1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

r24614: Merge with current lorikeet-heimdal. This brings us one step closer

to an alpha release.

Andrew Bartlett
This commit is contained in:
Andrew Bartlett 2007-08-22 06:46:34 +00:00 committed by Gerald (Jerry) Carter
parent 48fd288957
commit 30e02747d5
58 changed files with 1168 additions and 809 deletions

View File

@ -36,7 +36,7 @@
#include <getarg.h> #include <getarg.h>
#include <parse_bytes.h> #include <parse_bytes.h>
RCSID("$Id: default_config.c 21296 2007-06-25 14:49:11Z lha $"); RCSID("$Id: default_config.c 21405 2007-07-04 10:35:45Z lha $");
krb5_error_code krb5_error_code
krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config) krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)

View File

@ -34,7 +34,7 @@
#include "kdc_locl.h" #include "kdc_locl.h"
#include <hex.h> #include <hex.h>
RCSID("$Id: digest.c 21241 2007-06-20 11:30:19Z lha $"); RCSID("$Id: digest.c 21606 2007-07-17 07:03:25Z lha $");
#define MS_CHAP_V2 0x20 #define MS_CHAP_V2 0x20
#define CHAP_MD5 0x10 #define CHAP_MD5 0x10
@ -975,7 +975,7 @@ _kdc_do_digest(krb5_context context,
} }
kdc_log(context, config, 0, "Digest %s request successful %s", kdc_log(context, config, 0, "Digest %s request successful %s",
ireq.u.digestRequest.type, from); ireq.u.digestRequest.type, ireq.u.digestRequest.username);
break; break;
} }
@ -1227,7 +1227,7 @@ _kdc_do_digest(krb5_context context,
version = 1; version = 1;
if (flags & NTLM_NEG_NTLM2_SESSION) { if (flags & NTLM_NEG_NTLM2_SESSION) {
char sessionhash[MD5_DIGEST_LENGTH]; unsigned char sessionhash[MD5_DIGEST_LENGTH];
MD5_CTX md5ctx; MD5_CTX md5ctx;
if ((config->digests_allowed & NTLM_V1_SESSION) == 0) { if ((config->digests_allowed & NTLM_V1_SESSION) == 0) {
@ -1331,10 +1331,24 @@ _kdc_do_digest(krb5_context context,
version, ireq.u.ntlmRequest.username); version, ireq.u.ntlmRequest.username);
break; break;
} }
default: default: {
char *s;
krb5_set_error_string(context, "unknown operation to digest");
ret = EINVAL;
failed: failed:
s = krb5_get_error_message(context, ret);
if (s == NULL) {
krb5_clear_error_string(context);
goto out;
}
kdc_log(context, config, 0, "Digest failed with: %s", s);
r.element = choice_DigestRepInner_error; r.element = choice_DigestRepInner_error;
r.u.error.reason = strdup("unknown/failed operation"); r.u.error.reason = strdup("unknown error");
krb5_free_error_string(context, s);
if (r.u.error.reason == NULL) { if (r.u.error.reason == NULL) {
krb5_set_error_string(context, "out of memory"); krb5_set_error_string(context, "out of memory");
ret = ENOMEM; ret = ENOMEM;
@ -1343,6 +1357,7 @@ _kdc_do_digest(krb5_context context,
r.u.error.code = EINVAL; r.u.error.code = EINVAL;
break; break;
} }
}
ASN1_MALLOC_ENCODE(DigestRepInner, buf.data, buf.length, &r, &size, ret); ASN1_MALLOC_ENCODE(DigestRepInner, buf.data, buf.length, &r, &size, ret);
if (ret) { if (ret) {

View File

@ -33,7 +33,7 @@
#include "kdc_locl.h" #include "kdc_locl.h"
RCSID("$Id: kaserver.c 17904 2006-08-23 11:45:16Z lha $"); RCSID("$Id: kaserver.c 21661 2007-07-22 01:57:17Z lha $");
#include <krb5-v4compat.h> #include <krb5-v4compat.h>
#include <rx.h> #include <rx.h>
@ -191,19 +191,28 @@ init_reply_header (struct rx_header *hdr,
reply_hdr->serviceid = hdr->serviceid; reply_hdr->serviceid = hdr->serviceid;
} }
/*
* Create an error `reply´ using for the packet `hdr' with the error
* `error´ code.
*/
static void static void
make_error_reply (struct rx_header *hdr, make_error_reply (struct rx_header *hdr,
uint32_t ret, uint32_t error,
krb5_data *reply) krb5_data *reply)
{ {
krb5_storage *sp;
struct rx_header reply_hdr; struct rx_header reply_hdr;
krb5_error_code ret;
krb5_storage *sp;
init_reply_header (hdr, &reply_hdr, HT_ABORT, HF_LAST); init_reply_header (hdr, &reply_hdr, HT_ABORT, HF_LAST);
sp = krb5_storage_emem(); sp = krb5_storage_emem();
if (sp == NULL)
return;
ret = encode_rx_header (&reply_hdr, sp); ret = encode_rx_header (&reply_hdr, sp);
krb5_store_int32(sp, ret); if (ret)
return;
krb5_store_int32(sp, error);
krb5_storage_to_data (sp, reply); krb5_storage_to_data (sp, reply);
krb5_storage_free (sp); krb5_storage_free (sp);
} }

View File

@ -35,7 +35,7 @@
#include <krb5-v4compat.h> #include <krb5-v4compat.h>
RCSID("$Id: kerberos4.c 18349 2006-10-08 13:43:52Z lha $"); RCSID("$Id: kerberos4.c 21577 2007-07-16 08:14:06Z lha $");
#ifndef swap32 #ifndef swap32
static uint32_t static uint32_t
@ -151,7 +151,8 @@ _kdc_do_version4(krb5_context context,
if(!config->enable_v4) { if(!config->enable_v4) {
kdc_log(context, config, 0, kdc_log(context, config, 0,
"Rejected version 4 request from %s", from); "Rejected version 4 request from %s", from);
make_err_reply(context, reply, KDC_GEN_ERR, "function not enabled"); make_err_reply(context, reply, KRB4ET_KDC_GEN_ERR,
"Function not enabled");
return 0; return 0;
} }
@ -160,7 +161,7 @@ _kdc_do_version4(krb5_context context,
if(pvno != 4){ if(pvno != 4){
kdc_log(context, config, 0, kdc_log(context, config, 0,
"Protocol version mismatch (krb4) (%d)", pvno); "Protocol version mismatch (krb4) (%d)", pvno);
make_err_reply(context, reply, KDC_PKT_VER, "protocol mismatch"); make_err_reply(context, reply, KRB4ET_KDC_PKT_VER, "protocol mismatch");
goto out; goto out;
} }
RCHECK(krb5_ret_int8(sp, &msg_type), out); RCHECK(krb5_ret_int8(sp, &msg_type), out);
@ -196,7 +197,7 @@ _kdc_do_version4(krb5_context context,
if(ret) { if(ret) {
kdc_log(context, config, 0, "Client not found in database: %s: %s", kdc_log(context, config, 0, "Client not found in database: %s: %s",
client_name, krb5_get_err_text(context, ret)); client_name, krb5_get_err_text(context, ret));
make_err_reply(context, reply, KERB_ERR_PRINCIPAL_UNKNOWN, make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN,
"principal unknown"); "principal unknown");
goto out1; goto out1;
} }
@ -205,7 +206,7 @@ _kdc_do_version4(krb5_context context,
if(ret){ if(ret){
kdc_log(context, config, 0, "Server not found in database: %s: %s", kdc_log(context, config, 0, "Server not found in database: %s: %s",
server_name, krb5_get_err_text(context, ret)); server_name, krb5_get_err_text(context, ret));
make_err_reply(context, reply, KERB_ERR_PRINCIPAL_UNKNOWN, make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN,
"principal unknown"); "principal unknown");
goto out1; goto out1;
} }
@ -216,7 +217,7 @@ _kdc_do_version4(krb5_context context,
TRUE); TRUE);
if (ret) { if (ret) {
/* good error code? */ /* good error code? */
make_err_reply(context, reply, KERB_ERR_NAME_EXP, make_err_reply(context, reply, KRB4ET_KDC_NAME_EXP,
"operation not allowed"); "operation not allowed");
goto out1; goto out1;
} }
@ -227,7 +228,7 @@ _kdc_do_version4(krb5_context context,
kdc_log(context, config, 0, kdc_log(context, config, 0,
"Per principal Kerberos 4 flag not turned on for %s", "Per principal Kerberos 4 flag not turned on for %s",
client_name); client_name);
make_err_reply(context, reply, KERB_ERR_NULL_KEY, make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY,
"allow kerberos4 flag required"); "allow kerberos4 flag required");
goto out1; goto out1;
} }
@ -244,7 +245,7 @@ _kdc_do_version4(krb5_context context,
"Pre-authentication required for v4-request: " "Pre-authentication required for v4-request: "
"%s for %s", "%s for %s",
client_name, server_name); client_name, server_name);
make_err_reply(context, reply, KERB_ERR_NULL_KEY, make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY,
"preauth required"); "preauth required");
goto out1; goto out1;
} }
@ -252,7 +253,7 @@ _kdc_do_version4(krb5_context context,
ret = _kdc_get_des_key(context, client, FALSE, FALSE, &ckey); ret = _kdc_get_des_key(context, client, FALSE, FALSE, &ckey);
if(ret){ if(ret){
kdc_log(context, config, 0, "no suitable DES key for client"); kdc_log(context, config, 0, "no suitable DES key for client");
make_err_reply(context, reply, KDC_NULL_KEY, make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY,
"no suitable DES key for client"); "no suitable DES key for client");
goto out1; goto out1;
} }
@ -265,7 +266,7 @@ _kdc_do_version4(krb5_context context,
if(ret){ if(ret){
kdc_log(context, config, 0, "No version-4 salted key in database -- %s.%s@%s", kdc_log(context, config, 0, "No version-4 salted key in database -- %s.%s@%s",
name, inst, realm); name, inst, realm);
make_err_reply(context, reply, KDC_NULL_KEY, make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY,
"No version-4 salted key in database"); "No version-4 salted key in database");
goto out1; goto out1;
} }
@ -274,8 +275,7 @@ _kdc_do_version4(krb5_context context,
ret = _kdc_get_des_key(context, server, TRUE, FALSE, &skey); ret = _kdc_get_des_key(context, server, TRUE, FALSE, &skey);
if(ret){ if(ret){
kdc_log(context, config, 0, "no suitable DES key for server"); kdc_log(context, config, 0, "no suitable DES key for server");
/* XXX */ make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY,
make_err_reply(context, reply, KDC_NULL_KEY,
"no suitable DES key for server"); "no suitable DES key for server");
goto out1; goto out1;
} }
@ -400,7 +400,7 @@ _kdc_do_version4(krb5_context context,
"tgs-req (krb4) with old kvno %d (current %d) for " "tgs-req (krb4) with old kvno %d (current %d) for "
"krbtgt.%s@%s", kvno, tgt->entry.kvno % 256, "krbtgt.%s@%s", kvno, tgt->entry.kvno % 256,
realm, config->v4_realm); realm, config->v4_realm);
make_err_reply(context, reply, KDC_AUTH_EXP, make_err_reply(context, reply, KRB4ET_KDC_AUTH_EXP,
"old krbtgt kvno used"); "old krbtgt kvno used");
goto out2; goto out2;
} }
@ -409,8 +409,7 @@ _kdc_do_version4(krb5_context context,
if(ret){ if(ret){
kdc_log(context, config, 0, kdc_log(context, config, 0,
"no suitable DES key for krbtgt (krb4)"); "no suitable DES key for krbtgt (krb4)");
/* XXX */ make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY,
make_err_reply(context, reply, KDC_NULL_KEY,
"no suitable DES key for krbtgt"); "no suitable DES key for krbtgt");
goto out2; goto out2;
} }
@ -456,7 +455,7 @@ _kdc_do_version4(krb5_context context,
if(strcmp(ad.prealm, realm)){ if(strcmp(ad.prealm, realm)){
kdc_log(context, config, 0, kdc_log(context, config, 0,
"Can't hop realms (krb4) %s -> %s", realm, ad.prealm); "Can't hop realms (krb4) %s -> %s", realm, ad.prealm);
make_err_reply(context, reply, KERB_ERR_PRINCIPAL_UNKNOWN, make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN,
"Can't hop realms"); "Can't hop realms");
goto out2; goto out2;
} }
@ -465,7 +464,7 @@ _kdc_do_version4(krb5_context context,
kdc_log(context, config, 0, kdc_log(context, config, 0,
"krb4 Cross-realm %s -> %s disabled", "krb4 Cross-realm %s -> %s disabled",
realm, config->v4_realm); realm, config->v4_realm);
make_err_reply(context, reply, KERB_ERR_PRINCIPAL_UNKNOWN, make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN,
"Can't hop realms"); "Can't hop realms");
goto out2; goto out2;
} }
@ -473,7 +472,7 @@ _kdc_do_version4(krb5_context context,
if(strcmp(sname, "changepw") == 0){ if(strcmp(sname, "changepw") == 0){
kdc_log(context, config, 0, kdc_log(context, config, 0,
"Bad request for changepw ticket (krb4)"); "Bad request for changepw ticket (krb4)");
make_err_reply(context, reply, KERB_ERR_PRINCIPAL_UNKNOWN, make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN,
"Can't authorize password change based on TGT"); "Can't authorize password change based on TGT");
goto out2; goto out2;
} }
@ -485,7 +484,7 @@ _kdc_do_version4(krb5_context context,
s = kdc_log_msg(context, config, 0, s = kdc_log_msg(context, config, 0,
"Client not found in database: (krb4) %s: %s", "Client not found in database: (krb4) %s: %s",
client_name, krb5_get_err_text(context, ret)); client_name, krb5_get_err_text(context, ret));
make_err_reply(context, reply, KERB_ERR_PRINCIPAL_UNKNOWN, s); make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN, s);
free(s); free(s);
goto out2; goto out2;
} }
@ -494,7 +493,7 @@ _kdc_do_version4(krb5_context context,
s = kdc_log_msg(context, config, 0, s = kdc_log_msg(context, config, 0,
"Local client not found in database: (krb4) " "Local client not found in database: (krb4) "
"%s", client_name); "%s", client_name);
make_err_reply(context, reply, KERB_ERR_PRINCIPAL_UNKNOWN, s); make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN, s);
free(s); free(s);
goto out2; goto out2;
} }
@ -506,7 +505,7 @@ _kdc_do_version4(krb5_context context,
s = kdc_log_msg(context, config, 0, s = kdc_log_msg(context, config, 0,
"Server not found in database (krb4): %s: %s", "Server not found in database (krb4): %s: %s",
server_name, krb5_get_err_text(context, ret)); server_name, krb5_get_err_text(context, ret));
make_err_reply(context, reply, KERB_ERR_PRINCIPAL_UNKNOWN, s); make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN, s);
free(s); free(s);
goto out2; goto out2;
} }
@ -516,8 +515,7 @@ _kdc_do_version4(krb5_context context,
server, server_name, server, server_name,
FALSE); FALSE);
if (ret) { if (ret) {
/* good error code? */ make_err_reply(context, reply, KRB4ET_KDC_NAME_EXP,
make_err_reply(context, reply, KERB_ERR_NAME_EXP,
"operation not allowed"); "operation not allowed");
goto out2; goto out2;
} }
@ -526,8 +524,7 @@ _kdc_do_version4(krb5_context context,
if(ret){ if(ret){
kdc_log(context, config, 0, kdc_log(context, config, 0,
"no suitable DES key for server (krb4)"); "no suitable DES key for server (krb4)");
/* XXX */ make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY,
make_err_reply(context, reply, KDC_NULL_KEY,
"no suitable DES key for server"); "no suitable DES key for server");
goto out2; goto out2;
} }
@ -787,7 +784,7 @@ _kdc_get_des_key(krb5_context context,
else if(is_server && server_key) else if(is_server && server_key)
*ret_key = server_key; *ret_key = server_key;
else else
return KERB_ERR_NULL_KEY; return KRB4ET_KDC_NULL_KEY;
} else { } else {
if(v4_key) if(v4_key)
*ret_key = v4_key; *ret_key = v4_key;
@ -798,11 +795,11 @@ _kdc_get_des_key(krb5_context context,
else if(is_server && server_key) else if(is_server && server_key)
*ret_key = server_key; *ret_key = server_key;
else else
return KERB_ERR_NULL_KEY; return KRB4ET_KDC_NULL_KEY;
} }
if((*ret_key)->key.keyvalue.length == 0) if((*ret_key)->key.keyvalue.length == 0)
return KERB_ERR_NULL_KEY; return KRB4ET_KDC_NULL_KEY;
return 0; return 0;
} }

View File

@ -33,7 +33,7 @@
#include "kdc_locl.h" #include "kdc_locl.h"
RCSID("$Id: kerberos5.c 21040 2007-06-10 06:20:59Z lha $"); RCSID("$Id: kerberos5.c 21529 2007-07-13 12:37:14Z lha $");
#define MAX_TIME ((time_t)((1U << 31) - 1)) #define MAX_TIME ((time_t)((1U << 31) - 1))
@ -84,6 +84,22 @@ _kdc_find_padata(const KDC_REQ *req, int *start, int type)
return NULL; return NULL;
} }
/*
* Detect if `key' is the using the the precomputed `default_salt'.
*/
static krb5_boolean
is_default_salt_p(const krb5_salt *default_salt, const Key *key)
{
if (key->salt == NULL)
return TRUE;
if (default_salt->salttype != key->salt->type)
return FALSE;
if (krb5_data_cmp(&default_salt->saltvalue, &key->salt->salt))
return FALSE;
return TRUE;
}
/* /*
* return the first appropriate key of `princ' in `ret_key'. Look for * return the first appropriate key of `princ' in `ret_key'. Look for
* all the etypes in (`etypes', `len'), stopping as soon as we find * all the etypes in (`etypes', `len'), stopping as soon as we find
@ -97,6 +113,9 @@ _kdc_find_etype(krb5_context context, const hdb_entry_ex *princ,
{ {
int i; int i;
krb5_error_code ret = KRB5KDC_ERR_ETYPE_NOSUPP; krb5_error_code ret = KRB5KDC_ERR_ETYPE_NOSUPP;
krb5_salt def_salt;
krb5_get_pw_salt (context, princ->entry.principal, &def_salt);
for(i = 0; ret != 0 && i < len ; i++) { for(i = 0; ret != 0 && i < len ; i++) {
Key *key = NULL; Key *key = NULL;
@ -112,10 +131,13 @@ _kdc_find_etype(krb5_context context, const hdb_entry_ex *princ,
*ret_key = key; *ret_key = key;
*ret_etype = etypes[i]; *ret_etype = etypes[i];
ret = 0; ret = 0;
if (key->salt == NULL) if (is_default_salt_p(&def_salt, key)) {
krb5_free_salt (context, def_salt);
return ret; return ret;
} }
} }
}
krb5_free_salt (context, def_salt);
return ret; return ret;
} }
@ -325,6 +347,43 @@ _kdc_encode_reply(krb5_context context,
return 0; return 0;
} }
/*
* Return 1 if the client have only older enctypes, this is for
* determining if the server should send ETYPE_INFO2 or not.
*/
static int
older_enctype(krb5_enctype enctype)
{
switch (enctype) {
case ETYPE_DES_CBC_CRC:
case ETYPE_DES_CBC_MD4:
case ETYPE_DES_CBC_MD5:
case ETYPE_DES3_CBC_SHA1:
case ETYPE_ARCFOUR_HMAC_MD5:
case ETYPE_ARCFOUR_HMAC_MD5_56:
return 1;
default:
return 0;
}
}
static int
only_older_enctype_p(const KDC_REQ *req)
{
int i;
for(i = 0; i < req->req_body.etype.len; i++) {
if (!older_enctype(req->req_body.etype.val[i]))
return 0;
}
return 1;
}
/*
*
*/
static krb5_error_code static krb5_error_code
make_etype_info_entry(krb5_context context, ETYPE_INFO_ENTRY *ent, Key *key) make_etype_info_entry(krb5_context context, ETYPE_INFO_ENTRY *ent, Key *key)
{ {
@ -395,14 +454,18 @@ get_pa_etype_info(krb5_context context,
return ENOMEM; return ENOMEM;
memset(pa.val, 0, pa.len * sizeof(*pa.val)); memset(pa.val, 0, pa.len * sizeof(*pa.val));
for(j = 0; j < etypes_len; j++) {
for (i = 0; i < n; i++)
if (pa.val[i].etype == etypes[j])
goto skip1;
for(i = 0; i < client->keys.len; i++) { for(i = 0; i < client->keys.len; i++) {
for (j = 0; j < n; j++)
if (pa.val[j].etype == client->keys.val[i].key.keytype)
goto skip1;
for(j = 0; j < etypes_len; j++) {
if(client->keys.val[i].key.keytype == etypes[j]) { if(client->keys.val[i].key.keytype == etypes[j]) {
if (krb5_enctype_valid(context, etypes[j]) != 0) if (krb5_enctype_valid(context, etypes[j]) != 0)
continue; continue;
if (!older_enctype(etypes[j]))
continue;
if (n >= pa.len)
krb5_abortx(context, "internal error: n >= p.len");
if((ret = make_etype_info_entry(context, if((ret = make_etype_info_entry(context,
&pa.val[n++], &pa.val[n++],
&client->keys.val[i])) != 0) { &client->keys.val[i])) != 0) {
@ -420,6 +483,10 @@ get_pa_etype_info(krb5_context context,
} }
if (krb5_enctype_valid(context, client->keys.val[i].key.keytype) != 0) if (krb5_enctype_valid(context, client->keys.val[i].key.keytype) != 0)
continue; continue;
if (!older_enctype(etypes[j]))
continue;
if (n >= pa.len)
krb5_abortx(context, "internal error: n >= p.len");
if((ret = make_etype_info_entry(context, if((ret = make_etype_info_entry(context,
&pa.val[n++], &pa.val[n++],
&client->keys.val[i])) != 0) { &client->keys.val[i])) != 0) {
@ -429,16 +496,8 @@ get_pa_etype_info(krb5_context context,
skip2:; skip2:;
} }
if(n != pa.len) { if(n < pa.len) {
char *name; /* stripped out newer enctypes */
ret = krb5_unparse_name(context, client->principal, &name);
if (ret)
name = rk_UNCONST("<unparse_name failed>");
kdc_log(context, config, 0,
"internal error in get_pa_etype_info(%s): %d != %d",
name, n, pa.len);
if (ret == 0)
free(name);
pa.len = n; pa.len = n;
} }
@ -528,33 +587,9 @@ make_etype_info2_entry(ETYPE_INFO2_ENTRY *ent, Key *key)
} }
/* /*
* Return 1 if the client have only older enctypes, this is for * Return an ETYPE-INFO2. Enctypes are storted the same way as in the
* determining if the server should send ETYPE_INFO2 or not. * database (client supported enctypes first, then the unsupported
*/ * enctypes).
static int
only_older_enctype_p(const KDC_REQ *req)
{
int i;
for(i = 0; i < req->req_body.etype.len; i++) {
switch (req->req_body.etype.val[i]) {
case ETYPE_DES_CBC_CRC:
case ETYPE_DES_CBC_MD4:
case ETYPE_DES_CBC_MD5:
case ETYPE_DES3_CBC_SHA1:
case ETYPE_ARCFOUR_HMAC_MD5:
case ETYPE_ARCFOUR_HMAC_MD5_56:
break;
default:
return 0;
}
}
return 1;
}
/*
*
*/ */
static krb5_error_code static krb5_error_code
@ -578,11 +613,11 @@ get_pa_etype_info2(krb5_context context,
return ENOMEM; return ENOMEM;
memset(pa.val, 0, pa.len * sizeof(*pa.val)); memset(pa.val, 0, pa.len * sizeof(*pa.val));
for(j = 0; j < etypes_len; j++) {
for (i = 0; i < n; i++)
if (pa.val[i].etype == etypes[j])
goto skip1;
for(i = 0; i < client->keys.len; i++) { for(i = 0; i < client->keys.len; i++) {
for (j = 0; j < n; j++)
if (pa.val[j].etype == client->keys.val[i].key.keytype)
goto skip1;
for(j = 0; j < etypes_len; j++) {
if(client->keys.val[i].key.keytype == etypes[j]) { if(client->keys.val[i].key.keytype == etypes[j]) {
if (krb5_enctype_valid(context, etypes[j]) != 0) if (krb5_enctype_valid(context, etypes[j]) != 0)
continue; continue;
@ -595,6 +630,7 @@ get_pa_etype_info2(krb5_context context,
} }
skip1:; skip1:;
} }
/* send enctypes that the cliene doesn't know about too */
for(i = 0; i < client->keys.len; i++) { for(i = 0; i < client->keys.len; i++) {
for(j = 0; j < etypes_len; j++) { for(j = 0; j < etypes_len; j++) {
if(client->keys.val[i].key.keytype == etypes[j]) if(client->keys.val[i].key.keytype == etypes[j])
@ -959,7 +995,9 @@ _kdc_as_rep(krb5_context context,
if (b->cname->name_type == KRB5_NT_ENTERPRISE_PRINCIPAL) { if (b->cname->name_type == KRB5_NT_ENTERPRISE_PRINCIPAL) {
if (b->cname->name_string.len != 1) { if (b->cname->name_string.len != 1) {
kdc_log(context, config, 0, kdc_log(context, config, 0,
"AS-REQ malformed canon request from %s", from); "AS-REQ malformed canon request from %s, "
"enterprise name with %d name components",
from, b->cname->name_string.len);
ret = KRB5_PARSE_MALFORMED; ret = KRB5_PARSE_MALFORMED;
goto out; goto out;
} }
@ -1395,6 +1433,12 @@ _kdc_as_rep(krb5_context context,
copy_Realm(&server->entry.principal->realm, &rep.ticket.realm); copy_Realm(&server->entry.principal->realm, &rep.ticket.realm);
_krb5_principal2principalname(&rep.ticket.sname, _krb5_principal2principalname(&rep.ticket.sname,
server->entry.principal); server->entry.principal);
/* java 1.6 expects the name to be the same type, lets allow that
* uncomplicated name-types. */
#define CNT(sp,t) (((sp)->sname->name_type) == KRB5_NT_##t)
if (CNT(b, UNKNOWN) || CNT(b, PRINCIPAL) || CNT(b, SRV_INST) || CNT(b, SRV_HST) || CNT(b, SRV_XHST))
rep.ticket.sname.name_type = b->sname->name_type;
#undef CNT
et.flags.initial = 1; et.flags.initial = 1;
if(client->entry.flags.forwardable && server->entry.flags.forwardable) if(client->entry.flags.forwardable && server->entry.flags.forwardable)

View File

@ -36,7 +36,7 @@
#include <rfc2459_asn1.h> #include <rfc2459_asn1.h>
#include <hx509.h> #include <hx509.h>
RCSID("$Id: kx509.c 19992 2007-01-20 09:06:18Z lha $"); RCSID("$Id: kx509.c 21607 2007-07-17 07:04:52Z lha $");
/* /*
* *
@ -56,7 +56,7 @@ _kdc_try_kx509_request(void *ptr, size_t len, Kx509Request *req, size_t *size)
* *
*/ */
static const char version_2_0[4] = {0 , 0, 2, 0}; static const unsigned char version_2_0[4] = {0 , 0, 2, 0};
static krb5_error_code static krb5_error_code
verify_req_hash(krb5_context context, verify_req_hash(krb5_context context,
@ -122,7 +122,7 @@ calculate_reply_hash(krb5_context context,
if (rep->certificate) if (rep->certificate)
HMAC_Update(&ctx, rep->certificate->data, rep->certificate->length); HMAC_Update(&ctx, rep->certificate->data, rep->certificate->length);
if (rep->e_text) if (rep->e_text)
HMAC_Update(&ctx, *rep->e_text, strlen(*rep->e_text)); HMAC_Update(&ctx, (unsigned char *)*rep->e_text, strlen(*rep->e_text));
HMAC_Final(&ctx, rep->hash->data, 0); HMAC_Final(&ctx, rep->hash->data, 0);
HMAC_CTX_cleanup(&ctx); HMAC_CTX_cleanup(&ctx);

View File

@ -32,18 +32,10 @@
*/ */
#include "kuser_locl.h" #include "kuser_locl.h"
RCSID("$Id: kinit.c 20517 2007-04-22 10:42:26Z lha $"); RCSID("$Id: kinit.c 21483 2007-07-10 16:40:46Z lha $");
#include "krb5-v4compat.h" #include "krb5-v4compat.h"
struct krb5_pk_identity;
struct krb5_pk_cert;
struct ContentInfo;
struct _krb5_krb_auth_data;
struct krb5_dh_moduli;
struct krb5_plugin;
enum plugin_type;
#include "krb5-private.h"
#include "heimntlm.h" #include "heimntlm.h"
int forwardable_flag = -1; int forwardable_flag = -1;

View File

@ -3,7 +3,7 @@
# #
# This might look like a com_err file, but is not # This might look like a com_err file, but is not
# #
id "$Id: asn1_err.et 20010 2007-01-20 21:52:27Z lha $" id "$Id: asn1_err.et 21394 2007-07-02 10:14:43Z lha $"
error_table asn1 error_table asn1
prefix ASN1 prefix ASN1
@ -19,4 +19,7 @@ error_code BAD_FORMAT, "ASN.1 badly-formatted encoding"
error_code PARSE_ERROR, "ASN.1 parse error" error_code PARSE_ERROR, "ASN.1 parse error"
error_code EXTRA_DATA, "ASN.1 extra data past end of end structure" error_code EXTRA_DATA, "ASN.1 extra data past end of end structure"
error_code BAD_CHARACTER, "ASN.1 invalid character in string" error_code BAD_CHARACTER, "ASN.1 invalid character in string"
error_code MIN_CONSTRAINT, "ASN.1 too few elements"
error_code MAX_CONSTRAINT, "ASN.1 too many elements"
error_code EXACT_CONSTRAINT, "ASN.1 wrong number of elements"
end end

View File

@ -33,7 +33,7 @@
#include "der_locl.h" #include "der_locl.h"
RCSID("$Id: der_get.c 20570 2007-04-27 14:06:27Z lha $"); RCSID("$Id: der_get.c 21369 2007-06-27 10:14:39Z lha $");
#include <version.h> #include <version.h>
@ -336,32 +336,25 @@ generalizedtime2time (const char *s, time_t *t)
*t = _der_timegm (&tm); *t = _der_timegm (&tm);
return 0; return 0;
} }
#undef timegm
static int static int
der_get_time (const unsigned char *p, size_t len, der_get_time (const unsigned char *p, size_t len,
time_t *data, size_t *size) time_t *data, size_t *size)
{ {
heim_octet_string k;
char *times; char *times;
size_t ret = 0;
size_t l;
int e; int e;
e = der_get_octet_string (p, len, &k, &l); if (len > len + 1 || len == 0)
if (e) return e; return ASN1_BAD_LENGTH;
p += l;
len -= l; times = malloc(len + 1);
ret += l; if (times == NULL)
times = realloc(k.data, k.length + 1);
if (times == NULL){
free(k.data);
return ENOMEM; return ENOMEM;
} memcpy(times, p, len);
times[k.length] = 0; times[len] = '\0';
e = generalizedtime2time(times, data); e = generalizedtime2time(times, data);
free (times); free (times);
if(size) *size = ret; if(size) *size = len;
return e; return e;
} }

View File

@ -33,7 +33,7 @@
#include "gen_locl.h" #include "gen_locl.h"
RCSID("$Id: gen.c 20670 2007-05-11 00:39:41Z lha $"); RCSID("$Id: gen.c 21364 2007-06-27 08:51:06Z lha $");
FILE *headerfile, *codefile, *logfile; FILE *headerfile, *codefile, *logfile;
@ -253,6 +253,7 @@ generate_header_of_codefile(const char *name)
"#include <time.h>\n" "#include <time.h>\n"
"#include <string.h>\n" "#include <string.h>\n"
"#include <errno.h>\n" "#include <errno.h>\n"
"#include <limits.h>\n"
"#include <krb5-types.h>\n", "#include <krb5-types.h>\n",
orig_filename); orig_filename);

View File

@ -34,7 +34,7 @@
#include "gen_locl.h" #include "gen_locl.h"
#include "lex.h" #include "lex.h"
RCSID("$Id: gen_decode.c 19572 2006-12-29 17:30:32Z lha $"); RCSID("$Id: gen_decode.c 21503 2007-07-12 11:57:19Z lha $");
static void static void
decode_primitive (const char *typename, const char *name, const char *forwstr) decode_primitive (const char *typename, const char *name, const char *forwstr)
@ -202,6 +202,32 @@ find_tag (const Type *t,
} }
} }
static void
range_check(const char *name,
const char *length,
const char *forwstr,
struct range *r)
{
if (r->min == r->max + 2 || r->min < r->max)
fprintf (codefile,
"if ((%s)->%s > %d) {\n"
"e = ASN1_MAX_CONSTRAINT; %s;\n"
"}\n",
name, length, r->max, forwstr);
if (r->min - 1 == r->max || r->min < r->max)
fprintf (codefile,
"if ((%s)->%s < %d) {\n"
"e = ASN1_MIN_CONSTRAINT; %s;\n"
"}\n",
name, length, r->min, forwstr);
if (r->max == r->min)
fprintf (codefile,
"if ((%s)->%s != %d) {\n"
"e = ASN1_EXACT_CONSTRAINT; %s;\n"
"}\n",
name, length, r->min, forwstr);
}
static int static int
decode_type (const char *name, const Type *t, int optional, decode_type (const char *name, const Type *t, int optional,
const char *forwstr, const char *tmpstr) const char *forwstr, const char *tmpstr)
@ -236,12 +262,14 @@ decode_type (const char *name, const Type *t, int optional,
} }
case TInteger: case TInteger:
if(t->members) { if(t->members) {
char *s; fprintf(codefile,
asprintf(&s, "(int*)%s", name); "{\n"
if (s == NULL) "int enumint;\n");
errx (1, "out of memory"); decode_primitive ("integer", "&enumint", forwstr);
decode_primitive ("integer", s, forwstr); fprintf(codefile,
free(s); "*%s = enumint;\n"
"}\n",
name);
} else if (t->range == NULL) { } else if (t->range == NULL) {
decode_primitive ("heim_integer", name, forwstr); decode_primitive ("heim_integer", name, forwstr);
} else if (t->range->min == INT_MIN && t->range->max == INT_MAX) { } else if (t->range->min == INT_MIN && t->range->max == INT_MAX) {
@ -262,6 +290,8 @@ decode_type (const char *name, const Type *t, int optional,
break; break;
case TOctetString: case TOctetString:
decode_primitive ("octet_string", name, forwstr); decode_primitive ("octet_string", name, forwstr);
if (t->range)
range_check(name, "length", forwstr, t->range);
break; break;
case TBitString: { case TBitString: {
Member *m; Member *m;
@ -394,19 +424,31 @@ decode_type (const char *name, const Type *t, int optional,
"{\n" "{\n"
"size_t %s_origlen = len;\n" "size_t %s_origlen = len;\n"
"size_t %s_oldret = ret;\n" "size_t %s_oldret = ret;\n"
"size_t %s_olen = 0;\n"
"void *%s_tmp;\n" "void *%s_tmp;\n"
"ret = 0;\n" "ret = 0;\n"
"(%s)->len = 0;\n" "(%s)->len = 0;\n"
"(%s)->val = NULL;\n" "(%s)->val = NULL;\n",
tmpstr,
tmpstr,
tmpstr,
tmpstr,
name,
name);
fprintf (codefile,
"while(ret < %s_origlen) {\n" "while(ret < %s_origlen) {\n"
"%s_tmp = realloc((%s)->val, " "size_t %s_nlen = %s_olen + sizeof(*((%s)->val));\n"
" sizeof(*((%s)->val)) * ((%s)->len + 1));\n" "if (%s_olen > %s_nlen) { e = ASN1_OVERFLOW; %s; }\n"
"if (%s_tmp == NULL) { %s; }\n" "%s_olen = %s_nlen;\n"
"%s_tmp = realloc((%s)->val, %s_olen);\n"
"if (%s_tmp == NULL) { e = ENOMEM; %s; }\n"
"(%s)->val = %s_tmp;\n", "(%s)->val = %s_tmp;\n",
tmpstr, tmpstr, tmpstr, tmpstr,
name, name, tmpstr, tmpstr, name,
tmpstr, tmpstr, forwstr,
tmpstr, tmpstr, tmpstr, tmpstr,
name, name, name, tmpstr, name, tmpstr,
tmpstr, forwstr, tmpstr, forwstr,
name, tmpstr); name, tmpstr);
@ -425,6 +467,8 @@ decode_type (const char *name, const Type *t, int optional,
"}\n", "}\n",
name, name,
tmpstr, tmpstr); tmpstr, tmpstr);
if (t->range)
range_check(name, "len", forwstr, t->range);
free (n); free (n);
free (sname); free (sname);
break; break;

View File

@ -33,7 +33,7 @@
#include "gen_locl.h" #include "gen_locl.h"
RCSID("$Id: gen_encode.c 19572 2006-12-29 17:30:32Z lha $"); RCSID("$Id: gen_encode.c 21503 2007-07-12 11:57:19Z lha $");
static void static void
encode_primitive (const char *typename, const char *name) encode_primitive (const char *typename, const char *name)
@ -121,12 +121,12 @@ encode_type (const char *name, const Type *t, const char *tmpstr)
break; break;
case TInteger: case TInteger:
if(t->members) { if(t->members) {
char *s; fprintf(codefile,
asprintf(&s, "(const int*)%s", name); "{\n"
if(s == NULL) "int enumint = (int)*%s;\n",
errx(1, "out of memory"); name);
encode_primitive ("integer", s); encode_primitive ("integer", "&enumint");
free(s); fprintf(codefile, "}\n;");
} else if (t->range == NULL) { } else if (t->range == NULL) {
encode_primitive ("heim_integer", name); encode_primitive ("heim_integer", name);
} else if (t->range->min == INT_MIN && t->range->max == INT_MAX) { } else if (t->range->min == INT_MIN && t->range->max == INT_MAX) {
@ -292,6 +292,11 @@ encode_type (const char *name, const Type *t, const char *tmpstr)
"size_t elen, totallen = 0;\n" "size_t elen, totallen = 0;\n"
"int eret;\n"); "int eret;\n");
fprintf(codefile,
"if ((%s)->len > UINT_MAX/sizeof(val[0]))\n"
"return ERANGE;\n",
name);
fprintf(codefile, fprintf(codefile,
"val = malloc(sizeof(val[0]) * (%s)->len);\n" "val = malloc(sizeof(val[0]) * (%s)->len);\n"
"if (val == NULL && (%s)->len != 0) return ENOMEM;\n", "if (val == NULL && (%s)->len != 0) return ENOMEM;\n",

View File

@ -33,7 +33,7 @@
#include "gen_locl.h" #include "gen_locl.h"
RCSID("$Id: gen_length.c 19539 2006-12-28 17:15:05Z lha $"); RCSID("$Id: gen_length.c 21503 2007-07-12 11:57:19Z lha $");
static void static void
length_primitive (const char *typename, length_primitive (const char *typename,
@ -72,12 +72,11 @@ length_type (const char *name, const Type *t,
break; break;
case TInteger: case TInteger:
if(t->members) { if(t->members) {
char *s; fprintf(codefile,
asprintf(&s, "(const int*)%s", name); "{\n"
if(s == NULL) "int enumint = *%s;\n", name);
errx (1, "out of memory"); length_primitive ("integer", "&enumint", variable);
length_primitive ("integer", s, variable); fprintf(codefile, "}\n");
free(s);
} else if (t->range == NULL) { } else if (t->range == NULL) {
length_primitive ("heim_integer", name, variable); length_primitive ("heim_integer", name, variable);
} else if (t->range->min == INT_MIN && t->range->max == INT_MAX) { } else if (t->range->min == INT_MIN && t->range->max == INT_MAX) {

View File

@ -1,4 +1,4 @@
-- $Id: k5.asn1 21092 2007-06-15 19:47:46Z lha $ -- $Id: k5.asn1 21400 2007-07-02 19:57:31Z lha $
KERBEROS5 DEFINITIONS ::= KERBEROS5 DEFINITIONS ::=
BEGIN BEGIN
@ -332,7 +332,7 @@ ETYPE-INFO2-ENTRY ::= SEQUENCE {
s2kparams[2] OCTET STRING OPTIONAL s2kparams[2] OCTET STRING OPTIONAL
} }
ETYPE-INFO2 ::= SEQUENCE OF ETYPE-INFO2-ENTRY ETYPE-INFO2 ::= SEQUENCE SIZE (1..MAX) OF ETYPE-INFO2-ENTRY
METHOD-DATA ::= SEQUENCE OF PA-DATA METHOD-DATA ::= SEQUENCE OF PA-DATA
@ -341,7 +341,7 @@ TypedData ::= SEQUENCE {
data-value[1] OCTET STRING OPTIONAL data-value[1] OCTET STRING OPTIONAL
} }
TYPED-DATA ::= SEQUENCE OF TypedData TYPED-DATA ::= SEQUENCE SIZE (1..MAX) OF TypedData
KDC-REQ-BODY ::= SEQUENCE { KDC-REQ-BODY ::= SEQUENCE {
kdc-options[0] KDCOptions, kdc-options[0] KDCOptions,

View File

@ -1,6 +1,5 @@
#include "config.h"
#line 3 "lex.yy.c" #line 3 "lex.c"
#define YY_INT_ALIGNED short int #define YY_INT_ALIGNED short int
@ -343,6 +342,9 @@ FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0;
typedef int yy_state_type; typedef int yy_state_type;
extern int yylineno; extern int yylineno;
int yylineno = 1;
extern char *yytext; extern char *yytext;
#define yytext_ptr yytext #define yytext_ptr yytext
@ -824,7 +826,7 @@ char *yytext;
* SUCH DAMAGE. * SUCH DAMAGE.
*/ */
/* $Id: lex.l,v 1.31 2006/10/21 11:57:22 lha Exp $ */ /* $Id: lex.l 18738 2006-10-21 11:57:22Z lha $ */
#ifdef HAVE_CONFIG_H #ifdef HAVE_CONFIG_H
#include <config.h> #include <config.h>
@ -849,7 +851,7 @@ static unsigned lineno = 1;
static void unterminated(const char *, unsigned); static void unterminated(const char *, unsigned);
/* This is for broken old lexes (solaris 10 and hpux) */ /* This is for broken old lexes (solaris 10 and hpux) */
#line 852 "lex.yy.c" #line 855 "lex.c"
#define INITIAL 0 #define INITIAL 0
@ -1004,7 +1006,7 @@ YY_DECL
#line 68 "lex.l" #line 68 "lex.l"
#line 1007 "lex.yy.c" #line 1010 "lex.c"
if ( !(yy_init) ) if ( !(yy_init) )
{ {
@ -1673,7 +1675,7 @@ YY_RULE_SETUP
#line 274 "lex.l" #line 274 "lex.l"
ECHO; ECHO;
YY_BREAK YY_BREAK
#line 1676 "lex.yy.c" #line 1679 "lex.c"
case YY_STATE_EOF(INITIAL): case YY_STATE_EOF(INITIAL):
yyterminate(); yyterminate();
@ -2483,6 +2485,15 @@ static void yy_fatal_error (yyconst char* msg )
/* Accessor methods (get/set functions) to struct members. */ /* Accessor methods (get/set functions) to struct members. */
/** Get the current line number.
*
*/
int yyget_lineno (void)
{
return yylineno;
}
/** Get the input stream. /** Get the input stream.
* *
*/ */
@ -2516,6 +2527,16 @@ char *yyget_text (void)
return yytext; return yytext;
} }
/** Set the current line number.
* @param line_number
*
*/
void yyset_lineno (int line_number )
{
yylineno = line_number;
}
/** Set the input stream. This does not discard the current /** Set the input stream. This does not discard the current
* input buffer. * input buffer.
* @param in_str A readable stream. * @param in_str A readable stream.

File diff suppressed because it is too large Load Diff

View File

@ -16,7 +16,9 @@
GNU General Public License for more details. GNU General Public License for more details.
You should have received a copy of the GNU General Public License You should have received a copy of the GNU General Public License
along with this program; if not, see <http://www.gnu.org/licenses/>. */ along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor,
Boston, MA 02110-1301, USA. */
/* As a special exception, you may create a larger work that contains /* As a special exception, you may create a larger work that contains
part or all of the Bison parser skeleton and distribute that work part or all of the Bison parser skeleton and distribute that work
@ -224,7 +226,7 @@ typedef union YYSTYPE
{ {
int constant; int constant;
struct value *value; struct value *value;
struct range range; struct range *range;
char *name; char *name;
Type *type; Type *type;
Member *member; Member *member;

View File

@ -169,7 +169,7 @@ Extension ::= SEQUENCE {
extnValue OCTET STRING extnValue OCTET STRING
} }
Extensions ::= SEQUENCE OF Extension -- SIZE (1..MAX) Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
TBSCertificate ::= SEQUENCE { TBSCertificate ::= SEQUENCE {
version [0] Version OPTIONAL, -- EXPLICIT nnn DEFAULT 1, version [0] Version OPTIONAL, -- EXPLICIT nnn DEFAULT 1,
@ -232,7 +232,7 @@ GeneralName ::= CHOICE {
registeredID [8] IMPLICIT OBJECT IDENTIFIER registeredID [8] IMPLICIT OBJECT IDENTIFIER
} }
GeneralNames ::= SEQUENCE -- SIZE (1..MAX) -- OF GeneralName GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
id-x509-ce-keyUsage OBJECT IDENTIFIER ::= { id-x509-ce 15 } id-x509-ce-keyUsage OBJECT IDENTIFIER ::= { id-x509-ce 15 }
@ -320,7 +320,7 @@ DistributionPointReasonFlags ::= BIT STRING {
} }
DistributionPointName ::= CHOICE { DistributionPointName ::= CHOICE {
fullName [0] IMPLICIT -- GeneralNames -- SEQUENCE -- SIZE (1..MAX) -- OF GeneralName, fullName [0] IMPLICIT -- GeneralNames -- SEQUENCE SIZE (1..MAX) OF GeneralName,
nameRelativeToCRLIssuer [1] RelativeDistinguishedName nameRelativeToCRLIssuer [1] RelativeDistinguishedName
} }
@ -330,7 +330,7 @@ DistributionPoint ::= SEQUENCE {
cRLIssuer [2] IMPLICIT heim_any -- GeneralNames -- OPTIONAL cRLIssuer [2] IMPLICIT heim_any -- GeneralNames -- OPTIONAL
} }
CRLDistributionPoints ::= SEQUENCE -- SIZE (1..MAX) -- OF DistributionPoint CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
-- rfc3279 -- rfc3279
@ -449,11 +449,20 @@ id-pkix-kp-emailProtection OBJECT IDENTIFIER ::= { id-pkix-kp 4 }
id-pkix-kp-timeStamping OBJECT IDENTIFIER ::= { id-pkix-kp 8 } id-pkix-kp-timeStamping OBJECT IDENTIFIER ::= { id-pkix-kp 8 }
id-pkix-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-pkix-kp 9 } id-pkix-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-pkix-kp 9 }
-- RFC 3820 Proxy Certificate Profile
id-pkix-pe OBJECT IDENTIFIER ::= { id-pkix 1 } id-pkix-pe OBJECT IDENTIFIER ::= { id-pkix 1 }
id-pe-proxyCertInfo OBJECT IDENTIFIER ::= { id-pkix-pe 14 } id-pkix-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pkix-pe 1 }
AccessDescription ::= SEQUENCE {
accessMethod OBJECT IDENTIFIER,
accessLocation GeneralName
}
AuthorityInfoAccessSyntax ::= SEQUENCE SIZE (1..MAX) OF AccessDescription
-- RFC 3820 Proxy Certificate Profile
id-pkix-pe-proxyCertInfo OBJECT IDENTIFIER ::= { id-pkix-pe 14 }
id-pkix-ppl OBJECT IDENTIFIER ::= { id-pkix 21 } id-pkix-ppl OBJECT IDENTIFIER ::= { id-pkix 21 }

View File

@ -1,4 +1,4 @@
-- $Id: test.asn1 18013 2006-09-05 14:00:44Z lha $ -- -- $Id: test.asn1 21455 2007-07-10 12:51:19Z lha $ --
TEST DEFINITIONS ::= TEST DEFINITIONS ::=
@ -85,4 +85,11 @@ TESTUSERCONSTRAINED ::= OCTET STRING (CONSTRAINED BY { -- meh -- })
TESTSeqOf ::= SEQUENCE OF TESTInteger TESTSeqOf ::= SEQUENCE OF TESTInteger
TESTSeqSizeOf1 ::= SEQUENCE SIZE (2) OF TESTInteger
TESTSeqSizeOf2 ::= SEQUENCE SIZE (1..2) OF TESTInteger
TESTSeqSizeOf3 ::= SEQUENCE SIZE (1..MAX) OF TESTInteger
TESTSeqSizeOf4 ::= SEQUENCE SIZE (MIN..2) OF TESTInteger
TESTOSSize1 ::= OCTET STRING SIZE (1..2)
END END

View File

@ -33,7 +33,7 @@
#include "der_locl.h" #include "der_locl.h"
RCSID("$Id: timegm.c 18607 2006-10-19 16:19:32Z lha $"); RCSID("$Id: timegm.c 21366 2007-06-27 10:06:22Z lha $");
static int static int
is_leap(unsigned y) is_leap(unsigned y)
@ -43,8 +43,8 @@ is_leap(unsigned y)
} }
/* /*
* This is a simplifed version of _der_timegm that doesn't accept out * This is a simplifed version of timegm(3) that doesn't accept out of
* of bound values that timegm(3) normally accepts but those are not * bound values that timegm(3) normally accepts but those are not
* valid in asn1 encodings. * valid in asn1 encodings.
*/ */

View File

@ -27,7 +27,7 @@
*/ */
#include "mech_locl.h" #include "mech_locl.h"
RCSID("$Id: gss_acquire_cred.c 20626 2007-05-08 13:56:49Z lha $"); RCSID("$Id: gss_acquire_cred.c 21478 2007-07-10 16:32:01Z lha $");
OM_uint32 OM_uint32
gss_acquire_cred(OM_uint32 *minor_status, gss_acquire_cred(OM_uint32 *minor_status,
@ -50,7 +50,7 @@ gss_acquire_cred(OM_uint32 *minor_status,
int i; int i;
*minor_status = 0; *minor_status = 0;
if (actual_mechs) if (output_cred_handle)
*output_cred_handle = GSS_C_NO_CREDENTIAL; *output_cred_handle = GSS_C_NO_CREDENTIAL;
if (actual_mechs) if (actual_mechs)
*actual_mechs = GSS_C_NO_OID_SET; *actual_mechs = GSS_C_NO_OID_SET;
@ -106,8 +106,9 @@ gss_acquire_cred(OM_uint32 *minor_status,
continue; continue;
if (desired_name != GSS_C_NO_NAME) { if (desired_name != GSS_C_NO_NAME) {
mn = _gss_find_mn(name, &mechs->elements[i]); major_status = _gss_find_mn(minor_status, name,
if (!mn) &mechs->elements[i], &mn);
if (major_status != GSS_S_COMPLETE)
continue; continue;
} }

View File

@ -27,7 +27,7 @@
*/ */
#include "mech_locl.h" #include "mech_locl.h"
RCSID("$Id: gss_add_cred.c 20626 2007-05-08 13:56:49Z lha $"); RCSID("$Id: gss_add_cred.c 21474 2007-07-10 16:30:23Z lha $");
static struct _gss_mechanism_cred * static struct _gss_mechanism_cred *
_gss_copy_cred(struct _gss_mechanism_cred *mc) _gss_copy_cred(struct _gss_mechanism_cred *mc)
@ -136,11 +136,13 @@ gss_add_cred(OM_uint32 *minor_status,
* Figure out a suitable mn, if any. * Figure out a suitable mn, if any.
*/ */
if (desired_name) { if (desired_name) {
mn = _gss_find_mn((struct _gss_name *) desired_name, major_status = _gss_find_mn(minor_status,
desired_mech); (struct _gss_name *) desired_name,
if (!mn) { desired_mech,
&mn);
if (major_status != GSS_S_COMPLETE) {
free(new_cred); free(new_cred);
return (GSS_S_BAD_NAME); return major_status;
} }
} else { } else {
mn = 0; mn = 0;

View File

@ -27,7 +27,7 @@
*/ */
#include "mech_locl.h" #include "mech_locl.h"
RCSID("$Id: gss_canonicalize_name.c 19928 2007-01-16 10:37:54Z lha $"); RCSID("$Id: gss_canonicalize_name.c 21476 2007-07-10 16:31:27Z lha $");
OM_uint32 OM_uint32
gss_canonicalize_name(OM_uint32 *minor_status, gss_canonicalize_name(OM_uint32 *minor_status,
@ -44,10 +44,9 @@ gss_canonicalize_name(OM_uint32 *minor_status,
*minor_status = 0; *minor_status = 0;
*output_name = 0; *output_name = 0;
mn = _gss_find_mn(name, mech_type); major_status = _gss_find_mn(minor_status, name, mech_type, &mn);
if (!mn) { if (major_status)
return (GSS_S_BAD_MECH); return major_status;
}
m = mn->gmn_mech; m = mn->gmn_mech;
major_status = m->gm_canonicalize_name(minor_status, major_status = m->gm_canonicalize_name(minor_status,

View File

@ -27,7 +27,7 @@
*/ */
#include "mech_locl.h" #include "mech_locl.h"
RCSID("$Id: gss_compare_name.c 17700 2006-06-28 09:00:26Z lha $"); RCSID("$Id: gss_compare_name.c 21475 2007-07-10 16:31:03Z lha $");
OM_uint32 OM_uint32
gss_compare_name(OM_uint32 *minor_status, gss_compare_name(OM_uint32 *minor_status,
@ -57,8 +57,11 @@ gss_compare_name(OM_uint32 *minor_status,
struct _gss_mechanism_name *mn2; struct _gss_mechanism_name *mn2;
SLIST_FOREACH(mn1, &name1->gn_mn, gmn_link) { SLIST_FOREACH(mn1, &name1->gn_mn, gmn_link) {
mn2 = _gss_find_mn(name2, mn1->gmn_mech_oid); OM_uint32 major_status;
if (mn2) {
major_status = _gss_find_mn(minor_status, name2,
mn1->gmn_mech_oid, &mn2);
if (major_status == GSS_S_COMPLETE) {
return (mn1->gmn_mech->gm_compare_name( return (mn1->gmn_mech->gm_compare_name(
minor_status, minor_status,
mn1->gmn_name, mn1->gmn_name,

View File

@ -27,7 +27,7 @@
*/ */
#include "mech_locl.h" #include "mech_locl.h"
RCSID("$Id: gss_duplicate_name.c 21219 2007-06-20 08:27:11Z lha $"); RCSID("$Id: gss_duplicate_name.c 21480 2007-07-10 16:32:32Z lha $");
OM_uint32 gss_duplicate_name(OM_uint32 *minor_status, OM_uint32 gss_duplicate_name(OM_uint32 *minor_status,
const gss_name_t src_name, const gss_name_t src_name,
@ -54,7 +54,9 @@ OM_uint32 gss_duplicate_name(OM_uint32 *minor_status,
new_name = (struct _gss_name *) *dest_name; new_name = (struct _gss_name *) *dest_name;
SLIST_FOREACH(mn, &name->gn_mn, gmn_link) { SLIST_FOREACH(mn, &name->gn_mn, gmn_link) {
_gss_find_mn(new_name, mn->gmn_mech_oid); struct _gss_mechanism_name *mn2;
_gss_find_mn(minor_status, new_name,
mn->gmn_mech_oid, &mn2);
} }
} else { } else {
new_name = malloc(sizeof(struct _gss_name)); new_name = malloc(sizeof(struct _gss_name));

View File

@ -27,7 +27,7 @@
*/ */
#include "mech_locl.h" #include "mech_locl.h"
RCSID("$Id: gss_init_sec_context.c 19957 2007-01-17 13:48:11Z lha $"); RCSID("$Id: gss_init_sec_context.c 21479 2007-07-10 16:32:19Z lha $");
static gss_cred_id_t static gss_cred_id_t
_gss_mech_cred_find(gss_cred_id_t cred_handle, gss_OID mech_type) _gss_mech_cred_find(gss_cred_id_t cred_handle, gss_OID mech_type)
@ -109,11 +109,11 @@ gss_init_sec_context(OM_uint32 * minor_status,
/* /*
* Find the MN for this mechanism. * Find the MN for this mechanism.
*/ */
mn = _gss_find_mn(name, mech_type); major_status = _gss_find_mn(minor_status, name, mech_type, &mn);
if (mn == NULL) { if (major_status != GSS_S_COMPLETE) {
if (allocated_ctx) if (allocated_ctx)
free(ctx); free(ctx);
return GSS_S_BAD_NAME; return major_status;
} }
/* /*

View File

@ -28,7 +28,7 @@
#include "mech_locl.h" #include "mech_locl.h"
#include <heim_threads.h> #include <heim_threads.h>
RCSID("$Id: gss_mech_switch.c 20625 2007-05-08 13:55:03Z lha $"); RCSID("$Id: gss_mech_switch.c 21700 2007-07-26 19:08:34Z lha $");
#ifndef _PATH_GSS_MECH #ifndef _PATH_GSS_MECH
#define _PATH_GSS_MECH "/etc/gss/mech" #define _PATH_GSS_MECH "/etc/gss/mech"
@ -223,9 +223,9 @@ _gss_load_mech(void)
add_builtin(__gss_spnego_initialize()); add_builtin(__gss_spnego_initialize());
add_builtin(__gss_ntlm_initialize()); add_builtin(__gss_ntlm_initialize());
#ifdef HAVE_DLOPEN
fp = fopen(_PATH_GSS_MECH, "r"); fp = fopen(_PATH_GSS_MECH, "r");
if (!fp) { if (!fp) {
/* perror(_PATH_GSS_MECH); */
HEIMDAL_MUTEX_unlock(&_gss_mech_mutex); HEIMDAL_MUTEX_unlock(&_gss_mech_mutex);
return; return;
} }
@ -316,6 +316,7 @@ _gss_load_mech(void)
continue; continue;
} }
fclose(fp); fclose(fp);
#endif
HEIMDAL_MUTEX_unlock(&_gss_mech_mutex); HEIMDAL_MUTEX_unlock(&_gss_mech_mutex);
} }

View File

@ -27,15 +27,18 @@
*/ */
#include "mech_locl.h" #include "mech_locl.h"
RCSID("$Id: gss_names.c 19928 2007-01-16 10:37:54Z lha $"); RCSID("$Id: gss_names.c 21473 2007-07-10 16:29:53Z lha $");
struct _gss_mechanism_name * OM_uint32
_gss_find_mn(struct _gss_name *name, gss_OID mech) _gss_find_mn(OM_uint32 *minor_status, struct _gss_name *name, gss_OID mech,
struct _gss_mechanism_name **output_mn)
{ {
OM_uint32 major_status, minor_status; OM_uint32 major_status;
gssapi_mech_interface m; gssapi_mech_interface m;
struct _gss_mechanism_name *mn; struct _gss_mechanism_name *mn;
*output_mn = NULL;
SLIST_FOREACH(mn, &name->gn_mn, gmn_link) { SLIST_FOREACH(mn, &name->gn_mn, gmn_link) {
if (gss_oid_equal(mech, mn->gmn_mech_oid)) if (gss_oid_equal(mech, mn->gmn_mech_oid))
break; break;
@ -47,34 +50,36 @@ _gss_find_mn(struct _gss_name *name, gss_OID mech)
* MN but it is from a different mech), give up now. * MN but it is from a different mech), give up now.
*/ */
if (!name->gn_value.value) if (!name->gn_value.value)
return (0); return GSS_S_BAD_NAME;
m = __gss_get_mechanism(mech); m = __gss_get_mechanism(mech);
if (!m) if (!m)
return (0); return (GSS_S_BAD_MECH);
mn = malloc(sizeof(struct _gss_mechanism_name)); mn = malloc(sizeof(struct _gss_mechanism_name));
if (!mn) if (!mn)
return (0); return GSS_S_FAILURE;
major_status = m->gm_import_name(&minor_status, major_status = m->gm_import_name(minor_status,
&name->gn_value, &name->gn_value,
(name->gn_type.elements (name->gn_type.elements
? &name->gn_type : GSS_C_NO_OID), ? &name->gn_type : GSS_C_NO_OID),
&mn->gmn_name); &mn->gmn_name);
if (major_status != GSS_S_COMPLETE) { if (major_status != GSS_S_COMPLETE) {
_gss_mg_error(m, major_status, minor_status); _gss_mg_error(m, major_status, *minor_status);
free(mn); free(mn);
return (0); return major_status;
} }
mn->gmn_mech = m; mn->gmn_mech = m;
mn->gmn_mech_oid = &m->gm_mech_oid; mn->gmn_mech_oid = &m->gm_mech_oid;
SLIST_INSERT_HEAD(&name->gn_mn, mn, gmn_link); SLIST_INSERT_HEAD(&name->gn_mn, mn, gmn_link);
} }
return (mn); *output_mn = mn;
return 0;
} }
/* /*
* Make a name from an MN. * Make a name from an MN.
*/ */

View File

@ -32,7 +32,7 @@
*/ */
#include "mech_locl.h" #include "mech_locl.h"
RCSID("$Id: gss_oid_to_str.c 19963 2007-01-17 16:01:22Z lha $"); RCSID("$Id: gss_oid_to_str.c 21409 2007-07-04 14:19:11Z lha $");
OM_uint32 OM_uint32
gss_oid_to_str(OM_uint32 *minor_status, gss_OID oid, gss_buffer_t oid_str) gss_oid_to_str(OM_uint32 *minor_status, gss_OID oid, gss_buffer_t oid_str)
@ -44,6 +44,9 @@ gss_oid_to_str(OM_uint32 *minor_status, gss_OID oid, gss_buffer_t oid_str)
_mg_buffer_zero(oid_str); _mg_buffer_zero(oid_str);
if (oid == GSS_C_NULL_OID)
return GSS_S_FAILURE;
ret = der_get_oid (oid->elements, oid->length, &o, &size); ret = der_get_oid (oid->elements, oid->length, &o, &size);
if (ret) { if (ret) {
*minor_status = ret; *minor_status = ret;

View File

@ -24,7 +24,7 @@
* SUCH DAMAGE. * SUCH DAMAGE.
* *
* $FreeBSD: src/lib/libgssapi/name.h,v 1.1 2005/12/29 14:40:20 dfr Exp $ * $FreeBSD: src/lib/libgssapi/name.h,v 1.1 2005/12/29 14:40:20 dfr Exp $
* $Id: name.h 18246 2006-10-05 18:36:07Z lha $ * $Id: name.h 21477 2007-07-10 16:31:44Z lha $
*/ */
struct _gss_mechanism_name { struct _gss_mechanism_name {
@ -41,7 +41,8 @@ struct _gss_name {
struct _gss_mechanism_name_list gn_mn; /* list of MNs */ struct _gss_mechanism_name_list gn_mn; /* list of MNs */
}; };
struct _gss_mechanism_name * OM_uint32
_gss_find_mn(struct _gss_name *name, gss_OID mech); _gss_find_mn(OM_uint32 *, struct _gss_name *, gss_OID,
struct _gss_mechanism_name **);
struct _gss_name * struct _gss_name *
_gss_make_name(gssapi_mech_interface m, gss_name_t new_mn); _gss_make_name(gssapi_mech_interface m, gss_name_t new_mn);

View File

@ -33,7 +33,7 @@
#include "spnego/spnego_locl.h" #include "spnego/spnego_locl.h"
RCSID("$Id: accept_sec_context.c 21243 2007-06-20 15:16:22Z lha $"); RCSID("$Id: accept_sec_context.c 21461 2007-07-10 14:01:13Z lha $");
static OM_uint32 static OM_uint32
send_reject (OM_uint32 *minor_status, send_reject (OM_uint32 *minor_status,
@ -555,24 +555,17 @@ acceptor_start
int get_mic = 0; int get_mic = 0;
int first_ok = 0; int first_ok = 0;
if (src_name)
*src_name = GSS_C_NO_NAME;
mech_output_token.value = NULL; mech_output_token.value = NULL;
mech_output_token.length = 0; mech_output_token.length = 0;
mech_buf.value = NULL; mech_buf.value = NULL;
if (*context_handle == GSS_C_NO_CONTEXT) { if (input_token_buffer->length == 0)
ret = _gss_spnego_alloc_sec_context(minor_status, return send_supported_mechs (minor_status, output_token);
context_handle);
ret = _gss_spnego_alloc_sec_context(minor_status, context_handle);
if (ret != GSS_S_COMPLETE) if (ret != GSS_S_COMPLETE)
return ret; return ret;
if (input_token_buffer->length == 0) {
return send_supported_mechs (minor_status, output_token);
}
}
ctx = (gssspnego_ctx)*context_handle; ctx = (gssspnego_ctx)*context_handle;
/* /*

View File

@ -1,4 +1,4 @@
-- $Id: spnego.asn1 19420 2006-12-18 18:28:49Z lha $ -- $Id: spnego.asn1 21403 2007-07-04 08:13:12Z lha $
SPNEGO DEFINITIONS ::= SPNEGO DEFINITIONS ::=
BEGIN BEGIN
@ -27,15 +27,15 @@ NegTokenInitWin ::= SEQUENCE {
reqFlags [1] ContextFlags OPTIONAL, reqFlags [1] ContextFlags OPTIONAL,
mechToken [2] OCTET STRING OPTIONAL, mechToken [2] OCTET STRING OPTIONAL,
negHints [3] NegHints OPTIONAL negHints [3] NegHints OPTIONAL
} }
NegTokenInit ::= SEQUENCE { NegTokenInit ::= SEQUENCE {
mechTypes [0] MechTypeList, mechTypes [0] MechTypeList,
reqFlags [1] ContextFlags OPTIONAL, reqFlags [1] ContextFlags OPTIONAL,
mechToken [2] OCTET STRING OPTIONAL, mechToken [2] OCTET STRING OPTIONAL,
mechListMIC [3] OCTET STRING OPTIONAL mechListMIC [3] OCTET STRING OPTIONAL,
} ...
}
-- NB: negResult is not OPTIONAL in the new SPNEGO spec but -- NB: negResult is not OPTIONAL in the new SPNEGO spec but
-- Windows clients do not always send it -- Windows clients do not always send it
@ -47,7 +47,8 @@ NegTokenResp ::= SEQUENCE {
request-mic (3) } OPTIONAL, request-mic (3) } OPTIONAL,
supportedMech [1] MechType OPTIONAL, supportedMech [1] MechType OPTIONAL,
responseToken [2] OCTET STRING OPTIONAL, responseToken [2] OCTET STRING OPTIONAL,
mechListMIC [3] OCTET STRING OPTIONAL mechListMIC [3] OCTET STRING OPTIONAL,
...
} }
NegotiationToken ::= CHOICE { NegotiationToken ::= CHOICE {

View File

@ -52,8 +52,10 @@ HMAC_Init_ex(HMAC_CTX *ctx,
if (ctx->md != md) { if (ctx->md != md) {
ctx->md = md; ctx->md = md;
if (ctx->buf) if (ctx->buf) {
memset(ctx->buf, 0, ctx->key_length);
free (ctx->buf); free (ctx->buf);
}
ctx->key_length = EVP_MD_size(ctx->md); ctx->key_length = EVP_MD_size(ctx->md);
ctx->buf = malloc(ctx->key_length); ctx->buf = malloc(ctx->key_length);
} }
@ -67,10 +69,14 @@ HMAC_Init_ex(HMAC_CTX *ctx,
keylen = EVP_MD_size(ctx->md); keylen = EVP_MD_size(ctx->md);
} }
if (ctx->opad) if (ctx->opad) {
memset(ctx->opad, 0, ctx->key_length);
free(ctx->opad); free(ctx->opad);
if (ctx->ipad) }
if (ctx->ipad) {
memset(ctx->ipad, 0, ctx->key_length);
free(ctx->ipad); free(ctx->ipad);
}
ctx->opad = malloc(EVP_MD_block_size(ctx->md)); ctx->opad = malloc(EVP_MD_block_size(ctx->md));
ctx->ipad = malloc(EVP_MD_block_size(ctx->md)); ctx->ipad = malloc(EVP_MD_block_size(ctx->md));

View File

@ -33,7 +33,7 @@
#include "hx_locl.h" #include "hx_locl.h"
#include <pkinit_asn1.h> #include <pkinit_asn1.h>
RCSID("$Id: ca.c 20904 2007-06-05 01:58:45Z lha $"); RCSID("$Id: ca.c 21379 2007-06-28 07:38:17Z lha $");
struct hx509_ca_tbs { struct hx509_ca_tbs {
hx509_name subject; hx509_name subject;
@ -1002,7 +1002,7 @@ ca_sign(hx509_context context,
if (size != data.length) if (size != data.length)
_hx509_abort("internal ASN.1 encoder error"); _hx509_abort("internal ASN.1 encoder error");
ret = add_extension(context, tbsc, 0, ret = add_extension(context, tbsc, 0,
oid_id_pe_proxyCertInfo(), oid_id_pkix_pe_proxyCertInfo(),
&data); &data);
free(data.data); free(data.data);
if (ret) if (ret)

View File

@ -32,7 +32,7 @@
*/ */
#include "hx_locl.h" #include "hx_locl.h"
RCSID("$Id: cert.c 21294 2007-06-25 14:37:15Z lha $"); RCSID("$Id: cert.c 21380 2007-06-28 07:38:38Z lha $");
#include "crypto-headers.h" #include "crypto-headers.h"
#include <rtbl.h> #include <rtbl.h>
@ -898,7 +898,7 @@ is_proxy_cert(hx509_context context,
if (rinfo) if (rinfo)
memset(rinfo, 0, sizeof(*rinfo)); memset(rinfo, 0, sizeof(*rinfo));
e = find_extension(cert, oid_id_pe_proxyCertInfo(), &i); e = find_extension(cert, oid_id_pkix_pe_proxyCertInfo(), &i);
if (e == NULL) { if (e == NULL) {
hx509_clear_error_string(context); hx509_clear_error_string(context);
return HX509_EXTENSION_NOT_FOUND; return HX509_EXTENSION_NOT_FOUND;

View File

@ -314,14 +314,6 @@ _hx509_pbe_decrypt (
const heim_octet_string */*econtent*/, const heim_octet_string */*econtent*/,
heim_octet_string */*content*/); heim_octet_string */*content*/);
int
_hx509_pbe_encrypt (
hx509_context /*context*/,
hx509_lock /*lock*/,
const AlgorithmIdentifier */*ai*/,
const heim_octet_string */*content*/,
heim_octet_string */*econtent*/);
void void
_hx509_pi_printf ( _hx509_pi_printf (
int (*/*func*/)(void *, const char *), int (*/*func*/)(void *, const char *),
@ -422,35 +414,11 @@ _hx509_request_add_email (
void void
_hx509_request_free (hx509_request */*req*/); _hx509_request_free (hx509_request */*req*/);
int
_hx509_request_get_SubjectPublicKeyInfo (
hx509_context /*context*/,
hx509_request /*req*/,
SubjectPublicKeyInfo */*key*/);
int
_hx509_request_get_name (
hx509_context /*context*/,
hx509_request /*req*/,
hx509_name */*name*/);
int int
_hx509_request_init ( _hx509_request_init (
hx509_context /*context*/, hx509_context /*context*/,
hx509_request */*req*/); hx509_request */*req*/);
int
_hx509_request_parse (
hx509_context /*context*/,
const char */*path*/,
hx509_request */*req*/);
int
_hx509_request_print (
hx509_context /*context*/,
hx509_request /*req*/,
FILE */*f*/);
int int
_hx509_request_set_SubjectPublicKeyInfo ( _hx509_request_set_SubjectPublicKeyInfo (
hx509_context /*context*/, hx509_context /*context*/,

View File

@ -32,7 +32,7 @@
*/ */
#include "hx_locl.h" #include "hx_locl.h"
RCSID("$Id: ks_p11.c 21085 2007-06-13 06:39:53Z lha $"); RCSID("$Id: ks_p11.c 21387 2007-06-28 08:53:45Z lha $");
#ifdef HAVE_DLFCN_H #ifdef HAVE_DLFCN_H
#include <dlfcn.h> #include <dlfcn.h>
#endif #endif
@ -1129,8 +1129,17 @@ p11_printinfo(hx509_context context,
MECHNAME(CKM_RSA_X_509, "rsa-x-509"); MECHNAME(CKM_RSA_X_509, "rsa-x-509");
MECHNAME(CKM_MD5_RSA_PKCS, "md5-rsa-pkcs"); MECHNAME(CKM_MD5_RSA_PKCS, "md5-rsa-pkcs");
MECHNAME(CKM_SHA1_RSA_PKCS, "sha1-rsa-pkcs"); MECHNAME(CKM_SHA1_RSA_PKCS, "sha1-rsa-pkcs");
MECHNAME(CKM_SHA256_RSA_PKCS, "sha256-rsa-pkcs");
MECHNAME(CKM_SHA384_RSA_PKCS, "sha384-rsa-pkcs");
MECHNAME(CKM_SHA512_RSA_PKCS, "sha512-rsa-pkcs");
MECHNAME(CKM_RIPEMD160_RSA_PKCS, "ripemd160-rsa-pkcs"); MECHNAME(CKM_RIPEMD160_RSA_PKCS, "ripemd160-rsa-pkcs");
MECHNAME(CKM_RSA_PKCS_OAEP, "rsa-pkcs-oaep"); MECHNAME(CKM_RSA_PKCS_OAEP, "rsa-pkcs-oaep");
MECHNAME(CKM_SHA512_HMAC, "sha512-hmac");
MECHNAME(CKM_SHA512, "sha512");
MECHNAME(CKM_SHA384_HMAC, "sha384-hmac");
MECHNAME(CKM_SHA384, "sha384");
MECHNAME(CKM_SHA256_HMAC, "sha256-hmac");
MECHNAME(CKM_SHA256, "sha256");
MECHNAME(CKM_SHA_1, "sha1"); MECHNAME(CKM_SHA_1, "sha1");
MECHNAME(CKM_MD5, "md5"); MECHNAME(CKM_MD5, "md5");
MECHNAME(CKM_MD2, "md2"); MECHNAME(CKM_MD2, "md2");

View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2006 Kungliga Tekniska Högskolan * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@ -32,7 +32,7 @@
*/ */
#include "hx_locl.h" #include "hx_locl.h"
RCSID("$Id: peer.c 20938 2007-06-06 20:51:34Z lha $"); RCSID("$Id: peer.c 21481 2007-07-10 16:33:23Z lha $");
int int
hx509_peer_info_alloc(hx509_context context, hx509_peer_info *peer) hx509_peer_info_alloc(hx509_context context, hx509_peer_info *peer)

View File

@ -32,7 +32,7 @@
*/ */
#include "hx_locl.h" #include "hx_locl.h"
RCSID("$Id: print.c 20908 2007-06-05 02:59:33Z lha $"); RCSID("$Id: print.c 21381 2007-06-28 08:29:22Z lha $");
struct hx509_validate_ctx_data { struct hx509_validate_ctx_data {
@ -591,11 +591,50 @@ check_proxyCertInfo(hx509_validate_ctx ctx,
enum critical_flag cf, enum critical_flag cf,
const Extension *e) const Extension *e)
{ {
check_Null(ctx, status, cf, e);
status->isproxy = 1; status->isproxy = 1;
return 0;
}
static int
check_authorityInfoAccess(hx509_validate_ctx ctx,
struct cert_status *status,
enum critical_flag cf,
const Extension *e)
{
AuthorityInfoAccessSyntax aia;
size_t size;
int ret, i;
check_Null(ctx, status, cf, e);
ret = decode_AuthorityInfoAccessSyntax(e->extnValue.data,
e->extnValue.length,
&aia, &size);
if (ret) {
printf("\tret = %d while decoding AuthorityInfoAccessSyntax\n", ret);
return 0;
}
for (i = 0; i < aia.len; i++) {
char *str;
validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
"\ttype: ");
hx509_oid_print(&aia.val[i].accessMethod, validate_vprint, ctx);
hx509_general_name_unparse(&aia.val[i].accessLocation, &str);
validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
"\n\tdirname: %s\n", str);
free(str);
}
free_AuthorityInfoAccessSyntax(&aia);
return 0; return 0;
} }
/*
*
*/
struct { struct {
const char *name; const char *name;
const heim_oid *(*oid)(void); const heim_oid *(*oid)(void);
@ -628,8 +667,11 @@ struct {
{ ext(extKeyUsage, Null), D_C }, { ext(extKeyUsage, Null), D_C },
{ ext(freshestCRL, Null), M_N_C }, { ext(freshestCRL, Null), M_N_C },
{ ext(inhibitAnyPolicy, Null), M_C }, { ext(inhibitAnyPolicy, Null), M_C },
{ "proxyCertInfo", oid_id_pe_proxyCertInfo, #undef ext
check_proxyCertInfo, M_C }, #define ext(name, checkname) #name, &oid_id_pkix_pe_##name, check_##checkname
{ ext(proxyCertInfo, proxyCertInfo), M_C },
{ ext(authorityInfoAccess, authorityInfoAccess), M_C },
#undef ext
{ "US Fed PKI - PIV Interim", oid_id_uspkicommon_piv_interim, { "US Fed PKI - PIV Interim", oid_id_uspkicommon_piv_interim,
check_Null, D_C }, check_Null, D_C },
{ "Netscape cert comment", oid_id_netscape_cert_comment, { "Netscape cert comment", oid_id_netscape_cert_comment,

View File

@ -33,7 +33,7 @@
#include "krb5_locl.h" #include "krb5_locl.h"
RCSID("$Id: cache.c 20503 2007-04-21 22:03:56Z lha $"); RCSID("$Id: cache.c 21498 2007-07-11 09:41:43Z lha $");
/* /*
* Add a new ccache type with operations `ops', overwriting any * Add a new ccache type with operations `ops', overwriting any
@ -338,6 +338,35 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
return 0; return 0;
} }
/*
* Return non-zero if envirnoment that will determine default krb5cc
* name has changed.
*/
static int
environment_changed(krb5_context context)
{
const char *e;
if(issuid())
return 0;
e = getenv("KRB5CCNAME");
if (e == NULL) {
if (context->default_cc_name_env) {
free(context->default_cc_name_env);
context->default_cc_name_env = NULL;
return 1;
}
} else {
if (context->default_cc_name_env == NULL)
return 1;
if (strcmp(e, context->default_cc_name_env) != 0)
return 1;
}
return 0;
}
/* /*
* Set the default cc name for `context' to `name'. * Set the default cc name for `context' to `name'.
*/ */
@ -353,8 +382,12 @@ krb5_cc_set_default_name(krb5_context context, const char *name)
if(!issuid()) { if(!issuid()) {
e = getenv("KRB5CCNAME"); e = getenv("KRB5CCNAME");
if (e) if (e) {
p = strdup(e); p = strdup(e);
if (context->default_cc_name_env)
free(context->default_cc_name_env);
context->default_cc_name_env = strdup(e);
}
} }
if (e == NULL) { if (e == NULL) {
e = krb5_config_get_string(context, NULL, "libdefaults", e = krb5_config_get_string(context, NULL, "libdefaults",
@ -389,7 +422,7 @@ krb5_cc_set_default_name(krb5_context context, const char *name)
const char* KRB5_LIB_FUNCTION const char* KRB5_LIB_FUNCTION
krb5_cc_default_name(krb5_context context) krb5_cc_default_name(krb5_context context)
{ {
if (context->default_cc_name == NULL) if (context->default_cc_name == NULL || environment_changed(context))
krb5_cc_set_default_name(context, NULL); krb5_cc_set_default_name(context, NULL);
return context->default_cc_name; return context->default_cc_name;

View File

@ -33,7 +33,7 @@
#include <krb5_locl.h> #include <krb5_locl.h>
RCSID("$Id: changepw.c 17442 2006-05-05 09:31:15Z lha $"); RCSID("$Id: changepw.c 21505 2007-07-12 12:28:38Z lha $");
static void static void
str2data (krb5_data *d, str2data (krb5_data *d,
@ -46,10 +46,12 @@ str2data (krb5_data *d,
...) ...)
{ {
va_list args; va_list args;
char *str;
va_start(args, fmt); va_start(args, fmt);
d->length = vasprintf ((char **)&d->data, fmt, args); d->length = vasprintf (&str, fmt, args);
va_end(args); va_end(args);
d->data = str;
} }
/* /*

View File

@ -33,7 +33,7 @@
#include <krb5_locl.h> #include <krb5_locl.h>
RCSID("$Id: get_cred.c 21327 2007-06-26 10:54:15Z lha $"); RCSID("$Id: get_cred.c 21669 2007-07-22 11:29:13Z lha $");
/* /*
* Take the `body' and encode it into `padata' using the credentials * Take the `body' and encode it into `padata' using the credentials
@ -1224,9 +1224,10 @@ krb5_get_renewed_creds(krb5_context context,
{ {
krb5_error_code ret; krb5_error_code ret;
krb5_kdc_flags flags; krb5_kdc_flags flags;
krb5_creds in, *template; krb5_creds in, *template, *out = NULL;
memset(&in, 0, sizeof(in)); memset(&in, 0, sizeof(in));
memset(creds, 0, sizeof(*creds));
ret = krb5_copy_principal(context, client, &in.client); ret = krb5_copy_principal(context, client, &in.client);
if (ret) if (ret)
@ -1263,9 +1264,14 @@ krb5_get_renewed_creds(krb5_context context,
krb5_free_creds (context, template); krb5_free_creds (context, template);
} }
ret = krb5_get_kdc_cred(context, ccache, flags, NULL, NULL, &in, &creds); ret = krb5_get_kdc_cred(context, ccache, flags, NULL, NULL, &in, &out);
krb5_free_principal(context, in.client); krb5_free_principal(context, in.client);
krb5_free_principal(context, in.server); krb5_free_principal(context, in.server);
if (ret)
return ret;
ret = krb5_copy_creds_contents(context, out, creds);
krb5_free_creds(context, out);
return ret; return ret;
} }

View File

@ -33,7 +33,7 @@
#include "krb5_locl.h" #include "krb5_locl.h"
RCSID("$Id: init_creds.c 20541 2007-04-23 12:19:14Z lha $"); RCSID("$Id: init_creds.c 21712 2007-07-27 14:23:41Z lha $");
void KRB5_LIB_FUNCTION void KRB5_LIB_FUNCTION
krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt) krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt)
@ -225,9 +225,8 @@ krb5_get_init_creds_opt_set_default_flags(krb5_context context,
krb5_get_init_creds_opt_set_renew_life(opt, t); krb5_get_init_creds_opt_set_renew_life(opt, t);
krb5_appdefault_boolean(context, appname, realm, "no-addresses", krb5_appdefault_boolean(context, appname, realm, "no-addresses",
FALSE, &b); KRB5_ADDRESSLESS_DEFAULT, &b);
if (b) krb5_get_init_creds_opt_set_addressless (context, opt, b);
krb5_get_init_creds_opt_set_addressless (context, opt, TRUE);
#if 0 #if 0
krb5_appdefault_boolean(context, appname, realm, "anonymous", FALSE, &b); krb5_appdefault_boolean(context, appname, realm, "anonymous", FALSE, &b);

View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@ -33,7 +33,7 @@
#include "krb5_locl.h" #include "krb5_locl.h"
RCSID("$Id: init_creds_pw.c 21061 2007-06-12 17:56:30Z lha $"); RCSID("$Id: init_creds_pw.c 21428 2007-07-10 12:31:58Z lha $");
typedef struct krb5_get_init_creds_ctx { typedef struct krb5_get_init_creds_ctx {
KDCOptions flags; KDCOptions flags;

View File

@ -383,7 +383,7 @@ _krb5_pk_verify_sign (
krb5_error_code krb5_error_code
_krb5_plugin_find ( _krb5_plugin_find (
krb5_context /*context*/, krb5_context /*context*/,
enum plugin_type /*type*/, enum krb5_plugin_type /*type*/,
const char */*name*/, const char */*name*/,
struct krb5_plugin **/*list*/); struct krb5_plugin **/*list*/);
@ -399,7 +399,7 @@ _krb5_plugin_get_symbol (struct krb5_plugin */*p*/);
krb5_error_code krb5_error_code
_krb5_plugin_register ( _krb5_plugin_register (
krb5_context /*context*/, krb5_context /*context*/,
enum plugin_type /*type*/, enum krb5_plugin_type /*type*/,
const char */*name*/, const char */*name*/,
void */*symbol*/); void */*symbol*/);

View File

@ -2243,14 +2243,6 @@ krb5_get_pw_salt (
krb5_const_principal /*principal*/, krb5_const_principal /*principal*/,
krb5_salt */*salt*/); krb5_salt */*salt*/);
krb5_error_code KRB5_LIB_FUNCTION
krb5_get_renewed_creds (
krb5_context /*context*/,
krb5_creds */*creds*/,
krb5_const_principal /*client*/,
krb5_ccache /*ccache*/,
const char */*in_tkt_service*/);
krb5_error_code KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_FUNCTION
krb5_get_server_rcache ( krb5_get_server_rcache (
krb5_context /*context*/, krb5_context /*context*/,

View File

@ -31,11 +31,13 @@
* SUCH DAMAGE. * SUCH DAMAGE.
*/ */
/* $Id: krb5-v4compat.h 17442 2006-05-05 09:31:15Z lha $ */ /* $Id: krb5-v4compat.h 21575 2007-07-16 07:44:54Z lha $ */
#ifndef __KRB5_V4COMPAT_H__ #ifndef __KRB5_V4COMPAT_H__
#define __KRB5_V4COMPAT_H__ #define __KRB5_V4COMPAT_H__
#include "krb_err.h"
/* /*
* This file must only be included with v4 compat glue stuff in * This file must only be included with v4 compat glue stuff in
* heimdal sources. * heimdal sources.
@ -57,56 +59,10 @@
#define AUTH_MSG_KDC_RENEW (10<<1) #define AUTH_MSG_KDC_RENEW (10<<1)
#define AUTH_MSG_DIE (63<<1) #define AUTH_MSG_DIE (63<<1)
/* values for kerb error codes */
#define KERB_ERR_OK 0
#define KERB_ERR_NAME_EXP 1
#define KERB_ERR_SERVICE_EXP 2
#define KERB_ERR_AUTH_EXP 3
#define KERB_ERR_PKT_VER 4
#define KERB_ERR_NAME_MAST_KEY_VER 5
#define KERB_ERR_SERV_MAST_KEY_VER 6
#define KERB_ERR_BYTE_ORDER 7
#define KERB_ERR_PRINCIPAL_UNKNOWN 8
#define KERB_ERR_PRINCIPAL_NOT_UNIQUE 9
#define KERB_ERR_NULL_KEY 10
#define KERB_ERR_TIMEOUT 11
/* Error codes returned from the KDC */
#define KDC_OK 0 /* Request OK */
#define KDC_NAME_EXP 1 /* Principal expired */
#define KDC_SERVICE_EXP 2 /* Service expired */
#define KDC_AUTH_EXP 3 /* Auth expired */
#define KDC_PKT_VER 4 /* Protocol version unknown */
#define KDC_P_MKEY_VER 5 /* Wrong master key version */
#define KDC_S_MKEY_VER 6 /* Wrong master key version */
#define KDC_BYTE_ORDER 7 /* Byte order unknown */
#define KDC_PR_UNKNOWN 8 /* Principal unknown */
#define KDC_PR_N_UNIQUE 9 /* Principal not unique */
#define KDC_NULL_KEY 10 /* Principal has null key */
#define KDC_GEN_ERR 20 /* Generic error from KDC */
/* General definitions */ /* General definitions */
#define KSUCCESS 0 #define KSUCCESS 0
#define KFAILURE 255 #define KFAILURE 255
/* Values returned by rd_ap_req */
#define RD_AP_OK 0 /* Request authentic */
#define RD_AP_UNDEC 31 /* Can't decode authenticator */
#define RD_AP_EXP 32 /* Ticket expired */
#define RD_AP_NYV 33 /* Ticket not yet valid */
#define RD_AP_REPEAT 34 /* Repeated request */
#define RD_AP_NOT_US 35 /* The ticket isn't for us */
#define RD_AP_INCON 36 /* Request is inconsistent */
#define RD_AP_TIME 37 /* delta_t too big */
#define RD_AP_BADD 38 /* Incorrect net address */
#define RD_AP_VERSION 39 /* protocol version mismatch */
#define RD_AP_MSG_TYPE 40 /* invalid msg type */
#define RD_AP_MODIFIED 41 /* message stream modified */
#define RD_AP_ORDER 42 /* message out of order */
#define RD_AP_UNAUTHOR 43 /* unauthorized request */
/* */ /* */
#define MAX_KTXT_LEN 1250 #define MAX_KTXT_LEN 1250

View File

@ -31,7 +31,7 @@
* SUCH DAMAGE. * SUCH DAMAGE.
*/ */
/* $Id: krb5.h 21252 2007-06-21 04:18:28Z lha $ */ /* $Id: krb5.h 21551 2007-07-15 09:03:39Z lha $ */
#ifndef __KRB5_H__ #ifndef __KRB5_H__
#define __KRB5_H__ #define __KRB5_H__
@ -436,11 +436,6 @@ typedef struct krb5_config_binding krb5_config_binding;
typedef krb5_config_binding krb5_config_section; typedef krb5_config_binding krb5_config_section;
enum {
KRB5_PKINIT_WIN2K = 1, /* wire compatible with Windows 2k */
KRB5_PKINIT_PACKET_CABLE = 2 /* use packet cable standard */
};
typedef struct krb5_ticket { typedef struct krb5_ticket {
EncTicketPart ticket; EncTicketPart ticket;
krb5_principal client; krb5_principal client;
@ -766,6 +761,12 @@ typedef struct krb5_sendto_ctx *krb5_sendto_ctx;
typedef krb5_error_code (*krb5_sendto_ctx_func)(krb5_context, krb5_sendto_ctx, void *, const krb5_data *, int *); typedef krb5_error_code (*krb5_sendto_ctx_func)(krb5_context, krb5_sendto_ctx, void *, const krb5_data *, int *);
struct krb5_plugin;
enum krb5_plugin_type {
PLUGIN_TYPE_DATA = 1,
PLUGIN_TYPE_FUNC
};
struct credentials; /* this is to keep the compiler happy */ struct credentials; /* this is to keep the compiler happy */
struct getargs; struct getargs;
struct sockaddr; struct sockaddr;

View File

@ -31,7 +31,7 @@
* SUCH DAMAGE. * SUCH DAMAGE.
*/ */
/* $Id: krb5_locl.h 20261 2007-02-18 00:32:22Z lha $ */ /* $Id: krb5_locl.h 21552 2007-07-15 09:04:00Z lha $ */
#ifndef __KRB5_LOCL_H__ #ifndef __KRB5_LOCL_H__
#define __KRB5_LOCL_H__ #define __KRB5_LOCL_H__
@ -148,12 +148,6 @@ struct krb5_dh_moduli;
/* v4 glue */ /* v4 glue */
struct _krb5_krb_auth_data; struct _krb5_krb_auth_data;
struct krb5_plugin;
enum plugin_type {
PLUGIN_TYPE_DATA = 1,
PLUGIN_TYPE_FUNC
};
#include <der.h> #include <der.h>
#include <krb5.h> #include <krb5.h>
@ -236,7 +230,7 @@ typedef struct krb5_context_data {
char error_buf[256]; char error_buf[256];
krb5_addresses *ignore_addresses; krb5_addresses *ignore_addresses;
char *default_cc_name; char *default_cc_name;
int pkinit_flags; char *default_cc_name_env;
void *mutex; /* protects error_string/error_buf */ void *mutex; /* protects error_string/error_buf */
int large_msg_size; int large_msg_size;
int dns_canonicalize_hostname; int dns_canonicalize_hostname;

View File

@ -0,0 +1,63 @@
#
# Error messages for the krb4 library
#
# This might look like a com_err file, but is not
#
id "$Id: krb_err.et,v 1.7 1998/03/29 14:19:52 bg Exp $"
error_table krb
prefix KRB4ET
ec KSUCCESS, "Kerberos 4 successful"
ec KDC_NAME_EXP, "Kerberos 4 principal expired"
ec KDC_SERVICE_EXP, "Kerberos 4 service expired"
ec KDC_AUTH_EXP, "Kerberos 4 auth expired"
ec KDC_PKT_VER, "Incorrect Kerberos 4 master key version"
ec KDC_P_MKEY_VER, "Incorrect Kerberos 4 master key version"
ec KDC_S_MKEY_VER, "Incorrect Kerberos 4 master key version"
ec KDC_BYTE_ORDER, "Kerberos 4 byte order unknown"
ec KDC_PR_UNKNOWN, "Kerberos 4 principal unknown"
ec KDC_PR_N_UNIQUE, "Kerberos 4 principal not unique"
ec KDC_NULL_KEY, "Kerberos 4 principal has null key"
index 20
ec KDC_GEN_ERR, "Generic error from KDC (Kerberos 4)"
ec GC_TKFIL, "Can't read Kerberos 4 ticket file"
ec GC_NOTKT, "Can't find Kerberos 4 ticket or TGT"
index 26
ec MK_AP_TGTEXP, "Kerberos 4 TGT Expired"
index 31
ec RD_AP_UNDEC, "Kerberos 4: Can't decode authenticator"
ec RD_AP_EXP, "Kerberos 4 ticket expired"
ec RD_AP_NYV, "Kerberos 4 ticket not yet valid"
ec RD_AP_REPEAT, "Kerberos 4: Repeated request"
ec RD_AP_NOT_US, "The Kerberos 4 ticket isn't for us"
ec RD_AP_INCON, "Kerberos 4 request inconsistent"
ec RD_AP_TIME, "Kerberos 4: delta_t too big"
ec RD_AP_BADD, "Kerberos 4: incorrect net address"
ec RD_AP_VERSION, "Kerberos protocol not version 4"
ec RD_AP_MSG_TYPE, "Kerberos 4: invalid msg type"
ec RD_AP_MODIFIED, "Kerberos 4: message stream modified"
ec RD_AP_ORDER, "Kerberos 4: message out of order"
ec RD_AP_UNAUTHOR, "Kerberos 4: unauthorized request"
index 51
ec GT_PW_NULL, "Kerberos 4: current PW is null"
ec GT_PW_BADPW, "Kerberos 4: Incorrect current password"
ec GT_PW_PROT, "Kerberos 4 protocol error"
ec GT_PW_KDCERR, "Error returned by KDC (Kerberos 4)"
ec GT_PW_NULLTKT, "Null Kerberos 4 ticket returned by KDC"
ec SKDC_RETRY, "Kerberos 4: Retry count exceeded"
ec SKDC_CANT, "Kerberos 4: Can't send request"
index 61
ec INTK_W_NOTALL, "Kerberos 4: not all tickets returned"
ec INTK_BADPW, "Kerberos 4: incorrect password"
ec INTK_PROT, "Kerberos 4: Protocol Error"
index 70
ec INTK_ERR, "Other error in Kerberos 4"
ec AD_NOTGT, "Don't have Kerberos 4 ticket-granting ticket"
index 76
ec NO_TKT_FIL, "No Kerberos 4 ticket file found"
ec TKT_FIL_ACC, "Couldn't access Kerberos 4 ticket file"
ec TKT_FIL_LCK, "Couldn't lock Kerberos 4 ticket file"
ec TKT_FIL_FMT, "Bad Kerberos 4 ticket file format"
ec TKT_FIL_INI, "Kerberos 4: tf_init not called first"
ec KNAME_FMT, "Bad Kerberos 4 name format"

View File

@ -35,7 +35,7 @@
#include <resolve.h> #include <resolve.h>
#include "locate_plugin.h" #include "locate_plugin.h"
RCSID("$Id: krbhst.c 21131 2007-06-18 20:48:09Z lha $"); RCSID("$Id: krbhst.c 21457 2007-07-10 12:53:25Z lha $");
static int static int
string_to_proto(const char *string) string_to_proto(const char *string)
@ -919,8 +919,10 @@ gethostlist(krb5_context context, const char *realm,
while(krb5_krbhst_next(context, handle, &hostinfo) == 0) while(krb5_krbhst_next(context, handle, &hostinfo) == 0)
nhost++; nhost++;
if(nhost == 0) if(nhost == 0) {
krb5_set_error_string(context, "No KDC found for realm %s", realm);
return KRB5_KDC_UNREACH; return KRB5_KDC_UNREACH;
}
*hostlist = calloc(nhost + 1, sizeof(**hostlist)); *hostlist = calloc(nhost + 1, sizeof(**hostlist));
if(*hostlist == NULL) { if(*hostlist == NULL) {
krb5_krbhst_free(context, handle); krb5_krbhst_free(context, handle);

View File

@ -33,7 +33,7 @@
#include "krb5_locl.h" #include "krb5_locl.h"
RCSID("$Id: pkinit.c 21321 2007-06-26 05:21:56Z lha $"); RCSID("$Id: pkinit.c 21684 2007-07-23 23:09:10Z lha $");
struct krb5_dh_moduli { struct krb5_dh_moduli {
char *name; char *name;
@ -645,8 +645,6 @@ _krb5_pk_mk_padata(krb5_context context,
req_body->realm, req_body->realm,
"pkinit_win2k", "pkinit_win2k",
NULL); NULL);
if (context->pkinit_flags & KRB5_PKINIT_WIN2K)
win2k_compat = 1;
if (win2k_compat) { if (win2k_compat) {
ctx->require_binding = ctx->require_binding =
@ -1721,7 +1719,7 @@ _krb5_free_moduli(struct krb5_dh_moduli **moduli)
free(moduli); free(moduli);
} }
static const char *default_moduli = static const char *default_moduli_RFC2412_MODP_group2 =
/* name */ /* name */
"RFC2412-MODP-group2 " "RFC2412-MODP-group2 "
/* bits */ /* bits */
@ -1743,6 +1741,37 @@ static const char *default_moduli =
"F71C35FD" "AD44CFD2" "D74F9208" "BE258FF3" "24943328" "F67329C0" "F71C35FD" "AD44CFD2" "D74F9208" "BE258FF3" "24943328" "F67329C0"
"FFFFFFFF" "FFFFFFFF"; "FFFFFFFF" "FFFFFFFF";
static const char *default_moduli_rfc3526_MODP_group14 =
/* name */
"rfc3526-MODP-group14 "
/* bits */
"1760 "
/* p */
"FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
"29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD"
"EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245"
"E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED"
"EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE45B3D"
"C2007CB8" "A163BF05" "98DA4836" "1C55D39A" "69163FA8" "FD24CF5F"
"83655D23" "DCA3AD96" "1C62F356" "208552BB" "9ED52907" "7096966D"
"670C354E" "4ABC9804" "F1746C08" "CA18217C" "32905E46" "2E36CE3B"
"E39E772C" "180E8603" "9B2783A2" "EC07A28F" "B5C55DF0" "6F4C52C9"
"DE2BCBF6" "95581718" "3995497C" "EA956AE5" "15D22618" "98FA0510"
"15728E5A" "8AACAA68" "FFFFFFFF" "FFFFFFFF "
/* g */
"02 "
/* q */
"7FFFFFFF" "FFFFFFFF" "E487ED51" "10B4611A" "62633145" "C06E0E68"
"94812704" "4533E63A" "0105DF53" "1D89CD91" "28A5043C" "C71A026E"
"F7CA8CD9" "E69D218D" "98158536" "F92F8A1B" "A7F09AB6" "B6A8E122"
"F242DABB" "312F3F63" "7A262174" "D31BF6B5" "85FFAE5B" "7A035BF6"
"F71C35FD" "AD44CFD2" "D74F9208" "BE258FF3" "24943328" "F6722D9E"
"E1003E5C" "50B1DF82" "CC6D241B" "0E2AE9CD" "348B1FD4" "7E9267AF"
"C1B2AE91" "EE51D6CB" "0E3179AB" "1042A95D" "CF6A9483" "B84B4B36"
"B3861AA7" "255E4C02" "78BA3604" "650C10BE" "19482F23" "171B671D"
"F1CF3B96" "0C074301" "CD93C1D1" "7603D147" "DAE2AEF8" "37A62964"
"EF15E5FB" "4AAC0B8C" "1CCAA4BE" "754AB572" "8AE9130C" "4C7D0288"
"0AB9472D" "45565534" "7FFFFFFF" "FFFFFFFF";
krb5_error_code krb5_error_code
_krb5_parse_moduli(krb5_context context, const char *file, _krb5_parse_moduli(krb5_context context, const char *file,
@ -1757,19 +1786,28 @@ _krb5_parse_moduli(krb5_context context, const char *file,
*moduli = NULL; *moduli = NULL;
m = calloc(1, sizeof(m[0]) * 2); m = calloc(1, sizeof(m[0]) * 3);
if (m == NULL) { if (m == NULL) {
krb5_set_error_string(context, "malloc: out of memory"); krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
strlcpy(buf, default_moduli, sizeof(buf)); strlcpy(buf, default_moduli_rfc3526_MODP_group14, sizeof(buf));
ret = _krb5_parse_moduli_line(context, "builtin", 1, buf, &m[0]); ret = _krb5_parse_moduli_line(context, "builtin", 1, buf, &m[0]);
if (ret) { if (ret) {
_krb5_free_moduli(m); _krb5_free_moduli(m);
return ret; return ret;
} }
n = 1; n++;
strlcpy(buf, default_moduli_RFC2412_MODP_group2, sizeof(buf));
ret = _krb5_parse_moduli_line(context, "builtin", 1, buf, &m[1]);
if (ret) {
_krb5_free_moduli(m);
return ret;
}
n++;
if (file == NULL) if (file == NULL)
file = MODULI_FILE; file = MODULI_FILE;

View File

@ -32,7 +32,7 @@
*/ */
#include "krb5_locl.h" #include "krb5_locl.h"
RCSID("$Id: plugin.c 21134 2007-06-18 21:02:23Z lha $"); RCSID("$Id: plugin.c 21702 2007-07-26 19:13:53Z lha $");
#ifdef HAVE_DLFCN_H #ifdef HAVE_DLFCN_H
#include <dlfcn.h> #include <dlfcn.h>
#endif #endif
@ -45,7 +45,7 @@ struct krb5_plugin {
}; };
struct plugin { struct plugin {
enum plugin_type type; enum krb5_plugin_type type;
void *name; void *name;
void *symbol; void *symbol;
struct plugin *next; struct plugin *next;
@ -76,9 +76,11 @@ _krb5_plugin_get_next(struct krb5_plugin *p)
* *
*/ */
#ifdef HAVE_DLOPEN
static krb5_error_code static krb5_error_code
loadlib(krb5_context context, loadlib(krb5_context context,
enum plugin_type type, enum krb5_plugin_type type,
const char *name, const char *name,
const char *lib, const char *lib,
struct krb5_plugin **e) struct krb5_plugin **e)
@ -113,10 +115,11 @@ loadlib(krb5_context context,
return 0; return 0;
} }
#endif /* HAVE_DLOPEN */
krb5_error_code krb5_error_code
_krb5_plugin_register(krb5_context context, _krb5_plugin_register(krb5_context context,
enum plugin_type type, enum krb5_plugin_type type,
const char *name, const char *name,
void *symbol) void *symbol)
{ {
@ -146,7 +149,7 @@ _krb5_plugin_register(krb5_context context,
krb5_error_code krb5_error_code
_krb5_plugin_find(krb5_context context, _krb5_plugin_find(krb5_context context,
enum plugin_type type, enum krb5_plugin_type type,
const char *name, const char *name,
struct krb5_plugin **list) struct krb5_plugin **list)
{ {
@ -181,6 +184,8 @@ _krb5_plugin_find(krb5_context context,
} }
HEIMDAL_MUTEX_unlock(&plugin_mutex); HEIMDAL_MUTEX_unlock(&plugin_mutex);
#ifdef HAVE_DLOPEN
dirs = krb5_config_get_strings(context, NULL, "libdefaults", dirs = krb5_config_get_strings(context, NULL, "libdefaults",
"plugin_dir", NULL); "plugin_dir", NULL);
if (dirs == NULL) { if (dirs == NULL) {
@ -213,6 +218,7 @@ _krb5_plugin_find(krb5_context context,
} }
if (dirs != sysdirs) if (dirs != sysdirs)
krb5_config_free_strings(dirs); krb5_config_free_strings(dirs);
#endif /* HAVE_DLOPEN */
if (*list == NULL) { if (*list == NULL) {
krb5_set_error_string(context, "Did not find a plugin for %s", name); krb5_set_error_string(context, "Did not find a plugin for %s", name);

View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997-2003 Kungliga Tekniska Högskolan * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@ -33,7 +33,7 @@
#include <krb5_locl.h> #include <krb5_locl.h>
RCSID("$Id: rd_priv.c 17056 2006-04-12 16:18:10Z lha $"); RCSID("$Id: rd_priv.c 21770 2007-08-01 04:04:33Z lha $");
krb5_error_code KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_FUNCTION
krb5_rd_priv(krb5_context context, krb5_rd_priv(krb5_context context,
@ -55,13 +55,17 @@ krb5_rd_priv(krb5_context context,
if ((auth_context->flags & if ((auth_context->flags &
(KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) && (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
outdata == NULL) outdata == NULL) {
krb5_clear_error_string (context);
return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */ return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */
}
memset(&priv, 0, sizeof(priv)); memset(&priv, 0, sizeof(priv));
ret = decode_KRB_PRIV (inbuf->data, inbuf->length, &priv, &len); ret = decode_KRB_PRIV (inbuf->data, inbuf->length, &priv, &len);
if (ret) if (ret) {
krb5_clear_error_string (context);
goto failure; goto failure;
}
if (priv.pvno != 5) { if (priv.pvno != 5) {
krb5_clear_error_string (context); krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_BADVERSION; ret = KRB5KRB_AP_ERR_BADVERSION;
@ -94,8 +98,10 @@ krb5_rd_priv(krb5_context context,
ret = decode_EncKrbPrivPart (plain.data, plain.length, &part, &len); ret = decode_EncKrbPrivPart (plain.data, plain.length, &part, &len);
krb5_data_free (&plain); krb5_data_free (&plain);
if (ret) if (ret) {
krb5_clear_error_string (context);
goto failure; goto failure;
}
/* check sender address */ /* check sender address */

View File

@ -32,7 +32,7 @@
*/ */
#include "krb5_locl.h" #include "krb5_locl.h"
RCSID("$Id: v4_glue.c 17442 2006-05-05 09:31:15Z lha $"); RCSID("$Id: v4_glue.c 21572 2007-07-16 05:13:08Z lha $");
#include "krb5-v4compat.h" #include "krb5-v4compat.h"
@ -351,12 +351,12 @@ storage_to_etext(krb5_context context,
size = krb5_storage_seek(sp, 0, SEEK_END); size = krb5_storage_seek(sp, 0, SEEK_END);
if (size < 0) if (size < 0)
return EINVAL; return KRB4ET_RD_AP_UNDEC;
size = 8 - (size & 7); size = 8 - (size & 7);
ret = krb5_storage_write(sp, eightzeros, size); ret = krb5_storage_write(sp, eightzeros, size);
if (ret != size) if (ret != size)
return EINVAL; return KRB4ET_RD_AP_UNDEC;
ret = krb5_storage_to_data(sp, &data); ret = krb5_storage_to_data(sp, &data);
if (ret) if (ret)
@ -435,7 +435,7 @@ _krb5_krb_create_ticket(krb5_context context,
session->keyvalue.data, session->keyvalue.data,
session->keyvalue.length); session->keyvalue.length);
if (ret != session->keyvalue.length) { if (ret != session->keyvalue.length) {
ret = EINVAL; ret = KRB4ET_INTK_PROT;
goto error; goto error;
} }
@ -487,7 +487,7 @@ _krb5_krb_create_ciph(krb5_context context,
session->keyvalue.data, session->keyvalue.data,
session->keyvalue.length); session->keyvalue.length);
if (ret != session->keyvalue.length) { if (ret != session->keyvalue.length) {
ret = EINVAL; ret = KRB4ET_INTK_PROT;
goto error; goto error;
} }
@ -497,7 +497,7 @@ _krb5_krb_create_ciph(krb5_context context,
RCHECK(ret, krb5_store_int8(sp, ticket->length), error); RCHECK(ret, krb5_store_int8(sp, ticket->length), error);
ret = krb5_storage_write(sp, ticket->data, ticket->length); ret = krb5_storage_write(sp, ticket->data, ticket->length);
if (ret != ticket->length) { if (ret != ticket->length) {
ret = EINVAL; ret = KRB4ET_INTK_PROT;
goto error; goto error;
} }
RCHECK(ret, krb5_store_int32(sp, kdc_time), error); RCHECK(ret, krb5_store_int32(sp, kdc_time), error);
@ -550,7 +550,7 @@ _krb5_krb_create_auth_reply(krb5_context context,
RCHECK(ret, krb5_store_int16(sp, cipher->length), error); RCHECK(ret, krb5_store_int16(sp, cipher->length), error);
ret = krb5_storage_write(sp, cipher->data, cipher->length); ret = krb5_storage_write(sp, cipher->data, cipher->length);
if (ret != cipher->length) { if (ret != cipher->length) {
ret = EINVAL; ret = KRB4ET_INTK_PROT;
goto error; goto error;
} }
@ -599,6 +599,9 @@ _krb5_krb_cr_err_reply(krb5_context context,
RCHECK(ret, krb5_store_int8(sp, AUTH_MSG_ERR_REPLY), error); RCHECK(ret, krb5_store_int8(sp, AUTH_MSG_ERR_REPLY), error);
RCHECK(ret, put_nir(sp, name, inst, realm), error); RCHECK(ret, put_nir(sp, name, inst, realm), error);
RCHECK(ret, krb5_store_int32(sp, time_ws), error); RCHECK(ret, krb5_store_int32(sp, time_ws), error);
/* If its a Kerberos 4 error-code, remove the et BASE */
if (e >= ERROR_TABLE_BASE_krb && e <= ERROR_TABLE_BASE_krb + 255)
e -= ERROR_TABLE_BASE_krb;
RCHECK(ret, krb5_store_int32(sp, e), error); RCHECK(ret, krb5_store_int32(sp, e), error);
RCHECK(ret, krb5_store_stringz(sp, e_string), error); RCHECK(ret, krb5_store_stringz(sp, e_string), error);
@ -623,7 +626,7 @@ get_v4_stringz(krb5_storage *sp, char **str, size_t max_len)
if (strlen(*str) > max_len) { if (strlen(*str) > max_len) {
free(*str); free(*str);
*str = NULL; *str = NULL;
return EINVAL; return KRB4ET_INTK_PROT;
} }
return 0; return 0;
} }
@ -662,7 +665,7 @@ _krb5_krb_decomp_ticket(krb5_context context,
return ENOMEM; return ENOMEM;
} }
krb5_storage_set_eof_code(sp, EINVAL); /* XXX */ krb5_storage_set_eof_code(sp, KRB4ET_INTK_PROT);
RCHECK(ret, krb5_ret_int8(sp, &ad->k_flags), error); RCHECK(ret, krb5_ret_int8(sp, &ad->k_flags), error);
RCHECK(ret, get_v4_stringz(sp, &ad->pname, ANAME_SZ), error); RCHECK(ret, get_v4_stringz(sp, &ad->pname, ANAME_SZ), error);
@ -672,7 +675,7 @@ _krb5_krb_decomp_ticket(krb5_context context,
size = krb5_storage_read(sp, des_key, sizeof(des_key)); size = krb5_storage_read(sp, des_key, sizeof(des_key));
if (size != sizeof(des_key)) { if (size != sizeof(des_key)) {
ret = EINVAL; /* XXX */ ret = KRB4ET_INTK_PROT;
goto error; goto error;
} }
@ -770,26 +773,32 @@ _krb5_krb_rd_req(krb5_context context,
return ENOMEM; return ENOMEM;
} }
krb5_storage_set_eof_code(sp, EINVAL); /* XXX */ krb5_storage_set_eof_code(sp, KRB4ET_INTK_PROT);
ret = krb5_ret_int8(sp, &pvno); ret = krb5_ret_int8(sp, &pvno);
if (ret) if (ret) {
krb5_set_error_string(context, "Failed reading v4 pvno");
goto error; goto error;
}
if (pvno != KRB_PROT_VERSION) { if (pvno != KRB_PROT_VERSION) {
ret = EINVAL; /* XXX */ ret = KRB4ET_RD_AP_VERSION;
krb5_set_error_string(context, "Failed v4 pvno not 4");
goto error; goto error;
} }
ret = krb5_ret_int8(sp, &type); ret = krb5_ret_int8(sp, &type);
if (ret) if (ret) {
krb5_set_error_string(context, "Failed readin v4 type");
goto error; goto error;
}
little_endian = type & 1; little_endian = type & 1;
type &= ~1; type &= ~1;
if(type != AUTH_MSG_APPL_REQUEST && type != AUTH_MSG_APPL_REQUEST_MUTUAL) { if(type != AUTH_MSG_APPL_REQUEST && type != AUTH_MSG_APPL_REQUEST_MUTUAL) {
ret = EINVAL; /* RD_AP_MSG_TYPE */ ret = KRB4ET_RD_AP_MSG_TYPE;
krb5_set_error_string(context, "Not a valid v4 request type");
goto error; goto error;
} }
@ -801,7 +810,8 @@ _krb5_krb_rd_req(krb5_context context,
size = krb5_storage_read(sp, ticket.data, ticket.length); size = krb5_storage_read(sp, ticket.data, ticket.length);
if (size != ticket.length) { if (size != ticket.length) {
ret = EINVAL; ret = KRB4ET_INTK_PROT;
krb5_set_error_string(context, "Failed reading v4 ticket");
goto error; goto error;
} }
@ -815,7 +825,8 @@ _krb5_krb_rd_req(krb5_context context,
size = krb5_storage_read(sp, eaut.data, eaut.length); size = krb5_storage_read(sp, eaut.data, eaut.length);
if (size != eaut.length) { if (size != eaut.length) {
ret = EINVAL; ret = KRB4ET_INTK_PROT;
krb5_set_error_string(context, "Failed reading v4 authenticator");
goto error; goto error;
} }
@ -828,8 +839,8 @@ _krb5_krb_rd_req(krb5_context context,
sp = krb5_storage_from_data(&aut); sp = krb5_storage_from_data(&aut);
if (sp == NULL) { if (sp == NULL) {
krb5_set_error_string(context, "alloc: out of memory");
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_string(context, "alloc: out of memory");
goto error; goto error;
} }
@ -849,19 +860,22 @@ _krb5_krb_rd_req(krb5_context context,
if (strcmp(ad->pname, r_name) != 0 || if (strcmp(ad->pname, r_name) != 0 ||
strcmp(ad->pinst, r_instance) != 0 || strcmp(ad->pinst, r_instance) != 0 ||
strcmp(ad->prealm, r_realm) != 0) { strcmp(ad->prealm, r_realm) != 0) {
ret = EINVAL; /* RD_AP_INCON */ krb5_set_error_string(context, "v4 principal mismatch");
ret = KRB4ET_RD_AP_INCON;
goto error; goto error;
} }
if (from_addr && from_addr != ad->address) { if (from_addr && ad->address && from_addr != ad->address) {
ret = EINVAL; /* RD_AP_BADD */ krb5_set_error_string(context, "v4 bad address in ticket");
ret = KRB4ET_RD_AP_BADD;
goto error; goto error;
} }
gettimeofday(&tv, NULL); gettimeofday(&tv, NULL);
delta_t = abs((int)(tv.tv_sec - r_time_sec)); delta_t = abs((int)(tv.tv_sec - r_time_sec));
if (delta_t > CLOCK_SKEW) { if (delta_t > CLOCK_SKEW) {
ret = EINVAL; /* RD_AP_TIME */ ret = KRB4ET_RD_AP_TIME;
krb5_set_error_string(context, "v4 clock skew");
goto error; goto error;
} }
@ -870,12 +884,14 @@ _krb5_krb_rd_req(krb5_context context,
tkt_age = tv.tv_sec - ad->time_sec; tkt_age = tv.tv_sec - ad->time_sec;
if ((tkt_age < 0) && (-tkt_age > CLOCK_SKEW)) { if ((tkt_age < 0) && (-tkt_age > CLOCK_SKEW)) {
ret = EINVAL; /* RD_AP_NYV */ ret = KRB4ET_RD_AP_NYV;
krb5_set_error_string(context, "v4 clock skew for expiration");
goto error; goto error;
} }
if (tv.tv_sec > _krb5_krb_life_to_time(ad->time_sec, ad->life)) { if (tv.tv_sec > _krb5_krb_life_to_time(ad->time_sec, ad->life)) {
ret = EINVAL; /* RD_AP_EXP */ ret = KRB4ET_RD_AP_EXP;
krb5_set_error_string(context, "v4 ticket expired");
goto error; goto error;
} }

View File

@ -33,7 +33,7 @@
#include <config.h> #include <config.h>
RCSID("$Id: ntlm.c 21317 2007-06-25 19:22:02Z lha $"); RCSID("$Id: ntlm.c 21604 2007-07-17 06:48:55Z lha $");
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
@ -1105,7 +1105,7 @@ heim_ntlm_verify_ntlm2(const void *key, size_t len,
HMAC_CTX_init(&c); HMAC_CTX_init(&c);
HMAC_Init_ex(&c, ntlmv2, 16, EVP_md5(), NULL); HMAC_Init_ex(&c, ntlmv2, 16, EVP_md5(), NULL);
HMAC_Update(&c, serverchallange, 8); HMAC_Update(&c, serverchallange, 8);
HMAC_Update(&c, ((char *)answer->data) + 16, answer->length - 16); HMAC_Update(&c, ((unsigned char *)answer->data) + 16, answer->length - 16);
HMAC_Final(&c, serveranswer, &hmaclen); HMAC_Final(&c, serveranswer, &hmaclen);
HMAC_CTX_cleanup(&c); HMAC_CTX_cleanup(&c);

View File

@ -259,7 +259,8 @@ OBJ_FILES = \
../heimdal/lib/krb5/warn.o \ ../heimdal/lib/krb5/warn.o \
../heimdal/lib/krb5/krb5_err.o \ ../heimdal/lib/krb5/krb5_err.o \
../heimdal/lib/krb5/heim_err.o \ ../heimdal/lib/krb5/heim_err.o \
../heimdal/lib/krb5/k524_err.o ../heimdal/lib/krb5/k524_err.o \
../heimdal/lib/krb5/krb_err.o
# End SUBSYSTEM HEIMDAL_KRB5 # End SUBSYSTEM HEIMDAL_KRB5
####################### #######################
@ -568,10 +569,15 @@ include perl_path_wrapper.sh asn1_deps.pl heimdal/lib/asn1/CMS.asn1 cms_asn1 hei
include perl_path_wrapper.sh asn1_deps.pl heimdal/lib/hx509/ocsp.asn1 ocsp_asn1 heimdal/lib/hx509 --preserve-binary=OCSPTBSRequest --preserve-binary=OCSPResponseData| include perl_path_wrapper.sh asn1_deps.pl heimdal/lib/hx509/ocsp.asn1 ocsp_asn1 heimdal/lib/hx509 --preserve-binary=OCSPTBSRequest --preserve-binary=OCSPResponseData|
include perl_path_wrapper.sh asn1_deps.pl heimdal/lib/asn1/kx509.asn1 kx509_asn1 heimdal/lib/asn1| include perl_path_wrapper.sh asn1_deps.pl heimdal/lib/asn1/kx509.asn1 kx509_asn1 heimdal/lib/asn1|
include perl_path_wrapper.sh asn1_deps.pl heimdal/lib/hx509/pkcs10.asn1 pkcs10_asn1 heimdal/lib/hx509 --preserve-binary=CertificationRequestInfo| include perl_path_wrapper.sh asn1_deps.pl heimdal/lib/hx509/pkcs10.asn1 pkcs10_asn1 heimdal/lib/hx509 --preserve-binary=CertificationRequestInfo|
#
# Ensure to update ../static_deps.mk when you add a new entry here!
#
include perl_path_wrapper.sh et_deps.pl heimdal/lib/asn1/asn1_err.et heimdal/lib/asn1| include perl_path_wrapper.sh et_deps.pl heimdal/lib/asn1/asn1_err.et heimdal/lib/asn1|
include perl_path_wrapper.sh et_deps.pl heimdal/lib/hdb/hdb_err.et heimdal/lib/hdb| include perl_path_wrapper.sh et_deps.pl heimdal/lib/hdb/hdb_err.et heimdal/lib/hdb|
include perl_path_wrapper.sh et_deps.pl heimdal/lib/krb5/heim_err.et heimdal/lib/krb5| include perl_path_wrapper.sh et_deps.pl heimdal/lib/krb5/heim_err.et heimdal/lib/krb5|
include perl_path_wrapper.sh et_deps.pl heimdal/lib/krb5/k524_err.et heimdal/lib/krb5| include perl_path_wrapper.sh et_deps.pl heimdal/lib/krb5/k524_err.et heimdal/lib/krb5|
include perl_path_wrapper.sh et_deps.pl heimdal/lib/krb5/krb_err.et heimdal/lib/krb5|
include perl_path_wrapper.sh et_deps.pl heimdal/lib/krb5/krb5_err.et heimdal/lib/krb5| include perl_path_wrapper.sh et_deps.pl heimdal/lib/krb5/krb5_err.et heimdal/lib/krb5|
include perl_path_wrapper.sh et_deps.pl heimdal/lib/gssapi/krb5/gkrb5_err.et heimdal/lib/gssapi| include perl_path_wrapper.sh et_deps.pl heimdal/lib/gssapi/krb5/gkrb5_err.et heimdal/lib/gssapi|
include perl_path_wrapper.sh et_deps.pl heimdal/lib/hx509/hx509_err.et heimdal/lib/hx509| include perl_path_wrapper.sh et_deps.pl heimdal/lib/hx509/hx509_err.et heimdal/lib/hx509|

View File

@ -35,6 +35,7 @@ heimdal_basics: \
heimdal/lib/hdb/hdb_err.h \ heimdal/lib/hdb/hdb_err.h \
heimdal/lib/krb5/heim_err.h \ heimdal/lib/krb5/heim_err.h \
heimdal/lib/krb5/k524_err.h \ heimdal/lib/krb5/k524_err.h \
heimdal/lib/krb5/krb_err.h \
heimdal/lib/krb5/krb5_err.h \ heimdal/lib/krb5/krb5_err.h \
heimdal/lib/gssapi/gkrb5_err.h \ heimdal/lib/gssapi/gkrb5_err.h \
heimdal/lib/hx509/hx509_err.h heimdal/lib/hx509/hx509_err.h