aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Makefile.inc114
-rw-r--r--crypto/heimdal/FREEBSD-Xlist3
-rw-r--r--crypto/heimdal/acinclude.m410
-rw-r--r--crypto/heimdal/admin/ktutil_locl.h16
-rw-r--r--crypto/heimdal/appl/ftp/ftp/ftp_locl.h2
-rw-r--r--crypto/heimdal/appl/su/Makefile.am11
-rw-r--r--crypto/heimdal/appl/su/su.c183
-rw-r--r--crypto/heimdal/cf/broken-getnameinfo.m428
-rw-r--r--crypto/heimdal/cf/check-declaration.m425
-rw-r--r--crypto/heimdal/kadmin/kadmin_locl.h91
-rw-r--r--crypto/heimdal/kadmin/version4.c1016
-rw-r--r--crypto/heimdal/kdc/headers.h19
-rw-r--r--crypto/heimdal/lib/asn1/x509.asn123
-rw-r--r--crypto/heimdal/lib/gssapi/8003.c251
-rw-r--r--crypto/heimdal/lib/gssapi/accept_sec_context.c445
-rw-r--r--crypto/heimdal/lib/gssapi/acquire_cred.c309
-rw-r--r--crypto/heimdal/lib/gssapi/add_cred.c234
-rw-r--r--crypto/heimdal/lib/gssapi/add_oid_set_member.c69
-rw-r--r--crypto/heimdal/lib/gssapi/address_to_krb5addr.c76
-rw-r--r--crypto/heimdal/lib/gssapi/arcfour.c623
-rw-r--r--crypto/heimdal/lib/gssapi/arcfour.h98
-rw-r--r--crypto/heimdal/lib/gssapi/canonicalize_name.c46
-rw-r--r--crypto/heimdal/lib/gssapi/compat.c113
-rw-r--r--crypto/heimdal/lib/gssapi/context_time.c85
-rw-r--r--crypto/heimdal/lib/gssapi/create_emtpy_oid_set.c52
-rw-r--r--crypto/heimdal/lib/gssapi/decapsulate.c184
-rw-r--r--crypto/heimdal/lib/gssapi/delete_sec_context.c69
-rw-r--r--crypto/heimdal/lib/gssapi/display_name.c73
-rw-r--r--crypto/heimdal/lib/gssapi/display_status.c187
-rw-r--r--crypto/heimdal/lib/gssapi/duplicate_name.c59
-rw-r--r--crypto/heimdal/lib/gssapi/encapsulate.c122
-rw-r--r--crypto/heimdal/lib/gssapi/export_name.c94
-rw-r--r--crypto/heimdal/lib/gssapi/export_sec_context.c223
-rw-r--r--crypto/heimdal/lib/gssapi/external.c235
-rw-r--r--crypto/heimdal/lib/gssapi/get_mic.c295
-rw-r--r--crypto/heimdal/lib/gssapi/gssapi_locl.h180
-rw-r--r--crypto/heimdal/lib/gssapi/import_name.c229
-rw-r--r--crypto/heimdal/lib/gssapi/import_sec_context.c212
-rw-r--r--crypto/heimdal/lib/gssapi/indicate_mechs.c55
-rw-r--r--crypto/heimdal/lib/gssapi/init.c44
-rw-r--r--crypto/heimdal/lib/gssapi/init_sec_context.c578
-rw-r--r--crypto/heimdal/lib/gssapi/inquire_context.c85
-rw-r--r--crypto/heimdal/lib/gssapi/inquire_cred.c97
-rw-r--r--crypto/heimdal/lib/gssapi/inquire_cred_by_mech.c80
-rw-r--r--crypto/heimdal/lib/gssapi/inquire_mechs_for_name.c57
-rw-r--r--crypto/heimdal/lib/gssapi/inquire_names_for_mech.c80
-rw-r--r--crypto/heimdal/lib/gssapi/process_context_token.c65
-rw-r--r--crypto/heimdal/lib/gssapi/release_buffer.c48
-rw-r--r--crypto/heimdal/lib/gssapi/release_cred.c68
-rw-r--r--crypto/heimdal/lib/gssapi/release_name.c50
-rw-r--r--crypto/heimdal/lib/gssapi/release_oid_set.c49
-rw-r--r--crypto/heimdal/lib/gssapi/spnego/accept_sec_context.c38
-rw-r--r--crypto/heimdal/lib/gssapi/spnego/spnego_locl.h2
-rw-r--r--crypto/heimdal/lib/gssapi/test_oid_set_member.c55
-rw-r--r--crypto/heimdal/lib/gssapi/unwrap.c422
-rw-r--r--crypto/heimdal/lib/gssapi/v1.c104
-rw-r--r--crypto/heimdal/lib/gssapi/verify_mic.c322
-rw-r--r--crypto/heimdal/lib/gssapi/wrap.c454
-rw-r--r--crypto/heimdal/lib/hdb/convert_db.c213
-rw-r--r--crypto/heimdal/lib/hdb/hdb_locl.h5
-rw-r--r--crypto/heimdal/lib/kadm5/dump_log.c273
-rw-r--r--crypto/heimdal/lib/kadm5/replay_log.c129
-rw-r--r--crypto/heimdal/lib/kadm5/truncate_log.c89
-rw-r--r--crypto/heimdal/lib/krb5/crypto.c1570
-rw-r--r--crypto/heimdal/lib/krb5/dump_config.c71
-rw-r--r--crypto/heimdal/lib/krb5/krb5_build_principal.3101
-rw-r--r--crypto/heimdal/lib/krb5/krb5_free_addresses.353
-rw-r--r--crypto/heimdal/lib/krb5/krb5_free_principal.358
-rw-r--r--crypto/heimdal/lib/krb5/krb5_locl.h134
-rw-r--r--crypto/heimdal/lib/krb5/krb5_principal_get_realm.381
-rw-r--r--crypto/heimdal/lib/krb5/krb5_sname_to_principal.385
-rw-r--r--crypto/heimdal/lib/roken/acconfig.h36
-rw-r--r--crypto/heimdal/lib/roken/acinclude.m49
-rw-r--r--crypto/heimdal/lib/roken/print_version.c78
-rw-r--r--crypto/heimdal/lib/roken/resource.h15
-rwxr-xr-xcrypto/heimdal/ltconfig2797
-rwxr-xr-xcrypto/heimdal/mkinstalldirs150
-rwxr-xr-xcrypto/heimdal/tools/build.sh212
-rw-r--r--etc/gss/mech4
-rw-r--r--gnu/usr.bin/cvs/cvs/Makefile4
-rw-r--r--include/gssapi/gssapi.h107
-rw-r--r--kerberos5/Makefile.inc5
-rw-r--r--kerberos5/include/config.h375
-rw-r--r--kerberos5/include/crypto-headers.h8
-rw-r--r--kerberos5/lib/Makefile6
-rw-r--r--kerberos5/lib/Makefile.inc2
-rw-r--r--kerberos5/lib/libasn1/Makefile411
-rw-r--r--kerberos5/lib/libgssapi/Makefile58
-rw-r--r--kerberos5/lib/libgssapi_krb5/Makefile79
-rw-r--r--kerberos5/lib/libgssapi_krb5/gss_krb5.c831
-rw-r--r--kerberos5/lib/libgssapi_krb5/prefix.c (renamed from crypto/heimdal/lib/asn1/gen.h)61
-rw-r--r--kerberos5/lib/libgssapi_ntlm/Makefile44
-rw-r--r--kerberos5/lib/libgssapi_ntlm/prefix.c (renamed from crypto/heimdal/kuser/kinit_options.c)63
-rw-r--r--kerberos5/lib/libgssapi_spnego/Makefile48
-rw-r--r--kerberos5/lib/libgssapi_spnego/prefix.c (renamed from crypto/heimdal/kuser/kauth_options.c)73
-rw-r--r--kerberos5/lib/libhdb/Makefile23
-rw-r--r--kerberos5/lib/libheimntlm/Makefile11
-rw-r--r--kerberos5/lib/libhx509/Makefile103
-rw-r--r--kerberos5/lib/libkadm5clnt/Makefile3
-rw-r--r--kerberos5/lib/libkadm5srv/Makefile1
-rw-r--r--kerberos5/lib/libkafs5/Makefile2
-rw-r--r--kerberos5/lib/libkrb5/Makefile77
-rw-r--r--kerberos5/lib/libroken/Makefile5
-rw-r--r--kerberos5/libexec/Makefile2
-rw-r--r--kerberos5/libexec/hprop/Makefile12
-rw-r--r--kerberos5/libexec/hpropd/Makefile6
-rw-r--r--kerberos5/libexec/ipropd-master/Makefile9
-rw-r--r--kerberos5/libexec/ipropd-slave/Makefile6
-rw-r--r--kerberos5/libexec/kadmind/Makefile4
-rw-r--r--kerberos5/libexec/kcm/Makefile33
-rw-r--r--kerberos5/libexec/kdc/Makefile17
-rw-r--r--kerberos5/libexec/kpasswdd/Makefile6
-rw-r--r--kerberos5/tools/Makefile2
-rw-r--r--kerberos5/tools/asn1_compile/Makefile7
-rw-r--r--kerberos5/tools/slc/Makefile34
-rw-r--r--kerberos5/usr.bin/kadmin/Makefile21
-rw-r--r--kerberos5/usr.bin/kdestroy/Makefile4
-rw-r--r--kerberos5/usr.bin/kinit/Makefile4
-rw-r--r--kerberos5/usr.bin/klist/Makefile4
-rw-r--r--kerberos5/usr.bin/kpasswd/Makefile4
-rw-r--r--kerberos5/usr.bin/ksu/Makefile4
-rw-r--r--kerberos5/usr.bin/verify_krb5_conf/Makefile4
-rw-r--r--kerberos5/usr.sbin/kstash/Makefile6
-rw-r--r--kerberos5/usr.sbin/ktutil/Makefile14
-rw-r--r--lib/libgssapi/Makefile81
-rw-r--r--lib/libgssapi/Symbol.map69
-rw-r--r--lib/libgssapi/context.h1
-rw-r--r--lib/libgssapi/cred.h1
-rw-r--r--lib/libgssapi/gss_accept_sec_context.c222
-rw-r--r--lib/libgssapi/gss_acquire_cred.c29
-rw-r--r--lib/libgssapi/gss_add_cred.c46
-rw-r--r--lib/libgssapi/gss_buffer_set.c126
-rw-r--r--lib/libgssapi/gss_canonicalize_name.c11
-rw-r--r--lib/libgssapi/gss_compare_name.c11
-rw-r--r--lib/libgssapi/gss_create_empty_oid_set.c2
-rw-r--r--lib/libgssapi/gss_decapsulate_token.c107
-rw-r--r--lib/libgssapi/gss_delete_sec_context.c9
-rw-r--r--lib/libgssapi/gss_display_name.c10
-rw-r--r--lib/libgssapi/gss_display_status.c193
-rw-r--r--lib/libgssapi/gss_duplicate_name.c40
-rw-r--r--lib/libgssapi/gss_duplicate_oid.c65
-rw-r--r--lib/libgssapi/gss_encapsulate_token.c131
-rw-r--r--lib/libgssapi/gss_export_name.c9
-rw-r--r--lib/libgssapi/gss_export_sec_context.c6
-rw-r--r--lib/libgssapi/gss_get_mic.c7
-rw-r--r--lib/libgssapi/gss_import_name.c28
-rw-r--r--lib/libgssapi/gss_import_sec_context.c3
-rw-r--r--lib/libgssapi/gss_indicate_mechs.c8
-rw-r--r--lib/libgssapi/gss_init_sec_context.c63
-rw-r--r--lib/libgssapi/gss_inquire_context.c33
-rw-r--r--lib/libgssapi/gss_inquire_cred.c73
-rw-r--r--lib/libgssapi/gss_inquire_cred_by_mech.c24
-rw-r--r--lib/libgssapi/gss_inquire_cred_by_oid.c93
-rw-r--r--lib/libgssapi/gss_inquire_mechs_for_name.c2
-rw-r--r--lib/libgssapi/gss_inquire_names_for_mech.c9
-rw-r--r--lib/libgssapi/gss_inquire_sec_context_by_oid.c60
-rw-r--r--lib/libgssapi/gss_mech_switch.c54
-rw-r--r--lib/libgssapi/gss_names.c46
-rw-r--r--lib/libgssapi/gss_oid_to_str.c118
-rw-r--r--lib/libgssapi/gss_pseudo_random.c (renamed from crypto/heimdal/lib/gssapi/copy_ccache.c)50
-rw-r--r--lib/libgssapi/gss_release_buffer.c6
-rw-r--r--lib/libgssapi/gss_release_cred.c2
-rw-r--r--lib/libgssapi/gss_release_name.c4
-rw-r--r--lib/libgssapi/gss_release_oid.c (renamed from crypto/heimdal/lib/gssapi/compare_name.c)40
-rw-r--r--lib/libgssapi/gss_release_oid_set.c4
-rw-r--r--lib/libgssapi/gss_set_cred_option.c125
-rw-r--r--lib/libgssapi/gss_set_sec_context_option.c92
-rw-r--r--lib/libgssapi/gss_test_oid_set_member.c4
-rw-r--r--lib/libgssapi/gss_unseal.c2
-rw-r--r--lib/libgssapi/gss_utils.c4
-rw-r--r--lib/libgssapi/gss_verify.c3
-rw-r--r--lib/libgssapi/gss_verify_mic.c7
-rw-r--r--lib/libgssapi/gss_wrap.c9
-rw-r--r--lib/libgssapi/gss_wrap_size_limit.c6
-rw-r--r--lib/libgssapi/mech.59
-rw-r--r--lib/libgssapi/mech_switch.h53
-rw-r--r--lib/libgssapi/name.h7
-rw-r--r--lib/libgssapi/utils.h2
-rw-r--r--lib/libpam/modules/pam_krb5/Makefile4
-rw-r--r--libexec/telnetd/Makefile4
-rw-r--r--secure/lib/libssh/Makefile4
-rw-r--r--secure/usr.sbin/sshd/Makefile6
-rw-r--r--share/mk/bsd.libnames.mk7
-rw-r--r--usr.bin/telnet/Makefile4
184 files changed, 5420 insertions, 14351 deletions
diff --git a/Makefile.inc1 b/Makefile.inc1
index 5997fec1598b..24206874635a 100644
--- a/Makefile.inc1
+++ b/Makefile.inc1
@@ -1036,7 +1036,8 @@ _startup_libs+= lib/libc
gnu/lib/libgcc__L: lib/libc__L
_prebuild_libs= ${_kerberos5_lib_libasn1} ${_kerberos5_lib_libkrb5} \
- ${_kerberos5_lib_libroken} \
+ ${_kerberos5_lib_libhx509} ${_kerberos5_lib_libroken} \
+ ${_kerberos5_lib_libheimntlm} ${_kerberos5_lib_libgssapi_krb5} \
lib/libbz2 lib/libcom_err lib/libcrypt lib/libexpat \
${_lib_libgssapi} ${_lib_libipx} \
lib/libkiconv lib/libkvm lib/libmd \
@@ -1068,9 +1069,11 @@ lib/libradius__L secure/lib/libssl__L: secure/lib/libcrypto__L
_secure_lib_libssh= secure/lib/libssh
secure/lib/libssh__L: lib/libz__L secure/lib/libcrypto__L lib/libcrypt__L
.if ${MK_KERBEROS} != "no"
-secure/lib/libssh__L: lib/libgssapi__L kerberos5/lib/libkrb5__L \
- kerberos5/lib/libasn1__L lib/libcom_err__L lib/libmd__L \
- kerberos5/lib/libroken__L
+kerberos5/lib/libgssapi_krb5__L: kerberos5/lib/libkrb5__L \
+ kerberos5/lib/libhx509__L kerberos5/lib/libasn1__L lib/libcom_err__L \
+ lib/libmd__L kerberos5/lib/libroken__L secure/lib/libcrypto__L \
+ lib/libcrypt__L
+secure/lib/libssh__L: lib/libgssapi__L kerberos5/lib/libgssapi_krb5__L
.endif
.endif
.endif
@@ -1085,7 +1088,10 @@ _lib_libipx= lib/libipx
_kerberos5_lib= kerberos5/lib
_kerberos5_lib_libasn1= kerberos5/lib/libasn1
_kerberos5_lib_libkrb5= kerberos5/lib/libkrb5
+_kerberos5_lib_libhx509= kerberos5/lib/libhx509
_kerberos5_lib_libroken= kerberos5/lib/libroken
+_kerberos5_lib_libheimntlm= kerberos5/lib/libheimntlm
+_kerberos5_lib_libgssapi_krb5= kerberos5/lib/libgssapi_krb5
_lib_libgssapi= lib/libgssapi
.endif
diff --git a/crypto/heimdal/FREEBSD-Xlist b/crypto/heimdal/FREEBSD-Xlist
index 669591896990..e0f0e3bae980 100644
--- a/crypto/heimdal/FREEBSD-Xlist
+++ b/crypto/heimdal/FREEBSD-Xlist
@@ -12,3 +12,6 @@ lib/des
lib/editline
lib/kdfs
lib/otp
+lib/gssapi/mech
+lib/hcrypto
+ylwrap
diff --git a/crypto/heimdal/acinclude.m4 b/crypto/heimdal/acinclude.m4
new file mode 100644
index 000000000000..3133232a5167
--- /dev/null
+++ b/crypto/heimdal/acinclude.m4
@@ -0,0 +1,10 @@
+dnl $Id: acinclude.m4 13337 2004-02-12 14:19:16Z lha $
+dnl $FreeBSD$
+dnl
+dnl Only put things that for some reason can't live in the `cf'
+dnl directory in this file.
+dnl
+
+dnl $xId: misc.m4,v 1.1 1997/12/14 15:59:04 joda Exp $
+dnl
+m4_define([upcase],`echo $1 | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`)dnl
diff --git a/crypto/heimdal/admin/ktutil_locl.h b/crypto/heimdal/admin/ktutil_locl.h
index cf6a6f3548da..c2d5e88e532c 100644
--- a/crypto/heimdal/admin/ktutil_locl.h
+++ b/crypto/heimdal/admin/ktutil_locl.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -32,7 +32,7 @@
*/
/*
- * $Id: ktutil_locl.h,v 1.18 2002/09/10 20:03:45 joda Exp $
+ * $Id: ktutil_locl.h 14799 2005-04-15 05:02:39Z lha $
* $FreeBSD$
*/
@@ -62,6 +62,7 @@
#include <sl.h>
#include <getarg.h>
+#include <hex.h>
extern krb5_context context;
@@ -70,15 +71,6 @@ extern char *keytab_string;
krb5_keytab ktutil_open_keytab(void);
-int kt_add (int argc, char **argv);
-int kt_change (int argc, char **argv);
-int kt_copy (int argc, char **argv);
-int kt_get (int argc, char **argv);
-int kt_list(int argc, char **argv);
-int kt_purge(int argc, char **argv);
-int kt_remove(int argc, char **argv);
-int kt_rename(int argc, char **argv);
-int srvconv(int argc, char **argv);
-int srvcreate(int argc, char **argv);
+#include "ktutil-commands.h"
#endif /* __KTUTIL_LOCL_H__ */
diff --git a/crypto/heimdal/appl/ftp/ftp/ftp_locl.h b/crypto/heimdal/appl/ftp/ftp/ftp_locl.h
index f371ca1e1edf..25362c04d2c5 100644
--- a/crypto/heimdal/appl/ftp/ftp/ftp_locl.h
+++ b/crypto/heimdal/appl/ftp/ftp/ftp_locl.h
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
-/* $Id: ftp_locl.h,v 1.37 2002/09/10 20:03:46 joda Exp $ */
+/* $Id: ftp_locl.h 11444 2002-09-10 20:03:49Z joda $ */
/* $FreeBSD$ */
#ifndef __FTP_LOCL_H__
diff --git a/crypto/heimdal/appl/su/Makefile.am b/crypto/heimdal/appl/su/Makefile.am
index 357152e7cedc..6bb584f68123 100644
--- a/crypto/heimdal/appl/su/Makefile.am
+++ b/crypto/heimdal/appl/su/Makefile.am
@@ -1,17 +1,20 @@
-# $Id: Makefile.am,v 1.7 2001/08/28 08:31:22 assar Exp $
+# $Id: Makefile.am 21986 2007-10-19 05:22:57Z lha $
# $FreeBSD$
include $(top_srcdir)/Makefile.am.common
-INCLUDES += $(INCLUDE_krb4) $(INCLUDE_des)
+AM_CPPFLAGS += $(INCLUDE_krb4) $(INCLUDE_hcrypto)
bin_PROGRAMS = su
bin_SUIDS = su
-su_SOURCES = su.c
+su_SOURCES = su.c supaths.h
+man_MANS = su.1
LDADD = $(LIB_kafs) \
$(top_builddir)/lib/krb5/libkrb5.la \
$(LIB_krb4) \
- $(LIB_des) \
+ $(LIB_hcrypto) \
$(top_builddir)/lib/asn1/libasn1.la \
$(LIB_roken)
+
+EXTRA_DIST = $(man_MANS)
diff --git a/crypto/heimdal/appl/su/su.c b/crypto/heimdal/appl/su/su.c
index 757f39d53fee..e8e47836e3ec 100644
--- a/crypto/heimdal/appl/su/su.c
+++ b/crypto/heimdal/appl/su/su.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1999 - 2003 Kungliga Tekniska Högskolan
+ * Copyright (c) 1999 - 2007 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -36,7 +36,7 @@
#include <config.h>
-RCSID("$Id: su.c,v 1.26.2.1 2003/05/06 12:06:44 joda Exp $");
+RCSID("$Id: su.c 21988 2007-10-19 05:36:54Z lha $");
#include <stdio.h>
#include <stdlib.h>
@@ -53,6 +53,9 @@ RCSID("$Id: su.c,v 1.26.2.1 2003/05/06 12:06:44 joda Exp $");
#endif
#include <pwd.h>
+#ifdef HAVE_CRYPT_H
+#include <crypt.h>
+#endif
#include "crypto-headers.h"
#ifdef KRB5
@@ -66,13 +69,7 @@ RCSID("$Id: su.c,v 1.26.2.1 2003/05/06 12:06:44 joda Exp $");
#include <roken.h>
#include <getarg.h>
-#ifndef _PATH_DEFPATH
-#define _PATH_DEFPATH "/usr/bin:/bin"
-#endif
-
-#ifndef _PATH_BSHELL
-#define _PATH_BSHELL "/bin/sh"
-#endif
+#include "supaths.h"
int kerberos_flag = 1;
int csh_f_flag;
@@ -175,7 +172,9 @@ krb5_verify(const struct passwd *login_info,
{
krb5_error_code ret;
krb5_principal p;
+ krb5_realm *realms, *r;
char *login_name = NULL;
+ int user_ok = 0;
#if defined(HAVE_GETLOGIN) && !defined(POSIX_GETLOGIN)
login_name = getlogin();
@@ -188,50 +187,63 @@ krb5_verify(const struct passwd *login_info,
return 1;
}
- if (login_name == NULL || strcmp (login_name, "root") == 0)
- login_name = login_info->pw_name;
- if (strcmp (su_info->pw_name, "root") == 0)
- ret = krb5_make_principal(context, &p, NULL,
- login_name,
- kerberos_instance,
- NULL);
- else
- ret = krb5_make_principal(context, &p, NULL,
- su_info->pw_name,
- NULL);
- if(ret)
+ ret = krb5_get_default_realms(context, &realms);
+ if (ret)
return 1;
+
+ /* Check all local realms */
+ for (r = realms; *r != NULL && !user_ok; r++) {
+
+ if (login_name == NULL || strcmp (login_name, "root") == 0)
+ login_name = login_info->pw_name;
+ if (strcmp (su_info->pw_name, "root") == 0)
+ ret = krb5_make_principal(context, &p, *r,
+ login_name,
+ kerberos_instance,
+ NULL);
+ else
+ ret = krb5_make_principal(context, &p, *r,
+ su_info->pw_name,
+ NULL);
+ if (ret) {
+ krb5_free_host_realm(context, realms);
+ return 1;
+ }
- if(su_info->pw_uid != 0 || krb5_kuserok(context, p, su_info->pw_name)) {
+ /* if we are su-ing too root, check with krb5_kuserok */
+ if (su_info->pw_uid == 0 && !krb5_kuserok(context, p, su_info->pw_name))
+ continue;
+
ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &ccache);
if(ret) {
-#if 1
- krb5_warn(context, ret, "krb5_cc_gen_new");
-#endif
+ krb5_free_host_realm(context, realms);
krb5_free_principal (context, p);
return 1;
}
- ret = krb5_verify_user_lrealm(context, p, ccache, NULL, TRUE, NULL);
+ ret = krb5_verify_user(context, p, ccache, NULL, TRUE, NULL);
krb5_free_principal (context, p);
- if(ret) {
+ switch (ret) {
+ case 0:
+ user_ok = 1;
+ break;
+ case KRB5_LIBOS_PWDINTR :
krb5_cc_destroy(context, ccache);
- switch (ret) {
- case KRB5_LIBOS_PWDINTR :
- break;
- case KRB5KRB_AP_ERR_BAD_INTEGRITY:
- case KRB5KRB_AP_ERR_MODIFIED:
- krb5_warnx(context, "Password incorrect");
- break;
- default :
- krb5_warn(context, ret, "krb5_verify_user");
- break;
- }
- return 1;
+ break;
+ case KRB5KRB_AP_ERR_BAD_INTEGRITY:
+ case KRB5KRB_AP_ERR_MODIFIED:
+ krb5_cc_destroy(context, ccache);
+ krb5_warnx(context, "Password incorrect");
+ break;
+ default :
+ krb5_cc_destroy(context, ccache);
+ krb5_warn(context, ret, "krb5_verify_user");
+ break;
}
- return 0;
}
- krb5_free_principal (context, p);
- return 1;
+ krb5_free_host_realm(context, realms);
+ if (!user_ok)
+ return 1;
+ return 0;
}
static int
@@ -249,8 +261,10 @@ krb5_start_session(void)
ret = krb5_cc_copy_cache(context, ccache, ccache2);
- asprintf(&cc_name, "%s:%s", krb5_cc_get_type(context, ccache2),
- krb5_cc_get_name(context, ccache2));
+ ret = asprintf(&cc_name, "%s:%s", krb5_cc_get_type(context, ccache2),
+ krb5_cc_get_name(context, ccache2));
+ if (ret == -1)
+ errx(1, "malloc - out of memory");
esetenv("KRB5CCNAME", cc_name, 1);
/* we want to export this even if we don't directly support KRB4 */
@@ -300,10 +314,12 @@ krb_verify(const struct passwd *login_info,
krb_kuserok(name, instance, realm, su_info->pw_name) == 0) {
char password[128];
char *prompt;
- asprintf (&prompt,
+ ret = asprintf (&prompt,
"%s's Password: ",
krb_unparse_name_long (name, instance, realm));
- if (des_read_pw_string (password, sizeof (password), prompt, 0)) {
+ if (ret == -1)
+ return (1);
+ if (UI_UTIL_read_pw_string (password, sizeof (password), prompt, 0)) {
memset (password, 0, sizeof (password));
free(prompt);
return (1);
@@ -341,8 +357,29 @@ krb_start_session(void)
}
#endif
+#define GROUP_MEMBER 0
+#define GROUP_MISSING 1
+#define GROUP_EMPTY 2
+#define GROUP_NOT_MEMBER 3
+
+static int
+group_member_p(const char *group, const char *user)
+{
+ struct group *g;
+ int i;
+ g = getgrnam(group);
+ if(g == NULL)
+ return GROUP_MISSING;
+ if(g->gr_mem[0] == NULL)
+ return GROUP_EMPTY;
+ for(i = 0; g->gr_mem[i] != NULL; i++)
+ if(strcmp(user, g->gr_mem[i]) == 0)
+ return GROUP_MEMBER;
+ return GROUP_NOT_MEMBER;
+}
+
static int
-verify_unix(struct passwd *su)
+verify_unix(struct passwd *login, struct passwd *su)
{
char prompt[128];
char pw_buf[1024];
@@ -350,13 +387,31 @@ verify_unix(struct passwd *su)
int r;
if(su->pw_passwd != NULL && *su->pw_passwd != '\0') {
snprintf(prompt, sizeof(prompt), "%s's password: ", su->pw_name);
- r = des_read_pw_string(pw_buf, sizeof(pw_buf), prompt, 0);
+ r = UI_UTIL_read_pw_string(pw_buf, sizeof(pw_buf), prompt, 0);
if(r != 0)
exit(0);
pw = crypt(pw_buf, su->pw_passwd);
memset(pw_buf, 0, sizeof(pw_buf));
- if(strcmp(pw, su->pw_passwd) != 0)
+ if(strcmp(pw, su->pw_passwd) != 0) {
+ syslog (LOG_ERR | LOG_AUTH, "%s to %s: incorrect password",
+ login->pw_name, su->pw_name);
+ return 1;
+ }
+ }
+ /* if su:ing to root, check membership of group wheel or root; if
+ that group doesn't exist, or is empty, allow anyone to su
+ root */
+ if(su->pw_uid == 0) {
+#ifndef ROOT_GROUP
+#define ROOT_GROUP "wheel"
+#endif
+ int gs = group_member_p(ROOT_GROUP, login->pw_name);
+ if(gs == GROUP_NOT_MEMBER) {
+ syslog (LOG_ERR | LOG_AUTH, "%s to %s: not in group %s",
+ login->pw_name, su->pw_name, ROOT_GROUP);
return 1;
+ }
+ return 0;
}
return 0;
}
@@ -398,6 +453,9 @@ main(int argc, char **argv)
else
su_user = argv[optind++];
+ if (!issuid() && getuid() != 0)
+ warnx("Not setuid and you are root, expect this to fail");
+
pwd = k_getpwnam(su_user);
if(pwd == NULL)
errx (1, "unknown login %s", su_user);
@@ -434,7 +492,7 @@ main(int argc, char **argv)
ok = 4;
#endif
- if(ok == 0 && login_info->pw_uid && verify_unix(su_info) != 0) {
+ if(ok == 0 && login_info->pw_uid && verify_unix(login_info, su_info) != 0) {
printf("Sorry!\n");
exit(1);
}
@@ -473,7 +531,7 @@ main(int argc, char **argv)
#endif
{
char *tty = ttyname (STDERR_FILENO);
- syslog (LOG_NOTICE | LOG_AUTH, tty ? "%s to %s" : "%s to %s on %s",
+ syslog (LOG_NOTICE | LOG_AUTH, tty ? "%s to %s on %s" : "%s to %s",
login_info->pw_name, su_info->pw_name, tty);
}
@@ -481,11 +539,23 @@ main(int argc, char **argv)
if(!env_flag) {
if(full_login) {
char *t = getenv ("TERM");
-
- environ = malloc (10 * sizeof (char *));
+ char **newenv = NULL;
+ int i, j;
+
+ i = read_environment(_PATH_ETC_ENVIRONMENT, &newenv);
+
+ environ = malloc ((10 + i) * sizeof (char *));
if (environ == NULL)
err (1, "malloc");
environ[0] = NULL;
+
+ for (j = 0; j < i; j++) {
+ char *p = strchr(newenv[j], '=');
+ *p++ = 0;
+ esetenv (newenv[j], p, 1);
+ }
+ free(newenv);
+
esetenv ("PATH", _PATH_DEFPATH, 1);
if (t)
esetenv ("TERM", t, 1);
@@ -516,9 +586,10 @@ main(int argc, char **argv)
if (args == NULL)
err (1, "malloc");
i = 0;
- if(full_login)
- asprintf(&args[i++], "-%s", p);
- else
+ if(full_login) {
+ if (asprintf(&args[i++], "-%s", p) == -1)
+ errx (1, "malloc");
+ } else
args[i++] = p;
if (cmd) {
args[i++] = "-c";
diff --git a/crypto/heimdal/cf/broken-getnameinfo.m4 b/crypto/heimdal/cf/broken-getnameinfo.m4
deleted file mode 100644
index bf2897b2cdd8..000000000000
--- a/crypto/heimdal/cf/broken-getnameinfo.m4
+++ /dev/null
@@ -1,28 +0,0 @@
-dnl $Id: broken-getnameinfo.m4,v 1.2.12.1 2004/04/01 07:27:32 joda Exp $
-dnl
-dnl test for broken AIX getnameinfo
-
-AC_DEFUN([rk_BROKEN_GETNAMEINFO],[
-AC_CACHE_CHECK([if getnameinfo is broken], ac_cv_func_getnameinfo_broken,
-AC_TRY_RUN([[#include <stdio.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <netdb.h>
-
-int
-main(int argc, char **argv)
-{
- struct sockaddr_in sin;
- char host[256];
- memset(&sin, 0, sizeof(sin));
-#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
- sin.sin_len = sizeof(sin);
-#endif
- sin.sin_family = AF_INET;
- sin.sin_addr.s_addr = 0xffffffff;
- sin.sin_port = 0;
- return getnameinfo((struct sockaddr*)&sin, sizeof(sin), host, sizeof(host),
- NULL, 0, 0);
-}
-]], ac_cv_func_getnameinfo_broken=no, ac_cv_func_getnameinfo_broken=yes))])
diff --git a/crypto/heimdal/cf/check-declaration.m4 b/crypto/heimdal/cf/check-declaration.m4
deleted file mode 100644
index 18bdf8a7a0ab..000000000000
--- a/crypto/heimdal/cf/check-declaration.m4
+++ /dev/null
@@ -1,25 +0,0 @@
-dnl $Id: check-declaration.m4,v 1.3.34.1 2004/04/01 07:27:32 joda Exp $
-dnl
-dnl
-dnl Check if we need the declaration of a variable
-dnl
-
-dnl AC_HAVE_DECLARATION(includes, variable)
-AC_DEFUN([AC_CHECK_DECLARATION], [
-AC_MSG_CHECKING([if $2 is properly declared])
-AC_CACHE_VAL(ac_cv_var_$2_declaration, [
-AC_TRY_COMPILE([$1
-extern struct { int foo; } $2;],
-[$2.foo = 1;],
-eval "ac_cv_var_$2_declaration=no",
-eval "ac_cv_var_$2_declaration=yes")
-])
-
-define(foo, [HAVE_]translit($2, [a-z], [A-Z])[_DECLARATION])
-
-AC_MSG_RESULT($ac_cv_var_$2_declaration)
-if eval "test \"\$ac_cv_var_$2_declaration\" = yes"; then
- AC_DEFINE(foo, 1, [define if your system declares $2])
-fi
-undefine([foo])
-])
diff --git a/crypto/heimdal/kadmin/kadmin_locl.h b/crypto/heimdal/kadmin/kadmin_locl.h
index 0b36127db0d5..1707c459ffe3 100644
--- a/crypto/heimdal/kadmin/kadmin_locl.h
+++ b/crypto/heimdal/kadmin/kadmin_locl.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -32,7 +32,7 @@
*/
/*
- * $Id: kadmin_locl.h,v 1.41 2002/09/10 20:04:45 joda Exp $
+ * $Id: kadmin_locl.h 17580 2006-05-13 21:28:56Z lha $
* $FreeBSD$
*/
@@ -91,92 +91,57 @@
#include <krb5_locl.h>
#include <hdb.h>
#include <hdb_err.h>
+#include <hex.h>
#include <kadm5/admin.h>
#include <kadm5/private.h>
#include <kadm5/kadm5_err.h>
#include <parse_time.h>
#include <getarg.h>
-
extern krb5_context context;
extern void * kadm_handle;
-#define DECL(X) int X(int, char **)
-
-DECL(add_new_key);
-DECL(cpw_entry);
-DECL(del_entry);
-DECL(del_enctype);
-DECL(exit_kadmin);
-DECL(ext_keytab);
-DECL(get_entry);
-DECL(get_privs);
-DECL(help);
-DECL(list_princs);
-DECL(mod_entry);
-DECL(rename_entry);
-DECL(init);
-DECL(dump);
-DECL(load);
-DECL(merge);
-
#undef ALLOC
#define ALLOC(X) ((X) = malloc(sizeof(*(X))))
/* util.c */
-void attributes2str(krb5_flags attributes, char *str, size_t len);
-int str2attributes(const char *str, krb5_flags *flags);
-int parse_attributes (const char *resp, krb5_flags *attr, int *mask, int bit);
-int edit_attributes (const char *prompt, krb5_flags *attr, int *mask,
- int bit);
-
-void time_t2str(time_t t, char *str, size_t len, int include_time);
-int str2time_t (const char *str, time_t *time);
-int parse_timet (const char *resp, krb5_timestamp *value, int *mask, int bit);
-int edit_timet (const char *prompt, krb5_timestamp *value, int *mask,
- int bit);
-
-void deltat2str(unsigned t, char *str, size_t len);
-int str2deltat(const char *str, krb5_deltat *delta);
-int parse_deltat (const char *resp, krb5_deltat *value, int *mask, int bit);
-int edit_deltat (const char *prompt, krb5_deltat *value, int *mask, int bit);
-
-int edit_entry(kadm5_principal_ent_t ent, int *mask,
- kadm5_principal_ent_t default_ent, int default_mask);
-void set_defaults(kadm5_principal_ent_t ent, int *mask,
- kadm5_principal_ent_t default_ent, int default_mask);
-int set_entry(krb5_context context,
- kadm5_principal_ent_t ent,
- int *mask,
- const char *max_ticket_life,
- const char *max_renewable_life,
- const char *expiration,
- const char *pw_expiration,
- const char *attributes);
+void attributes2str(krb5_flags, char *, size_t);
+int str2attributes(const char *, krb5_flags *);
+int parse_attributes (const char *, krb5_flags *, int *, int);
+int edit_attributes (const char *, krb5_flags *, int *, int);
+
+void time_t2str(time_t, char *, size_t, int);
+int str2time_t (const char *, time_t *);
+int parse_timet (const char *, krb5_timestamp *, int *, int);
+int edit_timet (const char *, krb5_timestamp *, int *,
+ int);
+
+void deltat2str(unsigned, char *, size_t);
+int str2deltat(const char *, krb5_deltat *);
+int parse_deltat (const char *, krb5_deltat *, int *, int);
+int edit_deltat (const char *, krb5_deltat *, int *, int);
+
+int edit_entry(kadm5_principal_ent_t, int *, kadm5_principal_ent_t, int);
+void set_defaults(kadm5_principal_ent_t, int *, kadm5_principal_ent_t, int);
+int set_entry(krb5_context, kadm5_principal_ent_t, int *,
+ const char *, const char *, const char *,
+ const char *, const char *);
int
-foreach_principal(const char *exp,
- int (*func)(krb5_principal, void*),
- const char *funcname,
- void *data);
+foreach_principal(const char *, int (*)(krb5_principal, void*),
+ const char *, void *);
-int parse_des_key (const char *key_string,
- krb5_key_data *key_data, const char **err);
+int parse_des_key (const char *, krb5_key_data *, const char **);
/* server.c */
krb5_error_code
kadmind_loop (krb5_context, krb5_auth_context, krb5_keytab, int);
-/* version4.c */
-
-void
-handle_v4(krb5_context context, krb5_keytab keytab, int len, int fd);
-
/* random_password.c */
void
-random_password(char *pw, size_t len);
+random_password(char *, size_t);
/* kadm_conn.c */
diff --git a/crypto/heimdal/kadmin/version4.c b/crypto/heimdal/kadmin/version4.c
deleted file mode 100644
index ffa9c07f8582..000000000000
--- a/crypto/heimdal/kadmin/version4.c
+++ /dev/null
@@ -1,1016 +0,0 @@
-/*
- * Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- * used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "kadmin_locl.h"
-#include <krb5-private.h>
-
-#define Principal krb4_Principal
-#define kadm_get krb4_kadm_get
-#undef ALLOC
-#include <krb.h>
-#include <kadm.h>
-#include <krb_err.h>
-#include <kadm_err.h>
-
-RCSID("$Id: version4.c,v 1.29.2.1 2004/04/29 12:29:23 lha Exp $");
-
-#define KADM_NO_OPCODE -1
-#define KADM_NO_ENCRYPT -2
-
-/*
- * make an error packet if we fail encrypting
- */
-
-static void
-make_you_lose_packet(int code, krb5_data *reply)
-{
- krb5_data_alloc(reply, KADM_VERSIZE + 4);
- memcpy(reply->data, KADM_ULOSE, KADM_VERSIZE);
- _krb5_put_int((char*)reply->data + KADM_VERSIZE, code, 4);
-}
-
-static int
-ret_fields(krb5_storage *sp, char *fields)
-{
- return krb5_storage_read(sp, fields, FLDSZ);
-}
-
-static int
-store_fields(krb5_storage *sp, char *fields)
-{
- return krb5_storage_write(sp, fields, FLDSZ);
-}
-
-static void
-ret_vals(krb5_storage *sp, Kadm_vals *vals)
-{
- int field;
- char *tmp_string;
-
- memset(vals, 0, sizeof(*vals));
-
- ret_fields(sp, vals->fields);
-
- for(field = 31; field >= 0; field--) {
- if(IS_FIELD(field, vals->fields)) {
- switch(field) {
- case KADM_NAME:
- krb5_ret_stringz(sp, &tmp_string);
- strlcpy(vals->name, tmp_string, sizeof(vals->name));
- free(tmp_string);
- break;
- case KADM_INST:
- krb5_ret_stringz(sp, &tmp_string);
- strlcpy(vals->instance, tmp_string,
- sizeof(vals->instance));
- free(tmp_string);
- break;
- case KADM_EXPDATE:
- krb5_ret_int32(sp, &vals->exp_date);
- break;
- case KADM_ATTR:
- krb5_ret_int16(sp, &vals->attributes);
- break;
- case KADM_MAXLIFE:
- krb5_ret_int8(sp, &vals->max_life);
- break;
- case KADM_DESKEY:
- krb5_ret_int32(sp, &vals->key_high);
- krb5_ret_int32(sp, &vals->key_low);
- break;
-#ifdef EXTENDED_KADM
- case KADM_MODDATE:
- krb5_ret_int32(sp, &vals->mod_date);
- break;
- case KADM_MODNAME:
- krb5_ret_stringz(sp, &tmp_string);
- strlcpy(vals->mod_name, tmp_string,
- sizeof(vals->mod_name));
- free(tmp_string);
- break;
- case KADM_MODINST:
- krb5_ret_stringz(sp, &tmp_string);
- strlcpy(vals->mod_instance, tmp_string,
- sizeof(vals->mod_instance));
- free(tmp_string);
- break;
- case KADM_KVNO:
- krb5_ret_int8(sp, &vals->key_version);
- break;
-#endif
- default:
- break;
- }
- }
- }
-}
-
-static void
-store_vals(krb5_storage *sp, Kadm_vals *vals)
-{
- int field;
-
- store_fields(sp, vals->fields);
-
- for(field = 31; field >= 0; field--) {
- if(IS_FIELD(field, vals->fields)) {
- switch(field) {
- case KADM_NAME:
- krb5_store_stringz(sp, vals->name);
- break;
- case KADM_INST:
- krb5_store_stringz(sp, vals->instance);
- break;
- case KADM_EXPDATE:
- krb5_store_int32(sp, vals->exp_date);
- break;
- case KADM_ATTR:
- krb5_store_int16(sp, vals->attributes);
- break;
- case KADM_MAXLIFE:
- krb5_store_int8(sp, vals->max_life);
- break;
- case KADM_DESKEY:
- krb5_store_int32(sp, vals->key_high);
- krb5_store_int32(sp, vals->key_low);
- break;
-#ifdef EXTENDED_KADM
- case KADM_MODDATE:
- krb5_store_int32(sp, vals->mod_date);
- break;
- case KADM_MODNAME:
- krb5_store_stringz(sp, vals->mod_name);
- break;
- case KADM_MODINST:
- krb5_store_stringz(sp, vals->mod_instance);
- break;
- case KADM_KVNO:
- krb5_store_int8(sp, vals->key_version);
- break;
-#endif
- default:
- break;
- }
- }
- }
-}
-
-static int
-flags_4_to_5(char *flags)
-{
- int i;
- int32_t mask = 0;
- for(i = 31; i >= 0; i--) {
- if(IS_FIELD(i, flags))
- switch(i) {
- case KADM_NAME:
- case KADM_INST:
- mask |= KADM5_PRINCIPAL;
- case KADM_EXPDATE:
- mask |= KADM5_PRINC_EXPIRE_TIME;
- case KADM_MAXLIFE:
- mask |= KADM5_MAX_LIFE;
-#ifdef EXTENDED_KADM
- case KADM_KVNO:
- mask |= KADM5_KEY_DATA;
- case KADM_MODDATE:
- mask |= KADM5_MOD_TIME;
- case KADM_MODNAME:
- case KADM_MODINST:
- mask |= KADM5_MOD_NAME;
-#endif
- }
- }
- return mask;
-}
-
-static void
-ent_to_values(krb5_context context,
- kadm5_principal_ent_t ent,
- int32_t mask,
- Kadm_vals *vals)
-{
- krb5_error_code ret;
- char realm[REALM_SZ];
- time_t exp = 0;
-
- memset(vals, 0, sizeof(*vals));
- if(mask & KADM5_PRINCIPAL) {
- ret = krb5_524_conv_principal(context, ent->principal,
- vals->name, vals->instance, realm);
- SET_FIELD(KADM_NAME, vals->fields);
- SET_FIELD(KADM_INST, vals->fields);
- }
- if(mask & KADM5_PRINC_EXPIRE_TIME) {
- if(ent->princ_expire_time != 0)
- exp = ent->princ_expire_time;
- }
- if(mask & KADM5_PW_EXPIRATION) {
- if(ent->pw_expiration != 0 && (exp == 0 || exp > ent->pw_expiration))
- exp = ent->pw_expiration;
- }
- if(exp) {
- vals->exp_date = exp;
- SET_FIELD(KADM_EXPDATE, vals->fields);
- }
- if(mask & KADM5_MAX_LIFE) {
- if(ent->max_life == 0)
- vals->max_life = 255;
- else
- vals->max_life = krb_time_to_life(0, ent->max_life);
- SET_FIELD(KADM_MAXLIFE, vals->fields);
- }
- if(mask & KADM5_KEY_DATA) {
- if(ent->n_key_data > 0) {
-#ifdef EXTENDED_KADM
- vals->key_version = ent->key_data[0].key_data_kvno;
- SET_FIELD(KADM_KVNO, vals->fields);
-#endif
- }
- /* XXX the key itself? */
- }
-#ifdef EXTENDED_KADM
- if(mask & KADM5_MOD_TIME) {
- vals->mod_date = ent->mod_date;
- SET_FIELD(KADM_MODDATE, vals->fields);
- }
- if(mask & KADM5_MOD_NAME) {
- krb5_524_conv_principal(context, ent->mod_name,
- vals->mod_name, vals->mod_instance, realm);
- SET_FIELD(KADM_MODNAME, vals->fields);
- SET_FIELD(KADM_MODINST, vals->fields);
- }
-#endif
-}
-
-/*
- * convert the kadm4 values in `vals' to `ent' (and `mask')
- */
-
-static krb5_error_code
-values_to_ent(krb5_context context,
- Kadm_vals *vals,
- kadm5_principal_ent_t ent,
- int32_t *mask)
-{
- krb5_error_code ret;
- *mask = 0;
- memset(ent, 0, sizeof(*ent));
-
- if(IS_FIELD(KADM_NAME, vals->fields)) {
- char *inst = NULL;
- if(IS_FIELD(KADM_INST, vals->fields))
- inst = vals->instance;
- ret = krb5_425_conv_principal(context,
- vals->name,
- inst,
- NULL,
- &ent->principal);
- if(ret)
- return ret;
- *mask |= KADM5_PRINCIPAL;
- }
- if(IS_FIELD(KADM_EXPDATE, vals->fields)) {
- ent->princ_expire_time = vals->exp_date;
- *mask |= KADM5_PRINC_EXPIRE_TIME;
- }
- if(IS_FIELD(KADM_MAXLIFE, vals->fields)) {
- ent->max_life = krb_life_to_time(0, vals->max_life);
- *mask |= KADM5_MAX_LIFE;
- }
-
- if(IS_FIELD(KADM_DESKEY, vals->fields)) {
- int i;
- ent->key_data = calloc(3, sizeof(*ent->key_data));
- if(ent->key_data == NULL)
- return ENOMEM;
- for(i = 0; i < 3; i++) {
- u_int32_t key_low, key_high;
-
- ent->key_data[i].key_data_ver = 2;
-#ifdef EXTENDED_KADM
- if(IS_FIELD(KADM_KVNO, vals->fields))
- ent->key_data[i].key_data_kvno = vals->key_version;
-#endif
- ent->key_data[i].key_data_type[0] = ETYPE_DES_CBC_MD5;
- ent->key_data[i].key_data_length[0] = 8;
- if((ent->key_data[i].key_data_contents[0] = malloc(8)) == NULL)
- return ENOMEM;
-
- key_low = ntohl(vals->key_low);
- key_high = ntohl(vals->key_high);
- memcpy(ent->key_data[i].key_data_contents[0],
- &key_low, 4);
- memcpy((char*)ent->key_data[i].key_data_contents[0] + 4,
- &key_high, 4);
- ent->key_data[i].key_data_type[1] = KRB5_PW_SALT;
- ent->key_data[i].key_data_length[1] = 0;
- ent->key_data[i].key_data_contents[1] = NULL;
- }
- ent->key_data[1].key_data_type[0] = ETYPE_DES_CBC_MD4;
- ent->key_data[2].key_data_type[0] = ETYPE_DES_CBC_CRC;
- ent->n_key_data = 3;
- *mask |= KADM5_KEY_DATA;
- }
-
-#ifdef EXTENDED_KADM
- if(IS_FIELD(KADM_MODDATE, vals->fields)) {
- ent->mod_date = vals->mod_date;
- *mask |= KADM5_MOD_TIME;
- }
- if(IS_FIELD(KADM_MODNAME, vals->fields)) {
- char *inst = NULL;
- if(IS_FIELD(KADM_MODINST, vals->fields))
- inst = vals->mod_instance;
- ret = krb5_425_conv_principal(context,
- vals->mod_name,
- inst,
- NULL,
- &ent->mod_name);
- if(ret)
- return ret;
- *mask |= KADM5_MOD_NAME;
- }
-#endif
- return 0;
-}
-
-/*
- * Try to translate a KADM5 error code into a v4 kadmin one.
- */
-
-static int
-error_code(int ret)
-{
- switch (ret) {
- case 0:
- return 0;
- case KADM5_FAILURE :
- case KADM5_AUTH_GET :
- case KADM5_AUTH_ADD :
- case KADM5_AUTH_MODIFY :
- case KADM5_AUTH_DELETE :
- case KADM5_AUTH_INSUFFICIENT :
- return KADM_UNAUTH;
- case KADM5_BAD_DB :
- return KADM_UK_RERROR;
- case KADM5_DUP :
- return KADM_INUSE;
- case KADM5_RPC_ERROR :
- case KADM5_NO_SRV :
- return KADM_NO_SERV;
- case KADM5_NOT_INIT :
- return KADM_NO_CONN;
- case KADM5_UNK_PRINC :
- return KADM_NOENTRY;
- case KADM5_PASS_Q_TOOSHORT :
-#ifdef KADM_PASS_Q_TOOSHORT
- return KADM_PASS_Q_TOOSHORT;
-#else
- return KADM_INSECURE_PW;
-#endif
- case KADM5_PASS_Q_CLASS :
-#ifdef KADM_PASS_Q_CLASS
- return KADM_PASS_Q_CLASS;
-#else
- return KADM_INSECURE_PW;
-#endif
- case KADM5_PASS_Q_DICT :
-#ifdef KADM_PASS_Q_DICT
- return KADM_PASS_Q_DICT;
-#else
- return KADM_INSECURE_PW;
-#endif
- case KADM5_PASS_REUSE :
- case KADM5_PASS_TOOSOON :
- case KADM5_BAD_PASSWORD :
- return KADM_INSECURE_PW;
- case KADM5_PROTECT_PRINCIPAL :
- return KADM_IMMUTABLE;
- case KADM5_POLICY_REF :
- case KADM5_INIT :
- case KADM5_BAD_HIST_KEY :
- case KADM5_UNK_POLICY :
- case KADM5_BAD_MASK :
- case KADM5_BAD_CLASS :
- case KADM5_BAD_LENGTH :
- case KADM5_BAD_POLICY :
- case KADM5_BAD_PRINCIPAL :
- case KADM5_BAD_AUX_ATTR :
- case KADM5_BAD_HISTORY :
- case KADM5_BAD_MIN_PASS_LIFE :
- case KADM5_BAD_SERVER_HANDLE :
- case KADM5_BAD_STRUCT_VERSION :
- case KADM5_OLD_STRUCT_VERSION :
- case KADM5_NEW_STRUCT_VERSION :
- case KADM5_BAD_API_VERSION :
- case KADM5_OLD_LIB_API_VERSION :
- case KADM5_OLD_SERVER_API_VERSION :
- case KADM5_NEW_LIB_API_VERSION :
- case KADM5_NEW_SERVER_API_VERSION :
- case KADM5_SECURE_PRINC_MISSING :
- case KADM5_NO_RENAME_SALT :
- case KADM5_BAD_CLIENT_PARAMS :
- case KADM5_BAD_SERVER_PARAMS :
- case KADM5_AUTH_LIST :
- case KADM5_AUTH_CHANGEPW :
- case KADM5_BAD_TL_TYPE :
- case KADM5_MISSING_CONF_PARAMS :
- case KADM5_BAD_SERVER_NAME :
- default :
- return KADM_UNAUTH; /* XXX */
- }
-}
-
-/*
- * server functions
- */
-
-static int
-kadm_ser_cpw(krb5_context context,
- void *kadm_handle,
- krb5_principal principal,
- const char *principal_string,
- krb5_storage *message,
- krb5_storage *reply)
-{
- char key[8];
- char *password = NULL;
- krb5_error_code ret;
-
- krb5_warnx(context, "v4-compat %s: CHPASS %s",
- principal_string, principal_string);
-
- ret = krb5_storage_read(message, key + 4, 4);
- ret = krb5_storage_read(message, key, 4);
- ret = krb5_ret_stringz(message, &password);
-
- if(password) {
- krb5_data pwd_data;
- const char *tmp;
-
- pwd_data.data = password;
- pwd_data.length = strlen(password);
-
- tmp = kadm5_check_password_quality (context, principal, &pwd_data);
-
- if (tmp != NULL) {
- krb5_store_stringz (reply, (char *)tmp);
- ret = KADM5_PASS_Q_DICT;
- goto fail;
- }
- ret = kadm5_chpass_principal(kadm_handle, principal, password);
- } else {
- krb5_key_data key_data[3];
- int i;
- for(i = 0; i < 3; i++) {
- key_data[i].key_data_ver = 2;
- key_data[i].key_data_kvno = 0;
- /* key */
- key_data[i].key_data_type[0] = ETYPE_DES_CBC_CRC;
- key_data[i].key_data_length[0] = 8;
- key_data[i].key_data_contents[0] = malloc(8);
- memcpy(key_data[i].key_data_contents[0], &key, 8);
- /* salt */
- key_data[i].key_data_type[1] = KRB5_PW_SALT;
- key_data[i].key_data_length[1] = 0;
- key_data[i].key_data_contents[1] = NULL;
- }
- key_data[0].key_data_type[0] = ETYPE_DES_CBC_MD5;
- key_data[1].key_data_type[0] = ETYPE_DES_CBC_MD4;
- ret = kadm5_s_chpass_principal_with_key(kadm_handle,
- principal, 3, key_data);
- }
-
- if(ret != 0) {
- krb5_store_stringz(reply, (char*)krb5_get_err_text(context, ret));
- goto fail;
- }
- return 0;
-fail:
- krb5_warn(context, ret, "v4-compat CHPASS");
- return error_code(ret);
-}
-
-static int
-kadm_ser_add(krb5_context context,
- void *kadm_handle,
- krb5_principal principal,
- const char *principal_string,
- krb5_storage *message,
- krb5_storage *reply)
-{
- int32_t mask;
- kadm5_principal_ent_rec ent, out;
- Kadm_vals values;
- krb5_error_code ret;
- char name[128];
-
- ret_vals(message, &values);
-
- ret = values_to_ent(context, &values, &ent, &mask);
- if(ret)
- goto fail;
-
- krb5_unparse_name_fixed(context, ent.principal, name, sizeof(name));
- krb5_warnx(context, "v4-compat %s: ADD %s",
- principal_string, name);
-
- ret = _kadm5_acl_check_permission (kadm_handle, KADM5_PRIV_ADD,
- ent.principal);
- if (ret)
- goto fail;
-
- ret = kadm5_s_create_principal_with_key(kadm_handle, &ent, mask);
- if(ret) {
- kadm5_free_principal_ent(kadm_handle, &ent);
- goto fail;
- }
-
- mask = KADM5_PRINCIPAL | KADM5_PRINC_EXPIRE_TIME | KADM5_MAX_LIFE |
- KADM5_KEY_DATA | KADM5_MOD_TIME | KADM5_MOD_NAME;
-
- kadm5_get_principal(kadm_handle, ent.principal, &out, mask);
- ent_to_values(context, &out, mask, &values);
- kadm5_free_principal_ent(kadm_handle, &ent);
- kadm5_free_principal_ent(kadm_handle, &out);
- store_vals(reply, &values);
- return 0;
-fail:
- krb5_warn(context, ret, "v4-compat ADD");
- return error_code(ret);
-}
-
-static int
-kadm_ser_get(krb5_context context,
- void *kadm_handle,
- krb5_principal principal,
- const char *principal_string,
- krb5_storage *message,
- krb5_storage *reply)
-{
- krb5_error_code ret;
- Kadm_vals values;
- kadm5_principal_ent_rec ent, out;
- int32_t mask;
- char flags[FLDSZ];
- char name[128];
-
- ret_vals(message, &values);
- /* XXX BRAIN DAMAGE! these flags are not stored in the same order
- as in the header */
- krb5_ret_int8(message, &flags[3]);
- krb5_ret_int8(message, &flags[2]);
- krb5_ret_int8(message, &flags[1]);
- krb5_ret_int8(message, &flags[0]);
- ret = values_to_ent(context, &values, &ent, &mask);
- if(ret)
- goto fail;
-
- krb5_unparse_name_fixed(context, ent.principal, name, sizeof(name));
- krb5_warnx(context, "v4-compat %s: GET %s",
- principal_string, name);
-
- ret = _kadm5_acl_check_permission (kadm_handle, KADM5_PRIV_GET,
- ent.principal);
- if (ret)
- goto fail;
-
- mask = flags_4_to_5(flags);
-
- ret = kadm5_get_principal(kadm_handle, ent.principal, &out, mask);
- kadm5_free_principal_ent(kadm_handle, &ent);
-
- if (ret)
- goto fail;
-
- ent_to_values(context, &out, mask, &values);
-
- kadm5_free_principal_ent(kadm_handle, &out);
-
- store_vals(reply, &values);
- return 0;
-fail:
- krb5_warn(context, ret, "v4-compat GET");
- return error_code(ret);
-}
-
-static int
-kadm_ser_mod(krb5_context context,
- void *kadm_handle,
- krb5_principal principal,
- const char *principal_string,
- krb5_storage *message,
- krb5_storage *reply)
-{
- Kadm_vals values1, values2;
- kadm5_principal_ent_rec ent, out;
- int32_t mask;
- krb5_error_code ret;
- char name[128];
-
- ret_vals(message, &values1);
- /* why are the old values sent? is the mask the same in the old and
- the new entry? */
- ret_vals(message, &values2);
-
- ret = values_to_ent(context, &values2, &ent, &mask);
- if(ret)
- goto fail;
-
- krb5_unparse_name_fixed(context, ent.principal, name, sizeof(name));
- krb5_warnx(context, "v4-compat %s: MOD %s",
- principal_string, name);
-
- ret = _kadm5_acl_check_permission (kadm_handle, KADM5_PRIV_MODIFY,
- ent.principal);
- if (ret)
- goto fail;
-
- ret = kadm5_s_modify_principal(kadm_handle, &ent, mask);
- if(ret) {
- kadm5_free_principal_ent(kadm_handle, &ent);
- krb5_warn(context, ret, "kadm5_s_modify_principal");
- goto fail;
- }
-
- ret = kadm5_get_principal(kadm_handle, ent.principal, &out, mask);
- if(ret) {
- kadm5_free_principal_ent(kadm_handle, &ent);
- krb5_warn(context, ret, "kadm5_s_modify_principal");
- goto fail;
- }
-
- ent_to_values(context, &out, mask, &values1);
-
- kadm5_free_principal_ent(kadm_handle, &ent);
- kadm5_free_principal_ent(kadm_handle, &out);
-
- store_vals(reply, &values1);
- return 0;
-fail:
- krb5_warn(context, ret, "v4-compat MOD");
- return error_code(ret);
-}
-
-static int
-kadm_ser_del(krb5_context context,
- void *kadm_handle,
- krb5_principal principal,
- const char *principal_string,
- krb5_storage *message,
- krb5_storage *reply)
-{
- Kadm_vals values;
- kadm5_principal_ent_rec ent;
- int32_t mask;
- krb5_error_code ret;
- char name[128];
-
- ret_vals(message, &values);
-
- ret = values_to_ent(context, &values, &ent, &mask);
- if(ret)
- goto fail;
-
- krb5_unparse_name_fixed(context, ent.principal, name, sizeof(name));
- krb5_warnx(context, "v4-compat %s: DEL %s",
- principal_string, name);
-
- ret = _kadm5_acl_check_permission (kadm_handle, KADM5_PRIV_DELETE,
- ent.principal);
- if (ret)
- goto fail;
-
- ret = kadm5_delete_principal(kadm_handle, ent.principal);
-
- kadm5_free_principal_ent(kadm_handle, &ent);
-
- if (ret)
- goto fail;
-
- return 0;
-fail:
- krb5_warn(context, ret, "v4-compat ADD");
- return error_code(ret);
-}
-
-static int
-dispatch(krb5_context context,
- void *kadm_handle,
- krb5_principal principal,
- const char *principal_string,
- krb5_data msg,
- krb5_data *reply)
-{
- int retval;
- int8_t command;
- krb5_storage *sp_in, *sp_out;
-
- sp_in = krb5_storage_from_data(&msg);
- krb5_ret_int8(sp_in, &command);
-
- sp_out = krb5_storage_emem();
- krb5_storage_write(sp_out, KADM_VERSTR, KADM_VERSIZE);
- krb5_store_int32(sp_out, 0);
-
- switch(command) {
- case CHANGE_PW:
- retval = kadm_ser_cpw(context, kadm_handle, principal,
- principal_string,
- sp_in, sp_out);
- break;
- case ADD_ENT:
- retval = kadm_ser_add(context, kadm_handle, principal,
- principal_string,
- sp_in, sp_out);
- break;
- case GET_ENT:
- retval = kadm_ser_get(context, kadm_handle, principal,
- principal_string,
- sp_in, sp_out);
- break;
- case MOD_ENT:
- retval = kadm_ser_mod(context, kadm_handle, principal,
- principal_string,
- sp_in, sp_out);
- break;
- case DEL_ENT:
- retval = kadm_ser_del(context, kadm_handle, principal,
- principal_string,
- sp_in, sp_out);
- break;
- default:
- krb5_warnx(context, "v4-compat %s: unknown opcode: %d",
- principal_string, command);
- retval = KADM_NO_OPCODE;
- break;
- }
- krb5_storage_free(sp_in);
- if(retval) {
- krb5_storage_seek(sp_out, KADM_VERSIZE, SEEK_SET);
- krb5_store_int32(sp_out, retval);
- }
- krb5_storage_to_data(sp_out, reply);
- krb5_storage_free(sp_out);
- return retval;
-}
-
-/*
- * Decode a v4 kadmin packet in `message' and create a reply in `reply'
- */
-
-static void
-decode_packet(krb5_context context,
- krb5_keytab keytab,
- struct sockaddr_in *admin_addr,
- struct sockaddr_in *client_addr,
- krb5_data message,
- krb5_data *reply)
-{
- int ret;
- KTEXT_ST authent;
- AUTH_DAT ad;
- MSG_DAT msg_dat;
- off_t off = 0;
- unsigned long rlen;
- char sname[] = "changepw", sinst[] = "kerberos";
- unsigned long checksum;
- des_key_schedule schedule;
- char *msg = message.data;
- void *kadm_handle;
- krb5_principal client;
- char *client_str;
- krb5_keytab_entry entry;
-
- if(message.length < KADM_VERSIZE + 4
- || strncmp(msg, KADM_VERSTR, KADM_VERSIZE) != 0) {
- make_you_lose_packet (KADM_BAD_VER, reply);
- return;
- }
-
- off = KADM_VERSIZE;
- off += _krb5_get_int(msg + off, &rlen, 4);
- memset(&authent, 0, sizeof(authent));
- authent.length = message.length - rlen - KADM_VERSIZE - 4;
-
- if(rlen > message.length - KADM_VERSIZE - 4
- || authent.length > MAX_KTXT_LEN) {
- krb5_warnx(context, "received bad rlen (%lu)", (unsigned long)rlen);
- make_you_lose_packet (KADM_LENGTH_ERROR, reply);
- return;
- }
-
- memcpy(authent.dat, (char*)msg + off, authent.length);
- off += authent.length;
-
- {
- krb5_principal principal;
- krb5_keyblock *key;
-
- ret = krb5_make_principal(context, &principal, NULL,
- "changepw", "kerberos", NULL);
- if (ret) {
- krb5_warn (context, ret, "krb5_make_principal");
- make_you_lose_packet (KADM_NOMEM, reply);
- return;
- }
- ret = krb5_kt_get_entry (context, keytab, principal, 0,
- ETYPE_DES_CBC_MD5, &entry);
- krb5_kt_close (context, keytab);
- if (ret) {
- krb5_free_principal(context, principal);
- make_you_lose_packet (KADM_NO_AUTH, reply);
- return;
- }
- ret = krb5_copy_keyblock (context, &entry.keyblock,& key);
- krb5_kt_free_entry(context, &entry);
- krb5_free_principal(context, principal);
- if(ret) {
- if(ret == KRB5_KT_NOTFOUND)
- make_you_lose_packet(KADM_NO_AUTH, reply);
- else
- /* XXX */
- make_you_lose_packet(KADM_NO_AUTH, reply);
- krb5_warn(context, ret, "krb5_kt_read_service_key");
- return;
- }
-
- if(key->keyvalue.length != 8)
- krb5_abortx(context, "key has wrong length (%lu)",
- (unsigned long)key->keyvalue.length);
- krb_set_key(key->keyvalue.data, 0);
- krb5_free_keyblock(context, key);
- }
-
- ret = krb_rd_req(&authent, sname, sinst,
- client_addr->sin_addr.s_addr, &ad, NULL);
-
- if(ret) {
- make_you_lose_packet(ERROR_TABLE_BASE_krb + ret, reply);
- krb5_warnx(context, "krb_rd_req: %d", ret);
- return;
- }
-
- ret = krb5_425_conv_principal(context, ad.pname, ad.pinst, ad.prealm,
- &client);
- if (ret) {
- krb5_warnx (context, "krb5_425_conv_principal: %d", ret);
- make_you_lose_packet (KADM_NOMEM, reply);
- return;
- }
-
- krb5_unparse_name(context, client, &client_str);
-
- ret = kadm5_init_with_password_ctx(context,
- client_str,
- NULL,
- KADM5_ADMIN_SERVICE,
- NULL, 0, 0,
- &kadm_handle);
- if (ret) {
- krb5_warn (context, ret, "kadm5_init_with_password_ctx");
- make_you_lose_packet (KADM_NOMEM, reply);
- goto out;
- }
-
- checksum = des_quad_cksum((void *)(msg + off), NULL, rlen, 0, &ad.session);
- if(checksum != ad.checksum) {
- krb5_warnx(context, "decode_packet: bad checksum");
- make_you_lose_packet (KADM_BAD_CHK, reply);
- goto out;
- }
- des_set_key(&ad.session, schedule);
- ret = krb_rd_priv(msg + off, rlen, schedule, &ad.session,
- client_addr, admin_addr, &msg_dat);
- if (ret) {
- make_you_lose_packet (ERROR_TABLE_BASE_krb + ret, reply);
- krb5_warnx(context, "krb_rd_priv: %d", ret);
- goto out;
- }
-
- {
- krb5_data d, r;
- int retval;
-
- d.data = msg_dat.app_data;
- d.length = msg_dat.app_length;
-
- retval = dispatch(context, kadm_handle,
- client, client_str, d, &r);
- krb5_data_alloc(reply, r.length + 26);
- reply->length = krb_mk_priv(r.data, reply->data, r.length,
- schedule, &ad.session,
- admin_addr, client_addr);
- if((ssize_t)reply->length < 0) {
- make_you_lose_packet(KADM_NO_ENCRYPT, reply);
- goto out;
- }
- }
-out:
- krb5_free_principal(context, client);
- free(client_str);
-}
-
-void
-handle_v4(krb5_context context,
- krb5_keytab keytab,
- int len,
- int fd)
-{
- int first = 1;
- struct sockaddr_in admin_addr, client_addr;
- socklen_t addr_len;
- krb5_data message, reply;
- ssize_t n;
-
- addr_len = sizeof(client_addr);
- if (getsockname(fd, (struct sockaddr*)&admin_addr, &addr_len) < 0)
- krb5_errx (context, 1, "getsockname");
- addr_len = sizeof(client_addr);
- if (getpeername(fd, (struct sockaddr*)&client_addr, &addr_len) < 0)
- krb5_errx (context, 1, "getpeername");
-
- while(1) {
- doing_useful_work = 0;
- if(term_flag)
- exit(0);
- if(first) {
- if (len < 2)
- krb5_errx(context, 1, "received too short len (%d < 2)", len);
- /* first time around, we have already read len, and two
- bytes of the version string */
- krb5_data_alloc(&message, len);
- memcpy(message.data, "KA", 2);
- n = krb5_net_read(context, &fd, (char*)message.data + 2,
- len - 2);
- if (n == 0)
- exit (0);
- if (n < 0)
- krb5_err (context, 1, errno, "krb5_net_read");
- first = 0;
- } else {
- char buf[2];
- unsigned long tmp;
- ssize_t n;
-
- n = krb5_net_read(context, &fd, buf, sizeof(2));
- if (n == 0)
- exit (0);
- if (n < 0)
- krb5_err (context, 1, errno, "krb5_net_read");
- _krb5_get_int(buf, &tmp, 2);
- krb5_data_alloc(&message, tmp);
- n = krb5_net_read(context, &fd, message.data, message.length);
- if (n == 0)
- krb5_errx (context, 1, "EOF in krb5_net_read");
- if (n < 0)
- krb5_err (context, 1, errno, "krb5_net_read");
- }
- doing_useful_work = 1;
- decode_packet(context, keytab, &admin_addr, &client_addr,
- message, &reply);
- krb5_data_free(&message);
- {
- char buf[2];
-
- _krb5_put_int(buf, reply.length, sizeof(buf));
- n = krb5_net_write(context, &fd, buf, sizeof(buf));
- if (n < 0)
- krb5_err (context, 1, errno, "krb5_net_write");
- n = krb5_net_write(context, &fd, reply.data, reply.length);
- if (n < 0)
- krb5_err (context, 1, errno, "krb5_net_write");
- krb5_data_free(&reply);
- }
- }
-}
diff --git a/crypto/heimdal/kdc/headers.h b/crypto/heimdal/kdc/headers.h
index 96db9248bebb..bdbc1563e55a 100644
--- a/crypto/heimdal/kdc/headers.h
+++ b/crypto/heimdal/kdc/headers.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -32,7 +32,7 @@
*/
/*
- * $Id: headers.h,v 1.15 2002/09/10 20:04:46 joda Exp $
+ * $Id: headers.h 19658 2007-01-04 00:15:34Z lha $
* $FreeBSD$
*/
@@ -73,6 +73,9 @@
#ifdef HAVE_ARPA_INET_H
#include <arpa/inet.h>
#endif
+#ifdef HAVE_SYS_WAIT_H
+#include <sys/wait.h>
+#endif
#ifdef HAVE_NETDB_H
#include <netdb.h>
#endif
@@ -89,16 +92,14 @@
#include <parse_units.h>
#include <krb5.h>
#include <krb5_locl.h>
+#include <digest_asn1.h>
+#include <kx509_asn1.h>
#include <hdb.h>
#include <hdb_err.h>
-#include <der.h> /* copy_octet_string */
+#include <der.h>
-#ifdef KRB4
-#include <krb.h>
-#include <prot.h>
-#define Principal Principal4
-#include <krb_db.h>
-#endif
+#include <heimntlm.h>
+#include <windc_plugin.h>
#undef ALLOC
#define ALLOC(X) ((X) = malloc(sizeof(*(X))))
diff --git a/crypto/heimdal/lib/asn1/x509.asn1 b/crypto/heimdal/lib/asn1/x509.asn1
deleted file mode 100644
index 4a15844c8563..000000000000
--- a/crypto/heimdal/lib/asn1/x509.asn1
+++ /dev/null
@@ -1,23 +0,0 @@
-X509 DEFINITIONS ::= BEGIN
-
-CertificateSerialNumber ::= INTEGER -- X.509 '97
-
-AttributeType ::= OBJECT-IDENTIFIER
-
-AttributeValue ::= OCTET STRING --ANY DEFINED BY AttributeType
-
-AttributeTypeAndValue ::= SEQUENCE {
- type AttributeType,
- value AttributeValue
-}
-
-RelativeDistinguishedName ::= --SET
-SEQUENCE OF AttributeTypeAndValue
-
-RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
-
-Name ::= CHOICE { -- RFC2459
- x RDNSequence
-}
-
-END \ No newline at end of file
diff --git a/crypto/heimdal/lib/gssapi/8003.c b/crypto/heimdal/lib/gssapi/8003.c
deleted file mode 100644
index 3b481822b8cd..000000000000
--- a/crypto/heimdal/lib/gssapi/8003.c
+++ /dev/null
@@ -1,251 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: 8003.c,v 1.12.2.2 2003/09/18 21:30:57 lha Exp $");
-
-krb5_error_code
-gssapi_encode_om_uint32(OM_uint32 n, u_char *p)
-{
- p[0] = (n >> 0) & 0xFF;
- p[1] = (n >> 8) & 0xFF;
- p[2] = (n >> 16) & 0xFF;
- p[3] = (n >> 24) & 0xFF;
- return 0;
-}
-
-krb5_error_code
-gssapi_encode_be_om_uint32(OM_uint32 n, u_char *p)
-{
- p[0] = (n >> 24) & 0xFF;
- p[1] = (n >> 16) & 0xFF;
- p[2] = (n >> 8) & 0xFF;
- p[3] = (n >> 0) & 0xFF;
- return 0;
-}
-
-krb5_error_code
-gssapi_decode_om_uint32(u_char *p, OM_uint32 *n)
-{
- *n = (p[0] << 0) | (p[1] << 8) | (p[2] << 16) | (p[3] << 24);
- return 0;
-}
-
-krb5_error_code
-gssapi_decode_be_om_uint32(u_char *p, OM_uint32 *n)
-{
- *n = (p[0] <<24) | (p[1] << 16) | (p[2] << 8) | (p[3] << 0);
- return 0;
-}
-
-static krb5_error_code
-hash_input_chan_bindings (const gss_channel_bindings_t b,
- u_char *p)
-{
- u_char num[4];
- MD5_CTX md5;
-
- MD5_Init(&md5);
- gssapi_encode_om_uint32 (b->initiator_addrtype, num);
- MD5_Update (&md5, num, sizeof(num));
- gssapi_encode_om_uint32 (b->initiator_address.length, num);
- MD5_Update (&md5, num, sizeof(num));
- if (b->initiator_address.length)
- MD5_Update (&md5,
- b->initiator_address.value,
- b->initiator_address.length);
- gssapi_encode_om_uint32 (b->acceptor_addrtype, num);
- MD5_Update (&md5, num, sizeof(num));
- gssapi_encode_om_uint32 (b->acceptor_address.length, num);
- MD5_Update (&md5, num, sizeof(num));
- if (b->acceptor_address.length)
- MD5_Update (&md5,
- b->acceptor_address.value,
- b->acceptor_address.length);
- gssapi_encode_om_uint32 (b->application_data.length, num);
- MD5_Update (&md5, num, sizeof(num));
- if (b->application_data.length)
- MD5_Update (&md5,
- b->application_data.value,
- b->application_data.length);
- MD5_Final (p, &md5);
- return 0;
-}
-
-/*
- * create a checksum over the chanel bindings in
- * `input_chan_bindings', `flags' and `fwd_data' and return it in
- * `result'
- */
-
-OM_uint32
-gssapi_krb5_create_8003_checksum (
- OM_uint32 *minor_status,
- const gss_channel_bindings_t input_chan_bindings,
- OM_uint32 flags,
- const krb5_data *fwd_data,
- Checksum *result)
-{
- u_char *p;
-
- /*
- * see rfc1964 (section 1.1.1 (Initial Token), and the checksum value
- * field's format) */
- result->cksumtype = 0x8003;
- if (fwd_data->length > 0 && (flags & GSS_C_DELEG_FLAG))
- result->checksum.length = 24 + 4 + fwd_data->length;
- else
- result->checksum.length = 24;
- result->checksum.data = malloc (result->checksum.length);
- if (result->checksum.data == NULL) {
- *minor_status = ENOMEM;
- return GSS_S_FAILURE;
- }
-
- p = result->checksum.data;
- gssapi_encode_om_uint32 (16, p);
- p += 4;
- if (input_chan_bindings == GSS_C_NO_CHANNEL_BINDINGS) {
- memset (p, 0, 16);
- } else {
- hash_input_chan_bindings (input_chan_bindings, p);
- }
- p += 16;
- gssapi_encode_om_uint32 (flags, p);
- p += 4;
-
- if (fwd_data->length > 0 && (flags & GSS_C_DELEG_FLAG)) {
-#if 0
- u_char *tmp;
-
- result->checksum.length = 28 + fwd_data->length;
- tmp = realloc(result->checksum.data, result->checksum.length);
- if (tmp == NULL)
- return ENOMEM;
- result->checksum.data = tmp;
-
- p = (u_char*)result->checksum.data + 24;
-#endif
- *p++ = (1 >> 0) & 0xFF; /* DlgOpt */ /* == 1 */
- *p++ = (1 >> 8) & 0xFF; /* DlgOpt */ /* == 0 */
- *p++ = (fwd_data->length >> 0) & 0xFF; /* Dlgth */
- *p++ = (fwd_data->length >> 8) & 0xFF; /* Dlgth */
- memcpy(p, (unsigned char *) fwd_data->data, fwd_data->length);
-
- p += fwd_data->length;
- }
-
- return GSS_S_COMPLETE;
-}
-
-/*
- * verify the checksum in `cksum' over `input_chan_bindings'
- * returning `flags' and `fwd_data'
- */
-
-OM_uint32
-gssapi_krb5_verify_8003_checksum(
- OM_uint32 *minor_status,
- const gss_channel_bindings_t input_chan_bindings,
- const Checksum *cksum,
- OM_uint32 *flags,
- krb5_data *fwd_data)
-{
- unsigned char hash[16];
- unsigned char *p;
- OM_uint32 length;
- int DlgOpt;
- static unsigned char zeros[16];
-
- /* XXX should handle checksums > 24 bytes */
- if(cksum->cksumtype != 0x8003 || cksum->checksum.length < 24) {
- *minor_status = 0;
- return GSS_S_BAD_BINDINGS;
- }
-
- p = cksum->checksum.data;
- gssapi_decode_om_uint32(p, &length);
- if(length != sizeof(hash)) {
- *minor_status = 0;
- return GSS_S_BAD_BINDINGS;
- }
-
- p += 4;
-
- if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS
- && memcmp(p, zeros, sizeof(zeros)) != 0) {
- if(hash_input_chan_bindings(input_chan_bindings, hash) != 0) {
- *minor_status = 0;
- return GSS_S_BAD_BINDINGS;
- }
- if(memcmp(hash, p, sizeof(hash)) != 0) {
- *minor_status = 0;
- return GSS_S_BAD_BINDINGS;
- }
- }
-
- p += sizeof(hash);
-
- gssapi_decode_om_uint32(p, flags);
- p += 4;
-
- if (cksum->checksum.length > 24 && (*flags & GSS_C_DELEG_FLAG)) {
- if(cksum->checksum.length < 28) {
- *minor_status = 0;
- return GSS_S_BAD_BINDINGS;
- }
-
- DlgOpt = (p[0] << 0) | (p[1] << 8);
- p += 2;
- if (DlgOpt != 1) {
- *minor_status = 0;
- return GSS_S_BAD_BINDINGS;
- }
-
- fwd_data->length = (p[0] << 0) | (p[1] << 8);
- p += 2;
- if(cksum->checksum.length < 28 + fwd_data->length) {
- *minor_status = 0;
- return GSS_S_BAD_BINDINGS;
- }
- fwd_data->data = malloc(fwd_data->length);
- if (fwd_data->data == NULL) {
- *minor_status = ENOMEM;
- return GSS_S_FAILURE;
- }
- memcpy(fwd_data->data, p, fwd_data->length);
- }
-
- return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/accept_sec_context.c b/crypto/heimdal/lib/gssapi/accept_sec_context.c
deleted file mode 100644
index d923c36fd574..000000000000
--- a/crypto/heimdal/lib/gssapi/accept_sec_context.c
+++ /dev/null
@@ -1,445 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: accept_sec_context.c,v 1.33.2.2 2003/12/19 00:37:06 lha Exp $");
-
-krb5_keytab gssapi_krb5_keytab;
-
-OM_uint32
-gsskrb5_register_acceptor_identity (const char *identity)
-{
- krb5_error_code ret;
- char *p;
-
- ret = gssapi_krb5_init();
- if(ret)
- return GSS_S_FAILURE;
-
- if(gssapi_krb5_keytab != NULL) {
- krb5_kt_close(gssapi_krb5_context, gssapi_krb5_keytab);
- gssapi_krb5_keytab = NULL;
- }
- asprintf(&p, "FILE:%s", identity);
- if(p == NULL)
- return GSS_S_FAILURE;
- ret = krb5_kt_resolve(gssapi_krb5_context, p, &gssapi_krb5_keytab);
- free(p);
- if(ret)
- return GSS_S_FAILURE;
- return GSS_S_COMPLETE;
-}
-
-OM_uint32
-gss_accept_sec_context
- (OM_uint32 * minor_status,
- gss_ctx_id_t * context_handle,
- const gss_cred_id_t acceptor_cred_handle,
- const gss_buffer_t input_token_buffer,
- const gss_channel_bindings_t input_chan_bindings,
- gss_name_t * src_name,
- gss_OID * mech_type,
- gss_buffer_t output_token,
- OM_uint32 * ret_flags,
- OM_uint32 * time_rec,
- gss_cred_id_t * delegated_cred_handle
- )
-{
- krb5_error_code kret;
- OM_uint32 ret = GSS_S_COMPLETE;
- krb5_data indata;
- krb5_flags ap_options;
- OM_uint32 flags;
- krb5_ticket *ticket = NULL;
- krb5_keytab keytab = NULL;
- krb5_data fwd_data;
- OM_uint32 minor;
-
- GSSAPI_KRB5_INIT();
-
- krb5_data_zero (&fwd_data);
- output_token->length = 0;
- output_token->value = NULL;
-
- if (src_name != NULL)
- *src_name = NULL;
- if (mech_type)
- *mech_type = GSS_KRB5_MECHANISM;
-
- if (*context_handle == GSS_C_NO_CONTEXT) {
- *context_handle = malloc(sizeof(**context_handle));
- if (*context_handle == GSS_C_NO_CONTEXT) {
- *minor_status = ENOMEM;
- return GSS_S_FAILURE;
- }
- }
-
- (*context_handle)->auth_context = NULL;
- (*context_handle)->source = NULL;
- (*context_handle)->target = NULL;
- (*context_handle)->flags = 0;
- (*context_handle)->more_flags = 0;
- (*context_handle)->ticket = NULL;
- (*context_handle)->lifetime = GSS_C_INDEFINITE;
-
- kret = krb5_auth_con_init (gssapi_krb5_context,
- &(*context_handle)->auth_context);
- if (kret) {
- ret = GSS_S_FAILURE;
- *minor_status = kret;
- gssapi_krb5_set_error_string ();
- goto failure;
- }
-
- if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS
- && input_chan_bindings->application_data.length ==
- 2 * sizeof((*context_handle)->auth_context->local_port)
- ) {
-
- /* Port numbers are expected to be in application_data.value,
- * initator's port first */
-
- krb5_address initiator_addr, acceptor_addr;
-
- memset(&initiator_addr, 0, sizeof(initiator_addr));
- memset(&acceptor_addr, 0, sizeof(acceptor_addr));
-
- (*context_handle)->auth_context->remote_port =
- *(int16_t *) input_chan_bindings->application_data.value;
-
- (*context_handle)->auth_context->local_port =
- *((int16_t *) input_chan_bindings->application_data.value + 1);
-
-
- kret = gss_address_to_krb5addr(input_chan_bindings->acceptor_addrtype,
- &input_chan_bindings->acceptor_address,
- (*context_handle)->auth_context->local_port,
- &acceptor_addr);
- if (kret) {
- gssapi_krb5_set_error_string ();
- ret = GSS_S_BAD_BINDINGS;
- *minor_status = kret;
- goto failure;
- }
-
- kret = gss_address_to_krb5addr(input_chan_bindings->initiator_addrtype,
- &input_chan_bindings->initiator_address,
- (*context_handle)->auth_context->remote_port,
- &initiator_addr);
- if (kret) {
- krb5_free_address (gssapi_krb5_context, &acceptor_addr);
- gssapi_krb5_set_error_string ();
- ret = GSS_S_BAD_BINDINGS;
- *minor_status = kret;
- goto failure;
- }
-
- kret = krb5_auth_con_setaddrs(gssapi_krb5_context,
- (*context_handle)->auth_context,
- &acceptor_addr, /* local address */
- &initiator_addr); /* remote address */
-
- krb5_free_address (gssapi_krb5_context, &initiator_addr);
- krb5_free_address (gssapi_krb5_context, &acceptor_addr);
-
-#if 0
- free(input_chan_bindings->application_data.value);
- input_chan_bindings->application_data.value = NULL;
- input_chan_bindings->application_data.length = 0;
-#endif
-
- if (kret) {
- gssapi_krb5_set_error_string ();
- ret = GSS_S_BAD_BINDINGS;
- *minor_status = kret;
- goto failure;
- }
- }
-
-
-
- {
- int32_t tmp;
-
- krb5_auth_con_getflags(gssapi_krb5_context,
- (*context_handle)->auth_context,
- &tmp);
- tmp |= KRB5_AUTH_CONTEXT_DO_SEQUENCE;
- krb5_auth_con_setflags(gssapi_krb5_context,
- (*context_handle)->auth_context,
- tmp);
- }
-
- ret = gssapi_krb5_decapsulate (minor_status,
- input_token_buffer,
- &indata,
- "\x01\x00");
- if (ret)
- goto failure;
-
- if (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) {
- if (gssapi_krb5_keytab != NULL) {
- keytab = gssapi_krb5_keytab;
- }
- } else if (acceptor_cred_handle->keytab != NULL) {
- keytab = acceptor_cred_handle->keytab;
- }
-
- kret = krb5_rd_req (gssapi_krb5_context,
- &(*context_handle)->auth_context,
- &indata,
- (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) ? NULL
- : acceptor_cred_handle->principal,
- keytab,
- &ap_options,
- &ticket);
- if (kret) {
- ret = GSS_S_FAILURE;
- *minor_status = kret;
- gssapi_krb5_set_error_string ();
- goto failure;
- }
-
- kret = krb5_copy_principal (gssapi_krb5_context,
- ticket->client,
- &(*context_handle)->source);
- if (kret) {
- ret = GSS_S_FAILURE;
- *minor_status = kret;
- gssapi_krb5_set_error_string ();
- goto failure;
- }
-
- kret = krb5_copy_principal (gssapi_krb5_context,
- ticket->server,
- &(*context_handle)->target);
- if (kret) {
- ret = GSS_S_FAILURE;
- *minor_status = kret;
- gssapi_krb5_set_error_string ();
- goto failure;
- }
-
- ret = _gss_DES3_get_mic_compat(minor_status, *context_handle);
- if (ret)
- goto failure;
-
- if (src_name != NULL) {
- kret = krb5_copy_principal (gssapi_krb5_context,
- ticket->client,
- src_name);
- if (kret) {
- ret = GSS_S_FAILURE;
- *minor_status = kret;
- gssapi_krb5_set_error_string ();
- goto failure;
- }
- }
-
- {
- krb5_authenticator authenticator;
-
- kret = krb5_auth_con_getauthenticator(gssapi_krb5_context,
- (*context_handle)->auth_context,
- &authenticator);
- if(kret) {
- ret = GSS_S_FAILURE;
- *minor_status = kret;
- gssapi_krb5_set_error_string ();
- goto failure;
- }
-
- ret = gssapi_krb5_verify_8003_checksum(minor_status,
- input_chan_bindings,
- authenticator->cksum,
- &flags,
- &fwd_data);
- krb5_free_authenticator(gssapi_krb5_context, &authenticator);
- if (ret)
- goto failure;
- }
-
- if (fwd_data.length > 0 && (flags & GSS_C_DELEG_FLAG)) {
- krb5_ccache ccache;
- int32_t ac_flags;
-
- if (delegated_cred_handle == NULL)
- /* XXX Create a new delegated_cred_handle? */
- kret = krb5_cc_default (gssapi_krb5_context, &ccache);
- else if (*delegated_cred_handle == NULL) {
- if ((*delegated_cred_handle =
- calloc(1, sizeof(**delegated_cred_handle))) == NULL) {
- ret = GSS_S_FAILURE;
- *minor_status = ENOMEM;
- krb5_set_error_string(gssapi_krb5_context, "out of memory");
- gssapi_krb5_set_error_string();
- goto failure;
- }
- if ((ret = gss_duplicate_name(minor_status, ticket->client,
- &(*delegated_cred_handle)->principal)) != 0) {
- flags &= ~GSS_C_DELEG_FLAG;
- free(*delegated_cred_handle);
- *delegated_cred_handle = NULL;
- goto end_fwd;
- }
- }
- if (delegated_cred_handle != NULL &&
- (*delegated_cred_handle)->ccache == NULL) {
- kret = krb5_cc_gen_new (gssapi_krb5_context,
- &krb5_mcc_ops,
- &(*delegated_cred_handle)->ccache);
- ccache = (*delegated_cred_handle)->ccache;
- }
- if (delegated_cred_handle != NULL &&
- (*delegated_cred_handle)->mechanisms == NULL) {
- ret = gss_create_empty_oid_set(minor_status,
- &(*delegated_cred_handle)->mechanisms);
- if (ret)
- goto failure;
- ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
- &(*delegated_cred_handle)->mechanisms);
- if (ret)
- goto failure;
- }
-
- if (kret) {
- flags &= ~GSS_C_DELEG_FLAG;
- goto end_fwd;
- }
-
- kret = krb5_cc_initialize(gssapi_krb5_context,
- ccache,
- *src_name);
- if (kret) {
- flags &= ~GSS_C_DELEG_FLAG;
- goto end_fwd;
- }
-
- krb5_auth_con_getflags(gssapi_krb5_context,
- (*context_handle)->auth_context,
- &ac_flags);
- krb5_auth_con_setflags(gssapi_krb5_context,
- (*context_handle)->auth_context,
- ac_flags & ~KRB5_AUTH_CONTEXT_DO_TIME);
- kret = krb5_rd_cred2(gssapi_krb5_context,
- (*context_handle)->auth_context,
- ccache,
- &fwd_data);
- krb5_auth_con_setflags(gssapi_krb5_context,
- (*context_handle)->auth_context,
- ac_flags);
- if (kret) {
- flags &= ~GSS_C_DELEG_FLAG;
- goto end_fwd;
- }
-
- end_fwd:
- free(fwd_data.data);
- }
-
-
- flags |= GSS_C_TRANS_FLAG;
-
- if (ret_flags)
- *ret_flags = flags;
- (*context_handle)->lifetime = ticket->ticket.endtime;
- (*context_handle)->flags = flags;
- (*context_handle)->more_flags |= OPEN;
-
- if (mech_type)
- *mech_type = GSS_KRB5_MECHANISM;
-
- if (time_rec) {
- ret = gssapi_lifetime_left(minor_status,
- (*context_handle)->lifetime,
- time_rec);
- if (ret)
- goto failure;
- }
-
- if(flags & GSS_C_MUTUAL_FLAG) {
- krb5_data outbuf;
-
- kret = krb5_mk_rep (gssapi_krb5_context,
- (*context_handle)->auth_context,
- &outbuf);
- if (kret) {
- ret = GSS_S_FAILURE;
- *minor_status = kret;
- gssapi_krb5_set_error_string ();
- goto failure;
- }
- ret = gssapi_krb5_encapsulate (minor_status,
- &outbuf,
- output_token,
- "\x02\x00");
- krb5_data_free (&outbuf);
- if (ret)
- goto failure;
- } else {
- output_token->length = 0;
- output_token->value = NULL;
- }
-
- (*context_handle)->ticket = ticket;
- ticket = NULL;
-
-#if 0
- krb5_free_ticket (context, ticket);
-#endif
-
- *minor_status = 0;
- return GSS_S_COMPLETE;
-
- failure:
- if (fwd_data.length > 0)
- free(fwd_data.data);
- if (ticket != NULL)
- krb5_free_ticket (gssapi_krb5_context, ticket);
- krb5_auth_con_free (gssapi_krb5_context,
- (*context_handle)->auth_context);
- if((*context_handle)->source)
- krb5_free_principal (gssapi_krb5_context,
- (*context_handle)->source);
- if((*context_handle)->target)
- krb5_free_principal (gssapi_krb5_context,
- (*context_handle)->target);
- free (*context_handle);
- if (src_name != NULL) {
- gss_release_name (&minor, src_name);
- *src_name = NULL;
- }
- *context_handle = GSS_C_NO_CONTEXT;
- return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/acquire_cred.c b/crypto/heimdal/lib/gssapi/acquire_cred.c
deleted file mode 100644
index dfe2b4cca5cb..000000000000
--- a/crypto/heimdal/lib/gssapi/acquire_cred.c
+++ /dev/null
@@ -1,309 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: acquire_cred.c,v 1.13.2.1 2003/08/15 14:18:24 lha Exp $");
-
-static krb5_error_code
-get_keytab(krb5_keytab *keytab)
-{
- char kt_name[256];
- krb5_error_code kret;
-
- if (gssapi_krb5_keytab != NULL) {
- kret = krb5_kt_get_name(gssapi_krb5_context,
- gssapi_krb5_keytab,
- kt_name, sizeof(kt_name));
- if (kret == 0)
- kret = krb5_kt_resolve(gssapi_krb5_context, kt_name, keytab);
- } else
- kret = krb5_kt_default(gssapi_krb5_context, keytab);
- return (kret);
-}
-
-static OM_uint32 acquire_initiator_cred
- (OM_uint32 * minor_status,
- const gss_name_t desired_name,
- OM_uint32 time_req,
- const gss_OID_set desired_mechs,
- gss_cred_usage_t cred_usage,
- gss_cred_id_t handle,
- gss_OID_set * actual_mechs,
- OM_uint32 * time_rec
- )
-{
- OM_uint32 ret;
- krb5_creds cred;
- krb5_principal def_princ;
- krb5_get_init_creds_opt opt;
- krb5_ccache ccache;
- krb5_keytab keytab;
- krb5_error_code kret;
-
- keytab = NULL;
- ccache = NULL;
- def_princ = NULL;
- ret = GSS_S_FAILURE;
- memset(&cred, 0, sizeof(cred));
-
- kret = krb5_cc_default(gssapi_krb5_context, &ccache);
- if (kret)
- goto end;
- kret = krb5_cc_get_principal(gssapi_krb5_context, ccache,
- &def_princ);
- if (kret != 0) {
- /* we'll try to use a keytab below */
- krb5_cc_destroy(gssapi_krb5_context, ccache);
- ccache = NULL;
- kret = 0;
- } else if (handle->principal == NULL) {
- kret = krb5_copy_principal(gssapi_krb5_context, def_princ,
- &handle->principal);
- if (kret)
- goto end;
- } else if (handle->principal != NULL &&
- krb5_principal_compare(gssapi_krb5_context, handle->principal,
- def_princ) == FALSE) {
- /* Before failing, lets check the keytab */
- krb5_free_principal(gssapi_krb5_context, def_princ);
- def_princ = NULL;
- }
- if (def_princ == NULL) {
- /* We have no existing credentials cache,
- * so attempt to get a TGT using a keytab.
- */
- if (handle->principal == NULL) {
- kret = krb5_get_default_principal(gssapi_krb5_context,
- &handle->principal);
- if (kret)
- goto end;
- }
- kret = get_keytab(&keytab);
- if (kret)
- goto end;
- krb5_get_init_creds_opt_init(&opt);
- kret = krb5_get_init_creds_keytab(gssapi_krb5_context, &cred,
- handle->principal, keytab, 0, NULL, &opt);
- if (kret)
- goto end;
- kret = krb5_cc_gen_new(gssapi_krb5_context, &krb5_mcc_ops,
- &ccache);
- if (kret)
- goto end;
- kret = krb5_cc_initialize(gssapi_krb5_context, ccache, cred.client);
- if (kret)
- goto end;
- kret = krb5_cc_store_cred(gssapi_krb5_context, ccache, &cred);
- if (kret)
- goto end;
- handle->lifetime = cred.times.endtime;
- } else {
- krb5_creds in_cred, *out_cred;
- krb5_const_realm realm;
-
- memset(&in_cred, 0, sizeof(in_cred));
- in_cred.client = handle->principal;
-
- realm = krb5_principal_get_realm(gssapi_krb5_context,
- handle->principal);
- if (realm == NULL) {
- kret = KRB5_PRINC_NOMATCH; /* XXX */
- goto end;
- }
-
- kret = krb5_make_principal(gssapi_krb5_context, &in_cred.server,
- realm, KRB5_TGS_NAME, realm, NULL);
- if (kret)
- goto end;
-
- kret = krb5_get_credentials(gssapi_krb5_context, 0,
- ccache, &in_cred, &out_cred);
- krb5_free_principal(gssapi_krb5_context, in_cred.server);
- if (kret)
- goto end;
-
- handle->lifetime = out_cred->times.endtime;
- krb5_free_creds(gssapi_krb5_context, out_cred);
- }
-
- handle->ccache = ccache;
- ret = GSS_S_COMPLETE;
-
-end:
- if (cred.client != NULL)
- krb5_free_creds_contents(gssapi_krb5_context, &cred);
- if (def_princ != NULL)
- krb5_free_principal(gssapi_krb5_context, def_princ);
- if (keytab != NULL)
- krb5_kt_close(gssapi_krb5_context, keytab);
- if (ret != GSS_S_COMPLETE) {
- if (ccache != NULL)
- krb5_cc_close(gssapi_krb5_context, ccache);
- if (kret != 0) {
- *minor_status = kret;
- gssapi_krb5_set_error_string ();
- }
- }
- return (ret);
-}
-
-static OM_uint32 acquire_acceptor_cred
- (OM_uint32 * minor_status,
- const gss_name_t desired_name,
- OM_uint32 time_req,
- const gss_OID_set desired_mechs,
- gss_cred_usage_t cred_usage,
- gss_cred_id_t handle,
- gss_OID_set * actual_mechs,
- OM_uint32 * time_rec
- )
-{
- OM_uint32 ret;
- krb5_error_code kret;
-
- kret = 0;
- ret = GSS_S_FAILURE;
- kret = get_keytab(&handle->keytab);
- if (kret)
- goto end;
- ret = GSS_S_COMPLETE;
-
-end:
- if (ret != GSS_S_COMPLETE) {
- if (handle->keytab != NULL)
- krb5_kt_close(gssapi_krb5_context, handle->keytab);
- if (kret != 0) {
- *minor_status = kret;
- gssapi_krb5_set_error_string ();
- }
- }
- return (ret);
-}
-
-OM_uint32 gss_acquire_cred
- (OM_uint32 * minor_status,
- const gss_name_t desired_name,
- OM_uint32 time_req,
- const gss_OID_set desired_mechs,
- gss_cred_usage_t cred_usage,
- gss_cred_id_t * output_cred_handle,
- gss_OID_set * actual_mechs,
- OM_uint32 * time_rec
- )
-{
- gss_cred_id_t handle;
- OM_uint32 ret;
-
- GSSAPI_KRB5_INIT ();
-
- *output_cred_handle = NULL;
- if (time_rec)
- *time_rec = 0;
- if (actual_mechs)
- *actual_mechs = GSS_C_NO_OID_SET;
-
- if (desired_mechs) {
- OM_uint32 present = 0;
-
- ret = gss_test_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
- desired_mechs, &present);
- if (ret)
- return ret;
- if (!present) {
- *minor_status = 0;
- return GSS_S_BAD_MECH;
- }
- }
-
- handle = (gss_cred_id_t)malloc(sizeof(*handle));
- if (handle == GSS_C_NO_CREDENTIAL) {
- *minor_status = ENOMEM;
- return (GSS_S_FAILURE);
- }
-
- memset(handle, 0, sizeof (*handle));
-
- if (desired_name != GSS_C_NO_NAME) {
- ret = gss_duplicate_name(minor_status, desired_name,
- &handle->principal);
- if (ret != GSS_S_COMPLETE) {
- free(handle);
- return (ret);
- }
- }
- if (cred_usage == GSS_C_INITIATE || cred_usage == GSS_C_BOTH) {
- ret = acquire_initiator_cred(minor_status, desired_name, time_req,
- desired_mechs, cred_usage, handle, actual_mechs, time_rec);
- if (ret != GSS_S_COMPLETE) {
- free(handle);
- return (ret);
- }
- } else if (cred_usage == GSS_C_ACCEPT || cred_usage == GSS_C_BOTH) {
- ret = acquire_acceptor_cred(minor_status, desired_name, time_req,
- desired_mechs, cred_usage, handle, actual_mechs, time_rec);
- if (ret != GSS_S_COMPLETE) {
- free(handle);
- return (ret);
- }
- } else {
- free(handle);
- *minor_status = GSS_KRB5_S_G_BAD_USAGE;
- return GSS_S_FAILURE;
- }
- ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms);
- if (ret == GSS_S_COMPLETE)
- ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
- &handle->mechanisms);
- if (ret == GSS_S_COMPLETE)
- ret = gss_inquire_cred(minor_status, handle, NULL, time_rec, NULL,
- actual_mechs);
- if (ret != GSS_S_COMPLETE) {
- if (handle->mechanisms != NULL)
- gss_release_oid_set(NULL, &handle->mechanisms);
- free(handle);
- return (ret);
- }
- *minor_status = 0;
- if (time_rec) {
- ret = gssapi_lifetime_left(minor_status,
- handle->lifetime,
- time_rec);
-
- if (ret)
- return ret;
- }
- handle->usage = cred_usage;
- *output_cred_handle = handle;
- return (GSS_S_COMPLETE);
-}
diff --git a/crypto/heimdal/lib/gssapi/add_cred.c b/crypto/heimdal/lib/gssapi/add_cred.c
deleted file mode 100644
index 53d4f3370696..000000000000
--- a/crypto/heimdal/lib/gssapi/add_cred.c
+++ /dev/null
@@ -1,234 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: add_cred.c,v 1.2.2.1 2003/10/21 21:00:47 lha Exp $");
-
-OM_uint32 gss_add_cred (
- OM_uint32 *minor_status,
- const gss_cred_id_t input_cred_handle,
- const gss_name_t desired_name,
- const gss_OID desired_mech,
- gss_cred_usage_t cred_usage,
- OM_uint32 initiator_time_req,
- OM_uint32 acceptor_time_req,
- gss_cred_id_t *output_cred_handle,
- gss_OID_set *actual_mechs,
- OM_uint32 *initiator_time_rec,
- OM_uint32 *acceptor_time_rec)
-{
- OM_uint32 ret, lifetime;
- gss_cred_id_t cred, handle;
-
- handle = NULL;
- cred = input_cred_handle;
-
- if (gss_oid_equal(desired_mech, GSS_KRB5_MECHANISM) == 0) {
- *minor_status = 0;
- return GSS_S_BAD_MECH;
- }
-
- if (cred == GSS_C_NO_CREDENTIAL && output_cred_handle == NULL) {
- *minor_status = 0;
- return GSS_S_NO_CRED;
- }
-
- /* check if requested output usage is compatible with output usage */
- if (output_cred_handle != NULL &&
- (cred->usage != cred_usage && cred->usage != GSS_C_BOTH)) {
- *minor_status = GSS_KRB5_S_G_BAD_USAGE;
- return(GSS_S_FAILURE);
- }
-
- /* check that we have the same name */
- if (desired_name != GSS_C_NO_NAME &&
- krb5_principal_compare(gssapi_krb5_context, desired_name,
- cred->principal) != FALSE) {
- *minor_status = 0;
- return GSS_S_BAD_NAME;
- }
-
- /* make a copy */
- if (output_cred_handle) {
-
- handle = (gss_cred_id_t)malloc(sizeof(*handle));
- if (handle == GSS_C_NO_CREDENTIAL) {
- *minor_status = ENOMEM;
- return (GSS_S_FAILURE);
- }
-
- memset(handle, 0, sizeof (*handle));
-
- handle->usage = cred_usage;
- handle->lifetime = cred->lifetime;
- handle->principal = NULL;
- handle->keytab = NULL;
- handle->ccache = NULL;
- handle->mechanisms = NULL;
-
- ret = GSS_S_FAILURE;
-
- ret = gss_duplicate_name(minor_status, cred->principal,
- &handle->principal);
- if (ret) {
- free(handle);
- *minor_status = ENOMEM;
- return GSS_S_FAILURE;
- }
-
- if (cred->keytab) {
- krb5_error_code kret;
- char name[KRB5_KT_PREFIX_MAX_LEN + MAXPATHLEN];
- int len;
-
- ret = GSS_S_FAILURE;
-
- kret = krb5_kt_get_type(gssapi_krb5_context, cred->keytab,
- name, KRB5_KT_PREFIX_MAX_LEN);
- if (kret) {
- *minor_status = kret;
- goto failure;
- }
- len = strlen(name);
- name[len++] = ':';
-
- kret = krb5_kt_get_name(gssapi_krb5_context, cred->keytab,
- name + len,
- sizeof(name) - len);
- if (kret) {
- *minor_status = kret;
- goto failure;
- }
-
- kret = krb5_kt_resolve(gssapi_krb5_context, name,
- &handle->keytab);
- if (kret){
- *minor_status = kret;
- goto failure;
- }
- }
-
- if (cred->ccache) {
- krb5_error_code kret;
- const char *type, *name;
- char *type_name;
-
- ret = GSS_S_FAILURE;
-
- type = krb5_cc_get_type(gssapi_krb5_context, cred->ccache);
- if (type == NULL){
- *minor_status = ENOMEM;
- goto failure;
- }
-
- if (strcmp(type, "MEMORY") == 0) {
- ret = krb5_cc_gen_new(gssapi_krb5_context, &krb5_mcc_ops,
- &handle->ccache);
- if (ret) {
- *minor_status = ret;
- goto failure;
- }
-
- ret = krb5_cc_copy_cache(gssapi_krb5_context, cred->ccache,
- handle->ccache);
- if (ret) {
- *minor_status = ret;
- goto failure;
- }
-
- } else {
-
- name = krb5_cc_get_name(gssapi_krb5_context, cred->ccache);
- if (name == NULL) {
- *minor_status = ENOMEM;
- goto failure;
- }
-
- asprintf(&type_name, "%s:%s", type, name);
- if (type_name == NULL) {
- *minor_status = ENOMEM;
- goto failure;
- }
-
- kret = krb5_cc_resolve(gssapi_krb5_context, type_name,
- &handle->ccache);
- free(type_name);
- if (kret) {
- *minor_status = kret;
- goto failure;
- }
- }
- }
-
- ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms);
- if (ret)
- goto failure;
-
- ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
- &handle->mechanisms);
- if (ret)
- goto failure;
- }
-
- ret = gss_inquire_cred(minor_status, cred, NULL, &lifetime,
- NULL, actual_mechs);
- if (ret)
- goto failure;
-
- if (initiator_time_rec)
- *initiator_time_rec = lifetime;
- if (acceptor_time_rec)
- *acceptor_time_rec = lifetime;
-
- if (output_cred_handle)
- *output_cred_handle = handle;
-
- *minor_status = 0;
- return ret;
-
- failure:
-
- if (handle) {
- if (handle->principal)
- gss_release_name(NULL, &handle->principal);
- if (handle->keytab)
- krb5_kt_close(gssapi_krb5_context, handle->keytab);
- if (handle->ccache)
- krb5_cc_destroy(gssapi_krb5_context, handle->ccache);
- if (handle->mechanisms)
- gss_release_oid_set(NULL, &handle->mechanisms);
- free(handle);
- }
- return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/add_oid_set_member.c b/crypto/heimdal/lib/gssapi/add_oid_set_member.c
deleted file mode 100644
index ed654fc8c5b8..000000000000
--- a/crypto/heimdal/lib/gssapi/add_oid_set_member.c
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: add_oid_set_member.c,v 1.8 2003/03/16 17:50:49 lha Exp $");
-
-OM_uint32 gss_add_oid_set_member (
- OM_uint32 * minor_status,
- const gss_OID member_oid,
- gss_OID_set * oid_set
- )
-{
- gss_OID tmp;
- size_t n;
- OM_uint32 res;
- int present;
-
- res = gss_test_oid_set_member(minor_status, member_oid, *oid_set, &present);
- if (res != GSS_S_COMPLETE)
- return res;
-
- if (present) {
- *minor_status = 0;
- return GSS_S_COMPLETE;
- }
-
- n = (*oid_set)->count + 1;
- tmp = realloc ((*oid_set)->elements, n * sizeof(gss_OID_desc));
- if (tmp == NULL) {
- *minor_status = ENOMEM;
- return GSS_S_FAILURE;
- }
- (*oid_set)->elements = tmp;
- (*oid_set)->count = n;
- (*oid_set)->elements[n-1] = *member_oid;
- *minor_status = 0;
- return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/address_to_krb5addr.c b/crypto/heimdal/lib/gssapi/address_to_krb5addr.c
deleted file mode 100644
index c8041aa93626..000000000000
--- a/crypto/heimdal/lib/gssapi/address_to_krb5addr.c
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-#include <roken.h>
-
-krb5_error_code
-gss_address_to_krb5addr(OM_uint32 gss_addr_type,
- gss_buffer_desc *gss_addr,
- int16_t port,
- krb5_address *address)
-{
- int addr_type;
- struct sockaddr sa;
- int sa_size = sizeof(sa);
- krb5_error_code problem;
-
- if (gss_addr == NULL)
- return GSS_S_FAILURE;
-
- switch (gss_addr_type) {
-#ifdef HAVE_IPV6
- case GSS_C_AF_INET6: addr_type = AF_INET6;
- break;
-#endif /* HAVE_IPV6 */
-
- case GSS_C_AF_INET: addr_type = AF_INET;
- break;
- default:
- return GSS_S_FAILURE;
- }
-
- problem = krb5_h_addr2sockaddr (gssapi_krb5_context,
- addr_type,
- gss_addr->value,
- &sa,
- &sa_size,
- port);
- if (problem)
- return GSS_S_FAILURE;
-
- problem = krb5_sockaddr2address (gssapi_krb5_context, &sa, address);
-
- return problem;
-}
diff --git a/crypto/heimdal/lib/gssapi/arcfour.c b/crypto/heimdal/lib/gssapi/arcfour.c
deleted file mode 100644
index 66d688ca0b58..000000000000
--- a/crypto/heimdal/lib/gssapi/arcfour.c
+++ /dev/null
@@ -1,623 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-/*
- * Implements draft-brezak-win2k-krb-rc4-hmac-04.txt
- */
-
-RCSID("$Id: arcfour.c,v 1.12.2.3 2003/09/19 15:15:11 lha Exp $");
-
-static krb5_error_code
-arcfour_mic_key(krb5_context context, krb5_keyblock *key,
- void *cksum_data, size_t cksum_size,
- void *key6_data, size_t key6_size)
-{
- krb5_error_code ret;
-
- Checksum cksum_k5;
- krb5_keyblock key5;
- char k5_data[16];
-
- Checksum cksum_k6;
-
- char T[4];
-
- memset(T, 0, 4);
- cksum_k5.checksum.data = k5_data;
- cksum_k5.checksum.length = sizeof(k5_data);
-
- if (key->keytype == KEYTYPE_ARCFOUR_56) {
- char L40[14] = "fortybits";
-
- memcpy(L40 + 10, T, sizeof(T));
- ret = krb5_hmac(context, CKSUMTYPE_RSA_MD5,
- L40, 14, 0, key, &cksum_k5);
- memset(&k5_data[7], 0xAB, 9);
- } else {
- ret = krb5_hmac(context, CKSUMTYPE_RSA_MD5,
- T, 4, 0, key, &cksum_k5);
- }
- if (ret)
- return ret;
-
- key5.keytype = KEYTYPE_ARCFOUR;
- key5.keyvalue = cksum_k5.checksum;
-
- cksum_k6.checksum.data = key6_data;
- cksum_k6.checksum.length = key6_size;
-
- return krb5_hmac(context, CKSUMTYPE_RSA_MD5,
- cksum_data, cksum_size, 0, &key5, &cksum_k6);
-}
-
-
-static krb5_error_code
-arcfour_mic_cksum(krb5_keyblock *key, unsigned usage,
- u_char *sgn_cksum, size_t sgn_cksum_sz,
- const char *v1, size_t l1,
- const void *v2, size_t l2,
- const void *v3, size_t l3)
-{
- Checksum CKSUM;
- u_char *ptr;
- size_t len;
- krb5_crypto crypto;
- krb5_error_code ret;
-
- assert(sgn_cksum_sz == 8);
-
- len = l1 + l2 + l3;
-
- ptr = malloc(len);
- if (ptr == NULL)
- return ENOMEM;
-
- memcpy(ptr, v1, l1);
- memcpy(ptr + l1, v2, l2);
- memcpy(ptr + l1 + l2, v3, l3);
-
- ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto);
- if (ret) {
- free(ptr);
- return ret;
- }
-
- ret = krb5_create_checksum(gssapi_krb5_context,
- crypto,
- usage,
- 0,
- ptr, len,
- &CKSUM);
- free(ptr);
- if (ret == 0) {
- memcpy(sgn_cksum, CKSUM.checksum.data, sgn_cksum_sz);
- free_Checksum(&CKSUM);
- }
- krb5_crypto_destroy(gssapi_krb5_context, crypto);
-
- return ret;
-}
-
-
-OM_uint32
-_gssapi_get_mic_arcfour(OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
- gss_qop_t qop_req,
- const gss_buffer_t message_buffer,
- gss_buffer_t message_token,
- krb5_keyblock *key)
-{
- krb5_error_code ret;
- int32_t seq_number;
- size_t len, total_len;
- u_char k6_data[16], *p0, *p;
- RC4_KEY rc4_key;
-
- gssapi_krb5_encap_length (22, &len, &total_len);
-
- message_token->length = total_len;
- message_token->value = malloc (total_len);
- if (message_token->value == NULL) {
- *minor_status = ENOMEM;
- return GSS_S_FAILURE;
- }
-
- p0 = _gssapi_make_mech_header(message_token->value,
- len);
- p = p0;
-
- *p++ = 0x01; /* TOK_ID */
- *p++ = 0x01;
- *p++ = 0x11; /* SGN_ALG */
- *p++ = 0x00;
- *p++ = 0xff; /* Filler */
- *p++ = 0xff;
- *p++ = 0xff;
- *p++ = 0xff;
-
- p = NULL;
-
- ret = arcfour_mic_cksum(key, KRB5_KU_USAGE_SIGN,
- p0 + 16, 8, /* SGN_CKSUM */
- p0, 8, /* TOK_ID, SGN_ALG, Filer */
- message_buffer->value, message_buffer->length,
- NULL, 0);
- if (ret) {
- gss_release_buffer(minor_status, message_token);
- *minor_status = ret;
- return GSS_S_FAILURE;
- }
-
- ret = arcfour_mic_key(gssapi_krb5_context, key,
- p0 + 16, 8, /* SGN_CKSUM */
- k6_data, sizeof(k6_data));
- if (ret) {
- gss_release_buffer(minor_status, message_token);
- *minor_status = ret;
- return GSS_S_FAILURE;
- }
-
- krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,
- context_handle->auth_context,
- &seq_number);
- p = p0 + 8; /* SND_SEQ */
- gssapi_encode_be_om_uint32(seq_number, p);
-
- krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,
- context_handle->auth_context,
- ++seq_number);
-
- memset (p + 4, (context_handle->more_flags & LOCAL) ? 0 : 0xff, 4);
-
- RC4_set_key (&rc4_key, sizeof(k6_data), k6_data);
- RC4 (&rc4_key, 8, p, p);
-
- memset(&rc4_key, 0, sizeof(rc4_key));
- memset(k6_data, 0, sizeof(k6_data));
-
- *minor_status = 0;
- return GSS_S_COMPLETE;
-}
-
-
-OM_uint32
-_gssapi_verify_mic_arcfour(OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
- const gss_buffer_t message_buffer,
- const gss_buffer_t token_buffer,
- gss_qop_t * qop_state,
- krb5_keyblock *key,
- char *type)
-{
- krb5_error_code ret;
- int32_t seq_number, seq_number2;
- OM_uint32 omret;
- char cksum_data[8], k6_data[16], SND_SEQ[8];
- u_char *p;
- int cmp;
-
- if (qop_state)
- *qop_state = 0;
-
- p = token_buffer->value;
- omret = gssapi_krb5_verify_header (&p,
- token_buffer->length,
- type);
- if (omret)
- return omret;
-
- if (memcmp(p, "\x11\x00", 2) != 0) /* SGN_ALG = HMAC MD5 ARCFOUR */
- return GSS_S_BAD_SIG;
- p += 2;
- if (memcmp (p, "\xff\xff\xff\xff", 4) != 0)
- return GSS_S_BAD_MIC;
- p += 4;
-
- ret = arcfour_mic_cksum(key, KRB5_KU_USAGE_SIGN,
- cksum_data, sizeof(cksum_data),
- p - 8, 8,
- message_buffer->value, message_buffer->length,
- NULL, 0);
- if (ret) {
- *minor_status = ret;
- return GSS_S_FAILURE;
- }
-
- ret = arcfour_mic_key(gssapi_krb5_context, key,
- cksum_data, sizeof(cksum_data),
- k6_data, sizeof(k6_data));
- if (ret) {
- *minor_status = ret;
- return GSS_S_FAILURE;
- }
-
- cmp = memcmp(cksum_data, p + 8, 8);
- if (cmp) {
- *minor_status = 0;
- return GSS_S_BAD_MIC;
- }
-
- {
- RC4_KEY rc4_key;
-
- RC4_set_key (&rc4_key, sizeof(k6_data), k6_data);
- RC4 (&rc4_key, 8, p, SND_SEQ);
-
- memset(&rc4_key, 0, sizeof(rc4_key));
- memset(k6_data, 0, sizeof(k6_data));
- }
-
- gssapi_decode_be_om_uint32(SND_SEQ, &seq_number);
-
- if (context_handle->more_flags & LOCAL)
- cmp = memcmp(&SND_SEQ[4], "\xff\xff\xff\xff", 4);
- else
- cmp = memcmp(&SND_SEQ[4], "\x00\x00\x00\x00", 4);
-
- memset(SND_SEQ, 0, sizeof(SND_SEQ));
- if (cmp != 0) {
- *minor_status = 0;
- return GSS_S_BAD_MIC;
- }
-
- krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,
- context_handle->auth_context,
- &seq_number2);
-
- if (seq_number != seq_number2) {
- *minor_status = 0;
- return GSS_S_UNSEQ_TOKEN;
- }
-
- krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,
- context_handle->auth_context,
- ++seq_number2);
-
- *minor_status = 0;
- return GSS_S_COMPLETE;
-}
-
-OM_uint32
-_gssapi_wrap_arcfour(OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
- int conf_req_flag,
- gss_qop_t qop_req,
- const gss_buffer_t input_message_buffer,
- int * conf_state,
- gss_buffer_t output_message_buffer,
- krb5_keyblock *key)
-{
- u_char Klocaldata[16], k6_data[16], *p, *p0;
- size_t len, total_len, datalen;
- krb5_keyblock Klocal;
- krb5_error_code ret;
- int32_t seq_number;
-
- if (conf_state)
- *conf_state = 0;
-
- datalen = input_message_buffer->length + 1 /* padding */;
- len = datalen + 30;
- gssapi_krb5_encap_length (len, &len, &total_len);
-
- output_message_buffer->length = total_len;
- output_message_buffer->value = malloc (total_len);
- if (output_message_buffer->value == NULL) {
- *minor_status = ENOMEM;
- return GSS_S_FAILURE;
- }
-
- p0 = _gssapi_make_mech_header(output_message_buffer->value,
- len);
- p = p0;
-
- *p++ = 0x02; /* TOK_ID */
- *p++ = 0x01;
- *p++ = 0x11; /* SGN_ALG */
- *p++ = 0x00;
- if (conf_req_flag) {
- *p++ = 0x10; /* SEAL_ALG */
- *p++ = 0x00;
- } else {
- *p++ = 0xff; /* SEAL_ALG */
- *p++ = 0xff;
- }
- *p++ = 0xff; /* Filler */
- *p++ = 0xff;
-
- p = NULL;
-
- krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,
- context_handle->auth_context,
- &seq_number);
-
- gssapi_encode_be_om_uint32(seq_number, p0 + 8);
-
- krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,
- context_handle->auth_context,
- ++seq_number);
-
- memset (p0 + 8 + 4,
- (context_handle->more_flags & LOCAL) ? 0 : 0xff,
- 4);
-
- krb5_generate_random_block(p0 + 24, 8); /* fill in Confounder */
-
- /* p points to data */
- p = p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE;
- memcpy(p, input_message_buffer->value, input_message_buffer->length);
- p[input_message_buffer->length] = 1; /* PADDING */
-
- ret = arcfour_mic_cksum(key, KRB5_KU_USAGE_SEAL,
- p0 + 16, 8, /* SGN_CKSUM */
- p0, 8, /* TOK_ID, SGN_ALG, SEAL_ALG, Filler */
- p0 + 24, 8, /* Confounder */
- p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE,
- datalen);
- if (ret) {
- *minor_status = ret;
- gss_release_buffer(minor_status, output_message_buffer);
- return GSS_S_FAILURE;
- }
-
- {
- int i;
-
- Klocal.keytype = key->keytype;
- Klocal.keyvalue.data = Klocaldata;
- Klocal.keyvalue.length = sizeof(Klocaldata);
-
- for (i = 0; i < 16; i++)
- Klocaldata[i] = ((u_char *)key->keyvalue.data)[i] ^ 0xF0;
- }
- ret = arcfour_mic_key(gssapi_krb5_context, &Klocal,
- p0 + 8, 4, /* SND_SEQ */
- k6_data, sizeof(k6_data));
- memset(Klocaldata, 0, sizeof(Klocaldata));
- if (ret) {
- gss_release_buffer(minor_status, output_message_buffer);
- *minor_status = ret;
- return GSS_S_FAILURE;
- }
-
-
- if(conf_req_flag) {
- RC4_KEY rc4_key;
-
- RC4_set_key (&rc4_key, sizeof(k6_data), k6_data);
- /* XXX ? */
- RC4 (&rc4_key, 8 + datalen, p0 + 24, p0 + 24); /* Confounder + data */
- memset(&rc4_key, 0, sizeof(rc4_key));
- }
- memset(k6_data, 0, sizeof(k6_data));
-
- ret = arcfour_mic_key(gssapi_krb5_context, key,
- p0 + 16, 8, /* SGN_CKSUM */
- k6_data, sizeof(k6_data));
- if (ret) {
- gss_release_buffer(minor_status, output_message_buffer);
- *minor_status = ret;
- return GSS_S_FAILURE;
- }
-
- {
- RC4_KEY rc4_key;
-
- RC4_set_key (&rc4_key, sizeof(k6_data), k6_data);
- RC4 (&rc4_key, 8, p0 + 8, p0 + 8); /* SND_SEQ */
- memset(&rc4_key, 0, sizeof(rc4_key));
- memset(k6_data, 0, sizeof(k6_data));
- }
-
- if (conf_state)
- *conf_state = conf_req_flag;
-
- *minor_status = 0;
- return GSS_S_COMPLETE;
-}
-
-OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status,
- const gss_ctx_id_t context_handle,
- const gss_buffer_t input_message_buffer,
- gss_buffer_t output_message_buffer,
- int *conf_state,
- gss_qop_t *qop_state,
- krb5_keyblock *key)
-{
- u_char Klocaldata[16];
- krb5_keyblock Klocal;
- krb5_error_code ret;
- int32_t seq_number, seq_number2;
- size_t datalen;
- OM_uint32 omret;
- char k6_data[16], SND_SEQ[8], Confounder[8];
- char cksum_data[8];
- u_char *p, *p0;
- int cmp;
- int conf_flag;
- size_t padlen;
-
- if (conf_state)
- *conf_state = 0;
- if (qop_state)
- *qop_state = 0;
-
- p0 = input_message_buffer->value;
- omret = _gssapi_verify_mech_header(&p0,
- input_message_buffer->length);
- if (omret)
- return omret;
- p = p0;
-
- datalen = input_message_buffer->length -
- (p - ((u_char *)input_message_buffer->value)) -
- GSS_ARCFOUR_WRAP_TOKEN_SIZE;
-
- if (memcmp(p, "\x02\x01", 2) != 0)
- return GSS_S_BAD_SIG;
- p += 2;
- if (memcmp(p, "\x11\x00", 2) != 0) /* SGN_ALG = HMAC MD5 ARCFOUR */
- return GSS_S_BAD_SIG;
- p += 2;
-
- if (memcmp (p, "\x10\x00", 2) == 0)
- conf_flag = 1;
- else if (memcmp (p, "\xff\xff", 2) == 0)
- conf_flag = 0;
- else
- return GSS_S_BAD_SIG;
-
- p += 2;
- if (memcmp (p, "\xff\xff", 2) != 0)
- return GSS_S_BAD_MIC;
- p = NULL;
-
- ret = arcfour_mic_key(gssapi_krb5_context, key,
- p0 + 16, 8, /* SGN_CKSUM */
- k6_data, sizeof(k6_data));
- if (ret) {
- *minor_status = ret;
- return GSS_S_FAILURE;
- }
-
- {
- RC4_KEY rc4_key;
-
- RC4_set_key (&rc4_key, sizeof(k6_data), k6_data);
- RC4 (&rc4_key, 8, p0 + 8, SND_SEQ); /* SND_SEQ */
- memset(&rc4_key, 0, sizeof(rc4_key));
- memset(k6_data, 0, sizeof(k6_data));
- }
-
- gssapi_decode_be_om_uint32(SND_SEQ, &seq_number);
-
- if (context_handle->more_flags & LOCAL)
- cmp = memcmp(&SND_SEQ[4], "\xff\xff\xff\xff", 4);
- else
- cmp = memcmp(&SND_SEQ[4], "\x00\x00\x00\x00", 4);
-
- if (cmp != 0) {
- *minor_status = 0;
- return GSS_S_BAD_MIC;
- }
-
- {
- int i;
-
- Klocal.keytype = key->keytype;
- Klocal.keyvalue.data = Klocaldata;
- Klocal.keyvalue.length = sizeof(Klocaldata);
-
- for (i = 0; i < 16; i++)
- Klocaldata[i] = ((u_char *)key->keyvalue.data)[i] ^ 0xF0;
- }
- ret = arcfour_mic_key(gssapi_krb5_context, &Klocal,
- SND_SEQ, 4,
- k6_data, sizeof(k6_data));
- memset(Klocaldata, 0, sizeof(Klocaldata));
- if (ret) {
- *minor_status = ret;
- return GSS_S_FAILURE;
- }
-
- output_message_buffer->value = malloc(datalen);
- if (output_message_buffer->value == NULL) {
- *minor_status = ENOMEM;
- return GSS_S_FAILURE;
- }
- output_message_buffer->length = datalen;
-
- if(conf_flag) {
- RC4_KEY rc4_key;
-
- RC4_set_key (&rc4_key, sizeof(k6_data), k6_data);
- RC4 (&rc4_key, 8, p0 + 24, Confounder); /* Confounder */
- RC4 (&rc4_key, datalen, p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE,
- output_message_buffer->value);
- memset(&rc4_key, 0, sizeof(rc4_key));
- } else {
- memcpy(Confounder, p0 + 24, 8); /* Confounder */
- memcpy(output_message_buffer->value,
- p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE,
- datalen);
- }
- memset(k6_data, 0, sizeof(k6_data));
-
- ret = _gssapi_verify_pad(output_message_buffer, datalen, &padlen);
- if (ret) {
- gss_release_buffer(minor_status, output_message_buffer);
- *minor_status = 0;
- return ret;
- }
- output_message_buffer->length -= padlen;
-
- ret = arcfour_mic_cksum(key, KRB5_KU_USAGE_SEAL,
- cksum_data, sizeof(cksum_data),
- p0, 8,
- Confounder, sizeof(Confounder),
- output_message_buffer->value,
- output_message_buffer->length + padlen);
- if (ret) {
- gss_release_buffer(minor_status, output_message_buffer);
- *minor_status = ret;
- return GSS_S_FAILURE;
- }
-
- cmp = memcmp(cksum_data, p0 + 16, 8); /* SGN_CKSUM */
- if (cmp) {
- gss_release_buffer(minor_status, output_message_buffer);
- *minor_status = 0;
- return GSS_S_BAD_MIC;
- }
-
- krb5_auth_getremoteseqnumber (gssapi_krb5_context,
- context_handle->auth_context,
- &seq_number2);
-
- if (seq_number != seq_number2) {
- *minor_status = 0;
- return GSS_S_UNSEQ_TOKEN;
- }
-
- krb5_auth_con_setremoteseqnumber (gssapi_krb5_context,
- context_handle->auth_context,
- ++seq_number2);
-
- if (conf_state)
- *conf_state = conf_flag;
-
- *minor_status = 0;
- return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/arcfour.h b/crypto/heimdal/lib/gssapi/arcfour.h
deleted file mode 100644
index 88bdfb119f44..000000000000
--- a/crypto/heimdal/lib/gssapi/arcfour.h
+++ /dev/null
@@ -1,98 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: arcfour.h,v 1.3.2.2 2003/09/19 15:14:14 lha Exp $ */
-
-#ifndef GSSAPI_ARCFOUR_H_
-#define GSSAPI_ARCFOUR_H_ 1
-
-/*
- * The arcfour message have the following formats, these are only here
- * for reference and is not used.
- */
-
-#if 0
-typedef struct gss_arcfour_mic_token {
- u_char TOK_ID[2]; /* 01 01 */
- u_char SGN_ALG[2]; /* 11 00 */
- u_char Filler[4];
- u_char SND_SEQ[8];
- u_char SGN_CKSUM[8];
-} gss_arcfour_mic_token_desc, *gss_arcfour_mic_token;
-
-typedef struct gss_arcfour_wrap_token {
- u_char TOK_ID[2]; /* 02 01 */
- u_char SGN_ALG[2];
- u_char SEAL_ALG[2];
- u_char Filler[2];
- u_char SND_SEQ[8];
- u_char SGN_CKSUM[8];
- u_char Confounder[8];
-} gss_arcfour_wrap_token_desc, *gss_arcfour_wrap_token;
-#endif
-
-#define GSS_ARCFOUR_WRAP_TOKEN_SIZE 32
-
-OM_uint32 _gssapi_wrap_arcfour(OM_uint32 *minor_status,
- const gss_ctx_id_t context_handle,
- int conf_req_flag,
- gss_qop_t qop_req,
- const gss_buffer_t input_message_buffer,
- int *conf_state,
- gss_buffer_t output_message_buffer,
- krb5_keyblock *key);
-
-OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status,
- const gss_ctx_id_t context_handle,
- const gss_buffer_t input_message_buffer,
- gss_buffer_t output_message_buffer,
- int *conf_state,
- gss_qop_t *qop_state,
- krb5_keyblock *key);
-
-OM_uint32 _gssapi_get_mic_arcfour(OM_uint32 *minor_status,
- const gss_ctx_id_t context_handle,
- gss_qop_t qop_req,
- const gss_buffer_t message_buffer,
- gss_buffer_t message_token,
- krb5_keyblock *key);
-
-OM_uint32 _gssapi_verify_mic_arcfour(OM_uint32 *minor_status,
- const gss_ctx_id_t context_handle,
- const gss_buffer_t message_buffer,
- const gss_buffer_t token_buffer,
- gss_qop_t *qop_state,
- krb5_keyblock *key,
- char *type);
-
-#endif /* GSSAPI_ARCFOUR_H_ */
diff --git a/crypto/heimdal/lib/gssapi/canonicalize_name.c b/crypto/heimdal/lib/gssapi/canonicalize_name.c
deleted file mode 100644
index afa39f3a4f96..000000000000
--- a/crypto/heimdal/lib/gssapi/canonicalize_name.c
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: canonicalize_name.c,v 1.2 1999/12/02 17:05:03 joda Exp $");
-
-OM_uint32 gss_canonicalize_name (
- OM_uint32 * minor_status,
- const gss_name_t input_name,
- const gss_OID mech_type,
- gss_name_t * output_name
- )
-{
- return gss_duplicate_name (minor_status, input_name, output_name);
-}
diff --git a/crypto/heimdal/lib/gssapi/compat.c b/crypto/heimdal/lib/gssapi/compat.c
deleted file mode 100644
index 311b1cb71a1e..000000000000
--- a/crypto/heimdal/lib/gssapi/compat.c
+++ /dev/null
@@ -1,113 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: compat.c,v 1.2.2.2 2003/04/28 13:58:09 lha Exp $");
-
-
-static krb5_error_code
-check_compat(OM_uint32 *minor_status, gss_name_t name,
- const char *option, krb5_boolean *compat,
- krb5_boolean match_val)
-{
- krb5_error_code ret = 0;
- char **p, **q;
- krb5_principal match;
-
-
- p = krb5_config_get_strings(gssapi_krb5_context, NULL, "gssapi",
- option, NULL);
- if(p == NULL)
- return 0;
-
- for(q = p; *q; q++) {
-
- ret = krb5_parse_name(gssapi_krb5_context, *q, &match);
- if (ret)
- break;
-
- if (krb5_principal_match(gssapi_krb5_context, name, match)) {
- *compat = match_val;
- break;
- }
-
- krb5_free_principal(gssapi_krb5_context, match);
- }
- krb5_config_free_strings(p);
-
- if (ret) {
- *minor_status = ret;
- return GSS_S_FAILURE;
- }
-
- return 0;
-}
-
-OM_uint32
-_gss_DES3_get_mic_compat(OM_uint32 *minor_status, gss_ctx_id_t ctx)
-{
- krb5_boolean use_compat = TRUE;
- OM_uint32 ret;
-
- if ((ctx->more_flags & COMPAT_OLD_DES3_SELECTED) == 0) {
- ret = check_compat(minor_status, ctx->target,
- "broken_des3_mic", &use_compat, TRUE);
- if (ret)
- return ret;
- ret = check_compat(minor_status, ctx->target,
- "correct_des3_mic", &use_compat, FALSE);
- if (ret)
- return ret;
-
- if (use_compat)
- ctx->more_flags |= COMPAT_OLD_DES3;
- ctx->more_flags |= COMPAT_OLD_DES3_SELECTED;
- }
- return 0;
-}
-
-OM_uint32
-gss_krb5_compat_des3_mic(OM_uint32 *minor_status, gss_ctx_id_t ctx, int on)
-{
- *minor_status = 0;
-
- if (on) {
- ctx->more_flags |= COMPAT_OLD_DES3;
- } else {
- ctx->more_flags &= ~COMPAT_OLD_DES3;
- }
- ctx->more_flags |= COMPAT_OLD_DES3_SELECTED;
-
- return 0;
-}
diff --git a/crypto/heimdal/lib/gssapi/context_time.c b/crypto/heimdal/lib/gssapi/context_time.c
deleted file mode 100644
index daeb25f26d00..000000000000
--- a/crypto/heimdal/lib/gssapi/context_time.c
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: context_time.c,v 1.7.2.1 2003/08/15 14:25:50 lha Exp $");
-
-OM_uint32
-gssapi_lifetime_left(OM_uint32 *minor_status,
- OM_uint32 lifetime,
- OM_uint32 *lifetime_rec)
-{
- krb5_timestamp timeret;
- krb5_error_code kret;
-
- kret = krb5_timeofday(gssapi_krb5_context, &timeret);
- if (kret) {
- *minor_status = kret;
- gssapi_krb5_set_error_string ();
- return GSS_S_FAILURE;
- }
-
- if (lifetime < timeret)
- *lifetime_rec = 0;
- else
- *lifetime_rec = lifetime - timeret;
-
- return GSS_S_COMPLETE;
-}
-
-
-OM_uint32 gss_context_time
- (OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
- OM_uint32 * time_rec
- )
-{
- OM_uint32 lifetime;
- OM_uint32 major_status;
-
- GSSAPI_KRB5_INIT ();
-
- lifetime = context_handle->lifetime;
-
- major_status = gssapi_lifetime_left(minor_status, lifetime, time_rec);
- if (major_status != GSS_S_COMPLETE)
- return major_status;
-
- *minor_status = 0;
-
- if (*time_rec == 0)
- return GSS_S_CONTEXT_EXPIRED;
-
- return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/create_emtpy_oid_set.c b/crypto/heimdal/lib/gssapi/create_emtpy_oid_set.c
deleted file mode 100644
index 1a25e0d7815e..000000000000
--- a/crypto/heimdal/lib/gssapi/create_emtpy_oid_set.c
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: create_emtpy_oid_set.c,v 1.5 2003/03/16 17:47:07 lha Exp $");
-
-OM_uint32 gss_create_empty_oid_set (
- OM_uint32 * minor_status,
- gss_OID_set * oid_set
- )
-{
- *oid_set = malloc(sizeof(**oid_set));
- if (*oid_set == NULL) {
- *minor_status = ENOMEM;
- return GSS_S_FAILURE;
- }
- (*oid_set)->count = 0;
- (*oid_set)->elements = NULL;
- *minor_status = 0;
- return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/decapsulate.c b/crypto/heimdal/lib/gssapi/decapsulate.c
deleted file mode 100644
index 242545352880..000000000000
--- a/crypto/heimdal/lib/gssapi/decapsulate.c
+++ /dev/null
@@ -1,184 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: decapsulate.c,v 1.7.6.1 2003/09/18 22:00:41 lha Exp $");
-
-OM_uint32
-gssapi_krb5_verify_header(u_char **str,
- size_t total_len,
- char *type)
-{
- size_t len, len_len, mech_len, foo;
- int e;
- u_char *p = *str;
-
- if (total_len < 1)
- return GSS_S_DEFECTIVE_TOKEN;
- if (*p++ != 0x60)
- return GSS_S_DEFECTIVE_TOKEN;
- e = der_get_length (p, total_len - 1, &len, &len_len);
- if (e || 1 + len_len + len != total_len)
- return GSS_S_DEFECTIVE_TOKEN;
- p += len_len;
- if (*p++ != 0x06)
- return GSS_S_DEFECTIVE_TOKEN;
- e = der_get_length (p, total_len - 1 - len_len - 1,
- &mech_len, &foo);
- if (e)
- return GSS_S_DEFECTIVE_TOKEN;
- p += foo;
- if (mech_len != GSS_KRB5_MECHANISM->length)
- return GSS_S_BAD_MECH;
- if (memcmp(p,
- GSS_KRB5_MECHANISM->elements,
- GSS_KRB5_MECHANISM->length) != 0)
- return GSS_S_BAD_MECH;
- p += mech_len;
- if (memcmp (p, type, 2) != 0)
- return GSS_S_DEFECTIVE_TOKEN;
- p += 2;
- *str = p;
- return GSS_S_COMPLETE;
-}
-
-static ssize_t
-gssapi_krb5_get_mech (const u_char *ptr,
- size_t total_len,
- const u_char **mech_ret)
-{
- size_t len, len_len, mech_len, foo;
- const u_char *p = ptr;
- int e;
-
- if (total_len < 1)
- return -1;
- if (*p++ != 0x60)
- return -1;
- e = der_get_length (p, total_len - 1, &len, &len_len);
- if (e || 1 + len_len + len != total_len)
- return -1;
- p += len_len;
- if (*p++ != 0x06)
- return -1;
- e = der_get_length (p, total_len - 1 - len_len - 1,
- &mech_len, &foo);
- if (e)
- return -1;
- p += foo;
- *mech_ret = p;
- return mech_len;
-}
-
-OM_uint32
-_gssapi_verify_mech_header(u_char **str,
- size_t total_len)
-{
- const u_char *p;
- ssize_t mech_len;
-
- mech_len = gssapi_krb5_get_mech (*str, total_len, &p);
- if (mech_len < 0)
- return GSS_S_DEFECTIVE_TOKEN;
-
- if (mech_len != GSS_KRB5_MECHANISM->length)
- return GSS_S_BAD_MECH;
- if (memcmp(p,
- GSS_KRB5_MECHANISM->elements,
- GSS_KRB5_MECHANISM->length) != 0)
- return GSS_S_BAD_MECH;
- p += mech_len;
- *str = (char *)p;
- return GSS_S_COMPLETE;
-}
-
-/*
- * Remove the GSS-API wrapping from `in_token' giving `out_data.
- * Does not copy data, so just free `in_token'.
- */
-
-OM_uint32
-gssapi_krb5_decapsulate(
- OM_uint32 *minor_status,
- gss_buffer_t input_token_buffer,
- krb5_data *out_data,
- char *type
-)
-{
- u_char *p;
- OM_uint32 ret;
-
- p = input_token_buffer->value;
- ret = gssapi_krb5_verify_header(&p,
- input_token_buffer->length,
- type);
- if (ret) {
- *minor_status = 0;
- return ret;
- }
-
- out_data->length = input_token_buffer->length -
- (p - (u_char *)input_token_buffer->value);
- out_data->data = p;
- return GSS_S_COMPLETE;
-}
-
-/*
- * Verify padding of a gss wrapped message and return its length.
- */
-
-OM_uint32
-_gssapi_verify_pad(gss_buffer_t wrapped_token,
- size_t datalen,
- size_t *padlen)
-{
- u_char *pad;
- size_t padlength;
- int i;
-
- pad = (u_char *)wrapped_token->value + wrapped_token->length - 1;
- padlength = *pad;
-
- if (padlength > datalen)
- return GSS_S_BAD_MECH;
-
- for (i = padlength; i > 0 && *pad == padlength; i--, pad--)
- ;
- if (i != 0)
- return GSS_S_BAD_MIC;
-
- *padlen = padlength;
-
- return 0;
-}
diff --git a/crypto/heimdal/lib/gssapi/delete_sec_context.c b/crypto/heimdal/lib/gssapi/delete_sec_context.c
deleted file mode 100644
index 2df1f39749c8..000000000000
--- a/crypto/heimdal/lib/gssapi/delete_sec_context.c
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: delete_sec_context.c,v 1.11 2003/03/16 17:46:40 lha Exp $");
-
-OM_uint32 gss_delete_sec_context
- (OM_uint32 * minor_status,
- gss_ctx_id_t * context_handle,
- gss_buffer_t output_token
- )
-{
- GSSAPI_KRB5_INIT ();
-
- if (output_token) {
- output_token->length = 0;
- output_token->value = NULL;
- }
-
- krb5_auth_con_free (gssapi_krb5_context,
- (*context_handle)->auth_context);
- if((*context_handle)->source)
- krb5_free_principal (gssapi_krb5_context,
- (*context_handle)->source);
- if((*context_handle)->target)
- krb5_free_principal (gssapi_krb5_context,
- (*context_handle)->target);
- if ((*context_handle)->ticket) {
- krb5_free_ticket (gssapi_krb5_context,
- (*context_handle)->ticket);
- free((*context_handle)->ticket);
- }
-
- free (*context_handle);
- *context_handle = GSS_C_NO_CONTEXT;
- *minor_status = 0;
- return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/display_name.c b/crypto/heimdal/lib/gssapi/display_name.c
deleted file mode 100644
index 27a232fd3cf6..000000000000
--- a/crypto/heimdal/lib/gssapi/display_name.c
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: display_name.c,v 1.9 2003/03/16 17:46:11 lha Exp $");
-
-OM_uint32 gss_display_name
- (OM_uint32 * minor_status,
- const gss_name_t input_name,
- gss_buffer_t output_name_buffer,
- gss_OID * output_name_type
- )
-{
- krb5_error_code kret;
- char *buf;
- size_t len;
-
- GSSAPI_KRB5_INIT ();
- kret = krb5_unparse_name (gssapi_krb5_context,
- input_name,
- &buf);
- if (kret) {
- *minor_status = kret;
- gssapi_krb5_set_error_string ();
- return GSS_S_FAILURE;
- }
- len = strlen (buf);
- output_name_buffer->length = len;
- output_name_buffer->value = malloc(len + 1);
- if (output_name_buffer->value == NULL) {
- free (buf);
- *minor_status = ENOMEM;
- return GSS_S_FAILURE;
- }
- memcpy (output_name_buffer->value, buf, len);
- ((char *)output_name_buffer->value)[len] = '\0';
- free (buf);
- if (output_name_type)
- *output_name_type = GSS_KRB5_NT_PRINCIPAL_NAME;
- *minor_status = 0;
- return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/display_status.c b/crypto/heimdal/lib/gssapi/display_status.c
deleted file mode 100644
index d266fa46bf93..000000000000
--- a/crypto/heimdal/lib/gssapi/display_status.c
+++ /dev/null
@@ -1,187 +0,0 @@
-/*
- * Copyright (c) 1998 - 2003 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: display_status.c,v 1.9 2003/03/16 17:45:36 lha Exp $");
-
-static char *krb5_error_string;
-
-static char *
-calling_error(OM_uint32 v)
-{
- static char *msgs[] = {
- NULL, /* 0 */
- "A required input parameter could not be read.", /* */
- "A required output parameter could not be written.", /* */
- "A parameter was malformed"
- };
-
- v >>= GSS_C_CALLING_ERROR_OFFSET;
-
- if (v == 0)
- return "";
- else if (v >= sizeof(msgs)/sizeof(*msgs))
- return "unknown calling error";
- else
- return msgs[v];
-}
-
-static char *
-routine_error(OM_uint32 v)
-{
- static char *msgs[] = {
- NULL, /* 0 */
- "An unsupported mechanism was requested",
- "An invalid name was supplied",
- "A supplied name was of an unsupported type",
- "Incorrect channel bindings were supplied",
- "An invalid status code was supplied",
- "A token had an invalid MIC",
- "No credentials were supplied, "
- "or the credentials were unavailable or inaccessible.",
- "No context has been established",
- "A token was invalid",
- "A credential was invalid",
- "The referenced credentials have expired",
- "The context has expired",
- "Miscellaneous failure (see text)",
- "The quality-of-protection requested could not be provide",
- "The operation is forbidden by local security policy",
- "The operation or option is not available",
- "The requested credential element already exists",
- "The provided name was not a mechanism name.",
- };
-
- v >>= GSS_C_ROUTINE_ERROR_OFFSET;
-
- if (v == 0)
- return "";
- else if (v >= sizeof(msgs)/sizeof(*msgs))
- return "unknown routine error";
- else
- return msgs[v];
-}
-
-static char *
-supplementary_error(OM_uint32 v)
-{
- static char *msgs[] = {
- "normal completion",
- "continuation call to routine required",
- "duplicate per-message token detected",
- "timed-out per-message token detected",
- "reordered (early) per-message token detected",
- "skipped predecessor token(s) detected"
- };
-
- v >>= GSS_C_SUPPLEMENTARY_OFFSET;
-
- if (v >= sizeof(msgs)/sizeof(*msgs))
- return "unknown routine error";
- else
- return msgs[v];
-}
-
-void
-gssapi_krb5_set_error_string (void)
-{
- krb5_error_string = krb5_get_error_string(gssapi_krb5_context);
-}
-
-char *
-gssapi_krb5_get_error_string (void)
-{
- char *ret = krb5_error_string;
- krb5_error_string = NULL;
- return ret;
-}
-
-OM_uint32 gss_display_status
- (OM_uint32 *minor_status,
- OM_uint32 status_value,
- int status_type,
- const gss_OID mech_type,
- OM_uint32 *message_context,
- gss_buffer_t status_string)
-{
- char *buf;
-
- GSSAPI_KRB5_INIT ();
-
- status_string->length = 0;
- status_string->value = NULL;
-
- if (gss_oid_equal(mech_type, GSS_C_NO_OID) == 0 &&
- gss_oid_equal(mech_type, GSS_KRB5_MECHANISM) == 0) {
- *minor_status = 0;
- return GSS_C_GSS_CODE;
- }
-
- if (status_type == GSS_C_GSS_CODE) {
- if (GSS_SUPPLEMENTARY_INFO(status_value))
- asprintf(&buf, "%s",
- supplementary_error(GSS_SUPPLEMENTARY_INFO(status_value)));
- else
- asprintf (&buf, "%s %s",
- calling_error(GSS_CALLING_ERROR(status_value)),
- routine_error(GSS_ROUTINE_ERROR(status_value)));
- } else if (status_type == GSS_C_MECH_CODE) {
- buf = gssapi_krb5_get_error_string ();
- if (buf == NULL) {
- const char *tmp = krb5_get_err_text (gssapi_krb5_context,
- status_value);
- if (tmp == NULL)
- asprintf(&buf, "unknown mech error-code %u",
- (unsigned)status_value);
- else
- buf = strdup(tmp);
- }
- } else {
- *minor_status = EINVAL;
- return GSS_S_BAD_STATUS;
- }
-
- if (buf == NULL) {
- *minor_status = ENOMEM;
- return GSS_S_FAILURE;
- }
-
- *message_context = 0;
- *minor_status = 0;
-
- status_string->length = strlen(buf);
- status_string->value = buf;
-
- return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/duplicate_name.c b/crypto/heimdal/lib/gssapi/duplicate_name.c
deleted file mode 100644
index 2b54e90ec89d..000000000000
--- a/crypto/heimdal/lib/gssapi/duplicate_name.c
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: duplicate_name.c,v 1.7 2003/03/16 17:44:26 lha Exp $");
-
-OM_uint32 gss_duplicate_name (
- OM_uint32 * minor_status,
- const gss_name_t src_name,
- gss_name_t * dest_name
- )
-{
- krb5_error_code kret;
-
- GSSAPI_KRB5_INIT ();
-
- kret = krb5_copy_principal (gssapi_krb5_context,
- src_name,
- dest_name);
- if (kret) {
- *minor_status = kret;
- gssapi_krb5_set_error_string ();
- return GSS_S_FAILURE;
- } else {
- *minor_status = 0;
- return GSS_S_COMPLETE;
- }
-}
diff --git a/crypto/heimdal/lib/gssapi/encapsulate.c b/crypto/heimdal/lib/gssapi/encapsulate.c
deleted file mode 100644
index f3cd1e49f42b..000000000000
--- a/crypto/heimdal/lib/gssapi/encapsulate.c
+++ /dev/null
@@ -1,122 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: encapsulate.c,v 1.6.6.1 2003/09/18 21:47:44 lha Exp $");
-
-void
-gssapi_krb5_encap_length (size_t data_len,
- size_t *len,
- size_t *total_len)
-{
- size_t len_len;
-
- *len = 1 + 1 + GSS_KRB5_MECHANISM->length + 2 + data_len;
-
- len_len = length_len(*len);
-
- *total_len = 1 + len_len + *len;
-}
-
-u_char *
-gssapi_krb5_make_header (u_char *p,
- size_t len,
- u_char *type)
-{
- int e;
- size_t len_len, foo;
-
- *p++ = 0x60;
- len_len = length_len(len);
- e = der_put_length (p + len_len - 1, len_len, len, &foo);
- if(e || foo != len_len)
- abort ();
- p += len_len;
- *p++ = 0x06;
- *p++ = GSS_KRB5_MECHANISM->length;
- memcpy (p, GSS_KRB5_MECHANISM->elements, GSS_KRB5_MECHANISM->length);
- p += GSS_KRB5_MECHANISM->length;
- memcpy (p, type, 2);
- p += 2;
- return p;
-}
-
-u_char *
-_gssapi_make_mech_header(u_char *p,
- size_t len)
-{
- int e;
- size_t len_len, foo;
-
- *p++ = 0x60;
- len_len = length_len(len);
- e = der_put_length (p + len_len - 1, len_len, len, &foo);
- if(e || foo != len_len)
- abort ();
- p += len_len;
- *p++ = 0x06;
- *p++ = GSS_KRB5_MECHANISM->length;
- memcpy (p, GSS_KRB5_MECHANISM->elements, GSS_KRB5_MECHANISM->length);
- p += GSS_KRB5_MECHANISM->length;
- return p;
-}
-
-/*
- * Give it a krb5_data and it will encapsulate with extra GSS-API wrappings.
- */
-
-OM_uint32
-gssapi_krb5_encapsulate(
- OM_uint32 *minor_status,
- const krb5_data *in_data,
- gss_buffer_t output_token,
- u_char *type
-)
-{
- size_t len, outer_len;
- u_char *p;
-
- gssapi_krb5_encap_length (in_data->length, &len, &outer_len);
-
- output_token->length = outer_len;
- output_token->value = malloc (outer_len);
- if (output_token->value == NULL) {
- *minor_status = ENOMEM;
- return GSS_S_FAILURE;
- }
-
- p = gssapi_krb5_make_header (output_token->value, len, type);
- memcpy (p, in_data->data, in_data->length);
- return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/export_name.c b/crypto/heimdal/lib/gssapi/export_name.c
deleted file mode 100644
index c5fcbd4fd0cf..000000000000
--- a/crypto/heimdal/lib/gssapi/export_name.c
+++ /dev/null
@@ -1,94 +0,0 @@
-/*
- * Copyright (c) 1997, 1999, 2003 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: export_name.c,v 1.5 2003/03/16 17:34:46 lha Exp $");
-
-OM_uint32 gss_export_name
- (OM_uint32 * minor_status,
- const gss_name_t input_name,
- gss_buffer_t exported_name
- )
-{
- krb5_error_code kret;
- char *buf, *name;
- size_t len;
-
- GSSAPI_KRB5_INIT ();
- kret = krb5_unparse_name (gssapi_krb5_context,
- input_name,
- &name);
- if (kret) {
- *minor_status = kret;
- gssapi_krb5_set_error_string ();
- return GSS_S_FAILURE;
- }
- len = strlen (name);
-
- exported_name->length = 10 + len + GSS_KRB5_MECHANISM->length;
- exported_name->value = malloc(exported_name->length);
- if (exported_name->value == NULL) {
- free (name);
- *minor_status = ENOMEM;
- return GSS_S_FAILURE;
- }
-
- /* TOK, MECH_OID_LEN, DER(MECH_OID), NAME_LEN, NAME */
-
- buf = exported_name->value;
- memcpy(buf, "\x04\x01", 2);
- buf += 2;
- buf[0] = ((GSS_KRB5_MECHANISM->length + 2) >> 8) & 0xff;
- buf[1] = (GSS_KRB5_MECHANISM->length + 2) & 0xff;
- buf+= 2;
- buf[0] = 0x06;
- buf[1] = (GSS_KRB5_MECHANISM->length) & 0xFF;
- buf+= 2;
-
- memcpy(buf, GSS_KRB5_MECHANISM->elements, GSS_KRB5_MECHANISM->length);
- buf += GSS_KRB5_MECHANISM->length;
-
- buf[0] = (len >> 24) & 0xff;
- buf[1] = (len >> 16) & 0xff;
- buf[2] = (len >> 8) & 0xff;
- buf[3] = (len) & 0xff;
- buf += 4;
-
- memcpy (buf, name, len);
-
- free (name);
-
- *minor_status = 0;
- return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/export_sec_context.c b/crypto/heimdal/lib/gssapi/export_sec_context.c
deleted file mode 100644
index c7e626524282..000000000000
--- a/crypto/heimdal/lib/gssapi/export_sec_context.c
+++ /dev/null
@@ -1,223 +0,0 @@
-/*
- * Copyright (c) 1999 - 2003 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: export_sec_context.c,v 1.6 2003/03/16 18:02:52 lha Exp $");
-
-OM_uint32
-gss_export_sec_context (
- OM_uint32 * minor_status,
- gss_ctx_id_t * context_handle,
- gss_buffer_t interprocess_token
- )
-{
- krb5_storage *sp;
- krb5_auth_context ac;
- OM_uint32 ret = GSS_S_COMPLETE;
- krb5_data data;
- gss_buffer_desc buffer;
- int flags;
- OM_uint32 minor;
- krb5_error_code kret;
-
- GSSAPI_KRB5_INIT ();
- if (!((*context_handle)->flags & GSS_C_TRANS_FLAG)) {
- *minor_status = 0;
- return GSS_S_UNAVAILABLE;
- }
-
- sp = krb5_storage_emem ();
- if (sp == NULL) {
- *minor_status = ENOMEM;
- return GSS_S_FAILURE;
- }
- ac = (*context_handle)->auth_context;
-
- /* flagging included fields */
-
- flags = 0;
- if (ac->local_address)
- flags |= SC_LOCAL_ADDRESS;
- if (ac->remote_address)
- flags |= SC_REMOTE_ADDRESS;
- if (ac->keyblock)
- flags |= SC_KEYBLOCK;
- if (ac->local_subkey)
- flags |= SC_LOCAL_SUBKEY;
- if (ac->remote_subkey)
- flags |= SC_REMOTE_SUBKEY;
-
- kret = krb5_store_int32 (sp, flags);
- if (kret) {
- *minor_status = kret;
- goto failure;
- }
-
- /* marshall auth context */
-
- kret = krb5_store_int32 (sp, ac->flags);
- if (kret) {
- *minor_status = kret;
- goto failure;
- }
- if (ac->local_address) {
- kret = krb5_store_address (sp, *ac->local_address);
- if (kret) {
- *minor_status = kret;
- goto failure;
- }
- }
- if (ac->remote_address) {
- kret = krb5_store_address (sp, *ac->remote_address);
- if (kret) {
- *minor_status = kret;
- goto failure;
- }
- }
- kret = krb5_store_int16 (sp, ac->local_port);
- if (kret) {
- *minor_status = kret;
- goto failure;
- }
- kret = krb5_store_int16 (sp, ac->remote_port);
- if (kret) {
- *minor_status = kret;
- goto failure;
- }
- if (ac->keyblock) {
- kret = krb5_store_keyblock (sp, *ac->keyblock);
- if (kret) {
- *minor_status = kret;
- goto failure;
- }
- }
- if (ac->local_subkey) {
- kret = krb5_store_keyblock (sp, *ac->local_subkey);
- if (kret) {
- *minor_status = kret;
- goto failure;
- }
- }
- if (ac->remote_subkey) {
- kret = krb5_store_keyblock (sp, *ac->remote_subkey);
- if (kret) {
- *minor_status = kret;
- goto failure;
- }
- }
- kret = krb5_store_int32 (sp, ac->local_seqnumber);
- if (kret) {
- *minor_status = kret;
- goto failure;
- }
- kret = krb5_store_int32 (sp, ac->remote_seqnumber);
- if (kret) {
- *minor_status = kret;
- goto failure;
- }
-
- kret = krb5_store_int32 (sp, ac->keytype);
- if (kret) {
- *minor_status = kret;
- goto failure;
- }
- kret = krb5_store_int32 (sp, ac->cksumtype);
- if (kret) {
- *minor_status = kret;
- goto failure;
- }
-
- /* names */
-
- ret = gss_export_name (minor_status, (*context_handle)->source, &buffer);
- if (ret)
- goto failure;
- data.data = buffer.value;
- data.length = buffer.length;
- kret = krb5_store_data (sp, data);
- gss_release_buffer (&minor, &buffer);
- if (kret) {
- *minor_status = kret;
- goto failure;
- }
-
- ret = gss_export_name (minor_status, (*context_handle)->target, &buffer);
- if (ret)
- goto failure;
- data.data = buffer.value;
- data.length = buffer.length;
-
- ret = GSS_S_FAILURE;
-
- kret = krb5_store_data (sp, data);
- gss_release_buffer (&minor, &buffer);
- if (kret) {
- *minor_status = kret;
- goto failure;
- }
-
- kret = krb5_store_int32 (sp, (*context_handle)->flags);
- if (kret) {
- *minor_status = kret;
- goto failure;
- }
- kret = krb5_store_int32 (sp, (*context_handle)->more_flags);
- if (kret) {
- *minor_status = kret;
- goto failure;
- }
- kret = krb5_store_int32 (sp, (*context_handle)->lifetime);
- if (kret) {
- *minor_status = kret;
- goto failure;
- }
-
- kret = krb5_storage_to_data (sp, &data);
- krb5_storage_free (sp);
- if (kret) {
- *minor_status = kret;
- return GSS_S_FAILURE;
- }
- interprocess_token->length = data.length;
- interprocess_token->value = data.data;
- ret = gss_delete_sec_context (minor_status, context_handle,
- GSS_C_NO_BUFFER);
- if (ret != GSS_S_COMPLETE)
- gss_release_buffer (NULL, interprocess_token);
- *minor_status = 0;
- return ret;
- failure:
- krb5_storage_free (sp);
- return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/external.c b/crypto/heimdal/lib/gssapi/external.c
deleted file mode 100644
index dca35ea94318..000000000000
--- a/crypto/heimdal/lib/gssapi/external.c
+++ /dev/null
@@ -1,235 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: external.c,v 1.5 2000/07/22 03:45:28 assar Exp $");
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- * "\x01\x02\x01\x01"},
- * corresponding to an object-identifier value of
- * {iso(1) member-body(2) United States(840) mit(113554)
- * infosys(1) gssapi(2) generic(1) user_name(1)}. The constant
- * GSS_C_NT_USER_NAME should be initialized to point
- * to that gss_OID_desc.
- */
-
-static gss_OID_desc gss_c_nt_user_name_oid_desc =
-{10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- "\x01\x02\x01\x01"};
-
-gss_OID GSS_C_NT_USER_NAME = &gss_c_nt_user_name_oid_desc;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- * "\x01\x02\x01\x02"},
- * corresponding to an object-identifier value of
- * {iso(1) member-body(2) United States(840) mit(113554)
- * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}.
- * The constant GSS_C_NT_MACHINE_UID_NAME should be
- * initialized to point to that gss_OID_desc.
- */
-
-static gss_OID_desc gss_c_nt_machine_uid_name_oid_desc =
-{10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- "\x01\x02\x01\x02"};
-
-gss_OID GSS_C_NT_MACHINE_UID_NAME = &gss_c_nt_machine_uid_name_oid_desc;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- * "\x01\x02\x01\x03"},
- * corresponding to an object-identifier value of
- * {iso(1) member-body(2) United States(840) mit(113554)
- * infosys(1) gssapi(2) generic(1) string_uid_name(3)}.
- * The constant GSS_C_NT_STRING_UID_NAME should be
- * initialized to point to that gss_OID_desc.
- */
-
-static gss_OID_desc gss_c_nt_string_uid_name_oid_desc =
-{10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- "\x01\x02\x01\x03"};
-
-gss_OID GSS_C_NT_STRING_UID_NAME = &gss_c_nt_string_uid_name_oid_desc;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {6, (void *)"\x2b\x06\x01\x05\x06\x02"},
- * corresponding to an object-identifier value of
- * {iso(1) org(3) dod(6) internet(1) security(5)
- * nametypes(6) gss-host-based-services(2)). The constant
- * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point
- * to that gss_OID_desc. This is a deprecated OID value, and
- * implementations wishing to support hostbased-service names
- * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID,
- * defined below, to identify such names;
- * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym
- * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input
- * parameter, but should not be emitted by GSS-API
- * implementations
- */
-
-static gss_OID_desc gss_c_nt_hostbased_service_x_oid_desc =
-{6, (void *)"\x2b\x06\x01\x05\x06\x02"};
-
-gss_OID GSS_C_NT_HOSTBASED_SERVICE_X = &gss_c_nt_hostbased_service_x_oid_desc;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
- * "\x01\x02\x01\x04"}, corresponding to an
- * object-identifier value of {iso(1) member-body(2)
- * Unites States(840) mit(113554) infosys(1) gssapi(2)
- * generic(1) service_name(4)}. The constant
- * GSS_C_NT_HOSTBASED_SERVICE should be initialized
- * to point to that gss_OID_desc.
- */
-static gss_OID_desc gss_c_nt_hostbased_service_oid_desc =
-{10, (void *)"\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x04"};
-
-gss_OID GSS_C_NT_HOSTBASED_SERVICE = &gss_c_nt_hostbased_service_oid_desc;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {6, (void *)"\x2b\x06\01\x05\x06\x03"},
- * corresponding to an object identifier value of
- * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
- * 6(nametypes), 3(gss-anonymous-name)}. The constant
- * and GSS_C_NT_ANONYMOUS should be initialized to point
- * to that gss_OID_desc.
- */
-
-static gss_OID_desc gss_c_nt_anonymous_oid_desc =
-{6, (void *)"\x2b\x06\01\x05\x06\x03"};
-
-gss_OID GSS_C_NT_ANONYMOUS = &gss_c_nt_anonymous_oid_desc;
-
-/*
- * The implementation must reserve static storage for a
- * gss_OID_desc object containing the value
- * {6, (void *)"\x2b\x06\x01\x05\x06\x04"},
- * corresponding to an object-identifier value of
- * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
- * 6(nametypes), 4(gss-api-exported-name)}. The constant
- * GSS_C_NT_EXPORT_NAME should be initialized to point
- * to that gss_OID_desc.
- */
-
-static gss_OID_desc gss_c_nt_export_name_oid_desc =
-{6, (void *)"\x2b\x06\x01\x05\x06\x04"};
-
-gss_OID GSS_C_NT_EXPORT_NAME = &gss_c_nt_export_name_oid_desc;
-
-/*
- * This name form shall be represented by the Object Identifier {iso(1)
- * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- * krb5(2) krb5_name(1)}. The recommended symbolic name for this type
- * is "GSS_KRB5_NT_PRINCIPAL_NAME".
- */
-
-static gss_OID_desc gss_krb5_nt_principal_name_oid_desc =
-{10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01"};
-
-gss_OID GSS_KRB5_NT_PRINCIPAL_NAME = &gss_krb5_nt_principal_name_oid_desc;
-
-/*
- * This name form shall be represented by the Object Identifier {iso(1)
- * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- * generic(1) user_name(1)}. The recommended symbolic name for this
- * type is "GSS_KRB5_NT_USER_NAME".
- */
-
-gss_OID GSS_KRB5_NT_USER_NAME = &gss_c_nt_user_name_oid_desc;
-
-/*
- * This name form shall be represented by the Object Identifier {iso(1)
- * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- * generic(1) machine_uid_name(2)}. The recommended symbolic name for
- * this type is "GSS_KRB5_NT_MACHINE_UID_NAME".
- */
-
-gss_OID GSS_KRB5_NT_MACHINE_UID_NAME = &gss_c_nt_machine_uid_name_oid_desc;
-
-/*
- * This name form shall be represented by the Object Identifier {iso(1)
- * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- * generic(1) string_uid_name(3)}. The recommended symbolic name for
- * this type is "GSS_KRB5_NT_STRING_UID_NAME".
- */
-
-gss_OID GSS_KRB5_NT_STRING_UID_NAME = &gss_c_nt_string_uid_name_oid_desc;
-
-/*
- * To support ongoing experimentation, testing, and evolution of the
- * specification, the Kerberos V5 GSS-API mechanism as defined in this
- * and any successor memos will be identified with the following Object
- * Identifier, as defined in RFC-1510, until the specification is
- * advanced to the level of Proposed Standard RFC:
- *
- * {iso(1), org(3), dod(5), internet(1), security(5), kerberosv5(2)}
- *
- * Upon advancement to the level of Proposed Standard RFC, the Kerberos
- * V5 GSS-API mechanism will be identified by an Object Identifier
- * having the value:
- *
- * {iso(1) member-body(2) United States(840) mit(113554) infosys(1)
- * gssapi(2) krb5(2)}
- */
-
-#if 0 /* This is the old OID */
-
-static gss_OID_desc gss_krb5_mechanism_oid_desc =
-{5, (void *)"\x2b\x05\x01\x05\x02"};
-
-#endif
-
-static gss_OID_desc gss_krb5_mechanism_oid_desc =
-{9, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"};
-
-gss_OID GSS_KRB5_MECHANISM = &gss_krb5_mechanism_oid_desc;
-
-/*
- * Context for krb5 calls.
- */
-
-krb5_context gssapi_krb5_context;
diff --git a/crypto/heimdal/lib/gssapi/get_mic.c b/crypto/heimdal/lib/gssapi/get_mic.c
deleted file mode 100644
index 7f5b37e02572..000000000000
--- a/crypto/heimdal/lib/gssapi/get_mic.c
+++ /dev/null
@@ -1,295 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: get_mic.c,v 1.21.2.1 2003/09/18 22:05:12 lha Exp $");
-
-static OM_uint32
-mic_des
- (OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
- gss_qop_t qop_req,
- const gss_buffer_t message_buffer,
- gss_buffer_t message_token,
- krb5_keyblock *key
- )
-{
- u_char *p;
- MD5_CTX md5;
- u_char hash[16];
- des_key_schedule schedule;
- des_cblock deskey;
- des_cblock zero;
- int32_t seq_number;
- size_t len, total_len;
-
- gssapi_krb5_encap_length (22, &len, &total_len);
-
- message_token->length = total_len;
- message_token->value = malloc (total_len);
- if (message_token->value == NULL) {
- *minor_status = ENOMEM;
- return GSS_S_FAILURE;
- }
-
- p = gssapi_krb5_make_header(message_token->value,
- len,
- "\x01\x01"); /* TOK_ID */
-
- memcpy (p, "\x00\x00", 2); /* SGN_ALG = DES MAC MD5 */
- p += 2;
-
- memcpy (p, "\xff\xff\xff\xff", 4); /* Filler */
- p += 4;
-
- /* Fill in later (SND-SEQ) */
- memset (p, 0, 16);
- p += 16;
-
- /* checksum */
- MD5_Init (&md5);
- MD5_Update (&md5, p - 24, 8);
- MD5_Update (&md5, message_buffer->value, message_buffer->length);
- MD5_Final (hash, &md5);
-
- memset (&zero, 0, sizeof(zero));
- memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
- des_set_key (&deskey, schedule);
- des_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
- schedule, &zero);
- memcpy (p - 8, hash, 8); /* SGN_CKSUM */
-
- /* sequence number */
- krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,
- context_handle->auth_context,
- &seq_number);
-
- p -= 16; /* SND_SEQ */
- p[0] = (seq_number >> 0) & 0xFF;
- p[1] = (seq_number >> 8) & 0xFF;
- p[2] = (seq_number >> 16) & 0xFF;
- p[3] = (seq_number >> 24) & 0xFF;
- memset (p + 4,
- (context_handle->more_flags & LOCAL) ? 0 : 0xFF,
- 4);
-
- des_set_key (&deskey, schedule);
- des_cbc_encrypt ((void *)p, (void *)p, 8,
- schedule, (des_cblock *)(p + 8), DES_ENCRYPT);
-
- krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,
- context_handle->auth_context,
- ++seq_number);
-
- memset (deskey, 0, sizeof(deskey));
- memset (schedule, 0, sizeof(schedule));
-
- *minor_status = 0;
- return GSS_S_COMPLETE;
-}
-
-static OM_uint32
-mic_des3
- (OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
- gss_qop_t qop_req,
- const gss_buffer_t message_buffer,
- gss_buffer_t message_token,
- krb5_keyblock *key
- )
-{
- u_char *p;
- Checksum cksum;
- u_char seq[8];
-
- int32_t seq_number;
- size_t len, total_len;
-
- krb5_crypto crypto;
- krb5_error_code kret;
- krb5_data encdata;
- char *tmp;
- char ivec[8];
-
- gssapi_krb5_encap_length (36, &len, &total_len);
-
- message_token->length = total_len;
- message_token->value = malloc (total_len);
- if (message_token->value == NULL) {
- *minor_status = ENOMEM;
- return GSS_S_FAILURE;
- }
-
- p = gssapi_krb5_make_header(message_token->value,
- len,
- "\x01\x01"); /* TOK-ID */
-
- memcpy (p, "\x04\x00", 2); /* SGN_ALG = HMAC SHA1 DES3-KD */
- p += 2;
-
- memcpy (p, "\xff\xff\xff\xff", 4); /* filler */
- p += 4;
-
- /* this should be done in parts */
-
- tmp = malloc (message_buffer->length + 8);
- if (tmp == NULL) {
- free (message_token->value);
- *minor_status = ENOMEM;
- return GSS_S_FAILURE;
- }
- memcpy (tmp, p - 8, 8);
- memcpy (tmp + 8, message_buffer->value, message_buffer->length);
-
- kret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto);
- if (kret) {
- free (message_token->value);
- free (tmp);
- gssapi_krb5_set_error_string ();
- *minor_status = kret;
- return GSS_S_FAILURE;
- }
-
- kret = krb5_create_checksum (gssapi_krb5_context,
- crypto,
- KRB5_KU_USAGE_SIGN,
- 0,
- tmp,
- message_buffer->length + 8,
- &cksum);
- free (tmp);
- krb5_crypto_destroy (gssapi_krb5_context, crypto);
- if (kret) {
- free (message_token->value);
- gssapi_krb5_set_error_string ();
- *minor_status = kret;
- return GSS_S_FAILURE;
- }
-
- memcpy (p + 8, cksum.checksum.data, cksum.checksum.length);
-
- /* sequence number */
- krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,
- context_handle->auth_context,
- &seq_number);
-
- seq[0] = (seq_number >> 0) & 0xFF;
- seq[1] = (seq_number >> 8) & 0xFF;
- seq[2] = (seq_number >> 16) & 0xFF;
- seq[3] = (seq_number >> 24) & 0xFF;
- memset (seq + 4,
- (context_handle->more_flags & LOCAL) ? 0 : 0xFF,
- 4);
-
- kret = krb5_crypto_init(gssapi_krb5_context, key,
- ETYPE_DES3_CBC_NONE, &crypto);
- if (kret) {
- free (message_token->value);
- gssapi_krb5_set_error_string ();
- *minor_status = kret;
- return GSS_S_FAILURE;
- }
-
- if (context_handle->more_flags & COMPAT_OLD_DES3)
- memset(ivec, 0, 8);
- else
- memcpy(ivec, p + 8, 8);
-
- kret = krb5_encrypt_ivec (gssapi_krb5_context,
- crypto,
- KRB5_KU_USAGE_SEQ,
- seq, 8, &encdata, ivec);
- krb5_crypto_destroy (gssapi_krb5_context, crypto);
- if (kret) {
- free (message_token->value);
- gssapi_krb5_set_error_string ();
- *minor_status = kret;
- return GSS_S_FAILURE;
- }
-
- assert (encdata.length == 8);
-
- memcpy (p, encdata.data, encdata.length);
- krb5_data_free (&encdata);
-
- krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,
- context_handle->auth_context,
- ++seq_number);
-
- free_Checksum (&cksum);
- *minor_status = 0;
- return GSS_S_COMPLETE;
-}
-
-OM_uint32 gss_get_mic
- (OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
- gss_qop_t qop_req,
- const gss_buffer_t message_buffer,
- gss_buffer_t message_token
- )
-{
- krb5_keyblock *key;
- OM_uint32 ret;
- krb5_keytype keytype;
-
- ret = gss_krb5_get_localkey(context_handle, &key);
- if (ret) {
- gssapi_krb5_set_error_string ();
- *minor_status = ret;
- return GSS_S_FAILURE;
- }
- krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype);
-
- switch (keytype) {
- case KEYTYPE_DES :
- ret = mic_des (minor_status, context_handle, qop_req,
- message_buffer, message_token, key);
- break;
- case KEYTYPE_DES3 :
- ret = mic_des3 (minor_status, context_handle, qop_req,
- message_buffer, message_token, key);
- break;
- case KEYTYPE_ARCFOUR:
- ret = _gssapi_get_mic_arcfour (minor_status, context_handle, qop_req,
- message_buffer, message_token, key);
- break;
- default :
- *minor_status = KRB5_PROG_ETYPE_NOSUPP;
- ret = GSS_S_FAILURE;
- break;
- }
- krb5_free_keyblock (gssapi_krb5_context, key);
- return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/gssapi_locl.h b/crypto/heimdal/lib/gssapi/gssapi_locl.h
deleted file mode 100644
index 5b2274fc9add..000000000000
--- a/crypto/heimdal/lib/gssapi/gssapi_locl.h
+++ /dev/null
@@ -1,180 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id: gssapi_locl.h,v 1.24.2.5 2003/09/18 22:01:52 lha Exp $ */
-/* $FreeBSD$ */
-
-#ifndef GSSAPI_LOCL_H
-#define GSSAPI_LOCL_H
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <krb5_locl.h>
-#include "gssapi.h"
-#include <assert.h>
-
-#include "arcfour.h"
-
-extern krb5_context gssapi_krb5_context;
-
-extern krb5_keytab gssapi_krb5_keytab;
-
-krb5_error_code gssapi_krb5_init (void);
-
-#define GSSAPI_KRB5_INIT() do { \
- krb5_error_code kret; \
- if((kret = gssapi_krb5_init ()) != 0) { \
- *minor_status = kret; \
- return GSS_S_FAILURE; \
- } \
-} while (0)
-
-OM_uint32
-gssapi_krb5_create_8003_checksum (
- OM_uint32 *minor_status,
- const gss_channel_bindings_t input_chan_bindings,
- OM_uint32 flags,
- const krb5_data *fwd_data,
- Checksum *result);
-
-OM_uint32
-gssapi_krb5_verify_8003_checksum (
- OM_uint32 *minor_status,
- const gss_channel_bindings_t input_chan_bindings,
- const Checksum *cksum,
- OM_uint32 *flags,
- krb5_data *fwd_data);
-
-OM_uint32
-gssapi_krb5_encapsulate(
- OM_uint32 *minor_status,
- const krb5_data *in_data,
- gss_buffer_t output_token,
- u_char *type);
-
-u_char *
-_gssapi_make_mech_header(u_char *p,
- size_t len);
-
-OM_uint32
-gssapi_krb5_decapsulate(
- OM_uint32 *minor_status,
- gss_buffer_t input_token_buffer,
- krb5_data *out_data,
- char *type);
-
-void
-gssapi_krb5_encap_length (size_t data_len,
- size_t *len,
- size_t *total_len);
-
-u_char *
-gssapi_krb5_make_header (u_char *p,
- size_t len,
- u_char *type);
-
-OM_uint32
-gssapi_krb5_verify_header(u_char **str,
- size_t total_len,
- char *type);
-
-
-OM_uint32
-_gssapi_verify_mech_header(u_char **str,
- size_t total_len);
-
-OM_uint32
-_gssapi_verify_pad(gss_buffer_t, size_t, size_t *);
-
-OM_uint32
-gss_verify_mic_internal(OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
- const gss_buffer_t message_buffer,
- const gss_buffer_t token_buffer,
- gss_qop_t * qop_state,
- char * type);
-
-OM_uint32
-gss_krb5_get_remotekey(const gss_ctx_id_t context_handle,
- krb5_keyblock **key);
-
-OM_uint32
-gss_krb5_get_localkey(const gss_ctx_id_t context_handle,
- krb5_keyblock **key);
-
-krb5_error_code
-gss_address_to_krb5addr(OM_uint32 gss_addr_type,
- gss_buffer_desc *gss_addr,
- int16_t port,
- krb5_address *address);
-
-/* sec_context flags */
-
-#define SC_LOCAL_ADDRESS 0x01
-#define SC_REMOTE_ADDRESS 0x02
-#define SC_KEYBLOCK 0x04
-#define SC_LOCAL_SUBKEY 0x08
-#define SC_REMOTE_SUBKEY 0x10
-
-int
-gss_oid_equal(const gss_OID a, const gss_OID b);
-
-void
-gssapi_krb5_set_error_string (void);
-
-char *
-gssapi_krb5_get_error_string (void);
-
-OM_uint32
-_gss_DES3_get_mic_compat(OM_uint32 *minor_status, gss_ctx_id_t ctx);
-
-OM_uint32
-gssapi_lifetime_left(OM_uint32 *, OM_uint32, OM_uint32 *);
-
-/* 8003 */
-
-krb5_error_code
-gssapi_encode_om_uint32(OM_uint32, u_char *);
-
-krb5_error_code
-gssapi_encode_be_om_uint32(OM_uint32, u_char *);
-
-krb5_error_code
-gssapi_decode_om_uint32(u_char *, OM_uint32 *);
-
-krb5_error_code
-gssapi_decode_be_om_uint32(u_char *, OM_uint32 *);
-
-#endif
diff --git a/crypto/heimdal/lib/gssapi/import_name.c b/crypto/heimdal/lib/gssapi/import_name.c
deleted file mode 100644
index 423e75714664..000000000000
--- a/crypto/heimdal/lib/gssapi/import_name.c
+++ /dev/null
@@ -1,229 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: import_name.c,v 1.13 2003/03/16 17:33:31 lha Exp $");
-
-static OM_uint32
-parse_krb5_name (OM_uint32 *minor_status,
- const char *name,
- gss_name_t *output_name)
-{
- krb5_error_code kerr;
-
- kerr = krb5_parse_name (gssapi_krb5_context, name, output_name);
-
- if (kerr == 0)
- return GSS_S_COMPLETE;
- else if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED) {
- gssapi_krb5_set_error_string ();
- *minor_status = kerr;
- return GSS_S_BAD_NAME;
- } else {
- gssapi_krb5_set_error_string ();
- *minor_status = kerr;
- return GSS_S_FAILURE;
- }
-}
-
-static OM_uint32
-import_krb5_name (OM_uint32 *minor_status,
- const gss_buffer_t input_name_buffer,
- gss_name_t *output_name)
-{
- OM_uint32 ret;
- char *tmp;
-
- tmp = malloc (input_name_buffer->length + 1);
- if (tmp == NULL) {
- *minor_status = ENOMEM;
- return GSS_S_FAILURE;
- }
- memcpy (tmp,
- input_name_buffer->value,
- input_name_buffer->length);
- tmp[input_name_buffer->length] = '\0';
-
- ret = parse_krb5_name(minor_status, tmp, output_name);
- free(tmp);
-
- return ret;
-}
-
-static OM_uint32
-import_hostbased_name (OM_uint32 *minor_status,
- const gss_buffer_t input_name_buffer,
- gss_name_t *output_name)
-{
- krb5_error_code kerr;
- char *tmp;
- char *p;
- char *host;
- char local_hostname[MAXHOSTNAMELEN];
-
- *output_name = NULL;
-
- tmp = malloc (input_name_buffer->length + 1);
- if (tmp == NULL) {
- *minor_status = ENOMEM;
- return GSS_S_FAILURE;
- }
- memcpy (tmp,
- input_name_buffer->value,
- input_name_buffer->length);
- tmp[input_name_buffer->length] = '\0';
-
- p = strchr (tmp, '@');
- if (p != NULL) {
- *p = '\0';
- host = p + 1;
- } else {
- if (gethostname(local_hostname, sizeof(local_hostname)) < 0) {
- *minor_status = errno;
- free (tmp);
- return GSS_S_FAILURE;
- }
- host = local_hostname;
- }
-
- kerr = krb5_sname_to_principal (gssapi_krb5_context,
- host,
- tmp,
- KRB5_NT_SRV_HST,
- output_name);
- free (tmp);
- *minor_status = kerr;
- if (kerr == 0)
- return GSS_S_COMPLETE;
- else if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED) {
- gssapi_krb5_set_error_string ();
- *minor_status = kerr;
- return GSS_S_BAD_NAME;
- } else {
- gssapi_krb5_set_error_string ();
- *minor_status = kerr;
- return GSS_S_FAILURE;
- }
-}
-
-static OM_uint32
-import_export_name (OM_uint32 *minor_status,
- const gss_buffer_t input_name_buffer,
- gss_name_t *output_name)
-{
- unsigned char *p;
- uint32_t length;
- OM_uint32 ret;
- char *name;
-
- if (input_name_buffer->length < 10 + GSS_KRB5_MECHANISM->length)
- return GSS_S_BAD_NAME;
-
- /* TOK, MECH_OID_LEN, DER(MECH_OID), NAME_LEN, NAME */
-
- p = input_name_buffer->value;
-
- if (memcmp(&p[0], "\x04\x01\x00", 3) != 0 ||
- p[3] != GSS_KRB5_MECHANISM->length + 2 ||
- p[4] != 0x06 ||
- p[5] != GSS_KRB5_MECHANISM->length ||
- memcmp(&p[6], GSS_KRB5_MECHANISM->elements,
- GSS_KRB5_MECHANISM->length) != 0)
- return GSS_S_BAD_NAME;
-
- p += 6 + GSS_KRB5_MECHANISM->length;
-
- length = p[0] << 24 | p[1] << 16 | p[2] << 8 | p[3];
- p += 4;
-
- if (length > input_name_buffer->length - 10 - GSS_KRB5_MECHANISM->length)
- return GSS_S_BAD_NAME;
-
- name = malloc(length + 1);
- if (name == NULL) {
- *minor_status = ENOMEM;
- return GSS_S_FAILURE;
- }
- memcpy(name, p, length);
- name[length] = '\0';
-
- ret = parse_krb5_name(minor_status, name, output_name);
- free(name);
-
- return ret;
-}
-
-int
-gss_oid_equal(const gss_OID a, const gss_OID b)
-{
- if (a == b)
- return 1;
- else if (a == GSS_C_NO_OID || b == GSS_C_NO_OID || a->length != b->length)
- return 0;
- else
- return memcmp(a->elements, b->elements, a->length) == 0;
-}
-
-OM_uint32 gss_import_name
- (OM_uint32 * minor_status,
- const gss_buffer_t input_name_buffer,
- const gss_OID input_name_type,
- gss_name_t * output_name
- )
-{
- GSSAPI_KRB5_INIT ();
-
- *minor_status = 0;
- *output_name = GSS_C_NO_NAME;
-
- if (gss_oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE))
- return import_hostbased_name (minor_status,
- input_name_buffer,
- output_name);
- else if (gss_oid_equal(input_name_type, GSS_C_NO_OID)
- || gss_oid_equal(input_name_type, GSS_C_NT_USER_NAME)
- || gss_oid_equal(input_name_type, GSS_KRB5_NT_PRINCIPAL_NAME))
- /* default printable syntax */
- return import_krb5_name (minor_status,
- input_name_buffer,
- output_name);
- else if (gss_oid_equal(input_name_type, GSS_C_NT_EXPORT_NAME)) {
- return import_export_name(minor_status,
- input_name_buffer,
- output_name);
- } else {
- *minor_status = 0;
- return GSS_S_BAD_NAMETYPE;
- }
-}
diff --git a/crypto/heimdal/lib/gssapi/import_sec_context.c b/crypto/heimdal/lib/gssapi/import_sec_context.c
deleted file mode 100644
index 2daa5736ca8d..000000000000
--- a/crypto/heimdal/lib/gssapi/import_sec_context.c
+++ /dev/null
@@ -1,212 +0,0 @@
-/*
- * Copyright (c) 1999 - 2003 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: import_sec_context.c,v 1.7 2003/03/16 18:01:32 lha Exp $");
-
-OM_uint32
-gss_import_sec_context (
- OM_uint32 * minor_status,
- const gss_buffer_t interprocess_token,
- gss_ctx_id_t * context_handle
- )
-{
- OM_uint32 ret = GSS_S_FAILURE;
- krb5_error_code kret;
- krb5_storage *sp;
- krb5_auth_context ac;
- krb5_address local, remote;
- krb5_address *localp, *remotep;
- krb5_data data;
- gss_buffer_desc buffer;
- krb5_keyblock keyblock;
- int32_t tmp;
- int32_t flags;
- OM_uint32 minor;
-
- GSSAPI_KRB5_INIT ();
-
- localp = remotep = NULL;
-
- sp = krb5_storage_from_mem (interprocess_token->value,
- interprocess_token->length);
- if (sp == NULL) {
- *minor_status = ENOMEM;
- return GSS_S_FAILURE;
- }
-
- *context_handle = malloc(sizeof(**context_handle));
- if (*context_handle == NULL) {
- *minor_status = ENOMEM;
- krb5_storage_free (sp);
- return GSS_S_FAILURE;
- }
- memset (*context_handle, 0, sizeof(**context_handle));
-
- kret = krb5_auth_con_init (gssapi_krb5_context,
- &(*context_handle)->auth_context);
- if (kret) {
- gssapi_krb5_set_error_string ();
- *minor_status = kret;
- ret = GSS_S_FAILURE;
- goto failure;
- }
-
- /* flags */
-
- *minor_status = 0;
-
- if (krb5_ret_int32 (sp, &flags) != 0)
- goto failure;
-
- /* retrieve the auth context */
-
- ac = (*context_handle)->auth_context;
- krb5_ret_int32 (sp, &ac->flags);
- if (flags & SC_LOCAL_ADDRESS) {
- if (krb5_ret_address (sp, localp = &local) != 0)
- goto failure;
- }
-
- if (flags & SC_REMOTE_ADDRESS) {
- if (krb5_ret_address (sp, remotep = &remote) != 0)
- goto failure;
- }
-
- krb5_auth_con_setaddrs (gssapi_krb5_context, ac, localp, remotep);
- if (localp)
- krb5_free_address (gssapi_krb5_context, localp);
- if (remotep)
- krb5_free_address (gssapi_krb5_context, remotep);
- localp = remotep = NULL;
-
- if (krb5_ret_int16 (sp, &ac->local_port) != 0)
- goto failure;
-
- if (krb5_ret_int16 (sp, &ac->remote_port) != 0)
- goto failure;
- if (flags & SC_KEYBLOCK) {
- if (krb5_ret_keyblock (sp, &keyblock) != 0)
- goto failure;
- krb5_auth_con_setkey (gssapi_krb5_context, ac, &keyblock);
- krb5_free_keyblock_contents (gssapi_krb5_context, &keyblock);
- }
- if (flags & SC_LOCAL_SUBKEY) {
- if (krb5_ret_keyblock (sp, &keyblock) != 0)
- goto failure;
- krb5_auth_con_setlocalsubkey (gssapi_krb5_context, ac, &keyblock);
- krb5_free_keyblock_contents (gssapi_krb5_context, &keyblock);
- }
- if (flags & SC_REMOTE_SUBKEY) {
- if (krb5_ret_keyblock (sp, &keyblock) != 0)
- goto failure;
- krb5_auth_con_setremotesubkey (gssapi_krb5_context, ac, &keyblock);
- krb5_free_keyblock_contents (gssapi_krb5_context, &keyblock);
- }
- if (krb5_ret_int32 (sp, &ac->local_seqnumber))
- goto failure;
- if (krb5_ret_int32 (sp, &ac->remote_seqnumber))
- goto failure;
-
- if (krb5_ret_int32 (sp, &tmp) != 0)
- goto failure;
- ac->keytype = tmp;
- if (krb5_ret_int32 (sp, &tmp) != 0)
- goto failure;
- ac->cksumtype = tmp;
-
- /* names */
-
- if (krb5_ret_data (sp, &data))
- goto failure;
- buffer.value = data.data;
- buffer.length = data.length;
-
- ret = gss_import_name (minor_status, &buffer, GSS_C_NT_EXPORT_NAME,
- &(*context_handle)->source);
- if (ret) {
- ret = gss_import_name (minor_status, &buffer, GSS_C_NO_OID,
- &(*context_handle)->source);
- if (ret) {
- krb5_data_free (&data);
- goto failure;
- }
- }
- krb5_data_free (&data);
-
- if (krb5_ret_data (sp, &data) != 0)
- goto failure;
- buffer.value = data.data;
- buffer.length = data.length;
-
- ret = gss_import_name (minor_status, &buffer, GSS_C_NT_EXPORT_NAME,
- &(*context_handle)->target);
- if (ret) {
- ret = gss_import_name (minor_status, &buffer, GSS_C_NO_OID,
- &(*context_handle)->target);
- if (ret) {
- krb5_data_free (&data);
- goto failure;
- }
- }
- krb5_data_free (&data);
-
- if (krb5_ret_int32 (sp, &tmp))
- goto failure;
- (*context_handle)->flags = tmp;
- if (krb5_ret_int32 (sp, &tmp))
- goto failure;
- (*context_handle)->more_flags = tmp;
- if (krb5_ret_int32 (sp, &tmp) == 0)
- (*context_handle)->lifetime = tmp;
- else
- (*context_handle)->lifetime = GSS_C_INDEFINITE;
-
- return GSS_S_COMPLETE;
-
-failure:
- krb5_auth_con_free (gssapi_krb5_context,
- (*context_handle)->auth_context);
- if ((*context_handle)->source != NULL)
- gss_release_name(&minor, &(*context_handle)->source);
- if ((*context_handle)->target != NULL)
- gss_release_name(&minor, &(*context_handle)->target);
- if (localp)
- krb5_free_address (gssapi_krb5_context, localp);
- if (remotep)
- krb5_free_address (gssapi_krb5_context, remotep);
- free (*context_handle);
- *context_handle = GSS_C_NO_CONTEXT;
- return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/indicate_mechs.c b/crypto/heimdal/lib/gssapi/indicate_mechs.c
deleted file mode 100644
index 89191bb93514..000000000000
--- a/crypto/heimdal/lib/gssapi/indicate_mechs.c
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: indicate_mechs.c,v 1.5 2003/03/16 17:38:20 lha Exp $");
-
-OM_uint32 gss_indicate_mechs
- (OM_uint32 * minor_status,
- gss_OID_set * mech_set
- )
-{
- OM_uint32 ret;
-
- ret = gss_create_empty_oid_set(minor_status, mech_set);
- if (ret)
- return ret;
-
- ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, mech_set);
- if (ret)
- return ret;
-
- *minor_status = 0;
- return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/init.c b/crypto/heimdal/lib/gssapi/init.c
deleted file mode 100644
index ddc0d7090a92..000000000000
--- a/crypto/heimdal/lib/gssapi/init.c
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: init.c,v 1.6 2001/08/13 13:14:07 joda Exp $");
-
-krb5_error_code
-gssapi_krb5_init (void)
-{
- if(gssapi_krb5_context == NULL)
- return krb5_init_context (&gssapi_krb5_context);
- return 0;
-}
diff --git a/crypto/heimdal/lib/gssapi/init_sec_context.c b/crypto/heimdal/lib/gssapi/init_sec_context.c
deleted file mode 100644
index 72286a399fbf..000000000000
--- a/crypto/heimdal/lib/gssapi/init_sec_context.c
+++ /dev/null
@@ -1,578 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: init_sec_context.c,v 1.36.2.1 2003/08/15 14:21:18 lha Exp $");
-
-/*
- * copy the addresses from `input_chan_bindings' (if any) to
- * the auth context `ac'
- */
-
-static OM_uint32
-set_addresses (krb5_auth_context ac,
- const gss_channel_bindings_t input_chan_bindings)
-{
- /* Port numbers are expected to be in application_data.value,
- * initator's port first */
-
- krb5_address initiator_addr, acceptor_addr;
- krb5_error_code kret;
-
- if (input_chan_bindings == GSS_C_NO_CHANNEL_BINDINGS
- || input_chan_bindings->application_data.length !=
- 2 * sizeof(ac->local_port))
- return 0;
-
- memset(&initiator_addr, 0, sizeof(initiator_addr));
- memset(&acceptor_addr, 0, sizeof(acceptor_addr));
-
- ac->local_port =
- *(int16_t *) input_chan_bindings->application_data.value;
-
- ac->remote_port =
- *((int16_t *) input_chan_bindings->application_data.value + 1);
-
- kret = gss_address_to_krb5addr(input_chan_bindings->acceptor_addrtype,
- &input_chan_bindings->acceptor_address,
- ac->remote_port,
- &acceptor_addr);
- if (kret)
- return kret;
-
- kret = gss_address_to_krb5addr(input_chan_bindings->initiator_addrtype,
- &input_chan_bindings->initiator_address,
- ac->local_port,
- &initiator_addr);
- if (kret) {
- krb5_free_address (gssapi_krb5_context, &acceptor_addr);
- return kret;
- }
-
- kret = krb5_auth_con_setaddrs(gssapi_krb5_context,
- ac,
- &initiator_addr, /* local address */
- &acceptor_addr); /* remote address */
-
- krb5_free_address (gssapi_krb5_context, &initiator_addr);
- krb5_free_address (gssapi_krb5_context, &acceptor_addr);
-
-#if 0
- free(input_chan_bindings->application_data.value);
- input_chan_bindings->application_data.value = NULL;
- input_chan_bindings->application_data.length = 0;
-#endif
-
- return kret;
-}
-
-/*
- * handle delegated creds in init-sec-context
- */
-
-static void
-do_delegation (krb5_auth_context ac,
- krb5_ccache ccache,
- krb5_creds *cred,
- const gss_name_t target_name,
- krb5_data *fwd_data,
- int *flags)
-{
- krb5_creds creds;
- krb5_kdc_flags fwd_flags;
- krb5_error_code kret;
-
- memset (&creds, 0, sizeof(creds));
- krb5_data_zero (fwd_data);
-
- kret = krb5_cc_get_principal(gssapi_krb5_context, ccache, &creds.client);
- if (kret)
- goto out;
-
- kret = krb5_build_principal(gssapi_krb5_context,
- &creds.server,
- strlen(creds.client->realm),
- creds.client->realm,
- KRB5_TGS_NAME,
- creds.client->realm,
- NULL);
- if (kret)
- goto out;
-
- creds.times.endtime = 0;
-
- fwd_flags.i = 0;
- fwd_flags.b.forwarded = 1;
- fwd_flags.b.forwardable = 1;
-
- if ( /*target_name->name.name_type != KRB5_NT_SRV_HST ||*/
- target_name->name.name_string.len < 2)
- goto out;
-
- kret = krb5_get_forwarded_creds(gssapi_krb5_context,
- ac,
- ccache,
- fwd_flags.i,
- target_name->name.name_string.val[1],
- &creds,
- fwd_data);
-
- out:
- if (kret)
- *flags &= ~GSS_C_DELEG_FLAG;
- else
- *flags |= GSS_C_DELEG_FLAG;
-
- if (creds.client)
- krb5_free_principal(gssapi_krb5_context, creds.client);
- if (creds.server)
- krb5_free_principal(gssapi_krb5_context, creds.server);
-}
-
-/*
- * first stage of init-sec-context
- */
-
-static OM_uint32
-init_auth
-(OM_uint32 * minor_status,
- const gss_cred_id_t initiator_cred_handle,
- gss_ctx_id_t * context_handle,
- const gss_name_t target_name,
- const gss_OID mech_type,
- OM_uint32 req_flags,
- OM_uint32 time_req,
- const gss_channel_bindings_t input_chan_bindings,
- const gss_buffer_t input_token,
- gss_OID * actual_mech_type,
- gss_buffer_t output_token,
- OM_uint32 * ret_flags,
- OM_uint32 * time_rec
- )
-{
- OM_uint32 ret = GSS_S_FAILURE;
- krb5_error_code kret;
- krb5_flags ap_options;
- krb5_creds this_cred, *cred;
- krb5_data outbuf;
- krb5_ccache ccache;
- u_int32_t flags;
- Authenticator *auth;
- krb5_data authenticator;
- Checksum cksum;
- krb5_enctype enctype;
- krb5_data fwd_data;
- OM_uint32 lifetime_rec;
-
- krb5_data_zero(&outbuf);
- krb5_data_zero(&fwd_data);
-
- *minor_status = 0;
-
- *context_handle = malloc(sizeof(**context_handle));
- if (*context_handle == NULL) {
- *minor_status = ENOMEM;
- return GSS_S_FAILURE;
- }
-
- (*context_handle)->auth_context = NULL;
- (*context_handle)->source = NULL;
- (*context_handle)->target = NULL;
- (*context_handle)->flags = 0;
- (*context_handle)->more_flags = 0;
- (*context_handle)->ticket = NULL;
- (*context_handle)->lifetime = GSS_C_INDEFINITE;
-
- kret = krb5_auth_con_init (gssapi_krb5_context,
- &(*context_handle)->auth_context);
- if (kret) {
- gssapi_krb5_set_error_string ();
- *minor_status = kret;
- ret = GSS_S_FAILURE;
- goto failure;
- }
-
- kret = set_addresses ((*context_handle)->auth_context,
- input_chan_bindings);
- if (kret) {
- *minor_status = kret;
- ret = GSS_S_BAD_BINDINGS;
- goto failure;
- }
-
- {
- int32_t tmp;
-
- krb5_auth_con_getflags(gssapi_krb5_context,
- (*context_handle)->auth_context,
- &tmp);
- tmp |= KRB5_AUTH_CONTEXT_DO_SEQUENCE;
- krb5_auth_con_setflags(gssapi_krb5_context,
- (*context_handle)->auth_context,
- tmp);
- }
-
- if (actual_mech_type)
- *actual_mech_type = GSS_KRB5_MECHANISM;
-
- if (initiator_cred_handle == GSS_C_NO_CREDENTIAL) {
- kret = krb5_cc_default (gssapi_krb5_context, &ccache);
- if (kret) {
- gssapi_krb5_set_error_string ();
- *minor_status = kret;
- ret = GSS_S_FAILURE;
- goto failure;
- }
- } else
- ccache = initiator_cred_handle->ccache;
-
- kret = krb5_cc_get_principal (gssapi_krb5_context,
- ccache,
- &(*context_handle)->source);
- if (kret) {
- gssapi_krb5_set_error_string ();
- *minor_status = kret;
- ret = GSS_S_FAILURE;
- goto failure;
- }
-
- kret = krb5_copy_principal (gssapi_krb5_context,
- target_name,
- &(*context_handle)->target);
- if (kret) {
- gssapi_krb5_set_error_string ();
- *minor_status = kret;
- ret = GSS_S_FAILURE;
- goto failure;
- }
-
- ret = _gss_DES3_get_mic_compat(minor_status, *context_handle);
- if (ret)
- goto failure;
-
-
- memset(&this_cred, 0, sizeof(this_cred));
- this_cred.client = (*context_handle)->source;
- this_cred.server = (*context_handle)->target;
- if (time_req && time_req != GSS_C_INDEFINITE) {
- krb5_timestamp ts;
-
- krb5_timeofday (gssapi_krb5_context, &ts);
- this_cred.times.endtime = ts + time_req;
- } else
- this_cred.times.endtime = 0;
- this_cred.session.keytype = 0;
-
- kret = krb5_get_credentials (gssapi_krb5_context,
- KRB5_TC_MATCH_KEYTYPE,
- ccache,
- &this_cred,
- &cred);
-
- if (kret) {
- gssapi_krb5_set_error_string ();
- *minor_status = kret;
- ret = GSS_S_FAILURE;
- goto failure;
- }
-
- (*context_handle)->lifetime = cred->times.endtime;
-
- ret = gssapi_lifetime_left(minor_status,
- (*context_handle)->lifetime,
- &lifetime_rec);
- if (ret) {
- goto failure;
- }
-
- if (lifetime_rec == 0) {
- *minor_status = 0;
- ret = GSS_S_CONTEXT_EXPIRED;
- goto failure;
- }
-
- krb5_auth_con_setkey(gssapi_krb5_context,
- (*context_handle)->auth_context,
- &cred->session);
-
- kret = krb5_auth_con_generatelocalsubkey(gssapi_krb5_context,
- (*context_handle)->auth_context,
- &cred->session);
- if(kret) {
- gssapi_krb5_set_error_string ();
- *minor_status = kret;
- ret = GSS_S_FAILURE;
- goto failure;
- }
-
- flags = 0;
- ap_options = 0;
- if (req_flags & GSS_C_DELEG_FLAG)
- do_delegation ((*context_handle)->auth_context,
- ccache, cred, target_name, &fwd_data, &flags);
-
- if (req_flags & GSS_C_MUTUAL_FLAG) {
- flags |= GSS_C_MUTUAL_FLAG;
- ap_options |= AP_OPTS_MUTUAL_REQUIRED;
- }
-
- if (req_flags & GSS_C_REPLAY_FLAG)
- ; /* XXX */
- if (req_flags & GSS_C_SEQUENCE_FLAG)
- ; /* XXX */
- if (req_flags & GSS_C_ANON_FLAG)
- ; /* XXX */
- flags |= GSS_C_CONF_FLAG;
- flags |= GSS_C_INTEG_FLAG;
- flags |= GSS_C_SEQUENCE_FLAG;
- flags |= GSS_C_TRANS_FLAG;
-
- if (ret_flags)
- *ret_flags = flags;
- (*context_handle)->flags = flags;
- (*context_handle)->more_flags |= LOCAL;
-
- ret = gssapi_krb5_create_8003_checksum (minor_status,
- input_chan_bindings,
- flags,
- &fwd_data,
- &cksum);
- krb5_data_free (&fwd_data);
- if (ret)
- goto failure;
-
-#if 1
- enctype = (*context_handle)->auth_context->keyblock->keytype;
-#else
- if ((*context_handle)->auth_context->enctype)
- enctype = (*context_handle)->auth_context->enctype;
- else {
- kret = krb5_keytype_to_enctype(gssapi_krb5_context,
- (*context_handle)->auth_context->keyblock->keytype,
- &enctype);
- if (kret)
- return kret;
- }
-#endif
-
- kret = krb5_build_authenticator (gssapi_krb5_context,
- (*context_handle)->auth_context,
- enctype,
- cred,
- &cksum,
- &auth,
- &authenticator,
- KRB5_KU_AP_REQ_AUTH);
-
- if (kret) {
- gssapi_krb5_set_error_string ();
- *minor_status = kret;
- ret = GSS_S_FAILURE;
- goto failure;
- }
-
- kret = krb5_build_ap_req (gssapi_krb5_context,
- enctype,
- cred,
- ap_options,
- authenticator,
- &outbuf);
-
- if (kret) {
- gssapi_krb5_set_error_string ();
- *minor_status = kret;
- ret = GSS_S_FAILURE;
- goto failure;
- }
-
- ret = gssapi_krb5_encapsulate (minor_status, &outbuf, output_token,
- "\x01\x00");
- if (ret)
- goto failure;
-
- krb5_data_free (&outbuf);
-
- if (flags & GSS_C_MUTUAL_FLAG) {
- return GSS_S_CONTINUE_NEEDED;
- } else {
- if (time_rec)
- *time_rec = lifetime_rec;
-
- (*context_handle)->more_flags |= OPEN;
- return GSS_S_COMPLETE;
- }
-
- failure:
- krb5_auth_con_free (gssapi_krb5_context,
- (*context_handle)->auth_context);
- if((*context_handle)->source)
- krb5_free_principal (gssapi_krb5_context,
- (*context_handle)->source);
- if((*context_handle)->target)
- krb5_free_principal (gssapi_krb5_context,
- (*context_handle)->target);
- free (*context_handle);
- krb5_data_free (&outbuf);
- *context_handle = GSS_C_NO_CONTEXT;
- return ret;
-}
-
-static OM_uint32
-repl_mutual
- (OM_uint32 * minor_status,
- const gss_cred_id_t initiator_cred_handle,
- gss_ctx_id_t * context_handle,
- const gss_name_t target_name,
- const gss_OID mech_type,
- OM_uint32 req_flags,
- OM_uint32 time_req,
- const gss_channel_bindings_t input_chan_bindings,
- const gss_buffer_t input_token,
- gss_OID * actual_mech_type,
- gss_buffer_t output_token,
- OM_uint32 * ret_flags,
- OM_uint32 * time_rec
- )
-{
- OM_uint32 ret;
- krb5_error_code kret;
- krb5_data indata;
- krb5_ap_rep_enc_part *repl;
-
- output_token->length = 0;
- output_token->value = NULL;
-
- if (actual_mech_type)
- *actual_mech_type = GSS_KRB5_MECHANISM;
-
- ret = gssapi_krb5_decapsulate (minor_status, input_token, &indata,
- "\x02\x00");
- if (ret)
- /* XXX - Handle AP_ERROR */
- return ret;
-
- kret = krb5_rd_rep (gssapi_krb5_context,
- (*context_handle)->auth_context,
- &indata,
- &repl);
- if (kret) {
- gssapi_krb5_set_error_string ();
- *minor_status = kret;
- return GSS_S_FAILURE;
- }
- krb5_free_ap_rep_enc_part (gssapi_krb5_context,
- repl);
-
- (*context_handle)->more_flags |= OPEN;
-
- *minor_status = 0;
- if (time_rec) {
- ret = gssapi_lifetime_left(minor_status,
- (*context_handle)->lifetime,
- time_rec);
- } else {
- ret = GSS_S_COMPLETE;
- }
- if (ret_flags)
- *ret_flags = (*context_handle)->flags;
-
- return ret;
-}
-
-/*
- * gss_init_sec_context
- */
-
-OM_uint32 gss_init_sec_context
- (OM_uint32 * minor_status,
- const gss_cred_id_t initiator_cred_handle,
- gss_ctx_id_t * context_handle,
- const gss_name_t target_name,
- const gss_OID mech_type,
- OM_uint32 req_flags,
- OM_uint32 time_req,
- const gss_channel_bindings_t input_chan_bindings,
- const gss_buffer_t input_token,
- gss_OID * actual_mech_type,
- gss_buffer_t output_token,
- OM_uint32 * ret_flags,
- OM_uint32 * time_rec
- )
-{
- GSSAPI_KRB5_INIT ();
-
- output_token->length = 0;
- output_token->value = NULL;
-
- if (ret_flags)
- *ret_flags = 0;
- if (time_rec)
- *time_rec = 0;
-
- if (target_name == GSS_C_NO_NAME) {
- if (actual_mech_type)
- *actual_mech_type = GSS_C_NO_OID;
- *minor_status = 0;
- return GSS_S_BAD_NAME;
- }
-
- if (input_token == GSS_C_NO_BUFFER || input_token->length == 0)
- return init_auth (minor_status,
- initiator_cred_handle,
- context_handle,
- target_name,
- mech_type,
- req_flags,
- time_req,
- input_chan_bindings,
- input_token,
- actual_mech_type,
- output_token,
- ret_flags,
- time_rec);
- else
- return repl_mutual(minor_status,
- initiator_cred_handle,
- context_handle,
- target_name,
- mech_type,
- req_flags,
- time_req,
- input_chan_bindings,
- input_token,
- actual_mech_type,
- output_token,
- ret_flags,
- time_rec);
-}
diff --git a/crypto/heimdal/lib/gssapi/inquire_context.c b/crypto/heimdal/lib/gssapi/inquire_context.c
deleted file mode 100644
index 95cd2c576e6b..000000000000
--- a/crypto/heimdal/lib/gssapi/inquire_context.c
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- * Copyright (c) 1997, 2003 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: inquire_context.c,v 1.5 2003/03/16 17:43:30 lha Exp $");
-
-OM_uint32 gss_inquire_context (
- OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
- gss_name_t * src_name,
- gss_name_t * targ_name,
- OM_uint32 * lifetime_rec,
- gss_OID * mech_type,
- OM_uint32 * ctx_flags,
- int * locally_initiated,
- int * open_context
- )
-{
- OM_uint32 ret;
-
- if (src_name) {
- ret = gss_duplicate_name (minor_status,
- context_handle->source,
- src_name);
- if (ret)
- return ret;
- }
-
- if (targ_name) {
- ret = gss_duplicate_name (minor_status,
- context_handle->target,
- targ_name);
- if (ret)
- return ret;
- }
-
- if (lifetime_rec)
- *lifetime_rec = context_handle->lifetime;
-
- if (mech_type)
- *mech_type = GSS_KRB5_MECHANISM;
-
- if (ctx_flags)
- *ctx_flags = context_handle->flags;
-
- if (locally_initiated)
- *locally_initiated = context_handle->more_flags & LOCAL;
-
- if (open_context)
- *open_context = context_handle->more_flags & OPEN;
-
- *minor_status = 0;
- return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/inquire_cred.c b/crypto/heimdal/lib/gssapi/inquire_cred.c
deleted file mode 100644
index 4938d564e587..000000000000
--- a/crypto/heimdal/lib/gssapi/inquire_cred.c
+++ /dev/null
@@ -1,97 +0,0 @@
-/*
- * Copyright (c) 1997, 2003 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: inquire_cred.c,v 1.4 2003/03/16 17:42:14 lha Exp $");
-
-OM_uint32 gss_inquire_cred
- (OM_uint32 * minor_status,
- const gss_cred_id_t cred_handle,
- gss_name_t * name,
- OM_uint32 * lifetime,
- gss_cred_usage_t * cred_usage,
- gss_OID_set * mechanisms
- )
-{
- OM_uint32 ret;
-
- *minor_status = 0;
-
- if (name)
- *name = NULL;
- if (mechanisms)
- *mechanisms = GSS_C_NO_OID_SET;
-
- if (cred_handle == GSS_C_NO_CREDENTIAL) {
- return GSS_S_FAILURE;
- }
-
- if (name != NULL) {
- if (cred_handle->principal != NULL) {
- ret = gss_duplicate_name(minor_status, cred_handle->principal,
- name);
- if (ret)
- return ret;
- } else if (cred_handle->usage == GSS_C_ACCEPT) {
- *minor_status = krb5_sname_to_principal(gssapi_krb5_context, NULL,
- NULL, KRB5_NT_SRV_HST, name);
- if (*minor_status)
- return GSS_S_FAILURE;
- } else {
- *minor_status = krb5_get_default_principal(gssapi_krb5_context,
- name);
- if (*minor_status)
- return GSS_S_FAILURE;
- }
- }
- if (lifetime != NULL) {
- *lifetime = cred_handle->lifetime;
- }
- if (cred_usage != NULL) {
- *cred_usage = cred_handle->usage;
- }
- if (mechanisms != NULL) {
- ret = gss_create_empty_oid_set(minor_status, mechanisms);
- if (ret) {
- return ret;
- }
- ret = gss_add_oid_set_member(minor_status,
- &cred_handle->mechanisms->elements[0],
- mechanisms);
- if (ret) {
- return ret;
- }
- }
- return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/inquire_cred_by_mech.c b/crypto/heimdal/lib/gssapi/inquire_cred_by_mech.c
deleted file mode 100644
index b09d1e1d5f6c..000000000000
--- a/crypto/heimdal/lib/gssapi/inquire_cred_by_mech.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: inquire_cred_by_mech.c,v 1.1 2003/03/16 18:11:16 lha Exp $");
-
-OM_uint32 gss_inquire_cred_by_mech (
- OM_uint32 * minor_status,
- const gss_cred_id_t cred_handle,
- const gss_OID mech_type,
- gss_name_t * name,
- OM_uint32 * initiator_lifetime,
- OM_uint32 * acceptor_lifetime,
- gss_cred_usage_t * cred_usage
- )
-{
- OM_uint32 ret;
- OM_uint32 lifetime;
-
- if (gss_oid_equal(mech_type, GSS_C_NO_OID) == 0 &&
- gss_oid_equal(mech_type, GSS_KRB5_MECHANISM) == 0) {
- *minor_status = EINVAL;
- return GSS_S_BAD_MECH;
- }
-
- ret = gss_inquire_cred (minor_status,
- cred_handle,
- name,
- &lifetime,
- cred_usage,
- NULL);
-
- if (ret == 0 && cred_handle != GSS_C_NO_CREDENTIAL) {
- gss_cred_usage_t usage;
-
- usage = cred_handle->usage;
-
- if (initiator_lifetime) {
- if (usage == GSS_C_INITIATE || usage == GSS_C_BOTH)
- *initiator_lifetime = lifetime;
- }
- if (acceptor_lifetime) {
- if (usage == GSS_C_ACCEPT || usage == GSS_C_BOTH)
- *acceptor_lifetime = lifetime;
- }
- }
-
- return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/inquire_mechs_for_name.c b/crypto/heimdal/lib/gssapi/inquire_mechs_for_name.c
deleted file mode 100644
index 67ebb04db4de..000000000000
--- a/crypto/heimdal/lib/gssapi/inquire_mechs_for_name.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: inquire_mechs_for_name.c,v 1.1 2003/03/16 18:12:33 lha Exp $");
-
-OM_uint32 gss_inquire_mechs_for_name (
- OM_uint32 * minor_status,
- const gss_name_t input_name,
- gss_OID_set * mech_types
- )
-{
- OM_uint32 ret;
-
- ret = gss_create_empty_oid_set(minor_status, mech_types);
- if (ret)
- return ret;
-
- ret = gss_add_oid_set_member(minor_status,
- GSS_KRB5_MECHANISM,
- mech_types);
- if (ret)
- gss_release_oid_set(NULL, mech_types);
-
- return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/inquire_names_for_mech.c b/crypto/heimdal/lib/gssapi/inquire_names_for_mech.c
deleted file mode 100644
index 0e93de685444..000000000000
--- a/crypto/heimdal/lib/gssapi/inquire_names_for_mech.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: inquire_names_for_mech.c,v 1.1 2003/03/16 18:15:29 lha Exp $");
-
-
-static gss_OID *name_list[] = {
- &GSS_C_NT_HOSTBASED_SERVICE,
- &GSS_C_NT_USER_NAME,
- &GSS_KRB5_NT_PRINCIPAL_NAME,
- &GSS_C_NT_EXPORT_NAME,
- NULL
-};
-
-OM_uint32 gss_inquire_names_for_mech (
- OM_uint32 * minor_status,
- const gss_OID mechanism,
- gss_OID_set * name_types
- )
-{
- OM_uint32 ret;
- int i;
-
- *minor_status = 0;
-
- if (gss_oid_equal(mechanism, GSS_KRB5_MECHANISM) == 0 &&
- gss_oid_equal(mechanism, GSS_C_NULL_OID) == 0) {
- *name_types = GSS_C_NO_OID_SET;
- return GSS_S_BAD_MECH;
- }
-
- ret = gss_create_empty_oid_set(minor_status, name_types);
- if (ret != GSS_S_COMPLETE)
- return ret;
-
- for (i = 0; name_list[i] != NULL; i++) {
- ret = gss_add_oid_set_member(minor_status,
- *(name_list[i]),
- name_types);
- if (ret != GSS_S_COMPLETE)
- break;
- }
-
- if (ret != GSS_S_COMPLETE)
- gss_release_oid_set(NULL, name_types);
-
- return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/process_context_token.c b/crypto/heimdal/lib/gssapi/process_context_token.c
deleted file mode 100644
index 0cec33cc3e6f..000000000000
--- a/crypto/heimdal/lib/gssapi/process_context_token.c
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * Copyright (c) 2003 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: process_context_token.c,v 1.1 2003/03/16 18:19:05 lha Exp $");
-
-OM_uint32 gss_process_context_token (
- OM_uint32 *minor_status,
- const gss_ctx_id_t context_handle,
- const gss_buffer_t token_buffer
- )
-{
- OM_uint32 ret = GSS_S_FAILURE;
- gss_buffer_desc empty_buffer;
- gss_qop_t qop_state;
-
- empty_buffer.length = 0;
- empty_buffer.value = NULL;
-
- qop_state = GSS_C_QOP_DEFAULT;
-
- ret = gss_verify_mic_internal(minor_status, context_handle,
- token_buffer, &empty_buffer,
- GSS_C_QOP_DEFAULT, "\x01\x02");
-
- if (ret == GSS_S_COMPLETE)
- ret = gss_delete_sec_context(minor_status,
- (gss_ctx_id_t *)&context_handle,
- GSS_C_NO_BUFFER);
- if (ret == GSS_S_COMPLETE)
- *minor_status = 0;
-
- return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/release_buffer.c b/crypto/heimdal/lib/gssapi/release_buffer.c
deleted file mode 100644
index 258b76f62768..000000000000
--- a/crypto/heimdal/lib/gssapi/release_buffer.c
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000, 2003 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: release_buffer.c,v 1.5 2003/03/16 17:58:20 lha Exp $");
-
-OM_uint32 gss_release_buffer
- (OM_uint32 * minor_status,
- gss_buffer_t buffer
- )
-{
- *minor_status = 0;
- free (buffer->value);
- buffer->value = NULL;
- buffer->length = 0;
- return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/release_cred.c b/crypto/heimdal/lib/gssapi/release_cred.c
deleted file mode 100644
index 01cbb6a0f9d9..000000000000
--- a/crypto/heimdal/lib/gssapi/release_cred.c
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: release_cred.c,v 1.8.2.1 2003/10/07 01:08:21 lha Exp $");
-
-OM_uint32 gss_release_cred
- (OM_uint32 * minor_status,
- gss_cred_id_t * cred_handle
- )
-{
- *minor_status = 0;
-
- if (*cred_handle == GSS_C_NO_CREDENTIAL) {
- return GSS_S_COMPLETE;
- }
-
- GSSAPI_KRB5_INIT ();
-
- if ((*cred_handle)->principal != NULL)
- krb5_free_principal(gssapi_krb5_context, (*cred_handle)->principal);
- if ((*cred_handle)->keytab != NULL)
- krb5_kt_close(gssapi_krb5_context, (*cred_handle)->keytab);
- if ((*cred_handle)->ccache != NULL) {
- const krb5_cc_ops *ops;
- ops = krb5_cc_get_ops(gssapi_krb5_context, (*cred_handle)->ccache);
- if (ops == &krb5_mcc_ops)
- krb5_cc_destroy(gssapi_krb5_context, (*cred_handle)->ccache);
- else
- krb5_cc_close(gssapi_krb5_context, (*cred_handle)->ccache);
- }
- gss_release_oid_set(NULL, &(*cred_handle)->mechanisms);
- free(*cred_handle);
- *cred_handle = GSS_C_NO_CREDENTIAL;
- return GSS_S_COMPLETE;
-}
-
diff --git a/crypto/heimdal/lib/gssapi/release_name.c b/crypto/heimdal/lib/gssapi/release_name.c
deleted file mode 100644
index 6894ffae49c2..000000000000
--- a/crypto/heimdal/lib/gssapi/release_name.c
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: release_name.c,v 1.7 2003/03/16 17:52:48 lha Exp $");
-
-OM_uint32 gss_release_name
- (OM_uint32 * minor_status,
- gss_name_t * input_name
- )
-{
- GSSAPI_KRB5_INIT ();
- if (minor_status)
- *minor_status = 0;
- krb5_free_principal(gssapi_krb5_context,
- *input_name);
- *input_name = GSS_C_NO_NAME;
- return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/release_oid_set.c b/crypto/heimdal/lib/gssapi/release_oid_set.c
deleted file mode 100644
index 04eb01565f79..000000000000
--- a/crypto/heimdal/lib/gssapi/release_oid_set.c
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (c) 1997 - 2000, 2003 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: release_oid_set.c,v 1.5 2003/03/16 17:53:25 lha Exp $");
-
-OM_uint32 gss_release_oid_set
- (OM_uint32 * minor_status,
- gss_OID_set * set
- )
-{
- if (minor_status)
- *minor_status = 0;
- free ((*set)->elements);
- free (*set);
- *set = GSS_C_NO_OID_SET;
- return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/spnego/accept_sec_context.c b/crypto/heimdal/lib/gssapi/spnego/accept_sec_context.c
index 1afe26f1e39d..34e58a38bb3b 100644
--- a/crypto/heimdal/lib/gssapi/spnego/accept_sec_context.c
+++ b/crypto/heimdal/lib/gssapi/spnego/accept_sec_context.c
@@ -34,6 +34,7 @@
#include "spnego/spnego_locl.h"
RCSID("$Id: accept_sec_context.c 21461 2007-07-10 14:01:13Z lha $");
+/* $FreeBSD$ */
static OM_uint32
send_reject (OM_uint32 *minor_status,
@@ -376,6 +377,9 @@ select_mech(OM_uint32 *minor_status, MechType *mechType, int verify_p,
char mechbuf[64];
size_t mech_len;
gss_OID_desc oid;
+ gss_OID oidp;
+ gss_OID_set mechs;
+ int i;
OM_uint32 ret, junk;
ret = der_put_oid ((unsigned char *)mechbuf + sizeof(mechbuf) - 1,
@@ -396,27 +400,29 @@ select_mech(OM_uint32 *minor_status, MechType *mechType, int verify_p,
*minor_status = 0;
/* Translate broken MS Kebreros OID */
- if (gss_oid_equal(&oid, &_gss_spnego_mskrb_mechanism_oid_desc)) {
- gssapi_mech_interface mech;
+ if (gss_oid_equal(&oid, &_gss_spnego_mskrb_mechanism_oid_desc))
+ oidp = &_gss_spnego_krb5_mechanism_oid_desc;
+ else
+ oidp = &oid;
- mech = __gss_get_mechanism(&_gss_spnego_krb5_mechanism_oid_desc);
- if (mech == NULL)
- return GSS_S_BAD_MECH;
- ret = gss_duplicate_oid(minor_status,
- &_gss_spnego_mskrb_mechanism_oid_desc,
- mech_p);
- } else {
- gssapi_mech_interface mech;
+ ret = gss_indicate_mechs(&junk, &mechs);
+ if (ret)
+ return (ret);
- mech = __gss_get_mechanism(&oid);
- if (mech == NULL)
- return GSS_S_BAD_MECH;
+ for (i = 0; i < mechs->count; i++)
+ if (gss_oid_equal(&mechs->elements[i], oidp))
+ break;
- ret = gss_duplicate_oid(minor_status,
- &mech->gm_mech_oid,
- mech_p);
+ if (i == mechs->count) {
+ gss_release_oid_set(&junk, &mechs);
+ return GSS_S_BAD_MECH;
}
+ gss_release_oid_set(&junk, &mechs);
+
+ ret = gss_duplicate_oid(minor_status,
+ &oid, /* possibly this should be oidp */
+ mech_p);
if (verify_p) {
gss_name_t name = GSS_C_NO_NAME;
diff --git a/crypto/heimdal/lib/gssapi/spnego/spnego_locl.h b/crypto/heimdal/lib/gssapi/spnego/spnego_locl.h
index 44b24688e18f..1ec1704776f0 100644
--- a/crypto/heimdal/lib/gssapi/spnego/spnego_locl.h
+++ b/crypto/heimdal/lib/gssapi/spnego/spnego_locl.h
@@ -31,6 +31,7 @@
*/
/* $Id: spnego_locl.h 19411 2006-12-18 15:42:03Z lha $ */
+/* $FreeBSD$ */
#ifndef SPNEGO_LOCL_H
#define SPNEGO_LOCL_H
@@ -67,7 +68,6 @@
#include <gssapi_mech.h>
#include "spnego_asn1.h"
-#include "mech/utils.h"
#include <der.h>
#include <roken.h>
diff --git a/crypto/heimdal/lib/gssapi/test_oid_set_member.c b/crypto/heimdal/lib/gssapi/test_oid_set_member.c
deleted file mode 100644
index e747c5acc108..000000000000
--- a/crypto/heimdal/lib/gssapi/test_oid_set_member.c
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright (c) 1997, 2003 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: test_oid_set_member.c,v 1.5 2003/03/16 17:54:06 lha Exp $");
-
-OM_uint32 gss_test_oid_set_member (
- OM_uint32 * minor_status,
- const gss_OID member,
- const gss_OID_set set,
- int * present
- )
-{
- size_t i;
-
- *minor_status = 0;
- *present = 0;
- for (i = 0; i < set->count; ++i)
- if (gss_oid_equal(member, &set->elements[i]) != 0) {
- *present = 1;
- break;
- }
- return GSS_S_COMPLETE;
-}
diff --git a/crypto/heimdal/lib/gssapi/unwrap.c b/crypto/heimdal/lib/gssapi/unwrap.c
deleted file mode 100644
index b798438dc614..000000000000
--- a/crypto/heimdal/lib/gssapi/unwrap.c
+++ /dev/null
@@ -1,422 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: unwrap.c,v 1.22.2.1 2003/09/18 22:05:22 lha Exp $");
-
-OM_uint32
-gss_krb5_get_remotekey(const gss_ctx_id_t context_handle,
- krb5_keyblock **key)
-{
- krb5_keyblock *skey;
-
- krb5_auth_con_getremotesubkey(gssapi_krb5_context,
- context_handle->auth_context,
- &skey);
- if(skey == NULL)
- krb5_auth_con_getlocalsubkey(gssapi_krb5_context,
- context_handle->auth_context,
- &skey);
- if(skey == NULL)
- krb5_auth_con_getkey(gssapi_krb5_context,
- context_handle->auth_context,
- &skey);
- if(skey == NULL)
- return GSS_KRB5_S_KG_NO_SUBKEY; /* XXX */
- *key = skey;
- return 0;
-}
-
-static OM_uint32
-unwrap_des
- (OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
- const gss_buffer_t input_message_buffer,
- gss_buffer_t output_message_buffer,
- int * conf_state,
- gss_qop_t * qop_state,
- krb5_keyblock *key
- )
-{
- u_char *p, *pad;
- size_t len;
- MD5_CTX md5;
- u_char hash[16], seq_data[8];
- des_key_schedule schedule;
- des_cblock deskey;
- des_cblock zero;
- int i;
- int32_t seq_number;
- size_t padlength;
- OM_uint32 ret;
- int cstate;
-
- p = input_message_buffer->value;
- ret = gssapi_krb5_verify_header (&p,
- input_message_buffer->length,
- "\x02\x01");
- if (ret)
- return ret;
-
- if (memcmp (p, "\x00\x00", 2) != 0)
- return GSS_S_BAD_SIG;
- p += 2;
- if (memcmp (p, "\x00\x00", 2) == 0) {
- cstate = 1;
- } else if (memcmp (p, "\xFF\xFF", 2) == 0) {
- cstate = 0;
- } else
- return GSS_S_BAD_MIC;
- p += 2;
- if(conf_state != NULL)
- *conf_state = cstate;
- if (memcmp (p, "\xff\xff", 2) != 0)
- return GSS_S_DEFECTIVE_TOKEN;
- p += 2;
- p += 16;
-
- len = p - (u_char *)input_message_buffer->value;
-
- if(cstate) {
- /* decrypt data */
- memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
-
- for (i = 0; i < sizeof(deskey); ++i)
- deskey[i] ^= 0xf0;
- des_set_key (&deskey, schedule);
- memset (&zero, 0, sizeof(zero));
- des_cbc_encrypt ((void *)p,
- (void *)p,
- input_message_buffer->length - len,
- schedule,
- &zero,
- DES_DECRYPT);
-
- memset (deskey, 0, sizeof(deskey));
- memset (schedule, 0, sizeof(schedule));
- }
- /* check pad */
-
- pad = (u_char *)input_message_buffer->value + input_message_buffer->length - 1;
- padlength = *pad;
-
- for (i = padlength; i > 0 && *pad == padlength; i--, pad--)
- ;
- if (i != 0)
- return GSS_S_BAD_MIC;
-
- MD5_Init (&md5);
- MD5_Update (&md5, p - 24, 8);
- MD5_Update (&md5, p, input_message_buffer->length - len);
- MD5_Final (hash, &md5);
-
- memset (&zero, 0, sizeof(zero));
- memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
- des_set_key (&deskey, schedule);
- des_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
- schedule, &zero);
- if (memcmp (p - 8, hash, 8) != 0)
- return GSS_S_BAD_MIC;
-
- /* verify sequence number */
-
- krb5_auth_getremoteseqnumber (gssapi_krb5_context,
- context_handle->auth_context,
- &seq_number);
- seq_data[0] = (seq_number >> 0) & 0xFF;
- seq_data[1] = (seq_number >> 8) & 0xFF;
- seq_data[2] = (seq_number >> 16) & 0xFF;
- seq_data[3] = (seq_number >> 24) & 0xFF;
- memset (seq_data + 4,
- (context_handle->more_flags & LOCAL) ? 0xFF : 0,
- 4);
-
- p -= 16;
- des_set_key (&deskey, schedule);
- des_cbc_encrypt ((void *)p, (void *)p, 8,
- schedule, (des_cblock *)hash, DES_DECRYPT);
-
- memset (deskey, 0, sizeof(deskey));
- memset (schedule, 0, sizeof(schedule));
-
- if (memcmp (p, seq_data, 8) != 0) {
- return GSS_S_BAD_MIC;
- }
-
- krb5_auth_con_setremoteseqnumber (gssapi_krb5_context,
- context_handle->auth_context,
- ++seq_number);
-
- /* copy out data */
-
- output_message_buffer->length = input_message_buffer->length
- - len - padlength - 8;
- output_message_buffer->value = malloc(output_message_buffer->length);
- if(output_message_buffer->length != 0 && output_message_buffer->value == NULL)
- return GSS_S_FAILURE;
- memcpy (output_message_buffer->value,
- p + 24,
- output_message_buffer->length);
- return GSS_S_COMPLETE;
-}
-
-static OM_uint32
-unwrap_des3
- (OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
- const gss_buffer_t input_message_buffer,
- gss_buffer_t output_message_buffer,
- int * conf_state,
- gss_qop_t * qop_state,
- krb5_keyblock *key
- )
-{
- u_char *p, *pad;
- size_t len;
- u_char seq[8];
- krb5_data seq_data;
- u_char cksum[20];
- int i;
- int32_t seq_number;
- size_t padlength;
- OM_uint32 ret;
- int cstate;
- krb5_crypto crypto;
- Checksum csum;
- int cmp;
-
- p = input_message_buffer->value;
- ret = gssapi_krb5_verify_header (&p,
- input_message_buffer->length,
- "\x02\x01");
- if (ret)
- return ret;
-
- if (memcmp (p, "\x04\x00", 2) != 0) /* HMAC SHA1 DES3_KD */
- return GSS_S_BAD_SIG;
- p += 2;
- if (memcmp (p, "\x02\x00", 2) == 0) {
- cstate = 1;
- } else if (memcmp (p, "\xff\xff", 2) == 0) {
- cstate = 0;
- } else
- return GSS_S_BAD_MIC;
- p += 2;
- if(conf_state != NULL)
- *conf_state = cstate;
- if (memcmp (p, "\xff\xff", 2) != 0)
- return GSS_S_DEFECTIVE_TOKEN;
- p += 2;
- p += 28;
-
- len = p - (u_char *)input_message_buffer->value;
-
- if(cstate) {
- /* decrypt data */
- krb5_data tmp;
-
- ret = krb5_crypto_init(gssapi_krb5_context, key,
- ETYPE_DES3_CBC_NONE, &crypto);
- if (ret) {
- gssapi_krb5_set_error_string ();
- *minor_status = ret;
- return GSS_S_FAILURE;
- }
- ret = krb5_decrypt(gssapi_krb5_context, crypto, KRB5_KU_USAGE_SEAL,
- p, input_message_buffer->length - len, &tmp);
- krb5_crypto_destroy(gssapi_krb5_context, crypto);
- if (ret) {
- gssapi_krb5_set_error_string ();
- *minor_status = ret;
- return GSS_S_FAILURE;
- }
- assert (tmp.length == input_message_buffer->length - len);
-
- memcpy (p, tmp.data, tmp.length);
- krb5_data_free(&tmp);
- }
- /* check pad */
-
- pad = (u_char *)input_message_buffer->value + input_message_buffer->length - 1;
- padlength = *pad;
-
- for (i = padlength; i > 0 && *pad == padlength; i--, pad--)
- ;
- if (i != 0)
- return GSS_S_BAD_MIC;
-
- /* verify sequence number */
-
- krb5_auth_getremoteseqnumber (gssapi_krb5_context,
- context_handle->auth_context,
- &seq_number);
- seq[0] = (seq_number >> 0) & 0xFF;
- seq[1] = (seq_number >> 8) & 0xFF;
- seq[2] = (seq_number >> 16) & 0xFF;
- seq[3] = (seq_number >> 24) & 0xFF;
- memset (seq + 4,
- (context_handle->more_flags & LOCAL) ? 0xFF : 0,
- 4);
-
- p -= 28;
-
- ret = krb5_crypto_init(gssapi_krb5_context, key,
- ETYPE_DES3_CBC_NONE, &crypto);
- if (ret) {
- gssapi_krb5_set_error_string ();
- *minor_status = ret;
- return GSS_S_FAILURE;
- }
- {
- des_cblock ivec;
-
- memcpy(&ivec, p + 8, 8);
- ret = krb5_decrypt_ivec (gssapi_krb5_context,
- crypto,
- KRB5_KU_USAGE_SEQ,
- p, 8, &seq_data,
- &ivec);
- }
- krb5_crypto_destroy (gssapi_krb5_context, crypto);
- if (ret) {
- gssapi_krb5_set_error_string ();
- *minor_status = ret;
- return GSS_S_FAILURE;
- }
- if (seq_data.length != 8) {
- krb5_data_free (&seq_data);
- return GSS_S_BAD_MIC;
- }
-
- cmp = memcmp (seq, seq_data.data, seq_data.length);
- krb5_data_free (&seq_data);
- if (cmp != 0) {
- return GSS_S_BAD_MIC;
- }
-
- krb5_auth_con_setremoteseqnumber (gssapi_krb5_context,
- context_handle->auth_context,
- ++seq_number);
-
- /* verify checksum */
-
- memcpy (cksum, p + 8, 20);
-
- memcpy (p + 20, p - 8, 8);
-
- csum.cksumtype = CKSUMTYPE_HMAC_SHA1_DES3;
- csum.checksum.length = 20;
- csum.checksum.data = cksum;
-
- ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto);
- if (ret) {
- gssapi_krb5_set_error_string ();
- *minor_status = ret;
- return GSS_S_FAILURE;
- }
-
- ret = krb5_verify_checksum (gssapi_krb5_context, crypto,
- KRB5_KU_USAGE_SIGN,
- p + 20,
- input_message_buffer->length - len + 8,
- &csum);
- krb5_crypto_destroy (gssapi_krb5_context, crypto);
- if (ret) {
- gssapi_krb5_set_error_string ();
- *minor_status = ret;
- return GSS_S_FAILURE;
- }
-
- /* copy out data */
-
- output_message_buffer->length = input_message_buffer->length
- - len - padlength - 8;
- output_message_buffer->value = malloc(output_message_buffer->length);
- if(output_message_buffer->length != 0 && output_message_buffer->value == NULL)
- return GSS_S_FAILURE;
- memcpy (output_message_buffer->value,
- p + 36,
- output_message_buffer->length);
- return GSS_S_COMPLETE;
-}
-
-OM_uint32 gss_unwrap
- (OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
- const gss_buffer_t input_message_buffer,
- gss_buffer_t output_message_buffer,
- int * conf_state,
- gss_qop_t * qop_state
- )
-{
- krb5_keyblock *key;
- OM_uint32 ret;
- krb5_keytype keytype;
-
- if (qop_state != NULL)
- *qop_state = GSS_C_QOP_DEFAULT;
- ret = gss_krb5_get_remotekey(context_handle, &key);
- if (ret) {
- gssapi_krb5_set_error_string ();
- *minor_status = ret;
- return GSS_S_FAILURE;
- }
- krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype);
-
- *minor_status = 0;
-
- switch (keytype) {
- case KEYTYPE_DES :
- ret = unwrap_des (minor_status, context_handle,
- input_message_buffer, output_message_buffer,
- conf_state, qop_state, key);
- break;
- case KEYTYPE_DES3 :
- ret = unwrap_des3 (minor_status, context_handle,
- input_message_buffer, output_message_buffer,
- conf_state, qop_state, key);
- break;
- case KEYTYPE_ARCFOUR:
- ret = _gssapi_unwrap_arcfour (minor_status, context_handle,
- input_message_buffer, output_message_buffer,
- conf_state, qop_state, key);
- break;
- default :
- *minor_status = KRB5_PROG_ETYPE_NOSUPP;
- ret = GSS_S_FAILURE;
- break;
- }
- krb5_free_keyblock (gssapi_krb5_context, key);
- return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/v1.c b/crypto/heimdal/lib/gssapi/v1.c
deleted file mode 100644
index 34091ea71572..000000000000
--- a/crypto/heimdal/lib/gssapi/v1.c
+++ /dev/null
@@ -1,104 +0,0 @@
-/*
- * Copyright (c) 1997 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: v1.c,v 1.2 1999/12/02 17:05:04 joda Exp $");
-
-/* These functions are for V1 compatibility */
-
-OM_uint32 gss_sign
- (OM_uint32 * minor_status,
- gss_ctx_id_t context_handle,
- int qop_req,
- gss_buffer_t message_buffer,
- gss_buffer_t message_token
- )
-{
- return gss_get_mic(minor_status,
- context_handle,
- (gss_qop_t)qop_req,
- message_buffer,
- message_token);
-}
-
-OM_uint32 gss_verify
- (OM_uint32 * minor_status,
- gss_ctx_id_t context_handle,
- gss_buffer_t message_buffer,
- gss_buffer_t token_buffer,
- int * qop_state
- )
-{
- return gss_verify_mic(minor_status,
- context_handle,
- message_buffer,
- token_buffer,
- (gss_qop_t *)qop_state);
-}
-
-OM_uint32 gss_seal
- (OM_uint32 * minor_status,
- gss_ctx_id_t context_handle,
- int conf_req_flag,
- int qop_req,
- gss_buffer_t input_message_buffer,
- int * conf_state,
- gss_buffer_t output_message_buffer
- )
-{
- return gss_wrap(minor_status,
- context_handle,
- conf_req_flag,
- (gss_qop_t)qop_req,
- input_message_buffer,
- conf_state,
- output_message_buffer);
-}
-
-OM_uint32 gss_unseal
- (OM_uint32 * minor_status,
- gss_ctx_id_t context_handle,
- gss_buffer_t input_message_buffer,
- gss_buffer_t output_message_buffer,
- int * conf_state,
- int * qop_state
- )
-{
- return gss_unwrap(minor_status,
- context_handle,
- input_message_buffer,
- output_message_buffer,
- conf_state,
- (gss_qop_t *)qop_state);
-}
diff --git a/crypto/heimdal/lib/gssapi/verify_mic.c b/crypto/heimdal/lib/gssapi/verify_mic.c
deleted file mode 100644
index aef2d07da6bf..000000000000
--- a/crypto/heimdal/lib/gssapi/verify_mic.c
+++ /dev/null
@@ -1,322 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: verify_mic.c,v 1.18.2.4 2003/09/18 22:05:34 lha Exp $");
-
-static OM_uint32
-verify_mic_des
- (OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
- const gss_buffer_t message_buffer,
- const gss_buffer_t token_buffer,
- gss_qop_t * qop_state,
- krb5_keyblock *key,
- char *type
- )
-{
- u_char *p;
- MD5_CTX md5;
- u_char hash[16], seq_data[8];
- des_key_schedule schedule;
- des_cblock zero;
- des_cblock deskey;
- int32_t seq_number;
- OM_uint32 ret;
-
- p = token_buffer->value;
- ret = gssapi_krb5_verify_header (&p,
- token_buffer->length,
- type);
- if (ret)
- return ret;
-
- if (memcmp(p, "\x00\x00", 2) != 0)
- return GSS_S_BAD_SIG;
- p += 2;
- if (memcmp (p, "\xff\xff\xff\xff", 4) != 0)
- return GSS_S_BAD_MIC;
- p += 4;
- p += 16;
-
- /* verify checksum */
- MD5_Init (&md5);
- MD5_Update (&md5, p - 24, 8);
- MD5_Update (&md5, message_buffer->value,
- message_buffer->length);
- MD5_Final (hash, &md5);
-
- memset (&zero, 0, sizeof(zero));
- memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
-
- des_set_key (&deskey, schedule);
- des_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
- schedule, &zero);
- if (memcmp (p - 8, hash, 8) != 0) {
- memset (deskey, 0, sizeof(deskey));
- memset (schedule, 0, sizeof(schedule));
- return GSS_S_BAD_MIC;
- }
-
- /* verify sequence number */
-
- krb5_auth_getremoteseqnumber (gssapi_krb5_context,
- context_handle->auth_context,
- &seq_number);
- seq_data[0] = (seq_number >> 0) & 0xFF;
- seq_data[1] = (seq_number >> 8) & 0xFF;
- seq_data[2] = (seq_number >> 16) & 0xFF;
- seq_data[3] = (seq_number >> 24) & 0xFF;
- memset (seq_data + 4,
- (context_handle->more_flags & LOCAL) ? 0xFF : 0,
- 4);
-
- p -= 16;
- des_set_key (&deskey, schedule);
- des_cbc_encrypt ((void *)p, (void *)p, 8,
- schedule, (des_cblock *)hash, DES_DECRYPT);
-
- memset (deskey, 0, sizeof(deskey));
- memset (schedule, 0, sizeof(schedule));
-
- if (memcmp (p, seq_data, 8) != 0) {
- return GSS_S_BAD_MIC;
- }
-
- krb5_auth_con_setremoteseqnumber (gssapi_krb5_context,
- context_handle->auth_context,
- ++seq_number);
-
- return GSS_S_COMPLETE;
-}
-
-static OM_uint32
-verify_mic_des3
- (OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
- const gss_buffer_t message_buffer,
- const gss_buffer_t token_buffer,
- gss_qop_t * qop_state,
- krb5_keyblock *key,
- char *type
- )
-{
- u_char *p;
- u_char seq[8];
- int32_t seq_number;
- OM_uint32 ret;
- krb5_crypto crypto;
- krb5_data seq_data;
- int cmp, docompat;
- Checksum csum;
- char *tmp;
- char ivec[8];
-
- p = token_buffer->value;
- ret = gssapi_krb5_verify_header (&p,
- token_buffer->length,
- type);
- if (ret)
- return ret;
-
- if (memcmp(p, "\x04\x00", 2) != 0) /* SGN_ALG = HMAC SHA1 DES3-KD */
- return GSS_S_BAD_SIG;
- p += 2;
- if (memcmp (p, "\xff\xff\xff\xff", 4) != 0)
- return GSS_S_BAD_MIC;
- p += 4;
-
- ret = krb5_crypto_init(gssapi_krb5_context, key,
- ETYPE_DES3_CBC_NONE, &crypto);
- if (ret){
- gssapi_krb5_set_error_string ();
- *minor_status = ret;
- return GSS_S_FAILURE;
- }
-
- /* verify sequence number */
- docompat = 0;
-retry:
- if (docompat)
- memset(ivec, 0, 8);
- else
- memcpy(ivec, p + 8, 8);
-
- ret = krb5_decrypt_ivec (gssapi_krb5_context,
- crypto,
- KRB5_KU_USAGE_SEQ,
- p, 8, &seq_data, ivec);
- if (ret) {
- if (docompat++) {
- gssapi_krb5_set_error_string ();
- krb5_crypto_destroy (gssapi_krb5_context, crypto);
- *minor_status = ret;
- return GSS_S_FAILURE;
- } else
- goto retry;
- }
-
- if (seq_data.length != 8) {
- krb5_data_free (&seq_data);
- if (docompat++) {
- krb5_crypto_destroy (gssapi_krb5_context, crypto);
- return GSS_S_BAD_MIC;
- } else
- goto retry;
- }
-
- krb5_auth_getremoteseqnumber (gssapi_krb5_context,
- context_handle->auth_context,
- &seq_number);
- seq[0] = (seq_number >> 0) & 0xFF;
- seq[1] = (seq_number >> 8) & 0xFF;
- seq[2] = (seq_number >> 16) & 0xFF;
- seq[3] = (seq_number >> 24) & 0xFF;
- memset (seq + 4,
- (context_handle->more_flags & LOCAL) ? 0xFF : 0,
- 4);
- cmp = memcmp (seq, seq_data.data, seq_data.length);
- krb5_data_free (&seq_data);
- if (cmp != 0) {
- if (docompat++) {
- krb5_crypto_destroy (gssapi_krb5_context, crypto);
- return GSS_S_BAD_MIC;
- } else
- goto retry;
- }
-
- /* verify checksum */
-
- tmp = malloc (message_buffer->length + 8);
- if (tmp == NULL) {
- krb5_crypto_destroy (gssapi_krb5_context, crypto);
- *minor_status = ENOMEM;
- return GSS_S_FAILURE;
- }
-
- memcpy (tmp, p - 8, 8);
- memcpy (tmp + 8, message_buffer->value, message_buffer->length);
-
- csum.cksumtype = CKSUMTYPE_HMAC_SHA1_DES3;
- csum.checksum.length = 20;
- csum.checksum.data = p + 8;
-
- ret = krb5_verify_checksum (gssapi_krb5_context, crypto,
- KRB5_KU_USAGE_SIGN,
- tmp, message_buffer->length + 8,
- &csum);
- free (tmp);
- if (ret) {
- gssapi_krb5_set_error_string ();
- krb5_crypto_destroy (gssapi_krb5_context, crypto);
- *minor_status = ret;
- return GSS_S_BAD_MIC;
- }
-
- krb5_auth_con_setremoteseqnumber (gssapi_krb5_context,
- context_handle->auth_context,
- ++seq_number);
-
- krb5_crypto_destroy (gssapi_krb5_context, crypto);
- return GSS_S_COMPLETE;
-}
-
-OM_uint32
-gss_verify_mic_internal
- (OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
- const gss_buffer_t message_buffer,
- const gss_buffer_t token_buffer,
- gss_qop_t * qop_state,
- char * type
- )
-{
- krb5_keyblock *key;
- OM_uint32 ret;
- krb5_keytype keytype;
-
- ret = gss_krb5_get_remotekey(context_handle, &key);
- if (ret) {
- gssapi_krb5_set_error_string ();
- *minor_status = ret;
- return GSS_S_FAILURE;
- }
- *minor_status = 0;
- krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype);
- switch (keytype) {
- case KEYTYPE_DES :
- ret = verify_mic_des (minor_status, context_handle,
- message_buffer, token_buffer, qop_state, key,
- type);
- break;
- case KEYTYPE_DES3 :
- ret = verify_mic_des3 (minor_status, context_handle,
- message_buffer, token_buffer, qop_state, key,
- type);
- break;
- case KEYTYPE_ARCFOUR :
- ret = _gssapi_verify_mic_arcfour (minor_status, context_handle,
- message_buffer, token_buffer,
- qop_state, key, type);
- break;
- default :
- *minor_status = KRB5_PROG_ETYPE_NOSUPP;
- ret = GSS_S_FAILURE;
- break;
- }
- krb5_free_keyblock (gssapi_krb5_context, key);
-
- return ret;
-}
-
-OM_uint32
-gss_verify_mic
- (OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
- const gss_buffer_t message_buffer,
- const gss_buffer_t token_buffer,
- gss_qop_t * qop_state
- )
-{
- OM_uint32 ret;
-
- if (qop_state != NULL)
- *qop_state = GSS_C_QOP_DEFAULT;
-
- ret = gss_verify_mic_internal(minor_status, context_handle,
- message_buffer, token_buffer,
- qop_state, "\x01\x01");
-
- return ret;
-}
diff --git a/crypto/heimdal/lib/gssapi/wrap.c b/crypto/heimdal/lib/gssapi/wrap.c
deleted file mode 100644
index a0f9d2ff52ea..000000000000
--- a/crypto/heimdal/lib/gssapi/wrap.c
+++ /dev/null
@@ -1,454 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "gssapi_locl.h"
-
-RCSID("$Id: wrap.c,v 1.21.2.1 2003/09/18 22:05:45 lha Exp $");
-
-OM_uint32
-gss_krb5_get_localkey(const gss_ctx_id_t context_handle,
- krb5_keyblock **key)
-{
- krb5_keyblock *skey;
-
- krb5_auth_con_getlocalsubkey(gssapi_krb5_context,
- context_handle->auth_context,
- &skey);
- if(skey == NULL)
- krb5_auth_con_getremotesubkey(gssapi_krb5_context,
- context_handle->auth_context,
- &skey);
- if(skey == NULL)
- krb5_auth_con_getkey(gssapi_krb5_context,
- context_handle->auth_context,
- &skey);
- if(skey == NULL)
- return GSS_S_FAILURE;
- *key = skey;
- return 0;
-}
-
-static OM_uint32
-sub_wrap_size (
- OM_uint32 req_output_size,
- OM_uint32 * max_input_size,
- int blocksize,
- int extrasize
- )
-{
- size_t len, total_len, padlength;
- padlength = blocksize - (req_output_size % blocksize);
- len = req_output_size + 8 + padlength + extrasize;
- gssapi_krb5_encap_length(len, &len, &total_len);
- *max_input_size = (OM_uint32)total_len;
- return GSS_S_COMPLETE;
-}
-
-OM_uint32
-gss_wrap_size_limit (
- OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
- int conf_req_flag,
- gss_qop_t qop_req,
- OM_uint32 req_output_size,
- OM_uint32 * max_input_size
- )
-{
- krb5_keyblock *key;
- OM_uint32 ret;
- krb5_keytype keytype;
-
- ret = gss_krb5_get_localkey(context_handle, &key);
- if (ret) {
- gssapi_krb5_set_error_string ();
- *minor_status = ret;
- return GSS_S_FAILURE;
- }
- krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype);
-
- switch (keytype) {
- case KEYTYPE_DES :
- case KEYTYPE_ARCFOUR:
- ret = sub_wrap_size(req_output_size, max_input_size, 8, 22);
- break;
- case KEYTYPE_DES3 :
- ret = sub_wrap_size(req_output_size, max_input_size, 8, 34);
- break;
- default :
- *minor_status = KRB5_PROG_ETYPE_NOSUPP;
- ret = GSS_S_FAILURE;
- break;
- }
- krb5_free_keyblock (gssapi_krb5_context, key);
- *minor_status = 0;
- return ret;
-}
-
-static OM_uint32
-wrap_des
- (OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
- int conf_req_flag,
- gss_qop_t qop_req,
- const gss_buffer_t input_message_buffer,
- int * conf_state,
- gss_buffer_t output_message_buffer,
- krb5_keyblock *key
- )
-{
- u_char *p;
- MD5_CTX md5;
- u_char hash[16];
- des_key_schedule schedule;
- des_cblock deskey;
- des_cblock zero;
- int i;
- int32_t seq_number;
- size_t len, total_len, padlength, datalen;
-
- padlength = 8 - (input_message_buffer->length % 8);
- datalen = input_message_buffer->length + padlength + 8;
- len = datalen + 22;
- gssapi_krb5_encap_length (len, &len, &total_len);
-
- output_message_buffer->length = total_len;
- output_message_buffer->value = malloc (total_len);
- if (output_message_buffer->value == NULL) {
- *minor_status = ENOMEM;
- return GSS_S_FAILURE;
- }
-
- p = gssapi_krb5_make_header(output_message_buffer->value,
- len,
- "\x02\x01"); /* TOK_ID */
-
- /* SGN_ALG */
- memcpy (p, "\x00\x00", 2);
- p += 2;
- /* SEAL_ALG */
- if(conf_req_flag)
- memcpy (p, "\x00\x00", 2);
- else
- memcpy (p, "\xff\xff", 2);
- p += 2;
- /* Filler */
- memcpy (p, "\xff\xff", 2);
- p += 2;
-
- /* fill in later */
- memset (p, 0, 16);
- p += 16;
-
- /* confounder + data + pad */
- krb5_generate_random_block(p, 8);
- memcpy (p + 8, input_message_buffer->value,
- input_message_buffer->length);
- memset (p + 8 + input_message_buffer->length, padlength, padlength);
-
- /* checksum */
- MD5_Init (&md5);
- MD5_Update (&md5, p - 24, 8);
- MD5_Update (&md5, p, datalen);
- MD5_Final (hash, &md5);
-
- memset (&zero, 0, sizeof(zero));
- memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
- des_set_key (&deskey, schedule);
- des_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
- schedule, &zero);
- memcpy (p - 8, hash, 8);
-
- /* sequence number */
- krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,
- context_handle->auth_context,
- &seq_number);
-
- p -= 16;
- p[0] = (seq_number >> 0) & 0xFF;
- p[1] = (seq_number >> 8) & 0xFF;
- p[2] = (seq_number >> 16) & 0xFF;
- p[3] = (seq_number >> 24) & 0xFF;
- memset (p + 4,
- (context_handle->more_flags & LOCAL) ? 0 : 0xFF,
- 4);
-
- des_set_key (&deskey, schedule);
- des_cbc_encrypt ((void *)p, (void *)p, 8,
- schedule, (des_cblock *)(p + 8), DES_ENCRYPT);
-
- krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,
- context_handle->auth_context,
- ++seq_number);
-
- /* encrypt the data */
- p += 16;
-
- if(conf_req_flag) {
- memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
-
- for (i = 0; i < sizeof(deskey); ++i)
- deskey[i] ^= 0xf0;
- des_set_key (&deskey, schedule);
- memset (&zero, 0, sizeof(zero));
- des_cbc_encrypt ((void *)p,
- (void *)p,
- datalen,
- schedule,
- &zero,
- DES_ENCRYPT);
-
- memset (deskey, 0, sizeof(deskey));
- memset (schedule, 0, sizeof(schedule));
- }
- if(conf_state != NULL)
- *conf_state = conf_req_flag;
- *minor_status = 0;
- return GSS_S_COMPLETE;
-}
-
-static OM_uint32
-wrap_des3
- (OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
- int conf_req_flag,
- gss_qop_t qop_req,
- const gss_buffer_t input_message_buffer,
- int * conf_state,
- gss_buffer_t output_message_buffer,
- krb5_keyblock *key
- )
-{
- u_char *p;
- u_char seq[8];
- int32_t seq_number;
- size_t len, total_len, padlength, datalen;
- u_int32_t ret;
- krb5_crypto crypto;
- Checksum cksum;
- krb5_data encdata;
-
- padlength = 8 - (input_message_buffer->length % 8);
- datalen = input_message_buffer->length + padlength + 8;
- len = datalen + 34;
- gssapi_krb5_encap_length (len, &len, &total_len);
-
- output_message_buffer->length = total_len;
- output_message_buffer->value = malloc (total_len);
- if (output_message_buffer->value == NULL) {
- *minor_status = ENOMEM;
- return GSS_S_FAILURE;
- }
-
- p = gssapi_krb5_make_header(output_message_buffer->value,
- len,
- "\x02\x01"); /* TOK_ID */
-
- /* SGN_ALG */
- memcpy (p, "\x04\x00", 2); /* HMAC SHA1 DES3-KD */
- p += 2;
- /* SEAL_ALG */
- if(conf_req_flag)
- memcpy (p, "\x02\x00", 2); /* DES3-KD */
- else
- memcpy (p, "\xff\xff", 2);
- p += 2;
- /* Filler */
- memcpy (p, "\xff\xff", 2);
- p += 2;
-
- /* calculate checksum (the above + confounder + data + pad) */
-
- memcpy (p + 20, p - 8, 8);
- krb5_generate_random_block(p + 28, 8);
- memcpy (p + 28 + 8, input_message_buffer->value,
- input_message_buffer->length);
- memset (p + 28 + 8 + input_message_buffer->length, padlength, padlength);
-
- ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto);
- if (ret) {
- gssapi_krb5_set_error_string ();
- free (output_message_buffer->value);
- *minor_status = ret;
- return GSS_S_FAILURE;
- }
-
- ret = krb5_create_checksum (gssapi_krb5_context,
- crypto,
- KRB5_KU_USAGE_SIGN,
- 0,
- p + 20,
- datalen + 8,
- &cksum);
- krb5_crypto_destroy (gssapi_krb5_context, crypto);
- if (ret) {
- gssapi_krb5_set_error_string ();
- free (output_message_buffer->value);
- *minor_status = ret;
- return GSS_S_FAILURE;
- }
-
- /* zero out SND_SEQ + SGN_CKSUM in case */
- memset (p, 0, 28);
-
- memcpy (p + 8, cksum.checksum.data, cksum.checksum.length);
- free_Checksum (&cksum);
-
- /* sequence number */
- krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,
- context_handle->auth_context,
- &seq_number);
-
- seq[0] = (seq_number >> 0) & 0xFF;
- seq[1] = (seq_number >> 8) & 0xFF;
- seq[2] = (seq_number >> 16) & 0xFF;
- seq[3] = (seq_number >> 24) & 0xFF;
- memset (seq + 4,
- (context_handle->more_flags & LOCAL) ? 0 : 0xFF,
- 4);
-
-
- ret = krb5_crypto_init(gssapi_krb5_context, key, ETYPE_DES3_CBC_NONE,
- &crypto);
- if (ret) {
- free (output_message_buffer->value);
- *minor_status = ret;
- return GSS_S_FAILURE;
- }
-
- {
- des_cblock ivec;
-
- memcpy (&ivec, p + 8, 8);
- ret = krb5_encrypt_ivec (gssapi_krb5_context,
- crypto,
- KRB5_KU_USAGE_SEQ,
- seq, 8, &encdata,
- &ivec);
- }
- krb5_crypto_destroy (gssapi_krb5_context, crypto);
- if (ret) {
- gssapi_krb5_set_error_string ();
- free (output_message_buffer->value);
- *minor_status = ret;
- return GSS_S_FAILURE;
- }
-
- assert (encdata.length == 8);
-
- memcpy (p, encdata.data, encdata.length);
- krb5_data_free (&encdata);
-
- krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,
- context_handle->auth_context,
- ++seq_number);
-
- /* encrypt the data */
- p += 28;
-
- if(conf_req_flag) {
- krb5_data tmp;
-
- ret = krb5_crypto_init(gssapi_krb5_context, key,
- ETYPE_DES3_CBC_NONE, &crypto);
- if (ret) {
- gssapi_krb5_set_error_string ();
- free (output_message_buffer->value);
- *minor_status = ret;
- return GSS_S_FAILURE;
- }
- ret = krb5_encrypt(gssapi_krb5_context, crypto, KRB5_KU_USAGE_SEAL,
- p, datalen, &tmp);
- krb5_crypto_destroy(gssapi_krb5_context, crypto);
- if (ret) {
- gssapi_krb5_set_error_string ();
- free (output_message_buffer->value);
- *minor_status = ret;
- return GSS_S_FAILURE;
- }
- assert (tmp.length == datalen);
-
- memcpy (p, tmp.data, datalen);
- krb5_data_free(&tmp);
- }
- if(conf_state != NULL)
- *conf_state = conf_req_flag;
- *minor_status = 0;
- return GSS_S_COMPLETE;
-}
-
-OM_uint32 gss_wrap
- (OM_uint32 * minor_status,
- const gss_ctx_id_t context_handle,
- int conf_req_flag,
- gss_qop_t qop_req,
- const gss_buffer_t input_message_buffer,
- int * conf_state,
- gss_buffer_t output_message_buffer
- )
-{
- krb5_keyblock *key;
- OM_uint32 ret;
- krb5_keytype keytype;
-
- ret = gss_krb5_get_localkey(context_handle, &key);
- if (ret) {
- gssapi_krb5_set_error_string ();
- *minor_status = ret;
- return GSS_S_FAILURE;
- }
- krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype);
-
- switch (keytype) {
- case KEYTYPE_DES :
- ret = wrap_des (minor_status, context_handle, conf_req_flag,
- qop_req, input_message_buffer, conf_state,
- output_message_buffer, key);
- break;
- case KEYTYPE_DES3 :
- ret = wrap_des3 (minor_status, context_handle, conf_req_flag,
- qop_req, input_message_buffer, conf_state,
- output_message_buffer, key);
- break;
- case KEYTYPE_ARCFOUR:
- ret = _gssapi_wrap_arcfour (minor_status, context_handle, conf_req_flag,
- qop_req, input_message_buffer, conf_state,
- output_message_buffer, key);
- break;
- default :
- *minor_status = KRB5_PROG_ETYPE_NOSUPP;
- ret = GSS_S_FAILURE;
- break;
- }
- krb5_free_keyblock (gssapi_krb5_context, key);
- return ret;
-}
diff --git a/crypto/heimdal/lib/hdb/convert_db.c b/crypto/heimdal/lib/hdb/convert_db.c
deleted file mode 100644
index 0b300a55fcce..000000000000
--- a/crypto/heimdal/lib/hdb/convert_db.c
+++ /dev/null
@@ -1,213 +0,0 @@
-/*
- * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- * used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-/* Converts a database from version 0.0* to 0.1. This is done by
- * making three copies of each DES key (DES-CBC-CRC, DES-CBC-MD4, and
- * DES-CBC-MD5).
- *
- * Use with care.
- */
-
-#include "hdb_locl.h"
-#include <getarg.h>
-#include <err.h>
-
-RCSID("$Id: convert_db.c,v 1.12 2001/02/20 01:44:53 assar Exp $");
-
-static krb5_error_code
-update_keytypes(krb5_context context, HDB *db, hdb_entry *entry, void *data)
-{
- int i;
- int n = 0;
- Key *k;
- int save_len;
- Key *save_val;
- HDB *new = data;
- krb5_error_code ret;
-
- for(i = 0; i < entry->keys.len; i++)
- if(entry->keys.val[i].key.keytype == KEYTYPE_DES)
- n += 2;
- else if(entry->keys.val[i].key.keytype == KEYTYPE_DES3)
- n += 1;
- k = malloc(sizeof(*k) * (entry->keys.len + n));
- n = 0;
- for(i = 0; i < entry->keys.len; i++) {
- copy_Key(&entry->keys.val[i], &k[n]);
- if(entry->keys.val[i].key.keytype == KEYTYPE_DES) {
- copy_Key(&entry->keys.val[i], &k[n+1]);
- k[n+1].key.keytype = ETYPE_DES_CBC_MD4;
- copy_Key(&entry->keys.val[i], &k[n+2]);
- k[n+2].key.keytype = ETYPE_DES_CBC_MD5;
- n += 2;
- }
- else if(entry->keys.val[i].key.keytype == KEYTYPE_DES3) {
- copy_Key(&entry->keys.val[i], &k[n+1]);
- k[n+1].key.keytype = ETYPE_DES3_CBC_MD5;
- n += 1;
- }
- n++;
- }
- save_len = entry->keys.len;
- save_val = entry->keys.val;
- entry->keys.len = n;
- entry->keys.val = k;
- ret = new->store(context, new, HDB_F_REPLACE, entry);
- entry->keys.len = save_len;
- entry->keys.val = save_val;
- for(i = 0; i < n; i++)
- free_Key(&k[i]);
- free(k);
- return 0;
-}
-
-static krb5_error_code
-update_version2(krb5_context context, HDB *db, hdb_entry *entry, void *data)
-{
- HDB *new = data;
- if(!db->master_key_set) {
- int i;
- for(i = 0; i < entry->keys.len; i++) {
- free(entry->keys.val[i].mkvno);
- entry->keys.val[i].mkvno = NULL;
- }
- }
- new->store(context, new, HDB_F_REPLACE, entry);
- return 0;
-}
-
-char *old_database = HDB_DEFAULT_DB;
-char *new_database = HDB_DEFAULT_DB ".new";
-char *mkeyfile;
-int update_version;
-int help_flag;
-int version_flag;
-
-struct getargs args[] = {
- { "old-database", 0, arg_string, &old_database,
- "name of database to convert", "file" },
- { "new-database", 0, arg_string, &new_database,
- "name of converted database", "file" },
- { "master-key", 0, arg_string, &mkeyfile,
- "v5 master key file", "file" },
- { "update-version", 0, arg_flag, &update_version,
- "update the database to the current version" },
- { "help", 'h', arg_flag, &help_flag },
- { "version", 0, arg_flag, &version_flag }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-int
-main(int argc, char **argv)
-{
- krb5_error_code ret;
- krb5_context context;
- HDB *db, *new;
- int optind = 0;
- int master_key_set = 0;
-
- setprogname(argv[0]);
-
- if(getarg(args, num_args, argc, argv, &optind))
- krb5_std_usage(1, args, num_args);
-
- if(help_flag)
- krb5_std_usage(0, args, num_args);
-
- if(version_flag){
- print_version(NULL);
- exit(0);
- }
-
- ret = krb5_init_context(&context);
- if(ret != 0)
- errx(1, "krb5_init_context failed: %d", ret);
-
- ret = hdb_create(context, &db, old_database);
- if(ret != 0)
- krb5_err(context, 1, ret, "hdb_create");
-
- ret = hdb_set_master_keyfile(context, db, mkeyfile);
- if (ret)
- krb5_err(context, 1, ret, "hdb_set_master_keyfile");
- master_key_set = 1;
- ret = hdb_create(context, &new, new_database);
- if(ret != 0)
- krb5_err(context, 1, ret, "hdb_create");
- if (master_key_set) {
- ret = hdb_set_master_keyfile(context, new, mkeyfile);
- if (ret)
- krb5_err(context, 1, ret, "hdb_set_master_keyfile");
- }
- ret = db->open(context, db, O_RDONLY, 0);
- if(ret == HDB_ERR_BADVERSION) {
- krb5_data tag;
- krb5_data version;
- int foo;
- unsigned ver;
- tag.data = HDB_DB_FORMAT_ENTRY;
- tag.length = strlen(tag.data);
- ret = (*db->_get)(context, db, tag, &version);
- if(ret)
- krb5_errx(context, 1, "database is wrong version, "
- "but couldn't find version key (%s)",
- HDB_DB_FORMAT_ENTRY);
- foo = sscanf(version.data, "%u", &ver);
- krb5_data_free (&version);
- if(foo != 1)
- krb5_errx(context, 1, "database version is not a number");
- if(ver == 1 && HDB_DB_FORMAT == 2) {
- krb5_warnx(context, "will upgrade database from version %d to %d",
- ver, HDB_DB_FORMAT);
- krb5_warnx(context, "rerun to do other conversions");
- update_version = 1;
- } else
- krb5_errx(context, 1,
- "don't know how to upgrade from version %d to %d",
- ver, HDB_DB_FORMAT);
- } else if(ret)
- krb5_err(context, 1, ret, "%s", old_database);
- ret = new->open(context, new, O_CREAT|O_EXCL|O_RDWR, 0600);
- if(ret)
- krb5_err(context, 1, ret, "%s", new_database);
- if(update_version)
- ret = hdb_foreach(context, db, 0, update_version2, new);
- else
- ret = hdb_foreach(context, db, 0, update_keytypes, new);
- if(ret != 0)
- krb5_err(context, 1, ret, "hdb_foreach");
- db->close(context, db);
- new->close(context, new);
- krb5_warnx(context, "wrote converted database to `%s'", new_database);
- return 0;
-}
diff --git a/crypto/heimdal/lib/hdb/hdb_locl.h b/crypto/heimdal/lib/hdb/hdb_locl.h
index c4f1ea2d30f1..0a67e5485d99 100644
--- a/crypto/heimdal/lib/hdb/hdb_locl.h
+++ b/crypto/heimdal/lib/hdb/hdb_locl.h
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
-/* $Id: hdb_locl.h,v 1.18.4.1 2003/09/10 22:04:39 lha Exp $ */
+/* $Id: hdb_locl.h 22209 2007-12-07 19:03:41Z lha $ */
/* $FreeBSD$ */
#ifndef __HDB_LOCL_H__
@@ -65,4 +65,7 @@
#include <hdb.h>
#include <hdb-private.h>
+#define HDB_DEFAULT_DB HDB_DB_DIR "/heimdal"
+#define HDB_DB_FORMAT_ENTRY "hdb/db-format"
+
#endif /* __HDB_LOCL_H__ */
diff --git a/crypto/heimdal/lib/kadm5/dump_log.c b/crypto/heimdal/lib/kadm5/dump_log.c
deleted file mode 100644
index f8309fb5acfe..000000000000
--- a/crypto/heimdal/lib/kadm5/dump_log.c
+++ /dev/null
@@ -1,273 +0,0 @@
-/*
- * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "iprop.h"
-#include "parse_time.h"
-
-RCSID("$Id: dump_log.c,v 1.13 2003/04/16 17:56:02 lha Exp $");
-
-static char *op_names[] = {
- "get",
- "delete",
- "create",
- "rename",
- "chpass",
- "modify",
- "randkey",
- "get_privs",
- "get_princs",
- "chpass_with_key",
- "nop"
-};
-
-static void
-print_entry(kadm5_server_context *server_context,
- u_int32_t ver,
- time_t timestamp,
- enum kadm_ops op,
- u_int32_t len,
- krb5_storage *sp)
-{
- char t[256];
- int32_t mask;
- hdb_entry ent;
- krb5_principal source;
- char *name1, *name2;
- krb5_data data;
- krb5_context context = server_context->context;
-
- off_t end = krb5_storage_seek(sp, 0, SEEK_CUR) + len;
-
- krb5_error_code ret;
-
- strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S", localtime(&timestamp));
-
- if(op < kadm_get || op > kadm_nop) {
- printf("unknown op: %d\n", op);
- krb5_storage_seek(sp, end, SEEK_SET);
- return;
- }
-
- printf ("%s: ver = %u, timestamp = %s, len = %u\n",
- op_names[op], ver, t, len);
- switch(op) {
- case kadm_delete:
- krb5_ret_principal(sp, &source);
- krb5_unparse_name(context, source, &name1);
- printf(" %s\n", name1);
- free(name1);
- krb5_free_principal(context, source);
- break;
- case kadm_rename:
- ret = krb5_data_alloc(&data, len);
- if (ret)
- krb5_err (context, 1, ret, "kadm_rename: data alloc: %d", len);
- krb5_ret_principal(sp, &source);
- krb5_storage_read(sp, data.data, data.length);
- hdb_value2entry(context, &data, &ent);
- krb5_unparse_name(context, source, &name1);
- krb5_unparse_name(context, ent.principal, &name2);
- printf(" %s -> %s\n", name1, name2);
- free(name1);
- free(name2);
- krb5_free_principal(context, source);
- hdb_free_entry(context, &ent);
- break;
- case kadm_create:
- ret = krb5_data_alloc(&data, len);
- if (ret)
- krb5_err (context, 1, ret, "kadm_create: data alloc: %d", len);
- krb5_storage_read(sp, data.data, data.length);
- ret = hdb_value2entry(context, &data, &ent);
- if(ret)
- abort();
- mask = ~0;
- goto foo;
- case kadm_modify:
- ret = krb5_data_alloc(&data, len);
- if (ret)
- krb5_err (context, 1, ret, "kadm_modify: data alloc: %d", len);
- krb5_ret_int32(sp, &mask);
- krb5_storage_read(sp, data.data, data.length);
- ret = hdb_value2entry(context, &data, &ent);
- if(ret)
- abort();
- foo:
- if(ent.principal /* mask & KADM5_PRINCIPAL */) {
- krb5_unparse_name(context, ent.principal, &name1);
- printf(" principal = %s\n", name1);
- free(name1);
- }
- if(mask & KADM5_PRINC_EXPIRE_TIME) {
- if(ent.valid_end == NULL) {
- strcpy(t, "never");
- } else {
- strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S",
- localtime(ent.valid_end));
- }
- printf(" expires = %s\n", t);
- }
- if(mask & KADM5_PW_EXPIRATION) {
- if(ent.pw_end == NULL) {
- strcpy(t, "never");
- } else {
- strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S",
- localtime(ent.pw_end));
- }
- printf(" password exp = %s\n", t);
- }
- if(mask & KADM5_LAST_PWD_CHANGE) {
- }
- if(mask & KADM5_ATTRIBUTES) {
- unparse_flags(HDBFlags2int(ent.flags),
- HDBFlags_units, t, sizeof(t));
- printf(" attributes = %s\n", t);
- }
- if(mask & KADM5_MAX_LIFE) {
- if(ent.max_life == NULL)
- strcpy(t, "for ever");
- else
- unparse_time(*ent.max_life, t, sizeof(t));
- printf(" max life = %s\n", t);
- }
- if(mask & KADM5_MAX_RLIFE) {
- if(ent.max_renew == NULL)
- strcpy(t, "for ever");
- else
- unparse_time(*ent.max_renew, t, sizeof(t));
- printf(" max rlife = %s\n", t);
- }
- if(mask & KADM5_MOD_TIME) {
- printf(" mod time\n");
- }
- if(mask & KADM5_MOD_NAME) {
- printf(" mod name\n");
- }
- if(mask & KADM5_KVNO) {
- printf(" kvno = %d\n", ent.kvno);
- }
- if(mask & KADM5_MKVNO) {
- printf(" mkvno\n");
- }
- if(mask & KADM5_AUX_ATTRIBUTES) {
- printf(" aux attributes\n");
- }
- if(mask & KADM5_POLICY) {
- printf(" policy\n");
- }
- if(mask & KADM5_POLICY_CLR) {
- printf(" mod time\n");
- }
- if(mask & KADM5_LAST_SUCCESS) {
- printf(" last success\n");
- }
- if(mask & KADM5_LAST_FAILED) {
- printf(" last failed\n");
- }
- if(mask & KADM5_FAIL_AUTH_COUNT) {
- printf(" fail auth count\n");
- }
- if(mask & KADM5_KEY_DATA) {
- printf(" key data\n");
- }
- if(mask & KADM5_TL_DATA) {
- printf(" tl data\n");
- }
- hdb_free_entry(context, &ent);
- break;
- case kadm_nop :
- break;
- default:
- abort();
- }
- krb5_storage_seek(sp, end, SEEK_SET);
-}
-
-static char *realm;
-static int version_flag;
-static int help_flag;
-
-static struct getargs args[] = {
- { "realm", 'r', arg_string, &realm },
- { "version", 0, arg_flag, &version_flag },
- { "help", 0, arg_flag, &help_flag }
-};
-int num_args = sizeof(args) / sizeof(args[0]);
-
-int
-main(int argc, char **argv)
-{
- krb5_context context;
- krb5_error_code ret;
- void *kadm_handle;
- kadm5_server_context *server_context;
- kadm5_config_params conf;
-
- krb5_program_setup(&context, argc, argv, args, num_args, NULL);
-
- if(help_flag)
- krb5_std_usage(0, args, num_args);
- if(version_flag) {
- print_version(NULL);
- exit(0);
- }
-
- memset(&conf, 0, sizeof(conf));
- if(realm) {
- conf.mask |= KADM5_CONFIG_REALM;
- conf.realm = realm;
- }
- ret = kadm5_init_with_password_ctx (context,
- KADM5_ADMIN_SERVICE,
- NULL,
- KADM5_ADMIN_SERVICE,
- &conf, 0, 0,
- &kadm_handle);
- if (ret)
- krb5_err (context, 1, ret, "kadm5_init_with_password_ctx");
-
- server_context = (kadm5_server_context *)kadm_handle;
-
- ret = kadm5_log_init (server_context);
- if (ret)
- krb5_err (context, 1, ret, "kadm5_log_init");
-
- ret = kadm5_log_foreach (server_context, print_entry);
- if(ret)
- krb5_warn(context, ret, "kadm5_log_foreach");
-
- ret = kadm5_log_end (server_context);
- if (ret)
- krb5_warn(context, ret, "kadm5_log_end");
- return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/replay_log.c b/crypto/heimdal/lib/kadm5/replay_log.c
deleted file mode 100644
index 1b2d71635f49..000000000000
--- a/crypto/heimdal/lib/kadm5/replay_log.c
+++ /dev/null
@@ -1,129 +0,0 @@
-/*
- * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "iprop.h"
-
-RCSID("$Id: replay_log.c,v 1.9 2002/05/24 15:19:22 joda Exp $");
-
-int start_version = -1;
-int end_version = -1;
-
-static void
-apply_entry(kadm5_server_context *server_context,
- u_int32_t ver,
- time_t timestamp,
- enum kadm_ops op,
- u_int32_t len,
- krb5_storage *sp)
-{
- krb5_error_code ret;
-
- if((start_version != -1 && ver < start_version) ||
- (end_version != -1 && ver > end_version)) {
- /* XXX skip this entry */
- krb5_storage_seek(sp, len, SEEK_CUR);
- return;
- }
- printf ("ver %u... ", ver);
- fflush (stdout);
-
- ret = kadm5_log_replay (server_context,
- op, ver, len, sp);
- if (ret)
- krb5_warn (server_context->context, ret, "kadm5_log_replay");
-
-
- printf ("done\n");
-}
-
-int version_flag;
-int help_flag;
-struct getargs args[] = {
- { "start-version", 0, arg_integer, &start_version, "start replay with this version" },
- { "end-version", 0, arg_integer, &end_version, "end replay with this version" },
- { "version", 0, arg_flag, &version_flag },
- { "help", 0, arg_flag, &help_flag }
-};
-int num_args = sizeof(args) / sizeof(args[0]);
-
-int
-main(int argc, char **argv)
-{
- krb5_context context;
- krb5_error_code ret;
- void *kadm_handle;
- kadm5_config_params conf;
- kadm5_server_context *server_context;
-
- krb5_program_setup(&context, argc, argv, args, num_args, NULL);
-
- if(help_flag)
- krb5_std_usage(0, args, num_args);
- if(version_flag) {
- print_version(NULL);
- exit(0);
- }
-
- memset(&conf, 0, sizeof(conf));
- ret = kadm5_init_with_password_ctx (context,
- KADM5_ADMIN_SERVICE,
- NULL,
- KADM5_ADMIN_SERVICE,
- &conf, 0, 0,
- &kadm_handle);
- if (ret)
- krb5_err (context, 1, ret, "kadm5_init_with_password_ctx");
-
- server_context = (kadm5_server_context *)kadm_handle;
-
- ret = server_context->db->open(context,
- server_context->db,
- O_RDWR | O_CREAT, 0);
- if (ret)
- krb5_err (context, 1, ret, "db->open");
-
- ret = kadm5_log_init (server_context);
- if (ret)
- krb5_err (context, 1, ret, "kadm5_log_init");
-
- ret = kadm5_log_foreach (server_context, apply_entry);
- if(ret)
- krb5_warn(context, ret, "kadm5_log_foreach");
- ret = kadm5_log_end (server_context);
- if (ret)
- krb5_warn(context, ret, "kadm5_log_end");
- ret = server_context->db->close (context, server_context->db);
- if (ret)
- krb5_err (context, 1, ret, "db->close");
- return 0;
-}
diff --git a/crypto/heimdal/lib/kadm5/truncate_log.c b/crypto/heimdal/lib/kadm5/truncate_log.c
deleted file mode 100644
index cf4af26e7300..000000000000
--- a/crypto/heimdal/lib/kadm5/truncate_log.c
+++ /dev/null
@@ -1,89 +0,0 @@
-/*
- * Copyright (c) 2000, 2003 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "iprop.h"
-
-RCSID("$Id: truncate_log.c,v 1.1.8.1 2003/10/14 15:58:46 joda Exp $");
-
-static char *realm;
-static int version_flag;
-static int help_flag;
-
-static struct getargs args[] = {
- { "realm", 'r', arg_string, &realm },
- { "version", 0, arg_flag, &version_flag },
- { "help", 0, arg_flag, &help_flag }
-};
-
-static int num_args = sizeof(args) / sizeof(args[0]);
-
-int
-main(int argc, char **argv)
-{
- krb5_context context;
- krb5_error_code ret;
- void *kadm_handle;
- kadm5_server_context *server_context;
- kadm5_config_params conf;
-
- krb5_program_setup(&context, argc, argv, args, num_args, NULL);
-
- if(help_flag)
- krb5_std_usage(0, args, num_args);
- if(version_flag) {
- print_version(NULL);
- exit(0);
- }
-
- memset(&conf, 0, sizeof(conf));
- if(realm) {
- conf.mask |= KADM5_CONFIG_REALM;
- conf.realm = realm;
- }
-
- ret = kadm5_init_with_password_ctx (context,
- KADM5_ADMIN_SERVICE,
- NULL,
- KADM5_ADMIN_SERVICE,
- &conf, 0, 0,
- &kadm_handle);
- if (ret)
- krb5_err (context, 1, ret, "kadm5_init_with_password_ctx");
-
- server_context = (kadm5_server_context *)kadm_handle;
-
- ret = kadm5_log_truncate (server_context);
- if(ret)
- krb5_err (context, 1, ret, "kadm5_log_truncate");
- return 0;
-}
diff --git a/crypto/heimdal/lib/krb5/crypto.c b/crypto/heimdal/lib/krb5/crypto.c
index d1c1c9d3d79f..21d10261bd7d 100644
--- a/crypto/heimdal/lib/krb5/crypto.c
+++ b/crypto/heimdal/lib/krb5/crypto.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -32,7 +32,7 @@
*/
#include "krb5_locl.h"
-RCSID("$Id: crypto.c,v 1.73.2.4 2004/03/06 16:38:00 lha Exp $");
+RCSID("$Id: crypto.c 22200 2007-12-07 13:48:01Z lha $");
/* RCSID("$FreeBSD$"); */
#undef CRYPTO_DEBUG
@@ -67,6 +67,7 @@ struct krb5_crypto_data {
#define F_VARIANT 8 /* uses `variant' keys (6.4.3) */
#define F_PSEUDO 16 /* not a real protocol type */
#define F_SPECIAL 32 /* backwards */
+#define F_DISABLED 64 /* enctype/checksum disabled */
struct salt_type {
krb5_salttype type;
@@ -87,6 +88,7 @@ struct key_type {
void (*random_key)(krb5_context, krb5_keyblock*);
void (*schedule)(krb5_context, struct key_data *);
struct salt_type *string_to_key;
+ void (*random_to_key)(krb5_context, krb5_keyblock*, const void*, size_t);
};
struct checksum_type {
@@ -110,6 +112,7 @@ struct checksum_type {
struct encryption_type {
krb5_enctype type;
const char *name;
+ heim_oid *oid;
size_t blocksize;
size_t padsize;
size_t confoundersize;
@@ -120,9 +123,12 @@ struct encryption_type {
krb5_error_code (*encrypt)(krb5_context context,
struct key_data *key,
void *data, size_t len,
- krb5_boolean encrypt,
+ krb5_boolean encryptp,
int usage,
void *ivec);
+ size_t prf_length;
+ krb5_error_code (*prf)(krb5_context,
+ krb5_crypto, const krb5_data *, krb5_data *);
};
#define ENCRYPTION_USAGE(U) (((U) << 8) | 0xAA)
@@ -148,92 +154,38 @@ static krb5_error_code hmac(krb5_context context,
struct key_data *keyblock,
Checksum *result);
static void free_key_data(krb5_context context, struct key_data *key);
-static krb5_error_code usage2arcfour (krb5_context, int *);
+static krb5_error_code usage2arcfour (krb5_context, unsigned *);
+static void xor (DES_cblock *, const unsigned char *);
/************************************************************
* *
************************************************************/
+static HEIMDAL_MUTEX crypto_mutex = HEIMDAL_MUTEX_INITIALIZER;
+
+
static void
krb5_DES_random_key(krb5_context context,
krb5_keyblock *key)
{
- des_cblock *k = key->keyvalue.data;
+ DES_cblock *k = key->keyvalue.data;
do {
- krb5_generate_random_block(k, sizeof(des_cblock));
- des_set_odd_parity(k);
- } while(des_is_weak_key(k));
+ krb5_generate_random_block(k, sizeof(DES_cblock));
+ DES_set_odd_parity(k);
+ } while(DES_is_weak_key(k));
}
static void
krb5_DES_schedule(krb5_context context,
- struct key_data *key)
-{
- des_set_key(key->key->keyvalue.data, key->schedule->data);
-}
-
-static void
-DES_string_to_key_int(unsigned char *data, size_t length, des_cblock *key)
+ struct key_data *key)
{
- des_key_schedule schedule;
- int i;
- int reverse = 0;
- unsigned char *p;
-
- unsigned char swap[] = { 0x0, 0x8, 0x4, 0xc, 0x2, 0xa, 0x6, 0xe,
- 0x1, 0x9, 0x5, 0xd, 0x3, 0xb, 0x7, 0xf };
- memset(key, 0, 8);
-
- p = (unsigned char*)key;
- for (i = 0; i < length; i++) {
- unsigned char tmp = data[i];
- if (!reverse)
- *p++ ^= (tmp << 1);
- else
- *--p ^= (swap[tmp & 0xf] << 4) | swap[(tmp & 0xf0) >> 4];
- if((i % 8) == 7)
- reverse = !reverse;
- }
- des_set_odd_parity(key);
- if(des_is_weak_key(key))
- (*key)[7] ^= 0xF0;
- des_set_key(key, schedule);
- des_cbc_cksum((void*)data, key, length, schedule, key);
- memset(schedule, 0, sizeof(schedule));
- des_set_odd_parity(key);
+ DES_set_key(key->key->keyvalue.data, key->schedule->data);
}
-static krb5_error_code
-krb5_DES_string_to_key(krb5_context context,
- krb5_enctype enctype,
- krb5_data password,
- krb5_salt salt,
- krb5_data opaque,
- krb5_keyblock *key)
-{
- unsigned char *s;
- size_t len;
- des_cblock tmp;
-
- len = password.length + salt.saltvalue.length;
- s = malloc(len);
- if(len > 0 && s == NULL) {
- krb5_set_error_string(context, "malloc: out of memory");
- return ENOMEM;
- }
- memcpy(s, password.data, password.length);
- memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length);
- DES_string_to_key_int(s, len, &tmp);
- key->keytype = enctype;
- krb5_data_copy(&key->keyvalue, tmp, sizeof(tmp));
- memset(&tmp, 0, sizeof(tmp));
- memset(s, 0, len);
- free(s);
- return 0;
-}
+#ifdef ENABLE_AFS_STRING_TO_KEY
/* This defines the Andrew string_to_key function. It accepts a password
- * string as input and converts its via a one-way encryption algorithm to a DES
+ * string as input and converts it via a one-way encryption algorithm to a DES
* encryption key. It is compatible with the original Andrew authentication
* service password database.
*/
@@ -244,7 +196,7 @@ krb5_DES_string_to_key(krb5_context context,
static void
krb5_DES_AFS3_CMU_string_to_key (krb5_data pw,
krb5_data cell,
- des_cblock *key)
+ DES_cblock *key)
{
char password[8+1]; /* crypt is limited to 8 chars anyway */
int i;
@@ -257,14 +209,14 @@ krb5_DES_AFS3_CMU_string_to_key (krb5_data pw,
}
password[8] = '\0';
- memcpy(key, crypt(password, "p1") + 2, sizeof(des_cblock));
+ memcpy(key, crypt(password, "p1") + 2, sizeof(DES_cblock));
/* parity is inserted into the LSB so left shift each byte up one
bit. This allows ascii characters with a zero MSB to retain as
much significance as possible. */
- for (i = 0; i < sizeof(des_cblock); i++)
+ for (i = 0; i < sizeof(DES_cblock); i++)
((unsigned char*)key)[i] <<= 1;
- des_set_odd_parity (key);
+ DES_set_odd_parity (key);
}
/*
@@ -273,11 +225,11 @@ krb5_DES_AFS3_CMU_string_to_key (krb5_data pw,
static void
krb5_DES_AFS3_Transarc_string_to_key (krb5_data pw,
krb5_data cell,
- des_cblock *key)
+ DES_cblock *key)
{
- des_key_schedule schedule;
- des_cblock temp_key;
- des_cblock ivec;
+ DES_key_schedule schedule;
+ DES_cblock temp_key;
+ DES_cblock ivec;
char password[512];
size_t passlen;
@@ -293,20 +245,20 @@ krb5_DES_AFS3_Transarc_string_to_key (krb5_data pw,
passlen = min(sizeof(password), pw.length + cell.length);
memcpy(&ivec, "kerberos", 8);
memcpy(&temp_key, "kerberos", 8);
- des_set_odd_parity (&temp_key);
- des_set_key (&temp_key, schedule);
- des_cbc_cksum (password, &ivec, passlen, schedule, &ivec);
+ DES_set_odd_parity (&temp_key);
+ DES_set_key (&temp_key, &schedule);
+ DES_cbc_cksum ((void*)password, &ivec, passlen, &schedule, &ivec);
memcpy(&temp_key, &ivec, 8);
- des_set_odd_parity (&temp_key);
- des_set_key (&temp_key, schedule);
- des_cbc_cksum (password, key, passlen, schedule, &ivec);
+ DES_set_odd_parity (&temp_key);
+ DES_set_key (&temp_key, &schedule);
+ DES_cbc_cksum ((void*)password, key, passlen, &schedule, &ivec);
memset(&schedule, 0, sizeof(schedule));
memset(&temp_key, 0, sizeof(temp_key));
memset(&ivec, 0, sizeof(ivec));
memset(password, 0, sizeof(password));
- des_set_odd_parity (key);
+ DES_set_odd_parity (key);
}
static krb5_error_code
@@ -317,7 +269,7 @@ DES_AFS3_string_to_key(krb5_context context,
krb5_data opaque,
krb5_keyblock *key)
{
- des_cblock tmp;
+ DES_cblock tmp;
if(password.length > 8)
krb5_DES_AFS3_Transarc_string_to_key(password, salt.saltvalue, &tmp);
else
@@ -327,31 +279,121 @@ DES_AFS3_string_to_key(krb5_context context,
memset(&key, 0, sizeof(key));
return 0;
}
+#endif /* ENABLE_AFS_STRING_TO_KEY */
+
+static void
+DES_string_to_key_int(unsigned char *data, size_t length, DES_cblock *key)
+{
+ DES_key_schedule schedule;
+ int i;
+ int reverse = 0;
+ unsigned char *p;
+
+ unsigned char swap[] = { 0x0, 0x8, 0x4, 0xc, 0x2, 0xa, 0x6, 0xe,
+ 0x1, 0x9, 0x5, 0xd, 0x3, 0xb, 0x7, 0xf };
+ memset(key, 0, 8);
+
+ p = (unsigned char*)key;
+ for (i = 0; i < length; i++) {
+ unsigned char tmp = data[i];
+ if (!reverse)
+ *p++ ^= (tmp << 1);
+ else
+ *--p ^= (swap[tmp & 0xf] << 4) | swap[(tmp & 0xf0) >> 4];
+ if((i % 8) == 7)
+ reverse = !reverse;
+ }
+ DES_set_odd_parity(key);
+ if(DES_is_weak_key(key))
+ (*key)[7] ^= 0xF0;
+ DES_set_key(key, &schedule);
+ DES_cbc_cksum((void*)data, key, length, &schedule, key);
+ memset(&schedule, 0, sizeof(schedule));
+ DES_set_odd_parity(key);
+ if(DES_is_weak_key(key))
+ (*key)[7] ^= 0xF0;
+}
+
+static krb5_error_code
+krb5_DES_string_to_key(krb5_context context,
+ krb5_enctype enctype,
+ krb5_data password,
+ krb5_salt salt,
+ krb5_data opaque,
+ krb5_keyblock *key)
+{
+ unsigned char *s;
+ size_t len;
+ DES_cblock tmp;
+
+#ifdef ENABLE_AFS_STRING_TO_KEY
+ if (opaque.length == 1) {
+ unsigned long v;
+ _krb5_get_int(opaque.data, &v, 1);
+ if (v == 1)
+ return DES_AFS3_string_to_key(context, enctype, password,
+ salt, opaque, key);
+ }
+#endif
+
+ len = password.length + salt.saltvalue.length;
+ s = malloc(len);
+ if(len > 0 && s == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ memcpy(s, password.data, password.length);
+ memcpy(s + password.length, salt.saltvalue.data, salt.saltvalue.length);
+ DES_string_to_key_int(s, len, &tmp);
+ key->keytype = enctype;
+ krb5_data_copy(&key->keyvalue, tmp, sizeof(tmp));
+ memset(&tmp, 0, sizeof(tmp));
+ memset(s, 0, len);
+ free(s);
+ return 0;
+}
+
+static void
+krb5_DES_random_to_key(krb5_context context,
+ krb5_keyblock *key,
+ const void *data,
+ size_t size)
+{
+ DES_cblock *k = key->keyvalue.data;
+ memcpy(k, data, key->keyvalue.length);
+ DES_set_odd_parity(k);
+ if(DES_is_weak_key(k))
+ xor(k, (const unsigned char*)"\0\0\0\0\0\0\0\xf0");
+}
+
+/*
+ *
+ */
static void
DES3_random_key(krb5_context context,
krb5_keyblock *key)
{
- des_cblock *k = key->keyvalue.data;
+ DES_cblock *k = key->keyvalue.data;
do {
- krb5_generate_random_block(k, 3 * sizeof(des_cblock));
- des_set_odd_parity(&k[0]);
- des_set_odd_parity(&k[1]);
- des_set_odd_parity(&k[2]);
- } while(des_is_weak_key(&k[0]) ||
- des_is_weak_key(&k[1]) ||
- des_is_weak_key(&k[2]));
+ krb5_generate_random_block(k, 3 * sizeof(DES_cblock));
+ DES_set_odd_parity(&k[0]);
+ DES_set_odd_parity(&k[1]);
+ DES_set_odd_parity(&k[2]);
+ } while(DES_is_weak_key(&k[0]) ||
+ DES_is_weak_key(&k[1]) ||
+ DES_is_weak_key(&k[2]));
}
static void
DES3_schedule(krb5_context context,
struct key_data *key)
{
- des_cblock *k = key->key->keyvalue.data;
- des_key_schedule *s = key->schedule->data;
- des_set_key(&k[0], s[0]);
- des_set_key(&k[1], s[1]);
- des_set_key(&k[2], s[2]);
+ DES_cblock *k = key->key->keyvalue.data;
+ DES_key_schedule *s = key->schedule->data;
+ DES_set_key(&k[0], &s[0]);
+ DES_set_key(&k[1], &s[1]);
+ DES_set_key(&k[2], &s[2]);
}
/*
@@ -359,7 +401,7 @@ DES3_schedule(krb5_context context,
*/
static void
-xor (des_cblock *key, const unsigned char *b)
+xor (DES_cblock *key, const unsigned char *b)
{
unsigned char *a = (unsigned char*)key;
a[0] ^= b[0];
@@ -383,7 +425,8 @@ DES3_string_to_key(krb5_context context,
char *str;
size_t len;
unsigned char tmp[24];
- des_cblock keys[3];
+ DES_cblock keys[3];
+ krb5_error_code ret;
len = password.length + salt.saltvalue.length;
str = malloc(len);
@@ -394,29 +437,35 @@ DES3_string_to_key(krb5_context context,
memcpy(str, password.data, password.length);
memcpy(str + password.length, salt.saltvalue.data, salt.saltvalue.length);
{
- des_cblock ivec;
- des_key_schedule s[3];
+ DES_cblock ivec;
+ DES_key_schedule s[3];
int i;
- _krb5_n_fold(str, len, tmp, 24);
+ ret = _krb5_n_fold(str, len, tmp, 24);
+ if (ret) {
+ memset(str, 0, len);
+ free(str);
+ krb5_set_error_string(context, "out of memory");
+ return ret;
+ }
for(i = 0; i < 3; i++){
memcpy(keys + i, tmp + i * 8, sizeof(keys[i]));
- des_set_odd_parity(keys + i);
- if(des_is_weak_key(keys + i))
+ DES_set_odd_parity(keys + i);
+ if(DES_is_weak_key(keys + i))
xor(keys + i, (const unsigned char*)"\0\0\0\0\0\0\0\xf0");
- des_set_key(keys + i, s[i]);
+ DES_set_key(keys + i, &s[i]);
}
memset(&ivec, 0, sizeof(ivec));
- des_ede3_cbc_encrypt(tmp,
+ DES_ede3_cbc_encrypt(tmp,
tmp, sizeof(tmp),
- s[0], s[1], s[2], &ivec, DES_ENCRYPT);
+ &s[0], &s[1], &s[2], &ivec, DES_ENCRYPT);
memset(s, 0, sizeof(s));
memset(&ivec, 0, sizeof(ivec));
for(i = 0; i < 3; i++){
memcpy(keys + i, tmp + i * 8, sizeof(keys[i]));
- des_set_odd_parity(keys + i);
- if(des_is_weak_key(keys + i))
+ DES_set_odd_parity(keys + i);
+ if(DES_is_weak_key(keys + i))
xor(keys + i, (const unsigned char*)"\0\0\0\0\0\0\0\xf0");
}
memset(tmp, 0, sizeof(tmp));
@@ -458,19 +507,47 @@ DES3_string_to_key_derived(krb5_context context,
return ret;
}
-/*
- * ARCFOUR
- */
-
static void
-ARCFOUR_random_key(krb5_context context, krb5_keyblock *key)
+DES3_random_to_key(krb5_context context,
+ krb5_keyblock *key,
+ const void *data,
+ size_t size)
{
- krb5_generate_random_block (key->keyvalue.data,
- key->keyvalue.length);
+ unsigned char *x = key->keyvalue.data;
+ const u_char *q = data;
+ DES_cblock *k;
+ int i, j;
+
+ memset(x, 0, sizeof(x));
+ for (i = 0; i < 3; ++i) {
+ unsigned char foo;
+ for (j = 0; j < 7; ++j) {
+ unsigned char b = q[7 * i + j];
+
+ x[8 * i + j] = b;
+ }
+ foo = 0;
+ for (j = 6; j >= 0; --j) {
+ foo |= q[7 * i + j] & 1;
+ foo <<= 1;
+ }
+ x[8 * i + 7] = foo;
+ }
+ k = key->keyvalue.data;
+ for (i = 0; i < 3; i++) {
+ DES_set_odd_parity(&k[i]);
+ if(DES_is_weak_key(&k[i]))
+ xor(&k[i], (const unsigned char*)"\0\0\0\0\0\0\0\xf0");
+ }
}
+/*
+ * ARCFOUR
+ */
+
static void
-ARCFOUR_schedule(krb5_context context, struct key_data *kd)
+ARCFOUR_schedule(krb5_context context,
+ struct key_data *kd)
{
RC4_set_key (kd->schedule->data,
kd->key->keyvalue.length, kd->key->keyvalue.data);
@@ -488,12 +565,14 @@ ARCFOUR_string_to_key(krb5_context context,
size_t len;
int i;
MD4_CTX m;
+ krb5_error_code ret;
len = 2 * password.length;
s = malloc (len);
if (len != 0 && s == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
- return ENOMEM;
+ ret = ENOMEM;
+ goto out;
}
for (p = s, i = 0; i < password.length; ++i) {
*p++ = ((char *)password.data)[i];
@@ -502,125 +581,24 @@ ARCFOUR_string_to_key(krb5_context context,
MD4_Init (&m);
MD4_Update (&m, s, len);
key->keytype = enctype;
- krb5_data_alloc (&key->keyvalue, 16);
+ ret = krb5_data_alloc (&key->keyvalue, 16);
+ if (ret) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ goto out;
+ }
MD4_Final (key->keyvalue.data, &m);
memset (s, 0, len);
+ ret = 0;
+out:
free (s);
- return 0;
+ return ret;
}
-#ifdef ENABLE_AES
/*
* AES
*/
-/* iter is really 1 based, so iter == 0 will be 1 iteration */
-
-krb5_error_code
-krb5_PKCS5_PBKDF2(krb5_context context, krb5_cksumtype cktype,
- krb5_data password, krb5_salt salt, u_int32_t iter,
- krb5_keytype type, krb5_keyblock *key)
-{
- struct checksum_type *c = _find_checksum(cktype);
- struct key_type *kt;
- size_t datalen, leftofkey;
- krb5_error_code ret;
- u_int32_t keypart;
- struct key_data ksign;
- krb5_keyblock kb;
- Checksum result;
- char *data, *tmpcksum;
- int i, j;
- char *p;
-
- if (c == NULL) {
- krb5_set_error_string(context, "checksum %d not supported", cktype);
- return KRB5_PROG_KEYTYPE_NOSUPP;
- }
-
- kt = _find_keytype(type);
- if (kt == NULL) {
- krb5_set_error_string(context, "key type %d not supported", type);
- return KRB5_PROG_KEYTYPE_NOSUPP;
- }
-
- key->keytype = type;
- ret = krb5_data_alloc (&key->keyvalue, kt->bits / 8);
- if (ret) {
- krb5_set_error_string(context, "malloc: out of memory");
- return ret;
- }
-
- ret = krb5_data_alloc (&result.checksum, c->checksumsize);
- if (ret) {
- krb5_set_error_string(context, "malloc: out of memory");
- krb5_data_free (&key->keyvalue);
- return ret;
- }
-
- tmpcksum = malloc(c->checksumsize);
- if (tmpcksum == NULL) {
- krb5_set_error_string(context, "malloc: out of memory");
- krb5_data_free (&key->keyvalue);
- krb5_data_free (&result.checksum);
- return ENOMEM;
- }
-
- datalen = salt.saltvalue.length + 4;
- data = malloc(datalen);
- if (data == NULL) {
- krb5_set_error_string(context, "malloc: out of memory");
- free(tmpcksum);
- krb5_data_free (&key->keyvalue);
- krb5_data_free (&result.checksum);
- return ENOMEM;
- }
-
- kb.keyvalue = password;
- ksign.key = &kb;
-
- memcpy(data, salt.saltvalue.data, salt.saltvalue.length);
-
- keypart = 1;
- leftofkey = key->keyvalue.length;
- p = key->keyvalue.data;
-
- while (leftofkey) {
- int len;
-
- if (leftofkey > c->checksumsize)
- len = c->checksumsize;
- else
- len = leftofkey;
-
- _krb5_put_int(data + datalen - 4, keypart, 4);
-
- ret = hmac(context, c, data, datalen, 0, &ksign, &result);
- if (ret)
- krb5_abortx(context, "hmac failed");
- memcpy(p, result.checksum.data, len);
- memcpy(tmpcksum, result.checksum.data, result.checksum.length);
- for (i = 0; i < iter; i++) {
- ret = hmac(context, c, tmpcksum, result.checksum.length,
- 0, &ksign, &result);
- if (ret)
- krb5_abortx(context, "hmac failed");
- memcpy(tmpcksum, result.checksum.data, result.checksum.length);
- for (j = 0; j < len; j++)
- p[j] ^= tmpcksum[j];
- }
-
- p += len;
- leftofkey -= len;
- keypart++;
- }
-
- free(data);
- free(tmpcksum);
- krb5_data_free (&result.checksum);
-
- return 0;
-}
+int _krb5_AES_string_to_default_iterator = 4096;
static krb5_error_code
AES_string_to_key(krb5_context context,
@@ -631,66 +609,132 @@ AES_string_to_key(krb5_context context,
krb5_keyblock *key)
{
krb5_error_code ret;
- u_int32_t iter;
+ uint32_t iter;
struct encryption_type *et;
struct key_data kd;
if (opaque.length == 0)
- iter = 45056 - 1;
+ iter = _krb5_AES_string_to_default_iterator;
else if (opaque.length == 4) {
unsigned long v;
_krb5_get_int(opaque.data, &v, 4);
- iter = ((u_int32_t)v) - 1;
+ iter = ((uint32_t)v);
} else
return KRB5_PROG_KEYTYPE_NOSUPP; /* XXX */
-
et = _find_enctype(enctype);
if (et == NULL)
return KRB5_PROG_KEYTYPE_NOSUPP;
- ret = krb5_PKCS5_PBKDF2(context, CKSUMTYPE_SHA1, password, salt,
- iter, enctype, key);
- if (ret)
+ kd.schedule = NULL;
+ ALLOC(kd.key, 1);
+ if(kd.key == NULL) {
+ krb5_set_error_string (context, "malloc: out of memory");
+ return ENOMEM;
+ }
+ kd.key->keytype = enctype;
+ ret = krb5_data_alloc(&kd.key->keyvalue, et->keytype->size);
+ if (ret) {
+ krb5_set_error_string(context, "Failed to allocate pkcs5 key");
return ret;
+ }
- ret = krb5_copy_keyblock(context, key, &kd.key);
- kd.schedule = NULL;
+ ret = PKCS5_PBKDF2_HMAC_SHA1(password.data, password.length,
+ salt.saltvalue.data, salt.saltvalue.length,
+ iter,
+ et->keytype->size, kd.key->keyvalue.data);
+ if (ret != 1) {
+ free_key_data(context, &kd);
+ krb5_set_error_string(context, "Error calculating s2k");
+ return KRB5_PROG_KEYTYPE_NOSUPP;
+ }
ret = derive_key(context, et, &kd, "kerberos", strlen("kerberos"));
-
- if (ret) {
- krb5_data_free(&key->keyvalue);
- } else {
+ if (ret == 0)
ret = krb5_copy_keyblock_contents(context, kd.key, key);
- free_key_data(context, &kd);
- }
+ free_key_data(context, &kd);
return ret;
}
+struct krb5_aes_schedule {
+ AES_KEY ekey;
+ AES_KEY dkey;
+};
+
static void
-AES_schedule(krb5_context context, struct key_data *kd)
+AES_schedule(krb5_context context,
+ struct key_data *kd)
{
- AES_KEY *key = kd->schedule->data;
+ struct krb5_aes_schedule *key = kd->schedule->data;
int bits = kd->key->keyvalue.length * 8;
-
- AES_set_encrypt_key(kd->key->keyvalue.data, bits, &key[0]);
- AES_set_decrypt_key(kd->key->keyvalue.data, bits, &key[1]);
+
+ memset(key, 0, sizeof(*key));
+ AES_set_encrypt_key(kd->key->keyvalue.data, bits, &key->ekey);
+ AES_set_decrypt_key(kd->key->keyvalue.data, bits, &key->dkey);
}
/*
*
*/
-extern struct salt_type AES_salt[];
+static struct salt_type des_salt[] = {
+ {
+ KRB5_PW_SALT,
+ "pw-salt",
+ krb5_DES_string_to_key
+ },
+#ifdef ENABLE_AFS_STRING_TO_KEY
+ {
+ KRB5_AFS3_SALT,
+ "afs3-salt",
+ DES_AFS3_string_to_key
+ },
+#endif
+ { 0 }
+};
-#endif /* ENABLE_AES */
+static struct salt_type des3_salt[] = {
+ {
+ KRB5_PW_SALT,
+ "pw-salt",
+ DES3_string_to_key
+ },
+ { 0 }
+};
-extern struct salt_type des_salt[],
- des3_salt[], des3_salt_derived[], arcfour_salt[];
+static struct salt_type des3_salt_derived[] = {
+ {
+ KRB5_PW_SALT,
+ "pw-salt",
+ DES3_string_to_key_derived
+ },
+ { 0 }
+};
-struct key_type keytype_null = {
+static struct salt_type AES_salt[] = {
+ {
+ KRB5_PW_SALT,
+ "pw-salt",
+ AES_string_to_key
+ },
+ { 0 }
+};
+
+static struct salt_type arcfour_salt[] = {
+ {
+ KRB5_PW_SALT,
+ "pw-salt",
+ ARCFOUR_string_to_key
+ },
+ { 0 }
+};
+
+/*
+ *
+ */
+
+static struct key_type keytype_null = {
KEYTYPE_NULL,
"null",
0,
@@ -701,83 +745,82 @@ struct key_type keytype_null = {
NULL
};
-struct key_type keytype_des = {
+static struct key_type keytype_des = {
KEYTYPE_DES,
"des",
56,
- sizeof(des_cblock),
- sizeof(des_key_schedule),
+ sizeof(DES_cblock),
+ sizeof(DES_key_schedule),
krb5_DES_random_key,
krb5_DES_schedule,
- des_salt
+ des_salt,
+ krb5_DES_random_to_key
};
-struct key_type keytype_des3 = {
+static struct key_type keytype_des3 = {
KEYTYPE_DES3,
"des3",
168,
- 3 * sizeof(des_cblock),
- 3 * sizeof(des_key_schedule),
+ 3 * sizeof(DES_cblock),
+ 3 * sizeof(DES_key_schedule),
DES3_random_key,
DES3_schedule,
- des3_salt
+ des3_salt,
+ DES3_random_to_key
};
-struct key_type keytype_des3_derived = {
+static struct key_type keytype_des3_derived = {
KEYTYPE_DES3,
"des3",
168,
- 3 * sizeof(des_cblock),
- 3 * sizeof(des_key_schedule),
+ 3 * sizeof(DES_cblock),
+ 3 * sizeof(DES_key_schedule),
DES3_random_key,
DES3_schedule,
- des3_salt_derived
+ des3_salt_derived,
+ DES3_random_to_key
};
-#ifdef ENABLE_AES
-struct key_type keytype_aes128 = {
+static struct key_type keytype_aes128 = {
KEYTYPE_AES128,
"aes-128",
128,
16,
- sizeof(AES_KEY) * 2,
+ sizeof(struct krb5_aes_schedule),
NULL,
AES_schedule,
AES_salt
};
-struct key_type keytype_aes256 = {
+static struct key_type keytype_aes256 = {
KEYTYPE_AES256,
"aes-256",
256,
- 16,
- sizeof(AES_KEY) * 2,
+ 32,
+ sizeof(struct krb5_aes_schedule),
NULL,
AES_schedule,
AES_salt
};
-#endif /* ENABLE_AES */
-struct key_type keytype_arcfour = {
+static struct key_type keytype_arcfour = {
KEYTYPE_ARCFOUR,
"arcfour",
128,
16,
sizeof(RC4_KEY),
- ARCFOUR_random_key,
+ NULL,
ARCFOUR_schedule,
arcfour_salt
};
-struct key_type *keytypes[] = {
+static struct key_type *keytypes[] = {
&keytype_null,
&keytype_des,
&keytype_des3_derived,
&keytype_des3,
-#ifdef ENABLE_AES
&keytype_aes128,
&keytype_aes256,
-#endif /* ENABLE_AES */
&keytype_arcfour
};
@@ -794,59 +837,7 @@ _find_keytype(krb5_keytype type)
}
-struct salt_type des_salt[] = {
- {
- KRB5_PW_SALT,
- "pw-salt",
- krb5_DES_string_to_key
- },
- {
- KRB5_AFS3_SALT,
- "afs3-salt",
- DES_AFS3_string_to_key
- },
- { 0 }
-};
-
-struct salt_type des3_salt[] = {
- {
- KRB5_PW_SALT,
- "pw-salt",
- DES3_string_to_key
- },
- { 0 }
-};
-
-struct salt_type des3_salt_derived[] = {
- {
- KRB5_PW_SALT,
- "pw-salt",
- DES3_string_to_key_derived
- },
- { 0 }
-};
-
-#ifdef ENABLE_AES
-struct salt_type AES_salt[] = {
- {
- KRB5_PW_SALT,
- "pw-salt",
- AES_string_to_key
- },
- { 0 }
-};
-#endif /* ENABLE_AES */
-
-struct salt_type arcfour_salt[] = {
- {
- KRB5_PW_SALT,
- "pw-salt",
- ARCFOUR_string_to_key
- },
- { 0 }
-};
-
-krb5_error_code
+krb5_error_code KRB5_LIB_FUNCTION
krb5_salttype_to_string (krb5_context context,
krb5_enctype etype,
krb5_salttype stype,
@@ -875,7 +866,7 @@ krb5_salttype_to_string (krb5_context context,
return HEIM_ERR_SALTTYPE_NOSUPP;
}
-krb5_error_code
+krb5_error_code KRB5_LIB_FUNCTION
krb5_string_to_salttype (krb5_context context,
krb5_enctype etype,
const char *string,
@@ -900,7 +891,7 @@ krb5_string_to_salttype (krb5_context context,
return HEIM_ERR_SALTTYPE_NOSUPP;
}
-krb5_error_code
+krb5_error_code KRB5_LIB_FUNCTION
krb5_get_pw_salt(krb5_context context,
krb5_const_principal principal,
krb5_salt *salt)
@@ -929,7 +920,7 @@ krb5_get_pw_salt(krb5_context context,
return 0;
}
-krb5_error_code
+krb5_error_code KRB5_LIB_FUNCTION
krb5_free_salt(krb5_context context,
krb5_salt salt)
{
@@ -937,7 +928,7 @@ krb5_free_salt(krb5_context context,
return 0;
}
-krb5_error_code
+krb5_error_code KRB5_LIB_FUNCTION
krb5_string_to_key_data (krb5_context context,
krb5_enctype enctype,
krb5_data password,
@@ -955,7 +946,7 @@ krb5_string_to_key_data (krb5_context context,
return ret;
}
-krb5_error_code
+krb5_error_code KRB5_LIB_FUNCTION
krb5_string_to_key (krb5_context context,
krb5_enctype enctype,
const char *password,
@@ -963,12 +954,12 @@ krb5_string_to_key (krb5_context context,
krb5_keyblock *key)
{
krb5_data pw;
- pw.data = (void*)password;
+ pw.data = rk_UNCONST(password);
pw.length = strlen(password);
return krb5_string_to_key_data(context, enctype, pw, principal, key);
}
-krb5_error_code
+krb5_error_code KRB5_LIB_FUNCTION
krb5_string_to_key_data_salt (krb5_context context,
krb5_enctype enctype,
krb5_data password,
@@ -987,7 +978,7 @@ krb5_string_to_key_data_salt (krb5_context context,
* `opaque'), returning the resulting key in `key'
*/
-krb5_error_code
+krb5_error_code KRB5_LIB_FUNCTION
krb5_string_to_key_data_salt_opaque (krb5_context context,
krb5_enctype enctype,
krb5_data password,
@@ -1017,7 +1008,7 @@ krb5_string_to_key_data_salt_opaque (krb5_context context,
* in `key'
*/
-krb5_error_code
+krb5_error_code KRB5_LIB_FUNCTION
krb5_string_to_key_salt (krb5_context context,
krb5_enctype enctype,
const char *password,
@@ -1025,12 +1016,27 @@ krb5_string_to_key_salt (krb5_context context,
krb5_keyblock *key)
{
krb5_data pw;
- pw.data = (void*)password;
+ pw.data = rk_UNCONST(password);
pw.length = strlen(password);
return krb5_string_to_key_data_salt(context, enctype, pw, salt, key);
}
-krb5_error_code
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_string_to_key_salt_opaque (krb5_context context,
+ krb5_enctype enctype,
+ const char *password,
+ krb5_salt salt,
+ krb5_data opaque,
+ krb5_keyblock *key)
+{
+ krb5_data pw;
+ pw.data = rk_UNCONST(password);
+ pw.length = strlen(password);
+ return krb5_string_to_key_data_salt_opaque(context, enctype,
+ pw, salt, opaque, key);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
krb5_keytype_to_string(krb5_context context,
krb5_keytype keytype,
char **string)
@@ -1048,7 +1054,7 @@ krb5_keytype_to_string(krb5_context context,
return 0;
}
-krb5_error_code
+krb5_error_code KRB5_LIB_FUNCTION
krb5_string_to_keytype(krb5_context context,
const char *string,
krb5_keytype *keytype)
@@ -1063,7 +1069,7 @@ krb5_string_to_keytype(krb5_context context,
return KRB5_PROG_KEYTYPE_NOSUPP;
}
-krb5_error_code
+krb5_error_code KRB5_LIB_FUNCTION
krb5_enctype_keysize(krb5_context context,
krb5_enctype type,
size_t *keysize)
@@ -1078,7 +1084,22 @@ krb5_enctype_keysize(krb5_context context,
return 0;
}
-krb5_error_code
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_enctype_keybits(krb5_context context,
+ krb5_enctype type,
+ size_t *keybits)
+{
+ struct encryption_type *et = _find_enctype(type);
+ if(et == NULL) {
+ krb5_set_error_string(context, "encryption type %d not supported",
+ type);
+ return KRB5_PROG_ETYPE_NOSUPP;
+ }
+ *keybits = et->keytype->bits;
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
krb5_generate_random_keyblock(krb5_context context,
krb5_enctype type,
krb5_keyblock *key)
@@ -1151,7 +1172,7 @@ CRC32_checksum(krb5_context context,
unsigned usage,
Checksum *C)
{
- u_int32_t crc;
+ uint32_t crc;
unsigned char *r = C->checksum.data;
_krb5_crc_init_table ();
crc = _krb5_crc_update (data, len, 0);
@@ -1185,7 +1206,7 @@ RSA_MD4_DES_checksum(krb5_context context,
Checksum *cksum)
{
MD4_CTX md4;
- des_cblock ivec;
+ DES_cblock ivec;
unsigned char *p = cksum->checksum.data;
krb5_generate_random_block(p, 8);
@@ -1194,7 +1215,7 @@ RSA_MD4_DES_checksum(krb5_context context,
MD4_Update (&md4, data, len);
MD4_Final (p + 8, &md4);
memset (&ivec, 0, sizeof(ivec));
- des_cbc_encrypt(p,
+ DES_cbc_encrypt(p,
p,
24,
key->schedule->data,
@@ -1213,11 +1234,11 @@ RSA_MD4_DES_verify(krb5_context context,
MD4_CTX md4;
unsigned char tmp[24];
unsigned char res[16];
- des_cblock ivec;
+ DES_cblock ivec;
krb5_error_code ret = 0;
memset(&ivec, 0, sizeof(ivec));
- des_cbc_encrypt(C->checksum.data,
+ DES_cbc_encrypt(C->checksum.data,
(void*)tmp,
C->checksum.length,
key->schedule->data,
@@ -1260,7 +1281,7 @@ RSA_MD5_DES_checksum(krb5_context context,
Checksum *C)
{
MD5_CTX md5;
- des_cblock ivec;
+ DES_cblock ivec;
unsigned char *p = C->checksum.data;
krb5_generate_random_block(p, 8);
@@ -1269,7 +1290,7 @@ RSA_MD5_DES_checksum(krb5_context context,
MD5_Update (&md5, data, len);
MD5_Final (p + 8, &md5);
memset (&ivec, 0, sizeof(ivec));
- des_cbc_encrypt(p,
+ DES_cbc_encrypt(p,
p,
24,
key->schedule->data,
@@ -1288,15 +1309,15 @@ RSA_MD5_DES_verify(krb5_context context,
MD5_CTX md5;
unsigned char tmp[24];
unsigned char res[16];
- des_cblock ivec;
- des_key_schedule *sched = key->schedule->data;
+ DES_cblock ivec;
+ DES_key_schedule *sched = key->schedule->data;
krb5_error_code ret = 0;
memset(&ivec, 0, sizeof(ivec));
- des_cbc_encrypt(C->checksum.data,
+ DES_cbc_encrypt(C->checksum.data,
(void*)tmp,
C->checksum.length,
- sched[0],
+ &sched[0],
&ivec,
DES_DECRYPT);
MD5_Init (&md5);
@@ -1321,9 +1342,9 @@ RSA_MD5_DES3_checksum(krb5_context context,
Checksum *C)
{
MD5_CTX md5;
- des_cblock ivec;
+ DES_cblock ivec;
unsigned char *p = C->checksum.data;
- des_key_schedule *sched = key->schedule->data;
+ DES_key_schedule *sched = key->schedule->data;
krb5_generate_random_block(p, 8);
MD5_Init (&md5);
@@ -1331,10 +1352,10 @@ RSA_MD5_DES3_checksum(krb5_context context,
MD5_Update (&md5, data, len);
MD5_Final (p + 8, &md5);
memset (&ivec, 0, sizeof(ivec));
- des_ede3_cbc_encrypt(p,
+ DES_ede3_cbc_encrypt(p,
p,
24,
- sched[0], sched[1], sched[2],
+ &sched[0], &sched[1], &sched[2],
&ivec,
DES_ENCRYPT);
}
@@ -1350,15 +1371,15 @@ RSA_MD5_DES3_verify(krb5_context context,
MD5_CTX md5;
unsigned char tmp[24];
unsigned char res[16];
- des_cblock ivec;
- des_key_schedule *sched = key->schedule->data;
+ DES_cblock ivec;
+ DES_key_schedule *sched = key->schedule->data;
krb5_error_code ret = 0;
memset(&ivec, 0, sizeof(ivec));
- des_ede3_cbc_encrypt(C->checksum.data,
+ DES_ede3_cbc_encrypt(C->checksum.data,
(void*)tmp,
C->checksum.length,
- sched[0], sched[1], sched[2],
+ &sched[0], &sched[1], &sched[2],
&ivec,
DES_DECRYPT);
MD5_Init (&md5);
@@ -1447,7 +1468,7 @@ hmac(krb5_context context,
return 0;
}
-krb5_error_code
+krb5_error_code KRB5_LIB_FUNCTION
krb5_hmac(krb5_context context,
krb5_cksumtype cktype,
const void *data,
@@ -1579,16 +1600,16 @@ HMAC_MD5_checksum_enc(krb5_context context,
krb5_abortx(context, "hmac failed");
}
-struct checksum_type checksum_none = {
+static struct checksum_type checksum_none = {
CKSUMTYPE_NONE,
"none",
1,
0,
- 0,
+ 0,
NONE_checksum,
NULL
};
-struct checksum_type checksum_crc32 = {
+static struct checksum_type checksum_crc32 = {
CKSUMTYPE_CRC32,
"crc32",
1,
@@ -1597,7 +1618,7 @@ struct checksum_type checksum_crc32 = {
CRC32_checksum,
NULL
};
-struct checksum_type checksum_rsa_md4 = {
+static struct checksum_type checksum_rsa_md4 = {
CKSUMTYPE_RSA_MD4,
"rsa-md4",
64,
@@ -1606,7 +1627,7 @@ struct checksum_type checksum_rsa_md4 = {
RSA_MD4_checksum,
NULL
};
-struct checksum_type checksum_rsa_md4_des = {
+static struct checksum_type checksum_rsa_md4_des = {
CKSUMTYPE_RSA_MD4_DES,
"rsa-md4-des",
64,
@@ -1616,7 +1637,7 @@ struct checksum_type checksum_rsa_md4_des = {
RSA_MD4_DES_verify
};
#if 0
-struct checksum_type checksum_des_mac = {
+static struct checksum_type checksum_des_mac = {
CKSUMTYPE_DES_MAC,
"des-mac",
0,
@@ -1624,7 +1645,7 @@ struct checksum_type checksum_des_mac = {
0,
DES_MAC_checksum
};
-struct checksum_type checksum_des_mac_k = {
+static struct checksum_type checksum_des_mac_k = {
CKSUMTYPE_DES_MAC_K,
"des-mac-k",
0,
@@ -1632,7 +1653,7 @@ struct checksum_type checksum_des_mac_k = {
0,
DES_MAC_K_checksum
};
-struct checksum_type checksum_rsa_md4_des_k = {
+static struct checksum_type checksum_rsa_md4_des_k = {
CKSUMTYPE_RSA_MD4_DES_K,
"rsa-md4-des-k",
0,
@@ -1642,7 +1663,7 @@ struct checksum_type checksum_rsa_md4_des_k = {
RSA_MD4_DES_K_verify
};
#endif
-struct checksum_type checksum_rsa_md5 = {
+static struct checksum_type checksum_rsa_md5 = {
CKSUMTYPE_RSA_MD5,
"rsa-md5",
64,
@@ -1651,7 +1672,7 @@ struct checksum_type checksum_rsa_md5 = {
RSA_MD5_checksum,
NULL
};
-struct checksum_type checksum_rsa_md5_des = {
+static struct checksum_type checksum_rsa_md5_des = {
CKSUMTYPE_RSA_MD5_DES,
"rsa-md5-des",
64,
@@ -1660,7 +1681,7 @@ struct checksum_type checksum_rsa_md5_des = {
RSA_MD5_DES_checksum,
RSA_MD5_DES_verify
};
-struct checksum_type checksum_rsa_md5_des3 = {
+static struct checksum_type checksum_rsa_md5_des3 = {
CKSUMTYPE_RSA_MD5_DES3,
"rsa-md5-des3",
64,
@@ -1669,7 +1690,7 @@ struct checksum_type checksum_rsa_md5_des3 = {
RSA_MD5_DES3_checksum,
RSA_MD5_DES3_verify
};
-struct checksum_type checksum_sha1 = {
+static struct checksum_type checksum_sha1 = {
CKSUMTYPE_SHA1,
"sha1",
64,
@@ -1678,7 +1699,7 @@ struct checksum_type checksum_sha1 = {
SHA1_checksum,
NULL
};
-struct checksum_type checksum_hmac_sha1_des3 = {
+static struct checksum_type checksum_hmac_sha1_des3 = {
CKSUMTYPE_HMAC_SHA1_DES3,
"hmac-sha1-des3",
64,
@@ -1688,8 +1709,7 @@ struct checksum_type checksum_hmac_sha1_des3 = {
NULL
};
-#ifdef ENABLE_AES
-struct checksum_type checksum_hmac_sha1_aes128 = {
+static struct checksum_type checksum_hmac_sha1_aes128 = {
CKSUMTYPE_HMAC_SHA1_96_AES_128,
"hmac-sha1-96-aes128",
64,
@@ -1699,7 +1719,7 @@ struct checksum_type checksum_hmac_sha1_aes128 = {
NULL
};
-struct checksum_type checksum_hmac_sha1_aes256 = {
+static struct checksum_type checksum_hmac_sha1_aes256 = {
CKSUMTYPE_HMAC_SHA1_96_AES_256,
"hmac-sha1-96-aes256",
64,
@@ -1708,9 +1728,8 @@ struct checksum_type checksum_hmac_sha1_aes256 = {
SP_HMAC_SHA1_checksum,
NULL
};
-#endif /* ENABLE_AES */
-struct checksum_type checksum_hmac_md5 = {
+static struct checksum_type checksum_hmac_md5 = {
CKSUMTYPE_HMAC_MD5,
"hmac-md5",
64,
@@ -1720,7 +1739,7 @@ struct checksum_type checksum_hmac_md5 = {
NULL
};
-struct checksum_type checksum_hmac_md5_enc = {
+static struct checksum_type checksum_hmac_md5_enc = {
CKSUMTYPE_HMAC_MD5_ENC,
"hmac-md5-enc",
64,
@@ -1730,7 +1749,7 @@ struct checksum_type checksum_hmac_md5_enc = {
NULL
};
-struct checksum_type *checksum_types[] = {
+static struct checksum_type *checksum_types[] = {
&checksum_none,
&checksum_crc32,
&checksum_rsa_md4,
@@ -1745,10 +1764,8 @@ struct checksum_type *checksum_types[] = {
&checksum_rsa_md5_des3,
&checksum_sha1,
&checksum_hmac_sha1_des3,
-#ifdef ENABLE_AES
&checksum_hmac_sha1_aes128,
&checksum_hmac_sha1_aes256,
-#endif
&checksum_hmac_md5,
&checksum_hmac_md5_enc
};
@@ -1810,9 +1827,15 @@ create_checksum (krb5_context context,
struct key_data *dkey;
int keyed_checksum;
+ if (ct->flags & F_DISABLED) {
+ krb5_clear_error_string (context);
+ return KRB5_PROG_SUMTYPE_NOSUPP;
+ }
keyed_checksum = (ct->flags & F_KEYED) != 0;
if(keyed_checksum && crypto == NULL) {
- krb5_clear_error_string (context);
+ krb5_set_error_string (context, "Checksum type %s is keyed "
+ "but no crypto context (key) was passed in",
+ ct->name);
return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */
}
if(keyed_checksum) {
@@ -1822,7 +1845,9 @@ create_checksum (krb5_context context,
} else
dkey = NULL;
result->cksumtype = ct->type;
- krb5_data_alloc(&result->checksum, ct->checksumsize);
+ ret = krb5_data_alloc(&result->checksum, ct->checksumsize);
+ if (ret)
+ return (ret);
(*ct->checksum)(context, dkey, data, len, usage, result);
return 0;
}
@@ -1834,7 +1859,7 @@ arcfour_checksum_p(struct checksum_type *ct, krb5_crypto crypto)
(crypto->key.key->keytype == KEYTYPE_ARCFOUR);
}
-krb5_error_code
+krb5_error_code KRB5_LIB_FUNCTION
krb5_create_checksum(krb5_context context,
krb5_crypto crypto,
krb5_key_usage usage,
@@ -1886,7 +1911,7 @@ verify_checksum(krb5_context context,
struct checksum_type *ct;
ct = _find_checksum(cksum->cksumtype);
- if (ct == NULL) {
+ if (ct == NULL || (ct->flags & F_DISABLED)) {
krb5_set_error_string (context, "checksum type %d not supported",
cksum->cksumtype);
return KRB5_PROG_SUMTYPE_NOSUPP;
@@ -1897,7 +1922,9 @@ verify_checksum(krb5_context context,
}
keyed_checksum = (ct->flags & F_KEYED) != 0;
if(keyed_checksum && crypto == NULL) {
- krb5_clear_error_string (context);
+ krb5_set_error_string (context, "Checksum type %s is keyed "
+ "but no crypto context (key) was passed in",
+ ct->name);
return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */
}
if(keyed_checksum)
@@ -1924,7 +1951,7 @@ verify_checksum(krb5_context context,
return ret;
}
-krb5_error_code
+krb5_error_code KRB5_LIB_FUNCTION
krb5_verify_checksum(krb5_context context,
krb5_crypto crypto,
krb5_key_usage usage,
@@ -1952,7 +1979,31 @@ krb5_verify_checksum(krb5_context context,
data, len, cksum);
}
-krb5_error_code
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_crypto_get_checksum_type(krb5_context context,
+ krb5_crypto crypto,
+ krb5_cksumtype *type)
+{
+ struct checksum_type *ct = NULL;
+
+ if (crypto != NULL) {
+ ct = crypto->et->keyed_checksum;
+ if (ct == NULL)
+ ct = crypto->et->checksum;
+ }
+
+ if (ct == NULL) {
+ krb5_set_error_string (context, "checksum type not found");
+ return KRB5_PROG_SUMTYPE_NOSUPP;
+ }
+
+ *type = ct->type;
+
+ return 0;
+}
+
+
+krb5_error_code KRB5_LIB_FUNCTION
krb5_checksumsize(krb5_context context,
krb5_cksumtype type,
size_t *size)
@@ -1967,32 +2018,49 @@ krb5_checksumsize(krb5_context context,
return 0;
}
-krb5_boolean
+krb5_boolean KRB5_LIB_FUNCTION
krb5_checksum_is_keyed(krb5_context context,
krb5_cksumtype type)
{
struct checksum_type *ct = _find_checksum(type);
if(ct == NULL) {
- krb5_set_error_string (context, "checksum type %d not supported",
- type);
+ if (context)
+ krb5_set_error_string (context, "checksum type %d not supported",
+ type);
return KRB5_PROG_SUMTYPE_NOSUPP;
}
return ct->flags & F_KEYED;
}
-krb5_boolean
+krb5_boolean KRB5_LIB_FUNCTION
krb5_checksum_is_collision_proof(krb5_context context,
krb5_cksumtype type)
{
struct checksum_type *ct = _find_checksum(type);
if(ct == NULL) {
- krb5_set_error_string (context, "checksum type %d not supported",
- type);
+ if (context)
+ krb5_set_error_string (context, "checksum type %d not supported",
+ type);
return KRB5_PROG_SUMTYPE_NOSUPP;
}
return ct->flags & F_CPROOF;
}
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_checksum_disable(krb5_context context,
+ krb5_cksumtype type)
+{
+ struct checksum_type *ct = _find_checksum(type);
+ if(ct == NULL) {
+ if (context)
+ krb5_set_error_string (context, "checksum type %d not supported",
+ type);
+ return KRB5_PROG_SUMTYPE_NOSUPP;
+ }
+ ct->flags |= F_DISABLED;
+ return 0;
+}
+
/************************************************************
* *
************************************************************/
@@ -2002,7 +2070,7 @@ NULL_encrypt(krb5_context context,
struct key_data *key,
void *data,
size_t len,
- krb5_boolean encrypt,
+ krb5_boolean encryptp,
int usage,
void *ivec)
{
@@ -2014,14 +2082,14 @@ DES_CBC_encrypt_null_ivec(krb5_context context,
struct key_data *key,
void *data,
size_t len,
- krb5_boolean encrypt,
+ krb5_boolean encryptp,
int usage,
void *ignore_ivec)
{
- des_cblock ivec;
- des_key_schedule *s = key->schedule->data;
+ DES_cblock ivec;
+ DES_key_schedule *s = key->schedule->data;
memset(&ivec, 0, sizeof(ivec));
- des_cbc_encrypt(data, data, len, *s, &ivec, encrypt);
+ DES_cbc_encrypt(data, data, len, s, &ivec, encryptp);
return 0;
}
@@ -2030,14 +2098,14 @@ DES_CBC_encrypt_key_ivec(krb5_context context,
struct key_data *key,
void *data,
size_t len,
- krb5_boolean encrypt,
+ krb5_boolean encryptp,
int usage,
void *ignore_ivec)
{
- des_cblock ivec;
- des_key_schedule *s = key->schedule->data;
+ DES_cblock ivec;
+ DES_key_schedule *s = key->schedule->data;
memcpy(&ivec, key->key->keyvalue.data, sizeof(ivec));
- des_cbc_encrypt(data, data, len, *s, &ivec, encrypt);
+ DES_cbc_encrypt(data, data, len, s, &ivec, encryptp);
return 0;
}
@@ -2046,17 +2114,17 @@ DES3_CBC_encrypt(krb5_context context,
struct key_data *key,
void *data,
size_t len,
- krb5_boolean encrypt,
+ krb5_boolean encryptp,
int usage,
void *ivec)
{
- des_cblock local_ivec;
- des_key_schedule *s = key->schedule->data;
+ DES_cblock local_ivec;
+ DES_key_schedule *s = key->schedule->data;
if(ivec == NULL) {
ivec = &local_ivec;
memset(local_ivec, 0, sizeof(local_ivec));
}
- des_ede3_cbc_encrypt(data, data, len, s[0], s[1], s[2], ivec, encrypt);
+ DES_ede3_cbc_encrypt(data, data, len, &s[0], &s[1], &s[2], ivec, encryptp);
return 0;
}
@@ -2065,16 +2133,16 @@ DES_CFB64_encrypt_null_ivec(krb5_context context,
struct key_data *key,
void *data,
size_t len,
- krb5_boolean encrypt,
+ krb5_boolean encryptp,
int usage,
void *ignore_ivec)
{
- des_cblock ivec;
+ DES_cblock ivec;
int num = 0;
- des_key_schedule *s = key->schedule->data;
+ DES_key_schedule *s = key->schedule->data;
memset(&ivec, 0, sizeof(ivec));
- des_cfb64_encrypt(data, data, len, *s, &ivec, &num, encrypt);
+ DES_cfb64_encrypt(data, data, len, s, &ivec, &num, encryptp);
return 0;
}
@@ -2083,31 +2151,28 @@ DES_PCBC_encrypt_key_ivec(krb5_context context,
struct key_data *key,
void *data,
size_t len,
- krb5_boolean encrypt,
+ krb5_boolean encryptp,
int usage,
void *ignore_ivec)
{
- des_cblock ivec;
- des_key_schedule *s = key->schedule->data;
+ DES_cblock ivec;
+ DES_key_schedule *s = key->schedule->data;
memcpy(&ivec, key->key->keyvalue.data, sizeof(ivec));
- des_pcbc_encrypt(data, data, len, *s, &ivec, encrypt);
+ DES_pcbc_encrypt(data, data, len, s, &ivec, encryptp);
return 0;
}
-#ifdef ENABLE_AES
-
/*
* AES draft-raeburn-krb-rijndael-krb-02
*/
-void
+void KRB5_LIB_FUNCTION
_krb5_aes_cts_encrypt(const unsigned char *in, unsigned char *out,
- size_t len, const void *aes_key,
- unsigned char *ivec, const int enc)
+ size_t len, const AES_KEY *key,
+ unsigned char *ivec, const int encryptp)
{
unsigned char tmp[AES_BLOCK_SIZE];
- const AES_KEY *key = aes_key; /* XXX remove this when we always have AES */
int i;
/*
@@ -2115,7 +2180,7 @@ _krb5_aes_cts_encrypt(const unsigned char *in, unsigned char *out,
* then at least one blocksize.
*/
- if (enc == AES_ENCRYPT) {
+ if (encryptp) {
while(len > AES_BLOCK_SIZE) {
for (i = 0; i < AES_BLOCK_SIZE; i++)
@@ -2135,10 +2200,11 @@ _krb5_aes_cts_encrypt(const unsigned char *in, unsigned char *out,
AES_encrypt(tmp, out - AES_BLOCK_SIZE, key);
memcpy(out, ivec, len);
+ memcpy(ivec, out - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
} else {
- char tmp2[AES_BLOCK_SIZE];
- char tmp3[AES_BLOCK_SIZE];
+ unsigned char tmp2[AES_BLOCK_SIZE];
+ unsigned char tmp3[AES_BLOCK_SIZE];
while(len > AES_BLOCK_SIZE * 2) {
memcpy(tmp, in, AES_BLOCK_SIZE);
@@ -2153,6 +2219,7 @@ _krb5_aes_cts_encrypt(const unsigned char *in, unsigned char *out,
len -= AES_BLOCK_SIZE;
+ memcpy(tmp, in, AES_BLOCK_SIZE); /* save last iv */
AES_decrypt(in, tmp2, key);
memcpy(tmp3, in + AES_BLOCK_SIZE, len);
@@ -2164,6 +2231,7 @@ _krb5_aes_cts_encrypt(const unsigned char *in, unsigned char *out,
AES_decrypt(tmp3, out, key);
for (i = 0; i < AES_BLOCK_SIZE; i++)
out[i] ^= ivec[i];
+ memcpy(ivec, tmp, AES_BLOCK_SIZE);
}
}
@@ -2172,22 +2240,23 @@ AES_CTS_encrypt(krb5_context context,
struct key_data *key,
void *data,
size_t len,
- krb5_boolean encrypt,
+ krb5_boolean encryptp,
int usage,
void *ivec)
{
- AES_KEY *k = key->schedule->data;
+ struct krb5_aes_schedule *aeskey = key->schedule->data;
char local_ivec[AES_BLOCK_SIZE];
+ AES_KEY *k;
- if (encrypt)
- k = &k[0];
+ if (encryptp)
+ k = &aeskey->ekey;
else
- k = &k[1];
+ k = &aeskey->dkey;
if (len < AES_BLOCK_SIZE)
krb5_abortx(context, "invalid use of AES_CTS_encrypt");
if (len == AES_BLOCK_SIZE) {
- if (encrypt)
+ if (encryptp)
AES_encrypt(data, data, k);
else
AES_decrypt(data, data, k);
@@ -2196,12 +2265,11 @@ AES_CTS_encrypt(krb5_context context,
memset(local_ivec, 0, sizeof(local_ivec));
ivec = local_ivec;
}
- _krb5_aes_cts_encrypt(data, data, len, k, ivec, encrypt);
+ _krb5_aes_cts_encrypt(data, data, len, k, ivec, encryptp);
}
return 0;
}
-#endif /* ENABLE_AES */
/*
* section 6 of draft-brezak-win2k-krb-rc4-hmac-03
@@ -2214,7 +2282,7 @@ ARCFOUR_subencrypt(krb5_context context,
struct key_data *key,
void *data,
size_t len,
- int usage,
+ unsigned usage,
void *ivec)
{
struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5);
@@ -2277,7 +2345,7 @@ ARCFOUR_subdecrypt(krb5_context context,
struct key_data *key,
void *data,
size_t len,
- int usage,
+ unsigned usage,
void *ivec)
{
struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5);
@@ -2350,7 +2418,7 @@ ARCFOUR_subdecrypt(krb5_context context,
*/
static krb5_error_code
-usage2arcfour (krb5_context context, int *usage)
+usage2arcfour (krb5_context context, unsigned *usage)
{
switch (*usage) {
case KRB5_KU_AS_REP_ENC_PART : /* 3 */
@@ -2376,40 +2444,98 @@ ARCFOUR_encrypt(krb5_context context,
struct key_data *key,
void *data,
size_t len,
- krb5_boolean encrypt,
+ krb5_boolean encryptp,
int usage,
void *ivec)
{
krb5_error_code ret;
- if((ret = usage2arcfour (context, &usage)) != 0)
+ unsigned keyusage = usage;
+
+ if((ret = usage2arcfour (context, &keyusage)) != 0)
return ret;
- if (encrypt)
- return ARCFOUR_subencrypt (context, key, data, len, usage, ivec);
+ if (encryptp)
+ return ARCFOUR_subencrypt (context, key, data, len, keyusage, ivec);
else
- return ARCFOUR_subdecrypt (context, key, data, len, usage, ivec);
+ return ARCFOUR_subdecrypt (context, key, data, len, keyusage, ivec);
}
/*
+ *
+ */
+
+static krb5_error_code
+AES_PRF(krb5_context context,
+ krb5_crypto crypto,
+ const krb5_data *in,
+ krb5_data *out)
+{
+ struct checksum_type *ct = crypto->et->checksum;
+ krb5_error_code ret;
+ Checksum result;
+ krb5_keyblock *derived;
+
+ result.cksumtype = ct->type;
+ ret = krb5_data_alloc(&result.checksum, ct->checksumsize);
+ if (ret) {
+ krb5_set_error_string(context, "out memory");
+ return ret;
+ }
+
+ (*ct->checksum)(context, NULL, in->data, in->length, 0, &result);
+
+ if (result.checksum.length < crypto->et->blocksize)
+ krb5_abortx(context, "internal prf error");
+
+ derived = NULL;
+ ret = krb5_derive_key(context, crypto->key.key,
+ crypto->et->type, "prf", 3, &derived);
+ if (ret)
+ krb5_abortx(context, "krb5_derive_key");
+
+ ret = krb5_data_alloc(out, crypto->et->blocksize);
+ if (ret)
+ krb5_abortx(context, "malloc failed");
+
+ {
+ AES_KEY key;
+
+ AES_set_encrypt_key(derived->keyvalue.data,
+ crypto->et->keytype->bits, &key);
+ AES_encrypt(result.checksum.data, out->data, &key);
+ memset(&key, 0, sizeof(key));
+ }
+
+ krb5_data_free(&result.checksum);
+ krb5_free_keyblock(context, derived);
+
+ return ret;
+}
+
+/*
* these should currently be in reverse preference order.
* (only relevant for !F_PSEUDO) */
static struct encryption_type enctype_null = {
ETYPE_NULL,
"null",
+ NULL,
1,
1,
0,
&keytype_null,
&checksum_none,
NULL,
- 0,
+ F_DISABLED,
NULL_encrypt,
+ 0,
+ NULL
};
static struct encryption_type enctype_des_cbc_crc = {
ETYPE_DES_CBC_CRC,
"des-cbc-crc",
+ NULL,
8,
8,
8,
@@ -2418,10 +2544,13 @@ static struct encryption_type enctype_des_cbc_crc = {
NULL,
0,
DES_CBC_encrypt_key_ivec,
+ 0,
+ NULL
};
static struct encryption_type enctype_des_cbc_md4 = {
ETYPE_DES_CBC_MD4,
"des-cbc-md4",
+ NULL,
8,
8,
8,
@@ -2430,10 +2559,13 @@ static struct encryption_type enctype_des_cbc_md4 = {
&checksum_rsa_md4_des,
0,
DES_CBC_encrypt_null_ivec,
+ 0,
+ NULL
};
static struct encryption_type enctype_des_cbc_md5 = {
ETYPE_DES_CBC_MD5,
"des-cbc-md5",
+ NULL,
8,
8,
8,
@@ -2442,22 +2574,28 @@ static struct encryption_type enctype_des_cbc_md5 = {
&checksum_rsa_md5_des,
0,
DES_CBC_encrypt_null_ivec,
+ 0,
+ NULL
};
static struct encryption_type enctype_arcfour_hmac_md5 = {
ETYPE_ARCFOUR_HMAC_MD5,
"arcfour-hmac-md5",
+ NULL,
1,
1,
8,
&keytype_arcfour,
&checksum_hmac_md5,
- /* &checksum_hmac_md5_enc */ NULL,
+ NULL,
F_SPECIAL,
- ARCFOUR_encrypt
+ ARCFOUR_encrypt,
+ 0,
+ NULL
};
static struct encryption_type enctype_des3_cbc_md5 = {
ETYPE_DES3_CBC_MD5,
"des3-cbc-md5",
+ NULL,
8,
8,
8,
@@ -2466,10 +2604,13 @@ static struct encryption_type enctype_des3_cbc_md5 = {
&checksum_rsa_md5_des3,
0,
DES3_CBC_encrypt,
+ 0,
+ NULL
};
static struct encryption_type enctype_des3_cbc_sha1 = {
ETYPE_DES3_CBC_SHA1,
"des3-cbc-sha1",
+ NULL,
8,
8,
8,
@@ -2478,10 +2619,13 @@ static struct encryption_type enctype_des3_cbc_sha1 = {
&checksum_hmac_sha1_des3,
F_DERIVED,
DES3_CBC_encrypt,
+ 0,
+ NULL
};
static struct encryption_type enctype_old_des3_cbc_sha1 = {
ETYPE_OLD_DES3_CBC_SHA1,
"old-des3-cbc-sha1",
+ NULL,
8,
8,
8,
@@ -2490,36 +2634,43 @@ static struct encryption_type enctype_old_des3_cbc_sha1 = {
&checksum_hmac_sha1_des3,
0,
DES3_CBC_encrypt,
+ 0,
+ NULL
};
-#ifdef ENABLE_AES
static struct encryption_type enctype_aes128_cts_hmac_sha1 = {
ETYPE_AES128_CTS_HMAC_SHA1_96,
"aes128-cts-hmac-sha1-96",
+ NULL,
16,
1,
16,
&keytype_aes128,
&checksum_sha1,
&checksum_hmac_sha1_aes128,
- 0,
+ F_DERIVED,
AES_CTS_encrypt,
+ 16,
+ AES_PRF
};
static struct encryption_type enctype_aes256_cts_hmac_sha1 = {
ETYPE_AES256_CTS_HMAC_SHA1_96,
"aes256-cts-hmac-sha1-96",
+ NULL,
16,
1,
16,
&keytype_aes256,
&checksum_sha1,
&checksum_hmac_sha1_aes256,
- 0,
+ F_DERIVED,
AES_CTS_encrypt,
+ 16,
+ AES_PRF
};
-#endif /* ENABLE_AES */
static struct encryption_type enctype_des_cbc_none = {
ETYPE_DES_CBC_NONE,
"des-cbc-none",
+ NULL,
8,
8,
0,
@@ -2528,10 +2679,13 @@ static struct encryption_type enctype_des_cbc_none = {
NULL,
F_PSEUDO,
DES_CBC_encrypt_null_ivec,
+ 0,
+ NULL
};
static struct encryption_type enctype_des_cfb64_none = {
ETYPE_DES_CFB64_NONE,
"des-cfb64-none",
+ NULL,
1,
1,
0,
@@ -2540,10 +2694,13 @@ static struct encryption_type enctype_des_cfb64_none = {
NULL,
F_PSEUDO,
DES_CFB64_encrypt_null_ivec,
+ 0,
+ NULL
};
static struct encryption_type enctype_des_pcbc_none = {
ETYPE_DES_PCBC_NONE,
"des-pcbc-none",
+ NULL,
8,
8,
0,
@@ -2552,10 +2709,13 @@ static struct encryption_type enctype_des_pcbc_none = {
NULL,
F_PSEUDO,
DES_PCBC_encrypt_key_ivec,
+ 0,
+ NULL
};
static struct encryption_type enctype_des3_cbc_none = {
ETYPE_DES3_CBC_NONE,
"des3-cbc-none",
+ NULL,
8,
8,
0,
@@ -2564,6 +2724,8 @@ static struct encryption_type enctype_des3_cbc_none = {
NULL,
F_PSEUDO,
DES3_CBC_encrypt,
+ 0,
+ NULL
};
static struct encryption_type *etypes[] = {
@@ -2575,10 +2737,8 @@ static struct encryption_type *etypes[] = {
&enctype_des3_cbc_md5,
&enctype_des3_cbc_sha1,
&enctype_old_des3_cbc_sha1,
-#ifdef ENABLE_AES
&enctype_aes128_cts_hmac_sha1,
&enctype_aes256_cts_hmac_sha1,
-#endif
&enctype_des_cbc_none,
&enctype_des_cfb64_none,
&enctype_des_pcbc_none,
@@ -2599,7 +2759,7 @@ _find_enctype(krb5_enctype type)
}
-krb5_error_code
+krb5_error_code KRB5_LIB_FUNCTION
krb5_enctype_to_string(krb5_context context,
krb5_enctype etype,
char **string)
@@ -2609,6 +2769,7 @@ krb5_enctype_to_string(krb5_context context,
if(e == NULL) {
krb5_set_error_string (context, "encryption type %d not supported",
etype);
+ *string = NULL;
return KRB5_PROG_ETYPE_NOSUPP;
}
*string = strdup(e->name);
@@ -2619,7 +2780,7 @@ krb5_enctype_to_string(krb5_context context,
return 0;
}
-krb5_error_code
+krb5_error_code KRB5_LIB_FUNCTION
krb5_string_to_enctype(krb5_context context,
const char *string,
krb5_enctype *etype)
@@ -2635,7 +2796,42 @@ krb5_string_to_enctype(krb5_context context,
return KRB5_PROG_ETYPE_NOSUPP;
}
-krb5_error_code
+krb5_error_code KRB5_LIB_FUNCTION
+_krb5_enctype_to_oid(krb5_context context,
+ krb5_enctype etype,
+ heim_oid *oid)
+{
+ struct encryption_type *et = _find_enctype(etype);
+ if(et == NULL) {
+ krb5_set_error_string (context, "encryption type %d not supported",
+ etype);
+ return KRB5_PROG_ETYPE_NOSUPP;
+ }
+ if(et->oid == NULL) {
+ krb5_set_error_string (context, "%s have not oid", et->name);
+ return KRB5_PROG_ETYPE_NOSUPP;
+ }
+ krb5_clear_error_string(context);
+ return der_copy_oid(et->oid, oid);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+_krb5_oid_to_enctype(krb5_context context,
+ const heim_oid *oid,
+ krb5_enctype *etype)
+{
+ int i;
+ for(i = 0; i < num_etypes; i++) {
+ if(etypes[i]->oid && der_heim_oid_cmp(etypes[i]->oid, oid) == 0) {
+ *etype = etypes[i]->type;
+ return 0;
+ }
+ }
+ krb5_set_error_string(context, "enctype for oid not supported");
+ return KRB5_PROG_ETYPE_NOSUPP;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
krb5_enctype_to_keytype(krb5_context context,
krb5_enctype etype,
krb5_keytype *keytype)
@@ -2651,7 +2847,7 @@ krb5_enctype_to_keytype(krb5_context context,
}
#if 0
-krb5_error_code
+krb5_error_code KRB5_LIB_FUNCTION
krb5_keytype_to_enctype(krb5_context context,
krb5_keytype keytype,
krb5_enctype *etype)
@@ -2665,7 +2861,7 @@ krb5_keytype_to_enctype(krb5_context context,
}
#endif
-krb5_error_code
+krb5_error_code KRB5_LIB_FUNCTION
krb5_keytype_to_enctypes (krb5_context context,
krb5_keytype keytype,
unsigned *len,
@@ -2701,7 +2897,7 @@ krb5_keytype_to_enctypes (krb5_context context,
* else, do `krb5_keytype_to_enctypes'.
*/
-krb5_error_code
+krb5_error_code KRB5_LIB_FUNCTION
krb5_keytype_to_enctypes_default (krb5_context context,
krb5_keytype keytype,
unsigned *len,
@@ -2727,15 +2923,45 @@ krb5_keytype_to_enctypes_default (krb5_context context,
return 0;
}
-krb5_error_code
+krb5_error_code KRB5_LIB_FUNCTION
krb5_enctype_valid(krb5_context context,
krb5_enctype etype)
{
- return _find_enctype(etype) != NULL;
+ struct encryption_type *e = _find_enctype(etype);
+ if(e == NULL) {
+ krb5_set_error_string (context, "encryption type %d not supported",
+ etype);
+ return KRB5_PROG_ETYPE_NOSUPP;
+ }
+ if (e->flags & F_DISABLED) {
+ krb5_set_error_string (context, "encryption type %s is disabled",
+ e->name);
+ return KRB5_PROG_ETYPE_NOSUPP;
+ }
+ return 0;
}
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cksumtype_valid(krb5_context context,
+ krb5_cksumtype ctype)
+{
+ struct checksum_type *c = _find_checksum(ctype);
+ if (c == NULL) {
+ krb5_set_error_string (context, "checksum type %d not supported",
+ ctype);
+ return KRB5_PROG_SUMTYPE_NOSUPP;
+ }
+ if (c->flags & F_DISABLED) {
+ krb5_set_error_string (context, "checksum type %s is disabled",
+ c->name);
+ return KRB5_PROG_SUMTYPE_NOSUPP;
+ }
+ return 0;
+}
+
+
/* if two enctypes have compatible keys */
-krb5_boolean
+krb5_boolean KRB5_LIB_FUNCTION
krb5_enctypes_compatible_keys(krb5_context context,
krb5_enctype etype1,
krb5_enctype etype2)
@@ -2766,7 +2992,7 @@ static krb5_error_code
encrypt_internal_derived(krb5_context context,
krb5_crypto crypto,
unsigned usage,
- void *data,
+ const void *data,
size_t len,
krb5_data *result,
void *ivec)
@@ -2835,7 +3061,7 @@ encrypt_internal_derived(krb5_context context,
static krb5_error_code
encrypt_internal(krb5_context context,
krb5_crypto crypto,
- void *data,
+ const void *data,
size_t len,
krb5_data *result,
void *ivec)
@@ -2904,7 +3130,7 @@ static krb5_error_code
encrypt_internal_special(krb5_context context,
krb5_crypto crypto,
int usage,
- void *data,
+ const void *data,
size_t len,
krb5_data *result,
void *ivec)
@@ -2955,9 +3181,10 @@ decrypt_internal_derived(krb5_context context,
unsigned long l;
checksum_sz = CHECKSUMSIZE(et->keyed_checksum);
- if (len < checksum_sz) {
- krb5_clear_error_string (context);
- return EINVAL; /* XXX - better error code? */
+ if (len < checksum_sz + et->confoundersize) {
+ krb5_set_error_string(context, "Encrypted data shorter then "
+ "checksum + confunder");
+ return KRB5_BAD_MSIZE;
}
if (((len - checksum_sz) % et->padsize) != 0) {
@@ -3010,7 +3237,7 @@ decrypt_internal_derived(krb5_context context,
l = len - et->confoundersize;
memmove(p, p + et->confoundersize, l);
result->data = realloc(p, l);
- if(result->data == NULL) {
+ if(result->data == NULL && l != 0) {
free(p);
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
@@ -3075,7 +3302,7 @@ decrypt_internal(krb5_context context,
l = len - et->confoundersize - checksum_sz;
memmove(p, p + et->confoundersize + checksum_sz, l);
result->data = realloc(p, l);
- if(result->data == NULL) {
+ if(result->data == NULL && l != 0) {
free(p);
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
@@ -3119,7 +3346,7 @@ decrypt_internal_special(krb5_context context,
memmove (p, p + cksum_sz + et->confoundersize, sz);
result->data = realloc(p, sz);
- if(result->data == NULL) {
+ if(result->data == NULL && sz != 0) {
free(p);
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
@@ -3129,11 +3356,11 @@ decrypt_internal_special(krb5_context context,
}
-krb5_error_code
+krb5_error_code KRB5_LIB_FUNCTION
krb5_encrypt_ivec(krb5_context context,
krb5_crypto crypto,
unsigned usage,
- void *data,
+ const void *data,
size_t len,
krb5_data *result,
void *ivec)
@@ -3148,18 +3375,18 @@ krb5_encrypt_ivec(krb5_context context,
return encrypt_internal(context, crypto, data, len, result, ivec);
}
-krb5_error_code
+krb5_error_code KRB5_LIB_FUNCTION
krb5_encrypt(krb5_context context,
krb5_crypto crypto,
unsigned usage,
- void *data,
+ const void *data,
size_t len,
krb5_data *result)
{
return krb5_encrypt_ivec(context, crypto, usage, data, len, result, NULL);
}
-krb5_error_code
+krb5_error_code KRB5_LIB_FUNCTION
krb5_encrypt_EncryptedData(krb5_context context,
krb5_crypto crypto,
unsigned usage,
@@ -3177,7 +3404,7 @@ krb5_encrypt_EncryptedData(krb5_context context,
return krb5_encrypt(context, crypto, usage, data, len, &result->cipher);
}
-krb5_error_code
+krb5_error_code KRB5_LIB_FUNCTION
krb5_decrypt_ivec(krb5_context context,
krb5_crypto crypto,
unsigned usage,
@@ -3196,7 +3423,7 @@ krb5_decrypt_ivec(krb5_context context,
return decrypt_internal(context, crypto, data, len, result, ivec);
}
-krb5_error_code
+krb5_error_code KRB5_LIB_FUNCTION
krb5_decrypt(krb5_context context,
krb5_crypto crypto,
unsigned usage,
@@ -3208,7 +3435,7 @@ krb5_decrypt(krb5_context context,
NULL);
}
-krb5_error_code
+krb5_error_code KRB5_LIB_FUNCTION
krb5_decrypt_EncryptedData(krb5_context context,
krb5_crypto crypto,
unsigned usage,
@@ -3223,25 +3450,24 @@ krb5_decrypt_EncryptedData(krb5_context context,
* *
************************************************************/
-#ifdef HAVE_OPENSSL
-#include <openssl/rand.h>
+#define ENTROPY_NEEDED 128
-/* From openssl/crypto/rand/rand_lcl.h */
-#define ENTROPY_NEEDED 20
static int
seed_something(void)
{
- int fd = -1;
char buf[1024], seedfile[256];
/* If there is a seed file, load it. But such a file cannot be trusted,
so use 0 for the entropy estimate */
if (RAND_file_name(seedfile, sizeof(seedfile))) {
+ int fd;
fd = open(seedfile, O_RDONLY);
if (fd >= 0) {
- read(fd, buf, sizeof(buf));
- /* Use the full buffer anyway */
- RAND_add(buf, sizeof(buf), 0.0);
+ ssize_t ret;
+ ret = read(fd, buf, sizeof(buf));
+ if (ret > 0)
+ RAND_add(buf, ret, 0.0);
+ close(fd);
} else
seedfile[0] = '\0';
} else
@@ -3273,82 +3499,34 @@ seed_something(void)
return -1;
}
-void
+void KRB5_LIB_FUNCTION
krb5_generate_random_block(void *buf, size_t len)
{
static int rng_initialized = 0;
+ HEIMDAL_MUTEX_lock(&crypto_mutex);
if (!rng_initialized) {
if (seed_something())
- krb5_abortx(NULL, "Fatal: could not seed the random number generator");
+ krb5_abortx(NULL, "Fatal: could not seed the "
+ "random number generator");
rng_initialized = 1;
}
- RAND_bytes(buf, len);
-}
-
-#else
-
-void
-krb5_generate_random_block(void *buf, size_t len)
-{
- des_cblock key, out;
- static des_cblock counter;
- static des_key_schedule schedule;
- int i;
- static int initialized = 0;
-
- if(!initialized) {
- des_new_random_key(&key);
- des_set_key(&key, schedule);
- memset(&key, 0, sizeof(key));
- des_new_random_key(&counter);
- }
- while(len > 0) {
- des_ecb_encrypt(&counter, &out, schedule, DES_ENCRYPT);
- for(i = 7; i >=0; i--)
- if(counter[i]++)
- break;
- memcpy(buf, out, min(len, sizeof(out)));
- len -= min(len, sizeof(out));
- buf = (char*)buf + sizeof(out);
- }
+ HEIMDAL_MUTEX_unlock(&crypto_mutex);
+ if (RAND_bytes(buf, len) != 1)
+ krb5_abortx(NULL, "Failed to generate random block");
}
-#endif
static void
DES3_postproc(krb5_context context,
unsigned char *k, size_t len, struct key_data *key)
{
- unsigned char x[24];
- int i, j;
+ DES3_random_to_key(context, key->key, k, len);
- memset(x, 0, sizeof(x));
- for (i = 0; i < 3; ++i) {
- unsigned char foo;
-
- for (j = 0; j < 7; ++j) {
- unsigned char b = k[7 * i + j];
-
- x[8 * i + j] = b;
- }
- foo = 0;
- for (j = 6; j >= 0; --j) {
- foo |= k[7 * i + j] & 1;
- foo <<= 1;
- }
- x[8 * i + 7] = foo;
- }
- k = key->key->keyvalue.data;
- memcpy(k, x, 24);
- memset(x, 0, sizeof(x));
if (key->schedule) {
krb5_free_data(context, key->schedule);
key->schedule = NULL;
}
- des_set_odd_parity((des_cblock*)k);
- des_set_odd_parity((des_cblock*)(k + 8));
- des_set_odd_parity((des_cblock*)(k + 16));
}
static krb5_error_code
@@ -3361,20 +3539,24 @@ derive_key(krb5_context context,
unsigned char *k;
unsigned int nblocks = 0, i;
krb5_error_code ret = 0;
-
struct key_type *kt = et->keytype;
+
ret = _key_schedule(context, key);
if(ret)
return ret;
- if(et->blocksize * 8 < kt->bits ||
- len != et->blocksize) {
+ if(et->blocksize * 8 < kt->bits || len != et->blocksize) {
nblocks = (kt->bits + et->blocksize * 8 - 1) / (et->blocksize * 8);
k = malloc(nblocks * et->blocksize);
if(k == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
- _krb5_n_fold(constant, len, k, et->blocksize);
+ ret = _krb5_n_fold(constant, len, k, et->blocksize);
+ if (ret) {
+ free(k);
+ krb5_set_error_string(context, "out of memory");
+ return ret;
+ }
for(i = 0; i < nblocks; i++) {
if(i > 0)
memcpy(k + i * et->blocksize,
@@ -3400,7 +3582,12 @@ derive_key(krb5_context context,
krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM;
}
- _krb5_n_fold(c, len, k, res_len);
+ ret = _krb5_n_fold(c, len, k, res_len);
+ if (ret) {
+ free(k);
+ krb5_set_error_string(context, "out of memory");
+ return ret;
+ }
free(c);
}
@@ -3409,12 +3596,10 @@ derive_key(krb5_context context,
case KEYTYPE_DES3:
DES3_postproc(context, k, nblocks * et->blocksize, key);
break;
-#ifdef ENABLE_AES
case KEYTYPE_AES128:
case KEYTYPE_AES256:
memcpy(key->key->keyvalue.data, k, key->key->keyvalue.length);
break;
-#endif /* ENABLE_AES */
default:
krb5_set_error_string(context,
"derive_key() called with unknown keytype (%u)",
@@ -3422,6 +3607,10 @@ derive_key(krb5_context context,
ret = KRB5_CRYPTO_INTERNAL;
break;
}
+ if (key->schedule) {
+ krb5_free_data(context, key->schedule);
+ key->schedule = NULL;
+ }
memset(k, 0, nblocks * et->blocksize);
free(k);
return ret;
@@ -3441,7 +3630,7 @@ _new_derived_key(krb5_crypto crypto, unsigned usage)
return &d->key;
}
-krb5_error_code
+krb5_error_code KRB5_LIB_FUNCTION
krb5_derive_key(krb5_context context,
const krb5_keyblock *key,
krb5_enctype etype,
@@ -3453,6 +3642,8 @@ krb5_derive_key(krb5_context context,
struct encryption_type *et;
struct key_data d;
+ *derived_key = NULL;
+
et = _find_enctype (etype);
if (et == NULL) {
krb5_set_error_string(context, "encryption type %d not supported",
@@ -3460,16 +3651,15 @@ krb5_derive_key(krb5_context context,
return KRB5_PROG_ETYPE_NOSUPP;
}
- ret = krb5_copy_keyblock(context, key, derived_key);
+ ret = krb5_copy_keyblock(context, key, &d.key);
if (ret)
return ret;
- d.key = *derived_key;
d.schedule = NULL;
ret = derive_key(context, et, &d, constant, constant_len);
- if (ret)
- return ret;
- ret = krb5_copy_keyblock(context, d.key, derived_key);
+ if (ret == 0)
+ ret = krb5_copy_keyblock(context, d.key, derived_key);
+ free_key_data(context, &d);
return ret;
}
@@ -3501,7 +3691,7 @@ _get_derived_key(krb5_context context,
}
-krb5_error_code
+krb5_error_code KRB5_LIB_FUNCTION
krb5_crypto_init(krb5_context context,
const krb5_keyblock *key,
krb5_enctype etype,
@@ -3516,20 +3706,23 @@ krb5_crypto_init(krb5_context context,
if(etype == ETYPE_NULL)
etype = key->keytype;
(*crypto)->et = _find_enctype(etype);
- if((*crypto)->et == NULL) {
+ if((*crypto)->et == NULL || ((*crypto)->et->flags & F_DISABLED)) {
free(*crypto);
+ *crypto = NULL;
krb5_set_error_string (context, "encryption type %d not supported",
etype);
return KRB5_PROG_ETYPE_NOSUPP;
}
if((*crypto)->et->keytype->size != key->keyvalue.length) {
free(*crypto);
+ *crypto = NULL;
krb5_set_error_string (context, "encryption key has bad length");
return KRB5_BAD_KEYSIZE;
}
ret = krb5_copy_keyblock(context, key, &(*crypto)->key.key);
if(ret) {
free(*crypto);
+ *crypto = NULL;
return ret;
}
(*crypto)->key.schedule = NULL;
@@ -3554,7 +3747,7 @@ free_key_usage(krb5_context context, struct key_usage *ku)
free_key_data(context, &ku->key);
}
-krb5_error_code
+krb5_error_code KRB5_LIB_FUNCTION
krb5_crypto_destroy(krb5_context context,
krb5_crypto crypto)
{
@@ -3568,7 +3761,7 @@ krb5_crypto_destroy(krb5_context context,
return 0;
}
-krb5_error_code
+krb5_error_code KRB5_LIB_FUNCTION
krb5_crypto_getblocksize(krb5_context context,
krb5_crypto crypto,
size_t *blocksize)
@@ -3577,7 +3770,49 @@ krb5_crypto_getblocksize(krb5_context context,
return 0;
}
-krb5_error_code
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_crypto_getenctype(krb5_context context,
+ krb5_crypto crypto,
+ krb5_enctype *enctype)
+{
+ *enctype = crypto->et->type;
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_crypto_getpadsize(krb5_context context,
+ krb5_crypto crypto,
+ size_t *padsize)
+{
+ *padsize = crypto->et->padsize;
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_crypto_getconfoundersize(krb5_context context,
+ krb5_crypto crypto,
+ size_t *confoundersize)
+{
+ *confoundersize = crypto->et->confoundersize;
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_enctype_disable(krb5_context context,
+ krb5_enctype enctype)
+{
+ struct encryption_type *et = _find_enctype(enctype);
+ if(et == NULL) {
+ if (context)
+ krb5_set_error_string (context, "encryption type %d not supported",
+ enctype);
+ return KRB5_PROG_ETYPE_NOSUPP;
+ }
+ et->flags |= F_DISABLED;
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
krb5_string_to_key_derived(krb5_context context,
const void *str,
size_t len,
@@ -3587,7 +3822,7 @@ krb5_string_to_key_derived(krb5_context context,
struct encryption_type *et = _find_enctype(etype);
krb5_error_code ret;
struct key_data kd;
- size_t keylen = et->keytype->bits / 8;
+ size_t keylen;
u_char *tmp;
if(et == NULL) {
@@ -3595,6 +3830,8 @@ krb5_string_to_key_derived(krb5_context context,
etype);
return KRB5_PROG_ETYPE_NOSUPP;
}
+ keylen = et->keytype->bits / 8;
+
ALLOC(kd.key, 1);
if(kd.key == NULL) {
krb5_set_error_string (context, "malloc: out of memory");
@@ -3612,7 +3849,12 @@ krb5_string_to_key_derived(krb5_context context,
krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM;
}
- _krb5_n_fold(str, len, tmp, keylen);
+ ret = _krb5_n_fold(str, len, tmp, keylen);
+ if (ret) {
+ free(tmp);
+ krb5_set_error_string(context, "out of memory");
+ return ret;
+ }
kd.schedule = NULL;
DES3_postproc (context, tmp, keylen, &kd); /* XXX */
memset(tmp, 0, keylen);
@@ -3634,9 +3876,10 @@ wrapped_length (krb5_context context,
{
struct encryption_type *et = crypto->et;
size_t padsize = et->padsize;
+ size_t checksumsize = CHECKSUMSIZE(et->checksum);
size_t res;
- res = et->confoundersize + et->checksum->checksumsize + data_len;
+ res = et->confoundersize + checksumsize + data_len;
res = (res + padsize - 1) / padsize * padsize;
return res;
}
@@ -3652,7 +3895,10 @@ wrapped_length_dervied (krb5_context context,
res = et->confoundersize + data_len;
res = (res + padsize - 1) / padsize * padsize;
- res += et->checksum->checksumsize;
+ if (et->keyed_checksum)
+ res += et->keyed_checksum->checksumsize;
+ else
+ res += et->checksum->checksumsize;
return res;
}
@@ -3671,12 +3917,185 @@ krb5_get_wrapped_length (krb5_context context,
return wrapped_length (context, crypto, data_len);
}
+/*
+ * Return the size of an encrypted packet of length `data_len'
+ */
+
+static size_t
+crypto_overhead (krb5_context context,
+ krb5_crypto crypto)
+{
+ struct encryption_type *et = crypto->et;
+ size_t res;
+
+ res = CHECKSUMSIZE(et->checksum);
+ res += et->confoundersize;
+ if (et->padsize > 1)
+ res += et->padsize;
+ return res;
+}
+
+static size_t
+crypto_overhead_dervied (krb5_context context,
+ krb5_crypto crypto)
+{
+ struct encryption_type *et = crypto->et;
+ size_t res;
+
+ if (et->keyed_checksum)
+ res = CHECKSUMSIZE(et->keyed_checksum);
+ else
+ res = CHECKSUMSIZE(et->checksum);
+ res += et->confoundersize;
+ if (et->padsize > 1)
+ res += et->padsize;
+ return res;
+}
+
+size_t
+krb5_crypto_overhead (krb5_context context, krb5_crypto crypto)
+{
+ if (derived_crypto (context, crypto))
+ return crypto_overhead_dervied (context, crypto);
+ else
+ return crypto_overhead (context, crypto);
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_random_to_key(krb5_context context,
+ krb5_enctype type,
+ const void *data,
+ size_t size,
+ krb5_keyblock *key)
+{
+ krb5_error_code ret;
+ struct encryption_type *et = _find_enctype(type);
+ if(et == NULL) {
+ krb5_set_error_string(context, "encryption type %d not supported",
+ type);
+ return KRB5_PROG_ETYPE_NOSUPP;
+ }
+ if ((et->keytype->bits + 7) / 8 > size) {
+ krb5_set_error_string(context, "encryption key %s needs %d bytes "
+ "of random to make an encryption key out of it",
+ et->name, (int)et->keytype->size);
+ return KRB5_PROG_ETYPE_NOSUPP;
+ }
+ ret = krb5_data_alloc(&key->keyvalue, et->keytype->size);
+ if(ret)
+ return ret;
+ key->keytype = type;
+ if (et->keytype->random_to_key)
+ (*et->keytype->random_to_key)(context, key, data, size);
+ else
+ memcpy(key->keyvalue.data, data, et->keytype->size);
+
+ return 0;
+}
+
+krb5_error_code
+_krb5_pk_octetstring2key(krb5_context context,
+ krb5_enctype type,
+ const void *dhdata,
+ size_t dhsize,
+ const heim_octet_string *c_n,
+ const heim_octet_string *k_n,
+ krb5_keyblock *key)
+{
+ struct encryption_type *et = _find_enctype(type);
+ krb5_error_code ret;
+ size_t keylen, offset;
+ void *keydata;
+ unsigned char counter;
+ unsigned char shaoutput[20];
+
+ if(et == NULL) {
+ krb5_set_error_string(context, "encryption type %d not supported",
+ type);
+ return KRB5_PROG_ETYPE_NOSUPP;
+ }
+ keylen = (et->keytype->bits + 7) / 8;
+
+ keydata = malloc(keylen);
+ if (keydata == NULL) {
+ krb5_set_error_string(context, "malloc: out of memory");
+ return ENOMEM;
+ }
+
+ counter = 0;
+ offset = 0;
+ do {
+ SHA_CTX m;
+
+ SHA1_Init(&m);
+ SHA1_Update(&m, &counter, 1);
+ SHA1_Update(&m, dhdata, dhsize);
+ if (c_n)
+ SHA1_Update(&m, c_n->data, c_n->length);
+ if (k_n)
+ SHA1_Update(&m, k_n->data, k_n->length);
+ SHA1_Final(shaoutput, &m);
+
+ memcpy((unsigned char *)keydata + offset,
+ shaoutput,
+ min(keylen - offset, sizeof(shaoutput)));
+
+ offset += sizeof(shaoutput);
+ counter++;
+ } while(offset < keylen);
+ memset(shaoutput, 0, sizeof(shaoutput));
+
+ ret = krb5_random_to_key(context, type, keydata, keylen, key);
+ memset(keydata, 0, sizeof(keylen));
+ free(keydata);
+ return ret;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_crypto_prf_length(krb5_context context,
+ krb5_enctype type,
+ size_t *length)
+{
+ struct encryption_type *et = _find_enctype(type);
+
+ if(et == NULL || et->prf_length == 0) {
+ krb5_set_error_string(context, "encryption type %d not supported",
+ type);
+ return KRB5_PROG_ETYPE_NOSUPP;
+ }
+
+ *length = et->prf_length;
+ return 0;
+}
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_crypto_prf(krb5_context context,
+ const krb5_crypto crypto,
+ const krb5_data *input,
+ krb5_data *output)
+{
+ struct encryption_type *et = crypto->et;
+
+ krb5_data_zero(output);
+
+ if(et->prf == NULL) {
+ krb5_set_error_string(context, "kerberos prf for %s not supported",
+ et->name);
+ return KRB5_PROG_ETYPE_NOSUPP;
+ }
+
+ return (*et->prf)(context, crypto, input, output);
+}
+
+
+
+
#ifdef CRYPTO_DEBUG
static krb5_error_code
krb5_get_keyid(krb5_context context,
krb5_keyblock *key,
- u_int32_t *keyid)
+ uint32_t *keyid)
{
MD5_CTX md5;
unsigned char tmp[16];
@@ -3690,16 +4109,16 @@ krb5_get_keyid(krb5_context context,
static void
krb5_crypto_debug(krb5_context context,
- int encrypt,
+ int encryptp,
size_t len,
krb5_keyblock *key)
{
- u_int32_t keyid;
+ uint32_t keyid;
char *kt;
krb5_get_keyid(context, key, &keyid);
krb5_enctype_to_string(context, key->keytype, &kt);
krb5_warnx(context, "%s %lu bytes with key-id %#x (%s)",
- encrypt ? "encrypting" : "decrypting",
+ encryptp ? "encrypting" : "decrypting",
(unsigned long)len,
keyid,
kt);
@@ -3736,7 +4155,7 @@ main()
d = _new_derived_key(crypto, usage);
if(d == NULL)
- return ENOMEM;
+ krb5_errx(context, 1, "_new_derived_key failed");
krb5_copy_keyblock(context, crypto->key.key, &d->key);
_krb5_put_int(constant, usage, 4);
derive_key(context, crypto->et, d, constant, sizeof(constant));
@@ -3762,11 +4181,10 @@ main()
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; */
key.keyvalue.length = 4;
- d = calloc(1, sizeof(*d));
-
+ d = ecalloc(1, sizeof(*d));
d->key = &key;
res.checksum.length = 20;
- res.checksum.data = malloc(res.checksum.length);
+ res.checksum.data = emalloc(res.checksum.length);
SP_HMAC_SHA1_checksum(context, d, data, 28, &res);
return 0;
diff --git a/crypto/heimdal/lib/krb5/dump_config.c b/crypto/heimdal/lib/krb5/dump_config.c
deleted file mode 100644
index 074595e2139c..000000000000
--- a/crypto/heimdal/lib/krb5/dump_config.c
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
- * Copyright (c) 1999 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of KTH nor the names of its contributors may be
- * used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
-
-#include "krb5_locl.h"
-
-RCSID("$Id: dump_config.c,v 1.2 1999/10/28 23:22:41 assar Exp $");
-
-/* print contents of krb5.conf */
-
-static void
-print_tree(struct krb5_config_binding *b, int level)
-{
- if (b == NULL)
- return;
-
- printf("%*s%s%s%s", level * 4, "",
- (level == 0) ? "[" : "", b->name, (level == 0) ? "]" : "");
- if(b->type == krb5_config_list) {
- if(level > 0)
- printf(" = {");
- printf("\n");
- print_tree(b->u.list, level + 1);
- if(level > 0)
- printf("%*s}\n", level * 4, "");
- } else if(b->type == krb5_config_string) {
- printf(" = %s\n", b->u.string);
- }
- if(b->next)
- print_tree(b->next, level);
-}
-
-int
-main(int argc, char **argv)
-{
- krb5_context context;
- krb5_error_code ret = krb5_init_context(&context);
- if(ret == 0) {
- print_tree(context->cf, 0);
- return 0;
- }
- return 1;
-}
diff --git a/crypto/heimdal/lib/krb5/krb5_build_principal.3 b/crypto/heimdal/lib/krb5/krb5_build_principal.3
deleted file mode 100644
index e74c7543bd74..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_build_principal.3
+++ /dev/null
@@ -1,101 +0,0 @@
-.\" Copyright (c) 1997, 2001 - 2002 Kungliga Tekniska Högskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\" may be used to endorse or promote products derived from this software
-.\" without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_build_principal.3,v 1.7 2003/04/16 13:58:14 lha Exp $
-.\"
-.Dd August 8, 1997
-.Dt KRB5_BUILD_PRINCIPAL 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_build_principal ,
-.Nm krb5_build_principal_ext ,
-.Nm krb5_build_principal_va ,
-.Nm krb5_build_principal_va_ext ,
-.Nm krb5_make_principal
-.Nd principal creation functions
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fn krb5_build_principal "krb5_context context" "krb5_principal *principal" "int realm_len" "krb5_const_realm realm" "..."
-.Ft krb5_error_code
-.Fn krb5_build_principal_ext "krb5_context context" "krb5_principal *principal" "int realm_len" "krb5_const_realm realm" "..."
-.Ft krb5_error_code
-.Fn krb5_build_principal_va "krb5_context context" "krb5_principal *principal" "int realm_len" "krb5_const_realm realm" "va_list ap"
-.Ft krb5_error_code
-.Fn krb5_build_principal_va_ext "krb5_context context" "krb5_principal *principal" "int realm_len" "krb5_const_realm realm" "va_list ap"
-.Ft krb5_error_code
-.Fn krb5_make_principal "krb5_context context" "krb5_principal *principal" "krb5_const_realm realm" "..."
-.Sh DESCRIPTION
-These functions create a Kerberos 5 principal from a realm and a list
-of components.
-All of these functions return an allocated principal in the
-.Fa principal
-parameter, this should be freed with
-.Fn krb5_free_principal
-after use.
-.Pp
-The
-.Dq build
-functions take a
-.Fa realm
-and the length of the realm. The
-.Fn krb5_build_principal
-and
-.Fn krb5_build_principal_va
-also takes a list of components (zero-terminated strings), terminated
-with
-.Dv NULL .
-The
-.Fn krb5_build_principal_ext
-and
-.Fn krb5_build_principal_va_ext
-takes a list of length-value pairs, the list is terminated with a zero
-length.
-.Pp
-The
-.Fn krb5_make_principal
-is a wrapper around
-.Fn krb5_build_principal .
-If the realm is
-.Dv NULL ,
-the default realm will be used.
-.Sh BUGS
-You can not have a NUL in a component. Until someone can give a good
-example of where it would be a good idea to have NUL's in a component,
-this will not be fixed.
-.Sh SEE ALSO
-.Xr krb5_425_conv_principal 3 ,
-.Xr krb5_free_principal 3 ,
-.Xr krb5_parse_name 3 ,
-.Xr krb5_sname_to_principal 3 ,
-.Xr krb5_unparse_name 3
diff --git a/crypto/heimdal/lib/krb5/krb5_free_addresses.3 b/crypto/heimdal/lib/krb5/krb5_free_addresses.3
deleted file mode 100644
index 6ac46d44f3b3..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_free_addresses.3
+++ /dev/null
@@ -1,53 +0,0 @@
-.\" Copyright (c) 2001 Kungliga Tekniska Högskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\" may be used to endorse or promote products derived from this software
-.\" without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_free_addresses.3,v 1.5 2003/04/16 13:58:15 lha Exp $
-.\"
-.Dd November 20, 2001
-.Dt KRB5_FREE_ADDRESSES 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_free_addresses
-.Nd free list of addresses
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft void
-.Fn krb5_free_addresses "krb5_context context" "krb5_addresses *addresses"
-.Sh DESCRIPTION
-The
-.Fn krb5_free_addresses
-will free a list of addresses that has been created with
-.Fn krb5_get_all_client_addrs
-or with some other function.
-.Sh SEE ALSO
-.Xr krb5_get_all_client_addrs 3
diff --git a/crypto/heimdal/lib/krb5/krb5_free_principal.3 b/crypto/heimdal/lib/krb5/krb5_free_principal.3
deleted file mode 100644
index e9900a7981cc..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_free_principal.3
+++ /dev/null
@@ -1,58 +0,0 @@
-.\" Copyright (c) 1997, 2001 - 2002 Kungliga Tekniska Högskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\" may be used to endorse or promote products derived from this software
-.\" without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" Copyright (c) 1997 Kungliga Tekniska Högskolan
-.\" $Id: krb5_free_principal.3,v 1.7 2003/04/16 13:58:11 lha Exp $
-.Dd August 8, 1997
-.Dt KRB5_FREE_PRINCIPAL 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_free_principal
-.Nd principal free function
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft void
-.Fn krb5_free_principal "krb5_context context" "krb5_principal principal"
-.Sh DESCRIPTION
-The
-.Fn krb5_free_principal
-will free a principal that has been created with
-.Fn krb5_build_principal ,
-.Fn krb5_parse_name ,
-or with some other function.
-.Sh SEE ALSO
-.Xr krb5_425_conv_principal 3 ,
-.Xr krb5_build_principal 3 ,
-.Xr krb5_parse_name 3 ,
-.Xr krb5_sname_to_principal 3 ,
-.Xr krb5_unparse_name 3
diff --git a/crypto/heimdal/lib/krb5/krb5_locl.h b/crypto/heimdal/lib/krb5/krb5_locl.h
index be7997e28c90..ef812dae7c95 100644
--- a/crypto/heimdal/lib/krb5/krb5_locl.h
+++ b/crypto/heimdal/lib/krb5/krb5_locl.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997-2002 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997-2006 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
-/* $Id: krb5_locl.h,v 1.71 2002/09/10 20:10:45 joda Exp $ */
+/* $Id: krb5_locl.h 22226 2007-12-08 21:31:53Z lha $ */
/* $FreeBSD$ */
#ifndef __KRB5_LOCL_H__
@@ -51,6 +51,9 @@
#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
+#ifdef HAVE_SYS_MMAN_H
+#include <sys/mman.h>
+#endif
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
@@ -62,6 +65,9 @@
#include <sys/ioctl.h>
#endif
#ifdef HAVE_PWD_H
+#undef _POSIX_PTHREAD_SEMANTICS
+/* This gets us the 5-arg getpwnam_r on Solaris 9. */
+#define _POSIX_PTHREAD_SEMANTICS
#include <pwd.h>
#endif
@@ -110,20 +116,51 @@ struct sockaddr_dl;
#ifdef HAVE_SYS_FILE_H
#include <sys/file.h>
#endif
+
+#ifdef HAVE_CRYPT_H
+#undef des_encrypt
+#define des_encrypt wingless_pigs_mostly_fail_to_fly
+#include <crypt.h>
+#undef des_encrypt
+#endif
+
+#ifdef HAVE_DOOR_CREATE
+#include <door.h>
+#endif
+
#include <roken.h>
#include <parse_time.h>
#include <base64.h>
#include "crypto-headers.h"
+
#include <krb5_asn1.h>
+
+struct send_to_kdc;
+
+/* XXX glue for pkinit */
+struct krb5_pk_identity;
+struct krb5_pk_cert;
+struct ContentInfo;
+typedef struct krb5_pk_init_ctx_data *krb5_pk_init_ctx;
+struct krb5_dh_moduli;
+
+/* v4 glue */
+struct _krb5_krb_auth_data;
+
#include <der.h>
#include <krb5.h>
#include <krb5_err.h>
#include <asn1_err.h>
+#ifdef PKINIT
+#include <hx509_err.h>
+#endif
#include <krb5-private.h>
+#include "heim_threads.h"
+
#define ALLOC(X, N) (X) = calloc((N), sizeof(*(X)))
#define ALLOC_SEQ(X, N) do { (X)->len = (N); ALLOC((X)->val, (N)); } while(0)
@@ -131,8 +168,101 @@ struct sockaddr_dl;
#define KEYTAB_DEFAULT "ANY:FILE:" SYSCONFDIR "/krb5.keytab,krb4:" SYSCONFDIR "/srvtab"
#define KEYTAB_DEFAULT_MODIFY "FILE:" SYSCONFDIR "/krb5.keytab"
+#define MODULI_FILE SYSCONFDIR "/krb5.moduli"
+
#ifndef O_BINARY
#define O_BINARY 0
#endif
+#define KRB5_BUFSIZ 1024
+
+typedef enum {
+ KRB5_INIT_CREDS_TRISTATE_UNSET = 0,
+ KRB5_INIT_CREDS_TRISTATE_TRUE,
+ KRB5_INIT_CREDS_TRISTATE_FALSE
+} krb5_get_init_creds_tristate;
+
+struct _krb5_get_init_creds_opt_private {
+ int refcount;
+ /* ENC_TIMESTAMP */
+ const char *password;
+ krb5_s2k_proc key_proc;
+ /* PA_PAC_REQUEST */
+ krb5_get_init_creds_tristate req_pac;
+ /* PKINIT */
+ krb5_pk_init_ctx pk_init_ctx;
+ KRB_ERROR *error;
+ krb5_get_init_creds_tristate addressless;
+ int flags;
+#define KRB5_INIT_CREDS_CANONICALIZE 1
+#define KRB5_INIT_CREDS_NO_C_CANON_CHECK 2
+};
+
+typedef struct krb5_context_data {
+ krb5_enctype *etypes;
+ krb5_enctype *etypes_des;
+ char **default_realms;
+ time_t max_skew;
+ time_t kdc_timeout;
+ unsigned max_retries;
+ int32_t kdc_sec_offset;
+ int32_t kdc_usec_offset;
+ krb5_config_section *cf;
+ struct et_list *et_list;
+ struct krb5_log_facility *warn_dest;
+ krb5_cc_ops *cc_ops;
+ int num_cc_ops;
+ const char *http_proxy;
+ const char *time_fmt;
+ krb5_boolean log_utc;
+ const char *default_keytab;
+ const char *default_keytab_modify;
+ krb5_boolean use_admin_kdc;
+ krb5_addresses *extra_addresses;
+ krb5_boolean scan_interfaces; /* `ifconfig -a' */
+ krb5_boolean srv_lookup; /* do SRV lookups */
+ krb5_boolean srv_try_txt; /* try TXT records also */
+ int32_t fcache_vno; /* create cache files w/ this
+ version */
+ int num_kt_types; /* # of registered keytab types */
+ struct krb5_keytab_data *kt_types; /* registered keytab types */
+ const char *date_fmt;
+ char *error_string;
+ char error_buf[256];
+ krb5_addresses *ignore_addresses;
+ char *default_cc_name;
+ char *default_cc_name_env;
+ int default_cc_name_set;
+ void *mutex; /* protects error_string/error_buf */
+ int large_msg_size;
+ int flags;
+#define KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME 1
+#define KRB5_CTX_F_CHECK_PAC 2
+ struct send_to_kdc *send_to_kdc;
+} krb5_context_data;
+
+#define KRB5_DEFAULT_CCNAME_FILE "FILE:/tmp/krb5cc_%{uid}"
+#define KRB5_DEFAULT_CCNAME_API "API:"
+#define KRB5_DEFAULT_CCNAME_KCM "KCM:%{uid}"
+
+#define EXTRACT_TICKET_ALLOW_CNAME_MISMATCH 1
+#define EXTRACT_TICKET_ALLOW_SERVER_MISMATCH 2
+#define EXTRACT_TICKET_MATCH_REALM 4
+
+/*
+ * Configurable options
+ */
+
+#ifndef KRB5_DEFAULT_CCTYPE
+#ifdef __APPLE__
+#define KRB5_DEFAULT_CCTYPE (&krb5_acc_ops)
+#else
+#define KRB5_DEFAULT_CCTYPE (&krb5_fcc_ops)
+#endif
+#endif
+
+#ifndef KRB5_ADDRESSLESS_DEFAULT
+#define KRB5_ADDRESSLESS_DEFAULT TRUE
+#endif
+
#endif /* __KRB5_LOCL_H__ */
diff --git a/crypto/heimdal/lib/krb5/krb5_principal_get_realm.3 b/crypto/heimdal/lib/krb5/krb5_principal_get_realm.3
deleted file mode 100644
index 1ece7986adc7..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_principal_get_realm.3
+++ /dev/null
@@ -1,81 +0,0 @@
-.\" Copyright (c) 2001 Kungliga Tekniska Högskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\" may be used to endorse or promote products derived from this software
-.\" without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_principal_get_realm.3,v 1.6 2003/04/16 13:58:17 lha Exp $
-.\"
-.Dd June 20, 2001
-.Dt KRB5_PRINCIPAL_GET_REALM 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_principal_get_realm ,
-.Nm krb5_principal_get_comp_string
-.Nd decompose a principal
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft "const char *"
-.Fn krb5_principal_get_realm "krb5_context context" "krb5_principal principal"
-.Ft "const char *"
-.Fn krb5_principal_get_comp_string "krb5_context context" "krb5_principal principal" "unsigned int component"
-.Sh DESCRIPTION
-These functions return parts of the
-.Fa principal ,
-either the realm or a specific component. The returned string points
-to data inside the principal, so they are valid only as long as the
-principal exists.
-.Pp
-The
-.Fa component
-argument to
-.Fn krb5_principal_get_comp_string
-is the component number to return, from zero to the total number of
-components minus one. If a the requested component number is out of range,
-.Dv NULL
-is returned.
-.Pp
-These functions can be seen as a replacement for the
-.Fn krb5_princ_realm ,
-.Fn krb5_princ_component
-and related macros, described as intermal in the MIT API
-specification. A difference is that these functions return strings,
-not
-.Dv krb5_data .
-A reason to return
-.Dv krb5_data
-was that it was believed that principal components could contain
-binary data, but this belief was unfounded, and it has been decided
-that principal components are infact UTF8, so it's safe to use zero
-terminated strings.
-.Pp
-It's generally not necessary to look at the components of a principal.
-.Sh SEE ALSO
-.Xr krb5_unparse_name 3
diff --git a/crypto/heimdal/lib/krb5/krb5_sname_to_principal.3 b/crypto/heimdal/lib/krb5/krb5_sname_to_principal.3
deleted file mode 100644
index 5724ce1876c8..000000000000
--- a/crypto/heimdal/lib/krb5/krb5_sname_to_principal.3
+++ /dev/null
@@ -1,85 +0,0 @@
-.\" Copyright (c) 1997 Kungliga Tekniska Högskolan
-.\" (Royal Institute of Technology, Stockholm, Sweden).
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\"
-.\" 3. Neither the name of the Institute nor the names of its contributors
-.\" may be used to endorse or promote products derived from this software
-.\" without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: krb5_sname_to_principal.3,v 1.7 2003/04/16 13:58:17 lha Exp $
-.\"
-.Dd August 8, 1997
-.Dt KRB5_PRINCIPAL 3
-.Os HEIMDAL
-.Sh NAME
-.Nm krb5_sname_to_principal ,
-.Nm krb5_sock_to_principal
-.Nd create a service principal
-.Sh LIBRARY
-Kerberos 5 Library (libkrb5, -lkrb5)
-.Sh SYNOPSIS
-.In krb5.h
-.Ft krb5_error_code
-.Fn krb5_sname_to_principal "krb5_context context" "const char *hostname" "const char *sname" "int32_t type" "krb5_principal *principal"
-.Ft krb5_error_code
-.Fn krb5_sock_to_principal "krb5_context context" "int socket" "const char *sname" "int32_t type" "krb5_principal *principal"
-.Sh DESCRIPTION
-These functions create a
-.Dq service
-principal that can, for instance, be used to lookup a key in a keytab. For both these function the
-.Fa sname
-parameter will be used for the first component of the created principal. If
-.Fa sname
-is
-.Dv NULL ,
-.Dq host
-will be used instead.
-.Fn krb5_sname_to_principal
-will use the passed
-.Fa hostname
-for the second component. If type
-.Dv KRB5_NT_SRV_HST
-this name will be looked up with
-.Fn gethostbyname .
-If
-.Fa hostname is
-.Dv NULL ,
-the local hostname will be used.
-.Pp
-.Fn krb5_sock_to_principal
-will use the
-.Dq sockname
-of the passed
-.Fa socket ,
-which should be a bound
-.Dv AF_INET
-socket.
-.Sh SEE ALSO
-.Xr krb5_425_conv_principal 3 ,
-.Xr krb5_build_principal 3 ,
-.Xr krb5_free_principal 3 ,
-.Xr krb5_parse_name 3 ,
-.Xr krb5_unparse_name 3
diff --git a/crypto/heimdal/lib/roken/acconfig.h b/crypto/heimdal/lib/roken/acconfig.h
deleted file mode 100644
index 5fbe685ce386..000000000000
--- a/crypto/heimdal/lib/roken/acconfig.h
+++ /dev/null
@@ -1,36 +0,0 @@
-@BOTTOM@
-
-#ifdef BROKEN_REALLOC
-#define realloc(X, Y) isoc_realloc((X), (Y))
-#define isoc_realloc(X, Y) ((X) ? realloc((X), (Y)) : malloc(Y))
-#endif
-
-#ifdef VOID_RETSIGTYPE
-#define SIGRETURN(x) return
-#else
-#define SIGRETURN(x) return (RETSIGTYPE)(x)
-#endif
-
-#define RCSID(msg) \
-static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg }
-
-#undef PROTOTYPES
-
-/* Maximum values on all known systems */
-#define MaxHostNameLen (64+4)
-#define MaxPathLen (1024+4)
-
-/*
- * Define NDBM if you are using the 4.3 ndbm library (which is part of
- * libc). If not defined, 4.2 dbm will be assumed.
- */
-#if defined(HAVE_DBM_FIRSTKEY)
-#define NDBM
-#endif
-
-/*
- * Defining this enables lots of useful (and used) extensions on
- * glibc-based systems such as Linux
- */
-
-#define _GNU_SOURCE
diff --git a/crypto/heimdal/lib/roken/acinclude.m4 b/crypto/heimdal/lib/roken/acinclude.m4
deleted file mode 100644
index 1d0197c5ce37..000000000000
--- a/crypto/heimdal/lib/roken/acinclude.m4
+++ /dev/null
@@ -1,9 +0,0 @@
-dnl $Id$
-dnl
-dnl Only put things that for some reason can't live in the `cf'
-dnl directory in this file.
-dnl
-
-dnl $xId: misc.m4,v 1.1 1997/12/14 15:59:04 joda Exp $
-dnl
-define(upcase,`echo $1 | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`)dnl
diff --git a/crypto/heimdal/lib/roken/print_version.c b/crypto/heimdal/lib/roken/print_version.c
deleted file mode 100644
index b5ce816eb604..000000000000
--- a/crypto/heimdal/lib/roken/print_version.c
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- * Copyright (c) 1998 - 2001 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-RCSID("$Id: print_version.c,v 1.8 2001/02/20 01:44:55 assar Exp $");
-#endif
-#include "roken.h"
-
-#include "print_version.h"
-
-void
-print_version(const char *progname)
-{
- const char *arg[] = VERSIONLIST;
- const int num_args = sizeof(arg) / sizeof(arg[0]);
- char *msg;
- size_t len = 0;
- int i;
-
- if(progname == NULL)
- progname = getprogname();
-
- if(num_args == 0)
- msg = "no version information";
- else {
- for(i = 0; i < num_args; i++) {
- if(i > 0)
- len += 2;
- len += strlen(arg[i]);
- }
- msg = malloc(len + 1);
- if(msg == NULL) {
- fprintf(stderr, "%s: out of memory\n", progname);
- return;
- }
- msg[0] = '\0';
- for(i = 0; i < num_args; i++) {
- if(i > 0)
- strcat(msg, ", ");
- strcat(msg, arg[i]);
- }
- }
- fprintf(stderr, "%s (%s)\n", progname, msg);
- fprintf(stderr, "Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan\n");
- if(num_args != 0)
- free(msg);
-}
diff --git a/crypto/heimdal/lib/roken/resource.h b/crypto/heimdal/lib/roken/resource.h
deleted file mode 100644
index 01cd01d76c8c..000000000000
--- a/crypto/heimdal/lib/roken/resource.h
+++ /dev/null
@@ -1,15 +0,0 @@
-//{{NO_DEPENDENCIES}}
-// Microsoft Developer Studio generated include file.
-// Used by roken.rc
-//
-
-// Next default values for new objects
-//
-#ifdef APSTUDIO_INVOKED
-#ifndef APSTUDIO_READONLY_SYMBOLS
-#define _APS_NEXT_RESOURCE_VALUE 101
-#define _APS_NEXT_COMMAND_VALUE 40001
-#define _APS_NEXT_CONTROL_VALUE 1000
-#define _APS_NEXT_SYMED_VALUE 101
-#endif
-#endif
diff --git a/crypto/heimdal/ltconfig b/crypto/heimdal/ltconfig
deleted file mode 100755
index 91907462a058..000000000000
--- a/crypto/heimdal/ltconfig
+++ /dev/null
@@ -1,2797 +0,0 @@
-#! /bin/sh
-
-# ltconfig - Create a system-specific libtool.
-# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001
-# Free Software Foundation, Inc.
-# Originally by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996
-#
-# This file is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-# General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-#
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
-
-# A lot of this script is taken from autoconf-2.10.
-
-# Check that we are running under the correct shell.
-SHELL=${CONFIG_SHELL-/bin/sh}
-echo=echo
-if test "X$1" = X--no-reexec; then
- # Discard the --no-reexec flag, and continue.
- shift
-elif test "X$1" = X--fallback-echo; then
- # Avoid inline document here, it may be left over
- :
-elif test "X`($echo '\t') 2>/dev/null`" = 'X\t'; then
- # Yippee, $echo works!
- :
-else
- # Restart under the correct shell.
- exec "$SHELL" "$0" --no-reexec ${1+"$@"}
-fi
-
-if test "X$1" = X--fallback-echo; then
- # used as fallback echo
- shift
- cat <<EOF
-$*
-EOF
- exit 0
-fi
-
-# Find the correct PATH separator. Usually this is `:', but
-# DJGPP uses `;' like DOS.
-if test "X${PATH_SEPARATOR+set}" != Xset; then
- UNAME=${UNAME-`uname 2>/dev/null`}
- case X$UNAME in
- *-DOS) PATH_SEPARATOR=';' ;;
- *) PATH_SEPARATOR=':' ;;
- esac
-fi
-
-# The HP-UX ksh and POSIX shell print the target directory to stdout
-# if CDPATH is set.
-if test "X${CDPATH+set}" = Xset; then CDPATH=:; export CDPATH; fi
-
-if test "X${echo_test_string+set}" != Xset; then
- # find a string as large as possible, as long as the shell can cope with it
- for cmd in 'sed 50q "$0"' 'sed 20q "$0"' 'sed 10q "$0"' 'sed 2q "$0"' 'echo test'; do
- # expected sizes: less than 2Kb, 1Kb, 512 bytes, 16 bytes, ...
- if (echo_test_string="`eval $cmd`") 2>/dev/null &&
- echo_test_string="`eval $cmd`" &&
- (test "X$echo_test_string" = "X$echo_test_string") 2>/dev/null; then
- break
- fi
- done
-fi
-
-if test "X`($echo '\t') 2>/dev/null`" = 'X\t' &&
- echo_testing_string=`($echo "$echo_test_string") 2>/dev/null` &&
- test "X$echo_testing_string" = "X$echo_test_string"; then
- :
-else
- # The Solaris, AIX, and Digital Unix default echo programs unquote
- # backslashes. This makes it impossible to quote backslashes using
- # echo "$something" | sed 's/\\/\\\\/g'
- #
- # So, first we look for a working echo in the user's PATH.
-
- IFS="${IFS= }"; save_ifs="$IFS"; IFS="${IFS}${PATH_SEPARATOR}"
- for dir in $PATH /usr/ucb; do
- if (test -f $dir/echo || test -f $dir/echo$ac_exeext) &&
- test "X`($dir/echo '\t') 2>/dev/null`" = 'X\t' &&
- echo_testing_string=`($dir/echo "$echo_test_string") 2>/dev/null` &&
- test "X$echo_testing_string" = "X$echo_test_string"; then
- echo="$dir/echo"
- break
- fi
- done
- IFS="$save_ifs"
-
- if test "X$echo" = Xecho; then
- # We didn't find a better echo, so look for alternatives.
- if test "X`(print -r '\t') 2>/dev/null`" = 'X\t' &&
- echo_testing_string=`(print -r "$echo_test_string") 2>/dev/null` &&
- test "X$echo_testing_string" = "X$echo_test_string"; then
- # This shell has a builtin print -r that does the trick.
- echo='print -r'
- elif (test -f /bin/ksh || test -f /bin/ksh$ac_exeext) &&
- test "X$CONFIG_SHELL" != X/bin/ksh; then
- # If we have ksh, try running ltconfig again with it.
- ORIGINAL_CONFIG_SHELL="${CONFIG_SHELL-/bin/sh}"
- export ORIGINAL_CONFIG_SHELL
- CONFIG_SHELL=/bin/ksh
- export CONFIG_SHELL
- exec "$CONFIG_SHELL" "$0" --no-reexec ${1+"$@"}
- else
- # Try using printf.
- echo='printf %s\n'
- if test "X`($echo '\t') 2>/dev/null`" = 'X\t' &&
- echo_testing_string=`($echo "$echo_test_string") 2>/dev/null` &&
- test "X$echo_testing_string" = "X$echo_test_string"; then
- # Cool, printf works
- :
- elif echo_testing_string=`("$ORIGINAL_CONFIG_SHELL" "$0" --fallback-echo '\t') 2>/dev/null` &&
- test "X$echo_testing_string" = 'X\t' &&
- echo_testing_string=`("$ORIGINAL_CONFIG_SHELL" "$0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
- test "X$echo_testing_string" = "X$echo_test_string"; then
- CONFIG_SHELL="$ORIGINAL_CONFIG_SHELL"
- export CONFIG_SHELL
- SHELL="$CONFIG_SHELL"
- export SHELL
- echo="$CONFIG_SHELL $0 --fallback-echo"
- elif echo_testing_string=`("$CONFIG_SHELL" "$0" --fallback-echo '\t') 2>/dev/null` &&
- test "X$echo_testing_string" = 'X\t' &&
- echo_testing_string=`("$CONFIG_SHELL" "$0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
- test "X$echo_testing_string" = "X$echo_test_string"; then
- echo="$CONFIG_SHELL $0 --fallback-echo"
- else
- # maybe with a smaller string...
- prev=:
-
- for cmd in 'echo test' 'sed 2q "$0"' 'sed 10q "$0"' 'sed 20q "$0"' 'sed 50q "$0"'; do
- if (test "X$echo_test_string" = "X`eval $cmd`") 2>/dev/null; then
- break
- fi
- prev="$cmd"
- done
-
- if test "$prev" != 'sed 50q "$0"'; then
- echo_test_string=`eval $prev`
-
- export echo_test_string
- exec "${ORIGINAL_CONFIG_SHELL-${CONFIG_SHELL-/bin/sh}}" "$0" ${1+"$@"}
- else
- # Oops. We lost completely, so just stick with echo.
- echo=echo
- fi
- fi
- fi
- fi
-fi
-
-# Sed substitution that helps us do robust quoting. It backslashifies
-# metacharacters that are still active within double-quoted strings.
-Xsed='sed -e s/^X//'
-sed_quote_subst='s/\([\\"\\`$\\\\]\)/\\\1/g'
-
-# Same as above, but do not quote variable references.
-double_quote_subst='s/\([\\"\\`\\\\]\)/\\\1/g'
-
-# Sed substitution to delay expansion of an escaped shell variable in a
-# double_quote_subst'ed string.
-delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g'
-
-# The name of this program.
-progname=`$echo "X$0" | $Xsed -e 's%^.*/%%'`
-
-# Constants:
-PROGRAM=ltconfig
-PACKAGE=libtool
-VERSION=1.4a
-TIMESTAMP=" (1.641.2.255 2001/05/22 10:39:30)"
-ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5'
-ac_link='${CC-cc} -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5'
-rm="rm -f"
-
-help="Try \`$progname --help' for more information."
-
-# Global variables:
-default_ofile=libtool
-can_build_shared=yes
-enable_shared=yes
-# All known linkers require a `.a' archive for static linking (except M$VC,
-# which needs '.lib').
-enable_static=yes
-enable_fast_install=yes
-enable_dlopen=unknown
-enable_win32_dll=no
-pic_mode=default
-ltmain=
-silent=
-srcdir=
-ac_config_guess=
-ac_config_sub=
-host=
-build=NONE
-nonopt=NONE
-ofile="$default_ofile"
-verify_host=yes
-tagname=
-with_gcc=no
-with_gnu_ld=no
-need_locks=yes
-ac_ext=c
-libext=a
-cache_file=
-max_cmd_len=
-
-## Dependencies to place before and after the object being linked:
-predep_objects=
-postdep_objects=
-predeps=
-postdeps=
-compiler_lib_search_path=
-
-## Link characteristics:
-allow_undefined_flag=
-no_undefined_flag=
-need_lib_prefix=unknown
-need_version=unknown
-# when you set need_version to no, make sure it does not cause -set_version
-# flags to be left without arguments
-archive_cmds=
-archive_expsym_cmds=
-old_archive_from_new_cmds=
-old_archive_from_expsyms_cmds=
-striplib=
-old_striplib=
-export_dynamic_flag_spec=
-whole_archive_flag_spec=
-thread_safe_flag_spec=
-hardcode_into_libs=no
-hardcode_libdir_flag_spec=
-hardcode_libdir_separator=
-hardcode_direct=no
-hardcode_minus_L=no
-hardcode_shlibpath_var=unsupported
-runpath_var=
-link_all_deplibs=unknown
-always_export_symbols=no
-export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | sed '\''s/.* //'\'' | sort | uniq > $export_symbols'
-# include_expsyms should be a list of space-separated symbols to be *always*
-# included in the symbol list
-include_expsyms=
-# exclude_expsyms can be an egrep regular expression of symbols to exclude
-# it will be wrapped by ` (' and `)$', so one must not match beginning or
-# end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc',
-# as well as any symbol that contains `d'.
-exclude_expsyms="_GLOBAL_OFFSET_TABLE_"
-# Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
-# platforms (ab)use it in PIC code, but their linkers get confused if
-# the symbol is explicitly referenced. Since portable code cannot
-# rely on this symbol name, it's probably fine to never include it in
-# preloaded symbol tables.
-extract_expsyms_cmds=
-
-## Tools:
-old_AR="$AR"
-old_AR_FLAGS="$AR_FLAGS"
-old_CC="$CC"
-old_CFLAGS="$CFLAGS"
-old_CPPFLAGS="$CPPFLAGS"
-old_LDFLAGS="$LDFLAGS"
-old_LIBS="$LIBS"
-old_MAGIC_CMD="$MAGIC_CMD"
-old_LD="$LD"
-old_LN_S="$LN_S"
-old_LTCC="$LTCC"
-old_NM="$NM"
-old_RANLIB="$RANLIB"
-old_STRIP="$STRIP"
-old_AS="$AS"
-old_DLLTOOL="$DLLTOOL"
-old_OBJDUMP="$OBJDUMP"
-old_OBJEXT="$OBJEXT"
-old_EXEEXT="$EXEEXT"
-old_reload_flag="$reload_flag"
-old_deplibs_check_method="$deplibs_check_method"
-old_file_magic_cmd="$file_magic_cmd"
-
-# Parse the command line options.
-args=
-prev=
-for option
-do
- case $option in
- -*=*) optarg=`echo "$option" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
- *) optarg= ;;
- esac
-
- # If the previous option needs an argument, assign it.
- if test -n "$prev"; then
- eval "$prev=\$option"
- prev=
- continue
- fi
-
- case $option in
- --help) cat <<EOM
-Usage: $progname [OPTION]... LTMAIN [HOST]
-
-Generate a system-specific libtool script.
-
- --build configure for building on BUILD [BUILD=HOST]
- --debug enable verbose shell tracing
- --disable-shared do not build shared libraries
- --disable-static do not build static libraries
- --disable-fast-install do not optimize for fast installation
- --enable-dlopen enable dlopen support
- --enable-win32-dll enable building dlls on win32 hosts
- --help display this help and exit
- --no-verify do not verify that HOST is a valid host type
--o, --output=FILE specify the output file [default=$default_ofile]
- --quiet same as \`--silent'
- --silent do not print informational messages
- --srcdir=DIR find \`config.guess' in DIR
- --version output version information and exit
- --add-tag=TAG append an alternate configuration
- --with-gcc assume that the GNU C compiler will be used
- --with-gnu-ld assume that the C compiler uses the GNU linker
- --prefer-pic try to use only PIC objects
- --prefer-non-pic try to use only non-PIC objects
- --disable-lock disable file locking
- --cache-file=FILE configure cache file
-
-LTMAIN is the \`ltmain.sh' shell script fragment or \`ltmain.c' program
-that provides basic libtool functionality.
-
-HOST is the canonical host system name [default=guessed].
-EOM
- exit 0
- ;;
-
- --build) prev=build ;;
- --build=*) build="$optarg" ;;
-
- --debug)
- echo "$progname: enabling shell trace mode"
- set -x
- ;;
-
- --disable-shared) enable_shared=no ;;
-
- --disable-static) enable_static=no ;;
-
- --disable-fast-install) enable_fast_install=no ;;
-
- --enable-dlopen) enable_dlopen=yes ;;
-
- --enable-win32-dll) enable_win32_dll=yes ;;
-
- --quiet | --silent) silent=yes ;;
-
- --srcdir) prev=srcdir ;;
- --srcdir=*) srcdir="$optarg" ;;
-
- --no-verify) verify_host=no ;;
-
- --output | -o) prev=ofile ;;
- --output=*) ofile="$optarg" ;;
-
- --version) echo "$PROGRAM (GNU $PACKAGE) $VERSION$TIMESTAMP"; exit 0 ;;
-
- --add-tag) prev=tagname ;;
- --add-tag=*) tagname="$optarg" ;;
-
- --with-gcc) with_gcc=yes ;;
- --with-gnu-ld) with_gnu_ld=yes ;;
-
- --prefer-pic) pic_mode=yes ;;
- --prefer-non-pic) pic_mode=no ;;
-
- --disable-lock) need_locks=no ;;
-
- --cache-file=*) cache_file="$optarg" ;;
-
- -*)
- echo "$progname: unrecognized option \`$option'" 1>&2
- echo "$help" 1>&2
- exit 1
- ;;
-
- *)
- if test -z "$ltmain"; then
- ltmain="$option"
- elif test -z "$host"; then
-# This generates an unnecessary warning for sparc-sun-solaris4.1.3_U1
-# if test -n "`echo $option| sed 's/[-a-z0-9.]//g'`"; then
-# echo "$progname: warning \`$option' is not a valid host type" 1>&2
-# fi
- host="$option"
- else
- echo "$progname: too many arguments" 1>&2
- echo "$help" 1>&2
- exit 1
- fi ;;
- esac
-done
-
-if test -z "$ltmain"; then
- echo "$progname: you must specify a LTMAIN file" 1>&2
- echo "$help" 1>&2
- exit 1
-fi
-
-if test ! -f "$ltmain"; then
- echo "$progname: \`$ltmain' does not exist" 1>&2
- echo "$help" 1>&2
- exit 1
-fi
-
-if test -n "$tagname"; then
- # Check whether tagname contains only valid characters
- case `$echo "X$tagname" | $Xsed -e 's/[-_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890,/]//g'` in
- "") ;;
- *)
- echo "$progname: invalid tag name: $tagname" 1>&2
- exit 1
- ;;
- esac
-
- if grep "^### BEGIN LIBTOOL TAG CONFIG: $tagname$" < "$ofile" > /dev/null; then
- echo "$progname: tag name $tagname already exists" 1>&2
- exit 1
- fi
-
- if test ! -f "$ofile"; then
- echo "$progname: warning: output file \`$ofile' does not exist" 1>&2
- fi
-
- if test -z "$LTCC"; then
- eval "`$SHELL $ofile --config | grep '^LTCC='`"
- if test -z "$LTCC"; then
- echo "$progname: warning: output file \`$ofile' does not look like a libtool script" 1>&2
- else
- echo "$progname: warning: using \`LTCC=$LTCC', extracted from \`$ofile'" 1>&2
- fi
- fi
-fi
-
-# Quote any args containing shell metacharacters.
-ltconfig_args=
-for arg
-do
- case $arg in
- *" "*|*" "*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?]*)
- ltconfig_args="$ltconfig_args '$arg'" ;;
- *) ltconfig_args="$ltconfig_args $arg" ;;
- esac
-done
-
-# A relevant subset of AC_INIT.
-
-# File descriptor usage:
-# 0 standard input
-# 1 file creation
-# 2 errors and warnings
-# 3 some systems may open it to /dev/tty
-# 4 used on the Kubota Titan
-# 5 compiler messages saved in config.log
-# 6 checking for... messages and results
-if test "$silent" = yes; then
- exec 6>/dev/null
-else
- exec 6>&1
-fi
-exec 5>>./config.log
-
-# NLS nuisances.
-# Only set LANG and LC_ALL to C if already set.
-# These must not be set unconditionally because not all systems understand
-# e.g. LANG=C (notably SCO).
-if test "X${LC_ALL+set}" = Xset; then LC_ALL=C; export LC_ALL; fi
-if test "X${LANG+set}" = Xset; then LANG=C; export LANG; fi
-
-if test -n "$cache_file" && test -r "$cache_file" && test -f "$cache_file"; then
- echo "loading cache $cache_file within ltconfig"
- . $cache_file
-fi
-
-if (echo "testing\c"; echo 1,2,3) | grep c >/dev/null; then
- # Stardent Vistra SVR4 grep lacks -e, says ghazi@caip.rutgers.edu.
- if (echo -n testing; echo 1,2,3) | sed s/-n/xn/ | grep xn >/dev/null; then
- ac_n= ac_c='
-' ac_t=' '
- else
- ac_n=-n ac_c= ac_t=
- fi
-else
- ac_n= ac_c='\c' ac_t=
-fi
-
-if test -z "$srcdir"; then
- # Assume the source directory is the same one as the path to LTMAIN.
- srcdir=`$echo "X$ltmain" | $Xsed -e 's%/[^/]*$%%'`
- test "$srcdir" = "$ltmain" && srcdir=.
-fi
-
-trap "$rm conftest*; exit 1" 1 2 15
-if test "$verify_host" = yes; then
- # Check for config.guess and config.sub.
- ac_aux_dir=
- for ac_dir in $srcdir $srcdir/.. $srcdir/../..; do
- if test -f $ac_dir/config.guess; then
- ac_aux_dir=$ac_dir
- break
- fi
- done
- if test -z "$ac_aux_dir"; then
- echo "$progname: cannot find config.guess in $srcdir $srcdir/.. $srcdir/../.." 1>&2
- echo "$help" 1>&2
- exit 1
- fi
- ac_config_guess=$ac_aux_dir/config.guess
- ac_config_sub=$ac_aux_dir/config.sub
-
- # Make sure we can run config.sub.
- if $SHELL $ac_config_sub sun4 >/dev/null 2>&1; then :
- else
- echo "$progname: cannot run $ac_config_sub" 1>&2
- echo "$help" 1>&2
- exit 1
- fi
-
- echo $ac_n "checking host system type""... $ac_c" 1>&6
-
- host_alias=$host
- case $host_alias in
- "")
- # Force config.guess to use the C compiler.
- # CC_FOR_BUILD overrides the CC variable in config.guess but I had
- # problems with it so do it this way for now.
- CC="$LTCC"
-
- if host_alias=`$SHELL $ac_config_guess`; then :
- else
- echo "$progname: cannot guess host type; you must specify one" 1>&2
- echo "$help" 1>&2
- exit 1
- fi
-
- # Restore the C compiler.
- CC="$old_CC"
- ;;
- esac
- host=`$SHELL $ac_config_sub $host_alias`
- echo "$ac_t$host" 1>&6
-
- # Make sure the host verified.
- test -z "$host" && exit 1
-
- # Check for the build system type
- echo $ac_n "checking build system type... $ac_c" 1>&6
-
- build_alias=$build
- case $build_alias in
- NONE)
- case $nonopt in
- NONE) build_alias=$host_alias ;;
- *) build_alias=$nonopt ;;
- esac ;;
- esac
-
- build=`$SHELL $ac_config_sub $build_alias`
- build_cpu=`echo $build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`
- build_vendor=`echo $build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'`
- build_os=`echo $build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
- echo "$ac_t""$build" 1>&6
-
-elif test -z "$host"; then
- echo "$progname: you must specify a host type if you use \`--no-verify'" 1>&2
- echo "$help" 1>&2
- exit 1
-else
- host_alias=$host
- build_alias=$host_alias
- build=$host
-fi
-
-if test x"$host" != x"$build"; then
- ac_tool_prefix=${host_alias}-
-else
- ac_tool_prefix=
-fi
-
-host_cpu=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`
-host_vendor=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'`
-host_os=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
-
-# Transform linux* to *-*-linux-gnu*, to support old configure scripts.
-case $host_os in
-linux-gnu*) ;;
-linux*) host=`echo $host | sed 's/^\(.*-.*-linux\)\(.*\)$/\1-gnu\2/'`
-esac
-
-case $host_os in
-aix3*)
- # AIX sometimes has problems with the GCC collect2 program. For some
- # reason, if we set the COLLECT_NAMES environment variable, the problems
- # vanish in a puff of smoke.
- if test "X${COLLECT_NAMES+set}" != Xset; then
- COLLECT_NAMES=
- export COLLECT_NAMES
- fi
- ;;
-esac
-
-# Determine commands to create old-style static archives.
-old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs$old_deplibs'
-old_postinstall_cmds='chmod 644 $oldlib'
-old_postuninstall_cmds=
-
-if test -n "$RANLIB"; then
- old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib"
- old_postinstall_cmds="\$RANLIB \$oldlib~$old_postinstall_cmds"
-fi
-
-# Source the script associated with the $tagname tag configuration.
-if test -n "$tagname"; then
- . $ltmain
-else
- # FIXME: We should use a variable here
- # Configure for a C compiler
- . $srcdir/ltcf-c.sh
-fi
-
-# Set sane defaults for various variables
-test -z "$AR" && AR=ar
-test -z "$AR_FLAGS" && AR_FLAGS=cru
-test -z "$AS" && AS=as
-test -z "$CC" && CC=cc
-test -z "$DLLTOOL" && DLLTOOL=dlltool
-test -z "$MAGIC_CMD" && MAGIC_CMD=file
-test -z "$LD" && LD=ld
-test -z "$LN_S" && LN_S="ln -s"
-test -z "$NM" && NM=nm
-test -z "$OBJDUMP" && OBJDUMP=objdump
-test -z "$RANLIB" && RANLIB=:
-test -z "$STRIP" && STRIP=:
-test -z "$objext" && objext=o
-
-echo $ac_n "checking for objdir... $ac_c" 1>&6
-rm -f .libs 2>/dev/null
-mkdir .libs 2>/dev/null
-if test -d .libs; then
- objdir=.libs
-else
- # MS-DOS does not allow filenames that begin with a dot.
- objdir=_libs
-fi
-rmdir .libs 2>/dev/null
-echo "$ac_t$objdir" 1>&6
-
-# If no C compiler was specified, use CC.
-LTCC=${LTCC-"$CC"}
-
-# Allow CC to be a program name with arguments.
-set dummy $CC
-compiler="$2"
-
-# We assume here that the value for ac_cv_prog_cc_pic will not be cached
-# in isolation, and that seeing it set (from the cache) indicates that
-# the associated values are set (in the cache) correctly too.
-echo $ac_n "checking for $compiler option to produce PIC... $ac_c" 1>&6
-echo "$progname:678:checking for $compiler option to produce PIC" 1>&5
-
-if test -z "$ac_cv_prog_cc_pic"; then
- echo "$ac_t"none 1>&6
-else
- echo "$ac_t""$ac_cv_prog_cc_pic" 1>&6
-
- # Check to make sure the pic_flag actually works.
- echo $ac_n "checking if $compiler PIC flag $ac_cv_prog_cc_pic works... $ac_c" 1>&6
- echo "$progname:687:checking that $compiler PIC flag $ac_cv_prog_cc_pic works." 1>&5
- if test "X${ac_cv_prog_cc_pic_works+set}" = Xset && \
- test "X${ac_cv_prog_cc_pic_works}" != X; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- ac_cv_prog_cc_pic_works=yes
- $rm conftest*
- echo $lt_simple_compile_test_code > conftest.$ac_ext
- save_CFLAGS="$CFLAGS"
- CFLAGS="$CFLAGS $ac_cv_prog_cc_pic -DPIC"
- if { (eval echo $progname:697: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>conftest.err; } && test -s conftest.$objext; then
- # Append any warnings to the config.log.
- cat conftest.err 1>&5
-
- case $host_os in
- hpux9* | hpux10* | hpux11*)
- # On HP-UX, both CC and GCC only warn that PIC is supported... then
- # they create non-PIC objects. So, if there were any warnings, we
- # assume that PIC is not supported.
- if test -s conftest.err; then
- ac_cv_prog_cc_pic_works=no
- ac_cv_prog_cc_can_build_shared=no
- ac_cv_prog_cc_pic=
- else
- ac_cv_prog_cc_pic_works=yes
- ac_cv_prog_cc_pic=" $ac_cv_prog_cc_pic"
- fi
- ;;
- *)
- ac_cv_prog_cc_pic_works=yes
- ac_cv_prog_cc_pic=" $ac_cv_prog_cc_pic"
- ;;
- esac
- else
- # Append any errors to the config.log.
- cat conftest.err 1>&5
- ac_cv_prog_cc_pic_works=no
- ac_cv_prog_cc_can_build_shared=no
- ac_cv_prog_cc_pic=
- fi
- CFLAGS="$save_CFLAGS"
- $rm conftest*
- fi
- # Belt *and* braces to stop my trousers falling down:
- if test "X$ac_cv_prog_cc_pic_works" = Xno; then
- ac_cv_prog_cc_pic=
- ac_cv_prog_cc_can_build_shared=no
- fi
- echo "$ac_t""$ac_cv_prog_cc_pic_works" 1>&6
-fi
-
-# Check for any special shared library compilation flags.
-if test -n "$ac_cv_prog_cc_shlib"; then
- echo "$progname: warning: \`$CC' requires \`$ac_cv_prog_cc_shlib' to build shared libraries" 1>&2
- if echo "$old_CC $old_CFLAGS " | egrep -e "[ ]$ac_cv_prog_cc_shlib[ ]" >/dev/null; then :
- else
- echo "$progname: add \`$ac_cv_prog_cc_shlib' to the CC or CFLAGS env variable and reconfigure" 1>&2
- ac_cv_prog_cc_can_build_shared=no
- fi
-fi
-
-echo $ac_n "checking if $compiler static flag $ac_cv_prog_cc_static works... $ac_c" 1>&6
-echo "$progname:749: checking if $compiler static flag $ac_cv_prog_cc_static works" >&5
-if test "X${ac_cv_prog_cc_static_works+set}" = Xset && \
- test "X${ac_cv_prog_cc_static_works}" != X; then
- echo $ac_n "(cached) $ac_c" 1>&6
-else
- $rm conftest*
- echo $lt_simple_link_test_code > conftest.$ac_ext
- save_LDFLAGS="$LDFLAGS"
- LDFLAGS="$LDFLAGS $ac_cv_prog_cc_static"
- if { (eval echo $progname:758: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
- ac_cv_prog_cc_static_works=yes
- else
- ac_cv_prog_cc_static_works=no
- ac_cv_prog_cc_static=
- fi
- LDFLAGS="$save_LDFLAGS"
- $rm conftest*
-fi
-# Belt *and* braces to stop my trousers falling down:
-if test "X$ac_cv_prog_cc_static_works" = Xno; then
- ac_cv_prog_cc_static=
-fi
-echo "$ac_t""$ac_cv_prog_cc_static_works" 1>&6
-pic_flag="$ac_cv_prog_cc_pic"
-special_shlib_compile_flags="$ac_cv_prog_cc_shlib"
-wl="$ac_cv_prog_cc_wl"
-link_static_flag="$ac_cv_prog_cc_static"
-no_builtin_flag="$ac_cv_prog_cc_no_builtin"
-can_build_shared="$ac_cv_prog_cc_can_build_shared"
-
-# find the maximum length of command line arguments
-echo "$progname:780: finding the maximum length of command line arguments" 1>&5
-echo $ac_n "finding the maximum length of command line arguments... $ac_c" 1>&6
-if test "${lt_cv_sys_max_cmd_len+set}" = set; then
- echo $ac_n "(cached) $ac_c" 1>&6
-else
- i=0
- testring="ABCD"
- # If test is not a shell built-in, we'll probably end up computing a
- # maximum length that is only half of the actual maximum length, but
- # we can't tell.
- while test "X"`$CONFIG_SHELL $0 --fallback-echo "X$testring" 2>/dev/null` \
- = "XX$testring" &&
- new_result=`expr "X$testring" : ".*" 2>&1` &&
- lt_cv_sys_max_cmd_len=$new_result &&
- test $i != 18 # 1 MB should be enough
- do
- i=`expr $i + 1`
- testring=$testring$testring
- done
- testring=
- # add a significant safety factor because C++ compilers can tack on massive amounts
- # of additional arguments before passing them to the linker. 1/4 should be good.
- len=`expr $lt_cv_sys_max_cmd_len \/ 4`
- lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len - $len`
-fi
-echo "$progname:@lineno@: result: $lt_cv_sys_max_cmd_len" 1>&5
-echo "${ac_t}$lt_cv_sys_max_cmd_len" 1>&6
-
-if test -n $lt_cv_sys_max_cmd_len ; then
- max_cmd_len=$lt_cv_sys_max_cmd_len
-else
- max_cmd_len=none
-fi
-
-# Check to see if options -o and -c are simultaneously supported by compiler
-echo $ac_n "checking if $compiler supports -c -o file.$objext... $ac_c" 1>&6
-if test "${lt_cv_compiler_c_o+set}" = set; then
- echo $ac_n "(cached) $ac_c" 1>&6
-else
- $rm -r conftest 2>/dev/null
- mkdir conftest
- cd conftest
- $rm conftest*
- echo $lt_simple_compile_test_code > conftest.$ac_ext
- mkdir out
- # According to Tom Tromey, Ian Lance Taylor reported there are C compilers
- # that will create temporary files in the current directory regardless of
- # the output directory. Thus, making CWD read-only will cause this test
- # to fail, enabling locking or at least warning the user not to do parallel
- # builds.
- chmod -w .
- save_CFLAGS="$CFLAGS"
- CFLAGS="$CFLAGS -o out/conftest2.$objext"
- echo "$progname:833: checking if $compiler supports -c -o file.$objext" >&5
- if { (eval echo $progname:834: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>out/conftest.err; } && test -s out/conftest2.$objext; then
-
- # The compiler can only warn and ignore the option if not recognized
- # So say no if there are warnings
- if test -s out/conftest.err; then
- lt_cv_compiler_c_o=no
- else
- lt_cv_compiler_c_o=yes
- fi
- else
- # Append any errors to the config.log.
- cat out/conftest.err 1>&5
- lt_cv_compiler_c_o=no
- fi
- CFLAGS="$save_CFLAGS"
- chmod u+w .
- $rm conftest* out/*
- rmdir out
- cd ..
- rmdir conftest
- $rm -r conftest 2>/dev/null
-fi
-compiler_c_o=$lt_cv_compiler_c_o
-echo "${ac_t}$compiler_c_o" 1>&6
-
-# Check to see if we can do hard links to lock some files if needed
-hard_links="nottested"
-if test "$compiler_c_o" = no && test "$need_locks" != no; then
- # do not overwrite the value of need_locks provided by the user
- echo $ac_n "checking if we can lock with hard links... $ac_c" 1>&6
- hard_links=yes
- $rm conftest*
- ln conftest.a conftest.b 2>/dev/null && hard_links=no
- touch conftest.a
- ln conftest.a conftest.b 2>&5 || hard_links=no
- ln conftest.a conftest.b 2>/dev/null && hard_links=no
- echo "$ac_t$hard_links" 1>&6
- $rm conftest*
- if test "$hard_links" = no; then
- echo "*** WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2
- need_locks=warn
- fi
-else
- need_locks=no
-fi
-
-if test "$with_gcc" = yes; then
- # Check to see if options -fno-rtti -fno-exceptions are supported by compiler
- echo $ac_n "checking if $compiler supports -fno-rtti -fno-exceptions ... $ac_c" 1>&6
- $rm conftest*
- echo $lt_simple_compile_test_code > conftest.$ac_ext
- save_CFLAGS="$CFLAGS"
- CFLAGS="$CFLAGS -fno-rtti -fno-exceptions -c conftest.$ac_ext"
- echo "$progname:887: checking if $compiler supports -fno-rtti -fno-exceptions" >&5
- if { (eval echo $progname:888: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>conftest.err; } && test -s conftest.$objext; then
-
- # The compiler can only warn and ignore the option if not recognized
- # So say no if there are warnings
- if test -s conftest.err; then
- echo "$ac_t"no 1>&6
- compiler_rtti_exceptions=no
- else
- echo "$ac_t"yes 1>&6
- compiler_rtti_exceptions=yes
- fi
- else
- # Append any errors to the config.log.
- cat conftest.err 1>&5
- compiler_rtti_exceptions=no
- echo "$ac_t"no 1>&6
- fi
- CFLAGS="$save_CFLAGS"
- $rm conftest*
-
- if test "$compiler_rtti_exceptions" = "yes"; then
- no_builtin_flag=' -fno-builtin -fno-rtti -fno-exceptions'
- else
- no_builtin_flag=' -fno-builtin'
- fi
-
-fi
-
-# See if the linker supports building shared libraries.
-echo $ac_n "checking whether the linker ($LD) supports shared libraries... $ac_c" 1>&6
-
-echo "$ac_t$ld_shlibs" 1>&6
-test "$ld_shlibs" = no && can_build_shared=no
-
-# Check hardcoding attributes.
-echo $ac_n "checking how to hardcode library paths into programs... $ac_c" 1>&6
-hardcode_action=
-if test -n "$hardcode_libdir_flag_spec" || \
- test -n "$runpath_var"; then
-
- # We can hardcode non-existant directories.
- if test "$hardcode_direct" != no &&
- # If the only mechanism to avoid hardcoding is shlibpath_var, we
- # have to relink, otherwise we might link with an installed library
- # when we should be linking with a yet-to-be-installed one
- ## test "$hardcode_shlibpath_var" != no &&
- test "$hardcode_minus_L" != no; then
- # Linking always hardcodes the temporary library directory.
- hardcode_action=relink
- else
- # We can link without hardcoding, and we can hardcode nonexisting dirs.
- hardcode_action=immediate
- fi
-else
- # We cannot hardcode anything, or else we can only hardcode existing
- # directories.
- hardcode_action=unsupported
-fi
-echo "$ac_t$hardcode_action" 1>&6
-
-echo $ac_n "checking whether stripping libraries is possible... $ac_c" 1>&6
-if test -n "$STRIP" && $STRIP -V 2>&1 | grep "GNU strip" >/dev/null; then
- test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
- test -z "$striplib" && striplib="$STRIP --strip-unneeded"
- echo "${ac_t}yes" 1>&6
-else
- echo "${ac_t}no" 1>&6
-fi
-
-case $reload_flag in
-"" | " "*) ;;
-*) reload_flag=" $reload_flag" ;;
-esac
-reload_cmds='$LD$reload_flag -o $output$reload_objs'
-test -z "$deplibs_check_method" && deplibs_check_method=unknown
-
-# PORTME Fill in your ld.so characteristics
-library_names_spec=
-libname_spec='lib$name'
-soname_spec=
-postinstall_cmds=
-postuninstall_cmds=
-finish_cmds=
-finish_eval=
-shlibpath_var=
-shlibpath_overrides_runpath=unknown
-version_type=none
-dynamic_linker="$host_os ld.so"
-sys_lib_dlsearch_path_spec="/lib /usr/lib"
-sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
-
-echo $ac_n "checking dynamic linker characteristics... $ac_c" 1>&6
-case $host_os in
-aix3*)
- version_type=linux
- library_names_spec='${libname}${release}.so$versuffix $libname.a'
- shlibpath_var=LIBPATH
-
- # AIX 3 has no versioning support, so we append a major version to the name.
- soname_spec='${libname}${release}.so$major'
- ;;
-
-aix4* | aix5*)
- if test "$host_cpu" = ia64; then
- # AIX 5 supports IA64
- library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
- shlibpath_var=LD_LIBRARY_PATH
- else
- # AIX (on Power*) has no versioning support, so currently we can not hardcode correct
- # soname into executable. Probably we can add versioning support to
- # collect2, so additional links can be useful in future.
- # We preserve .a as extension for shared libraries though AIX4.2
- # and later linker supports .so
- if test "$aix_use_runtimelinking" = yes; then
- # If using run time linking (on AIX 4.2 or later) use lib<name>.so instead of
- # lib<name>.a to let people know that these are not typical AIX shared libraries.
- library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
- else
- # We preserve .a as extension for shared libraries though AIX4.2
- # and later when we are not doing run time linking.
- library_names_spec='${libname}${release}.a $libname.a'
- soname_spec='${libname}${release}.so$major.o'
- fi
- # If we're using GNU nm, then we don't want the "-C" option.
- # -C means demangle to AIX nm, but means don't demangle with GNU nm
- if $NM -V 2>&1 | egrep '(GNU)' > /dev/null; then
- export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols'
- else
- export_symbols_cmds='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$2 == "T") || (\$2 == "D") || (\$2 == "B")) && (substr(\$3,1,1) != ".")) { print \$3 } }'\'' | sort -u > $export_symbols'
- fi
- shlibpath_var=LIBPATH
- deplibs_check_method=pass_all
- case $host_os in
- aix4 | aix4.[01] | aix4.[01].*)
- if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
- echo ' yes '
- echo '#endif'; } | ${CC} -E - | grep yes > /dev/null; then
- :
- else
- # With GCC up to 2.95.x, collect2 would create an import file
- # for dependence libraries. The import file would start with
- # the line `#! .'. This would cause the generated library to
- # depend on `.', always an invalid library. This was fixed in
- # development snapshots of GCC prior to 3.0.
- can_build_shared=no
- fi
- ;;
- esac
- fi
- ;;
-
-amigaos*)
- library_names_spec='$libname.ixlibrary $libname.a'
- # Create ${libname}_ixlibrary.a entries in /sys/libs.
- finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$echo "X$lib" | $Xsed -e '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $rm /sys/libs/${libname}_ixlibrary.a; $show "(cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a)"; (cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a) || exit 1; done'
- ;;
-
-beos*)
- library_names_spec='${libname}.so'
- dynamic_linker="$host_os ld.so"
- shlibpath_var=LIBRARY_PATH
- lt_cv_dlopen="load_add_on"
- lt_cv_dlopen_libs=
- lt_cv_dlopen_self=yes
- ;;
-
-bsdi4*)
- version_type=linux
- need_version=no
- library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
- soname_spec='${libname}${release}.so$major'
- finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
- shlibpath_var=LD_LIBRARY_PATH
- sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
- sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
- export_dynamic_flag_spec=-rdynamic
- # the default ld.so.conf also contains /usr/contrib/lib and
- # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
- # libtool to hard-code these into programs
- ;;
-
-cygwin* | mingw* | pw32*)
- version_type=windows
- need_version=no
- need_lib_prefix=no
- case $with_gcc,$host_os in
- yes,cygwin*)
- library_names_spec='$libname.dll.a'
- soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | [sed -e 's/[.]/-/g']`${versuffix}.dll'
- postinstall_cmds='dlpath=`bash 2>&1 -c '\''. $dir/${file}i; echo \$dlname'\''`~
- dldir=$destdir/`dirname \$dlpath`~
- test -d \$dldir || mkdir -p \$dldir~
- $install_prog .libs/$dlname \$dldir/$dlname'
- postuninstall_cmds='dldll=`bash 2>&1 -c '\''. $file; echo \$dlname'\''`~
- dlpath=$dir/\$dldll; $rm \$dlpath'
- ;;
- yes,mingw*)
- library_names_spec='${libname}`echo ${release} | sed -e 's/[.]/-/g'`${versuffix}.dll'
- sys_lib_search_path_spec=`$CC -print-search-dirs | grep "^libraries:" | sed -e "s/^libraries://" -e "s/;/ /g"`
- ;;
- yes,pw32*)
- library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | sed -e 's/[.]/-/g'`${versuffix}.dll'
-;;
- *)
- library_names_spec='${libname}`echo ${release} | sed -e 's/[.]/-/g'`${versuffix}.dll $libname.lib'
- ;;
- esac
- dynamic_linker='Win32 ld.exe'
- # FIXME: first we should search . and the directory the executable is in
- shlibpath_var=PATH
- lt_cv_dlopen="LoadLibrary"
- lt_cv_dlopen_libs=
- ;;
-
-darwin* | rhapsody*)
- dynamic_linker="$host_os dyld"
- version_type=darwin
- need_lib_prefix=no
- need_version=no
- library_names_spec='${libname}${release}${versuffix}.`test .$module = .yes && echo so || echo dylib` ${libname}${release}${major}.`test .$module = .yes && echo so || echo dylib` ${libname}.`test .$module = .yes && echo so || echo dylib`'
- soname_spec='${libname}${release}${major}.`test .$module = .yes && echo so || echo dylib`'
- shlibpath_overrides_runpath=yes
- shlibpath_var=DYLD_LIBRARY_PATH
- ;;
-
-freebsd1*)
- dynamic_linker=no
- ;;
-
-freebsd*)
- objformat=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout`
- version_type=sunos
- case $objformat in
- elf*)
- library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
- soname_spec='${libname}${release}.so$major'
- need_version=no
- need_lc=no
- need_lib_prefix=no
- ;;
- *)
- library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
- need_version=yes
- ;;
- esac
- shlibpath_var=LD_LIBRARY_PATH
- case $host_os in
- freebsd2*)
- shlibpath_overrides_runpath=yes
- ;;
- *)
- shlibpath_overrides_runpath=no
- hardcode_into_libs=yes
- ;;
- esac
- ;;
-
-gnu*)
- version_type=linux
- need_lib_prefix=no
- need_version=no
- library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so${major} ${libname}.so'
- soname_spec='${libname}${release}.so$major'
- shlibpath_var=LD_LIBRARY_PATH
- hardcode_into_libs=yes
- ;;
-
-hpux9* | hpux10* | hpux11*)
- # Give a soname corresponding to the major version so that dld.sl refuses to
- # link against other versions.
- dynamic_linker="$host_os dld.sl"
- version_type=sunos
- need_lib_prefix=no
- need_version=no
- shlibpath_var=SHLIB_PATH
- shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
- library_names_spec='${libname}${release}.sl$versuffix ${libname}${release}.sl$major $libname.sl'
- soname_spec='${libname}${release}.sl$major'
- # HP-UX runs *really* slowly unless shared libraries are mode 555.
- postinstall_cmds='chmod 555 $lib'
- ;;
-
-irix5* | irix6*)
- version_type=sunos
- need_lib_prefix=no
- need_version=no
- soname_spec='${libname}${release}.so$major'
- library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major ${libname}${release}.so $libname.so'
- case $host_os in
- irix5*)
- libsuff= shlibsuff=
- ;;
- *)
- case $LD in # libtool.m4 will add one of these switches to LD
- *-32|*"-32 ") libsuff= shlibsuff= libmagic=32-bit;;
- *-n32|*"-n32 ") libsuff=32 shlibsuff=N32 libmagic=N32;;
- *-64|*"-64 ") libsuff=64 shlibsuff=64 libmagic=64-bit;;
- *) libsuff= shlibsuff= libmagic=never-match;;
- esac
- ;;
- esac
- shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
- shlibpath_overrides_runpath=no
- sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}"
- sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}"
- ;;
-
-# No shared lib support for Linux oldld, aout, or coff.
-linux-gnuoldld* | linux-gnuaout* | linux-gnucoff*)
- dynamic_linker=no
- ;;
-
-# This must be Linux ELF.
-linux-gnu*)
- version_type=sunos
- need_lib_prefix=no
- need_version=no
- library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
- soname_spec='${libname}${release}.so$major'
- finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=no
- # This implies no fast_install, which is unacceptable.
- # Some rework will be needed to allow for fast_install
- # before this can be enabled.
- hardcode_into_libs=yes
-
- # We used to test for /lib/ld.so.1 and disable shared libraries on
- # powerpc, because MkLinux only supported shared libraries with the
- # GNU dynamic linker. Since this was broken with cross compilers,
- # most powerpc-linux boxes support dynamic linking these days and
- # people can always --disable-shared, the test was removed, and we
- # assume the GNU/Linux dynamic linker is in use.
- dynamic_linker='GNU/Linux ld.so'
- ;;
-
-netbsd*)
- need_lib_prefix=no
- need_version=no
- version_type=sunos
- if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then
- library_names_spec='${libname}${release}.so$versuffix ${libname}.so$versuffix'
- finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
- dynamic_linker='NetBSD (a.out) ld.so'
- else
- library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major ${libname}${release}.so ${libname}.so'
- soname_spec='${libname}${release}.so$major'
- dynamic_linker='NetBSD ld.elf_so'
- fi
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- hardcode_into_libs=yes
- sys_lib_dlsearch_path_spec="/usr/lib"
- sys_lib_search_path_spec="/usr/lib"
- ;;
-
-newsos6)
- version_type=linux
- library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- ;;
-
-openbsd*)
- version_type=sunos
- if test "$with_gnu_ld" = yes; then
- need_lib_prefix=no
- need_version=no
- fi
- library_names_spec='${libname}${release}.so$versuffix ${libname}.so$versuffix'
- finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
- shlibpath_var=LD_LIBRARY_PATH
- ;;
-
-os2*)
- libname_spec='$name'
- need_lib_prefix=no
- library_names_spec='$libname.dll $libname.a'
- dynamic_linker='OS/2 ld.exe'
- shlibpath_var=LIBPATH
- ;;
-
-osf3* | osf4* | osf5*)
- version_type=osf
- need_version=no
- soname_spec='${libname}${release}.so'
- library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so $libname.so'
- shlibpath_var=LD_LIBRARY_PATH
- sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
- sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec"
- ;;
-
-sco3.2v5*)
- version_type=osf
- soname_spec='${libname}${release}.so$major'
- library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
- shlibpath_var=LD_LIBRARY_PATH
- ;;
-
-solaris*)
- version_type=sunos
- need_lib_prefix=no
- need_version=no
- library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
- soname_spec='${libname}${release}.so$major'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- hardcode_into_libs=yes
- # ldd complains unless libraries are executable
- postinstall_cmds='chmod +x $lib'
- ;;
-
-sunos4*)
- version_type=sunos
- library_names_spec='${libname}${release}.so$versuffix ${libname}.so$versuffix'
- finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- if test "$with_gnu_ld" = yes; then
- need_lib_prefix=no
- fi
- need_version=yes
- ;;
-
-sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
- version_type=linux
- library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
- soname_spec='${libname}${release}.so$major'
- shlibpath_var=LD_LIBRARY_PATH
- case $host_vendor in
- motorola)
- need_lib_prefix=no
- need_version=no
- shlibpath_overrides_runpath=no
- sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
- ;;
- esac
- ;;
-
-uts4*)
- version_type=linux
- library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
- soname_spec='${libname}${release}.so$major'
- shlibpath_var=LD_LIBRARY_PATH
- ;;
-
-dgux*)
- version_type=linux
- need_lib_prefix=no
- need_version=no
- library_names_spec='${libname}${release}.so$versuffix ${libname}${release}.so$major $libname.so'
- soname_spec='${libname}${release}.so$major'
- shlibpath_var=LD_LIBRARY_PATH
- ;;
-
-sysv4*MP*)
- if test -d /usr/nec ;then
- version_type=linux
- library_names_spec='$libname.so.$versuffix $libname.so.$major $libname.so'
- soname_spec='$libname.so.$major'
- shlibpath_var=LD_LIBRARY_PATH
- fi
- ;;
-
-*)
- dynamic_linker=no
- ;;
-esac
-echo "$ac_t$dynamic_linker" 1>&6
-test "$dynamic_linker" = no && can_build_shared=no
-
-# Check for command to grab the raw symbol name followed by C symbol from nm.
-echo $ac_n "checking command to parse $NM output... $ac_c" 1>&6
-
-# These are sane defaults that work on at least a few old systems.
-# [They come from Ultrix. What could be older than Ultrix?!! ;)]
-
-# Character class describing NM global symbol codes.
-symcode='[BCDEGRST]'
-
-# Regexp to match symbols that can be accessed directly from C.
-sympat='\([_A-Za-z][_A-Za-z0-9]*\)'
-
-# Transform the above into a raw symbol and a C symbol.
-symxfrm='\1 \2\3 \3'
-
-# Transform an extracted symbol line into a proper C declaration
-global_symbol_to_cdecl="sed -n -e 's/^. .* \(.*\)$/extern char \1;/p'"
-
-# Define system-specific variables.
-case $host_os in
-aix*)
- symcode='[BCDT]'
- ;;
-cygwin* | mingw* | pw32*)
- symcode='[ABCDGISTW]'
- ;;
-hpux*) # Its linker distinguishes data from code symbols
- global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern char \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'"
- ;;
-irix*)
- symcode='[BCDEGRST]'
- ;;
-solaris* | sysv5*)
- symcode='[BDT]'
- ;;
-sysv4)
- symcode='[DFNSTU]'
- ;;
-esac
-
-# Handle CRLF in mingw tool chain
-opt_cr=
-case $host_os in
-mingw*)
- opt_cr=`echo 'x\{0,1\}' | tr x '\015'` # option cr in regexp
- ;;
-esac
-
-# If we're using GNU nm, then use its standard symbol codes.
-if $NM -V 2>&1 | egrep '(GNU|with BFD)' > /dev/null; then
- symcode='[ABCDGISTW]'
-fi
-
-# Try without a prefix undercore, then with it.
-for ac_symprfx in "" "_"; do
-
- # Write the raw and C identifiers.
- global_symbol_pipe="sed -n -e 's/^.*[ ]\($symcode$symcode*\)[ ][ ]*\($ac_symprfx\)$sympat$opt_cr$/$symxfrm/p'"
-
- # Check to see that the pipe works correctly.
- pipe_works=no
- $rm conftest*
- cat > conftest.$ac_ext <<EOF
-#ifdef __cplusplus
-extern "C" {
-#endif
-char nm_test_var;
-void nm_test_func(){}
-#ifdef __cplusplus
-}
-#endif
-int main(){nm_test_var='a';nm_test_func();return(0);}
-EOF
-
- echo "$progname:1433: checking if global_symbol_pipe works" >&5
- if { (eval echo $progname:1434: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; } && test -s conftest.$objext; then
- # Now try to grab the symbols.
- nlist=conftest.nm
- if { echo "$progname:1437: eval \"$NM conftest.$objext | $global_symbol_pipe > $nlist\"" >&5; eval "$NM conftest.$objext | $global_symbol_pipe > $nlist 2>&5"; } && test -s "$nlist"; then
-
- # Try sorting and uniquifying the output.
- if sort "$nlist" | uniq > "$nlist"T; then
- mv -f "$nlist"T "$nlist"
- else
- rm -f "$nlist"T
- fi
-
- # Make sure that we snagged all the symbols we need.
- if egrep ' nm_test_var$' "$nlist" >/dev/null; then
- if egrep ' nm_test_func$' "$nlist" >/dev/null; then
- cat <<EOF > conftest.$ac_ext
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-EOF
- # Now generate the symbol file.
- eval "$global_symbol_to_cdecl"' < "$nlist" >> conftest.$ac_ext'
-
- cat <<EOF >> conftest.$ac_ext
-#if defined (__STDC__) && __STDC__
-# define lt_ptr_t void *
-#else
-# define lt_ptr_t char *
-# define const
-#endif
-
-/* The mapping between symbol names and symbols. */
-const struct {
- const char *name;
- lt_ptr_t address;
-}
-lt_preloaded_symbols[] =
-{
-EOF
- sed "s/^$symcode$symcode* \(.*\) \(.*\)$/ {\"\2\", (lt_ptr_t) \&\2},/" < "$nlist" >> conftest.$ac_ext
- cat <<\EOF >> conftest.$ac_ext
- {0, (lt_ptr_t) 0}
-};
-
-#ifdef __cplusplus
-}
-#endif
-EOF
- # Now try linking the two files.
- mv conftest.$objext conftstm.$objext
- save_LIBS="$LIBS"
- save_CFLAGS="$CFLAGS"
- LIBS="conftstm.$objext"
- CFLAGS="$CFLAGS$no_builtin_flag"
- if { (eval echo $progname:1489: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
- pipe_works=yes
- else
- echo "$progname: failed program was:" >&5
- cat conftest.$ac_ext >&5
- fi
- LIBS="$save_LIBS"
- else
- echo "cannot find nm_test_func in $nlist" >&5
- fi
- else
- echo "cannot find nm_test_var in $nlist" >&5
- fi
- else
- echo "cannot run $global_symbol_pipe" >&5
- fi
- else
- echo "$progname: failed program was:" >&5
- cat conftest.$ac_ext >&5
- fi
- $rm conftest* conftst*
-
- # Do not use the global_symbol_pipe unless it works.
- if test "$pipe_works" = yes; then
- break
- else
- global_symbol_pipe=
- fi
-done
-if test "$pipe_works" = yes; then
- echo "${ac_t}ok" 1>&6
-else
- echo "${ac_t}failed" 1>&6
-fi
-
-if test -z "$global_symbol_pipe"; then
- global_symbol_to_cdecl=
-fi
-
-# Report the final consequences.
-echo "checking if libtool supports shared libraries... $can_build_shared" 1>&6
-
-# Only try to build win32 dlls if AC_LIBTOOL_WIN32_DLL was used in
-# configure.in, otherwise build static only libraries.
-case $host_os in
-cygwin* | mingw* | pw32* | os2*)
- if test x$can_build_shared = xyes; then
- test x$enable_win32_dll = xno && can_build_shared=no
- echo "checking if package supports dlls... $can_build_shared" 1>&6
- fi
-;;
-esac
-
-echo $ac_n "checking whether to build shared libraries... $ac_c" 1>&6
-test "$can_build_shared" = "no" && enable_shared=no
-
-# On AIX, shared libraries and static libraries use the same namespace, and
-# are all built from PIC.
-case $host_os in
-aix3*)
- test "$enable_shared" = yes && enable_static=no
- if test -n "$RANLIB"; then
- archive_cmds="$archive_cmds~\$RANLIB \$lib"
- postinstall_cmds='$RANLIB $lib'
- fi
- ;;
-
-aix4*)
- test "$enable_shared" = yes && enable_static=no
- ;;
-esac
-
-echo "$ac_t$enable_shared" 1>&6
-
-# Make sure either enable_shared or enable_static is yes.
-test "$enable_shared" = yes || enable_static=yes
-
-echo "checking whether to build static libraries... $enable_static" 1>&6
-
-if test "$hardcode_action" = relink; then
- # Fast installation is not supported
- enable_fast_install=no
-elif test "$shlibpath_overrides_runpath" = yes ||
- test "$enable_shared" = no; then
- # Fast installation is not necessary
- enable_fast_install=needless
-fi
-
-variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
-if test "$with_gcc" = yes; then
- variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
-fi
-
-# Check whether we must set pic_mode to default
-test -z "$pic_flag" && pic_mode=default
-
-if test "x$enable_dlopen" != xyes; then
- enable_dlopen=unknown
- enable_dlopen_self=unknown
- enable_dlopen_self_static=unknown
-else
-if test "X${lt_cv_dlopen+set}" != Xset; then
- lt_cv_dlopen=no lt_cv_dlopen_libs=
-echo $ac_n "checking for dlopen in -ldl""... $ac_c" 1>&6
-echo "$progname:1593: checking for dlopen in -ldl" >&5
-if test "X${ac_cv_lib_dl_dlopen+set}" = Xset; then
- echo $ac_n "(cached) $ac_c" 1>&6
-else
- ac_save_LIBS="$LIBS"
-LIBS="-ldl $LIBS"
-cat > conftest.$ac_ext <<EOF
-#line 1600 "ltconfig"
-/* Override any gcc2 internal prototype to avoid an error. */
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
-char dlopen();
-
-int main() {
-dlopen()
-; return 0; }
-EOF
-if { (eval echo $progname:1613: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- ac_cv_lib_dl_dlopen=yes
-else
- echo "$progname: failed program was:" >&5
- cat conftest.$ac_ext >&5
- rm -rf conftest*
- ac_cv_lib_dl_dlopen=no
-fi
-rm -f conftest*
-LIBS="$ac_save_LIBS"
-
-fi
-if test "X$ac_cv_lib_dl_dlopen" = Xyes; then
- echo "$ac_t""yes" 1>&6
- lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"
-else
- echo "$ac_t""no" 1>&6
-echo $ac_n "checking for dlopen""... $ac_c" 1>&6
-echo "$progname:1632: checking for dlopen" >&5
-if test "X${ac_cv_func_dlopen+set}" = Xset; then
- echo $ac_n "(cached) $ac_c" 1>&6
-else
- cat > conftest.$ac_ext <<EOF
-#line 1637 "ltconfig"
-/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char dlopen(); below. */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error. */
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
-char dlopen();
-
-int main() {
-
-/* The GNU C library defines this for functions which it implements
- to always fail with ENOSYS. Some functions are actually named
- something starting with __ and the normal name is an alias. */
-#if defined (__stub_dlopen) || defined (__stub___dlopen)
-choke me
-#else
-dlopen();
-#endif
-
-; return 0; }
-EOF
-if { (eval echo $progname:1662: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- ac_cv_func_dlopen=yes
-else
- echo "$progname: failed program was:" >&5
- cat conftest.$ac_ext >&5
- rm -rf conftest*
- ac_cv_func_dlopen=no
-fi
-rm -f conftest*
-fi
-if test "X$ac_cv_func_dlopen" = Xyes; then
- echo "$ac_t""yes" 1>&6
- lt_cv_dlopen="dlopen"
-else
- echo "$ac_t""no" 1>&6
-echo $ac_n "checking for dlopen in -lsvld""... $ac_c" 1>&6
-echo "$progname:1679: checking for dlopen in -lsvld" >&5
-if test "X${ac_cv_lib_svld_dlopen+set}" = Xset; then
- echo $ac_n "(cached) $ac_c" 1>&6
-else
- ac_save_LIBS="$LIBS"
-LIBS="-lsvld $LIBS"
-cat > conftest.$ac_ext <<EOF
-#line 1686 "ltconfig"
-/* Override any gcc2 internal prototype to avoid an error. */
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
-char dlopen();
-
-int main() {
-dlopen()
-; return 0; }
-EOF
-if { (eval echo $progname:1699: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- ac_cv_lib_svld_dlopen=yes
-else
- echo "$progname: failed program was:" >&5
- cat conftest.$ac_ext >&5
- rm -rf conftest*
- ac_cv_lib_svld_dlopen=no
-fi
-rm -f conftest*
-LIBS="$ac_save_LIBS"
-
-fi
-if test "X$ac_cv_lib_svld_dlopen" = Xyes; then
- echo "$ac_t""yes" 1>&6
- lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld"
-else
- echo "$ac_t""no" 1>&6
-echo $ac_n "checking for dld_link in -ldld""... $ac_c" 1>&6
-echo "$progname:1718: checking for dld_link in -ldld" >&5
-if test "X${ac_cv_lib_dld_dld_link+set}" = Xset; then
- echo $ac_n "(cached) $ac_c" 1>&6
-else
- ac_save_LIBS="$LIBS"
-LIBS="-ldld $LIBS"
-cat > conftest.$ac_ext <<EOF
-#line 1725 "ltconfig"
-/* Override any gcc2 internal prototype to avoid an error. */
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
-char dld_link();
-
-int main() {
-dld_link()
-; return 0; }
-EOF
-if { (eval echo $progname:1738: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- ac_cv_lib_dld_dld_link=yes
-else
- echo "$progname: failed program was:" >&5
- cat conftest.$ac_ext >&5
- rm -rf conftest*
- ac_cv_lib_dld_dld_link=no
-fi
-rm -f conftest*
-LIBS="$ac_save_LIBS"
-
-fi
-if test "X$ac_cv_lib_dld_dld_link" = Xyes; then
- echo "$ac_t""yes" 1>&6
- lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-ldld"
-else
- echo "$ac_t""no" 1>&6
-echo $ac_n "checking for shl_load""... $ac_c" 1>&6
-echo "$progname:1757: checking for shl_load" >&5
-if test "X${ac_cv_func_shl_load+set}" = Xset; then
- echo $ac_n "(cached) $ac_c" 1>&6
-else
- cat > conftest.$ac_ext <<EOF
-#line 1762 "ltconfig"
-/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char shl_load(); below. */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error. */
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
-char shl_load();
-
-int main() {
-
-/* The GNU C library defines this for functions which it implements
- to always fail with ENOSYS. Some functions are actually named
- something starting with __ and the normal name is an alias. */
-#if defined (__stub_shl_load) || defined (__stub___shl_load)
-choke me
-#else
-shl_load();
-#endif
-
-; return 0; }
-EOF
-if { (eval echo $progname:1787: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- ac_cv_func_shl_load=yes
-else
- echo "$progname: failed program was:" >&5
- cat conftest.$ac_ext >&5
- rm -rf conftest*
- ac_cv_func_shl_load=no
-fi
-rm -f conftest*
-fi
-
-if test "X$ac_cv_func_shl_load" = Xyes; then
- echo "$ac_t""yes" 1>&6
- lt_cv_dlopen="shl_load"
-else
- echo "$ac_t""no" 1>&6
-echo $ac_n "checking for shl_load in -ldld""... $ac_c" 1>&6
-echo "$progname:1805: checking for shl_load in -ldld" >&5
-if test "X${ac_cv_lib_dld_shl_load+set}" = Xset; then
- echo $ac_n "(cached) $ac_c" 1>&6
-else
- ac_save_LIBS="$LIBS"
-LIBS="-ldld $LIBS"
-cat > conftest.$ac_ext <<EOF
-#line 1812 "ltconfig"
-#include "confdefs.h"
-/* Override any gcc2 internal prototype to avoid an error. */
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
-char shl_load();
-
-int main() {
-shl_load()
-; return 0; }
-EOF
-if { (eval echo $progname:1826: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- ac_cv_lib_dld_shl_load=yes
-else
- echo "$progname: failed program was:" >&5
- cat conftest.$ac_ext >&5
- rm -rf conftest*
- ac_cv_lib_dld_shl_load=no
-fi
-rm -f conftest*
-LIBS="$ac_save_LIBS"
-
-fi
-if test "X$ac_cv_lib_dld_shl_load" = Xyes; then
- echo "$ac_t""yes" 1>&6
- lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-ldld"
-else
- echo "$ac_t""no" 1>&6
-fi
-
-
-fi
-
-
-fi
-
-
-fi
-
-
-fi
-
-fi
-
-fi
-
- if test "x$lt_cv_dlopen" != xno; then
- enable_dlopen=yes
- else
- enable_dlopen=no
- fi
-
- case $lt_cv_dlopen in
- dlopen)
-for ac_hdr in dlfcn.h; do
-ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
-echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "$progname:1873: checking for $ac_hdr" >&5
-if eval "test \"`echo 'X$''{'ac_cv_header_$ac_safe'+set}'`\" = Xset"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-else
- cat > conftest.$ac_ext <<EOF
-#line 1878 "ltconfig"
-#include <$ac_hdr>
-int fnord = 0;
-int main () { return(0); }
-EOF
-ac_try="$ac_compile >/dev/null 2>conftest.out"
-{ (eval echo $progname:1884: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
-if test -z "$ac_err"; then
- rm -rf conftest*
- eval "ac_cv_header_$ac_safe=yes"
-else
- echo "$ac_err" >&5
- echo "$progname: failed program was:" >&5
- cat conftest.$ac_ext >&5
- rm -rf conftest*
- eval "ac_cv_header_$ac_safe=no"
-fi
-rm -f conftest*
-fi
-if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
- echo "$ac_t""yes" 1>&6
-else
- echo "$ac_t""no" 1>&6
-fi
-done
-
- if test "x$ac_cv_header_dlfcn_h" = xyes; then
- CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
- fi
- eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\"
- LIBS="$lt_cv_dlopen_libs $LIBS"
-
- echo $ac_n "checking whether a program can dlopen itself""... $ac_c" 1>&6
-echo "$progname:1912: checking whether a program can dlopen itself" >&5
-if test "X${lt_cv_dlopen_self+set}" = Xset; then
- echo $ac_n "(cached) $ac_c" 1>&6
-else
- if test "$cross_compiling" = yes; then
- lt_cv_dlopen_self=cross
- else
- cat > conftest.$ac_ext <<EOF
-#line 1920 "ltconfig"
-
-#if HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-
-#include <stdio.h>
-
-#ifdef RTLD_GLOBAL
-# define LTDL_GLOBAL RTLD_GLOBAL
-#else
-# ifdef DL_GLOBAL
-# define LTDL_GLOBAL DL_GLOBAL
-# else
-# define LTDL_GLOBAL 0
-# endif
-#endif
-
-/* We may have to define LTDL_LAZY_OR_NOW in the command line if we
- find out it does not work in some platform. */
-#ifndef LTDL_LAZY_OR_NOW
-# ifdef RTLD_LAZY
-# define LTDL_LAZY_OR_NOW RTLD_LAZY
-# else
-# ifdef DL_LAZY
-# define LTDL_LAZY_OR_NOW DL_LAZY
-# else
-# ifdef RTLD_NOW
-# define LTDL_LAZY_OR_NOW RTLD_NOW
-# else
-# ifdef DL_NOW
-# define LTDL_LAZY_OR_NOW DL_NOW
-# else
-# define LTDL_LAZY_OR_NOW 0
-# endif
-# endif
-# endif
-# endif
-#endif
-
-void fnord() { int i=42; }
-int main() {
- void *self, *ptr1, *ptr2; self=dlopen(0,LTDL_GLOBAL|LTDL_LAZY_OR_NOW);
- if(self) { ptr1=dlsym(self,"fnord"); ptr2=dlsym(self,"_fnord");
- if(ptr1 || ptr2) { dlclose(self); exit(0); } } exit(1); }
-
-EOF
-if { (eval echo $progname:1967: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null
-then
- lt_cv_dlopen_self=yes
-else
- echo "$progname: failed program was:" >&5
- cat conftest.$ac_ext >&5
- rm -fr conftest*
- lt_cv_dlopen_self=no
-fi
-rm -fr conftest*
-fi
-
-fi
-
-echo "$ac_t""$lt_cv_dlopen_self" 1>&6
-
- if test "$lt_cv_dlopen_self" = yes; then
- LDFLAGS="$LDFLAGS $link_static_flag"
- echo $ac_n "checking whether a statically linked program can dlopen itself""... $ac_c" 1>&6
-echo "$progname:1986: checking whether a statically linked program can dlopen itself" >&5
-if test "X${lt_cv_dlopen_self_static+set}" = Xset; then
- echo $ac_n "(cached) $ac_c" 1>&6
-else
- if test "$cross_compiling" = yes; then
- lt_cv_dlopen_self_static=cross
- else
- cat > conftest.$ac_ext <<EOF
-#line 1994 "ltconfig"
-
-#if HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-
-#include <stdio.h>
-
-#ifdef RTLD_GLOBAL
-# define LTDL_GLOBAL RTLD_GLOBAL
-#else
-# ifdef DL_GLOBAL
-# define LTDL_GLOBAL DL_GLOBAL
-# else
-# define LTDL_GLOBAL 0
-# endif
-#endif
-
-/* We may have to define LTDL_LAZY_OR_NOW in the command line if we
- find out it does not work in some platform. */
-#ifndef LTDL_LAZY_OR_NOW
-# ifdef RTLD_LAZY
-# define LTDL_LAZY_OR_NOW RTLD_LAZY
-# else
-# ifdef DL_LAZY
-# define LTDL_LAZY_OR_NOW DL_LAZY
-# else
-# ifdef RTLD_NOW
-# define LTDL_LAZY_OR_NOW RTLD_NOW
-# else
-# ifdef DL_NOW
-# define LTDL_LAZY_OR_NOW DL_NOW
-# else
-# define LTDL_LAZY_OR_NOW 0
-# endif
-# endif
-# endif
-# endif
-#endif
-
-void fnord() { int i=42; }
-int main() {
- void *self, *ptr1, *ptr2; self=dlopen(0,LTDL_GLOBAL|LTDL_LAZY_OR_NOW);
- if(self) { ptr1=dlsym(self,"fnord"); ptr2=dlsym(self,"_fnord");
- if(ptr1 || ptr2) { dlclose(self); exit(0); } } exit(1); }
-
-EOF
-if { (eval echo $progname:2041: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null
-then
- lt_cv_dlopen_self_static=yes
-else
- echo "$progname: failed program was:" >&5
- cat conftest.$ac_ext >&5
- rm -fr conftest*
- lt_cv_dlopen_self_static=no
-fi
-rm -fr conftest*
-fi
-
-fi
-
-echo "$ac_t""$lt_cv_dlopen_self_static" 1>&6
-fi
- ;;
- esac
-
- case $lt_cv_dlopen_self in
- yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;;
- *) enable_dlopen_self=unknown ;;
- esac
-
- case $lt_cv_dlopen_self_static in
- yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;;
- *) enable_dlopen_self_static=unknown ;;
- esac
-fi
-
-# Copy echo and quote the copy, instead of the original, because it is
-# used later.
-ltecho="$echo"
-if test "X$ltecho" = "X$CONFIG_SHELL $0 --fallback-echo"; then
- ltecho="$CONFIG_SHELL \$0 --fallback-echo"
-fi
-LTSHELL="$SHELL"
-
-LTCONFIG_VERSION="$VERSION"
-
-# Only quote variables if we're using ltmain.sh.
-case $ltmain in
-*.sh)
- # Now quote all the things that may contain metacharacters.
- for var in ltecho old_AR old_AR_FLAGS old_CC old_LTCC old_CFLAGS old_CPPFLAGS \
- old_MAGIC_CMD old_LD old_LDFLAGS old_LIBS \
- old_LN_S old_NM old_RANLIB old_STRIP \
- old_AS old_DLLTOOL old_OBJDUMP \
- old_OBJEXT old_EXEEXT old_reload_flag \
- old_deplibs_check_method old_file_magic_cmd \
- AR AR_FLAGS CC LTCC LD LN_S NM LTSHELL LTCONFIG_VERSION \
- reload_flag reload_cmds wl \
- pic_flag link_static_flag no_builtin_flag export_dynamic_flag_spec \
- thread_safe_flag_spec whole_archive_flag_spec libname_spec \
- library_names_spec soname_spec \
- RANLIB old_archive_cmds old_archive_from_new_cmds old_postinstall_cmds \
- old_postuninstall_cmds archive_cmds archive_expsym_cmds postinstall_cmds \
- postuninstall_cmds extract_expsyms_cmds old_archive_from_expsyms_cmds \
- predep_objects postdep_objects predeps postdeps compiler_lib_search_path \
- old_striplib striplib file_magic_cmd export_symbols_cmds \
- deplibs_check_method allow_undefined_flag no_undefined_flag \
- finish_cmds finish_eval global_symbol_pipe global_symbol_to_cdecl \
- hardcode_libdir_flag_spec hardcode_libdir_separator \
- sys_lib_search_path_spec sys_lib_dlsearch_path_spec \
- compiler_c_o need_locks exclude_expsyms include_expsyms; do
-
- case $var in
- reload_cmds | old_archive_cmds | old_archive_from_new_cmds | \
- old_postinstall_cmds | old_postuninstall_cmds | \
- export_symbols_cmds | archive_cmds | archive_expsym_cmds | \
- extract_expsyms_cmds | old_archive_from_expsyms_cmds | \
- postinstall_cmds | postuninstall_cmds | \
- finish_cmds | sys_lib_search_path_spec | sys_lib_dlsearch_path_spec)
- # Double-quote double-evaled strings.
- eval "$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$double_quote_subst\" -e \"\$sed_quote_subst\" -e \"\$delay_variable_subst\"\`\\\"" ### testsuite: skip nested quoting test
- ;;
- *)
- eval "$var=\\\"\`\$echo \"X\$$var\" | \$Xsed -e \"\$sed_quote_subst\"\`\\\"" ### testsuite: skip nested quoting test
- ;;
- esac
- done
-
- case $ltecho in
- *'\$0 --fallback-echo"')
- ltecho=`$echo "X$ltecho" | $Xsed -e 's/\\\\\\\$0 --fallback-echo"$/$0 --fallback-echo"/'`
- ;;
- esac
-
- if test -z "$tagname"; then
- trap "$rm \"$ofile\"; exit 1" 1 2 15
- echo "creating $ofile"
- $rm "$ofile"
- cat <<EOF > "$ofile"
-#! $SHELL
-
-# `$echo "$ofile" | sed 's%^.*/%%'` - Provide generalized library-building support services.
-# Generated automatically by $PROGRAM (GNU $PACKAGE $VERSION$TIMESTAMP)
-# NOTE: Changes made to this file will be lost: look at ltconfig or ltmain.sh.
-#
-# Copyright (C) 1996-2000 Free Software Foundation, Inc.
-# Originally by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-# General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-#
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
-
-# Sed that helps us avoid accidentally triggering echo(1) options like -n.
-Xsed="sed -e s/^X//"
-
-# The HP-UX ksh and POSIX shell print the target directory to stdout
-# if CDPATH is set.
-if test "X\${CDPATH+set}" = Xset; then CDPATH=:; export CDPATH; fi
-
-# The names of the tagged configurations supported by this script.
-available_tags=
-
-### BEGIN LIBTOOL CONFIG
-EOF
- else
- echo "appending configuration tag \"$tagname\" to $ofile"
- echo "### BEGIN LIBTOOL TAG CONFIG: $tagname" >> "$ofile"
- fi
- cfgfile="$ofile"
- ;;
-
-*)
- # Double-quote the variables that need it (for aesthetics).
- for var in old_AR old_AR_FLAGS old_CC old_LTCC old_CFLAGS old_CPPFLAGS \
- old_MAGIC_CMD old_LD old_LDFLAGS old_LIBS \
- old_LN_S old_NM old_RANLIB old_STRIP \
- old_AS old_DLLTOOL old_OBJDUMP \
- old_OBJEXT old_EXEEXT old_reload_flag \
- old_deplibs_check_method old_file_magic_cmd; do
- eval "$var=\\\"\$var\\\""
- done
-
- # Just create a config file.
- cfgfile="$ofile.cfg"
- if test -z "$tagname"; then
- trap "$rm \"$cfgfile\"; exit 1" 1 2 15
- echo "creating $cfgfile"
- $rm "$cfgfile"
- cat <<EOF > "$cfgfile"
-# `$echo "$cfgfile" | sed 's%^.*/%%'` - Libtool configuration file.
-# Generated automatically by $PROGRAM (GNU $PACKAGE $VERSION$TIMESTAMP)
-
-### BEGIN LIBTOOL CONFIG
-EOF
- else
- echo "appending to $cfgfile"
- echo "### BEGIN LIBTOOL TAG CONFIG: $tagname" >> "$ofile"
- fi
- ;;
-esac
-
-cat <<EOF >> "$cfgfile"
-# Libtool was configured as follows, on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
-#
-# AR=$old_AR AR_FLAGS=$old_AR_FLAGS LTCC=$old_LTCC CC=$old_CC \\
-# CFLAGS=$old_CFLAGS CPPFLAGS=$old_CPPFLAGS \\
-# MAGIC_CMD=$old_MAGIC_CMD LD=$old_LD LDFLAGS=$old_LDFLAGS LIBS=$old_LIBS \\
-# LN_S=$old_LN_S NM=$old_NM RANLIB=$old_RANLIB STRIP=$old_STRIP \\
-# AS=$old_AS DLLTOOL=$old_DLLTOOL OBJDUMP=$old_OBJDUMP \\
-# objext=$old_OBJEXT exeext=$old_EXEEXT reload_flag=$old_reload_flag \\
-# deplibs_check_method=$old_deplibs_check_method \\
-# file_magic_cmd=$old_file_magic_cmd \\
-# $0$ltconfig_args
-#
-# Compiler and other test output produced by $progname, useful for
-# debugging $progname, is in ./config.log if it exists.
-
-# The version of $progname that generated this script.
-LTCONFIG_VERSION=$LTCONFIG_VERSION
-
-# Shell to use when invoking shell scripts.
-SHELL=$LTSHELL
-
-# Whether or not to build shared libraries.
-build_libtool_libs=$enable_shared
-
-# Whether or not to add -lc for building shared libraries.
-build_libtool_need_lc=$need_lc
-
-# Whether or not to build static libraries.
-build_old_libs=$enable_static
-
-# Whether or not to optimize for fast installation.
-fast_install=$enable_fast_install
-
-# The host system.
-host_alias=$host_alias
-host=$host
-
-# An echo program that does not interpret backslashes.
-echo=$ltecho
-
-# The archiver.
-AR=$AR
-AR_FLAGS=$AR_FLAGS
-
-# A C compiler.
-LTCC=$LTCC
-
-# A language-specific compiler.
-CC=$CC
-
-# Is the compiler the GNU C compiler?
-with_gcc=$with_gcc
-
-# The linker used to build libraries.
-LD=$LD
-
-# Whether we need hard or soft links.
-LN_S=$LN_S
-
-# A BSD-compatible nm program.
-NM=$NM
-
-# A symbol stripping program
-STRIP=$STRIP
-
-# Used to examine libraries when file_magic_cmd begins "file"
-MAGIC_CMD=$MAGIC_CMD
-
-# Used on cygwin: DLL creation program.
-DLLTOOL="$DLLTOOL"
-
-# Used on cygwin: object dumper.
-OBJDUMP="$OBJDUMP"
-
-# Used on cygwin: assembler.
-AS="$AS"
-
-# The name of the directory that contains temporary libtool files.
-objdir=$objdir
-
-# How to create reloadable object files.
-reload_flag=$reload_flag
-reload_cmds=$reload_cmds
-
-# How to pass a linker flag through the compiler.
-wl=$wl
-
-# Object file suffix (normally "o").
-objext="$objext"
-
-# Old archive suffix (normally "a").
-libext="$libext"
-
-# Executable file suffix (normally "").
-exeext="$exeext"
-
-# Additional compiler flags for building library objects.
-pic_flag=$pic_flag
-pic_mode=$pic_mode
-
-# What is the maximum length of a command?
-max_cmd_len=$max_cmd_len
-
-# Does compiler simultaneously support -c and -o options?
-compiler_c_o=$compiler_c_o
-
-# Must we lock files when doing compilation ?
-need_locks=$need_locks
-
-# Do we need the lib prefix for modules?
-need_lib_prefix=$need_lib_prefix
-
-# Do we need a version for libraries?
-need_version=$need_version
-
-# Whether dlopen is supported.
-dlopen_support=$enable_dlopen
-
-# Whether dlopen of programs is supported.
-dlopen_self=$enable_dlopen_self
-
-# Whether dlopen of statically linked programs is supported.
-dlopen_self_static=$enable_dlopen_self_static
-
-# Compiler flag to prevent dynamic linking.
-link_static_flag=$link_static_flag
-
-# Compiler flag to turn off builtin functions.
-no_builtin_flag=$no_builtin_flag
-
-# Compiler flag to allow reflexive dlopens.
-export_dynamic_flag_spec=$export_dynamic_flag_spec
-
-# Compiler flag to generate shared objects directly from archives.
-whole_archive_flag_spec=$whole_archive_flag_spec
-
-# Compiler flag to generate thread-safe objects.
-thread_safe_flag_spec=$thread_safe_flag_spec
-
-# Library versioning type.
-version_type=$version_type
-
-# Format of library name prefix.
-libname_spec=$libname_spec
-
-# List of archive names. First name is the real one, the rest are links.
-# The last name is the one that the linker finds with -lNAME.
-library_names_spec=$library_names_spec
-
-# The coded name of the library, if different from the real name.
-soname_spec=$soname_spec
-
-# Commands used to build and install an old-style archive.
-RANLIB=$RANLIB
-old_archive_cmds=$old_archive_cmds
-old_postinstall_cmds=$old_postinstall_cmds
-old_postuninstall_cmds=$old_postuninstall_cmds
-
-# Create an old-style archive from a shared archive.
-old_archive_from_new_cmds=$old_archive_from_new_cmds
-
-# Create a temporary old-style archive to link instead of a shared archive.
-old_archive_from_expsyms_cmds=$old_archive_from_expsyms_cmds
-
-# Commands used to build and install a shared archive.
-archive_cmds=$archive_cmds
-archive_expsym_cmds=$archive_expsym_cmds
-postinstall_cmds=$postinstall_cmds
-postuninstall_cmds=$postuninstall_cmds
-
-# Commands to strip libraries.
-old_striplib=$old_striplib
-striplib=$striplib
-
-# Dependencies to place before the objects being linked to create a
-# shared library.
-predep_objects=$predep_objects
-
-# Dependencies to place after the objects being linked to create a
-# shared library.
-postdep_objects=$postdep_objects
-
-# Dependencies to place before the objects being linked to create a
-# shared library.
-predeps=$predeps
-
-# Dependencies to place after the objects being linked to create a
-# shared library.
-postdeps=$postdeps
-
-# The library search path used internally by the compiler when linking
-# a shared library.
-compiler_lib_search_path=$compiler_lib_search_path
-
-# Method to check whether dependent libraries are shared objects.
-deplibs_check_method=$deplibs_check_method
-
-# Command to use when deplibs_check_method == file_magic.
-file_magic_cmd=$file_magic_cmd
-
-# Flag that allows shared libraries with undefined symbols to be built.
-allow_undefined_flag=$allow_undefined_flag
-
-# Flag that forces no undefined symbols.
-no_undefined_flag=$no_undefined_flag
-
-# Commands used to finish a libtool library installation in a directory.
-finish_cmds=$finish_cmds
-
-# Same as above, but a single script fragment to be evaled but not shown.
-finish_eval=$finish_eval
-
-# Take the output of nm and produce a listing of raw symbols and C names.
-global_symbol_pipe=$global_symbol_pipe
-
-# Transform the output of nm in a proper C declaration
-global_symbol_to_cdecl=$global_symbol_to_cdecl
-
-# This is the shared library runtime path variable.
-runpath_var=$runpath_var
-
-# This is the shared library path variable.
-shlibpath_var=$shlibpath_var
-
-# Is shlibpath searched before the hard-coded library search path?
-shlibpath_overrides_runpath=$shlibpath_overrides_runpath
-
-# How to hardcode a shared library path into an executable.
-hardcode_action=$hardcode_action
-
-# Whether we should hardcode library paths into libraries.
-hardcode_into_libs=$hardcode_into_libs
-
-# Flag to hardcode \$libdir into a binary during linking.
-# This must work even if \$libdir does not exist.
-hardcode_libdir_flag_spec=$hardcode_libdir_flag_spec
-
-# Whether we need a single -rpath flag with a separated argument.
-hardcode_libdir_separator=$hardcode_libdir_separator
-
-# Set to yes if using DIR/libNAME.so during linking hardcodes DIR into the
-# resulting binary.
-hardcode_direct=$hardcode_direct
-
-# Set to yes if using the -LDIR flag during linking hardcodes DIR into the
-# resulting binary.
-hardcode_minus_L=$hardcode_minus_L
-
-# Set to yes if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into
-# the resulting binary.
-hardcode_shlibpath_var=$hardcode_shlibpath_var
-
-# Variables whose values should be saved in libtool wrapper scripts and
-# restored at relink time.
-variables_saved_for_relink="$variables_saved_for_relink"
-
-# Whether libtool must link a program against all its dependency libraries.
-link_all_deplibs=$link_all_deplibs
-
-# Compile-time system search path for libraries
-sys_lib_search_path_spec=$sys_lib_search_path_spec
-
-# Run-time system search path for libraries
-sys_lib_dlsearch_path_spec=$sys_lib_dlsearch_path_spec
-
-# Fix the shell variable \$srcfile for the compiler.
-fix_srcfile_path="$fix_srcfile_path"
-
-# Set to yes if exported symbols are required.
-always_export_symbols=$always_export_symbols
-
-# The commands to list exported symbols.
-export_symbols_cmds=$export_symbols_cmds
-
-# The commands to extract the exported symbol list from a shared archive.
-extract_expsyms_cmds=$extract_expsyms_cmds
-
-# Symbols that should not be listed in the preloaded symbols.
-exclude_expsyms=$exclude_expsyms
-
-# Symbols that must always be exported.
-include_expsyms=$include_expsyms
-
-EOF
-
-if test -z "$tagname"; then
- echo '### END LIBTOOL CONFIG' >> "$ofile"
-else
- echo "### END LIBTOOL TAG CONFIG: $tagname" >> "$ofile"
-fi
-
-case $ltmain in
-*.sh)
- echo >> "$ofile"
- if test -z "$tagname"; then
- case $host_os in
- aix3*)
- cat <<\EOF >> "$ofile"
-
-# AIX sometimes has problems with the GCC collect2 program. For some
-# reason, if we set the COLLECT_NAMES environment variable, the problems
-# vanish in a puff of smoke.
-if test "X${COLLECT_NAMES+set}" != Xset; then
- COLLECT_NAMES=
- export COLLECT_NAMES
-fi
-EOF
- ;;
- esac
- case $host in
- *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2*)
- cat <<'EOF' >> "$ofile"
- # This is a source program that is used to create dlls on Windows
- # Don't remove nor modify the starting and closing comments
-# /* ltdll.c starts here */
-# #define WIN32_LEAN_AND_MEAN
-# #include <windows.h>
-# #undef WIN32_LEAN_AND_MEAN
-# #include <stdio.h>
-#
-# #ifndef __CYGWIN__
-# # ifdef __CYGWIN32__
-# # define __CYGWIN__ __CYGWIN32__
-# # endif
-# #endif
-#
-# #ifdef __cplusplus
-# extern "C" {
-# #endif
-# BOOL APIENTRY DllMain (HINSTANCE hInst, DWORD reason, LPVOID reserved);
-# #ifdef __cplusplus
-# }
-# #endif
-#
-# #ifdef __CYGWIN__
-# #include <cygwin/cygwin_dll.h>
-# DECLARE_CYGWIN_DLL( DllMain );
-# #endif
-# HINSTANCE __hDllInstance_base;
-#
-# BOOL APIENTRY
-# DllMain (HINSTANCE hInst, DWORD reason, LPVOID reserved)
-# {
-# __hDllInstance_base = hInst;
-# return TRUE;
-# }
-# /* ltdll.c ends here */
- # This is a source program that is used to create import libraries
- # on Windows for dlls which lack them. Don't remove nor modify the
- # starting and closing comments
-# /* impgen.c starts here */
-# /* Copyright (C) 1999-2000 Free Software Foundation, Inc.
-#
-# This file is part of GNU libtool.
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-# */
-#
-# #include <stdio.h> /* for printf() */
-# #include <unistd.h> /* for open(), lseek(), read() */
-# #include <fcntl.h> /* for O_RDONLY, O_BINARY */
-# #include <string.h> /* for strdup() */
-#
-# /* O_BINARY isn't required (or even defined sometimes) under Unix */
-# #ifndef O_BINARY
-# #define O_BINARY 0
-# #endif
-#
-# static unsigned int
-# pe_get16 (fd, offset)
-# int fd;
-# int offset;
-# {
-# unsigned char b[2];
-# lseek (fd, offset, SEEK_SET);
-# read (fd, b, 2);
-# return b[0] + (b[1]<<8);
-# }
-#
-# static unsigned int
-# pe_get32 (fd, offset)
-# int fd;
-# int offset;
-# {
-# unsigned char b[4];
-# lseek (fd, offset, SEEK_SET);
-# read (fd, b, 4);
-# return b[0] + (b[1]<<8) + (b[2]<<16) + (b[3]<<24);
-# }
-#
-# static unsigned int
-# pe_as32 (ptr)
-# void *ptr;
-# {
-# unsigned char *b = ptr;
-# return b[0] + (b[1]<<8) + (b[2]<<16) + (b[3]<<24);
-# }
-#
-# int
-# main (argc, argv)
-# int argc;
-# char *argv[];
-# {
-# int dll;
-# unsigned long pe_header_offset, opthdr_ofs, num_entries, i;
-# unsigned long export_rva, export_size, nsections, secptr, expptr;
-# unsigned long name_rvas, nexp;
-# unsigned char *expdata, *erva;
-# char *filename, *dll_name;
-#
-# filename = argv[1];
-#
-# dll = open(filename, O_RDONLY|O_BINARY);
-# if (dll < 1)
-# return 1;
-#
-# dll_name = filename;
-#
-# for (i=0; filename[i]; i++)
-# if (filename[i] == '/' || filename[i] == '\\' || filename[i] == ':')
-# dll_name = filename + i +1;
-#
-# pe_header_offset = pe_get32 (dll, 0x3c);
-# opthdr_ofs = pe_header_offset + 4 + 20;
-# num_entries = pe_get32 (dll, opthdr_ofs + 92);
-#
-# if (num_entries < 1) /* no exports */
-# return 1;
-#
-# export_rva = pe_get32 (dll, opthdr_ofs + 96);
-# export_size = pe_get32 (dll, opthdr_ofs + 100);
-# nsections = pe_get16 (dll, pe_header_offset + 4 +2);
-# secptr = (pe_header_offset + 4 + 20 +
-# pe_get16 (dll, pe_header_offset + 4 + 16));
-#
-# expptr = 0;
-# for (i = 0; i < nsections; i++)
-# {
-# char sname[8];
-# unsigned long secptr1 = secptr + 40 * i;
-# unsigned long vaddr = pe_get32 (dll, secptr1 + 12);
-# unsigned long vsize = pe_get32 (dll, secptr1 + 16);
-# unsigned long fptr = pe_get32 (dll, secptr1 + 20);
-# lseek(dll, secptr1, SEEK_SET);
-# read(dll, sname, 8);
-# if (vaddr <= export_rva && vaddr+vsize > export_rva)
-# {
-# expptr = fptr + (export_rva - vaddr);
-# if (export_rva + export_size > vaddr + vsize)
-# export_size = vsize - (export_rva - vaddr);
-# break;
-# }
-# }
-#
-# expdata = (unsigned char*)malloc(export_size);
-# lseek (dll, expptr, SEEK_SET);
-# read (dll, expdata, export_size);
-# erva = expdata - export_rva;
-#
-# nexp = pe_as32 (expdata+24);
-# name_rvas = pe_as32 (expdata+32);
-#
-# printf ("EXPORTS\n");
-# for (i = 0; i<nexp; i++)
-# {
-# unsigned long name_rva = pe_as32 (erva+name_rvas+i*4);
-# printf ("\t%s @ %ld ;\n", erva+name_rva, 1+ i);
-# }
-#
-# return 0;
-# }
-# /* impgen.c ends here */
-
-EOF
- ;;
- esac
-
-
- # Append the ltmain.sh script.
- sed '$q' "$ltmain" >> "$ofile" || (rm -f "$ofile"; exit 1)
- # We use sed instead of cat because bash on DJGPP gets confused if
- # if finds mixed CR/LF and LF-only lines. Since sed operates in
- # text mode, it properly converts lines to CR/LF. This bash problem
- # is reportedly fixed, but why not run on old versions too?
-
- chmod +x "$ofile"
- fi
- ;;
-
-*)
- # Compile the libtool program.
- echo "FIXME: would compile $ltmain"
- ;;
-esac
-
-# Update the list of available tags.
-if test -n "$tagname"; then
-
- # Extract list of available tagged configurations in $ofile.
- # Note that this assumes the entire list is on one line.
- available_tags=`grep "^available_tags=" $ofile | sed -e 's/available_tags=\(.*$\)/\1/' -e 's/\"//g'`
-
- # Append the new tag name to the list of available tags.
- available_tags="$available_tags $tagname"
-
- # Now substitute the updated of available tags.
- if eval "sed -e 's/^available_tags=.*\$/available_tags=\"$available_tags\"/' ${ofile} > ${ofile}.new"; then
- mv ${ofile}.new ${ofile}
- chmod +x "$ofile"
- else
- rm -f ${ofile}.new
- echo "$progname: unable to update list of available tagged configurations."
- exit 1
- fi
-fi
-
-# Don't cache tagged configuration!
-test -n "$cache_file" && test -z "$tagname" || exit 0
-
-# AC_CACHE_SAVE
-trap '' 1 2 15
-cat > confcache <<\EOF
-# This file is a shell script that caches the results of configure
-# tests run on this system so they can be shared between configure
-# scripts and configure runs. It is not useful on other systems.
-# If it contains results you don't want to keep, you may remove or edit it.
-#
-# By default, configure uses ./config.cache as the cache file,
-# creating it if it does not exist already. You can give configure
-# the --cache-file=FILE option to use a different cache file; that is
-# what configure does when it calls configure scripts in
-# subdirectories, so they share the cache.
-# Giving --cache-file=/dev/null disables caching, for debugging configure.
-# config.status only pays attention to the cache file if you give it the
-# --recheck option to rerun configure.
-#
-EOF
-# The following way of writing the cache mishandles newlines in values,
-# but we know of no workaround that is simple, portable, and efficient.
-# So, don't put newlines in cache variables' values.
-# Ultrix sh set writes to stderr and can't be redirected directly,
-# and sets the high bit in the cache file unless we assign to the vars.
-(set) 2>&1 |
- case `(ac_space=' '; set | grep ac_space) 2>&1` in
- *ac_space=\ *)
- # `set' does not quote correctly, so add quotes (double-quote substitution
- # turns \\\\ into \\, and sed turns \\ into \).
- sed -n \
- -e "s/'/'\\\\''/g" \
- -e "s/^\\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\\)=\\(.*\\)/\\1=\${\\1='\\2'}/p"
- ;;
- *)
- # `set' quotes correctly as required by POSIX, so do not add quotes.
- sed -n -e 's/^\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\)=\(.*\)/\1=${\1=\2}/p'
- ;;
- esac >> confcache
-if cmp -s $cache_file confcache; then
- :
-else
- if test -w $cache_file; then
- echo "updating cache $cache_file"
- cat confcache > $cache_file
- else
- echo "not updating unwritable cache $cache_file"
- fi
-fi
-rm -f confcache
-
-exit 0
-
-# Local Variables:
-# mode:shell-script
-# sh-indentation:2
-# End:
diff --git a/crypto/heimdal/mkinstalldirs b/crypto/heimdal/mkinstalldirs
deleted file mode 100755
index 6fbe5e117629..000000000000
--- a/crypto/heimdal/mkinstalldirs
+++ /dev/null
@@ -1,150 +0,0 @@
-#! /bin/sh
-# mkinstalldirs --- make directory hierarchy
-
-scriptversion=2004-02-15.20
-
-# Original author: Noah Friedman <friedman@prep.ai.mit.edu>
-# Created: 1993-05-16
-# Public domain.
-#
-# This file is maintained in Automake, please report
-# bugs to <bug-automake@gnu.org> or send patches to
-# <automake-patches@gnu.org>.
-
-errstatus=0
-dirmode=""
-
-usage="\
-Usage: mkinstalldirs [-h] [--help] [--version] [-m MODE] DIR ...
-
-Create each directory DIR (with mode MODE, if specified), including all
-leading file name components.
-
-Report bugs to <bug-automake@gnu.org>."
-
-# process command line arguments
-while test $# -gt 0 ; do
- case $1 in
- -h | --help | --h*) # -h for help
- echo "$usage"
- exit 0
- ;;
- -m) # -m PERM arg
- shift
- test $# -eq 0 && { echo "$usage" 1>&2; exit 1; }
- dirmode=$1
- shift
- ;;
- --version)
- echo "$0 $scriptversion"
- exit 0
- ;;
- --) # stop option processing
- shift
- break
- ;;
- -*) # unknown option
- echo "$usage" 1>&2
- exit 1
- ;;
- *) # first non-opt arg
- break
- ;;
- esac
-done
-
-for file
-do
- if test -d "$file"; then
- shift
- else
- break
- fi
-done
-
-case $# in
- 0) exit 0 ;;
-esac
-
-# Solaris 8's mkdir -p isn't thread-safe. If you mkdir -p a/b and
-# mkdir -p a/c at the same time, both will detect that a is missing,
-# one will create a, then the other will try to create a and die with
-# a "File exists" error. This is a problem when calling mkinstalldirs
-# from a parallel make. We use --version in the probe to restrict
-# ourselves to GNU mkdir, which is thread-safe.
-case $dirmode in
- '')
- if mkdir -p --version . >/dev/null 2>&1 && test ! -d ./--version; then
- echo "mkdir -p -- $*"
- exec mkdir -p -- "$@"
- else
- # On NextStep and OpenStep, the `mkdir' command does not
- # recognize any option. It will interpret all options as
- # directories to create, and then abort because `.' already
- # exists.
- test -d ./-p && rmdir ./-p
- test -d ./--version && rmdir ./--version
- fi
- ;;
- *)
- if mkdir -m "$dirmode" -p --version . >/dev/null 2>&1 &&
- test ! -d ./--version; then
- echo "mkdir -m $dirmode -p -- $*"
- exec mkdir -m "$dirmode" -p -- "$@"
- else
- # Clean up after NextStep and OpenStep mkdir.
- for d in ./-m ./-p ./--version "./$dirmode";
- do
- test -d $d && rmdir $d
- done
- fi
- ;;
-esac
-
-for file
-do
- set fnord `echo ":$file" | sed -ne 's/^:\//#/;s/^://;s/\// /g;s/^#/\//;p'`
- shift
-
- pathcomp=
- for d
- do
- pathcomp="$pathcomp$d"
- case $pathcomp in
- -*) pathcomp=./$pathcomp ;;
- esac
-
- if test ! -d "$pathcomp"; then
- echo "mkdir $pathcomp"
-
- mkdir "$pathcomp" || lasterr=$?
-
- if test ! -d "$pathcomp"; then
- errstatus=$lasterr
- else
- if test ! -z "$dirmode"; then
- echo "chmod $dirmode $pathcomp"
- lasterr=""
- chmod "$dirmode" "$pathcomp" || lasterr=$?
-
- if test ! -z "$lasterr"; then
- errstatus=$lasterr
- fi
- fi
- fi
- fi
-
- pathcomp="$pathcomp/"
- done
-done
-
-exit $errstatus
-
-# Local Variables:
-# mode: shell-script
-# sh-indentation: 2
-# eval: (add-hook 'write-file-hooks 'time-stamp)
-# time-stamp-start: "scriptversion="
-# time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-end: "$"
-# End:
diff --git a/crypto/heimdal/tools/build.sh b/crypto/heimdal/tools/build.sh
deleted file mode 100755
index fad860836dbb..000000000000
--- a/crypto/heimdal/tools/build.sh
+++ /dev/null
@@ -1,212 +0,0 @@
-#!/bin/sh
-#
-# Build many combinations of kth-krb/heimdal/openssl
-#
-# $Id: build.sh,v 1.8 2003/04/17 12:55:02 lha Exp $
-
-opt_n= #:
-make_f= #-j
-
-heimdal_versions="0.5.2 0.6pre4"
-krb4_versions="1.2.2"
-openssl_versions="0.9.6i 0.9.7a 0.9.7b"
-
-make_check_version=".*heimdal-0.6.*"
-
-# 0.5 dont eat 0.9.7
-dont_build="openssl-0.9.7.*heimdal-0.5.*"
-# 1.2 dont eat 0.9.7
-dont_build="openssl-0.9.7.*krb4-1.2.* ${dont_build}"
-#yacc problems
-dont_build="openssl-0.9.6.*heimdal-0.5.*osf4.* ${dont_build}"
-#local openssl 09.7 and broken kuser/Makefile.am
-dont_build="openssl-0.9.6.*heimdal-0.5.*freebsd4.8.* ${dont_build}"
-failed=
-
-# Allow override
-for a in $HOME . /etc ; do
- [ -f $a/.heimdal-build ] && . $a/.heimdal-build
-done
-
-targetdir=${targetdir:-/scratch/heimdal-test}
-logfile="${targetdir}/buildlog"
-
-distdirs="${distdirs} /afs/su.se/home/l/h/lha/Public/openssl"
-distdirs="${distdirs} /afs/pdc.kth.se/public/ftp/pub/heimdal/src"
-distdirs="${distdirs} /afs/pdc.kth.se/public/ftp/pub/heimdal/src/snapshots"
-distdirs="${distdirs} /afs/pdc.kth.se/public/ftp/pub/krb/src"
-
-
-logprint () {
- d=`date '+%Y-%m-%d %H:%M:%S'`
- echo "${d}: $*"
- echo "${d}: --- $*" >> ${logfile}
-}
-
-logerror () {
- echo "$*"
- exit 1
-}
-
-find_unzip_prog () {
- unzip_prog=
- oldIFS="$IFS"
- IFS=:
- set -- $PATH
- IFS="$oldIFS"
- for a in $* ; do
- if [ -x $a/gzip ] ; then
- unzip_prog="$a/gzip -dc"
- break
- elif [ -x $a/gunzip ] ; then
- unzip_prog="$a/gunzip -c"
- break
- fi
- done
- [ "$unzip_prog" = "" ] && logerror failed to find unzip program
-}
-
-find_canon_name () {
- canon_name=
- for a in ${distdirs} ; do
- if [ -f $a/config.guess ] ; then
- canon_name=`$a/config.guess`
- fi
- if [ "${canon_name}" != "" ] ; then
- break
- fi
- done
- [ "${canon_name}" = "" ] && logerror "cant find config.guess"
-}
-
-do_check_p () {
- eval check_var=\$"$1"
- for a in ${check_var} ; do
- expr "$2${canon_name}" : "${a}" > /dev/null 2>&1 && return 1
- done
- return 0
-}
-
-unpack_tar () {
- for a in ${distdirs} ; do
- if [ -f $a/$1 ] ; then
- ${opt_n} ${unzip_prog} ${a}/$1 | ${opt_n} tar xf -
- return 0
- fi
- done
- logerror "did not find $1"
-}
-
-build () {
- real_ver=$1
- prog=$2
- ver=$3
- confprog=$4
- checks=$5
- pv=${prog}-${ver}
- mkdir tmp || logerror "failed to build tmpdir"
- cd tmp || logerror "failed to change dir to tmpdir"
- do_check_p dont_build ${real_ver} || \
- { cd .. ; rmdir tmp ; logprint "not building $1" && return 0 ; }
- cd .. || logerror "failed to change back from tmpdir"
- rmdir tmp || logerror "failed to remove tmpdir"
- logprint "preparing for ${pv}"
- ${opt_n} rm -rf ${targetdir}/${prog}-${ver}
- ${opt_n} rm -rf ${prog}-${ver}
- unpack_tar ${pv}.tar.gz
- ${opt_n} cd ${pv} || logerror directory ${pv} not there
- logprint "configure ${prog} ${ver} (${confprog})"
- ${opt_n} ./${confprog} \
- --prefix=${targetdir}/${pv} >> ${logfile} 2>&1 || \
- { logprint failed to configure ${pv} ; return 1 ; }
- logprint "make ${prog} ${ver}"
- ${opt_n} make ${make_f} >> ${logfile} 2>&1 || \
- { logprint failed to make ${pv} ; return 1 ; }
- ${opt_n} make install >> ${logfile} 2>&1 || \
- { logprint failed to install ${pv} ; return 1 ; }
- do_check_p make_check_version ${real_ver} || \
- { ${opt_n} make check >> ${logfile} 2>&1 || return 1 ; }
- ${opt_n} cd ..
- [ "${checks}" != "" ] && ${opt_n} ${checks} >> ${logfile} 2>&1
- return 0
-}
-
-find_canon_name
-
-logprint using host `hostname`
-logprint `uname -a`
-logprint canonical name ${canon_name}
-
-logprint clearing logfile
-> ${logfile}
-
-find_unzip_prog
-
-logprint using target dir ${targetdir}
-mkdir -p ${targetdir}/src
-cd ${targetdir}/src || exit 1
-rm -rf heimdal* openssl* krb4*
-
-logprint === building openssl versions
-for vo in ${openssl_versions} ; do
- build openssl-${vo} openssl $vo config
-done
-
-wssl="--with-openssl=${targetdir}/openssl"
-wssli="--with-openssl-include=${targetdir}/openssl" #this is a hack for broken heimdal 0.5.x autoconf test
-wossl="--without-openssl"
-wk4c="--with-krb4-config=${targetdir}/krb4"
-bk4c="/bin/krb4-config"
-wok4="--without-krb4"
-
-logprint === building heimdal w/o krb4 versions
-for vo in ${openssl_versions} ; do
- for vh in ${heimdal_versions} ; do
- v="openssl-${vo}-heimdal-${vh}"
- build "${v}" \
- heimdal ${vh} \
- "configure ${wok4} ${wssl}-${vo} ${wssli}-${vo}/include" \
- "${targetdir}/heimdal-${vh}/bin/krb5-config --libs | grep lcrypto" \ || \
- { failed="${failed} ${v}" ; logprint ${v} failed ; }
- done
-done
-
-logprint === building krb4
-for vo in ${openssl_versions} ; do
- for vk in ${krb4_versions} ; do
- v="openssl-${vo}-krb4-${vk}"
- build "${v}" \
- krb4 ${vk} \
- "configure ${wssl}-${vo}" \
- "${targetdir}/krb4-${vk}/bin/krb4-config --libs | grep lcrypto"|| \
- { failed="${failed} ${v}" ; logprint ${v} failed ; }
- done
-done
-
-logprint === building heimdal with krb4 versions
-for vo in ${openssl_versions} ; do
- for vk in ${krb4_versions} ; do
- for vh in ${heimdal_versions} ; do
- v="openssl-${vo}-krb4-${vk}-heimdal-${vh}"
- build "${v}" \
- heimdal ${vh} \
- "configure ${wk4c}-${vk}${bk4c} ${wssl}-${vo} ${wssli}-${vo}/include" \
- "${targetdir}/heimdal-${vh}/bin/krb5-config --libs | grep lcrypto && ${targetdir}/heimdal-${vh}/bin/krb5-config --libs | grep krb4" \
- || \
- { failed="${failed} ${v}" ; logprint ${v} failed ; }
- done
- done
-done
-
-logprint === building heimdal without krb4 and openssl versions
-for vh in ${heimdal_versions} ; do
- v="des-heimdal-${vh}"
- build "${v}" \
- heimdal ${vh} \
- "configure ${wok4} ${wossl}" || \
- { failed="${failed} ${v}" ; logprint ${v} failed ; }
-done
-
-logprint all done
-[ "${failed}" != "" ] && logprint "failed: ${failed}"
-exit 0
diff --git a/etc/gss/mech b/etc/gss/mech
index b77f7914a7a1..d2eaa4cfb205 100644
--- a/etc/gss/mech
+++ b/etc/gss/mech
@@ -1,4 +1,6 @@
# $FreeBSD$
#
# Name OID Library name Kernel module
-kerberosv5 1.2.840.113554.1.2.2 /usr/lib/libgssapi_krb5.so.9 -
+kerberosv5 1.2.840.113554.1.2.2 /usr/lib/libgssapi_krb5.so.10 -
+spnego 1.3.6.1.5.5.2 /usr/lib/libgssapi_spnego.so.10 -
+#ntlm 1.3.6.1.4.1.311.2.2.10 /usr/lib/libgssapi_ntlm.so.10 -
diff --git a/gnu/usr.bin/cvs/cvs/Makefile b/gnu/usr.bin/cvs/cvs/Makefile
index c5e2ff1f32d8..f2b166658d26 100644
--- a/gnu/usr.bin/cvs/cvs/Makefile
+++ b/gnu/usr.bin/cvs/cvs/Makefile
@@ -34,8 +34,8 @@ LDADD= ${LIBCVS} ${LIBDIFF} -lgnuregex -lmd -lcrypt -lz
.if ${MK_KERBEROS_SUPPORT} != "no"
CFLAGS+= -DHAVE_GSSAPI -DENCRYPTION
-LDADD+= -lgssapi -lkrb5 -lasn1 -lcrypto -lroken -lcrypt -lcom_err
-DPADD+= ${LIBGSSAPI} ${LIBKRB5} ${LIBASN1} ${LIBCRYPTO} ${LIBROKEN}
+LDADD+= -lgssapi -lkrb5 -lhx509 -lasn1 -lcrypto -lroken -lcrypt -lcom_err
+DPADD+= ${LIBGSSAPI} ${LIBKRB5} ${LIBHX509} ${LIBASN1} ${LIBCRYPTO} ${LIBROKEN}
DPADD+= ${LIBCRYPT} ${LIBCOM_ERR}
.endif
diff --git a/include/gssapi/gssapi.h b/include/gssapi/gssapi.h
index 7509b0481209..84ba83ac09d9 100644
--- a/include/gssapi/gssapi.h
+++ b/include/gssapi/gssapi.h
@@ -41,6 +41,11 @@
*/
#include <stdint.h>
+#ifndef _SSIZE_T_DECLARED
+typedef __ssize_t ssize_t;
+#define _SSIZE_T_DECLARED
+#endif
+
#if 0
/*
* If the platform supports the xom.h header file, it should be
@@ -732,25 +737,101 @@ OM_uint32 gss_unseal
);
/*
- * kerberos mechanism specific functions
+ * Other extensions and helper functions.
*/
-struct krb5_ccache_data;
-#define GSS_C_KRB5_COMPAT_DES3_MIC 1
-OM_uint32 gsskrb5_register_acceptor_identity
- (const char * /* identity */
+int gss_oid_equal
+ (const gss_OID, /* first OID to compare */
+ const gss_OID /* second OID to compare */
+ );
+
+OM_uint32 gss_release_oid
+ (OM_uint32 *, /* minor status */
+ gss_OID * /* oid to free */
+ );
+
+OM_uint32 gss_decapsulate_token
+ (const gss_buffer_t, /* mechanism independent token */
+ gss_OID, /* desired mechanism */
+ gss_buffer_t /* decapsulated mechanism dependant token */
+ );
+
+OM_uint32 gss_encapsulate_token
+ (const gss_buffer_t, /* mechanism dependant token */
+ gss_OID, /* desired mechanism */
+ gss_buffer_t /* encapsulated mechanism independent token */
+ );
+
+OM_uint32 gss_duplicate_oid
+ (OM_uint32 *, /* minor status */
+ const gss_OID, /* oid to copy */
+ gss_OID * /* result */
+ );
+
+OM_uint32 gss_oid_to_str
+ (OM_uint32 *, /* minor status */
+ gss_OID, /* oid to convert */
+ gss_buffer_t /* buffer to contain string */
+ );
+
+typedef struct gss_buffer_set_desc_struct {
+ size_t count;
+ gss_buffer_desc *elements;
+} gss_buffer_set_desc, *gss_buffer_set_t;
+
+#define GSS_C_NO_BUFFER_SET ((gss_buffer_set_t) 0)
+
+OM_uint32 gss_create_empty_buffer_set
+ (OM_uint32 *, /* minor status */
+ gss_buffer_set_t * /* location for new buffer set */
+ );
+
+OM_uint32 gss_add_buffer_set_member
+ (OM_uint32 *, /* minor status */
+ gss_buffer_t, /* buffer to add */
+ gss_buffer_set_t * /* set to add to */
+ );
+
+OM_uint32 gss_release_buffer_set
+ (OM_uint32 *, /* minor status */
+ gss_buffer_set_t * /* set to release */
+ );
+
+OM_uint32 gss_inquire_sec_context_by_oid
+ (OM_uint32 *, /* minor_status */
+ const gss_ctx_id_t, /* context_handle */
+ const gss_OID, /* desired_object */
+ gss_buffer_set_t * /* result */
+ );
+
+OM_uint32 gss_inquire_cred_by_oid
+ (OM_uint32 *, /* minor_status */
+ const gss_cred_id_t, /* cred_handle */
+ const gss_OID, /* desired_object */
+ gss_buffer_set_t * /* result */
+ );
+
+OM_uint32 gss_set_sec_context_option
+ (OM_uint32 *, /* minor status */
+ gss_ctx_id_t *, /* context */
+ const gss_OID, /* option to set */
+ const gss_buffer_t /* option value */
);
-OM_uint32 gss_krb5_copy_ccache
- (OM_uint32 *, /* minor_status */
- gss_cred_id_t, /* cred_handle */
- struct krb5_ccache_data * /* out */
+OM_uint32 gss_set_cred_option
+ (OM_uint32 *, /* minor status */
+ gss_cred_id_t *, /* cred */
+ const gss_OID, /* option to set */
+ const gss_buffer_t /* option value */
);
-OM_uint32 gss_krb5_compat_des3_mic
- (OM_uint32 *, /* minor_status */
- gss_ctx_id_t, /* context_handle */
- int /* flag */
+OM_uint32 gss_pseudo_random
+ (OM_uint32 *, /* minor status */
+ gss_ctx_id_t, /* context handle */
+ int prf_key, /* XXX */
+ const gss_buffer_t, /* data to seed generator */
+ ssize_t, /* amount of data required */
+ gss_buffer_t /* buffer for result */
);
#endif /* _GSSAPI_GSSAPI_H_ */
diff --git a/kerberos5/Makefile.inc b/kerberos5/Makefile.inc
index 2dc673904a47..2330979a5e35 100644
--- a/kerberos5/Makefile.inc
+++ b/kerberos5/Makefile.inc
@@ -25,7 +25,10 @@ ETSRCS= \
${KRB5DIR}/lib/kadm5/kadm5_err.et \
${KRB5DIR}/lib/krb5/heim_err.et \
${KRB5DIR}/lib/krb5/k524_err.et \
- ${KRB5DIR}/lib/krb5/krb5_err.et
+ ${KRB5DIR}/lib/krb5/krb5_err.et \
+ ${KRB5DIR}/lib/krb5/krb_err.et \
+ ${KRB5DIR}/lib/gssapi/krb5/gkrb5_err.et \
+ ${KRB5DIR}/lib/hx509/hx509_err.et
.for ET in ${ETSRCS}
.for _ET in ${ET:T:R}
diff --git a/kerberos5/include/config.h b/kerberos5/include/config.h
index fd7ad2601209..4484060d3c1a 100644
--- a/kerberos5/include/config.h
+++ b/kerberos5/include/config.h
@@ -1,5 +1,5 @@
-/* include/config.h. Generated automatically by configure. */
-/* include/config.h.in. Generated automatically from configure.in by autoheader. */
+/* include/config.h. Generated from config.h.in by configure. */
+/* include/config.h.in. Generated from configure.in by autoheader. */
/* $FreeBSD$ */
@@ -10,34 +10,40 @@
static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
#endif
-#define BINDIR "/usr/bin"
-#define LIBDIR "/usr/lib"
-#define LIBEXECDIR "/usr/libexec"
-#define SBINDIR "/usr/sbin"
-#define SYSCONFDIR "/etc"
-
-#define HAVE_INT8_T 1
-#define HAVE_INT16_T 1
-#define HAVE_INT32_T 1
-#define HAVE_INT64_T 1
-#define HAVE_U_INT8_T 1
-#define HAVE_U_INT16_T 1
-#define HAVE_U_INT32_T 1
-#define HAVE_U_INT64_T 1
-#define HAVE_UINT8_T 1
-#define HAVE_UINT16_T 1
-#define HAVE_UINT32_T 1
-#define HAVE_UINT64_T 1
-
/* Maximum values on all known systems */
#define MaxHostNameLen (64+4)
#define MaxPathLen (1024+4)
+#ifdef BUILD_KRB5_LIB
+#ifndef KRB5_LIB_FUNCTION
+#ifdef _WIN32_
+#define KRB5_LIB_FUNCTION _export _stdcall
+#else
+#define KRB5_LIB_FUNCTION
+#endif
+#endif
+#endif
+
+
+#ifdef BUILD_ROKEN_LIB
+#ifndef ROKEN_LIB_FUNCTION
+#ifdef _WIN32_
+#define ROKEN_LIB_FUNCTION _export _stdcall
+#else
+#define ROKEN_LIB_FUNCTION
+#endif
+#endif
+#endif
+
+
/* Define if you want authentication support in telnet. */
#define AUTHENTICATION 1
+/* path to bin */
+#define BINDIR "/usr/bin"
+
/* Define if realloc(NULL) doesn't work. */
/* #undef BROKEN_REALLOC */
@@ -50,6 +56,12 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* Define this to enable diagnostics in telnet. */
#define DIAGNOSTICS 1
+/* Define if want to use the weak AFS string to key functions. */
+#define ENABLE_AFS_STRING_TO_KEY 1
+
+/* Define if you want have a thread safe libraries */
+/* #undef ENABLE_PTHREAD_SUPPORT */
+
/* Define if you want encryption support in telnet. */
#define ENCRYPTION 1
@@ -61,7 +73,7 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* define if prototype of gethostbyaddr is compatible with struct hostent
*gethostbyaddr(const void *, size_t, int) */
-/* #undef GETHOSTBYADDR_PROTO_COMPATIBLE */
+#define GETHOSTBYADDR_PROTO_COMPATIBLE 1
/* define if prototype of gethostbyname is compatible with struct hostent
*gethostbyname(const char *) */
@@ -78,8 +90,8 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* Define if you have the `altzone' variable. */
/* #undef HAVE_ALTZONE */
-/* define if your system declares altzone */
-/* #undef HAVE_ALTZONE_DECLARATION */
+/* Define to 1 if you have the `arc4random' function. */
+#define HAVE_ARC4RANDOM 1
/* Define to 1 if you have the <arpa/ftp.h> header file. */
#define HAVE_ARPA_FTP_H 1
@@ -126,6 +138,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* Define if you have the function `chown'. */
#define HAVE_CHOWN 1
+/* Define if you have the function `closefrom'. */
+/* #undef HAVE_CLOSEFROM */
+
/* Define to 1 if you have the <config.h> header file. */
/* #undef HAVE_CONFIG_H */
@@ -177,6 +192,54 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* define if you have ndbm compat in db */
/* #undef HAVE_DB_NDBM */
+/* Define to 1 if you have the declaration of `altzone', and to 0 if you
+ don't. */
+/* #undef HAVE_DECL_ALTZONE */
+
+/* Define to 1 if you have the declaration of `environ', and to 0 if you
+ don't. */
+#define HAVE_DECL_ENVIRON 0
+
+/* Define to 1 if you have the declaration of `h_errlist', and to 0 if you
+ don't. */
+#define HAVE_DECL_H_ERRLIST 0
+
+/* Define to 1 if you have the declaration of `h_errno', and to 0 if you
+ don't. */
+#define HAVE_DECL_H_ERRNO 1
+
+/* Define to 1 if you have the declaration of `h_nerr', and to 0 if you don't.
+ */
+/* #undef HAVE_DECL_H_NERR */
+
+/* Define to 1 if you have the declaration of `optarg', and to 0 if you don't.
+ */
+#define HAVE_DECL_OPTARG 1
+
+/* Define to 1 if you have the declaration of `opterr', and to 0 if you don't.
+ */
+#define HAVE_DECL_OPTERR 1
+
+/* Define to 1 if you have the declaration of `optind', and to 0 if you don't.
+ */
+#define HAVE_DECL_OPTIND 1
+
+/* Define to 1 if you have the declaration of `optopt', and to 0 if you don't.
+ */
+#define HAVE_DECL_OPTOPT 1
+
+/* Define to 1 if you have the declaration of `timezone', and to 0 if you
+ don't. */
+#define HAVE_DECL_TIMEZONE 1
+
+/* Define to 1 if you have the declaration of `_res', and to 0 if you don't.
+ */
+#define HAVE_DECL__RES 1
+
+/* Define to 1 if you have the declaration of `__progname', and to 0 if you
+ don't. */
+#define HAVE_DECL___PROGNAME 0
+
/* Define to 1 if you have the <dirent.h> header file. */
#define HAVE_DIRENT_H 1
@@ -189,6 +252,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* Define to 1 if you have the `dn_expand' function. */
#define HAVE_DN_EXPAND 1
+/* Define to 1 if you have the `door_create' function. */
+/* #undef HAVE_DOOR_CREATE */
+
/* Define if you have the function `ecalloc'. */
/* #undef HAVE_ECALLOC */
@@ -198,9 +264,6 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* Define if you have the function `emalloc'. */
/* #undef HAVE_EMALLOC */
-/* define if your system declares environ */
-/* #undef HAVE_ENVIRON_DECLARATION */
-
/* Define if you have the function `erealloc'. */
/* #undef HAVE_EREALLOC */
@@ -238,12 +301,10 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
#define HAVE_FNMATCH_H 1
/* Define if el_init takes four arguments. */
-#if __FreeBSD_version >= 500024
#define HAVE_FOUR_VALUED_EL_INIT 1
-#endif
-/* define if krb_put_int takes four arguments. */
-#define HAVE_FOUR_VALUED_KRB_PUT_INT 1
+/* Have -framework Security */
+/* #undef HAVE_FRAMEWORK_SECURITY */
/* Define to 1 if you have the `freeaddrinfo' function. */
#define HAVE_FREEADDRINFO 1
@@ -311,16 +372,17 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* Define to 1 if you have the `getpagesize' function. */
#define HAVE_GETPAGESIZE 1
+/* Define to 1 if you have the `getpeereid' function. */
+#define HAVE_GETPEEREID 1
+
+/* Define to 1 if you have the `getpeerucred' function. */
+/* #undef HAVE_GETPEERUCRED */
+
/* Define to 1 if you have the `getprogname' function. */
-#if (__FreeBSD_version >= 430002 && __FreeBSD_version < 500000) || \
- __FreeBSD_version >= 500019
#define HAVE_GETPROGNAME 1
-#endif
/* Define to 1 if you have the `getpwnam_r' function. */
-#if __FreeBSD_version >= 500112
#define HAVE_GETPWNAM_R 1
-#endif
/* Define to 1 if you have the `getrlimit' function. */
#define HAVE_GETRLIMIT 1
@@ -348,9 +410,7 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
#define HAVE_GLOB 1
/* Define to 1 if you have the `grantpt' function. */
-#if __FreeBSD_version >= 500100
#define HAVE_GRANTPT 1
-#endif
/* Define to 1 if you have the <grp.h> header file. */
#define HAVE_GRP_H 1
@@ -361,20 +421,11 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* Define if you have the `h_errlist' variable. */
#define HAVE_H_ERRLIST 1
-/* define if your system declares h_errlist */
-/* #undef HAVE_H_ERRLIST_DECLARATION */
-
/* Define if you have the `h_errno' variable. */
#define HAVE_H_ERRNO 1
-/* define if your system declares h_errno */
-#define HAVE_H_ERRNO_DECLARATION 1
-
/* Define if you have the `h_nerr' variable. */
-#define HAVE_H_NERR 1
-
-/* define if your system declares h_nerr */
-/* #undef HAVE_H_NERR_DECLARATION */
+/* #undef HAVE_H_NERR */
/* Define to 1 if you have the <ifaddrs.h> header file. */
#define HAVE_IFADDRS_H 1
@@ -400,6 +451,18 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
/* Define if you have the function `innetgr'. */
#define HAVE_INNETGR 1
+/* Define to 1 if the system has the type `int16_t'. */
+#define HAVE_INT16_T 1
+
+/* Define to 1 if the system has the type `int32_t'. */
+#define HAVE_INT32_T 1
+
+/* Define to 1 if the system has the type `int64_t'. */
+#define HAVE_INT64_T 1
+
+/* Define to 1 if the system has the type `int8_t'. */
+#define HAVE_INT8_T 1
+