diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2010-11-29 11:24:08 +1100 |
|---|---|---|
| committer | Andrew Tridgell <tridge@samba.org> | 2010-12-01 17:00:47 +1100 |
| commit | c5bea98ddb2f7967df572160f639da3cba381a87 (patch) | |
| tree | e5ca502195932ea7674f03a732fc26dd5427553d /source4/heimdal | |
| parent | 9c84f987acb5ffc97a612839e13e8b8042e6120e (diff) | |
| download | samba-c5bea98ddb2f7967df572160f639da3cba381a87.tar.gz samba-c5bea98ddb2f7967df572160f639da3cba381a87.tar.bz2 samba-c5bea98ddb2f7967df572160f639da3cba381a87.zip | |
s4:heimdal: import lorikeet-heimdal-201012010201 (commit 81fe27bcc0148d410ca4617f8759b9df1a5e935c)
Diffstat (limited to 'source4/heimdal')
76 files changed, 2651 insertions, 3707 deletions
diff --git a/source4/heimdal/base/baselocl.h b/source4/heimdal/base/baselocl.h index 06806d2762..5f157264c1 100644 --- a/source4/heimdal/base/baselocl.h +++ b/source4/heimdal/base/baselocl.h @@ -33,13 +33,17 @@ * SUCH DAMAGE. */ +#include "config.h" + #include <stdio.h> #include <stdlib.h> +#include <string.h> #include <errno.h> #include <limits.h> -#include <unistd.h> -#include "config.h" +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif #include "heimqueue.h" #include "heim_threads.h" @@ -50,14 +54,8 @@ #include <dispatch/dispatch.h> #endif -#if HEIM_BASE_NON_ATOMIC -/* non-atomic varients */ -#define heim_base_atomic_inc(x) ++(*(x)) -#define heim_base_atomic_dec(x) --(*(x)) -#define heim_base_atomic_type unsigned int -#define heim_base_atomic_max UINT_MAX +#if defined(__GNUC__) && defined(HAVE___SYNC_ADD_AND_FETCH) -#elif defined(__GNUC__) #define heim_base_atomic_inc(x) __sync_add_and_fetch((x), 1) #define heim_base_atomic_dec(x) __sync_sub_and_fetch((x), 1) #define heim_base_atomic_type unsigned int @@ -65,12 +63,44 @@ #define heim_base_exchange_pointer(t,v) __sync_lock_test_and_set((t), (v)) -#elif 0 /* windows */ +#elif defined(_WIN32) + +#define heim_base_atomic_inc(x) InterlockedIncrement(x) +#define heim_base_atomic_dec(x) InterlockedDecrement(x) +#define heim_base_atomic_type LONG +#define heim_base_atomic_max MAXLONG #define heim_base_exchange_pointer(t,v) InterlockedExchangePointer((t),(v)) #else -#error "provide atomic integer operations for your compiler" + +#define HEIM_BASE_NEED_ATOMIC_MUTEX 1 +extern HEIMDAL_MUTEX _heim_base_mutex; + +#define heim_base_atomic_type unsigned int + +static inline heim_base_atomic_type +heim_base_atomic_inc(heim_base_atomic_type *x) +{ + heim_base_atomic_type t; + HEIMDAL_MUTEX_lock(&_heim_base_mutex); + t = ++(*x); + HEIMDAL_MUTEX_unlock(&_heim_base_mutex); + return t; +} + +static inline heim_base_atomic_type +heim_base_atomic_dec(heim_base_atomic_type *x) +{ + heim_base_atomic_type t; + HEIMDAL_MUTEX_lock(&_heim_base_mutex); + t = --(*x); + HEIMDAL_MUTEX_unlock(&_heim_base_mutex); + return t; +} + +#define heim_base_atomic_max UINT_MAX + #endif /* tagged strings/object/XXX */ diff --git a/source4/heimdal/base/heimbase.c b/source4/heimdal/base/heimbase.c index 137129abb2..b8d5d74a9a 100644 --- a/source4/heimdal/base/heimbase.c +++ b/source4/heimdal/base/heimbase.c @@ -60,6 +60,10 @@ struct heim_base_mem { #define PTR2BASE(ptr) (((struct heim_base *)ptr) - 1) #define BASE2PTR(ptr) ((void *)(((struct heim_base *)ptr) + 1)) +#ifdef HEIM_BASE_NEED_ATOMIC_MUTEX +HEIMDAL_MUTEX _heim_base_mutex = HEIMDAL_MUTEX_INITIALIZER; +#endif + /* * Auto release structure */ @@ -334,6 +338,8 @@ heim_base_once_f(heim_base_once_t *once, void *ctx, void (*func)(void *)) } else { HEIMDAL_MUTEX_unlock(&mutex); while (1) { + struct timeval tv = { 0, 1000 }; + select(0, NULL, NULL, NULL, &tv); HEIMDAL_MUTEX_lock(&mutex); if (*once == 2) break; @@ -364,13 +370,10 @@ heim_abort(const char *fmt, ...) void heim_abortv(const char *fmt, va_list ap) { - char *str = NULL; - int ret; + static char str[1024]; - ret = vasprintf(&str, fmt, ap); - if (ret > 0 && str) { - syslog(LOG_ERR, "heim_abort: %s", str); - } + vsnprintf(str, sizeof(str), fmt, ap); + syslog(LOG_ERR, "heim_abort: %s", str); abort(); } diff --git a/source4/heimdal/cf/make-proto.pl b/source4/heimdal/cf/make-proto.pl index 566534f247..bc323b9433 100644 --- a/source4/heimdal/cf/make-proto.pl +++ b/source4/heimdal/cf/make-proto.pl @@ -180,6 +180,7 @@ sub foo { local ($arg) = @_; $_ = $arg; s/.*\/([^\/]*)/$1/; + s/.*\\([^\\]*)/$1/; s/[^a-zA-Z0-9]/_/g; "__" . $_ . "__"; } diff --git a/source4/heimdal/kdc/default_config.c b/source4/heimdal/kdc/default_config.c index 66108f4dec..e26245323c 100644 --- a/source4/heimdal/kdc/default_config.c +++ b/source4/heimdal/kdc/default_config.c @@ -296,7 +296,6 @@ krb5_kdc_pkinit_config(krb5_context context, krb5_kdc_configuration *config) } -#endif /* PKINIT */ - return 0; +#endif /* PKINIT */ } diff --git a/source4/heimdal/kdc/kaserver.c b/source4/heimdal/kdc/kaserver.c deleted file mode 100644 index 827205a805..0000000000 --- a/source4/heimdal/kdc/kaserver.c +++ /dev/null @@ -1,955 +0,0 @@ -/* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "kdc_locl.h" - -#ifdef KRB4 - -#include <krb5-v4compat.h> -#include <rx.h> - -#define KA_AUTHENTICATION_SERVICE 731 -#define KA_TICKET_GRANTING_SERVICE 732 -#define KA_MAINTENANCE_SERVICE 733 - -#define AUTHENTICATE_OLD 1 -#define CHANGEPASSWORD 2 -#define GETTICKET_OLD 3 -#define SETPASSWORD 4 -#define SETFIELDS 5 -#define CREATEUSER 6 -#define DELETEUSER 7 -#define GETENTRY 8 -#define LISTENTRY 9 -#define GETSTATS 10 -#define DEBUG 11 -#define GETPASSWORD 12 -#define GETRANDOMKEY 13 -#define AUTHENTICATE 21 -#define AUTHENTICATE_V2 22 -#define GETTICKET 23 - -/* XXX - Where do we get these? */ - -#define RXGEN_OPCODE (-455) - -#define KADATABASEINCONSISTENT (180480L) -#define KAEXIST (180481L) -#define KAIO (180482L) -#define KACREATEFAIL (180483L) -#define KANOENT (180484L) -#define KAEMPTY (180485L) -#define KABADNAME (180486L) -#define KABADINDEX (180487L) -#define KANOAUTH (180488L) -#define KAANSWERTOOLONG (180489L) -#define KABADREQUEST (180490L) -#define KAOLDINTERFACE (180491L) -#define KABADARGUMENT (180492L) -#define KABADCMD (180493L) -#define KANOKEYS (180494L) -#define KAREADPW (180495L) -#define KABADKEY (180496L) -#define KAUBIKINIT (180497L) -#define KAUBIKCALL (180498L) -#define KABADPROTOCOL (180499L) -#define KANOCELLS (180500L) -#define KANOCELL (180501L) -#define KATOOMANYUBIKS (180502L) -#define KATOOMANYKEYS (180503L) -#define KABADTICKET (180504L) -#define KAUNKNOWNKEY (180505L) -#define KAKEYCACHEINVALID (180506L) -#define KABADSERVER (180507L) -#define KABADUSER (180508L) -#define KABADCPW (180509L) -#define KABADCREATE (180510L) -#define KANOTICKET (180511L) -#define KAASSOCUSER (180512L) -#define KANOTSPECIAL (180513L) -#define KACLOCKSKEW (180514L) -#define KANORECURSE (180515L) -#define KARXFAIL (180516L) -#define KANULLPASSWORD (180517L) -#define KAINTERNALERROR (180518L) -#define KAPWEXPIRED (180519L) -#define KAREUSED (180520L) -#define KATOOSOON (180521L) -#define KALOCKED (180522L) - - -static krb5_error_code -decode_rx_header (krb5_storage *sp, - struct rx_header *h) -{ - krb5_error_code ret; - - ret = krb5_ret_uint32(sp, &h->epoch); - if (ret) return ret; - ret = krb5_ret_uint32(sp, &h->connid); - if (ret) return ret; - ret = krb5_ret_uint32(sp, &h->callid); - if (ret) return ret; - ret = krb5_ret_uint32(sp, &h->seqno); - if (ret) return ret; - ret = krb5_ret_uint32(sp, &h->serialno); - if (ret) return ret; - ret = krb5_ret_uint8(sp, &h->type); - if (ret) return ret; - ret = krb5_ret_uint8(sp, &h->flags); - if (ret) return ret; - ret = krb5_ret_uint8(sp, &h->status); - if (ret) return ret; - ret = krb5_ret_uint8(sp, &h->secindex); - if (ret) return ret; - ret = krb5_ret_uint16(sp, &h->reserved); - if (ret) return ret; - ret = krb5_ret_uint16(sp, &h->serviceid); - if (ret) return ret; - - return 0; -} - -static krb5_error_code -encode_rx_header (struct rx_header *h, - krb5_storage *sp) -{ - krb5_error_code ret; - - ret = krb5_store_uint32(sp, h->epoch); - if (ret) return ret; - ret = krb5_store_uint32(sp, h->connid); - if (ret) return ret; - ret = krb5_store_uint32(sp, h->callid); - if (ret) return ret; - ret = krb5_store_uint32(sp, h->seqno); - if (ret) return ret; - ret = krb5_store_uint32(sp, h->serialno); - if (ret) return ret; - ret = krb5_store_uint8(sp, h->type); - if (ret) return ret; - ret = krb5_store_uint8(sp, h->flags); - if (ret) return ret; - ret = krb5_store_uint8(sp, h->status); - if (ret) return ret; - ret = krb5_store_uint8(sp, h->secindex); - if (ret) return ret; - ret = krb5_store_uint16(sp, h->reserved); - if (ret) return ret; - ret = krb5_store_uint16(sp, h->serviceid); - if (ret) return ret; - - return 0; -} - -static void -init_reply_header (struct rx_header *hdr, - struct rx_header *reply_hdr, - u_char type, - u_char flags) -{ - reply_hdr->epoch = hdr->epoch; - reply_hdr->connid = hdr->connid; - reply_hdr->callid = hdr->callid; - reply_hdr->seqno = 1; - reply_hdr->serialno = 1; - reply_hdr->type = type; - reply_hdr->flags = flags; - reply_hdr->status = 0; - reply_hdr->secindex = 0; - reply_hdr->reserved = 0; - reply_hdr->serviceid = hdr->serviceid; -} - -/* - * Create an error `reply´ using for the packet `hdr' with the error - * `error´ code. - */ -static void -make_error_reply (struct rx_header *hdr, - uint32_t error, - krb5_data *reply) - -{ - struct rx_header reply_hdr; - krb5_error_code ret; - krb5_storage *sp; - - init_reply_header (hdr, &reply_hdr, HT_ABORT, HF_LAST); - sp = krb5_storage_emem(); - if (sp == NULL) - return; - ret = encode_rx_header (&reply_hdr, sp); - if (ret) - return; - krb5_store_int32(sp, error); - krb5_storage_to_data (sp, reply); - krb5_storage_free (sp); -} - -static krb5_error_code -krb5_ret_xdr_data(krb5_storage *sp, - krb5_data *data) -{ - int ret; - int size; - ret = krb5_ret_int32(sp, &size); - if(ret) - return ret; - if(size < 0) - return ERANGE; - data->length = size; - if (size) { - u_char foo[4]; - size_t pad = (4 - size % 4) % 4; - - data->data = malloc(size); - if (data->data == NULL) - return ENOMEM; - ret = krb5_storage_read(sp, data->data, size); - if(ret != size) - return (ret < 0)? errno : KRB5_CC_END; - if (pad) { - ret = krb5_storage_read(sp, foo, pad); - if (ret != pad) - return (ret < 0)? errno : KRB5_CC_END; - } - } else - data->data = NULL; - return 0; -} - -static krb5_error_code -krb5_store_xdr_data(krb5_storage *sp, - krb5_data data) -{ - u_char zero[4] = {0, 0, 0, 0}; - int ret; - size_t pad; - - ret = krb5_store_int32(sp, data.length); - if(ret < 0) - return ret; - ret = krb5_storage_write(sp, data.data, data.length); - if(ret != data.length){ - if(ret < 0) - return errno; - return KRB5_CC_END; - } - pad = (4 - data.length % 4) % 4; - if (pad) { - ret = krb5_storage_write(sp, zero, pad); - if (ret != pad) { - if (ret < 0) - return errno; - return KRB5_CC_END; - } - } - return 0; -} - - -static krb5_error_code -create_reply_ticket (krb5_context context, - struct rx_header *hdr, - Key *skey, - char *name, char *instance, char *realm, - struct sockaddr_in *addr, - int life, - int kvno, - int32_t max_seq_len, - const char *sname, const char *sinstance, - uint32_t challenge, - const char *label, - krb5_keyblock *key, - krb5_data *reply) -{ - krb5_error_code ret; - krb5_data ticket; - krb5_keyblock session; - krb5_storage *sp; - krb5_data enc_data; - struct rx_header reply_hdr; - char zero[8]; - size_t pad; - unsigned fyrtiosjuelva; - - /* create the ticket */ - - krb5_generate_random_keyblock(context, ETYPE_DES_PCBC_NONE, &session); - - _krb5_krb_create_ticket(context, - 0, - name, - instance, - realm, - addr->sin_addr.s_addr, - &session, - life, - kdc_time, - sname, - sinstance, - &skey->key, - &ticket); - - /* create the encrypted part of the reply */ - sp = krb5_storage_emem (); - krb5_generate_random_block(&fyrtiosjuelva, sizeof(fyrtiosjuelva)); - fyrtiosjuelva &= 0xffffffff; - krb5_store_int32 (sp, fyrtiosjuelva); - krb5_store_int32 (sp, challenge); - krb5_storage_write (sp, session.keyvalue.data, 8); - krb5_free_keyblock_contents(context, &session); - krb5_store_int32 (sp, kdc_time); - krb5_store_int32 (sp, kdc_time + _krb5_krb_life_to_time (0, life)); - krb5_store_int32 (sp, kvno); - krb5_store_int32 (sp, ticket.length); - krb5_store_stringz (sp, name); - krb5_store_stringz (sp, instance); -#if 1 /* XXX - Why shouldn't the realm go here? */ - krb5_store_stringz (sp, ""); -#else - krb5_store_stringz (sp, realm); -#endif - krb5_store_stringz (sp, sname); - krb5_store_stringz (sp, sinstance); - krb5_storage_write (sp, ticket.data, ticket.length); - krb5_storage_write (sp, label, strlen(label)); - - /* pad to DES block */ - memset (zero, 0, sizeof(zero)); - pad = (8 - krb5_storage_seek (sp, 0, SEEK_CUR) % 8) % 8; - krb5_storage_write (sp, zero, pad); - - krb5_storage_to_data (sp, &enc_data); - krb5_storage_free (sp); - - if (enc_data.length > max_seq_len) { - krb5_data_free (&enc_data); - make_error_reply (hdr, KAANSWERTOOLONG, reply); - return 0; - } - - /* encrypt it */ - { - DES_key_schedule schedule; - DES_cblock deskey; - - memcpy (&deskey, key->keyvalue.data, sizeof(deskey)); - DES_set_key_unchecked (&deskey, &schedule); - DES_pcbc_encrypt (enc_data.data, - enc_data.data, - enc_data.length, - &schedule, - &deskey, - DES_ENCRYPT); - memset (&schedule, 0, sizeof(schedule)); - memset (&deskey, 0, sizeof(deskey)); - } - - /* create the reply packet */ - init_reply_header (hdr, &reply_hdr, HT_DATA, HF_LAST); - sp = krb5_storage_emem (); - ret = encode_rx_header (&reply_hdr, sp); - krb5_store_int32 (sp, max_seq_len); - krb5_store_xdr_data (sp, enc_data); - krb5_data_free (&enc_data); - krb5_storage_to_data (sp, reply); - krb5_storage_free (sp); - return 0; -} - -static krb5_error_code -unparse_auth_args (krb5_storage *sp, - char **name, - char **instance, - time_t *start_time, - time_t *end_time, - krb5_data *request, - int32_t *max_seq_len) -{ - krb5_data data; - int32_t tmp; - - krb5_ret_xdr_data (sp, &data); - *name = malloc(data.length + 1); - if (*name == NULL) - return ENOMEM; - memcpy (*name, data.data, data.length); - (*name)[data.length] = '\0'; - krb5_data_free (&data); - - krb5_ret_xdr_data (sp, &data); - *instance = malloc(data.length + 1); - if (*instance == NULL) { - free (*name); - return ENOMEM; - } - memcpy (*instance, data.data, data.length); - (*instance)[data.length] = '\0'; - krb5_data_free (&data); - - krb5_ret_int32 (sp, &tmp); - *start_time = tmp; - krb5_ret_int32 (sp, &tmp); - *end_time = tmp; - krb5_ret_xdr_data (sp, request); - krb5_ret_int32 (sp, max_seq_len); - /* ignore the rest */ - return 0; -} - -static void -do_authenticate (krb5_context context, - krb5_kdc_configuration *config, - struct rx_header *hdr, - krb5_storage *sp, - struct sockaddr_in *addr, - const char *from, - krb5_data *reply) -{ - krb5_error_code ret; - char *name = NULL; - char *instance = NULL; - time_t start_time; - time_t end_time; - krb5_data request; - int32_t max_seq_len; - hdb_entry_ex *client_entry = NULL; - hdb_entry_ex *server_entry = NULL; - Key *ckey = NULL; - Key *skey = NULL; - krb5_storage *reply_sp; - time_t max_life; - uint8_t life; - int32_t chal; - char client_name[256]; - char server_name[256]; - - krb5_data_zero (&request); - - ret = unparse_auth_args (sp, &name, &instance, &start_time, &end_time, - &request, &max_seq_len); - if (ret != 0 || request.length < 8) { - make_error_reply (hdr, KABADREQUEST, reply); - goto out; - } - - snprintf (client_name, sizeof(client_name), "%s.%s@%s", - name, instance, config->v4_realm); - snprintf (server_name, sizeof(server_name), "%s.%s@%s", - "krbtgt", config->v4_realm, config->v4_realm); - - kdc_log(context, config, 0, "AS-REQ (kaserver) %s from %s for %s", - client_name, from, server_name); - - ret = _kdc_db_fetch4 (context, config, name, instance, - config->v4_realm, HDB_F_GET_CLIENT, - &client_entry); - if (ret) { - kdc_log(context, config, 0, "Client not found in database: %s: %s", - client_name, krb5_get_err_text(context, ret)); - make_error_reply (hdr, KANOENT, reply); - goto out; - } - - ret = _kdc_db_fetch4 (context, config, "krbtgt", - config->v4_realm, config->v4_realm, - HDB_F_GET_KRBTGT, &server_entry); - if (ret) { - kdc_log(context, config, 0, "Server not found in database: %s: %s", - server_name, krb5_get_err_text(context, ret)); - make_error_reply (hdr, KANOENT, reply); - goto out; - } - - ret = kdc_check_flags (context, config, - client_entry, client_name, - server_entry, server_name, - TRUE); - if (ret) { - make_error_reply (hdr, KAPWEXPIRED, reply); - goto out; - } - - /* find a DES key */ - ret = _kdc_get_des_key(context, client_entry, FALSE, TRUE, &ckey); - if(ret){ - kdc_log(context, config, 0, "no suitable DES key for client"); - make_error_reply (hdr, KANOKEYS, reply); - goto out; - } - - /* find a DES key */ - ret = _kdc_get_des_key(context, server_entry, TRUE, TRUE, &skey); - if(ret){ - kdc_log(context, config, 0, "no suitable DES key for server"); - make_error_reply (hdr, KANOKEYS, reply); - goto out; - } - - { - DES_cblock key; - DES_key_schedule schedule; - - /* try to decode the `request' */ - memcpy (&key, ckey->key.keyvalue.data, sizeof(key)); - DES_set_key_unchecked (&key, &schedule); - DES_pcbc_encrypt (request.data, - request.data, - request.length, - &schedule, - &key, - DES_DECRYPT); - memset (&schedule, 0, sizeof(schedule)); - memset (&key, 0, sizeof(key)); - } - - /* check for the magic label */ - if (memcmp ((char *)request.data + 4, "gTGS", 4) != 0) { - kdc_log(context, config, 0, "preauth failed for %s", client_name); - make_error_reply (hdr, KABADREQUEST, reply); - goto out; - } - - reply_sp = krb5_storage_from_mem (request.data, 4); - krb5_ret_int32 (reply_sp, &chal); - krb5_storage_free (reply_sp); - - if (abs(chal - kdc_time) > context->max_skew) { - make_error_reply (hdr, KACLOCKSKEW, reply); - goto out; - } - - /* life */ - max_life = end_time - kdc_time; - /* end_time - kdc_time can sometimes be non-positive due to slight - time skew between client and server. Let's make sure it is postive */ - if(max_life < 1) - max_life = 1; - if (client_entry->entry.max_life) - max_life = min(max_life, *client_entry->entry.max_life); - if (server_entry->entry.max_life) - max_life = min(max_life, *server_entry->entry.max_life); - - life = krb_time_to_life(kdc_time, kdc_time + max_life); - - create_reply_ticket (context, - hdr, skey, - name, instance, config->v4_realm, - addr, life, server_entry->entry.kvno, - max_seq_len, - "krbtgt", config->v4_realm, - chal + 1, "tgsT", - &ckey->key, reply); - - out: - if (request.length) { - memset (request.data, 0, request.length); - krb5_data_free (&request); - } - if (name) - free (name); - if (instance) - free (instance); - if (client_entry) - _kdc_free_ent (context, client_entry); - if (server_entry) - _kdc_free_ent (context, server_entry); -} - -static krb5_error_code -unparse_getticket_args (krb5_storage *sp, - int *kvno, - char **auth_domain, - krb5_data *ticket, - char **name, - char **instance, - krb5_data *times, - int32_t *max_seq_len) -{ - krb5_data data; - int32_t tmp; - - krb5_ret_int32 (sp, &tmp); - *kvno = tmp; - - krb5_ret_xdr_data (sp, &data); - *auth_domain = malloc(data.length + 1); - if (*auth_domain == NULL) - return ENOMEM; - memcpy (*auth_domain, data.data, data.length); - (*auth_domain)[data.length] = '\0'; - krb5_data_free (&data); - - krb5_ret_xdr_data (sp, ticket); - - krb5_ret_xdr_data (sp, &data); - *name = malloc(data.length + 1); - if (*name == NULL) { - free (*auth_domain); - return ENOMEM; - } - memcpy (*name, data.data, data.length); - (*name)[data.length] = '\0'; - krb5_data_free (&data); - - krb5_ret_xdr_data (sp, &data); - *instance = malloc(data.length + 1); - if (*instance == NULL) { - free (*auth_domain); - free (*name); - return ENOMEM; - } - memcpy (*instance, data.data, data.length); - (*instance)[data.length] = '\0'; - krb5_data_free (&data); - - krb5_ret_xdr_data (sp, times); - - krb5_ret_int32 (sp, max_seq_len); - /* ignore the rest */ - return 0; -} - -static void -do_getticket (krb5_context context, - krb5_kdc_configuration *config, - struct rx_header *hdr, - krb5_storage *sp, - struct sockaddr_in *addr, - const char *from, - krb5_data *reply) -{ - krb5_error_code ret; - int kvno; - char *auth_domain = NULL; - krb5_data aticket; - char *name = NULL; - char *instance = NULL; - krb5_data times; - int32_t max_seq_len; - hdb_entry_ex *server_entry = NULL; - hdb_entry_ex *client_entry = NULL; - hdb_entry_ex *krbtgt_entry = NULL; - Key *kkey = NULL; - Key *skey = NULL; - DES_cblock key; - DES_key_schedule schedule; - DES_cblock session; - time_t max_life; - int8_t life; - time_t start_time, end_time; - char server_name[256]; - char client_name[256]; - struct _krb5_krb_auth_data ad; - - krb5_data_zero (&aticket); - krb5_data_zero (×); - - memset(&ad, 0, sizeof(ad)); - - unparse_getticket_args (sp, &kvno, &auth_domain, &aticket, - &name, &instance, ×, &max_seq_len); - if (times.length < 8) { - make_error_reply (hdr, KABADREQUEST, reply); - goto out; - - } - - snprintf (server_name, sizeof(server_name), - "%s.%s@%s", name, instance, config->v4_realm); - - ret = _kdc_db_fetch4 (context, config, name, instance, - config->v4_realm, HDB_F_GET_SERVER, &server_entry); - if (ret) { - kdc_log(context, config, 0, "Server not found in database: %s: %s", - server_name, krb5_get_err_text(context, ret)); - make_error_reply (hdr, KANOENT, reply); - goto out; - } - - ret = _kdc_db_fetch4 (context, config, "krbtgt", - config->v4_realm, config->v4_realm, HDB_F_GET_KRBTGT, &krbtgt_entry); - if (ret) { - kdc_log(context, config, 0, - "Server not found in database: %s.%s@%s: %s", - "krbtgt", config->v4_realm, config->v4_realm, - krb5_get_err_text(context, ret)); - make_error_reply (hdr, KANOENT, reply); - goto out; - } - - /* find a DES key */ - ret = _kdc_get_des_key(context, krbtgt_entry, TRUE, TRUE, &kkey); - if(ret){ - kdc_log(context, config, 0, "no suitable DES key for krbtgt"); - make_error_reply (hdr, KANOKEYS, reply); - goto out; - } - - /* find a DES key */ - ret = _kdc_get_des_key(context, server_entry, TRUE, TRUE, &skey); - if(ret){ - kdc_log(context, config, 0, "no suitable DES key for server"); - make_error_reply (hdr, KANOKEYS, reply); - goto out; - } - - /* decrypt the incoming ticket */ - memcpy (&key, kkey->key.keyvalue.data, sizeof(key)); - - /* unpack the ticket */ - { - char *sname = NULL; - char *sinstance = NULL; - - ret = _krb5_krb_decomp_ticket(context, &aticket, &kkey->key, - config->v4_realm, &sname, - &sinstance, &ad); - if (ret) { - const char *msg = krb5_get_error_message(context, ret); - kdc_log(context, config, 0, - "kaserver: decomp failed for %s.%s with %s %d", - msg, sname, sinstance, ret); - krb5_free_error_message(context, msg); - make_error_reply (hdr, KABADTICKET, reply); - goto out; - } - - if (strcmp (sname, "krbtgt") != 0 - || strcmp (sinstance, config->v4_realm) != 0) { - kdc_log(context, config, 0, "no TGT: %s.%s for %s.%s@%s", - sname, sinstance, - ad.pname, ad.pinst, ad.prealm); - make_error_reply (hdr, KABADTICKET, reply); - free(sname); - free(sinstance); - goto out; - } - free(sname); - free(sinstance); - - if (kdc_time > _krb5_krb_life_to_time(ad.time_sec, ad.life)) { - kdc_log(context, config, 0, "TGT expired: %s.%s@%s", - ad.pname, ad.pinst, ad.prealm); - make_error_reply (hdr, KABADTICKET, reply); - goto out; - } - } - - snprintf (client_name, sizeof(client_name), - "%s.%s@%s", ad.pname, ad.pinst, ad.prealm); - - kdc_log(context, config, 0, "TGS-REQ (kaserver) %s from %s for %s", - client_name, from, server_name); - - ret = _kdc_db_fetch4 (context, config, - ad.pname, ad.pinst, ad.prealm, HDB_F_GET_CLIENT, - &client_entry); - if(ret && ret != HDB_ERR_NOENTRY) { - kdc_log(context, config, 0, - "Client not found in database: (krb4) %s: %s", - client_name, krb5_get_err_text(context, ret)); - make_error_reply (hdr, KANOENT, reply); - goto out; - } - if (client_entry == NULL && strcmp(ad.prealm, config->v4_realm) == 0) { - kdc_log(context, config, 0, - "Local client not found in database: (krb4) " - "%s", client_name); - make_error_reply (hdr, KANOENT, reply); - goto out; - } - - ret = kdc_check_flags (context, config, - client_entry, client_name, - server_entry, server_name, - FALSE); - if (ret) { - make_error_reply (hdr, KAPWEXPIRED, reply); - goto out; - } - - /* decrypt the times */ - memcpy(&session, ad.session.keyvalue.data, sizeof(session)); - DES_set_key_unchecked (&session, &schedule); - DES_ecb_encrypt (times.data, - times.data, - &schedule, - DES_DECRYPT); - memset (&schedule, 0, sizeof(schedule)); - memset (&session, 0, sizeof(session)); - - /* and extract them */ - { - krb5_storage *tsp; - int32_t tmp; - - tsp = krb5_storage_from_mem (times.data, times.length); - krb5_ret_int32 (tsp, &tmp); - start_time = tmp; - krb5_ret_int32 (tsp, &tmp); - end_time = tmp; - krb5_storage_free (tsp); - } - - /* life */ - max_life = end_time - kdc_time; - /* end_time - kdc_time can sometimes be non-positive due to slight - time skew between client and server. Let's make sure it is postive */ - if(max_life < 1) - max_life = 1; - if (krbtgt_entry->entry.max_life) - max_life = min(max_life, *krbtgt_entry->entry.max_life); - if (server_entry->entry.max_life) - max_life = min(max_life, *server_entry->entry.max_life); - /* if this is a cross realm request, the client_entry will likely - be NULL */ - if (client_entry && client_entry->entry.max_life) - max_life = min(max_life, *client_entry->entry.max_life); - - life = _krb5_krb_time_to_life(kdc_time, kdc_time + max_life); - - create_reply_ticket (context, - hdr, skey, - ad.pname, ad.pinst, ad.prealm, - addr, life, server_entry->entry.kvno, - max_seq_len, - name, instance, - 0, "gtkt", - &ad.session, reply); - - out: - _krb5_krb_free_auth_data(context, &ad); - if (aticket.length) { - memset (aticket.data, 0, aticket.length); - krb5_data_free (&aticket); - } - if (times.length) { - memset (times.data, 0, times.length); - krb5_data_free (×); - } - if (auth_domain) - free (auth_domain); - if (name) - free (name); - if (instance) - free (instance); - if (krbtgt_entry) - _kdc_free_ent (context, krbtgt_entry); - if (server_entry) - _kdc_free_ent (context, server_entry); -} - -krb5_error_code -_kdc_do_kaserver(krb5_context context, - krb5_kdc_configuration *config, - unsigned char *buf, - size_t len, - krb5_data *reply, - const char *from, - struct sockaddr_in *addr) -{ - krb5_error_code ret = 0; - struct rx_header hdr; - uint32_t op; - krb5_storage *sp; - - if (len < RX_HEADER_SIZE) - return -1; - sp = krb5_storage_from_mem (buf, len); - - ret = decode_rx_header (sp, &hdr); - if (ret) - goto out; - buf += RX_HEADER_SIZE; - len -= RX_HEADER_SIZE; - - switch (hdr.type) { - case HT_DATA : - break; - case HT_ACK : - case HT_BUSY : - case HT_ABORT : - case HT_ACKALL : - case HT_CHAL : - case HT_RESP : - case HT_DEBUG : - default: - /* drop */ - goto out; - } - - - if (hdr.serviceid != KA_AUTHENTICATION_SERVICE - && hdr.serviceid != KA_TICKET_GRANTING_SERVICE) { - ret = -1; - goto out; - } - - ret = krb5_ret_uint32(sp, &op); - if (ret) - goto out; - switch (op) { - case AUTHENTICATE : - case AUTHENTICATE_V2 : - do_authenticate (context, config, &hdr, sp, addr, from, reply); - break; - case GETTICKET : - do_getticket (context, config, &hdr, sp, addr, from, reply); - break; - case AUTHENTICATE_OLD : - case CHANGEPASSWORD : - case GETTICKET_OLD : - case SETPASSWORD : - case SETFIELDS : - case CREATEUSER : - case DELETEUSER : - case GETENTRY : - case LISTENTRY : - case GETSTATS : - case DEBUG : - case GETPASSWORD : - case GETRANDOMKEY : - default : - make_error_reply (&hdr, RXGEN_OPCODE, reply); - break; - } - -out: - krb5_storage_free (sp); - return ret; -} - -#endif /* KRB4 */ diff --git a/source4/heimdal/kdc/misc.c b/source4/heimdal/kdc/misc.c index 2e95ad2832..297fa3824b 100644 --- a/source4/heimdal/kdc/misc.c +++ b/source4/heimdal/kdc/misc.c @@ -91,21 +91,12 @@ _kdc_db_fetch(krb5_context context, continue; } - if (config->db[i]->hdb_fetch_kvno) { - ret = config->db[i]->hdb_fetch_kvno(context, - config->db[i], - principal, - flags | HDB_F_DECRYPT, - kvno, - ent); - } else { - flags &= ~HDB_F_KVNO_SPECIFIED; - ret = config->db[i]->hdb_fetch(context, - config->db[i], - principal, - flags | HDB_F_DECRYPT, - ent); - } + ret = config->db[i]->hdb_fetch_kvno(context, + config->db[i], + principal, + flags | HDB_F_DECRYPT, + kvno, + ent); krb5_free_principal(context, enterprise_principal); diff --git a/source4/heimdal/kdc/process.c b/source4/heimdal/kdc/process.c index d3557ee6c9..4226600331 100644 --- a/source4/heimdal/kdc/process.c +++ b/source4/heimdal/kdc/process.c @@ -161,78 +161,6 @@ kdc_kx509(krb5_context context, #endif -#ifdef KRB4 - -static krb5_error_code -kdc_524(krb5_context context, - krb5_kdc_configuration *config, - krb5_data *req_buffer, - krb5_data *reply, - const char *from, - struct sockaddr *addr, - int datagram_reply, - int *claim) -{ - krb5_error_code ret; - Ticket ticket; - size_t len; - - ret = decode_Ticket(req_buffer->data, req_buffer->length, &ticket, &len); - if (ret) - return ret; - - *claim = 1; - - ret = _kdc_do_524(context, config, &ticket, reply, from, addr); - free_Ticket(&ticket); - return ret; -} - -static krb5_error_code -kdc_krb4(krb5_context context, - krb5_kdc_configuration *config, - krb5_data *req_buffer, - krb5_data *reply, - const char *from, - struct sockaddr *addr, - int datagram_reply, - int *claim) -{ - if (_kdc_maybe_version4(req_buffer->data, req_buffer->length) == 0) - return -1; - - *claim = 1; - - return _kdc_do_version4(context, config, - req_buffer->data, req_buffer->length, - reply, from, - (struct sockaddr_in*)addr); -} - -static krb5_error_code -kdc_kaserver(krb5_context context, - krb5_kdc_configuration *config, - krb5_data *req_buffer, - krb5_data *reply, - const char *from, - struct sockaddr *addr, - int datagram_reply, - int *claim) -{ - if (config->enable_kaserver == 0) - return -1; - - *claim = 1; - - return _kdc_do_kaserver(context, config, - req_buffer->data, req_buffer->length, - reply, from, - (struct sockaddr_in*)addr); -} - -#endif /* KRB4 */ - - static struct krb5_kdc_service services[] = { { KS_KRB5, kdc_as_req }, { KS_KRB5, kdc_tgs_req }, @@ -242,11 +170,6 @@ static struct krb5_kdc_service services[] = { #ifdef KX509 { 0, kdc_kx509 }, #endif -#ifdef KRB4 - { 0, kdc_524 }, - { KS_NO_LENGTH, kdc_krb4 }, - { 0, kdc_kaserver }, -#endif { 0, NULL } }; diff --git a/source4/heimdal/kuser/kinit.c b/source4/heimdal/kuser/kinit.c index 11e364980d..846232a4f2 100644 --- a/source4/heimdal/kuser/kinit.c +++ b/source4/heimdal/kuser/kinit.c @@ -39,12 +39,6 @@ #include <Security/Security.h> #endif -struct krb5_dh_moduli; -struct AlgorithmIdentifier; -struct _krb5_krb_auth_data; -struct hx509_certs_data; -#include <krb5-private.h> - #ifndef NO_NTLM #include "heimntlm.h" #endif @@ -457,7 +451,7 @@ get_new_tickets(krb5_context context, if (ret) krb5_err(context, 1, ret, "krb5_get_init_creds_opt_set_pkinit"); if (ent_user_id) - _krb5_get_init_creds_opt_set_pkinit_user_certs(context, opt, ent_user_id); + krb5_get_init_creds_opt_set_pkinit_user_certs(context, opt, ent_user_id); } if (addrs_flag != -1) @@ -768,9 +762,9 @@ main (int argc, char **argv) parseflags |= KRB5_PRINCIPAL_PARSE_ENTERPRISE; if (pk_enterprise_flag) { - ret = _krb5_pk_enterprise_cert(context, pk_user_id, - argv[0], &principal, - &ent_user_id); + ret = krb5_pk_enterprise_cert(context, pk_user_id, + argv[0], &principal, + &ent_user_id); if (ret) krb5_err(context, 1, ret, "krb5_pk_enterprise_certs"); diff --git a/source4/heimdal/kuser/kuser_locl.h b/source4/heimdal/kuser/kuser_locl.h index 1bf682b1d0..82e6eb2e22 100644 --- a/source4/heimdal/kuser/kuser_locl.h +++ b/source4/heimdal/kuser/kuser_locl.h @@ -84,6 +84,8 @@ #endif #include "crypto-headers.h" /* for UI_UTIL_read_pw_string */ +#include <rtbl.h> + #ifdef HAVE_LOCALE_H #include <locale.h> #endif @@ -101,5 +103,6 @@ #define textdomain(package) #endif +extern krb5_context kcc_context; #endif /* __KUSER_LOCL_H__ */ diff --git a/source4/heimdal/lib/asn1/asn1parse.c b/source4/heimdal/lib/asn1/asn1parse.c index 9e4174a153..18bbcdd39c 100644 --- a/source4/heimdal/lib/asn1/asn1parse.c +++ b/source4/heimdal/lib/asn1/asn1parse.c @@ -8,17 +8,29 @@ static const char yysccsid[] = "@(#)yaccpar 1.9 (Berkeley) 02/21/93"; #define YYBYACC 1 #define YYMAJOR 1 #define YYMINOR 9 -#define YYPATCH 20070509 +#define YYPATCH 20100216 -#define YYEMPTY (-1) -#define yyclearin (yychar = YYEMPTY) -#define yyerrok (yyerrflag = 0) -#define YYRECOVERING (yyerrflag != 0) +#define YYEMPTY (-1) +#define yyclearin (yychar = YYEMPTY) +#define yyerrok (yyerrflag = 0) +#define YYRECOVERING() (yyerrflag != 0) -extern int yyparse(void); - -static int yygrowstack(void); #define YYPREFIX "yy" + +/* compatibility with bison */ +#ifdef YYPARSE_PARAM +/* compatibility with FreeBSD */ +#ifdef YYPARSE_PARAM_TYPE +#define YYPARSE_DECL() yyparse(YYPARSE_PARAM_TYPE YYPARSE_PARAM) +#else +#define YYPARSE_DECL() yyparse(void *YYPARSE_PARAM) +#endif +#else +#define YYPARSE_DECL() yyparse(void) +#endif /* YYPARSE_PARAM */ + +extern int YYPARSE_DECL(); + #line 39 "" #include <config.h> @@ -46,7 +58,11 @@ struct string_list { struct string_list *next; }; -#line 67 "" +/* Declarations for Bison */ +#define YYMALLOC malloc +#define YYFREE free + +#line 71 "" typedef union { int constant; struct value *value; @@ -61,7 +77,7 @@ typedef union { struct memhead *members; struct constraint_spec *constraint_spec; } YYSTYPE; -#line 65 "" +#line 80 "" #define kw_ABSENT 257 #define kw_ABSTRACT_SYNTAX 258 #define kw_ALL 259 @@ -150,7 +166,7 @@ typedef union { #define STRING 342 #define NUMBER 343 #define YYERRCODE 256 -short yylhs[] = { -1, +static const short yylhs[] = { -1, 0, 56, 56, 56, 56, 57, 57, 58, 58, 60, 60, 62, 62, 63, 63, 64, 59, 59, 59, 61, 61, 65, 65, 50, 50, 66, 14, 14, 14, 15, @@ -166,7 +182,7 @@ short yylhs[] = { -1, 46, 46, 4, 4, 5, 5, 5, 5, 5, 12, 11, 13, 9, 7, 7, 6, 1, 10, 8, }; -short yylen[] = { 2, +static const short yylen[] = { 2, 9, 2, 2, 2, 0, 2, 0, 3, 0, 3, 0, 1, 0, 1, 2, 4, 3, 2, 0, 1, 2, 1, 1, 3, 1, 3, 1, 1, 1, 1, @@ -182,7 +198,7 @@ short yylen[] = { 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, }; -short yydefred[] = { 0, +static const short yydefred[] = { 0, 0, 0, 0, 115, 0, 0, 122, 0, 0, 0, 0, 117, 119, 0, 0, 0, 0, 0, 4, 2, 3, 0, 0, 120, 6, 0, 0, 0, 0, 0, @@ -206,7 +222,7 @@ short yydefred[] = { 0, 54, 53, 0, 0, 0, 0, 0, 83, 0, 113, 55, 47, 46, 45, 85, 0, 114, 84, }; -short yydgoto[] = { 2, +static const short yydgoto[] = { 2, 140, 116, 122, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, @@ -215,7 +231,7 @@ short yydgoto[] = { 2, 119, 166, 167, 168, 169, 17, 23, 29, 30, 36, 44, 40, 41, 42, 45, 46, 47, }; -short yysindex[] = { -295, +static const short yysindex[] = { -295, -74, 0, -289, 0, -216, 23, 0, -61, -289, -221, -277, 0, 0, -259, -257, -256, -214, 31, 0, 0, 0, -220, -264, 0, 0, -187, -206, -232, -201, -213, @@ -239,7 +255,7 @@ short yysindex[] = { -295, 0, 0, 105, 106, 107, 24, -115, 0, 109, 0, 0, 0, 0, 0, 0, -4, 0, 0, }; -short yyrindex[] = { 0, +static const short yyrindex[] = { 0, -123, 0, 28, 0, 0, -110, 0, 0, 28, -245, 0, 0, 0, 0, 0, 0, -183, 0, 0, 0, 0, 0, 0, 0, 0, 0, -248, 0, 0, -182, @@ -263,7 +279,7 @@ short yyrindex[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, }; -short yygindex[] = { 0, +static const short yygindex[] = { 0, -14, 0, 0, -95, 0, 0, 0, 0, 0, 0, 0, 0, 0, -31, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -273,7 +289,7 @@ short yygindex[] = { 0, 128, 0, 0, 133, 0, 0, 0, }; #define YYTABLESIZE 509 -short yytable[] = { 58, +static const short yytable[] = { 58, 58, 108, 118, 58, 63, 63, 3, 184, 63, 116, 49, 111, 118, 49, 121, 70, 108, 25, 70, 155, 86, 162, 4, 86, 159, 67, 31, 102, 67, 9, @@ -326,7 +342,7 @@ short yytable[] = { 58, 0, 0, 0, 0, 0, 92, 0, 0, 0, 92, 92, 92, 0, 92, 0, 0, 0, 0, 92, }; -short yycheck[] = { 40, +static const short yycheck[] = { 40, 41, 44, 40, 44, 40, 41, 123, 41, 44, 59, 41, 123, 40, 44, 125, 41, 123, 59, 44, 125, 41, 117, 1, 44, 125, 41, 259, 40, 44, 278, @@ -385,7 +401,8 @@ short yycheck[] = { 40, #endif #define YYMAXTOKEN 343 #if YYDEBUG -char *yyname[] = { +static const char *yyname[] = { + "end-of-file",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,"'('","')'",0,0,"','",0,0,0,0,0,0,0,0,0,0,0,0,0,0,"';'",0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,"'['",0,"']'",0,0,0,0,0,0,0,0, @@ -411,7 +428,7 @@ char *yyname[] = { "kw_VideotexString","kw_VisibleString","kw_WITH","RANGE","EEQUAL","ELLIPSIS", "IDENTIFIER","referencename","STRING","NUMBER", }; -char *yyrule[] = { +static const char *yyrule[] = { "$accept : ModuleDefinition", "ModuleDefinition : IDENTIFIER objid_opt kw_DEFINITIONS TagDefault ExtensionDefault EEQUAL kw_BEGIN ModuleBody kw_END", "TagDefault : kw_EXPLICIT kw_TAGS", @@ -552,6 +569,7 @@ char *yyrule[] = { "SignedNumber : NUMBER", "NullValue : kw_NULL", "ObjectIdentifierValue : objid", + }; #endif #if YYDEBUG @@ -575,19 +593,26 @@ char *yyrule[] = { int yydebug; int yynerrs; + +typedef struct { + unsigned stacksize; + short *s_base; + short *s_mark; + short *s_last; + YYSTYPE *l_base; + YYSTYPE *l_mark; +} YYSTACKDATA; + +#define YYPURE 0 + int yyerrflag; int yychar; -short *yyssp; -YYSTYPE *yyvsp; YYSTYPE yyval; YYSTYPE yylval; /* variables for the parser stack */ -static short *yyss; -static short *yysslim; -static YYSTYPE *yyvs; -static int yystacksize; -#line 941 "" +static YYSTACKDATA yystack; +#line 945 "" void yyerror (const char *s) @@ -681,53 +706,68 @@ fix_labels(Symbol *s) fix_labels2(s->type, p); free(p); } -#line 685 "" +#line 709 "" /* allocate initial stack or double stack size, up to YYMAXDEPTH */ -static int yygrowstack(void) +static int yygrowstack(YYSTACKDATA *data) { - int newsize, i; + int i; + unsigned newsize; short *newss; YYSTYPE *newvs; - if ((newsize = yystacksize) == 0) + if ((newsize = data->stacksize) == 0) newsize = YYINITSTACKSIZE; else if (newsize >= YYMAXDEPTH) return -1; else if ((newsize *= 2) > YYMAXDEPTH) newsize = YYMAXDEPTH; - i = yyssp - yyss; - newss = (yyss != 0) - ? (short *)realloc(yyss, newsize * sizeof(*newss)) + i = data->s_mark - data->s_base; + newss = (data->s_base != 0) + ? (short *)realloc(data->s_base, newsize * sizeof(*newss)) : (short *)malloc(newsize * sizeof(*newss)); if (newss == 0) return -1; - yyss = newss; - yyssp = newss + i; - newvs = (yyvs != 0) - ? (YYSTYPE *)realloc(yyvs, newsize * sizeof(*newvs)) + data->s_base = newss; + data->s_mark = newss + i; + + newvs = (data->l_base != 0) + ? (YYSTYPE *)realloc(data->l_base, newsize * sizeof(*newvs)) : (YYSTYPE *)malloc(newsize * sizeof(*newvs)); if (newvs == 0) return -1; - yyvs = newvs; - yyvsp = newvs + i; - yystacksize = newsize; - yysslim = yyss + newsize - 1; + data->l_base = newvs; + data->l_mark = newvs + i; + + data->stacksize = newsize; + data->s_last = data->s_base + newsize - 1; return 0; } -#define YYABORT goto yyabort +#if YYPURE || defined(YY_NO_LEAKS) +static void yyfreestack(YYSTACKDATA *data) +{ + free(data->s_base); + free(data->l_base); + memset(data, 0, sizeof(*data)); +} +#else +#define yyfreestack(data) /* nothing */ +#endif + +#define YYABORT goto yyabort #define YYREJECT goto yyabort #define YYACCEPT goto yyaccept -#define YYERROR goto yyerrlab +#define YYERROR goto yyerrlab + int -yyparse(void) +YYPARSE_DECL() { - register int yym, yyn, yystate; + int yym, yyn, yystate; #if YYDEBUG - register const char *yys; + const char *yys; if ((yys = getenv("YYDEBUG")) != 0) { @@ -740,11 +780,17 @@ yyparse(void) yynerrs = 0; yyerrflag = 0; yychar = YYEMPTY; + yystate = 0; + +#if YYPURE + memset(&yystack, 0, sizeof(yystack)); +#endif - if (yyss == NULL && yygrowstack()) goto yyoverflow; - yyssp = yyss; - yyvsp = yyvs; - *yyssp = yystate = 0; + if (yystack.s_base == NULL && yygrowstack(&yystack)) goto yyoverflow; + yystack.s_mark = yystack.s_base; + yystack.l_mark = yystack.l_base; + yystate = 0; + *yystack.s_mark = 0; yyloop: if ((yyn = yydefred[yystate]) != 0) goto yyreduce; @@ -770,12 +816,13 @@ yyloop: printf("%sdebug: state %d, shifting to state %d\n", YYPREFIX, yystate, yytable[yyn]); #endif - if (yyssp >= yysslim && yygrowstack()) + if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack)) { goto yyoverflow; } - *++yyssp = yystate = yytable[yyn]; - *++yyvsp = yylval; + yystate = yytable[yyn]; + *++yystack.s_mark = yytable[yyn]; + *++yystack.l_mark = yylval; yychar = YYEMPTY; if (yyerrflag > 0) --yyerrflag; goto yyloop; @@ -790,9 +837,7 @@ yyloop: yyerror("syntax error"); -#ifdef lint goto yyerrlab; -#endif yyerrlab: ++yynerrs; @@ -803,20 +848,21 @@ yyinrecovery: yyerrflag = 3; for (;;) { - if ((yyn = yysindex[*yyssp]) && (yyn += YYERRCODE) >= 0 && + if ((yyn = yysindex[*yystack.s_mark]) && (yyn += YYERRCODE) >= 0 && yyn <= YYTABLESIZE && yycheck[yyn] == YYERRCODE) { #if YYDEBUG if (yydebug) printf("%sdebug: state %d, error recovery shifting\ - to state %d\n", YYPREFIX, *yyssp, yytable[yyn]); + to state %d\n", YYPREFIX, *yystack.s_mark, yytable[yyn]); #endif - if (yyssp >= yysslim && yygrowstack()) + if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack)) { goto yyoverflow; } - *++yyssp = yystate = yytable[yyn]; - *++yyvsp = yylval; + yystate = yytable[yyn]; + *++yystack.s_mark = yytable[yyn]; + *++yystack.l_mark = yylval; goto yyloop; } else @@ -824,11 +870,11 @@ yyinrecovery: #if YYDEBUG if (yydebug) printf("%sdebug: error recovery discarding state %d\n", - YYPREFIX, *yyssp); + YYPREFIX, *yystack.s_mark); #endif - if (yyssp <= yyss) goto yyabort; - --yyssp; - --yyvsp; + if (yystack.s_mark <= yystack.s_base) goto yyabort; + --yystack.s_mark; + --yystack.l_mark; } } } @@ -857,190 +903,190 @@ yyreduce: #endif yym = yylen[yyn]; if (yym) - yyval = yyvsp[1-yym]; + yyval = yystack.l_mark[1-yym]; else memset(&yyval, 0, sizeof yyval); switch (yyn) { case 1: -#line 237 "" -{ +#line 241 "" + { checkundefined(); } break; case 3: -#line 244 "" -{ lex_error_message("implicit tagging is not supported"); } +#line 248 "" + { lex_error_message("implicit tagging is not supported"); } break; case 4: -#line 246 "" -{ lex_error_message("automatic tagging is not supported"); } +#line 250 "" + { lex_error_message("automatic tagging is not supported"); } break; case 6: -#line 251 "" -{ lex_error_message("no extensibility options supported"); } +#line 255 "" + { lex_error_message("no extensibility options supported"); } break; case 16: -#line 272 "" -{ +#line 276 "" + { struct string_list *sl; - for(sl = yyvsp[-3].sl; sl != NULL; sl = sl->next) { + for(sl = yystack.l_mark[-3].sl; sl != NULL; sl = sl->next) { Symbol *s = addsym(sl->string); s->stype = Stype; gen_template_import(s); } - add_import(yyvsp[-1].name); + add_import(yystack.l_mark[-1].name); } break; case 17: -#line 284 "" -{ +#line 288 "" + { struct string_list *sl; - for(sl = yyvsp[-1].sl; sl != NULL; sl = sl->next) + for(sl = yystack.l_mark[-1].sl; sl != NULL; sl = sl->next) add_export(sl->string); } break; case 24: -#line 302 "" -{ +#line 306 "" + { yyval.sl = emalloc(sizeof(*yyval.sl)); - yyval.sl->string = yyvsp[-2].name; - yyval.sl->next = yyvsp[0].sl; + yyval.sl->string = yystack.l_mark[-2].name; + yyval.sl->next = yystack.l_mark[0].sl; } break; case 25: -#line 308 "" -{ +#line 312 "" + { yyval.sl = emalloc(sizeof(*yyval.sl)); - yyval.sl->string = yyvsp[0].name; + yyval.sl->string = yystack.l_mark[0].name; yyval.sl->next = NULL; } break; case 26: -#line 316 "" -{ - Symbol *s = addsym (yyvsp[-2].name); +#line 320 "" + { + Symbol *s = addsym (yystack.l_mark[-2].name); s->stype = Stype; - s->type = yyvsp[0].type; + s->type = yystack.l_mark[0].type; fix_labels(s); generate_type (s); } break; case 44: -#line 347 "" -{ +#line 351 "" + { yyval.type = new_tag(ASN1_C_UNIV, UT_Boolean, TE_EXPLICIT, new_type(TBoolean)); } break; case 45: -#line 354 "" -{ - if(yyvsp[-3].value->type != integervalue) +#line 358 "" + { + if(yystack.l_mark[-3].value->type != integervalue) lex_error_message("Non-integer used in first part of range"); - if(yyvsp[-3].value->type != integervalue) + if(yystack.l_mark[-3].value->type != integervalue) lex_error_message("Non-integer in second part of range"); yyval.range = ecalloc(1, sizeof(*yyval.range)); - yyval.range->min = yyvsp[-3].value->u.integervalue; - yyval.range->max = yyvsp[-1].value->u.integervalue; + yyval.range->min = yystack.l_mark[-3].value->u.integervalue; + yyval.range->max = yystack.l_mark[-1].value->u.integervalue; } break; case 46: -#line 364 "" -{ - if(yyvsp[-3].value->type != integervalue) +#line 368 "" + { + if(yystack.l_mark[-3].value->type != integervalue) lex_error_message("Non-integer in first part of range"); yyval.range = ecalloc(1, sizeof(*yyval.range)); - yyval.range->min = yyvsp[-3].value->u.integervalue; - yyval.range->max = yyvsp[-3].value->u.integervalue - 1; + yyval.range->min = yystack.l_mark[-3].value->u.integervalue; + yyval.range->max = yystack.l_mark[-3].value->u.integervalue - 1; } break; case 47: -#line 372 "" -{ - if(yyvsp[-1].value->type != integervalue) +#line 376 "" + { + if(yystack.l_mark[-1].value->type != integervalue) lex_error_message("Non-integer in second part of range"); yyval.range = ecalloc(1, sizeof(*yyval.range)); - yyval.range->min = yyvsp[-1].value->u.integervalue + 2; - yyval.range->max = yyvsp[-1].value->u.integervalue; + yyval.range->min = yystack.l_mark[-1].value->u.integervalue + 2; + yyval.range->max = yystack.l_mark[-1].value->u.integervalue; } break; case 48: -#line 380 "" -{ - if(yyvsp[-1].value->type != integervalue) +#line 384 "" + { + if(yystack.l_mark[-1].value->type != integervalue) lex_error_message("Non-integer used in limit"); yyval.range = ecalloc(1, sizeof(*yyval.range)); - yyval.range->min = yyvsp[-1].value->u.integervalue; - yyval.range->max = yyvsp[-1].value->u.integervalue; + yyval.range->min = yystack.l_mark[-1].value->u.integervalue; + yyval.range->max = yystack.l_mark[-1].value->u.integervalue; } break; case 49: -#line 391 "" -{ +#line 395 "" + { yyval.type = new_tag(ASN1_C_UNIV, UT_Integer, TE_EXPLICIT, new_type(TInteger)); } break; case 50: -#line 396 "" -{ +#line 400 "" + { yyval.type = new_type(TInteger); - yyval.type->range = yyvsp[0].range; + yyval.type->range = yystack.l_mark[0].range; yyval.type = new_tag(ASN1_C_UNIV, UT_Integer, TE_EXPLICIT, yyval.type); } break; case 51: -#line 402 "" -{ +#line 406 "" + { yyval.type = new_type(TInteger); - yyval.type->members = yyvsp[-1].members; + yyval.type->members = yystack.l_mark[-1].members; yyval.type = new_tag(ASN1_C_UNIV, UT_Integer, TE_EXPLICIT, yyval.type); } break; case 52: -#line 410 "" -{ +#line 414 "" + { yyval.members = emalloc(sizeof(*yyval.members)); ASN1_TAILQ_INIT(yyval.members); - ASN1_TAILQ_INSERT_HEAD(yyval.members, yyvsp[0].member, members); + ASN1_TAILQ_INSERT_HEAD(yyval.members, yystack.l_mark[0].member, members); } break; case 53: -#line 416 "" -{ - ASN1_TAILQ_INSERT_TAIL(yyvsp[-2].members, yyvsp[0].member, members); - yyval.members = yyvsp[-2].members; +#line 420 "" + { + ASN1_TAILQ_INSERT_TAIL(yystack.l_mark[-2].members, yystack.l_mark[0].member, members); + yyval.members = yystack.l_mark[-2].members; } break; case 54: -#line 421 "" -{ yyval.members = yyvsp[-2].members; } +#line 425 "" + { yyval.members = yystack.l_mark[-2].members; } break; case 55: -#line 425 "" -{ +#line 429 "" + { yyval.member = emalloc(sizeof(*yyval.member)); - yyval.member->name = yyvsp[-3].name; - yyval.member->gen_name = estrdup(yyvsp[-3].name); + yyval.member->name = yystack.l_mark[-3].name; + yyval.member->gen_name = estrdup(yystack.l_mark[-3].name); output_name (yyval.member->gen_name); - yyval.member->val = yyvsp[-1].constant; + yyval.member->val = yystack.l_mark[-1].constant; yyval.member->optional = 0; yyval.member->ellipsis = 0; yyval.member->type = NULL; } break; case 56: -#line 438 "" -{ +#line 442 "" + { yyval.type = new_type(TInteger); - yyval.type->members = yyvsp[-1].members; + yyval.type->members = yystack.l_mark[-1].members; yyval.type = new_tag(ASN1_C_UNIV, UT_Enumerated, TE_EXPLICIT, yyval.type); } break; case 58: -#line 449 "" -{ +#line 453 "" + { yyval.type = new_type(TBitString); yyval.type->members = emalloc(sizeof(*yyval.type->members)); ASN1_TAILQ_INIT(yyval.type->members); @@ -1048,128 +1094,128 @@ case 58: } break; case 59: -#line 456 "" -{ +#line 460 "" + { yyval.type = new_type(TBitString); - yyval.type->members = yyvsp[-1].members; + yyval.type->members = yystack.l_mark[-1].members; yyval.type = new_tag(ASN1_C_UNIV, UT_BitString, TE_EXPLICIT, yyval.type); } break; case 60: -#line 464 "" -{ +#line 468 "" + { yyval.type = new_tag(ASN1_C_UNIV, UT_OID, TE_EXPLICIT, new_type(TOID)); } break; case 61: -#line 470 "" -{ +#line 474 "" + { Type *t = new_type(TOctetString); - t->range = yyvsp[0].range; + t->range = yystack.l_mark[0].range; yyval.type = new_tag(ASN1_C_UNIV, UT_OctetString, TE_EXPLICIT, t); } break; case 62: -#line 479 "" -{ +#line 483 "" + { yyval.type = new_tag(ASN1_C_UNIV, UT_Null, TE_EXPLICIT, new_type(TNull)); } break; case 63: -#line 486 "" -{ yyval.range = NULL; } +#line 490 "" + { yyval.range = NULL; } break; case 64: -#line 488 "" -{ yyval.range = yyvsp[0].range; } +#line 492 "" + { yyval.range = yystack.l_mark[0].range; } break; case 65: -#line 493 "" -{ +#line 497 "" + { yyval.type = new_type(TSequence); - yyval.type->members = yyvsp[-1].members; + yyval.type->members = yystack.l_mark[-1].members; yyval.type = new_tag(ASN1_C_UNIV, UT_Sequence, TE_EXPLICIT, yyval.type); } break; case 66: -#line 499 "" -{ +#line 503 "" + { yyval.type = new_type(TSequence); yyval.type->members = NULL; yyval.type = new_tag(ASN1_C_UNIV, UT_Sequence, TE_EXPLICIT, yyval.type); } break; case 67: -#line 507 "" -{ +#line 511 "" + { yyval.type = new_type(TSequenceOf); - yyval.type->range = yyvsp[-2].range; - yyval.type->subtype = yyvsp[0].type; + yyval.type->range = yystack.l_mark[-2].range; + yyval.type->subtype = yystack.l_mark[0].type; yyval.type = new_tag(ASN1_C_UNIV, UT_Sequence, TE_EXPLICIT, yyval.type); } break; case 68: -#line 516 "" -{ +#line 520 "" + { yyval.type = new_type(TSet); - yyval.type->members = yyvsp[-1].members; + yyval.type->members = yystack.l_mark[-1].members; yyval.type = new_tag(ASN1_C_UNIV, UT_Set, TE_EXPLICIT, yyval.type); } break; case 69: -#line 522 "" -{ +#line 526 "" + { yyval.type = new_type(TSet); yyval.type->members = NULL; yyval.type = new_tag(ASN1_C_UNIV, UT_Set, TE_EXPLICIT, yyval.type); } break; case 70: -#line 530 "" -{ +#line 534 "" + { yyval.type = new_type(TSetOf); - yyval.type->subtype = yyvsp[0].type; + yyval.type->subtype = yystack.l_mark[0].type; yyval.type = new_tag(ASN1_C_UNIV, UT_Set, TE_EXPLICIT, yyval.type); } break; case 71: -#line 538 "" -{ +#line 542 "" + { yyval.type = new_type(TChoice); - yyval.type->members = yyvsp[-1].members; + yyval.type->members = yystack.l_mark[-1].members; } break; case 74: -#line 549 "" -{ - Symbol *s = addsym(yyvsp[0].name); +#line 553 "" + { + Symbol *s = addsym(yystack.l_mark[0].name); yyval.type = new_type(TType); if(s->stype != Stype && s->stype != SUndefined) - lex_error_message ("%s is not a type\n", yyvsp[0].name); + lex_error_message ("%s is not a type\n", yystack.l_mark[0].name); else yyval.type->symbol = s; } break; case 75: -#line 560 "" -{ +#line 564 "" + { yyval.type = new_tag(ASN1_C_UNIV, UT_GeneralizedTime, TE_EXPLICIT, new_type(TGeneralizedTime)); } break; case 76: -#line 565 "" -{ +#line 569 "" + { yyval.type = new_tag(ASN1_C_UNIV, UT_UTCTime, TE_EXPLICIT, new_type(TUTCTime)); } break; case 77: -#line 572 "" -{ +#line 576 "" + { /* if (Constraint.type == contentConstrant) { assert(Constraint.u.constraint.type == octetstring|bitstring-w/o-NamedBitList); // remember to check type reference too if (Constraint.u.constraint.type) { @@ -1183,301 +1229,301 @@ case 77: } break; case 78: -#line 588 "" -{ - yyval.constraint_spec = yyvsp[-1].constraint_spec; +#line 592 "" + { + yyval.constraint_spec = yystack.l_mark[-1].constraint_spec; } break; case 82: -#line 601 "" -{ +#line 605 "" + { yyval.constraint_spec = new_constraint_spec(CT_CONTENTS); - yyval.constraint_spec->u.content.type = yyvsp[0].type; + yyval.constraint_spec->u.content.type = yystack.l_mark[0].type; yyval.constraint_spec->u.content.encoding = NULL; } break; case 83: -#line 607 "" -{ - if (yyvsp[0].value->type != objectidentifiervalue) +#line 611 "" + { + if (yystack.l_mark[0].value->type != objectidentifiervalue) lex_error_message("Non-OID used in ENCODED BY constraint"); yyval.constraint_spec = new_constraint_spec(CT_CONTENTS); yyval.constraint_spec->u.content.type = NULL; - yyval.constraint_spec->u.content.encoding = yyvsp[0].value; + yyval.constraint_spec->u.content.encoding = yystack.l_mark[0].value; } break; case 84: -#line 615 "" -{ - if (yyvsp[0].value->type != objectidentifiervalue) +#line 619 "" + { + if (yystack.l_mark[0].value->type != objectidentifiervalue) lex_error_message("Non-OID used in ENCODED BY constraint"); yyval.constraint_spec = new_constraint_spec(CT_CONTENTS); - yyval.constraint_spec->u.content.type = yyvsp[-3].type; - yyval.constraint_spec->u.content.encoding = yyvsp[0].value; + yyval.constraint_spec->u.content.type = yystack.l_mark[-3].type; + yyval.constraint_spec->u.content.encoding = yystack.l_mark[0].value; } break; case 85: -#line 625 "" -{ +#line 629 "" + { yyval.constraint_spec = new_constraint_spec(CT_USER); } break; case 86: -#line 631 "" -{ +#line 635 "" + { yyval.type = new_type(TTag); - yyval.type->tag = yyvsp[-2].tag; - yyval.type->tag.tagenv = yyvsp[-1].constant; - if(yyvsp[0].type->type == TTag && yyvsp[-1].constant == TE_IMPLICIT) { - yyval.type->subtype = yyvsp[0].type->subtype; - free(yyvsp[0].type); + yyval.type->tag = yystack.l_mark[-2].tag; + yyval.type->tag.tagenv = yystack.l_mark[-1].constant; + if(yystack.l_mark[0].type->type == TTag && yystack.l_mark[-1].constant == TE_IMPLICIT) { + yyval.type->subtype = yystack.l_mark[0].type->subtype; + free(yystack.l_mark[0].type); } else - yyval.type->subtype = yyvsp[0].type; + yyval.type->subtype = yystack.l_mark[0].type; } break; case 87: -#line 644 "" -{ - yyval.tag.tagclass = yyvsp[-2].constant; - yyval.tag.tagvalue = yyvsp[-1].constant; +#line 648 "" + { + yyval.tag.tagclass = yystack.l_mark[-2].constant; + yyval.tag.tagvalue = yystack.l_mark[-1].constant; yyval.tag.tagenv = TE_EXPLICIT; } break; case 88: -#line 652 "" -{ +#line 656 "" + { yyval.constant = ASN1_C_CONTEXT; } break; case 89: -#line 656 "" -{ +#line 660 "" + { yyval.constant = ASN1_C_UNIV; } break; case 90: -#line 660 "" -{ +#line 664 "" + { yyval.constant = ASN1_C_APPL; } break; case 91: -#line 664 "" -{ +#line 668 "" + { yyval.constant = ASN1_C_PRIVATE; } break; case 92: -#line 670 "" -{ +#line 674 "" + { yyval.constant = TE_EXPLICIT; } break; case 93: -#line 674 "" -{ +#line 678 "" + { yyval.constant = TE_EXPLICIT; } break; case 94: -#line 678 "" -{ +#line 682 "" + { yyval.constant = TE_IMPLICIT; } break; case 95: -#line 685 "" -{ +#line 689 "" + { Symbol *s; - s = addsym (yyvsp[-3].name); + s = addsym (yystack.l_mark[-3].name); s->stype = SValue; - s->value = yyvsp[0].value; + s->value = yystack.l_mark[0].value; generate_constant (s); } break; case 97: -#line 699 "" -{ +#line 703 "" + { yyval.type = new_tag(ASN1_C_UNIV, UT_GeneralString, TE_EXPLICIT, new_type(TGeneralString)); } break; case 98: -#line 704 "" -{ +#line 708 "" + { yyval.type = new_tag(ASN1_C_UNIV, UT_TeletexString, TE_EXPLICIT, new_type(TTeletexString)); } break; case 99: -#line 709 "" -{ +#line 713 "" + { yyval.type = new_tag(ASN1_C_UNIV, UT_UTF8String, TE_EXPLICIT, new_type(TUTF8String)); } break; case 100: -#line 714 "" -{ +#line 718 "" + { yyval.type = new_tag(ASN1_C_UNIV, UT_PrintableString, TE_EXPLICIT, new_type(TPrintableString)); } break; case 101: -#line 719 "" -{ +#line 723 "" + { yyval.type = new_tag(ASN1_C_UNIV, UT_VisibleString, TE_EXPLICIT, new_type(TVisibleString)); } break; case 102: -#line 724 "" -{ +#line 728 "" + { yyval.type = new_tag(ASN1_C_UNIV, UT_IA5String, TE_EXPLICIT, new_type(TIA5String)); } break; case 103: -#line 729 "" -{ +#line 733 "" + { yyval.type = new_tag(ASN1_C_UNIV, UT_BMPString, TE_EXPLICIT, new_type(TBMPString)); } break; case 104: -#line 734 "" -{ +#line 738 "" + { yyval.type = new_tag(ASN1_C_UNIV, UT_UniversalString, TE_EXPLICIT, new_type(TUniversalString)); } break; case 105: -#line 742 "" -{ +#line 746 "" + { yyval.members = emalloc(sizeof(*yyval.members)); ASN1_TAILQ_INIT(yyval.members); - ASN1_TAILQ_INSERT_HEAD(yyval.members, yyvsp[0].member, members); + ASN1_TAILQ_INSERT_HEAD(yyval.members, yystack.l_mark[0].member, members); } break; case 106: -#line 748 "" -{ - ASN1_TAILQ_INSERT_TAIL(yyvsp[-2].members, yyvsp[0].member, members); - yyval.members = yyvsp[-2].members; +#line 752 "" + { + ASN1_TAILQ_INSERT_TAIL(yystack.l_mark[-2].members, yystack.l_mark[0].member, members); + yyval.members = yystack.l_mark[-2].members; } break; case 107: -#line 753 "" -{ +#line 757 "" + { struct member *m = ecalloc(1, sizeof(*m)); m->name = estrdup("..."); m->gen_name = estrdup("asn1_ellipsis"); m->ellipsis = 1; - ASN1_TAILQ_INSERT_TAIL(yyvsp[-2].members, m, members); - yyval.members = yyvsp[-2].members; + ASN1_TAILQ_INSERT_TAIL(yystack.l_mark[-2].members, m, members); + yyval.members = yystack.l_mark[-2].members; } break; case 108: -#line 764 "" -{ +#line 768 "" + { yyval.member = emalloc(sizeof(*yyval.member)); - yyval.member->name = yyvsp[-1].name; - yyval.member->gen_name = estrdup(yyvsp[-1].name); + yyval.member->name = yystack.l_mark[-1].name; + yyval.member->gen_name = estrdup(yystack.l_mark[-1].name); output_name (yyval.member->gen_name); - yyval.member->type = yyvsp[0].type; + yyval.member->type = yystack.l_mark[0].type; yyval.member->ellipsis = 0; } break; case 109: -#line 775 "" -{ - yyval.member = yyvsp[0].member; +#line 779 "" + { + yyval.member = yystack.l_mark[0].member; yyval.member->optional = 0; yyval.member->defval = NULL; } break; case 110: -#line 781 "" -{ - yyval.member = yyvsp[-1].member; +#line 785 "" + { + yyval.member = yystack.l_mark[-1].member; yyval.member->optional = 1; yyval.member->defval = NULL; } break; case 111: -#line 787 "" -{ - yyval.member = yyvsp[-2].member; +#line 791 "" + { + yyval.member = yystack.l_mark[-2].member; yyval.member->optional = 0; - yyval.member->defval = yyvsp[0].value; + yyval.member->defval = yystack.l_mark[0].value; } break; case 112: -#line 795 "" -{ +#line 799 "" + { yyval.members = emalloc(sizeof(*yyval.members)); ASN1_TAILQ_INIT(yyval.members); - ASN1_TAILQ_INSERT_HEAD(yyval.members, yyvsp[0].member, members); + ASN1_TAILQ_INSERT_HEAD(yyval.members, yystack.l_mark[0].member, members); } break; case 113: -#line 801 "" -{ - ASN1_TAILQ_INSERT_TAIL(yyvsp[-2].members, yyvsp[0].member, members); - yyval.members = yyvsp[-2].members; +#line 805 "" + { + ASN1_TAILQ_INSERT_TAIL(yystack.l_mark[-2].members, yystack.l_mark[0].member, members); + yyval.members = yystack.l_mark[-2].members; } break; case 114: -#line 808 "" -{ +#line 812 "" + { yyval.member = emalloc(sizeof(*yyval.member)); - yyval.member->name = yyvsp[-3].name; - yyval.member->gen_name = estrdup(yyvsp[-3].name); + yyval.member->name = yystack.l_mark[-3].name; + yyval.member->gen_name = estrdup(yystack.l_mark[-3].name); output_name (yyval.member->gen_name); - yyval.member->val = yyvsp[-1].constant; + yyval.member->val = yystack.l_mark[-1].constant; yyval.member->optional = 0; yyval.member->ellipsis = 0; yyval.member->type = NULL; } break; case 116: -#line 821 "" -{ yyval.objid = NULL; } +#line 825 "" + { yyval.objid = NULL; } break; case 117: -#line 825 "" -{ - yyval.objid = yyvsp[-1].objid; +#line 829 "" + { + yyval.objid = yystack.l_mark[-1].objid; } break; case 118: -#line 831 "" -{ +#line 835 "" + { yyval.objid = NULL; } break; case 119: -#line 835 "" -{ - if (yyvsp[0].objid) { - yyval.objid = yyvsp[0].objid; - add_oid_to_tail(yyvsp[0].objid, yyvsp[-1].objid); +#line 839 "" + { + if (yystack.l_mark[0].objid) { + yyval.objid = yystack.l_mark[0].objid; + add_oid_to_tail(yystack.l_mark[0].objid, yystack.l_mark[-1].objid); } else { - yyval.objid = yyvsp[-1].objid; + yyval.objid = yystack.l_mark[-1].objid; } } break; case 120: -#line 846 "" -{ - yyval.objid = new_objid(yyvsp[-3].name, yyvsp[-1].constant); +#line 850 "" + { + yyval.objid = new_objid(yystack.l_mark[-3].name, yystack.l_mark[-1].constant); } break; case 121: -#line 850 "" -{ - Symbol *s = addsym(yyvsp[0].name); +#line 854 "" + { + Symbol *s = addsym(yystack.l_mark[0].name); if(s->stype != SValue || s->value->type != objectidentifiervalue) { lex_error_message("%s is not an object identifier\n", @@ -1488,15 +1534,15 @@ case 121: } break; case 122: -#line 861 "" -{ - yyval.objid = new_objid(NULL, yyvsp[0].constant); +#line 865 "" + { + yyval.objid = new_objid(NULL, yystack.l_mark[0].constant); } break; case 132: -#line 884 "" -{ - Symbol *s = addsym(yyvsp[0].name); +#line 888 "" + { + Symbol *s = addsym(yystack.l_mark[0].name); if(s->stype != SValue) lex_error_message ("%s is not a value\n", s->name); @@ -1505,55 +1551,55 @@ case 132: } break; case 133: -#line 895 "" -{ +#line 899 "" + { yyval.value = emalloc(sizeof(*yyval.value)); yyval.value->type = stringvalue; - yyval.value->u.stringvalue = yyvsp[0].name; + yyval.value->u.stringvalue = yystack.l_mark[0].name; } break; case 134: -#line 903 "" -{ +#line 907 "" + { yyval.value = emalloc(sizeof(*yyval.value)); yyval.value->type = booleanvalue; yyval.value->u.booleanvalue = 0; } break; case 135: -#line 909 "" -{ +#line 913 "" + { yyval.value = emalloc(sizeof(*yyval.value)); yyval.value->type = booleanvalue; yyval.value->u.booleanvalue = 0; } break; case 136: -#line 917 "" -{ +#line 921 "" + { yyval.value = emalloc(sizeof(*yyval.value)); yyval.value->type = integervalue; - yyval.value->u.integervalue = yyvsp[0].constant; + yyval.value->u.integervalue = yystack.l_mark[0].constant; } break; case 138: -#line 928 "" -{ +#line 932 "" + { } break; case 139: -#line 933 "" -{ +#line 937 "" + { yyval.value = emalloc(sizeof(*yyval.value)); yyval.value->type = objectidentifiervalue; - yyval.value->u.objectidentifiervalue = yyvsp[0].objid; + yyval.value->u.objectidentifiervalue = yystack.l_mark[0].objid; } break; -#line 1553 "" +#line 1598 "" } - yyssp -= yym; - yystate = *yyssp; - yyvsp -= yym; + yystack.s_mark -= yym; + yystate = *yystack.s_mark; + yystack.l_mark -= yym; yym = yylhs[yyn]; if (yystate == 0 && yym == 0) { @@ -1563,8 +1609,8 @@ break; state %d\n", YYPREFIX, YYFINAL); #endif yystate = YYFINAL; - *++yyssp = YYFINAL; - *++yyvsp = yyval; + *++yystack.s_mark = YYFINAL; + *++yystack.l_mark = yyval; if (yychar < 0) { if ((yychar = yylex()) < 0) yychar = 0; @@ -1590,22 +1636,24 @@ break; #if YYDEBUG if (yydebug) printf("%sdebug: after reduction, shifting from state %d \ -to state %d\n", YYPREFIX, *yyssp, yystate); +to state %d\n", YYPREFIX, *yystack.s_mark, yystate); #endif - if (yyssp >= yysslim && yygrowstack()) + if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack)) { goto yyoverflow; } - *++yyssp = yystate; - *++yyvsp = yyval; + *++yystack.s_mark = (short) yystate; + *++yystack.l_mark = yyval; goto yyloop; yyoverflow: yyerror("yacc stack overflow"); yyabort: + yyfreestack(&yystack); return (1); yyaccept: + yyfreestack(&yystack); return (0); } diff --git a/source4/heimdal/lib/asn1/asn1parse.y b/source4/heimdal/lib/asn1/asn1parse.y index dad7f67a20..a7a8f31827 100644 --- a/source4/heimdal/lib/asn1/asn1parse.y +++ b/source4/heimdal/lib/asn1/asn1parse.y @@ -62,6 +62,10 @@ struct string_list { struct string_list *next; }; +/* Declarations for Bison */ +#define YYMALLOC malloc +#define YYFREE free + %} %union { diff --git a/source4/heimdal/lib/asn1/gen_template.c b/source4/heimdal/lib/asn1/gen_template.c index 9e09eb2d8d..791fb910f9 100644 --- a/source4/heimdal/lib/asn1/gen_template.c +++ b/source4/heimdal/lib/asn1/gen_template.c @@ -58,8 +58,10 @@ integer_symbol(const char *basename, const Type *t) return "unsigned"; else if (t->range->min == 0 && t->range->max == INT_MAX) return "unsigned"; - else + else { abort(); + UNREACHABLE(return NULL); + } } static const char * diff --git a/source4/heimdal/lib/com_err/com_err.h b/source4/heimdal/lib/com_err/com_err.h index 1fcfe7f7aa..5b8b7e28f7 100644 --- a/source4/heimdal/lib/com_err/com_err.h +++ b/source4/heimdal/lib/com_err/com_err.h @@ -45,26 +45,6 @@ #define __attribute__(X) #endif -#ifndef KRB5_LIB -#ifndef KRB5_LIB_FUNCTION -#if defined(_WIN32) -#define KRB5_LIB_FUNCTION __declspec(dllimport) -#define KRB5_LIB_CALL __stdcall -#define KRB5_LIB_VARIABLE __declspec(dllimport) -#else -#define KRB5_LIB_FUNCTION -#define KRB5_LIB_CALL -#define KRB5_LIB_VARIABLE -#endif -#endif -#endif - -#ifdef _WIN32 -#define KRB5_CALLCONV __stdcall -#else -#define KRB5_CALLCONV -#endif - typedef void (KRB5_CALLCONV *errf) (const char *, long, const char *, va_list); KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL diff --git a/source4/heimdal/lib/com_err/com_right.h b/source4/heimdal/lib/com_err/com_right.h index e13855abad..b0857d283a 100644 --- a/source4/heimdal/lib/com_err/com_right.h +++ b/source4/heimdal/lib/com_err/com_right.h @@ -36,6 +36,26 @@ #ifndef __COM_RIGHT_H__ #define __COM_RIGHT_H__ +#ifndef KRB5_LIB +#ifndef KRB5_LIB_FUNCTION +#if defined(_WIN32) +#define KRB5_LIB_FUNCTION __declspec(dllimport) +#define KRB5_LIB_CALL __stdcall +#define KRB5_LIB_VARIABLE __declspec(dllimport) +#else +#define KRB5_LIB_FUNCTION +#define KRB5_LIB_CALL +#define KRB5_LIB_VARIABLE +#endif +#endif +#endif + +#ifdef _WIN32 +#define KRB5_CALLCONV __stdcall +#else +#define KRB5_CALLCONV +#endif + #ifdef __STDC__ #include <stdarg.h> #endif @@ -51,9 +71,16 @@ struct et_list { }; extern struct et_list *_et_list; -const char *com_right (struct et_list *list, long code); -const char *com_right_r (struct et_list *list, long code, char *, size_t); -void initialize_error_table_r (struct et_list **, const char **, int, long); -void free_error_table (struct et_list *); +KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL +com_right (struct et_list *list, long code); + +KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL +com_right_r (struct et_list *list, long code, char *, size_t); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +initialize_error_table_r (struct et_list **, const char **, int, long); + +KRB5_LIB_FUNCTION void KRB5_LIB_CALL +free_error_table (struct et_list *); #endif /* __COM_RIGHT_H__ */ diff --git a/source4/heimdal/lib/com_err/error.c b/source4/heimdal/lib/com_err/error.c index 854a4b66cb..0e49a94104 100644 --- a/source4/heimdal/lib/com_err/error.c +++ b/source4/heimdal/lib/com_err/error.c @@ -46,7 +46,7 @@ #define dgettext(d,s) (s) #endif -const char * +KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL com_right(struct et_list *list, long code) { struct et_list *p; @@ -56,7 +56,7 @@ com_right(struct et_list *list, long code) return NULL; } -const char * +KRB5_LIB_FUNCTION const char * KRB5_LIB_CALL com_right_r(struct et_list *list, long code, char *str, size_t len) { struct et_list *p; @@ -79,7 +79,7 @@ struct foobar { struct error_table et; }; -void +KRB5_LIB_FUNCTION void KRB5_LIB_CALL initialize_error_table_r(struct et_list **list, const char **messages, int num_errors, @@ -103,7 +103,7 @@ initialize_error_table_r(struct et_list **list, } -void +KRB5_LIB_FUNCTION void KRB5_LIB_CALL free_error_table(struct et_list *et) { while(et){ diff --git a/source4/heimdal/lib/com_err/lex.c b/source4/heimdal/lib/com_err/lex.c index bf33e3ad0e..f107bba5bd 100644 --- a/source4/heimdal/lib/com_err/lex.c +++ b/source4/heimdal/lib/com_err/lex.c @@ -586,8 +586,6 @@ extern int yywrap (void ); #endif #endif - static void yyunput (int c,char *buf_ptr ); - #ifndef yytext_ptr static void yy_flex_strncpy (char *,yyconst char *,int ); #endif @@ -709,9 +707,9 @@ YY_DECL register char *yy_cp, *yy_bp; register int yy_act; -#line 57 "lex.l" +#line 58 "lex.l" -#line 714 "" +#line 712 "" if ( !(yy_init) ) { @@ -796,86 +794,86 @@ do_action: /* This label is used only to access EOF actions. */ case 1: YY_RULE_SETUP -#line 58 "lex.l" +#line 59 "lex.l" { return ET; } YY_BREAK case 2: YY_RULE_SETUP -#line 59 "lex.l" +#line 60 "lex.l" { return ET; } YY_BREAK case 3: YY_RULE_SETUP -#line 60 "lex.l" +#line 61 "lex.l" { return EC; } YY_BREAK case 4: YY_RULE_SETUP -#line 61 "lex.l" +#line 62 "lex.l" { return EC; } YY_BREAK case 5: YY_RULE_SETUP -#line 62 "lex.l" +#line 63 "lex.l" { return PREFIX; } YY_BREAK case 6: YY_RULE_SETUP -#line 63 "lex.l" +#line 64 "lex.l" { return INDEX; } YY_BREAK case 7: YY_RULE_SETUP -#line 64 "lex.l" +#line 65 "lex.l" { return ID; } YY_BREAK case 8: YY_RULE_SETUP -#line 65 "lex.l" +#line 66 "lex.l" { return END; } YY_BREAK case 9: YY_RULE_SETUP -#line 66 "lex.l" +#line 67 "lex.l" { yylval.number = atoi(yytext); return NUMBER; } YY_BREAK case 10: YY_RULE_SETUP -#line 67 "lex.l" +#line 68 "lex.l" ; YY_BREAK case 11: YY_RULE_SETUP -#line 68 "lex.l" +#line 69 "lex.l" ; YY_BREAK case 12: /* rule 12 can match eol */ YY_RULE_SETUP -#line 69 "lex.l" +#line 70 "lex.l" { lineno++; } YY_BREAK case 13: YY_RULE_SETUP -#line 70 "lex.l" +#line 71 "lex.l" { return getstring(); } YY_BREAK case 14: YY_RULE_SETUP -#line 71 "lex.l" +#line 72 "lex.l" { yylval.string = strdup(yytext); return STRING; } YY_BREAK case 15: YY_RULE_SETUP -#line 72 "lex.l" +#line 73 "lex.l" { return *yytext; } YY_BREAK case 16: YY_RULE_SETUP -#line 73 "lex.l" +#line 74 "lex.l" ECHO; YY_BREAK -#line 878 "" +#line 876 "" case YY_STATE_EOF(INITIAL): yyterminate(); @@ -1204,43 +1202,6 @@ static int yy_get_next_buffer (void) return yy_is_jam ? 0 : yy_current_state; } - static void yyunput (int c, register char * yy_bp ) -{ - register char *yy_cp; - - yy_cp = (yy_c_buf_p); - - /* undo effects of setting up yytext */ - *yy_cp = (yy_hold_char); - - if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) - { /* need to shift things up to make room */ - /* +2 for EOB chars. */ - register int number_to_move = (yy_n_chars) + 2; - register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ - YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2]; - register char *source = - &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]; - - while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) - *--dest = *--source; - - yy_cp += (int) (dest - source); - yy_bp += (int) (dest - source); - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = - (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size; - - if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) - YY_FATAL_ERROR( "flex scanner push-back overflow" ); - } - - *--yy_cp = (char) c; - - (yytext_ptr) = yy_bp; - (yy_hold_char) = *yy_cp; - (yy_c_buf_p) = yy_cp; -} - #ifndef YY_NO_INPUT #ifdef __cplusplus static int yyinput (void) @@ -1873,7 +1834,7 @@ void yyfree (void * ptr ) #define YYTABLES_NAME "yytables" -#line 73 "lex.l" +#line 74 "lex.l" @@ -1899,7 +1860,7 @@ getstring(void) continue; } if(c == '\n'){ - error_message("unterminated string"); + lex_error_message("unterminated string"); lineno++; break; } @@ -1919,7 +1880,7 @@ getstring(void) } void -error_message (const char *format, ...) +lex_error_message (const char *format, ...) { va_list args; diff --git a/source4/heimdal/lib/com_err/lex.h b/source4/heimdal/lib/com_err/lex.h index 76f3e2b2a5..6c9be77ddf 100644 --- a/source4/heimdal/lib/com_err/lex.h +++ b/source4/heimdal/lib/com_err/lex.h @@ -33,7 +33,7 @@ /* $Id$ */ -void error_message (const char *, ...) +void lex_error_message (const char *, ...) __attribute__ ((format (printf, 1, 2))); int yylex(void); diff --git a/source4/heimdal/lib/com_err/lex.l b/source4/heimdal/lib/com_err/lex.l index b68814b21c..ac660a1d8c 100644 --- a/source4/heimdal/lib/com_err/lex.l +++ b/source4/heimdal/lib/com_err/lex.l @@ -53,6 +53,7 @@ static int getstring(void); %} +%option nounput %% et { return ET; } @@ -94,7 +95,7 @@ getstring(void) continue; } if(c == '\n'){ - error_message("unterminated string"); + lex_error_message("unterminated string"); lineno++; break; } @@ -114,7 +115,7 @@ getstring(void) } void -error_message (const char *format, ...) +lex_error_message (const char *format, ...) { va_list args; diff --git a/source4/heimdal/lib/com_err/parse.c b/source4/heimdal/lib/com_err/parse.c index a426613303..b2b0fc1090 100644 --- a/source4/heimdal/lib/com_err/parse.c +++ b/source4/heimdal/lib/com_err/parse.c @@ -8,17 +8,29 @@ static const char yysccsid[] = "@(#)yaccpar 1.9 (Berkeley) 02/21/93"; #define YYBYACC 1 #define YYMAJOR 1 #define YYMINOR 9 -#define YYPATCH 20070509 +#define YYPATCH 20100216 -#define YYEMPTY (-1) -#define yyclearin (yychar = YYEMPTY) -#define yyerrok (yyerrflag = 0) -#define YYRECOVERING (yyerrflag != 0) +#define YYEMPTY (-1) +#define yyclearin (yychar = YYEMPTY) +#define yyerrok (yyerrflag = 0) +#define YYRECOVERING() (yyerrflag != 0) -extern int yyparse(void); - -static int yygrowstack(void); #define YYPREFIX "yy" + +/* compatibility with bison */ +#ifdef YYPARSE_PARAM +/* compatibility with FreeBSD */ +#ifdef YYPARSE_PARAM_TYPE +#define YYPARSE_DECL() yyparse(YYPARSE_PARAM_TYPE YYPARSE_PARAM) +#else +#define YYPARSE_DECL() yyparse(void *YYPARSE_PARAM) +#endif +#else +#define YYPARSE_DECL() yyparse(void) +#endif /* YYPARSE_PARAM */ + +extern int YYPARSE_DECL(); + #line 2 "" /* * Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan @@ -67,12 +79,15 @@ extern char *yytext; #define alloca(x) malloc(x) #endif -#line 51 "" +#define YYMALLOC malloc +#define YYFREE free + +#line 54 "" typedef union { char *string; int number; } YYSTYPE; -#line 76 "" +#line 90 "" #define ET 257 #define INDEX 258 #define PREFIX 259 @@ -82,37 +97,37 @@ typedef union { #define STRING 263 #define NUMBER 264 #define YYERRCODE 256 -short yylhs[] = { -1, +static const short yylhs[] = { -1, 0, 0, 1, 1, 3, 4, 4, 2, 2, 5, 5, 5, 5, 5, }; -short yylen[] = { 2, +static const short yylen[] = { 2, 0, 2, 2, 1, 2, 2, 3, 1, 2, 2, 2, 1, 4, 1, }; -short yydefred[] = { 0, +static const short yydefred[] = { 0, 0, 0, 0, 0, 0, 4, 0, 5, 0, 0, 0, 14, 0, 8, 3, 7, 10, 11, 0, 9, 0, 13, }; -short yydgoto[] = { 3, +static const short yydgoto[] = { 3, 4, 13, 5, 6, 14, }; -short yysindex[] = { -247, +static const short yysindex[] = { -247, -263, -258, 0, -256, -245, 0, -250, 0, -249, -246, -244, 0, -256, 0, 0, 0, 0, 0, -28, 0, -243, 0, }; -short yyrindex[] = { 18, +static const short yyrindex[] = { 18, 0, 0, 0, 0, 0, 0, -251, 0, 0, 1, 0, 0, 21, 0, 0, 0, 0, 0, 0, 0, 0, 0, }; -short yygindex[] = { 0, +static const short yygindex[] = { 0, 0, 0, 0, 17, 10, }; #define YYTABLESIZE 263 -short yytable[] = { 7, +static const short yytable[] = { 7, 12, 9, 10, 11, 8, 12, 6, 6, 6, 1, 6, 1, 16, 2, 17, 21, 18, 1, 19, 22, 2, 15, 20, 0, 0, 0, 0, 0, 0, 0, @@ -141,7 +156,7 @@ short yytable[] = { 7, 0, 0, 0, 0, 0, 0, 0, 0, 12, 12, 12, 0, 12, }; -short yycheck[] = { 263, +static const short yycheck[] = { 263, 0, 258, 259, 260, 263, 262, 258, 259, 260, 257, 262, 257, 263, 261, 264, 44, 263, 0, 263, 263, 0, 5, 13, -1, -1, -1, -1, -1, -1, -1, @@ -176,7 +191,8 @@ short yycheck[] = { 263, #endif #define YYMAXTOKEN 264 #if YYDEBUG -char *yyname[] = { +static const char *yyname[] = { + "end-of-file",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,"','",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, @@ -186,7 +202,7 @@ char *yyname[] = { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,"ET","INDEX","PREFIX","EC", "ID","END","STRING","NUMBER", }; -char *yyrule[] = { +static const char *yyrule[] = { "$accept : file", "file :", "file : header statements", @@ -202,6 +218,7 @@ char *yyrule[] = { "statement : PREFIX", "statement : EC STRING ',' STRING", "statement : END", + }; #endif #if YYDEBUG @@ -225,19 +242,26 @@ char *yyrule[] = { int yydebug; int yynerrs; + +typedef struct { + unsigned stacksize; + short *s_base; + short *s_mark; + short *s_last; + YYSTYPE *l_base; + YYSTYPE *l_mark; +} YYSTACKDATA; + +#define YYPURE 0 + int yyerrflag; int yychar; -short *yyssp; -YYSTYPE *yyvsp; YYSTYPE yyval; YYSTYPE yylval; /* variables for the parser stack */ -static short *yyss; -static short *yysslim; -static YYSTYPE *yyvs; -static int yystacksize; -#line 141 "" +static YYSTACKDATA yystack; +#line 144 "" static long name2number(const char *str) @@ -267,55 +291,70 @@ name2number(const char *str) void yyerror (char *s) { - error_message ("%s\n", s); + lex_error_message ("%s\n", s); } -#line 273 "" +#line 296 "" /* allocate initial stack or double stack size, up to YYMAXDEPTH */ -static int yygrowstack(void) +static int yygrowstack(YYSTACKDATA *data) { - int newsize, i; + int i; + unsigned newsize; short *newss; YYSTYPE *newvs; - if ((newsize = yystacksize) == 0) + if ((newsize = data->stacksize) == 0) newsize = YYINITSTACKSIZE; else if (newsize >= YYMAXDEPTH) return -1; else if ((newsize *= 2) > YYMAXDEPTH) newsize = YYMAXDEPTH; - i = yyssp - yyss; - newss = (yyss != 0) - ? (short *)realloc(yyss, newsize * sizeof(*newss)) + i = data->s_mark - data->s_base; + newss = (data->s_base != 0) + ? (short *)realloc(data->s_base, newsize * sizeof(*newss)) : (short *)malloc(newsize * sizeof(*newss)); if (newss == 0) return -1; - yyss = newss; - yyssp = newss + i; - newvs = (yyvs != 0) - ? (YYSTYPE *)realloc(yyvs, newsize * sizeof(*newvs)) + data->s_base = newss; + data->s_mark = newss + i; + + newvs = (data->l_base != 0) + ? (YYSTYPE *)realloc(data->l_base, newsize * sizeof(*newvs)) : (YYSTYPE *)malloc(newsize * sizeof(*newvs)); if (newvs == 0) return -1; - yyvs = newvs; - yyvsp = newvs + i; - yystacksize = newsize; - yysslim = yyss + newsize - 1; + data->l_base = newvs; + data->l_mark = newvs + i; + + data->stacksize = newsize; + data->s_last = data->s_base + newsize - 1; return 0; } -#define YYABORT goto yyabort +#if YYPURE || defined(YY_NO_LEAKS) +static void yyfreestack(YYSTACKDATA *data) +{ + free(data->s_base); + free(data->l_base); + memset(data, 0, sizeof(*data)); +} +#else +#define yyfreestack(data) /* nothing */ +#endif + +#define YYABORT goto yyabort #define YYREJECT goto yyabort #define YYACCEPT goto yyaccept -#define YYERROR goto yyerrlab +#define YYERROR goto yyerrlab + int -yyparse(void) +YYPARSE_DECL() { - register int yym, yyn, yystate; + int yym, yyn, yystate; #if YYDEBUG - register const char *yys; + const char *yys; if ((yys = getenv("YYDEBUG")) != 0) { @@ -328,11 +367,17 @@ yyparse(void) yynerrs = 0; yyerrflag = 0; yychar = YYEMPTY; + yystate = 0; - if (yyss == NULL && yygrowstack()) goto yyoverflow; - yyssp = yyss; - yyvsp = yyvs; - *yyssp = yystate = 0; +#if YYPURE + memset(&yystack, 0, sizeof(yystack)); +#endif + + if (yystack.s_base == NULL && yygrowstack(&yystack)) goto yyoverflow; + yystack.s_mark = yystack.s_base; + yystack.l_mark = yystack.l_base; + yystate = 0; + *yystack.s_mark = 0; yyloop: if ((yyn = yydefred[yystate]) != 0) goto yyreduce; @@ -358,12 +403,13 @@ yyloop: printf("%sdebug: state %d, shifting to state %d\n", YYPREFIX, yystate, yytable[yyn]); #endif - if (yyssp >= yysslim && yygrowstack()) + if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack)) { goto yyoverflow; } - *++yyssp = yystate = yytable[yyn]; - *++yyvsp = yylval; + yystate = yytable[yyn]; + *++yystack.s_mark = yytable[yyn]; + *++yystack.l_mark = yylval; yychar = YYEMPTY; if (yyerrflag > 0) --yyerrflag; goto yyloop; @@ -378,9 +424,7 @@ yyloop: yyerror("syntax error"); -#ifdef lint goto yyerrlab; -#endif yyerrlab: ++yynerrs; @@ -391,20 +435,21 @@ yyinrecovery: yyerrflag = 3; for (;;) { - if ((yyn = yysindex[*yyssp]) && (yyn += YYERRCODE) >= 0 && + if ((yyn = yysindex[*yystack.s_mark]) && (yyn += YYERRCODE) >= 0 && yyn <= YYTABLESIZE && yycheck[yyn] == YYERRCODE) { #if YYDEBUG if (yydebug) printf("%sdebug: state %d, error recovery shifting\ - to state %d\n", YYPREFIX, *yyssp, yytable[yyn]); + to state %d\n", YYPREFIX, *yystack.s_mark, yytable[yyn]); #endif - if (yyssp >= yysslim && yygrowstack()) + if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack)) { goto yyoverflow; } - *++yyssp = yystate = yytable[yyn]; - *++yyvsp = yylval; + yystate = yytable[yyn]; + *++yystack.s_mark = yytable[yyn]; + *++yystack.l_mark = yylval; goto yyloop; } else @@ -412,11 +457,11 @@ yyinrecovery: #if YYDEBUG if (yydebug) printf("%sdebug: error recovery discarding state %d\n", - YYPREFIX, *yyssp); + YYPREFIX, *yystack.s_mark); #endif - if (yyssp <= yyss) goto yyabort; - --yyssp; - --yyvsp; + if (yystack.s_mark <= yystack.s_base) goto yyabort; + --yystack.s_mark; + --yystack.l_mark; } } } @@ -445,53 +490,53 @@ yyreduce: #endif yym = yylen[yyn]; if (yym) - yyval = yyvsp[1-yym]; + yyval = yystack.l_mark[1-yym]; else memset(&yyval, 0, sizeof yyval); switch (yyn) { case 5: -#line 71 "" -{ - id_str = yyvsp[0].string; +#line 74 "" + { + id_str = yystack.l_mark[0].string; } break; case 6: -#line 77 "" -{ - base_id = name2number(yyvsp[0].string); - strlcpy(name, yyvsp[0].string, sizeof(name)); - free(yyvsp[0].string); +#line 80 "" + { + base_id = name2number(yystack.l_mark[0].string); + strlcpy(name, yystack.l_mark[0].string, sizeof(name)); + free(yystack.l_mark[0].string); } break; case 7: -#line 83 "" -{ - base_id = name2number(yyvsp[-1].string); - strlcpy(name, yyvsp[0].string, sizeof(name)); - free(yyvsp[-1].string); - free(yyvsp[0].string); +#line 86 "" + { + base_id = name2number(yystack.l_mark[-1].string); + strlcpy(name, yystack.l_mark[0].string, sizeof(name)); + free(yystack.l_mark[-1].string); + free(yystack.l_mark[0].string); } break; case 10: -#line 96 "" -{ - number = yyvsp[0].number; +#line 99 "" + { + number = yystack.l_mark[0].number; } break; case 11: -#line 100 "" -{ +#line 103 "" + { free(prefix); - asprintf (&prefix, "%s_", yyvsp[0].string); + asprintf (&prefix, "%s_", yystack.l_mark[0].string); if (prefix == NULL) errx(1, "malloc"); - free(yyvsp[0].string); + free(yystack.l_mark[0].string); } break; case 12: -#line 108 "" -{ +#line 111 "" + { prefix = realloc(prefix, 1); if (prefix == NULL) errx(1, "malloc"); @@ -499,8 +544,8 @@ case 12: } break; case 13: -#line 115 "" -{ +#line 118 "" + { struct error_code *ec = malloc(sizeof(*ec)); if (ec == NULL) @@ -509,28 +554,28 @@ case 13: ec->next = NULL; ec->number = number; if(prefix && *prefix != '\0') { - asprintf (&ec->name, "%s%s", prefix, yyvsp[-2].string); + asprintf (&ec->name, "%s%s", prefix, yystack.l_mark[-2].string); if (ec->name == NULL) errx(1, "malloc"); - free(yyvsp[-2].string); + free(yystack.l_mark[-2].string); } else - ec->name = yyvsp[-2].string; - ec->string = yyvsp[0].string; + ec->name = yystack.l_mark[-2].string; + ec->string = yystack.l_mark[0].string; APPEND(codes, ec); number++; } break; case 14: -#line 135 "" -{ +#line 138 "" + { YYACCEPT; } break; -#line 530 "" +#line 574 "" } - yyssp -= yym; - yystate = *yyssp; - yyvsp -= yym; + yystack.s_mark -= yym; + yystate = *yystack.s_mark; + yystack.l_mark -= yym; yym = yylhs[yyn]; if (yystate == 0 && yym == 0) { @@ -540,8 +585,8 @@ break; state %d\n", YYPREFIX, YYFINAL); #endif yystate = YYFINAL; - *++yyssp = YYFINAL; - *++yyvsp = yyval; + *++yystack.s_mark = YYFINAL; + *++yystack.l_mark = yyval; if (yychar < 0) { if ((yychar = yylex()) < 0) yychar = 0; @@ -567,22 +612,24 @@ break; #if YYDEBUG if (yydebug) printf("%sdebug: after reduction, shifting from state %d \ -to state %d\n", YYPREFIX, *yyssp, yystate); +to state %d\n", YYPREFIX, *yystack.s_mark, yystate); #endif - if (yyssp >= yysslim && yygrowstack()) + if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack)) { goto yyoverflow; } - *++yyssp = yystate; - *++yyvsp = yyval; + *++yystack.s_mark = (short) yystate; + *++yystack.l_mark = yyval; goto yyloop; yyoverflow: yyerror("yacc stack overflow"); yyabort: + yyfreestack(&yystack); return (1); yyaccept: + yyfreestack(&yystack); return (0); } diff --git a/source4/heimdal/lib/com_err/parse.y b/source4/heimdal/lib/com_err/parse.y index d64681d902..f628e8804f 100644 --- a/source4/heimdal/lib/com_err/parse.y +++ b/source4/heimdal/lib/com_err/parse.y @@ -46,6 +46,9 @@ extern char *yytext; #define alloca(x) malloc(x) #endif +#define YYMALLOC malloc +#define YYFREE free + %} %union { @@ -167,5 +170,5 @@ name2number(const char *str) void yyerror (char *s) { - error_message ("%s\n", s); + lex_error_message ("%s\n", s); } diff --git a/source4/heimdal/lib/gssapi/gssapi/gssapi.h b/source4/heimdal/lib/gssapi/gssapi/gssapi.h index fa53a8a74c..12833ebe14 100644 --- a/source4/heimdal/lib/gssapi/gssapi/gssapi.h +++ b/source4/heimdal/lib/gssapi/gssapi/gssapi.h @@ -90,29 +90,35 @@ typedef uint32_t gss_uint32; struct gss_name_t_desc_struct; typedef struct gss_name_t_desc_struct *gss_name_t; +typedef const struct gss_name_t_desc_struct *gss_const_name_t; struct gss_ctx_id_t_desc_struct; typedef struct gss_ctx_id_t_desc_struct *gss_ctx_id_t; +typedef const struct gss_ctx_id_t_desc_struct gss_const_ctx_id_t; typedef struct gss_OID_desc_struct { OM_uint32 length; void *elements; } gss_OID_desc, *gss_OID; +typedef const gss_OID_desc * gss_const_OID; typedef struct gss_OID_set_desc_struct { size_t count; gss_OID elements; } gss_OID_set_desc, *gss_OID_set; +typedef const gss_OID_set_desc * gss_const_OID_set; typedef int gss_cred_usage_t; struct gss_cred_id_t_desc_struct; typedef struct gss_cred_id_t_desc_struct *gss_cred_id_t; +typedef const struct gss_cred_id_t_desc_struct *gss_const_cred_id_t; typedef struct gss_buffer_desc_struct { size_t length; void *value; } gss_buffer_desc, *gss_buffer_t; +typedef const gss_buffer_desc * gss_const_buffer_t; typedef struct gss_channel_bindings_struct { OM_uint32 initiator_addrtype; @@ -121,6 +127,7 @@ typedef struct gss_channel_bindings_struct { gss_buffer_desc acceptor_address; gss_buffer_desc application_data; } *gss_channel_bindings_t; +typedef const struct gss_channel_bindings_struct *gss_const_channel_bindings_t; /* GGF extension data types */ typedef struct gss_buffer_set_desc_struct { @@ -138,6 +145,8 @@ typedef struct gss_iov_buffer_desc_struct { */ typedef OM_uint32 gss_qop_t; + + /* * Flag bits for context-level services. */ @@ -261,6 +270,8 @@ typedef OM_uint32 gss_qop_t; GSSAPI_CPP_START +#include <gssapi/gssapi_oid.h> + /* * The implementation must reserve static storage for a * gss_OID_desc object containing the value @@ -363,14 +374,6 @@ extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_anonymous_oid_desc; extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_export_name_oid_desc; #define GSS_C_NT_EXPORT_NAME (&__gss_c_nt_export_name_oid_desc) -/* - * Digest mechanism - */ - -extern gss_OID_desc GSSAPI_LIB_VARIABLE __gss_sasl_digest_md5_mechanism_oid_desc; -#define GSS_SASL_DIGEST_MD5_MECHANISM (&__gss_sasl_digest_md5_mechanism_oid_desc) - - /* Major status codes */ #define GSS_S_COMPLETE 0 @@ -438,6 +441,7 @@ extern gss_OID_desc GSSAPI_LIB_VARIABLE __gss_sasl_digest_md5_mechanism_oid_desc #define GSS_S_UNAVAILABLE (16ul << GSS_C_ROUTINE_ERROR_OFFSET) #define GSS_S_DUPLICATE_ELEMENT (17ul << GSS_C_ROUTINE_ERROR_OFFSET) #define GSS_S_NAME_NOT_MN (18ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_BAD_MECH_ATTR (19ul << GSS_C_ROUTINE_ERROR_OFFSET) /* * Supplementary info bits: @@ -756,7 +760,7 @@ gss_set_cred_option (OM_uint32 *minor_status, const gss_buffer_t value); GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL -gss_oid_equal(const gss_OID a, const gss_OID b); +gss_oid_equal(gss_const_OID a, gss_const_OID b); GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_create_empty_buffer_set @@ -929,6 +933,69 @@ gss_import_cred(OM_uint32 * /* minor_status */, gss_buffer_t /* cred_token */, gss_cred_id_t * /* cred_handle */); +/* + * mech option + */ + +GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL +gss_mo_set(gss_const_OID mech, gss_const_OID option, + int enable, gss_buffer_t value); + +GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL +gss_mo_get(gss_const_OID mech, gss_const_OID option, gss_buffer_t value); + +GSSAPI_LIB_FUNCTION void GSSAPI_LIB_CALL +gss_mo_list(gss_const_OID mech, gss_OID_set *options); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_mo_name(gss_const_OID mech, gss_const_OID options, gss_buffer_t name); + +/* + * SASL glue functions and mech inquire + */ + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_inquire_saslname_for_mech(OM_uint32 *minor_status, + const gss_OID desired_mech, + gss_buffer_t sasl_mech_name, + gss_buffer_t mech_name, + gss_buffer_t mech_description); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_inquire_mech_for_saslname(OM_uint32 *minor_status, + const gss_buffer_t sasl_mech_name, + gss_OID *mech_type); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_indicate_mechs_by_attrs(OM_uint32 * minor_status, + gss_const_OID_set desired_mech_attrs, + gss_const_OID_set except_mech_attrs, + gss_const_OID_set critical_mech_attrs, + gss_OID_set *mechs); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_inquire_attrs_for_mech(OM_uint32 * minor_status, + gss_const_OID mech, + gss_OID_set *mech_attr, + gss_OID_set *known_mech_attrs); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_display_mech_attr(OM_uint32 * minor_status, + gss_const_OID mech_attr, + gss_buffer_t name, + gss_buffer_t short_desc, + gss_buffer_t long_desc); + + +/* + * + */ + +GSSAPI_LIB_FUNCTION const char * GSSAPI_LIB_CALL +gss_oid_to_name(gss_const_OID oid); + +GSSAPI_LIB_FUNCTION gss_OID GSSAPI_LIB_CALL +gss_name_to_oid(const char *name); GSSAPI_CPP_END diff --git a/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h b/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h index 28f9c3777b..2f605f5ee1 100644 --- a/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h +++ b/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h @@ -68,79 +68,6 @@ extern gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_mechanism_oid_desc; #define gss_mech_krb5 GSS_KRB5_MECHANISM #define gss_krb5_nt_general_name GSS_KRB5_NT_PRINCIPAL_NAME -/* Extensions set contexts options */ -extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_copy_ccache_x_oid_desc; -#define GSS_KRB5_COPY_CCACHE_X (&__gss_krb5_copy_ccache_x_oid_desc) - -extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_compat_des3_mic_x_oid_desc; -#define GSS_KRB5_COMPAT_DES3_MIC_X (&__gss_krb5_compat_des3_mic_x_oid_desc) - -extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_register_acceptor_identity_x_oid_desc; -#define GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X (&__gss_krb5_register_acceptor_identity_x_oid_desc) - -extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_set_dns_canonicalize_x_oid_desc; -#define GSS_KRB5_SET_DNS_CANONICALIZE_X (&__gss_krb5_set_dns_canonicalize_x_oid_desc) - -extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_send_to_kdc_x_oid_desc; -#define GSS_KRB5_SEND_TO_KDC_X (&__gss_krb5_send_to_kdc_x_oid_desc) - -extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_set_default_realm_x_oid_desc; -#define GSS_KRB5_SET_DEFAULT_REALM_X (&__gss_krb5_set_default_realm_x_oid_desc) - -extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_ccache_name_x_oid_desc; -#define GSS_KRB5_CCACHE_NAME_X (&__gss_krb5_ccache_name_x_oid_desc) - -extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_set_time_offset_x_oid_desc; -#define GSS_KRB5_SET_TIME_OFFSET_X (&__gss_krb5_set_time_offset_x_oid_desc) - -extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_time_offset_x_oid_desc; -#define GSS_KRB5_GET_TIME_OFFSET_X (&__gss_krb5_get_time_offset_x_oid_desc) - -extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_plugin_register_x_oid_desc; -#define GSS_KRB5_PLUGIN_REGISTER_X (&__gss_krb5_plugin_register_x_oid_desc) - -/* Extensions inquire context */ -extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_tkt_flags_x_oid_desc; -#define GSS_KRB5_GET_TKT_FLAGS_X (&__gss_krb5_get_tkt_flags_x_oid_desc) - -extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_extract_authz_data_from_sec_context_x_oid_desc; -#define GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X (&__gss_krb5_extract_authz_data_from_sec_context_x_oid_desc) - -extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_peer_has_updated_spnego_oid_desc; -#define GSS_C_PEER_HAS_UPDATED_SPNEGO (&__gss_c_peer_has_updated_spnego_oid_desc) - -extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_export_lucid_context_x_oid_desc; -#define GSS_KRB5_EXPORT_LUCID_CONTEXT_X (&__gss_krb5_export_lucid_context_x_oid_desc) - -extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_export_lucid_context_v1_x_oid_desc; -#define GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X (&__gss_krb5_export_lucid_context_v1_x_oid_desc) - -extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_subkey_x_oid_desc; -#define GSS_KRB5_GET_SUBKEY_X (&__gss_krb5_get_subkey_x_oid_desc) - -extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_initiator_subkey_x_oid_desc; -#define GSS_KRB5_GET_INITIATOR_SUBKEY_X (&__gss_krb5_get_initiator_subkey_x_oid_desc) - -extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_acceptor_subkey_x_oid_desc; -#define GSS_KRB5_GET_ACCEPTOR_SUBKEY_X (&__gss_krb5_get_acceptor_subkey_x_oid_desc) - -extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_authtime_x_oid_desc; -#define GSS_KRB5_GET_AUTHTIME_X (&__gss_krb5_get_authtime_x_oid_desc) - -extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_service_keyblock_x_oid_desc; -#define GSS_KRB5_GET_SERVICE_KEYBLOCK_X (&__gss_krb5_get_service_keyblock_x_oid_desc) - -/* Extensions creds */ - -extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_import_cred_x_oid_desc; -#define GSS_KRB5_IMPORT_CRED_X (&__gss_krb5_import_cred_x_oid_desc) - -extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_set_allowable_enctypes_x_oid_desc; -#define GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X (&__gss_krb5_set_allowable_enctypes_x_oid_desc) - -extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_cred_no_ci_flags_x_oid_desc; -#define GSS_KRB5_CRED_NO_CI_FLAGS_X (&__gss_krb5_cred_no_ci_flags_x_oid_desc) - /* * kerberos mechanism specific functions */ diff --git a/source4/heimdal/lib/gssapi/gssapi/gssapi_oid.h b/source4/heimdal/lib/gssapi/gssapi/gssapi_oid.h new file mode 100644 index 0000000000..af7a583344 --- /dev/null +++ b/source4/heimdal/lib/gssapi/gssapi/gssapi_oid.h @@ -0,0 +1,231 @@ +/* Generated file */ +#ifndef GSSAPI_GSSAPI_OID +#define GSSAPI_GSSAPI_OID 1 + + /* contact Love Hörnquist Åstrand <lha@h5l.org> for new oid arcs */ + /* + * 1.2.752.43.13 Heimdal GSS-API Extentions + */ +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_copy_ccache_x_oid_desc; +#define GSS_KRB5_COPY_CCACHE_X (&__gss_krb5_copy_ccache_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_tkt_flags_x_oid_desc; +#define GSS_KRB5_GET_TKT_FLAGS_X (&__gss_krb5_get_tkt_flags_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_extract_authz_data_from_sec_context_x_oid_desc; +#define GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X (&__gss_krb5_extract_authz_data_from_sec_context_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_compat_des3_mic_x_oid_desc; +#define GSS_KRB5_COMPAT_DES3_MIC_X (&__gss_krb5_compat_des3_mic_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_register_acceptor_identity_x_oid_desc; +#define GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X (&__gss_krb5_register_acceptor_identity_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_export_lucid_context_x_oid_desc; +#define GSS_KRB5_EXPORT_LUCID_CONTEXT_X (&__gss_krb5_export_lucid_context_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_export_lucid_context_v1_x_oid_desc; +#define GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X (&__gss_krb5_export_lucid_context_v1_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_set_dns_canonicalize_x_oid_desc; +#define GSS_KRB5_SET_DNS_CANONICALIZE_X (&__gss_krb5_set_dns_canonicalize_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_subkey_x_oid_desc; +#define GSS_KRB5_GET_SUBKEY_X (&__gss_krb5_get_subkey_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_initiator_subkey_x_oid_desc; +#define GSS_KRB5_GET_INITIATOR_SUBKEY_X (&__gss_krb5_get_initiator_subkey_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_acceptor_subkey_x_oid_desc; +#define GSS_KRB5_GET_ACCEPTOR_SUBKEY_X (&__gss_krb5_get_acceptor_subkey_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_send_to_kdc_x_oid_desc; +#define GSS_KRB5_SEND_TO_KDC_X (&__gss_krb5_send_to_kdc_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_authtime_x_oid_desc; +#define GSS_KRB5_GET_AUTHTIME_X (&__gss_krb5_get_authtime_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_service_keyblock_x_oid_desc; +#define GSS_KRB5_GET_SERVICE_KEYBLOCK_X (&__gss_krb5_get_service_keyblock_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_set_allowable_enctypes_x_oid_desc; +#define GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X (&__gss_krb5_set_allowable_enctypes_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_set_default_realm_x_oid_desc; +#define GSS_KRB5_SET_DEFAULT_REALM_X (&__gss_krb5_set_default_realm_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_ccache_name_x_oid_desc; +#define GSS_KRB5_CCACHE_NAME_X (&__gss_krb5_ccache_name_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_set_time_offset_x_oid_desc; +#define GSS_KRB5_SET_TIME_OFFSET_X (&__gss_krb5_set_time_offset_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_time_offset_x_oid_desc; +#define GSS_KRB5_GET_TIME_OFFSET_X (&__gss_krb5_get_time_offset_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_plugin_register_x_oid_desc; +#define GSS_KRB5_PLUGIN_REGISTER_X (&__gss_krb5_plugin_register_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_ntlm_get_session_key_x_oid_desc; +#define GSS_NTLM_GET_SESSION_KEY_X (&__gss_ntlm_get_session_key_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_ntlm_oid_desc; +#define GSS_C_NT_NTLM (&__gss_c_nt_ntlm_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_dn_oid_desc; +#define GSS_C_NT_DN (&__gss_c_nt_dn_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_nt_principal_name_referral_oid_desc; +#define GSS_KRB5_NT_PRINCIPAL_NAME_REFERRAL (&__gss_krb5_nt_principal_name_referral_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ntlm_avguest_oid_desc; +#define GSS_C_NTLM_AVGUEST (&__gss_c_ntlm_avguest_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ntlm_v1_oid_desc; +#define GSS_C_NTLM_V1 (&__gss_c_ntlm_v1_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ntlm_v2_oid_desc; +#define GSS_C_NTLM_V2 (&__gss_c_ntlm_v2_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ntlm_session_key_oid_desc; +#define GSS_C_NTLM_SESSION_KEY (&__gss_c_ntlm_session_key_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ntlm_force_v1_oid_desc; +#define GSS_C_NTLM_FORCE_V1 (&__gss_c_ntlm_force_v1_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_cred_no_ci_flags_x_oid_desc; +#define GSS_KRB5_CRED_NO_CI_FLAGS_X (&__gss_krb5_cred_no_ci_flags_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_import_cred_x_oid_desc; +#define GSS_KRB5_IMPORT_CRED_X (&__gss_krb5_import_cred_x_oid_desc) + + /* glue for gss_inquire_saslname_for_mech */ +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_sasl_mech_name_oid_desc; +#define GSS_C_MA_SASL_MECH_NAME (&__gss_c_ma_sasl_mech_name_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mech_name_oid_desc; +#define GSS_C_MA_MECH_NAME (&__gss_c_ma_mech_name_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mech_description_oid_desc; +#define GSS_C_MA_MECH_DESCRIPTION (&__gss_c_ma_mech_description_oid_desc) + +/* Heimdal mechanisms - 1.2.752.43.14 */ +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_sasl_digest_md5_mechanism_oid_desc; +#define GSS_SASL_DIGEST_MD5_MECHANISM (&__gss_sasl_digest_md5_mechanism_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_netlogon_mechanism_oid_desc; +#define GSS_NETLOGON_MECHANISM (&__gss_netlogon_mechanism_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_netlogon_set_session_key_x_oid_desc; +#define GSS_NETLOGON_SET_SESSION_KEY_X (&__gss_netlogon_set_session_key_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_netlogon_set_sign_algorithm_x_oid_desc; +#define GSS_NETLOGON_SET_SIGN_ALGORITHM_X (&__gss_netlogon_set_sign_algorithm_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_netlogon_nt_netbios_dns_name_oid_desc; +#define GSS_NETLOGON_NT_NETBIOS_DNS_NAME (&__gss_netlogon_nt_netbios_dns_name_oid_desc) + +/* + * "Standard" mechs + */ +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_mechanism_oid_desc; +#define GSS_KRB5_MECHANISM (&__gss_krb5_mechanism_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_ntlm_mechanism_oid_desc; +#define GSS_NTLM_MECHANISM (&__gss_ntlm_mechanism_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_spnego_mechanism_oid_desc; +#define GSS_SPNEGO_MECHANISM (&__gss_spnego_mechanism_oid_desc) + + /* From Luke Howard */ +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_peer_has_updated_spnego_oid_desc; +#define GSS_C_PEER_HAS_UPDATED_SPNEGO (&__gss_c_peer_has_updated_spnego_oid_desc) + +/* + * OID mappings with name and short description and and slightly longer description + */ +/* + * RFC5587 + */ +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mech_concrete_oid_desc; +#define GSS_C_MA_MECH_CONCRETE (&__gss_c_ma_mech_concrete_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mech_pseudo_oid_desc; +#define GSS_C_MA_MECH_PSEUDO (&__gss_c_ma_mech_pseudo_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mech_composite_oid_desc; +#define GSS_C_MA_MECH_COMPOSITE (&__gss_c_ma_mech_composite_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mech_nego_oid_desc; +#define GSS_C_MA_MECH_NEGO (&__gss_c_ma_mech_nego_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mech_glue_oid_desc; +#define GSS_C_MA_MECH_GLUE (&__gss_c_ma_mech_glue_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_not_mech_oid_desc; +#define GSS_C_MA_NOT_MECH (&__gss_c_ma_not_mech_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_deprecated_oid_desc; +#define GSS_C_MA_DEPRECATED (&__gss_c_ma_deprecated_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_not_dflt_mech_oid_desc; +#define GSS_C_MA_NOT_DFLT_MECH (&__gss_c_ma_not_dflt_mech_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_itok_framed_oid_desc; +#define GSS_C_MA_ITOK_FRAMED (&__gss_c_ma_itok_framed_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_auth_init_oid_desc; +#define GSS_C_MA_AUTH_INIT (&__gss_c_ma_auth_init_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_auth_targ_oid_desc; +#define GSS_C_MA_AUTH_TARG (&__gss_c_ma_auth_targ_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_auth_init_init_oid_desc; +#define GSS_C_MA_AUTH_INIT_INIT (&__gss_c_ma_auth_init_init_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_auth_targ_init_oid_desc; +#define GSS_C_MA_AUTH_TARG_INIT (&__gss_c_ma_auth_targ_init_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_auth_init_anon_oid_desc; +#define GSS_C_MA_AUTH_INIT_ANON (&__gss_c_ma_auth_init_anon_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_auth_targ_anon_oid_desc; +#define GSS_C_MA_AUTH_TARG_ANON (&__gss_c_ma_auth_targ_anon_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_deleg_cred_oid_desc; +#define GSS_C_MA_DELEG_CRED (&__gss_c_ma_deleg_cred_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_integ_prot_oid_desc; +#define GSS_C_MA_INTEG_PROT (&__gss_c_ma_integ_prot_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_conf_prot_oid_desc; +#define GSS_C_MA_CONF_PROT (&__gss_c_ma_conf_prot_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mic_oid_desc; +#define GSS_C_MA_MIC (&__gss_c_ma_mic_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_wrap_oid_desc; +#define GSS_C_MA_WRAP (&__gss_c_ma_wrap_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_prot_ready_oid_desc; +#define GSS_C_MA_PROT_READY (&__gss_c_ma_prot_ready_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_replay_det_oid_desc; +#define GSS_C_MA_REPLAY_DET (&__gss_c_ma_replay_det_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_oos_det_oid_desc; +#define GSS_C_MA_OOS_DET (&__gss_c_ma_oos_det_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_cbindings_oid_desc; +#define GSS_C_MA_CBINDINGS (&__gss_c_ma_cbindings_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_pfs_oid_desc; +#define GSS_C_MA_PFS (&__gss_c_ma_pfs_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_compress_oid_desc; +#define GSS_C_MA_COMPRESS (&__gss_c_ma_compress_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_ctx_trans_oid_desc; +#define GSS_C_MA_CTX_TRANS (&__gss_c_ma_ctx_trans_oid_desc) + +#endif /* GSSAPI_GSSAPI_OID */ diff --git a/source4/heimdal/lib/gssapi/gssapi_mech.h b/source4/heimdal/lib/gssapi/gssapi_mech.h index 93b7bf72d7..b06e60a82f 100644 --- a/source4/heimdal/lib/gssapi/gssapi_mech.h +++ b/source4/heimdal/lib/gssapi/gssapi_mech.h @@ -354,7 +354,60 @@ _gss_import_cred_t(OM_uint32 * minor_status, gss_cred_id_t * cred_handle); -#define GMI_VERSION 2 +typedef OM_uint32 GSSAPI_CALLCONV +_gss_acquire_cred_ex_t(void * /* status */, + const gss_name_t /* desired_name */, + OM_uint32 /* flags */, + OM_uint32 /* time_req */, + gss_cred_usage_t /* cred_usage */, + void * /* identity */, + void * /* ctx */, + void (* /*complete */)(void *, OM_uint32, void *, gss_cred_id_t, OM_uint32)); + +typedef void GSSAPI_CALLCONV +_gss_iter_creds_t(OM_uint32 /* flags */, + void * /* userctx */, + void (* /*cred_iter */ )(void *, gss_OID, gss_cred_id_t)); + +typedef OM_uint32 GSSAPI_CALLCONV +_gss_destroy_cred_t(OM_uint32 * /* minor_status */, + gss_cred_id_t * /* cred */); + +typedef OM_uint32 GSSAPI_CALLCONV +_gss_cred_hold_t(OM_uint32 * /* minor_status */, + gss_cred_id_t /* cred */); + +typedef OM_uint32 GSSAPI_CALLCONV +_gss_cred_unhold_t(OM_uint32 * /* minor_status */, + gss_cred_id_t /* cred */); + +typedef OM_uint32 GSSAPI_CALLCONV +_gss_cred_label_set_t(OM_uint32 * /* minor_status */, + gss_cred_id_t /* cred */, + const char * /* label */, + gss_buffer_t /* value */); + +typedef OM_uint32 GSSAPI_CALLCONV +_gss_cred_label_get_t(OM_uint32 * /* minor_status */, + gss_cred_id_t /* cred */, + const char * /* label */, + gss_buffer_t /* value */); + +typedef struct gss_mo_desc_struct gss_mo_desc; + +struct gss_mo_desc_struct { + gss_OID option; + OM_uint32 flags; +#define GSS_MO_MA 1 +#define GSS_MO_MA_CRITICAL 2 + const char *name; + void *ctx; + int (*get)(gss_const_OID, gss_mo_desc *, gss_buffer_t); + int (*set)(gss_const_OID, gss_mo_desc *, int, gss_buffer_t); +}; + + +#define GMI_VERSION 4 /* gm_flags */ #define GM_USE_MG_CRED 1 /* uses mech glue credentials */ @@ -405,10 +458,19 @@ typedef struct gssapi_mech_interface_desc { _gss_store_cred_t *gm_store_cred; _gss_export_cred_t *gm_export_cred; _gss_import_cred_t *gm_import_cred; + _gss_acquire_cred_ex_t *gm_acquire_cred_ex; + _gss_iter_creds_t *gm_iter_creds; + _gss_destroy_cred_t *gm_destroy_cred; + _gss_cred_hold_t *gm_cred_hold; + _gss_cred_unhold_t *gm_cred_unhold; + _gss_cred_label_get_t *gm_cred_label_get; + _gss_cred_label_set_t *gm_cred_label_set; + gss_mo_desc *gm_mo; + size_t gm_mo_num; } gssapi_mech_interface_desc, *gssapi_mech_interface; gssapi_mech_interface -__gss_get_mechanism(gss_OID /* oid */); +__gss_get_mechanism(gss_const_OID /* oid */); gssapi_mech_interface __gss_spnego_initialize(void); gssapi_mech_interface __gss_krb5_initialize(void); @@ -416,4 +478,18 @@ gssapi_mech_interface __gss_ntlm_initialize(void); void gss_mg_collect_error(gss_OID, OM_uint32, OM_uint32); +int _gss_mo_get_option_1(gss_const_OID, gss_mo_desc *, gss_buffer_t); +int _gss_mo_get_option_0(gss_const_OID, gss_mo_desc *, gss_buffer_t); +int _gss_mo_get_ctx_as_string(gss_const_OID, gss_mo_desc *, gss_buffer_t); + +struct _gss_oid_name_table { + gss_OID oid; + const char *name; + const char *short_desc; + const char *long_desc; +}; + +extern struct _gss_oid_name_table _gss_ont_mech[]; +extern struct _gss_oid_name_table _gss_ont_ma[]; + #endif /* GSSAPI_MECH_H */ diff --git a/source4/heimdal/lib/gssapi/krb5/acquire_cred.c b/source4/heimdal/lib/gssapi/krb5/acquire_cred.c index 584ce7711a..d0042e874b 100644 --- a/source4/heimdal/lib/gssapi/krb5/acquire_cred.c +++ b/source4/heimdal/lib/gssapi/krb5/acquire_cred.c @@ -40,7 +40,7 @@ __gsskrb5_ccache_lifetime(OM_uint32 *minor_status, krb5_principal principal, OM_uint32 *lifetime) { - krb5_creds in_cred, *out_cred; + krb5_creds in_cred, out_cred; krb5_const_realm realm; krb5_error_code kret; @@ -61,16 +61,16 @@ __gsskrb5_ccache_lifetime(OM_uint32 *minor_status, return GSS_S_FAILURE; } - kret = krb5_get_credentials(context, 0, - id, &in_cred, &out_cred); + kret = krb5_cc_retrieve_cred(context, id, 0, &in_cred, &out_cred); krb5_free_principal(context, in_cred.server); if (kret) { - *minor_status = kret; - return GSS_S_FAILURE; + *minor_status = 0; + *lifetime = 0; + return GSS_S_COMPLETE; } - *lifetime = out_cred->times.endtime; - krb5_free_creds(context, out_cred); + *lifetime = out_cred.times.endtime; + krb5_free_cred_contents(context, &out_cred); return GSS_S_COMPLETE; } diff --git a/source4/heimdal/lib/gssapi/krb5/external.c b/source4/heimdal/lib/gssapi/krb5/external.c index ef33c5575a..d6f14a48f7 100644 --- a/source4/heimdal/lib/gssapi/krb5/external.c +++ b/source4/heimdal/lib/gssapi/krb5/external.c @@ -153,47 +153,6 @@ gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_nt_principal_name_oid_desc = {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01") }; /* - * This name form shall be represented by the Object Identifier {iso(1) - * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) - * generic(1) user_name(1)}. The recommended symbolic name for this - * type is "GSS_KRB5_NT_USER_NAME". - */ - -/* - * This name form shall be represented by the Object Identifier {iso(1) - * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) - * generic(1) machine_uid_name(2)}. The recommended symbolic name for - * this type is "GSS_KRB5_NT_MACHINE_UID_NAME". - */ - -/* - * This name form shall be represented by the Object Identifier {iso(1) - * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) - * generic(1) string_uid_name(3)}. The recommended symbolic name for - * this type is "GSS_KRB5_NT_STRING_UID_NAME". - */ - -/* - * To support ongoing experimentation, testing, and evolution of the - * specification, the Kerberos V5 GSS-API mechanism as defined in this - * and any successor memos will be identified with the following Object - * Identifier, as defined in RFC-1510, until the specification is - * advanced to the level of Proposed Standard RFC: - * - * {iso(1), org(3), dod(5), internet(1), security(5), kerberosv5(2)} - * - * Upon advancement to the level of Proposed Standard RFC, the Kerberos - * V5 GSS-API mechanism will be identified by an Object Identifier - * having the value: - * - * {iso(1) member-body(2) United States(840) mit(113554) infosys(1) - * gssapi(2) krb5(2)} - */ - -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_mechanism_oid_desc = - {9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02") }; - -/* * draft-ietf-cat-iakerb-09, IAKERB: * The mechanism ID for IAKERB proxy GSS-API Kerberos, in accordance * with the mechanism proposed by SPNEGO [7] for negotiating protocol @@ -213,104 +172,100 @@ gss_OID_desc GSSAPI_LIB_VARIABLE __gss_iakerb_min_msg_mechanism_oid_desc = {7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x02") }; /* - * - */ - -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_peer_has_updated_spnego_oid_desc = - {9, (void *)"\x2b\x06\x01\x04\x01\xa9\x4a\x13\x05"}; - -/* - * 1.2.752.43.13 Heimdal GSS-API Extentions - */ - -/* 1.2.752.43.13.1 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_copy_ccache_x_oid_desc = - {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x01")}; - -/* 1.2.752.43.13.2 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_tkt_flags_x_oid_desc = - {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x02")}; - -/* 1.2.752.43.13.3 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_extract_authz_data_from_sec_context_x_oid_desc = - {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x03")}; - -/* 1.2.752.43.13.4 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_compat_des3_mic_x_oid_desc = - {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x04")}; - -/* 1.2.752.43.13.5 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_register_acceptor_identity_x_oid_desc = - {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x05")}; - -/* 1.2.752.43.13.6 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_export_lucid_context_x_oid_desc = - {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06")}; - -/* 1.2.752.43.13.6.1 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_export_lucid_context_v1_x_oid_desc = - {7, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06\x01")}; - -/* 1.2.752.43.13.7 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_dns_canonicalize_x_oid_desc = - {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x07")}; - -/* 1.2.752.43.13.8 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_subkey_x_oid_desc = - {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x08")}; - -/* 1.2.752.43.13.9 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_initiator_subkey_x_oid_desc = - {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x09")}; - -/* 1.2.752.43.13.10 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_acceptor_subkey_x_oid_desc = - {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0a")}; - -/* 1.2.752.43.13.11 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_send_to_kdc_x_oid_desc = - {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0b")}; - -/* 1.2.752.43.13.12 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_authtime_x_oid_desc = - {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0c")}; - -/* 1.2.752.43.13.13 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_service_keyblock_x_oid_desc = - {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0d")}; - -/* 1.2.752.43.13.14 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_allowable_enctypes_x_oid_desc = - {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0e")}; - -/* 1.2.752.43.13.15 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_default_realm_x_oid_desc = - {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0f")}; - -/* 1.2.752.43.13.16 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_ccache_name_x_oid_desc = - {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x10")}; - -/* 1.2.752.43.13.17 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_time_offset_x_oid_desc = - {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x11")}; - -/* 1.2.752.43.13.18 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_time_offset_x_oid_desc = - {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x12")}; - -/* 1.2.752.43.13.19 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_plugin_register_x_oid_desc = - {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x13")}; - -/* 1.2.752.43.14.1 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_sasl_digest_md5_mechanism_oid_desc = - {6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x01") }; - -/* * Context for krb5 calls. */ +static gss_mo_desc krb5_mo[] = { + { + GSS_C_MA_SASL_MECH_NAME, + GSS_MO_MA, + "SASL mech name", + "GS2-KRB5", + _gss_mo_get_ctx_as_string, + NULL + }, + { + GSS_C_MA_MECH_NAME, + GSS_MO_MA, + "Mechanism name", + "KRB5", + _gss_mo_get_ctx_as_string, + NULL + }, + { + GSS_C_MA_MECH_DESCRIPTION, + GSS_MO_MA, + "Mechanism description", + "Heimdal Kerberos 5 mech", + _gss_mo_get_ctx_as_string, + NULL + }, + { + GSS_C_MA_MECH_CONCRETE, + GSS_MO_MA + }, + { + GSS_C_MA_ITOK_FRAMED, + GSS_MO_MA + }, + { + GSS_C_MA_AUTH_INIT, + GSS_MO_MA + }, + { + GSS_C_MA_AUTH_TARG, + GSS_MO_MA + }, + { + GSS_C_MA_AUTH_INIT_ANON, + GSS_MO_MA + }, + { + GSS_C_MA_DELEG_CRED, + GSS_MO_MA + }, + { + GSS_C_MA_INTEG_PROT, + GSS_MO_MA + }, + { + GSS_C_MA_CONF_PROT, + GSS_MO_MA + }, + { + GSS_C_MA_MIC, + GSS_MO_MA + }, + { + GSS_C_MA_WRAP, + GSS_MO_MA + }, + { + GSS_C_MA_PROT_READY, + GSS_MO_MA + }, + { + GSS_C_MA_REPLAY_DET, + GSS_MO_MA + }, + { + GSS_C_MA_OOS_DET, + GSS_MO_MA + }, + { + GSS_C_MA_CBINDINGS, + GSS_MO_MA + }, + { + GSS_C_MA_PFS, + GSS_MO_MA + }, + { + GSS_C_MA_CTX_TRANS, + GSS_MO_MA + } +}; + /* * */ @@ -359,7 +314,16 @@ static gssapi_mech_interface_desc krb5_mech = { _gk_wrap_iov_length, _gsskrb5_store_cred, _gsskrb5_export_cred, - _gsskrb5_import_cred + _gsskrb5_import_cred, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + krb5_mo, + sizeof(krb5_mo) / sizeof(krb5_mo[0]) }; gssapi_mech_interface diff --git a/source4/heimdal/lib/gssapi/krb5/set_cred_option.c b/source4/heimdal/lib/gssapi/krb5/set_cred_option.c index d6255bacb5..5ff6172fb9 100644 --- a/source4/heimdal/lib/gssapi/krb5/set_cred_option.c +++ b/source4/heimdal/lib/gssapi/krb5/set_cred_option.c @@ -32,15 +32,6 @@ #include "gsskrb5_locl.h" -/* 1.2.752.43.13.17 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_cred_no_ci_flags_x_oid_desc = -{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x11")}; - -/* 1.2.752.43.13.18 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_import_cred_x_oid_desc = -{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x12")}; - - static OM_uint32 import_cred(OM_uint32 *minor_status, krb5_context context, diff --git a/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c b/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c index 5fc41d9954..b1368db91c 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c +++ b/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c @@ -353,7 +353,7 @@ _gss_load_mech(void) } gssapi_mech_interface -__gss_get_mechanism(gss_OID mech) +__gss_get_mechanism(gss_const_OID mech) { struct _gss_mech_switch *m; diff --git a/source4/heimdal/lib/gssapi/mech/gss_mo.c b/source4/heimdal/lib/gssapi/mech/gss_mo.c new file mode 100644 index 0000000000..354229f7ae --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_mo.c @@ -0,0 +1,464 @@ +/* + * Copyright (c) 2010 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2010 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "mech_locl.h" + +static int +get_option_def(int def, gss_const_OID mech, gss_mo_desc *mo, gss_buffer_t value) +{ + return def; +} + + +int +_gss_mo_get_option_1(gss_const_OID mech, gss_mo_desc *mo, gss_buffer_t value) +{ + return get_option_def(1, mech, mo, value); +} + +int +_gss_mo_get_option_0(gss_const_OID mech, gss_mo_desc *mo, gss_buffer_t value) +{ + return get_option_def(0, mech, mo, value); +} + +int +_gss_mo_get_ctx_as_string(gss_const_OID mech, gss_mo_desc *mo, gss_buffer_t value) +{ + if (value) { + value->value = strdup((char *)mo->ctx); + if (value->value == NULL) + return 1; + value->length = strlen((char *)mo->ctx); + } + return 0; +} + +GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL +gss_mo_set(gss_const_OID mech, gss_const_OID option, + int enable, gss_buffer_t value) +{ + gssapi_mech_interface m; + size_t n; + + if ((m = __gss_get_mechanism(mech)) == NULL) + return GSS_S_BAD_MECH; + + for (n = 0; n < m->gm_mo_num; n++) + if (gss_oid_equal(option, m->gm_mo[n].option) && m->gm_mo[n].set) + return m->gm_mo[n].set(mech, &m->gm_mo[n], enable, value); + return 0; +} + +GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL +gss_mo_get(gss_const_OID mech, gss_const_OID option, gss_buffer_t value) +{ + gssapi_mech_interface m; + size_t n; + + _mg_buffer_zero(value); + + if ((m = __gss_get_mechanism(mech)) == NULL) + return 0; + + for (n = 0; n < m->gm_mo_num; n++) + if (gss_oid_equal(option, m->gm_mo[n].option) && m->gm_mo[n].get) + return m->gm_mo[n].get(mech, &m->gm_mo[n], value); + + return 0; +} + +static void +add_all_mo(gssapi_mech_interface m, gss_OID_set *options, OM_uint32 mask) +{ + OM_uint32 minor; + size_t n; + + for (n = 0; n < m->gm_mo_num; n++) + if ((m->gm_mo[n].flags & mask) == mask) + gss_add_oid_set_member(&minor, m->gm_mo[n].option, options); +} + +GSSAPI_LIB_FUNCTION void GSSAPI_LIB_CALL +gss_mo_list(gss_const_OID mech, gss_OID_set *options) +{ + gssapi_mech_interface m; + OM_uint32 major, minor; + + if (options == NULL) + return; + + *options = GSS_C_NO_OID_SET; + + if ((m = __gss_get_mechanism(mech)) == NULL) + return; + + major = gss_create_empty_oid_set(&minor, options); + if (major != GSS_S_COMPLETE) + return; + + add_all_mo(m, options, 0); +} + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_mo_name(gss_const_OID mech, gss_const_OID option, gss_buffer_t name) +{ + gssapi_mech_interface m; + size_t n; + + if (name == NULL) + return GSS_S_BAD_NAME; + + if ((m = __gss_get_mechanism(mech)) == NULL) + return GSS_S_BAD_MECH; + + for (n = 0; n < m->gm_mo_num; n++) { + if (gss_oid_equal(option, m->gm_mo[n].option)) { + /* + * If ther is no name, its because its a GSS_C_MA and there is already a table for that. + */ + if (m->gm_mo[n].name) { + name->value = strdup(m->gm_mo[n].name); + if (name->value == NULL) + return GSS_S_BAD_NAME; + name->length = strlen(m->gm_mo[n].name); + return GSS_S_COMPLETE; + } else { + OM_uint32 junk; + return gss_display_mech_attr(&junk, option, + NULL, name, NULL); + } + } + } + return GSS_S_BAD_NAME; +} + +/* + * Helper function to allow NULL name + */ + +static OM_uint32 +mo_value(const gss_const_OID mech, gss_const_OID option, gss_buffer_t name) +{ + if (name == NULL) + return GSS_S_COMPLETE; + + if (gss_mo_get(mech, option, name) != 0 && name->length == 0) + return GSS_S_FAILURE; + + return GSS_S_COMPLETE; +} + +/** + * Returns differnt protocol names and description of the mechanism. + * + * @param minor_status minor status code + * @param desired_mech mech list query + * @param sasl_mech_name SASL GS2 protocol name + * @param mech_name gssapi protocol name + * @param mech_description description of gssapi mech + * + * @return returns GSS_S_COMPLETE or a error code. + * + * @ingroup gssapi + */ + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_inquire_saslname_for_mech(OM_uint32 *minor_status, + const gss_OID desired_mech, + gss_buffer_t sasl_mech_name, + gss_buffer_t mech_name, + gss_buffer_t mech_description) +{ + OM_uint32 major; + + _mg_buffer_zero(sasl_mech_name); + _mg_buffer_zero(mech_name); + _mg_buffer_zero(mech_description); + + if (minor_status) + *minor_status = 0; + + if (desired_mech == NULL) + return GSS_S_BAD_MECH; + + major = mo_value(desired_mech, GSS_C_MA_SASL_MECH_NAME, sasl_mech_name); + if (major) return major; + + major = mo_value(desired_mech, GSS_C_MA_MECH_NAME, mech_name); + if (major) return major; + + major = mo_value(desired_mech, GSS_C_MA_MECH_DESCRIPTION, mech_description); + if (major) return major; + + return GSS_S_COMPLETE; +} + +/** + * Find a mech for a sasl name + * + * @param minor_status minor status code + * @param sasl_mech_name + * @param mech_type + * + * @return returns GSS_S_COMPLETE or an error code. + */ + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_inquire_mech_for_saslname(OM_uint32 *minor_status, + const gss_buffer_t sasl_mech_name, + gss_OID *mech_type) +{ + struct _gss_mech_switch *m; + gss_buffer_desc name; + OM_uint32 major; + + _gss_load_mech(); + + *mech_type = NULL; + + SLIST_FOREACH(m, &_gss_mechs, gm_link) { + + major = mo_value(&m->gm_mech_oid, GSS_C_MA_SASL_MECH_NAME, &name); + if (major) + continue; + if (name.length == sasl_mech_name->length && + memcmp(name.value, sasl_mech_name->value, name.length) == 0) { + gss_release_buffer(&major, &name); + *mech_type = &m->gm_mech_oid; + return 0; + } + gss_release_buffer(&major, &name); + } + + return GSS_S_BAD_MECH; +} + +/** + * Return set of mechanism that fullfill the criteria + * + * @param minor_status minor status code + * @param desired_mech_attrs + * @param except_mech_attrs + * @param critical_mech_attrs + * @param mechs returned mechs, free with gss_release_oid_set(). + * + * @return returns GSS_S_COMPLETE or an error code. + */ + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_indicate_mechs_by_attrs(OM_uint32 * minor_status, + gss_const_OID_set desired_mech_attrs, + gss_const_OID_set except_mech_attrs, + gss_const_OID_set critical_mech_attrs, + gss_OID_set *mechs) +{ + struct _gss_mech_switch *ms; + OM_uint32 major; + size_t n, m; + + major = gss_create_empty_oid_set(minor_status, mechs); + if (major) + return major; + + _gss_load_mech(); + + SLIST_FOREACH(ms, &_gss_mechs, gm_link) { + gssapi_mech_interface mi = &ms->gm_mech; + + if (desired_mech_attrs) { + for (n = 0; n < desired_mech_attrs->count; n++) { + for (m = 0; m < mi->gm_mo_num; m++) + if (gss_oid_equal(mi->gm_mo[m].option, &desired_mech_attrs->elements[n])) + break; + if (m == mi->gm_mo_num) + goto next; + } + } + + if (except_mech_attrs) { + for (n = 0; n < desired_mech_attrs->count; n++) { + for (m = 0; m < mi->gm_mo_num; m++) { + if (gss_oid_equal(mi->gm_mo[m].option, &desired_mech_attrs->elements[n])) + goto next; + } + } + } + + if (critical_mech_attrs) { + for (n = 0; n < desired_mech_attrs->count; n++) { + for (m = 0; m < mi->gm_mo_num; m++) { + if (mi->gm_mo[m].flags & GSS_MO_MA_CRITICAL) + continue; + if (gss_oid_equal(mi->gm_mo[m].option, &desired_mech_attrs->elements[n])) + break; + } + if (m == mi->gm_mo_num) + goto next; + } + } + + + next: + do { } while(0); + } + + + return GSS_S_FAILURE; +} + +/** + * List support attributes for a mech and/or all mechanisms. + * + * @param minor_status minor status code + * @param mech given together with mech_attr will return the list of + * attributes for mechanism, can optionally be GSS_C_NO_OID. + * @param mech_attr see mech parameter, can optionally be NULL, + * release with gss_release_oid_set(). + * @param known_mech_attrs all attributes for mechanisms supported, + * release with gss_release_oid_set(). + * + * @ingroup gssapi + */ + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_inquire_attrs_for_mech(OM_uint32 * minor_status, + gss_const_OID mech, + gss_OID_set *mech_attr, + gss_OID_set *known_mech_attrs) +{ + OM_uint32 major, junk; + + if (mech_attr && mech) { + gssapi_mech_interface m; + + if ((m = __gss_get_mechanism(mech)) == NULL) { + *minor_status = 0; + return GSS_S_BAD_MECH; + } + + major = gss_create_empty_oid_set(minor_status, mech_attr); + if (major != GSS_S_COMPLETE) + return major; + + add_all_mo(m, mech_attr, GSS_MO_MA); + } + + if (known_mech_attrs) { + struct _gss_mech_switch *m; + + major = gss_create_empty_oid_set(minor_status, known_mech_attrs); + if (major) { + if (mech_attr) + gss_release_oid_set(&junk, mech_attr); + return major; + } + + _gss_load_mech(); + + SLIST_FOREACH(m, &_gss_mechs, gm_link) + add_all_mo(&m->gm_mech, known_mech_attrs, GSS_MO_MA); + } + + + return GSS_S_COMPLETE; +} + +/** + * Return names and descriptions of mech attributes + * + * @param minor_status minor status code + * @param mech_attr + * @param name + * @param short_desc + * @param long_desc + * + * @return returns GSS_S_COMPLETE or an error code. + */ + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_display_mech_attr(OM_uint32 * minor_status, + gss_const_OID mech_attr, + gss_buffer_t name, + gss_buffer_t short_desc, + gss_buffer_t long_desc) +{ + struct _gss_oid_name_table *ma = NULL; + OM_uint32 major; + size_t n; + + _mg_buffer_zero(name); + _mg_buffer_zero(short_desc); + _mg_buffer_zero(long_desc); + + if (minor_status) + *minor_status = 0; + + for (n = 0; ma == NULL && _gss_ont_ma[n].oid; n++) + if (gss_oid_equal(mech_attr, _gss_ont_ma[n].oid)) + ma = &_gss_ont_ma[n]; + + if (ma == NULL) + return GSS_S_BAD_MECH_ATTR; + + if (name) { + gss_buffer_desc n; + n.value = rk_UNCONST(ma->name); + n.length = strlen(ma->name); + major = _gss_copy_buffer(minor_status, &n, name); + if (major != GSS_S_COMPLETE) + return major; + } + + if (short_desc) { + gss_buffer_desc n; + n.value = rk_UNCONST(ma->short_desc); + n.length = strlen(ma->short_desc); + major = _gss_copy_buffer(minor_status, &n, short_desc); + if (major != GSS_S_COMPLETE) + return major; + } + + if (long_desc) { + gss_buffer_desc n; + n.value = rk_UNCONST(ma->long_desc); + n.length = strlen(ma->long_desc); + major = _gss_copy_buffer(minor_status, &n, long_desc); + if (major != GSS_S_COMPLETE) + return major; + } + + return GSS_S_COMPLETE; +} diff --git a/source4/heimdal/lib/gssapi/mech/gss_oid.c b/source4/heimdal/lib/gssapi/mech/gss_oid.c new file mode 100644 index 0000000000..0bd016cd44 --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_oid.c @@ -0,0 +1,253 @@ +/* Generated file */ +#include "mech_locl.h" + +/* GSS_KRB5_COPY_CCACHE_X - 1.2.752.43.13.1 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_copy_ccache_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x01" }; + +/* GSS_KRB5_GET_TKT_FLAGS_X - 1.2.752.43.13.2 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_tkt_flags_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x02" }; + +/* GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X - 1.2.752.43.13.3 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_extract_authz_data_from_sec_context_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x03" }; + +/* GSS_KRB5_COMPAT_DES3_MIC_X - 1.2.752.43.13.4 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_compat_des3_mic_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x04" }; + +/* GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X - 1.2.752.43.13.5 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_register_acceptor_identity_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x05" }; + +/* GSS_KRB5_EXPORT_LUCID_CONTEXT_X - 1.2.752.43.13.6 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_export_lucid_context_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x06" }; + +/* GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X - 1.2.752.43.13.6.1 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_export_lucid_context_v1_x_oid_desc = { 7, "\x2a\x85\x70\x2b\x0d\x06\x01" }; + +/* GSS_KRB5_SET_DNS_CANONICALIZE_X - 1.2.752.43.13.7 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_dns_canonicalize_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x07" }; + +/* GSS_KRB5_GET_SUBKEY_X - 1.2.752.43.13.8 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_subkey_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x08" }; + +/* GSS_KRB5_GET_INITIATOR_SUBKEY_X - 1.2.752.43.13.9 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_initiator_subkey_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x09" }; + +/* GSS_KRB5_GET_ACCEPTOR_SUBKEY_X - 1.2.752.43.13.10 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_acceptor_subkey_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0a" }; + +/* GSS_KRB5_SEND_TO_KDC_X - 1.2.752.43.13.11 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_send_to_kdc_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0b" }; + +/* GSS_KRB5_GET_AUTHTIME_X - 1.2.752.43.13.12 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_authtime_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0c" }; + +/* GSS_KRB5_GET_SERVICE_KEYBLOCK_X - 1.2.752.43.13.13 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_service_keyblock_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0d" }; + +/* GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X - 1.2.752.43.13.14 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_allowable_enctypes_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0e" }; + +/* GSS_KRB5_SET_DEFAULT_REALM_X - 1.2.752.43.13.15 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_default_realm_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0f" }; + +/* GSS_KRB5_CCACHE_NAME_X - 1.2.752.43.13.16 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_ccache_name_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x10" }; + +/* GSS_KRB5_SET_TIME_OFFSET_X - 1.2.752.43.13.17 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_time_offset_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x11" }; + +/* GSS_KRB5_GET_TIME_OFFSET_X - 1.2.752.43.13.18 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_time_offset_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x12" }; + +/* GSS_KRB5_PLUGIN_REGISTER_X - 1.2.752.43.13.19 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_plugin_register_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x13" }; + +/* GSS_NTLM_GET_SESSION_KEY_X - 1.2.752.43.13.20 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_ntlm_get_session_key_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x14" }; + +/* GSS_C_NT_NTLM - 1.2.752.43.13.21 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_ntlm_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x15" }; + +/* GSS_C_NT_DN - 1.2.752.43.13.22 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_dn_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x16" }; + +/* GSS_KRB5_NT_PRINCIPAL_NAME_REFERRAL - 1.2.752.43.13.23 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_nt_principal_name_referral_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x17" }; + +/* GSS_C_NTLM_AVGUEST - 1.2.752.43.13.24 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_avguest_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x18" }; + +/* GSS_C_NTLM_V1 - 1.2.752.43.13.25 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_v1_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x19" }; + +/* GSS_C_NTLM_V2 - 1.2.752.43.13.26 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_v2_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1a" }; + +/* GSS_C_NTLM_SESSION_KEY - 1.2.752.43.13.27 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_session_key_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1b" }; + +/* GSS_C_NTLM_FORCE_V1 - 1.2.752.43.13.28 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_force_v1_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1c" }; + +/* GSS_KRB5_CRED_NO_CI_FLAGS_X - 1.2.752.43.13.29 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_cred_no_ci_flags_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1d" }; + +/* GSS_KRB5_IMPORT_CRED_X - 1.2.752.43.13.30 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_import_cred_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1e" }; + +/* GSS_C_MA_SASL_MECH_NAME - 1.2.752.43.13.100 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_sasl_mech_name_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x64" }; + +/* GSS_C_MA_MECH_NAME - 1.2.752.43.13.101 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_name_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x65" }; + +/* GSS_C_MA_MECH_DESCRIPTION - 1.2.752.43.13.102 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_description_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x66" }; + +/* GSS_SASL_DIGEST_MD5_MECHANISM - 1.2.752.43.14.1 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_sasl_digest_md5_mechanism_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x01" }; + +/* GSS_NETLOGON_MECHANISM - 1.2.752.43.14.2 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_mechanism_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x02" }; + +/* GSS_NETLOGON_SET_SESSION_KEY_X - 1.2.752.43.14.3 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_set_session_key_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x03" }; + +/* GSS_NETLOGON_SET_SIGN_ALGORITHM_X - 1.2.752.43.14.4 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_set_sign_algorithm_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x04" }; + +/* GSS_NETLOGON_NT_NETBIOS_DNS_NAME - 1.2.752.43.14.5 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_nt_netbios_dns_name_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x05" }; + +/* GSS_KRB5_MECHANISM - 1.2.840.113554.1.2.2 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_mechanism_oid_desc = { 9, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" }; + +/* GSS_NTLM_MECHANISM - 1.3.6.1.4.1.311.2.2.10 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_ntlm_mechanism_oid_desc = { 10, "\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a" }; + +/* GSS_SPNEGO_MECHANISM - 1.3.6.1.5.5.2 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_spnego_mechanism_oid_desc = { 6, "\x2b\x06\x01\x05\x05\x02" }; + +/* GSS_C_PEER_HAS_UPDATED_SPNEGO - 1.3.6.1.4.1.9513.19.5 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_peer_has_updated_spnego_oid_desc = { 9, "\x2b\x06\x01\x04\x01\xca\x29\x13\x05" }; + +/* GSS_C_MA_MECH_CONCRETE - 1.3.6.1.5.5.13.1 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_concrete_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x01" }; + +/* GSS_C_MA_MECH_PSEUDO - 1.3.6.1.5.5.13.2 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_pseudo_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x02" }; + +/* GSS_C_MA_MECH_COMPOSITE - 1.3.6.1.5.5.13.3 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_composite_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x03" }; + +/* GSS_C_MA_MECH_NEGO - 1.3.6.1.5.5.13.4 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_nego_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x04" }; + +/* GSS_C_MA_MECH_GLUE - 1.3.6.1.5.5.13.5 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_glue_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x05" }; + +/* GSS_C_MA_NOT_MECH - 1.3.6.1.5.5.13.6 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_not_mech_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x06" }; + +/* GSS_C_MA_DEPRECATED - 1.3.6.1.5.5.13.7 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_deprecated_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x07" }; + +/* GSS_C_MA_NOT_DFLT_MECH - 1.3.6.1.5.5.13.8 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_not_dflt_mech_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x08" }; + +/* GSS_C_MA_ITOK_FRAMED - 1.3.6.1.5.5.13.9 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_itok_framed_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x09" }; + +/* GSS_C_MA_AUTH_INIT - 1.3.6.1.5.5.13.10 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_init_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0a" }; + +/* GSS_C_MA_AUTH_TARG - 1.3.6.1.5.5.13.11 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_targ_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0b" }; + +/* GSS_C_MA_AUTH_INIT_INIT - 1.3.6.1.5.5.13.12 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_init_init_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0c" }; + +/* GSS_C_MA_AUTH_TARG_INIT - 1.3.6.1.5.5.13.13 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_targ_init_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0d" }; + +/* GSS_C_MA_AUTH_INIT_ANON - 1.3.6.1.5.5.13.14 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_init_anon_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0e" }; + +/* GSS_C_MA_AUTH_TARG_ANON - 1.3.6.1.5.5.13.15 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_targ_anon_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0f" }; + +/* GSS_C_MA_DELEG_CRED - 1.3.6.1.5.5.13.16 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_deleg_cred_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x10" }; + +/* GSS_C_MA_INTEG_PROT - 1.3.6.1.5.5.13.17 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_integ_prot_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x11" }; + +/* GSS_C_MA_CONF_PROT - 1.3.6.1.5.5.13.18 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_conf_prot_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x12" }; + +/* GSS_C_MA_MIC - 1.3.6.1.5.5.13.19 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mic_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x13" }; + +/* GSS_C_MA_WRAP - 1.3.6.1.5.5.13.20 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_wrap_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x14" }; + +/* GSS_C_MA_PROT_READY - 1.3.6.1.5.5.13.21 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_prot_ready_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x15" }; + +/* GSS_C_MA_REPLAY_DET - 1.3.6.1.5.5.13.22 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_replay_det_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x16" }; + +/* GSS_C_MA_OOS_DET - 1.3.6.1.5.5.13.23 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_oos_det_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x17" }; + +/* GSS_C_MA_CBINDINGS - 1.3.6.1.5.5.13.24 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_cbindings_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x18" }; + +/* GSS_C_MA_PFS - 1.3.6.1.5.5.13.25 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_pfs_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x19" }; + +/* GSS_C_MA_COMPRESS - 1.3.6.1.5.5.13.26 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_compress_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x1a" }; + +/* GSS_C_MA_CTX_TRANS - 1.3.6.1.5.5.13.27 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_ctx_trans_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x1b" }; + +struct _gss_oid_name_table _gss_ont_ma[] = { + { GSS_C_MA_COMPRESS, "GSS_C_MA_COMPRESS", "compress", "" }, + { GSS_C_MA_AUTH_TARG_INIT, "GSS_C_MA_AUTH_TARG_INIT", "auth-targ-princ-initial", "" }, + { GSS_C_MA_CBINDINGS, "GSS_C_MA_CBINDINGS", "channel-bindings", "" }, + { GSS_C_MA_WRAP, "GSS_C_MA_WRAP", "wrap", "" }, + { GSS_C_MA_ITOK_FRAMED, "GSS_C_MA_ITOK_FRAMED", "initial-is-framed", "" }, + { GSS_C_MA_MECH_NEGO, "GSS_C_MA_MECH_NEGO", "mech-negotiation-mech", "" }, + { GSS_C_MA_MECH_COMPOSITE, "GSS_C_MA_MECH_COMPOSITE", "composite-mech", "" }, + { GSS_C_MA_REPLAY_DET, "GSS_C_MA_REPLAY_DET", "replay-detection", "" }, + { GSS_C_MA_AUTH_INIT_ANON, "GSS_C_MA_AUTH_INIT_ANON", "auth-init-princ-anon", "" }, + { GSS_C_MA_PROT_READY, "GSS_C_MA_PROT_READY", "prot-ready", "" }, + { GSS_C_MA_AUTH_INIT, "GSS_C_MA_AUTH_INIT", "auth-init-princ", "" }, + { GSS_C_MA_PFS, "GSS_C_MA_PFS", "pfs", "" }, + { GSS_C_MA_CONF_PROT, "GSS_C_MA_CONF_PROT", "conf-prot", "" }, + { GSS_C_MA_MECH_PSEUDO, "GSS_C_MA_MECH_PSEUDO", "pseudo-mech", "" }, + { GSS_C_MA_AUTH_TARG, "GSS_C_MA_AUTH_TARG", "auth-targ-princ", "" }, + { GSS_C_MA_MECH_NAME, "GSS_C_MA_MECH_NAME", "GSS mech name", "The name of the GSS-API mechanism" }, + { GSS_C_MA_NOT_MECH, "GSS_C_MA_NOT_MECH", "not-mech", "" }, + { GSS_C_MA_MIC, "GSS_C_MA_MIC", "mic", "" }, + { GSS_C_MA_DEPRECATED, "GSS_C_MA_DEPRECATED", "mech-deprecated", "" }, + { GSS_C_MA_MECH_GLUE, "GSS_C_MA_MECH_GLUE", "mech-glue", "" }, + { GSS_C_MA_DELEG_CRED, "GSS_C_MA_DELEG_CRED", "deleg-cred", "" }, + { GSS_C_MA_NOT_DFLT_MECH, "GSS_C_MA_NOT_DFLT_MECH", "mech-not-default", "" }, + { GSS_C_MA_AUTH_TARG_ANON, "GSS_C_MA_AUTH_TARG_ANON", "auth-targ-princ-anon", "" }, + { GSS_C_MA_INTEG_PROT, "GSS_C_MA_INTEG_PROT", "integ-prot", "" }, + { GSS_C_MA_CTX_TRANS, "GSS_C_MA_CTX_TRANS", "context-transfer", "" }, + { GSS_C_MA_MECH_DESCRIPTION, "GSS_C_MA_MECH_DESCRIPTION", "Mech description", "The long description of the mechanism" }, + { GSS_C_MA_OOS_DET, "GSS_C_MA_OOS_DET", "oos-detection", "" }, + { GSS_C_MA_AUTH_INIT_INIT, "GSS_C_MA_AUTH_INIT_INIT", "auth-init-princ-initial", "" }, + { GSS_C_MA_MECH_CONCRETE, "GSS_C_MA_MECH_CONCRETE", "concrete-mech", "Indicates that a mech is neither a pseudo-mechanism nor a composite mechanism" }, + { GSS_C_MA_SASL_MECH_NAME, "GSS_C_MA_SASL_MECH_NAME", "SASL mechanism name", "The name of the SASL mechanism" }, + { NULL } +}; + +struct _gss_oid_name_table _gss_ont_mech[] = { + { GSS_KRB5_MECHANISM, "GSS_KRB5_MECHANISM", "Kerberos 5", "Heimdal Kerberos 5 mechanism" }, + { GSS_SPNEGO_MECHANISM, "GSS_SPNEGO_MECHANISM", "SPNEGO", "Heimdal SPNEGO mechanism" }, + { GSS_NTLM_MECHANISM, "GSS_NTLM_MECHANISM", "NTLM", "Heimdal NTLM mechanism" }, + { NULL } +}; diff --git a/source4/heimdal/lib/gssapi/mech/gss_oid_equal.c b/source4/heimdal/lib/gssapi/mech/gss_oid_equal.c index 3e64135089..7d6ded39e4 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_oid_equal.c +++ b/source4/heimdal/lib/gssapi/mech/gss_oid_equal.c @@ -48,7 +48,7 @@ */ GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL -gss_oid_equal(const gss_OID a, const gss_OID b) +gss_oid_equal(gss_const_OID a, gss_const_OID b) { if (a == b && a != GSS_C_NO_OID) return 1; diff --git a/source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c b/source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c index d8e188da08..a1d7768772 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c +++ b/source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c @@ -65,3 +65,34 @@ gss_oid_to_str(OM_uint32 *minor_status, gss_OID oid, gss_buffer_t oid_str) *minor_status = 0; return GSS_S_COMPLETE; } + +GSSAPI_LIB_FUNCTION const char * GSSAPI_LIB_CALL +gss_oid_to_name(gss_const_OID oid) +{ + size_t i; + + for (i = 0; _gss_ont_mech[i].oid; i++) { + if (gss_oid_equal(oid, _gss_ont_mech[i].oid)) + return _gss_ont_mech[i].name; + } + return NULL; +} + +GSSAPI_LIB_FUNCTION gss_OID GSSAPI_LIB_CALL +gss_name_to_oid(const char *name) +{ + size_t i, partial = (size_t)-1; + + for (i = 0; _gss_ont_mech[i].oid; i++) { + if (strcasecmp(name, _gss_ont_mech[i].short_desc) == 0) + return _gss_ont_mech[i].oid; + if (strncasecmp(name, _gss_ont_mech[i].short_desc, strlen(name)) == 0) { + if (partial != (size_t)-1) + return NULL; + partial = i; + } + } + if (partial != (size_t)-1) + return _gss_ont_mech[partial].oid; + return NULL; +} diff --git a/source4/heimdal/lib/gssapi/mech/gss_wrap.c b/source4/heimdal/lib/gssapi/mech/gss_wrap.c index dcbb4fcdfe..d9864b36cc 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_wrap.c +++ b/source4/heimdal/lib/gssapi/mech/gss_wrap.c @@ -28,6 +28,21 @@ #include "mech_locl.h" +/** + * Wrap a message using either confidentiality (encryption + + * signature) or sealing (signature). + * + * @param minor_status minor status code. + * @param context_handle context handle. + * @param conf_req_flag if non zero, confidentiality is requestd. + * @param qop_req type of protection needed, in most cases it GSS_C_QOP_DEFAULT should be passed in. + * @param input_message_buffer messages to wrap + * @param conf_state returns non zero if confidentiality was honoured. + * @param output_message_buffer the resulting buffer, release with gss_release_buffer(). + * + * @ingroup gssapi + */ + GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_wrap(OM_uint32 *minor_status, const gss_ctx_id_t context_handle, diff --git a/source4/heimdal/lib/gssapi/mech/mech_locl.h b/source4/heimdal/lib/gssapi/mech/mech_locl.h index 17721fd3ce..cb10c23c38 100644 --- a/source4/heimdal/lib/gssapi/mech/mech_locl.h +++ b/source4/heimdal/lib/gssapi/mech/mech_locl.h @@ -64,4 +64,17 @@ #include "utils.h" #define _mg_buffer_zero(buffer) \ - do { (buffer)->value = NULL; (buffer)->length = 0; } while(0) + do { \ + if (buffer) { \ + (buffer)->value = NULL; \ + (buffer)->length = 0; \ + } \ + } while(0) + +#define _mg_oid_set_zero(oid_set) \ + do { \ + if (oid_set) { \ + (oid_set)->elements = NULL; \ + (oid_set)->count = 0; \ + } \ + } while(0) diff --git a/source4/heimdal/lib/gssapi/spnego/external.c b/source4/heimdal/lib/gssapi/spnego/external.c index d21e4dc7fe..5054754150 100644 --- a/source4/heimdal/lib/gssapi/spnego/external.c +++ b/source4/heimdal/lib/gssapi/spnego/external.c @@ -40,6 +40,41 @@ * iso.org.dod.internet.security.mechanism.snego (1.3.6.1.5.5.2). */ +static gss_mo_desc spnego_mo[] = { + { + GSS_C_MA_SASL_MECH_NAME, + GSS_MO_MA, + "SASL mech name", + "SPNEGO", + _gss_mo_get_ctx_as_string, + NULL + }, + { + GSS_C_MA_MECH_NAME, + GSS_MO_MA, + "Mechanism name", + "SPNEGO", + _gss_mo_get_ctx_as_string, + NULL + }, + { + GSS_C_MA_MECH_DESCRIPTION, + GSS_MO_MA, + "Mechanism description", + "Heimdal SPNEGO Mechanism", + _gss_mo_get_ctx_as_string, + NULL + }, + { + GSS_C_MA_MECH_NEGO, + GSS_MO_MA + }, + { + GSS_C_MA_MECH_PSEUDO, + GSS_MO_MA + } +}; + static gssapi_mech_interface_desc spnego_mech = { GMI_VERSION, "spnego", @@ -84,7 +119,16 @@ static gssapi_mech_interface_desc spnego_mech = { _gss_spnego_wrap_iov_length, NULL, _gss_spnego_export_cred, - _gss_spnego_import_cred + _gss_spnego_import_cred, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + spnego_mo, + sizeof(spnego_mo) / sizeof(spnego_mo[0]) }; gssapi_mech_interface @@ -92,6 +136,3 @@ __gss_spnego_initialize(void) { return &spnego_mech; } - -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_spnego_mechanism_oid_desc = - {6, (void *)"\x2b\x06\x01\x05\x05\x02"}; diff --git a/source4/heimdal/lib/hcrypto/rsa-ltm.c b/source4/heimdal/lib/hcrypto/rsa-ltm.c index f4828104b6..6ef4a83c51 100644 --- a/source4/heimdal/lib/hcrypto/rsa-ltm.c +++ b/source4/heimdal/lib/hcrypto/rsa-ltm.c @@ -385,8 +385,7 @@ ltm_rsa_private_decrypt(int flen, const unsigned char* from, unsigned char* to, RSA* rsa, int padding) { unsigned char *ptr; - int res; - size_t size; + int res, size; mp_int in, out, n, e, b, bi; int blinding = (rsa->flags & RSA_FLAG_NO_BLINDING) == 0; int do_unblind = 0; diff --git a/source4/heimdal/lib/hcrypto/validate.c b/source4/heimdal/lib/hcrypto/validate.c index 3ed358df66..f6f8be7030 100644 --- a/source4/heimdal/lib/hcrypto/validate.c +++ b/source4/heimdal/lib/hcrypto/validate.c @@ -38,7 +38,6 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> -#include <getarg.h> #include <roken.h> #include <evp.h> diff --git a/source4/heimdal/lib/hdb/db.c b/source4/heimdal/lib/hdb/db.c index 9de0a04a1f..69940edf89 100644 --- a/source4/heimdal/lib/hdb/db.c +++ b/source4/heimdal/lib/hdb/db.c @@ -318,7 +318,7 @@ hdb_db_create(krb5_context context, HDB **db, (*db)->hdb_capability_flags = HDB_CAP_F_HANDLE_ENTERPRISE_PRINCIPAL; (*db)->hdb_open = DB_open; (*db)->hdb_close = DB_close; - (*db)->hdb_fetch = _hdb_fetch; + (*db)->hdb_fetch_kvno = _hdb_fetch_kvno; (*db)->hdb_store = _hdb_store; (*db)->hdb_remove = _hdb_remove; (*db)->hdb_firstkey = DB_firstkey; diff --git a/source4/heimdal/lib/hdb/hdb-keytab.c b/source4/heimdal/lib/hdb/hdb-keytab.c index 393981e47d..c1bad86796 100644 --- a/source4/heimdal/lib/hdb/hdb-keytab.c +++ b/source4/heimdal/lib/hdb/hdb-keytab.c @@ -118,7 +118,7 @@ hkt_open(krb5_context context, HDB * db, int flags, mode_t mode) static krb5_error_code hkt_fetch_kvno(krb5_context context, HDB * db, krb5_const_principal principal, - unsigned flags, unsigned kvno, hdb_entry_ex * entry) + unsigned flags, krb5_kvno kvno, hdb_entry_ex * entry) { hdb_keytab k = (hdb_keytab)db->hdb_db; krb5_error_code ret; @@ -171,13 +171,6 @@ hkt_fetch_kvno(krb5_context context, HDB * db, krb5_const_principal principal, } static krb5_error_code -hkt_fetch(krb5_context context, HDB * db, krb5_const_principal principal, - unsigned flags, hdb_entry_ex * entry) -{ - return hkt_fetch_kvno(context, db, principal, flags & ~HDB_F_KVNO_SPECIFIED, 0, entry); -} - -static krb5_error_code hkt_store(krb5_context context, HDB * db, unsigned flags, hdb_entry_ex * entry) { @@ -221,7 +214,6 @@ hdb_keytab_create(krb5_context context, HDB ** db, const char *arg) (*db)->hdb_openp = 0; (*db)->hdb_open = hkt_open; (*db)->hdb_close = hkt_close; - (*db)->hdb_fetch = hkt_fetch; (*db)->hdb_fetch_kvno = hkt_fetch_kvno; (*db)->hdb_store = hkt_store; (*db)->hdb_remove = NULL; diff --git a/source4/heimdal/lib/hdb/hdb.c b/source4/heimdal/lib/hdb/hdb.c index 97de918933..2c1de8b3d7 100644 --- a/source4/heimdal/lib/hdb/hdb.c +++ b/source4/heimdal/lib/hdb/hdb.c @@ -318,7 +318,7 @@ find_dynamic_method (krb5_context context, if (asprintf(&symbol, "hdb_%s_interface", prefix) == -1) krb5_errx(context, 1, "out of memory"); - mso = dlsym(dl, symbol); + mso = (struct hdb_so_method *) dlsym(dl, symbol); if (mso == NULL) { krb5_warnx(context, "error finding symbol %s in %s: %s\n", symbol, path, dlerror()); diff --git a/source4/heimdal/lib/hdb/hdb.h b/source4/heimdal/lib/hdb/hdb.h index bcd190caa3..1b0468a481 100644 --- a/source4/heimdal/lib/hdb/hdb.h +++ b/source4/heimdal/lib/hdb/hdb.h @@ -71,6 +71,13 @@ enum hdb_lockop{ HDB_RLOCK, HDB_WLOCK }; typedef struct hdb_master_key_data *hdb_master_key; +/** + * hdb_entry_ex is a wrapper structure around the hdb_entry structure + * that allows backends to keep a pointer to the backing store, ie in + * ->hdb_fetch_kvno(), so that we the kadmin/kpasswd backend gets around to + * ->hdb_store(), the backend doesn't need to lookup the entry again. + */ + typedef struct hdb_entry_ex { void *ctx; hdb_entry entry; @@ -121,19 +128,10 @@ typedef struct HDB{ * * Fetch an entry from the backend, flags are what type of entry * should be fetch: client, server, krbtgt. - */ - krb5_error_code (*hdb_fetch)(krb5_context, struct HDB*, - krb5_const_principal, unsigned, - hdb_entry_ex*); - /** - * Fetch an entry from the backend - * - * Fetch an entry from the backend, flags are what type of entry - * should be fetch: client, server, krbtgt. * knvo (if specified and flags HDB_F_KVNO_SPECIFIED set) is the kvno to get */ krb5_error_code (*hdb_fetch_kvno)(krb5_context, struct HDB*, - krb5_const_principal, unsigned, unsigned, + krb5_const_principal, unsigned, krb5_kvno, hdb_entry_ex*); /** * Store an entry to database @@ -222,7 +220,7 @@ typedef struct HDB{ * all other operations, increasing the kvno, and update * modification timestamp. * - * The backen need to call _kadm5_set_keys() and perform password + * The backend needs to call _kadm5_set_keys() and perform password * quality checks. */ krb5_error_code (*hdb_password)(krb5_context, struct HDB*, hdb_entry_ex*, const char *, int); @@ -238,7 +236,7 @@ typedef struct HDB{ */ krb5_error_code (*hdb_auth_status)(krb5_context, struct HDB *, hdb_entry_ex *, int); /** - * Check is delegation is allowed. + * Check if delegation is allowed. */ krb5_error_code (*hdb_check_constrained_delegation)(krb5_context, struct HDB *, hdb_entry_ex *, krb5_const_principal); diff --git a/source4/heimdal/lib/hdb/keytab.c b/source4/heimdal/lib/hdb/keytab.c index b8cc0d47ee..05b78dafc5 100644 --- a/source4/heimdal/lib/hdb/keytab.c +++ b/source4/heimdal/lib/hdb/keytab.c @@ -211,17 +211,10 @@ hdb_get_entry(krb5_context context, goto out2; } - if (*db->hdb_fetch_kvno) { - ret = (*db->hdb_fetch_kvno)(context, db, principal, - HDB_F_DECRYPT|HDB_F_KVNO_SPECIFIED| - HDB_F_GET_CLIENT|HDB_F_GET_SERVER|HDB_F_GET_KRBTGT, - kvno, &ent); - } else { - ret = (*db->hdb_fetch)(context, db, principal, - HDB_F_DECRYPT| - HDB_F_GET_CLIENT|HDB_F_GET_SERVER|HDB_F_GET_KRBTGT, - &ent); - } + ret = (*db->hdb_fetch_kvno)(context, db, principal, + HDB_F_DECRYPT|HDB_F_KVNO_SPECIFIED| + HDB_F_GET_CLIENT|HDB_F_GET_SERVER|HDB_F_GET_KRBTGT, + kvno, &ent); if(ret == HDB_ERR_NOENTRY) { ret = KRB5_KT_NOTFOUND; diff --git a/source4/heimdal/lib/hdb/ndbm.c b/source4/heimdal/lib/hdb/ndbm.c index 2a57d2ac27..5b2c07e5f6 100644 --- a/source4/heimdal/lib/hdb/ndbm.c +++ b/source4/heimdal/lib/hdb/ndbm.c @@ -370,7 +370,7 @@ hdb_ndbm_create(krb5_context context, HDB **db, (*db)->hdb_capability_flags = HDB_CAP_F_HANDLE_ENTERPRISE_PRINCIPAL; (*db)->hdb_open = NDBM_open; (*db)->hdb_close = NDBM_close; - (*db)->hdb_fetch = _hdb_fetch; + (*db)->hdb_fetch_kvno = _hdb_fetch_kvno; (*db)->hdb_store = _hdb_store; (*db)->hdb_remove = _hdb_remove; (*db)->hdb_firstkey = NDBM_firstkey; diff --git a/source4/heimdal/lib/hx509/sel-gram.c b/source4/heimdal/lib/hx509/sel-gram.c index 8612b172da..5e705f19fd 100644 --- a/source4/heimdal/lib/hx509/sel-gram.c +++ b/source4/heimdal/lib/hx509/sel-gram.c @@ -8,17 +8,29 @@ static const char yysccsid[] = "@(#)yaccpar 1.9 (Berkeley) 02/21/93"; #define YYBYACC 1 #define YYMAJOR 1 #define YYMINOR 9 -#define YYPATCH 20070509 +#define YYPATCH 20100216 -#define YYEMPTY (-1) -#define yyclearin (yychar = YYEMPTY) -#define yyerrok (yyerrflag = 0) -#define YYRECOVERING (yyerrflag != 0) +#define YYEMPTY (-1) +#define yyclearin (yychar = YYEMPTY) +#define yyerrok (yyerrflag = 0) +#define YYRECOVERING() (yyerrflag != 0) -extern int yyparse(void); - -static int yygrowstack(void); #define YYPREFIX "yy" + +/* compatibility with bison */ +#ifdef YYPARSE_PARAM +/* compatibility with FreeBSD */ +#ifdef YYPARSE_PARAM_TYPE +#define YYPARSE_DECL() yyparse(YYPARSE_PARAM_TYPE YYPARSE_PARAM) +#else +#define YYPARSE_DECL() yyparse(void *YYPARSE_PARAM) +#endif +#else +#define YYPARSE_DECL() yyparse(void) +#endif /* YYPARSE_PARAM */ + +extern int YYPARSE_DECL(); + #line 35 "" #ifdef HAVE_CONFIG_H #include <config.h> @@ -33,7 +45,7 @@ typedef union { char *string; struct hx_expr *expr; } YYSTYPE; -#line 37 "" +#line 48 "" #define kw_TRUE 257 #define kw_FALSE 258 #define kw_AND 259 @@ -44,45 +56,45 @@ typedef union { #define STRING 264 #define IDENTIFIER 265 #define YYERRCODE 256 -short yylhs[] = { -1, +static const short yylhs[] = { -1, 0, 1, 1, 1, 1, 1, 1, 1, 4, 4, 2, 2, 2, 2, 2, 3, 3, 3, 3, 5, 6, 7, 8, 9, 9, }; -short yylen[] = { 2, +static const short yylen[] = { 2, 1, 1, 1, 2, 3, 3, 3, 1, 1, 3, 4, 4, 3, 5, 3, 1, 1, 1, 1, 1, 1, 4, 4, 3, 1, }; -short yydefred[] = { 0, +static const short yydefred[] = { 0, 2, 3, 20, 21, 0, 0, 0, 0, 0, 0, 8, 0, 16, 17, 18, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 7, 0, 0, 0, 0, 0, 15, 13, 0, 0, 0, 22, 0, 23, 0, 12, 11, 10, 24, 14, }; -short yydgoto[] = { 9, +static const short yydgoto[] = { 9, 10, 11, 12, 28, 13, 14, 15, 16, 31, }; -short yysindex[] = { -33, +static const short yysindex[] = { -33, 0, 0, 0, 0, -23, -33, -33, -105, 0, -247, 0, -28, 0, 0, 0, 0, -36, -247, -39, -244, -33, -33, -26, -36, -38, -37, -22, -16, 0, -19, -97, -247, -247, -36, 0, 0, -36, -36, -36, 0, -244, 0, -9, 0, 0, 0, 0, 0, }; -short yyrindex[] = { 0, +static const short yyrindex[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 36, 0, 0, 0, 0, 0, 0, 0, 3, 0, 0, 0, 0, 0, 0, 0, 0, -4, 0, 0, -87, 0, 6, 8, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, }; -short yygindex[] = { 0, +static const short yygindex[] = { 0, 13, 0, -8, -24, 0, 0, 0, 16, -1, }; #define YYTABLESIZE 234 -short yytable[] = { 6, +static const short yytable[] = { 6, 8, 29, 4, 8, 25, 5, 7, 6, 27, 43, 8, 21, 22, 34, 46, 36, 17, 20, 18, 19, 30, 39, 37, 38, 40, 27, 41, 42, 44, 45, @@ -108,7 +120,7 @@ short yytable[] = { 6, 22, 0, 0, 1, 2, 0, 3, 4, 5, 3, 4, 5, 23, 24, }; -short yycheck[] = { 33, +static const short yycheck[] = { 33, 37, 41, 0, 37, 33, 0, 40, 0, 17, 34, 37, 259, 260, 40, 39, 24, 40, 123, 6, 7, 265, 44, 61, 61, 41, 34, 46, 125, 37, 38, @@ -140,7 +152,8 @@ short yycheck[] = { 33, #endif #define YYMAXTOKEN 265 #if YYDEBUG -char *yyname[] = { +static const char *yyname[] = { + "end-of-file",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, "'!'",0,0,0,"'%'",0,0,"'('","')'",0,0,"','",0,"'.'",0,0,0,0,0,0,0,0,0,0,0,0,0,0, "'='",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, @@ -151,7 +164,7 @@ char *yyname[] = { 0,0,"kw_TRUE","kw_FALSE","kw_AND","kw_OR","kw_IN","kw_TAILMATCH","NUMBER", "STRING","IDENTIFIER", }; -char *yyrule[] = { +static const char *yyrule[] = { "$accept : start", "start : expr", "expr : kw_TRUE", @@ -178,6 +191,7 @@ char *yyrule[] = { "variable : '%' '{' variables '}'", "variables : IDENTIFIER '.' variables", "variables : IDENTIFIER", + }; #endif #if YYDEBUG @@ -201,64 +215,86 @@ char *yyrule[] = { int yydebug; int yynerrs; + +typedef struct { + unsigned stacksize; + short *s_base; + short *s_mark; + short *s_last; + YYSTYPE *l_base; + YYSTYPE *l_mark; +} YYSTACKDATA; + +#define YYPURE 0 + int yyerrflag; int yychar; -short *yyssp; -YYSTYPE *yyvsp; YYSTYPE yyval; YYSTYPE yylval; /* variables for the parser stack */ -static short *yyss; -static short *yysslim; -static YYSTYPE *yyvs; -static int yystacksize; +static YYSTACKDATA yystack; /* allocate initial stack or double stack size, up to YYMAXDEPTH */ -static int yygrowstack(void) +static int yygrowstack(YYSTACKDATA *data) { - int newsize, i; + int i; + unsigned newsize; short *newss; YYSTYPE *newvs; - if ((newsize = yystacksize) == 0) + if ((newsize = data->stacksize) == 0) newsize = YYINITSTACKSIZE; else if (newsize >= YYMAXDEPTH) return -1; else if ((newsize *= 2) > YYMAXDEPTH) newsize = YYMAXDEPTH; - i = yyssp - yyss; - newss = (yyss != 0) - ? (short *)realloc(yyss, newsize * sizeof(*newss)) + i = data->s_mark - data->s_base; + newss = (data->s_base != 0) + ? (short *)realloc(data->s_base, newsize * sizeof(*newss)) : (short *)malloc(newsize * sizeof(*newss)); if (newss == 0) return -1; - yyss = newss; - yyssp = newss + i; - newvs = (yyvs != 0) - ? (YYSTYPE *)realloc(yyvs, newsize * sizeof(*newvs)) + data->s_base = newss; + data->s_mark = newss + i; + + newvs = (data->l_base != 0) + ? (YYSTYPE *)realloc(data->l_base, newsize * sizeof(*newvs)) : (YYSTYPE *)malloc(newsize * sizeof(*newvs)); if (newvs == 0) return -1; - yyvs = newvs; - yyvsp = newvs + i; - yystacksize = newsize; - yysslim = yyss + newsize - 1; + data->l_base = newvs; + data->l_mark = newvs + i; + + data->stacksize = newsize; + data->s_last = data->s_base + newsize - 1; return 0; } -#define YYABORT goto yyabort +#if YYPURE || defined(YY_NO_LEAKS) +static void yyfreestack(YYSTACKDATA *data) +{ + free(data->s_base); + free(data->l_base); + memset(data, 0, sizeof(*data)); +} +#else +#define yyfreestack(data) /* nothing */ +#endif + +#define YYABORT goto yyabort #define YYREJECT goto yyabort #define YYACCEPT goto yyaccept -#define YYERROR goto yyerrlab +#define YYERROR goto yyerrlab + int -yyparse(void) +YYPARSE_DECL() { - register int yym, yyn, yystate; + int yym, yyn, yystate; #if YYDEBUG - register const char *yys; + const char *yys; if ((yys = getenv("YYDEBUG")) != 0) { @@ -271,11 +307,17 @@ yyparse(void) yynerrs = 0; yyerrflag = 0; yychar = YYEMPTY; + yystate = 0; - if (yyss == NULL && yygrowstack()) goto yyoverflow; - yyssp = yyss; - yyvsp = yyvs; - *yyssp = yystate = 0; +#if YYPURE + memset(&yystack, 0, sizeof(yystack)); +#endif + + if (yystack.s_base == NULL && yygrowstack(&yystack)) goto yyoverflow; + yystack.s_mark = yystack.s_base; + yystack.l_mark = yystack.l_base; + yystate = 0; + *yystack.s_mark = 0; yyloop: if ((yyn = yydefred[yystate]) != 0) goto yyreduce; @@ -301,12 +343,13 @@ yyloop: printf("%sdebug: state %d, shifting to state %d\n", YYPREFIX, yystate, yytable[yyn]); #endif - if (yyssp >= yysslim && yygrowstack()) + if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack)) { goto yyoverflow; } - *++yyssp = yystate = yytable[yyn]; - *++yyvsp = yylval; + yystate = yytable[yyn]; + *++yystack.s_mark = yytable[yyn]; + *++yystack.l_mark = yylval; yychar = YYEMPTY; if (yyerrflag > 0) --yyerrflag; goto yyloop; @@ -321,9 +364,7 @@ yyloop: yyerror("syntax error"); -#ifdef lint goto yyerrlab; -#endif yyerrlab: ++yynerrs; @@ -334,20 +375,21 @@ yyinrecovery: yyerrflag = 3; for (;;) { - if ((yyn = yysindex[*yyssp]) && (yyn += YYERRCODE) >= 0 && + if ((yyn = yysindex[*yystack.s_mark]) && (yyn += YYERRCODE) >= 0 && yyn <= YYTABLESIZE && yycheck[yyn] == YYERRCODE) { #if YYDEBUG if (yydebug) printf("%sdebug: state %d, error recovery shifting\ - to state %d\n", YYPREFIX, *yyssp, yytable[yyn]); + to state %d\n", YYPREFIX, *yystack.s_mark, yytable[yyn]); #endif - if (yyssp >= yysslim && yygrowstack()) + if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack)) { goto yyoverflow; } - *++yyssp = yystate = yytable[yyn]; - *++yyvsp = yylval; + yystate = yytable[yyn]; + *++yystack.s_mark = yytable[yyn]; + *++yystack.l_mark = yylval; goto yyloop; } else @@ -355,11 +397,11 @@ yyinrecovery: #if YYDEBUG if (yydebug) printf("%sdebug: error recovery discarding state %d\n", - YYPREFIX, *yyssp); + YYPREFIX, *yystack.s_mark); #endif - if (yyssp <= yyss) goto yyabort; - --yyssp; - --yyvsp; + if (yystack.s_mark <= yystack.s_base) goto yyabort; + --yystack.s_mark; + --yystack.l_mark; } } } @@ -388,119 +430,119 @@ yyreduce: #endif yym = yylen[yyn]; if (yym) - yyval = yyvsp[1-yym]; + yyval = yystack.l_mark[1-yym]; else memset(&yyval, 0, sizeof yyval); switch (yyn) { case 1: #line 73 "" -{ _hx509_expr_input.expr = yyvsp[0].expr; } + { _hx509_expr_input.expr = yystack.l_mark[0].expr; } break; case 2: #line 75 "" -{ yyval.expr = _hx509_make_expr(op_TRUE, NULL, NULL); } + { yyval.expr = _hx509_make_expr(op_TRUE, NULL, NULL); } break; case 3: #line 76 "" -{ yyval.expr = _hx509_make_expr(op_FALSE, NULL, NULL); } + { yyval.expr = _hx509_make_expr(op_FALSE, NULL, NULL); } break; case 4: #line 77 "" -{ yyval.expr = _hx509_make_expr(op_NOT, yyvsp[0].expr, NULL); } + { yyval.expr = _hx509_make_expr(op_NOT, yystack.l_mark[0].expr, NULL); } break; case 5: #line 78 "" -{ yyval.expr = _hx509_make_expr(op_AND, yyvsp[-2].expr, yyvsp[0].expr); } + { yyval.expr = _hx509_make_expr(op_AND, yystack.l_mark[-2].expr, yystack.l_mark[0].expr); } break; case 6: #line 79 "" -{ yyval.expr = _hx509_make_expr(op_OR, yyvsp[-2].expr, yyvsp[0].expr); } + { yyval.expr = _hx509_make_expr(op_OR, yystack.l_mark[-2].expr, yystack.l_mark[0].expr); } break; case 7: #line 80 "" -{ yyval.expr = yyvsp[-1].expr; } + { yyval.expr = yystack.l_mark[-1].expr; } break; case 8: #line 81 "" -{ yyval.expr = _hx509_make_expr(op_COMP, yyvsp[0].expr, NULL); } + { yyval.expr = _hx509_make_expr(op_COMP, yystack.l_mark[0].expr, NULL); } break; case 9: #line 84 "" -{ yyval.expr = _hx509_make_expr(expr_WORDS, yyvsp[0].expr, NULL); } + { yyval.expr = _hx509_make_expr(expr_WORDS, yystack.l_mark[0].expr, NULL); } break; case 10: #line 85 "" -{ yyval.expr = _hx509_make_expr(expr_WORDS, yyvsp[-2].expr, yyvsp[0].expr); } + { yyval.expr = _hx509_make_expr(expr_WORDS, yystack.l_mark[-2].expr, yystack.l_mark[0].expr); } break; case 11: #line 88 "" -{ yyval.expr = _hx509_make_expr(comp_EQ, yyvsp[-3].expr, yyvsp[0].expr); } + { yyval.expr = _hx509_make_expr(comp_EQ, yystack.l_mark[-3].expr, yystack.l_mark[0].expr); } break; case 12: #line 89 "" -{ yyval.expr = _hx509_make_expr(comp_NE, yyvsp[-3].expr, yyvsp[0].expr); } + { yyval.expr = _hx509_make_expr(comp_NE, yystack.l_mark[-3].expr, yystack.l_mark[0].expr); } break; case 13: #line 90 "" -{ yyval.expr = _hx509_make_expr(comp_TAILEQ, yyvsp[-2].expr, yyvsp[0].expr); } + { yyval.expr = _hx509_make_expr(comp_TAILEQ, yystack.l_mark[-2].expr, yystack.l_mark[0].expr); } break; case 14: #line 91 "" -{ yyval.expr = _hx509_make_expr(comp_IN, yyvsp[-4].expr, yyvsp[-1].expr); } + { yyval.expr = _hx509_make_expr(comp_IN, yystack.l_mark[-4].expr, yystack.l_mark[-1].expr); } break; case 15: #line 92 "" -{ yyval.expr = _hx509_make_expr(comp_IN, yyvsp[-2].expr, yyvsp[0].expr); } + { yyval.expr = _hx509_make_expr(comp_IN, yystack.l_mark[-2].expr, yystack.l_mark[0].expr); } break; case 16: #line 95 "" -{ yyval.expr = yyvsp[0].expr; } + { yyval.expr = yystack.l_mark[0].expr; } break; case 17: #line 96 "" -{ yyval.expr = yyvsp[0].expr; } + { yyval.expr = yystack.l_mark[0].expr; } break; case 18: #line 97 "" -{ yyval.expr = yyvsp[0].expr; } + { yyval.expr = yystack.l_mark[0].expr; } break; case 19: #line 98 "" -{ yyval.expr = yyvsp[0].expr; } + { yyval.expr = yystack.l_mark[0].expr; } break; case 20: #line 101 "" -{ yyval.expr = _hx509_make_expr(expr_NUMBER, yyvsp[0].string, NULL); } + { yyval.expr = _hx509_make_expr(expr_NUMBER, yystack.l_mark[0].string, NULL); } break; case 21: #line 102 "" -{ yyval.expr = _hx509_make_expr(expr_STRING, yyvsp[0].string, NULL); } + { yyval.expr = _hx509_make_expr(expr_STRING, yystack.l_mark[0].string, NULL); } break; case 22: #line 104 "" -{ - yyval.expr = _hx509_make_expr(expr_FUNCTION, yyvsp[-3].string, yyvsp[-1].expr); } + { + yyval.expr = _hx509_make_expr(expr_FUNCTION, yystack.l_mark[-3].string, yystack.l_mark[-1].expr); } break; case 23: #line 107 "" -{ yyval.expr = yyvsp[-1].expr; } + { yyval.expr = yystack.l_mark[-1].expr; } break; case 24: #line 110 "" -{ - yyval.expr = _hx509_make_expr(expr_VAR, yyvsp[-2].string, yyvsp[0].expr); } + { + yyval.expr = _hx509_make_expr(expr_VAR, yystack.l_mark[-2].string, yystack.l_mark[0].expr); } break; case 25: #line 112 "" -{ - yyval.expr = _hx509_make_expr(expr_VAR, yyvsp[0].string, NULL); } + { + yyval.expr = _hx509_make_expr(expr_VAR, yystack.l_mark[0].string, NULL); } break; -#line 500 "" +#line 541 "" } - yyssp -= yym; - yystate = *yyssp; - yyvsp -= yym; + yystack.s_mark -= yym; + yystate = *yystack.s_mark; + yystack.l_mark -= yym; yym = yylhs[yyn]; if (yystate == 0 && yym == 0) { @@ -510,8 +552,8 @@ break; state %d\n", YYPREFIX, YYFINAL); #endif yystate = YYFINAL; - *++yyssp = YYFINAL; - *++yyvsp = yyval; + *++yystack.s_mark = YYFINAL; + *++yystack.l_mark = yyval; if (yychar < 0) { if ((yychar = yylex()) < 0) yychar = 0; @@ -537,22 +579,24 @@ break; #if YYDEBUG if (yydebug) printf("%sdebug: after reduction, shifting from state %d \ -to state %d\n", YYPREFIX, *yyssp, yystate); +to state %d\n", YYPREFIX, *yystack.s_mark, yystate); #endif - if (yyssp >= yysslim && yygrowstack()) + if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack)) { goto yyoverflow; } - *++yyssp = yystate; - *++yyvsp = yyval; + *++yystack.s_mark = (short) yystate; + *++yystack.l_mark = yyval; goto yyloop; yyoverflow: yyerror("yacc stack overflow"); yyabort: + yyfreestack(&yystack); return (1); yyaccept: + yyfreestack(&yystack); return (0); } diff --git a/source4/heimdal/lib/krb5/cache.c b/source4/heimdal/lib/krb5/cache.c index 32a131b07c..211642e568 100644 --- a/source4/heimdal/lib/krb5/cache.c +++ b/source4/heimdal/lib/krb5/cache.c @@ -134,7 +134,7 @@ krb5_cc_register(krb5_context context, } } if(i == context->num_cc_ops) { - const krb5_cc_ops **o = realloc(context->cc_ops, + const krb5_cc_ops **o = realloc(rk_UNCONST(context->cc_ops), (context->num_cc_ops + 1) * sizeof(context->cc_ops[0])); if(o == NULL) { @@ -397,7 +397,7 @@ krb5_cc_get_full_name(krb5_context context, */ -const krb5_cc_ops * +KRB5_LIB_FUNCTION const krb5_cc_ops * KRB5_LIB_CALL krb5_cc_get_ops(krb5_context context, krb5_ccache id) { return id->ops; @@ -461,7 +461,7 @@ environment_changed(krb5_context context) * @ingroup krb5_ccache */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_switch(krb5_context context, krb5_ccache id) { @@ -477,7 +477,7 @@ krb5_cc_switch(krb5_context context, krb5_ccache id) * @ingroup krb5_ccache */ -krb5_boolean KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_cc_support_switch(krb5_context context, const char *type) { const krb5_cc_ops *ops; @@ -512,6 +512,12 @@ krb5_cc_set_default_name(krb5_context context, const char *name) context->default_cc_name_env = strdup(e); } } + +#ifdef _WIN32 + if (e == NULL) { + e = p = _krb5_get_default_cc_name_from_registry(); + } +#endif if (e == NULL) { e = krb5_config_get_string(context, NULL, "libdefaults", "default_cc_name", NULL); @@ -967,7 +973,7 @@ krb5_cc_clear_mcred(krb5_creds *mcred) */ -const krb5_cc_ops * +KRB5_LIB_FUNCTION const krb5_cc_ops * KRB5_LIB_CALL krb5_cc_get_prefix_ops(krb5_context context, const char *prefix) { char *p, *p1; @@ -1183,7 +1189,7 @@ krb5_cc_cache_match (krb5_context context, * @ingroup krb5_ccache */ -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_move(krb5_context context, krb5_ccache from, krb5_ccache to) { krb5_error_code ret; @@ -1658,7 +1664,7 @@ krb5_cc_get_lifetime(krb5_context context, krb5_ccache id, time_t *t) * @ingroup krb5_ccache */ -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_set_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat offset) { if (id->ops->set_kdc_offset == NULL) { @@ -1683,7 +1689,7 @@ krb5_cc_set_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat offset) * @ingroup krb5_ccache */ -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_cc_get_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat *offset) { if (id->ops->get_kdc_offset == NULL) { @@ -1692,3 +1698,30 @@ krb5_cc_get_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat *offset } return (*id->ops->get_kdc_offset)(context, id, offset); } + + +#ifdef _WIN32 + +char * +_krb5_get_default_cc_name_from_registry() +{ + HKEY hk_k5 = 0; + LONG code; + char * ccname = NULL; + + code = RegOpenKeyEx(HKEY_CURRENT_USER, + "Software\\MIT\\Kerberos5", + 0, KEY_READ, &hk_k5); + + if (code != ERROR_SUCCESS) + return NULL; + + ccname = _krb5_parse_reg_value_as_string(NULL, hk_k5, "ccname", + REG_NONE, 0); + + RegCloseKey(hk_k5); + + return ccname; +} + +#endif diff --git a/source4/heimdal/lib/krb5/changepw.c b/source4/heimdal/lib/krb5/changepw.c index a962f06f5f..22a7c87ef3 100644 --- a/source4/heimdal/lib/krb5/changepw.c +++ b/source4/heimdal/lib/krb5/changepw.c @@ -72,7 +72,7 @@ chgpw_send_request (krb5_context context, krb5_creds *creds, krb5_principal targprinc, int is_stream, - int sock, + rk_socket_t sock, const char *passwd, const char *host) { @@ -141,8 +141,8 @@ chgpw_send_request (krb5_context context, iov[2].iov_base = krb_priv_data.data; iov[2].iov_len = krb_priv_data.length; - if (sendmsg (sock, &msghdr, 0) < 0) { - ret = errno; + if (rk_IS_SOCKET_ERROR( sendmsg (sock, &msghdr, 0) )) { + ret = rk_SOCK_ERRNO; krb5_set_error_message(context, ret, "sendmsg %s: %s", host, strerror(ret)); } @@ -164,7 +164,7 @@ setpw_send_request (krb5_context context, krb5_creds *creds, krb5_principal targprinc, int is_stream, - int sock, + rk_socket_t sock, const char *passwd, const char *host) { @@ -251,8 +251,8 @@ setpw_send_request (krb5_context context, iov[2].iov_base = krb_priv_data.data; iov[2].iov_len = krb_priv_data.length; - if (sendmsg (sock, &msghdr, 0) < 0) { - ret = errno; + if (rk_IS_SOCKET_ERROR( sendmsg (sock, &msghdr, 0) )) { + ret = rk_SOCK_ERRNO; krb5_set_error_message(context, ret, "sendmsg %s: %s", host, strerror(ret)); } @@ -268,7 +268,7 @@ static krb5_error_code process_reply (krb5_context context, krb5_auth_context auth_context, int is_stream, - int sock, + rk_socket_t sock, int *result_code, krb5_data *result_code_string, krb5_data *result_string, @@ -288,8 +288,8 @@ process_reply (krb5_context context, ret = recvfrom (sock, reply + len, sizeof(reply) - len, 0, NULL, NULL); - if (ret < 0) { - save_errno = errno; + if (rk_IS_SOCKET_ERROR(ret)) { + save_errno = rk_SOCK_ERRNO; krb5_set_error_message(context, save_errno, "recvfrom %s: %s", host, strerror(save_errno)); @@ -316,8 +316,8 @@ process_reply (krb5_context context, } } else { ret = recvfrom (sock, reply, sizeof(reply), 0, NULL, NULL); - if (ret < 0) { - save_errno = errno; + if (rk_IS_SOCKET_ERROR(ret)) { + save_errno = rk_SOCK_ERRNO; krb5_set_error_message(context, save_errno, "recvfrom %s: %s", host, strerror(save_errno)); @@ -464,13 +464,13 @@ typedef krb5_error_code (*kpwd_send_request) (krb5_context, krb5_creds *, krb5_principal, int, - int, + rk_socket_t, const char *, const char *); typedef krb5_error_code (*kpwd_process_reply) (krb5_context, krb5_auth_context, int, - int, + rk_socket_t, int *, krb5_data *, krb5_data *, @@ -517,7 +517,7 @@ change_password_loop (krb5_context context, krb5_auth_context auth_context = NULL; krb5_krbhst_handle handle = NULL; krb5_krbhst_info *hi; - int sock; + rk_socket_t sock; unsigned int i; int done = 0; krb5_realm realm; @@ -565,20 +565,20 @@ change_password_loop (krb5_context context, int replied = 0; sock = socket (a->ai_family, a->ai_socktype | SOCK_CLOEXEC, a->ai_protocol); - if (sock < 0) + if (rk_IS_BAD_SOCKET(sock)) continue; rk_cloexec(sock); ret = connect(sock, a->ai_addr, a->ai_addrlen); - if (ret < 0) { - close (sock); + if (rk_IS_SOCKET_ERROR(ret)) { + rk_closesocket (sock); goto out; } ret = krb5_auth_con_genaddrs (context, auth_context, sock, KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR); if (ret) { - close (sock); + rk_closesocket (sock); goto out; } @@ -598,7 +598,7 @@ change_password_loop (krb5_context context, newpw, hi->hostname); if (ret) { - close(sock); + rk_closesocket(sock); goto out; } } @@ -608,7 +608,7 @@ change_password_loop (krb5_context context, ret = ERANGE; krb5_set_error_message(context, ret, "fd %d too large", sock); - close (sock); + rk_closesocket (sock); goto out; } #endif @@ -619,8 +619,8 @@ change_password_loop (krb5_context context, tv.tv_sec = 1 + (1 << i); ret = select (sock + 1, &fdset, NULL, NULL, &tv); - if (ret < 0 && errno != EINTR) { - close(sock); + if (rk_IS_SOCKET_ERROR(ret) && rk_SOCK_ERRNO != EINTR) { + rk_closesocket(sock); goto out; } if (ret == 1) { @@ -640,7 +640,7 @@ change_password_loop (krb5_context context, ret = KRB5_KDC_UNREACH; } } - close (sock); + rk_closesocket (sock); } } diff --git a/source4/heimdal/lib/krb5/config_file.c b/source4/heimdal/lib/krb5/config_file.c index 5840b8d9bd..d08c5b5851 100644 --- a/source4/heimdal/lib/krb5/config_file.c +++ b/source4/heimdal/lib/krb5/config_file.c @@ -84,8 +84,8 @@ static krb5_error_code parse_list(struct fileptr *f, unsigned *lineno, krb5_config_binding **parent, const char **err_message); -static krb5_config_section * -get_entry(krb5_config_section **parent, const char *name, int type) +krb5_config_section * +_krb5_config_get_entry(krb5_config_section **parent, const char *name, int type) { krb5_config_section **q; @@ -135,7 +135,7 @@ parse_section(char *p, krb5_config_section **s, krb5_config_section **parent, return KRB5_CONFIG_BADFORMAT; } *p1 = '\0'; - tmp = get_entry(parent, p + 1, krb5_config_list); + tmp = _krb5_config_get_entry(parent, p + 1, krb5_config_list); if(tmp == NULL) { *err_message = "out of memory"; return KRB5_CONFIG_BADFORMAT; @@ -154,7 +154,7 @@ static krb5_error_code parse_list(struct fileptr *f, unsigned *lineno, krb5_config_binding **parent, const char **err_message) { - char buf[BUFSIZ]; + char buf[KRB5_BUFSIZ]; krb5_error_code ret; krb5_config_binding *b = NULL; unsigned beg_lineno = *lineno; @@ -216,14 +216,14 @@ parse_binding(struct fileptr *f, unsigned *lineno, char *p, ++p; *p2 = '\0'; if (*p == '{') { - tmp = get_entry(parent, p1, krb5_config_list); + tmp = _krb5_config_get_entry(parent, p1, krb5_config_list); if (tmp == NULL) { *err_message = "out of memory"; return KRB5_CONFIG_BADFORMAT; } ret = parse_list (f, lineno, &tmp->u.list, err_message); } else { - tmp = get_entry(parent, p1, krb5_config_string); + tmp = _krb5_config_get_entry(parent, p1, krb5_config_string); if (tmp == NULL) { *err_message = "out of memory"; return KRB5_CONFIG_BADFORMAT; @@ -282,10 +282,10 @@ convert_content(const void *key, const void *value, void *context) return; if (CFGetTypeID(value) == CFStringGetTypeID()) { - tmp = get_entry(parent, k, krb5_config_string); + tmp = _krb5_config_get_entry(parent, k, krb5_config_string); tmp->u.string = cfstring2cstring(value); } else if (CFGetTypeID(value) == CFDictionaryGetTypeID()) { - tmp = get_entry(parent, k, krb5_config_list); + tmp = _krb5_config_get_entry(parent, k, krb5_config_list); CFDictionaryApplyFunction(value, convert_content, &tmp->u.list); } else { /* log */ @@ -352,7 +352,7 @@ krb5_config_parse_debug (struct fileptr *f, { krb5_config_section *s = NULL; krb5_config_binding *b = NULL; - char buf[BUFSIZ]; + char buf[KRB5_BUFSIZ]; krb5_error_code ret; while (config_fgets(buf, sizeof(buf), f) != NULL) { @@ -864,6 +864,55 @@ krb5_config_get_string_default (krb5_context context, return ret; } +static char * +next_component_string(char * begin, char * delims, char **state) +{ + char * end; + + if (begin == NULL) + begin = *state; + + if (*begin == '\0') + return NULL; + + end = begin; + while (*end == '"') { + char * t; + while ((t = strchr(end + 1, '"')) != NULL && *(t - 1) == '\\') { + --t; + memmove(t, t + 1, strlen(t)); + end = t; + } + + if (t) + end = ++t; + else + end += strlen(end); + } + + if (*end != '\0') { + size_t pos; + + pos = strcspn(end, delims); + end = end + pos; + } + + if (*end != '\0') { + *end = '\0'; + *state = end + 1; + if (*begin == '"' && *(end - 1) == '"' && begin + 1 < end) { + begin++; *(end - 1) = '\0'; + } + return begin; + } + + *state = end; + if (*begin == '"' && *(end - 1) == '"' && begin + 1 < end) { + begin++; *(end - 1) = '\0'; + } + return begin; +} + /** * Get a list of configuration strings, free the result with * krb5_config_free_strings(). @@ -894,7 +943,7 @@ krb5_config_vget_strings(krb5_context context, char *s; if(tmp == NULL) goto cleanup; - s = strtok_r(tmp, " \t", &pos); + s = next_component_string(tmp, " \t", &pos); while(s){ char **tmp2 = realloc(strings, (nstr + 1) * sizeof(*strings)); if(tmp2 == NULL) @@ -904,7 +953,7 @@ krb5_config_vget_strings(krb5_context context, nstr++; if(strings[nstr-1] == NULL) goto cleanup; - s = strtok_r(NULL, " \t", &pos); + s = next_component_string(NULL, " \t", &pos); } free(tmp); } @@ -1259,7 +1308,7 @@ krb5_config_get_int (krb5_context context, */ KRB5_DEPRECATED -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_config_parse_string_multi(krb5_context context, const char *string, krb5_config_section **res) diff --git a/source4/heimdal/lib/krb5/constants.c b/source4/heimdal/lib/krb5/constants.c index 6223fb5d6b..bbb4832657 100644 --- a/source4/heimdal/lib/krb5/constants.c +++ b/source4/heimdal/lib/krb5/constants.c @@ -37,15 +37,18 @@ KRB5_LIB_VARIABLE const char *krb5_config_file = #ifdef __APPLE__ -"~/Library/Preferences/com.apple.Kerberos.plist:" -"/Library/Preferences/com.apple.Kerberos.plist:" -"~/Library/Preferences/edu.mit.Kerberos:" -"/Library/Preferences/edu.mit.Kerberos:" +"~/Library/Preferences/com.apple.Kerberos.plist" PATH_SEP +"/Library/Preferences/com.apple.Kerberos.plist" PATH_SEP +"~/Library/Preferences/edu.mit.Kerberos" PATH_SEP +"/Library/Preferences/edu.mit.Kerberos" PATH_SEP #endif /* __APPLE__ */ -"~/.krb5/config:" +"~/.krb5/config" PATH_SEP SYSCONFDIR "/krb5.conf" -#ifndef _WIN32 -":/etc/krb5.conf" +#ifdef _WIN32 +PATH_SEP "%{COMMON_APPDATA}/Kerberos/krb5.conf" +PATH_SEP "%{WINDOWS}/krb5.ini" +#else +PATH_SEP "/etc/krb5.conf" #endif ; diff --git a/source4/heimdal/lib/krb5/context.c b/source4/heimdal/lib/krb5/context.c index 100eb1237d..d4e48d26c7 100644 --- a/source4/heimdal/lib/krb5/context.c +++ b/source4/heimdal/lib/krb5/context.c @@ -269,7 +269,7 @@ cc_ops_copy(krb5_context context, const krb5_context src_context) return KRB5_CC_NOMEM; } - memcpy(cc_ops, src_context->cc_ops, + memcpy(rk_UNCONST(cc_ops), src_context->cc_ops, sizeof(cc_ops[0]) * src_context->num_cc_ops); context->cc_ops = cc_ops; context->num_cc_ops = src_context->num_cc_ops; @@ -559,7 +559,7 @@ krb5_free_context(krb5_context context) krb5_free_host_realm (context, context->default_realms); krb5_config_file_free (context, context->cf); free_error_table (context->et_list); - free(context->cc_ops); + free(rk_UNCONST(context->cc_ops)); free(context->kt_types); krb5_clear_error_message(context); if(context->warn_dest != NULL) @@ -616,6 +616,11 @@ krb5_set_config_files(krb5_context context, char **filenames) if(tmp == NULL) return ENXIO; #endif + +#ifdef _WIN32 + _krb5_load_config_from_registry(context, &tmp); +#endif + krb5_config_file_free(context, context->cf); context->cf = tmp; ret = init_context_from_config_file(context); @@ -668,7 +673,7 @@ krb5_prepend_config_files(const char *filelist, char **pq, char ***ret_pp) while(1) { ssize_t l; q = p; - l = strsep_copy(&q, ":", NULL, 0); + l = strsep_copy(&q, PATH_SEP, NULL, 0); if(l == -1) break; fn = malloc(l + 1); @@ -676,7 +681,7 @@ krb5_prepend_config_files(const char *filelist, char **pq, char ***ret_pp) krb5_free_config_files(pp); return ENOMEM; } - (void)strsep_copy(&p, ":", fn, l + 1); + (void)strsep_copy(&p, PATH_SEP, fn, l + 1); ret = add_file(&pp, &len, fn); if (ret) { krb5_free_config_files(pp); @@ -736,6 +741,45 @@ krb5_prepend_config_files_default(const char *filelist, char ***pfilenames) return 0; } +#ifdef _WIN32 + +/** + * Checks the registry for configuration file location + * + * Kerberos for Windows and other legacy Kerberos applications expect + * to find the configuration file location in the + * SOFTWARE\MIT\Kerberos registry key under the value "config". + */ +char * +_krb5_get_default_config_config_files_from_registry() +{ + static const char * KeyName = "Software\\MIT\\Kerberos"; + char *config_file = NULL; + LONG rcode; + HKEY key; + + rcode = RegOpenKeyEx(HKEY_CURRENT_USER, KeyName, 0, KEY_READ, &key); + if (rcode == ERROR_SUCCESS) { + config_file = _krb5_parse_reg_value_as_multi_string(NULL, key, "config", + REG_NONE, 0, PATH_SEP); + RegCloseKey(key); + } + + if (config_file) + return config_file; + + rcode = RegOpenKeyEx(HKEY_LOCAL_MACHINE, KeyName, 0, KEY_READ, &key); + if (rcode == ERROR_SUCCESS) { + config_file = _krb5_parse_reg_value_as_multi_string(NULL, key, "config", + REG_NONE, 0, PATH_SEP); + RegCloseKey(key); + } + + return config_file; +} + +#endif + /** * Get the global configuration list. * @@ -756,6 +800,22 @@ krb5_get_default_config_files(char ***pfilenames) return EINVAL; if(!issuid()) files = getenv("KRB5_CONFIG"); + +#ifdef _WIN32 + if (files == NULL) { + char * reg_files; + reg_files = _krb5_get_default_config_config_files_from_registry(); + if (reg_files != NULL) { + krb5_error_code code; + + code = krb5_prepend_config_files(reg_files, NULL, pfilenames); + free(reg_files); + + return code; + } + } +#endif + if (files == NULL) files = krb5_config_file; @@ -1425,7 +1485,7 @@ _krb5_homedir_access(krb5_context context) * @ingroup krb5 */ -krb5_boolean +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_set_home_dir_access(krb5_context context, krb5_boolean allow) { krb5_boolean old; diff --git a/source4/heimdal/lib/krb5/convert_creds.c b/source4/heimdal/lib/krb5/convert_creds.c index aff843e785..e700425ffe 100644 --- a/source4/heimdal/lib/krb5/convert_creds.c +++ b/source4/heimdal/lib/krb5/convert_creds.c @@ -31,17 +31,13 @@ * SUCH DAMAGE. */ +#define KRB5_DEPRECATED + #include "krb5_locl.h" #include "krb5-v4compat.h" #ifndef HEIMDAL_SMALLER -static krb5_error_code -check_ticket_flags(TicketFlags f) -{ - return 0; /* maybe add some more tests here? */ -} - /** * Convert the v5 credentials in in_cred to v4-dito in v4creds. This * is done by sending them to the 524 function in the KDC. If @@ -58,91 +54,16 @@ check_ticket_flags(TicketFlags f) * @ingroup krb5_v4compat */ +KRB5_DEPRECATED KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb524_convert_creds_kdc(krb5_context context, krb5_creds *in_cred, struct credentials *v4creds) { - krb5_error_code ret; - krb5_data reply; - krb5_storage *sp; - int32_t tmp; - krb5_data ticket; - char realm[REALM_SZ]; - krb5_creds *v5_creds = in_cred; - - ret = check_ticket_flags(v5_creds->flags.b); - if(ret) - goto out2; - - { - krb5_krbhst_handle handle; - - ret = krb5_krbhst_init(context, - krb5_principal_get_realm(context, - v5_creds->server), - KRB5_KRBHST_KRB524, - &handle); - if (ret) - goto out2; - - ret = krb5_sendto (context, - &v5_creds->ticket, - handle, - &reply); - krb5_krbhst_free(context, handle); - if (ret) - goto out2; - } - sp = krb5_storage_from_mem(reply.data, reply.length); - if(sp == NULL) { - ret = ENOMEM; - krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", "")); - goto out2; - } - krb5_ret_int32(sp, &tmp); - ret = tmp; - if(ret == 0) { - memset(v4creds, 0, sizeof(*v4creds)); - ret = krb5_ret_int32(sp, &tmp); - if(ret) - goto out; - v4creds->kvno = tmp; - ret = krb5_ret_data(sp, &ticket); - if(ret) - goto out; - v4creds->ticket_st.length = ticket.length; - memcpy(v4creds->ticket_st.dat, ticket.data, ticket.length); - krb5_data_free(&ticket); - ret = krb5_524_conv_principal(context, - v5_creds->server, - v4creds->service, - v4creds->instance, - v4creds->realm); - if(ret) - goto out; - v4creds->issue_date = v5_creds->times.starttime; - v4creds->lifetime = _krb5_krb_time_to_life(v4creds->issue_date, - v5_creds->times.endtime); - ret = krb5_524_conv_principal(context, v5_creds->client, - v4creds->pname, - v4creds->pinst, - realm); - if(ret) - goto out; - memcpy(v4creds->session, v5_creds->session.keyvalue.data, 8); - } else { - krb5_prepend_error_message(context, ret, - N_("converting credentials", - "already localized")); - } -out: - krb5_storage_free(sp); - krb5_data_free(&reply); -out2: - if (v5_creds != in_cred) - krb5_free_creds (context, v5_creds); - return ret; + memset(v4creds, 0, sizeof(*v4creds)); + krb5_set_error_message(context, EINVAL, + N_("krb524_convert_creds_kdc not supported", "")); + return EINVAL; } /** @@ -160,48 +81,17 @@ out2: * @ingroup krb5_v4compat */ +KRB5_DEPRECATED KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb524_convert_creds_kdc_ccache(krb5_context context, krb5_ccache ccache, krb5_creds *in_cred, struct credentials *v4creds) { - krb5_error_code ret; - krb5_creds *v5_creds = in_cred; - krb5_keytype keytype; - - keytype = v5_creds->session.keytype; - - if (keytype != ENCTYPE_DES_CBC_CRC) { - /* MIT krb524d doesn't like nothing but des-cbc-crc tickets, - so go get one */ - krb5_creds template; - - memset (&template, 0, sizeof(template)); - template.session.keytype = ENCTYPE_DES_CBC_CRC; - ret = krb5_copy_principal (context, in_cred->client, &template.client); - if (ret) { - krb5_free_cred_contents (context, &template); - return ret; - } - ret = krb5_copy_principal (context, in_cred->server, &template.server); - if (ret) { - krb5_free_cred_contents (context, &template); - return ret; - } - - ret = krb5_get_credentials (context, 0, ccache, - &template, &v5_creds); - krb5_free_cred_contents (context, &template); - if (ret) - return ret; - } - - ret = krb524_convert_creds_kdc(context, v5_creds, v4creds); - - if (v5_creds != in_cred) - krb5_free_creds (context, v5_creds); - return ret; + memset(v4creds, 0, sizeof(*v4creds)); + krb5_set_error_message(context, EINVAL, + N_("krb524_convert_creds_kdc_ccache not supported", "")); + return EINVAL; } #endif diff --git a/source4/heimdal/lib/krb5/creds.c b/source4/heimdal/lib/krb5/creds.c index fd277148d5..69aacdc032 100644 --- a/source4/heimdal/lib/krb5/creds.c +++ b/source4/heimdal/lib/krb5/creds.c @@ -278,7 +278,7 @@ krb5_compare_creds(krb5_context context, krb5_flags whichfields, * @ingroup krb5 */ -unsigned long +KRB5_LIB_FUNCTION unsigned long KRB5_LIB_CALL krb5_creds_get_ticket_flags(krb5_creds *creds) { return TicketFlags2int(creds->flags.b); diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c index f0b0692bc0..aa417e15eb 100644 --- a/source4/heimdal/lib/krb5/crypto.c +++ b/source4/heimdal/lib/krb5/crypto.c @@ -476,7 +476,7 @@ verify_checksum(krb5_context context, krb5_set_error_message(context, ret, N_("Decrypt integrity check failed for checksum " "type %s, key type %s", ""), - ct->name, crypto->et->name); + ct->name, (crypto != NULL)? crypto->et->name : "(none)"); return ret; } @@ -2315,7 +2315,7 @@ wrapped_length_dervied (krb5_context context, * Return the size of an encrypted packet of length `data_len' */ -size_t +KRB5_LIB_FUNCTION size_t KRB5_LIB_CALL krb5_get_wrapped_length (krb5_context context, krb5_crypto crypto, size_t data_len) @@ -2361,7 +2361,7 @@ crypto_overhead_dervied (krb5_context context, return res; } -size_t +KRB5_LIB_FUNCTION size_t KRB5_LIB_CALL krb5_crypto_overhead (krb5_context context, krb5_crypto crypto) { if (derived_crypto (context, crypto)) diff --git a/source4/heimdal/lib/krb5/error_string.c b/source4/heimdal/lib/krb5/error_string.c index 237d346f4d..dc2d4586a0 100644 --- a/source4/heimdal/lib/krb5/error_string.c +++ b/source4/heimdal/lib/krb5/error_string.c @@ -122,7 +122,7 @@ krb5_vset_error_message (krb5_context context, krb5_error_code ret, * @ingroup krb5_error */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_prepend_error_message(krb5_context context, krb5_error_code ret, const char *fmt, ...) __attribute__ ((format (printf, 3, 4))) @@ -145,7 +145,7 @@ krb5_prepend_error_message(krb5_context context, krb5_error_code ret, * @ingroup krb5_error */ -void KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_vprepend_error_message(krb5_context context, krb5_error_code ret, const char *fmt, va_list args) __attribute__ ((format (printf, 3, 0))) diff --git a/source4/heimdal/lib/krb5/get_cred.c b/source4/heimdal/lib/krb5/get_cred.c index 901182192d..e06d4a12be 100644 --- a/source4/heimdal/lib/krb5/get_cred.c +++ b/source4/heimdal/lib/krb5/get_cred.c @@ -768,7 +768,8 @@ get_cred_kdc_capath_worker(krb5_context context, ret = find_cred(context, ccache, tmp_creds.server, *ret_tgts, &tgts); if(ret == 0){ - if (strcmp(try_realm, client_realm) != 0) + /* only allow implicit ok_as_delegate if the realm is the clients realm */ + if (strcmp(try_realm, client_realm) != 0 || strcmp(try_realm, server_realm) != 0) ok_as_delegate = tgts.flags.b.ok_as_delegate; *out_creds = calloc(1, sizeof(**out_creds)); diff --git a/source4/heimdal/lib/krb5/kcm.c b/source4/heimdal/lib/krb5/kcm.c index 80a72ecbf7..1fe15d8064 100644 --- a/source4/heimdal/lib/krb5/kcm.c +++ b/source4/heimdal/lib/krb5/kcm.c @@ -97,7 +97,7 @@ kcm_send_request(krb5_context context, return ret; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kcm_storage_request(krb5_context context, uint16_t opcode, krb5_storage **storage_p) @@ -164,7 +164,7 @@ kcm_alloc(krb5_context context, const char *name, krb5_ccache *id) return 0; } -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kcm_call(krb5_context context, krb5_storage *request, krb5_storage **response_p, diff --git a/source4/heimdal/lib/krb5/keyblock.c b/source4/heimdal/lib/krb5/keyblock.c index 2d57e301d5..f34a5c4f90 100644 --- a/source4/heimdal/lib/krb5/keyblock.c +++ b/source4/heimdal/lib/krb5/keyblock.c @@ -155,7 +155,7 @@ krb5_copy_keyblock (krb5_context context, * @ingroup krb5_crypto */ -krb5_enctype +KRB5_LIB_FUNCTION krb5_enctype KRB5_LIB_CALL krb5_keyblock_get_enctype(const krb5_keyblock *block) { return block->keytype; diff --git a/source4/heimdal/lib/krb5/krb5.h b/source4/heimdal/lib/krb5/krb5.h index 8f4210e19b..dd579f973b 100644 --- a/source4/heimdal/lib/krb5/krb5.h +++ b/source4/heimdal/lib/krb5/krb5.h @@ -80,7 +80,7 @@ typedef int krb5_boolean; typedef int32_t krb5_error_code; -typedef int krb5_kvno; +typedef int32_t krb5_kvno; typedef uint32_t krb5_flags; @@ -847,6 +847,8 @@ typedef krb5_error_code * */ +struct hx509_certs_data; + #include <krb5-protos.h> /* variables */ diff --git a/source4/heimdal/lib/krb5/krb5_locl.h b/source4/heimdal/lib/krb5/krb5_locl.h index d8d038e7bb..bdd725e9ea 100644 --- a/source4/heimdal/lib/krb5/krb5_locl.h +++ b/source4/heimdal/lib/krb5/krb5_locl.h @@ -188,6 +188,10 @@ struct _krb5_krb_auth_data; #define ALLOC(X, N) (X) = calloc((N), sizeof(*(X))) #define ALLOC_SEQ(X, N) do { (X)->len = (N); ALLOC((X)->val, (N)); } while(0) +#ifndef PATH_SEP +#define PATH_SEP ":" +#endif + /* should this be public? */ #define KEYTAB_DEFAULT "FILE:" SYSCONFDIR "/krb5.keytab" #define KEYTAB_DEFAULT_MODIFY "FILE:" SYSCONFDIR "/krb5.keytab" @@ -208,7 +212,7 @@ struct _krb5_krb_auth_data; #endif -#define KRB5_BUFSIZ 1024 +#define KRB5_BUFSIZ 2048 typedef enum { KRB5_INIT_CREDS_TRISTATE_UNSET = 0, diff --git a/source4/heimdal/lib/krb5/misc.c b/source4/heimdal/lib/krb5/misc.c index 733d20f174..f90624cfca 100644 --- a/source4/heimdal/lib/krb5/misc.c +++ b/source4/heimdal/lib/krb5/misc.c @@ -84,7 +84,7 @@ out: } krb5_error_code -_krb5_enomem(krb5_context context) +krb5_enomem(krb5_context context) { krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; diff --git a/source4/heimdal/lib/krb5/pac.c b/source4/heimdal/lib/krb5/pac.c index d50052c8bc..db2428f95b 100644 --- a/source4/heimdal/lib/krb5/pac.c +++ b/source4/heimdal/lib/krb5/pac.c @@ -116,7 +116,7 @@ HMAC_MD5_any_checksum(krb5_context context, * */ -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_pac_parse(krb5_context context, const void *ptr, size_t len, krb5_pac *pac) { @@ -127,13 +127,13 @@ krb5_pac_parse(krb5_context context, const void *ptr, size_t len, p = calloc(1, sizeof(*p)); if (p == NULL) { - ret = _krb5_enomem(context); + ret = krb5_enomem(context); goto out; } sp = krb5_storage_from_readonly_mem(ptr, len); if (sp == NULL) { - ret = _krb5_enomem(context); + ret = krb5_enomem(context); goto out; } krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE); @@ -156,7 +156,7 @@ krb5_pac_parse(krb5_context context, const void *ptr, size_t len, p->pac = calloc(1, sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * (tmp - 1))); if (p->pac == NULL) { - ret = _krb5_enomem(context); + ret = krb5_enomem(context); goto out; } @@ -258,7 +258,7 @@ out: return ret; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_pac_init(krb5_context context, krb5_pac *pac) { krb5_error_code ret; @@ -266,27 +266,27 @@ krb5_pac_init(krb5_context context, krb5_pac *pac) p = calloc(1, sizeof(*p)); if (p == NULL) { - return _krb5_enomem(context); + return krb5_enomem(context); } p->pac = calloc(1, sizeof(*p->pac)); if (p->pac == NULL) { free(p); - return _krb5_enomem(context); + return krb5_enomem(context); } ret = krb5_data_alloc(&p->data, PACTYPE_SIZE); if (ret) { free (p->pac); free(p); - return _krb5_enomem(context); + return krb5_enomem(context); } *pac = p; return 0; } -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_pac_add_buffer(krb5_context context, krb5_pac p, uint32_t type, const krb5_data *data) { @@ -300,7 +300,7 @@ krb5_pac_add_buffer(krb5_context context, krb5_pac p, ptr = realloc(p->pac, sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * len)); if (ptr == NULL) - return _krb5_enomem(context); + return krb5_enomem(context); p->pac = ptr; @@ -367,7 +367,7 @@ krb5_pac_add_buffer(krb5_context context, krb5_pac p, * @ingroup krb5_pac */ -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_pac_get_buffer(krb5_context context, krb5_pac p, uint32_t type, krb5_data *data) { @@ -397,7 +397,7 @@ krb5_pac_get_buffer(krb5_context context, krb5_pac p, * */ -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_pac_get_types(krb5_context context, krb5_pac p, size_t *len, @@ -408,7 +408,7 @@ krb5_pac_get_types(krb5_context context, *types = calloc(p->pac->numbuffers, sizeof(*types)); if (*types == NULL) { *len = 0; - return _krb5_enomem(context); + return krb5_enomem(context); } for (i = 0; i < p->pac->numbuffers; i++) (*types)[i] = p->pac->buffers[i].type; @@ -421,7 +421,7 @@ krb5_pac_get_types(krb5_context context, * */ -void +KRB5_LIB_FUNCTION void KRB5_LIB_CALL krb5_pac_free(krb5_context context, krb5_pac pac) { krb5_data_free(&pac->data); @@ -450,7 +450,7 @@ verify_checksum(krb5_context context, sp = krb5_storage_from_mem((char *)data->data + sig->offset_lo, sig->buffersize); if (sp == NULL) - return _krb5_enomem(context); + return krb5_enomem(context); krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE); @@ -460,7 +460,7 @@ verify_checksum(krb5_context context, sig->buffersize - krb5_storage_seek(sp, 0, SEEK_CUR); cksum.checksum.data = malloc(cksum.checksum.length); if (cksum.checksum.data == NULL) { - ret = _krb5_enomem(context); + ret = krb5_enomem(context); goto out; } ret = krb5_storage_read(sp, cksum.checksum.data, cksum.checksum.length); @@ -604,7 +604,7 @@ verify_logonname(krb5_context context, sp = krb5_storage_from_readonly_mem((const char *)data->data + logon_name->offset_lo, logon_name->buffersize); if (sp == NULL) - return _krb5_enomem(context); + return krb5_enomem(context); krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE); @@ -631,7 +631,7 @@ verify_logonname(krb5_context context, s = malloc(len); if (s == NULL) { krb5_storage_free(sp); - return _krb5_enomem(context); + return krb5_enomem(context); } ret = krb5_storage_read(sp, s, len); if (ret != len) { @@ -648,7 +648,7 @@ verify_logonname(krb5_context context, ucs2 = malloc(sizeof(ucs2[0]) * ucs2len); if (ucs2 == NULL) - return _krb5_enomem(context); + return krb5_enomem(context); ret = wind_ucs2read(s, len, &flags, ucs2, &ucs2len); free(s); @@ -667,7 +667,7 @@ verify_logonname(krb5_context context, s = malloc(u8len); if (s == NULL) { free(ucs2); - return _krb5_enomem(context); + return krb5_enomem(context); } ret = wind_ucs2utf8(ucs2, ucs2len, s, &u8len); free(ucs2); @@ -714,7 +714,7 @@ build_logon_name(krb5_context context, sp = krb5_storage_emem(); if (sp == NULL) - return _krb5_enomem(context); + return krb5_enomem(context); krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE); @@ -733,7 +733,7 @@ build_logon_name(krb5_context context, #if 1 /* cheat for now */ s2 = malloc(len * 2); if (s2 == NULL) { - ret = _krb5_enomem(context); + ret = krb5_enomem(context); free(s); goto out; } @@ -749,7 +749,7 @@ build_logon_name(krb5_context context, ret = krb5_storage_write(sp, s2, len * 2); free(s2); if (ret != len * 2) { - ret = _krb5_enomem(context); + ret = krb5_enomem(context); goto out; } ret = krb5_storage_to_data(sp, logon); @@ -780,7 +780,7 @@ out: * @ingroup krb5_pac */ -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_pac_verify(krb5_context context, const krb5_pac pac, time_t authtime, @@ -877,7 +877,7 @@ fill_zeros(krb5_context context, krb5_storage *sp, size_t len) l = sizeof(zeros); sret = krb5_storage_write(sp, zeros, l); if (sret <= 0) - return _krb5_enomem(context); + return krb5_enomem(context); len -= sret; } @@ -949,7 +949,7 @@ _krb5_pac_sign(krb5_context context, ptr = realloc(p->pac, sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * (p->pac->numbuffers + num - 1))); if (ptr == NULL) - return _krb5_enomem(context); + return krb5_enomem(context); p->pac = ptr; @@ -986,14 +986,14 @@ _krb5_pac_sign(krb5_context context, /* Encode PAC */ sp = krb5_storage_emem(); if (sp == NULL) - return _krb5_enomem(context); + return krb5_enomem(context); krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE); spdata = krb5_storage_emem(); if (spdata == NULL) { krb5_storage_free(sp); - return _krb5_enomem(context); + return krb5_enomem(context); } krb5_storage_set_flags(spdata, KRB5_STORAGE_BYTEORDER_LE); @@ -1031,7 +1031,7 @@ _krb5_pac_sign(krb5_context context, sret = krb5_storage_write(spdata, ptr, len); if (sret != len) { - ret = _krb5_enomem(context); + ret = krb5_enomem(context); goto out; } /* XXX if not aligned, fill_zeros */ @@ -1068,14 +1068,14 @@ _krb5_pac_sign(krb5_context context, ret = krb5_storage_write(sp, d.data, d.length); if (ret != d.length) { krb5_data_free(&d); - ret = _krb5_enomem(context); + ret = krb5_enomem(context); goto out; } krb5_data_free(&d); ret = krb5_storage_to_data(sp, &d); if (ret) { - ret = _krb5_enomem(context); + ret = krb5_enomem(context); goto out; } diff --git a/source4/heimdal/lib/krb5/padata.c b/source4/heimdal/lib/krb5/padata.c index 283a857df5..98420a7332 100644 --- a/source4/heimdal/lib/krb5/padata.c +++ b/source4/heimdal/lib/krb5/padata.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -PA_DATA * +KRB5_LIB_FUNCTION PA_DATA * KRB5_LIB_CALL krb5_find_padata(PA_DATA *val, unsigned len, int type, int *idx) { for(; *idx < len; (*idx)++) diff --git a/source4/heimdal/lib/krb5/pcache.c b/source4/heimdal/lib/krb5/pcache.c index e7f7a61ec4..23d5389a60 100644 --- a/source4/heimdal/lib/krb5/pcache.c +++ b/source4/heimdal/lib/krb5/pcache.c @@ -54,7 +54,7 @@ _krb5_load_ccache_plugins(krb5_context context) ccops = _krb5_plugin_get_symbol(p); if (ccops != NULL && ccops->version == KRB5_CC_OPS_VERSION) { - c_load = krb5_cc_register(context, ccops, FALSE); + c_load = krb5_cc_register(context, ccops, TRUE); if (c_load != 0) code = c_load; } diff --git a/source4/heimdal/lib/krb5/pkinit.c b/source4/heimdal/lib/krb5/pkinit.c index 92c1200f06..1bf922baf6 100644 --- a/source4/heimdal/lib/krb5/pkinit.c +++ b/source4/heimdal/lib/krb5/pkinit.c @@ -2455,9 +2455,9 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context, } krb5_error_code KRB5_LIB_FUNCTION -_krb5_get_init_creds_opt_set_pkinit_user_certs(krb5_context context, - krb5_get_init_creds_opt *opt, - struct hx509_certs_data *certs) +krb5_get_init_creds_opt_set_pkinit_user_certs(krb5_context context, + krb5_get_init_creds_opt *opt, + struct hx509_certs_data *certs) { #ifdef PKINIT if (opt->opt_private == NULL) { @@ -2529,11 +2529,11 @@ find_ms_san(hx509_context context, hx509_cert cert, void *ctx) */ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL -_krb5_pk_enterprise_cert(krb5_context context, - const char *user_id, - krb5_const_realm realm, - krb5_principal *principal, - struct hx509_certs_data **res) +krb5_pk_enterprise_cert(krb5_context context, + const char *user_id, + krb5_const_realm realm, + krb5_principal *principal, + struct hx509_certs_data **res) { #ifdef PKINIT krb5_error_code ret; diff --git a/source4/heimdal/lib/krb5/plugin.c b/source4/heimdal/lib/krb5/plugin.c index 89be46c1ae..8aff72ec85 100644 --- a/source4/heimdal/lib/krb5/plugin.c +++ b/source4/heimdal/lib/krb5/plugin.c @@ -135,7 +135,7 @@ loadlib(krb5_context context, char *path) * @ingroup krb5_support */ -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_plugin_register(krb5_context context, enum krb5_plugin_type type, const char *name, @@ -179,6 +179,43 @@ krb5_plugin_register(krb5_context context, return 0; } +static int +is_valid_plugin_filename(const char * n) +{ + if (n[0] == '.' && (n[1] == '\0' || (n[1] == '.' && n[2] == '\0'))) + return 0; + +#ifdef _WIN32 + /* On Windows, we only attempt to load .dll files as plug-ins. */ + { + const char * ext; + + ext = strrchr(n, '.'); + if (ext == NULL) + return 0; + + return !stricmp(ext, ".dll"); + } +#endif + + return 1; +} + +static void +trim_trailing_slash(char * path) +{ + size_t l; + + l = strlen(path); + while (l > 0 && (path[l - 1] == '/' +#ifdef BACKSLASH_PATH_DELIM + || path[l - 1] == '\\' +#endif + )) { + path[--l] = '\0'; + } +} + static krb5_error_code load_plugins(krb5_context context) { @@ -201,28 +238,27 @@ load_plugins(krb5_context context) dirs = rk_UNCONST(sysplugin_dirs); for (di = dirs; *di != NULL; di++) { + char * dir = *di; + #ifdef KRB5_USE_PATH_TOKENS - { - char * dir = NULL; + if (_krb5_expand_path_tokens(context, *di, &dir)) + goto next_dir; +#endif - if (_krb5_expand_path_tokens(context, *di, &dir)) - continue; - d = opendir(dir); + trim_trailing_slash(dir); + + d = opendir(dir); - free(dir); - } -#else - d = opendir(*di); -#endif if (d == NULL) - continue; + goto next_dir; + rk_cloexec_dir(d); while ((entry = readdir(d)) != NULL) { char *n = entry->d_name; /* skip . and .. */ - if (n[0] == '.' && (n[1] == '\0' || (n[1] == '.' && n[2] == '\0'))) + if (!is_valid_plugin_filename(n)) continue; path = NULL; @@ -231,11 +267,11 @@ load_plugins(krb5_context context) { /* support loading bundles on MacOS */ size_t len = strlen(n); if (len > 7 && strcmp(&n[len - 7], ".bundle") == 0) - ret = asprintf(&path, "%s/%s/Contents/MacOS/%.*s", *di, n, (int)(len - 7), n); + ret = asprintf(&path, "%s/%s/Contents/MacOS/%.*s", dir, n, (int)(len - 7), n); } #endif if (ret < 0 || path == NULL) - ret = asprintf(&path, "%s/%s", *di, n); + ret = asprintf(&path, "%s/%s", dir, n); if (ret < 0 || path == NULL) { ret = ENOMEM; @@ -254,6 +290,10 @@ load_plugins(krb5_context context) } } closedir(d); + + next_dir: + if (dir != *di) + free(dir); } if (dirs != rk_UNCONST(sysplugin_dirs)) krb5_config_free_strings(dirs); diff --git a/source4/heimdal/lib/krb5/principal.c b/source4/heimdal/lib/krb5/principal.c index 8e6341fd62..42169fc2f9 100644 --- a/source4/heimdal/lib/krb5/principal.c +++ b/source4/heimdal/lib/krb5/principal.c @@ -721,7 +721,7 @@ krb5_build_principal(krb5_context context, * @ingroup krb5_principal */ -krb5_error_code KRB5_LIB_FUNCTION +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_make_principal(krb5_context context, krb5_principal *principal, krb5_const_realm realm, @@ -1013,437 +1013,6 @@ krb5_principal_match(krb5_context context, return TRUE; } -#if defined(KRB4) || !defined(HEIMDAL_SMALLER) - -static struct v4_name_convert { - const char *from; - const char *to; -} default_v4_name_convert[] = { - { "ftp", "ftp" }, - { "hprop", "hprop" }, - { "pop", "pop" }, - { "imap", "imap" }, - { "rcmd", "host" }, - { "smtp", "smtp" }, - { NULL, NULL } -}; - -#endif - -#ifdef KRB4 - -/* - * return the converted instance name of `name' in `realm'. - * look in the configuration file and then in the default set above. - * return NULL if no conversion is appropriate. - */ - -static const char* -get_name_conversion(krb5_context context, const char *realm, const char *name) -{ - struct v4_name_convert *q; - const char *p; - - p = krb5_config_get_string(context, NULL, "realms", realm, - "v4_name_convert", "host", name, NULL); - if(p == NULL) - p = krb5_config_get_string(context, NULL, "libdefaults", - "v4_name_convert", "host", name, NULL); - if(p) - return p; - - /* XXX should be possible to override default list */ - p = krb5_config_get_string(context, NULL, - "realms", - realm, - "v4_name_convert", - "plain", - name, - NULL); - if(p) - return NULL; - p = krb5_config_get_string(context, NULL, - "libdefaults", - "v4_name_convert", - "plain", - name, - NULL); - if(p) - return NULL; - for(q = default_v4_name_convert; q->from; q++) - if(strcmp(q->from, name) == 0) - return q->to; - return NULL; -} - -/* - * convert the v4 principal `name.instance@realm' to a v5 principal in `princ'. - * if `resolve', use DNS. - * if `func', use that function for validating the conversion - */ - -KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL -krb5_425_conv_principal_ext2(krb5_context context, - const char *name, - const char *instance, - const char *realm, - krb5_boolean (*func)(krb5_context, - void *, krb5_principal), - void *funcctx, - krb5_boolean resolve, - krb5_principal *princ) -{ - const char *p; - krb5_error_code ret; - krb5_principal pr; - char host[MAXHOSTNAMELEN]; - char local_hostname[MAXHOSTNAMELEN]; - - /* do the following: if the name is found in the - `v4_name_convert:host' part, is assumed to be a `host' type - principal, and the instance is looked up in the - `v4_instance_convert' part. if not found there the name is - (optionally) looked up as a hostname, and if that doesn't yield - anything, the `default_domain' is appended to the instance - */ - - if(instance == NULL) - goto no_host; - if(instance[0] == 0){ - instance = NULL; - goto no_host; - } - p = get_name_conversion(context, realm, name); - if(p == NULL) - goto no_host; - name = p; - p = krb5_config_get_string(context, NULL, "realms", realm, - "v4_instance_convert", instance, NULL); - if(p){ - instance = p; - ret = krb5_make_principal(context, &pr, realm, name, instance, NULL); - if (ret) - return ret; - if(func == NULL || (*func)(context, funcctx, pr)){ - *princ = pr; - return 0; - } - krb5_free_principal(context, pr); - *princ = NULL; - krb5_clear_error_message (context); - return HEIM_ERR_V4_PRINC_NO_CONV; - } - if(resolve){ - krb5_boolean passed = FALSE; - char *inst = NULL; -#ifdef USE_RESOLVER - struct rk_dns_reply *r; - - r = rk_dns_lookup(instance, "aaaa"); - if (r) { - if (r->head && r->head->type == rk_ns_t_aaaa) { - inst = strdup(r->head->domain); - passed = TRUE; - } - rk_dns_free_data(r); - } else { - r = rk_dns_lookup(instance, "a"); - if (r) { - if(r->head && r->head->type == rk_ns_t_a) { - inst = strdup(r->head->domain); - passed = TRUE; - } - rk_dns_free_data(r); - } - } -#else - struct addrinfo hints, *ai; - - memset (&hints, 0, sizeof(hints)); - hints.ai_flags = AI_CANONNAME; - ret = getaddrinfo(instance, NULL, &hints, &ai); - if (ret == 0) { - const struct addrinfo *a; - for (a = ai; a != NULL; a = a->ai_next) { - if (a->ai_canonname != NULL) { - inst = strdup (a->ai_canonname); - passed = TRUE; - break; - } - } - freeaddrinfo (ai); - } -#endif - if (passed) { - if (inst == NULL) { - krb5_set_error_message(context, ENOMEM, - N_("malloc: out of memory", "")); - return ENOMEM; - } - strlwr(inst); - ret = krb5_make_principal(context, &pr, realm, name, inst, - NULL); - free (inst); - if(ret == 0) { - if(func == NULL || (*func)(context, funcctx, pr)){ - *princ = pr; - return 0; - } - krb5_free_principal(context, pr); - } - } - } - if(func != NULL) { - snprintf(host, sizeof(host), "%s.%s", instance, realm); - strlwr(host); - ret = krb5_make_principal(context, &pr, realm, name, host, NULL); - if (ret) - return ret; - if((*func)(context, funcctx, pr)){ - *princ = pr; - return 0; - } - krb5_free_principal(context, pr); - } - - /* - * if the instance is the first component of the local hostname, - * the converted host should be the long hostname. - */ - - if (func == NULL && - gethostname (local_hostname, sizeof(local_hostname)) == 0 && - strncmp(instance, local_hostname, strlen(instance)) == 0 && - local_hostname[strlen(instance)] == '.') { - strlcpy(host, local_hostname, sizeof(host)); - goto local_host; - } - - { - char **domains, **d; - domains = krb5_config_get_strings(context, NULL, "realms", realm, - "v4_domains", NULL); - for(d = domains; d && *d; d++){ - snprintf(host, sizeof(host), "%s.%s", instance, *d); - ret = krb5_make_principal(context, &pr, realm, name, host, NULL); - if (ret) { - krb5_config_free_strings(domains); - return ret; - } - if(func == NULL || (*func)(context, funcctx, pr)){ - *princ = pr; - krb5_config_free_strings(domains); - return 0; - } - krb5_free_principal(context, pr); - } - krb5_config_free_strings(domains); - } - - - p = krb5_config_get_string(context, NULL, "realms", realm, - "default_domain", NULL); - if(p == NULL){ - /* this should be an error, just faking a name is not good */ - krb5_clear_error_message (context); - return HEIM_ERR_V4_PRINC_NO_CONV; - } - - if (*p == '.') - ++p; - snprintf(host, sizeof(host), "%s.%s", instance, p); -local_host: - ret = krb5_make_principal(context, &pr, realm, name, host, NULL); - if (ret) - return ret; - if(func == NULL || (*func)(context, funcctx, pr)){ - *princ = pr; - return 0; - } - krb5_free_principal(context, pr); - krb5_clear_error_message (context); - return HEIM_ERR_V4_PRINC_NO_CONV; -no_host: - p = krb5_config_get_string(context, NULL, - "realms", - realm, - "v4_name_convert", - "plain", - name, - NULL); - if(p == NULL) - p = krb5_config_get_string(context, NULL, - "libdefaults", - "v4_name_convert", - "plain", - name, - NULL); - if(p) - name = p; - - ret = krb5_make_principal(context, &pr, realm, name, instance, NULL); - if (ret) - return ret; - if(func == NULL || (*func)(context, funcctx, pr)){ - *princ = pr; - return 0; - } - krb5_free_principal(context, pr); - krb5_clear_error_message (context); - return HEIM_ERR_V4_PRINC_NO_CONV; -} - -#endif /* KRB4 */ - -#ifndef HEIMDAL_SMALLER - -static int -check_list(const krb5_config_binding *l, const char *name, const char **out) -{ - while(l){ - if (l->type != krb5_config_string) - continue; - if(strcmp(name, l->u.string) == 0) { - *out = l->name; - return 1; - } - l = l->next; - } - return 0; -} - -static int -name_convert(krb5_context context, const char *name, const char *realm, - const char **out) -{ - const krb5_config_binding *l; - l = krb5_config_get_list (context, - NULL, - "realms", - realm, - "v4_name_convert", - "host", - NULL); - if(l && check_list(l, name, out)) - return KRB5_NT_SRV_HST; - l = krb5_config_get_list (context, - NULL, - "libdefaults", - "v4_name_convert", - "host", - NULL); - if(l && check_list(l, name, out)) - return KRB5_NT_SRV_HST; - l = krb5_config_get_list (context, - NULL, - "realms", - realm, - "v4_name_convert", - "plain", - NULL); - if(l && check_list(l, name, out)) - return KRB5_NT_UNKNOWN; - l = krb5_config_get_list (context, - NULL, - "libdefaults", - "v4_name_convert", - "host", - NULL); - if(l && check_list(l, name, out)) - return KRB5_NT_UNKNOWN; - - /* didn't find it in config file, try built-in list */ -#ifdef KRB4 - { - struct v4_name_convert *q; - for(q = default_v4_name_convert; q->from; q++) { - if(strcmp(name, q->to) == 0) { - *out = q->from; - return KRB5_NT_SRV_HST; - } - } - } -#endif - return -1; -} - -/* - * convert the v5 principal in `principal' into a v4 corresponding one - * in `name, instance, realm' - * this is limited interface since there's no length given for these - * three parameters. They have to be 40 bytes each (ANAME_SZ). - */ - -KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL -krb5_524_conv_principal(krb5_context context, - const krb5_principal principal, - char *name, - char *instance, - char *realm) -{ - const char *n, *i, *r; - char tmpinst[40]; - int type = princ_type(principal); - const int aname_sz = 40; - - r = principal->realm; - - switch(principal->name.name_string.len){ - case 1: - n = principal->name.name_string.val[0]; - i = ""; - break; - case 2: - n = principal->name.name_string.val[0]; - i = principal->name.name_string.val[1]; - break; - default: - krb5_set_error_message(context, KRB5_PARSE_MALFORMED, - N_("cannot convert a %d " - "component principal", ""), - principal->name.name_string.len); - return KRB5_PARSE_MALFORMED; - } - - { - const char *tmp; - int t = name_convert(context, n, r, &tmp); - if(t >= 0) { - type = t; - n = tmp; - } - } - - if(type == KRB5_NT_SRV_HST){ - char *p; - - strlcpy (tmpinst, i, sizeof(tmpinst)); - p = strchr(tmpinst, '.'); - if(p) - *p = 0; - i = tmpinst; - } - - if (strlcpy (name, n, aname_sz) >= aname_sz) { - krb5_set_error_message(context, KRB5_PARSE_MALFORMED, - N_("too long name component to convert", "")); - return KRB5_PARSE_MALFORMED; - } - if (strlcpy (instance, i, aname_sz) >= aname_sz) { - krb5_set_error_message(context, KRB5_PARSE_MALFORMED, - N_("too long instance component to convert", "")); - return KRB5_PARSE_MALFORMED; - } - if (strlcpy (realm, r, aname_sz) >= aname_sz) { - krb5_set_error_message(context, KRB5_PARSE_MALFORMED, - N_("too long realm component to convert", "")); - return KRB5_PARSE_MALFORMED; - } - return 0; -} - -#endif /* !HEIMDAL_SMALLER */ - /** * Create a principal for the service running on hostname. If * KRB5_NT_SRV_HST is used, the hostname is canonization using DNS (or @@ -1536,7 +1105,7 @@ static const struct { * @ingroup krb5_principal */ -krb5_error_code +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_parse_nametype(krb5_context context, const char *str, int32_t *nametype) { size_t i; @@ -1558,7 +1127,7 @@ krb5_parse_nametype(krb5_context context, const char *str, int32_t *nametype) * @ingroup krb5_principal */ -krb5_boolean +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL krb5_principal_is_krbtgt(krb5_context context, krb5_const_principal p) { return p->name.name_string.len == 2 && diff --git a/source4/heimdal/lib/krb5/ticket.c b/source4/heimdal/lib/krb5/ticket.c index 45c97284bf..d816242f09 100644 --- a/source4/heimdal/lib/krb5/ticket.c +++ b/source4/heimdal/lib/krb5/ticket.c @@ -177,7 +177,7 @@ krb5_ticket_get_endtime(krb5_context context, * * @ingroup krb5_ticket */ -unsigned long +KRB5_LIB_FUNCTION unsigned long KRB5_LIB_CALL krb5_ticket_get_flags(krb5_context context, const krb5_ticket *ticket) { diff --git a/source4/heimdal/lib/krb5/v4_glue.c b/source4/heimdal/lib/krb5/v4_glue.c deleted file mode 100644 index d47a1288ed..0000000000 --- a/source4/heimdal/lib/krb5/v4_glue.c +++ /dev/null @@ -1,960 +0,0 @@ -/* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "krb5_locl.h" - -#include "krb5-v4compat.h" - -#ifndef HEIMDAL_SMALLER - -/* - * - */ - -#define RCHECK(r,func,label) \ - do { (r) = func ; if (r) goto label; } while(0); - - -/* include this here, to avoid dependencies on libkrb */ - -static const int _tkt_lifetimes[TKTLIFENUMFIXED] = { - 38400, 41055, 43894, 46929, 50174, 53643, 57352, 61318, - 65558, 70091, 74937, 80119, 85658, 91581, 97914, 104684, - 111922, 119661, 127935, 136781, 146239, 156350, 167161, 178720, - 191077, 204289, 218415, 233517, 249664, 266926, 285383, 305116, - 326213, 348769, 372885, 398668, 426234, 455705, 487215, 520904, - 556921, 595430, 636601, 680618, 727680, 777995, 831789, 889303, - 950794, 1016537, 1086825, 1161973, 1242318, 1328218, 1420057, 1518247, - 1623226, 1735464, 1855462, 1983758, 2120925, 2267576, 2424367, 2592000 -}; - -KRB5_LIB_FUNCTION int KRB5_LIB_CALL -_krb5_krb_time_to_life(time_t start, time_t end) -{ - int i; - time_t life = end - start; - - if (life > MAXTKTLIFETIME || life <= 0) - return 0; -#if 0 - if (krb_no_long_lifetimes) - return (life + 5*60 - 1)/(5*60); -#endif - - if (end >= NEVERDATE) - return TKTLIFENOEXPIRE; - if (life < _tkt_lifetimes[0]) - return (life + 5*60 - 1)/(5*60); - for (i=0; i<TKTLIFENUMFIXED; i++) - if (life <= _tkt_lifetimes[i]) - return i + TKTLIFEMINFIXED; - return 0; - -} - -KRB5_LIB_FUNCTION time_t KRB5_LIB_CALL -_krb5_krb_life_to_time(int start, int life_) -{ - unsigned char life = (unsigned char) life_; - -#if 0 - if (krb_no_long_lifetimes) - return start + life*5*60; -#endif - - if (life == TKTLIFENOEXPIRE) - return NEVERDATE; - if (life < TKTLIFEMINFIXED) - return start + life*5*60; - if (life > TKTLIFEMAXFIXED) - return start + MAXTKTLIFETIME; - return start + _tkt_lifetimes[life - TKTLIFEMINFIXED]; -} - -/* - * Get the name of the krb4 credentials cache, will use `tkfile' as - * the name if that is passed in. `cc' must be free()ed by caller, - */ - -static krb5_error_code -get_krb4_cc_name(const char *tkfile, char **cc) -{ - - *cc = NULL; - if(tkfile == NULL) { - char *path; - if(!issuid()) { - path = getenv("KRBTKFILE"); - if (path) - *cc = strdup(path); - } -#ifdef HAVE_GETUID - if(*cc == NULL) - if (asprintf(cc, "%s%u", TKT_ROOT, (unsigned)getuid()) < 0 || *cc == NULL) - return errno; -#elif defined(KRB5_USE_PATH_TOKENS) - if(*cc == NULL) - if (_krb5_expand_path_tokens(NULL, TKT_ROOT "%{uid}", cc)) - return ENOMEM; -#endif - } else { - *cc = strdup(tkfile); - if (*cc == NULL) - return ENOMEM; - } - return 0; -} - -/* - * Write a Kerberos 4 ticket file - */ - -#define KRB5_TF_LCK_RETRY_COUNT 50 -#define KRB5_TF_LCK_RETRY 1 - -static krb5_error_code -write_v4_cc(krb5_context context, const char *tkfile, - krb5_storage *sp, int append) -{ - krb5_error_code ret; - struct stat sb; - krb5_data data; - char *path; - int fd, i; - - ret = get_krb4_cc_name(tkfile, &path); - if (ret) { - krb5_set_error_message(context, ret, - N_("Failed getting the krb4 credentials " - "cache name", "")); - return ret; - } - - fd = open(path, O_WRONLY|O_CREAT, 0600); - if (fd < 0) { - ret = errno; - krb5_set_error_message(context, ret, - N_("Failed opening krb4 credential cache " - "%s: %s", "path, error"), - path, strerror(ret)); - free(path); - return ret; - } - rk_cloexec(fd); - - if (fstat(fd, &sb) != 0 || !S_ISREG(sb.st_mode)) { - krb5_set_error_message(context, ret, - N_("krb4 credential cache %s is not a file", ""), - path); - free(path); - close(fd); - return KRB5_FCC_PERM; - } - - for (i = 0; i < KRB5_TF_LCK_RETRY_COUNT; i++) { - if (flock(fd, LOCK_EX | LOCK_NB) < 0) { - sleep(KRB5_TF_LCK_RETRY); - } else - break; - } - if (i == KRB5_TF_LCK_RETRY_COUNT) { - krb5_set_error_message(context, KRB5_FCC_PERM, - N_("Failed to lock credentail cache %s", ""), - path); - free(path); - close(fd); - return KRB5_FCC_PERM; - } - - if (!append) { - ret = ftruncate(fd, 0); - if (ret < 0) { - flock(fd, LOCK_UN); - krb5_set_error_message(context, KRB5_FCC_PERM, - N_("Failed to truncate krb4 cc %s", ""), - path); - free(path); - close(fd); - return KRB5_FCC_PERM; - } - } - ret = lseek(fd, 0L, SEEK_END); - if (ret < 0) { - ret = errno; - flock(fd, LOCK_UN); - free(path); - close(fd); - return ret; - } - - krb5_storage_to_data(sp, &data); - - ret = write(fd, data.data, data.length); - if (ret != data.length) - ret = KRB5_CC_IO; - else - ret = 0; - - krb5_data_free(&data); - - flock(fd, LOCK_UN); - free(path); - close(fd); - - return ret; -} - -/* - * - */ - -KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL -_krb5_krb_tf_setup(krb5_context context, - struct credentials *v4creds, - const char *tkfile, - int append) -{ - krb5_error_code ret; - krb5_storage *sp; - - sp = krb5_storage_emem(); - if (sp == NULL) - return ENOMEM; - - krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_HOST); - krb5_storage_set_eof_code(sp, KRB5_CC_IO); - - krb5_clear_error_message(context); - - if (!append) { - RCHECK(ret, krb5_store_stringz(sp, v4creds->pname), error); - RCHECK(ret, krb5_store_stringz(sp, v4creds->pinst), error); - } - - /* cred */ - RCHECK(ret, krb5_store_stringz(sp, v4creds->service), error); - RCHECK(ret, krb5_store_stringz(sp, v4creds->instance), error); - RCHECK(ret, krb5_store_stringz(sp, v4creds->realm), error); - ret = krb5_storage_write(sp, v4creds->session, 8); - if (ret != 8) { - ret = KRB5_CC_IO; - goto error; - } - RCHECK(ret, krb5_store_int32(sp, v4creds->lifetime), error); - RCHECK(ret, krb5_store_int32(sp, v4creds->kvno), error); - RCHECK(ret, krb5_store_int32(sp, v4creds->ticket_st.length), error); - - ret = krb5_storage_write(sp, v4creds->ticket_st.dat, - v4creds->ticket_st.length); - if (ret != v4creds->ticket_st.length) { - ret = KRB5_CC_IO; - goto error; - } - RCHECK(ret, krb5_store_int32(sp, v4creds->issue_date), error); - - ret = write_v4_cc(context, tkfile, sp, append); - - error: - krb5_storage_free(sp); - - return ret; -} - -/* - * - */ - -KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL -_krb5_krb_dest_tkt(krb5_context context, const char *tkfile) -{ - krb5_error_code ret; - char *path; - - ret = get_krb4_cc_name(tkfile, &path); - if (ret) { - krb5_set_error_message(context, ret, - N_("Failed getting the krb4 credentials " - "cache name", "")); - return ret; - } - - if (unlink(path) < 0) { - ret = errno; - krb5_set_error_message(context, ret, - N_("Failed removing the cache %s " - "with error %s", "path, error"), - path, strerror(ret)); - } - free(path); - - return ret; -} - -/* - * - */ - -static krb5_error_code -decrypt_etext(krb5_context context, const krb5_keyblock *key, - const krb5_data *cdata, krb5_data *data) -{ - krb5_error_code ret; - krb5_crypto crypto; - - ret = krb5_crypto_init(context, key, ETYPE_DES_PCBC_NONE, &crypto); - if (ret) - return ret; - - ret = krb5_decrypt(context, crypto, 0, cdata->data, cdata->length, data); - krb5_crypto_destroy(context, crypto); - - return ret; -} - - -/* - * - */ - -static const char eightzeros[8] = "\x00\x00\x00\x00\x00\x00\x00\x00"; - -static krb5_error_code -storage_to_etext(krb5_context context, - krb5_storage *sp, - const krb5_keyblock *key, - krb5_data *enc_data) -{ - krb5_error_code ret; - krb5_crypto crypto; - krb5_ssize_t size; - krb5_data data; - - /* multiple of eight bytes, don't round up */ - - size = krb5_storage_seek(sp, 0, SEEK_END); - if (size < 0) - return KRB4ET_RD_AP_UNDEC; - size = ((size+7) & ~7) - size; - - ret = krb5_storage_write(sp, eightzeros, size); - if (ret != size) - return KRB4ET_RD_AP_UNDEC; - - ret = krb5_storage_to_data(sp, &data); - if (ret) - return ret; - - ret = krb5_crypto_init(context, key, ETYPE_DES_PCBC_NONE, &crypto); - if (ret) { - krb5_data_free(&data); - return ret; - } - - ret = krb5_encrypt(context, crypto, 0, data.data, data.length, enc_data); - - krb5_data_free(&data); - krb5_crypto_destroy(context, crypto); - - return ret; -} - -/* - * - */ - -static krb5_error_code -put_nir(krb5_storage *sp, const char *name, - const char *instance, const char *realm) -{ - krb5_error_code ret; - - RCHECK(ret, krb5_store_stringz(sp, name), error); - RCHECK(ret, krb5_store_stringz(sp, instance), error); - if (realm) { - RCHECK(ret, krb5_store_stringz(sp, realm), error); - } - error: - return ret; -} - -/* - * - */ - -KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL -_krb5_krb_create_ticket(krb5_context context, - unsigned char flags, - const char *pname, - const char *pinstance, - const char *prealm, - int32_t paddress, - const krb5_keyblock *session, - int16_t life, - int32_t life_sec, - const char *sname, - const char *sinstance, - const krb5_keyblock *key, - krb5_data *enc_data) -{ - krb5_error_code ret; - krb5_storage *sp; - - krb5_data_zero(enc_data); - - sp = krb5_storage_emem(); - if (sp == NULL) { - krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); - return ENOMEM; - } - krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE); - - RCHECK(ret, krb5_store_int8(sp, flags), error); - RCHECK(ret, put_nir(sp, pname, pinstance, prealm), error); - RCHECK(ret, krb5_store_int32(sp, ntohl(paddress)), error); - - /* session key */ - ret = krb5_storage_write(sp, - session->keyvalue.data, - session->keyvalue.length); - if (ret != session->keyvalue.length) { - ret = KRB4ET_INTK_PROT; - goto error; - } - - RCHECK(ret, krb5_store_int8(sp, life), error); - RCHECK(ret, krb5_store_int32(sp, life_sec), error); - RCHECK(ret, put_nir(sp, sname, sinstance, NULL), error); - - ret = storage_to_etext(context, sp, key, enc_data); - - error: - krb5_storage_free(sp); - if (ret) - krb5_set_error_message(context, ret, - N_("Failed to encode kerberos 4 ticket", "")); - - return ret; -} - -/* - * - */ - -KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL -_krb5_krb_create_ciph(krb5_context context, - const krb5_keyblock *session, - const char *service, - const char *instance, - const char *realm, - uint32_t life, - unsigned char kvno, - const krb5_data *ticket, - uint32_t kdc_time, - const krb5_keyblock *key, - krb5_data *enc_data) -{ - krb5_error_code ret; - krb5_storage *sp; - - krb5_data_zero(enc_data); - - sp = krb5_storage_emem(); - if (sp == NULL) { - krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); - return ENOMEM; - } - krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE); - - /* session key */ - ret = krb5_storage_write(sp, - session->keyvalue.data, - session->keyvalue.length); - if (ret != session->keyvalue.length) { - ret = KRB4ET_INTK_PROT; - goto error; - } - - RCHECK(ret, put_nir(sp, service, instance, realm), error); - RCHECK(ret, krb5_store_int8(sp, life), error); - RCHECK(ret, krb5_store_int8(sp, kvno), error); - RCHECK(ret, krb5_store_int8(sp, ticket->length), error); - ret = krb5_storage_write(sp, ticket->data, ticket->length); - if (ret != ticket->length) { - ret = KRB4ET_INTK_PROT; - goto error; - } - RCHECK(ret, krb5_store_int32(sp, kdc_time), error); - - ret = storage_to_etext(context, sp, key, enc_data); - - error: - krb5_storage_free(sp); - if (ret) - krb5_set_error_message(context, ret, - N_("Failed to encode kerberos 4 ticket", "")); - - return ret; -} - -/* - * - */ - -KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL -_krb5_krb_create_auth_reply(krb5_context context, - const char *pname, - const char *pinst, - const char *prealm, - int32_t time_ws, - int n, - uint32_t x_date, - unsigned char kvno, - const krb5_data *cipher, - krb5_data *data) -{ - krb5_error_code ret; - krb5_storage *sp; - - krb5_data_zero(data); - - sp = krb5_storage_emem(); - if (sp == NULL) { - krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); - return ENOMEM; - } - krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE); - - RCHECK(ret, krb5_store_int8(sp, KRB_PROT_VERSION), error); - RCHECK(ret, krb5_store_int8(sp, AUTH_MSG_KDC_REPLY), error); - RCHECK(ret, put_nir(sp, pname, pinst, prealm), error); - RCHECK(ret, krb5_store_int32(sp, time_ws), error); - RCHECK(ret, krb5_store_int8(sp, n), error); - RCHECK(ret, krb5_store_int32(sp, x_date), error); - RCHECK(ret, krb5_store_int8(sp, kvno), error); - RCHECK(ret, krb5_store_int16(sp, cipher->length), error); - ret = krb5_storage_write(sp, cipher->data, cipher->length); - if (ret != cipher->length) { - ret = KRB4ET_INTK_PROT; - goto error; - } - - ret = krb5_storage_to_data(sp, data); - - error: - krb5_storage_free(sp); - if (ret) - krb5_set_error_message(context, ret, - N_("Failed to encode kerberos 4 ticket", "")); - - return ret; -} - -/* - * - */ - -KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL -_krb5_krb_cr_err_reply(krb5_context context, - const char *name, - const char *inst, - const char *realm, - uint32_t time_ws, - uint32_t e, - const char *e_string, - krb5_data *data) -{ - krb5_error_code ret; - krb5_storage *sp; - - krb5_data_zero(data); - - if (name == NULL) name = ""; - if (inst == NULL) inst = ""; - if (realm == NULL) realm = ""; - if (e_string == NULL) e_string = ""; - - sp = krb5_storage_emem(); - if (sp == NULL) { - krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); - return ENOMEM; - } - krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE); - - RCHECK(ret, krb5_store_int8(sp, KRB_PROT_VERSION), error); - RCHECK(ret, krb5_store_int8(sp, AUTH_MSG_ERR_REPLY), error); - RCHECK(ret, put_nir(sp, name, inst, realm), error); - RCHECK(ret, krb5_store_int32(sp, time_ws), error); - /* If it is a Kerberos 4 error-code, remove the et BASE */ - if (e >= ERROR_TABLE_BASE_krb && e <= ERROR_TABLE_BASE_krb + 255) - e -= ERROR_TABLE_BASE_krb; - RCHECK(ret, krb5_store_int32(sp, e), error); - RCHECK(ret, krb5_store_stringz(sp, e_string), error); - - ret = krb5_storage_to_data(sp, data); - - error: - krb5_storage_free(sp); - if (ret) - krb5_set_error_message(context, ret, "Failed to encode kerberos 4 error"); - - return 0; -} - -static krb5_error_code -get_v4_stringz(krb5_storage *sp, char **str, size_t max_len) -{ - krb5_error_code ret; - - ret = krb5_ret_stringz(sp, str); - if (ret) - return ret; - if (strlen(*str) > max_len) { - free(*str); - *str = NULL; - return KRB4ET_INTK_PROT; - } - return 0; -} - -/* - * - */ - -KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL -_krb5_krb_decomp_ticket(krb5_context context, - const krb5_data *enc_ticket, - const krb5_keyblock *key, - const char *local_realm, - char **sname, - char **sinstance, - struct _krb5_krb_auth_data *ad) -{ - krb5_error_code ret; - krb5_ssize_t size; - krb5_storage *sp = NULL; - krb5_data ticket; - unsigned char des_key[8]; - - memset(ad, 0, sizeof(*ad)); - krb5_data_zero(&ticket); - - *sname = NULL; - *sinstance = NULL; - - RCHECK(ret, decrypt_etext(context, key, enc_ticket, &ticket), error); - - sp = krb5_storage_from_data(&ticket); - if (sp == NULL) { - krb5_data_free(&ticket); - krb5_set_error_message(context, ENOMEM, "alloc: out of memory"); - return ENOMEM; - } - - krb5_storage_set_eof_code(sp, KRB4ET_INTK_PROT); - - RCHECK(ret, krb5_ret_int8(sp, &ad->k_flags), error); - RCHECK(ret, get_v4_stringz(sp, &ad->pname, ANAME_SZ), error); - RCHECK(ret, get_v4_stringz(sp, &ad->pinst, INST_SZ), error); - RCHECK(ret, get_v4_stringz(sp, &ad->prealm, REALM_SZ), error); - RCHECK(ret, krb5_ret_uint32(sp, &ad->address), error); - - size = krb5_storage_read(sp, des_key, sizeof(des_key)); - if (size != sizeof(des_key)) { - ret = KRB4ET_INTK_PROT; - goto error; - } - - RCHECK(ret, krb5_ret_uint8(sp, &ad->life), error); - - if (ad->k_flags & 1) - krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_LE); - else - krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE); - - RCHECK(ret, krb5_ret_uint32(sp, &ad->time_sec), error); - - RCHECK(ret, get_v4_stringz(sp, sname, ANAME_SZ), error); - RCHECK(ret, get_v4_stringz(sp, sinstance, INST_SZ), error); - - ret = krb5_keyblock_init(context, ETYPE_DES_PCBC_NONE, - des_key, sizeof(des_key), &ad->session); - if (ret) - goto error; - - if (strlen(ad->prealm) == 0) { - free(ad->prealm); - ad->prealm = strdup(local_realm); - if (ad->prealm == NULL) { - ret = ENOMEM; - goto error; - } - } - - error: - memset(des_key, 0, sizeof(des_key)); - if (sp) - krb5_storage_free(sp); - krb5_data_free(&ticket); - if (ret) { - if (*sname) { - free(*sname); - *sname = NULL; - } - if (*sinstance) { - free(*sinstance); - *sinstance = NULL; - } - _krb5_krb_free_auth_data(context, ad); - krb5_set_error_message(context, ret, "Failed to decode v4 ticket"); - } - return ret; -} - -/* - * - */ - -KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL -_krb5_krb_rd_req(krb5_context context, - krb5_data *authent, - const char *service, - const char *instance, - const char *local_realm, - int32_t from_addr, - const krb5_keyblock *key, - struct _krb5_krb_auth_data *ad) -{ - krb5_error_code ret; - krb5_storage *sp; - krb5_data ticket, eaut, aut; - krb5_ssize_t size; - int little_endian; - int8_t pvno; - int8_t type; - int8_t s_kvno; - uint8_t ticket_length; - uint8_t eaut_length; - uint8_t time_5ms; - char *realm = NULL; - char *sname = NULL; - char *sinstance = NULL; - char *r_realm = NULL; - char *r_name = NULL; - char *r_instance = NULL; - - uint32_t r_time_sec; /* Coarse time from authenticator */ - unsigned long delta_t; /* Time in authenticator - local time */ - long tkt_age; /* Age of ticket */ - - struct timeval tv; - - krb5_data_zero(&ticket); - krb5_data_zero(&eaut); - krb5_data_zero(&aut); - - sp = krb5_storage_from_data(authent); - if (sp == NULL) { - krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); - return ENOMEM; - } - - krb5_storage_set_eof_code(sp, KRB4ET_INTK_PROT); - - ret = krb5_ret_int8(sp, &pvno); - if (ret) { - krb5_set_error_message(context, ret, N_("Failed reading v4 pvno", "")); - goto error; - } - - if (pvno != KRB_PROT_VERSION) { - ret = KRB4ET_RD_AP_VERSION; - krb5_set_error_message(context, ret, N_("Failed v4 pvno not 4", "")); - goto error; - } - - ret = krb5_ret_int8(sp, &type); - if (ret) { - krb5_set_error_message(context, ret, N_("Failed readin v4 type", "")); - goto error; - } - - little_endian = type & 1; - type &= ~1; - - if(type != AUTH_MSG_APPL_REQUEST && type != AUTH_MSG_APPL_REQUEST_MUTUAL) { - ret = KRB4ET_RD_AP_MSG_TYPE; - krb5_set_error_message(context, ret, - N_("Not a valid v4 request type", "")); - goto error; - } - - RCHECK(ret, krb5_ret_int8(sp, &s_kvno), error); - RCHECK(ret, get_v4_stringz(sp, &realm, REALM_SZ), error); - RCHECK(ret, krb5_ret_uint8(sp, &ticket_length), error); - RCHECK(ret, krb5_ret_uint8(sp, &eaut_length), error); - RCHECK(ret, krb5_data_alloc(&ticket, ticket_length), error); - - size = krb5_storage_read(sp, ticket.data, ticket.length); - if (size != ticket.length) { - ret = KRB4ET_INTK_PROT; - krb5_set_error_message(context, ret, N_("Failed reading v4 ticket", "")); - goto error; - } - - /* Decrypt and take apart ticket */ - ret = _krb5_krb_decomp_ticket(context, &ticket, key, local_realm, - &sname, &sinstance, ad); - if (ret) - goto error; - - RCHECK(ret, krb5_data_alloc(&eaut, eaut_length), error); - - size = krb5_storage_read(sp, eaut.data, eaut.length); - if (size != eaut.length) { - ret = KRB4ET_INTK_PROT; - krb5_set_error_message(context, ret, - N_("Failed reading v4 authenticator", "")); - goto error; - } - - krb5_storage_free(sp); - sp = NULL; - - ret = decrypt_etext(context, &ad->session, &eaut, &aut); - if (ret) - goto error; - - sp = krb5_storage_from_data(&aut); - if (sp == NULL) { - ret = ENOMEM; - krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); - goto error; - } - - if (little_endian) - krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_LE); - else - krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE); - - RCHECK(ret, get_v4_stringz(sp, &r_name, ANAME_SZ), error); - RCHECK(ret, get_v4_stringz(sp, &r_instance, INST_SZ), error); - RCHECK(ret, get_v4_stringz(sp, &r_realm, REALM_SZ), error); - - RCHECK(ret, krb5_ret_uint32(sp, &ad->checksum), error); - RCHECK(ret, krb5_ret_uint8(sp, &time_5ms), error); - RCHECK(ret, krb5_ret_uint32(sp, &r_time_sec), error); - - if (strcmp(ad->pname, r_name) != 0 || - strcmp(ad->pinst, r_instance) != 0 || - strcmp(ad->prealm, r_realm) != 0) { - ret = KRB4ET_RD_AP_INCON; - krb5_set_error_message(context, ret, N_("v4 principal mismatch", "")); - goto error; - } - - if (from_addr && ad->address && from_addr != ad->address) { - ret = KRB4ET_RD_AP_BADD; - krb5_set_error_message(context, ret, - N_("v4 bad address in ticket", "")); - goto error; - } - - gettimeofday(&tv, NULL); - delta_t = abs((int)(tv.tv_sec - r_time_sec)); - if (delta_t > CLOCK_SKEW) { - ret = KRB4ET_RD_AP_TIME; - krb5_set_error_message(context, ret, N_("v4 clock skew", "")); - goto error; - } - - /* Now check for expiration of ticket */ - - tkt_age = tv.tv_sec - ad->time_sec; - - if ((tkt_age < 0) && (-tkt_age > CLOCK_SKEW)) { - ret = KRB4ET_RD_AP_NYV; - krb5_set_error_message(context, ret, - N_("v4 clock skew for expiration", "")); - goto error; - } - - if (tv.tv_sec > _krb5_krb_life_to_time(ad->time_sec, ad->life)) { - ret = KRB4ET_RD_AP_EXP; - krb5_set_error_message(context, ret, N_("v4 ticket expired", "")); - goto error; - } - - ret = 0; - error: - krb5_data_free(&ticket); - krb5_data_free(&eaut); - krb5_data_free(&aut); - if (realm) - free(realm); - if (sname) - free(sname); - if (sinstance) - free(sinstance); - if (r_name) - free(r_name); - if (r_instance) - free(r_instance); - if (r_realm) - free(r_realm); - if (sp) - krb5_storage_free(sp); - - if (ret) - krb5_clear_error_message(context); - - return ret; -} - -/* - * - */ - -KRB5_LIB_FUNCTION void KRB5_LIB_CALL -_krb5_krb_free_auth_data(krb5_context context, struct _krb5_krb_auth_data *ad) -{ - if (ad->pname) - free(ad->pname); - if (ad->pinst) - free(ad->pinst); - if (ad->prealm) - free(ad->prealm); - krb5_free_keyblock_contents(context, &ad->session); - memset(ad, 0, sizeof(*ad)); -} - -#endif /* HEIMDAL_SMALLER */ diff --git a/source4/heimdal/lib/krb5/warn.c b/source4/heimdal/lib/krb5/warn.c index 63994dfca7..f7581d1f90 100644 --- a/source4/heimdal/lib/krb5/warn.c +++ b/source4/heimdal/lib/krb5/warn.c @@ -182,6 +182,7 @@ krb5_verr(krb5_context context, int eval, krb5_error_code code, { _warnerr(context, 1, code, 0, fmt, ap); exit(eval); + UNREACHABLE(return 0); } /** @@ -203,6 +204,7 @@ krb5_err(krb5_context context, int eval, krb5_error_code code, { FUNC(1, code, 0); exit(eval); + UNREACHABLE(return 0); } /** @@ -222,6 +224,7 @@ krb5_verrx(krb5_context context, int eval, const char *fmt, va_list ap) { _warnerr(context, 0, 0, 0, fmt, ap); exit(eval); + UNREACHABLE(return 0); } /** @@ -240,6 +243,7 @@ krb5_errx(krb5_context context, int eval, const char *fmt, ...) { FUNC(0, 0, 0); exit(eval); + UNREACHABLE(return 0); } /** @@ -261,6 +265,7 @@ krb5_vabort(krb5_context context, krb5_error_code code, { _warnerr(context, 1, code, 0, fmt, ap); abort(); + UNREACHABLE(return 0); } /** @@ -280,6 +285,7 @@ krb5_abort(krb5_context context, krb5_error_code code, const char *fmt, ...) { FUNC(1, code, 0); abort(); + UNREACHABLE(return 0); } KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL @@ -288,6 +294,7 @@ krb5_vabortx(krb5_context context, const char *fmt, va_list ap) { _warnerr(context, 0, 0, 0, fmt, ap); abort(); + UNREACHABLE(return 0); } /** @@ -306,6 +313,7 @@ krb5_abortx(krb5_context context, const char *fmt, ...) { FUNC(0, 0, 0); abort(); + UNREACHABLE(return 0); } /** diff --git a/source4/heimdal/lib/ntlm/ntlm.c b/source4/heimdal/lib/ntlm/ntlm.c index 1cc5c06445..e401319ae0 100644 --- a/source4/heimdal/lib/ntlm/ntlm.c +++ b/source4/heimdal/lib/ntlm/ntlm.c @@ -455,7 +455,7 @@ heim_ntlm_decode_targetinfo(const struct ntlm_buf *data, { uint16_t type, len; krb5_storage *in; - int ret, done = 0; + int ret = 0, done = 0; memset(ti, 0, sizeof(*ti)); @@ -855,23 +855,23 @@ heim_ntlm_decode_type3(const struct ntlm_buf *buf, CHECK(type, 3); CHECK(ret_sec_buffer(in, &lm), 0); if (lm.allocated) - min_offset = MIN(min_offset, lm.offset); + min_offset = min(min_offset, lm.offset); CHECK(ret_sec_buffer(in, &ntlm), 0); if (ntlm.allocated) - min_offset = MIN(min_offset, ntlm.offset); + min_offset = min(min_offset, ntlm.offset); CHECK(ret_sec_buffer(in, &target), 0); if (target.allocated) - min_offset = MIN(min_offset, target.offset); + min_offset = min(min_offset, target.offset); CHECK(ret_sec_buffer(in, &username), 0); if (username.allocated) - min_offset = MIN(min_offset, username.offset); + min_offset = min(min_offset, username.offset); CHECK(ret_sec_buffer(in, &ws), 0); if (ws.allocated) - min_offset = MIN(min_offset, ws.offset); + min_offset = min(min_offset, ws.offset); if (min_offset > 52) { CHECK(ret_sec_buffer(in, &sessionkey), 0); - min_offset = MAX(min_offset, sessionkey.offset); + min_offset = max(min_offset, sessionkey.offset); CHECK(krb5_ret_uint32(in, &type3->flags), 0); } if (min_offset > 52 + 8 + 4 + 8) { @@ -1290,8 +1290,7 @@ heim_ntlm_build_ntlm2_master(void *key, size_t len, /** * Given a key and encrypted session, unwrap the session key * - * @param key the sessionBaseKey - * @param len length of key + * @param baseKey the sessionBaseKey * @param encryptedSession encrypted session, type3.session field. * @param session generated session nonce, should be freed with heim_ntlm_free_buf(). * @@ -1413,7 +1412,6 @@ nt2unixtime(uint64_t t) * @param username name of the user, as sent in the message, assumed to be in UTF8. * @param target the name of the target, assumed to be in UTF8. * @param serverchallenge challenge as sent by the server in the type2 message. - * @param infotarget infotarget as sent by the server in the type2 message. * @param ntlmv2 calculated session key * @param answer ntlm response answer, should be freed with heim_ntlm_free_buf(). * diff --git a/source4/heimdal/lib/roken/getarg.c b/source4/heimdal/lib/roken/getarg.c index e7dc74b7bc..a96e5c85bf 100644 --- a/source4/heimdal/lib/roken/getarg.c +++ b/source4/heimdal/lib/roken/getarg.c @@ -435,11 +435,7 @@ arg_match_long(struct getargs *args, size_t num_args, *flag = !negate; return 0; } else if (*goptarg && strcmp(goptarg + 1, "maybe") == 0) { -#ifdef HAVE_RANDOM - *flag = random() & 1; -#else - *flag = rand() & 1; -#endif + *flag = rk_random() & 1; } else { *flag = negate; return 0; @@ -554,13 +550,7 @@ getarg(struct getargs *args, size_t num_args, int i; int ret = 0; -#if defined(HAVE_SRANDOMDEV) - srandomdev(); -#elif defined(HAVE_RANDOM) - srandom(time(NULL)); -#else - srand ((int) time(NULL)); -#endif + rk_random_init(); (*goptind)++; for(i = *goptind; i < argc; i++) { if(argv[i][0] != '-') diff --git a/source4/heimdal/lib/roken/rand.c b/source4/heimdal/lib/roken/rand.c new file mode 100644 index 0000000000..ef92c2052b --- /dev/null +++ b/source4/heimdal/lib/roken/rand.c @@ -0,0 +1,48 @@ +/* + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "roken.h" + +void ROKEN_LIB_FUNCTION +rk_random_init(void) +{ +#if defined(HAVE_ARC4RANDOM) + arc4random_stir(); +#elif defined(HAVE_SRANDOMDEV) + srandomdev(); +#elif defined(HAVE_RANDOM) + srandom(time(NULL)); +#else + srand (time(NULL)); +#endif +} diff --git a/source4/heimdal/lib/roken/resolve.c b/source4/heimdal/lib/roken/resolve.c index 97edda471b..03715e5ffd 100644 --- a/source4/heimdal/lib/roken/resolve.c +++ b/source4/heimdal/lib/roken/resolve.c @@ -619,10 +619,6 @@ compare_srv(const void *a, const void *b) return ((*aa)->u.srv->priority - (*bb)->u.srv->priority); } -#ifndef HAVE_RANDOM -#define random() rand() -#endif - /* try to rearrange the srv-records by the algorithm in RFC2782 */ ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL rk_dns_srv_order(struct rk_dns_reply *r) @@ -636,6 +632,8 @@ rk_dns_srv_order(struct rk_dns_reply *r) char *oldstate; #endif + rk_random_init(); + for(rr = r->head; rr; rr = rr->next) if(rr->type == rk_ns_t_srv) num_srv++; @@ -682,7 +680,7 @@ rk_dns_srv_order(struct rk_dns_reply *r) /* ss is now the first record of this priority and ee is the first of the next */ while(ss < ee) { - rnd = random() % (sum + 1); + rnd = rk_random() % (sum + 1); for(count = 0, tt = ss; ; tt++) { if(*tt == NULL) continue; diff --git a/source4/heimdal/lib/roken/roken-common.h b/source4/heimdal/lib/roken/roken-common.h index a437d8a346..d9369a3e15 100644 --- a/source4/heimdal/lib/roken/roken-common.h +++ b/source4/heimdal/lib/roken/roken-common.h @@ -150,6 +150,11 @@ #endif /* !_WIN32 */ +/* Minimize conflict with WinNT.h */ +#ifdef SLIST_ENTRY +#undef SLIST_ENTRY +#endif + #ifndef PATH_MAX #define PATH_MAX MAX_PATH #endif @@ -221,6 +226,10 @@ #define AI_NUMERICHOST 0x04 #endif +#ifndef AI_NUMERICSERV +#define AI_NUMERICSERV 0x08 +#endif + /* flags for getnameinfo() */ #ifndef NI_DGRAM @@ -486,6 +495,9 @@ rk_cloexec_dir(DIR *); ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL ct_memcmp(const void *, const void *, size_t); +void ROKEN_LIB_FUNCTION +rk_random_init(void); + ROKEN_CPP_END #endif /* __ROKEN_COMMON_H__ */ diff --git a/source4/heimdal/lib/roken/roken.h.in b/source4/heimdal/lib/roken/roken.h.in index 0c0dd20035..e7cb1598fb 100644 --- a/source4/heimdal/lib/roken/roken.h.in +++ b/source4/heimdal/lib/roken/roken.h.in @@ -43,18 +43,26 @@ #ifndef ROKEN_LIB_FUNCTION #ifdef _WIN32 -#define ROKEN_LIB_FUNCTION -#define ROKEN_LIB_CALL __cdecl +# define ROKEN_LIB_CALL __cdecl +# ifdef ROKEN_LIB_DYNAMIC +# define ROKEN_LIB_FUNCTION __declspec(dllimport) +# define ROKEN_LIB_VARIABLE __declspec(dllimport) +# else +# define ROKEN_LIB_FUNCTION +# define ROKEN_LIB_VARIABLE +# endif #else #define ROKEN_LIB_FUNCTION #define ROKEN_LIB_CALL +#define ROKEN_LIB_VARIABLE #endif #endif #ifdef HAVE_WINSOCK /* Declarations for Microsoft Windows */ -#include<ws2tcpip.h> +#include <winsock2.h> +#include <ws2tcpip.h> /* * error codes for inet_ntop/inet_pton @@ -241,10 +249,6 @@ struct sockaddr_dl; #include <time.h> #endif -#ifdef HAVE_WS2TCPIP_H -#include <ws2tcpip.h> -#endif - #ifdef HAVE_PATHS_H #include <paths.h> #endif @@ -536,7 +540,6 @@ int ROKEN_LIB_FUNCTION rk_strerror_r(int, char *, size_t); #endif /* This causes a fatal error under Psoriasis */ #ifndef SunOS -const char * ROKEN_LIB_FUNCTION hstrerror(int); ROKEN_LIB_FUNCTION const char * ROKEN_LIB_CALL hstrerror(int); #endif #endif @@ -757,14 +760,23 @@ ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL get_window_size(int fd, struct winsize *); ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL vsyslog(int, const char *, va_list); #endif +#ifndef HAVE_GETOPT +#define getopt rk_getopt +#define optarg rk_optarg +#define optind rk_optind +#define opterr rk_opterr +ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL +getopt(int nargc, char * const *nargv, const char *ostr); +#endif + #if !HAVE_DECL_OPTARG -extern char *optarg; +ROKEN_LIB_VARIABLE extern char *optarg; #endif #if !HAVE_DECL_OPTIND -extern int optind; +ROKEN_LIB_VARIABLE extern int optind; #endif #if !HAVE_DECL_OPTERR -extern int opterr; +ROKEN_LIB_VARIABLE extern int opterr; #endif #ifndef HAVE_GETIPNODEBYNAME @@ -1072,6 +1084,15 @@ void rk_qsort(void *, size_t, size_t, int (*)(const void *, const void *)); #endif +#if defined(HAVE_ARC4RANDOM) +#define rk_random() arc4random() +#elif defined(HAVE_RANDOM) +#define rk_random() random() +#else +#define rk_random() rand() +#endif + + #if defined(__linux__) && defined(SOCK_CLOEXEC) && !defined(SOCKET_WRAPPER_REPLACE) && !defined(__SOCKET_WRAPPER_H__) #undef socket #define socket(_fam,_type,_prot) rk_socket(_fam,_type,_prot) diff --git a/source4/heimdal/lib/roken/setprogname.c b/source4/heimdal/lib/roken/setprogname.c index 115af77b88..88a5f9bb44 100644 --- a/source4/heimdal/lib/roken/setprogname.c +++ b/source4/heimdal/lib/roken/setprogname.c @@ -40,19 +40,52 @@ extern const char *__progname; #endif #ifndef HAVE_SETPROGNAME + ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL setprogname(const char *argv0) { + #ifndef HAVE___PROGNAME + const char *p; if(argv0 == NULL) return; p = strrchr(argv0, '/'); + +#ifdef BACKSLASH_PATH_DELIM + { + const char * pb; + + pb = strrchr((p != NULL)? p : argv0, '\\'); + if (pb != NULL) + p = pb; + } +#endif + if(p == NULL) p = argv0; else p++; + +#ifdef _WIN32 + { + char * fn = strdup(p); + char * ext; + + strlwr(fn); + ext = strrchr(fn, '.'); + if (ext != NULL && !strcmp(ext, ".exe")) + *ext = '\0'; + + __progname = fn; + } +#else + __progname = p; + #endif + +#endif /* HAVE___PROGNAME */ } + #endif /* HAVE_SETPROGNAME */ diff --git a/source4/heimdal/lib/roken/socket.c b/source4/heimdal/lib/roken/socket.c index ef594ffd0d..8797f95772 100644 --- a/source4/heimdal/lib/roken/socket.c +++ b/source4/heimdal/lib/roken/socket.c @@ -119,8 +119,7 @@ socket_addr_size (const struct sockaddr *sa) return sizeof(struct in6_addr); #endif default : - errx (1, "unknown address family %d", sa->sa_family); - UNREACHABLE(return 0); + return 0; } } @@ -138,9 +137,8 @@ socket_sockaddr_size (const struct sockaddr *sa) case AF_INET6 : return sizeof(struct sockaddr_in6); #endif - default : - errx (1, "unknown address family %d", sa->sa_family); - UNREACHABLE(return 0); + default: + return 0; } } @@ -162,9 +160,8 @@ socket_get_address (const struct sockaddr *sa) return rk_UNCONST(&sin6->sin6_addr); } #endif - default : - errx (1, "unknown address family %d", sa->sa_family); - UNREACHABLE(return NULL); + default: + return NULL; } } @@ -187,8 +184,7 @@ socket_get_port (const struct sockaddr *sa) } #endif default : - errx (1, "unknown address family %d", sa->sa_family); - UNREACHABLE(return 0); + return 0; } } @@ -227,18 +223,13 @@ socket_set_portrange (rk_socket_t sock, int restr, int af) #if defined(IP_PORTRANGE) if (af == AF_INET) { int on = restr ? IP_PORTRANGE_HIGH : IP_PORTRANGE_DEFAULT; - if (setsockopt (sock, IPPROTO_IP, IP_PORTRANGE, &on, - sizeof(on)) < 0) - warn ("setsockopt IP_PORTRANGE (ignored)"); + setsockopt (sock, IPPROTO_IP, IP_PORTRANGE, &on, sizeof(on)); } #endif #if defined(IPV6_PORTRANGE) if (af == AF_INET6) { - int on = restr ? IPV6_PORTRANGE_HIGH : - IPV6_PORTRANGE_DEFAULT; - if (setsockopt (sock, IPPROTO_IPV6, IPV6_PORTRANGE, &on, - sizeof(on)) < 0) - warn ("setsockopt IPV6_PORTRANGE (ignored)"); + int on = restr ? IPV6_PORTRANGE_HIGH : IPV6_PORTRANGE_DEFAULT; + setsockopt (sock, IPPROTO_IPV6, IPV6_PORTRANGE, &on, sizeof(on)); } #endif } @@ -252,9 +243,7 @@ socket_set_debug (rk_socket_t sock) { #if defined(SO_DEBUG) && defined(HAVE_SETSOCKOPT) int on = 1; - - if (setsockopt (sock, SOL_SOCKET, SO_DEBUG, (void *) &on, sizeof (on)) < 0) - warn ("setsockopt SO_DEBUG (ignored)"); + setsockopt (sock, SOL_SOCKET, SO_DEBUG, (void *) &on, sizeof (on)); #endif } @@ -266,9 +255,7 @@ ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL socket_set_tos (rk_socket_t sock, int tos) { #if defined(IP_TOS) && defined(HAVE_SETSOCKOPT) - if (setsockopt (sock, IPPROTO_IP, IP_TOS, (void *) &tos, sizeof (int)) < 0) - if (errno != EINVAL) - warn ("setsockopt TOS (ignored)"); + setsockopt (sock, IPPROTO_IP, IP_TOS, (void *) &tos, sizeof(int)); #endif } @@ -280,9 +267,7 @@ ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL socket_set_reuseaddr (rk_socket_t sock, int val) { #if defined(SO_REUSEADDR) && defined(HAVE_SETSOCKOPT) - if(setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&val, - sizeof(val)) < 0) - err (1, "setsockopt SO_REUSEADDR"); + setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&val, sizeof(val)); #endif } |