mirror of
https://git.FreeBSD.org/src.git
synced 2024-11-27 08:00:11 +00:00
Fix conflicts after heimdal-1.1 import and add build infrastructure. Import
all non-style changes made by heimdal to our own libgssapi.
This commit is contained in:
parent
4fe54d7c6a
commit
33f1219925
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=178828
@ -1036,7 +1036,8 @@ _startup_libs+= lib/libc
|
||||
gnu/lib/libgcc__L: lib/libc__L
|
||||
|
||||
_prebuild_libs= ${_kerberos5_lib_libasn1} ${_kerberos5_lib_libkrb5} \
|
||||
${_kerberos5_lib_libroken} \
|
||||
${_kerberos5_lib_libhx509} ${_kerberos5_lib_libroken} \
|
||||
${_kerberos5_lib_libheimntlm} ${_kerberos5_lib_libgssapi_krb5} \
|
||||
lib/libbz2 lib/libcom_err lib/libcrypt lib/libexpat \
|
||||
${_lib_libgssapi} ${_lib_libipx} \
|
||||
lib/libkiconv lib/libkvm lib/libmd \
|
||||
@ -1068,9 +1069,11 @@ lib/libradius__L secure/lib/libssl__L: secure/lib/libcrypto__L
|
||||
_secure_lib_libssh= secure/lib/libssh
|
||||
secure/lib/libssh__L: lib/libz__L secure/lib/libcrypto__L lib/libcrypt__L
|
||||
.if ${MK_KERBEROS} != "no"
|
||||
secure/lib/libssh__L: lib/libgssapi__L kerberos5/lib/libkrb5__L \
|
||||
kerberos5/lib/libasn1__L lib/libcom_err__L lib/libmd__L \
|
||||
kerberos5/lib/libroken__L
|
||||
kerberos5/lib/libgssapi_krb5__L: kerberos5/lib/libkrb5__L \
|
||||
kerberos5/lib/libhx509__L kerberos5/lib/libasn1__L lib/libcom_err__L \
|
||||
lib/libmd__L kerberos5/lib/libroken__L secure/lib/libcrypto__L \
|
||||
lib/libcrypt__L
|
||||
secure/lib/libssh__L: lib/libgssapi__L kerberos5/lib/libgssapi_krb5__L
|
||||
.endif
|
||||
.endif
|
||||
.endif
|
||||
@ -1085,7 +1088,10 @@ _lib_libipx= lib/libipx
|
||||
_kerberos5_lib= kerberos5/lib
|
||||
_kerberos5_lib_libasn1= kerberos5/lib/libasn1
|
||||
_kerberos5_lib_libkrb5= kerberos5/lib/libkrb5
|
||||
_kerberos5_lib_libhx509= kerberos5/lib/libhx509
|
||||
_kerberos5_lib_libroken= kerberos5/lib/libroken
|
||||
_kerberos5_lib_libheimntlm= kerberos5/lib/libheimntlm
|
||||
_kerberos5_lib_libgssapi_krb5= kerberos5/lib/libgssapi_krb5
|
||||
_lib_libgssapi= lib/libgssapi
|
||||
.endif
|
||||
|
||||
|
@ -12,3 +12,6 @@ lib/des
|
||||
lib/editline
|
||||
lib/kdfs
|
||||
lib/otp
|
||||
lib/gssapi/mech
|
||||
lib/hcrypto
|
||||
ylwrap
|
||||
|
10
crypto/heimdal/acinclude.m4
Normal file
10
crypto/heimdal/acinclude.m4
Normal file
@ -0,0 +1,10 @@
|
||||
dnl $Id: acinclude.m4 13337 2004-02-12 14:19:16Z lha $
|
||||
dnl $FreeBSD$
|
||||
dnl
|
||||
dnl Only put things that for some reason can't live in the `cf'
|
||||
dnl directory in this file.
|
||||
dnl
|
||||
|
||||
dnl $xId: misc.m4,v 1.1 1997/12/14 15:59:04 joda Exp $
|
||||
dnl
|
||||
m4_define([upcase],`echo $1 | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`)dnl
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
|
||||
* Copyright (c) 1997-2004 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -32,7 +32,7 @@
|
||||
*/
|
||||
|
||||
/*
|
||||
* $Id: ktutil_locl.h,v 1.18 2002/09/10 20:03:45 joda Exp $
|
||||
* $Id: ktutil_locl.h 14799 2005-04-15 05:02:39Z lha $
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
@ -62,6 +62,7 @@
|
||||
|
||||
#include <sl.h>
|
||||
#include <getarg.h>
|
||||
#include <hex.h>
|
||||
|
||||
extern krb5_context context;
|
||||
|
||||
@ -70,15 +71,6 @@ extern char *keytab_string;
|
||||
|
||||
krb5_keytab ktutil_open_keytab(void);
|
||||
|
||||
int kt_add (int argc, char **argv);
|
||||
int kt_change (int argc, char **argv);
|
||||
int kt_copy (int argc, char **argv);
|
||||
int kt_get (int argc, char **argv);
|
||||
int kt_list(int argc, char **argv);
|
||||
int kt_purge(int argc, char **argv);
|
||||
int kt_remove(int argc, char **argv);
|
||||
int kt_rename(int argc, char **argv);
|
||||
int srvconv(int argc, char **argv);
|
||||
int srvcreate(int argc, char **argv);
|
||||
#include "ktutil-commands.h"
|
||||
|
||||
#endif /* __KTUTIL_LOCL_H__ */
|
||||
|
@ -31,7 +31,7 @@
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/* $Id: ftp_locl.h,v 1.37 2002/09/10 20:03:46 joda Exp $ */
|
||||
/* $Id: ftp_locl.h 11444 2002-09-10 20:03:49Z joda $ */
|
||||
/* $FreeBSD$ */
|
||||
|
||||
#ifndef __FTP_LOCL_H__
|
||||
|
@ -1,17 +1,20 @@
|
||||
# $Id: Makefile.am,v 1.7 2001/08/28 08:31:22 assar Exp $
|
||||
# $Id: Makefile.am 21986 2007-10-19 05:22:57Z lha $
|
||||
# $FreeBSD$
|
||||
|
||||
include $(top_srcdir)/Makefile.am.common
|
||||
|
||||
INCLUDES += $(INCLUDE_krb4) $(INCLUDE_des)
|
||||
AM_CPPFLAGS += $(INCLUDE_krb4) $(INCLUDE_hcrypto)
|
||||
|
||||
bin_PROGRAMS = su
|
||||
bin_SUIDS = su
|
||||
su_SOURCES = su.c
|
||||
su_SOURCES = su.c supaths.h
|
||||
man_MANS = su.1
|
||||
|
||||
LDADD = $(LIB_kafs) \
|
||||
$(top_builddir)/lib/krb5/libkrb5.la \
|
||||
$(LIB_krb4) \
|
||||
$(LIB_des) \
|
||||
$(LIB_hcrypto) \
|
||||
$(top_builddir)/lib/asn1/libasn1.la \
|
||||
$(LIB_roken)
|
||||
|
||||
EXTRA_DIST = $(man_MANS)
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1999 - 2003 Kungliga Tekniska Högskolan
|
||||
* Copyright (c) 1999 - 2007 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -36,7 +36,7 @@
|
||||
|
||||
#include <config.h>
|
||||
|
||||
RCSID("$Id: su.c,v 1.26.2.1 2003/05/06 12:06:44 joda Exp $");
|
||||
RCSID("$Id: su.c 21988 2007-10-19 05:36:54Z lha $");
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
@ -53,6 +53,9 @@ RCSID("$Id: su.c,v 1.26.2.1 2003/05/06 12:06:44 joda Exp $");
|
||||
#endif
|
||||
|
||||
#include <pwd.h>
|
||||
#ifdef HAVE_CRYPT_H
|
||||
#include <crypt.h>
|
||||
#endif
|
||||
|
||||
#include "crypto-headers.h"
|
||||
#ifdef KRB5
|
||||
@ -66,13 +69,7 @@ RCSID("$Id: su.c,v 1.26.2.1 2003/05/06 12:06:44 joda Exp $");
|
||||
#include <roken.h>
|
||||
#include <getarg.h>
|
||||
|
||||
#ifndef _PATH_DEFPATH
|
||||
#define _PATH_DEFPATH "/usr/bin:/bin"
|
||||
#endif
|
||||
|
||||
#ifndef _PATH_BSHELL
|
||||
#define _PATH_BSHELL "/bin/sh"
|
||||
#endif
|
||||
#include "supaths.h"
|
||||
|
||||
int kerberos_flag = 1;
|
||||
int csh_f_flag;
|
||||
@ -175,7 +172,9 @@ krb5_verify(const struct passwd *login_info,
|
||||
{
|
||||
krb5_error_code ret;
|
||||
krb5_principal p;
|
||||
krb5_realm *realms, *r;
|
||||
char *login_name = NULL;
|
||||
int user_ok = 0;
|
||||
|
||||
#if defined(HAVE_GETLOGIN) && !defined(POSIX_GETLOGIN)
|
||||
login_name = getlogin();
|
||||
@ -188,50 +187,63 @@ krb5_verify(const struct passwd *login_info,
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (login_name == NULL || strcmp (login_name, "root") == 0)
|
||||
login_name = login_info->pw_name;
|
||||
if (strcmp (su_info->pw_name, "root") == 0)
|
||||
ret = krb5_make_principal(context, &p, NULL,
|
||||
login_name,
|
||||
kerberos_instance,
|
||||
NULL);
|
||||
else
|
||||
ret = krb5_make_principal(context, &p, NULL,
|
||||
su_info->pw_name,
|
||||
NULL);
|
||||
if(ret)
|
||||
ret = krb5_get_default_realms(context, &realms);
|
||||
if (ret)
|
||||
return 1;
|
||||
|
||||
/* Check all local realms */
|
||||
for (r = realms; *r != NULL && !user_ok; r++) {
|
||||
|
||||
if (login_name == NULL || strcmp (login_name, "root") == 0)
|
||||
login_name = login_info->pw_name;
|
||||
if (strcmp (su_info->pw_name, "root") == 0)
|
||||
ret = krb5_make_principal(context, &p, *r,
|
||||
login_name,
|
||||
kerberos_instance,
|
||||
NULL);
|
||||
else
|
||||
ret = krb5_make_principal(context, &p, *r,
|
||||
su_info->pw_name,
|
||||
NULL);
|
||||
if (ret) {
|
||||
krb5_free_host_realm(context, realms);
|
||||
return 1;
|
||||
}
|
||||
|
||||
if(su_info->pw_uid != 0 || krb5_kuserok(context, p, su_info->pw_name)) {
|
||||
/* if we are su-ing too root, check with krb5_kuserok */
|
||||
if (su_info->pw_uid == 0 && !krb5_kuserok(context, p, su_info->pw_name))
|
||||
continue;
|
||||
|
||||
ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &ccache);
|
||||
if(ret) {
|
||||
#if 1
|
||||
krb5_warn(context, ret, "krb5_cc_gen_new");
|
||||
#endif
|
||||
krb5_free_host_realm(context, realms);
|
||||
krb5_free_principal (context, p);
|
||||
return 1;
|
||||
}
|
||||
ret = krb5_verify_user_lrealm(context, p, ccache, NULL, TRUE, NULL);
|
||||
ret = krb5_verify_user(context, p, ccache, NULL, TRUE, NULL);
|
||||
krb5_free_principal (context, p);
|
||||
if(ret) {
|
||||
switch (ret) {
|
||||
case 0:
|
||||
user_ok = 1;
|
||||
break;
|
||||
case KRB5_LIBOS_PWDINTR :
|
||||
krb5_cc_destroy(context, ccache);
|
||||
switch (ret) {
|
||||
case KRB5_LIBOS_PWDINTR :
|
||||
break;
|
||||
case KRB5KRB_AP_ERR_BAD_INTEGRITY:
|
||||
case KRB5KRB_AP_ERR_MODIFIED:
|
||||
krb5_warnx(context, "Password incorrect");
|
||||
break;
|
||||
default :
|
||||
krb5_warn(context, ret, "krb5_verify_user");
|
||||
break;
|
||||
}
|
||||
return 1;
|
||||
break;
|
||||
case KRB5KRB_AP_ERR_BAD_INTEGRITY:
|
||||
case KRB5KRB_AP_ERR_MODIFIED:
|
||||
krb5_cc_destroy(context, ccache);
|
||||
krb5_warnx(context, "Password incorrect");
|
||||
break;
|
||||
default :
|
||||
krb5_cc_destroy(context, ccache);
|
||||
krb5_warn(context, ret, "krb5_verify_user");
|
||||
break;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
krb5_free_principal (context, p);
|
||||
return 1;
|
||||
krb5_free_host_realm(context, realms);
|
||||
if (!user_ok)
|
||||
return 1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int
|
||||
@ -249,8 +261,10 @@ krb5_start_session(void)
|
||||
|
||||
ret = krb5_cc_copy_cache(context, ccache, ccache2);
|
||||
|
||||
asprintf(&cc_name, "%s:%s", krb5_cc_get_type(context, ccache2),
|
||||
krb5_cc_get_name(context, ccache2));
|
||||
ret = asprintf(&cc_name, "%s:%s", krb5_cc_get_type(context, ccache2),
|
||||
krb5_cc_get_name(context, ccache2));
|
||||
if (ret == -1)
|
||||
errx(1, "malloc - out of memory");
|
||||
esetenv("KRB5CCNAME", cc_name, 1);
|
||||
|
||||
/* we want to export this even if we don't directly support KRB4 */
|
||||
@ -300,10 +314,12 @@ krb_verify(const struct passwd *login_info,
|
||||
krb_kuserok(name, instance, realm, su_info->pw_name) == 0) {
|
||||
char password[128];
|
||||
char *prompt;
|
||||
asprintf (&prompt,
|
||||
ret = asprintf (&prompt,
|
||||
"%s's Password: ",
|
||||
krb_unparse_name_long (name, instance, realm));
|
||||
if (des_read_pw_string (password, sizeof (password), prompt, 0)) {
|
||||
if (ret == -1)
|
||||
return (1);
|
||||
if (UI_UTIL_read_pw_string (password, sizeof (password), prompt, 0)) {
|
||||
memset (password, 0, sizeof (password));
|
||||
free(prompt);
|
||||
return (1);
|
||||
@ -341,8 +357,29 @@ krb_start_session(void)
|
||||
}
|
||||
#endif
|
||||
|
||||
#define GROUP_MEMBER 0
|
||||
#define GROUP_MISSING 1
|
||||
#define GROUP_EMPTY 2
|
||||
#define GROUP_NOT_MEMBER 3
|
||||
|
||||
static int
|
||||
verify_unix(struct passwd *su)
|
||||
group_member_p(const char *group, const char *user)
|
||||
{
|
||||
struct group *g;
|
||||
int i;
|
||||
g = getgrnam(group);
|
||||
if(g == NULL)
|
||||
return GROUP_MISSING;
|
||||
if(g->gr_mem[0] == NULL)
|
||||
return GROUP_EMPTY;
|
||||
for(i = 0; g->gr_mem[i] != NULL; i++)
|
||||
if(strcmp(user, g->gr_mem[i]) == 0)
|
||||
return GROUP_MEMBER;
|
||||
return GROUP_NOT_MEMBER;
|
||||
}
|
||||
|
||||
static int
|
||||
verify_unix(struct passwd *login, struct passwd *su)
|
||||
{
|
||||
char prompt[128];
|
||||
char pw_buf[1024];
|
||||
@ -350,13 +387,31 @@ verify_unix(struct passwd *su)
|
||||
int r;
|
||||
if(su->pw_passwd != NULL && *su->pw_passwd != '\0') {
|
||||
snprintf(prompt, sizeof(prompt), "%s's password: ", su->pw_name);
|
||||
r = des_read_pw_string(pw_buf, sizeof(pw_buf), prompt, 0);
|
||||
r = UI_UTIL_read_pw_string(pw_buf, sizeof(pw_buf), prompt, 0);
|
||||
if(r != 0)
|
||||
exit(0);
|
||||
pw = crypt(pw_buf, su->pw_passwd);
|
||||
memset(pw_buf, 0, sizeof(pw_buf));
|
||||
if(strcmp(pw, su->pw_passwd) != 0)
|
||||
if(strcmp(pw, su->pw_passwd) != 0) {
|
||||
syslog (LOG_ERR | LOG_AUTH, "%s to %s: incorrect password",
|
||||
login->pw_name, su->pw_name);
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
/* if su:ing to root, check membership of group wheel or root; if
|
||||
that group doesn't exist, or is empty, allow anyone to su
|
||||
root */
|
||||
if(su->pw_uid == 0) {
|
||||
#ifndef ROOT_GROUP
|
||||
#define ROOT_GROUP "wheel"
|
||||
#endif
|
||||
int gs = group_member_p(ROOT_GROUP, login->pw_name);
|
||||
if(gs == GROUP_NOT_MEMBER) {
|
||||
syslog (LOG_ERR | LOG_AUTH, "%s to %s: not in group %s",
|
||||
login->pw_name, su->pw_name, ROOT_GROUP);
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
@ -398,6 +453,9 @@ main(int argc, char **argv)
|
||||
else
|
||||
su_user = argv[optind++];
|
||||
|
||||
if (!issuid() && getuid() != 0)
|
||||
warnx("Not setuid and you are root, expect this to fail");
|
||||
|
||||
pwd = k_getpwnam(su_user);
|
||||
if(pwd == NULL)
|
||||
errx (1, "unknown login %s", su_user);
|
||||
@ -434,7 +492,7 @@ main(int argc, char **argv)
|
||||
ok = 4;
|
||||
#endif
|
||||
|
||||
if(ok == 0 && login_info->pw_uid && verify_unix(su_info) != 0) {
|
||||
if(ok == 0 && login_info->pw_uid && verify_unix(login_info, su_info) != 0) {
|
||||
printf("Sorry!\n");
|
||||
exit(1);
|
||||
}
|
||||
@ -473,7 +531,7 @@ main(int argc, char **argv)
|
||||
#endif
|
||||
{
|
||||
char *tty = ttyname (STDERR_FILENO);
|
||||
syslog (LOG_NOTICE | LOG_AUTH, tty ? "%s to %s" : "%s to %s on %s",
|
||||
syslog (LOG_NOTICE | LOG_AUTH, tty ? "%s to %s on %s" : "%s to %s",
|
||||
login_info->pw_name, su_info->pw_name, tty);
|
||||
}
|
||||
|
||||
@ -481,11 +539,23 @@ main(int argc, char **argv)
|
||||
if(!env_flag) {
|
||||
if(full_login) {
|
||||
char *t = getenv ("TERM");
|
||||
|
||||
environ = malloc (10 * sizeof (char *));
|
||||
char **newenv = NULL;
|
||||
int i, j;
|
||||
|
||||
i = read_environment(_PATH_ETC_ENVIRONMENT, &newenv);
|
||||
|
||||
environ = malloc ((10 + i) * sizeof (char *));
|
||||
if (environ == NULL)
|
||||
err (1, "malloc");
|
||||
environ[0] = NULL;
|
||||
|
||||
for (j = 0; j < i; j++) {
|
||||
char *p = strchr(newenv[j], '=');
|
||||
*p++ = 0;
|
||||
esetenv (newenv[j], p, 1);
|
||||
}
|
||||
free(newenv);
|
||||
|
||||
esetenv ("PATH", _PATH_DEFPATH, 1);
|
||||
if (t)
|
||||
esetenv ("TERM", t, 1);
|
||||
@ -516,9 +586,10 @@ main(int argc, char **argv)
|
||||
if (args == NULL)
|
||||
err (1, "malloc");
|
||||
i = 0;
|
||||
if(full_login)
|
||||
asprintf(&args[i++], "-%s", p);
|
||||
else
|
||||
if(full_login) {
|
||||
if (asprintf(&args[i++], "-%s", p) == -1)
|
||||
errx (1, "malloc");
|
||||
} else
|
||||
args[i++] = p;
|
||||
if (cmd) {
|
||||
args[i++] = "-c";
|
||||
|
@ -1,28 +0,0 @@
|
||||
dnl $Id: broken-getnameinfo.m4,v 1.2.12.1 2004/04/01 07:27:32 joda Exp $
|
||||
dnl
|
||||
dnl test for broken AIX getnameinfo
|
||||
|
||||
AC_DEFUN([rk_BROKEN_GETNAMEINFO],[
|
||||
AC_CACHE_CHECK([if getnameinfo is broken], ac_cv_func_getnameinfo_broken,
|
||||
AC_TRY_RUN([[#include <stdio.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
#include <netinet/in.h>
|
||||
#include <netdb.h>
|
||||
|
||||
int
|
||||
main(int argc, char **argv)
|
||||
{
|
||||
struct sockaddr_in sin;
|
||||
char host[256];
|
||||
memset(&sin, 0, sizeof(sin));
|
||||
#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
|
||||
sin.sin_len = sizeof(sin);
|
||||
#endif
|
||||
sin.sin_family = AF_INET;
|
||||
sin.sin_addr.s_addr = 0xffffffff;
|
||||
sin.sin_port = 0;
|
||||
return getnameinfo((struct sockaddr*)&sin, sizeof(sin), host, sizeof(host),
|
||||
NULL, 0, 0);
|
||||
}
|
||||
]], ac_cv_func_getnameinfo_broken=no, ac_cv_func_getnameinfo_broken=yes))])
|
@ -1,25 +0,0 @@
|
||||
dnl $Id: check-declaration.m4,v 1.3.34.1 2004/04/01 07:27:32 joda Exp $
|
||||
dnl
|
||||
dnl
|
||||
dnl Check if we need the declaration of a variable
|
||||
dnl
|
||||
|
||||
dnl AC_HAVE_DECLARATION(includes, variable)
|
||||
AC_DEFUN([AC_CHECK_DECLARATION], [
|
||||
AC_MSG_CHECKING([if $2 is properly declared])
|
||||
AC_CACHE_VAL(ac_cv_var_$2_declaration, [
|
||||
AC_TRY_COMPILE([$1
|
||||
extern struct { int foo; } $2;],
|
||||
[$2.foo = 1;],
|
||||
eval "ac_cv_var_$2_declaration=no",
|
||||
eval "ac_cv_var_$2_declaration=yes")
|
||||
])
|
||||
|
||||
define(foo, [HAVE_]translit($2, [a-z], [A-Z])[_DECLARATION])
|
||||
|
||||
AC_MSG_RESULT($ac_cv_var_$2_declaration)
|
||||
if eval "test \"\$ac_cv_var_$2_declaration\" = yes"; then
|
||||
AC_DEFINE(foo, 1, [define if your system declares $2])
|
||||
fi
|
||||
undefine([foo])
|
||||
])
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997-2001 Kungliga Tekniska Högskolan
|
||||
* Copyright (c) 1997-2004 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -32,7 +32,7 @@
|
||||
*/
|
||||
|
||||
/*
|
||||
* $Id: kadmin_locl.h,v 1.41 2002/09/10 20:04:45 joda Exp $
|
||||
* $Id: kadmin_locl.h 17580 2006-05-13 21:28:56Z lha $
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
@ -91,92 +91,57 @@
|
||||
#include <krb5_locl.h>
|
||||
#include <hdb.h>
|
||||
#include <hdb_err.h>
|
||||
#include <hex.h>
|
||||
#include <kadm5/admin.h>
|
||||
#include <kadm5/private.h>
|
||||
#include <kadm5/kadm5_err.h>
|
||||
#include <parse_time.h>
|
||||
#include <getarg.h>
|
||||
|
||||
|
||||
extern krb5_context context;
|
||||
extern void * kadm_handle;
|
||||
|
||||
#define DECL(X) int X(int, char **)
|
||||
|
||||
DECL(add_new_key);
|
||||
DECL(cpw_entry);
|
||||
DECL(del_entry);
|
||||
DECL(del_enctype);
|
||||
DECL(exit_kadmin);
|
||||
DECL(ext_keytab);
|
||||
DECL(get_entry);
|
||||
DECL(get_privs);
|
||||
DECL(help);
|
||||
DECL(list_princs);
|
||||
DECL(mod_entry);
|
||||
DECL(rename_entry);
|
||||
DECL(init);
|
||||
DECL(dump);
|
||||
DECL(load);
|
||||
DECL(merge);
|
||||
|
||||
#undef ALLOC
|
||||
#define ALLOC(X) ((X) = malloc(sizeof(*(X))))
|
||||
|
||||
/* util.c */
|
||||
|
||||
void attributes2str(krb5_flags attributes, char *str, size_t len);
|
||||
int str2attributes(const char *str, krb5_flags *flags);
|
||||
int parse_attributes (const char *resp, krb5_flags *attr, int *mask, int bit);
|
||||
int edit_attributes (const char *prompt, krb5_flags *attr, int *mask,
|
||||
int bit);
|
||||
void attributes2str(krb5_flags, char *, size_t);
|
||||
int str2attributes(const char *, krb5_flags *);
|
||||
int parse_attributes (const char *, krb5_flags *, int *, int);
|
||||
int edit_attributes (const char *, krb5_flags *, int *, int);
|
||||
|
||||
void time_t2str(time_t t, char *str, size_t len, int include_time);
|
||||
int str2time_t (const char *str, time_t *time);
|
||||
int parse_timet (const char *resp, krb5_timestamp *value, int *mask, int bit);
|
||||
int edit_timet (const char *prompt, krb5_timestamp *value, int *mask,
|
||||
int bit);
|
||||
void time_t2str(time_t, char *, size_t, int);
|
||||
int str2time_t (const char *, time_t *);
|
||||
int parse_timet (const char *, krb5_timestamp *, int *, int);
|
||||
int edit_timet (const char *, krb5_timestamp *, int *,
|
||||
int);
|
||||
|
||||
void deltat2str(unsigned t, char *str, size_t len);
|
||||
int str2deltat(const char *str, krb5_deltat *delta);
|
||||
int parse_deltat (const char *resp, krb5_deltat *value, int *mask, int bit);
|
||||
int edit_deltat (const char *prompt, krb5_deltat *value, int *mask, int bit);
|
||||
void deltat2str(unsigned, char *, size_t);
|
||||
int str2deltat(const char *, krb5_deltat *);
|
||||
int parse_deltat (const char *, krb5_deltat *, int *, int);
|
||||
int edit_deltat (const char *, krb5_deltat *, int *, int);
|
||||
|
||||
int edit_entry(kadm5_principal_ent_t ent, int *mask,
|
||||
kadm5_principal_ent_t default_ent, int default_mask);
|
||||
void set_defaults(kadm5_principal_ent_t ent, int *mask,
|
||||
kadm5_principal_ent_t default_ent, int default_mask);
|
||||
int set_entry(krb5_context context,
|
||||
kadm5_principal_ent_t ent,
|
||||
int *mask,
|
||||
const char *max_ticket_life,
|
||||
const char *max_renewable_life,
|
||||
const char *expiration,
|
||||
const char *pw_expiration,
|
||||
const char *attributes);
|
||||
int edit_entry(kadm5_principal_ent_t, int *, kadm5_principal_ent_t, int);
|
||||
void set_defaults(kadm5_principal_ent_t, int *, kadm5_principal_ent_t, int);
|
||||
int set_entry(krb5_context, kadm5_principal_ent_t, int *,
|
||||
const char *, const char *, const char *,
|
||||
const char *, const char *);
|
||||
int
|
||||
foreach_principal(const char *exp,
|
||||
int (*func)(krb5_principal, void*),
|
||||
const char *funcname,
|
||||
void *data);
|
||||
foreach_principal(const char *, int (*)(krb5_principal, void*),
|
||||
const char *, void *);
|
||||
|
||||
int parse_des_key (const char *key_string,
|
||||
krb5_key_data *key_data, const char **err);
|
||||
int parse_des_key (const char *, krb5_key_data *, const char **);
|
||||
|
||||
/* server.c */
|
||||
|
||||
krb5_error_code
|
||||
kadmind_loop (krb5_context, krb5_auth_context, krb5_keytab, int);
|
||||
|
||||
/* version4.c */
|
||||
|
||||
void
|
||||
handle_v4(krb5_context context, krb5_keytab keytab, int len, int fd);
|
||||
|
||||
/* random_password.c */
|
||||
|
||||
void
|
||||
random_password(char *pw, size_t len);
|
||||
random_password(char *, size_t);
|
||||
|
||||
/* kadm_conn.c */
|
||||
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
|
||||
* Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -32,7 +32,7 @@
|
||||
*/
|
||||
|
||||
/*
|
||||
* $Id: headers.h,v 1.15 2002/09/10 20:04:46 joda Exp $
|
||||
* $Id: headers.h 19658 2007-01-04 00:15:34Z lha $
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
@ -73,6 +73,9 @@
|
||||
#ifdef HAVE_ARPA_INET_H
|
||||
#include <arpa/inet.h>
|
||||
#endif
|
||||
#ifdef HAVE_SYS_WAIT_H
|
||||
#include <sys/wait.h>
|
||||
#endif
|
||||
#ifdef HAVE_NETDB_H
|
||||
#include <netdb.h>
|
||||
#endif
|
||||
@ -89,16 +92,14 @@
|
||||
#include <parse_units.h>
|
||||
#include <krb5.h>
|
||||
#include <krb5_locl.h>
|
||||
#include <digest_asn1.h>
|
||||
#include <kx509_asn1.h>
|
||||
#include <hdb.h>
|
||||
#include <hdb_err.h>
|
||||
#include <der.h> /* copy_octet_string */
|
||||
#include <der.h>
|
||||
|
||||
#ifdef KRB4
|
||||
#include <krb.h>
|
||||
#include <prot.h>
|
||||
#define Principal Principal4
|
||||
#include <krb_db.h>
|
||||
#endif
|
||||
#include <heimntlm.h>
|
||||
#include <windc_plugin.h>
|
||||
|
||||
#undef ALLOC
|
||||
#define ALLOC(X) ((X) = malloc(sizeof(*(X))))
|
||||
|
@ -1,23 +0,0 @@
|
||||
X509 DEFINITIONS ::= BEGIN
|
||||
|
||||
CertificateSerialNumber ::= INTEGER -- X.509 '97
|
||||
|
||||
AttributeType ::= OBJECT-IDENTIFIER
|
||||
|
||||
AttributeValue ::= OCTET STRING --ANY DEFINED BY AttributeType
|
||||
|
||||
AttributeTypeAndValue ::= SEQUENCE {
|
||||
type AttributeType,
|
||||
value AttributeValue
|
||||
}
|
||||
|
||||
RelativeDistinguishedName ::= --SET
|
||||
SEQUENCE OF AttributeTypeAndValue
|
||||
|
||||
RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
|
||||
|
||||
Name ::= CHOICE { -- RFC2459
|
||||
x RDNSequence
|
||||
}
|
||||
|
||||
END
|
@ -1,251 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "gssapi_locl.h"
|
||||
|
||||
RCSID("$Id: 8003.c,v 1.12.2.2 2003/09/18 21:30:57 lha Exp $");
|
||||
|
||||
krb5_error_code
|
||||
gssapi_encode_om_uint32(OM_uint32 n, u_char *p)
|
||||
{
|
||||
p[0] = (n >> 0) & 0xFF;
|
||||
p[1] = (n >> 8) & 0xFF;
|
||||
p[2] = (n >> 16) & 0xFF;
|
||||
p[3] = (n >> 24) & 0xFF;
|
||||
return 0;
|
||||
}
|
||||
|
||||
krb5_error_code
|
||||
gssapi_encode_be_om_uint32(OM_uint32 n, u_char *p)
|
||||
{
|
||||
p[0] = (n >> 24) & 0xFF;
|
||||
p[1] = (n >> 16) & 0xFF;
|
||||
p[2] = (n >> 8) & 0xFF;
|
||||
p[3] = (n >> 0) & 0xFF;
|
||||
return 0;
|
||||
}
|
||||
|
||||
krb5_error_code
|
||||
gssapi_decode_om_uint32(u_char *p, OM_uint32 *n)
|
||||
{
|
||||
*n = (p[0] << 0) | (p[1] << 8) | (p[2] << 16) | (p[3] << 24);
|
||||
return 0;
|
||||
}
|
||||
|
||||
krb5_error_code
|
||||
gssapi_decode_be_om_uint32(u_char *p, OM_uint32 *n)
|
||||
{
|
||||
*n = (p[0] <<24) | (p[1] << 16) | (p[2] << 8) | (p[3] << 0);
|
||||
return 0;
|
||||
}
|
||||
|
||||
static krb5_error_code
|
||||
hash_input_chan_bindings (const gss_channel_bindings_t b,
|
||||
u_char *p)
|
||||
{
|
||||
u_char num[4];
|
||||
MD5_CTX md5;
|
||||
|
||||
MD5_Init(&md5);
|
||||
gssapi_encode_om_uint32 (b->initiator_addrtype, num);
|
||||
MD5_Update (&md5, num, sizeof(num));
|
||||
gssapi_encode_om_uint32 (b->initiator_address.length, num);
|
||||
MD5_Update (&md5, num, sizeof(num));
|
||||
if (b->initiator_address.length)
|
||||
MD5_Update (&md5,
|
||||
b->initiator_address.value,
|
||||
b->initiator_address.length);
|
||||
gssapi_encode_om_uint32 (b->acceptor_addrtype, num);
|
||||
MD5_Update (&md5, num, sizeof(num));
|
||||
gssapi_encode_om_uint32 (b->acceptor_address.length, num);
|
||||
MD5_Update (&md5, num, sizeof(num));
|
||||
if (b->acceptor_address.length)
|
||||
MD5_Update (&md5,
|
||||
b->acceptor_address.value,
|
||||
b->acceptor_address.length);
|
||||
gssapi_encode_om_uint32 (b->application_data.length, num);
|
||||
MD5_Update (&md5, num, sizeof(num));
|
||||
if (b->application_data.length)
|
||||
MD5_Update (&md5,
|
||||
b->application_data.value,
|
||||
b->application_data.length);
|
||||
MD5_Final (p, &md5);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* create a checksum over the chanel bindings in
|
||||
* `input_chan_bindings', `flags' and `fwd_data' and return it in
|
||||
* `result'
|
||||
*/
|
||||
|
||||
OM_uint32
|
||||
gssapi_krb5_create_8003_checksum (
|
||||
OM_uint32 *minor_status,
|
||||
const gss_channel_bindings_t input_chan_bindings,
|
||||
OM_uint32 flags,
|
||||
const krb5_data *fwd_data,
|
||||
Checksum *result)
|
||||
{
|
||||
u_char *p;
|
||||
|
||||
/*
|
||||
* see rfc1964 (section 1.1.1 (Initial Token), and the checksum value
|
||||
* field's format) */
|
||||
result->cksumtype = 0x8003;
|
||||
if (fwd_data->length > 0 && (flags & GSS_C_DELEG_FLAG))
|
||||
result->checksum.length = 24 + 4 + fwd_data->length;
|
||||
else
|
||||
result->checksum.length = 24;
|
||||
result->checksum.data = malloc (result->checksum.length);
|
||||
if (result->checksum.data == NULL) {
|
||||
*minor_status = ENOMEM;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
p = result->checksum.data;
|
||||
gssapi_encode_om_uint32 (16, p);
|
||||
p += 4;
|
||||
if (input_chan_bindings == GSS_C_NO_CHANNEL_BINDINGS) {
|
||||
memset (p, 0, 16);
|
||||
} else {
|
||||
hash_input_chan_bindings (input_chan_bindings, p);
|
||||
}
|
||||
p += 16;
|
||||
gssapi_encode_om_uint32 (flags, p);
|
||||
p += 4;
|
||||
|
||||
if (fwd_data->length > 0 && (flags & GSS_C_DELEG_FLAG)) {
|
||||
#if 0
|
||||
u_char *tmp;
|
||||
|
||||
result->checksum.length = 28 + fwd_data->length;
|
||||
tmp = realloc(result->checksum.data, result->checksum.length);
|
||||
if (tmp == NULL)
|
||||
return ENOMEM;
|
||||
result->checksum.data = tmp;
|
||||
|
||||
p = (u_char*)result->checksum.data + 24;
|
||||
#endif
|
||||
*p++ = (1 >> 0) & 0xFF; /* DlgOpt */ /* == 1 */
|
||||
*p++ = (1 >> 8) & 0xFF; /* DlgOpt */ /* == 0 */
|
||||
*p++ = (fwd_data->length >> 0) & 0xFF; /* Dlgth */
|
||||
*p++ = (fwd_data->length >> 8) & 0xFF; /* Dlgth */
|
||||
memcpy(p, (unsigned char *) fwd_data->data, fwd_data->length);
|
||||
|
||||
p += fwd_data->length;
|
||||
}
|
||||
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
||||
|
||||
/*
|
||||
* verify the checksum in `cksum' over `input_chan_bindings'
|
||||
* returning `flags' and `fwd_data'
|
||||
*/
|
||||
|
||||
OM_uint32
|
||||
gssapi_krb5_verify_8003_checksum(
|
||||
OM_uint32 *minor_status,
|
||||
const gss_channel_bindings_t input_chan_bindings,
|
||||
const Checksum *cksum,
|
||||
OM_uint32 *flags,
|
||||
krb5_data *fwd_data)
|
||||
{
|
||||
unsigned char hash[16];
|
||||
unsigned char *p;
|
||||
OM_uint32 length;
|
||||
int DlgOpt;
|
||||
static unsigned char zeros[16];
|
||||
|
||||
/* XXX should handle checksums > 24 bytes */
|
||||
if(cksum->cksumtype != 0x8003 || cksum->checksum.length < 24) {
|
||||
*minor_status = 0;
|
||||
return GSS_S_BAD_BINDINGS;
|
||||
}
|
||||
|
||||
p = cksum->checksum.data;
|
||||
gssapi_decode_om_uint32(p, &length);
|
||||
if(length != sizeof(hash)) {
|
||||
*minor_status = 0;
|
||||
return GSS_S_BAD_BINDINGS;
|
||||
}
|
||||
|
||||
p += 4;
|
||||
|
||||
if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS
|
||||
&& memcmp(p, zeros, sizeof(zeros)) != 0) {
|
||||
if(hash_input_chan_bindings(input_chan_bindings, hash) != 0) {
|
||||
*minor_status = 0;
|
||||
return GSS_S_BAD_BINDINGS;
|
||||
}
|
||||
if(memcmp(hash, p, sizeof(hash)) != 0) {
|
||||
*minor_status = 0;
|
||||
return GSS_S_BAD_BINDINGS;
|
||||
}
|
||||
}
|
||||
|
||||
p += sizeof(hash);
|
||||
|
||||
gssapi_decode_om_uint32(p, flags);
|
||||
p += 4;
|
||||
|
||||
if (cksum->checksum.length > 24 && (*flags & GSS_C_DELEG_FLAG)) {
|
||||
if(cksum->checksum.length < 28) {
|
||||
*minor_status = 0;
|
||||
return GSS_S_BAD_BINDINGS;
|
||||
}
|
||||
|
||||
DlgOpt = (p[0] << 0) | (p[1] << 8);
|
||||
p += 2;
|
||||
if (DlgOpt != 1) {
|
||||
*minor_status = 0;
|
||||
return GSS_S_BAD_BINDINGS;
|
||||
}
|
||||
|
||||
fwd_data->length = (p[0] << 0) | (p[1] << 8);
|
||||
p += 2;
|
||||
if(cksum->checksum.length < 28 + fwd_data->length) {
|
||||
*minor_status = 0;
|
||||
return GSS_S_BAD_BINDINGS;
|
||||
}
|
||||
fwd_data->data = malloc(fwd_data->length);
|
||||
if (fwd_data->data == NULL) {
|
||||
*minor_status = ENOMEM;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
memcpy(fwd_data->data, p, fwd_data->length);
|
||||
}
|
||||
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
@ -1,445 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "gssapi_locl.h"
|
||||
|
||||
RCSID("$Id: accept_sec_context.c,v 1.33.2.2 2003/12/19 00:37:06 lha Exp $");
|
||||
|
||||
krb5_keytab gssapi_krb5_keytab;
|
||||
|
||||
OM_uint32
|
||||
gsskrb5_register_acceptor_identity (const char *identity)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
char *p;
|
||||
|
||||
ret = gssapi_krb5_init();
|
||||
if(ret)
|
||||
return GSS_S_FAILURE;
|
||||
|
||||
if(gssapi_krb5_keytab != NULL) {
|
||||
krb5_kt_close(gssapi_krb5_context, gssapi_krb5_keytab);
|
||||
gssapi_krb5_keytab = NULL;
|
||||
}
|
||||
asprintf(&p, "FILE:%s", identity);
|
||||
if(p == NULL)
|
||||
return GSS_S_FAILURE;
|
||||
ret = krb5_kt_resolve(gssapi_krb5_context, p, &gssapi_krb5_keytab);
|
||||
free(p);
|
||||
if(ret)
|
||||
return GSS_S_FAILURE;
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
||||
|
||||
OM_uint32
|
||||
gss_accept_sec_context
|
||||
(OM_uint32 * minor_status,
|
||||
gss_ctx_id_t * context_handle,
|
||||
const gss_cred_id_t acceptor_cred_handle,
|
||||
const gss_buffer_t input_token_buffer,
|
||||
const gss_channel_bindings_t input_chan_bindings,
|
||||
gss_name_t * src_name,
|
||||
gss_OID * mech_type,
|
||||
gss_buffer_t output_token,
|
||||
OM_uint32 * ret_flags,
|
||||
OM_uint32 * time_rec,
|
||||
gss_cred_id_t * delegated_cred_handle
|
||||
)
|
||||
{
|
||||
krb5_error_code kret;
|
||||
OM_uint32 ret = GSS_S_COMPLETE;
|
||||
krb5_data indata;
|
||||
krb5_flags ap_options;
|
||||
OM_uint32 flags;
|
||||
krb5_ticket *ticket = NULL;
|
||||
krb5_keytab keytab = NULL;
|
||||
krb5_data fwd_data;
|
||||
OM_uint32 minor;
|
||||
|
||||
GSSAPI_KRB5_INIT();
|
||||
|
||||
krb5_data_zero (&fwd_data);
|
||||
output_token->length = 0;
|
||||
output_token->value = NULL;
|
||||
|
||||
if (src_name != NULL)
|
||||
*src_name = NULL;
|
||||
if (mech_type)
|
||||
*mech_type = GSS_KRB5_MECHANISM;
|
||||
|
||||
if (*context_handle == GSS_C_NO_CONTEXT) {
|
||||
*context_handle = malloc(sizeof(**context_handle));
|
||||
if (*context_handle == GSS_C_NO_CONTEXT) {
|
||||
*minor_status = ENOMEM;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
}
|
||||
|
||||
(*context_handle)->auth_context = NULL;
|
||||
(*context_handle)->source = NULL;
|
||||
(*context_handle)->target = NULL;
|
||||
(*context_handle)->flags = 0;
|
||||
(*context_handle)->more_flags = 0;
|
||||
(*context_handle)->ticket = NULL;
|
||||
(*context_handle)->lifetime = GSS_C_INDEFINITE;
|
||||
|
||||
kret = krb5_auth_con_init (gssapi_krb5_context,
|
||||
&(*context_handle)->auth_context);
|
||||
if (kret) {
|
||||
ret = GSS_S_FAILURE;
|
||||
*minor_status = kret;
|
||||
gssapi_krb5_set_error_string ();
|
||||
goto failure;
|
||||
}
|
||||
|
||||
if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS
|
||||
&& input_chan_bindings->application_data.length ==
|
||||
2 * sizeof((*context_handle)->auth_context->local_port)
|
||||
) {
|
||||
|
||||
/* Port numbers are expected to be in application_data.value,
|
||||
* initator's port first */
|
||||
|
||||
krb5_address initiator_addr, acceptor_addr;
|
||||
|
||||
memset(&initiator_addr, 0, sizeof(initiator_addr));
|
||||
memset(&acceptor_addr, 0, sizeof(acceptor_addr));
|
||||
|
||||
(*context_handle)->auth_context->remote_port =
|
||||
*(int16_t *) input_chan_bindings->application_data.value;
|
||||
|
||||
(*context_handle)->auth_context->local_port =
|
||||
*((int16_t *) input_chan_bindings->application_data.value + 1);
|
||||
|
||||
|
||||
kret = gss_address_to_krb5addr(input_chan_bindings->acceptor_addrtype,
|
||||
&input_chan_bindings->acceptor_address,
|
||||
(*context_handle)->auth_context->local_port,
|
||||
&acceptor_addr);
|
||||
if (kret) {
|
||||
gssapi_krb5_set_error_string ();
|
||||
ret = GSS_S_BAD_BINDINGS;
|
||||
*minor_status = kret;
|
||||
goto failure;
|
||||
}
|
||||
|
||||
kret = gss_address_to_krb5addr(input_chan_bindings->initiator_addrtype,
|
||||
&input_chan_bindings->initiator_address,
|
||||
(*context_handle)->auth_context->remote_port,
|
||||
&initiator_addr);
|
||||
if (kret) {
|
||||
krb5_free_address (gssapi_krb5_context, &acceptor_addr);
|
||||
gssapi_krb5_set_error_string ();
|
||||
ret = GSS_S_BAD_BINDINGS;
|
||||
*minor_status = kret;
|
||||
goto failure;
|
||||
}
|
||||
|
||||
kret = krb5_auth_con_setaddrs(gssapi_krb5_context,
|
||||
(*context_handle)->auth_context,
|
||||
&acceptor_addr, /* local address */
|
||||
&initiator_addr); /* remote address */
|
||||
|
||||
krb5_free_address (gssapi_krb5_context, &initiator_addr);
|
||||
krb5_free_address (gssapi_krb5_context, &acceptor_addr);
|
||||
|
||||
#if 0
|
||||
free(input_chan_bindings->application_data.value);
|
||||
input_chan_bindings->application_data.value = NULL;
|
||||
input_chan_bindings->application_data.length = 0;
|
||||
#endif
|
||||
|
||||
if (kret) {
|
||||
gssapi_krb5_set_error_string ();
|
||||
ret = GSS_S_BAD_BINDINGS;
|
||||
*minor_status = kret;
|
||||
goto failure;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
{
|
||||
int32_t tmp;
|
||||
|
||||
krb5_auth_con_getflags(gssapi_krb5_context,
|
||||
(*context_handle)->auth_context,
|
||||
&tmp);
|
||||
tmp |= KRB5_AUTH_CONTEXT_DO_SEQUENCE;
|
||||
krb5_auth_con_setflags(gssapi_krb5_context,
|
||||
(*context_handle)->auth_context,
|
||||
tmp);
|
||||
}
|
||||
|
||||
ret = gssapi_krb5_decapsulate (minor_status,
|
||||
input_token_buffer,
|
||||
&indata,
|
||||
"\x01\x00");
|
||||
if (ret)
|
||||
goto failure;
|
||||
|
||||
if (acceptor_cred_handle == GSS_C_NO_CREDENTIAL) {
|
||||
if (gssapi_krb5_keytab != NULL) {
|
||||
keytab = gssapi_krb5_keytab;
|
||||
}
|
||||
} else if (acceptor_cred_handle->keytab != NULL) {
|
||||
keytab = acceptor_cred_handle->keytab;
|
||||
}
|
||||
|
||||
kret = krb5_rd_req (gssapi_krb5_context,
|
||||
&(*context_handle)->auth_context,
|
||||
&indata,
|
||||
(acceptor_cred_handle == GSS_C_NO_CREDENTIAL) ? NULL
|
||||
: acceptor_cred_handle->principal,
|
||||
keytab,
|
||||
&ap_options,
|
||||
&ticket);
|
||||
if (kret) {
|
||||
ret = GSS_S_FAILURE;
|
||||
*minor_status = kret;
|
||||
gssapi_krb5_set_error_string ();
|
||||
goto failure;
|
||||
}
|
||||
|
||||
kret = krb5_copy_principal (gssapi_krb5_context,
|
||||
ticket->client,
|
||||
&(*context_handle)->source);
|
||||
if (kret) {
|
||||
ret = GSS_S_FAILURE;
|
||||
*minor_status = kret;
|
||||
gssapi_krb5_set_error_string ();
|
||||
goto failure;
|
||||
}
|
||||
|
||||
kret = krb5_copy_principal (gssapi_krb5_context,
|
||||
ticket->server,
|
||||
&(*context_handle)->target);
|
||||
if (kret) {
|
||||
ret = GSS_S_FAILURE;
|
||||
*minor_status = kret;
|
||||
gssapi_krb5_set_error_string ();
|
||||
goto failure;
|
||||
}
|
||||
|
||||
ret = _gss_DES3_get_mic_compat(minor_status, *context_handle);
|
||||
if (ret)
|
||||
goto failure;
|
||||
|
||||
if (src_name != NULL) {
|
||||
kret = krb5_copy_principal (gssapi_krb5_context,
|
||||
ticket->client,
|
||||
src_name);
|
||||
if (kret) {
|
||||
ret = GSS_S_FAILURE;
|
||||
*minor_status = kret;
|
||||
gssapi_krb5_set_error_string ();
|
||||
goto failure;
|
||||
}
|
||||
}
|
||||
|
||||
{
|
||||
krb5_authenticator authenticator;
|
||||
|
||||
kret = krb5_auth_con_getauthenticator(gssapi_krb5_context,
|
||||
(*context_handle)->auth_context,
|
||||
&authenticator);
|
||||
if(kret) {
|
||||
ret = GSS_S_FAILURE;
|
||||
*minor_status = kret;
|
||||
gssapi_krb5_set_error_string ();
|
||||
goto failure;
|
||||
}
|
||||
|
||||
ret = gssapi_krb5_verify_8003_checksum(minor_status,
|
||||
input_chan_bindings,
|
||||
authenticator->cksum,
|
||||
&flags,
|
||||
&fwd_data);
|
||||
krb5_free_authenticator(gssapi_krb5_context, &authenticator);
|
||||
if (ret)
|
||||
goto failure;
|
||||
}
|
||||
|
||||
if (fwd_data.length > 0 && (flags & GSS_C_DELEG_FLAG)) {
|
||||
krb5_ccache ccache;
|
||||
int32_t ac_flags;
|
||||
|
||||
if (delegated_cred_handle == NULL)
|
||||
/* XXX Create a new delegated_cred_handle? */
|
||||
kret = krb5_cc_default (gssapi_krb5_context, &ccache);
|
||||
else if (*delegated_cred_handle == NULL) {
|
||||
if ((*delegated_cred_handle =
|
||||
calloc(1, sizeof(**delegated_cred_handle))) == NULL) {
|
||||
ret = GSS_S_FAILURE;
|
||||
*minor_status = ENOMEM;
|
||||
krb5_set_error_string(gssapi_krb5_context, "out of memory");
|
||||
gssapi_krb5_set_error_string();
|
||||
goto failure;
|
||||
}
|
||||
if ((ret = gss_duplicate_name(minor_status, ticket->client,
|
||||
&(*delegated_cred_handle)->principal)) != 0) {
|
||||
flags &= ~GSS_C_DELEG_FLAG;
|
||||
free(*delegated_cred_handle);
|
||||
*delegated_cred_handle = NULL;
|
||||
goto end_fwd;
|
||||
}
|
||||
}
|
||||
if (delegated_cred_handle != NULL &&
|
||||
(*delegated_cred_handle)->ccache == NULL) {
|
||||
kret = krb5_cc_gen_new (gssapi_krb5_context,
|
||||
&krb5_mcc_ops,
|
||||
&(*delegated_cred_handle)->ccache);
|
||||
ccache = (*delegated_cred_handle)->ccache;
|
||||
}
|
||||
if (delegated_cred_handle != NULL &&
|
||||
(*delegated_cred_handle)->mechanisms == NULL) {
|
||||
ret = gss_create_empty_oid_set(minor_status,
|
||||
&(*delegated_cred_handle)->mechanisms);
|
||||
if (ret)
|
||||
goto failure;
|
||||
ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
|
||||
&(*delegated_cred_handle)->mechanisms);
|
||||
if (ret)
|
||||
goto failure;
|
||||
}
|
||||
|
||||
if (kret) {
|
||||
flags &= ~GSS_C_DELEG_FLAG;
|
||||
goto end_fwd;
|
||||
}
|
||||
|
||||
kret = krb5_cc_initialize(gssapi_krb5_context,
|
||||
ccache,
|
||||
*src_name);
|
||||
if (kret) {
|
||||
flags &= ~GSS_C_DELEG_FLAG;
|
||||
goto end_fwd;
|
||||
}
|
||||
|
||||
krb5_auth_con_getflags(gssapi_krb5_context,
|
||||
(*context_handle)->auth_context,
|
||||
&ac_flags);
|
||||
krb5_auth_con_setflags(gssapi_krb5_context,
|
||||
(*context_handle)->auth_context,
|
||||
ac_flags & ~KRB5_AUTH_CONTEXT_DO_TIME);
|
||||
kret = krb5_rd_cred2(gssapi_krb5_context,
|
||||
(*context_handle)->auth_context,
|
||||
ccache,
|
||||
&fwd_data);
|
||||
krb5_auth_con_setflags(gssapi_krb5_context,
|
||||
(*context_handle)->auth_context,
|
||||
ac_flags);
|
||||
if (kret) {
|
||||
flags &= ~GSS_C_DELEG_FLAG;
|
||||
goto end_fwd;
|
||||
}
|
||||
|
||||
end_fwd:
|
||||
free(fwd_data.data);
|
||||
}
|
||||
|
||||
|
||||
flags |= GSS_C_TRANS_FLAG;
|
||||
|
||||
if (ret_flags)
|
||||
*ret_flags = flags;
|
||||
(*context_handle)->lifetime = ticket->ticket.endtime;
|
||||
(*context_handle)->flags = flags;
|
||||
(*context_handle)->more_flags |= OPEN;
|
||||
|
||||
if (mech_type)
|
||||
*mech_type = GSS_KRB5_MECHANISM;
|
||||
|
||||
if (time_rec) {
|
||||
ret = gssapi_lifetime_left(minor_status,
|
||||
(*context_handle)->lifetime,
|
||||
time_rec);
|
||||
if (ret)
|
||||
goto failure;
|
||||
}
|
||||
|
||||
if(flags & GSS_C_MUTUAL_FLAG) {
|
||||
krb5_data outbuf;
|
||||
|
||||
kret = krb5_mk_rep (gssapi_krb5_context,
|
||||
(*context_handle)->auth_context,
|
||||
&outbuf);
|
||||
if (kret) {
|
||||
ret = GSS_S_FAILURE;
|
||||
*minor_status = kret;
|
||||
gssapi_krb5_set_error_string ();
|
||||
goto failure;
|
||||
}
|
||||
ret = gssapi_krb5_encapsulate (minor_status,
|
||||
&outbuf,
|
||||
output_token,
|
||||
"\x02\x00");
|
||||
krb5_data_free (&outbuf);
|
||||
if (ret)
|
||||
goto failure;
|
||||
} else {
|
||||
output_token->length = 0;
|
||||
output_token->value = NULL;
|
||||
}
|
||||
|
||||
(*context_handle)->ticket = ticket;
|
||||
ticket = NULL;
|
||||
|
||||
#if 0
|
||||
krb5_free_ticket (context, ticket);
|
||||
#endif
|
||||
|
||||
*minor_status = 0;
|
||||
return GSS_S_COMPLETE;
|
||||
|
||||
failure:
|
||||
if (fwd_data.length > 0)
|
||||
free(fwd_data.data);
|
||||
if (ticket != NULL)
|
||||
krb5_free_ticket (gssapi_krb5_context, ticket);
|
||||
krb5_auth_con_free (gssapi_krb5_context,
|
||||
(*context_handle)->auth_context);
|
||||
if((*context_handle)->source)
|
||||
krb5_free_principal (gssapi_krb5_context,
|
||||
(*context_handle)->source);
|
||||
if((*context_handle)->target)
|
||||
krb5_free_principal (gssapi_krb5_context,
|
||||
(*context_handle)->target);
|
||||
free (*context_handle);
|
||||
if (src_name != NULL) {
|
||||
gss_release_name (&minor, src_name);
|
||||
*src_name = NULL;
|
||||
}
|
||||
*context_handle = GSS_C_NO_CONTEXT;
|
||||
return ret;
|
||||
}
|
@ -1,309 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "gssapi_locl.h"
|
||||
|
||||
RCSID("$Id: acquire_cred.c,v 1.13.2.1 2003/08/15 14:18:24 lha Exp $");
|
||||
|
||||
static krb5_error_code
|
||||
get_keytab(krb5_keytab *keytab)
|
||||
{
|
||||
char kt_name[256];
|
||||
krb5_error_code kret;
|
||||
|
||||
if (gssapi_krb5_keytab != NULL) {
|
||||
kret = krb5_kt_get_name(gssapi_krb5_context,
|
||||
gssapi_krb5_keytab,
|
||||
kt_name, sizeof(kt_name));
|
||||
if (kret == 0)
|
||||
kret = krb5_kt_resolve(gssapi_krb5_context, kt_name, keytab);
|
||||
} else
|
||||
kret = krb5_kt_default(gssapi_krb5_context, keytab);
|
||||
return (kret);
|
||||
}
|
||||
|
||||
static OM_uint32 acquire_initiator_cred
|
||||
(OM_uint32 * minor_status,
|
||||
const gss_name_t desired_name,
|
||||
OM_uint32 time_req,
|
||||
const gss_OID_set desired_mechs,
|
||||
gss_cred_usage_t cred_usage,
|
||||
gss_cred_id_t handle,
|
||||
gss_OID_set * actual_mechs,
|
||||
OM_uint32 * time_rec
|
||||
)
|
||||
{
|
||||
OM_uint32 ret;
|
||||
krb5_creds cred;
|
||||
krb5_principal def_princ;
|
||||
krb5_get_init_creds_opt opt;
|
||||
krb5_ccache ccache;
|
||||
krb5_keytab keytab;
|
||||
krb5_error_code kret;
|
||||
|
||||
keytab = NULL;
|
||||
ccache = NULL;
|
||||
def_princ = NULL;
|
||||
ret = GSS_S_FAILURE;
|
||||
memset(&cred, 0, sizeof(cred));
|
||||
|
||||
kret = krb5_cc_default(gssapi_krb5_context, &ccache);
|
||||
if (kret)
|
||||
goto end;
|
||||
kret = krb5_cc_get_principal(gssapi_krb5_context, ccache,
|
||||
&def_princ);
|
||||
if (kret != 0) {
|
||||
/* we'll try to use a keytab below */
|
||||
krb5_cc_destroy(gssapi_krb5_context, ccache);
|
||||
ccache = NULL;
|
||||
kret = 0;
|
||||
} else if (handle->principal == NULL) {
|
||||
kret = krb5_copy_principal(gssapi_krb5_context, def_princ,
|
||||
&handle->principal);
|
||||
if (kret)
|
||||
goto end;
|
||||
} else if (handle->principal != NULL &&
|
||||
krb5_principal_compare(gssapi_krb5_context, handle->principal,
|
||||
def_princ) == FALSE) {
|
||||
/* Before failing, lets check the keytab */
|
||||
krb5_free_principal(gssapi_krb5_context, def_princ);
|
||||
def_princ = NULL;
|
||||
}
|
||||
if (def_princ == NULL) {
|
||||
/* We have no existing credentials cache,
|
||||
* so attempt to get a TGT using a keytab.
|
||||
*/
|
||||
if (handle->principal == NULL) {
|
||||
kret = krb5_get_default_principal(gssapi_krb5_context,
|
||||
&handle->principal);
|
||||
if (kret)
|
||||
goto end;
|
||||
}
|
||||
kret = get_keytab(&keytab);
|
||||
if (kret)
|
||||
goto end;
|
||||
krb5_get_init_creds_opt_init(&opt);
|
||||
kret = krb5_get_init_creds_keytab(gssapi_krb5_context, &cred,
|
||||
handle->principal, keytab, 0, NULL, &opt);
|
||||
if (kret)
|
||||
goto end;
|
||||
kret = krb5_cc_gen_new(gssapi_krb5_context, &krb5_mcc_ops,
|
||||
&ccache);
|
||||
if (kret)
|
||||
goto end;
|
||||
kret = krb5_cc_initialize(gssapi_krb5_context, ccache, cred.client);
|
||||
if (kret)
|
||||
goto end;
|
||||
kret = krb5_cc_store_cred(gssapi_krb5_context, ccache, &cred);
|
||||
if (kret)
|
||||
goto end;
|
||||
handle->lifetime = cred.times.endtime;
|
||||
} else {
|
||||
krb5_creds in_cred, *out_cred;
|
||||
krb5_const_realm realm;
|
||||
|
||||
memset(&in_cred, 0, sizeof(in_cred));
|
||||
in_cred.client = handle->principal;
|
||||
|
||||
realm = krb5_principal_get_realm(gssapi_krb5_context,
|
||||
handle->principal);
|
||||
if (realm == NULL) {
|
||||
kret = KRB5_PRINC_NOMATCH; /* XXX */
|
||||
goto end;
|
||||
}
|
||||
|
||||
kret = krb5_make_principal(gssapi_krb5_context, &in_cred.server,
|
||||
realm, KRB5_TGS_NAME, realm, NULL);
|
||||
if (kret)
|
||||
goto end;
|
||||
|
||||
kret = krb5_get_credentials(gssapi_krb5_context, 0,
|
||||
ccache, &in_cred, &out_cred);
|
||||
krb5_free_principal(gssapi_krb5_context, in_cred.server);
|
||||
if (kret)
|
||||
goto end;
|
||||
|
||||
handle->lifetime = out_cred->times.endtime;
|
||||
krb5_free_creds(gssapi_krb5_context, out_cred);
|
||||
}
|
||||
|
||||
handle->ccache = ccache;
|
||||
ret = GSS_S_COMPLETE;
|
||||
|
||||
end:
|
||||
if (cred.client != NULL)
|
||||
krb5_free_creds_contents(gssapi_krb5_context, &cred);
|
||||
if (def_princ != NULL)
|
||||
krb5_free_principal(gssapi_krb5_context, def_princ);
|
||||
if (keytab != NULL)
|
||||
krb5_kt_close(gssapi_krb5_context, keytab);
|
||||
if (ret != GSS_S_COMPLETE) {
|
||||
if (ccache != NULL)
|
||||
krb5_cc_close(gssapi_krb5_context, ccache);
|
||||
if (kret != 0) {
|
||||
*minor_status = kret;
|
||||
gssapi_krb5_set_error_string ();
|
||||
}
|
||||
}
|
||||
return (ret);
|
||||
}
|
||||
|
||||
static OM_uint32 acquire_acceptor_cred
|
||||
(OM_uint32 * minor_status,
|
||||
const gss_name_t desired_name,
|
||||
OM_uint32 time_req,
|
||||
const gss_OID_set desired_mechs,
|
||||
gss_cred_usage_t cred_usage,
|
||||
gss_cred_id_t handle,
|
||||
gss_OID_set * actual_mechs,
|
||||
OM_uint32 * time_rec
|
||||
)
|
||||
{
|
||||
OM_uint32 ret;
|
||||
krb5_error_code kret;
|
||||
|
||||
kret = 0;
|
||||
ret = GSS_S_FAILURE;
|
||||
kret = get_keytab(&handle->keytab);
|
||||
if (kret)
|
||||
goto end;
|
||||
ret = GSS_S_COMPLETE;
|
||||
|
||||
end:
|
||||
if (ret != GSS_S_COMPLETE) {
|
||||
if (handle->keytab != NULL)
|
||||
krb5_kt_close(gssapi_krb5_context, handle->keytab);
|
||||
if (kret != 0) {
|
||||
*minor_status = kret;
|
||||
gssapi_krb5_set_error_string ();
|
||||
}
|
||||
}
|
||||
return (ret);
|
||||
}
|
||||
|
||||
OM_uint32 gss_acquire_cred
|
||||
(OM_uint32 * minor_status,
|
||||
const gss_name_t desired_name,
|
||||
OM_uint32 time_req,
|
||||
const gss_OID_set desired_mechs,
|
||||
gss_cred_usage_t cred_usage,
|
||||
gss_cred_id_t * output_cred_handle,
|
||||
gss_OID_set * actual_mechs,
|
||||
OM_uint32 * time_rec
|
||||
)
|
||||
{
|
||||
gss_cred_id_t handle;
|
||||
OM_uint32 ret;
|
||||
|
||||
GSSAPI_KRB5_INIT ();
|
||||
|
||||
*output_cred_handle = NULL;
|
||||
if (time_rec)
|
||||
*time_rec = 0;
|
||||
if (actual_mechs)
|
||||
*actual_mechs = GSS_C_NO_OID_SET;
|
||||
|
||||
if (desired_mechs) {
|
||||
OM_uint32 present = 0;
|
||||
|
||||
ret = gss_test_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
|
||||
desired_mechs, &present);
|
||||
if (ret)
|
||||
return ret;
|
||||
if (!present) {
|
||||
*minor_status = 0;
|
||||
return GSS_S_BAD_MECH;
|
||||
}
|
||||
}
|
||||
|
||||
handle = (gss_cred_id_t)malloc(sizeof(*handle));
|
||||
if (handle == GSS_C_NO_CREDENTIAL) {
|
||||
*minor_status = ENOMEM;
|
||||
return (GSS_S_FAILURE);
|
||||
}
|
||||
|
||||
memset(handle, 0, sizeof (*handle));
|
||||
|
||||
if (desired_name != GSS_C_NO_NAME) {
|
||||
ret = gss_duplicate_name(minor_status, desired_name,
|
||||
&handle->principal);
|
||||
if (ret != GSS_S_COMPLETE) {
|
||||
free(handle);
|
||||
return (ret);
|
||||
}
|
||||
}
|
||||
if (cred_usage == GSS_C_INITIATE || cred_usage == GSS_C_BOTH) {
|
||||
ret = acquire_initiator_cred(minor_status, desired_name, time_req,
|
||||
desired_mechs, cred_usage, handle, actual_mechs, time_rec);
|
||||
if (ret != GSS_S_COMPLETE) {
|
||||
free(handle);
|
||||
return (ret);
|
||||
}
|
||||
} else if (cred_usage == GSS_C_ACCEPT || cred_usage == GSS_C_BOTH) {
|
||||
ret = acquire_acceptor_cred(minor_status, desired_name, time_req,
|
||||
desired_mechs, cred_usage, handle, actual_mechs, time_rec);
|
||||
if (ret != GSS_S_COMPLETE) {
|
||||
free(handle);
|
||||
return (ret);
|
||||
}
|
||||
} else {
|
||||
free(handle);
|
||||
*minor_status = GSS_KRB5_S_G_BAD_USAGE;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms);
|
||||
if (ret == GSS_S_COMPLETE)
|
||||
ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
|
||||
&handle->mechanisms);
|
||||
if (ret == GSS_S_COMPLETE)
|
||||
ret = gss_inquire_cred(minor_status, handle, NULL, time_rec, NULL,
|
||||
actual_mechs);
|
||||
if (ret != GSS_S_COMPLETE) {
|
||||
if (handle->mechanisms != NULL)
|
||||
gss_release_oid_set(NULL, &handle->mechanisms);
|
||||
free(handle);
|
||||
return (ret);
|
||||
}
|
||||
*minor_status = 0;
|
||||
if (time_rec) {
|
||||
ret = gssapi_lifetime_left(minor_status,
|
||||
handle->lifetime,
|
||||
time_rec);
|
||||
|
||||
if (ret)
|
||||
return ret;
|
||||
}
|
||||
handle->usage = cred_usage;
|
||||
*output_cred_handle = handle;
|
||||
return (GSS_S_COMPLETE);
|
||||
}
|
@ -1,234 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 2003 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "gssapi_locl.h"
|
||||
|
||||
RCSID("$Id: add_cred.c,v 1.2.2.1 2003/10/21 21:00:47 lha Exp $");
|
||||
|
||||
OM_uint32 gss_add_cred (
|
||||
OM_uint32 *minor_status,
|
||||
const gss_cred_id_t input_cred_handle,
|
||||
const gss_name_t desired_name,
|
||||
const gss_OID desired_mech,
|
||||
gss_cred_usage_t cred_usage,
|
||||
OM_uint32 initiator_time_req,
|
||||
OM_uint32 acceptor_time_req,
|
||||
gss_cred_id_t *output_cred_handle,
|
||||
gss_OID_set *actual_mechs,
|
||||
OM_uint32 *initiator_time_rec,
|
||||
OM_uint32 *acceptor_time_rec)
|
||||
{
|
||||
OM_uint32 ret, lifetime;
|
||||
gss_cred_id_t cred, handle;
|
||||
|
||||
handle = NULL;
|
||||
cred = input_cred_handle;
|
||||
|
||||
if (gss_oid_equal(desired_mech, GSS_KRB5_MECHANISM) == 0) {
|
||||
*minor_status = 0;
|
||||
return GSS_S_BAD_MECH;
|
||||
}
|
||||
|
||||
if (cred == GSS_C_NO_CREDENTIAL && output_cred_handle == NULL) {
|
||||
*minor_status = 0;
|
||||
return GSS_S_NO_CRED;
|
||||
}
|
||||
|
||||
/* check if requested output usage is compatible with output usage */
|
||||
if (output_cred_handle != NULL &&
|
||||
(cred->usage != cred_usage && cred->usage != GSS_C_BOTH)) {
|
||||
*minor_status = GSS_KRB5_S_G_BAD_USAGE;
|
||||
return(GSS_S_FAILURE);
|
||||
}
|
||||
|
||||
/* check that we have the same name */
|
||||
if (desired_name != GSS_C_NO_NAME &&
|
||||
krb5_principal_compare(gssapi_krb5_context, desired_name,
|
||||
cred->principal) != FALSE) {
|
||||
*minor_status = 0;
|
||||
return GSS_S_BAD_NAME;
|
||||
}
|
||||
|
||||
/* make a copy */
|
||||
if (output_cred_handle) {
|
||||
|
||||
handle = (gss_cred_id_t)malloc(sizeof(*handle));
|
||||
if (handle == GSS_C_NO_CREDENTIAL) {
|
||||
*minor_status = ENOMEM;
|
||||
return (GSS_S_FAILURE);
|
||||
}
|
||||
|
||||
memset(handle, 0, sizeof (*handle));
|
||||
|
||||
handle->usage = cred_usage;
|
||||
handle->lifetime = cred->lifetime;
|
||||
handle->principal = NULL;
|
||||
handle->keytab = NULL;
|
||||
handle->ccache = NULL;
|
||||
handle->mechanisms = NULL;
|
||||
|
||||
ret = GSS_S_FAILURE;
|
||||
|
||||
ret = gss_duplicate_name(minor_status, cred->principal,
|
||||
&handle->principal);
|
||||
if (ret) {
|
||||
free(handle);
|
||||
*minor_status = ENOMEM;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
if (cred->keytab) {
|
||||
krb5_error_code kret;
|
||||
char name[KRB5_KT_PREFIX_MAX_LEN + MAXPATHLEN];
|
||||
int len;
|
||||
|
||||
ret = GSS_S_FAILURE;
|
||||
|
||||
kret = krb5_kt_get_type(gssapi_krb5_context, cred->keytab,
|
||||
name, KRB5_KT_PREFIX_MAX_LEN);
|
||||
if (kret) {
|
||||
*minor_status = kret;
|
||||
goto failure;
|
||||
}
|
||||
len = strlen(name);
|
||||
name[len++] = ':';
|
||||
|
||||
kret = krb5_kt_get_name(gssapi_krb5_context, cred->keytab,
|
||||
name + len,
|
||||
sizeof(name) - len);
|
||||
if (kret) {
|
||||
*minor_status = kret;
|
||||
goto failure;
|
||||
}
|
||||
|
||||
kret = krb5_kt_resolve(gssapi_krb5_context, name,
|
||||
&handle->keytab);
|
||||
if (kret){
|
||||
*minor_status = kret;
|
||||
goto failure;
|
||||
}
|
||||
}
|
||||
|
||||
if (cred->ccache) {
|
||||
krb5_error_code kret;
|
||||
const char *type, *name;
|
||||
char *type_name;
|
||||
|
||||
ret = GSS_S_FAILURE;
|
||||
|
||||
type = krb5_cc_get_type(gssapi_krb5_context, cred->ccache);
|
||||
if (type == NULL){
|
||||
*minor_status = ENOMEM;
|
||||
goto failure;
|
||||
}
|
||||
|
||||
if (strcmp(type, "MEMORY") == 0) {
|
||||
ret = krb5_cc_gen_new(gssapi_krb5_context, &krb5_mcc_ops,
|
||||
&handle->ccache);
|
||||
if (ret) {
|
||||
*minor_status = ret;
|
||||
goto failure;
|
||||
}
|
||||
|
||||
ret = krb5_cc_copy_cache(gssapi_krb5_context, cred->ccache,
|
||||
handle->ccache);
|
||||
if (ret) {
|
||||
*minor_status = ret;
|
||||
goto failure;
|
||||
}
|
||||
|
||||
} else {
|
||||
|
||||
name = krb5_cc_get_name(gssapi_krb5_context, cred->ccache);
|
||||
if (name == NULL) {
|
||||
*minor_status = ENOMEM;
|
||||
goto failure;
|
||||
}
|
||||
|
||||
asprintf(&type_name, "%s:%s", type, name);
|
||||
if (type_name == NULL) {
|
||||
*minor_status = ENOMEM;
|
||||
goto failure;
|
||||
}
|
||||
|
||||
kret = krb5_cc_resolve(gssapi_krb5_context, type_name,
|
||||
&handle->ccache);
|
||||
free(type_name);
|
||||
if (kret) {
|
||||
*minor_status = kret;
|
||||
goto failure;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms);
|
||||
if (ret)
|
||||
goto failure;
|
||||
|
||||
ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
|
||||
&handle->mechanisms);
|
||||
if (ret)
|
||||
goto failure;
|
||||
}
|
||||
|
||||
ret = gss_inquire_cred(minor_status, cred, NULL, &lifetime,
|
||||
NULL, actual_mechs);
|
||||
if (ret)
|
||||
goto failure;
|
||||
|
||||
if (initiator_time_rec)
|
||||
*initiator_time_rec = lifetime;
|
||||
if (acceptor_time_rec)
|
||||
*acceptor_time_rec = lifetime;
|
||||
|
||||
if (output_cred_handle)
|
||||
*output_cred_handle = handle;
|
||||
|
||||
*minor_status = 0;
|
||||
return ret;
|
||||
|
||||
failure:
|
||||
|
||||
if (handle) {
|
||||
if (handle->principal)
|
||||
gss_release_name(NULL, &handle->principal);
|
||||
if (handle->keytab)
|
||||
krb5_kt_close(gssapi_krb5_context, handle->keytab);
|
||||
if (handle->ccache)
|
||||
krb5_cc_destroy(gssapi_krb5_context, handle->ccache);
|
||||
if (handle->mechanisms)
|
||||
gss_release_oid_set(NULL, &handle->mechanisms);
|
||||
free(handle);
|
||||
}
|
||||
return ret;
|
||||
}
|
@ -1,69 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "gssapi_locl.h"
|
||||
|
||||
RCSID("$Id: add_oid_set_member.c,v 1.8 2003/03/16 17:50:49 lha Exp $");
|
||||
|
||||
OM_uint32 gss_add_oid_set_member (
|
||||
OM_uint32 * minor_status,
|
||||
const gss_OID member_oid,
|
||||
gss_OID_set * oid_set
|
||||
)
|
||||
{
|
||||
gss_OID tmp;
|
||||
size_t n;
|
||||
OM_uint32 res;
|
||||
int present;
|
||||
|
||||
res = gss_test_oid_set_member(minor_status, member_oid, *oid_set, &present);
|
||||
if (res != GSS_S_COMPLETE)
|
||||
return res;
|
||||
|
||||
if (present) {
|
||||
*minor_status = 0;
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
||||
|
||||
n = (*oid_set)->count + 1;
|
||||
tmp = realloc ((*oid_set)->elements, n * sizeof(gss_OID_desc));
|
||||
if (tmp == NULL) {
|
||||
*minor_status = ENOMEM;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
(*oid_set)->elements = tmp;
|
||||
(*oid_set)->count = n;
|
||||
(*oid_set)->elements[n-1] = *member_oid;
|
||||
*minor_status = 0;
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
@ -1,76 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "gssapi_locl.h"
|
||||
|
||||
#include <roken.h>
|
||||
|
||||
krb5_error_code
|
||||
gss_address_to_krb5addr(OM_uint32 gss_addr_type,
|
||||
gss_buffer_desc *gss_addr,
|
||||
int16_t port,
|
||||
krb5_address *address)
|
||||
{
|
||||
int addr_type;
|
||||
struct sockaddr sa;
|
||||
int sa_size = sizeof(sa);
|
||||
krb5_error_code problem;
|
||||
|
||||
if (gss_addr == NULL)
|
||||
return GSS_S_FAILURE;
|
||||
|
||||
switch (gss_addr_type) {
|
||||
#ifdef HAVE_IPV6
|
||||
case GSS_C_AF_INET6: addr_type = AF_INET6;
|
||||
break;
|
||||
#endif /* HAVE_IPV6 */
|
||||
|
||||
case GSS_C_AF_INET: addr_type = AF_INET;
|
||||
break;
|
||||
default:
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
problem = krb5_h_addr2sockaddr (gssapi_krb5_context,
|
||||
addr_type,
|
||||
gss_addr->value,
|
||||
&sa,
|
||||
&sa_size,
|
||||
port);
|
||||
if (problem)
|
||||
return GSS_S_FAILURE;
|
||||
|
||||
problem = krb5_sockaddr2address (gssapi_krb5_context, &sa, address);
|
||||
|
||||
return problem;
|
||||
}
|
@ -1,623 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 2003 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "gssapi_locl.h"
|
||||
|
||||
/*
|
||||
* Implements draft-brezak-win2k-krb-rc4-hmac-04.txt
|
||||
*/
|
||||
|
||||
RCSID("$Id: arcfour.c,v 1.12.2.3 2003/09/19 15:15:11 lha Exp $");
|
||||
|
||||
static krb5_error_code
|
||||
arcfour_mic_key(krb5_context context, krb5_keyblock *key,
|
||||
void *cksum_data, size_t cksum_size,
|
||||
void *key6_data, size_t key6_size)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
|
||||
Checksum cksum_k5;
|
||||
krb5_keyblock key5;
|
||||
char k5_data[16];
|
||||
|
||||
Checksum cksum_k6;
|
||||
|
||||
char T[4];
|
||||
|
||||
memset(T, 0, 4);
|
||||
cksum_k5.checksum.data = k5_data;
|
||||
cksum_k5.checksum.length = sizeof(k5_data);
|
||||
|
||||
if (key->keytype == KEYTYPE_ARCFOUR_56) {
|
||||
char L40[14] = "fortybits";
|
||||
|
||||
memcpy(L40 + 10, T, sizeof(T));
|
||||
ret = krb5_hmac(context, CKSUMTYPE_RSA_MD5,
|
||||
L40, 14, 0, key, &cksum_k5);
|
||||
memset(&k5_data[7], 0xAB, 9);
|
||||
} else {
|
||||
ret = krb5_hmac(context, CKSUMTYPE_RSA_MD5,
|
||||
T, 4, 0, key, &cksum_k5);
|
||||
}
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
key5.keytype = KEYTYPE_ARCFOUR;
|
||||
key5.keyvalue = cksum_k5.checksum;
|
||||
|
||||
cksum_k6.checksum.data = key6_data;
|
||||
cksum_k6.checksum.length = key6_size;
|
||||
|
||||
return krb5_hmac(context, CKSUMTYPE_RSA_MD5,
|
||||
cksum_data, cksum_size, 0, &key5, &cksum_k6);
|
||||
}
|
||||
|
||||
|
||||
static krb5_error_code
|
||||
arcfour_mic_cksum(krb5_keyblock *key, unsigned usage,
|
||||
u_char *sgn_cksum, size_t sgn_cksum_sz,
|
||||
const char *v1, size_t l1,
|
||||
const void *v2, size_t l2,
|
||||
const void *v3, size_t l3)
|
||||
{
|
||||
Checksum CKSUM;
|
||||
u_char *ptr;
|
||||
size_t len;
|
||||
krb5_crypto crypto;
|
||||
krb5_error_code ret;
|
||||
|
||||
assert(sgn_cksum_sz == 8);
|
||||
|
||||
len = l1 + l2 + l3;
|
||||
|
||||
ptr = malloc(len);
|
||||
if (ptr == NULL)
|
||||
return ENOMEM;
|
||||
|
||||
memcpy(ptr, v1, l1);
|
||||
memcpy(ptr + l1, v2, l2);
|
||||
memcpy(ptr + l1 + l2, v3, l3);
|
||||
|
||||
ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto);
|
||||
if (ret) {
|
||||
free(ptr);
|
||||
return ret;
|
||||
}
|
||||
|
||||
ret = krb5_create_checksum(gssapi_krb5_context,
|
||||
crypto,
|
||||
usage,
|
||||
0,
|
||||
ptr, len,
|
||||
&CKSUM);
|
||||
free(ptr);
|
||||
if (ret == 0) {
|
||||
memcpy(sgn_cksum, CKSUM.checksum.data, sgn_cksum_sz);
|
||||
free_Checksum(&CKSUM);
|
||||
}
|
||||
krb5_crypto_destroy(gssapi_krb5_context, crypto);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
OM_uint32
|
||||
_gssapi_get_mic_arcfour(OM_uint32 * minor_status,
|
||||
const gss_ctx_id_t context_handle,
|
||||
gss_qop_t qop_req,
|
||||
const gss_buffer_t message_buffer,
|
||||
gss_buffer_t message_token,
|
||||
krb5_keyblock *key)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
int32_t seq_number;
|
||||
size_t len, total_len;
|
||||
u_char k6_data[16], *p0, *p;
|
||||
RC4_KEY rc4_key;
|
||||
|
||||
gssapi_krb5_encap_length (22, &len, &total_len);
|
||||
|
||||
message_token->length = total_len;
|
||||
message_token->value = malloc (total_len);
|
||||
if (message_token->value == NULL) {
|
||||
*minor_status = ENOMEM;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
p0 = _gssapi_make_mech_header(message_token->value,
|
||||
len);
|
||||
p = p0;
|
||||
|
||||
*p++ = 0x01; /* TOK_ID */
|
||||
*p++ = 0x01;
|
||||
*p++ = 0x11; /* SGN_ALG */
|
||||
*p++ = 0x00;
|
||||
*p++ = 0xff; /* Filler */
|
||||
*p++ = 0xff;
|
||||
*p++ = 0xff;
|
||||
*p++ = 0xff;
|
||||
|
||||
p = NULL;
|
||||
|
||||
ret = arcfour_mic_cksum(key, KRB5_KU_USAGE_SIGN,
|
||||
p0 + 16, 8, /* SGN_CKSUM */
|
||||
p0, 8, /* TOK_ID, SGN_ALG, Filer */
|
||||
message_buffer->value, message_buffer->length,
|
||||
NULL, 0);
|
||||
if (ret) {
|
||||
gss_release_buffer(minor_status, message_token);
|
||||
*minor_status = ret;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
ret = arcfour_mic_key(gssapi_krb5_context, key,
|
||||
p0 + 16, 8, /* SGN_CKSUM */
|
||||
k6_data, sizeof(k6_data));
|
||||
if (ret) {
|
||||
gss_release_buffer(minor_status, message_token);
|
||||
*minor_status = ret;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,
|
||||
context_handle->auth_context,
|
||||
&seq_number);
|
||||
p = p0 + 8; /* SND_SEQ */
|
||||
gssapi_encode_be_om_uint32(seq_number, p);
|
||||
|
||||
krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,
|
||||
context_handle->auth_context,
|
||||
++seq_number);
|
||||
|
||||
memset (p + 4, (context_handle->more_flags & LOCAL) ? 0 : 0xff, 4);
|
||||
|
||||
RC4_set_key (&rc4_key, sizeof(k6_data), k6_data);
|
||||
RC4 (&rc4_key, 8, p, p);
|
||||
|
||||
memset(&rc4_key, 0, sizeof(rc4_key));
|
||||
memset(k6_data, 0, sizeof(k6_data));
|
||||
|
||||
*minor_status = 0;
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
||||
|
||||
|
||||
OM_uint32
|
||||
_gssapi_verify_mic_arcfour(OM_uint32 * minor_status,
|
||||
const gss_ctx_id_t context_handle,
|
||||
const gss_buffer_t message_buffer,
|
||||
const gss_buffer_t token_buffer,
|
||||
gss_qop_t * qop_state,
|
||||
krb5_keyblock *key,
|
||||
char *type)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
int32_t seq_number, seq_number2;
|
||||
OM_uint32 omret;
|
||||
char cksum_data[8], k6_data[16], SND_SEQ[8];
|
||||
u_char *p;
|
||||
int cmp;
|
||||
|
||||
if (qop_state)
|
||||
*qop_state = 0;
|
||||
|
||||
p = token_buffer->value;
|
||||
omret = gssapi_krb5_verify_header (&p,
|
||||
token_buffer->length,
|
||||
type);
|
||||
if (omret)
|
||||
return omret;
|
||||
|
||||
if (memcmp(p, "\x11\x00", 2) != 0) /* SGN_ALG = HMAC MD5 ARCFOUR */
|
||||
return GSS_S_BAD_SIG;
|
||||
p += 2;
|
||||
if (memcmp (p, "\xff\xff\xff\xff", 4) != 0)
|
||||
return GSS_S_BAD_MIC;
|
||||
p += 4;
|
||||
|
||||
ret = arcfour_mic_cksum(key, KRB5_KU_USAGE_SIGN,
|
||||
cksum_data, sizeof(cksum_data),
|
||||
p - 8, 8,
|
||||
message_buffer->value, message_buffer->length,
|
||||
NULL, 0);
|
||||
if (ret) {
|
||||
*minor_status = ret;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
ret = arcfour_mic_key(gssapi_krb5_context, key,
|
||||
cksum_data, sizeof(cksum_data),
|
||||
k6_data, sizeof(k6_data));
|
||||
if (ret) {
|
||||
*minor_status = ret;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
cmp = memcmp(cksum_data, p + 8, 8);
|
||||
if (cmp) {
|
||||
*minor_status = 0;
|
||||
return GSS_S_BAD_MIC;
|
||||
}
|
||||
|
||||
{
|
||||
RC4_KEY rc4_key;
|
||||
|
||||
RC4_set_key (&rc4_key, sizeof(k6_data), k6_data);
|
||||
RC4 (&rc4_key, 8, p, SND_SEQ);
|
||||
|
||||
memset(&rc4_key, 0, sizeof(rc4_key));
|
||||
memset(k6_data, 0, sizeof(k6_data));
|
||||
}
|
||||
|
||||
gssapi_decode_be_om_uint32(SND_SEQ, &seq_number);
|
||||
|
||||
if (context_handle->more_flags & LOCAL)
|
||||
cmp = memcmp(&SND_SEQ[4], "\xff\xff\xff\xff", 4);
|
||||
else
|
||||
cmp = memcmp(&SND_SEQ[4], "\x00\x00\x00\x00", 4);
|
||||
|
||||
memset(SND_SEQ, 0, sizeof(SND_SEQ));
|
||||
if (cmp != 0) {
|
||||
*minor_status = 0;
|
||||
return GSS_S_BAD_MIC;
|
||||
}
|
||||
|
||||
krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,
|
||||
context_handle->auth_context,
|
||||
&seq_number2);
|
||||
|
||||
if (seq_number != seq_number2) {
|
||||
*minor_status = 0;
|
||||
return GSS_S_UNSEQ_TOKEN;
|
||||
}
|
||||
|
||||
krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,
|
||||
context_handle->auth_context,
|
||||
++seq_number2);
|
||||
|
||||
*minor_status = 0;
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
||||
|
||||
OM_uint32
|
||||
_gssapi_wrap_arcfour(OM_uint32 * minor_status,
|
||||
const gss_ctx_id_t context_handle,
|
||||
int conf_req_flag,
|
||||
gss_qop_t qop_req,
|
||||
const gss_buffer_t input_message_buffer,
|
||||
int * conf_state,
|
||||
gss_buffer_t output_message_buffer,
|
||||
krb5_keyblock *key)
|
||||
{
|
||||
u_char Klocaldata[16], k6_data[16], *p, *p0;
|
||||
size_t len, total_len, datalen;
|
||||
krb5_keyblock Klocal;
|
||||
krb5_error_code ret;
|
||||
int32_t seq_number;
|
||||
|
||||
if (conf_state)
|
||||
*conf_state = 0;
|
||||
|
||||
datalen = input_message_buffer->length + 1 /* padding */;
|
||||
len = datalen + 30;
|
||||
gssapi_krb5_encap_length (len, &len, &total_len);
|
||||
|
||||
output_message_buffer->length = total_len;
|
||||
output_message_buffer->value = malloc (total_len);
|
||||
if (output_message_buffer->value == NULL) {
|
||||
*minor_status = ENOMEM;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
p0 = _gssapi_make_mech_header(output_message_buffer->value,
|
||||
len);
|
||||
p = p0;
|
||||
|
||||
*p++ = 0x02; /* TOK_ID */
|
||||
*p++ = 0x01;
|
||||
*p++ = 0x11; /* SGN_ALG */
|
||||
*p++ = 0x00;
|
||||
if (conf_req_flag) {
|
||||
*p++ = 0x10; /* SEAL_ALG */
|
||||
*p++ = 0x00;
|
||||
} else {
|
||||
*p++ = 0xff; /* SEAL_ALG */
|
||||
*p++ = 0xff;
|
||||
}
|
||||
*p++ = 0xff; /* Filler */
|
||||
*p++ = 0xff;
|
||||
|
||||
p = NULL;
|
||||
|
||||
krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,
|
||||
context_handle->auth_context,
|
||||
&seq_number);
|
||||
|
||||
gssapi_encode_be_om_uint32(seq_number, p0 + 8);
|
||||
|
||||
krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,
|
||||
context_handle->auth_context,
|
||||
++seq_number);
|
||||
|
||||
memset (p0 + 8 + 4,
|
||||
(context_handle->more_flags & LOCAL) ? 0 : 0xff,
|
||||
4);
|
||||
|
||||
krb5_generate_random_block(p0 + 24, 8); /* fill in Confounder */
|
||||
|
||||
/* p points to data */
|
||||
p = p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE;
|
||||
memcpy(p, input_message_buffer->value, input_message_buffer->length);
|
||||
p[input_message_buffer->length] = 1; /* PADDING */
|
||||
|
||||
ret = arcfour_mic_cksum(key, KRB5_KU_USAGE_SEAL,
|
||||
p0 + 16, 8, /* SGN_CKSUM */
|
||||
p0, 8, /* TOK_ID, SGN_ALG, SEAL_ALG, Filler */
|
||||
p0 + 24, 8, /* Confounder */
|
||||
p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE,
|
||||
datalen);
|
||||
if (ret) {
|
||||
*minor_status = ret;
|
||||
gss_release_buffer(minor_status, output_message_buffer);
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
{
|
||||
int i;
|
||||
|
||||
Klocal.keytype = key->keytype;
|
||||
Klocal.keyvalue.data = Klocaldata;
|
||||
Klocal.keyvalue.length = sizeof(Klocaldata);
|
||||
|
||||
for (i = 0; i < 16; i++)
|
||||
Klocaldata[i] = ((u_char *)key->keyvalue.data)[i] ^ 0xF0;
|
||||
}
|
||||
ret = arcfour_mic_key(gssapi_krb5_context, &Klocal,
|
||||
p0 + 8, 4, /* SND_SEQ */
|
||||
k6_data, sizeof(k6_data));
|
||||
memset(Klocaldata, 0, sizeof(Klocaldata));
|
||||
if (ret) {
|
||||
gss_release_buffer(minor_status, output_message_buffer);
|
||||
*minor_status = ret;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
|
||||
if(conf_req_flag) {
|
||||
RC4_KEY rc4_key;
|
||||
|
||||
RC4_set_key (&rc4_key, sizeof(k6_data), k6_data);
|
||||
/* XXX ? */
|
||||
RC4 (&rc4_key, 8 + datalen, p0 + 24, p0 + 24); /* Confounder + data */
|
||||
memset(&rc4_key, 0, sizeof(rc4_key));
|
||||
}
|
||||
memset(k6_data, 0, sizeof(k6_data));
|
||||
|
||||
ret = arcfour_mic_key(gssapi_krb5_context, key,
|
||||
p0 + 16, 8, /* SGN_CKSUM */
|
||||
k6_data, sizeof(k6_data));
|
||||
if (ret) {
|
||||
gss_release_buffer(minor_status, output_message_buffer);
|
||||
*minor_status = ret;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
{
|
||||
RC4_KEY rc4_key;
|
||||
|
||||
RC4_set_key (&rc4_key, sizeof(k6_data), k6_data);
|
||||
RC4 (&rc4_key, 8, p0 + 8, p0 + 8); /* SND_SEQ */
|
||||
memset(&rc4_key, 0, sizeof(rc4_key));
|
||||
memset(k6_data, 0, sizeof(k6_data));
|
||||
}
|
||||
|
||||
if (conf_state)
|
||||
*conf_state = conf_req_flag;
|
||||
|
||||
*minor_status = 0;
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
||||
|
||||
OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status,
|
||||
const gss_ctx_id_t context_handle,
|
||||
const gss_buffer_t input_message_buffer,
|
||||
gss_buffer_t output_message_buffer,
|
||||
int *conf_state,
|
||||
gss_qop_t *qop_state,
|
||||
krb5_keyblock *key)
|
||||
{
|
||||
u_char Klocaldata[16];
|
||||
krb5_keyblock Klocal;
|
||||
krb5_error_code ret;
|
||||
int32_t seq_number, seq_number2;
|
||||
size_t datalen;
|
||||
OM_uint32 omret;
|
||||
char k6_data[16], SND_SEQ[8], Confounder[8];
|
||||
char cksum_data[8];
|
||||
u_char *p, *p0;
|
||||
int cmp;
|
||||
int conf_flag;
|
||||
size_t padlen;
|
||||
|
||||
if (conf_state)
|
||||
*conf_state = 0;
|
||||
if (qop_state)
|
||||
*qop_state = 0;
|
||||
|
||||
p0 = input_message_buffer->value;
|
||||
omret = _gssapi_verify_mech_header(&p0,
|
||||
input_message_buffer->length);
|
||||
if (omret)
|
||||
return omret;
|
||||
p = p0;
|
||||
|
||||
datalen = input_message_buffer->length -
|
||||
(p - ((u_char *)input_message_buffer->value)) -
|
||||
GSS_ARCFOUR_WRAP_TOKEN_SIZE;
|
||||
|
||||
if (memcmp(p, "\x02\x01", 2) != 0)
|
||||
return GSS_S_BAD_SIG;
|
||||
p += 2;
|
||||
if (memcmp(p, "\x11\x00", 2) != 0) /* SGN_ALG = HMAC MD5 ARCFOUR */
|
||||
return GSS_S_BAD_SIG;
|
||||
p += 2;
|
||||
|
||||
if (memcmp (p, "\x10\x00", 2) == 0)
|
||||
conf_flag = 1;
|
||||
else if (memcmp (p, "\xff\xff", 2) == 0)
|
||||
conf_flag = 0;
|
||||
else
|
||||
return GSS_S_BAD_SIG;
|
||||
|
||||
p += 2;
|
||||
if (memcmp (p, "\xff\xff", 2) != 0)
|
||||
return GSS_S_BAD_MIC;
|
||||
p = NULL;
|
||||
|
||||
ret = arcfour_mic_key(gssapi_krb5_context, key,
|
||||
p0 + 16, 8, /* SGN_CKSUM */
|
||||
k6_data, sizeof(k6_data));
|
||||
if (ret) {
|
||||
*minor_status = ret;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
{
|
||||
RC4_KEY rc4_key;
|
||||
|
||||
RC4_set_key (&rc4_key, sizeof(k6_data), k6_data);
|
||||
RC4 (&rc4_key, 8, p0 + 8, SND_SEQ); /* SND_SEQ */
|
||||
memset(&rc4_key, 0, sizeof(rc4_key));
|
||||
memset(k6_data, 0, sizeof(k6_data));
|
||||
}
|
||||
|
||||
gssapi_decode_be_om_uint32(SND_SEQ, &seq_number);
|
||||
|
||||
if (context_handle->more_flags & LOCAL)
|
||||
cmp = memcmp(&SND_SEQ[4], "\xff\xff\xff\xff", 4);
|
||||
else
|
||||
cmp = memcmp(&SND_SEQ[4], "\x00\x00\x00\x00", 4);
|
||||
|
||||
if (cmp != 0) {
|
||||
*minor_status = 0;
|
||||
return GSS_S_BAD_MIC;
|
||||
}
|
||||
|
||||
{
|
||||
int i;
|
||||
|
||||
Klocal.keytype = key->keytype;
|
||||
Klocal.keyvalue.data = Klocaldata;
|
||||
Klocal.keyvalue.length = sizeof(Klocaldata);
|
||||
|
||||
for (i = 0; i < 16; i++)
|
||||
Klocaldata[i] = ((u_char *)key->keyvalue.data)[i] ^ 0xF0;
|
||||
}
|
||||
ret = arcfour_mic_key(gssapi_krb5_context, &Klocal,
|
||||
SND_SEQ, 4,
|
||||
k6_data, sizeof(k6_data));
|
||||
memset(Klocaldata, 0, sizeof(Klocaldata));
|
||||
if (ret) {
|
||||
*minor_status = ret;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
output_message_buffer->value = malloc(datalen);
|
||||
if (output_message_buffer->value == NULL) {
|
||||
*minor_status = ENOMEM;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
output_message_buffer->length = datalen;
|
||||
|
||||
if(conf_flag) {
|
||||
RC4_KEY rc4_key;
|
||||
|
||||
RC4_set_key (&rc4_key, sizeof(k6_data), k6_data);
|
||||
RC4 (&rc4_key, 8, p0 + 24, Confounder); /* Confounder */
|
||||
RC4 (&rc4_key, datalen, p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE,
|
||||
output_message_buffer->value);
|
||||
memset(&rc4_key, 0, sizeof(rc4_key));
|
||||
} else {
|
||||
memcpy(Confounder, p0 + 24, 8); /* Confounder */
|
||||
memcpy(output_message_buffer->value,
|
||||
p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE,
|
||||
datalen);
|
||||
}
|
||||
memset(k6_data, 0, sizeof(k6_data));
|
||||
|
||||
ret = _gssapi_verify_pad(output_message_buffer, datalen, &padlen);
|
||||
if (ret) {
|
||||
gss_release_buffer(minor_status, output_message_buffer);
|
||||
*minor_status = 0;
|
||||
return ret;
|
||||
}
|
||||
output_message_buffer->length -= padlen;
|
||||
|
||||
ret = arcfour_mic_cksum(key, KRB5_KU_USAGE_SEAL,
|
||||
cksum_data, sizeof(cksum_data),
|
||||
p0, 8,
|
||||
Confounder, sizeof(Confounder),
|
||||
output_message_buffer->value,
|
||||
output_message_buffer->length + padlen);
|
||||
if (ret) {
|
||||
gss_release_buffer(minor_status, output_message_buffer);
|
||||
*minor_status = ret;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
cmp = memcmp(cksum_data, p0 + 16, 8); /* SGN_CKSUM */
|
||||
if (cmp) {
|
||||
gss_release_buffer(minor_status, output_message_buffer);
|
||||
*minor_status = 0;
|
||||
return GSS_S_BAD_MIC;
|
||||
}
|
||||
|
||||
krb5_auth_getremoteseqnumber (gssapi_krb5_context,
|
||||
context_handle->auth_context,
|
||||
&seq_number2);
|
||||
|
||||
if (seq_number != seq_number2) {
|
||||
*minor_status = 0;
|
||||
return GSS_S_UNSEQ_TOKEN;
|
||||
}
|
||||
|
||||
krb5_auth_con_setremoteseqnumber (gssapi_krb5_context,
|
||||
context_handle->auth_context,
|
||||
++seq_number2);
|
||||
|
||||
if (conf_state)
|
||||
*conf_state = conf_flag;
|
||||
|
||||
*minor_status = 0;
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
@ -1,98 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 2003 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/* $Id: arcfour.h,v 1.3.2.2 2003/09/19 15:14:14 lha Exp $ */
|
||||
|
||||
#ifndef GSSAPI_ARCFOUR_H_
|
||||
#define GSSAPI_ARCFOUR_H_ 1
|
||||
|
||||
/*
|
||||
* The arcfour message have the following formats, these are only here
|
||||
* for reference and is not used.
|
||||
*/
|
||||
|
||||
#if 0
|
||||
typedef struct gss_arcfour_mic_token {
|
||||
u_char TOK_ID[2]; /* 01 01 */
|
||||
u_char SGN_ALG[2]; /* 11 00 */
|
||||
u_char Filler[4];
|
||||
u_char SND_SEQ[8];
|
||||
u_char SGN_CKSUM[8];
|
||||
} gss_arcfour_mic_token_desc, *gss_arcfour_mic_token;
|
||||
|
||||
typedef struct gss_arcfour_wrap_token {
|
||||
u_char TOK_ID[2]; /* 02 01 */
|
||||
u_char SGN_ALG[2];
|
||||
u_char SEAL_ALG[2];
|
||||
u_char Filler[2];
|
||||
u_char SND_SEQ[8];
|
||||
u_char SGN_CKSUM[8];
|
||||
u_char Confounder[8];
|
||||
} gss_arcfour_wrap_token_desc, *gss_arcfour_wrap_token;
|
||||
#endif
|
||||
|
||||
#define GSS_ARCFOUR_WRAP_TOKEN_SIZE 32
|
||||
|
||||
OM_uint32 _gssapi_wrap_arcfour(OM_uint32 *minor_status,
|
||||
const gss_ctx_id_t context_handle,
|
||||
int conf_req_flag,
|
||||
gss_qop_t qop_req,
|
||||
const gss_buffer_t input_message_buffer,
|
||||
int *conf_state,
|
||||
gss_buffer_t output_message_buffer,
|
||||
krb5_keyblock *key);
|
||||
|
||||
OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status,
|
||||
const gss_ctx_id_t context_handle,
|
||||
const gss_buffer_t input_message_buffer,
|
||||
gss_buffer_t output_message_buffer,
|
||||
int *conf_state,
|
||||
gss_qop_t *qop_state,
|
||||
krb5_keyblock *key);
|
||||
|
||||
OM_uint32 _gssapi_get_mic_arcfour(OM_uint32 *minor_status,
|
||||
const gss_ctx_id_t context_handle,
|
||||
gss_qop_t qop_req,
|
||||
const gss_buffer_t message_buffer,
|
||||
gss_buffer_t message_token,
|
||||
krb5_keyblock *key);
|
||||
|
||||
OM_uint32 _gssapi_verify_mic_arcfour(OM_uint32 *minor_status,
|
||||
const gss_ctx_id_t context_handle,
|
||||
const gss_buffer_t message_buffer,
|
||||
const gss_buffer_t token_buffer,
|
||||
gss_qop_t *qop_state,
|
||||
krb5_keyblock *key,
|
||||
char *type);
|
||||
|
||||
#endif /* GSSAPI_ARCFOUR_H_ */
|
@ -1,46 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 1997 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "gssapi_locl.h"
|
||||
|
||||
RCSID("$Id: canonicalize_name.c,v 1.2 1999/12/02 17:05:03 joda Exp $");
|
||||
|
||||
OM_uint32 gss_canonicalize_name (
|
||||
OM_uint32 * minor_status,
|
||||
const gss_name_t input_name,
|
||||
const gss_OID mech_type,
|
||||
gss_name_t * output_name
|
||||
)
|
||||
{
|
||||
return gss_duplicate_name (minor_status, input_name, output_name);
|
||||
}
|
@ -1,113 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 2003 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "gssapi_locl.h"
|
||||
|
||||
RCSID("$Id: compat.c,v 1.2.2.2 2003/04/28 13:58:09 lha Exp $");
|
||||
|
||||
|
||||
static krb5_error_code
|
||||
check_compat(OM_uint32 *minor_status, gss_name_t name,
|
||||
const char *option, krb5_boolean *compat,
|
||||
krb5_boolean match_val)
|
||||
{
|
||||
krb5_error_code ret = 0;
|
||||
char **p, **q;
|
||||
krb5_principal match;
|
||||
|
||||
|
||||
p = krb5_config_get_strings(gssapi_krb5_context, NULL, "gssapi",
|
||||
option, NULL);
|
||||
if(p == NULL)
|
||||
return 0;
|
||||
|
||||
for(q = p; *q; q++) {
|
||||
|
||||
ret = krb5_parse_name(gssapi_krb5_context, *q, &match);
|
||||
if (ret)
|
||||
break;
|
||||
|
||||
if (krb5_principal_match(gssapi_krb5_context, name, match)) {
|
||||
*compat = match_val;
|
||||
break;
|
||||
}
|
||||
|
||||
krb5_free_principal(gssapi_krb5_context, match);
|
||||
}
|
||||
krb5_config_free_strings(p);
|
||||
|
||||
if (ret) {
|
||||
*minor_status = ret;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
OM_uint32
|
||||
_gss_DES3_get_mic_compat(OM_uint32 *minor_status, gss_ctx_id_t ctx)
|
||||
{
|
||||
krb5_boolean use_compat = TRUE;
|
||||
OM_uint32 ret;
|
||||
|
||||
if ((ctx->more_flags & COMPAT_OLD_DES3_SELECTED) == 0) {
|
||||
ret = check_compat(minor_status, ctx->target,
|
||||
"broken_des3_mic", &use_compat, TRUE);
|
||||
if (ret)
|
||||
return ret;
|
||||
ret = check_compat(minor_status, ctx->target,
|
||||
"correct_des3_mic", &use_compat, FALSE);
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
if (use_compat)
|
||||
ctx->more_flags |= COMPAT_OLD_DES3;
|
||||
ctx->more_flags |= COMPAT_OLD_DES3_SELECTED;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
OM_uint32
|
||||
gss_krb5_compat_des3_mic(OM_uint32 *minor_status, gss_ctx_id_t ctx, int on)
|
||||
{
|
||||
*minor_status = 0;
|
||||
|
||||
if (on) {
|
||||
ctx->more_flags |= COMPAT_OLD_DES3;
|
||||
} else {
|
||||
ctx->more_flags &= ~COMPAT_OLD_DES3;
|
||||
}
|
||||
ctx->more_flags |= COMPAT_OLD_DES3_SELECTED;
|
||||
|
||||
return 0;
|
||||
}
|
@ -1,85 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "gssapi_locl.h"
|
||||
|
||||
RCSID("$Id: context_time.c,v 1.7.2.1 2003/08/15 14:25:50 lha Exp $");
|
||||
|
||||
OM_uint32
|
||||
gssapi_lifetime_left(OM_uint32 *minor_status,
|
||||
OM_uint32 lifetime,
|
||||
OM_uint32 *lifetime_rec)
|
||||
{
|
||||
krb5_timestamp timeret;
|
||||
krb5_error_code kret;
|
||||
|
||||
kret = krb5_timeofday(gssapi_krb5_context, &timeret);
|
||||
if (kret) {
|
||||
*minor_status = kret;
|
||||
gssapi_krb5_set_error_string ();
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
if (lifetime < timeret)
|
||||
*lifetime_rec = 0;
|
||||
else
|
||||
*lifetime_rec = lifetime - timeret;
|
||||
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
||||
|
||||
|
||||
OM_uint32 gss_context_time
|
||||
(OM_uint32 * minor_status,
|
||||
const gss_ctx_id_t context_handle,
|
||||
OM_uint32 * time_rec
|
||||
)
|
||||
{
|
||||
OM_uint32 lifetime;
|
||||
OM_uint32 major_status;
|
||||
|
||||
GSSAPI_KRB5_INIT ();
|
||||
|
||||
lifetime = context_handle->lifetime;
|
||||
|
||||
major_status = gssapi_lifetime_left(minor_status, lifetime, time_rec);
|
||||
if (major_status != GSS_S_COMPLETE)
|
||||
return major_status;
|
||||
|
||||
*minor_status = 0;
|
||||
|
||||
if (*time_rec == 0)
|
||||
return GSS_S_CONTEXT_EXPIRED;
|
||||
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
@ -1,52 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "gssapi_locl.h"
|
||||
|
||||
RCSID("$Id: create_emtpy_oid_set.c,v 1.5 2003/03/16 17:47:07 lha Exp $");
|
||||
|
||||
OM_uint32 gss_create_empty_oid_set (
|
||||
OM_uint32 * minor_status,
|
||||
gss_OID_set * oid_set
|
||||
)
|
||||
{
|
||||
*oid_set = malloc(sizeof(**oid_set));
|
||||
if (*oid_set == NULL) {
|
||||
*minor_status = ENOMEM;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
(*oid_set)->count = 0;
|
||||
(*oid_set)->elements = NULL;
|
||||
*minor_status = 0;
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
@ -1,184 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "gssapi_locl.h"
|
||||
|
||||
RCSID("$Id: decapsulate.c,v 1.7.6.1 2003/09/18 22:00:41 lha Exp $");
|
||||
|
||||
OM_uint32
|
||||
gssapi_krb5_verify_header(u_char **str,
|
||||
size_t total_len,
|
||||
char *type)
|
||||
{
|
||||
size_t len, len_len, mech_len, foo;
|
||||
int e;
|
||||
u_char *p = *str;
|
||||
|
||||
if (total_len < 1)
|
||||
return GSS_S_DEFECTIVE_TOKEN;
|
||||
if (*p++ != 0x60)
|
||||
return GSS_S_DEFECTIVE_TOKEN;
|
||||
e = der_get_length (p, total_len - 1, &len, &len_len);
|
||||
if (e || 1 + len_len + len != total_len)
|
||||
return GSS_S_DEFECTIVE_TOKEN;
|
||||
p += len_len;
|
||||
if (*p++ != 0x06)
|
||||
return GSS_S_DEFECTIVE_TOKEN;
|
||||
e = der_get_length (p, total_len - 1 - len_len - 1,
|
||||
&mech_len, &foo);
|
||||
if (e)
|
||||
return GSS_S_DEFECTIVE_TOKEN;
|
||||
p += foo;
|
||||
if (mech_len != GSS_KRB5_MECHANISM->length)
|
||||
return GSS_S_BAD_MECH;
|
||||
if (memcmp(p,
|
||||
GSS_KRB5_MECHANISM->elements,
|
||||
GSS_KRB5_MECHANISM->length) != 0)
|
||||
return GSS_S_BAD_MECH;
|
||||
p += mech_len;
|
||||
if (memcmp (p, type, 2) != 0)
|
||||
return GSS_S_DEFECTIVE_TOKEN;
|
||||
p += 2;
|
||||
*str = p;
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
||||
|
||||
static ssize_t
|
||||
gssapi_krb5_get_mech (const u_char *ptr,
|
||||
size_t total_len,
|
||||
const u_char **mech_ret)
|
||||
{
|
||||
size_t len, len_len, mech_len, foo;
|
||||
const u_char *p = ptr;
|
||||
int e;
|
||||
|
||||
if (total_len < 1)
|
||||
return -1;
|
||||
if (*p++ != 0x60)
|
||||
return -1;
|
||||
e = der_get_length (p, total_len - 1, &len, &len_len);
|
||||
if (e || 1 + len_len + len != total_len)
|
||||
return -1;
|
||||
p += len_len;
|
||||
if (*p++ != 0x06)
|
||||
return -1;
|
||||
e = der_get_length (p, total_len - 1 - len_len - 1,
|
||||
&mech_len, &foo);
|
||||
if (e)
|
||||
return -1;
|
||||
p += foo;
|
||||
*mech_ret = p;
|
||||
return mech_len;
|
||||
}
|
||||
|
||||
OM_uint32
|
||||
_gssapi_verify_mech_header(u_char **str,
|
||||
size_t total_len)
|
||||
{
|
||||
const u_char *p;
|
||||
ssize_t mech_len;
|
||||
|
||||
mech_len = gssapi_krb5_get_mech (*str, total_len, &p);
|
||||
if (mech_len < 0)
|
||||
return GSS_S_DEFECTIVE_TOKEN;
|
||||
|
||||
if (mech_len != GSS_KRB5_MECHANISM->length)
|
||||
return GSS_S_BAD_MECH;
|
||||
if (memcmp(p,
|
||||
GSS_KRB5_MECHANISM->elements,
|
||||
GSS_KRB5_MECHANISM->length) != 0)
|
||||
return GSS_S_BAD_MECH;
|
||||
p += mech_len;
|
||||
*str = (char *)p;
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
||||
|
||||
/*
|
||||
* Remove the GSS-API wrapping from `in_token' giving `out_data.
|
||||
* Does not copy data, so just free `in_token'.
|
||||
*/
|
||||
|
||||
OM_uint32
|
||||
gssapi_krb5_decapsulate(
|
||||
OM_uint32 *minor_status,
|
||||
gss_buffer_t input_token_buffer,
|
||||
krb5_data *out_data,
|
||||
char *type
|
||||
)
|
||||
{
|
||||
u_char *p;
|
||||
OM_uint32 ret;
|
||||
|
||||
p = input_token_buffer->value;
|
||||
ret = gssapi_krb5_verify_header(&p,
|
||||
input_token_buffer->length,
|
||||
type);
|
||||
if (ret) {
|
||||
*minor_status = 0;
|
||||
return ret;
|
||||
}
|
||||
|
||||
out_data->length = input_token_buffer->length -
|
||||
(p - (u_char *)input_token_buffer->value);
|
||||
out_data->data = p;
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
||||
|
||||
/*
|
||||
* Verify padding of a gss wrapped message and return its length.
|
||||
*/
|
||||
|
||||
OM_uint32
|
||||
_gssapi_verify_pad(gss_buffer_t wrapped_token,
|
||||
size_t datalen,
|
||||
size_t *padlen)
|
||||
{
|
||||
u_char *pad;
|
||||
size_t padlength;
|
||||
int i;
|
||||
|
||||
pad = (u_char *)wrapped_token->value + wrapped_token->length - 1;
|
||||
padlength = *pad;
|
||||
|
||||
if (padlength > datalen)
|
||||
return GSS_S_BAD_MECH;
|
||||
|
||||
for (i = padlength; i > 0 && *pad == padlength; i--, pad--)
|
||||
;
|
||||
if (i != 0)
|
||||
return GSS_S_BAD_MIC;
|
||||
|
||||
*padlen = padlength;
|
||||
|
||||
return 0;
|
||||
}
|
@ -1,69 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "gssapi_locl.h"
|
||||
|
||||
RCSID("$Id: delete_sec_context.c,v 1.11 2003/03/16 17:46:40 lha Exp $");
|
||||
|
||||
OM_uint32 gss_delete_sec_context
|
||||
(OM_uint32 * minor_status,
|
||||
gss_ctx_id_t * context_handle,
|
||||
gss_buffer_t output_token
|
||||
)
|
||||
{
|
||||
GSSAPI_KRB5_INIT ();
|
||||
|
||||
if (output_token) {
|
||||
output_token->length = 0;
|
||||
output_token->value = NULL;
|
||||
}
|
||||
|
||||
krb5_auth_con_free (gssapi_krb5_context,
|
||||
(*context_handle)->auth_context);
|
||||
if((*context_handle)->source)
|
||||
krb5_free_principal (gssapi_krb5_context,
|
||||
(*context_handle)->source);
|
||||
if((*context_handle)->target)
|
||||
krb5_free_principal (gssapi_krb5_context,
|
||||
(*context_handle)->target);
|
||||
if ((*context_handle)->ticket) {
|
||||
krb5_free_ticket (gssapi_krb5_context,
|
||||
(*context_handle)->ticket);
|
||||
free((*context_handle)->ticket);
|
||||
}
|
||||
|
||||
free (*context_handle);
|
||||
*context_handle = GSS_C_NO_CONTEXT;
|
||||
*minor_status = 0;
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
@ -1,73 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "gssapi_locl.h"
|
||||
|
||||
RCSID("$Id: display_name.c,v 1.9 2003/03/16 17:46:11 lha Exp $");
|
||||
|
||||
OM_uint32 gss_display_name
|
||||
(OM_uint32 * minor_status,
|
||||
const gss_name_t input_name,
|
||||
gss_buffer_t output_name_buffer,
|
||||
gss_OID * output_name_type
|
||||
)
|
||||
{
|
||||
krb5_error_code kret;
|
||||
char *buf;
|
||||
size_t len;
|
||||
|
||||
GSSAPI_KRB5_INIT ();
|
||||
kret = krb5_unparse_name (gssapi_krb5_context,
|
||||
input_name,
|
||||
&buf);
|
||||
if (kret) {
|
||||
*minor_status = kret;
|
||||
gssapi_krb5_set_error_string ();
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
len = strlen (buf);
|
||||
output_name_buffer->length = len;
|
||||
output_name_buffer->value = malloc(len + 1);
|
||||
if (output_name_buffer->value == NULL) {
|
||||
free (buf);
|
||||
*minor_status = ENOMEM;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
memcpy (output_name_buffer->value, buf, len);
|
||||
((char *)output_name_buffer->value)[len] = '\0';
|
||||
free (buf);
|
||||
if (output_name_type)
|
||||
*output_name_type = GSS_KRB5_NT_PRINCIPAL_NAME;
|
||||
*minor_status = 0;
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
@ -1,187 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 1998 - 2003 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "gssapi_locl.h"
|
||||
|
||||
RCSID("$Id: display_status.c,v 1.9 2003/03/16 17:45:36 lha Exp $");
|
||||
|
||||
static char *krb5_error_string;
|
||||
|
||||
static char *
|
||||
calling_error(OM_uint32 v)
|
||||
{
|
||||
static char *msgs[] = {
|
||||
NULL, /* 0 */
|
||||
"A required input parameter could not be read.", /* */
|
||||
"A required output parameter could not be written.", /* */
|
||||
"A parameter was malformed"
|
||||
};
|
||||
|
||||
v >>= GSS_C_CALLING_ERROR_OFFSET;
|
||||
|
||||
if (v == 0)
|
||||
return "";
|
||||
else if (v >= sizeof(msgs)/sizeof(*msgs))
|
||||
return "unknown calling error";
|
||||
else
|
||||
return msgs[v];
|
||||
}
|
||||
|
||||
static char *
|
||||
routine_error(OM_uint32 v)
|
||||
{
|
||||
static char *msgs[] = {
|
||||
NULL, /* 0 */
|
||||
"An unsupported mechanism was requested",
|
||||
"An invalid name was supplied",
|
||||
"A supplied name was of an unsupported type",
|
||||
"Incorrect channel bindings were supplied",
|
||||
"An invalid status code was supplied",
|
||||
"A token had an invalid MIC",
|
||||
"No credentials were supplied, "
|
||||
"or the credentials were unavailable or inaccessible.",
|
||||
"No context has been established",
|
||||
"A token was invalid",
|
||||
"A credential was invalid",
|
||||
"The referenced credentials have expired",
|
||||
"The context has expired",
|
||||
"Miscellaneous failure (see text)",
|
||||
"The quality-of-protection requested could not be provide",
|
||||
"The operation is forbidden by local security policy",
|
||||
"The operation or option is not available",
|
||||
"The requested credential element already exists",
|
||||
"The provided name was not a mechanism name.",
|
||||
};
|
||||
|
||||
v >>= GSS_C_ROUTINE_ERROR_OFFSET;
|
||||
|
||||
if (v == 0)
|
||||
return "";
|
||||
else if (v >= sizeof(msgs)/sizeof(*msgs))
|
||||
return "unknown routine error";
|
||||
else
|
||||
return msgs[v];
|
||||
}
|
||||
|
||||
static char *
|
||||
supplementary_error(OM_uint32 v)
|
||||
{
|
||||
static char *msgs[] = {
|
||||
"normal completion",
|
||||
"continuation call to routine required",
|
||||
"duplicate per-message token detected",
|
||||
"timed-out per-message token detected",
|
||||
"reordered (early) per-message token detected",
|
||||
"skipped predecessor token(s) detected"
|
||||
};
|
||||
|
||||
v >>= GSS_C_SUPPLEMENTARY_OFFSET;
|
||||
|
||||
if (v >= sizeof(msgs)/sizeof(*msgs))
|
||||
return "unknown routine error";
|
||||
else
|
||||
return msgs[v];
|
||||
}
|
||||
|
||||
void
|
||||
gssapi_krb5_set_error_string (void)
|
||||
{
|
||||
krb5_error_string = krb5_get_error_string(gssapi_krb5_context);
|
||||
}
|
||||
|
||||
char *
|
||||
gssapi_krb5_get_error_string (void)
|
||||
{
|
||||
char *ret = krb5_error_string;
|
||||
krb5_error_string = NULL;
|
||||
return ret;
|
||||
}
|
||||
|
||||
OM_uint32 gss_display_status
|
||||
(OM_uint32 *minor_status,
|
||||
OM_uint32 status_value,
|
||||
int status_type,
|
||||
const gss_OID mech_type,
|
||||
OM_uint32 *message_context,
|
||||
gss_buffer_t status_string)
|
||||
{
|
||||
char *buf;
|
||||
|
||||
GSSAPI_KRB5_INIT ();
|
||||
|
||||
status_string->length = 0;
|
||||
status_string->value = NULL;
|
||||
|
||||
if (gss_oid_equal(mech_type, GSS_C_NO_OID) == 0 &&
|
||||
gss_oid_equal(mech_type, GSS_KRB5_MECHANISM) == 0) {
|
||||
*minor_status = 0;
|
||||
return GSS_C_GSS_CODE;
|
||||
}
|
||||
|
||||
if (status_type == GSS_C_GSS_CODE) {
|
||||
if (GSS_SUPPLEMENTARY_INFO(status_value))
|
||||
asprintf(&buf, "%s",
|
||||
supplementary_error(GSS_SUPPLEMENTARY_INFO(status_value)));
|
||||
else
|
||||
asprintf (&buf, "%s %s",
|
||||
calling_error(GSS_CALLING_ERROR(status_value)),
|
||||
routine_error(GSS_ROUTINE_ERROR(status_value)));
|
||||
} else if (status_type == GSS_C_MECH_CODE) {
|
||||
buf = gssapi_krb5_get_error_string ();
|
||||
if (buf == NULL) {
|
||||
const char *tmp = krb5_get_err_text (gssapi_krb5_context,
|
||||
status_value);
|
||||
if (tmp == NULL)
|
||||
asprintf(&buf, "unknown mech error-code %u",
|
||||
(unsigned)status_value);
|
||||
else
|
||||
buf = strdup(tmp);
|
||||
}
|
||||
} else {
|
||||
*minor_status = EINVAL;
|
||||
return GSS_S_BAD_STATUS;
|
||||
}
|
||||
|
||||
if (buf == NULL) {
|
||||
*minor_status = ENOMEM;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
*message_context = 0;
|
||||
*minor_status = 0;
|
||||
|
||||
status_string->length = strlen(buf);
|
||||
status_string->value = buf;
|
||||
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
@ -1,59 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "gssapi_locl.h"
|
||||
|
||||
RCSID("$Id: duplicate_name.c,v 1.7 2003/03/16 17:44:26 lha Exp $");
|
||||
|
||||
OM_uint32 gss_duplicate_name (
|
||||
OM_uint32 * minor_status,
|
||||
const gss_name_t src_name,
|
||||
gss_name_t * dest_name
|
||||
)
|
||||
{
|
||||
krb5_error_code kret;
|
||||
|
||||
GSSAPI_KRB5_INIT ();
|
||||
|
||||
kret = krb5_copy_principal (gssapi_krb5_context,
|
||||
src_name,
|
||||
dest_name);
|
||||
if (kret) {
|
||||
*minor_status = kret;
|
||||
gssapi_krb5_set_error_string ();
|
||||
return GSS_S_FAILURE;
|
||||
} else {
|
||||
*minor_status = 0;
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
||||
}
|
@ -1,122 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "gssapi_locl.h"
|
||||
|
||||
RCSID("$Id: encapsulate.c,v 1.6.6.1 2003/09/18 21:47:44 lha Exp $");
|
||||
|
||||
void
|
||||
gssapi_krb5_encap_length (size_t data_len,
|
||||
size_t *len,
|
||||
size_t *total_len)
|
||||
{
|
||||
size_t len_len;
|
||||
|
||||
*len = 1 + 1 + GSS_KRB5_MECHANISM->length + 2 + data_len;
|
||||
|
||||
len_len = length_len(*len);
|
||||
|
||||
*total_len = 1 + len_len + *len;
|
||||
}
|
||||
|
||||
u_char *
|
||||
gssapi_krb5_make_header (u_char *p,
|
||||
size_t len,
|
||||
u_char *type)
|
||||
{
|
||||
int e;
|
||||
size_t len_len, foo;
|
||||
|
||||
*p++ = 0x60;
|
||||
len_len = length_len(len);
|
||||
e = der_put_length (p + len_len - 1, len_len, len, &foo);
|
||||
if(e || foo != len_len)
|
||||
abort ();
|
||||
p += len_len;
|
||||
*p++ = 0x06;
|
||||
*p++ = GSS_KRB5_MECHANISM->length;
|
||||
memcpy (p, GSS_KRB5_MECHANISM->elements, GSS_KRB5_MECHANISM->length);
|
||||
p += GSS_KRB5_MECHANISM->length;
|
||||
memcpy (p, type, 2);
|
||||
p += 2;
|
||||
return p;
|
||||
}
|
||||
|
||||
u_char *
|
||||
_gssapi_make_mech_header(u_char *p,
|
||||
size_t len)
|
||||
{
|
||||
int e;
|
||||
size_t len_len, foo;
|
||||
|
||||
*p++ = 0x60;
|
||||
len_len = length_len(len);
|
||||
e = der_put_length (p + len_len - 1, len_len, len, &foo);
|
||||
if(e || foo != len_len)
|
||||
abort ();
|
||||
p += len_len;
|
||||
*p++ = 0x06;
|
||||
*p++ = GSS_KRB5_MECHANISM->length;
|
||||
memcpy (p, GSS_KRB5_MECHANISM->elements, GSS_KRB5_MECHANISM->length);
|
||||
p += GSS_KRB5_MECHANISM->length;
|
||||
return p;
|
||||
}
|
||||
|
||||
/*
|
||||
* Give it a krb5_data and it will encapsulate with extra GSS-API wrappings.
|
||||
*/
|
||||
|
||||
OM_uint32
|
||||
gssapi_krb5_encapsulate(
|
||||
OM_uint32 *minor_status,
|
||||
const krb5_data *in_data,
|
||||
gss_buffer_t output_token,
|
||||
u_char *type
|
||||
)
|
||||
{
|
||||
size_t len, outer_len;
|
||||
u_char *p;
|
||||
|
||||
gssapi_krb5_encap_length (in_data->length, &len, &outer_len);
|
||||
|
||||
output_token->length = outer_len;
|
||||
output_token->value = malloc (outer_len);
|
||||
if (output_token->value == NULL) {
|
||||
*minor_status = ENOMEM;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
p = gssapi_krb5_make_header (output_token->value, len, type);
|
||||
memcpy (p, in_data->data, in_data->length);
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
@ -1,94 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 1997, 1999, 2003 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "gssapi_locl.h"
|
||||
|
||||
RCSID("$Id: export_name.c,v 1.5 2003/03/16 17:34:46 lha Exp $");
|
||||
|
||||
OM_uint32 gss_export_name
|
||||
(OM_uint32 * minor_status,
|
||||
const gss_name_t input_name,
|
||||
gss_buffer_t exported_name
|
||||
)
|
||||
{
|
||||
krb5_error_code kret;
|
||||
char *buf, *name;
|
||||
size_t len;
|
||||
|
||||
GSSAPI_KRB5_INIT ();
|
||||
kret = krb5_unparse_name (gssapi_krb5_context,
|
||||
input_name,
|
||||
&name);
|
||||
if (kret) {
|
||||
*minor_status = kret;
|
||||
gssapi_krb5_set_error_string ();
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
len = strlen (name);
|
||||
|
||||
exported_name->length = 10 + len + GSS_KRB5_MECHANISM->length;
|
||||
exported_name->value = malloc(exported_name->length);
|
||||
if (exported_name->value == NULL) {
|
||||
free (name);
|
||||
*minor_status = ENOMEM;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
/* TOK, MECH_OID_LEN, DER(MECH_OID), NAME_LEN, NAME */
|
||||
|
||||
buf = exported_name->value;
|
||||
memcpy(buf, "\x04\x01", 2);
|
||||
buf += 2;
|
||||
buf[0] = ((GSS_KRB5_MECHANISM->length + 2) >> 8) & 0xff;
|
||||
buf[1] = (GSS_KRB5_MECHANISM->length + 2) & 0xff;
|
||||
buf+= 2;
|
||||
buf[0] = 0x06;
|
||||
buf[1] = (GSS_KRB5_MECHANISM->length) & 0xFF;
|
||||
buf+= 2;
|
||||
|
||||
memcpy(buf, GSS_KRB5_MECHANISM->elements, GSS_KRB5_MECHANISM->length);
|
||||
buf += GSS_KRB5_MECHANISM->length;
|
||||
|
||||
buf[0] = (len >> 24) & 0xff;
|
||||
buf[1] = (len >> 16) & 0xff;
|
||||
buf[2] = (len >> 8) & 0xff;
|
||||
buf[3] = (len) & 0xff;
|
||||
buf += 4;
|
||||
|
||||
memcpy (buf, name, len);
|
||||
|
||||
free (name);
|
||||
|
||||
*minor_status = 0;
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
@ -1,223 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 1999 - 2003 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "gssapi_locl.h"
|
||||
|
||||
RCSID("$Id: export_sec_context.c,v 1.6 2003/03/16 18:02:52 lha Exp $");
|
||||
|
||||
OM_uint32
|
||||
gss_export_sec_context (
|
||||
OM_uint32 * minor_status,
|
||||
gss_ctx_id_t * context_handle,
|
||||
gss_buffer_t interprocess_token
|
||||
)
|
||||
{
|
||||
krb5_storage *sp;
|
||||
krb5_auth_context ac;
|
||||
OM_uint32 ret = GSS_S_COMPLETE;
|
||||
krb5_data data;
|
||||
gss_buffer_desc buffer;
|
||||
int flags;
|
||||
OM_uint32 minor;
|
||||
krb5_error_code kret;
|
||||
|
||||
GSSAPI_KRB5_INIT ();
|
||||
if (!((*context_handle)->flags & GSS_C_TRANS_FLAG)) {
|
||||
*minor_status = 0;
|
||||
return GSS_S_UNAVAILABLE;
|
||||
}
|
||||
|
||||
sp = krb5_storage_emem ();
|
||||
if (sp == NULL) {
|
||||
*minor_status = ENOMEM;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
ac = (*context_handle)->auth_context;
|
||||
|
||||
/* flagging included fields */
|
||||
|
||||
flags = 0;
|
||||
if (ac->local_address)
|
||||
flags |= SC_LOCAL_ADDRESS;
|
||||
if (ac->remote_address)
|
||||
flags |= SC_REMOTE_ADDRESS;
|
||||
if (ac->keyblock)
|
||||
flags |= SC_KEYBLOCK;
|
||||
if (ac->local_subkey)
|
||||
flags |= SC_LOCAL_SUBKEY;
|
||||
if (ac->remote_subkey)
|
||||
flags |= SC_REMOTE_SUBKEY;
|
||||
|
||||
kret = krb5_store_int32 (sp, flags);
|
||||
if (kret) {
|
||||
*minor_status = kret;
|
||||
goto failure;
|
||||
}
|
||||
|
||||
/* marshall auth context */
|
||||
|
||||
kret = krb5_store_int32 (sp, ac->flags);
|
||||
if (kret) {
|
||||
*minor_status = kret;
|
||||
goto failure;
|
||||
}
|
||||
if (ac->local_address) {
|
||||
kret = krb5_store_address (sp, *ac->local_address);
|
||||
if (kret) {
|
||||
*minor_status = kret;
|
||||
goto failure;
|
||||
}
|
||||
}
|
||||
if (ac->remote_address) {
|
||||
kret = krb5_store_address (sp, *ac->remote_address);
|
||||
if (kret) {
|
||||
*minor_status = kret;
|
||||
goto failure;
|
||||
}
|
||||
}
|
||||
kret = krb5_store_int16 (sp, ac->local_port);
|
||||
if (kret) {
|
||||
*minor_status = kret;
|
||||
goto failure;
|
||||
}
|
||||
kret = krb5_store_int16 (sp, ac->remote_port);
|
||||
if (kret) {
|
||||
*minor_status = kret;
|
||||
goto failure;
|
||||
}
|
||||
if (ac->keyblock) {
|
||||
kret = krb5_store_keyblock (sp, *ac->keyblock);
|
||||
if (kret) {
|
||||
*minor_status = kret;
|
||||
goto failure;
|
||||
}
|
||||
}
|
||||
if (ac->local_subkey) {
|
||||
kret = krb5_store_keyblock (sp, *ac->local_subkey);
|
||||
if (kret) {
|
||||
*minor_status = kret;
|
||||
goto failure;
|
||||
}
|
||||
}
|
||||
if (ac->remote_subkey) {
|
||||
kret = krb5_store_keyblock (sp, *ac->remote_subkey);
|
||||
if (kret) {
|
||||
*minor_status = kret;
|
||||
goto failure;
|
||||
}
|
||||
}
|
||||
kret = krb5_store_int32 (sp, ac->local_seqnumber);
|
||||
if (kret) {
|
||||
*minor_status = kret;
|
||||
goto failure;
|
||||
}
|
||||
kret = krb5_store_int32 (sp, ac->remote_seqnumber);
|
||||
if (kret) {
|
||||
*minor_status = kret;
|
||||
goto failure;
|
||||
}
|
||||
|
||||
kret = krb5_store_int32 (sp, ac->keytype);
|
||||
if (kret) {
|
||||
*minor_status = kret;
|
||||
goto failure;
|
||||
}
|
||||
kret = krb5_store_int32 (sp, ac->cksumtype);
|
||||
if (kret) {
|
||||
*minor_status = kret;
|
||||
goto failure;
|
||||
}
|
||||
|
||||
/* names */
|
||||
|
||||
ret = gss_export_name (minor_status, (*context_handle)->source, &buffer);
|
||||
if (ret)
|
||||
goto failure;
|
||||
data.data = buffer.value;
|
||||
data.length = buffer.length;
|
||||
kret = krb5_store_data (sp, data);
|
||||
gss_release_buffer (&minor, &buffer);
|
||||
if (kret) {
|
||||
*minor_status = kret;
|
||||
goto failure;
|
||||
}
|
||||
|
||||
ret = gss_export_name (minor_status, (*context_handle)->target, &buffer);
|
||||
if (ret)
|
||||
goto failure;
|
||||
data.data = buffer.value;
|
||||
data.length = buffer.length;
|
||||
|
||||
ret = GSS_S_FAILURE;
|
||||
|
||||
kret = krb5_store_data (sp, data);
|
||||
gss_release_buffer (&minor, &buffer);
|
||||
if (kret) {
|
||||
*minor_status = kret;
|
||||
goto failure;
|
||||
}
|
||||
|
||||
kret = krb5_store_int32 (sp, (*context_handle)->flags);
|
||||
if (kret) {
|
||||
*minor_status = kret;
|
||||
goto failure;
|
||||
}
|
||||
kret = krb5_store_int32 (sp, (*context_handle)->more_flags);
|
||||
if (kret) {
|
||||
*minor_status = kret;
|
||||
goto failure;
|
||||
}
|
||||
kret = krb5_store_int32 (sp, (*context_handle)->lifetime);
|
||||
if (kret) {
|
||||
*minor_status = kret;
|
||||
goto failure;
|
||||
}
|
||||
|
||||
kret = krb5_storage_to_data (sp, &data);
|
||||
krb5_storage_free (sp);
|
||||
if (kret) {
|
||||
*minor_status = kret;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
interprocess_token->length = data.length;
|
||||
interprocess_token->value = data.data;
|
||||
ret = gss_delete_sec_context (minor_status, context_handle,
|
||||
GSS_C_NO_BUFFER);
|
||||
if (ret != GSS_S_COMPLETE)
|
||||
gss_release_buffer (NULL, interprocess_token);
|
||||
*minor_status = 0;
|
||||
return ret;
|
||||
failure:
|
||||
krb5_storage_free (sp);
|
||||
return ret;
|
||||
}
|
@ -1,235 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "gssapi_locl.h"
|
||||
|
||||
RCSID("$Id: external.c,v 1.5 2000/07/22 03:45:28 assar Exp $");
|
||||
|
||||
/*
|
||||
* The implementation must reserve static storage for a
|
||||
* gss_OID_desc object containing the value
|
||||
* {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
|
||||
* "\x01\x02\x01\x01"},
|
||||
* corresponding to an object-identifier value of
|
||||
* {iso(1) member-body(2) United States(840) mit(113554)
|
||||
* infosys(1) gssapi(2) generic(1) user_name(1)}. The constant
|
||||
* GSS_C_NT_USER_NAME should be initialized to point
|
||||
* to that gss_OID_desc.
|
||||
*/
|
||||
|
||||
static gss_OID_desc gss_c_nt_user_name_oid_desc =
|
||||
{10, (void *)"\x2a\x86\x48\x86\xf7\x12"
|
||||
"\x01\x02\x01\x01"};
|
||||
|
||||
gss_OID GSS_C_NT_USER_NAME = &gss_c_nt_user_name_oid_desc;
|
||||
|
||||
/*
|
||||
* The implementation must reserve static storage for a
|
||||
* gss_OID_desc object containing the value
|
||||
* {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
|
||||
* "\x01\x02\x01\x02"},
|
||||
* corresponding to an object-identifier value of
|
||||
* {iso(1) member-body(2) United States(840) mit(113554)
|
||||
* infosys(1) gssapi(2) generic(1) machine_uid_name(2)}.
|
||||
* The constant GSS_C_NT_MACHINE_UID_NAME should be
|
||||
* initialized to point to that gss_OID_desc.
|
||||
*/
|
||||
|
||||
static gss_OID_desc gss_c_nt_machine_uid_name_oid_desc =
|
||||
{10, (void *)"\x2a\x86\x48\x86\xf7\x12"
|
||||
"\x01\x02\x01\x02"};
|
||||
|
||||
gss_OID GSS_C_NT_MACHINE_UID_NAME = &gss_c_nt_machine_uid_name_oid_desc;
|
||||
|
||||
/*
|
||||
* The implementation must reserve static storage for a
|
||||
* gss_OID_desc object containing the value
|
||||
* {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
|
||||
* "\x01\x02\x01\x03"},
|
||||
* corresponding to an object-identifier value of
|
||||
* {iso(1) member-body(2) United States(840) mit(113554)
|
||||
* infosys(1) gssapi(2) generic(1) string_uid_name(3)}.
|
||||
* The constant GSS_C_NT_STRING_UID_NAME should be
|
||||
* initialized to point to that gss_OID_desc.
|
||||
*/
|
||||
|
||||
static gss_OID_desc gss_c_nt_string_uid_name_oid_desc =
|
||||
{10, (void *)"\x2a\x86\x48\x86\xf7\x12"
|
||||
"\x01\x02\x01\x03"};
|
||||
|
||||
gss_OID GSS_C_NT_STRING_UID_NAME = &gss_c_nt_string_uid_name_oid_desc;
|
||||
|
||||
/*
|
||||
* The implementation must reserve static storage for a
|
||||
* gss_OID_desc object containing the value
|
||||
* {6, (void *)"\x2b\x06\x01\x05\x06\x02"},
|
||||
* corresponding to an object-identifier value of
|
||||
* {iso(1) org(3) dod(6) internet(1) security(5)
|
||||
* nametypes(6) gss-host-based-services(2)). The constant
|
||||
* GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point
|
||||
* to that gss_OID_desc. This is a deprecated OID value, and
|
||||
* implementations wishing to support hostbased-service names
|
||||
* should instead use the GSS_C_NT_HOSTBASED_SERVICE OID,
|
||||
* defined below, to identify such names;
|
||||
* GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym
|
||||
* for GSS_C_NT_HOSTBASED_SERVICE when presented as an input
|
||||
* parameter, but should not be emitted by GSS-API
|
||||
* implementations
|
||||
*/
|
||||
|
||||
static gss_OID_desc gss_c_nt_hostbased_service_x_oid_desc =
|
||||
{6, (void *)"\x2b\x06\x01\x05\x06\x02"};
|
||||
|
||||
gss_OID GSS_C_NT_HOSTBASED_SERVICE_X = &gss_c_nt_hostbased_service_x_oid_desc;
|
||||
|
||||
/*
|
||||
* The implementation must reserve static storage for a
|
||||
* gss_OID_desc object containing the value
|
||||
* {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
|
||||
* "\x01\x02\x01\x04"}, corresponding to an
|
||||
* object-identifier value of {iso(1) member-body(2)
|
||||
* Unites States(840) mit(113554) infosys(1) gssapi(2)
|
||||
* generic(1) service_name(4)}. The constant
|
||||
* GSS_C_NT_HOSTBASED_SERVICE should be initialized
|
||||
* to point to that gss_OID_desc.
|
||||
*/
|
||||
static gss_OID_desc gss_c_nt_hostbased_service_oid_desc =
|
||||
{10, (void *)"\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x04"};
|
||||
|
||||
gss_OID GSS_C_NT_HOSTBASED_SERVICE = &gss_c_nt_hostbased_service_oid_desc;
|
||||
|
||||
/*
|
||||
* The implementation must reserve static storage for a
|
||||
* gss_OID_desc object containing the value
|
||||
* {6, (void *)"\x2b\x06\01\x05\x06\x03"},
|
||||
* corresponding to an object identifier value of
|
||||
* {1(iso), 3(org), 6(dod), 1(internet), 5(security),
|
||||
* 6(nametypes), 3(gss-anonymous-name)}. The constant
|
||||
* and GSS_C_NT_ANONYMOUS should be initialized to point
|
||||
* to that gss_OID_desc.
|
||||
*/
|
||||
|
||||
static gss_OID_desc gss_c_nt_anonymous_oid_desc =
|
||||
{6, (void *)"\x2b\x06\01\x05\x06\x03"};
|
||||
|
||||
gss_OID GSS_C_NT_ANONYMOUS = &gss_c_nt_anonymous_oid_desc;
|
||||
|
||||
/*
|
||||
* The implementation must reserve static storage for a
|
||||
* gss_OID_desc object containing the value
|
||||
* {6, (void *)"\x2b\x06\x01\x05\x06\x04"},
|
||||
* corresponding to an object-identifier value of
|
||||
* {1(iso), 3(org), 6(dod), 1(internet), 5(security),
|
||||
* 6(nametypes), 4(gss-api-exported-name)}. The constant
|
||||
* GSS_C_NT_EXPORT_NAME should be initialized to point
|
||||
* to that gss_OID_desc.
|
||||
*/
|
||||
|
||||
static gss_OID_desc gss_c_nt_export_name_oid_desc =
|
||||
{6, (void *)"\x2b\x06\x01\x05\x06\x04"};
|
||||
|
||||
gss_OID GSS_C_NT_EXPORT_NAME = &gss_c_nt_export_name_oid_desc;
|
||||
|
||||
/*
|
||||
* This name form shall be represented by the Object Identifier {iso(1)
|
||||
* member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
|
||||
* krb5(2) krb5_name(1)}. The recommended symbolic name for this type
|
||||
* is "GSS_KRB5_NT_PRINCIPAL_NAME".
|
||||
*/
|
||||
|
||||
static gss_OID_desc gss_krb5_nt_principal_name_oid_desc =
|
||||
{10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01"};
|
||||
|
||||
gss_OID GSS_KRB5_NT_PRINCIPAL_NAME = &gss_krb5_nt_principal_name_oid_desc;
|
||||
|
||||
/*
|
||||
* This name form shall be represented by the Object Identifier {iso(1)
|
||||
* member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
|
||||
* generic(1) user_name(1)}. The recommended symbolic name for this
|
||||
* type is "GSS_KRB5_NT_USER_NAME".
|
||||
*/
|
||||
|
||||
gss_OID GSS_KRB5_NT_USER_NAME = &gss_c_nt_user_name_oid_desc;
|
||||
|
||||
/*
|
||||
* This name form shall be represented by the Object Identifier {iso(1)
|
||||
* member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
|
||||
* generic(1) machine_uid_name(2)}. The recommended symbolic name for
|
||||
* this type is "GSS_KRB5_NT_MACHINE_UID_NAME".
|
||||
*/
|
||||
|
||||
gss_OID GSS_KRB5_NT_MACHINE_UID_NAME = &gss_c_nt_machine_uid_name_oid_desc;
|
||||
|
||||
/*
|
||||
* This name form shall be represented by the Object Identifier {iso(1)
|
||||
* member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
|
||||
* generic(1) string_uid_name(3)}. The recommended symbolic name for
|
||||
* this type is "GSS_KRB5_NT_STRING_UID_NAME".
|
||||
*/
|
||||
|
||||
gss_OID GSS_KRB5_NT_STRING_UID_NAME = &gss_c_nt_string_uid_name_oid_desc;
|
||||
|
||||
/*
|
||||
* To support ongoing experimentation, testing, and evolution of the
|
||||
* specification, the Kerberos V5 GSS-API mechanism as defined in this
|
||||
* and any successor memos will be identified with the following Object
|
||||
* Identifier, as defined in RFC-1510, until the specification is
|
||||
* advanced to the level of Proposed Standard RFC:
|
||||
*
|
||||
* {iso(1), org(3), dod(5), internet(1), security(5), kerberosv5(2)}
|
||||
*
|
||||
* Upon advancement to the level of Proposed Standard RFC, the Kerberos
|
||||
* V5 GSS-API mechanism will be identified by an Object Identifier
|
||||
* having the value:
|
||||
*
|
||||
* {iso(1) member-body(2) United States(840) mit(113554) infosys(1)
|
||||
* gssapi(2) krb5(2)}
|
||||
*/
|
||||
|
||||
#if 0 /* This is the old OID */
|
||||
|
||||
static gss_OID_desc gss_krb5_mechanism_oid_desc =
|
||||
{5, (void *)"\x2b\x05\x01\x05\x02"};
|
||||
|
||||
#endif
|
||||
|
||||
static gss_OID_desc gss_krb5_mechanism_oid_desc =
|
||||
{9, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"};
|
||||
|
||||
gss_OID GSS_KRB5_MECHANISM = &gss_krb5_mechanism_oid_desc;
|
||||
|
||||
/*
|
||||
* Context for krb5 calls.
|
||||
*/
|
||||
|
||||
krb5_context gssapi_krb5_context;
|
@ -1,295 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "gssapi_locl.h"
|
||||
|
||||
RCSID("$Id: get_mic.c,v 1.21.2.1 2003/09/18 22:05:12 lha Exp $");
|
||||
|
||||
static OM_uint32
|
||||
mic_des
|
||||
(OM_uint32 * minor_status,
|
||||
const gss_ctx_id_t context_handle,
|
||||
gss_qop_t qop_req,
|
||||
const gss_buffer_t message_buffer,
|
||||
gss_buffer_t message_token,
|
||||
krb5_keyblock *key
|
||||
)
|
||||
{
|
||||
u_char *p;
|
||||
MD5_CTX md5;
|
||||
u_char hash[16];
|
||||
des_key_schedule schedule;
|
||||
des_cblock deskey;
|
||||
des_cblock zero;
|
||||
int32_t seq_number;
|
||||
size_t len, total_len;
|
||||
|
||||
gssapi_krb5_encap_length (22, &len, &total_len);
|
||||
|
||||
message_token->length = total_len;
|
||||
message_token->value = malloc (total_len);
|
||||
if (message_token->value == NULL) {
|
||||
*minor_status = ENOMEM;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
p = gssapi_krb5_make_header(message_token->value,
|
||||
len,
|
||||
"\x01\x01"); /* TOK_ID */
|
||||
|
||||
memcpy (p, "\x00\x00", 2); /* SGN_ALG = DES MAC MD5 */
|
||||
p += 2;
|
||||
|
||||
memcpy (p, "\xff\xff\xff\xff", 4); /* Filler */
|
||||
p += 4;
|
||||
|
||||
/* Fill in later (SND-SEQ) */
|
||||
memset (p, 0, 16);
|
||||
p += 16;
|
||||
|
||||
/* checksum */
|
||||
MD5_Init (&md5);
|
||||
MD5_Update (&md5, p - 24, 8);
|
||||
MD5_Update (&md5, message_buffer->value, message_buffer->length);
|
||||
MD5_Final (hash, &md5);
|
||||
|
||||
memset (&zero, 0, sizeof(zero));
|
||||
memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
|
||||
des_set_key (&deskey, schedule);
|
||||
des_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
|
||||
schedule, &zero);
|
||||
memcpy (p - 8, hash, 8); /* SGN_CKSUM */
|
||||
|
||||
/* sequence number */
|
||||
krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,
|
||||
context_handle->auth_context,
|
||||
&seq_number);
|
||||
|
||||
p -= 16; /* SND_SEQ */
|
||||
p[0] = (seq_number >> 0) & 0xFF;
|
||||
p[1] = (seq_number >> 8) & 0xFF;
|
||||
p[2] = (seq_number >> 16) & 0xFF;
|
||||
p[3] = (seq_number >> 24) & 0xFF;
|
||||
memset (p + 4,
|
||||
(context_handle->more_flags & LOCAL) ? 0 : 0xFF,
|
||||
4);
|
||||
|
||||
des_set_key (&deskey, schedule);
|
||||
des_cbc_encrypt ((void *)p, (void *)p, 8,
|
||||
schedule, (des_cblock *)(p + 8), DES_ENCRYPT);
|
||||
|
||||
krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,
|
||||
context_handle->auth_context,
|
||||
++seq_number);
|
||||
|
||||
memset (deskey, 0, sizeof(deskey));
|
||||
memset (schedule, 0, sizeof(schedule));
|
||||
|
||||
*minor_status = 0;
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
||||
|
||||
static OM_uint32
|
||||
mic_des3
|
||||
(OM_uint32 * minor_status,
|
||||
const gss_ctx_id_t context_handle,
|
||||
gss_qop_t qop_req,
|
||||
const gss_buffer_t message_buffer,
|
||||
gss_buffer_t message_token,
|
||||
krb5_keyblock *key
|
||||
)
|
||||
{
|
||||
u_char *p;
|
||||
Checksum cksum;
|
||||
u_char seq[8];
|
||||
|
||||
int32_t seq_number;
|
||||
size_t len, total_len;
|
||||
|
||||
krb5_crypto crypto;
|
||||
krb5_error_code kret;
|
||||
krb5_data encdata;
|
||||
char *tmp;
|
||||
char ivec[8];
|
||||
|
||||
gssapi_krb5_encap_length (36, &len, &total_len);
|
||||
|
||||
message_token->length = total_len;
|
||||
message_token->value = malloc (total_len);
|
||||
if (message_token->value == NULL) {
|
||||
*minor_status = ENOMEM;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
p = gssapi_krb5_make_header(message_token->value,
|
||||
len,
|
||||
"\x01\x01"); /* TOK-ID */
|
||||
|
||||
memcpy (p, "\x04\x00", 2); /* SGN_ALG = HMAC SHA1 DES3-KD */
|
||||
p += 2;
|
||||
|
||||
memcpy (p, "\xff\xff\xff\xff", 4); /* filler */
|
||||
p += 4;
|
||||
|
||||
/* this should be done in parts */
|
||||
|
||||
tmp = malloc (message_buffer->length + 8);
|
||||
if (tmp == NULL) {
|
||||
free (message_token->value);
|
||||
*minor_status = ENOMEM;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
memcpy (tmp, p - 8, 8);
|
||||
memcpy (tmp + 8, message_buffer->value, message_buffer->length);
|
||||
|
||||
kret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto);
|
||||
if (kret) {
|
||||
free (message_token->value);
|
||||
free (tmp);
|
||||
gssapi_krb5_set_error_string ();
|
||||
*minor_status = kret;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
kret = krb5_create_checksum (gssapi_krb5_context,
|
||||
crypto,
|
||||
KRB5_KU_USAGE_SIGN,
|
||||
0,
|
||||
tmp,
|
||||
message_buffer->length + 8,
|
||||
&cksum);
|
||||
free (tmp);
|
||||
krb5_crypto_destroy (gssapi_krb5_context, crypto);
|
||||
if (kret) {
|
||||
free (message_token->value);
|
||||
gssapi_krb5_set_error_string ();
|
||||
*minor_status = kret;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
memcpy (p + 8, cksum.checksum.data, cksum.checksum.length);
|
||||
|
||||
/* sequence number */
|
||||
krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,
|
||||
context_handle->auth_context,
|
||||
&seq_number);
|
||||
|
||||
seq[0] = (seq_number >> 0) & 0xFF;
|
||||
seq[1] = (seq_number >> 8) & 0xFF;
|
||||
seq[2] = (seq_number >> 16) & 0xFF;
|
||||
seq[3] = (seq_number >> 24) & 0xFF;
|
||||
memset (seq + 4,
|
||||
(context_handle->more_flags & LOCAL) ? 0 : 0xFF,
|
||||
4);
|
||||
|
||||
kret = krb5_crypto_init(gssapi_krb5_context, key,
|
||||
ETYPE_DES3_CBC_NONE, &crypto);
|
||||
if (kret) {
|
||||
free (message_token->value);
|
||||
gssapi_krb5_set_error_string ();
|
||||
*minor_status = kret;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
if (context_handle->more_flags & COMPAT_OLD_DES3)
|
||||
memset(ivec, 0, 8);
|
||||
else
|
||||
memcpy(ivec, p + 8, 8);
|
||||
|
||||
kret = krb5_encrypt_ivec (gssapi_krb5_context,
|
||||
crypto,
|
||||
KRB5_KU_USAGE_SEQ,
|
||||
seq, 8, &encdata, ivec);
|
||||
krb5_crypto_destroy (gssapi_krb5_context, crypto);
|
||||
if (kret) {
|
||||
free (message_token->value);
|
||||
gssapi_krb5_set_error_string ();
|
||||
*minor_status = kret;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
assert (encdata.length == 8);
|
||||
|
||||
memcpy (p, encdata.data, encdata.length);
|
||||
krb5_data_free (&encdata);
|
||||
|
||||
krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,
|
||||
context_handle->auth_context,
|
||||
++seq_number);
|
||||
|
||||
free_Checksum (&cksum);
|
||||
*minor_status = 0;
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
||||
|
||||
OM_uint32 gss_get_mic
|
||||
(OM_uint32 * minor_status,
|
||||
const gss_ctx_id_t context_handle,
|
||||
gss_qop_t qop_req,
|
||||
const gss_buffer_t message_buffer,
|
||||
gss_buffer_t message_token
|
||||
)
|
||||
{
|
||||
krb5_keyblock *key;
|
||||
OM_uint32 ret;
|
||||
krb5_keytype keytype;
|
||||
|
||||
ret = gss_krb5_get_localkey(context_handle, &key);
|
||||
if (ret) {
|
||||
gssapi_krb5_set_error_string ();
|
||||
*minor_status = ret;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype);
|
||||
|
||||
switch (keytype) {
|
||||
case KEYTYPE_DES :
|
||||
ret = mic_des (minor_status, context_handle, qop_req,
|
||||
message_buffer, message_token, key);
|
||||
break;
|
||||
case KEYTYPE_DES3 :
|
||||
ret = mic_des3 (minor_status, context_handle, qop_req,
|
||||
message_buffer, message_token, key);
|
||||
break;
|
||||
case KEYTYPE_ARCFOUR:
|
||||
ret = _gssapi_get_mic_arcfour (minor_status, context_handle, qop_req,
|
||||
message_buffer, message_token, key);
|
||||
break;
|
||||
default :
|
||||
*minor_status = KRB5_PROG_ETYPE_NOSUPP;
|
||||
ret = GSS_S_FAILURE;
|
||||
break;
|
||||
}
|
||||
krb5_free_keyblock (gssapi_krb5_context, key);
|
||||
return ret;
|
||||
}
|
@ -1,180 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/* $Id: gssapi_locl.h,v 1.24.2.5 2003/09/18 22:01:52 lha Exp $ */
|
||||
/* $FreeBSD$ */
|
||||
|
||||
#ifndef GSSAPI_LOCL_H
|
||||
#define GSSAPI_LOCL_H
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
#endif
|
||||
|
||||
#include <krb5_locl.h>
|
||||
#include "gssapi.h"
|
||||
#include <assert.h>
|
||||
|
||||
#include "arcfour.h"
|
||||
|
||||
extern krb5_context gssapi_krb5_context;
|
||||
|
||||
extern krb5_keytab gssapi_krb5_keytab;
|
||||
|
||||
krb5_error_code gssapi_krb5_init (void);
|
||||
|
||||
#define GSSAPI_KRB5_INIT() do { \
|
||||
krb5_error_code kret; \
|
||||
if((kret = gssapi_krb5_init ()) != 0) { \
|
||||
*minor_status = kret; \
|
||||
return GSS_S_FAILURE; \
|
||||
} \
|
||||
} while (0)
|
||||
|
||||
OM_uint32
|
||||
gssapi_krb5_create_8003_checksum (
|
||||
OM_uint32 *minor_status,
|
||||
const gss_channel_bindings_t input_chan_bindings,
|
||||
OM_uint32 flags,
|
||||
const krb5_data *fwd_data,
|
||||
Checksum *result);
|
||||
|
||||
OM_uint32
|
||||
gssapi_krb5_verify_8003_checksum (
|
||||
OM_uint32 *minor_status,
|
||||
const gss_channel_bindings_t input_chan_bindings,
|
||||
const Checksum *cksum,
|
||||
OM_uint32 *flags,
|
||||
krb5_data *fwd_data);
|
||||
|
||||
OM_uint32
|
||||
gssapi_krb5_encapsulate(
|
||||
OM_uint32 *minor_status,
|
||||
const krb5_data *in_data,
|
||||
gss_buffer_t output_token,
|
||||
u_char *type);
|
||||
|
||||
u_char *
|
||||
_gssapi_make_mech_header(u_char *p,
|
||||
size_t len);
|
||||
|
||||
OM_uint32
|
||||
gssapi_krb5_decapsulate(
|
||||
OM_uint32 *minor_status,
|
||||
gss_buffer_t input_token_buffer,
|
||||
krb5_data *out_data,
|
||||
char *type);
|
||||
|
||||
void
|
||||
gssapi_krb5_encap_length (size_t data_len,
|
||||
size_t *len,
|
||||
size_t *total_len);
|
||||
|
||||
u_char *
|
||||
gssapi_krb5_make_header (u_char *p,
|
||||
size_t len,
|
||||
u_char *type);
|
||||
|
||||
OM_uint32
|
||||
gssapi_krb5_verify_header(u_char **str,
|
||||
size_t total_len,
|
||||
char *type);
|
||||
|
||||
|
||||
OM_uint32
|
||||
_gssapi_verify_mech_header(u_char **str,
|
||||
size_t total_len);
|
||||
|
||||
OM_uint32
|
||||
_gssapi_verify_pad(gss_buffer_t, size_t, size_t *);
|
||||
|
||||
OM_uint32
|
||||
gss_verify_mic_internal(OM_uint32 * minor_status,
|
||||
const gss_ctx_id_t context_handle,
|
||||
const gss_buffer_t message_buffer,
|
||||
const gss_buffer_t token_buffer,
|
||||
gss_qop_t * qop_state,
|
||||
char * type);
|
||||
|
||||
OM_uint32
|
||||
gss_krb5_get_remotekey(const gss_ctx_id_t context_handle,
|
||||
krb5_keyblock **key);
|
||||
|
||||
OM_uint32
|
||||
gss_krb5_get_localkey(const gss_ctx_id_t context_handle,
|
||||
krb5_keyblock **key);
|
||||
|
||||
krb5_error_code
|
||||
gss_address_to_krb5addr(OM_uint32 gss_addr_type,
|
||||
gss_buffer_desc *gss_addr,
|
||||
int16_t port,
|
||||
krb5_address *address);
|
||||
|
||||
/* sec_context flags */
|
||||
|
||||
#define SC_LOCAL_ADDRESS 0x01
|
||||
#define SC_REMOTE_ADDRESS 0x02
|
||||
#define SC_KEYBLOCK 0x04
|
||||
#define SC_LOCAL_SUBKEY 0x08
|
||||
#define SC_REMOTE_SUBKEY 0x10
|
||||
|
||||
int
|
||||
gss_oid_equal(const gss_OID a, const gss_OID b);
|
||||
|
||||
void
|
||||
gssapi_krb5_set_error_string (void);
|
||||
|
||||
char *
|
||||
gssapi_krb5_get_error_string (void);
|
||||
|
||||
OM_uint32
|
||||
_gss_DES3_get_mic_compat(OM_uint32 *minor_status, gss_ctx_id_t ctx);
|
||||
|
||||
OM_uint32
|
||||
gssapi_lifetime_left(OM_uint32 *, OM_uint32, OM_uint32 *);
|
||||
|
||||
/* 8003 */
|
||||
|
||||
krb5_error_code
|
||||
gssapi_encode_om_uint32(OM_uint32, u_char *);
|
||||
|
||||
krb5_error_code
|
||||
gssapi_encode_be_om_uint32(OM_uint32, u_char *);
|
||||
|
||||
krb5_error_code
|
||||
gssapi_decode_om_uint32(u_char *, OM_uint32 *);
|
||||
|
||||
krb5_error_code
|
||||
gssapi_decode_be_om_uint32(u_char *, OM_uint32 *);
|
||||
|
||||
#endif
|
@ -1,229 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "gssapi_locl.h"
|
||||
|
||||
RCSID("$Id: import_name.c,v 1.13 2003/03/16 17:33:31 lha Exp $");
|
||||
|
||||
static OM_uint32
|
||||
parse_krb5_name (OM_uint32 *minor_status,
|
||||
const char *name,
|
||||
gss_name_t *output_name)
|
||||
{
|
||||
krb5_error_code kerr;
|
||||
|
||||
kerr = krb5_parse_name (gssapi_krb5_context, name, output_name);
|
||||
|
||||
if (kerr == 0)
|
||||
return GSS_S_COMPLETE;
|
||||
else if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED) {
|
||||
gssapi_krb5_set_error_string ();
|
||||
*minor_status = kerr;
|
||||
return GSS_S_BAD_NAME;
|
||||
} else {
|
||||
gssapi_krb5_set_error_string ();
|
||||
*minor_status = kerr;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
}
|
||||
|
||||
static OM_uint32
|
||||
import_krb5_name (OM_uint32 *minor_status,
|
||||
const gss_buffer_t input_name_buffer,
|
||||
gss_name_t *output_name)
|
||||
{
|
||||
OM_uint32 ret;
|
||||
char *tmp;
|
||||
|
||||
tmp = malloc (input_name_buffer->length + 1);
|
||||
if (tmp == NULL) {
|
||||
*minor_status = ENOMEM;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
memcpy (tmp,
|
||||
input_name_buffer->value,
|
||||
input_name_buffer->length);
|
||||
tmp[input_name_buffer->length] = '\0';
|
||||
|
||||
ret = parse_krb5_name(minor_status, tmp, output_name);
|
||||
free(tmp);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
static OM_uint32
|
||||
import_hostbased_name (OM_uint32 *minor_status,
|
||||
const gss_buffer_t input_name_buffer,
|
||||
gss_name_t *output_name)
|
||||
{
|
||||
krb5_error_code kerr;
|
||||
char *tmp;
|
||||
char *p;
|
||||
char *host;
|
||||
char local_hostname[MAXHOSTNAMELEN];
|
||||
|
||||
*output_name = NULL;
|
||||
|
||||
tmp = malloc (input_name_buffer->length + 1);
|
||||
if (tmp == NULL) {
|
||||
*minor_status = ENOMEM;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
memcpy (tmp,
|
||||
input_name_buffer->value,
|
||||
input_name_buffer->length);
|
||||
tmp[input_name_buffer->length] = '\0';
|
||||
|
||||
p = strchr (tmp, '@');
|
||||
if (p != NULL) {
|
||||
*p = '\0';
|
||||
host = p + 1;
|
||||
} else {
|
||||
if (gethostname(local_hostname, sizeof(local_hostname)) < 0) {
|
||||
*minor_status = errno;
|
||||
free (tmp);
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
host = local_hostname;
|
||||
}
|
||||
|
||||
kerr = krb5_sname_to_principal (gssapi_krb5_context,
|
||||
host,
|
||||
tmp,
|
||||
KRB5_NT_SRV_HST,
|
||||
output_name);
|
||||
free (tmp);
|
||||
*minor_status = kerr;
|
||||
if (kerr == 0)
|
||||
return GSS_S_COMPLETE;
|
||||
else if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED) {
|
||||
gssapi_krb5_set_error_string ();
|
||||
*minor_status = kerr;
|
||||
return GSS_S_BAD_NAME;
|
||||
} else {
|
||||
gssapi_krb5_set_error_string ();
|
||||
*minor_status = kerr;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
}
|
||||
|
||||
static OM_uint32
|
||||
import_export_name (OM_uint32 *minor_status,
|
||||
const gss_buffer_t input_name_buffer,
|
||||
gss_name_t *output_name)
|
||||
{
|
||||
unsigned char *p;
|
||||
uint32_t length;
|
||||
OM_uint32 ret;
|
||||
char *name;
|
||||
|
||||
if (input_name_buffer->length < 10 + GSS_KRB5_MECHANISM->length)
|
||||
return GSS_S_BAD_NAME;
|
||||
|
||||
/* TOK, MECH_OID_LEN, DER(MECH_OID), NAME_LEN, NAME */
|
||||
|
||||
p = input_name_buffer->value;
|
||||
|
||||
if (memcmp(&p[0], "\x04\x01\x00", 3) != 0 ||
|
||||
p[3] != GSS_KRB5_MECHANISM->length + 2 ||
|
||||
p[4] != 0x06 ||
|
||||
p[5] != GSS_KRB5_MECHANISM->length ||
|
||||
memcmp(&p[6], GSS_KRB5_MECHANISM->elements,
|
||||
GSS_KRB5_MECHANISM->length) != 0)
|
||||
return GSS_S_BAD_NAME;
|
||||
|
||||
p += 6 + GSS_KRB5_MECHANISM->length;
|
||||
|
||||
length = p[0] << 24 | p[1] << 16 | p[2] << 8 | p[3];
|
||||
p += 4;
|
||||
|
||||
if (length > input_name_buffer->length - 10 - GSS_KRB5_MECHANISM->length)
|
||||
return GSS_S_BAD_NAME;
|
||||
|
||||
name = malloc(length + 1);
|
||||
if (name == NULL) {
|
||||
*minor_status = ENOMEM;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
memcpy(name, p, length);
|
||||
name[length] = '\0';
|
||||
|
||||
ret = parse_krb5_name(minor_status, name, output_name);
|
||||
free(name);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
int
|
||||
gss_oid_equal(const gss_OID a, const gss_OID b)
|
||||
{
|
||||
if (a == b)
|
||||
return 1;
|
||||
else if (a == GSS_C_NO_OID || b == GSS_C_NO_OID || a->length != b->length)
|
||||
return 0;
|
||||
else
|
||||
return memcmp(a->elements, b->elements, a->length) == 0;
|
||||
}
|
||||
|
||||
OM_uint32 gss_import_name
|
||||
(OM_uint32 * minor_status,
|
||||
const gss_buffer_t input_name_buffer,
|
||||
const gss_OID input_name_type,
|
||||
gss_name_t * output_name
|
||||
)
|
||||
{
|
||||
GSSAPI_KRB5_INIT ();
|
||||
|
||||
*minor_status = 0;
|
||||
*output_name = GSS_C_NO_NAME;
|
||||
|
||||
if (gss_oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE))
|
||||
return import_hostbased_name (minor_status,
|
||||
input_name_buffer,
|
||||
output_name);
|
||||
else if (gss_oid_equal(input_name_type, GSS_C_NO_OID)
|
||||
|| gss_oid_equal(input_name_type, GSS_C_NT_USER_NAME)
|
||||
|| gss_oid_equal(input_name_type, GSS_KRB5_NT_PRINCIPAL_NAME))
|
||||
/* default printable syntax */
|
||||
return import_krb5_name (minor_status,
|
||||
input_name_buffer,
|
||||
output_name);
|
||||
else if (gss_oid_equal(input_name_type, GSS_C_NT_EXPORT_NAME)) {
|
||||
return import_export_name(minor_status,
|
||||
input_name_buffer,
|
||||
output_name);
|
||||
} else {
|
||||
*minor_status = 0;
|
||||
return GSS_S_BAD_NAMETYPE;
|
||||
}
|
||||
}
|
@ -1,212 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 1999 - 2003 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "gssapi_locl.h"
|
||||
|
||||
RCSID("$Id: import_sec_context.c,v 1.7 2003/03/16 18:01:32 lha Exp $");
|
||||
|
||||
OM_uint32
|
||||
gss_import_sec_context (
|
||||
OM_uint32 * minor_status,
|
||||
const gss_buffer_t interprocess_token,
|
||||
gss_ctx_id_t * context_handle
|
||||
)
|
||||
{
|
||||
OM_uint32 ret = GSS_S_FAILURE;
|
||||
krb5_error_code kret;
|
||||
krb5_storage *sp;
|
||||
krb5_auth_context ac;
|
||||
krb5_address local, remote;
|
||||
krb5_address *localp, *remotep;
|
||||
krb5_data data;
|
||||
gss_buffer_desc buffer;
|
||||
krb5_keyblock keyblock;
|
||||
int32_t tmp;
|
||||
int32_t flags;
|
||||
OM_uint32 minor;
|
||||
|
||||
GSSAPI_KRB5_INIT ();
|
||||
|
||||
localp = remotep = NULL;
|
||||
|
||||
sp = krb5_storage_from_mem (interprocess_token->value,
|
||||
interprocess_token->length);
|
||||
if (sp == NULL) {
|
||||
*minor_status = ENOMEM;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
*context_handle = malloc(sizeof(**context_handle));
|
||||
if (*context_handle == NULL) {
|
||||
*minor_status = ENOMEM;
|
||||
krb5_storage_free (sp);
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
memset (*context_handle, 0, sizeof(**context_handle));
|
||||
|
||||
kret = krb5_auth_con_init (gssapi_krb5_context,
|
||||
&(*context_handle)->auth_context);
|
||||
if (kret) {
|
||||
gssapi_krb5_set_error_string ();
|
||||
*minor_status = kret;
|
||||
ret = GSS_S_FAILURE;
|
||||
goto failure;
|
||||
}
|
||||
|
||||
/* flags */
|
||||
|
||||
*minor_status = 0;
|
||||
|
||||
if (krb5_ret_int32 (sp, &flags) != 0)
|
||||
goto failure;
|
||||
|
||||
/* retrieve the auth context */
|
||||
|
||||
ac = (*context_handle)->auth_context;
|
||||
krb5_ret_int32 (sp, &ac->flags);
|
||||
if (flags & SC_LOCAL_ADDRESS) {
|
||||
if (krb5_ret_address (sp, localp = &local) != 0)
|
||||
goto failure;
|
||||
}
|
||||
|
||||
if (flags & SC_REMOTE_ADDRESS) {
|
||||
if (krb5_ret_address (sp, remotep = &remote) != 0)
|
||||
goto failure;
|
||||
}
|
||||
|
||||
krb5_auth_con_setaddrs (gssapi_krb5_context, ac, localp, remotep);
|
||||
if (localp)
|
||||
krb5_free_address (gssapi_krb5_context, localp);
|
||||
if (remotep)
|
||||
krb5_free_address (gssapi_krb5_context, remotep);
|
||||
localp = remotep = NULL;
|
||||
|
||||
if (krb5_ret_int16 (sp, &ac->local_port) != 0)
|
||||
goto failure;
|
||||
|
||||
if (krb5_ret_int16 (sp, &ac->remote_port) != 0)
|
||||
goto failure;
|
||||
if (flags & SC_KEYBLOCK) {
|
||||
if (krb5_ret_keyblock (sp, &keyblock) != 0)
|
||||
goto failure;
|
||||
krb5_auth_con_setkey (gssapi_krb5_context, ac, &keyblock);
|
||||
krb5_free_keyblock_contents (gssapi_krb5_context, &keyblock);
|
||||
}
|
||||
if (flags & SC_LOCAL_SUBKEY) {
|
||||
if (krb5_ret_keyblock (sp, &keyblock) != 0)
|
||||
goto failure;
|
||||
krb5_auth_con_setlocalsubkey (gssapi_krb5_context, ac, &keyblock);
|
||||
krb5_free_keyblock_contents (gssapi_krb5_context, &keyblock);
|
||||
}
|
||||
if (flags & SC_REMOTE_SUBKEY) {
|
||||
if (krb5_ret_keyblock (sp, &keyblock) != 0)
|
||||
goto failure;
|
||||
krb5_auth_con_setremotesubkey (gssapi_krb5_context, ac, &keyblock);
|
||||
krb5_free_keyblock_contents (gssapi_krb5_context, &keyblock);
|
||||
}
|
||||
if (krb5_ret_int32 (sp, &ac->local_seqnumber))
|
||||
goto failure;
|
||||
if (krb5_ret_int32 (sp, &ac->remote_seqnumber))
|
||||
goto failure;
|
||||
|
||||
if (krb5_ret_int32 (sp, &tmp) != 0)
|
||||
goto failure;
|
||||
ac->keytype = tmp;
|
||||
if (krb5_ret_int32 (sp, &tmp) != 0)
|
||||
goto failure;
|
||||
ac->cksumtype = tmp;
|
||||
|
||||
/* names */
|
||||
|
||||
if (krb5_ret_data (sp, &data))
|
||||
goto failure;
|
||||
buffer.value = data.data;
|
||||
buffer.length = data.length;
|
||||
|
||||
ret = gss_import_name (minor_status, &buffer, GSS_C_NT_EXPORT_NAME,
|
||||
&(*context_handle)->source);
|
||||
if (ret) {
|
||||
ret = gss_import_name (minor_status, &buffer, GSS_C_NO_OID,
|
||||
&(*context_handle)->source);
|
||||
if (ret) {
|
||||
krb5_data_free (&data);
|
||||
goto failure;
|
||||
}
|
||||
}
|
||||
krb5_data_free (&data);
|
||||
|
||||
if (krb5_ret_data (sp, &data) != 0)
|
||||
goto failure;
|
||||
buffer.value = data.data;
|
||||
buffer.length = data.length;
|
||||
|
||||
ret = gss_import_name (minor_status, &buffer, GSS_C_NT_EXPORT_NAME,
|
||||
&(*context_handle)->target);
|
||||
if (ret) {
|
||||
ret = gss_import_name (minor_status, &buffer, GSS_C_NO_OID,
|
||||
&(*context_handle)->target);
|
||||
if (ret) {
|
||||
krb5_data_free (&data);
|
||||
goto failure;
|
||||
}
|
||||
}
|
||||
krb5_data_free (&data);
|
||||
|
||||
if (krb5_ret_int32 (sp, &tmp))
|
||||
goto failure;
|
||||
(*context_handle)->flags = tmp;
|
||||
if (krb5_ret_int32 (sp, &tmp))
|
||||
goto failure;
|
||||
(*context_handle)->more_flags = tmp;
|
||||
if (krb5_ret_int32 (sp, &tmp) == 0)
|
||||
(*context_handle)->lifetime = tmp;
|
||||
else
|
||||
(*context_handle)->lifetime = GSS_C_INDEFINITE;
|
||||
|
||||
return GSS_S_COMPLETE;
|
||||
|
||||
failure:
|
||||
krb5_auth_con_free (gssapi_krb5_context,
|
||||
(*context_handle)->auth_context);
|
||||
if ((*context_handle)->source != NULL)
|
||||
gss_release_name(&minor, &(*context_handle)->source);
|
||||
if ((*context_handle)->target != NULL)
|
||||
gss_release_name(&minor, &(*context_handle)->target);
|
||||
if (localp)
|
||||
krb5_free_address (gssapi_krb5_context, localp);
|
||||
if (remotep)
|
||||
krb5_free_address (gssapi_krb5_context, remotep);
|
||||
free (*context_handle);
|
||||
*context_handle = GSS_C_NO_CONTEXT;
|
||||
return ret;
|
||||
}
|
@ -1,55 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "gssapi_locl.h"
|
||||
|
||||
RCSID("$Id: indicate_mechs.c,v 1.5 2003/03/16 17:38:20 lha Exp $");
|
||||
|
||||
OM_uint32 gss_indicate_mechs
|
||||
(OM_uint32 * minor_status,
|
||||
gss_OID_set * mech_set
|
||||
)
|
||||
{
|
||||
OM_uint32 ret;
|
||||
|
||||
ret = gss_create_empty_oid_set(minor_status, mech_set);
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM, mech_set);
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
*minor_status = 0;
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
@ -1,44 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "gssapi_locl.h"
|
||||
|
||||
RCSID("$Id: init.c,v 1.6 2001/08/13 13:14:07 joda Exp $");
|
||||
|
||||
krb5_error_code
|
||||
gssapi_krb5_init (void)
|
||||
{
|
||||
if(gssapi_krb5_context == NULL)
|
||||
return krb5_init_context (&gssapi_krb5_context);
|
||||
return 0;
|
||||
}
|
@ -1,578 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "gssapi_locl.h"
|
||||
|
||||
RCSID("$Id: init_sec_context.c,v 1.36.2.1 2003/08/15 14:21:18 lha Exp $");
|
||||
|
||||
/*
|
||||
* copy the addresses from `input_chan_bindings' (if any) to
|
||||
* the auth context `ac'
|
||||
*/
|
||||
|
||||
static OM_uint32
|
||||
set_addresses (krb5_auth_context ac,
|
||||
const gss_channel_bindings_t input_chan_bindings)
|
||||
{
|
||||
/* Port numbers are expected to be in application_data.value,
|
||||
* initator's port first */
|
||||
|
||||
krb5_address initiator_addr, acceptor_addr;
|
||||
krb5_error_code kret;
|
||||
|
||||
if (input_chan_bindings == GSS_C_NO_CHANNEL_BINDINGS
|
||||
|| input_chan_bindings->application_data.length !=
|
||||
2 * sizeof(ac->local_port))
|
||||
return 0;
|
||||
|
||||
memset(&initiator_addr, 0, sizeof(initiator_addr));
|
||||
memset(&acceptor_addr, 0, sizeof(acceptor_addr));
|
||||
|
||||
ac->local_port =
|
||||
*(int16_t *) input_chan_bindings->application_data.value;
|
||||
|
||||
ac->remote_port =
|
||||
*((int16_t *) input_chan_bindings->application_data.value + 1);
|
||||
|
||||
kret = gss_address_to_krb5addr(input_chan_bindings->acceptor_addrtype,
|
||||
&input_chan_bindings->acceptor_address,
|
||||
ac->remote_port,
|
||||
&acceptor_addr);
|
||||
if (kret)
|
||||
return kret;
|
||||
|
||||
kret = gss_address_to_krb5addr(input_chan_bindings->initiator_addrtype,
|
||||
&input_chan_bindings->initiator_address,
|
||||
ac->local_port,
|
||||
&initiator_addr);
|
||||
if (kret) {
|
||||
krb5_free_address (gssapi_krb5_context, &acceptor_addr);
|
||||
return kret;
|
||||
}
|
||||
|
||||
kret = krb5_auth_con_setaddrs(gssapi_krb5_context,
|
||||
ac,
|
||||
&initiator_addr, /* local address */
|
||||
&acceptor_addr); /* remote address */
|
||||
|
||||
krb5_free_address (gssapi_krb5_context, &initiator_addr);
|
||||
krb5_free_address (gssapi_krb5_context, &acceptor_addr);
|
||||
|
||||
#if 0
|
||||
free(input_chan_bindings->application_data.value);
|
||||
input_chan_bindings->application_data.value = NULL;
|
||||
input_chan_bindings->application_data.length = 0;
|
||||
#endif
|
||||
|
||||
return kret;
|
||||
}
|
||||
|
||||
/*
|
||||
* handle delegated creds in init-sec-context
|
||||
*/
|
||||
|
||||
static void
|
||||
do_delegation (krb5_auth_context ac,
|
||||
krb5_ccache ccache,
|
||||
krb5_creds *cred,
|
||||
const gss_name_t target_name,
|
||||
krb5_data *fwd_data,
|
||||
int *flags)
|
||||
{
|
||||
krb5_creds creds;
|
||||
krb5_kdc_flags fwd_flags;
|
||||
krb5_error_code kret;
|
||||
|
||||
memset (&creds, 0, sizeof(creds));
|
||||
krb5_data_zero (fwd_data);
|
||||
|
||||
kret = krb5_cc_get_principal(gssapi_krb5_context, ccache, &creds.client);
|
||||
if (kret)
|
||||
goto out;
|
||||
|
||||
kret = krb5_build_principal(gssapi_krb5_context,
|
||||
&creds.server,
|
||||
strlen(creds.client->realm),
|
||||
creds.client->realm,
|
||||
KRB5_TGS_NAME,
|
||||
creds.client->realm,
|
||||
NULL);
|
||||
if (kret)
|
||||
goto out;
|
||||
|
||||
creds.times.endtime = 0;
|
||||
|
||||
fwd_flags.i = 0;
|
||||
fwd_flags.b.forwarded = 1;
|
||||
fwd_flags.b.forwardable = 1;
|
||||
|
||||
if ( /*target_name->name.name_type != KRB5_NT_SRV_HST ||*/
|
||||
target_name->name.name_string.len < 2)
|
||||
goto out;
|
||||
|
||||
kret = krb5_get_forwarded_creds(gssapi_krb5_context,
|
||||
ac,
|
||||
ccache,
|
||||
fwd_flags.i,
|
||||
target_name->name.name_string.val[1],
|
||||
&creds,
|
||||
fwd_data);
|
||||
|
||||
out:
|
||||
if (kret)
|
||||
*flags &= ~GSS_C_DELEG_FLAG;
|
||||
else
|
||||
*flags |= GSS_C_DELEG_FLAG;
|
||||
|
||||
if (creds.client)
|
||||
krb5_free_principal(gssapi_krb5_context, creds.client);
|
||||
if (creds.server)
|
||||
krb5_free_principal(gssapi_krb5_context, creds.server);
|
||||
}
|
||||
|
||||
/*
|
||||
* first stage of init-sec-context
|
||||
*/
|
||||
|
||||
static OM_uint32
|
||||
init_auth
|
||||
(OM_uint32 * minor_status,
|
||||
const gss_cred_id_t initiator_cred_handle,
|
||||
gss_ctx_id_t * context_handle,
|
||||
const gss_name_t target_name,
|
||||
const gss_OID mech_type,
|
||||
OM_uint32 req_flags,
|
||||
OM_uint32 time_req,
|
||||
const gss_channel_bindings_t input_chan_bindings,
|
||||
const gss_buffer_t input_token,
|
||||
gss_OID * actual_mech_type,
|
||||
gss_buffer_t output_token,
|
||||
OM_uint32 * ret_flags,
|
||||
OM_uint32 * time_rec
|
||||
)
|
||||
{
|
||||
OM_uint32 ret = GSS_S_FAILURE;
|
||||
krb5_error_code kret;
|
||||
krb5_flags ap_options;
|
||||
krb5_creds this_cred, *cred;
|
||||
krb5_data outbuf;
|
||||
krb5_ccache ccache;
|
||||
u_int32_t flags;
|
||||
Authenticator *auth;
|
||||
krb5_data authenticator;
|
||||
Checksum cksum;
|
||||
krb5_enctype enctype;
|
||||
krb5_data fwd_data;
|
||||
OM_uint32 lifetime_rec;
|
||||
|
||||
krb5_data_zero(&outbuf);
|
||||
krb5_data_zero(&fwd_data);
|
||||
|
||||
*minor_status = 0;
|
||||
|
||||
*context_handle = malloc(sizeof(**context_handle));
|
||||
if (*context_handle == NULL) {
|
||||
*minor_status = ENOMEM;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
(*context_handle)->auth_context = NULL;
|
||||
(*context_handle)->source = NULL;
|
||||
(*context_handle)->target = NULL;
|
||||
(*context_handle)->flags = 0;
|
||||
(*context_handle)->more_flags = 0;
|
||||
(*context_handle)->ticket = NULL;
|
||||
(*context_handle)->lifetime = GSS_C_INDEFINITE;
|
||||
|
||||
kret = krb5_auth_con_init (gssapi_krb5_context,
|
||||
&(*context_handle)->auth_context);
|
||||
if (kret) {
|
||||
gssapi_krb5_set_error_string ();
|
||||
*minor_status = kret;
|
||||
ret = GSS_S_FAILURE;
|
||||
goto failure;
|
||||
}
|
||||
|
||||
kret = set_addresses ((*context_handle)->auth_context,
|
||||
input_chan_bindings);
|
||||
if (kret) {
|
||||
*minor_status = kret;
|
||||
ret = GSS_S_BAD_BINDINGS;
|
||||
goto failure;
|
||||
}
|
||||
|
||||
{
|
||||
int32_t tmp;
|
||||
|
||||
krb5_auth_con_getflags(gssapi_krb5_context,
|
||||
(*context_handle)->auth_context,
|
||||
&tmp);
|
||||
tmp |= KRB5_AUTH_CONTEXT_DO_SEQUENCE;
|
||||
krb5_auth_con_setflags(gssapi_krb5_context,
|
||||
(*context_handle)->auth_context,
|
||||
tmp);
|
||||
}
|
||||
|
||||
if (actual_mech_type)
|
||||
*actual_mech_type = GSS_KRB5_MECHANISM;
|
||||
|
||||
if (initiator_cred_handle == GSS_C_NO_CREDENTIAL) {
|
||||
kret = krb5_cc_default (gssapi_krb5_context, &ccache);
|
||||
if (kret) {
|
||||
gssapi_krb5_set_error_string ();
|
||||
*minor_status = kret;
|
||||
ret = GSS_S_FAILURE;
|
||||
goto failure;
|
||||
}
|
||||
} else
|
||||
ccache = initiator_cred_handle->ccache;
|
||||
|
||||
kret = krb5_cc_get_principal (gssapi_krb5_context,
|
||||
ccache,
|
||||
&(*context_handle)->source);
|
||||
if (kret) {
|
||||
gssapi_krb5_set_error_string ();
|
||||
*minor_status = kret;
|
||||
ret = GSS_S_FAILURE;
|
||||
goto failure;
|
||||
}
|
||||
|
||||
kret = krb5_copy_principal (gssapi_krb5_context,
|
||||
target_name,
|
||||
&(*context_handle)->target);
|
||||
if (kret) {
|
||||
gssapi_krb5_set_error_string ();
|
||||
*minor_status = kret;
|
||||
ret = GSS_S_FAILURE;
|
||||
goto failure;
|
||||
}
|
||||
|
||||
ret = _gss_DES3_get_mic_compat(minor_status, *context_handle);
|
||||
if (ret)
|
||||
goto failure;
|
||||
|
||||
|
||||
memset(&this_cred, 0, sizeof(this_cred));
|
||||
this_cred.client = (*context_handle)->source;
|
||||
this_cred.server = (*context_handle)->target;
|
||||
if (time_req && time_req != GSS_C_INDEFINITE) {
|
||||
krb5_timestamp ts;
|
||||
|
||||
krb5_timeofday (gssapi_krb5_context, &ts);
|
||||
this_cred.times.endtime = ts + time_req;
|
||||
} else
|
||||
this_cred.times.endtime = 0;
|
||||
this_cred.session.keytype = 0;
|
||||
|
||||
kret = krb5_get_credentials (gssapi_krb5_context,
|
||||
KRB5_TC_MATCH_KEYTYPE,
|
||||
ccache,
|
||||
&this_cred,
|
||||
&cred);
|
||||
|
||||
if (kret) {
|
||||
gssapi_krb5_set_error_string ();
|
||||
*minor_status = kret;
|
||||
ret = GSS_S_FAILURE;
|
||||
goto failure;
|
||||
}
|
||||
|
||||
(*context_handle)->lifetime = cred->times.endtime;
|
||||
|
||||
ret = gssapi_lifetime_left(minor_status,
|
||||
(*context_handle)->lifetime,
|
||||
&lifetime_rec);
|
||||
if (ret) {
|
||||
goto failure;
|
||||
}
|
||||
|
||||
if (lifetime_rec == 0) {
|
||||
*minor_status = 0;
|
||||
ret = GSS_S_CONTEXT_EXPIRED;
|
||||
goto failure;
|
||||
}
|
||||
|
||||
krb5_auth_con_setkey(gssapi_krb5_context,
|
||||
(*context_handle)->auth_context,
|
||||
&cred->session);
|
||||
|
||||
kret = krb5_auth_con_generatelocalsubkey(gssapi_krb5_context,
|
||||
(*context_handle)->auth_context,
|
||||
&cred->session);
|
||||
if(kret) {
|
||||
gssapi_krb5_set_error_string ();
|
||||
*minor_status = kret;
|
||||
ret = GSS_S_FAILURE;
|
||||
goto failure;
|
||||
}
|
||||
|
||||
flags = 0;
|
||||
ap_options = 0;
|
||||
if (req_flags & GSS_C_DELEG_FLAG)
|
||||
do_delegation ((*context_handle)->auth_context,
|
||||
ccache, cred, target_name, &fwd_data, &flags);
|
||||
|
||||
if (req_flags & GSS_C_MUTUAL_FLAG) {
|
||||
flags |= GSS_C_MUTUAL_FLAG;
|
||||
ap_options |= AP_OPTS_MUTUAL_REQUIRED;
|
||||
}
|
||||
|
||||
if (req_flags & GSS_C_REPLAY_FLAG)
|
||||
; /* XXX */
|
||||
if (req_flags & GSS_C_SEQUENCE_FLAG)
|
||||
; /* XXX */
|
||||
if (req_flags & GSS_C_ANON_FLAG)
|
||||
; /* XXX */
|
||||
flags |= GSS_C_CONF_FLAG;
|
||||
flags |= GSS_C_INTEG_FLAG;
|
||||
flags |= GSS_C_SEQUENCE_FLAG;
|
||||
flags |= GSS_C_TRANS_FLAG;
|
||||
|
||||
if (ret_flags)
|
||||
*ret_flags = flags;
|
||||
(*context_handle)->flags = flags;
|
||||
(*context_handle)->more_flags |= LOCAL;
|
||||
|
||||
ret = gssapi_krb5_create_8003_checksum (minor_status,
|
||||
input_chan_bindings,
|
||||
flags,
|
||||
&fwd_data,
|
||||
&cksum);
|
||||
krb5_data_free (&fwd_data);
|
||||
if (ret)
|
||||
goto failure;
|
||||
|
||||
#if 1
|
||||
enctype = (*context_handle)->auth_context->keyblock->keytype;
|
||||
#else
|
||||
if ((*context_handle)->auth_context->enctype)
|
||||
enctype = (*context_handle)->auth_context->enctype;
|
||||
else {
|
||||
kret = krb5_keytype_to_enctype(gssapi_krb5_context,
|
||||
(*context_handle)->auth_context->keyblock->keytype,
|
||||
&enctype);
|
||||
if (kret)
|
||||
return kret;
|
||||
}
|
||||
#endif
|
||||
|
||||
kret = krb5_build_authenticator (gssapi_krb5_context,
|
||||
(*context_handle)->auth_context,
|
||||
enctype,
|
||||
cred,
|
||||
&cksum,
|
||||
&auth,
|
||||
&authenticator,
|
||||
KRB5_KU_AP_REQ_AUTH);
|
||||
|
||||
if (kret) {
|
||||
gssapi_krb5_set_error_string ();
|
||||
*minor_status = kret;
|
||||
ret = GSS_S_FAILURE;
|
||||
goto failure;
|
||||
}
|
||||
|
||||
kret = krb5_build_ap_req (gssapi_krb5_context,
|
||||
enctype,
|
||||
cred,
|
||||
ap_options,
|
||||
authenticator,
|
||||
&outbuf);
|
||||
|
||||
if (kret) {
|
||||
gssapi_krb5_set_error_string ();
|
||||
*minor_status = kret;
|
||||
ret = GSS_S_FAILURE;
|
||||
goto failure;
|
||||
}
|
||||
|
||||
ret = gssapi_krb5_encapsulate (minor_status, &outbuf, output_token,
|
||||
"\x01\x00");
|
||||
if (ret)
|
||||
goto failure;
|
||||
|
||||
krb5_data_free (&outbuf);
|
||||
|
||||
if (flags & GSS_C_MUTUAL_FLAG) {
|
||||
return GSS_S_CONTINUE_NEEDED;
|
||||
} else {
|
||||
if (time_rec)
|
||||
*time_rec = lifetime_rec;
|
||||
|
||||
(*context_handle)->more_flags |= OPEN;
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
||||
|
||||
failure:
|
||||
krb5_auth_con_free (gssapi_krb5_context,
|
||||
(*context_handle)->auth_context);
|
||||
if((*context_handle)->source)
|
||||
krb5_free_principal (gssapi_krb5_context,
|
||||
(*context_handle)->source);
|
||||
if((*context_handle)->target)
|
||||
krb5_free_principal (gssapi_krb5_context,
|
||||
(*context_handle)->target);
|
||||
free (*context_handle);
|
||||
krb5_data_free (&outbuf);
|
||||
*context_handle = GSS_C_NO_CONTEXT;
|
||||
return ret;
|
||||
}
|
||||
|
||||
static OM_uint32
|
||||
repl_mutual
|
||||
(OM_uint32 * minor_status,
|
||||
const gss_cred_id_t initiator_cred_handle,
|
||||
gss_ctx_id_t * context_handle,
|
||||
const gss_name_t target_name,
|
||||
const gss_OID mech_type,
|
||||
OM_uint32 req_flags,
|
||||
OM_uint32 time_req,
|
||||
const gss_channel_bindings_t input_chan_bindings,
|
||||
const gss_buffer_t input_token,
|
||||
gss_OID * actual_mech_type,
|
||||
gss_buffer_t output_token,
|
||||
OM_uint32 * ret_flags,
|
||||
OM_uint32 * time_rec
|
||||
)
|
||||
{
|
||||
OM_uint32 ret;
|
||||
krb5_error_code kret;
|
||||
krb5_data indata;
|
||||
krb5_ap_rep_enc_part *repl;
|
||||
|
||||
output_token->length = 0;
|
||||
output_token->value = NULL;
|
||||
|
||||
if (actual_mech_type)
|
||||
*actual_mech_type = GSS_KRB5_MECHANISM;
|
||||
|
||||
ret = gssapi_krb5_decapsulate (minor_status, input_token, &indata,
|
||||
"\x02\x00");
|
||||
if (ret)
|
||||
/* XXX - Handle AP_ERROR */
|
||||
return ret;
|
||||
|
||||
kret = krb5_rd_rep (gssapi_krb5_context,
|
||||
(*context_handle)->auth_context,
|
||||
&indata,
|
||||
&repl);
|
||||
if (kret) {
|
||||
gssapi_krb5_set_error_string ();
|
||||
*minor_status = kret;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
krb5_free_ap_rep_enc_part (gssapi_krb5_context,
|
||||
repl);
|
||||
|
||||
(*context_handle)->more_flags |= OPEN;
|
||||
|
||||
*minor_status = 0;
|
||||
if (time_rec) {
|
||||
ret = gssapi_lifetime_left(minor_status,
|
||||
(*context_handle)->lifetime,
|
||||
time_rec);
|
||||
} else {
|
||||
ret = GSS_S_COMPLETE;
|
||||
}
|
||||
if (ret_flags)
|
||||
*ret_flags = (*context_handle)->flags;
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*
|
||||
* gss_init_sec_context
|
||||
*/
|
||||
|
||||
OM_uint32 gss_init_sec_context
|
||||
(OM_uint32 * minor_status,
|
||||
const gss_cred_id_t initiator_cred_handle,
|
||||
gss_ctx_id_t * context_handle,
|
||||
const gss_name_t target_name,
|
||||
const gss_OID mech_type,
|
||||
OM_uint32 req_flags,
|
||||
OM_uint32 time_req,
|
||||
const gss_channel_bindings_t input_chan_bindings,
|
||||
const gss_buffer_t input_token,
|
||||
gss_OID * actual_mech_type,
|
||||
gss_buffer_t output_token,
|
||||
OM_uint32 * ret_flags,
|
||||
OM_uint32 * time_rec
|
||||
)
|
||||
{
|
||||
GSSAPI_KRB5_INIT ();
|
||||
|
||||
output_token->length = 0;
|
||||
output_token->value = NULL;
|
||||
|
||||
if (ret_flags)
|
||||
*ret_flags = 0;
|
||||
if (time_rec)
|
||||
*time_rec = 0;
|
||||
|
||||
if (target_name == GSS_C_NO_NAME) {
|
||||
if (actual_mech_type)
|
||||
*actual_mech_type = GSS_C_NO_OID;
|
||||
*minor_status = 0;
|
||||
return GSS_S_BAD_NAME;
|
||||
}
|
||||
|
||||
if (input_token == GSS_C_NO_BUFFER || input_token->length == 0)
|
||||
return init_auth (minor_status,
|
||||
initiator_cred_handle,
|
||||
context_handle,
|
||||
target_name,
|
||||
mech_type,
|
||||
req_flags,
|
||||
time_req,
|
||||
input_chan_bindings,
|
||||
input_token,
|
||||
actual_mech_type,
|
||||
output_token,
|
||||
ret_flags,
|
||||
time_rec);
|
||||
else
|
||||
return repl_mutual(minor_status,
|
||||
initiator_cred_handle,
|
||||
context_handle,
|
||||
target_name,
|
||||
mech_type,
|
||||
req_flags,
|
||||
time_req,
|
||||
input_chan_bindings,
|
||||
input_token,
|
||||
actual_mech_type,
|
||||
output_token,
|
||||
ret_flags,
|
||||
time_rec);
|
||||
}
|
@ -1,85 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 1997, 2003 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "gssapi_locl.h"
|
||||
|
||||
RCSID("$Id: inquire_context.c,v 1.5 2003/03/16 17:43:30 lha Exp $");
|
||||
|
||||
OM_uint32 gss_inquire_context (
|
||||
OM_uint32 * minor_status,
|
||||
const gss_ctx_id_t context_handle,
|
||||
gss_name_t * src_name,
|
||||
gss_name_t * targ_name,
|
||||
OM_uint32 * lifetime_rec,
|
||||
gss_OID * mech_type,
|
||||
OM_uint32 * ctx_flags,
|
||||
int * locally_initiated,
|
||||
int * open_context
|
||||
)
|
||||
{
|
||||
OM_uint32 ret;
|
||||
|
||||
if (src_name) {
|
||||
ret = gss_duplicate_name (minor_status,
|
||||
context_handle->source,
|
||||
src_name);
|
||||
if (ret)
|
||||
return ret;
|
||||
}
|
||||
|
||||
if (targ_name) {
|
||||
ret = gss_duplicate_name (minor_status,
|
||||
context_handle->target,
|
||||
targ_name);
|
||||
if (ret)
|
||||
return ret;
|
||||
}
|
||||
|
||||
if (lifetime_rec)
|
||||
*lifetime_rec = context_handle->lifetime;
|
||||
|
||||
if (mech_type)
|
||||
*mech_type = GSS_KRB5_MECHANISM;
|
||||
|
||||
if (ctx_flags)
|
||||
*ctx_flags = context_handle->flags;
|
||||
|
||||
if (locally_initiated)
|
||||
*locally_initiated = context_handle->more_flags & LOCAL;
|
||||
|
||||
if (open_context)
|
||||
*open_context = context_handle->more_flags & OPEN;
|
||||
|
||||
*minor_status = 0;
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
@ -1,97 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 1997, 2003 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "gssapi_locl.h"
|
||||
|
||||
RCSID("$Id: inquire_cred.c,v 1.4 2003/03/16 17:42:14 lha Exp $");
|
||||
|
||||
OM_uint32 gss_inquire_cred
|
||||
(OM_uint32 * minor_status,
|
||||
const gss_cred_id_t cred_handle,
|
||||
gss_name_t * name,
|
||||
OM_uint32 * lifetime,
|
||||
gss_cred_usage_t * cred_usage,
|
||||
gss_OID_set * mechanisms
|
||||
)
|
||||
{
|
||||
OM_uint32 ret;
|
||||
|
||||
*minor_status = 0;
|
||||
|
||||
if (name)
|
||||
*name = NULL;
|
||||
if (mechanisms)
|
||||
*mechanisms = GSS_C_NO_OID_SET;
|
||||
|
||||
if (cred_handle == GSS_C_NO_CREDENTIAL) {
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
if (name != NULL) {
|
||||
if (cred_handle->principal != NULL) {
|
||||
ret = gss_duplicate_name(minor_status, cred_handle->principal,
|
||||
name);
|
||||
if (ret)
|
||||
return ret;
|
||||
} else if (cred_handle->usage == GSS_C_ACCEPT) {
|
||||
*minor_status = krb5_sname_to_principal(gssapi_krb5_context, NULL,
|
||||
NULL, KRB5_NT_SRV_HST, name);
|
||||
if (*minor_status)
|
||||
return GSS_S_FAILURE;
|
||||
} else {
|
||||
*minor_status = krb5_get_default_principal(gssapi_krb5_context,
|
||||
name);
|
||||
if (*minor_status)
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
}
|
||||
if (lifetime != NULL) {
|
||||
*lifetime = cred_handle->lifetime;
|
||||
}
|
||||
if (cred_usage != NULL) {
|
||||
*cred_usage = cred_handle->usage;
|
||||
}
|
||||
if (mechanisms != NULL) {
|
||||
ret = gss_create_empty_oid_set(minor_status, mechanisms);
|
||||
if (ret) {
|
||||
return ret;
|
||||
}
|
||||
ret = gss_add_oid_set_member(minor_status,
|
||||
&cred_handle->mechanisms->elements[0],
|
||||
mechanisms);
|
||||
if (ret) {
|
||||
return ret;
|
||||
}
|
||||
}
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
@ -1,80 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 2003 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "gssapi_locl.h"
|
||||
|
||||
RCSID("$Id: inquire_cred_by_mech.c,v 1.1 2003/03/16 18:11:16 lha Exp $");
|
||||
|
||||
OM_uint32 gss_inquire_cred_by_mech (
|
||||
OM_uint32 * minor_status,
|
||||
const gss_cred_id_t cred_handle,
|
||||
const gss_OID mech_type,
|
||||
gss_name_t * name,
|
||||
OM_uint32 * initiator_lifetime,
|
||||
OM_uint32 * acceptor_lifetime,
|
||||
gss_cred_usage_t * cred_usage
|
||||
)
|
||||
{
|
||||
OM_uint32 ret;
|
||||
OM_uint32 lifetime;
|
||||
|
||||
if (gss_oid_equal(mech_type, GSS_C_NO_OID) == 0 &&
|
||||
gss_oid_equal(mech_type, GSS_KRB5_MECHANISM) == 0) {
|
||||
*minor_status = EINVAL;
|
||||
return GSS_S_BAD_MECH;
|
||||
}
|
||||
|
||||
ret = gss_inquire_cred (minor_status,
|
||||
cred_handle,
|
||||
name,
|
||||
&lifetime,
|
||||
cred_usage,
|
||||
NULL);
|
||||
|
||||
if (ret == 0 && cred_handle != GSS_C_NO_CREDENTIAL) {
|
||||
gss_cred_usage_t usage;
|
||||
|
||||
usage = cred_handle->usage;
|
||||
|
||||
if (initiator_lifetime) {
|
||||
if (usage == GSS_C_INITIATE || usage == GSS_C_BOTH)
|
||||
*initiator_lifetime = lifetime;
|
||||
}
|
||||
if (acceptor_lifetime) {
|
||||
if (usage == GSS_C_ACCEPT || usage == GSS_C_BOTH)
|
||||
*acceptor_lifetime = lifetime;
|
||||
}
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
@ -1,57 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 2003 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "gssapi_locl.h"
|
||||
|
||||
RCSID("$Id: inquire_mechs_for_name.c,v 1.1 2003/03/16 18:12:33 lha Exp $");
|
||||
|
||||
OM_uint32 gss_inquire_mechs_for_name (
|
||||
OM_uint32 * minor_status,
|
||||
const gss_name_t input_name,
|
||||
gss_OID_set * mech_types
|
||||
)
|
||||
{
|
||||
OM_uint32 ret;
|
||||
|
||||
ret = gss_create_empty_oid_set(minor_status, mech_types);
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
ret = gss_add_oid_set_member(minor_status,
|
||||
GSS_KRB5_MECHANISM,
|
||||
mech_types);
|
||||
if (ret)
|
||||
gss_release_oid_set(NULL, mech_types);
|
||||
|
||||
return ret;
|
||||
}
|
@ -1,80 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 2003 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "gssapi_locl.h"
|
||||
|
||||
RCSID("$Id: inquire_names_for_mech.c,v 1.1 2003/03/16 18:15:29 lha Exp $");
|
||||
|
||||
|
||||
static gss_OID *name_list[] = {
|
||||
&GSS_C_NT_HOSTBASED_SERVICE,
|
||||
&GSS_C_NT_USER_NAME,
|
||||
&GSS_KRB5_NT_PRINCIPAL_NAME,
|
||||
&GSS_C_NT_EXPORT_NAME,
|
||||
NULL
|
||||
};
|
||||
|
||||
OM_uint32 gss_inquire_names_for_mech (
|
||||
OM_uint32 * minor_status,
|
||||
const gss_OID mechanism,
|
||||
gss_OID_set * name_types
|
||||
)
|
||||
{
|
||||
OM_uint32 ret;
|
||||
int i;
|
||||
|
||||
*minor_status = 0;
|
||||
|
||||
if (gss_oid_equal(mechanism, GSS_KRB5_MECHANISM) == 0 &&
|
||||
gss_oid_equal(mechanism, GSS_C_NULL_OID) == 0) {
|
||||
*name_types = GSS_C_NO_OID_SET;
|
||||
return GSS_S_BAD_MECH;
|
||||
}
|
||||
|
||||
ret = gss_create_empty_oid_set(minor_status, name_types);
|
||||
if (ret != GSS_S_COMPLETE)
|
||||
return ret;
|
||||
|
||||
for (i = 0; name_list[i] != NULL; i++) {
|
||||
ret = gss_add_oid_set_member(minor_status,
|
||||
*(name_list[i]),
|
||||
name_types);
|
||||
if (ret != GSS_S_COMPLETE)
|
||||
break;
|
||||
}
|
||||
|
||||
if (ret != GSS_S_COMPLETE)
|
||||
gss_release_oid_set(NULL, name_types);
|
||||
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
@ -1,65 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 2003 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "gssapi_locl.h"
|
||||
|
||||
RCSID("$Id: process_context_token.c,v 1.1 2003/03/16 18:19:05 lha Exp $");
|
||||
|
||||
OM_uint32 gss_process_context_token (
|
||||
OM_uint32 *minor_status,
|
||||
const gss_ctx_id_t context_handle,
|
||||
const gss_buffer_t token_buffer
|
||||
)
|
||||
{
|
||||
OM_uint32 ret = GSS_S_FAILURE;
|
||||
gss_buffer_desc empty_buffer;
|
||||
gss_qop_t qop_state;
|
||||
|
||||
empty_buffer.length = 0;
|
||||
empty_buffer.value = NULL;
|
||||
|
||||
qop_state = GSS_C_QOP_DEFAULT;
|
||||
|
||||
ret = gss_verify_mic_internal(minor_status, context_handle,
|
||||
token_buffer, &empty_buffer,
|
||||
GSS_C_QOP_DEFAULT, "\x01\x02");
|
||||
|
||||
if (ret == GSS_S_COMPLETE)
|
||||
ret = gss_delete_sec_context(minor_status,
|
||||
(gss_ctx_id_t *)&context_handle,
|
||||
GSS_C_NO_BUFFER);
|
||||
if (ret == GSS_S_COMPLETE)
|
||||
*minor_status = 0;
|
||||
|
||||
return ret;
|
||||
}
|
@ -1,48 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 1997 - 2000, 2003 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "gssapi_locl.h"
|
||||
|
||||
RCSID("$Id: release_buffer.c,v 1.5 2003/03/16 17:58:20 lha Exp $");
|
||||
|
||||
OM_uint32 gss_release_buffer
|
||||
(OM_uint32 * minor_status,
|
||||
gss_buffer_t buffer
|
||||
)
|
||||
{
|
||||
*minor_status = 0;
|
||||
free (buffer->value);
|
||||
buffer->value = NULL;
|
||||
buffer->length = 0;
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
@ -1,68 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 1997-2003 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "gssapi_locl.h"
|
||||
|
||||
RCSID("$Id: release_cred.c,v 1.8.2.1 2003/10/07 01:08:21 lha Exp $");
|
||||
|
||||
OM_uint32 gss_release_cred
|
||||
(OM_uint32 * minor_status,
|
||||
gss_cred_id_t * cred_handle
|
||||
)
|
||||
{
|
||||
*minor_status = 0;
|
||||
|
||||
if (*cred_handle == GSS_C_NO_CREDENTIAL) {
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
||||
|
||||
GSSAPI_KRB5_INIT ();
|
||||
|
||||
if ((*cred_handle)->principal != NULL)
|
||||
krb5_free_principal(gssapi_krb5_context, (*cred_handle)->principal);
|
||||
if ((*cred_handle)->keytab != NULL)
|
||||
krb5_kt_close(gssapi_krb5_context, (*cred_handle)->keytab);
|
||||
if ((*cred_handle)->ccache != NULL) {
|
||||
const krb5_cc_ops *ops;
|
||||
ops = krb5_cc_get_ops(gssapi_krb5_context, (*cred_handle)->ccache);
|
||||
if (ops == &krb5_mcc_ops)
|
||||
krb5_cc_destroy(gssapi_krb5_context, (*cred_handle)->ccache);
|
||||
else
|
||||
krb5_cc_close(gssapi_krb5_context, (*cred_handle)->ccache);
|
||||
}
|
||||
gss_release_oid_set(NULL, &(*cred_handle)->mechanisms);
|
||||
free(*cred_handle);
|
||||
*cred_handle = GSS_C_NO_CREDENTIAL;
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
||||
|
@ -1,50 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "gssapi_locl.h"
|
||||
|
||||
RCSID("$Id: release_name.c,v 1.7 2003/03/16 17:52:48 lha Exp $");
|
||||
|
||||
OM_uint32 gss_release_name
|
||||
(OM_uint32 * minor_status,
|
||||
gss_name_t * input_name
|
||||
)
|
||||
{
|
||||
GSSAPI_KRB5_INIT ();
|
||||
if (minor_status)
|
||||
*minor_status = 0;
|
||||
krb5_free_principal(gssapi_krb5_context,
|
||||
*input_name);
|
||||
*input_name = GSS_C_NO_NAME;
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
@ -1,49 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 1997 - 2000, 2003 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "gssapi_locl.h"
|
||||
|
||||
RCSID("$Id: release_oid_set.c,v 1.5 2003/03/16 17:53:25 lha Exp $");
|
||||
|
||||
OM_uint32 gss_release_oid_set
|
||||
(OM_uint32 * minor_status,
|
||||
gss_OID_set * set
|
||||
)
|
||||
{
|
||||
if (minor_status)
|
||||
*minor_status = 0;
|
||||
free ((*set)->elements);
|
||||
free (*set);
|
||||
*set = GSS_C_NO_OID_SET;
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
@ -34,6 +34,7 @@
|
||||
#include "spnego/spnego_locl.h"
|
||||
|
||||
RCSID("$Id: accept_sec_context.c 21461 2007-07-10 14:01:13Z lha $");
|
||||
/* $FreeBSD$ */
|
||||
|
||||
static OM_uint32
|
||||
send_reject (OM_uint32 *minor_status,
|
||||
@ -376,6 +377,9 @@ select_mech(OM_uint32 *minor_status, MechType *mechType, int verify_p,
|
||||
char mechbuf[64];
|
||||
size_t mech_len;
|
||||
gss_OID_desc oid;
|
||||
gss_OID oidp;
|
||||
gss_OID_set mechs;
|
||||
int i;
|
||||
OM_uint32 ret, junk;
|
||||
|
||||
ret = der_put_oid ((unsigned char *)mechbuf + sizeof(mechbuf) - 1,
|
||||
@ -396,27 +400,29 @@ select_mech(OM_uint32 *minor_status, MechType *mechType, int verify_p,
|
||||
*minor_status = 0;
|
||||
|
||||
/* Translate broken MS Kebreros OID */
|
||||
if (gss_oid_equal(&oid, &_gss_spnego_mskrb_mechanism_oid_desc)) {
|
||||
gssapi_mech_interface mech;
|
||||
if (gss_oid_equal(&oid, &_gss_spnego_mskrb_mechanism_oid_desc))
|
||||
oidp = &_gss_spnego_krb5_mechanism_oid_desc;
|
||||
else
|
||||
oidp = &oid;
|
||||
|
||||
mech = __gss_get_mechanism(&_gss_spnego_krb5_mechanism_oid_desc);
|
||||
if (mech == NULL)
|
||||
|
||||
ret = gss_indicate_mechs(&junk, &mechs);
|
||||
if (ret)
|
||||
return (ret);
|
||||
|
||||
for (i = 0; i < mechs->count; i++)
|
||||
if (gss_oid_equal(&mechs->elements[i], oidp))
|
||||
break;
|
||||
|
||||
if (i == mechs->count) {
|
||||
gss_release_oid_set(&junk, &mechs);
|
||||
return GSS_S_BAD_MECH;
|
||||
|
||||
ret = gss_duplicate_oid(minor_status,
|
||||
&_gss_spnego_mskrb_mechanism_oid_desc,
|
||||
mech_p);
|
||||
} else {
|
||||
gssapi_mech_interface mech;
|
||||
|
||||
mech = __gss_get_mechanism(&oid);
|
||||
if (mech == NULL)
|
||||
return GSS_S_BAD_MECH;
|
||||
|
||||
ret = gss_duplicate_oid(minor_status,
|
||||
&mech->gm_mech_oid,
|
||||
mech_p);
|
||||
}
|
||||
gss_release_oid_set(&junk, &mechs);
|
||||
|
||||
ret = gss_duplicate_oid(minor_status,
|
||||
&oid, /* possibly this should be oidp */
|
||||
mech_p);
|
||||
|
||||
if (verify_p) {
|
||||
gss_name_t name = GSS_C_NO_NAME;
|
||||
|
@ -31,6 +31,7 @@
|
||||
*/
|
||||
|
||||
/* $Id: spnego_locl.h 19411 2006-12-18 15:42:03Z lha $ */
|
||||
/* $FreeBSD$ */
|
||||
|
||||
#ifndef SPNEGO_LOCL_H
|
||||
#define SPNEGO_LOCL_H
|
||||
@ -67,7 +68,6 @@
|
||||
#include <gssapi_mech.h>
|
||||
|
||||
#include "spnego_asn1.h"
|
||||
#include "mech/utils.h"
|
||||
#include <der.h>
|
||||
|
||||
#include <roken.h>
|
||||
|
@ -1,55 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 1997, 2003 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "gssapi_locl.h"
|
||||
|
||||
RCSID("$Id: test_oid_set_member.c,v 1.5 2003/03/16 17:54:06 lha Exp $");
|
||||
|
||||
OM_uint32 gss_test_oid_set_member (
|
||||
OM_uint32 * minor_status,
|
||||
const gss_OID member,
|
||||
const gss_OID_set set,
|
||||
int * present
|
||||
)
|
||||
{
|
||||
size_t i;
|
||||
|
||||
*minor_status = 0;
|
||||
*present = 0;
|
||||
for (i = 0; i < set->count; ++i)
|
||||
if (gss_oid_equal(member, &set->elements[i]) != 0) {
|
||||
*present = 1;
|
||||
break;
|
||||
}
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
@ -1,422 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "gssapi_locl.h"
|
||||
|
||||
RCSID("$Id: unwrap.c,v 1.22.2.1 2003/09/18 22:05:22 lha Exp $");
|
||||
|
||||
OM_uint32
|
||||
gss_krb5_get_remotekey(const gss_ctx_id_t context_handle,
|
||||
krb5_keyblock **key)
|
||||
{
|
||||
krb5_keyblock *skey;
|
||||
|
||||
krb5_auth_con_getremotesubkey(gssapi_krb5_context,
|
||||
context_handle->auth_context,
|
||||
&skey);
|
||||
if(skey == NULL)
|
||||
krb5_auth_con_getlocalsubkey(gssapi_krb5_context,
|
||||
context_handle->auth_context,
|
||||
&skey);
|
||||
if(skey == NULL)
|
||||
krb5_auth_con_getkey(gssapi_krb5_context,
|
||||
context_handle->auth_context,
|
||||
&skey);
|
||||
if(skey == NULL)
|
||||
return GSS_KRB5_S_KG_NO_SUBKEY; /* XXX */
|
||||
*key = skey;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static OM_uint32
|
||||
unwrap_des
|
||||
(OM_uint32 * minor_status,
|
||||
const gss_ctx_id_t context_handle,
|
||||
const gss_buffer_t input_message_buffer,
|
||||
gss_buffer_t output_message_buffer,
|
||||
int * conf_state,
|
||||
gss_qop_t * qop_state,
|
||||
krb5_keyblock *key
|
||||
)
|
||||
{
|
||||
u_char *p, *pad;
|
||||
size_t len;
|
||||
MD5_CTX md5;
|
||||
u_char hash[16], seq_data[8];
|
||||
des_key_schedule schedule;
|
||||
des_cblock deskey;
|
||||
des_cblock zero;
|
||||
int i;
|
||||
int32_t seq_number;
|
||||
size_t padlength;
|
||||
OM_uint32 ret;
|
||||
int cstate;
|
||||
|
||||
p = input_message_buffer->value;
|
||||
ret = gssapi_krb5_verify_header (&p,
|
||||
input_message_buffer->length,
|
||||
"\x02\x01");
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
if (memcmp (p, "\x00\x00", 2) != 0)
|
||||
return GSS_S_BAD_SIG;
|
||||
p += 2;
|
||||
if (memcmp (p, "\x00\x00", 2) == 0) {
|
||||
cstate = 1;
|
||||
} else if (memcmp (p, "\xFF\xFF", 2) == 0) {
|
||||
cstate = 0;
|
||||
} else
|
||||
return GSS_S_BAD_MIC;
|
||||
p += 2;
|
||||
if(conf_state != NULL)
|
||||
*conf_state = cstate;
|
||||
if (memcmp (p, "\xff\xff", 2) != 0)
|
||||
return GSS_S_DEFECTIVE_TOKEN;
|
||||
p += 2;
|
||||
p += 16;
|
||||
|
||||
len = p - (u_char *)input_message_buffer->value;
|
||||
|
||||
if(cstate) {
|
||||
/* decrypt data */
|
||||
memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
|
||||
|
||||
for (i = 0; i < sizeof(deskey); ++i)
|
||||
deskey[i] ^= 0xf0;
|
||||
des_set_key (&deskey, schedule);
|
||||
memset (&zero, 0, sizeof(zero));
|
||||
des_cbc_encrypt ((void *)p,
|
||||
(void *)p,
|
||||
input_message_buffer->length - len,
|
||||
schedule,
|
||||
&zero,
|
||||
DES_DECRYPT);
|
||||
|
||||
memset (deskey, 0, sizeof(deskey));
|
||||
memset (schedule, 0, sizeof(schedule));
|
||||
}
|
||||
/* check pad */
|
||||
|
||||
pad = (u_char *)input_message_buffer->value + input_message_buffer->length - 1;
|
||||
padlength = *pad;
|
||||
|
||||
for (i = padlength; i > 0 && *pad == padlength; i--, pad--)
|
||||
;
|
||||
if (i != 0)
|
||||
return GSS_S_BAD_MIC;
|
||||
|
||||
MD5_Init (&md5);
|
||||
MD5_Update (&md5, p - 24, 8);
|
||||
MD5_Update (&md5, p, input_message_buffer->length - len);
|
||||
MD5_Final (hash, &md5);
|
||||
|
||||
memset (&zero, 0, sizeof(zero));
|
||||
memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
|
||||
des_set_key (&deskey, schedule);
|
||||
des_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
|
||||
schedule, &zero);
|
||||
if (memcmp (p - 8, hash, 8) != 0)
|
||||
return GSS_S_BAD_MIC;
|
||||
|
||||
/* verify sequence number */
|
||||
|
||||
krb5_auth_getremoteseqnumber (gssapi_krb5_context,
|
||||
context_handle->auth_context,
|
||||
&seq_number);
|
||||
seq_data[0] = (seq_number >> 0) & 0xFF;
|
||||
seq_data[1] = (seq_number >> 8) & 0xFF;
|
||||
seq_data[2] = (seq_number >> 16) & 0xFF;
|
||||
seq_data[3] = (seq_number >> 24) & 0xFF;
|
||||
memset (seq_data + 4,
|
||||
(context_handle->more_flags & LOCAL) ? 0xFF : 0,
|
||||
4);
|
||||
|
||||
p -= 16;
|
||||
des_set_key (&deskey, schedule);
|
||||
des_cbc_encrypt ((void *)p, (void *)p, 8,
|
||||
schedule, (des_cblock *)hash, DES_DECRYPT);
|
||||
|
||||
memset (deskey, 0, sizeof(deskey));
|
||||
memset (schedule, 0, sizeof(schedule));
|
||||
|
||||
if (memcmp (p, seq_data, 8) != 0) {
|
||||
return GSS_S_BAD_MIC;
|
||||
}
|
||||
|
||||
krb5_auth_con_setremoteseqnumber (gssapi_krb5_context,
|
||||
context_handle->auth_context,
|
||||
++seq_number);
|
||||
|
||||
/* copy out data */
|
||||
|
||||
output_message_buffer->length = input_message_buffer->length
|
||||
- len - padlength - 8;
|
||||
output_message_buffer->value = malloc(output_message_buffer->length);
|
||||
if(output_message_buffer->length != 0 && output_message_buffer->value == NULL)
|
||||
return GSS_S_FAILURE;
|
||||
memcpy (output_message_buffer->value,
|
||||
p + 24,
|
||||
output_message_buffer->length);
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
||||
|
||||
static OM_uint32
|
||||
unwrap_des3
|
||||
(OM_uint32 * minor_status,
|
||||
const gss_ctx_id_t context_handle,
|
||||
const gss_buffer_t input_message_buffer,
|
||||
gss_buffer_t output_message_buffer,
|
||||
int * conf_state,
|
||||
gss_qop_t * qop_state,
|
||||
krb5_keyblock *key
|
||||
)
|
||||
{
|
||||
u_char *p, *pad;
|
||||
size_t len;
|
||||
u_char seq[8];
|
||||
krb5_data seq_data;
|
||||
u_char cksum[20];
|
||||
int i;
|
||||
int32_t seq_number;
|
||||
size_t padlength;
|
||||
OM_uint32 ret;
|
||||
int cstate;
|
||||
krb5_crypto crypto;
|
||||
Checksum csum;
|
||||
int cmp;
|
||||
|
||||
p = input_message_buffer->value;
|
||||
ret = gssapi_krb5_verify_header (&p,
|
||||
input_message_buffer->length,
|
||||
"\x02\x01");
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
if (memcmp (p, "\x04\x00", 2) != 0) /* HMAC SHA1 DES3_KD */
|
||||
return GSS_S_BAD_SIG;
|
||||
p += 2;
|
||||
if (memcmp (p, "\x02\x00", 2) == 0) {
|
||||
cstate = 1;
|
||||
} else if (memcmp (p, "\xff\xff", 2) == 0) {
|
||||
cstate = 0;
|
||||
} else
|
||||
return GSS_S_BAD_MIC;
|
||||
p += 2;
|
||||
if(conf_state != NULL)
|
||||
*conf_state = cstate;
|
||||
if (memcmp (p, "\xff\xff", 2) != 0)
|
||||
return GSS_S_DEFECTIVE_TOKEN;
|
||||
p += 2;
|
||||
p += 28;
|
||||
|
||||
len = p - (u_char *)input_message_buffer->value;
|
||||
|
||||
if(cstate) {
|
||||
/* decrypt data */
|
||||
krb5_data tmp;
|
||||
|
||||
ret = krb5_crypto_init(gssapi_krb5_context, key,
|
||||
ETYPE_DES3_CBC_NONE, &crypto);
|
||||
if (ret) {
|
||||
gssapi_krb5_set_error_string ();
|
||||
*minor_status = ret;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
ret = krb5_decrypt(gssapi_krb5_context, crypto, KRB5_KU_USAGE_SEAL,
|
||||
p, input_message_buffer->length - len, &tmp);
|
||||
krb5_crypto_destroy(gssapi_krb5_context, crypto);
|
||||
if (ret) {
|
||||
gssapi_krb5_set_error_string ();
|
||||
*minor_status = ret;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
assert (tmp.length == input_message_buffer->length - len);
|
||||
|
||||
memcpy (p, tmp.data, tmp.length);
|
||||
krb5_data_free(&tmp);
|
||||
}
|
||||
/* check pad */
|
||||
|
||||
pad = (u_char *)input_message_buffer->value + input_message_buffer->length - 1;
|
||||
padlength = *pad;
|
||||
|
||||
for (i = padlength; i > 0 && *pad == padlength; i--, pad--)
|
||||
;
|
||||
if (i != 0)
|
||||
return GSS_S_BAD_MIC;
|
||||
|
||||
/* verify sequence number */
|
||||
|
||||
krb5_auth_getremoteseqnumber (gssapi_krb5_context,
|
||||
context_handle->auth_context,
|
||||
&seq_number);
|
||||
seq[0] = (seq_number >> 0) & 0xFF;
|
||||
seq[1] = (seq_number >> 8) & 0xFF;
|
||||
seq[2] = (seq_number >> 16) & 0xFF;
|
||||
seq[3] = (seq_number >> 24) & 0xFF;
|
||||
memset (seq + 4,
|
||||
(context_handle->more_flags & LOCAL) ? 0xFF : 0,
|
||||
4);
|
||||
|
||||
p -= 28;
|
||||
|
||||
ret = krb5_crypto_init(gssapi_krb5_context, key,
|
||||
ETYPE_DES3_CBC_NONE, &crypto);
|
||||
if (ret) {
|
||||
gssapi_krb5_set_error_string ();
|
||||
*minor_status = ret;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
{
|
||||
des_cblock ivec;
|
||||
|
||||
memcpy(&ivec, p + 8, 8);
|
||||
ret = krb5_decrypt_ivec (gssapi_krb5_context,
|
||||
crypto,
|
||||
KRB5_KU_USAGE_SEQ,
|
||||
p, 8, &seq_data,
|
||||
&ivec);
|
||||
}
|
||||
krb5_crypto_destroy (gssapi_krb5_context, crypto);
|
||||
if (ret) {
|
||||
gssapi_krb5_set_error_string ();
|
||||
*minor_status = ret;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
if (seq_data.length != 8) {
|
||||
krb5_data_free (&seq_data);
|
||||
return GSS_S_BAD_MIC;
|
||||
}
|
||||
|
||||
cmp = memcmp (seq, seq_data.data, seq_data.length);
|
||||
krb5_data_free (&seq_data);
|
||||
if (cmp != 0) {
|
||||
return GSS_S_BAD_MIC;
|
||||
}
|
||||
|
||||
krb5_auth_con_setremoteseqnumber (gssapi_krb5_context,
|
||||
context_handle->auth_context,
|
||||
++seq_number);
|
||||
|
||||
/* verify checksum */
|
||||
|
||||
memcpy (cksum, p + 8, 20);
|
||||
|
||||
memcpy (p + 20, p - 8, 8);
|
||||
|
||||
csum.cksumtype = CKSUMTYPE_HMAC_SHA1_DES3;
|
||||
csum.checksum.length = 20;
|
||||
csum.checksum.data = cksum;
|
||||
|
||||
ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto);
|
||||
if (ret) {
|
||||
gssapi_krb5_set_error_string ();
|
||||
*minor_status = ret;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
ret = krb5_verify_checksum (gssapi_krb5_context, crypto,
|
||||
KRB5_KU_USAGE_SIGN,
|
||||
p + 20,
|
||||
input_message_buffer->length - len + 8,
|
||||
&csum);
|
||||
krb5_crypto_destroy (gssapi_krb5_context, crypto);
|
||||
if (ret) {
|
||||
gssapi_krb5_set_error_string ();
|
||||
*minor_status = ret;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
/* copy out data */
|
||||
|
||||
output_message_buffer->length = input_message_buffer->length
|
||||
- len - padlength - 8;
|
||||
output_message_buffer->value = malloc(output_message_buffer->length);
|
||||
if(output_message_buffer->length != 0 && output_message_buffer->value == NULL)
|
||||
return GSS_S_FAILURE;
|
||||
memcpy (output_message_buffer->value,
|
||||
p + 36,
|
||||
output_message_buffer->length);
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
||||
|
||||
OM_uint32 gss_unwrap
|
||||
(OM_uint32 * minor_status,
|
||||
const gss_ctx_id_t context_handle,
|
||||
const gss_buffer_t input_message_buffer,
|
||||
gss_buffer_t output_message_buffer,
|
||||
int * conf_state,
|
||||
gss_qop_t * qop_state
|
||||
)
|
||||
{
|
||||
krb5_keyblock *key;
|
||||
OM_uint32 ret;
|
||||
krb5_keytype keytype;
|
||||
|
||||
if (qop_state != NULL)
|
||||
*qop_state = GSS_C_QOP_DEFAULT;
|
||||
ret = gss_krb5_get_remotekey(context_handle, &key);
|
||||
if (ret) {
|
||||
gssapi_krb5_set_error_string ();
|
||||
*minor_status = ret;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype);
|
||||
|
||||
*minor_status = 0;
|
||||
|
||||
switch (keytype) {
|
||||
case KEYTYPE_DES :
|
||||
ret = unwrap_des (minor_status, context_handle,
|
||||
input_message_buffer, output_message_buffer,
|
||||
conf_state, qop_state, key);
|
||||
break;
|
||||
case KEYTYPE_DES3 :
|
||||
ret = unwrap_des3 (minor_status, context_handle,
|
||||
input_message_buffer, output_message_buffer,
|
||||
conf_state, qop_state, key);
|
||||
break;
|
||||
case KEYTYPE_ARCFOUR:
|
||||
ret = _gssapi_unwrap_arcfour (minor_status, context_handle,
|
||||
input_message_buffer, output_message_buffer,
|
||||
conf_state, qop_state, key);
|
||||
break;
|
||||
default :
|
||||
*minor_status = KRB5_PROG_ETYPE_NOSUPP;
|
||||
ret = GSS_S_FAILURE;
|
||||
break;
|
||||
}
|
||||
krb5_free_keyblock (gssapi_krb5_context, key);
|
||||
return ret;
|
||||
}
|
@ -1,104 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 1997 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "gssapi_locl.h"
|
||||
|
||||
RCSID("$Id: v1.c,v 1.2 1999/12/02 17:05:04 joda Exp $");
|
||||
|
||||
/* These functions are for V1 compatibility */
|
||||
|
||||
OM_uint32 gss_sign
|
||||
(OM_uint32 * minor_status,
|
||||
gss_ctx_id_t context_handle,
|
||||
int qop_req,
|
||||
gss_buffer_t message_buffer,
|
||||
gss_buffer_t message_token
|
||||
)
|
||||
{
|
||||
return gss_get_mic(minor_status,
|
||||
context_handle,
|
||||
(gss_qop_t)qop_req,
|
||||
message_buffer,
|
||||
message_token);
|
||||
}
|
||||
|
||||
OM_uint32 gss_verify
|
||||
(OM_uint32 * minor_status,
|
||||
gss_ctx_id_t context_handle,
|
||||
gss_buffer_t message_buffer,
|
||||
gss_buffer_t token_buffer,
|
||||
int * qop_state
|
||||
)
|
||||
{
|
||||
return gss_verify_mic(minor_status,
|
||||
context_handle,
|
||||
message_buffer,
|
||||
token_buffer,
|
||||
(gss_qop_t *)qop_state);
|
||||
}
|
||||
|
||||
OM_uint32 gss_seal
|
||||
(OM_uint32 * minor_status,
|
||||
gss_ctx_id_t context_handle,
|
||||
int conf_req_flag,
|
||||
int qop_req,
|
||||
gss_buffer_t input_message_buffer,
|
||||
int * conf_state,
|
||||
gss_buffer_t output_message_buffer
|
||||
)
|
||||
{
|
||||
return gss_wrap(minor_status,
|
||||
context_handle,
|
||||
conf_req_flag,
|
||||
(gss_qop_t)qop_req,
|
||||
input_message_buffer,
|
||||
conf_state,
|
||||
output_message_buffer);
|
||||
}
|
||||
|
||||
OM_uint32 gss_unseal
|
||||
(OM_uint32 * minor_status,
|
||||
gss_ctx_id_t context_handle,
|
||||
gss_buffer_t input_message_buffer,
|
||||
gss_buffer_t output_message_buffer,
|
||||
int * conf_state,
|
||||
int * qop_state
|
||||
)
|
||||
{
|
||||
return gss_unwrap(minor_status,
|
||||
context_handle,
|
||||
input_message_buffer,
|
||||
output_message_buffer,
|
||||
conf_state,
|
||||
(gss_qop_t *)qop_state);
|
||||
}
|
@ -1,322 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "gssapi_locl.h"
|
||||
|
||||
RCSID("$Id: verify_mic.c,v 1.18.2.4 2003/09/18 22:05:34 lha Exp $");
|
||||
|
||||
static OM_uint32
|
||||
verify_mic_des
|
||||
(OM_uint32 * minor_status,
|
||||
const gss_ctx_id_t context_handle,
|
||||
const gss_buffer_t message_buffer,
|
||||
const gss_buffer_t token_buffer,
|
||||
gss_qop_t * qop_state,
|
||||
krb5_keyblock *key,
|
||||
char *type
|
||||
)
|
||||
{
|
||||
u_char *p;
|
||||
MD5_CTX md5;
|
||||
u_char hash[16], seq_data[8];
|
||||
des_key_schedule schedule;
|
||||
des_cblock zero;
|
||||
des_cblock deskey;
|
||||
int32_t seq_number;
|
||||
OM_uint32 ret;
|
||||
|
||||
p = token_buffer->value;
|
||||
ret = gssapi_krb5_verify_header (&p,
|
||||
token_buffer->length,
|
||||
type);
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
if (memcmp(p, "\x00\x00", 2) != 0)
|
||||
return GSS_S_BAD_SIG;
|
||||
p += 2;
|
||||
if (memcmp (p, "\xff\xff\xff\xff", 4) != 0)
|
||||
return GSS_S_BAD_MIC;
|
||||
p += 4;
|
||||
p += 16;
|
||||
|
||||
/* verify checksum */
|
||||
MD5_Init (&md5);
|
||||
MD5_Update (&md5, p - 24, 8);
|
||||
MD5_Update (&md5, message_buffer->value,
|
||||
message_buffer->length);
|
||||
MD5_Final (hash, &md5);
|
||||
|
||||
memset (&zero, 0, sizeof(zero));
|
||||
memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
|
||||
|
||||
des_set_key (&deskey, schedule);
|
||||
des_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
|
||||
schedule, &zero);
|
||||
if (memcmp (p - 8, hash, 8) != 0) {
|
||||
memset (deskey, 0, sizeof(deskey));
|
||||
memset (schedule, 0, sizeof(schedule));
|
||||
return GSS_S_BAD_MIC;
|
||||
}
|
||||
|
||||
/* verify sequence number */
|
||||
|
||||
krb5_auth_getremoteseqnumber (gssapi_krb5_context,
|
||||
context_handle->auth_context,
|
||||
&seq_number);
|
||||
seq_data[0] = (seq_number >> 0) & 0xFF;
|
||||
seq_data[1] = (seq_number >> 8) & 0xFF;
|
||||
seq_data[2] = (seq_number >> 16) & 0xFF;
|
||||
seq_data[3] = (seq_number >> 24) & 0xFF;
|
||||
memset (seq_data + 4,
|
||||
(context_handle->more_flags & LOCAL) ? 0xFF : 0,
|
||||
4);
|
||||
|
||||
p -= 16;
|
||||
des_set_key (&deskey, schedule);
|
||||
des_cbc_encrypt ((void *)p, (void *)p, 8,
|
||||
schedule, (des_cblock *)hash, DES_DECRYPT);
|
||||
|
||||
memset (deskey, 0, sizeof(deskey));
|
||||
memset (schedule, 0, sizeof(schedule));
|
||||
|
||||
if (memcmp (p, seq_data, 8) != 0) {
|
||||
return GSS_S_BAD_MIC;
|
||||
}
|
||||
|
||||
krb5_auth_con_setremoteseqnumber (gssapi_krb5_context,
|
||||
context_handle->auth_context,
|
||||
++seq_number);
|
||||
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
||||
|
||||
static OM_uint32
|
||||
verify_mic_des3
|
||||
(OM_uint32 * minor_status,
|
||||
const gss_ctx_id_t context_handle,
|
||||
const gss_buffer_t message_buffer,
|
||||
const gss_buffer_t token_buffer,
|
||||
gss_qop_t * qop_state,
|
||||
krb5_keyblock *key,
|
||||
char *type
|
||||
)
|
||||
{
|
||||
u_char *p;
|
||||
u_char seq[8];
|
||||
int32_t seq_number;
|
||||
OM_uint32 ret;
|
||||
krb5_crypto crypto;
|
||||
krb5_data seq_data;
|
||||
int cmp, docompat;
|
||||
Checksum csum;
|
||||
char *tmp;
|
||||
char ivec[8];
|
||||
|
||||
p = token_buffer->value;
|
||||
ret = gssapi_krb5_verify_header (&p,
|
||||
token_buffer->length,
|
||||
type);
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
if (memcmp(p, "\x04\x00", 2) != 0) /* SGN_ALG = HMAC SHA1 DES3-KD */
|
||||
return GSS_S_BAD_SIG;
|
||||
p += 2;
|
||||
if (memcmp (p, "\xff\xff\xff\xff", 4) != 0)
|
||||
return GSS_S_BAD_MIC;
|
||||
p += 4;
|
||||
|
||||
ret = krb5_crypto_init(gssapi_krb5_context, key,
|
||||
ETYPE_DES3_CBC_NONE, &crypto);
|
||||
if (ret){
|
||||
gssapi_krb5_set_error_string ();
|
||||
*minor_status = ret;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
/* verify sequence number */
|
||||
docompat = 0;
|
||||
retry:
|
||||
if (docompat)
|
||||
memset(ivec, 0, 8);
|
||||
else
|
||||
memcpy(ivec, p + 8, 8);
|
||||
|
||||
ret = krb5_decrypt_ivec (gssapi_krb5_context,
|
||||
crypto,
|
||||
KRB5_KU_USAGE_SEQ,
|
||||
p, 8, &seq_data, ivec);
|
||||
if (ret) {
|
||||
if (docompat++) {
|
||||
gssapi_krb5_set_error_string ();
|
||||
krb5_crypto_destroy (gssapi_krb5_context, crypto);
|
||||
*minor_status = ret;
|
||||
return GSS_S_FAILURE;
|
||||
} else
|
||||
goto retry;
|
||||
}
|
||||
|
||||
if (seq_data.length != 8) {
|
||||
krb5_data_free (&seq_data);
|
||||
if (docompat++) {
|
||||
krb5_crypto_destroy (gssapi_krb5_context, crypto);
|
||||
return GSS_S_BAD_MIC;
|
||||
} else
|
||||
goto retry;
|
||||
}
|
||||
|
||||
krb5_auth_getremoteseqnumber (gssapi_krb5_context,
|
||||
context_handle->auth_context,
|
||||
&seq_number);
|
||||
seq[0] = (seq_number >> 0) & 0xFF;
|
||||
seq[1] = (seq_number >> 8) & 0xFF;
|
||||
seq[2] = (seq_number >> 16) & 0xFF;
|
||||
seq[3] = (seq_number >> 24) & 0xFF;
|
||||
memset (seq + 4,
|
||||
(context_handle->more_flags & LOCAL) ? 0xFF : 0,
|
||||
4);
|
||||
cmp = memcmp (seq, seq_data.data, seq_data.length);
|
||||
krb5_data_free (&seq_data);
|
||||
if (cmp != 0) {
|
||||
if (docompat++) {
|
||||
krb5_crypto_destroy (gssapi_krb5_context, crypto);
|
||||
return GSS_S_BAD_MIC;
|
||||
} else
|
||||
goto retry;
|
||||
}
|
||||
|
||||
/* verify checksum */
|
||||
|
||||
tmp = malloc (message_buffer->length + 8);
|
||||
if (tmp == NULL) {
|
||||
krb5_crypto_destroy (gssapi_krb5_context, crypto);
|
||||
*minor_status = ENOMEM;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
memcpy (tmp, p - 8, 8);
|
||||
memcpy (tmp + 8, message_buffer->value, message_buffer->length);
|
||||
|
||||
csum.cksumtype = CKSUMTYPE_HMAC_SHA1_DES3;
|
||||
csum.checksum.length = 20;
|
||||
csum.checksum.data = p + 8;
|
||||
|
||||
ret = krb5_verify_checksum (gssapi_krb5_context, crypto,
|
||||
KRB5_KU_USAGE_SIGN,
|
||||
tmp, message_buffer->length + 8,
|
||||
&csum);
|
||||
free (tmp);
|
||||
if (ret) {
|
||||
gssapi_krb5_set_error_string ();
|
||||
krb5_crypto_destroy (gssapi_krb5_context, crypto);
|
||||
*minor_status = ret;
|
||||
return GSS_S_BAD_MIC;
|
||||
}
|
||||
|
||||
krb5_auth_con_setremoteseqnumber (gssapi_krb5_context,
|
||||
context_handle->auth_context,
|
||||
++seq_number);
|
||||
|
||||
krb5_crypto_destroy (gssapi_krb5_context, crypto);
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
||||
|
||||
OM_uint32
|
||||
gss_verify_mic_internal
|
||||
(OM_uint32 * minor_status,
|
||||
const gss_ctx_id_t context_handle,
|
||||
const gss_buffer_t message_buffer,
|
||||
const gss_buffer_t token_buffer,
|
||||
gss_qop_t * qop_state,
|
||||
char * type
|
||||
)
|
||||
{
|
||||
krb5_keyblock *key;
|
||||
OM_uint32 ret;
|
||||
krb5_keytype keytype;
|
||||
|
||||
ret = gss_krb5_get_remotekey(context_handle, &key);
|
||||
if (ret) {
|
||||
gssapi_krb5_set_error_string ();
|
||||
*minor_status = ret;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
*minor_status = 0;
|
||||
krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype);
|
||||
switch (keytype) {
|
||||
case KEYTYPE_DES :
|
||||
ret = verify_mic_des (minor_status, context_handle,
|
||||
message_buffer, token_buffer, qop_state, key,
|
||||
type);
|
||||
break;
|
||||
case KEYTYPE_DES3 :
|
||||
ret = verify_mic_des3 (minor_status, context_handle,
|
||||
message_buffer, token_buffer, qop_state, key,
|
||||
type);
|
||||
break;
|
||||
case KEYTYPE_ARCFOUR :
|
||||
ret = _gssapi_verify_mic_arcfour (minor_status, context_handle,
|
||||
message_buffer, token_buffer,
|
||||
qop_state, key, type);
|
||||
break;
|
||||
default :
|
||||
*minor_status = KRB5_PROG_ETYPE_NOSUPP;
|
||||
ret = GSS_S_FAILURE;
|
||||
break;
|
||||
}
|
||||
krb5_free_keyblock (gssapi_krb5_context, key);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
OM_uint32
|
||||
gss_verify_mic
|
||||
(OM_uint32 * minor_status,
|
||||
const gss_ctx_id_t context_handle,
|
||||
const gss_buffer_t message_buffer,
|
||||
const gss_buffer_t token_buffer,
|
||||
gss_qop_t * qop_state
|
||||
)
|
||||
{
|
||||
OM_uint32 ret;
|
||||
|
||||
if (qop_state != NULL)
|
||||
*qop_state = GSS_C_QOP_DEFAULT;
|
||||
|
||||
ret = gss_verify_mic_internal(minor_status, context_handle,
|
||||
message_buffer, token_buffer,
|
||||
qop_state, "\x01\x01");
|
||||
|
||||
return ret;
|
||||
}
|
@ -1,454 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "gssapi_locl.h"
|
||||
|
||||
RCSID("$Id: wrap.c,v 1.21.2.1 2003/09/18 22:05:45 lha Exp $");
|
||||
|
||||
OM_uint32
|
||||
gss_krb5_get_localkey(const gss_ctx_id_t context_handle,
|
||||
krb5_keyblock **key)
|
||||
{
|
||||
krb5_keyblock *skey;
|
||||
|
||||
krb5_auth_con_getlocalsubkey(gssapi_krb5_context,
|
||||
context_handle->auth_context,
|
||||
&skey);
|
||||
if(skey == NULL)
|
||||
krb5_auth_con_getremotesubkey(gssapi_krb5_context,
|
||||
context_handle->auth_context,
|
||||
&skey);
|
||||
if(skey == NULL)
|
||||
krb5_auth_con_getkey(gssapi_krb5_context,
|
||||
context_handle->auth_context,
|
||||
&skey);
|
||||
if(skey == NULL)
|
||||
return GSS_S_FAILURE;
|
||||
*key = skey;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static OM_uint32
|
||||
sub_wrap_size (
|
||||
OM_uint32 req_output_size,
|
||||
OM_uint32 * max_input_size,
|
||||
int blocksize,
|
||||
int extrasize
|
||||
)
|
||||
{
|
||||
size_t len, total_len, padlength;
|
||||
padlength = blocksize - (req_output_size % blocksize);
|
||||
len = req_output_size + 8 + padlength + extrasize;
|
||||
gssapi_krb5_encap_length(len, &len, &total_len);
|
||||
*max_input_size = (OM_uint32)total_len;
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
||||
|
||||
OM_uint32
|
||||
gss_wrap_size_limit (
|
||||
OM_uint32 * minor_status,
|
||||
const gss_ctx_id_t context_handle,
|
||||
int conf_req_flag,
|
||||
gss_qop_t qop_req,
|
||||
OM_uint32 req_output_size,
|
||||
OM_uint32 * max_input_size
|
||||
)
|
||||
{
|
||||
krb5_keyblock *key;
|
||||
OM_uint32 ret;
|
||||
krb5_keytype keytype;
|
||||
|
||||
ret = gss_krb5_get_localkey(context_handle, &key);
|
||||
if (ret) {
|
||||
gssapi_krb5_set_error_string ();
|
||||
*minor_status = ret;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype);
|
||||
|
||||
switch (keytype) {
|
||||
case KEYTYPE_DES :
|
||||
case KEYTYPE_ARCFOUR:
|
||||
ret = sub_wrap_size(req_output_size, max_input_size, 8, 22);
|
||||
break;
|
||||
case KEYTYPE_DES3 :
|
||||
ret = sub_wrap_size(req_output_size, max_input_size, 8, 34);
|
||||
break;
|
||||
default :
|
||||
*minor_status = KRB5_PROG_ETYPE_NOSUPP;
|
||||
ret = GSS_S_FAILURE;
|
||||
break;
|
||||
}
|
||||
krb5_free_keyblock (gssapi_krb5_context, key);
|
||||
*minor_status = 0;
|
||||
return ret;
|
||||
}
|
||||
|
||||
static OM_uint32
|
||||
wrap_des
|
||||
(OM_uint32 * minor_status,
|
||||
const gss_ctx_id_t context_handle,
|
||||
int conf_req_flag,
|
||||
gss_qop_t qop_req,
|
||||
const gss_buffer_t input_message_buffer,
|
||||
int * conf_state,
|
||||
gss_buffer_t output_message_buffer,
|
||||
krb5_keyblock *key
|
||||
)
|
||||
{
|
||||
u_char *p;
|
||||
MD5_CTX md5;
|
||||
u_char hash[16];
|
||||
des_key_schedule schedule;
|
||||
des_cblock deskey;
|
||||
des_cblock zero;
|
||||
int i;
|
||||
int32_t seq_number;
|
||||
size_t len, total_len, padlength, datalen;
|
||||
|
||||
padlength = 8 - (input_message_buffer->length % 8);
|
||||
datalen = input_message_buffer->length + padlength + 8;
|
||||
len = datalen + 22;
|
||||
gssapi_krb5_encap_length (len, &len, &total_len);
|
||||
|
||||
output_message_buffer->length = total_len;
|
||||
output_message_buffer->value = malloc (total_len);
|
||||
if (output_message_buffer->value == NULL) {
|
||||
*minor_status = ENOMEM;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
p = gssapi_krb5_make_header(output_message_buffer->value,
|
||||
len,
|
||||
"\x02\x01"); /* TOK_ID */
|
||||
|
||||
/* SGN_ALG */
|
||||
memcpy (p, "\x00\x00", 2);
|
||||
p += 2;
|
||||
/* SEAL_ALG */
|
||||
if(conf_req_flag)
|
||||
memcpy (p, "\x00\x00", 2);
|
||||
else
|
||||
memcpy (p, "\xff\xff", 2);
|
||||
p += 2;
|
||||
/* Filler */
|
||||
memcpy (p, "\xff\xff", 2);
|
||||
p += 2;
|
||||
|
||||
/* fill in later */
|
||||
memset (p, 0, 16);
|
||||
p += 16;
|
||||
|
||||
/* confounder + data + pad */
|
||||
krb5_generate_random_block(p, 8);
|
||||
memcpy (p + 8, input_message_buffer->value,
|
||||
input_message_buffer->length);
|
||||
memset (p + 8 + input_message_buffer->length, padlength, padlength);
|
||||
|
||||
/* checksum */
|
||||
MD5_Init (&md5);
|
||||
MD5_Update (&md5, p - 24, 8);
|
||||
MD5_Update (&md5, p, datalen);
|
||||
MD5_Final (hash, &md5);
|
||||
|
||||
memset (&zero, 0, sizeof(zero));
|
||||
memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
|
||||
des_set_key (&deskey, schedule);
|
||||
des_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
|
||||
schedule, &zero);
|
||||
memcpy (p - 8, hash, 8);
|
||||
|
||||
/* sequence number */
|
||||
krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,
|
||||
context_handle->auth_context,
|
||||
&seq_number);
|
||||
|
||||
p -= 16;
|
||||
p[0] = (seq_number >> 0) & 0xFF;
|
||||
p[1] = (seq_number >> 8) & 0xFF;
|
||||
p[2] = (seq_number >> 16) & 0xFF;
|
||||
p[3] = (seq_number >> 24) & 0xFF;
|
||||
memset (p + 4,
|
||||
(context_handle->more_flags & LOCAL) ? 0 : 0xFF,
|
||||
4);
|
||||
|
||||
des_set_key (&deskey, schedule);
|
||||
des_cbc_encrypt ((void *)p, (void *)p, 8,
|
||||
schedule, (des_cblock *)(p + 8), DES_ENCRYPT);
|
||||
|
||||
krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,
|
||||
context_handle->auth_context,
|
||||
++seq_number);
|
||||
|
||||
/* encrypt the data */
|
||||
p += 16;
|
||||
|
||||
if(conf_req_flag) {
|
||||
memcpy (&deskey, key->keyvalue.data, sizeof(deskey));
|
||||
|
||||
for (i = 0; i < sizeof(deskey); ++i)
|
||||
deskey[i] ^= 0xf0;
|
||||
des_set_key (&deskey, schedule);
|
||||
memset (&zero, 0, sizeof(zero));
|
||||
des_cbc_encrypt ((void *)p,
|
||||
(void *)p,
|
||||
datalen,
|
||||
schedule,
|
||||
&zero,
|
||||
DES_ENCRYPT);
|
||||
|
||||
memset (deskey, 0, sizeof(deskey));
|
||||
memset (schedule, 0, sizeof(schedule));
|
||||
}
|
||||
if(conf_state != NULL)
|
||||
*conf_state = conf_req_flag;
|
||||
*minor_status = 0;
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
||||
|
||||
static OM_uint32
|
||||
wrap_des3
|
||||
(OM_uint32 * minor_status,
|
||||
const gss_ctx_id_t context_handle,
|
||||
int conf_req_flag,
|
||||
gss_qop_t qop_req,
|
||||
const gss_buffer_t input_message_buffer,
|
||||
int * conf_state,
|
||||
gss_buffer_t output_message_buffer,
|
||||
krb5_keyblock *key
|
||||
)
|
||||
{
|
||||
u_char *p;
|
||||
u_char seq[8];
|
||||
int32_t seq_number;
|
||||
size_t len, total_len, padlength, datalen;
|
||||
u_int32_t ret;
|
||||
krb5_crypto crypto;
|
||||
Checksum cksum;
|
||||
krb5_data encdata;
|
||||
|
||||
padlength = 8 - (input_message_buffer->length % 8);
|
||||
datalen = input_message_buffer->length + padlength + 8;
|
||||
len = datalen + 34;
|
||||
gssapi_krb5_encap_length (len, &len, &total_len);
|
||||
|
||||
output_message_buffer->length = total_len;
|
||||
output_message_buffer->value = malloc (total_len);
|
||||
if (output_message_buffer->value == NULL) {
|
||||
*minor_status = ENOMEM;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
p = gssapi_krb5_make_header(output_message_buffer->value,
|
||||
len,
|
||||
"\x02\x01"); /* TOK_ID */
|
||||
|
||||
/* SGN_ALG */
|
||||
memcpy (p, "\x04\x00", 2); /* HMAC SHA1 DES3-KD */
|
||||
p += 2;
|
||||
/* SEAL_ALG */
|
||||
if(conf_req_flag)
|
||||
memcpy (p, "\x02\x00", 2); /* DES3-KD */
|
||||
else
|
||||
memcpy (p, "\xff\xff", 2);
|
||||
p += 2;
|
||||
/* Filler */
|
||||
memcpy (p, "\xff\xff", 2);
|
||||
p += 2;
|
||||
|
||||
/* calculate checksum (the above + confounder + data + pad) */
|
||||
|
||||
memcpy (p + 20, p - 8, 8);
|
||||
krb5_generate_random_block(p + 28, 8);
|
||||
memcpy (p + 28 + 8, input_message_buffer->value,
|
||||
input_message_buffer->length);
|
||||
memset (p + 28 + 8 + input_message_buffer->length, padlength, padlength);
|
||||
|
||||
ret = krb5_crypto_init(gssapi_krb5_context, key, 0, &crypto);
|
||||
if (ret) {
|
||||
gssapi_krb5_set_error_string ();
|
||||
free (output_message_buffer->value);
|
||||
*minor_status = ret;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
ret = krb5_create_checksum (gssapi_krb5_context,
|
||||
crypto,
|
||||
KRB5_KU_USAGE_SIGN,
|
||||
0,
|
||||
p + 20,
|
||||
datalen + 8,
|
||||
&cksum);
|
||||
krb5_crypto_destroy (gssapi_krb5_context, crypto);
|
||||
if (ret) {
|
||||
gssapi_krb5_set_error_string ();
|
||||
free (output_message_buffer->value);
|
||||
*minor_status = ret;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
/* zero out SND_SEQ + SGN_CKSUM in case */
|
||||
memset (p, 0, 28);
|
||||
|
||||
memcpy (p + 8, cksum.checksum.data, cksum.checksum.length);
|
||||
free_Checksum (&cksum);
|
||||
|
||||
/* sequence number */
|
||||
krb5_auth_con_getlocalseqnumber (gssapi_krb5_context,
|
||||
context_handle->auth_context,
|
||||
&seq_number);
|
||||
|
||||
seq[0] = (seq_number >> 0) & 0xFF;
|
||||
seq[1] = (seq_number >> 8) & 0xFF;
|
||||
seq[2] = (seq_number >> 16) & 0xFF;
|
||||
seq[3] = (seq_number >> 24) & 0xFF;
|
||||
memset (seq + 4,
|
||||
(context_handle->more_flags & LOCAL) ? 0 : 0xFF,
|
||||
4);
|
||||
|
||||
|
||||
ret = krb5_crypto_init(gssapi_krb5_context, key, ETYPE_DES3_CBC_NONE,
|
||||
&crypto);
|
||||
if (ret) {
|
||||
free (output_message_buffer->value);
|
||||
*minor_status = ret;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
{
|
||||
des_cblock ivec;
|
||||
|
||||
memcpy (&ivec, p + 8, 8);
|
||||
ret = krb5_encrypt_ivec (gssapi_krb5_context,
|
||||
crypto,
|
||||
KRB5_KU_USAGE_SEQ,
|
||||
seq, 8, &encdata,
|
||||
&ivec);
|
||||
}
|
||||
krb5_crypto_destroy (gssapi_krb5_context, crypto);
|
||||
if (ret) {
|
||||
gssapi_krb5_set_error_string ();
|
||||
free (output_message_buffer->value);
|
||||
*minor_status = ret;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
assert (encdata.length == 8);
|
||||
|
||||
memcpy (p, encdata.data, encdata.length);
|
||||
krb5_data_free (&encdata);
|
||||
|
||||
krb5_auth_con_setlocalseqnumber (gssapi_krb5_context,
|
||||
context_handle->auth_context,
|
||||
++seq_number);
|
||||
|
||||
/* encrypt the data */
|
||||
p += 28;
|
||||
|
||||
if(conf_req_flag) {
|
||||
krb5_data tmp;
|
||||
|
||||
ret = krb5_crypto_init(gssapi_krb5_context, key,
|
||||
ETYPE_DES3_CBC_NONE, &crypto);
|
||||
if (ret) {
|
||||
gssapi_krb5_set_error_string ();
|
||||
free (output_message_buffer->value);
|
||||
*minor_status = ret;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
ret = krb5_encrypt(gssapi_krb5_context, crypto, KRB5_KU_USAGE_SEAL,
|
||||
p, datalen, &tmp);
|
||||
krb5_crypto_destroy(gssapi_krb5_context, crypto);
|
||||
if (ret) {
|
||||
gssapi_krb5_set_error_string ();
|
||||
free (output_message_buffer->value);
|
||||
*minor_status = ret;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
assert (tmp.length == datalen);
|
||||
|
||||
memcpy (p, tmp.data, datalen);
|
||||
krb5_data_free(&tmp);
|
||||
}
|
||||
if(conf_state != NULL)
|
||||
*conf_state = conf_req_flag;
|
||||
*minor_status = 0;
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
||||
|
||||
OM_uint32 gss_wrap
|
||||
(OM_uint32 * minor_status,
|
||||
const gss_ctx_id_t context_handle,
|
||||
int conf_req_flag,
|
||||
gss_qop_t qop_req,
|
||||
const gss_buffer_t input_message_buffer,
|
||||
int * conf_state,
|
||||
gss_buffer_t output_message_buffer
|
||||
)
|
||||
{
|
||||
krb5_keyblock *key;
|
||||
OM_uint32 ret;
|
||||
krb5_keytype keytype;
|
||||
|
||||
ret = gss_krb5_get_localkey(context_handle, &key);
|
||||
if (ret) {
|
||||
gssapi_krb5_set_error_string ();
|
||||
*minor_status = ret;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
krb5_enctype_to_keytype (gssapi_krb5_context, key->keytype, &keytype);
|
||||
|
||||
switch (keytype) {
|
||||
case KEYTYPE_DES :
|
||||
ret = wrap_des (minor_status, context_handle, conf_req_flag,
|
||||
qop_req, input_message_buffer, conf_state,
|
||||
output_message_buffer, key);
|
||||
break;
|
||||
case KEYTYPE_DES3 :
|
||||
ret = wrap_des3 (minor_status, context_handle, conf_req_flag,
|
||||
qop_req, input_message_buffer, conf_state,
|
||||
output_message_buffer, key);
|
||||
break;
|
||||
case KEYTYPE_ARCFOUR:
|
||||
ret = _gssapi_wrap_arcfour (minor_status, context_handle, conf_req_flag,
|
||||
qop_req, input_message_buffer, conf_state,
|
||||
output_message_buffer, key);
|
||||
break;
|
||||
default :
|
||||
*minor_status = KRB5_PROG_ETYPE_NOSUPP;
|
||||
ret = GSS_S_FAILURE;
|
||||
break;
|
||||
}
|
||||
krb5_free_keyblock (gssapi_krb5_context, key);
|
||||
return ret;
|
||||
}
|
@ -1,213 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of KTH nor the names of its contributors may be
|
||||
* used to endorse or promote products derived from this software without
|
||||
* specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
|
||||
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
|
||||
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
||||
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
||||
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
|
||||
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
||||
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
|
||||
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
||||
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
|
||||
|
||||
/* Converts a database from version 0.0* to 0.1. This is done by
|
||||
* making three copies of each DES key (DES-CBC-CRC, DES-CBC-MD4, and
|
||||
* DES-CBC-MD5).
|
||||
*
|
||||
* Use with care.
|
||||
*/
|
||||
|
||||
#include "hdb_locl.h"
|
||||
#include <getarg.h>
|
||||
#include <err.h>
|
||||
|
||||
RCSID("$Id: convert_db.c,v 1.12 2001/02/20 01:44:53 assar Exp $");
|
||||
|
||||
static krb5_error_code
|
||||
update_keytypes(krb5_context context, HDB *db, hdb_entry *entry, void *data)
|
||||
{
|
||||
int i;
|
||||
int n = 0;
|
||||
Key *k;
|
||||
int save_len;
|
||||
Key *save_val;
|
||||
HDB *new = data;
|
||||
krb5_error_code ret;
|
||||
|
||||
for(i = 0; i < entry->keys.len; i++)
|
||||
if(entry->keys.val[i].key.keytype == KEYTYPE_DES)
|
||||
n += 2;
|
||||
else if(entry->keys.val[i].key.keytype == KEYTYPE_DES3)
|
||||
n += 1;
|
||||
k = malloc(sizeof(*k) * (entry->keys.len + n));
|
||||
n = 0;
|
||||
for(i = 0; i < entry->keys.len; i++) {
|
||||
copy_Key(&entry->keys.val[i], &k[n]);
|
||||
if(entry->keys.val[i].key.keytype == KEYTYPE_DES) {
|
||||
copy_Key(&entry->keys.val[i], &k[n+1]);
|
||||
k[n+1].key.keytype = ETYPE_DES_CBC_MD4;
|
||||
copy_Key(&entry->keys.val[i], &k[n+2]);
|
||||
k[n+2].key.keytype = ETYPE_DES_CBC_MD5;
|
||||
n += 2;
|
||||
}
|
||||
else if(entry->keys.val[i].key.keytype == KEYTYPE_DES3) {
|
||||
copy_Key(&entry->keys.val[i], &k[n+1]);
|
||||
k[n+1].key.keytype = ETYPE_DES3_CBC_MD5;
|
||||
n += 1;
|
||||
}
|
||||
n++;
|
||||
}
|
||||
save_len = entry->keys.len;
|
||||
save_val = entry->keys.val;
|
||||
entry->keys.len = n;
|
||||
entry->keys.val = k;
|
||||
ret = new->store(context, new, HDB_F_REPLACE, entry);
|
||||
entry->keys.len = save_len;
|
||||
entry->keys.val = save_val;
|
||||
for(i = 0; i < n; i++)
|
||||
free_Key(&k[i]);
|
||||
free(k);
|
||||
return 0;
|
||||
}
|
||||
|
||||
static krb5_error_code
|
||||
update_version2(krb5_context context, HDB *db, hdb_entry *entry, void *data)
|
||||
{
|
||||
HDB *new = data;
|
||||
if(!db->master_key_set) {
|
||||
int i;
|
||||
for(i = 0; i < entry->keys.len; i++) {
|
||||
free(entry->keys.val[i].mkvno);
|
||||
entry->keys.val[i].mkvno = NULL;
|
||||
}
|
||||
}
|
||||
new->store(context, new, HDB_F_REPLACE, entry);
|
||||
return 0;
|
||||
}
|
||||
|
||||
char *old_database = HDB_DEFAULT_DB;
|
||||
char *new_database = HDB_DEFAULT_DB ".new";
|
||||
char *mkeyfile;
|
||||
int update_version;
|
||||
int help_flag;
|
||||
int version_flag;
|
||||
|
||||
struct getargs args[] = {
|
||||
{ "old-database", 0, arg_string, &old_database,
|
||||
"name of database to convert", "file" },
|
||||
{ "new-database", 0, arg_string, &new_database,
|
||||
"name of converted database", "file" },
|
||||
{ "master-key", 0, arg_string, &mkeyfile,
|
||||
"v5 master key file", "file" },
|
||||
{ "update-version", 0, arg_flag, &update_version,
|
||||
"update the database to the current version" },
|
||||
{ "help", 'h', arg_flag, &help_flag },
|
||||
{ "version", 0, arg_flag, &version_flag }
|
||||
};
|
||||
|
||||
static int num_args = sizeof(args) / sizeof(args[0]);
|
||||
|
||||
int
|
||||
main(int argc, char **argv)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
krb5_context context;
|
||||
HDB *db, *new;
|
||||
int optind = 0;
|
||||
int master_key_set = 0;
|
||||
|
||||
setprogname(argv[0]);
|
||||
|
||||
if(getarg(args, num_args, argc, argv, &optind))
|
||||
krb5_std_usage(1, args, num_args);
|
||||
|
||||
if(help_flag)
|
||||
krb5_std_usage(0, args, num_args);
|
||||
|
||||
if(version_flag){
|
||||
print_version(NULL);
|
||||
exit(0);
|
||||
}
|
||||
|
||||
ret = krb5_init_context(&context);
|
||||
if(ret != 0)
|
||||
errx(1, "krb5_init_context failed: %d", ret);
|
||||
|
||||
ret = hdb_create(context, &db, old_database);
|
||||
if(ret != 0)
|
||||
krb5_err(context, 1, ret, "hdb_create");
|
||||
|
||||
ret = hdb_set_master_keyfile(context, db, mkeyfile);
|
||||
if (ret)
|
||||
krb5_err(context, 1, ret, "hdb_set_master_keyfile");
|
||||
master_key_set = 1;
|
||||
ret = hdb_create(context, &new, new_database);
|
||||
if(ret != 0)
|
||||
krb5_err(context, 1, ret, "hdb_create");
|
||||
if (master_key_set) {
|
||||
ret = hdb_set_master_keyfile(context, new, mkeyfile);
|
||||
if (ret)
|
||||
krb5_err(context, 1, ret, "hdb_set_master_keyfile");
|
||||
}
|
||||
ret = db->open(context, db, O_RDONLY, 0);
|
||||
if(ret == HDB_ERR_BADVERSION) {
|
||||
krb5_data tag;
|
||||
krb5_data version;
|
||||
int foo;
|
||||
unsigned ver;
|
||||
tag.data = HDB_DB_FORMAT_ENTRY;
|
||||
tag.length = strlen(tag.data);
|
||||
ret = (*db->_get)(context, db, tag, &version);
|
||||
if(ret)
|
||||
krb5_errx(context, 1, "database is wrong version, "
|
||||
"but couldn't find version key (%s)",
|
||||
HDB_DB_FORMAT_ENTRY);
|
||||
foo = sscanf(version.data, "%u", &ver);
|
||||
krb5_data_free (&version);
|
||||
if(foo != 1)
|
||||
krb5_errx(context, 1, "database version is not a number");
|
||||
if(ver == 1 && HDB_DB_FORMAT == 2) {
|
||||
krb5_warnx(context, "will upgrade database from version %d to %d",
|
||||
ver, HDB_DB_FORMAT);
|
||||
krb5_warnx(context, "rerun to do other conversions");
|
||||
update_version = 1;
|
||||
} else
|
||||
krb5_errx(context, 1,
|
||||
"don't know how to upgrade from version %d to %d",
|
||||
ver, HDB_DB_FORMAT);
|
||||
} else if(ret)
|
||||
krb5_err(context, 1, ret, "%s", old_database);
|
||||
ret = new->open(context, new, O_CREAT|O_EXCL|O_RDWR, 0600);
|
||||
if(ret)
|
||||
krb5_err(context, 1, ret, "%s", new_database);
|
||||
if(update_version)
|
||||
ret = hdb_foreach(context, db, 0, update_version2, new);
|
||||
else
|
||||
ret = hdb_foreach(context, db, 0, update_keytypes, new);
|
||||
if(ret != 0)
|
||||
krb5_err(context, 1, ret, "hdb_foreach");
|
||||
db->close(context, db);
|
||||
new->close(context, new);
|
||||
krb5_warnx(context, "wrote converted database to `%s'", new_database);
|
||||
return 0;
|
||||
}
|
@ -31,7 +31,7 @@
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/* $Id: hdb_locl.h,v 1.18.4.1 2003/09/10 22:04:39 lha Exp $ */
|
||||
/* $Id: hdb_locl.h 22209 2007-12-07 19:03:41Z lha $ */
|
||||
/* $FreeBSD$ */
|
||||
|
||||
#ifndef __HDB_LOCL_H__
|
||||
@ -65,4 +65,7 @@
|
||||
#include <hdb.h>
|
||||
#include <hdb-private.h>
|
||||
|
||||
#define HDB_DEFAULT_DB HDB_DB_DIR "/heimdal"
|
||||
#define HDB_DB_FORMAT_ENTRY "hdb/db-format"
|
||||
|
||||
#endif /* __HDB_LOCL_H__ */
|
||||
|
@ -1,273 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "iprop.h"
|
||||
#include "parse_time.h"
|
||||
|
||||
RCSID("$Id: dump_log.c,v 1.13 2003/04/16 17:56:02 lha Exp $");
|
||||
|
||||
static char *op_names[] = {
|
||||
"get",
|
||||
"delete",
|
||||
"create",
|
||||
"rename",
|
||||
"chpass",
|
||||
"modify",
|
||||
"randkey",
|
||||
"get_privs",
|
||||
"get_princs",
|
||||
"chpass_with_key",
|
||||
"nop"
|
||||
};
|
||||
|
||||
static void
|
||||
print_entry(kadm5_server_context *server_context,
|
||||
u_int32_t ver,
|
||||
time_t timestamp,
|
||||
enum kadm_ops op,
|
||||
u_int32_t len,
|
||||
krb5_storage *sp)
|
||||
{
|
||||
char t[256];
|
||||
int32_t mask;
|
||||
hdb_entry ent;
|
||||
krb5_principal source;
|
||||
char *name1, *name2;
|
||||
krb5_data data;
|
||||
krb5_context context = server_context->context;
|
||||
|
||||
off_t end = krb5_storage_seek(sp, 0, SEEK_CUR) + len;
|
||||
|
||||
krb5_error_code ret;
|
||||
|
||||
strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S", localtime(×tamp));
|
||||
|
||||
if(op < kadm_get || op > kadm_nop) {
|
||||
printf("unknown op: %d\n", op);
|
||||
krb5_storage_seek(sp, end, SEEK_SET);
|
||||
return;
|
||||
}
|
||||
|
||||
printf ("%s: ver = %u, timestamp = %s, len = %u\n",
|
||||
op_names[op], ver, t, len);
|
||||
switch(op) {
|
||||
case kadm_delete:
|
||||
krb5_ret_principal(sp, &source);
|
||||
krb5_unparse_name(context, source, &name1);
|
||||
printf(" %s\n", name1);
|
||||
free(name1);
|
||||
krb5_free_principal(context, source);
|
||||
break;
|
||||
case kadm_rename:
|
||||
ret = krb5_data_alloc(&data, len);
|
||||
if (ret)
|
||||
krb5_err (context, 1, ret, "kadm_rename: data alloc: %d", len);
|
||||
krb5_ret_principal(sp, &source);
|
||||
krb5_storage_read(sp, data.data, data.length);
|
||||
hdb_value2entry(context, &data, &ent);
|
||||
krb5_unparse_name(context, source, &name1);
|
||||
krb5_unparse_name(context, ent.principal, &name2);
|
||||
printf(" %s -> %s\n", name1, name2);
|
||||
free(name1);
|
||||
free(name2);
|
||||
krb5_free_principal(context, source);
|
||||
hdb_free_entry(context, &ent);
|
||||
break;
|
||||
case kadm_create:
|
||||
ret = krb5_data_alloc(&data, len);
|
||||
if (ret)
|
||||
krb5_err (context, 1, ret, "kadm_create: data alloc: %d", len);
|
||||
krb5_storage_read(sp, data.data, data.length);
|
||||
ret = hdb_value2entry(context, &data, &ent);
|
||||
if(ret)
|
||||
abort();
|
||||
mask = ~0;
|
||||
goto foo;
|
||||
case kadm_modify:
|
||||
ret = krb5_data_alloc(&data, len);
|
||||
if (ret)
|
||||
krb5_err (context, 1, ret, "kadm_modify: data alloc: %d", len);
|
||||
krb5_ret_int32(sp, &mask);
|
||||
krb5_storage_read(sp, data.data, data.length);
|
||||
ret = hdb_value2entry(context, &data, &ent);
|
||||
if(ret)
|
||||
abort();
|
||||
foo:
|
||||
if(ent.principal /* mask & KADM5_PRINCIPAL */) {
|
||||
krb5_unparse_name(context, ent.principal, &name1);
|
||||
printf(" principal = %s\n", name1);
|
||||
free(name1);
|
||||
}
|
||||
if(mask & KADM5_PRINC_EXPIRE_TIME) {
|
||||
if(ent.valid_end == NULL) {
|
||||
strcpy(t, "never");
|
||||
} else {
|
||||
strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S",
|
||||
localtime(ent.valid_end));
|
||||
}
|
||||
printf(" expires = %s\n", t);
|
||||
}
|
||||
if(mask & KADM5_PW_EXPIRATION) {
|
||||
if(ent.pw_end == NULL) {
|
||||
strcpy(t, "never");
|
||||
} else {
|
||||
strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S",
|
||||
localtime(ent.pw_end));
|
||||
}
|
||||
printf(" password exp = %s\n", t);
|
||||
}
|
||||
if(mask & KADM5_LAST_PWD_CHANGE) {
|
||||
}
|
||||
if(mask & KADM5_ATTRIBUTES) {
|
||||
unparse_flags(HDBFlags2int(ent.flags),
|
||||
HDBFlags_units, t, sizeof(t));
|
||||
printf(" attributes = %s\n", t);
|
||||
}
|
||||
if(mask & KADM5_MAX_LIFE) {
|
||||
if(ent.max_life == NULL)
|
||||
strcpy(t, "for ever");
|
||||
else
|
||||
unparse_time(*ent.max_life, t, sizeof(t));
|
||||
printf(" max life = %s\n", t);
|
||||
}
|
||||
if(mask & KADM5_MAX_RLIFE) {
|
||||
if(ent.max_renew == NULL)
|
||||
strcpy(t, "for ever");
|
||||
else
|
||||
unparse_time(*ent.max_renew, t, sizeof(t));
|
||||
printf(" max rlife = %s\n", t);
|
||||
}
|
||||
if(mask & KADM5_MOD_TIME) {
|
||||
printf(" mod time\n");
|
||||
}
|
||||
if(mask & KADM5_MOD_NAME) {
|
||||
printf(" mod name\n");
|
||||
}
|
||||
if(mask & KADM5_KVNO) {
|
||||
printf(" kvno = %d\n", ent.kvno);
|
||||
}
|
||||
if(mask & KADM5_MKVNO) {
|
||||
printf(" mkvno\n");
|
||||
}
|
||||
if(mask & KADM5_AUX_ATTRIBUTES) {
|
||||
printf(" aux attributes\n");
|
||||
}
|
||||
if(mask & KADM5_POLICY) {
|
||||
printf(" policy\n");
|
||||
}
|
||||
if(mask & KADM5_POLICY_CLR) {
|
||||
printf(" mod time\n");
|
||||
}
|
||||
if(mask & KADM5_LAST_SUCCESS) {
|
||||
printf(" last success\n");
|
||||
}
|
||||
if(mask & KADM5_LAST_FAILED) {
|
||||
printf(" last failed\n");
|
||||
}
|
||||
if(mask & KADM5_FAIL_AUTH_COUNT) {
|
||||
printf(" fail auth count\n");
|
||||
}
|
||||
if(mask & KADM5_KEY_DATA) {
|
||||
printf(" key data\n");
|
||||
}
|
||||
if(mask & KADM5_TL_DATA) {
|
||||
printf(" tl data\n");
|
||||
}
|
||||
hdb_free_entry(context, &ent);
|
||||
break;
|
||||
case kadm_nop :
|
||||
break;
|
||||
default:
|
||||
abort();
|
||||
}
|
||||
krb5_storage_seek(sp, end, SEEK_SET);
|
||||
}
|
||||
|
||||
static char *realm;
|
||||
static int version_flag;
|
||||
static int help_flag;
|
||||
|
||||
static struct getargs args[] = {
|
||||
{ "realm", 'r', arg_string, &realm },
|
||||
{ "version", 0, arg_flag, &version_flag },
|
||||
{ "help", 0, arg_flag, &help_flag }
|
||||
};
|
||||
int num_args = sizeof(args) / sizeof(args[0]);
|
||||
|
||||
int
|
||||
main(int argc, char **argv)
|
||||
{
|
||||
krb5_context context;
|
||||
krb5_error_code ret;
|
||||
void *kadm_handle;
|
||||
kadm5_server_context *server_context;
|
||||
kadm5_config_params conf;
|
||||
|
||||
krb5_program_setup(&context, argc, argv, args, num_args, NULL);
|
||||
|
||||
if(help_flag)
|
||||
krb5_std_usage(0, args, num_args);
|
||||
if(version_flag) {
|
||||
print_version(NULL);
|
||||
exit(0);
|
||||
}
|
||||
|
||||
memset(&conf, 0, sizeof(conf));
|
||||
if(realm) {
|
||||
conf.mask |= KADM5_CONFIG_REALM;
|
||||
conf.realm = realm;
|
||||
}
|
||||
ret = kadm5_init_with_password_ctx (context,
|
||||
KADM5_ADMIN_SERVICE,
|
||||
NULL,
|
||||
KADM5_ADMIN_SERVICE,
|
||||
&conf, 0, 0,
|
||||
&kadm_handle);
|
||||
if (ret)
|
||||
krb5_err (context, 1, ret, "kadm5_init_with_password_ctx");
|
||||
|
||||
server_context = (kadm5_server_context *)kadm_handle;
|
||||
|
||||
ret = kadm5_log_init (server_context);
|
||||
if (ret)
|
||||
krb5_err (context, 1, ret, "kadm5_log_init");
|
||||
|
||||
ret = kadm5_log_foreach (server_context, print_entry);
|
||||
if(ret)
|
||||
krb5_warn(context, ret, "kadm5_log_foreach");
|
||||
|
||||
ret = kadm5_log_end (server_context);
|
||||
if (ret)
|
||||
krb5_warn(context, ret, "kadm5_log_end");
|
||||
return 0;
|
||||
}
|
@ -1,129 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 1997-2002 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "iprop.h"
|
||||
|
||||
RCSID("$Id: replay_log.c,v 1.9 2002/05/24 15:19:22 joda Exp $");
|
||||
|
||||
int start_version = -1;
|
||||
int end_version = -1;
|
||||
|
||||
static void
|
||||
apply_entry(kadm5_server_context *server_context,
|
||||
u_int32_t ver,
|
||||
time_t timestamp,
|
||||
enum kadm_ops op,
|
||||
u_int32_t len,
|
||||
krb5_storage *sp)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
|
||||
if((start_version != -1 && ver < start_version) ||
|
||||
(end_version != -1 && ver > end_version)) {
|
||||
/* XXX skip this entry */
|
||||
krb5_storage_seek(sp, len, SEEK_CUR);
|
||||
return;
|
||||
}
|
||||
printf ("ver %u... ", ver);
|
||||
fflush (stdout);
|
||||
|
||||
ret = kadm5_log_replay (server_context,
|
||||
op, ver, len, sp);
|
||||
if (ret)
|
||||
krb5_warn (server_context->context, ret, "kadm5_log_replay");
|
||||
|
||||
|
||||
printf ("done\n");
|
||||
}
|
||||
|
||||
int version_flag;
|
||||
int help_flag;
|
||||
struct getargs args[] = {
|
||||
{ "start-version", 0, arg_integer, &start_version, "start replay with this version" },
|
||||
{ "end-version", 0, arg_integer, &end_version, "end replay with this version" },
|
||||
{ "version", 0, arg_flag, &version_flag },
|
||||
{ "help", 0, arg_flag, &help_flag }
|
||||
};
|
||||
int num_args = sizeof(args) / sizeof(args[0]);
|
||||
|
||||
int
|
||||
main(int argc, char **argv)
|
||||
{
|
||||
krb5_context context;
|
||||
krb5_error_code ret;
|
||||
void *kadm_handle;
|
||||
kadm5_config_params conf;
|
||||
kadm5_server_context *server_context;
|
||||
|
||||
krb5_program_setup(&context, argc, argv, args, num_args, NULL);
|
||||
|
||||
if(help_flag)
|
||||
krb5_std_usage(0, args, num_args);
|
||||
if(version_flag) {
|
||||
print_version(NULL);
|
||||
exit(0);
|
||||
}
|
||||
|
||||
memset(&conf, 0, sizeof(conf));
|
||||
ret = kadm5_init_with_password_ctx (context,
|
||||
KADM5_ADMIN_SERVICE,
|
||||
NULL,
|
||||
KADM5_ADMIN_SERVICE,
|
||||
&conf, 0, 0,
|
||||
&kadm_handle);
|
||||
if (ret)
|
||||
krb5_err (context, 1, ret, "kadm5_init_with_password_ctx");
|
||||
|
||||
server_context = (kadm5_server_context *)kadm_handle;
|
||||
|
||||
ret = server_context->db->open(context,
|
||||
server_context->db,
|
||||
O_RDWR | O_CREAT, 0);
|
||||
if (ret)
|
||||
krb5_err (context, 1, ret, "db->open");
|
||||
|
||||
ret = kadm5_log_init (server_context);
|
||||
if (ret)
|
||||
krb5_err (context, 1, ret, "kadm5_log_init");
|
||||
|
||||
ret = kadm5_log_foreach (server_context, apply_entry);
|
||||
if(ret)
|
||||
krb5_warn(context, ret, "kadm5_log_foreach");
|
||||
ret = kadm5_log_end (server_context);
|
||||
if (ret)
|
||||
krb5_warn(context, ret, "kadm5_log_end");
|
||||
ret = server_context->db->close (context, server_context->db);
|
||||
if (ret)
|
||||
krb5_err (context, 1, ret, "db->close");
|
||||
return 0;
|
||||
}
|
@ -1,89 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2003 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "iprop.h"
|
||||
|
||||
RCSID("$Id: truncate_log.c,v 1.1.8.1 2003/10/14 15:58:46 joda Exp $");
|
||||
|
||||
static char *realm;
|
||||
static int version_flag;
|
||||
static int help_flag;
|
||||
|
||||
static struct getargs args[] = {
|
||||
{ "realm", 'r', arg_string, &realm },
|
||||
{ "version", 0, arg_flag, &version_flag },
|
||||
{ "help", 0, arg_flag, &help_flag }
|
||||
};
|
||||
|
||||
static int num_args = sizeof(args) / sizeof(args[0]);
|
||||
|
||||
int
|
||||
main(int argc, char **argv)
|
||||
{
|
||||
krb5_context context;
|
||||
krb5_error_code ret;
|
||||
void *kadm_handle;
|
||||
kadm5_server_context *server_context;
|
||||
kadm5_config_params conf;
|
||||
|
||||
krb5_program_setup(&context, argc, argv, args, num_args, NULL);
|
||||
|
||||
if(help_flag)
|
||||
krb5_std_usage(0, args, num_args);
|
||||
if(version_flag) {
|
||||
print_version(NULL);
|
||||
exit(0);
|
||||
}
|
||||
|
||||
memset(&conf, 0, sizeof(conf));
|
||||
if(realm) {
|
||||
conf.mask |= KADM5_CONFIG_REALM;
|
||||
conf.realm = realm;
|
||||
}
|
||||
|
||||
ret = kadm5_init_with_password_ctx (context,
|
||||
KADM5_ADMIN_SERVICE,
|
||||
NULL,
|
||||
KADM5_ADMIN_SERVICE,
|
||||
&conf, 0, 0,
|
||||
&kadm_handle);
|
||||
if (ret)
|
||||
krb5_err (context, 1, ret, "kadm5_init_with_password_ctx");
|
||||
|
||||
server_context = (kadm5_server_context *)kadm_handle;
|
||||
|
||||
ret = kadm5_log_truncate (server_context);
|
||||
if(ret)
|
||||
krb5_err (context, 1, ret, "kadm5_log_truncate");
|
||||
return 0;
|
||||
}
|
File diff suppressed because it is too large
Load Diff
@ -1,71 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 1999 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of KTH nor the names of its contributors may be
|
||||
* used to endorse or promote products derived from this software without
|
||||
* specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
|
||||
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
|
||||
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
||||
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
||||
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
|
||||
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
||||
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
|
||||
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
||||
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
|
||||
|
||||
#include "krb5_locl.h"
|
||||
|
||||
RCSID("$Id: dump_config.c,v 1.2 1999/10/28 23:22:41 assar Exp $");
|
||||
|
||||
/* print contents of krb5.conf */
|
||||
|
||||
static void
|
||||
print_tree(struct krb5_config_binding *b, int level)
|
||||
{
|
||||
if (b == NULL)
|
||||
return;
|
||||
|
||||
printf("%*s%s%s%s", level * 4, "",
|
||||
(level == 0) ? "[" : "", b->name, (level == 0) ? "]" : "");
|
||||
if(b->type == krb5_config_list) {
|
||||
if(level > 0)
|
||||
printf(" = {");
|
||||
printf("\n");
|
||||
print_tree(b->u.list, level + 1);
|
||||
if(level > 0)
|
||||
printf("%*s}\n", level * 4, "");
|
||||
} else if(b->type == krb5_config_string) {
|
||||
printf(" = %s\n", b->u.string);
|
||||
}
|
||||
if(b->next)
|
||||
print_tree(b->next, level);
|
||||
}
|
||||
|
||||
int
|
||||
main(int argc, char **argv)
|
||||
{
|
||||
krb5_context context;
|
||||
krb5_error_code ret = krb5_init_context(&context);
|
||||
if(ret == 0) {
|
||||
print_tree(context->cf, 0);
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
@ -1,101 +0,0 @@
|
||||
.\" Copyright (c) 1997, 2001 - 2002 Kungliga Tekniska Högskolan
|
||||
.\" (Royal Institute of Technology, Stockholm, Sweden).
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
.\" are met:
|
||||
.\"
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\"
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\"
|
||||
.\" 3. Neither the name of the Institute nor the names of its contributors
|
||||
.\" may be used to endorse or promote products derived from this software
|
||||
.\" without specific prior written permission.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $Id: krb5_build_principal.3,v 1.7 2003/04/16 13:58:14 lha Exp $
|
||||
.\"
|
||||
.Dd August 8, 1997
|
||||
.Dt KRB5_BUILD_PRINCIPAL 3
|
||||
.Os HEIMDAL
|
||||
.Sh NAME
|
||||
.Nm krb5_build_principal ,
|
||||
.Nm krb5_build_principal_ext ,
|
||||
.Nm krb5_build_principal_va ,
|
||||
.Nm krb5_build_principal_va_ext ,
|
||||
.Nm krb5_make_principal
|
||||
.Nd principal creation functions
|
||||
.Sh LIBRARY
|
||||
Kerberos 5 Library (libkrb5, -lkrb5)
|
||||
.Sh SYNOPSIS
|
||||
.In krb5.h
|
||||
.Ft krb5_error_code
|
||||
.Fn krb5_build_principal "krb5_context context" "krb5_principal *principal" "int realm_len" "krb5_const_realm realm" "..."
|
||||
.Ft krb5_error_code
|
||||
.Fn krb5_build_principal_ext "krb5_context context" "krb5_principal *principal" "int realm_len" "krb5_const_realm realm" "..."
|
||||
.Ft krb5_error_code
|
||||
.Fn krb5_build_principal_va "krb5_context context" "krb5_principal *principal" "int realm_len" "krb5_const_realm realm" "va_list ap"
|
||||
.Ft krb5_error_code
|
||||
.Fn krb5_build_principal_va_ext "krb5_context context" "krb5_principal *principal" "int realm_len" "krb5_const_realm realm" "va_list ap"
|
||||
.Ft krb5_error_code
|
||||
.Fn krb5_make_principal "krb5_context context" "krb5_principal *principal" "krb5_const_realm realm" "..."
|
||||
.Sh DESCRIPTION
|
||||
These functions create a Kerberos 5 principal from a realm and a list
|
||||
of components.
|
||||
All of these functions return an allocated principal in the
|
||||
.Fa principal
|
||||
parameter, this should be freed with
|
||||
.Fn krb5_free_principal
|
||||
after use.
|
||||
.Pp
|
||||
The
|
||||
.Dq build
|
||||
functions take a
|
||||
.Fa realm
|
||||
and the length of the realm. The
|
||||
.Fn krb5_build_principal
|
||||
and
|
||||
.Fn krb5_build_principal_va
|
||||
also takes a list of components (zero-terminated strings), terminated
|
||||
with
|
||||
.Dv NULL .
|
||||
The
|
||||
.Fn krb5_build_principal_ext
|
||||
and
|
||||
.Fn krb5_build_principal_va_ext
|
||||
takes a list of length-value pairs, the list is terminated with a zero
|
||||
length.
|
||||
.Pp
|
||||
The
|
||||
.Fn krb5_make_principal
|
||||
is a wrapper around
|
||||
.Fn krb5_build_principal .
|
||||
If the realm is
|
||||
.Dv NULL ,
|
||||
the default realm will be used.
|
||||
.Sh BUGS
|
||||
You can not have a NUL in a component. Until someone can give a good
|
||||
example of where it would be a good idea to have NUL's in a component,
|
||||
this will not be fixed.
|
||||
.Sh SEE ALSO
|
||||
.Xr krb5_425_conv_principal 3 ,
|
||||
.Xr krb5_free_principal 3 ,
|
||||
.Xr krb5_parse_name 3 ,
|
||||
.Xr krb5_sname_to_principal 3 ,
|
||||
.Xr krb5_unparse_name 3
|
@ -1,53 +0,0 @@
|
||||
.\" Copyright (c) 2001 Kungliga Tekniska Högskolan
|
||||
.\" (Royal Institute of Technology, Stockholm, Sweden).
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
.\" are met:
|
||||
.\"
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\"
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\"
|
||||
.\" 3. Neither the name of the Institute nor the names of its contributors
|
||||
.\" may be used to endorse or promote products derived from this software
|
||||
.\" without specific prior written permission.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $Id: krb5_free_addresses.3,v 1.5 2003/04/16 13:58:15 lha Exp $
|
||||
.\"
|
||||
.Dd November 20, 2001
|
||||
.Dt KRB5_FREE_ADDRESSES 3
|
||||
.Os HEIMDAL
|
||||
.Sh NAME
|
||||
.Nm krb5_free_addresses
|
||||
.Nd free list of addresses
|
||||
.Sh LIBRARY
|
||||
Kerberos 5 Library (libkrb5, -lkrb5)
|
||||
.Sh SYNOPSIS
|
||||
.In krb5.h
|
||||
.Ft void
|
||||
.Fn krb5_free_addresses "krb5_context context" "krb5_addresses *addresses"
|
||||
.Sh DESCRIPTION
|
||||
The
|
||||
.Fn krb5_free_addresses
|
||||
will free a list of addresses that has been created with
|
||||
.Fn krb5_get_all_client_addrs
|
||||
or with some other function.
|
||||
.Sh SEE ALSO
|
||||
.Xr krb5_get_all_client_addrs 3
|
@ -1,58 +0,0 @@
|
||||
.\" Copyright (c) 1997, 2001 - 2002 Kungliga Tekniska Högskolan
|
||||
.\" (Royal Institute of Technology, Stockholm, Sweden).
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
.\" are met:
|
||||
.\"
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\"
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\"
|
||||
.\" 3. Neither the name of the Institute nor the names of its contributors
|
||||
.\" may be used to endorse or promote products derived from this software
|
||||
.\" without specific prior written permission.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" Copyright (c) 1997 Kungliga Tekniska Högskolan
|
||||
.\" $Id: krb5_free_principal.3,v 1.7 2003/04/16 13:58:11 lha Exp $
|
||||
.Dd August 8, 1997
|
||||
.Dt KRB5_FREE_PRINCIPAL 3
|
||||
.Os HEIMDAL
|
||||
.Sh NAME
|
||||
.Nm krb5_free_principal
|
||||
.Nd principal free function
|
||||
.Sh LIBRARY
|
||||
Kerberos 5 Library (libkrb5, -lkrb5)
|
||||
.Sh SYNOPSIS
|
||||
.In krb5.h
|
||||
.Ft void
|
||||
.Fn krb5_free_principal "krb5_context context" "krb5_principal principal"
|
||||
.Sh DESCRIPTION
|
||||
The
|
||||
.Fn krb5_free_principal
|
||||
will free a principal that has been created with
|
||||
.Fn krb5_build_principal ,
|
||||
.Fn krb5_parse_name ,
|
||||
or with some other function.
|
||||
.Sh SEE ALSO
|
||||
.Xr krb5_425_conv_principal 3 ,
|
||||
.Xr krb5_build_principal 3 ,
|
||||
.Xr krb5_parse_name 3 ,
|
||||
.Xr krb5_sname_to_principal 3 ,
|
||||
.Xr krb5_unparse_name 3
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997-2002 Kungliga Tekniska Högskolan
|
||||
* Copyright (c) 1997-2006 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -31,7 +31,7 @@
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/* $Id: krb5_locl.h,v 1.71 2002/09/10 20:10:45 joda Exp $ */
|
||||
/* $Id: krb5_locl.h 22226 2007-12-08 21:31:53Z lha $ */
|
||||
/* $FreeBSD$ */
|
||||
|
||||
#ifndef __KRB5_LOCL_H__
|
||||
@ -51,6 +51,9 @@
|
||||
#ifdef HAVE_SYS_TYPES_H
|
||||
#include <sys/types.h>
|
||||
#endif
|
||||
#ifdef HAVE_SYS_MMAN_H
|
||||
#include <sys/mman.h>
|
||||
#endif
|
||||
#ifdef HAVE_UNISTD_H
|
||||
#include <unistd.h>
|
||||
#endif
|
||||
@ -62,6 +65,9 @@
|
||||
#include <sys/ioctl.h>
|
||||
#endif
|
||||
#ifdef HAVE_PWD_H
|
||||
#undef _POSIX_PTHREAD_SEMANTICS
|
||||
/* This gets us the 5-arg getpwnam_r on Solaris 9. */
|
||||
#define _POSIX_PTHREAD_SEMANTICS
|
||||
#include <pwd.h>
|
||||
#endif
|
||||
|
||||
@ -110,20 +116,51 @@ struct sockaddr_dl;
|
||||
#ifdef HAVE_SYS_FILE_H
|
||||
#include <sys/file.h>
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_CRYPT_H
|
||||
#undef des_encrypt
|
||||
#define des_encrypt wingless_pigs_mostly_fail_to_fly
|
||||
#include <crypt.h>
|
||||
#undef des_encrypt
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_DOOR_CREATE
|
||||
#include <door.h>
|
||||
#endif
|
||||
|
||||
#include <roken.h>
|
||||
#include <parse_time.h>
|
||||
#include <base64.h>
|
||||
|
||||
#include "crypto-headers.h"
|
||||
|
||||
|
||||
#include <krb5_asn1.h>
|
||||
|
||||
struct send_to_kdc;
|
||||
|
||||
/* XXX glue for pkinit */
|
||||
struct krb5_pk_identity;
|
||||
struct krb5_pk_cert;
|
||||
struct ContentInfo;
|
||||
typedef struct krb5_pk_init_ctx_data *krb5_pk_init_ctx;
|
||||
struct krb5_dh_moduli;
|
||||
|
||||
/* v4 glue */
|
||||
struct _krb5_krb_auth_data;
|
||||
|
||||
#include <der.h>
|
||||
|
||||
#include <krb5.h>
|
||||
#include <krb5_err.h>
|
||||
#include <asn1_err.h>
|
||||
#ifdef PKINIT
|
||||
#include <hx509_err.h>
|
||||
#endif
|
||||
#include <krb5-private.h>
|
||||
|
||||
#include "heim_threads.h"
|
||||
|
||||
#define ALLOC(X, N) (X) = calloc((N), sizeof(*(X)))
|
||||
#define ALLOC_SEQ(X, N) do { (X)->len = (N); ALLOC((X)->val, (N)); } while(0)
|
||||
|
||||
@ -131,8 +168,101 @@ struct sockaddr_dl;
|
||||
#define KEYTAB_DEFAULT "ANY:FILE:" SYSCONFDIR "/krb5.keytab,krb4:" SYSCONFDIR "/srvtab"
|
||||
#define KEYTAB_DEFAULT_MODIFY "FILE:" SYSCONFDIR "/krb5.keytab"
|
||||
|
||||
#define MODULI_FILE SYSCONFDIR "/krb5.moduli"
|
||||
|
||||
#ifndef O_BINARY
|
||||
#define O_BINARY 0
|
||||
#endif
|
||||
|
||||
#define KRB5_BUFSIZ 1024
|
||||
|
||||
typedef enum {
|
||||
KRB5_INIT_CREDS_TRISTATE_UNSET = 0,
|
||||
KRB5_INIT_CREDS_TRISTATE_TRUE,
|
||||
KRB5_INIT_CREDS_TRISTATE_FALSE
|
||||
} krb5_get_init_creds_tristate;
|
||||
|
||||
struct _krb5_get_init_creds_opt_private {
|
||||
int refcount;
|
||||
/* ENC_TIMESTAMP */
|
||||
const char *password;
|
||||
krb5_s2k_proc key_proc;
|
||||
/* PA_PAC_REQUEST */
|
||||
krb5_get_init_creds_tristate req_pac;
|
||||
/* PKINIT */
|
||||
krb5_pk_init_ctx pk_init_ctx;
|
||||
KRB_ERROR *error;
|
||||
krb5_get_init_creds_tristate addressless;
|
||||
int flags;
|
||||
#define KRB5_INIT_CREDS_CANONICALIZE 1
|
||||
#define KRB5_INIT_CREDS_NO_C_CANON_CHECK 2
|
||||
};
|
||||
|
||||
typedef struct krb5_context_data {
|
||||
krb5_enctype *etypes;
|
||||
krb5_enctype *etypes_des;
|
||||
char **default_realms;
|
||||
time_t max_skew;
|
||||
time_t kdc_timeout;
|
||||
unsigned max_retries;
|
||||
int32_t kdc_sec_offset;
|
||||
int32_t kdc_usec_offset;
|
||||
krb5_config_section *cf;
|
||||
struct et_list *et_list;
|
||||
struct krb5_log_facility *warn_dest;
|
||||
krb5_cc_ops *cc_ops;
|
||||
int num_cc_ops;
|
||||
const char *http_proxy;
|
||||
const char *time_fmt;
|
||||
krb5_boolean log_utc;
|
||||
const char *default_keytab;
|
||||
const char *default_keytab_modify;
|
||||
krb5_boolean use_admin_kdc;
|
||||
krb5_addresses *extra_addresses;
|
||||
krb5_boolean scan_interfaces; /* `ifconfig -a' */
|
||||
krb5_boolean srv_lookup; /* do SRV lookups */
|
||||
krb5_boolean srv_try_txt; /* try TXT records also */
|
||||
int32_t fcache_vno; /* create cache files w/ this
|
||||
version */
|
||||
int num_kt_types; /* # of registered keytab types */
|
||||
struct krb5_keytab_data *kt_types; /* registered keytab types */
|
||||
const char *date_fmt;
|
||||
char *error_string;
|
||||
char error_buf[256];
|
||||
krb5_addresses *ignore_addresses;
|
||||
char *default_cc_name;
|
||||
char *default_cc_name_env;
|
||||
int default_cc_name_set;
|
||||
void *mutex; /* protects error_string/error_buf */
|
||||
int large_msg_size;
|
||||
int flags;
|
||||
#define KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME 1
|
||||
#define KRB5_CTX_F_CHECK_PAC 2
|
||||
struct send_to_kdc *send_to_kdc;
|
||||
} krb5_context_data;
|
||||
|
||||
#define KRB5_DEFAULT_CCNAME_FILE "FILE:/tmp/krb5cc_%{uid}"
|
||||
#define KRB5_DEFAULT_CCNAME_API "API:"
|
||||
#define KRB5_DEFAULT_CCNAME_KCM "KCM:%{uid}"
|
||||
|
||||
#define EXTRACT_TICKET_ALLOW_CNAME_MISMATCH 1
|
||||
#define EXTRACT_TICKET_ALLOW_SERVER_MISMATCH 2
|
||||
#define EXTRACT_TICKET_MATCH_REALM 4
|
||||
|
||||
/*
|
||||
* Configurable options
|
||||
*/
|
||||
|
||||
#ifndef KRB5_DEFAULT_CCTYPE
|
||||
#ifdef __APPLE__
|
||||
#define KRB5_DEFAULT_CCTYPE (&krb5_acc_ops)
|
||||
#else
|
||||
#define KRB5_DEFAULT_CCTYPE (&krb5_fcc_ops)
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifndef KRB5_ADDRESSLESS_DEFAULT
|
||||
#define KRB5_ADDRESSLESS_DEFAULT TRUE
|
||||
#endif
|
||||
|
||||
#endif /* __KRB5_LOCL_H__ */
|
||||
|
@ -1,81 +0,0 @@
|
||||
.\" Copyright (c) 2001 Kungliga Tekniska Högskolan
|
||||
.\" (Royal Institute of Technology, Stockholm, Sweden).
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
.\" are met:
|
||||
.\"
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\"
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\"
|
||||
.\" 3. Neither the name of the Institute nor the names of its contributors
|
||||
.\" may be used to endorse or promote products derived from this software
|
||||
.\" without specific prior written permission.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $Id: krb5_principal_get_realm.3,v 1.6 2003/04/16 13:58:17 lha Exp $
|
||||
.\"
|
||||
.Dd June 20, 2001
|
||||
.Dt KRB5_PRINCIPAL_GET_REALM 3
|
||||
.Os HEIMDAL
|
||||
.Sh NAME
|
||||
.Nm krb5_principal_get_realm ,
|
||||
.Nm krb5_principal_get_comp_string
|
||||
.Nd decompose a principal
|
||||
.Sh LIBRARY
|
||||
Kerberos 5 Library (libkrb5, -lkrb5)
|
||||
.Sh SYNOPSIS
|
||||
.In krb5.h
|
||||
.Ft "const char *"
|
||||
.Fn krb5_principal_get_realm "krb5_context context" "krb5_principal principal"
|
||||
.Ft "const char *"
|
||||
.Fn krb5_principal_get_comp_string "krb5_context context" "krb5_principal principal" "unsigned int component"
|
||||
.Sh DESCRIPTION
|
||||
These functions return parts of the
|
||||
.Fa principal ,
|
||||
either the realm or a specific component. The returned string points
|
||||
to data inside the principal, so they are valid only as long as the
|
||||
principal exists.
|
||||
.Pp
|
||||
The
|
||||
.Fa component
|
||||
argument to
|
||||
.Fn krb5_principal_get_comp_string
|
||||
is the component number to return, from zero to the total number of
|
||||
components minus one. If a the requested component number is out of range,
|
||||
.Dv NULL
|
||||
is returned.
|
||||
.Pp
|
||||
These functions can be seen as a replacement for the
|
||||
.Fn krb5_princ_realm ,
|
||||
.Fn krb5_princ_component
|
||||
and related macros, described as intermal in the MIT API
|
||||
specification. A difference is that these functions return strings,
|
||||
not
|
||||
.Dv krb5_data .
|
||||
A reason to return
|
||||
.Dv krb5_data
|
||||
was that it was believed that principal components could contain
|
||||
binary data, but this belief was unfounded, and it has been decided
|
||||
that principal components are infact UTF8, so it's safe to use zero
|
||||
terminated strings.
|
||||
.Pp
|
||||
It's generally not necessary to look at the components of a principal.
|
||||
.Sh SEE ALSO
|
||||
.Xr krb5_unparse_name 3
|
@ -1,85 +0,0 @@
|
||||
.\" Copyright (c) 1997 Kungliga Tekniska Högskolan
|
||||
.\" (Royal Institute of Technology, Stockholm, Sweden).
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
.\" are met:
|
||||
.\"
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\"
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\"
|
||||
.\" 3. Neither the name of the Institute nor the names of its contributors
|
||||
.\" may be used to endorse or promote products derived from this software
|
||||
.\" without specific prior written permission.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $Id: krb5_sname_to_principal.3,v 1.7 2003/04/16 13:58:17 lha Exp $
|
||||
.\"
|
||||
.Dd August 8, 1997
|
||||
.Dt KRB5_PRINCIPAL 3
|
||||
.Os HEIMDAL
|
||||
.Sh NAME
|
||||
.Nm krb5_sname_to_principal ,
|
||||
.Nm krb5_sock_to_principal
|
||||
.Nd create a service principal
|
||||
.Sh LIBRARY
|
||||
Kerberos 5 Library (libkrb5, -lkrb5)
|
||||
.Sh SYNOPSIS
|
||||
.In krb5.h
|
||||
.Ft krb5_error_code
|
||||
.Fn krb5_sname_to_principal "krb5_context context" "const char *hostname" "const char *sname" "int32_t type" "krb5_principal *principal"
|
||||
.Ft krb5_error_code
|
||||
.Fn krb5_sock_to_principal "krb5_context context" "int socket" "const char *sname" "int32_t type" "krb5_principal *principal"
|
||||
.Sh DESCRIPTION
|
||||
These functions create a
|
||||
.Dq service
|
||||
principal that can, for instance, be used to lookup a key in a keytab. For both these function the
|
||||
.Fa sname
|
||||
parameter will be used for the first component of the created principal. If
|
||||
.Fa sname
|
||||
is
|
||||
.Dv NULL ,
|
||||
.Dq host
|
||||
will be used instead.
|
||||
.Fn krb5_sname_to_principal
|
||||
will use the passed
|
||||
.Fa hostname
|
||||
for the second component. If type
|
||||
.Dv KRB5_NT_SRV_HST
|
||||
this name will be looked up with
|
||||
.Fn gethostbyname .
|
||||
If
|
||||
.Fa hostname is
|
||||
.Dv NULL ,
|
||||
the local hostname will be used.
|
||||
.Pp
|
||||
.Fn krb5_sock_to_principal
|
||||
will use the
|
||||
.Dq sockname
|
||||
of the passed
|
||||
.Fa socket ,
|
||||
which should be a bound
|
||||
.Dv AF_INET
|
||||
socket.
|
||||
.Sh SEE ALSO
|
||||
.Xr krb5_425_conv_principal 3 ,
|
||||
.Xr krb5_build_principal 3 ,
|
||||
.Xr krb5_free_principal 3 ,
|
||||
.Xr krb5_parse_name 3 ,
|
||||
.Xr krb5_unparse_name 3
|
@ -1,36 +0,0 @@
|
||||
@BOTTOM@
|
||||
|
||||
#ifdef BROKEN_REALLOC
|
||||
#define realloc(X, Y) isoc_realloc((X), (Y))
|
||||
#define isoc_realloc(X, Y) ((X) ? realloc((X), (Y)) : malloc(Y))
|
||||
#endif
|
||||
|
||||
#ifdef VOID_RETSIGTYPE
|
||||
#define SIGRETURN(x) return
|
||||
#else
|
||||
#define SIGRETURN(x) return (RETSIGTYPE)(x)
|
||||
#endif
|
||||
|
||||
#define RCSID(msg) \
|
||||
static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg }
|
||||
|
||||
#undef PROTOTYPES
|
||||
|
||||
/* Maximum values on all known systems */
|
||||
#define MaxHostNameLen (64+4)
|
||||
#define MaxPathLen (1024+4)
|
||||
|
||||
/*
|
||||
* Define NDBM if you are using the 4.3 ndbm library (which is part of
|
||||
* libc). If not defined, 4.2 dbm will be assumed.
|
||||
*/
|
||||
#if defined(HAVE_DBM_FIRSTKEY)
|
||||
#define NDBM
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Defining this enables lots of useful (and used) extensions on
|
||||
* glibc-based systems such as Linux
|
||||
*/
|
||||
|
||||
#define _GNU_SOURCE
|
@ -1,9 +0,0 @@
|
||||
dnl $Id$
|
||||
dnl
|
||||
dnl Only put things that for some reason can't live in the `cf'
|
||||
dnl directory in this file.
|
||||
dnl
|
||||
|
||||
dnl $xId: misc.m4,v 1.1 1997/12/14 15:59:04 joda Exp $
|
||||
dnl
|
||||
define(upcase,`echo $1 | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`)dnl
|
@ -1,78 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 1998 - 2001 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
RCSID("$Id: print_version.c,v 1.8 2001/02/20 01:44:55 assar Exp $");
|
||||
#endif
|
||||
#include "roken.h"
|
||||
|
||||
#include "print_version.h"
|
||||
|
||||
void
|
||||
print_version(const char *progname)
|
||||
{
|
||||
const char *arg[] = VERSIONLIST;
|
||||
const int num_args = sizeof(arg) / sizeof(arg[0]);
|
||||
char *msg;
|
||||
size_t len = 0;
|
||||
int i;
|
||||
|
||||
if(progname == NULL)
|
||||
progname = getprogname();
|
||||
|
||||
if(num_args == 0)
|
||||
msg = "no version information";
|
||||
else {
|
||||
for(i = 0; i < num_args; i++) {
|
||||
if(i > 0)
|
||||
len += 2;
|
||||
len += strlen(arg[i]);
|
||||
}
|
||||
msg = malloc(len + 1);
|
||||
if(msg == NULL) {
|
||||
fprintf(stderr, "%s: out of memory\n", progname);
|
||||
return;
|
||||
}
|
||||
msg[0] = '\0';
|
||||
for(i = 0; i < num_args; i++) {
|
||||
if(i > 0)
|
||||
strcat(msg, ", ");
|
||||
strcat(msg, arg[i]);
|
||||
}
|
||||
}
|
||||
fprintf(stderr, "%s (%s)\n", progname, msg);
|
||||
fprintf(stderr, "Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan\n");
|
||||
if(num_args != 0)
|
||||
free(msg);
|
||||
}
|
@ -1,15 +0,0 @@
|
||||
//{{NO_DEPENDENCIES}}
|
||||
// Microsoft Developer Studio generated include file.
|
||||
// Used by roken.rc
|
||||
//
|
||||
|
||||
// Next default values for new objects
|
||||
//
|
||||
#ifdef APSTUDIO_INVOKED
|
||||
#ifndef APSTUDIO_READONLY_SYMBOLS
|
||||
#define _APS_NEXT_RESOURCE_VALUE 101
|
||||
#define _APS_NEXT_COMMAND_VALUE 40001
|
||||
#define _APS_NEXT_CONTROL_VALUE 1000
|
||||
#define _APS_NEXT_SYMED_VALUE 101
|
||||
#endif
|
||||
#endif
|
File diff suppressed because it is too large
Load Diff
@ -1,150 +0,0 @@
|
||||
#! /bin/sh
|
||||
# mkinstalldirs --- make directory hierarchy
|
||||
|
||||
scriptversion=2004-02-15.20
|
||||
|
||||
# Original author: Noah Friedman <friedman@prep.ai.mit.edu>
|
||||
# Created: 1993-05-16
|
||||
# Public domain.
|
||||
#
|
||||
# This file is maintained in Automake, please report
|
||||
# bugs to <bug-automake@gnu.org> or send patches to
|
||||
# <automake-patches@gnu.org>.
|
||||
|
||||
errstatus=0
|
||||
dirmode=""
|
||||
|
||||
usage="\
|
||||
Usage: mkinstalldirs [-h] [--help] [--version] [-m MODE] DIR ...
|
||||
|
||||
Create each directory DIR (with mode MODE, if specified), including all
|
||||
leading file name components.
|
||||
|
||||
Report bugs to <bug-automake@gnu.org>."
|
||||
|
||||
# process command line arguments
|
||||
while test $# -gt 0 ; do
|
||||
case $1 in
|
||||
-h | --help | --h*) # -h for help
|
||||
echo "$usage"
|
||||
exit 0
|
||||
;;
|
||||
-m) # -m PERM arg
|
||||
shift
|
||||
test $# -eq 0 && { echo "$usage" 1>&2; exit 1; }
|
||||
dirmode=$1
|
||||
shift
|
||||
;;
|
||||
--version)
|
||||
echo "$0 $scriptversion"
|
||||
exit 0
|
||||
;;
|
||||
--) # stop option processing
|
||||
shift
|
||||
break
|
||||
;;
|
||||
-*) # unknown option
|
||||
echo "$usage" 1>&2
|
||||
exit 1
|
||||
;;
|
||||
*) # first non-opt arg
|
||||
break
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
for file
|
||||
do
|
||||
if test -d "$file"; then
|
||||
shift
|
||||
else
|
||||
break
|
||||
fi
|
||||
done
|
||||
|
||||
case $# in
|
||||
0) exit 0 ;;
|
||||
esac
|
||||
|
||||
# Solaris 8's mkdir -p isn't thread-safe. If you mkdir -p a/b and
|
||||
# mkdir -p a/c at the same time, both will detect that a is missing,
|
||||
# one will create a, then the other will try to create a and die with
|
||||
# a "File exists" error. This is a problem when calling mkinstalldirs
|
||||
# from a parallel make. We use --version in the probe to restrict
|
||||
# ourselves to GNU mkdir, which is thread-safe.
|
||||
case $dirmode in
|
||||
'')
|
||||
if mkdir -p --version . >/dev/null 2>&1 && test ! -d ./--version; then
|
||||
echo "mkdir -p -- $*"
|
||||
exec mkdir -p -- "$@"
|
||||
else
|
||||
# On NextStep and OpenStep, the `mkdir' command does not
|
||||
# recognize any option. It will interpret all options as
|
||||
# directories to create, and then abort because `.' already
|
||||
# exists.
|
||||
test -d ./-p && rmdir ./-p
|
||||
test -d ./--version && rmdir ./--version
|
||||
fi
|
||||
;;
|
||||
*)
|
||||
if mkdir -m "$dirmode" -p --version . >/dev/null 2>&1 &&
|
||||
test ! -d ./--version; then
|
||||
echo "mkdir -m $dirmode -p -- $*"
|
||||
exec mkdir -m "$dirmode" -p -- "$@"
|
||||
else
|
||||
# Clean up after NextStep and OpenStep mkdir.
|
||||
for d in ./-m ./-p ./--version "./$dirmode";
|
||||
do
|
||||
test -d $d && rmdir $d
|
||||
done
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
|
||||
for file
|
||||
do
|
||||
set fnord `echo ":$file" | sed -ne 's/^:\//#/;s/^://;s/\// /g;s/^#/\//;p'`
|
||||
shift
|
||||
|
||||
pathcomp=
|
||||
for d
|
||||
do
|
||||
pathcomp="$pathcomp$d"
|
||||
case $pathcomp in
|
||||
-*) pathcomp=./$pathcomp ;;
|
||||
esac
|
||||
|
||||
if test ! -d "$pathcomp"; then
|
||||
echo "mkdir $pathcomp"
|
||||
|
||||
mkdir "$pathcomp" || lasterr=$?
|
||||
|
||||
if test ! -d "$pathcomp"; then
|
||||
errstatus=$lasterr
|
||||
else
|
||||
if test ! -z "$dirmode"; then
|
||||
echo "chmod $dirmode $pathcomp"
|
||||
lasterr=""
|
||||
chmod "$dirmode" "$pathcomp" || lasterr=$?
|
||||
|
||||
if test ! -z "$lasterr"; then
|
||||
errstatus=$lasterr
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
pathcomp="$pathcomp/"
|
||||
done
|
||||
done
|
||||
|
||||
exit $errstatus
|
||||
|
||||
# Local Variables:
|
||||
# mode: shell-script
|
||||
# sh-indentation: 2
|
||||
# eval: (add-hook 'write-file-hooks 'time-stamp)
|
||||
# time-stamp-start: "scriptversion="
|
||||
# time-stamp-format: "%:y-%02m-%02d.%02H"
|
||||
# time-stamp-end: "$"
|
||||
# End:
|
@ -1,212 +0,0 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# Build many combinations of kth-krb/heimdal/openssl
|
||||
#
|
||||
# $Id: build.sh,v 1.8 2003/04/17 12:55:02 lha Exp $
|
||||
|
||||
opt_n= #:
|
||||
make_f= #-j
|
||||
|
||||
heimdal_versions="0.5.2 0.6pre4"
|
||||
krb4_versions="1.2.2"
|
||||
openssl_versions="0.9.6i 0.9.7a 0.9.7b"
|
||||
|
||||
make_check_version=".*heimdal-0.6.*"
|
||||
|
||||
# 0.5 dont eat 0.9.7
|
||||
dont_build="openssl-0.9.7.*heimdal-0.5.*"
|
||||
# 1.2 dont eat 0.9.7
|
||||
dont_build="openssl-0.9.7.*krb4-1.2.* ${dont_build}"
|
||||
#yacc problems
|
||||
dont_build="openssl-0.9.6.*heimdal-0.5.*osf4.* ${dont_build}"
|
||||
#local openssl 09.7 and broken kuser/Makefile.am
|
||||
dont_build="openssl-0.9.6.*heimdal-0.5.*freebsd4.8.* ${dont_build}"
|
||||
failed=
|
||||
|
||||
# Allow override
|
||||
for a in $HOME . /etc ; do
|
||||
[ -f $a/.heimdal-build ] && . $a/.heimdal-build
|
||||
done
|
||||
|
||||
targetdir=${targetdir:-/scratch/heimdal-test}
|
||||
logfile="${targetdir}/buildlog"
|
||||
|
||||
distdirs="${distdirs} /afs/su.se/home/l/h/lha/Public/openssl"
|
||||
distdirs="${distdirs} /afs/pdc.kth.se/public/ftp/pub/heimdal/src"
|
||||
distdirs="${distdirs} /afs/pdc.kth.se/public/ftp/pub/heimdal/src/snapshots"
|
||||
distdirs="${distdirs} /afs/pdc.kth.se/public/ftp/pub/krb/src"
|
||||
|
||||
|
||||
logprint () {
|
||||
d=`date '+%Y-%m-%d %H:%M:%S'`
|
||||
echo "${d}: $*"
|
||||
echo "${d}: --- $*" >> ${logfile}
|
||||
}
|
||||
|
||||
logerror () {
|
||||
echo "$*"
|
||||
exit 1
|
||||
}
|
||||
|
||||
find_unzip_prog () {
|
||||
unzip_prog=
|
||||
oldIFS="$IFS"
|
||||
IFS=:
|
||||
set -- $PATH
|
||||
IFS="$oldIFS"
|
||||
for a in $* ; do
|
||||
if [ -x $a/gzip ] ; then
|
||||
unzip_prog="$a/gzip -dc"
|
||||
break
|
||||
elif [ -x $a/gunzip ] ; then
|
||||
unzip_prog="$a/gunzip -c"
|
||||
break
|
||||
fi
|
||||
done
|
||||
[ "$unzip_prog" = "" ] && logerror failed to find unzip program
|
||||
}
|
||||
|
||||
find_canon_name () {
|
||||
canon_name=
|
||||
for a in ${distdirs} ; do
|
||||
if [ -f $a/config.guess ] ; then
|
||||
canon_name=`$a/config.guess`
|
||||
fi
|
||||
if [ "${canon_name}" != "" ] ; then
|
||||
break
|
||||
fi
|
||||
done
|
||||
[ "${canon_name}" = "" ] && logerror "cant find config.guess"
|
||||
}
|
||||
|
||||
do_check_p () {
|
||||
eval check_var=\$"$1"
|
||||
for a in ${check_var} ; do
|
||||
expr "$2${canon_name}" : "${a}" > /dev/null 2>&1 && return 1
|
||||
done
|
||||
return 0
|
||||
}
|
||||
|
||||
unpack_tar () {
|
||||
for a in ${distdirs} ; do
|
||||
if [ -f $a/$1 ] ; then
|
||||
${opt_n} ${unzip_prog} ${a}/$1 | ${opt_n} tar xf -
|
||||
return 0
|
||||
fi
|
||||
done
|
||||
logerror "did not find $1"
|
||||
}
|
||||
|
||||
build () {
|
||||
real_ver=$1
|
||||
prog=$2
|
||||
ver=$3
|
||||
confprog=$4
|
||||
checks=$5
|
||||
pv=${prog}-${ver}
|
||||
mkdir tmp || logerror "failed to build tmpdir"
|
||||
cd tmp || logerror "failed to change dir to tmpdir"
|
||||
do_check_p dont_build ${real_ver} || \
|
||||
{ cd .. ; rmdir tmp ; logprint "not building $1" && return 0 ; }
|
||||
cd .. || logerror "failed to change back from tmpdir"
|
||||
rmdir tmp || logerror "failed to remove tmpdir"
|
||||
logprint "preparing for ${pv}"
|
||||
${opt_n} rm -rf ${targetdir}/${prog}-${ver}
|
||||
${opt_n} rm -rf ${prog}-${ver}
|
||||
unpack_tar ${pv}.tar.gz
|
||||
${opt_n} cd ${pv} || logerror directory ${pv} not there
|
||||
logprint "configure ${prog} ${ver} (${confprog})"
|
||||
${opt_n} ./${confprog} \
|
||||
--prefix=${targetdir}/${pv} >> ${logfile} 2>&1 || \
|
||||
{ logprint failed to configure ${pv} ; return 1 ; }
|
||||
logprint "make ${prog} ${ver}"
|
||||
${opt_n} make ${make_f} >> ${logfile} 2>&1 || \
|
||||
{ logprint failed to make ${pv} ; return 1 ; }
|
||||
${opt_n} make install >> ${logfile} 2>&1 || \
|
||||
{ logprint failed to install ${pv} ; return 1 ; }
|
||||
do_check_p make_check_version ${real_ver} || \
|
||||
{ ${opt_n} make check >> ${logfile} 2>&1 || return 1 ; }
|
||||
${opt_n} cd ..
|
||||
[ "${checks}" != "" ] && ${opt_n} ${checks} >> ${logfile} 2>&1
|
||||
return 0
|
||||
}
|
||||
|
||||
find_canon_name
|
||||
|
||||
logprint using host `hostname`
|
||||
logprint `uname -a`
|
||||
logprint canonical name ${canon_name}
|
||||
|
||||
logprint clearing logfile
|
||||
> ${logfile}
|
||||
|
||||
find_unzip_prog
|
||||
|
||||
logprint using target dir ${targetdir}
|
||||
mkdir -p ${targetdir}/src
|
||||
cd ${targetdir}/src || exit 1
|
||||
rm -rf heimdal* openssl* krb4*
|
||||
|
||||
logprint === building openssl versions
|
||||
for vo in ${openssl_versions} ; do
|
||||
build openssl-${vo} openssl $vo config
|
||||
done
|
||||
|
||||
wssl="--with-openssl=${targetdir}/openssl"
|
||||
wssli="--with-openssl-include=${targetdir}/openssl" #this is a hack for broken heimdal 0.5.x autoconf test
|
||||
wossl="--without-openssl"
|
||||
wk4c="--with-krb4-config=${targetdir}/krb4"
|
||||
bk4c="/bin/krb4-config"
|
||||
wok4="--without-krb4"
|
||||
|
||||
logprint === building heimdal w/o krb4 versions
|
||||
for vo in ${openssl_versions} ; do
|
||||
for vh in ${heimdal_versions} ; do
|
||||
v="openssl-${vo}-heimdal-${vh}"
|
||||
build "${v}" \
|
||||
heimdal ${vh} \
|
||||
"configure ${wok4} ${wssl}-${vo} ${wssli}-${vo}/include" \
|
||||
"${targetdir}/heimdal-${vh}/bin/krb5-config --libs | grep lcrypto" \ || \
|
||||
{ failed="${failed} ${v}" ; logprint ${v} failed ; }
|
||||
done
|
||||
done
|
||||
|
||||
logprint === building krb4
|
||||
for vo in ${openssl_versions} ; do
|
||||
for vk in ${krb4_versions} ; do
|
||||
v="openssl-${vo}-krb4-${vk}"
|
||||
build "${v}" \
|
||||
krb4 ${vk} \
|
||||
"configure ${wssl}-${vo}" \
|
||||
"${targetdir}/krb4-${vk}/bin/krb4-config --libs | grep lcrypto"|| \
|
||||
{ failed="${failed} ${v}" ; logprint ${v} failed ; }
|
||||
done
|
||||
done
|
||||
|
||||
logprint === building heimdal with krb4 versions
|
||||
for vo in ${openssl_versions} ; do
|
||||
for vk in ${krb4_versions} ; do
|
||||
for vh in ${heimdal_versions} ; do
|
||||
v="openssl-${vo}-krb4-${vk}-heimdal-${vh}"
|
||||
build "${v}" \
|
||||
heimdal ${vh} \
|
||||
"configure ${wk4c}-${vk}${bk4c} ${wssl}-${vo} ${wssli}-${vo}/include" \
|
||||
"${targetdir}/heimdal-${vh}/bin/krb5-config --libs | grep lcrypto && ${targetdir}/heimdal-${vh}/bin/krb5-config --libs | grep krb4" \
|
||||
|| \
|
||||
{ failed="${failed} ${v}" ; logprint ${v} failed ; }
|
||||
done
|
||||
done
|
||||
done
|
||||
|
||||
logprint === building heimdal without krb4 and openssl versions
|
||||
for vh in ${heimdal_versions} ; do
|
||||
v="des-heimdal-${vh}"
|
||||
build "${v}" \
|
||||
heimdal ${vh} \
|
||||
"configure ${wok4} ${wossl}" || \
|
||||
{ failed="${failed} ${v}" ; logprint ${v} failed ; }
|
||||
done
|
||||
|
||||
logprint all done
|
||||
[ "${failed}" != "" ] && logprint "failed: ${failed}"
|
||||
exit 0
|
@ -1,4 +1,6 @@
|
||||
# $FreeBSD$
|
||||
#
|
||||
# Name OID Library name Kernel module
|
||||
kerberosv5 1.2.840.113554.1.2.2 /usr/lib/libgssapi_krb5.so.9 -
|
||||
kerberosv5 1.2.840.113554.1.2.2 /usr/lib/libgssapi_krb5.so.10 -
|
||||
spnego 1.3.6.1.5.5.2 /usr/lib/libgssapi_spnego.so.10 -
|
||||
#ntlm 1.3.6.1.4.1.311.2.2.10 /usr/lib/libgssapi_ntlm.so.10 -
|
||||
|
@ -34,8 +34,8 @@ LDADD= ${LIBCVS} ${LIBDIFF} -lgnuregex -lmd -lcrypt -lz
|
||||
|
||||
.if ${MK_KERBEROS_SUPPORT} != "no"
|
||||
CFLAGS+= -DHAVE_GSSAPI -DENCRYPTION
|
||||
LDADD+= -lgssapi -lkrb5 -lasn1 -lcrypto -lroken -lcrypt -lcom_err
|
||||
DPADD+= ${LIBGSSAPI} ${LIBKRB5} ${LIBASN1} ${LIBCRYPTO} ${LIBROKEN}
|
||||
LDADD+= -lgssapi -lkrb5 -lhx509 -lasn1 -lcrypto -lroken -lcrypt -lcom_err
|
||||
DPADD+= ${LIBGSSAPI} ${LIBKRB5} ${LIBHX509} ${LIBASN1} ${LIBCRYPTO} ${LIBROKEN}
|
||||
DPADD+= ${LIBCRYPT} ${LIBCOM_ERR}
|
||||
.endif
|
||||
|
||||
|
@ -41,6 +41,11 @@
|
||||
*/
|
||||
#include <stdint.h>
|
||||
|
||||
#ifndef _SSIZE_T_DECLARED
|
||||
typedef __ssize_t ssize_t;
|
||||
#define _SSIZE_T_DECLARED
|
||||
#endif
|
||||
|
||||
#if 0
|
||||
/*
|
||||
* If the platform supports the xom.h header file, it should be
|
||||
@ -732,25 +737,101 @@ OM_uint32 gss_unseal
|
||||
);
|
||||
|
||||
/*
|
||||
* kerberos mechanism specific functions
|
||||
* Other extensions and helper functions.
|
||||
*/
|
||||
struct krb5_ccache_data;
|
||||
#define GSS_C_KRB5_COMPAT_DES3_MIC 1
|
||||
|
||||
OM_uint32 gsskrb5_register_acceptor_identity
|
||||
(const char * /* identity */
|
||||
int gss_oid_equal
|
||||
(const gss_OID, /* first OID to compare */
|
||||
const gss_OID /* second OID to compare */
|
||||
);
|
||||
|
||||
OM_uint32 gss_krb5_copy_ccache
|
||||
(OM_uint32 *, /* minor_status */
|
||||
gss_cred_id_t, /* cred_handle */
|
||||
struct krb5_ccache_data * /* out */
|
||||
OM_uint32 gss_release_oid
|
||||
(OM_uint32 *, /* minor status */
|
||||
gss_OID * /* oid to free */
|
||||
);
|
||||
|
||||
OM_uint32 gss_krb5_compat_des3_mic
|
||||
(OM_uint32 *, /* minor_status */
|
||||
gss_ctx_id_t, /* context_handle */
|
||||
int /* flag */
|
||||
OM_uint32 gss_decapsulate_token
|
||||
(const gss_buffer_t, /* mechanism independent token */
|
||||
gss_OID, /* desired mechanism */
|
||||
gss_buffer_t /* decapsulated mechanism dependant token */
|
||||
);
|
||||
|
||||
OM_uint32 gss_encapsulate_token
|
||||
(const gss_buffer_t, /* mechanism dependant token */
|
||||
gss_OID, /* desired mechanism */
|
||||
gss_buffer_t /* encapsulated mechanism independent token */
|
||||
);
|
||||
|
||||
OM_uint32 gss_duplicate_oid
|
||||
(OM_uint32 *, /* minor status */
|
||||
const gss_OID, /* oid to copy */
|
||||
gss_OID * /* result */
|
||||
);
|
||||
|
||||
OM_uint32 gss_oid_to_str
|
||||
(OM_uint32 *, /* minor status */
|
||||
gss_OID, /* oid to convert */
|
||||
gss_buffer_t /* buffer to contain string */
|
||||
);
|
||||
|
||||
typedef struct gss_buffer_set_desc_struct {
|
||||
size_t count;
|
||||
gss_buffer_desc *elements;
|
||||
} gss_buffer_set_desc, *gss_buffer_set_t;
|
||||
|
||||
#define GSS_C_NO_BUFFER_SET ((gss_buffer_set_t) 0)
|
||||
|
||||
OM_uint32 gss_create_empty_buffer_set
|
||||
(OM_uint32 *, /* minor status */
|
||||
gss_buffer_set_t * /* location for new buffer set */
|
||||
);
|
||||
|
||||
OM_uint32 gss_add_buffer_set_member
|
||||
(OM_uint32 *, /* minor status */
|
||||
gss_buffer_t, /* buffer to add */
|
||||
gss_buffer_set_t * /* set to add to */
|
||||
);
|
||||
|
||||
OM_uint32 gss_release_buffer_set
|
||||
(OM_uint32 *, /* minor status */
|
||||
gss_buffer_set_t * /* set to release */
|
||||
);
|
||||
|
||||
OM_uint32 gss_inquire_sec_context_by_oid
|
||||
(OM_uint32 *, /* minor_status */
|
||||
const gss_ctx_id_t, /* context_handle */
|
||||
const gss_OID, /* desired_object */
|
||||
gss_buffer_set_t * /* result */
|
||||
);
|
||||
|
||||
OM_uint32 gss_inquire_cred_by_oid
|
||||
(OM_uint32 *, /* minor_status */
|
||||
const gss_cred_id_t, /* cred_handle */
|
||||
const gss_OID, /* desired_object */
|
||||
gss_buffer_set_t * /* result */
|
||||
);
|
||||
|
||||
OM_uint32 gss_set_sec_context_option
|
||||
(OM_uint32 *, /* minor status */
|
||||
gss_ctx_id_t *, /* context */
|
||||
const gss_OID, /* option to set */
|
||||
const gss_buffer_t /* option value */
|
||||
);
|
||||
|
||||
OM_uint32 gss_set_cred_option
|
||||
(OM_uint32 *, /* minor status */
|
||||
gss_cred_id_t *, /* cred */
|
||||
const gss_OID, /* option to set */
|
||||
const gss_buffer_t /* option value */
|
||||
);
|
||||
|
||||
OM_uint32 gss_pseudo_random
|
||||
(OM_uint32 *, /* minor status */
|
||||
gss_ctx_id_t, /* context handle */
|
||||
int prf_key, /* XXX */
|
||||
const gss_buffer_t, /* data to seed generator */
|
||||
ssize_t, /* amount of data required */
|
||||
gss_buffer_t /* buffer for result */
|
||||
);
|
||||
|
||||
#endif /* _GSSAPI_GSSAPI_H_ */
|
||||
|
@ -25,7 +25,10 @@ ETSRCS= \
|
||||
${KRB5DIR}/lib/kadm5/kadm5_err.et \
|
||||
${KRB5DIR}/lib/krb5/heim_err.et \
|
||||
${KRB5DIR}/lib/krb5/k524_err.et \
|
||||
${KRB5DIR}/lib/krb5/krb5_err.et
|
||||
${KRB5DIR}/lib/krb5/krb5_err.et \
|
||||
${KRB5DIR}/lib/krb5/krb_err.et \
|
||||
${KRB5DIR}/lib/gssapi/krb5/gkrb5_err.et \
|
||||
${KRB5DIR}/lib/hx509/hx509_err.et
|
||||
|
||||
.for ET in ${ETSRCS}
|
||||
.for _ET in ${ET:T:R}
|
||||
|
@ -1,5 +1,5 @@
|
||||
/* include/config.h. Generated automatically by configure. */
|
||||
/* include/config.h.in. Generated automatically from configure.in by autoheader. */
|
||||
/* include/config.h. Generated from config.h.in by configure. */
|
||||
/* include/config.h.in. Generated from configure.in by autoheader. */
|
||||
|
||||
/* $FreeBSD$ */
|
||||
|
||||
@ -10,34 +10,40 @@
|
||||
static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
|
||||
#endif
|
||||
|
||||
#define BINDIR "/usr/bin"
|
||||
#define LIBDIR "/usr/lib"
|
||||
#define LIBEXECDIR "/usr/libexec"
|
||||
#define SBINDIR "/usr/sbin"
|
||||
#define SYSCONFDIR "/etc"
|
||||
|
||||
#define HAVE_INT8_T 1
|
||||
#define HAVE_INT16_T 1
|
||||
#define HAVE_INT32_T 1
|
||||
#define HAVE_INT64_T 1
|
||||
#define HAVE_U_INT8_T 1
|
||||
#define HAVE_U_INT16_T 1
|
||||
#define HAVE_U_INT32_T 1
|
||||
#define HAVE_U_INT64_T 1
|
||||
#define HAVE_UINT8_T 1
|
||||
#define HAVE_UINT16_T 1
|
||||
#define HAVE_UINT32_T 1
|
||||
#define HAVE_UINT64_T 1
|
||||
|
||||
/* Maximum values on all known systems */
|
||||
#define MaxHostNameLen (64+4)
|
||||
#define MaxPathLen (1024+4)
|
||||
|
||||
|
||||
|
||||
#ifdef BUILD_KRB5_LIB
|
||||
#ifndef KRB5_LIB_FUNCTION
|
||||
#ifdef _WIN32_
|
||||
#define KRB5_LIB_FUNCTION _export _stdcall
|
||||
#else
|
||||
#define KRB5_LIB_FUNCTION
|
||||
#endif
|
||||
#endif
|
||||
#endif
|
||||
|
||||
|
||||
#ifdef BUILD_ROKEN_LIB
|
||||
#ifndef ROKEN_LIB_FUNCTION
|
||||
#ifdef _WIN32_
|
||||
#define ROKEN_LIB_FUNCTION _export _stdcall
|
||||
#else
|
||||
#define ROKEN_LIB_FUNCTION
|
||||
#endif
|
||||
#endif
|
||||
#endif
|
||||
|
||||
|
||||
/* Define if you want authentication support in telnet. */
|
||||
#define AUTHENTICATION 1
|
||||
|
||||
/* path to bin */
|
||||
#define BINDIR "/usr/bin"
|
||||
|
||||
/* Define if realloc(NULL) doesn't work. */
|
||||
/* #undef BROKEN_REALLOC */
|
||||
|
||||
@ -50,6 +56,12 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
|
||||
/* Define this to enable diagnostics in telnet. */
|
||||
#define DIAGNOSTICS 1
|
||||
|
||||
/* Define if want to use the weak AFS string to key functions. */
|
||||
#define ENABLE_AFS_STRING_TO_KEY 1
|
||||
|
||||
/* Define if you want have a thread safe libraries */
|
||||
/* #undef ENABLE_PTHREAD_SUPPORT */
|
||||
|
||||
/* Define if you want encryption support in telnet. */
|
||||
#define ENCRYPTION 1
|
||||
|
||||
@ -61,7 +73,7 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
|
||||
|
||||
/* define if prototype of gethostbyaddr is compatible with struct hostent
|
||||
*gethostbyaddr(const void *, size_t, int) */
|
||||
/* #undef GETHOSTBYADDR_PROTO_COMPATIBLE */
|
||||
#define GETHOSTBYADDR_PROTO_COMPATIBLE 1
|
||||
|
||||
/* define if prototype of gethostbyname is compatible with struct hostent
|
||||
*gethostbyname(const char *) */
|
||||
@ -78,8 +90,8 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
|
||||
/* Define if you have the `altzone' variable. */
|
||||
/* #undef HAVE_ALTZONE */
|
||||
|
||||
/* define if your system declares altzone */
|
||||
/* #undef HAVE_ALTZONE_DECLARATION */
|
||||
/* Define to 1 if you have the `arc4random' function. */
|
||||
#define HAVE_ARC4RANDOM 1
|
||||
|
||||
/* Define to 1 if you have the <arpa/ftp.h> header file. */
|
||||
#define HAVE_ARPA_FTP_H 1
|
||||
@ -126,6 +138,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
|
||||
/* Define if you have the function `chown'. */
|
||||
#define HAVE_CHOWN 1
|
||||
|
||||
/* Define if you have the function `closefrom'. */
|
||||
/* #undef HAVE_CLOSEFROM */
|
||||
|
||||
/* Define to 1 if you have the <config.h> header file. */
|
||||
/* #undef HAVE_CONFIG_H */
|
||||
|
||||
@ -177,6 +192,54 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
|
||||
/* define if you have ndbm compat in db */
|
||||
/* #undef HAVE_DB_NDBM */
|
||||
|
||||
/* Define to 1 if you have the declaration of `altzone', and to 0 if you
|
||||
don't. */
|
||||
/* #undef HAVE_DECL_ALTZONE */
|
||||
|
||||
/* Define to 1 if you have the declaration of `environ', and to 0 if you
|
||||
don't. */
|
||||
#define HAVE_DECL_ENVIRON 0
|
||||
|
||||
/* Define to 1 if you have the declaration of `h_errlist', and to 0 if you
|
||||
don't. */
|
||||
#define HAVE_DECL_H_ERRLIST 0
|
||||
|
||||
/* Define to 1 if you have the declaration of `h_errno', and to 0 if you
|
||||
don't. */
|
||||
#define HAVE_DECL_H_ERRNO 1
|
||||
|
||||
/* Define to 1 if you have the declaration of `h_nerr', and to 0 if you don't.
|
||||
*/
|
||||
/* #undef HAVE_DECL_H_NERR */
|
||||
|
||||
/* Define to 1 if you have the declaration of `optarg', and to 0 if you don't.
|
||||
*/
|
||||
#define HAVE_DECL_OPTARG 1
|
||||
|
||||
/* Define to 1 if you have the declaration of `opterr', and to 0 if you don't.
|
||||
*/
|
||||
#define HAVE_DECL_OPTERR 1
|
||||
|
||||
/* Define to 1 if you have the declaration of `optind', and to 0 if you don't.
|
||||
*/
|
||||
#define HAVE_DECL_OPTIND 1
|
||||
|
||||
/* Define to 1 if you have the declaration of `optopt', and to 0 if you don't.
|
||||
*/
|
||||
#define HAVE_DECL_OPTOPT 1
|
||||
|
||||
/* Define to 1 if you have the declaration of `timezone', and to 0 if you
|
||||
don't. */
|
||||
#define HAVE_DECL_TIMEZONE 1
|
||||
|
||||
/* Define to 1 if you have the declaration of `_res', and to 0 if you don't.
|
||||
*/
|
||||
#define HAVE_DECL__RES 1
|
||||
|
||||
/* Define to 1 if you have the declaration of `__progname', and to 0 if you
|
||||
don't. */
|
||||
#define HAVE_DECL___PROGNAME 0
|
||||
|
||||
/* Define to 1 if you have the <dirent.h> header file. */
|
||||
#define HAVE_DIRENT_H 1
|
||||
|
||||
@ -189,6 +252,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
|
||||
/* Define to 1 if you have the `dn_expand' function. */
|
||||
#define HAVE_DN_EXPAND 1
|
||||
|
||||
/* Define to 1 if you have the `door_create' function. */
|
||||
/* #undef HAVE_DOOR_CREATE */
|
||||
|
||||
/* Define if you have the function `ecalloc'. */
|
||||
/* #undef HAVE_ECALLOC */
|
||||
|
||||
@ -198,9 +264,6 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
|
||||
/* Define if you have the function `emalloc'. */
|
||||
/* #undef HAVE_EMALLOC */
|
||||
|
||||
/* define if your system declares environ */
|
||||
/* #undef HAVE_ENVIRON_DECLARATION */
|
||||
|
||||
/* Define if you have the function `erealloc'. */
|
||||
/* #undef HAVE_EREALLOC */
|
||||
|
||||
@ -238,12 +301,10 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
|
||||
#define HAVE_FNMATCH_H 1
|
||||
|
||||
/* Define if el_init takes four arguments. */
|
||||
#if __FreeBSD_version >= 500024
|
||||
#define HAVE_FOUR_VALUED_EL_INIT 1
|
||||
#endif
|
||||
|
||||
/* define if krb_put_int takes four arguments. */
|
||||
#define HAVE_FOUR_VALUED_KRB_PUT_INT 1
|
||||
/* Have -framework Security */
|
||||
/* #undef HAVE_FRAMEWORK_SECURITY */
|
||||
|
||||
/* Define to 1 if you have the `freeaddrinfo' function. */
|
||||
#define HAVE_FREEADDRINFO 1
|
||||
@ -311,16 +372,17 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
|
||||
/* Define to 1 if you have the `getpagesize' function. */
|
||||
#define HAVE_GETPAGESIZE 1
|
||||
|
||||
/* Define to 1 if you have the `getpeereid' function. */
|
||||
#define HAVE_GETPEEREID 1
|
||||
|
||||
/* Define to 1 if you have the `getpeerucred' function. */
|
||||
/* #undef HAVE_GETPEERUCRED */
|
||||
|
||||
/* Define to 1 if you have the `getprogname' function. */
|
||||
#if (__FreeBSD_version >= 430002 && __FreeBSD_version < 500000) || \
|
||||
__FreeBSD_version >= 500019
|
||||
#define HAVE_GETPROGNAME 1
|
||||
#endif
|
||||
|
||||
/* Define to 1 if you have the `getpwnam_r' function. */
|
||||
#if __FreeBSD_version >= 500112
|
||||
#define HAVE_GETPWNAM_R 1
|
||||
#endif
|
||||
|
||||
/* Define to 1 if you have the `getrlimit' function. */
|
||||
#define HAVE_GETRLIMIT 1
|
||||
@ -348,9 +410,7 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
|
||||
#define HAVE_GLOB 1
|
||||
|
||||
/* Define to 1 if you have the `grantpt' function. */
|
||||
#if __FreeBSD_version >= 500100
|
||||
#define HAVE_GRANTPT 1
|
||||
#endif
|
||||
|
||||
/* Define to 1 if you have the <grp.h> header file. */
|
||||
#define HAVE_GRP_H 1
|
||||
@ -361,20 +421,11 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
|
||||
/* Define if you have the `h_errlist' variable. */
|
||||
#define HAVE_H_ERRLIST 1
|
||||
|
||||
/* define if your system declares h_errlist */
|
||||
/* #undef HAVE_H_ERRLIST_DECLARATION */
|
||||
|
||||
/* Define if you have the `h_errno' variable. */
|
||||
#define HAVE_H_ERRNO 1
|
||||
|
||||
/* define if your system declares h_errno */
|
||||
#define HAVE_H_ERRNO_DECLARATION 1
|
||||
|
||||
/* Define if you have the `h_nerr' variable. */
|
||||
#define HAVE_H_NERR 1
|
||||
|
||||
/* define if your system declares h_nerr */
|
||||
/* #undef HAVE_H_NERR_DECLARATION */
|
||||
/* #undef HAVE_H_NERR */
|
||||
|
||||
/* Define to 1 if you have the <ifaddrs.h> header file. */
|
||||
#define HAVE_IFADDRS_H 1
|
||||
@ -400,6 +451,18 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
|
||||
/* Define if you have the function `innetgr'. */
|
||||
#define HAVE_INNETGR 1
|
||||
|
||||
/* Define to 1 if the system has the type `int16_t'. */
|
||||
#define HAVE_INT16_T 1
|
||||
|
||||
/* Define to 1 if the system has the type `int32_t'. */
|
||||
#define HAVE_INT32_T 1
|
||||
|
||||
/* Define to 1 if the system has the type `int64_t'. */
|
||||
#define HAVE_INT64_T 1
|
||||
|
||||
/* Define to 1 if the system has the type `int8_t'. */
|
||||
#define HAVE_INT8_T 1
|
||||
|
||||
/* Define to 1 if you have the <inttypes.h> header file. */
|
||||
#define HAVE_INTTYPES_H 1
|
||||
|
||||
@ -415,20 +478,8 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
|
||||
/* Define to 1 if you have the `issetugid' function. */
|
||||
#define HAVE_ISSETUGID 1
|
||||
|
||||
/* Define to 1 if you have the `krb_disable_debug' function. */
|
||||
/* #undef HAVE_KRB_DISABLE_DEBUG */
|
||||
|
||||
/* Define to 1 if you have the `krb_enable_debug' function. */
|
||||
/* #undef HAVE_KRB_ENABLE_DEBUG */
|
||||
|
||||
/* Define to 1 if you have the `krb_get_kdc_time_diff' function. */
|
||||
/* #undef HAVE_KRB_GET_KDC_TIME_DIFF */
|
||||
|
||||
/* Define to 1 if you have the `krb_get_our_ip_for_realm' function. */
|
||||
/* #undef HAVE_KRB_GET_OUR_IP_FOR_REALM */
|
||||
|
||||
/* Define to 1 if you have the `krb_kdctimeofday' function. */
|
||||
/* #undef HAVE_KRB_KDCTIMEOFDAY */
|
||||
/* Define if you want to use the Kerberos Credentials Manager. */
|
||||
#define HAVE_KCM 1
|
||||
|
||||
/* Define to 1 if you have the <libutil.h> header file. */
|
||||
#define HAVE_LIBUTIL_H 1
|
||||
@ -488,7 +539,7 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
|
||||
/* #undef HAVE_NETINET6_IN6_H */
|
||||
|
||||
/* Define to 1 if you have the <netinet6/in6_var.h> header file. */
|
||||
#define HAVE_NETINET6_IN6_VAR_H 1
|
||||
/* #undef HAVE_NETINET6_IN6_VAR_H */
|
||||
|
||||
/* Define to 1 if you have the <netinet/in6.h> header file. */
|
||||
/* #undef HAVE_NETINET_IN6_H */
|
||||
@ -520,9 +571,6 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
|
||||
/* Define if NDBM really is DB (creates files *.db) */
|
||||
#define HAVE_NEW_DB 1
|
||||
|
||||
/* define if you have hash functions like md4_finito() */
|
||||
/* #undef HAVE_OLD_HASH_NAMES */
|
||||
|
||||
/* Define to 1 if you have the `on_exit' function. */
|
||||
/* #undef HAVE_ON_EXIT */
|
||||
|
||||
@ -532,18 +580,6 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
|
||||
/* define to use openssl's libcrypto */
|
||||
#define HAVE_OPENSSL 1
|
||||
|
||||
/* define if your system declares optarg */
|
||||
#define HAVE_OPTARG_DECLARATION 1
|
||||
|
||||
/* define if your system declares opterr */
|
||||
#define HAVE_OPTERR_DECLARATION 1
|
||||
|
||||
/* define if your system declares optind */
|
||||
#define HAVE_OPTIND_DECLARATION 1
|
||||
|
||||
/* define if your system declares optopt */
|
||||
#define HAVE_OPTOPT_DECLARATION 1
|
||||
|
||||
/* Define to enable basic OSF C2 support. */
|
||||
/* #undef HAVE_OSFC2 */
|
||||
|
||||
@ -553,13 +589,17 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
|
||||
/* Define to 1 if you have the `pidfile' function. */
|
||||
/* #undef HAVE_PIDFILE */
|
||||
|
||||
/* Define to 1 if you have the `poll' function. */
|
||||
#define HAVE_POLL 1
|
||||
|
||||
/* Define to 1 if you have the <poll.h> header file. */
|
||||
#define HAVE_POLL_H 1
|
||||
|
||||
/* Define to 1 if you have the <pthread.h> header file. */
|
||||
#define HAVE_PTHREAD_H 1
|
||||
|
||||
/* Define to 1 if you have the `ptsname' function. */
|
||||
#if __FreeBSD_version >= 500100
|
||||
#define HAVE_PTSNAME 1
|
||||
#endif
|
||||
|
||||
/* Define to 1 if you have the <pty.h> header file. */
|
||||
/* #undef HAVE_PTY_H */
|
||||
@ -591,8 +631,11 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
|
||||
/* Define to 1 if you have the <resolv.h> header file. */
|
||||
#define HAVE_RESOLV_H 1
|
||||
|
||||
/* Define to 1 if you have the `res_ndestroy' function. */
|
||||
#define HAVE_RES_NDESTROY 1
|
||||
|
||||
/* Define to 1 if you have the `res_nsearch' function. */
|
||||
/* #undef HAVE_RES_NSEARCH */
|
||||
#define HAVE_RES_NSEARCH 1
|
||||
|
||||
/* Define to 1 if you have the `res_search' function. */
|
||||
#define HAVE_RES_SEARCH 1
|
||||
@ -646,10 +689,7 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
|
||||
#define HAVE_SETPROCTITLE 1
|
||||
|
||||
/* Define to 1 if you have the `setprogname' function. */
|
||||
#if (__FreeBSD_version >= 430002 && __FreeBSD_version < 500000) || \
|
||||
__FreeBSD_version >= 500019
|
||||
#define HAVE_SETPROGNAME 1
|
||||
#endif
|
||||
|
||||
/* Define to 1 if you have the `setregid' function. */
|
||||
#define HAVE_SETREGID 1
|
||||
@ -709,9 +749,7 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
|
||||
/* #undef HAVE_STANDARDS_H */
|
||||
|
||||
/* Define to 1 if you have the <stdint.h> header file. */
|
||||
#if __FreeBSD_version >= 500028
|
||||
#define HAVE_STDINT_H 1
|
||||
#endif
|
||||
|
||||
/* Define to 1 if you have the <stdlib.h> header file. */
|
||||
#define HAVE_STDLIB_H 1
|
||||
@ -953,6 +991,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
|
||||
/* Define to 1 if you have the <sys/types.h> header file. */
|
||||
#define HAVE_SYS_TYPES_H 1
|
||||
|
||||
/* Define to 1 if you have the <sys/ucred.h> header file. */
|
||||
#define HAVE_SYS_UCRED_H 1
|
||||
|
||||
/* Define to 1 if you have the <sys/uio.h> header file. */
|
||||
#define HAVE_SYS_UIO_H 1
|
||||
|
||||
@ -980,15 +1021,12 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
|
||||
/* Define to 1 if you have the `tgetent' function. */
|
||||
#define HAVE_TGETENT 1
|
||||
|
||||
/* Define to 1 if you have the `timegm' function. */
|
||||
/* Define if you have the function `timegm'. */
|
||||
#define HAVE_TIMEGM 1
|
||||
|
||||
/* Define if you have the `timezone' variable. */
|
||||
#define HAVE_TIMEZONE 1
|
||||
|
||||
/* define if your system declares timezone */
|
||||
#define HAVE_TIMEZONE_DECLARATION 1
|
||||
|
||||
/* Define to 1 if you have the <time.h> header file. */
|
||||
#define HAVE_TIME_H 1
|
||||
|
||||
@ -1004,6 +1042,21 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
|
||||
/* Define to 1 if you have the <udb.h> header file. */
|
||||
/* #undef HAVE_UDB_H */
|
||||
|
||||
/* Define to 1 if the system has the type `uint16_t'. */
|
||||
#define HAVE_UINT16_T 1
|
||||
|
||||
/* Define to 1 if the system has the type `uint32_t'. */
|
||||
#define HAVE_UINT32_T 1
|
||||
|
||||
/* Define to 1 if the system has the type `uint64_t'. */
|
||||
#define HAVE_UINT64_T 1
|
||||
|
||||
/* Define to 1 if the system has the type `uint8_t'. */
|
||||
#define HAVE_UINT8_T 1
|
||||
|
||||
/* Define to 1 if the system has the type `uintptr_t'. */
|
||||
#define HAVE_UINTPTR_T 1
|
||||
|
||||
/* Define to 1 if you have the `umask' function. */
|
||||
#define HAVE_UMASK 1
|
||||
|
||||
@ -1014,9 +1067,7 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
|
||||
#define HAVE_UNISTD_H 1
|
||||
|
||||
/* Define to 1 if you have the `unlockpt' function. */
|
||||
#if __FreeBSD_version >= 500100
|
||||
#define HAVE_UNLOCKPT 1
|
||||
#endif
|
||||
|
||||
/* Define if you have the function `unsetenv'. */
|
||||
#define HAVE_UNSETENV 1
|
||||
@ -1039,6 +1090,18 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
|
||||
/* Define to 1 if you have the <utmp.h> header file. */
|
||||
#define HAVE_UTMP_H 1
|
||||
|
||||
/* Define to 1 if the system has the type `u_int16_t'. */
|
||||
#define HAVE_U_INT16_T 1
|
||||
|
||||
/* Define to 1 if the system has the type `u_int32_t'. */
|
||||
#define HAVE_U_INT32_T 1
|
||||
|
||||
/* Define to 1 if the system has the type `u_int64_t'. */
|
||||
#define HAVE_U_INT64_T 1
|
||||
|
||||
/* Define to 1 if the system has the type `u_int8_t'. */
|
||||
#define HAVE_U_INT8_T 1
|
||||
|
||||
/* Define to 1 if you have the `vasnprintf' function. */
|
||||
/* #undef HAVE_VASNPRINTF */
|
||||
|
||||
@ -1105,9 +1168,6 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
|
||||
/* Define if you have the `_res' variable. */
|
||||
#define HAVE__RES 1
|
||||
|
||||
/* define if your system declares _res */
|
||||
#define HAVE__RES_DECLARATION 1
|
||||
|
||||
/* Define to 1 if you have the `_scrsize' function. */
|
||||
/* #undef HAVE__SCRSIZE */
|
||||
|
||||
@ -1117,9 +1177,6 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
|
||||
/* Define if you have the `__progname' variable. */
|
||||
#define HAVE___PROGNAME 1
|
||||
|
||||
/* define if your system declares __progname */
|
||||
/* #undef HAVE___PROGNAME_DECLARATION */
|
||||
|
||||
/* Define if you have the hesiod package. */
|
||||
/* #undef HESIOD */
|
||||
|
||||
@ -1129,20 +1186,14 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
|
||||
/* Enable Kerberos 5 support in applications. */
|
||||
#define KRB5 1
|
||||
|
||||
/* Define if krb_mk_req takes const char * */
|
||||
/* #undef KRB_MK_REQ_CONST */
|
||||
/* path to lib */
|
||||
#define LIBDIR "/usr/lib"
|
||||
|
||||
/* This is the krb4 sendauth version. */
|
||||
/* #undef KRB_SENDAUTH_VERS */
|
||||
/* path to libexec */
|
||||
#define LIBEXECDIR "/usr/libexec"
|
||||
|
||||
/* Define to zero if your krb.h doesn't */
|
||||
/* #undef KRB_VERIFY_NOT_SECURE */
|
||||
|
||||
/* Define to one if your krb.h doesn't */
|
||||
/* #undef KRB_VERIFY_SECURE */
|
||||
|
||||
/* Define to two if your krb.h doesn't */
|
||||
/* #undef KRB_VERIFY_SECURE_FAIL */
|
||||
/* path to localstate */
|
||||
#define LOCALSTATEDIR "/var/heimdal"
|
||||
|
||||
/* define if the system is missing a prototype for asnprintf() */
|
||||
#define NEED_ASNPRINTF_PROTO 1
|
||||
@ -1153,6 +1204,9 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
|
||||
/* define if the system is missing a prototype for crypt() */
|
||||
/* #undef NEED_CRYPT_PROTO */
|
||||
|
||||
/* define if the system is missing a prototype for daemon() */
|
||||
#define NEED_DAEMON_PROTO 1
|
||||
|
||||
/* define if the system is missing a prototype for gethostname() */
|
||||
/* #undef NEED_GETHOSTNAME_PROTO */
|
||||
|
||||
@ -1168,9 +1222,15 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
|
||||
/* define if the system is missing a prototype for inet_aton() */
|
||||
/* #undef NEED_INET_ATON_PROTO */
|
||||
|
||||
/* define if the system is missing a prototype for iruserok() */
|
||||
/* #undef NEED_IRUSEROK_PROTO */
|
||||
|
||||
/* define if the system is missing a prototype for mkstemp() */
|
||||
/* #undef NEED_MKSTEMP_PROTO */
|
||||
|
||||
/* define if the system is missing a prototype for SecKeyGetCSPHandle() */
|
||||
/* #undef NEED_SECKEYGETCSPHANDLE_PROTO */
|
||||
|
||||
/* define if the system is missing a prototype for setenv() */
|
||||
/* #undef NEED_SETENV_PROTO */
|
||||
|
||||
@ -1219,6 +1279,12 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
|
||||
/* define if the system is missing a prototype for vsnprintf() */
|
||||
/* #undef NEED_VSNPRINTF_PROTO */
|
||||
|
||||
/* Define if you don't wan't support for AFS. */
|
||||
/* #undef NO_AFS */
|
||||
|
||||
/* Define to 1 if your C compiler doesn't accept -c and -o together. */
|
||||
/* #undef NO_MINUS_C_MINUS_O */
|
||||
|
||||
/* Define if you don't want to use mmap. */
|
||||
/* #undef NO_MMAP */
|
||||
|
||||
@ -1228,30 +1294,36 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
|
||||
/* Define if you have the openldap package. */
|
||||
/* #undef OPENLDAP */
|
||||
|
||||
/* Define if you want support for hdb ldap module */
|
||||
/* #undef OPENLDAP_MODULE */
|
||||
|
||||
/* define if prototype of openlog is compatible with void openlog(const char
|
||||
*, int, int) */
|
||||
#define OPENLOG_PROTO_COMPATIBLE 1
|
||||
|
||||
/* Define if you want OTP support in applications. */
|
||||
/* #undef OTP */
|
||||
#define OTP 1
|
||||
|
||||
/* Name of package */
|
||||
#define PACKAGE "heimdal"
|
||||
|
||||
/* Define to the address where bug reports for this package should be sent. */
|
||||
#define PACKAGE_BUGREPORT "heimdal-bugs@pdc.kth.se"
|
||||
#define PACKAGE_BUGREPORT "heimdal-bugs@h5l.org"
|
||||
|
||||
/* Define to the full name of this package. */
|
||||
#define PACKAGE_NAME "Heimdal"
|
||||
|
||||
/* Define to the full name and version of this package. */
|
||||
#define PACKAGE_STRING "Heimdal 0.6.3 (FreeBSD)"
|
||||
#define PACKAGE_STRING "Heimdal 1.1"
|
||||
|
||||
/* Define to the one symbol short name of this package. */
|
||||
#define PACKAGE_TARNAME "heimdal"
|
||||
|
||||
/* Define to the version of this package. */
|
||||
#define PACKAGE_VERSION "0.6.3"
|
||||
#define PACKAGE_VERSION "1.1"
|
||||
|
||||
/* Define to enable PKINIT. */
|
||||
#define PKINIT 1
|
||||
|
||||
/* Define if getlogin has POSIX flavour (and not BSD). */
|
||||
/* #undef POSIX_GETLOGIN */
|
||||
@ -1265,12 +1337,21 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
|
||||
/* Define as the return type of signal handlers (`int' or `void'). */
|
||||
#define RETSIGTYPE void
|
||||
|
||||
/* path to sbin */
|
||||
#define SBINDIR "/usr/sbin"
|
||||
|
||||
/* Define if you want to use samba socket wrappers. */
|
||||
/* #undef SOCKET_WRAPPER_REPLACE */
|
||||
|
||||
/* Define to 1 if you have the ANSI C header files. */
|
||||
#define STDC_HEADERS 1
|
||||
|
||||
/* Define if you have streams ptys. */
|
||||
/* #undef STREAMSPTY */
|
||||
|
||||
/* path to sysconf */
|
||||
#define SYSCONFDIR "/etc"
|
||||
|
||||
/* Define to what version of SunOS you are running. */
|
||||
/* #undef SunOS */
|
||||
|
||||
@ -1281,7 +1362,7 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
|
||||
/* #undef TM_IN_SYS_TIME */
|
||||
|
||||
/* Version number of package */
|
||||
#define VERSION "0.6.3"
|
||||
#define VERSION "1.1"
|
||||
|
||||
/* Define if signal handlers return void. */
|
||||
#define VOID_RETSIGTYPE 1
|
||||
@ -1290,7 +1371,7 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
|
||||
/* #undef WORDS_BIGENDIAN */
|
||||
|
||||
/* Define to 1 if the X Window System is missing or not being used. */
|
||||
/* #undef X_DISPLAY_MISSING */
|
||||
#define X_DISPLAY_MISSING 1
|
||||
|
||||
/* Define to 1 if `lex' declares `yytext' as a `char *' by default, not a
|
||||
`char[]'. */
|
||||
@ -1311,14 +1392,16 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
|
||||
/* Define to `int' if <sys/types.h> doesn't define. */
|
||||
/* #undef gid_t */
|
||||
|
||||
/* Define as `__inline' if that's what the C compiler calls it, or to nothing
|
||||
if it is not supported. */
|
||||
/* Define to `__inline__' or `__inline' if that's what the C compiler
|
||||
calls it, or to nothing if 'inline' is not supported under any name. */
|
||||
#ifndef __cplusplus
|
||||
/* #undef inline */
|
||||
#endif
|
||||
|
||||
/* Define this to what the type mode_t should be. */
|
||||
/* #undef mode_t */
|
||||
|
||||
/* Define to `long' if <sys/types.h> does not define. */
|
||||
/* Define to `long int' if <sys/types.h> does not define. */
|
||||
/* #undef off_t */
|
||||
|
||||
/* Define to `int' if <sys/types.h> does not define. */
|
||||
@ -1327,45 +1410,16 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
|
||||
/* Define this to what the type sig_atomic_t should be. */
|
||||
/* #undef sig_atomic_t */
|
||||
|
||||
/* Define to `unsigned' if <sys/types.h> does not define. */
|
||||
/* Define to `unsigned int' if <sys/types.h> does not define. */
|
||||
/* #undef size_t */
|
||||
|
||||
/* Define to `int' if <sys/types.h> doesn't define. */
|
||||
/* #undef uid_t */
|
||||
|
||||
#define KRB_PUT_INT(F, T, L, S) krb_put_int((F), (T), (L), (S))
|
||||
|
||||
#if defined(ENCRYPTION) && !defined(AUTHENTICATION)
|
||||
#define AUTHENTICATION 1
|
||||
#endif
|
||||
|
||||
/* Set this to the default system lead string for telnetd
|
||||
* can contain %-escapes: %s=sysname, %m=machine, %r=os-release
|
||||
* %v=os-version, %t=tty, %h=hostname, %d=date and time
|
||||
*/
|
||||
/* #undef USE_IM */
|
||||
|
||||
/* Used with login -p */
|
||||
/* #undef LOGIN_ARGS */
|
||||
|
||||
/* set this to a sensible login */
|
||||
#ifndef LOGIN_PATH
|
||||
#define LOGIN_PATH BINDIR "/login"
|
||||
#endif
|
||||
|
||||
|
||||
#ifdef ROKEN_RENAME
|
||||
#include "roken_rename.h"
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_KRB_KDCTIMEOFDAY
|
||||
#define krb_kdctimeofday(X) gettimeofday((X), NULL)
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_KRB_GET_KDC_TIME_DIFF
|
||||
#define krb_get_kdc_time_diff() (0)
|
||||
#endif
|
||||
|
||||
#ifdef VOID_RETSIGTYPE
|
||||
#define SIGRETURN(x) return
|
||||
#else
|
||||
@ -1373,8 +1427,7 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
|
||||
#endif
|
||||
|
||||
#ifdef BROKEN_REALLOC
|
||||
#define realloc(X, Y) isoc_realloc((X), (Y))
|
||||
#define isoc_realloc(X, Y) ((X) ? realloc((X), (Y)) : malloc(Y))
|
||||
#define realloc(X, Y) rk_realloc((X), (Y))
|
||||
#endif
|
||||
|
||||
|
||||
@ -1402,3 +1455,23 @@ struct sockaddr_in;
|
||||
#define __STDC__ 0
|
||||
#endif
|
||||
|
||||
|
||||
|
||||
#if defined(ENCRYPTION) && !defined(AUTHENTICATION)
|
||||
#define AUTHENTICATION 1
|
||||
#endif
|
||||
|
||||
/* Set this to the default system lead string for telnetd
|
||||
* can contain %-escapes: %s=sysname, %m=machine, %r=os-release
|
||||
* %v=os-version, %t=tty, %h=hostname, %d=date and time
|
||||
*/
|
||||
/* #undef USE_IM */
|
||||
|
||||
/* Used with login -p */
|
||||
/* #undef LOGIN_ARGS */
|
||||
|
||||
/* set this to a sensible login */
|
||||
#ifndef LOGIN_PATH
|
||||
#define LOGIN_PATH BINDIR "/login"
|
||||
#endif
|
||||
|
||||
|
@ -2,9 +2,17 @@
|
||||
#ifndef __crypto_headers_h__
|
||||
#define __crypto_headers_h__
|
||||
#define OPENSSL_DES_LIBDES_COMPATIBILITY
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/des.h>
|
||||
#include <openssl/rc4.h>
|
||||
#include <openssl/md2.h>
|
||||
#include <openssl/md4.h>
|
||||
#include <openssl/md5.h>
|
||||
#include <openssl/sha.h>
|
||||
#include <openssl/aes.h>
|
||||
#include <openssl/ui.h>
|
||||
#include <openssl/rand.h>
|
||||
#include <openssl/engine.h>
|
||||
#include <openssl/pkcs12.h>
|
||||
#include <openssl/hmac.h>
|
||||
#endif /* __crypto_headers_h__ */
|
||||
|
@ -1,6 +1,8 @@
|
||||
|
||||
# $FreeBSD$
|
||||
|
||||
SUBDIR= libasn1 libgssapi libhdb libkadm5clnt libkadm5srv \
|
||||
libkafs5 libkrb5 libroken libsl libvers
|
||||
SUBDIR= libasn1 libgssapi_krb5 libgssapi_ntlm libgssapi_spnego libhdb \
|
||||
libheimntlm libhx509 libkadm5clnt libkadm5srv libkafs5 libkrb5 \
|
||||
libroken libsl libvers
|
||||
|
||||
.include <bsd.subdir.mk>
|
||||
|
@ -1,5 +1,5 @@
|
||||
# $FreeBSD$
|
||||
|
||||
SHLIB_MAJOR?= 9
|
||||
SHLIB_MAJOR?= 10
|
||||
|
||||
.include "../Makefile.inc"
|
||||
|
@ -1,33 +1,247 @@
|
||||
# $FreeBSD$
|
||||
|
||||
LIB= asn1
|
||||
INCS= asn1_err.h krb5_asn1.h
|
||||
INCS= asn1_err.h heim_asn1.h
|
||||
|
||||
SRCS= asn1_err.c \
|
||||
asn1_err.h \
|
||||
der_copy.c \
|
||||
der_cmp.c \
|
||||
der_free.c \
|
||||
der_format.c \
|
||||
der_get.c \
|
||||
der_length.c \
|
||||
der_put.c \
|
||||
krb5_asn1.h \
|
||||
extra.c \
|
||||
timegm.c \
|
||||
${GEN:S/.x$/.c/}
|
||||
|
||||
CFLAGS+=-I${KRB5DIR}/lib/asn1 -I${KRB5DIR}/lib/roken -I.
|
||||
|
||||
GEN= asn1_APOptions.x \
|
||||
GEN_RFC2459 = \
|
||||
asn1_Version.x \
|
||||
asn1_id_pkcs_1.x \
|
||||
asn1_id_pkcs1_rsaEncryption.x \
|
||||
asn1_id_pkcs1_md2WithRSAEncryption.x \
|
||||
asn1_id_pkcs1_md5WithRSAEncryption.x \
|
||||
asn1_id_pkcs1_sha1WithRSAEncryption.x \
|
||||
asn1_id_pkcs1_sha256WithRSAEncryption.x \
|
||||
asn1_id_pkcs1_sha384WithRSAEncryption.x \
|
||||
asn1_id_pkcs1_sha512WithRSAEncryption.x \
|
||||
asn1_id_heim_rsa_pkcs1_x509.x \
|
||||
asn1_id_pkcs_2.x \
|
||||
asn1_id_pkcs2_md2.x \
|
||||
asn1_id_pkcs2_md4.x \
|
||||
asn1_id_pkcs2_md5.x \
|
||||
asn1_id_rsa_digestAlgorithm.x \
|
||||
asn1_id_rsa_digest_md2.x \
|
||||
asn1_id_rsa_digest_md4.x \
|
||||
asn1_id_rsa_digest_md5.x \
|
||||
asn1_id_pkcs_3.x \
|
||||
asn1_id_pkcs3_rc2_cbc.x \
|
||||
asn1_id_pkcs3_rc4.x \
|
||||
asn1_id_pkcs3_des_ede3_cbc.x \
|
||||
asn1_id_rsadsi_encalg.x \
|
||||
asn1_id_rsadsi_rc2_cbc.x \
|
||||
asn1_id_rsadsi_des_ede3_cbc.x \
|
||||
asn1_id_secsig_sha_1.x \
|
||||
asn1_id_nistAlgorithm.x \
|
||||
asn1_id_nist_aes_algs.x \
|
||||
asn1_id_aes_128_cbc.x \
|
||||
asn1_id_aes_192_cbc.x \
|
||||
asn1_id_aes_256_cbc.x \
|
||||
asn1_id_nist_sha_algs.x \
|
||||
asn1_id_sha256.x \
|
||||
asn1_id_sha224.x \
|
||||
asn1_id_sha384.x \
|
||||
asn1_id_sha512.x \
|
||||
asn1_id_dhpublicnumber.x \
|
||||
asn1_id_x9_57.x \
|
||||
asn1_id_dsa.x \
|
||||
asn1_id_dsa_with_sha1.x \
|
||||
asn1_id_x520_at.x \
|
||||
asn1_id_at_commonName.x \
|
||||
asn1_id_at_surname.x \
|
||||
asn1_id_at_serialNumber.x \
|
||||
asn1_id_at_countryName.x \
|
||||
asn1_id_at_localityName.x \
|
||||
asn1_id_at_streetAddress.x \
|
||||
asn1_id_at_stateOrProvinceName.x \
|
||||
asn1_id_at_organizationName.x \
|
||||
asn1_id_at_organizationalUnitName.x \
|
||||
asn1_id_at_name.x \
|
||||
asn1_id_at_givenName.x \
|
||||
asn1_id_at_initials.x \
|
||||
asn1_id_at_generationQualifier.x \
|
||||
asn1_id_at_pseudonym.x \
|
||||
asn1_id_Userid.x \
|
||||
asn1_id_domainComponent.x \
|
||||
asn1_id_x509_ce.x \
|
||||
asn1_id_uspkicommon_card_id.x \
|
||||
asn1_id_uspkicommon_piv_interim.x \
|
||||
asn1_id_netscape.x \
|
||||
asn1_id_netscape_cert_comment.x \
|
||||
asn1_id_ms_cert_enroll_domaincontroller.x \
|
||||
asn1_id_ms_client_authentication.x \
|
||||
asn1_AlgorithmIdentifier.x \
|
||||
asn1_AttributeType.x \
|
||||
asn1_AttributeValue.x \
|
||||
asn1_TeletexStringx.x \
|
||||
asn1_DirectoryString.x \
|
||||
asn1_Attribute.x \
|
||||
asn1_AttributeTypeAndValue.x \
|
||||
asn1_AuthorityInfoAccessSyntax.x \
|
||||
asn1_AccessDescription.x \
|
||||
asn1_RelativeDistinguishedName.x \
|
||||
asn1_RDNSequence.x \
|
||||
asn1_Name.x \
|
||||
asn1_CertificateSerialNumber.x \
|
||||
asn1_Time.x \
|
||||
asn1_Validity.x \
|
||||
asn1_UniqueIdentifier.x \
|
||||
asn1_SubjectPublicKeyInfo.x \
|
||||
asn1_Extension.x \
|
||||
asn1_Extensions.x \
|
||||
asn1_TBSCertificate.x \
|
||||
asn1_Certificate.x \
|
||||
asn1_Certificates.x \
|
||||
asn1_ValidationParms.x \
|
||||
asn1_DomainParameters.x \
|
||||
asn1_DHPublicKey.x \
|
||||
asn1_OtherName.x \
|
||||
asn1_GeneralName.x \
|
||||
asn1_GeneralNames.x \
|
||||
asn1_id_x509_ce_keyUsage.x \
|
||||
asn1_KeyUsage.x \
|
||||
asn1_id_x509_ce_authorityKeyIdentifier.x \
|
||||
asn1_KeyIdentifier.x \
|
||||
asn1_AuthorityKeyIdentifier.x \
|
||||
asn1_id_x509_ce_subjectKeyIdentifier.x \
|
||||
asn1_SubjectKeyIdentifier.x \
|
||||
asn1_id_x509_ce_basicConstraints.x \
|
||||
asn1_BasicConstraints.x \
|
||||
asn1_id_x509_ce_nameConstraints.x \
|
||||
asn1_BaseDistance.x \
|
||||
asn1_GeneralSubtree.x \
|
||||
asn1_GeneralSubtrees.x \
|
||||
asn1_NameConstraints.x \
|
||||
asn1_id_x509_ce_privateKeyUsagePeriod.x \
|
||||
asn1_id_x509_ce_certificatePolicies.x \
|
||||
asn1_id_x509_ce_policyMappings.x \
|
||||
asn1_id_x509_ce_subjectAltName.x \
|
||||
asn1_id_x509_ce_issuerAltName.x \
|
||||
asn1_id_x509_ce_subjectDirectoryAttributes.x \
|
||||
asn1_id_x509_ce_policyConstraints.x \
|
||||
asn1_id_x509_ce_extKeyUsage.x \
|
||||
asn1_ExtKeyUsage.x \
|
||||
asn1_id_x509_ce_cRLDistributionPoints.x \
|
||||
asn1_id_x509_ce_deltaCRLIndicator.x \
|
||||
asn1_id_x509_ce_issuingDistributionPoint.x \
|
||||
asn1_id_x509_ce_holdInstructionCode.x \
|
||||
asn1_id_x509_ce_invalidityDate.x \
|
||||
asn1_id_x509_ce_certificateIssuer.x \
|
||||
asn1_id_x509_ce_inhibitAnyPolicy.x \
|
||||
asn1_DistributionPointReasonFlags.x \
|
||||
asn1_DistributionPointName.x \
|
||||
asn1_DistributionPoint.x \
|
||||
asn1_CRLDistributionPoints.x \
|
||||
asn1_DSASigValue.x \
|
||||
asn1_DSAPublicKey.x \
|
||||
asn1_DSAParams.x \
|
||||
asn1_RSAPublicKey.x \
|
||||
asn1_RSAPrivateKey.x \
|
||||
asn1_DigestInfo.x \
|
||||
asn1_TBSCRLCertList.x \
|
||||
asn1_CRLCertificateList.x \
|
||||
asn1_id_x509_ce_cRLNumber.x \
|
||||
asn1_id_x509_ce_freshestCRL.x \
|
||||
asn1_id_x509_ce_cRLReason.x \
|
||||
asn1_CRLReason.x \
|
||||
asn1_PKIXXmppAddr.x \
|
||||
asn1_id_pkix.x \
|
||||
asn1_id_pkix_on.x \
|
||||
asn1_id_pkix_on_dnsSRV.x \
|
||||
asn1_id_pkix_on_xmppAddr.x \
|
||||
asn1_id_pkix_kp.x \
|
||||
asn1_id_pkix_kp_serverAuth.x \
|
||||
asn1_id_pkix_kp_clientAuth.x \
|
||||
asn1_id_pkix_kp_emailProtection.x \
|
||||
asn1_id_pkix_kp_timeStamping.x \
|
||||
asn1_id_pkix_kp_OCSPSigning.x \
|
||||
asn1_id_pkix_pe.x \
|
||||
asn1_id_pkix_pe_authorityInfoAccess.x \
|
||||
asn1_id_pkix_pe_proxyCertInfo.x \
|
||||
asn1_id_pkix_ppl.x \
|
||||
asn1_id_pkix_ppl_anyLanguage.x \
|
||||
asn1_id_pkix_ppl_inheritAll.x \
|
||||
asn1_id_pkix_ppl_independent.x \
|
||||
asn1_ProxyPolicy.x \
|
||||
asn1_ProxyCertInfo.x
|
||||
|
||||
GEN_CMS = \
|
||||
asn1_CMSAttributes.x \
|
||||
asn1_CMSCBCParameter.x \
|
||||
asn1_CMSEncryptedData.x \
|
||||
asn1_CMSIdentifier.x \
|
||||
asn1_CMSRC2CBCParameter.x \
|
||||
asn1_CMSVersion.x \
|
||||
asn1_CertificateList.x \
|
||||
asn1_CertificateRevocationLists.x \
|
||||
asn1_CertificateSet.x \
|
||||
asn1_ContentEncryptionAlgorithmIdentifier.x \
|
||||
asn1_ContentInfo.x \
|
||||
asn1_ContentType.x \
|
||||
asn1_DigestAlgorithmIdentifier.x \
|
||||
asn1_DigestAlgorithmIdentifiers.x \
|
||||
asn1_EncapsulatedContentInfo.x \
|
||||
asn1_EncryptedContent.x \
|
||||
asn1_EncryptedContentInfo.x \
|
||||
asn1_EncryptedKey.x \
|
||||
asn1_EnvelopedData.x \
|
||||
asn1_IssuerAndSerialNumber.x \
|
||||
asn1_KeyEncryptionAlgorithmIdentifier.x \
|
||||
asn1_KeyTransRecipientInfo.x \
|
||||
asn1_MessageDigest.x \
|
||||
asn1_OriginatorInfo.x \
|
||||
asn1_RecipientIdentifier.x \
|
||||
asn1_RecipientInfo.x \
|
||||
asn1_RecipientInfos.x \
|
||||
asn1_SignatureAlgorithmIdentifier.x \
|
||||
asn1_SignatureValue.x \
|
||||
asn1_SignedData.x \
|
||||
asn1_SignerIdentifier.x \
|
||||
asn1_SignerInfo.x \
|
||||
asn1_SignerInfos.x \
|
||||
asn1_id_pkcs7.x \
|
||||
asn1_id_pkcs7_data.x \
|
||||
asn1_id_pkcs7_digestedData.x \
|
||||
asn1_id_pkcs7_encryptedData.x \
|
||||
asn1_id_pkcs7_envelopedData.x \
|
||||
asn1_id_pkcs7_signedAndEnvelopedData.x \
|
||||
asn1_id_pkcs7_signedData.x \
|
||||
asn1_UnprotectedAttributes.x
|
||||
|
||||
GEN_K5= asn1_AD_AND_OR.x \
|
||||
asn1_AD_IF_RELEVANT.x \
|
||||
asn1_AD_KDCIssued.x \
|
||||
asn1_AD_MANDATORY_FOR_KDC.x \
|
||||
asn1_AD_LoginAlias.x \
|
||||
asn1_APOptions.x \
|
||||
asn1_AP_REP.x \
|
||||
asn1_AP_REQ.x \
|
||||
asn1_AS_REP.x \
|
||||
asn1_AS_REQ.x \
|
||||
asn1_AUTHDATA_TYPE.x \
|
||||
asn1_Authenticator.x \
|
||||
asn1_AuthorizationData.x \
|
||||
asn1_AuthorizationDataElement.x \
|
||||
asn1_CKSUMTYPE.x \
|
||||
asn1_Checksum.x \
|
||||
asn1_ChangePasswdDataMS.x \
|
||||
asn1_Checksum.x \
|
||||
asn1_ENCTYPE.x \
|
||||
asn1_ETYPE_INFO.x \
|
||||
asn1_ETYPE_INFO2.x \
|
||||
asn1_ETYPE_INFO2_ENTRY.x \
|
||||
asn1_ETYPE_INFO_ENTRY.x \
|
||||
asn1_EncAPRepPart.x \
|
||||
asn1_EncASRepPart.x \
|
||||
@ -38,6 +252,7 @@ GEN= asn1_APOptions.x \
|
||||
asn1_EncTicketPart.x \
|
||||
asn1_EncryptedData.x \
|
||||
asn1_EncryptionKey.x \
|
||||
asn1_EtypeList.x \
|
||||
asn1_HostAddress.x \
|
||||
asn1_HostAddresses.x \
|
||||
asn1_KDCOptions.x \
|
||||
@ -49,6 +264,7 @@ GEN= asn1_APOptions.x \
|
||||
asn1_KRB_PRIV.x \
|
||||
asn1_KRB_SAFE.x \
|
||||
asn1_KRB_SAFE_BODY.x \
|
||||
asn1_KerberosString.x \
|
||||
asn1_KerberosTime.x \
|
||||
asn1_KrbCredInfo.x \
|
||||
asn1_LR_TYPE.x \
|
||||
@ -58,22 +274,199 @@ GEN= asn1_APOptions.x \
|
||||
asn1_NAME_TYPE.x \
|
||||
asn1_PADATA_TYPE.x \
|
||||
asn1_PA_DATA.x \
|
||||
asn1_PA_ENC_SAM_RESPONSE_ENC.x \
|
||||
asn1_PA_ENC_TS_ENC.x \
|
||||
asn1_PA_PAC_REQUEST.x \
|
||||
asn1_PA_S4U2Self.x \
|
||||
asn1_PA_SAM_CHALLENGE_2.x \
|
||||
asn1_PA_SAM_CHALLENGE_2_BODY.x \
|
||||
asn1_PA_SAM_REDIRECT.x \
|
||||
asn1_PA_SAM_RESPONSE_2.x \
|
||||
asn1_PA_SAM_TYPE.x \
|
||||
asn1_PA_ClientCanonicalized.x \
|
||||
asn1_PA_ClientCanonicalizedNames.x \
|
||||
asn1_PA_SvrReferralData.x \
|
||||
asn1_PROV_SRV_LOCATION.x \
|
||||
asn1_Principal.x \
|
||||
asn1_PrincipalName.x \
|
||||
asn1_Realm.x \
|
||||
asn1_SAMFlags.x \
|
||||
asn1_TGS_REP.x \
|
||||
asn1_TGS_REQ.x \
|
||||
asn1_TYPED_DATA.x \
|
||||
asn1_Ticket.x \
|
||||
asn1_TicketFlags.x \
|
||||
asn1_TransitedEncoding.x \
|
||||
asn1_UNSIGNED.x
|
||||
asn1_TypedData.x \
|
||||
asn1_krb5int32.x \
|
||||
asn1_krb5uint32.x \
|
||||
asn1_KRB5SignedPathData.x \
|
||||
asn1_KRB5SignedPathPrincipals.x \
|
||||
asn1_KRB5SignedPath.x
|
||||
|
||||
CLEANFILES= ${GEN} ${GEN:S/.x$/.c/} krb5_asn1.h asn1_files
|
||||
GEN_PKINIT = \
|
||||
asn1_id_pkinit.x \
|
||||
asn1_id_pkauthdata.x \
|
||||
asn1_id_pkdhkeydata.x \
|
||||
asn1_id_pkrkeydata.x \
|
||||
asn1_id_pkekuoid.x \
|
||||
asn1_id_pkkdcekuoid.x \
|
||||
asn1_id_pkinit_san.x \
|
||||
asn1_id_pkinit_ms_eku.x \
|
||||
asn1_id_pkinit_ms_san.x \
|
||||
asn1_MS_UPN_SAN.x \
|
||||
asn1_DHNonce.x \
|
||||
asn1_KDFAlgorithmId.x \
|
||||
asn1_TrustedCA.x \
|
||||
asn1_ExternalPrincipalIdentifier.x \
|
||||
asn1_ExternalPrincipalIdentifiers.x \
|
||||
asn1_PA_PK_AS_REQ.x \
|
||||
asn1_PKAuthenticator.x \
|
||||
asn1_AuthPack.x \
|
||||
asn1_TD_TRUSTED_CERTIFIERS.x \
|
||||
asn1_TD_INVALID_CERTIFICATES.x \
|
||||
asn1_KRB5PrincipalName.x \
|
||||
asn1_AD_INITIAL_VERIFIED_CAS.x \
|
||||
asn1_DHRepInfo.x \
|
||||
asn1_PA_PK_AS_REP.x \
|
||||
asn1_KDCDHKeyInfo.x \
|
||||
asn1_ReplyKeyPack.x \
|
||||
asn1_TD_DH_PARAMETERS.x \
|
||||
asn1_PKAuthenticator_Win2k.x \
|
||||
asn1_AuthPack_Win2k.x \
|
||||
asn1_TrustedCA_Win2k.x \
|
||||
asn1_PA_PK_AS_REQ_Win2k.x \
|
||||
asn1_PA_PK_AS_REP_Win2k.x \
|
||||
asn1_KDCDHKeyInfo_Win2k.x \
|
||||
asn1_ReplyKeyPack_Win2k.x \
|
||||
asn1_PkinitSuppPubInfo.x
|
||||
|
||||
.ORDER: ${GEN} krb5_asn1.h
|
||||
${GEN} krb5_asn1.h: k5.asn1 ../../tools/asn1_compile/asn1_compile
|
||||
../../tools/asn1_compile/asn1_compile ${.ALLSRC:M*.asn1} krb5_asn1
|
||||
GEN_PKCS8 = \
|
||||
asn1_PKCS8PrivateKeyAlgorithmIdentifier.x \
|
||||
asn1_PKCS8PrivateKey.x \
|
||||
asn1_PKCS8PrivateKeyInfo.x \
|
||||
asn1_PKCS8Attributes.x \
|
||||
asn1_PKCS8EncryptedPrivateKeyInfo.x \
|
||||
asn1_PKCS8EncryptedData.x
|
||||
|
||||
GEN_PKCS9 = \
|
||||
asn1_id_pkcs_9.x \
|
||||
asn1_id_pkcs9_contentType.x \
|
||||
asn1_id_pkcs9_emailAddress.x \
|
||||
asn1_id_pkcs9_messageDigest.x \
|
||||
asn1_id_pkcs9_signingTime.x \
|
||||
asn1_id_pkcs9_countersignature.x \
|
||||
asn1_id_pkcs_9_at_friendlyName.x \
|
||||
asn1_id_pkcs_9_at_localKeyId.x \
|
||||
asn1_id_pkcs_9_at_certTypes.x \
|
||||
asn1_id_pkcs_9_at_certTypes_x509.x \
|
||||
asn1_PKCS9_BMPString.x \
|
||||
asn1_PKCS9_friendlyName.x
|
||||
|
||||
GEN_PKCS12 = \
|
||||
asn1_id_pkcs_12.x \
|
||||
asn1_id_pkcs_12PbeIds.x \
|
||||
asn1_id_pbeWithSHAAnd128BitRC4.x \
|
||||
asn1_id_pbeWithSHAAnd40BitRC4.x \
|
||||
asn1_id_pbeWithSHAAnd3_KeyTripleDES_CBC.x \
|
||||
asn1_id_pbeWithSHAAnd2_KeyTripleDES_CBC.x \
|
||||
asn1_id_pbeWithSHAAnd128BitRC2_CBC.x \
|
||||
asn1_id_pbewithSHAAnd40BitRC2_CBC.x \
|
||||
asn1_id_pkcs12_bagtypes.x \
|
||||
asn1_id_pkcs12_keyBag.x \
|
||||
asn1_id_pkcs12_pkcs8ShroudedKeyBag.x \
|
||||
asn1_id_pkcs12_certBag.x \
|
||||
asn1_id_pkcs12_crlBag.x \
|
||||
asn1_id_pkcs12_secretBag.x \
|
||||
asn1_id_pkcs12_safeContentsBag.x \
|
||||
asn1_PKCS12_MacData.x \
|
||||
asn1_PKCS12_PFX.x \
|
||||
asn1_PKCS12_AuthenticatedSafe.x \
|
||||
asn1_PKCS12_CertBag.x \
|
||||
asn1_PKCS12_Attribute.x \
|
||||
asn1_PKCS12_Attributes.x \
|
||||
asn1_PKCS12_SafeBag.x \
|
||||
asn1_PKCS12_SafeContents.x \
|
||||
asn1_PKCS12_OctetString.x \
|
||||
asn1_PKCS12_PBEParams.x
|
||||
|
||||
GEN_DIGEST= asn1_DigestError.x \
|
||||
asn1_DigestInit.x \
|
||||
asn1_DigestInitReply.x \
|
||||
asn1_DigestREP.x \
|
||||
asn1_DigestREQ.x \
|
||||
asn1_DigestRepInner.x \
|
||||
asn1_DigestReqInner.x \
|
||||
asn1_DigestRequest.x \
|
||||
asn1_DigestResponse.x \
|
||||
asn1_DigestTypes.x \
|
||||
asn1_NTLMInit.x \
|
||||
asn1_NTLMInitReply.x \
|
||||
asn1_NTLMRequest.x \
|
||||
asn1_NTLMResponse.x
|
||||
|
||||
GEN_KX509 = \
|
||||
asn1_Kx509Response.x \
|
||||
asn1_Kx509Request.x
|
||||
|
||||
GEN+= ${GEN_RFC2459}
|
||||
GEN+= ${GEN_CMS}
|
||||
GEN+= ${GEN_K5}
|
||||
GEN+= ${GEN_PKINIT}
|
||||
GEN+= ${GEN_PKCS8}
|
||||
GEN+= ${GEN_PKCS9}
|
||||
GEN+= ${GEN_PKCS12}
|
||||
GEN+= ${GEN_DIGEST}
|
||||
GEN+= ${GEN_KX509}
|
||||
|
||||
CLEANFILES= ${GEN} ${GEN:S/.x$/.c/} *_asn1_files
|
||||
|
||||
GEN_ASN1=cms_asn1.h rfc2459_asn1.h krb5_asn1.h pkinit_asn1.h
|
||||
GEN_ASN1+=pkcs8_asn1.h pkcs9_asn1.h pkcs12_asn1.h digest_asn1.h kx509_asn1.h
|
||||
SRCS+= ${GEN_ASN1}
|
||||
INCS+= ${GEN_ASN1}
|
||||
CLEANFILES+=${GEN_ASN1}
|
||||
|
||||
.ORDER: ${GEN} ${GEN_ASN1}
|
||||
|
||||
${GEN_CMS} cms_asn1.h: CMS.asn1 ../../tools/asn1_compile/asn1_compile
|
||||
../../tools/asn1_compile/asn1_compile ${.ALLSRC:M*.asn1} cms_asn1
|
||||
|
||||
${GEN_RFC2459} rfc2459_asn1.h: rfc2459.asn1 ../../tools/asn1_compile/asn1_compile
|
||||
../../tools/asn1_compile/asn1_compile \
|
||||
--preserve-binary=TBSCertificate \
|
||||
--preserve-binary=TBSCRLCertList \
|
||||
--preserve-binary=Name \
|
||||
--sequence=GeneralNames \
|
||||
--sequence=Extensions \
|
||||
--sequence=CRLDistributionPoints ${.ALLSRC:M*.asn1} rfc2459_asn1
|
||||
|
||||
${GEN_K5} krb5_asn1.h: k5.asn1 ../../tools/asn1_compile/asn1_compile
|
||||
../../tools/asn1_compile/asn1_compile \
|
||||
--encode-rfc1510-bit-string \
|
||||
--sequence=KRB5SignedPathPrincipals \
|
||||
--sequence=AuthorizationData \
|
||||
--sequence=METHOD-DATA \
|
||||
--sequence=ETYPE-INFO \
|
||||
--sequence=ETYPE-INFO2 ${.ALLSRC:M*.asn1} krb5_asn1
|
||||
|
||||
${GEN_PKINIT} pkinit_asn1.h: pkinit.asn1 ../../tools/asn1_compile/asn1_compile
|
||||
../../tools/asn1_compile/asn1_compile ${.ALLSRC:M*.asn1} pkinit_asn1
|
||||
|
||||
${GEN_PKCS8} pkcs8_asn1.h: pkcs8.asn1 ../../tools/asn1_compile/asn1_compile
|
||||
../../tools/asn1_compile/asn1_compile ${.ALLSRC:M*.asn1} pkcs8_asn1
|
||||
|
||||
${GEN_PKCS9} pkcs9_asn1.h: pkcs9.asn1 ../../tools/asn1_compile/asn1_compile
|
||||
../../tools/asn1_compile/asn1_compile ${.ALLSRC:M*.asn1} pkcs9_asn1
|
||||
|
||||
${GEN_PKCS12} pkcs12_asn1.h: pkcs12.asn1 ../../tools/asn1_compile/asn1_compile
|
||||
../../tools/asn1_compile/asn1_compile ${.ALLSRC:M*.asn1} pkcs12_asn1
|
||||
|
||||
${GEN_DIGEST} digest_asn1.h: digest.asn1 ../../tools/asn1_compile/asn1_compile
|
||||
../../tools/asn1_compile/asn1_compile ${.ALLSRC:M*.asn1} digest_asn1
|
||||
|
||||
${GEN_KX509} kx509_asn1.h: kx509.asn1 ../../tools/asn1_compile/asn1_compile
|
||||
../../tools/asn1_compile/asn1_compile ${.ALLSRC:M*.asn1} kx509_asn1
|
||||
|
||||
../../tools/asn1_compile/asn1_compile:
|
||||
cd ${.CURDIR}/../../tools/asn1_compile && ${MAKE}
|
||||
|
@ -1,58 +0,0 @@
|
||||
# $FreeBSD$
|
||||
|
||||
LIB= gssapi_krb5
|
||||
LDFLAGS= -Wl,-Bsymbolic
|
||||
LDADD= -lkrb5 -lcrypto -lroken -lasn1 -lcom_err -lcrypt
|
||||
DPADD= ${LIBKRB5} ${LIBCRYPTO} ${LIBROKEN} ${LIBASN1} ${LIBCOM_ERR} \
|
||||
${LIBCRYPT}
|
||||
|
||||
SRCS= 8003.c \
|
||||
accept_sec_context.c \
|
||||
acquire_cred.c \
|
||||
add_cred.c \
|
||||
add_oid_set_member.c \
|
||||
address_to_krb5addr.c \
|
||||
arcfour.c \
|
||||
canonicalize_name.c \
|
||||
compare_name.c \
|
||||
compat.c \
|
||||
context_time.c \
|
||||
copy_ccache.c \
|
||||
create_emtpy_oid_set.c \
|
||||
decapsulate.c \
|
||||
delete_sec_context.c \
|
||||
display_name.c \
|
||||
display_status.c \
|
||||
duplicate_name.c \
|
||||
encapsulate.c \
|
||||
export_name.c \
|
||||
export_sec_context.c \
|
||||
external.c \
|
||||
get_mic.c \
|
||||
import_name.c \
|
||||
import_sec_context.c \
|
||||
indicate_mechs.c \
|
||||
init.c \
|
||||
init_sec_context.c \
|
||||
inquire_context.c \
|
||||
inquire_cred.c \
|
||||
inquire_cred_by_mech.c \
|
||||
inquire_mechs_for_name.c \
|
||||
inquire_names_for_mech.c \
|
||||
process_context_token.c \
|
||||
release_buffer.c \
|
||||
release_cred.c \
|
||||
release_name.c \
|
||||
release_oid_set.c \
|
||||
test_oid_set_member.c \
|
||||
unwrap.c \
|
||||
v1.c \
|
||||
verify_mic.c \
|
||||
wrap.c
|
||||
|
||||
CFLAGS+=-I${KRB5DIR}/lib/gssapi -I${KRB5DIR}/lib/krb5 \
|
||||
-I${KRB5DIR}/lib/asn1 -I${KRB5DIR}/lib/roken -I.
|
||||
|
||||
.include <bsd.lib.mk>
|
||||
|
||||
.PATH: ${KRB5DIR}/lib/gssapi
|
79
kerberos5/lib/libgssapi_krb5/Makefile
Normal file
79
kerberos5/lib/libgssapi_krb5/Makefile
Normal file
@ -0,0 +1,79 @@
|
||||
# $FreeBSD$
|
||||
|
||||
LIB= gssapi_krb5
|
||||
LDFLAGS= -Wl,-Bsymbolic
|
||||
LDADD= -lkrb5 -lhx509 -lcrypto -lroken -lasn1 -lcom_err -lcrypt
|
||||
DPADD= ${LIBKRB5} ${LIBHX509} ${LIBCRYPTO} ${LIBROKEN} ${LIBASN1} \
|
||||
${LIBCOM_ERR} ${LIBCRYPT}
|
||||
|
||||
INCS= ${KRB5DIR}/lib/gssapi/gssapi/gssapi_krb5.h
|
||||
INCSDIR= ${INCLUDEDIR}/gssapi
|
||||
|
||||
SRCS= 8003.c \
|
||||
accept_sec_context.c \
|
||||
acquire_cred.c \
|
||||
add_cred.c \
|
||||
address_to_krb5addr.c \
|
||||
arcfour.c \
|
||||
canonicalize_name.c \
|
||||
ccache_name.c \
|
||||
cfx.c \
|
||||
compare_name.c \
|
||||
compat.c \
|
||||
context_time.c \
|
||||
copy_ccache.c \
|
||||
decapsulate.c \
|
||||
delete_sec_context.c \
|
||||
display_name.c \
|
||||
display_status.c \
|
||||
duplicate_name.c \
|
||||
encapsulate.c \
|
||||
export_name.c \
|
||||
export_sec_context.c \
|
||||
external.c \
|
||||
get_mic.c \
|
||||
gkrb5_err.c \
|
||||
gkrb5_err.h \
|
||||
import_name.c \
|
||||
import_sec_context.c \
|
||||
indicate_mechs.c \
|
||||
init.c \
|
||||
init_sec_context.c \
|
||||
inquire_context.c \
|
||||
inquire_cred.c \
|
||||
inquire_cred_by_mech.c \
|
||||
inquire_cred_by_oid.c \
|
||||
inquire_mechs_for_name.c \
|
||||
inquire_names_for_mech.c \
|
||||
inquire_sec_context_by_oid.c \
|
||||
prefix.c \
|
||||
prf.c \
|
||||
process_context_token.c \
|
||||
release_buffer.c \
|
||||
release_cred.c \
|
||||
release_name.c \
|
||||
sequence.c \
|
||||
set_cred_option.c \
|
||||
set_sec_context_option.c \
|
||||
unwrap.c \
|
||||
v1.c \
|
||||
verify_mic.c \
|
||||
wrap.c \
|
||||
gss_krb5.c
|
||||
|
||||
#SRCS+= gss_add_oid_set_member.c \
|
||||
# gss_create_empty_oid_set.c \
|
||||
# gss_release_buffer.c \
|
||||
# gss_release_oid_set.c \
|
||||
# gss_test_oid_set_member.c \
|
||||
# gss_utils.c
|
||||
|
||||
CFLAGS+=-I${KRB5DIR}/lib/gssapi
|
||||
CFLAGS+=-I${KRB5DIR}/lib/gssapi/krb5
|
||||
CFLAGS+=-I${KRB5DIR}/lib/krb5
|
||||
CFLAGS+=-I${KRB5DIR}/lib/asn1
|
||||
CFLAGS+=-I${KRB5DIR}/lib/roken -I.
|
||||
|
||||
.include <bsd.lib.mk>
|
||||
|
||||
.PATH: ${KRB5DIR}/lib/gssapi/krb5 ${.CURDIR}/../../../lib/libgssapi
|
831
kerberos5/lib/libgssapi_krb5/gss_krb5.c
Normal file
831
kerberos5/lib/libgssapi_krb5/gss_krb5.c
Normal file
@ -0,0 +1,831 @@
|
||||
/*-
|
||||
* Copyright (c) 2005 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include <gssapi/gssapi.h>
|
||||
#include <gssapi/gssapi_krb5.h>
|
||||
|
||||
/* RCSID("$Id: gss_krb5.c 21889 2007-08-09 07:43:24Z lha $"); */
|
||||
|
||||
#include <krb5.h>
|
||||
#include <roken.h>
|
||||
|
||||
OM_uint32
|
||||
gss_krb5_copy_ccache(OM_uint32 *minor_status,
|
||||
gss_cred_id_t cred,
|
||||
krb5_ccache out)
|
||||
{
|
||||
gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;
|
||||
krb5_context context;
|
||||
krb5_error_code kret;
|
||||
krb5_ccache id;
|
||||
OM_uint32 ret;
|
||||
char *str;
|
||||
|
||||
ret = gss_inquire_cred_by_oid(minor_status,
|
||||
cred,
|
||||
GSS_KRB5_COPY_CCACHE_X,
|
||||
&data_set);
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
if (data_set == GSS_C_NO_BUFFER_SET || data_set->count != 1) {
|
||||
gss_release_buffer_set(minor_status, &data_set);
|
||||
*minor_status = EINVAL;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
kret = krb5_init_context(&context);
|
||||
if (kret) {
|
||||
*minor_status = kret;
|
||||
gss_release_buffer_set(minor_status, &data_set);
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
kret = asprintf(&str, "%.*s", (int)data_set->elements[0].length,
|
||||
(char *)data_set->elements[0].value);
|
||||
gss_release_buffer_set(minor_status, &data_set);
|
||||
if (kret == -1) {
|
||||
*minor_status = ENOMEM;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
kret = krb5_cc_resolve(context, str, &id);
|
||||
free(str);
|
||||
if (kret) {
|
||||
*minor_status = kret;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
kret = krb5_cc_copy_cache(context, id, out);
|
||||
krb5_cc_close(context, id);
|
||||
krb5_free_context(context);
|
||||
if (kret) {
|
||||
*minor_status = kret;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
OM_uint32
|
||||
gss_krb5_import_cred(OM_uint32 *minor_status,
|
||||
krb5_ccache id,
|
||||
krb5_principal keytab_principal,
|
||||
krb5_keytab keytab,
|
||||
gss_cred_id_t *cred)
|
||||
{
|
||||
gss_buffer_desc buffer;
|
||||
OM_uint32 major_status;
|
||||
krb5_context context;
|
||||
krb5_error_code ret;
|
||||
krb5_storage *sp;
|
||||
krb5_data data;
|
||||
char *str;
|
||||
|
||||
*cred = GSS_C_NO_CREDENTIAL;
|
||||
|
||||
ret = krb5_init_context(&context);
|
||||
if (ret) {
|
||||
*minor_status = ret;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
sp = krb5_storage_emem();
|
||||
if (sp == NULL) {
|
||||
*minor_status = ENOMEM;
|
||||
major_status = GSS_S_FAILURE;
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (id) {
|
||||
ret = krb5_cc_get_full_name(context, id, &str);
|
||||
if (ret == 0) {
|
||||
ret = krb5_store_string(sp, str);
|
||||
free(str);
|
||||
}
|
||||
} else
|
||||
ret = krb5_store_string(sp, "");
|
||||
if (ret) {
|
||||
*minor_status = ret;
|
||||
major_status = GSS_S_FAILURE;
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (keytab_principal) {
|
||||
ret = krb5_unparse_name(context, keytab_principal, &str);
|
||||
if (ret == 0) {
|
||||
ret = krb5_store_string(sp, str);
|
||||
free(str);
|
||||
}
|
||||
} else
|
||||
krb5_store_string(sp, "");
|
||||
if (ret) {
|
||||
*minor_status = ret;
|
||||
major_status = GSS_S_FAILURE;
|
||||
goto out;
|
||||
}
|
||||
|
||||
|
||||
if (keytab) {
|
||||
ret = krb5_kt_get_full_name(context, keytab, &str);
|
||||
if (ret == 0) {
|
||||
ret = krb5_store_string(sp, str);
|
||||
free(str);
|
||||
}
|
||||
} else
|
||||
krb5_store_string(sp, "");
|
||||
if (ret) {
|
||||
*minor_status = ret;
|
||||
major_status = GSS_S_FAILURE;
|
||||
goto out;
|
||||
}
|
||||
|
||||
ret = krb5_storage_to_data(sp, &data);
|
||||
if (ret) {
|
||||
*minor_status = ret;
|
||||
major_status = GSS_S_FAILURE;
|
||||
goto out;
|
||||
}
|
||||
|
||||
buffer.value = data.data;
|
||||
buffer.length = data.length;
|
||||
|
||||
major_status = gss_set_cred_option(minor_status,
|
||||
cred,
|
||||
GSS_KRB5_IMPORT_CRED_X,
|
||||
&buffer);
|
||||
krb5_data_free(&data);
|
||||
out:
|
||||
if (sp)
|
||||
krb5_storage_free(sp);
|
||||
krb5_free_context(context);
|
||||
return major_status;
|
||||
}
|
||||
|
||||
OM_uint32
|
||||
gsskrb5_register_acceptor_identity(const char *identity)
|
||||
{
|
||||
gss_buffer_desc buffer;
|
||||
OM_uint32 junk;
|
||||
|
||||
buffer.value = rk_UNCONST(identity);
|
||||
buffer.length = strlen(identity);
|
||||
|
||||
gss_set_sec_context_option(&junk, NULL,
|
||||
GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X, &buffer);
|
||||
|
||||
return (GSS_S_COMPLETE);
|
||||
}
|
||||
|
||||
OM_uint32
|
||||
gsskrb5_set_dns_canonicalize(int flag)
|
||||
{
|
||||
gss_buffer_desc buffer;
|
||||
OM_uint32 junk;
|
||||
char b = (flag != 0);
|
||||
|
||||
buffer.value = &b;
|
||||
buffer.length = sizeof(b);
|
||||
|
||||
gss_set_sec_context_option(&junk, NULL,
|
||||
GSS_KRB5_SET_DNS_CANONICALIZE_X, &buffer);
|
||||
|
||||
return (GSS_S_COMPLETE);
|
||||
}
|
||||
|
||||
|
||||
|
||||
static krb5_error_code
|
||||
set_key(krb5_keyblock *keyblock, gss_krb5_lucid_key_t *key)
|
||||
{
|
||||
key->type = keyblock->keytype;
|
||||
key->length = keyblock->keyvalue.length;
|
||||
key->data = malloc(key->length);
|
||||
if (key->data == NULL && key->length != 0)
|
||||
return ENOMEM;
|
||||
memcpy(key->data, keyblock->keyvalue.data, key->length);
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void
|
||||
free_key(gss_krb5_lucid_key_t *key)
|
||||
{
|
||||
memset(key->data, 0, key->length);
|
||||
free(key->data);
|
||||
memset(key, 0, sizeof(*key));
|
||||
}
|
||||
|
||||
OM_uint32
|
||||
gss_krb5_export_lucid_sec_context(OM_uint32 *minor_status,
|
||||
gss_ctx_id_t *context_handle,
|
||||
OM_uint32 version,
|
||||
void **rctx)
|
||||
{
|
||||
krb5_context context = NULL;
|
||||
krb5_error_code ret;
|
||||
gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;
|
||||
OM_uint32 major_status;
|
||||
gss_krb5_lucid_context_v1_t *ctx = NULL;
|
||||
krb5_storage *sp = NULL;
|
||||
uint32_t num;
|
||||
|
||||
if (context_handle == NULL
|
||||
|| *context_handle == GSS_C_NO_CONTEXT
|
||||
|| version != 1)
|
||||
{
|
||||
ret = EINVAL;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
major_status =
|
||||
gss_inquire_sec_context_by_oid (minor_status,
|
||||
*context_handle,
|
||||
GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X,
|
||||
&data_set);
|
||||
if (major_status)
|
||||
return major_status;
|
||||
|
||||
if (data_set == GSS_C_NO_BUFFER_SET || data_set->count != 1) {
|
||||
gss_release_buffer_set(minor_status, &data_set);
|
||||
*minor_status = EINVAL;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
ret = krb5_init_context(&context);
|
||||
if (ret)
|
||||
goto out;
|
||||
|
||||
ctx = calloc(1, sizeof(*ctx));
|
||||
if (ctx == NULL) {
|
||||
ret = ENOMEM;
|
||||
goto out;
|
||||
}
|
||||
|
||||
sp = krb5_storage_from_mem(data_set->elements[0].value,
|
||||
data_set->elements[0].length);
|
||||
if (sp == NULL) {
|
||||
ret = ENOMEM;
|
||||
goto out;
|
||||
}
|
||||
|
||||
ret = krb5_ret_uint32(sp, &num);
|
||||
if (ret) goto out;
|
||||
if (num != 1) {
|
||||
ret = EINVAL;
|
||||
goto out;
|
||||
}
|
||||
ctx->version = 1;
|
||||
/* initiator */
|
||||
ret = krb5_ret_uint32(sp, &ctx->initiate);
|
||||
if (ret) goto out;
|
||||
/* endtime */
|
||||
ret = krb5_ret_uint32(sp, &ctx->endtime);
|
||||
if (ret) goto out;
|
||||
/* send_seq */
|
||||
ret = krb5_ret_uint32(sp, &num);
|
||||
if (ret) goto out;
|
||||
ctx->send_seq = ((uint64_t)num) << 32;
|
||||
ret = krb5_ret_uint32(sp, &num);
|
||||
if (ret) goto out;
|
||||
ctx->send_seq |= num;
|
||||
/* recv_seq */
|
||||
ret = krb5_ret_uint32(sp, &num);
|
||||
if (ret) goto out;
|
||||
ctx->recv_seq = ((uint64_t)num) << 32;
|
||||
ret = krb5_ret_uint32(sp, &num);
|
||||
if (ret) goto out;
|
||||
ctx->recv_seq |= num;
|
||||
/* protocol */
|
||||
ret = krb5_ret_uint32(sp, &ctx->protocol);
|
||||
if (ret) goto out;
|
||||
if (ctx->protocol == 0) {
|
||||
krb5_keyblock key;
|
||||
|
||||
/* sign_alg */
|
||||
ret = krb5_ret_uint32(sp, &ctx->rfc1964_kd.sign_alg);
|
||||
if (ret) goto out;
|
||||
/* seal_alg */
|
||||
ret = krb5_ret_uint32(sp, &ctx->rfc1964_kd.seal_alg);
|
||||
if (ret) goto out;
|
||||
/* ctx_key */
|
||||
ret = krb5_ret_keyblock(sp, &key);
|
||||
if (ret) goto out;
|
||||
ret = set_key(&key, &ctx->rfc1964_kd.ctx_key);
|
||||
krb5_free_keyblock_contents(context, &key);
|
||||
if (ret) goto out;
|
||||
} else if (ctx->protocol == 1) {
|
||||
krb5_keyblock key;
|
||||
|
||||
/* acceptor_subkey */
|
||||
ret = krb5_ret_uint32(sp, &ctx->cfx_kd.have_acceptor_subkey);
|
||||
if (ret) goto out;
|
||||
/* ctx_key */
|
||||
ret = krb5_ret_keyblock(sp, &key);
|
||||
if (ret) goto out;
|
||||
ret = set_key(&key, &ctx->cfx_kd.ctx_key);
|
||||
krb5_free_keyblock_contents(context, &key);
|
||||
if (ret) goto out;
|
||||
/* acceptor_subkey */
|
||||
if (ctx->cfx_kd.have_acceptor_subkey) {
|
||||
ret = krb5_ret_keyblock(sp, &key);
|
||||
if (ret) goto out;
|
||||
ret = set_key(&key, &ctx->cfx_kd.acceptor_subkey);
|
||||
krb5_free_keyblock_contents(context, &key);
|
||||
if (ret) goto out;
|
||||
}
|
||||
} else {
|
||||
ret = EINVAL;
|
||||
goto out;
|
||||
}
|
||||
|
||||
*rctx = ctx;
|
||||
|
||||
out:
|
||||
gss_release_buffer_set(minor_status, &data_set);
|
||||
if (sp)
|
||||
krb5_storage_free(sp);
|
||||
if (context)
|
||||
krb5_free_context(context);
|
||||
|
||||
if (ret) {
|
||||
if (ctx)
|
||||
gss_krb5_free_lucid_sec_context(NULL, ctx);
|
||||
|
||||
*minor_status = ret;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
*minor_status = 0;
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
||||
|
||||
OM_uint32
|
||||
gss_krb5_free_lucid_sec_context(OM_uint32 *minor_status, void *c)
|
||||
{
|
||||
gss_krb5_lucid_context_v1_t *ctx = c;
|
||||
|
||||
if (ctx->version != 1) {
|
||||
if (minor_status)
|
||||
*minor_status = 0;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
if (ctx->protocol == 0) {
|
||||
free_key(&ctx->rfc1964_kd.ctx_key);
|
||||
} else if (ctx->protocol == 1) {
|
||||
free_key(&ctx->cfx_kd.ctx_key);
|
||||
if (ctx->cfx_kd.have_acceptor_subkey)
|
||||
free_key(&ctx->cfx_kd.acceptor_subkey);
|
||||
}
|
||||
free(ctx);
|
||||
if (minor_status)
|
||||
*minor_status = 0;
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
||||
|
||||
/*
|
||||
*
|
||||
*/
|
||||
|
||||
OM_uint32
|
||||
gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status,
|
||||
gss_cred_id_t cred,
|
||||
OM_uint32 num_enctypes,
|
||||
int32_t *enctypes)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
OM_uint32 maj_status;
|
||||
gss_buffer_desc buffer;
|
||||
krb5_storage *sp;
|
||||
krb5_data data;
|
||||
int i;
|
||||
|
||||
sp = krb5_storage_emem();
|
||||
if (sp == NULL) {
|
||||
*minor_status = ENOMEM;
|
||||
maj_status = GSS_S_FAILURE;
|
||||
goto out;
|
||||
}
|
||||
|
||||
for (i = 0; i < num_enctypes; i++) {
|
||||
ret = krb5_store_int32(sp, enctypes[i]);
|
||||
if (ret) {
|
||||
*minor_status = ret;
|
||||
maj_status = GSS_S_FAILURE;
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
|
||||
ret = krb5_storage_to_data(sp, &data);
|
||||
if (ret) {
|
||||
*minor_status = ret;
|
||||
maj_status = GSS_S_FAILURE;
|
||||
goto out;
|
||||
}
|
||||
|
||||
buffer.value = data.data;
|
||||
buffer.length = data.length;
|
||||
|
||||
maj_status = gss_set_cred_option(minor_status,
|
||||
&cred,
|
||||
GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X,
|
||||
&buffer);
|
||||
krb5_data_free(&data);
|
||||
out:
|
||||
if (sp)
|
||||
krb5_storage_free(sp);
|
||||
return maj_status;
|
||||
}
|
||||
|
||||
/*
|
||||
*
|
||||
*/
|
||||
|
||||
OM_uint32
|
||||
gsskrb5_set_send_to_kdc(struct gsskrb5_send_to_kdc *c)
|
||||
{
|
||||
gss_buffer_desc buffer;
|
||||
OM_uint32 junk;
|
||||
|
||||
if (c) {
|
||||
buffer.value = c;
|
||||
buffer.length = sizeof(*c);
|
||||
} else {
|
||||
buffer.value = NULL;
|
||||
buffer.length = 0;
|
||||
}
|
||||
|
||||
gss_set_sec_context_option(&junk, NULL,
|
||||
GSS_KRB5_SEND_TO_KDC_X, &buffer);
|
||||
|
||||
return (GSS_S_COMPLETE);
|
||||
}
|
||||
|
||||
/*
|
||||
*
|
||||
*/
|
||||
|
||||
OM_uint32
|
||||
gss_krb5_ccache_name(OM_uint32 *minor_status,
|
||||
const char *name,
|
||||
const char **out_name)
|
||||
{
|
||||
gss_buffer_desc buffer;
|
||||
OM_uint32 junk;
|
||||
|
||||
if (out_name)
|
||||
*out_name = NULL;
|
||||
|
||||
buffer.value = rk_UNCONST(name);
|
||||
buffer.length = strlen(name);
|
||||
|
||||
gss_set_sec_context_option(&junk, NULL,
|
||||
GSS_KRB5_CCACHE_NAME_X, &buffer);
|
||||
|
||||
return (GSS_S_COMPLETE);
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
*
|
||||
*/
|
||||
|
||||
OM_uint32
|
||||
gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status,
|
||||
gss_ctx_id_t context_handle,
|
||||
time_t *authtime)
|
||||
{
|
||||
gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;
|
||||
OM_uint32 maj_stat;
|
||||
|
||||
if (context_handle == GSS_C_NO_CONTEXT) {
|
||||
*minor_status = EINVAL;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
maj_stat =
|
||||
gss_inquire_sec_context_by_oid (minor_status,
|
||||
context_handle,
|
||||
GSS_KRB5_GET_AUTHTIME_X,
|
||||
&data_set);
|
||||
if (maj_stat)
|
||||
return maj_stat;
|
||||
|
||||
if (data_set == GSS_C_NO_BUFFER_SET) {
|
||||
gss_release_buffer_set(minor_status, &data_set);
|
||||
*minor_status = EINVAL;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
if (data_set->count != 1) {
|
||||
gss_release_buffer_set(minor_status, &data_set);
|
||||
*minor_status = EINVAL;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
if (data_set->elements[0].length != 4) {
|
||||
gss_release_buffer_set(minor_status, &data_set);
|
||||
*minor_status = EINVAL;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
{
|
||||
unsigned char *buf = data_set->elements[0].value;
|
||||
*authtime = (buf[3] <<24) | (buf[2] << 16) |
|
||||
(buf[1] << 8) | (buf[0] << 0);
|
||||
}
|
||||
|
||||
gss_release_buffer_set(minor_status, &data_set);
|
||||
|
||||
*minor_status = 0;
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
||||
|
||||
/*
|
||||
*
|
||||
*/
|
||||
|
||||
OM_uint32
|
||||
gsskrb5_extract_authz_data_from_sec_context(OM_uint32 *minor_status,
|
||||
gss_ctx_id_t context_handle,
|
||||
int ad_type,
|
||||
gss_buffer_t ad_data)
|
||||
{
|
||||
gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;
|
||||
OM_uint32 maj_stat;
|
||||
gss_OID_desc oid_flat;
|
||||
heim_oid baseoid, oid;
|
||||
size_t size;
|
||||
|
||||
if (context_handle == GSS_C_NO_CONTEXT) {
|
||||
*minor_status = EINVAL;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
/* All this to append an integer to an oid... */
|
||||
|
||||
if (der_get_oid(GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X->elements,
|
||||
GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X->length,
|
||||
&baseoid, NULL) != 0) {
|
||||
*minor_status = EINVAL;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
oid.length = baseoid.length + 1;
|
||||
oid.components = calloc(oid.length, sizeof(*oid.components));
|
||||
if (oid.components == NULL) {
|
||||
der_free_oid(&baseoid);
|
||||
|
||||
*minor_status = ENOMEM;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
memcpy(oid.components, baseoid.components,
|
||||
baseoid.length * sizeof(*baseoid.components));
|
||||
|
||||
der_free_oid(&baseoid);
|
||||
|
||||
oid.components[oid.length - 1] = ad_type;
|
||||
|
||||
oid_flat.length = der_length_oid(&oid);
|
||||
oid_flat.elements = malloc(oid_flat.length);
|
||||
if (oid_flat.elements == NULL) {
|
||||
free(oid.components);
|
||||
*minor_status = ENOMEM;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
if (der_put_oid((unsigned char *)oid_flat.elements + oid_flat.length - 1,
|
||||
oid_flat.length, &oid, &size) != 0) {
|
||||
free(oid.components);
|
||||
free(oid_flat.elements);
|
||||
*minor_status = EINVAL;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
if (oid_flat.length != size)
|
||||
abort();
|
||||
|
||||
free(oid.components);
|
||||
|
||||
/* FINALLY, we have the OID */
|
||||
|
||||
maj_stat = gss_inquire_sec_context_by_oid (minor_status,
|
||||
context_handle,
|
||||
&oid_flat,
|
||||
&data_set);
|
||||
|
||||
free(oid_flat.elements);
|
||||
|
||||
if (maj_stat)
|
||||
return maj_stat;
|
||||
|
||||
if (data_set == GSS_C_NO_BUFFER_SET || data_set->count != 1) {
|
||||
gss_release_buffer_set(minor_status, &data_set);
|
||||
*minor_status = EINVAL;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
ad_data->value = malloc(data_set->elements[0].length);
|
||||
if (ad_data->value == NULL) {
|
||||
gss_release_buffer_set(minor_status, &data_set);
|
||||
*minor_status = ENOMEM;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
ad_data->length = data_set->elements[0].length;
|
||||
memcpy(ad_data->value, data_set->elements[0].value, ad_data->length);
|
||||
gss_release_buffer_set(minor_status, &data_set);
|
||||
|
||||
*minor_status = 0;
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
||||
|
||||
/*
|
||||
*
|
||||
*/
|
||||
|
||||
static OM_uint32
|
||||
gsskrb5_extract_key(OM_uint32 *minor_status,
|
||||
gss_ctx_id_t context_handle,
|
||||
const gss_OID oid,
|
||||
krb5_keyblock **keyblock)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;
|
||||
OM_uint32 major_status;
|
||||
krb5_context context = NULL;
|
||||
krb5_storage *sp = NULL;
|
||||
|
||||
if (context_handle == GSS_C_NO_CONTEXT) {
|
||||
ret = EINVAL;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
ret = krb5_init_context(&context);
|
||||
if(ret) {
|
||||
*minor_status = ret;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
major_status =
|
||||
gss_inquire_sec_context_by_oid (minor_status,
|
||||
context_handle,
|
||||
oid,
|
||||
&data_set);
|
||||
if (major_status)
|
||||
return major_status;
|
||||
|
||||
if (data_set == GSS_C_NO_BUFFER_SET || data_set->count != 1) {
|
||||
gss_release_buffer_set(minor_status, &data_set);
|
||||
*minor_status = EINVAL;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
sp = krb5_storage_from_mem(data_set->elements[0].value,
|
||||
data_set->elements[0].length);
|
||||
if (sp == NULL) {
|
||||
ret = ENOMEM;
|
||||
goto out;
|
||||
}
|
||||
|
||||
*keyblock = calloc(1, sizeof(**keyblock));
|
||||
if (keyblock == NULL) {
|
||||
ret = ENOMEM;
|
||||
goto out;
|
||||
}
|
||||
|
||||
ret = krb5_ret_keyblock(sp, *keyblock);
|
||||
|
||||
out:
|
||||
gss_release_buffer_set(minor_status, &data_set);
|
||||
if (sp)
|
||||
krb5_storage_free(sp);
|
||||
if (ret && keyblock) {
|
||||
krb5_free_keyblock(context, *keyblock);
|
||||
*keyblock = NULL;
|
||||
}
|
||||
if (context)
|
||||
krb5_free_context(context);
|
||||
|
||||
*minor_status = ret;
|
||||
if (ret)
|
||||
return GSS_S_FAILURE;
|
||||
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
||||
|
||||
/*
|
||||
*
|
||||
*/
|
||||
|
||||
OM_uint32
|
||||
gsskrb5_extract_service_keyblock(OM_uint32 *minor_status,
|
||||
gss_ctx_id_t context_handle,
|
||||
krb5_keyblock **keyblock)
|
||||
{
|
||||
return gsskrb5_extract_key(minor_status,
|
||||
context_handle,
|
||||
GSS_KRB5_GET_SERVICE_KEYBLOCK_X,
|
||||
keyblock);
|
||||
}
|
||||
|
||||
OM_uint32
|
||||
gsskrb5_get_initiator_subkey(OM_uint32 *minor_status,
|
||||
gss_ctx_id_t context_handle,
|
||||
krb5_keyblock **keyblock)
|
||||
{
|
||||
return gsskrb5_extract_key(minor_status,
|
||||
context_handle,
|
||||
GSS_KRB5_GET_INITIATOR_SUBKEY_X,
|
||||
keyblock);
|
||||
}
|
||||
|
||||
OM_uint32
|
||||
gsskrb5_get_subkey(OM_uint32 *minor_status,
|
||||
gss_ctx_id_t context_handle,
|
||||
krb5_keyblock **keyblock)
|
||||
{
|
||||
return gsskrb5_extract_key(minor_status,
|
||||
context_handle,
|
||||
GSS_KRB5_GET_SUBKEY_X,
|
||||
keyblock);
|
||||
}
|
||||
|
||||
OM_uint32
|
||||
gsskrb5_set_default_realm(const char *realm)
|
||||
{
|
||||
gss_buffer_desc buffer;
|
||||
OM_uint32 junk;
|
||||
|
||||
buffer.value = rk_UNCONST(realm);
|
||||
buffer.length = strlen(realm);
|
||||
|
||||
gss_set_sec_context_option(&junk, NULL,
|
||||
GSS_KRB5_SET_DEFAULT_REALM_X, &buffer);
|
||||
|
||||
return (GSS_S_COMPLETE);
|
||||
}
|
||||
|
||||
OM_uint32
|
||||
gss_krb5_get_tkt_flags(OM_uint32 *minor_status,
|
||||
gss_ctx_id_t context_handle,
|
||||
OM_uint32 *tkt_flags)
|
||||
{
|
||||
|
||||
OM_uint32 major_status;
|
||||
gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;
|
||||
|
||||
if (context_handle == GSS_C_NO_CONTEXT) {
|
||||
*minor_status = EINVAL;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
major_status =
|
||||
gss_inquire_sec_context_by_oid (minor_status,
|
||||
context_handle,
|
||||
GSS_KRB5_GET_TKT_FLAGS_X,
|
||||
&data_set);
|
||||
if (major_status)
|
||||
return major_status;
|
||||
|
||||
if (data_set == GSS_C_NO_BUFFER_SET ||
|
||||
data_set->count != 1 ||
|
||||
data_set->elements[0].length < 4) {
|
||||
gss_release_buffer_set(minor_status, &data_set);
|
||||
*minor_status = EINVAL;
|
||||
return GSS_S_FAILURE;
|
||||
}
|
||||
|
||||
{
|
||||
const u_char *p = data_set->elements[0].value;
|
||||
*tkt_flags = (p[0] << 0) | (p[1] << 8) | (p[2] << 16) | (p[3] << 24);
|
||||
}
|
||||
|
||||
gss_release_buffer_set(minor_status, &data_set);
|
||||
return GSS_S_COMPLETE;
|
||||
}
|
||||
|
@ -1,38 +1,33 @@
|
||||
/*
|
||||
* Copyright (c) 1997 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
/*-
|
||||
* Copyright (c) 2008 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
/* $Id: gen.h,v 1.4 1999/12/02 17:05:02 joda Exp $ */
|
||||
|
||||
#include <stdio.h>
|
||||
#include "symbol.h"
|
||||
|
||||
const char *
|
||||
_gss_name_prefix(void)
|
||||
{
|
||||
return "_gsskrb5";
|
||||
}
|
44
kerberos5/lib/libgssapi_ntlm/Makefile
Normal file
44
kerberos5/lib/libgssapi_ntlm/Makefile
Normal file
@ -0,0 +1,44 @@
|
||||
# $FreeBSD$
|
||||
|
||||
LIB= gssapi_ntlm
|
||||
LDFLAGS= -Wl,-Bsymbolic
|
||||
LDADD= -lkrb5 -lhx509 -lheimntlm -lroken
|
||||
DPADD= ${LIBKRB5} ${LIBHX509} ${LIBHEIMNTLM} ${LIBROKEN}
|
||||
|
||||
SRCS= accept_sec_context.c \
|
||||
acquire_cred.c \
|
||||
add_cred.c \
|
||||
canonicalize_name.c \
|
||||
compare_name.c \
|
||||
context_time.c \
|
||||
crypto.c \
|
||||
delete_sec_context.c \
|
||||
display_name.c \
|
||||
display_status.c \
|
||||
duplicate_name.c \
|
||||
export_name.c \
|
||||
export_sec_context.c \
|
||||
external.c \
|
||||
ntlm.h \
|
||||
ntlm-private.h \
|
||||
import_name.c \
|
||||
import_sec_context.c \
|
||||
indicate_mechs.c \
|
||||
init_sec_context.c \
|
||||
inquire_context.c \
|
||||
inquire_cred.c \
|
||||
inquire_cred_by_mech.c \
|
||||
inquire_mechs_for_name.c \
|
||||
inquire_names_for_mech.c \
|
||||
prefix.c \
|
||||
process_context_token.c \
|
||||
release_cred.c \
|
||||
release_name.c \
|
||||
digest.c
|
||||
|
||||
CFLAGS+=-I${KRB5DIR}/lib/gssapi
|
||||
CFLAGS+=-I${KRB5DIR}/lib/ntlm
|
||||
|
||||
.include <bsd.lib.mk>
|
||||
|
||||
.PATH: ${KRB5DIR}/lib/gssapi/ntlm ${.CURDIR}/../../../lib/libgssapi
|
@ -1,40 +1,33 @@
|
||||
/*
|
||||
* Copyright (c) 1998 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
/*-
|
||||
* Copyright (c) 2008 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include "kuser_locl.h"
|
||||
RCSID("$Id: kinit_options.c,v 1.2 1999/12/02 17:05:01 joda Exp $");
|
||||
|
||||
#ifdef KRB4
|
||||
int do_afslog = 0;
|
||||
int get_v4_tgt = 0;
|
||||
#endif
|
||||
const char *
|
||||
_gss_name_prefix(void)
|
||||
{
|
||||
return "_gss_ntlm";
|
||||
}
|
48
kerberos5/lib/libgssapi_spnego/Makefile
Normal file
48
kerberos5/lib/libgssapi_spnego/Makefile
Normal file
@ -0,0 +1,48 @@
|
||||
# $FreeBSD$
|
||||
|
||||
LIB= gssapi_spnego
|
||||
LDFLAGS= -Wl,-Bsymbolic
|
||||
LDADD= -lasn1
|
||||
DPADD= ${LIBASN1}
|
||||
|
||||
SRCS= accept_sec_context.c \
|
||||
compat.c \
|
||||
context_stubs.c \
|
||||
cred_stubs.c \
|
||||
external.c \
|
||||
init_sec_context.c \
|
||||
prefix.c \
|
||||
spnego_asn1.h \
|
||||
${GEN:S/.x$/.c/}
|
||||
|
||||
GEN= asn1_ContextFlags.x \
|
||||
asn1_MechType.x \
|
||||
asn1_MechTypeList.x \
|
||||
asn1_NegotiationToken.x \
|
||||
asn1_NegotiationTokenWin.x \
|
||||
asn1_NegHints.x \
|
||||
asn1_NegTokenInit.x \
|
||||
asn1_NegTokenInitWin.x \
|
||||
asn1_NegTokenResp.x
|
||||
|
||||
CFLAGS+=-I${KRB5DIR}/lib/gssapi
|
||||
CFLAGS+=-I${KRB5DIR}/lib/asn1
|
||||
CFLAGS+=-I${KRB5DIR}/lib/roken -I.
|
||||
|
||||
CLEANFILES= ${GEN} ${GEN:S/.x$/.c/} spnego_asn1.h asn1_files
|
||||
|
||||
.ORDER: ${GEN} spnego_asn1.h
|
||||
${GEN} spnego_asn1.h: spnego.asn1 ../../tools/asn1_compile/asn1_compile
|
||||
../../tools/asn1_compile/asn1_compile --sequence=MechTypeList ${.ALLSRC:M*.asn1} spnego_asn1
|
||||
|
||||
../../tools/asn1_compile/asn1_compile:
|
||||
cd ${.CURDIR}/../../tools/asn1_compile && ${MAKE}
|
||||
|
||||
.for I in ${GEN}
|
||||
${I:R}.c: ${I}
|
||||
cat ${.ALLSRC} > ${.TARGET}
|
||||
.endfor
|
||||
|
||||
.include <bsd.lib.mk>
|
||||
|
||||
.PATH: ${KRB5DIR}/lib/gssapi/spnego ${.CURDIR}/../../../lib/libgssapi
|
@ -1,40 +1,45 @@
|
||||
/*
|
||||
* Copyright (c) 1998 Kungliga Tekniska Högskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
/*-
|
||||
* Copyright (c) 2008 Doug Rabson
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* 3. Neither the name of the Institute nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
* $FreeBSD$
|
||||
*/
|
||||
|
||||
#include "kuser_locl.h"
|
||||
RCSID("$Id: kauth_options.c,v 1.2 1999/12/02 17:05:00 joda Exp $");
|
||||
#include <gssapi/gssapi.h>
|
||||
|
||||
#ifdef KRB4
|
||||
int do_afslog = 1;
|
||||
int get_v4_tgt = 1;
|
||||
#endif
|
||||
static gss_OID_desc gss_c_peer_has_updated_spnego_oid_desc =
|
||||
{9, (void *)"\x2b\x06\x01\x04\x01\xa9\x4a\x13\x05"};
|
||||
|
||||
gss_OID GSS_C_PEER_HAS_UPDATED_SPNEGO = &gss_c_peer_has_updated_spnego_oid_desc;
|
||||
|
||||
static gss_OID_desc gss_krb5_mechanism_oid_desc =
|
||||
{9, (void *) "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"};
|
||||
|
||||
gss_OID GSS_KRB5_MECHANISM = &gss_krb5_mechanism_oid_desc;
|
||||
|
||||
const char *
|
||||
_gss_name_prefix(void)
|
||||
{
|
||||
return "_gss_spnego";
|
||||
}
|
@ -11,11 +11,14 @@ INCS= hdb-private.h \
|
||||
SRCS= common.c \
|
||||
db.c \
|
||||
db3.c \
|
||||
dbinfo.c \
|
||||
ext.c \
|
||||
hdb-ldap.c \
|
||||
hdb.c \
|
||||
hdb_asn1.h \
|
||||
hdb_err.c \
|
||||
hdb_err.h \
|
||||
keys.c \
|
||||
keytab.c \
|
||||
mkey.c \
|
||||
ndbm.c \
|
||||
@ -24,13 +27,23 @@ SRCS= common.c \
|
||||
|
||||
CFLAGS+=-I${KRB5DIR}/lib/hdb -I${KRB5DIR}/lib/asn1 \
|
||||
-I${KRB5DIR}/lib/roken -I. ${LDAPCFLAGS}
|
||||
CFLAGS+=-DHDB_DB_DIR="\"/var/heimdal\""
|
||||
|
||||
GEN= asn1_Event.x \
|
||||
asn1_GENERATION.x \
|
||||
asn1_HDBFlags.x \
|
||||
GEN= asn1_Salt.x \
|
||||
asn1_Key.x \
|
||||
asn1_Salt.x \
|
||||
asn1_hdb_entry.x
|
||||
asn1_Event.x \
|
||||
asn1_HDBFlags.x \
|
||||
asn1_GENERATION.x \
|
||||
asn1_HDB_Ext_PKINIT_acl.x \
|
||||
asn1_HDB_Ext_PKINIT_hash.x \
|
||||
asn1_HDB_Ext_Constrained_delegation_acl.x \
|
||||
asn1_HDB_Ext_Lan_Manager_OWF.x \
|
||||
asn1_HDB_Ext_Password.x \
|
||||
asn1_HDB_Ext_Aliases.x \
|
||||
asn1_HDB_extension.x \
|
||||
asn1_HDB_extensions.x \
|
||||
asn1_hdb_entry.x \
|
||||
asn1_hdb_entry_alias.x
|
||||
|
||||
CLEANFILES= ${GEN} ${GEN:S/.x$/.c/} hdb_asn1.h asn1_files
|
||||
|
||||
|
11
kerberos5/lib/libheimntlm/Makefile
Normal file
11
kerberos5/lib/libheimntlm/Makefile
Normal file
@ -0,0 +1,11 @@
|
||||
# $FreeBSD$
|
||||
|
||||
LIB= heimntlm
|
||||
SRCS= ntlm.c
|
||||
INCS= heimntlm.h heimntlm-protos.h
|
||||
CFLAGS+=-I${KRB5DIR}/lib/ntlm
|
||||
VERSION_MAP= ${KRB5DIR}/lib/ntlm/version-script.map
|
||||
|
||||
.include <bsd.lib.mk>
|
||||
|
||||
.PATH: ${KRB5DIR}/lib/ntlm
|
103
kerberos5/lib/libhx509/Makefile
Normal file
103
kerberos5/lib/libhx509/Makefile
Normal file
@ -0,0 +1,103 @@
|
||||
# $FreeBSD$
|
||||
|
||||
LIB= hx509
|
||||
VERSION_MAP= ${KRB5DIR}/lib/hx509/version-script.map
|
||||
|
||||
INCS= hx509-private.h \
|
||||
hx509-protos.h \
|
||||
hx509.h \
|
||||
hx509_err.h
|
||||
|
||||
SRCS= ca.c \
|
||||
cert.c \
|
||||
cms.c \
|
||||
collector.c \
|
||||
crypto.c \
|
||||
doxygen.c \
|
||||
error.c \
|
||||
env.c \
|
||||
file.c \
|
||||
hx509-private.h \
|
||||
hx509-protos.h \
|
||||
hx509.h \
|
||||
hx_locl.h \
|
||||
keyset.c \
|
||||
ks_dir.c \
|
||||
ks_file.c \
|
||||
ks_mem.c \
|
||||
ks_null.c \
|
||||
ks_p11.c \
|
||||
ks_p12.c \
|
||||
ks_keychain.c \
|
||||
lock.c \
|
||||
name.c \
|
||||
peer.c \
|
||||
print.c \
|
||||
softp11.c \
|
||||
ref/pkcs11.h \
|
||||
req.c \
|
||||
revoke.c
|
||||
|
||||
SRCS+= hx509_err.c \
|
||||
hx509_err.h
|
||||
|
||||
SRCS+= ${GEN:S/.x$/.c/}
|
||||
|
||||
CFLAGS+=-I${KRB5DIR}/lib/hx509
|
||||
CFLAGS+=-I${KRB5DIR}/lib/hx509/ref
|
||||
CFLAGS+=-I${KRB5DIR}/lib/asn1
|
||||
CFLAGS+=-I${KRB5DIR}/lib/roken -I.
|
||||
|
||||
GEN_OCSP= \
|
||||
asn1_OCSPBasicOCSPResponse.x \
|
||||
asn1_OCSPCertID.x \
|
||||
asn1_OCSPCertStatus.x \
|
||||
asn1_OCSPInnerRequest.x \
|
||||
asn1_OCSPKeyHash.x \
|
||||
asn1_OCSPRequest.x \
|
||||
asn1_OCSPResponderID.x \
|
||||
asn1_OCSPResponse.x \
|
||||
asn1_OCSPResponseBytes.x \
|
||||
asn1_OCSPResponseData.x \
|
||||
asn1_OCSPResponseStatus.x \
|
||||
asn1_OCSPSignature.x \
|
||||
asn1_OCSPSingleResponse.x \
|
||||
asn1_OCSPTBSRequest.x \
|
||||
asn1_OCSPVersion.x \
|
||||
asn1_id_pkix_ocsp.x \
|
||||
asn1_id_pkix_ocsp_basic.x \
|
||||
asn1_id_pkix_ocsp_nonce.x
|
||||
|
||||
GEN_PKCS10= \
|
||||
asn1_CertificationRequestInfo.x \
|
||||
asn1_CertificationRequest.x
|
||||
|
||||
GEN+= ${GEN_OCSP}
|
||||
GEN+= ${GEN_PKCS10}
|
||||
|
||||
CLEANFILES= ${GEN} ${GEN:S/.x$/.c/} asn1_files
|
||||
|
||||
GEN_ASN1=ocsp_asn1.h pkcs10_asn1.h
|
||||
CLEANFILES+=${GEN_ASN1}
|
||||
SRCS+=${GEN_ASN1}
|
||||
INCS+=${GEN_ASN1}
|
||||
|
||||
.ORDER: ${GEN} ${GEN_ASN1}
|
||||
|
||||
${GEN_OCSP} ocsp_asn1.h: ocsp.asn1 ../../tools/asn1_compile/asn1_compile
|
||||
../../tools/asn1_compile/asn1_compile --preserve-binary=OCSPTBSRequest --preserve-binary=OCSPResponseData ${.ALLSRC:M*.asn1} ocsp_asn1
|
||||
|
||||
${GEN_PKCS10} pkcs10_asn1.h: pkcs10.asn1 ../../tools/asn1_compile/asn1_compile
|
||||
../../tools/asn1_compile/asn1_compile ${.ALLSRC:M*.asn1} pkcs10_asn1
|
||||
|
||||
../../tools/asn1_compile/asn1_compile:
|
||||
cd ${.CURDIR}/../../tools/asn1_compile && ${MAKE}
|
||||
|
||||
.for I in ${GEN}
|
||||
${I:R}.c: ${I}
|
||||
cat ${.ALLSRC} > ${.TARGET}
|
||||
.endfor
|
||||
|
||||
.include <bsd.lib.mk>
|
||||
|
||||
.PATH: ${KRB5DIR}/lib/hx509 ${KRB5DIR}/lib/asn1
|
@ -10,7 +10,8 @@ INCS= admin.h \
|
||||
|
||||
INCSDIR=${INCLUDEDIR}/kadm5
|
||||
|
||||
SRCS= chpass_c.c \
|
||||
SRCS= ad.c \
|
||||
chpass_c.c \
|
||||
client_glue.c \
|
||||
common_glue.c \
|
||||
create_c.c \
|
||||
|
@ -1,6 +1,7 @@
|
||||
# $FreeBSD$
|
||||
|
||||
LIB= kadm5srv
|
||||
VERSION_MAP= ${KRB5DIR}/lib/kadm5/version-script.map
|
||||
|
||||
SRCS= acl.c \
|
||||
bump_pw_expire.c \
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user