sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Code

r24614: Merge with current lorikeet-heimdal. This brings us one step closer

Browse Source 
to an alpha release.

Andrew Bartlett
This commit is contained in:
Andrew Bartlett 2007-08-22 06:46:34 +00:00 committed by Gerald (Jerry) Carter
parent 48fd288957
commit 30e02747d5
58 changed files with 1168 additions and 809 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
source/heimdal/kdc/default_config.c
View File

@ -36,7 +36,7 @@
#include <getarg.h>
#include <parse_bytes.h>
RCSID("$Id: default_config.c 21296 2007-06-25 14:49:11Z lha $");
RCSID("$Id: default_config.c 21405 2007-07-04 10:35:45Z lha $");
krb5_error_code
krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)

25
source/heimdal/kdc/digest.c
View File

@ -34,7 +34,7 @@
#include "kdc_locl.h"
#include <hex.h>
RCSID("$Id: digest.c 21241 2007-06-20 11:30:19Z lha $");
RCSID("$Id: digest.c 21606 2007-07-17 07:03:25Z lha $");
#define MS_CHAP_V2 0x20
#define CHAP_MD5 0x10
@ -975,7 +975,7 @@ _kdc_do_digest(krb5_context context,
}
kdc_log(context, config, 0, "Digest %s request successful %s",
ireq.u.digestRequest.type, from);
ireq.u.digestRequest.type, ireq.u.digestRequest.username);
break;
}
@ -1227,7 +1227,7 @@ _kdc_do_digest(krb5_context context,
version = 1;
if (flags & NTLM_NEG_NTLM2_SESSION) {
char sessionhash[MD5_DIGEST_LENGTH];
unsigned char sessionhash[MD5_DIGEST_LENGTH];
MD5_CTX md5ctx;
if ((config->digests_allowed & NTLM_V1_SESSION) == 0) {
@ -1331,10 +1331,24 @@ _kdc_do_digest(krb5_context context,
version, ireq.u.ntlmRequest.username);
break;
}
default:
default: {
char *s;
krb5_set_error_string(context, "unknown operation to digest");
ret = EINVAL;
failed:
s = krb5_get_error_message(context, ret);
if (s == NULL) {
krb5_clear_error_string(context);
goto out;
}
kdc_log(context, config, 0, "Digest failed with: %s", s);
r.element = choice_DigestRepInner_error;
r.u.error.reason = strdup("unknown/failed operation");
r.u.error.reason = strdup("unknown error");
krb5_free_error_string(context, s);
if (r.u.error.reason == NULL) {
krb5_set_error_string(context, "out of memory");
ret = ENOMEM;
@ -1343,6 +1357,7 @@ _kdc_do_digest(krb5_context context,
r.u.error.code = EINVAL;
break;
}
}
ASN1_MALLOC_ENCODE(DigestRepInner, buf.data, buf.length, &r, &size, ret);
if (ret) {

17
source/heimdal/kdc/kaserver.c
View File

@ -33,7 +33,7 @@
#include "kdc_locl.h"
RCSID("$Id: kaserver.c 17904 2006-08-23 11:45:16Z lha $");
RCSID("$Id: kaserver.c 21661 2007-07-22 01:57:17Z lha $");
#include <krb5-v4compat.h>
#include <rx.h>
@ -191,19 +191,28 @@ init_reply_header (struct rx_header *hdr,
reply_hdr->serviceid = hdr->serviceid;
}
/*
* Create an error `reply´ using for the packet `hdr' with the error
* `error´ code.
*/
static void
make_error_reply (struct rx_header *hdr,
uint32_t ret,
uint32_t error,
krb5_data *reply)
{
krb5_storage *sp;
struct rx_header reply_hdr;
krb5_error_code ret;
krb5_storage *sp;
init_reply_header (hdr, &reply_hdr, HT_ABORT, HF_LAST);
sp = krb5_storage_emem();
if (sp == NULL)
return;
ret = encode_rx_header (&reply_hdr, sp);
krb5_store_int32(sp, ret);
if (ret)
return;
krb5_store_int32(sp, error);
krb5_storage_to_data (sp, reply);
krb5_storage_free (sp);
}

53
source/heimdal/kdc/kerberos4.c
View File

@ -35,7 +35,7 @@
#include <krb5-v4compat.h>
RCSID("$Id: kerberos4.c 18349 2006-10-08 13:43:52Z lha $");
RCSID("$Id: kerberos4.c 21577 2007-07-16 08:14:06Z lha $");
#ifndef swap32
static uint32_t
@ -151,7 +151,8 @@ _kdc_do_version4(krb5_context context,
if(!config->enable_v4) {
kdc_log(context, config, 0,
"Rejected version 4 request from %s", from);
make_err_reply(context, reply, KDC_GEN_ERR, "function not enabled");
make_err_reply(context, reply, KRB4ET_KDC_GEN_ERR,
"Function not enabled");
return 0;
}
@ -160,7 +161,7 @@ _kdc_do_version4(krb5_context context,
if(pvno != 4){
kdc_log(context, config, 0,
"Protocol version mismatch (krb4) (%d)", pvno);
make_err_reply(context, reply, KDC_PKT_VER, "protocol mismatch");
make_err_reply(context, reply, KRB4ET_KDC_PKT_VER, "protocol mismatch");
goto out;
}
RCHECK(krb5_ret_int8(sp, &msg_type), out);
@ -196,7 +197,7 @@ _kdc_do_version4(krb5_context context,
if(ret) {
kdc_log(context, config, 0, "Client not found in database: %s: %s",
client_name, krb5_get_err_text(context, ret));
make_err_reply(context, reply, KERB_ERR_PRINCIPAL_UNKNOWN,
make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN,
"principal unknown");
goto out1;
}
@ -205,7 +206,7 @@ _kdc_do_version4(krb5_context context,
if(ret){
kdc_log(context, config, 0, "Server not found in database: %s: %s",
server_name, krb5_get_err_text(context, ret));
make_err_reply(context, reply, KERB_ERR_PRINCIPAL_UNKNOWN,
make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN,
"principal unknown");
goto out1;
}
@ -216,7 +217,7 @@ _kdc_do_version4(krb5_context context,
TRUE);
if (ret) {
/* good error code? */
make_err_reply(context, reply, KERB_ERR_NAME_EXP,
make_err_reply(context, reply, KRB4ET_KDC_NAME_EXP,
"operation not allowed");
goto out1;
}
@ -227,7 +228,7 @@ _kdc_do_version4(krb5_context context,
kdc_log(context, config, 0,
"Per principal Kerberos 4 flag not turned on for %s",
client_name);
make_err_reply(context, reply, KERB_ERR_NULL_KEY,
make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY,
"allow kerberos4 flag required");
goto out1;
}
@ -244,7 +245,7 @@ _kdc_do_version4(krb5_context context,
"Pre-authentication required for v4-request: "
"%s for %s",
client_name, server_name);
make_err_reply(context, reply, KERB_ERR_NULL_KEY,
make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY,
"preauth required");
goto out1;
}
@ -252,7 +253,7 @@ _kdc_do_version4(krb5_context context,
ret = _kdc_get_des_key(context, client, FALSE, FALSE, &ckey);
if(ret){
kdc_log(context, config, 0, "no suitable DES key for client");
make_err_reply(context, reply, KDC_NULL_KEY,
make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY,
"no suitable DES key for client");
goto out1;
}
@ -265,7 +266,7 @@ _kdc_do_version4(krb5_context context,
if(ret){
kdc_log(context, config, 0, "No version-4 salted key in database -- %s.%s@%s",
name, inst, realm);
make_err_reply(context, reply, KDC_NULL_KEY,
make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY,
"No version-4 salted key in database");
goto out1;
}
@ -274,8 +275,7 @@ _kdc_do_version4(krb5_context context,
ret = _kdc_get_des_key(context, server, TRUE, FALSE, &skey);
if(ret){
kdc_log(context, config, 0, "no suitable DES key for server");
/* XXX */
make_err_reply(context, reply, KDC_NULL_KEY,
make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY,
"no suitable DES key for server");
goto out1;
}
@ -400,7 +400,7 @@ _kdc_do_version4(krb5_context context,
"tgs-req (krb4) with old kvno %d (current %d) for "
"krbtgt.%s@%s", kvno, tgt->entry.kvno % 256,
realm, config->v4_realm);
make_err_reply(context, reply, KDC_AUTH_EXP,
make_err_reply(context, reply, KRB4ET_KDC_AUTH_EXP,
"old krbtgt kvno used");
goto out2;
}
@ -409,8 +409,7 @@ _kdc_do_version4(krb5_context context,
if(ret){
kdc_log(context, config, 0,
"no suitable DES key for krbtgt (krb4)");
/* XXX */
make_err_reply(context, reply, KDC_NULL_KEY,
make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY,
"no suitable DES key for krbtgt");
goto out2;
}
@ -456,7 +455,7 @@ _kdc_do_version4(krb5_context context,
if(strcmp(ad.prealm, realm)){
kdc_log(context, config, 0,
"Can't hop realms (krb4) %s -> %s", realm, ad.prealm);
make_err_reply(context, reply, KERB_ERR_PRINCIPAL_UNKNOWN,
make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN,
"Can't hop realms");
goto out2;
}
@ -465,7 +464,7 @@ _kdc_do_version4(krb5_context context,
kdc_log(context, config, 0,
"krb4 Cross-realm %s -> %s disabled",
realm, config->v4_realm);
make_err_reply(context, reply, KERB_ERR_PRINCIPAL_UNKNOWN,
make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN,
"Can't hop realms");
goto out2;
}
@ -473,7 +472,7 @@ _kdc_do_version4(krb5_context context,
if(strcmp(sname, "changepw") == 0){
kdc_log(context, config, 0,
"Bad request for changepw ticket (krb4)");
make_err_reply(context, reply, KERB_ERR_PRINCIPAL_UNKNOWN,
make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN,
"Can't authorize password change based on TGT");
goto out2;
}
@ -485,7 +484,7 @@ _kdc_do_version4(krb5_context context,
s = kdc_log_msg(context, config, 0,
"Client not found in database: (krb4) %s: %s",
client_name, krb5_get_err_text(context, ret));
make_err_reply(context, reply, KERB_ERR_PRINCIPAL_UNKNOWN, s);
make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN, s);
free(s);
goto out2;
}
@ -494,7 +493,7 @@ _kdc_do_version4(krb5_context context,
s = kdc_log_msg(context, config, 0,
"Local client not found in database: (krb4) "
"%s", client_name);
make_err_reply(context, reply, KERB_ERR_PRINCIPAL_UNKNOWN, s);
make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN, s);
free(s);
goto out2;
}
@ -506,7 +505,7 @@ _kdc_do_version4(krb5_context context,
s = kdc_log_msg(context, config, 0,
"Server not found in database (krb4): %s: %s",
server_name, krb5_get_err_text(context, ret));
make_err_reply(context, reply, KERB_ERR_PRINCIPAL_UNKNOWN, s);
make_err_reply(context, reply, KRB4ET_KDC_PR_UNKNOWN, s);
free(s);
goto out2;
}
@ -516,8 +515,7 @@ _kdc_do_version4(krb5_context context,
server, server_name,
FALSE);
if (ret) {
/* good error code? */
make_err_reply(context, reply, KERB_ERR_NAME_EXP,
make_err_reply(context, reply, KRB4ET_KDC_NAME_EXP,
"operation not allowed");
goto out2;
}
@ -526,8 +524,7 @@ _kdc_do_version4(krb5_context context,
if(ret){
kdc_log(context, config, 0,
"no suitable DES key for server (krb4)");
/* XXX */
make_err_reply(context, reply, KDC_NULL_KEY,
make_err_reply(context, reply, KRB4ET_KDC_NULL_KEY,
"no suitable DES key for server");
goto out2;
}
@ -787,7 +784,7 @@ _kdc_get_des_key(krb5_context context,
else if(is_server && server_key)
*ret_key = server_key;
else
return KERB_ERR_NULL_KEY;
return KRB4ET_KDC_NULL_KEY;
} else {
if(v4_key)
*ret_key = v4_key;
@ -798,11 +795,11 @@ _kdc_get_des_key(krb5_context context,
else if(is_server && server_key)
*ret_key = server_key;
else
return KERB_ERR_NULL_KEY;
return KRB4ET_KDC_NULL_KEY;
}
if((*ret_key)->key.keyvalue.length == 0)
return KERB_ERR_NULL_KEY;
return KRB4ET_KDC_NULL_KEY;
return 0;
}

140
source/heimdal/kdc/kerberos5.c
View File

@ -33,7 +33,7 @@
#include "kdc_locl.h"
RCSID("$Id: kerberos5.c 21040 2007-06-10 06:20:59Z lha $");
RCSID("$Id: kerberos5.c 21529 2007-07-13 12:37:14Z lha $");
#define MAX_TIME ((time_t)((1U << 31) - 1))
@ -84,6 +84,22 @@ _kdc_find_padata(const KDC_REQ *req, int *start, int type)
return NULL;
}
/*
* Detect if `key' is the using the the precomputed `default_salt'.
*/
static krb5_boolean
is_default_salt_p(const krb5_salt *default_salt, const Key *key)
{
if (key->salt == NULL)
return TRUE;
if (default_salt->salttype != key->salt->type)
return FALSE;
if (krb5_data_cmp(&default_salt->saltvalue, &key->salt->salt))
return FALSE;
return TRUE;
}
/*
* return the first appropriate key of `princ' in `ret_key'. Look for
* all the etypes in (`etypes', `len'), stopping as soon as we find
@ -97,6 +113,9 @@ _kdc_find_etype(krb5_context context, const hdb_entry_ex *princ,
{
int i;
krb5_error_code ret = KRB5KDC_ERR_ETYPE_NOSUPP;
krb5_salt def_salt;
krb5_get_pw_salt (context, princ->entry.principal, &def_salt);
for(i = 0; ret != 0 && i < len ; i++) {
Key *key = NULL;
@ -112,10 +131,13 @@ _kdc_find_etype(krb5_context context, const hdb_entry_ex *princ,
*ret_key = key;
*ret_etype = etypes[i];
ret = 0;
if (key->salt == NULL)
if (is_default_salt_p(&def_salt, key)) {
krb5_free_salt (context, def_salt);
return ret;
}
}
}
krb5_free_salt (context, def_salt);
return ret;
}
@ -325,6 +347,43 @@ _kdc_encode_reply(krb5_context context,
return 0;
}
/*
* Return 1 if the client have only older enctypes, this is for
* determining if the server should send ETYPE_INFO2 or not.
*/
static int
older_enctype(krb5_enctype enctype)
{
switch (enctype) {
case ETYPE_DES_CBC_CRC:
case ETYPE_DES_CBC_MD4:
case ETYPE_DES_CBC_MD5:
case ETYPE_DES3_CBC_SHA1:
case ETYPE_ARCFOUR_HMAC_MD5:
case ETYPE_ARCFOUR_HMAC_MD5_56:
return 1;
default:
return 0;
}
}
static int
only_older_enctype_p(const KDC_REQ *req)
{
int i;
for(i = 0; i < req->req_body.etype.len; i++) {
if (!older_enctype(req->req_body.etype.val[i]))
return 0;
}
return 1;
}
/*
*
*/
static krb5_error_code
make_etype_info_entry(krb5_context context, ETYPE_INFO_ENTRY *ent, Key *key)
{
@ -395,14 +454,18 @@ get_pa_etype_info(krb5_context context,
return ENOMEM;
memset(pa.val, 0, pa.len * sizeof(*pa.val));
for(j = 0; j < etypes_len; j++) {
for (i = 0; i < n; i++)
if (pa.val[i].etype == etypes[j])
goto skip1;
for(i = 0; i < client->keys.len; i++) {
for (j = 0; j < n; j++)
if (pa.val[j].etype == client->keys.val[i].key.keytype)
goto skip1;
for(j = 0; j < etypes_len; j++) {
if(client->keys.val[i].key.keytype == etypes[j]) {
if (krb5_enctype_valid(context, etypes[j]) != 0)
continue;
if (!older_enctype(etypes[j]))
continue;
if (n >= pa.len)
krb5_abortx(context, "internal error: n >= p.len");
if((ret = make_etype_info_entry(context,
&pa.val[n++],
&client->keys.val[i])) != 0) {
@ -420,6 +483,10 @@ get_pa_etype_info(krb5_context context,
}
if (krb5_enctype_valid(context, client->keys.val[i].key.keytype) != 0)
continue;
if (!older_enctype(etypes[j]))
continue;
if (n >= pa.len)
krb5_abortx(context, "internal error: n >= p.len");
if((ret = make_etype_info_entry(context,
&pa.val[n++],
&client->keys.val[i])) != 0) {
@ -429,16 +496,8 @@ get_pa_etype_info(krb5_context context,
skip2:;
}
if(n != pa.len) {
char *name;
ret = krb5_unparse_name(context, client->principal, &name);
if (ret)
name = rk_UNCONST("<unparse_name failed>");
kdc_log(context, config, 0,
"internal error in get_pa_etype_info(%s): %d != %d",
name, n, pa.len);
if (ret == 0)
free(name);
if(n < pa.len) {
/* stripped out newer enctypes */
pa.len = n;
}
@ -528,33 +587,9 @@ make_etype_info2_entry(ETYPE_INFO2_ENTRY *ent, Key *key)
}
/*
* Return 1 if the client have only older enctypes, this is for
* determining if the server should send ETYPE_INFO2 or not.
*/
static int
only_older_enctype_p(const KDC_REQ *req)
{
int i;
for(i = 0; i < req->req_body.etype.len; i++) {
switch (req->req_body.etype.val[i]) {
case ETYPE_DES_CBC_CRC:
case ETYPE_DES_CBC_MD4:
case ETYPE_DES_CBC_MD5:
case ETYPE_DES3_CBC_SHA1:
case ETYPE_ARCFOUR_HMAC_MD5:
case ETYPE_ARCFOUR_HMAC_MD5_56:
break;
default:
return 0;
}
}
return 1;
}
/*
*
* Return an ETYPE-INFO2. Enctypes are storted the same way as in the
* database (client supported enctypes first, then the unsupported
* enctypes).
*/
static krb5_error_code
@ -578,11 +613,11 @@ get_pa_etype_info2(krb5_context context,
return ENOMEM;
memset(pa.val, 0, pa.len * sizeof(*pa.val));
for(j = 0; j < etypes_len; j++) {
for (i = 0; i < n; i++)
if (pa.val[i].etype == etypes[j])
goto skip1;
for(i = 0; i < client->keys.len; i++) {
for (j = 0; j < n; j++)
if (pa.val[j].etype == client->keys.val[i].key.keytype)
goto skip1;
for(j = 0; j < etypes_len; j++) {
if(client->keys.val[i].key.keytype == etypes[j]) {
if (krb5_enctype_valid(context, etypes[j]) != 0)
continue;
@ -595,6 +630,7 @@ get_pa_etype_info2(krb5_context context,
}
skip1:;
}
/* send enctypes that the cliene doesn't know about too */
for(i = 0; i < client->keys.len; i++) {
for(j = 0; j < etypes_len; j++) {
if(client->keys.val[i].key.keytype == etypes[j])
@ -959,7 +995,9 @@ _kdc_as_rep(krb5_context context,
if (b->cname->name_type == KRB5_NT_ENTERPRISE_PRINCIPAL) {
if (b->cname->name_string.len != 1) {
kdc_log(context, config, 0,
"AS-REQ malformed canon request from %s", from);
"AS-REQ malformed canon request from %s, "
"enterprise name with %d name components",
from, b->cname->name_string.len);
ret = KRB5_PARSE_MALFORMED;
goto out;
}
@ -1395,6 +1433,12 @@ _kdc_as_rep(krb5_context context,
copy_Realm(&server->entry.principal->realm, &rep.ticket.realm);
_krb5_principal2principalname(&rep.ticket.sname,
server->entry.principal);
/* java 1.6 expects the name to be the same type, lets allow that
* uncomplicated name-types. */
#define CNT(sp,t) (((sp)->sname->name_type) == KRB5_NT_##t)
if (CNT(b, UNKNOWN) || CNT(b, PRINCIPAL) || CNT(b, SRV_INST) || CNT(b, SRV_HST) || CNT(b, SRV_XHST))
rep.ticket.sname.name_type = b->sname->name_type;
#undef CNT
et.flags.initial = 1;
if(client->entry.flags.forwardable && server->entry.flags.forwardable)

6
source/heimdal/kdc/kx509.c
View File

@ -36,7 +36,7 @@
#include <rfc2459_asn1.h>
#include <hx509.h>
RCSID("$Id: kx509.c 19992 2007-01-20 09:06:18Z lha $");
RCSID("$Id: kx509.c 21607 2007-07-17 07:04:52Z lha $");
/*
*
@ -56,7 +56,7 @@ _kdc_try_kx509_request(void *ptr, size_t len, Kx509Request *req, size_t *size)
*
*/
static const char version_2_0[4] = {0 , 0, 2, 0};
static const unsigned char version_2_0[4] = {0 , 0, 2, 0};
static krb5_error_code
verify_req_hash(krb5_context context,
@ -122,7 +122,7 @@ calculate_reply_hash(krb5_context context,
if (rep->certificate)
HMAC_Update(&ctx, rep->certificate->data, rep->certificate->length);
if (rep->e_text)
HMAC_Update(&ctx, *rep->e_text, strlen(*rep->e_text));
HMAC_Update(&ctx, (unsigned char *)*rep->e_text, strlen(*rep->e_text));
HMAC_Final(&ctx, rep->hash->data, 0);
HMAC_CTX_cleanup(&ctx);

10
source/heimdal/kuser/kinit.c
View File

@ -32,18 +32,10 @@
*/
#include "kuser_locl.h"
RCSID("$Id: kinit.c 20517 2007-04-22 10:42:26Z lha $");
RCSID("$Id: kinit.c 21483 2007-07-10 16:40:46Z lha $");
#include "krb5-v4compat.h"
struct krb5_pk_identity;
struct krb5_pk_cert;
struct ContentInfo;
struct _krb5_krb_auth_data;
struct krb5_dh_moduli;
struct krb5_plugin;
enum plugin_type;
#include "krb5-private.h"
#include "heimntlm.h"
int forwardable_flag = -1;

5
source/heimdal/lib/asn1/asn1_err.et
View File

@ -3,7 +3,7 @@
#
# This might look like a com_err file, but is not
#
id "$Id: asn1_err.et 20010 2007-01-20 21:52:27Z lha $"
id "$Id: asn1_err.et 21394 2007-07-02 10:14:43Z lha $"
error_table asn1
prefix ASN1
@ -19,4 +19,7 @@ error_code BAD_FORMAT, "ASN.1 badly-formatted encoding"
error_code PARSE_ERROR, "ASN.1 parse error"
error_code EXTRA_DATA, "ASN.1 extra data past end of end structure"
error_code BAD_CHARACTER, "ASN.1 invalid character in string"
error_code MIN_CONSTRAINT, "ASN.1 too few elements"
error_code MAX_CONSTRAINT, "ASN.1 too many elements"
error_code EXACT_CONSTRAINT, "ASN.1 wrong number of elements"
end

25
source/heimdal/lib/asn1/der_get.c
View File

@ -33,7 +33,7 @@
#include "der_locl.h"
RCSID("$Id: der_get.c 20570 2007-04-27 14:06:27Z lha $");
RCSID("$Id: der_get.c 21369 2007-06-27 10:14:39Z lha $");
#include <version.h>
@ -336,32 +336,25 @@ generalizedtime2time (const char *s, time_t *t)
*t = _der_timegm (&tm);
return 0;
}
#undef timegm
static int
der_get_time (const unsigned char *p, size_t len,
time_t *data, size_t *size)
{
heim_octet_string k;
char *times;
size_t ret = 0;
size_t l;
int e;
e = der_get_octet_string (p, len, &k, &l);
if (e) return e;
p += l;
len -= l;
ret += l;
times = realloc(k.data, k.length + 1);
if (times == NULL){
free(k.data);
if (len > len + 1 || len == 0)
return ASN1_BAD_LENGTH;
times = malloc(len + 1);
if (times == NULL)
return ENOMEM;
}
times[k.length] = 0;
memcpy(times, p, len);
times[len] = '\0';
e = generalizedtime2time(times, data);
free (times);
if(size) *size = ret;
if(size) *size = len;
return e;
}

3
source/heimdal/lib/asn1/gen.c
View File

@ -33,7 +33,7 @@
#include "gen_locl.h"
RCSID("$Id: gen.c 20670 2007-05-11 00:39:41Z lha $");
RCSID("$Id: gen.c 21364 2007-06-27 08:51:06Z lha $");
FILE *headerfile, *codefile, *logfile;
@ -253,6 +253,7 @@ generate_header_of_codefile(const char *name)
"#include <time.h>\n"
"#include <string.h>\n"
"#include <errno.h>\n"
"#include <limits.h>\n"
"#include <krb5-types.h>\n",
orig_filename);

72
source/heimdal/lib/asn1/gen_decode.c
View File

@ -34,7 +34,7 @@
#include "gen_locl.h"
#include "lex.h"
RCSID("$Id: gen_decode.c 19572 2006-12-29 17:30:32Z lha $");
RCSID("$Id: gen_decode.c 21503 2007-07-12 11:57:19Z lha $");
static void
decode_primitive (const char *typename, const char *name, const char *forwstr)
@ -202,6 +202,32 @@ find_tag (const Type *t,
}
}
static void
range_check(const char *name,
const char *length,
const char *forwstr,
struct range *r)
{
if (r->min == r->max + 2 || r->min < r->max)
fprintf (codefile,
"if ((%s)->%s > %d) {\n"
"e = ASN1_MAX_CONSTRAINT; %s;\n"
"}\n",
name, length, r->max, forwstr);
if (r->min - 1 == r->max || r->min < r->max)
fprintf (codefile,
"if ((%s)->%s < %d) {\n"
"e = ASN1_MIN_CONSTRAINT; %s;\n"
"}\n",
name, length, r->min, forwstr);
if (r->max == r->min)
fprintf (codefile,
"if ((%s)->%s != %d) {\n"
"e = ASN1_EXACT_CONSTRAINT; %s;\n"
"}\n",
name, length, r->min, forwstr);
}
static int
decode_type (const char *name, const Type *t, int optional,
const char *forwstr, const char *tmpstr)
@ -236,12 +262,14 @@ decode_type (const char *name, const Type *t, int optional,
}
case TInteger:
if(t->members) {
char *s;
asprintf(&s, "(int*)%s", name);
if (s == NULL)
errx (1, "out of memory");
decode_primitive ("integer", s, forwstr);
free(s);
fprintf(codefile,
"{\n"
"int enumint;\n");
decode_primitive ("integer", "&enumint", forwstr);
fprintf(codefile,
"*%s = enumint;\n"
"}\n",
name);
} else if (t->range == NULL) {
decode_primitive ("heim_integer", name, forwstr);
} else if (t->range->min == INT_MIN && t->range->max == INT_MAX) {
@ -262,6 +290,8 @@ decode_type (const char *name, const Type *t, int optional,
break;
case TOctetString:
decode_primitive ("octet_string", name, forwstr);
if (t->range)
range_check(name, "length", forwstr, t->range);
break;
case TBitString: {
Member *m;
@ -394,19 +424,31 @@ decode_type (const char *name, const Type *t, int optional,
"{\n"
"size_t %s_origlen = len;\n"
"size_t %s_oldret = ret;\n"
"size_t %s_olen = 0;\n"
"void *%s_tmp;\n"
"ret = 0;\n"
"(%s)->len = 0;\n"
"(%s)->val = NULL;\n"
"(%s)->val = NULL;\n",
tmpstr,
tmpstr,
tmpstr,
tmpstr,
name,
name);
fprintf (codefile,
"while(ret < %s_origlen) {\n"
"%s_tmp = realloc((%s)->val, "
" sizeof(*((%s)->val)) * ((%s)->len + 1));\n"
"if (%s_tmp == NULL) { %s; }\n"
"size_t %s_nlen = %s_olen + sizeof(*((%s)->val));\n"
"if (%s_olen > %s_nlen) { e = ASN1_OVERFLOW; %s; }\n"
"%s_olen = %s_nlen;\n"
"%s_tmp = realloc((%s)->val, %s_olen);\n"
"if (%s_tmp == NULL) { e = ENOMEM; %s; }\n"
"(%s)->val = %s_tmp;\n",
tmpstr, tmpstr, tmpstr,
name, name,
tmpstr,
tmpstr, tmpstr, name,
tmpstr, tmpstr, forwstr,
tmpstr, tmpstr,
name, name, name,
tmpstr, name, tmpstr,
tmpstr, forwstr,
name, tmpstr);
@ -425,6 +467,8 @@ decode_type (const char *name, const Type *t, int optional,
"}\n",
name,
tmpstr, tmpstr);
if (t->range)
range_check(name, "len", forwstr, t->range);
free (n);
free (sname);
break;

19
source/heimdal/lib/asn1/gen_encode.c
View File

@ -33,7 +33,7 @@
#include "gen_locl.h"
RCSID("$Id: gen_encode.c 19572 2006-12-29 17:30:32Z lha $");
RCSID("$Id: gen_encode.c 21503 2007-07-12 11:57:19Z lha $");
static void
encode_primitive (const char *typename, const char *name)
@ -121,12 +121,12 @@ encode_type (const char *name, const Type *t, const char *tmpstr)
break;
case TInteger:
if(t->members) {
char *s;
asprintf(&s, "(const int*)%s", name);
if(s == NULL)
errx(1, "out of memory");
encode_primitive ("integer", s);
free(s);
fprintf(codefile,
"{\n"
"int enumint = (int)*%s;\n",
name);
encode_primitive ("integer", "&enumint");
fprintf(codefile, "}\n;");
} else if (t->range == NULL) {
encode_primitive ("heim_integer", name);
} else if (t->range->min == INT_MIN && t->range->max == INT_MAX) {
@ -292,6 +292,11 @@ encode_type (const char *name, const Type *t, const char *tmpstr)
"size_t elen, totallen = 0;\n"
"int eret;\n");
fprintf(codefile,
"if ((%s)->len > UINT_MAX/sizeof(val[0]))\n"
"return ERANGE;\n",
name);
fprintf(codefile,
"val = malloc(sizeof(val[0]) * (%s)->len);\n"
"if (val == NULL && (%s)->len != 0) return ENOMEM;\n",

13
source/heimdal/lib/asn1/gen_length.c
View File

@ -33,7 +33,7 @@
#include "gen_locl.h"
RCSID("$Id: gen_length.c 19539 2006-12-28 17:15:05Z lha $");
RCSID("$Id: gen_length.c 21503 2007-07-12 11:57:19Z lha $");
static void
length_primitive (const char *typename,
@ -72,12 +72,11 @@ length_type (const char *name, const Type *t,
break;
case TInteger:
if(t->members) {
char *s;
asprintf(&s, "(const int*)%s", name);
if(s == NULL)
errx (1, "out of memory");
length_primitive ("integer", s, variable);
free(s);
fprintf(codefile,
"{\n"
"int enumint = *%s;\n", name);
length_primitive ("integer", "&enumint", variable);
fprintf(codefile, "}\n");
} else if (t->range == NULL) {
length_primitive ("heim_integer", name, variable);
} else if (t->range->min == INT_MIN && t->range->max == INT_MAX) {

6
source/heimdal/lib/asn1/k5.asn1
View File

@ -1,4 +1,4 @@
-- $Id: k5.asn1 21092 2007-06-15 19:47:46Z lha $
-- $Id: k5.asn1 21400 2007-07-02 19:57:31Z lha $
KERBEROS5 DEFINITIONS ::=
BEGIN
@ -332,7 +332,7 @@ ETYPE-INFO2-ENTRY ::= SEQUENCE {
s2kparams[2] OCTET STRING OPTIONAL
}
ETYPE-INFO2 ::= SEQUENCE OF ETYPE-INFO2-ENTRY
ETYPE-INFO2 ::= SEQUENCE SIZE (1..MAX) OF ETYPE-INFO2-ENTRY
METHOD-DATA ::= SEQUENCE OF PA-DATA
@ -341,7 +341,7 @@ TypedData ::= SEQUENCE {
data-value[1] OCTET STRING OPTIONAL
}
TYPED-DATA ::= SEQUENCE OF TypedData
TYPED-DATA ::= SEQUENCE SIZE (1..MAX) OF TypedData
KDC-REQ-BODY ::= SEQUENCE {
kdc-options[0] KDCOptions,

33
source/heimdal/lib/asn1/lex.c
View File

@ -1,6 +1,5 @@
#include "config.h"
#line 3 "lex.yy.c"
#line 3 "lex.c"
#define YY_INT_ALIGNED short int
@ -343,6 +342,9 @@ FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0;
typedef int yy_state_type;
extern int yylineno;
int yylineno = 1;
extern char *yytext;
#define yytext_ptr yytext
@ -824,7 +826,7 @@ char *yytext;
* SUCH DAMAGE.
*/
/* $Id: lex.l,v 1.31 2006/10/21 11:57:22 lha Exp $ */
/* $Id: lex.l 18738 2006-10-21 11:57:22Z lha $ */
#ifdef HAVE_CONFIG_H
#include <config.h>
@ -849,7 +851,7 @@ static unsigned lineno = 1;
static void unterminated(const char *, unsigned);
/* This is for broken old lexes (solaris 10 and hpux) */
#line 852 "lex.yy.c"
#line 855 "lex.c"
#define INITIAL 0
@ -1004,7 +1006,7 @@ YY_DECL
#line 68 "lex.l"
#line 1007 "lex.yy.c"
#line 1010 "lex.c"
if ( !(yy_init) )
{
@ -1673,7 +1675,7 @@ YY_RULE_SETUP
#line 274 "lex.l"
ECHO;
YY_BREAK
#line 1676 "lex.yy.c"
#line 1679 "lex.c"
case YY_STATE_EOF(INITIAL):
yyterminate();
@ -2483,6 +2485,15 @@ static void yy_fatal_error (yyconst char* msg )
/* Accessor methods (get/set functions) to struct members. */
/** Get the current line number.
*
*/
int yyget_lineno (void)
{
return yylineno;
}
/** Get the input stream.
*
*/
@ -2516,6 +2527,16 @@ char *yyget_text (void)
return yytext;
}
/** Set the current line number.
* @param line_number
*
*/
void yyset_lineno (int line_number )
{
yylineno = line_number;
}
/** Set the input stream. This does not discard the current
* input buffer.
* @param in_str A readable stream.

839
source/heimdal/lib/asn1/parse.c
View File

File diff suppressed because it is too large Load Diff

6
source/heimdal/lib/asn1/parse.h
View File

@ -16,7 +16,9 @@
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, see <http://www.gnu.org/licenses/>. */
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor,
Boston, MA 02110-1301, USA. */
/* As a special exception, you may create a larger work that contains
part or all of the Bison parser skeleton and distribute that work
@ -224,7 +226,7 @@ typedef union YYSTYPE
{
int constant;
struct value *value;
struct range range;
struct range *range;
char *name;
Type *type;
Member *member;

23
source/heimdal/lib/asn1/rfc2459.asn1
View File

@ -169,7 +169,7 @@ Extension ::= SEQUENCE {
extnValue OCTET STRING
}
Extensions ::= SEQUENCE OF Extension -- SIZE (1..MAX)
Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
TBSCertificate ::= SEQUENCE {
version [0] Version OPTIONAL, -- EXPLICIT nnn DEFAULT 1,
@ -232,7 +232,7 @@ GeneralName ::= CHOICE {
registeredID [8] IMPLICIT OBJECT IDENTIFIER
}
GeneralNames ::= SEQUENCE -- SIZE (1..MAX) -- OF GeneralName
GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
id-x509-ce-keyUsage OBJECT IDENTIFIER ::= { id-x509-ce 15 }
@ -320,7 +320,7 @@ DistributionPointReasonFlags ::= BIT STRING {
}
DistributionPointName ::= CHOICE {
fullName [0] IMPLICIT -- GeneralNames -- SEQUENCE -- SIZE (1..MAX) -- OF GeneralName,
fullName [0] IMPLICIT -- GeneralNames -- SEQUENCE SIZE (1..MAX) OF GeneralName,
nameRelativeToCRLIssuer [1] RelativeDistinguishedName
}
@ -330,7 +330,7 @@ DistributionPoint ::= SEQUENCE {
cRLIssuer [2] IMPLICIT heim_any -- GeneralNames -- OPTIONAL
}
CRLDistributionPoints ::= SEQUENCE -- SIZE (1..MAX) -- OF DistributionPoint
CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
-- rfc3279
@ -449,11 +449,20 @@ id-pkix-kp-emailProtection OBJECT IDENTIFIER ::= { id-pkix-kp 4 }
id-pkix-kp-timeStamping OBJECT IDENTIFIER ::= { id-pkix-kp 8 }
id-pkix-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-pkix-kp 9 }
-- RFC 3820 Proxy Certificate Profile
id-pkix-pe OBJECT IDENTIFIER ::= { id-pkix 1 }
id-pe-proxyCertInfo OBJECT IDENTIFIER ::= { id-pkix-pe 14 }
id-pkix-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pkix-pe 1 }
AccessDescription ::= SEQUENCE {
accessMethod OBJECT IDENTIFIER,
accessLocation GeneralName
}
AuthorityInfoAccessSyntax ::= SEQUENCE SIZE (1..MAX) OF AccessDescription
-- RFC 3820 Proxy Certificate Profile
id-pkix-pe-proxyCertInfo OBJECT IDENTIFIER ::= { id-pkix-pe 14 }
id-pkix-ppl OBJECT IDENTIFIER ::= { id-pkix 21 }

9
source/heimdal/lib/asn1/test.asn1
View File

@ -1,4 +1,4 @@
-- $Id: test.asn1 18013 2006-09-05 14:00:44Z lha $ --
-- $Id: test.asn1 21455 2007-07-10 12:51:19Z lha $ --
TEST DEFINITIONS ::=
@ -85,4 +85,11 @@ TESTUSERCONSTRAINED ::= OCTET STRING (CONSTRAINED BY { -- meh -- })
TESTSeqOf ::= SEQUENCE OF TESTInteger
TESTSeqSizeOf1 ::= SEQUENCE SIZE (2) OF TESTInteger
TESTSeqSizeOf2 ::= SEQUENCE SIZE (1..2) OF TESTInteger
TESTSeqSizeOf3 ::= SEQUENCE SIZE (1..MAX) OF TESTInteger
TESTSeqSizeOf4 ::= SEQUENCE SIZE (MIN..2) OF TESTInteger
TESTOSSize1 ::= OCTET STRING SIZE (1..2)
END

6
source/heimdal/lib/asn1/timegm.c
View File

@ -33,7 +33,7 @@
#include "der_locl.h"
RCSID("$Id: timegm.c 18607 2006-10-19 16:19:32Z lha $");
RCSID("$Id: timegm.c 21366 2007-06-27 10:06:22Z lha $");
static int
is_leap(unsigned y)
@ -43,8 +43,8 @@ is_leap(unsigned y)
}
/*
* This is a simplifed version of _der_timegm that doesn't accept out
* of bound values that timegm(3) normally accepts but those are not
* This is a simplifed version of timegm(3) that doesn't accept out of
* bound values that timegm(3) normally accepts but those are not
* valid in asn1 encodings.
*/

9
source/heimdal/lib/gssapi/mech/gss_acquire_cred.c
View File

@ -27,7 +27,7 @@
*/
#include "mech_locl.h"
RCSID("$Id: gss_acquire_cred.c 20626 2007-05-08 13:56:49Z lha $");
RCSID("$Id: gss_acquire_cred.c 21478 2007-07-10 16:32:01Z lha $");
OM_uint32
gss_acquire_cred(OM_uint32 *minor_status,
@ -50,7 +50,7 @@ gss_acquire_cred(OM_uint32 *minor_status,
int i;
*minor_status = 0;
if (actual_mechs)
if (output_cred_handle)
*output_cred_handle = GSS_C_NO_CREDENTIAL;
if (actual_mechs)
*actual_mechs = GSS_C_NO_OID_SET;
@ -106,8 +106,9 @@ gss_acquire_cred(OM_uint32 *minor_status,
continue;
if (desired_name != GSS_C_NO_NAME) {
mn = _gss_find_mn(name, &mechs->elements[i]);
if (!mn)
major_status = _gss_find_mn(minor_status, name,
&mechs->elements[i], &mn);
if (major_status != GSS_S_COMPLETE)
continue;
}

12
source/heimdal/lib/gssapi/mech/gss_add_cred.c
View File

@ -27,7 +27,7 @@
*/
#include "mech_locl.h"
RCSID("$Id: gss_add_cred.c 20626 2007-05-08 13:56:49Z lha $");
RCSID("$Id: gss_add_cred.c 21474 2007-07-10 16:30:23Z lha $");
static struct _gss_mechanism_cred *
_gss_copy_cred(struct _gss_mechanism_cred *mc)
@ -136,11 +136,13 @@ gss_add_cred(OM_uint32 *minor_status,
* Figure out a suitable mn, if any.
*/
if (desired_name) {
mn = _gss_find_mn((struct _gss_name *) desired_name,
desired_mech);
if (!mn) {
major_status = _gss_find_mn(minor_status,
(struct _gss_name *) desired_name,
desired_mech,
&mn);
if (major_status != GSS_S_COMPLETE) {
free(new_cred);
return (GSS_S_BAD_NAME);
return major_status;
}
} else {
mn = 0;

9
source/heimdal/lib/gssapi/mech/gss_canonicalize_name.c
View File

@ -27,7 +27,7 @@
*/
#include "mech_locl.h"
RCSID("$Id: gss_canonicalize_name.c 19928 2007-01-16 10:37:54Z lha $");
RCSID("$Id: gss_canonicalize_name.c 21476 2007-07-10 16:31:27Z lha $");
OM_uint32
gss_canonicalize_name(OM_uint32 *minor_status,
@ -44,10 +44,9 @@ gss_canonicalize_name(OM_uint32 *minor_status,
*minor_status = 0;
*output_name = 0;
mn = _gss_find_mn(name, mech_type);
if (!mn) {
return (GSS_S_BAD_MECH);
}
major_status = _gss_find_mn(minor_status, name, mech_type, &mn);
if (major_status)
return major_status;
m = mn->gmn_mech;
major_status = m->gm_canonicalize_name(minor_status,

9
source/heimdal/lib/gssapi/mech/gss_compare_name.c
View File

@ -27,7 +27,7 @@
*/
#include "mech_locl.h"
RCSID("$Id: gss_compare_name.c 17700 2006-06-28 09:00:26Z lha $");
RCSID("$Id: gss_compare_name.c 21475 2007-07-10 16:31:03Z lha $");
OM_uint32
gss_compare_name(OM_uint32 *minor_status,
@ -57,8 +57,11 @@ gss_compare_name(OM_uint32 *minor_status,
struct _gss_mechanism_name *mn2;
SLIST_FOREACH(mn1, &name1->gn_mn, gmn_link) {
mn2 = _gss_find_mn(name2, mn1->gmn_mech_oid);
if (mn2) {
OM_uint32 major_status;
major_status = _gss_find_mn(minor_status, name2,
mn1->gmn_mech_oid, &mn2);
if (major_status == GSS_S_COMPLETE) {
return (mn1->gmn_mech->gm_compare_name(
minor_status,
mn1->gmn_name,

6
source/heimdal/lib/gssapi/mech/gss_duplicate_name.c
View File

@ -27,7 +27,7 @@
*/
#include "mech_locl.h"
RCSID("$Id: gss_duplicate_name.c 21219 2007-06-20 08:27:11Z lha $");
RCSID("$Id: gss_duplicate_name.c 21480 2007-07-10 16:32:32Z lha $");
OM_uint32 gss_duplicate_name(OM_uint32 *minor_status,
const gss_name_t src_name,
@ -54,7 +54,9 @@ OM_uint32 gss_duplicate_name(OM_uint32 *minor_status,
new_name = (struct _gss_name *) *dest_name;
SLIST_FOREACH(mn, &name->gn_mn, gmn_link) {
_gss_find_mn(new_name, mn->gmn_mech_oid);
struct _gss_mechanism_name *mn2;
_gss_find_mn(minor_status, new_name,
mn->gmn_mech_oid, &mn2);
}
} else {
new_name = malloc(sizeof(struct _gss_name));

8
source/heimdal/lib/gssapi/mech/gss_init_sec_context.c
View File

@ -27,7 +27,7 @@
*/
#include "mech_locl.h"
RCSID("$Id: gss_init_sec_context.c 19957 2007-01-17 13:48:11Z lha $");
RCSID("$Id: gss_init_sec_context.c 21479 2007-07-10 16:32:19Z lha $");
static gss_cred_id_t
_gss_mech_cred_find(gss_cred_id_t cred_handle, gss_OID mech_type)
@ -109,11 +109,11 @@ gss_init_sec_context(OM_uint32 * minor_status,
/*
* Find the MN for this mechanism.
*/
mn = _gss_find_mn(name, mech_type);
if (mn == NULL) {
major_status = _gss_find_mn(minor_status, name, mech_type, &mn);
if (major_status != GSS_S_COMPLETE) {
if (allocated_ctx)
free(ctx);
return GSS_S_BAD_NAME;
return major_status;
}
/*

5
source/heimdal/lib/gssapi/mech/gss_mech_switch.c
View File

@ -28,7 +28,7 @@
#include "mech_locl.h"
#include <heim_threads.h>
RCSID("$Id: gss_mech_switch.c 20625 2007-05-08 13:55:03Z lha $");
RCSID("$Id: gss_mech_switch.c 21700 2007-07-26 19:08:34Z lha $");
#ifndef _PATH_GSS_MECH
#define _PATH_GSS_MECH "/etc/gss/mech"
@ -223,9 +223,9 @@ _gss_load_mech(void)
add_builtin(__gss_spnego_initialize());
add_builtin(__gss_ntlm_initialize());
#ifdef HAVE_DLOPEN
fp = fopen(_PATH_GSS_MECH, "r");
if (!fp) {
/* perror(_PATH_GSS_MECH); */
HEIMDAL_MUTEX_unlock(&_gss_mech_mutex);
return;
}
@ -316,6 +316,7 @@ _gss_load_mech(void)
continue;
}
fclose(fp);
#endif
HEIMDAL_MUTEX_unlock(&_gss_mech_mutex);
}

27
source/heimdal/lib/gssapi/mech/gss_names.c
View File

@ -27,15 +27,18 @@
*/
#include "mech_locl.h"
RCSID("$Id: gss_names.c 19928 2007-01-16 10:37:54Z lha $");
RCSID("$Id: gss_names.c 21473 2007-07-10 16:29:53Z lha $");
struct _gss_mechanism_name *
_gss_find_mn(struct _gss_name *name, gss_OID mech)
OM_uint32
_gss_find_mn(OM_uint32 *minor_status, struct _gss_name *name, gss_OID mech,
struct _gss_mechanism_name **output_mn)
{
OM_uint32 major_status, minor_status;
OM_uint32 major_status;
gssapi_mech_interface m;
struct _gss_mechanism_name *mn;
*output_mn = NULL;
SLIST_FOREACH(mn, &name->gn_mn, gmn_link) {
if (gss_oid_equal(mech, mn->gmn_mech_oid))
break;
@ -47,34 +50,36 @@ _gss_find_mn(struct _gss_name *name, gss_OID mech)
* MN but it is from a different mech), give up now.
*/
if (!name->gn_value.value)
return (0);
return GSS_S_BAD_NAME;
m = __gss_get_mechanism(mech);
if (!m)
return (0);
return (GSS_S_BAD_MECH);
mn = malloc(sizeof(struct _gss_mechanism_name));
if (!mn)
return (0);
return GSS_S_FAILURE;
major_status = m->gm_import_name(&minor_status,
major_status = m->gm_import_name(minor_status,
&name->gn_value,
(name->gn_type.elements
? &name->gn_type : GSS_C_NO_OID),
&mn->gmn_name);
if (major_status != GSS_S_COMPLETE) {
_gss_mg_error(m, major_status, minor_status);
_gss_mg_error(m, major_status, *minor_status);
free(mn);
return (0);
return major_status;
}
mn->gmn_mech = m;
mn->gmn_mech_oid = &m->gm_mech_oid;
SLIST_INSERT_HEAD(&name->gn_mn, mn, gmn_link);
}
return (mn);
*output_mn = mn;
return 0;
}
/*
* Make a name from an MN.
*/

5
source/heimdal/lib/gssapi/mech/gss_oid_to_str.c
View File

@ -32,7 +32,7 @@
*/
#include "mech_locl.h"
RCSID("$Id: gss_oid_to_str.c 19963 2007-01-17 16:01:22Z lha $");
RCSID("$Id: gss_oid_to_str.c 21409 2007-07-04 14:19:11Z lha $");
OM_uint32
gss_oid_to_str(OM_uint32 *minor_status, gss_OID oid, gss_buffer_t oid_str)
@ -44,6 +44,9 @@ gss_oid_to_str(OM_uint32 *minor_status, gss_OID oid, gss_buffer_t oid_str)
_mg_buffer_zero(oid_str);
if (oid == GSS_C_NULL_OID)
return GSS_S_FAILURE;
ret = der_get_oid (oid->elements, oid->length, &o, &size);
if (ret) {
*minor_status = ret;

7
source/heimdal/lib/gssapi/mech/name.h
View File

@ -24,7 +24,7 @@
* SUCH DAMAGE.
*
* $FreeBSD: src/lib/libgssapi/name.h,v 1.1 2005/12/29 14:40:20 dfr Exp $
* $Id: name.h 18246 2006-10-05 18:36:07Z lha $
* $Id: name.h 21477 2007-07-10 16:31:44Z lha $
*/
struct _gss_mechanism_name {
@ -41,7 +41,8 @@ struct _gss_name {
struct _gss_mechanism_name_list gn_mn; /* list of MNs */
};
struct _gss_mechanism_name *
_gss_find_mn(struct _gss_name *name, gss_OID mech);
OM_uint32
_gss_find_mn(OM_uint32 *, struct _gss_name *, gss_OID,
struct _gss_mechanism_name **);
struct _gss_name *
_gss_make_name(gssapi_mech_interface m, gss_name_t new_mn);

17
source/heimdal/lib/gssapi/spnego/accept_sec_context.c
View File

@ -33,7 +33,7 @@
#include "spnego/spnego_locl.h"
RCSID("$Id: accept_sec_context.c 21243 2007-06-20 15:16:22Z lha $");
RCSID("$Id: accept_sec_context.c 21461 2007-07-10 14:01:13Z lha $");
static OM_uint32
send_reject (OM_uint32 *minor_status,
@ -555,24 +555,17 @@ acceptor_start
int get_mic = 0;
int first_ok = 0;
if (src_name)
*src_name = GSS_C_NO_NAME;
mech_output_token.value = NULL;
mech_output_token.length = 0;
mech_buf.value = NULL;
if (*context_handle == GSS_C_NO_CONTEXT) {
ret = _gss_spnego_alloc_sec_context(minor_status,
context_handle);
if (input_token_buffer->length == 0)
return send_supported_mechs (minor_status, output_token);
ret = _gss_spnego_alloc_sec_context(minor_status, context_handle);
if (ret != GSS_S_COMPLETE)
return ret;
if (input_token_buffer->length == 0) {
return send_supported_mechs (minor_status, output_token);
}
}
ctx = (gssspnego_ctx)*context_handle;
/*

13
source/heimdal/lib/gssapi/spnego/spnego.asn1
View File

@ -1,4 +1,4 @@
-- $Id: spnego.asn1 19420 2006-12-18 18:28:49Z lha $
-- $Id: spnego.asn1 21403 2007-07-04 08:13:12Z lha $
SPNEGO DEFINITIONS ::=
BEGIN
@ -27,15 +27,15 @@ NegTokenInitWin ::= SEQUENCE {
reqFlags [1] ContextFlags OPTIONAL,
mechToken [2] OCTET STRING OPTIONAL,
negHints [3] NegHints OPTIONAL
}
}
NegTokenInit ::= SEQUENCE {
mechTypes [0] MechTypeList,
reqFlags [1] ContextFlags OPTIONAL,
mechToken [2] OCTET STRING OPTIONAL,
mechListMIC [3] OCTET STRING OPTIONAL
}
mechListMIC [3] OCTET STRING OPTIONAL,
...
}
-- NB: negResult is not OPTIONAL in the new SPNEGO spec but
-- Windows clients do not always send it
@ -47,7 +47,8 @@ NegTokenResp ::= SEQUENCE {
request-mic (3) } OPTIONAL,
supportedMech [1] MechType OPTIONAL,
responseToken [2] OCTET STRING OPTIONAL,
mechListMIC [3] OCTET STRING OPTIONAL
mechListMIC [3] OCTET STRING OPTIONAL,
...
}
NegotiationToken ::= CHOICE {

12
source/heimdal/lib/hcrypto/hmac.c
View File

@ -52,8 +52,10 @@ HMAC_Init_ex(HMAC_CTX *ctx,
if (ctx->md != md) {
ctx->md = md;
if (ctx->buf)
if (ctx->buf) {
memset(ctx->buf, 0, ctx->key_length);
free (ctx->buf);
}
ctx->key_length = EVP_MD_size(ctx->md);
ctx->buf = malloc(ctx->key_length);
}
@ -67,10 +69,14 @@ HMAC_Init_ex(HMAC_CTX *ctx,
keylen = EVP_MD_size(ctx->md);
}
if (ctx->opad)
if (ctx->opad) {
memset(ctx->opad, 0, ctx->key_length);
free(ctx->opad);
if (ctx->ipad)
}
if (ctx->ipad) {
memset(ctx->ipad, 0, ctx->key_length);
free(ctx->ipad);
}
ctx->opad = malloc(EVP_MD_block_size(ctx->md));
ctx->ipad = malloc(EVP_MD_block_size(ctx->md));

4
source/heimdal/lib/hx509/ca.c
View File

@ -33,7 +33,7 @@
#include "hx_locl.h"
#include <pkinit_asn1.h>
RCSID("$Id: ca.c 20904 2007-06-05 01:58:45Z lha $");
RCSID("$Id: ca.c 21379 2007-06-28 07:38:17Z lha $");
struct hx509_ca_tbs {
hx509_name subject;
@ -1002,7 +1002,7 @@ ca_sign(hx509_context context,
if (size != data.length)
_hx509_abort("internal ASN.1 encoder error");
ret = add_extension(context, tbsc, 0,
oid_id_pe_proxyCertInfo(),
oid_id_pkix_pe_proxyCertInfo(),
&data);
free(data.data);
if (ret)

4
source/heimdal/lib/hx509/cert.c
View File

@ -32,7 +32,7 @@
*/
#include "hx_locl.h"
RCSID("$Id: cert.c 21294 2007-06-25 14:37:15Z lha $");
RCSID("$Id: cert.c 21380 2007-06-28 07:38:38Z lha $");
#include "crypto-headers.h"
#include <rtbl.h>
@ -898,7 +898,7 @@ is_proxy_cert(hx509_context context,
if (rinfo)
memset(rinfo, 0, sizeof(*rinfo));
e = find_extension(cert, oid_id_pe_proxyCertInfo(), &i);
e = find_extension(cert, oid_id_pkix_pe_proxyCertInfo(), &i);
if (e == NULL) {
hx509_clear_error_string(context);
return HX509_EXTENSION_NOT_FOUND;

32
source/heimdal/lib/hx509/hx509-private.h
View File

@ -314,14 +314,6 @@ _hx509_pbe_decrypt (
const heim_octet_string */*econtent*/,
heim_octet_string */*content*/);
int
_hx509_pbe_encrypt (
hx509_context /*context*/,
hx509_lock /*lock*/,
const AlgorithmIdentifier */*ai*/,
const heim_octet_string */*content*/,
heim_octet_string */*econtent*/);
void
_hx509_pi_printf (
int (*/*func*/)(void *, const char *),
@ -422,35 +414,11 @@ _hx509_request_add_email (
void
_hx509_request_free (hx509_request */*req*/);
int
_hx509_request_get_SubjectPublicKeyInfo (
hx509_context /*context*/,
hx509_request /*req*/,
SubjectPublicKeyInfo */*key*/);
int
_hx509_request_get_name (
hx509_context /*context*/,
hx509_request /*req*/,
hx509_name */*name*/);
int
_hx509_request_init (
hx509_context /*context*/,
hx509_request */*req*/);
int
_hx509_request_parse (
hx509_context /*context*/,
const char */*path*/,
hx509_request */*req*/);
int
_hx509_request_print (
hx509_context /*context*/,
hx509_request /*req*/,
FILE */*f*/);
int
_hx509_request_set_SubjectPublicKeyInfo (
hx509_context /*context*/,

11
source/heimdal/lib/hx509/ks_p11.c
View File

@ -32,7 +32,7 @@
*/
#include "hx_locl.h"
RCSID("$Id: ks_p11.c 21085 2007-06-13 06:39:53Z lha $");
RCSID("$Id: ks_p11.c 21387 2007-06-28 08:53:45Z lha $");
#ifdef HAVE_DLFCN_H
#include <dlfcn.h>
#endif
@ -1129,8 +1129,17 @@ p11_printinfo(hx509_context context,
MECHNAME(CKM_RSA_X_509, "rsa-x-509");
MECHNAME(CKM_MD5_RSA_PKCS, "md5-rsa-pkcs");
MECHNAME(CKM_SHA1_RSA_PKCS, "sha1-rsa-pkcs");
MECHNAME(CKM_SHA256_RSA_PKCS, "sha256-rsa-pkcs");
MECHNAME(CKM_SHA384_RSA_PKCS, "sha384-rsa-pkcs");
MECHNAME(CKM_SHA512_RSA_PKCS, "sha512-rsa-pkcs");
MECHNAME(CKM_RIPEMD160_RSA_PKCS, "ripemd160-rsa-pkcs");
MECHNAME(CKM_RSA_PKCS_OAEP, "rsa-pkcs-oaep");
MECHNAME(CKM_SHA512_HMAC, "sha512-hmac");
MECHNAME(CKM_SHA512, "sha512");
MECHNAME(CKM_SHA384_HMAC, "sha384-hmac");
MECHNAME(CKM_SHA384, "sha384");
MECHNAME(CKM_SHA256_HMAC, "sha256-hmac");
MECHNAME(CKM_SHA256, "sha256");
MECHNAME(CKM_SHA_1, "sha1");
MECHNAME(CKM_MD5, "md5");
MECHNAME(CKM_MD2, "md2");

4
source/heimdal/lib/hx509/peer.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2006 Kungliga Tekniska Högskolan
* Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -32,7 +32,7 @@
*/
#include "hx_locl.h"
RCSID("$Id: peer.c 20938 2007-06-06 20:51:34Z lha $");
RCSID("$Id: peer.c 21481 2007-07-10 16:33:23Z lha $");
int
hx509_peer_info_alloc(hx509_context context, hx509_peer_info *peer)

48
source/heimdal/lib/hx509/print.c
View File

@ -32,7 +32,7 @@
*/
#include "hx_locl.h"
RCSID("$Id: print.c 20908 2007-06-05 02:59:33Z lha $");
RCSID("$Id: print.c 21381 2007-06-28 08:29:22Z lha $");
struct hx509_validate_ctx_data {
@ -591,11 +591,50 @@ check_proxyCertInfo(hx509_validate_ctx ctx,
enum critical_flag cf,
const Extension *e)
{
check_Null(ctx, status, cf, e);
status->isproxy = 1;
return 0;
}
static int
check_authorityInfoAccess(hx509_validate_ctx ctx,
struct cert_status *status,
enum critical_flag cf,
const Extension *e)
{
AuthorityInfoAccessSyntax aia;
size_t size;
int ret, i;
check_Null(ctx, status, cf, e);
ret = decode_AuthorityInfoAccessSyntax(e->extnValue.data,
e->extnValue.length,
&aia, &size);
if (ret) {
printf("\tret = %d while decoding AuthorityInfoAccessSyntax\n", ret);
return 0;
}
for (i = 0; i < aia.len; i++) {
char *str;
validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
"\ttype: ");
hx509_oid_print(&aia.val[i].accessMethod, validate_vprint, ctx);
hx509_general_name_unparse(&aia.val[i].accessLocation, &str);
validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
"\n\tdirname: %s\n", str);
free(str);
}
free_AuthorityInfoAccessSyntax(&aia);
return 0;
}
/*
*
*/
struct {
const char *name;
const heim_oid *(*oid)(void);
@ -628,8 +667,11 @@ struct {
{ ext(extKeyUsage, Null), D_C },
{ ext(freshestCRL, Null), M_N_C },
{ ext(inhibitAnyPolicy, Null), M_C },
{ "proxyCertInfo", oid_id_pe_proxyCertInfo,
check_proxyCertInfo, M_C },
#undef ext
#define ext(name, checkname) #name, &oid_id_pkix_pe_##name, check_##checkname
{ ext(proxyCertInfo, proxyCertInfo), M_C },
{ ext(authorityInfoAccess, authorityInfoAccess), M_C },
#undef ext
{ "US Fed PKI - PIV Interim", oid_id_uspkicommon_piv_interim,
check_Null, D_C },
{ "Netscape cert comment", oid_id_netscape_cert_comment,

39
source/heimdal/lib/krb5/cache.c
View File

@ -33,7 +33,7 @@
#include "krb5_locl.h"
RCSID("$Id: cache.c 20503 2007-04-21 22:03:56Z lha $");
RCSID("$Id: cache.c 21498 2007-07-11 09:41:43Z lha $");
/*
* Add a new ccache type with operations `ops', overwriting any
@ -338,6 +338,35 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
return 0;
}
/*
* Return non-zero if envirnoment that will determine default krb5cc
* name has changed.
*/
static int
environment_changed(krb5_context context)
{
const char *e;
if(issuid())
return 0;
e = getenv("KRB5CCNAME");
if (e == NULL) {
if (context->default_cc_name_env) {
free(context->default_cc_name_env);
context->default_cc_name_env = NULL;
return 1;
}
} else {
if (context->default_cc_name_env == NULL)
return 1;
if (strcmp(e, context->default_cc_name_env) != 0)
return 1;
}
return 0;
}
/*
* Set the default cc name for `context' to `name'.
*/
@ -353,8 +382,12 @@ krb5_cc_set_default_name(krb5_context context, const char *name)
if(!issuid()) {
e = getenv("KRB5CCNAME");
if (e)
if (e) {
p = strdup(e);
if (context->default_cc_name_env)
free(context->default_cc_name_env);
context->default_cc_name_env = strdup(e);
}
}
if (e == NULL) {
e = krb5_config_get_string(context, NULL, "libdefaults",
@ -389,7 +422,7 @@ krb5_cc_set_default_name(krb5_context context, const char *name)
const char* KRB5_LIB_FUNCTION
krb5_cc_default_name(krb5_context context)
{
if (context->default_cc_name == NULL)
if (context->default_cc_name == NULL || environment_changed(context))
krb5_cc_set_default_name(context, NULL);
return context->default_cc_name;

6
source/heimdal/lib/krb5/changepw.c
View File

@ -33,7 +33,7 @@
#include <krb5_locl.h>
RCSID("$Id: changepw.c 17442 2006-05-05 09:31:15Z lha $");
RCSID("$Id: changepw.c 21505 2007-07-12 12:28:38Z lha $");
static void
str2data (krb5_data *d,
@ -46,10 +46,12 @@ str2data (krb5_data *d,
...)
{
va_list args;
char *str;
va_start(args, fmt);
d->length = vasprintf ((char **)&d->data, fmt, args);
d->length = vasprintf (&str, fmt, args);
va_end(args);
d->data = str;
}
/*

12
source/heimdal/lib/krb5/get_cred.c
View File

@ -33,7 +33,7 @@
#include <krb5_locl.h>
RCSID("$Id: get_cred.c 21327 2007-06-26 10:54:15Z lha $");
RCSID("$Id: get_cred.c 21669 2007-07-22 11:29:13Z lha $");
/*
* Take the `body' and encode it into `padata' using the credentials
@ -1224,9 +1224,10 @@ krb5_get_renewed_creds(krb5_context context,
{
krb5_error_code ret;
krb5_kdc_flags flags;
krb5_creds in, *template;
krb5_creds in, *template, *out = NULL;
memset(&in, 0, sizeof(in));
memset(creds, 0, sizeof(*creds));
ret = krb5_copy_principal(context, client, &in.client);
if (ret)
@ -1263,9 +1264,14 @@ krb5_get_renewed_creds(krb5_context context,
krb5_free_creds (context, template);
}
ret = krb5_get_kdc_cred(context, ccache, flags, NULL, NULL, &in, &creds);
ret = krb5_get_kdc_cred(context, ccache, flags, NULL, NULL, &in, &out);
krb5_free_principal(context, in.client);
krb5_free_principal(context, in.server);
if (ret)
return ret;
ret = krb5_copy_creds_contents(context, out, creds);
krb5_free_creds(context, out);
return ret;
}

7
source/heimdal/lib/krb5/init_creds.c
View File

@ -33,7 +33,7 @@
#include "krb5_locl.h"
RCSID("$Id: init_creds.c 20541 2007-04-23 12:19:14Z lha $");
RCSID("$Id: init_creds.c 21712 2007-07-27 14:23:41Z lha $");
void KRB5_LIB_FUNCTION
krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt)
@ -225,9 +225,8 @@ krb5_get_init_creds_opt_set_default_flags(krb5_context context,
krb5_get_init_creds_opt_set_renew_life(opt, t);
krb5_appdefault_boolean(context, appname, realm, "no-addresses",
FALSE, &b);
if (b)
krb5_get_init_creds_opt_set_addressless (context, opt, TRUE);
KRB5_ADDRESSLESS_DEFAULT, &b);
krb5_get_init_creds_opt_set_addressless (context, opt, b);
#if 0
krb5_appdefault_boolean(context, appname, realm, "anonymous", FALSE, &b);

4
source/heimdal/lib/krb5/init_creds_pw.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,7 +33,7 @@
#include "krb5_locl.h"
RCSID("$Id: init_creds_pw.c 21061 2007-06-12 17:56:30Z lha $");
RCSID("$Id: init_creds_pw.c 21428 2007-07-10 12:31:58Z lha $");
typedef struct krb5_get_init_creds_ctx {
KDCOptions flags;

4
source/heimdal/lib/krb5/krb5-private.h
View File

@ -383,7 +383,7 @@ _krb5_pk_verify_sign (
krb5_error_code
_krb5_plugin_find (
krb5_context /*context*/,
enum plugin_type /*type*/,
enum krb5_plugin_type /*type*/,
const char */*name*/,
struct krb5_plugin **/*list*/);
@ -399,7 +399,7 @@ _krb5_plugin_get_symbol (struct krb5_plugin */*p*/);
krb5_error_code
_krb5_plugin_register (
krb5_context /*context*/,
enum plugin_type /*type*/,
enum krb5_plugin_type /*type*/,
const char */*name*/,
void */*symbol*/);

8
source/heimdal/lib/krb5/krb5-protos.h
View File

@ -2243,14 +2243,6 @@ krb5_get_pw_salt (
krb5_const_principal /*principal*/,
krb5_salt */*salt*/);
krb5_error_code KRB5_LIB_FUNCTION
krb5_get_renewed_creds (
krb5_context /*context*/,
krb5_creds */*creds*/,
krb5_const_principal /*client*/,
krb5_ccache /*ccache*/,
const char */*in_tkt_service*/);
krb5_error_code KRB5_LIB_FUNCTION
krb5_get_server_rcache (
krb5_context /*context*/,

50
source/heimdal/lib/krb5/krb5-v4compat.h
View File

@ -31,11 +31,13 @@
* SUCH DAMAGE.
*/
/* $Id: krb5-v4compat.h 17442 2006-05-05 09:31:15Z lha $ */
/* $Id: krb5-v4compat.h 21575 2007-07-16 07:44:54Z lha $ */
#ifndef __KRB5_V4COMPAT_H__
#define __KRB5_V4COMPAT_H__
#include "krb_err.h"
/*
* This file must only be included with v4 compat glue stuff in
* heimdal sources.
@ -57,56 +59,10 @@
#define AUTH_MSG_KDC_RENEW (10<<1)
#define AUTH_MSG_DIE (63<<1)
/* values for kerb error codes */
#define KERB_ERR_OK 0
#define KERB_ERR_NAME_EXP 1
#define KERB_ERR_SERVICE_EXP 2
#define KERB_ERR_AUTH_EXP 3
#define KERB_ERR_PKT_VER 4
#define KERB_ERR_NAME_MAST_KEY_VER 5
#define KERB_ERR_SERV_MAST_KEY_VER 6
#define KERB_ERR_BYTE_ORDER 7
#define KERB_ERR_PRINCIPAL_UNKNOWN 8
#define KERB_ERR_PRINCIPAL_NOT_UNIQUE 9
#define KERB_ERR_NULL_KEY 10
#define KERB_ERR_TIMEOUT 11
/* Error codes returned from the KDC */
#define KDC_OK 0 /* Request OK */
#define KDC_NAME_EXP 1 /* Principal expired */
#define KDC_SERVICE_EXP 2 /* Service expired */
#define KDC_AUTH_EXP 3 /* Auth expired */
#define KDC_PKT_VER 4 /* Protocol version unknown */
#define KDC_P_MKEY_VER 5 /* Wrong master key version */
#define KDC_S_MKEY_VER 6 /* Wrong master key version */
#define KDC_BYTE_ORDER 7 /* Byte order unknown */
#define KDC_PR_UNKNOWN 8 /* Principal unknown */
#define KDC_PR_N_UNIQUE 9 /* Principal not unique */
#define KDC_NULL_KEY 10 /* Principal has null key */
#define KDC_GEN_ERR 20 /* Generic error from KDC */
/* General definitions */
#define KSUCCESS 0
#define KFAILURE 255
/* Values returned by rd_ap_req */
#define RD_AP_OK 0 /* Request authentic */
#define RD_AP_UNDEC 31 /* Can't decode authenticator */
#define RD_AP_EXP 32 /* Ticket expired */
#define RD_AP_NYV 33 /* Ticket not yet valid */
#define RD_AP_REPEAT 34 /* Repeated request */
#define RD_AP_NOT_US 35 /* The ticket isn't for us */
#define RD_AP_INCON 36 /* Request is inconsistent */
#define RD_AP_TIME 37 /* delta_t too big */
#define RD_AP_BADD 38 /* Incorrect net address */
#define RD_AP_VERSION 39 /* protocol version mismatch */
#define RD_AP_MSG_TYPE 40 /* invalid msg type */
#define RD_AP_MODIFIED 41 /* message stream modified */
#define RD_AP_ORDER 42 /* message out of order */
#define RD_AP_UNAUTHOR 43 /* unauthorized request */
/* */
#define MAX_KTXT_LEN 1250

13
source/heimdal/lib/krb5/krb5.h
View File

@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
/* $Id: krb5.h 21252 2007-06-21 04:18:28Z lha $ */
/* $Id: krb5.h 21551 2007-07-15 09:03:39Z lha $ */
#ifndef __KRB5_H__
#define __KRB5_H__
@ -436,11 +436,6 @@ typedef struct krb5_config_binding krb5_config_binding;
typedef krb5_config_binding krb5_config_section;
enum {
KRB5_PKINIT_WIN2K = 1, /* wire compatible with Windows 2k */
KRB5_PKINIT_PACKET_CABLE = 2 /* use packet cable standard */
};
typedef struct krb5_ticket {
EncTicketPart ticket;
krb5_principal client;
@ -766,6 +761,12 @@ typedef struct krb5_sendto_ctx *krb5_sendto_ctx;
typedef krb5_error_code (*krb5_sendto_ctx_func)(krb5_context, krb5_sendto_ctx, void *, const krb5_data *, int *);
struct krb5_plugin;
enum krb5_plugin_type {
PLUGIN_TYPE_DATA = 1,
PLUGIN_TYPE_FUNC
};
struct credentials; /* this is to keep the compiler happy */
struct getargs;
struct sockaddr;

10
source/heimdal/lib/krb5/krb5_locl.h
View File

@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
/* $Id: krb5_locl.h 20261 2007-02-18 00:32:22Z lha $ */
/* $Id: krb5_locl.h 21552 2007-07-15 09:04:00Z lha $ */
#ifndef __KRB5_LOCL_H__
#define __KRB5_LOCL_H__
@ -148,12 +148,6 @@ struct krb5_dh_moduli;
/* v4 glue */
struct _krb5_krb_auth_data;
struct krb5_plugin;
enum plugin_type {
PLUGIN_TYPE_DATA = 1,
PLUGIN_TYPE_FUNC
};
#include <der.h>
#include <krb5.h>
@ -236,7 +230,7 @@ typedef struct krb5_context_data {
char error_buf[256];
krb5_addresses *ignore_addresses;
char *default_cc_name;
int pkinit_flags;
char *default_cc_name_env;
void *mutex; /* protects error_string/error_buf */
int large_msg_size;
int dns_canonicalize_hostname;

63
source/heimdal/lib/krb5/krb_err.et Normal file
View File

@ -0,0 +1,63 @@
#
# Error messages for the krb4 library
#
# This might look like a com_err file, but is not
#
id "$Id: krb_err.et,v 1.7 1998/03/29 14:19:52 bg Exp $"
error_table krb
prefix KRB4ET
ec KSUCCESS, "Kerberos 4 successful"
ec KDC_NAME_EXP, "Kerberos 4 principal expired"
ec KDC_SERVICE_EXP, "Kerberos 4 service expired"
ec KDC_AUTH_EXP, "Kerberos 4 auth expired"
ec KDC_PKT_VER, "Incorrect Kerberos 4 master key version"
ec KDC_P_MKEY_VER, "Incorrect Kerberos 4 master key version"
ec KDC_S_MKEY_VER, "Incorrect Kerberos 4 master key version"
ec KDC_BYTE_ORDER, "Kerberos 4 byte order unknown"
ec KDC_PR_UNKNOWN, "Kerberos 4 principal unknown"
ec KDC_PR_N_UNIQUE, "Kerberos 4 principal not unique"
ec KDC_NULL_KEY, "Kerberos 4 principal has null key"
index 20
ec KDC_GEN_ERR, "Generic error from KDC (Kerberos 4)"
ec GC_TKFIL, "Can't read Kerberos 4 ticket file"
ec GC_NOTKT, "Can't find Kerberos 4 ticket or TGT"
index 26
ec MK_AP_TGTEXP, "Kerberos 4 TGT Expired"
index 31
ec RD_AP_UNDEC, "Kerberos 4: Can't decode authenticator"
ec RD_AP_EXP, "Kerberos 4 ticket expired"
ec RD_AP_NYV, "Kerberos 4 ticket not yet valid"
ec RD_AP_REPEAT, "Kerberos 4: Repeated request"
ec RD_AP_NOT_US, "The Kerberos 4 ticket isn't for us"
ec RD_AP_INCON, "Kerberos 4 request inconsistent"
ec RD_AP_TIME, "Kerberos 4: delta_t too big"
ec RD_AP_BADD, "Kerberos 4: incorrect net address"
ec RD_AP_VERSION, "Kerberos protocol not version 4"
ec RD_AP_MSG_TYPE, "Kerberos 4: invalid msg type"
ec RD_AP_MODIFIED, "Kerberos 4: message stream modified"
ec RD_AP_ORDER, "Kerberos 4: message out of order"
ec RD_AP_UNAUTHOR, "Kerberos 4: unauthorized request"
index 51
ec GT_PW_NULL, "Kerberos 4: current PW is null"
ec GT_PW_BADPW, "Kerberos 4: Incorrect current password"
ec GT_PW_PROT, "Kerberos 4 protocol error"
ec GT_PW_KDCERR, "Error returned by KDC (Kerberos 4)"
ec GT_PW_NULLTKT, "Null Kerberos 4 ticket returned by KDC"
ec SKDC_RETRY, "Kerberos 4: Retry count exceeded"
ec SKDC_CANT, "Kerberos 4: Can't send request"
index 61
ec INTK_W_NOTALL, "Kerberos 4: not all tickets returned"
ec INTK_BADPW, "Kerberos 4: incorrect password"
ec INTK_PROT, "Kerberos 4: Protocol Error"
index 70
ec INTK_ERR, "Other error in Kerberos 4"
ec AD_NOTGT, "Don't have Kerberos 4 ticket-granting ticket"
index 76
ec NO_TKT_FIL, "No Kerberos 4 ticket file found"
ec TKT_FIL_ACC, "Couldn't access Kerberos 4 ticket file"
ec TKT_FIL_LCK, "Couldn't lock Kerberos 4 ticket file"
ec TKT_FIL_FMT, "Bad Kerberos 4 ticket file format"
ec TKT_FIL_INI, "Kerberos 4: tf_init not called first"
ec KNAME_FMT, "Bad Kerberos 4 name format"

6
source/heimdal/lib/krb5/krbhst.c
View File

@ -35,7 +35,7 @@
#include <resolve.h>
#include "locate_plugin.h"
RCSID("$Id: krbhst.c 21131 2007-06-18 20:48:09Z lha $");
RCSID("$Id: krbhst.c 21457 2007-07-10 12:53:25Z lha $");
static int
string_to_proto(const char *string)
@ -919,8 +919,10 @@ gethostlist(krb5_context context, const char *realm,
while(krb5_krbhst_next(context, handle, &hostinfo) == 0)
nhost++;
if(nhost == 0)
if(nhost == 0) {
krb5_set_error_string(context, "No KDC found for realm %s", realm);
return KRB5_KDC_UNREACH;
}
*hostlist = calloc(nhost + 1, sizeof(**hostlist));
if(*hostlist == NULL) {
krb5_krbhst_free(context, handle);

52
source/heimdal/lib/krb5/pkinit.c
View File

@ -33,7 +33,7 @@
#include "krb5_locl.h"
RCSID("$Id: pkinit.c 21321 2007-06-26 05:21:56Z lha $");
RCSID("$Id: pkinit.c 21684 2007-07-23 23:09:10Z lha $");
struct krb5_dh_moduli {
char *name;
@ -645,8 +645,6 @@ _krb5_pk_mk_padata(krb5_context context,
req_body->realm,
"pkinit_win2k",
NULL);
if (context->pkinit_flags & KRB5_PKINIT_WIN2K)
win2k_compat = 1;
if (win2k_compat) {
ctx->require_binding =
@ -1721,7 +1719,7 @@ _krb5_free_moduli(struct krb5_dh_moduli **moduli)
free(moduli);
}
static const char *default_moduli =
static const char *default_moduli_RFC2412_MODP_group2 =
/* name */
"RFC2412-MODP-group2 "
/* bits */
@ -1743,6 +1741,37 @@ static const char *default_moduli =
"F71C35FD" "AD44CFD2" "D74F9208" "BE258FF3" "24943328" "F67329C0"
"FFFFFFFF" "FFFFFFFF";
static const char *default_moduli_rfc3526_MODP_group14 =
/* name */
"rfc3526-MODP-group14 "
/* bits */
"1760 "
/* p */
"FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
"29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD"
"EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245"
"E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED"
"EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE45B3D"
"C2007CB8" "A163BF05" "98DA4836" "1C55D39A" "69163FA8" "FD24CF5F"
"83655D23" "DCA3AD96" "1C62F356" "208552BB" "9ED52907" "7096966D"
"670C354E" "4ABC9804" "F1746C08" "CA18217C" "32905E46" "2E36CE3B"
"E39E772C" "180E8603" "9B2783A2" "EC07A28F" "B5C55DF0" "6F4C52C9"
"DE2BCBF6" "95581718" "3995497C" "EA956AE5" "15D22618" "98FA0510"
"15728E5A" "8AACAA68" "FFFFFFFF" "FFFFFFFF "
/* g */
"02 "
/* q */
"7FFFFFFF" "FFFFFFFF" "E487ED51" "10B4611A" "62633145" "C06E0E68"
"94812704" "4533E63A" "0105DF53" "1D89CD91" "28A5043C" "C71A026E"
"F7CA8CD9" "E69D218D" "98158536" "F92F8A1B" "A7F09AB6" "B6A8E122"
"F242DABB" "312F3F63" "7A262174" "D31BF6B5" "85FFAE5B" "7A035BF6"
"F71C35FD" "AD44CFD2" "D74F9208" "BE258FF3" "24943328" "F6722D9E"
"E1003E5C" "50B1DF82" "CC6D241B" "0E2AE9CD" "348B1FD4" "7E9267AF"
"C1B2AE91" "EE51D6CB" "0E3179AB" "1042A95D" "CF6A9483" "B84B4B36"
"B3861AA7" "255E4C02" "78BA3604" "650C10BE" "19482F23" "171B671D"
"F1CF3B96" "0C074301" "CD93C1D1" "7603D147" "DAE2AEF8" "37A62964"
"EF15E5FB" "4AAC0B8C" "1CCAA4BE" "754AB572" "8AE9130C" "4C7D0288"
"0AB9472D" "45565534" "7FFFFFFF" "FFFFFFFF";
krb5_error_code
_krb5_parse_moduli(krb5_context context, const char *file,
@ -1757,19 +1786,28 @@ _krb5_parse_moduli(krb5_context context, const char *file,
*moduli = NULL;
m = calloc(1, sizeof(m[0]) * 2);
m = calloc(1, sizeof(m[0]) * 3);
if (m == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
strlcpy(buf, default_moduli, sizeof(buf));
strlcpy(buf, default_moduli_rfc3526_MODP_group14, sizeof(buf));
ret = _krb5_parse_moduli_line(context, "builtin", 1, buf, &m[0]);
if (ret) {
_krb5_free_moduli(m);
return ret;
}
n = 1;
n++;
strlcpy(buf, default_moduli_RFC2412_MODP_group2, sizeof(buf));
ret = _krb5_parse_moduli_line(context, "builtin", 1, buf, &m[1]);
if (ret) {
_krb5_free_moduli(m);
return ret;
}
n++;
if (file == NULL)
file = MODULI_FILE;

16
source/heimdal/lib/krb5/plugin.c
View File

@ -32,7 +32,7 @@
*/
#include "krb5_locl.h"
RCSID("$Id: plugin.c 21134 2007-06-18 21:02:23Z lha $");
RCSID("$Id: plugin.c 21702 2007-07-26 19:13:53Z lha $");
#ifdef HAVE_DLFCN_H
#include <dlfcn.h>
#endif
@ -45,7 +45,7 @@ struct krb5_plugin {
};
struct plugin {
enum plugin_type type;
enum krb5_plugin_type type;
void *name;
void *symbol;
struct plugin *next;
@ -76,9 +76,11 @@ _krb5_plugin_get_next(struct krb5_plugin *p)
*
*/
#ifdef HAVE_DLOPEN
static krb5_error_code
loadlib(krb5_context context,
enum plugin_type type,
enum krb5_plugin_type type,
const char *name,
const char *lib,
struct krb5_plugin **e)
@ -113,10 +115,11 @@ loadlib(krb5_context context,
return 0;
}
#endif /* HAVE_DLOPEN */
krb5_error_code
_krb5_plugin_register(krb5_context context,
enum plugin_type type,
enum krb5_plugin_type type,
const char *name,
void *symbol)
{
@ -146,7 +149,7 @@ _krb5_plugin_register(krb5_context context,
krb5_error_code
_krb5_plugin_find(krb5_context context,
enum plugin_type type,
enum krb5_plugin_type type,
const char *name,
struct krb5_plugin **list)
{
@ -181,6 +184,8 @@ _krb5_plugin_find(krb5_context context,
}
HEIMDAL_MUTEX_unlock(&plugin_mutex);
#ifdef HAVE_DLOPEN
dirs = krb5_config_get_strings(context, NULL, "libdefaults",
"plugin_dir", NULL);
if (dirs == NULL) {
@ -213,6 +218,7 @@ _krb5_plugin_find(krb5_context context,
}
if (dirs != sysdirs)
krb5_config_free_strings(dirs);
#endif /* HAVE_DLOPEN */
if (*list == NULL) {
krb5_set_error_string(context, "Did not find a plugin for %s", name);

16
source/heimdal/lib/krb5/rd_priv.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997-2003 Kungliga Tekniska Högskolan
* Copyright (c) 1997-2007 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,7 +33,7 @@
#include <krb5_locl.h>
RCSID("$Id: rd_priv.c 17056 2006-04-12 16:18:10Z lha $");
RCSID("$Id: rd_priv.c 21770 2007-08-01 04:04:33Z lha $");
krb5_error_code KRB5_LIB_FUNCTION
krb5_rd_priv(krb5_context context,
@ -55,13 +55,17 @@ krb5_rd_priv(krb5_context context,
if ((auth_context->flags &
(KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
outdata == NULL)
outdata == NULL) {
krb5_clear_error_string (context);
return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */
}
memset(&priv, 0, sizeof(priv));
ret = decode_KRB_PRIV (inbuf->data, inbuf->length, &priv, &len);
if (ret)
if (ret) {
krb5_clear_error_string (context);
goto failure;
}
if (priv.pvno != 5) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_BADVERSION;
@ -94,8 +98,10 @@ krb5_rd_priv(krb5_context context,
ret = decode_EncKrbPrivPart (plain.data, plain.length, &part, &len);
krb5_data_free (&plain);
if (ret)
if (ret) {
krb5_clear_error_string (context);
goto failure;
}
/* check sender address */

64
source/heimdal/lib/krb5/v4_glue.c
View File

@ -32,7 +32,7 @@
*/
#include "krb5_locl.h"
RCSID("$Id: v4_glue.c 17442 2006-05-05 09:31:15Z lha $");
RCSID("$Id: v4_glue.c 21572 2007-07-16 05:13:08Z lha $");
#include "krb5-v4compat.h"
@ -351,12 +351,12 @@ storage_to_etext(krb5_context context,
size = krb5_storage_seek(sp, 0, SEEK_END);
if (size < 0)
return EINVAL;
return KRB4ET_RD_AP_UNDEC;
size = 8 - (size & 7);
ret = krb5_storage_write(sp, eightzeros, size);
if (ret != size)
return EINVAL;
return KRB4ET_RD_AP_UNDEC;
ret = krb5_storage_to_data(sp, &data);
if (ret)
@ -435,7 +435,7 @@ _krb5_krb_create_ticket(krb5_context context,
session->keyvalue.data,
session->keyvalue.length);
if (ret != session->keyvalue.length) {
ret = EINVAL;
ret = KRB4ET_INTK_PROT;
goto error;
}
@ -487,7 +487,7 @@ _krb5_krb_create_ciph(krb5_context context,
session->keyvalue.data,
session->keyvalue.length);
if (ret != session->keyvalue.length) {
ret = EINVAL;
ret = KRB4ET_INTK_PROT;
goto error;
}
@ -497,7 +497,7 @@ _krb5_krb_create_ciph(krb5_context context,
RCHECK(ret, krb5_store_int8(sp, ticket->length), error);
ret = krb5_storage_write(sp, ticket->data, ticket->length);
if (ret != ticket->length) {
ret = EINVAL;
ret = KRB4ET_INTK_PROT;
goto error;
}
RCHECK(ret, krb5_store_int32(sp, kdc_time), error);
@ -550,7 +550,7 @@ _krb5_krb_create_auth_reply(krb5_context context,
RCHECK(ret, krb5_store_int16(sp, cipher->length), error);
ret = krb5_storage_write(sp, cipher->data, cipher->length);
if (ret != cipher->length) {
ret = EINVAL;
ret = KRB4ET_INTK_PROT;
goto error;
}
@ -599,6 +599,9 @@ _krb5_krb_cr_err_reply(krb5_context context,
RCHECK(ret, krb5_store_int8(sp, AUTH_MSG_ERR_REPLY), error);
RCHECK(ret, put_nir(sp, name, inst, realm), error);
RCHECK(ret, krb5_store_int32(sp, time_ws), error);
/* If its a Kerberos 4 error-code, remove the et BASE */
if (e >= ERROR_TABLE_BASE_krb && e <= ERROR_TABLE_BASE_krb + 255)
e -= ERROR_TABLE_BASE_krb;
RCHECK(ret, krb5_store_int32(sp, e), error);
RCHECK(ret, krb5_store_stringz(sp, e_string), error);
@ -623,7 +626,7 @@ get_v4_stringz(krb5_storage *sp, char **str, size_t max_len)
if (strlen(*str) > max_len) {
free(*str);
*str = NULL;
return EINVAL;
return KRB4ET_INTK_PROT;
}
return 0;
}
@ -662,7 +665,7 @@ _krb5_krb_decomp_ticket(krb5_context context,
return ENOMEM;
}
krb5_storage_set_eof_code(sp, EINVAL); /* XXX */
krb5_storage_set_eof_code(sp, KRB4ET_INTK_PROT);
RCHECK(ret, krb5_ret_int8(sp, &ad->k_flags), error);
RCHECK(ret, get_v4_stringz(sp, &ad->pname, ANAME_SZ), error);
@ -672,7 +675,7 @@ _krb5_krb_decomp_ticket(krb5_context context,
size = krb5_storage_read(sp, des_key, sizeof(des_key));
if (size != sizeof(des_key)) {
ret = EINVAL; /* XXX */
ret = KRB4ET_INTK_PROT;
goto error;
}
@ -770,26 +773,32 @@ _krb5_krb_rd_req(krb5_context context,
return ENOMEM;
}
krb5_storage_set_eof_code(sp, EINVAL); /* XXX */
krb5_storage_set_eof_code(sp, KRB4ET_INTK_PROT);
ret = krb5_ret_int8(sp, &pvno);
if (ret)
if (ret) {
krb5_set_error_string(context, "Failed reading v4 pvno");
goto error;
}
if (pvno != KRB_PROT_VERSION) {
ret = EINVAL; /* XXX */
ret = KRB4ET_RD_AP_VERSION;
krb5_set_error_string(context, "Failed v4 pvno not 4");
goto error;
}
ret = krb5_ret_int8(sp, &type);
if (ret)
if (ret) {
krb5_set_error_string(context, "Failed readin v4 type");
goto error;
}
little_endian = type & 1;
type &= ~1;
if(type != AUTH_MSG_APPL_REQUEST && type != AUTH_MSG_APPL_REQUEST_MUTUAL) {
ret = EINVAL; /* RD_AP_MSG_TYPE */
ret = KRB4ET_RD_AP_MSG_TYPE;
krb5_set_error_string(context, "Not a valid v4 request type");
goto error;
}
@ -801,7 +810,8 @@ _krb5_krb_rd_req(krb5_context context,
size = krb5_storage_read(sp, ticket.data, ticket.length);
if (size != ticket.length) {
ret = EINVAL;
ret = KRB4ET_INTK_PROT;
krb5_set_error_string(context, "Failed reading v4 ticket");
goto error;
}
@ -815,7 +825,8 @@ _krb5_krb_rd_req(krb5_context context,
size = krb5_storage_read(sp, eaut.data, eaut.length);
if (size != eaut.length) {
ret = EINVAL;
ret = KRB4ET_INTK_PROT;
krb5_set_error_string(context, "Failed reading v4 authenticator");
goto error;
}
@ -828,8 +839,8 @@ _krb5_krb_rd_req(krb5_context context,
sp = krb5_storage_from_data(&aut);
if (sp == NULL) {
krb5_set_error_string(context, "alloc: out of memory");
ret = ENOMEM;
krb5_set_error_string(context, "alloc: out of memory");
goto error;
}
@ -849,19 +860,22 @@ _krb5_krb_rd_req(krb5_context context,
if (strcmp(ad->pname, r_name) != 0 ||
strcmp(ad->pinst, r_instance) != 0 ||
strcmp(ad->prealm, r_realm) != 0) {
ret = EINVAL; /* RD_AP_INCON */
krb5_set_error_string(context, "v4 principal mismatch");
ret = KRB4ET_RD_AP_INCON;
goto error;
}
if (from_addr && from_addr != ad->address) {
ret = EINVAL; /* RD_AP_BADD */
if (from_addr && ad->address && from_addr != ad->address) {
krb5_set_error_string(context, "v4 bad address in ticket");
ret = KRB4ET_RD_AP_BADD;
goto error;
}
gettimeofday(&tv, NULL);
delta_t = abs((int)(tv.tv_sec - r_time_sec));
if (delta_t > CLOCK_SKEW) {
ret = EINVAL; /* RD_AP_TIME */
ret = KRB4ET_RD_AP_TIME;
krb5_set_error_string(context, "v4 clock skew");
goto error;
}
@ -870,12 +884,14 @@ _krb5_krb_rd_req(krb5_context context,
tkt_age = tv.tv_sec - ad->time_sec;
if ((tkt_age < 0) && (-tkt_age > CLOCK_SKEW)) {
ret = EINVAL; /* RD_AP_NYV */
ret = KRB4ET_RD_AP_NYV;
krb5_set_error_string(context, "v4 clock skew for expiration");
goto error;
}
if (tv.tv_sec > _krb5_krb_life_to_time(ad->time_sec, ad->life)) {
ret = EINVAL; /* RD_AP_EXP */
ret = KRB4ET_RD_AP_EXP;
krb5_set_error_string(context, "v4 ticket expired");
goto error;
}

4
source/heimdal/lib/ntlm/ntlm.c
View File

@ -33,7 +33,7 @@
#include <config.h>
RCSID("$Id: ntlm.c 21317 2007-06-25 19:22:02Z lha $");
RCSID("$Id: ntlm.c 21604 2007-07-17 06:48:55Z lha $");
#include <stdio.h>
#include <stdlib.h>
@ -1105,7 +1105,7 @@ heim_ntlm_verify_ntlm2(const void *key, size_t len,
HMAC_CTX_init(&c);
HMAC_Init_ex(&c, ntlmv2, 16, EVP_md5(), NULL);
HMAC_Update(&c, serverchallange, 8);
HMAC_Update(&c, ((char *)answer->data) + 16, answer->length - 16);
HMAC_Update(&c, ((unsigned char *)answer->data) + 16, answer->length - 16);
HMAC_Final(&c, serveranswer, &hmaclen);
HMAC_CTX_cleanup(&c);

8
source/heimdal_build/config.mk
View File

@ -259,7 +259,8 @@ OBJ_FILES = \
../heimdal/lib/krb5/warn.o \
../heimdal/lib/krb5/krb5_err.o \
../heimdal/lib/krb5/heim_err.o \
../heimdal/lib/krb5/k524_err.o
../heimdal/lib/krb5/k524_err.o \
../heimdal/lib/krb5/krb_err.o
# End SUBSYSTEM HEIMDAL_KRB5
#######################
@ -568,10 +569,15 @@ include perl_path_wrapper.sh asn1_deps.pl heimdal/lib/asn1/CMS.asn1 cms_asn1 hei
include perl_path_wrapper.sh asn1_deps.pl heimdal/lib/hx509/ocsp.asn1 ocsp_asn1 heimdal/lib/hx509 --preserve-binary=OCSPTBSRequest --preserve-binary=OCSPResponseData|
include perl_path_wrapper.sh asn1_deps.pl heimdal/lib/asn1/kx509.asn1 kx509_asn1 heimdal/lib/asn1|
include perl_path_wrapper.sh asn1_deps.pl heimdal/lib/hx509/pkcs10.asn1 pkcs10_asn1 heimdal/lib/hx509 --preserve-binary=CertificationRequestInfo|
#
# Ensure to update ../static_deps.mk when you add a new entry here!
#
include perl_path_wrapper.sh et_deps.pl heimdal/lib/asn1/asn1_err.et heimdal/lib/asn1|
include perl_path_wrapper.sh et_deps.pl heimdal/lib/hdb/hdb_err.et heimdal/lib/hdb|
include perl_path_wrapper.sh et_deps.pl heimdal/lib/krb5/heim_err.et heimdal/lib/krb5|
include perl_path_wrapper.sh et_deps.pl heimdal/lib/krb5/k524_err.et heimdal/lib/krb5|
include perl_path_wrapper.sh et_deps.pl heimdal/lib/krb5/krb_err.et heimdal/lib/krb5|
include perl_path_wrapper.sh et_deps.pl heimdal/lib/krb5/krb5_err.et heimdal/lib/krb5|
include perl_path_wrapper.sh et_deps.pl heimdal/lib/gssapi/krb5/gkrb5_err.et heimdal/lib/gssapi|
include perl_path_wrapper.sh et_deps.pl heimdal/lib/hx509/hx509_err.et heimdal/lib/hx509|

1
source/static_deps.mk
View File

@ -35,6 +35,7 @@ heimdal_basics: \
heimdal/lib/hdb/hdb_err.h \
heimdal/lib/krb5/heim_err.h \
heimdal/lib/krb5/k524_err.h \
heimdal/lib/krb5/krb_err.h \
heimdal/lib/krb5/krb5_err.h \
heimdal/lib/gssapi/gkrb5_err.h \
heimdal/lib/hx509/hx509_err.h