sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code

r15192: Update Samba4 to use current lorikeet-heimdal.

Browse Source 
Andrew Bartlett
(This used to be commit f0e538126c)
This commit is contained in:
Andrew Bartlett 2006-04-24 09:36:24 +00:00 committed by Gerald (Jerry) Carter
parent 0eddf14b30
commit c33f6b2c37
67 changed files with 3011 additions and 3992 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
source4/heimdal/kdc/524.c
View File

@ -33,7 +33,7 @@
#include "kdc_locl.h"
RCSID("$Id: 524.c,v 1.35 2005/12/13 19:42:37 lha Exp $");
RCSID("$Id: 524.c,v 1.36 2006/04/07 22:12:28 lha Exp $");
#include <krb5-v4compat.h>
@ -374,19 +374,21 @@ _kdc_do_524(krb5_context context,
/* make reply */
memset(buf, 0, sizeof(buf));
sp = krb5_storage_from_mem(buf, sizeof(buf));
krb5_store_int32(sp, ret);
if(ret == 0){
krb5_store_int32(sp, kvno);
krb5_store_data(sp, ticket.cipher);
/* Aargh! This is coded as a KTEXT_ST. */
krb5_storage_seek(sp, MAX_KTXT_LEN - ticket.cipher.length, SEEK_CUR);
krb5_store_int32(sp, 0); /* mbz */
free_EncryptedData(&ticket);
}
ret = krb5_storage_to_data(sp, reply);
reply->length = krb5_storage_seek(sp, 0, SEEK_CUR);
krb5_storage_free(sp);
if (sp) {
krb5_store_int32(sp, ret);
if(ret == 0){
krb5_store_int32(sp, kvno);
krb5_store_data(sp, ticket.cipher);
/* Aargh! This is coded as a KTEXT_ST. */
krb5_storage_seek(sp, MAX_KTXT_LEN - ticket.cipher.length, SEEK_CUR);
krb5_store_int32(sp, 0); /* mbz */
free_EncryptedData(&ticket);
}
ret = krb5_storage_to_data(sp, reply);
reply->length = krb5_storage_seek(sp, 0, SEEK_CUR);
krb5_storage_free(sp);
} else
krb5_data_zero(reply);
if(spn)
free(spn);
if(server)

10
source4/heimdal/kdc/kaserver.c
View File

@ -33,7 +33,7 @@
#include "kdc_locl.h"
RCSID("$Id: kaserver.c,v 1.31 2005/12/13 19:44:27 lha Exp $");
RCSID("$Id: kaserver.c,v 1.32 2006/04/02 01:54:37 lha Exp $");
#include <krb5-v4compat.h>
#include <rx.h>
@ -453,8 +453,8 @@ do_authenticate (krb5_context context,
}
ret = _kdc_check_flags (context, config,
&client_entry->entry, client_name,
&server_entry->entry, server_name,
client_entry, client_name,
server_entry, server_name,
TRUE);
if (ret) {
make_error_reply (hdr, KAPWEXPIRED, reply);
@ -752,8 +752,8 @@ do_getticket (krb5_context context,
}
ret = _kdc_check_flags (context, config,
&client_entry->entry, client_name,
&server_entry->entry, server_name,
client_entry, client_name,
server_entry, server_name,
FALSE);
if (ret) {
make_error_reply (hdr, KAPWEXPIRED, reply);

8
source4/heimdal/kdc/kdc-private.h
View File

@ -18,9 +18,9 @@ krb5_error_code
_kdc_check_flags (
krb5_context /*context*/,
krb5_kdc_configuration */*config*/,
hdb_entry */*client*/,
hdb_entry_ex */*client_ex*/,
const char */*client_name*/,
hdb_entry */*server*/,
hdb_entry_ex */*server_ex*/,
const char */*server_name*/,
krb5_boolean /*is_as_req*/);
@ -118,7 +118,9 @@ _kdc_pk_initialize (
krb5_context /*context*/,
krb5_kdc_configuration */*config*/,
const char */*user_id*/,
const char */*x509_anchors*/);
const char */*anchors*/,
char **/*pool*/,
char **/*revoke*/);
krb5_error_code
_kdc_pk_mk_pa_reply (

10
source4/heimdal/kdc/kerberos4.c
View File

@ -35,7 +35,7 @@
#include <krb5-v4compat.h>
RCSID("$Id: kerberos4.c,v 1.56 2005/12/13 19:44:01 lha Exp $");
RCSID("$Id: kerberos4.c,v 1.57 2006/04/02 01:54:37 lha Exp $");
#ifndef swap32
static u_int32_t
@ -201,8 +201,8 @@ _kdc_do_version4(krb5_context context,
}
ret = _kdc_check_flags (context, config,
&client->entry, client_name,
&server->entry, server_name,
client, client_name,
server, server_name,
TRUE);
if (ret) {
/* good error code? */
@ -489,8 +489,8 @@ _kdc_do_version4(krb5_context context,
}
ret = _kdc_check_flags (context, config,
&client->entry, client_name,
&server->entry, server_name,
client, client_name,
server, server_name,
FALSE);
if (ret) {
/* good error code? */

97
source4/heimdal/kdc/kerberos5.c
View File

@ -33,7 +33,7 @@
#include "kdc_locl.h"
RCSID("$Id: kerberos5.c,v 1.201 2005/12/14 12:17:58 lha Exp $");
RCSID("$Id: kerberos5.c,v 1.206 2006/04/02 01:54:37 lha Exp $");
#define MAX_TIME ((time_t)((1U << 31) - 1))
@ -209,6 +209,50 @@ log_timestamp(krb5_context context,
type, authtime_str, starttime_str, endtime_str, renewtime_str);
}
static void
log_patypes(krb5_context context,
krb5_kdc_configuration *config,
METHOD_DATA *padata)
{
struct rk_strpool *p = NULL;
char *str;
int i;
for (i = 0; i < padata->len; i++) {
switch(padata->val[i].padata_type) {
case KRB5_PADATA_PK_AS_REQ:
p = rk_strpoolprintf(p, "PK-INIT(ietf)");
break;
case KRB5_PADATA_PK_AS_REQ_WIN:
p = rk_strpoolprintf(p, "PK-INIT(win2k)");
break;
case KRB5_PADATA_PA_PK_OCSP_RESPONSE:
p = rk_strpoolprintf(p, "OCSP");
break;
case KRB5_PADATA_ENC_TIMESTAMP:
p = rk_strpoolprintf(p, "encrypted-timestamp");
break;
default:
p = rk_strpoolprintf(p, "%d", padata->val[i].padata_type);
break;
}
if (p && i + 1 < padata->len)
p = rk_strpoolprintf(p, ", ");
if (p == NULL) {
kdc_log(context, config, 0, "out of memory");
return;
}
}
str = rk_strpoolcollect(p);
kdc_log(context, config, 0, "Client sent patypes: %s", str);
free(str);
}
/*
*
*/
static krb5_error_code
encode_reply(krb5_context context,
krb5_kdc_configuration *config,
@ -642,11 +686,13 @@ get_pa_etype_info2(krb5_context context,
krb5_error_code
_kdc_check_flags(krb5_context context,
krb5_kdc_configuration *config,
hdb_entry *client, const char *client_name,
hdb_entry *server, const char *server_name,
hdb_entry_ex *client_ex, const char *client_name,
hdb_entry_ex *server_ex, const char *server_name,
krb5_boolean is_as_req)
{
if(client != NULL) {
if(client_ex != NULL) {
hdb_entry *client = &client_ex->entry;
/* check client */
if (client->flags.invalid) {
kdc_log(context, config, 0,
@ -680,8 +726,8 @@ _kdc_check_flags(krb5_context context,
return KRB5KDC_ERR_NAME_EXP;
}
if (client->pw_end && *client->pw_end < kdc_time
&& !server->flags.change_pw) {
if (client->pw_end && *client->pw_end < kdc_time
&& (server_ex == NULL || !server_ex->entry.flags.change_pw)) {
char pwend_str[100];
krb5_format_time(context, *client->pw_end,
pwend_str, sizeof(pwend_str), TRUE);
@ -694,7 +740,9 @@ _kdc_check_flags(krb5_context context,
/* check server */
if (server != NULL) {
if (server_ex != NULL) {
hdb_entry *server = &server_ex->entry;
if (server->flags.invalid) {
kdc_log(context, config, 0,
"Server has invalid flag set -- %s", server_name);
@ -762,27 +810,28 @@ check_addresses(krb5_context context,
krb5_boolean result;
krb5_boolean only_netbios = TRUE;
int i;
if(config->check_ticket_addresses == 0)
return TRUE;
if(addresses == NULL)
if(addresses == NULL)
return config->allow_null_ticket_addresses;
for (i = 0; i < addresses->len; ++i) {
if (addresses->val[i].addr_type != KRB5_ADDRESS_NETBIOS) {
only_netbios = FALSE;
}
if (addresses->val[i].addr_type != KRB5_ADDRESS_NETBIOS) {
only_netbios = FALSE;
}
}
/* Windows sends it's netbios name, which I can only assume is
* used for the 'allowed workstations' check. This is painful, but
* we still want to check IP addresses if they happen to be
* present. */
* used for the 'allowed workstations' check. This is painful,
* but we still want to check IP addresses if they happen to be
* present.
*/
if(only_netbios)
return config->allow_null_ticket_addresses;
ret = krb5_sockaddr2address (context, from, &addr);
if(ret)
return FALSE;
@ -867,8 +916,8 @@ _kdc_as_rep(krb5_context context,
}
ret = _kdc_check_flags(context, config,
&client->entry, client_name,
&server->entry, server_name,
client, client_name,
server, server_name,
TRUE);
if(ret)
goto out;
@ -884,10 +933,12 @@ _kdc_as_rep(krb5_context context,
memset(&ek, 0, sizeof(ek));
if(req->padata){
int i = 0;
int i;
PA_DATA *pa;
int found_pa = 0;
log_patypes(context, config, req->padata);
#ifdef PKINIT
kdc_log(context, config, 5,
"Looking for PKINIT pa-data -- %s", client_name);
@ -1171,7 +1222,7 @@ _kdc_as_rep(krb5_context context,
if (p && i + 1 < b->etype.len)
p = rk_strpoolprintf(p, ", ");
if (p == NULL) {
kdc_log(context, config, 0, "out of meory");
kdc_log(context, config, 0, "out of memory");
goto out;
}
}
@ -2410,8 +2461,8 @@ tgs_rep2(krb5_context context,
}
ret = _kdc_check_flags(context, config,
&client->entry, cpn,
&server->entry, spn,
client, cpn,
server, spn,
FALSE);
if(ret)
goto out;

685
source4/heimdal/kdc/pkinit.c
View File

@ -33,7 +33,7 @@
#include "kdc_locl.h"
RCSID("$Id: pkinit.c,v 1.50 2006/02/13 11:48:21 lha Exp $");
RCSID("$Id: pkinit.c,v 1.59 2006/04/22 12:10:16 lha Exp $");
#ifdef PKINIT
@ -42,25 +42,17 @@ RCSID("$Id: pkinit.c,v 1.50 2006/02/13 11:48:21 lha Exp $");
#include <cms_asn1.h>
#include <pkinit_asn1.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/bn.h>
#include <openssl/asn1.h>
#include <openssl/err.h>
#include <hx509.h>
#include "crypto-headers.h"
/* XXX copied from lib/krb5/pkinit.c */
struct krb5_pk_identity {
EVP_PKEY *private_key;
STACK_OF(X509) *cert;
STACK_OF(X509) *trusted_certs;
STACK_OF(X509_CRL) *crls;
ENGINE *engine;
};
/* XXX copied from lib/krb5/pkinit.c */
struct krb5_pk_cert {
X509 *cert;
hx509_context hx509ctx;
hx509_verify_ctx verify_ctx;
hx509_certs certs;
hx509_certs anchors;
hx509_certs certpool;
hx509_revoke_ctx revoke;
};
enum pkinit_type {
@ -71,7 +63,7 @@ enum pkinit_type {
struct pk_client_params {
enum pkinit_type type;
BIGNUM *dh_public_key;
struct krb5_pk_cert *certificate;
hx509_cert cert;
unsigned nonce;
DH *dh;
EncryptionKey reply_key;
@ -86,29 +78,6 @@ struct pk_principal_mapping {
} *val;
};
/* XXX copied from lib/krb5/pkinit.c */
#define OPENSSL_ASN1_MALLOC_ENCODE(T, B, BL, S, R) \
{ \
unsigned char *p; \
(BL) = i2d_##T((S), NULL); \
if ((BL) <= 0) { \
(R) = EINVAL; \
} else { \
(B) = malloc((BL)); \
if ((B) == NULL) { \
(R) = ENOMEM; \
} else { \
p = (B); \
(R) = 0; \
(BL) = i2d_##T((S), &p); \
if ((BL) <= 0) { \
free((B)); \
(R) = ASN1_OVERRUN; \
} \
} \
} \
}
static struct krb5_pk_identity *kdc_identity;
static struct pk_principal_mapping principal_mappings;
static struct krb5_dh_moduli **moduli;
@ -185,59 +154,19 @@ pk_check_pkauthenticator(krb5_context context,
krb5_clear_error_string(context);
ret = KRB5KRB_ERR_GENERIC;
}
out:
free_Checksum(&checksum);
return ret;
}
static krb5_error_code
pk_encrypt_key(krb5_context context,
krb5_keyblock *key,
EVP_PKEY *public_key,
krb5_data *encrypted_key,
const heim_oid **oid)
{
krb5_error_code ret;
encrypted_key->length = EVP_PKEY_size(public_key);
if (encrypted_key->length < key->keyvalue.length + 11) { /* XXX */
krb5_set_error_string(context, "pkinit: encrypted key too long");
return KRB5KRB_ERR_GENERIC;
}
encrypted_key->data = malloc(encrypted_key->length);
if (encrypted_key->data == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
ret = EVP_PKEY_encrypt(encrypted_key->data,
key->keyvalue.data,
key->keyvalue.length,
public_key);
if (ret < 0) {
free(encrypted_key->data);
krb5_set_error_string(context, "Can't encrypt key: %s",
ERR_error_string(ERR_get_error(), NULL));
return KRB5KRB_ERR_GENERIC;
}
if (encrypted_key->length != ret)
krb5_abortx(context, "size of EVP_PKEY_size is not the "
"size of the output");
*oid = oid_id_pkcs1_rsaEncryption();
return 0;
}
void
_kdc_pk_free_client_param(krb5_context context,
pk_client_params *client_params)
{
if (client_params->certificate)
_krb5_pk_cert_free(client_params->certificate);
if (client_params->cert)
hx509_cert_free(client_params->cert);
if (client_params->dh)
DH_free(client_params->dh);
if (client_params->dh_public_key)
@ -261,9 +190,7 @@ generate_dh_keyblock(krb5_context context, pk_client_params *client_params,
memset(&key, 0, sizeof(key));
if (!DH_generate_key(client_params->dh)) {
krb5_set_error_string(context, "Can't generate Diffie-Hellman "
"keys (%s)",
ERR_error_string(ERR_get_error(), NULL));
krb5_set_error_string(context, "Can't generate Diffie-Hellman keys");
ret = KRB5KRB_ERR_GENERIC;
goto out;
}
@ -290,8 +217,7 @@ generate_dh_keyblock(krb5_context context, pk_client_params *client_params,
client_params->dh_public_key,
client_params->dh);
if (dh_gen_keylen == -1) {
krb5_set_error_string(context, "Can't compute Diffie-Hellman key (%s)",
ERR_error_string(ERR_get_error(), NULL));
krb5_set_error_string(context, "Can't compute Diffie-Hellman key");
ret = KRB5KRB_ERR_GENERIC;
goto out;
}
@ -321,7 +247,7 @@ integer_to_BN(krb5_context context, const char *field, heim_integer *f)
krb5_set_error_string(context, "PKINIT: parsing BN failed %s", field);
return NULL;
}
bn->neg = f->negative;
BN_set_negative(bn, f->negative);
return bn;
}
@ -376,8 +302,7 @@ get_dh_param(krb5_context context,
dh = DH_new();
if (dh == NULL) {
krb5_set_error_string(context, "Cannot create DH structure (%s)",
ERR_error_string(ERR_get_error(), NULL));
krb5_set_error_string(context, "Cannot create DH structure");
ret = ENOMEM;
goto out;
}
@ -413,9 +338,10 @@ get_dh_param(krb5_context context,
goto out;
}
if (DH_check(dh, &dhret) != 1) {
krb5_set_error_string(context, "PKINIT DH data not ok: %s",
ERR_error_string(ERR_get_error(), NULL));
if (DH_check_pubkey(dh, client_params->dh_public_key, &dhret) != 1 ||
dhret != 0) {
krb5_set_error_string(context, "PKINIT DH data not ok");
ret = KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED;
goto out;
}
@ -498,11 +424,12 @@ _kdc_pk_rd_padata(krb5_context context,
{
pk_client_params *client_params;
krb5_error_code ret;
heim_oid eContentType = { 0, NULL };
heim_oid eContentType = { 0, NULL }, contentInfoOid = { 0, NULL };
krb5_data eContent = { 0, NULL };
krb5_data signed_content = { 0, NULL };
const char *type = "unknown type";
const heim_oid *pa_contentType;
int have_data;
*ret_params = NULL;
@ -520,7 +447,7 @@ _kdc_pk_rd_padata(krb5_context context,
if (pa->padata_type == KRB5_PADATA_PK_AS_REQ_WIN) {
PA_PK_AS_REQ_Win2k r;
ContentInfo info;
int have_data;
type = "PK-INIT-Win2k";
pa_contentType = oid_id_pkcs7_data();
@ -535,47 +462,20 @@ _kdc_pk_rd_padata(krb5_context context,
goto out;
}
ret = decode_ContentInfo(r.signed_auth_pack.data,
r.signed_auth_pack.length, &info, NULL);
ret = hx509_cms_unwrap_ContentInfo(&r.signed_auth_pack,
&contentInfoOid,
&signed_content,
&have_data);
free_PA_PK_AS_REQ_Win2k(&r);
if (ret) {
krb5_set_error_string(context, "Can't decode PK-AS-REQ: %d", ret);
goto out;
}
if (heim_oid_cmp(&info.contentType, oid_id_pkcs7_signedData())) {
krb5_set_error_string(context, "PK-AS-REQ-Win2k invalid content "
"type oid");
free_ContentInfo(&info);
ret = KRB5KRB_ERR_GENERIC;
goto out;
}
if (info.content == NULL) {
krb5_set_error_string(context,
"PK-AS-REQ-Win2k no signed auth pack");
free_ContentInfo(&info);
ret = KRB5KRB_ERR_GENERIC;
goto out;
}
signed_content.data = malloc(info.content->length);
if (signed_content.data == NULL) {
ret = ENOMEM;
free_ContentInfo(&info);
krb5_set_error_string(context, "PK-AS-REQ-Win2k out of memory");
goto out;
}
signed_content.length = info.content->length;
memcpy(signed_content.data, info.content->data, signed_content.length);
free_ContentInfo(&info);
} else if (pa->padata_type == KRB5_PADATA_PK_AS_REQ) {
PA_PK_AS_REQ r;
ContentInfo info;
type = "PK-INIT-27";
type = "PK-INIT-IETF";
pa_contentType = oid_id_pkauthdata();
ret = decode_PA_PK_AS_REQ(pa->padata_value.data,
@ -587,43 +487,17 @@ _kdc_pk_rd_padata(krb5_context context,
goto out;
}
ret = decode_ContentInfo(r.signedAuthPack.data,
r.signedAuthPack.length, &info, NULL);
if (ret) {
krb5_set_error_string(context, "Can't decode PK-AS-REQ: %d", ret);
goto out;
}
/* XXX look at r.trustedCertifiers and r.kdcPkId */
if (heim_oid_cmp(&info.contentType, oid_id_pkcs7_signedData())) {
krb5_set_error_string(context, "PK-AS-REQ invalid content "
"type oid");
free_ContentInfo(&info);
free_PA_PK_AS_REQ(&r);
ret = KRB5KRB_ERR_GENERIC;
goto out;
}
if (info.content == NULL) {
krb5_set_error_string(context, "PK-AS-REQ no signed auth pack");
free_PA_PK_AS_REQ(&r);
free_ContentInfo(&info);
ret = KRB5KRB_ERR_GENERIC;
goto out;
}
signed_content.data = malloc(info.content->length);
if (signed_content.data == NULL) {
ret = ENOMEM;
free_ContentInfo(&info);
free_PA_PK_AS_REQ(&r);
krb5_set_error_string(context, "PK-AS-REQ out of memory");
goto out;
}
signed_content.length = info.content->length;
memcpy(signed_content.data, info.content->data, signed_content.length);
free_ContentInfo(&info);
ret = hx509_cms_unwrap_ContentInfo(&r.signedAuthPack,
&contentInfoOid,
&signed_content,
&have_data);
free_PA_PK_AS_REQ(&r);
if (ret) {
krb5_set_error_string(context, "Can't unwrap ContentInfo: %d", ret);
goto out;
}
} else {
krb5_clear_error_string(context);
@ -631,24 +505,51 @@ _kdc_pk_rd_padata(krb5_context context,
goto out;
}
ret = _krb5_pk_verify_sign(context,
signed_content.data,
signed_content.length,
kdc_identity,
&eContentType,
&eContent,
&client_params->certificate);
if (ret)
ret = heim_oid_cmp(&contentInfoOid, oid_id_pkcs7_signedData());
if (ret != 0) {
krb5_set_error_string(context, "PK-AS-REQ-Win2k invalid content "
"type oid");
ret = KRB5KRB_ERR_GENERIC;
goto out;
}
if (!have_data) {
krb5_set_error_string(context,
"PK-AS-REQ-Win2k no signed auth pack");
ret = KRB5KRB_ERR_GENERIC;
goto out;
}
{
hx509_certs signer_certs;
ret = hx509_cms_verify_signed(kdc_identity->hx509ctx,
kdc_identity->verify_ctx,
signed_content.data,
signed_content.length,
kdc_identity->certpool,
&eContentType,
&eContent,
&signer_certs);
if (ret) {
kdc_log(context, config, 0,
"PK-INIT failed to verify signature %d", ret);
goto out;
}
ret = hx509_get_one_cert(kdc_identity->hx509ctx, signer_certs,
&client_params->cert);
hx509_certs_free(&signer_certs);
if (ret)
goto out;
}
#if 0
/* Signature is correct, now verify the signed message */
if (heim_oid_cmp(&eContentType, pa_contentType)) {
krb5_set_error_string(context, "got wrong oid for pkauthdata");
ret = KRB5_BADMSGTYPE;
goto out;
}
#endif
if (pa->padata_type == KRB5_PADATA_PK_AS_REQ_WIN) {
AuthPack_Win2k ap;
@ -716,19 +617,15 @@ _kdc_pk_rd_padata(krb5_context context,
} else
krb5_abortx(context, "internal pkinit error");
/*
* Remaining fields (ie kdcCert and encryptionCert) in the request
* are ignored for now.
*/
kdc_log(context, config, 0, "PK-INIT request of type %s", type);
out:
out:
if (signed_content.data)
free(signed_content.data);
krb5_data_free(&eContent);
free_oid(&eContentType);
free_oid(&contentInfoOid);
if (ret)
_kdc_pk_free_client_param(context, client_params);
else
@ -750,7 +647,7 @@ BN_to_integer(krb5_context context, BIGNUM *bn, heim_integer *integer)
return ENOMEM;
}
BN_bn2bin(bn, integer->data);
integer->negative = bn->neg;
integer->negative = BN_is_negative(bn);
return 0;
}
@ -762,78 +659,11 @@ pk_mk_pa_reply_enckey(krb5_context context,
krb5_keyblock *reply_key,
ContentInfo *content_info)
{
KeyTransRecipientInfo *ri;
EnvelopedData ed;
krb5_error_code ret;
krb5_crypto crypto = NULL;
krb5_data buf, sd_data, enc_sd_data, iv, params;
krb5_keyblock tmp_key;
krb5_enctype enveloped_enctype;
X509_NAME *issuer_name;
heim_integer *serial;
krb5_data buf, o;
size_t size;
AlgorithmIdentifier *enc_alg;
int i;
krb5_data_zero(&enc_sd_data);
krb5_data_zero(&sd_data);
krb5_data_zero(&iv);
memset(&tmp_key, 0, sizeof(tmp_key));
memset(&ed, 0, sizeof(ed));
/* default to DES3 if client doesn't tell us */
enveloped_enctype = ETYPE_DES3_CBC_NONE_CMS;
for (i = 0; i < req->req_body.etype.len; i++) {
switch(req->req_body.etype.val[i]) {
case 15: /* des-ede3-cbc-Env-OID */
enveloped_enctype = ETYPE_DES3_CBC_NONE_CMS;
break;
default:
break;
}
}
ret = krb5_generate_random_keyblock(context, enveloped_enctype, &tmp_key);
if (ret)
goto out;
ret = krb5_crypto_init(context, &tmp_key, 0, &crypto);
if (ret)
goto out;
ret = krb5_crypto_getblocksize(context, crypto, &iv.length);
if (ret)
goto out;
ret = krb5_data_alloc(&iv, iv.length);
if (ret) {
krb5_set_error_string(context, "malloc out of memory");
goto out;
}
krb5_generate_random_block(iv.data, iv.length);
enc_alg = &ed.encryptedContentInfo.contentEncryptionAlgorithm;
ret = krb5_enctype_to_oid(context, enveloped_enctype, &enc_alg->algorithm);
if (ret)
goto out;
ret = krb5_crypto_set_params(context, crypto, &iv, &params);
if (ret)
goto out;
ALLOC(enc_alg->parameters);
if (enc_alg->parameters == NULL) {
krb5_data_free(&params);
krb5_set_error_string(context, "malloc out of memory");
return ENOMEM;
}
enc_alg->parameters->data = params.data;
enc_alg->parameters->length = params.length;
krb5_data_zero(&buf);
switch (client_params->type) {
case PKINIT_COMPAT_WIN2K: {
@ -897,139 +727,21 @@ pk_mk_pa_reply_enckey(krb5_context context,
if (buf.length != size)
krb5_abortx(context, "Internal ASN.1 encoder error");
/*
* CRL's are not transfered -- should be ?
*/
ret = _krb5_pk_create_sign(context,
oid_id_pkrkeydata(),
&buf,
kdc_identity,
&sd_data);
krb5_data_free(&buf);
if (ret)
ret = hx509_cms_envelope_1(kdc_identity->hx509ctx,
client_params->cert,
buf.data, buf.length, NULL,
oid_id_pkcs7_signedData(), &o);
if (ret)
goto out;
ret = krb5_encrypt_ivec(context, crypto, 0,
sd_data.data, sd_data.length,
&enc_sd_data,
iv.data);
ALLOC_SEQ(&ed.recipientInfos, 1);
if (ed.recipientInfos.val == NULL) {
krb5_clear_error_string(context);
ret = ENOMEM;
goto out;
}
ri = &ed.recipientInfos.val[0];
ri->version = 0;
ri->rid.element = choice_CMSIdentifier_issuerAndSerialNumber;
issuer_name = X509_get_issuer_name(client_params->certificate->cert);
OPENSSL_ASN1_MALLOC_ENCODE(X509_NAME, buf.data, buf.length,
issuer_name, ret);
if (ret) {
krb5_clear_error_string(context);
goto out;
}
ret = decode_Name(buf.data, buf.length,
&ri->rid.u.issuerAndSerialNumber.issuer,
NULL);
free(buf.data);
if (ret) {
krb5_set_error_string(context, "pkinit: failed to parse Name");
goto out;
}
serial = &ri->rid.u.issuerAndSerialNumber.serialNumber;
{
ASN1_INTEGER *isn;
BIGNUM *bn;
isn = X509_get_serialNumber(client_params->certificate->cert);
bn = ASN1_INTEGER_to_BN(isn, NULL);
if (bn == NULL) {
ret = ENOMEM;
krb5_clear_error_string(context);
goto out;
}
ret = BN_to_integer(context, bn, serial);
BN_free(bn);
if (ret) {
krb5_clear_error_string(context);
goto out;
}
}
{
const heim_oid *pk_enc_key_oid;
krb5_data enc_tmp_key;
ret = pk_encrypt_key(context, &tmp_key,
X509_get_pubkey(client_params->certificate->cert),
&enc_tmp_key,
&pk_enc_key_oid);
if (ret)
goto out;
ri->encryptedKey.length = enc_tmp_key.length;
ri->encryptedKey.data = enc_tmp_key.data;
ret = copy_oid(pk_enc_key_oid, &ri->keyEncryptionAlgorithm.algorithm);
if (ret)
goto out;
}
/*
*
*/
ed.version = 0;
ed.originatorInfo = NULL;
ret = copy_oid(oid_id_pkcs7_signedData(), &ed.encryptedContentInfo.contentType);
if (ret) {
krb5_clear_error_string(context);
goto out;
}
ALLOC(ed.encryptedContentInfo.encryptedContent);
if (ed.encryptedContentInfo.encryptedContent == NULL) {
krb5_clear_error_string(context);
ret = ENOMEM;
goto out;
}
ed.encryptedContentInfo.encryptedContent->data = enc_sd_data.data;
ed.encryptedContentInfo.encryptedContent->length = enc_sd_data.length;
krb5_data_zero(&enc_sd_data);
ed.unprotectedAttrs = NULL;
ASN1_MALLOC_ENCODE(EnvelopedData, buf.data, buf.length, &ed, &size, ret);
if (ret) {
krb5_set_error_string(context,
"ASN.1 encoding of EnvelopedData failed (%d)",
ret);
goto out;
}
ret = _krb5_pk_mk_ContentInfo(context,
&buf,
&o,
oid_id_pkcs7_envelopedData(),
content_info);
krb5_data_free(&buf);
free_octet_string(&o);
out:
if (crypto)
krb5_crypto_destroy(context, crypto);
krb5_free_keyblock_contents(context, &tmp_key);
krb5_data_free(&enc_sd_data);
krb5_data_free(&iv);
free_EnvelopedData(&ed);
krb5_data_free(&buf);
return ret;
}
@ -1044,37 +756,32 @@ pk_mk_pa_reply_dh(krb5_context context,
krb5_keyblock *reply_key,
ContentInfo *content_info)
{
ASN1_INTEGER *dh_pub_key = NULL;
ContentInfo contentinfo;
KDCDHKeyInfo dh_info;
krb5_data signed_data, buf;
ContentInfo contentinfo;
krb5_error_code ret;
SignedData sd;
krb5_data buf, signed_data;
size_t size;
heim_integer i;
memset(&contentinfo, 0, sizeof(contentinfo));
memset(&dh_info, 0, sizeof(dh_info));
memset(&sd, 0, sizeof(sd));
krb5_data_zero(&buf);
krb5_data_zero(&signed_data);
dh_pub_key = BN_to_ASN1_INTEGER(kdc_dh->pub_key, NULL);
if (dh_pub_key == NULL) {
krb5_set_error_string(context, "BN_to_ASN1_INTEGER() failed (%s)",
ERR_error_string(ERR_get_error(), NULL));
ret = ENOMEM;
goto out;
}
ret = BN_to_integer(context, kdc_dh->pub_key, &i);
if (ret)
return ret;
OPENSSL_ASN1_MALLOC_ENCODE(ASN1_INTEGER, buf.data, buf.length, dh_pub_key,
ret);
ASN1_INTEGER_free(dh_pub_key);
ASN1_MALLOC_ENCODE(DHPublicKey, buf.data, buf.length, &i, &size, ret);
if (ret) {
krb5_set_error_string(context, "Encoding of ASN1_INTEGER failed (%s)",
ERR_error_string(ERR_get_error(), NULL));
goto out;
krb5_set_error_string(context, "ASN.1 encoding of "
"DHPublicKey failed (%d)", ret);
krb5_clear_error_string(context);
return ret;
}
if (buf.length != size)
krb5_abortx(context, "Internal ASN.1 encoder error");
dh_info.subjectPublicKey.length = buf.length * 8;
dh_info.subjectPublicKey.data = buf.data;
@ -1095,12 +802,36 @@ pk_mk_pa_reply_dh(krb5_context context,
* filled in above
*/
ret = _krb5_pk_create_sign(context,
oid_id_pkdhkeydata(),
&buf,
kdc_identity,
&signed_data);
krb5_data_free(&buf);
{
hx509_cert cert;
hx509_query *q;
ret = hx509_query_alloc(kdc_identity->hx509ctx, &q);
if (ret)
goto out;
hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);
hx509_query_match_option(q, HX509_QUERY_OPTION_KU_DIGITALSIGNATURE);
ret = hx509_certs_find(kdc_identity->hx509ctx,
kdc_identity->certs,
q,
&cert);
hx509_query_free(kdc_identity->hx509ctx, q);
if (ret)
goto out;
ret = hx509_cms_create_signed_1(kdc_identity->hx509ctx,
oid_id_pkdhkeydata(),
buf.data,
buf.length,
NULL,
cert,
kdc_identity->anchors,
kdc_identity->certpool,
&signed_data);
hx509_cert_free(cert);
}
if (ret)
goto out;
@ -1112,6 +843,7 @@ pk_mk_pa_reply_dh(krb5_context context,
goto out;
out:
krb5_data_free(&buf);
krb5_data_free(&signed_data);
free_KDCDHKeyInfo(&dh_info);
@ -1322,63 +1054,60 @@ _kdc_pk_mk_pa_reply(krb5_context context,
static int
pk_principal_from_X509(krb5_context context,
krb5_kdc_configuration *config,
struct krb5_pk_cert *client_cert,
krb5_principal *principal)
hx509_cert client_cert,
krb5_const_principal match)
{
krb5_error_code ret;
GENERAL_NAMES *gens;
GENERAL_NAME *gen;
ASN1_OBJECT *obj;
int i;
hx509_octet_string_list list;
int ret, i, found = 0;
*principal = NULL;
memset(&list, 0 , sizeof(list));
obj = OBJ_txt2obj("1.3.6.1.5.2.2",1);
gens = X509_get_ext_d2i(client_cert->cert, NID_subject_alt_name,
NULL, NULL);
if (gens == NULL)
return 1;
ret = hx509_cert_find_subjectAltName_otherName(client_cert,
oid_id_pkinit_san(),
&list);
if (ret)
goto out;
for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
for (i = 0; !found && i < list.len; i++) {
krb5_principal_data principal;
KRB5PrincipalName kn;
size_t len, size;
void *p;
size_t size;
gen = sk_GENERAL_NAME_value(gens, i);
if (gen->type != GEN_OTHERNAME)
continue;
if(OBJ_cmp(obj, gen->d.otherName->type_id) != 0)
continue;
p = ASN1_STRING_data(gen->d.otherName->value->value.sequence);
len = ASN1_STRING_length(gen->d.otherName->value->value.sequence);
ret = decode_KRB5PrincipalName(p, len, &kn, &size);
ret = decode_KRB5PrincipalName(list.val[i].data,
list.val[i].length,
&kn, &size);
if (ret) {
kdc_log(context, config, 0,
"Decoding kerberos name in certificate failed: %s",
krb5_get_err_text(context, ret));
continue;
break;
}
if (size != list.val[i].length) {
kdc_log(context, config, 0,
"Decoding kerberos name have extra bits on the end");
return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
}
*principal = malloc(sizeof(**principal));
if (*principal == NULL) {
free_KRB5PrincipalName(&kn);
return 1;
}
principal.name = kn.principalName;
principal.realm = kn.realm;
(*principal)->name = kn.principalName;
(*principal)->realm = kn.realm;
return 0;
if (krb5_principal_compare(context, &principal, match) == TRUE)
found = 1;
free_KRB5PrincipalName(&kn);
}
return 1;
out:
hx509_free_octet_string_list(&list);
if (ret)
return ret;
if (!found)
return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
return 0;
}
/* XXX match with issuer too ? */
krb5_error_code
_kdc_pk_check_client(krb5_context context,
krb5_kdc_configuration *config,
@ -1387,45 +1116,34 @@ _kdc_pk_check_client(krb5_context context,
pk_client_params *client_params,
char **subject_name)
{
struct krb5_pk_cert *client_cert = client_params->certificate;
krb5_principal cert_princ;
X509_NAME *name;
char *subject = NULL;
krb5_error_code ret;
krb5_boolean b;
hx509_name name;
int i;
*subject_name = NULL;
name = X509_get_subject_name(client_cert->cert);
if (name == NULL) {
krb5_set_error_string(context, "PKINIT can't get subject name");
return ENOMEM;
}
subject = X509_NAME_oneline(name, NULL, 0);
if (subject == NULL) {
krb5_set_error_string(context, "PKINIT can't get subject name");
return ENOMEM;
}
*subject_name = strdup(subject);
if (*subject_name == NULL) {
krb5_set_error_string(context, "out of memory");
return ENOMEM;
}
OPENSSL_free(subject);
if (config->enable_pkinit_princ_in_cert) {
ret = pk_principal_from_X509(context, config,
client_cert, &cert_princ);
if (ret == 0) {
b = krb5_principal_compare(context, client_princ, cert_princ);
krb5_free_principal(context, cert_princ);
if (b == TRUE)
return 0;
}
client_params->cert,
client_princ);
if (ret == 0)
return 0;
}
ret = hx509_cert_get_subject(client_params->cert, &name);
if (ret)
return ret;
ret = hx509_name_to_string(name, subject_name);
hx509_name_free(&name);
if (ret)
return ret;
kdc_log(context, config, 5,
"Trying to authorize subject DN %s",
*subject_name);
for (i = 0; i < principal_mappings.len; i++) {
krb5_boolean b;
b = krb5_principal_compare(context,
client_princ,
principal_mappings.val[i].principal);
@ -1436,6 +1154,7 @@ _kdc_pk_check_client(krb5_context context,
return 0;
}
free(*subject_name);
*subject_name = NULL;
krb5_set_error_string(context, "PKINIT no matching principals");
return KRB5_KDC_ERR_CLIENT_NAME_MISMATCH;
@ -1477,7 +1196,9 @@ krb5_error_code
_kdc_pk_initialize(krb5_context context,
krb5_kdc_configuration *config,
const char *user_id,
const char *x509_anchors)
const char *anchors,
char **pool,
char **revoke)
{
const char *file;
krb5_error_code ret;
@ -1495,13 +1216,15 @@ _kdc_pk_initialize(krb5_context context,
principal_mappings.len = 0;
principal_mappings.val = NULL;
ret = _krb5_pk_load_openssl_id(context,
&kdc_identity,
user_id,
x509_anchors,
NULL,
NULL,
NULL);
ret = _krb5_pk_load_id(context,
&kdc_identity,
user_id,
anchors,
pool,
revoke,
NULL,
NULL,
NULL);
if (ret) {
krb5_warn(context, ret, "PKINIT: failed to load");
config->enable_pkinit = 0;

4
source4/heimdal/lib/asn1/CMS.asn1
View File

@ -1,5 +1,5 @@
-- From RFC 3369 --
-- $Id: CMS.asn1,v 1.3 2005/07/23 10:37:13 lha Exp $ --
-- $Id: CMS.asn1,v 1.4 2006/04/15 10:53:25 lha Exp $ --
CMS DEFINITIONS ::= BEGIN
@ -142,7 +142,7 @@ EnvelopedData ::= SEQUENCE {
-- Data ::= OCTET STRING
CMSRC2CBCParameter ::= SEQUENCE {
rc2ParameterVersion INTEGER,
rc2ParameterVersion INTEGER (0..4294967295),
iv OCTET STRING -- exactly 8 octets
}

8
source4/heimdal/lib/asn1/canthandle.asn1
View File

@ -1,4 +1,4 @@
-- $Id: canthandle.asn1,v 1.5 2005/08/11 14:07:21 lha Exp $ --
-- $Id: canthandle.asn1,v 1.6 2006/01/18 19:12:33 lha Exp $ --
CANTHANDLE DEFINITIONS ::= BEGIN
@ -31,10 +31,4 @@ Bar ::= SEQUENCE {
Baz ::= SET OF INTEGER
-- Allocation is done on CONTEXT tags.
Alloc ::= SEQUENCE {
a heim_any OPTIONAL
}
END

9
source4/heimdal/lib/asn1/gen.c
View File

@ -33,7 +33,7 @@
#include "gen_locl.h"
RCSID("$Id: gen.c,v 1.65 2006/03/08 12:29:34 lha Exp $");
RCSID("$Id: gen.c,v 1.67 2006/03/31 02:52:21 lha Exp $");
FILE *headerfile, *codefile, *logfile;
@ -62,6 +62,8 @@ add_import (const char *module)
tmp->module = module;
tmp->next = imports;
imports = tmp;
fprintf (headerfile, "#include <%s_asn1.h>\n", module);
}
const char *
@ -223,7 +225,6 @@ gen_compare_defval(const char *var, struct value *val)
static void
generate_header_of_codefile(const char *name)
{
struct import *i;
char *filename;
if (codefile != NULL)
@ -248,10 +249,6 @@ generate_header_of_codefile(const char *name)
"#include <krb5-types.h>\n",
orig_filename);
for (i = imports; i != NULL; i = i->next)
fprintf (codefile,
"#include <%s_asn1.h>\n",
i->module);
fprintf (codefile,
"#include <%s.h>\n",
headerbase);

17
source4/heimdal/lib/asn1/hash.c
View File

@ -37,7 +37,7 @@
#include "gen_locl.h"
RCSID("$Id: hash.c,v 1.10 2005/07/12 06:27:30 lha Exp $");
RCSID("$Id: hash.c,v 1.11 2006/04/07 22:16:00 lha Exp $");
static Hashentry *_search(Hashtab * htab, /* The hash table */
void *ptr); /* And key */
@ -53,17 +53,16 @@ hashtabnew(int sz,
assert(sz > 0);
htab = (Hashtab *) malloc(sizeof(Hashtab) + (sz - 1) * sizeof(Hashentry *));
if (htab == NULL)
return NULL;
for (i = 0; i < sz; ++i)
htab->tab[i] = NULL;
if (htab == NULL) {
return NULL;
} else {
htab->cmp = cmp;
htab->hash = hash;
htab->sz = sz;
return htab;
}
htab->cmp = cmp;
htab->hash = hash;
htab->sz = sz;
return htab;
}
/* Intern search function */

3
source4/heimdal/lib/asn1/k5.asn1
View File

@ -1,4 +1,4 @@
-- $Id: k5.asn1,v 1.46 2005/08/22 19:09:25 lha Exp $
-- $Id: k5.asn1,v 1.47 2006/03/27 22:52:11 lha Exp $
KERBEROS5 DEFINITIONS ::=
BEGIN
@ -56,6 +56,7 @@ PADATA-TYPE ::= INTEGER {
KRB5-PADATA-PK-AS-REQ-WIN(15), -- (PKINIT - old number)
KRB5-PADATA-PK-AS-REQ(16), -- (PKINIT-25)
KRB5-PADATA-PK-AS-REP(17), -- (PKINIT-25)
KRB5-PADATA-PA-PK-OCSP-RESPONSE(18),
KRB5-PADATA-ETYPE-INFO2(19),
KRB5-PADATA-USE-SPECIFIED-KVNO(20),
KRB5-PADATA-SAM-REDIRECT(21), -- (sam/otp)

1334
source4/heimdal/lib/asn1/lex.c
View File

File diff suppressed because it is too large Load Diff

360
source4/heimdal/lib/asn1/parse.c
View File

@ -1,7 +1,7 @@
/* A Bison parser, made by GNU Bison 2.1. */
/* A Bison parser, made by GNU Bison 2.0. */
/* Skeleton parser for Yacc-like parsing with Bison,
Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -15,8 +15,8 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor,
Boston, MA 02110-1301, USA. */
Foundation, Inc., 59 Temple Place - Suite 330,
Boston, MA 02111-1307, USA. */
/* As a special exception, when this file is copied by Bison into a
Bison output file, you may use that output file without restriction.
@ -36,9 +36,6 @@
/* Identify Bison output. */
#define YYBISON 1
/* Bison version. */
#define YYBISON_VERSION "2.1"
/* Skeleton name. */
#define YYSKELETON_NAME "yacc.c"
@ -145,7 +142,6 @@
NUMBER = 344
};
#endif
/* Tokens. */
#define kw_ABSENT 258
#define kw_ABSTRACT_SYNTAX 259
#define kw_ALL 260
@ -270,7 +266,7 @@ struct string_list {
/* Enabling traces. */
#ifndef YYDEBUG
# define YYDEBUG 0
# define YYDEBUG 1
#endif
/* Enabling verbose error messages. */
@ -281,11 +277,6 @@ struct string_list {
# define YYERROR_VERBOSE 0
#endif
/* Enabling the token table. */
#ifndef YYTOKEN_TABLE
# define YYTOKEN_TABLE 0
#endif
#if ! defined (YYSTYPE) && ! defined (YYSTYPE_IS_DECLARED)
#line 65 "parse.y"
typedef union YYSTYPE {
@ -302,8 +293,8 @@ typedef union YYSTYPE {
struct memhead *members;
struct constraint_spec *constraint_spec;
} YYSTYPE;
/* Line 196 of yacc.c. */
#line 307 "$base.c"
/* Line 190 of yacc.c. */
#line 298 "parse.c"
# define yystype YYSTYPE /* obsolescent; will be withdrawn */
# define YYSTYPE_IS_DECLARED 1
# define YYSTYPE_IS_TRIVIAL 1
@ -314,37 +305,18 @@ typedef union YYSTYPE {
/* Copy the second part of user declarations. */
/* Line 219 of yacc.c. */
#line 319 "$base.c"
#if ! defined (YYSIZE_T) && defined (__SIZE_TYPE__)
# define YYSIZE_T __SIZE_TYPE__
#endif
#if ! defined (YYSIZE_T) && defined (size_t)
# define YYSIZE_T size_t
#endif
#if ! defined (YYSIZE_T) && (defined (__STDC__) || defined (__cplusplus))
# include <stddef.h> /* INFRINGES ON USER NAME SPACE */
# define YYSIZE_T size_t
#endif
#if ! defined (YYSIZE_T)
# define YYSIZE_T unsigned int
#endif
#ifndef YY_
# if YYENABLE_NLS
# if ENABLE_NLS
# include <libintl.h> /* INFRINGES ON USER NAME SPACE */
# define YY_(msgid) dgettext ("bison-runtime", msgid)
# endif
# endif
# ifndef YY_
# define YY_(msgid) msgid
# endif
#endif
/* Line 213 of yacc.c. */
#line 310 "parse.c"
#if ! defined (yyoverflow) || YYERROR_VERBOSE
# ifndef YYFREE
# define YYFREE free
# endif
# ifndef YYMALLOC
# define YYMALLOC malloc
# endif
/* The parser invokes alloca or malloc; define the necessary symbols. */
# ifdef YYSTACK_USE_ALLOCA
@ -353,10 +325,6 @@ typedef union YYSTYPE {
# define YYSTACK_ALLOC __builtin_alloca
# else
# define YYSTACK_ALLOC alloca
# if defined (__STDC__) || defined (__cplusplus)
# include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
# define YYINCLUDED_STDLIB_H
# endif
# endif
# endif
# endif
@ -364,39 +332,13 @@ typedef union YYSTYPE {
# ifdef YYSTACK_ALLOC
/* Pacify GCC's `empty if-body' warning. */
# define YYSTACK_FREE(Ptr) do { /* empty */; } while (0)
# ifndef YYSTACK_ALLOC_MAXIMUM
/* The OS might guarantee only one guard page at the bottom of the stack,
and a page size can be as small as 4096 bytes. So we cannot safely
invoke alloca (N) if N exceeds 4096. Use a slightly smaller number
to allow for a few compiler-allocated temporary stack slots. */
# define YYSTACK_ALLOC_MAXIMUM 4032 /* reasonable circa 2005 */
# endif
# else
# if defined (__STDC__) || defined (__cplusplus)
# include <stdlib.h> /* INFRINGES ON USER NAME SPACE */
# define YYSIZE_T size_t
# endif
# define YYSTACK_ALLOC YYMALLOC
# define YYSTACK_FREE YYFREE
# ifndef YYSTACK_ALLOC_MAXIMUM
# define YYSTACK_ALLOC_MAXIMUM ((YYSIZE_T) -1)
# endif
# ifdef __cplusplus
extern "C" {
# endif
# ifndef YYMALLOC
# define YYMALLOC malloc
# if (! defined (malloc) && ! defined (YYINCLUDED_STDLIB_H) \
&& (defined (__STDC__) || defined (__cplusplus)))
void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */
# endif
# endif
# ifndef YYFREE
# define YYFREE free
# if (! defined (free) && ! defined (YYINCLUDED_STDLIB_H) \
&& (defined (__STDC__) || defined (__cplusplus)))
void free (void *); /* INFRINGES ON USER NAME SPACE */
# endif
# endif
# ifdef __cplusplus
}
# endif
# endif
#endif /* ! defined (yyoverflow) || YYERROR_VERBOSE */
@ -431,7 +373,7 @@ union yyalloc
# define YYCOPY(To, From, Count) \
do \
{ \
YYSIZE_T yyi; \
register YYSIZE_T yyi; \
for (yyi = 0; yyi < (Count); yyi++) \
(To)[yyi] = (From)[yyi]; \
} \
@ -481,7 +423,7 @@ union yyalloc
#define YYUNDEFTOK 2
#define YYMAXUTOK 344
#define YYTRANSLATE(YYX) \
#define YYTRANSLATE(YYX) \
((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK)
/* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX. */
@ -606,8 +548,8 @@ static const unsigned short int yyrline[] =
};
#endif
#if YYDEBUG || YYERROR_VERBOSE || YYTOKEN_TABLE
/* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM.
#if YYDEBUG || YYERROR_VERBOSE
/* YYTNME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM.
First, the terminals, then, starting at YYNTOKENS, nonterminals. */
static const char *const yytname[] =
{
@ -862,6 +804,22 @@ static const unsigned char yystos[] =
154
};
#if ! defined (YYSIZE_T) && defined (__SIZE_TYPE__)
# define YYSIZE_T __SIZE_TYPE__
#endif
#if ! defined (YYSIZE_T) && defined (size_t)
# define YYSIZE_T size_t
#endif
#if ! defined (YYSIZE_T)
# if defined (__STDC__) || defined (__cplusplus)
# include <stddef.h> /* INFRINGES ON USER NAME SPACE */
# define YYSIZE_T size_t
# endif
#endif
#if ! defined (YYSIZE_T)
# define YYSIZE_T unsigned int
#endif
#define yyerrok (yyerrstatus = 0)
#define yyclearin (yychar = YYEMPTY)
#define YYEMPTY (-2)
@ -891,8 +849,8 @@ do \
goto yybackup; \
} \
else \
{ \
yyerror (YY_("syntax error: cannot back up")); \
{ \
yyerror ("syntax error: cannot back up");\
YYERROR; \
} \
while (0)
@ -971,7 +929,7 @@ do { \
if (yydebug) \
{ \
YYFPRINTF (stderr, "%s ", Title); \
yysymprint (stderr, \
yysymprint (stderr, \
Type, Value); \
YYFPRINTF (stderr, "\n"); \
} \
@ -1019,13 +977,13 @@ yy_reduce_print (yyrule)
#endif
{
int yyi;
unsigned long int yylno = yyrline[yyrule];
YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu), ",
unsigned int yylno = yyrline[yyrule];
YYFPRINTF (stderr, "Reducing stack by rule %d (line %u), ",
yyrule - 1, yylno);
/* Print the symbols being reduced, and their result. */
for (yyi = yyprhs[yyrule]; 0 <= yyrhs[yyi]; yyi++)
YYFPRINTF (stderr, "%s ", yytname[yyrhs[yyi]]);
YYFPRINTF (stderr, "-> %s\n", yytname[yyr1[yyrule]]);
YYFPRINTF (stderr, "%s ", yytname [yyrhs[yyi]]);
YYFPRINTF (stderr, "-> %s\n", yytname [yyr1[yyrule]]);
}
# define YY_REDUCE_PRINT(Rule) \
@ -1054,7 +1012,7 @@ int yydebug;
if the built-in stack extension method is used).
Do not make this value too large; the results are undefined if
YYSTACK_ALLOC_MAXIMUM < YYSTACK_BYTES (YYMAXDEPTH)
SIZE_MAX < YYSTACK_BYTES (YYMAXDEPTH)
evaluated with infinite-precision integer arithmetic. */
#ifndef YYMAXDEPTH
@ -1078,7 +1036,7 @@ yystrlen (yystr)
const char *yystr;
# endif
{
const char *yys = yystr;
register const char *yys = yystr;
while (*yys++ != '\0')
continue;
@ -1103,8 +1061,8 @@ yystpcpy (yydest, yysrc)
const char *yysrc;
# endif
{
char *yyd = yydest;
const char *yys = yysrc;
register char *yyd = yydest;
register const char *yys = yysrc;
while ((*yyd++ = *yys++) != '\0')
continue;
@ -1114,55 +1072,7 @@ yystpcpy (yydest, yysrc)
# endif
# endif
# ifndef yytnamerr
/* Copy to YYRES the contents of YYSTR after stripping away unnecessary
quotes and backslashes, so that it's suitable for yyerror. The
heuristic is that double-quoting is unnecessary unless the string
contains an apostrophe, a comma, or backslash (other than
backslash-backslash). YYSTR is taken from yytname. If YYRES is
null, do not copy; instead, return the length of what the result
would have been. */
static YYSIZE_T
yytnamerr (char *yyres, const char *yystr)
{
if (*yystr == '"')
{
size_t yyn = 0;
char const *yyp = yystr;
for (;;)
switch (*++yyp)
{
case '\'':
case ',':
goto do_not_strip_quotes;
case '\\':
if (*++yyp != '\\')
goto do_not_strip_quotes;
/* Fall through. */
default:
if (yyres)
yyres[yyn] = *yyp;
yyn++;
break;
case '"':
if (yyres)
yyres[yyn] = '\0';
return yyn;
}
do_not_strip_quotes: ;
}
if (! yyres)
return yystrlen (yystr);
return yystpcpy (yyres, yystr) - yyres;
}
# endif
#endif /* YYERROR_VERBOSE */
#endif /* !YYERROR_VERBOSE */
@ -1282,13 +1192,13 @@ yyparse (void)
#else
int
yyparse ()
;
#endif
#endif
{
int yystate;
int yyn;
register int yystate;
register int yyn;
int yyresult;
/* Number of tokens to shift before error messages enabled. */
int yyerrstatus;
@ -1306,12 +1216,12 @@ yyparse ()
/* The state stack. */
short int yyssa[YYINITDEPTH];
short int *yyss = yyssa;
short int *yyssp;
register short int *yyssp;
/* The semantic value stack. */
YYSTYPE yyvsa[YYINITDEPTH];
YYSTYPE *yyvs = yyvsa;
YYSTYPE *yyvsp;
register YYSTYPE *yyvsp;
@ -1343,6 +1253,9 @@ yyparse ()
yyssp = yyss;
yyvsp = yyvs;
yyvsp[0] = yylval;
goto yysetstate;
/*------------------------------------------------------------.
@ -1375,7 +1288,7 @@ yyparse ()
data in use in that stack, in bytes. This used to be a
conditional around just the two extra args, but that might
be undefined if yyoverflow is a macro. */
yyoverflow (YY_("memory exhausted"),
yyoverflow ("parser stack overflow",
&yyss1, yysize * sizeof (*yyssp),
&yyvs1, yysize * sizeof (*yyvsp),
@ -1386,11 +1299,11 @@ yyparse ()
}
#else /* no yyoverflow */
# ifndef YYSTACK_RELOCATE
goto yyexhaustedlab;
goto yyoverflowlab;
# else
/* Extend the stack our own way. */
if (YYMAXDEPTH <= yystacksize)
goto yyexhaustedlab;
goto yyoverflowlab;
yystacksize *= 2;
if (YYMAXDEPTH < yystacksize)
yystacksize = YYMAXDEPTH;
@ -1400,7 +1313,7 @@ yyparse ()
union yyalloc *yyptr =
(union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize));
if (! yyptr)
goto yyexhaustedlab;
goto yyoverflowlab;
YYSTACK_RELOCATE (yyss);
YYSTACK_RELOCATE (yyvs);
@ -2230,11 +2143,10 @@ yyreduce:
break;
default: break;
}
/* Line 1126 of yacc.c. */
#line 2238 "$base.c"
/* Line 1037 of yacc.c. */
#line 2150 "parse.c"
yyvsp -= yylen;
yyssp -= yylen;
@ -2273,36 +2185,12 @@ yyerrlab:
if (YYPACT_NINF < yyn && yyn < YYLAST)
{
YYSIZE_T yysize = 0;
int yytype = YYTRANSLATE (yychar);
YYSIZE_T yysize0 = yytnamerr (0, yytname[yytype]);
YYSIZE_T yysize = yysize0;
YYSIZE_T yysize1;
int yysize_overflow = 0;
char *yymsg = 0;
# define YYERROR_VERBOSE_ARGS_MAXIMUM 5
char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
const char* yyprefix;
char *yymsg;
int yyx;
#if 0
/* This is so xgettext sees the translatable formats that are
constructed on the fly. */
YY_("syntax error, unexpected %s");
YY_("syntax error, unexpected %s, expecting %s");
YY_("syntax error, unexpected %s, expecting %s or %s");
YY_("syntax error, unexpected %s, expecting %s or %s or %s");
YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s");
#endif
char *yyfmt;
char const *yyf;
static char const yyunexpected[] = "syntax error, unexpected %s";
static char const yyexpecting[] = ", expecting %s";
static char const yyor[] = " or %s";
char yyformat[sizeof yyunexpected
+ sizeof yyexpecting - 1
+ ((YYERROR_VERBOSE_ARGS_MAXIMUM - 2)
* (sizeof yyor - 1))];
char const *yyprefix = yyexpecting;
/* Start YYX at -YYN if negative to avoid negative indexes in
YYCHECK. */
int yyxbegin = yyn < 0 ? -yyn : 0;
@ -2310,68 +2198,48 @@ yyerrlab:
/* Stay within bounds of both yycheck and yytname. */
int yychecklim = YYLAST - yyn;
int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS;
int yycount = 1;
yyarg[0] = yytname[yytype];
yyfmt = yystpcpy (yyformat, yyunexpected);
int yycount = 0;
yyprefix = ", expecting ";
for (yyx = yyxbegin; yyx < yyxend; ++yyx)
if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR)
{
if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM)
yysize += yystrlen (yyprefix) + yystrlen (yytname [yyx]);
yycount += 1;
if (yycount == 5)
{
yycount = 1;
yysize = yysize0;
yyformat[sizeof yyunexpected - 1] = '\0';
yysize = 0;
break;
}
yyarg[yycount++] = yytname[yyx];
yysize1 = yysize + yytnamerr (0, yytname[yyx]);
yysize_overflow |= yysize1 < yysize;
yysize = yysize1;
yyfmt = yystpcpy (yyfmt, yyprefix);
yyprefix = yyor;
}
yyf = YY_(yyformat);
yysize1 = yysize + yystrlen (yyf);
yysize_overflow |= yysize1 < yysize;
yysize = yysize1;
if (!yysize_overflow && yysize <= YYSTACK_ALLOC_MAXIMUM)
yymsg = (char *) YYSTACK_ALLOC (yysize);
if (yymsg)
yysize += (sizeof ("syntax error, unexpected ")
+ yystrlen (yytname[yytype]));
yymsg = (char *) YYSTACK_ALLOC (yysize);
if (yymsg != 0)
{
/* Avoid sprintf, as that infringes on the user's name space.
Don't have undefined behavior even if the translation
produced a string with the wrong number of "%s"s. */
char *yyp = yymsg;
int yyi = 0;
while ((*yyp = *yyf))
char *yyp = yystpcpy (yymsg, "syntax error, unexpected ");
yyp = yystpcpy (yyp, yytname[yytype]);
if (yycount < 5)
{
if (*yyp == '%' && yyf[1] == 's' && yyi < yycount)
{
yyp += yytnamerr (yyp, yyarg[yyi++]);
yyf += 2;
}
else
{
yyp++;
yyf++;
}
yyprefix = ", expecting ";
for (yyx = yyxbegin; yyx < yyxend; ++yyx)
if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR)
{
yyp = yystpcpy (yyp, yyprefix);
yyp = yystpcpy (yyp, yytname[yyx]);
yyprefix = " or ";
}
}
yyerror (yymsg);
YYSTACK_FREE (yymsg);
}
else
{
yyerror (YY_("syntax error"));
goto yyexhaustedlab;
}
yyerror ("syntax error; also virtual memory exhausted");
}
else
#endif /* YYERROR_VERBOSE */
yyerror (YY_("syntax error"));
yyerror ("syntax error");
}
@ -2383,9 +2251,18 @@ yyerrlab:
if (yychar <= YYEOF)
{
/* Return failure if at end of input. */
/* If at end of input, pop the error token,
then the rest of the stack, then return failure. */
if (yychar == YYEOF)
YYABORT;
for (;;)
{
YYPOPSTACK;
if (yyssp == yyss)
YYABORT;
yydestruct ("Error: popping",
yystos[*yyssp], yyvsp);
}
}
else
{
@ -2404,11 +2281,12 @@ yyerrlab:
`---------------------------------------------------*/
yyerrorlab:
/* Pacify compilers like GCC when the user code never invokes
YYERROR and the label yyerrorlab therefore never appears in user
code. */
#ifdef __GNUC__
/* Pacify GCC when the user code never invokes YYERROR and the label
yyerrorlab therefore never appears in user code. */
if (0)
goto yyerrorlab;
#endif
yyvsp -= yylen;
yyssp -= yylen;
@ -2471,29 +2349,23 @@ yyacceptlab:
| yyabortlab -- YYABORT comes here. |
`-----------------------------------*/
yyabortlab:
yydestruct ("Error: discarding lookahead",
yytoken, &yylval);
yychar = YYEMPTY;
yyresult = 1;
goto yyreturn;
#ifndef yyoverflow
/*-------------------------------------------------.
| yyexhaustedlab -- memory exhaustion comes here. |
`-------------------------------------------------*/
yyexhaustedlab:
yyerror (YY_("memory exhausted"));
/*----------------------------------------------.
| yyoverflowlab -- parser overflow comes here. |
`----------------------------------------------*/
yyoverflowlab:
yyerror ("parser stack overflow");
yyresult = 2;
/* Fall through. */
#endif
yyreturn:
if (yychar != YYEOF && yychar != YYEMPTY)
yydestruct ("Cleanup: discarding lookahead",
yytoken, &yylval);
while (yyssp != yyss)
{
yydestruct ("Cleanup: popping",
yystos[*yyssp], yyvsp);
YYPOPSTACK;
}
#ifndef yyoverflow
if (yyss != yyssa)
YYSTACK_FREE (yyss);

13
source4/heimdal/lib/asn1/parse.h
View File

@ -1,7 +1,7 @@
/* A Bison parser, made by GNU Bison 2.1. */
/* A Bison parser, made by GNU Bison 2.0. */
/* Skeleton parser for Yacc-like parsing with Bison,
Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -15,8 +15,8 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor,
Boston, MA 02110-1301, USA. */
Foundation, Inc., 59 Temple Place - Suite 330,
Boston, MA 02111-1307, USA. */
/* As a special exception, when this file is copied by Bison into a
Bison output file, you may use that output file without restriction.
@ -118,7 +118,6 @@
NUMBER = 344
};
#endif
/* Tokens. */
#define kw_ABSENT 258
#define kw_ABSTRACT_SYNTAX 259
#define kw_ALL 260
@ -226,8 +225,8 @@ typedef union YYSTYPE {
struct memhead *members;
struct constraint_spec *constraint_spec;
} YYSTYPE;
/* Line 1447 of yacc.c. */
#line 231 "parse.h"
/* Line 1318 of yacc.c. */
#line 230 "parse.h"
# define yystype YYSTYPE /* obsolescent; will be withdrawn */
# define YYSTYPE_IS_DECLARED 1
# define YYSTYPE_IS_TRIVIAL 1

40
source4/heimdal/lib/asn1/test.asn1
View File

@ -1,9 +1,11 @@
-- $Id: test.asn1,v 1.5 2005/07/21 20:48:27 lha Exp $ --
-- $Id: test.asn1,v 1.8 2006/01/31 09:42:04 lha Exp $ --
TEST DEFINITIONS ::=
BEGIN
IMPORTS heim_any FROM heim;
TESTLargeTag ::= SEQUENCE {
foo[127] INTEGER (-2147483648..2147483647)
}
@ -45,4 +47,40 @@ TESTImplicit2 ::= SEQUENCE {
ti3[2] IMPLICIT TESTInteger3
}
TESTAllocInner ::= SEQUENCE {
ai[0] TESTInteger
}
TESTAlloc ::= SEQUENCE {
tagless TESTAllocInner OPTIONAL,
three [1] INTEGER (-2147483648..2147483647),
tagless2 heim_any OPTIONAL
}
TESTCONTAINING ::= OCTET STRING ( CONTAINING INTEGER )
TESTENCODEDBY ::= OCTET STRING ( ENCODED BY
{ joint-iso-itu-t(2) asn(1) ber-derived(2) distinguished-encoding(1) }
)
TESTDer OBJECT IDENTIFIER ::= {
joint-iso-itu-t(2) asn(1) ber-derived(2) distinguished-encoding(1)
}
TESTCONTAININGENCODEDBY ::= OCTET STRING ( CONTAINING INTEGER ENCODED BY
{ joint-iso-itu-t(2) asn(1) ber-derived(2) distinguished-encoding(1) }
)
TESTCONTAININGENCODEDBY2 ::= OCTET STRING (
CONTAINING INTEGER ENCODED BY TESTDer
)
TESTValue1 INTEGER ::= 1
TESTUSERCONSTRAINED ::= OCTET STRING (CONSTRAINED BY { -- meh -- })
-- TESTUSERCONSTRAINED2 ::= OCTET STRING (CONSTRAINED BY { TESTInteger })
-- TESTUSERCONSTRAINED3 ::= OCTET STRING (CONSTRAINED BY { INTEGER })
-- TESTUSERCONSTRAINED4 ::= OCTET STRING (CONSTRAINED BY { INTEGER : 1 })
END

1325
source4/heimdal/lib/com_err/lex.c
View File

File diff suppressed because it is too large Load Diff

5
source4/heimdal/lib/des/des.c
View File

@ -45,13 +45,14 @@
#ifdef HAVE_CONFIG_H
#include <config.h>
RCSID("$Id: des.c,v 1.16 2006/01/08 21:47:28 lha Exp $");
RCSID("$Id: des.c,v 1.17 2006/04/14 14:19:36 lha Exp $");
#endif
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <krb5-types.h>
#include <assert.h>
#include "des.h"
#include "ui.h"
@ -514,6 +515,7 @@ DES_cfb64_encrypt(const void *in, void *out,
if (forward_encrypt) {
int i = *num;
assert(i >= 0);
while (length > 0) {
if (i == 0)
@ -535,6 +537,7 @@ DES_cfb64_encrypt(const void *in, void *out,
} else {
int i = *num;
unsigned char c;
assert(i >= 0);
while (length > 0) {
if (i == 0) {

4
source4/heimdal/lib/des/dh.h
View File

@ -32,7 +32,7 @@
*/
/*
* $Id: dh.h,v 1.4 2006/01/18 13:48:30 lha Exp $
* $Id: dh.h,v 1.5 2006/04/20 18:16:17 lha Exp $
*/
#ifndef _HEIM_DH_H
@ -52,7 +52,7 @@
#define DH_set_ex_data hc_DH_set_ex_data
#define DH_get_ex_data hc_DH_get_ex_data
#define DH_generate_parameters_ex hc_DH_generate_parameters_ex
#define DH_check hc_DH_check
#define DH_check_pubkey hc_DH_check_pubkey
#define DH_generate_key hc_DH_generate_key
#define DH_compute_key hc_DH_compute_key

5
source4/heimdal/lib/des/engine.h
View File

@ -32,7 +32,7 @@
*/
/*
* $Id: engine.h,v 1.4 2006/01/13 15:26:52 lha Exp $
* $Id: engine.h,v 1.5 2006/04/17 13:16:17 lha Exp $
*/
#ifndef _HEIM_ENGINE_H
@ -45,6 +45,7 @@
#define ENGINE_finish hc_ENGINE_finish
#define ENGINE_get_DH hc_ENGINE_get_DH
#define ENGINE_get_RSA hc_ENGINE_get_RSA
#define ENGINE_get_RAND hc_ENGINE_get_RAND
#define ENGINE_get_id hc_ENGINE_get_id
#define ENGINE_get_name hc_ENGINE_get_name
#define ENGINE_load_builtin_engines hc_ENGINE_load_builtin_engines
@ -64,6 +65,7 @@ typedef struct hc_engine ENGINE;
#include <hcrypto/rsa.h>
#include <hcrypto/dsa.h>
#include <hcrypto/dh.h>
#include <hcrypto/rand.h>
#define OPENSSL_DYNAMIC_VERSION (unsigned long)0x00020000
@ -86,6 +88,7 @@ const char * ENGINE_get_id(const ENGINE *);
const char * ENGINE_get_name(const ENGINE *);
const RSA_METHOD * ENGINE_get_RSA(const ENGINE *);
const DH_METHOD * ENGINE_get_DH(const ENGINE *);
const RAND_METHOD * ENGINE_get_RAND(const ENGINE *);
int ENGINE_set_default_RSA(ENGINE *);
ENGINE * ENGINE_get_default_RSA(void);

150
source4/heimdal/lib/des/evp.c
View File

@ -151,6 +151,22 @@ EVP_Digest(const void *data, size_t dsize, void *hash, unsigned int *hsize,
*
*/
static const struct hc_evp_md sha256 = {
32,
64,
sizeof(SHA256_CTX),
(void *)SHA256_Init,
(void *)SHA256_Update,
(void *)SHA256_Final,
NULL
};
const EVP_MD *
EVP_sha256(void)
{
return &sha256;
}
static const struct hc_evp_md sha1 = {
20,
64,
@ -543,6 +559,27 @@ EVP_rc2_40_cbc(void)
return &rc2_40_cbc;
}
const EVP_CIPHER *
EVP_rc2_64_cbc(void)
{
static const EVP_CIPHER rc2_64_cbc = {
0,
RC2_BLOCK_SIZE,
8,
RC2_BLOCK_SIZE,
EVP_CIPH_CBC_MODE,
rc2_init,
rc2_do_cipher,
rc2_cleanup,
sizeof(struct rc2_cbc),
NULL,
NULL,
NULL,
NULL
};
return &rc2_64_cbc;
}
/*
*
*/
@ -726,3 +763,116 @@ EVP_aes_256_cbc(void)
};
return &aes_256_cbc;
}
/*
*
*/
static const struct cipher_name {
const char *name;
const EVP_CIPHER *(*func)(void);
} cipher_name[] = {
{ "des-ede3-cbc", EVP_des_ede3_cbc },
{ "aes-128-cbc", EVP_aes_128_cbc },
{ "aes-192-cbc", EVP_aes_192_cbc },
{ "aes-256-cbc", EVP_aes_256_cbc }
};
const EVP_CIPHER *
EVP_get_cipherbyname(const char *name)
{
int i;
for (i = 0; i < sizeof(cipher_name)/sizeof(cipher_name[0]); i++) {
if (strcasecmp(cipher_name[i].name, name) == 0)
return (*cipher_name[i].func)();
}
return NULL;
}
/*
*
*/
#ifndef min
#define min(a,b) (((a)>(b))?(b):(a))
#endif
int
EVP_BytesToKey(const EVP_CIPHER *type,
const EVP_MD *md,
const void *salt,
const void *data, size_t datalen,
unsigned int count,
void *keydata,
void *ivdata)
{
int ivlen, keylen, first = 0;
unsigned int mds = 0, i;
unsigned char *key = keydata;
unsigned char *iv = ivdata;
unsigned char *buf;
EVP_MD_CTX c;
keylen = EVP_CIPHER_key_length(type);
ivlen = EVP_CIPHER_iv_length(type);
if (data == NULL)
return keylen;
buf = malloc(EVP_MD_size(md));
if (buf == NULL)
return -1;
EVP_MD_CTX_init(&c);
first = 1;
while (1) {
EVP_DigestInit_ex(&c, md, NULL);
if (!first)
EVP_DigestUpdate(&c, buf, mds);
first = 0;
EVP_DigestUpdate(&c,data,datalen);
#define PKCS5_SALT_LEN 8
if (salt)
EVP_DigestUpdate(&c, salt, PKCS5_SALT_LEN);
EVP_DigestFinal_ex(&c, buf, &mds);
for (i = 1; i < count; i++) {
EVP_DigestInit_ex(&c, md, NULL);
EVP_DigestUpdate(&c, buf, mds);
EVP_DigestFinal_ex(&c, buf, &mds);
}
i = 0;
if (keylen) {
size_t sz = min(keylen, mds);
if (key) {
memcpy(key, buf, sz);
key += sz;
}
keylen -= sz;
i += sz;
}
if (ivlen && mds > i) {
size_t sz = min(ivlen, (mds - i));
if (iv) {
memcpy(iv, &buf[i], sz);
iv += sz;
}
ivlen -= sz;
}
if (keylen == 0 && ivlen == 0)
break;
}
EVP_MD_CTX_cleanup(&c);
free(buf);
return EVP_CIPHER_key_length(type);
}

15
source4/heimdal/lib/des/evp.h
View File

@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
/* $Id: evp.h,v 1.3 2006/02/28 14:17:25 lha Exp $ */
/* $Id: evp.h,v 1.8 2006/04/21 15:00:54 lha Exp $ */
#ifndef HEIM_EVP_H
#define HEIM_EVP_H 1
@ -79,12 +79,16 @@
#define EVP_md5 hc_EVP_md5
#define EVP_md_null hc_EVP_md_null
#define EVP_rc2_40_cbc hc_EVP_rc2_40_cbc
#define EVP_rc2_64_cbc hc_EVP_rc2_64_cbc
#define EVP_rc2_cbc hc_EVP_rc2_cbc
#define EVP_rc4 hc_EVP_rc4
#define EVP_rc4_40 hc_EVP_rc4_40
#define EVP_sha hc_EVP_sha
#define EVP_sha1 hc_EVP_sha1
#define EVP_sha256 hc_EVP_sha256
#define PKCS5_PBKDF2_HMAC_SHA1 hc_PKCS5_PBKDF2_HMAC_SHA1
#define EVP_BytesToKey hc_EVP_BytesToKey
#define EVP_get_cipherbyname hc_EVP_get_cipherbyname
/*
*
@ -161,6 +165,7 @@ const EVP_MD *EVP_md4(void);
const EVP_MD *EVP_md5(void);
const EVP_MD *EVP_sha(void);
const EVP_MD *EVP_sha1(void);
const EVP_MD *EVP_sha256(void);
const EVP_CIPHER * EVP_aes_128_cbc(void);
const EVP_CIPHER * EVP_aes_192_cbc(void);
@ -168,6 +173,7 @@ const EVP_CIPHER * EVP_aes_256_cbc(void);
const EVP_CIPHER * EVP_des_ede3_cbc(void);
const EVP_CIPHER * EVP_enc_null(void);
const EVP_CIPHER * EVP_rc2_40_cbc(void);
const EVP_CIPHER * EVP_rc2_64_cbc(void);
const EVP_CIPHER * EVP_rc2_cbc(void);
const EVP_CIPHER * EVP_rc4(void);
const EVP_CIPHER * EVP_rc4_40(void);
@ -199,6 +205,9 @@ int EVP_Digest(const void *, size_t, void *, unsigned int *,
*
*/
const EVP_CIPHER *
EVP_get_cipherbyname(const char *);
size_t EVP_CIPHER_block_size(const EVP_CIPHER *);
size_t EVP_CIPHER_key_length(const EVP_CIPHER *);
size_t EVP_CIPHER_iv_length(const EVP_CIPHER *);
@ -227,5 +236,9 @@ int EVP_Cipher(EVP_CIPHER_CTX *,void *,const void *,size_t);
int PKCS5_PBKDF2_HMAC_SHA1(const void *, size_t, const void *, size_t,
unsigned long, size_t, void *);
int EVP_BytesToKey(const EVP_CIPHER *, const EVP_MD *,
const void *, const void *, size_t,
unsigned int, void *, void *);
#endif /* HEIM_EVP_H */

48
source4/heimdal/lib/des/rand.h
View File

@ -1,3 +1,4 @@
/*
* Copyright (c) 2006 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
@ -32,23 +33,64 @@
*/
/*
* $Id: rand.h,v 1.2 2006/01/13 15:26:52 lha Exp $
* $Id: rand.h,v 1.4 2006/04/17 13:23:04 lha Exp $
*/
#ifndef _HEIM_RAND_H
#define _HEIM_RAND_H 1
typedef struct RAND_METHOD RAND_METHOD;
#include <hcrypto/bn.h>
#include <hcrypto/engine.h>
/* symbol renaming */
#define RAND_bytes hc_RAND_bytes
#define RAND_pseudo_bytes hc_RAND_pseudo_bytes
#define RAND_seed hc_RAND_seed
#define RAND_cleanup hc_RAND_cleanup
#define RAND_add hc_RAND_add
#define RAND_set_rand_method hc_RAND_set_rand_method
#define RAND_get_rand_method hc_RAND_get_rand_method
#define RAND_set_rand_engine hc_RAND_set_rand_engine
#define RAND_load_file hc_RAND_load_file
#define RAND_write_file hc_RAND_write_file
#define RAND_status hc_RAND_status
#define RAND_egd hc_RAND_egd
/*
*
*/
int RAND_bytes(void *, size_t num);
int RAND_pseudo_bytes(void *, size_t);
struct RAND_METHOD
{
void (*seed)(const void *, int);
int (*bytes)(unsigned char *, int);
void (*cleanup)(void);
void (*add)(const void *, int, double);
int (*pseudorand)(unsigned char *, int);
int (*status)(void);
};
/*
*
*/
int RAND_bytes(void *, size_t num);
int RAND_pseudo_bytes(void *, size_t);
void RAND_seed(const void *, size_t);
void RAND_cleanup(void);
void RAND_add(const void *, size_t, double);
int RAND_set_rand_method(const RAND_METHOD *);
const RAND_METHOD *
RAND_get_rand_method(void);
int RAND_set_rand_engine(ENGINE *);
int RAND_load_file(const char *, size_t);
int RAND_write_file(const char *);
int RAND_status(void);
int RAND_egd(const char *);
#endif /* _HEIM_RAND_H */

4
source4/heimdal/lib/des/rc2.c
View File

@ -33,7 +33,7 @@
#ifdef HAVE_CONFIG_H
#include <config.h>
RCSID("$Id: rc2.c,v 1.6 2005/06/18 22:47:33 lha Exp $");
RCSID("$Id: rc2.c,v 1.7 2006/04/09 17:03:21 lha Exp $");
#endif
#include "rc2.h"
@ -87,6 +87,8 @@ RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
unsigned char k[128];
int j, T8, TM;
if (len <= 0)
abort();
if (len > 128)
len = 128;
if (bits <= 0 || bits > 1024)

4
source4/heimdal/lib/des/rsa.h
View File

@ -32,7 +32,7 @@
*/
/*
* $Id: rsa.h,v 1.2 2006/01/13 15:26:52 lha Exp $
* $Id: rsa.h,v 1.4 2006/04/16 19:38:23 lha Exp $
*/
#ifndef _HEIM_RSA_H
@ -59,6 +59,7 @@
#define RSA_sign hc_RSA_sign
#define RSA_verify hc_RSA_verify
#define d2i_RSAPrivateKey hc_d2i_RSAPrivateKey
#define i2d_RSAPublicKey hc_i2d_RSAPublicKey
/*
*
@ -160,5 +161,6 @@ int RSA_verify(int, const unsigned char *, unsigned int,
unsigned char *, unsigned int, RSA *);
RSA * d2i_RSAPrivateKey(RSA *, const unsigned char **, size_t);
int i2d_RSAPublicKey(RSA *, unsigned char **);
#endif /* _HEIM_RSA_H */

25
source4/heimdal/lib/des/sha.h
View File

@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
/* $Id: sha.h,v 1.9 2006/01/08 21:47:29 lha Exp $ */
/* $Id: sha.h,v 1.10 2006/04/15 07:54:11 lha Exp $ */
#ifndef HEIM_SHA_H
#define HEIM_SHA_H 1
@ -40,9 +40,12 @@
#define SHA1_Init hc_SHA1_Init
#define SHA1_Update hc_SHA1_Update
#define SHA1_Final hc_SHA1_Final
#define SHA256_Init hc_SHA256_Init
#define SHA256_Update hc_SHA256_Update
#define SHA256_Final hc_SHA256_Final
/*
*
* SHA-1
*/
#define SHA_DIGEST_LENGTH 20
@ -59,4 +62,22 @@ void SHA1_Init (struct sha *m);
void SHA1_Update (struct sha *m, const void *v, size_t len);
void SHA1_Final (void *res, struct sha *m);
/*
* SHA-2 256
*/
#define SHA256_DIGEST_LENGTH 32
struct hc_sha256state {
unsigned int sz[2];
u_int32_t counter[8];
unsigned char save[64];
};
typedef struct hc_sha256state SHA256_CTX;
void SHA256_Init (SHA256_CTX *);
void SHA256_Update (SHA256_CTX *, const void *, size_t);
void SHA256_Final (void *, SHA256_CTX *);
#endif /* HEIM_SHA_H */

233
source4/heimdal/lib/des/sha256.c Normal file
View File

@ -0,0 +1,233 @@
/*
* Copyright (c) 1995 - 2001, 2006 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include "config.h"
RCSID("$Id: sha256.c,v 1.1 2006/04/15 07:53:07 lha Exp $");
#endif
#include "hash.h"
#include "sha.h"
#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
#define ROTR(x,n) (((x)>>(n)) | ((x) << (32 - (n))))
#define Sigma0(x) (ROTR(x,2) ^ ROTR(x,13) ^ ROTR(x,22))
#define Sigma1(x) (ROTR(x,6) ^ ROTR(x,11) ^ ROTR(x,25))
#define sigma0(x) (ROTR(x,7) ^ ROTR(x,18) ^ ((x)>>3))
#define sigma1(x) (ROTR(x,17) ^ ROTR(x,19) ^ ((x)>>10))
#define A m->counter[0]
#define B m->counter[1]
#define C m->counter[2]
#define D m->counter[3]
#define E m->counter[4]
#define F m->counter[5]
#define G m->counter[6]
#define H m->counter[7]
static const u_int32_t constant_256[64] = {
0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
};
void
SHA256_Init (SHA256_CTX *m)
{
m->sz[0] = 0;
m->sz[1] = 0;
A = 0x6a09e667;
B = 0xbb67ae85;
C = 0x3c6ef372;
D = 0xa54ff53a;
E = 0x510e527f;
F = 0x9b05688c;
G = 0x1f83d9ab;
H = 0x5be0cd19;
}
static void
calc (SHA256_CTX *m, u_int32_t *in)
{
u_int32_t AA, BB, CC, DD, EE, FF, GG, HH;
u_int32_t data[64];
int i;
AA = A;
BB = B;
CC = C;
DD = D;
EE = E;
FF = F;
GG = G;
HH = H;
for (i = 0; i < 16; ++i)
data[i] = in[i];
for (i = 16; i < 64; ++i)
data[i] = sigma1(data[i-2]) + data[i-7] +
sigma0(data[i-15]) + data[i - 16];
for (i = 0; i < 64; i++) {
u_int32_t T1, T2;
T1 = HH + Sigma1(EE) + Ch(EE, FF, GG) + constant_256[i] + data[i];
T2 = Sigma0(AA) + Maj(AA,BB,CC);
HH = GG;
GG = FF;
FF = EE;
EE = DD + T1;
DD = CC;
CC = BB;
BB = AA;
AA = T1 + T2;
}
A += AA;
B += BB;
C += CC;
D += DD;
E += EE;
F += FF;
G += GG;
H += HH;
}
/*
* From `Performance analysis of MD5' by Joseph D. Touch <touch@isi.edu>
*/
#if !defined(WORDS_BIGENDIAN) || defined(_CRAY)
static inline u_int32_t
swap_u_int32_t (u_int32_t t)
{
#define ROL(x,n) ((x)<<(n))|((x)>>(32-(n)))
u_int32_t temp1, temp2;
temp1 = cshift(t, 16);
temp2 = temp1 >> 8;
temp1 &= 0x00ff00ff;
temp2 &= 0x00ff00ff;
temp1 <<= 8;
return temp1 | temp2;
}
#endif
struct x32{
unsigned int a:32;
unsigned int b:32;
};
void
SHA256_Update (SHA256_CTX *m, const void *v, size_t len)
{
const unsigned char *p = v;
size_t old_sz = m->sz[0];
size_t offset;
m->sz[0] += len * 8;
if (m->sz[0] < old_sz)
++m->sz[1];
offset = (old_sz / 8) % 64;
while(len > 0){
size_t l = min(len, 64 - offset);
memcpy(m->save + offset, p, l);
offset += l;
p += l;
len -= l;
if(offset == 64){
#if !defined(WORDS_BIGENDIAN) || defined(_CRAY)
int i;
u_int32_t current[16];
struct x32 *u = (struct x32*)m->save;
for(i = 0; i < 8; i++){
current[2*i+0] = swap_u_int32_t(u[i].a);
current[2*i+1] = swap_u_int32_t(u[i].b);
}
calc(m, current);
#else
calc(m, (u_int32_t*)m->save);
#endif
offset = 0;
}
}
}
void
SHA256_Final (void *res, SHA256_CTX *m)
{
unsigned char zeros[72];
unsigned offset = (m->sz[0] / 8) % 64;
unsigned int dstart = (120 - offset - 1) % 64 + 1;
*zeros = 0x80;
memset (zeros + 1, 0, sizeof(zeros) - 1);
zeros[dstart+7] = (m->sz[0] >> 0) & 0xff;
zeros[dstart+6] = (m->sz[0] >> 8) & 0xff;
zeros[dstart+5] = (m->sz[0] >> 16) & 0xff;
zeros[dstart+4] = (m->sz[0] >> 24) & 0xff;
zeros[dstart+3] = (m->sz[1] >> 0) & 0xff;
zeros[dstart+2] = (m->sz[1] >> 8) & 0xff;
zeros[dstart+1] = (m->sz[1] >> 16) & 0xff;
zeros[dstart+0] = (m->sz[1] >> 24) & 0xff;
SHA256_Update (m, zeros, dstart + 8);
{
int i;
unsigned char *r = (unsigned char*)res;
for (i = 0; i < 8; ++i) {
r[4*i+3] = m->counter[i] & 0xFF;
r[4*i+2] = (m->counter[i] >> 8) & 0xFF;
r[4*i+1] = (m->counter[i] >> 16) & 0xFF;
r[4*i] = (m->counter[i] >> 24) & 0xFF;
}
}
}

1
source4/heimdal/lib/gssapi/accept_sec_context.c
View File

@ -77,7 +77,6 @@ gsskrb5_is_cfx(gss_ctx_id_t context_handle, int *is_cfx)
{
krb5_keyblock *key;
int acceptor = (context_handle->more_flags & LOCAL) == 0;
*is_cfx = 0;
if (acceptor) {
if (context_handle->auth_context->local_subkey)

12
source4/heimdal/lib/gssapi/get_mic.c
View File

@ -33,7 +33,7 @@
#include "gssapi_locl.h"
RCSID("$Id: get_mic.c,v 1.29 2005/01/05 02:52:12 lukeh Exp $");
RCSID("$Id: get_mic.c,v 1.30 2006/04/02 02:12:52 lha Exp $");
static OM_uint32
mic_des
@ -59,6 +59,7 @@ mic_des
message_token->length = total_len;
message_token->value = malloc (total_len);
if (message_token->value == NULL) {
message_token->length = 0;
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
@ -150,6 +151,7 @@ mic_des3
message_token->length = total_len;
message_token->value = malloc (total_len);
if (message_token->value == NULL) {
message_token->length = 0;
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
@ -179,6 +181,8 @@ mic_des3
kret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto);
if (kret) {
free (message_token->value);
message_token->value = NULL;
message_token->length = 0;
free (tmp);
gssapi_krb5_set_error_string ();
*minor_status = kret;
@ -196,6 +200,8 @@ mic_des3
krb5_crypto_destroy (gssapi_krb5_context, crypto);
if (kret) {
free (message_token->value);
message_token->value = NULL;
message_token->length = 0;
gssapi_krb5_set_error_string ();
*minor_status = kret;
return GSS_S_FAILURE;
@ -221,6 +227,8 @@ mic_des3
ETYPE_DES3_CBC_NONE, &crypto);
if (kret) {
free (message_token->value);
message_token->value = NULL;
message_token->length = 0;
gssapi_krb5_set_error_string ();
*minor_status = kret;
return GSS_S_FAILURE;
@ -238,6 +246,8 @@ mic_des3
krb5_crypto_destroy (gssapi_krb5_context, crypto);
if (kret) {
free (message_token->value);
message_token->value = NULL;
message_token->length = 0;
gssapi_krb5_set_error_string ();
*minor_status = kret;
return GSS_S_FAILURE;

10
source4/heimdal/lib/gssapi/gssapi_locl.h
View File

@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
/* $Id: gssapi_locl.h,v 1.43 2005/11/02 08:51:17 lha Exp $ */
/* $Id: gssapi_locl.h,v 1.44 2006/04/12 17:44:05 lha Exp $ */
#ifndef GSSAPI_LOCL_H
#define GSSAPI_LOCL_H
@ -290,6 +290,14 @@ _gssapi_msg_order_check(struct gss_msg_order *, OM_uint32);
OM_uint32
_gssapi_msg_order_f(OM_uint32);
OM_uint32
_gssapi_msg_order_import(OM_uint32 *, krb5_storage *,
struct gss_msg_order **);
krb5_error_code
_gssapi_msg_order_export(krb5_storage *, struct gss_msg_order *);
/* 8003 */
krb5_error_code

2
source4/heimdal/lib/gssapi/init_sec_context.c
View File

@ -33,7 +33,7 @@
#include "gssapi_locl.h"
RCSID("$Id: init_sec_context.c,v 1.61 2005/11/02 11:52:49 lha Exp $");
RCSID("$Id: init_sec_context.c,v 1.62 2006/04/09 18:45:18 lha Exp $");
/*
* copy the addresses from `input_chan_bindings' (if any) to

131
source4/heimdal/lib/gssapi/sequence.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003 Kungliga Tekniska Högskolan
* Copyright (c) 2003 - 2006 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,7 +33,7 @@
#include "gssapi_locl.h"
RCSID("$Id: sequence.c,v 1.5 2005/04/27 17:49:43 lha Exp $");
RCSID("$Id: sequence.c,v 1.6 2006/04/12 17:43:39 lha Exp $");
#define DEFAULT_JITTER_WINDOW 20
@ -46,6 +46,32 @@ struct gss_msg_order {
OM_uint32 elem[1];
};
/*
*
*/
static OM_uint32
msg_order_alloc(OM_uint32 *minor_status,
struct gss_msg_order **o,
OM_uint32 jitter_window)
{
size_t len;
len = jitter_window * sizeof((*o)->elem[0]);
len += sizeof(**o);
len -= sizeof((*o)->elem[0]);
*o = calloc(1, len);
if (*o == NULL) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
*minor_status = 0;
return GSS_S_COMPLETE;
}
/*
*
*/
@ -58,21 +84,15 @@ _gssapi_msg_order_create(OM_uint32 *minor_status,
OM_uint32 jitter_window,
int use_64)
{
size_t len;
OM_uint32 ret;
if (jitter_window == 0)
jitter_window = DEFAULT_JITTER_WINDOW;
len = jitter_window * sizeof((*o)->elem[0]);
len += sizeof(**o);
len -= sizeof((*o)->elem[0]);
*o = malloc(len);
if (*o == NULL) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
memset(*o, 0, len);
ret = msg_order_alloc(minor_status, o, jitter_window);
if(ret != GSS_S_COMPLETE)
return ret;
(*o)->flags = flags;
(*o)->length = 0;
(*o)->first_seq = seq_num;
@ -187,3 +207,88 @@ _gssapi_msg_order_f(OM_uint32 flags)
{
return flags & (GSS_C_SEQUENCE_FLAG|GSS_C_REPLAY_FLAG);
}
/*
* Translate `o` into inter-process format and export in to `sp'.
*/
krb5_error_code
_gssapi_msg_order_export(krb5_storage *sp, struct gss_msg_order *o)
{
krb5_error_code kret;
OM_uint32 i;
kret = krb5_store_int32(sp, o->flags);
if (kret)
return kret;
kret = krb5_store_int32(sp, o->start);
if (kret)
return kret;
kret = krb5_store_int32(sp, o->length);
if (kret)
return kret;
kret = krb5_store_int32(sp, o->jitter_window);
if (kret)
return kret;
kret = krb5_store_int32(sp, o->first_seq);
if (kret)
return kret;
for (i = 0; i < o->jitter_window; i++) {
kret = krb5_store_int32(sp, o->elem[i]);
if (kret)
return kret;
}
return 0;
}
OM_uint32
_gssapi_msg_order_import(OM_uint32 *minor_status,
krb5_storage *sp,
struct gss_msg_order **o)
{
OM_uint32 ret;
krb5_error_code kret;
int32_t i, flags, start, length, jitter_window, first_seq;
kret = krb5_ret_int32(sp, &flags);
if (kret)
goto failed;
ret = krb5_ret_int32(sp, &start);
if (kret)
goto failed;
ret = krb5_ret_int32(sp, &length);
if (kret)
goto failed;
ret = krb5_ret_int32(sp, &jitter_window);
if (kret)
goto failed;
ret = krb5_ret_int32(sp, &first_seq);
if (kret)
goto failed;
ret = msg_order_alloc(minor_status, o, jitter_window);
if (ret != GSS_S_COMPLETE)
return ret;
(*o)->flags = flags;
(*o)->start = start;
(*o)->length = length;
(*o)->jitter_window = jitter_window;
(*o)->first_seq = first_seq;
for( i = 0; i < jitter_window; i++ ) {
kret = krb5_ret_int32(sp, (int32_t*)&((*o)->elem[i]));
if (kret)
goto failed;
}
*minor_status = 0;
return GSS_S_COMPLETE;
failed:
_gssapi_msg_order_destroy(o);
*minor_status = kret;
return GSS_S_FAILURE;
}

16
source4/heimdal/lib/gssapi/wrap.c
View File

@ -33,7 +33,7 @@
#include "gssapi_locl.h"
RCSID("$Id: wrap.c,v 1.31 2005/01/05 02:52:12 lukeh Exp $");
RCSID("$Id: wrap.c,v 1.32 2006/04/02 02:10:03 lha Exp $");
OM_uint32
gsskrb5_get_initiator_subkey(OM_uint32 *minor_status,
@ -316,6 +316,7 @@ wrap_des
output_message_buffer->length = total_len;
output_message_buffer->value = malloc (total_len);
if (output_message_buffer->value == NULL) {
output_message_buffer->length = 0;
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
@ -440,6 +441,7 @@ wrap_des3
output_message_buffer->length = total_len;
output_message_buffer->value = malloc (total_len);
if (output_message_buffer->value == NULL) {
output_message_buffer->length = 0;
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
@ -474,6 +476,8 @@ wrap_des3
if (ret) {
gssapi_krb5_set_error_string ();
free (output_message_buffer->value);
output_message_buffer->length = 0;
output_message_buffer->value = NULL;
*minor_status = ret;
return GSS_S_FAILURE;
}
@ -489,6 +493,8 @@ wrap_des3
if (ret) {
gssapi_krb5_set_error_string ();
free (output_message_buffer->value);
output_message_buffer->length = 0;
output_message_buffer->value = NULL;
*minor_status = ret;
return GSS_S_FAILURE;
}
@ -518,6 +524,8 @@ wrap_des3
&crypto);
if (ret) {
free (output_message_buffer->value);
output_message_buffer->length = 0;
output_message_buffer->value = NULL;
*minor_status = ret;
return GSS_S_FAILURE;
}
@ -536,6 +544,8 @@ wrap_des3
if (ret) {
gssapi_krb5_set_error_string ();
free (output_message_buffer->value);
output_message_buffer->length = 0;
output_message_buffer->value = NULL;
*minor_status = ret;
return GSS_S_FAILURE;
}
@ -561,6 +571,8 @@ wrap_des3
if (ret) {
gssapi_krb5_set_error_string ();
free (output_message_buffer->value);
output_message_buffer->length = 0;
output_message_buffer->value = NULL;
*minor_status = ret;
return GSS_S_FAILURE;
}
@ -570,6 +582,8 @@ wrap_des3
if (ret) {
gssapi_krb5_set_error_string ();
free (output_message_buffer->value);
output_message_buffer->length = 0;
output_message_buffer->value = NULL;
*minor_status = ret;
return GSS_S_FAILURE;
}

7
source4/heimdal/lib/hdb/keys.c
View File

@ -33,7 +33,7 @@
#include "hdb_locl.h"
RCSID("$Id: keys.c,v 1.3 2005/03/17 00:42:05 lha Exp $");
RCSID("$Id: keys.c,v 1.4 2006/04/02 00:45:48 lha Exp $");
/*
* free all the memory used by (len, keys)
@ -298,6 +298,7 @@ hdb_generate_key_set(krb5_context context, krb5_principal principal,
&enctypes, &num_enctypes, &salt, principal);
if (ret) {
krb5_warnx(context, "bad value for default_keys `%s'", *kp);
ret = 0;
continue;
}
@ -334,6 +335,8 @@ hdb_generate_key_set(krb5_context context, krb5_principal principal,
krb5_free_salt(context, salt);
}
*ret_key_set = key_set;
out:
if (ret) {
krb5_warn(context, ret,
@ -348,8 +351,6 @@ hdb_generate_key_set(krb5_context context, krb5_principal principal,
ret = EINVAL; /* XXX */
}
*ret_key_set = key_set;
return ret;
}

4
source4/heimdal/lib/hdb/keytab.c
View File

@ -35,7 +35,7 @@
/* keytab backend for HDB databases */
RCSID("$Id: keytab.c,v 1.8 2005/12/12 12:35:36 lha Exp $");
RCSID("$Id: keytab.c,v 1.10 2006/04/02 20:20:45 lha Exp $");
struct hdb_data {
char *dbname;
@ -76,7 +76,7 @@ hdb_resolve(krb5_context context, const char *name, krb5_keytab id)
if((mkey - db) == 0) {
d->dbname = NULL;
} else {
d->dbname = malloc(mkey - db);
d->dbname = malloc(mkey - db + 1);
if(d->dbname == NULL) {
free(d);
krb5_set_error_string(context, "malloc: out of memory");

64
source4/heimdal/lib/krb5/acache.c
View File

@ -37,7 +37,7 @@
#include <dlfcn.h>
#endif
RCSID("$Id: acache.c,v 1.14 2005/10/03 08:44:18 lha Exp $");
RCSID("$Id: acache.c,v 1.15 2006/03/27 04:22:23 lha Exp $");
/* XXX should we fetch these for each open ? */
static HEIMDAL_MUTEX acc_mutex = HEIMDAL_MUTEX_INITIALIZER;
@ -218,7 +218,36 @@ make_cred_from_ccred(krb5_context context,
}
}
cred->flags.b = int2TicketFlags(incred->ticket_flags); /* XXX */
cred->flags.i = 0;
if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_FORWARDABLE)
cred->flags.b.forwardable = 1;
if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_FORWARDED)
cred->flags.b.forwarded = 1;
if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_PROXIABLE)
cred->flags.b.proxiable = 1;
if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_PROXY)
cred->flags.b.proxy = 1;
if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_MAY_POSTDATE)
cred->flags.b.may_postdate = 1;
if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_POSTDATED)
cred->flags.b.postdated = 1;
if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_INVALID)
cred->flags.b.invalid = 1;
if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_RENEWABLE)
cred->flags.b.renewable = 1;
if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_INITIAL)
cred->flags.b.initial = 1;
if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_PRE_AUTH)
cred->flags.b.pre_authent = 1;
if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_HW_AUTH)
cred->flags.b.hw_authent = 1;
if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_TRANSIT_POLICY_CHECKED)
cred->flags.b.transited_policy_checked = 1;
if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_OK_AS_DELEGATE)
cred->flags.b.ok_as_delegate = 1;
if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_ANONYMOUS)
cred->flags.b.anonymous = 1;
return 0;
nomem:
@ -310,7 +339,36 @@ make_ccred_from_cred(krb5_context context,
}
cred->addresses[i] = NULL;
cred->ticket_flags = TicketFlags2int(incred->flags.b); /* XXX */
cred->ticket_flags = 0;
if (incred->flags.b.forwardable)
cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_FORWARDABLE;
if (incred->flags.b.forwarded)
cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_FORWARDED;
if (incred->flags.b.proxiable)
cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_PROXIABLE;
if (incred->flags.b.proxy)
cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_PROXY;
if (incred->flags.b.may_postdate)
cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_MAY_POSTDATE;
if (incred->flags.b.postdated)
cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_POSTDATED;
if (incred->flags.b.invalid)
cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_INVALID;
if (incred->flags.b.renewable)
cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_RENEWABLE;
if (incred->flags.b.initial)
cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_INITIAL;
if (incred->flags.b.pre_authent)
cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_PRE_AUTH;
if (incred->flags.b.hw_authent)
cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_HW_AUTH;
if (incred->flags.b.transited_policy_checked)
cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_TRANSIT_POLICY_CHECKED;
if (incred->flags.b.ok_as_delegate)
cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_OK_AS_DELEGATE;
if (incred->flags.b.anonymous)
cred->ticket_flags |= KRB5_CCAPI_TKT_FLG_ANONYMOUS;
return 0;
fail:

3
source4/heimdal/lib/krb5/addr_families.c
View File

@ -33,7 +33,7 @@
#include "krb5_locl.h"
RCSID("$Id: addr_families.c,v 1.50 2006/03/17 22:12:13 lha Exp $");
RCSID("$Id: addr_families.c,v 1.51 2006/04/02 02:17:31 lha Exp $");
struct addr_operations {
int af;
@ -1136,6 +1136,7 @@ krb5_make_addrport (krb5_context context,
if (ret) {
krb5_set_error_string(context, "malloc: out of memory");
free (*res);
*res = NULL;
return ret;
}
p = (*res)->address.data;

11
source4/heimdal/lib/krb5/build_auth.c
View File

@ -33,7 +33,7 @@
#include <krb5_locl.h>
RCSID("$Id: build_auth.c,v 1.42 2005/01/05 02:34:53 lukeh Exp $");
RCSID("$Id: build_auth.c,v 1.43 2006/04/10 08:53:21 lha Exp $");
static krb5_error_code
make_etypelist(krb5_context context,
@ -116,13 +116,12 @@ krb5_build_authenticator (krb5_context context,
krb5_error_code ret;
krb5_crypto crypto;
auth = malloc(sizeof(*auth));
auth = calloc(1, sizeof(*auth));
if (auth == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
memset (auth, 0, sizeof(*auth));
auth->authenticator_vno = 5;
copy_Realm(&cred->client->realm, &auth->crealm);
copy_PrincipalName(&cred->client->name, &auth->cname);
@ -161,10 +160,8 @@ krb5_build_authenticator (krb5_context context,
/* XXX - Copy more to auth_context? */
if (auth_context) {
auth_context->authenticator->ctime = auth->ctime;
auth_context->authenticator->cusec = auth->cusec;
}
auth_context->authenticator->ctime = auth->ctime;
auth_context->authenticator->cusec = auth->cusec;
ASN1_MALLOC_ENCODE(Authenticator, buf, buf_size, auth, &len, ret);
if (ret)

5
source4/heimdal/lib/krb5/cache.c
View File

@ -33,7 +33,7 @@
#include "krb5_locl.h"
RCSID("$Id: cache.c,v 1.77 2005/12/13 15:42:36 lha Exp $");
RCSID("$Id: cache.c,v 1.79 2006/04/02 00:54:48 lha Exp $");
/*
* Add a new ccache type with operations `ops', overwriting any
@ -316,7 +316,7 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
}
if (append == NULL) {
free(*res);
res = NULL;
*res = NULL;
krb5_set_error_string(context, "malloc - out of memory");
return ENOMEM;
}
@ -324,6 +324,7 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
tlen = strlen(append);
tmp = realloc(*res, len + tlen + 1);
if (tmp == NULL) {
free(append);
free(*res);
*res = NULL;
krb5_set_error_string(context, "malloc - out of memory");

4
source4/heimdal/lib/krb5/config_file.c
View File

@ -32,7 +32,7 @@
*/
#include "krb5_locl.h"
RCSID("$Id: config_file.c,v 1.53 2005/06/16 20:22:53 lha Exp $");
RCSID("$Id: config_file.c,v 1.54 2006/04/02 00:59:19 lha Exp $");
#ifndef HAVE_NETINFO
@ -574,7 +574,7 @@ krb5_config_vget_strings(krb5_context context,
}
if(nstr){
char **tmp = realloc(strings, (nstr + 1) * sizeof(*strings));
if(strings == NULL)
if(tmp == NULL)
goto cleanup;
strings = tmp;
strings[nstr] = NULL;

6
source4/heimdal/lib/krb5/crypto.c
View File

@ -32,7 +32,7 @@
*/
#include "krb5_locl.h"
RCSID("$Id: crypto.c,v 1.133 2006/03/07 19:34:55 lha Exp $");
RCSID("$Id: crypto.c,v 1.134 2006/04/10 08:58:53 lha Exp $");
#undef CRYPTO_DEBUG
#ifdef CRYPTO_DEBUG
@ -4096,7 +4096,7 @@ krb5_string_to_key_derived(krb5_context context,
struct encryption_type *et = _find_enctype(etype);
krb5_error_code ret;
struct key_data kd;
size_t keylen = et->keytype->bits / 8;
size_t keylen;
u_char *tmp;
if(et == NULL) {
@ -4104,6 +4104,8 @@ krb5_string_to_key_derived(krb5_context context,
etype);
return KRB5_PROG_ETYPE_NOSUPP;
}
keylen = et->keytype->bits / 8;
ALLOC(kd.key, 1);
if(kd.key == NULL) {
krb5_set_error_string (context, "malloc: out of memory");

3
source4/heimdal/lib/krb5/data.c
View File

@ -33,7 +33,7 @@
#include "krb5_locl.h"
RCSID("$Id: data.c,v 1.19 2004/05/25 21:22:23 lha Exp $");
RCSID("$Id: data.c,v 1.20 2006/04/02 01:06:07 lha Exp $");
void KRB5_LIB_FUNCTION
krb5_data_zero(krb5_data *p)
@ -114,6 +114,7 @@ krb5_copy_data(krb5_context context,
if(ret) {
krb5_clear_error_string (context);
free(*outdata);
*outdata = NULL;
}
return ret;
}

7
source4/heimdal/lib/krb5/fcache.c
View File

@ -33,7 +33,7 @@
#include "krb5_locl.h"
RCSID("$Id: fcache.c,v 1.51 2005/08/12 13:31:19 lha Exp $");
RCSID("$Id: fcache.c,v 1.52 2006/04/02 01:04:37 lha Exp $");
typedef struct krb5_fcache{
char *filename;
@ -269,10 +269,11 @@ fcc_gen_new(krb5_context context, krb5_ccache *id)
}
fd = mkstemp(file);
if(fd < 0) {
int ret = errno;
krb5_set_error_string(context, "mkstemp %s", file);
free(f);
free(file);
krb5_set_error_string(context, "mkstemp %s", file);
return errno;
return ret;
}
close(fd);
f->filename = file;

7
source4/heimdal/lib/krb5/get_for_creds.c
View File

@ -33,7 +33,7 @@
#include <krb5_locl.h>
RCSID("$Id: get_for_creds.c,v 1.48 2006/03/07 19:38:09 lha Exp $");
RCSID("$Id: get_for_creds.c,v 1.49 2006/04/10 09:28:15 lha Exp $");
static krb5_error_code
add_addrs(krb5_context context,
@ -180,10 +180,7 @@ krb5_get_forwarded_creds (krb5_context context,
addrs.len = 0;
addrs.val = NULL;
if (in_creds->client && in_creds->client->realm)
realm = in_creds->client->realm;
else
realm = in_creds->server->realm;
realm = in_creds->client->realm;
krb5_appdefault_boolean(context, NULL, realm, "no-addresses-ever",
TRUE, &noaddr_ever);

4
source4/heimdal/lib/krb5/init_creds.c
View File

@ -33,7 +33,7 @@
#include "krb5_locl.h"
RCSID("$Id: init_creds.c,v 1.22 2006/02/03 11:42:31 lha Exp $");
RCSID("$Id: init_creds.c,v 1.23 2006/04/02 01:08:30 lha Exp $");
void KRB5_LIB_FUNCTION
krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt)
@ -75,7 +75,7 @@ _krb5_get_init_creds_opt_copy(krb5_context context,
krb5_get_init_creds_opt *opt;
*out = NULL;
opt = malloc(sizeof(*opt));
opt = calloc(1, sizeof(*opt));
if (opt == NULL) {
krb5_set_error_string(context, "out of memory");
return ENOMEM;

29
source4/heimdal/lib/krb5/init_creds_pw.c
View File

@ -33,7 +33,7 @@
#include "krb5_locl.h"
RCSID("$Id: init_creds_pw.c,v 1.90 2005/10/12 12:45:11 lha Exp $");
RCSID("$Id: init_creds_pw.c,v 1.92 2006/04/02 01:20:15 lha Exp $");
typedef struct krb5_get_init_creds_ctx {
krb5_kdc_flags flags;
@ -79,8 +79,10 @@ default_s2k_func(krb5_context context, krb5_enctype type,
return ENOMEM;
ret = krb5_string_to_key_data_salt_opaque(context, type, password,
salt, opaque, *key);
if (ret)
if (ret) {
free(*key);
*key = NULL;
}
return ret;
}
@ -545,23 +547,14 @@ init_creds_init_as_req (krb5_context context,
krb5_set_error_string(context, "malloc: out of memory");
goto fail;
}
if (creds->client) {
ret = _krb5_principal2principalname (a->req_body.cname, creds->client);
if (ret)
goto fail;
ret = copy_Realm(&creds->client->realm, &a->req_body.realm);
if (ret)
goto fail;
} else {
krb5_realm realm;
a->req_body.cname = NULL;
ret = krb5_get_default_realm(context, &realm);
if (ret)
goto fail;
ret = copy_Realm(&realm, &a->req_body.realm);
free(realm);
}
ret = _krb5_principal2principalname (a->req_body.cname, creds->client);
if (ret)
goto fail;
ret = copy_Realm(&creds->client->realm, &a->req_body.realm);
if (ret)
goto fail;
ret = _krb5_principal2principalname (a->req_body.sname, creds->server);
if (ret)
goto fail;

33
source4/heimdal/lib/krb5/keytab_any.c
View File

@ -33,7 +33,7 @@
#include "krb5_locl.h"
RCSID("$Id: keytab_any.c,v 1.7 2002/10/21 13:36:59 joda Exp $");
RCSID("$Id: keytab_any.c,v 1.8 2006/04/10 09:20:13 lha Exp $");
struct any_data {
krb5_keytab kt;
@ -162,23 +162,22 @@ any_next_entry (krb5_context context,
ret = krb5_kt_next_entry(context, ed->a->kt, entry, &ed->cursor);
if (ret == 0)
return 0;
else if (ret == KRB5_KT_END) {
ret2 = krb5_kt_end_seq_get (context, ed->a->kt, &ed->cursor);
if (ret2)
return ret2;
while ((ed->a = ed->a->next) != NULL) {
ret2 = krb5_kt_start_seq_get(context, ed->a->kt, &ed->cursor);
if (ret2 == 0)
break;
}
if (ed->a == NULL) {
krb5_clear_error_string (context);
return KRB5_KT_END;
}
} else
else if (ret != KRB5_KT_END)
return ret;
} while (ret == KRB5_KT_END);
return ret;
ret2 = krb5_kt_end_seq_get (context, ed->a->kt, &ed->cursor);
if (ret2)
return ret2;
while ((ed->a = ed->a->next) != NULL) {
ret2 = krb5_kt_start_seq_get(context, ed->a->kt, &ed->cursor);
if (ret2 == 0)
break;
}
if (ed->a == NULL) {
krb5_clear_error_string (context);
return KRB5_KT_END;
}
} while (1);
}
static krb5_error_code

40
source4/heimdal/lib/krb5/keytab_file.c
View File

@ -33,7 +33,7 @@
#include "krb5_locl.h"
RCSID("$Id: keytab_file.c,v 1.20 2005/07/13 06:08:07 lha Exp $");
RCSID("$Id: keytab_file.c,v 1.22 2006/04/07 21:57:31 lha Exp $");
#define KRB5_KT_VNO_1 1
#define KRB5_KT_VNO_2 2
@ -164,7 +164,7 @@ krb5_kt_ret_principal(krb5_context context,
int i;
int ret;
krb5_principal p;
int16_t tmp;
int16_t len;
ALLOC(p, 1);
if(p == NULL) {
@ -172,25 +172,34 @@ krb5_kt_ret_principal(krb5_context context,
return ENOMEM;
}
ret = krb5_ret_int16(sp, &tmp);
if(ret)
return ret;
ret = krb5_ret_int16(sp, &len);
if(ret) {
krb5_set_error_string(context,
"Failed decoding length of keytab principal");
goto out;
}
if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS))
tmp--;
p->name.name_string.len = tmp;
len--;
if (len < 0) {
krb5_set_error_string(context,
"Keytab principal contains invalid length");
ret = KRB5_KT_END;
goto out;
}
ret = krb5_kt_ret_string(context, sp, &p->realm);
if(ret)
return ret;
p->name.name_string.val = calloc(p->name.name_string.len,
sizeof(*p->name.name_string.val));
goto out;
p->name.name_string.val = calloc(len, sizeof(*p->name.name_string.val));
if(p->name.name_string.val == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
ret = ENOMEM;
goto out;
}
p->name.name_string.len = len;
for(i = 0; i < p->name.name_string.len; i++){
ret = krb5_kt_ret_string(context, sp, p->name.name_string.val + i);
if(ret)
return ret;
goto out;
}
if (krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE))
p->name.name_type = KRB5_NT_UNKNOWN;
@ -199,10 +208,13 @@ krb5_kt_ret_principal(krb5_context context,
ret = krb5_ret_int32(sp, &tmp32);
p->name.name_type = tmp32;
if (ret)
return ret;
goto out;
}
*princ = p;
return 0;
out:
krb5_free_principal(context, p);
return ret;
}
static krb5_error_code
@ -423,7 +435,7 @@ loop:
}
}
if(start) *start = pos;
if(end) *end = *start + 4 + len;
if(end) *end = pos + 4 + len;
out:
krb5_storage_seek(cursor->sp, pos + 4 + len, SEEK_SET);
return ret;

3
source4/heimdal/lib/krb5/keytab_keyfile.c
View File

@ -33,7 +33,7 @@
#include "krb5_locl.h"
RCSID("$Id: keytab_keyfile.c,v 1.17 2005/09/30 11:20:53 lha Exp $");
RCSID("$Id: keytab_keyfile.c,v 1.18 2006/04/02 01:24:52 lha Exp $");
/* afs keyfile operations --------------------------------------- */
@ -94,6 +94,7 @@ get_cell_and_realm (krb5_context context,
f = fopen (AFS_SERVERMAGICKRBCONF, "r");
if (f != NULL) {
if (fgets (buf, sizeof(buf), f) == NULL) {
free (d->cell);
fclose (f);
krb5_set_error_string (context, "no realm in %s",
AFS_SERVERMAGICKRBCONF);

13
source4/heimdal/lib/krb5/keytab_krb4.c
View File

@ -33,7 +33,7 @@
#include "krb5_locl.h"
RCSID("$Id: keytab_krb4.c,v 1.13 2005/05/19 04:13:18 lha Exp $");
RCSID("$Id: keytab_krb4.c,v 1.15 2006/04/10 17:10:53 lha Exp $");
struct krb4_kt_data {
char *filename;
@ -139,6 +139,11 @@ krb4_kt_start_seq_get_int (krb5_context context,
return ret;
}
c->sp = krb5_storage_from_fd(c->fd);
if(c->sp == NULL) {
close(c->fd);
free(ed);
return ENOMEM;
}
krb5_storage_set_eof_code(c->sp, KRB5_KT_END);
return 0;
}
@ -302,11 +307,11 @@ krb4_kt_add_entry (krb5_context context,
}
}
sp = krb5_storage_from_fd(fd);
krb5_storage_set_eof_code(sp, KRB5_KT_END);
if(sp == NULL) {
close(fd);
return ENOMEM;
}
krb5_storage_set_eof_code(sp, KRB5_KT_END);
ret = krb4_store_keytab_entry(context, entry, sp);
krb5_storage_free(sp);
if(close (fd) < 0)
@ -316,8 +321,8 @@ krb4_kt_add_entry (krb5_context context,
static krb5_error_code
krb4_kt_remove_entry(krb5_context context,
krb5_keytab id,
krb5_keytab_entry *entry)
krb5_keytab id,
krb5_keytab_entry *entry)
{
struct krb4_kt_data *d = id->data;
krb5_error_code ret;

14
source4/heimdal/lib/krb5/krb5-private.h
View File

@ -302,19 +302,13 @@ void KRB5_LIB_FUNCTION
_krb5_pk_cert_free (struct krb5_pk_cert */*cert*/);
krb5_error_code KRB5_LIB_FUNCTION
_krb5_pk_create_sign (
krb5_context /*context*/,
const heim_oid */*eContentType*/,
krb5_data */*eContent*/,
struct krb5_pk_identity */*id*/,
krb5_data */*sd_data*/);
krb5_error_code KRB5_LIB_FUNCTION
_krb5_pk_load_openssl_id (
_krb5_pk_load_id (
krb5_context /*context*/,
struct krb5_pk_identity **/*ret_id*/,
const char */*user_id*/,
const char */*x509_anchors*/,
const char */*anchor_id*/,
char * const */*chain*/,
char * const */*revoke*/,
krb5_prompter_fct /*prompter*/,
void */*prompter_data*/,
char */*password*/);

2
source4/heimdal/lib/krb5/krb5-protos.h
View File

@ -1874,6 +1874,8 @@ krb5_get_init_creds_opt_set_pkinit (
krb5_principal /*principal*/,
const char */*user_id*/,
const char */*x509_anchors*/,
char * const * /*chain*/,
char * const * /*revoke*/,
int /*flags*/,
krb5_prompter_fct /*prompter*/,
void */*prompter_data*/,

21
source4/heimdal/lib/krb5/krb5_ccapi.h
View File

@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
/* $Id: krb5_ccapi.h,v 1.1 2004/09/11 04:00:42 lha Exp $ */
/* $Id: krb5_ccapi.h,v 1.2 2006/03/27 04:21:06 lha Exp $ */
#ifndef KRB5_CCAPI_H
#define KRB5_CCAPI_H 1
@ -43,7 +43,8 @@ enum {
};
enum {
ccapi_version_3 = 3
ccapi_version_3 = 3,
ccapi_version_4 = 4
};
enum {
@ -108,7 +109,21 @@ struct cc_credentials_v5_t {
cc_time_t endtime;
cc_time_t renew_till;
cc_uint32 is_skey;
cc_uint32 ticket_flags; /* XXX ticket flags undefined */
cc_uint32 ticket_flags;
#define KRB5_CCAPI_TKT_FLG_FORWARDABLE 0x40000000
#define KRB5_CCAPI_TKT_FLG_FORWARDED 0x20000000
#define KRB5_CCAPI_TKT_FLG_PROXIABLE 0x10000000
#define KRB5_CCAPI_TKT_FLG_PROXY 0x08000000
#define KRB5_CCAPI_TKT_FLG_MAY_POSTDATE 0x04000000
#define KRB5_CCAPI_TKT_FLG_POSTDATED 0x02000000
#define KRB5_CCAPI_TKT_FLG_INVALID 0x01000000
#define KRB5_CCAPI_TKT_FLG_RENEWABLE 0x00800000
#define KRB5_CCAPI_TKT_FLG_INITIAL 0x00400000
#define KRB5_CCAPI_TKT_FLG_PRE_AUTH 0x00200000
#define KRB5_CCAPI_TKT_FLG_HW_AUTH 0x00100000
#define KRB5_CCAPI_TKT_FLG_TRANSIT_POLICY_CHECKED 0x00080000
#define KRB5_CCAPI_TKT_FLG_OK_AS_DELEGATE 0x00040000
#define KRB5_CCAPI_TKT_FLG_ANONYMOUS 0x00020000
cc_data **addresses;
cc_data ticket;
cc_data second_ticket;

7
source4/heimdal/lib/krb5/krbhst.c
View File

@ -34,7 +34,7 @@
#include "krb5_locl.h"
#include <resolve.h>
RCSID("$Id: krbhst.c,v 1.53 2005/10/08 15:40:50 lha Exp $");
RCSID("$Id: krbhst.c,v 1.55 2006/04/02 10:32:20 lha Exp $");
static int
string_to_proto(const char *string)
@ -241,8 +241,9 @@ _krb5_krbhost_info_move(krb5_context context,
krb5_krbhst_info *from,
krb5_krbhst_info **to)
{
size_t hostnamelen = strlen(from->hostname);
/* trailing NUL is included in structure */
*to = calloc(1, sizeof(**to) + strlen(from->hostname));
*to = calloc(1, sizeof(**to) + hostnamelen);
if(*to == NULL) {
krb5_set_error_string(context, "malloc - out of memory");
return ENOMEM;
@ -254,7 +255,7 @@ _krb5_krbhost_info_move(krb5_context context,
(*to)->ai = from->ai;
from->ai = NULL;
(*to)->next = NULL;
strcpy((*to)->hostname, from->hostname);
memcpy((*to)->hostname, from->hostname, hostnamelen + 1);
return 0;
}

8
source4/heimdal/lib/krb5/log.c
View File

@ -33,7 +33,7 @@
#include "krb5_locl.h"
RCSID("$Id: log.c,v 1.36 2005/06/17 04:25:05 lha Exp $");
RCSID("$Id: log.c,v 1.38 2006/04/10 09:41:26 lha Exp $");
struct facility {
int min;
@ -284,7 +284,7 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig)
ret = open_file(context, f, min, max, NULL, NULL, stderr, 1);
}else if(strcmp(p, "CONSOLE") == 0){
ret = open_file(context, f, min, max, "/dev/console", "w", NULL, 0);
}else if(strncmp(p, "FILE:", 4) == 0 && (p[4] == ':' || p[4] == '=')){
}else if(strncmp(p, "FILE", 4) == 0 && (p[4] == ':' || p[4] == '=')){
char *fn;
FILE *file = NULL;
int keep_open = 0;
@ -300,6 +300,7 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig)
ret = errno;
krb5_set_error_string (context, "open(%s): %s", fn,
strerror(ret));
free(fn);
return ret;
}
file = fdopen(i, "a");
@ -308,12 +309,13 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig)
close(i);
krb5_set_error_string (context, "fdopen(%s): %s", fn,
strerror(ret));
free(fn);
return ret;
}
keep_open = 1;
}
ret = open_file(context, f, min, max, fn, "a", file, keep_open);
}else if(strncmp(p, "DEVICE=", 6) == 0){
}else if(strncmp(p, "DEVICE", 6) == 0 && (p[6] == ':' || p[6] == '=')){
ret = open_file(context, f, min, max, strdup(p + 7), "w", NULL, 0);
}else if(strncmp(p, "SYSLOG", 6) == 0 && (p[6] == '\0' || p[6] == ':')){
char severity[128] = "";

1740
source4/heimdal/lib/krb5/pkinit.c
View File

File diff suppressed because it is too large Load Diff

24
source4/heimdal/lib/krb5/principal.c
View File

@ -41,7 +41,7 @@
#include <fnmatch.h>
#include "resolve.h"
RCSID("$Id: principal.c,v 1.92 2005/12/11 17:48:13 lha Exp $");
RCSID("$Id: principal.c,v 1.94 2006/04/10 10:10:01 lha Exp $");
#define princ_num_comp(P) ((P)->name.name_string.len)
#define princ_type(P) ((P)->name.name_type)
@ -105,7 +105,7 @@ parse_name(krb5_context context,
{
krb5_error_code ret;
heim_general_string *comp;
heim_general_string realm;
heim_general_string realm = NULL;
int ncomp;
const char *p;
@ -246,6 +246,7 @@ exit:
free(comp[--n]);
}
free(comp);
free(realm);
free(s);
return ret;
}
@ -825,17 +826,22 @@ krb5_425_conv_principal_ext2(krb5_context context,
struct dns_reply *r;
r = dns_lookup(instance, "aaaa");
if (r && r->head && r->head->type == T_AAAA) {
inst = strdup(r->head->domain);
dns_free_data(r);
passed = TRUE;
} else {
r = dns_lookup(instance, "a");
if(r && r->head && r->head->type == T_A) {
if (r) {
if (r->head && r->head->type == T_AAAA) {
inst = strdup(r->head->domain);
dns_free_data(r);
passed = TRUE;
}
dns_free_data(r);
} else {
r = dns_lookup(instance, "a");
if (r) {
if(r->head && r->head->type == T_A) {
inst = strdup(r->head->domain);
passed = TRUE;
}
dns_free_data(r);
}
}
#else
struct addrinfo hints, *ai;

7
source4/heimdal/lib/krb5/rd_cred.c
View File

@ -33,7 +33,7 @@
#include <krb5_locl.h>
RCSID("$Id: rd_cred.c,v 1.26 2005/11/02 08:36:42 lha Exp $");
RCSID("$Id: rd_cred.c,v 1.28 2006/04/02 02:27:33 lha Exp $");
static krb5_error_code
compare_addrs(krb5_context context,
@ -257,8 +257,10 @@ krb5_rd_cred(krb5_context context,
ASN1_MALLOC_ENCODE(Ticket, creds->ticket.data, creds->ticket.length,
&cred.tickets.val[i], &len, ret);
if (ret)
if (ret) {
free(creds);
goto out;
}
if(creds->ticket.length != len)
krb5_abortx(context, "internal error in ASN.1 encoder");
copy_EncryptionKey (&kci->key, &creds->session);
@ -302,6 +304,7 @@ krb5_rd_cred(krb5_context context,
for(i = 0; (*ret_creds)[i]; i++)
krb5_free_creds(context, (*ret_creds)[i]);
free(*ret_creds);
*ret_creds = NULL;
}
return ret;
}

8
source4/heimdal/lib/krb5/rd_priv.c
View File

@ -33,7 +33,7 @@
#include <krb5_locl.h>
RCSID("$Id: rd_priv.c,v 1.32 2006/03/18 22:15:57 lha Exp $");
RCSID("$Id: rd_priv.c,v 1.33 2006/04/12 16:18:10 lha Exp $");
krb5_error_code KRB5_LIB_FUNCTION
krb5_rd_priv(krb5_context context,
@ -50,8 +50,8 @@ krb5_rd_priv(krb5_context context,
krb5_keyblock *key;
krb5_crypto crypto;
if (outdata)
krb5_data_zero(outdata);
if (outbuf)
krb5_data_zero(outbuf);
if ((auth_context->flags &
(KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
@ -161,7 +161,7 @@ krb5_rd_priv(krb5_context context,
(KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE))) {
/* if these fields are not present in the priv-part, silently
return zero */
krb5_data_zero(outdata);
memset(outdata, 0, sizeof(*outdata));
if(part.timestamp)
outdata->timestamp = *part.timestamp;
if(part.usec)

25
source4/heimdal/lib/krb5/rd_req.c
View File

@ -33,7 +33,7 @@
#include <krb5_locl.h>
RCSID("$Id: rd_req.c,v 1.61 2005/11/29 18:22:51 lha Exp $");
RCSID("$Id: rd_req.c,v 1.63 2006/04/10 10:14:44 lha Exp $");
static krb5_error_code
decrypt_tkt_enc_part (krb5_context context,
@ -279,8 +279,10 @@ krb5_verify_authenticator_checksum(krb5_context context,
&authenticator);
if(ret)
return ret;
if(authenticator->cksum == NULL)
if(authenticator->cksum == NULL) {
krb5_free_authenticator(context, &authenticator);
return -17;
}
ret = krb5_auth_con_getkey(context, ac, &key);
if(ret) {
krb5_free_authenticator(context, &authenticator);
@ -340,6 +342,9 @@ krb5_verify_ap_req2(krb5_context context,
krb5_error_code ret;
EtypeList etypes;
if (ticket)
*ticket = NULL;
if (auth_context && *auth_context) {
ac = *auth_context;
} else {
@ -348,13 +353,12 @@ krb5_verify_ap_req2(krb5_context context,
return ret;
}
t = malloc(sizeof(*t));
t = calloc(1, sizeof(*t));
if (t == NULL) {
ret = ENOMEM;
krb5_clear_error_string (context);
goto out;
}
memset(t, 0, sizeof(*t));
if (ap_req->ap_options.use_session_key && ac->keyblock){
ret = krb5_decrypt_ticket(context, &ap_req->ticket,
@ -372,14 +376,17 @@ krb5_verify_ap_req2(krb5_context context,
if(ret)
goto out;
_krb5_principalname2krb5_principal(&t->server, ap_req->ticket.sname,
ap_req->ticket.realm);
_krb5_principalname2krb5_principal(&t->client, t->ticket.cname,
t->ticket.crealm);
ret = _krb5_principalname2krb5_principal(&t->server, ap_req->ticket.sname,
ap_req->ticket.realm);
if (ret) goto out;
ret = _krb5_principalname2krb5_principal(&t->client, t->ticket.cname,
t->ticket.crealm);
if (ret) goto out;
/* save key */
krb5_copy_keyblock(context, &t->ticket.key, &ac->keyblock);
ret = krb5_copy_keyblock(context, &t->ticket.key, &ac->keyblock);
if (ret) goto out;
ret = decrypt_authenticator (context,
&t->ticket.key,

10
source4/heimdal/lib/krb5/replay.c
View File

@ -34,7 +34,7 @@
#include "krb5_locl.h"
#include <vis.h>
RCSID("$Id: replay.c,v 1.10 2004/05/25 21:41:15 lha Exp $");
RCSID("$Id: replay.c,v 1.12 2006/04/10 17:13:49 lha Exp $");
struct krb5_rcache_data {
char *name;
@ -58,6 +58,7 @@ krb5_rc_resolve_type(krb5_context context,
krb5_rcache *id,
const char *type)
{
*id = NULL;
if(strcmp(type, "FILE")) {
krb5_set_error_string (context, "replay cache type %s not supported",
type);
@ -77,6 +78,9 @@ krb5_rc_resolve_full(krb5_context context,
const char *string_name)
{
krb5_error_code ret;
*id = NULL;
if(strncmp(string_name, "FILE:", 5)) {
krb5_set_error_string (context, "replay cache type %s not supported",
string_name);
@ -86,6 +90,10 @@ krb5_rc_resolve_full(krb5_context context,
if(ret)
return ret;
ret = krb5_rc_resolve(context, *id, string_name + 5);
if (ret) {
krb5_rc_close(context, *id);
*id = NULL;
}
return ret;
}

5
source4/heimdal/lib/krb5/send_to_kdc.c
View File

@ -33,7 +33,7 @@
#include "krb5_locl.h"
RCSID("$Id: send_to_kdc.c,v 1.57 2006/03/07 19:39:59 lha Exp $");
RCSID("$Id: send_to_kdc.c,v 1.58 2006/04/02 02:32:03 lha Exp $");
struct send_and_recv {
krb5_send_and_recv_func_t func;
@ -231,6 +231,7 @@ send_and_recv_http(int fd,
s[rep->length] = 0;
p = strstr(s, "\r\n\r\n");
if(p == NULL) {
krb5_data_zero(rep);
free(s);
return -1;
}
@ -238,12 +239,14 @@ send_and_recv_http(int fd,
rep->data = s;
rep->length -= p - s;
if(rep->length < 4) { /* remove length */
krb5_data_zero(rep);
free(s);
return -1;
}
rep->length -= 4;
_krb5_get_int(p, &rep_len, 4);
if (rep_len != rep->length) {
krb5_data_zero(rep);
free(s);
return -1;
}

23
source4/heimdal/lib/krb5/store.c
View File

@ -34,7 +34,7 @@
#include "krb5_locl.h"
#include "store-int.h"
RCSID("$Id: store.c,v 1.50 2005/06/17 04:36:33 lha Exp $");
RCSID("$Id: store.c,v 1.51 2006/04/07 22:23:20 lha Exp $");
#define BYTEORDER_IS(SP, V) (((SP)->flags & KRB5_STORAGE_BYTEORDER_MASK) == (V))
#define BYTEORDER_IS_LE(SP) BYTEORDER_IS((SP), KRB5_STORAGE_BYTEORDER_LE)
@ -420,7 +420,7 @@ krb5_ret_principal(krb5_storage *sp,
if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE))
type = KRB5_NT_UNKNOWN;
else if((ret = krb5_ret_int32(sp, &type))){
else if((ret = krb5_ret_int32(sp, &type))){
free(p);
return ret;
}
@ -430,18 +430,31 @@ krb5_ret_principal(krb5_storage *sp,
}
if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS))
ncomp--;
if (ncomp < 0) {
free(p);
return EINVAL;
}
p->name.name_type = type;
p->name.name_string.len = ncomp;
ret = krb5_ret_string(sp, &p->realm);
if(ret) return ret;
if(ret) {
free(p);
return ret;
}
p->name.name_string.val = calloc(ncomp, sizeof(*p->name.name_string.val));
if(p->name.name_string.val == NULL){
if(p->name.name_string.val == NULL && ncomp != 0){
free(p->realm);
return ENOMEM;
}
for(i = 0; i < ncomp; i++){
ret = krb5_ret_string(sp, &p->name.name_string.val[i]);
if(ret) return ret; /* XXX */
if(ret) {
while (i >= 0)
free(p->name.name_string.val[i--]);
free(p->realm);
free(p);
return ret;
}
}
*princ = p;
return 0;

11
source4/heimdal/lib/krb5/transited.c
View File

@ -33,7 +33,7 @@
#include "krb5_locl.h"
RCSID("$Id: transited.c,v 1.16 2005/06/17 04:53:35 lha Exp $");
RCSID("$Id: transited.c,v 1.18 2006/04/10 10:26:35 lha Exp $");
/* this is an attempt at one of the most horrible `compression'
schemes that has ever been invented; it's so amazingly brain-dead
@ -100,8 +100,10 @@ make_path(krb5_context context, struct tr_realm *r,
p = from + strlen(from);
while(1){
while(p >= from && *p != '/') p--;
if(p == from)
if(p == from) {
r->next = path; /* XXX */
return KRB5KDC_ERR_POLICY;
}
if(strncmp(to, from, p - from) == 0)
break;
tmp = calloc(1, sizeof(*tmp));
@ -166,10 +168,13 @@ expand_realms(krb5_context context,
for(r = realms; r; r = r->next){
if(r->trailing_dot){
char *tmp;
size_t len = strlen(r->realm) + strlen(prev_realm) + 1;
size_t len;
if(prev_realm == NULL)
prev_realm = client_realm;
len = strlen(r->realm) + strlen(prev_realm) + 1;
tmp = realloc(r->realm, len);
if(tmp == NULL){
free_realms(realms);

19
source4/heimdal/lib/krb5/v4_glue.c
View File

@ -32,7 +32,7 @@
*/
#include "krb5_locl.h"
RCSID("$Id: v4_glue.c,v 1.2 2005/04/24 13:44:02 lha Exp $");
RCSID("$Id: v4_glue.c,v 1.3 2006/04/02 01:39:54 lha Exp $");
#include "krb5-v4compat.h"
@ -155,19 +155,20 @@ write_v4_cc(krb5_context context, const char *tkfile,
fd = open(path, O_WRONLY|O_CREAT, 0600);
if (fd < 0) {
free(path);
ret = errno;
krb5_set_error_string(context,
"krb5_krb_tf_setup: error opening file %s",
path);
return errno;
free(path);
return ret;
}
if (fstat(fd, &sb) != 0 || !S_ISREG(sb.st_mode)) {
free(path);
close(fd);
krb5_set_error_string(context,
"krb5_krb_tf_setup: tktfile %s is not a file",
path);
free(path);
close(fd);
return KRB5_FCC_PERM;
}
@ -178,11 +179,11 @@ write_v4_cc(krb5_context context, const char *tkfile,
break;
}
if (i == KRB5_TF_LCK_RETRY_COUNT) {
free(path);
close(fd);
krb5_set_error_string(context,
"krb5_krb_tf_setup: failed to lock %s",
path);
free(path);
close(fd);
return KRB5_FCC_PERM;
}
@ -190,11 +191,11 @@ write_v4_cc(krb5_context context, const char *tkfile,
ret = ftruncate(fd, 0);
if (ret < 0) {
flock(fd, LOCK_UN);
free(path);
close(fd);
krb5_set_error_string(context,
"krb5_krb_tf_setup: failed to truncate %s",
path);
free(path);
close(fd);
return KRB5_FCC_PERM;
}
}

213
source4/heimdal/lib/roken/resolve.c
View File

@ -45,7 +45,7 @@
#include <assert.h>
RCSID("$Id: resolve.c,v 1.53 2006/02/06 19:30:16 lha Exp $");
RCSID("$Id: resolve.c,v 1.55 2006/04/14 13:56:00 lha Exp $");
#ifdef _AIX /* AIX have broken res_nsearch() in 5.1 (5.0 also ?) */
#undef HAVE_RES_NSEARCH
@ -99,6 +99,16 @@ dns_type_to_string(int type)
#if (defined(HAVE_RES_SEARCH) || defined(HAVE_RES_NSEARCH)) && defined(HAVE_DN_EXPAND)
static void
dns_free_rr(struct resource_record *rr)
{
if(rr->domain)
free(rr->domain);
if(rr->u.data)
free(rr->u.data);
free(rr);
}
void ROKEN_LIB_FUNCTION
dns_free_data(struct dns_reply *r)
{
@ -107,29 +117,30 @@ dns_free_data(struct dns_reply *r)
free(r->q.domain);
for(rr = r->head; rr;){
struct resource_record *tmp = rr;
if(rr->domain)
free(rr->domain);
if(rr->u.data)
free(rr->u.data);
rr = rr->next;
free(tmp);
dns_free_rr(tmp);
}
free (r);
}
static int
parse_record(const unsigned char *data, const unsigned char *end_data,
const unsigned char **pp, struct resource_record **rr)
const unsigned char **pp, struct resource_record **ret_rr)
{
struct resource_record *rr;
int type, class, ttl, size;
int status;
char host[MAXDNAME];
const unsigned char *p = *pp;
*ret_rr = NULL;
status = dn_expand(data, end_data, p, host, sizeof(host));
if(status < 0)
return -1;
if (p + status + 10 > end_data)
return -1;
p += status;
type = (p[0] << 8) | p[1];
p += 2;
@ -143,30 +154,30 @@ parse_record(const unsigned char *data, const unsigned char *end_data,
if (p + size > end_data)
return -1;
*rr = calloc(1, sizeof(**rr));
if(*rr == NULL)
rr = calloc(1, sizeof(*rr));
if(rr == NULL)
return -1;
(*rr)->domain = strdup(host);
if((*rr)->domain == NULL) {
free(*rr);
rr->domain = strdup(host);
if(rr->domain == NULL) {
dns_free_rr(rr);
return -1;
}
(*rr)->type = type;
(*rr)->class = class;
(*rr)->ttl = ttl;
(*rr)->size = size;
rr->type = type;
rr->class = class;
rr->ttl = ttl;
rr->size = size;
switch(type){
case rk_ns_t_ns:
case rk_ns_t_cname:
case rk_ns_t_ptr:
status = dn_expand(data, end_data, p, host, sizeof(host));
if(status < 0) {
free(*rr);
dns_free_rr(rr);
return -1;
}
(*rr)->u.txt = strdup(host);
if((*rr)->u.txt == NULL) {
free(*rr);
rr->u.txt = strdup(host);
if(rr->u.txt == NULL) {
dns_free_rr(rr);
return -1;
}
break;
@ -176,101 +187,101 @@ parse_record(const unsigned char *data, const unsigned char *end_data,
status = dn_expand(data, end_data, p + 2, host, sizeof(host));
if(status < 0){
free(*rr);
dns_free_rr(rr);
return -1;
}
if (status + 2 > size) {
free(*rr);
dns_free_rr(rr);
return -1;
}
hostlen = strlen(host);
(*rr)->u.mx = (struct mx_record*)malloc(sizeof(struct mx_record) +
rr->u.mx = (struct mx_record*)malloc(sizeof(struct mx_record) +
hostlen);
if((*rr)->u.mx == NULL) {
free(*rr);
if(rr->u.mx == NULL) {
dns_free_rr(rr);
return -1;
}
(*rr)->u.mx->preference = (p[0] << 8) | p[1];
strlcpy((*rr)->u.mx->domain, host, hostlen + 1);
rr->u.mx->preference = (p[0] << 8) | p[1];
strlcpy(rr->u.mx->domain, host, hostlen + 1);
break;
}
case rk_ns_t_srv:{
size_t hostlen;
status = dn_expand(data, end_data, p + 6, host, sizeof(host));
if(status < 0){
free(*rr);
dns_free_rr(rr);
return -1;
}
if (status + 6 > size) {
free(*rr);
dns_free_rr(rr);
return -1;
}
hostlen = strlen(host);
(*rr)->u.srv =
rr->u.srv =
(struct srv_record*)malloc(sizeof(struct srv_record) +
hostlen);
if((*rr)->u.srv == NULL) {
free(*rr);
if(rr->u.srv == NULL) {
dns_free_rr(rr);
return -1;
}
(*rr)->u.srv->priority = (p[0] << 8) | p[1];
(*rr)->u.srv->weight = (p[2] << 8) | p[3];
(*rr)->u.srv->port = (p[4] << 8) | p[5];
strlcpy((*rr)->u.srv->target, host, hostlen + 1);
rr->u.srv->priority = (p[0] << 8) | p[1];
rr->u.srv->weight = (p[2] << 8) | p[3];
rr->u.srv->port = (p[4] << 8) | p[5];
strlcpy(rr->u.srv->target, host, hostlen + 1);
break;
}
case rk_ns_t_txt:{
if(size == 0 || size < *p + 1) {
free(*rr);
dns_free_rr(rr);
return -1;
}
(*rr)->u.txt = (char*)malloc(*p + 1);
if((*rr)->u.txt == NULL) {
free(*rr);
rr->u.txt = (char*)malloc(*p + 1);
if(rr->u.txt == NULL) {
dns_free_rr(rr);
return -1;
}
strncpy((*rr)->u.txt, (const char*)(p + 1), *p);
(*rr)->u.txt[*p] = '\0';
strncpy(rr->u.txt, (const char*)(p + 1), *p);
rr->u.txt[*p] = '\0';
break;
}
case rk_ns_t_key : {
size_t key_len;
if (size < 4) {
free(*rr);
dns_free_rr(rr);
return -1;
}
key_len = size - 4;
(*rr)->u.key = malloc (sizeof(*(*rr)->u.key) + key_len - 1);
if ((*rr)->u.key == NULL) {
free(*rr);
rr->u.key = malloc (sizeof(*rr->u.key) + key_len - 1);
if (rr->u.key == NULL) {
dns_free_rr(rr);
return -1;
}
(*rr)->u.key->flags = (p[0] << 8) | p[1];
(*rr)->u.key->protocol = p[2];
(*rr)->u.key->algorithm = p[3];
(*rr)->u.key->key_len = key_len;
memcpy ((*rr)->u.key->key_data, p + 4, key_len);
rr->u.key->flags = (p[0] << 8) | p[1];
rr->u.key->protocol = p[2];
rr->u.key->algorithm = p[3];
rr->u.key->key_len = key_len;
memcpy (rr->u.key->key_data, p + 4, key_len);
break;
}
case rk_ns_t_sig : {
size_t sig_len, hostlen;
if(size <= 18) {
free(*rr);
dns_free_rr(rr);
return -1;
}
status = dn_expand (data, end_data, p + 18, host, sizeof(host));
if (status < 0) {
free(*rr);
dns_free_rr(rr);
return -1;
}
if (status + 18 > size) {
free(*rr);
dns_free_rr(rr);
return -1;
}
@ -281,26 +292,26 @@ parse_record(const unsigned char *data, const unsigned char *end_data,
*/
sig_len = size - 18 - status;
hostlen = strlen(host);
(*rr)->u.sig = malloc(sizeof(*(*rr)->u.sig)
rr->u.sig = malloc(sizeof(*rr->u.sig)
+ hostlen + sig_len);
if ((*rr)->u.sig == NULL) {
free(*rr);
if (rr->u.sig == NULL) {
dns_free_rr(rr);
return -1;
}
(*rr)->u.sig->type = (p[0] << 8) | p[1];
(*rr)->u.sig->algorithm = p[2];
(*rr)->u.sig->labels = p[3];
(*rr)->u.sig->orig_ttl = (p[4] << 24) | (p[5] << 16)
rr->u.sig->type = (p[0] << 8) | p[1];
rr->u.sig->algorithm = p[2];
rr->u.sig->labels = p[3];
rr->u.sig->orig_ttl = (p[4] << 24) | (p[5] << 16)
| (p[6] << 8) | p[7];
(*rr)->u.sig->sig_expiration = (p[8] << 24) | (p[9] << 16)
rr->u.sig->sig_expiration = (p[8] << 24) | (p[9] << 16)
| (p[10] << 8) | p[11];
(*rr)->u.sig->sig_inception = (p[12] << 24) | (p[13] << 16)
rr->u.sig->sig_inception = (p[12] << 24) | (p[13] << 16)
| (p[14] << 8) | p[15];
(*rr)->u.sig->key_tag = (p[16] << 8) | p[17];
(*rr)->u.sig->sig_len = sig_len;
memcpy ((*rr)->u.sig->sig_data, p + 18 + status, sig_len);
(*rr)->u.sig->signer = &(*rr)->u.sig->sig_data[sig_len];
strlcpy((*rr)->u.sig->signer, host, hostlen + 1);
rr->u.sig->key_tag = (p[16] << 8) | p[17];
rr->u.sig->sig_len = sig_len;
memcpy (rr->u.sig->sig_data, p + 18 + status, sig_len);
rr->u.sig->signer = &rr->u.sig->sig_data[sig_len];
strlcpy(rr->u.sig->signer, host, hostlen + 1);
break;
}
@ -308,78 +319,81 @@ parse_record(const unsigned char *data, const unsigned char *end_data,
size_t cert_len;
if (size < 5) {
free(*rr);
dns_free_rr(rr);
return -1;
}
cert_len = size - 5;
(*rr)->u.cert = malloc (sizeof(*(*rr)->u.cert) + cert_len - 1);
if ((*rr)->u.cert == NULL) {
free(*rr);
rr->u.cert = malloc (sizeof(*rr->u.cert) + cert_len - 1);
if (rr->u.cert == NULL) {
dns_free_rr(rr);
return -1;
}
(*rr)->u.cert->type = (p[0] << 8) | p[1];
(*rr)->u.cert->tag = (p[2] << 8) | p[3];
(*rr)->u.cert->algorithm = p[4];
(*rr)->u.cert->cert_len = cert_len;
memcpy ((*rr)->u.cert->cert_data, p + 5, cert_len);
rr->u.cert->type = (p[0] << 8) | p[1];
rr->u.cert->tag = (p[2] << 8) | p[3];
rr->u.cert->algorithm = p[4];
rr->u.cert->cert_len = cert_len;
memcpy (rr->u.cert->cert_data, p + 5, cert_len);
break;
}
case rk_ns_t_sshfp : {
size_t sshfp_len;
if (size < 2) {
free(*rr);
dns_free_rr(rr);
return -1;
}
sshfp_len = size - 2;
(*rr)->u.sshfp = malloc (sizeof(*(*rr)->u.sshfp) + sshfp_len - 1);
if ((*rr)->u.sshfp == NULL) {
free(*rr);
rr->u.sshfp = malloc (sizeof(*rr->u.sshfp) + sshfp_len - 1);
if (rr->u.sshfp == NULL) {
dns_free_rr(rr);
return -1;
}
(*rr)->u.sshfp->algorithm = p[0];
(*rr)->u.sshfp->type = p[1];
(*rr)->u.sshfp->sshfp_len = sshfp_len;
memcpy ((*rr)->u.sshfp->sshfp_data, p + 2, sshfp_len);
rr->u.sshfp->algorithm = p[0];
rr->u.sshfp->type = p[1];
rr->u.sshfp->sshfp_len = sshfp_len;
memcpy (rr->u.sshfp->sshfp_data, p + 2, sshfp_len);
break;
}
case rk_ns_t_ds: {
size_t digest_len;
if (size < 4) {
free(*rr);
dns_free_rr(rr);
return -1;
}
digest_len = size - 4;
(*rr)->u.ds = malloc (sizeof(*(*rr)->u.ds) + digest_len - 1);
if ((*rr)->u.ds == NULL) {
free(*rr);
rr->u.ds = malloc (sizeof(*rr->u.ds) + digest_len - 1);
if (rr->u.ds == NULL) {
dns_free_rr(rr);
return -1;
}
(*rr)->u.ds->key_tag = (p[0] << 8) | p[1];
(*rr)->u.ds->algorithm = p[2];
(*rr)->u.ds->digest_type = p[3];
(*rr)->u.ds->digest_len = digest_len;
memcpy ((*rr)->u.ds->digest_data, p + 4, digest_len);
rr->u.ds->key_tag = (p[0] << 8) | p[1];
rr->u.ds->algorithm = p[2];
rr->u.ds->digest_type = p[3];
rr->u.ds->digest_len = digest_len;
memcpy (rr->u.ds->digest_data, p + 4, digest_len);
break;
}
default:
(*rr)->u.data = (unsigned char*)malloc(size);
if(size != 0 && (*rr)->u.data == NULL) {
free(*rr);
rr->u.data = (unsigned char*)malloc(size);
if(size != 0 && rr->u.data == NULL) {
dns_free_rr(rr);
return -1;
}
memcpy((*rr)->u.data, p, size);
if (size)
memcpy(rr->u.data, p, size);
}
*pp = p + size;
*ret_rr = rr;
return 0;
}
@ -633,8 +647,7 @@ dns_srv_order(struct dns_reply *r)
/* find the last record with the same priority and count the
sum of all weights */
for(sum = 0, tt = ss; tt < srvs + num_srv; tt++) {
if(*tt == NULL)
continue;
assert(*tt != NULL);
if((*tt)->u.srv->priority != (*ss)->u.srv->priority)
break;
sum += (*tt)->u.srv->weight;

4
source4/heimdal/lib/roken/roken_gethostby.c
View File

@ -33,7 +33,7 @@
#ifdef HAVE_CONFIG_H
#include <config.h>
RCSID("$Id: roken_gethostby.c,v 1.7 2005/04/12 11:29:03 lha Exp $");
RCSID("$Id: roken_gethostby.c,v 1.8 2006/04/02 00:09:28 lha Exp $");
#endif
#include <roken.h>
@ -186,7 +186,7 @@ roken_gethostby(const char *hostname)
#define MAX_ADDRS 16
static struct hostent he;
static char addrs[4 * MAX_ADDRS];
static char *addr_list[MAX_ADDRS];
static char *addr_list[MAX_ADDRS + 1];
int num_addrs = 0;
he.h_name = p;

1
source4/heimdal_build/config.mk
View File

@ -280,6 +280,7 @@ OBJ_FILES = \
../heimdal/lib/des/rijndael-alg-fst.o \
../heimdal/lib/des/rnd_keys.o \
../heimdal/lib/des/sha.o \
../heimdal/lib/des/sha256.o \
../heimdal/lib/des/ui.o \
../heimdal/lib/des/evp.o \
../heimdal/lib/des/pkcs5.o \