diff options
author | Stefan Metzmacher <metze@samba.org> | 2008-10-27 11:35:07 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2008-10-28 08:53:09 +0100 |
commit | 2b29b7186459d945ec448694164bfe4239b30d72 (patch) | |
tree | 561495b1870facf03f7892559a184f4f49df1fe2 /source4/heimdal/lib/krb5 | |
parent | 698b7fd43658d9e96d28f26c9e1dae5e770bb57f (diff) | |
download | samba-2b29b7186459d945ec448694164bfe4239b30d72.tar.gz samba-2b29b7186459d945ec448694164bfe4239b30d72.tar.bz2 samba-2b29b7186459d945ec448694164bfe4239b30d72.zip |
s4: import lorikeet-heimdal-200810271034
metze
Diffstat (limited to 'source4/heimdal/lib/krb5')
90 files changed, 5197 insertions, 4028 deletions
diff --git a/source4/heimdal/lib/krb5/acache.c b/source4/heimdal/lib/krb5/acache.c index fb38abedfd..bd0a9846e4 100644 --- a/source4/heimdal/lib/krb5/acache.c +++ b/source4/heimdal/lib/krb5/acache.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" @@ -44,7 +44,7 @@ static HEIMDAL_MUTEX acc_mutex = HEIMDAL_MUTEX_INITIALIZER; static cc_initialize_func init_func; #ifdef HAVE_DLOPEN -static void *cc_handle; +static void *cc_handle; #endif typedef struct krb5_acc { @@ -76,7 +76,7 @@ static krb5_error_code translate_cc_error(krb5_context context, cc_int32 error) { int i; - krb5_clear_error_string(context); + krb5_clear_error_message(context); for(i = 0; i < sizeof(cc_errors)/sizeof(cc_errors[0]); i++) if (cc_errors[i].error == error) return cc_errors[i].ret; @@ -91,12 +91,12 @@ init_ccapi(krb5_context context) HEIMDAL_MUTEX_lock(&acc_mutex); if (init_func) { HEIMDAL_MUTEX_unlock(&acc_mutex); - krb5_clear_error_string(context); + krb5_clear_error_message(context); return 0; } lib = krb5_config_get_string(context, NULL, - "libdefaults", "ccapi_library", + "libdefaults", "ccapi_library", NULL); if (lib == NULL) { #ifdef __APPLE__ @@ -115,8 +115,9 @@ init_ccapi(krb5_context context) cc_handle = dlopen(lib, RTLD_LAZY); if (cc_handle == NULL) { HEIMDAL_MUTEX_unlock(&acc_mutex); - krb5_set_error_message(context, KRB5_CC_NOSUPP, - "Failed to load %s", lib); + krb5_set_error_message(context, KRB5_CC_NOSUPP, + N_("Failed to load API cache module %s", "file"), + lib); return KRB5_CC_NOSUPP; } @@ -124,8 +125,8 @@ init_ccapi(krb5_context context) HEIMDAL_MUTEX_unlock(&acc_mutex); if (init_func == NULL) { krb5_set_error_message(context, KRB5_CC_NOSUPP, - "Failed to find cc_initialize" - "in %s: %s", lib, dlerror()); + N_("Failed to find cc_initialize" + "in %s: %s", "file, error"), lib, dlerror()); dlclose(cc_handle); return KRB5_CC_NOSUPP; } @@ -133,10 +134,11 @@ init_ccapi(krb5_context context) return 0; #else HEIMDAL_MUTEX_unlock(&acc_mutex); - krb5_set_error_message(context, KRB5_CC_NOSUPP, "no support for shared object"); + krb5_set_error_message(context, KRB5_CC_NOSUPP, + N_("no support for shared object", "file, error")); return KRB5_CC_NOSUPP; #endif -} +} static krb5_error_code make_cred_from_ccred(krb5_context context, @@ -183,13 +185,13 @@ make_cred_from_ccred(krb5_context context, cred->authdata.val = NULL; cred->authdata.len = 0; - + cred->addresses.val = NULL; cred->addresses.len = 0; - + for (i = 0; incred->authdata && incred->authdata[i]; i++) ; - + if (i) { cred->authdata.val = calloc(i, sizeof(cred->authdata.val[0])); if (cred->authdata.val == NULL) @@ -204,10 +206,10 @@ make_cred_from_ccred(krb5_context context, goto nomem; } } - + for (i = 0; incred->addresses && incred->addresses[i]; i++) ; - + if (i) { cred->addresses.val = calloc(i, sizeof(cred->addresses.val[0])); if (cred->addresses.val == NULL) @@ -223,7 +225,7 @@ make_cred_from_ccred(krb5_context context, goto nomem; } } - + cred->flags.i = 0; if (incred->ticket_flags & KRB5_CCAPI_TKT_FLG_FORWARDABLE) cred->flags.b.forwardable = 1; @@ -255,11 +257,11 @@ make_cred_from_ccred(krb5_context context, cred->flags.b.anonymous = 1; return 0; - + nomem: ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc: out of memory"); - + krb5_set_error_message(context, ret, N_("malloc: out of memory", "malloc")); + fail: krb5_free_cred_contents(context, cred); return ret; @@ -320,8 +322,8 @@ make_ccred_from_cred(krb5_context context, /* XXX this one should also be filled in */ cred->authdata = NULL; - - cred->addresses = calloc(incred->addresses.len + 1, + + cred->addresses = calloc(incred->addresses.len + 1, sizeof(cred->addresses[0])); if (cred->addresses == NULL) { @@ -343,7 +345,7 @@ make_ccred_from_cred(krb5_context context, ret = ENOMEM; goto fail; } - memcpy(addr->data, incred->addresses.val[i].address.data, + memcpy(addr->data, incred->addresses.val[i].address.data, addr->length); cred->addresses[i] = addr; } @@ -381,10 +383,10 @@ make_ccred_from_cred(krb5_context context, return 0; -fail: +fail: free_ccred(cred); - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ret; } @@ -438,7 +440,7 @@ acc_get_name(krb5_context context, error = get_cc_name(a); if (error) return NULL; - } + } return a->cache_name; } @@ -456,10 +458,10 @@ acc_alloc(krb5_context context, krb5_ccache *id) ret = krb5_data_alloc(&(*id)->data, sizeof(*a)); if (ret) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ret; } - + a = ACACHE(*id); error = (*init_func)(&a->context, ccapi_version_3, NULL, NULL); @@ -623,17 +625,17 @@ acc_store_cred(krb5_context context, cc_credentials_v5_t v5cred; krb5_error_code ret; cc_int32 error; - + if (a->ccache == NULL) { krb5_set_error_message(context, KRB5_CC_NOTFOUND, - "No API credential found"); + N_("No API credential found", "")); return KRB5_CC_NOTFOUND; } cred.version = cc_credentials_v5; cred.credentials.credentials_v5 = &v5cred; - ret = make_ccred_from_cred(context, + ret = make_ccred_from_cred(context, creds, &v5cred); if (ret) @@ -660,7 +662,7 @@ acc_get_principal(krb5_context context, if (a->ccache == NULL) { krb5_set_error_message(context, KRB5_CC_NOTFOUND, - "No API credential found"); + N_("No API credential found", "")); return KRB5_CC_NOTFOUND; } @@ -669,9 +671,9 @@ acc_get_principal(krb5_context context, &name); if (error) return translate_cc_error(context, error); - + ret = krb5_parse_name(context, name->data, principal); - + (*name->func->release)(name); return ret; } @@ -684,16 +686,16 @@ acc_get_first (krb5_context context, cc_credentials_iterator_t iter; krb5_acc *a = ACACHE(id); int32_t error; - + if (a->ccache == NULL) { krb5_set_error_message(context, KRB5_CC_NOTFOUND, - "No API credential found"); + N_("No API credential found", "")); return KRB5_CC_NOTFOUND; } error = (*a->ccache->func->new_credentials_iterator)(a->ccache, &iter); if (error) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ENOENT; } *cursor = iter; @@ -721,7 +723,7 @@ acc_get_next (krb5_context context, (*cred->func->release)(cred); } - ret = make_cred_from_ccred(context, + ret = make_cred_from_ccred(context, cred->data->credentials.credentials_v5, creds); (*cred->func->release)(cred); @@ -750,10 +752,10 @@ acc_remove_cred(krb5_context context, krb5_error_code ret; cc_int32 error; char *client, *server; - + if (a->ccache == NULL) { krb5_set_error_message(context, KRB5_CC_NOTFOUND, - "No API credential found"); + N_("No API credential found", "")); return KRB5_CC_NOTFOUND; } @@ -806,7 +808,8 @@ acc_remove_cred(krb5_context context, if (ret) krb5_set_error_message(context, ret, - "Can't find credential %s in cache", server); + N_("Can't find credential %s in cache", + "principal"), server); free(server); free(client); @@ -827,7 +830,7 @@ acc_get_version(krb5_context context, { return 0; } - + struct cache_iter { cc_context_t context; cc_ccache_iterator_t iter; @@ -860,7 +863,7 @@ acc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor) &iter->iter); if (error) { free(iter); - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ENOENT; } *cursor = iter; @@ -933,7 +936,7 @@ acc_move(krb5_context context, krb5_ccache from, krb5_ccache to) &name); if (error) return translate_cc_error(context, error); - + error = (*ato->context->func->create_new_ccache)(ato->context, cc_credentials_v5, name->data, @@ -975,7 +978,7 @@ acc_get_default_name(krb5_context context, char **str) (*cc->func->release)(cc); if (*str == NULL) { - krb5_set_error_message(context, ENOMEM, "out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } return 0; @@ -986,10 +989,10 @@ acc_set_default(krb5_context context, krb5_ccache id) { krb5_acc *a = ACACHE(id); cc_int32 error; - + if (a->ccache == NULL) { krb5_set_error_message(context, KRB5_CC_NOTFOUND, - "No API credential found"); + N_("No API credential found", "")); return KRB5_CC_NOTFOUND; } @@ -1000,6 +1003,28 @@ acc_set_default(krb5_context context, krb5_ccache id) return 0; } +static krb5_error_code +acc_lastchange(krb5_context context, krb5_ccache id, krb5_timestamp *mtime) +{ + krb5_acc *a = ACACHE(id); + cc_int32 error; + cc_time_t t; + + if (a->ccache == NULL) { + krb5_set_error_message(context, KRB5_CC_NOTFOUND, + N_("No API credential found", "")); + return KRB5_CC_NOTFOUND; + } + + error = (*a->ccache->func->get_change_time)(a->ccache, &t); + if (error) + return translate_cc_error(context, error); + + *mtime = t; + + return 0; +} + /** * Variable containing the API based credential cache implemention. * @@ -1029,5 +1054,6 @@ KRB5_LIB_VARIABLE const krb5_cc_ops krb5_acc_ops = { acc_end_cache_get, acc_move, acc_get_default_name, - acc_set_default + acc_set_default, + acc_lastchange }; diff --git a/source4/heimdal/lib/krb5/add_et_list.c b/source4/heimdal/lib/krb5/add_et_list.c index e61f775eef..f08c0fe718 100644 --- a/source4/heimdal/lib/krb5/add_et_list.c +++ b/source4/heimdal/lib/krb5/add_et_list.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * Copyright (c) 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" diff --git a/source4/heimdal/lib/krb5/addr_families.c b/source4/heimdal/lib/krb5/addr_families.c index dcb9a97154..9e2fb3d63a 100644 --- a/source4/heimdal/lib/krb5/addr_families.c +++ b/source4/heimdal/lib/krb5/addr_families.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" @@ -52,8 +52,8 @@ struct addr_operations { int (*order_addr)(krb5_context, const krb5_address*, const krb5_address*); int (*free_addr)(krb5_context, krb5_address*); int (*copy_addr)(krb5_context, const krb5_address*, krb5_address*); - int (*mask_boundary)(krb5_context, const krb5_address*, unsigned long, - krb5_address*, krb5_address*); + int (*mask_boundary)(krb5_context, const krb5_address*, unsigned long, + krb5_address*, krb5_address*); }; /* @@ -203,7 +203,7 @@ ipv4_mask_boundary(krb5_context context, const krb5_address *inaddr, if (len > 32) { krb5_set_error_message(context, KRB5_PROG_ATYPE_NOSUPP, - "IPv4 prefix too large (%ld)", len); + N_("IPv4 prefix too large (%ld)", "len"), len); return KRB5_PROG_ATYPE_NOSUPP; } m = m << (32 - len); @@ -311,7 +311,7 @@ ipv6_h_addr2addr (const char *addr, } /* - * + * */ static krb5_boolean @@ -319,7 +319,7 @@ ipv6_uninteresting (const struct sockaddr *sa) { const struct sockaddr_in6 *sin6 = (const struct sockaddr_in6 *)sa; const struct in6_addr *in6 = (const struct in6_addr *)&sin6->sin6_addr; - + return IN6_IS_ADDR_LINKLOCAL(in6) || IN6_IS_ADDR_V4COMPAT(in6); @@ -397,13 +397,13 @@ ipv6_mask_boundary(krb5_context context, const krb5_address *inaddr, if (len > 128) { krb5_set_error_message(context, KRB5_PROG_ATYPE_NOSUPP, - "IPv6 prefix too large (%ld)", len); + N_("IPv6 prefix too large (%ld)", "length"), len); return KRB5_PROG_ATYPE_NOSUPP; } if (inaddr->address.length != sizeof(addr)) { krb5_set_error_message(context, KRB5_PROG_ATYPE_NOSUPP, - "IPv6 addr bad length"); + N_("IPv6 addr bad length", "")); return KRB5_PROG_ATYPE_NOSUPP; } @@ -440,6 +440,8 @@ ipv6_mask_boundary(krb5_context context, const krb5_address *inaddr, #endif /* IPv6 */ +#ifndef HEIMDAL_SMALLER + /* * table */ @@ -452,17 +454,17 @@ struct arange { }; static int -arange_parse_addr (krb5_context context, +arange_parse_addr (krb5_context context, const char *address, krb5_address *addr) { char buf[1024], *p; krb5_address low0, high0; struct arange *a; krb5_error_code ret; - + if(strncasecmp(address, "RANGE:", 6) != 0) return -1; - + address += 6; p = strrchr(address, '/'); @@ -560,7 +562,7 @@ arange_free (krb5_context context, krb5_address *addr) static int -arange_copy (krb5_context context, const krb5_address *inaddr, +arange_copy (krb5_context context, const krb5_address *inaddr, krb5_address *outaddr) { krb5_error_code ret; @@ -626,8 +628,8 @@ arange_print_addr (const krb5_address *addr, char *str, size_t len) } static int -arange_order_addr(krb5_context context, - const krb5_address *addr1, +arange_order_addr(krb5_context context, + const krb5_address *addr1, const krb5_address *addr2) { int tmp1, tmp2, sign; @@ -664,6 +666,8 @@ arange_order_addr(krb5_context context, } } +#endif /* HEIMDAL_SMALLER */ + static int addrport_print_addr (const krb5_address *addr, char *str, size_t len) { @@ -713,7 +717,7 @@ addrport_print_addr (const krb5_address *addr, char *str, size_t len) static struct addr_operations at[] = { {AF_INET, KRB5_ADDRESS_INET, sizeof(struct sockaddr_in), - ipv4_sockaddr2addr, + ipv4_sockaddr2addr, ipv4_sockaddr2port, ipv4_addr2sockaddr, ipv4_h_addr2sockaddr, @@ -722,7 +726,7 @@ static struct addr_operations at[] = { NULL, NULL, NULL, ipv4_mask_boundary }, #ifdef HAVE_IPV6 {AF_INET6, KRB5_ADDRESS_INET6, sizeof(struct sockaddr_in6), - ipv6_sockaddr2addr, + ipv6_sockaddr2addr, ipv6_sockaddr2port, ipv6_addr2sockaddr, ipv6_h_addr2sockaddr, @@ -730,14 +734,16 @@ static struct addr_operations at[] = { ipv6_uninteresting, ipv6_anyaddr, ipv6_print_addr, ipv6_parse_addr, NULL, NULL, NULL, ipv6_mask_boundary } , #endif - {KRB5_ADDRESS_ADDRPORT, KRB5_ADDRESS_ADDRPORT, 0, - NULL, NULL, NULL, NULL, NULL, - NULL, NULL, addrport_print_addr, NULL, NULL, NULL, NULL }, +#ifndef HEIMDAL_SMALLER /* fake address type */ {KRB5_ADDRESS_ARANGE, KRB5_ADDRESS_ARANGE, sizeof(struct arange), NULL, NULL, NULL, NULL, NULL, NULL, NULL, - arange_print_addr, arange_parse_addr, - arange_order_addr, arange_free, arange_copy } + arange_print_addr, arange_parse_addr, + arange_order_addr, arange_free, arange_copy }, +#endif + {KRB5_ADDRESS_ADDRPORT, KRB5_ADDRESS_ADDRPORT, 0, + NULL, NULL, NULL, NULL, NULL, + NULL, NULL, addrport_print_addr, NULL, NULL, NULL, NULL } }; static int num_addrs = sizeof(at) / sizeof(at[0]); @@ -772,7 +778,7 @@ find_atype(int atype) /** * krb5_sockaddr2address stores a address a "struct sockaddr" sa in - * the krb5_address addr. + * the krb5_address addr. * * @param context a Keberos context * @param sa a struct sockaddr to extract the address from @@ -790,7 +796,7 @@ krb5_sockaddr2address (krb5_context context, struct addr_operations *a = find_af(sa->sa_family); if (a == NULL) { krb5_set_error_message (context, KRB5_PROG_ATYPE_NOSUPP, - "Address family %d not supported", + N_("Address family %d not supported", ""), sa->sa_family); return KRB5_PROG_ATYPE_NOSUPP; } @@ -818,7 +824,7 @@ krb5_sockaddr2port (krb5_context context, struct addr_operations *a = find_af(sa->sa_family); if (a == NULL) { krb5_set_error_message (context, KRB5_PROG_ATYPE_NOSUPP, - "Address family %d not supported", + N_("Address family %d not supported", ""), sa->sa_family); return KRB5_PROG_ATYPE_NOSUPP; } @@ -857,14 +863,15 @@ krb5_addr2sockaddr (krb5_context context, if (a == NULL) { krb5_set_error_message (context, KRB5_PROG_ATYPE_NOSUPP, - "Address type %d not supported", + N_("Address type %d not supported", + "krb5_address type"), addr->addr_type); return KRB5_PROG_ATYPE_NOSUPP; } if (a->addr2sockaddr == NULL) { krb5_set_error_message (context, KRB5_PROG_ATYPE_NOSUPP, - "Can't convert address type %d to sockaddr", + N_("Can't convert address type %d to sockaddr", ""), addr->addr_type); return KRB5_PROG_ATYPE_NOSUPP; } @@ -972,7 +979,7 @@ krb5_h_addr2addr (krb5_context context, struct addr_operations *a = find_af(af); if (a == NULL) { krb5_set_error_message (context, KRB5_PROG_ATYPE_NOSUPP, - "Address family %d not supported", af); + N_("Address family %d not supported", ""), af); return KRB5_PROG_ATYPE_NOSUPP; } return (*a->h_addr2addr)(haddr, addr); @@ -1006,7 +1013,7 @@ krb5_anyaddr (krb5_context context, if (a == NULL) { krb5_set_error_message (context, KRB5_PROG_ATYPE_NOSUPP, - "Address family %d not supported", af); + N_("Address family %d not supported", ""), af); return KRB5_PROG_ATYPE_NOSUPP; } @@ -1031,7 +1038,7 @@ krb5_anyaddr (krb5_context context, */ krb5_error_code KRB5_LIB_FUNCTION -krb5_print_address (const krb5_address *addr, +krb5_print_address (const krb5_address *addr, char *str, size_t len, size_t *ret_len) { struct addr_operations *a = find_atype(addr->addr_type); @@ -1100,7 +1107,7 @@ krb5_parse_address(krb5_context context, ALLOC_SEQ(addresses, 1); if (addresses->val == NULL) { krb5_set_error_message(context, ENOMEM, - "malloc: out of memory"); + N_("malloc: out of memory", "")); return ENOMEM; } addresses->val[0] = addr; @@ -1118,15 +1125,15 @@ krb5_parse_address(krb5_context context, string, gai_strerror(error)); return ret2; } - + n = 0; for (a = ai; a != NULL; a = a->ai_next) ++n; ALLOC_SEQ(addresses, n); if (addresses->val == NULL) { - krb5_set_error_message(context, ENOMEM, - "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); freeaddrinfo(ai); return ENOMEM; } @@ -1147,7 +1154,7 @@ krb5_parse_address(krb5_context context, /** * krb5_address_order compares the addresses addr1 and addr2 so that * it can be used for sorting addresses. If the addresses are the same - * address krb5_address_order will return 0. Behavies like memcmp(2). + * address krb5_address_order will return 0. Behavies like memcmp(2). * * @param context a Keberos context * @param addr1 krb5_address to compare @@ -1167,23 +1174,23 @@ krb5_address_order(krb5_context context, /* this sucks; what if both addresses have order functions, which should we call? this works for now, though */ struct addr_operations *a; - a = find_atype(addr1->addr_type); + a = find_atype(addr1->addr_type); if(a == NULL) { krb5_set_error_message (context, KRB5_PROG_ATYPE_NOSUPP, - "Address family %d not supported", + N_("Address family %d not supported", ""), addr1->addr_type); return KRB5_PROG_ATYPE_NOSUPP; } - if(a->order_addr != NULL) - return (*a->order_addr)(context, addr1, addr2); - a = find_atype(addr2->addr_type); + if(a->order_addr != NULL) + return (*a->order_addr)(context, addr1, addr2); + a = find_atype(addr2->addr_type); if(a == NULL) { krb5_set_error_message (context, KRB5_PROG_ATYPE_NOSUPP, - "Address family %d not supported", - addr2->addr_type); + N_("Address family %d not supported", ""), + addr2->addr_type); return KRB5_PROG_ATYPE_NOSUPP; } - if(a->order_addr != NULL) + if(a->order_addr != NULL) return (*a->order_addr)(context, addr1, addr2); if(addr1->addr_type != addr2->addr_type) @@ -1367,7 +1374,7 @@ krb5_append_addresses(krb5_context context, tmp = realloc(dest->val, (dest->len + source->len) * sizeof(*tmp)); if(tmp == NULL) { krb5_set_error_message (context, ENOMEM, - "realloc: out of memory"); + N_("malloc: out of memory", "")); return ENOMEM; } dest->val = tmp; @@ -1375,8 +1382,8 @@ krb5_append_addresses(krb5_context context, /* skip duplicates */ if(krb5_address_search(context, &source->val[i], dest)) continue; - ret = krb5_copy_address(context, - &source->val[i], + ret = krb5_copy_address(context, + &source->val[i], &dest->val[dest->len]); if(ret) return ret; @@ -1410,14 +1417,14 @@ krb5_make_addrport (krb5_context context, *res = malloc (sizeof(**res)); if (*res == NULL) { krb5_set_error_message (context, ENOMEM, - "malloc: out of memory"); + N_("malloc: out of memory", "")); return ENOMEM; } (*res)->addr_type = KRB5_ADDRESS_ADDRPORT; ret = krb5_data_alloc (&(*res)->address, len); if (ret) { krb5_set_error_message (context, ret, - "malloc: out of memory"); + N_("malloc: out of memory", "")); free (*res); *res = NULL; return ret; @@ -1478,7 +1485,8 @@ krb5_address_prefixlen_boundary(krb5_context context, if(a != NULL && a->mask_boundary != NULL) return (*a->mask_boundary)(context, inaddr, prefixlen, low, high); krb5_set_error_message(context, KRB5_PROG_ATYPE_NOSUPP, - "Address family %d doesn't support " - "address mask operation", inaddr->addr_type); + N_("Address family %d doesn't support " + "address mask operation", ""), + inaddr->addr_type); return KRB5_PROG_ATYPE_NOSUPP; } diff --git a/source4/heimdal/lib/krb5/appdefault.c b/source4/heimdal/lib/krb5/appdefault.c index a5b6e67e30..d49fc4997a 100644 --- a/source4/heimdal/lib/krb5/appdefault.c +++ b/source4/heimdal/lib/krb5/appdefault.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" @@ -36,83 +36,83 @@ RCSID("$Id$"); void KRB5_LIB_FUNCTION -krb5_appdefault_boolean(krb5_context context, const char *appname, +krb5_appdefault_boolean(krb5_context context, const char *appname, krb5_const_realm realm, const char *option, krb5_boolean def_val, krb5_boolean *ret_val) { - + if(appname == NULL) appname = getprogname(); - def_val = krb5_config_get_bool_default(context, NULL, def_val, + def_val = krb5_config_get_bool_default(context, NULL, def_val, "libdefaults", option, NULL); if(realm != NULL) - def_val = krb5_config_get_bool_default(context, NULL, def_val, + def_val = krb5_config_get_bool_default(context, NULL, def_val, "realms", realm, option, NULL); - def_val = krb5_config_get_bool_default(context, NULL, def_val, - "appdefaults", - option, + def_val = krb5_config_get_bool_default(context, NULL, def_val, + "appdefaults", + option, NULL); if(realm != NULL) def_val = krb5_config_get_bool_default(context, NULL, def_val, - "appdefaults", - realm, - option, + "appdefaults", + realm, + option, NULL); if(appname != NULL) { - def_val = krb5_config_get_bool_default(context, NULL, def_val, - "appdefaults", - appname, - option, + def_val = krb5_config_get_bool_default(context, NULL, def_val, + "appdefaults", + appname, + option, NULL); if(realm != NULL) def_val = krb5_config_get_bool_default(context, NULL, def_val, - "appdefaults", - appname, - realm, - option, + "appdefaults", + appname, + realm, + option, NULL); } *ret_val = def_val; } void KRB5_LIB_FUNCTION -krb5_appdefault_string(krb5_context context, const char *appname, +krb5_appdefault_string(krb5_context context, const char *appname, krb5_const_realm realm, const char *option, const char *def_val, char **ret_val) { if(appname == NULL) appname = getprogname(); - def_val = krb5_config_get_string_default(context, NULL, def_val, + def_val = krb5_config_get_string_default(context, NULL, def_val, "libdefaults", option, NULL); if(realm != NULL) - def_val = krb5_config_get_string_default(context, NULL, def_val, + def_val = krb5_config_get_string_default(context, NULL, def_val, "realms", realm, option, NULL); - def_val = krb5_config_get_string_default(context, NULL, def_val, - "appdefaults", - option, + def_val = krb5_config_get_string_default(context, NULL, def_val, + "appdefaults", + option, NULL); if(realm != NULL) def_val = krb5_config_get_string_default(context, NULL, def_val, - "appdefaults", - realm, - option, + "appdefaults", + realm, + option, NULL); if(appname != NULL) { - def_val = krb5_config_get_string_default(context, NULL, def_val, - "appdefaults", - appname, - option, + def_val = krb5_config_get_string_default(context, NULL, def_val, + "appdefaults", + appname, + option, NULL); if(realm != NULL) def_val = krb5_config_get_string_default(context, NULL, def_val, - "appdefaults", - appname, - realm, - option, + "appdefaults", + appname, + realm, + option, NULL); } if(def_val != NULL) diff --git a/source4/heimdal/lib/krb5/asn1_glue.c b/source4/heimdal/lib/krb5/asn1_glue.c index 84c9cd8b68..cb86c324fb 100644 --- a/source4/heimdal/lib/krb5/asn1_glue.c +++ b/source4/heimdal/lib/krb5/asn1_glue.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ /* diff --git a/source4/heimdal/lib/krb5/auth_context.c b/source4/heimdal/lib/krb5/auth_context.c index cbb186d6c3..66eccbbc07 100644 --- a/source4/heimdal/lib/krb5/auth_context.c +++ b/source4/heimdal/lib/krb5/auth_context.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" @@ -43,13 +43,13 @@ krb5_auth_con_init(krb5_context context, ALLOC(p, 1); if(!p) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } memset(p, 0, sizeof(*p)); ALLOC(p->authenticator, 1); if (!p->authenticator) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); free(p); return ENOMEM; } @@ -157,8 +157,8 @@ krb5_auth_con_setaddrs(krb5_context context, } krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_genaddrs(krb5_context context, - krb5_auth_context auth_context, +krb5_auth_con_genaddrs(krb5_context context, + krb5_auth_context auth_context, int fd, int flags) { krb5_error_code ret; @@ -192,7 +192,7 @@ krb5_auth_con_genaddrs(krb5_context context, len = sizeof(ss_remote); if(getpeername(fd, remote, &len) < 0) { ret = errno; - krb5_set_error_message(context, ret, + krb5_set_error_message(context, ret, "getpeername: %s", strerror(ret)); goto out; } @@ -241,7 +241,7 @@ krb5_auth_con_getaddrs(krb5_context context, krb5_free_address (context, *local_addr); *local_addr = malloc (sizeof(**local_addr)); if (*local_addr == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } krb5_copy_address(context, @@ -252,7 +252,7 @@ krb5_auth_con_getaddrs(krb5_context context, krb5_free_address (context, *remote_addr); *remote_addr = malloc (sizeof(**remote_addr)); if (*remote_addr == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); krb5_free_address (context, *local_addr); *local_addr = NULL; return ENOMEM; @@ -452,7 +452,7 @@ krb5_auth_con_getauthenticator(krb5_context context, { *authenticator = malloc(sizeof(**authenticator)); if (*authenticator == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } diff --git a/source4/heimdal/lib/krb5/build_ap_req.c b/source4/heimdal/lib/krb5/build_ap_req.c index 92051ba68a..92c03cb782 100644 --- a/source4/heimdal/lib/krb5/build_ap_req.c +++ b/source4/heimdal/lib/krb5/build_ap_req.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include <krb5_locl.h> @@ -47,13 +47,13 @@ krb5_build_ap_req (krb5_context context, AP_REQ ap; Ticket t; size_t len; - + ap.pvno = 5; ap.msg_type = krb_ap_req; memset(&ap.ap_options, 0, sizeof(ap.ap_options)); ap.ap_options.use_session_key = (ap_options & AP_OPTS_USE_SESSION_KEY) > 0; ap.ap_options.mutual_required = (ap_options & AP_OPTS_MUTUAL_REQUIRED) > 0; - + ap.ticket.tkt_vno = 5; copy_Realm(&cred->server->realm, &ap.ticket.realm); copy_PrincipalName(&cred->server->name, &ap.ticket.sname); diff --git a/source4/heimdal/lib/krb5/build_auth.c b/source4/heimdal/lib/krb5/build_auth.c index eb106dc23f..bbf4f274af 100644 --- a/source4/heimdal/lib/krb5/build_auth.c +++ b/source4/heimdal/lib/krb5/build_auth.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include <krb5_locl.h> @@ -45,7 +45,7 @@ make_etypelist(krb5_context context, u_char *buf; size_t len; size_t buf_size; - + ret = krb5_init_etype(context, &etypes.len, &etypes.val, NULL); if (ret) return ret; @@ -62,7 +62,7 @@ make_etypelist(krb5_context context, ALLOC_SEQ(&ad, 1); if (ad.val == NULL) { free(buf); - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } @@ -74,21 +74,21 @@ make_etypelist(krb5_context context, if (ret) { free_AuthorizationData(&ad); return ret; - } + } if(buf_size != len) krb5_abortx(context, "internal error in ASN.1 encoder"); free_AuthorizationData(&ad); ALLOC(*auth_data, 1); if (*auth_data == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } ALLOC_SEQ(*auth_data, 1); if ((*auth_data)->val == NULL) { free(buf); - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } @@ -118,7 +118,7 @@ krb5_build_authenticator (krb5_context context, auth = calloc(1, sizeof(*auth)); if (auth == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } @@ -127,7 +127,7 @@ krb5_build_authenticator (krb5_context context, copy_PrincipalName(&cred->client->name, &auth->cname); krb5_us_timeofday (context, &auth->ctime, &auth->cusec); - + ret = krb5_auth_con_getlocalsubkey(context, auth_context, &auth->subkey); if(ret) goto fail; @@ -135,7 +135,7 @@ krb5_build_authenticator (krb5_context context, if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) { if(auth_context->local_seqnumber == 0) krb5_generate_seq_number (context, - &cred->session, + &cred->session, &auth_context->local_seqnumber); ALLOC(auth->seq_number, 1); if(auth->seq_number == NULL) { @@ -175,7 +175,7 @@ krb5_build_authenticator (krb5_context context, ret = krb5_encrypt (context, crypto, usage /* KRB5_KU_AP_REQ_AUTH */, - buf + buf_size - len, + buf + buf_size - len, len, result); krb5_crypto_destroy(context, crypto); diff --git a/source4/heimdal/lib/krb5/cache.c b/source4/heimdal/lib/krb5/cache.c index 02db405f7e..80b755cd27 100644 --- a/source4/heimdal/lib/krb5/cache.c +++ b/source4/heimdal/lib/krb5/cache.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" @@ -44,14 +44,14 @@ RCSID("$Id$"); * @param override flag to select if the registration is to overide * an existing ops with the same name. * - * @return Return an error code or 0. + * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_ccache */ krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_register(krb5_context context, - const krb5_cc_ops *ops, +krb5_cc_register(krb5_context context, + const krb5_cc_ops *ops, krb5_boolean override) { int i; @@ -59,9 +59,9 @@ krb5_cc_register(krb5_context context, for(i = 0; i < context->num_cc_ops && context->cc_ops[i].prefix; i++) { if(strcmp(context->cc_ops[i].prefix, ops->prefix) == 0) { if(!override) { - krb5_set_error_message(context, + krb5_set_error_message(context, KRB5_CC_TYPE_EXISTS, - "ccache type %s already exists", + N_("cache type %s already exists", "type"), ops->prefix); return KRB5_CC_TYPE_EXISTS; } @@ -73,13 +73,13 @@ krb5_cc_register(krb5_context context, (context->num_cc_ops + 1) * sizeof(*context->cc_ops)); if(o == NULL) { - krb5_set_error_message(context, KRB5_CC_NOMEM, - "malloc: out of memory"); + krb5_set_error_message(context, KRB5_CC_NOMEM, + N_("malloc: out of memory", "")); return KRB5_CC_NOMEM; } context->num_cc_ops++; context->cc_ops = o; - memset(context->cc_ops + i, 0, + memset(context->cc_ops + i, 0, (context->num_cc_ops - i) * sizeof(*context->cc_ops)); } memcpy(&context->cc_ops[i], ops, sizeof(context->cc_ops[i])); @@ -92,7 +92,7 @@ krb5_cc_register(krb5_context context, */ krb5_error_code -_krb5_cc_allocate(krb5_context context, +_krb5_cc_allocate(krb5_context context, const krb5_cc_ops *ops, krb5_ccache *id) { @@ -100,7 +100,8 @@ _krb5_cc_allocate(krb5_context context, p = malloc (sizeof(*p)); if(p == NULL) { - krb5_set_error_message(context, KRB5_CC_NOMEM, "malloc: out of memory"); + krb5_set_error_message(context, KRB5_CC_NOMEM, + N_("malloc: out of memory", "")); return KRB5_CC_NOMEM; } p->ops = ops; @@ -140,7 +141,7 @@ allocate_ccache (krb5_context context, * @param id return pointer to a found credential cache. * * @return Return 0 or an error code. In case of an error, id is set - * to NULL. + * to NULL, see krb5_get_error_message(). * * @ingroup krb5_ccache */ @@ -169,7 +170,7 @@ krb5_cc_resolve(krb5_context context, return allocate_ccache (context, &krb5_fcc_ops, name, id); else { krb5_set_error_message(context, KRB5_CC_UNKNOWN_TYPE, - "unknown ccache type %s", name); + N_("unknown ccache type %s", "name"), name); return KRB5_CC_UNKNOWN_TYPE; } } @@ -177,7 +178,7 @@ krb5_cc_resolve(krb5_context context, /** * Generate a new ccache of type `ops' in `id'. * - * @return Return 0 or an error code. + * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_ccache */ @@ -198,13 +199,13 @@ krb5_cc_gen_new(krb5_context context, * type can use to base the name of the credential on, this is to make * it easier for the user to differentiate the credentials. * - * @return Returns 0 or an error code. + * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_ccache */ krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_new_unique(krb5_context context, const char *type, +krb5_cc_new_unique(krb5_context context, const char *type, const char *hint, krb5_ccache *id) { const krb5_cc_ops *ops; @@ -252,7 +253,7 @@ krb5_cc_get_type(krb5_context context, } /** - * Return the complete resolvable name the ccache `id' in `str´. + * Return the complete resolvable name the ccache `id' in `str´. * `str` should be freed with free(3). * Returns 0 or an error (and then *str is set to NULL). * @@ -282,9 +283,9 @@ krb5_cc_get_full_name(krb5_context context, "cache of type %s have no name", type); return KRB5_CC_BADNAME; } - + if (asprintf(str, "%s:%s", type, name) == -1) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); *str = NULL; return ENOMEM; } @@ -341,7 +342,7 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res) else { free(*res); *res = NULL; - krb5_set_error_message(context, + krb5_set_error_message(context, KRB5_CONFIG_BADFORMAT, "expand default cache unknown " "variable \"%.*s\"", @@ -356,7 +357,8 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res) if (append == NULL) { free(*res); *res = NULL; - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } @@ -366,15 +368,15 @@ _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res) free(append); free(*res); *res = NULL; - krb5_set_error_message(context, ENOMEM, - "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } *res = tmp; memcpy(*res + len, append, tlen + 1); len = len + tlen; free(append); - } + } return 0; } @@ -415,7 +417,7 @@ environment_changed(krb5_context context) * Switch the default default credential cache for a specific * credcache type (and name for some implementations). * - * @return Returns 0 or an error code. + * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_ccache */ @@ -488,7 +490,7 @@ krb5_cc_set_default_name(krb5_context context, const char *name) } if (p == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } @@ -522,7 +524,7 @@ krb5_cc_default_name(krb5_context context) /** * Open the default ccache in `id'. * - * @return Return 0 or an error code. + * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_ccache */ @@ -535,7 +537,7 @@ krb5_cc_default(krb5_context context, const char *p = krb5_cc_default_name(context); if (p == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } return krb5_cc_resolve(context, p, id); @@ -544,7 +546,7 @@ krb5_cc_default(krb5_context context, /** * Create a new ccache in `id' for `primary_principal'. * - * @return Return 0 or an error code. + * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_ccache */ @@ -562,7 +564,7 @@ krb5_cc_initialize(krb5_context context, /** * Remove the ccache `id'. * - * @return Return 0 or an error code. + * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_ccache */ @@ -582,7 +584,7 @@ krb5_cc_destroy(krb5_context context, /** * Stop using the ccache `id' and free the related resources. * - * @return Return 0 or an error code. + * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_ccache */ @@ -601,7 +603,7 @@ krb5_cc_close(krb5_context context, /** * Store `creds' in the ccache `id'. * - * @return Return 0 or an error code. + * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_ccache */ @@ -620,7 +622,7 @@ krb5_cc_store_cred(krb5_context context, * from `id' in `creds'. 'creds' must be free by the caller using * krb5_free_cred_contents. * - * @return Return 0 or an error code. + * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_ccache */ @@ -658,7 +660,7 @@ krb5_cc_retrieve_cred(krb5_context context, /** * Return the principal of `id' in `principal'. * - * @return Return 0 or an error code. + * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_ccache */ @@ -676,7 +678,7 @@ krb5_cc_get_principal(krb5_context context, * Start iterating over `id', `cursor' is initialized to the * beginning. * - * @return Return 0 or an error code. + * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_ccache */ @@ -694,7 +696,7 @@ krb5_cc_start_seq_get (krb5_context context, * Retrieve the next cred pointed to by (`id', `cursor') in `creds' * and advance `cursor'. * - * @return Return 0 or an error code. + * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_ccache */ @@ -787,7 +789,22 @@ krb5_cc_set_flags(krb5_context context, { return (*id->ops->set_flags)(context, id, flags); } - + +/** + * Get the flags of `id', store them in `flags'. + * + * @ingroup krb5_ccache + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_get_flags(krb5_context context, + krb5_ccache id, + krb5_flags *flags) +{ + *flags = 0; + return 0; +} + /** * Copy the contents of `from' to `to'. * @@ -836,13 +853,13 @@ krb5_cc_copy_cache_match(krb5_context context, return ret; } + /** * Just like krb5_cc_copy_cache_match, but copy everything. * - * @ingroup krb5_ccache + * @ingroup @krb5_ccache */ - krb5_error_code KRB5_LIB_FUNCTION krb5_cc_copy_cache(krb5_context context, const krb5_ccache from, @@ -852,6 +869,20 @@ krb5_cc_copy_cache(krb5_context context, } /** + * MIT compat glue + * + * @ingroup krb5_ccache + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_copy_creds(krb5_context context, + const krb5_ccache from, + krb5_ccache to) +{ + return krb5_cc_copy_cache(context, from, to); +} + +/** * Return the version of `id'. * * @ingroup krb5_ccache @@ -887,7 +918,7 @@ krb5_cc_clear_mcred(krb5_creds *mcred) * prefix, the function will only use part up to the first colon (:) * if there is one. If prefix the argument is NULL, the default ccache * implemtation is returned. - + * * @return Returns NULL if ops not found. * * @ingroup krb5_ccache @@ -899,7 +930,7 @@ krb5_cc_get_prefix_ops(krb5_context context, const char *prefix) { char *p, *p1; int i; - + if (prefix == NULL) return KRB5_DEFAULT_CCTYPE; if (prefix[0] == '/') @@ -907,7 +938,7 @@ krb5_cc_get_prefix_ops(krb5_context context, const char *prefix) p = strdup(prefix); if (p == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return NULL; } p1 = strchr(p, ':'); @@ -930,10 +961,14 @@ struct krb5_cc_cache_cursor_data { }; /** - * Start iterating over all caches of `type'. If `type' is NULL, the - * default type is * used. `cursor' is initialized to the beginning. + * Start iterating over all caches of specified type. See also + * krb5_cccol_cursor_new(). + + * @param context A Kerberos 5 context + * @param type optional type to iterate over, if NULL, the default cache is used. + * @param cursor cursor should be freed with krb5_cc_cache_end_seq_get(). * - * @return Return 0 or an error code. + * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_ccache */ @@ -960,14 +995,15 @@ krb5_cc_cache_get_first (krb5_context context, if (ops->get_cache_first == NULL) { krb5_set_error_message(context, KRB5_CC_NOSUPP, - "Credential cache type %s doesn't support " - "iterations over caches", ops->prefix); + N_("Credential cache type %s doesn't support " + "iterations over caches", "type"), + ops->prefix); return KRB5_CC_NOSUPP; } *cursor = calloc(1, sizeof(**cursor)); if (*cursor == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } @@ -985,7 +1021,8 @@ krb5_cc_cache_get_first (krb5_context context, * Retrieve the next cache pointed to by (`cursor') in `id' * and advance `cursor'. * - * @return Return 0 or an error code. + * @return Return 0 or an error code. Returns KRB5_CC_END when the end + * of caches is reached, see krb5_get_error_message(). * * @ingroup krb5_ccache */ @@ -1002,7 +1039,7 @@ krb5_cc_cache_next (krb5_context context, /** * Destroy the cursor `cursor'. * - * @return Return 0 or an error code. + * @return Return an error code or 0, see krb5_get_error_message(). * * @ingroup krb5_ccache */ @@ -1021,9 +1058,8 @@ krb5_cc_cache_end_seq_get (krb5_context context, /** * Search for a matching credential cache of type `type' that have the - * `principal' as the default principal. If NULL is used for `type', - * the default type is used. On success, `id' needs to be freed with - * krb5_cc_close or krb5_cc_destroy. + * `principal' as the default principal. On success, `id' needs to be + * freed with krb5_cc_close() or krb5_cc_destroy(). * * @return On failure, error code is returned and `id' is set to NULL. * @@ -1034,26 +1070,25 @@ krb5_cc_cache_end_seq_get (krb5_context context, krb5_error_code KRB5_LIB_FUNCTION krb5_cc_cache_match (krb5_context context, krb5_principal client, - const char *type, krb5_ccache *id) { - krb5_cc_cache_cursor cursor; + krb5_cccol_cursor cursor; krb5_error_code ret; krb5_ccache cache = NULL; *id = NULL; - ret = krb5_cc_cache_get_first (context, type, &cursor); + ret = krb5_cccol_cursor_new (context, &cursor); if (ret) return ret; - while ((ret = krb5_cc_cache_next (context, cursor, &cache)) == 0) { + while ((ret = krb5_cccol_cursor_next (context, cursor, &cache)) == 0) { krb5_principal principal; ret = krb5_cc_get_principal(context, cache, &principal); if (ret == 0) { krb5_boolean match; - + match = krb5_principal_compare(context, principal, client); krb5_free_principal(context, principal); if (match) @@ -1064,7 +1099,7 @@ krb5_cc_cache_match (krb5_context context, cache = NULL; } - krb5_cc_cache_end_seq_get(context, cursor); + krb5_cccol_cursor_free(context, &cursor); if (cache == NULL) { char *str; @@ -1072,8 +1107,8 @@ krb5_cc_cache_match (krb5_context context, krb5_unparse_name(context, client, &str); krb5_set_error_message(context, KRB5_CC_NOTFOUND, - "Principal %s not found in a " - "credential cache", + N_("Principal %s not found in a " + "credential cache", ""), str ? str : "<out of memory>"); if (str) free(str); @@ -1086,14 +1121,14 @@ krb5_cc_cache_match (krb5_context context, /** * Move the content from one credential cache to another. The - * operation is an atomic switch. + * operation is an atomic switch. * * @param context a Keberos context * @param from the credential cache to move the content from * @param to the credential cache to move the content to * @return On sucess, from is freed. On failure, error code is - * returned and from and to are both still allocated. + * returned and from and to are both still allocated, see krb5_get_error_message(). * * @ingroup krb5_ccache */ @@ -1105,8 +1140,8 @@ krb5_cc_move(krb5_context context, krb5_ccache from, krb5_ccache to) if (strcmp(from->ops->prefix, to->ops->prefix) != 0) { krb5_set_error_message(context, KRB5_CC_NOSUPP, - "Moving credentials between diffrent " - "types not yet supported"); + N_("Moving credentials between diffrent " + "types not yet supported", "")); return KRB5_CC_NOSUPP; } @@ -1118,7 +1153,8 @@ krb5_cc_move(krb5_context context, krb5_ccache from, krb5_ccache to) return ret; } -#define KRB5_CONF_NAME "@krb5_ccache_conf_data" +#define KRB5_CONF_NAME "krb5_ccache_conf_data" +#define KRB5_REALM_NAME "X-CACHECONF:" static krb5_error_code build_conf_principals(krb5_context context, krb5_ccache id, @@ -1134,7 +1170,7 @@ build_conf_principals(krb5_context context, krb5_ccache id, ret = krb5_cc_get_principal(context, id, &client); if (ret) return ret; - + if (principal) { ret = krb5_unparse_name(context, principal, &pname); if (ret) @@ -1153,7 +1189,32 @@ build_conf_principals(krb5_context context, krb5_ccache id, krb5_free_principal(context, client); return ret; } - + +/** + * Return TRUE (non zero) if the principal is a configuration + * principal (generated part of krb5_cc_set_config()). Returns FALSE + * (zero) if not a configuration principal. + * + * @param context a Keberos context + * @param principal principal to check if it a configuration principal + * + * @ingroup krb5_ccache + */ + +krb5_boolean KRB5_LIB_FUNCTION +krb5_is_config_principal(krb5_context context, + krb5_const_principal principal) +{ + if (strcmp(principal->realm, KRB5_REALM_NAME) != 0) + return FALSE; + + if (principal->name.name_string.len == 0 || + strcmp(principal->name.name_string.val[0], KRB5_CONF_NAME) != 0) + return FALSE; + + return TRUE; +} + /** * Store some configuration for the credential cache in the cache. * Existing configuration under the same name is over-written. @@ -1164,10 +1225,12 @@ build_conf_principals(krb5_context context, krb5_ccache id, * NULL, global for the whole cache. * @param name name under which the configuraion is stored. * @param data data to store + * + * @ingroup krb5_ccache */ krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_set_config(krb5_context context, krb5_ccache id, +krb5_cc_set_config(krb5_context context, krb5_ccache id, krb5_const_principal principal, const char *name, krb5_data *data) { @@ -1180,12 +1243,12 @@ krb5_cc_set_config(krb5_context context, krb5_ccache id, /* Remove old configuration */ ret = krb5_cc_remove_cred(context, id, 0, &cred); - if (ret) - goto out; + if (ret && ret != KRB5_CC_NOTFOUND) + goto out; /* not that anyone care when this expire */ cred.times.authtime = time(NULL); - cred.times.endtime = cred.times.authtime + 3600 * 24 * 30; + cred.times.endtime = cred.times.authtime + 3600 * 24 * 30; ret = krb5_data_copy(&cred.ticket, data->data, data->length); if (ret) @@ -1207,6 +1270,8 @@ out: * NULL, global for the whole cache. * @param name name under which the configuraion is stored. * @param data data to fetched, free with krb5_data_free() + * + * @ingroup krb5_ccache */ @@ -1237,3 +1302,188 @@ out: return ret; } +/* + * + */ + +struct krb5_cccol_cursor { + int idx; + krb5_cc_cache_cursor cursor; +}; + +/** + * Get a new cache interation cursor that will interate over all + * credentials caches independent of type. + * + * @param context a Keberos context + * @param cursor passed into krb5_cccol_cursor_next() and free with krb5_cccol_cursor_free(). + * + * @return Returns 0 or and error code, see krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cccol_cursor_new(krb5_context context, krb5_cccol_cursor *cursor) +{ + *cursor = calloc(1, sizeof(**cursor)); + if (*cursor == NULL) { + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); + return ENOMEM; + } + (*cursor)->idx = 0; + (*cursor)->cursor = NULL; + + return 0; +} + +/** + * Get next credential cache from the iteration. + * + * @param context A Kerberos 5 context + * @param cursor the iteration cursor + * @param cache the returned cursor, pointer is set to NULL on failure + * and a cache on success. The returned cache needs to be freed + * with krb5_cc_close() or destroyed with krb5_cc_destroy(). + * + * @return Return 0 or and error, KRB5_CC_END is returned at the end + * of iteration. See krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cccol_cursor_next(krb5_context context, krb5_cccol_cursor cursor, + krb5_ccache *cache) +{ + krb5_error_code ret; + + *cache = NULL; + + while (cursor->idx < context->num_cc_ops) { + + if (cursor->cursor == NULL) { + ret = krb5_cc_cache_get_first (context, + context->cc_ops[cursor->idx].prefix, + &cursor->cursor); + if (ret) { + cursor->idx++; + continue; + } + } + ret = krb5_cc_cache_next(context, cursor->cursor, cache); + if (ret == 0) + break; + + krb5_cc_cache_end_seq_get(context, cursor->cursor); + cursor->cursor = NULL; + if (ret != KRB5_CC_END) + break; + + cursor->idx++; + } + if (cursor->idx >= context->num_cc_ops) { + krb5_set_error_message(context, KRB5_CC_END, + N_("Reached end of credential caches", "")); + return KRB5_CC_END; + } + + return 0; +} + +/** + * End an iteration and free all resources, can be done before end is reached. + * + * @param context A Kerberos 5 context + * @param cursor the iteration cursor to be freed. + * + * @return Return 0 or and error, KRB5_CC_END is returned at the end + * of iteration. See krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cccol_cursor_free(krb5_context context, krb5_cccol_cursor *cursor) +{ + krb5_cccol_cursor c = *cursor; + + *cursor = NULL; + if (c) { + if (c->cursor) + krb5_cc_cache_end_seq_get(context, c->cursor); + free(c); + } + return 0; +} + +/** + * Return the last time the credential cache was modified. + * + * @param context A Kerberos 5 context + * @param id The credential cache to probe + * @param mtime the last modification time, set to 0 on error. + + * @return Return 0 or and error. See krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cc_last_change_time(krb5_context context, + krb5_ccache id, + krb5_timestamp *mtime) +{ + *mtime = 0; + return (*id->ops->lastchange)(context, id, mtime); +} + +/** + * Return the last modfication time for a cache collection. The query + * can be limited to a specific cache type. If the function return 0 + * and mtime is 0, there was no credentials in the caches. + * + * @param context A Kerberos 5 context + * @param id The credential cache to probe + * @param mtime the last modification time, set to 0 on error. + + * @return Return 0 or and error. See krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_cccol_last_change_time(krb5_context context, + const char *type, + krb5_timestamp *mtime) +{ + krb5_cccol_cursor cursor; + krb5_error_code ret; + krb5_ccache id; + krb5_timestamp t = 0; + + *mtime = 0; + + ret = krb5_cccol_cursor_new (context, &cursor); + if (ret) + return ret; + + while ((ret = krb5_cccol_cursor_next (context, cursor, &id)) == 0) { + + if (type && strcmp(krb5_cc_get_type(context, id), type) != 0) + continue; + + ret = krb5_cc_last_change_time(context, id, &t); + krb5_cc_close(context, id); + if (ret) + continue; + if (t > *mtime) + *mtime = t; + } + + krb5_cccol_cursor_free(context, &cursor); + + return 0; +} diff --git a/source4/heimdal/lib/krb5/changepw.c b/source4/heimdal/lib/krb5/changepw.c index d57ed9e3b8..91ed9c5ba0 100644 --- a/source4/heimdal/lib/krb5/changepw.c +++ b/source4/heimdal/lib/krb5/changepw.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include <krb5_locl.h> @@ -61,7 +61,7 @@ str2data (krb5_data *d, /* * Change password protocol defined by * draft-ietf-cat-kerb-chg-password-02.txt - * + * * Share the response part of the protocol with MS set password * (RFC3244) */ @@ -255,7 +255,7 @@ setpw_send_request (krb5_context context, if (sendmsg (sock, &msghdr, 0) < 0) { ret = errno; - krb5_set_error_message(context, ret, "sendmsg %s: %s", + krb5_set_error_message(context, ret, "sendmsg %s: %s", host, strerror(ret)); } @@ -288,7 +288,7 @@ process_reply (krb5_context context, while (len < sizeof(reply)) { unsigned long size; - ret = recvfrom (sock, reply + len, sizeof(reply) - len, + ret = recvfrom (sock, reply + len, sizeof(reply) - len, 0, NULL, NULL); if (ret < 0) { save_errno = errno; @@ -312,7 +312,7 @@ process_reply (krb5_context context, } if (len == sizeof(reply)) { krb5_set_error_message(context, ENOMEM, - "message too large from %s", + N_("Message too large from %s", "host"), host); return ENOMEM; } @@ -361,7 +361,7 @@ process_reply (krb5_context context, *result_code = (p[0] << 8) | p[1]; if (error.e_data->length == 2) str2data(result_string, "server only sent error code"); - else + else krb5_data_copy (result_string, p + 2, error.e_data->length - 2); @@ -383,7 +383,7 @@ process_reply (krb5_context context, ap_rep_data.data = reply + 6; ap_rep_data.length = (reply[4] << 8) | (reply[5]); - + if (reply + len < (u_char *)ap_rep_data.data + ap_rep_data.length) { str2data (result_string, "client: wrong AP len in reply"); *result_code = KRB5_KPASSWD_MALFORMED; @@ -425,7 +425,7 @@ process_reply (krb5_context context, } p = result_code_string->data; - + *result_code = (p[0] << 8) | p[1]; krb5_data_copy (result_string, (unsigned char*)result_code_string->data + 2, @@ -435,7 +435,7 @@ process_reply (krb5_context context, KRB_ERROR error; size_t size; u_char *p; - + ret = decode_KRB_ERROR(reply + 6, len - 6, &error, &size); if (ret) { return ret; @@ -487,9 +487,9 @@ static struct kpwd_proc { kpwd_process_reply process_rep; } procs[] = { { - "MS set password", + "MS set password", SUPPORT_TCP|SUPPORT_UDP, - setpw_send_request, + setpw_send_request, process_reply }, { @@ -501,17 +501,6 @@ static struct kpwd_proc { { NULL } }; -static struct kpwd_proc * -find_chpw_proto(const char *name) -{ - struct kpwd_proc *p; - for (p = procs; p->name != NULL; p++) { - if (strcmp(p->name, name) == 0) - return p; - } - return NULL; -} - /* * */ @@ -601,7 +590,7 @@ change_password_loop (krb5_context context, if (!replied) { replied = 0; - + ret = (*proc->send_req) (context, &auth_context, creds, @@ -615,7 +604,7 @@ change_password_loop (krb5_context context, goto out; } } - + if (sock >= FD_SETSIZE) { ret = ERANGE; krb5_set_error_message(context, ret, @@ -662,8 +651,8 @@ change_password_loop (krb5_context context, if (ret == KRB5_KDC_UNREACH) { krb5_set_error_message(context, ret, - "unable to reach any changepw server " - " in realm %s", realm); + N_("Unable to reach any changepw server " + " in realm %s", "realm"), realm); *result_code = KRB5_KPASSWD_HARDERROR; } return ret; @@ -671,6 +660,17 @@ change_password_loop (krb5_context context, #ifndef HEIMDAL_SMALLER +static struct kpwd_proc * +find_chpw_proto(const char *name) +{ + struct kpwd_proc *p; + for (p = procs; p->name != NULL; p++) { + if (strcmp(p->name, name) == 0) + return p; + } + return NULL; +} + /** * krb5_change_password() is deprecated, use krb5_set_password(). * @@ -704,8 +704,8 @@ krb5_change_password (krb5_context context, if (p == NULL) return KRB5_KPASSWD_MALFORMED; - return change_password_loop(context, creds, NULL, newpw, - result_code, result_code_string, + return change_password_loop(context, creds, NULL, newpw, + result_code, result_code_string, result_string, p); } #endif /* HEIMDAL_SMALLER */ @@ -754,9 +754,9 @@ krb5_set_password(krb5_context context, for (i = 0; procs[i].name != NULL; i++) { *result_code = 0; - ret = change_password_loop(context, creds, principal, newpw, - result_code, result_code_string, - result_string, + ret = change_password_loop(context, creds, principal, newpw, + result_code, result_code_string, + result_string, &procs[i]); if (ret == 0 && *result_code == 0) break; @@ -799,7 +799,7 @@ krb5_set_password_using_ccache(krb5_context context, } else principal = targprinc; - ret = krb5_make_principal(context, &creds.server, + ret = krb5_make_principal(context, &creds.server, krb5_principal_get_realm(context, principal), "kadmin", "changepw", NULL); if (ret) @@ -825,7 +825,7 @@ krb5_set_password_using_ccache(krb5_context context, result_code_string, result_string); - krb5_free_creds(context, credsp); + krb5_free_creds(context, credsp); return ret; out: diff --git a/source4/heimdal/lib/krb5/codec.c b/source4/heimdal/lib/krb5/codec.c index 478f77ecef..bd0dcc5371 100644 --- a/source4/heimdal/lib/krb5/codec.c +++ b/source4/heimdal/lib/krb5/codec.c @@ -1,46 +1,52 @@ /* - * Copyright (c) 1998 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1998 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" +#undef __attribute__ +#define __attribute__(x) + RCSID("$Id$"); +#ifndef HEIMDAL_SMALLER + krb5_error_code KRB5_LIB_FUNCTION krb5_decode_EncTicketPart (krb5_context context, const void *data, size_t length, EncTicketPart *t, size_t *len) + __attribute__((deprecated)) { return decode_EncTicketPart(data, length, t, len); } @@ -51,6 +57,7 @@ krb5_encode_EncTicketPart (krb5_context context, size_t length, EncTicketPart *t, size_t *len) + __attribute__((deprecated)) { return encode_EncTicketPart(data, length, t, len); } @@ -61,6 +68,7 @@ krb5_decode_EncASRepPart (krb5_context context, size_t length, EncASRepPart *t, size_t *len) + __attribute__((deprecated)) { return decode_EncASRepPart(data, length, t, len); } @@ -71,6 +79,7 @@ krb5_encode_EncASRepPart (krb5_context context, size_t length, EncASRepPart *t, size_t *len) + __attribute__((deprecated)) { return encode_EncASRepPart(data, length, t, len); } @@ -81,6 +90,7 @@ krb5_decode_EncTGSRepPart (krb5_context context, size_t length, EncTGSRepPart *t, size_t *len) + __attribute__((deprecated)) { return decode_EncTGSRepPart(data, length, t, len); } @@ -91,6 +101,7 @@ krb5_encode_EncTGSRepPart (krb5_context context, size_t length, EncTGSRepPart *t, size_t *len) + __attribute__((deprecated)) { return encode_EncTGSRepPart(data, length, t, len); } @@ -101,6 +112,7 @@ krb5_decode_EncAPRepPart (krb5_context context, size_t length, EncAPRepPart *t, size_t *len) + __attribute__((deprecated)) { return decode_EncAPRepPart(data, length, t, len); } @@ -111,6 +123,7 @@ krb5_encode_EncAPRepPart (krb5_context context, size_t length, EncAPRepPart *t, size_t *len) + __attribute__((deprecated)) { return encode_EncAPRepPart(data, length, t, len); } @@ -121,6 +134,7 @@ krb5_decode_Authenticator (krb5_context context, size_t length, Authenticator *t, size_t *len) + __attribute__((deprecated)) { return decode_Authenticator(data, length, t, len); } @@ -131,6 +145,7 @@ krb5_encode_Authenticator (krb5_context context, size_t length, Authenticator *t, size_t *len) + __attribute__((deprecated)) { return encode_Authenticator(data, length, t, len); } @@ -141,6 +156,7 @@ krb5_decode_EncKrbCredPart (krb5_context context, size_t length, EncKrbCredPart *t, size_t *len) + __attribute__((deprecated)) { return decode_EncKrbCredPart(data, length, t, len); } @@ -151,6 +167,7 @@ krb5_encode_EncKrbCredPart (krb5_context context, size_t length, EncKrbCredPart *t, size_t *len) + __attribute__((deprecated)) { return encode_EncKrbCredPart (data, length, t, len); } @@ -161,6 +178,7 @@ krb5_decode_ETYPE_INFO (krb5_context context, size_t length, ETYPE_INFO *t, size_t *len) + __attribute__((deprecated)) { return decode_ETYPE_INFO(data, length, t, len); } @@ -171,6 +189,7 @@ krb5_encode_ETYPE_INFO (krb5_context context, size_t length, ETYPE_INFO *t, size_t *len) + __attribute__((deprecated)) { return encode_ETYPE_INFO (data, length, t, len); } @@ -181,6 +200,7 @@ krb5_decode_ETYPE_INFO2 (krb5_context context, size_t length, ETYPE_INFO2 *t, size_t *len) + __attribute__((deprecated)) { return decode_ETYPE_INFO2(data, length, t, len); } @@ -191,6 +211,9 @@ krb5_encode_ETYPE_INFO2 (krb5_context context, size_t length, ETYPE_INFO2 *t, size_t *len) + __attribute__((deprecated)) { return encode_ETYPE_INFO2 (data, length, t, len); } + +#endif /* HEIMDAL_SMALLER */ diff --git a/source4/heimdal/lib/krb5/config_file.c b/source4/heimdal/lib/krb5/config_file.c index f7f7957b04..75c48a001b 100644 --- a/source4/heimdal/lib/krb5/config_file.c +++ b/source4/heimdal/lib/krb5/config_file.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" @@ -85,7 +85,7 @@ get_entry(krb5_config_section **parent, const char *name, int type) krb5_config_section **q; for(q = parent; *q != NULL; q = &(*q)->next) - if(type == krb5_config_list && + if(type == krb5_config_list && type == (*q)->type && strcmp(name, (*q)->name) == 0) return *q; @@ -111,7 +111,7 @@ get_entry(krb5_config_section **parent, const char *name, int type) * a * } * ... - * + * * starting at the line in `p', storing the resulting structure in * `s' and hooking it into `parent'. * Store the error message in `error_message'. @@ -262,7 +262,7 @@ krb5_config_parse_debug (struct fileptr *f, continue; if (*p == '[') { ret = parse_section(p, &s, res, error_message); - if (ret) + if (ret) return ret; b = NULL; } else if (*p == '}') { @@ -315,7 +315,7 @@ krb5_config_parse_file_multi (krb5_context context, f.s = NULL; if(f.f == NULL) { ret = errno; - krb5_set_error_message (context, ret, "open %s: %s", + krb5_set_error_message (context, ret, "open %s: %s", fname, strerror(ret)); return ret; } @@ -352,7 +352,7 @@ free_binding (krb5_context context, krb5_config_binding *b) else if (b->type == krb5_config_list) free_binding (context, b->u.list); else - krb5_abortx(context, "unknown binding type (%d) in free_binding", + krb5_abortx(context, "unknown binding type (%d) in free_binding", b->type); next_b = b->next; free (b); @@ -367,6 +367,42 @@ krb5_config_file_free (krb5_context context, krb5_config_section *s) return 0; } +krb5_error_code +_krb5_config_copy(krb5_context context, + krb5_config_section *c, + krb5_config_section **head) +{ + krb5_config_binding *d, *previous = NULL; + + *head = NULL; + + while (c) { + d = calloc(1, sizeof(*d)); + + if (*head == NULL) + *head = d; + + d->name = strdup(c->name); + d->type = c->type; + if (d->type == krb5_config_string) + d->u.string = strdup(c->u.string); + else if (d->type == krb5_config_list) + _krb5_config_copy (context, c->u.list, &d->u.list); + else + krb5_abortx(context, + "unknown binding type (%d) in krb5_config_copy", + d->type); + if (previous) + previous->next = d; + + previous = d; + c = c->next; + } + return 0; +} + + + const void * krb5_config_get_next (krb5_context context, const krb5_config_section *c, @@ -551,7 +587,7 @@ krb5_config_vget_strings(krb5_context context, const krb5_config_binding *b = NULL; const char *p; - while((p = krb5_config_vget_next(context, c, &b, + while((p = krb5_config_vget_next(context, c, &b, krb5_config_string, args))) { char *tmp = strdup(p); char *pos = NULL; @@ -726,13 +762,13 @@ krb5_config_vget_int_default (krb5_context context, str = krb5_config_vget_string (context, c, args); if(str == NULL) return def_value; - else { - char *endptr; - long l; - l = strtol(str, &endptr, 0); - if (endptr == str) - return def_value; - else + else { + char *endptr; + long l; + l = strtol(str, &endptr, 0); + if (endptr == str) + return def_value; + else return l; } } diff --git a/source4/heimdal/lib/krb5/config_file_netinfo.c b/source4/heimdal/lib/krb5/config_file_netinfo.c index d51739ae37..e6993bbb4a 100644 --- a/source4/heimdal/lib/krb5/config_file_netinfo.c +++ b/source4/heimdal/lib/krb5/config_file_netinfo.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" diff --git a/source4/heimdal/lib/krb5/constants.c b/source4/heimdal/lib/krb5/constants.c index dc96bcb632..b41fb3f663 100644 --- a/source4/heimdal/lib/krb5/constants.c +++ b/source4/heimdal/lib/krb5/constants.c @@ -1,41 +1,41 @@ /* - * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" RCSID("$Id$"); -KRB5_LIB_VARIABLE const char *krb5_config_file = +KRB5_LIB_VARIABLE const char *krb5_config_file = #ifdef __APPLE__ "/Library/Preferences/edu.mit.Kerberos:" #endif diff --git a/source4/heimdal/lib/krb5/context.c b/source4/heimdal/lib/krb5/context.c index 358ab20349..aa35a184c0 100644 --- a/source4/heimdal/lib/krb5/context.c +++ b/source4/heimdal/lib/krb5/context.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" @@ -60,7 +60,7 @@ set_etypes (krb5_context context, char **etypes_str; krb5_enctype *etypes = NULL; - etypes_str = krb5_config_get_strings(context, NULL, "libdefaults", + etypes_str = krb5_config_get_strings(context, NULL, "libdefaults", name, NULL); if(etypes_str){ int i, j, k; @@ -68,7 +68,7 @@ set_etypes (krb5_context context, etypes = malloc((i+1) * sizeof(*etypes)); if (etypes == NULL) { krb5_config_free_strings (etypes_str); - krb5_set_error_message (context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } for(j = 0, k = 0; j < i; j++) { @@ -81,12 +81,38 @@ set_etypes (krb5_context context, } etypes[k] = ETYPE_NULL; krb5_config_free_strings(etypes_str); - } + } *ret_enctypes = etypes; return 0; } /* + * + */ + +static krb5_error_code +copy_etypes (krb5_context context, + krb5_enctype *enctypes, + krb5_enctype **ret_enctypes) +{ + unsigned int i; + + for (i = 0; enctypes[i]; i++) + ; + i++; + + *ret_enctypes = malloc(sizeof(ret_enctypes[0]) * i); + if (*ret_enctypes == NULL) { + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); + return ENOMEM; + } + memcpy(*ret_enctypes, enctypes, sizeof(ret_enctypes[0]) * i); + return 0; +} + + +/* * read variables from the configuration file and set in `context' */ @@ -102,13 +128,13 @@ init_context_from_config_file(krb5_context context) INIT_FIELD(context, int, max_retries, 3, "max_retries"); INIT_FIELD(context, string, http_proxy, NULL, "http_proxy"); - + ret = set_etypes (context, "default_etypes", &tmptypes); if(ret) return ret; free(context->etypes); context->etypes = tmptypes; - + ret = set_etypes (context, "default_etypes_des", &tmptypes); if(ret) return ret; @@ -122,27 +148,27 @@ init_context_from_config_file(krb5_context context) if(tmp != NULL) context->default_keytab = tmp; else - INIT_FIELD(context, string, default_keytab, + INIT_FIELD(context, string, default_keytab, KEYTAB_DEFAULT, "default_keytab_name"); - INIT_FIELD(context, string, default_keytab_modify, + INIT_FIELD(context, string, default_keytab_modify, NULL, "default_keytab_modify_name"); - INIT_FIELD(context, string, time_fmt, + INIT_FIELD(context, string, time_fmt, "%Y-%m-%dT%H:%M:%S", "time_format"); - INIT_FIELD(context, string, date_fmt, + INIT_FIELD(context, string, date_fmt, "%Y-%m-%d", "date_format"); - INIT_FIELD(context, bool, log_utc, + INIT_FIELD(context, bool, log_utc, FALSE, "log_utc"); - + /* init dns-proxy slime */ - tmp = krb5_config_get_string(context, NULL, "libdefaults", + tmp = krb5_config_get_string(context, NULL, "libdefaults", "dns_proxy", NULL); - if(tmp) + if(tmp) roken_gethostby_setup(context->http_proxy, tmp); krb5_free_host_realm (context, context->default_realms); context->default_realms = NULL; @@ -152,9 +178,9 @@ init_context_from_config_file(krb5_context context) char **adr, **a; krb5_set_extra_addresses(context, NULL); - adr = krb5_config_get_strings(context, NULL, - "libdefaults", - "extra_addresses", + adr = krb5_config_get_strings(context, NULL, + "libdefaults", + "extra_addresses", NULL); memset(&addresses, 0, sizeof(addresses)); for(a = adr; a && *a; a++) { @@ -167,9 +193,9 @@ init_context_from_config_file(krb5_context context) krb5_config_free_strings(adr); krb5_set_ignore_addresses(context, NULL); - adr = krb5_config_get_strings(context, NULL, - "libdefaults", - "ignore_addresses", + adr = krb5_config_get_strings(context, NULL, + "libdefaults", + "ignore_addresses", NULL); memset(&addresses, 0, sizeof(addresses)); for(a = adr; a && *a; a++) { @@ -181,7 +207,7 @@ init_context_from_config_file(krb5_context context) } krb5_config_free_strings(adr); } - + INIT_FIELD(context, bool, scan_interfaces, TRUE, "scan_interfaces"); INIT_FIELD(context, int, fcache_vno, 0, "fcache_version"); /* prefer dns_lookup_kdc over srv_lookup. */ @@ -193,7 +219,7 @@ init_context_from_config_file(krb5_context context) context->default_cc_name = NULL; context->default_cc_name_set = 0; - ret = krb5_config_get_bool_default(context, NULL, FALSE, + ret = krb5_config_get_bool_default(context, NULL, FALSE, "libdefaults", "allow_weak_crypto", NULL); if (ret) { @@ -208,6 +234,42 @@ init_context_from_config_file(krb5_context context) return 0; } +static krb5_error_code +cc_ops_register(krb5_context context) +{ + context->cc_ops = NULL; + context->num_cc_ops = 0; + + krb5_cc_register(context, &krb5_acc_ops, TRUE); + krb5_cc_register(context, &krb5_fcc_ops, TRUE); + krb5_cc_register(context, &krb5_mcc_ops, TRUE); +#ifdef HAVE_SQLITE + krb5_cc_register(context, &krb5_scc_ops, TRUE); +#endif +#ifdef HAVE_KCM + krb5_cc_register(context, &krb5_kcm_ops, TRUE); +#endif + return 0; +} + +static krb5_error_code +kt_ops_register(krb5_context context) +{ + context->num_kt_types = 0; + context->kt_types = NULL; + + krb5_kt_register (context, &krb5_fkt_ops); + krb5_kt_register (context, &krb5_wrfkt_ops); + krb5_kt_register (context, &krb5_javakt_ops); + krb5_kt_register (context, &krb5_mkt_ops); +#ifndef HEIMDAL_SMALLER + krb5_kt_register (context, &krb5_akf_ops); +#endif + krb5_kt_register (context, &krb5_any_ops); + return 0; +} + + /** * Initializes the context structure and reads the configuration file * /etc/krb5.conf. The structure should be freed by calling @@ -232,6 +294,9 @@ krb5_init_context(krb5_context *context) *context = NULL; + /* should have a run_once */ + bindtextdomain(HEIMDAL_TEXTDOMAIN, HEIMDAL_LOCALEDIR); + p = calloc(1, sizeof(*p)); if(!p) return ENOMEM; @@ -244,34 +309,17 @@ krb5_init_context(krb5_context *context) HEIMDAL_MUTEX_init(p->mutex); ret = krb5_get_default_config_files(&files); - if(ret) + if(ret) goto out; ret = krb5_set_config_files(p, files); krb5_free_config_files(files); - if(ret) + if(ret) goto out; /* init error tables */ krb5_init_ets(p); - - p->cc_ops = NULL; - p->num_cc_ops = 0; - krb5_cc_register(p, &krb5_acc_ops, TRUE); - krb5_cc_register(p, &krb5_fcc_ops, TRUE); - krb5_cc_register(p, &krb5_mcc_ops, TRUE); - krb5_cc_register(p, &krb5_scc_ops, TRUE); -#ifdef HAVE_KCM - krb5_cc_register(p, &krb5_kcm_ops, TRUE); -#endif - - p->num_kt_types = 0; - p->kt_types = NULL; - krb5_kt_register (p, &krb5_fkt_ops); - krb5_kt_register (p, &krb5_wrfkt_ops); - krb5_kt_register (p, &krb5_javakt_ops); - krb5_kt_register (p, &krb5_mkt_ops); - krb5_kt_register (p, &krb5_akf_ops); - krb5_kt_register (p, &krb5_any_ops); + cc_ops_register(p); + kt_ops_register(p); out: if(ret) { @@ -283,12 +331,105 @@ out: } /** + * Make a copy for the Kerberos 5 context, allocated krb5_contex shoud + * be freed with krb5_free_context(). + * + * @param in the Kerberos context to copy + * @param out the copy of the Kerberos, set to NULL error. + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5 + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_copy_context(krb5_context context, krb5_context *out) +{ + krb5_error_code ret; + krb5_context p; + + *out = NULL; + + p = calloc(1, sizeof(*p)); + if (p == NULL) { + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); + return ENOMEM; + } + + p->mutex = malloc(sizeof(HEIMDAL_MUTEX)); + if (p->mutex == NULL) { + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); + free(p); + return ENOMEM; + } + HEIMDAL_MUTEX_init(p->mutex); + + + if (context->default_cc_name) + p->default_cc_name = strdup(context->default_cc_name); + if (context->default_cc_name_env) + p->default_cc_name_env = strdup(context->default_cc_name_env); + + if (context->etypes) { + ret = copy_etypes(context, context->etypes, &p->etypes); + if (ret) + goto out; + } + if (context->etypes_des) { + ret = copy_etypes(context, context->etypes_des, &p->etypes_des); + if (ret) + goto out; + } + + if (context->default_realms) { + ret = krb5_copy_host_realm(context, + context->default_realms, &p->default_realms); + if (ret) + goto out; + } + + ret = _krb5_config_copy(context, context->cf, &p->cf); + if (ret) + goto out; + + /* XXX should copy */ + krb5_init_ets(p); + cc_ops_register(p); + kt_ops_register(p); + +#if 0 /* XXX */ + if(context->warn_dest != NULL) + ; +#endif + + ret = krb5_set_extra_addresses(p, context->extra_addresses); + if (ret) + goto out; + ret = krb5_set_extra_addresses(p, context->ignore_addresses); + if (ret) + goto out; + + ret = _krb5_copy_send_to_kdc_func(p, context); + if (ret) + goto out; + + *out = p; + + return 0; + + out: + krb5_free_context(p); + return ret; +} + +/** * Frees the krb5_context allocated by krb5_init_context(). * * @param context context to be freed. * - * @ingroup krb5 -*/ + * @ingroup krb5 + */ void KRB5_LIB_FUNCTION krb5_free_context(krb5_context context) @@ -304,7 +445,7 @@ krb5_free_context(krb5_context context) free_error_table (context->et_list); free(context->cc_ops); free(context->kt_types); - krb5_clear_error_string(context); + krb5_clear_error_message(context); if(context->warn_dest != NULL) krb5_closelog(context, context->warn_dest); krb5_set_extra_addresses(context, NULL); @@ -455,7 +596,7 @@ krb5_prepend_config_files_default(const char *filelist, char ***pfilenames) { krb5_error_code ret; char **defpp, **pp = NULL; - + ret = krb5_get_default_config_files(&defpp); if (ret) return ret; @@ -480,7 +621,7 @@ krb5_prepend_config_files_default(const char *filelist, char ***pfilenames) * @ingroup krb5 */ -krb5_error_code KRB5_LIB_FUNCTION +krb5_error_code KRB5_LIB_FUNCTION krb5_get_default_config_files(char ***pfilenames) { const char *files = NULL; @@ -564,7 +705,7 @@ default_etypes(krb5_context context, krb5_enctype **etype) ep = realloc(e, (n + 2) * sizeof(*e)); if (ep == NULL) { free(e); - krb5_set_error_message (context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } e = ep; @@ -590,7 +731,7 @@ default_etypes(krb5_context context, krb5_enctype **etype) */ krb5_error_code KRB5_LIB_FUNCTION -krb5_set_default_in_tkt_etypes(krb5_context context, +krb5_set_default_in_tkt_etypes(krb5_context context, const krb5_enctype *etypes) { krb5_enctype *p = NULL; @@ -606,7 +747,7 @@ krb5_set_default_in_tkt_etypes(krb5_context context, ++i; ALLOC(p, i); if(!p) { - krb5_set_error_message (context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } memmove(p, etypes, i * sizeof(krb5_enctype)); @@ -638,13 +779,13 @@ krb5_get_default_in_tkt_etypes(krb5_context context, krb5_enctype *p; int i; krb5_error_code ret; - + if(context->etypes) { for(i = 0; context->etypes[i]; i++); ++i; ALLOC(p, i); if(!p) { - krb5_set_error_message (context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } memmove(p, context->etypes, i * sizeof(krb5_enctype)); @@ -683,7 +824,7 @@ krb5_get_err_text(krb5_context context, krb5_error_code code) } /** - * Init the built-in ets in the Kerberos library. + * Init the built-in ets in the Kerberos library. * * @param context kerberos context to add the ets too * @@ -695,11 +836,20 @@ krb5_init_ets(krb5_context context) { if(context->et_list == NULL){ krb5_add_et_list(context, initialize_krb5_error_table_r); + bindtextdomain(COM_ERR_BINDDOMAIN_krb5, HEIMDAL_LOCALEDIR); + krb5_add_et_list(context, initialize_asn1_error_table_r); + bindtextdomain(COM_ERR_BINDDOMAIN_asn1, HEIMDAL_LOCALEDIR); + krb5_add_et_list(context, initialize_heim_error_table_r); + bindtextdomain(COM_ERR_BINDDOMAIN_heim, HEIMDAL_LOCALEDIR); + krb5_add_et_list(context, initialize_k524_error_table_r); + bindtextdomain(COM_ERR_BINDDOMAIN_k524, HEIMDAL_LOCALEDIR); + #ifdef PKINIT krb5_add_et_list(context, initialize_hx_error_table_r); + bindtextdomain(COM_ERR_BINDDOMAIN_hx, HEIMDAL_LOCALEDIR); #endif } } @@ -753,7 +903,7 @@ krb5_add_extra_addresses(krb5_context context, krb5_addresses *addresses) { if(context->extra_addresses) - return krb5_append_addresses(context, + return krb5_append_addresses(context, context->extra_addresses, addresses); else return krb5_set_extra_addresses(context, addresses); @@ -788,7 +938,7 @@ krb5_set_extra_addresses(krb5_context context, const krb5_addresses *addresses) if(context->extra_addresses == NULL) { context->extra_addresses = malloc(sizeof(*context->extra_addresses)); if(context->extra_addresses == NULL) { - krb5_set_error_message (context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } } @@ -836,7 +986,7 @@ krb5_add_ignore_addresses(krb5_context context, krb5_addresses *addresses) { if(context->ignore_addresses) - return krb5_append_addresses(context, + return krb5_append_addresses(context, context->ignore_addresses, addresses); else return krb5_set_ignore_addresses(context, addresses); @@ -870,7 +1020,7 @@ krb5_set_ignore_addresses(krb5_context context, const krb5_addresses *addresses) if(context->ignore_addresses == NULL) { context->ignore_addresses = malloc(sizeof(*context->ignore_addresses)); if(context->ignore_addresses == NULL) { - krb5_set_error_message (context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } } diff --git a/source4/heimdal/lib/krb5/convert_creds.c b/source4/heimdal/lib/krb5/convert_creds.c index d74f121207..fc81d96bec 100644 --- a/source4/heimdal/lib/krb5/convert_creds.c +++ b/source4/heimdal/lib/krb5/convert_creds.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" @@ -59,7 +59,7 @@ check_ticket_flags(TicketFlags f) */ krb5_error_code KRB5_LIB_FUNCTION -krb524_convert_creds_kdc(krb5_context context, +krb524_convert_creds_kdc(krb5_context context, krb5_creds *in_cred, struct credentials *v4creds) { @@ -79,7 +79,7 @@ krb524_convert_creds_kdc(krb5_context context, krb5_krbhst_handle handle; ret = krb5_krbhst_init(context, - krb5_principal_get_realm(context, + krb5_principal_get_realm(context, v5_creds->server), KRB5_KRBHST_KRB524, &handle); @@ -97,7 +97,7 @@ krb524_convert_creds_kdc(krb5_context context, sp = krb5_storage_from_mem(reply.data, reply.length); if(sp == NULL) { ret = ENOMEM; - krb5_set_error_message (context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", "")); goto out2; } krb5_ret_int32(sp, &tmp); @@ -114,25 +114,27 @@ krb524_convert_creds_kdc(krb5_context context, v4creds->ticket_st.length = ticket.length; memcpy(v4creds->ticket_st.dat, ticket.data, ticket.length); krb5_data_free(&ticket); - ret = krb5_524_conv_principal(context, - v5_creds->server, - v4creds->service, - v4creds->instance, + ret = krb5_524_conv_principal(context, + v5_creds->server, + v4creds->service, + v4creds->instance, v4creds->realm); if(ret) goto out; v4creds->issue_date = v5_creds->times.starttime; v4creds->lifetime = _krb5_krb_time_to_life(v4creds->issue_date, v5_creds->times.endtime); - ret = krb5_524_conv_principal(context, v5_creds->client, - v4creds->pname, - v4creds->pinst, + ret = krb5_524_conv_principal(context, v5_creds->client, + v4creds->pname, + v4creds->pinst, realm); if(ret) goto out; memcpy(v4creds->session, v5_creds->session.keyvalue.data, 8); } else { - krb5_set_error_message (context, ret, "converting credentials: %s", + krb5_set_error_message (context, ret, + N_("converting credentials: %s", + "already localized"), krb5_get_err_text(context, ret)); } out: @@ -160,7 +162,7 @@ out2: */ krb5_error_code KRB5_LIB_FUNCTION -krb524_convert_creds_kdc_ccache(krb5_context context, +krb524_convert_creds_kdc_ccache(krb5_context context, krb5_ccache ccache, krb5_creds *in_cred, struct credentials *v4creds) diff --git a/source4/heimdal/lib/krb5/copy_host_realm.c b/source4/heimdal/lib/krb5/copy_host_realm.c index db06e56fb6..37e27110b6 100644 --- a/source4/heimdal/lib/krb5/copy_host_realm.c +++ b/source4/heimdal/lib/krb5/copy_host_realm.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" @@ -61,7 +61,8 @@ krb5_copy_host_realm(krb5_context context, *to = calloc (n, sizeof(**to)); if (*to == NULL) { - krb5_set_error_message (context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message (context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } @@ -69,7 +70,8 @@ krb5_copy_host_realm(krb5_context context, (*to)[i] = strdup(*p); if ((*to)[i] == NULL) { krb5_free_host_realm (context, *to); - krb5_set_error_message (context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message (context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } } diff --git a/source4/heimdal/lib/krb5/crc.c b/source4/heimdal/lib/krb5/crc.c index cdb40b8110..a900cabbba 100644 --- a/source4/heimdal/lib/krb5/crc.c +++ b/source4/heimdal/lib/krb5/crc.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" @@ -45,7 +45,7 @@ _krb5_crc_init_table(void) static int flag = 0; unsigned long crc, poly; unsigned int i, j; - + if(flag) return; poly = CRC_GEN; for (i = 0; i < 256; i++) { diff --git a/source4/heimdal/lib/krb5/creds.c b/source4/heimdal/lib/krb5/creds.c index d194041766..087a4850eb 100644 --- a/source4/heimdal/lib/krb5/creds.c +++ b/source4/heimdal/lib/krb5/creds.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" @@ -41,11 +41,12 @@ RCSID("$Id$"); #ifndef HEIMDAL_SMALLER /* keep this for compatibility with older code */ -krb5_error_code KRB5_LIB_FUNCTION __attribute__((deprecated)) +krb5_error_code KRB5_LIB_FUNCTION krb5_free_creds_contents (krb5_context context, krb5_creds *c) + __attribute__((deprecated)) { return krb5_free_cred_contents (context, c); -} +} #endif /* HEIMDAL_SMALLER */ @@ -156,7 +157,8 @@ krb5_copy_creds (krb5_context context, c = malloc (sizeof (*c)); if (c == NULL) { - krb5_set_error_message (context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message (context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } memset (c, 0, sizeof(*c)); @@ -213,25 +215,25 @@ krb5_compare_creds(krb5_context context, krb5_flags whichfields, const krb5_creds * mcreds, const krb5_creds * creds) { krb5_boolean match = TRUE; - + if (match && mcreds->server) { - if (whichfields & (KRB5_TC_DONT_MATCH_REALM | KRB5_TC_MATCH_SRV_NAMEONLY)) - match = krb5_principal_compare_any_realm (context, mcreds->server, + if (whichfields & (KRB5_TC_DONT_MATCH_REALM | KRB5_TC_MATCH_SRV_NAMEONLY)) + match = krb5_principal_compare_any_realm (context, mcreds->server, creds->server); else - match = krb5_principal_compare (context, mcreds->server, + match = krb5_principal_compare (context, mcreds->server, creds->server); } if (match && mcreds->client) { if(whichfields & KRB5_TC_DONT_MATCH_REALM) - match = krb5_principal_compare_any_realm (context, mcreds->client, + match = krb5_principal_compare_any_realm (context, mcreds->client, creds->client); else - match = krb5_principal_compare (context, mcreds->client, + match = krb5_principal_compare (context, mcreds->client, creds->client); } - + if (match && (whichfields & KRB5_TC_MATCH_KEYTYPE)) match = krb5_enctypes_compatible_keys(context, mcreds->session.keytype, @@ -245,7 +247,7 @@ krb5_compare_creds(krb5_context context, krb5_flags whichfields, if (match && (whichfields & KRB5_TC_MATCH_TIMES_EXACT)) match = krb5_times_equal(&mcreds->times, &creds->times); - + if (match && (whichfields & KRB5_TC_MATCH_TIMES)) /* compare only expiration times */ match = (mcreds->times.renew_till <= creds->times.renew_till) && @@ -257,7 +259,7 @@ krb5_compare_creds(krb5_context context, krb5_flags whichfields, match = FALSE; else for(i = 0; match && i < mcreds->authdata.len; i++) - match = (mcreds->authdata.val[i].ad_type == + match = (mcreds->authdata.val[i].ad_type == creds->authdata.val[i].ad_type) && (krb5_data_cmp(&mcreds->authdata.val[i].ad_data, &creds->authdata.val[i].ad_data) == 0); @@ -266,8 +268,25 @@ krb5_compare_creds(krb5_context context, krb5_flags whichfields, match = (krb5_data_cmp(&mcreds->second_ticket, &creds->second_ticket) == 0); if (match && (whichfields & KRB5_TC_MATCH_IS_SKEY)) - match = ((mcreds->second_ticket.length == 0) == + match = ((mcreds->second_ticket.length == 0) == (creds->second_ticket.length == 0)); return match; } + +/** + * Returns the ticket flags for the credentials in creds. + * See also krb5_ticket_get_flags(). + * + * @param creds credential to get ticket flags from + * + * @return ticket flags + * + * @ingroup krb5 + */ + +unsigned long +krb5_creds_get_ticket_flags(krb5_creds *creds) +{ + return TicketFlags2int(creds->flags.b); +} diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c index 9379c6fdf1..bc6512cf1a 100644 --- a/source4/heimdal/lib/krb5/crypto.c +++ b/source4/heimdal/lib/krb5/crypto.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" @@ -38,8 +38,9 @@ RCSID("$Id$"); #undef __attribute__ #define __attribute__(X) -#ifndef HEIMDAL_SMALLER #define WEAK_ENCTYPES 1 + +#ifndef HEIMDAL_SMALLER #define DES3_OLD_ENCTYPE 1 #endif @@ -82,7 +83,7 @@ struct krb5_crypto_data { struct salt_type { krb5_salttype type; const char *name; - krb5_error_code (*string_to_key)(krb5_context, krb5_enctype, krb5_data, + krb5_error_code (*string_to_key)(krb5_context, krb5_enctype, krb5_data, krb5_salt, krb5_data, krb5_keyblock*); }; @@ -145,8 +146,7 @@ struct encryption_type { static struct checksum_type *_find_checksum(krb5_cksumtype type); static struct encryption_type *_find_enctype(krb5_enctype type); -static struct key_type *_find_keytype(krb5_keytype type); -static krb5_error_code _get_derived_key(krb5_context, krb5_crypto, +static krb5_error_code _get_derived_key(krb5_context, krb5_crypto, unsigned, struct key_data**); static struct key_data *_new_derived_key(krb5_crypto crypto, unsigned usage); static krb5_error_code derive_key(krb5_context context, @@ -155,13 +155,13 @@ static krb5_error_code derive_key(krb5_context context, const void *constant, size_t len); static krb5_error_code hmac(krb5_context context, - struct checksum_type *cm, - const void *data, - size_t len, + struct checksum_type *cm, + const void *data, + size_t len, unsigned usage, struct key_data *keyblock, Checksum *result); -static void free_key_data(krb5_context, +static void free_key_data(krb5_context, struct key_data *, struct encryption_type *); static krb5_error_code usage2arcfour (krb5_context, unsigned *); @@ -179,9 +179,10 @@ struct evp_schedule { static HEIMDAL_MUTEX crypto_mutex = HEIMDAL_MUTEX_INITIALIZER; +#ifdef WEAK_ENCTYPES static void krb5_DES_random_key(krb5_context context, - krb5_keyblock *key) + krb5_keyblock *key) { DES_cblock *k = key->keyvalue.data; do { @@ -190,7 +191,6 @@ krb5_DES_random_key(krb5_context context, } while(DES_is_weak_key(k)); } -#ifdef WEAK_ENCTYPES static void krb5_DES_schedule_old(krb5_context context, struct key_type *kt, @@ -198,8 +198,6 @@ krb5_DES_schedule_old(krb5_context context, { DES_set_key_unchecked(key->key->keyvalue.data, key->schedule->data); } -#endif /* WEAK_ENCTYPES */ - #ifdef ENABLE_AFS_STRING_TO_KEY @@ -214,16 +212,16 @@ krb5_DES_schedule_old(krb5_context context, */ static void krb5_DES_AFS3_CMU_string_to_key (krb5_data pw, - krb5_data cell, - DES_cblock *key) + krb5_data cell, + DES_cblock *key) { char password[8+1]; /* crypt is limited to 8 chars anyway */ int i; - + for(i = 0; i < 8; i++) { char c = ((i < pw.length) ? ((char*)pw.data)[i] : 0) ^ - ((i < cell.length) ? - tolower(((unsigned char*)cell.data)[i]) : 0); + ((i < cell.length) ? + tolower(((unsigned char*)cell.data)[i]) : 0); password[i] = c ? c : 'X'; } password[8] = '\0'; @@ -243,8 +241,8 @@ krb5_DES_AFS3_CMU_string_to_key (krb5_data pw, */ static void krb5_DES_AFS3_Transarc_string_to_key (krb5_data pw, - krb5_data cell, - DES_cblock *key) + krb5_data cell, + DES_cblock *key) { DES_key_schedule schedule; DES_cblock temp_key; @@ -308,10 +306,10 @@ DES_string_to_key_int(unsigned char *data, size_t length, DES_cblock *key) int reverse = 0; unsigned char *p; - unsigned char swap[] = { 0x0, 0x8, 0x4, 0xc, 0x2, 0xa, 0x6, 0xe, + unsigned char swap[] = { 0x0, 0x8, 0x4, 0xc, 0x2, 0xa, 0x6, 0xe, 0x1, 0x9, 0x5, 0xd, 0x3, 0xb, 0x7, 0xf }; memset(key, 0, 8); - + p = (unsigned char*)key; for (i = 0; i < length; i++) { unsigned char tmp = data[i]; @@ -335,11 +333,11 @@ DES_string_to_key_int(unsigned char *data, size_t length, DES_cblock *key) static krb5_error_code krb5_DES_string_to_key(krb5_context context, - krb5_enctype enctype, - krb5_data password, - krb5_salt salt, - krb5_data opaque, - krb5_keyblock *key) + krb5_enctype enctype, + krb5_data password, + krb5_salt salt, + krb5_data opaque, + krb5_keyblock *key) { unsigned char *s; size_t len; @@ -358,7 +356,7 @@ krb5_DES_string_to_key(krb5_context context, len = password.length + salt.saltvalue.length; s = malloc(len); if(len > 0 && s == NULL) { - krb5_set_error_message (context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } memcpy(s, password.data, password.length); @@ -384,6 +382,7 @@ krb5_DES_random_to_key(krb5_context context, if(DES_is_weak_key(k)) xor(k, (const unsigned char*)"\0\0\0\0\0\0\0\xf0"); } +#endif /* * @@ -436,11 +435,11 @@ DES3_string_to_key(krb5_context context, unsigned char tmp[24]; DES_cblock keys[3]; krb5_error_code ret; - + len = password.length + salt.saltvalue.length; str = malloc(len); if(len != 0 && str == NULL) { - krb5_set_error_message (context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } memcpy(str, password.data, password.length); @@ -454,7 +453,7 @@ DES3_string_to_key(krb5_context context, if (ret) { memset(str, 0, len); free(str); - krb5_set_error_message (context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); return ret; } @@ -467,7 +466,7 @@ DES3_string_to_key(krb5_context context, } memset(&ivec, 0, sizeof(ivec)); DES_ede3_cbc_encrypt(tmp, - tmp, sizeof(tmp), + tmp, sizeof(tmp), &s[0], &s[1], &s[2], &ivec, DES_ENCRYPT); memset(s, 0, sizeof(s)); memset(&ivec, 0, sizeof(ivec)); @@ -502,7 +501,7 @@ DES3_string_to_key_derived(krb5_context context, s = malloc(len); if(len != 0 && s == NULL) { - krb5_set_error_message (context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } memcpy(s, password.data, password.length); @@ -548,7 +547,7 @@ DES3_random_to_key(krb5_context context, DES_set_odd_parity(&k[i]); if(DES_is_weak_key(&k[i])) xor(&k[i], (const unsigned char*)"\0\0\0\0\0\0\0\xf0"); - } + } } /* @@ -556,7 +555,7 @@ DES3_random_to_key(krb5_context context, */ static void -ARCFOUR_schedule(krb5_context context, +ARCFOUR_schedule(krb5_context context, struct key_type *kt, struct key_data *kd) { @@ -566,11 +565,11 @@ ARCFOUR_schedule(krb5_context context, static krb5_error_code ARCFOUR_string_to_key(krb5_context context, - krb5_enctype enctype, - krb5_data password, - krb5_salt salt, - krb5_data opaque, - krb5_keyblock *key) + krb5_enctype enctype, + krb5_data password, + krb5_salt salt, + krb5_data opaque, + krb5_keyblock *key) { krb5_error_code ret; uint16_t *s = NULL; @@ -580,7 +579,7 @@ ARCFOUR_string_to_key(krb5_context context, m = EVP_MD_CTX_create(); if (m == NULL) { ret = ENOMEM; - krb5_set_error_message(context, ret, "Malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto out; } @@ -588,20 +587,23 @@ ARCFOUR_string_to_key(krb5_context context, ret = wind_utf8ucs2_length(password.data, &len); if (ret) { - krb5_set_error_message (context, ret, "Password not an UCS2 string"); + krb5_set_error_message (context, ret, + N_("Password not an UCS2 string", "")); goto out; } s = malloc (len * sizeof(s[0])); if (len != 0 && s == NULL) { - krb5_set_error_message (context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message (context, ENOMEM, + N_("malloc: out of memory", "")); ret = ENOMEM; goto out; } ret = wind_utf8ucs2(password.data, s, &len); if (ret) { - krb5_set_error_message (context, ret, "Password not an UCS2 string"); + krb5_set_error_message (context, ret, + N_("Password not an UCS2 string", "")); goto out; } @@ -617,12 +619,12 @@ ARCFOUR_string_to_key(krb5_context context, key->keytype = enctype; ret = krb5_data_alloc (&key->keyvalue, 16); if (ret) { - krb5_set_error_message (context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", "")); goto out; } EVP_DigestFinal_ex (m, key->keyvalue.data, NULL); -out: + out: EVP_MD_CTX_destroy(m); if (s) memset (s, 0, len); @@ -665,19 +667,19 @@ AES_string_to_key(krb5_context context, kd.schedule = NULL; ALLOC(kd.key, 1); if(kd.key == NULL) { - krb5_set_error_message (context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } kd.key->keytype = enctype; ret = krb5_data_alloc(&kd.key->keyvalue, et->keytype->size); if (ret) { - krb5_set_error_message (context, ret, "malloc: out of memory"); + krb5_set_error_message (context, ret, N_("malloc: out of memory", "")); return ret; } ret = PKCS5_PBKDF2_HMAC_SHA1(password.data, password.length, salt.saltvalue.data, salt.saltvalue.length, - iter, + iter, et->keytype->size, kd.key->keyvalue.data); if (ret != 1) { free_key_data(context, &kd, et); @@ -719,6 +721,7 @@ evp_cleanup(krb5_context context, struct key_data *kd) * */ +#ifdef WEAK_ENCTYPES static struct salt_type des_salt[] = { { KRB5_PW_SALT, @@ -734,6 +737,7 @@ static struct salt_type des_salt[] = { #endif { 0 } }; +#endif #ifdef DES3_OLD_ENCTYPE static struct salt_type des3_salt[] = { @@ -800,7 +804,6 @@ static struct key_type keytype_des_old = { des_salt, krb5_DES_random_to_key }; -#endif /* WEAK_ENCTYPES */ static struct key_type keytype_des = { KEYTYPE_DES, @@ -815,14 +818,15 @@ static struct key_type keytype_des = { evp_cleanup, EVP_des_cbc }; +#endif /* WEAK_ENCTYPES */ #ifdef DES3_OLD_ENCTYPE static struct key_type keytype_des3 = { KEYTYPE_DES3, "des3", 168, - 24, - sizeof(struct evp_schedule), + 24, + sizeof(struct evp_schedule), DES3_random_key, evp_schedule, des3_salt, @@ -885,31 +889,6 @@ static struct key_type keytype_arcfour = { arcfour_salt }; -static struct key_type *keytypes[] = { - &keytype_null, - &keytype_des, - &keytype_des3_derived, -#ifdef DES3_OLD_ENCTYPE - &keytype_des3, -#endif - &keytype_aes128, - &keytype_aes256, - &keytype_arcfour -}; - -static int num_keytypes = sizeof(keytypes) / sizeof(keytypes[0]); - -static struct key_type * -_find_keytype(krb5_keytype type) -{ - int i; - for(i = 0; i < num_keytypes; i++) - if(keytypes[i]->type == type) - return keytypes[i]; - return NULL; -} - - krb5_error_code KRB5_LIB_FUNCTION krb5_salttype_to_string (krb5_context context, krb5_enctype etype, @@ -931,7 +910,7 @@ krb5_salttype_to_string (krb5_context context, *string = strdup (st->name); if (*string == NULL) { krb5_set_error_message (context, ENOMEM, - "malloc: out of memory"); + N_("malloc: out of memory", "")); return ENOMEM; } return 0; @@ -954,7 +933,7 @@ krb5_string_to_salttype (krb5_context context, e = _find_enctype (etype); if (e == NULL) { krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, - "encryption type %d not supported", + N_("encryption type %d not supported", ""), etype); return KRB5_PROG_ETYPE_NOSUPP; } @@ -965,7 +944,7 @@ krb5_string_to_salttype (krb5_context context, } } krb5_set_error_message(context, HEIM_ERR_SALTTYPE_NOSUPP, - "salttype %s not supported", string); + N_("salttype %s not supported", ""), string); return HEIM_ERR_SALTTYPE_NOSUPP; } @@ -978,7 +957,7 @@ krb5_get_pw_salt(krb5_context context, int i; krb5_error_code ret; char *p; - + salt->salttype = KRB5_PW_SALT; len = strlen(principal->realm); for (i = 0; i < principal->name.name_string.len; ++i) @@ -999,7 +978,7 @@ krb5_get_pw_salt(krb5_context context, } krb5_error_code KRB5_LIB_FUNCTION -krb5_free_salt(krb5_context context, +krb5_free_salt(krb5_context context, krb5_salt salt) { krb5_data_free(&salt.saltvalue); @@ -1046,7 +1025,7 @@ krb5_string_to_key_data_salt (krb5_context context, { krb5_data opaque; krb5_data_zero(&opaque); - return krb5_string_to_key_data_salt_opaque(context, enctype, password, + return krb5_string_to_key_data_salt_opaque(context, enctype, password, salt, opaque, key); } @@ -1068,16 +1047,16 @@ krb5_string_to_key_data_salt_opaque (krb5_context context, struct salt_type *st; if(et == NULL) { krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, - "encryption type %d not supported", + N_("encryption type %d not supported", ""), enctype); return KRB5_PROG_ETYPE_NOSUPP; } - for(st = et->keytype->string_to_key; st && st->type; st++) + for(st = et->keytype->string_to_key; st && st->type; st++) if(st->type == salt.salttype) - return (*st->string_to_key)(context, enctype, password, + return (*st->string_to_key)(context, enctype, password, salt, opaque, key); krb5_set_error_message(context, HEIM_ERR_SALTTYPE_NOSUPP, - "salt type %d not supported", + N_("salt type %d not supported", ""), salt.salttype); return HEIM_ERR_SALTTYPE_NOSUPP; } @@ -1112,7 +1091,7 @@ krb5_string_to_key_salt_opaque (krb5_context context, krb5_data pw; pw.data = rk_UNCONST(password); pw.length = strlen(password); - return krb5_string_to_key_data_salt_opaque(context, enctype, + return krb5_string_to_key_data_salt_opaque(context, enctype, pw, salt, opaque, key); } @@ -1124,7 +1103,7 @@ krb5_enctype_keysize(krb5_context context, struct encryption_type *et = _find_enctype(type); if(et == NULL) { krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, - "encryption type %d not supported", + N_("encryption type %d not supported", ""), type); return KRB5_PROG_ETYPE_NOSUPP; } @@ -1141,7 +1120,7 @@ krb5_enctype_keybits(krb5_context context, if(et == NULL) { krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, "encryption type %d not supported", - type); + type); return KRB5_PROG_ETYPE_NOSUPP; } *keybits = et->keytype->bits; @@ -1157,18 +1136,18 @@ krb5_generate_random_keyblock(krb5_context context, struct encryption_type *et = _find_enctype(type); if(et == NULL) { krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, - "encryption type %d not supported", + N_("encryption type %d not supported", ""), type); return KRB5_PROG_ETYPE_NOSUPP; } ret = krb5_data_alloc(&key->keyvalue, et->keytype->size); - if(ret) + if(ret) return ret; key->keytype = type; if(et->keytype->random_key) (*et->keytype->random_key)(context, key); else - krb5_generate_random_block(key->keyvalue.data, + krb5_generate_random_block(key->keyvalue.data, key->keyvalue.length); return 0; } @@ -1187,7 +1166,7 @@ _key_schedule(krb5_context context, return 0; ALLOC(key->schedule, 1); if(key->schedule == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } ret = krb5_data_alloc(key->schedule, kt->schedule_size); @@ -1248,23 +1227,23 @@ RSA_MD4_checksum(krb5_context context, } static krb5_error_code -des_checksum(krb5_context context, +des_checksum(krb5_context context, const EVP_MD *evp_md, struct key_data *key, - const void *data, - size_t len, + const void *data, + size_t len, Checksum *cksum) { struct evp_schedule *ctx = key->schedule->data; EVP_MD_CTX *m; DES_cblock ivec; unsigned char *p = cksum->checksum.data; - + krb5_generate_random_block(p, 8); m = EVP_MD_CTX_create(); if (m == NULL) { - krb5_set_error_message(context, ENOMEM, "Malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } @@ -1297,7 +1276,7 @@ des_verify(krb5_context context, m = EVP_MD_CTX_create(); if (m == NULL) { - krb5_set_error_message(context, ENOMEM, "Malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } @@ -1311,7 +1290,7 @@ des_verify(krb5_context context, EVP_DigestFinal_ex (m, res, NULL); EVP_MD_CTX_destroy(m); if(memcmp(res, tmp + 8, sizeof(res)) != 0) { - krb5_clear_error_string (context); + krb5_clear_error_message (context); ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; } memset(tmp, 0, sizeof(tmp)); @@ -1320,10 +1299,10 @@ des_verify(krb5_context context, } static krb5_error_code -RSA_MD4_DES_checksum(krb5_context context, +RSA_MD4_DES_checksum(krb5_context context, struct key_data *key, - const void *data, - size_t len, + const void *data, + size_t len, unsigned usage, Checksum *cksum) { @@ -1376,6 +1355,7 @@ RSA_MD5_DES_verify(krb5_context context, return des_verify(context, EVP_md5(), key, data, len, C); } +#ifdef DES3_OLD_ENCTYPE static krb5_error_code RSA_MD5_DES3_checksum(krb5_context context, struct key_data *key, @@ -1397,6 +1377,7 @@ RSA_MD5_DES3_verify(krb5_context context, { return des_verify(context, EVP_md5(), key, data, len, C); } +#endif static krb5_error_code SHA1_checksum(krb5_context context, @@ -1414,9 +1395,9 @@ SHA1_checksum(krb5_context context, /* HMAC according to RFC2104 */ static krb5_error_code hmac(krb5_context context, - struct checksum_type *cm, - const void *data, - size_t len, + struct checksum_type *cm, + const void *data, + size_t len, unsigned usage, struct key_data *keyblock, Checksum *result) @@ -1425,7 +1406,7 @@ hmac(krb5_context context, unsigned char *key; size_t key_len; int i; - + ipad = malloc(cm->blocksize + len); if (ipad == NULL) return ENOMEM; @@ -1438,10 +1419,10 @@ hmac(krb5_context context, memset(opad, 0x5c, cm->blocksize); if(keyblock->key->keyvalue.length > cm->blocksize){ - (*cm->checksum)(context, - keyblock, - keyblock->key->keyvalue.data, - keyblock->key->keyvalue.length, + (*cm->checksum)(context, + keyblock, + keyblock->key->keyvalue.data, + keyblock->key->keyvalue.length, usage, result); key = result->checksum.data; @@ -1457,9 +1438,9 @@ hmac(krb5_context context, memcpy(ipad + cm->blocksize, data, len); (*cm->checksum)(context, keyblock, ipad, cm->blocksize + len, usage, result); - memcpy(opad + cm->blocksize, result->checksum.data, + memcpy(opad + cm->blocksize, result->checksum.data, result->checksum.length); - (*cm->checksum)(context, keyblock, opad, + (*cm->checksum)(context, keyblock, opad, cm->blocksize + cm->checksumsize, usage, result); memset(ipad, 0, cm->blocksize + len); free(ipad); @@ -1474,7 +1455,7 @@ krb5_hmac(krb5_context context, krb5_cksumtype cktype, const void *data, size_t len, - unsigned usage, + unsigned usage, krb5_keyblock *key, Checksum *result) { @@ -1484,7 +1465,7 @@ krb5_hmac(krb5_context context, if (c == NULL) { krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, - "checksum type %d not supported", + N_("checksum type %d not supported", ""), cktype); return KRB5_PROG_SUMTYPE_NOSUPP; } @@ -1498,13 +1479,13 @@ krb5_hmac(krb5_context context, krb5_free_data(context, kd.schedule); return ret; - } +} static krb5_error_code SP_HMAC_SHA1_checksum(krb5_context context, - struct key_data *key, - const void *data, - size_t len, + struct key_data *key, + const void *data, + size_t len, unsigned usage, Checksum *result) { @@ -1548,7 +1529,7 @@ HMAC_MD5_checksum(krb5_context context, m = EVP_MD_CTX_create(); if (m == NULL) { - krb5_set_error_message(context, ENOMEM, "Malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } ksign_c.checksum.length = sizeof(ksign_c_data); @@ -1577,12 +1558,12 @@ HMAC_MD5_checksum(krb5_context context, } static struct checksum_type checksum_none = { - CKSUMTYPE_NONE, - "none", - 1, - 0, + CKSUMTYPE_NONE, + "none", + 1, 0, - NONE_checksum, + 0, + NONE_checksum, NULL }; static struct checksum_type checksum_crc32 = { @@ -1720,10 +1701,10 @@ _find_checksum(krb5_cksumtype type) } static krb5_error_code -get_checksum_key(krb5_context context, +get_checksum_key(krb5_context context, krb5_crypto crypto, unsigned usage, /* not krb5_key_usage */ - struct checksum_type *ct, + struct checksum_type *ct, struct key_data **key) { krb5_error_code ret = 0; @@ -1735,16 +1716,16 @@ get_checksum_key(krb5_context context, *key = _new_derived_key(crypto, 0xff/* KRB5_KU_RFC1510_VARIANT */); if(*key == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } ret = krb5_copy_keyblock(context, crypto->key.key, &(*key)->key); - if(ret) + if(ret) return ret; for(i = 0; i < (*key)->key->keyvalue.length; i++) ((unsigned char*)(*key)->key->keyvalue.data)[i] ^= 0xF0; } else { - *key = &crypto->key; + *key = &crypto->key; } if(ret == 0) ret = _key_schedule(context, *key); @@ -1763,16 +1744,16 @@ create_checksum (krb5_context context, krb5_error_code ret; struct key_data *dkey; int keyed_checksum; - + if (ct->flags & F_DISABLED) { - krb5_clear_error_string (context); + krb5_clear_error_message (context); return KRB5_PROG_SUMTYPE_NOSUPP; } keyed_checksum = (ct->flags & F_KEYED) != 0; if(keyed_checksum && crypto == NULL) { krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, - "Checksum type %s is keyed " - "but no crypto context (key) was passed in", + N_("Checksum type %s is keyed but no " + "crypto context (key) was passed in", ""), ct->name); return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */ } @@ -1819,7 +1800,7 @@ krb5_create_checksum(krb5_context context, if(ct == NULL) { krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, - "checksum type %d not supported", + N_("checksum type %d not supported", ""), type); return KRB5_PROG_SUMTYPE_NOSUPP; } @@ -1851,19 +1832,19 @@ verify_checksum(krb5_context context, ct = _find_checksum(cksum->cksumtype); if (ct == NULL || (ct->flags & F_DISABLED)) { krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, - "checksum type %d not supported", - cksum->cksumtype); + N_("checksum type %d not supported", ""), + cksum->cksumtype); return KRB5_PROG_SUMTYPE_NOSUPP; } if(ct->checksumsize != cksum->checksum.length) { - krb5_clear_error_string (context); + krb5_clear_error_message (context); return KRB5KRB_AP_ERR_BAD_INTEGRITY; /* XXX */ } keyed_checksum = (ct->flags & F_KEYED) != 0; if(keyed_checksum && crypto == NULL) { krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, - "Checksum type %s is keyed " - "but no crypto context (key) was passed in", + N_("Checksum type %s is keyed but no " + "crypto context (key) was passed in", ""), ct->name); return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */ } @@ -1886,9 +1867,9 @@ verify_checksum(krb5_context context, return ret; } - if(c.checksum.length != cksum->checksum.length || + if(c.checksum.length != cksum->checksum.length || memcmp(c.checksum.data, cksum->checksum.data, c.checksum.length)) { - krb5_clear_error_string (context); + krb5_clear_error_message (context); ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; } else { ret = 0; @@ -1900,7 +1881,7 @@ verify_checksum(krb5_context context, krb5_error_code KRB5_LIB_FUNCTION krb5_verify_checksum(krb5_context context, krb5_crypto crypto, - krb5_key_usage usage, + krb5_key_usage usage, void *data, size_t len, Checksum *cksum) @@ -1911,7 +1892,7 @@ krb5_verify_checksum(krb5_context context, ct = _find_checksum(cksum->cksumtype); if(ct == NULL) { krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, - "checksum type %d not supported", + N_("checksum type %d not supported", ""), cksum->cksumtype); return KRB5_PROG_SUMTYPE_NOSUPP; } @@ -1932,22 +1913,22 @@ krb5_crypto_get_checksum_type(krb5_context context, krb5_cksumtype *type) { struct checksum_type *ct = NULL; - + if (crypto != NULL) { ct = crypto->et->keyed_checksum; if (ct == NULL) ct = crypto->et->checksum; } - + if (ct == NULL) { krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, - "checksum type not found"); + N_("checksum type not found", "")); return KRB5_PROG_SUMTYPE_NOSUPP; - } + } *type = ct->type; - - return 0; + + return 0; } @@ -1959,7 +1940,7 @@ krb5_checksumsize(krb5_context context, struct checksum_type *ct = _find_checksum(type); if(ct == NULL) { krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, - "checksum type %d not supported", + N_("checksum type %d not supported", ""), type); return KRB5_PROG_SUMTYPE_NOSUPP; } @@ -1975,7 +1956,7 @@ krb5_checksum_is_keyed(krb5_context context, if(ct == NULL) { if (context) krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, - "checksum type %d not supported", + N_("checksum type %d not supported", ""), type); return KRB5_PROG_SUMTYPE_NOSUPP; } @@ -1990,7 +1971,7 @@ krb5_checksum_is_collision_proof(krb5_context context, if(ct == NULL) { if (context) krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, - "checksum type %d not supported", + N_("checksum type %d not supported", ""), type); return KRB5_PROG_SUMTYPE_NOSUPP; } @@ -2005,7 +1986,7 @@ krb5_checksum_disable(krb5_context context, if(ct == NULL) { if (context) krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, - "checksum type %d not supported", + N_("checksum type %d not supported", ""), type); return KRB5_PROG_SUMTYPE_NOSUPP; } @@ -2019,9 +2000,9 @@ krb5_checksum_disable(krb5_context context, static krb5_error_code NULL_encrypt(krb5_context context, - struct key_data *key, - void *data, - size_t len, + struct key_data *key, + void *data, + size_t len, krb5_boolean encryptp, int usage, void *ivec) @@ -2031,9 +2012,9 @@ NULL_encrypt(krb5_context context, static krb5_error_code evp_encrypt(krb5_context context, - struct key_data *key, - void *data, - size_t len, + struct key_data *key, + void *data, + size_t len, krb5_boolean encryptp, int usage, void *ivec) @@ -2046,7 +2027,7 @@ evp_encrypt(krb5_context context, size_t len = EVP_CIPHER_CTX_iv_length(c); void *loiv = malloc(len); if (loiv == NULL) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ENOMEM; } memset(loiv, 0, len); @@ -2061,9 +2042,9 @@ evp_encrypt(krb5_context context, #ifdef WEAK_ENCTYPES static krb5_error_code evp_des_encrypt_null_ivec(krb5_context context, - struct key_data *key, - void *data, - size_t len, + struct key_data *key, + void *data, + size_t len, krb5_boolean encryptp, int usage, void *ignore_ivec) @@ -2080,9 +2061,9 @@ evp_des_encrypt_null_ivec(krb5_context context, static krb5_error_code evp_des_encrypt_key_ivec(krb5_context context, - struct key_data *key, - void *data, - size_t len, + struct key_data *key, + void *data, + size_t len, krb5_boolean encryptp, int usage, void *ignore_ivec) @@ -2099,9 +2080,9 @@ evp_des_encrypt_key_ivec(krb5_context context, static krb5_error_code DES_CFB64_encrypt_null_ivec(krb5_context context, - struct key_data *key, - void *data, - size_t len, + struct key_data *key, + void *data, + size_t len, krb5_boolean encryptp, int usage, void *ignore_ivec) @@ -2117,9 +2098,9 @@ DES_CFB64_encrypt_null_ivec(krb5_context context, static krb5_error_code DES_PCBC_encrypt_key_ivec(krb5_context context, - struct key_data *key, - void *data, - size_t len, + struct key_data *key, + void *data, + size_t len, krb5_boolean encryptp, int usage, void *ignore_ivec) @@ -2266,7 +2247,7 @@ ARCFOUR_subdecrypt(krb5_context context, memset (k3_c_data, 0, sizeof(k3_c_data)); if (memcmp (cksum.checksum.data, data, 16) != 0) { - krb5_clear_error_string (context); + krb5_clear_error_message (context); return KRB5KRB_AP_ERR_BAD_INTEGRITY; } else { return 0; @@ -2341,7 +2322,7 @@ AES_PRF(krb5_context context, result.cksumtype = ct->type; ret = krb5_data_alloc(&result.checksum, ct->checksumsize); if (ret) { - krb5_set_error_message(context, ret, "out memory"); + krb5_set_error_message(context, ret, N_("malloc: out memory", "")); return ret; } @@ -2355,7 +2336,7 @@ AES_PRF(krb5_context context, krb5_abortx(context, "internal prf error"); derived = NULL; - ret = krb5_derive_key(context, crypto->key.key, + ret = krb5_derive_key(context, crypto->key.key, crypto->et->type, "prf", 3, &derived); if (ret) krb5_abortx(context, "krb5_derive_key"); @@ -2363,14 +2344,14 @@ AES_PRF(krb5_context context, ret = krb5_data_alloc(out, crypto->et->blocksize); if (ret) krb5_abortx(context, "malloc failed"); - - { + + { const EVP_CIPHER *c = (*crypto->et->keytype->evp)(); EVP_CIPHER_CTX ctx; /* XXX blksz 1 for cts, so we can't use that */ EVP_CIPHER_CTX_init(&ctx); /* ivec all zero */ EVP_CipherInit_ex(&ctx, c, NULL, derived->keyvalue.data, NULL, 1); - EVP_Cipher(&ctx, out->data, result.checksum.data, 16); + EVP_Cipher(&ctx, out->data, result.checksum.data, 16); EVP_CIPHER_CTX_cleanup(&ctx); } @@ -2413,7 +2394,7 @@ static struct encryption_type enctype_arcfour_hmac_md5 = { NULL }; #ifdef DES3_OLD_ENCTYPE -static struct encryption_type enctype_des3_cbc_md5 = { +static struct encryption_type enctype_des3_cbc_md5 = { ETYPE_DES3_CBC_MD5, "des3-cbc-md5", 8, @@ -2594,7 +2575,7 @@ static struct encryption_type *etypes[] = { &enctype_des3_cbc_none, /* used by the gss-api mech */ &enctype_arcfour_hmac_md5, #ifdef DES3_OLD_ENCTYPE - &enctype_des3_cbc_md5, + &enctype_des3_cbc_md5, &enctype_old_des3_cbc_sha1, #endif #ifdef WEAK_ENCTYPES @@ -2631,14 +2612,14 @@ krb5_enctype_to_string(krb5_context context, e = _find_enctype(etype); if(e == NULL) { krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP, - "encryption type %d not supported", + N_("encryption type %d not supported", ""), etype); *string = NULL; return KRB5_PROG_ETYPE_NOSUPP; } *string = strdup(e->name); if(*string == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } return 0; @@ -2656,7 +2637,7 @@ krb5_string_to_enctype(krb5_context context, return 0; } krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP, - "encryption type %s not supported", + N_("encryption type %s not supported", ""), string); return KRB5_PROG_ETYPE_NOSUPP; } @@ -2669,8 +2650,8 @@ krb5_enctype_to_keytype(krb5_context context, struct encryption_type *e = _find_enctype(etype); if(e == NULL) { krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP, - "encryption type %d not supported", - etype); + N_("encryption type %d not supported", ""), + etype); return KRB5_PROG_ETYPE_NOSUPP; } *keytype = e->keytype->type; /* XXX */ @@ -2678,19 +2659,19 @@ krb5_enctype_to_keytype(krb5_context context, } krb5_error_code KRB5_LIB_FUNCTION -krb5_enctype_valid(krb5_context context, - krb5_enctype etype) +krb5_enctype_valid(krb5_context context, + krb5_enctype etype) { struct encryption_type *e = _find_enctype(etype); if(e == NULL) { krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP, - "encryption type %d not supported", + N_("encryption type %d not supported", ""), etype); return KRB5_PROG_ETYPE_NOSUPP; } if (e->flags & F_DISABLED) { krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP, - "encryption type %s is disabled", + N_("encryption type %s is disabled", ""), e->name); return KRB5_PROG_ETYPE_NOSUPP; } @@ -2720,35 +2701,35 @@ krb5_cksumtype_to_enctype(krb5_context context, *etype = ETYPE_NULL; for(i = 0; i < num_etypes; i++) { - if(etypes[i]->keyed_checksum && + if(etypes[i]->keyed_checksum && etypes[i]->keyed_checksum->type == ctype) - { - *etype = etypes[i]->type; - return 0; - } + { + *etype = etypes[i]->type; + return 0; + } } krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, - "ckecksum type %d not supported", + N_("checksum type %d not supported", ""), (int)ctype); return KRB5_PROG_SUMTYPE_NOSUPP; } krb5_error_code KRB5_LIB_FUNCTION -krb5_cksumtype_valid(krb5_context context, +krb5_cksumtype_valid(krb5_context context, krb5_cksumtype ctype) { struct checksum_type *c = _find_checksum(ctype); if (c == NULL) { krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, - "checksum type %d not supported", + N_("checksum type %d not supported", ""), ctype); return KRB5_PROG_SUMTYPE_NOSUPP; } if (c->flags & F_DISABLED) { krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP, - "checksum type %s is disabled", + N_("checksum type %s is disabled", ""), c->name); return KRB5_PROG_SUMTYPE_NOSUPP; } @@ -2799,7 +2780,7 @@ encrypt_internal_derived(krb5_context context, krb5_error_code ret; struct key_data *dkey; const struct encryption_type *et = crypto->et; - + checksum_sz = CHECKSUMSIZE(et->keyed_checksum); sz = et->confoundersize + len; @@ -2807,25 +2788,25 @@ encrypt_internal_derived(krb5_context context, total_sz = block_sz + checksum_sz; p = calloc(1, total_sz); if(p == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } - + q = p; krb5_generate_random_block(q, et->confoundersize); /* XXX */ q += et->confoundersize; memcpy(q, data, len); - - ret = create_checksum(context, + + ret = create_checksum(context, et->keyed_checksum, - crypto, + crypto, INTEGRITY_USAGE(usage), - p, + p, block_sz, &cksum); if(ret == 0 && cksum.checksum.length != checksum_sz) { free_Checksum (&cksum); - krb5_clear_error_string (context); + krb5_clear_error_message (context); ret = KRB5_CRYPTO_INTERNAL; } if(ret) @@ -2864,17 +2845,17 @@ encrypt_internal(krb5_context context, unsigned char *p, *q; krb5_error_code ret; const struct encryption_type *et = crypto->et; - + checksum_sz = CHECKSUMSIZE(et->checksum); - + sz = et->confoundersize + checksum_sz + len; block_sz = (sz + et->padsize - 1) &~ (et->padsize - 1); /* pad */ p = calloc(1, block_sz); if(p == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } - + q = p; krb5_generate_random_block(q, et->confoundersize); /* XXX */ q += et->confoundersize; @@ -2882,15 +2863,15 @@ encrypt_internal(krb5_context context, q += checksum_sz; memcpy(q, data, len); - ret = create_checksum(context, + ret = create_checksum(context, et->checksum, crypto, 0, - p, + p, block_sz, &cksum); if(ret == 0 && cksum.checksum.length != checksum_sz) { - krb5_clear_error_string (context); + krb5_clear_error_message (context); free_Checksum(&cksum); ret = KRB5_CRYPTO_INTERNAL; } @@ -2933,7 +2914,7 @@ encrypt_internal_special(krb5_context context, tmp = malloc (sz); if (tmp == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } p = tmp; @@ -2969,23 +2950,23 @@ decrypt_internal_derived(krb5_context context, struct key_data *dkey; struct encryption_type *et = crypto->et; unsigned long l; - + checksum_sz = CHECKSUMSIZE(et->keyed_checksum); if (len < checksum_sz + et->confoundersize) { krb5_set_error_message(context, KRB5_BAD_MSIZE, - "Encrypted data shorter then " - "checksum + confunder"); + N_("Encrypted data shorter then " + "checksum + confunder", "")); return KRB5_BAD_MSIZE; } if (((len - checksum_sz) % et->padsize) != 0) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return KRB5_BAD_MSIZE; } p = malloc(len); if(len != 0 && p == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } memcpy(p, data, len); @@ -3027,7 +3008,7 @@ decrypt_internal_derived(krb5_context context, result->data = realloc(p, l); if(result->data == NULL && l != 0) { free(p); - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } result->length = l; @@ -3047,20 +3028,20 @@ decrypt_internal(krb5_context context, Checksum cksum; size_t checksum_sz, l; struct encryption_type *et = crypto->et; - + if ((len % et->padsize) != 0) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return KRB5_BAD_MSIZE; } checksum_sz = CHECKSUMSIZE(et->checksum); p = malloc(len); if(len != 0 && p == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } memcpy(p, data, len); - + ret = _key_schedule(context, &crypto->key); if(ret) { free(p); @@ -3089,7 +3070,7 @@ decrypt_internal(krb5_context context, result->data = realloc(p, l); if(result->data == NULL && l != 0) { free(p); - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } result->length = l; @@ -3112,17 +3093,17 @@ decrypt_internal_special(krb5_context context, krb5_error_code ret; if ((len % et->padsize) != 0) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return KRB5_BAD_MSIZE; } p = malloc (len); if (p == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } memcpy(p, data, len); - + ret = (*et->encrypt)(context, &crypto->key, p, len, FALSE, usage, ivec); if (ret) { free(p); @@ -3133,13 +3114,23 @@ decrypt_internal_special(krb5_context context, result->data = realloc(p, sz); if(result->data == NULL && sz != 0) { free(p); - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } result->length = sz; return 0; } +static krb5_crypto_iov * +find_iv(krb5_crypto_iov *data, int num_data, int type) +{ + int i; + for (i = 0; i < num_data; i++) + if (data[i].flags == type) + return &data[i]; + return NULL; +} + /** * Inline encrypt a kerberos message * @@ -3154,25 +3145,16 @@ decrypt_internal_special(krb5_context context, * @ingroup krb5_crypto * * Kerberos encrypted data look like this: - * + * * 1. KRB5_CRYPTO_TYPE_HEADER * 2. array KRB5_CRYPTO_TYPE_DATA and KRB5_CRYPTO_TYPE_SIGN_ONLY in * any order, however the receiver have to aware of the * order. KRB5_CRYPTO_TYPE_SIGN_ONLY is commonly used headers and * trailers. - * 3. KRB5_CRYPTO_TYPE_TRAILER + * 3. KRB5_CRYPTO_TYPE_PADDING, at least on padsize long if padsize > 1 + * 4. KRB5_CRYPTO_TYPE_TRAILER */ -static krb5_crypto_iov * -find_iv(krb5_crypto_iov *data, int num_data, int type) -{ - int i; - for (i = 0; i < num_data; i++) - if (data[i].flags == type) - return &data[i]; - return NULL; -} - krb5_error_code KRB5_LIB_FUNCTION krb5_encrypt_iov_ivec(krb5_context context, krb5_crypto crypto, @@ -3189,15 +3171,15 @@ krb5_encrypt_iov_ivec(krb5_context context, struct key_data *dkey; const struct encryption_type *et = crypto->et; krb5_crypto_iov *tiv, *piv, *hiv; - - if(!derived_crypto(context, crypto)) { - krb5_clear_error_string(context); + + if(!derived_crypto(context, crypto)) { + krb5_clear_error_message(context); return KRB5_CRYPTO_INTERNAL; } headersz = et->confoundersize; trailersz = CHECKSUMSIZE(et->keyed_checksum); - + for (len = 0, i = 0; i < num_data; i++) { if (data[i].flags != KRB5_CRYPTO_TYPE_HEADER && data[i].flags == KRB5_CRYPTO_TYPE_DATA) { @@ -3265,17 +3247,17 @@ krb5_encrypt_iov_ivec(krb5_context context, q += data[i].data.length; } - ret = create_checksum(context, + ret = create_checksum(context, et->keyed_checksum, - crypto, + crypto, INTEGRITY_USAGE(usage), - p, + p, len, &cksum); free(p); if(ret == 0 && cksum.checksum.length != trailersz) { free_Checksum (&cksum); - krb5_clear_error_string (context); + krb5_clear_error_message (context); ret = KRB5_CRYPTO_INTERNAL; } if(ret) @@ -3352,6 +3334,27 @@ krb5_encrypt_iov_ivec(krb5_context context, return ret; } +/** + * Inline decrypt a Kerberos message. + * + * @param context Kerberos context + * @param crypto Kerberos crypto context + * @param usage Key usage for this buffer + * @param data array of buffers to process + * @param num_data length of array + * @param ivec initial cbc/cts vector + * + * @return Return an error code or 0. + * @ingroup krb5_crypto + * + * 1. KRB5_CRYPTO_TYPE_HEADER + * 2. array KRB5_CRYPTO_TYPE_DATA and KRB5_CRYPTO_TYPE_SIGN_ONLY in + * any order, however the receiver have to aware of the + * order. KRB5_CRYPTO_TYPE_SIGN_ONLY is commonly used unencrypoted + * protocol headers and trailers. The output data will be of same + * size as the input data or shorter. + */ + krb5_error_code KRB5_LIB_FUNCTION krb5_decrypt_iov_ivec(krb5_context context, krb5_crypto crypto, @@ -3368,15 +3371,15 @@ krb5_decrypt_iov_ivec(krb5_context context, struct key_data *dkey; struct encryption_type *et = crypto->et; krb5_crypto_iov *tiv, *hiv; - - if(!derived_crypto(context, crypto)) { - krb5_clear_error_string(context); + + if(!derived_crypto(context, crypto)) { + krb5_clear_error_message(context); return KRB5_CRYPTO_INTERNAL; } headersz = et->confoundersize; trailersz = CHECKSUMSIZE(et->keyed_checksum); - + for (len = 0, i = 0; i < num_data; i++) if (data[i].flags == KRB5_CRYPTO_TYPE_DATA) len += data[i].data.length; @@ -3492,12 +3495,88 @@ krb5_decrypt_iov_ivec(krb5_context context, len, &cksum); free(p); - if(ret) + return ret; +} + +/** + * Create a Kerberos message checksum. + * + * @param context Kerberos context + * @param crypto Kerberos crypto context + * @param usage Key usage for this buffer + * @param data array of buffers to process + * @param num_data length of array + * @param result output data + * + * @return Return an error code or 0. + * @ingroup krb5_crypto + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_create_checksum_iov(krb5_context context, + krb5_crypto crypto, + unsigned usage, + krb5_crypto_iov *data, + size_t num_data, + krb5_cksumtype *type) +{ + Checksum cksum; + krb5_crypto_iov *civ; + krb5_error_code ret; + unsigned int i; + size_t len; + char *p, *q; + + if(!derived_crypto(context, crypto)) { + krb5_clear_error_message(context); + return KRB5_CRYPTO_INTERNAL; + } + + civ = find_iv(data, num_data, KRB5_CRYPTO_TYPE_CHECKSUM); + if (civ == NULL) + return KRB5_BAD_MSIZE; + + len = 0; + for (i = 0; i < num_data; i++) { + if (data[i].flags != KRB5_CRYPTO_TYPE_DATA && + data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY) + continue; + len += data[i].data.length; + } + + p = q = malloc(len); + + for (i = 0; i < num_data; i++) { + if (data[i].flags != KRB5_CRYPTO_TYPE_DATA && + data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY) + continue; + memcpy(q, data[i].data.data, data[i].data.length); + q += data[i].data.length; + } + + ret = krb5_create_checksum(context, crypto, usage, 0, p, len, &cksum); + free(p); + if (ret) return ret; + if (type) + *type = cksum.cksumtype; + + if (cksum.checksum.length > civ->data.length) { + krb5_set_error_message(context, KRB5_BAD_MSIZE, + N_("Checksum larger then input buffer", "")); + free_Checksum(&cksum); + return KRB5_BAD_MSIZE; + } + + civ->data.length = cksum.checksum.length; + memcpy(civ->data.data, cksum.checksum.data, civ->data.length); + free_Checksum(&cksum); + return 0; } + size_t KRB5_LIB_FUNCTION krb5_crypto_length(krb5_context context, krb5_crypto crypto, @@ -3516,6 +3595,10 @@ krb5_crypto_length(krb5_context context, return 0; case KRB5_CRYPTO_TYPE_TRAILER: return CHECKSUMSIZE(crypto->et->keyed_checksum); + case KRB5_CRYPTO_TYPE_CHECKSUM: + if (crypto->et->keyed_checksum) + return CHECKSUMSIZE(crypto->et->keyed_checksum); + return CHECKSUMSIZE(crypto->et->checksum); } return (size_t)-1; } @@ -3530,7 +3613,7 @@ krb5_encrypt_ivec(krb5_context context, void *ivec) { if(derived_crypto(context, crypto)) - return encrypt_internal_derived(context, crypto, usage, + return encrypt_internal_derived(context, crypto, usage, data, len, result, ivec); else if (special_crypto(context, crypto)) return encrypt_internal_special (context, crypto, usage, @@ -3578,7 +3661,7 @@ krb5_decrypt_ivec(krb5_context context, void *ivec) { if(derived_crypto(context, crypto)) - return decrypt_internal_derived(context, crypto, usage, + return decrypt_internal_derived(context, crypto, usage, data, len, result, ivec); else if (special_crypto (context, crypto)) return decrypt_internal_special(context, crypto, usage, @@ -3606,7 +3689,7 @@ krb5_decrypt_EncryptedData(krb5_context context, const EncryptedData *e, krb5_data *result) { - return krb5_decrypt(context, crypto, usage, + return krb5_decrypt(context, crypto, usage, e->cipher.data, e->cipher.length, result); } @@ -3647,13 +3730,13 @@ seed_something(void) /* Try using egd */ if (!krb5_init_context(&context)) { p = krb5_config_get_string(context, NULL, "libdefaults", - "egd_socket", NULL); + "egd_socket", NULL); if (p != NULL) RAND_egd_bytes(p, ENTROPY_NEEDED); krb5_free_context(context); } } - + if (RAND_status() == 1) { /* Update the seed file */ if (seedfile[0]) @@ -3668,7 +3751,7 @@ void KRB5_LIB_FUNCTION krb5_generate_random_block(void *buf, size_t len) { static int rng_initialized = 0; - + HEIMDAL_MUTEX_lock(&crypto_mutex); if (!rng_initialized) { if (seed_something()) @@ -3713,18 +3796,18 @@ derive_key(krb5_context context, nblocks = (kt->bits + et->blocksize * 8 - 1) / (et->blocksize * 8); k = malloc(nblocks * et->blocksize); if(k == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } ret = _krb5_n_fold(constant, len, k, et->blocksize); if (ret) { free(k); - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); return ret; } for(i = 0; i < nblocks; i++) { if(i > 0) - memcpy(k + i * et->blocksize, + memcpy(k + i * et->blocksize, k + (i - 1) * et->blocksize, et->blocksize); (*et->encrypt)(context, key, k + i * et->blocksize, et->blocksize, @@ -3736,7 +3819,7 @@ derive_key(krb5_context context, size_t res_len = (kt->bits + 7) / 8; if(len != 0 && c == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } memcpy(c, constant, len); @@ -3744,18 +3827,18 @@ derive_key(krb5_context context, k = malloc(res_len); if(res_len != 0 && k == NULL) { free(c); - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } ret = _krb5_n_fold(c, len, k, res_len); if (ret) { free(k); - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); return ret; } free(c); } - + /* XXX keytype dependent post-processing */ switch(kt->type) { case KEYTYPE_DES3: @@ -3768,7 +3851,7 @@ derive_key(krb5_context context, default: ret = KRB5_CRYPTO_INTERNAL; krb5_set_error_message(context, ret, - "derive_key() called with unknown keytype (%u)", + N_("derive_key() called with unknown keytype (%u)", ""), kt->type); break; } @@ -3812,7 +3895,7 @@ krb5_derive_key(krb5_context context, et = _find_enctype (etype); if (et == NULL) { krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, - "encryption type %d not supported", + N_("encryption type %d not supported", ""), etype); return KRB5_PROG_ETYPE_NOSUPP; } @@ -3825,14 +3908,14 @@ krb5_derive_key(krb5_context context, ret = derive_key(context, et, &d, constant, constant_len); if (ret == 0) ret = krb5_copy_keyblock(context, d.key, derived_key); - free_key_data(context, &d, et); + free_key_data(context, &d, et); return ret; } static krb5_error_code -_get_derived_key(krb5_context context, - krb5_crypto crypto, - unsigned usage, +_get_derived_key(krb5_context context, + krb5_crypto crypto, + unsigned usage, struct key_data **key) { int i; @@ -3846,7 +3929,7 @@ _get_derived_key(krb5_context context, } d = _new_derived_key(crypto, usage); if(d == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } krb5_copy_keyblock(context, crypto->key.key, &d->key); @@ -3866,7 +3949,7 @@ krb5_crypto_init(krb5_context context, krb5_error_code ret; ALLOC(*crypto, 1); if(*crypto == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } if(etype == ETYPE_NULL) @@ -3876,7 +3959,7 @@ krb5_crypto_init(krb5_context context, free(*crypto); *crypto = NULL; krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP, - "encryption type %d not supported", + N_("encryption type %d not supported", ""), etype); return KRB5_PROG_ETYPE_NOSUPP; } @@ -3924,7 +4007,7 @@ krb5_crypto_destroy(krb5_context context, krb5_crypto crypto) { int i; - + for(i = 0; i < crypto->num_key_usage; i++) free_key_usage(context, &crypto->key_usage[i], crypto->et); free(crypto->key_usage); @@ -3948,13 +4031,13 @@ krb5_crypto_getenctype(krb5_context context, krb5_enctype *enctype) { *enctype = crypto->et->type; - return 0; + return 0; } krb5_error_code KRB5_LIB_FUNCTION krb5_crypto_getpadsize(krb5_context context, krb5_crypto crypto, - size_t *padsize) + size_t *padsize) { *padsize = crypto->et->padsize; return 0; @@ -3989,7 +4072,7 @@ krb5_enctype_disable(krb5_context context, if(et == NULL) { if (context) krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP, - "encryption type %d not supported", + N_("encryption type %d not supported", ""), enctype); return KRB5_PROG_ETYPE_NOSUPP; } @@ -4016,7 +4099,7 @@ krb5_enctype_enable(krb5_context context, if(et == NULL) { if (context) krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP, - "encryption type %d not supported", + N_("encryption type %d not supported", ""), enctype); return KRB5_PROG_ETYPE_NOSUPP; } @@ -4040,7 +4123,7 @@ krb5_string_to_key_derived(krb5_context context, if(et == NULL) { krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP, - "encryption type %d not supported", + N_("encryption type %d not supported", ""), etype); return KRB5_PROG_ETYPE_NOSUPP; } @@ -4049,7 +4132,7 @@ krb5_string_to_key_derived(krb5_context context, ALLOC(kd.key, 1); if(kd.key == NULL) { krb5_set_error_message (context, ENOMEM, - "malloc: out of memory"); + N_("malloc: out of memory", "")); return ENOMEM; } ret = krb5_data_alloc(&kd.key->keyvalue, et->keytype->size); @@ -4061,20 +4144,20 @@ krb5_string_to_key_derived(krb5_context context, tmp = malloc (keylen); if(tmp == NULL) { krb5_free_keyblock(context, kd.key); - krb5_set_error_message (context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } ret = _krb5_n_fold(str, len, tmp, keylen); if (ret) { free(tmp); - krb5_set_error_message (context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", "")); return ret; } kd.schedule = NULL; DES3_postproc (context, tmp, keylen, &kd); /* XXX */ memset(tmp, 0, keylen); free(tmp); - ret = derive_key(context, + ret = derive_key(context, et, &kd, "kerberos", /* XXX well known constant */ @@ -4190,20 +4273,21 @@ krb5_random_to_key(krb5_context context, krb5_error_code ret; struct encryption_type *et = _find_enctype(type); if(et == NULL) { - krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, - "encryption type %d not supported", + krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, + N_("encryption type %d not supported", ""), type); return KRB5_PROG_ETYPE_NOSUPP; } if ((et->keytype->bits + 7) / 8 > size) { krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, - "encryption key %s needs %d bytes " - "of random to make an encryption key out of it", + N_("encryption key %s needs %d bytes " + "of random to make an encryption key " + "out of it", ""), et->name, (int)et->keytype->size); return KRB5_PROG_ETYPE_NOSUPP; } ret = krb5_data_alloc(&key->keyvalue, et->keytype->size); - if(ret) + if(ret) return ret; key->keytype = type; if (et->keytype->random_to_key) @@ -4232,7 +4316,7 @@ _krb5_pk_octetstring2key(krb5_context context, if(et == NULL) { krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, - "encryption type %d not supported", + N_("encryption type %d not supported", ""), type); return KRB5_PROG_ETYPE_NOSUPP; } @@ -4240,7 +4324,7 @@ _krb5_pk_octetstring2key(krb5_context context, keydata = malloc(keylen); if (keydata == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } @@ -4288,7 +4372,7 @@ encode_uvinfo(krb5_context context, krb5_const_principal p, krb5_data *data) if (ret) { krb5_data_zero(data); krb5_set_error_message(context, ret, - "Failed to encode KRB5PrincipalName"); + N_("Failed to encode KRB5PrincipalName", "")); return ret; } if (data->length != size) @@ -4324,7 +4408,7 @@ encode_otherinfo(krb5_context context, ASN1_MALLOC_ENCODE(PkinitSuppPubInfo, pub.data, pub.length, &pubinfo, &size, ret); if (ret) { - krb5_set_error_message(context, ret, "out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); return ret; } if (pub.length != size) @@ -4344,14 +4428,14 @@ encode_otherinfo(krb5_context context, otherinfo.algorithmID = *ai; otherinfo.suppPubInfo = &pub; - - ASN1_MALLOC_ENCODE(PkinitSP80056AOtherInfo, other->data, other->length, + + ASN1_MALLOC_ENCODE(PkinitSP80056AOtherInfo, other->data, other->length, &otherinfo, &size, ret); free(otherinfo.partyUInfo.data); free(otherinfo.partyVInfo.data); free(pub.data); if (ret) { - krb5_set_error_message(context, ret, "out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); return ret; } if (other->length != size) @@ -4383,22 +4467,23 @@ _krb5_pk_kdf(krb5_context context, if (der_heim_oid_cmp(oid_id_pkinit_kdf_ah_sha1(), &ai->algorithm) != 0) { krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, - "kdf not supported"); + N_("KDF not supported", "")); return KRB5_PROG_ETYPE_NOSUPP; } if (ai->parameters != NULL && - (ai->parameters->length != 2 || - memcmp(ai->parameters->data, "\x05\x00", 2) != 0)) - { - krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, - "kdf params not NULL or the NULL-type"); - return KRB5_PROG_ETYPE_NOSUPP; - } + (ai->parameters->length != 2 || + memcmp(ai->parameters->data, "\x05\x00", 2) != 0)) + { + krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, + N_("kdf params not NULL or the NULL-type", + "")); + return KRB5_PROG_ETYPE_NOSUPP; + } et = _find_enctype(enctype); if(et == NULL) { krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, - "encryption type %d not supported", + N_("encryption type %d not supported", ""), enctype); return KRB5_PROG_ETYPE_NOSUPP; } @@ -4406,11 +4491,11 @@ _krb5_pk_kdf(krb5_context context, keydata = malloc(keylen); if (keydata == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } - ret = encode_otherinfo(context, ai, client, server, + ret = encode_otherinfo(context, ai, client, server, enctype, as_req, pk_as_rep, ticket, &other); if (ret) { free(keydata); @@ -4458,7 +4543,7 @@ krb5_crypto_prf_length(krb5_context context, if(et == NULL || et->prf_length == 0) { krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP, - "encryption type %d not supported", + N_("encryption type %d not supported", ""), type); return KRB5_PROG_ETYPE_NOSUPP; } @@ -4470,7 +4555,7 @@ krb5_crypto_prf_length(krb5_context context, krb5_error_code KRB5_LIB_FUNCTION krb5_crypto_prf(krb5_context context, const krb5_crypto crypto, - const krb5_data *input, + const krb5_data *input, krb5_data *output) { struct encryption_type *et = crypto->et; @@ -4489,6 +4574,31 @@ krb5_crypto_prf(krb5_context context, #ifndef HEIMDAL_SMALLER +static struct key_type *keytypes[] = { + &keytype_null, + &keytype_des, + &keytype_des3_derived, +#ifdef DES3_OLD_ENCTYPE + &keytype_des3, +#endif + &keytype_aes128, + &keytype_aes256, + &keytype_arcfour +}; + +static int num_keytypes = sizeof(keytypes) / sizeof(keytypes[0]); + + +static struct key_type * +_find_keytype(krb5_keytype type) +{ + int i; + for(i = 0; i < num_keytypes; i++) + if(keytypes[i]->type == type) + return keytypes[i]; + return NULL; +} + /* * First take the configured list of etypes for `keytype' if available, * else, do `krb5_keytype_to_enctypes'. @@ -4511,7 +4621,7 @@ krb5_keytype_to_enctypes_default (krb5_context context, ; ret = malloc (n * sizeof(*ret)); if (ret == NULL && n != 0) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } for (i = 0; i < n; ++i) @@ -4535,7 +4645,7 @@ krb5_keytype_to_string(krb5_context context, } *string = strdup(kt->name); if(*string == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } return 0; @@ -4586,7 +4696,7 @@ krb5_keytype_to_enctypes (krb5_context context, } ret = malloc(n * sizeof(*ret)); if (ret == NULL && n != 0) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } n = 0; @@ -4600,4 +4710,4 @@ krb5_keytype_to_enctypes (krb5_context context, return 0; } -#endif +#endif /* HEIMDAL_SMALLER */ diff --git a/source4/heimdal/lib/krb5/data.c b/source4/heimdal/lib/krb5/data.c index 0286316214..d6099c3c6c 100644 --- a/source4/heimdal/lib/krb5/data.c +++ b/source4/heimdal/lib/krb5/data.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" @@ -53,7 +53,7 @@ krb5_data_zero(krb5_data *p) /** * Free the content of krb5_data structure, its ok to free a zeroed * structure. When done, the structure will be zeroed. - * + * * @param p krb5_data to free. * * @ingroup krb5 @@ -69,14 +69,14 @@ krb5_data_free(krb5_data *p) /** * Same as krb5_data_free(). - * + * * @param context Kerberos 5 context. * @param data krb5_data to free. * * @ingroup krb5 */ -void KRB5_LIB_FUNCTION +void KRB5_LIB_FUNCTION krb5_free_data_contents(krb5_context context, krb5_data *data) { krb5_data_free(data); @@ -84,7 +84,7 @@ krb5_free_data_contents(krb5_context context, krb5_data *data) /** * Free krb5_data (and its content). - * + * * @param context Kerberos 5 context. * @param p krb5_data to free. * @@ -101,7 +101,7 @@ krb5_free_data(krb5_context context, /** * Allocate data of and krb5_data. - * + * * @param p krb5_data to free. * @param len size to allocate. * @@ -123,7 +123,7 @@ krb5_data_alloc(krb5_data *p, int len) /** * Grow (or shrink) the content of krb5_data to a new size. - * + * * @param p krb5_data to free. * @param len new size. * @@ -147,7 +147,7 @@ krb5_data_realloc(krb5_data *p, int len) /** * Copy the data of len into the krb5_data. - * + * * @param p krb5_data to copy into. * @param data data to copy.. * @param len new size. @@ -173,7 +173,7 @@ krb5_data_copy(krb5_data *p, const void *data, size_t len) /** * Copy the data into a newly allocated krb5_data. - * + * * @param context Kerberos 5 context. * @param indata the krb5_data data to copy * @param outdata new krb5_date to copy too. Free with krb5_free_data(). @@ -185,8 +185,8 @@ krb5_data_copy(krb5_data *p, const void *data, size_t len) */ krb5_error_code KRB5_LIB_FUNCTION -krb5_copy_data(krb5_context context, - const krb5_data *indata, +krb5_copy_data(krb5_context context, + const krb5_data *indata, krb5_data **outdata) { krb5_error_code ret; @@ -197,7 +197,7 @@ krb5_copy_data(krb5_context context, } ret = der_copy_octet_string(indata, *outdata); if(ret) { - krb5_clear_error_string (context); + krb5_clear_error_message (context); free(*outdata); *outdata = NULL; } @@ -206,7 +206,7 @@ krb5_copy_data(krb5_context context, /** * Compare to data. - * + * * @param data1 krb5_data to compare * @param data2 krb5_data to compare * diff --git a/source4/heimdal/lib/krb5/eai_to_heim_errno.c b/source4/heimdal/lib/krb5/eai_to_heim_errno.c index c06e8fb9bb..594f998e26 100644 --- a/source4/heimdal/lib/krb5/eai_to_heim_errno.c +++ b/source4/heimdal/lib/krb5/eai_to_heim_errno.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include <krb5_locl.h> diff --git a/source4/heimdal/lib/krb5/error_string.c b/source4/heimdal/lib/krb5/error_string.c index 17bc30572b..db2df4798c 100644 --- a/source4/heimdal/lib/krb5/error_string.c +++ b/source4/heimdal/lib/krb5/error_string.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 2001, 2003, 2005 - 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * Copyright (c) 2001, 2003, 2005 - 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" @@ -38,8 +38,16 @@ RCSID("$Id$"); #undef __attribute__ #define __attribute__(X) +/** + * Clears the error message from the Kerberos 5 context. + * + * @param context The Kerberos 5 context to clear + * + * @ingroup krb5_error + */ + void KRB5_LIB_FUNCTION -krb5_clear_error_string(krb5_context context) +krb5_clear_error_message(krb5_context context) { HEIMDAL_MUTEX_lock(context->mutex); if (context->error_string) @@ -51,6 +59,7 @@ krb5_clear_error_string(krb5_context context) /** * Set the context full error string for a specific error code. + * The error that is stored should be internationalized. * * @param context Kerberos 5 context * @param ret The error code @@ -90,7 +99,7 @@ krb5_vset_error_message (krb5_context context, krb5_error_code ret, __attribute__ ((format (printf, 3, 0))) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); HEIMDAL_MUTEX_lock(context->mutex); context->error_code = ret; vasprintf(&context->error_string, fmt, args); @@ -152,7 +161,7 @@ krb5_get_error_message(krb5_context context, krb5_error_code code) char *str; HEIMDAL_MUTEX_lock(context->mutex); - if (context->error_string && + if (context->error_string && (code == context->error_code || context->error_code == 0)) { str = strdup(context->error_string); @@ -202,8 +211,9 @@ krb5_free_error_message(krb5_context context, const char *msg) * @ingroup krb5_deprecated */ -void KRB5_LIB_FUNCTION __attribute__((deprecated)) +void KRB5_LIB_FUNCTION krb5_free_error_string(krb5_context context, char *str) + __attribute__((deprecated)) { krb5_free_error_message(context, str); } @@ -248,4 +258,20 @@ krb5_vset_error_string(krb5_context context, const char *fmt, va_list args) return 0; } +/** + * Clar the error message returned by krb5_get_error_string(), + * deprecated, use krb5_clear_error_message(). + * + * @param context Kerberos context + * + * @ingroup krb5_deprecated + */ + +void KRB5_LIB_FUNCTION +krb5_clear_error_string(krb5_context context) + __attribute__((deprecated)) +{ + return krb5_clear_error_message(context); +} + #endif /* !HEIMDAL_SMALLER */ diff --git a/source4/heimdal/lib/krb5/expand_hostname.c b/source4/heimdal/lib/krb5/expand_hostname.c index 4ada4b8110..a712d9c83a 100644 --- a/source4/heimdal/lib/krb5/expand_hostname.c +++ b/source4/heimdal/lib/krb5/expand_hostname.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" @@ -42,7 +42,8 @@ copy_hostname(krb5_context context, { *new_hostname = strdup (orig_hostname); if (*new_hostname == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } strlwr (*new_hostname); @@ -77,7 +78,7 @@ krb5_expand_hostname (krb5_context context, freeaddrinfo (ai); if (*new_hostname == NULL) { krb5_set_error_message(context, ENOMEM, - "malloc: out of memory"); + N_("malloc: out of memory", "")); return ENOMEM; } else { return 0; diff --git a/source4/heimdal/lib/krb5/fcache.c b/source4/heimdal/lib/krb5/fcache.c index fc11893452..b745c67e11 100644 --- a/source4/heimdal/lib/krb5/fcache.c +++ b/source4/heimdal/lib/krb5/fcache.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" @@ -90,14 +90,17 @@ _krb5_xlock(krb5_context context, int fd, krb5_boolean exclusive, case 0: break; case EINVAL: /* filesystem doesn't support locking, let the user have it */ - ret = 0; + ret = 0; break; case EAGAIN: - krb5_set_error_message(context, ret, "timed out locking cache file %s", + krb5_set_error_message(context, ret, + N_("timed out locking cache file %s", "file"), filename); break; default: - krb5_set_error_message(context, ret, "error locking cache file %s: %s", + krb5_set_error_message(context, ret, + N_("error locking cache file %s: %s", + "file, error"), filename, strerror(ret)); break; } @@ -124,11 +127,11 @@ _krb5_xunlock(krb5_context context, int fd) case 0: break; case EINVAL: /* filesystem doesn't support locking, let the user have it */ - ret = 0; + ret = 0; break; default: krb5_set_error_message(context, ret, - "Failed to unlock file: %s", + N_("Failed to unlock file: %s", ""), strerror(ret)); break; } @@ -144,7 +147,7 @@ write_storage(krb5_context context, krb5_storage *sp, int fd) ret = krb5_storage_to_data(sp, &data); if (ret) { - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); return ret; } sret = write(fd, data.data, data.length); @@ -153,7 +156,7 @@ write_storage(krb5_context context, krb5_storage *sp, int fd) if (ret) { ret = errno; krb5_set_error_message(context, ret, - "Failed to write FILE credential data"); + N_("Failed to write FILE credential data", "")); return ret; } return 0; @@ -180,14 +183,14 @@ fcc_resolve(krb5_context context, krb5_ccache *id, const char *res) f = malloc(sizeof(*f)); if(f == NULL) { krb5_set_error_message(context, KRB5_CC_NOMEM, - "malloc: out of memory"); + N_("malloc: out of memory", "")); return KRB5_CC_NOMEM; } f->filename = strdup(res); if(f->filename == NULL){ free(f); krb5_set_error_message(context, KRB5_CC_NOMEM, - "malloc: out of memory"); + N_("malloc: out of memory", "")); return KRB5_CC_NOMEM; } f->version = 0; @@ -303,20 +306,20 @@ fcc_gen_new(krb5_context context, krb5_ccache *id) f = malloc(sizeof(*f)); if(f == NULL) { krb5_set_error_message(context, KRB5_CC_NOMEM, - "malloc: out of memory"); + N_("malloc: out of memory", "")); return KRB5_CC_NOMEM; } asprintf (&file, "%sXXXXXX", KRB5_DEFAULT_CCFILE_ROOT); if(file == NULL) { free(f); krb5_set_error_message(context, KRB5_CC_NOMEM, - "malloc: out of memory"); + N_("malloc: out of memory", "")); return KRB5_CC_NOMEM; } fd = mkstemp(file); if(fd < 0) { int ret = errno; - krb5_set_error_message(context, ret, "mkstemp %s", file); + krb5_set_error_message(context, ret, N_("mkstemp %s failed", ""), file); free(f); free(file); return ret; @@ -348,7 +351,7 @@ storage_set_flags(krb5_context context, krb5_storage *sp, int vno) case KRB5_FCC_FVNO_4: break; default: - krb5_abortx(context, + krb5_abortx(context, "storage_set_flags called with bad vno (%x)", vno); } krb5_storage_set_flags(sp, flags); @@ -369,12 +372,12 @@ fcc_open(krb5_context context, fd = open(filename, flags, mode); if(fd < 0) { ret = errno; - krb5_set_error_message(context, ret, "open(%s): %s", filename, - strerror(ret)); + krb5_set_error_message(context, ret, N_("open(%s): %s", "file, error"), + filename, strerror(ret)); return ret; } rk_cloexec(fd); - + if((ret = fcc_lock(context, id, fd, exclusive)) != 0) { close(fd); return ret; @@ -394,12 +397,12 @@ fcc_initialize(krb5_context context, char *filename = f->filename; unlink (filename); - + ret = fcc_open(context, id, &fd, O_RDWR | O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC, 0600); if(ret) return ret; { - krb5_storage *sp; + krb5_storage *sp; sp = krb5_storage_emem(); krb5_storage_set_eof_code(sp, KRB5_CC_END); if(context->fcache_vno != 0) @@ -431,7 +434,7 @@ fcc_initialize(krb5_context context, if (close(fd) < 0) if (ret == 0) { ret = errno; - krb5_set_error_message (context, ret, "close %s: %s", + krb5_set_error_message (context, ret, N_("close %s: %s", ""), FILENAME(id), strerror(ret)); } return ret; @@ -485,7 +488,7 @@ fcc_store_cred(krb5_context context, if (close(fd) < 0) { if (ret == 0) { ret = errno; - krb5_set_error_message (context, ret, "close %s: %s", + krb5_set_error_message (context, ret, N_("close %s: %s", ""), FILENAME(id), strerror(ret)); } } @@ -506,10 +509,10 @@ init_fcc (krb5_context context, ret = fcc_open(context, id, &fd, O_RDONLY | O_BINARY | O_CLOEXEC, 0); if(ret) return ret; - + sp = krb5_storage_from_fd(fd); if(sp == NULL) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); ret = ENOMEM; goto out; } @@ -518,18 +521,19 @@ init_fcc (krb5_context context, if(ret != 0) { if(ret == KRB5_CC_END) { ret = ENOENT; - krb5_set_error_message(context, ret, - "Empty credential cache file: %s", + krb5_set_error_message(context, ret, + N_("Empty credential cache file: %s", ""), FILENAME(id)); } else - krb5_set_error_message(context, ret, "Error reading pvno in " - "cache file: %s", FILENAME(id)); + krb5_set_error_message(context, ret, N_("Error reading pvno " + "in cache file: %s", ""), + FILENAME(id)); goto out; } if(pvno != 5) { ret = KRB5_CCACHE_BADVNO; - krb5_set_error_message(context, ret, "Bad version number in " - "credential cache file: %s", + krb5_set_error_message(context, ret, N_("Bad version number in credential " + "cache file: %s", ""), FILENAME(id)); goto out; } @@ -549,9 +553,9 @@ init_fcc (krb5_context context, ret = krb5_ret_int16 (sp, &length); if(ret) { ret = KRB5_CC_FORMAT; - krb5_set_error_message(context, ret, - "Error reading tag length in " - "cache file: %s", FILENAME(id)); + krb5_set_error_message(context, ret, + N_("Error reading tag length in " + "cache file: %s", ""), FILENAME(id)); goto out; } while(length > 0) { @@ -562,15 +566,18 @@ init_fcc (krb5_context context, ret = krb5_ret_int16 (sp, &dtag); if(ret) { ret = KRB5_CC_FORMAT; - krb5_set_error_message(context, ret, "Error reading dtag in " - "cache file: %s", FILENAME(id)); + krb5_set_error_message(context, ret, N_("Error reading dtag in " + "cache file: %s", ""), + FILENAME(id)); goto out; } ret = krb5_ret_int16 (sp, &data_len); if(ret) { ret = KRB5_CC_FORMAT; - krb5_set_error_message(context, ret, "Error reading dlength in " - "cache file: %s", FILENAME(id)); + krb5_set_error_message(context, ret, + N_("Error reading dlength " + "in cache file: %s",""), + FILENAME(id)); goto out; } switch (dtag) { @@ -578,15 +585,19 @@ init_fcc (krb5_context context, ret = krb5_ret_int32 (sp, &context->kdc_sec_offset); if(ret) { ret = KRB5_CC_FORMAT; - krb5_set_error_message(context, ret, "Error reading kdc_sec in " - "cache file: %s", FILENAME(id)); + krb5_set_error_message(context, ret, + N_("Error reading kdc_sec in " + "cache file: %s", ""), + FILENAME(id)); goto out; } ret = krb5_ret_int32 (sp, &context->kdc_usec_offset); if(ret) { ret = KRB5_CC_FORMAT; - krb5_set_error_message(context, ret, "Error reading kdc_usec in " - "cache file: %s", FILENAME(id)); + krb5_set_error_message(context, ret, + N_("Error reading kdc_usec in " + "cache file: %s", ""), + FILENAME(id)); goto out; } break; @@ -596,8 +607,8 @@ init_fcc (krb5_context context, if(ret) { ret = KRB5_CC_FORMAT; krb5_set_error_message(context, ret, - "Error reading unknown " - "tag in cache file: %s", + N_("Error reading unknown " + "tag in cache file: %s", ""), FILENAME(id)); goto out; } @@ -614,14 +625,15 @@ init_fcc (krb5_context context, break; default : ret = KRB5_CCACHE_BADVNO; - krb5_set_error_message(context, ret, "Unknown version number (%d) in " - "credential cache file: %s", + krb5_set_error_message(context, ret, + N_("Unknown version number (%d) in " + "credential cache file: %s", ""), (int)tag, FILENAME(id)); goto out; } *ret_sp = sp; *ret_fd = fd; - + return 0; out: if(sp != NULL) @@ -645,7 +657,7 @@ fcc_get_principal(krb5_context context, return ret; ret = krb5_ret_principal(sp, principal); if (ret) - krb5_clear_error_string(context); + krb5_clear_error_message(context); krb5_storage_free(sp); fcc_unlock(context, fd); close(fd); @@ -667,12 +679,12 @@ fcc_get_first (krb5_context context, *cursor = malloc(sizeof(struct fcc_cursor)); if (*cursor == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } memset(*cursor, 0, sizeof(struct fcc_cursor)); - ret = init_fcc (context, id, &FCC_CURSOR(*cursor)->sp, + ret = init_fcc (context, id, &FCC_CURSOR(*cursor)->sp, &FCC_CURSOR(*cursor)->fd); if (ret) { free(*cursor); @@ -681,7 +693,7 @@ fcc_get_first (krb5_context context, } ret = krb5_ret_principal (FCC_CURSOR(*cursor)->sp, &principal); if(ret) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); fcc_end_get(context, id, cursor); return ret; } @@ -702,7 +714,7 @@ fcc_get_next (krb5_context context, ret = krb5_ret_creds(FCC_CURSOR(*cursor)->sp, creds); if (ret) - krb5_clear_error_string(context); + krb5_clear_error_message(context); fcc_unlock(context, FCC_CURSOR(*cursor)->fd); return ret; @@ -775,7 +787,7 @@ fcc_get_version(krb5_context context, { return FCACHE(id)->version; } - + struct fcache_iter { int first; }; @@ -787,9 +799,9 @@ fcc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor) iter = calloc(1, sizeof(*iter)); if (iter == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; - } + } iter->first = 1; *cursor = iter; return 0; @@ -804,14 +816,14 @@ fcc_get_cache_next(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id) char *expandedfn = NULL; if (!iter->first) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return KRB5_CC_END; } iter->first = 0; fn = krb5_cc_default_name(context); if (strncasecmp(fn, "FILE:", 5) != 0) { - ret = _krb5_expand_default_cc_name(context, + ret = _krb5_expand_default_cc_name(context, KRB5_DEFAULT_CCNAME_FILE, &expandedfn); if (ret) @@ -820,7 +832,7 @@ fcc_get_cache_next(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id) ret = krb5_cc_resolve(context, fn, id); if (expandedfn) free(expandedfn); - + return ret; } @@ -841,7 +853,8 @@ fcc_move(krb5_context context, krb5_ccache from, krb5_ccache to) if (ret && errno != EXDEV) { ret = errno; krb5_set_error_message(context, ret, - "Rename of file from %s to %s failed: %s", + N_("Rename of file from %s " + "to %s failed: %s", ""), FILENAME(from), FILENAME(to), strerror(ret)); return ret; @@ -857,7 +870,7 @@ fcc_move(krb5_context context, krb5_ccache from, krb5_ccache to) unlink(FILENAME(to)); - ret = fcc_open(context, to, &fd2, + ret = fcc_open(context, to, &fd2, O_WRONLY | O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC, 0600); if(ret) goto out1; @@ -867,16 +880,16 @@ fcc_move(krb5_context context, krb5_ccache from, krb5_ccache to) if (sz1 != sz2) { ret = EIO; krb5_set_error_message(context, ret, - "Failed to write data from one file " - "credential cache to the other"); + N_("Failed to write data from one file " + "credential cache to the other", "")); goto out2; } } if (sz1 < 0) { ret = EIO; krb5_set_error_message(context, ret, - "Failed to read data from one file " - "credential cache to the other"); + N_("Failed to read data from one file " + "credential cache to the other", "")); goto out2; } out2: @@ -903,18 +916,39 @@ fcc_move(krb5_context context, krb5_ccache from, krb5_ccache to) krb5_storage_free(sp); fcc_unlock(context, fd); close(fd); - } + } return ret; } static krb5_error_code -fcc_default_name(krb5_context context, char **str) +fcc_get_default_name(krb5_context context, char **str) { - return _krb5_expand_default_cc_name(context, + return _krb5_expand_default_cc_name(context, KRB5_DEFAULT_CCNAME_FILE, str); } +static krb5_error_code +fcc_lastchange(krb5_context context, krb5_ccache id, krb5_timestamp *mtime) +{ + krb5_error_code ret; + struct stat sb; + int fd; + + ret = fcc_open(context, id, &fd, O_RDONLY | O_BINARY | O_CLOEXEC, 0); + if(ret) + return ret; + ret = fstat(fd, &sb); + close(fd); + if (ret) { + ret = errno; + krb5_set_error_message(context, ret, N_("Failed to stat cache file", "")); + return ret; + } + *mtime = sb.st_mtime; + return 0; +} + /** * Variable containing the FILE based credential cache implemention. * @@ -943,5 +977,7 @@ KRB5_LIB_VARIABLE const krb5_cc_ops krb5_fcc_ops = { fcc_get_cache_next, fcc_end_cache_get, fcc_move, - fcc_default_name + fcc_get_default_name, + NULL, + fcc_lastchange }; diff --git a/source4/heimdal/lib/krb5/free.c b/source4/heimdal/lib/krb5/free.c index d0eac84ca1..da1eb1de1c 100644 --- a/source4/heimdal/lib/krb5/free.c +++ b/source4/heimdal/lib/krb5/free.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 1999, 2004 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 1999, 2004 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" diff --git a/source4/heimdal/lib/krb5/free_host_realm.c b/source4/heimdal/lib/krb5/free_host_realm.c index a9287de5fd..581b61a15b 100644 --- a/source4/heimdal/lib/krb5/free_host_realm.c +++ b/source4/heimdal/lib/krb5/free_host_realm.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997, 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997, 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" diff --git a/source4/heimdal/lib/krb5/generate_seq_number.c b/source4/heimdal/lib/krb5/generate_seq_number.c index 472fff7fd5..99745b8305 100644 --- a/source4/heimdal/lib/krb5/generate_seq_number.c +++ b/source4/heimdal/lib/krb5/generate_seq_number.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include <krb5_locl.h> diff --git a/source4/heimdal/lib/krb5/generate_subkey.c b/source4/heimdal/lib/krb5/generate_subkey.c index aa68d14df6..4ab4b9bf6c 100644 --- a/source4/heimdal/lib/krb5/generate_subkey.c +++ b/source4/heimdal/lib/krb5/generate_subkey.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include <krb5_locl.h> @@ -53,7 +53,7 @@ krb5_generate_subkey_extended(krb5_context context, ALLOC(*subkey, 1); if (*subkey == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM,N_("malloc: out of memory", "")); return ENOMEM; } diff --git a/source4/heimdal/lib/krb5/get_cred.c b/source4/heimdal/lib/krb5/get_cred.c index c19a5e4abc..97e0022ee1 100644 --- a/source4/heimdal/lib/krb5/get_cred.c +++ b/source4/heimdal/lib/krb5/get_cred.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -99,7 +99,8 @@ set_auth_data (krb5_context context, ALLOC(req_body->enc_authorization_data, 1); if (req_body->enc_authorization_data == NULL) { free (buf); - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } ret = krb5_crypto_init(context, key, 0, &crypto); @@ -153,7 +154,8 @@ init_tgs_req (krb5_context context, ALLOC_SEQ(&t->req_body.etype, 1); if(t->req_body.etype.val == NULL) { ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, + N_("malloc: out of memory", "")); goto fail; } t->req_body.etype.val[0] = in_creds->session.keytype; @@ -173,7 +175,7 @@ init_tgs_req (krb5_context context, ALLOC(t->req_body.sname, 1); if (t->req_body.sname == NULL) { ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto fail; } @@ -189,7 +191,7 @@ init_tgs_req (krb5_context context, ALLOC(t->req_body.till, 1); if(t->req_body.till == NULL){ ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto fail; } *t->req_body.till = in_creds->times.endtime; @@ -199,13 +201,15 @@ init_tgs_req (krb5_context context, ALLOC(t->req_body.additional_tickets, 1); if (t->req_body.additional_tickets == NULL) { ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, + N_("malloc: out of memory", "")); goto fail; } ALLOC_SEQ(t->req_body.additional_tickets, 1); if (t->req_body.additional_tickets->val == NULL) { ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, + N_("malloc: out of memory", "")); goto fail; } ret = copy_Ticket(second_ticket, t->req_body.additional_tickets->val); @@ -215,13 +219,13 @@ init_tgs_req (krb5_context context, ALLOC(t->padata, 1); if (t->padata == NULL) { ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto fail; } ALLOC_SEQ(t->padata, 1 + padata->len); if (t->padata->val == NULL) { ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto fail; } { @@ -229,7 +233,8 @@ init_tgs_req (krb5_context context, for (i = 0; i < padata->len; i++) { ret = copy_PA_DATA(&padata->val[i], &t->padata->val[i + 1]); if (ret) { - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, + N_("malloc: out of memory", "")); goto fail; } } @@ -558,10 +563,10 @@ get_cred_kdc(krb5_context context, krb5_free_error_contents(context, &error); } else if(resp.data && ((char*)resp.data)[0] == 4) { ret = KRB5KRB_AP_ERR_V4_REPLY; - krb5_clear_error_string(context); + krb5_clear_error_message(context); } else { ret = KRB5KRB_AP_ERR_MSG_TYPE; - krb5_clear_error_string(context); + krb5_clear_error_message(context); } out: @@ -638,7 +643,8 @@ krb5_get_kdc_cred(krb5_context context, *out_creds = calloc(1, sizeof(**out_creds)); if(*out_creds == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } ret = _krb5_get_krbtgt (context, @@ -665,10 +671,11 @@ not_found(krb5_context context, krb5_const_principal p, krb5_error_code code) ret = krb5_unparse_name(context, p, &str); if(ret) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return code; } - krb5_set_error_message(context, code, "Matching credential (%s) not found", str); + krb5_set_error_message(context, code, + N_("Matching credential (%s) not found", ""), str); free(str); return code; } @@ -710,7 +717,8 @@ add_cred(krb5_context context, krb5_creds const *tkt, krb5_creds ***tgts) for(i = 0; tmp && tmp[i]; i++); /* XXX */ tmp = realloc(tmp, (i+2)*sizeof(*tmp)); if(tmp == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } *tgts = tmp; @@ -747,6 +755,7 @@ get_cred_kdc_capath(krb5_context context, krb5_error_code ret; krb5_creds *tgt, tmp_creds; krb5_const_realm client_realm, server_realm, try_realm; + int ok_as_delegate = 1; *out_creds = NULL; @@ -778,10 +787,14 @@ get_cred_kdc_capath(krb5_context context, ret = find_cred(context, ccache, tmp_creds.server, *ret_tgts, &tgts); if(ret == 0){ + if (try_realm != client_realm) + ok_as_delegate = tgts.flags.b.ok_as_delegate; + *out_creds = calloc(1, sizeof(**out_creds)); if(*out_creds == NULL) { ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, + N_("malloc: out of memory", "")); } else { ret = get_cred_kdc_address(context, ccache, flags, NULL, in_creds, &tgts, @@ -791,7 +804,8 @@ get_cred_kdc_capath(krb5_context context, if (ret) { free (*out_creds); *out_creds = NULL; - } + } else if (ok_as_delegate == 0) + (*out_creds)->flags.b.ok_as_delegate = 0; } krb5_free_cred_contents(context, &tgts); krb5_free_principal(context, tmp_creds.server); @@ -813,6 +827,15 @@ get_cred_kdc_capath(krb5_context context, krb5_free_principal(context, tmp_creds.client); return ret; } + /* + * if either of the chain or the ok_as_delegate was stripped + * by the kdc, make sure we strip it too. + */ + if (ok_as_delegate == 0 || tgt->flags.b.ok_as_delegate == 0) { + ok_as_delegate = 0; + tgt->flags.b.ok_as_delegate = 0; + } + ret = add_cred(context, tgt, ret_tgts); if(ret) { krb5_free_principal(context, tmp_creds.server); @@ -843,10 +866,10 @@ get_cred_kdc_capath(krb5_context context, *out_creds = calloc(1, sizeof(**out_creds)); if(*out_creds == NULL) { ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); } else { ret = get_cred_kdc_address (context, ccache, flags, NULL, - in_creds, tgt, impersonate_principal, + in_creds, tgt, impersonate_principal, second_ticket, *out_creds); if (ret) { free (*out_creds); @@ -871,6 +894,7 @@ get_cred_kdc_referral(krb5_context context, krb5_error_code ret; krb5_creds tgt, referral, ticket; int loop = 0; + int ok_as_delegate = 1; memset(&tgt, 0, sizeof(tgt)); memset(&ticket, 0, sizeof(ticket)); @@ -943,7 +967,8 @@ get_cred_kdc_referral(krb5_context context, strcmp(ticket.server->name.name_string.val[0], KRB5_TGS_NAME) != 0) { krb5_set_error_message(context, KRB5KRB_AP_ERR_NOT_US, - "Got back an non krbtgt ticket referrals"); + N_("Got back an non krbtgt " + "ticket referrals", "")); krb5_free_cred_contents(context, &ticket); return KRB5KRB_AP_ERR_NOT_US; } @@ -963,7 +988,8 @@ get_cred_kdc_referral(krb5_context context, *tickets)) { krb5_set_error_message(context, KRB5_GET_IN_TKT_LOOP, - "Referral from %s loops back to realm %s", + N_("Referral from %s " + "loops back to realm %s", ""), tgt.server->realm, referral_realm); krb5_free_cred_contents(context, &ticket); @@ -972,6 +998,16 @@ get_cred_kdc_referral(krb5_context context, tickets++; } + /* + * if either of the chain or the ok_as_delegate was stripped + * by the kdc, make sure we strip it too. + */ + + if (ok_as_delegate == 0 || ticket.flags.b.ok_as_delegate == 0) { + ok_as_delegate = 0; + ticket.flags.b.ok_as_delegate = 0; + } + ret = add_cred(context, &ticket, ret_tgts); if (ret) { krb5_free_cred_contents(context, &ticket); @@ -979,7 +1015,7 @@ get_cred_kdc_referral(krb5_context context, } /* try realm in the referral */ - ret = krb5_principal_set_realm(context, + ret = krb5_principal_set_realm(context, referral.server, referral_realm); krb5_free_cred_contents(context, &tgt); @@ -1019,7 +1055,7 @@ get_cred_kdc_any(krb5_context context, flags, ccache, in_creds, - impersonate_principal, + impersonate_principal, second_ticket, out_creds, ret_tgts); @@ -1029,7 +1065,7 @@ get_cred_kdc_any(krb5_context context, flags, ccache, in_creds, - impersonate_principal, + impersonate_principal, second_ticket, out_creds, ret_tgts); @@ -1079,7 +1115,8 @@ krb5_get_credentials_with_flags(krb5_context context, *out_creds = NULL; res_creds = calloc(1, sizeof(*res_creds)); if (res_creds == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } @@ -1168,7 +1205,8 @@ krb5_get_creds_opt_alloc(krb5_context context, krb5_get_creds_opt *opt) { *opt = calloc(1, sizeof(**opt)); if (*opt == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } return 0; @@ -1232,14 +1270,16 @@ krb5_get_creds_opt_set_ticket(krb5_context context, opt->ticket = malloc(sizeof(*ticket)); if (opt->ticket == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } ret = copy_Ticket(ticket, opt->ticket); if (ret) { free(opt->ticket); opt->ticket = NULL; - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, + N_("malloc: out of memory", "")); return ret; } } @@ -1277,7 +1317,8 @@ krb5_get_creds(krb5_context context, res_creds = calloc(1, sizeof(*res_creds)); if (res_creds == NULL) { krb5_free_principal(context, in_creds.client); - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } diff --git a/source4/heimdal/lib/krb5/get_default_principal.c b/source4/heimdal/lib/krb5/get_default_principal.c index 6a56218ed7..c804ab9e56 100644 --- a/source4/heimdal/lib/krb5/get_default_principal.c +++ b/source4/heimdal/lib/krb5/get_default_principal.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" @@ -57,7 +57,7 @@ get_env_user(void) */ krb5_error_code -_krb5_get_default_principal_local (krb5_context context, +_krb5_get_default_principal_local (krb5_context context, krb5_principal *princ) { krb5_error_code ret; @@ -66,7 +66,7 @@ _krb5_get_default_principal_local (krb5_context context, *princ = NULL; - uid = getuid(); + uid = getuid(); if(uid == 0) { user = getlogin(); if(user == NULL) @@ -86,7 +86,8 @@ _krb5_get_default_principal_local (krb5_context context, } if(user == NULL) { krb5_set_error_message(context, ENOTTY, - "unable to figure out current principal"); + N_("unable to figure out current " + "principal", "")); return ENOTTY; /* XXX */ } ret = krb5_make_principal(context, princ, NULL, user, NULL); diff --git a/source4/heimdal/lib/krb5/get_default_realm.c b/source4/heimdal/lib/krb5/get_default_realm.c index 8e8c1ef974..a2518bbab7 100644 --- a/source4/heimdal/lib/krb5/get_default_realm.c +++ b/source4/heimdal/lib/krb5/get_default_realm.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2001, 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001, 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" @@ -68,7 +68,7 @@ krb5_get_default_realm(krb5_context context, if (context->default_realms == NULL || context->default_realms[0] == NULL) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); ret = krb5_set_default_realm (context, NULL); if (ret) return ret; @@ -76,7 +76,8 @@ krb5_get_default_realm(krb5_context context, res = strdup (context->default_realms[0]); if (res == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } *realm = res; diff --git a/source4/heimdal/lib/krb5/get_for_creds.c b/source4/heimdal/lib/krb5/get_for_creds.c index f005460e3f..a7072a0136 100644 --- a/source4/heimdal/lib/krb5/get_for_creds.c +++ b/source4/heimdal/lib/krb5/get_for_creds.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include <krb5_locl.h> @@ -52,7 +52,7 @@ add_addrs(krb5_context context, tmp = realloc(addr->val, (addr->len + n) * sizeof(*addr->val)); if (tmp == NULL && (addr->len + n) != 0) { ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto fail; } addr->val = tmp; @@ -72,7 +72,7 @@ add_addrs(krb5_context context, addr->val[i++] = ad; } else if (ret == KRB5_PROG_ATYPE_NOSUPP) - krb5_clear_error_string (context); + krb5_clear_error_message (context); else goto fail; addr->len = i; @@ -129,13 +129,13 @@ krb5_fwd_tgt_creds (krb5_context context, if (inst != NULL && strcmp(inst, "host") == 0 && - host != NULL && + host != NULL && krb5_principal_get_comp_string(context, server, 2) == NULL) hostname = host; } client_realm = krb5_principal_get_realm(context, client); - + memset (&creds, 0, sizeof(creds)); creds.client = client; @@ -163,7 +163,7 @@ krb5_fwd_tgt_creds (krb5_context context, * Gets tickets forwarded to hostname. If the tickets that are * forwarded are address-less, the forwarded tickets will also be * address-less. - * + * * If the ticket have any address, hostname will be used for figure * out the address to forward the ticket too. This since this might * use DNS, its insecure and also doesn't represent configured all @@ -221,7 +221,7 @@ krb5_get_forwarded_creds (krb5_context context, } else { krb5_boolean noaddr; krb5_appdefault_boolean(context, NULL, - krb5_principal_get_realm(context, + krb5_principal_get_realm(context, in_creds->client), "no-addresses", KRB5_ADDRESSLESS_DEFAULT, &noaddr); @@ -238,7 +238,9 @@ krb5_get_forwarded_creds (krb5_context context, ret = getaddrinfo (hostname, NULL, NULL, &ai); if (ret) { krb5_error_code ret2 = krb5_eai_to_heim_errno(ret, errno); - krb5_set_error_message(context, ret2, "resolving %s: %s", + krb5_set_error_message(context, ret2, + N_("resolving host %s failed: %s", + "hostname, error"), hostname, gai_strerror(ret)); return ret2; } @@ -248,7 +250,7 @@ krb5_get_forwarded_creds (krb5_context context, if (ret) return ret; } - + kdc_flags.b = int2KDCOptions(flags); ret = krb5_get_kdc_cred (context, @@ -268,7 +270,7 @@ krb5_get_forwarded_creds (krb5_context context, ALLOC_SEQ(&cred.tickets, 1); if (cred.tickets.val == NULL) { ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto out2; } ret = decode_Ticket(out_creds->ticket.data, @@ -281,10 +283,10 @@ krb5_get_forwarded_creds (krb5_context context, ALLOC_SEQ(&enc_krb_cred_part.ticket_info, 1); if (enc_krb_cred_part.ticket_info.val == NULL) { ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto out4; } - + if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) { krb5_timestamp sec; int32_t usec; @@ -294,14 +296,14 @@ krb5_get_forwarded_creds (krb5_context context, ALLOC(enc_krb_cred_part.timestamp, 1); if (enc_krb_cred_part.timestamp == NULL) { ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto out4; } *enc_krb_cred_part.timestamp = sec; ALLOC(enc_krb_cred_part.usec, 1); if (enc_krb_cred_part.usec == NULL) { ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto out4; } *enc_krb_cred_part.usec = usec; @@ -345,7 +347,8 @@ krb5_get_forwarded_creds (krb5_context context, ALLOC(enc_krb_cred_part.r_address, 1); if (enc_krb_cred_part.r_address == NULL) { ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, + N_("malloc: out of memory", "")); goto out4; } @@ -388,7 +391,7 @@ krb5_get_forwarded_creds (krb5_context context, /* encode EncKrbCredPart */ - ASN1_MALLOC_ENCODE(EncKrbCredPart, buf, buf_size, + ASN1_MALLOC_ENCODE(EncKrbCredPart, buf, buf_size, &enc_krb_cred_part, &len, ret); free_EncKrbCredPart (&enc_krb_cred_part); if (ret) { @@ -412,7 +415,7 @@ krb5_get_forwarded_creds (krb5_context context, cred.enc_part.cipher.data = buf; cred.enc_part.cipher.length = buf_size; } else { - /* + /* * Here older versions then 0.7.2 of Heimdal used the local or * remote subkey. That is wrong, the session key should be * used. Heimdal 0.7.2 and newer have code to try both in the diff --git a/source4/heimdal/lib/krb5/get_host_realm.c b/source4/heimdal/lib/krb5/get_host_realm.c index e226598101..2ea075f6c5 100644 --- a/source4/heimdal/lib/krb5/get_host_realm.c +++ b/source4/heimdal/lib/krb5/get_host_realm.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" @@ -100,7 +100,7 @@ dns_find_realm(krb5_context context, const char **labels; char **config_labels; int i, ret; - + config_labels = krb5_config_get_strings(context, NULL, "libdefaults", "dns_lookup_realm_labels", NULL); if(config_labels != NULL) @@ -138,8 +138,8 @@ dns_find_realm(krb5_context context, */ static int -config_find_realm(krb5_context context, - const char *domain, +config_find_realm(krb5_context context, + const char *domain, krb5_realm **realms) { char **tmp = krb5_config_get_strings (context, NULL, @@ -178,8 +178,8 @@ _krb5_get_host_realm_int (krb5_context context, for (q = host; q != NULL; q = strchr(q + 1, '.')) if(dns_find_realm(context, q, realms) == 0) return 0; - continue; - } else + continue; + } else return 0; } else if(use_dns && dns_locate_enable) { @@ -192,14 +192,14 @@ _krb5_get_host_realm_int (krb5_context context, p++; *realms = malloc(2 * sizeof(krb5_realm)); if (*realms == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } (*realms)[0] = strdup(p); if((*realms)[0] == NULL) { free(*realms); - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } strupr((*realms)[0]); @@ -207,7 +207,8 @@ _krb5_get_host_realm_int (krb5_context context, return 0; } krb5_set_error_message(context, KRB5_ERR_HOST_REALM_UNKNOWN, - "unable to find realm of host %s", host); + N_("unable to find realm of host %s", ""), + host); return KRB5_ERR_HOST_REALM_UNKNOWN; } @@ -234,7 +235,7 @@ krb5_get_host_realm(krb5_context context, host = hostname; } - /* + /* * If our local hostname is without components, don't even try to dns. */ @@ -250,7 +251,7 @@ krb5_get_host_realm(krb5_context context, ret = krb5_get_default_realms(context, realms); if (ret) { krb5_set_error_message(context, KRB5_ERR_HOST_REALM_UNKNOWN, - "Unable to find realm of host %s", + N_("Unable to find realm of host %s", ""), host); return KRB5_ERR_HOST_REALM_UNKNOWN; } diff --git a/source4/heimdal/lib/krb5/get_in_tkt.c b/source4/heimdal/lib/krb5/get_in_tkt.c index c835a9a29e..cc49e16030 100644 --- a/source4/heimdal/lib/krb5/get_in_tkt.c +++ b/source4/heimdal/lib/krb5/get_in_tkt.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" @@ -60,7 +60,7 @@ krb5_init_etype (krb5_context context, *val = malloc(i * sizeof(**val)); if (i != 0 && *val == NULL) { ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto cleanup; } memmove (*val, @@ -93,31 +93,33 @@ check_server_referral(krb5_context context, goto noreferral; pa = krb5_find_padata(rep->kdc_rep.padata->val, - rep->kdc_rep.padata->len, + rep->kdc_rep.padata->len, KRB5_PADATA_SERVER_REFERRAL, &i); if (pa == NULL) goto noreferral; memset(&ed, 0, sizeof(ed)); memset(&ref, 0, sizeof(ref)); - - ret = decode_EncryptedData(pa->padata_value.data, + + ret = decode_EncryptedData(pa->padata_value.data, pa->padata_value.length, &ed, &len); if (ret) return ret; if (len != pa->padata_value.length) { free_EncryptedData(&ed); - krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED, "Referral EncryptedData wrong"); + krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED, + N_("Referral EncryptedData wrong for realm %s", + "realm"), requested->realm); return KRB5KRB_AP_ERR_MODIFIED; } - + ret = krb5_crypto_init(context, key, 0, &session); if (ret) { free_EncryptedData(&ed); return ret; } - + ret = krb5_decrypt_EncryptedData(context, session, KRB5_KU_PA_SERVER_REFERRAL, &ed, &data); @@ -125,18 +127,20 @@ check_server_referral(krb5_context context, krb5_crypto_destroy(context, session); if (ret) return ret; - + ret = decode_PA_ServerReferralData(data.data, data.length, &ref, &len); if (ret) { krb5_data_free(&data); return ret; } krb5_data_free(&data); - + if (strcmp(requested->realm, returned->realm) != 0) { free_PA_ServerReferralData(&ref); krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED, - "server ref realm mismatch"); + N_("server ref realm mismatch, " + "requested realm %s got back %s", ""), + requested->realm, returned->realm); return KRB5KRB_AP_ERR_MODIFIED; } @@ -150,13 +154,13 @@ check_server_referral(krb5_context context, { free_PA_ServerReferralData(&ref); krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED, - "tgt returned with wrong ref"); + N_("tgt returned with wrong ref", "")); return KRB5KRB_AP_ERR_MODIFIED; } } else if (krb5_principal_compare(context, returned, requested) == 0) { free_PA_ServerReferralData(&ref); krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED, - "req princ no same as returned"); + N_("req princ no same as returned", "")); return KRB5KRB_AP_ERR_MODIFIED; } @@ -167,13 +171,14 @@ check_server_referral(krb5_context context, if (!cmp) { free_PA_ServerReferralData(&ref); krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED, - "compare requested failed"); + N_("referred principal not same " + "as requested", "")); return KRB5KRB_AP_ERR_MODIFIED; } } else if (flags & EXTRACT_TICKET_AS_REQ) { free_PA_ServerReferralData(&ref); krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED, - "Requested principal missing on AS-REQ"); + N_("Requested principal missing on AS-REQ", "")); return KRB5KRB_AP_ERR_MODIFIED; } @@ -183,8 +188,8 @@ check_server_referral(krb5_context context, noreferral: if (krb5_principal_compare(context, requested, returned) == FALSE) { krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED, - "Not same server principal returned " - "as requested"); + N_("Not same server principal returned " + "as requested", "")); return KRB5KRB_AP_ERR_MODIFIED; } return 0; @@ -215,20 +220,21 @@ check_client_referral(krb5_context context, goto noreferral; pa = krb5_find_padata(rep->kdc_rep.padata->val, - rep->kdc_rep.padata->len, + rep->kdc_rep.padata->len, KRB5_PADATA_CLIENT_CANONICALIZED, &i); if (pa == NULL) goto noreferral; - ret = decode_PA_ClientCanonicalized(pa->padata_value.data, + ret = decode_PA_ClientCanonicalized(pa->padata_value.data, pa->padata_value.length, &canon, &len); if (ret) { - krb5_set_error_message(context, ret, "Failed to decode " - "PA_ClientCanonicalized"); + krb5_set_error_message(context, ret, + N_("Failed to decode ClientCanonicalized " + "from realm %s", ""), requested->realm); return ret; } - + ASN1_MALLOC_ENCODE(PA_ClientCanonicalizedNames, data.data, data.length, &canon.names, &len, ret); if (ret) { @@ -237,34 +243,36 @@ check_client_referral(krb5_context context, } if (data.length != len) krb5_abortx(context, "internal asn.1 error"); - + ret = krb5_crypto_init(context, key, 0, &crypto); if (ret) { free(data.data); free_PA_ClientCanonicalized(&canon); return ret; } - + ret = krb5_verify_checksum(context, crypto, KRB5_KU_CANONICALIZED_NAMES, data.data, data.length, &canon.canon_checksum); krb5_crypto_destroy(context, crypto); free(data.data); if (ret) { - krb5_set_error_message(context, ret, "Failed to verify " - "client canonicalized data"); + krb5_set_error_message(context, ret, + N_("Failed to verify client canonicalized " + "data from realm %s", ""), + requested->realm); free_PA_ClientCanonicalized(&canon); return ret; } - if (!_krb5_principal_compare_PrincipalName(context, + if (!_krb5_principal_compare_PrincipalName(context, requested, &canon.names.requested_name)) { free_PA_ClientCanonicalized(&canon); krb5_set_error_message(context, KRB5_PRINC_NOMATCH, - "Requested name doesn't match" - " in client referral"); + N_("Requested name doesn't match" + " in client referral", "")); return KRB5_PRINC_NOMATCH; } if (!_krb5_principal_compare_PrincipalName(context, @@ -273,8 +281,8 @@ check_client_referral(krb5_context context, { free_PA_ClientCanonicalized(&canon); krb5_set_error_message(context, KRB5_PRINC_NOMATCH, - "Mapped name doesn't match" - " in client referral"); + N_("Mapped name doesn't match" + " in client referral", "")); return KRB5_PRINC_NOMATCH; } @@ -283,8 +291,8 @@ check_client_referral(krb5_context context, noreferral: if (krb5_principal_compare(context, requested, mapped) == FALSE) { krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED, - "Not same client principal returned " - "as requested"); + N_("Not same client principal returned " + "as requested", "")); return KRB5KRB_AP_ERR_MODIFIED; } return 0; @@ -321,13 +329,13 @@ decrypt_tkt (krb5_context context, ret = krb5_decode_EncASRepPart(context, data.data, data.length, - &dec_rep->enc_part, + &dec_rep->enc_part, &size); if (ret) ret = krb5_decode_EncTGSRepPart(context, data.data, data.length, - &dec_rep->enc_part, + &dec_rep->enc_part, &size); krb5_data_free (&data); if (ret) @@ -358,7 +366,7 @@ _krb5_extract_ticket(krb5_context context, if (decrypt_proc == NULL) decrypt_proc = decrypt_tkt; - + ret = (*decrypt_proc)(context, key, key_usage, decryptarg, rep); if (ret) goto out; @@ -372,7 +380,7 @@ _krb5_extract_ticket(krb5_context context, rep->enc_part.key.keyvalue.data, rep->enc_part.key.keyvalue.length); if (ret) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); goto out; } @@ -417,7 +425,7 @@ _krb5_extract_ticket(krb5_context context, goto out; if((flags & EXTRACT_TICKET_ALLOW_SERVER_MISMATCH) == 0){ ret = check_server_referral(context, - rep, + rep, flags, creds->server, tmp_principal, @@ -439,7 +447,7 @@ _krb5_extract_ticket(krb5_context context, strcmp(rep->enc_part.srealm, crealm) != 0) { ret = KRB5KRB_AP_ERR_MODIFIED; - krb5_clear_error_string(context); + krb5_clear_error_message(context); goto out; } } @@ -448,7 +456,7 @@ _krb5_extract_ticket(krb5_context context, if (nonce != rep->enc_part.nonce) { ret = KRB5KRB_AP_ERR_MODIFIED; - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto out; } @@ -476,7 +484,7 @@ _krb5_extract_ticket(krb5_context context, && abs(tmp_time - sec_now) > context->max_skew) { ret = KRB5KRB_AP_ERR_SKEW; krb5_set_error_message (context, ret, - "time skew (%d) larger than max (%d)", + N_("time skew (%d) larger than max (%d)", ""), abs(tmp_time - sec_now), (int)context->max_skew); goto out; @@ -484,7 +492,7 @@ _krb5_extract_ticket(krb5_context context, if (creds->times.starttime != 0 && tmp_time != creds->times.starttime) { - krb5_clear_error_string (context); + krb5_clear_error_message (context); ret = KRB5KRB_AP_ERR_MODIFIED; goto out; } @@ -498,7 +506,7 @@ _krb5_extract_ticket(krb5_context context, if (creds->times.renew_till != 0 && tmp_time > creds->times.renew_till) { - krb5_clear_error_string (context); + krb5_clear_error_message (context); ret = KRB5KRB_AP_ERR_MODIFIED; goto out; } @@ -509,7 +517,7 @@ _krb5_extract_ticket(krb5_context context, if (creds->times.endtime != 0 && rep->enc_part.endtime > creds->times.endtime) { - krb5_clear_error_string (context); + krb5_clear_error_message (context); ret = KRB5KRB_AP_ERR_MODIFIED; goto out; } @@ -525,12 +533,12 @@ _krb5_extract_ticket(krb5_context context, creds->addresses.val = NULL; } creds->flags.b = rep->enc_part.flags; - + creds->authdata.len = 0; creds->authdata.val = NULL; /* extract ticket */ - ASN1_MALLOC_ENCODE(Ticket, creds->ticket.data, creds->ticket.length, + ASN1_MALLOC_ENCODE(Ticket, creds->ticket.data, creds->ticket.length, &rep->kdc_rep.ticket, &len, ret); if(ret) goto out; @@ -548,7 +556,7 @@ out: static krb5_error_code -make_pa_enc_timestamp(krb5_context context, PA_DATA *pa, +make_pa_enc_timestamp(krb5_context context, PA_DATA *pa, krb5_enctype etype, krb5_keyblock *key) { PA_ENC_TS_ENC p; @@ -560,7 +568,7 @@ make_pa_enc_timestamp(krb5_context context, PA_DATA *pa, int32_t usec; int usec2; krb5_crypto crypto; - + krb5_us_timeofday (context, &p.patimestamp, &usec); usec2 = usec; p.pausec = &usec2; @@ -575,7 +583,7 @@ make_pa_enc_timestamp(krb5_context context, PA_DATA *pa, free(buf); return ret; } - ret = krb5_encrypt_EncryptedData(context, + ret = krb5_encrypt_EncryptedData(context, crypto, KRB5_KU_PA_ENC_TIMESTAMP, buf, @@ -586,7 +594,7 @@ make_pa_enc_timestamp(krb5_context context, PA_DATA *pa, krb5_crypto_destroy(context, crypto); if (ret) return ret; - + ASN1_MALLOC_ENCODE(EncryptedData, buf, buf_size, &encdata, &len, ret); free_EncryptedData(&encdata); if (ret) @@ -601,7 +609,7 @@ make_pa_enc_timestamp(krb5_context context, PA_DATA *pa, static krb5_error_code add_padata(krb5_context context, - METHOD_DATA *md, + METHOD_DATA *md, krb5_principal client, krb5_key_proc key_proc, krb5_const_pointer keyseed, @@ -614,7 +622,7 @@ add_padata(krb5_context context, krb5_salt salt2; krb5_enctype *ep; int i; - + if(salt == NULL) { /* default to standard salt */ ret = krb5_get_pw_salt (context, client, &salt2); @@ -628,7 +636,7 @@ add_padata(krb5_context context, } pa2 = realloc (md->val, (md->len + netypes) * sizeof(*md->val)); if (pa2 == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } md->val = pa2; @@ -675,13 +683,13 @@ init_as_req (krb5_context context, a->req_body.cname = malloc(sizeof(*a->req_body.cname)); if (a->req_body.cname == NULL) { ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto fail; } a->req_body.sname = malloc(sizeof(*a->req_body.sname)); if (a->req_body.sname == NULL) { ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto fail; } ret = _krb5_principal2principalname (a->req_body.cname, creds->client); @@ -698,7 +706,7 @@ init_as_req (krb5_context context, a->req_body.from = malloc(sizeof(*a->req_body.from)); if (a->req_body.from == NULL) { ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto fail; } *a->req_body.from = creds->times.starttime; @@ -711,7 +719,7 @@ init_as_req (krb5_context context, a->req_body.rtime = malloc(sizeof(*a->req_body.rtime)); if (a->req_body.rtime == NULL) { ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto fail; } *a->req_body.rtime = creds->times.renew_till; @@ -734,7 +742,7 @@ init_as_req (krb5_context context, a->req_body.addresses = malloc(sizeof(*a->req_body.addresses)); if (a->req_body.addresses == NULL) { ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto fail; } @@ -759,7 +767,7 @@ init_as_req (krb5_context context, ALLOC(a->padata, 1); if(a->padata == NULL) { ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto fail; } a->padata->val = NULL; @@ -781,8 +789,8 @@ init_as_req (krb5_context context, sp = NULL; else krb5_data_zero(&salt.saltvalue); - ret = add_padata(context, a->padata, creds->client, - key_proc, keyseed, + ret = add_padata(context, a->padata, creds->client, + key_proc, keyseed, &preauth->val[i].info.val[j].etype, 1, sp); if (ret == 0) @@ -790,7 +798,7 @@ init_as_req (krb5_context context, } } } - } else + } else /* not sure this is the way to use `ptypes' */ if (ptypes == NULL || *ptypes == KRB5_PADATA_NONE) a->padata = NULL; @@ -798,26 +806,27 @@ init_as_req (krb5_context context, ALLOC(a->padata, 1); if (a->padata == NULL) { ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto fail; } a->padata->len = 0; a->padata->val = NULL; /* make a v5 salted pa-data */ - add_padata(context, a->padata, creds->client, + add_padata(context, a->padata, creds->client, key_proc, keyseed, a->req_body.etype.val, a->req_body.etype.len, NULL); /* make a v4 salted pa-data */ salt.salttype = KRB5_PW_SALT; krb5_data_zero(&salt.saltvalue); - add_padata(context, a->padata, creds->client, + add_padata(context, a->padata, creds->client, key_proc, keyseed, a->req_body.etype.val, a->req_body.etype.len, &salt); } else { ret = KRB5_PREAUTH_BAD_TYPE; - krb5_set_error_message (context, ret, "pre-auth type %d not supported", + krb5_set_error_message (context, ret, + N_("pre-auth type %d not supported", ""), *ptypes); goto fail; } @@ -829,7 +838,7 @@ fail: static int set_ptypes(krb5_context context, - KRB_ERROR *error, + KRB_ERROR *error, const krb5_preauthtype **ptypes, krb5_preauthdata **preauth) { @@ -839,9 +848,9 @@ set_ptypes(krb5_context context, if(error->e_data) { METHOD_DATA md; int i; - decode_METHOD_DATA(error->e_data->data, - error->e_data->length, - &md, + decode_METHOD_DATA(error->e_data->data, + error->e_data->length, + &md, NULL); for(i = 0; i < md.len; i++){ switch(md.val[i].padata_type){ @@ -853,7 +862,7 @@ set_ptypes(krb5_context context, ALLOC_SEQ(*preauth, 1); (*preauth)->val[0].type = KRB5_PADATA_ENC_TIMESTAMP; krb5_decode_ETYPE_INFO(context, - md.val[i].padata_value.data, + md.val[i].padata_value.data, md.val[i].padata_value.length, &(*preauth)->val[0].info, NULL); @@ -960,7 +969,7 @@ krb5_get_in_cred(krb5_context context, done = 0; preauth = my_preauth; krb5_free_error_contents(context, &error); - krb5_clear_error_string(context); + krb5_clear_error_message(context); continue; } if(ret_as_reply) @@ -973,17 +982,17 @@ krb5_get_in_cred(krb5_context context, } krb5_data_free(&resp); } while(!done); - + pa = NULL; etype = rep.kdc_rep.enc_part.etype; if(rep.kdc_rep.padata){ int i = 0; - pa = krb5_find_padata(rep.kdc_rep.padata->val, rep.kdc_rep.padata->len, + pa = krb5_find_padata(rep.kdc_rep.padata->val, rep.kdc_rep.padata->len, KRB5_PADATA_PW_SALT, &i); if(pa == NULL) { i = 0; - pa = krb5_find_padata(rep.kdc_rep.padata->val, - rep.kdc_rep.padata->len, + pa = krb5_find_padata(rep.kdc_rep.padata->val, + rep.kdc_rep.padata->len, KRB5_PADATA_AFS3_SALT, &i); } } @@ -1009,16 +1018,16 @@ krb5_get_in_cred(krb5_context context, if (opts.request_anonymous) flags |= EXTRACT_TICKET_ALLOW_SERVER_MISMATCH; - ret = _krb5_extract_ticket(context, - &rep, - creds, - key, - keyseed, + ret = _krb5_extract_ticket(context, + &rep, + creds, + key, + keyseed, KRB5_KU_AS_REP_ENC_PART, - NULL, - nonce, + NULL, + nonce, flags, - decrypt_proc, + decrypt_proc, decryptarg); } memset (key->keyvalue.data, 0, key->keyvalue.length); @@ -1048,7 +1057,7 @@ krb5_get_in_tkt(krb5_context context, krb5_kdc_rep *ret_as_reply) { krb5_error_code ret; - + ret = krb5_get_in_cred (context, options, addrs, @@ -1061,7 +1070,7 @@ krb5_get_in_tkt(krb5_context context, decryptarg, creds, ret_as_reply); - if(ret) + if(ret) return ret; if (ccache) ret = krb5_cc_store_cred (context, ccache, creds); diff --git a/source4/heimdal/lib/krb5/get_in_tkt_with_keytab.c b/source4/heimdal/lib/krb5/get_in_tkt_with_keytab.c index 78a1c340ac..0dedbefd2c 100644 --- a/source4/heimdal/lib/krb5/get_in_tkt_with_keytab.c +++ b/source4/heimdal/lib/krb5/get_in_tkt_with_keytab.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" diff --git a/source4/heimdal/lib/krb5/get_port.c b/source4/heimdal/lib/krb5/get_port.c index 895c21a433..c9869eb450 100644 --- a/source4/heimdal/lib/krb5/get_port.c +++ b/source4/heimdal/lib/krb5/get_port.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include <krb5_locl.h> @@ -45,7 +45,7 @@ krb5_getportbyname (krb5_context context, if ((sp = roken_getservbyname (service, proto)) == NULL) { #if 0 - krb5_warnx(context, "%s/%s unknown service, using default port %d", + krb5_warnx(context, "%s/%s unknown service, using default port %d", service, proto, default_port); #endif return htons(default_port); diff --git a/source4/heimdal/lib/krb5/heim_threads.h b/source4/heimdal/lib/krb5/heim_threads.h index c550499499..c4f841fb61 100644 --- a/source4/heimdal/lib/krb5/heim_threads.h +++ b/source4/heimdal/lib/krb5/heim_threads.h @@ -1,34 +1,34 @@ /* - * Copyright (c) 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ /* $Id$ */ @@ -50,7 +50,7 @@ #if defined(__NetBSD__) && __NetBSD_Version__ >= 106120000 && __NetBSD_Version__< 299001200 && defined(ENABLE_PTHREAD_SUPPORT) -/* +/* * NetBSD have a thread lib that we can use that part of libc that * works regardless if application are linked to pthreads or not. * NetBSD newer then 2.99.11 just use pthread.h, and the same thing diff --git a/source4/heimdal/lib/krb5/init_creds.c b/source4/heimdal/lib/krb5/init_creds.c index b2b3b6550d..89ea3004ed 100644 --- a/source4/heimdal/lib/krb5/init_creds.c +++ b/source4/heimdal/lib/krb5/init_creds.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,32 +33,36 @@ #include "krb5_locl.h" +#undef __attribute__ +#define __attribute__(x) + RCSID("$Id$"); void KRB5_LIB_FUNCTION krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt) + __attribute__((deprecated)) { memset (opt, 0, sizeof(*opt)); - opt->flags = 0; - opt->opt_private = NULL; } krb5_error_code KRB5_LIB_FUNCTION -krb5_get_init_creds_opt_alloc(krb5_context context, +krb5_get_init_creds_opt_alloc(krb5_context context, krb5_get_init_creds_opt **opt) { krb5_get_init_creds_opt *o; - + *opt = NULL; o = calloc(1, sizeof(*o)); if (o == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } - krb5_get_init_creds_opt_init(o); + o->opt_private = calloc(1, sizeof(*o->opt_private)); if (o->opt_private == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); free(o); return ENOMEM; } @@ -68,7 +72,7 @@ krb5_get_init_creds_opt_alloc(krb5_context context, } krb5_error_code -_krb5_get_init_creds_opt_copy(krb5_context context, +_krb5_get_init_creds_opt_copy(krb5_context context, const krb5_get_init_creds_opt *in, krb5_get_init_creds_opt **out) { @@ -77,7 +81,7 @@ _krb5_get_init_creds_opt_copy(krb5_context context, *out = NULL; opt = calloc(1, sizeof(*opt)); if (opt == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } if (in) @@ -85,7 +89,7 @@ _krb5_get_init_creds_opt_copy(krb5_context context, if(opt->opt_private == NULL) { opt->opt_private = calloc(1, sizeof(*opt->opt_private)); if (opt->opt_private == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); free(opt); return ENOMEM; } @@ -108,7 +112,7 @@ _krb5_get_init_creds_opt_free_krb5_error(krb5_get_init_creds_opt *opt) void KRB5_LIB_FUNCTION _krb5_get_init_creds_opt_set_krb5_error(krb5_context context, - krb5_get_init_creds_opt *opt, + krb5_get_init_creds_opt *opt, const KRB_ERROR *error) { krb5_error_code ret; @@ -224,7 +228,7 @@ krb5_get_init_creds_opt_set_default_flags(krb5_context context, if(t != 0) krb5_get_init_creds_opt_set_renew_life(opt, t); - krb5_appdefault_boolean(context, appname, realm, "no-addresses", + krb5_appdefault_boolean(context, appname, realm, "no-addresses", KRB5_ADDRESSLESS_DEFAULT, &b); krb5_get_init_creds_opt_set_addressless (context, opt, b); @@ -327,7 +331,8 @@ require_ext_opt(krb5_context context, const char *type) { if (opt->opt_private == NULL) { - krb5_set_error_message(context, EINVAL, "%s on non extendable opt", type); + krb5_set_error_message(context, EINVAL, + N_("%s on non extendable opt", ""), type); return EINVAL; } return 0; @@ -381,13 +386,13 @@ krb5_get_init_creds_opt_get_error(krb5_context context, *error = malloc(sizeof(**error)); if (*error == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } ret = copy_KRB_ERROR(opt->opt_private->error, *error); if (ret) - krb5_clear_error_string(context); + krb5_clear_error_message(context); return 0; } diff --git a/source4/heimdal/lib/krb5/init_creds_pw.c b/source4/heimdal/lib/krb5/init_creds_pw.c index f56d069b37..0b75522e9d 100644 --- a/source4/heimdal/lib/krb5/init_creds_pw.c +++ b/source4/heimdal/lib/krb5/init_creds_pw.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" @@ -59,7 +59,7 @@ typedef struct krb5_get_init_creds_ctx { } krb5_get_init_creds_ctx; static krb5_error_code -default_s2k_func(krb5_context context, krb5_enctype type, +default_s2k_func(krb5_context context, krb5_enctype type, krb5_const_pointer keyseed, krb5_salt salt, krb5_data *s2kparms, krb5_keyblock **key) @@ -138,7 +138,7 @@ init_cred (krb5_context context, krb5_timeofday (context, &now); memset (cred, 0, sizeof(*cred)); - + if (client) krb5_copy_principal(context, client, &cred->client); else { @@ -170,7 +170,7 @@ init_cred (krb5_context context, goto out; krb5_principal_set_realm (context, cred->server, client_realm); } else { - ret = krb5_make_principal(context, &cred->server, + ret = krb5_make_principal(context, &cred->server, client_realm, KRB5_TGS_NAME, client_realm, NULL); if (ret) @@ -195,7 +195,7 @@ report_expiration (krb5_context context, time_t now) { char *p; - + asprintf (&p, "%s%s", str, ctime(&now)); (*prompter) (context, data, NULL, p, 0, NULL); free (p); @@ -336,7 +336,7 @@ get_init_creds_common(krb5_context context, etypes = malloc((options->etype_list_length + 1) * sizeof(krb5_enctype)); if (etypes == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } memcpy (etypes, options->etype_list, @@ -348,7 +348,7 @@ get_init_creds_common(krb5_context context, pre_auth_types = malloc((options->preauth_list_length + 1) * sizeof(krb5_preauthtype)); if (pre_auth_types == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } memcpy (pre_auth_types, options->preauth_list, @@ -393,7 +393,7 @@ change_password (krb5_context context, if (old_options && old_options->flags & KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST) krb5_get_init_creds_opt_set_preauth_list (&options, old_options->preauth_list, - old_options->preauth_list_length); + old_options->preauth_list_length); krb5_data_zero (&result_code_string); krb5_data_zero (&result_string); @@ -440,7 +440,7 @@ change_password (krb5_context context, memset (buf1, 0, sizeof(buf1)); memset (buf2, 0, sizeof(buf2)); } - + ret = krb5_set_password (context, &cpw_cred, buf1, @@ -462,7 +462,8 @@ change_password (krb5_context context, ret = 0; } else { ret = ENOTTY; - krb5_set_error_message(context, ret, "failed changing password"); + krb5_set_error_message(context, ret, + N_("failed changing password", "")); } out: @@ -496,7 +497,7 @@ krb5_get_init_creds_keytab(krb5_context context, krb5_get_init_creds_ctx ctx; krb5_error_code ret; krb5_keytab_key_proc_args *a; - + ret = get_init_creds_common(context, client, start_time, in_tkt_service, options, &ctx); if (ret) @@ -505,7 +506,7 @@ krb5_get_init_creds_keytab(krb5_context context, a = malloc (sizeof(*a)); if (a == NULL) { ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto out; } a->principal = ctx.cred.client; @@ -557,13 +558,13 @@ init_creds_init_as_req (krb5_context context, a->req_body.cname = malloc(sizeof(*a->req_body.cname)); if (a->req_body.cname == NULL) { ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto fail; } a->req_body.sname = malloc(sizeof(*a->req_body.sname)); if (a->req_body.sname == NULL) { ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto fail; } @@ -582,7 +583,7 @@ init_creds_init_as_req (krb5_context context, a->req_body.from = malloc(sizeof(*a->req_body.from)); if (a->req_body.from == NULL) { ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto fail; } *a->req_body.from = creds->times.starttime; @@ -595,7 +596,7 @@ init_creds_init_as_req (krb5_context context, a->req_body.rtime = malloc(sizeof(*a->req_body.rtime)); if (a->req_body.rtime == NULL) { ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto fail; } *a->req_body.rtime = creds->times.renew_till; @@ -618,7 +619,7 @@ init_creds_init_as_req (krb5_context context, a->req_body.addresses = malloc(sizeof(*a->req_body.addresses)); if (a->req_body.addresses == NULL) { ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto fail; } @@ -672,7 +673,7 @@ set_paid(struct pa_info_data *paid, krb5_context context, paid->salt.salttype = salttype; paid->salt.saltvalue.data = malloc(salt_len + 1); if (paid->salt.saltvalue.data == NULL) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ENOMEM; } memcpy(paid->salt.saltvalue.data, salt_string, salt_len); @@ -683,7 +684,7 @@ set_paid(struct pa_info_data *paid, krb5_context context, ret = krb5_copy_data(context, s2kparams, &paid->s2kparams); if (ret) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); krb5_free_salt(context, paid->salt); return ret; } @@ -695,9 +696,9 @@ set_paid(struct pa_info_data *paid, krb5_context context, static struct pa_info_data * pa_etype_info2(krb5_context context, - const krb5_principal client, + const krb5_principal client, const AS_REQ *asreq, - struct pa_info_data *paid, + struct pa_info_data *paid, heim_octet_string *data) { krb5_error_code ret; @@ -725,7 +726,7 @@ pa_etype_info2(krb5_context context, if (ret == 0) ret = set_paid(paid, context, e.val[i].etype, KRB5_PW_SALT, - salt.saltvalue.data, + salt.saltvalue.data, salt.saltvalue.length, e.val[i].s2kparams); if (e.val[i].salt == NULL) @@ -744,7 +745,7 @@ pa_etype_info2(krb5_context context, static struct pa_info_data * pa_etype_info(krb5_context context, - const krb5_principal client, + const krb5_principal client, const AS_REQ *asreq, struct pa_info_data *paid, heim_octet_string *data) @@ -776,7 +777,7 @@ pa_etype_info(krb5_context context, if (ret == 0) { ret = set_paid(paid, context, e.val[i].etype, salt.salttype, - salt.saltvalue.data, + salt.saltvalue.data, salt.saltvalue.length, NULL); if (e.val[i].salt == NULL) @@ -796,7 +797,7 @@ pa_etype_info(krb5_context context, static struct pa_info_data * pa_pw_or_afs3_salt(krb5_context context, - const krb5_principal client, + const krb5_principal client, const AS_REQ *asreq, struct pa_info_data *paid, heim_octet_string *data) @@ -804,10 +805,10 @@ pa_pw_or_afs3_salt(krb5_context context, krb5_error_code ret; if (paid->etype == ENCTYPE_NULL) return NULL; - ret = set_paid(paid, context, + ret = set_paid(paid, context, paid->etype, paid->salt.salttype, - data->data, + data->data, data->length, NULL); if (ret) @@ -819,9 +820,9 @@ pa_pw_or_afs3_salt(krb5_context context, struct pa_info { krb5_preauthtype type; struct pa_info_data *(*salt_info)(krb5_context, - const krb5_principal, + const krb5_principal, const AS_REQ *, - struct pa_info_data *, + struct pa_info_data *, heim_octet_string *); }; @@ -831,7 +832,7 @@ static struct pa_info pa_prefs[] = { { KRB5_PADATA_PW_SALT, pa_pw_or_afs3_salt }, { KRB5_PADATA_AFS3_SALT, pa_pw_or_afs3_salt } }; - + static PA_DATA * find_pa_data(const METHOD_DATA *md, int type) { @@ -845,8 +846,8 @@ find_pa_data(const METHOD_DATA *md, int type) } static struct pa_info_data * -process_pa_info(krb5_context context, - const krb5_principal client, +process_pa_info(krb5_context context, + const krb5_principal client, const AS_REQ *asreq, struct pa_info_data *paid, METHOD_DATA *md) @@ -866,7 +867,7 @@ process_pa_info(krb5_context context, } static krb5_error_code -make_pa_enc_timestamp(krb5_context context, METHOD_DATA *md, +make_pa_enc_timestamp(krb5_context context, METHOD_DATA *md, krb5_enctype etype, krb5_keyblock *key) { PA_ENC_TS_ENC p; @@ -878,7 +879,7 @@ make_pa_enc_timestamp(krb5_context context, METHOD_DATA *md, int32_t usec; int usec2; krb5_crypto crypto; - + krb5_us_timeofday (context, &p.patimestamp, &usec); usec2 = usec; p.pausec = &usec2; @@ -894,7 +895,7 @@ make_pa_enc_timestamp(krb5_context context, METHOD_DATA *md, free(buf); return ret; } - ret = krb5_encrypt_EncryptedData(context, + ret = krb5_encrypt_EncryptedData(context, crypto, KRB5_KU_PA_ENC_TIMESTAMP, buf, @@ -905,7 +906,7 @@ make_pa_enc_timestamp(krb5_context context, METHOD_DATA *md, krb5_crypto_destroy(context, crypto); if (ret) return ret; - + ASN1_MALLOC_ENCODE(EncryptedData, buf, buf_size, &encdata, &len, ret); free_EncryptedData(&encdata); if (ret) @@ -921,7 +922,7 @@ make_pa_enc_timestamp(krb5_context context, METHOD_DATA *md, static krb5_error_code add_enc_ts_padata(krb5_context context, - METHOD_DATA *md, + METHOD_DATA *md, krb5_principal client, krb5_s2k_proc key_proc, krb5_const_pointer keyseed, @@ -934,7 +935,7 @@ add_enc_ts_padata(krb5_context context, krb5_salt salt2; krb5_enctype *ep; int i; - + if(salt == NULL) { /* default to standard salt */ ret = krb5_get_pw_salt (context, client, &salt2); @@ -976,7 +977,7 @@ pa_data_to_md_ts_enc(krb5_context context, return 0; if (ppaid) { - add_enc_ts_padata(context, md, client, + add_enc_ts_padata(context, md, client, ctx->key_proc, ctx->password, &ppaid->etype, 1, &ppaid->salt, ppaid->s2kparams); @@ -984,17 +985,17 @@ pa_data_to_md_ts_enc(krb5_context context, krb5_salt salt; /* make a v5 salted pa-data */ - add_enc_ts_padata(context, md, client, + add_enc_ts_padata(context, md, client, ctx->key_proc, ctx->password, - a->req_body.etype.val, a->req_body.etype.len, + a->req_body.etype.val, a->req_body.etype.len, NULL, NULL); /* make a v4 salted pa-data */ salt.salttype = KRB5_PW_SALT; krb5_data_zero(&salt.saltvalue); - add_enc_ts_padata(context, md, client, - ctx->key_proc, ctx->password, - a->req_body.etype.val, a->req_body.etype.len, + add_enc_ts_padata(context, md, client, + ctx->key_proc, ctx->password, + a->req_body.etype.val, a->req_body.etype.len, &salt, NULL); } return 0; @@ -1033,7 +1034,8 @@ pa_data_to_md_pkinit(krb5_context context, ctx->pk_nonce, md); #else - krb5_set_error_message(context, EINVAL, "no support for PKINIT compiled in"); + krb5_set_error_message(context, EINVAL, + N_("no support for PKINIT compiled in", "")); return EINVAL; #endif } @@ -1047,7 +1049,7 @@ pa_data_add_pac_request(krb5_context context, krb5_error_code ret; PA_PAC_REQUEST req; void *buf; - + switch (ctx->req_pac) { case KRB5_INIT_CREDS_TRISTATE_UNSET: return 0; /* don't bother */ @@ -1058,7 +1060,7 @@ pa_data_add_pac_request(krb5_context context, req.include_pac = 0; } - ASN1_MALLOC_ENCODE(PA_PAC_REQUEST, buf, length, + ASN1_MALLOC_ENCODE(PA_PAC_REQUEST, buf, length, &req, &len, ret); if (ret) return ret; @@ -1090,12 +1092,12 @@ process_pa_data_to_md(krb5_context context, ALLOC(*out_md, 1); if (*out_md == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } (*out_md)->len = 0; (*out_md)->val = NULL; - + /* * Make sure we don't sent both ENC-TS and PK-INIT pa data, no * need to expose our password protecting our PKCS12 key. @@ -1150,7 +1152,7 @@ process_pa_data_to_key(krb5_context context, if (rep->kdc_rep.padata) { paid.etype = etype; - ppaid = process_pa_info(context, creds->client, a, &paid, + ppaid = process_pa_info(context, creds->client, a, &paid, rep->kdc_rep.padata); } if (ppaid == NULL) { @@ -1164,13 +1166,13 @@ process_pa_data_to_key(krb5_context context, pa = NULL; if (rep->kdc_rep.padata) { int idx = 0; - pa = krb5_find_padata(rep->kdc_rep.padata->val, + pa = krb5_find_padata(rep->kdc_rep.padata->val, rep->kdc_rep.padata->len, KRB5_PADATA_PK_AS_REP, &idx); if (pa == NULL) { idx = 0; - pa = krb5_find_padata(rep->kdc_rep.padata->val, + pa = krb5_find_padata(rep->kdc_rep.padata->val, rep->kdc_rep.padata->len, KRB5_PADATA_PK_AS_REP_19, &idx); @@ -1189,14 +1191,14 @@ process_pa_data_to_key(krb5_context context, key); #else ret = EINVAL; - krb5_set_error_message(context, ret, "no support for PKINIT compiled in"); + krb5_set_error_message(context, ret, N_("no support for PKINIT compiled in", "")); #endif } else if (ctx->password) - ret = pa_data_to_key_plain(context, creds->client, ctx, + ret = pa_data_to_key_plain(context, creds->client, ctx, paid.salt, paid.s2kparams, etype, key); else { ret = EINVAL; - krb5_set_error_message(context, ret, "No usable pa data type"); + krb5_set_error_message(context, ret, N_("No usable pa data type", "")); } free_paid(context, &paid); @@ -1250,7 +1252,7 @@ init_cred_loop(krb5_context context, * Increase counter when we want other pre-auth types then * KRB5_PA_ENC_TIMESTAMP. */ -#define MAX_PA_COUNTER 3 +#define MAX_PA_COUNTER 3 ctx->pa_counter = 0; while (ctx->pa_counter < MAX_PA_COUNTER) { @@ -1275,8 +1277,8 @@ init_cred_loop(krb5_context context, krb5_data_free(&ctx->req_buffer); - ASN1_MALLOC_ENCODE(AS_REQ, - ctx->req_buffer.data, ctx->req_buffer.length, + ASN1_MALLOC_ENCODE(AS_REQ, + ctx->req_buffer.data, ctx->req_buffer.length, &ctx->as_req, &len, ret); if (ret) goto out; @@ -1292,7 +1294,7 @@ init_cred_loop(krb5_context context, ret = decode_AS_REP(resp.data, resp.length, &rep.kdc_rep, &size); if (ret == 0) { krb5_data_free(&resp); - krb5_clear_error_string(context); + krb5_clear_error_message(context); break; } else { /* let's try to parse it as a KRB-ERROR */ @@ -1317,13 +1319,13 @@ init_cred_loop(krb5_context context, memset(&md, 0, sizeof(md)); if (error.e_data) { - ret = decode_METHOD_DATA(error.e_data->data, - error.e_data->length, - &md, + ret = decode_METHOD_DATA(error.e_data->data, + error.e_data->length, + &md, NULL); if (ret) krb5_set_error_message(context, ret, - "failed to decode METHOD DATA"); + N_("failed to decode METHOD DATA", "")); } else { /* XXX guess what the server want here add add md */ } @@ -1356,7 +1358,7 @@ init_cred_loop(krb5_context context, if (ctx->ic_flags & KRB5_INIT_CREDS_NO_C_CANON_CHECK) flags |= EXTRACT_TICKET_ALLOW_CNAME_MISMATCH; - ret = process_pa_data_to_key(context, ctx, creds, + ret = process_pa_data_to_key(context, ctx, creds, &ctx->as_req, &rep, hi, &key); if (ret) goto out; @@ -1383,7 +1385,7 @@ out: if (ret == 0 && ret_as_reply) *ret_as_reply = rep; - else + else krb5_free_kdc_rep (context, &rep); return ret; } @@ -1434,7 +1436,7 @@ krb5_get_init_creds(krb5_context context, if (prompter == NULL || ctx.password == NULL) goto out; - krb5_clear_error_string (context); + krb5_clear_error_message (context); if (ctx.in_tkt_service != NULL && strcmp (ctx.in_tkt_service, "kadmin/changepw") == 0) @@ -1495,9 +1497,9 @@ krb5_get_init_creds_password(krb5_context context, const char *realm = krb5_principal_get_realm(context, client); ret = krb5_get_init_creds_opt_alloc(context, &options); if (ret == 0) - krb5_get_init_creds_opt_set_default_flags(context, - NULL, - realm, + krb5_get_init_creds_opt_set_default_flags(context, + NULL, + realm, options); } else ret = _krb5_get_init_creds_opt_copy(context, in_options, &options); @@ -1528,7 +1530,7 @@ krb5_get_init_creds_password(krb5_context context, memset (buf, 0, sizeof(buf)); krb5_get_init_creds_opt_free(context, options); ret = KRB5_LIBOS_PWDINTR; - krb5_clear_error_string (context); + krb5_clear_error_message (context); return ret; } password = password_data.data; @@ -1572,7 +1574,7 @@ krb5_get_init_creds_keyblock(krb5_context context, { struct krb5_get_init_creds_ctx ctx; krb5_error_code ret; - + ret = get_init_creds_common(context, client, start_time, in_tkt_service, options, &ctx); if (ret) diff --git a/source4/heimdal/lib/krb5/kcm.c b/source4/heimdal/lib/krb5/kcm.c index d5f38c5aaf..8a8f1efc11 100644 --- a/source4/heimdal/lib/krb5/kcm.c +++ b/source4/heimdal/lib/krb5/kcm.c @@ -67,7 +67,7 @@ try_door(krb5_context context, int ret; memset(&arg, 0, sizeof(arg)); - + fd = open(k->door_path, O_RDWR); if (fd < 0) return KRB5_CC_IO; @@ -114,13 +114,13 @@ try_unix_socket(krb5_context context, close(fd); return KRB5_CC_IO; } - + ret = _krb5_send_and_recv_tcp(fd, context->kdc_timeout, request_data, response_data); close(fd); return ret; } - + static krb5_error_code kcm_send_request(krb5_context context, krb5_kcmcache *k, @@ -136,7 +136,7 @@ kcm_send_request(krb5_context context, ret = krb5_storage_to_data(request, &request_data); if (ret) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return KRB5_CC_NOMEM; } @@ -154,7 +154,7 @@ kcm_send_request(krb5_context context, krb5_data_free(&request_data); if (ret) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); ret = KRB5_CC_NOSUPP; } @@ -173,7 +173,7 @@ kcm_storage_request(krb5_context context, sp = krb5_storage_emem(); if (sp == NULL) { - krb5_set_error_message(context, KRB5_CC_NOMEM, "malloc: out of memory"); + krb5_set_error_message(context, KRB5_CC_NOMEM, N_("malloc: out of memory", "")); return KRB5_CC_NOMEM; } @@ -191,11 +191,12 @@ kcm_storage_request(krb5_context context, *storage_p = sp; fail: if (ret) { - krb5_set_error_message(context, ret, "Failed to encode request"); + krb5_set_error_message(context, ret, + N_("Failed to encode KCM request", "")); krb5_storage_free(sp); } - - return ret; + + return ret; } static krb5_error_code @@ -206,7 +207,7 @@ kcm_alloc(krb5_context context, const char *name, krb5_ccache *id) k = malloc(sizeof(*k)); if (k == NULL) { - krb5_set_error_message(context, KRB5_CC_NOMEM, "malloc: out of memory"); + krb5_set_error_message(context, KRB5_CC_NOMEM, N_("malloc: out of memory", "")); return KRB5_CC_NOMEM; } @@ -214,7 +215,8 @@ kcm_alloc(krb5_context context, const char *name, krb5_ccache *id) k->name = strdup(name); if (k->name == NULL) { free(k); - krb5_set_error_message(context, KRB5_CC_NOMEM, "malloc: out of memory"); + krb5_set_error_message(context, KRB5_CC_NOMEM, + N_("malloc: out of memory", "")); return KRB5_CC_NOMEM; } } else @@ -222,16 +224,16 @@ kcm_alloc(krb5_context context, const char *name, krb5_ccache *id) path = krb5_config_get_string_default(context, NULL, _PATH_KCM_SOCKET, - "libdefaults", + "libdefaults", "kcm_socket", NULL); - + k->path.sun_family = AF_UNIX; strlcpy(k->path.sun_path, path, sizeof(k->path.sun_path)); path = krb5_config_get_string_default(context, NULL, _PATH_KCM_DOOR, - "libdefaults", + "libdefaults", "kcm_door", NULL); k->door_path = strdup(path); @@ -738,7 +740,7 @@ kcm_end_get (krb5_context context, krb5_storage_free(request); return ret; } - + krb5_storage_free(request); KCMCURSOR(*cursor) = 0; @@ -865,11 +867,18 @@ kcm_move(krb5_context context, krb5_ccache from, krb5_ccache to) static krb5_error_code kcm_default_name(krb5_context context, char **str) { - return _krb5_expand_default_cc_name(context, + return _krb5_expand_default_cc_name(context, KRB5_DEFAULT_CCNAME_KCM, str); } +static krb5_error_code +kcm_lastchange(krb5_context context, krb5_ccache id, krb5_timestamp *mtime) +{ + *mtime = time(NULL); + return 0; +} + /** * Variable containing the KCM based credential cache implemention. * @@ -898,7 +907,9 @@ KRB5_LIB_VARIABLE const krb5_cc_ops krb5_kcm_ops = { NULL, NULL, kcm_move, - kcm_default_name + kcm_default_name, + NULL, + kcm_lastchange }; krb5_boolean diff --git a/source4/heimdal/lib/krb5/keyblock.c b/source4/heimdal/lib/krb5/keyblock.c index 38a856624e..aa6353d7c8 100644 --- a/source4/heimdal/lib/krb5/keyblock.c +++ b/source4/heimdal/lib/krb5/keyblock.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" @@ -124,8 +124,7 @@ krb5_keyblock_init(krb5_context context, } ret = krb5_data_copy(&key->keyvalue, data, len); if(ret) { - krb5_set_error_message(context, ret, "malloc failed: %lu", - (unsigned long)len); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); return ret; } key->keytype = type; diff --git a/source4/heimdal/lib/krb5/keytab.c b/source4/heimdal/lib/krb5/keytab.c index f3e6b9e8f4..aa7c77ce46 100644 --- a/source4/heimdal/lib/krb5/keytab.c +++ b/source4/heimdal/lib/krb5/keytab.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" @@ -47,15 +47,15 @@ krb5_kt_register(krb5_context context, struct krb5_keytab_data *tmp; if (strlen(ops->prefix) > KRB5_KT_PREFIX_MAX_LEN - 1) { - krb5_set_error_message(context, KRB5_KT_BADNAME, - "krb5_kt_register; prefix too long"); + krb5_set_error_message(context, KRB5_KT_BADNAME, + N_("can't register cache type, prefix too long", "")); return KRB5_KT_BADNAME; } tmp = realloc(context->kt_types, (context->num_kt_types + 1) * sizeof(*context->kt_types)); if(tmp == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } memcpy(&tmp[context->num_kt_types], ops, @@ -92,21 +92,21 @@ krb5_kt_resolve(krb5_context context, type_len = residual - name; residual++; } - + for(i = 0; i < context->num_kt_types; i++) { if(strncasecmp(type, context->kt_types[i].prefix, type_len) == 0) break; } if(i == context->num_kt_types) { krb5_set_error_message(context, KRB5_KT_UNKNOWN_TYPE, - "unknown keytab type %.*s", + N_("unknown keytab type %.*s", "type"), (int)type_len, type); return KRB5_KT_UNKNOWN_TYPE; } - + k = malloc (sizeof(*k)); if (k == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } memcpy(k, &context->kt_types[i], sizeof(*k)); @@ -129,7 +129,7 @@ krb5_error_code KRB5_LIB_FUNCTION krb5_kt_default_name(krb5_context context, char *name, size_t namesize) { if (strlcpy (name, context->default_keytab, namesize) >= namesize) { - krb5_clear_error_string (context); + krb5_clear_error_message (context); return KRB5_CONFIG_NOTENUFSPACE; } return 0; @@ -150,17 +150,17 @@ krb5_kt_default_modify_name(krb5_context context, char *name, size_t namesize) else { size_t len = strcspn(context->default_keytab + 4, ","); if(len >= namesize) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return KRB5_CONFIG_NOTENUFSPACE; } strlcpy(name, context->default_keytab + 4, namesize); name[len] = '\0'; return 0; - } + } } else kt = context->default_keytab_modify; if (strlcpy (name, kt, namesize) >= namesize) { - krb5_clear_error_string (context); + krb5_clear_error_message (context); return KRB5_CONFIG_NOTENUFSPACE; } return 0; @@ -233,7 +233,7 @@ krb5_kt_get_type(krb5_context context, */ krb5_error_code KRB5_LIB_FUNCTION -krb5_kt_get_name(krb5_context context, +krb5_kt_get_name(krb5_context context, krb5_keytab keytab, char *name, size_t namesize) @@ -248,14 +248,14 @@ krb5_kt_get_name(krb5_context context, */ krb5_error_code KRB5_LIB_FUNCTION -krb5_kt_get_full_name(krb5_context context, +krb5_kt_get_full_name(krb5_context context, krb5_keytab keytab, char **str) { char type[KRB5_KT_PREFIX_MAX_LEN]; char name[MAXPATHLEN]; krb5_error_code ret; - + *str = NULL; ret = krb5_kt_get_type(context, keytab, type, sizeof(type)); @@ -267,7 +267,7 @@ krb5_kt_get_full_name(krb5_context context, return ret; if (asprintf(str, "%s:%s", type, name) == -1) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); *str = NULL; return ENOMEM; } @@ -281,7 +281,7 @@ krb5_kt_get_full_name(krb5_context context, */ krb5_error_code KRB5_LIB_FUNCTION -krb5_kt_close(krb5_context context, +krb5_kt_close(krb5_context context, krb5_keytab id) { krb5_error_code ret; @@ -300,12 +300,12 @@ krb5_kt_close(krb5_context context, krb5_boolean KRB5_LIB_FUNCTION krb5_kt_compare(krb5_context context, - krb5_keytab_entry *entry, + krb5_keytab_entry *entry, krb5_const_principal principal, krb5_kvno vno, krb5_enctype enctype) { - if(principal != NULL && + if(principal != NULL && !krb5_principal_compare(context, entry->principal, principal)) return FALSE; if(vno && vno != entry->vno) @@ -381,7 +381,8 @@ krb5_kt_get_entry(krb5_context context, kvno_str[0] = '\0'; krb5_set_error_message (context, KRB5_KT_NOTFOUND, - "Failed to find %s%s in keytab %s (%s)", + N_("Failed to find %s%s in keytab %s (%s)", + "principal, kvno, keytab file, enctype"), princ, kvno_str, kt_name ? kt_name : "unknown keytab", @@ -447,8 +448,9 @@ krb5_kt_start_seq_get(krb5_context context, { if(id->start_seq_get == NULL) { krb5_set_error_message(context, HEIM_ERR_OPNOTSUPP, - "start_seq_get is not supported in the %s " - " keytab", id->prefix); + N_("start_seq_get is not supported " + "in the %s keytab type", ""), + id->prefix); return HEIM_ERR_OPNOTSUPP; } return (*id->start_seq_get)(context, id, cursor); @@ -468,8 +470,9 @@ krb5_kt_next_entry(krb5_context context, { if(id->next_entry == NULL) { krb5_set_error_message(context, HEIM_ERR_OPNOTSUPP, - "next_entry is not supported in the %s " - " keytab", id->prefix); + N_("next_entry is not supported in the %s " + " keytab", ""), + id->prefix); return HEIM_ERR_OPNOTSUPP; } return (*id->next_entry)(context, id, entry, cursor); @@ -505,7 +508,7 @@ krb5_kt_add_entry(krb5_context context, { if(id->add == NULL) { krb5_set_error_message(context, KRB5_KT_NOWRITE, - "Add is not supported in the %s keytab", + N_("Add is not supported in the %s keytab", ""), id->prefix); return KRB5_KT_NOWRITE; } @@ -525,7 +528,7 @@ krb5_kt_remove_entry(krb5_context context, { if(id->remove == NULL) { krb5_set_error_message(context, KRB5_KT_NOWRITE, - "Remove is not supported in the %s keytab", + N_("Remove is not supported in the %s keytab", ""), id->prefix); return KRB5_KT_NOWRITE; } diff --git a/source4/heimdal/lib/krb5/keytab_any.c b/source4/heimdal/lib/krb5/keytab_any.c index a4b15394a5..7a2d9b9f70 100644 --- a/source4/heimdal/lib/krb5/keytab_any.c +++ b/source4/heimdal/lib/krb5/keytab_any.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 2001-2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2001-2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" @@ -73,7 +73,7 @@ any_resolve(krb5_context context, const char *name, krb5_keytab id) a->name = strdup(buf); if (a->name == NULL) { ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto fail; } } else @@ -87,7 +87,7 @@ any_resolve(krb5_context context, const char *name, krb5_keytab id) prev = a; } if (a0 == NULL) { - krb5_set_error_message(context, ENOENT, "empty ANY: keytab"); + krb5_set_error_message(context, ENOENT, N_("empty ANY: keytab", "")); return ENOENT; } id->data = a0; @@ -124,8 +124,8 @@ struct any_cursor_extra_data { }; static krb5_error_code -any_start_seq_get(krb5_context context, - krb5_keytab id, +any_start_seq_get(krb5_context context, + krb5_keytab id, krb5_kt_cursor *c) { struct any_data *a = id->data; @@ -134,16 +134,20 @@ any_start_seq_get(krb5_context context, c->data = malloc (sizeof(struct any_cursor_extra_data)); if(c->data == NULL){ - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } ed = (struct any_cursor_extra_data *)c->data; - ed->a = a; - ret = krb5_kt_start_seq_get(context, ed->a->kt, &ed->cursor); - if (ret) { + for (ed->a = a; ed->a != NULL; ed->a = ed->a->next) { + ret = krb5_kt_start_seq_get(context, ed->a->kt, &ed->cursor); + if (ret == 0) + break; + } + if (ed->a == NULL) { free (c->data); c->data = NULL; - return ret; + krb5_clear_error_message (context); + return KRB5_KT_END; } return 0; } @@ -174,7 +178,7 @@ any_next_entry (krb5_context context, break; } if (ed->a == NULL) { - krb5_clear_error_string (context); + krb5_clear_error_message (context); return KRB5_KT_END; } } while (1); @@ -206,7 +210,8 @@ any_add_entry(krb5_context context, while(a != NULL) { ret = krb5_kt_add_entry(context, a->kt, entry); if(ret != 0 && ret != KRB5_KT_NOWRITE) { - krb5_set_error_message(context, ret, "failed to add entry to %s", + krb5_set_error_message(context, ret, + N_("failed to add entry to %s", ""), a->name); return ret; } @@ -229,8 +234,9 @@ any_remove_entry(krb5_context context, found++; else { if(ret != KRB5_KT_NOWRITE && ret != KRB5_KT_NOTFOUND) { - krb5_set_error_message(context, ret, - "Failed to remove keytab entry from %s", + krb5_set_error_message(context, ret, + N_("Failed to remove keytab " + "entry from %s", "keytab name"), a->name); return ret; } diff --git a/source4/heimdal/lib/krb5/keytab_file.c b/source4/heimdal/lib/krb5/keytab_file.c index 17f2d57742..f494cac253 100644 --- a/source4/heimdal/lib/krb5/keytab_file.c +++ b/source4/heimdal/lib/krb5/keytab_file.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" @@ -62,7 +62,7 @@ krb5_kt_ret_data(krb5_context context, data->length = size; data->data = malloc(size); if (data->data == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } ret = krb5_storage_read(sp, data->data, size); @@ -83,7 +83,7 @@ krb5_kt_ret_string(krb5_context context, return ret; *data = malloc(size + 1); if (*data == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } ret = krb5_storage_read(sp, *data, size); @@ -130,34 +130,57 @@ krb5_kt_store_string(krb5_storage *sp, } static krb5_error_code -krb5_kt_ret_keyblock(krb5_context context, krb5_storage *sp, krb5_keyblock *p) +krb5_kt_ret_keyblock(krb5_context context, + struct fkt_data *fkt, + krb5_storage *sp, + krb5_keyblock *p) { int ret; int16_t tmp; ret = krb5_ret_int16(sp, &tmp); /* keytype + etype */ - if(ret) return ret; + if(ret) { + krb5_set_error_message(context, ret, + N_("Cant read keyblock from file %s", ""), + fkt->filename); + return ret; + } p->keytype = tmp; ret = krb5_kt_ret_data(context, sp, &p->keyvalue); + if (ret) + krb5_set_error_message(context, ret, + N_("Cant read keyblock from file %s", ""), + fkt->filename); return ret; } static krb5_error_code krb5_kt_store_keyblock(krb5_context context, - krb5_storage *sp, + struct fkt_data *fkt, + krb5_storage *sp, krb5_keyblock *p) { int ret; ret = krb5_store_int16(sp, p->keytype); /* keytype + etype */ - if(ret) return ret; + if(ret) { + krb5_set_error_message(context, ret, + N_("Cant store keyblock to file %s", ""), + fkt->filename); + return ret; + } ret = krb5_kt_store_data(context, sp, p->keyvalue); + if (ret) + krb5_set_error_message(context, ret, + N_("Cant store keyblock to file %s", ""), + fkt->filename); return ret; } static krb5_error_code krb5_kt_ret_principal(krb5_context context, + struct fkt_data *fkt, krb5_storage *sp, krb5_principal *princ) { @@ -165,17 +188,20 @@ krb5_kt_ret_principal(krb5_context context, int ret; krb5_principal p; int16_t len; - + ALLOC(p, 1); if(p == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } ret = krb5_ret_int16(sp, &len); if(ret) { krb5_set_error_message(context, ret, - "Failed decoding length of keytab principal"); + N_("Failed decoding length of " + "keytab principal in keytab file %s", ""), + fkt->filename); goto out; } if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS)) @@ -183,23 +209,34 @@ krb5_kt_ret_principal(krb5_context context, if (len < 0) { ret = KRB5_KT_END; krb5_set_error_message(context, ret, - "Keytab principal contains invalid length"); + N_("Keytab principal contains " + "invalid length in keytab %s", ""), + fkt->filename); goto out; } ret = krb5_kt_ret_string(context, sp, &p->realm); - if(ret) + if(ret) { + krb5_set_error_message(context, ret, + N_("Can't read realm from keytab: %s", ""), + fkt->filename); goto out; + } p->name.name_string.val = calloc(len, sizeof(*p->name.name_string.val)); if(p->name.name_string.val == NULL) { ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto out; } p->name.name_string.len = len; for(i = 0; i < p->name.name_string.len; i++){ ret = krb5_kt_ret_string(context, sp, p->name.name_string.val + i); - if(ret) + if(ret) { + krb5_set_error_message(context, ret, + N_("Can't read principal from " + "keytab: %s", ""), + fkt->filename); goto out; + } } if (krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE)) p->name.name_type = KRB5_NT_UNKNOWN; @@ -207,8 +244,13 @@ krb5_kt_ret_principal(krb5_context context, int32_t tmp32; ret = krb5_ret_int32(sp, &tmp32); p->name.name_type = tmp32; - if (ret) + if (ret) { + krb5_set_error_message(context, ret, + N_("Can't read name-type from " + "keytab: %s", ""), + fkt->filename); goto out; + } } *princ = p; return 0; @@ -224,7 +266,7 @@ krb5_kt_store_principal(krb5_context context, { int i; int ret; - + if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS)) ret = krb5_store_int16(sp, p->name.name_string.len + 1); else @@ -253,13 +295,13 @@ fkt_resolve(krb5_context context, const char *name, krb5_keytab id) d = malloc(sizeof(*d)); if(d == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } d->filename = strdup(name); if(d->filename == NULL) { free(d); - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } d->flags = 0; @@ -289,10 +331,10 @@ fkt_close(krb5_context context, krb5_keytab id) return 0; } -static krb5_error_code -fkt_get_name(krb5_context context, - krb5_keytab id, - char *name, +static krb5_error_code +fkt_get_name(krb5_context context, + krb5_keytab id, + char *name, size_t namesize) { /* This function is XXX */ @@ -314,15 +356,15 @@ storage_set_flags(krb5_context context, krb5_storage *sp, int vno) case KRB5_KT_VNO_2: break; default: - krb5_warnx(context, + krb5_warnx(context, "storage_set_flags called with bad vno (%d)", vno); } krb5_storage_set_flags(sp, flags); } static krb5_error_code -fkt_start_seq_get_int(krb5_context context, - krb5_keytab id, +fkt_start_seq_get_int(krb5_context context, + krb5_keytab id, int flags, int exclusive, krb5_kt_cursor *c) @@ -330,11 +372,12 @@ fkt_start_seq_get_int(krb5_context context, int8_t pvno, tag; krb5_error_code ret; struct fkt_data *d = id->data; - + c->fd = open (d->filename, flags); if (c->fd < 0) { ret = errno; - krb5_set_error_message(context, ret, "keytab %s open failed: %s", + krb5_set_error_message(context, ret, + N_("keytab %s open failed: %s", ""), d->filename, strerror(ret)); return ret; } @@ -348,7 +391,8 @@ fkt_start_seq_get_int(krb5_context context, if (c->sp == NULL) { _krb5_xunlock(context, c->fd); close(c->fd); - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } krb5_storage_set_eof_code(c->sp, KRB5_KT_END); @@ -357,14 +401,14 @@ fkt_start_seq_get_int(krb5_context context, krb5_storage_free(c->sp); _krb5_xunlock(context, c->fd); close(c->fd); - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ret; } if(pvno != 5) { krb5_storage_free(c->sp); _krb5_xunlock(context, c->fd); close(c->fd); - krb5_clear_error_string (context); + krb5_clear_error_message (context); return KRB5_KEYTAB_BADVNO; } ret = krb5_ret_int8(c->sp, &tag); @@ -372,7 +416,7 @@ fkt_start_seq_get_int(krb5_context context, krb5_storage_free(c->sp); _krb5_xunlock(context, c->fd); close(c->fd); - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ret; } id->version = tag; @@ -381,21 +425,22 @@ fkt_start_seq_get_int(krb5_context context, } static krb5_error_code -fkt_start_seq_get(krb5_context context, - krb5_keytab id, +fkt_start_seq_get(krb5_context context, + krb5_keytab id, krb5_kt_cursor *c) { return fkt_start_seq_get_int(context, id, O_RDONLY | O_BINARY | O_CLOEXEC, 0, c); } static krb5_error_code -fkt_next_entry_int(krb5_context context, - krb5_keytab id, - krb5_keytab_entry *entry, +fkt_next_entry_int(krb5_context context, + krb5_keytab id, + krb5_keytab_entry *entry, krb5_kt_cursor *cursor, off_t *start, off_t *end) { + struct fkt_data *d = id->data; int32_t len; int ret; int8_t tmp8; @@ -411,7 +456,7 @@ loop: pos = krb5_storage_seek(cursor->sp, -len, SEEK_CUR); goto loop; } - ret = krb5_kt_ret_principal (context, cursor->sp, &entry->principal); + ret = krb5_kt_ret_principal (context, d, cursor->sp, &entry->principal); if (ret) goto out; ret = krb5_ret_int32(cursor->sp, &tmp32); @@ -422,7 +467,7 @@ loop: if (ret) goto out; entry->vno = tmp8; - ret = krb5_kt_ret_keyblock (context, cursor->sp, &entry->keyblock); + ret = krb5_kt_ret_keyblock (context, d, cursor->sp, &entry->keyblock); if (ret) goto out; /* there might be a 32 bit kvno here @@ -443,16 +488,16 @@ loop: } static krb5_error_code -fkt_next_entry(krb5_context context, - krb5_keytab id, - krb5_keytab_entry *entry, +fkt_next_entry(krb5_context context, + krb5_keytab id, + krb5_keytab_entry *entry, krb5_kt_cursor *cursor) { return fkt_next_entry_int(context, id, entry, cursor, NULL, NULL); } static krb5_error_code -fkt_end_seq_get(krb5_context context, +fkt_end_seq_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cursor) { @@ -475,7 +520,7 @@ fkt_setup_keytab(krb5_context context, id->version = KRB5_KT_VNO; return krb5_store_int8 (sp, id->version); } - + static krb5_error_code fkt_add_entry(krb5_context context, krb5_keytab id, @@ -487,13 +532,14 @@ fkt_add_entry(krb5_context context, struct fkt_data *d = id->data; krb5_data keytab; int32_t len; - + fd = open (d->filename, O_RDWR | O_BINARY | O_CLOEXEC); if (fd < 0) { fd = open (d->filename, O_RDWR | O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC, 0600); if (fd < 0) { ret = errno; - krb5_set_error_message(context, ret, "open(%s): %s", d->filename, + krb5_set_error_message(context, ret, + N_("open(%s): %s", ""), d->filename, strerror(ret)); return ret; } @@ -529,7 +575,8 @@ fkt_add_entry(krb5_context context, properly */ ret = fkt_setup_keytab(context, id, sp); if(ret) { - krb5_set_error_message(context, ret, "%s: keytab is corrupted: %s", + krb5_set_error_message(context, ret, + N_("%s: keytab is corrupted: %s", ""), d->filename, strerror(ret)); goto out; } @@ -537,14 +584,17 @@ fkt_add_entry(krb5_context context, } else { if(pvno != 5) { ret = KRB5_KEYTAB_BADVNO; - krb5_set_error_message(context, ret, "%s: %s", - d->filename, strerror(ret)); + krb5_set_error_message(context, ret, + N_("Bad version in keytab %s", ""), + d->filename); goto out; } ret = krb5_ret_int8 (sp, &tag); if (ret) { - krb5_set_error_message(context, ret, "%s: reading tag: %s", - d->filename, strerror(ret)); + krb5_set_error_message(context, ret, + N_("failed reading tag from " + "keytab %s", ""), + d->filename); goto out; } id->version = tag; @@ -557,25 +607,38 @@ fkt_add_entry(krb5_context context, emem = krb5_storage_emem(); if(emem == NULL) { ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, + N_("malloc: out of memory", "")); goto out; } ret = krb5_kt_store_principal(context, emem, entry->principal); if(ret) { + krb5_set_error_message(context, ret, + N_("Failed storing principal " + "in keytab %s", ""), + d->filename); krb5_storage_free(emem); goto out; } ret = krb5_store_int32 (emem, entry->timestamp); if(ret) { + krb5_set_error_message(context, ret, + N_("Failed storing timpstamp " + "in keytab %s", ""), + d->filename); krb5_storage_free(emem); goto out; } ret = krb5_store_int8 (emem, entry->vno % 256); if(ret) { + krb5_set_error_message(context, ret, + N_("Failed storing kvno " + "in keytab %s", ""), + d->filename); krb5_storage_free(emem); goto out; } - ret = krb5_kt_store_keyblock (context, emem, &entry->keyblock); + ret = krb5_kt_store_keyblock (context, d, emem, &entry->keyblock); if(ret) { krb5_storage_free(emem); goto out; @@ -583,6 +646,10 @@ fkt_add_entry(krb5_context context, if ((d->flags & KRB5_KT_FL_JAVA) == 0) { ret = krb5_store_int32 (emem, entry->vno); if (ret) { + krb5_set_error_message(context, ret, + N_("Failed storing extended kvno " + "in keytab %s", ""), + d->filename); krb5_storage_free(emem); goto out; } @@ -590,10 +657,15 @@ fkt_add_entry(krb5_context context, ret = krb5_storage_to_data(emem, &keytab); krb5_storage_free(emem); - if(ret) + if(ret) { + krb5_set_error_message(context, ret, + N_("Failed converting keytab entry " + "to memory block for keytab %s", ""), + d->filename); goto out; + } } - + while(1) { ret = krb5_ret_int32(sp, &len); if(ret == KRB5_KT_END) { @@ -610,8 +682,13 @@ fkt_add_entry(krb5_context context, krb5_storage_seek(sp, len, SEEK_CUR); } ret = krb5_store_int32(sp, len); - if(krb5_storage_write(sp, keytab.data, keytab.length) < 0) + if(krb5_storage_write(sp, keytab.data, keytab.length) < 0) { ret = errno; + krb5_set_error_message(context, ret, + N_("Failed writing keytab block " + "in keytab %s: %s", ""), + d->filename, strerror(ret)); + } memset(keytab.data, 0, keytab.length); krb5_data_free(&keytab); out: @@ -631,13 +708,13 @@ fkt_remove_entry(krb5_context context, off_t pos_start, pos_end; int found = 0; krb5_error_code ret; - + ret = fkt_start_seq_get_int(context, id, O_RDWR | O_BINARY | O_CLOEXEC, 1, &cursor); - if(ret != 0) + if(ret != 0) goto out; /* return other error here? */ - while(fkt_next_entry_int(context, id, &e, &cursor, + while(fkt_next_entry_int(context, id, &e, &cursor, &pos_start, &pos_end) == 0) { - if(krb5_kt_compare(context, &e, entry->principal, + if(krb5_kt_compare(context, &e, entry->principal, entry->vno, entry->keyblock.keytype)) { int32_t len; unsigned char buf[128]; @@ -656,7 +733,7 @@ fkt_remove_entry(krb5_context context, krb5_kt_end_seq_get(context, id, &cursor); out: if (!found) { - krb5_clear_error_string (context); + krb5_clear_error_message (context); return KRB5_KT_NOTFOUND; } return 0; diff --git a/source4/heimdal/lib/krb5/keytab_keyfile.c b/source4/heimdal/lib/krb5/keytab_keyfile.c index 3339a96319..71d3d89d58 100644 --- a/source4/heimdal/lib/krb5/keytab_keyfile.c +++ b/source4/heimdal/lib/krb5/keytab_keyfile.c @@ -1,45 +1,47 @@ /* - * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" RCSID("$Id$"); +#ifndef HEIMDAL_SMALLER + /* afs keyfile operations --------------------------------------- */ /* * Minimum tools to handle the AFS KeyFile. - * + * * Format of the KeyFile is: * <int32_t numkeys> {[<int32_t kvno> <char[8] deskey>] * numkeys} * @@ -72,13 +74,17 @@ get_cell_and_realm (krb5_context context, struct akf_data *d) f = fopen (AFS_SERVERTHISCELL, "r"); if (f == NULL) { ret = errno; - krb5_set_error_message (context, ret, "open %s: %s", AFS_SERVERTHISCELL, + krb5_set_error_message (context, ret, + N_("Open ThisCell %s: %s", ""), + AFS_SERVERTHISCELL, strerror(ret)); return ret; } if (fgets (buf, sizeof(buf), f) == NULL) { fclose (f); - krb5_set_error_message (context, EINVAL, "no cell in %s", AFS_SERVERTHISCELL); + krb5_set_error_message (context, EINVAL, + N_("No cell in ThisCell file %s", ""), + AFS_SERVERTHISCELL); return EINVAL; } buf[strcspn(buf, "\n")] = '\0'; @@ -86,7 +92,8 @@ get_cell_and_realm (krb5_context context, struct akf_data *d) d->cell = strdup (buf); if (d->cell == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } @@ -96,7 +103,8 @@ get_cell_and_realm (krb5_context context, struct akf_data *d) free (d->cell); d->cell = NULL; fclose (f); - krb5_set_error_message (context, EINVAL, "no realm in %s", + krb5_set_error_message (context, EINVAL, + N_("No realm in ThisCell file %s", ""), AFS_SERVERMAGICKRBCONF); return EINVAL; } @@ -106,12 +114,13 @@ get_cell_and_realm (krb5_context context, struct akf_data *d) /* uppercase */ for (cp = buf; *cp != '\0'; cp++) *cp = toupper((unsigned char)*cp); - + d->realm = strdup (buf); if (d->realm == NULL) { free (d->cell); d->cell = NULL; - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } return 0; @@ -128,10 +137,11 @@ akf_resolve(krb5_context context, const char *name, krb5_keytab id) struct akf_data *d = malloc(sizeof (struct akf_data)); if (d == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } - + d->num_entries = 0; ret = get_cell_and_realm (context, d); if (ret) { @@ -143,11 +153,12 @@ akf_resolve(krb5_context context, const char *name, krb5_keytab id) free (d->cell); free (d->realm); free (d); - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } id->data = d; - + return 0; } @@ -170,10 +181,10 @@ akf_close(krb5_context context, krb5_keytab id) * Return filename */ -static krb5_error_code -akf_get_name(krb5_context context, - krb5_keytab id, - char *name, +static krb5_error_code +akf_get_name(krb5_context context, + krb5_keytab id, + char *name, size_t name_sz) { struct akf_data *d = id->data; @@ -183,12 +194,12 @@ akf_get_name(krb5_context context, } /* - * Init + * Init */ static krb5_error_code -akf_start_seq_get(krb5_context context, - krb5_keytab id, +akf_start_seq_get(krb5_context context, + krb5_keytab id, krb5_kt_cursor *c) { int32_t ret; @@ -197,7 +208,8 @@ akf_start_seq_get(krb5_context context, c->fd = open (d->filename, O_RDONLY | O_BINARY | O_CLOEXEC, 0600); if (c->fd < 0) { ret = errno; - krb5_set_error_message(context, ret, "keytab afs keyfil open %s failed: %s", + krb5_set_error_message(context, ret, + N_("keytab afs keyfile open %s failed: %s", ""), d->filename, strerror(ret)); return ret; } @@ -207,7 +219,7 @@ akf_start_seq_get(krb5_context context, if(ret) { krb5_storage_free(c->sp); close(c->fd); - krb5_clear_error_string (context); + krb5_clear_error_message (context); if(ret == KRB5_KT_END) return KRB5_KT_NOTFOUND; return ret; @@ -217,9 +229,9 @@ akf_start_seq_get(krb5_context context, } static krb5_error_code -akf_next_entry(krb5_context context, - krb5_keytab id, - krb5_keytab_entry *entry, +akf_next_entry(krb5_context context, + krb5_keytab id, + krb5_keytab_entry *entry, krb5_kt_cursor *cursor) { struct akf_data *d = id->data; @@ -250,7 +262,8 @@ akf_next_entry(krb5_context context, entry->keyblock.keyvalue.data = malloc (8); if (entry->keyblock.keyvalue.data == NULL) { krb5_free_principal (context, entry->principal); - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); ret = ENOMEM; goto out; } @@ -269,7 +282,7 @@ akf_next_entry(krb5_context context, } static krb5_error_code -akf_end_seq_get(krb5_context context, +akf_end_seq_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cursor) { @@ -307,7 +320,9 @@ akf_add_entry(krb5_context context, O_RDWR | O_BINARY | O_CREAT | O_EXCL | O_CLOEXEC, 0600); if (fd < 0) { ret = errno; - krb5_set_error_message(context, ret, "open(%s): %s", d->filename, + krb5_set_error_message(context, ret, + N_("open keyfile(%s): %s", ""), + d->filename, strerror(ret)); return ret; } @@ -317,7 +332,8 @@ akf_add_entry(krb5_context context, sp = krb5_storage_from_fd(fd); if(sp == NULL) { close(fd); - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } if (created) @@ -327,10 +343,12 @@ akf_add_entry(krb5_context context, ret = errno; krb5_storage_free(sp); close(fd); - krb5_set_error_message(context, ret, "seek: %s", strerror(ret)); + krb5_set_error_message(context, ret, + N_("seeking in keyfile: %s", ""), + strerror(ret)); return ret; } - + ret = krb5_ret_int32(sp, &len); if(ret) { krb5_storage_free(sp); @@ -350,12 +368,15 @@ akf_add_entry(krb5_context context, for (i = 0; i < len; i++) { ret = krb5_ret_int32(sp, &kvno); if (ret) { - krb5_set_error_message (context, ret, "Failed to get kvno "); + krb5_set_error_message (context, ret, + N_("Failed getting kvno from keyfile", "")); goto out; } if(krb5_storage_seek(sp, 8, SEEK_CUR) < 0) { ret = errno; - krb5_set_error_message (context, ret, "seek: %s", strerror(ret)); + krb5_set_error_message (context, ret, + N_("Failed seeing in keyfile: %s", ""), + strerror(ret)); goto out; } if (kvno == entry->vno) { @@ -369,36 +390,42 @@ akf_add_entry(krb5_context context, if(krb5_storage_seek(sp, 0, SEEK_SET) < 0) { ret = errno; - krb5_set_error_message (context, ret, "seek: %s", strerror(ret)); + krb5_set_error_message (context, ret, + N_("Failed seeing in keyfile: %s", ""), + strerror(ret)); goto out; } ret = krb5_store_int32(sp, len); if(ret) { ret = errno; - krb5_set_error_message (context, ret, "keytab keyfile failed new length"); + krb5_set_error_message (context, ret, + N_("keytab keyfile failed new length", "")); return ret; } if(krb5_storage_seek(sp, (len - 1) * (8 + 4), SEEK_CUR) < 0) { ret = errno; - krb5_set_error_message (context, ret, "seek to end: %s", strerror(ret)); + krb5_set_error_message (context, ret, + N_("seek to end: %s", ""), strerror(ret)); goto out; } ret = krb5_store_int32(sp, entry->vno); if(ret) { - krb5_set_error_message(context, ret, "keytab keyfile failed store kvno"); + krb5_set_error_message(context, ret, + N_("keytab keyfile failed store kvno", "")); goto out; } - ret = krb5_storage_write(sp, entry->keyblock.keyvalue.data, + ret = krb5_storage_write(sp, entry->keyblock.keyvalue.data, entry->keyblock.keyvalue.length); if(ret != entry->keyblock.keyvalue.length) { if (ret < 0) ret = errno; else ret = ENOTTY; - krb5_set_error_message(context, ret, "keytab keyfile failed to add key"); + krb5_set_error_message(context, ret, + N_("keytab keyfile failed to add key", "")); goto out; } ret = 0; @@ -420,3 +447,5 @@ const krb5_kt_ops krb5_akf_ops = { akf_add_entry, NULL /* remove */ }; + +#endif /* HEIMDAL_SMALLER */ diff --git a/source4/heimdal/lib/krb5/keytab_memory.c b/source4/heimdal/lib/krb5/keytab_memory.c index 5f648d9bce..defd10d67c 100644 --- a/source4/heimdal/lib/krb5/keytab_memory.c +++ b/source4/heimdal/lib/krb5/keytab_memory.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" @@ -45,7 +45,7 @@ struct mkt_data { struct mkt_data *next; }; -/* this mutex protects mkt_head, ->refcount, and ->next +/* this mutex protects mkt_head, ->refcount, and ->next * content is not protected (name is static and need no protection) */ static HEIMDAL_MUTEX mkt_mutex = HEIMDAL_MUTEX_INITIALIZER; @@ -75,14 +75,16 @@ mkt_resolve(krb5_context context, const char *name, krb5_keytab id) d = calloc(1, sizeof(*d)); if(d == NULL) { HEIMDAL_MUTEX_unlock(&mkt_mutex); - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } d->name = strdup(name); if (d->name == NULL) { HEIMDAL_MUTEX_unlock(&mkt_mutex); free(d); - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } d->entries = NULL; @@ -103,7 +105,7 @@ mkt_close(krb5_context context, krb5_keytab id) HEIMDAL_MUTEX_lock(&mkt_mutex); if (d->refcount < 1) - krb5_abortx(context, + krb5_abortx(context, "krb5 internal error, memory keytab refcount < 1 on close"); if (--d->refcount > 0) { @@ -126,10 +128,10 @@ mkt_close(krb5_context context, krb5_keytab id) return 0; } -static krb5_error_code -mkt_get_name(krb5_context context, - krb5_keytab id, - char *name, +static krb5_error_code +mkt_get_name(krb5_context context, + krb5_keytab id, + char *name, size_t namesize) { struct mkt_data *d = id->data; @@ -138,8 +140,8 @@ mkt_get_name(krb5_context context, } static krb5_error_code -mkt_start_seq_get(krb5_context context, - krb5_keytab id, +mkt_start_seq_get(krb5_context context, + krb5_keytab id, krb5_kt_cursor *c) { /* XXX */ @@ -148,9 +150,9 @@ mkt_start_seq_get(krb5_context context, } static krb5_error_code -mkt_next_entry(krb5_context context, - krb5_keytab id, - krb5_keytab_entry *entry, +mkt_next_entry(krb5_context context, + krb5_keytab id, + krb5_keytab_entry *entry, krb5_kt_cursor *c) { struct mkt_data *d = id->data; @@ -160,7 +162,7 @@ mkt_next_entry(krb5_context context, } static krb5_error_code -mkt_end_seq_get(krb5_context context, +mkt_end_seq_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cursor) { @@ -176,11 +178,12 @@ mkt_add_entry(krb5_context context, krb5_keytab_entry *tmp; tmp = realloc(d->entries, (d->num_entries + 1) * sizeof(*d->entries)); if(tmp == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } d->entries = tmp; - return krb5_kt_copy_entry_contents(context, entry, + return krb5_kt_copy_entry_contents(context, entry, &d->entries[d->num_entries++]); } @@ -192,15 +195,15 @@ mkt_remove_entry(krb5_context context, struct mkt_data *d = id->data; krb5_keytab_entry *e, *end; int found = 0; - + if (d->num_entries == 0) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return KRB5_KT_NOTFOUND; } /* do this backwards to minimize copying */ for(end = d->entries + d->num_entries, e = end - 1; e >= d->entries; e--) { - if(krb5_kt_compare(context, e, entry->principal, + if(krb5_kt_compare(context, e, entry->principal, entry->vno, entry->keyblock.keytype)) { krb5_kt_free_entry(context, e); memmove(e, e + 1, (end - e - 1) * sizeof(*e)); @@ -211,7 +214,7 @@ mkt_remove_entry(krb5_context context, } } if (!found) { - krb5_clear_error_string (context); + krb5_clear_error_message (context); return KRB5_KT_NOTFOUND; } e = realloc(d->entries, d->num_entries * sizeof(*d->entries)); diff --git a/source4/heimdal/lib/krb5/krb5-v4compat.h b/source4/heimdal/lib/krb5/krb5-v4compat.h index 9470f10337..dde5fa9cad 100644 --- a/source4/heimdal/lib/krb5/krb5-v4compat.h +++ b/source4/heimdal/lib/krb5/krb5-v4compat.h @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ /* $Id$ */ @@ -38,7 +38,7 @@ #include "krb_err.h" -/* +/* * This file must only be included with v4 compat glue stuff in * heimdal sources. * diff --git a/source4/heimdal/lib/krb5/krb5.h b/source4/heimdal/lib/krb5/krb5.h index aedabcc350..0ba4e7b54a 100644 --- a/source4/heimdal/lib/krb5/krb5.h +++ b/source4/heimdal/lib/krb5/krb5.h @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ /* $Id$ */ @@ -205,7 +205,7 @@ typedef enum krb5_key_usage { /* acceptor sign in GSSAPI CFX krb5 mechanism */ KRB5_KU_USAGE_ACCEPTOR_SIGN = 23, /* acceptor seal in GSSAPI CFX krb5 mechanism */ - KRB5_KU_USAGE_INITIATOR_SEAL = 24, + KRB5_KU_USAGE_INITIATOR_SEAL = 24, /* initiator sign in GSSAPI CFX krb5 mechanism */ KRB5_KU_USAGE_INITIATOR_SIGN = 25, /* initiator seal in GSSAPI CFX krb5 mechanism */ @@ -253,7 +253,7 @@ typedef struct krb5_preauthdata { krb5_preauthdata_entry *val; }krb5_preauthdata; -typedef enum krb5_address_type { +typedef enum krb5_address_type { KRB5_ADDRESS_INET = 2, KRB5_ADDRESS_NETBIOS = 20, KRB5_ADDRESS_INET6 = 24, @@ -271,7 +271,7 @@ typedef HostAddress krb5_address; typedef HostAddresses krb5_addresses; -typedef enum krb5_keytype { +typedef enum krb5_keytype { KEYTYPE_NULL = 0, KEYTYPE_DES = 1, KEYTYPE_DES3 = 7, @@ -297,6 +297,7 @@ struct krb5_cc_ops; NULL) typedef void *krb5_cc_cursor; +typedef struct krb5_cccol_cursor *krb5_cccol_cursor; typedef struct krb5_ccache_data { const struct krb5_cc_ops *ops; @@ -396,7 +397,7 @@ typedef struct krb5_creds { typedef struct krb5_cc_cache_cursor_data *krb5_cc_cache_cursor; -#define KRB5_CC_OPS_VERSION 1 +#define KRB5_CC_OPS_VERSION 2 typedef struct krb5_cc_ops { int version; @@ -408,14 +409,14 @@ typedef struct krb5_cc_ops { krb5_error_code (*destroy)(krb5_context, krb5_ccache); krb5_error_code (*close)(krb5_context, krb5_ccache); krb5_error_code (*store)(krb5_context, krb5_ccache, krb5_creds*); - krb5_error_code (*retrieve)(krb5_context, krb5_ccache, + krb5_error_code (*retrieve)(krb5_context, krb5_ccache, krb5_flags, const krb5_creds*, krb5_creds *); krb5_error_code (*get_princ)(krb5_context, krb5_ccache, krb5_principal*); krb5_error_code (*get_first)(krb5_context, krb5_ccache, krb5_cc_cursor *); - krb5_error_code (*get_next)(krb5_context, krb5_ccache, + krb5_error_code (*get_next)(krb5_context, krb5_ccache, krb5_cc_cursor*, krb5_creds*); krb5_error_code (*end_get)(krb5_context, krb5_ccache, krb5_cc_cursor*); - krb5_error_code (*remove_cred)(krb5_context, krb5_ccache, + krb5_error_code (*remove_cred)(krb5_context, krb5_ccache, krb5_flags, krb5_creds*); krb5_error_code (*set_flags)(krb5_context, krb5_ccache, krb5_flags); int (*get_version)(krb5_context, krb5_ccache); @@ -425,6 +426,7 @@ typedef struct krb5_cc_ops { krb5_error_code (*move)(krb5_context, krb5_ccache, krb5_ccache); krb5_error_code (*get_default_name)(krb5_context, char **); krb5_error_code (*set_default)(krb5_context, krb5_ccache); + krb5_error_code (*lastchange)(krb5_context, krb5_ccache, krb5_timestamp *); } krb5_cc_ops; struct krb5_log_facility; @@ -495,10 +497,10 @@ struct krb5_keytab_data { krb5_error_code (*resolve)(krb5_context, const char*, krb5_keytab); krb5_error_code (*get_name)(krb5_context, krb5_keytab, char*, size_t); krb5_error_code (*close)(krb5_context, krb5_keytab); - krb5_error_code (*get)(krb5_context, krb5_keytab, krb5_const_principal, + krb5_error_code (*get)(krb5_context, krb5_keytab, krb5_const_principal, krb5_kvno, krb5_enctype, krb5_keytab_entry*); krb5_error_code (*start_seq_get)(krb5_context, krb5_keytab, krb5_kt_cursor*); - krb5_error_code (*next_entry)(krb5_context, krb5_keytab, + krb5_error_code (*next_entry)(krb5_context, krb5_keytab, krb5_keytab_entry*, krb5_kt_cursor*); krb5_error_code (*end_seq_get)(krb5_context, krb5_keytab, krb5_kt_cursor*); krb5_error_code (*add)(krb5_context, krb5_keytab, krb5_keytab_entry*); @@ -556,14 +558,14 @@ typedef struct krb5_auth_context_data { uint32_t remote_seqnumber; krb5_authenticator authenticator; - + krb5_pointer i_vector; - + krb5_rcache rcache; - krb5_keytype keytype; /* ¿requested key type ? */ - krb5_cksumtype cksumtype; /* ¡requested checksum type! */ - + krb5_keytype keytype; /* ¿requested key type ? */ + krb5_cksumtype cksumtype; /* ¡requested checksum type! */ + }krb5_auth_context_data, *krb5_auth_context; typedef struct { @@ -722,8 +724,8 @@ enum { KRB5_KRBHST_FLAGS_LARGE_MSG = 2 }; -typedef krb5_error_code (*krb5_send_to_kdc_func)(krb5_context, - void *, +typedef krb5_error_code (*krb5_send_to_kdc_func)(krb5_context, + void *, krb5_krbhst_info *, time_t timeout, const krb5_data *, @@ -779,6 +781,8 @@ typedef struct krb5_crypto_iov { #define KRB5_CRYPTO_TYPE_PADDING 4 /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_TRAILER) */ #define KRB5_CRYPTO_TYPE_TRAILER 5 + /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_CHECKSUM) */ +#define KRB5_CRYPTO_TYPE_CHECKSUM 6 krb5_data data; } krb5_crypto_iov; diff --git a/source4/heimdal/lib/krb5/krb5_ccapi.h b/source4/heimdal/lib/krb5/krb5_ccapi.h index 7a8ac584a1..ec0cb3bc0b 100644 --- a/source4/heimdal/lib/krb5/krb5_ccapi.h +++ b/source4/heimdal/lib/krb5/krb5_ccapi.h @@ -1,34 +1,34 @@ /* - * Copyright (c) 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ /* $Id$ */ @@ -49,7 +49,7 @@ enum { enum { ccNoError = 0, - + ccIteratorEnd = 201, ccErrBadParam, ccErrNoMem, @@ -61,25 +61,25 @@ enum { ccErrInvalidCCacheIterator, ccErrInvalidCredentialsIterator, ccErrInvalidLock, - + ccErrBadName, /* 211 */ ccErrBadCredentialsVersion, ccErrBadAPIVersion, ccErrContextLocked, ccErrContextUnlocked, - + ccErrCCacheLocked, /* 216 */ ccErrCCacheUnlocked, ccErrBadLockType, ccErrNeverDefault, ccErrCredentialsNotFound, - + ccErrCCacheNotFound, /* 221 */ ccErrContextNotFound, ccErrServerUnavailable, ccErrServerInsecure, ccErrServerCantBecomeUID, - + ccErrTimeOffsetNotSet /* 226 */ }; @@ -224,7 +224,7 @@ struct cc_context_t { const struct cc_context_functions* func; }; -typedef cc_int32 +typedef cc_int32 (*cc_initialize_func)(cc_context_t*, cc_int32, cc_int32 *, char const **); #endif /* KRB5_CCAPI_H */ diff --git a/source4/heimdal/lib/krb5/krb5_locl.h b/source4/heimdal/lib/krb5/krb5_locl.h index 73075bf56c..1a490392a9 100644 --- a/source4/heimdal/lib/krb5/krb5_locl.h +++ b/source4/heimdal/lib/krb5/krb5_locl.h @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997-2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ /* $Id$ */ @@ -116,6 +116,17 @@ struct sockaddr_dl; #include <sys/file.h> #endif +#define HEIMDAL_TEXTDOMAIN "heimdal_krb5" + +#ifdef LIBINTL +#include <libintl.h> +#define N_(x,y) dgettext(HEIMDAL_TEXTDOMAIN, x) +#else +#define N_(x,y) (x) +#define bindtextdomain(package, localedir) +#endif + + #ifdef HAVE_CRYPT_H #undef des_encrypt #define des_encrypt wingless_pigs_mostly_fail_to_fly diff --git a/source4/heimdal/lib/krb5/krbhst.c b/source4/heimdal/lib/krb5/krbhst.c index 8e49818c50..7348ac3f00 100644 --- a/source4/heimdal/lib/krb5/krbhst.c +++ b/source4/heimdal/lib/krb5/krbhst.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 2001 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2001 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" @@ -42,9 +42,9 @@ string_to_proto(const char *string) { if(strcasecmp(string, "udp") == 0) return KRB5_KRBHST_UDP; - else if(strcasecmp(string, "tcp") == 0) + else if(strcasecmp(string, "tcp") == 0) return KRB5_KRBHST_TCP; - else if(strcasecmp(string, "http") == 0) + else if(strcasecmp(string, "http") == 0) return KRB5_KRBHST_HTTP; return -1; } @@ -56,7 +56,7 @@ string_to_proto(const char *string) */ static krb5_error_code -srv_find_realm(krb5_context context, krb5_krbhst_info ***res, int *count, +srv_find_realm(krb5_context context, krb5_krbhst_info ***res, int *count, const char *realm, const char *dns_type, const char *proto, const char *service, int port) { @@ -73,7 +73,8 @@ srv_find_realm(krb5_context context, krb5_krbhst_info ***res, int *count, proto_num = string_to_proto(proto); if(proto_num < 0) { krb5_set_error_message(context, EINVAL, - "unknown protocol `%s'", proto); + N_("unknown protocol `%s' to lookup", ""), + proto); return EINVAL; } @@ -90,20 +91,21 @@ srv_find_realm(krb5_context context, krb5_krbhst_info ***res, int *count, if(r == NULL) return KRB5_KDC_UNREACH; - for(num_srv = 0, rr = r->head; rr; rr = rr->next) + for(num_srv = 0, rr = r->head; rr; rr = rr->next) if(rr->type == T_SRV) num_srv++; *res = malloc(num_srv * sizeof(**res)); if(*res == NULL) { dns_free_data(r); - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } dns_srv_order(r); - for(num_srv = 0, rr = r->head; rr; rr = rr->next) + for(num_srv = 0, rr = r->head; rr; rr = rr->next) if(rr->type == T_SRV) { krb5_krbhst_info *hi; size_t len = strlen(rr->u.srv->target); @@ -120,7 +122,7 @@ srv_find_realm(krb5_context context, krb5_krbhst_info ***res, int *count, (*res)[num_srv++] = hi; hi->proto = proto_num; - + hi->def_port = def_port; if (port != 0) hi->port = port; @@ -131,7 +133,7 @@ srv_find_realm(krb5_context context, krb5_krbhst_info ***res, int *count, } *count = num_srv; - + dns_free_data(r); return 0; } @@ -150,7 +152,7 @@ struct krb5_krbhst_data { #define KD_CONFIG_EXISTS 32 #define KD_LARGE_MSG 64 #define KD_PLUGIN 128 - krb5_error_code (*get_next)(krb5_context, struct krb5_krbhst_data *, + krb5_error_code (*get_next)(krb5_context, struct krb5_krbhst_data *, krb5_krbhst_info**); unsigned int fallback_count; @@ -188,11 +190,11 @@ parse_hostspec(krb5_context context, struct krb5_krbhst_data *kd, { const char *p = spec; struct krb5_krbhst_info *hi; - + hi = calloc(1, sizeof(*hi) + strlen(spec)); if(hi == NULL) return NULL; - + hi->proto = krbhst_get_default_proto(kd); if(strncmp(p, "http://", 7) == 0){ @@ -246,9 +248,10 @@ _krb5_krbhost_info_move(krb5_context context, { size_t hostnamelen = strlen(from->hostname); /* trailing NUL is included in structure */ - *to = calloc(1, sizeof(**to) + hostnamelen); + *to = calloc(1, sizeof(**to) + hostnamelen); if(*to == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } @@ -269,8 +272,8 @@ append_host_hostinfo(struct krb5_krbhst_data *kd, struct krb5_krbhst_info *host) struct krb5_krbhst_info *h; for(h = kd->hosts; h; h = h->next) - if(h->proto == host->proto && - h->port == host->port && + if(h->proto == host->proto && + h->port == host->port && strcmp(h->hostname, host->hostname) == 0) { _krb5_free_krbhst_info(host); return; @@ -288,7 +291,7 @@ append_host_string(krb5_context context, struct krb5_krbhst_data *kd, hi = parse_hostspec(context, kd, host, def_port, port); if(hi == NULL) return ENOMEM; - + append_host_hostinfo(kd, hi); return 0; } @@ -298,7 +301,7 @@ append_host_string(krb5_context context, struct krb5_krbhst_data *kd, */ krb5_error_code KRB5_LIB_FUNCTION -krb5_krbhst_format_string(krb5_context context, const krb5_krbhst_info *host, +krb5_krbhst_format_string(krb5_context context, const krb5_krbhst_info *host, char *hostname, size_t hostlen) { const char *proto = ""; @@ -370,7 +373,7 @@ get_next(struct krb5_krbhst_data *kd, krb5_krbhst_info **host) } static void -srv_get_hosts(krb5_context context, struct krb5_krbhst_data *kd, +srv_get_hosts(krb5_context context, struct krb5_krbhst_data *kd, const char *proto, const char *service) { krb5_krbhst_info **res; @@ -390,13 +393,13 @@ srv_get_hosts(krb5_context context, struct krb5_krbhst_data *kd, */ static void -config_get_hosts(krb5_context context, struct krb5_krbhst_data *kd, +config_get_hosts(krb5_context context, struct krb5_krbhst_data *kd, const char *conf_string) { int i; char **hostlist; - hostlist = krb5_config_get_strings(context, NULL, + hostlist = krb5_config_get_strings(context, NULL, "realms", kd->realm, conf_string, NULL); if(hostlist == NULL) @@ -411,12 +414,12 @@ config_get_hosts(krb5_context context, struct krb5_krbhst_data *kd, /* * as a fallback, look for `serv_string.kd->realm' (typically * kerberos.REALM, kerberos-1.REALM, ... - * `port' is the default port for the service, and `proto' the + * `port' is the default port for the service, and `proto' the * protocol */ static krb5_error_code -fallback_get_hosts(krb5_context context, struct krb5_krbhst_data *kd, +fallback_get_hosts(krb5_context context, struct krb5_krbhst_data *kd, const char *serv_string, int port, int proto) { char *host; @@ -425,7 +428,7 @@ fallback_get_hosts(krb5_context context, struct krb5_krbhst_data *kd, struct addrinfo hints; char portstr[NI_MAXSERV]; - /* + /* * Don't try forever in case the DNS server keep returning us * entries (like wildcard entries or the .nu TLD) */ @@ -437,12 +440,12 @@ fallback_get_hosts(krb5_context context, struct krb5_krbhst_data *kd, if(kd->fallback_count == 0) asprintf(&host, "%s.%s.", serv_string, kd->realm); else - asprintf(&host, "%s-%d.%s.", - serv_string, kd->fallback_count, kd->realm); + asprintf(&host, "%s-%d.%s.", + serv_string, kd->fallback_count, kd->realm); if (host == NULL) return ENOMEM; - + make_hints(&hints, proto); snprintf(portstr, sizeof(portstr), "%d", port); ret = getaddrinfo(host, portstr, &hints, &ai); @@ -476,7 +479,7 @@ fallback_get_hosts(krb5_context context, struct krb5_krbhst_data *kd, * Fetch hosts from plugin */ -static krb5_error_code +static krb5_error_code add_locate(void *ctx, int type, struct sockaddr *addr) { struct krb5_krbhst_info *hi; @@ -504,7 +507,7 @@ add_locate(void *ctx, int type, struct sockaddr *addr) hi = calloc(1, sizeof(*hi) + hostlen); if(hi == NULL) return ENOMEM; - + hi->proto = krbhst_get_default_proto(kd); hi->port = hi->def_port = socket_get_port(addr); hi->ai = ai; @@ -528,8 +531,6 @@ plugin_get_hosts(krb5_context context, if(ret != 0 || list == NULL) return; - kd->flags |= KD_CONFIG_EXISTS; - for (e = list; e != NULL; e = _krb5_plugin_get_next(e)) { krb5plugin_service_locate_ftable *service; void *ctx; @@ -542,10 +543,13 @@ plugin_get_hosts(krb5_context context, ret = (*service->lookup)(ctx, type, kd->realm, 0, 0, add_locate, kd); (*service->fini)(ctx); if (ret && ret != KRB5_PLUGIN_NO_HANDLE) { - krb5_set_error_message(context, ret, - "Locate plugin failed to lookup: %d", ret); + krb5_set_error_message(context, ret, + N_("Locate plugin failed to lookup realm %s: %d", ""), + kd->realm, ret); break; - } + } else if (ret == 0) + kd->flags |= KD_CONFIG_EXISTS; + } _krb5_plugin_free(list); } @@ -602,7 +606,7 @@ kdc_get_next(krb5_context context, while((kd->flags & KD_FALLBACK) == 0) { ret = fallback_get_hosts(context, kd, "kerberos", - kd->def_port, + kd->def_port, krbhst_get_default_proto(kd)); if(ret) return ret; @@ -811,7 +815,7 @@ krb5_krbhst_init_flags(krb5_context context, krb5_krbhst_handle *handle) { struct krb5_krbhst_data *kd; - krb5_error_code (*next)(krb5_context, struct krb5_krbhst_data *, + krb5_error_code (*next)(krb5_context, struct krb5_krbhst_data *, krb5_krbhst_info **); int def_port; @@ -835,7 +839,8 @@ krb5_krbhst_init_flags(krb5_context context, def_port = ntohs(krb5_getportbyname (context, "krb524", "udp", 4444)); break; default: - krb5_set_error_message(context, ENOTTY, "unknown krbhst type (%u)", type); + krb5_set_error_message(context, ENOTTY, + N_("unknown krbhst type (%u)", ""), type); return ENOTTY; } if((kd = common_init(context, realm, flags)) == NULL) @@ -907,7 +912,7 @@ krb5_krbhst_free(krb5_context context, krb5_krbhst_handle handle) /* backwards compatibility ahead */ static krb5_error_code -gethostlist(krb5_context context, const char *realm, +gethostlist(krb5_context context, const char *realm, unsigned int type, char ***hostlist) { krb5_error_code ret; @@ -923,8 +928,8 @@ gethostlist(krb5_context context, const char *realm, while(krb5_krbhst_next(context, handle, &hostinfo) == 0) nhost++; if(nhost == 0) { - krb5_set_error_message(context, KRB5_KDC_UNREACH, - "No KDC found for realm %s", realm); + krb5_set_error_message(context, KRB5_KDC_UNREACH, + N_("No KDC found for realm %s", ""), realm); return KRB5_KDC_UNREACH; } *hostlist = calloc(nhost + 1, sizeof(**hostlist)); @@ -935,7 +940,7 @@ gethostlist(krb5_context context, const char *realm, krb5_krbhst_reset(context, handle); nhost = 0; - while(krb5_krbhst_next_as_string(context, handle, + while(krb5_krbhst_next_as_string(context, handle, host, sizeof(host)) == 0) { if(((*hostlist)[nhost++] = strdup(host)) == NULL) { krb5_free_krbhst(context, *hostlist); diff --git a/source4/heimdal/lib/krb5/locate_plugin.h b/source4/heimdal/lib/krb5/locate_plugin.h index baca037ebc..529488ddfd 100644 --- a/source4/heimdal/lib/krb5/locate_plugin.h +++ b/source4/heimdal/lib/krb5/locate_plugin.h @@ -1,34 +1,34 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ /* $Id$ */ @@ -48,9 +48,9 @@ enum locate_service_type { locate_service_kpasswd }; -typedef krb5_error_code +typedef krb5_error_code (*krb5plugin_service_locate_lookup) (void *, enum locate_service_type, - const char *, int, int, + const char *, int, int, int (*)(void *,int,struct sockaddr *), void *); diff --git a/source4/heimdal/lib/krb5/log.c b/source4/heimdal/lib/krb5/log.c index 2ed061c80b..587cf7ed97 100644 --- a/source4/heimdal/lib/krb5/log.c +++ b/source4/heimdal/lib/krb5/log.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997-2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" @@ -121,13 +121,15 @@ krb5_initlog(krb5_context context, { krb5_log_facility *f = calloc(1, sizeof(*f)); if(f == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } f->program = strdup(program); if(f->program == NULL){ free(f); - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } *fac = f; @@ -145,7 +147,8 @@ krb5_addlog_func(krb5_context context, { struct facility *fp = log_realloc(fac); if(fp == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } fp->min = min; @@ -165,7 +168,7 @@ static void log_syslog(const char *timestr, const char *msg, void *data) - + { struct _heimdal_syslog_data *s = data; syslog(s->priority, "%s", msg); @@ -187,7 +190,8 @@ open_syslog(krb5_context context, int i; if(sd == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } i = find_value(sev, syslogvals); @@ -242,7 +246,8 @@ open_file(krb5_context context, krb5_log_facility *fac, int min, int max, { struct file_data *fd = malloc(sizeof(*fd)); if(fd == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } fd->filename = filename; @@ -278,7 +283,7 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig) p = strchr(p, '/'); if(p == NULL) { krb5_set_error_message(context, HEIM_ERR_LOG_PARSE, - "failed to parse \"%s\"", orig); + N_("failed to parse \"%s\"", ""), orig); return HEIM_ERR_LOG_PARSE; } p++; @@ -293,15 +298,17 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig) int keep_open = 0; fn = strdup(p + 5); if(fn == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } if(p[4] == '='){ - int i = open(fn, O_WRONLY | O_CREAT | + int i = open(fn, O_WRONLY | O_CREAT | O_TRUNC | O_APPEND, 0666); if(i < 0) { ret = errno; - krb5_set_error_message(context, ret, "open(%s): %s", fn, + krb5_set_error_message(context, ret, + N_("open(%s) logile: %s", ""), fn, strerror(ret)); free(fn); return ret; @@ -311,8 +318,9 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig) if(file == NULL){ ret = errno; close(i); - krb5_set_error_message(context, ret, "fdopen(%s): %s", fn, - strerror(ret)); + krb5_set_error_message(context, ret, + N_("fdopen(%s) logfile: %s", ""), + fn, strerror(ret)); free(fn); return ret; } @@ -336,7 +344,8 @@ krb5_addlog_dest(krb5_context context, krb5_log_facility *f, const char *orig) ret = open_syslog(context, f, min, max, severity, facility); }else{ ret = HEIM_ERR_LOG_PARSE; /* XXX */ - krb5_set_error_message (context, ret, "unknown log type: %s", p); + krb5_set_error_message (context, ret, + N_("unknown log type: %s", ""), p); } return ret; } @@ -394,7 +403,7 @@ krb5_vlog_msg(krb5_context context, va_list ap) __attribute__((format (printf, 5, 0))) { - + char *msg = NULL; const char *actual = NULL; char buf[64]; @@ -402,7 +411,7 @@ krb5_vlog_msg(krb5_context context, int i; for(i = 0; fac && i < fac->len; i++) - if(fac->val[i].min <= level && + if(fac->val[i].min <= level && (fac->val[i].max < 0 || fac->val[i].max >= level)) { if(t == 0) { t = time(NULL); diff --git a/source4/heimdal/lib/krb5/mcache.c b/source4/heimdal/lib/krb5/mcache.c index 3f26b27a46..752608069d 100644 --- a/source4/heimdal/lib/krb5/mcache.c +++ b/source4/heimdal/lib/krb5/mcache.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" @@ -45,6 +45,7 @@ typedef struct krb5_mcache { struct link *next; } *creds; struct krb5_mcache *next; + time_t mtime; } krb5_mcache; static HEIMDAL_MUTEX mcc_mutex = HEIMDAL_MUTEX_INITIALIZER; @@ -93,6 +94,7 @@ mcc_alloc(const char *name) m->refcnt = 1; m->primary_principal = NULL; m->creds = NULL; + m->mtime = time(NULL); m->next = mcc_head; mcc_head = m; HEIMDAL_MUTEX_unlock(&mcc_mutex); @@ -119,10 +121,11 @@ mcc_resolve(krb5_context context, krb5_ccache *id, const char *res) m = mcc_alloc(res); if (m == NULL) { - krb5_set_error_message(context, KRB5_CC_NOMEM, "malloc: out of memory"); + krb5_set_error_message(context, KRB5_CC_NOMEM, + N_("malloc: out of memory", "")); return KRB5_CC_NOMEM; } - + (*id)->data.data = m; (*id)->data.length = sizeof(*m); @@ -138,7 +141,8 @@ mcc_gen_new(krb5_context context, krb5_ccache *id) m = mcc_alloc(NULL); if (m == NULL) { - krb5_set_error_message(context, KRB5_CC_NOMEM, "malloc: out of memory"); + krb5_set_error_message(context, KRB5_CC_NOMEM, + N_("malloc: out of memory", "")); return KRB5_CC_NOMEM; } @@ -155,6 +159,7 @@ mcc_initialize(krb5_context context, { krb5_mcache *m = MCACHE(id); m->dead = 0; + m->mtime = time(NULL); return krb5_copy_principal (context, primary_principal, &m->primary_principal); @@ -212,7 +217,7 @@ mcc_destroy(krb5_context context, l = m->creds; while (l != NULL) { struct link *old; - + krb5_free_cred_contents (context, &l->cred); old = l; l = l->next; @@ -237,7 +242,8 @@ mcc_store_cred(krb5_context context, l = malloc (sizeof(*l)); if (l == NULL) { - krb5_set_error_message(context, KRB5_CC_NOMEM, "malloc: out of memory"); + krb5_set_error_message(context, KRB5_CC_NOMEM, + N_("malloc: out of memory", "")); return KRB5_CC_NOMEM; } l->next = m->creds; @@ -249,6 +255,7 @@ mcc_store_cred(krb5_context context, free (l); return ret; } + m->mtime = time(NULL); return 0; } @@ -323,6 +330,7 @@ mcc_remove_cred(krb5_context context, *q = p->next; krb5_free_cred_contents(context, &p->cred); free(p); + m->mtime = time(NULL); } else q = &p->next; } @@ -336,7 +344,7 @@ mcc_set_flags(krb5_context context, { return 0; /* XXX */ } - + struct mcache_iter { krb5_mcache *cache; }; @@ -348,9 +356,10 @@ mcc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor) iter = calloc(1, sizeof(*iter)); if (iter == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; - } + } HEIMDAL_MUTEX_lock(&mcc_mutex); iter->cache = mcc_head; @@ -428,6 +437,8 @@ mcc_move(krb5_context context, krb5_ccache from, krb5_ccache to) mto->primary_principal = mfrom->primary_principal; mfrom->primary_principal = principal; + mto->mtime = mfrom->mtime = time(NULL); + HEIMDAL_MUTEX_unlock(&mcc_mutex); mcc_destroy(context, from); @@ -439,12 +450,20 @@ mcc_default_name(krb5_context context, char **str) { *str = strdup("MEMORY:"); if (*str == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } return 0; } +static krb5_error_code +mcc_lastchange(krb5_context context, krb5_ccache id, krb5_timestamp *mtime) +{ + *mtime = MCACHE(id)->mtime; + return 0; +} + /** * Variable containing the MEMORY based credential cache implemention. @@ -474,5 +493,7 @@ KRB5_LIB_VARIABLE const krb5_cc_ops krb5_mcc_ops = { mcc_get_cache_next, mcc_end_cache_get, mcc_move, - mcc_default_name + mcc_default_name, + NULL, + mcc_lastchange }; diff --git a/source4/heimdal/lib/krb5/misc.c b/source4/heimdal/lib/krb5/misc.c index 1ed4f08d77..4cee5e22e1 100644 --- a/source4/heimdal/lib/krb5/misc.c +++ b/source4/heimdal/lib/krb5/misc.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" @@ -36,8 +36,8 @@ RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION -_krb5_s4u2self_to_checksumdata(krb5_context context, - const PA_S4U2Self *self, +_krb5_s4u2self_to_checksumdata(krb5_context context, + const PA_S4U2Self *self, krb5_data *data) { krb5_error_code ret; @@ -48,7 +48,7 @@ _krb5_s4u2self_to_checksumdata(krb5_context context, sp = krb5_storage_emem(); if (sp == NULL) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ENOMEM; } krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE); @@ -81,6 +81,6 @@ _krb5_s4u2self_to_checksumdata(krb5_context context, return ret; out: - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ret; } diff --git a/source4/heimdal/lib/krb5/mit_glue.c b/source4/heimdal/lib/krb5/mit_glue.c index c157c5d365..f8f13922f5 100644 --- a/source4/heimdal/lib/krb5/mit_glue.c +++ b/source4/heimdal/lib/krb5/mit_glue.c @@ -1,49 +1,51 @@ /* - * Copyright (c) 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" RCSID("$Id$"); +#ifndef HEIMDAL_SMALLER + /* * Glue for MIT API */ krb5_error_code KRB5_LIB_FUNCTION -krb5_c_make_checksum(krb5_context context, - krb5_cksumtype cksumtype, - const krb5_keyblock *key, +krb5_c_make_checksum(krb5_context context, + krb5_cksumtype cksumtype, + const krb5_keyblock *key, krb5_keyusage usage, - const krb5_data *input, + const krb5_data *input, krb5_checksum *cksum) { krb5_error_code ret; @@ -116,7 +118,7 @@ krb5_c_set_checksum(krb5_context context, krb5_checksum *cksum, return der_copy_octet_string(data, &cksum->checksum); } -void KRB5_LIB_FUNCTION +void KRB5_LIB_FUNCTION krb5_free_checksum (krb5_context context, krb5_checksum *cksum) { krb5_checksum_free(context, cksum); @@ -179,8 +181,8 @@ krb5_c_checksum_length (krb5_context context, krb5_cksumtype cksumtype, } krb5_error_code KRB5_LIB_FUNCTION -krb5_c_block_size(krb5_context context, - krb5_enctype enctype, +krb5_c_block_size(krb5_context context, + krb5_enctype enctype, size_t *blocksize) { krb5_error_code ret; @@ -202,11 +204,11 @@ krb5_c_block_size(krb5_context context, } krb5_error_code KRB5_LIB_FUNCTION -krb5_c_decrypt(krb5_context context, - const krb5_keyblock key, - krb5_keyusage usage, - const krb5_data *ivec, - krb5_enc_data *input, +krb5_c_decrypt(krb5_context context, + const krb5_keyblock key, + krb5_keyusage usage, + const krb5_data *ivec, + krb5_enc_data *input, krb5_data *output) { krb5_error_code ret; @@ -231,9 +233,9 @@ krb5_c_decrypt(krb5_context context, } } - ret = krb5_decrypt_ivec(context, crypto, usage, - input->ciphertext.data, input->ciphertext.length, - output, + ret = krb5_decrypt_ivec(context, crypto, usage, + input->ciphertext.data, input->ciphertext.length, + output, ivec ? ivec->data : NULL); krb5_crypto_destroy(context, crypto); @@ -242,10 +244,10 @@ krb5_c_decrypt(krb5_context context, } krb5_error_code KRB5_LIB_FUNCTION -krb5_c_encrypt(krb5_context context, - const krb5_keyblock *key, +krb5_c_encrypt(krb5_context context, + const krb5_keyblock *key, krb5_keyusage usage, - const krb5_data *ivec, + const krb5_data *ivec, const krb5_data *input, krb5_enc_data *output) { @@ -271,9 +273,9 @@ krb5_c_encrypt(krb5_context context, } } - ret = krb5_encrypt_ivec(context, crypto, usage, - input->data, input->length, - &output->ciphertext, + ret = krb5_encrypt_ivec(context, crypto, usage, + input->data, input->length, + &output->ciphertext, ivec ? ivec->data : NULL); output->kvno = 0; krb5_crypto_getenctype(context, crypto, &output->enctype); @@ -284,8 +286,8 @@ krb5_c_encrypt(krb5_context context, } krb5_error_code KRB5_LIB_FUNCTION -krb5_c_encrypt_length(krb5_context context, - krb5_enctype enctype, +krb5_c_encrypt_length(krb5_context context, + krb5_enctype enctype, size_t inputlen, size_t *length) { @@ -309,9 +311,9 @@ krb5_c_encrypt_length(krb5_context context, } krb5_error_code KRB5_LIB_FUNCTION -krb5_c_enctype_compare(krb5_context context, +krb5_c_enctype_compare(krb5_context context, krb5_enctype e1, - krb5_enctype e2, + krb5_enctype e2, krb5_boolean *similar) { *similar = krb5_enctypes_compatible_keys(context, e1, e2); @@ -320,7 +322,7 @@ krb5_c_enctype_compare(krb5_context context, krb5_error_code KRB5_LIB_FUNCTION krb5_c_make_random_key(krb5_context context, - krb5_enctype enctype, + krb5_enctype enctype, krb5_keyblock *random_key) { return krb5_generate_random_keyblock(context, enctype, random_key); @@ -352,7 +354,7 @@ krb5_c_prf_length(krb5_context context, krb5_error_code KRB5_LIB_FUNCTION krb5_c_prf(krb5_context context, const krb5_keyblock *key, - const krb5_data *input, + const krb5_data *input, krb5_data *output) { krb5_crypto crypto; @@ -367,3 +369,5 @@ krb5_c_prf(krb5_context context, return ret; } + +#endif /* HEIMDAL_SMALLER */ diff --git a/source4/heimdal/lib/krb5/mk_error.c b/source4/heimdal/lib/krb5/mk_error.c index d4c3867edd..989aa23d75 100644 --- a/source4/heimdal/lib/krb5/mk_error.c +++ b/source4/heimdal/lib/krb5/mk_error.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" diff --git a/source4/heimdal/lib/krb5/mk_priv.c b/source4/heimdal/lib/krb5/mk_priv.c index a1a9ea4dff..86a6b669b1 100644 --- a/source4/heimdal/lib/krb5/mk_priv.c +++ b/source4/heimdal/lib/krb5/mk_priv.c @@ -1,41 +1,41 @@ /* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include <krb5_locl.h> RCSID("$Id$"); - + krb5_error_code KRB5_LIB_FUNCTION krb5_mk_priv(krb5_context context, krb5_auth_context auth_context, @@ -53,7 +53,7 @@ krb5_mk_priv(krb5_context context, krb5_keyblock *key; krb5_replay_data rdata; - if ((auth_context->flags & + if ((auth_context->flags & (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) && outdata == NULL) return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */ @@ -92,7 +92,7 @@ krb5_mk_priv(krb5_context context, if (auth_context->flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE) outdata->seq = auth_context->local_seqnumber; - + part.s_address = auth_context->local_address; part.r_address = auth_context->remote_address; @@ -114,10 +114,10 @@ krb5_mk_priv(krb5_context context, free (buf); return ret; } - ret = krb5_encrypt (context, + ret = krb5_encrypt (context, crypto, KRB5_KU_KRB_PRIV, - buf + buf_size - len, + buf + buf_size - len, len, &s.enc_part.cipher); krb5_crypto_destroy(context, crypto); @@ -138,7 +138,8 @@ krb5_mk_priv(krb5_context context, ret = krb5_data_copy(outbuf, buf + buf_size - len, len); if (ret) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); free(buf); return ENOMEM; } diff --git a/source4/heimdal/lib/krb5/mk_rep.c b/source4/heimdal/lib/krb5/mk_rep.c index 65c97b5803..bba276183a 100644 --- a/source4/heimdal/lib/krb5/mk_rep.c +++ b/source4/heimdal/lib/krb5/mk_rep.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include <krb5_locl.h> @@ -62,8 +62,6 @@ krb5_mk_rep(krb5_context context, auth_context->keyblock); if(ret) { free_EncAPRepPart(&body); - krb5_set_error_message(context, ret, - "krb5_mk_rep: generating subkey"); return ret; } } @@ -72,13 +70,13 @@ krb5_mk_rep(krb5_context context, if (ret) { free_EncAPRepPart(&body); krb5_set_error_message(context, ENOMEM, - "krb5_copy_keyblock: out of memory"); + N_("malloc: out of memory", "")); return ENOMEM; } } else body.subkey = NULL; if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) { - if(auth_context->local_seqnumber == 0) + if(auth_context->local_seqnumber == 0) krb5_generate_seq_number (context, auth_context->keyblock, &auth_context->local_seqnumber); @@ -101,7 +99,7 @@ krb5_mk_rep(krb5_context context, return ret; if (buf_size != len) krb5_abortx(context, "internal error in ASN.1 encoder"); - ret = krb5_crypto_init(context, auth_context->keyblock, + ret = krb5_crypto_init(context, auth_context->keyblock, 0 /* ap.enc_part.etype */, &crypto); if (ret) { free (buf); @@ -110,7 +108,7 @@ krb5_mk_rep(krb5_context context, ret = krb5_encrypt (context, crypto, KRB5_KU_AP_REQ_ENC_PART, - buf + buf_size - len, + buf + buf_size - len, len, &ap.enc_part.cipher); krb5_crypto_destroy(context, crypto); diff --git a/source4/heimdal/lib/krb5/mk_req.c b/source4/heimdal/lib/krb5/mk_req.c index 1068aaa668..1570637738 100644 --- a/source4/heimdal/lib/krb5/mk_req.c +++ b/source4/heimdal/lib/krb5/mk_req.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include <krb5_locl.h> @@ -50,7 +50,7 @@ krb5_mk_req_exact(krb5_context context, memset(&this_cred, 0, sizeof(this_cred)); ret = krb5_cc_get_principal(context, ccache, &this_cred.client); - + if(ret) return ret; diff --git a/source4/heimdal/lib/krb5/mk_req_ext.c b/source4/heimdal/lib/krb5/mk_req_ext.c index 645dadee22..aba804716c 100644 --- a/source4/heimdal/lib/krb5/mk_req_ext.c +++ b/source4/heimdal/lib/krb5/mk_req_ext.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include <krb5_locl.h> @@ -61,10 +61,10 @@ _krb5_mk_req_internal(krb5_context context, ret = krb5_auth_con_init(context, &ac); if(ret) return ret; - + if(ac->local_subkey == NULL && (ap_req_options & AP_OPTS_USE_SUBKEY)) { ret = krb5_auth_con_generatelocalsubkey(context, - ac, + ac, &in_creds->session); if(ret) goto out; @@ -74,7 +74,7 @@ _krb5_mk_req_internal(krb5_context context, ret = krb5_copy_keyblock(context, &in_creds->session, &ac->keyblock); if (ret) goto out; - + /* it's unclear what type of checksum we can use. try the best one, except: * a) if it's configured differently for the current realm, or * b) if the session key is des-cbc-crc @@ -83,7 +83,7 @@ _krb5_mk_req_internal(krb5_context context, if (in_data) { if(ac->keyblock->keytype == ETYPE_DES_CBC_CRC) { /* this is to make DCE secd (and older MIT kdcs?) happy */ - ret = krb5_create_checksum(context, + ret = krb5_create_checksum(context, NULL, 0, CKSUMTYPE_RSA_MD4, @@ -94,8 +94,8 @@ _krb5_mk_req_internal(krb5_context context, ac->keyblock->keytype == ETYPE_ARCFOUR_HMAC_MD5_56 || ac->keyblock->keytype == ETYPE_DES_CBC_MD4 || ac->keyblock->keytype == ETYPE_DES_CBC_MD5) { - /* this is to make MS kdc happy */ - ret = krb5_create_checksum(context, + /* this is to make MS kdc happy */ + ret = krb5_create_checksum(context, NULL, 0, CKSUMTYPE_RSA_MD5, @@ -108,7 +108,7 @@ _krb5_mk_req_internal(krb5_context context, ret = krb5_crypto_init(context, ac->keyblock, 0, &crypto); if (ret) goto out; - ret = krb5_create_checksum(context, + ret = krb5_create_checksum(context, crypto, checksum_usage, 0, @@ -124,7 +124,7 @@ _krb5_mk_req_internal(krb5_context context, if (ret) goto out; - + ret = krb5_build_authenticator (context, ac, ac->keyblock->keytype, @@ -138,7 +138,7 @@ _krb5_mk_req_internal(krb5_context context, if (ret) goto out; - ret = krb5_build_ap_req (context, ac->keyblock->keytype, + ret = krb5_build_ap_req (context, ac->keyblock->keytype, in_creds, ap_req_options, authenticator, outbuf); out: if(auth_context == NULL) diff --git a/source4/heimdal/lib/krb5/n-fold.c b/source4/heimdal/lib/krb5/n-fold.c index 147f6aeac7..fa45b09f18 100644 --- a/source4/heimdal/lib/krb5/n-fold.c +++ b/source4/heimdal/lib/krb5/n-fold.c @@ -1,18 +1,18 @@ /* - * Copyright (c) 1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * * 3. Neither the name of KTH nor the names of its contributors may be * used to endorse or promote products derived from this software without @@ -45,7 +45,7 @@ rr13(unsigned char *buf, size_t len) { const int bits = 13 % len; const int lbit = len % 8; - + tmp = malloc(bytes); if (tmp == NULL) return ENOMEM; @@ -67,10 +67,10 @@ rr13(unsigned char *buf, size_t len) b1 = bb / 8; s1 = bb % 8; - if(bb + 8 > bytes * 8) + if(bb + 8 > bytes * 8) /* watch for wraparound */ s2 = (len + 8 - s1) % 8; - else + else s2 = 8 - s1; b2 = (b1 + 1) % bytes; buf[i] = (tmp[b1] << s1) | (tmp[b2] >> s2); @@ -108,8 +108,8 @@ _krb5_n_fold(const void *str, size_t len, void *key, size_t size) size_t l = 0; unsigned char *tmp = malloc(maxlen); unsigned char *buf = malloc(len); - - if (tmp == NULL || buf == NULL) + + if (tmp == NULL || buf == NULL) return ENOMEM; memcpy(buf, str, len); diff --git a/source4/heimdal/lib/krb5/pac.c b/source4/heimdal/lib/krb5/pac.c index 9a145c48e6..3c55eb3dc3 100644 --- a/source4/heimdal/lib/krb5/pac.c +++ b/source4/heimdal/lib/krb5/pac.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" @@ -45,7 +45,7 @@ struct PAC_INFO_BUFFER { struct PACTYPE { uint32_t numbuffers; - uint32_t version; + uint32_t version; struct PAC_INFO_BUFFER buffers[1]; }; @@ -70,7 +70,7 @@ struct krb5_pac_data { #define CHECK(r,f,l) \ do { \ if (((r) = f ) != 0) { \ - krb5_clear_error_string(context); \ + krb5_clear_error_message(context); \ goto l; \ } \ } while(0) @@ -93,14 +93,14 @@ krb5_pac_parse(krb5_context context, const void *ptr, size_t len, p = calloc(1, sizeof(*p)); if (p == NULL) { ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto out; } sp = krb5_storage_from_readonly_mem(ptr, len); if (sp == NULL) { ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto out; } krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE); @@ -109,20 +109,22 @@ krb5_pac_parse(krb5_context context, const void *ptr, size_t len, CHECK(ret, krb5_ret_uint32(sp, &tmp2), out); if (tmp < 1) { ret = EINVAL; /* Too few buffers */ - krb5_set_error_message(context, ret, "PAC have too few buffer"); + krb5_set_error_message(context, ret, N_("PAC have too few buffer", "")); goto out; } if (tmp2 != 0) { ret = EINVAL; /* Wrong version */ - krb5_set_error_message(context, ret, "PAC have wrong version"); + krb5_set_error_message(context, ret, + N_("PAC have wrong version %d", ""), + (int)tmp2); goto out; } - p->pac = calloc(1, + p->pac = calloc(1, sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * (tmp - 1))); if (p->pac == NULL) { ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto out; } @@ -144,29 +146,33 @@ krb5_pac_parse(krb5_context context, const void *ptr, size_t len, /* consistency checks */ if (p->pac->buffers[i].offset_lo & (PAC_ALIGNMENT - 1)) { ret = EINVAL; - krb5_set_error_message(context, ret, "PAC out of allignment"); + krb5_set_error_message(context, ret, + N_("PAC out of allignment", "")); goto out; } if (p->pac->buffers[i].offset_hi) { ret = EINVAL; - krb5_set_error_message(context, ret, "PAC high offset set"); + krb5_set_error_message(context, ret, + N_("PAC high offset set", "")); goto out; } if (p->pac->buffers[i].offset_lo > len) { ret = EINVAL; - krb5_set_error_message(context, ret, "PAC offset off end"); + krb5_set_error_message(context, ret, + N_("PAC offset off end", "")); goto out; } if (p->pac->buffers[i].offset_lo < header_end) { ret = EINVAL; - krb5_set_error_message(context, ret, "PAC offset inside header: %lu %lu", - (unsigned long)p->pac->buffers[i].offset_lo, - (unsigned long)header_end); + krb5_set_error_message(context, ret, + N_("PAC offset inside header: %lu %lu", ""), + (unsigned long)p->pac->buffers[i].offset_lo, + (unsigned long)header_end); goto out; } if (p->pac->buffers[i].buffersize > len - p->pac->buffers[i].offset_lo){ ret = EINVAL; - krb5_set_error_message(context, ret, "PAC length off end"); + krb5_set_error_message(context, ret, N_("PAC length off end", "")); goto out; } @@ -174,21 +180,24 @@ krb5_pac_parse(krb5_context context, const void *ptr, size_t len, if (p->pac->buffers[i].type == PAC_SERVER_CHECKSUM) { if (p->server_checksum) { ret = EINVAL; - krb5_set_error_message(context, ret, "PAC have two server checksums"); + krb5_set_error_message(context, ret, + N_("PAC have two server checksums", "")); goto out; } p->server_checksum = &p->pac->buffers[i]; } else if (p->pac->buffers[i].type == PAC_PRIVSVR_CHECKSUM) { if (p->privsvr_checksum) { ret = EINVAL; - krb5_set_error_message(context, ret, "PAC have two KDC checksums"); + krb5_set_error_message(context, ret, + N_("PAC have two KDC checksums", "")); goto out; } p->privsvr_checksum = &p->pac->buffers[i]; } else if (p->pac->buffers[i].type == PAC_LOGON_NAME) { if (p->logon_name) { ret = EINVAL; - krb5_set_error_message(context, ret, "PAC have two logon names"); + krb5_set_error_message(context, ret, + N_("PAC have two logon names", "")); goto out; } p->logon_name = &p->pac->buffers[i]; @@ -225,14 +234,14 @@ krb5_pac_init(krb5_context context, krb5_pac *pac) p = calloc(1, sizeof(*p)); if (p == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } p->pac = calloc(1, sizeof(*p->pac)); if (p->pac == NULL) { free(p); - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } @@ -240,7 +249,7 @@ krb5_pac_init(krb5_context context, krb5_pac *pac) if (ret) { free (p->pac); free(p); - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); return ret; } @@ -263,7 +272,7 @@ krb5_pac_add_buffer(krb5_context context, krb5_pac p, ptr = realloc(p->pac, sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * len)); if (ptr == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } p->pac = ptr; @@ -284,17 +293,17 @@ krb5_pac_add_buffer(krb5_context context, krb5_pac p, krb5_set_error_message(context, EINVAL, "integer overrun"); return EINVAL; } - + /* align to PAC_ALIGNMENT */ len = ((len + PAC_ALIGNMENT - 1) / PAC_ALIGNMENT) * PAC_ALIGNMENT; ret = krb5_data_realloc(&p->data, len); if (ret) { - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); return ret; } - /* + /* * make place for new PAC INFO BUFFER header */ header_end = PACTYPE_SIZE + (PAC_INFO_BUFFER_SIZE * p->pac->numbuffers); @@ -317,6 +326,20 @@ krb5_pac_add_buffer(krb5_context context, krb5_pac p, return 0; } +/** + * Get the PAC buffer of specific type from the pac. + * + * @param context Kerberos 5 context. + * @param p the pac structure returned by krb5_pac_parse(). + * @param type type of buffer to get + * @param data return data, free with krb5_data_free(). + * + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5_pac + */ + krb5_error_code krb5_pac_get_buffer(krb5_context context, krb5_pac p, uint32_t type, krb5_data *data) @@ -325,15 +348,15 @@ krb5_pac_get_buffer(krb5_context context, krb5_pac p, uint32_t i; for (i = 0; i < p->pac->numbuffers; i++) { - size_t len = p->pac->buffers[i].buffersize; - size_t offset = p->pac->buffers[i].offset_lo; + const size_t len = p->pac->buffers[i].buffersize; + const size_t offset = p->pac->buffers[i].offset_lo; if (p->pac->buffers[i].type != type) continue; ret = krb5_data_copy(data, (unsigned char *)p->data.data + offset, len); if (ret) { - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); return ret; } return 0; @@ -358,7 +381,7 @@ krb5_pac_get_types(krb5_context context, *types = calloc(p->pac->numbuffers, sizeof(*types)); if (*types == NULL) { *len = 0; - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } for (i = 0; i < p->pac->numbuffers; i++) @@ -402,19 +425,19 @@ verify_checksum(krb5_context context, sp = krb5_storage_from_mem((char *)data->data + sig->offset_lo, sig->buffersize); if (sp == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE); CHECK(ret, krb5_ret_uint32(sp, &type), out); cksum.cksumtype = type; - cksum.checksum.length = + cksum.checksum.length = sig->buffersize - krb5_storage_seek(sp, 0, SEEK_CUR); cksum.checksum.data = malloc(cksum.checksum.length); if (cksum.checksum.data == NULL) { ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto out; } ret = krb5_storage_read(sp, cksum.checksum.data, cksum.checksum.length); @@ -517,7 +540,7 @@ verify_logonname(krb5_context context, sp = krb5_storage_from_readonly_mem((const char *)data->data + logon_name->offset_lo, logon_name->buffersize); if (sp == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } @@ -546,7 +569,7 @@ verify_logonname(krb5_context context, s = malloc(len); if (s == NULL) { krb5_storage_free(sp); - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } ret = krb5_storage_read(sp, s, len); @@ -564,7 +587,7 @@ verify_logonname(krb5_context context, ucs2 = malloc(sizeof(ucs2[0]) * ucs2len); if (ucs2 == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } ret = wind_ucs2read(s, len, &flags, ucs2, &ucs2len); @@ -584,7 +607,7 @@ verify_logonname(krb5_context context, s = malloc(u8len); if (s == NULL) { free(ucs2); - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } ret = wind_ucs2utf8(ucs2, ucs2len, s, &u8len); @@ -598,7 +621,7 @@ verify_logonname(krb5_context context, free(s); if (ret) return ret; - + if (krb5_principal_compare_any_realm(context, principal, p2) != TRUE) { ret = EINVAL; krb5_set_error_message(context, ret, "PAC logon name mismatch"); @@ -614,9 +637,9 @@ out: */ static krb5_error_code -build_logon_name(krb5_context context, +build_logon_name(krb5_context context, time_t authtime, - krb5_const_principal principal, + krb5_const_principal principal, krb5_data *logon) { krb5_error_code ret; @@ -631,7 +654,7 @@ build_logon_name(krb5_context context, sp = krb5_storage_emem(); if (sp == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE); @@ -645,7 +668,7 @@ build_logon_name(krb5_context context, goto out; len = strlen(s); - + CHECK(ret, krb5_store_uint16(sp, len * 2), out); #if 1 /* cheat for now */ @@ -682,12 +705,24 @@ out: } -/* +/** + * Verify the PAC. * + * @param context Kerberos 5 context. + * @param pac the pac structure returned by krb5_pac_parse(). + * @param authtime The time of the ticket the PAC belongs to. + * @param principal the principal to verify. + * @param server The service key, most always be given. + * @param privsvr The KDC key, may be given. + + * @return Returns 0 to indicate success. Otherwise an kerberos et + * error code is returned, see krb5_get_error_message(). + * + * @ingroup krb5_pac */ krb5_error_code -krb5_pac_verify(krb5_context context, +krb5_pac_verify(krb5_context context, const krb5_pac pac, time_t authtime, krb5_const_principal principal, @@ -709,7 +744,7 @@ krb5_pac_verify(krb5_context context, return EINVAL; } - ret = verify_logonname(context, + ret = verify_logonname(context, pac->logon_name, &pac->data, authtime, @@ -717,7 +752,7 @@ krb5_pac_verify(krb5_context context, if (ret) return ret; - /* + /* * in the service case, clean out data option of the privsvr and * server checksum before checking the checksum. */ @@ -752,6 +787,7 @@ krb5_pac_verify(krb5_context context, return ret; } if (privsvr) { + /* The priv checksum covers the server checksum */ ret = verify_checksum(context, pac->privsvr_checksum, &pac->data, @@ -782,7 +818,7 @@ fill_zeros(krb5_context context, krb5_storage *sp, size_t len) l = sizeof(zeros); sret = krb5_storage_write(sp, zeros, l); if (sret <= 0) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } len -= sret; @@ -791,7 +827,7 @@ fill_zeros(krb5_context context, krb5_storage *sp, size_t len) } static krb5_error_code -pac_checksum(krb5_context context, +pac_checksum(krb5_context context, const krb5_keyblock *key, uint32_t *cksumtype, size_t *cksumsize) @@ -817,7 +853,7 @@ pac_checksum(krb5_context context, ret = krb5_checksumsize(context, cktype, cksumsize); if (ret) return ret; - + *cksumtype = (uint32_t)cktype; return 0; @@ -855,7 +891,7 @@ _krb5_pac_sign(krb5_context context, ptr = realloc(p->pac, sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * (p->pac->numbuffers + num - 1))); if (ptr == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } p->pac = ptr; @@ -893,7 +929,7 @@ _krb5_pac_sign(krb5_context context, /* Encode PAC */ sp = krb5_storage_emem(); if (sp == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE); @@ -901,7 +937,7 @@ _krb5_pac_sign(krb5_context context, spdata = krb5_storage_emem(); if (spdata == NULL) { krb5_storage_free(sp); - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } krb5_storage_set_flags(spdata, KRB5_STORAGE_BYTEORDER_LE); @@ -941,7 +977,7 @@ _krb5_pac_sign(krb5_context context, sret = krb5_storage_write(spdata, ptr, len); if (sret != len) { ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto out; } /* XXX if not aligned, fill_zeros */ @@ -972,21 +1008,21 @@ _krb5_pac_sign(krb5_context context, /* export PAC */ ret = krb5_storage_to_data(spdata, &d); if (ret) { - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto out; } ret = krb5_storage_write(sp, d.data, d.length); if (ret != d.length) { krb5_data_free(&d); ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto out; } krb5_data_free(&d); ret = krb5_storage_to_data(sp, &d); if (ret) { - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto out; } diff --git a/source4/heimdal/lib/krb5/padata.c b/source4/heimdal/lib/krb5/padata.c index 2cd3c18287..022260e709 100644 --- a/source4/heimdal/lib/krb5/padata.c +++ b/source4/heimdal/lib/krb5/padata.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" @@ -41,7 +41,7 @@ krb5_find_padata(PA_DATA *val, unsigned len, int type, int *idx) for(; *idx < len; (*idx)++) if(val[*idx].padata_type == type) return val + *idx; - return NULL; + return NULL; } int KRB5_LIB_FUNCTION @@ -52,7 +52,8 @@ krb5_padata_add(krb5_context context, METHOD_DATA *md, pa = realloc (md->val, (md->len + 1) * sizeof(*md->val)); if (pa == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } md->val = pa; @@ -60,7 +61,7 @@ krb5_padata_add(krb5_context context, METHOD_DATA *md, pa[md->len].padata_type = type; pa[md->len].padata_value.length = len; pa[md->len].padata_value.data = buf; - md->len++; + md->len++; return 0; } diff --git a/source4/heimdal/lib/krb5/pkinit.c b/source4/heimdal/lib/krb5/pkinit.c index 634ef26c7f..de5e90a68e 100644 --- a/source4/heimdal/lib/krb5/pkinit.c +++ b/source4/heimdal/lib/krb5/pkinit.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 2003 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2003 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" @@ -99,7 +99,7 @@ BN_to_integer(krb5_context context, BIGNUM *bn, heim_integer *integer) integer->length = BN_num_bytes(bn); integer->data = malloc(integer->length); if (integer->data == NULL) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ENOMEM; } BN_bn2bin(bn, integer->data); @@ -114,7 +114,8 @@ integer_to_BN(krb5_context context, const char *field, const heim_integer *f) bn = BN_bin2bn((const unsigned char *)f->data, f->length, NULL); if (bn == NULL) { - krb5_set_error_message(context, ENOMEM, "PKINIT: parsing BN failed %s", field); + krb5_set_error_message(context, ENOMEM, + N_("PKINIT: parsing BN failed %s", ""), field); return NULL; } BN_set_negative(bn, f->negative); @@ -132,10 +133,10 @@ struct certfind { */ static krb5_error_code -find_cert(krb5_context context, struct krb5_pk_identity *id, +find_cert(krb5_context context, struct krb5_pk_identity *id, hx509_query *q, hx509_cert *cert) { - struct certfind cf[3] = { + struct certfind cf[3] = { { "PKINIT EKU" }, { "MS EKU" }, { "no" } @@ -149,7 +150,7 @@ find_cert(krb5_context context, struct krb5_pk_identity *id, for (i = 0; i < sizeof(cf)/sizeof(cf[0]); i++) { ret = hx509_query_match_eku(q, cf[i].oid); if (ret) { - pk_copy_error(context, id->hx509ctx, ret, + pk_copy_error(context, id->hx509ctx, ret, "Failed setting %s OID", cf[i].type); return ret; } @@ -157,7 +158,7 @@ find_cert(krb5_context context, struct krb5_pk_identity *id, ret = hx509_certs_find(id->hx509ctx, id->certs, q, cert); if (ret == 0) break; - pk_copy_error(context, id->hx509ctx, ret, + pk_copy_error(context, id->hx509ctx, ret, "Failed cert for finding %s OID", cf[i].type); } return ret; @@ -178,7 +179,7 @@ create_signature(krb5_context context, ret = hx509_query_alloc(id->hx509ctx, &q); if (ret) { - pk_copy_error(context, id->hx509ctx, ret, + pk_copy_error(context, id->hx509ctx, ret, "Allocate query to find signing certificate"); return ret; } @@ -235,7 +236,7 @@ cert2epi(hx509_context context, void *ctx, hx509_cert c) free_ExternalPrincipalIdentifier(&id); return ENOMEM; } - + ret = hx509_name_binary(subject, id.subjectName); if (ret) { hx509_name_free(&subject); @@ -280,7 +281,7 @@ cert2epi(hx509_context context, void *ctx, hx509_cert c) } ASN1_MALLOC_ENCODE(IssuerAndSerialNumber, - id.issuerAndSerialNumber->data, + id.issuerAndSerialNumber->data, id.issuerAndSerialNumber->length, &iasn, &size, ret); free_IssuerAndSerialNumber(&iasn); @@ -292,7 +293,7 @@ cert2epi(hx509_context context, void *ctx, hx509_cert c) id.subjectKeyIdentifier = NULL; - p = realloc(ids->val, sizeof(ids->val[0]) * (ids->len + 1)); + p = realloc(ids->val, sizeof(ids->val[0]) * (ids->len + 1)); if (p == NULL) { free_ExternalPrincipalIdentifier(&id); return ENOMEM; @@ -329,7 +330,7 @@ build_auth_pack(krb5_context context, int32_t usec; Checksum checksum; - krb5_clear_error_string(context); + krb5_clear_error_message(context); memset(&checksum, 0, sizeof(checksum)); @@ -351,12 +352,13 @@ build_auth_pack(krb5_context context, len, &checksum); free(buf); - if (ret) + if (ret) return ret; ALLOC(a->pkAuthenticator.paChecksum, 1); if (a->pkAuthenticator.paChecksum == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } @@ -375,16 +377,16 @@ build_auth_pack(krb5_context context, if (1 /* support_cached_dh */) { ALLOC(a->clientDHNonce, 1); if (a->clientDHNonce == NULL) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ENOMEM; } ret = krb5_data_alloc(a->clientDHNonce, 40); if (a->clientDHNonce == NULL) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ret; } memset(a->clientDHNonce->data, 0, a->clientDHNonce->length); - ret = krb5_copy_data(context, a->clientDHNonce, + ret = krb5_copy_data(context, a->clientDHNonce, &ctx->clientDHNonce); if (ret) return ret; @@ -418,7 +420,7 @@ build_auth_pack(krb5_context context, dp.j = NULL; dp.validationParms = NULL; - a->clientPublicValue->algorithm.parameters = + a->clientPublicValue->algorithm.parameters = malloc(sizeof(*a->clientPublicValue->algorithm.parameters)); if (a->clientPublicValue->algorithm.parameters == NULL) { free_DomainParameters(&dp); @@ -468,7 +470,7 @@ build_auth_pack(krb5_context context, krb5_error_code KRB5_LIB_FUNCTION _krb5_pk_mk_ContentInfo(krb5_context context, - const krb5_data *buf, + const krb5_data *buf, const heim_oid *oid, struct ContentInfo *content_info) { @@ -517,13 +519,13 @@ pk_mk_padata(krb5_context context, ret = copy_PrincipalName(req_body->sname, &ap.pkAuthenticator.kdcName); if (ret) { free_AuthPack_Win2k(&ap); - krb5_clear_error_string(context); + krb5_clear_error_message(context); goto out; } ret = copy_Realm(&req_body->realm, &ap.pkAuthenticator.kdcRealm); if (ret) { free_AuthPack_Win2k(&ap); - krb5_clear_error_string(context); + krb5_clear_error_message(context); goto out; } @@ -536,7 +538,8 @@ pk_mk_padata(krb5_context context, &ap, &size, ret); free_AuthPack_Win2k(&ap); if (ret) { - krb5_set_error_message(context, ret, "AuthPack_Win2k: %d", + krb5_set_error_message(context, ret, + N_("Failed encoding AuthPackWin: %d", ""), (int)ret); goto out; } @@ -558,7 +561,9 @@ pk_mk_padata(krb5_context context, ASN1_MALLOC_ENCODE(AuthPack, buf.data, buf.length, &ap, &size, ret); free_AuthPack(&ap); if (ret) { - krb5_set_error_message(context, ret, "AuthPack: %d", (int)ret); + krb5_set_error_message(context, ret, + N_("Failed encoding AuthPack: %d", ""), + (int)ret); goto out; } if (buf.length != size) @@ -578,7 +583,7 @@ pk_mk_padata(krb5_context context, krb5_data_free(&sd_buf); if (ret) { krb5_set_error_message(context, ret, - "ContentInfo wrapping of signedData failed"); + N_("ContentInfo wrapping of signedData failed","")); goto out; } @@ -608,14 +613,17 @@ pk_mk_padata(krb5_context context, req.trustedCertifiers = calloc(1, sizeof(*req.trustedCertifiers)); if (req.trustedCertifiers == NULL) { ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, + N_("malloc: out of memory", "")); free_PA_PK_AS_REQ(&req); goto out; } - ret = build_edi(context, ctx->id->hx509ctx, + ret = build_edi(context, ctx->id->hx509ctx, ctx->id->anchors, req.trustedCertifiers); if (ret) { - krb5_set_error_message(context, ret, "pk-init: failed to build trustedCertifiers"); + krb5_set_error_message(context, ret, + N_("pk-init: failed to build " + "trustedCertifiers", "")); free_PA_PK_AS_REQ(&req); goto out; } @@ -650,7 +658,7 @@ pk_mk_padata(krb5_context context, } -krb5_error_code KRB5_LIB_FUNCTION +krb5_error_code KRB5_LIB_FUNCTION _krb5_pk_mk_padata(krb5_context context, void *c, const KDC_REQ_BODY *req_body, @@ -668,7 +676,7 @@ _krb5_pk_mk_padata(krb5_context context, NULL); if (win2k_compat) { - ctx->require_binding = + ctx->require_binding = krb5_config_get_bool_default(context, NULL, FALSE, "realms", @@ -679,14 +687,14 @@ _krb5_pk_mk_padata(krb5_context context, } else ctx->type = PKINIT_27; - ctx->require_eku = + ctx->require_eku = krb5_config_get_bool_default(context, NULL, TRUE, "realms", req_body->realm, "pkinit_require_eku", NULL); - ctx->require_krbtgt_otherName = + ctx->require_krbtgt_otherName = krb5_config_get_bool_default(context, NULL, TRUE, "realms", @@ -694,7 +702,7 @@ _krb5_pk_mk_padata(krb5_context context, "pkinit_require_krbtgt_otherName", NULL); - ctx->require_hostname_match = + ctx->require_hostname_match = krb5_config_get_bool_default(context, NULL, FALSE, "realms", @@ -702,7 +710,7 @@ _krb5_pk_mk_padata(krb5_context context, "pkinit_require_hostname_match", NULL); - ctx->trustedCertifiers = + ctx->trustedCertifiers = krb5_config_get_bool_default(context, NULL, TRUE, "realms", @@ -744,7 +752,7 @@ _krb5_pk_verify_sign(krb5_context context, *signer = calloc(1, sizeof(**signer)); if (*signer == NULL) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); ret = ENOMEM; goto out; } @@ -784,13 +792,15 @@ get_reply_key_win(krb5_context context, &key_pack, &size); if (ret) { - krb5_set_error_message(context, ret, "PKINIT decoding reply key failed"); + krb5_set_error_message(context, ret, + N_("PKINIT decoding reply key failed", "")); free_ReplyKeyPack_Win2k(&key_pack); return ret; } - + if (key_pack.nonce != nonce) { - krb5_set_error_message(context, ret, "PKINIT enckey nonce is wrong"); + krb5_set_error_message(context, ret, + N_("PKINIT enckey nonce is wrong", "")); free_ReplyKeyPack_Win2k(&key_pack); return KRB5KRB_AP_ERR_MODIFIED; } @@ -798,14 +808,16 @@ get_reply_key_win(krb5_context context, *key = malloc (sizeof (**key)); if (*key == NULL) { free_ReplyKeyPack_Win2k(&key_pack); - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } ret = copy_EncryptionKey(&key_pack.replyKey, *key); free_ReplyKeyPack_Win2k(&key_pack); if (ret) { - krb5_set_error_message(context, ret, "PKINIT failed copying reply key"); + krb5_set_error_message(context, ret, + N_("PKINIT failed copying reply key", "")); free(*key); *key = NULL; } @@ -828,15 +840,16 @@ get_reply_key(krb5_context context, &key_pack, &size); if (ret) { - krb5_set_error_message(context, ret, "PKINIT decoding reply key failed"); + krb5_set_error_message(context, ret, + N_("PKINIT decoding reply key failed", "")); free_ReplyKeyPack(&key_pack); return ret; } - + { krb5_crypto crypto; - /* + /* * XXX Verify kp.replyKey is a allowed enctype in the * configuration file */ @@ -860,14 +873,16 @@ get_reply_key(krb5_context context, *key = malloc (sizeof (**key)); if (*key == NULL) { free_ReplyKeyPack(&key_pack); - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } ret = copy_EncryptionKey(&key_pack.replyKey, *key); free_ReplyKeyPack(&key_pack); if (ret) { - krb5_set_error_message(context, ret, "PKINIT failed copying reply key"); + krb5_set_error_message(context, ret, + N_("PKINIT failed copying reply key", "")); free(*key); *key = NULL; } @@ -889,7 +904,8 @@ pk_verify_host(krb5_context context, ret = hx509_cert_check_eku(ctx->id->hx509ctx, host->cert, oid_id_pkkdcekuoid(), 0); if (ret) { - krb5_set_error_message(context, ret, "No PK-INIT KDC EKU in kdc certificate"); + krb5_set_error_message(context, ret, + N_("No PK-INIT KDC EKU in kdc certificate", "")); return ret; } } @@ -902,8 +918,10 @@ pk_verify_host(krb5_context context, oid_id_pkinit_san(), &list); if (ret) { - krb5_set_error_message(context, ret, "Failed to find the PK-INIT " - "subjectAltName in the KDC certificate"); + krb5_set_error_message(context, ret, + N_("Failed to find the PK-INIT " + "subjectAltName in the KDC " + "certificate", "")); return ret; } @@ -916,8 +934,10 @@ pk_verify_host(krb5_context context, &r, NULL); if (ret) { - krb5_set_error_message(context, ret, "Failed to decode the PK-INIT " - "subjectAltName in the KDC certificate"); + krb5_set_error_message(context, ret, + N_("Failed to decode the PK-INIT " + "subjectAltName in the " + "KDC certificate", "")); break; } @@ -928,8 +948,9 @@ pk_verify_host(krb5_context context, strcmp(r.realm, realm) != 0) { ret = KRB5_KDC_ERR_INVALID_CERTIFICATE; - krb5_set_error_message(context, ret, "KDC have wrong realm name in " - "the certificate"); + krb5_set_error_message(context, ret, + N_("KDC have wrong realm name in " + "the certificate", "")); } free_KRB5PrincipalName(&r); @@ -940,17 +961,18 @@ pk_verify_host(krb5_context context, } if (ret) return ret; - + if (hi) { - ret = hx509_verify_hostname(ctx->id->hx509ctx, host->cert, + ret = hx509_verify_hostname(ctx->id->hx509ctx, host->cert, ctx->require_hostname_match, HX509_HN_HOSTNAME, hi->hostname, hi->ai->ai_addr, hi->ai->ai_addrlen); if (ret) - krb5_set_error_message(context, ret, "Address mismatch in " - "the KDC certificate"); + krb5_set_error_message(context, ret, + N_("Address mismatch in " + "the KDC certificate", "")); } return ret; } @@ -967,7 +989,7 @@ pk_rd_pa_reply_enckey(krb5_context context, unsigned nonce, const krb5_data *req_buffer, PA_DATA *pa, - krb5_keyblock **key) + krb5_keyblock **key) { krb5_error_code ret; struct krb5_pk_cert *host = NULL; @@ -975,7 +997,8 @@ pk_rd_pa_reply_enckey(krb5_context context, heim_oid contentType = { 0, NULL }; if (der_heim_oid_cmp(oid_id_pkcs7_envelopedData(), dataType)) { - krb5_set_error_message(context, EINVAL, "PKINIT: Invalid content type"); + krb5_set_error_message(context, EINVAL, + N_("PKINIT: Invalid content type", "")); return EINVAL; } @@ -1021,7 +1044,8 @@ pk_rd_pa_reply_enckey(krb5_context context, ret = hx509_cms_unwrap_ContentInfo(&content, &type, &out, NULL); if (der_heim_oid_cmp(&type, oid_id_pkcs7_signedData())) { ret = EINVAL; /* XXX */ - krb5_set_error_message(context, ret, "PKINIT: Invalid content type"); + krb5_set_error_message(context, ret, + N_("PKINIT: Invalid content type", "")); der_free_oid(&type); der_free_octet_string(&out); goto out; @@ -1031,12 +1055,13 @@ pk_rd_pa_reply_enckey(krb5_context context, ret = krb5_data_copy(&content, out.data, out.length); der_free_octet_string(&out); if (ret) { - krb5_set_error_message(context, ret, "PKINIT: out of memory"); + krb5_set_error_message(context, ret, + N_("malloc: out of memory", "")); goto out; } } - ret = _krb5_pk_verify_sign(context, + ret = _krb5_pk_verify_sign(context, content.data, content.length, ctx->id, @@ -1120,11 +1145,12 @@ pk_rd_pa_reply_dh(krb5_context context, memset(&kdc_dh_info, 0, sizeof(kdc_dh_info)); if (der_heim_oid_cmp(oid_id_pkcs7_signedData(), dataType)) { - krb5_set_error_message(context, EINVAL, "PKINIT: Invalid content type"); + krb5_set_error_message(context, EINVAL, + N_("PKINIT: Invalid content type", "")); return EINVAL; } - ret = _krb5_pk_verify_sign(context, + ret = _krb5_pk_verify_sign(context, indata->data, indata->length, ctx->id, @@ -1141,7 +1167,8 @@ pk_rd_pa_reply_dh(krb5_context context, if (der_heim_oid_cmp(&contentType, oid_id_pkdhkeydata())) { ret = KRB5KRB_AP_ERR_MSG_TYPE; - krb5_set_error_message(context, ret, "pkinit - dh reply contains wrong oid"); + krb5_set_error_message(context, ret, + N_("pkinit - dh reply contains wrong oid", "")); goto out; } @@ -1151,35 +1178,40 @@ pk_rd_pa_reply_dh(krb5_context context, &size); if (ret) { - krb5_set_error_message(context, ret, "pkinit - " - "failed to decode KDC DH Key Info"); + krb5_set_error_message(context, ret, + N_("pkinit - failed to decode " + "KDC DH Key Info", "")); goto out; } if (kdc_dh_info.nonce != nonce) { ret = KRB5KRB_AP_ERR_MODIFIED; - krb5_set_error_message(context, ret, "PKINIT: DH nonce is wrong"); + krb5_set_error_message(context, ret, + N_("PKINIT: DH nonce is wrong", "")); goto out; } if (kdc_dh_info.dhKeyExpiration) { if (k_n == NULL) { ret = KRB5KRB_ERR_GENERIC; - krb5_set_error_message(context, ret, "pkinit; got key expiration " - "without server nonce"); + krb5_set_error_message(context, ret, + N_("pkinit; got key expiration " + "without server nonce", "")); goto out; } if (c_n == NULL) { ret = KRB5KRB_ERR_GENERIC; - krb5_set_error_message(context, ret, "pkinit; got DH reuse but no " - "client nonce"); + krb5_set_error_message(context, ret, + N_("pkinit; got DH reuse but no " + "client nonce", "")); goto out; } } else { if (k_n) { ret = KRB5KRB_ERR_GENERIC; - krb5_set_error_message(context, ret, "pkinit: got server nonce " - "without key expiration"); + krb5_set_error_message(context, ret, + N_("pkinit: got server nonce " + "without key expiration", "")); goto out; } c_n = NULL; @@ -1193,8 +1225,9 @@ pk_rd_pa_reply_dh(krb5_context context, DHPublicKey k; ret = decode_DHPublicKey(p, size, &k, NULL); if (ret) { - krb5_set_error_message(context, ret, "pkinit: can't decode " - "without key expiration"); + krb5_set_error_message(context, ret, + N_("pkinit: can't decode " + "without key expiration", "")); goto out; } @@ -1205,7 +1238,7 @@ pk_rd_pa_reply_dh(krb5_context context, goto out; } } - + dh_gen_keylen = DH_size(ctx->dh); size = BN_num_bytes(ctx->dh->p); if (size < dh_gen_keylen) @@ -1214,7 +1247,7 @@ pk_rd_pa_reply_dh(krb5_context context, dh_gen_key = malloc(size); if (dh_gen_key == NULL) { ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto out; } memset(dh_gen_key, 0, size - dh_gen_keylen); @@ -1223,15 +1256,16 @@ pk_rd_pa_reply_dh(krb5_context context, kdc_dh_pubkey, ctx->dh); if (dh_gen_keylen == -1) { ret = KRB5KRB_ERR_GENERIC; - krb5_set_error_message(context, ret, - "PKINIT: Can't compute Diffie-Hellman key"); + krb5_set_error_message(context, ret, + N_("PKINIT: Can't compute Diffie-Hellman key", "")); goto out; } *key = malloc (sizeof (**key)); if (*key == NULL) { ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, + N_("malloc: out of memory", "")); goto out; } @@ -1242,7 +1276,7 @@ pk_rd_pa_reply_dh(krb5_context context, *key); if (ret) { krb5_set_error_message(context, ret, - "PKINIT: can't create key from DH key"); + N_("PKINIT: can't create key from DH key", "")); free(*key); *key = NULL; goto out; @@ -1287,7 +1321,8 @@ _krb5_pk_rd_pa_reply(krb5_context context, heim_oid oid; if (pa->padata_type != KRB5_PADATA_PK_AS_REP) { - krb5_set_error_message(context, EINVAL, "PKINIT: wrong padata recv"); + krb5_set_error_message(context, EINVAL, + N_("PKINIT: wrong padata recv", "")); return EINVAL; } @@ -1296,7 +1331,8 @@ _krb5_pk_rd_pa_reply(krb5_context context, &rep, &size); if (ret) { - krb5_set_error_message(context, ret, "Failed to decode pkinit AS rep"); + krb5_set_error_message(context, ret, + N_("Failed to decode pkinit AS rep", "")); return ret; } @@ -1309,15 +1345,17 @@ _krb5_pk_rd_pa_reply(krb5_context context, break; default: free_PA_PK_AS_REP(&rep); - krb5_set_error_message(context, EINVAL, "PKINIT: -27 reply " - "invalid content type"); + krb5_set_error_message(context, EINVAL, + N_("PKINIT: -27 reply " + "invalid content type", "")); return EINVAL; } ret = hx509_cms_unwrap_ContentInfo(&os, &oid, &data, NULL); if (ret) { free_PA_PK_AS_REP(&rep); - krb5_set_error_message(context, ret, "PKINIT: failed to unwrap CI"); + krb5_set_error_message(context, ret, + N_("PKINIT: failed to unwrap CI", "")); return ret; } @@ -1329,7 +1367,7 @@ _krb5_pk_rd_pa_reply(krb5_context context, nonce, pa, key); break; case choice_PA_PK_AS_REP_encKeyPack: - ret = pk_rd_pa_reply_enckey(context, PKINIT_27, &data, &oid, realm, + ret = pk_rd_pa_reply_enckey(context, PKINIT_27, &data, &oid, realm, ctx, etype, hi, nonce, req_buffer, pa, key); break; default: @@ -1342,11 +1380,12 @@ _krb5_pk_rd_pa_reply(krb5_context context, } else if (ctx->type == PKINIT_WIN2K) { PA_PK_AS_REP_Win2k w2krep; - /* Check for Windows encoding of the AS-REP pa data */ + /* Check for Windows encoding of the AS-REP pa data */ #if 0 /* should this be ? */ if (pa->padata_type != KRB5_PADATA_PK_AS_REP) { - krb5_set_error_message(context, EINVAL, "PKINIT: wrong padata recv"); + krb5_set_error_message(context, EINVAL, + "PKINIT: wrong padata recv"); return EINVAL; } #endif @@ -1358,23 +1397,25 @@ _krb5_pk_rd_pa_reply(krb5_context context, &w2krep, &size); if (ret) { - krb5_set_error_message(context, ret, "PKINIT: Failed decoding windows " - "pkinit reply %d", (int)ret); + krb5_set_error_message(context, ret, + N_("PKINIT: Failed decoding windows " + "pkinit reply %d", ""), (int)ret); return ret; } - krb5_clear_error_string(context); + krb5_clear_error_message(context); switch (w2krep.element) { case choice_PA_PK_AS_REP_Win2k_encKeyPack: { heim_octet_string data; heim_oid oid; - - ret = hx509_cms_unwrap_ContentInfo(&w2krep.u.encKeyPack, + + ret = hx509_cms_unwrap_ContentInfo(&w2krep.u.encKeyPack, &oid, &data, NULL); free_PA_PK_AS_REP_Win2k(&w2krep); if (ret) { - krb5_set_error_message(context, ret, "PKINIT: failed to unwrap CI"); + krb5_set_error_message(context, ret, + N_("PKINIT: failed to unwrap CI", "")); return ret; } @@ -1388,14 +1429,16 @@ _krb5_pk_rd_pa_reply(krb5_context context, default: free_PA_PK_AS_REP_Win2k(&w2krep); ret = EINVAL; - krb5_set_error_message(context, ret, "PKINIT: win2k reply invalid " - "content type"); + krb5_set_error_message(context, ret, + N_("PKINIT: win2k reply invalid " + "content type", "")); break; } - + } else { ret = EINVAL; - krb5_set_error_message(context, ret, "PKINIT: unknown reply type"); + krb5_set_error_message(context, ret, + N_("PKINIT: unknown reply type", "")); } return ret; @@ -1407,14 +1450,14 @@ struct prompter { void *prompter_data; }; -static int +static int hx_pass_prompter(void *data, const hx509_prompt *prompter) { krb5_error_code ret; krb5_prompt prompt; krb5_data password_data; struct prompter *p = data; - + password_data.data = prompter->reply.data; password_data.length = prompter->reply.length; @@ -1432,7 +1475,7 @@ hx_pass_prompter(void *data, const hx509_prompt *prompter) prompt.type = KRB5_PROMPT_TYPE_PASSWORD; break; } - + ret = (*p->prompter)(p->context, p->prompter_data, NULL, NULL, 1, &prompt); if (ret) { memset (prompter->reply.data, 0, prompter->reply.length); @@ -1470,13 +1513,13 @@ _krb5_pk_load_id(krb5_context context, if (anchor_id == NULL) { krb5_set_error_message(context, HEIM_PKINIT_NO_VALID_CA, - "PKINIT: No anchor given"); + N_("PKINIT: No anchor given", "")); return HEIM_PKINIT_NO_VALID_CA; } if (user_id == NULL) { krb5_set_error_message(context, HEIM_PKINIT_NO_PRIVATE_KEY, - "PKINIT: No user certificate given"); + N_("PKINIT: No user certificate given", "")); return HEIM_PKINIT_NO_PRIVATE_KEY; } @@ -1484,7 +1527,8 @@ _krb5_pk_load_id(krb5_context context, id = calloc(1, sizeof(*id)); if (id == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } @@ -1520,7 +1564,7 @@ _krb5_pk_load_id(krb5_context context, goto out; } - ret = hx509_certs_init(id->hx509ctx, "MEMORY:pkinit-cert-chain", + ret = hx509_certs_init(id->hx509ctx, "MEMORY:pkinit-cert-chain", 0, NULL, &id->certpool); if (ret) { pk_copy_error(context, id->hx509ctx, ret, @@ -1549,11 +1593,11 @@ _krb5_pk_load_id(krb5_context context, } while (*revoke_list) { - ret = hx509_revoke_add_crl(id->hx509ctx, + ret = hx509_revoke_add_crl(id->hx509ctx, id->revokectx, *revoke_list); if (ret) { - pk_copy_error(context, id->hx509ctx, ret, + pk_copy_error(context, id->hx509ctx, ret, "Failed load revoke list"); goto out; } @@ -1564,7 +1608,7 @@ _krb5_pk_load_id(krb5_context context, ret = hx509_verify_init_ctx(id->hx509ctx, &id->verify_ctx); if (ret) { - pk_copy_error(context, id->hx509ctx, ret, + pk_copy_error(context, id->hx509ctx, ret, "Failed init verify context"); goto out; } @@ -1590,7 +1634,7 @@ _krb5_pk_load_id(krb5_context context, } static krb5_error_code -select_dh_group(krb5_context context, DH *dh, unsigned long bits, +select_dh_group(krb5_context context, DH *dh, unsigned long bits, struct krb5_dh_moduli **moduli) { const struct krb5_dh_moduli *m; @@ -1607,8 +1651,8 @@ select_dh_group(krb5_context context, DH *dh, unsigned long bits, } if (moduli[i] == NULL) { krb5_set_error_message(context, EINVAL, - "Did not find a DH group parameter " - "matching requirement of %lu bits", + N_("Did not find a DH group parameter " + "matching requirement of %lu bits", ""), bits); return EINVAL; } @@ -1646,13 +1690,13 @@ pk_copy_error(krb5_context context, vasprintf(&f, fmt, va); va_end(va); if (f == NULL) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return; } s = hx509_get_error_string(hx509ctx, hxret); if (s == NULL) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); free(f); return; } @@ -1661,24 +1705,24 @@ pk_copy_error(krb5_context context, free(f); } -#endif /* PKINIT */ - static int -parse_integer(krb5_context context, char **p, const char *file, int lineno, +parse_integer(krb5_context context, char **p, const char *file, int lineno, const char *name, heim_integer *integer) { int ret; char *p1; p1 = strsep(p, " \t"); if (p1 == NULL) { - krb5_set_error_message(context, EINVAL, "moduli file %s missing %s on line %d", + krb5_set_error_message(context, EINVAL, + N_("moduli file %s missing %s on line %d", ""), file, name, lineno); return EINVAL; } ret = der_parse_hex_heim_integer(p1, integer); if (ret) { - krb5_set_error_message(context, ret, "moduli file %s failed parsing %s " - "on line %d", + krb5_set_error_message(context, ret, + N_("moduli file %s failed parsing %s " + "on line %d", ""), file, name, lineno); return ret; } @@ -1687,7 +1731,7 @@ parse_integer(krb5_context context, char **p, const char *file, int lineno, } krb5_error_code -_krb5_parse_moduli_line(krb5_context context, +_krb5_parse_moduli_line(krb5_context context, const char *file, int lineno, char *p, @@ -1701,7 +1745,8 @@ _krb5_parse_moduli_line(krb5_context context, m1 = calloc(1, sizeof(*m1)); if (m1 == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } @@ -1713,28 +1758,31 @@ _krb5_parse_moduli_line(krb5_context context, p1 = strsep(&p, " \t"); if (p1 == NULL) { - krb5_set_error_message(context, ret, "moduli file %s missing name " - "on line %d", file, lineno); + krb5_set_error_message(context, ret, + N_("moduli file %s missing name on line %d", ""), + file, lineno); goto out; } m1->name = strdup(p1); if (p1 == NULL) { ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc - out of memeory"); + krb5_set_error_message(context, ret, N_("malloc: out of memeory", "")); goto out; } p1 = strsep(&p, " \t"); if (p1 == NULL) { - krb5_set_error_message(context, ret, "moduli file %s missing bits on line %d", + krb5_set_error_message(context, ret, + N_("moduli file %s missing bits on line %d", ""), file, lineno); goto out; } m1->bits = atoi(p1); if (m1->bits == 0) { - krb5_set_error_message(context, ret, "moduli file %s have un-parsable " - "bits on line %d", file, lineno); + krb5_set_error_message(context, ret, + N_("moduli file %s have un-parsable " + "bits on line %d", ""), file, lineno); goto out; } @@ -1843,7 +1891,8 @@ _krb5_parse_moduli(krb5_context context, const char *file, m = calloc(1, sizeof(m[0]) * 3); if (m == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } @@ -1883,7 +1932,8 @@ _krb5_parse_moduli(krb5_context context, const char *file, m2 = realloc(m, (n + 2) * sizeof(m[0])); if (m2 == NULL) { _krb5_free_moduli(m); - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } m = m2; @@ -1923,10 +1973,11 @@ _krb5_dh_group_ok(krb5_context context, unsigned long bits, (q == NULL || der_heim_integer_cmp(&moduli[i]->q, q) == 0)) { if (bits && bits > moduli[i]->bits) { - krb5_set_error_message(context, + krb5_set_error_message(context, KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED, - "PKINIT: DH group parameter %s " - "no accepted, not enough bits generated", + N_("PKINIT: DH group parameter %s " + "no accepted, not enough bits " + "generated", ""), moduli[i]->name); return KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED; } @@ -1937,9 +1988,10 @@ _krb5_dh_group_ok(krb5_context context, unsigned long bits, } krb5_set_error_message(context, KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED, - "PKINIT: DH group parameter no ok"); + N_("PKINIT: DH group parameter no ok", "")); return KRB5_KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED; } +#endif /* PKINIT */ void KRB5_LIB_FUNCTION _krb5_get_init_creds_opt_free_pkinit(krb5_get_init_creds_opt *opt) @@ -1973,7 +2025,7 @@ _krb5_get_init_creds_opt_free_pkinit(krb5_get_init_creds_opt *opt) opt->opt_private->pk_init_ctx = NULL; #endif } - + krb5_error_code KRB5_LIB_FUNCTION krb5_get_init_creds_opt_set_pkinit(krb5_context context, krb5_get_init_creds_opt *opt, @@ -1992,14 +2044,16 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context, char *anchors = NULL; if (opt->opt_private == NULL) { - krb5_set_error_message(context, EINVAL, "PKINIT: on non extendable opt"); + krb5_set_error_message(context, EINVAL, + N_("PKINIT: on non extendable opt", "")); return EINVAL; } - opt->opt_private->pk_init_ctx = + opt->opt_private->pk_init_ctx = calloc(1, sizeof(*opt->opt_private->pk_init_ctx)); if (opt->opt_private->pk_init_ctx == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } opt->opt_private->pk_init_ctx->dh = NULL; @@ -2013,19 +2067,19 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context, /* XXX implement krb5_appdefault_strings */ if (pool == NULL) pool = krb5_config_get_strings(context, NULL, - "appdefaults", - "pkinit_pool", + "appdefaults", + "pkinit_pool", NULL); if (pki_revoke == NULL) pki_revoke = krb5_config_get_strings(context, NULL, - "appdefaults", - "pkinit_revoke", + "appdefaults", + "pkinit_revoke", NULL); if (x509_anchors == NULL) { krb5_appdefault_string(context, "kinit", - krb5_principal_get_realm(context, principal), + krb5_principal_get_realm(context, principal), "pkinit_anchors", NULL, &anchors); x509_anchors = anchors; } @@ -2060,7 +2114,7 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context, "pkinit_dh_min_bits", NULL); - ret = _krb5_parse_moduli(context, moduli_file, + ret = _krb5_parse_moduli(context, moduli_file, &opt->opt_private->pk_init_ctx->m); if (ret) { _krb5_get_init_creds_opt_free_pkinit(opt); @@ -2070,12 +2124,13 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context, opt->opt_private->pk_init_ctx->dh = DH_new(); if (opt->opt_private->pk_init_ctx->dh == NULL) { _krb5_get_init_creds_opt_free_pkinit(opt); - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } ret = select_dh_group(context, opt->opt_private->pk_init_ctx->dh, - dh_min_bits, + dh_min_bits, opt->opt_private->pk_init_ctx->m); if (ret) { _krb5_get_init_creds_opt_free_pkinit(opt); @@ -2084,14 +2139,16 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context, if (DH_generate_key(opt->opt_private->pk_init_ctx->dh) != 1) { _krb5_get_init_creds_opt_free_pkinit(opt); - krb5_set_error_message(context, ENOMEM, "pkinit: failed to generate DH key"); + krb5_set_error_message(context, ENOMEM, + N_("pkinit: failed to generate DH key", "")); return ENOMEM; } } return 0; #else - krb5_set_error_message(context, EINVAL, "no support for PKINIT compiled in"); + krb5_set_error_message(context, EINVAL, + N_("no support for PKINIT compiled in", "")); return EINVAL; #endif } diff --git a/source4/heimdal/lib/krb5/plugin.c b/source4/heimdal/lib/krb5/plugin.c index fb1ee32285..a71dd8b6f7 100644 --- a/source4/heimdal/lib/krb5/plugin.c +++ b/source4/heimdal/lib/krb5/plugin.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" @@ -99,7 +99,7 @@ loadlib(krb5_context context, if ((*e)->dsohandle == NULL) { free(*e); *e = NULL; - krb5_set_error_message(context, ENOMEM, "Failed to load %s: %s", + krb5_set_error_message(context, ENOMEM, "Failed to load %s: %s", lib, dlerror()); return ENOMEM; } @@ -109,7 +109,7 @@ loadlib(krb5_context context, if ((*e)->symbol == NULL) { dlclose((*e)->dsohandle); free(*e); - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ENOMEM; } @@ -132,11 +132,16 @@ loadlib(krb5_context context, krb5_error_code krb5_plugin_register(krb5_context context, enum krb5_plugin_type type, - const char *name, + const char *name, void *symbol) { struct plugin *e; + /* check for duplicates */ + for (e = registered; e != NULL; e = e->next) + if (e->type == type && strcmp(e->name,name)== 0 && e->symbol == symbol) + return 0; + e = calloc(1, sizeof(*e)); if (e == NULL) { krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); @@ -162,7 +167,7 @@ krb5_plugin_register(krb5_context context, krb5_error_code _krb5_plugin_find(krb5_context context, enum krb5_plugin_type type, - const char *name, + const char *name, struct krb5_plugin **list) { struct krb5_plugin *e; @@ -198,7 +203,7 @@ _krb5_plugin_find(krb5_context context, #ifdef HAVE_DLOPEN - dirs = krb5_config_get_strings(context, NULL, "libdefaults", + dirs = krb5_config_get_strings(context, NULL, "libdefaults", "plugin_dir", NULL); if (dirs == NULL) { sysdirs[0] = rk_UNCONST(plugin_dir); @@ -223,7 +228,7 @@ _krb5_plugin_find(krb5_context context, free(path); if (ret) continue; - + e->next = *list; *list = e; } diff --git a/source4/heimdal/lib/krb5/principal.c b/source4/heimdal/lib/krb5/principal.c index 3a1d184c3d..f27355f2d8 100644 --- a/source4/heimdal/lib/krb5/principal.c +++ b/source4/heimdal/lib/krb5/principal.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ /** @@ -37,7 +37,7 @@ * A Kerberos principal is a email address looking string that * contains to parts separeted by a @. The later part is the kerbero * realm the principal belongs to and the former is a list of 0 or - * more components. For example + * more components. For example * @verbatim lha@SU.SE host/hummel.it.su.se@SU.SE @@ -110,7 +110,7 @@ krb5_principal_get_realm(krb5_context context, krb5_const_principal principal) { return princ_realm(principal); -} +} const char* KRB5_LIB_FUNCTION krb5_principal_get_comp_string(krb5_context context, @@ -122,6 +122,22 @@ krb5_principal_get_comp_string(krb5_context context, return princ_ncomp(principal, component); } +/** + * Get number of component is principal. + * + * @param context Kerberos 5 context + * @param principal principal to query + * @return number of components in string + * @ingroup krb5 + */ + +unsigned int KRB5_LIB_FUNCTION +krb5_principal_get_num_comp(krb5_context context, + krb5_const_principal principal) +{ + return princ_num_comp(principal); +} + krb5_error_code KRB5_LIB_FUNCTION krb5_parse_name_flags(krb5_context context, const char *name, @@ -143,15 +159,15 @@ krb5_parse_name_flags(krb5_context context, int got_realm = 0; int first_at = 1; int enterprise = (flags & KRB5_PRINCIPAL_PARSE_ENTERPRISE); - + *principal = NULL; #define RFLAGS (KRB5_PRINCIPAL_PARSE_NO_REALM|KRB5_PRINCIPAL_PARSE_MUST_REALM) if ((flags & RFLAGS) == RFLAGS) { krb5_set_error_message(context, KRB5_ERR_NO_SERVICE, - "Can't require both realm and " - "no realm at the same time"); + N_("Can't require both realm and " + "no realm at the same time", "")); return KRB5_ERR_NO_SERVICE; } #undef RFLAGS @@ -165,7 +181,7 @@ krb5_parse_name_flags(krb5_context context, if(*p=='\\'){ if(!p[1]) { krb5_set_error_message(context, KRB5_PARSE_MALFORMED, - "trailing \\ in principal name"); + N_("trailing \\ in principal name", "")); return KRB5_PARSE_MALFORMED; } p++; @@ -177,15 +193,17 @@ krb5_parse_name_flags(krb5_context context, } comp = calloc(ncomp, sizeof(*comp)); if (comp == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } - + n = 0; p = start = q = s = strdup(name); if (start == NULL) { free (comp); - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } while(*p){ @@ -203,7 +221,7 @@ krb5_parse_name_flags(krb5_context context, else if(c == '\0') { ret = KRB5_PARSE_MALFORMED; krb5_set_error_message(context, ret, - "trailing \\ in principal name"); + N_("trailing \\ in principal name", "")); goto exit; } }else if(enterprise && first_at) { @@ -213,13 +231,14 @@ krb5_parse_name_flags(krb5_context context, if(got_realm){ ret = KRB5_PARSE_MALFORMED; krb5_set_error_message(context, ret, - "part after realm in principal name"); + N_("part after realm in principal name", "")); goto exit; }else{ comp[n] = malloc(q - start + 1); if (comp[n] == NULL) { ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, + N_("malloc: out of memory", "")); goto exit; } memcpy(comp[n], start, q - start); @@ -231,10 +250,10 @@ krb5_parse_name_flags(krb5_context context, start = q; continue; } - if(got_realm && (c == ':' || c == '/' || c == '\0')) { + if(got_realm && (c == '/' || c == '\0')) { ret = KRB5_PARSE_MALFORMED; krb5_set_error_message(context, ret, - "part after realm in principal name"); + N_("part after realm in principal name", "")); goto exit; } *q++ = c; @@ -242,14 +261,16 @@ krb5_parse_name_flags(krb5_context context, if(got_realm){ if (flags & KRB5_PRINCIPAL_PARSE_NO_REALM) { ret = KRB5_PARSE_MALFORMED; - krb5_set_error_message(context, ret, "realm found in 'short' principal " - "expected to be without one"); + krb5_set_error_message(context, ret, + N_("realm found in 'short' principal " + "expected to be without one", "")); goto exit; } realm = malloc(q - start + 1); if (realm == NULL) { ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, + N_("malloc: out of memory", "")); goto exit; } memcpy(realm, start, q - start); @@ -257,8 +278,9 @@ krb5_parse_name_flags(krb5_context context, }else{ if (flags & KRB5_PRINCIPAL_PARSE_MUST_REALM) { ret = KRB5_PARSE_MALFORMED; - krb5_set_error_message(context, ret, "realm NOT found in principal " - "expected to be with one"); + krb5_set_error_message(context, ret, + N_("realm NOT found in principal " + "expected to be with one", "")); goto exit; } else if (flags & KRB5_PRINCIPAL_PARSE_NO_REALM) { realm = NULL; @@ -271,7 +293,8 @@ krb5_parse_name_flags(krb5_context context, comp[n] = malloc(q - start + 1); if (comp[n] == NULL) { ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, + N_("malloc: out of memory", "")); goto exit; } memcpy(comp[n], start, q - start); @@ -281,7 +304,8 @@ krb5_parse_name_flags(krb5_context context, *principal = malloc(sizeof(**principal)); if (*principal == NULL) { ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, + N_("malloc: out of memory", "")); goto exit; } if (enterprise) @@ -352,8 +376,8 @@ unparse_name_fixed(krb5_context context, if (!no_realm && princ_realm(principal) == NULL) { krb5_set_error_message(context, ERANGE, - "Realm missing from principal, " - "can't unparse"); + N_("Realm missing from principal, " + "can't unparse", "")); return ERANGE; } @@ -362,10 +386,11 @@ unparse_name_fixed(krb5_context context, add_char(name, idx, len, '/'); idx = quote_string(princ_ncomp(principal, i), name, idx, len, display); if(idx == len) { - krb5_set_error_message(context, ERANGE, "Out of space printing principal"); + krb5_set_error_message(context, ERANGE, + N_("Out of space printing principal", "")); return ERANGE; } - } + } /* add realm if different from default realm */ if(short_form && !no_realm) { krb5_realm r; @@ -382,7 +407,8 @@ unparse_name_fixed(krb5_context context, idx = quote_string(princ_realm(principal), name, idx, len, display); if(idx == len) { krb5_set_error_message(context, ERANGE, - "Out of space printing realm of principal"); + N_("Out of space printing " + "realm of principal", "")); return ERANGE; } } @@ -404,7 +430,7 @@ krb5_unparse_name_fixed_short(krb5_context context, char *name, size_t len) { - return unparse_name_fixed(context, principal, name, len, + return unparse_name_fixed(context, principal, name, len, KRB5_PRINCIPAL_UNPARSE_SHORT); } @@ -448,7 +474,8 @@ unparse_name(krb5_context context, len++; /* '\0' */ *name = malloc(len); if(*name == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } ret = unparse_name_fixed(context, principal, *name, len, flags); @@ -523,7 +550,8 @@ krb5_principal_set_realm(krb5_context context, princ_realm(principal) = strdup(realm); if (princ_realm(principal) == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } return 0; @@ -546,7 +574,7 @@ krb5_build_principal(krb5_context context, } static krb5_error_code -append_component(krb5_context context, krb5_principal p, +append_component(krb5_context context, krb5_principal p, const char *comp, size_t comp_len) { @@ -555,13 +583,15 @@ append_component(krb5_context context, krb5_principal p, tmp = realloc(princ_comp(p), (len + 1) * sizeof(*tmp)); if(tmp == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } princ_comp(p) = tmp; princ_ncomp(p, len) = malloc(comp_len + 1); if (princ_ncomp(p, len) == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } memcpy (princ_ncomp(p, len), comp, comp_len); @@ -606,10 +636,11 @@ build_principal(krb5_context context, va_list ap) { krb5_principal p; - + p = calloc(1, sizeof(*p)); if (p == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } princ_type(p) = KRB5_NT_PRINCIPAL; @@ -617,10 +648,11 @@ build_principal(krb5_context context, princ_realm(p) = strdup(realm); if(p->realm == NULL){ free(p); - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } - + (*func)(context, p, ap); *principal = p; return 0; @@ -650,8 +682,8 @@ krb5_make_principal(krb5_context context, } krb5_error_code KRB5_LIB_FUNCTION -krb5_build_principal_va(krb5_context context, - krb5_principal *principal, +krb5_build_principal_va(krb5_context context, + krb5_principal *principal, int rlen, krb5_const_realm realm, va_list ap) @@ -660,8 +692,8 @@ krb5_build_principal_va(krb5_context context, } krb5_error_code KRB5_LIB_FUNCTION -krb5_build_principal_va_ext(krb5_context context, - krb5_principal *principal, +krb5_build_principal_va_ext(krb5_context context, + krb5_principal *principal, int rlen, krb5_const_realm realm, va_list ap) @@ -693,12 +725,14 @@ krb5_copy_principal(krb5_context context, { krb5_principal p = malloc(sizeof(*p)); if (p == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } if(copy_Principal(inprinc, p)) { free(p); - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } *outprinc = p; @@ -790,7 +824,7 @@ krb5_principal_match(krb5_context context, static struct v4_name_convert { const char *from; - const char *to; + const char *to; } default_v4_name_convert[] = { { "ftp", "ftp" }, { "hprop", "hprop" }, @@ -816,7 +850,7 @@ get_name_conversion(krb5_context context, const char *realm, const char *name) p = krb5_config_get_string(context, NULL, "realms", realm, "v4_name_convert", "host", name, NULL); if(p == NULL) - p = krb5_config_get_string(context, NULL, "libdefaults", + p = krb5_config_get_string(context, NULL, "libdefaults", "v4_name_convert", "host", name, NULL); if(p) return p; @@ -856,7 +890,7 @@ krb5_425_conv_principal_ext2(krb5_context context, const char *name, const char *instance, const char *realm, - krb5_boolean (*func)(krb5_context, + krb5_boolean (*func)(krb5_context, void *, krb5_principal), void *funcctx, krb5_boolean resolve, @@ -886,7 +920,7 @@ krb5_425_conv_principal_ext2(krb5_context context, if(p == NULL) goto no_host; name = p; - p = krb5_config_get_string(context, NULL, "realms", realm, + p = krb5_config_get_string(context, NULL, "realms", realm, "v4_instance_convert", instance, NULL); if(p){ instance = p; @@ -897,7 +931,7 @@ krb5_425_conv_principal_ext2(krb5_context context, } krb5_free_principal(context, pr); *princ = NULL; - krb5_clear_error_string (context); + krb5_clear_error_message (context); return HEIM_ERR_V4_PRINC_NO_CONV; } if(resolve){ @@ -943,7 +977,8 @@ krb5_425_conv_principal_ext2(krb5_context context, #endif if (passed) { if (inst == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } strlwr(inst); @@ -975,9 +1010,9 @@ krb5_425_conv_principal_ext2(krb5_context context, * the converted host should be the long hostname. */ - if (func == NULL && + if (func == NULL && gethostname (local_hostname, sizeof(local_hostname)) == 0 && - strncmp(instance, local_hostname, strlen(instance)) == 0 && + strncmp(instance, local_hostname, strlen(instance)) == 0 && local_hostname[strlen(instance)] == '.') { strlcpy(host, local_hostname, sizeof(host)); goto local_host; @@ -1000,12 +1035,12 @@ krb5_425_conv_principal_ext2(krb5_context context, krb5_config_free_strings(domains); } - - p = krb5_config_get_string(context, NULL, "realms", realm, + + p = krb5_config_get_string(context, NULL, "realms", realm, "default_domain", NULL); if(p == NULL){ /* this should be an error, just faking a name is not good */ - krb5_clear_error_string (context); + krb5_clear_error_message (context); return HEIM_ERR_V4_PRINC_NO_CONV; } @@ -1019,7 +1054,7 @@ local_host: return 0; } krb5_free_principal(context, pr); - krb5_clear_error_string (context); + krb5_clear_error_message (context); return HEIM_ERR_V4_PRINC_NO_CONV; no_host: p = krb5_config_get_string(context, NULL, @@ -1038,14 +1073,14 @@ no_host: NULL); if(p) name = p; - + ret = krb5_make_principal(context, &pr, realm, name, instance, NULL); if(func == NULL || (*func)(context, funcctx, pr)){ *princ = pr; return 0; } krb5_free_principal(context, pr); - krb5_clear_error_string (context); + krb5_clear_error_message (context); return HEIM_ERR_V4_PRINC_NO_CONV; } @@ -1086,11 +1121,11 @@ krb5_425_conv_principal(krb5_context context, { krb5_boolean resolve = krb5_config_get_bool(context, NULL, - "libdefaults", - "v4_instance_resolve", + "libdefaults", + "v4_instance_resolve", NULL); - return krb5_425_conv_principal_ext(context, name, instance, realm, + return krb5_425_conv_principal_ext(context, name, instance, realm, NULL, resolve, princ); } @@ -1111,7 +1146,7 @@ check_list(const krb5_config_binding *l, const char *name, const char **out) } static int -name_convert(krb5_context context, const char *name, const char *realm, +name_convert(krb5_context context, const char *name, const char *realm, const char **out) { const krb5_config_binding *l; @@ -1149,7 +1184,7 @@ name_convert(krb5_context context, const char *name, const char *realm, NULL); if(l && check_list(l, name, out)) return KRB5_NT_UNKNOWN; - + /* didn't find it in config file, try built-in list */ { struct v4_name_convert *q; @@ -1173,7 +1208,7 @@ name_convert(krb5_context context, const char *name, const char *realm, krb5_error_code KRB5_LIB_FUNCTION krb5_524_conv_principal(krb5_context context, const krb5_principal principal, - char *name, + char *name, char *instance, char *realm) { @@ -1195,7 +1230,8 @@ krb5_524_conv_principal(krb5_context context, break; default: krb5_set_error_message(context, KRB5_PARSE_MALFORMED, - "cannot convert a %d component principal", + N_("cannot convert a %d " + "component principal", ""), principal->name.name_string.len); return KRB5_PARSE_MALFORMED; } @@ -1218,28 +1254,40 @@ krb5_524_conv_principal(krb5_context context, *p = 0; i = tmpinst; } - + if (strlcpy (name, n, aname_sz) >= aname_sz) { krb5_set_error_message(context, KRB5_PARSE_MALFORMED, - "too long name component to convert"); + N_("too long name component to convert", "")); return KRB5_PARSE_MALFORMED; } if (strlcpy (instance, i, aname_sz) >= aname_sz) { krb5_set_error_message(context, KRB5_PARSE_MALFORMED, - "too long instance component to convert"); + N_("too long instance component to convert", "")); return KRB5_PARSE_MALFORMED; } if (strlcpy (realm, r, aname_sz) >= aname_sz) { krb5_set_error_message(context, KRB5_PARSE_MALFORMED, - "too long realm component to convert"); + N_("too long realm component to convert", "")); return KRB5_PARSE_MALFORMED; } return 0; } -/* - * Create a principal in `ret_princ' for the service `sname' running - * on host `hostname'. */ +/** + * Create a principal for the service running on hostname. If + * KRB5_NT_SRV_HST is used, the hostname is canonization using DNS (or + * some other service), this is potentially insecure. + * + * @param context A Kerberos context. + * @param hostname hostname to use + * @param sname Service name to use + * @param type name type of pricipal, use KRB5_NT_SRV_HST or KRB5_NT_UNKNOWN. + * @param ret_princ return principal, free with krb5_free_principal(). + * + * @return An krb5 error code, see krb5_get_error_message(). + * + * @ingroup krb5_principal + */ krb5_error_code KRB5_LIB_FUNCTION krb5_sname_to_principal (krb5_context context, @@ -1254,7 +1302,7 @@ krb5_sname_to_principal (krb5_context context, if(type != KRB5_NT_SRV_HST && type != KRB5_NT_UNKNOWN) { krb5_set_error_message(context, KRB5_SNAME_UNSUPP_NAMETYPE, - "unsupported name type %d", + N_("unsupported name type %d", ""), (int)type); return KRB5_SNAME_UNSUPP_NAMETYPE; } @@ -1263,9 +1311,9 @@ krb5_sname_to_principal (krb5_context context, if (ret != 0) { ret = errno; krb5_set_error_message(context, ret, - "Failed to get local hostname"); + N_("Failed to get local hostname", "")); return ret; - } + } localhost[sizeof(localhost) - 1] = '\0'; hostname = localhost; } @@ -1315,7 +1363,7 @@ krb5_error_code krb5_parse_nametype(krb5_context context, const char *str, int32_t *nametype) { size_t i; - + for(i = 0; nametypes[i].type; i++) { if (strcasecmp(nametypes[i].type, str) == 0) { *nametype = nametypes[i].value; @@ -1323,6 +1371,6 @@ krb5_parse_nametype(krb5_context context, const char *str, int32_t *nametype) } } krb5_set_error_message(context, KRB5_PARSE_MALFORMED, - "Failed to find name type %s", str); + N_("Failed to find name type %s", ""), str); return KRB5_PARSE_MALFORMED; } diff --git a/source4/heimdal/lib/krb5/prog_setup.c b/source4/heimdal/lib/krb5/prog_setup.c index 0586155ac4..b368573b8d 100644 --- a/source4/heimdal/lib/krb5/prog_setup.c +++ b/source4/heimdal/lib/krb5/prog_setup.c @@ -1,41 +1,41 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" #include <getarg.h> #include <err.h> -RCSID("$Id: prog_setup.c 15470 2005-06-17 04:29:41Z lha $"); +RCSID("$Id$"); void KRB5_LIB_FUNCTION krb5_std_usage(int code, struct getargs *args, int num_args) @@ -46,7 +46,7 @@ krb5_std_usage(int code, struct getargs *args, int num_args) int KRB5_LIB_FUNCTION krb5_program_setup(krb5_context *context, int argc, char **argv, - struct getargs *args, int num_args, + struct getargs *args, int num_args, void (*usage)(int, struct getargs*, int)) { krb5_error_code ret; @@ -59,7 +59,7 @@ krb5_program_setup(krb5_context *context, int argc, char **argv, ret = krb5_init_context(context); if (ret) errx (1, "krb5_init_context failed: %d", ret); - + if(getarg(args, num_args, argc, argv, &optidx)) (*usage)(1, args, num_args); return optidx; diff --git a/source4/heimdal/lib/krb5/prompter_posix.c b/source4/heimdal/lib/krb5/prompter_posix.c index 840bb328ca..7d63935423 100644 --- a/source4/heimdal/lib/krb5/prompter_posix.c +++ b/source4/heimdal/lib/krb5/prompter_posix.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" diff --git a/source4/heimdal/lib/krb5/rd_cred.c b/source4/heimdal/lib/krb5/rd_cred.c index e2807c20d0..dc51033019 100644 --- a/source4/heimdal/lib/krb5/rd_cred.c +++ b/source4/heimdal/lib/krb5/rd_cred.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include <krb5_locl.h> @@ -71,39 +71,39 @@ krb5_rd_cred(krb5_context context, memset(&enc_krb_cred_part, 0, sizeof(enc_krb_cred_part)); - if ((auth_context->flags & + if ((auth_context->flags & (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) && outdata == NULL) return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */ *ret_creds = NULL; - ret = decode_KRB_CRED(in_data->data, in_data->length, + ret = decode_KRB_CRED(in_data->data, in_data->length, &cred, &len); if(ret) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ret; } if (cred.pvno != 5) { ret = KRB5KRB_AP_ERR_BADVERSION; - krb5_clear_error_string (context); + krb5_clear_error_message (context); goto out; } if (cred.msg_type != krb_cred) { ret = KRB5KRB_AP_ERR_MSG_TYPE; - krb5_clear_error_string (context); + krb5_clear_error_message (context); goto out; } - if (cred.enc_part.etype == ETYPE_NULL) { + if (cred.enc_part.etype == ETYPE_NULL) { /* DK: MIT GSS-API Compatibility */ enc_krb_cred_part_data.length = cred.enc_part.cipher.length; enc_krb_cred_part_data.data = cred.enc_part.cipher.data; } else { /* Try both subkey and session key. - * + * * RFC4120 claims we should use the session key, but Heimdal * before 0.8 used the remote subkey if it was send in the * auth_context. @@ -120,12 +120,12 @@ krb5_rd_cred(krb5_context context, KRB5_KU_KRB_CRED, &cred.enc_part, &enc_krb_cred_part_data); - + krb5_crypto_destroy(context, crypto); } - /* - * If there was not subkey, or we failed using subkey, + /* + * If there was not subkey, or we failed using subkey, * retry using the session key */ if (auth_context->remote_subkey == NULL || ret == KRB5KRB_AP_ERR_BAD_INTEGRITY) @@ -136,13 +136,13 @@ krb5_rd_cred(krb5_context context, if (ret) goto out; - + ret = krb5_decrypt_EncryptedData(context, crypto, KRB5_KU_KRB_CRED, &cred.enc_part, &enc_krb_cred_part_data); - + krb5_crypto_destroy(context, crypto); } if (ret) @@ -173,8 +173,9 @@ krb5_rd_cred(krb5_context context, goto out; - ret = compare_addrs(context, a, enc_krb_cred_part.s_address, - "sender address is wrong in received creds"); + ret = compare_addrs(context, a, enc_krb_cred_part.s_address, + N_("sender address is wrong " + "in received creds", "")); krb5_free_address(context, a); free(a); if(ret) @@ -193,9 +194,10 @@ krb5_rd_cred(krb5_context context, auth_context->local_port); if (ret) goto out; - - ret = compare_addrs(context, a, enc_krb_cred_part.r_address, - "receiver address is wrong in received creds"); + + ret = compare_addrs(context, a, enc_krb_cred_part.r_address, + N_("receiver address is wrong " + "in received creds", "")); krb5_free_address(context, a); free(a); if(ret) @@ -203,7 +205,8 @@ krb5_rd_cred(krb5_context context, } else { ret = compare_addrs(context, auth_context->local_address, enc_krb_cred_part.r_address, - "receiver address is wrong in received creds"); + N_("receiver address is wrong " + "in received creds", "")); if(ret) goto out; } @@ -219,13 +222,13 @@ krb5_rd_cred(krb5_context context, enc_krb_cred_part.usec == NULL || abs(*enc_krb_cred_part.timestamp - sec) > context->max_skew) { - krb5_clear_error_string (context); + krb5_clear_error_message (context); ret = KRB5KRB_AP_ERR_SKEW; goto out; } } - if ((auth_context->flags & + if ((auth_context->flags & (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE))) { /* if these fields are not present in the cred-part, silently return zero */ @@ -237,15 +240,16 @@ krb5_rd_cred(krb5_context context, if(enc_krb_cred_part.nonce) outdata->seq = *enc_krb_cred_part.nonce; } - + /* Convert to NULL terminated list of creds */ - *ret_creds = calloc(enc_krb_cred_part.ticket_info.len + 1, + *ret_creds = calloc(enc_krb_cred_part.ticket_info.len + 1, sizeof(**ret_creds)); if (*ret_creds == NULL) { ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, + N_("malloc: out of memory", "")); goto out; } @@ -256,11 +260,12 @@ krb5_rd_cred(krb5_context context, creds = calloc(1, sizeof(*creds)); if(creds == NULL) { ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, + N_("malloc: out of memory", "")); goto out; } - ASN1_MALLOC_ENCODE(Ticket, creds->ticket.data, creds->ticket.length, + ASN1_MALLOC_ENCODE(Ticket, creds->ticket.data, creds->ticket.length, &cred.tickets.val[i], &len, ret); if (ret) { free(creds); diff --git a/source4/heimdal/lib/krb5/rd_error.c b/source4/heimdal/lib/krb5/rd_error.c index 9f23d8df29..75ae8b1e8a 100644 --- a/source4/heimdal/lib/krb5/rd_error.c +++ b/source4/heimdal/lib/krb5/rd_error.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" @@ -40,13 +40,13 @@ krb5_rd_error(krb5_context context, const krb5_data *msg, KRB_ERROR *result) { - + size_t len; krb5_error_code ret; ret = decode_KRB_ERROR(msg->data, msg->length, result, &len); if(ret) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ret; } result->error_code += KRB5KDC_ERR_NONE; @@ -91,31 +91,35 @@ krb5_error_from_rd_error(krb5_context context, switch (ret) { case KRB5KDC_ERR_NAME_EXP : - krb5_set_error_message(context, ret, "Client %s%s%s expired", + krb5_set_error_message(context, ret, + N_("Client %s%s%s expired", ""), creds ? "(" : "", creds ? clientname : "", creds ? ")" : ""); break; case KRB5KDC_ERR_SERVICE_EXP : - krb5_set_error_message(context, ret, "Server %s%s%s expired", + krb5_set_error_message(context, ret, + N_("Server %s%s%s expired", ""), creds ? "(" : "", creds ? servername : "", creds ? ")" : ""); break; case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN : - krb5_set_error_message(context, ret, "Client %s%s%s unknown", + krb5_set_error_message(context, ret, + N_("Client %s%s%s unknown", ""), creds ? "(" : "", creds ? clientname : "", creds ? ")" : ""); break; case KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN : - krb5_set_error_message(context, ret, "Server %s%s%s unknown", + krb5_set_error_message(context, ret, + N_("Server %s%s%s unknown", ""), creds ? "(" : "", creds ? servername : "", creds ? ")" : ""); break; default : - krb5_clear_error_string(context); + krb5_clear_error_message(context); break; } } diff --git a/source4/heimdal/lib/krb5/rd_priv.c b/source4/heimdal/lib/krb5/rd_priv.c index da8f44febb..6778ccad88 100644 --- a/source4/heimdal/lib/krb5/rd_priv.c +++ b/source4/heimdal/lib/krb5/rd_priv.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include <krb5_locl.h> @@ -52,11 +52,11 @@ krb5_rd_priv(krb5_context context, krb5_data_zero(outbuf); - if ((auth_context->flags & + if ((auth_context->flags & (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE))) { if (outdata == NULL) { - krb5_clear_error_string (context); + krb5_clear_error_message (context); return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */ } /* if these fields are not present in the priv-part, silently @@ -67,16 +67,16 @@ krb5_rd_priv(krb5_context context, memset(&priv, 0, sizeof(priv)); ret = decode_KRB_PRIV (inbuf->data, inbuf->length, &priv, &len); if (ret) { - krb5_clear_error_string (context); + krb5_clear_error_message (context); goto failure; } if (priv.pvno != 5) { - krb5_clear_error_string (context); + krb5_clear_error_message (context); ret = KRB5KRB_AP_ERR_BADVERSION; goto failure; } if (priv.msg_type != krb_priv) { - krb5_clear_error_string (context); + krb5_clear_error_message (context); ret = KRB5KRB_AP_ERR_MSG_TYPE; goto failure; } @@ -97,16 +97,16 @@ krb5_rd_priv(krb5_context context, &priv.enc_part, &plain); krb5_crypto_destroy(context, crypto); - if (ret) + if (ret) goto failure; ret = decode_EncKrbPrivPart (plain.data, plain.length, &part, &len); krb5_data_free (&plain); if (ret) { - krb5_clear_error_string (context); + krb5_clear_error_message (context); goto failure; } - + /* check sender address */ if (part.s_address @@ -114,7 +114,7 @@ krb5_rd_priv(krb5_context context, && !krb5_address_compare (context, auth_context->remote_address, part.s_address)) { - krb5_clear_error_string (context); + krb5_clear_error_message (context); ret = KRB5KRB_AP_ERR_BADADDR; goto failure_part; } @@ -126,7 +126,7 @@ krb5_rd_priv(krb5_context context, && !krb5_address_compare (context, auth_context->local_address, part.r_address)) { - krb5_clear_error_string (context); + krb5_clear_error_message (context); ret = KRB5KRB_AP_ERR_BADADDR; goto failure_part; } @@ -139,7 +139,7 @@ krb5_rd_priv(krb5_context context, if (part.timestamp == NULL || part.usec == NULL || abs(*part.timestamp - sec) > context->max_skew) { - krb5_clear_error_string (context); + krb5_clear_error_message (context); ret = KRB5KRB_AP_ERR_SKEW; goto failure_part; } @@ -156,7 +156,7 @@ krb5_rd_priv(krb5_context context, && auth_context->remote_seqnumber != 0) || (part.seq_number != NULL && *part.seq_number != auth_context->remote_seqnumber)) { - krb5_clear_error_string (context); + krb5_clear_error_message (context); ret = KRB5KRB_AP_ERR_BADORDER; goto failure_part; } @@ -167,7 +167,7 @@ krb5_rd_priv(krb5_context context, if (ret) goto failure_part; - if ((auth_context->flags & + if ((auth_context->flags & (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE))) { if(part.timestamp) outdata->timestamp = *part.timestamp; diff --git a/source4/heimdal/lib/krb5/rd_rep.c b/source4/heimdal/lib/krb5/rd_rep.c index 846de26c60..010726b180 100644 --- a/source4/heimdal/lib/krb5/rd_rep.c +++ b/source4/heimdal/lib/krb5/rd_rep.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include <krb5_locl.h> @@ -55,19 +55,19 @@ krb5_rd_rep(krb5_context context, return ret; if (ap_rep.pvno != 5) { ret = KRB5KRB_AP_ERR_BADVERSION; - krb5_clear_error_string (context); + krb5_clear_error_message (context); goto out; } if (ap_rep.msg_type != krb_ap_rep) { ret = KRB5KRB_AP_ERR_MSG_TYPE; - krb5_clear_error_string (context); + krb5_clear_error_message (context); goto out; } ret = krb5_crypto_init(context, auth_context->keyblock, 0, &crypto); if (ret) goto out; - ret = krb5_decrypt_EncryptedData (context, + ret = krb5_decrypt_EncryptedData (context, crypto, KRB5_KU_AP_REQ_ENC_PART, &ap_rep.enc_part, @@ -79,25 +79,25 @@ krb5_rd_rep(krb5_context context, *repl = malloc(sizeof(**repl)); if (*repl == NULL) { ret = ENOMEM; - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto out; } ret = krb5_decode_EncAPRepPart(context, data.data, data.length, - *repl, + *repl, &len); if (ret) return ret; - - if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) { + + if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) { if ((*repl)->ctime != auth_context->authenticator->ctime || - (*repl)->cusec != auth_context->authenticator->cusec) + (*repl)->cusec != auth_context->authenticator->cusec) { krb5_free_ap_rep_enc_part(context, *repl); *repl = NULL; ret = KRB5KRB_AP_ERR_MUT_FAIL; - krb5_clear_error_string (context); + krb5_clear_error_message (context); goto out; } } @@ -106,7 +106,7 @@ krb5_rd_rep(krb5_context context, *((*repl)->seq_number)); if ((*repl)->subkey) krb5_auth_con_setremotesubkey(context, auth_context, (*repl)->subkey); - + out: krb5_data_free (&data); free_AP_REP (&ap_rep); diff --git a/source4/heimdal/lib/krb5/rd_req.c b/source4/heimdal/lib/krb5/rd_req.c index ef91f9fdd6..a416f90c10 100644 --- a/source4/heimdal/lib/krb5/rd_req.c +++ b/source4/heimdal/lib/krb5/rd_req.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include <krb5_locl.h> @@ -58,7 +58,7 @@ decrypt_tkt_enc_part (krb5_context context, if (ret) return ret; - ret = krb5_decode_EncTicketPart(context, plain.data, plain.length, + ret = krb5_decode_EncTicketPart(context, plain.data, plain.length, decr_part, &len); krb5_data_free (&plain); return ret; @@ -95,7 +95,7 @@ decrypt_authenticator (krb5_context context, if (ret) return ret; - ret = krb5_decode_Authenticator(context, plain.data, plain.length, + ret = krb5_decode_Authenticator(context, plain.data, plain.length, authenticator, &len); krb5_data_free (&plain); return ret; @@ -113,17 +113,17 @@ krb5_decode_ap_req(krb5_context context, return ret; if (ap_req->pvno != 5){ free_AP_REQ(ap_req); - krb5_clear_error_string (context); + krb5_clear_error_message (context); return KRB5KRB_AP_ERR_BADVERSION; } if (ap_req->msg_type != krb_ap_req){ free_AP_REQ(ap_req); - krb5_clear_error_string (context); + krb5_clear_error_message (context); return KRB5KRB_AP_ERR_MSG_TYPE; } if (ap_req->ticket.tkt_vno != 5){ free_AP_REQ(ap_req); - krb5_clear_error_string (context); + krb5_clear_error_message (context); return KRB5KRB_AP_ERR_BADVERSION; } return 0; @@ -135,8 +135,8 @@ check_transited(krb5_context context, Ticket *ticket, EncTicketPart *enc) char **realms; unsigned int num_realms; krb5_error_code ret; - - /* + + /* * Windows 2000 and 2003 uses this inside their TGT so it's normaly * not seen by others, however, samba4 joined with a Windows AD as * a Domain Controller gets exposed to this. @@ -150,14 +150,14 @@ check_transited(krb5_context context, Ticket *ticket, EncTicketPart *enc) if(enc->transited.contents.length == 0) return 0; - ret = krb5_domain_x500_decode(context, enc->transited.contents, - &realms, &num_realms, + ret = krb5_domain_x500_decode(context, enc->transited.contents, + &realms, &num_realms, enc->crealm, ticket->realm); if(ret) return ret; - ret = krb5_check_transited(context, enc->crealm, - ticket->realm, + ret = krb5_check_transited(context, enc->crealm, + ticket->realm, realms, num_realms, NULL); free(realms); return ret; @@ -209,7 +209,7 @@ find_etypelist(krb5_context context, etypes, NULL); if (ret) - krb5_clear_error_string(context); + krb5_clear_error_message(context); free_AD_IF_RELEVANT(&adIfRelevant); @@ -228,7 +228,7 @@ krb5_decrypt_ticket(krb5_context context, ret = decrypt_tkt_enc_part (context, key, &ticket->enc_part, &t); if (ret) return ret; - + { krb5_timestamp now; time_t start = t.authtime; @@ -240,12 +240,12 @@ krb5_decrypt_ticket(krb5_context context, || (t.flags.invalid && !(flags & KRB5_VERIFY_AP_REQ_IGNORE_INVALID))) { free_EncTicketPart(&t); - krb5_clear_error_string (context); + krb5_clear_error_message (context); return KRB5KRB_AP_ERR_TKT_NYV; } if(now - t.endtime > context->max_skew) { free_EncTicketPart(&t); - krb5_clear_error_string (context); + krb5_clear_error_message (context); return KRB5KRB_AP_ERR_TKT_EXPIRED; } @@ -257,7 +257,7 @@ krb5_decrypt_ticket(krb5_context context, } } } - + if(out) *out = t; else @@ -275,7 +275,7 @@ krb5_verify_authenticator_checksum(krb5_context context, krb5_keyblock *key; krb5_authenticator authenticator; krb5_crypto crypto; - + ret = krb5_auth_con_getauthenticator (context, ac, &authenticator); @@ -343,7 +343,7 @@ krb5_verify_ap_req2(krb5_context context, krb5_auth_context ac; krb5_error_code ret; EtypeList etypes; - + if (ticket) *ticket = NULL; @@ -358,34 +358,34 @@ krb5_verify_ap_req2(krb5_context context, t = calloc(1, sizeof(*t)); if (t == NULL) { ret = ENOMEM; - krb5_clear_error_string (context); + krb5_clear_error_message (context); goto out; } if (ap_req->ap_options.use_session_key && ac->keyblock){ - ret = krb5_decrypt_ticket(context, &ap_req->ticket, - ac->keyblock, + ret = krb5_decrypt_ticket(context, &ap_req->ticket, + ac->keyblock, &t->ticket, flags); krb5_free_keyblock(context, ac->keyblock); ac->keyblock = NULL; }else - ret = krb5_decrypt_ticket(context, &ap_req->ticket, - keyblock, + ret = krb5_decrypt_ticket(context, &ap_req->ticket, + keyblock, &t->ticket, flags); - + if(ret) goto out; ret = _krb5_principalname2krb5_principal(context, &t->server, - ap_req->ticket.sname, + ap_req->ticket.sname, ap_req->ticket.realm); if (ret) goto out; ret = _krb5_principalname2krb5_principal(context, &t->client, - t->ticket.cname, + t->ticket.cname, t->ticket.crealm); if (ret) goto out; @@ -406,7 +406,7 @@ krb5_verify_ap_req2(krb5_context context, ac->authenticator->cname, ac->authenticator->crealm); _krb5_principalname2krb5_principal(context, - &p2, + &p2, t->ticket.cname, t->ticket.crealm); res = krb5_principal_compare (context, p1, p2); @@ -414,7 +414,7 @@ krb5_verify_ap_req2(krb5_context context, krb5_free_principal (context, p2); if (!res) { ret = KRB5KRB_AP_ERR_BADMATCH; - krb5_clear_error_string (context); + krb5_clear_error_message (context); goto out; } } @@ -427,7 +427,7 @@ krb5_verify_ap_req2(krb5_context context, ac->remote_address, t->ticket.caddr)) { ret = KRB5KRB_AP_ERR_BADADDR; - krb5_clear_error_string (context); + krb5_clear_error_message (context); goto out; } @@ -439,7 +439,7 @@ krb5_verify_ap_req2(krb5_context context, if (abs(ac->authenticator->ctime - now) > context->max_skew) { ret = KRB5KRB_AP_ERR_SKEW; - krb5_clear_error_string (context); + krb5_clear_error_message (context); goto out; } } @@ -506,7 +506,7 @@ krb5_verify_ap_req2(krb5_context context, krb5_auth_con_free (context, ac); return ret; } - + /* * */ @@ -532,7 +532,8 @@ krb5_rd_req_in_ctx_alloc(krb5_context context, krb5_rd_req_in_ctx *ctx) { *ctx = calloc(1, sizeof(**ctx)); if (*ctx == NULL) { - krb5_set_error_message(context, ENOMEM, "out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } (*ctx)->check_pac = (context->flags & KRB5_CTX_F_CHECK_PAC) ? 1 : 0; @@ -540,7 +541,7 @@ krb5_rd_req_in_ctx_alloc(krb5_context context, krb5_rd_req_in_ctx *ctx) } krb5_error_code KRB5_LIB_FUNCTION -krb5_rd_req_in_set_keytab(krb5_context context, +krb5_rd_req_in_set_keytab(krb5_context context, krb5_rd_req_in_ctx in, krb5_keytab keytab) { @@ -550,7 +551,7 @@ krb5_rd_req_in_set_keytab(krb5_context context, /** * Set if krb5_rq_red() is going to check the Windows PAC or not - * + * * @param context Keberos 5 context. * @param in krb5_rd_req_in_ctx to check the option on. * @param flag flag to select if to check the pac (TRUE) or not (FALSE). @@ -561,7 +562,7 @@ krb5_rd_req_in_set_keytab(krb5_context context, */ krb5_error_code KRB5_LIB_FUNCTION -krb5_rd_req_in_set_pac_check(krb5_context context, +krb5_rd_req_in_set_pac_check(krb5_context context, krb5_rd_req_in_ctx in, krb5_boolean flag) { @@ -571,7 +572,7 @@ krb5_rd_req_in_set_pac_check(krb5_context context, krb5_error_code KRB5_LIB_FUNCTION -krb5_rd_req_in_set_keyblock(krb5_context context, +krb5_rd_req_in_set_keyblock(krb5_context context, krb5_rd_req_in_ctx in, krb5_keyblock *keyblock) { @@ -580,7 +581,7 @@ krb5_rd_req_in_set_keyblock(krb5_context context, } krb5_error_code KRB5_LIB_FUNCTION -krb5_rd_req_out_get_ap_req_options(krb5_context context, +krb5_rd_req_out_get_ap_req_options(krb5_context context, krb5_rd_req_out_ctx out, krb5_flags *ap_req_options) { @@ -589,7 +590,7 @@ krb5_rd_req_out_get_ap_req_options(krb5_context context, } krb5_error_code KRB5_LIB_FUNCTION -krb5_rd_req_out_get_ticket(krb5_context context, +krb5_rd_req_out_get_ticket(krb5_context context, krb5_rd_req_out_ctx out, krb5_ticket **ticket) { @@ -597,7 +598,7 @@ krb5_rd_req_out_get_ticket(krb5_context context, } krb5_error_code KRB5_LIB_FUNCTION -krb5_rd_req_out_get_keyblock(krb5_context context, +krb5_rd_req_out_get_keyblock(krb5_context context, krb5_rd_req_out_ctx out, krb5_keyblock **keyblock) { @@ -615,7 +616,8 @@ _krb5_rd_req_out_ctx_alloc(krb5_context context, krb5_rd_req_out_ctx *ctx) { *ctx = calloc(1, sizeof(**ctx)); if (*ctx == NULL) { - krb5_set_error_message(context, ENOMEM, "out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } return 0; @@ -648,7 +650,7 @@ krb5_rd_req(krb5_context context, ret = krb5_rd_req_in_ctx_alloc(context, &in); if (ret) return ret; - + ret = krb5_rd_req_in_set_keytab(context, in, keytab); if (ret) { krb5_rd_req_in_ctx_free(context, in); @@ -693,7 +695,7 @@ krb5_rd_req_with_keyblock(krb5_context context, ret = krb5_rd_req_in_ctx_alloc(context, &in); if (ret) return ret; - + ret = krb5_rd_req_in_set_keyblock(context, in, keyblock); if (ret) { krb5_rd_req_in_ctx_free(context, in); @@ -739,7 +741,7 @@ get_key_from_keytab(krb5_context context, krb5_kt_default(context, &real_keytab); else real_keytab = keytab; - + if (ap_req->ticket.enc_part.kvno) kvno = *ap_req->ticket.enc_part.kvno; else @@ -755,10 +757,10 @@ get_key_from_keytab(krb5_context context, goto out; ret = krb5_copy_keyblock(context, &entry.keyblock, out_key); krb5_kt_free_entry (context, &entry); -out: +out: if(keytab == NULL) krb5_kt_close(context, real_keytab); - + return ret; } @@ -805,8 +807,9 @@ krb5_rd_req_ctx(krb5_context context, if (ap_req.ap_options.use_session_key && (*auth_context)->keyblock == NULL) { ret = KRB5KRB_AP_ERR_NOKEY; - krb5_set_error_message(context, ret, "krb5_rd_req: user to user auth " - "without session key given"); + krb5_set_error_message(context, ret, + N_("krb5_rd_req: user to user auth " + "without session key given", "")); goto out; } @@ -828,8 +831,8 @@ krb5_rd_req_ctx(krb5_context context, if (inctx && inctx->keytab) keytab = inctx->keytab; - ret = get_key_from_keytab(context, - auth_context, + ret = get_key_from_keytab(context, + auth_context, &ap_req, server, keytab, @@ -867,10 +870,10 @@ krb5_rd_req_ctx(krb5_context context, goto out; ret = krb5_pac_verify(context, - pac, + pac, o->ticket->ticket.authtime, - o->ticket->client, - o->keyblock, + o->ticket->client, + o->keyblock, NULL); krb5_pac_free(context, pac); if (ret) @@ -881,7 +884,7 @@ krb5_rd_req_ctx(krb5_context context, out: if (ret || outctx == NULL) { krb5_rd_req_out_ctx_free(context, o); - } else + } else *outctx = o; free_AP_REQ(&ap_req); diff --git a/source4/heimdal/lib/krb5/replay.c b/source4/heimdal/lib/krb5/replay.c index cd717f27ac..25a6da0262 100644 --- a/source4/heimdal/lib/krb5/replay.c +++ b/source4/heimdal/lib/krb5/replay.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" @@ -47,7 +47,8 @@ krb5_rc_resolve(krb5_context context, { id->name = strdup(name); if(id->name == NULL) { - krb5_set_error_message(context, KRB5_RC_MALLOC, "malloc: out of memory"); + krb5_set_error_message(context, KRB5_RC_MALLOC, + N_("malloc: out of memory", "")); return KRB5_RC_MALLOC; } return 0; @@ -61,13 +62,14 @@ krb5_rc_resolve_type(krb5_context context, *id = NULL; if(strcmp(type, "FILE")) { krb5_set_error_message (context, KRB5_RC_TYPE_NOTFOUND, - "replay cache type %s not supported", + N_("replay cache type %s not supported", ""), type); return KRB5_RC_TYPE_NOTFOUND; } *id = calloc(1, sizeof(**id)); if(*id == NULL) { - krb5_set_error_message(context, KRB5_RC_MALLOC, "malloc: out of memory"); + krb5_set_error_message(context, KRB5_RC_MALLOC, + N_("malloc: out of memory", "")); return KRB5_RC_MALLOC; } return 0; @@ -84,7 +86,7 @@ krb5_rc_resolve_full(krb5_context context, if(strncmp(string_name, "FILE:", 5)) { krb5_set_error_message(context, KRB5_RC_TYPE_NOTFOUND, - "replay cache type %s not supported", + N_("replay cache type %s not supported", ""), string_name); return KRB5_RC_TYPE_NOTFOUND; } @@ -184,7 +186,7 @@ checksum_authenticator(Authenticator *auth, void *data) MD5_Init (&md5); MD5_Update (&md5, auth->crealm, strlen(auth->crealm)); for(i = 0; i < auth->cname.name_string.len; i++) - MD5_Update(&md5, auth->cname.name_string.val[i], + MD5_Update(&md5, auth->cname.name_string.val[i], strlen(auth->cname.name_string.val[i])); MD5_Update (&md5, &auth->ctime, sizeof(auth->ctime)); MD5_Update (&md5, &auth->cusec, sizeof(auth->cusec)); @@ -218,7 +220,7 @@ krb5_rc_store(krb5_context context, continue; if(memcmp(tmp.data, ent.data, sizeof(ent.data)) == 0){ fclose(f); - krb5_clear_error_string (context); + krb5_clear_error_message (context); return KRB5_RC_REPLAY; } } @@ -263,7 +265,7 @@ krb5_rc_get_lifespan(krb5_context context, *auth_lifespan = ent.stamp; return 0; } - krb5_clear_error_string (context); + krb5_clear_error_message (context); return KRB5_RC_IO_UNKNOWN; } @@ -273,17 +275,17 @@ krb5_rc_get_name(krb5_context context, { return id->name; } - + const char* KRB5_LIB_FUNCTION krb5_rc_get_type(krb5_context context, krb5_rcache id) { return "FILE"; } - + krb5_error_code KRB5_LIB_FUNCTION -krb5_get_server_rcache(krb5_context context, - const krb5_data *piece, +krb5_get_server_rcache(krb5_context context, + const krb5_data *piece, krb5_rcache *id) { krb5_rcache rcache; @@ -293,7 +295,8 @@ krb5_get_server_rcache(krb5_context context, char *name; if(tmp == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } strvisx(tmp, piece->data, piece->length, VIS_WHITE | VIS_OCTAL); @@ -304,7 +307,8 @@ krb5_get_server_rcache(krb5_context context, #endif free(tmp); if(name == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } diff --git a/source4/heimdal/lib/krb5/send_to_kdc.c b/source4/heimdal/lib/krb5/send_to_kdc.c index 45b728aa6c..53c4a69a3f 100644 --- a/source4/heimdal/lib/krb5/send_to_kdc.c +++ b/source4/heimdal/lib/krb5/send_to_kdc.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" @@ -113,7 +113,7 @@ recv_loop (int fd, */ static int -send_and_recv_udp(int fd, +send_and_recv_udp(int fd, time_t tmout, const krb5_data *req, krb5_data *rep) @@ -132,7 +132,7 @@ send_and_recv_udp(int fd, */ static int -send_and_recv_tcp(int fd, +send_and_recv_tcp(int fd, time_t tmout, const krb5_data *req, krb5_data *rep) @@ -177,7 +177,7 @@ _krb5_send_and_recv_tcp(int fd, */ static int -send_and_recv_http(int fd, +send_and_recv_http(int fd, time_t tmout, const char *prefix, const krb5_data *req, @@ -268,7 +268,7 @@ send_via_proxy (krb5_context context, int ret; int s = -1; char portstr[NI_MAXSERV]; - + if (proxy == NULL) return ENOMEM; if (strncmp (proxy, "http://", 7) == 0) @@ -341,15 +341,15 @@ send_via_plugin(krb5_context context, continue; (*service->init)(context, &ctx); - ret = (*service->send_to_kdc)(context, ctx, hi, + ret = (*service->send_to_kdc)(context, ctx, hi, timeout, send_data, receive); (*service->fini)(ctx); if (ret == 0) break; if (ret != KRB5_PLUGIN_NO_HANDLE) { krb5_set_error_message(context, ret, - "Plugin %s failed to lookup with error: %d", - KRB5_PLUGIN_SEND_TO_KDC, ret); + N_("Plugin send_to_kdc failed to " + "lookup with error: %d", ""), ret); break; } } @@ -366,7 +366,7 @@ send_via_plugin(krb5_context context, krb5_error_code KRB5_LIB_FUNCTION krb5_sendto (krb5_context context, const krb5_data *send_data, - krb5_krbhst_handle handle, + krb5_krbhst_handle handle, krb5_data *receive) { krb5_error_code ret; @@ -384,7 +384,7 @@ krb5_sendto (krb5_context context, if (context->send_to_kdc) { struct send_to_kdc *s = context->send_to_kdc; - ret = (*s->func)(context, s->data, + ret = (*s->func)(context, s->data, hi, context->kdc_timeout, send_data, receive); if (ret == 0 && receive->length != 0) goto out; @@ -440,7 +440,7 @@ krb5_sendto (krb5_context context, } krb5_krbhst_reset(context, handle); } - krb5_clear_error_string (context); + krb5_clear_error_message (context); ret = KRB5_KDC_UNREACH; out: return ret; @@ -477,7 +477,7 @@ krb5_sendto_kdc_flags(krb5_context context, } krb5_error_code KRB5_LIB_FUNCTION -krb5_set_send_to_kdc_func(krb5_context context, +krb5_set_send_to_kdc_func(krb5_context context, krb5_send_to_kdc_func func, void *data) { @@ -489,7 +489,8 @@ krb5_set_send_to_kdc_func(krb5_context context, context->send_to_kdc = malloc(sizeof(*context->send_to_kdc)); if (context->send_to_kdc == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } @@ -498,6 +499,19 @@ krb5_set_send_to_kdc_func(krb5_context context, return 0; } +krb5_error_code KRB5_LIB_FUNCTION +_krb5_copy_send_to_kdc_func(krb5_context context, krb5_context to) +{ + if (context->send_to_kdc) + return krb5_set_send_to_kdc_func(to, + context->send_to_kdc->func, + context->send_to_kdc->data); + else + return krb5_set_send_to_kdc_func(to, NULL, NULL); +} + + + struct krb5_sendto_ctx_data { int flags; int type; @@ -510,7 +524,8 @@ krb5_sendto_ctx_alloc(krb5_context context, krb5_sendto_ctx *ctx) { *ctx = calloc(1, sizeof(**ctx)); if (*ctx == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } return 0; @@ -591,7 +606,7 @@ krb5_sendto_context(krb5_context context, krb5_data_free(receive); if (handle == NULL) { - ret = krb5_krbhst_init_flags(context, realm, type, + ret = krb5_krbhst_init_flags(context, realm, type, ctx->flags, &handle); if (ret) { if (freectx) @@ -599,7 +614,7 @@ krb5_sendto_context(krb5_context context, return ret; } } - + ret = krb5_sendto(context, send_data, handle, receive); if (ret) break; @@ -617,7 +632,8 @@ krb5_sendto_context(krb5_context context, krb5_krbhst_free(context, handle); if (ret == KRB5_KDC_UNREACH) krb5_set_error_message(context, ret, - "unable to reach any KDC in realm %s", realm); + N_("unable to reach any KDC in realm %s", ""), + realm); if (ret) krb5_data_free(receive); if (freectx) diff --git a/source4/heimdal/lib/krb5/send_to_kdc_plugin.h b/source4/heimdal/lib/krb5/send_to_kdc_plugin.h index e0c2979e28..c729a1286b 100644 --- a/source4/heimdal/lib/krb5/send_to_kdc_plugin.h +++ b/source4/heimdal/lib/krb5/send_to_kdc_plugin.h @@ -1,34 +1,34 @@ /* - * Copyright (c) 2008 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ /* $Id$ */ @@ -41,8 +41,8 @@ #define KRB5_PLUGIN_SEND_TO_KDC "send_to_kdc" typedef krb5_error_code -(*krb5plugin_send_to_kdc_func)(krb5_context, - void *, +(*krb5plugin_send_to_kdc_func)(krb5_context, + void *, krb5_krbhst_info *, time_t timeout, const krb5_data *, diff --git a/source4/heimdal/lib/krb5/set_default_realm.c b/source4/heimdal/lib/krb5/set_default_realm.c index c21ac453a2..6907b11d10 100644 --- a/source4/heimdal/lib/krb5/set_default_realm.c +++ b/source4/heimdal/lib/krb5/set_default_realm.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" @@ -36,7 +36,7 @@ RCSID("$Id$"); /* - * Convert the simple string `s' into a NULL-terminated and freshly allocated + * Convert the simple string `s' into a NULL-terminated and freshly allocated * list in `list'. Return an error code. */ @@ -46,13 +46,15 @@ string_to_list (krb5_context context, const char *s, krb5_realm **list) *list = malloc (2 * sizeof(**list)); if (*list == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } (*list)[0] = strdup (s); if ((*list)[0] == NULL) { free (*list); - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } (*list)[1] = NULL; @@ -62,7 +64,7 @@ string_to_list (krb5_context context, const char *s, krb5_realm **list) /* * Set the knowledge of the default realm(s) in `context'. * If realm != NULL, that's the new default realm. - * Otherwise, the realm(s) are figured out from configuration or DNS. + * Otherwise, the realm(s) are figured out from configuration or DNS. */ krb5_error_code KRB5_LIB_FUNCTION diff --git a/source4/heimdal/lib/krb5/store-int.h b/source4/heimdal/lib/krb5/store-int.h index 42e695a11b..8489f98453 100644 --- a/source4/heimdal/lib/krb5/store-int.h +++ b/source4/heimdal/lib/krb5/store-int.h @@ -1,34 +1,34 @@ /* - * Copyright (c) 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #ifndef __store_int_h__ diff --git a/source4/heimdal/lib/krb5/store.c b/source4/heimdal/lib/krb5/store.c index 321ca633a6..47f9abe1de 100644 --- a/source4/heimdal/lib/krb5/store.c +++ b/source4/heimdal/lib/krb5/store.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997-2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" @@ -526,7 +526,7 @@ krb5_store_principal(krb5_storage *sp, ret = krb5_store_int32(sp, p->name.name_string.len + 1); else ret = krb5_store_int32(sp, p->name.name_string.len); - + if(ret) return ret; ret = krb5_store_string(sp, p->realm); if(ret) return ret; @@ -546,7 +546,7 @@ krb5_ret_principal(krb5_storage *sp, krb5_principal p; int32_t type; int32_t ncomp; - + p = calloc(1, sizeof(*p)); if(p == NULL) return ENOMEM; diff --git a/source4/heimdal/lib/krb5/store_emem.c b/source4/heimdal/lib/krb5/store_emem.c index 3cb561ec77..8a587600fd 100644 --- a/source4/heimdal/lib/krb5/store_emem.c +++ b/source4/heimdal/lib/krb5/store_emem.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" diff --git a/source4/heimdal/lib/krb5/store_fd.c b/source4/heimdal/lib/krb5/store_fd.c index 21fa171c28..fe3c513ee9 100644 --- a/source4/heimdal/lib/krb5/store_fd.c +++ b/source4/heimdal/lib/krb5/store_fd.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * diff --git a/source4/heimdal/lib/krb5/store_mem.c b/source4/heimdal/lib/krb5/store_mem.c index 6d8306051a..5c7cd17fba 100644 --- a/source4/heimdal/lib/krb5/store_mem.c +++ b/source4/heimdal/lib/krb5/store_mem.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2000, 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2000, 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" diff --git a/source4/heimdal/lib/krb5/ticket.c b/source4/heimdal/lib/krb5/ticket.c index 77ce8cb221..db78626570 100644 --- a/source4/heimdal/lib/krb5/ticket.c +++ b/source4/heimdal/lib/krb5/ticket.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" @@ -57,7 +57,8 @@ krb5_copy_ticket(krb5_context context, *to = NULL; tmp = malloc(sizeof(*tmp)); if(tmp == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } if((ret = copy_EncTicketPart(&from->ticket, &tmp->ticket))){ @@ -104,9 +105,26 @@ krb5_ticket_get_endtime(krb5_context context, return ticket->ticket.endtime; } +/** + * Get the flags from the Kerberos ticket + * + * @param context Kerberos context + * @param ticket Kerberos ticket + * + * @return ticket flags + * + * @ingroup krb5_ticket + */ +unsigned long +krb5_ticket_get_flags(krb5_context context, + const krb5_ticket *ticket) +{ + return TicketFlags2int(ticket->ticket.flags); +} + static int find_type_in_ad(krb5_context context, - int type, + int type, krb5_data *data, krb5_boolean *found, krb5_boolean failp, @@ -119,9 +137,10 @@ find_type_in_ad(krb5_context context, if (level > 9) { ret = ENOENT; /* XXX */ - krb5_set_error_message(context, ret, - "Authorization data nested deeper " - "then %d levels, stop searching", level); + krb5_set_error_message(context, ret, + N_("Authorization data nested deeper " + "then %d levels, stop searching", ""), + level); goto out; } @@ -134,7 +153,8 @@ find_type_in_ad(krb5_context context, if (!*found && ad->val[i].ad_type == type) { ret = der_copy_octet_string(&ad->val[i].ad_data, data); if (ret) { - krb5_set_error_message(context, ret, "malloc: out of memory"); + krb5_set_error_message(context, ret, + N_("malloc: out of memory", "")); goto out; } *found = TRUE; @@ -148,8 +168,10 @@ find_type_in_ad(krb5_context context, &child, NULL); if (ret) { - krb5_set_error_message(context, ret, "Failed to decode " - "IF_RELEVANT with %d", (int)ret); + krb5_set_error_message(context, ret, + N_("Failed to decode " + "IF_RELEVANT with %d", ""), + (int)ret); goto out; } ret = find_type_in_ad(context, type, data, found, FALSE, @@ -168,8 +190,10 @@ find_type_in_ad(krb5_context context, &child, NULL); if (ret) { - krb5_set_error_message(context, ret, "Failed to decode " - "AD_KDCIssued with %d", ret); + krb5_set_error_message(context, ret, + N_("Failed to decode " + "AD_KDCIssued with %d", ""), + ret); goto out; } if (failp) { @@ -177,11 +201,11 @@ find_type_in_ad(krb5_context context, krb5_data buf; size_t len; - ASN1_MALLOC_ENCODE(AuthorizationData, buf.data, buf.length, + ASN1_MALLOC_ENCODE(AuthorizationData, buf.data, buf.length, &child.elements, &len, ret); if (ret) { free_AD_KDCIssued(&child); - krb5_clear_error_string(context); + krb5_clear_error_message(context); goto out; } if(buf.length != len) @@ -195,7 +219,7 @@ find_type_in_ad(krb5_context context, goto out; } if (!valid) { - krb5_clear_error_string(context); + krb5_clear_error_message(context); ret = ENOENT; free_AD_KDCIssued(&child); goto out; @@ -213,16 +237,19 @@ find_type_in_ad(krb5_context context, if (!failp) break; ret = ENOENT; /* XXX */ - krb5_set_error_message(context, ret, "Authorization data contains " - "AND-OR element that is unknown to the " - "application"); + krb5_set_error_message(context, ret, + N_("Authorization data contains " + "AND-OR element that is unknown to the " + "application", "")); goto out; default: if (!failp) break; ret = ENOENT; /* XXX */ - krb5_set_error_message(context, ret, "Authorization data contains " - "unknown type (%d) ", ad->val[i].ad_type); + krb5_set_error_message(context, ret, + N_("Authorization data contains " + "unknown type (%d) ", ""), + ad->val[i].ad_type); goto out; } } @@ -257,7 +284,7 @@ krb5_ticket_get_authorization_data_type(krb5_context context, ad = ticket->ticket.authorization_data; if (ticket->ticket.authorization_data == NULL) { krb5_set_error_message(context, ENOENT, - "Ticket have not authorization data"); + N_("Ticket have not authorization data", "")); return ENOENT; /* XXX */ } @@ -266,8 +293,10 @@ krb5_ticket_get_authorization_data_type(krb5_context context, if (ret) return ret; if (!found) { - krb5_set_error_message(context, ENOENT, "Ticket have not " - "authorization data of type %d", type); + krb5_set_error_message(context, ENOENT, + N_("Ticket have not " + "authorization data of type %d", ""), + type); return ENOENT; /* XXX */ } return 0; diff --git a/source4/heimdal/lib/krb5/time.c b/source4/heimdal/lib/krb5/time.c index 7a9b36372c..cd786fedde 100644 --- a/source4/heimdal/lib/krb5/time.c +++ b/source4/heimdal/lib/krb5/time.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997-2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" @@ -55,7 +55,7 @@ krb5_set_real_time (krb5_context context, int32_t usec) { struct timeval tv; - + gettimeofday(&tv, NULL); context->kdc_sec_offset = sec - tv.tv_sec; @@ -71,7 +71,7 @@ krb5_set_real_time (krb5_context context, context->kdc_sec_offset--; context->kdc_usec_offset += 1000000; } - } else + } else context->kdc_usec_offset = tv.tv_usec; return 0; @@ -108,7 +108,7 @@ krb5_us_timeofday (krb5_context context, } krb5_error_code KRB5_LIB_FUNCTION -krb5_format_time(krb5_context context, time_t t, +krb5_format_time(krb5_context context, time_t t, char *s, size_t len, krb5_boolean include_time) { struct tm *tm; diff --git a/source4/heimdal/lib/krb5/transited.c b/source4/heimdal/lib/krb5/transited.c index c9db832348..7e11d5579a 100644 --- a/source4/heimdal/lib/krb5/transited.c +++ b/source4/heimdal/lib/krb5/transited.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" @@ -80,7 +80,7 @@ make_path(krb5_context context, struct tr_realm *r, while(1){ p = strchr(p, '.'); if(p == NULL) { - krb5_clear_error_string (context); + krb5_clear_error_message (context); return KRB5KDC_ERR_POLICY; } p++; @@ -88,7 +88,8 @@ make_path(krb5_context context, struct tr_realm *r, break; tmp = calloc(1, sizeof(*tmp)); if(tmp == NULL){ - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } tmp->next = path; @@ -96,7 +97,8 @@ make_path(krb5_context context, struct tr_realm *r, path->realm = strdup(p); if(path->realm == NULL){ r->next = path; /* XXX */ - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM;; } } @@ -112,7 +114,8 @@ make_path(krb5_context context, struct tr_realm *r, break; tmp = calloc(1, sizeof(*tmp)); if(tmp == NULL){ - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } tmp->next = path; @@ -120,7 +123,8 @@ make_path(krb5_context context, struct tr_realm *r, path->realm = malloc(p - from + 1); if(path->realm == NULL){ r->next = path; /* XXX */ - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } memcpy(path->realm, from, p - from); @@ -128,17 +132,17 @@ make_path(krb5_context context, struct tr_realm *r, p--; } } else { - krb5_clear_error_string (context); + krb5_clear_error_message (context); return KRB5KDC_ERR_POLICY; } r->next = path; - + return 0; } static int make_paths(krb5_context context, - struct tr_realm *realms, const char *client_realm, + struct tr_realm *realms, const char *client_realm, const char *server_realm) { struct tr_realm *r; @@ -186,7 +190,8 @@ expand_realms(krb5_context context, tmp = realloc(r->realm, len); if(tmp == NULL){ free_realms(realms); - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } r->realm = tmp; @@ -200,7 +205,8 @@ expand_realms(krb5_context context, tmp = malloc(len); if(tmp == NULL){ free_realms(realms); - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } strlcpy(tmp, prev_realm, len); @@ -286,7 +292,8 @@ decode_realms(krb5_context context, if(tr[i] == ','){ tmp = malloc(tr + i - start + 1); if(tmp == NULL){ - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } memcpy(tmp, start, tr + i - start); @@ -294,7 +301,8 @@ decode_realms(krb5_context context, r = make_realm(tmp); if(r == NULL){ free_realms(*realms); - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } *realms = append_realm(*realms, r); @@ -304,7 +312,8 @@ decode_realms(krb5_context context, tmp = malloc(tr + i - start + 1); if(tmp == NULL){ free(*realms); - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } memcpy(tmp, start, tr + i - start); @@ -312,24 +321,25 @@ decode_realms(krb5_context context, r = make_realm(tmp); if(r == NULL){ free_realms(*realms); - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, + N_("malloc: out of memory", "")); return ENOMEM; } *realms = append_realm(*realms, r); - + return 0; } krb5_error_code KRB5_LIB_FUNCTION krb5_domain_x500_decode(krb5_context context, - krb5_data tr, char ***realms, unsigned int *num_realms, + krb5_data tr, char ***realms, unsigned int *num_realms, const char *client_realm, const char *server_realm) { struct tr_realm *r = NULL; struct tr_realm *p, **q; int ret; - + if(tr.length == 0) { *realms = NULL; *num_realms = 0; @@ -340,16 +350,16 @@ krb5_domain_x500_decode(krb5_context context, ret = decode_realms(context, tr.data, tr.length, &r); if(ret) return ret; - + /* apply prefix rule */ ret = expand_realms(context, r, client_realm); if(ret) return ret; - + ret = make_paths(context, r, client_realm, server_realm); if(ret) return ret; - + /* remove empty components and count realms */ q = &r; *num_realms = 0; @@ -385,7 +395,7 @@ krb5_domain_x500_decode(krb5_context context, } krb5_error_code KRB5_LIB_FUNCTION -krb5_domain_x500_encode(char **realms, unsigned int num_realms, +krb5_domain_x500_encode(char **realms, unsigned int num_realms, krb5_data *encoding) { char *s = NULL; @@ -430,11 +440,11 @@ krb5_check_transited(krb5_context context, if(num_realms == 0) return 0; - - tr_realms = krb5_config_get_strings(context, NULL, - "capaths", - client_realm, - server_realm, + + tr_realms = krb5_config_get_strings(context, NULL, + "capaths", + client_realm, + server_realm, NULL); for(i = 0; i < num_realms; i++) { for(p = tr_realms; p && *p; p++) { @@ -444,7 +454,8 @@ krb5_check_transited(krb5_context context, if(p == NULL || *p == NULL) { krb5_config_free_strings(tr_realms); krb5_set_error_message (context, KRB5KRB_AP_ERR_ILL_CR_TKT, - "no transit through realm %s", + N_("no transit allowed " + "through realm %s", ""), realms[i]); if(bad_realm) *bad_realm = i; @@ -457,15 +468,15 @@ krb5_check_transited(krb5_context context, krb5_error_code KRB5_LIB_FUNCTION krb5_check_transited_realms(krb5_context context, - const char *const *realms, - unsigned int num_realms, + const char *const *realms, + unsigned int num_realms, int *bad_realm) { int i; int ret = 0; - char **bad_realms = krb5_config_get_strings(context, NULL, - "libdefaults", - "transited_realms_reject", + char **bad_realms = krb5_config_get_strings(context, NULL, + "libdefaults", + "transited_realms_reject", NULL); if(bad_realms == NULL) return 0; @@ -476,7 +487,9 @@ krb5_check_transited_realms(krb5_context context, if(strcmp(*p, realms[i]) == 0) { ret = KRB5KRB_AP_ERR_ILL_CR_TKT; krb5_set_error_message (context, ret, - "no transit through realm %s", *p); + N_("no transit allowed " + "through realm %s", ""), + *p); if(bad_realm) *bad_realm = i; break; diff --git a/source4/heimdal/lib/krb5/v4_glue.c b/source4/heimdal/lib/krb5/v4_glue.c index baa4bd6892..6911cb20f8 100644 --- a/source4/heimdal/lib/krb5/v4_glue.c +++ b/source4/heimdal/lib/krb5/v4_glue.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" @@ -36,6 +36,8 @@ RCSID("$Id$"); #include "krb5-v4compat.h" +#ifndef HEIMDAL_SMALLER + /* * */ @@ -63,22 +65,22 @@ _krb5_krb_time_to_life(time_t start, time_t end) int i; time_t life = end - start; - if (life > MAXTKTLIFETIME || life <= 0) + if (life > MAXTKTLIFETIME || life <= 0) return 0; -#if 0 - if (krb_no_long_lifetimes) +#if 0 + if (krb_no_long_lifetimes) return (life + 5*60 - 1)/(5*60); #endif - + if (end >= NEVERDATE) return TKTLIFENOEXPIRE; - if (life < _tkt_lifetimes[0]) + if (life < _tkt_lifetimes[0]) return (life + 5*60 - 1)/(5*60); for (i=0; i<TKTLIFENUMFIXED; i++) if (life <= _tkt_lifetimes[i]) return i + TKTLIFEMINFIXED; return 0; - + } time_t KRB5_LIB_FUNCTION @@ -86,7 +88,7 @@ _krb5_krb_life_to_time(int start, int life_) { unsigned char life = (unsigned char) life_; -#if 0 +#if 0 if (krb_no_long_lifetimes) return start + life*5*60; #endif @@ -136,7 +138,7 @@ get_krb4_cc_name(const char *tkfile, char **cc) #define KRB5_TF_LCK_RETRY 1 static krb5_error_code -write_v4_cc(krb5_context context, const char *tkfile, +write_v4_cc(krb5_context context, const char *tkfile, krb5_storage *sp, int append) { krb5_error_code ret; @@ -147,27 +149,28 @@ write_v4_cc(krb5_context context, const char *tkfile, ret = get_krb4_cc_name(tkfile, &path); if (ret) { - krb5_set_error_message(context, ret, - "krb5_krb_tf_setup: failed getting " - "the krb4 credentials cache name"); + krb5_set_error_message(context, ret, + N_("Failed getting the krb4 credentials " + "cache name", "")); return ret; } fd = open(path, O_WRONLY|O_CREAT, 0600); if (fd < 0) { ret = errno; - krb5_set_error_message(context, ret, - "krb5_krb_tf_setup: error opening file %s", - path); + krb5_set_error_message(context, ret, + N_("Failed opening krb4 credential cache " + "%s: %s", "path, error"), + path, strerror(ret)); free(path); return ret; } rk_cloexec(fd); if (fstat(fd, &sb) != 0 || !S_ISREG(sb.st_mode)) { - krb5_set_error_message(context, ret, - "krb5_krb_tf_setup: tktfile %s is not a file", - path); + krb5_set_error_message(context, ret, + N_("krb4 credential cache %s is not a file", ""), + path); free(path); close(fd); return KRB5_FCC_PERM; @@ -181,7 +184,7 @@ write_v4_cc(krb5_context context, const char *tkfile, } if (i == KRB5_TF_LCK_RETRY_COUNT) { krb5_set_error_message(context, KRB5_FCC_PERM, - "krb5_krb_tf_setup: failed to lock %s", + N_("Failed to lock credentail cache %s", ""), path); free(path); close(fd); @@ -193,7 +196,7 @@ write_v4_cc(krb5_context context, const char *tkfile, if (ret < 0) { flock(fd, LOCK_UN); krb5_set_error_message(context, KRB5_FCC_PERM, - "krb5_krb_tf_setup: failed to truncate %s", + N_("Failed to truncate krb4 cc %s", ""), path); free(path); close(fd); @@ -229,8 +232,8 @@ write_v4_cc(krb5_context context, const char *tkfile, */ krb5_error_code KRB5_LIB_FUNCTION -_krb5_krb_tf_setup(krb5_context context, - struct credentials *v4creds, +_krb5_krb_tf_setup(krb5_context context, + struct credentials *v4creds, const char *tkfile, int append) { @@ -244,7 +247,7 @@ _krb5_krb_tf_setup(krb5_context context, krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_HOST); krb5_storage_set_eof_code(sp, KRB5_CC_IO); - krb5_clear_error_string(context); + krb5_clear_error_message(context); if (!append) { RCHECK(ret, krb5_store_stringz(sp, v4creds->pname), error); @@ -264,7 +267,7 @@ _krb5_krb_tf_setup(krb5_context context, RCHECK(ret, krb5_store_int32(sp, v4creds->kvno), error); RCHECK(ret, krb5_store_int32(sp, v4creds->ticket_st.length), error); - ret = krb5_storage_write(sp, v4creds->ticket_st.dat, + ret = krb5_storage_write(sp, v4creds->ticket_st.dat, v4creds->ticket_st.length); if (ret != v4creds->ticket_st.length) { ret = KRB5_CC_IO; @@ -292,17 +295,18 @@ _krb5_krb_dest_tkt(krb5_context context, const char *tkfile) ret = get_krb4_cc_name(tkfile, &path); if (ret) { - krb5_set_error_message(context, ret, - "krb5_krb_tf_setup: failed getting " - "the krb4 credentials cache name"); + krb5_set_error_message(context, ret, + N_("Failed getting the krb4 credentials " + "cache name", "")); return ret; } if (unlink(path) < 0) { ret = errno; - krb5_set_error_message(context, ret, - "krb5_krb_dest_tkt failed removing the cache " - "with error %s", strerror(ret)); + krb5_set_error_message(context, ret, + N_("Failed removing the cache %s " + "with error %s", "path, error"), + path, strerror(ret)); } free(path); @@ -340,7 +344,7 @@ static const char eightzeros[8] = "\x00\x00\x00\x00\x00\x00\x00\x00"; static krb5_error_code storage_to_etext(krb5_context context, krb5_storage *sp, - const krb5_keyblock *key, + const krb5_keyblock *key, krb5_data *enc_data) { krb5_error_code ret; @@ -422,7 +426,7 @@ _krb5_krb_create_ticket(krb5_context context, sp = krb5_storage_emem(); if (sp == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE); @@ -433,7 +437,7 @@ _krb5_krb_create_ticket(krb5_context context, /* session key */ ret = krb5_storage_write(sp, - session->keyvalue.data, + session->keyvalue.data, session->keyvalue.length); if (ret != session->keyvalue.length) { ret = KRB4ET_INTK_PROT; @@ -449,7 +453,8 @@ _krb5_krb_create_ticket(krb5_context context, error: krb5_storage_free(sp); if (ret) - krb5_set_error_message(context, ret, "Failed to encode kerberos 4 ticket"); + krb5_set_error_message(context, ret, + N_("Failed to encode kerberos 4 ticket", "")); return ret; } @@ -478,14 +483,14 @@ _krb5_krb_create_ciph(krb5_context context, sp = krb5_storage_emem(); if (sp == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE); /* session key */ ret = krb5_storage_write(sp, - session->keyvalue.data, + session->keyvalue.data, session->keyvalue.length); if (ret != session->keyvalue.length) { ret = KRB4ET_INTK_PROT; @@ -508,7 +513,8 @@ _krb5_krb_create_ciph(krb5_context context, error: krb5_storage_free(sp); if (ret) - krb5_set_error_message(context, ret, "Failed to encode kerberos 4 ticket"); + krb5_set_error_message(context, ret, + N_("Failed to encode kerberos 4 ticket", "")); return ret; } @@ -536,7 +542,7 @@ _krb5_krb_create_auth_reply(krb5_context context, sp = krb5_storage_emem(); if (sp == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE); @@ -560,7 +566,8 @@ _krb5_krb_create_auth_reply(krb5_context context, error: krb5_storage_free(sp); if (ret) - krb5_set_error_message(context, ret, "Failed to encode kerberos 4 ticket"); + krb5_set_error_message(context, ret, + N_("Failed to encode kerberos 4 ticket", "")); return ret; } @@ -591,7 +598,7 @@ _krb5_krb_cr_err_reply(krb5_context context, sp = krb5_storage_emem(); if (sp == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE); @@ -770,7 +777,7 @@ _krb5_krb_rd_req(krb5_context context, sp = krb5_storage_from_data(authent); if (sp == NULL) { - krb5_set_error_message(context, ENOMEM, "alloc: out of memory"); + krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } @@ -778,28 +785,29 @@ _krb5_krb_rd_req(krb5_context context, ret = krb5_ret_int8(sp, &pvno); if (ret) { - krb5_set_error_message(context, ret, "Failed reading v4 pvno"); + krb5_set_error_message(context, ret, N_("Failed reading v4 pvno", "")); goto error; } if (pvno != KRB_PROT_VERSION) { ret = KRB4ET_RD_AP_VERSION; - krb5_set_error_message(context, ret, "Failed v4 pvno not 4"); + krb5_set_error_message(context, ret, N_("Failed v4 pvno not 4", "")); goto error; } ret = krb5_ret_int8(sp, &type); if (ret) { - krb5_set_error_message(context, ret, "Failed readin v4 type"); + krb5_set_error_message(context, ret, N_("Failed readin v4 type", "")); goto error; } little_endian = type & 1; type &= ~1; - + if(type != AUTH_MSG_APPL_REQUEST && type != AUTH_MSG_APPL_REQUEST_MUTUAL) { ret = KRB4ET_RD_AP_MSG_TYPE; - krb5_set_error_message(context, ret, "Not a valid v4 request type"); + krb5_set_error_message(context, ret, + N_("Not a valid v4 request type", "")); goto error; } @@ -812,12 +820,12 @@ _krb5_krb_rd_req(krb5_context context, size = krb5_storage_read(sp, ticket.data, ticket.length); if (size != ticket.length) { ret = KRB4ET_INTK_PROT; - krb5_set_error_message(context, ret, "Failed reading v4 ticket"); + krb5_set_error_message(context, ret, N_("Failed reading v4 ticket", "")); goto error; } /* Decrypt and take apart ticket */ - ret = _krb5_krb_decomp_ticket(context, &ticket, key, local_realm, + ret = _krb5_krb_decomp_ticket(context, &ticket, key, local_realm, &sname, &sinstance, ad); if (ret) goto error; @@ -827,7 +835,8 @@ _krb5_krb_rd_req(krb5_context context, size = krb5_storage_read(sp, eaut.data, eaut.length); if (size != eaut.length) { ret = KRB4ET_INTK_PROT; - krb5_set_error_message(context, ret, "Failed reading v4 authenticator"); + krb5_set_error_message(context, ret, + N_("Failed reading v4 authenticator", "")); goto error; } @@ -841,7 +850,7 @@ _krb5_krb_rd_req(krb5_context context, sp = krb5_storage_from_data(&aut); if (sp == NULL) { ret = ENOMEM; - krb5_set_error_message(context, ret, "alloc: out of memory"); + krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto error; } @@ -862,13 +871,14 @@ _krb5_krb_rd_req(krb5_context context, strcmp(ad->pinst, r_instance) != 0 || strcmp(ad->prealm, r_realm) != 0) { ret = KRB4ET_RD_AP_INCON; - krb5_set_error_message(context, ret, "v4 principal mismatch"); + krb5_set_error_message(context, ret, N_("v4 principal mismatch", "")); goto error; } - + if (from_addr && ad->address && from_addr != ad->address) { ret = KRB4ET_RD_AP_BADD; - krb5_set_error_message(context, ret, "v4 bad address in ticket"); + krb5_set_error_message(context, ret, + N_("v4 bad address in ticket", "")); goto error; } @@ -876,23 +886,24 @@ _krb5_krb_rd_req(krb5_context context, delta_t = abs((int)(tv.tv_sec - r_time_sec)); if (delta_t > CLOCK_SKEW) { ret = KRB4ET_RD_AP_TIME; - krb5_set_error_message(context, ret, "v4 clock skew"); + krb5_set_error_message(context, ret, N_("v4 clock skew", "")); goto error; } /* Now check for expiration of ticket */ tkt_age = tv.tv_sec - ad->time_sec; - + if ((tkt_age < 0) && (-tkt_age > CLOCK_SKEW)) { ret = KRB4ET_RD_AP_NYV; - krb5_set_error_message(context, ret, "v4 clock skew for expiration"); + krb5_set_error_message(context, ret, + N_("v4 clock skew for expiration", "")); goto error; } if (tv.tv_sec > _krb5_krb_life_to_time(ad->time_sec, ad->life)) { ret = KRB4ET_RD_AP_EXP; - krb5_set_error_message(context, ret, "v4 ticket expired"); + krb5_set_error_message(context, ret, N_("v4 ticket expired", "")); goto error; } @@ -917,7 +928,7 @@ _krb5_krb_rd_req(krb5_context context, krb5_storage_free(sp); if (ret) - krb5_clear_error_string(context); + krb5_clear_error_message(context); return ret; } @@ -938,3 +949,5 @@ _krb5_krb_free_auth_data(krb5_context context, struct _krb5_krb_auth_data *ad) krb5_free_keyblock_contents(context, &ad->session); memset(ad, 0, sizeof(*ad)); } + +#endif /* HEIMDAL_SMALLER */ diff --git a/source4/heimdal/lib/krb5/version.c b/source4/heimdal/lib/krb5/version.c index cbc4f8c3e1..d43b83e26e 100644 --- a/source4/heimdal/lib/krb5/version.c +++ b/source4/heimdal/lib/krb5/version.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" diff --git a/source4/heimdal/lib/krb5/warn.c b/source4/heimdal/lib/krb5/warn.c index c7fe5640b5..a00ae80697 100644 --- a/source4/heimdal/lib/krb5/warn.c +++ b/source4/heimdal/lib/krb5/warn.c @@ -1,34 +1,34 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include "krb5_locl.h" @@ -36,19 +36,19 @@ RCSID("$Id$"); -static krb5_error_code _warnerr(krb5_context context, int do_errtext, +static krb5_error_code _warnerr(krb5_context context, int do_errtext, krb5_error_code code, int level, const char *fmt, va_list ap) __attribute__((__format__(__printf__, 5, 0))); static krb5_error_code -_warnerr(krb5_context context, int do_errtext, +_warnerr(krb5_context context, int do_errtext, krb5_error_code code, int level, const char *fmt, va_list ap) { char xfmt[7] = ""; const char *args[2], **arg; char *msg = NULL; const char *err_str = NULL; - + args[0] = args[1] = NULL; arg = args; if(fmt){ @@ -97,7 +97,7 @@ _warnerr(krb5_context context, int do_errtext, #define __attribute__(X) krb5_error_code KRB5_LIB_FUNCTION -krb5_vwarn(krb5_context context, krb5_error_code code, +krb5_vwarn(krb5_context context, krb5_error_code code, const char *fmt, va_list ap) __attribute__ ((format (printf, 3, 0))) { @@ -129,7 +129,7 @@ krb5_warnx(krb5_context context, const char *fmt, ...) } krb5_error_code KRB5_LIB_FUNCTION -krb5_verr(krb5_context context, int eval, krb5_error_code code, +krb5_verr(krb5_context context, int eval, krb5_error_code code, const char *fmt, va_list ap) __attribute__ ((noreturn, format (printf, 4, 0))) { @@ -139,7 +139,7 @@ krb5_verr(krb5_context context, int eval, krb5_error_code code, krb5_error_code KRB5_LIB_FUNCTION -krb5_err(krb5_context context, int eval, krb5_error_code code, +krb5_err(krb5_context context, int eval, krb5_error_code code, const char *fmt, ...) __attribute__ ((noreturn, format (printf, 4, 5))) { @@ -164,7 +164,7 @@ krb5_errx(krb5_context context, int eval, const char *fmt, ...) } krb5_error_code KRB5_LIB_FUNCTION -krb5_vabort(krb5_context context, krb5_error_code code, +krb5_vabort(krb5_context context, krb5_error_code code, const char *fmt, va_list ap) __attribute__ ((noreturn, format (printf, 3, 0))) { |