sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-09-07 21:44:22 +03:00
Code Activity

s4:heimdal: import lorikeet-heimdal-201001120029 (commit a5e675fed7c5db8a7370b77ed0bfa724196aa84d)

Browse Source
This commit is contained in:
Andrew Bartlett
2010-01-12 18:16:45 +11:00
parent fac8ca52ad
commit 89eaef0253
222 changed files with 4093 additions and 1941 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
source4/heimdal/cf/make-proto.pl
View File

@@ -253,8 +253,14 @@ $private_h_trailer = "";
foreach(sort keys %funcs){ foreach(sort keys %funcs){
if(/^(main)$/) { next } if(/^(main)$/) { next }
if ($funcs{$_} =~ /\^/) {
$beginblock = "#ifdef __BLOCKS__\n";
$endblock = "#endif /* __BLOCKS__ */\n";
} else {
$beginblock = $endblock = "";
}
if(!defined($exported{$_}) && /$private_func_re/) { if(!defined($exported{$_}) && /$private_func_re/) {
$private_h .= $funcs{$_} . "\n\n"; $private_h .= $beginblock . $funcs{$_} . "\n" . $endblock . "\n";
if($funcs{$_} =~ /__attribute__/) { if($funcs{$_} =~ /__attribute__/) {
$private_attribute_seen = 1; $private_attribute_seen = 1;
} }
@@ -267,7 +273,7 @@ foreach(sort keys %funcs){
$public_h .= "#ifndef HAVE_$fupper\n"; $public_h .= "#ifndef HAVE_$fupper\n";
} }
} }
$public_h .= $funcs{$_} . "\n"; $public_h .= $beginblock . $funcs{$_} . "\n" . $endblock;
if($funcs{$_} =~ /__attribute__/) { if($funcs{$_} =~ /__attribute__/) {
$public_attribute_seen = 1; $public_attribute_seen = 1;
} }
@@ -310,26 +316,33 @@ extern \"C\" {
} }
if ($opt_E) { if ($opt_E) {
$public_h_header .= "#ifndef $opt_E $public_h_header .= "#ifndef $opt_E
#ifndef ${opt_E}_FUNCTION
#if defined(_WIN32) #if defined(_WIN32)
#define ${opt_E}_FUNCTION __stdcall __declspec(dllimport) #define ${opt_E}_FUNCTION __declspec(dllimport)
#define ${opt_E}_CALL __stdcall
#define ${opt_E}_VARIABLE __declspec(dllimport) #define ${opt_E}_VARIABLE __declspec(dllimport)
#else #else
#define ${opt_E}_FUNCTION #define ${opt_E}_FUNCTION
#define ${opt_E}_CALL
#define ${opt_E}_VARIABLE #define ${opt_E}_VARIABLE
#endif #endif
#endif #endif
#endif
"; ";
$private_h_header .= "#ifndef $opt_E $private_h_header .= "#ifndef $opt_E
#ifndef ${opt_E}_FUNCTION
#if defined(_WIN32) #if defined(_WIN32)
#define ${opt_E}_FUNCTION __stdcall __declspec(dllimport) #define ${opt_E}_FUNCTION __declspec(dllimport)
#define ${opt_E}_CALL __stdcall
#define ${opt_E}_VARIABLE __declspec(dllimport) #define ${opt_E}_VARIABLE __declspec(dllimport)
#else #else
#define ${opt_E}_FUNCTION #define ${opt_E}_FUNCTION
#define ${opt_E}_CALL
#define ${opt_E}_VARIABLE #define ${opt_E}_VARIABLE
#endif #endif
#endif #endif
#endif
"; ";
} }

81
source4/heimdal/kdc/default_config.c
View File

@@ -1,9 +1,10 @@
/* /*
* Copyright (c) 1997-2007 Kungliga Tekniska Högskolan * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
*
* All rights reserved. * All rights reserved.
* *
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
* are met: * are met:
@@ -215,7 +216,6 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
"kdc", "kdc_warn_pwexpire", NULL); "kdc", "kdc_warn_pwexpire", NULL);
#ifdef PKINIT
c->enable_pkinit = c->enable_pkinit =
krb5_config_get_bool_default(context, krb5_config_get_bool_default(context,
NULL, NULL,
@@ -223,74 +223,73 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
"kdc", "kdc",
"enable-pkinit", "enable-pkinit",
NULL); NULL);
if (c->enable_pkinit) {
const char *user_id, *anchors, *file;
char **pool_list, **revoke_list;
user_id =
c->pkinit_kdc_identity =
krb5_config_get_string(context, NULL, krb5_config_get_string(context, NULL,
"kdc", "pkinit_identity", NULL); "kdc", "pkinit_identity", NULL);
if (user_id == NULL) c->pkinit_kdc_anchors =
krb5_errx(context, 1, "pkinit enabled but no identity"); krb5_config_get_string(context, NULL,
anchors = krb5_config_get_string(context, NULL,
"kdc", "pkinit_anchors", NULL); "kdc", "pkinit_anchors", NULL);
if (anchors == NULL) c->pkinit_kdc_cert_pool =
krb5_errx(context, 1, "pkinit enabled but no X509 anchors");
pool_list =
krb5_config_get_strings(context, NULL, krb5_config_get_strings(context, NULL,
"kdc", "pkinit_pool", NULL); "kdc", "pkinit_pool", NULL);
c->pkinit_kdc_revoke =
revoke_list =
krb5_config_get_strings(context, NULL, krb5_config_get_strings(context, NULL,
"kdc", "pkinit_revoke", NULL); "kdc", "pkinit_revoke", NULL);
c->pkinit_kdc_ocsp_file =
file = krb5_config_get_string(context, NULL, krb5_config_get_string(context, NULL,
"kdc", "pkinit_kdc_ocsp", NULL); "kdc", "pkinit_kdc_ocsp", NULL);
if (file) { c->pkinit_kdc_friendly_name =
c->pkinit_kdc_ocsp_file = strdup(file); krb5_config_get_string(context, NULL,
if (c->pkinit_kdc_ocsp_file == NULL)
krb5_errx(context, 1, "out of memory");
}
file = krb5_config_get_string(context, NULL,
"kdc", "pkinit_kdc_friendly_name", NULL); "kdc", "pkinit_kdc_friendly_name", NULL);
if (file) {
c->pkinit_kdc_friendly_name = strdup(file);
if (c->pkinit_kdc_friendly_name == NULL)
krb5_errx(context, 1, "out of memory");
}
_kdc_pk_initialize(context, c, user_id, anchors,
pool_list, revoke_list);
krb5_config_free_strings(pool_list);
krb5_config_free_strings(revoke_list);
c->pkinit_princ_in_cert = c->pkinit_princ_in_cert =
krb5_config_get_bool_default(context, NULL, krb5_config_get_bool_default(context, NULL,
c->pkinit_princ_in_cert, c->pkinit_princ_in_cert,
"kdc", "kdc",
"pkinit_principal_in_certificate", "pkinit_principal_in_certificate",
NULL); NULL);
c->pkinit_require_binding = c->pkinit_require_binding =
krb5_config_get_bool_default(context, NULL, krb5_config_get_bool_default(context, NULL,
c->pkinit_require_binding, c->pkinit_require_binding,
"kdc", "kdc",
"pkinit_win2k_require_binding", "pkinit_win2k_require_binding",
NULL); NULL);
}
c->pkinit_dh_min_bits = c->pkinit_dh_min_bits =
krb5_config_get_int_default(context, NULL, krb5_config_get_int_default(context, NULL,
0, 0,
"kdc", "pkinit_dh_min_bits", NULL); "kdc", "pkinit_dh_min_bits", NULL);
#ifdef __APPLE__
c->enable_pkinit = 1;
if (c->pkinit_kdc_identity == NULL) {
if (c->pkinit_kdc_friendly_name == NULL)
c->pkinit_kdc_friendly_name =
strdup("O=System Identity,CN=com.apple.kerberos.kdc");
c->pkinit_kdc_identity = strdup("KEYCHAIN:");
}
if (c->pkinit_kdc_anchors == NULL)
c->pkinit_kdc_anchors = strdup("KEYCHAIN:");
#endif #endif
if (c->enable_pkinit) {
if (c->pkinit_kdc_identity == NULL)
krb5_errx(context, 1, "pkinit enabled but no identity");
if (c->pkinit_kdc_anchors == NULL)
krb5_errx(context, 1, "pkinit enabled but no X509 anchors");
krb5_kdc_pk_initialize(context, c,
c->pkinit_kdc_identity,
c->pkinit_kdc_anchors,
c->pkinit_kdc_cert_pool,
c->pkinit_kdc_revoke);
}
*config = c; *config = c;
return 0; return 0;

3
source4/heimdal/kdc/headers.h
View File

@@ -38,9 +38,8 @@
#ifndef __HEADERS_H__ #ifndef __HEADERS_H__
#define __HEADERS_H__ #define __HEADERS_H__
#ifdef HAVE_CONFIG_H
#include <config.h> #include <config.h>
#endif
#include <limits.h> #include <limits.h>
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>

8
source4/heimdal/kdc/kdc.h
View File

@@ -74,8 +74,12 @@ typedef struct krb5_kdc_configuration {
krb5_boolean enable_pkinit; krb5_boolean enable_pkinit;
krb5_boolean pkinit_princ_in_cert; krb5_boolean pkinit_princ_in_cert;
char *pkinit_kdc_ocsp_file; const char *pkinit_kdc_identity;
char *pkinit_kdc_friendly_name; const char *pkinit_kdc_anchors;
const char *pkinit_kdc_friendly_name;
const char *pkinit_kdc_ocsp_file;
char **pkinit_kdc_cert_pool;
char **pkinit_kdc_revoke;
int pkinit_dh_min_bits; int pkinit_dh_min_bits;
int pkinit_require_binding; int pkinit_require_binding;
int pkinit_allow_proxy_certs; int pkinit_allow_proxy_certs;

4
source4/heimdal/kdc/kdc_locl.h
View File

@@ -77,4 +77,8 @@ loop(krb5_context context, krb5_kdc_configuration *config);
krb5_kdc_configuration * krb5_kdc_configuration *
configure(krb5_context context, int argc, char **argv); configure(krb5_context context, int argc, char **argv);
#ifdef __APPLE__
void bonjour_announce(krb5_context, krb5_kdc_configuration *);
#endif
#endif /* __KDC_LOCL_H__ */ #endif /* __KDC_LOCL_H__ */

156
source4/heimdal/kdc/kerberos5.c
View File

@@ -60,7 +60,7 @@ realloc_method_data(METHOD_DATA *md)
} }
static void static void
set_salt_padata (METHOD_DATA *md, Salt *salt) set_salt_padata(METHOD_DATA *md, Salt *salt)
{ {
if (salt) { if (salt) {
realloc_method_data(md); realloc_method_data(md);
@@ -127,7 +127,7 @@ is_default_salt_p(const krb5_salt *default_salt, const Key *key)
krb5_error_code krb5_error_code
_kdc_find_etype(krb5_context context, const hdb_entry_ex *princ, _kdc_find_etype(krb5_context context, const hdb_entry_ex *princ,
krb5_enctype *etypes, unsigned len, krb5_enctype *etypes, unsigned len,
Key **ret_key, krb5_enctype *ret_etype) Key **ret_key)
{ {
int i; int i;
krb5_error_code ret = KRB5KDC_ERR_ETYPE_NOSUPP; krb5_error_code ret = KRB5KDC_ERR_ETYPE_NOSUPP;
@@ -148,7 +148,6 @@ _kdc_find_etype(krb5_context context, const hdb_entry_ex *princ,
continue; continue;
} }
*ret_key = key; *ret_key = key;
*ret_etype = etypes[i];
ret = 0; ret = 0;
if (is_default_salt_p(&def_salt, key)) { if (is_default_salt_p(&def_salt, key)) {
krb5_free_salt (context, def_salt); krb5_free_salt (context, def_salt);
@@ -287,8 +286,9 @@ _kdc_encode_reply(krb5_context context,
ret = krb5_crypto_init(context, skey, etype, &crypto); ret = krb5_crypto_init(context, skey, etype, &crypto);
if (ret) { if (ret) {
const char *msg;
free(buf); free(buf);
const char *msg = krb5_get_error_message(context, ret); msg = krb5_get_error_message(context, ret);
kdc_log(context, config, 0, "krb5_crypto_init failed: %s", msg); kdc_log(context, config, 0, "krb5_crypto_init failed: %s", msg);
krb5_free_error_message(context, msg); krb5_free_error_message(context, msg);
return ret; return ret;
@@ -902,7 +902,7 @@ _kdc_as_rep(krb5_context context,
KDCOptions f = b->kdc_options; KDCOptions f = b->kdc_options;
hdb_entry_ex *client = NULL, *server = NULL; hdb_entry_ex *client = NULL, *server = NULL;
HDB *clientdb; HDB *clientdb;
krb5_enctype cetype, setype, sessionetype; krb5_enctype setype, sessionetype;
krb5_data e_data; krb5_data e_data;
EncTicketPart et; EncTicketPart et;
EncKDCRepPart ek; EncKDCRepPart ek;
@@ -912,15 +912,20 @@ _kdc_as_rep(krb5_context context,
const char *e_text = NULL; const char *e_text = NULL;
krb5_crypto crypto; krb5_crypto crypto;
Key *ckey, *skey; Key *ckey, *skey;
EncryptionKey *reply_key; EncryptionKey *reply_key, session_key;
int flags = 0; int flags = 0;
#ifdef PKINIT #ifdef PKINIT
pk_client_params *pkp = NULL; pk_client_params *pkp = NULL;
#endif #endif
memset(&rep, 0, sizeof(rep)); memset(&rep, 0, sizeof(rep));
memset(&session_key, 0, sizeof(session_key));
krb5_data_zero(&e_data); krb5_data_zero(&e_data);
ALLOC(rep.padata);
rep.padata->len = 0;
rep.padata->val = NULL;
if (f.canonicalize) if (f.canonicalize)
flags |= HDB_F_CANON; flags |= HDB_F_CANON;
@@ -1009,19 +1014,59 @@ _kdc_as_rep(krb5_context context,
memset(&ek, 0, sizeof(ek)); memset(&ek, 0, sizeof(ek));
/* /*
* Find the client key for reply encryption and pa-type salt, Pick * Select a session enctype from the list of the crypto systems
* the client key upfront before the other keys because that is * supported enctype, is supported by the client and is one of the
* going to affect what enctypes we are going to use in * enctype of the enctype of the krbtgt.
* ETYPE-INFO{,2}. *
* The later is used as a hint what enctype all KDC are supporting
* to make sure a newer version of KDC wont generate a session
* enctype that and older version of a KDC in the same realm can't
* decrypt.
*
* But if the KDC admin is paranoid and doesn't want to have "no
* the best" enctypes on the krbtgt, lets save the best pick from
* the client list and hope that that will work for any other
* KDCs.
*/ */
{
const krb5_enctype *p;
krb5_enctype clientbest = ETYPE_NULL;
int i, j;
ret = _kdc_find_etype(context, client, b->etype.val, b->etype.len, p = krb5_kerberos_enctypes(context);
&ckey, &cetype);
if (ret) { sessionetype = ETYPE_NULL;
for (i = 0; p[i] != ETYPE_NULL && sessionetype == ETYPE_NULL; i++) {
if (krb5_enctype_valid(context, p[i]) != 0)
continue;
for (j = 0; j < b->etype.len && sessionetype == ETYPE_NULL; j++) {
Key *dummy;
/* check with client */
if (p[i] != b->etype.val[j])
continue;
/* save best of union of { client, crypto system } */
if (clientbest == ETYPE_NULL)
clientbest = p[i];
/* check with krbtgt */
ret = hdb_enctype2key(context, &server->entry, p[i], &dummy);
if (ret)
continue;
sessionetype = p[i];
}
}
/* if krbtgt had no shared keys with client, pick clients best */
if (clientbest != ETYPE_NULL && sessionetype == ETYPE_NULL) {
sessionetype = clientbest;
} else if (sessionetype == ETYPE_NULL) {
kdc_log(context, config, 0, kdc_log(context, config, 0,
"Client (%s) has no support for etypes", client_name); "Client (%s) from %s has no common enctypes with KDC"
"to use for the session key",
client_name, from);
goto out; goto out;
} }
}
/* /*
* Pre-auth processing * Pre-auth processing
@@ -1230,7 +1275,11 @@ _kdc_as_rep(krb5_context context,
} }
et.flags.pre_authent = 1; et.flags.pre_authent = 1;
ret = krb5_enctype_to_string(context,pa_key->key.keytype, &str); set_salt_padata(rep.padata, pa_key->salt);
reply_key = &pa_key->key;
ret = krb5_enctype_to_string(context, pa_key->key.keytype, &str);
if (ret) if (ret)
str = NULL; str = NULL;
@@ -1300,7 +1349,9 @@ _kdc_as_rep(krb5_context context,
/* /*
* If there is a client key, send ETYPE_INFO{,2} * If there is a client key, send ETYPE_INFO{,2}
*/ */
if (ckey) { ret = _kdc_find_etype(context, client, b->etype.val, b->etype.len,
&ckey);
if (ret == 0) {
/* /*
* RFC4120 requires: * RFC4120 requires:
@@ -1371,63 +1422,6 @@ _kdc_as_rep(krb5_context context,
if(ret) if(ret)
goto out; goto out;
/*
* Select a session enctype from the list of the crypto systems
* supported enctype, is supported by the client and is one of the
* enctype of the enctype of the krbtgt.
*
* The later is used as a hint what enctype all KDC are supporting
* to make sure a newer version of KDC wont generate a session
* enctype that and older version of a KDC in the same realm can't
* decrypt.
*
* But if the KDC admin is paranoid and doesn't want to have "no
* the best" enctypes on the krbtgt, lets save the best pick from
* the client list and hope that that will work for any other
* KDCs.
*/
{
const krb5_enctype *p;
krb5_enctype clientbest = ETYPE_NULL;
int i, j;
p = krb5_kerberos_enctypes(context);
sessionetype = ETYPE_NULL;
for (i = 0; p[i] != ETYPE_NULL && sessionetype == ETYPE_NULL; i++) {
if (krb5_enctype_valid(context, p[i]) != 0)
continue;
for (j = 0; j < b->etype.len && sessionetype == ETYPE_NULL; j++) {
Key *dummy;
/* check with client */
if (p[i] != b->etype.val[j])
continue;
/* save best of union of { client, crypto system } */
if (clientbest == ETYPE_NULL)
clientbest = p[i];
/* check with krbtgt */
ret = hdb_enctype2key(context, &server->entry, p[i], &dummy);
if (ret)
continue;
sessionetype = p[i];
}
}
/* if krbtgt had no shared keys with client, pick clients best */
if (clientbest != ETYPE_NULL && sessionetype == ETYPE_NULL) {
sessionetype = clientbest;
} else if (sessionetype == ETYPE_NULL) {
kdc_log(context, config, 0,
"Client (%s) from %s has no common enctypes with KDC"
"to use for the session key",
client_name, from);
goto out;
}
}
log_as_req(context, config, cetype, setype, b);
if(f.renew || f.validate || f.proxy || f.forwarded || f.enc_tkt_in_skey if(f.renew || f.validate || f.proxy || f.forwarded || f.enc_tkt_in_skey
|| (f.request_anonymous && !config->allow_anonymous)) { || (f.request_anonymous && !config->allow_anonymous)) {
ret = KRB5KDC_ERR_BADOPTION; ret = KRB5KDC_ERR_BADOPTION;
@@ -1622,10 +1616,6 @@ _kdc_as_rep(krb5_context context,
copy_HostAddresses(et.caddr, ek.caddr); copy_HostAddresses(et.caddr, ek.caddr);
} }
ALLOC(rep.padata);
rep.padata->len = 0;
rep.padata->val = NULL;
#if PKINIT #if PKINIT
if (pkp) { if (pkp) {
e_text = "Failed to build PK-INIT reply"; e_text = "Failed to build PK-INIT reply";
@@ -1642,12 +1632,13 @@ _kdc_as_rep(krb5_context context,
goto out; goto out;
} else } else
#endif #endif
if (ckey) { {
reply_key = &ckey->key;
ret = krb5_generate_random_keyblock(context, sessionetype, &et.key); ret = krb5_generate_random_keyblock(context, sessionetype, &et.key);
if (ret) if (ret)
goto out; goto out;
} else { }
if (reply_key == NULL) {
e_text = "Client have no reply key"; e_text = "Client have no reply key";
ret = KRB5KDC_ERR_CLIENT_NOTYET; ret = KRB5KDC_ERR_CLIENT_NOTYET;
goto out; goto out;
@@ -1657,9 +1648,6 @@ _kdc_as_rep(krb5_context context,
if (ret) if (ret)
goto out; goto out;
if (ckey)
set_salt_padata (rep.padata, ckey->salt);
/* Add signing of alias referral */ /* Add signing of alias referral */
if (f.canonicalize) { if (f.canonicalize) {
PA_ClientCanonicalized canon; PA_ClientCanonicalized canon;
@@ -1765,6 +1753,8 @@ _kdc_as_rep(krb5_context context,
if (ret) if (ret)
goto out; goto out;
log_as_req(context, config, reply_key->keytype, setype, b);
ret = _kdc_encode_reply(context, config, ret = _kdc_encode_reply(context, config,
&rep, &et, &ek, setype, server->entry.kvno, &rep, &et, &ek, setype, server->entry.kvno,
&skey->key, client->entry.kvno, &skey->key, client->entry.kvno,

5
source4/heimdal/kdc/krb5tgs.c
View File

@@ -1633,14 +1633,15 @@ server_lookup:
} else { } else {
Key *skey; Key *skey;
ret = _kdc_find_etype(context, server, b->etype.val, b->etype.len, ret = _kdc_find_etype(context, server,
&skey, &etype); b->etype.val, b->etype.len, &skey);
if(ret) { if(ret) {
kdc_log(context, config, 0, kdc_log(context, config, 0,
"Server (%s) has no support for etypes", spn); "Server (%s) has no support for etypes", spn);
goto out; goto out;
} }
ekey = &skey->key; ekey = &skey->key;
etype = skey->key.keytype;
kvno = server->entry.kvno; kvno = server->entry.kvno;
} }

18
source4/heimdal/kdc/kx509.c
View File

@@ -345,10 +345,24 @@ _kdc_do_kx509(krb5_context context,
ret = krb5_principal_compare(context, sprincipal, principal); ret = krb5_principal_compare(context, sprincipal, principal);
krb5_free_principal(context, principal); krb5_free_principal(context, principal);
if (ret != TRUE) { if (ret != TRUE) {
char *expected, *used;
ret = krb5_unparse_name(context, sprincipal, &expected);
if (ret)
goto out;
ret = krb5_unparse_name(context, principal, &used);
if (ret) {
krb5_xfree(expected);
goto out;
}
ret = KRB5KDC_ERR_SERVER_NOMATCH; ret = KRB5KDC_ERR_SERVER_NOMATCH;
krb5_set_error_message(context, ret, krb5_set_error_message(context, ret,
"User %s used wrong Kx509 service principal", "User %s used wrong Kx509 service "
cname); "principal, expected: %s, used %s",
cname, expected, used);
krb5_xfree(expected);
krb5_xfree(used);
goto out; goto out;
} }
} }

7
source4/heimdal/kdc/log.c
View File

@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
* are met: * are met:
@@ -36,13 +38,14 @@ RCSID("$Id$");
void void
kdc_openlog(krb5_context context, kdc_openlog(krb5_context context,
const char *service,
krb5_kdc_configuration *config) krb5_kdc_configuration *config)
{ {
char **s = NULL, **p; char **s = NULL, **p;
krb5_initlog(context, "kdc", &config->logf); krb5_initlog(context, "kdc", &config->logf);
s = krb5_config_get_strings(context, NULL, "kdc", "logging", NULL); s = krb5_config_get_strings(context, NULL, service, "logging", NULL);
if(s == NULL) if(s == NULL)
s = krb5_config_get_strings(context, NULL, "logging", "kdc", NULL); s = krb5_config_get_strings(context, NULL, "logging", service, NULL);
if(s){ if(s){
for(p = s; *p; p++) for(p = s; *p; p++)
krb5_addlog_dest(context, config->logf, *p); krb5_addlog_dest(context, config->logf, *p);

19
source4/heimdal/kdc/pkinit.c
View File

@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
* are met: * are met:
@@ -1379,7 +1381,22 @@ _kdc_pk_mk_pa_reply(krb5_context context,
} }
#define use_btmm_with_enckey 0
if (use_btmm_with_enckey && rep.element == choice_PA_PK_AS_REP_encKeyPack) {
PA_PK_AS_REP_BTMM btmm;
heim_any any;
any.data = rep.u.encKeyPack.data;
any.length = rep.u.encKeyPack.length;
btmm.dhSignedData = NULL;
btmm.encKeyPack = &any;
ASN1_MALLOC_ENCODE(PA_PK_AS_REP_BTMM, buf, len, &btmm, &size, ret);
} else {
ASN1_MALLOC_ENCODE(PA_PK_AS_REP, buf, len, &rep, &size, ret); ASN1_MALLOC_ENCODE(PA_PK_AS_REP, buf, len, &rep, &size, ret);
}
free_PA_PK_AS_REP(&rep); free_PA_PK_AS_REP(&rep);
if (ret) { if (ret) {
krb5_set_error_message(context, ret, krb5_set_error_message(context, ret,
@@ -1928,7 +1945,7 @@ load_mappings(krb5_context context, const char *fn)
*/ */
krb5_error_code krb5_error_code
_kdc_pk_initialize(krb5_context context, krb5_kdc_pk_initialize(krb5_context context,
krb5_kdc_configuration *config, krb5_kdc_configuration *config,
const char *user_id, const char *user_id,
const char *anchors, const char *anchors,

17
source4/heimdal/kpasswd/kpasswd.c
View File

@@ -117,22 +117,21 @@ main (int argc, char **argv)
krb5_error_code ret; krb5_error_code ret;
krb5_context context; krb5_context context;
krb5_principal principal; krb5_principal principal;
int optind = 0;
krb5_get_init_creds_opt *opt; krb5_get_init_creds_opt *opt;
krb5_ccache id = NULL; krb5_ccache id = NULL;
int exit_value; int exit_value;
int optidx = 0;
optind = krb5_program_setup(&context, argc, argv, setprogname(argv[0]);
args, sizeof(args) / sizeof(args[0]), usage);
if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
usage(1, args, sizeof(args) / sizeof(args[0]));
if (help_flag) if (help_flag)
usage (0, args, sizeof(args) / sizeof(args[0])); usage(0, args, sizeof(args) / sizeof(args[0]));
if (version_flag) {
if(version_flag){ print_version(NULL);
print_version (NULL); return 0;
exit(0);
} }
argc -= optind; argc -= optind;
argv += optind; argv += optind;

56
source4/heimdal/kuser/kinit.c
View File

@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
* are met: * are met:
@@ -33,6 +35,10 @@
#include "kuser_locl.h" #include "kuser_locl.h"
#ifdef __APPLE__
#include <Security/Security.h>
#endif
#ifndef HEIMDAL_SMALLER #ifndef HEIMDAL_SMALLER
#include "krb5-v4compat.h" #include "krb5-v4compat.h"
#endif #endif
@@ -113,7 +119,7 @@ static struct getargs args[] = {
{ "cache", 'c', arg_string, &cred_cache, { "cache", 'c', arg_string, &cred_cache,
NP_("credentials cache", ""), "cachename" }, NP_("credentials cache", ""), "cachename" },
{ "forwardable", 'f', arg_flag, &forwardable_flag, { "forwardable", 'f', arg_negative_flag, &forwardable_flag,
NP_("get forwardable tickets", "")}, NP_("get forwardable tickets", "")},
{ "keytab", 't', arg_string, &keytab_str, { "keytab", 't', arg_string, &keytab_str,
@@ -422,7 +428,7 @@ get_new_tickets(krb5_context context,
char passwd[256]; char passwd[256];
krb5_deltat start_time = 0; krb5_deltat start_time = 0;
krb5_deltat renew = 0; krb5_deltat renew = 0;
const char *renewstr = NULL; char *renewstr = NULL;
krb5_enctype *enctype = NULL; krb5_enctype *enctype = NULL;
krb5_ccache tempccache; krb5_ccache tempccache;
#ifndef NO_NTLM #ifndef NO_NTLM
@@ -451,6 +457,33 @@ get_new_tickets(krb5_context context,
passwd[strcspn(passwd, "\n")] = '\0'; passwd[strcspn(passwd, "\n")] = '\0';
} }
#ifdef __APPLE__
if (passwd[0] == '\0') {
const char *realm;
OSStatus osret;
UInt32 length;
void *buffer;
char *name;
realm = krb5_principal_get_realm(context, principal);
ret = krb5_unparse_name_flags(context, principal,
KRB5_PRINCIPAL_UNPARSE_NO_REALM, &name);
if (ret)
goto nopassword;
osret = SecKeychainFindGenericPassword(NULL, strlen(realm), realm,
strlen(name), name,
&length, &buffer, NULL);
free(name);
if (osret == noErr && length < sizeof(passwd) - 1) {
memcpy(passwd, buffer, length);
passwd[length] = '\0';
}
nopassword:
do { } while(0);
}
#endif
memset(&cred, 0, sizeof(cred)); memset(&cred, 0, sizeof(cred));
@@ -472,7 +505,7 @@ get_new_tickets(krb5_context context,
pac_flag ? TRUE : FALSE); pac_flag ? TRUE : FALSE);
if (canonicalize_flag) if (canonicalize_flag)
krb5_get_init_creds_opt_set_canonicalize(context, opt, TRUE); krb5_get_init_creds_opt_set_canonicalize(context, opt, TRUE);
if (pk_enterprise_flag && windows_flag) if ((pk_enterprise_flag || enterprise_flag || canonicalize_flag) && windows_flag)
krb5_get_init_creds_opt_set_win2k(context, opt, TRUE); krb5_get_init_creds_opt_set_win2k(context, opt, TRUE);
if (pk_user_id || ent_user_id || anonymous_flag) { if (pk_user_id || ent_user_id || anonymous_flag) {
ret = krb5_get_init_creds_opt_set_pkinit(context, opt, ret = krb5_get_init_creds_opt_set_pkinit(context, opt,
@@ -881,8 +914,23 @@ main (int argc, char **argv)
#endif #endif
} else { } else {
ret = krb5_cc_cache_match(context, principal, &ccache); ret = krb5_cc_cache_match(context, principal, &ccache);
if (ret) if (ret) {
const char *type;
ret = krb5_cc_default (context, &ccache); ret = krb5_cc_default (context, &ccache);
if (ret)
krb5_err (context, 1, ret, N_("resolving credentials cache", ""));
/*
* Check if the type support switching, and we do,
* then do that instead over overwriting the current
* default credential
*/
type = krb5_cc_get_type(context, ccache);
if (krb5_cc_support_switch(context, type)) {
krb5_cc_close(context, ccache);
ret = krb5_cc_new_unique(context, type, NULL, &ccache);
}
}
} }
} }
if (ret) if (ret)

1
source4/heimdal/lib/asn1/asn1-common.h
View File

@@ -2,6 +2,7 @@
#include <stddef.h> #include <stddef.h>
#include <time.h> #include <time.h>
#include <krb5-types.h>
#ifndef __asn1_common_definitions__ #ifndef __asn1_common_definitions__
#define __asn1_common_definitions__ #define __asn1_common_definitions__

2
source4/heimdal/lib/asn1/asn1_err.et
View File

@@ -24,4 +24,6 @@ error_code MAX_CONSTRAINT, "ASN.1 too many elements"
error_code EXACT_CONSTRAINT, "ASN.1 wrong number of elements" error_code EXACT_CONSTRAINT, "ASN.1 wrong number of elements"
error_code INDEF_OVERRUN, "ASN.1 BER indefinte encoding overrun" error_code INDEF_OVERRUN, "ASN.1 BER indefinte encoding overrun"
error_code INDEF_UNDERRUN, "ASN.1 BER indefinte encoding underun" error_code INDEF_UNDERRUN, "ASN.1 BER indefinte encoding underun"
error_code GOT_BER, "ASN.1 got BER encoded when expected DER"
error_code INDEF_EXTRA_DATA, "ASN.1 EoC tag contained data"
end end

15
source4/heimdal/lib/asn1/asn1parse.y
View File

@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
* are met: * are met:
@@ -250,7 +252,7 @@ ExtensionDefault: kw_EXTENSIBILITY kw_IMPLIED
| /* empty */ | /* empty */
; ;
ModuleBody : /* Exports */ Imports AssignmentList ModuleBody : Exports Imports AssignmentList
| /* empty */ | /* empty */
; ;
@@ -272,11 +274,22 @@ SymbolsFromModule: referencenames kw_FROM IDENTIFIER objid_opt
for(sl = $1; sl != NULL; sl = sl->next) { for(sl = $1; sl != NULL; sl = sl->next) {
Symbol *s = addsym(sl->string); Symbol *s = addsym(sl->string);
s->stype = Stype; s->stype = Stype;
gen_template_import(s);
} }
add_import($3); add_import($3);
} }
; ;
Exports : kw_EXPORTS referencenames ';'
{
struct string_list *sl;
for(sl = $2; sl != NULL; sl = sl->next)
add_export(sl->string);
}
| kw_EXPORTS kw_ALL
| /* empty */
;
AssignmentList : Assignment AssignmentList : Assignment
| Assignment AssignmentList | Assignment AssignmentList
; ;

2
source4/heimdal/lib/asn1/cms.asn1
View File

@@ -4,7 +4,7 @@
CMS DEFINITIONS ::= BEGIN CMS DEFINITIONS ::= BEGIN
IMPORTS CertificateSerialNumber, AlgorithmIdentifier, Name, IMPORTS CertificateSerialNumber, AlgorithmIdentifier, Name,
Attribute, Certificate, Name, SubjectKeyIdentifier FROM rfc2459 Attribute, Certificate, SubjectKeyIdentifier FROM rfc2459
heim_any, heim_any_set FROM heim; heim_any, heim_any_set FROM heim;
id-pkcs7 OBJECT IDENTIFIER ::= { iso(1) member-body(2) id-pkcs7 OBJECT IDENTIFIER ::= { iso(1) member-body(2)

2
source4/heimdal/lib/asn1/der.h
View File

@@ -94,6 +94,8 @@ typedef struct heim_ber_time_t {
int bt_zone; int bt_zone;
} heim_ber_time_t; } heim_ber_time_t;
struct asn1_template;
#include <der-protos.h> #include <der-protos.h>
int _heim_fix_dce(size_t reallen, size_t *len); int _heim_fix_dce(size_t reallen, size_t *len);

30
source4/heimdal/lib/asn1/der_copy.c
View File

@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
* are met: * are met:
@@ -45,6 +47,34 @@ der_copy_general_string (const heim_general_string *from,
return 0; return 0;
} }
int
der_copy_integer (const int *from, int *to)
{
*to = *from;
return 0;
}
int
der_copy_unsigned (const unsigned *from, unsigned *to)
{
*to = *from;
return 0;
}
int
der_copy_generalized_time (const time_t *from, time_t *to)
{
*to = *from;
return 0;
}
int
der_copy_utctime (const time_t *from, time_t *to)
{
*to = *from;
return 0;
}
int int
der_copy_utf8string (const heim_utf8_string *from, heim_utf8_string *to) der_copy_utf8string (const heim_utf8_string *from, heim_utf8_string *to)
{ {

27
source4/heimdal/lib/asn1/der_free.c
View File

@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
* are met: * are met:
@@ -42,6 +44,31 @@ der_free_general_string (heim_general_string *str)
*str = NULL; *str = NULL;
} }
void
der_free_integer (int *i)
{
*i = 0;
}
void
der_free_unsigned (unsigned *u)
{
*u = 0;
}
void
der_free_generalized_time(time_t *t)
{
*t = 0;
}
void
der_free_utctime(time_t *t)
{
*t = 0;
}
void void
der_free_utf8string (heim_utf8_string *str) der_free_utf8string (heim_utf8_string *str)
{ {

4
source4/heimdal/lib/asn1/der_get.c
View File

@@ -305,7 +305,7 @@ der_get_octet_string_ber (const unsigned char *p, size_t len,
void *ptr; void *ptr;
ptr = realloc(data->data, data->length + datalen); ptr = realloc(data->data, data->length + datalen);
if (ptr == NULL && data->length + datalen != 0) { if (ptr == NULL) {
e = ENOMEM; e = ENOMEM;
goto out; goto out;
} }
@@ -354,7 +354,6 @@ der_get_heim_integer (const unsigned char *p, size_t len,
p++; p++;
data->length--; data->length--;
} }
if (data->length) {
data->data = malloc(data->length); data->data = malloc(data->length);
if (data->data == NULL) { if (data->data == NULL) {
data->length = 0; data->length = 0;
@@ -371,7 +370,6 @@ der_get_heim_integer (const unsigned char *p, size_t len,
p--; p--;
q--; q--;
} }
}
} else { } else {
data->negative = 0; data->negative = 0;
data->length = len; data->length = len;

16
source4/heimdal/lib/asn1/der_length.c
View File

@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
* are met: * are met:
@@ -112,6 +114,20 @@ der_length_len (size_t len)
} }
} }
size_t
der_length_tag(unsigned int tag)
{
size_t len = 0;
if(tag <= 30)
return 1;
while(tag) {
tag /= 128;
len++;
}
return len + 1;
}
size_t size_t
der_length_integer (const int *data) der_length_integer (const int *data)
{ {

2
source4/heimdal/lib/asn1/der_locl.h
View File

@@ -52,6 +52,8 @@
#include <asn1-common.h> #include <asn1-common.h>
#include <asn1_err.h> #include <asn1_err.h>
#include <der.h> #include <der.h>
#include <der-private.h>
#include "asn1-template.h"
time_t _der_timegm (struct tm *); time_t _der_timegm (struct tm *);
size_t _heim_len_unsigned (unsigned); size_t _heim_len_unsigned (unsigned);

15
source4/heimdal/lib/asn1/digest.asn1
View File

@@ -100,6 +100,21 @@ NTLMResponse ::= SEQUENCE {
tickets [3] SEQUENCE OF OCTET STRING OPTIONAL tickets [3] SEQUENCE OF OCTET STRING OPTIONAL
} }
NTLMRequest2 ::= SEQUENCE {
loginUserName [0] UTF8String,
loginDomainName [1] UTF8String,
flags [2] INTEGER (0..4294967295),
lmchallenge [3] OCTET STRING SIZE (8),
ntChallengeResponce [4] OCTET STRING,
lmChallengeResponce [5] OCTET STRING
}
NTLMReply ::= SEQUENCE {
success [0] BOOLEAN,
flags [1] INTEGER (0..4294967295),
sessionkey [2] OCTET STRING OPTIONAL
}
DigestReqInner ::= CHOICE { DigestReqInner ::= CHOICE {
init [0] DigestInit, init [0] DigestInit,
digestRequest [1] DigestRequest, digestRequest [1] DigestRequest,

42
source4/heimdal/lib/asn1/extra.c
View File

@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
* are met: * are met:
@@ -40,13 +42,7 @@ int
encode_heim_any(unsigned char *p, size_t len, encode_heim_any(unsigned char *p, size_t len,
const heim_any *data, size_t *size) const heim_any *data, size_t *size)
{ {
if (data->length > len) return der_put_octet_string (p, len, data, size);
return ASN1_OVERFLOW;
p -= data->length;
len -= data->length;
memcpy (p+1, data->data, data->length);
*size = data->length;
return 0;
} }
int int
@@ -91,8 +87,7 @@ decode_heim_any(const unsigned char *p, size_t len,
void void
free_heim_any(heim_any *data) free_heim_any(heim_any *data)
{ {
free(data->data); der_free_octet_string(data);
data->data = NULL;
} }
size_t size_t
@@ -104,58 +99,43 @@ length_heim_any(const heim_any *data)
int int
copy_heim_any(const heim_any *from, heim_any *to) copy_heim_any(const heim_any *from, heim_any *to)
{ {
to->data = malloc(from->length); return der_copy_octet_string(from, to);
if (to->data == NULL && from->length != 0)
return ENOMEM;
memcpy(to->data, from->data, from->length);
to->length = from->length;
return 0;
} }
int int
encode_heim_any_set(unsigned char *p, size_t len, encode_heim_any_set(unsigned char *p, size_t len,
const heim_any_set *data, size_t *size) const heim_any_set *data, size_t *size)
{ {
return encode_heim_any(p, len, data, size); return der_put_octet_string (p, len, data, size);
} }
int int
decode_heim_any_set(const unsigned char *p, size_t len, decode_heim_any_set(const unsigned char *p, size_t len,
heim_any_set *data, size_t *size) heim_any_set *data, size_t *size)
{ {
memset(data, 0, sizeof(*data)); return der_get_octet_string(p, len, data, size);
data->data = malloc(len);
if (data->data == NULL && len != 0)
return ENOMEM;
data->length = len;
memcpy(data->data, p, len);
if (size) *size = len;
return 0;
} }
void void
free_heim_any_set(heim_any_set *data) free_heim_any_set(heim_any_set *data)
{ {
free_heim_any(data); der_free_octet_string(data);
} }
size_t size_t
length_heim_any_set(const heim_any *data) length_heim_any_set(const heim_any *data)
{ {
return length_heim_any(data); return data->length;
} }
int int
copy_heim_any_set(const heim_any_set *from, heim_any_set *to) copy_heim_any_set(const heim_any_set *from, heim_any_set *to)
{ {
return copy_heim_any(from, to); return der_copy_octet_string(from, to);
} }
int int
heim_any_cmp(const heim_any_set *p, const heim_any_set *q) heim_any_cmp(const heim_any_set *p, const heim_any_set *q)
{ {
if (p->length != q->length) return der_heim_octet_string_cmp(p, q);
return p->length - q->length;
return memcmp(p->data, q->data, p->length);
} }

251
source4/heimdal/lib/asn1/gen.c
View File

@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
* are met: * are met:
@@ -35,12 +37,12 @@
RCSID("$Id$"); RCSID("$Id$");
FILE *headerfile, *codefile, *logfile; FILE *privheaderfile, *headerfile, *codefile, *logfile, *templatefile;
#define STEM "asn1" #define STEM "asn1"
static const char *orig_filename; static const char *orig_filename;
static char *header; static char *privheader, *header, *template;
static const char *headerbase = STEM; static const char *headerbase = STEM;
/* /*
@@ -66,6 +68,45 @@ add_import (const char *module)
fprintf (headerfile, "#include <%s_asn1.h>\n", module); fprintf (headerfile, "#include <%s_asn1.h>\n", module);
} }
/*
* List of all exported symbols
*/
struct sexport {
const char *name;
int defined;
struct sexport *next;
};
static struct sexport *exports = NULL;
void
add_export (const char *name)
{
struct sexport *tmp = emalloc (sizeof(*tmp));
tmp->name = name;
tmp->next = exports;
exports = tmp;
}
int
is_export(const char *name)
{
struct sexport *tmp;
if (exports == NULL) /* no export list, all exported */
return 1;
for (tmp = exports; tmp != NULL; tmp = tmp->next) {
if (strcmp(tmp->name, name) == 0) {
tmp->defined = 1;
return 1;
}
}
return 0;
}
const char * const char *
get_filename (void) get_filename (void)
{ {
@@ -96,6 +137,23 @@ init_generate (const char *filename, const char *base)
err (1, "open %s", fn); err (1, "open %s", fn);
free(fn); free(fn);
/* private header file */
asprintf(&privheader, "%s-priv.h", headerbase);
if (privheader == NULL)
errx(1, "malloc");
asprintf(&fn, "%s-priv.hx", headerbase);
if (fn == NULL)
errx(1, "malloc");
privheaderfile = fopen (fn, "w");
if (privheaderfile == NULL)
err (1, "open %s", fn);
free(fn);
/* template file */
asprintf(&template, "%s-template.c", headerbase);
if (template == NULL)
errx(1, "malloc");
fprintf (headerfile, fprintf (headerfile,
"/* Generated from %s */\n" "/* Generated from %s */\n"
"/* Do not edit */\n\n", "/* Do not edit */\n\n",
@@ -182,6 +240,36 @@ init_generate (const char *filename, const char *base)
logfile = fopen(fn, "w"); logfile = fopen(fn, "w");
if (logfile == NULL) if (logfile == NULL)
err (1, "open %s", fn); err (1, "open %s", fn);
/* if one code file, write into the one codefile */
if (one_code_file)
return;
templatefile = fopen (template, "w");
if (templatefile == NULL)
err (1, "open %s", template);
fprintf (templatefile,
"/* Generated from %s */\n"
"/* Do not edit */\n\n"
"#include <stdio.h>\n"
"#include <stdlib.h>\n"
"#include <time.h>\n"
"#include <string.h>\n"
"#include <errno.h>\n"
"#include <limits.h>\n"
"#include <krb5-types.h>\n",
filename);
fprintf (templatefile,
"#include <%s>\n"
"#include <%s>\n"
"#include <der.h>\n"
"#include <der-private.h>\n"
"#include <asn1-template.h>\n",
header, privheader);
} }
void void
@@ -189,7 +277,13 @@ close_generate (void)
{ {
fprintf (headerfile, "#endif /* __%s_h__ */\n", headerbase); fprintf (headerfile, "#endif /* __%s_h__ */\n", headerbase);
if (headerfile)
fclose (headerfile); fclose (headerfile);
if (privheaderfile)
fclose (privheaderfile);
if (templatefile)
fclose (templatefile);
if (logfile)
fprintf (logfile, "\n"); fprintf (logfile, "\n");
fclose (logfile); fclose (logfile);
} }
@@ -265,11 +359,14 @@ generate_header_of_codefile(const char *name)
orig_filename); orig_filename);
fprintf (codefile, fprintf (codefile,
"#include <%s.h>\n", "#include <%s>\n"
headerbase); "#include <%s>\n",
header, privheader);
fprintf (codefile, fprintf (codefile,
"#include <asn1_err.h>\n" "#include <asn1_err.h>\n"
"#include <der.h>\n" "#include <der.h>\n"
"#include <der-private.h>\n"
"#include <asn1-template.h>\n"
"#include <parse_units.h>\n\n"); "#include <parse_units.h>\n\n");
} }
@@ -328,8 +425,6 @@ generate_constant (const Symbol *s)
} }
fprintf (headerfile, "} */\n"); fprintf (headerfile, "} */\n");
fprintf (headerfile, "const heim_oid *oid_%s(void);\n",
s->gen_name);
fprintf (headerfile, fprintf (headerfile,
"extern const heim_oid asn1_oid_%s;\n\n", "extern const heim_oid asn1_oid_%s;\n\n",
s->gen_name); s->gen_name);
@@ -346,12 +441,6 @@ generate_constant (const Symbol *s)
"{ %d, oid_%s_variable_num };\n\n", "{ %d, oid_%s_variable_num };\n\n",
s->gen_name, len, s->gen_name); s->gen_name, len, s->gen_name);
fprintf (codefile, "const heim_oid *oid_%s(void)\n"
"{\n"
"return &asn1_oid_%s;\n"
"}\n\n",
s->gen_name, s->gen_name);
free(list); free(list);
if (!one_code_file) if (!one_code_file)
@@ -364,6 +453,33 @@ generate_constant (const Symbol *s)
} }
} }
int
is_primitive_type(int type)
{
switch(type) {
case TInteger:
case TBoolean:
case TOctetString:
case TBitString:
case TEnumerated:
case TGeneralizedTime:
case TGeneralString:
case TTeletexString:
case TOID:
case TUTCTime:
case TUTF8String:
case TPrintableString:
case TIA5String:
case TBMPString:
case TUniversalString:
case TVisibleString:
case TNull:
return 1;
default:
return 0;
}
}
static void static void
space(int level) space(int level)
{ {
@@ -550,8 +666,24 @@ define_asn1 (int level, Type *t)
} }
static void static void
define_type (int level, const char *name, Type *t, int typedefp, int preservep) getnewbasename(char **newbasename, int typedefp, const char *basename, const char *name)
{ {
if (typedefp)
*newbasename = strdup(name);
else {
if (name[0] == '*')
name++;
asprintf(newbasename, "%s_%s", basename, name);
}
if (*newbasename == NULL)
err(1, "malloc");
}
static void
define_type (int level, const char *name, const char *basename, Type *t, int typedefp, int preservep)
{
char *newbasename = NULL;
switch (t->type) { switch (t->type) {
case TType: case TType:
space(level); space(level);
@@ -602,16 +734,37 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep)
if(ASN1_TAILQ_EMPTY(t->members)) if(ASN1_TAILQ_EMPTY(t->members))
fprintf (headerfile, "heim_bit_string %s;\n", name); fprintf (headerfile, "heim_bit_string %s;\n", name);
else { else {
fprintf (headerfile, "struct %s {\n", typedefp ? name : ""); int pos = 0;
getnewbasename(&newbasename, typedefp, basename, name);
fprintf (headerfile, "struct %s {\n", newbasename);
ASN1_TAILQ_FOREACH(m, t->members, members) { ASN1_TAILQ_FOREACH(m, t->members, members) {
char *n; char *n;
/* pad unused */
while (pos < m->val) {
asprintf (&n, "_unused%d:1", pos);
define_type (level + 1, n, newbasename, &i, FALSE, FALSE);
free(n);
pos++;
}
asprintf (&n, "%s:1", m->gen_name); asprintf (&n, "%s:1", m->gen_name);
if (n == NULL) if (n == NULL)
errx(1, "malloc"); errx(1, "malloc");
define_type (level + 1, n, &i, FALSE, FALSE); define_type (level + 1, n, newbasename, &i, FALSE, FALSE);
free (n); free (n);
pos++;
} }
/* pad to 32 elements */
while (pos < 32) {
char *n;
asprintf (&n, "_unused%d:1", pos);
define_type (level + 1, n, newbasename, &i, FALSE, FALSE);
free(n);
pos++;
}
space(level); space(level);
fprintf (headerfile, "} %s;\n\n", name); fprintf (headerfile, "} %s;\n\n", name);
} }
@@ -638,8 +791,10 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep)
case TSequence: { case TSequence: {
Member *m; Member *m;
getnewbasename(&newbasename, typedefp, basename, name);
space(level); space(level);
fprintf (headerfile, "struct %s {\n", typedefp ? name : ""); fprintf (headerfile, "struct %s {\n", newbasename);
if (t->type == TSequence && preservep) { if (t->type == TSequence && preservep) {
space(level + 1); space(level + 1);
fprintf(headerfile, "heim_octet_string _save;\n"); fprintf(headerfile, "heim_octet_string _save;\n");
@@ -653,10 +808,10 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep)
asprintf (&n, "*%s", m->gen_name); asprintf (&n, "*%s", m->gen_name);
if (n == NULL) if (n == NULL)
errx(1, "malloc"); errx(1, "malloc");
define_type (level + 1, n, m->type, FALSE, FALSE); define_type (level + 1, n, newbasename, m->type, FALSE, FALSE);
free (n); free (n);
} else } else
define_type (level + 1, m->gen_name, m->type, FALSE, FALSE); define_type (level + 1, m->gen_name, newbasename, m->type, FALSE, FALSE);
} }
space(level); space(level);
fprintf (headerfile, "} %s;\n", name); fprintf (headerfile, "} %s;\n", name);
@@ -667,15 +822,17 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep)
Type i; Type i;
struct range range = { 0, INT_MAX }; struct range range = { 0, INT_MAX };
getnewbasename(&newbasename, typedefp, basename, name);
i.type = TInteger; i.type = TInteger;
i.range = &range; i.range = &range;
i.members = NULL; i.members = NULL;
i.constraint = NULL; i.constraint = NULL;
space(level); space(level);
fprintf (headerfile, "struct %s {\n", typedefp ? name : ""); fprintf (headerfile, "struct %s {\n", newbasename);
define_type (level + 1, "len", &i, FALSE, FALSE); define_type (level + 1, "len", newbasename, &i, FALSE, FALSE);
define_type (level + 1, "*val", t->subtype, FALSE, FALSE); define_type (level + 1, "*val", newbasename, t->subtype, FALSE, FALSE);
space(level); space(level);
fprintf (headerfile, "} %s;\n", name); fprintf (headerfile, "} %s;\n", name);
break; break;
@@ -693,14 +850,16 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep)
fprintf (headerfile, "heim_general_string %s;\n", name); fprintf (headerfile, "heim_general_string %s;\n", name);
break; break;
case TTag: case TTag:
define_type (level, name, t->subtype, typedefp, preservep); define_type (level, name, basename, t->subtype, typedefp, preservep);
break; break;
case TChoice: { case TChoice: {
int first = 1; int first = 1;
Member *m; Member *m;
getnewbasename(&newbasename, typedefp, basename, name);
space(level); space(level);
fprintf (headerfile, "struct %s {\n", typedefp ? name : ""); fprintf (headerfile, "struct %s {\n", newbasename);
if (preservep) { if (preservep) {
space(level + 1); space(level + 1);
fprintf(headerfile, "heim_octet_string _save;\n"); fprintf(headerfile, "heim_octet_string _save;\n");
@@ -737,10 +896,10 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep)
asprintf (&n, "*%s", m->gen_name); asprintf (&n, "*%s", m->gen_name);
if (n == NULL) if (n == NULL)
errx(1, "malloc"); errx(1, "malloc");
define_type (level + 2, n, m->type, FALSE, FALSE); define_type (level + 2, n, newbasename, m->type, FALSE, FALSE);
free (n); free (n);
} else } else
define_type (level + 2, m->gen_name, m->type, FALSE, FALSE); define_type (level + 2, m->gen_name, newbasename, m->type, FALSE, FALSE);
} }
space(level + 1); space(level + 1);
fprintf (headerfile, "} u;\n"); fprintf (headerfile, "} u;\n");
@@ -787,6 +946,8 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep)
default: default:
abort (); abort ();
} }
if (newbasename)
free(newbasename);
} }
static void static void
@@ -800,27 +961,61 @@ generate_type_header (const Symbol *s)
fprintf (headerfile, "\n*/\n\n"); fprintf (headerfile, "\n*/\n\n");
fprintf (headerfile, "typedef "); fprintf (headerfile, "typedef ");
define_type (0, s->gen_name, s->type, TRUE, preservep); define_type (0, s->gen_name, s->gen_name, s->type, TRUE, preservep);
fprintf (headerfile, "\n"); fprintf (headerfile, "\n");
} }
void void
generate_type (const Symbol *s) generate_type (const Symbol *s)
{ {
FILE *h;
if (!one_code_file) if (!one_code_file)
generate_header_of_codefile(s->gen_name); generate_header_of_codefile(s->gen_name);
generate_type_header (s); generate_type_header (s);
if (template_flag)
generate_template(s);
if (template_flag == 0 || is_template_compat(s) == 0) {
generate_type_encode (s); generate_type_encode (s);
generate_type_decode (s); generate_type_decode (s);
generate_type_free (s); generate_type_free (s);
generate_type_length (s); generate_type_length (s);
generate_type_copy (s); generate_type_copy (s);
}
generate_type_seq (s); generate_type_seq (s);
generate_glue (s->type, s->gen_name); generate_glue (s->type, s->gen_name);
fprintf(headerfile, "\n\n");
/* generate prototypes */
if (is_export(s->name))
h = headerfile;
else
h = privheaderfile;
fprintf (h,
"int "
"decode_%s(const unsigned char *, size_t, %s *, size_t *);\n",
s->gen_name, s->gen_name);
fprintf (h,
"int "
"encode_%s(unsigned char *, size_t, const %s *, size_t *);\n",
s->gen_name, s->gen_name);
fprintf (h,
"size_t length_%s(const %s *);\n",
s->gen_name, s->gen_name);
fprintf (h,
"int copy_%s (const %s *, %s *);\n",
s->gen_name, s->gen_name, s->gen_name);
fprintf (h,
"void free_%s (%s *);\n",
s->gen_name, s->gen_name);
fprintf(h, "\n\n");
if (!one_code_file) { if (!one_code_file) {
fprintf(codefile, "\n\n"); fprintf(codefile, "\n\n");

4
source4/heimdal/lib/asn1/gen_copy.c
View File

@@ -228,10 +228,6 @@ generate_type_copy (const Symbol *s)
used_fail = 0; used_fail = 0;
fprintf (headerfile,
"int copy_%s (const %s *, %s *);\n",
s->gen_name, s->gen_name, s->gen_name);
fprintf (codefile, "int\n" fprintf (codefile, "int\n"
"copy_%s(const %s *from, %s *to)\n" "copy_%s(const %s *from, %s *to)\n"
"{\n" "{\n"

36
source4/heimdal/lib/asn1/gen_decode.c
View File

@@ -56,33 +56,6 @@ decode_primitive (const char *typename, const char *name, const char *forwstr)
#endif #endif
} }
static int
is_primitive_type(int type)
{
switch(type) {
case TInteger:
case TBoolean:
case TOctetString:
case TBitString:
case TEnumerated:
case TGeneralizedTime:
case TGeneralString:
case TTeletexString:
case TOID:
case TUTCTime:
case TUTF8String:
case TPrintableString:
case TIA5String:
case TBMPString:
case TUniversalString:
case TVisibleString:
case TNull:
return 1;
default:
return 0;
}
}
static void static void
find_tag (const Type *t, find_tag (const Type *t,
Der_class *cl, Der_type *ty, unsigned *tag) Der_class *cl, Der_type *ty, unsigned *tag)
@@ -630,7 +603,7 @@ decode_type (const char *name, const Type *t, int optional,
fprintf(codefile, fprintf(codefile,
"else {\n" "else {\n"
"(%s)->u.%s.data = calloc(1, len);\n" "(%s)->u.%s.data = calloc(1, len);\n"
"if ((%s)->u.%s.data == NULL && len != 0) {\n" "if ((%s)->u.%s.data == NULL) {\n"
"e = ENOMEM; %s;\n" "e = ENOMEM; %s;\n"
"}\n" "}\n"
"(%s)->u.%s.length = len;\n" "(%s)->u.%s.length = len;\n"
@@ -694,11 +667,6 @@ generate_type_decode (const Symbol *s)
{ {
int preserve = preserve_type(s->name) ? TRUE : FALSE; int preserve = preserve_type(s->name) ? TRUE : FALSE;
fprintf (headerfile,
"int "
"decode_%s(const unsigned char *, size_t, %s *, size_t *);\n",
s->gen_name, s->gen_name);
fprintf (codefile, "int\n" fprintf (codefile, "int\n"
"decode_%s(const unsigned char *p," "decode_%s(const unsigned char *p,"
" size_t len, %s *data, size_t *size)\n" " size_t len, %s *data, size_t *size)\n"
@@ -744,7 +712,7 @@ generate_type_decode (const Symbol *s)
if (preserve) if (preserve)
fprintf (codefile, fprintf (codefile,
"data->_save.data = calloc(1, ret);\n" "data->_save.data = calloc(1, ret);\n"
"if (data->_save.data == NULL && ret != 0) { \n" "if (data->_save.data == NULL) { \n"
"e = ENOMEM; goto fail; \n" "e = ENOMEM; goto fail; \n"
"}\n" "}\n"
"data->_save.length = ret;\n" "data->_save.length = ret;\n"

5
source4/heimdal/lib/asn1/gen_encode.c
View File

@@ -508,11 +508,6 @@ encode_type (const char *name, const Type *t, const char *tmpstr)
void void
generate_type_encode (const Symbol *s) generate_type_encode (const Symbol *s)
{ {
fprintf (headerfile,
"int "
"encode_%s(unsigned char *, size_t, const %s *, size_t *);\n",
s->gen_name, s->gen_name);
fprintf (codefile, "int\n" fprintf (codefile, "int\n"
"encode_%s(unsigned char *p, size_t len," "encode_%s(unsigned char *p, size_t len,"
" const %s *data, size_t *size)\n" " const %s *data, size_t *size)\n"

4
source4/heimdal/lib/asn1/gen_free.c
View File

@@ -182,10 +182,6 @@ generate_type_free (const Symbol *s)
{ {
int preserve = preserve_type(s->name) ? TRUE : FALSE; int preserve = preserve_type(s->name) ? TRUE : FALSE;
fprintf (headerfile,
"void free_%s (%s *);\n",
s->gen_name, s->gen_name);
fprintf (codefile, "void\n" fprintf (codefile, "void\n"
"free_%s(%s *data)\n" "free_%s(%s *data)\n"
"{\n", "{\n",

18
source4/heimdal/lib/asn1/gen_glue.c
View File

@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
* are met: * are met:
@@ -70,7 +72,8 @@ generate_int2 (const Type *t, const char *gen_name)
fprintf (codefile, fprintf (codefile,
"%s int2%s(unsigned n)\n" "%s int2%s(unsigned n)\n"
"{\n" "{\n"
"\t%s flags;\n\n", "\t%s flags;\n\n"
"\tmemset(&flags, 0, sizeof(flags));\n\n",
gen_name, gen_name, gen_name); gen_name, gen_name, gen_name);
if(t->members) { if(t->members) {
@@ -92,9 +95,17 @@ generate_units (const Type *t, const char *gen_name)
{ {
Member *m; Member *m;
if (template_flag) {
fprintf (headerfile,
"extern const struct units *asn1_%s_table_units;\n",
gen_name);
fprintf (headerfile, "#define asn1_%s_units() (asn1_%s_table_units)\n",
gen_name, gen_name);
} else {
fprintf (headerfile, fprintf (headerfile,
"const struct units * asn1_%s_units(void);", "const struct units * asn1_%s_units(void);",
gen_name); gen_name);
}
fprintf (codefile, fprintf (codefile,
"static struct units %s_units[] = {\n", "static struct units %s_units[] = {\n",
@@ -111,6 +122,11 @@ generate_units (const Type *t, const char *gen_name)
"\t{NULL,\t0}\n" "\t{NULL,\t0}\n"
"};\n\n"); "};\n\n");
if (template_flag)
fprintf (codefile,
"const struct units * asn1_%s_table_units = %s_units;\n",
gen_name, gen_name);
else
fprintf (codefile, fprintf (codefile,
"const struct units * asn1_%s_units(void){\n" "const struct units * asn1_%s_units(void){\n"
"return %s_units;\n" "return %s_units;\n"

5
source4/heimdal/lib/asn1/gen_length.c
View File

@@ -43,6 +43,7 @@ length_primitive (const char *typename,
fprintf (codefile, "%s += der_length_%s(%s);\n", variable, typename, name); fprintf (codefile, "%s += der_length_%s(%s);\n", variable, typename, name);
} }
/* XXX same as der_length_tag */
static size_t static size_t
length_tag(unsigned int tag) length_tag(unsigned int tag)
{ {
@@ -269,10 +270,6 @@ length_type (const char *name, const Type *t,
void void
generate_type_length (const Symbol *s) generate_type_length (const Symbol *s)
{ {
fprintf (headerfile,
"size_t length_%s(const %s *);\n",
s->gen_name, s->gen_name);
fprintf (codefile, fprintf (codefile,
"size_t\n" "size_t\n"
"length_%s(const %s *data)\n" "length_%s(const %s *data)\n"

11
source4/heimdal/lib/asn1/gen_locl.h
View File

@@ -52,6 +52,7 @@
#include "symbol.h" #include "symbol.h"
#include "asn1-common.h" #include "asn1-common.h"
#include "der.h" #include "der.h"
#include "der-private.h"
void generate_type (const Symbol *); void generate_type (const Symbol *);
void generate_constant (const Symbol *); void generate_constant (const Symbol *);
@@ -74,7 +75,10 @@ void init_generate (const char *, const char *);
const char *get_filename (void); const char *get_filename (void);
void close_generate(void); void close_generate(void);
void add_import(const char *); void add_import(const char *);
void add_export(const char *);
int is_export(const char *);
int yyparse(void); int yyparse(void);
int is_primitive_type(int);
int preserve_type(const char *); int preserve_type(const char *);
int seq_type(const char *); int seq_type(const char *);
@@ -82,9 +86,14 @@ int seq_type(const char *);
void generate_header_of_codefile(const char *); void generate_header_of_codefile(const char *);
void close_codefile(void); void close_codefile(void);
int is_template_compat (const Symbol *);
void generate_template(const Symbol *);
void gen_template_import(const Symbol *);
extern FILE *headerfile, *codefile, *logfile;
extern FILE *privheaderfile, *headerfile, *codefile, *logfile, *templatefile;
extern int support_ber; extern int support_ber;
extern int template_flag;
extern int rfc1510_bitstring; extern int rfc1510_bitstring;
extern int one_code_file; extern int one_code_file;

76
source4/heimdal/lib/asn1/krb5.asn1
View File

@@ -2,6 +2,78 @@
KERBEROS5 DEFINITIONS ::= KERBEROS5 DEFINITIONS ::=
BEGIN BEGIN
EXPORTS
AD-AND-OR,
AD-IF-RELEVANT,
AD-KDCIssued,
AD-LoginAlias,
AP-REP,
AP-REQ,
AS-REP,
AS-REQ,
AUTHDATA-TYPE,
Authenticator,
AuthorizationData,
AuthorizationDataElement,
CKSUMTYPE,
ChangePasswdDataMS,
Checksum,
ENCTYPE,
ETYPE-INFO,
ETYPE-INFO-ENTRY,
ETYPE-INFO2,
ETYPE-INFO2-ENTRY,
EncAPRepPart,
EncASRepPart,
EncKDCRepPart,
EncKrbCredPart,
EncKrbPrivPart,
EncTGSRepPart,
EncTicketPart,
EncryptedData,
EncryptionKey,
EtypeList,
HostAddress,
HostAddresses,
KDC-REQ-BODY,
KDCOptions,
KDC-REP,
KRB-CRED,
KRB-ERROR,
KRB-PRIV,
KRB-SAFE,
KRB-SAFE-BODY,
KRB5SignedPath,
KRB5SignedPathData,
KRB5SignedPathPrincipals,
KerberosString,
KerberosTime,
KrbCredInfo,
LR-TYPE,
LastReq,
METHOD-DATA,
NAME-TYPE,
PA-ClientCanonicalized,
PA-ClientCanonicalizedNames,
PA-DATA,
PA-ENC-TS-ENC,
PA-PAC-REQUEST,
PA-S4U2Self,
PA-SERVER-REFERRAL-DATA,
PA-ServerReferralData,
PA-SvrReferralData,
PADATA-TYPE,
Principal,
PrincipalName,
Principals,
Realm,
TGS-REP,
TGS-REQ,
Ticket,
TicketFlags,
TransitedEncoding,
TypedData
;
NAME-TYPE ::= INTEGER { NAME-TYPE ::= INTEGER {
KRB5_NT_UNKNOWN(0), -- Name type not known KRB5_NT_UNKNOWN(0), -- Name type not known
@@ -256,11 +328,7 @@ KDCOptions ::= BIT STRING {
proxy(4), proxy(4),
allow-postdate(5), allow-postdate(5),
postdated(6), postdated(6),
unused7(7),
renewable(8), renewable(8),
unused9(9),
unused10(10),
unused11(11),
request-anonymous(14), request-anonymous(14),
canonicalize(15), canonicalize(15),
constrained-delegation(16), -- ms extension constrained-delegation(16), -- ms extension

2
source4/heimdal/lib/asn1/main.c
View File

@@ -63,12 +63,14 @@ seq_type(const char *p)
} }
int support_ber; int support_ber;
int template_flag;
int rfc1510_bitstring; int rfc1510_bitstring;
int one_code_file; int one_code_file;
char *option_file; char *option_file;
int version_flag; int version_flag;
int help_flag; int help_flag;
struct getargs args[] = { struct getargs args[] = {
{ "template", 0, arg_flag, &template_flag },
{ "encode-rfc1510-bit-string", 0, arg_flag, &rfc1510_bitstring }, { "encode-rfc1510-bit-string", 0, arg_flag, &rfc1510_bitstring },
{ "decode-dce-ber", 0, arg_flag, &support_ber }, { "decode-dce-ber", 0, arg_flag, &support_ber },
{ "support-ber", 0, arg_flag, &support_ber }, { "support-ber", 0, arg_flag, &support_ber },

4
source4/heimdal/lib/asn1/symbol.c
View File

@@ -34,8 +34,6 @@
#include "gen_locl.h" #include "gen_locl.h"
#include "lex.h" #include "lex.h"
RCSID("$Id$");
static Hashtab *htab; static Hashtab *htab;
static int static int
@@ -68,7 +66,7 @@ output_name(char *s)
char *p; char *p;
for (p = s; *p; ++p) for (p = s; *p; ++p)
if (*p == '-') if (*p == '-' || *p == '.')
*p = '_'; *p = '_';
} }

42
source4/heimdal/lib/asn1/test.asn1
View File

@@ -6,8 +6,11 @@ BEGIN
IMPORTS heim_any FROM heim; IMPORTS heim_any FROM heim;
TESTuint32 ::= INTEGER (0..4294967295)
TESTLargeTag ::= SEQUENCE { TESTLargeTag ::= SEQUENCE {
foo[127] INTEGER (-2147483648..2147483647) foo[127] INTEGER (-2147483648..2147483647),
bar[128] INTEGER (-2147483648..2147483647)
} }
TESTSeq ::= SEQUENCE { TESTSeq ::= SEQUENCE {
@@ -57,6 +60,11 @@ TESTAlloc ::= SEQUENCE {
tagless2 heim_any OPTIONAL tagless2 heim_any OPTIONAL
} }
TESTOptional ::= SEQUENCE {
zero [0] INTEGER (-2147483648..2147483647) OPTIONAL,
one [1] INTEGER (-2147483648..2147483647) OPTIONAL
}
TESTCONTAINING ::= OCTET STRING ( CONTAINING INTEGER ) TESTCONTAINING ::= OCTET STRING ( CONTAINING INTEGER )
TESTENCODEDBY ::= OCTET STRING ( ENCODED BY TESTENCODEDBY ::= OCTET STRING ( ENCODED BY
@@ -92,4 +100,36 @@ TESTSeqSizeOf4 ::= SEQUENCE SIZE (MIN..2) OF TESTInteger
TESTOSSize1 ::= OCTET STRING SIZE (1..2) TESTOSSize1 ::= OCTET STRING SIZE (1..2)
TESTSeqOfSeq ::= SEQUENCE OF SEQUENCE {
zero [0] TESTInteger
}
TESTSeqOfSeq2 ::= SEQUENCE OF SEQUENCE {
string [0] GeneralString
}
TESTSeqOfSeq3 ::= SEQUENCE OF SEQUENCE {
zero [0] TESTInteger,
string [0] GeneralString
}
TESTSeqOf2 ::= SEQUENCE {
strings SEQUENCE OF GeneralString
}
TESTSeqOf3 ::= SEQUENCE {
strings SEQUENCE OF GeneralString OPTIONAL
}
TESTPreserve ::= SEQUENCE {
zero [0] TESTInteger,
one [1] TESTInteger
}
TESTBitString ::= BIT STRING {
zero(0),
eight(8),
thirtyone(31)
}
END END

5
source4/heimdal/lib/com_err/compile_et.c
View File

@@ -32,6 +32,9 @@
*/ */
#undef ROKEN_RENAME #undef ROKEN_RENAME
#include "config.h"
#include "compile_et.h" #include "compile_et.h"
#include <getarg.h> #include <getarg.h>
@@ -219,7 +222,7 @@ main(int argc, char **argv)
err(1, "%s", filename); err(1, "%s", filename);
p = strrchr(filename, '/'); p = strrchr(filename, rk_PATH_DELIM);
if(p) if(p)
p++; p++;
else else

7
source4/heimdal/lib/gssapi/gssapi/gssapi.h
View File

@@ -45,10 +45,12 @@
#ifndef BUILD_GSSAPI_LIB #ifndef BUILD_GSSAPI_LIB
#if defined(_WIN32) #if defined(_WIN32)
#define GSSAPI_LIB_FUNCTION _stdcall __declspec(dllimport) #define GSSAPI_LIB_FUNCTION __declspec(dllimport)
#define GSSAPI_LIB_CALL __stdcall
#define GSSAPI_LIB_VARIABLE __declspec(dllimport) #define GSSAPI_LIB_VARIABLE __declspec(dllimport)
#else #else
#define GSSAPI_LIB_FUNCTION #define GSSAPI_LIB_FUNCTION
#define GSSAPI_LIB_CALL
#define GSSAPI_LIB_VARIABLE #define GSSAPI_LIB_VARIABLE
#endif #endif
#endif #endif
@@ -810,7 +812,8 @@ extern gss_OID GSSAPI_LIB_VARIABLE GSS_C_ATTR_STREAM_SIZES;
OM_uint32 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_FUNCTION
gss_context_query_attributes(OM_uint32 * /* minor_status */, gss_context_query_attributes(OM_uint32 * /* minor_status */,
gss_OID /* attribute */, const gss_ctx_id_t /* context_handle */,
const gss_OID /* attribute */,
void * /*data*/, void * /*data*/,
size_t /* len */); size_t /* len */);
/* /*

16
source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h
View File

@@ -106,27 +106,27 @@ gss_krb5_ccache_name(OM_uint32 * /*minor_status*/,
const char ** /*out_name */); const char ** /*out_name */);
OM_uint32 GSSAPI_LIB_FUNCTION gsskrb5_register_acceptor_identity OM_uint32 GSSAPI_LIB_FUNCTION gsskrb5_register_acceptor_identity
(const char */*identity*/); (const char * /*identity*/);
OM_uint32 GSSAPI_LIB_FUNCTION krb5_gss_register_acceptor_identity OM_uint32 GSSAPI_LIB_FUNCTION krb5_gss_register_acceptor_identity
(const char */*identity*/); (const char * /*identity*/);
OM_uint32 GSSAPI_LIB_FUNCTION gss_krb5_copy_ccache OM_uint32 GSSAPI_LIB_FUNCTION gss_krb5_copy_ccache
(OM_uint32 */*minor*/, (OM_uint32 * /*minor*/,
gss_cred_id_t /*cred*/, gss_cred_id_t /*cred*/,
struct krb5_ccache_data */*out*/); struct krb5_ccache_data * /*out*/);
OM_uint32 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_FUNCTION
gss_krb5_import_cred(OM_uint32 */*minor*/, gss_krb5_import_cred(OM_uint32 * /*minor*/,
struct krb5_ccache_data * /*in*/, struct krb5_ccache_data * /*in*/,
struct Principal * /*keytab_principal*/, struct Principal * /*keytab_principal*/,
struct krb5_keytab_data * /*keytab*/, struct krb5_keytab_data * /*keytab*/,
gss_cred_id_t */*out*/); gss_cred_id_t * /*out*/);
OM_uint32 GSSAPI_LIB_FUNCTION gss_krb5_get_tkt_flags OM_uint32 GSSAPI_LIB_FUNCTION gss_krb5_get_tkt_flags
(OM_uint32 */*minor*/, (OM_uint32 * /*minor*/,
gss_ctx_id_t /*context_handle*/, gss_ctx_id_t /*context_handle*/,
OM_uint32 */*tkt_flags*/); OM_uint32 * /*tkt_flags*/);
OM_uint32 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_FUNCTION
gsskrb5_extract_authz_data_from_sec_context gsskrb5_extract_authz_data_from_sec_context

6
source4/heimdal/lib/gssapi/krb5/accept_sec_context.c
View File

@@ -207,7 +207,7 @@ gsskrb5_acceptor_ready(OM_uint32 * minor_status,
int32_t seq_number; int32_t seq_number;
int is_cfx = 0; int is_cfx = 0;
krb5_auth_getremoteseqnumber (context, krb5_auth_con_getremoteseqnumber (context,
ctx->auth_context, ctx->auth_context,
&seq_number); &seq_number);
@@ -669,7 +669,7 @@ acceptor_wait_for_dcestyle(OM_uint32 * minor_status,
return GSS_S_FAILURE; return GSS_S_FAILURE;
} }
kret = krb5_auth_getremoteseqnumber(context, kret = krb5_auth_con_getremoteseqnumber(context,
ctx->auth_context, ctx->auth_context,
&r_seq_number); &r_seq_number);
if (kret) { if (kret) {
@@ -749,7 +749,7 @@ acceptor_wait_for_dcestyle(OM_uint32 * minor_status,
{ {
int32_t tmp_r_seq_number, tmp_l_seq_number; int32_t tmp_r_seq_number, tmp_l_seq_number;
kret = krb5_auth_getremoteseqnumber(context, kret = krb5_auth_con_getremoteseqnumber(context,
ctx->auth_context, ctx->auth_context,
&tmp_r_seq_number); &tmp_r_seq_number);
if (kret) { if (kret) {

2
source4/heimdal/lib/gssapi/krb5/acquire_cred.c
View File

@@ -339,7 +339,7 @@ OM_uint32 _gsskrb5_acquire_cred
if (desired_name != GSS_C_NO_NAME) { if (desired_name != GSS_C_NO_NAME) {
ret = _gsskrb5_canon_name(minor_status, context, 0, NULL, ret = _gsskrb5_canon_name(minor_status, context, 1, NULL,
desired_name, &handle->principal); desired_name, &handle->principal);
if (ret) { if (ret) {
HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex); HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex);

4
source4/heimdal/lib/gssapi/krb5/init_sec_context.c
View File

@@ -255,7 +255,7 @@ gsskrb5_initiator_ready(
krb5_cc_close(context, ctx->ccache); krb5_cc_close(context, ctx->ccache);
ctx->ccache = NULL; ctx->ccache = NULL;
krb5_auth_getremoteseqnumber (context, ctx->auth_context, &seq_number); krb5_auth_con_getremoteseqnumber (context, ctx->auth_context, &seq_number);
_gsskrb5i_is_cfx(context, ctx, 0); _gsskrb5i_is_cfx(context, ctx, 0);
is_cfx = (ctx->more_flags & IS_CFX); is_cfx = (ctx->more_flags & IS_CFX);
@@ -782,7 +782,7 @@ repl_mutual
* for the gss_wrap calls. * for the gss_wrap calls.
*/ */
krb5_auth_getremoteseqnumber(context, ctx->auth_context, &remote_seq); krb5_auth_con_getremoteseqnumber(context, ctx->auth_context, &remote_seq);
krb5_auth_con_getlocalseqnumber(context, ctx->auth_context, &local_seq); krb5_auth_con_getlocalseqnumber(context, ctx->auth_context, &local_seq);
krb5_auth_con_setlocalseqnumber(context, ctx->auth_context, remote_seq); krb5_auth_con_setlocalseqnumber(context, ctx->auth_context, remote_seq);

2
source4/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c
View File

@@ -302,7 +302,7 @@ export_lucid_sec_context_v1(OM_uint32 *minor_status,
if (ret) goto out; if (ret) goto out;
ret = krb5_store_uint32(sp, (uint32_t)number); ret = krb5_store_uint32(sp, (uint32_t)number);
if (ret) goto out; if (ret) goto out;
krb5_auth_getremoteseqnumber (context, krb5_auth_con_getremoteseqnumber (context,
context_handle->auth_context, context_handle->auth_context,
&number); &number);
ret = krb5_store_uint32(sp, (uint32_t)0); /* store top half as zero */ ret = krb5_store_uint32(sp, (uint32_t)0); /* store top half as zero */

3
source4/heimdal/lib/gssapi/mech/gss_aeap.c
View File

@@ -202,7 +202,8 @@ gss_OID GSSAPI_LIB_VARIABLE GSS_C_ATTR_STREAM_SIZES =
OM_uint32 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_FUNCTION
gss_context_query_attributes(OM_uint32 *minor_status, gss_context_query_attributes(OM_uint32 *minor_status,
gss_OID attribute, const gss_ctx_id_t context_handle,
const gss_OID attribute,
void *data, void *data,
size_t len) size_t len)
{ {

39
source4/heimdal/lib/gssapi/mech/gss_mech_switch.c
View File

@@ -176,9 +176,9 @@ add_builtin(gssapi_mech_interface mech)
if (mech == NULL) if (mech == NULL)
return 0; return 0;
m = malloc(sizeof(*m)); m = calloc(1, sizeof(*m));
if (m == NULL) if (m == NULL)
return 1; return ENOMEM;
m->gm_so = NULL; m->gm_so = NULL;
m->gm_mech = *mech; m->gm_mech = *mech;
m->gm_mech_oid = mech->gm_mech_oid; /* XXX */ m->gm_mech_oid = mech->gm_mech_oid; /* XXX */
@@ -187,12 +187,12 @@ add_builtin(gssapi_mech_interface mech)
/* pick up the oid sets of names */ /* pick up the oid sets of names */
if (m->gm_mech.gm_inquire_names_for_mech) { if (m->gm_mech.gm_inquire_names_for_mech)
(*m->gm_mech.gm_inquire_names_for_mech)(&minor_status, (*m->gm_mech.gm_inquire_names_for_mech)(&minor_status,
&m->gm_mech.gm_mech_oid, &m->gm_name_types); &m->gm_mech.gm_mech_oid, &m->gm_name_types);
} else {
if (m->gm_name_types == NULL)
gss_create_empty_oid_set(&minor_status, &m->gm_name_types); gss_create_empty_oid_set(&minor_status, &m->gm_name_types);
}
SLIST_INSERT_HEAD(&_gss_mechs, m, gm_link); SLIST_INSERT_HEAD(&_gss_mechs, m, gm_link);
return 0; return 0;
@@ -211,6 +211,8 @@ _gss_load_mech(void)
char *name, *oid, *lib, *kobj; char *name, *oid, *lib, *kobj;
struct _gss_mech_switch *m; struct _gss_mech_switch *m;
void *so; void *so;
gss_OID_desc mech_oid;
int found;
HEIMDAL_MUTEX_lock(&_gss_mech_mutex); HEIMDAL_MUTEX_lock(&_gss_mech_mutex);
@@ -253,6 +255,23 @@ _gss_load_mech(void)
if (!name || !oid || !lib || !kobj) if (!name || !oid || !lib || !kobj)
continue; continue;
if (_gss_string_to_oid(oid, &mech_oid))
continue;
/*
* Check for duplicates, already loaded mechs.
*/
found = 0;
SLIST_FOREACH(m, &_gss_mechs, gm_link) {
if (gss_oid_equal(&m->gm_mech.gm_mech_oid, &mech_oid)) {
found = 1;
free(mech_oid.elements);
break;
}
}
if (found)
continue;
#ifndef RTLD_LOCAL #ifndef RTLD_LOCAL
#define RTLD_LOCAL 0 #define RTLD_LOCAL 0
#endif #endif
@@ -260,17 +279,17 @@ _gss_load_mech(void)
so = dlopen(lib, RTLD_LAZY | RTLD_LOCAL); so = dlopen(lib, RTLD_LAZY | RTLD_LOCAL);
if (!so) { if (!so) {
/* fprintf(stderr, "dlopen: %s\n", dlerror()); */ /* fprintf(stderr, "dlopen: %s\n", dlerror()); */
free(mech_oid.elements);
continue; continue;
} }
m = malloc(sizeof(*m)); m = malloc(sizeof(*m));
if (!m) if (!m) {
free(mech_oid.elements);
break; break;
m->gm_so = so;
if (_gss_string_to_oid(oid, &m->gm_mech.gm_mech_oid)) {
free(m);
continue;
} }
m->gm_so = so;
m->gm_mech.gm_mech_oid = mech_oid;
m->gm_mech.gm_flags = 0; m->gm_mech.gm_flags = 0;
major_status = gss_add_oid_set_member(&minor_status, major_status = gss_add_oid_set_member(&minor_status,

4
source4/heimdal/lib/gssapi/spnego/spnego_locl.h
View File

@@ -44,6 +44,8 @@
#include <sys/param.h> #include <sys/param.h>
#endif #endif
#include <roken.h>
#ifdef HAVE_PTHREAD_H #ifdef HAVE_PTHREAD_H
#include <pthread.h> #include <pthread.h>
#endif #endif
@@ -69,8 +71,6 @@
#include "utils.h" #include "utils.h"
#include <der.h> #include <der.h>
#include <roken.h>
#define ALLOC(X, N) (X) = calloc((N), sizeof(*(X))) #define ALLOC(X, N) (X) = calloc((N), sizeof(*(X)))
typedef struct { typedef struct {

2
source4/heimdal/lib/hcrypto/aes.h
View File

@@ -69,7 +69,7 @@ void AES_encrypt(const unsigned char *, unsigned char *, const AES_KEY *);
void AES_decrypt(const unsigned char *, unsigned char *, const AES_KEY *); void AES_decrypt(const unsigned char *, unsigned char *, const AES_KEY *);
void AES_cbc_encrypt(const unsigned char *, unsigned char *, void AES_cbc_encrypt(const unsigned char *, unsigned char *,
const unsigned long, const AES_KEY *, unsigned long, const AES_KEY *,
unsigned char *, int); unsigned char *, int);
#ifdef __cplusplus #ifdef __cplusplus

1
source4/heimdal/lib/hcrypto/bn.c
View File

@@ -40,6 +40,7 @@
#include <limits.h> #include <limits.h>
#include <krb5-types.h> #include <krb5-types.h>
#include <roken.h>
#include <rfc2459_asn1.h> /* XXX */ #include <rfc2459_asn1.h> /* XXX */
#include <der.h> #include <der.h>

13
source4/heimdal/lib/hcrypto/des.c
View File

@@ -92,6 +92,8 @@
#include <krb5-types.h> #include <krb5-types.h>
#include <assert.h> #include <assert.h>
#include <roken.h>
#include "des.h" #include "des.h"
#include "ui.h" #include "ui.h"
@@ -180,14 +182,13 @@ static DES_cblock weak_keys[] = {
int int
DES_is_weak_key(DES_cblock *key) DES_is_weak_key(DES_cblock *key)
{ {
int weak = 0;
int i; int i;
/* Not constant time size if the key is weak, the app should not use it. */ for (i = 0; i < sizeof(weak_keys)/sizeof(weak_keys[0]); i++)
for (i = 0; i < sizeof(weak_keys)/sizeof(weak_keys[0]); i++) { weak ^= (ct_memcmp(weak_keys[i], key, DES_CBLOCK_LEN) == 0);
if (memcmp(weak_keys[i], key, DES_CBLOCK_LEN) == 0)
return 1; return !!weak;
}
return 0;
} }
/** /**

24
source4/heimdal/lib/hcrypto/evp-cc.c
View File

@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
* are met: * are met:
@@ -43,7 +45,9 @@
#include <string.h> #include <string.h>
#include <assert.h> #include <assert.h>
#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
#include <CommonCrypto/CommonDigest.h> #include <CommonCrypto/CommonDigest.h>
#endif
#include <CommonCrypto/CommonCryptor.h> #include <CommonCrypto/CommonCryptor.h>
#include <evp.h> #include <evp.h>
@@ -420,6 +424,7 @@ EVP_cc_rc2_64_cbc(void)
const EVP_MD * const EVP_MD *
EVP_cc_md2(void) EVP_cc_md2(void)
{ {
#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
static const struct hc_evp_md md2 = { static const struct hc_evp_md md2 = {
CC_MD2_DIGEST_LENGTH, CC_MD2_DIGEST_LENGTH,
CC_MD2_BLOCK_BYTES, CC_MD2_BLOCK_BYTES,
@@ -430,6 +435,9 @@ EVP_cc_md2(void)
(hc_evp_md_cleanup)NULL (hc_evp_md_cleanup)NULL
}; };
return &md2; return &md2;
#else
return NULL;
#endif
} }
/** /**
@@ -441,6 +449,7 @@ EVP_cc_md2(void)
const EVP_MD * const EVP_MD *
EVP_cc_md4(void) EVP_cc_md4(void)
{ {
#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
static const struct hc_evp_md md4 = { static const struct hc_evp_md md4 = {
CC_MD4_DIGEST_LENGTH, CC_MD4_DIGEST_LENGTH,
CC_MD4_BLOCK_BYTES, CC_MD4_BLOCK_BYTES,
@@ -451,6 +460,9 @@ EVP_cc_md4(void)
(hc_evp_md_cleanup)NULL (hc_evp_md_cleanup)NULL
}; };
return &md4; return &md4;
#else
return NULL;
#endif
} }
/** /**
@@ -462,6 +474,7 @@ EVP_cc_md4(void)
const EVP_MD * const EVP_MD *
EVP_cc_md5(void) EVP_cc_md5(void)
{ {
#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
static const struct hc_evp_md md5 = { static const struct hc_evp_md md5 = {
CC_MD5_DIGEST_LENGTH, CC_MD5_DIGEST_LENGTH,
CC_MD5_BLOCK_BYTES, CC_MD5_BLOCK_BYTES,
@@ -472,6 +485,9 @@ EVP_cc_md5(void)
(hc_evp_md_cleanup)NULL (hc_evp_md_cleanup)NULL
}; };
return &md5; return &md5;
#else
return NULL;
#endif
} }
/** /**
@@ -483,6 +499,7 @@ EVP_cc_md5(void)
const EVP_MD * const EVP_MD *
EVP_cc_sha1(void) EVP_cc_sha1(void)
{ {
#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
static const struct hc_evp_md sha1 = { static const struct hc_evp_md sha1 = {
CC_SHA1_DIGEST_LENGTH, CC_SHA1_DIGEST_LENGTH,
CC_SHA1_BLOCK_BYTES, CC_SHA1_BLOCK_BYTES,
@@ -493,6 +510,9 @@ EVP_cc_sha1(void)
(hc_evp_md_cleanup)NULL (hc_evp_md_cleanup)NULL
}; };
return &sha1; return &sha1;
#else
return NULL;
#endif
} }
/** /**
@@ -504,6 +524,7 @@ EVP_cc_sha1(void)
const EVP_MD * const EVP_MD *
EVP_cc_sha256(void) EVP_cc_sha256(void)
{ {
#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
static const struct hc_evp_md sha256 = { static const struct hc_evp_md sha256 = {
CC_SHA256_DIGEST_LENGTH, CC_SHA256_DIGEST_LENGTH,
CC_SHA256_BLOCK_BYTES, CC_SHA256_BLOCK_BYTES,
@@ -514,6 +535,9 @@ EVP_cc_sha256(void)
(hc_evp_md_cleanup)NULL (hc_evp_md_cleanup)NULL
}; };
return &sha256; return &sha256;
#else
return NULL;
#endif
} }
/** /**

2
source4/heimdal/lib/hcrypto/evp-cc.h
View File

@@ -41,7 +41,7 @@
#define EVP_cc_md4 hc_EVP_cc_md4 #define EVP_cc_md4 hc_EVP_cc_md4
#define EVP_cc_md5 hc_EVP_cc_md5 #define EVP_cc_md5 hc_EVP_cc_md5
#define EVP_cc_sha1 hc_EVP_cc_sha1 #define EVP_cc_sha1 hc_EVP_cc_sha1
#define EVP_cc_sha256 hc_EVP__cc_sha256 #define EVP_cc_sha256 hc_EVP_cc_sha256
#define EVP_cc_des_cbc hc_EVP_cc_des_cbc #define EVP_cc_des_cbc hc_EVP_cc_des_cbc
#define EVP_cc_des_ede3_cbc hc_EVP_cc_des_ede3_cbc #define EVP_cc_des_ede3_cbc hc_EVP_cc_des_ede3_cbc
#define EVP_cc_aes_128_cbc hc_EVP_cc_aes_128_cbc #define EVP_cc_aes_128_cbc hc_EVP_cc_aes_128_cbc

1
source4/heimdal/lib/hcrypto/evp.c
View File

@@ -49,6 +49,7 @@
#include <evp-cc.h> #include <evp-cc.h>
#include <krb5-types.h> #include <krb5-types.h>
#include <roken.h>
#ifndef HCRYPTO_DEF_PROVIDER #ifndef HCRYPTO_DEF_PROVIDER
#define HCRYPTO_DEF_PROVIDER hcrypto #define HCRYPTO_DEF_PROVIDER hcrypto

18
source4/heimdal/lib/hcrypto/evp.h
View File

@@ -214,24 +214,24 @@ HC_CPP_BEGIN
*/ */
const EVP_MD *EVP_md_null(void); const EVP_MD *EVP_md_null(void);
const EVP_MD *EVP_md2(void) HC_DEPRECATED_CRYPTO; HC_DEPRECATED_CRYPTO const EVP_MD *EVP_md2(void);
const EVP_MD *EVP_md4(void) HC_DEPRECATED_CRYPTO; HC_DEPRECATED_CRYPTO const EVP_MD *EVP_md4(void);
const EVP_MD *EVP_md5(void) HC_DEPRECATED_CRYPTO; HC_DEPRECATED_CRYPTO const EVP_MD *EVP_md5(void);
const EVP_MD *EVP_sha(void) HC_DEPRECATED; const EVP_MD *EVP_sha(void);
const EVP_MD *EVP_sha1(void); const EVP_MD *EVP_sha1(void);
const EVP_MD *EVP_sha256(void); const EVP_MD *EVP_sha256(void);
const EVP_CIPHER * EVP_aes_128_cbc(void); const EVP_CIPHER * EVP_aes_128_cbc(void);
const EVP_CIPHER * EVP_aes_192_cbc(void); const EVP_CIPHER * EVP_aes_192_cbc(void);
const EVP_CIPHER * EVP_aes_256_cbc(void); const EVP_CIPHER * EVP_aes_256_cbc(void);
const EVP_CIPHER * EVP_des_cbc(void) HC_DEPRECATED_CRYPTO; HC_DEPRECATED_CRYPTO const EVP_CIPHER * EVP_des_cbc(void);
const EVP_CIPHER * EVP_des_ede3_cbc(void); const EVP_CIPHER * EVP_des_ede3_cbc(void);
const EVP_CIPHER * EVP_enc_null(void); const EVP_CIPHER * EVP_enc_null(void);
const EVP_CIPHER * EVP_rc2_40_cbc(void) HC_DEPRECATED_CRYPTO; HC_DEPRECATED_CRYPTO const EVP_CIPHER * EVP_rc2_40_cbc(void);
const EVP_CIPHER * EVP_rc2_64_cbc(void) HC_DEPRECATED_CRYPTO; HC_DEPRECATED_CRYPTO const EVP_CIPHER * EVP_rc2_64_cbc(void);
const EVP_CIPHER * EVP_rc2_cbc(void) HC_DEPRECATED_CRYPTO; HC_DEPRECATED_CRYPTO const EVP_CIPHER * EVP_rc2_cbc(void);
const EVP_CIPHER * EVP_rc4(void); const EVP_CIPHER * EVP_rc4(void);
const EVP_CIPHER * EVP_rc4_40(void) HC_DEPRECATED_CRYPTO; HC_DEPRECATED_CRYPTO const EVP_CIPHER * EVP_rc4_40(void);
const EVP_CIPHER * EVP_camellia_128_cbc(void); const EVP_CIPHER * EVP_camellia_128_cbc(void);
const EVP_CIPHER * EVP_camellia_192_cbc(void); const EVP_CIPHER * EVP_camellia_192_cbc(void);
const EVP_CIPHER * EVP_camellia_256_cbc(void); const EVP_CIPHER * EVP_camellia_256_cbc(void);

1
source4/heimdal/lib/hcrypto/hash.h
View File

@@ -43,6 +43,7 @@
#ifdef KRB5 #ifdef KRB5
#include <krb5-types.h> #include <krb5-types.h>
#endif #endif
#include <roken.h>
#ifndef min #ifndef min
#define min(a,b) (((a)>(b))?(b):(a)) #define min(a,b) (((a)>(b))?(b):(a))

9
source4/heimdal/lib/hcrypto/rand-fortuna.c
View File

@@ -35,6 +35,9 @@
#include <stdlib.h> #include <stdlib.h>
#include <rand.h> #include <rand.h>
#ifdef KRB5
#include <krb5-types.h>
#endif
#include <roken.h> #include <roken.h>
#include "randi.h" #include "randi.h"
@@ -451,6 +454,7 @@ fortuna_reseed(void)
if (!init_done) if (!init_done)
abort(); abort();
#ifndef NO_RAND_UNIX_METHOD
{ {
unsigned char buf[INIT_BYTES]; unsigned char buf[INIT_BYTES];
if ((*hc_rand_unix_method.bytes)(buf, sizeof(buf)) == 1) { if ((*hc_rand_unix_method.bytes)(buf, sizeof(buf)) == 1) {
@@ -459,6 +463,7 @@ fortuna_reseed(void)
memset(buf, 0, sizeof(buf)); memset(buf, 0, sizeof(buf));
} }
} }
#endif
#ifdef HAVE_ARC4RANDOM #ifdef HAVE_ARC4RANDOM
{ {
uint32_t buf[INIT_BYTES / sizeof(uint32_t)]; uint32_t buf[INIT_BYTES / sizeof(uint32_t)];
@@ -470,6 +475,7 @@ fortuna_reseed(void)
entropy_p = 1; entropy_p = 1;
} }
#endif #endif
#ifndef NO_RAND_EGD_METHOD
/* /*
* Only to get egd entropy if /dev/random or arc4rand failed since * Only to get egd entropy if /dev/random or arc4rand failed since
* it can be horribly slow to generate new bits. * it can be horribly slow to generate new bits.
@@ -482,6 +488,7 @@ fortuna_reseed(void)
memset(buf, 0, sizeof(buf)); memset(buf, 0, sizeof(buf));
} }
} }
#endif
/* /*
* Fall back to gattering data from timer and secret files, this * Fall back to gattering data from timer and secret files, this
* is really the last resort. * is really the last resort.
@@ -521,10 +528,12 @@ fortuna_reseed(void)
gettimeofday(&tv, NULL); gettimeofday(&tv, NULL);
add_entropy(&main_state, (void *)&tv, sizeof(tv)); add_entropy(&main_state, (void *)&tv, sizeof(tv));
} }
#ifdef HAVE_GETUID
{ {
uid_t u = getuid(); uid_t u = getuid();
add_entropy(&main_state, (void *)&u, sizeof(u)); add_entropy(&main_state, (void *)&u, sizeof(u));
} }
#endif
return entropy_p; return entropy_p;
} }

34
source4/heimdal/lib/hcrypto/rand-unix.c
View File

@@ -42,9 +42,6 @@
#include "randi.h" #include "randi.h"
static int random_fd = -1;
static HEIMDAL_MUTEX random_mutex = HEIMDAL_MUTEX_INITIALIZER;
/* /*
* Unix /dev/random * Unix /dev/random
*/ */
@@ -93,44 +90,29 @@ static int
unix_bytes(unsigned char *outdata, int size) unix_bytes(unsigned char *outdata, int size)
{ {
ssize_t count; ssize_t count;
int once = 0; int fd;
if (size < 0) if (size < 0)
return 0; return 0;
else if (size == 0) else if (size == 0)
return 1; return 1;
HEIMDAL_MUTEX_lock(&random_mutex); fd = get_device_fd(O_RDONLY);
if (random_fd == -1) { if (fd < 0)
retry:
random_fd = get_device_fd(O_RDONLY);
if (random_fd < 0) {
HEIMDAL_MUTEX_unlock(&random_mutex);
return 0; return 0;
}
}
while (size > 0) { while (size > 0) {
HEIMDAL_MUTEX_unlock(&random_mutex); count = read(fd, outdata, size);
count = read (random_fd, outdata, size); if (count < 0 && errno == EINTR)
HEIMDAL_MUTEX_lock(&random_mutex);
if (random_fd < 0) {
if (errno == EINTR)
continue; continue;
else if (errno == EBADF && once++ == 0) { else if (count <= 0) {
close(random_fd); close(fd);
random_fd = -1;
goto retry;
}
return 0;
} else if (count <= 0) {
HEIMDAL_MUTEX_unlock(&random_mutex);
return 0; return 0;
} }
outdata += count; outdata += count;
size -= count; size -= count;
} }
HEIMDAL_MUTEX_unlock(&random_mutex); close(fd);
return 1; return 1;
} }

8
source4/heimdal/lib/hcrypto/rand.c
View File

@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
* are met: * are met:
@@ -58,7 +60,9 @@ init_method(void)
{ {
if (selected_meth != NULL) if (selected_meth != NULL)
return; return;
#ifdef __APPLE__ #if defined(_WIN32)
selected_meth = &hc_rand_w32crypto_method;
#elif defined(__APPLE__)
selected_meth = &hc_rand_unix_method; selected_meth = &hc_rand_unix_method;
#else #else
selected_meth = &hc_rand_fortuna_method; selected_meth = &hc_rand_fortuna_method;
@@ -95,6 +99,8 @@ RAND_seed(const void *indata, size_t size)
int int
RAND_bytes(void *outdata, size_t size) RAND_bytes(void *outdata, size_t size)
{ {
if (size == 0)
return 1;
init_method(); init_method();
return (*selected_meth->bytes)(outdata, size); return (*selected_meth->bytes)(outdata, size);
} }

1
source4/heimdal/lib/hcrypto/rand.h
View File

@@ -62,6 +62,7 @@ typedef struct RAND_METHOD RAND_METHOD;
#define RAND_fortuna_method hc_RAND_fortuna_method #define RAND_fortuna_method hc_RAND_fortuna_method
#define RAND_egd_method hc_RAND_egd_method #define RAND_egd_method hc_RAND_egd_method
#define RAND_unix_method hc_RAND_unix_method #define RAND_unix_method hc_RAND_unix_method
#define RAND_w32crypto_method hc_RAND_w32crypto_method
/* /*
* *

1
source4/heimdal/lib/hcrypto/randi.h
View File

@@ -42,6 +42,7 @@ extern const RAND_METHOD hc_rand_fortuna_method;
extern const RAND_METHOD hc_rand_unix_method; extern const RAND_METHOD hc_rand_unix_method;
extern const RAND_METHOD hc_rand_egd_method; extern const RAND_METHOD hc_rand_egd_method;
extern const RAND_METHOD hc_rand_timer_method; extern const RAND_METHOD hc_rand_timer_method;
extern const RAND_METHOD hc_rand_w32crypto_method;
const RAND_METHOD * RAND_timer_method(void); const RAND_METHOD * RAND_timer_method(void);

3
source4/heimdal/lib/hcrypto/rijndael-alg-fst.c
View File

@@ -31,11 +31,12 @@
#include "config.h" #include "config.h"
#include <stdlib.h>
#ifdef KRB5 #ifdef KRB5
#include <krb5-types.h> #include <krb5-types.h>
#endif #endif
#include <rijndael-alg-fst.h> #include "rijndael-alg-fst.h"
/* the file should not be used from outside */ /* the file should not be used from outside */
typedef uint8_t u8; typedef uint8_t u8;

4
source4/heimdal/lib/hcrypto/rnd_keys.c
View File

@@ -39,11 +39,11 @@
#ifdef KRB5 #ifdef KRB5
#include <krb5-types.h> #include <krb5-types.h>
#endif #endif
#include <stdlib.h>
#include <des.h> #include <des.h>
#include <rand.h> #include <rand.h>
#include <stdlib.h>
#undef __attribute__ #undef __attribute__
#define __attribute__(X) #define __attribute__(X)

54
source4/heimdal/lib/hcrypto/ui.c
View File

@@ -37,10 +37,15 @@
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <signal.h> #include <signal.h>
#ifdef HAVE_TERMIOS_H
#include <termios.h> #include <termios.h>
#endif
#include <roken.h> #include <roken.h>
#include <ui.h> #include <ui.h>
#ifdef HAVE_CONIO_H
#include <conio.h>
#endif
static sig_atomic_t intr_flag; static sig_atomic_t intr_flag;
@@ -50,6 +55,53 @@ intr(int sig)
intr_flag++; intr_flag++;
} }
#ifdef HAVE_CONIO_H
/*
* Windows does console slightly different then then unix case.
*/
static int
read_string(const char *preprompt, const char *prompt,
char *buf, size_t len, int echo)
{
int of = 0;
int c;
char *p;
void (*oldsigintr)(int);
_cprintf("%s%s", preprompt, prompt);
oldsigintr = signal(SIGINT, intr);
p = buf;
while(intr_flag == 0){
c = ((echo)? _getche(): _getch());
if(c == '\n')
break;
if(of == 0)
*p++ = c;
of = (p == buf + len);
}
if(of)
p--;
*p = 0;
if(echo == 0){
printf("\n");
}
signal(SIGINT, oldsigintr);
if(intr_flag)
return -2;
if(of)
return -1;
return 0;
}
#else /* !HAVE_CONIO_H */
#ifndef NSIG #ifndef NSIG
#define NSIG 47 #define NSIG 47
#endif #endif
@@ -135,6 +187,8 @@ read_string(const char *preprompt, const char *prompt,
return 0; return 0;
} }
#endif /* HAVE_CONIO_H */
int int
UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, int verify) UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, int verify)
{ {

10
source4/heimdal/lib/hdb/ext.c
View File

@@ -281,6 +281,7 @@ hdb_entry_get_password(krb5_context context, HDB *db,
const hdb_entry *entry, char **p) const hdb_entry *entry, char **p)
{ {
HDB_extension *ext; HDB_extension *ext;
char *str;
int ret; int ret;
ext = hdb_find_extension(entry, choice_HDB_extension_data_password); ext = hdb_find_extension(entry, choice_HDB_extension_data_password);
@@ -329,17 +330,14 @@ hdb_entry_get_password(krb5_context context, HDB *db,
return 0; return 0;
} }
{ ret = krb5_unparse_name(context, entry->principal, &str);
char *name;
ret = krb5_unparse_name(context, entry->principal, &name);
if (ret == 0) { if (ret == 0) {
krb5_set_error_message(context, ENOENT, "no password attributefor %s", name); krb5_set_error_message(context, ENOENT, "no password attributefor %s", str);
free(name); free(str);
} else } else
krb5_clear_error_message(context); krb5_clear_error_message(context);
return ENOENT; return ENOENT;
}
} }
int int

27
source4/heimdal/lib/hdb/hdb.c
View File

@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
* are met: * are met:
@@ -65,9 +67,13 @@ static struct hdb_method methods[] = {
#if HAVE_DB1 || HAVE_DB3 #if HAVE_DB1 || HAVE_DB3
{ HDB_INTERFACE_VERSION, "db:", hdb_db_create}, { HDB_INTERFACE_VERSION, "db:", hdb_db_create},
#endif #endif
#if HAVE_DB1
{ HDB_INTERFACE_VERSION, "mit-db:", hdb_mdb_create},
#endif
#if HAVE_NDBM #if HAVE_NDBM
{ HDB_INTERFACE_VERSION, "ndbm:", hdb_ndbm_create}, { HDB_INTERFACE_VERSION, "ndbm:", hdb_ndbm_create},
#endif #endif
{ HDB_INTERFACE_VERSION, "keytab:", hdb_keytab_create},
#if defined(OPENLDAP) && !defined(OPENLDAP_MODULE) #if defined(OPENLDAP) && !defined(OPENLDAP_MODULE)
{ HDB_INTERFACE_VERSION, "ldap:", hdb_ldap_create}, { HDB_INTERFACE_VERSION, "ldap:", hdb_ldap_create},
{ HDB_INTERFACE_VERSION, "ldapi:", hdb_ldapi_create}, { HDB_INTERFACE_VERSION, "ldapi:", hdb_ldapi_create},
@@ -411,6 +417,27 @@ hdb_list_builtin(krb5_context context, char **list)
return 0; return 0;
} }
krb5_error_code
_hdb_keytab2hdb_entry(krb5_context context,
const krb5_keytab_entry *ktentry,
hdb_entry_ex *entry)
{
entry->entry.kvno = ktentry->vno;
entry->entry.created_by.time = ktentry->timestamp;
entry->entry.keys.val = calloc(1, sizeof(entry->entry.keys.val[0]));
if (entry->entry.keys.val == NULL)
return ENOMEM;
entry->entry.keys.len = 1;
entry->entry.keys.val[0].mkvno = NULL;
entry->entry.keys.val[0].salt = NULL;
return krb5_copy_keyblock_contents(context,
&ktentry->keyblock,
&entry->entry.keys.val[0].key);
}
/** /**
* Create a handle for a Kerberos database * Create a handle for a Kerberos database
* *

7
source4/heimdal/lib/hdb/hdb.h
View File

@@ -193,6 +193,13 @@ typedef struct HDB{
* point for the module. * point for the module.
*/ */
krb5_error_code (*hdb_destroy)(krb5_context, struct HDB*); krb5_error_code (*hdb_destroy)(krb5_context, struct HDB*);
/**
* Get the list of realms this backend handles.
* This call is optional to support. The returned realms are used
* for announcing the realms over bonjour. Free returned array
* with krb5_free_host_realm().
*/
krb5_error_code (*hdb_get_realms)(krb5_context, struct HDB *, krb5_realm **);
/** /**
* Change password. * Change password.
* *

2
source4/heimdal/lib/hdb/mkey.c
View File

@@ -185,7 +185,7 @@ read_master_mit(krb5_context context, const char *filename,
if(ret) if(ret)
goto out; goto out;
} }
ret = hdb_process_master_key(context, 0, &key, 0, mkey); ret = hdb_process_master_key(context, 1, &key, 0, mkey);
krb5_free_keyblock_contents(context, &key); krb5_free_keyblock_contents(context, &key);
out: out:
krb5_storage_free(sp); krb5_storage_free(sp);

7
source4/heimdal/lib/hx509/cert.c
View File

@@ -1023,9 +1023,12 @@ certificate_is_self_signed(hx509_context context,
ret = _hx509_name_cmp(&cert->tbsCertificate.subject, ret = _hx509_name_cmp(&cert->tbsCertificate.subject,
&cert->tbsCertificate.issuer, &diff); &cert->tbsCertificate.issuer, &diff);
*self_signed = (diff == 0); *self_signed = (diff == 0);
if (ret) if (ret) {
hx509_set_error_string(context, 0, ret, hx509_set_error_string(context, 0, ret,
"Failed to check if self signed"); "Failed to check if self signed");
} else
ret = _hx509_self_signed_valid(context, &cert->signatureAlgorithm);
return ret; return ret;
} }
@@ -3251,7 +3254,7 @@ _hx509_cert_get_eku(hx509_context context,
* @param context A hx509 context. * @param context A hx509 context.
* @param c the certificate to encode. * @param c the certificate to encode.
* @param os the encode certificate, set to NULL, 0 on case of * @param os the encode certificate, set to NULL, 0 on case of
* error. Free the returned structure with hx509_xfree(). * error. Free the os->data with hx509_xfree().
* *
* @return An hx509 error code, see hx509_get_error_string(). * @return An hx509 error code, see hx509_get_error_string().
* *

4
source4/heimdal/lib/hx509/cms.c
View File

@@ -1491,7 +1491,7 @@ hx509_cms_create_signed(hx509_context context,
* signatures). * signatures).
*/ */
if ((flags & HX509_CMS_SIGNATURE_NO_SIGNER) == 0) { if ((flags & HX509_CMS_SIGNATURE_NO_SIGNER) == 0) {
ret = hx509_certs_iter(context, certs, sig_process, &sigctx); ret = hx509_certs_iter_f(context, certs, sig_process, &sigctx);
if (ret) if (ret)
goto out; goto out;
} }
@@ -1525,7 +1525,7 @@ hx509_cms_create_signed(hx509_context context,
goto out; goto out;
} }
ret = hx509_certs_iter(context, sigctx.certs, cert_process, &sigctx); ret = hx509_certs_iter_f(context, sigctx.certs, cert_process, &sigctx);
if (ret) if (ret)
goto out; goto out;
} }

36
source4/heimdal/lib/hx509/crypto.c
View File

@@ -87,8 +87,9 @@ struct signature_alg {
const heim_oid *key_oid; const heim_oid *key_oid;
const AlgorithmIdentifier *digest_alg; const AlgorithmIdentifier *digest_alg;
int flags; int flags;
#define PROVIDE_CONF 1 #define PROVIDE_CONF 0x1
#define REQUIRE_SIGNER 2 #define REQUIRE_SIGNER 0x2
#define SELF_SIGNED_OK 0x4
#define SIG_DIGEST 0x100 #define SIG_DIGEST 0x100
#define SIG_PUBLIC_SIG 0x200 #define SIG_PUBLIC_SIG 0x200
@@ -1200,7 +1201,7 @@ static const struct signature_alg ecdsa_with_sha256_alg = {
&_hx509_signature_ecdsa_with_sha256_data, &_hx509_signature_ecdsa_with_sha256_data,
&asn1_oid_id_ecPublicKey, &asn1_oid_id_ecPublicKey,
&_hx509_signature_sha256_data, &_hx509_signature_sha256_data,
PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG, PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
0, 0,
NULL, NULL,
ecdsa_verify_signature, ecdsa_verify_signature,
@@ -1214,7 +1215,7 @@ static const struct signature_alg ecdsa_with_sha1_alg = {
&_hx509_signature_ecdsa_with_sha1_data, &_hx509_signature_ecdsa_with_sha1_data,
&asn1_oid_id_ecPublicKey, &asn1_oid_id_ecPublicKey,
&_hx509_signature_sha1_data, &_hx509_signature_sha1_data,
PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG, PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
0, 0,
NULL, NULL,
ecdsa_verify_signature, ecdsa_verify_signature,
@@ -1243,7 +1244,7 @@ static const struct signature_alg pkcs1_rsa_sha1_alg = {
&_hx509_signature_rsa_with_sha1_data, &_hx509_signature_rsa_with_sha1_data,
&asn1_oid_id_pkcs1_rsaEncryption, &asn1_oid_id_pkcs1_rsaEncryption,
NULL, NULL,
PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG, PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
0, 0,
NULL, NULL,
rsa_verify_signature, rsa_verify_signature,
@@ -1256,7 +1257,7 @@ static const struct signature_alg rsa_with_sha256_alg = {
&_hx509_signature_rsa_with_sha256_data, &_hx509_signature_rsa_with_sha256_data,
&asn1_oid_id_pkcs1_rsaEncryption, &asn1_oid_id_pkcs1_rsaEncryption,
&_hx509_signature_sha256_data, &_hx509_signature_sha256_data,
PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG, PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
0, 0,
NULL, NULL,
rsa_verify_signature, rsa_verify_signature,
@@ -1269,7 +1270,7 @@ static const struct signature_alg rsa_with_sha1_alg = {
&_hx509_signature_rsa_with_sha1_data, &_hx509_signature_rsa_with_sha1_data,
&asn1_oid_id_pkcs1_rsaEncryption, &asn1_oid_id_pkcs1_rsaEncryption,
&_hx509_signature_sha1_data, &_hx509_signature_sha1_data,
PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG, PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
0, 0,
NULL, NULL,
rsa_verify_signature, rsa_verify_signature,
@@ -1481,6 +1482,27 @@ _hx509_signature_best_before(hx509_context context,
return 0; return 0;
} }
int
_hx509_self_signed_valid(hx509_context context,
const AlgorithmIdentifier *alg)
{
const struct signature_alg *md;
md = find_sig_alg(&alg->algorithm);
if (md == NULL) {
hx509_clear_error_string(context);
return HX509_SIG_ALG_NO_SUPPORTED;
}
if ((md->flags & SELF_SIGNED_OK) == 0) {
hx509_set_error_string(context, 0, HX509_CRYPTO_ALGORITHM_BEST_BEFORE,
"Algorithm %s not trusted for self signatures",
md->name);
return HX509_CRYPTO_ALGORITHM_BEST_BEFORE;
}
return 0;
}
int int
_hx509_verify_signature(hx509_context context, _hx509_verify_signature(hx509_context context,
const hx509_cert cert, const hx509_cert cert,

5
source4/heimdal/lib/hx509/hx_locl.h
View File

@@ -39,16 +39,19 @@
#include <stdlib.h> #include <stdlib.h>
#include <ctype.h> #include <ctype.h>
#include <errno.h> #include <errno.h>
#ifdef HAVE_STRINGS_H
#include <strings.h> #include <strings.h>
#endif
#include <assert.h> #include <assert.h>
#include <stdarg.h> #include <stdarg.h>
#include <err.h> #include <err.h>
#include <limits.h> #include <limits.h>
#include <roken.h>
#include <getarg.h> #include <getarg.h>
#include <base64.h> #include <base64.h>
#include <hex.h> #include <hex.h>
#include <roken.h>
#include <com_err.h> #include <com_err.h>
#include <parse_units.h> #include <parse_units.h>
#include <parse_bytes.h> #include <parse_bytes.h>

49
source4/heimdal/lib/hx509/keyset.c
View File

@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
* are met: * are met:
@@ -323,7 +325,7 @@ hx509_certs_end_seq(hx509_context context,
* @param certs certificate store to iterate over. * @param certs certificate store to iterate over.
* @param func function to call for each certificate. The function * @param func function to call for each certificate. The function
* should return non-zero to abort the iteration, that value is passed * should return non-zero to abort the iteration, that value is passed
* back to te caller of hx509_certs_iter(). * back to the caller of hx509_certs_iter_f().
* @param ctx context variable that will passed to the function. * @param ctx context variable that will passed to the function.
* *
* @return Returns an hx509 error code. * @return Returns an hx509 error code.
@@ -332,7 +334,7 @@ hx509_certs_end_seq(hx509_context context,
*/ */
int int
hx509_certs_iter(hx509_context context, hx509_certs_iter_f(hx509_context context,
hx509_certs certs, hx509_certs certs,
int (*func)(hx509_context, void *, hx509_cert), int (*func)(hx509_context, void *, hx509_cert),
void *ctx) void *ctx)
@@ -364,13 +366,46 @@ hx509_certs_iter(hx509_context context,
return ret; return ret;
} }
/** /**
* Function to use to hx509_certs_iter() as a function argument, the * Iterate over all certificates in a keystore and call an function
* ctx variable to hx509_certs_iter() should be a FILE file descriptor. * for each fo them.
* *
* @param context a hx509 context. * @param context a hx509 context.
* @param ctx used by hx509_certs_iter(). * @param certs certificate store to iterate over.
* @param func function to call for each certificate. The function
* should return non-zero to abort the iteration, that value is passed
* back to the caller of hx509_certs_iter().
*
* @return Returns an hx509 error code.
*
* @ingroup hx509_keyset
*/
#ifdef __BLOCKS__
static int
certs_iter(hx509_context context, void *ctx, hx509_cert cert)
{
int (^func)(hx509_cert) = ctx;
return func(cert);
}
int
hx509_certs_iter(hx509_context context,
hx509_certs certs,
int (^func)(hx509_cert))
{
return hx509_certs_iter_f(context, certs, certs_iter, func);
}
#endif
/**
* Function to use to hx509_certs_iter_f() as a function argument, the
* ctx variable to hx509_certs_iter_f() should be a FILE file descriptor.
*
* @param context a hx509 context.
* @param ctx used by hx509_certs_iter_f().
* @param c a certificate * @param c a certificate
* *
* @return Returns an hx509 error code. * @return Returns an hx509 error code.
@@ -587,7 +622,7 @@ hx509_certs_merge(hx509_context context, hx509_certs to, hx509_certs from)
{ {
if (from == NULL) if (from == NULL)
return 0; return 0;
return hx509_certs_iter(context, from, certs_merge_func, to); return hx509_certs_iter_f(context, from, certs_merge_func, to);
} }
/** /**

2
source4/heimdal/lib/hx509/ks_dir.c
View File

@@ -113,7 +113,7 @@ dir_iter_start(hx509_context context,
free(d); free(d);
return errno; return errno;
} }
rk_cloexec(dirfd(d->dir)); rk_cloexec_dir(d->dir);
d->certs = NULL; d->certs = NULL;
d->iter = NULL; d->iter = NULL;

2
source4/heimdal/lib/hx509/ks_file.c
View File

@@ -571,7 +571,7 @@ file_store(hx509_context context,
rk_cloexec_file(sc.f); rk_cloexec_file(sc.f);
sc.format = ksf->format; sc.format = ksf->format;
ret = hx509_certs_iter(context, ksf->certs, store_func, &sc); ret = hx509_certs_iter_f(context, ksf->certs, store_func, &sc);
fclose(sc.f); fclose(sc.f);
return ret; return ret;
} }

1
source4/heimdal/lib/hx509/ks_keychain.c
View File

@@ -43,6 +43,7 @@ OSStatus SecKeyGetCSPHandle(SecKeyRef, CSSM_CSP_HANDLE *);
OSStatus SecKeyGetCredentials(SecKeyRef, CSSM_ACL_AUTHORIZATION_TAG, OSStatus SecKeyGetCredentials(SecKeyRef, CSSM_ACL_AUTHORIZATION_TAG,
int, const CSSM_ACCESS_CREDENTIALS **); int, const CSSM_ACCESS_CREDENTIALS **);
#define kSecCredentialTypeDefault 0 #define kSecCredentialTypeDefault 0
#define CSSM_SIZE uint32_t
#endif #endif

2
source4/heimdal/lib/hx509/ks_p12.c
View File

@@ -571,7 +571,7 @@ p12_store(hx509_context context,
memset(&as, 0, sizeof(as)); memset(&as, 0, sizeof(as));
memset(&pfx, 0, sizeof(pfx)); memset(&pfx, 0, sizeof(pfx));
ret = hx509_certs_iter(context, p12->certs, store_func, &as); ret = hx509_certs_iter_f(context, p12->certs, store_func, &as);
if (ret) if (ret)
goto out; goto out;

3
source4/heimdal/lib/hx509/peer.c
View File

@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
* are met: * are met:
@@ -144,6 +146,7 @@ hx509_peer_info_add_cms_alg(hx509_context context,
hx509_set_error_string(context, 0, ENOMEM, "out of memory"); hx509_set_error_string(context, 0, ENOMEM, "out of memory");
return ENOMEM; return ENOMEM;
} }
peer->val = ptr;
ret = copy_AlgorithmIdentifier(val, &peer->val[peer->len]); ret = copy_AlgorithmIdentifier(val, &peer->val[peer->len]);
if (ret == 0) if (ret == 0)
peer->len += 1; peer->len += 1;

10
source4/heimdal/lib/hx509/revoke.c
View File

@@ -989,7 +989,7 @@ hx509_ocsp_request(hx509_context context,
ctx.digest = digest; ctx.digest = digest;
ctx.parent = NULL; ctx.parent = NULL;
ret = hx509_certs_iter(context, reqcerts, add_to_req, &ctx); ret = hx509_certs_iter_f(context, reqcerts, add_to_req, &ctx);
hx509_cert_free(ctx.parent); hx509_cert_free(ctx.parent);
if (ret) if (ret)
goto out; goto out;
@@ -1004,17 +1004,17 @@ hx509_ocsp_request(hx509_context context,
es = req.tbsRequest.requestExtensions; es = req.tbsRequest.requestExtensions;
es->val = calloc(1, sizeof(es->val[0])); es->val = calloc(es->len, sizeof(es->val[0]));
if (es->val == NULL) { if (es->val == NULL) {
ret = ENOMEM; ret = ENOMEM;
goto out; goto out;
} }
es->len = 1;
ret = der_copy_oid(&asn1_oid_id_pkix_ocsp_nonce, &es->val[0].extnID); ret = der_copy_oid(&asn1_oid_id_pkix_ocsp_nonce, &es->val[0].extnID);
if (ret) { if (ret) {
free_OCSPRequest(&req); free_OCSPRequest(&req);
return ret; return ret;
} }
es->len = 1;
es->val[0].extnValue.data = malloc(10); es->val[0].extnValue.data = malloc(10);
if (es->val[0].extnValue.data == NULL) { if (es->val[0].extnValue.data == NULL) {
@@ -1153,7 +1153,7 @@ hx509_revoke_ocsp_print(hx509_context context, const char *path, FILE *out)
fprintf(out, "appended certs:\n"); fprintf(out, "appended certs:\n");
if (ocsp.certs) if (ocsp.certs)
ret = hx509_certs_iter(context, ocsp.certs, hx509_ci_print_names, out); ret = hx509_certs_iter_f(context, ocsp.certs, hx509_ci_print_names, out);
free_ocsp(&ocsp); free_ocsp(&ocsp);
return ret; return ret;
@@ -1486,7 +1486,7 @@ hx509_crl_sign(hx509_context context,
} }
c.tbsCertList.crlExtensions = NULL; c.tbsCertList.crlExtensions = NULL;
ret = hx509_certs_iter(context, crl->revoked, add_revoked, &c.tbsCertList); ret = hx509_certs_iter_f(context, crl->revoked, add_revoked, &c.tbsCertList);
if (ret) if (ret)
goto out; goto out;

37
source4/heimdal/lib/krb5/acache.c
View File

@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
* are met: * are met:
@@ -37,8 +39,13 @@
#include <dlfcn.h> #include <dlfcn.h>
#endif #endif
#ifndef KCM_IS_API_CACHE
static HEIMDAL_MUTEX acc_mutex = HEIMDAL_MUTEX_INITIALIZER; static HEIMDAL_MUTEX acc_mutex = HEIMDAL_MUTEX_INITIALIZER;
static cc_initialize_func init_func; static cc_initialize_func init_func;
static void (*set_target_uid)(uid_t);
static void (*clear_target)(void);
#ifdef HAVE_DLOPEN #ifdef HAVE_DLOPEN
static void *cc_handle; static void *cc_handle;
#endif #endif
@@ -82,15 +89,17 @@ translate_cc_error(krb5_context context, cc_int32 error)
static krb5_error_code static krb5_error_code
init_ccapi(krb5_context context) init_ccapi(krb5_context context)
{ {
const char *lib; const char *lib = NULL;
HEIMDAL_MUTEX_lock(&acc_mutex); HEIMDAL_MUTEX_lock(&acc_mutex);
if (init_func) { if (init_func) {
HEIMDAL_MUTEX_unlock(&acc_mutex); HEIMDAL_MUTEX_unlock(&acc_mutex);
if (context)
krb5_clear_error_message(context); krb5_clear_error_message(context);
return 0; return 0;
} }
if (context)
lib = krb5_config_get_string(context, NULL, lib = krb5_config_get_string(context, NULL,
"libdefaults", "ccapi_library", "libdefaults", "ccapi_library",
NULL); NULL);
@@ -106,11 +115,15 @@ init_ccapi(krb5_context context)
#ifndef RTLD_LAZY #ifndef RTLD_LAZY
#define RTLD_LAZY 0 #define RTLD_LAZY 0
#endif
#ifndef RTLD_LOCAL
#define RTLD_LOCAL 0
#endif #endif
cc_handle = dlopen(lib, RTLD_LAZY); cc_handle = dlopen(lib, RTLD_LAZY|RTLD_LOCAL);
if (cc_handle == NULL) { if (cc_handle == NULL) {
HEIMDAL_MUTEX_unlock(&acc_mutex); HEIMDAL_MUTEX_unlock(&acc_mutex);
if (context)
krb5_set_error_message(context, KRB5_CC_NOSUPP, krb5_set_error_message(context, KRB5_CC_NOSUPP,
N_("Failed to load API cache module %s", "file"), N_("Failed to load API cache module %s", "file"),
lib); lib);
@@ -118,8 +131,11 @@ init_ccapi(krb5_context context)
} }
init_func = (cc_initialize_func)dlsym(cc_handle, "cc_initialize"); init_func = (cc_initialize_func)dlsym(cc_handle, "cc_initialize");
set_target_uid = dlsym(cc_handle, "krb5_ipc_client_set_target_uid");
clear_target = dlsym(cc_handle, "krb5_ipc_client_clear_target");
HEIMDAL_MUTEX_unlock(&acc_mutex); HEIMDAL_MUTEX_unlock(&acc_mutex);
if (init_func == NULL) { if (init_func == NULL) {
if (context)
krb5_set_error_message(context, KRB5_CC_NOSUPP, krb5_set_error_message(context, KRB5_CC_NOSUPP,
N_("Failed to find cc_initialize" N_("Failed to find cc_initialize"
"in %s: %s", "file, error"), lib, dlerror()); "in %s: %s", "file, error"), lib, dlerror());
@@ -130,12 +146,27 @@ init_ccapi(krb5_context context)
return 0; return 0;
#else #else
HEIMDAL_MUTEX_unlock(&acc_mutex); HEIMDAL_MUTEX_unlock(&acc_mutex);
if (context)
krb5_set_error_message(context, KRB5_CC_NOSUPP, krb5_set_error_message(context, KRB5_CC_NOSUPP,
N_("no support for shared object", "")); N_("no support for shared object", ""));
return KRB5_CC_NOSUPP; return KRB5_CC_NOSUPP;
#endif #endif
} }
void
_heim_krb5_ipc_client_set_target_uid(uid_t uid)
{
init_ccapi(NULL);
(*set_target_uid)(uid);
}
void
_heim_krb5_ipc_client_clear_target(void)
{
init_ccapi(NULL);
(*clear_target)();
}
static krb5_error_code static krb5_error_code
make_cred_from_ccred(krb5_context context, make_cred_from_ccred(krb5_context context,
const cc_credentials_v5_t *incred, const cc_credentials_v5_t *incred,
@@ -1068,3 +1099,5 @@ KRB5_LIB_VARIABLE const krb5_cc_ops krb5_acc_ops = {
acc_set_default, acc_set_default,
acc_lastchange acc_lastchange
}; };
#endif

2
source4/heimdal/lib/krb5/add_et_list.c
View File

@@ -47,7 +47,7 @@
* @ingroup krb5 * @ingroup krb5
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_add_et_list (krb5_context context, krb5_add_et_list (krb5_context context,
void (*func)(struct et_list **)) void (*func)(struct et_list **))
{ {

50
source4/heimdal/lib/krb5/addr_families.c
View File

@@ -175,16 +175,8 @@ ipv4_parse_addr (krb5_context context, const char *address, krb5_address *addr)
return -1; return -1;
} else } else
p = address; p = address;
#ifdef HAVE_INET_ATON
if(inet_aton(p, &a) == 0) if(inet_aton(p, &a) == 0)
return -1; return -1;
#elif defined(HAVE_INET_ADDR)
a.s_addr = inet_addr(p);
if(a.s_addr == INADDR_NONE)
return -1;
#else
return -1;
#endif
addr->addr_type = KRB5_ADDRESS_INET; addr->addr_type = KRB5_ADDRESS_INET;
if(krb5_data_alloc(&addr->address, 4) != 0) if(krb5_data_alloc(&addr->address, 4) != 0)
return -1; return -1;
@@ -339,9 +331,7 @@ static int
ipv6_print_addr (const krb5_address *addr, char *str, size_t len) ipv6_print_addr (const krb5_address *addr, char *str, size_t len)
{ {
char buf[128], buf2[3]; char buf[128], buf2[3];
#ifdef HAVE_INET_NTOP
if(inet_ntop(AF_INET6, addr->address.data, buf, sizeof(buf)) == NULL) if(inet_ntop(AF_INET6, addr->address.data, buf, sizeof(buf)) == NULL)
#endif
{ {
/* XXX this is pretty ugly, but better than abort() */ /* XXX this is pretty ugly, but better than abort() */
int i; int i;
@@ -790,7 +780,7 @@ find_atype(int atype)
* @ingroup krb5_address * @ingroup krb5_address
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_sockaddr2address (krb5_context context, krb5_sockaddr2address (krb5_context context,
const struct sockaddr *sa, krb5_address *addr) const struct sockaddr *sa, krb5_address *addr)
{ {
@@ -818,7 +808,7 @@ krb5_sockaddr2address (krb5_context context,
* @ingroup krb5_address * @ingroup krb5_address
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_sockaddr2port (krb5_context context, krb5_sockaddr2port (krb5_context context,
const struct sockaddr *sa, int16_t *port) const struct sockaddr *sa, int16_t *port)
{ {
@@ -853,7 +843,7 @@ krb5_sockaddr2port (krb5_context context,
* @ingroup krb5_address * @ingroup krb5_address
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_addr2sockaddr (krb5_context context, krb5_addr2sockaddr (krb5_context context,
const krb5_address *addr, const krb5_address *addr,
struct sockaddr *sa, struct sockaddr *sa,
@@ -889,7 +879,7 @@ krb5_addr2sockaddr (krb5_context context,
* @ingroup krb5_address * @ingroup krb5_address
*/ */
size_t KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION size_t KRB5_LIB_CALL
krb5_max_sockaddr_size (void) krb5_max_sockaddr_size (void)
{ {
if (max_sockaddr_size == 0) { if (max_sockaddr_size == 0) {
@@ -913,7 +903,7 @@ krb5_max_sockaddr_size (void)
* @ingroup krb5_address * @ingroup krb5_address
*/ */
krb5_boolean KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_sockaddr_uninteresting(const struct sockaddr *sa) krb5_sockaddr_uninteresting(const struct sockaddr *sa)
{ {
struct addr_operations *a = find_af(sa->sa_family); struct addr_operations *a = find_af(sa->sa_family);
@@ -941,7 +931,7 @@ krb5_sockaddr_uninteresting(const struct sockaddr *sa)
* @ingroup krb5_address * @ingroup krb5_address
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_h_addr2sockaddr (krb5_context context, krb5_h_addr2sockaddr (krb5_context context,
int af, int af,
const char *addr, struct sockaddr *sa, const char *addr, struct sockaddr *sa,
@@ -972,7 +962,7 @@ krb5_h_addr2sockaddr (krb5_context context,
* @ingroup krb5_address * @ingroup krb5_address
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_h_addr2addr (krb5_context context, krb5_h_addr2addr (krb5_context context,
int af, int af,
const char *haddr, krb5_address *addr) const char *haddr, krb5_address *addr)
@@ -1003,7 +993,7 @@ krb5_h_addr2addr (krb5_context context,
* @ingroup krb5_address * @ingroup krb5_address
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_anyaddr (krb5_context context, krb5_anyaddr (krb5_context context,
int af, int af,
struct sockaddr *sa, struct sockaddr *sa,
@@ -1038,7 +1028,7 @@ krb5_anyaddr (krb5_context context,
* @ingroup krb5_address * @ingroup krb5_address
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_print_address (const krb5_address *addr, krb5_print_address (const krb5_address *addr,
char *str, size_t len, size_t *ret_len) char *str, size_t len, size_t *ret_len)
{ {
@@ -1088,7 +1078,7 @@ krb5_print_address (const krb5_address *addr,
* @ingroup krb5_address * @ingroup krb5_address
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_parse_address(krb5_context context, krb5_parse_address(krb5_context context,
const char *string, const char *string,
krb5_addresses *addresses) krb5_addresses *addresses)
@@ -1169,7 +1159,7 @@ krb5_parse_address(krb5_context context,
* @ingroup krb5_address * @ingroup krb5_address
*/ */
int KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_address_order(krb5_context context, krb5_address_order(krb5_context context,
const krb5_address *addr1, const krb5_address *addr1,
const krb5_address *addr2) const krb5_address *addr2)
@@ -1218,7 +1208,7 @@ krb5_address_order(krb5_context context,
* @ingroup krb5_address * @ingroup krb5_address
*/ */
krb5_boolean KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_address_compare(krb5_context context, krb5_address_compare(krb5_context context,
const krb5_address *addr1, const krb5_address *addr1,
const krb5_address *addr2) const krb5_address *addr2)
@@ -1239,7 +1229,7 @@ krb5_address_compare(krb5_context context,
* @ingroup krb5_address * @ingroup krb5_address
*/ */
krb5_boolean KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_address_search(krb5_context context, krb5_address_search(krb5_context context,
const krb5_address *addr, const krb5_address *addr,
const krb5_addresses *addrlist) const krb5_addresses *addrlist)
@@ -1264,7 +1254,7 @@ krb5_address_search(krb5_context context,
* @ingroup krb5_address * @ingroup krb5_address
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_free_address(krb5_context context, krb5_free_address(krb5_context context,
krb5_address *address) krb5_address *address)
{ {
@@ -1288,7 +1278,7 @@ krb5_free_address(krb5_context context,
* @ingroup krb5_address * @ingroup krb5_address
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_free_addresses(krb5_context context, krb5_free_addresses(krb5_context context,
krb5_addresses *addresses) krb5_addresses *addresses)
{ {
@@ -1314,7 +1304,7 @@ krb5_free_addresses(krb5_context context,
* @ingroup krb5_address * @ingroup krb5_address
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_copy_address(krb5_context context, krb5_copy_address(krb5_context context,
const krb5_address *inaddr, const krb5_address *inaddr,
krb5_address *outaddr) krb5_address *outaddr)
@@ -1338,7 +1328,7 @@ krb5_copy_address(krb5_context context,
* @ingroup krb5_address * @ingroup krb5_address
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_copy_addresses(krb5_context context, krb5_copy_addresses(krb5_context context,
const krb5_addresses *inaddr, const krb5_addresses *inaddr,
krb5_addresses *outaddr) krb5_addresses *outaddr)
@@ -1365,7 +1355,7 @@ krb5_copy_addresses(krb5_context context,
* @ingroup krb5_address * @ingroup krb5_address
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_append_addresses(krb5_context context, krb5_append_addresses(krb5_context context,
krb5_addresses *dest, krb5_addresses *dest,
const krb5_addresses *source) const krb5_addresses *source)
@@ -1409,7 +1399,7 @@ krb5_append_addresses(krb5_context context,
* @ingroup krb5_address * @ingroup krb5_address
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_make_addrport (krb5_context context, krb5_make_addrport (krb5_context context,
krb5_address **res, const krb5_address *addr, int16_t port) krb5_address **res, const krb5_address *addr, int16_t port)
{ {
@@ -1476,7 +1466,7 @@ krb5_make_addrport (krb5_context context,
* @ingroup krb5_address * @ingroup krb5_address
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_address_prefixlen_boundary(krb5_context context, krb5_address_prefixlen_boundary(krb5_context context,
const krb5_address *inaddr, const krb5_address *inaddr,
unsigned long prefixlen, unsigned long prefixlen,

6
source4/heimdal/lib/krb5/appdefault.c
View File

@@ -33,7 +33,7 @@
#include "krb5_locl.h" #include "krb5_locl.h"
void KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_appdefault_boolean(krb5_context context, const char *appname, krb5_appdefault_boolean(krb5_context context, const char *appname,
krb5_const_realm realm, const char *option, krb5_const_realm realm, const char *option,
krb5_boolean def_val, krb5_boolean *ret_val) krb5_boolean def_val, krb5_boolean *ret_val)
@@ -75,7 +75,7 @@ krb5_appdefault_boolean(krb5_context context, const char *appname,
*ret_val = def_val; *ret_val = def_val;
} }
void KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_appdefault_string(krb5_context context, const char *appname, krb5_appdefault_string(krb5_context context, const char *appname,
krb5_const_realm realm, const char *option, krb5_const_realm realm, const char *option,
const char *def_val, char **ret_val) const char *def_val, char **ret_val)
@@ -119,7 +119,7 @@ krb5_appdefault_string(krb5_context context, const char *appname,
*ret_val = NULL; *ret_val = NULL;
} }
void KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_appdefault_time(krb5_context context, const char *appname, krb5_appdefault_time(krb5_context context, const char *appname,
krb5_const_realm realm, const char *option, krb5_const_realm realm, const char *option,
time_t def_val, time_t *ret_val) time_t def_val, time_t *ret_val)

4
source4/heimdal/lib/krb5/asn1_glue.c
View File

@@ -37,14 +37,14 @@
#include "krb5_locl.h" #include "krb5_locl.h"
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_principal2principalname (PrincipalName *p, _krb5_principal2principalname (PrincipalName *p,
const krb5_principal from) const krb5_principal from)
{ {
return copy_PrincipalName(&from->name, p); return copy_PrincipalName(&from->name, p);
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_principalname2krb5_principal (krb5_context context, _krb5_principalname2krb5_principal (krb5_context context,
krb5_principal *principal, krb5_principal *principal,
const PrincipalName from, const PrincipalName from,

86
source4/heimdal/lib/krb5/auth_context.c
View File

@@ -33,7 +33,7 @@
#include "krb5_locl.h" #include "krb5_locl.h"
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_init(krb5_context context, krb5_auth_con_init(krb5_context context,
krb5_auth_context *auth_context) krb5_auth_context *auth_context)
{ {
@@ -64,7 +64,7 @@ krb5_auth_con_init(krb5_context context,
return 0; return 0;
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_free(krb5_context context, krb5_auth_con_free(krb5_context context,
krb5_auth_context auth_context) krb5_auth_context auth_context)
{ {
@@ -86,7 +86,7 @@ krb5_auth_con_free(krb5_context context,
return 0; return 0;
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setflags(krb5_context context, krb5_auth_con_setflags(krb5_context context,
krb5_auth_context auth_context, krb5_auth_context auth_context,
int32_t flags) int32_t flags)
@@ -96,7 +96,7 @@ krb5_auth_con_setflags(krb5_context context,
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_getflags(krb5_context context, krb5_auth_con_getflags(krb5_context context,
krb5_auth_context auth_context, krb5_auth_context auth_context,
int32_t *flags) int32_t *flags)
@@ -105,7 +105,7 @@ krb5_auth_con_getflags(krb5_context context,
return 0; return 0;
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_addflags(krb5_context context, krb5_auth_con_addflags(krb5_context context,
krb5_auth_context auth_context, krb5_auth_context auth_context,
int32_t addflags, int32_t addflags,
@@ -117,7 +117,7 @@ krb5_auth_con_addflags(krb5_context context,
return 0; return 0;
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_removeflags(krb5_context context, krb5_auth_con_removeflags(krb5_context context,
krb5_auth_context auth_context, krb5_auth_context auth_context,
int32_t removeflags, int32_t removeflags,
@@ -129,7 +129,7 @@ krb5_auth_con_removeflags(krb5_context context,
return 0; return 0;
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setaddrs(krb5_context context, krb5_auth_con_setaddrs(krb5_context context,
krb5_auth_context auth_context, krb5_auth_context auth_context,
krb5_address *local_addr, krb5_address *local_addr,
@@ -154,10 +154,10 @@ krb5_auth_con_setaddrs(krb5_context context,
return 0; return 0;
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_genaddrs(krb5_context context, krb5_auth_con_genaddrs(krb5_context context,
krb5_auth_context auth_context, krb5_auth_context auth_context,
int fd, int flags) krb5_socket_t fd, int flags)
{ {
krb5_error_code ret; krb5_error_code ret;
krb5_address local_k_address, remote_k_address; krb5_address local_k_address, remote_k_address;
@@ -170,10 +170,10 @@ krb5_auth_con_genaddrs(krb5_context context,
if(flags & KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR) { if(flags & KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR) {
if (auth_context->local_address == NULL) { if (auth_context->local_address == NULL) {
len = sizeof(ss_local); len = sizeof(ss_local);
if(getsockname(fd, local, &len) < 0) { if(rk_IS_SOCKET_ERROR(getsockname(fd, local, &len))) {
char buf[128]; char buf[128];
ret = errno; ret = rk_SOCK_ERRNO;
strerror_r(ret, buf, sizeof(buf)); rk_strerror_r(ret, buf, sizeof(buf));
krb5_set_error_message(context, ret, "getsockname: %s", buf); krb5_set_error_message(context, ret, "getsockname: %s", buf);
goto out; goto out;
} }
@@ -188,10 +188,10 @@ krb5_auth_con_genaddrs(krb5_context context,
} }
if(flags & KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR) { if(flags & KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR) {
len = sizeof(ss_remote); len = sizeof(ss_remote);
if(getpeername(fd, remote, &len) < 0) { if(rk_IS_SOCKET_ERROR(getpeername(fd, remote, &len))) {
char buf[128]; char buf[128];
ret = errno; ret = rk_SOCK_ERRNO;
strerror_r(ret, buf, sizeof(buf)); rk_strerror_r(ret, buf, sizeof(buf));
krb5_set_error_message(context, ret, "getpeername: %s", buf); krb5_set_error_message(context, ret, "getpeername: %s", buf);
goto out; goto out;
} }
@@ -216,12 +216,12 @@ krb5_auth_con_genaddrs(krb5_context context,
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setaddrs_from_fd (krb5_context context, krb5_auth_con_setaddrs_from_fd (krb5_context context,
krb5_auth_context auth_context, krb5_auth_context auth_context,
void *p_fd) void *p_fd)
{ {
int fd = *(int*)p_fd; krb5_socket_t fd = *(krb5_socket_t *)p_fd;
int flags = 0; int flags = 0;
if(auth_context->local_address == NULL) if(auth_context->local_address == NULL)
flags |= KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR; flags |= KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR;
@@ -230,7 +230,7 @@ krb5_auth_con_setaddrs_from_fd (krb5_context context,
return krb5_auth_con_genaddrs(context, auth_context, fd, flags); return krb5_auth_con_genaddrs(context, auth_context, fd, flags);
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_getaddrs(krb5_context context, krb5_auth_con_getaddrs(krb5_context context,
krb5_auth_context auth_context, krb5_auth_context auth_context,
krb5_address **local_addr, krb5_address **local_addr,
@@ -273,7 +273,7 @@ copy_key(krb5_context context,
return 0; return 0;
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_getkey(krb5_context context, krb5_auth_con_getkey(krb5_context context,
krb5_auth_context auth_context, krb5_auth_context auth_context,
krb5_keyblock **keyblock) krb5_keyblock **keyblock)
@@ -281,7 +281,7 @@ krb5_auth_con_getkey(krb5_context context,
return copy_key(context, auth_context->keyblock, keyblock); return copy_key(context, auth_context->keyblock, keyblock);
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_getlocalsubkey(krb5_context context, krb5_auth_con_getlocalsubkey(krb5_context context,
krb5_auth_context auth_context, krb5_auth_context auth_context,
krb5_keyblock **keyblock) krb5_keyblock **keyblock)
@@ -289,7 +289,7 @@ krb5_auth_con_getlocalsubkey(krb5_context context,
return copy_key(context, auth_context->local_subkey, keyblock); return copy_key(context, auth_context->local_subkey, keyblock);
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_getremotesubkey(krb5_context context, krb5_auth_con_getremotesubkey(krb5_context context,
krb5_auth_context auth_context, krb5_auth_context auth_context,
krb5_keyblock **keyblock) krb5_keyblock **keyblock)
@@ -297,7 +297,7 @@ krb5_auth_con_getremotesubkey(krb5_context context,
return copy_key(context, auth_context->remote_subkey, keyblock); return copy_key(context, auth_context->remote_subkey, keyblock);
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setkey(krb5_context context, krb5_auth_con_setkey(krb5_context context,
krb5_auth_context auth_context, krb5_auth_context auth_context,
krb5_keyblock *keyblock) krb5_keyblock *keyblock)
@@ -307,7 +307,7 @@ krb5_auth_con_setkey(krb5_context context,
return copy_key(context, keyblock, &auth_context->keyblock); return copy_key(context, keyblock, &auth_context->keyblock);
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setlocalsubkey(krb5_context context, krb5_auth_con_setlocalsubkey(krb5_context context,
krb5_auth_context auth_context, krb5_auth_context auth_context,
krb5_keyblock *keyblock) krb5_keyblock *keyblock)
@@ -317,7 +317,7 @@ krb5_auth_con_setlocalsubkey(krb5_context context,
return copy_key(context, keyblock, &auth_context->local_subkey); return copy_key(context, keyblock, &auth_context->local_subkey);
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_generatelocalsubkey(krb5_context context, krb5_auth_con_generatelocalsubkey(krb5_context context,
krb5_auth_context auth_context, krb5_auth_context auth_context,
krb5_keyblock *key) krb5_keyblock *key)
@@ -337,7 +337,7 @@ krb5_auth_con_generatelocalsubkey(krb5_context context,
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setremotesubkey(krb5_context context, krb5_auth_con_setremotesubkey(krb5_context context,
krb5_auth_context auth_context, krb5_auth_context auth_context,
krb5_keyblock *keyblock) krb5_keyblock *keyblock)
@@ -347,7 +347,7 @@ krb5_auth_con_setremotesubkey(krb5_context context,
return copy_key(context, keyblock, &auth_context->remote_subkey); return copy_key(context, keyblock, &auth_context->remote_subkey);
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setcksumtype(krb5_context context, krb5_auth_con_setcksumtype(krb5_context context,
krb5_auth_context auth_context, krb5_auth_context auth_context,
krb5_cksumtype cksumtype) krb5_cksumtype cksumtype)
@@ -356,7 +356,7 @@ krb5_auth_con_setcksumtype(krb5_context context,
return 0; return 0;
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_getcksumtype(krb5_context context, krb5_auth_con_getcksumtype(krb5_context context,
krb5_auth_context auth_context, krb5_auth_context auth_context,
krb5_cksumtype *cksumtype) krb5_cksumtype *cksumtype)
@@ -365,7 +365,7 @@ krb5_auth_con_getcksumtype(krb5_context context,
return 0; return 0;
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setkeytype (krb5_context context, krb5_auth_con_setkeytype (krb5_context context,
krb5_auth_context auth_context, krb5_auth_context auth_context,
krb5_keytype keytype) krb5_keytype keytype)
@@ -374,7 +374,7 @@ krb5_auth_con_setkeytype (krb5_context context,
return 0; return 0;
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_getkeytype (krb5_context context, krb5_auth_con_getkeytype (krb5_context context,
krb5_auth_context auth_context, krb5_auth_context auth_context,
krb5_keytype *keytype) krb5_keytype *keytype)
@@ -384,7 +384,7 @@ krb5_auth_con_getkeytype (krb5_context context,
} }
#if 0 #if 0
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setenctype(krb5_context context, krb5_auth_con_setenctype(krb5_context context,
krb5_auth_context auth_context, krb5_auth_context auth_context,
krb5_enctype etype) krb5_enctype etype)
@@ -398,7 +398,7 @@ krb5_auth_con_setenctype(krb5_context context,
return 0; return 0;
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_getenctype(krb5_context context, krb5_auth_con_getenctype(krb5_context context,
krb5_auth_context auth_context, krb5_auth_context auth_context,
krb5_enctype *etype) krb5_enctype *etype)
@@ -407,7 +407,7 @@ krb5_auth_con_getenctype(krb5_context context,
} }
#endif #endif
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_getlocalseqnumber(krb5_context context, krb5_auth_con_getlocalseqnumber(krb5_context context,
krb5_auth_context auth_context, krb5_auth_context auth_context,
int32_t *seqnumber) int32_t *seqnumber)
@@ -416,7 +416,7 @@ krb5_auth_con_getlocalseqnumber(krb5_context context,
return 0; return 0;
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setlocalseqnumber (krb5_context context, krb5_auth_con_setlocalseqnumber (krb5_context context,
krb5_auth_context auth_context, krb5_auth_context auth_context,
int32_t seqnumber) int32_t seqnumber)
@@ -425,8 +425,8 @@ krb5_auth_con_setlocalseqnumber (krb5_context context,
return 0; return 0;
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_getremoteseqnumber(krb5_context context, krb5_auth_con_getremoteseqnumber(krb5_context context,
krb5_auth_context auth_context, krb5_auth_context auth_context,
int32_t *seqnumber) int32_t *seqnumber)
{ {
@@ -434,7 +434,7 @@ krb5_auth_getremoteseqnumber(krb5_context context,
return 0; return 0;
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setremoteseqnumber (krb5_context context, krb5_auth_con_setremoteseqnumber (krb5_context context,
krb5_auth_context auth_context, krb5_auth_context auth_context,
int32_t seqnumber) int32_t seqnumber)
@@ -444,7 +444,7 @@ krb5_auth_con_setremoteseqnumber (krb5_context context,
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_getauthenticator(krb5_context context, krb5_auth_con_getauthenticator(krb5_context context,
krb5_auth_context auth_context, krb5_auth_context auth_context,
krb5_authenticator *authenticator) krb5_authenticator *authenticator)
@@ -461,7 +461,7 @@ krb5_auth_con_getauthenticator(krb5_context context,
} }
void KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_free_authenticator(krb5_context context, krb5_free_authenticator(krb5_context context,
krb5_authenticator *authenticator) krb5_authenticator *authenticator)
{ {
@@ -471,7 +471,7 @@ krb5_free_authenticator(krb5_context context,
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setuserkey(krb5_context context, krb5_auth_con_setuserkey(krb5_context context,
krb5_auth_context auth_context, krb5_auth_context auth_context,
krb5_keyblock *keyblock) krb5_keyblock *keyblock)
@@ -481,7 +481,7 @@ krb5_auth_con_setuserkey(krb5_context context,
return krb5_copy_keyblock(context, keyblock, &auth_context->keyblock); return krb5_copy_keyblock(context, keyblock, &auth_context->keyblock);
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_getrcache(krb5_context context, krb5_auth_con_getrcache(krb5_context context,
krb5_auth_context auth_context, krb5_auth_context auth_context,
krb5_rcache *rcache) krb5_rcache *rcache)
@@ -490,7 +490,7 @@ krb5_auth_con_getrcache(krb5_context context,
return 0; return 0;
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setrcache(krb5_context context, krb5_auth_con_setrcache(krb5_context context,
krb5_auth_context auth_context, krb5_auth_context auth_context,
krb5_rcache rcache) krb5_rcache rcache)
@@ -501,7 +501,7 @@ krb5_auth_con_setrcache(krb5_context context,
#if 0 /* not implemented */ #if 0 /* not implemented */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_initivector(krb5_context context, krb5_auth_con_initivector(krb5_context context,
krb5_auth_context auth_context) krb5_auth_context auth_context)
{ {
@@ -509,7 +509,7 @@ krb5_auth_con_initivector(krb5_context context,
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_auth_con_setivector(krb5_context context, krb5_auth_con_setivector(krb5_context context,
krb5_auth_context auth_context, krb5_auth_context auth_context,
krb5_pointer ivector) krb5_pointer ivector)

4
source4/heimdal/lib/krb5/build_ap_req.c
View File

@@ -31,9 +31,9 @@
* SUCH DAMAGE. * SUCH DAMAGE.
*/ */
#include <krb5_locl.h> #include "krb5_locl.h"
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_build_ap_req (krb5_context context, krb5_build_ap_req (krb5_context context,
krb5_enctype enctype, krb5_enctype enctype,
krb5_creds *cred, krb5_creds *cred,

6
source4/heimdal/lib/krb5/build_auth.c
View File

@@ -31,7 +31,7 @@
* SUCH DAMAGE. * SUCH DAMAGE.
*/ */
#include <krb5_locl.h> #include "krb5_locl.h"
static krb5_error_code static krb5_error_code
make_etypelist(krb5_context context, make_etypelist(krb5_context context,
@@ -99,8 +99,8 @@ make_etypelist(krb5_context context,
return 0; return 0;
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_build_authenticator(krb5_context context, _krb5_build_authenticator (krb5_context context,
krb5_auth_context auth_context, krb5_auth_context auth_context,
krb5_enctype enctype, krb5_enctype enctype,
krb5_creds *cred, krb5_creds *cred,

220
source4/heimdal/lib/krb5/cache.c
View File

@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
* are met: * are met:
@@ -112,7 +114,7 @@ main (int argc, char **argv)
* @ingroup krb5_ccache * @ingroup krb5_ccache
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_register(krb5_context context, krb5_cc_register(krb5_context context,
const krb5_cc_ops *ops, const krb5_cc_ops *ops,
krb5_boolean override) krb5_boolean override)
@@ -184,13 +186,34 @@ allocate_ccache (krb5_context context,
krb5_ccache *id) krb5_ccache *id)
{ {
krb5_error_code ret; krb5_error_code ret;
#ifdef KRB5_USE_PATH_TOKENS
char * exp_residual = NULL;
ret = _krb5_cc_allocate(context, ops, id); ret = _krb5_expand_path_tokens(context, residual, &exp_residual);
if (ret) if (ret)
return ret; return ret;
residual = exp_residual;
#endif
ret = _krb5_cc_allocate(context, ops, id);
if (ret) {
#ifdef KRB5_USE_PATH_TOKENS
if (exp_residual)
free(exp_residual);
#endif
return ret;
}
ret = (*id)->ops->resolve(context, id, residual); ret = (*id)->ops->resolve(context, id, residual);
if(ret) if(ret)
free(*id); free(*id);
#ifdef KRB5_USE_PATH_TOKENS
if (exp_residual)
free(exp_residual);
#endif
return ret; return ret;
} }
@@ -209,7 +232,7 @@ allocate_ccache (krb5_context context,
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_resolve(krb5_context context, krb5_cc_resolve(krb5_context context,
const char *name, const char *name,
krb5_ccache *id) krb5_ccache *id)
@@ -249,7 +272,7 @@ krb5_cc_resolve(krb5_context context,
* @ingroup krb5_ccache * @ingroup krb5_ccache
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_new_unique(krb5_context context, const char *type, krb5_cc_new_unique(krb5_context context, const char *type,
const char *hint, krb5_ccache *id) const char *hint, krb5_ccache *id)
{ {
@@ -281,7 +304,7 @@ krb5_cc_new_unique(krb5_context context, const char *type,
*/ */
const char* KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_cc_get_name(krb5_context context, krb5_cc_get_name(krb5_context context,
krb5_ccache id) krb5_ccache id)
{ {
@@ -295,7 +318,7 @@ krb5_cc_get_name(krb5_context context,
*/ */
const char* KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_cc_get_type(krb5_context context, krb5_cc_get_type(krb5_context context,
krb5_ccache id) krb5_ccache id)
{ {
@@ -303,15 +326,19 @@ krb5_cc_get_type(krb5_context context,
} }
/** /**
* Return the complete resolvable name the ccache `id' in `str´. * Return the complete resolvable name the cache
* `str` should be freed with free(3).
* Returns 0 or an error (and then *str is set to NULL). * @param context a Keberos context
* @param id return pointer to a found credential cache
* @param str the returned name of a credential cache, free with krb5_xfree()
*
* @return Returns 0 or an error (and then *str is set to NULL).
* *
* @ingroup krb5_ccache * @ingroup krb5_ccache
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_get_full_name(krb5_context context, krb5_cc_get_full_name(krb5_context context,
krb5_ccache id, krb5_ccache id,
char **str) char **str)
@@ -362,6 +389,7 @@ krb5_cc_get_ops(krb5_context context, krb5_ccache id)
krb5_error_code krb5_error_code
_krb5_expand_default_cc_name(krb5_context context, const char *str, char **res) _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
{ {
#ifndef KRB5_USE_PATH_TOKENS
size_t tlen, len = 0; size_t tlen, len = 0;
char *tmp, *tmp2, *append; char *tmp, *tmp2, *append;
@@ -379,6 +407,7 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
} else if (tmp) { } else if (tmp) {
tmp2 = strchr(tmp, '}'); tmp2 = strchr(tmp, '}');
if (tmp2 == NULL) { if (tmp2 == NULL) {
if (*res)
free(*res); free(*res);
*res = NULL; *res = NULL;
krb5_set_error_message(context, KRB5_CONFIG_BADFORMAT, krb5_set_error_message(context, KRB5_CONFIG_BADFORMAT,
@@ -390,6 +419,7 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
else if (strncasecmp(tmp, "%{null}", 7) == 0) else if (strncasecmp(tmp, "%{null}", 7) == 0)
append = strdup(""); append = strdup("");
else { else {
if (*res)
free(*res); free(*res);
*res = NULL; *res = NULL;
krb5_set_error_message(context, krb5_set_error_message(context,
@@ -405,6 +435,7 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
str = NULL; str = NULL;
} }
if (append == NULL) { if (append == NULL) {
if (*res)
free(*res); free(*res);
*res = NULL; *res = NULL;
krb5_set_error_message(context, ENOMEM, krb5_set_error_message(context, ENOMEM,
@@ -416,6 +447,7 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
tmp = realloc(*res, len + tlen + 1); tmp = realloc(*res, len + tlen + 1);
if (tmp == NULL) { if (tmp == NULL) {
free(append); free(append);
if (*res)
free(*res); free(*res);
*res = NULL; *res = NULL;
krb5_set_error_message(context, ENOMEM, krb5_set_error_message(context, ENOMEM,
@@ -428,6 +460,13 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
free(append); free(append);
} }
return 0; return 0;
#else /* _WIN32 */
/* On Windows, we use the more generic _krb5_expand_path_tokens()
function which also handles path tokens in addition to %{uid}
and %{null} */
return _krb5_expand_path_tokens(context, str, res);
#endif
} }
/* /*
@@ -444,6 +483,12 @@ environment_changed(krb5_context context)
if (context->default_cc_name_set) if (context->default_cc_name_set)
return 0; return 0;
/* XXX performance: always ask KCM/API if default name has changed */
if (context->default_cc_name &&
(strncmp(context->default_cc_name, "KCM:", 4) == 0 ||
strncmp(context->default_cc_name, "API:", 4) == 0))
return 1;
if(issuid()) if(issuid())
return 0; return 0;
@@ -472,7 +517,7 @@ environment_changed(krb5_context context)
* @ingroup krb5_ccache * @ingroup krb5_ccache
*/ */
krb5_error_code krb5_error_code KRB5_LIB_FUNCTION
krb5_cc_switch(krb5_context context, krb5_ccache id) krb5_cc_switch(krb5_context context, krb5_ccache id)
{ {
@@ -482,13 +527,30 @@ krb5_cc_switch(krb5_context context, krb5_ccache id)
return (*id->ops->set_default)(context, id); return (*id->ops->set_default)(context, id);
} }
/**
* Return true if the default credential cache support switch
*
* @ingroup krb5_ccache
*/
krb5_boolean KRB5_LIB_FUNCTION
krb5_cc_support_switch(krb5_context context, const char *type)
{
const krb5_cc_ops *ops;
ops = krb5_cc_get_prefix_ops(context, type);
if (ops && ops->set_default)
return 1;
return FALSE;
}
/** /**
* Set the default cc name for `context' to `name'. * Set the default cc name for `context' to `name'.
* *
* @ingroup krb5_ccache * @ingroup krb5_ccache
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_set_default_name(krb5_context context, const char *name) krb5_cc_set_default_name(krb5_context context, const char *name)
{ {
krb5_error_code ret = 0; krb5_error_code ret = 0;
@@ -544,6 +606,20 @@ krb5_cc_set_default_name(krb5_context context, const char *name)
return ENOMEM; return ENOMEM;
} }
#ifdef KRB5_USE_PATH_TOKENS
{
char * exp_p = NULL;
if (_krb5_expand_path_tokens(context, p, &exp_p) == 0) {
free (p);
p = exp_p;
} else {
free (p);
return EINVAL;
}
}
#endif
if (context->default_cc_name) if (context->default_cc_name)
free(context->default_cc_name); free(context->default_cc_name);
@@ -562,7 +638,7 @@ krb5_cc_set_default_name(krb5_context context, const char *name)
*/ */
const char* KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_cc_default_name(krb5_context context) krb5_cc_default_name(krb5_context context)
{ {
if (context->default_cc_name == NULL || environment_changed(context)) if (context->default_cc_name == NULL || environment_changed(context))
@@ -580,7 +656,7 @@ krb5_cc_default_name(krb5_context context)
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_default(krb5_context context, krb5_cc_default(krb5_context context,
krb5_ccache *id) krb5_ccache *id)
{ {
@@ -602,7 +678,7 @@ krb5_cc_default(krb5_context context,
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_initialize(krb5_context context, krb5_cc_initialize(krb5_context context,
krb5_ccache id, krb5_ccache id,
krb5_principal primary_principal) krb5_principal primary_principal)
@@ -620,7 +696,7 @@ krb5_cc_initialize(krb5_context context,
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_destroy(krb5_context context, krb5_cc_destroy(krb5_context context,
krb5_ccache id) krb5_ccache id)
{ {
@@ -640,7 +716,7 @@ krb5_cc_destroy(krb5_context context,
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_close(krb5_context context, krb5_cc_close(krb5_context context,
krb5_ccache id) krb5_ccache id)
{ {
@@ -659,7 +735,7 @@ krb5_cc_close(krb5_context context,
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_store_cred(krb5_context context, krb5_cc_store_cred(krb5_context context,
krb5_ccache id, krb5_ccache id,
krb5_creds *creds) krb5_creds *creds)
@@ -685,7 +761,7 @@ krb5_cc_store_cred(krb5_context context,
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_retrieve_cred(krb5_context context, krb5_cc_retrieve_cred(krb5_context context,
krb5_ccache id, krb5_ccache id,
krb5_flags whichfields, krb5_flags whichfields,
@@ -723,7 +799,7 @@ krb5_cc_retrieve_cred(krb5_context context,
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_get_principal(krb5_context context, krb5_cc_get_principal(krb5_context context,
krb5_ccache id, krb5_ccache id,
krb5_principal *principal) krb5_principal *principal)
@@ -741,7 +817,7 @@ krb5_cc_get_principal(krb5_context context,
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_start_seq_get (krb5_context context, krb5_cc_start_seq_get (krb5_context context,
const krb5_ccache id, const krb5_ccache id,
krb5_cc_cursor *cursor) krb5_cc_cursor *cursor)
@@ -759,7 +835,7 @@ krb5_cc_start_seq_get (krb5_context context,
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_next_cred (krb5_context context, krb5_cc_next_cred (krb5_context context,
const krb5_ccache id, const krb5_ccache id,
krb5_cc_cursor *cursor, krb5_cc_cursor *cursor,
@@ -775,7 +851,7 @@ krb5_cc_next_cred (krb5_context context,
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_end_seq_get (krb5_context context, krb5_cc_end_seq_get (krb5_context context,
const krb5_ccache id, const krb5_ccache id,
krb5_cc_cursor *cursor) krb5_cc_cursor *cursor)
@@ -790,7 +866,7 @@ krb5_cc_end_seq_get (krb5_context context,
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_remove_cred(krb5_context context, krb5_cc_remove_cred(krb5_context context,
krb5_ccache id, krb5_ccache id,
krb5_flags which, krb5_flags which,
@@ -813,7 +889,7 @@ krb5_cc_remove_cred(krb5_context context,
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_set_flags(krb5_context context, krb5_cc_set_flags(krb5_context context,
krb5_ccache id, krb5_ccache id,
krb5_flags flags) krb5_flags flags)
@@ -827,7 +903,7 @@ krb5_cc_set_flags(krb5_context context,
* @ingroup krb5_ccache * @ingroup krb5_ccache
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_get_flags(krb5_context context, krb5_cc_get_flags(krb5_context context,
krb5_ccache id, krb5_ccache id,
krb5_flags *flags) krb5_flags *flags)
@@ -852,7 +928,7 @@ krb5_cc_get_flags(krb5_context context,
* @ingroup krb5_ccache * @ingroup krb5_ccache
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_copy_match_f(krb5_context context, krb5_cc_copy_match_f(krb5_context context,
const krb5_ccache from, const krb5_ccache from,
krb5_ccache to, krb5_ccache to,
@@ -905,7 +981,7 @@ krb5_cc_copy_match_f(krb5_context context,
* @ingroup @krb5_ccache * @ingroup @krb5_ccache
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_copy_cache(krb5_context context, krb5_cc_copy_cache(krb5_context context,
const krb5_ccache from, const krb5_ccache from,
krb5_ccache to) krb5_ccache to)
@@ -920,7 +996,7 @@ krb5_cc_copy_cache(krb5_context context,
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_get_version(krb5_context context, krb5_cc_get_version(krb5_context context,
const krb5_ccache id) const krb5_ccache id)
{ {
@@ -937,7 +1013,7 @@ krb5_cc_get_version(krb5_context context,
*/ */
void KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_cc_clear_mcred(krb5_creds *mcred) krb5_cc_clear_mcred(krb5_creds *mcred)
{ {
memset(mcred, 0, sizeof(*mcred)); memset(mcred, 0, sizeof(*mcred));
@@ -1005,7 +1081,7 @@ struct krb5_cc_cache_cursor_data {
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_cache_get_first (krb5_context context, krb5_cc_cache_get_first (krb5_context context,
const char *type, const char *type,
krb5_cc_cache_cursor *cursor) krb5_cc_cache_cursor *cursor)
@@ -1063,7 +1139,7 @@ krb5_cc_cache_get_first (krb5_context context,
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_cache_next (krb5_context context, krb5_cc_cache_next (krb5_context context,
krb5_cc_cache_cursor cursor, krb5_cc_cache_cursor cursor,
krb5_ccache *id) krb5_ccache *id)
@@ -1080,7 +1156,7 @@ krb5_cc_cache_next (krb5_context context,
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_cache_end_seq_get (krb5_context context, krb5_cc_cache_end_seq_get (krb5_context context,
krb5_cc_cache_cursor cursor) krb5_cc_cache_cursor cursor)
{ {
@@ -1106,7 +1182,7 @@ krb5_cc_cache_end_seq_get (krb5_context context,
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_cache_match (krb5_context context, krb5_cc_cache_match (krb5_context context,
krb5_principal client, krb5_principal client,
krb5_ccache *id) krb5_ccache *id)
@@ -1240,7 +1316,7 @@ build_conf_principals(krb5_context context, krb5_ccache id,
* @ingroup krb5_ccache * @ingroup krb5_ccache
*/ */
krb5_boolean KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_is_config_principal(krb5_context context, krb5_is_config_principal(krb5_context context,
krb5_const_principal principal) krb5_const_principal principal)
{ {
@@ -1268,7 +1344,7 @@ krb5_is_config_principal(krb5_context context,
* @ingroup krb5_ccache * @ingroup krb5_ccache
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_set_config(krb5_context context, krb5_ccache id, krb5_cc_set_config(krb5_context context, krb5_ccache id,
krb5_const_principal principal, krb5_const_principal principal,
const char *name, krb5_data *data) const char *name, krb5_data *data)
@@ -1316,7 +1392,7 @@ out:
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_get_config(krb5_context context, krb5_ccache id, krb5_cc_get_config(krb5_context context, krb5_ccache id,
krb5_const_principal principal, krb5_const_principal principal,
const char *name, krb5_data *data) const char *name, krb5_data *data)
@@ -1347,7 +1423,7 @@ out:
* *
*/ */
struct krb5_cccol_cursor { struct krb5_cccol_cursor_data {
int idx; int idx;
krb5_cc_cache_cursor cursor; krb5_cc_cache_cursor cursor;
}; };
@@ -1364,7 +1440,7 @@ struct krb5_cccol_cursor {
* @ingroup krb5_ccache * @ingroup krb5_ccache
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cccol_cursor_new(krb5_context context, krb5_cccol_cursor *cursor) krb5_cccol_cursor_new(krb5_context context, krb5_cccol_cursor *cursor)
{ {
*cursor = calloc(1, sizeof(**cursor)); *cursor = calloc(1, sizeof(**cursor));
@@ -1396,7 +1472,7 @@ krb5_cccol_cursor_new(krb5_context context, krb5_cccol_cursor *cursor)
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cccol_cursor_next(krb5_context context, krb5_cccol_cursor cursor, krb5_cccol_cursor_next(krb5_context context, krb5_cccol_cursor cursor,
krb5_ccache *cache) krb5_ccache *cache)
{ {
@@ -1447,7 +1523,7 @@ krb5_cccol_cursor_next(krb5_context context, krb5_cccol_cursor cursor,
* @ingroup krb5_ccache * @ingroup krb5_ccache
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cccol_cursor_free(krb5_context context, krb5_cccol_cursor *cursor) krb5_cccol_cursor_free(krb5_context context, krb5_cccol_cursor *cursor)
{ {
krb5_cccol_cursor c = *cursor; krb5_cccol_cursor c = *cursor;
@@ -1474,7 +1550,7 @@ krb5_cccol_cursor_free(krb5_context context, krb5_cccol_cursor *cursor)
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_last_change_time(krb5_context context, krb5_cc_last_change_time(krb5_context context,
krb5_ccache id, krb5_ccache id,
krb5_timestamp *mtime) krb5_timestamp *mtime)
@@ -1497,7 +1573,7 @@ krb5_cc_last_change_time(krb5_context context,
* @ingroup krb5_ccache * @ingroup krb5_ccache
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cccol_last_change_time(krb5_context context, krb5_cccol_last_change_time(krb5_context context,
const char *type, const char *type,
krb5_timestamp *mtime) krb5_timestamp *mtime)
@@ -1538,7 +1614,7 @@ krb5_cccol_last_change_time(krb5_context context,
* @ingroup krb5_ccache * @ingroup krb5_ccache
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_get_friendly_name(krb5_context context, krb5_cc_get_friendly_name(krb5_context context,
krb5_ccache id, krb5_ccache id,
char **name) char **name)
@@ -1575,7 +1651,7 @@ krb5_cc_get_friendly_name(krb5_context context,
* @ingroup krb5_ccache * @ingroup krb5_ccache
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_set_friendly_name(krb5_context context, krb5_cc_set_friendly_name(krb5_context context,
krb5_ccache id, krb5_ccache id,
const char *name) const char *name)
@@ -1603,7 +1679,7 @@ krb5_cc_set_friendly_name(krb5_context context,
* @ingroup krb5_ccache * @ingroup krb5_ccache
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_get_lifetime(krb5_context context, krb5_ccache id, time_t *t) krb5_cc_get_lifetime(krb5_context context, krb5_ccache id, time_t *t)
{ {
krb5_cc_cursor cursor; krb5_cc_cursor cursor;
@@ -1623,13 +1699,61 @@ krb5_cc_get_lifetime(krb5_context context, krb5_ccache id, time_t *t)
if (now < cred.times.endtime) if (now < cred.times.endtime)
*t = cred.times.endtime - now; *t = cred.times.endtime - now;
krb5_free_cred_contents(context, &cred); krb5_free_cred_contents(context, &cred);
goto out; break;
} }
krb5_free_cred_contents(context, &cred); krb5_free_cred_contents(context, &cred);
} }
out:
krb5_cc_end_seq_get(context, id, &cursor); krb5_cc_end_seq_get(context, id, &cursor);
return ret; return ret;
} }
/**
* Set the time offset betwen the client and the KDC
*
* If the backend doesn't support KDC offset, use the context global setting.
*
* @param context A Kerberos 5 context.
* @param id a credential cache
* @param offset the offset in seconds
*
* @return Return an error code or 0, see krb5_get_error_message().
*
* @ingroup krb5_ccache
*/
krb5_error_code
krb5_cc_set_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat offset)
{
if (id->ops->set_kdc_offset == NULL) {
context->kdc_sec_offset = offset;
context->kdc_usec_offset = 0;
return 0;
}
return (*id->ops->set_kdc_offset)(context, id, offset);
}
/**
* Get the time offset betwen the client and the KDC
*
* If the backend doesn't support KDC offset, use the context global setting.
*
* @param context A Kerberos 5 context.
* @param id a credential cache
* @param offset the offset in seconds
*
* @return Return an error code or 0, see krb5_get_error_message().
*
* @ingroup krb5_ccache
*/
krb5_error_code
krb5_cc_get_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat *offset)
{
if (id->ops->get_kdc_offset == NULL) {
*offset = context->kdc_sec_offset;
return 0;
}
return (*id->ops->get_kdc_offset)(context, id, offset);
}

16
source4/heimdal/lib/krb5/changepw.c
View File

@@ -33,7 +33,7 @@
#define KRB5_DEPRECATED #define KRB5_DEPRECATED
#include <krb5_locl.h> #include "krb5_locl.h"
#undef __attribute__ #undef __attribute__
#define __attribute__(X) #define __attribute__(X)
@@ -603,6 +603,7 @@ change_password_loop (krb5_context context,
} }
} }
#ifndef NO_LIMIT_FD_SETSIZE
if (sock >= FD_SETSIZE) { if (sock >= FD_SETSIZE) {
ret = ERANGE; ret = ERANGE;
krb5_set_error_message(context, ret, krb5_set_error_message(context, ret,
@@ -610,6 +611,7 @@ change_password_loop (krb5_context context,
close (sock); close (sock);
goto out; goto out;
} }
#endif
FD_ZERO(&fdset); FD_ZERO(&fdset);
FD_SET(sock, &fdset); FD_SET(sock, &fdset);
@@ -670,7 +672,7 @@ find_chpw_proto(const char *name)
} }
/** /**
* krb5_change_password() is deprecated, use krb5_set_password(). * Deprecated: krb5_change_password() is deprecated, use krb5_set_password().
* *
* @param context a Keberos context * @param context a Keberos context
* @param creds * @param creds
@@ -684,14 +686,14 @@ find_chpw_proto(const char *name)
* @ingroup @krb5_deprecated * @ingroup @krb5_deprecated
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_change_password (krb5_context context, krb5_change_password (krb5_context context,
krb5_creds *creds, krb5_creds *creds,
const char *newpw, const char *newpw,
int *result_code, int *result_code,
krb5_data *result_code_string, krb5_data *result_code_string,
krb5_data *result_string) krb5_data *result_string)
KRB5_DEPRECATED
{ {
struct kpwd_proc *p = find_chpw_proto("change password"); struct kpwd_proc *p = find_chpw_proto("change password");
@@ -726,7 +728,7 @@ krb5_change_password (krb5_context context,
* @ingroup @krb5 * @ingroup @krb5
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_set_password(krb5_context context, krb5_set_password(krb5_context context,
krb5_creds *creds, krb5_creds *creds,
const char *newpw, const char *newpw,
@@ -769,7 +771,7 @@ krb5_set_password(krb5_context context,
* *
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_set_password_using_ccache(krb5_context context, krb5_set_password_using_ccache(krb5_context context,
krb5_ccache ccache, krb5_ccache ccache,
const char *newpw, const char *newpw,
@@ -834,7 +836,7 @@ krb5_set_password_using_ccache(krb5_context context,
* *
*/ */
const char* KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_passwd_result_to_string (krb5_context context, krb5_passwd_result_to_string (krb5_context context,
int result) int result)
{ {

64
source4/heimdal/lib/krb5/codec.c
View File

@@ -37,178 +37,178 @@
#ifndef HEIMDAL_SMALLER #ifndef HEIMDAL_SMALLER
krb5_error_code KRB5_LIB_FUNCTION KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decode_EncTicketPart (krb5_context context, krb5_decode_EncTicketPart (krb5_context context,
const void *data, const void *data,
size_t length, size_t length,
EncTicketPart *t, EncTicketPart *t,
size_t *len) size_t *len)
KRB5_DEPRECATED
{ {
return decode_EncTicketPart(data, length, t, len); return decode_EncTicketPart(data, length, t, len);
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encode_EncTicketPart (krb5_context context, krb5_encode_EncTicketPart (krb5_context context,
void *data, void *data,
size_t length, size_t length,
EncTicketPart *t, EncTicketPart *t,
size_t *len) size_t *len)
KRB5_DEPRECATED
{ {
return encode_EncTicketPart(data, length, t, len); return encode_EncTicketPart(data, length, t, len);
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decode_EncASRepPart (krb5_context context, krb5_decode_EncASRepPart (krb5_context context,
const void *data, const void *data,
size_t length, size_t length,
EncASRepPart *t, EncASRepPart *t,
size_t *len) size_t *len)
KRB5_DEPRECATED
{ {
return decode_EncASRepPart(data, length, t, len); return decode_EncASRepPart(data, length, t, len);
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encode_EncASRepPart (krb5_context context, krb5_encode_EncASRepPart (krb5_context context,
void *data, void *data,
size_t length, size_t length,
EncASRepPart *t, EncASRepPart *t,
size_t *len) size_t *len)
KRB5_DEPRECATED
{ {
return encode_EncASRepPart(data, length, t, len); return encode_EncASRepPart(data, length, t, len);
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decode_EncTGSRepPart (krb5_context context, krb5_decode_EncTGSRepPart (krb5_context context,
const void *data, const void *data,
size_t length, size_t length,
EncTGSRepPart *t, EncTGSRepPart *t,
size_t *len) size_t *len)
KRB5_DEPRECATED
{ {
return decode_EncTGSRepPart(data, length, t, len); return decode_EncTGSRepPart(data, length, t, len);
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encode_EncTGSRepPart (krb5_context context, krb5_encode_EncTGSRepPart (krb5_context context,
void *data, void *data,
size_t length, size_t length,
EncTGSRepPart *t, EncTGSRepPart *t,
size_t *len) size_t *len)
KRB5_DEPRECATED
{ {
return encode_EncTGSRepPart(data, length, t, len); return encode_EncTGSRepPart(data, length, t, len);
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decode_EncAPRepPart (krb5_context context, krb5_decode_EncAPRepPart (krb5_context context,
const void *data, const void *data,
size_t length, size_t length,
EncAPRepPart *t, EncAPRepPart *t,
size_t *len) size_t *len)
KRB5_DEPRECATED
{ {
return decode_EncAPRepPart(data, length, t, len); return decode_EncAPRepPart(data, length, t, len);
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encode_EncAPRepPart (krb5_context context, krb5_encode_EncAPRepPart (krb5_context context,
void *data, void *data,
size_t length, size_t length,
EncAPRepPart *t, EncAPRepPart *t,
size_t *len) size_t *len)
KRB5_DEPRECATED
{ {
return encode_EncAPRepPart(data, length, t, len); return encode_EncAPRepPart(data, length, t, len);
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decode_Authenticator (krb5_context context, krb5_decode_Authenticator (krb5_context context,
const void *data, const void *data,
size_t length, size_t length,
Authenticator *t, Authenticator *t,
size_t *len) size_t *len)
KRB5_DEPRECATED
{ {
return decode_Authenticator(data, length, t, len); return decode_Authenticator(data, length, t, len);
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encode_Authenticator (krb5_context context, krb5_encode_Authenticator (krb5_context context,
void *data, void *data,
size_t length, size_t length,
Authenticator *t, Authenticator *t,
size_t *len) size_t *len)
KRB5_DEPRECATED
{ {
return encode_Authenticator(data, length, t, len); return encode_Authenticator(data, length, t, len);
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decode_EncKrbCredPart (krb5_context context, krb5_decode_EncKrbCredPart (krb5_context context,
const void *data, const void *data,
size_t length, size_t length,
EncKrbCredPart *t, EncKrbCredPart *t,
size_t *len) size_t *len)
KRB5_DEPRECATED
{ {
return decode_EncKrbCredPart(data, length, t, len); return decode_EncKrbCredPart(data, length, t, len);
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encode_EncKrbCredPart (krb5_context context, krb5_encode_EncKrbCredPart (krb5_context context,
void *data, void *data,
size_t length, size_t length,
EncKrbCredPart *t, EncKrbCredPart *t,
size_t *len) size_t *len)
KRB5_DEPRECATED
{ {
return encode_EncKrbCredPart (data, length, t, len); return encode_EncKrbCredPart (data, length, t, len);
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decode_ETYPE_INFO (krb5_context context, krb5_decode_ETYPE_INFO (krb5_context context,
const void *data, const void *data,
size_t length, size_t length,
ETYPE_INFO *t, ETYPE_INFO *t,
size_t *len) size_t *len)
KRB5_DEPRECATED
{ {
return decode_ETYPE_INFO(data, length, t, len); return decode_ETYPE_INFO(data, length, t, len);
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encode_ETYPE_INFO (krb5_context context, krb5_encode_ETYPE_INFO (krb5_context context,
void *data, void *data,
size_t length, size_t length,
ETYPE_INFO *t, ETYPE_INFO *t,
size_t *len) size_t *len)
KRB5_DEPRECATED
{ {
return encode_ETYPE_INFO (data, length, t, len); return encode_ETYPE_INFO (data, length, t, len);
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decode_ETYPE_INFO2 (krb5_context context, krb5_decode_ETYPE_INFO2 (krb5_context context,
const void *data, const void *data,
size_t length, size_t length,
ETYPE_INFO2 *t, ETYPE_INFO2 *t,
size_t *len) size_t *len)
KRB5_DEPRECATED
{ {
return decode_ETYPE_INFO2(data, length, t, len); return decode_ETYPE_INFO2(data, length, t, len);
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encode_ETYPE_INFO2 (krb5_context context, krb5_encode_ETYPE_INFO2 (krb5_context context,
void *data, void *data,
size_t length, size_t length,
ETYPE_INFO2 *t, ETYPE_INFO2 *t,
size_t *len) size_t *len)
KRB5_DEPRECATED
{ {
return encode_ETYPE_INFO2 (data, length, t, len); return encode_ETYPE_INFO2 (data, length, t, len);
} }

233
source4/heimdal/lib/krb5/config_file.c
View File

@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
* are met: * are met:
@@ -35,6 +37,10 @@
#include "krb5_locl.h" #include "krb5_locl.h"
#ifdef __APPLE__
#include <CoreFoundation/CoreFoundation.h>
#endif
/* Gaah! I want a portable funopen */ /* Gaah! I want a portable funopen */
struct fileptr { struct fileptr {
const char *s; const char *s;
@@ -233,6 +239,98 @@ parse_binding(struct fileptr *f, unsigned *lineno, char *p,
return ret; return ret;
} }
#ifdef __APPLE__
static char *
cfstring2cstring(CFStringRef string)
{
CFIndex len;
char *str;
str = (char *) CFStringGetCStringPtr(string, kCFStringEncodingUTF8);
if (str)
return strdup(str);
len = CFStringGetLength(string);
len = 1 + CFStringGetMaximumSizeForEncoding(len, kCFStringEncodingUTF8);
str = malloc(len);
if (str == NULL)
return NULL;
if (!CFStringGetCString (string, str, len, kCFStringEncodingUTF8)) {
free (str);
return NULL;
}
return str;
}
static void
convert_content(const void *key, const void *value, void *context)
{
krb5_config_section *tmp, **parent = context;
char *k;
if (CFGetTypeID(key) != CFStringGetTypeID())
return;
k = cfstring2cstring(key);
if (k == NULL)
return;
if (CFGetTypeID(value) == CFStringGetTypeID()) {
tmp = get_entry(parent, k, krb5_config_string);
tmp->u.string = cfstring2cstring(value);
} else if (CFGetTypeID(value) == CFDictionaryGetTypeID()) {
tmp = get_entry(parent, k, krb5_config_list);
CFDictionaryApplyFunction(value, convert_content, &tmp->u.list);
} else {
/* log */
}
free(k);
}
static krb5_error_code
parse_plist_config(krb5_context context, const char *path, krb5_config_section **parent)
{
CFReadStreamRef s;
CFDictionaryRef d;
CFErrorRef e;
CFURLRef url;
url = CFURLCreateFromFileSystemRepresentation(kCFAllocatorDefault, (UInt8 *)path, strlen(path), FALSE);
if (url == NULL) {
krb5_clear_error_message(context);
return ENOMEM;
}
s = CFReadStreamCreateWithFile(kCFAllocatorDefault, url);
CFRelease(url);
if (s == NULL) {
krb5_clear_error_message(context);
return ENOMEM;
}
if (!CFReadStreamOpen(s)) {
CFRelease(s);
krb5_clear_error_message(context);
return ENOENT;
}
d = (CFDictionaryRef)CFPropertyListCreateWithStream (kCFAllocatorDefault, s, 0, kCFPropertyListImmutable, NULL, &e);
CFRelease(s);
if (d == NULL) {
krb5_clear_error_message(context);
return ENOENT;
}
CFDictionaryApplyFunction(d, convert_content, parent);
CFRelease(d);
return 0;
}
#endif
/* /*
* Parse the config file `fname', generating the structures into `res' * Parse the config file `fname', generating the structures into `res'
* returning error messages in `error_message' * returning error messages in `error_message'
@@ -280,6 +378,18 @@ krb5_config_parse_debug (struct fileptr *f,
return 0; return 0;
} }
static int
is_plist_file(const char *fname)
{
size_t len = strlen(fname);
char suffix[] = ".plist";
if (len < sizeof(suffix))
return 0;
if (strcasecmp(&fname[len - (sizeof(suffix) - 1)], suffix) != 0)
return 0;
return 1;
}
/** /**
* Parse a configuration file and add the result into res. This * Parse a configuration file and add the result into res. This
* interface can be used to parse several configuration files into one * interface can be used to parse several configuration files into one
@@ -293,7 +403,7 @@ krb5_config_parse_debug (struct fileptr *f,
* @ingroup krb5_support * @ingroup krb5_support
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_config_parse_file_multi (krb5_context context, krb5_config_parse_file_multi (krb5_context context,
const char *fname, const char *fname,
krb5_config_section **res) krb5_config_section **res)
@@ -309,9 +419,16 @@ krb5_config_parse_file_multi (krb5_context context,
* current users home directory. The behavior can be disabled and * current users home directory. The behavior can be disabled and
* enabled by calling krb5_set_home_dir_access(). * enabled by calling krb5_set_home_dir_access().
*/ */
if (_krb5_homedir_access(context) && fname[0] == '~' && fname[1] == '/') { if (fname[0] == '~' && fname[1] == '/') {
#ifndef KRB5_USE_PATH_TOKENS
const char *home = NULL; const char *home = NULL;
if (!_krb5_homedir_access(context)) {
krb5_set_error_message(context, EPERM,
"Access to home directory not allowed");
return EPERM;
}
if(!issuid()) if(!issuid())
home = getenv("HOME"); home = getenv("HOME");
@@ -329,7 +446,47 @@ krb5_config_parse_file_multi (krb5_context context,
} }
fname = newfname; fname = newfname;
} }
#else /* KRB5_USE_PATH_TOKENS */
asprintf(&newfname, "%%{USERCONFIG}/%s", &fname[1]);
if (newfname == NULL) {
krb5_set_error_message(context, ENOMEM,
N_("malloc: out of memory", ""));
return ENOMEM;
} }
fname = newfname;
#endif
}
if (is_plist_file(fname)) {
#ifdef __APPLE__
ret = parse_plist_config(context, fname, res);
if (ret) {
krb5_set_error_message(context, ret,
"Failed to parse plist %s", fname);
if (newfname)
free(newfname);
return ret;
}
#else
krb5_set_error_message(context, ENOENT,
"no support for plist configuration files");
return ENOENT;
#endif
} else {
#ifdef KRB5_USE_PATH_TOKENS
char * exp_fname = NULL;
ret = _krb5_expand_path_tokens(context, fname, &exp_fname);
if (ret) {
if (newfname)
free(newfname);
return ret;
}
if (newfname)
free(newfname);
fname = newfname = exp_fname;
#endif
f.f = fopen(fname, "r"); f.f = fopen(fname, "r");
f.s = NULL; f.s = NULL;
@@ -345,17 +502,17 @@ krb5_config_parse_file_multi (krb5_context context,
ret = krb5_config_parse_debug (&f, res, &lineno, &str); ret = krb5_config_parse_debug (&f, res, &lineno, &str);
fclose(f.f); fclose(f.f);
if (ret) { if (ret) {
krb5_set_error_message (context, ret, "%s:%u: %s", fname, lineno, str); krb5_set_error_message (context, ret, "%s:%u: %s",
fname, lineno, str);
if (newfname) if (newfname)
free(newfname); free(newfname);
return ret; return ret;
} }
if (newfname) }
free(newfname);
return 0; return 0;
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_config_parse_file (krb5_context context, krb5_config_parse_file (krb5_context context,
const char *fname, const char *fname,
krb5_config_section **res) krb5_config_section **res)
@@ -397,7 +554,7 @@ free_binding (krb5_context context, krb5_config_binding *b)
* @ingroup krb5_support * @ingroup krb5_support
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_config_file_free (krb5_context context, krb5_config_section *s) krb5_config_file_free (krb5_context context, krb5_config_section *s)
{ {
free_binding (context, s); free_binding (context, s);
@@ -406,7 +563,7 @@ krb5_config_file_free (krb5_context context, krb5_config_section *s)
#ifndef HEIMDAL_SMALLER #ifndef HEIMDAL_SMALLER
krb5_error_code KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_config_copy(krb5_context context, _krb5_config_copy(krb5_context context,
krb5_config_section *c, krb5_config_section *c,
krb5_config_section **head) krb5_config_section **head)
@@ -442,7 +599,7 @@ _krb5_config_copy(krb5_context context,
#endif /* HEIMDAL_SMALLER */ #endif /* HEIMDAL_SMALLER */
const void * KRB5_LIB_FUNCTION const void * KRB5_LIB_CALL
_krb5_config_get_next (krb5_context context, _krb5_config_get_next (krb5_context context,
const krb5_config_section *c, const krb5_config_section *c,
const krb5_config_binding **pointer, const krb5_config_binding **pointer,
@@ -481,7 +638,7 @@ vget_next(krb5_context context,
return NULL; return NULL;
} }
const void * KRB5_LIB_FUNCTION const void * KRB5_LIB_CALL
_krb5_config_vget_next (krb5_context context, _krb5_config_vget_next (krb5_context context,
const krb5_config_section *c, const krb5_config_section *c,
const krb5_config_binding **pointer, const krb5_config_binding **pointer,
@@ -517,7 +674,7 @@ _krb5_config_vget_next (krb5_context context,
return NULL; return NULL;
} }
const void * KRB5_LIB_FUNCTION const void * KRB5_LIB_CALL
_krb5_config_get (krb5_context context, _krb5_config_get (krb5_context context,
const krb5_config_section *c, const krb5_config_section *c,
int type, int type,
@@ -532,6 +689,7 @@ _krb5_config_get (krb5_context context,
return ret; return ret;
} }
const void * const void *
_krb5_config_vget (krb5_context context, _krb5_config_vget (krb5_context context,
const krb5_config_section *c, const krb5_config_section *c,
@@ -555,7 +713,7 @@ _krb5_config_vget (krb5_context context,
* @ingroup krb5_support * @ingroup krb5_support
*/ */
const krb5_config_binding * KRB5_LIB_FUNCTION const krb5_config_binding * KRB5_LIB_CALL
krb5_config_get_list (krb5_context context, krb5_config_get_list (krb5_context context,
const krb5_config_section *c, const krb5_config_section *c,
...) ...)
@@ -581,7 +739,7 @@ krb5_config_get_list (krb5_context context,
* @ingroup krb5_support * @ingroup krb5_support
*/ */
const krb5_config_binding * KRB5_LIB_FUNCTION const krb5_config_binding * KRB5_LIB_CALL
krb5_config_vget_list (krb5_context context, krb5_config_vget_list (krb5_context context,
const krb5_config_section *c, const krb5_config_section *c,
va_list args) va_list args)
@@ -604,7 +762,7 @@ krb5_config_vget_list (krb5_context context,
* @ingroup krb5_support * @ingroup krb5_support
*/ */
const char* KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_config_get_string (krb5_context context, krb5_config_get_string (krb5_context context,
const krb5_config_section *c, const krb5_config_section *c,
...) ...)
@@ -630,7 +788,7 @@ krb5_config_get_string (krb5_context context,
* @ingroup krb5_support * @ingroup krb5_support
*/ */
const char* KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_config_vget_string (krb5_context context, krb5_config_vget_string (krb5_context context,
const krb5_config_section *c, const krb5_config_section *c,
va_list args) va_list args)
@@ -653,7 +811,7 @@ krb5_config_vget_string (krb5_context context,
* @ingroup krb5_support * @ingroup krb5_support
*/ */
const char* KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_config_vget_string_default (krb5_context context, krb5_config_vget_string_default (krb5_context context,
const krb5_config_section *c, const krb5_config_section *c,
const char *def_value, const char *def_value,
@@ -682,7 +840,7 @@ krb5_config_vget_string_default (krb5_context context,
* @ingroup krb5_support * @ingroup krb5_support
*/ */
const char* KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_config_get_string_default (krb5_context context, krb5_config_get_string_default (krb5_context context,
const krb5_config_section *c, const krb5_config_section *c,
const char *def_value, const char *def_value,
@@ -710,7 +868,7 @@ krb5_config_get_string_default (krb5_context context,
* @ingroup krb5_support * @ingroup krb5_support
*/ */
char ** KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION char ** KRB5_LIB_CALL
krb5_config_vget_strings(krb5_context context, krb5_config_vget_strings(krb5_context context,
const krb5_config_section *c, const krb5_config_section *c,
va_list args) va_list args)
@@ -770,7 +928,7 @@ cleanup:
* @ingroup krb5_support * @ingroup krb5_support
*/ */
char** KRB5_LIB_FUNCTION char** KRB5_LIB_CALL
krb5_config_get_strings(krb5_context context, krb5_config_get_strings(krb5_context context,
const krb5_config_section *c, const krb5_config_section *c,
...) ...)
@@ -792,7 +950,7 @@ krb5_config_get_strings(krb5_context context,
* @ingroup krb5_support * @ingroup krb5_support
*/ */
void KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_config_free_strings(char **strings) krb5_config_free_strings(char **strings)
{ {
char **s = strings; char **s = strings;
@@ -821,7 +979,7 @@ krb5_config_free_strings(char **strings)
* @ingroup krb5_support * @ingroup krb5_support
*/ */
krb5_boolean KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_config_vget_bool_default (krb5_context context, krb5_config_vget_bool_default (krb5_context context,
const krb5_config_section *c, const krb5_config_section *c,
krb5_boolean def_value, krb5_boolean def_value,
@@ -851,7 +1009,7 @@ krb5_config_vget_bool_default (krb5_context context,
* @ingroup krb5_support * @ingroup krb5_support
*/ */
krb5_boolean KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_config_vget_bool (krb5_context context, krb5_config_vget_bool (krb5_context context,
const krb5_config_section *c, const krb5_config_section *c,
va_list args) va_list args)
@@ -875,7 +1033,7 @@ krb5_config_vget_bool (krb5_context context,
* @ingroup krb5_support * @ingroup krb5_support
*/ */
krb5_boolean KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_config_get_bool_default (krb5_context context, krb5_config_get_bool_default (krb5_context context,
const krb5_config_section *c, const krb5_config_section *c,
krb5_boolean def_value, krb5_boolean def_value,
@@ -905,7 +1063,7 @@ krb5_config_get_bool_default (krb5_context context,
* @ingroup krb5_support * @ingroup krb5_support
*/ */
krb5_boolean KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_config_get_bool (krb5_context context, krb5_config_get_bool (krb5_context context,
const krb5_config_section *c, const krb5_config_section *c,
...) ...)
@@ -935,7 +1093,7 @@ krb5_config_get_bool (krb5_context context,
* @ingroup krb5_support * @ingroup krb5_support
*/ */
int KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_config_vget_time_default (krb5_context context, krb5_config_vget_time_default (krb5_context context,
const krb5_config_section *c, const krb5_config_section *c,
int def_value, int def_value,
@@ -964,8 +1122,8 @@ krb5_config_vget_time_default (krb5_context context,
* @ingroup krb5_support * @ingroup krb5_support
*/ */
int KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_config_vget_time(krb5_context context, krb5_config_vget_time (krb5_context context,
const krb5_config_section *c, const krb5_config_section *c,
va_list args) va_list args)
{ {
@@ -986,7 +1144,7 @@ krb5_config_vget_time(krb5_context context,
* @ingroup krb5_support * @ingroup krb5_support
*/ */
int KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_config_get_time_default (krb5_context context, krb5_config_get_time_default (krb5_context context,
const krb5_config_section *c, const krb5_config_section *c,
int def_value, int def_value,
@@ -1012,7 +1170,7 @@ krb5_config_get_time_default (krb5_context context,
* @ingroup krb5_support * @ingroup krb5_support
*/ */
int KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_config_get_time (krb5_context context, krb5_config_get_time (krb5_context context,
const krb5_config_section *c, const krb5_config_section *c,
...) ...)
@@ -1026,7 +1184,7 @@ krb5_config_get_time (krb5_context context,
} }
int KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_config_vget_int_default (krb5_context context, krb5_config_vget_int_default (krb5_context context,
const krb5_config_section *c, const krb5_config_section *c,
int def_value, int def_value,
@@ -1047,7 +1205,7 @@ krb5_config_vget_int_default (krb5_context context,
} }
} }
int KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_config_vget_int (krb5_context context, krb5_config_vget_int (krb5_context context,
const krb5_config_section *c, const krb5_config_section *c,
va_list args) va_list args)
@@ -1055,7 +1213,7 @@ krb5_config_vget_int (krb5_context context,
return krb5_config_vget_int_default (context, c, -1, args); return krb5_config_vget_int_default (context, c, -1, args);
} }
int KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_config_get_int_default (krb5_context context, krb5_config_get_int_default (krb5_context context,
const krb5_config_section *c, const krb5_config_section *c,
int def_value, int def_value,
@@ -1069,7 +1227,7 @@ krb5_config_get_int_default (krb5_context context,
return ret; return ret;
} }
int KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_config_get_int (krb5_context context, krb5_config_get_int (krb5_context context,
const krb5_config_section *c, const krb5_config_section *c,
...) ...)
@@ -1085,10 +1243,17 @@ krb5_config_get_int (krb5_context context,
#ifndef HEIMDAL_SMALLER #ifndef HEIMDAL_SMALLER
/**
* Deprecated: configuration files are not strings
*
* @ingroup krb5_deprecated
*/
KRB5_DEPRECATED
krb5_error_code KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_FUNCTION
krb5_config_parse_string_multi(krb5_context context, krb5_config_parse_string_multi(krb5_context context,
const char *string, const char *string,
krb5_config_section **res) KRB5_DEPRECATED krb5_config_section **res)
{ {
const char *str; const char *str;
unsigned lineno = 0; unsigned lineno = 0;

11
source4/heimdal/lib/krb5/constants.c
View File

@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
* are met: * are met:
@@ -35,10 +37,17 @@
KRB5_LIB_VARIABLE const char *krb5_config_file = KRB5_LIB_VARIABLE const char *krb5_config_file =
#ifdef __APPLE__ #ifdef __APPLE__
"~/Library/Preferences/com.apple.Kerberos.plist:"
"/Library/Preferences/com.apple.Kerberos.plist:"
"~/Library/Preferences/edu.mit.Kerberos:" "~/Library/Preferences/edu.mit.Kerberos:"
"/Library/Preferences/edu.mit.Kerberos:" "/Library/Preferences/edu.mit.Kerberos:"
#endif /* __APPLE__ */
SYSCONFDIR "/krb5.conf"
#ifndef _WIN32
":/etc/krb5.conf"
#endif #endif
SYSCONFDIR "/krb5.conf:/etc/krb5.conf"; ;
KRB5_LIB_VARIABLE const char *krb5_defkeyname = KEYTAB_DEFAULT; KRB5_LIB_VARIABLE const char *krb5_defkeyname = KEYTAB_DEFAULT;
KRB5_LIB_VARIABLE const char *krb5_cc_type_api = "API"; KRB5_LIB_VARIABLE const char *krb5_cc_type_api = "API";

131
source4/heimdal/lib/krb5/context.c
View File

@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
* are met: * are met:
@@ -223,16 +225,49 @@ cc_ops_register(krb5_context context)
context->cc_ops = NULL; context->cc_ops = NULL;
context->num_cc_ops = 0; context->num_cc_ops = 0;
#ifndef KCM_IS_API_CACHE
krb5_cc_register(context, &krb5_acc_ops, TRUE); krb5_cc_register(context, &krb5_acc_ops, TRUE);
#endif
krb5_cc_register(context, &krb5_fcc_ops, TRUE); krb5_cc_register(context, &krb5_fcc_ops, TRUE);
krb5_cc_register(context, &krb5_mcc_ops, TRUE); krb5_cc_register(context, &krb5_mcc_ops, TRUE);
#ifdef HAVE_SCC
krb5_cc_register(context, &krb5_scc_ops, TRUE); krb5_cc_register(context, &krb5_scc_ops, TRUE);
#endif
#ifdef HAVE_KCM #ifdef HAVE_KCM
#ifdef KCM_IS_API_CACHE
krb5_cc_register(context, &krb5_akcm_ops, TRUE);
#endif
krb5_cc_register(context, &krb5_kcm_ops, TRUE); krb5_cc_register(context, &krb5_kcm_ops, TRUE);
#endif #endif
return 0; return 0;
} }
static krb5_error_code
cc_ops_copy(krb5_context context, const krb5_context src_context)
{
const krb5_cc_ops **cc_ops;
context->cc_ops = NULL;
context->num_cc_ops = 0;
if (src_context->num_cc_ops == 0)
return 0;
cc_ops = malloc(sizeof(cc_ops[0]) * src_context->num_cc_ops);
if (cc_ops == NULL) {
krb5_set_error_message(context, KRB5_CC_NOMEM,
N_("malloc: out of memory", ""));
return KRB5_CC_NOMEM;
}
memcpy(cc_ops, src_context->cc_ops,
sizeof(cc_ops[0]) * src_context->num_cc_ops);
context->cc_ops = cc_ops;
context->num_cc_ops = src_context->num_cc_ops;
return 0;
}
static krb5_error_code static krb5_error_code
kt_ops_register(krb5_context context) kt_ops_register(krb5_context context)
{ {
@@ -250,6 +285,28 @@ kt_ops_register(krb5_context context)
return 0; return 0;
} }
static krb5_error_code
kt_ops_copy(krb5_context context, const krb5_context src_context)
{
context->num_kt_types = 0;
context->kt_types = NULL;
if (src_context->num_kt_types == 0)
return 0;
context->kt_types = malloc(sizeof(context->kt_types[0]) * src_context->num_kt_types);
if (context->kt_types == NULL) {
krb5_set_error_message(context, ENOMEM,
N_("malloc: out of memory", ""));
return ENOMEM;
}
context->num_kt_types = src_context->num_kt_types;
memcpy(context->kt_types, src_context->kt_types,
sizeof(context->kt_types[0]) * src_context->num_kt_types);
return 0;
}
/** /**
* Initializes the context structure and reads the configuration file * Initializes the context structure and reads the configuration file
@@ -266,7 +323,7 @@ kt_ops_register(krb5_context context)
* @ingroup krb5 * @ingroup krb5
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_init_context(krb5_context *context) krb5_init_context(krb5_context *context)
{ {
krb5_context p; krb5_context p;
@@ -309,6 +366,8 @@ krb5_init_context(krb5_context *context)
if (ret) if (ret)
goto out; goto out;
#endif #endif
if (rk_SOCK_INIT())
p->flags |= KRB5_CTX_F_SOCKETS_INITIALIZED;
out: out:
if(ret) { if(ret) {
@@ -359,7 +418,7 @@ copy_etypes (krb5_context context,
* @ingroup krb5 * @ingroup krb5
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_copy_context(krb5_context context, krb5_context *out) krb5_copy_context(krb5_context context, krb5_context *out)
{ {
krb5_error_code ret; krb5_error_code ret;
@@ -411,8 +470,9 @@ krb5_copy_context(krb5_context context, krb5_context *out)
/* XXX should copy */ /* XXX should copy */
krb5_init_ets(p); krb5_init_ets(p);
cc_ops_register(p);
kt_ops_register(p); cc_ops_copy(p, context);
kt_ops_copy(p, context);
#if 0 /* XXX */ #if 0 /* XXX */
if(context->warn_dest != NULL) if(context->warn_dest != NULL)
@@ -451,7 +511,7 @@ krb5_copy_context(krb5_context context, krb5_context *out)
* @ingroup krb5 * @ingroup krb5
*/ */
void KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_free_context(krb5_context context) krb5_free_context(krb5_context context)
{ {
if (context->default_cc_name) if (context->default_cc_name)
@@ -480,6 +540,9 @@ krb5_free_context(krb5_context context)
HEIMDAL_MUTEX_destroy(context->mutex); HEIMDAL_MUTEX_destroy(context->mutex);
free(context->mutex); free(context->mutex);
if (context->flags & KRB5_CTX_F_SOCKETS_INITIALIZED) {
rk_SOCK_EXIT();
}
memset(context, 0, sizeof(*context)); memset(context, 0, sizeof(*context));
free(context); free(context);
@@ -497,14 +560,14 @@ krb5_free_context(krb5_context context)
* @ingroup krb5 * @ingroup krb5
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_set_config_files(krb5_context context, char **filenames) krb5_set_config_files(krb5_context context, char **filenames)
{ {
krb5_error_code ret; krb5_error_code ret;
krb5_config_binding *tmp = NULL; krb5_config_binding *tmp = NULL;
while(filenames != NULL && *filenames != NULL && **filenames != '\0') { while(filenames != NULL && *filenames != NULL && **filenames != '\0') {
ret = krb5_config_parse_file_multi(context, *filenames, &tmp); ret = krb5_config_parse_file_multi(context, *filenames, &tmp);
if(ret != 0 && ret != ENOENT && ret != EACCES) { if(ret != 0 && ret != ENOENT && ret != EACCES && ret != EPERM) {
krb5_config_file_free(context, tmp); krb5_config_file_free(context, tmp);
return ret; return ret;
} }
@@ -552,7 +615,7 @@ add_file(char ***pfilenames, int *len, char *file)
* `pq' isn't free, it's up the the caller * `pq' isn't free, it's up the the caller
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_prepend_config_files(const char *filelist, char **pq, char ***ret_pp) krb5_prepend_config_files(const char *filelist, char **pq, char ***ret_pp)
{ {
krb5_error_code ret; krb5_error_code ret;
@@ -617,7 +680,7 @@ krb5_prepend_config_files(const char *filelist, char **pq, char ***ret_pp)
* @ingroup krb5 * @ingroup krb5
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_prepend_config_files_default(const char *filelist, char ***pfilenames) krb5_prepend_config_files_default(const char *filelist, char ***pfilenames)
{ {
krb5_error_code ret; krb5_error_code ret;
@@ -647,7 +710,7 @@ krb5_prepend_config_files_default(const char *filelist, char ***pfilenames)
* @ingroup krb5 * @ingroup krb5
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_default_config_files(char ***pfilenames) krb5_get_default_config_files(char ***pfilenames)
{ {
const char *files = NULL; const char *files = NULL;
@@ -674,7 +737,7 @@ krb5_get_default_config_files(char ***pfilenames)
* @ingroup krb5 * @ingroup krb5
*/ */
void KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_free_config_files(char **filenames) krb5_free_config_files(char **filenames)
{ {
char **p; char **p;
@@ -696,7 +759,7 @@ krb5_free_config_files(char **filenames)
* @ingroup krb5 * @ingroup krb5
*/ */
const krb5_enctype * KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION const krb5_enctype * KRB5_LIB_CALL
krb5_kerberos_enctypes(krb5_context context) krb5_kerberos_enctypes(krb5_context context)
{ {
static const krb5_enctype p[] = { static const krb5_enctype p[] = {
@@ -757,7 +820,7 @@ default_etypes(krb5_context context, krb5_enctype **etype)
* @ingroup krb5 * @ingroup krb5
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_set_default_in_tkt_etypes(krb5_context context, krb5_set_default_in_tkt_etypes(krb5_context context,
const krb5_enctype *etypes) const krb5_enctype *etypes)
{ {
@@ -799,7 +862,7 @@ krb5_set_default_in_tkt_etypes(krb5_context context,
* @ingroup krb5 * @ingroup krb5
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_default_in_tkt_etypes(krb5_context context, krb5_get_default_in_tkt_etypes(krb5_context context,
krb5_enctype **etypes) krb5_enctype **etypes)
{ {
@@ -833,7 +896,7 @@ krb5_get_default_in_tkt_etypes(krb5_context context,
* @ingroup krb5 * @ingroup krb5
*/ */
void KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_init_ets(krb5_context context) krb5_init_ets(krb5_context context)
{ {
if(context->et_list == NULL){ if(context->et_list == NULL){
@@ -868,7 +931,7 @@ krb5_init_ets(krb5_context context)
* @ingroup krb5 * @ingroup krb5
*/ */
void KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_set_use_admin_kdc (krb5_context context, krb5_boolean flag) krb5_set_use_admin_kdc (krb5_context context, krb5_boolean flag)
{ {
context->use_admin_kdc = flag; context->use_admin_kdc = flag;
@@ -884,7 +947,7 @@ krb5_set_use_admin_kdc (krb5_context context, krb5_boolean flag)
* @ingroup krb5 * @ingroup krb5
*/ */
krb5_boolean KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_get_use_admin_kdc (krb5_context context) krb5_get_use_admin_kdc (krb5_context context)
{ {
return context->use_admin_kdc; return context->use_admin_kdc;
@@ -903,7 +966,7 @@ krb5_get_use_admin_kdc (krb5_context context)
* @ingroup krb5 * @ingroup krb5
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_add_extra_addresses(krb5_context context, krb5_addresses *addresses) krb5_add_extra_addresses(krb5_context context, krb5_addresses *addresses)
{ {
@@ -927,7 +990,7 @@ krb5_add_extra_addresses(krb5_context context, krb5_addresses *addresses)
* @ingroup krb5 * @ingroup krb5
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_set_extra_addresses(krb5_context context, const krb5_addresses *addresses) krb5_set_extra_addresses(krb5_context context, const krb5_addresses *addresses)
{ {
if(context->extra_addresses) if(context->extra_addresses)
@@ -963,7 +1026,7 @@ krb5_set_extra_addresses(krb5_context context, const krb5_addresses *addresses)
* @ingroup krb5 * @ingroup krb5
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_extra_addresses(krb5_context context, krb5_addresses *addresses) krb5_get_extra_addresses(krb5_context context, krb5_addresses *addresses)
{ {
if(context->extra_addresses == NULL) { if(context->extra_addresses == NULL) {
@@ -986,7 +1049,7 @@ krb5_get_extra_addresses(krb5_context context, krb5_addresses *addresses)
* @ingroup krb5 * @ingroup krb5
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_add_ignore_addresses(krb5_context context, krb5_addresses *addresses) krb5_add_ignore_addresses(krb5_context context, krb5_addresses *addresses)
{ {
@@ -1010,7 +1073,7 @@ krb5_add_ignore_addresses(krb5_context context, krb5_addresses *addresses)
* @ingroup krb5 * @ingroup krb5
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_set_ignore_addresses(krb5_context context, const krb5_addresses *addresses) krb5_set_ignore_addresses(krb5_context context, const krb5_addresses *addresses)
{ {
if(context->ignore_addresses) if(context->ignore_addresses)
@@ -1045,7 +1108,7 @@ krb5_set_ignore_addresses(krb5_context context, const krb5_addresses *addresses)
* @ingroup krb5 * @ingroup krb5
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_ignore_addresses(krb5_context context, krb5_addresses *addresses) krb5_get_ignore_addresses(krb5_context context, krb5_addresses *addresses)
{ {
if(context->ignore_addresses == NULL) { if(context->ignore_addresses == NULL) {
@@ -1067,7 +1130,7 @@ krb5_get_ignore_addresses(krb5_context context, krb5_addresses *addresses)
* @ingroup krb5 * @ingroup krb5
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_set_fcache_version(krb5_context context, int version) krb5_set_fcache_version(krb5_context context, int version)
{ {
context->fcache_vno = version; context->fcache_vno = version;
@@ -1086,7 +1149,7 @@ krb5_set_fcache_version(krb5_context context, int version)
* @ingroup krb5 * @ingroup krb5
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_fcache_version(krb5_context context, int *version) krb5_get_fcache_version(krb5_context context, int *version)
{ {
*version = context->fcache_vno; *version = context->fcache_vno;
@@ -1102,7 +1165,7 @@ krb5_get_fcache_version(krb5_context context, int *version)
*/ */
krb5_boolean KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_is_thread_safe(void) krb5_is_thread_safe(void)
{ {
#ifdef ENABLE_PTHREAD_SUPPORT #ifdef ENABLE_PTHREAD_SUPPORT
@@ -1121,7 +1184,7 @@ krb5_is_thread_safe(void)
* @ingroup krb5 * @ingroup krb5
*/ */
void KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_set_dns_canonicalize_hostname (krb5_context context, krb5_boolean flag) krb5_set_dns_canonicalize_hostname (krb5_context context, krb5_boolean flag)
{ {
if (flag) if (flag)
@@ -1140,7 +1203,7 @@ krb5_set_dns_canonicalize_hostname (krb5_context context, krb5_boolean flag)
* @ingroup krb5 * @ingroup krb5
*/ */
krb5_boolean KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_get_dns_canonicalize_hostname (krb5_context context) krb5_get_dns_canonicalize_hostname (krb5_context context)
{ {
return (context->flags & KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME) ? 1 : 0; return (context->flags & KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME) ? 1 : 0;
@@ -1158,7 +1221,7 @@ krb5_get_dns_canonicalize_hostname (krb5_context context)
* @ingroup krb5 * @ingroup krb5
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_kdc_sec_offset (krb5_context context, int32_t *sec, int32_t *usec) krb5_get_kdc_sec_offset (krb5_context context, int32_t *sec, int32_t *usec)
{ {
if (sec) if (sec)
@@ -1180,7 +1243,7 @@ krb5_get_kdc_sec_offset (krb5_context context, int32_t *sec, int32_t *usec)
* @ingroup krb5 * @ingroup krb5
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_set_kdc_sec_offset (krb5_context context, int32_t sec, int32_t usec) krb5_set_kdc_sec_offset (krb5_context context, int32_t sec, int32_t usec)
{ {
context->kdc_sec_offset = sec; context->kdc_sec_offset = sec;
@@ -1199,7 +1262,7 @@ krb5_set_kdc_sec_offset (krb5_context context, int32_t sec, int32_t usec)
* @ingroup krb5 * @ingroup krb5
*/ */
time_t KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL
krb5_get_max_time_skew (krb5_context context) krb5_get_max_time_skew (krb5_context context)
{ {
return context->max_skew; return context->max_skew;
@@ -1214,7 +1277,7 @@ krb5_get_max_time_skew (krb5_context context)
* @ingroup krb5 * @ingroup krb5
*/ */
void KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_set_max_time_skew (krb5_context context, time_t t) krb5_set_max_time_skew (krb5_context context, time_t t)
{ {
context->max_skew = t; context->max_skew = t;
@@ -1234,7 +1297,7 @@ krb5_set_max_time_skew (krb5_context context, time_t t)
* @ingroup krb5 * @ingroup krb5
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_init_etype (krb5_context context, krb5_init_etype (krb5_context context,
unsigned *len, unsigned *len,
krb5_enctype **val, krb5_enctype **val,
@@ -1282,9 +1345,11 @@ _krb5_homedir_access(krb5_context context)
{ {
krb5_boolean allow; krb5_boolean allow;
#ifdef HAVE_GETEUID
/* is never allowed for root */ /* is never allowed for root */
if (geteuid() == 0) if (geteuid() == 0)
return FALSE; return FALSE;
#endif
if (context && (context->flags & KRB5_CTX_F_HOMEDIR_ACCESS) == 0) if (context && (context->flags & KRB5_CTX_F_HOMEDIR_ACCESS) == 0)
return FALSE; return FALSE;

11
source4/heimdal/lib/krb5/convert_creds.c
View File

@@ -58,7 +58,7 @@ check_ticket_flags(TicketFlags f)
* @ingroup krb5_v4compat * @ingroup krb5_v4compat
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb524_convert_creds_kdc(krb5_context context, krb524_convert_creds_kdc(krb5_context context,
krb5_creds *in_cred, krb5_creds *in_cred,
struct credentials *v4creds) struct credentials *v4creds)
@@ -132,10 +132,9 @@ krb524_convert_creds_kdc(krb5_context context,
goto out; goto out;
memcpy(v4creds->session, v5_creds->session.keyvalue.data, 8); memcpy(v4creds->session, v5_creds->session.keyvalue.data, 8);
} else { } else {
krb5_set_error_message (context, ret, krb5_prepend_error_message(context, ret,
N_("converting credentials: %s", N_("converting credentials",
"already localized"), "already localized"));
krb5_get_err_text(context, ret));
} }
out: out:
krb5_storage_free(sp); krb5_storage_free(sp);
@@ -161,7 +160,7 @@ out2:
* @ingroup krb5_v4compat * @ingroup krb5_v4compat
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb524_convert_creds_kdc_ccache(krb5_context context, krb524_convert_creds_kdc_ccache(krb5_context context,
krb5_ccache ccache, krb5_ccache ccache,
krb5_creds *in_cred, krb5_creds *in_cred,

2
source4/heimdal/lib/krb5/copy_host_realm.c
View File

@@ -46,7 +46,7 @@
* @ingroup krb5 * @ingroup krb5
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_copy_host_realm(krb5_context context, krb5_copy_host_realm(krb5_context context,
const krb5_realm *from, const krb5_realm *from,
krb5_realm **to) krb5_realm **to)

10
source4/heimdal/lib/krb5/creds.c
View File

@@ -45,7 +45,7 @@
* @ingroup krb5 * @ingroup krb5
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_free_cred_contents (krb5_context context, krb5_creds *c) krb5_free_cred_contents (krb5_context context, krb5_creds *c)
{ {
krb5_free_principal (context, c->client); krb5_free_principal (context, c->client);
@@ -74,7 +74,7 @@ krb5_free_cred_contents (krb5_context context, krb5_creds *c)
* @ingroup krb5 * @ingroup krb5
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_copy_creds_contents (krb5_context context, krb5_copy_creds_contents (krb5_context context,
const krb5_creds *incred, const krb5_creds *incred,
krb5_creds *c) krb5_creds *c)
@@ -131,7 +131,7 @@ fail:
* @ingroup krb5 * @ingroup krb5
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_copy_creds (krb5_context context, krb5_copy_creds (krb5_context context,
const krb5_creds *incred, const krb5_creds *incred,
krb5_creds **outcred) krb5_creds **outcred)
@@ -161,7 +161,7 @@ krb5_copy_creds (krb5_context context,
* @ingroup krb5 * @ingroup krb5
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_free_creds (krb5_context context, krb5_creds *c) krb5_free_creds (krb5_context context, krb5_creds *c)
{ {
krb5_free_cred_contents (context, c); krb5_free_cred_contents (context, c);
@@ -205,7 +205,7 @@ krb5_times_equal(const krb5_times *a, const krb5_times *b)
* @ingroup krb5 * @ingroup krb5
*/ */
krb5_boolean KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_compare_creds(krb5_context context, krb5_flags whichfields, krb5_compare_creds(krb5_context context, krb5_flags whichfields,
const krb5_creds * mcreds, const krb5_creds * creds) const krb5_creds * mcreds, const krb5_creds * creds)
{ {

133
source4/heimdal/lib/krb5/crypto.c
View File

@@ -874,7 +874,7 @@ static struct key_type keytype_arcfour = {
EVP_rc4 EVP_rc4
}; };
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_salttype_to_string (krb5_context context, krb5_salttype_to_string (krb5_context context,
krb5_enctype etype, krb5_enctype etype,
krb5_salttype stype, krb5_salttype stype,
@@ -906,7 +906,7 @@ krb5_salttype_to_string (krb5_context context,
return HEIM_ERR_SALTTYPE_NOSUPP; return HEIM_ERR_SALTTYPE_NOSUPP;
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_string_to_salttype (krb5_context context, krb5_string_to_salttype (krb5_context context,
krb5_enctype etype, krb5_enctype etype,
const char *string, const char *string,
@@ -933,7 +933,7 @@ krb5_string_to_salttype (krb5_context context,
return HEIM_ERR_SALTTYPE_NOSUPP; return HEIM_ERR_SALTTYPE_NOSUPP;
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_get_pw_salt(krb5_context context, krb5_get_pw_salt(krb5_context context,
krb5_const_principal principal, krb5_const_principal principal,
krb5_salt *salt) krb5_salt *salt)
@@ -962,7 +962,7 @@ krb5_get_pw_salt(krb5_context context,
return 0; return 0;
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_free_salt(krb5_context context, krb5_free_salt(krb5_context context,
krb5_salt salt) krb5_salt salt)
{ {
@@ -970,7 +970,7 @@ krb5_free_salt(krb5_context context,
return 0; return 0;
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_string_to_key_data (krb5_context context, krb5_string_to_key_data (krb5_context context,
krb5_enctype enctype, krb5_enctype enctype,
krb5_data password, krb5_data password,
@@ -988,7 +988,7 @@ krb5_string_to_key_data (krb5_context context,
return ret; return ret;
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_string_to_key (krb5_context context, krb5_string_to_key (krb5_context context,
krb5_enctype enctype, krb5_enctype enctype,
const char *password, const char *password,
@@ -1001,7 +1001,7 @@ krb5_string_to_key (krb5_context context,
return krb5_string_to_key_data(context, enctype, pw, principal, key); return krb5_string_to_key_data(context, enctype, pw, principal, key);
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_string_to_key_data_salt (krb5_context context, krb5_string_to_key_data_salt (krb5_context context,
krb5_enctype enctype, krb5_enctype enctype,
krb5_data password, krb5_data password,
@@ -1020,7 +1020,7 @@ krb5_string_to_key_data_salt (krb5_context context,
* `opaque'), returning the resulting key in `key' * `opaque'), returning the resulting key in `key'
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_string_to_key_data_salt_opaque (krb5_context context, krb5_string_to_key_data_salt_opaque (krb5_context context,
krb5_enctype enctype, krb5_enctype enctype,
krb5_data password, krb5_data password,
@@ -1052,7 +1052,7 @@ krb5_string_to_key_data_salt_opaque (krb5_context context,
* in `key' * in `key'
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_string_to_key_salt (krb5_context context, krb5_string_to_key_salt (krb5_context context,
krb5_enctype enctype, krb5_enctype enctype,
const char *password, const char *password,
@@ -1065,7 +1065,7 @@ krb5_string_to_key_salt (krb5_context context,
return krb5_string_to_key_data_salt(context, enctype, pw, salt, key); return krb5_string_to_key_data_salt(context, enctype, pw, salt, key);
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_string_to_key_salt_opaque (krb5_context context, krb5_string_to_key_salt_opaque (krb5_context context,
krb5_enctype enctype, krb5_enctype enctype,
const char *password, const char *password,
@@ -1080,7 +1080,7 @@ krb5_string_to_key_salt_opaque (krb5_context context,
pw, salt, opaque, key); pw, salt, opaque, key);
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_enctype_keysize(krb5_context context, krb5_enctype_keysize(krb5_context context,
krb5_enctype type, krb5_enctype type,
size_t *keysize) size_t *keysize)
@@ -1096,7 +1096,7 @@ krb5_enctype_keysize(krb5_context context,
return 0; return 0;
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_enctype_keybits(krb5_context context, krb5_enctype_keybits(krb5_context context,
krb5_enctype type, krb5_enctype type,
size_t *keybits) size_t *keybits)
@@ -1112,7 +1112,7 @@ krb5_enctype_keybits(krb5_context context,
return 0; return 0;
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_generate_random_keyblock(krb5_context context, krb5_generate_random_keyblock(krb5_context context,
krb5_enctype type, krb5_enctype type,
krb5_keyblock *key) krb5_keyblock *key)
@@ -1439,7 +1439,7 @@ hmac(krb5_context context,
return 0; return 0;
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_hmac(krb5_context context, krb5_hmac(krb5_context context,
krb5_cksumtype cktype, krb5_cksumtype cktype,
const void *data, const void *data,
@@ -1785,7 +1785,7 @@ arcfour_checksum_p(struct checksum_type *ct, krb5_crypto crypto)
(crypto->key.key->keytype == KEYTYPE_ARCFOUR); (crypto->key.key->keytype == KEYTYPE_ARCFOUR);
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_create_checksum(krb5_context context, krb5_create_checksum(krb5_context context,
krb5_crypto crypto, krb5_crypto crypto,
krb5_key_usage usage, krb5_key_usage usage,
@@ -1897,7 +1897,7 @@ verify_checksum(krb5_context context,
return ret; return ret;
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_verify_checksum(krb5_context context, krb5_verify_checksum(krb5_context context,
krb5_crypto crypto, krb5_crypto crypto,
krb5_key_usage usage, krb5_key_usage usage,
@@ -1926,7 +1926,7 @@ krb5_verify_checksum(krb5_context context,
data, len, cksum); data, len, cksum);
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_crypto_get_checksum_type(krb5_context context, krb5_crypto_get_checksum_type(krb5_context context,
krb5_crypto crypto, krb5_crypto crypto,
krb5_cksumtype *type) krb5_cksumtype *type)
@@ -1951,7 +1951,7 @@ krb5_crypto_get_checksum_type(krb5_context context,
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_checksumsize(krb5_context context, krb5_checksumsize(krb5_context context,
krb5_cksumtype type, krb5_cksumtype type,
size_t *size) size_t *size)
@@ -1967,7 +1967,7 @@ krb5_checksumsize(krb5_context context,
return 0; return 0;
} }
krb5_boolean KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_checksum_is_keyed(krb5_context context, krb5_checksum_is_keyed(krb5_context context,
krb5_cksumtype type) krb5_cksumtype type)
{ {
@@ -1982,7 +1982,7 @@ krb5_checksum_is_keyed(krb5_context context,
return ct->flags & F_KEYED; return ct->flags & F_KEYED;
} }
krb5_boolean KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_checksum_is_collision_proof(krb5_context context, krb5_checksum_is_collision_proof(krb5_context context,
krb5_cksumtype type) krb5_cksumtype type)
{ {
@@ -1997,7 +1997,7 @@ krb5_checksum_is_collision_proof(krb5_context context,
return ct->flags & F_CPROOF; return ct->flags & F_CPROOF;
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_checksum_disable(krb5_context context, krb5_checksum_disable(krb5_context context,
krb5_cksumtype type) krb5_cksumtype type)
{ {
@@ -2724,7 +2724,7 @@ _find_enctype(krb5_enctype type)
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_enctype_to_string(krb5_context context, krb5_enctype_to_string(krb5_context context,
krb5_enctype etype, krb5_enctype etype,
char **string) char **string)
@@ -2746,7 +2746,7 @@ krb5_enctype_to_string(krb5_context context,
return 0; return 0;
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_string_to_enctype(krb5_context context, krb5_string_to_enctype(krb5_context context,
const char *string, const char *string,
krb5_enctype *etype) krb5_enctype *etype)
@@ -2763,7 +2763,7 @@ krb5_string_to_enctype(krb5_context context,
return KRB5_PROG_ETYPE_NOSUPP; return KRB5_PROG_ETYPE_NOSUPP;
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_enctype_to_keytype(krb5_context context, krb5_enctype_to_keytype(krb5_context context,
krb5_enctype etype, krb5_enctype etype,
krb5_keytype *keytype) krb5_keytype *keytype)
@@ -2779,7 +2779,7 @@ krb5_enctype_to_keytype(krb5_context context,
return 0; return 0;
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_enctype_valid(krb5_context context, krb5_enctype_valid(krb5_context context,
krb5_enctype etype) krb5_enctype etype)
{ {
@@ -2812,7 +2812,7 @@ krb5_enctype_valid(krb5_context context,
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cksumtype_to_enctype(krb5_context context, krb5_cksumtype_to_enctype(krb5_context context,
krb5_cksumtype ctype, krb5_cksumtype ctype,
krb5_enctype *etype) krb5_enctype *etype)
@@ -2837,7 +2837,7 @@ krb5_cksumtype_to_enctype(krb5_context context,
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cksumtype_valid(krb5_context context, krb5_cksumtype_valid(krb5_context context,
krb5_cksumtype ctype) krb5_cksumtype ctype)
{ {
@@ -3265,7 +3265,7 @@ find_iv(krb5_crypto_iov *data, int num_data, int type)
* 4. KRB5_CRYPTO_TYPE_TRAILER * 4. KRB5_CRYPTO_TYPE_TRAILER
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encrypt_iov_ivec(krb5_context context, krb5_encrypt_iov_ivec(krb5_context context,
krb5_crypto crypto, krb5_crypto crypto,
unsigned usage, unsigned usage,
@@ -3458,7 +3458,7 @@ krb5_encrypt_iov_ivec(krb5_context context,
* size as the input data or shorter. * size as the input data or shorter.
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decrypt_iov_ivec(krb5_context context, krb5_decrypt_iov_ivec(krb5_context context,
krb5_crypto crypto, krb5_crypto crypto,
unsigned usage, unsigned usage,
@@ -3606,7 +3606,7 @@ krb5_decrypt_iov_ivec(krb5_context context,
* @ingroup krb5_crypto * @ingroup krb5_crypto
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_create_checksum_iov(krb5_context context, krb5_create_checksum_iov(krb5_context context,
krb5_crypto crypto, krb5_crypto crypto,
unsigned usage, unsigned usage,
@@ -3689,7 +3689,7 @@ krb5_create_checksum_iov(krb5_context context,
* @ingroup krb5_crypto * @ingroup krb5_crypto
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_verify_checksum_iov(krb5_context context, krb5_verify_checksum_iov(krb5_context context,
krb5_crypto crypto, krb5_crypto crypto,
unsigned usage, unsigned usage,
@@ -3751,7 +3751,7 @@ krb5_verify_checksum_iov(krb5_context context,
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_crypto_length(krb5_context context, krb5_crypto_length(krb5_context context,
krb5_crypto crypto, krb5_crypto crypto,
int type, int type,
@@ -3795,7 +3795,7 @@ krb5_crypto_length(krb5_context context,
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_crypto_length_iov(krb5_context context, krb5_crypto_length_iov(krb5_context context,
krb5_crypto crypto, krb5_crypto crypto,
krb5_crypto_iov *data, krb5_crypto_iov *data,
@@ -3815,7 +3815,7 @@ krb5_crypto_length_iov(krb5_context context,
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encrypt_ivec(krb5_context context, krb5_encrypt_ivec(krb5_context context,
krb5_crypto crypto, krb5_crypto crypto,
unsigned usage, unsigned usage,
@@ -3834,7 +3834,7 @@ krb5_encrypt_ivec(krb5_context context,
return encrypt_internal(context, crypto, data, len, result, ivec); return encrypt_internal(context, crypto, data, len, result, ivec);
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encrypt(krb5_context context, krb5_encrypt(krb5_context context,
krb5_crypto crypto, krb5_crypto crypto,
unsigned usage, unsigned usage,
@@ -3845,7 +3845,7 @@ krb5_encrypt(krb5_context context,
return krb5_encrypt_ivec(context, crypto, usage, data, len, result, NULL); return krb5_encrypt_ivec(context, crypto, usage, data, len, result, NULL);
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_encrypt_EncryptedData(krb5_context context, krb5_encrypt_EncryptedData(krb5_context context,
krb5_crypto crypto, krb5_crypto crypto,
unsigned usage, unsigned usage,
@@ -3863,7 +3863,7 @@ krb5_encrypt_EncryptedData(krb5_context context,
return krb5_encrypt(context, crypto, usage, data, len, &result->cipher); return krb5_encrypt(context, crypto, usage, data, len, &result->cipher);
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decrypt_ivec(krb5_context context, krb5_decrypt_ivec(krb5_context context,
krb5_crypto crypto, krb5_crypto crypto,
unsigned usage, unsigned usage,
@@ -3882,7 +3882,7 @@ krb5_decrypt_ivec(krb5_context context,
return decrypt_internal(context, crypto, data, len, result, ivec); return decrypt_internal(context, crypto, data, len, result, ivec);
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decrypt(krb5_context context, krb5_decrypt(krb5_context context,
krb5_crypto crypto, krb5_crypto crypto,
unsigned usage, unsigned usage,
@@ -3894,7 +3894,7 @@ krb5_decrypt(krb5_context context,
NULL); NULL);
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_decrypt_EncryptedData(krb5_context context, krb5_decrypt_EncryptedData(krb5_context context,
krb5_crypto crypto, krb5_crypto crypto,
unsigned usage, unsigned usage,
@@ -3936,6 +3936,7 @@ seed_something(void)
/* Calling RAND_status() will try to use /dev/urandom if it exists so /* Calling RAND_status() will try to use /dev/urandom if it exists so
we do not have to deal with it. */ we do not have to deal with it. */
if (RAND_status() != 1) { if (RAND_status() != 1) {
#ifndef _WIN32
krb5_context context; krb5_context context;
const char *p; const char *p;
@@ -3947,6 +3948,10 @@ seed_something(void)
RAND_egd_bytes(p, ENTROPY_NEEDED); RAND_egd_bytes(p, ENTROPY_NEEDED);
krb5_free_context(context); krb5_free_context(context);
} }
#else
/* TODO: Once a Windows CryptoAPI RAND method is defined, we
can use that and failover to another method. */
#endif
} }
if (RAND_status() == 1) { if (RAND_status() == 1) {
@@ -3959,7 +3964,7 @@ seed_something(void)
return -1; return -1;
} }
void KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_generate_random_block(void *buf, size_t len) krb5_generate_random_block(void *buf, size_t len)
{ {
static int rng_initialized = 0; static int rng_initialized = 0;
@@ -4083,7 +4088,7 @@ _new_derived_key(krb5_crypto crypto, unsigned usage)
return &d->key; return &d->key;
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_derive_key(krb5_context context, krb5_derive_key(krb5_context context,
const krb5_keyblock *key, const krb5_keyblock *key,
krb5_enctype etype, krb5_enctype etype,
@@ -4162,7 +4167,7 @@ _get_derived_key(krb5_context context,
* @ingroup krb5_crypto * @ingroup krb5_crypto
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_crypto_init(krb5_context context, krb5_crypto_init(krb5_context context,
const krb5_keyblock *key, const krb5_keyblock *key,
krb5_enctype etype, krb5_enctype etype,
@@ -4244,7 +4249,7 @@ free_key_usage(krb5_context context, struct key_usage *ku,
* @ingroup krb5_crypto * @ingroup krb5_crypto
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_crypto_destroy(krb5_context context, krb5_crypto_destroy(krb5_context context,
krb5_crypto crypto) krb5_crypto crypto)
{ {
@@ -4270,7 +4275,7 @@ krb5_crypto_destroy(krb5_context context,
* @ingroup krb5_crypto * @ingroup krb5_crypto
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_crypto_getblocksize(krb5_context context, krb5_crypto_getblocksize(krb5_context context,
krb5_crypto crypto, krb5_crypto crypto,
size_t *blocksize) size_t *blocksize)
@@ -4291,7 +4296,7 @@ krb5_crypto_getblocksize(krb5_context context,
* @ingroup krb5_crypto * @ingroup krb5_crypto
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_crypto_getenctype(krb5_context context, krb5_crypto_getenctype(krb5_context context,
krb5_crypto crypto, krb5_crypto crypto,
krb5_enctype *enctype) krb5_enctype *enctype)
@@ -4312,7 +4317,7 @@ krb5_crypto_getenctype(krb5_context context,
* @ingroup krb5_crypto * @ingroup krb5_crypto
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_crypto_getpadsize(krb5_context context, krb5_crypto_getpadsize(krb5_context context,
krb5_crypto crypto, krb5_crypto crypto,
size_t *padsize) size_t *padsize)
@@ -4333,7 +4338,7 @@ krb5_crypto_getpadsize(krb5_context context,
* @ingroup krb5_crypto * @ingroup krb5_crypto
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_crypto_getconfoundersize(krb5_context context, krb5_crypto_getconfoundersize(krb5_context context,
krb5_crypto crypto, krb5_crypto crypto,
size_t *confoundersize) size_t *confoundersize)
@@ -4354,7 +4359,7 @@ krb5_crypto_getconfoundersize(krb5_context context,
* @ingroup krb5_crypto * @ingroup krb5_crypto
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_enctype_disable(krb5_context context, krb5_enctype_disable(krb5_context context,
krb5_enctype enctype) krb5_enctype enctype)
{ {
@@ -4381,7 +4386,7 @@ krb5_enctype_disable(krb5_context context,
* @ingroup krb5_crypto * @ingroup krb5_crypto
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_enctype_enable(krb5_context context, krb5_enctype_enable(krb5_context context,
krb5_enctype enctype) krb5_enctype enctype)
{ {
@@ -4398,7 +4403,7 @@ krb5_enctype_enable(krb5_context context,
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_string_to_key_derived(krb5_context context, krb5_string_to_key_derived(krb5_context context,
const void *str, const void *str,
size_t len, size_t len,
@@ -4570,7 +4575,7 @@ krb5_crypto_overhead (krb5_context context, krb5_crypto crypto)
* @ingroup krb5_crypto * @ingroup krb5_crypto
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_random_to_key(krb5_context context, krb5_random_to_key(krb5_context context,
krb5_enctype type, krb5_enctype type,
const void *data, const void *data,
@@ -4862,7 +4867,7 @@ _krb5_pk_kdf(krb5_context context,
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_crypto_prf_length(krb5_context context, krb5_crypto_prf_length(krb5_context context,
krb5_enctype type, krb5_enctype type,
size_t *length) size_t *length)
@@ -4880,7 +4885,7 @@ krb5_crypto_prf_length(krb5_context context,
return 0; return 0;
} }
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_crypto_prf(krb5_context context, krb5_crypto_prf(krb5_context context,
const krb5_crypto crypto, const krb5_crypto crypto,
const krb5_data *input, const krb5_data *input,
@@ -4971,7 +4976,7 @@ krb5_crypto_prfplus(krb5_context context,
* @ingroup krb5_crypto * @ingroup krb5_crypto
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_crypto_fx_cf2(krb5_context context, krb5_crypto_fx_cf2(krb5_context context,
const krb5_crypto crypto1, const krb5_crypto crypto1,
const krb5_crypto crypto2, const krb5_crypto crypto2,
@@ -5019,12 +5024,18 @@ krb5_crypto_fx_cf2(krb5_context context,
#ifndef HEIMDAL_SMALLER #ifndef HEIMDAL_SMALLER
krb5_error_code KRB5_LIB_FUNCTION /**
* Deprecated: keytypes doesn't exists, they are really enctypes.
*
* @ingroup krb5_deprecated
*/
KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_keytype_to_enctypes (krb5_context context, krb5_keytype_to_enctypes (krb5_context context,
krb5_keytype keytype, krb5_keytype keytype,
unsigned *len, unsigned *len,
krb5_enctype **val) krb5_enctype **val)
KRB5_DEPRECATED
{ {
int i; int i;
unsigned n = 0; unsigned n = 0;
@@ -5059,12 +5070,18 @@ krb5_keytype_to_enctypes (krb5_context context,
return 0; return 0;
} }
/**
* Deprecated: keytypes doesn't exists, they are really enctypes.
*
* @ingroup krb5_deprecated
*/
/* if two enctypes have compatible keys */ /* if two enctypes have compatible keys */
krb5_boolean KRB5_LIB_FUNCTION KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_enctypes_compatible_keys(krb5_context context, krb5_enctypes_compatible_keys(krb5_context context,
krb5_enctype etype1, krb5_enctype etype1,
krb5_enctype etype2) krb5_enctype etype2)
KRB5_DEPRECATED
{ {
struct encryption_type *e1 = _find_enctype(etype1); struct encryption_type *e1 = _find_enctype(etype1);
struct encryption_type *e2 = _find_enctype(etype2); struct encryption_type *e2 = _find_enctype(etype2);

16
source4/heimdal/lib/krb5/data.c
View File

@@ -41,7 +41,7 @@
* @ingroup krb5 * @ingroup krb5
*/ */
void KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_data_zero(krb5_data *p) krb5_data_zero(krb5_data *p)
{ {
p->length = 0; p->length = 0;
@@ -59,7 +59,7 @@ krb5_data_zero(krb5_data *p)
* @ingroup krb5 * @ingroup krb5
*/ */
void KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_data_free(krb5_data *p) krb5_data_free(krb5_data *p)
{ {
if(p->data != NULL) if(p->data != NULL)
@@ -76,7 +76,7 @@ krb5_data_free(krb5_data *p)
* @ingroup krb5 * @ingroup krb5
*/ */
void KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_free_data(krb5_context context, krb5_free_data(krb5_context context,
krb5_data *p) krb5_data *p)
{ {
@@ -96,7 +96,7 @@ krb5_free_data(krb5_context context,
* @ingroup krb5 * @ingroup krb5
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_data_alloc(krb5_data *p, int len) krb5_data_alloc(krb5_data *p, int len)
{ {
p->data = malloc(len); p->data = malloc(len);
@@ -118,7 +118,7 @@ krb5_data_alloc(krb5_data *p, int len)
* @ingroup krb5 * @ingroup krb5
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_data_realloc(krb5_data *p, int len) krb5_data_realloc(krb5_data *p, int len)
{ {
void *tmp; void *tmp;
@@ -143,7 +143,7 @@ krb5_data_realloc(krb5_data *p, int len)
* @ingroup krb5 * @ingroup krb5
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_data_copy(krb5_data *p, const void *data, size_t len) krb5_data_copy(krb5_data *p, const void *data, size_t len)
{ {
if (len) { if (len) {
@@ -169,7 +169,7 @@ krb5_data_copy(krb5_data *p, const void *data, size_t len)
* @ingroup krb5 * @ingroup krb5
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_copy_data(krb5_context context, krb5_copy_data(krb5_context context,
const krb5_data *indata, const krb5_data *indata,
krb5_data **outdata) krb5_data **outdata)
@@ -200,7 +200,7 @@ krb5_copy_data(krb5_context context,
* @ingroup krb5 * @ingroup krb5
*/ */
int KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION int KRB5_LIB_CALL
krb5_data_cmp(const krb5_data *data1, const krb5_data *data2) krb5_data_cmp(const krb5_data *data1, const krb5_data *data2)
{ {
if (data1->length != data2->length) if (data1->length != data2->length)

8
source4/heimdal/lib/krb5/eai_to_heim_errno.c
View File

@@ -31,7 +31,7 @@
* SUCH DAMAGE. * SUCH DAMAGE.
*/ */
#include <krb5_locl.h> #include "krb5_locl.h"
/** /**
* Convert the getaddrinfo() error code to a Kerberos et error code. * Convert the getaddrinfo() error code to a Kerberos et error code.
@@ -44,7 +44,7 @@
* @ingroup krb5_error * @ingroup krb5_error
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_eai_to_heim_errno(int eai_errno, int system_error) krb5_eai_to_heim_errno(int eai_errno, int system_error)
{ {
switch(eai_errno) { switch(eai_errno) {
@@ -74,8 +74,10 @@ krb5_eai_to_heim_errno(int eai_errno, int system_error)
return HEIM_EAI_SERVICE; return HEIM_EAI_SERVICE;
case EAI_SOCKTYPE: case EAI_SOCKTYPE:
return HEIM_EAI_SOCKTYPE; return HEIM_EAI_SOCKTYPE;
#ifdef EAI_SYSTEM
case EAI_SYSTEM: case EAI_SYSTEM:
return system_error; return system_error;
#endif
default: default:
return HEIM_EAI_UNKNOWN; /* XXX */ return HEIM_EAI_UNKNOWN; /* XXX */
} }
@@ -92,7 +94,7 @@ krb5_eai_to_heim_errno(int eai_errno, int system_error)
* @ingroup krb5_error * @ingroup krb5_error
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_h_errno_to_heim_errno(int eai_errno) krb5_h_errno_to_heim_errno(int eai_errno)
{ {
switch(eai_errno) { switch(eai_errno) {

23
source4/heimdal/lib/krb5/error_string.c
View File

@@ -44,7 +44,7 @@
* @ingroup krb5_error * @ingroup krb5_error
*/ */
void KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_clear_error_message(krb5_context context) krb5_clear_error_message(krb5_context context)
{ {
HEIMDAL_MUTEX_lock(context->mutex); HEIMDAL_MUTEX_lock(context->mutex);
@@ -67,7 +67,7 @@ krb5_clear_error_message(krb5_context context)
* @ingroup krb5_error * @ingroup krb5_error
*/ */
void KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_set_error_message(krb5_context context, krb5_error_code ret, krb5_set_error_message(krb5_context context, krb5_error_code ret,
const char *fmt, ...) const char *fmt, ...)
__attribute__ ((format (printf, 3, 4))) __attribute__ ((format (printf, 3, 4)))
@@ -91,7 +91,7 @@ krb5_set_error_message(krb5_context context, krb5_error_code ret,
*/ */
void KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_vset_error_message (krb5_context context, krb5_error_code ret, krb5_vset_error_message (krb5_context context, krb5_error_code ret,
const char *fmt, va_list args) const char *fmt, va_list args)
__attribute__ ((format (printf, 3, 0))) __attribute__ ((format (printf, 3, 0)))
@@ -124,7 +124,7 @@ krb5_prepend_error_message(krb5_context context, krb5_error_code ret,
va_list ap; va_list ap;
va_start(ap, fmt); va_start(ap, fmt);
krb5_vset_error_message (context, ret, fmt, ap); krb5_vprepend_error_message(context, ret, fmt, ap);
va_end(ap); va_end(ap);
} }
@@ -140,7 +140,7 @@ krb5_prepend_error_message(krb5_context context, krb5_error_code ret,
*/ */
void KRB5_LIB_FUNCTION void KRB5_LIB_FUNCTION
krb5_vprepend_error_message (krb5_context context, krb5_error_code ret, krb5_vprepend_error_message(krb5_context context, krb5_error_code ret,
const char *fmt, va_list args) const char *fmt, va_list args)
__attribute__ ((format (printf, 3, 0))) __attribute__ ((format (printf, 3, 0)))
{ {
@@ -179,7 +179,7 @@ krb5_vprepend_error_message (krb5_context context, krb5_error_code ret,
* @ingroup krb5_error * @ingroup krb5_error
*/ */
char * KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION char * KRB5_LIB_CALL
krb5_get_error_string(krb5_context context) krb5_get_error_string(krb5_context context)
{ {
char *ret = NULL; char *ret = NULL;
@@ -191,7 +191,7 @@ krb5_get_error_string(krb5_context context)
return ret; return ret;
} }
krb5_boolean KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_have_error_string(krb5_context context) krb5_have_error_string(krb5_context context)
{ {
char *str; char *str;
@@ -214,7 +214,7 @@ krb5_have_error_string(krb5_context context)
* @ingroup krb5_error * @ingroup krb5_error
*/ */
const char * KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL
krb5_get_error_message(krb5_context context, krb5_error_code code) krb5_get_error_message(krb5_context context, krb5_error_code code)
{ {
char *str; char *str;
@@ -258,7 +258,7 @@ krb5_get_error_message(krb5_context context, krb5_error_code code)
* @ingroup krb5_error * @ingroup krb5_error
*/ */
void KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_free_error_message(krb5_context context, const char *msg) krb5_free_error_message(krb5_context context, const char *msg)
{ {
free(rk_UNCONST(msg)); free(rk_UNCONST(msg));
@@ -279,8 +279,9 @@ krb5_free_error_message(krb5_context context, const char *msg)
* @ingroup krb5 * @ingroup krb5
*/ */
const char* KRB5_LIB_FUNCTION KRB5_DEPRECATED
krb5_get_err_text(krb5_context context, krb5_error_code code) KRB5_DEPRECATED KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
krb5_get_err_text(krb5_context context, krb5_error_code code)
{ {
const char *p = NULL; const char *p = NULL;
if(context != NULL) if(context != NULL)

4
source4/heimdal/lib/krb5/expand_hostname.c
View File

@@ -63,7 +63,7 @@ copy_hostname(krb5_context context,
* @ingroup krb5_support * @ingroup krb5_support
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_expand_hostname (krb5_context context, krb5_expand_hostname (krb5_context context,
const char *orig_hostname, const char *orig_hostname,
char **new_hostname) char **new_hostname)
@@ -140,7 +140,7 @@ vanilla_hostname (krb5_context context,
* @ingroup krb5_support * @ingroup krb5_support
*/ */
krb5_error_code KRB5_LIB_FUNCTION KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_expand_hostname_realms (krb5_context context, krb5_expand_hostname_realms (krb5_context context,
const char *orig_hostname, const char *orig_hostname,
char **new_hostname, char **new_hostname,

123
source4/heimdal/lib/krb5/fcache.c
View File

@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
* Portions Copyright (c) 2009 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
* are met: * are met:
@@ -97,7 +99,7 @@ _krb5_xlock(krb5_context context, int fd, krb5_boolean exclusive,
break; break;
default: { default: {
char buf[128]; char buf[128];
strerror_r(ret, buf, sizeof(buf)); rk_strerror_r(ret, buf, sizeof(buf));
krb5_set_error_message(context, ret, krb5_set_error_message(context, ret,
N_("error locking cache file %s: %s", N_("error locking cache file %s: %s",
"file, error"), filename, buf); "file, error"), filename, buf);
@@ -131,7 +133,7 @@ _krb5_xunlock(krb5_context context, int fd)
break; break;
default: { default: {
char buf[128]; char buf[128];
strerror_r(ret, buf, sizeof(buf)); rk_strerror_r(ret, buf, sizeof(buf));
krb5_set_error_message(context, ret, krb5_set_error_message(context, ret,
N_("Failed to unlock file: %s", ""), buf); N_("Failed to unlock file: %s", ""), buf);
break; break;
@@ -224,7 +226,11 @@ scrub_file (int fd)
return errno; return errno;
pos -= tmp; pos -= tmp;
} }
#ifdef _MSC_VER
_commit (fd);
#else
fsync (fd); fsync (fd);
#endif
return 0; return 0;
} }
@@ -318,6 +324,22 @@ fcc_gen_new(krb5_context context, krb5_ccache *id)
N_("malloc: out of memory", "")); N_("malloc: out of memory", ""));
return KRB5_CC_NOMEM; return KRB5_CC_NOMEM;
} }
#ifdef KRB5_USE_PATH_TOKENS
{
char * exp_file = NULL;
krb5_error_code ec;
ec = _krb5_expand_path_tokens(context, file, &exp_file);
if (ec == 0) {
free(file);
file = exp_file;
} else {
free(file);
return ec;
}
}
#endif
fd = mkstemp(file); fd = mkstemp(file);
if(fd < 0) { if(fd < 0) {
int ret = errno; int ret = errno;
@@ -374,18 +396,10 @@ fcc_open(krb5_context context,
fd = open(filename, flags, mode); fd = open(filename, flags, mode);
if(fd < 0) { if(fd < 0) {
char buf[128]; char buf[128];
char *estr;
ret = errno; ret = errno;
buf[0] = 0; rk_strerror_r(ret, buf, sizeof(buf));
estr = (char *)strerror_r(ret, buf, sizeof(buf));
if (buf[0] != 0) {
/* we've got the BSD/XSI strerror_r, and it use the
* buffer. Otherwise we have the GNU strerror_r, and
* it used a static string. Ain't standards great? */
estr = buf;
}
krb5_set_error_message(context, ret, N_("open(%s): %s", "file, error"), krb5_set_error_message(context, ret, N_("open(%s): %s", "file, error"),
filename, estr); filename, buf);
return ret; return ret;
} }
rk_cloexec(fd); rk_cloexec(fd);
@@ -447,7 +461,7 @@ fcc_initialize(krb5_context context,
if (ret == 0) { if (ret == 0) {
char buf[128]; char buf[128];
ret = errno; ret = errno;
strerror_r(ret, buf, sizeof(buf)); rk_strerror_r(ret, buf, sizeof(buf));
krb5_set_error_message (context, ret, N_("close %s: %s", ""), krb5_set_error_message (context, ret, N_("close %s: %s", ""),
FILENAME(id), buf); FILENAME(id), buf);
} }
@@ -502,7 +516,7 @@ fcc_store_cred(krb5_context context,
if (close(fd) < 0) { if (close(fd) < 0) {
if (ret == 0) { if (ret == 0) {
char buf[128]; char buf[128];
strerror_r(ret, buf, sizeof(buf)); rk_strerror_r(ret, buf, sizeof(buf));
ret = errno; ret = errno;
krb5_set_error_message (context, ret, N_("close %s: %s", ""), krb5_set_error_message (context, ret, N_("close %s: %s", ""),
FILENAME(id), buf); FILENAME(id), buf);
@@ -515,13 +529,17 @@ static krb5_error_code
init_fcc (krb5_context context, init_fcc (krb5_context context,
krb5_ccache id, krb5_ccache id,
krb5_storage **ret_sp, krb5_storage **ret_sp,
int *ret_fd) int *ret_fd,
krb5_deltat *kdc_offset)
{ {
int fd; int fd;
int8_t pvno, tag; int8_t pvno, tag;
krb5_storage *sp; krb5_storage *sp;
krb5_error_code ret; krb5_error_code ret;
if (kdc_offset)
*kdc_offset = 0;
ret = fcc_open(context, id, &fd, O_RDONLY | O_BINARY | O_CLOEXEC, 0); ret = fcc_open(context, id, &fd, O_RDONLY | O_BINARY | O_CLOEXEC, 0);
if(ret) if(ret)
return ret; return ret;
@@ -597,8 +615,11 @@ init_fcc (krb5_context context,
goto out; goto out;
} }
switch (dtag) { switch (dtag) {
case FCC_TAG_DELTATIME : case FCC_TAG_DELTATIME : {
ret = krb5_ret_int32 (sp, &context->kdc_sec_offset); int32_t offset;
ret = krb5_ret_int32 (sp, &offset);
ret |= krb5_ret_int32 (sp, &context->kdc_usec_offset);
if(ret) { if(ret) {
ret = KRB5_CC_FORMAT; ret = KRB5_CC_FORMAT;
krb5_set_error_message(context, ret, krb5_set_error_message(context, ret,
@@ -607,16 +628,11 @@ init_fcc (krb5_context context,
FILENAME(id)); FILENAME(id));
goto out; goto out;
} }
ret = krb5_ret_int32 (sp, &context->kdc_usec_offset); context->kdc_sec_offset = offset;
if(ret) { if (kdc_offset)
ret = KRB5_CC_FORMAT; *kdc_offset = offset;
krb5_set_error_message(context, ret,
N_("Error reading kdc_usec in "
"cache file: %s", ""),
FILENAME(id));
goto out;
}
break; break;
}
default : default :
for (i = 0; i < data_len; ++i) { for (i = 0; i < data_len; ++i) {
ret = krb5_ret_int8 (sp, &dummy); ret = krb5_ret_int8 (sp, &dummy);
@@ -668,7 +684,7 @@ fcc_get_principal(krb5_context context,
int fd; int fd;
krb5_storage *sp; krb5_storage *sp;
ret = init_fcc (context, id, &sp, &fd); ret = init_fcc (context, id, &sp, &fd, NULL);
if (ret) if (ret)
return ret; return ret;
ret = krb5_ret_principal(sp, principal); ret = krb5_ret_principal(sp, principal);
@@ -701,7 +717,7 @@ fcc_get_first (krb5_context context,
memset(*cursor, 0, sizeof(struct fcc_cursor)); memset(*cursor, 0, sizeof(struct fcc_cursor));
ret = init_fcc (context, id, &FCC_CURSOR(*cursor)->sp, ret = init_fcc (context, id, &FCC_CURSOR(*cursor)->sp,
&FCC_CURSOR(*cursor)->fd); &FCC_CURSOR(*cursor)->fd, NULL);
if (ret) { if (ret) {
free(*cursor); free(*cursor);
*cursor = NULL; *cursor = NULL;
@@ -871,7 +887,17 @@ fcc_get_cache_next(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id)
return ret; return ret;
fn = expandedfn; fn = expandedfn;
} }
/* check if file exists, don't return a non existant "next" */
if (strncasecmp(fn, "FILE:", 5) == 0) {
struct stat sb;
ret = stat(fn + 5, &sb);
if (ret) {
ret = KRB5_CC_END;
goto out;
}
}
ret = krb5_cc_resolve(context, fn, id); ret = krb5_cc_resolve(context, fn, id);
out:
if (expandedfn) if (expandedfn)
free(expandedfn); free(expandedfn);
@@ -892,10 +918,19 @@ fcc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
krb5_error_code ret = 0; krb5_error_code ret = 0;
ret = rename(FILENAME(from), FILENAME(to)); ret = rename(FILENAME(from), FILENAME(to));
#ifdef RENAME_DOES_NOT_UNLINK
if (ret && (errno == EEXIST || errno == EACCES)) {
ret = unlink(FILENAME(to));
if (ret == 0) {
ret = rename(FILENAME(from), FILENAME(to));
}
}
#endif
if (ret && errno != EXDEV) { if (ret && errno != EXDEV) {
char buf[128]; char buf[128];
ret = errno; ret = errno;
strerror_r(ret, buf, sizeof(buf)); rk_strerror_r(ret, buf, sizeof(buf));
krb5_set_error_message(context, ret, krb5_set_error_message(context, ret,
N_("Rename of file from %s " N_("Rename of file from %s "
"to %s failed: %s", ""), "to %s failed: %s", ""),
@@ -955,14 +990,14 @@ fcc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
{ {
krb5_storage *sp; krb5_storage *sp;
int fd; int fd;
ret = init_fcc (context, to, &sp, &fd); ret = init_fcc (context, to, &sp, &fd, NULL);
if (sp) if (sp)
krb5_storage_free(sp); krb5_storage_free(sp);
fcc_unlock(context, fd); fcc_unlock(context, fd);
close(fd); close(fd);
} }
fcc_destroy(context, from); fcc_close(context, from);
return ret; return ret;
} }
@@ -996,6 +1031,28 @@ fcc_lastchange(krb5_context context, krb5_ccache id, krb5_timestamp *mtime)
return 0; return 0;
} }
static krb5_error_code
fcc_set_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat kdc_offset)
{
return 0;
}
static krb5_error_code
fcc_get_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat *kdc_offset)
{
krb5_error_code ret;
krb5_storage *sp;
int fd;
ret = init_fcc(context, id, &sp, &fd, kdc_offset);
if (sp)
krb5_storage_free(sp);
fcc_unlock(context, fd);
close(fd);
return ret;
}
/** /**
* Variable containing the FILE based credential cache implemention. * Variable containing the FILE based credential cache implemention.
* *
@@ -1026,5 +1083,7 @@ KRB5_LIB_VARIABLE const krb5_cc_ops krb5_fcc_ops = {
fcc_move, fcc_move,
fcc_get_default_name, fcc_get_default_name,
NULL, NULL,
fcc_lastchange fcc_lastchange,
fcc_set_kdc_offset,
fcc_get_kdc_offset
}; };

Some files were not shown because too many files have changed in this diff Show More