '=');
*p++ = 0;
esetenv (newenv[j], p, 1);
}
free(newenv);
esetenv ("PATH", _PATH_DEFPATH, 1);
if (t)
esetenv ("TERM", t, 1);
@ -516,9 +586,10 @@ main(int argc, char **argv)
if (args == NULL)
err (1, "malloc");
i = 0;
if(full_login)
asprintf(&args[i++], "-%s", p);
else
if(full_login) {
if (asprintf(&args[i++], "-%s", p) == -1)
errx (1, "malloc");
} else
args[i++] = p;
if (cmd) {
args[i++] = "-c";

View File

@ -1,28 +0,0 @@
dnl $Id: broken-getnameinfo.m4,v 1.2.12.1 2004/04/01 07:27:32 joda Exp $
dnl
dnl test for broken AIX getnameinfo
AC_DEFUN([rk_BROKEN_GETNAMEINFO],[
AC_CACHE_CHECK([if getnameinfo is broken], ac_cv_func_getnameinfo_broken,
AC_TRY_RUN([[#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
int
main(int argc, char **argv)
{
struct sockaddr_in sin;
char host[256];
memset(&sin, 0, sizeof(sin));
#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
sin.sin_len = sizeof(sin);
#endif
sin.sin_family = AF_INET;
sin.sin_addr.s_addr = 0xffffffff;
sin.sin_port = 0;
return getnameinfo((struct sockaddr*)&sin, sizeof(sin), host, sizeof(host),
NULL, 0, 0);
}
]], ac_cv_func_getnameinfo_broken=no, ac_cv_func_getnameinfo_broken=yes))])

View File

@ -1,25 +0,0 @@
dnl $Id: check-declaration.m4,v 1.3.34.1 2004/04/01 07:27:32 joda Exp $
dnl
dnl
dnl Check if we need the declaration of a variable
dnl
dnl AC_HAVE_DECLARATION(includes, variable)
AC_DEFUN([AC_CHECK_DECLARATION], [
AC_MSG_CHECKING([if $2 is properly declared])
AC_CACHE_VAL(ac_cv_var_$2_declaration, [
AC_TRY_COMPILE([$1
extern struct { int foo; } $2;],
[$2.foo = 1;],
eval "ac_cv_var_$2_declaration=no",
eval "ac_cv_var_$2_declaration=yes")
])
define(foo, [HAVE_]translit($2, [a-z], [A-Z])[_DECLARATION])
AC_MSG_RESULT($ac_cv_var_$2_declaration)
if eval "test \"\$ac_cv_var_$2_declaration\" = yes"; then
AC_DEFINE(foo, 1, [define if your system declares $2])
fi
undefine([foo])
])

View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997-2001 Kungliga Tekniska Högskolan
* Copyright (c) 1997-2004 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -32,7 +32,7 @@
*/
/*
* $Id: kadmin_locl.h,v 1.41 2002/09/10 20:04:45 joda Exp $
* $Id: kadmin_locl.h 17580 2006-05-13 21:28:56Z lha $
* $FreeBSD$
*/
@ -91,92 +91,57 @@
#include <krb5_locl.h>
#include <hdb.h>
#include <hdb_err.h>
#include <hex.h>
#include <kadm5/admin.h>
#include <kadm5/private.h>
#include <kadm5/kadm5_err.h>
#include <parse_time.h>
#include <getarg.h>
extern krb5_context context;
extern void * kadm_handle;
#define DECL(X) int X(int, char **)
DECL(add_new_key);
DECL(cpw_entry);
DECL(del_entry);
DECL(del_enctype);
DECL(exit_kadmin);
DECL(ext_keytab);
DECL(get_entry);
DECL(get_privs);
DECL(help);
DECL(list_princs);
DECL(mod_entry);
DECL(rename_entry);
DECL(init);
DECL(dump);
DECL(load);
DECL(merge);
#undef ALLOC
#define ALLOC(X) ((X) = malloc(sizeof(*(X))))
/* util.c */
void attributes2str(krb5_flags attributes, char *str, size_t len);
int str2attributes(const char *str, krb5_flags *flags);
int parse_attributes (const char *resp, krb5_flags *attr, int *mask, int bit);
int edit_attributes (const char *prompt, krb5_flags *attr, int *mask,
int bit);
void attributes2str(krb5_flags, char *, size_t);
int str2attributes(const char *, krb5_flags *);
int parse_attributes (const char *, krb5_flags *, int *, int);
int edit_attributes (const char *, krb5_flags *, int *, int);
void time_t2str(time_t t, char *str, size_t len, int include_time);
int str2time_t (const char *str, time_t *time);
int parse_timet (const char *resp, krb5_timestamp *value, int *mask, int bit);
int edit_timet (const char *prompt, krb5_timestamp *value, int *mask,
int bit);
void time_t2str(time_t, char *, size_t, int);
int str2time_t (const char *, time_t *);
int parse_timet (const char *, krb5_timestamp *, int *, int);
int edit_timet (const char *, krb5_timestamp *, int *,
int);
void deltat2str(unsigned t, char *str, size_t len);
int str2deltat(const char *str, krb5_deltat *delta);
int parse_deltat (const char *resp, krb5_deltat *value, int *mask, int bit);
int edit_deltat (const char *prompt, krb5_deltat *value, int *mask, int bit);
void deltat2str(unsigned, char *, size_t);
int str2deltat(const char *, krb5_deltat *);
int parse_deltat (const char *, krb5_deltat *, int *, int);
int edit_deltat (const char *, krb5_deltat *, int *, int);
int edit_entry(kadm5_principal_ent_t ent, int *mask,
kadm5_principal_ent_t default_ent, int default_mask);
void set_defaults(kadm5_principal_ent_t ent, int *mask,
kadm5_principal_ent_t default_ent, int default_mask);
int set_entry(krb5_context context,
kadm5_principal_ent_t ent,
int *mask,
const char *max_ticket_life,
const char *max_renewable_life,
const char *expiration,
const char *pw_expiration,
const char *attributes);
int edit_entry(kadm5_principal_ent_t, int *, kadm5_principal_ent_t, int);
void set_defaults(kadm5_principal_ent_t, int *, kadm5_principal_ent_t, int);
int set_entry(krb5_context, kadm5_principal_ent_t, int *,
const char *, const char *, const char *,
const char *, const char *);
int
foreach_principal(const char *exp,
int (*func)(krb5_principal, void*),
const char *funcname,
void *data);
foreach_principal(const char *, int (*)(krb5_principal, void*),
const char *, void *);
int parse_des_key (const char *key_string,
krb5_key_data *key_data, const char **err);
int parse_des_key (const char *, krb5_key_data *, const char **);
/* server.c */
krb5_error_code
kadmind_loop (krb5_context, krb5_auth_context, krb5_keytab, int);
/* version4.c */
void
handle_v4(krb5_context context, krb5_keytab keytab, int len, int fd);
/* random_password.c */
void
random_password(char *pw, size_t len);
random_password(char *, size_t);
/* kadm_conn.c */

File diff suppressed because it is too large Load Diff

View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -32,7 +32,7 @@
*/
/*
* $Id: headers.h,v 1.15 2002/09/10 20:04:46 joda Exp $
* $Id: headers.h 19658 2007-01-04 00:15:34Z lha $
* $FreeBSD$
*/
@ -73,6 +73,9 @@
#ifdef HAVE_ARPA_INET_H
#include <arpa/inet.h>
#endif
#ifdef HAVE_SYS_WAIT_H
#include <sys/wait.h>
#endif
#ifdef HAVE_NETDB_H
#include <netdb.h>
#endif
@ -89,16 +92,14 @@
#include <parse_units.h>
#include <krb5.h>
#include <krb5_locl.h>
#include <digest_asn1.h>
#include <kx509_asn1.h>
#include <hdb.h>
#include <hdb_err.h>
#include <der.h> /* copy_octet_string */
#include <der.h>
#ifdef KRB4
#include <krb.h>
#include <prot.h>
#define Principal Principal4
#include <krb_db.h>
#endif
#include <heimntlm.h>
#include <windc_plugin.h>
#undef ALLOC
#define ALLOC(X) ((X) = malloc(sizeof(*(X))))

View File

@ -1,23 +0,0 @@
X509 DEFINITIONS ::= BEGIN
CertificateSerialNumber ::= INTEGER -- X.509 '97
AttributeType ::= OBJECT-IDENTIFIER
AttributeValue ::= OCTET STRING --ANY DEFINED BY AttributeType
AttributeTypeAndValue ::= SEQUENCE {
type AttributeType,
value AttributeValue
}
RelativeDistinguishedName ::= --SET
SEQUENCE OF AttributeTypeAndValue
RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
Name ::= CHOICE { -- RFC2459
x RDNSequence
}
END

View File

@ -1,251 +0,0 @@
/*
* Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "gssapi_locl.h"
RCSID("$Id: 8003.c,v 1.12.2.2 2003/09/18 21:30:57 lha Exp $");
krb5_error_code
gssapi_encode_om_uint32(OM_uint32 n, u_char *p)
{
p[0] = (n >> 0) & 0xFF;
p[1] = (n >> 8) & 0xFF;
p[2] = (n >> 16) & 0xFF;
p[3] = (n >> 24) & 0xFF;
return 0;
}
krb5_error_code
gssapi_encode_be_om_uint32(OM_uint32 n, u_char *p)
{
p[0] = (n >> 24) & 0xFF;
p[1] = (n >> 16) & 0xFF;
p[2] = (n >> 8) & 0xFF;
p[3] = (n >> 0) & 0xFF;
return 0;
}
krb5_error_code
gssapi_decode_om_uint32(u_char *p, OM_uint32 *n)
{
*n = (p[0] << 0) | (p[1] << 8) | (p[2] << 16) | (p[3] << 24);
return 0;
}
krb5_error_code
gssapi_decode_be_om_uint32(u_char *p, OM_uint32 *n)
{
*n = (p[0] <<24) | (p[1] << 16) | (p[2] << 8) | (p[3] << 0);
return 0;
}
static krb5_error_code
hash_input_chan_bindings (const gss_channel_bindings_t b,
u_char *p)
{
u_char num[4];
MD5_CTX md5;
MD5_Init(&md5);
gssapi_encode_om_uint32 (b->initiator_addrtype, num);
MD5_Update (&md5, num, sizeof(num));
gssapi_encode_om_uint32 (b->initiator_address.length, num);
MD5_Update (&md5, num, sizeof(num));
if (b->initiator_address.length)
MD5_Update (&md5,
b->initiator_address.value,
b->initiator_address.length);
gssapi_encode_om_uint32 (b->acceptor_addrtype, num);
MD5_Update (&md5, num, sizeof(num));
gssapi_encode_om_uint32 (b->acceptor_address.length, num);
MD5_Update (&md5, num, sizeof(num));
if (b->acceptor_address.length)
MD5_Update (&md5,
b->acceptor_address.value,
b->acceptor_address.length);
gssapi_encode_om_uint32 (b->application_data.length, num);
MD5_Update (&md5, num, sizeof(num));
if (b->application_data.length)
MD5_Update (&md5,
b->application_data.value,
b->application_data.length);
MD5_Final (p, &md5);
return 0;
}
/*
* create a checksum over the chanel bindings in
* `input_chan_bindings', `flags' and `fwd_data' and return it in
* `result'
*/
OM_uint32
gssapi_krb5_create_8003_checksum (
OM_uint32 *minor_status,
const gss_channel_bindings_t input_chan_bindings,
OM_uint32 flags,
const krb5_data *fwd_data,
Checksum *result)
{
u_char *p;
/*
* see rfc1964 (section 1.1.1 (Initial Token), and the checksum value
* field's format) */
result->cksumtype = 0x8003;
if (fwd_data->length > 0 && (flags & GSS_C_DELEG_FLAG))
result->checksum.length = 24 + 4 + fwd_data->length;
else
result->checksum.length = 24;
result->checksum.data = malloc (result->checksum.length);
if (result->checksum.data == NULL) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
p = result->checksum.data;
gssapi_encode_om_uint32 (16, p);
p += 4;
if (input_chan_bindings == GSS_C_NO_CHANNEL_BINDINGS) {
memset (p, 0, 16);
} else {
hash_input_chan_bindings (input_chan_bindings, p);
}
p += 16;
gssapi_encode_om_uint32 (flags, p);
p += 4;
if (fwd_data->length > 0 && (flags & GSS_C_DELEG_FLAG)) {
#if 0
u_char *tmp;
result->checksum.length = 28 + fwd_data->length;
tmp = realloc(result->checksum.data, result->checksum.length);
if (tmp == NULL)
return ENOMEM;
result->checksum.data = tmp;
p = (u_char*)result->checksum.data + 24;
#endif
*p++ = (1 >> 0) & 0xFF; /* DlgOpt */ /* == 1 */
*p++ = (1 >> 8) & 0xFF; /* DlgOpt */ /* == 0 */
*p++ = (fwd_data->length >> 0) & 0xFF; /* Dlgth */
*p++ = (fwd_data->length >> 8) & 0xFF; /* Dlgth */
memcpy(p, (unsigned char *) fwd_data->data, fwd_data->length);
p += fwd_data->length;
}
return GSS_S_COMPLETE;
}
/*
* verify the checksum in `cksum' over `input_chan_bindings'
* returning `flags' and `fwd_data'
*/
OM_uint32
gssapi_krb5_verify_8003_checksum(
OM_uint32 *minor_status,
const gss_channel_bindings_t input_chan_bindings,
const Checksum *cksum,
OM_uint32 *flags,
krb5_data *fwd_data)
{
unsigned char hash[16];
unsigned char *p;
OM_uint32 length;
int DlgOpt;
static unsigned char zeros[16];
/* XXX should handle checksums > 24 bytes */
if(cksum->cksumtype != 0x8003 || cksum->checksum.length < 24) {
*minor_status = 0;
return GSS_S_BAD_BINDINGS;
}
p = cksum->checksum.data;
gssapi_decode_om_uint32(p, &length);
if(length != sizeof(hash)) {
*minor_status = 0;
return GSS_S_BAD_BINDINGS;
}
p += 4;
if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS
&& memcmp(p, zeros, sizeof(zeros)) != 0) {
if(hash_input_chan_bindings(input_chan_bindings, hash) != 0) {
*minor_status = 0;
return GSS_S_BAD_BINDINGS;
}
if(memcmp(hash, p, sizeof(hash)) != 0) {
*minor_status = 0;
return GSS_S_BAD_BINDINGS;
}
}
p += sizeof(hash);
gssapi_decode_om_uint32(p, flags);
p += 4;
if (cksum->checksum.length > 24 && (*flags & GSS_C_DELEG_FLAG)) {
if(cksum->checksum.length < 28) {
*minor_status = 0;
return GSS_S_BAD_BINDINGS;
}
DlgOpt = (p[0] << 0) | (p[1] << 8);
p += 2;
if (DlgOpt != 1) {
*minor_status = 0;
return GSS_S_BAD_BINDINGS;
}
fwd_data->length = (p[0] << 0) | (p[1] << 8);
p += 2;
if(cksum->checksum.length < 28 + fwd_data->length) {
*minor_status = 0;
return GSS_S_BAD_BINDINGS;
}
fwd_data->data = malloc(fwd_data->length);
if (fwd_data->data == NULL) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
memcpy(fwd_data->data, p, fwd_data->length);
}
return GSS_S_COMPLETE;
}

View File

@ -1,445 +0,0 @@
/*
* Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "gssapi_locl.h"
RCSID("$Id: accept_sec_context.c,v 1.33.2.2 2003/12/19 00:37:06 lha Exp $");
krb5_keytab gssapi_krb5_keytab;
OM_uint32
gsskrb5_register_acceptor_identity (const char *identity)
{
krb5_error_code ret;
char *p;
ret = gssapi_krb5_init();
if(ret)
return GSS_S_FAILURE;
if(gssapi_krb5_keytab != NULL) {
krb5_kt_close(gssapi_krb5_context, gssapi_krb5_keytab);
gssapi_krb5_keytab = NULL;
}
asprintf(&p, "FILE:%s", identity);
if(p == NULL)
return GSS_S_FAILURE;
ret = krb5_kt_resolve(gssapi_krb5_context, p, &gssapi_krb5_keytab);
free(p);
if(ret)
return GSS_S_FAILURE;
return GSS_S_COMPLETE;
}
OM_uint32
gss_accept_sec_context
(OM_uint32 * minor_status,
gss_ctx_id_t * context_handle,
const gss_cred_id_t acceptor_cred_handle,
const gss_buffer_t input_token_buffer,
const gss_channel_bindings_t input_chan_bindings,
gss_name_t * src_name,
gss_OID * mech_type,
gss_buffer_t output_token,
OM_uint32 * ret_flags,
OM_uint32 * time_rec,
gss_cred_id_t * delegated_cred_handle
)
{
krb5_error_code kret;
OM_uint32 ret = GSS_S_COMPLETE;
krb5_data indata;
krb5_flags ap_options;
OM_uint32 flags;
krb5_ticket *ticket = NULL;
krb5_keytab keytab = NULL;
krb5_data fwd_data;
OM_uint32 minor;
GSSAPI_KRB5_INIT();
krb5_data_zero (&fwd_data);
output_token->length = 0;
output_token->value = NULL;
if (src_name != NULL)
*src_name = NULL;
if (mech_type)
*mech_type = GSS_KRB5_MECHANISM;
if (*context_handle == GSS_C_NO_CONTEXT) {
*context_handle = malloc(sizeof(**context_handle));
if (*context_handle == GSS_C_NO_CONTEXT) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
}
(*context_handle)->auth_context = NULL;
(*context_handle)->source = NULL;
(*context_handle)->target = NULL;
(*context_handle)->flags = 0;
(*context_handle)->more_flags = 0;
(*context_handle)->ticket = NULL;
(*context_handle)->lifetime = GSS_C_INDEFINITE;
kret = krb5_auth_con_init (gssapi_krb5_context,
&(*context_handle)->auth_context);
if (kret) {
ret = GSS_S_FAILURE;
*minor_status = kret;
gssapi_krb5_set_error_string ();
goto failure;
}
if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS
&& input_chan_bindings->application_data.length ==
2 * sizeof((*context_handle)->auth_context->local_port)
) {
/* Port numbers are expected to be in application_data.value,
* initator's port first */
krb5_address initiator_addr, acceptor_addr;
memset(&initiator_addr, 0, sizeof(initiator_addr));
memset(&acceptor_addr, 0, sizeof(acceptor_addr));
(*context_handle)->auth_context->remote_port =
*(int16_t *) input_chan_bindings->application_data.value;
(*context_handle)->auth_context->local_port =
*((int16_t *) input_chan_bindings->application_data.value + 1);
kret = gss_address_to_krb5addr(input_chan_bindings->acceptor_addrtype,
&input_chan_bindings->acceptor_address,
(*context_handle)->auth_context->local_port,
&acceptor_addr);
if (kret) {
gssapi_krb5_set_error_string ();
ret = GSS_S_BAD_BINDINGS;
*minor_status = kret;
goto failure;
}
kret = gss_address_to_krb5addr(input_chan_bindings->initiator_addrtype,
&input_chan_bindings->initiator_address,
(*context_handle)->auth_context->remote_port,
&initiator_addr);
if (kret) {
krb5_free_address (gssapi_krb5_context, &acceptor_addr);
gssapi_krb5_set_error_string ();
ret = GSS_S_BAD_BINDINGS;
*minor_status = kret;
goto failure;
}
kret = krb5_auth_con_setaddrs(gssapi_krb5_context,
(*context_handle)->auth_context,
&acceptor_addr, /* local address */
&initiator_addr); /* remote address */
krb5_free_address (gssapi_krb5_context, &initiator_addr);
krb5_free_address (gssapi_krb5_context, &acceptor_addr);
#if 0
free(input_chan_bindings->application_data.value);
input_chan_bindings->application_data.value = NULL;
input_chan_bindings->application_data.length = 0;
#endif
if (kret) {
gssapi_krb5_set_error_string ();
ret = GSS_S_BAD_BINDINGS;
*minor_status = kret;
goto failure;
}
}
{
int32_t tmp;
krb5_auth_con_getflags(gssapi_krb5_context,
(*context_handle)->auth_context,
&tmp);
tmp |= KRB5_AUTH_CONTEXT_DO_SEQUENCE;
krb5_auth_con_setflags(gssapi_krb5_context,
(*context_handle)->auth_context,
tmp);
}
ret = gssapi_krb5_decapsulate (minor_status,
input_token_buffer,
&indata,
"\x01\x00");
if (ret)
goto failure;
if (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) {
if (gssapi_krb5_keytab != NULL) {
keytab = gssapi_krb5_keytab;
}
} else if (acceptor_cred_handle->keytab != NULL) {
keytab = acceptor_cred_handle->keytab;
}
kret = krb5_rd_req (gssapi_krb5_context,
&(*context_handle)->auth_context,
&indata,
(acceptor_cred_handle == GSS_C_NO_CREDENTIAL) ? NULL
: acceptor_cred_handle->principal,
keytab,
&ap_options,
&ticket);
if (kret) {
ret = GSS_S_FAILURE;
*minor_status = kret;
gssapi_krb5_set_error_string ();
goto failure;
}
kret = krb5_copy_principal (gssapi_krb5_context,
ticket->client,
&(*context_handle)->source);
if (kret) {
ret = GSS_S_FAILURE;
*minor_status = kret;
gssapi_krb5_set_error_string ();
goto failure;
}
kret = krb5_copy_principal (gssapi_krb5_context,
ticket->server,
&(*context_handle)->target);
if (kret) {
ret = GSS_S_FAILURE;
*minor_status = kret;
gssapi_krb5_set_error_string ();
goto failure;
}
ret = _gss_DES3_get_mic_compat(minor_status, *context_handle);
if (ret)
goto failure;
if (src_name != NULL) {
kret = krb5_copy_principal (gssapi_krb5_context,
ticket->client,
src_name);
if (kret) {
ret = GSS_S_FAILURE;
*minor_status = kret;
gssapi_krb5_set_error_string ();
goto failure;
}
}
{
krb5_authenticator authenticator;
kret = krb5_auth_con_getauthenticator(gssapi_krb5_context,
(*context_handle)->auth_context,
&authenticator);
if(kret) {
ret = GSS_S_FAILURE;
*minor_status = kret;
gssapi_krb5_set_error_string ();
goto failure;
}
ret = gssapi_krb5_verify_8003_checksum(minor_status,
input_chan_bindings,
authenticator->cksum,
&flags,
&fwd_data);
krb5_free_authenticator(gssapi_krb5_context, &authenticator);
if (ret)
goto failure;
}
if (fwd_data.length > 0 && (flags & GSS_C_DELEG_FLAG)) {
krb5_ccache ccache;
int32_t ac_flags;
if (delegated_cred_handle == NULL)
/* XXX Create a new delegated_cred_handle? */
kret = krb5_cc_default (gssapi_krb5_context, &ccache);
else if (*delegated_cred_handle == NULL) {
if ((*delegated_cred_handle =
calloc(1, sizeof(**delegated_cred_handle))) == NULL) {
ret = GSS_S_FAILURE;
*minor_status = ENOMEM;
krb5_set_error_string(gssapi_krb5_context, "out of memory");
gssapi_krb5_set_error_string();
goto failure;
}
if ((ret = gss_duplicate_name(minor_status, ticket->client,
&(*delegated_cred_handle)->principal)) != 0) {
flags &= ~GSS_C_DELEG_FLAG;
free(*delegated_cred_handle);
*delegated_cred_handle = NULL;
goto end_fwd;
}
}
if (delegated_cred_handle != NULL &&
(*delegated_cred_handle)->ccache == NULL) {
kret = krb5_cc_gen_new (gssapi_krb5_context,
&krb5_mcc_ops,
&(*delegated_cred_handle)->ccache);
ccache = (*delegated_cred_handle)->ccache;
}
if (delegated_cred_handle != NULL &&
(*delegated_cred_handle)->mechanisms == NULL) {
ret = gss_create_empty_oid_set(minor_status,
&(*delegated_cred_handle)->mechanisms);
if (ret)
goto failure;
ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
&(*delegated_cred_handle)->mechanisms);
if (ret)
goto failure;
}
if (kret) {
flags &= ~GSS_C_DELEG_FLAG;
goto end_fwd;
}
kret = krb5_cc_initialize(gssapi_krb5_context,
ccache,
*src_name);
if (kret) {
flags &= ~GSS_C_DELEG_FLAG;
goto end_fwd;
}
krb5_auth_con_getflags(gssapi_krb5_context,
(*context_handle)->auth_context,
&ac_flags);
krb5_auth_con_setflags(gssapi_krb5_context,
(*context_handle)->auth_context,
ac_flags & ~KRB5_AUTH_CONTEXT_DO_TIME);
kret = krb5_rd_cred2(gssapi_krb5_context,
(*context_handle)->auth_context,
ccache,
&fwd_data);
krb5_auth_con_setflags(gssapi_krb5_context,
(*context_handle)->auth_context,
ac_flags);
if (kret) {
flags &= ~GSS_C_DELEG_FLAG;
goto end_fwd;
}
end_fwd:
free(fwd_data.data);
}
flags |= GSS_C_TRANS_FLAG;
if (ret_flags)
*ret_flags = flags;
(*context_handle)->lifetime = ticket->ticket.endtime;
(*context_handle)->flags = flags;
(*context_handle)->more_flags |= OPEN;
if (mech_type)
*mech_type = GSS_KRB5_MECHANISM;
if (time_rec) {
ret = gssapi_lifetime_left(minor_status,
(*context_handle)->lifetime,
time_rec);
if (ret)
goto failure;
}
if(flags & GSS_C_MUTUAL_FLAG) {
krb5_data outbuf;
kret = krb5_mk_rep (gssapi_krb5_context,
(*context_handle)->auth_context,
&outbuf);
if (kret) {
ret = GSS_S_FAILURE;
*minor_status = kret;
gssapi_krb5_set_error_string ();
goto failure;
}
ret = gssapi_krb5_encapsulate (minor_status,
&outbuf,
output_token,
"\x02\x00");
krb5_data_free (&outbuf);
if (ret)
goto failure;
} else {
output_token->length = 0;
output_token->value = NULL;
}
(*context_handle)->ticket = ticket;
ticket = NULL;
#if 0
krb5_free_ticket (context, ticket);
#endif
*minor_status = 0;
return GSS_S_COMPLETE;
failure:
if (fwd_data.length > 0)
free(fwd_data.data);
if (ticket != NULL)
krb5_free_ticket (gssapi_krb5_context, ticket);
krb5_auth_con_free (gssapi_krb5_context,
(*context_handle)->auth_context);
if((*context_handle)->source)
krb5_free_principal (gssapi_krb5_context,
(*context_handle)->source);
if((*context_handle)->target)
krb5_free_principal (gssapi_krb5_context,
(*context_handle)->target);
free (*context_handle);
if (src_name != NULL) {
gss_release_name (&minor, src_name);
*src_name = NULL;
}
*context_handle = GSS_C_NO_CONTEXT;
return ret;
}

View File

@ -1,309 +0,0 @@
/*
* Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "gssapi_locl.h"
RCSID("$Id: acquire_cred.c,v 1.13.2.1 2003/08/15 14:18:24 lha Exp $");
static krb5_error_code
get_keytab(krb5_keytab *keytab)
{
char kt_name[256];
krb5_error_code kret;
if (gssapi_krb5_keytab != NULL) {
kret = krb5_kt_get_name(gssapi_krb5_context,
gssapi_krb5_keytab,
kt_name, sizeof(kt_name));
if (kret == 0)
kret = krb5_kt_resolve(gssapi_krb5_context, kt_name, keytab);
} else
kret = krb5_kt_default(gssapi_krb5_context, keytab);
return (kret);
}
static OM_uint32 acquire_initiator_cred
(OM_uint32 * minor_status,
const gss_name_t desired_name,
OM_uint32 time_req,
const gss_OID_set desired_mechs,
gss_cred_usage_t cred_usage,
gss_cred_id_t handle,
gss_OID_set * actual_mechs,
OM_uint32 * time_rec
)
{
OM_uint32 ret;
krb5_creds cred;
krb5_principal def_princ;
krb5_get_init_creds_opt opt;
krb5_ccache ccache;
krb5_keytab keytab;
krb5_error_code kret;
keytab = NULL;
ccache = NULL;
def_princ = NULL;
ret = GSS_S_FAILURE;
memset(&cred, 0, sizeof(cred));
kret = krb5_cc_default(gssapi_krb5_context, &ccache);
if (kret)
goto end;
kret = krb5_cc_get_principal(gssapi_krb5_context, ccache,
&def_princ);
if (kret != 0) {
/* we'll try to use a keytab below */
krb5_cc_destroy(gssapi_krb5_context, ccache);
ccache = NULL;
kret = 0;
} else if (handle->principal == NULL) {
kret = krb5_copy_principal(gssapi_krb5_context, def_princ,
&handle->principal);
if (kret)
goto end;
} else if (handle->principal != NULL &&
krb5_principal_compare(gssapi_krb5_context, handle->principal,
def_princ) == FALSE) {
/* Before failing, lets check the keytab */
krb5_free_principal(gssapi_krb5_context, def_princ);
def_princ = NULL;
}
if (def_princ == NULL) {
/* We have no existing credentials cache,
* so attempt to get a TGT using a keytab.
*/
if (handle->principal == NULL) {
kret = krb5_get_default_principal(gssapi_krb5_context,
&handle->principal);
if (kret)
goto end;
}
kret = get_keytab(&keytab);
if (kret)
goto end;
krb5_get_init_creds_opt_init(&opt);
kret = krb5_get_init_creds_keytab(gssapi_krb5_context, &cred,
handle->principal, keytab, 0, NULL, &opt);
if (kret)
goto end;
kret = krb5_cc_gen_new(gssapi_krb5_context, &krb5_mcc_ops,
&ccache);
if (kret)
goto end;
kret = krb5_cc_initialize(gssapi_krb5_context, ccache, cred.client);
if (kret)
goto end;
kret = krb5_cc_store_cred(gssapi_krb5_context, ccache, &cred);
if (kret)
goto end;
handle->lifetime = cred.times.endtime;
} else {
krb5_creds in_cred, *out_cred;
krb5_const_realm realm;
memset(&in_cred, 0, sizeof(in_cred));
in_cred.client = handle->principal;
realm = krb5_principal_get_realm(gssapi_krb5_context,
handle->principal);
if (realm == NULL) {
kret = KRB5_PRINC_NOMATCH; /* XXX */
goto end;
}
kret = krb5_make_principal(gssapi_krb5_context, &in_cred.server,
realm, KRB5_TGS_NAME, realm, NULL);
if (kret)
goto end;
kret = krb5_get_credentials(gssapi_krb5_context, 0,
ccache, &in_cred, &out_cred);
krb5_free_principal(gssapi_krb5_context, in_cred.server);
if (kret)
goto end;
handle->lifetime = out_cred->times.endtime;
krb5_free_creds(gssapi_krb5_context, out_cred);
}
handle->ccache = ccache;
ret = GSS_S_COMPLETE;
end:
if (cred.client != NULL)
krb5_free_creds_contents(gssapi_krb5_context, &cred);
if (def_princ != NULL)
krb5_free_principal(gssapi_krb5_context, def_princ);
if (keytab != NULL)
krb5_kt_close(gssapi_krb5_context, keytab);
if (ret != GSS_S_COMPLETE) {
if (ccache != NULL)
krb5_cc_close(gssapi_krb5_context, ccache);
if (kret != 0) {
*minor_status = kret;
gssapi_krb5_set_error_string ();
}
}
return (ret);
}
static OM_uint32 acquire_acceptor_cred
(OM_uint32 * minor_status,
const gss_name_t desired_name,
OM_uint32 time_req,
const gss_OID_set desired_mechs,
gss_cred_usage_t cred_usage,
gss_cred_id_t handle,
gss_OID_set * actual_mechs,
OM_uint32 * time_rec
)
{
OM_uint32 ret;
krb5_error_code kret;
kret = 0;
ret = GSS_S_FAILURE;
kret = get_keytab(&handle->keytab);
if (kret)
goto end;
ret = GSS_S_COMPLETE;
end:
if (ret != GSS_S_COMPLETE) {
if (handle->keytab != NULL)
krb5_kt_close(gssapi_krb5_context, handle->keytab);
if (kret != 0) {
*minor_status = kret;
gssapi_krb5_set_error_string ();
}
}
return (ret);
}
OM_uint32 gss_acquire_cred
(OM_uint32 * minor_status,
const gss_name_t desired_name,
OM_uint32 time_req,
const gss_OID_set desired_mechs,
gss_cred_usage_t cred_usage,
gss_cred_id_t * output_cred_handle,
gss_OID_set * actual_mechs,
OM_uint32 * time_rec
)
{
gss_cred_id_t handle;
OM_uint32 ret;
GSSAPI_KRB5_INIT ();
*output_cred_handle = NULL;
if (time_rec)
*time_rec = 0;
if (actual_mechs)
*actual_mechs = GSS_C_NO_OID_SET;
if (desired_mechs) {
OM_uint32 present = 0;
ret = gss_test_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
desired_mechs, &present);
if (ret)
return ret;
if (!present) {
*minor_status = 0;
return GSS_S_BAD_MECH;
}
}
handle = (gss_cred_id_t)malloc(sizeof(*handle));
if (handle == GSS_C_NO_CREDENTIAL) {
*minor_status = ENOMEM;
return (GSS_S_FAILURE);
}
memset(handle, 0, sizeof (*handle));
if (desired_name != GSS_C_NO_NAME) {
ret = gss_duplicate_name(minor_status, desired_name,
&handle->principal);
if (ret != GSS_S_COMPLETE) {
free(handle);
return (ret);
}
}
if (cred_usage == GSS_C_INITIATE || cred_usage == GSS_C_BOTH) {
ret = acquire_initiator_cred(minor_status, desired_name, time_req,
desired_mechs, cred_usage, handle, actual_mechs, time_rec);
if (ret != GSS_S_COMPLETE) {
free(handle);
return (ret);
}
} else if (cred_usage == GSS_C_ACCEPT || cred_usage == GSS_C_BOTH) {
ret = acquire_acceptor_cred(minor_status, desired_name, time_req,
desired_mechs, cred_usage, handle, actual_mechs, time_rec);
if (ret != GSS_S_COMPLETE) {
free(handle);
return (ret);
}
} else {
free(handle);
*minor_status = GSS_KRB5_S_G_BAD_USAGE;
return GSS_S_FAILURE;
}
ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms);
if (ret == GSS_S_COMPLETE)
ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
&handle->mechanisms);
if (ret == GSS_S_COMPLETE)
ret = gss_inquire_cred(minor_status, handle, NULL, time_rec, NULL,
actual_mechs);
if (ret != GSS_S_COMPLETE) {
if (handle->mechanisms != NULL)
gss_release_oid_set(NULL, &handle->mechanisms);
free(handle);
return (ret);
}
*minor_status = 0;
if (time_rec) {
ret = gssapi_lifetime_left(minor_status,
handle->lifetime,
time_rec);
if (ret)
return ret;
}
handle->usage = cred_usage;
*output_cred_handle = handle;
return (GSS_S_COMPLETE);
}

View File

@ -1,234 +0,0 @@
/*
* Copyright (c) 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "gssapi_locl.h"
RCSID("$Id: add_cred.c,v 1.2.2.1 2003/10/21 21:00:47 lha Exp $");
OM_uint32 gss_add_cred (
OM_uint32 *minor_status,
const gss_cred_id_t input_cred_handle,
const gss_name_t desired_name,
const gss_OID desired_mech,
gss_cred_usage_t cred_usage,
OM_uint32 initiator_time_req,
OM_uint32 acceptor_time_req,
gss_cred_id_t *output_cred_handle,
gss_OID_set *actual_mechs,
OM_uint32 *initiator_time_rec,
OM_uint32 *acceptor_time_rec)
{
OM_uint32 ret, lifetime;
gss_cred_id_t cred, handle;
handle = NULL;
cred = input_cred_handle;
if (gss_oid_equal(desired_mech, GSS_KRB5_MECHANISM) == 0) {
*minor_status = 0;
return GSS_S_BAD_MECH;
}
if (cred == GSS_C_NO_CREDENTIAL && output_cred_handle == NULL) {
*minor_status = 0;
return GSS_S_NO_CRED;
}
/* check if requested output usage is compatible with output usage */
if (output_cred_handle != NULL &&
(cred->usage != cred_usage && cred->usage != GSS_C_BOTH)) {
*minor_status = GSS_KRB5_S_G_BAD_USAGE;
return(GSS_S_FAILURE);
}
/* check that we have the same name */
if (desired_name != GSS_C_NO_NAME &&
krb5_principal_compare(gssapi_krb5_context, desired_name,
cred->principal) != FALSE) {
*minor_status = 0;
return GSS_S_BAD_NAME;
}
/* make a copy */
if (output_cred_handle) {
handle = (gss_cred_id_t)malloc(sizeof(*handle));
if (handle == GSS_C_NO_CREDENTIAL) {
*minor_status = ENOMEM;
return (GSS_S_FAILURE);
}
memset(handle, 0, sizeof (*handle));
handle->usage = cred_usage;
handle->lifetime = cred->lifetime;
handle->principal = NULL;
handle->keytab = NULL;
handle->ccache = NULL;
handle->mechanisms = NULL;
ret = GSS_S_FAILURE;
ret = gss_duplicate_name(minor_status, cred->principal,
&handle->principal);
if (ret) {
free(handle);
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
if (cred->keytab) {
krb5_error_code kret;
char name[KRB5_KT_PREFIX_MAX_LEN + MAXPATHLEN];
int len;
ret = GSS_S_FAILURE;
kret = krb5_kt_get_type(gssapi_krb5_context, cred->keytab,
name, KRB5_KT_PREFIX_MAX_LEN);
if (kret) {
*minor_status = kret;
goto failure;
}
len = strlen(name);
name[len++] = ':';
kret = krb5_kt_get_name(gssapi_krb5_context, cred->keytab,
name + len,
sizeof(name) - len);
if (kret) {
*minor_status = kret;
goto failure;
}
kret = krb5_kt_resolve(gssapi_krb5_context, name,
&handle->keytab);
if (kret){
*minor_status = kret;
goto failure;
}
}
if (cred->ccache) {
krb5_error_code kret;
const char *type, *name;
char *type_name;
ret = GSS_S_FAILURE;
type = krb5_cc_get_type(gssapi_krb5_context, cred->ccache);
if (type == NULL){
*minor_status = ENOMEM;
goto failure;
}
if (strcmp(type, "MEMORY") == 0) {
ret = krb5_cc_gen_new(gssapi_krb5_context, &krb5_mcc_ops,
&handle->ccache);
if (ret) {
*minor_status = ret;
goto failure;
}
ret = krb5_cc_copy_cache(gssapi_krb5_context, cred->ccache,
handle->ccache);
if (ret) {
*minor_status = ret;
goto failure;
}
} else {
name = krb5_cc_get_name(gssapi_krb5_context, cred->ccache);
if (name == NULL) {
*minor_status = ENOMEM;
goto failure;
}
asprintf(&type_name, "%s:%s", type, name);
if (type_name == NULL) {
*minor_status = ENOMEM;
goto failure;
}
kret = krb5_cc_resolve(gssapi_krb5_context, type_name,
&handle->ccache);
free(type_name);
if (kret) {
*minor_status = kret;
goto failure;
}
}
}
ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms);
if (ret)
goto failure;
ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
&handle->mechanisms);
if (ret)
goto failure;
}
ret = gss_inquire_cred(minor_status, cred, NULL, &lifetime,
NULL, actual_mechs);
if (ret)
goto failure;
if (initiator_time_rec)
*initiator_time_rec = lifetime;
if (acceptor_time_rec)
*acceptor_time_rec = lifetime;
if (output_cred_handle)
*output_cred_handle = handle;
*minor_status = 0;
return ret;
failure:
if (handle) {
if (handle->principal)
gss_release_name(NULL, &handle->principal);
if (handle->keytab)
krb5_kt_close(gssapi_krb5_context, handle->keytab);
if (handle->ccache)
krb5_cc_destroy(gssapi_krb5_context, handle->ccache);
if (handle->mechanisms)
gss_release_oid_set(NULL, &handle->mechanisms);
free(handle);
}
return ret;
}

View File

@ -1,69 +0,0 @@
/*
* Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "gssapi_locl.h"
RCSID("$Id: add_oid_set_member.c,v 1.8 2003/03/16 17:50:49 lha Exp $");
OM_uint32 gss_add_oid_set_member (
OM_uint32 * minor_status,
const gss_OID member_oid,
gss_OID_set * oid_set
)
{
gss_OID tmp;
size_t n;
OM_uint32 res;
int present;
res = gss_test_oid_set_member(minor_status, member_oid, *oid_set, &present);
if (res != GSS_S_COMPLETE)
return res;
if (present) {
*minor_status = 0;
return GSS_S_COMPLETE;
}
n = (*oid_set)->count + 1;
tmp = realloc ((*oid_set)->elements, n * sizeof(gss_OID_desc));
if (tmp == NULL) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
(*oid_set)->elements = tmp;
(*oid_set)->count = n;
(*oid_set)->elements[n-1] = *member_oid;
*minor_status = 0;
return GSS_S_COMPLETE;
}

View File

@ -1,76 +0,0 @@
/*
* Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "gssapi_locl.h"
#include <roken.h>
krb5_error_code
gss_address_to_krb5addr(OM_uint32 gss_addr_type,
gss_buffer_desc *gss_addr,
int16_t port,
krb5_address *address)
{
int addr_type;
struct sockaddr sa;
int sa_size = sizeof(sa);
krb5_error_code problem;
if (gss_addr == NULL)
return GSS_S_FAILURE;
switch (gss_addr_type) {
#ifdef HAVE_IPV6
case GSS_C_AF_INET6: addr_type = AF_INET6;
break;
#endif /* HAVE_IPV6 */
case GSS_C_AF_INET: addr_type = AF_INET;
break;
default:
return GSS_S_FAILURE;
}
problem = krb5_h_addr2sockaddr (gssapi_krb5_context,
addr_type,
gss_addr->value,
&sa,
&sa_size,
port);
if (problem)
return GSS_S_FAILURE;
problem = krb5_sockaddr2address (gssapi_krb5_context, &sa, address);
return problem;
}

View File

@ -1,623 +0,0 @@
/*
* Copyright (c) 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "gssapi_locl.h"
/*
* Implements draft-brezak-win2k-krb-rc4-hmac-04.txt
*/
RCSID("$Id: arcfour.c,v 1.12.2.3 2003/09/19 15:15:11 lha Exp $");
static krb5_error_code
arcfour_mic_key(krb5_context context, krb5_keyblock *key,
void *cksum_data, size_t cksum_size,
void *key6_data, size_t key6_size)
{
krb5_error_code ret;
Checksum cksum_k5;
krb5_keyblock key5;
char k5_data[16];
Checksum cksum_k6;
char T[4];
memset(T, 0, 4);
cksum_k5.checksum.data = k5_data;
cksum_k5.checksum.length = sizeof(k5_data);
if (key->keytype == KEYTYPE_ARCFOUR_56) {
char L40[14] = "fortybits";
memcpy(L40 + 10, T, sizeof(T));
ret = krb5_hmac(context, CKSUMTYPE_RSA_MD5,
L40, 14, 0, key, &cksum_k5);
memset(&k5_data[7], 0xAB, 9);
} else {
ret = krb5_hmac(context, CKSUMTYPE_RSA_MD5,
T, 4, 0, key, &cksum_k5);
}
if (ret)
return ret;
key5.keytype = KEYTYPE_ARCFOUR;
key5.keyvalue = cksum_k5.checksum;
cksum_k6.checksum.data = key6_data;
cksum_k6.checksum.length = key6_size;
return krb5_hmac(context, CKSUMTYPE_RSA_MD5,
cksum_data, cksum_size, 0, &key5, &cksum_k6);
}
static krb5_error_code
arcfour_mic_cksum(krb5_keyblock *key, unsigned usage,
u_char *sgn_cksum, size_t sgn_cksum_sz,
const char *v1, size_t l1,
const void *v2, size_t l2,
const void *v3, size_t l3)
{
Checksum CKSUM;
u_char *ptr;
size_t len;
krb5_crypto crypto;
krb5_error_code ret;
assert(sgn_cksum_sz == 8);
len = l1 + l2 + l3;
ptr = malloc(len);
if (ptr == NULL)
return ENOMEM;
memcpy(ptr, v1, l1);
memcpy(ptr + l1, v2, l2);
memcpy(ptr + l1 + l2, v3, l3);
ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto);
if (ret) {
free(ptr);
return ret;
}
ret = krb5_create_checksum(gssapi_krb5_context,
crypto,
usage,
0,
ptr, len,
&CKSUM);
free(ptr);
if (ret == 0) {
memcpy(sgn_cksum, CKSUM.checksum.data, sgn_cksum_sz);
free_Checksum(&CKSUM);
}
krb5_crypto_destroy(gssapi_krb5_context, crypto);
return ret;
}
OM_uint32
_gssapi_get_mic_arcfour(OM_uint32 * minor_status,
const gss_ctx_id_t context_handle,
gss_qop_t qop_req,
const gss_buffer_t message_buffer,
gss_buffer_t message_token,
krb5_keyblock *key)
{
krb5_error_code ret;
int32_t seq_number;
size_t len, total_len;
u_char k6_data[16], *p0, *p;
RC4_KEY rc4_key;
gssapi_krb5_encap_length (22, &len, &total_len);
message_token->length = total_len;
message_token->value = malloc (total_len);
if (message_token->value == NULL) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
p0 = _gssapi_make_mech_header(message_token->value,
len);
p = p0;
*p++ = 0x01; /* TOK_ID */
*p++ = 0x01;
*p++ = 0x11; /* SGN_ALG */
*p++ = 0x00;
*p++ = 0xff; /* Filler */
*p++ = 0xff;
*p++ = 0xff;
*p++ = 0xff;
p = NULL;
ret = arcfour_mic_cksum(key, KRB5_KU_USAGE_SIGN,
p0 + 16, 8, /* SGN_CKSUM */
p0, 8, /* TOK_ID, SGN_ALG, Filer */
message_buffer->value, message_buffer->length,
NULL, 0);
if (ret) {
gss_release_buffer(minor_status, message_token);
*minor_status = ret;
return GSS_S_FAILURE;
}
ret = arcfour_mic_key(gssapi_krb5_context, key,
p0 + 16, 8, /* SGN_CKSUM */
k6_data, sizeof(k6_data));
if (ret) {
gss_release_buffer(minor_status, message_token);
*minor_status = ret;
return GSS_S_FAILURE;
}
krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,
context_handle->auth_context,
&seq_number);
p = p0 + 8; /* SND_SEQ */
gssapi_encode_be_om_uint32(seq_number, p);
krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,
context_handle->auth_context,
++seq_number);
memset (p + 4, (context_handle->more_flags & LOCAL) ? 0 : 0xff, 4);
RC4_set_key (&rc4_key, sizeof(k6_data), k6_data);
RC4 (&rc4_key, 8, p, p);
memset(&rc4_key, 0, sizeof(rc4_key));
memset(k6_data, 0, sizeof(k6_data));
*minor_status = 0;
return GSS_S_COMPLETE;
}
OM_uint32
_gssapi_verify_mic_arcfour(OM_uint32 * minor_status,
const gss_ctx_id_t context_handle,
const gss_buffer_t message_buffer,
const gss_buffer_t token_buffer,
gss_qop_t * qop_state,
krb5_keyblock *key,
char *type)
{
krb5_error_code ret;
int32_t seq_number, seq_number2;
OM_uint32 omret;
char cksum_data[8], k6_data[16], SND_SEQ[8];
u_char *p;
int cmp;
if (qop_state)
*qop_state = 0;
p = token_buffer->value;
omret = gssapi_krb5_verify_header (&p,
token_buffer->length,
type);
if (omret)
return omret;
if (memcmp(p, "\x11\x00", 2) != 0) /* SGN_ALG = HMAC MD5 ARCFOUR */
return GSS_S_BAD_SIG;
p += 2;
if (memcmp (p, "\xff\xff\xff\xff", 4) != 0)
return GSS_S_BAD_MIC;
p += 4;
ret = arcfour_mic_cksum(key, KRB5_KU_USAGE_SIGN,
cksum_data, sizeof(cksum_data),
p - 8, 8,
message_buffer->value, message_buffer->length,
NULL, 0);
if (ret) {
*minor_status = ret;
return GSS_S_FAILURE;
}
ret = arcfour_mic_key(gssapi_krb5_context, key,
cksum_data, sizeof(cksum_data),
k6_data, sizeof(k6_data));
if (ret) {
*minor_status = ret;
return GSS_S_FAILURE;
}
cmp = memcmp(cksum_data, p + 8, 8);
if (cmp) {
*minor_status = 0;
return GSS_S_BAD_MIC;
}
{
RC4_KEY rc4_key;
RC4_set_key (&rc4_key, sizeof(k6_data), k6_data);
RC4 (&rc4_key, 8, p, SND_SEQ);
memset(&rc4_key, 0, sizeof(rc4_key));
memset(k6_data, 0, sizeof(k6_data));
}
gssapi_decode_be_om_uint32(SND_SEQ, &seq_number);
if (context_handle->more_flags & LOCAL)
cmp = memcmp(&SND_SEQ[4], "\xff\xff\xff\xff", 4);
else
cmp = memcmp(&SND_SEQ[4], "\x00\x00\x00\x00", 4);
memset(SND_SEQ, 0, sizeof(SND_SEQ));
if (cmp != 0) {
*minor_status = 0;
return GSS_S_BAD_MIC;
}
krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,
context_handle->auth_context,
&seq_number2);
if (seq_number != seq_number2) {
*minor_status = 0;
return GSS_S_UNSEQ_TOKEN;
}
krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,
context_handle->auth_context,
++seq_number2);
*minor_status = 0;
return GSS_S_COMPLETE;
}
OM_uint32
_gssapi_wrap_arcfour(OM_uint32 * minor_status,
const gss_ctx_id_t context_handle,
int conf_req_flag,
gss_qop_t qop_req,
const gss_buffer_t input_message_buffer,
int * conf_state,
gss_buffer_t output_message_buffer,
krb5_keyblock *key)
{
u_char Klocaldata[16], k6_data[16], *p, *p0;
size_t len, total_len, datalen;
krb5_keyblock Klocal;
krb5_error_code ret;
int32_t seq_number;
if (conf_state)
*conf_state = 0;
datalen = input_message_buffer->length + 1 /* padding */;
len = datalen + 30;
gssapi_krb5_encap_length (len, &len, &total_len);
output_message_buffer->length = total_len;
output_message_buffer->value = malloc (total_len);
if (output_message_buffer->value == NULL) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
p0 = _gssapi_make_mech_header(output_message_buffer->value,
len);
p = p0;
*p++ = 0x02; /* TOK_ID */
*p++ = 0x01;
*p++ = 0x11; /* SGN_ALG */
*p++ = 0x00;
if (conf_req_flag) {
*p++ = 0x10; /* SEAL_ALG */
*p++ = 0x00;
} else {
*p++ = 0xff; /* SEAL_ALG */
*p++ = 0xff;
}
*p++ = 0xff; /* Filler */
*p++ = 0xff;
p = NULL;
krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,
context_handle->auth_context,
&seq_number);
gssapi_encode_be_om_uint32(seq_number, p0 + 8);
krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,
context_handle->auth_context,
++seq_number);
memset (p0 + 8 + 4,
(context_handle->more_flags & LOCAL) ? 0 : 0xff,
4);
krb5_generate_random_block(p0 + 24, 8); /* fill in Confounder */
/* p points to data */
p = p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE;
memcpy(p, input_message_buffer->value, input_message_buffer->length);
p[input_message_buffer->length] = 1; /* PADDING */
ret = arcfour_mic_cksum(key, KRB5_KU_USAGE_SEAL,
p0 + 16, 8, /* SGN_CKSUM */
p0, 8, /* TOK_ID, SGN_ALG, SEAL_ALG, Filler */
p0 + 24, 8, /* Confounder */
p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE,
datalen);
if (ret) {
*minor_status = ret;
gss_release_buffer(minor_status, output_message_buffer);
return GSS_S_FAILURE;
}
{
int i;
Klocal.keytype = key->keytype;
Klocal.keyvalue.data = Klocaldata;
Klocal.keyvalue.length = sizeof(Klocaldata);
for (i = 0; i < 16; i++)
Klocaldata[i] = ((u_char *)key->keyvalue.data)[i] ^ 0xF0;
}
ret = arcfour_mic_key(gssapi_krb5_context, &Klocal,
p0 + 8, 4, /* SND_SEQ */
k6_data, sizeof(k6_data));
memset(Klocaldata, 0, sizeof(Klocaldata));
if (ret) {
gss_release_buffer(minor_status, output_message_buffer);
*minor_status = ret;
return GSS_S_FAILURE;
}
if(conf_req_flag) {
RC4_KEY rc4_key;
RC4_set_key (&rc4_key, sizeof(k6_data), k6_data);
/* XXX ? */
RC4 (&rc4_key, 8 + datalen, p0 + 24, p0 + 24); /* Confounder + data */
memset(&rc4_key, 0, sizeof(rc4_key));
}
memset(k6_data, 0, sizeof(k6_data));
ret = arcfour_mic_key(gssapi_krb5_context, key,
p0 + 16, 8, /* SGN_CKSUM */
k6_data, sizeof(k6_data));
if (ret) {
gss_release_buffer(minor_status, output_message_buffer);
*minor_status = ret;
return GSS_S_FAILURE;
}
{
RC4_KEY rc4_key;
RC4_set_key (&rc4_key, sizeof(k6_data), k6_data);
RC4 (&rc4_key, 8, p0 + 8, p0 + 8); /* SND_SEQ */
memset(&rc4_key, 0, sizeof(rc4_key));
memset(k6_data, 0, sizeof(k6_data));
}
if (conf_state)
*conf_state = conf_req_flag;
*minor_status = 0;
return GSS_S_COMPLETE;
}
OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status,
const gss_ctx_id_t context_handle,
const gss_buffer_t input_message_buffer,
gss_buffer_t output_message_buffer,
int *conf_state,
gss_qop_t *qop_state,
krb5_keyblock *key)
{
u_char Klocaldata[16];
krb5_keyblock Klocal;
krb5_error_code ret;
int32_t seq_number, seq_number2;
size_t datalen;
OM_uint32 omret;
char k6_data[16], SND_SEQ[8], Confounder[8];
char cksum_data[8];
u_char *p, *p0;
int cmp;
int conf_flag;
size_t padlen;
if (conf_state)
*conf_state = 0;
if (qop_state)
*qop_state = 0;
p0 = input_message_buffer->value;
omret = _gssapi_verify_mech_header(&p0,
input_message_buffer->length);
if (omret)
return omret;
p = p0;
datalen = input_message_buffer->length -
(p - ((u_char *)input_message_buffer->value)) -
GSS_ARCFOUR_WRAP_TOKEN_SIZE;
if (memcmp(p, "\x02\x01", 2) != 0)
return GSS_S_BAD_SIG;
p += 2;
if (memcmp(p, "\x11\x00", 2) != 0) /* SGN_ALG = HMAC MD5 ARCFOUR */
return GSS_S_BAD_SIG;
p += 2;
if (memcmp (p, "\x10\x00", 2) == 0)
conf_flag = 1;
else if (memcmp (p, "\xff\xff", 2) == 0)
conf_flag = 0;
else
return GSS_S_BAD_SIG;
p += 2;
if (memcmp (p, "\xff\xff", 2) != 0)
return GSS_S_BAD_MIC;
p = NULL;
ret = arcfour_mic_key(gssapi_krb5_context, key,
p0 + 16, 8, /* SGN_CKSUM */
k6_data, sizeof(k6_data));
if (ret) {
*minor_status = ret;
return GSS_S_FAILURE;
}
{
RC4_KEY rc4_key;
RC4_set_key (&rc4_key, sizeof(k6_data), k6_data);
RC4 (&rc4_key, 8, p0 + 8, SND_SEQ); /* SND_SEQ */
memset(&rc4_key, 0, sizeof(rc4_key));
memset(k6_data, 0, sizeof(k6_data));
}
gssapi_decode_be_om_uint32(SND_SEQ, &seq_number);
if (context_handle->more_flags & LOCAL)
cmp = memcmp(&SND_SEQ[4], "\xff\xff\xff\xff", 4);
else
cmp = memcmp(&SND_SEQ[4], "\x00\x00\x00\x00", 4);
if (cmp != 0) {
*minor_status = 0;
return GSS_S_BAD_MIC;
}
{
int i;
Klocal.keytype = key->keytype;
Klocal.keyvalue.data = Klocaldata;
Klocal.keyvalue.length = sizeof(Klocaldata);
for (i = 0; i < 16; i++)
Klocaldata[i] = ((u_char *)key->keyvalue.data)[i] ^ 0xF0;
}
ret = arcfour_mic_key(gssapi_krb5_context, &Klocal,
SND_SEQ, 4,
k6_data, sizeof(k6_data));
memset(Klocaldata, 0, sizeof(Klocaldata));
if (ret) {
*minor_status = ret;
return GSS_S_FAILURE;
}
output_message_buffer->value = malloc(datalen);
if (output_message_buffer->value == NULL) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
output_message_buffer->length = datalen;
if(conf_flag) {
RC4_KEY rc4_key;
RC4_set_key (&rc4_key, sizeof(k6_data), k6_data);
RC4 (&rc4_key, 8, p0 + 24, Confounder); /* Confounder */
RC4 (&rc4_key, datalen, p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE,
output_message_buffer->value);
memset(&rc4_key, 0, sizeof(rc4_key));
} else {
memcpy(Confounder, p0 + 24, 8); /* Confounder */
memcpy(output_message_buffer->value,
p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE,
datalen);
}
memset(k6_data, 0, sizeof(k6_data));
ret = _gssapi_verify_pad(output_message_buffer, datalen, &padlen);
if (ret) {
gss_release_buffer(minor_status, output_message_buffer);
*minor_status = 0;
return ret;
}
output_message_buffer->length -= padlen;
ret = arcfour_mic_cksum(key, KRB5_KU_USAGE_SEAL,
cksum_data, sizeof(cksum_data),
p0, 8,
Confounder, sizeof(Confounder),
output_message_buffer->value,
output_message_buffer->length + padlen);
if (ret) {
gss_release_buffer(minor_status, output_message_buffer);
*minor_status = ret;
return GSS_S_FAILURE;
}
cmp = memcmp(cksum_data, p0 + 16, 8); /* SGN_CKSUM */
if (cmp) {
gss_release_buffer(minor_status, output_message_buffer);
*minor_status = 0;
return GSS_S_BAD_MIC;
}
krb5_auth_getremoteseqnumber (gssapi_krb5_context,
context_handle->auth_context,
&seq_number2);
if (seq_number != seq_number2) {
*minor_status = 0;
return GSS_S_UNSEQ_TOKEN;
}
krb5_auth_con_setremoteseqnumber (gssapi_krb5_context,
context_handle->auth_context,
++seq_number2);
if (conf_state)
*conf_state = conf_flag;
*minor_status = 0;
return GSS_S_COMPLETE;
}

View File

@ -1,98 +0,0 @@
/*
* Copyright (c) 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* $Id: arcfour.h,v 1.3.2.2 2003/09/19 15:14:14 lha Exp $ */
#ifndef GSSAPI_ARCFOUR_H_
#define GSSAPI_ARCFOUR_H_ 1
/*
* The arcfour message have the following formats, these are only here
* for reference and is not used.
*/
#if 0
typedef struct gss_arcfour_mic_token {
u_char TOK_ID[2]; /* 01 01 */
u_char SGN_ALG[2]; /* 11 00 */
u_char Filler[4];
u_char SND_SEQ[8];
u_char SGN_CKSUM[8];
} gss_arcfour_mic_token_desc, *gss_arcfour_mic_token;
typedef struct gss_arcfour_wrap_token {
u_char TOK_ID[2]; /* 02 01 */
u_char SGN_ALG[2];
u_char SEAL_ALG[2];
u_char Filler[2];
u_char SND_SEQ[8];
u_char SGN_CKSUM[8];
u_char Confounder[8];
} gss_arcfour_wrap_token_desc, *gss_arcfour_wrap_token;
#endif
#define GSS_ARCFOUR_WRAP_TOKEN_SIZE 32
OM_uint32 _gssapi_wrap_arcfour(OM_uint32 *minor_status,
const gss_ctx_id_t context_handle,
int conf_req_flag,
gss_qop_t qop_req,
const gss_buffer_t input_message_buffer,
int *conf_state,
gss_buffer_t output_message_buffer,
krb5_keyblock *key);
OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status,
const gss_ctx_id_t context_handle,
const gss_buffer_t input_message_buffer,
gss_buffer_t output_message_buffer,
int *conf_state,
gss_qop_t *qop_state,
krb5_keyblock *key);
OM_uint32 _gssapi_get_mic_arcfour(OM_uint32 *minor_status,
const gss_ctx_id_t context_handle,
gss_qop_t qop_req,
const gss_buffer_t message_buffer,
gss_buffer_t message_token,
krb5_keyblock *key);
OM_uint32 _gssapi_verify_mic_arcfour(OM_uint32 *minor_status,
const gss_ctx_id_t context_handle,
const gss_buffer_t message_buffer,
const gss_buffer_t token_buffer,
gss_qop_t *qop_state,
krb5_keyblock *key,
char *type);
#endif /* GSSAPI_ARCFOUR_H_ */

View File

@ -1,46 +0,0 @@
/*
* Copyright (c) 1997 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "gssapi_locl.h"
RCSID("$Id: canonicalize_name.c,v 1.2 1999/12/02 17:05:03 joda Exp $");
OM_uint32 gss_canonicalize_name (
OM_uint32 * minor_status,
const gss_name_t input_name,
const gss_OID mech_type,
gss_name_t * output_name
)
{
return gss_duplicate_name (minor_status, input_name, output_name);
}

View File

@ -1,113 +0,0 @@
/*
* Copyright (c) 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "gssapi_locl.h"
RCSID("$Id: compat.c,v 1.2.2.2 2003/04/28 13:58:09 lha Exp $");
static krb5_error_code
check_compat(OM_uint32 *minor_status, gss_name_t name,
const char *option, krb5_boolean *compat,
krb5_boolean match_val)
{
krb5_error_code ret = 0;
char **p, **q;
krb5_principal match;
p = krb5_config_get_strings(gssapi_krb5_context, NULL, "gssapi",
option, NULL);
if(p == NULL)
return 0;
for(q = p; *q; q++) {
ret = krb5_parse_name(gssapi_krb5_context, *q, &match);
if (ret)
break;
if (krb5_principal_match(gssapi_krb5_context, name, match)) {
*compat = match_val;
break;
}
krb5_free_principal(gssapi_krb5_context, match);
}
krb5_config_free_strings(p);
if (ret) {
*minor_status = ret;
return GSS_S_FAILURE;
}
return 0;
}
OM_uint32
_gss_DES3_get_mic_compat(OM_uint32 *minor_status, gss_ctx_id_t ctx)
{
krb5_boolean use_compat = TRUE;
OM_uint32 ret;
if ((ctx->more_flags & COMPAT_OLD_DES3_SELECTED) == 0) {
ret = check_compat(minor_status, ctx->target,
"broken_des3_mic", &use_compat, TRUE);
if (ret)
return ret;
ret = check_compat(minor_status, ctx->target,
"correct_des3_mic", &use_compat, FALSE);
if (ret)
return ret;
if (use_compat)
ctx->more_flags |= COMPAT_OLD_DES3;
ctx->more_flags |= COMPAT_OLD_DES3_SELECTED;
}
return 0;
}
OM_uint32
gss_krb5_compat_des3_mic(OM_uint32 *minor_status, gss_ctx_id_t ctx, int on)
{
*minor_status = 0;
if (on) {
ctx->more_flags |= COMPAT_OLD_DES3;
} else {
ctx->more_flags &= ~COMPAT_OLD_DES3;
}
ctx->more_flags |= COMPAT_OLD_DES3_SELECTED;
return 0;
}

View File

@ -1,85 +0,0 @@
/*
* Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "gssapi_locl.h"
RCSID("$Id: context_time.c,v 1.7.2.1 2003/08/15 14:25:50 lha Exp $");
OM_uint32
gssapi_lifetime_left(OM_uint32 *minor_status,
OM_uint32 lifetime,
OM_uint32 *lifetime_rec)
{
krb5_timestamp timeret;
krb5_error_code kret;
kret = krb5_timeofday(gssapi_krb5_context, &timeret);
if (kret) {
*minor_status = kret;
gssapi_krb5_set_error_string ();
return GSS_S_FAILURE;
}
if (lifetime < timeret)
*lifetime_rec = 0;
else
*lifetime_rec = lifetime - timeret;
return GSS_S_COMPLETE;
}
OM_uint32 gss_context_time
(OM_uint32 * minor_status,
const gss_ctx_id_t context_handle,
OM_uint32 * time_rec
)
{
OM_uint32 lifetime;
OM_uint32 major_status;
GSSAPI_KRB5_INIT ();
lifetime = context_handle->lifetime;
major_status = gssapi_lifetime_left(minor_status, lifetime, time_rec);
if (major_status != GSS_S_COMPLETE)
return major_status;
*minor_status = 0;
if (*time_rec == 0)
return GSS_S_CONTEXT_EXPIRED;
return GSS_S_COMPLETE;
}

View File

@ -1,52 +0,0 @@
/*
* Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "gssapi_locl.h"
RCSID("$Id: create_emtpy_oid_set.c,v 1.5 2003/03/16 17:47:07 lha Exp $");
OM_uint32 gss_create_empty_oid_set (
OM_uint32 * minor_status,
gss_OID_set * oid_set
)
{
*oid_set = malloc(sizeof(**oid_set));
if (*oid_set == NULL) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
(*oid_set)->count = 0;
(*oid_set)->elements = NULL;
*minor_status = 0;
return GSS_S_COMPLETE;
}

View File

@ -1,184 +0,0 @@
/*
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "gssapi_locl.h"
RCSID("$Id: decapsulate.c,v 1.7.6.1 2003/09/18 22:00:41 lha Exp $");
OM_uint32
gssapi_krb5_verify_header(u_char **str,
size_t total_len,
char *type)
{
size_t len, len_len, mech_len, foo;
int e;
u_char *p = *str;
if (total_len < 1)
return GSS_S_DEFECTIVE_TOKEN;
if (*p++ != 0x60)
return GSS_S_DEFECTIVE_TOKEN;
e = der_get_length (p, total_len - 1, &len, &len_len);
if (e || 1 + len_len + len != total_len)
return GSS_S_DEFECTIVE_TOKEN;
p += len_len;
if (*p++ != 0x06)
return GSS_S_DEFECTIVE_TOKEN;
e = der_get_length (p, total_len - 1 - len_len - 1,
&mech_len, &foo);
if (e)
return GSS_S_DEFECTIVE_TOKEN;
p += foo;
if (mech_len != GSS_KRB5_MECHANISM->length)
return GSS_S_BAD_MECH;
if (memcmp(p,
GSS_KRB5_MECHANISM->elements,
GSS_KRB5_MECHANISM->length) != 0)
return GSS_S_BAD_MECH;
p += mech_len;
if (memcmp (p, type, 2) != 0)
return GSS_S_DEFECTIVE_TOKEN;
p += 2;
*str = p;
return GSS_S_COMPLETE;
}
static ssize_t
gssapi_krb5_get_mech (const u_char *ptr,
size_t total_len,
const u_char **mech_ret)
{
size_t len, len_len, mech_len, foo;
const u_char *p = ptr;
int e;
if (total_len < 1)
return -1;
if (*p++ != 0x60)
return -1;
e = der_get_length (p, total_len - 1, &len, &len_len);
if (e || 1 + len_len + len != total_len)
return -1;
p += len_len;
if (*p++ != 0x06)
return -1;
e = der_get_length (p, total_len - 1 - len_len - 1,
&mech_len, &foo);
if (e)
return -1;
p += foo;
*mech_ret = p;
return mech_len;
}
OM_uint32
_gssapi_verify_mech_header(u_char **str,
size_t total_len)
{
const u_char *p;
ssize_t mech_len;
mech_len = gssapi_krb5_get_mech (*str, total_len, &p);
if (mech_len < 0)
return GSS_S_DEFECTIVE_TOKEN;
if (mech_len != GSS_KRB5_MECHANISM->length)
return GSS_S_BAD_MECH;
if (memcmp(p,
GSS_KRB5_MECHANISM->elements,
GSS_KRB5_MECHANISM->length) != 0)
return GSS_S_BAD_MECH;
p += mech_len;
*str = (char *)p;
return GSS_S_COMPLETE;
}
/*
* Remove the GSS-API wrapping from `in_token' giving `out_data.
* Does not copy data, so just free `in_token'.
*/
OM_uint32
gssapi_krb5_decapsulate(
OM_uint32 *minor_status,
gss_buffer_t input_token_buffer,
krb5_data *out_data,
char *type
)
{
u_char *p;
OM_uint32 ret;
p = input_token_buffer->value;
ret = gssapi_krb5_verify_header(&p,
input_token_buffer->length,
type);
if (ret) {
*minor_status = 0;
return ret;
}
out_data->length = input_token_buffer->length -
(p - (u_char *)input_token_buffer->value);
out_data->data = p;
return GSS_S_COMPLETE;
}
/*
* Verify padding of a gss wrapped message and return its length.
*/
OM_uint32
_gssapi_verify_pad(gss_buffer_t wrapped_token,
size_t datalen,
size_t *padlen)
{
u_char *pad;
size_t padlength;
int i;
pad = (u_char *)wrapped_token->value + wrapped_token->length - 1;
padlength = *pad;
if (padlength > datalen)
return GSS_S_BAD_MECH;
for (i = padlength; i > 0 && *pad == padlength; i--, pad--)
;
if (i != 0)
return GSS_S_BAD_MIC;
*padlen = padlength;
return 0;
}

View File

@ -1,69 +0,0 @@
/*
* Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "gssapi_locl.h"
RCSID("$Id: delete_sec_context.c,v 1.11 2003/03/16 17:46:40 lha Exp $");
OM_uint32 gss_delete_sec_context
(OM_uint32 * minor_status,
gss_ctx_id_t * context_handle,
gss_buffer_t output_token
)
{
GSSAPI_KRB5_INIT ();
if (output_token) {
output_token->length = 0;
output_token->value = NULL;
}
krb5_auth_con_free (gssapi_krb5_context,
(*context_handle)->auth_context);
if((*context_handle)->source)
krb5_free_principal (gssapi_krb5_context,
(*context_handle)->source);
if((*context_handle)->target)
krb5_free_principal (gssapi_krb5_context,
(*context_handle)->target);
if ((*context_handle)->ticket) {
krb5_free_ticket (gssapi_krb5_context,
(*context_handle)->ticket);
free((*context_handle)->ticket);
}
free (*context_handle);
*context_handle = GSS_C_NO_CONTEXT;
*minor_status = 0;
return GSS_S_COMPLETE;
}

View File

@ -1,73 +0,0 @@
/*
* Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "gssapi_locl.h"
RCSID("$Id: display_name.c,v 1.9 2003/03/16 17:46:11 lha Exp $");
OM_uint32 gss_display_name
(OM_uint32 * minor_status,
const gss_name_t input_name,
gss_buffer_t output_name_buffer,
gss_OID * output_name_type
)
{
krb5_error_code kret;
char *buf;
size_t len;
GSSAPI_KRB5_INIT ();
kret = krb5_unparse_name (gssapi_krb5_context,
input_name,
&buf);
if (kret) {
*minor_status = kret;
gssapi_krb5_set_error_string ();
return GSS_S_FAILURE;
}
len = strlen (buf);
output_name_buffer->length = len;
output_name_buffer->value = malloc(len + 1);
if (output_name_buffer->value == NULL) {
free (buf);
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
memcpy (output_name_buffer->value, buf, len);
((char *)output_name_buffer->value)[len] = '\0';
free (buf);
if (output_name_type)
*output_name_type = GSS_KRB5_NT_PRINCIPAL_NAME;
*minor_status = 0;
return GSS_S_COMPLETE;
}

View File

@ -1,187 +0,0 @@
/*
* Copyright (c) 1998 - 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "gssapi_locl.h"
RCSID("$Id: display_status.c,v 1.9 2003/03/16 17:45:36 lha Exp $");
static char *krb5_error_string;
static char *
calling_error(OM_uint32 v)
{
static char *msgs[] = {
NULL, /* 0 */
"A required input parameter could not be read.", /* */
"A required output parameter could not be written.", /* */
"A parameter was malformed"
};
v >>= GSS_C_CALLING_ERROR_OFFSET;
if (v == 0)
return "";
else if (v >= sizeof(msgs)/sizeof(*msgs))
return "unknown calling error";
else
return msgs[v];
}
static char *
routine_error(OM_uint32 v)
{
static char *msgs[] = {
NULL, /* 0 */
"An unsupported mechanism was requested",
"An invalid name was supplied",
"A supplied name was of an unsupported type",
"Incorrect channel bindings were supplied",
"An invalid status code was supplied",
"A token had an invalid MIC",
"No credentials were supplied, "
"or the credentials were unavailable or inaccessible.",
"No context has been established",
"A token was invalid",
"A credential was invalid",
"The referenced credentials have expired",
"The context has expired",
"Miscellaneous failure (see text)",
"The quality-of-protection requested could not be provide",
"The operation is forbidden by local security policy",
"The operation or option is not available",
"The requested credential element already exists",
"The provided name was not a mechanism name.",
};
v >>= GSS_C_ROUTINE_ERROR_OFFSET;
if (v == 0)
return "";
else if (v >= sizeof(msgs)/sizeof(*msgs))
return "unknown routine error";
else
return msgs[v];
}
static char *
supplementary_error(OM_uint32 v)
{
static char *msgs[] = {
"normal completion",
"continuation call to routine required",
"duplicate per-message token detected",
"timed-out per-message token detected",
"reordered (early) per-message token detected",
"skipped predecessor token(s) detected"
};
v >>= GSS_C_SUPPLEMENTARY_OFFSET;
if (v >= sizeof(msgs)/sizeof(*msgs))
return "unknown routine error";
else
return msgs[v];
}
void
gssapi_krb5_set_error_string (void)
{
krb5_error_string = krb5_get_error_string(gssapi_krb5_context);
}
char *
gssapi_krb5_get_error_string (void)
{
char *ret = krb5_error_string;
krb5_error_string = NULL;
return ret;
}
OM_uint32 gss_display_status
(OM_uint32 *minor_status,
OM_uint32 status_value,
int status_type,
const gss_OID mech_type,
OM_uint32 *message_context,
gss_buffer_t status_string)
{
char *buf;
GSSAPI_KRB5_INIT ();
status_string->length = 0;
status_string->value = NULL;
if (gss_oid_equal(mech_type, GSS_C_NO_OID) == 0 &&
gss_oid_equal(mech_type, GSS_KRB5_MECHANISM) == 0) {
*minor_status = 0;
return GSS_C_GSS_CODE;
}
if (status_type == GSS_C_GSS_CODE) {
if (GSS_SUPPLEMENTARY_INFO(status_value))
asprintf(&buf, "%s",
supplementary_error(GSS_SUPPLEMENTARY_INFO(status_value)));
else
asprintf (&buf, "%s %s",
calling_error(GSS_CALLING_ERROR(status_value)),
routine_error(GSS_ROUTINE_ERROR(status_value)));
} else if (status_type == GSS_C_MECH_CODE) {
buf = gssapi_krb5_get_error_string ();
if (buf == NULL) {
const char *tmp = krb5_get_err_text (gssapi_krb5_context,
status_value);
if (tmp == NULL)
asprintf(&buf, "unknown mech error-code %u",
(unsigned)status_value);
else
buf = strdup(tmp);
}
} else {
*minor_status = EINVAL;
return GSS_S_BAD_STATUS;
}
if (buf == NULL) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
*message_context = 0;
*minor_status = 0;
status_string->length = strlen(buf);
status_string->value = buf;
return GSS_S_COMPLETE;
}

View File

@ -1,59 +0,0 @@
/*
* Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "gssapi_locl.h"
RCSID("$Id: duplicate_name.c,v 1.7 2003/03/16 17:44:26 lha Exp $");
OM_uint32 gss_duplicate_name (
OM_uint32 * minor_status,
const gss_name_t src_name,
gss_name_t * dest_name
)
{
krb5_error_code kret;
GSSAPI_KRB5_INIT ();
kret = krb5_copy_principal (gssapi_krb5_context,
src_name,
dest_name);
if (kret) {
*minor_status = kret;
gssapi_krb5_set_error_string ();
return GSS_S_FAILURE;
} else {
*minor_status = 0;
return GSS_S_COMPLETE;
}
}

View File

@ -1,122 +0,0 @@
/*
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "gssapi_locl.h"
RCSID("$Id: encapsulate.c,v 1.6.6.1 2003/09/18 21:47:44 lha Exp $");
void
gssapi_krb5_encap_length (size_t data_len,
size_t *len,
size_t *total_len)
{
size_t len_len;
*len = 1 + 1 + GSS_KRB5_MECHANISM->length + 2 + data_len;
len_len = length_len(*len);
*total_len = 1 + len_len + *len;
}
u_char *
gssapi_krb5_make_header (u_char *p,
size_t len,
u_char *type)
{
int e;
size_t len_len, foo;
*p++ = 0x60;
len_len = length_len(len);
e = der_put_length (p + len_len - 1, len_len, len, &foo);
if(e || foo != len_len)
abort ();
p += len_len;
*p++ = 0x06;
*p++ = GSS_KRB5_MECHANISM->length;
memcpy (p, GSS_KRB5_MECHANISM->elements, GSS_KRB5_MECHANISM->length);
p += GSS_KRB5_MECHANISM->length;
memcpy (p, type, 2);
p += 2;
return p;
}
u_char *
_gssapi_make_mech_header(u_char *p,
size_t len)
{
int e;
size_t len_len, foo;
*p++ = 0x60;
len_len = length_len(len);
e = der_put_length (p + len_len - 1, len_len, len, &foo);
if(e || foo != len_len)
abort ();
p += len_len;
*p++ = 0x06;
*p++ = GSS_KRB5_MECHANISM->length;
memcpy (p, GSS_KRB5_MECHANISM->elements, GSS_KRB5_MECHANISM->length);
p += GSS_KRB5_MECHANISM->length;
return p;
}
/*
* Give it a krb5_data and it will encapsulate with extra GSS-API wrappings.
*/
OM_uint32
gssapi_krb5_encapsulate(
OM_uint32 *minor_status,
const krb5_data *in_data,
gss_buffer_t output_token,
u_char *type
)
{
size_t len, outer_len;
u_char *p;
gssapi_krb5_encap_length (in_data->length, &len, &outer_len);
output_token->length = outer_len;
output_token->value = malloc (outer_len);
if (output_token->value == NULL) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
p = gssapi_krb5_make_header (output_token->value, len, type);
memcpy (p, in_data->data, in_data->length);
return GSS_S_COMPLETE;
}

View File

@ -1,94 +0,0 @@
/*
* Copyright (c) 1997, 1999, 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "gssapi_locl.h"
RCSID("$Id: export_name.c,v 1.5 2003/03/16 17:34:46 lha Exp $");
OM_uint32 gss_export_name
(OM_uint32 * minor_status,
const gss_name_t input_name,
gss_buffer_t exported_name
)
{
krb5_error_code kret;
char *buf, *name;
size_t len;
GSSAPI_KRB5_INIT ();
kret = krb5_unparse_name (gssapi_krb5_context,
input_name,
&name);
if (kret) {
*minor_status = kret;
gssapi_krb5_set_error_string ();
return GSS_S_FAILURE;
}
len = strlen (name);
exported_name->length = 10 + len + GSS_KRB5_MECHANISM->length;
exported_name->value = malloc(exported_name->length);
if (exported_name->value == NULL) {
free (name);
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
/* TOK, MECH_OID_LEN, DER(MECH_OID), NAME_LEN, NAME */
buf = exported_name->value;
memcpy(buf, "\x04\x01", 2);
buf += 2;
buf[0] = ((GSS_KRB5_MECHANISM->length + 2) >> 8) & 0xff;
buf[1] = (GSS_KRB5_MECHANISM->length + 2) & 0xff;
buf+= 2;
buf[0] = 0x06;
buf[1] = (GSS_KRB5_MECHANISM->length) & 0xFF;
buf+= 2;
memcpy(buf, GSS_KRB5_MECHANISM->elements, GSS_KRB5_MECHANISM->length);
buf += GSS_KRB5_MECHANISM->length;
buf[0] = (len >> 24) & 0xff;
buf[1] = (len >> 16) & 0xff;
buf[2] = (len >> 8) & 0xff;
buf[3] = (len) & 0xff;
buf += 4;
memcpy (buf, name, len);
free (name);
*minor_status = 0;
return GSS_S_COMPLETE;
}

View File

@ -1,223 +0,0 @@
/*
* Copyright (c) 1999 - 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "gssapi_locl.h"
RCSID("$Id: export_sec_context.c,v 1.6 2003/03/16 18:02:52 lha Exp $");
OM_uint32
gss_export_sec_context (
OM_uint32 * minor_status,
gss_ctx_id_t * context_handle,
gss_buffer_t interprocess_token
)
{
krb5_storage *sp;
krb5_auth_context ac;
OM_uint32 ret = GSS_S_COMPLETE;
krb5_data data;
gss_buffer_desc buffer;
int flags;
OM_uint32 minor;
krb5_error_code kret;
GSSAPI_KRB5_INIT ();
if (!((*context_handle)->flags & GSS_C_TRANS_FLAG)) {
*minor_status = 0;
return GSS_S_UNAVAILABLE;
}
sp = krb5_storage_emem ();
if (sp == NULL) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
ac = (*context_handle)->auth_context;
/* flagging included fields */
flags = 0;
if (ac->local_address)
flags |= SC_LOCAL_ADDRESS;
if (ac->remote_address)
flags |= SC_REMOTE_ADDRESS;
if (ac->keyblock)
flags |= SC_KEYBLOCK;
if (ac->local_subkey)
flags |= SC_LOCAL_SUBKEY;
if (ac->remote_subkey)
flags |= SC_REMOTE_SUBKEY;
kret = krb5_store_int32 (sp, flags);
if (kret) {
*minor_status = kret;
goto failure;
}
/* marshall auth context */
kret = krb5_store_int32 (sp, ac->flags);
if (kret) {
*minor_status = kret;
goto failure;
}
if (ac->local_address) {
kret = krb5_store_address (sp, *ac->local_address);
if (kret) {
*minor_status = kret;
goto failure;
}
}
if (ac->remote_address) {
kret = krb5_store_address (sp, *ac->remote_address);
if (kret) {
*minor_status = kret;
goto failure;
}
}
kret = krb5_store_int16 (sp, ac->local_port);
if (kret) {
*minor_status = kret;
goto failure;
}
kret = krb5_store_int16 (sp, ac->remote_port);
if (kret) {
*minor_status = kret;
goto failure;
}
if (ac->keyblock) {
kret = krb5_store_keyblock (sp, *ac->keyblock);
if (kret) {
*minor_status = kret;
goto failure;
}
}
if (ac->local_subkey) {
kret = krb5_store_keyblock (sp, *ac->local_subkey);
if (kret) {
*minor_status = kret;
goto failure;
}
}
if (ac->remote_subkey) {
kret = krb5_store_keyblock (sp, *ac->remote_subkey);
if (kret) {
*minor_status = kret;
goto failure;
}
}
kret = krb5_store_int32 (sp, ac->local_seqnumber);
if (kret) {
*minor_status = kret;
goto failure;
}
kret = krb5_store_int32 (sp, ac->remote_seqnumber);
if (kret) {
*minor_status = kret;
goto failure;
}
kret = krb5_store_int32 (sp, ac->keytype);
if (kret) {
*minor_status = kret;
goto failure;
}
kret = krb5_store_int32 (sp, ac->cksumtype);
if (kret) {
*minor_status = kret;
goto failure;
}
/* names */
ret = gss_export_name (minor_status, (*context_handle)->source, &buffer);
if (ret)
goto failure;
data.data = buffer.value;
data.length = buffer.length;
kret = krb5_store_data (sp, data);
gss_release_buffer (&minor, &buffer);
if (kret) {
*minor_status = kret;
goto failure;
}
ret = gss_export_name (minor_status, (*context_handle)->target, &buffer);
if (ret)
goto failure;
data.data = buffer.value;
data.length = buffer.length;
ret = GSS_S_FAILURE;
kret = krb5_store_data (sp, data);
gss_release_buffer (&minor, &buffer);
if (kret) {
*minor_status = kret;
goto failure;
}
kret = krb5_store_int32 (sp, (*context_handle)->flags);
if (kret) {
*minor_status = kret;
goto failure;
}
kret = krb5_store_int32 (sp, (*context_handle)->more_flags);
if (kret) {
*minor_status = kret;
goto failure;
}
kret = krb5_store_int32 (sp, (*context_handle)->lifetime);
if (kret) {
*minor_status = kret;
goto failure;
}
kret = krb5_storage_to_data (sp, &data);
krb5_storage_free (sp);
if (kret) {
*minor_status = kret;
return GSS_S_FAILURE;
}
interprocess_token->length = data.length;
interprocess_token->value = data.data;
ret = gss_delete_sec_context (minor_status, context_handle,
GSS_C_NO_BUFFER);
if (ret != GSS_S_COMPLETE)
gss_release_buffer (NULL, interprocess_token);
*minor_status = 0;
return ret;
failure:
krb5_storage_free (sp);
return ret;
}

View File

@ -1,235 +0,0 @@
/*
* Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "gssapi_locl.h"
RCSID("$Id: external.c,v 1.5 2000/07/22 03:45:28 assar Exp $");
/*
* The implementation must reserve static storage for a
* gss_OID_desc object containing the value
* {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
* "\x01\x02\x01\x01"},
* corresponding to an object-identifier value of
* {iso(1) member-body(2) United States(840) mit(113554)
* infosys(1) gssapi(2) generic(1) user_name(1)}. The constant
* GSS_C_NT_USER_NAME should be initialized to point
* to that gss_OID_desc.
*/
static gss_OID_desc gss_c_nt_user_name_oid_desc =
{10, (void *)"\x2a\x86\x48\x86\xf7\x12"
"\x01\x02\x01\x01"};
gss_OID GSS_C_NT_USER_NAME = &gss_c_nt_user_name_oid_desc;
/*
* The implementation must reserve static storage for a
* gss_OID_desc object containing the value
* {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
* "\x01\x02\x01\x02"},
* corresponding to an object-identifier value of
* {iso(1) member-body(2) United States(840) mit(113554)
* infosys(1) gssapi(2) generic(1) machine_uid_name(2)}.
* The constant GSS_C_NT_MACHINE_UID_NAME should be
* initialized to point to that gss_OID_desc.
*/
static gss_OID_desc gss_c_nt_machine_uid_name_oid_desc =
{10, (void *)"\x2a\x86\x48\x86\xf7\x12"
"\x01\x02\x01\x02"};
gss_OID GSS_C_NT_MACHINE_UID_NAME = &gss_c_nt_machine_uid_name_oid_desc;
/*
* The implementation must reserve static storage for a
* gss_OID_desc object containing the value
* {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
* "\x01\x02\x01\x03"},
* corresponding to an object-identifier value of
* {iso(1) member-body(2) United States(840) mit(113554)
* infosys(1) gssapi(2) generic(1) string_uid_name(3)}.
* The constant GSS_C_NT_STRING_UID_NAME should be
* initialized to point to that gss_OID_desc.
*/
static gss_OID_desc gss_c_nt_string_uid_name_oid_desc =
{10, (void *)"\x2a\x86\x48\x86\xf7\x12"
"\x01\x02\x01\x03"};
gss_OID GSS_C_NT_STRING_UID_NAME = &gss_c_nt_string_uid_name_oid_desc;
/*
* The implementation must reserve static storage for a
* gss_OID_desc object containing the value
* {6, (void *)"\x2b\x06\x01\x05\x06\x02"},
* corresponding to an object-identifier value of
* {iso(1) org(3) dod(6) internet(1) security(5)
* nametypes(6) gss-host-based-services(2)). The constant
* GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point
* to that gss_OID_desc. This is a deprecated OID value, and
* implementations wishing to support hostbased-service names
* should instead use the GSS_C_NT_HOSTBASED_SERVICE OID,
* defined below, to identify such names;
* GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym
* for GSS_C_NT_HOSTBASED_SERVICE when presented as an input
* parameter, but should not be emitted by GSS-API
* implementations
*/
static gss_OID_desc gss_c_nt_hostbased_service_x_oid_desc =
{6, (void *)"\x2b\x06\x01\x05\x06\x02"};
gss_OID GSS_C_NT_HOSTBASED_SERVICE_X = &gss_c_nt_hostbased_service_x_oid_desc;
/*
* The implementation must reserve static storage for a
* gss_OID_desc object containing the value
* {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
* "\x01\x02\x01\x04"}, corresponding to an
* object-identifier value of {iso(1) member-body(2)
* Unites States(840) mit(113554) infosys(1) gssapi(2)
* generic(1) service_name(4)}. The constant
* GSS_C_NT_HOSTBASED_SERVICE should be initialized
* to point to that gss_OID_desc.
*/
static gss_OID_desc gss_c_nt_hostbased_service_oid_desc =
{10, (void *)"\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x04"};
gss_OID GSS_C_NT_HOSTBASED_SERVICE = &gss_c_nt_hostbased_service_oid_desc;
/*
* The implementation must reserve static storage for a
* gss_OID_desc object containing the value
* {6, (void *)"\x2b\x06\01\x05\x06\x03"},
* corresponding to an object identifier value of
* {1(iso), 3(org), 6(dod), 1(internet), 5(security),
* 6(nametypes), 3(gss-anonymous-name)}. The constant
* and GSS_C_NT_ANONYMOUS should be initialized to point
* to that gss_OID_desc.
*/
static gss_OID_desc gss_c_nt_anonymous_oid_desc =
{6, (void *)"\x2b\x06\01\x05\x06\x03"};
gss_OID GSS_C_NT_ANONYMOUS = &gss_c_nt_anonymous_oid_desc;
/*
* The implementation must reserve static storage for a
* gss_OID_desc object containing the value
* {6, (void *)"\x2b\x06\x01\x05\x06\x04"},
* corresponding to an object-identifier value of
* {1(iso), 3(org), 6(dod), 1(internet), 5(security),
* 6(nametypes), 4(gss-api-exported-name)}. The constant
* GSS_C_NT_EXPORT_NAME should be initialized to point
* to that gss_OID_desc.
*/
static gss_OID_desc gss_c_nt_export_name_oid_desc =
{6, (void *)"\x2b\x06\x01\x05\x06\x04"};
gss_OID GSS_C_NT_EXPORT_NAME = &gss_c_nt_export_name_oid_desc;
/*
* This name form shall be represented by the Object Identifier {iso(1)
* member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
* krb5(2) krb5_name(1)}. The recommended symbolic name for this type
* is "GSS_KRB5_NT_PRINCIPAL_NAME".
*/
static gss_OID_desc gss_krb5_nt_principal_name_oid_desc =
{10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01"};
gss_OID GSS_KRB5_NT_PRINCIPAL_NAME = &gss_krb5_nt_principal_name_oid_desc;
/*
* This name form shall be represented by the Object Identifier {iso(1)
* member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
* generic(1) user_name(1)}. The recommended symbolic name for this
* type is "GSS_KRB5_NT_USER_NAME".
*/
gss_OID GSS_KRB5_NT_USER_NAME = &gss_c_nt_user_name_oid_desc;
/*
* This name form shall be represented by the Object Identifier {iso(1)
* member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
* generic(1) machine_uid_name(2)}. The recommended symbolic name for
* this type is "GSS_KRB5_NT_MACHINE_UID_NAME".
*/
gss_OID GSS_KRB5_NT_MACHINE_UID_NAME = &gss_c_nt_machine_uid_name_oid_desc;
/*
* This name form shall be represented by the Object Identifier {iso(1)
* member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
* generic(1) string_uid_name(3)}. The recommended symbolic name for
* this type is "GSS_KRB5_NT_STRING_UID_NAME".
*/
gss_OID GSS_KRB5_NT_STRING_UID_NAME = &gss_c_nt_string_uid_name_oid_desc;
/*
* To support ongoing experimentation, testing, and evolution of the
* specification, the Kerberos V5 GSS-API mechanism as defined in this
* and any successor memos will be identified with the following Object
* Identifier, as defined in RFC-1510, until the specification is
* advanced to the level of Proposed Standard RFC:
*
* {iso(1), org(3), dod(5), internet(1), security(5), kerberosv5(2)}
*
* Upon advancement to the level of Proposed Standard RFC, the Kerberos
* V5 GSS-API mechanism will be identified by an Object Identifier
* having the value:
*
* {iso(1) member-body(2) United States(840) mit(113554) infosys(1)
* gssapi(2) krb5(2)}
*/
#if 0 /* This is the old OID */
static gss_OID_desc gss_krb5_mechanism_oid_desc =
{5, (void *)"\x2b\x05\x01\x05\x02"};
#endif
static gss_OID_desc gss_krb5_mechanism_oid_desc =
{9, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"};
gss_OID GSS_KRB5_MECHANISM = &gss_krb5_mechanism_oid_desc;
/*
* Context for krb5 calls.
*/
krb5_context gssapi_krb5_context;

View File

@ -1,295 +0,0 @@
/*
* Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "gssapi_locl.h"
RCSID("$Id: get_mic.c,v 1.21.2.1 2003/09/18 22:05:12 lha Exp $");
static OM_uint32
mic_des
(OM_uint32 * minor_status,
const gss_ctx_id_t context_handle,
gss_qop_t qop_req,
const gss_buffer_t message_buffer,
gss_buffer_t message_token,
krb5_keyblock *key
)
{
u_char *p;
MD5_CTX md5;
u_char hash[16];
des_key_schedule schedule;
des_cblock deskey;
des_cblock zero;
int32_t seq_number;
size_t len, total_len;
gssapi_krb5_encap_length (22, &len, &total_len);
message_token->length = total_len;
message_token->value = malloc (total_len);
if (message_token->value == NULL) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
p = gssapi_krb5_make_header(message_token->value,
len,
"\x01\x01"); /* TOK_ID */
memcpy (p, "\x00\x00", 2); /* SGN_ALG = DES MAC MD5 */
p += 2;
memcpy (p, "\xff\xff\xff\xff", 4); /* Filler */
p += 4;
/* Fill in later (SND-SEQ) */
memset (p, 0, 16);
p += 16;
/* checksum */
MD5_Init (&md5);
MD5_Update (&md5, p - 24, 8);
MD5_Update (&md5, message_buffer->value, message_buffer->length);
MD5_Final (hash, &md5);
memset (&zero, 0, sizeof(zero));
memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
des_set_key (&deskey, schedule);
des_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
schedule, &zero);
memcpy (p - 8, hash, 8); /* SGN_CKSUM */
/* sequence number */
krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,
context_handle->auth_context,
&seq_number);
p -= 16; /* SND_SEQ */
p[0] = (seq_number >> 0) & 0xFF;
p[1] = (seq_number >> 8) & 0xFF;
p[2] = (seq_number >> 16) & 0xFF;
p[3] = (seq_number >> 24) & 0xFF;
memset (p + 4,
(context_handle->more_flags & LOCAL) ? 0 : 0xFF,
4);
des_set_key (&deskey, schedule);
des_cbc_encrypt ((void *)p, (void *)p, 8,
schedule, (des_cblock *)(p + 8), DES_ENCRYPT);
krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,
context_handle->auth_context,
++seq_number);
memset (deskey, 0, sizeof(deskey));
memset (schedule, 0, sizeof(schedule));
*minor_status = 0;
return GSS_S_COMPLETE;
}
static OM_uint32
mic_des3
(OM_uint32 * minor_status,
const gss_ctx_id_t context_handle,
gss_qop_t qop_req,
const gss_buffer_t message_buffer,
gss_buffer_t message_token,
krb5_keyblock *key
)
{
u_char *p;
Checksum cksum;
u_char seq[8];
int32_t seq_number;
size_t len, total_len;
krb5_crypto crypto;
krb5_error_code kret;
krb5_data encdata;
char *tmp;
char ivec[8];
gssapi_krb5_encap_length (36, &len, &total_len);
message_token->length = total_len;
message_token->value = malloc (total_len);
if (message_token->value == NULL) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
p = gssapi_krb5_make_header(message_token->value,
len,
"\x01\x01"); /* TOK-ID */
memcpy (p, "\x04\x00", 2); /* SGN_ALG = HMAC SHA1 DES3-KD */
p += 2;
memcpy (p, "\xff\xff\xff\xff", 4); /* filler */
p += 4;
/* this should be done in parts */
tmp = malloc (message_buffer->length + 8);
if (tmp == NULL) {
free (message_token->value);
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
memcpy (tmp, p - 8, 8);
memcpy (tmp + 8, message_buffer->value, message_buffer->length);
kret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto);
if (kret) {
free (message_token->value);
free (tmp);
gssapi_krb5_set_error_string ();
*minor_status = kret;
return GSS_S_FAILURE;
}
kret = krb5_create_checksum (gssapi_krb5_context,
crypto,
KRB5_KU_USAGE_SIGN,
0,
tmp,
message_buffer->length + 8,
&cksum);
free (tmp);
krb5_crypto_destroy (gssapi_krb5_context, crypto);
if (kret) {
free (message_token->value);
gssapi_krb5_set_error_string ();
*minor_status = kret;
return GSS_S_FAILURE;
}
memcpy (p + 8, cksum.checksum.data, cksum.checksum.length);
/* sequence number */
krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,
context_handle->auth_context,
&seq_number);
seq[0] = (seq_number >> 0) & 0xFF;
seq[1] = (seq_number >> 8) & 0xFF;
seq[2] = (seq_number >> 16) & 0xFF;
seq[3] = (seq_number >> 24) & 0xFF;
memset (seq + 4,
(context_handle->more_flags & LOCAL) ? 0 : 0xFF,
4);
kret = krb5_crypto_init(gssapi_krb5_context, key,
ETYPE_DES3_CBC_NONE, &crypto);
if (kret) {
free (message_token->value);
gssapi_krb5_set_error_string ();
*minor_status = kret;
return GSS_S_FAILURE;
}
if (context_handle->more_flags & COMPAT_OLD_DES3)
memset(ivec, 0, 8);
else
memcpy(ivec, p + 8, 8);
kret = krb5_encrypt_ivec (gssapi_krb5_context,
crypto,
KRB5_KU_USAGE_SEQ,
seq, 8, &encdata, ivec);
krb5_crypto_destroy (gssapi_krb5_context, crypto);
if (kret) {
free (message_token->value);
gssapi_krb5_set_error_string ();
*minor_status = kret;
return GSS_S_FAILURE;
}
assert (encdata.length == 8);
memcpy (p, encdata.data, encdata.length);
krb5_data_free (&encdata);
krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,
context_handle->auth_context,
++seq_number);
free_Checksum (&cksum);
*minor_status = 0;
return GSS_S_COMPLETE;
}
OM_uint32 gss_get_mic
(OM_uint32 * minor_status,
const gss_ctx_id_t context_handle,
gss_qop_t qop_req,
const gss_buffer_t message_buffer,
gss_buffer_t message_token
)
{
krb5_keyblock *key;
OM_uint32 ret;
krb5_keytype keytype;
ret = gss_krb5_get_localkey(context_handle, &key);
if (ret) {
gssapi_krb5_set_error_string ();
*minor_status = ret;
return GSS_S_FAILURE;
}
krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype);
switch (keytype) {
case KEYTYPE_DES :
ret = mic_des (minor_status, context_handle, qop_req,
message_buffer, message_token, key);
break;
case KEYTYPE_DES3 :
ret = mic_des3 (minor_status, context_handle, qop_req,
message_buffer, message_token, key);
break;
case KEYTYPE_ARCFOUR:
ret = _gssapi_get_mic_arcfour (minor_status, context_handle, qop_req,
message_buffer, message_token, key);
break;
default :
*minor_status = KRB5_PROG_ETYPE_NOSUPP;
ret = GSS_S_FAILURE;
break;
}
krb5_free_keyblock (gssapi_krb5_context, key);
return ret;
}

View File

@ -1,180 +0,0 @@
/*
* Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* $Id: gssapi_locl.h,v 1.24.2.5 2003/09/18 22:01:52 lha Exp $ */
/* $FreeBSD$ */
#ifndef GSSAPI_LOCL_H
#define GSSAPI_LOCL_H
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <krb5_locl.h>
#include "gssapi.h"
#include <assert.h>
#include "arcfour.h"
extern krb5_context gssapi_krb5_context;
extern krb5_keytab gssapi_krb5_keytab;
krb5_error_code gssapi_krb5_init (void);
#define GSSAPI_KRB5_INIT() do { \
krb5_error_code kret; \
if((kret = gssapi_krb5_init ()) != 0) { \
*minor_status = kret; \
return GSS_S_FAILURE; \
} \
} while (0)
OM_uint32
gssapi_krb5_create_8003_checksum (
OM_uint32 *minor_status,
const gss_channel_bindings_t input_chan_bindings,
OM_uint32 flags,
const krb5_data *fwd_data,
Checksum *result);
OM_uint32
gssapi_krb5_verify_8003_checksum (
OM_uint32 *minor_status,
const gss_channel_bindings_t input_chan_bindings,
const Checksum *cksum,
OM_uint32 *flags,
krb5_data *fwd_data);
OM_uint32
gssapi_krb5_encapsulate(
OM_uint32 *minor_status,
const krb5_data *in_data,
gss_buffer_t output_token,
u_char *type);
u_char *
_gssapi_make_mech_header(u_char *p,
size_t len);
OM_uint32
gssapi_krb5_decapsulate(
OM_uint32 *minor_status,
gss_buffer_t input_token_buffer,
krb5_data *out_data,
char *type);
void
gssapi_krb5_encap_length (size_t data_len,
size_t *len,
size_t *total_len);
u_char *
gssapi_krb5_make_header (u_char *p,
size_t len,
u_char *type);
OM_uint32
gssapi_krb5_verify_header(u_char **str,
size_t total_len,
char *type);
OM_uint32
_gssapi_verify_mech_header(u_char **str,
size_t total_len);
OM_uint32
_gssapi_verify_pad(gss_buffer_t, size_t, size_t *);
OM_uint32
gss_verify_mic_internal(OM_uint32 * minor_status,
const gss_ctx_id_t context_handle,
const gss_buffer_t message_buffer,
const gss_buffer_t token_buffer,
gss_qop_t * qop_state,
char * type);
OM_uint32
gss_krb5_get_remotekey(const gss_ctx_id_t context_handle,
krb5_keyblock **key);
OM_uint32
gss_krb5_get_localkey(const gss_ctx_id_t context_handle,
krb5_keyblock **key);
krb5_error_code
gss_address_to_krb5addr(OM_uint32 gss_addr_type,
gss_buffer_desc *gss_addr,
int16_t port,
krb5_address *address);
/* sec_context flags */
#define SC_LOCAL_ADDRESS 0x01
#define SC_REMOTE_ADDRESS 0x02
#define SC_KEYBLOCK 0x04
#define SC_LOCAL_SUBKEY 0x08
#define SC_REMOTE_SUBKEY 0x10
int
gss_oid_equal(const gss_OID a, const gss_OID b);
void
gssapi_krb5_set_error_string (void);
char *
gssapi_krb5_get_error_string (void);
OM_uint32
_gss_DES3_get_mic_compat(OM_uint32 *minor_status, gss_ctx_id_t ctx);
OM_uint32
gssapi_lifetime_left(OM_uint32 *, OM_uint32, OM_uint32 *);
/* 8003 */
krb5_error_code
gssapi_encode_om_uint32(OM_uint32, u_char *);
krb5_error_code
gssapi_encode_be_om_uint32(OM_uint32, u_char *);
krb5_error_code
gssapi_decode_om_uint32(u_char *, OM_uint32 *);
krb5_error_code
gssapi_decode_be_om_uint32(u_char *, OM_uint32 *);
#endif

View File

@ -1,229 +0,0 @@
/*
* Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "gssapi_locl.h"
RCSID("$Id: import_name.c,v 1.13 2003/03/16 17:33:31 lha Exp $");
static OM_uint32
parse_krb5_name (OM_uint32 *minor_status,
const char *name,
gss_name_t *output_name)
{
krb5_error_code kerr;
kerr = krb5_parse_name (gssapi_krb5_context, name, output_name);
if (kerr == 0)
return GSS_S_COMPLETE;
else if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED) {
gssapi_krb5_set_error_string ();
*minor_status = kerr;
return GSS_S_BAD_NAME;
} else {
gssapi_krb5_set_error_string ();
*minor_status = kerr;
return GSS_S_FAILURE;
}
}
static OM_uint32
import_krb5_name (OM_uint32 *minor_status,
const gss_buffer_t input_name_buffer,
gss_name_t *output_name)
{
OM_uint32 ret;
char *tmp;
tmp = malloc (input_name_buffer->length + 1);
if (tmp == NULL) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
memcpy (tmp,
input_name_buffer->value,
input_name_buffer->length);
tmp[input_name_buffer->length] = '\0';
ret = parse_krb5_name(minor_status, tmp, output_name);
free(tmp);
return ret;
}
static OM_uint32
import_hostbased_name (OM_uint32 *minor_status,
const gss_buffer_t input_name_buffer,
gss_name_t *output_name)
{
krb5_error_code kerr;
char *tmp;
char *p;
char *host;
char local_hostname[MAXHOSTNAMELEN];
*output_name = NULL;
tmp = malloc (input_name_buffer->length + 1);
if (tmp == NULL) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
memcpy (tmp,
input_name_buffer->value,
input_name_buffer->length);
tmp[input_name_buffer->length] = '\0';
p = strchr (tmp, '@');
if (p != NULL) {
*p = '\0';
host = p + 1;
} else {
if (gethostname(local_hostname, sizeof(local_hostname)) < 0) {
*minor_status = errno;
free (tmp);
return GSS_S_FAILURE;
}
host = local_hostname;
}
kerr = krb5_sname_to_principal (gssapi_krb5_context,
host,
tmp,
KRB5_NT_SRV_HST,
output_name);
free (tmp);
*minor_status = kerr;
if (kerr == 0)
return GSS_S_COMPLETE;
else if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED) {
gssapi_krb5_set_error_string ();
*minor_status = kerr;
return GSS_S_BAD_NAME;
} else {
gssapi_krb5_set_error_string ();
*minor_status = kerr;
return GSS_S_FAILURE;
}
}
static OM_uint32
import_export_name (OM_uint32 *minor_status,
const gss_buffer_t input_name_buffer,
gss_name_t *output_name)
{
unsigned char *p;
uint32_t length;
OM_uint32 ret;
char *name;
if (input_name_buffer->length < 10 + GSS_KRB5_MECHANISM->length)
return GSS_S_BAD_NAME;
/* TOK, MECH_OID_LEN, DER(MECH_OID), NAME_LEN, NAME */
p = input_name_buffer->value;
if (memcmp(&p[0], "\x04\x01\x00", 3) != 0 ||
p[3] != GSS_KRB5_MECHANISM->length + 2 ||
p[4] != 0x06 ||
p[5] != GSS_KRB5_MECHANISM->length ||
memcmp(&p[6], GSS_KRB5_MECHANISM->elements,
GSS_KRB5_MECHANISM->length) != 0)
return GSS_S_BAD_NAME;
p += 6 + GSS_KRB5_MECHANISM->length;
length = p[0] << 24 | p[1] << 16 | p[2] << 8 | p[3];
p += 4;
if (length > input_name_buffer->length - 10 - GSS_KRB5_MECHANISM->length)
return GSS_S_BAD_NAME;
name = malloc(length + 1);
if (name == NULL) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
memcpy(name, p, length);
name[length] = '\0';
ret = parse_krb5_name(minor_status, name, output_name);
free(name);
return ret;
}
int
gss_oid_equal(const gss_OID a, const gss_OID b)
{
if (a == b)
return 1;
else if (a == GSS_C_NO_OID || b == GSS_C_NO_OID || a->length != b->length)
return 0;
else
return memcmp(a->elements, b->elements, a->length) == 0;
}
OM_uint32 gss_import_name
(OM_uint32 * minor_status,
const gss_buffer_t input_name_buffer,
const gss_OID input_name_type,
gss_name_t * output_name
)
{
GSSAPI_KRB5_INIT ();
*minor_status = 0;
*output_name = GSS_C_NO_NAME;
if (gss_oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE))
return import_hostbased_name (minor_status,
input_name_buffer,
output_name);
else if (gss_oid_equal(input_name_type, GSS_C_NO_OID)
|| gss_oid_equal(input_name_type, GSS_C_NT_USER_NAME)
|| gss_oid_equal(input_name_type, GSS_KRB5_NT_PRINCIPAL_NAME))
/* default printable syntax */
return import_krb5_name (minor_status,
input_name_buffer,
output_name);
else if (gss_oid_equal(input_name_type, GSS_C_NT_EXPORT_NAME)) {
return import_export_name(minor_status,
input_name_buffer,
output_name);
} else {
*minor_status = 0;
return GSS_S_BAD_NAMETYPE;
}
}

View File

@ -1,212 +0,0 @@
/*
* Copyright (c) 1999 - 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "gssapi_locl.h"
RCSID("$Id: import_sec_context.c,v 1.7 2003/03/16 18:01:32 lha Exp $");
OM_uint32
gss_import_sec_context (
OM_uint32 * minor_status,
const gss_buffer_t interprocess_token,
gss_ctx_id_t * context_handle
)
{
OM_uint32 ret = GSS_S_FAILURE;
krb5_error_code kret;
krb5_storage *sp;
krb5_auth_context ac;
krb5_address local, remote;
krb5_address *localp, *remotep;
krb5_data data;
gss_buffer_desc buffer;
krb5_keyblock keyblock;
int32_t tmp;
int32_t flags;
OM_uint32 minor;
GSSAPI_KRB5_INIT ();
localp = remotep = NULL;
sp = krb5_storage_from_mem (interprocess_token->value,
interprocess_token->length);
if (sp == NULL) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
*context_handle = malloc(sizeof(**context_handle));
if (*context_handle == NULL) {
*minor_status = ENOMEM;
krb5_storage_free (sp);
return GSS_S_FAILURE;
}
memset (*context_handle, 0, sizeof(**context_handle));
kret = krb5_auth_con_init (gssapi_krb5_context,
&(*context_handle)->auth_context);
if (kret) {
gssapi_krb5_set_error_string ();
*minor_status = kret;
ret = GSS_S_FAILURE;
goto failure;
}
/* flags */
*minor_status = 0;
if (krb5_ret_int32 (sp, &flags) != 0)
goto failure;
/* retrieve the auth context */
ac = (*context_handle)->auth_context;
krb5_ret_int32 (sp, &ac->flags);
if (flags & SC_LOCAL_ADDRESS) {
if (krb5_ret_address (sp, localp = &local) != 0)
goto failure;
}
if (flags & SC_REMOTE_ADDRESS) {
if (krb5_ret_address (sp, remotep = &remote) != 0)
goto failure;
}
krb5_auth_con_setaddrs (gssapi_krb5_context, ac, localp, remotep);
if (localp)
krb5_free_address (gssapi_krb5_context, localp);
if (remotep)
krb5_free_address (gssapi_krb5_context, remotep);
localp = remotep = NULL;
if (krb5_ret_int16 (sp, &ac->local_port) != 0)
goto failure;
if (krb5_ret_int16 (sp, &ac->remote_port) != 0)
goto failure;
if (flags & SC_KEYBLOCK) {
if (krb5_ret_keyblock (sp, &keyblock) != 0)
goto failure;
krb5_auth_con_setkey (gssapi_krb5_context, ac, &keyblock);
krb5_free_keyblock_contents (gssapi_krb5_context, &keyblock);
}
if (flags & SC_LOCAL_SUBKEY) {
if (krb5_ret_keyblock (sp, &keyblock) != 0)
goto failure;
krb5_auth_con_setlocalsubkey (gssapi_krb5_context, ac, &keyblock);
krb5_free_keyblock_contents (gssapi_krb5_context, &keyblock);
}
if (flags & SC_REMOTE_SUBKEY) {
if (krb5_ret_keyblock (sp, &keyblock) != 0)
goto failure;
krb5_auth_con_setremotesubkey (gssapi_krb5_context, ac, &keyblock);
krb5_free_keyblock_contents (gssapi_krb5_context, &keyblock);
}
if (krb5_ret_int32 (sp, &ac->local_seqnumber))
goto failure;
if (krb5_ret_int32 (sp, &ac->remote_seqnumber))
goto failure;
if (krb5_ret_int32 (sp, &tmp) != 0)
goto failure;
ac->keytype = tmp;
if (krb5_ret_int32 (sp, &tmp) != 0)
goto failure;
ac->cksumtype = tmp;
/* names */
if (krb5_ret_data (sp, &data))
goto failure;
buffer.value = data.data;
buffer.length = data.length;
ret = gss_import_name (minor_status, &buffer, GSS_C_NT_EXPORT_NAME,
&(*context_handle)->source);
if (ret) {
ret = gss_import_name (minor_status, &buffer, GSS_C_NO_OID,
&(*context_handle)->source);
if (ret) {
krb5_data_free (&data);
goto failure;
}
}
krb5_data_free (&data);
if (krb5_ret_data (sp, &data) != 0)
goto failure;
buffer.value = data.data;
buffer.length = data.length;
ret = gss_import_name (minor_status, &buffer, GSS_C_NT_EXPORT_NAME,
&(*context_handle)->target);
if (ret) {
ret = gss_import_name (minor_status, &buffer, GSS_C_NO_OID,
&(*context_handle)->target);
if (ret) {
krb5_data_free (&data);
goto failure;
}
}
krb5_data_free (&data);
if (krb5_ret_int32 (sp, &tmp))
goto failure;
(*context_handle)->flags = tmp;
if (krb5_ret_int32 (sp, &tmp))
goto failure;
(*context_handle)->more_flags = tmp;
if (krb5_ret_int32 (sp, &tmp) == 0)
(*context_handle)->lifetime = tmp;
else
(*context_handle)->lifetime = GSS_C_INDEFINITE;
return GSS_S_COMPLETE;
failure:
krb5_auth_con_free (gssapi_krb5_context,
(*context_handle)->auth_context);
if ((*context_handle)->source != NULL)
gss_release_name(&minor, &(*context_handle)->source);
if ((*context_handle)->target != NULL)
gss_release_name(&minor, &(*context_handle)->target);
if (localp)
krb5_free_address (gssapi_krb5_context, localp);
if (remotep)
krb5_free_address (gssapi_krb5_context, remotep);
free (*context_handle);
*context_handle = GSS_C_NO_CONTEXT;
return ret;
}

View File

@ -1,55 +0,0 @@
/*
* Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "gssapi_locl.h"
RCSID("$Id: indicate_mechs.c,v 1.5 2003/03/16 17:38:20 lha Exp $");
OM_uint32 gss_indicate_mechs
(OM_uint32 * minor_status,
gss_OID_set * mech_set
)
{
OM_uint32 ret;
ret = gss_create_empty_oid_set(minor_status, mech_set);
if (ret)
return ret;
ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, mech_set);
if (ret)
return ret;
*minor_status = 0;
return GSS_S_COMPLETE;
}

View File

@ -1,44 +0,0 @@
/*
* Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "gssapi_locl.h"
RCSID("$Id: init.c,v 1.6 2001/08/13 13:14:07 joda Exp $");
krb5_error_code
gssapi_krb5_init (void)
{
if(gssapi_krb5_context == NULL)
return krb5_init_context (&gssapi_krb5_context);
return 0;
}

View File

@ -1,578 +0,0 @@
/*
* Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "gssapi_locl.h"
RCSID("$Id: init_sec_context.c,v 1.36.2.1 2003/08/15 14:21:18 lha Exp $");
/*
* copy the addresses from `input_chan_bindings' (if any) to
* the auth context `ac'
*/
static OM_uint32
set_addresses (krb5_auth_context ac,
const gss_channel_bindings_t input_chan_bindings)
{
/* Port numbers are expected to be in application_data.value,
* initator's port first */
krb5_address initiator_addr, acceptor_addr;
krb5_error_code kret;
if (input_chan_bindings == GSS_C_NO_CHANNEL_BINDINGS
|| input_chan_bindings->application_data.length !=
2 * sizeof(ac->local_port))
return 0;
memset(&initiator_addr, 0, sizeof(initiator_addr));
memset(&acceptor_addr, 0, sizeof(acceptor_addr));
ac->local_port =
*(int16_t *) input_chan_bindings->application_data.value;
ac->remote_port =
*((int16_t *) input_chan_bindings->application_data.value + 1);
kret = gss_address_to_krb5addr(input_chan_bindings->acceptor_addrtype,
&input_chan_bindings->acceptor_address,
ac->remote_port,
&acceptor_addr);
if (kret)
return kret;
kret = gss_address_to_krb5addr(input_chan_bindings->initiator_addrtype,
&input_chan_bindings->initiator_address,
ac->local_port,
&initiator_addr);
if (kret) {
krb5_free_address (gssapi_krb5_context, &acceptor_addr);
return kret;
}
kret = krb5_auth_con_setaddrs(gssapi_krb5_context,
ac,
&initiator_addr, /* local address */
&acceptor_addr); /* remote address */
krb5_free_address (gssapi_krb5_context, &initiator_addr);
krb5_free_address (gssapi_krb5_context, &acceptor_addr);
#if 0
free(input_chan_bindings->application_data.value);
input_chan_bindings->application_data.value = NULL;
input_chan_bindings->application_data.length = 0;
#endif
return kret;
}
/*
* handle delegated creds in init-sec-context
*/
static void
do_delegation (krb5_auth_context ac,
krb5_ccache ccache,
krb5_creds *cred,
const gss_name_t target_name,
krb5_data *fwd_data,
int *flags)
{
krb5_creds creds;
krb5_kdc_flags fwd_flags;
krb5_error_code kret;
memset (&creds, 0, sizeof(creds));
krb5_data_zero (fwd_data);
kret = krb5_cc_get_principal(gssapi_krb5_context, ccache, &creds.client);
if (kret)
goto out;
kret = krb5_build_principal(gssapi_krb5_context,
&creds.server,
strlen(creds.client->realm),
creds.client->realm,
KRB5_TGS_NAME,
creds.client->realm,
NULL);
if (kret)
goto out;
creds.times.endtime = 0;
fwd_flags.i = 0;
fwd_flags.b.forwarded = 1;
fwd_flags.b.forwardable = 1;
if ( /*target_name->name.name_type != KRB5_NT_SRV_HST ||*/
target_name->name.name_string.len < 2)
goto out;
kret = krb5_get_forwarded_creds(gssapi_krb5_context,
ac,
ccache,
fwd_flags.i,
target_name->name.name_string.val[1],
&creds,
fwd_data);
out:
if (kret)
*flags &= ~GSS_C_DELEG_FLAG;
else
*flags |= GSS_C_DELEG_FLAG;
if (creds.client)
krb5_free_principal(gssapi_krb5_context, creds.client);
if (creds.server)
krb5_free_principal(gssapi_krb5_context, creds.server);
}
/*
* first stage of init-sec-context
*/
static OM_uint32
init_auth
(OM_uint32 * minor_status,
const gss_cred_id_t initiator_cred_handle,
gss_ctx_id_t * context_handle,
const gss_name_t target_name,
const gss_OID mech_type,
OM_uint32 req_flags,
OM_uint32 time_req,
const gss_channel_bindings_t input_chan_bindings,
const gss_buffer_t input_token,
gss_OID * actual_mech_type,
gss_buffer_t output_token,
OM_uint32 * ret_flags,
OM_uint32 * time_rec
)
{
OM_uint32 ret = GSS_S_FAILURE;
krb5_error_code kret;
krb5_flags ap_options;
krb5_creds this_cred, *cred;
krb5_data outbuf;
krb5_ccache ccache;
u_int32_t flags;
Authenticator *auth;
krb5_data authenticator;
Checksum cksum;
krb5_enctype enctype;
krb5_data fwd_data;
OM_uint32 lifetime_rec;
krb5_data_zero(&outbuf);
krb5_data_zero(&fwd_data);
*minor_status = 0;
*context_handle = malloc(sizeof(**context_handle));
if (*context_handle == NULL) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
(*context_handle)->auth_context = NULL;
(*context_handle)->source = NULL;
(*context_handle)->target = NULL;
(*context_handle)->flags = 0;
(*context_handle)->more_flags = 0;
(*context_handle)->ticket = NULL;
(*context_handle)->lifetime = GSS_C_INDEFINITE;
kret = krb5_auth_con_init (gssapi_krb5_context,
&(*context_handle)->auth_context);
if (kret) {
gssapi_krb5_set_error_string ();
*minor_status = kret;
ret = GSS_S_FAILURE;
goto failure;
}
kret = set_addresses ((*context_handle)->auth_context,
input_chan_bindings);
if (kret) {
*minor_status = kret;
ret = GSS_S_BAD_BINDINGS;
goto failure;
}
{
int32_t tmp;
krb5_auth_con_getflags(gssapi_krb5_context,
(*context_handle)->auth_context,
&tmp);
tmp |= KRB5_AUTH_CONTEXT_DO_SEQUENCE;
krb5_auth_con_setflags(gssapi_krb5_context,
(*context_handle)->auth_context,
tmp);
}
if (actual_mech_type)
*actual_mech_type = GSS_KRB5_MECHANISM;
if (initiator_cred_handle == GSS_C_NO_CREDENTIAL) {
kret = krb5_cc_default (gssapi_krb5_context, &ccache);
if (kret) {
gssapi_krb5_set_error_string ();
*minor_status = kret;
ret = GSS_S_FAILURE;
goto failure;
}
} else
ccache = initiator_cred_handle->ccache;
kret = krb5_cc_get_principal (gssapi_krb5_context,
ccache,
&(*context_handle)->source);
if (kret) {
gssapi_krb5_set_error_string ();
*minor_status = kret;
ret = GSS_S_FAILURE;
goto failure;
}
kret = krb5_copy_principal (gssapi_krb5_context,
target_name,
&(*context_handle)->target);
if (kret) {
gssapi_krb5_set_error_string ();
*minor_status = kret;
ret = GSS_S_FAILURE;
goto failure;
}
ret = _gss_DES3_get_mic_compat(minor_status, *context_handle);
if (ret)
goto failure;
memset(&this_cred, 0, sizeof(this_cred));
this_cred.client = (*context_handle)->source;
this_cred.server = (*context_handle)->target;
if (time_req && time_req != GSS_C_INDEFINITE) {
krb5_timestamp ts;
krb5_timeofday (gssapi_krb5_context, &ts);
this_cred.times.endtime = ts + time_req;
} else
this_cred.times.endtime = 0;
this_cred.session.keytype = 0;
kret = krb5_get_credentials (gssapi_krb5_context,
KRB5_TC_MATCH_KEYTYPE,
ccache,
&this_cred,
&cred);
if (kret) {
gssapi_krb5_set_error_string ();
*minor_status = kret;
ret = GSS_S_FAILURE;
goto failure;
}
(*context_handle)->lifetime = cred->times.endtime;
ret = gssapi_lifetime_left(minor_status,
(*context_handle)->lifetime,
&lifetime_rec);
if (ret) {
goto failure;
}
if (lifetime_rec == 0) {
*minor_status = 0;
ret = GSS_S_CONTEXT_EXPIRED;
goto failure;
}
krb5_auth_con_setkey(gssapi_krb5_context,
(*context_handle)->auth_context,
&cred->session);
kret = krb5_auth_con_generatelocalsubkey(gssapi_krb5_context,
(*context_handle)->auth_context,
&cred->session);
if(kret) {
gssapi_krb5_set_error_string ();
*minor_status = kret;
ret = GSS_S_FAILURE;
goto failure;
}
flags = 0;
ap_options = 0;
if (req_flags & GSS_C_DELEG_FLAG)
do_delegation ((*context_handle)->auth_context,
ccache, cred, target_name, &fwd_data, &flags);
if (req_flags & GSS_C_MUTUAL_FLAG) {
flags |= GSS_C_MUTUAL_FLAG;
ap_options |= AP_OPTS_MUTUAL_REQUIRED;
}
if (req_flags & GSS_C_REPLAY_FLAG)
; /* XXX */
if (req_flags & GSS_C_SEQUENCE_FLAG)
; /* XXX */
if (req_flags & GSS_C_ANON_FLAG)
; /* XXX */
flags |= GSS_C_CONF_FLAG;
flags |= GSS_C_INTEG_FLAG;
flags |= GSS_C_SEQUENCE_FLAG;
flags |= GSS_C_TRANS_FLAG;
if (ret_flags)
*ret_flags = flags;
(*context_handle)->flags = flags;
(*context_handle)->more_flags |= LOCAL;
ret = gssapi_krb5_create_8003_checksum (minor_status,
input_chan_bindings,
flags,
&fwd_data,
&cksum);
krb5_data_free (&fwd_data);
if (ret)
goto failure;
#if 1
enctype = (*context_handle)->auth_context->keyblock->keytype;
#else
if ((*context_handle)->auth_context->enctype)
enctype = (*context_handle)->auth_context->enctype;
else {
kret = krb5_keytype_to_enctype(gssapi_krb5_context,
(*context_handle)->auth_context->keyblock->keytype,
&enctype);
if (kret)
return kret;
}
#endif
kret = krb5_build_authenticator (gssapi_krb5_context,
(*context_handle)->auth_context,
enctype,
cred,
&cksum,
&auth,
&authenticator,
KRB5_KU_AP_REQ_AUTH);
if (kret) {
gssapi_krb5_set_error_string ();
*minor_status = kret;
ret = GSS_S_FAILURE;
goto failure;
}
kret = krb5_build_ap_req (gssapi_krb5_context,
enctype,
cred,
ap_options,
authenticator,
&outbuf);
if (kret) {
gssapi_krb5_set_error_string ();
*minor_status = kret;
ret = GSS_S_FAILURE;
goto failure;
}
ret = gssapi_krb5_encapsulate (minor_status, &outbuf, output_token,
"\x01\x00");
if (ret)
goto failure;
krb5_data_free (&outbuf);
if (flags & GSS_C_MUTUAL_FLAG) {
return GSS_S_CONTINUE_NEEDED;
} else {
if (time_rec)
*time_rec = lifetime_rec;
(*context_handle)->more_flags |= OPEN;
return GSS_S_COMPLETE;
}
failure:
krb5_auth_con_free (gssapi_krb5_context,
(*context_handle)->auth_context);
if((*context_handle)->source)
krb5_free_principal (gssapi_krb5_context,
(*context_handle)->source);
if((*context_handle)->target)
krb5_free_principal (gssapi_krb5_context,
(*context_handle)->target);
free (*context_handle);
krb5_data_free (&outbuf);
*context_handle = GSS_C_NO_CONTEXT;
return ret;
}
static OM_uint32
repl_mutual
(OM_uint32 * minor_status,
const gss_cred_id_t initiator_cred_handle,
gss_ctx_id_t * context_handle,
const gss_name_t target_name,
const gss_OID mech_type,
OM_uint32 req_flags,
OM_uint32 time_req,
const gss_channel_bindings_t input_chan_bindings,
const gss_buffer_t input_token,
gss_OID * actual_mech_type,
gss_buffer_t output_token,
OM_uint32 * ret_flags,
OM_uint32 * time_rec
)
{
OM_uint32 ret;
krb5_error_code kret;
krb5_data indata;
krb5_ap_rep_enc_part *repl;
output_token->length = 0;
output_token->value = NULL;
if (actual_mech_type)
*actual_mech_type = GSS_KRB5_MECHANISM;
ret = gssapi_krb5_decapsulate (minor_status, input_token, &indata,
"\x02\x00");
if (ret)
/* XXX - Handle AP_ERROR */
return ret;
kret = krb5_rd_rep (gssapi_krb5_context,
(*context_handle)->auth_context,
&indata,
&repl);
if (kret) {
gssapi_krb5_set_error_string ();
*minor_status = kret;
return GSS_S_FAILURE;
}
krb5_free_ap_rep_enc_part (gssapi_krb5_context,
repl);
(*context_handle)->more_flags |= OPEN;
*minor_status = 0;
if (time_rec) {
ret = gssapi_lifetime_left(minor_status,
(*context_handle)->lifetime,
time_rec);
} else {
ret = GSS_S_COMPLETE;
}
if (ret_flags)
*ret_flags = (*context_handle)->flags;
return ret;
}
/*
* gss_init_sec_context
*/
OM_uint32 gss_init_sec_context
(OM_uint32 * minor_status,
const gss_cred_id_t initiator_cred_handle,
gss_ctx_id_t * context_handle,
const gss_name_t target_name,
const gss_OID mech_type,
OM_uint32 req_flags,
OM_uint32 time_req,
const gss_channel_bindings_t input_chan_bindings,
const gss_buffer_t input_token,
gss_OID * actual_mech_type,
gss_buffer_t output_token,
OM_uint32 * ret_flags,
OM_uint32 * time_rec
)
{
GSSAPI_KRB5_INIT ();
output_token->length = 0;
output_token->value = NULL;
if (ret_flags)
*ret_flags = 0;
if (time_rec)
*time_rec = 0;
if (target_name == GSS_C_NO_NAME) {
if (actual_mech_type)
*actual_mech_type = GSS_C_NO_OID;
*minor_status = 0;
return GSS_S_BAD_NAME;
}
if (input_token == GSS_C_NO_BUFFER || input_token->length == 0)
return init_auth (minor_status,
initiator_cred_handle,
context_handle,
target_name,
mech_type,
req_flags,
time_req,
input_chan_bindings,
input_token,
actual_mech_type,
output_token,
ret_flags,
time_rec);
else
return repl_mutual(minor_status,
initiator_cred_handle,
context_handle,
target_name,
mech_type,
req_flags,
time_req,
input_chan_bindings,
input_token,
actual_mech_type,
output_token,
ret_flags,
time_rec);
}

View File

@ -1,85 +0,0 @@
/*
* Copyright (c) 1997, 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "gssapi_locl.h"
RCSID("$Id: inquire_context.c,v 1.5 2003/03/16 17:43:30 lha Exp $");
OM_uint32 gss_inquire_context (
OM_uint32 * minor_status,
const gss_ctx_id_t context_handle,
gss_name_t * src_name,
gss_name_t * targ_name,
OM_uint32 * lifetime_rec,
gss_OID * mech_type,
OM_uint32 * ctx_flags,
int * locally_initiated,
int * open_context
)
{
OM_uint32 ret;
if (src_name) {
ret = gss_duplicate_name (minor_status,
context_handle->source,
src_name);
if (ret)
return ret;
}
if (targ_name) {
ret = gss_duplicate_name (minor_status,
context_handle->target,
targ_name);
if (ret)
return ret;
}
if (lifetime_rec)
*lifetime_rec = context_handle->lifetime;
if (mech_type)
*mech_type = GSS_KRB5_MECHANISM;
if (ctx_flags)
*ctx_flags = context_handle->flags;
if (locally_initiated)
*locally_initiated = context_handle->more_flags & LOCAL;
if (open_context)
*open_context = context_handle->more_flags & OPEN;
*minor_status = 0;
return GSS_S_COMPLETE;
}

View File

@ -1,97 +0,0 @@
/*
* Copyright (c) 1997, 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "gssapi_locl.h"
RCSID("$Id: inquire_cred.c,v 1.4 2003/03/16 17:42:14 lha Exp $");
OM_uint32 gss_inquire_cred
(OM_uint32 * minor_status,
const gss_cred_id_t cred_handle,
gss_name_t * name,
OM_uint32 * lifetime,
gss_cred_usage_t * cred_usage,
gss_OID_set * mechanisms
)
{
OM_uint32 ret;
*minor_status = 0;
if (name)
*name = NULL;
if (mechanisms)
*mechanisms = GSS_C_NO_OID_SET;
if (cred_handle == GSS_C_NO_CREDENTIAL) {
return GSS_S_FAILURE;
}
if (name != NULL) {
if (cred_handle->principal != NULL) {
ret = gss_duplicate_name(minor_status, cred_handle->principal,
name);
if (ret)
return ret;
} else if (cred_handle->usage == GSS_C_ACCEPT) {
*minor_status = krb5_sname_to_principal(gssapi_krb5_context, NULL,
NULL, KRB5_NT_SRV_HST, name);
if (*minor_status)
return GSS_S_FAILURE;
} else {
*minor_status = krb5_get_default_principal(gssapi_krb5_context,
name);
if (*minor_status)
return GSS_S_FAILURE;
}
}
if (lifetime != NULL) {
*lifetime = cred_handle->lifetime;
}
if (cred_usage != NULL) {
*cred_usage = cred_handle->usage;
}
if (mechanisms != NULL) {
ret = gss_create_empty_oid_set(minor_status, mechanisms);
if (ret) {
return ret;
}
ret = gss_add_oid_set_member(minor_status,
&cred_handle->mechanisms->elements[0],
mechanisms);
if (ret) {
return ret;
}
}
return GSS_S_COMPLETE;
}

View File

@ -1,80 +0,0 @@
/*
* Copyright (c) 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "gssapi_locl.h"
RCSID("$Id: inquire_cred_by_mech.c,v 1.1 2003/03/16 18:11:16 lha Exp $");
OM_uint32 gss_inquire_cred_by_mech (
OM_uint32 * minor_status,
const gss_cred_id_t cred_handle,
const gss_OID mech_type,
gss_name_t * name,
OM_uint32 * initiator_lifetime,
OM_uint32 * acceptor_lifetime,
gss_cred_usage_t * cred_usage
)
{
OM_uint32 ret;
OM_uint32 lifetime;
if (gss_oid_equal(mech_type, GSS_C_NO_OID) == 0 &&
gss_oid_equal(mech_type, GSS_KRB5_MECHANISM) == 0) {
*minor_status = EINVAL;
return GSS_S_BAD_MECH;
}
ret = gss_inquire_cred (minor_status,
cred_handle,
name,
&lifetime,
cred_usage,
NULL);
if (ret == 0 && cred_handle != GSS_C_NO_CREDENTIAL) {
gss_cred_usage_t usage;
usage = cred_handle->usage;
if (initiator_lifetime) {
if (usage == GSS_C_INITIATE || usage == GSS_C_BOTH)
*initiator_lifetime = lifetime;
}
if (acceptor_lifetime) {
if (usage == GSS_C_ACCEPT || usage == GSS_C_BOTH)
*acceptor_lifetime = lifetime;
}
}
return ret;
}

View File

@ -1,57 +0,0 @@
/*
* Copyright (c) 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "gssapi_locl.h"
RCSID("$Id: inquire_mechs_for_name.c,v 1.1 2003/03/16 18:12:33 lha Exp $");
OM_uint32 gss_inquire_mechs_for_name (
OM_uint32 * minor_status,
const gss_name_t input_name,
gss_OID_set * mech_types
)
{
OM_uint32 ret;
ret = gss_create_empty_oid_set(minor_status, mech_types);
if (ret)
return ret;
ret = gss_add_oid_set_member(minor_status,
GSS_KRB5_MECHANISM,
mech_types);
if (ret)
gss_release_oid_set(NULL, mech_types);
return ret;
}

View File

@ -1,80 +0,0 @@
/*
* Copyright (c) 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "gssapi_locl.h"
RCSID("$Id: inquire_names_for_mech.c,v 1.1 2003/03/16 18:15:29 lha Exp $");
static gss_OID *name_list[] = {
&GSS_C_NT_HOSTBASED_SERVICE,
&GSS_C_NT_USER_NAME,
&GSS_KRB5_NT_PRINCIPAL_NAME,
&GSS_C_NT_EXPORT_NAME,
NULL
};
OM_uint32 gss_inquire_names_for_mech (
OM_uint32 * minor_status,
const gss_OID mechanism,
gss_OID_set * name_types
)
{
OM_uint32 ret;
int i;
*minor_status = 0;
if (gss_oid_equal(mechanism, GSS_KRB5_MECHANISM) == 0 &&
gss_oid_equal(mechanism, GSS_C_NULL_OID) == 0) {
*name_types = GSS_C_NO_OID_SET;
return GSS_S_BAD_MECH;
}
ret = gss_create_empty_oid_set(minor_status, name_types);
if (ret != GSS_S_COMPLETE)
return ret;
for (i = 0; name_list[i] != NULL; i++) {
ret = gss_add_oid_set_member(minor_status,
*(name_list[i]),
name_types);
if (ret != GSS_S_COMPLETE)
break;
}
if (ret != GSS_S_COMPLETE)
gss_release_oid_set(NULL, name_types);
return GSS_S_COMPLETE;
}

View File

@ -1,65 +0,0 @@
/*
* Copyright (c) 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "gssapi_locl.h"
RCSID("$Id: process_context_token.c,v 1.1 2003/03/16 18:19:05 lha Exp $");
OM_uint32 gss_process_context_token (
OM_uint32 *minor_status,
const gss_ctx_id_t context_handle,
const gss_buffer_t token_buffer
)
{
OM_uint32 ret = GSS_S_FAILURE;
gss_buffer_desc empty_buffer;
gss_qop_t qop_state;
empty_buffer.length = 0;
empty_buffer.value = NULL;
qop_state = GSS_C_QOP_DEFAULT;
ret = gss_verify_mic_internal(minor_status, context_handle,
token_buffer, &empty_buffer,
GSS_C_QOP_DEFAULT, "\x01\x02");
if (ret == GSS_S_COMPLETE)
ret = gss_delete_sec_context(minor_status,
(gss_ctx_id_t *)&context_handle,
GSS_C_NO_BUFFER);
if (ret == GSS_S_COMPLETE)
*minor_status = 0;
return ret;
}

View File

@ -1,48 +0,0 @@
/*
* Copyright (c) 1997 - 2000, 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "gssapi_locl.h"
RCSID("$Id: release_buffer.c,v 1.5 2003/03/16 17:58:20 lha Exp $");
OM_uint32 gss_release_buffer
(OM_uint32 * minor_status,
gss_buffer_t buffer
)
{
*minor_status = 0;
free (buffer->value);
buffer->value = NULL;
buffer->length = 0;
return GSS_S_COMPLETE;
}

View File

@ -1,68 +0,0 @@
/*
* Copyright (c) 1997-2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "gssapi_locl.h"
RCSID("$Id: release_cred.c,v 1.8.2.1 2003/10/07 01:08:21 lha Exp $");
OM_uint32 gss_release_cred
(OM_uint32 * minor_status,
gss_cred_id_t * cred_handle
)
{
*minor_status = 0;
if (*cred_handle == GSS_C_NO_CREDENTIAL) {
return GSS_S_COMPLETE;
}
GSSAPI_KRB5_INIT ();
if ((*cred_handle)->principal != NULL)
krb5_free_principal(gssapi_krb5_context, (*cred_handle)->principal);
if ((*cred_handle)->keytab != NULL)
krb5_kt_close(gssapi_krb5_context, (*cred_handle)->keytab);
if ((*cred_handle)->ccache != NULL) {
const krb5_cc_ops *ops;
ops = krb5_cc_get_ops(gssapi_krb5_context, (*cred_handle)->ccache);
if (ops == &krb5_mcc_ops)
krb5_cc_destroy(gssapi_krb5_context, (*cred_handle)->ccache);
else
krb5_cc_close(gssapi_krb5_context, (*cred_handle)->ccache);
}
gss_release_oid_set(NULL, &(*cred_handle)->mechanisms);
free(*cred_handle);
*cred_handle = GSS_C_NO_CREDENTIAL;
return GSS_S_COMPLETE;
}

View File

@ -1,50 +0,0 @@
/*
* Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "gssapi_locl.h"
RCSID("$Id: release_name.c,v 1.7 2003/03/16 17:52:48 lha Exp $");
OM_uint32 gss_release_name
(OM_uint32 * minor_status,
gss_name_t * input_name
)
{
GSSAPI_KRB5_INIT ();
if (minor_status)
*minor_status = 0;
krb5_free_principal(gssapi_krb5_context,
*input_name);
*input_name = GSS_C_NO_NAME;
return GSS_S_COMPLETE;
}

View File

@ -1,49 +0,0 @@
/*
* Copyright (c) 1997 - 2000, 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "gssapi_locl.h"
RCSID("$Id: release_oid_set.c,v 1.5 2003/03/16 17:53:25 lha Exp $");
OM_uint32 gss_release_oid_set
(OM_uint32 * minor_status,
gss_OID_set * set
)
{
if (minor_status)
*minor_status = 0;
free ((*set)->elements);
free (*set);
*set = GSS_C_NO_OID_SET;
return GSS_S_COMPLETE;
}

View File

@ -34,6 +34,7 @@
#include "spnego/spnego_locl.h"
RCSID("$Id: accept_sec_context.c 21461 2007-07-10 14:01:13Z lha $");
/* $FreeBSD$ */
static OM_uint32
send_reject (OM_uint32 *minor_status,
@ -376,6 +377,9 @@ select_mech(OM_uint32 *minor_status, MechType *mechType, int verify_p,
char mechbuf[64];
size_t mech_len;
gss_OID_desc oid;
gss_OID oidp;
gss_OID_set mechs;
int i;
OM_uint32 ret, junk;
ret = der_put_oid ((unsigned char *)mechbuf + sizeof(mechbuf) - 1,
@ -396,27 +400,29 @@ select_mech(OM_uint32 *minor_status, MechType *mechType, int verify_p,
*minor_status = 0;
/* Translate broken MS Kebreros OID */
if (gss_oid_equal(&oid, &_gss_spnego_mskrb_mechanism_oid_desc)) {
gssapi_mech_interface mech;
if (gss_oid_equal(&oid, &_gss_spnego_mskrb_mechanism_oid_desc))
oidp = &_gss_spnego_krb5_mechanism_oid_desc;
else
oidp = &oid;
mech = __gss_get_mechanism(&_gss_spnego_krb5_mechanism_oid_desc);
if (mech == NULL)
ret = gss_indicate_mechs(&junk, &mechs);
if (ret)
return (ret);
for (i = 0; i < mechs->count; i++)
if (gss_oid_equal(&mechs->elements[i], oidp))
break;
if (i == mechs->count) {
gss_release_oid_set(&junk, &mechs);
return GSS_S_BAD_MECH;
ret = gss_duplicate_oid(minor_status,
&_gss_spnego_mskrb_mechanism_oid_desc,
mech_p);
} else {
gssapi_mech_interface mech;
mech = __gss_get_mechanism(&oid);
if (mech == NULL)
return GSS_S_BAD_MECH;
ret = gss_duplicate_oid(minor_status,
&mech->gm_mech_oid,
mech_p);
}
gss_release_oid_set(&junk, &mechs);
ret = gss_duplicate_oid(minor_status,
&oid, /* possibly this should be oidp */
mech_p);
if (verify_p) {
gss_name_t name = GSS_C_NO_NAME;

View File

@ -31,6 +31,7 @@
*/
/* $Id: spnego_locl.h 19411 2006-12-18 15:42:03Z lha $ */
/* $FreeBSD$ */
#ifndef SPNEGO_LOCL_H
#define SPNEGO_LOCL_H
@ -67,7 +68,6 @@
#include <gssapi_mech.h>
#include "spnego_asn1.h"
#include "mech/utils.h"
#include <der.h>
#include <roken.h>

View File

@ -1,55 +0,0 @@
/*
* Copyright (c) 1997, 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "gssapi_locl.h"
RCSID("$Id: test_oid_set_member.c,v 1.5 2003/03/16 17:54:06 lha Exp $");
OM_uint32 gss_test_oid_set_member (
OM_uint32 * minor_status,
const gss_OID member,
const gss_OID_set set,
int * present
)
{
size_t i;
*minor_status = 0;
*present = 0;
for (i = 0; i < set->count; ++i)
if (gss_oid_equal(member, &set->elements[i]) != 0) {
*present = 1;
break;
}
return GSS_S_COMPLETE;
}

View File

@ -1,422 +0,0 @@
/*
* Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "gssapi_locl.h"
RCSID("$Id: unwrap.c,v 1.22.2.1 2003/09/18 22:05:22 lha Exp $");
OM_uint32
gss_krb5_get_remotekey(const gss_ctx_id_t context_handle,
krb5_keyblock **key)
{
krb5_keyblock *skey;
krb5_auth_con_getremotesubkey(gssapi_krb5_context,
context_handle->auth_context,
&skey);
if(skey == NULL)
krb5_auth_con_getlocalsubkey(gssapi_krb5_context,
context_handle->auth_context,
&skey);
if(skey == NULL)
krb5_auth_con_getkey(gssapi_krb5_context,
context_handle->auth_context,
&skey);
if(skey == NULL)
return GSS_KRB5_S_KG_NO_SUBKEY; /* XXX */
*key = skey;
return 0;
}
static OM_uint32
unwrap_des
(OM_uint32 * minor_status,
const gss_ctx_id_t context_handle,
const gss_buffer_t input_message_buffer,
gss_buffer_t output_message_buffer,
int * conf_state,
gss_qop_t * qop_state,
krb5_keyblock *key
)
{
u_char *p, *pad;
size_t len;
MD5_CTX md5;
u_char hash[16], seq_data[8];
des_key_schedule schedule;
des_cblock deskey;
des_cblock zero;
int i;
int32_t seq_number;
size_t padlength;
OM_uint32 ret;
int cstate;
p = input_message_buffer->value;
ret = gssapi_krb5_verify_header (&p,
input_message_buffer->length,
"\x02\x01");
if (ret)
return ret;
if (memcmp (p, "\x00\x00", 2) != 0)
return GSS_S_BAD_SIG;
p += 2;
if (memcmp (p, "\x00\x00", 2) == 0) {
cstate = 1;
} else if (memcmp (p, "\xFF\xFF", 2) == 0) {
cstate = 0;
} else
return GSS_S_BAD_MIC;
p += 2;
if(conf_state != NULL)
*conf_state = cstate;
if (memcmp (p, "\xff\xff", 2) != 0)
return GSS_S_DEFECTIVE_TOKEN;
p += 2;
p += 16;
len = p - (u_char *)input_message_buffer->value;
if(cstate) {
/* decrypt data */
memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
for (i = 0; i < sizeof(deskey); ++i)
deskey[i] ^= 0xf0;
des_set_key (&deskey, schedule);
memset (&zero, 0, sizeof(zero));
des_cbc_encrypt ((void *)p,
(void *)p,
input_message_buffer->length - len,
schedule,
&zero,
DES_DECRYPT);
memset (deskey, 0, sizeof(deskey));
memset (schedule, 0, sizeof(schedule));
}
/* check pad */
pad = (u_char *)input_message_buffer->value + input_message_buffer->length - 1;
padlength = *pad;
for (i = padlength; i > 0 && *pad == padlength; i--, pad--)
;
if (i != 0)
return GSS_S_BAD_MIC;
MD5_Init (&md5);
MD5_Update (&md5, p - 24, 8);
MD5_Update (&md5, p, input_message_buffer->length - len);
MD5_Final (hash, &md5);
memset (&zero, 0, sizeof(zero));
memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
des_set_key (&deskey, schedule);
des_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
schedule, &zero);
if (memcmp (p - 8, hash, 8) != 0)
return GSS_S_BAD_MIC;
/* verify sequence number */
krb5_auth_getremoteseqnumber (gssapi_krb5_context,
context_handle->auth_context,
&seq_number);
seq_data[0] = (seq_number >> 0) & 0xFF;
seq_data[1] = (seq_number >> 8) & 0xFF;
seq_data[2] = (seq_number >> 16) & 0xFF;
seq_data[3] = (seq_number >> 24) & 0xFF;
memset (seq_data + 4,
(context_handle->more_flags & LOCAL) ? 0xFF : 0,
4);
p -= 16;
des_set_key (&deskey, schedule);
des_cbc_encrypt ((void *)p, (void *)p, 8,
schedule, (des_cblock *)hash, DES_DECRYPT);
memset (deskey, 0, sizeof(deskey));
memset (schedule, 0, sizeof(schedule));
if (memcmp (p, seq_data, 8) != 0) {
return GSS_S_BAD_MIC;
}
krb5_auth_con_setremoteseqnumber (gssapi_krb5_context,
context_handle->auth_context,
++seq_number);
/* copy out data */
output_message_buffer->length = input_message_buffer->length
- len - padlength - 8;
output_message_buffer->value = malloc(output_message_buffer->length);
if(output_message_buffer->length != 0 && output_message_buffer->value == NULL)
return GSS_S_FAILURE;
memcpy (output_message_buffer->value,
p + 24,
output_message_buffer->length);
return GSS_S_COMPLETE;
}
static OM_uint32
unwrap_des3
(OM_uint32 * minor_status,
const gss_ctx_id_t context_handle,
const gss_buffer_t input_message_buffer,
gss_buffer_t output_message_buffer,
int * conf_state,
gss_qop_t * qop_state,
krb5_keyblock *key
)
{
u_char *p, *pad;
size_t len;
u_char seq[8];
krb5_data seq_data;
u_char cksum[20];
int i;
int32_t seq_number;
size_t padlength;
OM_uint32 ret;
int cstate;
krb5_crypto crypto;
Checksum csum;
int cmp;
p = input_message_buffer->value;
ret = gssapi_krb5_verify_header (&p,
input_message_buffer->length,
"\x02\x01");
if (ret)
return ret;
if (memcmp (p, "\x04\x00", 2) != 0) /* HMAC SHA1 DES3_KD */
return GSS_S_BAD_SIG;
p += 2;
if (memcmp (p, "\x02\x00", 2) == 0) {
cstate = 1;
} else if (memcmp (p, "\xff\xff", 2) == 0) {
cstate = 0;
} else
return GSS_S_BAD_MIC;
p += 2;
if(conf_state != NULL)
*conf_state = cstate;
if (memcmp (p, "\xff\xff", 2) != 0)
return GSS_S_DEFECTIVE_TOKEN;
p += 2;
p += 28;
len = p - (u_char *)input_message_buffer->value;
if(cstate) {
/* decrypt data */
krb5_data tmp;
ret = krb5_crypto_init(gssapi_krb5_context, key,
ETYPE_DES3_CBC_NONE, &crypto);
if (ret) {
gssapi_krb5_set_error_string ();
*minor_status = ret;
return GSS_S_FAILURE;
}
ret = krb5_decrypt(gssapi_krb5_context, crypto, KRB5_KU_USAGE_SEAL,
p, input_message_buffer->length - len, &tmp);
krb5_crypto_destroy(gssapi_krb5_context, crypto);
if (ret) {
gssapi_krb5_set_error_string ();
*minor_status = ret;
return GSS_S_FAILURE;
}
assert (tmp.length == input_message_buffer->length - len);
memcpy (p, tmp.data, tmp.length);
krb5_data_free(&tmp);
}
/* check pad */
pad = (u_char *)input_message_buffer->value + input_message_buffer->length - 1;
padlength = *pad;
for (i = padlength; i > 0 && *pad == padlength; i--, pad--)
;
if (i != 0)
return GSS_S_BAD_MIC;
/* verify sequence number */
krb5_auth_getremoteseqnumber (gssapi_krb5_context,
context_handle->auth_context,
&seq_number);
seq[0] = (seq_number >> 0) & 0xFF;
seq[1] = (seq_number >> 8) & 0xFF;
seq[2] = (seq_number >> 16) & 0xFF;
seq[3] = (seq_number >> 24) & 0xFF;
memset (seq + 4,
(context_handle->more_flags & LOCAL) ? 0xFF : 0,
4);
p -= 28;
ret = krb5_crypto_init(gssapi_krb5_context, key,
ETYPE_DES3_CBC_NONE, &crypto);
if (ret) {
gssapi_krb5_set_error_string ();
*minor_status = ret;
return GSS_S_FAILURE;
}
{
des_cblock ivec;
memcpy(&ivec, p + 8, 8);
ret = krb5_decrypt_ivec (gssapi_krb5_context,
crypto,
KRB5_KU_USAGE_SEQ,
p, 8, &seq_data,
&ivec);
}
krb5_crypto_destroy (gssapi_krb5_context, crypto);
if (ret) {
gssapi_krb5_set_error_string ();
*minor_status = ret;
return GSS_S_FAILURE;
}
if (seq_data.length != 8) {
krb5_data_free (&seq_data);
return GSS_S_BAD_MIC;
}
cmp = memcmp (seq, seq_data.data, seq_data.length);
krb5_data_free (&seq_data);
if (cmp != 0) {
return GSS_S_BAD_MIC;
}
krb5_auth_con_setremoteseqnumber (gssapi_krb5_context,
context_handle->auth_context,
++seq_number);
/* verify checksum */
memcpy (cksum, p + 8, 20);
memcpy (p + 20, p - 8, 8);
csum.cksumtype = CKSUMTYPE_HMAC_SHA1_DES3;
csum.checksum.length = 20;
csum.checksum.data = cksum;
ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto);
if (ret) {
gssapi_krb5_set_error_string ();
*minor_status = ret;
return GSS_S_FAILURE;
}
ret = krb5_verify_checksum (gssapi_krb5_context, crypto,
KRB5_KU_USAGE_SIGN,
p + 20,
input_message_buffer->length - len + 8,
&csum);
krb5_crypto_destroy (gssapi_krb5_context, crypto);
if (ret) {
gssapi_krb5_set_error_string ();
*minor_status = ret;
return GSS_S_FAILURE;
}
/* copy out data */
output_message_buffer->length = input_message_buffer->length
- len - padlength - 8;
output_message_buffer->value = malloc(output_message_buffer->length);
if(output_message_buffer->length != 0 && output_message_buffer->value == NULL)
return GSS_S_FAILURE;
memcpy (output_message_buffer->value,
p + 36,
output_message_buffer->length);
return GSS_S_COMPLETE;
}
OM_uint32 gss_unwrap
(OM_uint32 * minor_status,
const gss_ctx_id_t context_handle,
const gss_buffer_t input_message_buffer,
gss_buffer_t output_message_buffer,
int * conf_state,
gss_qop_t * qop_state
)
{
krb5_keyblock *key;
OM_uint32 ret;
krb5_keytype keytype;
if (qop_state != NULL)
*qop_state = GSS_C_QOP_DEFAULT;
ret = gss_krb5_get_remotekey(context_handle, &key);
if (ret) {
gssapi_krb5_set_error_string ();
*minor_status = ret;
return GSS_S_FAILURE;
}
krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype);
*minor_status = 0;
switch (keytype) {
case KEYTYPE_DES :
ret = unwrap_des (minor_status, context_handle,
input_message_buffer, output_message_buffer,
conf_state, qop_state, key);
break;
case KEYTYPE_DES3 :
ret = unwrap_des3 (minor_status, context_handle,
input_message_buffer, output_message_buffer,
conf_state, qop_state, key);
break;
case KEYTYPE_ARCFOUR:
ret = _gssapi_unwrap_arcfour (minor_status, context_handle,
input_message_buffer, output_message_buffer,
conf_state, qop_state, key);
break;
default :
*minor_status = KRB5_PROG_ETYPE_NOSUPP;
ret = GSS_S_FAILURE;
break;
}
krb5_free_keyblock (gssapi_krb5_context, key);
return ret;
}

View File

@ -1,104 +0,0 @@
/*
* Copyright (c) 1997 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "gssapi_locl.h"
RCSID("$Id: v1.c,v 1.2 1999/12/02 17:05:04 joda Exp $");
/* These functions are for V1 compatibility */
OM_uint32 gss_sign
(OM_uint32 * minor_status,
gss_ctx_id_t context_handle,
int qop_req,
gss_buffer_t message_buffer,
gss_buffer_t message_token
)
{
return gss_get_mic(minor_status,
context_handle,
(gss_qop_t)qop_req,
message_buffer,
message_token);
}
OM_uint32 gss_verify
(OM_uint32 * minor_status,
gss_ctx_id_t context_handle,
gss_buffer_t message_buffer,
gss_buffer_t token_buffer,
int * qop_state
)
{
return gss_verify_mic(minor_status,
context_handle,
message_buffer,
token_buffer,
(gss_qop_t *)qop_state);
}
OM_uint32 gss_seal
(OM_uint32 * minor_status,
gss_ctx_id_t context_handle,
int conf_req_flag,
int qop_req,
gss_buffer_t input_message_buffer,
int * conf_state,
gss_buffer_t output_message_buffer
)
{
return gss_wrap(minor_status,
context_handle,
conf_req_flag,
(gss_qop_t)qop_req,
input_message_buffer,
conf_state,
output_message_buffer);
}
OM_uint32 gss_unseal
(OM_uint32 * minor_status,
gss_ctx_id_t context_handle,
gss_buffer_t input_message_buffer,
gss_buffer_t output_message_buffer,
int * conf_state,
int * qop_state
)
{
return gss_unwrap(minor_status,
context_handle,
input_message_buffer,
output_message_buffer,
conf_state,
(gss_qop_t *)qop_state);
}

View File

@ -1,322 +0,0 @@
/*
* Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "gssapi_locl.h"
RCSID("$Id: verify_mic.c,v 1.18.2.4 2003/09/18 22:05:34 lha Exp $");
static OM_uint32
verify_mic_des
(OM_uint32 * minor_status,
const gss_ctx_id_t context_handle,
const gss_buffer_t message_buffer,
const gss_buffer_t token_buffer,
gss_qop_t * qop_state,
krb5_keyblock *key,
char *type
)
{
u_char *p;
MD5_CTX md5;
u_char hash[16], seq_data[8];
des_key_schedule schedule;
des_cblock zero;
des_cblock deskey;
int32_t seq_number;
OM_uint32 ret;
p = token_buffer->value;
ret = gssapi_krb5_verify_header (&p,
token_buffer->length,
type);
if (ret)
return ret;
if (memcmp(p, "\x00\x00", 2) != 0)
return GSS_S_BAD_SIG;
p += 2;
if (memcmp (p, "\xff\xff\xff\xff", 4) != 0)
return GSS_S_BAD_MIC;
p += 4;
p += 16;
/* verify checksum */
MD5_Init (&md5);
MD5_Update (&md5, p - 24, 8);
MD5_Update (&md5, message_buffer->value,
message_buffer->length);
MD5_Final (hash, &md5);
memset (&zero, 0, sizeof(zero));
memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
des_set_key (&deskey, schedule);
des_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
schedule, &zero);
if (memcmp (p - 8, hash, 8) != 0) {
memset (deskey, 0, sizeof(deskey));
memset (schedule, 0, sizeof(schedule));
return GSS_S_BAD_MIC;
}
/* verify sequence number */
krb5_auth_getremoteseqnumber (gssapi_krb5_context,
context_handle->auth_context,
&seq_number);
seq_data[0] = (seq_number >> 0) & 0xFF;
seq_data[1] = (seq_number >> 8) & 0xFF;
seq_data[2] = (seq_number >> 16) & 0xFF;
seq_data[3] = (seq_number >> 24) & 0xFF;
memset (seq_data + 4,
(context_handle->more_flags & LOCAL) ? 0xFF : 0,
4);
p -= 16;
des_set_key (&deskey, schedule);
des_cbc_encrypt ((void *)p, (void *)p, 8,
schedule, (des_cblock *)hash, DES_DECRYPT);
memset (deskey, 0, sizeof(deskey));
memset (schedule, 0, sizeof(schedule));
if (memcmp (p, seq_data, 8) != 0) {
return GSS_S_BAD_MIC;
}
krb5_auth_con_setremoteseqnumber (gssapi_krb5_context,
context_handle->auth_context,
++seq_number);
return GSS_S_COMPLETE;
}
static OM_uint32
verify_mic_des3
(OM_uint32 * minor_status,
const gss_ctx_id_t context_handle,
const gss_buffer_t message_buffer,
const gss_buffer_t token_buffer,
gss_qop_t * qop_state,
krb5_keyblock *key,
char *type
)
{
u_char *p;
u_char seq[8];
int32_t seq_number;
OM_uint32 ret;
krb5_crypto crypto;
krb5_data seq_data;
int cmp, docompat;
Checksum csum;
char *tmp;
char ivec[8];
p = token_buffer->value;
ret = gssapi_krb5_verify_header (&p,
token_buffer->length,
type);
if (ret)
return ret;
if (memcmp(p, "\x04\x00", 2) != 0) /* SGN_ALG = HMAC SHA1 DES3-KD */
return GSS_S_BAD_SIG;
p += 2;
if (memcmp (p, "\xff\xff\xff\xff", 4) != 0)
return GSS_S_BAD_MIC;
p += 4;
ret = krb5_crypto_init(gssapi_krb5_context, key,
ETYPE_DES3_CBC_NONE, &crypto);
if (ret){
gssapi_krb5_set_error_string ();
*minor_status = ret;
return GSS_S_FAILURE;
}
/* verify sequence number */
docompat = 0;
retry:
if (docompat)
memset(ivec, 0, 8);
else
memcpy(ivec, p + 8, 8);
ret = krb5_decrypt_ivec (gssapi_krb5_context,
crypto,
KRB5_KU_USAGE_SEQ,
p, 8, &seq_data, ivec);
if (ret) {
if (docompat++) {
gssapi_krb5_set_error_string ();
krb5_crypto_destroy (gssapi_krb5_context, crypto);
*minor_status = ret;
return GSS_S_FAILURE;
} else
goto retry;
}
if (seq_data.length != 8) {
krb5_data_free (&seq_data);
if (docompat++) {
krb5_crypto_destroy (gssapi_krb5_context, crypto);
return GSS_S_BAD_MIC;
} else
goto retry;
}
krb5_auth_getremoteseqnumber (gssapi_krb5_context,
context_handle->auth_context,
&seq_number);
seq[0] = (seq_number >> 0) & 0xFF;
seq[1] = (seq_number >> 8) & 0xFF;
seq[2] = (seq_number >> 16) & 0xFF;
seq[3] = (seq_number >> 24) & 0xFF;
memset (seq + 4,
(context_handle->more_flags & LOCAL) ? 0xFF : 0,
4);
cmp = memcmp (seq, seq_data.data, seq_data.length);
krb5_data_free (&seq_data);
if (cmp != 0) {
if (docompat++) {
krb5_crypto_destroy (gssapi_krb5_context, crypto);
return GSS_S_BAD_MIC;
} else
goto retry;
}
/* verify checksum */
tmp = malloc (message_buffer->length + 8);
if (tmp == NULL) {
krb5_crypto_destroy (gssapi_krb5_context, crypto);
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
memcpy (tmp, p - 8, 8);
memcpy (tmp + 8, message_buffer->value, message_buffer->length);
csum.cksumtype = CKSUMTYPE_HMAC_SHA1_DES3;
csum.checksum.length = 20;
csum.checksum.data = p + 8;
ret = krb5_verify_checksum (gssapi_krb5_context, crypto,
KRB5_KU_USAGE_SIGN,
tmp, message_buffer->length + 8,
&csum);
free (tmp);
if (ret) {
gssapi_krb5_set_error_string ();
krb5_crypto_destroy (gssapi_krb5_context, crypto);
*minor_status = ret;
return GSS_S_BAD_MIC;
}
krb5_auth_con_setremoteseqnumber (gssapi_krb5_context,
context_handle->auth_context,
++seq_number);
krb5_crypto_destroy (gssapi_krb5_context, crypto);
return GSS_S_COMPLETE;
}
OM_uint32
gss_verify_mic_internal
(OM_uint32 * minor_status,
const gss_ctx_id_t context_handle,
const gss_buffer_t message_buffer,
const gss_buffer_t token_buffer,
gss_qop_t * qop_state,
char * type
)
{
krb5_keyblock *key;
OM_uint32 ret;
krb5_keytype keytype;
ret = gss_krb5_get_remotekey(context_handle, &key);
if (ret) {
gssapi_krb5_set_error_string ();
*minor_status = ret;
return GSS_S_FAILURE;
}
*minor_status = 0;
krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype);
switch (keytype) {
case KEYTYPE_DES :
ret = verify_mic_des (minor_status, context_handle,
message_buffer, token_buffer, qop_state, key,
type);
break;
case KEYTYPE_DES3 :
ret = verify_mic_des3 (minor_status, context_handle,
message_buffer, token_buffer, qop_state, key,
type);
break;
case KEYTYPE_ARCFOUR :
ret = _gssapi_verify_mic_arcfour (minor_status, context_handle,
message_buffer, token_buffer,
qop_state, key, type);
break;
default :
*minor_status = KRB5_PROG_ETYPE_NOSUPP;
ret = GSS_S_FAILURE;
break;
}
krb5_free_keyblock (gssapi_krb5_context, key);
return ret;
}
OM_uint32
gss_verify_mic
(OM_uint32 * minor_status,
const gss_ctx_id_t context_handle,
const gss_buffer_t message_buffer,
const gss_buffer_t token_buffer,
gss_qop_t * qop_state
)
{
OM_uint32 ret;
if (qop_state != NULL)
*qop_state = GSS_C_QOP_DEFAULT;
ret = gss_verify_mic_internal(minor_status, context_handle,
message_buffer, token_buffer,
qop_state, "\x01\x01");
return ret;
}

View File

@ -1,454 +0,0 @@
/*
* Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "gssapi_locl.h"
RCSID("$Id: wrap.c,v 1.21.2.1 2003/09/18 22:05:45 lha Exp $");
OM_uint32
gss_krb5_get_localkey(const gss_ctx_id_t context_handle,
krb5_keyblock **key)
{
krb5_keyblock *skey;
krb5_auth_con_getlocalsubkey(gssapi_krb5_context,
context_handle->auth_context,
&skey);
if(skey == NULL)
krb5_auth_con_getremotesubkey(gssapi_krb5_context,
context_handle->auth_context,
&skey);
if(skey == NULL)
krb5_auth_con_getkey(gssapi_krb5_context,
context_handle->auth_context,
&skey);
if(skey == NULL)
return GSS_S_FAILURE;
*key = skey;
return 0;
}
static OM_uint32
sub_wrap_size (
OM_uint32 req_output_size,
OM_uint32 * max_input_size,
int blocksize,
int extrasize
)
{
size_t len, total_len, padlength;
padlength = blocksize - (req_output_size % blocksize);
len = req_output_size + 8 + padlength + extrasize;
gssapi_krb5_encap_length(len, &len, &total_len);
*max_input_size = (OM_uint32)total_len;
return GSS_S_COMPLETE;
}
OM_uint32
gss_wrap_size_limit (
OM_uint32 * minor_status,
const gss_ctx_id_t context_handle,
int conf_req_flag,
gss_qop_t qop_req,
OM_uint32 req_output_size,
OM_uint32 * max_input_size
)
{
krb5_keyblock *key;
OM_uint32 ret;
krb5_keytype keytype;
ret = gss_krb5_get_localkey(context_handle, &key);
if (ret) {
gssapi_krb5_set_error_string ();
*minor_status = ret;
return GSS_S_FAILURE;
}
krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype);
switch (keytype) {
case KEYTYPE_DES :
case KEYTYPE_ARCFOUR:
ret = sub_wrap_size(req_output_size, max_input_size, 8, 22);
break;
case KEYTYPE_DES3 :
ret = sub_wrap_size(req_output_size, max_input_size, 8, 34);
break;
default :
*minor_status = KRB5_PROG_ETYPE_NOSUPP;
ret = GSS_S_FAILURE;
break;
}
krb5_free_keyblock (gssapi_krb5_context, key);
*minor_status = 0;
return ret;
}
static OM_uint32
wrap_des
(OM_uint32 * minor_status,
const gss_ctx_id_t context_handle,
int conf_req_flag,
gss_qop_t qop_req,
const gss_buffer_t input_message_buffer,
int * conf_state,
gss_buffer_t output_message_buffer,
krb5_keyblock *key
)
{
u_char *p;
MD5_CTX md5;
u_char hash[16];
des_key_schedule schedule;
des_cblock deskey;
des_cblock zero;
int i;
int32_t seq_number;
size_t len, total_len, padlength, datalen;
padlength = 8 - (input_message_buffer->length % 8);
datalen = input_message_buffer->length + padlength + 8;
len = datalen + 22;
gssapi_krb5_encap_length (len, &len, &total_len);
output_message_buffer->length = total_len;
output_message_buffer->value = malloc (total_len);
if (output_message_buffer->value == NULL) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
p = gssapi_krb5_make_header(output_message_buffer->value,
len,
"\x02\x01"); /* TOK_ID */
/* SGN_ALG */
memcpy (p, "\x00\x00", 2);
p += 2;
/* SEAL_ALG */
if(conf_req_flag)
memcpy (p, "\x00\x00", 2);
else
memcpy (p, "\xff\xff", 2);
p += 2;
/* Filler */
memcpy (p, "\xff\xff", 2);
p += 2;
/* fill in later */
memset (p, 0, 16);
p += 16;
/* confounder + data + pad */
krb5_generate_random_block(p, 8);
memcpy (p + 8, input_message_buffer->value,
input_message_buffer->length);
memset (p + 8 + input_message_buffer->length, padlength, padlength);
/* checksum */
MD5_Init (&md5);
MD5_Update (&md5, p - 24, 8);
MD5_Update (&md5, p, datalen);
MD5_Final (hash, &md5);
memset (&zero, 0, sizeof(zero));
memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
des_set_key (&deskey, schedule);
des_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
schedule, &zero);
memcpy (p - 8, hash, 8);
/* sequence number */
krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,
context_handle->auth_context,
&seq_number);
p -= 16;
p[0] = (seq_number >> 0) & 0xFF;
p[1] = (seq_number >> 8) & 0xFF;
p[2] = (seq_number >> 16) & 0xFF;
p[3] = (seq_number >> 24) & 0xFF;
memset (p + 4,
(context_handle->more_flags & LOCAL) ? 0 : 0xFF,
4);
des_set_key (&deskey, schedule);
des_cbc_encrypt ((void *)p, (void *)p, 8,
schedule, (des_cblock *)(p + 8), DES_ENCRYPT);
krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,
context_handle->auth_context,
++seq_number);
/* encrypt the data */
p += 16;
if(conf_req_flag) {
memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
for (i = 0; i < sizeof(deskey); ++i)
deskey[i] ^= 0xf0;
des_set_key (&deskey, schedule);
memset (&zero, 0, sizeof(zero));
des_cbc_encrypt ((void *)p,
(void *)p,
datalen,
schedule,
&zero,
DES_ENCRYPT);
memset (deskey, 0, sizeof(deskey));
memset (schedule, 0, sizeof(schedule));
}
if(conf_state != NULL)
*conf_state = conf_req_flag;
*minor_status = 0;
return GSS_S_COMPLETE;
}
static OM_uint32
wrap_des3
(OM_uint32 * minor_status,
const gss_ctx_id_t context_handle,
int conf_req_flag,
gss_qop_t qop_req,
const gss_buffer_t input_message_buffer,
int * conf_state,
gss_buffer_t output_message_buffer,
krb5_keyblock *key
)
{
u_char *p;
u_char seq[8];
int32_t seq_number;
size_t len, total_len, padlength, datalen;
u_int32_t ret;
krb5_crypto crypto;
Checksum cksum;
krb5_data encdata;
padlength = 8 - (input_message_buffer->length % 8);
datalen = input_message_buffer->length + padlength + 8;
len = datalen + 34;
gssapi_krb5_encap_length (len, &len, &total_len);
output_message_buffer->length = total_len;
output_message_buffer->value = malloc (total_len);
if (output_message_buffer->value == NULL) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
p = gssapi_krb5_make_header(output_message_buffer->value,
len,
"\x02\x01"); /* TOK_ID */
/* SGN_ALG */
memcpy (p, "\x04\x00", 2); /* HMAC SHA1 DES3-KD */
p += 2;
/* SEAL_ALG */
if(conf_req_flag)
memcpy (p, "\x02\x00", 2); /* DES3-KD */
else
memcpy (p, "\xff\xff", 2);
p += 2;
/* Filler */
memcpy (p, "\xff\xff", 2);
p += 2;
/* calculate checksum (the above + confounder + data + pad) */
memcpy (p + 20, p - 8, 8);
krb5_generate_random_block(p + 28, 8);
memcpy (p + 28 + 8, input_message_buffer->value,
input_message_buffer->length);
memset (p + 28 + 8 + input_message_buffer->length, padlength, padlength);
ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto);
if (ret) {
gssapi_krb5_set_error_string ();
free (output_message_buffer->value);
*minor_status = ret;
return GSS_S_FAILURE;
}
ret = krb5_create_checksum (gssapi_krb5_context,
crypto,
KRB5_KU_USAGE_SIGN,
0,
p + 20,
datalen + 8,
&cksum);
krb5_crypto_destroy (gssapi_krb5_context, crypto);
if (ret) {
gssapi_krb5_set_error_string ();
free (output_message_buffer->value);
*minor_status = ret;
return GSS_S_FAILURE;
}
/* zero out SND_SEQ + SGN_CKSUM in case */
memset (p, 0, 28);
memcpy (p + 8, cksum.checksum.data, cksum.checksum.length);
free_Checksum (&cksum);
/* sequence number */
krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,
context_handle->auth_context,
&seq_number);
seq[0] = (seq_number >> 0) & 0xFF;
seq[1] = (seq_number >> 8) & 0xFF;
seq[2] = (seq_number >> 16) & 0xFF;
seq[3] = (seq_number >> 24) & 0xFF;
memset (seq + 4,
(context_handle->more_flags & LOCAL) ? 0 : 0xFF,
4);
ret = krb5_crypto_init(gssapi_krb5_context, key, ETYPE_DES3_CBC_NONE,
&crypto);
if (ret) {
free (output_message_buffer->value);
*minor_status = ret;
return GSS_S_FAILURE;
}
{
des_cblock ivec;
memcpy (&ivec, p + 8, 8);
ret = krb5_encrypt_ivec (gssapi_krb5_context,
crypto,
KRB5_KU_USAGE_SEQ,
seq, 8, &encdata,
&ivec);
}
krb5_crypto_destroy (gssapi_krb5_context, crypto);
if (ret) {
gssapi_krb5_set_error_string ();
free (output_message_buffer->value);
*minor_status = ret;
return GSS_S_FAILURE;
}
assert (encdata.length == 8);
memcpy (p, encdata.data, encdata.length);
krb5_data_free (&encdata);
krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,
context_handle->auth_context,
++seq_number);
/* encrypt the data */
p += 28;
if(conf_req_flag) {
krb5_data tmp;
ret = krb5_crypto_init(gssapi_krb5_context, key,
ETYPE_DES3_CBC_NONE, &crypto);
if (ret) {
gssapi_krb5_set_error_string ();
free (output_message_buffer->value);
*minor_status = ret;
return GSS_S_FAILURE;
}
ret = krb5_encrypt(gssapi_krb5_context, crypto, KRB5_KU_USAGE_SEAL,
p, datalen, &tmp);
krb5_crypto_destroy(gssapi_krb5_context, crypto);
if (ret) {
gssapi_krb5_set_error_string ();
free (output_message_buffer->value);
*minor_status = ret;
return GSS_S_FAILURE;
}
assert (tmp.length == datalen);
memcpy (p, tmp.data, datalen);
krb5_data_free(&tmp);
}
if(conf_state != NULL)
*conf_state = conf_req_flag;
*minor_status = 0;
return GSS_S_COMPLETE;
}
OM_uint32 gss_wrap
(OM_uint32 * minor_status,
const gss_ctx_id_t context_handle,
int conf_req_flag,
gss_qop_t qop_req,
const gss_buffer_t input_message_buffer,
int * conf_state,
gss_buffer_t output_message_buffer
)
{
krb5_keyblock *key;
OM_uint32 ret;
krb5_keytype keytype;
ret = gss_krb5_get_localkey(context_handle, &key);
if (ret) {
gssapi_krb5_set_error_string ();
*minor_status = ret;
return GSS_S_FAILURE;
}
krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype);
switch (keytype) {
case KEYTYPE_DES :
ret = wrap_des (minor_status, context_handle, conf_req_flag,
qop_req, input_message_buffer, conf_state,
output_message_buffer, key);
break;
case KEYTYPE_DES3 :
ret = wrap_des3 (minor_status, context_handle, conf_req_flag,
qop_req, input_message_buffer, conf_state,
output_message_buffer, key);
break;
case KEYTYPE_ARCFOUR:
ret = _gssapi_wrap_arcfour (minor_status, context_handle, conf_req_flag,
qop_req, input_message_buffer, conf_state,
output_message_buffer, key);
break;
default :
*minor_status = KRB5_PROG_ETYPE_NOSUPP;
ret = GSS_S_FAILURE;
break;
}
krb5_free_keyblock (gssapi_krb5_context, key);
return ret;
}

View File

@ -1,213 +0,0 @@
/*
* Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of KTH nor the names of its contributors may be
* used to endorse or promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
/* Converts a database from version 0.0* to 0.1. This is done by
* making three copies of each DES key (DES-CBC-CRC, DES-CBC-MD4, and
* DES-CBC-MD5).
*
* Use with care.
*/
#include "hdb_locl.h"
#include <getarg.h>
#include <err.h>
RCSID("$Id: convert_db.c,v 1.12 2001/02/20 01:44:53 assar Exp $");
static krb5_error_code
update_keytypes(krb5_context context, HDB *db, hdb_entry *entry, void *data)
{
int i;
int n = 0;
Key *k;
int save_len;
Key *save_val;
HDB *new = data;
krb5_error_code ret;
for(i = 0; i < entry->keys.len; i++)
if(entry->keys.val[i].key.keytype == KEYTYPE_DES)
n += 2;
else if(entry->keys.val[i].key.keytype == KEYTYPE_DES3)
n += 1;
k = malloc(sizeof(*k) * (entry->keys.len + n));
n = 0;
for(i = 0; i < entry->keys.len; i++) {
copy_Key(&entry->keys.val[i], &k[n]);
if(entry->keys.val[i].key.keytype == KEYTYPE_DES) {
copy_Key(&entry->keys.val[i], &k[n+1]);
k[n+1].key.keytype = ETYPE_DES_CBC_MD4;
copy_Key(&entry->keys.val[i], &k[n+2]);
k[n+2].key.keytype = ETYPE_DES_CBC_MD5;
n += 2;
}
else if(entry->keys.val[i].key.keytype == KEYTYPE_DES3) {
copy_Key(&entry->keys.val[i], &k[n+1]);
k[n+1].key.keytype = ETYPE_DES3_CBC_MD5;
n += 1;
}
n++;
}
save_len = entry->keys.len;
save_val = entry->keys.val;
entry->keys.len = n;
entry->keys.val = k;
ret = new->store(context, new, HDB_F_REPLACE, entry);
entry->keys.len = save_len;
entry->keys.val = save_val;
for(i = 0; i < n; i++)
free_Key(&k[i]);
free(k);
return 0;
}
static krb5_error_code
update_version2(krb5_context context, HDB *db, hdb_entry *entry, void *data)
{
HDB *new = data;
if(!db->master_key_set) {
int i;
for(i = 0; i < entry->keys.len; i++) {
free(entry->keys.val[i].mkvno);
entry->keys.val[i].mkvno = NULL;
}
}
new->store(context, new, HDB_F_REPLACE, entry);
return 0;
}
char *old_database = HDB_DEFAULT_DB;
char *new_database = HDB_DEFAULT_DB ".new";
char *mkeyfile;
int update_version;
int help_flag;
int version_flag;
struct getargs args[] = {
{ "old-database", 0, arg_string, &old_database,
"name of database to convert", "file" },
{ "new-database", 0, arg_string, &new_database,
"name of converted database", "file" },
{ "master-key", 0, arg_string, &mkeyfile,
"v5 master key file", "file" },
{ "update-version", 0, arg_flag, &update_version,
"update the database to the current version" },
{ "help", 'h', arg_flag, &help_flag },
{ "version", 0, arg_flag, &version_flag }
};
static int num_args = sizeof(args) / sizeof(args[0]);
int
main(int argc, char **argv)
{
krb5_error_code ret;
krb5_context context;
HDB *db, *new;
int optind = 0;
int master_key_set = 0;
setprogname(argv[0]);
if(getarg(args, num_args, argc, argv, &optind))
krb5_std_usage(1, args, num_args);
if(help_flag)
krb5_std_usage(0, args, num_args);
if(version_flag){
print_version(NULL);
exit(0);
}
ret = krb5_init_context(&context);
if(ret != 0)
errx(1, "krb5_init_context failed: %d", ret);
ret = hdb_create(context, &db, old_database);
if(ret != 0)
krb5_err(context, 1, ret, "hdb_create");
ret = hdb_set_master_keyfile(context, db, mkeyfile);
if (ret)
krb5_err(context, 1, ret, "hdb_set_master_keyfile");
master_key_set = 1;
ret = hdb_create(context, &new, new_database);
if(ret != 0)
krb5_err(context, 1, ret, "hdb_create");
if (master_key_set) {
ret = hdb_set_master_keyfile(context, new, mkeyfile);
if (ret)
krb5_err(context, 1, ret, "hdb_set_master_keyfile");
}
ret = db->open(context, db, O_RDONLY, 0);
if(ret == HDB_ERR_BADVERSION) {
krb5_data tag;
krb5_data version;
int foo;
unsigned ver;
tag.data = HDB_DB_FORMAT_ENTRY;
tag.length = strlen(tag.data);
ret = (*db->_get)(context, db, tag, &version);
if(ret)
krb5_errx(context, 1, "database is wrong version, "
"but couldn't find version key (%s)",
HDB_DB_FORMAT_ENTRY);
foo = sscanf(version.data, "%u", &ver);
krb5_data_free (&version);
if(foo != 1)
krb5_errx(context, 1, "database version is not a number");
if(ver == 1 && HDB_DB_FORMAT == 2) {
krb5_warnx(context, "will upgrade database from version %d to %d",
ver, HDB_DB_FORMAT);
krb5_warnx(context, "rerun to do other conversions");
update_version = 1;
} else
krb5_errx(context, 1,
"don't know how to upgrade from version %d to %d",
ver, HDB_DB_FORMAT);
} else if(ret)
krb5_err(context, 1, ret, "%s", old_database);
ret = new->open(context, new, O_CREAT|O_EXCL|O_RDWR, 0600);
if(ret)
krb5_err(context, 1, ret, "%s", new_database);
if(update_version)
ret = hdb_foreach(context, db, 0, update_version2, new);
else
ret = hdb_foreach(context, db, 0, update_keytypes, new);
if(ret != 0)
krb5_err(context, 1, ret, "hdb_foreach");
db->close(context, db);
new->close(context, new);
krb5_warnx(context, "wrote converted database to `%s'", new_database);
return 0;
}

View File

@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
/* $Id: hdb_locl.h,v 1.18.4.1 2003/09/10 22:04:39 lha Exp $ */
/* $Id: hdb_locl.h 22209 2007-12-07 19:03:41Z lha $ */
/* $FreeBSD$ */
#ifndef __HDB_LOCL_H__
@ -65,4 +65,7 @@
#include <hdb.h>
#include <hdb-private.h>
#define HDB_DEFAULT_DB HDB_DB_DIR "/heimdal"
#define HDB_DB_FORMAT_ENTRY "hdb/db-format"
#endif /* __HDB_LOCL_H__ */

View File

@ -1,273 +0,0 @@
/*
* Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "iprop.h"
#include "parse_time.h"
RCSID("$Id: dump_log.c,v 1.13 2003/04/16 17:56:02 lha Exp $");
static char *op_names[] = {
"get",
"delete",
"create",
"rename",
"chpass",
"modify",
"randkey",
"get_privs",
"get_princs",
"chpass_with_key",
"nop"
};
static void
print_entry(kadm5_server_context *server_context,
u_int32_t ver,
time_t timestamp,
enum kadm_ops op,
u_int32_t len,
krb5_storage *sp)
{
char t[256];
int32_t mask;
hdb_entry ent;
krb5_principal source;
char *name1, *name2;
krb5_data data;
krb5_context context = server_context->context;
off_t end = krb5_storage_seek(sp, 0, SEEK_CUR) + len;
krb5_error_code ret;
strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S", localtime(&timestamp));
if(op < kadm_get || op > kadm_nop) {
printf("unknown op: %d\n", op);
krb5_storage_seek(sp, end, SEEK_SET);
return;
}
printf ("%s: ver = %u, timestamp = %s, len = %u\n",
op_names[op], ver, t, len);
switch(op) {
case kadm_delete:
krb5_ret_principal(sp, &source);
krb5_unparse_name(context, source, &name1);
printf(" %s\n", name1);
free(name1);
krb5_free_principal(context, source);
break;
case kadm_rename:
ret = krb5_data_alloc(&data, len);
if (ret)
krb5_err (context, 1, ret, "kadm_rename: data alloc: %d", len);
krb5_ret_principal(sp, &source);
krb5_storage_read(sp, data.data, data.length);
hdb_value2entry(context, &data, &ent);
krb5_unparse_name(context, source, &name1);
krb5_unparse_name(context, ent.principal, &name2);
printf(" %s -> %s\n", name1, name2);
free(name1);
free(name2);
krb5_free_principal(context, source);
hdb_free_entry(context, &ent);
break;
case kadm_create:
ret = krb5_data_alloc(&data, len);
if (ret)
krb5_err (context, 1, ret, "kadm_create: data alloc: %d", len);
krb5_storage_read(sp, data.data, data.length);
ret = hdb_value2entry(context, &data, &ent);
if(ret)
abort();
mask = ~0;
goto foo;
case kadm_modify:
ret = krb5_data_alloc(&data, len);
if (ret)
krb5_err (context, 1, ret, "kadm_modify: data alloc: %d", len);
krb5_ret_int32(sp, &mask);
krb5_storage_read(sp, data.data, data.length);
ret = hdb_value2entry(context, &data, &ent);
if(ret)
abort();
foo:
if(ent.principal /* mask & KADM5_PRINCIPAL */) {
krb5_unparse_name(context, ent.principal, &name1);
printf(" principal = %s\n", name1);
free(name1);
}
if(mask & KADM5_PRINC_EXPIRE_TIME) {
if(ent.valid_end == NULL) {
strcpy(t, "never");
} else {
strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S",
localtime(ent.valid_end));
}
printf(" expires = %s\n", t);
}
if(mask & KADM5_PW_EXPIRATION) {
if(ent.pw_end == NULL) {
strcpy(t, "never");
} else {
strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S",
localtime(ent.pw_end));
}
printf(" password exp = %s\n", t);
}
if(mask & KADM5_LAST_PWD_CHANGE) {
}
if(mask & KADM5_ATTRIBUTES) {
unparse_flags(HDBFlags2int(ent.flags),
HDBFlags_units, t, sizeof(t));
printf(" attributes = %s\n", t);
}
if(mask & KADM5_MAX_LIFE) {
if(ent.max_life == NULL)
strcpy(t, "for ever");
else
unparse_time(*ent.max_life, t, sizeof(t));
printf(" max life = %s\n", t);
}
if(mask & KADM5_MAX_RLIFE) {
if(ent.max_renew == NULL)
strcpy(t, "for ever");
else
unparse_time(*ent.max_renew, t, sizeof(t));
printf(" max rlife = %s\n", t);
}
if(mask & KADM5_MOD_TIME) {
printf(" mod time\n");
}
if(mask & KADM5_MOD_NAME) {
printf(" mod name\n");
}
if(mask & KADM5_KVNO) {
printf(" kvno = %d\n", ent.kvno);
}
if(mask & KADM5_MKVNO) {
printf(" mkvno\n");
}
if(mask & KADM5_AUX_ATTRIBUTES) {
printf(" aux attributes\n");
}
if(mask & KADM5_POLICY) {
printf(" policy\n");
}
if(mask & KADM5_POLICY_CLR) {
printf(" mod time\n");
}
if(mask & KADM5_LAST_SUCCESS) {
printf(" last success\n");
}
if(mask & KADM5_LAST_FAILED) {
printf(" last failed\n");
}
if(mask & KADM5_FAIL_AUTH_COUNT) {
printf(" fail auth count\n");
}
if(mask & KADM5_KEY_DATA) {
printf(" key data\n");
}
if(mask & KADM5_TL_DATA) {
printf(" tl data\n");
}
hdb_free_entry(context, &ent);
break;
case kadm_nop :
break;
default:
abort();
}
krb5_storage_seek(sp, end, SEEK_SET);
}
static char *realm;
static int version_flag;
static int help_flag;
static struct getargs args[] = {
{ "realm", 'r', arg_string, &realm },
{ "version", 0, arg_flag, &version_flag },
{ "help", 0, arg_flag, &help_flag }
};
int num_args = sizeof(args) / sizeof(args[0]);
int
main(int argc, char **argv)
{
krb5_context context;
krb5_error_code ret;
void *kadm_handle;
kadm5_server_context *server_context;
kadm5_config_params conf;
krb5_program_setup(&context, argc, argv, args, num_args, NULL);
if(help_flag)
krb5_std_usage(0, args, num_args);
if(version_flag) {
print_version(NULL);
exit(0);
}
memset(&conf, 0, sizeof(conf));
if(realm) {
conf.mask |= KADM5_CONFIG_REALM;
conf.realm = realm;
}
ret = kadm5_init_with_password_ctx (context,
KADM5_ADMIN_SERVICE,
NULL,
KADM5_ADMIN_SERVICE,
&conf, 0, 0,
&kadm_handle);
if (ret)
krb5_err (context, 1, ret, "kadm5_init_with_password_ctx");
server_context = (kadm5_server_context *)kadm_handle;
ret = kadm5_log_init (server_context);
if (ret)
krb5_err (context, 1, ret, "kadm5_log_init");
ret = kadm5_log_foreach (server_context, print_entry);
if(ret)
krb5_warn(context, ret, "kadm5_log_foreach");
ret = kadm5_log_end (server_context);
if (ret)
krb5_warn(context, ret, "kadm5_log_end");
return 0;
}

View File

@ -1,129 +0,0 @@
/*
* Copyright (c) 1997-2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "iprop.h"
RCSID("$Id: replay_log.c,v 1.9 2002/05/24 15:19:22 joda Exp $");
int start_version = -1;
int end_version = -1;
static void
apply_entry(kadm5_server_context *server_context,
u_int32_t ver,
time_t timestamp,
enum kadm_ops op,
u_int32_t len,
krb5_storage *sp)
{
krb5_error_code ret;
if((start_version != -1 && ver < start_version) ||
(end_version != -1 && ver > end_version)) {
/* XXX skip this entry */
krb5_storage_seek(sp, len, SEEK_CUR);
return;
}
printf ("ver %u... ", ver);
fflush (stdout);
ret = kadm5_log_replay (server_context,
op, ver, len, sp);
if (ret)
krb5_warn (server_context->context, ret, "kadm5_log_replay");
printf ("done\n");
}
int version_flag;
int help_flag;
struct getargs args[] = {
{ "start-version", 0, arg_integer, &start_version, "start replay with this version" },
{ "end-version", 0, arg_integer, &end_version, "end replay with this version" },
{ "version", 0, arg_flag, &version_flag },
{ "help", 0, arg_flag, &help_flag }
};
int num_args = sizeof(args) / sizeof(args[0]);
int
main(int argc, char **argv)
{
krb5_context context;
krb5_error_code ret;
void *kadm_handle;
kadm5_config_params conf;
kadm5_server_context *server_context;
krb5_program_setup(&context, argc, argv, args, num_args, NULL);
if(help_flag)
krb5_std_usage(0, args, num_args);
if(version_flag) {
print_version(NULL);
exit(0);
}
memset(&conf, 0, sizeof(conf));
ret = kadm5_init_with_password_ctx (context,
KADM5_ADMIN_SERVICE,
NULL,
KADM5_ADMIN_SERVICE,
&conf, 0, 0,
&kadm_handle);
if (ret)
krb5_err (context, 1, ret, "kadm5_init_with_password_ctx");
server_context = (kadm5_server_context *)kadm_handle;
ret = server_context->db->open(context,
server_context->db,
O_RDWR | O_CREAT, 0);
if (ret)
krb5_err (context, 1, ret, "db->open");
ret = kadm5_log_init (server_context);
if (ret)
krb5_err (context, 1, ret, "kadm5_log_init");
ret = kadm5_log_foreach (server_context, apply_entry);
if(ret)
krb5_warn(context, ret, "kadm5_log_foreach");
ret = kadm5_log_end (server_context);
if (ret)
krb5_warn(context, ret, "kadm5_log_end");
ret = server_context->db->close (context, server_context->db);
if (ret)
krb5_err (context, 1, ret, "db->close");
return 0;
}

View File

@ -1,89 +0,0 @@
/*
* Copyright (c) 2000, 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "iprop.h"
RCSID("$Id: truncate_log.c,v 1.1.8.1 2003/10/14 15:58:46 joda Exp $");
static char *realm;
static int version_flag;
static int help_flag;
static struct getargs args[] = {
{ "realm", 'r', arg_string, &realm },
{ "version", 0, arg_flag, &version_flag },
{ "help", 0, arg_flag, &help_flag }
};
static int num_args = sizeof(args) / sizeof(args[0]);
int
main(int argc, char **argv)
{
krb5_context context;
krb5_error_code ret;
void *kadm_handle;
kadm5_server_context *server_context;
kadm5_config_params conf;
krb5_program_setup(&context, argc, argv, args, num_args, NULL);
if(help_flag)
krb5_std_usage(0, args, num_args);
if(version_flag) {
print_version(NULL);
exit(0);
}
memset(&conf, 0, sizeof(conf));
if(realm) {
conf.mask |= KADM5_CONFIG_REALM;
conf.realm = realm;
}
ret = kadm5_init_with_password_ctx (context,
KADM5_ADMIN_SERVICE,
NULL,
KADM5_ADMIN_SERVICE,
&conf, 0, 0,
&kadm_handle);
if (ret)
krb5_err (context, 1, ret, "kadm5_init_with_password_ctx");
server_context = (kadm5_server_context *)kadm_handle;
ret = kadm5_log_truncate (server_context);
if(ret)
krb5_err (context, 1, ret, "kadm5_log_truncate");
return 0;
}

File diff suppressed because it is too large Load Diff

View File

@ -1,71 +0,0 @@
/*
* Copyright (c) 1999 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of KTH nor the names of its contributors may be
* used to endorse or promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
#include "krb5_locl.h"
RCSID("$Id: dump_config.c,v 1.2 1999/10/28 23:22:41 assar Exp $");
/* print contents of krb5.conf */
static void
print_tree(struct krb5_config_binding *b, int level)
{
if (b == NULL)
return;
printf("%*s%s%s%s", level * 4, "",
(level == 0) ? "[" : "", b->name, (level == 0) ? "]" : "");
if(b->type == krb5_config_list) {
if(level > 0)
printf(" = {");
printf("\n");
print_tree(b->u.list, level + 1);
if(level > 0)
printf("%*s}\n", level * 4, "");
} else if(b->type == krb5_config_string) {
printf(" = %s\n", b->u.string);
}
if(b->next)
print_tree(b->next, level);
}
int
main(int argc, char **argv)
{
krb5_context context;
krb5_error_code ret = krb5_init_context(&context);
if(ret == 0) {
print_tree(context->cf, 0);
return 0;
}
return 1;
}

View File

@ -1,101 +0,0 @@
.\" Copyright (c) 1997, 2001 - 2002 Kungliga Tekniska Högskolan
.\" (Royal Institute of Technology, Stockholm, Sweden).
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" 3. Neither the name of the Institute nor the names of its contributors
.\" may be used to endorse or promote products derived from this software
.\" without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $Id: krb5_build_principal.3,v 1.7 2003/04/16 13:58:14 lha Exp $
.\"
.Dd August 8, 1997
.Dt KRB5_BUILD_PRINCIPAL 3
.Os HEIMDAL
.Sh NAME
.Nm krb5_build_principal ,
.Nm krb5_build_principal_ext ,
.Nm krb5_build_principal_va ,
.Nm krb5_build_principal_va_ext ,
.Nm krb5_make_principal
.Nd principal creation functions
.Sh LIBRARY
Kerberos 5 Library (libkrb5, -lkrb5)
.Sh SYNOPSIS
.In krb5.h
.Ft krb5_error_code
.Fn krb5_build_principal "krb5_context context" "krb5_principal *principal" "int realm_len" "krb5_const_realm realm" "..."
.Ft krb5_error_code
.Fn krb5_build_principal_ext "krb5_context context" "krb5_principal *principal" "int realm_len" "krb5_const_realm realm" "..."
.Ft krb5_error_code
.Fn krb5_build_principal_va "krb5_context context" "krb5_principal *principal" "int realm_len" "krb5_const_realm realm" "va_list ap"
.Ft krb5_error_code
.Fn krb5_build_principal_va_ext "krb5_context context" "krb5_principal *principal" "int realm_len" "krb5_const_realm realm" "va_list ap"
.Ft krb5_error_code
.Fn krb5_make_principal "krb5_context context" "krb5_principal *principal" "krb5_const_realm realm" "..."
.Sh DESCRIPTION
These functions create a Kerberos 5 principal from a realm and a list
of components.
All of these functions return an allocated principal in the
.Fa principal
parameter, this should be freed with
.Fn krb5_free_principal
after use.
.Pp
The
.Dq build
functions take a
.Fa realm
and the length of the realm. The
.Fn krb5_build_principal
and
.Fn krb5_build_principal_va
also takes a list of components (zero-terminated strings), terminated
with
.Dv NULL .
The
.Fn krb5_build_principal_ext
and
.Fn krb5_build_principal_va_ext
takes a list of length-value pairs, the list is terminated with a zero
length.
.Pp
The
.Fn krb5_make_principal
is a wrapper around
.Fn krb5_build_principal .
If the realm is
.Dv NULL ,
the default realm will be used.
.Sh BUGS
You can not have a NUL in a component. Until someone can give a good
example of where it would be a good idea to have NUL's in a component,
this will not be fixed.
.Sh SEE ALSO
.Xr krb5_425_conv_principal 3 ,
.Xr krb5_free_principal 3 ,
.Xr krb5_parse_name 3 ,
.Xr krb5_sname_to_principal 3 ,
.Xr krb5_unparse_name 3

View File

@ -1,53 +0,0 @@
.\" Copyright (c) 2001 Kungliga Tekniska Högskolan
.\" (Royal Institute of Technology, Stockholm, Sweden).
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" 3. Neither the name of the Institute nor the names of its contributors
.\" may be used to endorse or promote products derived from this software
.\" without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $Id: krb5_free_addresses.3,v 1.5 2003/04/16 13:58:15 lha Exp $
.\"
.Dd November 20, 2001
.Dt KRB5_FREE_ADDRESSES 3
.Os HEIMDAL
.Sh NAME
.Nm krb5_free_addresses
.Nd free list of addresses
.Sh LIBRARY
Kerberos 5 Library (libkrb5, -lkrb5)
.Sh SYNOPSIS
.In krb5.h
.Ft void
.Fn krb5_free_addresses "krb5_context context" "krb5_addresses *addresses"
.Sh DESCRIPTION
The
.Fn krb5_free_addresses
will free a list of addresses that has been created with
.Fn krb5_get_all_client_addrs
or with some other function.
.Sh SEE ALSO
.Xr krb5_get_all_client_addrs 3

View File

@ -1,58 +0,0 @@
.\" Copyright (c) 1997, 2001 - 2002 Kungliga Tekniska Högskolan
.\" (Royal Institute of Technology, Stockholm, Sweden).
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" 3. Neither the name of the Institute nor the names of its contributors
.\" may be used to endorse or promote products derived from this software
.\" without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" Copyright (c) 1997 Kungliga Tekniska Högskolan
.\" $Id: krb5_free_principal.3,v 1.7 2003/04/16 13:58:11 lha Exp $
.Dd August 8, 1997
.Dt KRB5_FREE_PRINCIPAL 3
.Os HEIMDAL
.Sh NAME
.Nm krb5_free_principal
.Nd principal free function
.Sh LIBRARY
Kerberos 5 Library (libkrb5, -lkrb5)
.Sh SYNOPSIS
.In krb5.h
.Ft void
.Fn krb5_free_principal "krb5_context context" "krb5_principal principal"
.Sh DESCRIPTION
The
.Fn krb5_free_principal
will free a principal that has been created with
.Fn krb5_build_principal ,
.Fn krb5_parse_name ,
or with some other function.
.Sh SEE ALSO
.Xr krb5_425_conv_principal 3 ,
.Xr krb5_build_principal 3 ,
.Xr krb5_parse_name 3 ,
.Xr krb5_sname_to_principal 3 ,
.Xr krb5_unparse_name 3

View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997-2002 Kungliga Tekniska Högskolan
* Copyright (c) 1997-2006 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
/* $Id: krb5_locl.h,v 1.71 2002/09/10 20:10:45 joda Exp $ */
/* $Id: krb5_locl.h 22226 2007-12-08 21:31:53Z lha $ */
/* $FreeBSD$ */
#ifndef __KRB5_LOCL_H__
@ -51,6 +51,9 @@
#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_SYS_MMAN_H
#include <sys/mman.h>
#endif
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
@ -62,6 +65,9 @@
#include <sys/ioctl.h>
#endif
#ifdef HAVE_PWD_H
#undef _POSIX_PTHREAD_SEMANTICS
/* This gets us the 5-arg getpwnam_r on Solaris 9. */
#define _POSIX_PTHREAD_SEMANTICS
#include <pwd.h>
#endif
@ -110,20 +116,51 @@ struct sockaddr_dl;
#ifdef HAVE_SYS_FILE_H
#include <sys/file.h>
#endif
#ifdef HAVE_CRYPT_H
#undef des_encrypt
#define des_encrypt wingless_pigs_mostly_fail_to_fly
#include <crypt.h>
#undef des_encrypt
#endif
#ifdef HAVE_DOOR_CREATE
#include <door.h>
#endif
#include <roken.h>
#include <parse_time.h>
#include <base64.h>
#include "crypto-headers.h"
#include <krb5_asn1.h>
struct send_to_kdc;
/* XXX glue for pkinit */
struct krb5_pk_identity;
struct krb5_pk_cert;
struct ContentInfo;
typedef struct krb5_pk_init_ctx_data *krb5_pk_init_ctx;
struct krb5_dh_moduli;
/* v4 glue */
struct _krb5_krb_auth_data;
#include <der.h>
#include <krb5.h>
#include <krb5_err.h>
#include <asn1_err.h>
#ifdef PKINIT
#include <hx509_err.h>
#endif
#include <krb5-private.h>
#include "heim_threads.h"
#define ALLOC(X, N) (X) = calloc((N), sizeof(*(X)))
#define ALLOC_SEQ(X, N) do { (X)->len = (N); ALLOC((X)->val, (N)); } while(0)
@ -131,8 +168,101 @@ struct sockaddr_dl;
#define KEYTAB_DEFAULT "ANY:FILE:" SYSCONFDIR "/krb5.keytab,krb4:" SYSCONFDIR "/srvtab"
#define KEYTAB_DEFAULT_MODIFY "FILE:" SYSCONFDIR "/krb5.keytab"
#define MODULI_FILE SYSCONFDIR "/krb5.moduli"
#ifndef O_BINARY
#define O_BINARY 0
#endif
#define KRB5_BUFSIZ 1024
typedef enum {
KRB5_INIT_CREDS_TRISTATE_UNSET = 0,
KRB5_INIT_CREDS_TRISTATE_TRUE,
KRB5_INIT_CREDS_TRISTATE_FALSE
} krb5_get_init_creds_tristate;
struct _krb5_get_init_creds_opt_private {
int refcount;
/* ENC_TIMESTAMP */
const char *password;
krb5_s2k_proc key_proc;
/* PA_PAC_REQUEST */
krb5_get_init_creds_tristate req_pac;
/* PKINIT */
krb5_pk_init_ctx pk_init_ctx;
KRB_ERROR *error;
krb5_get_init_creds_tristate addressless;
int flags;
#define KRB5_INIT_CREDS_CANONICALIZE 1
#define KRB5_INIT_CREDS_NO_C_CANON_CHECK 2
};
typedef struct krb5_context_data {
krb5_enctype *etypes;
krb5_enctype *etypes_des;
char **default_realms;
time_t max_skew;
time_t kdc_timeout;
unsigned max_retries;
int32_t kdc_sec_offset;
int32_t kdc_usec_offset;
krb5_config_section *cf;
struct et_list *et_list;
struct krb5_log_facility *warn_dest;
krb5_cc_ops *cc_ops;
int num_cc_ops;
const char *http_proxy;
const char *time_fmt;
krb5_boolean log_utc;
const char *default_keytab;
const char *default_keytab_modify;
krb5_boolean use_admin_kdc;
krb5_addresses *extra_addresses;
krb5_boolean scan_interfaces; /* `ifconfig -a' */
krb5_boolean srv_lookup; /* do SRV lookups */
krb5_boolean srv_try_txt; /* try TXT records also */
int32_t fcache_vno; /* create cache files w/ this
version */
int num_kt_types; /* # of registered keytab types */
struct krb5_keytab_data *kt_types; /* registered keytab types */
const char *date_fmt;
char *error_string;
char error_buf[256];
krb5_addresses *ignore_addresses;
char *default_cc_name;
char *default_cc_name_env;
int default_cc_name_set;
void *mutex; /* protects error_string/error_buf */
int large_msg_size;
int flags;
#define KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME 1
#define KRB5_CTX_F_CHECK_PAC 2
struct send_to_kdc *send_to_kdc;
} krb5_context_data;
#define KRB5_DEFAULT_CCNAME_FILE "FILE:/tmp/krb5cc_%{uid}"
#define KRB5_DEFAULT_CCNAME_API "API:"
#define KRB5_DEFAULT_CCNAME_KCM "KCM:%{uid}"
#define EXTRACT_TICKET_ALLOW_CNAME_MISMATCH 1
#define EXTRACT_TICKET_ALLOW_SERVER_MISMATCH 2
#define EXTRACT_TICKET_MATCH_REALM 4
/*
* Configurable options
*/
#ifndef KRB5_DEFAULT_CCTYPE
#ifdef __APPLE__
#define KRB5_DEFAULT_CCTYPE (&krb5_acc_ops)
#else
#define KRB5_DEFAULT_CCTYPE (&krb5_fcc_ops)
#endif
#endif
#ifndef KRB5_ADDRESSLESS_DEFAULT
#define KRB5_ADDRESSLESS_DEFAULT TRUE
#endif
#endif /* __KRB5_LOCL_H__ */

View File

@ -1,81 +0,0 @@
.\" Copyright (c) 2001 Kungliga Tekniska Högskolan
.\" (Royal Institute of Technology, Stockholm, Sweden).
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" 3. Neither the name of the Institute nor the names of its contributors
.\" may be used to endorse or promote products derived from this software
.\" without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $Id: krb5_principal_get_realm.3,v 1.6 2003/04/16 13:58:17 lha Exp $
.\"
.Dd June 20, 2001
.Dt KRB5_PRINCIPAL_GET_REALM 3
.Os HEIMDAL
.Sh NAME
.Nm krb5_principal_get_realm ,
.Nm krb5_principal_get_comp_string
.Nd decompose a principal
.Sh LIBRARY
Kerberos 5 Library (libkrb5, -lkrb5)
.Sh SYNOPSIS
.In krb5.h
.Ft "const char *"
.Fn krb5_principal_get_realm "krb5_context context" "krb5_principal principal"
.Ft "const char *"
.Fn krb5_principal_get_comp_string "krb5_context context" "krb5_principal principal" "unsigned int component"
.Sh DESCRIPTION
These functions return parts of the
.Fa principal ,
either the realm or a specific component. The returned string points
to data inside the principal, so they are valid only as long as the
principal exists.
.Pp
The
.Fa component
argument to
.Fn krb5_principal_get_comp_string
is the component number to return, from zero to the total number of
components minus one. If a the requested component number is out of range,
.Dv NULL
is returned.
.Pp
These functions can be seen as a replacement for the
.Fn krb5_princ_realm ,
.Fn krb5_princ_component
and related macros, described as intermal in the MIT API
specification. A difference is that these functions return strings,
not
.Dv krb5_data .
A reason to return
.Dv krb5_data
was that it was believed that principal components could contain
binary data, but this belief was unfounded, and it has been decided
that principal components are infact UTF8, so it's safe to use zero
terminated strings.
.Pp
It's generally not necessary to look at the components of a principal.
.Sh SEE ALSO
.Xr krb5_unparse_name 3

View File

@ -1,85 +0,0 @@
.\" Copyright (c) 1997 Kungliga Tekniska Högskolan
.\" (Royal Institute of Technology, Stockholm, Sweden).
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" 3. Neither the name of the Institute nor the names of its contributors
.\" may be used to endorse or promote products derived from this software
.\" without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $Id: krb5_sname_to_principal.3,v 1.7 2003/04/16 13:58:17 lha Exp $
.\"
.Dd August 8, 1997
.Dt KRB5_PRINCIPAL 3
.Os HEIMDAL
.Sh NAME
.Nm krb5_sname_to_principal ,
.Nm krb5_sock_to_principal
.Nd create a service principal
.Sh LIBRARY
Kerberos 5 Library (libkrb5, -lkrb5)
.Sh SYNOPSIS
.In krb5.h
.Ft krb5_error_code
.Fn krb5_sname_to_principal "krb5_context context" "const char *hostname" "const char *sname" "int32_t type" "krb5_principal *principal"
.Ft krb5_error_code
.Fn krb5_sock_to_principal "krb5_context context" "int socket" "const char *sname" "int32_t type" "krb5_principal *principal"
.Sh DESCRIPTION
These functions create a
.Dq service
principal that can, for instance, be used to lookup a key in a keytab. For both these function the
.Fa sname
parameter will be used for the first component of the created principal. If
.Fa sname
is
.Dv NULL ,
.Dq host
will be used instead.
.Fn krb5_sname_to_principal
will use the passed
.Fa hostname
for the second component. If type
.Dv KRB5_NT_SRV_HST
this name will be looked up with
.Fn gethostbyname .
If
.Fa hostname is
.Dv NULL ,
the local hostname will be used.
.Pp
.Fn krb5_sock_to_principal
will use the
.Dq sockname
of the passed
.Fa socket ,
which should be a bound
.Dv AF_INET
socket.
.Sh SEE ALSO
.Xr krb5_425_conv_principal 3 ,
.Xr krb5_build_principal 3 ,
.Xr krb5_free_principal 3 ,
.Xr krb5_parse_name 3 ,
.Xr krb5_unparse_name 3

View File

@ -1,36 +0,0 @@
@BOTTOM@
#ifdef BROKEN_REALLOC
#define realloc(X, Y) isoc_realloc((X), (Y))
#define isoc_realloc(X, Y) ((X) ? realloc((X), (Y)) : malloc(Y))
#endif
#ifdef VOID_RETSIGTYPE
#define SIGRETURN(x) return
#else
#define SIGRETURN(x) return (RETSIGTYPE)(x)
#endif
#define RCSID(msg) \
static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg }
#undef PROTOTYPES
/* Maximum values on all known systems */
#define MaxHostNameLen (64+4)
#define MaxPathLen (1024+4)
/*
* Define NDBM if you are using the 4.3 ndbm library (which is part of
* libc). If not defined, 4.2 dbm will be assumed.
*/
#if defined(HAVE_DBM_FIRSTKEY)
#define NDBM
#endif
/*
* Defining this enables lots of useful (and used) extensions on
* glibc-based systems such as Linux
*/
#define _GNU_SOURCE

View File

@ -1,9 +0,0 @@
dnl $Id$
dnl
dnl Only put things that for some reason can't live in the `cf'
dnl directory in this file.
dnl
dnl $xId: misc.m4,v 1.1 1997/12/14 15:59:04 joda Exp $
dnl
define(upcase,`echo $1 | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`)dnl

View File

@ -1,78 +0,0 @@
/*
* Copyright (c) 1998 - 2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
RCSID("$Id: print_version.c,v 1.8 2001/02/20 01:44:55 assar Exp $");
#endif
#include "roken.h"
#include "print_version.h"
void
print_version(const char *progname)
{
const char *arg[] = VERSIONLIST;
const int num_args = sizeof(arg) / sizeof(arg[0]);
char *msg;
size_t len = 0;
int i;
if(progname == NULL)
progname = getprogname();
if(num_args == 0)
msg = "no version information";
else {
for(i = 0; i < num_args; i++) {
if(i > 0)
len += 2;
len += strlen(arg[i]);
}
msg = malloc(len + 1);
if(msg == NULL) {
fprintf(stderr, "%s: out of memory\n", progname);
return;
}
msg[0] = '\0';
for(i = 0; i < num_args; i++) {
if(i > 0)
strcat(msg, ", ");
strcat(msg, arg[i]);
}
}
fprintf(stderr, "%s (%s)\n", progname, msg);
fprintf(stderr, "Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan\n");
if(num_args != 0)
free(msg);
}

View File

@ -1,15 +0,0 @@
//{{NO_DEPENDENCIES}}
// Microsoft Developer Studio generated include file.
// Used by roken.rc
//
// Next default values for new objects
//
#ifdef APSTUDIO_INVOKED
#ifndef APSTUDIO_READONLY_SYMBOLS
#define _APS_NEXT_RESOURCE_VALUE 101
#define _APS_NEXT_COMMAND_VALUE 40001
#define _APS_NEXT_CONTROL_VALUE 1000
#define _APS_NEXT_SYMED_VALUE 101
#endif
#endif

File diff suppressed because it is too large Load Diff

View File

@ -1,150 +0,0 @@
#! /bin/sh
# mkinstalldirs --- make directory hierarchy
scriptversion=2004-02-15.20
# Original author: Noah Friedman <friedman@prep.ai.mit.edu>
# Created: 1993-05-16
# Public domain.
#
# This file is maintained in Automake, please report
# bugs to <bug-automake@gnu.org> or send patches to
# <automake-patches@gnu.org>.
errstatus=0
dirmode=""
usage="\
Usage: mkinstalldirs [-h] [--help] [--version] [-m MODE] DIR ...
Create each directory DIR (with mode MODE, if specified), including all
leading file name components.
Report bugs to <bug-automake@gnu.org>."
# process command line arguments
while test $# -gt 0 ; do
case $1 in
-h | --help | --h*) # -h for help
echo "$usage"
exit 0
;;
-m) # -m PERM arg
shift
test $# -eq 0 && { echo "$usage" 1>&2; exit 1; }
dirmode=$1
shift
;;
--version)
echo "$0 $scriptversion"
exit 0
;;
--) # stop option processing
shift
break
;;
-*) # unknown option
echo "$usage" 1>&2
exit 1
;;
*) # first non-opt arg
break
;;
esac
done
for file
do
if test -d "$file"; then
shift
else
break
fi
done
case $# in
0) exit 0 ;;
esac
# Solaris 8's mkdir -p isn't thread-safe. If you mkdir -p a/b and
# mkdir -p a/c at the same time, both will detect that a is missing,
# one will create a, then the other will try to create a and die with
# a "File exists" error. This is a problem when calling mkinstalldirs
# from a parallel make. We use --version in the probe to restrict
# ourselves to GNU mkdir, which is thread-safe.
case $dirmode in
'')
if mkdir -p --version . >/dev/null 2>&1 && test ! -d ./--version; then
echo "mkdir -p -- $*"
exec mkdir -p -- "$@"
else
# On NextStep and OpenStep, the `mkdir' command does not
# recognize any option. It will interpret all options as
# directories to create, and then abort because `.' already
# exists.
test -d ./-p && rmdir ./-p
test -d ./--version && rmdir ./--version
fi
;;
*)
if mkdir -m "$dirmode" -p --version . >/dev/null 2>&1 &&
test ! -d ./--version; then
echo "mkdir -m $dirmode -p -- $*"
exec mkdir -m "$dirmode" -p -- "$@"
else
# Clean up after NextStep and OpenStep mkdir.
for d in ./-m ./-p ./--version "./$dirmode";
do
test -d $d && rmdir $d
done
fi
;;
esac
for file
do
set fnord `echo ":$file" | sed -ne 's/^:\//#/;s/^://;s/\// /g;s/^#/\//;p'`
shift
pathcomp=
for d
do
pathcomp="$pathcomp$d"
case $pathcomp in
-*) pathcomp=./$pathcomp ;;
esac
if test ! -d "$pathcomp"; then
echo "mkdir $pathcomp"
mkdir "$pathcomp" || lasterr=$?
if test ! -d "$pathcomp"; then
errstatus=$lasterr
else
if test ! -z "$dirmode"; then
echo "chmod $dirmode $pathcomp"
lasterr=""
chmod "$dirmode" "$pathcomp" || lasterr=$?
if test ! -z "$lasterr"; then
errstatus=$lasterr
fi
fi
fi
fi
pathcomp="$pathcomp/"
done
done
exit $errstatus
# Local Variables:
# mode: shell-script
# sh-indentation: 2
# eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-end: "$"
# End:

View File

@ -1,212 +0,0 @@
#!/bin/sh
#
# Build many combinations of kth-krb/heimdal/openssl
#
# $Id: build.sh,v 1.8 2003/04/17 12:55:02 lha Exp $
opt_n= #:
make_f= #-j
heimdal_versions="0.5.2 0.6pre4"
krb4_versions="1.2.2"
openssl_versions="0.9.6i 0.9.7a 0.9.7b"
make_check_version=".*heimdal-0.6.*"
# 0.5 dont eat 0.9.7
dont_build="openssl-0.9.7.*heimdal-0.5.*"
# 1.2 dont eat 0.9.7
dont_build="openssl-0.9.7.*krb4-1.2.* ${dont_build}"
#yacc problems
dont_build="openssl-0.9.6.*heimdal-0.5.*osf4.* ${dont_build}"
#local openssl 09.7 and broken kuser/Makefile.am
dont_build="openssl-0.9.6.*heimdal-0.5.*freebsd4.8.* ${dont_build}"
failed=
# Allow override
for a in $HOME . /etc ; do
[ -f $a/.heimdal-build ] && . $a/.heimdal-build
done
targetdir=${targetdir:-/scratch/heimdal-test}
logfile="${targetdir}/buildlog"
distdirs="${distdirs} /afs/su.se/home/l/h/lha/Public/openssl"
distdirs="${distdirs} /afs/pdc.kth.se/public/ftp/pub/heimdal/src"
distdirs="${distdirs} /afs/pdc.kth.se/public/ftp/pub/heimdal/src/snapshots"
distdirs="${distdirs} /afs/pdc.kth.se/public/ftp/pub/krb/src"
logprint () {
d=`date '+%Y-%m-%d %H:%M:%S'`
echo "${d}: $*"
echo "${d}: --- $*" >> ${logfile}
}
logerror () {
echo "$*"
exit 1
}
find_unzip_prog () {
unzip_prog=
oldIFS="$IFS"
IFS=:
set -- $PATH
IFS="$oldIFS"
for a in $* ; do
if [ -x $a/gzip ] ; then
unzip_prog="$a/gzip -dc"
break
elif [ -x $a/gunzip ] ; then
unzip_prog="$a/gunzip -c"
break
fi
done
[ "$unzip_prog" = "" ] && logerror failed to find unzip program
}
find_canon_name () {
canon_name=
for a in ${distdirs} ; do
if [ -f $a/config.guess ] ; then
canon_name=`$a/config.guess`
fi
if [ "${canon_name}" != "" ] ; then
break
fi
done
[ "${canon_name}" = "" ] && logerror "cant find config.guess"
}
do_check_p () {
eval check_var=\$"$1"
for a in ${check_var} ; do
expr "$2${canon_name}" : "${a}" > /dev/null 2>&1 && return 1
done
return 0
}
unpack_tar () {
for a in ${distdirs} ; do
if [ -f $a/$1 ] ; then
${opt_n} ${unzip_prog} ${a}/$1 | ${opt_n} tar xf -
return 0
fi
done
logerror "did not find $1"
}
build () {
real_ver=$1
prog=$2
ver=$3
confprog=$4
checks=$5
pv=${prog}-${ver}
mkdir tmp || logerror "failed to build tmpdir"
cd tmp || logerror "failed to change dir to tmpdir"
do_check_p dont_build ${real_ver} || \
{ cd .. ; rmdir tmp ; logprint "not building $1" && return 0 ; }
cd .. || logerror "failed to change back from tmpdir"
rmdir tmp || logerror "failed to remove tmpdir"
logprint "preparing for ${pv}"
${opt_n} rm -rf ${targetdir}/${prog}-${ver}
${opt_n} rm -rf ${prog}-${ver}
unpack_tar ${pv}.tar.gz
${opt_n} cd ${pv} || logerror directory ${pv} not there
logprint "configure ${prog} ${ver} (${confprog})"
${opt_n} ./${confprog} \
--prefix=${targetdir}/${pv} >> ${logfile} 2>&1 || \
{ logprint failed to configure ${pv} ; return 1 ; }
logprint "make ${prog} ${ver}"
${opt_n} make ${make_f} >> ${logfile} 2>&1 || \
{ logprint failed to make ${pv} ; return 1 ; }
${opt_n} make install >> ${logfile} 2>&1 || \
{ logprint failed to install ${pv} ; return 1 ; }
do_check_p make_check_version ${real_ver} || \
{ ${opt_n} make check >> ${logfile} 2>&1 || return 1 ; }
${opt_n} cd ..
[ "${checks}" != "" ] && ${opt_n} ${checks} >> ${logfile} 2>&1
return 0
}
find_canon_name
logprint using host `hostname`
logprint `uname -a`
logprint canonical name ${canon_name}
logprint clearing logfile
> ${logfile}
find_unzip_prog
logprint using target dir ${targetdir}
mkdir -p ${targetdir}/src
cd ${targetdir}/src || exit 1
rm -rf heimdal* openssl* krb4*
logprint === building openssl versions
for vo in ${openssl_versions} ; do
build openssl-${vo} openssl $vo config
done
wssl="--with-openssl=${targetdir}/openssl"
wssli="--with-openssl-include=${targetdir}/openssl" #this is a hack for broken heimdal 0.5.x autoconf test
wossl="--without-openssl"
wk4c="--with-krb4-config=${targetdir}/krb4"
bk4c="/bin/krb4-config"
wok4="--without-krb4"
logprint === building heimdal w/o krb4 versions
for vo in ${openssl_versions} ; do
for vh in ${heimdal_versions} ; do
v="openssl-${vo}-heimdal-${vh}"
build "${v}" \
heimdal ${vh} \
"configure ${wok4} ${wssl}-${vo} ${wssli}-${vo}/include" \
"${targetdir}/heimdal-${vh}/bin/krb5-config --libs | grep lcrypto" \ || \
{ failed="${failed} ${v}" ; logprint ${v} failed ; }
done
done
logprint === building krb4
for vo in ${openssl_versions} ; do
for vk in ${krb4_versions} ; do
v="openssl-${vo}-krb4-${vk}"
build "${v}" \
krb4 ${vk} \
"configure ${wssl}-${vo}" \
"${targetdir}/krb4-${vk}/bin/krb4-config --libs | grep lcrypto"|| \
{ failed="${failed} ${v}" ; logprint ${v} failed ; }
done
done
logprint === building heimdal with krb4 versions
for vo in ${openssl_versions} ; do
for vk in ${krb4_versions} ; do
for vh in ${heimdal_versions} ; do
v="openssl-${vo}-krb4-${vk}-heimdal-${vh}"
build "${v}" \
heimdal ${vh} \
"configure ${wk4c}-${vk}${bk4c} ${wssl}-${vo} ${wssli}-${vo}/include" \
"${targetdir}/heimdal-${vh}/bin/krb5-config --libs | grep lcrypto && ${targetdir}/heimdal-${vh}/bin/krb5-config --libs | grep krb4" \
|| \
{ failed="${failed} ${v}" ; logprint ${v} failed ; }
done
done
done
logprint === building heimdal without krb4 and openssl versions
for vh in ${heimdal_versions} ; do
v="des-heimdal-${vh}"
build "${v}" \
heimdal ${vh} \
"configure ${wok4} ${wossl}" || \
{ failed="${failed} ${v}" ; logprint ${v} failed ; }
done
logprint all done
[ "${failed}" != "" ] && logprint "failed: ${failed}"
exit 0

View File

@ -1,4 +1,6 @@
# $FreeBSD$
#
# Name OID Library name Kernel module
kerberosv5 1.2.840.113554.1.2.2 /usr/lib/libgssapi_krb5.so.9 -
kerberosv5 1.2.840.113554.1.2.2 /usr/lib/libgssapi_krb5.so.10 -
spnego 1.3.6.1.5.5.2 /usr/lib/libgssapi_spnego.so.10 -
#ntlm 1.3.6.1.4.1.311.2.2.10 /usr/lib/libgssapi_ntlm.so.10 -

View File

@ -34,8 +34,8 @@ LDADD= ${LIBCVS} ${LIBDIFF} -lgnuregex -lmd -lcrypt -lz
.if ${MK_KERBEROS_SUPPORT} != "no"
CFLAGS+= -DHAVE_GSSAPI -DENCRYPTION
LDADD+= -lgssapi -lkrb5 -lasn1 -lcrypto -lroken -lcrypt -lcom_err
DPADD+= ${LIBGSSAPI} ${LIBKRB5} ${LIBASN1} ${LIBCRYPTO} ${LIBROKEN}
LDADD+= -lgssapi -lkrb5 -lhx509 -lasn1 -lcrypto -lroken -lcrypt -lcom_err
DPADD+= ${LIBGSSAPI} ${LIBKRB5} ${LIBHX509} ${LIBASN1} ${LIBCRYPTO} ${LIBROKEN}
DPADD+= ${LIBCRYPT} ${LIBCOM_ERR}
.endif

View File

@ -41,6 +41,11 @@
*/
#include <stdint.h>
#ifndef _SSIZE_T_DECLARED
typedef __ssize_t ssize_t;
#define _SSIZE_T_DECLARED
#endif
#if 0
/*
* If the platform supports the xom.h header file, it should be
@ -732,25 +737,101 @@ OM_uint32 gss_unseal
);
/*
* kerberos mechanism specific functions
* Other extensions and helper functions.
*/
struct krb5_ccache_data;
#define GSS_C_KRB5_COMPAT_DES3_MIC 1
OM_uint32 gsskrb5_register_acceptor_identity
(const char * /* identity */
int gss_oid_equal
(const gss_OID, /* first OID to compare */
const gss_OID /* second OID to compare */
);
OM_uint32 gss_krb5_copy_ccache
(OM_uint32 *, /* minor_status */
gss_cred_id_t, /* cred_handle */
struct krb5_ccache_data * /* out */
OM_uint32 gss_release_oid
(OM_uint32 *, /* minor status */
gss_OID * /* oid to free */
);
OM_uint32 gss_krb5_compat_des3_mic
OM_uint32 gss_decapsulate_token
(const gss_buffer_t, /* mechanism independent token */
gss_OID, /* desired mechanism */
gss_buffer_t /* decapsulated mechanism dependant token */
);
OM_uint32 gss_encapsulate_token
(const gss_buffer_t, /* mechanism dependant token */
gss_OID, /* desired mechanism */
gss_buffer_t /* encapsulated mechanism independent token */
);
OM_uint32 gss_duplicate_oid
(OM_uint32 *, /* minor status */
const gss_OID, /* oid to copy */
gss_OID * /* result */
);
OM_uint32 gss_oid_to_str
(OM_uint32 *, /* minor status */
gss_OID, /* oid to convert */
gss_buffer_t /* buffer to contain string */
);
typedef struct gss_buffer_set_desc_struct {
size_t count;
gss_buffer_desc *elements;
} gss_buffer_set_desc, *gss_buffer_set_t;
#define GSS_C_NO_BUFFER_SET ((gss_buffer_set_t) 0)
OM_uint32 gss_create_empty_buffer_set
(OM_uint32 *, /* minor status */
gss_buffer_set_t * /* location for new buffer set */
);
OM_uint32 gss_add_buffer_set_member
(OM_uint32 *, /* minor status */
gss_buffer_t, /* buffer to add */
gss_buffer_set_t * /* set to add to */
);
OM_uint32 gss_release_buffer_set
(OM_uint32 *, /* minor status */
gss_buffer_set_t * /* set to release */
);
OM_uint32 gss_inquire_sec_context_by_oid
(OM_uint32 *, /* minor_status */
gss_ctx_id_t, /* context_handle */
int /* flag */
const gss_ctx_id_t, /* context_handle */
const gss_OID, /* desired_object */
gss_buffer_set_t * /* result */
);
OM_uint32 gss_inquire_cred_by_oid
(OM_uint32 *, /* minor_status */
const gss_cred_id_t, /* cred_handle */
const gss_OID, /* desired_object */
gss_buffer_set_t * /* result */
);
OM_uint32 gss_set_sec_context_option
(OM_uint32 *, /* minor status */
gss_ctx_id_t *, /* context */
const gss_OID, /* option to set */
const gss_buffer_t /* option value */
);
OM_uint32 gss_set_cred_option
(OM_uint32 *, /* minor status */
gss_cred_id_t *, /* cred */
const gss_OID, /* option to set */
const gss_buffer_t /* option value */
);
OM_uint32 gss_pseudo_random
(OM_uint32 *, /* minor status */
gss_ctx_id_t, /* context handle */
int prf_key, /* XXX */
const gss_buffer_t, /* data to seed generator */
ssize_t, /* amount of data required */
gss_buffer_t /* buffer for result */
);
#endif /* _GSSAPI_GSSAPI_H_ */

View File

@ -25,7 +25,10 @@ ETSRCS= \
${KRB5DIR}/lib/kadm5/kadm5_err.et \
${KRB5DIR}/lib/krb5/heim_err.et \
${KRB5DIR}/lib/krb5/k524_err.et \
${KRB5DIR}/lib/krb5/krb5_err.et
${KRB5DIR}/lib/krb5/krb5_err.et \
${KRB5DIR}/lib/krb5/krb_err.et \
${KRB5DIR}/lib/gssapi/krb5/gkrb5_err.et \
${KRB5DIR}/lib/hx509/hx509_err.et
.for ET in ${ETSRCS}
.for _ET in ${ET:T:R}

View File

@ -1,5 +1,5 @@
/* include/config.h. Generated automatically by configure. */
/* include/config.h.in. Generated automatically from configure.in by autoheader. */
/* include/config.h. Generated from config.h.in by configure. */
/* include/config.h.in. Generated from configure.in by autoheader. */
/* $FreeBSD$ */
@ -10,34 +10,40 @@
static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
#endif
#define BINDIR "/usr/bin"
#define LIBDIR "/usr/lib"
#define LIBEXECDIR "/usr/libexec"
#define SBINDIR "/usr/sbin"
#define SYSCONFDIR "/etc"
#define HAVE_INT8_T 1
#define HAVE_INT16_T 1
#define HAVE_INT32_T 1
#define HAVE_INT64_T 1
#define HAVE_U_INT8_T 1
#define HAVE_U_INT16_T 1
#define HAVE_U_INT32_T 1
#define HAVE_U_INT64_T 1
#define HAVE_UINT8_T 1
#define HAVE_UINT16_T 1
#define HAVE_UINT32_T 1
#define HAVE_UINT64_T 1
/* Maximum values on all known systems */
#define MaxHostNameLen (64+4)
#define MaxPathLen (1024+4)
#ifdef BUILD_KRB5_LIB
#ifndef KRB5_LIB_FUNCTION
#ifdef _WIN32_
#define KRB5_LIB_FUNCTION _export _stdcall
#else
#define KRB5_LIB_FUNCTION
#endif
#endif
#endif
#ifdef BUILD_ROKEN_LIB
#ifndef ROKEN_LIB_FUNCTION
#ifdef _WIN32_
#define ROKEN_LIB_FUNCTION _export _stdcall
#else
#define ROKEN_LIB_FUNCTION
#endif
#endif
#endif
/* Define if you want authentication support in telnet. */
#define AUTHENTICATION 1
/* path to bin */
#define BINDIR "/usr/bin"
/* Define if realloc(NULL) doesn't work. */
/* #undef BROKEN_REALLOC */
@ -50,6 +56,12 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* Define this to enable diagnostics in telnet. */
#define DIAGNOSTICS 1
/* Define if want to use the weak AFS string to key functions. */
#define ENABLE_AFS_STRING_TO_KEY 1
/* Define if you want have a thread safe libraries */
/* #undef ENABLE_PTHREAD_SUPPORT */
/* Define if you want encryption support in telnet. */
#define ENCRYPTION 1
@ -61,7 +73,7 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* define if prototype of gethostbyaddr is compatible with struct hostent
*gethostbyaddr(const void *, size_t, int) */
/* #undef GETHOSTBYADDR_PROTO_COMPATIBLE */
#define GETHOSTBYADDR_PROTO_COMPATIBLE 1
/* define if prototype of gethostbyname is compatible with struct hostent
*gethostbyname(const char *) */
@ -78,8 +90,8 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* Define if you have the `altzone' variable. */
/* #undef HAVE_ALTZONE */
/* define if your system declares altzone */
/* #undef HAVE_ALTZONE_DECLARATION */
/* Define to 1 if you have the `arc4random' function. */
#define HAVE_ARC4RANDOM 1
/* Define to 1 if you have the <arpa/ftp.h> header file. */
#define HAVE_ARPA_FTP_H 1
@ -126,6 +138,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* Define if you have the function `chown'. */
#define HAVE_CHOWN 1
/* Define if you have the function `closefrom'. */
/* #undef HAVE_CLOSEFROM */
/* Define to 1 if you have the <config.h> header file. */
/* #undef HAVE_CONFIG_H */
@ -177,6 +192,54 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* define if you have ndbm compat in db */
/* #undef HAVE_DB_NDBM */
/* Define to 1 if you have the declaration of `altzone', and to 0 if you
don't. */
/* #undef HAVE_DECL_ALTZONE */
/* Define to 1 if you have the declaration of `environ', and to 0 if you
don't. */
#define HAVE_DECL_ENVIRON 0
/* Define to 1 if you have the declaration of `h_errlist', and to 0 if you
don't. */
#define HAVE_DECL_H_ERRLIST 0
/* Define to 1 if you have the declaration of `h_errno', and to 0 if you
don't. */
#define HAVE_DECL_H_ERRNO 1
/* Define to 1 if you have the declaration of `h_nerr', and to 0 if you don't.
*/
/* #undef HAVE_DECL_H_NERR */
/* Define to 1 if you have the declaration of `optarg', and to 0 if you don't.
*/
#define HAVE_DECL_OPTARG 1
/* Define to 1 if you have the declaration of `opterr', and to 0 if you don't.
*/
#define HAVE_DECL_OPTERR 1
/* Define to 1 if you have the declaration of `optind', and to 0 if you don't.
*/
#define HAVE_DECL_OPTIND 1
/* Define to 1 if you have the declaration of `optopt', and to 0 if you don't.
*/
#define HAVE_DECL_OPTOPT 1
/* Define to 1 if you have the declaration of `timezone', and to 0 if you
don't. */
#define HAVE_DECL_TIMEZONE 1
/* Define to 1 if you have the declaration of `_res', and to 0 if you don't.
*/
#define HAVE_DECL__RES 1
/* Define to 1 if you have the declaration of `__progname', and to 0 if you
don't. */
#define HAVE_DECL___PROGNAME 0
/* Define to 1 if you have the <dirent.h> header file. */
#define HAVE_DIRENT_H 1
@ -189,6 +252,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* Define to 1 if you have the `dn_expand' function. */
#define HAVE_DN_EXPAND 1
/* Define to 1 if you have the `door_create' function. */
/* #undef HAVE_DOOR_CREATE */
/* Define if you have the function `ecalloc'. */
/* #undef HAVE_ECALLOC */
@ -198,9 +264,6 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* Define if you have the function `emalloc'. */
/* #undef HAVE_EMALLOC */
/* define if your system declares environ */
/* #undef HAVE_ENVIRON_DECLARATION */
/* Define if you have the function `erealloc'. */
/* #undef HAVE_EREALLOC */
@ -238,12 +301,10 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
#define HAVE_FNMATCH_H 1
/* Define if el_init takes four arguments. */
#if __FreeBSD_version >= 500024
#define HAVE_FOUR_VALUED_EL_INIT 1
#endif
/* define if krb_put_int takes four arguments. */
#define HAVE_FOUR_VALUED_KRB_PUT_INT 1
/* Have -framework Security */
/* #undef HAVE_FRAMEWORK_SECURITY */
/* Define to 1 if you have the `freeaddrinfo' function. */
#define HAVE_FREEADDRINFO 1
@ -311,16 +372,17 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* Define to 1 if you have the `getpagesize' function. */
#define HAVE_GETPAGESIZE 1
/* Define to 1 if you have the `getpeereid' function. */
#define HAVE_GETPEEREID 1
/* Define to 1 if you have the `getpeerucred' function. */
/* #undef HAVE_GETPEERUCRED */
/* Define to 1 if you have the `getprogname' function. */
#if (__FreeBSD_version >= 430002 && __FreeBSD_version < 500000) || \
__FreeBSD_version >= 500019
#define HAVE_GETPROGNAME 1
#endif
/* Define to 1 if you have the `getpwnam_r' function. */
#if __FreeBSD_version >= 500112
#define HAVE_GETPWNAM_R 1
#endif
/* Define to 1 if you have the `getrlimit' function. */
#define HAVE_GETRLIMIT 1
@ -348,9 +410,7 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
#define HAVE_GLOB 1
/* Define to 1 if you have the `grantpt' function. */
#if __FreeBSD_version >= 500100
#define HAVE_GRANTPT 1
#endif
/* Define to 1 if you have the <grp.h> header file. */
#define HAVE_GRP_H 1
@ -361,20 +421,11 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* Define if you have the `h_errlist' variable. */
#define HAVE_H_ERRLIST 1
/* define if your system declares h_errlist */
/* #undef HAVE_H_ERRLIST_DECLARATION */
/* Define if you have the `h_errno' variable. */
#define HAVE_H_ERRNO 1
/* define if your system declares h_errno */
#define HAVE_H_ERRNO_DECLARATION 1
/* Define if you have the `h_nerr' variable. */
#define HAVE_H_NERR 1
/* define if your system declares h_nerr */
/* #undef HAVE_H_NERR_DECLARATION */
/* #undef HAVE_H_NERR */
/* Define to 1 if you have the <ifaddrs.h> header file. */
#define HAVE_IFADDRS_H 1
@ -400,6 +451,18 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* Define if you have the function `innetgr'. */
#define HAVE_INNETGR 1
/* Define to 1 if the system has the type `int16_t'. */
#define HAVE_INT16_T 1
/* Define to 1 if the system has the type `int32_t'. */
#define HAVE_INT32_T 1
/* Define to 1 if the system has the type `int64_t'. */
#define HAVE_INT64_T 1
/* Define to 1 if the system has the type `int8_t'. */
#define HAVE_INT8_T 1
/* Define to 1 if you have the <inttypes.h> header file. */
#define HAVE_INTTYPES_H 1
@ -415,20 +478,8 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* Define to 1 if you have the `issetugid' function. */
#define HAVE_ISSETUGID 1
/* Define to 1 if you have the `krb_disable_debug' function. */
/* #undef HAVE_KRB_DISABLE_DEBUG */
/* Define to 1 if you have the `krb_enable_debug' function. */
/* #undef HAVE_KRB_ENABLE_DEBUG */
/* Define to 1 if you have the `krb_get_kdc_time_diff' function. */
/* #undef HAVE_KRB_GET_KDC_TIME_DIFF */
/* Define to 1 if you have the `krb_get_our_ip_for_realm' function. */
/* #undef HAVE_KRB_GET_OUR_IP_FOR_REALM */
/* Define to 1 if you have the `krb_kdctimeofday' function. */
/* #undef HAVE_KRB_KDCTIMEOFDAY */
/* Define if you want to use the Kerberos Credentials Manager. */
#define HAVE_KCM 1
/* Define to 1 if you have the <libutil.h> header file. */
#define HAVE_LIBUTIL_H 1
@ -488,7 +539,7 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* #undef HAVE_NETINET6_IN6_H */
/* Define to 1 if you have the <netinet6/in6_var.h> header file. */
#define HAVE_NETINET6_IN6_VAR_H 1
/* #undef HAVE_NETINET6_IN6_VAR_H */
/* Define to 1 if you have the <netinet/in6.h> header file. */
/* #undef HAVE_NETINET_IN6_H */
@ -520,9 +571,6 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* Define if NDBM really is DB (creates files *.db) */
#define HAVE_NEW_DB 1
/* define if you have hash functions like md4_finito() */
/* #undef HAVE_OLD_HASH_NAMES */
/* Define to 1 if you have the `on_exit' function. */
/* #undef HAVE_ON_EXIT */
@ -532,18 +580,6 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* define to use openssl's libcrypto */
#define HAVE_OPENSSL 1
/* define if your system declares optarg */
#define HAVE_OPTARG_DECLARATION 1
/* define if your system declares opterr */
#define HAVE_OPTERR_DECLARATION 1
/* define if your system declares optind */
#define HAVE_OPTIND_DECLARATION 1
/* define if your system declares optopt */
#define HAVE_OPTOPT_DECLARATION 1
/* Define to enable basic OSF C2 support. */
/* #undef HAVE_OSFC2 */
@ -553,13 +589,17 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* Define to 1 if you have the `pidfile' function. */
/* #undef HAVE_PIDFILE */
/* Define to 1 if you have the `poll' function. */
#define HAVE_POLL 1
/* Define to 1 if you have the <poll.h> header file. */
#define HAVE_POLL_H 1
/* Define to 1 if you have the <pthread.h> header file. */
#define HAVE_PTHREAD_H 1
/* Define to 1 if you have the `ptsname' function. */
#if __FreeBSD_version >= 500100
#define HAVE_PTSNAME 1
#endif
/* Define to 1 if you have the <pty.h> header file. */
/* #undef HAVE_PTY_H */
@ -591,8 +631,11 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* Define to 1 if you have the <resolv.h> header file. */
#define HAVE_RESOLV_H 1
/* Define to 1 if you have the `res_ndestroy' function. */
#define HAVE_RES_NDESTROY 1
/* Define to 1 if you have the `res_nsearch' function. */
/* #undef HAVE_RES_NSEARCH */
#define HAVE_RES_NSEARCH 1
/* Define to 1 if you have the `res_search' function. */
#define HAVE_RES_SEARCH 1
@ -646,10 +689,7 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
#define HAVE_SETPROCTITLE 1
/* Define to 1 if you have the `setprogname' function. */
#if (__FreeBSD_version >= 430002 && __FreeBSD_version < 500000) || \
__FreeBSD_version >= 500019
#define HAVE_SETPROGNAME 1
#endif
/* Define to 1 if you have the `setregid' function. */
#define HAVE_SETREGID 1
@ -709,9 +749,7 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* #undef HAVE_STANDARDS_H */
/* Define to 1 if you have the <stdint.h> header file. */
#if __FreeBSD_version >= 500028
#define HAVE_STDINT_H 1
#endif
/* Define to 1 if you have the <stdlib.h> header file. */
#define HAVE_STDLIB_H 1
@ -953,6 +991,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* Define to 1 if you have the <sys/types.h> header file. */
#define HAVE_SYS_TYPES_H 1
/* Define to 1 if you have the <sys/ucred.h> header file. */
#define HAVE_SYS_UCRED_H 1
/* Define to 1 if you have the <sys/uio.h> header file. */
#define HAVE_SYS_UIO_H 1
@ -980,15 +1021,12 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* Define to 1 if you have the `tgetent' function. */
#define HAVE_TGETENT 1
/* Define to 1 if you have the `timegm' function. */
/* Define if you have the function `timegm'. */
#define HAVE_TIMEGM 1
/* Define if you have the `timezone' variable. */
#define HAVE_TIMEZONE 1
/* define if your system declares timezone */
#define HAVE_TIMEZONE_DECLARATION 1
/* Define to 1 if you have the <time.h> header file. */
#define HAVE_TIME_H 1
@ -1004,6 +1042,21 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* Define to 1 if you have the <udb.h> header file. */
/* #undef HAVE_UDB_H */
/* Define to 1 if the system has the type `uint16_t'. */
#define HAVE_UINT16_T 1
/* Define to 1 if the system has the type `uint32_t'. */
#define HAVE_UINT32_T 1
/* Define to 1 if the system has the type `uint64_t'. */
#define HAVE_UINT64_T 1
/* Define to 1 if the system has the type `uint8_t'. */
#define HAVE_UINT8_T 1
/* Define to 1 if the system has the type `uintptr_t'. */
#define HAVE_UINTPTR_T 1
/* Define to 1 if you have the `umask' function. */
#define HAVE_UMASK 1
@ -1014,9 +1067,7 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
#define HAVE_UNISTD_H 1
/* Define to 1 if you have the `unlockpt' function. */
#if __FreeBSD_version >= 500100
#define HAVE_UNLOCKPT 1
#endif
/* Define if you have the function `unsetenv'. */
#define HAVE_UNSETENV 1
@ -1039,6 +1090,18 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* Define to 1 if you have the <utmp.h> header file. */
#define HAVE_UTMP_H 1
/* Define to 1 if the system has the type `u_int16_t'. */
#define HAVE_U_INT16_T 1
/* Define to 1 if the system has the type `u_int32_t'. */
#define HAVE_U_INT32_T 1
/* Define to 1 if the system has the type `u_int64_t'. */
#define HAVE_U_INT64_T 1
/* Define to 1 if the system has the type `u_int8_t'. */
#define HAVE_U_INT8_T 1
/* Define to 1 if you have the `vasnprintf' function. */
/* #undef HAVE_VASNPRINTF */
@ -1105,9 +1168,6 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* Define if you have the `_res' variable. */
#define HAVE__RES 1
/* define if your system declares _res */
#define HAVE__RES_DECLARATION 1
/* Define to 1 if you have the `_scrsize' function. */
/* #undef HAVE__SCRSIZE */
@ -1117,9 +1177,6 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* Define if you have the `__progname' variable. */
#define HAVE___PROGNAME 1
/* define if your system declares __progname */
/* #undef HAVE___PROGNAME_DECLARATION */
/* Define if you have the hesiod package. */
/* #undef HESIOD */
@ -1129,20 +1186,14 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* Enable Kerberos 5 support in applications. */
#define KRB5 1
/* Define if krb_mk_req takes const char * */
/* #undef KRB_MK_REQ_CONST */
/* path to lib */
#define LIBDIR "/usr/lib"
/* This is the krb4 sendauth version. */
/* #undef KRB_SENDAUTH_VERS */
/* path to libexec */
#define LIBEXECDIR "/usr/libexec"
/* Define to zero if your krb.h doesn't */
/* #undef KRB_VERIFY_NOT_SECURE */
/* Define to one if your krb.h doesn't */
/* #undef KRB_VERIFY_SECURE */
/* Define to two if your krb.h doesn't */
/* #undef KRB_VERIFY_SECURE_FAIL */
/* path to localstate */
#define LOCALSTATEDIR "/var/heimdal"
/* define if the system is missing a prototype for asnprintf() */
#define NEED_ASNPRINTF_PROTO 1
@ -1153,6 +1204,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* define if the system is missing a prototype for crypt() */
/* #undef NEED_CRYPT_PROTO */
/* define if the system is missing a prototype for daemon() */
#define NEED_DAEMON_PROTO 1
/* define if the system is missing a prototype for gethostname() */
/* #undef NEED_GETHOSTNAME_PROTO */
@ -1168,9 +1222,15 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* define if the system is missing a prototype for inet_aton() */
/* #undef NEED_INET_ATON_PROTO */
/* define if the system is missing a prototype for iruserok() */
/* #undef NEED_IRUSEROK_PROTO */
/* define if the system is missing a prototype for mkstemp() */
/* #undef NEED_MKSTEMP_PROTO */
/* define if the system is missing a prototype for SecKeyGetCSPHandle() */
/* #undef NEED_SECKEYGETCSPHANDLE_PROTO */
/* define if the system is missing a prototype for setenv() */
/* #undef NEED_SETENV_PROTO */
@ -1219,6 +1279,12 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* define if the system is missing a prototype for vsnprintf() */
/* #undef NEED_VSNPRINTF_PROTO */
/* Define if you don't wan't support for AFS. */
/* #undef NO_AFS */
/* Define to 1 if your C compiler doesn't accept -c and -o together. */
/* #undef NO_MINUS_C_MINUS_O */
/* Define if you don't want to use mmap. */
/* #undef NO_MMAP */
@ -1228,30 +1294,36 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* Define if you have the openldap package. */
/* #undef OPENLDAP */
/* Define if you want support for hdb ldap module */
/* #undef OPENLDAP_MODULE */
/* define if prototype of openlog is compatible with void openlog(const char
*, int, int) */
#define OPENLOG_PROTO_COMPATIBLE 1
/* Define if you want OTP support in applications. */
/* #undef OTP */
#define OTP 1
/* Name of package */
#define PACKAGE "heimdal"
/* Define to the address where bug reports for this package should be sent. */
#define PACKAGE_BUGREPORT "heimdal-bugs@pdc.kth.se"
#define PACKAGE_BUGREPORT "heimdal-bugs@h5l.org"
/* Define to the full name of this package. */
#define PACKAGE_NAME "Heimdal"
/* Define to the full name and version of this package. */
#define PACKAGE_STRING "Heimdal 0.6.3 (FreeBSD)"
#define PACKAGE_STRING "Heimdal 1.1"
/* Define to the one symbol short name of this package. */
#define PACKAGE_TARNAME "heimdal"
/* Define to the version of this package. */
#define PACKAGE_VERSION "0.6.3"
#define PACKAGE_VERSION "1.1"
/* Define to enable PKINIT. */
#define PKINIT 1
/* Define if getlogin has POSIX flavour (and not BSD). */
/* #undef POSIX_GETLOGIN */
@ -1265,12 +1337,21 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* Define as the return type of signal handlers (`int' or `void'). */
#define RETSIGTYPE void
/* path to sbin */
#define SBINDIR "/usr/sbin"
/* Define if you want to use samba socket wrappers. */
/* #undef SOCKET_WRAPPER_REPLACE */
/* Define to 1 if you have the ANSI C header files. */
#define STDC_HEADERS 1
/* Define if you have streams ptys. */
/* #undef STREAMSPTY */
/* path to sysconf */
#define SYSCONFDIR "/etc"
/* Define to what version of SunOS you are running. */
/* #undef SunOS */
@ -1281,7 +1362,7 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* #undef TM_IN_SYS_TIME */
/* Version number of package */
#define VERSION "0.6.3"
#define VERSION "1.1"
/* Define if signal handlers return void. */
#define VOID_RETSIGTYPE 1
@ -1290,7 +1371,7 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* #undef WORDS_BIGENDIAN */
/* Define to 1 if the X Window System is missing or not being used. */
/* #undef X_DISPLAY_MISSING */
#define X_DISPLAY_MISSING 1
/* Define to 1 if `lex' declares `yytext' as a `char *' by default, not a
`char[]'. */
@ -1311,14 +1392,16 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* Define to `int' if <sys/types.h> doesn't define. */
/* #undef gid_t */
/* Define as `__inline' if that's what the C compiler calls it, or to nothing
if it is not supported. */
/* Define to `__inline__' or `__inline' if that's what the C compiler
calls it, or to nothing if 'inline' is not supported under any name. */
#ifndef __cplusplus
/* #undef inline */
#endif
/* Define this to what the type mode_t should be. */
/* #undef mode_t */
/* Define to `long' if <sys/types.h> does not define. */
/* Define to `long int' if <sys/types.h> does not define. */
/* #undef off_t */
/* Define to `int' if <sys/types.h> does not define. */
@ -1327,45 +1410,16 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* Define this to what the type sig_atomic_t should be. */
/* #undef sig_atomic_t */
/* Define to `unsigned' if <sys/types.h> does not define. */
/* Define to `unsigned int' if <sys/types.h> does not define. */
/* #undef size_t */
/* Define to `int' if <sys/types.h> doesn't define. */
/* #undef uid_t */
#define KRB_PUT_INT(F, T, L, S) krb_put_int((F), (T), (L), (S))
#if defined(ENCRYPTION) && !defined(AUTHENTICATION)
#define AUTHENTICATION 1
#endif
/* Set this to the default system lead string for telnetd
* can contain %-escapes: %s=sysname, %m=machine, %r=os-release
* %v=os-version, %t=tty, %h=hostname, %d=date and time
*/
/* #undef USE_IM */
/* Used with login -p */
/* #undef LOGIN_ARGS */
/* set this to a sensible login */
#ifndef LOGIN_PATH
#define LOGIN_PATH BINDIR "/login"
#endif
#ifdef ROKEN_RENAME
#include "roken_rename.h"
#endif
#ifndef HAVE_KRB_KDCTIMEOFDAY
#define krb_kdctimeofday(X) gettimeofday((X), NULL)
#endif
#ifndef HAVE_KRB_GET_KDC_TIME_DIFF
#define krb_get_kdc_time_diff() (0)
#endif
#ifdef VOID_RETSIGTYPE
#define SIGRETURN(x) return
#else
@ -1373,8 +1427,7 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
#endif
#ifdef BROKEN_REALLOC
#define realloc(X, Y) isoc_realloc((X), (Y))
#define isoc_realloc(X, Y) ((X) ? realloc((X), (Y)) : malloc(Y))
#define realloc(X, Y) rk_realloc((X), (Y))
#endif
@ -1402,3 +1455,23 @@ struct sockaddr_in;
#define __STDC__ 0
#endif
#if defined(ENCRYPTION) && !defined(AUTHENTICATION)
#define AUTHENTICATION 1
#endif
/* Set this to the default system lead string for telnetd
* can contain %-escapes: %s=sysname, %m=machine, %r=os-release
* %v=os-version, %t=tty, %h=hostname, %d=date and time
*/
/* #undef USE_IM */
/* Used with login -p */
/* #undef LOGIN_ARGS */
/* set this to a sensible login */
#ifndef LOGIN_PATH
#define LOGIN_PATH BINDIR "/login"
#endif

View File

@ -2,9 +2,17 @@
#ifndef __crypto_headers_h__
#define __crypto_headers_h__
#define OPENSSL_DES_LIBDES_COMPATIBILITY
#include <openssl/evp.h>
#include <openssl/des.h>
#include <openssl/rc4.h>
#include <openssl/md2.h>
#include <openssl/md4.h>
#include <openssl/md5.h>
#include <openssl/sha.h>
#include <openssl/aes.h>
#include <openssl/ui.h>
#include <openssl/rand.h>
#include <openssl/engine.h>
#include <openssl/pkcs12.h>
#include <openssl/hmac.h>
#endif /* __crypto_headers_h__ */

View File

@ -1,6 +1,8 @@
# $FreeBSD$
SUBDIR= libasn1 libgssapi libhdb libkadm5clnt libkadm5srv \
libkafs5 libkrb5 libroken libsl libvers
SUBDIR= libasn1 libgssapi_krb5 libgssapi_ntlm libgssapi_spnego libhdb \
libheimntlm libhx509 libkadm5clnt libkadm5srv libkafs5 libkrb5 \
libroken libsl libvers
.include <bsd.subdir.mk>

View File

@ -1,5 +1,5 @@
# $FreeBSD$
SHLIB_MAJOR?= 9
SHLIB_MAJOR?= 10
.include "../Makefile.inc"

View File

@ -1,33 +1,247 @@
# $FreeBSD$
LIB= asn1
INCS= asn1_err.h krb5_asn1.h
INCS= asn1_err.h heim_asn1.h
SRCS= asn1_err.c \
asn1_err.h \
der_copy.c \
der_cmp.c \
der_free.c \
der_format.c \
der_get.c \
der_length.c \
der_put.c \
krb5_asn1.h \
extra.c \
timegm.c \
${GEN:S/.x$/.c/}
CFLAGS+=-I${KRB5DIR}/lib/asn1 -I${KRB5DIR}/lib/roken -I.
GEN= asn1_APOptions.x \
GEN_RFC2459 = \
asn1_Version.x \
asn1_id_pkcs_1.x \
asn1_id_pkcs1_rsaEncryption.x \
asn1_id_pkcs1_md2WithRSAEncryption.x \
asn1_id_pkcs1_md5WithRSAEncryption.x \
asn1_id_pkcs1_sha1WithRSAEncryption.x \
asn1_id_pkcs1_sha256WithRSAEncryption.x \
asn1_id_pkcs1_sha384WithRSAEncryption.x \
asn1_id_pkcs1_sha512WithRSAEncryption.x \
asn1_id_heim_rsa_pkcs1_x509.x \
asn1_id_pkcs_2.x \
asn1_id_pkcs2_md2.x \
asn1_id_pkcs2_md4.x \
asn1_id_pkcs2_md5.x \
asn1_id_rsa_digestAlgorithm.x \
asn1_id_rsa_digest_md2.x \
asn1_id_rsa_digest_md4.x \
asn1_id_rsa_digest_md5.x \
asn1_id_pkcs_3.x \
asn1_id_pkcs3_rc2_cbc.x \
asn1_id_pkcs3_rc4.x \
asn1_id_pkcs3_des_ede3_cbc.x \
asn1_id_rsadsi_encalg.x \
asn1_id_rsadsi_rc2_cbc.x \
asn1_id_rsadsi_des_ede3_cbc.x \
asn1_id_secsig_sha_1.x \
asn1_id_nistAlgorithm.x \
asn1_id_nist_aes_algs.x \
asn1_id_aes_128_cbc.x \
asn1_id_aes_192_cbc.x \
asn1_id_aes_256_cbc.x \
asn1_id_nist_sha_algs.x \
asn1_id_sha256.x \
asn1_id_sha224.x \
asn1_id_sha384.x \
asn1_id_sha512.x \
asn1_id_dhpublicnumber.x \
asn1_id_x9_57.x \
asn1_id_dsa.x \
asn1_id_dsa_with_sha1.x \
asn1_id_x520_at.x \
asn1_id_at_commonName.x \
asn1_id_at_surname.x \
asn1_id_at_serialNumber.x \
asn1_id_at_countryName.x \
asn1_id_at_localityName.x \
asn1_id_at_streetAddress.x \
asn1_id_at_stateOrProvinceName.x \
asn1_id_at_organizationName.x \
asn1_id_at_organizationalUnitName.x \
asn1_id_at_name.x \
asn1_id_at_givenName.x \
asn1_id_at_initials.x \
asn1_id_at_generationQualifier.x \
asn1_id_at_pseudonym.x \
asn1_id_Userid.x \
asn1_id_domainComponent.x \
asn1_id_x509_ce.x \
asn1_id_uspkicommon_card_id.x \
asn1_id_uspkicommon_piv_interim.x \
asn1_id_netscape.x \
asn1_id_netscape_cert_comment.x \
asn1_id_ms_cert_enroll_domaincontroller.x \
asn1_id_ms_client_authentication.x \
asn1_AlgorithmIdentifier.x \
asn1_AttributeType.x \
asn1_AttributeValue.x \
asn1_TeletexStringx.x \
asn1_DirectoryString.x \
asn1_Attribute.x \
asn1_AttributeTypeAndValue.x \
asn1_AuthorityInfoAccessSyntax.x \
asn1_AccessDescription.x \
asn1_RelativeDistinguishedName.x \
asn1_RDNSequence.x \
asn1_Name.x \
asn1_CertificateSerialNumber.x \
asn1_Time.x \
asn1_Validity.x \
asn1_UniqueIdentifier.x \
asn1_SubjectPublicKeyInfo.x \
asn1_Extension.x \
asn1_Extensions.x \
asn1_TBSCertificate.x \
asn1_Certificate.x \
asn1_Certificates.x \
asn1_ValidationParms.x \
asn1_DomainParameters.x \
asn1_DHPublicKey.x \
asn1_OtherName.x \
asn1_GeneralName.x \
asn1_GeneralNames.x \
asn1_id_x509_ce_keyUsage.x \
asn1_KeyUsage.x \
asn1_id_x509_ce_authorityKeyIdentifier.x \
asn1_KeyIdentifier.x \
asn1_AuthorityKeyIdentifier.x \
asn1_id_x509_ce_subjectKeyIdentifier.x \
asn1_SubjectKeyIdentifier.x \
asn1_id_x509_ce_basicConstraints.x \
asn1_BasicConstraints.x \
asn1_id_x509_ce_nameConstraints.x \
asn1_BaseDistance.x \
asn1_GeneralSubtree.x \
asn1_GeneralSubtrees.x \
asn1_NameConstraints.x \
asn1_id_x509_ce_privateKeyUsagePeriod.x \
asn1_id_x509_ce_certificatePolicies.x \
asn1_id_x509_ce_policyMappings.x \
asn1_id_x509_ce_subjectAltName.x \
asn1_id_x509_ce_issuerAltName.x \
asn1_id_x509_ce_subjectDirectoryAttributes.x \
asn1_id_x509_ce_policyConstraints.x \
asn1_id_x509_ce_extKeyUsage.x \
asn1_ExtKeyUsage.x \
asn1_id_x509_ce_cRLDistributionPoints.x \
asn1_id_x509_ce_deltaCRLIndicator.x \
asn1_id_x509_ce_issuingDistributionPoint.x \
asn1_id_x509_ce_holdInstructionCode.x \
asn1_id_x509_ce_invalidityDate.x \
asn1_id_x509_ce_certificateIssuer.x \
asn1_id_x509_ce_inhibitAnyPolicy.x \
asn1_DistributionPointReasonFlags.x \
asn1_DistributionPointName.x \
asn1_DistributionPoint.x \
asn1_CRLDistributionPoints.x \
asn1_DSASigValue.x \
asn1_DSAPublicKey.x \
asn1_DSAParams.x \
asn1_RSAPublicKey.x \
asn1_RSAPrivateKey.x \
asn1_DigestInfo.x \
asn1_TBSCRLCertList.x \
asn1_CRLCertificateList.x \
asn1_id_x509_ce_cRLNumber.x \
asn1_id_x509_ce_freshestCRL.x \
asn1_id_x509_ce_cRLReason.x \
asn1_CRLReason.x \
asn1_PKIXXmppAddr.x \
asn1_id_pkix.x \
asn1_id_pkix_on.x \
asn1_id_pkix_on_dnsSRV.x \
asn1_id_pkix_on_xmppAddr.x \
asn1_id_pkix_kp.x \
asn1_id_pkix_kp_serverAuth.x \
asn1_id_pkix_kp_clientAuth.x \
asn1_id_pkix_kp_emailProtection.x \
asn1_id_pkix_kp_timeStamping.x \
asn1_id_pkix_kp_OCSPSigning.x \
asn1_id_pkix_pe.x \
asn1_id_pkix_pe_authorityInfoAccess.x \
asn1_id_pkix_pe_proxyCertInfo.x \
asn1_id_pkix_ppl.x \
asn1_id_pkix_ppl_anyLanguage.x \
asn1_id_pkix_ppl_inheritAll.x \
asn1_id_pkix_ppl_independent.x \
asn1_ProxyPolicy.x \
asn1_ProxyCertInfo.x
GEN_CMS = \
asn1_CMSAttributes.x \
asn1_CMSCBCParameter.x \
asn1_CMSEncryptedData.x \
asn1_CMSIdentifier.x \
asn1_CMSRC2CBCParameter.x \
asn1_CMSVersion.x \
asn1_CertificateList.x \
asn1_CertificateRevocationLists.x \
asn1_CertificateSet.x \
asn1_ContentEncryptionAlgorithmIdentifier.x \
asn1_ContentInfo.x \
asn1_ContentType.x \
asn1_DigestAlgorithmIdentifier.x \
asn1_DigestAlgorithmIdentifiers.x \
asn1_EncapsulatedContentInfo.x \
asn1_EncryptedContent.x \
asn1_EncryptedContentInfo.x \
asn1_EncryptedKey.x \
asn1_EnvelopedData.x \
asn1_IssuerAndSerialNumber.x \
asn1_KeyEncryptionAlgorithmIdentifier.x \
asn1_KeyTransRecipientInfo.x \
asn1_MessageDigest.x \
asn1_OriginatorInfo.x \
asn1_RecipientIdentifier.x \
asn1_RecipientInfo.x \
asn1_RecipientInfos.x \
asn1_SignatureAlgorithmIdentifier.x \
asn1_SignatureValue.x \
asn1_SignedData.x \
asn1_SignerIdentifier.x \
asn1_SignerInfo.x \
asn1_SignerInfos.x \
asn1_id_pkcs7.x \
asn1_id_pkcs7_data.x \
asn1_id_pkcs7_digestedData.x \
asn1_id_pkcs7_encryptedData.x \
asn1_id_pkcs7_envelopedData.x \
asn1_id_pkcs7_signedAndEnvelopedData.x \
asn1_id_pkcs7_signedData.x \
asn1_UnprotectedAttributes.x
GEN_K5= asn1_AD_AND_OR.x \
asn1_AD_IF_RELEVANT.x \
asn1_AD_KDCIssued.x \
asn1_AD_MANDATORY_FOR_KDC.x \
asn1_AD_LoginAlias.x \
asn1_APOptions.x \
asn1_AP_REP.x \
asn1_AP_REQ.x \
asn1_AS_REP.x \
asn1_AS_REQ.x \
asn1_AUTHDATA_TYPE.x \
asn1_Authenticator.x \
asn1_AuthorizationData.x \
asn1_AuthorizationDataElement.x \
asn1_CKSUMTYPE.x \
asn1_Checksum.x \
asn1_ChangePasswdDataMS.x \
asn1_Checksum.x \
asn1_ENCTYPE.x \
asn1_ETYPE_INFO.x \
asn1_ETYPE_INFO2.x \
asn1_ETYPE_INFO2_ENTRY.x \
asn1_ETYPE_INFO_ENTRY.x \
asn1_EncAPRepPart.x \
asn1_EncASRepPart.x \
@ -38,6 +252,7 @@ GEN= asn1_APOptions.x \
asn1_EncTicketPart.x \
asn1_EncryptedData.x \
asn1_EncryptionKey.x \
asn1_EtypeList.x \
asn1_HostAddress.x \
asn1_HostAddresses.x \
asn1_KDCOptions.x \
@ -49,6 +264,7 @@ GEN= asn1_APOptions.x \
asn1_KRB_PRIV.x \
asn1_KRB_SAFE.x \
asn1_KRB_SAFE_BODY.x \
asn1_KerberosString.x \
asn1_KerberosTime.x \
asn1_KrbCredInfo.x \
asn1_LR_TYPE.x \
@ -58,22 +274,199 @@ GEN= asn1_APOptions.x \
asn1_NAME_TYPE.x \
asn1_PADATA_TYPE.x \
asn1_PA_DATA.x \
asn1_PA_ENC_SAM_RESPONSE_ENC.x \
asn1_PA_ENC_TS_ENC.x \
asn1_PA_PAC_REQUEST.x \
asn1_PA_S4U2Self.x \
asn1_PA_SAM_CHALLENGE_2.x \
asn1_PA_SAM_CHALLENGE_2_BODY.x \
asn1_PA_SAM_REDIRECT.x \
asn1_PA_SAM_RESPONSE_2.x \
asn1_PA_SAM_TYPE.x \
asn1_PA_ClientCanonicalized.x \
asn1_PA_ClientCanonicalizedNames.x \
asn1_PA_SvrReferralData.x \
asn1_PROV_SRV_LOCATION.x \
asn1_Principal.x \
asn1_PrincipalName.x \
asn1_Realm.x \
asn1_SAMFlags.x \
asn1_TGS_REP.x \
asn1_TGS_REQ.x \
asn1_TYPED_DATA.x \
asn1_Ticket.x \
asn1_TicketFlags.x \
asn1_TransitedEncoding.x \
asn1_UNSIGNED.x
asn1_TypedData.x \
asn1_krb5int32.x \
asn1_krb5uint32.x \
asn1_KRB5SignedPathData.x \
asn1_KRB5SignedPathPrincipals.x \
asn1_KRB5SignedPath.x
CLEANFILES= ${GEN} ${GEN:S/.x$/.c/} krb5_asn1.h asn1_files
GEN_PKINIT = \
asn1_id_pkinit.x \
asn1_id_pkauthdata.x \
asn1_id_pkdhkeydata.x \
asn1_id_pkrkeydata.x \
asn1_id_pkekuoid.x \
asn1_id_pkkdcekuoid.x \
asn1_id_pkinit_san.x \
asn1_id_pkinit_ms_eku.x \
asn1_id_pkinit_ms_san.x \
asn1_MS_UPN_SAN.x \
asn1_DHNonce.x \
asn1_KDFAlgorithmId.x \
asn1_TrustedCA.x \
asn1_ExternalPrincipalIdentifier.x \
asn1_ExternalPrincipalIdentifiers.x \
asn1_PA_PK_AS_REQ.x \
asn1_PKAuthenticator.x \
asn1_AuthPack.x \
asn1_TD_TRUSTED_CERTIFIERS.x \
asn1_TD_INVALID_CERTIFICATES.x \
asn1_KRB5PrincipalName.x \
asn1_AD_INITIAL_VERIFIED_CAS.x \
asn1_DHRepInfo.x \
asn1_PA_PK_AS_REP.x \
asn1_KDCDHKeyInfo.x \
asn1_ReplyKeyPack.x \
asn1_TD_DH_PARAMETERS.x \
asn1_PKAuthenticator_Win2k.x \
asn1_AuthPack_Win2k.x \
asn1_TrustedCA_Win2k.x \
asn1_PA_PK_AS_REQ_Win2k.x \
asn1_PA_PK_AS_REP_Win2k.x \
asn1_KDCDHKeyInfo_Win2k.x \
asn1_ReplyKeyPack_Win2k.x \
asn1_PkinitSuppPubInfo.x
.ORDER: ${GEN} krb5_asn1.h
${GEN} krb5_asn1.h: k5.asn1 ../../tools/asn1_compile/asn1_compile
../../tools/asn1_compile/asn1_compile ${.ALLSRC:M*.asn1} krb5_asn1
GEN_PKCS8 = \
asn1_PKCS8PrivateKeyAlgorithmIdentifier.x \
asn1_PKCS8PrivateKey.x \
asn1_PKCS8PrivateKeyInfo.x \
asn1_PKCS8Attributes.x \
asn1_PKCS8EncryptedPrivateKeyInfo.x \
asn1_PKCS8EncryptedData.x
GEN_PKCS9 = \
asn1_id_pkcs_9.x \
asn1_id_pkcs9_contentType.x \
asn1_id_pkcs9_emailAddress.x \
asn1_id_pkcs9_messageDigest.x \
asn1_id_pkcs9_signingTime.x \
asn1_id_pkcs9_countersignature.x \
asn1_id_pkcs_9_at_friendlyName.x \
asn1_id_pkcs_9_at_localKeyId.x \
asn1_id_pkcs_9_at_certTypes.x \
asn1_id_pkcs_9_at_certTypes_x509.x \
asn1_PKCS9_BMPString.x \
asn1_PKCS9_friendlyName.x
GEN_PKCS12 = \
asn1_id_pkcs_12.x \
asn1_id_pkcs_12PbeIds.x \
asn1_id_pbeWithSHAAnd128BitRC4.x \
asn1_id_pbeWithSHAAnd40BitRC4.x \
asn1_id_pbeWithSHAAnd3_KeyTripleDES_CBC.x \
asn1_id_pbeWithSHAAnd2_KeyTripleDES_CBC.x \
asn1_id_pbeWithSHAAnd128BitRC2_CBC.x \
asn1_id_pbewithSHAAnd40BitRC2_CBC.x \
asn1_id_pkcs12_bagtypes.x \
asn1_id_pkcs12_keyBag.x \
asn1_id_pkcs12_pkcs8ShroudedKeyBag.x \
asn1_id_pkcs12_certBag.x \
asn1_id_pkcs12_crlBag.x \
asn1_id_pkcs12_secretBag.x \
asn1_id_pkcs12_safeContentsBag.x \
asn1_PKCS12_MacData.x \
asn1_PKCS12_PFX.x \
asn1_PKCS12_AuthenticatedSafe.x \
asn1_PKCS12_CertBag.x \
asn1_PKCS12_Attribute.x \
asn1_PKCS12_Attributes.x \
asn1_PKCS12_SafeBag.x \
asn1_PKCS12_SafeContents.x \
asn1_PKCS12_OctetString.x \
asn1_PKCS12_PBEParams.x
GEN_DIGEST= asn1_DigestError.x \
asn1_DigestInit.x \
asn1_DigestInitReply.x \
asn1_DigestREP.x \
asn1_DigestREQ.x \
asn1_DigestRepInner.x \
asn1_DigestReqInner.x \
asn1_DigestRequest.x \
asn1_DigestResponse.x \
asn1_DigestTypes.x \
asn1_NTLMInit.x \
asn1_NTLMInitReply.x \
asn1_NTLMRequest.x \
asn1_NTLMResponse.x
GEN_KX509 = \
asn1_Kx509Response.x \
asn1_Kx509Request.x
GEN+= ${GEN_RFC2459}
GEN+= ${GEN_CMS}
GEN+= ${GEN_K5}
GEN+= ${GEN_PKINIT}
GEN+= ${GEN_PKCS8}
GEN+= ${GEN_PKCS9}
GEN+= ${GEN_PKCS12}
GEN+= ${GEN_DIGEST}
GEN+= ${GEN_KX509}
CLEANFILES= ${GEN} ${GEN:S/.x$/.c/} *_asn1_files
GEN_ASN1=cms_asn1.h rfc2459_asn1.h krb5_asn1.h pkinit_asn1.h
GEN_ASN1+=pkcs8_asn1.h pkcs9_asn1.h pkcs12_asn1.h digest_asn1.h kx509_asn1.h
SRCS+= ${GEN_ASN1}
INCS+= ${GEN_ASN1}
CLEANFILES+=${GEN_ASN1}
.ORDER: ${GEN} ${GEN_ASN1}
${GEN_CMS} cms_asn1.h: CMS.asn1 ../../tools/asn1_compile/asn1_compile
../../tools/asn1_compile/asn1_compile ${.ALLSRC:M*.asn1} cms_asn1
${GEN_RFC2459} rfc2459_asn1.h: rfc2459.asn1 ../../tools/asn1_compile/asn1_compile
../../tools/asn1_compile/asn1_compile \
--preserve-binary=TBSCertificate \
--preserve-binary=TBSCRLCertList \
--preserve-binary=Name \
--sequence=GeneralNames \
--sequence=Extensions \
--sequence=CRLDistributionPoints ${.ALLSRC:M*.asn1} rfc2459_asn1
${GEN_K5} krb5_asn1.h: k5.asn1 ../../tools/asn1_compile/asn1_compile
../../tools/asn1_compile/asn1_compile \
--encode-rfc1510-bit-string \
--sequence=KRB5SignedPathPrincipals \
--sequence=AuthorizationData \
--sequence=METHOD-DATA \
--sequence=ETYPE-INFO \
--sequence=ETYPE-INFO2 ${.ALLSRC:M*.asn1} krb5_asn1
${GEN_PKINIT} pkinit_asn1.h: pkinit.asn1 ../../tools/asn1_compile/asn1_compile
../../tools/asn1_compile/asn1_compile ${.ALLSRC:M*.asn1} pkinit_asn1
${GEN_PKCS8} pkcs8_asn1.h: pkcs8.asn1 ../../tools/asn1_compile/asn1_compile
../../tools/asn1_compile/asn1_compile ${.ALLSRC:M*.asn1} pkcs8_asn1
${GEN_PKCS9} pkcs9_asn1.h: pkcs9.asn1 ../../tools/asn1_compile/asn1_compile
../../tools/asn1_compile/asn1_compile ${.ALLSRC:M*.asn1} pkcs9_asn1
${GEN_PKCS12} pkcs12_asn1.h: pkcs12.asn1 ../../tools/asn1_compile/asn1_compile
../../tools/asn1_compile/asn1_compile ${.ALLSRC:M*.asn1} pkcs12_asn1
${GEN_DIGEST} digest_asn1.h: digest.asn1 ../../tools/asn1_compile/asn1_compile
../../tools/asn1_compile/asn1_compile ${.ALLSRC:M*.asn1} digest_asn1
${GEN_KX509} kx509_asn1.h: kx509.asn1 ../../tools/asn1_compile/asn1_compile
../../tools/asn1_compile/asn1_compile ${.ALLSRC:M*.asn1} kx509_asn1
../../tools/asn1_compile/asn1_compile:
cd ${.CURDIR}/../../tools/asn1_compile && ${MAKE}

View File

@ -1,58 +0,0 @@
# $FreeBSD$
LIB= gssapi_krb5
LDFLAGS= -Wl,-Bsymbolic
LDADD= -lkrb5 -lcrypto -lroken -lasn1 -lcom_err -lcrypt
DPADD= ${LIBKRB5} ${LIBCRYPTO} ${LIBROKEN} ${LIBASN1} ${LIBCOM_ERR} \
${LIBCRYPT}
SRCS= 8003.c \
accept_sec_context.c \
acquire_cred.c \
add_cred.c \
add_oid_set_member.c \
address_to_krb5addr.c \
arcfour.c \
canonicalize_name.c \
compare_name.c \
compat.c \
context_time.c \
copy_ccache.c \
create_emtpy_oid_set.c \
decapsulate.c \
delete_sec_context.c \
display_name.c \
display_status.c \
duplicate_name.c \
encapsulate.c \
export_name.c \
export_sec_context.c \
external.c \
get_mic.c \
import_name.c \
import_sec_context.c \
indicate_mechs.c \
init.c \
init_sec_context.c \
inquire_context.c \
inquire_cred.c \
inquire_cred_by_mech.c \
inquire_mechs_for_name.c \
inquire_names_for_mech.c \
process_context_token.c \
release_buffer.c \
release_cred.c \
release_name.c \
release_oid_set.c \
test_oid_set_member.c \
unwrap.c \
v1.c \
verify_mic.c \
wrap.c
CFLAGS+=-I${KRB5DIR}/lib/gssapi -I${KRB5DIR}/lib/krb5 \
-I${KRB5DIR}/lib/asn1 -I${KRB5DIR}/lib/roken -I.
.include <bsd.lib.mk>
.PATH: ${KRB5DIR}/lib/gssapi

View File

@ -0,0 +1,79 @@
# $FreeBSD$
LIB= gssapi_krb5
LDFLAGS= -Wl,-Bsymbolic
LDADD= -lkrb5 -lhx509 -lcrypto -lroken -lasn1 -lcom_err -lcrypt
DPADD= ${LIBKRB5} ${LIBHX509} ${LIBCRYPTO} ${LIBROKEN} ${LIBASN1} \
${LIBCOM_ERR} ${LIBCRYPT}
INCS= ${KRB5DIR}/lib/gssapi/gssapi/gssapi_krb5.h
INCSDIR= ${INCLUDEDIR}/gssapi
SRCS= 8003.c \
accept_sec_context.c \
acquire_cred.c \
add_cred.c \
address_to_krb5addr.c \
arcfour.c \
canonicalize_name.c \
ccache_name.c \
cfx.c \
compare_name.c \
compat.c \
context_time.c \
copy_ccache.c \
decapsulate.c \
delete_sec_context.c \
display_name.c \
display_status.c \
duplicate_name.c \
encapsulate.c \
export_name.c \
export_sec_context.c \
external.c \
get_mic.c \
gkrb5_err.c \
gkrb5_err.h \
import_name.c \
import_sec_context.c \
indicate_mechs.c \
init.c \
init_sec_context.c \
inquire_context.c \
inquire_cred.c \
inquire_cred_by_mech.c \
inquire_cred_by_oid.c \
inquire_mechs_for_name.c \
inquire_names_for_mech.c \
inquire_sec_context_by_oid.c \
prefix.c \
prf.c \
process_context_token.c \
release_buffer.c \
release_cred.c \
release_name.c \
sequence.c \
set_cred_option.c \
set_sec_context_option.c \
unwrap.c \
v1.c \
verify_mic.c \
wrap.c \
gss_krb5.c
#SRCS+= gss_add_oid_set_member.c \
# gss_create_empty_oid_set.c \
# gss_release_buffer.c \
# gss_release_oid_set.c \
# gss_test_oid_set_member.c \
# gss_utils.c
CFLAGS+=-I${KRB5DIR}/lib/gssapi
CFLAGS+=-I${KRB5DIR}/lib/gssapi/krb5
CFLAGS+=-I${KRB5DIR}/lib/krb5
CFLAGS+=-I${KRB5DIR}/lib/asn1
CFLAGS+=-I${KRB5DIR}/lib/roken -I.
.include <bsd.lib.mk>
.PATH: ${KRB5DIR}/lib/gssapi/krb5 ${.CURDIR}/../../../lib/libgssapi

View File

@ -0,0 +1,831 @@
/*-
* Copyright (c) 2005 Doug Rabson
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $FreeBSD$
*/
#include <gssapi/gssapi.h>
#include <gssapi/gssapi_krb5.h>
/* RCSID("$Id: gss_krb5.c 21889 2007-08-09 07:43:24Z lha $"); */
#include <krb5.h>
#include <roken.h>
OM_uint32
gss_krb5_copy_ccache(OM_uint32 *minor_status,
gss_cred_id_t cred,
krb5_ccache out)
{
gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;
krb5_context context;
krb5_error_code kret;
krb5_ccache id;
OM_uint32 ret;
char *str;
ret = gss_inquire_cred_by_oid(minor_status,
cred,
GSS_KRB5_COPY_CCACHE_X,
&data_set);
if (ret)
return ret;
if (data_set == GSS_C_NO_BUFFER_SET || data_set->count != 1) {
gss_release_buffer_set(minor_status, &data_set);
*minor_status = EINVAL;
return GSS_S_FAILURE;
}
kret = krb5_init_context(&context);
if (kret) {
*minor_status = kret;
gss_release_buffer_set(minor_status, &data_set);
return GSS_S_FAILURE;
}
kret = asprintf(&str, "%.*s", (int)data_set->elements[0].length,
(char *)data_set->elements[0].value);
gss_release_buffer_set(minor_status, &data_set);
if (kret == -1) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
kret = krb5_cc_resolve(context, str, &id);
free(str);
if (kret) {
*minor_status = kret;
return GSS_S_FAILURE;
}
kret = krb5_cc_copy_cache(context, id, out);
krb5_cc_close(context, id);
krb5_free_context(context);
if (kret) {
*minor_status = kret;
return GSS_S_FAILURE;
}
return ret;
}
OM_uint32
gss_krb5_import_cred(OM_uint32 *minor_status,
krb5_ccache id,
krb5_principal keytab_principal,
krb5_keytab keytab,
gss_cred_id_t *cred)
{
gss_buffer_desc buffer;
OM_uint32 major_status;
krb5_context context;
krb5_error_code ret;
krb5_storage *sp;
krb5_data data;
char *str;
*cred = GSS_C_NO_CREDENTIAL;
ret = krb5_init_context(&context);
if (ret) {
*minor_status = ret;
return GSS_S_FAILURE;
}
sp = krb5_storage_emem();
if (sp == NULL) {
*minor_status = ENOMEM;
major_status = GSS_S_FAILURE;
goto out;
}
if (id) {
ret = krb5_cc_get_full_name(context, id, &str);
if (ret == 0) {
ret = krb5_store_string(sp, str);
free(str);
}
} else
ret = krb5_store_string(sp, "");
if (ret) {
*minor_status = ret;
major_status = GSS_S_FAILURE;
goto out;
}
if (keytab_principal) {
ret = krb5_unparse_name(context, keytab_principal, &str);
if (ret == 0) {
ret = krb5_store_string(sp, str);
free(str);
}
} else
krb5_store_string(sp, "");
if (ret) {
*minor_status = ret;
major_status = GSS_S_FAILURE;
goto out;
}
if (keytab) {
ret = krb5_kt_get_full_name(context, keytab, &str);
if (ret == 0) {
ret = krb5_store_string(sp, str);
free(str);
}
} else
krb5_store_string(sp, "");
if (ret) {
*minor_status = ret;
major_status = GSS_S_FAILURE;
goto out;
}
ret = krb5_storage_to_data(sp, &data);
if (ret) {
*minor_status = ret;
major_status = GSS_S_FAILURE;
goto out;
}
buffer.value = data.data;
buffer.length = data.length;
major_status = gss_set_cred_option(minor_status,
cred,
GSS_KRB5_IMPORT_CRED_X,
&buffer);
krb5_data_free(&data);
out:
if (sp)
krb5_storage_free(sp);
krb5_free_context(context);
return major_status;
}
OM_uint32
gsskrb5_register_acceptor_identity(const char *identity)
{
gss_buffer_desc buffer;
OM_uint32 junk;
buffer.value = rk_UNCONST(identity);
buffer.length = strlen(identity);
gss_set_sec_context_option(&junk, NULL,
GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X, &buffer);
return (GSS_S_COMPLETE);
}
OM_uint32
gsskrb5_set_dns_canonicalize(int flag)
{
gss_buffer_desc buffer;
OM_uint32 junk;
char b = (flag != 0);
buffer.value = &b;
buffer.length = sizeof(b);
gss_set_sec_context_option(&junk, NULL,
GSS_KRB5_SET_DNS_CANONICALIZE_X, &buffer);
return (GSS_S_COMPLETE);
}
static krb5_error_code
set_key(krb5_keyblock *keyblock, gss_krb5_lucid_key_t *key)
{
key->type = keyblock->keytype;
key->length = keyblock->keyvalue.length;
key->data = malloc(key->length);
if (key->data == NULL && key->length != 0)
return ENOMEM;
memcpy(key->data, keyblock->keyvalue.data, key->length);
return 0;
}
static void
free_key(gss_krb5_lucid_key_t *key)
{
memset(key->data, 0, key->length);
free(key->data);
memset(key, 0, sizeof(*key));
}
OM_uint32
gss_krb5_export_lucid_sec_context(OM_uint32 *minor_status,
gss_ctx_id_t *context_handle,
OM_uint32 version,
void **rctx)
{
krb5_context context = NULL;
krb5_error_code ret;
gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;
OM_uint32 major_status;
gss_krb5_lucid_context_v1_t *ctx = NULL;
krb5_storage *sp = NULL;
uint32_t num;
if (context_handle == NULL
|| *context_handle == GSS_C_NO_CONTEXT
|| version != 1)
{
ret = EINVAL;
return GSS_S_FAILURE;
}
major_status =
gss_inquire_sec_context_by_oid (minor_status,
*context_handle,
GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X,
&data_set);
if (major_status)
return major_status;
if (data_set == GSS_C_NO_BUFFER_SET || data_set->count != 1) {
gss_release_buffer_set(minor_status, &data_set);
*minor_status = EINVAL;
return GSS_S_FAILURE;
}
ret = krb5_init_context(&context);
if (ret)
goto out;
ctx = calloc(1, sizeof(*ctx));
if (ctx == NULL) {
ret = ENOMEM;
goto out;
}
sp = krb5_storage_from_mem(data_set->elements[0].value,
data_set->elements[0].length);
if (sp == NULL) {
ret = ENOMEM;
goto out;
}
ret = krb5_ret_uint32(sp, &num);
if (ret) goto out;
if (num != 1) {
ret = EINVAL;
goto out;
}
ctx->version = 1;
/* initiator */
ret = krb5_ret_uint32(sp, &ctx->initiate);
if (ret) goto out;
/* endtime */
ret = krb5_ret_uint32(sp, &ctx->endtime);
if (ret) goto out;
/* send_seq */
ret = krb5_ret_uint32(sp, &num);
if (ret) goto out;
ctx->send_seq = ((uint64_t)num) << 32;
ret = krb5_ret_uint32(sp, &num);
if (ret) goto out;
ctx->send_seq |= num;
/* recv_seq */
ret = krb5_ret_uint32(sp, &num);
if (ret) goto out;
ctx->recv_seq = ((uint64_t)num) << 32;
ret = krb5_ret_uint32(sp, &num);
if (ret) goto out;
ctx->recv_seq |= num;
/* protocol */
ret = krb5_ret_uint32(sp, &ctx->protocol);
if (ret) goto out;
if (ctx->protocol == 0) {
krb5_keyblock key;
/* sign_alg */
ret = krb5_ret_uint32(sp, &ctx->rfc1964_kd.sign_alg);
if (ret) goto out;
/* seal_alg */
ret = krb5_ret_uint32(sp, &ctx->rfc1964_kd.seal_alg);
if (ret) goto out;
/* ctx_key */
ret = krb5_ret_keyblock(sp, &key);
if (ret) goto out;
ret = set_key(&key, &ctx->rfc1964_kd.ctx_key);
krb5_free_keyblock_contents(context, &key);
if (ret) goto out;
} else if (ctx->protocol == 1) {
krb5_keyblock key;
/* acceptor_subkey */
ret = krb5_ret_uint32(sp, &ctx->cfx_kd.have_acceptor_subkey);
if (ret) goto out;
/* ctx_key */
ret = krb5_ret_keyblock(sp, &key);
if (ret) goto out;
ret = set_key(&key, &ctx->cfx_kd.ctx_key);
krb5_free_keyblock_contents(context, &key);
if (ret) goto out;
/* acceptor_subkey */
if (ctx->cfx_kd.have_acceptor_subkey) {
ret = krb5_ret_keyblock(sp, &key);
if (ret) goto out;
ret = set_key(&key, &ctx->cfx_kd.acceptor_subkey);
krb5_free_keyblock_contents(context, &key);
if (ret) goto out;
}
} else {
ret = EINVAL;
goto out;
}
*rctx = ctx;
out:
gss_release_buffer_set(minor_status, &data_set);
if (sp)
krb5_storage_free(sp);
if (context)
krb5_free_context(context);
if (ret) {
if (ctx)
gss_krb5_free_lucid_sec_context(NULL, ctx);
*minor_status = ret;
return GSS_S_FAILURE;
}
*minor_status = 0;
return GSS_S_COMPLETE;
}
OM_uint32
gss_krb5_free_lucid_sec_context(OM_uint32 *minor_status, void *c)
{
gss_krb5_lucid_context_v1_t *ctx = c;
if (ctx->version != 1) {
if (minor_status)
*minor_status = 0;
return GSS_S_FAILURE;
}
if (ctx->protocol == 0) {
free_key(&ctx->rfc1964_kd.ctx_key);
} else if (ctx->protocol == 1) {
free_key(&ctx->cfx_kd.ctx_key);
if (ctx->cfx_kd.have_acceptor_subkey)
free_key(&ctx->cfx_kd.acceptor_subkey);
}
free(ctx);
if (minor_status)
*minor_status = 0;
return GSS_S_COMPLETE;
}
/*
*
*/
OM_uint32
gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status,
gss_cred_id_t cred,
OM_uint32 num_enctypes,
int32_t *enctypes)
{
krb5_error_code ret;
OM_uint32 maj_status;
gss_buffer_desc buffer;
krb5_storage *sp;
krb5_data data;
int i;
sp = krb5_storage_emem();
if (sp == NULL) {
*minor_status = ENOMEM;
maj_status = GSS_S_FAILURE;
goto out;
}
for (i = 0; i < num_enctypes; i++) {
ret = krb5_store_int32(sp, enctypes[i]);
if (ret) {
*minor_status = ret;
maj_status = GSS_S_FAILURE;
goto out;
}
}
ret = krb5_storage_to_data(sp, &data);
if (ret) {
*minor_status = ret;
maj_status = GSS_S_FAILURE;
goto out;
}
buffer.value = data.data;
buffer.length = data.length;
maj_status = gss_set_cred_option(minor_status,
&cred,
GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X,
&buffer);
krb5_data_free(&data);
out:
if (sp)
krb5_storage_free(sp);
return maj_status;
}
/*
*
*/
OM_uint32
gsskrb5_set_send_to_kdc(struct gsskrb5_send_to_kdc *c)
{
gss_buffer_desc buffer;
OM_uint32 junk;
if (c) {
buffer.value = c;
buffer.length = sizeof(*c);
} else {
buffer.value = NULL;
buffer.length = 0;
}
gss_set_sec_context_option(&junk, NULL,
GSS_KRB5_SEND_TO_KDC_X, &buffer);
return (GSS_S_COMPLETE);
}
/*
*
*/
OM_uint32
gss_krb5_ccache_name(OM_uint32 *minor_status,
const char *name,
const char **out_name)
{
gss_buffer_desc buffer;
OM_uint32 junk;
if (out_name)
*out_name = NULL;
buffer.value = rk_UNCONST(name);
buffer.length = strlen(name);
gss_set_sec_context_option(&junk, NULL,
GSS_KRB5_CCACHE_NAME_X, &buffer);
return (GSS_S_COMPLETE);
}
/*
*
*/
OM_uint32
gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status,
gss_ctx_id_t context_handle,
time_t *authtime)
{
gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;
OM_uint32 maj_stat;
if (context_handle == GSS_C_NO_CONTEXT) {
*minor_status = EINVAL;
return GSS_S_FAILURE;
}
maj_stat =
gss_inquire_sec_context_by_oid (minor_status,
context_handle,
GSS_KRB5_GET_AUTHTIME_X,
&data_set);
if (maj_stat)
return maj_stat;
if (data_set == GSS_C_NO_BUFFER_SET) {
gss_release_buffer_set(minor_status, &data_set);
*minor_status = EINVAL;
return GSS_S_FAILURE;
}
if (data_set->count != 1) {
gss_release_buffer_set(minor_status, &data_set);
*minor_status = EINVAL;
return GSS_S_FAILURE;
}
if (data_set->elements[0].length != 4) {
gss_release_buffer_set(minor_status, &data_set);
*minor_status = EINVAL;
return GSS_S_FAILURE;
}
{
unsigned char *buf = data_set->elements[0].value;
*authtime = (buf[3] <<24) | (buf[2] << 16) |
(buf[1] << 8) | (buf[0] << 0);
}
gss_release_buffer_set(minor_status, &data_set);
*minor_status = 0;
return GSS_S_COMPLETE;
}
/*
*
*/
OM_uint32
gsskrb5_extract_authz_data_from_sec_context(OM_uint32 *minor_status,
gss_ctx_id_t context_handle,
int ad_type,
gss_buffer_t ad_data)
{
gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;
OM_uint32 maj_stat;
gss_OID_desc oid_flat;
heim_oid baseoid, oid;
size_t size;
if (context_handle == GSS_C_NO_CONTEXT) {
*minor_status = EINVAL;
return GSS_S_FAILURE;
}
/* All this to append an integer to an oid... */
if (der_get_oid(GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X->elements,
GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X->length,
&baseoid, NULL) != 0) {
*minor_status = EINVAL;
return GSS_S_FAILURE;
}
oid.length = baseoid.length + 1;
oid.components = calloc(oid.length, sizeof(*oid.components));
if (oid.components == NULL) {
der_free_oid(&baseoid);
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
memcpy(oid.components, baseoid.components,
baseoid.length * sizeof(*baseoid.components));
der_free_oid(&baseoid);
oid.components[oid.length - 1] = ad_type;
oid_flat.length = der_length_oid(&oid);
oid_flat.elements = malloc(oid_flat.length);
if (oid_flat.elements == NULL) {
free(oid.components);
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
if (der_put_oid((unsigned char *)oid_flat.elements + oid_flat.length - 1,
oid_flat.length, &oid, &size) != 0) {
free(oid.components);
free(oid_flat.elements);
*minor_status = EINVAL;
return GSS_S_FAILURE;
}
if (oid_flat.length != size)
abort();
free(oid.components);
/* FINALLY, we have the OID */
maj_stat = gss_inquire_sec_context_by_oid (minor_status,
context_handle,
&oid_flat,
&data_set);
free(oid_flat.elements);
if (maj_stat)
return maj_stat;
if (data_set == GSS_C_NO_BUFFER_SET || data_set->count != 1) {
gss_release_buffer_set(minor_status, &data_set);
*minor_status = EINVAL;
return GSS_S_FAILURE;
}
ad_data->value = malloc(data_set->elements[0].length);
if (ad_data->value == NULL) {
gss_release_buffer_set(minor_status, &data_set);
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
ad_data->length = data_set->elements[0].length;
memcpy(ad_data->value, data_set->elements[0].value, ad_data->length);
gss_release_buffer_set(minor_status, &data_set);
*minor_status = 0;
return GSS_S_COMPLETE;
}
/*
*
*/
static OM_uint32
gsskrb5_extract_key(OM_uint32 *minor_status,
gss_ctx_id_t context_handle,
const gss_OID oid,
krb5_keyblock **keyblock)
{
krb5_error_code ret;
gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;
OM_uint32 major_status;
krb5_context context = NULL;
krb5_storage *sp = NULL;
if (context_handle == GSS_C_NO_CONTEXT) {
ret = EINVAL;
return GSS_S_FAILURE;
}
ret = krb5_init_context(&context);
if(ret) {
*minor_status = ret;
return GSS_S_FAILURE;
}
major_status =
gss_inquire_sec_context_by_oid (minor_status,
context_handle,
oid,
&data_set);
if (major_status)
return major_status;
if (data_set == GSS_C_NO_BUFFER_SET || data_set->count != 1) {
gss_release_buffer_set(minor_status, &data_set);
*minor_status = EINVAL;
return GSS_S_FAILURE;
}
sp = krb5_storage_from_mem(data_set->elements[0].value,
data_set->elements[0].length);
if (sp == NULL) {
ret = ENOMEM;
goto out;
}
*keyblock = calloc(1, sizeof(**keyblock));
if (keyblock == NULL) {
ret = ENOMEM;
goto out;
}
ret = krb5_ret_keyblock(sp, *keyblock);
out:
gss_release_buffer_set(minor_status, &data_set);
if (sp)
krb5_storage_free(sp);
if (ret && keyblock) {
krb5_free_keyblock(context, *keyblock);
*keyblock = NULL;
}
if (context)
krb5_free_context(context);
*minor_status = ret;
if (ret)
return GSS_S_FAILURE;
return GSS_S_COMPLETE;
}
/*
*
*/
OM_uint32
gsskrb5_extract_service_keyblock(OM_uint32 *minor_status,
gss_ctx_id_t context_handle,
krb5_keyblock **keyblock)
{
return gsskrb5_extract_key(minor_status,
context_handle,
GSS_KRB5_GET_SERVICE_KEYBLOCK_X,
keyblock);
}
OM_uint32
gsskrb5_get_initiator_subkey(OM_uint32 *minor_status,
gss_ctx_id_t context_handle,
krb5_keyblock **keyblock)
{
return gsskrb5_extract_key(minor_status,
context_handle,
GSS_KRB5_GET_INITIATOR_SUBKEY_X,
keyblock);
}
OM_uint32
gsskrb5_get_subkey(OM_uint32 *minor_status,
gss_ctx_id_t context_handle,
krb5_keyblock **keyblock)
{
return gsskrb5_extract_key(minor_status,
context_handle,
GSS_KRB5_GET_SUBKEY_X,
keyblock);
}
OM_uint32
gsskrb5_set_default_realm(const char *realm)
{
gss_buffer_desc buffer;
OM_uint32 junk;
buffer.value = rk_UNCONST(realm);
buffer.length = strlen(realm);
gss_set_sec_context_option(&junk, NULL,
GSS_KRB5_SET_DEFAULT_REALM_X, &buffer);
return (GSS_S_COMPLETE);
}
OM_uint32
gss_krb5_get_tkt_flags(OM_uint32 *minor_status,
gss_ctx_id_t context_handle,
OM_uint32 *tkt_flags)
{
OM_uint32 major_status;
gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;
if (context_handle == GSS_C_NO_CONTEXT) {
*minor_status = EINVAL;
return GSS_S_FAILURE;
}
major_status =
gss_inquire_sec_context_by_oid (minor_status,
context_handle,
GSS_KRB5_GET_TKT_FLAGS_X,
&data_set);
if (major_status)
return major_status;
if (data_set == GSS_C_NO_BUFFER_SET ||
data_set->count != 1 ||
data_set->elements[0].length < 4) {
gss_release_buffer_set(minor_status, &data_set);
*minor_status = EINVAL;
return GSS_S_FAILURE;
}
{
const u_char *p = data_set->elements[0].value;
*tkt_flags = (p[0] << 0) | (p[1] << 8) | (p[2] << 16) | (p[3] << 24);
}
gss_release_buffer_set(minor_status, &data_set);
return GSS_S_COMPLETE;
}

View File

@ -1,27 +1,20 @@
/*
* Copyright (c) 1997 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
/*-
* Copyright (c) 2008 Doug Rabson
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
@ -29,10 +22,12 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $FreeBSD$
*/
/* $Id: gen.h,v 1.4 1999/12/02 17:05:02 joda Exp $ */
#include <stdio.h>
#include "symbol.h"
const char *
_gss_name_prefix(void)
{
return "_gsskrb5";
}

View File

@ -0,0 +1,44 @@
# $FreeBSD$
LIB= gssapi_ntlm
LDFLAGS= -Wl,-Bsymbolic
LDADD= -lkrb5 -lhx509 -lheimntlm -lroken
DPADD= ${LIBKRB5} ${LIBHX509} ${LIBHEIMNTLM} ${LIBROKEN}
SRCS= accept_sec_context.c \
acquire_cred.c \
add_cred.c \
canonicalize_name.c \
compare_name.c \
context_time.c \
crypto.c \
delete_sec_context.c \
display_name.c \
display_status.c \
duplicate_name.c \
export_name.c \
export_sec_context.c \
external.c \
ntlm.h \
ntlm-private.h \
import_name.c \
import_sec_context.c \
indicate_mechs.c \
init_sec_context.c \
inquire_context.c \
inquire_cred.c \
inquire_cred_by_mech.c \
inquire_mechs_for_name.c \
inquire_names_for_mech.c \
prefix.c \
process_context_token.c \
release_cred.c \
release_name.c \
digest.c
CFLAGS+=-I${KRB5DIR}/lib/gssapi
CFLAGS+=-I${KRB5DIR}/lib/ntlm
.include <bsd.lib.mk>
.PATH: ${KRB5DIR}/lib/gssapi/ntlm ${.CURDIR}/../../../lib/libgssapi

View File

@ -1,27 +1,20 @@
/*
* Copyright (c) 1998 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
/*-
* Copyright (c) 2008 Doug Rabson
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
@ -29,12 +22,12 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $FreeBSD$
*/
#include "kuser_locl.h"
RCSID("$Id: kinit_options.c,v 1.2 1999/12/02 17:05:01 joda Exp $");
#ifdef KRB4
int do_afslog = 0;
int get_v4_tgt = 0;
#endif
const char *
_gss_name_prefix(void)
{
return "_gss_ntlm";
}

View File

@ -0,0 +1,48 @@
# $FreeBSD$
LIB= gssapi_spnego
LDFLAGS= -Wl,-Bsymbolic
LDADD= -lasn1
DPADD= ${LIBASN1}
SRCS= accept_sec_context.c \
compat.c \
context_stubs.c \
cred_stubs.c \
external.c \
init_sec_context.c \
prefix.c \
spnego_asn1.h \
${GEN:S/.x$/.c/}
GEN= asn1_ContextFlags.x \
asn1_MechType.x \
asn1_MechTypeList.x \
asn1_NegotiationToken.x \
asn1_NegotiationTokenWin.x \
asn1_NegHints.x \
asn1_NegTokenInit.x \
asn1_NegTokenInitWin.x \
asn1_NegTokenResp.x
CFLAGS+=-I${KRB5DIR}/lib/gssapi
CFLAGS+=-I${KRB5DIR}/lib/asn1
CFLAGS+=-I${KRB5DIR}/lib/roken -I.
CLEANFILES= ${GEN} ${GEN:S/.x$/.c/} spnego_asn1.h asn1_files
.ORDER: ${GEN} spnego_asn1.h
${GEN} spnego_asn1.h: spnego.asn1 ../../tools/asn1_compile/asn1_compile
../../tools/asn1_compile/asn1_compile --sequence=MechTypeList ${.ALLSRC:M*.asn1} spnego_asn1
../../tools/asn1_compile/asn1_compile:
cd ${.CURDIR}/../../tools/asn1_compile && ${MAKE}
.for I in ${GEN}
${I:R}.c: ${I}
cat ${.ALLSRC} > ${.TARGET}
.endfor
.include <bsd.lib.mk>
.PATH: ${KRB5DIR}/lib/gssapi/spnego ${.CURDIR}/../../../lib/libgssapi

View File

@ -1,27 +1,20 @@
/*
* Copyright (c) 1998 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
/*-
* Copyright (c) 2008 Doug Rabson
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
@ -29,12 +22,24 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $FreeBSD$
*/
#include "kuser_locl.h"
RCSID("$Id: kauth_options.c,v 1.2 1999/12/02 17:05:00 joda Exp $");
#include <gssapi/gssapi.h>
#ifdef KRB4
int do_afslog = 1;
int get_v4_tgt = 1;
#endif
static gss_OID_desc gss_c_peer_has_updated_spnego_oid_desc =
{9, (void *)"\x2b\x06\x01\x04\x01\xa9\x4a\x13\x05"};
gss_OID GSS_C_PEER_HAS_UPDATED_SPNEGO = &gss_c_peer_has_updated_spnego_oid_desc;
static gss_OID_desc gss_krb5_mechanism_oid_desc =
{9, (void *) "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"};
gss_OID GSS_KRB5_MECHANISM = &gss_krb5_mechanism_oid_desc;
const char *
_gss_name_prefix(void)
{
return "_gss_spnego";
}

View File

@ -11,11 +11,14 @@ INCS= hdb-private.h \
SRCS= common.c \
db.c \
db3.c \
dbinfo.c \
ext.c \
hdb-ldap.c \
hdb.c \
hdb_asn1.h \
hdb_err.c \
hdb_err.h \
keys.c \
keytab.c \
mkey.c \
ndbm.c \
@ -24,13 +27,23 @@ SRCS= common.c \
CFLAGS+=-I${KRB5DIR}/lib/hdb -I${KRB5DIR}/lib/asn1 \
-I${KRB5DIR}/lib/roken -I. ${LDAPCFLAGS}
CFLAGS+=-DHDB_DB_DIR="\"/var/heimdal\""
GEN= asn1_Event.x \
asn1_GENERATION.x \
asn1_HDBFlags.x \
GEN= asn1_Salt.x \
asn1_Key.x \
asn1_Salt.x \
asn1_hdb_entry.x
asn1_Event.x \
asn1_HDBFlags.x \
asn1_GENERATION.x \
asn1_HDB_Ext_PKINIT_acl.x \
asn1_HDB_Ext_PKINIT_hash.x \
asn1_HDB_Ext_Constrained_delegation_acl.x \
asn1_HDB_Ext_Lan_Manager_OWF.x \
asn1_HDB_Ext_Password.x \
asn1_HDB_Ext_Aliases.x \
asn1_HDB_extension.x \
asn1_HDB_extensions.x \
asn1_hdb_entry.x \
asn1_hdb_entry_alias.x
CLEANFILES= ${GEN} ${GEN:S/.x$/.c/} hdb_asn1.h asn1_files

View File

@ -0,0 +1,11 @@
# $FreeBSD$
LIB= heimntlm
SRCS= ntlm.c
INCS= heimntlm.h heimntlm-protos.h
CFLAGS+=-I${KRB5DIR}/lib/ntlm
VERSION_MAP= ${KRB5DIR}/lib/ntlm/version-script.map
.include <bsd.lib.mk>
.PATH: ${KRB5DIR}/lib/ntlm

View File

@ -0,0 +1,103 @@
# $FreeBSD$
LIB= hx509
VERSION_MAP= ${KRB5DIR}/lib/hx509/version-script.map
INCS= hx509-private.h \
hx509-protos.h \
hx509.h \
hx509_err.h
SRCS= ca.c \
cert.c \
cms.c \
collector.c \
crypto.c \
doxygen.c \
error.c \
env.c \
file.c \
hx509-private.h \
hx509-protos.h \
hx509.h \
hx_locl.h \
keyset.c \
ks_dir.c \
ks_file.c \
ks_mem.c \
ks_null.c \
ks_p11.c \
ks_p12.c \
ks_keychain.c \
lock.c \
name.c \
peer.c \
print.c \
softp11.c \
ref/pkcs11.h \
req.c \
revoke.c
SRCS+= hx509_err.c \
hx509_err.h
SRCS+= ${GEN:S/.x$/.c/}
CFLAGS+=-I${KRB5DIR}/lib/hx509
CFLAGS+=-I${KRB5DIR}/lib/hx509/ref
CFLAGS+=-I${KRB5DIR}/lib/asn1
CFLAGS+=-I${KRB5DIR}/lib/roken -I.
GEN_OCSP= \
asn1_OCSPBasicOCSPResponse.x \
asn1_OCSPCertID.x \
asn1_OCSPCertStatus.x \
asn1_OCSPInnerRequest.x \
asn1_OCSPKeyHash.x \
asn1_OCSPRequest.x \
asn1_OCSPResponderID.x \
asn1_OCSPResponse.x \
asn1_OCSPResponseBytes.x \
asn1_OCSPResponseData.x \
asn1_OCSPResponseStatus.x \
asn1_OCSPSignature.x \
asn1_OCSPSingleResponse.x \
asn1_OCSPTBSRequest.x \
asn1_OCSPVersion.x \
asn1_id_pkix_ocsp.x \
asn1_id_pkix_ocsp_basic.x \
asn1_id_pkix_ocsp_nonce.x
GEN_PKCS10= \
asn1_CertificationRequestInfo.x \
asn1_CertificationRequest.x
GEN+= ${GEN_OCSP}
GEN+= ${GEN_PKCS10}
CLEANFILES= ${GEN} ${GEN:S/.x$/.c/} asn1_files
GEN_ASN1=ocsp_asn1.h pkcs10_asn1.h
CLEANFILES+=${GEN_ASN1}
SRCS+=${GEN_ASN1}
INCS+=${GEN_ASN1}
.ORDER: ${GEN} ${GEN_ASN1}
${GEN_OCSP} ocsp_asn1.h: ocsp.asn1 ../../tools/asn1_compile/asn1_compile
../../tools/asn1_compile/asn1_compile --preserve-binary=OCSPTBSRequest --preserve-binary=OCSPResponseData ${.ALLSRC:M*.asn1} ocsp_asn1
${GEN_PKCS10} pkcs10_asn1.h: pkcs10.asn1 ../../tools/asn1_compile/asn1_compile
../../tools/asn1_compile/asn1_compile ${.ALLSRC:M*.asn1} pkcs10_asn1
../../tools/asn1_compile/asn1_compile:
cd ${.CURDIR}/../../tools/asn1_compile && ${MAKE}
.for I in ${GEN}
${I:R}.c: ${I}
cat ${.ALLSRC} > ${.TARGET}
.endfor
.include <bsd.lib.mk>
.PATH: ${KRB5DIR}/lib/hx509 ${KRB5DIR}/lib/asn1

View File

@ -10,7 +10,8 @@ INCS= admin.h \
INCSDIR=${INCLUDEDIR}/kadm5
SRCS= chpass_c.c \
SRCS= ad.c \
chpass_c.c \
client_glue.c \
common_glue.c \
create_c.c \

View File

@ -1,6 +1,7 @@
# $FreeBSD$
LIB= kadm5srv
VERSION_MAP= ${KRB5DIR}/lib/kadm5/version-script.map
SRCS= acl.c \
bump_pw_expire.c \

Some files were not shown because too many files have changed in this diff Show More