sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-27 22:50:26 +03:00
Code

s4:heimdal: import lorikeet-heimdal-201012010201 (commit 81fe27bcc0148d410ca4617f8759b9df1a5e935c)

Browse Source
This commit is contained in:
Andrew Bartlett 2010-11-29 11:24:08 +11:00 committed by Andrew Tridgell
parent 9c84f987ac
commit c5bea98ddb
80 changed files with 2666 additions and 3732 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
source4/heimdal/base/baselocl.h
View File

@ -33,13 +33,17 @@
* SUCH DAMAGE.
*/
#include "config.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <limits.h>
#include <unistd.h>
#include "config.h"
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
#include "heimqueue.h"
#include "heim_threads.h"
@ -50,14 +54,8 @@
#include <dispatch/dispatch.h>
#endif
#if HEIM_BASE_NON_ATOMIC
/* non-atomic varients */
#define heim_base_atomic_inc(x) ++(*(x))
#define heim_base_atomic_dec(x) --(*(x))
#define heim_base_atomic_type unsigned int
#define heim_base_atomic_max UINT_MAX
#if defined(__GNUC__) && defined(HAVE___SYNC_ADD_AND_FETCH)
#elif defined(__GNUC__)
#define heim_base_atomic_inc(x) __sync_add_and_fetch((x), 1)
#define heim_base_atomic_dec(x) __sync_sub_and_fetch((x), 1)
#define heim_base_atomic_type unsigned int
@ -65,12 +63,44 @@
#define heim_base_exchange_pointer(t,v) __sync_lock_test_and_set((t), (v))
#elif 0 /* windows */
#elif defined(_WIN32)
#define heim_base_atomic_inc(x) InterlockedIncrement(x)
#define heim_base_atomic_dec(x) InterlockedDecrement(x)
#define heim_base_atomic_type LONG
#define heim_base_atomic_max MAXLONG
#define heim_base_exchange_pointer(t,v) InterlockedExchangePointer((t),(v))
#else
#error "provide atomic integer operations for your compiler"
#define HEIM_BASE_NEED_ATOMIC_MUTEX 1
extern HEIMDAL_MUTEX _heim_base_mutex;
#define heim_base_atomic_type unsigned int
static inline heim_base_atomic_type
heim_base_atomic_inc(heim_base_atomic_type *x)
{
heim_base_atomic_type t;
HEIMDAL_MUTEX_lock(&_heim_base_mutex);
t = ++(*x);
HEIMDAL_MUTEX_unlock(&_heim_base_mutex);
return t;
}
static inline heim_base_atomic_type
heim_base_atomic_dec(heim_base_atomic_type *x)
{
heim_base_atomic_type t;
HEIMDAL_MUTEX_lock(&_heim_base_mutex);
t = --(*x);
HEIMDAL_MUTEX_unlock(&_heim_base_mutex);
return t;
}
#define heim_base_atomic_max UINT_MAX
#endif
/* tagged strings/object/XXX */

15
source4/heimdal/base/heimbase.c
View File

@ -60,6 +60,10 @@ struct heim_base_mem {
#define PTR2BASE(ptr) (((struct heim_base *)ptr) - 1)
#define BASE2PTR(ptr) ((void *)(((struct heim_base *)ptr) + 1))
#ifdef HEIM_BASE_NEED_ATOMIC_MUTEX
HEIMDAL_MUTEX _heim_base_mutex = HEIMDAL_MUTEX_INITIALIZER;
#endif
/*
* Auto release structure
*/
@ -334,6 +338,8 @@ heim_base_once_f(heim_base_once_t *once, void *ctx, void (*func)(void *))
} else {
HEIMDAL_MUTEX_unlock(&mutex);
while (1) {
struct timeval tv = { 0, 1000 };
select(0, NULL, NULL, NULL, &tv);
HEIMDAL_MUTEX_lock(&mutex);
if (*once == 2)
break;
@ -364,13 +370,10 @@ heim_abort(const char *fmt, ...)
void
heim_abortv(const char *fmt, va_list ap)
{
char *str = NULL;
int ret;
static char str[1024];
ret = vasprintf(&str, fmt, ap);
if (ret > 0 && str) {
syslog(LOG_ERR, "heim_abort: %s", str);
}
vsnprintf(str, sizeof(str), fmt, ap);
syslog(LOG_ERR, "heim_abort: %s", str);
abort();
}

1
source4/heimdal/cf/make-proto.pl
View File

@ -180,6 +180,7 @@ sub foo {
local ($arg) = @_;
$_ = $arg;
s/.*\/([^\/]*)/$1/;
s/.*\\([^\\]*)/$1/;
s/[^a-zA-Z0-9]/_/g;
"__" . $_ . "__";
}

3
source4/heimdal/kdc/default_config.c
View File

@ -296,7 +296,6 @@ krb5_kdc_pkinit_config(krb5_context context, krb5_kdc_configuration *config)
}
#endif /* PKINIT */
return 0;
#endif /* PKINIT */
}

955
source4/heimdal/kdc/kaserver.c
View File

@ -1,955 +0,0 @@
/*
* Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "kdc_locl.h"
#ifdef KRB4
#include <krb5-v4compat.h>
#include <rx.h>
#define KA_AUTHENTICATION_SERVICE 731
#define KA_TICKET_GRANTING_SERVICE 732
#define KA_MAINTENANCE_SERVICE 733
#define AUTHENTICATE_OLD 1
#define CHANGEPASSWORD 2
#define GETTICKET_OLD 3
#define SETPASSWORD 4
#define SETFIELDS 5
#define CREATEUSER 6
#define DELETEUSER 7
#define GETENTRY 8
#define LISTENTRY 9
#define GETSTATS 10
#define DEBUG 11
#define GETPASSWORD 12
#define GETRANDOMKEY 13
#define AUTHENTICATE 21
#define AUTHENTICATE_V2 22
#define GETTICKET 23
/* XXX - Where do we get these? */
#define RXGEN_OPCODE (-455)
#define KADATABASEINCONSISTENT (180480L)
#define KAEXIST (180481L)
#define KAIO (180482L)
#define KACREATEFAIL (180483L)
#define KANOENT (180484L)
#define KAEMPTY (180485L)
#define KABADNAME (180486L)
#define KABADINDEX (180487L)
#define KANOAUTH (180488L)
#define KAANSWERTOOLONG (180489L)
#define KABADREQUEST (180490L)
#define KAOLDINTERFACE (180491L)
#define KABADARGUMENT (180492L)
#define KABADCMD (180493L)
#define KANOKEYS (180494L)
#define KAREADPW (180495L)
#define KABADKEY (180496L)
#define KAUBIKINIT (180497L)
#define KAUBIKCALL (180498L)
#define KABADPROTOCOL (180499L)
#define KANOCELLS (180500L)
#define KANOCELL (180501L)
#define KATOOMANYUBIKS (180502L)
#define KATOOMANYKEYS (180503L)
#define KABADTICKET (180504L)
#define KAUNKNOWNKEY (180505L)
#define KAKEYCACHEINVALID (180506L)
#define KABADSERVER (180507L)
#define KABADUSER (180508L)
#define KABADCPW (180509L)
#define KABADCREATE (180510L)
#define KANOTICKET (180511L)
#define KAASSOCUSER (180512L)
#define KANOTSPECIAL (180513L)
#define KACLOCKSKEW (180514L)
#define KANORECURSE (180515L)
#define KARXFAIL (180516L)
#define KANULLPASSWORD (180517L)
#define KAINTERNALERROR (180518L)
#define KAPWEXPIRED (180519L)
#define KAREUSED (180520L)
#define KATOOSOON (180521L)
#define KALOCKED (180522L)
static krb5_error_code
decode_rx_header (krb5_storage *sp,
struct rx_header *h)
{
krb5_error_code ret;
ret = krb5_ret_uint32(sp, &h->epoch);
if (ret) return ret;
ret = krb5_ret_uint32(sp, &h->connid);
if (ret) return ret;
ret = krb5_ret_uint32(sp, &h->callid);
if (ret) return ret;
ret = krb5_ret_uint32(sp, &h->seqno);
if (ret) return ret;
ret = krb5_ret_uint32(sp, &h->serialno);
if (ret) return ret;
ret = krb5_ret_uint8(sp, &h->type);
if (ret) return ret;
ret = krb5_ret_uint8(sp, &h->flags);
if (ret) return ret;
ret = krb5_ret_uint8(sp, &h->status);
if (ret) return ret;
ret = krb5_ret_uint8(sp, &h->secindex);
if (ret) return ret;
ret = krb5_ret_uint16(sp, &h->reserved);
if (ret) return ret;
ret = krb5_ret_uint16(sp, &h->serviceid);
if (ret) return ret;
return 0;
}
static krb5_error_code
encode_rx_header (struct rx_header *h,
krb5_storage *sp)
{
krb5_error_code ret;
ret = krb5_store_uint32(sp, h->epoch);
if (ret) return ret;
ret = krb5_store_uint32(sp, h->connid);
if (ret) return ret;
ret = krb5_store_uint32(sp, h->callid);
if (ret) return ret;
ret = krb5_store_uint32(sp, h->seqno);
if (ret) return ret;
ret = krb5_store_uint32(sp, h->serialno);
if (ret) return ret;
ret = krb5_store_uint8(sp, h->type);
if (ret) return ret;
ret = krb5_store_uint8(sp, h->flags);
if (ret) return ret;
ret = krb5_store_uint8(sp, h->status);
if (ret) return ret;
ret = krb5_store_uint8(sp, h->secindex);
if (ret) return ret;
ret = krb5_store_uint16(sp, h->reserved);
if (ret) return ret;
ret = krb5_store_uint16(sp, h->serviceid);
if (ret) return ret;
return 0;
}
static void
init_reply_header (struct rx_header *hdr,
struct rx_header *reply_hdr,
u_char type,
u_char flags)
{
reply_hdr->epoch = hdr->epoch;
reply_hdr->connid = hdr->connid;
reply_hdr->callid = hdr->callid;
reply_hdr->seqno = 1;
reply_hdr->serialno = 1;
reply_hdr->type = type;
reply_hdr->flags = flags;
reply_hdr->status = 0;
reply_hdr->secindex = 0;
reply_hdr->reserved = 0;
reply_hdr->serviceid = hdr->serviceid;
}
/*
* Create an error `reply´ using for the packet `hdr' with the error
* `error´ code.
*/
static void
make_error_reply (struct rx_header *hdr,
uint32_t error,
krb5_data *reply)
{
struct rx_header reply_hdr;
krb5_error_code ret;
krb5_storage *sp;
init_reply_header (hdr, &reply_hdr, HT_ABORT, HF_LAST);
sp = krb5_storage_emem();
if (sp == NULL)
return;
ret = encode_rx_header (&reply_hdr, sp);
if (ret)
return;
krb5_store_int32(sp, error);
krb5_storage_to_data (sp, reply);
krb5_storage_free (sp);
}
static krb5_error_code
krb5_ret_xdr_data(krb5_storage *sp,
krb5_data *data)
{
int ret;
int size;
ret = krb5_ret_int32(sp, &size);
if(ret)
return ret;
if(size < 0)
return ERANGE;
data->length = size;
if (size) {
u_char foo[4];
size_t pad = (4 - size % 4) % 4;
data->data = malloc(size);
if (data->data == NULL)
return ENOMEM;
ret = krb5_storage_read(sp, data->data, size);
if(ret != size)
return (ret < 0)? errno : KRB5_CC_END;
if (pad) {
ret = krb5_storage_read(sp, foo, pad);
if (ret != pad)
return (ret < 0)? errno : KRB5_CC_END;
}
} else
data->data = NULL;
return 0;
}
static krb5_error_code
krb5_store_xdr_data(krb5_storage *sp,
krb5_data data)
{
u_char zero[4] = {0, 0, 0, 0};
int ret;
size_t pad;
ret = krb5_store_int32(sp, data.length);
if(ret < 0)
return ret;
ret = krb5_storage_write(sp, data.data, data.length);
if(ret != data.length){
if(ret < 0)
return errno;
return KRB5_CC_END;
}
pad = (4 - data.length % 4) % 4;
if (pad) {
ret = krb5_storage_write(sp, zero, pad);
if (ret != pad) {
if (ret < 0)
return errno;
return KRB5_CC_END;
}
}
return 0;
}
static krb5_error_code
create_reply_ticket (krb5_context context,
struct rx_header *hdr,
Key *skey,
char *name, char *instance, char *realm,
struct sockaddr_in *addr,
int life,
int kvno,
int32_t max_seq_len,
const char *sname, const char *sinstance,
uint32_t challenge,
const char *label,
krb5_keyblock *key,
krb5_data *reply)
{
krb5_error_code ret;
krb5_data ticket;
krb5_keyblock session;
krb5_storage *sp;
krb5_data enc_data;
struct rx_header reply_hdr;
char zero[8];
size_t pad;
unsigned fyrtiosjuelva;
/* create the ticket */
krb5_generate_random_keyblock(context, ETYPE_DES_PCBC_NONE, &session);
_krb5_krb_create_ticket(context,
0,
name,
instance,
realm,
addr->sin_addr.s_addr,
&session,
life,
kdc_time,
sname,
sinstance,
&skey->key,
&ticket);
/* create the encrypted part of the reply */
sp = krb5_storage_emem ();
krb5_generate_random_block(&fyrtiosjuelva, sizeof(fyrtiosjuelva));
fyrtiosjuelva &= 0xffffffff;
krb5_store_int32 (sp, fyrtiosjuelva);
krb5_store_int32 (sp, challenge);
krb5_storage_write (sp, session.keyvalue.data, 8);
krb5_free_keyblock_contents(context, &session);
krb5_store_int32 (sp, kdc_time);
krb5_store_int32 (sp, kdc_time + _krb5_krb_life_to_time (0, life));
krb5_store_int32 (sp, kvno);
krb5_store_int32 (sp, ticket.length);
krb5_store_stringz (sp, name);
krb5_store_stringz (sp, instance);
#if 1 /* XXX - Why shouldn't the realm go here? */
krb5_store_stringz (sp, "");
#else
krb5_store_stringz (sp, realm);
#endif
krb5_store_stringz (sp, sname);
krb5_store_stringz (sp, sinstance);
krb5_storage_write (sp, ticket.data, ticket.length);
krb5_storage_write (sp, label, strlen(label));
/* pad to DES block */
memset (zero, 0, sizeof(zero));
pad = (8 - krb5_storage_seek (sp, 0, SEEK_CUR) % 8) % 8;
krb5_storage_write (sp, zero, pad);
krb5_storage_to_data (sp, &enc_data);
krb5_storage_free (sp);
if (enc_data.length > max_seq_len) {
krb5_data_free (&enc_data);
make_error_reply (hdr, KAANSWERTOOLONG, reply);
return 0;
}
/* encrypt it */
{
DES_key_schedule schedule;
DES_cblock deskey;
memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
DES_set_key_unchecked (&deskey, &schedule);
DES_pcbc_encrypt (enc_data.data,
enc_data.data,
enc_data.length,
&schedule,
&deskey,
DES_ENCRYPT);
memset (&schedule, 0, sizeof(schedule));
memset (&deskey, 0, sizeof(deskey));
}
/* create the reply packet */
init_reply_header (hdr, &reply_hdr, HT_DATA, HF_LAST);
sp = krb5_storage_emem ();
ret = encode_rx_header (&reply_hdr, sp);
krb5_store_int32 (sp, max_seq_len);
krb5_store_xdr_data (sp, enc_data);
krb5_data_free (&enc_data);
krb5_storage_to_data (sp, reply);
krb5_storage_free (sp);
return 0;
}
static krb5_error_code
unparse_auth_args (krb5_storage *sp,
char **name,
char **instance,
time_t *start_time,
time_t *end_time,
krb5_data *request,
int32_t *max_seq_len)
{
krb5_data data;
int32_t tmp;
krb5_ret_xdr_data (sp, &data);
*name = malloc(data.length + 1);
if (*name == NULL)
return ENOMEM;
memcpy (*name, data.data, data.length);
(*name)[data.length] = '\0';
krb5_data_free (&data);
krb5_ret_xdr_data (sp, &data);
*instance = malloc(data.length + 1);
if (*instance == NULL) {
free (*name);
return ENOMEM;
}
memcpy (*instance, data.data, data.length);
(*instance)[data.length] = '\0';
krb5_data_free (&data);
krb5_ret_int32 (sp, &tmp);
*start_time = tmp;
krb5_ret_int32 (sp, &tmp);
*end_time = tmp;
krb5_ret_xdr_data (sp, request);
krb5_ret_int32 (sp, max_seq_len);
/* ignore the rest */
return 0;
}
static void
do_authenticate (krb5_context context,
krb5_kdc_configuration *config,
struct rx_header *hdr,
krb5_storage *sp,
struct sockaddr_in *addr,
const char *from,
krb5_data *reply)
{
krb5_error_code ret;
char *name = NULL;
char *instance = NULL;
time_t start_time;
time_t end_time;
krb5_data request;
int32_t max_seq_len;
hdb_entry_ex *client_entry = NULL;
hdb_entry_ex *server_entry = NULL;
Key *ckey = NULL;
Key *skey = NULL;
krb5_storage *reply_sp;
time_t max_life;
uint8_t life;
int32_t chal;
char client_name[256];
char server_name[256];
krb5_data_zero (&request);
ret = unparse_auth_args (sp, &name, &instance, &start_time, &end_time,
&request, &max_seq_len);
if (ret != 0 || request.length < 8) {
make_error_reply (hdr, KABADREQUEST, reply);
goto out;
}
snprintf (client_name, sizeof(client_name), "%s.%s@%s",
name, instance, config->v4_realm);
snprintf (server_name, sizeof(server_name), "%s.%s@%s",
"krbtgt", config->v4_realm, config->v4_realm);
kdc_log(context, config, 0, "AS-REQ (kaserver) %s from %s for %s",
client_name, from, server_name);
ret = _kdc_db_fetch4 (context, config, name, instance,
config->v4_realm, HDB_F_GET_CLIENT,
&client_entry);
if (ret) {
kdc_log(context, config, 0, "Client not found in database: %s: %s",
client_name, krb5_get_err_text(context, ret));
make_error_reply (hdr, KANOENT, reply);
goto out;
}
ret = _kdc_db_fetch4 (context, config, "krbtgt",
config->v4_realm, config->v4_realm,
HDB_F_GET_KRBTGT, &server_entry);
if (ret) {
kdc_log(context, config, 0, "Server not found in database: %s: %s",
server_name, krb5_get_err_text(context, ret));
make_error_reply (hdr, KANOENT, reply);
goto out;
}
ret = kdc_check_flags (context, config,
client_entry, client_name,
server_entry, server_name,
TRUE);
if (ret) {
make_error_reply (hdr, KAPWEXPIRED, reply);
goto out;
}
/* find a DES key */
ret = _kdc_get_des_key(context, client_entry, FALSE, TRUE, &ckey);
if(ret){
kdc_log(context, config, 0, "no suitable DES key for client");
make_error_reply (hdr, KANOKEYS, reply);
goto out;
}
/* find a DES key */
ret = _kdc_get_des_key(context, server_entry, TRUE, TRUE, &skey);
if(ret){
kdc_log(context, config, 0, "no suitable DES key for server");
make_error_reply (hdr, KANOKEYS, reply);
goto out;
}
{
DES_cblock key;
DES_key_schedule schedule;
/* try to decode the `request' */
memcpy (&key, ckey->key.keyvalue.data, sizeof(key));
DES_set_key_unchecked (&key, &schedule);
DES_pcbc_encrypt (request.data,
request.data,
request.length,
&schedule,
&key,
DES_DECRYPT);
memset (&schedule, 0, sizeof(schedule));
memset (&key, 0, sizeof(key));
}
/* check for the magic label */
if (memcmp ((char *)request.data + 4, "gTGS", 4) != 0) {
kdc_log(context, config, 0, "preauth failed for %s", client_name);
make_error_reply (hdr, KABADREQUEST, reply);
goto out;
}
reply_sp = krb5_storage_from_mem (request.data, 4);
krb5_ret_int32 (reply_sp, &chal);
krb5_storage_free (reply_sp);
if (abs(chal - kdc_time) > context->max_skew) {
make_error_reply (hdr, KACLOCKSKEW, reply);
goto out;
}
/* life */
max_life = end_time - kdc_time;
/* end_time - kdc_time can sometimes be non-positive due to slight
time skew between client and server. Let's make sure it is postive */
if(max_life < 1)
max_life = 1;
if (client_entry->entry.max_life)
max_life = min(max_life, *client_entry->entry.max_life);
if (server_entry->entry.max_life)
max_life = min(max_life, *server_entry->entry.max_life);
life = krb_time_to_life(kdc_time, kdc_time + max_life);
create_reply_ticket (context,
hdr, skey,
name, instance, config->v4_realm,
addr, life, server_entry->entry.kvno,
max_seq_len,
"krbtgt", config->v4_realm,
chal + 1, "tgsT",
&ckey->key, reply);
out:
if (request.length) {
memset (request.data, 0, request.length);
krb5_data_free (&request);
}
if (name)
free (name);
if (instance)
free (instance);
if (client_entry)
_kdc_free_ent (context, client_entry);
if (server_entry)
_kdc_free_ent (context, server_entry);
}
static krb5_error_code
unparse_getticket_args (krb5_storage *sp,
int *kvno,
char **auth_domain,
krb5_data *ticket,
char **name,
char **instance,
krb5_data *times,
int32_t *max_seq_len)
{
krb5_data data;
int32_t tmp;
krb5_ret_int32 (sp, &tmp);
*kvno = tmp;
krb5_ret_xdr_data (sp, &data);
*auth_domain = malloc(data.length + 1);
if (*auth_domain == NULL)
return ENOMEM;
memcpy (*auth_domain, data.data, data.length);
(*auth_domain)[data.length] = '\0';
krb5_data_free (&data);
krb5_ret_xdr_data (sp, ticket);
krb5_ret_xdr_data (sp, &data);
*name = malloc(data.length + 1);
if (*name == NULL) {
free (*auth_domain);
return ENOMEM;
}
memcpy (*name, data.data, data.length);
(*name)[data.length] = '\0';
krb5_data_free (&data);
krb5_ret_xdr_data (sp, &data);
*instance = malloc(data.length + 1);
if (*instance == NULL) {
free (*auth_domain);
free (*name);
return ENOMEM;
}
memcpy (*instance, data.data, data.length);
(*instance)[data.length] = '\0';
krb5_data_free (&data);
krb5_ret_xdr_data (sp, times);
krb5_ret_int32 (sp, max_seq_len);
/* ignore the rest */
return 0;
}
static void
do_getticket (krb5_context context,
krb5_kdc_configuration *config,
struct rx_header *hdr,
krb5_storage *sp,
struct sockaddr_in *addr,
const char *from,
krb5_data *reply)
{
krb5_error_code ret;
int kvno;
char *auth_domain = NULL;
krb5_data aticket;
char *name = NULL;
char *instance = NULL;
krb5_data times;
int32_t max_seq_len;
hdb_entry_ex *server_entry = NULL;
hdb_entry_ex *client_entry = NULL;
hdb_entry_ex *krbtgt_entry = NULL;
Key *kkey = NULL;
Key *skey = NULL;
DES_cblock key;
DES_key_schedule schedule;
DES_cblock session;
time_t max_life;
int8_t life;
time_t start_time, end_time;
char server_name[256];
char client_name[256];
struct _krb5_krb_auth_data ad;
krb5_data_zero (&aticket);
krb5_data_zero (&times);
memset(&ad, 0, sizeof(ad));
unparse_getticket_args (sp, &kvno, &auth_domain, &aticket,
&name, &instance, &times, &max_seq_len);
if (times.length < 8) {
make_error_reply (hdr, KABADREQUEST, reply);
goto out;
}
snprintf (server_name, sizeof(server_name),
"%s.%s@%s", name, instance, config->v4_realm);
ret = _kdc_db_fetch4 (context, config, name, instance,
config->v4_realm, HDB_F_GET_SERVER, &server_entry);
if (ret) {
kdc_log(context, config, 0, "Server not found in database: %s: %s",
server_name, krb5_get_err_text(context, ret));
make_error_reply (hdr, KANOENT, reply);
goto out;
}
ret = _kdc_db_fetch4 (context, config, "krbtgt",
config->v4_realm, config->v4_realm, HDB_F_GET_KRBTGT, &krbtgt_entry);
if (ret) {
kdc_log(context, config, 0,
"Server not found in database: %s.%s@%s: %s",
"krbtgt", config->v4_realm, config->v4_realm,
krb5_get_err_text(context, ret));
make_error_reply (hdr, KANOENT, reply);
goto out;
}
/* find a DES key */
ret = _kdc_get_des_key(context, krbtgt_entry, TRUE, TRUE, &kkey);
if(ret){
kdc_log(context, config, 0, "no suitable DES key for krbtgt");
make_error_reply (hdr, KANOKEYS, reply);
goto out;
}
/* find a DES key */
ret = _kdc_get_des_key(context, server_entry, TRUE, TRUE, &skey);
if(ret){
kdc_log(context, config, 0, "no suitable DES key for server");
make_error_reply (hdr, KANOKEYS, reply);
goto out;
}
/* decrypt the incoming ticket */
memcpy (&key, kkey->key.keyvalue.data, sizeof(key));
/* unpack the ticket */
{
char *sname = NULL;
char *sinstance = NULL;
ret = _krb5_krb_decomp_ticket(context, &aticket, &kkey->key,
config->v4_realm, &sname,
&sinstance, &ad);
if (ret) {
const char *msg = krb5_get_error_message(context, ret);
kdc_log(context, config, 0,
"kaserver: decomp failed for %s.%s with %s %d",
msg, sname, sinstance, ret);
krb5_free_error_message(context, msg);
make_error_reply (hdr, KABADTICKET, reply);
goto out;
}
if (strcmp (sname, "krbtgt") != 0
|| strcmp (sinstance, config->v4_realm) != 0) {
kdc_log(context, config, 0, "no TGT: %s.%s for %s.%s@%s",
sname, sinstance,
ad.pname, ad.pinst, ad.prealm);
make_error_reply (hdr, KABADTICKET, reply);
free(sname);
free(sinstance);
goto out;
}
free(sname);
free(sinstance);
if (kdc_time > _krb5_krb_life_to_time(ad.time_sec, ad.life)) {
kdc_log(context, config, 0, "TGT expired: %s.%s@%s",
ad.pname, ad.pinst, ad.prealm);
make_error_reply (hdr, KABADTICKET, reply);
goto out;
}
}
snprintf (client_name, sizeof(client_name),
"%s.%s@%s", ad.pname, ad.pinst, ad.prealm);
kdc_log(context, config, 0, "TGS-REQ (kaserver) %s from %s for %s",
client_name, from, server_name);
ret = _kdc_db_fetch4 (context, config,
ad.pname, ad.pinst, ad.prealm, HDB_F_GET_CLIENT,
&client_entry);
if(ret && ret != HDB_ERR_NOENTRY) {
kdc_log(context, config, 0,
"Client not found in database: (krb4) %s: %s",
client_name, krb5_get_err_text(context, ret));
make_error_reply (hdr, KANOENT, reply);
goto out;
}
if (client_entry == NULL && strcmp(ad.prealm, config->v4_realm) == 0) {
kdc_log(context, config, 0,
"Local client not found in database: (krb4) "
"%s", client_name);
make_error_reply (hdr, KANOENT, reply);
goto out;
}
ret = kdc_check_flags (context, config,
client_entry, client_name,
server_entry, server_name,
FALSE);
if (ret) {
make_error_reply (hdr, KAPWEXPIRED, reply);
goto out;
}
/* decrypt the times */
memcpy(&session, ad.session.keyvalue.data, sizeof(session));
DES_set_key_unchecked (&session, &schedule);
DES_ecb_encrypt (times.data,
times.data,
&schedule,
DES_DECRYPT);
memset (&schedule, 0, sizeof(schedule));
memset (&session, 0, sizeof(session));
/* and extract them */
{
krb5_storage *tsp;
int32_t tmp;
tsp = krb5_storage_from_mem (times.data, times.length);
krb5_ret_int32 (tsp, &tmp);
start_time = tmp;
krb5_ret_int32 (tsp, &tmp);
end_time = tmp;
krb5_storage_free (tsp);
}
/* life */
max_life = end_time - kdc_time;
/* end_time - kdc_time can sometimes be non-positive due to slight
time skew between client and server. Let's make sure it is postive */
if(max_life < 1)
max_life = 1;
if (krbtgt_entry->entry.max_life)
max_life = min(max_life, *krbtgt_entry->entry.max_life);
if (server_entry->entry.max_life)
max_life = min(max_life, *server_entry->entry.max_life);
/* if this is a cross realm request, the client_entry will likely
be NULL */
if (client_entry && client_entry->entry.max_life)
max_life = min(max_life, *client_entry->entry.max_life);
life = _krb5_krb_time_to_life(kdc_time, kdc_time + max_life);
create_reply_ticket (context,
hdr, skey,
ad.pname, ad.pinst, ad.prealm,
addr, life, server_entry->entry.kvno,
max_seq_len,
name, instance,
0, "gtkt",
&ad.session, reply);
out:
_krb5_krb_free_auth_data(context, &ad);
if (aticket.length) {
memset (aticket.data, 0, aticket.length);
krb5_data_free (&aticket);
}
if (times.length) {
memset (times.data, 0, times.length);
krb5_data_free (&times);
}
if (auth_domain)
free (auth_domain);
if (name)
free (name);
if (instance)
free (instance);
if (krbtgt_entry)
_kdc_free_ent (context, krbtgt_entry);
if (server_entry)
_kdc_free_ent (context, server_entry);
}
krb5_error_code
_kdc_do_kaserver(krb5_context context,
krb5_kdc_configuration *config,
unsigned char *buf,
size_t len,
krb5_data *reply,
const char *from,
struct sockaddr_in *addr)
{
krb5_error_code ret = 0;
struct rx_header hdr;
uint32_t op;
krb5_storage *sp;
if (len < RX_HEADER_SIZE)
return -1;
sp = krb5_storage_from_mem (buf, len);
ret = decode_rx_header (sp, &hdr);
if (ret)
goto out;
buf += RX_HEADER_SIZE;
len -= RX_HEADER_SIZE;
switch (hdr.type) {
case HT_DATA :
break;
case HT_ACK :
case HT_BUSY :
case HT_ABORT :
case HT_ACKALL :
case HT_CHAL :
case HT_RESP :
case HT_DEBUG :
default:
/* drop */
goto out;
}
if (hdr.serviceid != KA_AUTHENTICATION_SERVICE
&& hdr.serviceid != KA_TICKET_GRANTING_SERVICE) {
ret = -1;
goto out;
}
ret = krb5_ret_uint32(sp, &op);
if (ret)
goto out;
switch (op) {
case AUTHENTICATE :
case AUTHENTICATE_V2 :
do_authenticate (context, config, &hdr, sp, addr, from, reply);
break;
case GETTICKET :
do_getticket (context, config, &hdr, sp, addr, from, reply);
break;
case AUTHENTICATE_OLD :
case CHANGEPASSWORD :
case GETTICKET_OLD :
case SETPASSWORD :
case SETFIELDS :
case CREATEUSER :
case DELETEUSER :
case GETENTRY :
case LISTENTRY :
case GETSTATS :
case DEBUG :
case GETPASSWORD :
case GETRANDOMKEY :
default :
make_error_reply (&hdr, RXGEN_OPCODE, reply);
break;
}
out:
krb5_storage_free (sp);
return ret;
}
#endif /* KRB4 */

21
source4/heimdal/kdc/misc.c
View File

@ -91,21 +91,12 @@ _kdc_db_fetch(krb5_context context,
continue;
}
if (config->db[i]->hdb_fetch_kvno) {
ret = config->db[i]->hdb_fetch_kvno(context,
config->db[i],
principal,
flags | HDB_F_DECRYPT,
kvno,
ent);
} else {
flags &= ~HDB_F_KVNO_SPECIFIED;
ret = config->db[i]->hdb_fetch(context,
config->db[i],
principal,
flags | HDB_F_DECRYPT,
ent);
}
ret = config->db[i]->hdb_fetch_kvno(context,
config->db[i],
principal,
flags | HDB_F_DECRYPT,
kvno,
ent);
krb5_free_principal(context, enterprise_principal);

77
source4/heimdal/kdc/process.c
View File

@ -161,78 +161,6 @@ kdc_kx509(krb5_context context,
#endif
#ifdef KRB4
static krb5_error_code
kdc_524(krb5_context context,
krb5_kdc_configuration *config,
krb5_data *req_buffer,
krb5_data *reply,
const char *from,
struct sockaddr *addr,
int datagram_reply,
int *claim)
{
krb5_error_code ret;
Ticket ticket;
size_t len;
ret = decode_Ticket(req_buffer->data, req_buffer->length, &ticket, &len);
if (ret)
return ret;
*claim = 1;
ret = _kdc_do_524(context, config, &ticket, reply, from, addr);
free_Ticket(&ticket);
return ret;
}
static krb5_error_code
kdc_krb4(krb5_context context,
krb5_kdc_configuration *config,
krb5_data *req_buffer,
krb5_data *reply,
const char *from,
struct sockaddr *addr,
int datagram_reply,
int *claim)
{
if (_kdc_maybe_version4(req_buffer->data, req_buffer->length) == 0)
return -1;
*claim = 1;
return _kdc_do_version4(context, config,
req_buffer->data, req_buffer->length,
reply, from,
(struct sockaddr_in*)addr);
}
static krb5_error_code
kdc_kaserver(krb5_context context,
krb5_kdc_configuration *config,
krb5_data *req_buffer,
krb5_data *reply,
const char *from,
struct sockaddr *addr,
int datagram_reply,
int *claim)
{
if (config->enable_kaserver == 0)
return -1;
*claim = 1;
return _kdc_do_kaserver(context, config,
req_buffer->data, req_buffer->length,
reply, from,
(struct sockaddr_in*)addr);
}
#endif /* KRB4 */
static struct krb5_kdc_service services[] = {
{ KS_KRB5, kdc_as_req },
{ KS_KRB5, kdc_tgs_req },
@ -241,11 +169,6 @@ static struct krb5_kdc_service services[] = {
#endif
#ifdef KX509
{ 0, kdc_kx509 },
#endif
#ifdef KRB4
{ 0, kdc_524 },
{ KS_NO_LENGTH, kdc_krb4 },
{ 0, kdc_kaserver },
#endif
{ 0, NULL }
};

14
source4/heimdal/kuser/kinit.c
View File

@ -39,12 +39,6 @@
#include <Security/Security.h>
#endif
struct krb5_dh_moduli;
struct AlgorithmIdentifier;
struct _krb5_krb_auth_data;
struct hx509_certs_data;
#include <krb5-private.h>
#ifndef NO_NTLM
#include "heimntlm.h"
#endif
@ -457,7 +451,7 @@ get_new_tickets(krb5_context context,
if (ret)
krb5_err(context, 1, ret, "krb5_get_init_creds_opt_set_pkinit");
if (ent_user_id)
_krb5_get_init_creds_opt_set_pkinit_user_certs(context, opt, ent_user_id);
krb5_get_init_creds_opt_set_pkinit_user_certs(context, opt, ent_user_id);
}
if (addrs_flag != -1)
@ -768,9 +762,9 @@ main (int argc, char **argv)
parseflags |= KRB5_PRINCIPAL_PARSE_ENTERPRISE;
if (pk_enterprise_flag) {
ret = _krb5_pk_enterprise_cert(context, pk_user_id,
argv[0], &principal,
&ent_user_id);
ret = krb5_pk_enterprise_cert(context, pk_user_id,
argv[0], &principal,
&ent_user_id);
if (ret)
krb5_err(context, 1, ret, "krb5_pk_enterprise_certs");

3
source4/heimdal/kuser/kuser_locl.h
View File

@ -84,6 +84,8 @@
#endif
#include "crypto-headers.h" /* for UI_UTIL_read_pw_string */
#include <rtbl.h>
#ifdef HAVE_LOCALE_H
#include <locale.h>
#endif
@ -101,5 +103,6 @@
#define textdomain(package)
#endif
extern krb5_context kcc_context;
#endif /* __KUSER_LOCL_H__ */

724
source4/heimdal/lib/asn1/asn1parse.c
View File

File diff suppressed because it is too large Load Diff

4
source4/heimdal/lib/asn1/asn1parse.y
View File

@ -62,6 +62,10 @@ struct string_list {
struct string_list *next;
};
/* Declarations for Bison */
#define YYMALLOC malloc
#define YYFREE free
%}
%union {

4
source4/heimdal/lib/asn1/gen_template.c
View File

@ -58,8 +58,10 @@ integer_symbol(const char *basename, const Type *t)
return "unsigned";
else if (t->range->min == 0 && t->range->max == INT_MAX)
return "unsigned";
else
else {
abort();
UNREACHABLE(return NULL);
}
}
static const char *

20
source4/heimdal/lib/com_err/com_err.h
View File

@ -45,26 +45,6 @@
#define __attribute__(X)
#endif
#ifndef KRB5_LIB
#ifndef KRB5_LIB_FUNCTION
#if defined(_WIN32)
#define KRB5_LIB_FUNCTION __declspec(dllimport)
#define KRB5_LIB_CALL __stdcall
#define KRB5_LIB_VARIABLE __declspec(dllimport)
#else
#define KRB5_LIB_FUNCTION
#define KRB5_LIB_CALL
#define KRB5_LIB_VARIABLE
#endif
#endif
#endif
#ifdef _WIN32
#define KRB5_CALLCONV __stdcall
#else
#define KRB5_CALLCONV
#endif
typedef void (KRB5_CALLCONV *errf) (const char *, long, const char *, va_list);
KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL

35
source4/heimdal/lib/com_err/com_right.h
View File

@ -36,6 +36,26 @@
#ifndef __COM_RIGHT_H__
#define __COM_RIGHT_H__
#ifndef KRB5_LIB
#ifndef KRB5_LIB_FUNCTION
#if defined(_WIN32)
#define KRB5_LIB_FUNCTION __declspec(dllimport)
#define KRB5_LIB_CALL __stdcall
#define KRB5_LIB_VARIABLE __declspec(dllimport)
#else
#define KRB5_LIB_FUNCTION
#define KRB5_LIB_CALL
#define KRB5_LIB_VARIABLE
#endif
#endif
#endif
#ifdef _WIN32
#define KRB5_CALLCONV __stdcall
#else
#define KRB5_CALLCONV
#endif
#ifdef __STDC__
#include <stdarg.h>
#endif
@ -51,9 +71,16 @@ struct et_list {
};
extern struct et_list *_et_list;
const char *com_right (struct et_list *list, long code);
const char *com_right_r (struct et_list *list, long code, char *, size_t);
void initialize_error_table_r (struct et_list **, const char **, int, long);
void free_error_table (struct et_list *);
KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL
com_right (struct et_list *list, long code);
KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL
com_right_r (struct et_list *list, long code, char *, size_t);
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
initialize_error_table_r (struct et_list **, const char **, int, long);
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
free_error_table (struct et_list *);
#endif /* __COM_RIGHT_H__ */

8
source4/heimdal/lib/com_err/error.c
View File

@ -46,7 +46,7 @@
#define dgettext(d,s) (s)
#endif
const char *
KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL
com_right(struct et_list *list, long code)
{
struct et_list *p;
@ -56,7 +56,7 @@ com_right(struct et_list *list, long code)
return NULL;
}
const char *
KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL
com_right_r(struct et_list *list, long code, char *str, size_t len)
{
struct et_list *p;
@ -79,7 +79,7 @@ struct foobar {
struct error_table et;
};
void
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
initialize_error_table_r(struct et_list **list,
const char **messages,
int num_errors,
@ -103,7 +103,7 @@ initialize_error_table_r(struct et_list **list,
}
void
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
free_error_table(struct et_list *et)
{
while(et){

83
source4/heimdal/lib/com_err/lex.c
View File

@ -586,8 +586,6 @@ extern int yywrap (void );
#endif
#endif
static void yyunput (int c,char *buf_ptr );
#ifndef yytext_ptr
static void yy_flex_strncpy (char *,yyconst char *,int );
#endif
@ -709,9 +707,9 @@ YY_DECL
register char *yy_cp, *yy_bp;
register int yy_act;
#line 57 "lex.l"
#line 58 "lex.l"
#line 714 ""
#line 712 ""
if ( !(yy_init) )
{
@ -796,86 +794,86 @@ do_action: /* This label is used only to access EOF actions. */
case 1:
YY_RULE_SETUP
#line 58 "lex.l"
#line 59 "lex.l"
{ return ET; }
YY_BREAK
case 2:
YY_RULE_SETUP
#line 59 "lex.l"
#line 60 "lex.l"
{ return ET; }
YY_BREAK
case 3:
YY_RULE_SETUP
#line 60 "lex.l"
#line 61 "lex.l"
{ return EC; }
YY_BREAK
case 4:
YY_RULE_SETUP
#line 61 "lex.l"
#line 62 "lex.l"
{ return EC; }
YY_BREAK
case 5:
YY_RULE_SETUP
#line 62 "lex.l"
#line 63 "lex.l"
{ return PREFIX; }
YY_BREAK
case 6:
YY_RULE_SETUP
#line 63 "lex.l"
#line 64 "lex.l"
{ return INDEX; }
YY_BREAK
case 7:
YY_RULE_SETUP
#line 64 "lex.l"
#line 65 "lex.l"
{ return ID; }
YY_BREAK
case 8:
YY_RULE_SETUP
#line 65 "lex.l"
#line 66 "lex.l"
{ return END; }
YY_BREAK
case 9:
YY_RULE_SETUP
#line 66 "lex.l"
#line 67 "lex.l"
{ yylval.number = atoi(yytext); return NUMBER; }
YY_BREAK
case 10:
YY_RULE_SETUP
#line 67 "lex.l"
#line 68 "lex.l"
;
YY_BREAK
case 11:
YY_RULE_SETUP
#line 68 "lex.l"
#line 69 "lex.l"
;
YY_BREAK
case 12:
/* rule 12 can match eol */
YY_RULE_SETUP
#line 69 "lex.l"
#line 70 "lex.l"
{ lineno++; }
YY_BREAK
case 13:
YY_RULE_SETUP
#line 70 "lex.l"
#line 71 "lex.l"
{ return getstring(); }
YY_BREAK
case 14:
YY_RULE_SETUP
#line 71 "lex.l"
#line 72 "lex.l"
{ yylval.string = strdup(yytext); return STRING; }
YY_BREAK
case 15:
YY_RULE_SETUP
#line 72 "lex.l"
#line 73 "lex.l"
{ return *yytext; }
YY_BREAK
case 16:
YY_RULE_SETUP
#line 73 "lex.l"
#line 74 "lex.l"
ECHO;
YY_BREAK
#line 878 ""
#line 876 ""
case YY_STATE_EOF(INITIAL):
yyterminate();
@ -1204,43 +1202,6 @@ static int yy_get_next_buffer (void)
return yy_is_jam ? 0 : yy_current_state;
}
static void yyunput (int c, register char * yy_bp )
{
register char *yy_cp;
yy_cp = (yy_c_buf_p);
/* undo effects of setting up yytext */
*yy_cp = (yy_hold_char);
if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
{ /* need to shift things up to make room */
/* +2 for EOB chars. */
register int number_to_move = (yy_n_chars) + 2;
register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[
YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2];
register char *source =
&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move];
while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf )
*--dest = *--source;
yy_cp += (int) (dest - source);
yy_bp += (int) (dest - source);
YY_CURRENT_BUFFER_LVALUE->yy_n_chars =
(yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size;
if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 )
YY_FATAL_ERROR( "flex scanner push-back overflow" );
}
*--yy_cp = (char) c;
(yytext_ptr) = yy_bp;
(yy_hold_char) = *yy_cp;
(yy_c_buf_p) = yy_cp;
}
#ifndef YY_NO_INPUT
#ifdef __cplusplus
static int yyinput (void)
@ -1873,7 +1834,7 @@ void yyfree (void * ptr )
#define YYTABLES_NAME "yytables"
#line 73 "lex.l"
#line 74 "lex.l"
@ -1899,7 +1860,7 @@ getstring(void)
continue;
}
if(c == '\n'){
error_message("unterminated string");
lex_error_message("unterminated string");
lineno++;
break;
}
@ -1919,7 +1880,7 @@ getstring(void)
}
void
error_message (const char *format, ...)
lex_error_message (const char *format, ...)
{
va_list args;

2
source4/heimdal/lib/com_err/lex.h
View File

@ -33,7 +33,7 @@
/* $Id$ */
void error_message (const char *, ...)
void lex_error_message (const char *, ...)
__attribute__ ((format (printf, 1, 2)));
int yylex(void);

5
source4/heimdal/lib/com_err/lex.l
View File

@ -53,6 +53,7 @@ static int getstring(void);
%}
%option nounput
%%
et { return ET; }
@ -94,7 +95,7 @@ getstring(void)
continue;
}
if(c == '\n'){
error_message("unterminated string");
lex_error_message("unterminated string");
lineno++;
break;
}
@ -114,7 +115,7 @@ getstring(void)
}
void
error_message (const char *format, ...)
lex_error_message (const char *format, ...)
{
va_list args;

265
source4/heimdal/lib/com_err/parse.c
View File

@ -8,17 +8,29 @@ static const char yysccsid[] = "@(#)yaccpar 1.9 (Berkeley) 02/21/93";
#define YYBYACC 1
#define YYMAJOR 1
#define YYMINOR 9
#define YYPATCH 20070509
#define YYPATCH 20100216
#define YYEMPTY (-1)
#define yyclearin (yychar = YYEMPTY)
#define yyerrok (yyerrflag = 0)
#define YYRECOVERING (yyerrflag != 0)
#define YYEMPTY (-1)
#define yyclearin (yychar = YYEMPTY)
#define yyerrok (yyerrflag = 0)
#define YYRECOVERING() (yyerrflag != 0)
extern int yyparse(void);
static int yygrowstack(void);
#define YYPREFIX "yy"
/* compatibility with bison */
#ifdef YYPARSE_PARAM
/* compatibility with FreeBSD */
#ifdef YYPARSE_PARAM_TYPE
#define YYPARSE_DECL() yyparse(YYPARSE_PARAM_TYPE YYPARSE_PARAM)
#else
#define YYPARSE_DECL() yyparse(void *YYPARSE_PARAM)
#endif
#else
#define YYPARSE_DECL() yyparse(void)
#endif /* YYPARSE_PARAM */
extern int YYPARSE_DECL();
#line 2 ""
/*
* Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan
@ -67,12 +79,15 @@ extern char *yytext;
#define alloca(x) malloc(x)
#endif
#line 51 ""
#define YYMALLOC malloc
#define YYFREE free
#line 54 ""
typedef union {
char *string;
int number;
} YYSTYPE;
#line 76 ""
#line 90 ""
#define ET 257
#define INDEX 258
#define PREFIX 259
@ -82,37 +97,37 @@ typedef union {
#define STRING 263
#define NUMBER 264
#define YYERRCODE 256
short yylhs[] = { -1,
static const short yylhs[] = { -1,
0, 0, 1, 1, 3, 4, 4, 2, 2, 5,
5, 5, 5, 5,
};
short yylen[] = { 2,
static const short yylen[] = { 2,
0, 2, 2, 1, 2, 2, 3, 1, 2, 2,
2, 1, 4, 1,
};
short yydefred[] = { 0,
static const short yydefred[] = { 0,
0, 0, 0, 0, 0, 4, 0, 5, 0, 0,
0, 14, 0, 8, 3, 7, 10, 11, 0, 9,
0, 13,
};
short yydgoto[] = { 3,
static const short yydgoto[] = { 3,
4, 13, 5, 6, 14,
};
short yysindex[] = { -247,
static const short yysindex[] = { -247,
-263, -258, 0, -256, -245, 0, -250, 0, -249, -246,
-244, 0, -256, 0, 0, 0, 0, 0, -28, 0,
-243, 0,
};
short yyrindex[] = { 18,
static const short yyrindex[] = { 18,
0, 0, 0, 0, 0, 0, -251, 0, 0, 1,
0, 0, 21, 0, 0, 0, 0, 0, 0, 0,
0, 0,
};
short yygindex[] = { 0,
static const short yygindex[] = { 0,
0, 0, 0, 17, 10,
};
#define YYTABLESIZE 263
short yytable[] = { 7,
static const short yytable[] = { 7,
12, 9, 10, 11, 8, 12, 6, 6, 6, 1,
6, 1, 16, 2, 17, 21, 18, 1, 19, 22,
2, 15, 20, 0, 0, 0, 0, 0, 0, 0,
@ -141,7 +156,7 @@ short yytable[] = { 7,
0, 0, 0, 0, 0, 0, 0, 0, 12, 12,
12, 0, 12,
};
short yycheck[] = { 263,
static const short yycheck[] = { 263,
0, 258, 259, 260, 263, 262, 258, 259, 260, 257,
262, 257, 263, 261, 264, 44, 263, 0, 263, 263,
0, 5, 13, -1, -1, -1, -1, -1, -1, -1,
@ -176,7 +191,8 @@ short yycheck[] = { 263,
#endif
#define YYMAXTOKEN 264
#if YYDEBUG
char *yyname[] = {
static const char *yyname[] = {
"end-of-file",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,"','",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
@ -186,7 +202,7 @@ char *yyname[] = {
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,"ET","INDEX","PREFIX","EC",
"ID","END","STRING","NUMBER",
};
char *yyrule[] = {
static const char *yyrule[] = {
"$accept : file",
"file :",
"file : header statements",
@ -202,6 +218,7 @@ char *yyrule[] = {
"statement : PREFIX",
"statement : EC STRING ',' STRING",
"statement : END",
};
#endif
#if YYDEBUG
@ -225,19 +242,26 @@ char *yyrule[] = {
int yydebug;
int yynerrs;
typedef struct {
unsigned stacksize;
short *s_base;
short *s_mark;
short *s_last;
YYSTYPE *l_base;
YYSTYPE *l_mark;
} YYSTACKDATA;
#define YYPURE 0
int yyerrflag;
int yychar;
short *yyssp;
YYSTYPE *yyvsp;
YYSTYPE yyval;
YYSTYPE yylval;
/* variables for the parser stack */
static short *yyss;
static short *yysslim;
static YYSTYPE *yyvs;
static int yystacksize;
#line 141 ""
static YYSTACKDATA yystack;
#line 144 ""
static long
name2number(const char *str)
@ -267,55 +291,70 @@ name2number(const char *str)
void
yyerror (char *s)
{
error_message ("%s\n", s);
lex_error_message ("%s\n", s);
}
#line 273 ""
#line 296 ""
/* allocate initial stack or double stack size, up to YYMAXDEPTH */
static int yygrowstack(void)
static int yygrowstack(YYSTACKDATA *data)
{
int newsize, i;
int i;
unsigned newsize;
short *newss;
YYSTYPE *newvs;
if ((newsize = yystacksize) == 0)
if ((newsize = data->stacksize) == 0)
newsize = YYINITSTACKSIZE;
else if (newsize >= YYMAXDEPTH)
return -1;
else if ((newsize *= 2) > YYMAXDEPTH)
newsize = YYMAXDEPTH;
i = yyssp - yyss;
newss = (yyss != 0)
? (short *)realloc(yyss, newsize * sizeof(*newss))
i = data->s_mark - data->s_base;
newss = (data->s_base != 0)
? (short *)realloc(data->s_base, newsize * sizeof(*newss))
: (short *)malloc(newsize * sizeof(*newss));
if (newss == 0)
return -1;
yyss = newss;
yyssp = newss + i;
newvs = (yyvs != 0)
? (YYSTYPE *)realloc(yyvs, newsize * sizeof(*newvs))
data->s_base = newss;
data->s_mark = newss + i;
newvs = (data->l_base != 0)
? (YYSTYPE *)realloc(data->l_base, newsize * sizeof(*newvs))
: (YYSTYPE *)malloc(newsize * sizeof(*newvs));
if (newvs == 0)
return -1;
yyvs = newvs;
yyvsp = newvs + i;
yystacksize = newsize;
yysslim = yyss + newsize - 1;
data->l_base = newvs;
data->l_mark = newvs + i;
data->stacksize = newsize;
data->s_last = data->s_base + newsize - 1;
return 0;
}
#define YYABORT goto yyabort
#if YYPURE || defined(YY_NO_LEAKS)
static void yyfreestack(YYSTACKDATA *data)
{
free(data->s_base);
free(data->l_base);
memset(data, 0, sizeof(*data));
}
#else
#define yyfreestack(data) /* nothing */
#endif
#define YYABORT goto yyabort
#define YYREJECT goto yyabort
#define YYACCEPT goto yyaccept
#define YYERROR goto yyerrlab
#define YYERROR goto yyerrlab
int
yyparse(void)
YYPARSE_DECL()
{
register int yym, yyn, yystate;
int yym, yyn, yystate;
#if YYDEBUG
register const char *yys;
const char *yys;
if ((yys = getenv("YYDEBUG")) != 0)
{
@ -328,11 +367,17 @@ yyparse(void)
yynerrs = 0;
yyerrflag = 0;
yychar = YYEMPTY;
yystate = 0;
if (yyss == NULL && yygrowstack()) goto yyoverflow;
yyssp = yyss;
yyvsp = yyvs;
*yyssp = yystate = 0;
#if YYPURE
memset(&yystack, 0, sizeof(yystack));
#endif
if (yystack.s_base == NULL && yygrowstack(&yystack)) goto yyoverflow;
yystack.s_mark = yystack.s_base;
yystack.l_mark = yystack.l_base;
yystate = 0;
*yystack.s_mark = 0;
yyloop:
if ((yyn = yydefred[yystate]) != 0) goto yyreduce;
@ -358,12 +403,13 @@ yyloop:
printf("%sdebug: state %d, shifting to state %d\n",
YYPREFIX, yystate, yytable[yyn]);
#endif
if (yyssp >= yysslim && yygrowstack())
if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack))
{
goto yyoverflow;
}
*++yyssp = yystate = yytable[yyn];
*++yyvsp = yylval;
yystate = yytable[yyn];
*++yystack.s_mark = yytable[yyn];
*++yystack.l_mark = yylval;
yychar = YYEMPTY;
if (yyerrflag > 0) --yyerrflag;
goto yyloop;
@ -378,9 +424,7 @@ yyloop:
yyerror("syntax error");
#ifdef lint
goto yyerrlab;
#endif
yyerrlab:
++yynerrs;
@ -391,20 +435,21 @@ yyinrecovery:
yyerrflag = 3;
for (;;)
{
if ((yyn = yysindex[*yyssp]) && (yyn += YYERRCODE) >= 0 &&
if ((yyn = yysindex[*yystack.s_mark]) && (yyn += YYERRCODE) >= 0 &&
yyn <= YYTABLESIZE && yycheck[yyn] == YYERRCODE)
{
#if YYDEBUG
if (yydebug)
printf("%sdebug: state %d, error recovery shifting\
to state %d\n", YYPREFIX, *yyssp, yytable[yyn]);
to state %d\n", YYPREFIX, *yystack.s_mark, yytable[yyn]);
#endif
if (yyssp >= yysslim && yygrowstack())
if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack))
{
goto yyoverflow;
}
*++yyssp = yystate = yytable[yyn];
*++yyvsp = yylval;
yystate = yytable[yyn];
*++yystack.s_mark = yytable[yyn];
*++yystack.l_mark = yylval;
goto yyloop;
}
else
@ -412,11 +457,11 @@ yyinrecovery:
#if YYDEBUG
if (yydebug)
printf("%sdebug: error recovery discarding state %d\n",
YYPREFIX, *yyssp);
YYPREFIX, *yystack.s_mark);
#endif
if (yyssp <= yyss) goto yyabort;
--yyssp;
--yyvsp;
if (yystack.s_mark <= yystack.s_base) goto yyabort;
--yystack.s_mark;
--yystack.l_mark;
}
}
}
@ -445,53 +490,53 @@ yyreduce:
#endif
yym = yylen[yyn];
if (yym)
yyval = yyvsp[1-yym];
yyval = yystack.l_mark[1-yym];
else
memset(&yyval, 0, sizeof yyval);
switch (yyn)
{
case 5:
#line 71 ""
{
id_str = yyvsp[0].string;
#line 74 ""
{
id_str = yystack.l_mark[0].string;
}
break;
case 6:
#line 77 ""
{
base_id = name2number(yyvsp[0].string);
strlcpy(name, yyvsp[0].string, sizeof(name));
free(yyvsp[0].string);
#line 80 ""
{
base_id = name2number(yystack.l_mark[0].string);
strlcpy(name, yystack.l_mark[0].string, sizeof(name));
free(yystack.l_mark[0].string);
}
break;
case 7:
#line 83 ""
{
base_id = name2number(yyvsp[-1].string);
strlcpy(name, yyvsp[0].string, sizeof(name));
free(yyvsp[-1].string);
free(yyvsp[0].string);
#line 86 ""
{
base_id = name2number(yystack.l_mark[-1].string);
strlcpy(name, yystack.l_mark[0].string, sizeof(name));
free(yystack.l_mark[-1].string);
free(yystack.l_mark[0].string);
}
break;
case 10:
#line 96 ""
{
number = yyvsp[0].number;
#line 99 ""
{
number = yystack.l_mark[0].number;
}
break;
case 11:
#line 100 ""
{
#line 103 ""
{
free(prefix);
asprintf (&prefix, "%s_", yyvsp[0].string);
asprintf (&prefix, "%s_", yystack.l_mark[0].string);
if (prefix == NULL)
errx(1, "malloc");
free(yyvsp[0].string);
free(yystack.l_mark[0].string);
}
break;
case 12:
#line 108 ""
{
#line 111 ""
{
prefix = realloc(prefix, 1);
if (prefix == NULL)
errx(1, "malloc");
@ -499,8 +544,8 @@ case 12:
}
break;
case 13:
#line 115 ""
{
#line 118 ""
{
struct error_code *ec = malloc(sizeof(*ec));
if (ec == NULL)
@ -509,28 +554,28 @@ case 13:
ec->next = NULL;
ec->number = number;
if(prefix && *prefix != '\0') {
asprintf (&ec->name, "%s%s", prefix, yyvsp[-2].string);
asprintf (&ec->name, "%s%s", prefix, yystack.l_mark[-2].string);
if (ec->name == NULL)
errx(1, "malloc");
free(yyvsp[-2].string);
free(yystack.l_mark[-2].string);
} else
ec->name = yyvsp[-2].string;
ec->string = yyvsp[0].string;
ec->name = yystack.l_mark[-2].string;
ec->string = yystack.l_mark[0].string;
APPEND(codes, ec);
number++;
}
break;
case 14:
#line 135 ""
{
#line 138 ""
{
YYACCEPT;
}
break;
#line 530 ""
#line 574 ""
}
yyssp -= yym;
yystate = *yyssp;
yyvsp -= yym;
yystack.s_mark -= yym;
yystate = *yystack.s_mark;
yystack.l_mark -= yym;
yym = yylhs[yyn];
if (yystate == 0 && yym == 0)
{
@ -540,8 +585,8 @@ break;
state %d\n", YYPREFIX, YYFINAL);
#endif
yystate = YYFINAL;
*++yyssp = YYFINAL;
*++yyvsp = yyval;
*++yystack.s_mark = YYFINAL;
*++yystack.l_mark = yyval;
if (yychar < 0)
{
if ((yychar = yylex()) < 0) yychar = 0;
@ -567,22 +612,24 @@ break;
#if YYDEBUG
if (yydebug)
printf("%sdebug: after reduction, shifting from state %d \
to state %d\n", YYPREFIX, *yyssp, yystate);
to state %d\n", YYPREFIX, *yystack.s_mark, yystate);
#endif
if (yyssp >= yysslim && yygrowstack())
if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack))
{
goto yyoverflow;
}
*++yyssp = yystate;
*++yyvsp = yyval;
*++yystack.s_mark = (short) yystate;
*++yystack.l_mark = yyval;
goto yyloop;
yyoverflow:
yyerror("yacc stack overflow");
yyabort:
yyfreestack(&yystack);
return (1);
yyaccept:
yyfreestack(&yystack);
return (0);
}

5
source4/heimdal/lib/com_err/parse.y
View File

@ -46,6 +46,9 @@ extern char *yytext;
#define alloca(x) malloc(x)
#endif
#define YYMALLOC malloc
#define YYFREE free
%}
%union {
@ -167,5 +170,5 @@ name2number(const char *str)
void
yyerror (char *s)
{
error_message ("%s\n", s);
lex_error_message ("%s\n", s);
}

85
source4/heimdal/lib/gssapi/gssapi/gssapi.h
View File

@ -90,29 +90,35 @@ typedef uint32_t gss_uint32;
struct gss_name_t_desc_struct;
typedef struct gss_name_t_desc_struct *gss_name_t;
typedef const struct gss_name_t_desc_struct *gss_const_name_t;
struct gss_ctx_id_t_desc_struct;
typedef struct gss_ctx_id_t_desc_struct *gss_ctx_id_t;
typedef const struct gss_ctx_id_t_desc_struct gss_const_ctx_id_t;
typedef struct gss_OID_desc_struct {
OM_uint32 length;
void *elements;
} gss_OID_desc, *gss_OID;
typedef const gss_OID_desc * gss_const_OID;
typedef struct gss_OID_set_desc_struct {
size_t count;
gss_OID elements;
} gss_OID_set_desc, *gss_OID_set;
typedef const gss_OID_set_desc * gss_const_OID_set;
typedef int gss_cred_usage_t;
struct gss_cred_id_t_desc_struct;
typedef struct gss_cred_id_t_desc_struct *gss_cred_id_t;
typedef const struct gss_cred_id_t_desc_struct *gss_const_cred_id_t;
typedef struct gss_buffer_desc_struct {
size_t length;
void *value;
} gss_buffer_desc, *gss_buffer_t;
typedef const gss_buffer_desc * gss_const_buffer_t;
typedef struct gss_channel_bindings_struct {
OM_uint32 initiator_addrtype;
@ -121,6 +127,7 @@ typedef struct gss_channel_bindings_struct {
gss_buffer_desc acceptor_address;
gss_buffer_desc application_data;
} *gss_channel_bindings_t;
typedef const struct gss_channel_bindings_struct *gss_const_channel_bindings_t;
/* GGF extension data types */
typedef struct gss_buffer_set_desc_struct {
@ -138,6 +145,8 @@ typedef struct gss_iov_buffer_desc_struct {
*/
typedef OM_uint32 gss_qop_t;
/*
* Flag bits for context-level services.
*/
@ -261,6 +270,8 @@ typedef OM_uint32 gss_qop_t;
GSSAPI_CPP_START
#include <gssapi/gssapi_oid.h>
/*
* The implementation must reserve static storage for a
* gss_OID_desc object containing the value
@ -363,14 +374,6 @@ extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_anonymous_oid_desc;
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_export_name_oid_desc;
#define GSS_C_NT_EXPORT_NAME (&__gss_c_nt_export_name_oid_desc)
/*
* Digest mechanism
*/
extern gss_OID_desc GSSAPI_LIB_VARIABLE __gss_sasl_digest_md5_mechanism_oid_desc;
#define GSS_SASL_DIGEST_MD5_MECHANISM (&__gss_sasl_digest_md5_mechanism_oid_desc)
/* Major status codes */
#define GSS_S_COMPLETE 0
@ -438,6 +441,7 @@ extern gss_OID_desc GSSAPI_LIB_VARIABLE __gss_sasl_digest_md5_mechanism_oid_desc
#define GSS_S_UNAVAILABLE (16ul << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_DUPLICATE_ELEMENT (17ul << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_NAME_NOT_MN (18ul << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_BAD_MECH_ATTR (19ul << GSS_C_ROUTINE_ERROR_OFFSET)
/*
* Supplementary info bits:
@ -756,7 +760,7 @@ gss_set_cred_option (OM_uint32 *minor_status,
const gss_buffer_t value);
GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL
gss_oid_equal(const gss_OID a, const gss_OID b);
gss_oid_equal(gss_const_OID a, gss_const_OID b);
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_create_empty_buffer_set
@ -929,6 +933,69 @@ gss_import_cred(OM_uint32 * /* minor_status */,
gss_buffer_t /* cred_token */,
gss_cred_id_t * /* cred_handle */);
/*
* mech option
*/
GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL
gss_mo_set(gss_const_OID mech, gss_const_OID option,
int enable, gss_buffer_t value);
GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL
gss_mo_get(gss_const_OID mech, gss_const_OID option, gss_buffer_t value);
GSSAPI_LIB_FUNCTION void GSSAPI_LIB_CALL
gss_mo_list(gss_const_OID mech, gss_OID_set *options);
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_mo_name(gss_const_OID mech, gss_const_OID options, gss_buffer_t name);
/*
* SASL glue functions and mech inquire
*/
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_inquire_saslname_for_mech(OM_uint32 *minor_status,
const gss_OID desired_mech,
gss_buffer_t sasl_mech_name,
gss_buffer_t mech_name,
gss_buffer_t mech_description);
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_inquire_mech_for_saslname(OM_uint32 *minor_status,
const gss_buffer_t sasl_mech_name,
gss_OID *mech_type);
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_indicate_mechs_by_attrs(OM_uint32 * minor_status,
gss_const_OID_set desired_mech_attrs,
gss_const_OID_set except_mech_attrs,
gss_const_OID_set critical_mech_attrs,
gss_OID_set *mechs);
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_inquire_attrs_for_mech(OM_uint32 * minor_status,
gss_const_OID mech,
gss_OID_set *mech_attr,
gss_OID_set *known_mech_attrs);
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_display_mech_attr(OM_uint32 * minor_status,
gss_const_OID mech_attr,
gss_buffer_t name,
gss_buffer_t short_desc,
gss_buffer_t long_desc);
/*
*
*/
GSSAPI_LIB_FUNCTION const char * GSSAPI_LIB_CALL
gss_oid_to_name(gss_const_OID oid);
GSSAPI_LIB_FUNCTION gss_OID GSSAPI_LIB_CALL
gss_name_to_oid(const char *name);
GSSAPI_CPP_END

73
source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h
View File

@ -68,79 +68,6 @@ extern gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_mechanism_oid_desc;
#define gss_mech_krb5 GSS_KRB5_MECHANISM
#define gss_krb5_nt_general_name GSS_KRB5_NT_PRINCIPAL_NAME
/* Extensions set contexts options */
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_copy_ccache_x_oid_desc;
#define GSS_KRB5_COPY_CCACHE_X (&__gss_krb5_copy_ccache_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_compat_des3_mic_x_oid_desc;
#define GSS_KRB5_COMPAT_DES3_MIC_X (&__gss_krb5_compat_des3_mic_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_register_acceptor_identity_x_oid_desc;
#define GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X (&__gss_krb5_register_acceptor_identity_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_set_dns_canonicalize_x_oid_desc;
#define GSS_KRB5_SET_DNS_CANONICALIZE_X (&__gss_krb5_set_dns_canonicalize_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_send_to_kdc_x_oid_desc;
#define GSS_KRB5_SEND_TO_KDC_X (&__gss_krb5_send_to_kdc_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_set_default_realm_x_oid_desc;
#define GSS_KRB5_SET_DEFAULT_REALM_X (&__gss_krb5_set_default_realm_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_ccache_name_x_oid_desc;
#define GSS_KRB5_CCACHE_NAME_X (&__gss_krb5_ccache_name_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_set_time_offset_x_oid_desc;
#define GSS_KRB5_SET_TIME_OFFSET_X (&__gss_krb5_set_time_offset_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_time_offset_x_oid_desc;
#define GSS_KRB5_GET_TIME_OFFSET_X (&__gss_krb5_get_time_offset_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_plugin_register_x_oid_desc;
#define GSS_KRB5_PLUGIN_REGISTER_X (&__gss_krb5_plugin_register_x_oid_desc)
/* Extensions inquire context */
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_tkt_flags_x_oid_desc;
#define GSS_KRB5_GET_TKT_FLAGS_X (&__gss_krb5_get_tkt_flags_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_extract_authz_data_from_sec_context_x_oid_desc;
#define GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X (&__gss_krb5_extract_authz_data_from_sec_context_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_peer_has_updated_spnego_oid_desc;
#define GSS_C_PEER_HAS_UPDATED_SPNEGO (&__gss_c_peer_has_updated_spnego_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_export_lucid_context_x_oid_desc;
#define GSS_KRB5_EXPORT_LUCID_CONTEXT_X (&__gss_krb5_export_lucid_context_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_export_lucid_context_v1_x_oid_desc;
#define GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X (&__gss_krb5_export_lucid_context_v1_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_subkey_x_oid_desc;
#define GSS_KRB5_GET_SUBKEY_X (&__gss_krb5_get_subkey_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_initiator_subkey_x_oid_desc;
#define GSS_KRB5_GET_INITIATOR_SUBKEY_X (&__gss_krb5_get_initiator_subkey_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_acceptor_subkey_x_oid_desc;
#define GSS_KRB5_GET_ACCEPTOR_SUBKEY_X (&__gss_krb5_get_acceptor_subkey_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_authtime_x_oid_desc;
#define GSS_KRB5_GET_AUTHTIME_X (&__gss_krb5_get_authtime_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_service_keyblock_x_oid_desc;
#define GSS_KRB5_GET_SERVICE_KEYBLOCK_X (&__gss_krb5_get_service_keyblock_x_oid_desc)
/* Extensions creds */
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_import_cred_x_oid_desc;
#define GSS_KRB5_IMPORT_CRED_X (&__gss_krb5_import_cred_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_set_allowable_enctypes_x_oid_desc;
#define GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X (&__gss_krb5_set_allowable_enctypes_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_cred_no_ci_flags_x_oid_desc;
#define GSS_KRB5_CRED_NO_CI_FLAGS_X (&__gss_krb5_cred_no_ci_flags_x_oid_desc)
/*
* kerberos mechanism specific functions
*/

231
source4/heimdal/lib/gssapi/gssapi/gssapi_oid.h Normal file
View File

@ -0,0 +1,231 @@
/* Generated file */
#ifndef GSSAPI_GSSAPI_OID
#define GSSAPI_GSSAPI_OID 1
/* contact Love Hörnquist Åstrand <lha@h5l.org> for new oid arcs */
/*
* 1.2.752.43.13 Heimdal GSS-API Extentions
*/
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_copy_ccache_x_oid_desc;
#define GSS_KRB5_COPY_CCACHE_X (&__gss_krb5_copy_ccache_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_tkt_flags_x_oid_desc;
#define GSS_KRB5_GET_TKT_FLAGS_X (&__gss_krb5_get_tkt_flags_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_extract_authz_data_from_sec_context_x_oid_desc;
#define GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X (&__gss_krb5_extract_authz_data_from_sec_context_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_compat_des3_mic_x_oid_desc;
#define GSS_KRB5_COMPAT_DES3_MIC_X (&__gss_krb5_compat_des3_mic_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_register_acceptor_identity_x_oid_desc;
#define GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X (&__gss_krb5_register_acceptor_identity_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_export_lucid_context_x_oid_desc;
#define GSS_KRB5_EXPORT_LUCID_CONTEXT_X (&__gss_krb5_export_lucid_context_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_export_lucid_context_v1_x_oid_desc;
#define GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X (&__gss_krb5_export_lucid_context_v1_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_set_dns_canonicalize_x_oid_desc;
#define GSS_KRB5_SET_DNS_CANONICALIZE_X (&__gss_krb5_set_dns_canonicalize_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_subkey_x_oid_desc;
#define GSS_KRB5_GET_SUBKEY_X (&__gss_krb5_get_subkey_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_initiator_subkey_x_oid_desc;
#define GSS_KRB5_GET_INITIATOR_SUBKEY_X (&__gss_krb5_get_initiator_subkey_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_acceptor_subkey_x_oid_desc;
#define GSS_KRB5_GET_ACCEPTOR_SUBKEY_X (&__gss_krb5_get_acceptor_subkey_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_send_to_kdc_x_oid_desc;
#define GSS_KRB5_SEND_TO_KDC_X (&__gss_krb5_send_to_kdc_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_authtime_x_oid_desc;
#define GSS_KRB5_GET_AUTHTIME_X (&__gss_krb5_get_authtime_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_service_keyblock_x_oid_desc;
#define GSS_KRB5_GET_SERVICE_KEYBLOCK_X (&__gss_krb5_get_service_keyblock_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_set_allowable_enctypes_x_oid_desc;
#define GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X (&__gss_krb5_set_allowable_enctypes_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_set_default_realm_x_oid_desc;
#define GSS_KRB5_SET_DEFAULT_REALM_X (&__gss_krb5_set_default_realm_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_ccache_name_x_oid_desc;
#define GSS_KRB5_CCACHE_NAME_X (&__gss_krb5_ccache_name_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_set_time_offset_x_oid_desc;
#define GSS_KRB5_SET_TIME_OFFSET_X (&__gss_krb5_set_time_offset_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_time_offset_x_oid_desc;
#define GSS_KRB5_GET_TIME_OFFSET_X (&__gss_krb5_get_time_offset_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_plugin_register_x_oid_desc;
#define GSS_KRB5_PLUGIN_REGISTER_X (&__gss_krb5_plugin_register_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_ntlm_get_session_key_x_oid_desc;
#define GSS_NTLM_GET_SESSION_KEY_X (&__gss_ntlm_get_session_key_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_ntlm_oid_desc;
#define GSS_C_NT_NTLM (&__gss_c_nt_ntlm_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_dn_oid_desc;
#define GSS_C_NT_DN (&__gss_c_nt_dn_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_nt_principal_name_referral_oid_desc;
#define GSS_KRB5_NT_PRINCIPAL_NAME_REFERRAL (&__gss_krb5_nt_principal_name_referral_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ntlm_avguest_oid_desc;
#define GSS_C_NTLM_AVGUEST (&__gss_c_ntlm_avguest_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ntlm_v1_oid_desc;
#define GSS_C_NTLM_V1 (&__gss_c_ntlm_v1_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ntlm_v2_oid_desc;
#define GSS_C_NTLM_V2 (&__gss_c_ntlm_v2_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ntlm_session_key_oid_desc;
#define GSS_C_NTLM_SESSION_KEY (&__gss_c_ntlm_session_key_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ntlm_force_v1_oid_desc;
#define GSS_C_NTLM_FORCE_V1 (&__gss_c_ntlm_force_v1_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_cred_no_ci_flags_x_oid_desc;
#define GSS_KRB5_CRED_NO_CI_FLAGS_X (&__gss_krb5_cred_no_ci_flags_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_import_cred_x_oid_desc;
#define GSS_KRB5_IMPORT_CRED_X (&__gss_krb5_import_cred_x_oid_desc)
/* glue for gss_inquire_saslname_for_mech */
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_sasl_mech_name_oid_desc;
#define GSS_C_MA_SASL_MECH_NAME (&__gss_c_ma_sasl_mech_name_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mech_name_oid_desc;
#define GSS_C_MA_MECH_NAME (&__gss_c_ma_mech_name_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mech_description_oid_desc;
#define GSS_C_MA_MECH_DESCRIPTION (&__gss_c_ma_mech_description_oid_desc)
/* Heimdal mechanisms - 1.2.752.43.14 */
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_sasl_digest_md5_mechanism_oid_desc;
#define GSS_SASL_DIGEST_MD5_MECHANISM (&__gss_sasl_digest_md5_mechanism_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_netlogon_mechanism_oid_desc;
#define GSS_NETLOGON_MECHANISM (&__gss_netlogon_mechanism_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_netlogon_set_session_key_x_oid_desc;
#define GSS_NETLOGON_SET_SESSION_KEY_X (&__gss_netlogon_set_session_key_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_netlogon_set_sign_algorithm_x_oid_desc;
#define GSS_NETLOGON_SET_SIGN_ALGORITHM_X (&__gss_netlogon_set_sign_algorithm_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_netlogon_nt_netbios_dns_name_oid_desc;
#define GSS_NETLOGON_NT_NETBIOS_DNS_NAME (&__gss_netlogon_nt_netbios_dns_name_oid_desc)
/*
* "Standard" mechs
*/
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_mechanism_oid_desc;
#define GSS_KRB5_MECHANISM (&__gss_krb5_mechanism_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_ntlm_mechanism_oid_desc;
#define GSS_NTLM_MECHANISM (&__gss_ntlm_mechanism_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_spnego_mechanism_oid_desc;
#define GSS_SPNEGO_MECHANISM (&__gss_spnego_mechanism_oid_desc)
/* From Luke Howard */
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_peer_has_updated_spnego_oid_desc;
#define GSS_C_PEER_HAS_UPDATED_SPNEGO (&__gss_c_peer_has_updated_spnego_oid_desc)
/*
* OID mappings with name and short description and and slightly longer description
*/
/*
* RFC5587
*/
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mech_concrete_oid_desc;
#define GSS_C_MA_MECH_CONCRETE (&__gss_c_ma_mech_concrete_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mech_pseudo_oid_desc;
#define GSS_C_MA_MECH_PSEUDO (&__gss_c_ma_mech_pseudo_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mech_composite_oid_desc;
#define GSS_C_MA_MECH_COMPOSITE (&__gss_c_ma_mech_composite_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mech_nego_oid_desc;
#define GSS_C_MA_MECH_NEGO (&__gss_c_ma_mech_nego_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mech_glue_oid_desc;
#define GSS_C_MA_MECH_GLUE (&__gss_c_ma_mech_glue_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_not_mech_oid_desc;
#define GSS_C_MA_NOT_MECH (&__gss_c_ma_not_mech_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_deprecated_oid_desc;
#define GSS_C_MA_DEPRECATED (&__gss_c_ma_deprecated_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_not_dflt_mech_oid_desc;
#define GSS_C_MA_NOT_DFLT_MECH (&__gss_c_ma_not_dflt_mech_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_itok_framed_oid_desc;
#define GSS_C_MA_ITOK_FRAMED (&__gss_c_ma_itok_framed_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_auth_init_oid_desc;
#define GSS_C_MA_AUTH_INIT (&__gss_c_ma_auth_init_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_auth_targ_oid_desc;
#define GSS_C_MA_AUTH_TARG (&__gss_c_ma_auth_targ_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_auth_init_init_oid_desc;
#define GSS_C_MA_AUTH_INIT_INIT (&__gss_c_ma_auth_init_init_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_auth_targ_init_oid_desc;
#define GSS_C_MA_AUTH_TARG_INIT (&__gss_c_ma_auth_targ_init_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_auth_init_anon_oid_desc;
#define GSS_C_MA_AUTH_INIT_ANON (&__gss_c_ma_auth_init_anon_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_auth_targ_anon_oid_desc;
#define GSS_C_MA_AUTH_TARG_ANON (&__gss_c_ma_auth_targ_anon_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_deleg_cred_oid_desc;
#define GSS_C_MA_DELEG_CRED (&__gss_c_ma_deleg_cred_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_integ_prot_oid_desc;
#define GSS_C_MA_INTEG_PROT (&__gss_c_ma_integ_prot_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_conf_prot_oid_desc;
#define GSS_C_MA_CONF_PROT (&__gss_c_ma_conf_prot_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mic_oid_desc;
#define GSS_C_MA_MIC (&__gss_c_ma_mic_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_wrap_oid_desc;
#define GSS_C_MA_WRAP (&__gss_c_ma_wrap_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_prot_ready_oid_desc;
#define GSS_C_MA_PROT_READY (&__gss_c_ma_prot_ready_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_replay_det_oid_desc;
#define GSS_C_MA_REPLAY_DET (&__gss_c_ma_replay_det_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_oos_det_oid_desc;
#define GSS_C_MA_OOS_DET (&__gss_c_ma_oos_det_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_cbindings_oid_desc;
#define GSS_C_MA_CBINDINGS (&__gss_c_ma_cbindings_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_pfs_oid_desc;
#define GSS_C_MA_PFS (&__gss_c_ma_pfs_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_compress_oid_desc;
#define GSS_C_MA_COMPRESS (&__gss_c_ma_compress_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_ctx_trans_oid_desc;
#define GSS_C_MA_CTX_TRANS (&__gss_c_ma_ctx_trans_oid_desc)
#endif /* GSSAPI_GSSAPI_OID */

80
source4/heimdal/lib/gssapi/gssapi_mech.h
View File

@ -354,7 +354,60 @@ _gss_import_cred_t(OM_uint32 * minor_status,
gss_cred_id_t * cred_handle);
#define GMI_VERSION 2
typedef OM_uint32 GSSAPI_CALLCONV
_gss_acquire_cred_ex_t(void * /* status */,
const gss_name_t /* desired_name */,
OM_uint32 /* flags */,
OM_uint32 /* time_req */,
gss_cred_usage_t /* cred_usage */,
void * /* identity */,
void * /* ctx */,
void (* /*complete */)(void *, OM_uint32, void *, gss_cred_id_t, OM_uint32));
typedef void GSSAPI_CALLCONV
_gss_iter_creds_t(OM_uint32 /* flags */,
void * /* userctx */,
void (* /*cred_iter */ )(void *, gss_OID, gss_cred_id_t));
typedef OM_uint32 GSSAPI_CALLCONV
_gss_destroy_cred_t(OM_uint32 * /* minor_status */,
gss_cred_id_t * /* cred */);
typedef OM_uint32 GSSAPI_CALLCONV
_gss_cred_hold_t(OM_uint32 * /* minor_status */,
gss_cred_id_t /* cred */);
typedef OM_uint32 GSSAPI_CALLCONV
_gss_cred_unhold_t(OM_uint32 * /* minor_status */,
gss_cred_id_t /* cred */);
typedef OM_uint32 GSSAPI_CALLCONV
_gss_cred_label_set_t(OM_uint32 * /* minor_status */,
gss_cred_id_t /* cred */,
const char * /* label */,
gss_buffer_t /* value */);
typedef OM_uint32 GSSAPI_CALLCONV
_gss_cred_label_get_t(OM_uint32 * /* minor_status */,
gss_cred_id_t /* cred */,
const char * /* label */,
gss_buffer_t /* value */);
typedef struct gss_mo_desc_struct gss_mo_desc;
struct gss_mo_desc_struct {
gss_OID option;
OM_uint32 flags;
#define GSS_MO_MA 1
#define GSS_MO_MA_CRITICAL 2
const char *name;
void *ctx;
int (*get)(gss_const_OID, gss_mo_desc *, gss_buffer_t);
int (*set)(gss_const_OID, gss_mo_desc *, int, gss_buffer_t);
};
#define GMI_VERSION 4
/* gm_flags */
#define GM_USE_MG_CRED 1 /* uses mech glue credentials */
@ -405,10 +458,19 @@ typedef struct gssapi_mech_interface_desc {
_gss_store_cred_t *gm_store_cred;
_gss_export_cred_t *gm_export_cred;
_gss_import_cred_t *gm_import_cred;
_gss_acquire_cred_ex_t *gm_acquire_cred_ex;
_gss_iter_creds_t *gm_iter_creds;
_gss_destroy_cred_t *gm_destroy_cred;
_gss_cred_hold_t *gm_cred_hold;
_gss_cred_unhold_t *gm_cred_unhold;
_gss_cred_label_get_t *gm_cred_label_get;
_gss_cred_label_set_t *gm_cred_label_set;
gss_mo_desc *gm_mo;
size_t gm_mo_num;
} gssapi_mech_interface_desc, *gssapi_mech_interface;
gssapi_mech_interface
__gss_get_mechanism(gss_OID /* oid */);
__gss_get_mechanism(gss_const_OID /* oid */);
gssapi_mech_interface __gss_spnego_initialize(void);
gssapi_mech_interface __gss_krb5_initialize(void);
@ -416,4 +478,18 @@ gssapi_mech_interface __gss_ntlm_initialize(void);
void gss_mg_collect_error(gss_OID, OM_uint32, OM_uint32);
int _gss_mo_get_option_1(gss_const_OID, gss_mo_desc *, gss_buffer_t);
int _gss_mo_get_option_0(gss_const_OID, gss_mo_desc *, gss_buffer_t);
int _gss_mo_get_ctx_as_string(gss_const_OID, gss_mo_desc *, gss_buffer_t);
struct _gss_oid_name_table {
gss_OID oid;
const char *name;
const char *short_desc;
const char *long_desc;
};
extern struct _gss_oid_name_table _gss_ont_mech[];
extern struct _gss_oid_name_table _gss_ont_ma[];
#endif /* GSSAPI_MECH_H */

14
source4/heimdal/lib/gssapi/krb5/acquire_cred.c
View File

@ -40,7 +40,7 @@ __gsskrb5_ccache_lifetime(OM_uint32 *minor_status,
krb5_principal principal,
OM_uint32 *lifetime)
{
krb5_creds in_cred, *out_cred;
krb5_creds in_cred, out_cred;
krb5_const_realm realm;
krb5_error_code kret;
@ -61,16 +61,16 @@ __gsskrb5_ccache_lifetime(OM_uint32 *minor_status,
return GSS_S_FAILURE;
}
kret = krb5_get_credentials(context, 0,
id, &in_cred, &out_cred);
kret = krb5_cc_retrieve_cred(context, id, 0, &in_cred, &out_cred);
krb5_free_principal(context, in_cred.server);
if (kret) {
*minor_status = kret;
return GSS_S_FAILURE;
*minor_status = 0;
*lifetime = 0;
return GSS_S_COMPLETE;
}
*lifetime = out_cred->times.endtime;
krb5_free_creds(context, out_cred);
*lifetime = out_cred.times.endtime;
krb5_free_cred_contents(context, &out_cred);
return GSS_S_COMPLETE;
}

238
source4/heimdal/lib/gssapi/krb5/external.c
View File

@ -152,47 +152,6 @@ gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_export_name_oid_desc =
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_nt_principal_name_oid_desc =
{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01") };
/*
* This name form shall be represented by the Object Identifier {iso(1)
* member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
* generic(1) user_name(1)}. The recommended symbolic name for this
* type is "GSS_KRB5_NT_USER_NAME".
*/
/*
* This name form shall be represented by the Object Identifier {iso(1)
* member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
* generic(1) machine_uid_name(2)}. The recommended symbolic name for
* this type is "GSS_KRB5_NT_MACHINE_UID_NAME".
*/
/*
* This name form shall be represented by the Object Identifier {iso(1)
* member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
* generic(1) string_uid_name(3)}. The recommended symbolic name for
* this type is "GSS_KRB5_NT_STRING_UID_NAME".
*/
/*
* To support ongoing experimentation, testing, and evolution of the
* specification, the Kerberos V5 GSS-API mechanism as defined in this
* and any successor memos will be identified with the following Object
* Identifier, as defined in RFC-1510, until the specification is
* advanced to the level of Proposed Standard RFC:
*
* {iso(1), org(3), dod(5), internet(1), security(5), kerberosv5(2)}
*
* Upon advancement to the level of Proposed Standard RFC, the Kerberos
* V5 GSS-API mechanism will be identified by an Object Identifier
* having the value:
*
* {iso(1) member-body(2) United States(840) mit(113554) infosys(1)
* gssapi(2) krb5(2)}
*/
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_mechanism_oid_desc =
{9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02") };
/*
* draft-ietf-cat-iakerb-09, IAKERB:
* The mechanism ID for IAKERB proxy GSS-API Kerberos, in accordance
@ -212,105 +171,101 @@ gss_OID_desc GSSAPI_LIB_VARIABLE __gss_iakerb_proxy_mechanism_oid_desc =
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_iakerb_min_msg_mechanism_oid_desc =
{7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x02") };
/*
*
*/
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_peer_has_updated_spnego_oid_desc =
{9, (void *)"\x2b\x06\x01\x04\x01\xa9\x4a\x13\x05"};
/*
* 1.2.752.43.13 Heimdal GSS-API Extentions
*/
/* 1.2.752.43.13.1 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_copy_ccache_x_oid_desc =
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x01")};
/* 1.2.752.43.13.2 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_tkt_flags_x_oid_desc =
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x02")};
/* 1.2.752.43.13.3 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_extract_authz_data_from_sec_context_x_oid_desc =
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x03")};
/* 1.2.752.43.13.4 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_compat_des3_mic_x_oid_desc =
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x04")};
/* 1.2.752.43.13.5 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_register_acceptor_identity_x_oid_desc =
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x05")};
/* 1.2.752.43.13.6 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_export_lucid_context_x_oid_desc =
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06")};
/* 1.2.752.43.13.6.1 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_export_lucid_context_v1_x_oid_desc =
{7, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06\x01")};
/* 1.2.752.43.13.7 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_dns_canonicalize_x_oid_desc =
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x07")};
/* 1.2.752.43.13.8 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_subkey_x_oid_desc =
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x08")};
/* 1.2.752.43.13.9 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_initiator_subkey_x_oid_desc =
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x09")};
/* 1.2.752.43.13.10 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_acceptor_subkey_x_oid_desc =
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0a")};
/* 1.2.752.43.13.11 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_send_to_kdc_x_oid_desc =
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0b")};
/* 1.2.752.43.13.12 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_authtime_x_oid_desc =
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0c")};
/* 1.2.752.43.13.13 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_service_keyblock_x_oid_desc =
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0d")};
/* 1.2.752.43.13.14 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_allowable_enctypes_x_oid_desc =
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0e")};
/* 1.2.752.43.13.15 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_default_realm_x_oid_desc =
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0f")};
/* 1.2.752.43.13.16 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_ccache_name_x_oid_desc =
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x10")};
/* 1.2.752.43.13.17 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_time_offset_x_oid_desc =
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x11")};
/* 1.2.752.43.13.18 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_time_offset_x_oid_desc =
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x12")};
/* 1.2.752.43.13.19 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_plugin_register_x_oid_desc =
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x13")};
/* 1.2.752.43.14.1 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_sasl_digest_md5_mechanism_oid_desc =
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x01") };
/*
* Context for krb5 calls.
*/
static gss_mo_desc krb5_mo[] = {
{
GSS_C_MA_SASL_MECH_NAME,
GSS_MO_MA,
"SASL mech name",
"GS2-KRB5",
_gss_mo_get_ctx_as_string,
NULL
},
{
GSS_C_MA_MECH_NAME,
GSS_MO_MA,
"Mechanism name",
"KRB5",
_gss_mo_get_ctx_as_string,
NULL
},
{
GSS_C_MA_MECH_DESCRIPTION,
GSS_MO_MA,
"Mechanism description",
"Heimdal Kerberos 5 mech",
_gss_mo_get_ctx_as_string,
NULL
},
{
GSS_C_MA_MECH_CONCRETE,
GSS_MO_MA
},
{
GSS_C_MA_ITOK_FRAMED,
GSS_MO_MA
},
{
GSS_C_MA_AUTH_INIT,
GSS_MO_MA
},
{
GSS_C_MA_AUTH_TARG,
GSS_MO_MA
},
{
GSS_C_MA_AUTH_INIT_ANON,
GSS_MO_MA
},
{
GSS_C_MA_DELEG_CRED,
GSS_MO_MA
},
{
GSS_C_MA_INTEG_PROT,
GSS_MO_MA
},
{
GSS_C_MA_CONF_PROT,
GSS_MO_MA
},
{
GSS_C_MA_MIC,
GSS_MO_MA
},
{
GSS_C_MA_WRAP,
GSS_MO_MA
},
{
GSS_C_MA_PROT_READY,
GSS_MO_MA
},
{
GSS_C_MA_REPLAY_DET,
GSS_MO_MA
},
{
GSS_C_MA_OOS_DET,
GSS_MO_MA
},
{
GSS_C_MA_CBINDINGS,
GSS_MO_MA
},
{
GSS_C_MA_PFS,
GSS_MO_MA
},
{
GSS_C_MA_CTX_TRANS,
GSS_MO_MA
}
};
/*
*
*/
@ -359,7 +314,16 @@ static gssapi_mech_interface_desc krb5_mech = {
_gk_wrap_iov_length,
_gsskrb5_store_cred,
_gsskrb5_export_cred,
_gsskrb5_import_cred
_gsskrb5_import_cred,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
krb5_mo,
sizeof(krb5_mo) / sizeof(krb5_mo[0])
};
gssapi_mech_interface

9
source4/heimdal/lib/gssapi/krb5/set_cred_option.c
View File

@ -32,15 +32,6 @@
#include "gsskrb5_locl.h"
/* 1.2.752.43.13.17 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_cred_no_ci_flags_x_oid_desc =
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x11")};
/* 1.2.752.43.13.18 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_import_cred_x_oid_desc =
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x12")};
static OM_uint32
import_cred(OM_uint32 *minor_status,
krb5_context context,

2
source4/heimdal/lib/gssapi/mech/gss_mech_switch.c
View File

@ -353,7 +353,7 @@ _gss_load_mech(void)
}
gssapi_mech_interface
__gss_get_mechanism(gss_OID mech)
__gss_get_mechanism(gss_const_OID mech)
{
struct _gss_mech_switch *m;

464
source4/heimdal/lib/gssapi/mech/gss_mo.c Normal file
View File

@ -0,0 +1,464 @@
/*
* Copyright (c) 2010 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2010 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "mech_locl.h"
static int
get_option_def(int def, gss_const_OID mech, gss_mo_desc *mo, gss_buffer_t value)
{
return def;
}
int
_gss_mo_get_option_1(gss_const_OID mech, gss_mo_desc *mo, gss_buffer_t value)
{
return get_option_def(1, mech, mo, value);
}
int
_gss_mo_get_option_0(gss_const_OID mech, gss_mo_desc *mo, gss_buffer_t value)
{
return get_option_def(0, mech, mo, value);
}
int
_gss_mo_get_ctx_as_string(gss_const_OID mech, gss_mo_desc *mo, gss_buffer_t value)
{
if (value) {
value->value = strdup((char *)mo->ctx);
if (value->value == NULL)
return 1;
value->length = strlen((char *)mo->ctx);
}
return 0;
}
GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL
gss_mo_set(gss_const_OID mech, gss_const_OID option,
int enable, gss_buffer_t value)
{
gssapi_mech_interface m;
size_t n;
if ((m = __gss_get_mechanism(mech)) == NULL)
return GSS_S_BAD_MECH;
for (n = 0; n < m->gm_mo_num; n++)
if (gss_oid_equal(option, m->gm_mo[n].option) && m->gm_mo[n].set)
return m->gm_mo[n].set(mech, &m->gm_mo[n], enable, value);
return 0;
}
GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL
gss_mo_get(gss_const_OID mech, gss_const_OID option, gss_buffer_t value)
{
gssapi_mech_interface m;
size_t n;
_mg_buffer_zero(value);
if ((m = __gss_get_mechanism(mech)) == NULL)
return 0;
for (n = 0; n < m->gm_mo_num; n++)
if (gss_oid_equal(option, m->gm_mo[n].option) && m->gm_mo[n].get)
return m->gm_mo[n].get(mech, &m->gm_mo[n], value);
return 0;
}
static void
add_all_mo(gssapi_mech_interface m, gss_OID_set *options, OM_uint32 mask)
{
OM_uint32 minor;
size_t n;
for (n = 0; n < m->gm_mo_num; n++)
if ((m->gm_mo[n].flags & mask) == mask)
gss_add_oid_set_member(&minor, m->gm_mo[n].option, options);
}
GSSAPI_LIB_FUNCTION void GSSAPI_LIB_CALL
gss_mo_list(gss_const_OID mech, gss_OID_set *options)
{
gssapi_mech_interface m;
OM_uint32 major, minor;
if (options == NULL)
return;
*options = GSS_C_NO_OID_SET;
if ((m = __gss_get_mechanism(mech)) == NULL)
return;
major = gss_create_empty_oid_set(&minor, options);
if (major != GSS_S_COMPLETE)
return;
add_all_mo(m, options, 0);
}
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_mo_name(gss_const_OID mech, gss_const_OID option, gss_buffer_t name)
{
gssapi_mech_interface m;
size_t n;
if (name == NULL)
return GSS_S_BAD_NAME;
if ((m = __gss_get_mechanism(mech)) == NULL)
return GSS_S_BAD_MECH;
for (n = 0; n < m->gm_mo_num; n++) {
if (gss_oid_equal(option, m->gm_mo[n].option)) {
/*
* If ther is no name, its because its a GSS_C_MA and there is already a table for that.
*/
if (m->gm_mo[n].name) {
name->value = strdup(m->gm_mo[n].name);
if (name->value == NULL)
return GSS_S_BAD_NAME;
name->length = strlen(m->gm_mo[n].name);
return GSS_S_COMPLETE;
} else {
OM_uint32 junk;
return gss_display_mech_attr(&junk, option,
NULL, name, NULL);
}
}
}
return GSS_S_BAD_NAME;
}
/*
* Helper function to allow NULL name
*/
static OM_uint32
mo_value(const gss_const_OID mech, gss_const_OID option, gss_buffer_t name)
{
if (name == NULL)
return GSS_S_COMPLETE;
if (gss_mo_get(mech, option, name) != 0 && name->length == 0)
return GSS_S_FAILURE;
return GSS_S_COMPLETE;
}
/**
* Returns differnt protocol names and description of the mechanism.
*
* @param minor_status minor status code
* @param desired_mech mech list query
* @param sasl_mech_name SASL GS2 protocol name
* @param mech_name gssapi protocol name
* @param mech_description description of gssapi mech
*
* @return returns GSS_S_COMPLETE or a error code.
*
* @ingroup gssapi
*/
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_inquire_saslname_for_mech(OM_uint32 *minor_status,
const gss_OID desired_mech,
gss_buffer_t sasl_mech_name,
gss_buffer_t mech_name,
gss_buffer_t mech_description)
{
OM_uint32 major;
_mg_buffer_zero(sasl_mech_name);
_mg_buffer_zero(mech_name);
_mg_buffer_zero(mech_description);
if (minor_status)
*minor_status = 0;
if (desired_mech == NULL)
return GSS_S_BAD_MECH;
major = mo_value(desired_mech, GSS_C_MA_SASL_MECH_NAME, sasl_mech_name);
if (major) return major;
major = mo_value(desired_mech, GSS_C_MA_MECH_NAME, mech_name);
if (major) return major;
major = mo_value(desired_mech, GSS_C_MA_MECH_DESCRIPTION, mech_description);
if (major) return major;
return GSS_S_COMPLETE;
}
/**
* Find a mech for a sasl name
*
* @param minor_status minor status code
* @param sasl_mech_name
* @param mech_type
*
* @return returns GSS_S_COMPLETE or an error code.
*/
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_inquire_mech_for_saslname(OM_uint32 *minor_status,
const gss_buffer_t sasl_mech_name,
gss_OID *mech_type)
{
struct _gss_mech_switch *m;
gss_buffer_desc name;
OM_uint32 major;
_gss_load_mech();
*mech_type = NULL;
SLIST_FOREACH(m, &_gss_mechs, gm_link) {
major = mo_value(&m->gm_mech_oid, GSS_C_MA_SASL_MECH_NAME, &name);
if (major)
continue;
if (name.length == sasl_mech_name->length &&
memcmp(name.value, sasl_mech_name->value, name.length) == 0) {
gss_release_buffer(&major, &name);
*mech_type = &m->gm_mech_oid;
return 0;
}
gss_release_buffer(&major, &name);
}
return GSS_S_BAD_MECH;
}
/**
* Return set of mechanism that fullfill the criteria
*
* @param minor_status minor status code
* @param desired_mech_attrs
* @param except_mech_attrs
* @param critical_mech_attrs
* @param mechs returned mechs, free with gss_release_oid_set().
*
* @return returns GSS_S_COMPLETE or an error code.
*/
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_indicate_mechs_by_attrs(OM_uint32 * minor_status,
gss_const_OID_set desired_mech_attrs,
gss_const_OID_set except_mech_attrs,
gss_const_OID_set critical_mech_attrs,
gss_OID_set *mechs)
{
struct _gss_mech_switch *ms;
OM_uint32 major;
size_t n, m;
major = gss_create_empty_oid_set(minor_status, mechs);
if (major)
return major;
_gss_load_mech();
SLIST_FOREACH(ms, &_gss_mechs, gm_link) {
gssapi_mech_interface mi = &ms->gm_mech;
if (desired_mech_attrs) {
for (n = 0; n < desired_mech_attrs->count; n++) {
for (m = 0; m < mi->gm_mo_num; m++)
if (gss_oid_equal(mi->gm_mo[m].option, &desired_mech_attrs->elements[n]))
break;
if (m == mi->gm_mo_num)
goto next;
}
}
if (except_mech_attrs) {
for (n = 0; n < desired_mech_attrs->count; n++) {
for (m = 0; m < mi->gm_mo_num; m++) {
if (gss_oid_equal(mi->gm_mo[m].option, &desired_mech_attrs->elements[n]))
goto next;
}
}
}
if (critical_mech_attrs) {
for (n = 0; n < desired_mech_attrs->count; n++) {
for (m = 0; m < mi->gm_mo_num; m++) {
if (mi->gm_mo[m].flags & GSS_MO_MA_CRITICAL)
continue;
if (gss_oid_equal(mi->gm_mo[m].option, &desired_mech_attrs->elements[n]))
break;
}
if (m == mi->gm_mo_num)
goto next;
}
}
next:
do { } while(0);
}
return GSS_S_FAILURE;
}
/**
* List support attributes for a mech and/or all mechanisms.
*
* @param minor_status minor status code
* @param mech given together with mech_attr will return the list of
* attributes for mechanism, can optionally be GSS_C_NO_OID.
* @param mech_attr see mech parameter, can optionally be NULL,
* release with gss_release_oid_set().
* @param known_mech_attrs all attributes for mechanisms supported,
* release with gss_release_oid_set().
*
* @ingroup gssapi
*/
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_inquire_attrs_for_mech(OM_uint32 * minor_status,
gss_const_OID mech,
gss_OID_set *mech_attr,
gss_OID_set *known_mech_attrs)
{
OM_uint32 major, junk;
if (mech_attr && mech) {
gssapi_mech_interface m;
if ((m = __gss_get_mechanism(mech)) == NULL) {
*minor_status = 0;
return GSS_S_BAD_MECH;
}
major = gss_create_empty_oid_set(minor_status, mech_attr);
if (major != GSS_S_COMPLETE)
return major;
add_all_mo(m, mech_attr, GSS_MO_MA);
}
if (known_mech_attrs) {
struct _gss_mech_switch *m;
major = gss_create_empty_oid_set(minor_status, known_mech_attrs);
if (major) {
if (mech_attr)
gss_release_oid_set(&junk, mech_attr);
return major;
}
_gss_load_mech();
SLIST_FOREACH(m, &_gss_mechs, gm_link)
add_all_mo(&m->gm_mech, known_mech_attrs, GSS_MO_MA);
}
return GSS_S_COMPLETE;
}
/**
* Return names and descriptions of mech attributes
*
* @param minor_status minor status code
* @param mech_attr
* @param name
* @param short_desc
* @param long_desc
*
* @return returns GSS_S_COMPLETE or an error code.
*/
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_display_mech_attr(OM_uint32 * minor_status,
gss_const_OID mech_attr,
gss_buffer_t name,
gss_buffer_t short_desc,
gss_buffer_t long_desc)
{
struct _gss_oid_name_table *ma = NULL;
OM_uint32 major;
size_t n;
_mg_buffer_zero(name);
_mg_buffer_zero(short_desc);
_mg_buffer_zero(long_desc);
if (minor_status)
*minor_status = 0;
for (n = 0; ma == NULL && _gss_ont_ma[n].oid; n++)
if (gss_oid_equal(mech_attr, _gss_ont_ma[n].oid))
ma = &_gss_ont_ma[n];
if (ma == NULL)
return GSS_S_BAD_MECH_ATTR;
if (name) {
gss_buffer_desc n;
n.value = rk_UNCONST(ma->name);
n.length = strlen(ma->name);
major = _gss_copy_buffer(minor_status, &n, name);
if (major != GSS_S_COMPLETE)
return major;
}
if (short_desc) {
gss_buffer_desc n;
n.value = rk_UNCONST(ma->short_desc);
n.length = strlen(ma->short_desc);
major = _gss_copy_buffer(minor_status, &n, short_desc);
if (major != GSS_S_COMPLETE)
return major;
}
if (long_desc) {
gss_buffer_desc n;
n.value = rk_UNCONST(ma->long_desc);
n.length = strlen(ma->long_desc);
major = _gss_copy_buffer(minor_status, &n, long_desc);
if (major != GSS_S_COMPLETE)
return major;
}
return GSS_S_COMPLETE;
}

253
source4/heimdal/lib/gssapi/mech/gss_oid.c Normal file
View File

@ -0,0 +1,253 @@
/* Generated file */
#include "mech_locl.h"
/* GSS_KRB5_COPY_CCACHE_X - 1.2.752.43.13.1 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_copy_ccache_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x01" };
/* GSS_KRB5_GET_TKT_FLAGS_X - 1.2.752.43.13.2 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_tkt_flags_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x02" };
/* GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X - 1.2.752.43.13.3 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_extract_authz_data_from_sec_context_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x03" };
/* GSS_KRB5_COMPAT_DES3_MIC_X - 1.2.752.43.13.4 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_compat_des3_mic_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x04" };
/* GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X - 1.2.752.43.13.5 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_register_acceptor_identity_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x05" };
/* GSS_KRB5_EXPORT_LUCID_CONTEXT_X - 1.2.752.43.13.6 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_export_lucid_context_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x06" };
/* GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X - 1.2.752.43.13.6.1 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_export_lucid_context_v1_x_oid_desc = { 7, "\x2a\x85\x70\x2b\x0d\x06\x01" };
/* GSS_KRB5_SET_DNS_CANONICALIZE_X - 1.2.752.43.13.7 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_dns_canonicalize_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x07" };
/* GSS_KRB5_GET_SUBKEY_X - 1.2.752.43.13.8 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_subkey_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x08" };
/* GSS_KRB5_GET_INITIATOR_SUBKEY_X - 1.2.752.43.13.9 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_initiator_subkey_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x09" };
/* GSS_KRB5_GET_ACCEPTOR_SUBKEY_X - 1.2.752.43.13.10 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_acceptor_subkey_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0a" };
/* GSS_KRB5_SEND_TO_KDC_X - 1.2.752.43.13.11 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_send_to_kdc_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0b" };
/* GSS_KRB5_GET_AUTHTIME_X - 1.2.752.43.13.12 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_authtime_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0c" };
/* GSS_KRB5_GET_SERVICE_KEYBLOCK_X - 1.2.752.43.13.13 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_service_keyblock_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0d" };
/* GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X - 1.2.752.43.13.14 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_allowable_enctypes_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0e" };
/* GSS_KRB5_SET_DEFAULT_REALM_X - 1.2.752.43.13.15 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_default_realm_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0f" };
/* GSS_KRB5_CCACHE_NAME_X - 1.2.752.43.13.16 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_ccache_name_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x10" };
/* GSS_KRB5_SET_TIME_OFFSET_X - 1.2.752.43.13.17 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_time_offset_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x11" };
/* GSS_KRB5_GET_TIME_OFFSET_X - 1.2.752.43.13.18 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_time_offset_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x12" };
/* GSS_KRB5_PLUGIN_REGISTER_X - 1.2.752.43.13.19 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_plugin_register_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x13" };
/* GSS_NTLM_GET_SESSION_KEY_X - 1.2.752.43.13.20 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_ntlm_get_session_key_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x14" };
/* GSS_C_NT_NTLM - 1.2.752.43.13.21 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_ntlm_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x15" };
/* GSS_C_NT_DN - 1.2.752.43.13.22 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_dn_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x16" };
/* GSS_KRB5_NT_PRINCIPAL_NAME_REFERRAL - 1.2.752.43.13.23 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_nt_principal_name_referral_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x17" };
/* GSS_C_NTLM_AVGUEST - 1.2.752.43.13.24 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_avguest_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x18" };
/* GSS_C_NTLM_V1 - 1.2.752.43.13.25 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_v1_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x19" };
/* GSS_C_NTLM_V2 - 1.2.752.43.13.26 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_v2_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1a" };
/* GSS_C_NTLM_SESSION_KEY - 1.2.752.43.13.27 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_session_key_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1b" };
/* GSS_C_NTLM_FORCE_V1 - 1.2.752.43.13.28 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_force_v1_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1c" };
/* GSS_KRB5_CRED_NO_CI_FLAGS_X - 1.2.752.43.13.29 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_cred_no_ci_flags_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1d" };
/* GSS_KRB5_IMPORT_CRED_X - 1.2.752.43.13.30 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_import_cred_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1e" };
/* GSS_C_MA_SASL_MECH_NAME - 1.2.752.43.13.100 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_sasl_mech_name_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x64" };
/* GSS_C_MA_MECH_NAME - 1.2.752.43.13.101 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_name_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x65" };
/* GSS_C_MA_MECH_DESCRIPTION - 1.2.752.43.13.102 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_description_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x66" };
/* GSS_SASL_DIGEST_MD5_MECHANISM - 1.2.752.43.14.1 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_sasl_digest_md5_mechanism_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x01" };
/* GSS_NETLOGON_MECHANISM - 1.2.752.43.14.2 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_mechanism_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x02" };
/* GSS_NETLOGON_SET_SESSION_KEY_X - 1.2.752.43.14.3 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_set_session_key_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x03" };
/* GSS_NETLOGON_SET_SIGN_ALGORITHM_X - 1.2.752.43.14.4 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_set_sign_algorithm_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x04" };
/* GSS_NETLOGON_NT_NETBIOS_DNS_NAME - 1.2.752.43.14.5 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_nt_netbios_dns_name_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x05" };
/* GSS_KRB5_MECHANISM - 1.2.840.113554.1.2.2 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_mechanism_oid_desc = { 9, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" };
/* GSS_NTLM_MECHANISM - 1.3.6.1.4.1.311.2.2.10 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_ntlm_mechanism_oid_desc = { 10, "\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a" };
/* GSS_SPNEGO_MECHANISM - 1.3.6.1.5.5.2 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_spnego_mechanism_oid_desc = { 6, "\x2b\x06\x01\x05\x05\x02" };
/* GSS_C_PEER_HAS_UPDATED_SPNEGO - 1.3.6.1.4.1.9513.19.5 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_peer_has_updated_spnego_oid_desc = { 9, "\x2b\x06\x01\x04\x01\xca\x29\x13\x05" };
/* GSS_C_MA_MECH_CONCRETE - 1.3.6.1.5.5.13.1 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_concrete_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x01" };
/* GSS_C_MA_MECH_PSEUDO - 1.3.6.1.5.5.13.2 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_pseudo_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x02" };
/* GSS_C_MA_MECH_COMPOSITE - 1.3.6.1.5.5.13.3 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_composite_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x03" };
/* GSS_C_MA_MECH_NEGO - 1.3.6.1.5.5.13.4 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_nego_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x04" };
/* GSS_C_MA_MECH_GLUE - 1.3.6.1.5.5.13.5 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_glue_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x05" };
/* GSS_C_MA_NOT_MECH - 1.3.6.1.5.5.13.6 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_not_mech_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x06" };
/* GSS_C_MA_DEPRECATED - 1.3.6.1.5.5.13.7 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_deprecated_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x07" };
/* GSS_C_MA_NOT_DFLT_MECH - 1.3.6.1.5.5.13.8 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_not_dflt_mech_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x08" };
/* GSS_C_MA_ITOK_FRAMED - 1.3.6.1.5.5.13.9 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_itok_framed_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x09" };
/* GSS_C_MA_AUTH_INIT - 1.3.6.1.5.5.13.10 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_init_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0a" };
/* GSS_C_MA_AUTH_TARG - 1.3.6.1.5.5.13.11 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_targ_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0b" };
/* GSS_C_MA_AUTH_INIT_INIT - 1.3.6.1.5.5.13.12 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_init_init_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0c" };
/* GSS_C_MA_AUTH_TARG_INIT - 1.3.6.1.5.5.13.13 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_targ_init_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0d" };
/* GSS_C_MA_AUTH_INIT_ANON - 1.3.6.1.5.5.13.14 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_init_anon_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0e" };
/* GSS_C_MA_AUTH_TARG_ANON - 1.3.6.1.5.5.13.15 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_targ_anon_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0f" };
/* GSS_C_MA_DELEG_CRED - 1.3.6.1.5.5.13.16 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_deleg_cred_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x10" };
/* GSS_C_MA_INTEG_PROT - 1.3.6.1.5.5.13.17 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_integ_prot_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x11" };
/* GSS_C_MA_CONF_PROT - 1.3.6.1.5.5.13.18 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_conf_prot_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x12" };
/* GSS_C_MA_MIC - 1.3.6.1.5.5.13.19 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mic_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x13" };
/* GSS_C_MA_WRAP - 1.3.6.1.5.5.13.20 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_wrap_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x14" };
/* GSS_C_MA_PROT_READY - 1.3.6.1.5.5.13.21 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_prot_ready_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x15" };
/* GSS_C_MA_REPLAY_DET - 1.3.6.1.5.5.13.22 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_replay_det_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x16" };
/* GSS_C_MA_OOS_DET - 1.3.6.1.5.5.13.23 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_oos_det_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x17" };
/* GSS_C_MA_CBINDINGS - 1.3.6.1.5.5.13.24 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_cbindings_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x18" };
/* GSS_C_MA_PFS - 1.3.6.1.5.5.13.25 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_pfs_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x19" };
/* GSS_C_MA_COMPRESS - 1.3.6.1.5.5.13.26 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_compress_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x1a" };
/* GSS_C_MA_CTX_TRANS - 1.3.6.1.5.5.13.27 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_ctx_trans_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x1b" };
struct _gss_oid_name_table _gss_ont_ma[] = {
{ GSS_C_MA_COMPRESS, "GSS_C_MA_COMPRESS", "compress", "" },
{ GSS_C_MA_AUTH_TARG_INIT, "GSS_C_MA_AUTH_TARG_INIT", "auth-targ-princ-initial", "" },
{ GSS_C_MA_CBINDINGS, "GSS_C_MA_CBINDINGS", "channel-bindings", "" },
{ GSS_C_MA_WRAP, "GSS_C_MA_WRAP", "wrap", "" },
{ GSS_C_MA_ITOK_FRAMED, "GSS_C_MA_ITOK_FRAMED", "initial-is-framed", "" },
{ GSS_C_MA_MECH_NEGO, "GSS_C_MA_MECH_NEGO", "mech-negotiation-mech", "" },
{ GSS_C_MA_MECH_COMPOSITE, "GSS_C_MA_MECH_COMPOSITE", "composite-mech", "" },
{ GSS_C_MA_REPLAY_DET, "GSS_C_MA_REPLAY_DET", "replay-detection", "" },
{ GSS_C_MA_AUTH_INIT_ANON, "GSS_C_MA_AUTH_INIT_ANON", "auth-init-princ-anon", "" },
{ GSS_C_MA_PROT_READY, "GSS_C_MA_PROT_READY", "prot-ready", "" },
{ GSS_C_MA_AUTH_INIT, "GSS_C_MA_AUTH_INIT", "auth-init-princ", "" },
{ GSS_C_MA_PFS, "GSS_C_MA_PFS", "pfs", "" },
{ GSS_C_MA_CONF_PROT, "GSS_C_MA_CONF_PROT", "conf-prot", "" },
{ GSS_C_MA_MECH_PSEUDO, "GSS_C_MA_MECH_PSEUDO", "pseudo-mech", "" },
{ GSS_C_MA_AUTH_TARG, "GSS_C_MA_AUTH_TARG", "auth-targ-princ", "" },
{ GSS_C_MA_MECH_NAME, "GSS_C_MA_MECH_NAME", "GSS mech name", "The name of the GSS-API mechanism" },
{ GSS_C_MA_NOT_MECH, "GSS_C_MA_NOT_MECH", "not-mech", "" },
{ GSS_C_MA_MIC, "GSS_C_MA_MIC", "mic", "" },
{ GSS_C_MA_DEPRECATED, "GSS_C_MA_DEPRECATED", "mech-deprecated", "" },
{ GSS_C_MA_MECH_GLUE, "GSS_C_MA_MECH_GLUE", "mech-glue", "" },
{ GSS_C_MA_DELEG_CRED, "GSS_C_MA_DELEG_CRED", "deleg-cred", "" },
{ GSS_C_MA_NOT_DFLT_MECH, "GSS_C_MA_NOT_DFLT_MECH", "mech-not-default", "" },
{ GSS_C_MA_AUTH_TARG_ANON, "GSS_C_MA_AUTH_TARG_ANON", "auth-targ-princ-anon", "" },
{ GSS_C_MA_INTEG_PROT, "GSS_C_MA_INTEG_PROT", "integ-prot", "" },
{ GSS_C_MA_CTX_TRANS, "GSS_C_MA_CTX_TRANS", "context-transfer", "" },
{ GSS_C_MA_MECH_DESCRIPTION, "GSS_C_MA_MECH_DESCRIPTION", "Mech description", "The long description of the mechanism" },
{ GSS_C_MA_OOS_DET, "GSS_C_MA_OOS_DET", "oos-detection", "" },
{ GSS_C_MA_AUTH_INIT_INIT, "GSS_C_MA_AUTH_INIT_INIT", "auth-init-princ-initial", "" },
{ GSS_C_MA_MECH_CONCRETE, "GSS_C_MA_MECH_CONCRETE", "concrete-mech", "Indicates that a mech is neither a pseudo-mechanism nor a composite mechanism" },
{ GSS_C_MA_SASL_MECH_NAME, "GSS_C_MA_SASL_MECH_NAME", "SASL mechanism name", "The name of the SASL mechanism" },
{ NULL }
};
struct _gss_oid_name_table _gss_ont_mech[] = {
{ GSS_KRB5_MECHANISM, "GSS_KRB5_MECHANISM", "Kerberos 5", "Heimdal Kerberos 5 mechanism" },
{ GSS_SPNEGO_MECHANISM, "GSS_SPNEGO_MECHANISM", "SPNEGO", "Heimdal SPNEGO mechanism" },
{ GSS_NTLM_MECHANISM, "GSS_NTLM_MECHANISM", "NTLM", "Heimdal NTLM mechanism" },
{ NULL }
};

2
source4/heimdal/lib/gssapi/mech/gss_oid_equal.c
View File

@ -48,7 +48,7 @@
*/
GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL
gss_oid_equal(const gss_OID a, const gss_OID b)
gss_oid_equal(gss_const_OID a, gss_const_OID b)
{
if (a == b && a != GSS_C_NO_OID)
return 1;

31
source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c
View File

@ -65,3 +65,34 @@ gss_oid_to_str(OM_uint32 *minor_status, gss_OID oid, gss_buffer_t oid_str)
*minor_status = 0;
return GSS_S_COMPLETE;
}
GSSAPI_LIB_FUNCTION const char * GSSAPI_LIB_CALL
gss_oid_to_name(gss_const_OID oid)
{
size_t i;
for (i = 0; _gss_ont_mech[i].oid; i++) {
if (gss_oid_equal(oid, _gss_ont_mech[i].oid))
return _gss_ont_mech[i].name;
}
return NULL;
}
GSSAPI_LIB_FUNCTION gss_OID GSSAPI_LIB_CALL
gss_name_to_oid(const char *name)
{
size_t i, partial = (size_t)-1;
for (i = 0; _gss_ont_mech[i].oid; i++) {
if (strcasecmp(name, _gss_ont_mech[i].short_desc) == 0)
return _gss_ont_mech[i].oid;
if (strncasecmp(name, _gss_ont_mech[i].short_desc, strlen(name)) == 0) {
if (partial != (size_t)-1)
return NULL;
partial = i;
}
}
if (partial != (size_t)-1)
return _gss_ont_mech[partial].oid;
return NULL;
}

15
source4/heimdal/lib/gssapi/mech/gss_wrap.c
View File

@ -28,6 +28,21 @@
#include "mech_locl.h"
/**
* Wrap a message using either confidentiality (encryption +
* signature) or sealing (signature).
*
* @param minor_status minor status code.
* @param context_handle context handle.
* @param conf_req_flag if non zero, confidentiality is requestd.
* @param qop_req type of protection needed, in most cases it GSS_C_QOP_DEFAULT should be passed in.
* @param input_message_buffer messages to wrap
* @param conf_state returns non zero if confidentiality was honoured.
* @param output_message_buffer the resulting buffer, release with gss_release_buffer().
*
* @ingroup gssapi
*/
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_wrap(OM_uint32 *minor_status,
const gss_ctx_id_t context_handle,

15
source4/heimdal/lib/gssapi/mech/mech_locl.h
View File

@ -64,4 +64,17 @@
#include "utils.h"
#define _mg_buffer_zero(buffer) \
do { (buffer)->value = NULL; (buffer)->length = 0; } while(0)
do { \
if (buffer) { \
(buffer)->value = NULL; \
(buffer)->length = 0; \
} \
} while(0)
#define _mg_oid_set_zero(oid_set) \
do { \
if (oid_set) { \
(oid_set)->elements = NULL; \
(oid_set)->count = 0; \
} \
} while(0)

49
source4/heimdal/lib/gssapi/spnego/external.c
View File

@ -40,6 +40,41 @@
* iso.org.dod.internet.security.mechanism.snego (1.3.6.1.5.5.2).
*/
static gss_mo_desc spnego_mo[] = {
{
GSS_C_MA_SASL_MECH_NAME,
GSS_MO_MA,
"SASL mech name",
"SPNEGO",
_gss_mo_get_ctx_as_string,
NULL
},
{
GSS_C_MA_MECH_NAME,
GSS_MO_MA,
"Mechanism name",
"SPNEGO",
_gss_mo_get_ctx_as_string,
NULL
},
{
GSS_C_MA_MECH_DESCRIPTION,
GSS_MO_MA,
"Mechanism description",
"Heimdal SPNEGO Mechanism",
_gss_mo_get_ctx_as_string,
NULL
},
{
GSS_C_MA_MECH_NEGO,
GSS_MO_MA
},
{
GSS_C_MA_MECH_PSEUDO,
GSS_MO_MA
}
};
static gssapi_mech_interface_desc spnego_mech = {
GMI_VERSION,
"spnego",
@ -84,7 +119,16 @@ static gssapi_mech_interface_desc spnego_mech = {
_gss_spnego_wrap_iov_length,
NULL,
_gss_spnego_export_cred,
_gss_spnego_import_cred
_gss_spnego_import_cred,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
spnego_mo,
sizeof(spnego_mo) / sizeof(spnego_mo[0])
};
gssapi_mech_interface
@ -92,6 +136,3 @@ __gss_spnego_initialize(void)
{
return &spnego_mech;
}
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_spnego_mechanism_oid_desc =
{6, (void *)"\x2b\x06\x01\x05\x05\x02"};

3
source4/heimdal/lib/hcrypto/rsa-ltm.c
View File

@ -385,8 +385,7 @@ ltm_rsa_private_decrypt(int flen, const unsigned char* from,
unsigned char* to, RSA* rsa, int padding)
{
unsigned char *ptr;
int res;
size_t size;
int res, size;
mp_int in, out, n, e, b, bi;
int blinding = (rsa->flags & RSA_FLAG_NO_BLINDING) == 0;
int do_unblind = 0;

1
source4/heimdal/lib/hcrypto/validate.c
View File

@ -38,7 +38,6 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <getarg.h>
#include <roken.h>
#include <evp.h>

2
source4/heimdal/lib/hdb/db.c
View File

@ -318,7 +318,7 @@ hdb_db_create(krb5_context context, HDB **db,
(*db)->hdb_capability_flags = HDB_CAP_F_HANDLE_ENTERPRISE_PRINCIPAL;
(*db)->hdb_open = DB_open;
(*db)->hdb_close = DB_close;
(*db)->hdb_fetch = _hdb_fetch;
(*db)->hdb_fetch_kvno = _hdb_fetch_kvno;
(*db)->hdb_store = _hdb_store;
(*db)->hdb_remove = _hdb_remove;
(*db)->hdb_firstkey = DB_firstkey;

10
source4/heimdal/lib/hdb/hdb-keytab.c
View File

@ -118,7 +118,7 @@ hkt_open(krb5_context context, HDB * db, int flags, mode_t mode)
static krb5_error_code
hkt_fetch_kvno(krb5_context context, HDB * db, krb5_const_principal principal,
unsigned flags, unsigned kvno, hdb_entry_ex * entry)
unsigned flags, krb5_kvno kvno, hdb_entry_ex * entry)
{
hdb_keytab k = (hdb_keytab)db->hdb_db;
krb5_error_code ret;
@ -170,13 +170,6 @@ hkt_fetch_kvno(krb5_context context, HDB * db, krb5_const_principal principal,
return ret;
}
static krb5_error_code
hkt_fetch(krb5_context context, HDB * db, krb5_const_principal principal,
unsigned flags, hdb_entry_ex * entry)
{
return hkt_fetch_kvno(context, db, principal, flags & ~HDB_F_KVNO_SPECIFIED, 0, entry);
}
static krb5_error_code
hkt_store(krb5_context context, HDB * db, unsigned flags,
hdb_entry_ex * entry)
@ -221,7 +214,6 @@ hdb_keytab_create(krb5_context context, HDB ** db, const char *arg)
(*db)->hdb_openp = 0;
(*db)->hdb_open = hkt_open;
(*db)->hdb_close = hkt_close;
(*db)->hdb_fetch = hkt_fetch;
(*db)->hdb_fetch_kvno = hkt_fetch_kvno;
(*db)->hdb_store = hkt_store;
(*db)->hdb_remove = NULL;

2
source4/heimdal/lib/hdb/hdb.c
View File

@ -318,7 +318,7 @@ find_dynamic_method (krb5_context context,
if (asprintf(&symbol, "hdb_%s_interface", prefix) == -1)
krb5_errx(context, 1, "out of memory");
mso = dlsym(dl, symbol);
mso = (struct hdb_so_method *) dlsym(dl, symbol);
if (mso == NULL) {
krb5_warnx(context, "error finding symbol %s in %s: %s\n",
symbol, path, dlerror());

22
source4/heimdal/lib/hdb/hdb.h
View File

@ -71,6 +71,13 @@ enum hdb_lockop{ HDB_RLOCK, HDB_WLOCK };
typedef struct hdb_master_key_data *hdb_master_key;
/**
* hdb_entry_ex is a wrapper structure around the hdb_entry structure
* that allows backends to keep a pointer to the backing store, ie in
* ->hdb_fetch_kvno(), so that we the kadmin/kpasswd backend gets around to
* ->hdb_store(), the backend doesn't need to lookup the entry again.
*/
typedef struct hdb_entry_ex {
void *ctx;
hdb_entry entry;
@ -116,15 +123,6 @@ typedef struct HDB{
* Free an entry after use.
*/
void (*hdb_free)(krb5_context, struct HDB*, hdb_entry_ex*);
/**
* Fetch an entry from the backend
*
* Fetch an entry from the backend, flags are what type of entry
* should be fetch: client, server, krbtgt.
*/
krb5_error_code (*hdb_fetch)(krb5_context, struct HDB*,
krb5_const_principal, unsigned,
hdb_entry_ex*);
/**
* Fetch an entry from the backend
*
@ -133,7 +131,7 @@ typedef struct HDB{
* knvo (if specified and flags HDB_F_KVNO_SPECIFIED set) is the kvno to get
*/
krb5_error_code (*hdb_fetch_kvno)(krb5_context, struct HDB*,
krb5_const_principal, unsigned, unsigned,
krb5_const_principal, unsigned, krb5_kvno,
hdb_entry_ex*);
/**
* Store an entry to database
@ -222,7 +220,7 @@ typedef struct HDB{
* all other operations, increasing the kvno, and update
* modification timestamp.
*
* The backen need to call _kadm5_set_keys() and perform password
* The backend needs to call _kadm5_set_keys() and perform password
* quality checks.
*/
krb5_error_code (*hdb_password)(krb5_context, struct HDB*, hdb_entry_ex*, const char *, int);
@ -238,7 +236,7 @@ typedef struct HDB{
*/
krb5_error_code (*hdb_auth_status)(krb5_context, struct HDB *, hdb_entry_ex *, int);
/**
* Check is delegation is allowed.
* Check if delegation is allowed.
*/
krb5_error_code (*hdb_check_constrained_delegation)(krb5_context, struct HDB *, hdb_entry_ex *, krb5_const_principal);

15
source4/heimdal/lib/hdb/keytab.c
View File

@ -211,17 +211,10 @@ hdb_get_entry(krb5_context context,
goto out2;
}
if (*db->hdb_fetch_kvno) {
ret = (*db->hdb_fetch_kvno)(context, db, principal,
HDB_F_DECRYPT|HDB_F_KVNO_SPECIFIED|
HDB_F_GET_CLIENT|HDB_F_GET_SERVER|HDB_F_GET_KRBTGT,
kvno, &ent);
} else {
ret = (*db->hdb_fetch)(context, db, principal,
HDB_F_DECRYPT|
HDB_F_GET_CLIENT|HDB_F_GET_SERVER|HDB_F_GET_KRBTGT,
&ent);
}
ret = (*db->hdb_fetch_kvno)(context, db, principal,
HDB_F_DECRYPT|HDB_F_KVNO_SPECIFIED|
HDB_F_GET_CLIENT|HDB_F_GET_SERVER|HDB_F_GET_KRBTGT,
kvno, &ent);
if(ret == HDB_ERR_NOENTRY) {
ret = KRB5_KT_NOTFOUND;

2
source4/heimdal/lib/hdb/ndbm.c
View File

@ -370,7 +370,7 @@ hdb_ndbm_create(krb5_context context, HDB **db,
(*db)->hdb_capability_flags = HDB_CAP_F_HANDLE_ENTERPRISE_PRINCIPAL;
(*db)->hdb_open = NDBM_open;
(*db)->hdb_close = NDBM_close;
(*db)->hdb_fetch = _hdb_fetch;
(*db)->hdb_fetch_kvno = _hdb_fetch_kvno;
(*db)->hdb_store = _hdb_store;
(*db)->hdb_remove = _hdb_remove;
(*db)->hdb_firstkey = NDBM_firstkey;

248
source4/heimdal/lib/hx509/sel-gram.c
View File

@ -8,17 +8,29 @@ static const char yysccsid[] = "@(#)yaccpar 1.9 (Berkeley) 02/21/93";
#define YYBYACC 1
#define YYMAJOR 1
#define YYMINOR 9
#define YYPATCH 20070509
#define YYPATCH 20100216
#define YYEMPTY (-1)
#define yyclearin (yychar = YYEMPTY)
#define yyerrok (yyerrflag = 0)
#define YYRECOVERING (yyerrflag != 0)
#define YYEMPTY (-1)
#define yyclearin (yychar = YYEMPTY)
#define yyerrok (yyerrflag = 0)
#define YYRECOVERING() (yyerrflag != 0)
extern int yyparse(void);
static int yygrowstack(void);
#define YYPREFIX "yy"
/* compatibility with bison */
#ifdef YYPARSE_PARAM
/* compatibility with FreeBSD */
#ifdef YYPARSE_PARAM_TYPE
#define YYPARSE_DECL() yyparse(YYPARSE_PARAM_TYPE YYPARSE_PARAM)
#else
#define YYPARSE_DECL() yyparse(void *YYPARSE_PARAM)
#endif
#else
#define YYPARSE_DECL() yyparse(void)
#endif /* YYPARSE_PARAM */
extern int YYPARSE_DECL();
#line 35 ""
#ifdef HAVE_CONFIG_H
#include <config.h>
@ -33,7 +45,7 @@ typedef union {
char *string;
struct hx_expr *expr;
} YYSTYPE;
#line 37 ""
#line 48 ""
#define kw_TRUE 257
#define kw_FALSE 258
#define kw_AND 259
@ -44,45 +56,45 @@ typedef union {
#define STRING 264
#define IDENTIFIER 265
#define YYERRCODE 256
short yylhs[] = { -1,
static const short yylhs[] = { -1,
0, 1, 1, 1, 1, 1, 1, 1, 4, 4,
2, 2, 2, 2, 2, 3, 3, 3, 3, 5,
6, 7, 8, 9, 9,
};
short yylen[] = { 2,
static const short yylen[] = { 2,
1, 1, 1, 2, 3, 3, 3, 1, 1, 3,
4, 4, 3, 5, 3, 1, 1, 1, 1, 1,
1, 4, 4, 3, 1,
};
short yydefred[] = { 0,
static const short yydefred[] = { 0,
2, 3, 20, 21, 0, 0, 0, 0, 0, 0,
8, 0, 16, 17, 18, 19, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 7, 0,
0, 0, 0, 0, 15, 13, 0, 0, 0, 22,
0, 23, 0, 12, 11, 10, 24, 14,
};
short yydgoto[] = { 9,
static const short yydgoto[] = { 9,
10, 11, 12, 28, 13, 14, 15, 16, 31,
};
short yysindex[] = { -33,
static const short yysindex[] = { -33,
0, 0, 0, 0, -23, -33, -33, -105, 0, -247,
0, -28, 0, 0, 0, 0, -36, -247, -39, -244,
-33, -33, -26, -36, -38, -37, -22, -16, 0, -19,
-97, -247, -247, -36, 0, 0, -36, -36, -36, 0,
-244, 0, -9, 0, 0, 0, 0, 0,
};
short yyrindex[] = { 0,
static const short yyrindex[] = { 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 36,
0, 0, 0, 0, 0, 0, 0, 3, 0, 0,
0, 0, 0, 0, 0, 0, -4, 0, 0, -87,
0, 6, 8, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0,
};
short yygindex[] = { 0,
static const short yygindex[] = { 0,
13, 0, -8, -24, 0, 0, 0, 16, -1,
};
#define YYTABLESIZE 234
short yytable[] = { 6,
static const short yytable[] = { 6,
8, 29, 4, 8, 25, 5, 7, 6, 27, 43,
8, 21, 22, 34, 46, 36, 17, 20, 18, 19,
30, 39, 37, 38, 40, 27, 41, 42, 44, 45,
@ -108,7 +120,7 @@ short yytable[] = { 6,
22, 0, 0, 1, 2, 0, 3, 4, 5, 3,
4, 5, 23, 24,
};
short yycheck[] = { 33,
static const short yycheck[] = { 33,
37, 41, 0, 37, 33, 0, 40, 0, 17, 34,
37, 259, 260, 40, 39, 24, 40, 123, 6, 7,
265, 44, 61, 61, 41, 34, 46, 125, 37, 38,
@ -140,7 +152,8 @@ short yycheck[] = { 33,
#endif
#define YYMAXTOKEN 265
#if YYDEBUG
char *yyname[] = {
static const char *yyname[] = {
"end-of-file",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
"'!'",0,0,0,"'%'",0,0,"'('","')'",0,0,"','",0,"'.'",0,0,0,0,0,0,0,0,0,0,0,0,0,0,
"'='",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
@ -151,7 +164,7 @@ char *yyname[] = {
0,0,"kw_TRUE","kw_FALSE","kw_AND","kw_OR","kw_IN","kw_TAILMATCH","NUMBER",
"STRING","IDENTIFIER",
};
char *yyrule[] = {
static const char *yyrule[] = {
"$accept : start",
"start : expr",
"expr : kw_TRUE",
@ -178,6 +191,7 @@ char *yyrule[] = {
"variable : '%' '{' variables '}'",
"variables : IDENTIFIER '.' variables",
"variables : IDENTIFIER",
};
#endif
#if YYDEBUG
@ -201,64 +215,86 @@ char *yyrule[] = {
int yydebug;
int yynerrs;
typedef struct {
unsigned stacksize;
short *s_base;
short *s_mark;
short *s_last;
YYSTYPE *l_base;
YYSTYPE *l_mark;
} YYSTACKDATA;
#define YYPURE 0
int yyerrflag;
int yychar;
short *yyssp;
YYSTYPE *yyvsp;
YYSTYPE yyval;
YYSTYPE yylval;
/* variables for the parser stack */
static short *yyss;
static short *yysslim;
static YYSTYPE *yyvs;
static int yystacksize;
static YYSTACKDATA yystack;
/* allocate initial stack or double stack size, up to YYMAXDEPTH */
static int yygrowstack(void)
static int yygrowstack(YYSTACKDATA *data)
{
int newsize, i;
int i;
unsigned newsize;
short *newss;
YYSTYPE *newvs;
if ((newsize = yystacksize) == 0)
if ((newsize = data->stacksize) == 0)
newsize = YYINITSTACKSIZE;
else if (newsize >= YYMAXDEPTH)
return -1;
else if ((newsize *= 2) > YYMAXDEPTH)
newsize = YYMAXDEPTH;
i = yyssp - yyss;
newss = (yyss != 0)
? (short *)realloc(yyss, newsize * sizeof(*newss))
i = data->s_mark - data->s_base;
newss = (data->s_base != 0)
? (short *)realloc(data->s_base, newsize * sizeof(*newss))
: (short *)malloc(newsize * sizeof(*newss));
if (newss == 0)
return -1;
yyss = newss;
yyssp = newss + i;
newvs = (yyvs != 0)
? (YYSTYPE *)realloc(yyvs, newsize * sizeof(*newvs))
data->s_base = newss;
data->s_mark = newss + i;
newvs = (data->l_base != 0)
? (YYSTYPE *)realloc(data->l_base, newsize * sizeof(*newvs))
: (YYSTYPE *)malloc(newsize * sizeof(*newvs));
if (newvs == 0)
return -1;
yyvs = newvs;
yyvsp = newvs + i;
yystacksize = newsize;
yysslim = yyss + newsize - 1;
data->l_base = newvs;
data->l_mark = newvs + i;
data->stacksize = newsize;
data->s_last = data->s_base + newsize - 1;
return 0;
}
#define YYABORT goto yyabort
#if YYPURE || defined(YY_NO_LEAKS)
static void yyfreestack(YYSTACKDATA *data)
{
free(data->s_base);
free(data->l_base);
memset(data, 0, sizeof(*data));
}
#else
#define yyfreestack(data) /* nothing */
#endif
#define YYABORT goto yyabort
#define YYREJECT goto yyabort
#define YYACCEPT goto yyaccept
#define YYERROR goto yyerrlab
#define YYERROR goto yyerrlab
int
yyparse(void)
YYPARSE_DECL()
{
register int yym, yyn, yystate;
int yym, yyn, yystate;
#if YYDEBUG
register const char *yys;
const char *yys;
if ((yys = getenv("YYDEBUG")) != 0)
{
@ -271,11 +307,17 @@ yyparse(void)
yynerrs = 0;
yyerrflag = 0;
yychar = YYEMPTY;
yystate = 0;
if (yyss == NULL && yygrowstack()) goto yyoverflow;
yyssp = yyss;
yyvsp = yyvs;
*yyssp = yystate = 0;
#if YYPURE
memset(&yystack, 0, sizeof(yystack));
#endif
if (yystack.s_base == NULL && yygrowstack(&yystack)) goto yyoverflow;
yystack.s_mark = yystack.s_base;
yystack.l_mark = yystack.l_base;
yystate = 0;
*yystack.s_mark = 0;
yyloop:
if ((yyn = yydefred[yystate]) != 0) goto yyreduce;
@ -301,12 +343,13 @@ yyloop:
printf("%sdebug: state %d, shifting to state %d\n",
YYPREFIX, yystate, yytable[yyn]);
#endif
if (yyssp >= yysslim && yygrowstack())
if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack))
{
goto yyoverflow;
}
*++yyssp = yystate = yytable[yyn];
*++yyvsp = yylval;
yystate = yytable[yyn];
*++yystack.s_mark = yytable[yyn];
*++yystack.l_mark = yylval;
yychar = YYEMPTY;
if (yyerrflag > 0) --yyerrflag;
goto yyloop;
@ -321,9 +364,7 @@ yyloop:
yyerror("syntax error");
#ifdef lint
goto yyerrlab;
#endif
yyerrlab:
++yynerrs;
@ -334,20 +375,21 @@ yyinrecovery:
yyerrflag = 3;
for (;;)
{
if ((yyn = yysindex[*yyssp]) && (yyn += YYERRCODE) >= 0 &&
if ((yyn = yysindex[*yystack.s_mark]) && (yyn += YYERRCODE) >= 0 &&
yyn <= YYTABLESIZE && yycheck[yyn] == YYERRCODE)
{
#if YYDEBUG
if (yydebug)
printf("%sdebug: state %d, error recovery shifting\
to state %d\n", YYPREFIX, *yyssp, yytable[yyn]);
to state %d\n", YYPREFIX, *yystack.s_mark, yytable[yyn]);
#endif
if (yyssp >= yysslim && yygrowstack())
if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack))
{
goto yyoverflow;
}
*++yyssp = yystate = yytable[yyn];
*++yyvsp = yylval;
yystate = yytable[yyn];
*++yystack.s_mark = yytable[yyn];
*++yystack.l_mark = yylval;
goto yyloop;
}
else
@ -355,11 +397,11 @@ yyinrecovery:
#if YYDEBUG
if (yydebug)
printf("%sdebug: error recovery discarding state %d\n",
YYPREFIX, *yyssp);
YYPREFIX, *yystack.s_mark);
#endif
if (yyssp <= yyss) goto yyabort;
--yyssp;
--yyvsp;
if (yystack.s_mark <= yystack.s_base) goto yyabort;
--yystack.s_mark;
--yystack.l_mark;
}
}
}
@ -388,119 +430,119 @@ yyreduce:
#endif
yym = yylen[yyn];
if (yym)
yyval = yyvsp[1-yym];
yyval = yystack.l_mark[1-yym];
else
memset(&yyval, 0, sizeof yyval);
switch (yyn)
{
case 1:
#line 73 ""
{ _hx509_expr_input.expr = yyvsp[0].expr; }
{ _hx509_expr_input.expr = yystack.l_mark[0].expr; }
break;
case 2:
#line 75 ""
{ yyval.expr = _hx509_make_expr(op_TRUE, NULL, NULL); }
{ yyval.expr = _hx509_make_expr(op_TRUE, NULL, NULL); }
break;
case 3:
#line 76 ""
{ yyval.expr = _hx509_make_expr(op_FALSE, NULL, NULL); }
{ yyval.expr = _hx509_make_expr(op_FALSE, NULL, NULL); }
break;
case 4:
#line 77 ""
{ yyval.expr = _hx509_make_expr(op_NOT, yyvsp[0].expr, NULL); }
{ yyval.expr = _hx509_make_expr(op_NOT, yystack.l_mark[0].expr, NULL); }
break;
case 5:
#line 78 ""
{ yyval.expr = _hx509_make_expr(op_AND, yyvsp[-2].expr, yyvsp[0].expr); }
{ yyval.expr = _hx509_make_expr(op_AND, yystack.l_mark[-2].expr, yystack.l_mark[0].expr); }
break;
case 6:
#line 79 ""
{ yyval.expr = _hx509_make_expr(op_OR, yyvsp[-2].expr, yyvsp[0].expr); }
{ yyval.expr = _hx509_make_expr(op_OR, yystack.l_mark[-2].expr, yystack.l_mark[0].expr); }
break;
case 7:
#line 80 ""
{ yyval.expr = yyvsp[-1].expr; }
{ yyval.expr = yystack.l_mark[-1].expr; }
break;
case 8:
#line 81 ""
{ yyval.expr = _hx509_make_expr(op_COMP, yyvsp[0].expr, NULL); }
{ yyval.expr = _hx509_make_expr(op_COMP, yystack.l_mark[0].expr, NULL); }
break;
case 9:
#line 84 ""
{ yyval.expr = _hx509_make_expr(expr_WORDS, yyvsp[0].expr, NULL); }
{ yyval.expr = _hx509_make_expr(expr_WORDS, yystack.l_mark[0].expr, NULL); }
break;
case 10:
#line 85 ""
{ yyval.expr = _hx509_make_expr(expr_WORDS, yyvsp[-2].expr, yyvsp[0].expr); }
{ yyval.expr = _hx509_make_expr(expr_WORDS, yystack.l_mark[-2].expr, yystack.l_mark[0].expr); }
break;
case 11:
#line 88 ""
{ yyval.expr = _hx509_make_expr(comp_EQ, yyvsp[-3].expr, yyvsp[0].expr); }
{ yyval.expr = _hx509_make_expr(comp_EQ, yystack.l_mark[-3].expr, yystack.l_mark[0].expr); }
break;
case 12:
#line 89 ""
{ yyval.expr = _hx509_make_expr(comp_NE, yyvsp[-3].expr, yyvsp[0].expr); }
{ yyval.expr = _hx509_make_expr(comp_NE, yystack.l_mark[-3].expr, yystack.l_mark[0].expr); }
break;
case 13:
#line 90 ""
{ yyval.expr = _hx509_make_expr(comp_TAILEQ, yyvsp[-2].expr, yyvsp[0].expr); }
{ yyval.expr = _hx509_make_expr(comp_TAILEQ, yystack.l_mark[-2].expr, yystack.l_mark[0].expr); }
break;
case 14:
#line 91 ""
{ yyval.expr = _hx509_make_expr(comp_IN, yyvsp[-4].expr, yyvsp[-1].expr); }
{ yyval.expr = _hx509_make_expr(comp_IN, yystack.l_mark[-4].expr, yystack.l_mark[-1].expr); }
break;
case 15:
#line 92 ""
{ yyval.expr = _hx509_make_expr(comp_IN, yyvsp[-2].expr, yyvsp[0].expr); }
{ yyval.expr = _hx509_make_expr(comp_IN, yystack.l_mark[-2].expr, yystack.l_mark[0].expr); }
break;
case 16:
#line 95 ""
{ yyval.expr = yyvsp[0].expr; }
{ yyval.expr = yystack.l_mark[0].expr; }
break;
case 17:
#line 96 ""
{ yyval.expr = yyvsp[0].expr; }
{ yyval.expr = yystack.l_mark[0].expr; }
break;
case 18:
#line 97 ""
{ yyval.expr = yyvsp[0].expr; }
{ yyval.expr = yystack.l_mark[0].expr; }
break;
case 19:
#line 98 ""
{ yyval.expr = yyvsp[0].expr; }
{ yyval.expr = yystack.l_mark[0].expr; }
break;
case 20:
#line 101 ""
{ yyval.expr = _hx509_make_expr(expr_NUMBER, yyvsp[0].string, NULL); }
{ yyval.expr = _hx509_make_expr(expr_NUMBER, yystack.l_mark[0].string, NULL); }
break;
case 21:
#line 102 ""
{ yyval.expr = _hx509_make_expr(expr_STRING, yyvsp[0].string, NULL); }
{ yyval.expr = _hx509_make_expr(expr_STRING, yystack.l_mark[0].string, NULL); }
break;
case 22:
#line 104 ""
{
yyval.expr = _hx509_make_expr(expr_FUNCTION, yyvsp[-3].string, yyvsp[-1].expr); }
{
yyval.expr = _hx509_make_expr(expr_FUNCTION, yystack.l_mark[-3].string, yystack.l_mark[-1].expr); }
break;
case 23:
#line 107 ""
{ yyval.expr = yyvsp[-1].expr; }
{ yyval.expr = yystack.l_mark[-1].expr; }
break;
case 24:
#line 110 ""
{
yyval.expr = _hx509_make_expr(expr_VAR, yyvsp[-2].string, yyvsp[0].expr); }
{
yyval.expr = _hx509_make_expr(expr_VAR, yystack.l_mark[-2].string, yystack.l_mark[0].expr); }
break;
case 25:
#line 112 ""
{
yyval.expr = _hx509_make_expr(expr_VAR, yyvsp[0].string, NULL); }
{
yyval.expr = _hx509_make_expr(expr_VAR, yystack.l_mark[0].string, NULL); }
break;
#line 500 ""
#line 541 ""
}
yyssp -= yym;
yystate = *yyssp;
yyvsp -= yym;
yystack.s_mark -= yym;
yystate = *yystack.s_mark;
yystack.l_mark -= yym;
yym = yylhs[yyn];
if (yystate == 0 && yym == 0)
{
@ -510,8 +552,8 @@ break;
state %d\n", YYPREFIX, YYFINAL);
#endif
yystate = YYFINAL;
*++yyssp = YYFINAL;
*++yyvsp = yyval;
*++yystack.s_mark = YYFINAL;
*++yystack.l_mark = yyval;
if (yychar < 0)
{
if ((yychar = yylex()) < 0) yychar = 0;
@ -537,22 +579,24 @@ break;
#if YYDEBUG
if (yydebug)
printf("%sdebug: after reduction, shifting from state %d \
to state %d\n", YYPREFIX, *yyssp, yystate);
to state %d\n", YYPREFIX, *yystack.s_mark, yystate);
#endif
if (yyssp >= yysslim && yygrowstack())
if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack))
{
goto yyoverflow;
}
*++yyssp = yystate;
*++yyvsp = yyval;
*++yystack.s_mark = (short) yystate;
*++yystack.l_mark = yyval;
goto yyloop;
yyoverflow:
yyerror("yacc stack overflow");
yyabort:
yyfreestack(&yystack);
return (1);
yyaccept:
yyfreestack(&yystack);
return (0);
}

49
source4/heimdal/lib/krb5/cache.c
View File

@ -134,7 +134,7 @@ krb5_cc_register(krb5_context context,
}
}
if(i == context->num_cc_ops) {
const krb5_cc_ops **o = realloc(context->cc_ops,
const krb5_cc_ops **o = realloc(rk_UNCONST(context->cc_ops),
(context->num_cc_ops + 1) *
sizeof(context->cc_ops[0]));
if(o == NULL) {
@ -397,7 +397,7 @@ krb5_cc_get_full_name(krb5_context context,
*/
const krb5_cc_ops *
KRB5_LIB_FUNCTION const krb5_cc_ops * KRB5_LIB_CALL
krb5_cc_get_ops(krb5_context context, krb5_ccache id)
{
return id->ops;
@ -461,7 +461,7 @@ environment_changed(krb5_context context)
* @ingroup krb5_ccache
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_switch(krb5_context context, krb5_ccache id)
{
@ -477,7 +477,7 @@ krb5_cc_switch(krb5_context context, krb5_ccache id)
* @ingroup krb5_ccache
*/
krb5_boolean KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_cc_support_switch(krb5_context context, const char *type)
{
const krb5_cc_ops *ops;
@ -512,6 +512,12 @@ krb5_cc_set_default_name(krb5_context context, const char *name)
context->default_cc_name_env = strdup(e);
}
}
#ifdef _WIN32
if (e == NULL) {
e = p = _krb5_get_default_cc_name_from_registry();
}
#endif
if (e == NULL) {
e = krb5_config_get_string(context, NULL, "libdefaults",
"default_cc_name", NULL);
@ -967,7 +973,7 @@ krb5_cc_clear_mcred(krb5_creds *mcred)
*/
const krb5_cc_ops *
KRB5_LIB_FUNCTION const krb5_cc_ops * KRB5_LIB_CALL
krb5_cc_get_prefix_ops(krb5_context context, const char *prefix)
{
char *p, *p1;
@ -1183,7 +1189,7 @@ krb5_cc_cache_match (krb5_context context,
* @ingroup krb5_ccache
*/
krb5_error_code
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
{
krb5_error_code ret;
@ -1658,7 +1664,7 @@ krb5_cc_get_lifetime(krb5_context context, krb5_ccache id, time_t *t)
* @ingroup krb5_ccache
*/
krb5_error_code
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_set_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat offset)
{
if (id->ops->set_kdc_offset == NULL) {
@ -1683,7 +1689,7 @@ krb5_cc_set_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat offset)
* @ingroup krb5_ccache
*/
krb5_error_code
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cc_get_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat *offset)
{
if (id->ops->get_kdc_offset == NULL) {
@ -1692,3 +1698,30 @@ krb5_cc_get_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat *offset
}
return (*id->ops->get_kdc_offset)(context, id, offset);
}
#ifdef _WIN32
char *
_krb5_get_default_cc_name_from_registry()
{
HKEY hk_k5 = 0;
LONG code;
char * ccname = NULL;
code = RegOpenKeyEx(HKEY_CURRENT_USER,
"Software\\MIT\\Kerberos5",
0, KEY_READ, &hk_k5);
if (code != ERROR_SUCCESS)
return NULL;
ccname = _krb5_parse_reg_value_as_string(NULL, hk_k5, "ccname",
REG_NONE, 0);
RegCloseKey(hk_k5);
return ccname;
}
#endif

46
source4/heimdal/lib/krb5/changepw.c
View File

@ -72,7 +72,7 @@ chgpw_send_request (krb5_context context,
krb5_creds *creds,
krb5_principal targprinc,
int is_stream,
int sock,
rk_socket_t sock,
const char *passwd,
const char *host)
{
@ -141,8 +141,8 @@ chgpw_send_request (krb5_context context,
iov[2].iov_base = krb_priv_data.data;
iov[2].iov_len = krb_priv_data.length;
if (sendmsg (sock, &msghdr, 0) < 0) {
ret = errno;
if (rk_IS_SOCKET_ERROR( sendmsg (sock, &msghdr, 0) )) {
ret = rk_SOCK_ERRNO;
krb5_set_error_message(context, ret, "sendmsg %s: %s",
host, strerror(ret));
}
@ -164,7 +164,7 @@ setpw_send_request (krb5_context context,
krb5_creds *creds,
krb5_principal targprinc,
int is_stream,
int sock,
rk_socket_t sock,
const char *passwd,
const char *host)
{
@ -251,8 +251,8 @@ setpw_send_request (krb5_context context,
iov[2].iov_base = krb_priv_data.data;
iov[2].iov_len = krb_priv_data.length;
if (sendmsg (sock, &msghdr, 0) < 0) {
ret = errno;
if (rk_IS_SOCKET_ERROR( sendmsg (sock, &msghdr, 0) )) {
ret = rk_SOCK_ERRNO;
krb5_set_error_message(context, ret, "sendmsg %s: %s",
host, strerror(ret));
}
@ -268,7 +268,7 @@ static krb5_error_code
process_reply (krb5_context context,
krb5_auth_context auth_context,
int is_stream,
int sock,
rk_socket_t sock,
int *result_code,
krb5_data *result_code_string,
krb5_data *result_string,
@ -288,8 +288,8 @@ process_reply (krb5_context context,
ret = recvfrom (sock, reply + len, sizeof(reply) - len,
0, NULL, NULL);
if (ret < 0) {
save_errno = errno;
if (rk_IS_SOCKET_ERROR(ret)) {
save_errno = rk_SOCK_ERRNO;
krb5_set_error_message(context, save_errno,
"recvfrom %s: %s",
host, strerror(save_errno));
@ -316,8 +316,8 @@ process_reply (krb5_context context,
}
} else {
ret = recvfrom (sock, reply, sizeof(reply), 0, NULL, NULL);
if (ret < 0) {
save_errno = errno;
if (rk_IS_SOCKET_ERROR(ret)) {
save_errno = rk_SOCK_ERRNO;
krb5_set_error_message(context, save_errno,
"recvfrom %s: %s",
host, strerror(save_errno));
@ -464,13 +464,13 @@ typedef krb5_error_code (*kpwd_send_request) (krb5_context,
krb5_creds *,
krb5_principal,
int,
int,
rk_socket_t,
const char *,
const char *);
typedef krb5_error_code (*kpwd_process_reply) (krb5_context,
krb5_auth_context,
int,
int,
rk_socket_t,
int *,
krb5_data *,
krb5_data *,
@ -517,7 +517,7 @@ change_password_loop (krb5_context context,
krb5_auth_context auth_context = NULL;
krb5_krbhst_handle handle = NULL;
krb5_krbhst_info *hi;
int sock;
rk_socket_t sock;
unsigned int i;
int done = 0;
krb5_realm realm;
@ -565,20 +565,20 @@ change_password_loop (krb5_context context,
int replied = 0;
sock = socket (a->ai_family, a->ai_socktype | SOCK_CLOEXEC, a->ai_protocol);
if (sock < 0)
if (rk_IS_BAD_SOCKET(sock))
continue;
rk_cloexec(sock);
ret = connect(sock, a->ai_addr, a->ai_addrlen);
if (ret < 0) {
close (sock);
if (rk_IS_SOCKET_ERROR(ret)) {
rk_closesocket (sock);
goto out;
}
ret = krb5_auth_con_genaddrs (context, auth_context, sock,
KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR);
if (ret) {
close (sock);
rk_closesocket (sock);
goto out;
}
@ -598,7 +598,7 @@ change_password_loop (krb5_context context,
newpw,
hi->hostname);
if (ret) {
close(sock);
rk_closesocket(sock);
goto out;
}
}
@ -608,7 +608,7 @@ change_password_loop (krb5_context context,
ret = ERANGE;
krb5_set_error_message(context, ret,
"fd %d too large", sock);
close (sock);
rk_closesocket (sock);
goto out;
}
#endif
@ -619,8 +619,8 @@ change_password_loop (krb5_context context,
tv.tv_sec = 1 + (1 << i);
ret = select (sock + 1, &fdset, NULL, NULL, &tv);
if (ret < 0 && errno != EINTR) {
close(sock);
if (rk_IS_SOCKET_ERROR(ret) && rk_SOCK_ERRNO != EINTR) {
rk_closesocket(sock);
goto out;
}
if (ret == 1) {
@ -640,7 +640,7 @@ change_password_loop (krb5_context context,
ret = KRB5_KDC_UNREACH;
}
}
close (sock);
rk_closesocket (sock);
}
}

73
source4/heimdal/lib/krb5/config_file.c
View File

@ -84,8 +84,8 @@ static krb5_error_code parse_list(struct fileptr *f, unsigned *lineno,
krb5_config_binding **parent,
const char **err_message);
static krb5_config_section *
get_entry(krb5_config_section **parent, const char *name, int type)
krb5_config_section *
_krb5_config_get_entry(krb5_config_section **parent, const char *name, int type)
{
krb5_config_section **q;
@ -135,7 +135,7 @@ parse_section(char *p, krb5_config_section **s, krb5_config_section **parent,
return KRB5_CONFIG_BADFORMAT;
}
*p1 = '\0';
tmp = get_entry(parent, p + 1, krb5_config_list);
tmp = _krb5_config_get_entry(parent, p + 1, krb5_config_list);
if(tmp == NULL) {
*err_message = "out of memory";
return KRB5_CONFIG_BADFORMAT;
@ -154,7 +154,7 @@ static krb5_error_code
parse_list(struct fileptr *f, unsigned *lineno, krb5_config_binding **parent,
const char **err_message)
{
char buf[BUFSIZ];
char buf[KRB5_BUFSIZ];
krb5_error_code ret;
krb5_config_binding *b = NULL;
unsigned beg_lineno = *lineno;
@ -216,14 +216,14 @@ parse_binding(struct fileptr *f, unsigned *lineno, char *p,
++p;
*p2 = '\0';
if (*p == '{') {
tmp = get_entry(parent, p1, krb5_config_list);
tmp = _krb5_config_get_entry(parent, p1, krb5_config_list);
if (tmp == NULL) {
*err_message = "out of memory";
return KRB5_CONFIG_BADFORMAT;
}
ret = parse_list (f, lineno, &tmp->u.list, err_message);
} else {
tmp = get_entry(parent, p1, krb5_config_string);
tmp = _krb5_config_get_entry(parent, p1, krb5_config_string);
if (tmp == NULL) {
*err_message = "out of memory";
return KRB5_CONFIG_BADFORMAT;
@ -282,10 +282,10 @@ convert_content(const void *key, const void *value, void *context)
return;
if (CFGetTypeID(value) == CFStringGetTypeID()) {
tmp = get_entry(parent, k, krb5_config_string);
tmp = _krb5_config_get_entry(parent, k, krb5_config_string);
tmp->u.string = cfstring2cstring(value);
} else if (CFGetTypeID(value) == CFDictionaryGetTypeID()) {
tmp = get_entry(parent, k, krb5_config_list);
tmp = _krb5_config_get_entry(parent, k, krb5_config_list);
CFDictionaryApplyFunction(value, convert_content, &tmp->u.list);
} else {
/* log */
@ -352,7 +352,7 @@ krb5_config_parse_debug (struct fileptr *f,
{
krb5_config_section *s = NULL;
krb5_config_binding *b = NULL;
char buf[BUFSIZ];
char buf[KRB5_BUFSIZ];
krb5_error_code ret;
while (config_fgets(buf, sizeof(buf), f) != NULL) {
@ -864,6 +864,55 @@ krb5_config_get_string_default (krb5_context context,
return ret;
}
static char *
next_component_string(char * begin, char * delims, char **state)
{
char * end;
if (begin == NULL)
begin = *state;
if (*begin == '\0')
return NULL;
end = begin;
while (*end == '"') {
char * t;
while ((t = strchr(end + 1, '"')) != NULL && *(t - 1) == '\\') {
--t;
memmove(t, t + 1, strlen(t));
end = t;
}
if (t)
end = ++t;
else
end += strlen(end);
}
if (*end != '\0') {
size_t pos;
pos = strcspn(end, delims);
end = end + pos;
}
if (*end != '\0') {
*end = '\0';
*state = end + 1;
if (*begin == '"' && *(end - 1) == '"' && begin + 1 < end) {
begin++; *(end - 1) = '\0';
}
return begin;
}
*state = end;
if (*begin == '"' && *(end - 1) == '"' && begin + 1 < end) {
begin++; *(end - 1) = '\0';
}
return begin;
}
/**
* Get a list of configuration strings, free the result with
* krb5_config_free_strings().
@ -894,7 +943,7 @@ krb5_config_vget_strings(krb5_context context,
char *s;
if(tmp == NULL)
goto cleanup;
s = strtok_r(tmp, " \t", &pos);
s = next_component_string(tmp, " \t", &pos);
while(s){
char **tmp2 = realloc(strings, (nstr + 1) * sizeof(*strings));
if(tmp2 == NULL)
@ -904,7 +953,7 @@ krb5_config_vget_strings(krb5_context context,
nstr++;
if(strings[nstr-1] == NULL)
goto cleanup;
s = strtok_r(NULL, " \t", &pos);
s = next_component_string(NULL, " \t", &pos);
}
free(tmp);
}
@ -1259,7 +1308,7 @@ krb5_config_get_int (krb5_context context,
*/
KRB5_DEPRECATED
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_config_parse_string_multi(krb5_context context,
const char *string,
krb5_config_section **res)

17
source4/heimdal/lib/krb5/constants.c
View File

@ -37,15 +37,18 @@
KRB5_LIB_VARIABLE const char *krb5_config_file =
#ifdef __APPLE__
"~/Library/Preferences/com.apple.Kerberos.plist:"
"/Library/Preferences/com.apple.Kerberos.plist:"
"~/Library/Preferences/edu.mit.Kerberos:"
"/Library/Preferences/edu.mit.Kerberos:"
"~/Library/Preferences/com.apple.Kerberos.plist" PATH_SEP
"/Library/Preferences/com.apple.Kerberos.plist" PATH_SEP
"~/Library/Preferences/edu.mit.Kerberos" PATH_SEP
"/Library/Preferences/edu.mit.Kerberos" PATH_SEP
#endif /* __APPLE__ */
"~/.krb5/config:"
"~/.krb5/config" PATH_SEP
SYSCONFDIR "/krb5.conf"
#ifndef _WIN32
":/etc/krb5.conf"
#ifdef _WIN32
PATH_SEP "%{COMMON_APPDATA}/Kerberos/krb5.conf"
PATH_SEP "%{WINDOWS}/krb5.ini"
#else
PATH_SEP "/etc/krb5.conf"
#endif
;

70
source4/heimdal/lib/krb5/context.c
View File

@ -269,7 +269,7 @@ cc_ops_copy(krb5_context context, const krb5_context src_context)
return KRB5_CC_NOMEM;
}
memcpy(cc_ops, src_context->cc_ops,
memcpy(rk_UNCONST(cc_ops), src_context->cc_ops,
sizeof(cc_ops[0]) * src_context->num_cc_ops);
context->cc_ops = cc_ops;
context->num_cc_ops = src_context->num_cc_ops;
@ -559,7 +559,7 @@ krb5_free_context(krb5_context context)
krb5_free_host_realm (context, context->default_realms);
krb5_config_file_free (context, context->cf);
free_error_table (context->et_list);
free(context->cc_ops);
free(rk_UNCONST(context->cc_ops));
free(context->kt_types);
krb5_clear_error_message(context);
if(context->warn_dest != NULL)
@ -616,6 +616,11 @@ krb5_set_config_files(krb5_context context, char **filenames)
if(tmp == NULL)
return ENXIO;
#endif
#ifdef _WIN32
_krb5_load_config_from_registry(context, &tmp);
#endif
krb5_config_file_free(context, context->cf);
context->cf = tmp;
ret = init_context_from_config_file(context);
@ -668,7 +673,7 @@ krb5_prepend_config_files(const char *filelist, char **pq, char ***ret_pp)
while(1) {
ssize_t l;
q = p;
l = strsep_copy(&q, ":", NULL, 0);
l = strsep_copy(&q, PATH_SEP, NULL, 0);
if(l == -1)
break;
fn = malloc(l + 1);
@ -676,7 +681,7 @@ krb5_prepend_config_files(const char *filelist, char **pq, char ***ret_pp)
krb5_free_config_files(pp);
return ENOMEM;
}
(void)strsep_copy(&p, ":", fn, l + 1);
(void)strsep_copy(&p, PATH_SEP, fn, l + 1);
ret = add_file(&pp, &len, fn);
if (ret) {
krb5_free_config_files(pp);
@ -736,6 +741,45 @@ krb5_prepend_config_files_default(const char *filelist, char ***pfilenames)
return 0;
}
#ifdef _WIN32
/**
* Checks the registry for configuration file location
*
* Kerberos for Windows and other legacy Kerberos applications expect
* to find the configuration file location in the
* SOFTWARE\MIT\Kerberos registry key under the value "config".
*/
char *
_krb5_get_default_config_config_files_from_registry()
{
static const char * KeyName = "Software\\MIT\\Kerberos";
char *config_file = NULL;
LONG rcode;
HKEY key;
rcode = RegOpenKeyEx(HKEY_CURRENT_USER, KeyName, 0, KEY_READ, &key);
if (rcode == ERROR_SUCCESS) {
config_file = _krb5_parse_reg_value_as_multi_string(NULL, key, "config",
REG_NONE, 0, PATH_SEP);
RegCloseKey(key);
}
if (config_file)
return config_file;
rcode = RegOpenKeyEx(HKEY_LOCAL_MACHINE, KeyName, 0, KEY_READ, &key);
if (rcode == ERROR_SUCCESS) {
config_file = _krb5_parse_reg_value_as_multi_string(NULL, key, "config",
REG_NONE, 0, PATH_SEP);
RegCloseKey(key);
}
return config_file;
}
#endif
/**
* Get the global configuration list.
*
@ -756,6 +800,22 @@ krb5_get_default_config_files(char ***pfilenames)
return EINVAL;
if(!issuid())
files = getenv("KRB5_CONFIG");
#ifdef _WIN32
if (files == NULL) {
char * reg_files;
reg_files = _krb5_get_default_config_config_files_from_registry();
if (reg_files != NULL) {
krb5_error_code code;
code = krb5_prepend_config_files(reg_files, NULL, pfilenames);
free(reg_files);
return code;
}
}
#endif
if (files == NULL)
files = krb5_config_file;
@ -1425,7 +1485,7 @@ _krb5_homedir_access(krb5_context context)
* @ingroup krb5
*/
krb5_boolean
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_set_home_dir_access(krb5_context context, krb5_boolean allow)
{
krb5_boolean old;

134
source4/heimdal/lib/krb5/convert_creds.c
View File

@ -31,17 +31,13 @@
* SUCH DAMAGE.
*/
#define KRB5_DEPRECATED
#include "krb5_locl.h"
#include "krb5-v4compat.h"
#ifndef HEIMDAL_SMALLER
static krb5_error_code
check_ticket_flags(TicketFlags f)
{
return 0; /* maybe add some more tests here? */
}
/**
* Convert the v5 credentials in in_cred to v4-dito in v4creds. This
* is done by sending them to the 524 function in the KDC. If
@ -58,91 +54,16 @@ check_ticket_flags(TicketFlags f)
* @ingroup krb5_v4compat
*/
KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb524_convert_creds_kdc(krb5_context context,
krb5_creds *in_cred,
struct credentials *v4creds)
{
krb5_error_code ret;
krb5_data reply;
krb5_storage *sp;
int32_t tmp;
krb5_data ticket;
char realm[REALM_SZ];
krb5_creds *v5_creds = in_cred;
ret = check_ticket_flags(v5_creds->flags.b);
if(ret)
goto out2;
{
krb5_krbhst_handle handle;
ret = krb5_krbhst_init(context,
krb5_principal_get_realm(context,
v5_creds->server),
KRB5_KRBHST_KRB524,
&handle);
if (ret)
goto out2;
ret = krb5_sendto (context,
&v5_creds->ticket,
handle,
&reply);
krb5_krbhst_free(context, handle);
if (ret)
goto out2;
}
sp = krb5_storage_from_mem(reply.data, reply.length);
if(sp == NULL) {
ret = ENOMEM;
krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", ""));
goto out2;
}
krb5_ret_int32(sp, &tmp);
ret = tmp;
if(ret == 0) {
memset(v4creds, 0, sizeof(*v4creds));
ret = krb5_ret_int32(sp, &tmp);
if(ret)
goto out;
v4creds->kvno = tmp;
ret = krb5_ret_data(sp, &ticket);
if(ret)
goto out;
v4creds->ticket_st.length = ticket.length;
memcpy(v4creds->ticket_st.dat, ticket.data, ticket.length);
krb5_data_free(&ticket);
ret = krb5_524_conv_principal(context,
v5_creds->server,
v4creds->service,
v4creds->instance,
v4creds->realm);
if(ret)
goto out;
v4creds->issue_date = v5_creds->times.starttime;
v4creds->lifetime = _krb5_krb_time_to_life(v4creds->issue_date,
v5_creds->times.endtime);
ret = krb5_524_conv_principal(context, v5_creds->client,
v4creds->pname,
v4creds->pinst,
realm);
if(ret)
goto out;
memcpy(v4creds->session, v5_creds->session.keyvalue.data, 8);
} else {
krb5_prepend_error_message(context, ret,
N_("converting credentials",
"already localized"));
}
out:
krb5_storage_free(sp);
krb5_data_free(&reply);
out2:
if (v5_creds != in_cred)
krb5_free_creds (context, v5_creds);
return ret;
memset(v4creds, 0, sizeof(*v4creds));
krb5_set_error_message(context, EINVAL,
N_("krb524_convert_creds_kdc not supported", ""));
return EINVAL;
}
/**
@ -160,48 +81,17 @@ out2:
* @ingroup krb5_v4compat
*/
KRB5_DEPRECATED
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb524_convert_creds_kdc_ccache(krb5_context context,
krb5_ccache ccache,
krb5_creds *in_cred,
struct credentials *v4creds)
{
krb5_error_code ret;
krb5_creds *v5_creds = in_cred;
krb5_keytype keytype;
keytype = v5_creds->session.keytype;
if (keytype != ENCTYPE_DES_CBC_CRC) {
/* MIT krb524d doesn't like nothing but des-cbc-crc tickets,
so go get one */
krb5_creds template;
memset (&template, 0, sizeof(template));
template.session.keytype = ENCTYPE_DES_CBC_CRC;
ret = krb5_copy_principal (context, in_cred->client, &template.client);
if (ret) {
krb5_free_cred_contents (context, &template);
return ret;
}
ret = krb5_copy_principal (context, in_cred->server, &template.server);
if (ret) {
krb5_free_cred_contents (context, &template);
return ret;
}
ret = krb5_get_credentials (context, 0, ccache,
&template, &v5_creds);
krb5_free_cred_contents (context, &template);
if (ret)
return ret;
}
ret = krb524_convert_creds_kdc(context, v5_creds, v4creds);
if (v5_creds != in_cred)
krb5_free_creds (context, v5_creds);
return ret;
memset(v4creds, 0, sizeof(*v4creds));
krb5_set_error_message(context, EINVAL,
N_("krb524_convert_creds_kdc_ccache not supported", ""));
return EINVAL;
}
#endif

2
source4/heimdal/lib/krb5/creds.c
View File

@ -278,7 +278,7 @@ krb5_compare_creds(krb5_context context, krb5_flags whichfields,
* @ingroup krb5
*/
unsigned long
KRB5_LIB_FUNCTION unsigned long KRB5_LIB_CALL
krb5_creds_get_ticket_flags(krb5_creds *creds)
{
return TicketFlags2int(creds->flags.b);

6
source4/heimdal/lib/krb5/crypto.c
View File

@ -476,7 +476,7 @@ verify_checksum(krb5_context context,
krb5_set_error_message(context, ret,
N_("Decrypt integrity check failed for checksum "
"type %s, key type %s", ""),
ct->name, crypto->et->name);
ct->name, (crypto != NULL)? crypto->et->name : "(none)");
return ret;
}
@ -2315,7 +2315,7 @@ wrapped_length_dervied (krb5_context context,
* Return the size of an encrypted packet of length `data_len'
*/
size_t
KRB5_LIB_FUNCTION size_t KRB5_LIB_CALL
krb5_get_wrapped_length (krb5_context context,
krb5_crypto crypto,
size_t data_len)
@ -2361,7 +2361,7 @@ crypto_overhead_dervied (krb5_context context,
return res;
}
size_t
KRB5_LIB_FUNCTION size_t KRB5_LIB_CALL
krb5_crypto_overhead (krb5_context context, krb5_crypto crypto)
{
if (derived_crypto (context, crypto))

4
source4/heimdal/lib/krb5/error_string.c
View File

@ -122,7 +122,7 @@ krb5_vset_error_message (krb5_context context, krb5_error_code ret,
* @ingroup krb5_error
*/
void KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_prepend_error_message(krb5_context context, krb5_error_code ret,
const char *fmt, ...)
__attribute__ ((format (printf, 3, 4)))
@ -145,7 +145,7 @@ krb5_prepend_error_message(krb5_context context, krb5_error_code ret,
* @ingroup krb5_error
*/
void KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_vprepend_error_message(krb5_context context, krb5_error_code ret,
const char *fmt, va_list args)
__attribute__ ((format (printf, 3, 0)))

3
source4/heimdal/lib/krb5/get_cred.c
View File

@ -768,7 +768,8 @@ get_cred_kdc_capath_worker(krb5_context context,
ret = find_cred(context, ccache, tmp_creds.server,
*ret_tgts, &tgts);
if(ret == 0){
if (strcmp(try_realm, client_realm) != 0)
/* only allow implicit ok_as_delegate if the realm is the clients realm */
if (strcmp(try_realm, client_realm) != 0 || strcmp(try_realm, server_realm) != 0)
ok_as_delegate = tgts.flags.b.ok_as_delegate;
*out_creds = calloc(1, sizeof(**out_creds));

4
source4/heimdal/lib/krb5/kcm.c
View File

@ -97,7 +97,7 @@ kcm_send_request(krb5_context context,
return ret;
}
krb5_error_code
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_kcm_storage_request(krb5_context context,
uint16_t opcode,
krb5_storage **storage_p)
@ -164,7 +164,7 @@ kcm_alloc(krb5_context context, const char *name, krb5_ccache *id)
return 0;
}
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_kcm_call(krb5_context context,
krb5_storage *request,
krb5_storage **response_p,

2
source4/heimdal/lib/krb5/keyblock.c
View File

@ -155,7 +155,7 @@ krb5_copy_keyblock (krb5_context context,
* @ingroup krb5_crypto
*/
krb5_enctype
KRB5_LIB_FUNCTION krb5_enctype KRB5_LIB_CALL
krb5_keyblock_get_enctype(const krb5_keyblock *block)
{
return block->keytype;

4
source4/heimdal/lib/krb5/krb5.h
View File

@ -80,7 +80,7 @@ typedef int krb5_boolean;
typedef int32_t krb5_error_code;
typedef int krb5_kvno;
typedef int32_t krb5_kvno;
typedef uint32_t krb5_flags;
@ -847,6 +847,8 @@ typedef krb5_error_code
*
*/
struct hx509_certs_data;
#include <krb5-protos.h>
/* variables */

6
source4/heimdal/lib/krb5/krb5_locl.h
View File

@ -188,6 +188,10 @@ struct _krb5_krb_auth_data;
#define ALLOC(X, N) (X) = calloc((N), sizeof(*(X)))
#define ALLOC_SEQ(X, N) do { (X)->len = (N); ALLOC((X)->val, (N)); } while(0)
#ifndef PATH_SEP
#define PATH_SEP ":"
#endif
/* should this be public? */
#define KEYTAB_DEFAULT "FILE:" SYSCONFDIR "/krb5.keytab"
#define KEYTAB_DEFAULT_MODIFY "FILE:" SYSCONFDIR "/krb5.keytab"
@ -208,7 +212,7 @@ struct _krb5_krb_auth_data;
#endif
#define KRB5_BUFSIZ 1024
#define KRB5_BUFSIZ 2048
typedef enum {
KRB5_INIT_CREDS_TRISTATE_UNSET = 0,

2
source4/heimdal/lib/krb5/misc.c
View File

@ -84,7 +84,7 @@ out:
}
krb5_error_code
_krb5_enomem(krb5_context context)
krb5_enomem(krb5_context context)
{
krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
return ENOMEM;

62
source4/heimdal/lib/krb5/pac.c
View File

@ -116,7 +116,7 @@ HMAC_MD5_any_checksum(krb5_context context,
*
*/
krb5_error_code
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_pac_parse(krb5_context context, const void *ptr, size_t len,
krb5_pac *pac)
{
@ -127,13 +127,13 @@ krb5_pac_parse(krb5_context context, const void *ptr, size_t len,
p = calloc(1, sizeof(*p));
if (p == NULL) {
ret = _krb5_enomem(context);
ret = krb5_enomem(context);
goto out;
}
sp = krb5_storage_from_readonly_mem(ptr, len);
if (sp == NULL) {
ret = _krb5_enomem(context);
ret = krb5_enomem(context);
goto out;
}
krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
@ -156,7 +156,7 @@ krb5_pac_parse(krb5_context context, const void *ptr, size_t len,
p->pac = calloc(1,
sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * (tmp - 1)));
if (p->pac == NULL) {
ret = _krb5_enomem(context);
ret = krb5_enomem(context);
goto out;
}
@ -258,7 +258,7 @@ out:
return ret;
}
krb5_error_code
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_pac_init(krb5_context context, krb5_pac *pac)
{
krb5_error_code ret;
@ -266,27 +266,27 @@ krb5_pac_init(krb5_context context, krb5_pac *pac)
p = calloc(1, sizeof(*p));
if (p == NULL) {
return _krb5_enomem(context);
return krb5_enomem(context);
}
p->pac = calloc(1, sizeof(*p->pac));
if (p->pac == NULL) {
free(p);
return _krb5_enomem(context);
return krb5_enomem(context);
}
ret = krb5_data_alloc(&p->data, PACTYPE_SIZE);
if (ret) {
free (p->pac);
free(p);
return _krb5_enomem(context);
return krb5_enomem(context);
}
*pac = p;
return 0;
}
krb5_error_code
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_pac_add_buffer(krb5_context context, krb5_pac p,
uint32_t type, const krb5_data *data)
{
@ -300,7 +300,7 @@ krb5_pac_add_buffer(krb5_context context, krb5_pac p,
ptr = realloc(p->pac,
sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * len));
if (ptr == NULL)
return _krb5_enomem(context);
return krb5_enomem(context);
p->pac = ptr;
@ -367,7 +367,7 @@ krb5_pac_add_buffer(krb5_context context, krb5_pac p,
* @ingroup krb5_pac
*/
krb5_error_code
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_pac_get_buffer(krb5_context context, krb5_pac p,
uint32_t type, krb5_data *data)
{
@ -397,7 +397,7 @@ krb5_pac_get_buffer(krb5_context context, krb5_pac p,
*
*/
krb5_error_code
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_pac_get_types(krb5_context context,
krb5_pac p,
size_t *len,
@ -408,7 +408,7 @@ krb5_pac_get_types(krb5_context context,
*types = calloc(p->pac->numbuffers, sizeof(*types));
if (*types == NULL) {
*len = 0;
return _krb5_enomem(context);
return krb5_enomem(context);
}
for (i = 0; i < p->pac->numbuffers; i++)
(*types)[i] = p->pac->buffers[i].type;
@ -421,7 +421,7 @@ krb5_pac_get_types(krb5_context context,
*
*/
void
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
krb5_pac_free(krb5_context context, krb5_pac pac)
{
krb5_data_free(&pac->data);
@ -450,7 +450,7 @@ verify_checksum(krb5_context context,
sp = krb5_storage_from_mem((char *)data->data + sig->offset_lo,
sig->buffersize);
if (sp == NULL)
return _krb5_enomem(context);
return krb5_enomem(context);
krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
@ -460,7 +460,7 @@ verify_checksum(krb5_context context,
sig->buffersize - krb5_storage_seek(sp, 0, SEEK_CUR);
cksum.checksum.data = malloc(cksum.checksum.length);
if (cksum.checksum.data == NULL) {
ret = _krb5_enomem(context);
ret = krb5_enomem(context);
goto out;
}
ret = krb5_storage_read(sp, cksum.checksum.data, cksum.checksum.length);
@ -604,7 +604,7 @@ verify_logonname(krb5_context context,
sp = krb5_storage_from_readonly_mem((const char *)data->data + logon_name->offset_lo,
logon_name->buffersize);
if (sp == NULL)
return _krb5_enomem(context);
return krb5_enomem(context);
krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
@ -631,7 +631,7 @@ verify_logonname(krb5_context context,
s = malloc(len);
if (s == NULL) {
krb5_storage_free(sp);
return _krb5_enomem(context);
return krb5_enomem(context);
}
ret = krb5_storage_read(sp, s, len);
if (ret != len) {
@ -648,7 +648,7 @@ verify_logonname(krb5_context context,
ucs2 = malloc(sizeof(ucs2[0]) * ucs2len);
if (ucs2 == NULL)
return _krb5_enomem(context);
return krb5_enomem(context);
ret = wind_ucs2read(s, len, &flags, ucs2, &ucs2len);
free(s);
@ -667,7 +667,7 @@ verify_logonname(krb5_context context,
s = malloc(u8len);
if (s == NULL) {
free(ucs2);
return _krb5_enomem(context);
return krb5_enomem(context);
}
ret = wind_ucs2utf8(ucs2, ucs2len, s, &u8len);
free(ucs2);
@ -714,7 +714,7 @@ build_logon_name(krb5_context context,
sp = krb5_storage_emem();
if (sp == NULL)
return _krb5_enomem(context);
return krb5_enomem(context);
krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
@ -733,7 +733,7 @@ build_logon_name(krb5_context context,
#if 1 /* cheat for now */
s2 = malloc(len * 2);
if (s2 == NULL) {
ret = _krb5_enomem(context);
ret = krb5_enomem(context);
free(s);
goto out;
}
@ -749,7 +749,7 @@ build_logon_name(krb5_context context,
ret = krb5_storage_write(sp, s2, len * 2);
free(s2);
if (ret != len * 2) {
ret = _krb5_enomem(context);
ret = krb5_enomem(context);
goto out;
}
ret = krb5_storage_to_data(sp, logon);
@ -780,7 +780,7 @@ out:
* @ingroup krb5_pac
*/
krb5_error_code
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_pac_verify(krb5_context context,
const krb5_pac pac,
time_t authtime,
@ -877,7 +877,7 @@ fill_zeros(krb5_context context, krb5_storage *sp, size_t len)
l = sizeof(zeros);
sret = krb5_storage_write(sp, zeros, l);
if (sret <= 0)
return _krb5_enomem(context);
return krb5_enomem(context);
len -= sret;
}
@ -949,7 +949,7 @@ _krb5_pac_sign(krb5_context context,
ptr = realloc(p->pac, sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * (p->pac->numbuffers + num - 1)));
if (ptr == NULL)
return _krb5_enomem(context);
return krb5_enomem(context);
p->pac = ptr;
@ -986,14 +986,14 @@ _krb5_pac_sign(krb5_context context,
/* Encode PAC */
sp = krb5_storage_emem();
if (sp == NULL)
return _krb5_enomem(context);
return krb5_enomem(context);
krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
spdata = krb5_storage_emem();
if (spdata == NULL) {
krb5_storage_free(sp);
return _krb5_enomem(context);
return krb5_enomem(context);
}
krb5_storage_set_flags(spdata, KRB5_STORAGE_BYTEORDER_LE);
@ -1031,7 +1031,7 @@ _krb5_pac_sign(krb5_context context,
sret = krb5_storage_write(spdata, ptr, len);
if (sret != len) {
ret = _krb5_enomem(context);
ret = krb5_enomem(context);
goto out;
}
/* XXX if not aligned, fill_zeros */
@ -1068,14 +1068,14 @@ _krb5_pac_sign(krb5_context context,
ret = krb5_storage_write(sp, d.data, d.length);
if (ret != d.length) {
krb5_data_free(&d);
ret = _krb5_enomem(context);
ret = krb5_enomem(context);
goto out;
}
krb5_data_free(&d);
ret = krb5_storage_to_data(sp, &d);
if (ret) {
ret = _krb5_enomem(context);
ret = krb5_enomem(context);
goto out;
}

2
source4/heimdal/lib/krb5/padata.c
View File

@ -33,7 +33,7 @@
#include "krb5_locl.h"
PA_DATA *
KRB5_LIB_FUNCTION PA_DATA * KRB5_LIB_CALL
krb5_find_padata(PA_DATA *val, unsigned len, int type, int *idx)
{
for(; *idx < len; (*idx)++)

2
source4/heimdal/lib/krb5/pcache.c
View File

@ -54,7 +54,7 @@ _krb5_load_ccache_plugins(krb5_context context)
ccops = _krb5_plugin_get_symbol(p);
if (ccops != NULL && ccops->version == KRB5_CC_OPS_VERSION) {
c_load = krb5_cc_register(context, ccops, FALSE);
c_load = krb5_cc_register(context, ccops, TRUE);
if (c_load != 0)
code = c_load;
}

16
source4/heimdal/lib/krb5/pkinit.c
View File

@ -2455,9 +2455,9 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context,
}
krb5_error_code KRB5_LIB_FUNCTION
_krb5_get_init_creds_opt_set_pkinit_user_certs(krb5_context context,
krb5_get_init_creds_opt *opt,
struct hx509_certs_data *certs)
krb5_get_init_creds_opt_set_pkinit_user_certs(krb5_context context,
krb5_get_init_creds_opt *opt,
struct hx509_certs_data *certs)
{
#ifdef PKINIT
if (opt->opt_private == NULL) {
@ -2529,11 +2529,11 @@ find_ms_san(hx509_context context, hx509_cert cert, void *ctx)
*/
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_pk_enterprise_cert(krb5_context context,
const char *user_id,
krb5_const_realm realm,
krb5_principal *principal,
struct hx509_certs_data **res)
krb5_pk_enterprise_cert(krb5_context context,
const char *user_id,
krb5_const_realm realm,
krb5_principal *principal,
struct hx509_certs_data **res)
{
#ifdef PKINIT
krb5_error_code ret;

72
source4/heimdal/lib/krb5/plugin.c
View File

@ -135,7 +135,7 @@ loadlib(krb5_context context, char *path)
* @ingroup krb5_support
*/
krb5_error_code
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_plugin_register(krb5_context context,
enum krb5_plugin_type type,
const char *name,
@ -179,6 +179,43 @@ krb5_plugin_register(krb5_context context,
return 0;
}
static int
is_valid_plugin_filename(const char * n)
{
if (n[0] == '.' && (n[1] == '\0' || (n[1] == '.' && n[2] == '\0')))
return 0;
#ifdef _WIN32
/* On Windows, we only attempt to load .dll files as plug-ins. */
{
const char * ext;
ext = strrchr(n, '.');
if (ext == NULL)
return 0;
return !stricmp(ext, ".dll");
}
#endif
return 1;
}
static void
trim_trailing_slash(char * path)
{
size_t l;
l = strlen(path);
while (l > 0 && (path[l - 1] == '/'
#ifdef BACKSLASH_PATH_DELIM
|| path[l - 1] == '\\'
#endif
)) {
path[--l] = '\0';
}
}
static krb5_error_code
load_plugins(krb5_context context)
{
@ -201,28 +238,27 @@ load_plugins(krb5_context context)
dirs = rk_UNCONST(sysplugin_dirs);
for (di = dirs; *di != NULL; di++) {
char * dir = *di;
#ifdef KRB5_USE_PATH_TOKENS
{
char * dir = NULL;
if (_krb5_expand_path_tokens(context, *di, &dir))
continue;
d = opendir(dir);
free(dir);
}
#else
d = opendir(*di);
if (_krb5_expand_path_tokens(context, *di, &dir))
goto next_dir;
#endif
trim_trailing_slash(dir);
d = opendir(dir);
if (d == NULL)
continue;
goto next_dir;
rk_cloexec_dir(d);
while ((entry = readdir(d)) != NULL) {
char *n = entry->d_name;
/* skip . and .. */
if (n[0] == '.' && (n[1] == '\0' || (n[1] == '.' && n[2] == '\0')))
if (!is_valid_plugin_filename(n))
continue;
path = NULL;
@ -231,11 +267,11 @@ load_plugins(krb5_context context)
{ /* support loading bundles on MacOS */
size_t len = strlen(n);
if (len > 7 && strcmp(&n[len - 7], ".bundle") == 0)
ret = asprintf(&path, "%s/%s/Contents/MacOS/%.*s", *di, n, (int)(len - 7), n);
ret = asprintf(&path, "%s/%s/Contents/MacOS/%.*s", dir, n, (int)(len - 7), n);
}
#endif
if (ret < 0 || path == NULL)
ret = asprintf(&path, "%s/%s", *di, n);
ret = asprintf(&path, "%s/%s", dir, n);
if (ret < 0 || path == NULL) {
ret = ENOMEM;
@ -254,6 +290,10 @@ load_plugins(krb5_context context)
}
}
closedir(d);
next_dir:
if (dir != *di)
free(dir);
}
if (dirs != rk_UNCONST(sysplugin_dirs))
krb5_config_free_strings(dirs);

437
source4/heimdal/lib/krb5/principal.c
View File

@ -721,7 +721,7 @@ krb5_build_principal(krb5_context context,
* @ingroup krb5_principal
*/
krb5_error_code KRB5_LIB_FUNCTION
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_make_principal(krb5_context context,
krb5_principal *principal,
krb5_const_realm realm,
@ -1013,437 +1013,6 @@ krb5_principal_match(krb5_context context,
return TRUE;
}
#if defined(KRB4) || !defined(HEIMDAL_SMALLER)
static struct v4_name_convert {
const char *from;
const char *to;
} default_v4_name_convert[] = {
{ "ftp", "ftp" },
{ "hprop", "hprop" },
{ "pop", "pop" },
{ "imap", "imap" },
{ "rcmd", "host" },
{ "smtp", "smtp" },
{ NULL, NULL }
};
#endif
#ifdef KRB4
/*
* return the converted instance name of `name' in `realm'.
* look in the configuration file and then in the default set above.
* return NULL if no conversion is appropriate.
*/
static const char*
get_name_conversion(krb5_context context, const char *realm, const char *name)
{
struct v4_name_convert *q;
const char *p;
p = krb5_config_get_string(context, NULL, "realms", realm,
"v4_name_convert", "host", name, NULL);
if(p == NULL)
p = krb5_config_get_string(context, NULL, "libdefaults",
"v4_name_convert", "host", name, NULL);
if(p)
return p;
/* XXX should be possible to override default list */
p = krb5_config_get_string(context, NULL,
"realms",
realm,
"v4_name_convert",
"plain",
name,
NULL);
if(p)
return NULL;
p = krb5_config_get_string(context, NULL,
"libdefaults",
"v4_name_convert",
"plain",
name,
NULL);
if(p)
return NULL;
for(q = default_v4_name_convert; q->from; q++)
if(strcmp(q->from, name) == 0)
return q->to;
return NULL;
}
/*
* convert the v4 principal `name.instance@realm' to a v5 principal in `princ'.
* if `resolve', use DNS.
* if `func', use that function for validating the conversion
*/
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_425_conv_principal_ext2(krb5_context context,
const char *name,
const char *instance,
const char *realm,
krb5_boolean (*func)(krb5_context,
void *, krb5_principal),
void *funcctx,
krb5_boolean resolve,
krb5_principal *princ)
{
const char *p;
krb5_error_code ret;
krb5_principal pr;
char host[MAXHOSTNAMELEN];
char local_hostname[MAXHOSTNAMELEN];
/* do the following: if the name is found in the
`v4_name_convert:host' part, is assumed to be a `host' type
principal, and the instance is looked up in the
`v4_instance_convert' part. if not found there the name is
(optionally) looked up as a hostname, and if that doesn't yield
anything, the `default_domain' is appended to the instance
*/
if(instance == NULL)
goto no_host;
if(instance[0] == 0){
instance = NULL;
goto no_host;
}
p = get_name_conversion(context, realm, name);
if(p == NULL)
goto no_host;
name = p;
p = krb5_config_get_string(context, NULL, "realms", realm,
"v4_instance_convert", instance, NULL);
if(p){
instance = p;
ret = krb5_make_principal(context, &pr, realm, name, instance, NULL);
if (ret)
return ret;
if(func == NULL || (*func)(context, funcctx, pr)){
*princ = pr;
return 0;
}
krb5_free_principal(context, pr);
*princ = NULL;
krb5_clear_error_message (context);
return HEIM_ERR_V4_PRINC_NO_CONV;
}
if(resolve){
krb5_boolean passed = FALSE;
char *inst = NULL;
#ifdef USE_RESOLVER
struct rk_dns_reply *r;
r = rk_dns_lookup(instance, "aaaa");
if (r) {
if (r->head && r->head->type == rk_ns_t_aaaa) {
inst = strdup(r->head->domain);
passed = TRUE;
}
rk_dns_free_data(r);
} else {
r = rk_dns_lookup(instance, "a");
if (r) {
if(r->head && r->head->type == rk_ns_t_a) {
inst = strdup(r->head->domain);
passed = TRUE;
}
rk_dns_free_data(r);
}
}
#else
struct addrinfo hints, *ai;
memset (&hints, 0, sizeof(hints));
hints.ai_flags = AI_CANONNAME;
ret = getaddrinfo(instance, NULL, &hints, &ai);
if (ret == 0) {
const struct addrinfo *a;
for (a = ai; a != NULL; a = a->ai_next) {
if (a->ai_canonname != NULL) {
inst = strdup (a->ai_canonname);
passed = TRUE;
break;
}
}
freeaddrinfo (ai);
}
#endif
if (passed) {
if (inst == NULL) {
krb5_set_error_message(context, ENOMEM,
N_("malloc: out of memory", ""));
return ENOMEM;
}
strlwr(inst);
ret = krb5_make_principal(context, &pr, realm, name, inst,
NULL);
free (inst);
if(ret == 0) {
if(func == NULL || (*func)(context, funcctx, pr)){
*princ = pr;
return 0;
}
krb5_free_principal(context, pr);
}
}
}
if(func != NULL) {
snprintf(host, sizeof(host), "%s.%s", instance, realm);
strlwr(host);
ret = krb5_make_principal(context, &pr, realm, name, host, NULL);
if (ret)
return ret;
if((*func)(context, funcctx, pr)){
*princ = pr;
return 0;
}
krb5_free_principal(context, pr);
}
/*
* if the instance is the first component of the local hostname,
* the converted host should be the long hostname.
*/
if (func == NULL &&
gethostname (local_hostname, sizeof(local_hostname)) == 0 &&
strncmp(instance, local_hostname, strlen(instance)) == 0 &&
local_hostname[strlen(instance)] == '.') {
strlcpy(host, local_hostname, sizeof(host));
goto local_host;
}
{
char **domains, **d;
domains = krb5_config_get_strings(context, NULL, "realms", realm,
"v4_domains", NULL);
for(d = domains; d && *d; d++){
snprintf(host, sizeof(host), "%s.%s", instance, *d);
ret = krb5_make_principal(context, &pr, realm, name, host, NULL);
if (ret) {
krb5_config_free_strings(domains);
return ret;
}
if(func == NULL || (*func)(context, funcctx, pr)){
*princ = pr;
krb5_config_free_strings(domains);
return 0;
}
krb5_free_principal(context, pr);
}
krb5_config_free_strings(domains);
}
p = krb5_config_get_string(context, NULL, "realms", realm,
"default_domain", NULL);
if(p == NULL){
/* this should be an error, just faking a name is not good */
krb5_clear_error_message (context);
return HEIM_ERR_V4_PRINC_NO_CONV;
}
if (*p == '.')
++p;
snprintf(host, sizeof(host), "%s.%s", instance, p);
local_host:
ret = krb5_make_principal(context, &pr, realm, name, host, NULL);
if (ret)
return ret;
if(func == NULL || (*func)(context, funcctx, pr)){
*princ = pr;
return 0;
}
krb5_free_principal(context, pr);
krb5_clear_error_message (context);
return HEIM_ERR_V4_PRINC_NO_CONV;
no_host:
p = krb5_config_get_string(context, NULL,
"realms",
realm,
"v4_name_convert",
"plain",
name,
NULL);
if(p == NULL)
p = krb5_config_get_string(context, NULL,
"libdefaults",
"v4_name_convert",
"plain",
name,
NULL);
if(p)
name = p;
ret = krb5_make_principal(context, &pr, realm, name, instance, NULL);
if (ret)
return ret;
if(func == NULL || (*func)(context, funcctx, pr)){
*princ = pr;
return 0;
}
krb5_free_principal(context, pr);
krb5_clear_error_message (context);
return HEIM_ERR_V4_PRINC_NO_CONV;
}
#endif /* KRB4 */
#ifndef HEIMDAL_SMALLER
static int
check_list(const krb5_config_binding *l, const char *name, const char **out)
{
while(l){
if (l->type != krb5_config_string)
continue;
if(strcmp(name, l->u.string) == 0) {
*out = l->name;
return 1;
}
l = l->next;
}
return 0;
}
static int
name_convert(krb5_context context, const char *name, const char *realm,
const char **out)
{
const krb5_config_binding *l;
l = krb5_config_get_list (context,
NULL,
"realms",
realm,
"v4_name_convert",
"host",
NULL);
if(l && check_list(l, name, out))
return KRB5_NT_SRV_HST;
l = krb5_config_get_list (context,
NULL,
"libdefaults",
"v4_name_convert",
"host",
NULL);
if(l && check_list(l, name, out))
return KRB5_NT_SRV_HST;
l = krb5_config_get_list (context,
NULL,
"realms",
realm,
"v4_name_convert",
"plain",
NULL);
if(l && check_list(l, name, out))
return KRB5_NT_UNKNOWN;
l = krb5_config_get_list (context,
NULL,
"libdefaults",
"v4_name_convert",
"host",
NULL);
if(l && check_list(l, name, out))
return KRB5_NT_UNKNOWN;
/* didn't find it in config file, try built-in list */
#ifdef KRB4
{
struct v4_name_convert *q;
for(q = default_v4_name_convert; q->from; q++) {
if(strcmp(name, q->to) == 0) {
*out = q->from;
return KRB5_NT_SRV_HST;
}
}
}
#endif
return -1;
}
/*
* convert the v5 principal in `principal' into a v4 corresponding one
* in `name, instance, realm'
* this is limited interface since there's no length given for these
* three parameters. They have to be 40 bytes each (ANAME_SZ).
*/
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_524_conv_principal(krb5_context context,
const krb5_principal principal,
char *name,
char *instance,
char *realm)
{
const char *n, *i, *r;
char tmpinst[40];
int type = princ_type(principal);
const int aname_sz = 40;
r = principal->realm;
switch(principal->name.name_string.len){
case 1:
n = principal->name.name_string.val[0];
i = "";
break;
case 2:
n = principal->name.name_string.val[0];
i = principal->name.name_string.val[1];
break;
default:
krb5_set_error_message(context, KRB5_PARSE_MALFORMED,
N_("cannot convert a %d "
"component principal", ""),
principal->name.name_string.len);
return KRB5_PARSE_MALFORMED;
}
{
const char *tmp;
int t = name_convert(context, n, r, &tmp);
if(t >= 0) {
type = t;
n = tmp;
}
}
if(type == KRB5_NT_SRV_HST){
char *p;
strlcpy (tmpinst, i, sizeof(tmpinst));
p = strchr(tmpinst, '.');
if(p)
*p = 0;
i = tmpinst;
}
if (strlcpy (name, n, aname_sz) >= aname_sz) {
krb5_set_error_message(context, KRB5_PARSE_MALFORMED,
N_("too long name component to convert", ""));
return KRB5_PARSE_MALFORMED;
}
if (strlcpy (instance, i, aname_sz) >= aname_sz) {
krb5_set_error_message(context, KRB5_PARSE_MALFORMED,
N_("too long instance component to convert", ""));
return KRB5_PARSE_MALFORMED;
}
if (strlcpy (realm, r, aname_sz) >= aname_sz) {
krb5_set_error_message(context, KRB5_PARSE_MALFORMED,
N_("too long realm component to convert", ""));
return KRB5_PARSE_MALFORMED;
}
return 0;
}
#endif /* !HEIMDAL_SMALLER */
/**
* Create a principal for the service running on hostname. If
* KRB5_NT_SRV_HST is used, the hostname is canonization using DNS (or
@ -1536,7 +1105,7 @@ static const struct {
* @ingroup krb5_principal
*/
krb5_error_code
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_parse_nametype(krb5_context context, const char *str, int32_t *nametype)
{
size_t i;
@ -1558,7 +1127,7 @@ krb5_parse_nametype(krb5_context context, const char *str, int32_t *nametype)
* @ingroup krb5_principal
*/
krb5_boolean
KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_principal_is_krbtgt(krb5_context context, krb5_const_principal p)
{
return p->name.name_string.len == 2 &&

2
source4/heimdal/lib/krb5/ticket.c
View File

@ -177,7 +177,7 @@ krb5_ticket_get_endtime(krb5_context context,
*
* @ingroup krb5_ticket
*/
unsigned long
KRB5_LIB_FUNCTION unsigned long KRB5_LIB_CALL
krb5_ticket_get_flags(krb5_context context,
const krb5_ticket *ticket)
{

960
source4/heimdal/lib/krb5/v4_glue.c
View File

@ -1,960 +0,0 @@
/*
* Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "krb5_locl.h"
#include "krb5-v4compat.h"
#ifndef HEIMDAL_SMALLER
/*
*
*/
#define RCHECK(r,func,label) \
do { (r) = func ; if (r) goto label; } while(0);
/* include this here, to avoid dependencies on libkrb */
static const int _tkt_lifetimes[TKTLIFENUMFIXED] = {
38400, 41055, 43894, 46929, 50174, 53643, 57352, 61318,
65558, 70091, 74937, 80119, 85658, 91581, 97914, 104684,
111922, 119661, 127935, 136781, 146239, 156350, 167161, 178720,
191077, 204289, 218415, 233517, 249664, 266926, 285383, 305116,
326213, 348769, 372885, 398668, 426234, 455705, 487215, 520904,
556921, 595430, 636601, 680618, 727680, 777995, 831789, 889303,
950794, 1016537, 1086825, 1161973, 1242318, 1328218, 1420057, 1518247,
1623226, 1735464, 1855462, 1983758, 2120925, 2267576, 2424367, 2592000
};
KRB5_LIB_FUNCTION int KRB5_LIB_CALL
_krb5_krb_time_to_life(time_t start, time_t end)
{
int i;
time_t life = end - start;
if (life > MAXTKTLIFETIME || life <= 0)
return 0;
#if 0
if (krb_no_long_lifetimes)
return (life + 5*60 - 1)/(5*60);
#endif
if (end >= NEVERDATE)
return TKTLIFENOEXPIRE;
if (life < _tkt_lifetimes[0])
return (life + 5*60 - 1)/(5*60);
for (i=0; i<TKTLIFENUMFIXED; i++)
if (life <= _tkt_lifetimes[i])
return i + TKTLIFEMINFIXED;
return 0;
}
KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL
_krb5_krb_life_to_time(int start, int life_)
{
unsigned char life = (unsigned char) life_;
#if 0
if (krb_no_long_lifetimes)
return start + life*5*60;
#endif
if (life == TKTLIFENOEXPIRE)
return NEVERDATE;
if (life < TKTLIFEMINFIXED)
return start + life*5*60;
if (life > TKTLIFEMAXFIXED)
return start + MAXTKTLIFETIME;
return start + _tkt_lifetimes[life - TKTLIFEMINFIXED];
}
/*
* Get the name of the krb4 credentials cache, will use `tkfile' as
* the name if that is passed in. `cc' must be free()ed by caller,
*/
static krb5_error_code
get_krb4_cc_name(const char *tkfile, char **cc)
{
*cc = NULL;
if(tkfile == NULL) {
char *path;
if(!issuid()) {
path = getenv("KRBTKFILE");
if (path)
*cc = strdup(path);
}
#ifdef HAVE_GETUID
if(*cc == NULL)
if (asprintf(cc, "%s%u", TKT_ROOT, (unsigned)getuid()) < 0 || *cc == NULL)
return errno;
#elif defined(KRB5_USE_PATH_TOKENS)
if(*cc == NULL)
if (_krb5_expand_path_tokens(NULL, TKT_ROOT "%{uid}", cc))
return ENOMEM;
#endif
} else {
*cc = strdup(tkfile);
if (*cc == NULL)
return ENOMEM;
}
return 0;
}
/*
* Write a Kerberos 4 ticket file
*/
#define KRB5_TF_LCK_RETRY_COUNT 50
#define KRB5_TF_LCK_RETRY 1
static krb5_error_code
write_v4_cc(krb5_context context, const char *tkfile,
krb5_storage *sp, int append)
{
krb5_error_code ret;
struct stat sb;
krb5_data data;
char *path;
int fd, i;
ret = get_krb4_cc_name(tkfile, &path);
if (ret) {
krb5_set_error_message(context, ret,
N_("Failed getting the krb4 credentials "
"cache name", ""));
return ret;
}
fd = open(path, O_WRONLY|O_CREAT, 0600);
if (fd < 0) {
ret = errno;
krb5_set_error_message(context, ret,
N_("Failed opening krb4 credential cache "
"%s: %s", "path, error"),
path, strerror(ret));
free(path);
return ret;
}
rk_cloexec(fd);
if (fstat(fd, &sb) != 0 || !S_ISREG(sb.st_mode)) {
krb5_set_error_message(context, ret,
N_("krb4 credential cache %s is not a file", ""),
path);
free(path);
close(fd);
return KRB5_FCC_PERM;
}
for (i = 0; i < KRB5_TF_LCK_RETRY_COUNT; i++) {
if (flock(fd, LOCK_EX | LOCK_NB) < 0) {
sleep(KRB5_TF_LCK_RETRY);
} else
break;
}
if (i == KRB5_TF_LCK_RETRY_COUNT) {
krb5_set_error_message(context, KRB5_FCC_PERM,
N_("Failed to lock credentail cache %s", ""),
path);
free(path);
close(fd);
return KRB5_FCC_PERM;
}
if (!append) {
ret = ftruncate(fd, 0);
if (ret < 0) {
flock(fd, LOCK_UN);
krb5_set_error_message(context, KRB5_FCC_PERM,
N_("Failed to truncate krb4 cc %s", ""),
path);
free(path);
close(fd);
return KRB5_FCC_PERM;
}
}
ret = lseek(fd, 0L, SEEK_END);
if (ret < 0) {
ret = errno;
flock(fd, LOCK_UN);
free(path);
close(fd);
return ret;
}
krb5_storage_to_data(sp, &data);
ret = write(fd, data.data, data.length);
if (ret != data.length)
ret = KRB5_CC_IO;
else
ret = 0;
krb5_data_free(&data);
flock(fd, LOCK_UN);
free(path);
close(fd);
return ret;
}
/*
*
*/
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_krb_tf_setup(krb5_context context,
struct credentials *v4creds,
const char *tkfile,
int append)
{
krb5_error_code ret;
krb5_storage *sp;
sp = krb5_storage_emem();
if (sp == NULL)
return ENOMEM;
krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_HOST);
krb5_storage_set_eof_code(sp, KRB5_CC_IO);
krb5_clear_error_message(context);
if (!append) {
RCHECK(ret, krb5_store_stringz(sp, v4creds->pname), error);
RCHECK(ret, krb5_store_stringz(sp, v4creds->pinst), error);
}
/* cred */
RCHECK(ret, krb5_store_stringz(sp, v4creds->service), error);
RCHECK(ret, krb5_store_stringz(sp, v4creds->instance), error);
RCHECK(ret, krb5_store_stringz(sp, v4creds->realm), error);
ret = krb5_storage_write(sp, v4creds->session, 8);
if (ret != 8) {
ret = KRB5_CC_IO;
goto error;
}
RCHECK(ret, krb5_store_int32(sp, v4creds->lifetime), error);
RCHECK(ret, krb5_store_int32(sp, v4creds->kvno), error);
RCHECK(ret, krb5_store_int32(sp, v4creds->ticket_st.length), error);
ret = krb5_storage_write(sp, v4creds->ticket_st.dat,
v4creds->ticket_st.length);
if (ret != v4creds->ticket_st.length) {
ret = KRB5_CC_IO;
goto error;
}
RCHECK(ret, krb5_store_int32(sp, v4creds->issue_date), error);
ret = write_v4_cc(context, tkfile, sp, append);
error:
krb5_storage_free(sp);
return ret;
}
/*
*
*/
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_krb_dest_tkt(krb5_context context, const char *tkfile)
{
krb5_error_code ret;
char *path;
ret = get_krb4_cc_name(tkfile, &path);
if (ret) {
krb5_set_error_message(context, ret,
N_("Failed getting the krb4 credentials "
"cache name", ""));
return ret;
}
if (unlink(path) < 0) {
ret = errno;
krb5_set_error_message(context, ret,
N_("Failed removing the cache %s "
"with error %s", "path, error"),
path, strerror(ret));
}
free(path);
return ret;
}
/*
*
*/
static krb5_error_code
decrypt_etext(krb5_context context, const krb5_keyblock *key,
const krb5_data *cdata, krb5_data *data)
{
krb5_error_code ret;
krb5_crypto crypto;
ret = krb5_crypto_init(context, key, ETYPE_DES_PCBC_NONE, &crypto);
if (ret)
return ret;
ret = krb5_decrypt(context, crypto, 0, cdata->data, cdata->length, data);
krb5_crypto_destroy(context, crypto);
return ret;
}
/*
*
*/
static const char eightzeros[8] = "\x00\x00\x00\x00\x00\x00\x00\x00";
static krb5_error_code
storage_to_etext(krb5_context context,
krb5_storage *sp,
const krb5_keyblock *key,
krb5_data *enc_data)
{
krb5_error_code ret;
krb5_crypto crypto;
krb5_ssize_t size;
krb5_data data;
/* multiple of eight bytes, don't round up */
size = krb5_storage_seek(sp, 0, SEEK_END);
if (size < 0)
return KRB4ET_RD_AP_UNDEC;
size = ((size+7) & ~7) - size;
ret = krb5_storage_write(sp, eightzeros, size);
if (ret != size)
return KRB4ET_RD_AP_UNDEC;
ret = krb5_storage_to_data(sp, &data);
if (ret)
return ret;
ret = krb5_crypto_init(context, key, ETYPE_DES_PCBC_NONE, &crypto);
if (ret) {
krb5_data_free(&data);
return ret;
}
ret = krb5_encrypt(context, crypto, 0, data.data, data.length, enc_data);
krb5_data_free(&data);
krb5_crypto_destroy(context, crypto);
return ret;
}
/*
*
*/
static krb5_error_code
put_nir(krb5_storage *sp, const char *name,
const char *instance, const char *realm)
{
krb5_error_code ret;
RCHECK(ret, krb5_store_stringz(sp, name), error);
RCHECK(ret, krb5_store_stringz(sp, instance), error);
if (realm) {
RCHECK(ret, krb5_store_stringz(sp, realm), error);
}
error:
return ret;
}
/*
*
*/
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_krb_create_ticket(krb5_context context,
unsigned char flags,
const char *pname,
const char *pinstance,
const char *prealm,
int32_t paddress,
const krb5_keyblock *session,
int16_t life,
int32_t life_sec,
const char *sname,
const char *sinstance,
const krb5_keyblock *key,
krb5_data *enc_data)
{
krb5_error_code ret;
krb5_storage *sp;
krb5_data_zero(enc_data);
sp = krb5_storage_emem();
if (sp == NULL) {
krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
return ENOMEM;
}
krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE);
RCHECK(ret, krb5_store_int8(sp, flags), error);
RCHECK(ret, put_nir(sp, pname, pinstance, prealm), error);
RCHECK(ret, krb5_store_int32(sp, ntohl(paddress)), error);
/* session key */
ret = krb5_storage_write(sp,
session->keyvalue.data,
session->keyvalue.length);
if (ret != session->keyvalue.length) {
ret = KRB4ET_INTK_PROT;
goto error;
}
RCHECK(ret, krb5_store_int8(sp, life), error);
RCHECK(ret, krb5_store_int32(sp, life_sec), error);
RCHECK(ret, put_nir(sp, sname, sinstance, NULL), error);
ret = storage_to_etext(context, sp, key, enc_data);
error:
krb5_storage_free(sp);
if (ret)
krb5_set_error_message(context, ret,
N_("Failed to encode kerberos 4 ticket", ""));
return ret;
}
/*
*
*/
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_krb_create_ciph(krb5_context context,
const krb5_keyblock *session,
const char *service,
const char *instance,
const char *realm,
uint32_t life,
unsigned char kvno,
const krb5_data *ticket,
uint32_t kdc_time,
const krb5_keyblock *key,
krb5_data *enc_data)
{
krb5_error_code ret;
krb5_storage *sp;
krb5_data_zero(enc_data);
sp = krb5_storage_emem();
if (sp == NULL) {
krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
return ENOMEM;
}
krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE);
/* session key */
ret = krb5_storage_write(sp,
session->keyvalue.data,
session->keyvalue.length);
if (ret != session->keyvalue.length) {
ret = KRB4ET_INTK_PROT;
goto error;
}
RCHECK(ret, put_nir(sp, service, instance, realm), error);
RCHECK(ret, krb5_store_int8(sp, life), error);
RCHECK(ret, krb5_store_int8(sp, kvno), error);
RCHECK(ret, krb5_store_int8(sp, ticket->length), error);
ret = krb5_storage_write(sp, ticket->data, ticket->length);
if (ret != ticket->length) {
ret = KRB4ET_INTK_PROT;
goto error;
}
RCHECK(ret, krb5_store_int32(sp, kdc_time), error);
ret = storage_to_etext(context, sp, key, enc_data);
error:
krb5_storage_free(sp);
if (ret)
krb5_set_error_message(context, ret,
N_("Failed to encode kerberos 4 ticket", ""));
return ret;
}
/*
*
*/
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_krb_create_auth_reply(krb5_context context,
const char *pname,
const char *pinst,
const char *prealm,
int32_t time_ws,
int n,
uint32_t x_date,
unsigned char kvno,
const krb5_data *cipher,
krb5_data *data)
{
krb5_error_code ret;
krb5_storage *sp;
krb5_data_zero(data);
sp = krb5_storage_emem();
if (sp == NULL) {
krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
return ENOMEM;
}
krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE);
RCHECK(ret, krb5_store_int8(sp, KRB_PROT_VERSION), error);
RCHECK(ret, krb5_store_int8(sp, AUTH_MSG_KDC_REPLY), error);
RCHECK(ret, put_nir(sp, pname, pinst, prealm), error);
RCHECK(ret, krb5_store_int32(sp, time_ws), error);
RCHECK(ret, krb5_store_int8(sp, n), error);
RCHECK(ret, krb5_store_int32(sp, x_date), error);
RCHECK(ret, krb5_store_int8(sp, kvno), error);
RCHECK(ret, krb5_store_int16(sp, cipher->length), error);
ret = krb5_storage_write(sp, cipher->data, cipher->length);
if (ret != cipher->length) {
ret = KRB4ET_INTK_PROT;
goto error;
}
ret = krb5_storage_to_data(sp, data);
error:
krb5_storage_free(sp);
if (ret)
krb5_set_error_message(context, ret,
N_("Failed to encode kerberos 4 ticket", ""));
return ret;
}
/*
*
*/
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_krb_cr_err_reply(krb5_context context,
const char *name,
const char *inst,
const char *realm,
uint32_t time_ws,
uint32_t e,
const char *e_string,
krb5_data *data)
{
krb5_error_code ret;
krb5_storage *sp;
krb5_data_zero(data);
if (name == NULL) name = "";
if (inst == NULL) inst = "";
if (realm == NULL) realm = "";
if (e_string == NULL) e_string = "";
sp = krb5_storage_emem();
if (sp == NULL) {
krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
return ENOMEM;
}
krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE);
RCHECK(ret, krb5_store_int8(sp, KRB_PROT_VERSION), error);
RCHECK(ret, krb5_store_int8(sp, AUTH_MSG_ERR_REPLY), error);
RCHECK(ret, put_nir(sp, name, inst, realm), error);
RCHECK(ret, krb5_store_int32(sp, time_ws), error);
/* If it is a Kerberos 4 error-code, remove the et BASE */
if (e >= ERROR_TABLE_BASE_krb && e <= ERROR_TABLE_BASE_krb + 255)
e -= ERROR_TABLE_BASE_krb;
RCHECK(ret, krb5_store_int32(sp, e), error);
RCHECK(ret, krb5_store_stringz(sp, e_string), error);
ret = krb5_storage_to_data(sp, data);
error:
krb5_storage_free(sp);
if (ret)
krb5_set_error_message(context, ret, "Failed to encode kerberos 4 error");
return 0;
}
static krb5_error_code
get_v4_stringz(krb5_storage *sp, char **str, size_t max_len)
{
krb5_error_code ret;
ret = krb5_ret_stringz(sp, str);
if (ret)
return ret;
if (strlen(*str) > max_len) {
free(*str);
*str = NULL;
return KRB4ET_INTK_PROT;
}
return 0;
}
/*
*
*/
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_krb_decomp_ticket(krb5_context context,
const krb5_data *enc_ticket,
const krb5_keyblock *key,
const char *local_realm,
char **sname,
char **sinstance,
struct _krb5_krb_auth_data *ad)
{
krb5_error_code ret;
krb5_ssize_t size;
krb5_storage *sp = NULL;
krb5_data ticket;
unsigned char des_key[8];
memset(ad, 0, sizeof(*ad));
krb5_data_zero(&ticket);
*sname = NULL;
*sinstance = NULL;
RCHECK(ret, decrypt_etext(context, key, enc_ticket, &ticket), error);
sp = krb5_storage_from_data(&ticket);
if (sp == NULL) {
krb5_data_free(&ticket);
krb5_set_error_message(context, ENOMEM, "alloc: out of memory");
return ENOMEM;
}
krb5_storage_set_eof_code(sp, KRB4ET_INTK_PROT);
RCHECK(ret, krb5_ret_int8(sp, &ad->k_flags), error);
RCHECK(ret, get_v4_stringz(sp, &ad->pname, ANAME_SZ), error);
RCHECK(ret, get_v4_stringz(sp, &ad->pinst, INST_SZ), error);
RCHECK(ret, get_v4_stringz(sp, &ad->prealm, REALM_SZ), error);
RCHECK(ret, krb5_ret_uint32(sp, &ad->address), error);
size = krb5_storage_read(sp, des_key, sizeof(des_key));
if (size != sizeof(des_key)) {
ret = KRB4ET_INTK_PROT;
goto error;
}
RCHECK(ret, krb5_ret_uint8(sp, &ad->life), error);
if (ad->k_flags & 1)
krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_LE);
else
krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE);
RCHECK(ret, krb5_ret_uint32(sp, &ad->time_sec), error);
RCHECK(ret, get_v4_stringz(sp, sname, ANAME_SZ), error);
RCHECK(ret, get_v4_stringz(sp, sinstance, INST_SZ), error);
ret = krb5_keyblock_init(context, ETYPE_DES_PCBC_NONE,
des_key, sizeof(des_key), &ad->session);
if (ret)
goto error;
if (strlen(ad->prealm) == 0) {
free(ad->prealm);
ad->prealm = strdup(local_realm);
if (ad->prealm == NULL) {
ret = ENOMEM;
goto error;
}
}
error:
memset(des_key, 0, sizeof(des_key));
if (sp)
krb5_storage_free(sp);
krb5_data_free(&ticket);
if (ret) {
if (*sname) {
free(*sname);
*sname = NULL;
}
if (*sinstance) {
free(*sinstance);
*sinstance = NULL;
}
_krb5_krb_free_auth_data(context, ad);
krb5_set_error_message(context, ret, "Failed to decode v4 ticket");
}
return ret;
}
/*
*
*/
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_krb_rd_req(krb5_context context,
krb5_data *authent,
const char *service,
const char *instance,
const char *local_realm,
int32_t from_addr,
const krb5_keyblock *key,
struct _krb5_krb_auth_data *ad)
{
krb5_error_code ret;
krb5_storage *sp;
krb5_data ticket, eaut, aut;
krb5_ssize_t size;
int little_endian;
int8_t pvno;
int8_t type;
int8_t s_kvno;
uint8_t ticket_length;
uint8_t eaut_length;
uint8_t time_5ms;
char *realm = NULL;
char *sname = NULL;
char *sinstance = NULL;
char *r_realm = NULL;
char *r_name = NULL;
char *r_instance = NULL;
uint32_t r_time_sec; /* Coarse time from authenticator */
unsigned long delta_t; /* Time in authenticator - local time */
long tkt_age; /* Age of ticket */
struct timeval tv;
krb5_data_zero(&ticket);
krb5_data_zero(&eaut);
krb5_data_zero(&aut);
sp = krb5_storage_from_data(authent);
if (sp == NULL) {
krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
return ENOMEM;
}
krb5_storage_set_eof_code(sp, KRB4ET_INTK_PROT);
ret = krb5_ret_int8(sp, &pvno);
if (ret) {
krb5_set_error_message(context, ret, N_("Failed reading v4 pvno", ""));
goto error;
}
if (pvno != KRB_PROT_VERSION) {
ret = KRB4ET_RD_AP_VERSION;
krb5_set_error_message(context, ret, N_("Failed v4 pvno not 4", ""));
goto error;
}
ret = krb5_ret_int8(sp, &type);
if (ret) {
krb5_set_error_message(context, ret, N_("Failed readin v4 type", ""));
goto error;
}
little_endian = type & 1;
type &= ~1;
if(type != AUTH_MSG_APPL_REQUEST && type != AUTH_MSG_APPL_REQUEST_MUTUAL) {
ret = KRB4ET_RD_AP_MSG_TYPE;
krb5_set_error_message(context, ret,
N_("Not a valid v4 request type", ""));
goto error;
}
RCHECK(ret, krb5_ret_int8(sp, &s_kvno), error);
RCHECK(ret, get_v4_stringz(sp, &realm, REALM_SZ), error);
RCHECK(ret, krb5_ret_uint8(sp, &ticket_length), error);
RCHECK(ret, krb5_ret_uint8(sp, &eaut_length), error);
RCHECK(ret, krb5_data_alloc(&ticket, ticket_length), error);
size = krb5_storage_read(sp, ticket.data, ticket.length);
if (size != ticket.length) {
ret = KRB4ET_INTK_PROT;
krb5_set_error_message(context, ret, N_("Failed reading v4 ticket", ""));
goto error;
}
/* Decrypt and take apart ticket */
ret = _krb5_krb_decomp_ticket(context, &ticket, key, local_realm,
&sname, &sinstance, ad);
if (ret)
goto error;
RCHECK(ret, krb5_data_alloc(&eaut, eaut_length), error);
size = krb5_storage_read(sp, eaut.data, eaut.length);
if (size != eaut.length) {
ret = KRB4ET_INTK_PROT;
krb5_set_error_message(context, ret,
N_("Failed reading v4 authenticator", ""));
goto error;
}
krb5_storage_free(sp);
sp = NULL;
ret = decrypt_etext(context, &ad->session, &eaut, &aut);
if (ret)
goto error;
sp = krb5_storage_from_data(&aut);
if (sp == NULL) {
ret = ENOMEM;
krb5_set_error_message(context, ret, N_("malloc: out of memory", ""));
goto error;
}
if (little_endian)
krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_LE);
else
krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE);
RCHECK(ret, get_v4_stringz(sp, &r_name, ANAME_SZ), error);
RCHECK(ret, get_v4_stringz(sp, &r_instance, INST_SZ), error);
RCHECK(ret, get_v4_stringz(sp, &r_realm, REALM_SZ), error);
RCHECK(ret, krb5_ret_uint32(sp, &ad->checksum), error);
RCHECK(ret, krb5_ret_uint8(sp, &time_5ms), error);
RCHECK(ret, krb5_ret_uint32(sp, &r_time_sec), error);
if (strcmp(ad->pname, r_name) != 0 ||
strcmp(ad->pinst, r_instance) != 0 ||
strcmp(ad->prealm, r_realm) != 0) {
ret = KRB4ET_RD_AP_INCON;
krb5_set_error_message(context, ret, N_("v4 principal mismatch", ""));
goto error;
}
if (from_addr && ad->address && from_addr != ad->address) {
ret = KRB4ET_RD_AP_BADD;
krb5_set_error_message(context, ret,
N_("v4 bad address in ticket", ""));
goto error;
}
gettimeofday(&tv, NULL);
delta_t = abs((int)(tv.tv_sec - r_time_sec));
if (delta_t > CLOCK_SKEW) {
ret = KRB4ET_RD_AP_TIME;
krb5_set_error_message(context, ret, N_("v4 clock skew", ""));
goto error;
}
/* Now check for expiration of ticket */
tkt_age = tv.tv_sec - ad->time_sec;
if ((tkt_age < 0) && (-tkt_age > CLOCK_SKEW)) {
ret = KRB4ET_RD_AP_NYV;
krb5_set_error_message(context, ret,
N_("v4 clock skew for expiration", ""));
goto error;
}
if (tv.tv_sec > _krb5_krb_life_to_time(ad->time_sec, ad->life)) {
ret = KRB4ET_RD_AP_EXP;
krb5_set_error_message(context, ret, N_("v4 ticket expired", ""));
goto error;
}
ret = 0;
error:
krb5_data_free(&ticket);
krb5_data_free(&eaut);
krb5_data_free(&aut);
if (realm)
free(realm);
if (sname)
free(sname);
if (sinstance)
free(sinstance);
if (r_name)
free(r_name);
if (r_instance)
free(r_instance);
if (r_realm)
free(r_realm);
if (sp)
krb5_storage_free(sp);
if (ret)
krb5_clear_error_message(context);
return ret;
}
/*
*
*/
KRB5_LIB_FUNCTION void KRB5_LIB_CALL
_krb5_krb_free_auth_data(krb5_context context, struct _krb5_krb_auth_data *ad)
{
if (ad->pname)
free(ad->pname);
if (ad->pinst)
free(ad->pinst);
if (ad->prealm)
free(ad->prealm);
krb5_free_keyblock_contents(context, &ad->session);
memset(ad, 0, sizeof(*ad));
}
#endif /* HEIMDAL_SMALLER */

8
source4/heimdal/lib/krb5/warn.c
View File

@ -182,6 +182,7 @@ krb5_verr(krb5_context context, int eval, krb5_error_code code,
{
_warnerr(context, 1, code, 0, fmt, ap);
exit(eval);
UNREACHABLE(return 0);
}
/**
@ -203,6 +204,7 @@ krb5_err(krb5_context context, int eval, krb5_error_code code,
{
FUNC(1, code, 0);
exit(eval);
UNREACHABLE(return 0);
}
/**
@ -222,6 +224,7 @@ krb5_verrx(krb5_context context, int eval, const char *fmt, va_list ap)
{
_warnerr(context, 0, 0, 0, fmt, ap);
exit(eval);
UNREACHABLE(return 0);
}
/**
@ -240,6 +243,7 @@ krb5_errx(krb5_context context, int eval, const char *fmt, ...)
{
FUNC(0, 0, 0);
exit(eval);
UNREACHABLE(return 0);
}
/**
@ -261,6 +265,7 @@ krb5_vabort(krb5_context context, krb5_error_code code,
{
_warnerr(context, 1, code, 0, fmt, ap);
abort();
UNREACHABLE(return 0);
}
/**
@ -280,6 +285,7 @@ krb5_abort(krb5_context context, krb5_error_code code, const char *fmt, ...)
{
FUNC(1, code, 0);
abort();
UNREACHABLE(return 0);
}
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
@ -288,6 +294,7 @@ krb5_vabortx(krb5_context context, const char *fmt, va_list ap)
{
_warnerr(context, 0, 0, 0, fmt, ap);
abort();
UNREACHABLE(return 0);
}
/**
@ -306,6 +313,7 @@ krb5_abortx(krb5_context context, const char *fmt, ...)
{
FUNC(0, 0, 0);
abort();
UNREACHABLE(return 0);
}
/**

18
source4/heimdal/lib/ntlm/ntlm.c
View File

@ -455,7 +455,7 @@ heim_ntlm_decode_targetinfo(const struct ntlm_buf *data,
{
uint16_t type, len;
krb5_storage *in;
int ret, done = 0;
int ret = 0, done = 0;
memset(ti, 0, sizeof(*ti));
@ -855,23 +855,23 @@ heim_ntlm_decode_type3(const struct ntlm_buf *buf,
CHECK(type, 3);
CHECK(ret_sec_buffer(in, &lm), 0);
if (lm.allocated)
min_offset = MIN(min_offset, lm.offset);
min_offset = min(min_offset, lm.offset);
CHECK(ret_sec_buffer(in, &ntlm), 0);
if (ntlm.allocated)
min_offset = MIN(min_offset, ntlm.offset);
min_offset = min(min_offset, ntlm.offset);
CHECK(ret_sec_buffer(in, &target), 0);
if (target.allocated)
min_offset = MIN(min_offset, target.offset);
min_offset = min(min_offset, target.offset);
CHECK(ret_sec_buffer(in, &username), 0);
if (username.allocated)
min_offset = MIN(min_offset, username.offset);
min_offset = min(min_offset, username.offset);
CHECK(ret_sec_buffer(in, &ws), 0);
if (ws.allocated)
min_offset = MIN(min_offset, ws.offset);
min_offset = min(min_offset, ws.offset);
if (min_offset > 52) {
CHECK(ret_sec_buffer(in, &sessionkey), 0);
min_offset = MAX(min_offset, sessionkey.offset);
min_offset = max(min_offset, sessionkey.offset);
CHECK(krb5_ret_uint32(in, &type3->flags), 0);
}
if (min_offset > 52 + 8 + 4 + 8) {
@ -1290,8 +1290,7 @@ heim_ntlm_build_ntlm2_master(void *key, size_t len,
/**
* Given a key and encrypted session, unwrap the session key
*
* @param key the sessionBaseKey
* @param len length of key
* @param baseKey the sessionBaseKey
* @param encryptedSession encrypted session, type3.session field.
* @param session generated session nonce, should be freed with heim_ntlm_free_buf().
*
@ -1413,7 +1412,6 @@ nt2unixtime(uint64_t t)
* @param username name of the user, as sent in the message, assumed to be in UTF8.
* @param target the name of the target, assumed to be in UTF8.
* @param serverchallenge challenge as sent by the server in the type2 message.
* @param infotarget infotarget as sent by the server in the type2 message.
* @param ntlmv2 calculated session key
* @param answer ntlm response answer, should be freed with heim_ntlm_free_buf().
*

14
source4/heimdal/lib/roken/getarg.c
View File

@ -435,11 +435,7 @@ arg_match_long(struct getargs *args, size_t num_args,
*flag = !negate;
return 0;
} else if (*goptarg && strcmp(goptarg + 1, "maybe") == 0) {
#ifdef HAVE_RANDOM
*flag = random() & 1;
#else
*flag = rand() & 1;
#endif
*flag = rk_random() & 1;
} else {
*flag = negate;
return 0;
@ -554,13 +550,7 @@ getarg(struct getargs *args, size_t num_args,
int i;
int ret = 0;
#if defined(HAVE_SRANDOMDEV)
srandomdev();
#elif defined(HAVE_RANDOM)
srandom(time(NULL));
#else
srand ((int) time(NULL));
#endif
rk_random_init();
(*goptind)++;
for(i = *goptind; i < argc; i++) {
if(argv[i][0] != '-')

48
source4/heimdal/lib/roken/rand.c Normal file
View File

@ -0,0 +1,48 @@
/*
* Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "roken.h"
void ROKEN_LIB_FUNCTION
rk_random_init(void)
{
#if defined(HAVE_ARC4RANDOM)
arc4random_stir();
#elif defined(HAVE_SRANDOMDEV)
srandomdev();
#elif defined(HAVE_RANDOM)
srandom(time(NULL));
#else
srand (time(NULL));
#endif
}

8
source4/heimdal/lib/roken/resolve.c
View File

@ -619,10 +619,6 @@ compare_srv(const void *a, const void *b)
return ((*aa)->u.srv->priority - (*bb)->u.srv->priority);
}
#ifndef HAVE_RANDOM
#define random() rand()
#endif
/* try to rearrange the srv-records by the algorithm in RFC2782 */
ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
rk_dns_srv_order(struct rk_dns_reply *r)
@ -636,6 +632,8 @@ rk_dns_srv_order(struct rk_dns_reply *r)
char *oldstate;
#endif
rk_random_init();
for(rr = r->head; rr; rr = rr->next)
if(rr->type == rk_ns_t_srv)
num_srv++;
@ -682,7 +680,7 @@ rk_dns_srv_order(struct rk_dns_reply *r)
/* ss is now the first record of this priority and ee is the
first of the next */
while(ss < ee) {
rnd = random() % (sum + 1);
rnd = rk_random() % (sum + 1);
for(count = 0, tt = ss; ; tt++) {
if(*tt == NULL)
continue;

12
source4/heimdal/lib/roken/roken-common.h
View File

@ -150,6 +150,11 @@
#endif /* !_WIN32 */
/* Minimize conflict with WinNT.h */
#ifdef SLIST_ENTRY
#undef SLIST_ENTRY
#endif
#ifndef PATH_MAX
#define PATH_MAX MAX_PATH
#endif
@ -221,6 +226,10 @@
#define AI_NUMERICHOST 0x04
#endif
#ifndef AI_NUMERICSERV
#define AI_NUMERICSERV 0x08
#endif
/* flags for getnameinfo() */
#ifndef NI_DGRAM
@ -486,6 +495,9 @@ rk_cloexec_dir(DIR *);
ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
ct_memcmp(const void *, const void *, size_t);
void ROKEN_LIB_FUNCTION
rk_random_init(void);
ROKEN_CPP_END
#endif /* __ROKEN_COMMON_H__ */

43
source4/heimdal/lib/roken/roken.h.in
View File

@ -43,18 +43,26 @@
#ifndef ROKEN_LIB_FUNCTION
#ifdef _WIN32
#define ROKEN_LIB_FUNCTION
#define ROKEN_LIB_CALL __cdecl
# define ROKEN_LIB_CALL __cdecl
# ifdef ROKEN_LIB_DYNAMIC
# define ROKEN_LIB_FUNCTION __declspec(dllimport)
# define ROKEN_LIB_VARIABLE __declspec(dllimport)
# else
# define ROKEN_LIB_FUNCTION
# define ROKEN_LIB_VARIABLE
# endif
#else
#define ROKEN_LIB_FUNCTION
#define ROKEN_LIB_CALL
#define ROKEN_LIB_VARIABLE
#endif
#endif
#ifdef HAVE_WINSOCK
/* Declarations for Microsoft Windows */
#include<ws2tcpip.h>
#include <winsock2.h>
#include <ws2tcpip.h>
/*
* error codes for inet_ntop/inet_pton
@ -241,10 +249,6 @@ struct sockaddr_dl;
#include <time.h>
#endif
#ifdef HAVE_WS2TCPIP_H
#include <ws2tcpip.h>
#endif
#ifdef HAVE_PATHS_H
#include <paths.h>
#endif
@ -536,7 +540,6 @@ int ROKEN_LIB_FUNCTION rk_strerror_r(int, char *, size_t);
#endif
/* This causes a fatal error under Psoriasis */
#ifndef SunOS
const char * ROKEN_LIB_FUNCTION hstrerror(int);
ROKEN_LIB_FUNCTION const char * ROKEN_LIB_CALL hstrerror(int);
#endif
#endif
@ -757,14 +760,23 @@ ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL get_window_size(int fd, struct winsize *);
ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL vsyslog(int, const char *, va_list);
#endif
#ifndef HAVE_GETOPT
#define getopt rk_getopt
#define optarg rk_optarg
#define optind rk_optind
#define opterr rk_opterr
ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
getopt(int nargc, char * const *nargv, const char *ostr);
#endif
#if !HAVE_DECL_OPTARG
extern char *optarg;
ROKEN_LIB_VARIABLE extern char *optarg;
#endif
#if !HAVE_DECL_OPTIND
extern int optind;
ROKEN_LIB_VARIABLE extern int optind;
#endif
#if !HAVE_DECL_OPTERR
extern int opterr;
ROKEN_LIB_VARIABLE extern int opterr;
#endif
#ifndef HAVE_GETIPNODEBYNAME
@ -1072,6 +1084,15 @@ void
rk_qsort(void *, size_t, size_t, int (*)(const void *, const void *));
#endif
#if defined(HAVE_ARC4RANDOM)
#define rk_random() arc4random()
#elif defined(HAVE_RANDOM)
#define rk_random() random()
#else
#define rk_random() rand()
#endif
#if defined(__linux__) && defined(SOCK_CLOEXEC) && !defined(SOCKET_WRAPPER_REPLACE) && !defined(__SOCKET_WRAPPER_H__)
#undef socket
#define socket(_fam,_type,_prot) rk_socket(_fam,_type,_prot)

33
source4/heimdal/lib/roken/setprogname.c
View File

@ -40,19 +40,52 @@ extern const char *__progname;
#endif
#ifndef HAVE_SETPROGNAME
ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
setprogname(const char *argv0)
{
#ifndef HAVE___PROGNAME
const char *p;
if(argv0 == NULL)
return;
p = strrchr(argv0, '/');
#ifdef BACKSLASH_PATH_DELIM
{
const char * pb;
pb = strrchr((p != NULL)? p : argv0, '\\');
if (pb != NULL)
p = pb;
}
#endif
if(p == NULL)
p = argv0;
else
p++;
#ifdef _WIN32
{
char * fn = strdup(p);
char * ext;
strlwr(fn);
ext = strrchr(fn, '.');
if (ext != NULL && !strcmp(ext, ".exe"))
*ext = '\0';
__progname = fn;
}
#else
__progname = p;
#endif
#endif /* HAVE___PROGNAME */
}
#endif /* HAVE_SETPROGNAME */

39
source4/heimdal/lib/roken/socket.c
View File

@ -119,8 +119,7 @@ socket_addr_size (const struct sockaddr *sa)
return sizeof(struct in6_addr);
#endif
default :
errx (1, "unknown address family %d", sa->sa_family);
UNREACHABLE(return 0);
return 0;
}
}
@ -138,9 +137,8 @@ socket_sockaddr_size (const struct sockaddr *sa)
case AF_INET6 :
return sizeof(struct sockaddr_in6);
#endif
default :
errx (1, "unknown address family %d", sa->sa_family);
UNREACHABLE(return 0);
default:
return 0;
}
}
@ -162,9 +160,8 @@ socket_get_address (const struct sockaddr *sa)
return rk_UNCONST(&sin6->sin6_addr);
}
#endif
default :
errx (1, "unknown address family %d", sa->sa_family);
UNREACHABLE(return NULL);
default:
return NULL;
}
}
@ -187,8 +184,7 @@ socket_get_port (const struct sockaddr *sa)
}
#endif
default :
errx (1, "unknown address family %d", sa->sa_family);
UNREACHABLE(return 0);
return 0;
}
}
@ -227,18 +223,13 @@ socket_set_portrange (rk_socket_t sock, int restr, int af)
#if defined(IP_PORTRANGE)
if (af == AF_INET) {
int on = restr ? IP_PORTRANGE_HIGH : IP_PORTRANGE_DEFAULT;
if (setsockopt (sock, IPPROTO_IP, IP_PORTRANGE, &on,
sizeof(on)) < 0)
warn ("setsockopt IP_PORTRANGE (ignored)");
setsockopt (sock, IPPROTO_IP, IP_PORTRANGE, &on, sizeof(on));
}
#endif
#if defined(IPV6_PORTRANGE)
if (af == AF_INET6) {
int on = restr ? IPV6_PORTRANGE_HIGH :
IPV6_PORTRANGE_DEFAULT;
if (setsockopt (sock, IPPROTO_IPV6, IPV6_PORTRANGE, &on,
sizeof(on)) < 0)
warn ("setsockopt IPV6_PORTRANGE (ignored)");
int on = restr ? IPV6_PORTRANGE_HIGH : IPV6_PORTRANGE_DEFAULT;
setsockopt (sock, IPPROTO_IPV6, IPV6_PORTRANGE, &on, sizeof(on));
}
#endif
}
@ -252,9 +243,7 @@ socket_set_debug (rk_socket_t sock)
{
#if defined(SO_DEBUG) && defined(HAVE_SETSOCKOPT)
int on = 1;
if (setsockopt (sock, SOL_SOCKET, SO_DEBUG, (void *) &on, sizeof (on)) < 0)
warn ("setsockopt SO_DEBUG (ignored)");
setsockopt (sock, SOL_SOCKET, SO_DEBUG, (void *) &on, sizeof (on));
#endif
}
@ -266,9 +255,7 @@ ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
socket_set_tos (rk_socket_t sock, int tos)
{
#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
if (setsockopt (sock, IPPROTO_IP, IP_TOS, (void *) &tos, sizeof (int)) < 0)
if (errno != EINVAL)
warn ("setsockopt TOS (ignored)");
setsockopt (sock, IPPROTO_IP, IP_TOS, (void *) &tos, sizeof(int));
#endif
}
@ -280,9 +267,7 @@ ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
socket_set_reuseaddr (rk_socket_t sock, int val)
{
#if defined(SO_REUSEADDR) && defined(HAVE_SETSOCKOPT)
if(setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&val,
sizeof(val)) < 0)
err (1, "setsockopt SO_REUSEADDR");
setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&val, sizeof(val));
#endif
}

3
source4/heimdal_build/roken.h
View File

@ -4,6 +4,8 @@
#ifndef _ROKEN_H_
#define _ROKEN_H_
#include "config.h"
/* Support 'weak' keys for now, it can't be worse than NTLM and we don't want to hard-code the behaviour at this point */
#define HEIM_WEAK_CRYPTO 1
@ -23,6 +25,7 @@
#define ROKEN_LIB_FUNCTION
#define ROKEN_LIB_CALL
#define ROKEN_LIB_VARIABLE
#define GETHOSTBYADDR_PROTO_COMPATIBLE
#define GETSERVBYNAME_PROTO_COMPATIBLE
#define OPENLOG_PROTO_COMPATIBLE

8
source4/heimdal_build/wscript_build
View File

@ -448,6 +448,7 @@ if not bld.CONFIG_SET('USING_SYSTEM_ROKEN'):
lib/roken/simple_exec.c
lib/roken/strcollect.c
lib/roken/rtbl.c
lib/roken/rand.c
lib/roken/cloexec.c
lib/roken/xfree.c
../heimdal_build/replace.c
@ -492,7 +493,7 @@ if not bld.CONFIG_SET('USING_SYSTEM_ROKEN'):
install=False
)
KDC_SOURCE='kdc/default_config.c kdc/kerberos5.c kdc/krb5tgs.c kdc/pkinit.c kdc/log.c kdc/misc.c kdc/kaserver.c kdc/digest.c kdc/process.c kdc/windc.c kdc/kx509.c'
KDC_SOURCE='kdc/default_config.c kdc/kerberos5.c kdc/krb5tgs.c kdc/pkinit.c kdc/log.c kdc/misc.c kdc/digest.c kdc/process.c kdc/windc.c kdc/kx509.c'
HEIMDAL_LIBRARY('kdc', source=KDC_SOURCE,
includes='../heimdal/kdc',
@ -571,7 +572,8 @@ lib/gssapi/mech/gss_set_sec_context_option.c lib/gssapi/mech/gss_export_name.c l
lib/gssapi/mech/gss_acquire_cred.c lib/gssapi/mech/gss_unseal.c lib/gssapi/mech/gss_verify_mic.c
lib/gssapi/mech/gss_accept_sec_context.c lib/gssapi/mech/gss_inquire_cred_by_mech.c lib/gssapi/mech/gss_indicate_mechs.c
lib/gssapi/mech/gss_delete_sec_context.c lib/gssapi/mech/gss_sign.c lib/gssapi/mech/gss_utils.c
lib/gssapi/mech/gss_init_sec_context.c lib/gssapi/mech/gss_oid_equal.c lib/gssapi/mech/gss_oid_to_str.c
lib/gssapi/mech/gss_init_sec_context.c lib/gssapi/mech/gss_oid_equal.c lib/gssapi/mech/gss_oid.c
lib/gssapi/mech/gss_oid_to_str.c lib/gssapi/mech/gss_mo.c
lib/gssapi/mech/gss_context_time.c lib/gssapi/mech/gss_encapsulate_token.c lib/gssapi/mech/gss_get_mic.c
lib/gssapi/mech/gss_import_sec_context.c lib/gssapi/mech/gss_inquire_cred.c lib/gssapi/mech/gss_wrap.c
lib/gssapi/mech/gss_import_name.c lib/gssapi/mech/gss_duplicate_name.c lib/gssapi/mech/gss_unwrap.c
@ -624,7 +626,7 @@ KRB5_SOURCE = [os.path.join('lib/krb5/', x) for x in to_list(
send_to_kdc.c set_default_realm.c
store.c store-int.c store_emem.c store_fd.c
store_mem.c ticket.c time.c transited.c
v4_glue.c version.c warn.c krb5_err.c
version.c warn.c krb5_err.c
heim_err.c k524_err.c krb_err.c''')] + ["../heimdal_build/krb5-glue.c"]
HEIMDAL_LIBRARY('krb5', KRB5_SOURCE,

16
source4/kdc/hdb-samba4.c
View File

@ -96,21 +96,6 @@ static krb5_error_code hdb_samba4_fetch_kvno(krb5_context context, HDB *db,
return samba_kdc_fetch(context, kdc_db_ctx, principal, flags, kvno, entry_ex);
}
static krb5_error_code hdb_samba4_fetch(krb5_context context, HDB *db,
krb5_const_principal principal,
unsigned flags,
hdb_entry_ex *entry_ex)
{
struct samba_kdc_db_context *kdc_db_ctx;
flags &= ~HDB_F_KVNO_SPECIFIED;
kdc_db_ctx = talloc_get_type_abort(db->hdb_db,
struct samba_kdc_db_context);
return samba_kdc_fetch(context, kdc_db_ctx, principal, flags, 0, entry_ex);
}
static krb5_error_code hdb_samba4_firstkey(krb5_context context, HDB *db, unsigned flags,
hdb_entry_ex *entry)
{
@ -200,7 +185,6 @@ NTSTATUS hdb_samba4_create_kdc(struct samba_kdc_base_context *base_ctx,
(*db)->hdb_dbc = NULL;
(*db)->hdb_open = hdb_samba4_open;
(*db)->hdb_close = hdb_samba4_close;
(*db)->hdb_fetch = hdb_samba4_fetch;
(*db)->hdb_fetch_kvno = hdb_samba4_fetch_kvno;
(*db)->hdb_store = hdb_samba4_store;
(*db)->hdb_remove = hdb_samba4_remove;

11
source4/kdc/kdc.c
View File

@ -631,11 +631,12 @@ static NTSTATUS kdc_check_generic_kerberos(struct irpc_message *msg,
return NT_STATUS_NO_MEMORY;
}
ret = kdc->config->db[0]->hdb_fetch(kdc->smb_krb5_context->krb5_context,
kdc->config->db[0],
principal,
HDB_F_GET_KRBTGT | HDB_F_DECRYPT,
&ent);
ret = kdc->config->db[0]->hdb_fetch_kvno(kdc->smb_krb5_context->krb5_context,
kdc->config->db[0],
principal,
HDB_F_GET_KRBTGT | HDB_F_DECRYPT,
0,
&ent);
if (ret != 0) {
hdb_free_entry(kdc->smb_krb5_context->krb5_context, &ent);