diff options
Diffstat (limited to 'source4/heimdal/lib/krb5')
93 files changed, 1096 insertions, 5928 deletions
diff --git a/source4/heimdal/lib/krb5/acache.c b/source4/heimdal/lib/krb5/acache.c index 8dd8687005..fb38abedfd 100644 --- a/source4/heimdal/lib/krb5/acache.c +++ b/source4/heimdal/lib/krb5/acache.c @@ -37,7 +37,7 @@ #include <dlfcn.h> #endif -RCSID("$Id: acache.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); /* XXX should we fetch these for each open ? */ static HEIMDAL_MUTEX acc_mutex = HEIMDAL_MUTEX_INITIALIZER; diff --git a/source4/heimdal/lib/krb5/add_et_list.c b/source4/heimdal/lib/krb5/add_et_list.c index 5455d8ac99..e61f775eef 100644 --- a/source4/heimdal/lib/krb5/add_et_list.c +++ b/source4/heimdal/lib/krb5/add_et_list.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: add_et_list.c 22603 2008-02-21 18:44:57Z lha $"); +RCSID("$Id$"); /** * Add a specified list of error messages to the et list in context. diff --git a/source4/heimdal/lib/krb5/addr_families.c b/source4/heimdal/lib/krb5/addr_families.c index 40abd874cc..dcb9a97154 100644 --- a/source4/heimdal/lib/krb5/addr_families.c +++ b/source4/heimdal/lib/krb5/addr_families.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: addr_families.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); struct addr_operations { int af; diff --git a/source4/heimdal/lib/krb5/appdefault.c b/source4/heimdal/lib/krb5/appdefault.c index b0bb171f4a..a5b6e67e30 100644 --- a/source4/heimdal/lib/krb5/appdefault.c +++ b/source4/heimdal/lib/krb5/appdefault.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: appdefault.c 14465 2005-01-05 05:40:59Z lukeh $"); +RCSID("$Id$"); void KRB5_LIB_FUNCTION krb5_appdefault_boolean(krb5_context context, const char *appname, diff --git a/source4/heimdal/lib/krb5/asn1_glue.c b/source4/heimdal/lib/krb5/asn1_glue.c index b3f775b4be..84c9cd8b68 100644 --- a/source4/heimdal/lib/krb5/asn1_glue.c +++ b/source4/heimdal/lib/krb5/asn1_glue.c @@ -37,7 +37,7 @@ #include "krb5_locl.h" -RCSID("$Id: asn1_glue.c 21745 2007-07-31 16:11:25Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION _krb5_principal2principalname (PrincipalName *p, diff --git a/source4/heimdal/lib/krb5/auth_context.c b/source4/heimdal/lib/krb5/auth_context.c index e4fb50e5b8..cbb186d6c3 100644 --- a/source4/heimdal/lib/krb5/auth_context.c +++ b/source4/heimdal/lib/krb5/auth_context.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: auth_context.c 23273 2008-06-23 03:25:00Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION krb5_auth_con_init(krb5_context context, diff --git a/source4/heimdal/lib/krb5/build_ap_req.c b/source4/heimdal/lib/krb5/build_ap_req.c index b1968fe817..92051ba68a 100644 --- a/source4/heimdal/lib/krb5/build_ap_req.c +++ b/source4/heimdal/lib/krb5/build_ap_req.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: build_ap_req.c 13863 2004-05-25 21:46:46Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION krb5_build_ap_req (krb5_context context, diff --git a/source4/heimdal/lib/krb5/build_auth.c b/source4/heimdal/lib/krb5/build_auth.c index fe3a5f523c..eb106dc23f 100644 --- a/source4/heimdal/lib/krb5/build_auth.c +++ b/source4/heimdal/lib/krb5/build_auth.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: build_auth.c 23273 2008-06-23 03:25:00Z lha $"); +RCSID("$Id$"); static krb5_error_code make_etypelist(krb5_context context, diff --git a/source4/heimdal/lib/krb5/cache.c b/source4/heimdal/lib/krb5/cache.c index 34bfb4a350..02db405f7e 100644 --- a/source4/heimdal/lib/krb5/cache.c +++ b/source4/heimdal/lib/krb5/cache.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: cache.c 23417 2008-07-26 18:36:33Z lha $"); +RCSID("$Id$"); /** * Add a new ccache type with operations `ops', overwriting any diff --git a/source4/heimdal/lib/krb5/changepw.c b/source4/heimdal/lib/krb5/changepw.c index ac1a2d312e..d57ed9e3b8 100644 --- a/source4/heimdal/lib/krb5/changepw.c +++ b/source4/heimdal/lib/krb5/changepw.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: changepw.c 23445 2008-07-27 12:08:03Z lha $"); +RCSID("$Id$"); #undef __attribute__ #define __attribute__(X) @@ -577,7 +577,7 @@ change_password_loop (krb5_context context, for (a = ai; !done && a != NULL; a = a->ai_next) { int replied = 0; - sock = socket (a->ai_family, a->ai_socktype, a->ai_protocol); + sock = socket (a->ai_family, a->ai_socktype | SOCK_CLOEXEC, a->ai_protocol); if (sock < 0) continue; rk_cloexec(sock); diff --git a/source4/heimdal/lib/krb5/codec.c b/source4/heimdal/lib/krb5/codec.c index 0d36b4b442..478f77ecef 100644 --- a/source4/heimdal/lib/krb5/codec.c +++ b/source4/heimdal/lib/krb5/codec.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: codec.c 13863 2004-05-25 21:46:46Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION krb5_decode_EncTicketPart (krb5_context context, diff --git a/source4/heimdal/lib/krb5/config_file.c b/source4/heimdal/lib/krb5/config_file.c index bf3c432397..f7f7957b04 100644 --- a/source4/heimdal/lib/krb5/config_file.c +++ b/source4/heimdal/lib/krb5/config_file.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: config_file.c 23280 2008-06-23 03:26:18Z lha $"); +RCSID("$Id$"); #ifndef HAVE_NETINFO diff --git a/source4/heimdal/lib/krb5/config_file_netinfo.c b/source4/heimdal/lib/krb5/config_file_netinfo.c index 1e01e7c5ff..d51739ae37 100644 --- a/source4/heimdal/lib/krb5/config_file_netinfo.c +++ b/source4/heimdal/lib/krb5/config_file_netinfo.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: config_file_netinfo.c 13863 2004-05-25 21:46:46Z lha $"); +RCSID("$Id$"); /* * Netinfo implementation from Luke Howard <lukeh@xedoc.com.au> diff --git a/source4/heimdal/lib/krb5/constants.c b/source4/heimdal/lib/krb5/constants.c index 8fffb0f402..dc96bcb632 100644 --- a/source4/heimdal/lib/krb5/constants.c +++ b/source4/heimdal/lib/krb5/constants.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: constants.c 23026 2008-04-17 10:02:03Z lha $"); +RCSID("$Id$"); KRB5_LIB_VARIABLE const char *krb5_config_file = #ifdef __APPLE__ diff --git a/source4/heimdal/lib/krb5/context.c b/source4/heimdal/lib/krb5/context.c index 543dba396d..358ab20349 100644 --- a/source4/heimdal/lib/krb5/context.c +++ b/source4/heimdal/lib/krb5/context.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include <com_err.h> -RCSID("$Id: context.c 23420 2008-07-26 18:37:48Z lha $"); +RCSID("$Id$"); #define INIT_FIELD(C, T, E, D, F) \ (C)->E = krb5_config_get_ ## T ## _default ((C), NULL, (D), \ @@ -192,6 +192,19 @@ init_context_from_config_file(krb5_context context) INIT_FLAG(context, flags, KRB5_CTX_F_CHECK_PAC, TRUE, "check_pac"); context->default_cc_name = NULL; context->default_cc_name_set = 0; + + ret = krb5_config_get_bool_default(context, NULL, FALSE, + "libdefaults", + "allow_weak_crypto", NULL); + if (ret) { + krb5_enctype_enable(context, ETYPE_DES_CBC_CRC); + krb5_enctype_enable(context, ETYPE_DES_CBC_MD4); + krb5_enctype_enable(context, ETYPE_DES_CBC_MD5); + krb5_enctype_enable(context, ETYPE_DES_CBC_NONE); + krb5_enctype_enable(context, ETYPE_DES_CFB64_NONE); + krb5_enctype_enable(context, ETYPE_DES_PCBC_NONE); + } + return 0; } @@ -246,9 +259,7 @@ krb5_init_context(krb5_context *context) krb5_cc_register(p, &krb5_acc_ops, TRUE); krb5_cc_register(p, &krb5_fcc_ops, TRUE); krb5_cc_register(p, &krb5_mcc_ops, TRUE); -#if 0 krb5_cc_register(p, &krb5_scc_ops, TRUE); -#endif #ifdef HAVE_KCM krb5_cc_register(p, &krb5_kcm_ops, TRUE); #endif diff --git a/source4/heimdal/lib/krb5/convert_creds.c b/source4/heimdal/lib/krb5/convert_creds.c index 07943efb28..d74f121207 100644 --- a/source4/heimdal/lib/krb5/convert_creds.c +++ b/source4/heimdal/lib/krb5/convert_creds.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: convert_creds.c 23280 2008-06-23 03:26:18Z lha $"); +RCSID("$Id$"); #include "krb5-v4compat.h" diff --git a/source4/heimdal/lib/krb5/copy_host_realm.c b/source4/heimdal/lib/krb5/copy_host_realm.c index cbe333850c..db06e56fb6 100644 --- a/source4/heimdal/lib/krb5/copy_host_realm.c +++ b/source4/heimdal/lib/krb5/copy_host_realm.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: copy_host_realm.c 23280 2008-06-23 03:26:18Z lha $"); +RCSID("$Id$"); /** * Copy the list of realms from `from' to `to'. diff --git a/source4/heimdal/lib/krb5/crc.c b/source4/heimdal/lib/krb5/crc.c index e8ddecf7ba..cdb40b8110 100644 --- a/source4/heimdal/lib/krb5/crc.c +++ b/source4/heimdal/lib/krb5/crc.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: crc.c 22862 2008-04-07 18:49:55Z lha $"); +RCSID("$Id$"); static u_long table[256]; diff --git a/source4/heimdal/lib/krb5/creds.c b/source4/heimdal/lib/krb5/creds.c index 938ec294a4..d194041766 100644 --- a/source4/heimdal/lib/krb5/creds.c +++ b/source4/heimdal/lib/krb5/creds.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: creds.c 23280 2008-06-23 03:26:18Z lha $"); +RCSID("$Id$"); #undef __attribute__ #define __attribute__(X) diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c index e91cb9391a..6675647736 100644 --- a/source4/heimdal/lib/krb5/crypto.c +++ b/source4/heimdal/lib/krb5/crypto.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2005 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,15 +32,25 @@ */ #include "krb5_locl.h" -RCSID("$Id: crypto.c 23454 2008-07-27 12:11:44Z lha $"); +RCSID("$Id$"); #include <pkinit_asn1.h> -#undef CRYPTO_DEBUG -#ifdef CRYPTO_DEBUG -static void krb5_crypto_debug(krb5_context, int, size_t, krb5_keyblock*); +#undef __attribute__ +#define __attribute__(X) + +#ifndef HEIMDAL_SMALLER +#define WEAK_ENCTYPES 1 +#define DES3_OLD_ENCTYPE 1 #endif +#ifdef HAVE_OPENSSL /* XXX forward decl for hcrypto glue */ +const EVP_CIPHER * _krb5_EVP_hcrypto_aes_128_cts(void); +const EVP_CIPHER * _krb5_EVP_hcrypto_aes_256_cts(void); +#define EVP_hcrypto_aes_128_cts _krb5_EVP_hcrypto_aes_128_cts +#define EVP_hcrypto_aes_256_cts _krb5_EVP_hcrypto_aes_256_cts +#endif + struct key_data { krb5_keyblock *key; krb5_data *schedule; @@ -82,13 +92,12 @@ struct key_type { size_t bits; size_t size; size_t schedule_size; -#if 0 - krb5_enctype best_etype; -#endif void (*random_key)(krb5_context, krb5_keyblock*); - void (*schedule)(krb5_context, struct key_data *); + void (*schedule)(krb5_context, struct key_type *, struct key_data *); struct salt_type *string_to_key; void (*random_to_key)(krb5_context, krb5_keyblock*, const void*, size_t); + void (*cleanup)(krb5_context, struct key_data *); + const EVP_CIPHER *(*evp)(void); }; struct checksum_type { @@ -97,11 +106,11 @@ struct checksum_type { size_t blocksize; size_t checksumsize; unsigned flags; - void (*checksum)(krb5_context context, - struct key_data *key, - const void *buf, size_t len, - unsigned usage, - Checksum *csum); + krb5_enctype (*checksum)(krb5_context context, + struct key_data *key, + const void *buf, size_t len, + unsigned usage, + Checksum *csum); krb5_error_code (*verify)(krb5_context context, struct key_data *key, const void *buf, size_t len, @@ -152,7 +161,9 @@ static krb5_error_code hmac(krb5_context context, unsigned usage, struct key_data *keyblock, Checksum *result); -static void free_key_data(krb5_context context, struct key_data *key); +static void free_key_data(krb5_context, + struct key_data *, + struct encryption_type *); static krb5_error_code usage2arcfour (krb5_context, unsigned *); static void xor (DES_cblock *, const unsigned char *); @@ -160,8 +171,13 @@ static void xor (DES_cblock *, const unsigned char *); * * ************************************************************/ -static HEIMDAL_MUTEX crypto_mutex = HEIMDAL_MUTEX_INITIALIZER; +struct evp_schedule { + EVP_CIPHER_CTX ectx; + EVP_CIPHER_CTX dctx; +}; + +static HEIMDAL_MUTEX crypto_mutex = HEIMDAL_MUTEX_INITIALIZER; static void krb5_DES_random_key(krb5_context context, @@ -174,12 +190,16 @@ krb5_DES_random_key(krb5_context context, } while(DES_is_weak_key(k)); } +#ifdef WEAK_ENCTYPES static void -krb5_DES_schedule(krb5_context context, - struct key_data *key) +krb5_DES_schedule_old(krb5_context context, + struct key_type *kt, + struct key_data *key) { DES_set_key_unchecked(key->key->keyvalue.data, key->schedule->data); } +#endif /* WEAK_ENCTYPES */ + #ifdef ENABLE_AFS_STRING_TO_KEY @@ -384,17 +404,6 @@ DES3_random_key(krb5_context context, DES_is_weak_key(&k[2])); } -static void -DES3_schedule(krb5_context context, - struct key_data *key) -{ - DES_cblock *k = key->key->keyvalue.data; - DES_key_schedule *s = key->schedule->data; - DES_set_key_unchecked(&k[0], &s[0]); - DES_set_key_unchecked(&k[1], &s[1]); - DES_set_key_unchecked(&k[2], &s[2]); -} - /* * A = A xor B. A & B are 8 bytes. */ @@ -413,6 +422,7 @@ xor (DES_cblock *key, const unsigned char *b) a[7] ^= b[7]; } +#ifdef DES3_OLD_ENCTYPE static krb5_error_code DES3_string_to_key(krb5_context context, krb5_enctype enctype, @@ -476,6 +486,7 @@ DES3_string_to_key(krb5_context context, free(str); return 0; } +#endif static krb5_error_code DES3_string_to_key_derived(krb5_context context, @@ -546,6 +557,7 @@ DES3_random_to_key(krb5_context context, static void ARCFOUR_schedule(krb5_context context, + struct key_type *kt, struct key_data *kd) { RC4_set_key (kd->schedule->data, @@ -561,20 +573,30 @@ ARCFOUR_string_to_key(krb5_context context, krb5_keyblock *key) { krb5_error_code ret; - uint16_t *s; + uint16_t *s = NULL; size_t len, i; - MD4_CTX m; + EVP_MD_CTX *m; + + m = EVP_MD_CTX_create(); + if (m == NULL) { + ret = ENOMEM; + krb5_set_error_message(context, ret, "Malloc: out of memory"); + goto out; + } + + EVP_DigestInit_ex(m, EVP_md4(), NULL); ret = wind_utf8ucs2_length(password.data, &len); if (ret) { krb5_set_error_message (context, ret, "Password not an UCS2 string"); - return ret; + goto out; } s = malloc (len * sizeof(s[0])); if (len != 0 && s == NULL) { krb5_set_error_message (context, ENOMEM, "malloc: out of memory"); - return ENOMEM; + ret = ENOMEM; + goto out; } ret = wind_utf8ucs2(password.data, s, &len); @@ -584,13 +606,12 @@ ARCFOUR_string_to_key(krb5_context context, } /* LE encoding */ - MD4_Init (&m); for (i = 0; i < len; i++) { unsigned char p; p = (s[i] & 0xff); - MD4_Update (&m, &p, 1); + EVP_DigestUpdate (m, &p, 1); p = (s[i] >> 8) & 0xff; - MD4_Update (&m, &p, 1); + EVP_DigestUpdate (m, &p, 1); } key->keytype = enctype; @@ -599,10 +620,12 @@ ARCFOUR_string_to_key(krb5_context context, krb5_set_error_message (context, ENOMEM, "malloc: out of memory"); goto out; } - MD4_Final (key->keyvalue.data, &m); - ret = 0; + EVP_DigestFinal_ex (m, key->keyvalue.data, NULL); + out: - memset (s, 0, len); + EVP_MD_CTX_destroy(m); + if (s) + memset (s, 0, len); free (s); return ret; } @@ -657,7 +680,7 @@ AES_string_to_key(krb5_context context, iter, et->keytype->size, kd.key->keyvalue.data); if (ret != 1) { - free_key_data(context, &kd); + free_key_data(context, &kd, et); krb5_set_error_message(context, KRB5_PROG_KEYTYPE_NOSUPP, "Error calculating s2k"); return KRB5_PROG_KEYTYPE_NOSUPP; @@ -666,26 +689,30 @@ AES_string_to_key(krb5_context context, ret = derive_key(context, et, &kd, "kerberos", strlen("kerberos")); if (ret == 0) ret = krb5_copy_keyblock_contents(context, kd.key, key); - free_key_data(context, &kd); + free_key_data(context, &kd, et); return ret; } -struct krb5_aes_schedule { - AES_KEY ekey; - AES_KEY dkey; -}; - static void -AES_schedule(krb5_context context, - struct key_data *kd) +evp_schedule(krb5_context context, struct key_type *kt, struct key_data *kd) { - struct krb5_aes_schedule *key = kd->schedule->data; - int bits = kd->key->keyvalue.length * 8; + struct evp_schedule *key = kd->schedule->data; + const EVP_CIPHER *c = (*kt->evp)(); + + EVP_CIPHER_CTX_init(&key->ectx); + EVP_CIPHER_CTX_init(&key->dctx); - memset(key, 0, sizeof(*key)); - AES_set_encrypt_key(kd->key->keyvalue.data, bits, &key->ekey); - AES_set_decrypt_key(kd->key->keyvalue.data, bits, &key->dkey); + EVP_CipherInit_ex(&key->ectx, c, NULL, kd->key->keyvalue.data, NULL, 1); + EVP_CipherInit_ex(&key->dctx, c, NULL, kd->key->keyvalue.data, NULL, 0); +} + +static void +evp_cleanup(krb5_context context, struct key_data *kd) +{ + struct evp_schedule *key = kd->schedule->data; + EVP_CIPHER_CTX_cleanup(&key->ectx); + EVP_CIPHER_CTX_cleanup(&key->dctx); } /* @@ -708,6 +735,7 @@ static struct salt_type des_salt[] = { { 0 } }; +#ifdef DES3_OLD_ENCTYPE static struct salt_type des3_salt[] = { { KRB5_PW_SALT, @@ -716,6 +744,7 @@ static struct salt_type des3_salt[] = { }, { 0 } }; +#endif static struct salt_type des3_salt_derived[] = { { @@ -759,40 +788,62 @@ static struct key_type keytype_null = { NULL }; -static struct key_type keytype_des = { +#ifdef WEAK_ENCTYPES +static struct key_type keytype_des_old = { KEYTYPE_DES, - "des", + "des-old", 56, - sizeof(DES_cblock), + 8, sizeof(DES_key_schedule), krb5_DES_random_key, - krb5_DES_schedule, + krb5_DES_schedule_old, des_salt, krb5_DES_random_to_key }; +#endif /* WEAK_ENCTYPES */ +static struct key_type keytype_des = { + KEYTYPE_DES, + "des", + 56, + 8, + sizeof(struct evp_schedule), + krb5_DES_random_key, + evp_schedule, + des_salt, + krb5_DES_random_to_key, + evp_cleanup, + EVP_des_cbc +}; + +#ifdef DES3_OLD_ENCTYPE static struct key_type keytype_des3 = { KEYTYPE_DES3, "des3", 168, - 3 * sizeof(DES_cblock), - 3 * sizeof(DES_key_schedule), + 24, + sizeof(struct evp_schedule), DES3_random_key, - DES3_schedule, + evp_schedule, des3_salt, - DES3_random_to_key + DES3_random_to_key, + evp_cleanup, + EVP_des_ede3_cbc }; +#endif static struct key_type keytype_des3_derived = { KEYTYPE_DES3, "des3", 168, - 3 * sizeof(DES_cblock), - 3 * sizeof(DES_key_schedule), + 24, + sizeof(struct evp_schedule), DES3_random_key, - DES3_schedule, + evp_schedule, des3_salt_derived, - DES3_random_to_key + DES3_random_to_key, + evp_cleanup, + EVP_des_ede3_cbc }; static struct key_type keytype_aes128 = { @@ -800,10 +851,13 @@ static struct key_type keytype_aes128 = { "aes-128", 128, 16, - sizeof(struct krb5_aes_schedule), + sizeof(struct evp_schedule), + NULL, + evp_schedule, + AES_salt, NULL, - AES_schedule, - AES_salt + evp_cleanup, + EVP_hcrypto_aes_128_cts }; static struct key_type keytype_aes256 = { @@ -811,10 +865,13 @@ static struct key_type keytype_aes256 = { "aes-256", 256, 32, - sizeof(struct krb5_aes_schedule), + sizeof(struct evp_schedule), + NULL, + evp_schedule, + AES_salt, NULL, - AES_schedule, - AES_salt + evp_cleanup, + EVP_hcrypto_aes_256_cts }; static struct key_type keytype_arcfour = { @@ -832,7 +889,9 @@ static struct key_type *keytypes[] = { &keytype_null, &keytype_des, &keytype_des3_derived, +#ifdef DES3_OLD_ENCTYPE &keytype_des3, +#endif &keytype_aes128, &keytype_aes256, &keytype_arcfour @@ -1058,51 +1117,6 @@ krb5_string_to_key_salt_opaque (krb5_context context, } krb5_error_code KRB5_LIB_FUNCTION -krb5_keytype_to_string(krb5_context context, - krb5_keytype keytype, - char **string) -{ - struct key_type *kt = _find_keytype(keytype); - if(kt == NULL) { - krb5_set_error_message(context, KRB5_PROG_KEYTYPE_NOSUPP, - "key type %d not supported", keytype); - return KRB5_PROG_KEYTYPE_NOSUPP; - } - *string = strdup(kt->name); - if(*string == NULL) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); - return ENOMEM; - } - return 0; -} - -krb5_error_code KRB5_LIB_FUNCTION -krb5_string_to_keytype(krb5_context context, - const char *string, - krb5_keytype *keytype) -{ - char *end; - int i; - - for(i = 0; i < num_keytypes; i++) - if(strcasecmp(keytypes[i]->name, string) == 0){ - *keytype = keytypes[i]->type; - return 0; - } - - /* check if the enctype is a number */ - *keytype = strtol(string, &end, 0); - if(*end == '\0' && *keytype != 0) { - if (krb5_enctype_valid(context, *keytype) == 0) - return 0; - } - - krb5_set_error_message(context, KRB5_PROG_KEYTYPE_NOSUPP, - "key type %s not supported", string); - return KRB5_PROG_KEYTYPE_NOSUPP; -} - -krb5_error_code KRB5_LIB_FUNCTION krb5_enctype_keysize(krb5_context context, krb5_enctype type, size_t *keysize) @@ -1182,7 +1196,7 @@ _key_schedule(krb5_context context, key->schedule = NULL; return ret; } - (*kt->schedule)(context, key); + (*kt->schedule)(context, kt, key); return 0; } @@ -1190,7 +1204,7 @@ _key_schedule(krb5_context context, * * ************************************************************/ -static void +static krb5_error_code NONE_checksum(krb5_context context, struct key_data *key, const void *data, @@ -1198,9 +1212,10 @@ NONE_checksum(krb5_context context, unsigned usage, Checksum *C) { + return 0; } -static void +static krb5_error_code CRC32_checksum(krb5_context context, struct key_data *key, const void *data, @@ -1216,9 +1231,10 @@ CRC32_checksum(krb5_context context, r[1] = (crc >> 8) & 0xff; r[2] = (crc >> 16) & 0xff; r[3] = (crc >> 24) & 0xff; + return 0; } -static void +static krb5_error_code RSA_MD4_checksum(krb5_context context, struct key_data *key, const void *data, @@ -1226,64 +1242,74 @@ RSA_MD4_checksum(krb5_context context, unsigned usage, Checksum *C) { - MD4_CTX m; - - MD4_Init (&m); - MD4_Update (&m, data, len); - MD4_Final (C->checksum.data, &m); + if (EVP_Digest(data, len, C->checksum.data, NULL, EVP_md4(), NULL) != 1) + krb5_abortx(context, "md4 checksum failed"); + return 0; } -static void -RSA_MD4_DES_checksum(krb5_context context, - struct key_data *key, - const void *data, - size_t len, - unsigned usage, - Checksum *cksum) +static krb5_error_code +des_checksum(krb5_context context, + const EVP_MD *evp_md, + struct key_data *key, + const void *data, + size_t len, + Checksum *cksum) { - MD4_CTX md4; + struct evp_schedule *ctx = key->schedule->data; + EVP_MD_CTX *m; DES_cblock ivec; unsigned char *p = cksum->checksum.data; krb5_generate_random_block(p, 8); - MD4_Init (&md4); - MD4_Update (&md4, p, 8); - MD4_Update (&md4, data, len); - MD4_Final (p + 8, &md4); + + m = EVP_MD_CTX_create(); + if (m == NULL) { + krb5_set_error_message(context, ENOMEM, "Malloc: out of memory"); + return ENOMEM; + } + + EVP_DigestInit_ex(m, evp_md, NULL); + EVP_DigestUpdate(m, p, 8); + EVP_DigestUpdate(m, data, len); + EVP_DigestFinal_ex (m, p + 8, NULL); + EVP_MD_CTX_destroy(m); memset (&ivec, 0, sizeof(ivec)); - DES_cbc_encrypt(p, - p, - 24, - key->schedule->data, - &ivec, - DES_ENCRYPT); + EVP_CipherInit_ex(&ctx->ectx, NULL, NULL, NULL, (void *)&ivec, -1); + EVP_Cipher(&ctx->ectx, p, p, 24); + + return 0; } static krb5_error_code -RSA_MD4_DES_verify(krb5_context context, - struct key_data *key, - const void *data, - size_t len, - unsigned usage, - Checksum *C) +des_verify(krb5_context context, + const EVP_MD *evp_md, + struct key_data *key, + const void *data, + size_t len, + Checksum *C) { - MD4_CTX md4; + struct evp_schedule *ctx = key->schedule->data; + EVP_MD_CTX *m; unsigned char tmp[24]; unsigned char res[16]; DES_cblock ivec; krb5_error_code ret = 0; + m = EVP_MD_CTX_create(); + if (m == NULL) { + krb5_set_error_message(context, ENOMEM, "Malloc: out of memory"); + return ENOMEM; + } + memset(&ivec, 0, sizeof(ivec)); - DES_cbc_encrypt(C->checksum.data, - (void*)tmp, - C->checksum.length, - key->schedule->data, - &ivec, - DES_DECRYPT); - MD4_Init (&md4); - MD4_Update (&md4, tmp, 8); /* confounder */ - MD4_Update (&md4, data, len); - MD4_Final (res, &md4); + EVP_CipherInit_ex(&ctx->dctx, NULL, NULL, NULL, (void *)&ivec, -1); + EVP_Cipher(&ctx->dctx, tmp, C->checksum.data, 24); + + EVP_DigestInit_ex(m, evp_md, NULL); + EVP_DigestUpdate(m, tmp, 8); /* confounder */ + EVP_DigestUpdate(m, data, len); + EVP_DigestFinal_ex (m, res, NULL); + EVP_MD_CTX_destroy(m); if(memcmp(res, tmp + 8, sizeof(res)) != 0) { krb5_clear_error_string (context); ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; @@ -1293,7 +1319,29 @@ RSA_MD4_DES_verify(krb5_context context, return ret; } -static void +static krb5_error_code +RSA_MD4_DES_checksum(krb5_context context, + struct key_data *key, + const void *data, + size_t len, + unsigned usage, + Checksum *cksum) +{ + return des_checksum(context, EVP_md4(), key, data, len, cksum); +} + +static krb5_error_code +RSA_MD4_DES_verify(krb5_context context, + struct key_data *key, + const void *data, + size_t len, + unsigned usage, + Checksum *C) +{ + return des_verify(context, EVP_md5(), key, data, len, C); +} + +static krb5_error_code RSA_MD5_checksum(krb5_context context, struct key_data *key, const void *data, @@ -1301,14 +1349,12 @@ RSA_MD5_checksum(krb5_context context, unsigned usage, Checksum *C) { - MD5_CTX m; - - MD5_Init (&m); - MD5_Update(&m, data, len); - MD5_Final (C->checksum.data, &m); + if (EVP_Digest(data, len, C->checksum.data, NULL, EVP_md5(), NULL) != 1) + krb5_abortx(context, "md5 checksum failed"); + return 0; } -static void +static krb5_error_code RSA_MD5_DES_checksum(krb5_context context, struct key_data *key, const void *data, @@ -1316,22 +1362,7 @@ RSA_MD5_DES_checksum(krb5_context context, unsigned usage, Checksum *C) { - MD5_CTX md5; - DES_cblock ivec; - unsigned char *p = C->checksum.data; - - krb5_generate_random_block(p, 8); - MD5_Init (&md5); - MD5_Update (&md5, p, 8); - MD5_Update (&md5, data, len); - MD5_Final (p + 8, &md5); - memset (&ivec, 0, sizeof(ivec)); - DES_cbc_encrypt(p, - p, - 24, - key->schedule->data, - &ivec, - DES_ENCRYPT); + return des_checksum(context, EVP_md5(), key, data, len, C); } static krb5_error_code @@ -1342,34 +1373,10 @@ RSA_MD5_DES_verify(krb5_context context, unsigned usage, Checksum *C) { - MD5_CTX md5; - unsigned char tmp[24]; - unsigned char res[16]; - DES_cblock ivec; - DES_key_schedule *sched = key->schedule->data; - krb5_error_code ret = 0; - - memset(&ivec, 0, sizeof(ivec)); - DES_cbc_encrypt(C->checksum.data, - (void*)tmp, - C->checksum.length, - &sched[0], - &ivec, - DES_DECRYPT); - MD5_Init (&md5); - MD5_Update (&md5, tmp, 8); /* confounder */ - MD5_Update (&md5, data, len); - MD5_Final (res, &md5); - if(memcmp(res, tmp + 8, sizeof(res)) != 0) { - krb5_clear_error_string (context); - ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; - } - memset(tmp, 0, sizeof(tmp)); - memset(res, 0, sizeof(res)); - return ret; + return des_verify(context, EVP_md5(), key, data, len, C); } -static void +static krb5_error_code RSA_MD5_DES3_checksum(krb5_context context, struct key_data *key, const void *data, @@ -1377,23 +1384,7 @@ RSA_MD5_DES3_checksum(krb5_context context, unsigned usage, Checksum *C) { - MD5_CTX md5; - DES_cblock ivec; - unsigned char *p = C->checksum.data; - DES_key_schedule *sched = key->schedule->data; - - krb5_generate_random_block(p, 8); - MD5_Init (&md5); - MD5_Update (&md5, p, 8); - MD5_Update (&md5, data, len); - MD5_Final (p + 8, &md5); - memset (&ivec, 0, sizeof(ivec)); - DES_ede3_cbc_encrypt(p, - p, - 24, - &sched[0], &sched[1], &sched[2], - &ivec, - DES_ENCRYPT); + return des_checksum(context, EVP_md5(), key, data, len, C); } static krb5_error_code @@ -1404,34 +1395,10 @@ RSA_MD5_DES3_verify(krb5_context context, unsigned usage, Checksum *C) { - MD5_CTX md5; - unsigned char tmp[24]; - unsigned char res[16]; - DES_cblock ivec; - DES_key_schedule *sched = key->schedule->data; - krb5_error_code ret = 0; - - memset(&ivec, 0, sizeof(ivec)); - DES_ede3_cbc_encrypt(C->checksum.data, - (void*)tmp, - C->checksum.length, - &sched[0], &sched[1], &sched[2], - &ivec, - DES_DECRYPT); - MD5_Init (&md5); - MD5_Update (&md5, tmp, 8); /* confounder */ - MD5_Update (&md5, data, len); - MD5_Final (res, &md5); - if(memcmp(res, tmp + 8, sizeof(res)) != 0) { - krb5_clear_error_string (context); - ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; - } - memset(tmp, 0, sizeof(tmp)); - memset(res, 0, sizeof(res)); - return ret; + return des_verify(context, EVP_md5(), key, data, len, C); } -static void +static krb5_error_code SHA1_checksum(krb5_context context, struct key_data *key, const void *data, @@ -1439,11 +1406,9 @@ SHA1_checksum(krb5_context context, unsigned usage, Checksum *C) { - SHA_CTX m; - - SHA1_Init(&m); - SHA1_Update(&m, data, len); - SHA1_Final(C->checksum.data, &m); + if (EVP_Digest(data, len, C->checksum.data, NULL, EVP_sha1(), NULL) != 1) + krb5_abortx(context, "sha1 checksum failed"); + return 0; } /* HMAC according to RFC2104 */ @@ -1535,7 +1500,7 @@ krb5_hmac(krb5_context context, return ret; } -static void +static krb5_error_code SP_HMAC_SHA1_checksum(krb5_context context, struct key_data *key, const void *data, @@ -1555,13 +1520,14 @@ SP_HMAC_SHA1_checksum(krb5_context context, if (ret) krb5_abortx(context, "hmac failed"); memcpy(result->checksum.data, res.checksum.data, result->checksum.length); + return 0; } /* * checksum according to section 5. of draft-brezak-win2k-krb-rc4-hmac-03.txt */ -static void +static krb5_error_code HMAC_MD5_checksum(krb5_context context, struct key_data *key, const void *data, @@ -1569,7 +1535,7 @@ HMAC_MD5_checksum(krb5_context context, unsigned usage, Checksum *result) { - MD5_CTX md5; + EVP_MD_CTX *m; struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5); const char signature[] = "signaturekey"; Checksum ksign_c; @@ -1580,61 +1546,34 @@ HMAC_MD5_checksum(krb5_context context, unsigned char ksign_c_data[16]; krb5_error_code ret; + m = EVP_MD_CTX_create(); + if (m == NULL) { + krb5_set_error_message(context, ENOMEM, "Malloc: out of memory"); + return ENOMEM; + } ksign_c.checksum.length = sizeof(ksign_c_data); ksign_c.checksum.data = ksign_c_data; ret = hmac(context, c, signature, sizeof(signature), 0, key, &ksign_c); - if (ret) - krb5_abortx(context, "hmac failed"); + if (ret) { + EVP_MD_CTX_destroy(m); + return ret; + } ksign.key = &kb; kb.keyvalue = ksign_c.checksum; - MD5_Init (&md5); + EVP_DigestInit_ex(m, EVP_md5(), NULL); t[0] = (usage >> 0) & 0xFF; t[1] = (usage >> 8) & 0xFF; t[2] = (usage >> 16) & 0xFF; t[3] = (usage >> 24) & 0xFF; - MD5_Update (&md5, t, 4); - MD5_Update (&md5, data, len); - MD5_Final (tmp, &md5); - ret = hmac(context, c, tmp, sizeof(tmp), 0, &ksign, result); - if (ret) - krb5_abortx(context, "hmac failed"); -} - -/* - * same as previous but being used while encrypting. - */ + EVP_DigestUpdate(m, t, 4); + EVP_DigestUpdate(m, data, len); + EVP_DigestFinal_ex (m, tmp, NULL); + EVP_MD_CTX_destroy(m); -static void -HMAC_MD5_checksum_enc(krb5_context context, - struct key_data *key, - const void *data, - size_t len, - unsigned usage, - Checksum *result) -{ - struct checksum_type *c = _find_checksum (CKSUMTYPE_RSA_MD5); - Checksum ksign_c; - struct key_data ksign; - krb5_keyblock kb; - unsigned char t[4]; - unsigned char ksign_c_data[16]; - krb5_error_code ret; - - t[0] = (usage >> 0) & 0xFF; - t[1] = (usage >> 8) & 0xFF; - t[2] = (usage >> 16) & 0xFF; - t[3] = (usage >> 24) & 0xFF; - - ksign_c.checksum.length = sizeof(ksign_c_data); - ksign_c.checksum.data = ksign_c_data; - ret = hmac(context, c, t, sizeof(t), 0, key, &ksign_c); - if (ret) - krb5_abortx(context, "hmac failed"); - ksign.key = &kb; - kb.keyvalue = ksign_c.checksum; - ret = hmac(context, c, data, len, 0, &ksign, result); + ret = hmac(context, c, tmp, sizeof(tmp), 0, &ksign, result); if (ret) - krb5_abortx(context, "hmac failed"); + return ret; + return 0; } static struct checksum_type checksum_none = { @@ -1673,33 +1612,6 @@ static struct checksum_type checksum_rsa_md4_des = { RSA_MD4_DES_checksum, RSA_MD4_DES_verify }; -#if 0 -static struct checksum_type checksum_des_mac = { - CKSUMTYPE_DES_MAC, - "des-mac", - 0, - 0, - 0, - DES_MAC_checksum -}; -static struct checksum_type checksum_des_mac_k = { - CKSUMTYPE_DES_MAC_K, - "des-mac-k", - 0, - 0, - 0, - DES_MAC_K_checksum -}; -static struct checksum_type checksum_rsa_md4_des_k = { - CKSUMTYPE_RSA_MD4_DES_K, - "rsa-md4-des-k", - 0, - 0, - 0, - RSA_MD4_DES_K_checksum, - RSA_MD4_DES_K_verify -}; -#endif static struct checksum_type checksum_rsa_md5 = { CKSUMTYPE_RSA_MD5, "rsa-md5", @@ -1718,6 +1630,7 @@ static struct checksum_type checksum_rsa_md5_des = { RSA_MD5_DES_checksum, RSA_MD5_DES_verify }; +#ifdef DES3_OLD_ENCTYPE static struct checksum_type checksum_rsa_md5_des3 = { CKSUMTYPE_RSA_MD5_DES3, "rsa-md5-des3", @@ -1727,6 +1640,7 @@ static struct checksum_type checksum_rsa_md5_des3 = { RSA_MD5_DES3_checksum, RSA_MD5_DES3_verify }; +#endif static struct checksum_type checksum_sha1 = { CKSUMTYPE_SHA1, "sha1", @@ -1776,35 +1690,21 @@ static struct checksum_type checksum_hmac_md5 = { NULL }; -static struct checksum_type checksum_hmac_md5_enc = { - CKSUMTYPE_HMAC_MD5_ENC, - "hmac-md5-enc", - 64, - 16, - F_KEYED | F_CPROOF | F_PSEUDO, - HMAC_MD5_checksum_enc, - NULL -}; - static struct checksum_type *checksum_types[] = { &checksum_none, &checksum_crc32, &checksum_rsa_md4, &checksum_rsa_md4_des, -#if 0 - &checksum_des_mac, - &checksum_des_mac_k, - &checksum_rsa_md4_des_k, -#endif &checksum_rsa_md5, &checksum_rsa_md5_des, +#ifdef DES3_OLD_ENCTYPE &checksum_rsa_md5_des3, +#endif &checksum_sha1, &checksum_hmac_sha1_des3, &checksum_hmac_sha1_aes128, &checksum_hmac_sha1_aes256, - &checksum_hmac_md5, - &checksum_hmac_md5_enc + &checksum_hmac_md5 }; static int num_checksums = sizeof(checksum_types) / sizeof(checksum_types[0]); @@ -1886,8 +1786,7 @@ create_checksum (krb5_context context, ret = krb5_data_alloc(&result->checksum, ct->checksumsize); if (ret) return (ret); - (*ct->checksum)(context, dkey, data, len, usage, result); - return 0; + return (*ct->checksum)(context, dkey, data, len, usage, result); } static int @@ -1968,9 +1867,11 @@ verify_checksum(krb5_context context, ct->name); return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */ } - if(keyed_checksum) + if(keyed_checksum) { ret = get_checksum_key(context, crypto, usage, ct, &dkey); - else + if (ret) + return ret; + } else dkey = NULL; if(ct->verify) return (*ct->verify)(context, dkey, data, len, usage, cksum); @@ -1979,7 +1880,11 @@ verify_checksum(krb5_context context, if (ret) return ret; - (*ct->checksum)(context, dkey, data, len, usage, &c); + ret = (*ct->checksum)(context, dkey, data, len, usage, &c); + if (ret) { + krb5_data_free(&c.checksum); + return ret; + } if(c.checksum.length != cksum->checksum.length || memcmp(c.checksum.data, cksum->checksum.data, c.checksum.length)) { @@ -2125,7 +2030,37 @@ NULL_encrypt(krb5_context context, } static krb5_error_code -DES_CBC_encrypt_null_ivec(krb5_context context, +evp_encrypt(krb5_context context, + struct key_data *key, + void *data, + size_t len, + krb5_boolean encryptp, + int usage, + void *ivec) +{ + struct evp_schedule *ctx = key->schedule->data; + EVP_CIPHER_CTX *c; + c = encryptp ? &ctx->ectx : &ctx->dctx; + if (ivec == NULL) { + /* alloca ? */ + size_t len = EVP_CIPHER_CTX_iv_length(c); + void *loiv = malloc(len); + if (loiv == NULL) { + krb5_clear_error_string(context); + return ENOMEM; + } + memset(loiv, 0, len); + EVP_CipherInit_ex(c, NULL, NULL, NULL, loiv, -1); + free(loiv); + } else + EVP_CipherInit_ex(c, NULL, NULL, NULL, ivec, -1); + EVP_Cipher(c, data, data, len); + return 0; +} + +#ifdef WEAK_ENCTYPES +static krb5_error_code +evp_des_encrypt_null_ivec(krb5_context context, struct key_data *key, void *data, size_t len, @@ -2133,15 +2068,18 @@ DES_CBC_encrypt_null_ivec(krb5_context context, int usage, void *ignore_ivec) { + struct evp_schedule *ctx = key->schedule->data; + EVP_CIPHER_CTX *c; DES_cblock ivec; - DES_key_schedule *s = key->schedule->data; memset(&ivec, 0, sizeof(ivec)); - DES_cbc_encrypt(data, data, len, s, &ivec, encryptp); + c = encryptp ? &ctx->ectx : &ctx->dctx; + EVP_CipherInit_ex(c, NULL, NULL, NULL, (void *)&ivec, -1); + EVP_Cipher(c, data, data, len); return 0; } static krb5_error_code -DES_CBC_encrypt_key_ivec(krb5_context context, +evp_des_encrypt_key_ivec(krb5_context context, struct key_data *key, void *data, size_t len, @@ -2149,29 +2087,13 @@ DES_CBC_encrypt_key_ivec(krb5_context context, int usage, void *ignore_ivec) { + struct evp_schedule *ctx = key->schedule->data; + EVP_CIPHER_CTX *c; DES_cblock ivec; - DES_key_schedule *s = key->schedule->data; memcpy(&ivec, key->key->keyvalue.data, sizeof(ivec)); - DES_cbc_encrypt(data, data, len, s, &ivec, encryptp); - return 0; -} - -static krb5_error_code -DES3_CBC_encrypt(krb5_context context, - struct key_data *key, - void *data, - size_t len, - krb5_boolean encryptp, - int usage, - void *ivec) -{ - DES_cblock local_ivec; - DES_key_schedule *s = key->schedule->data; - if(ivec == NULL) { - ivec = &local_ivec; - memset(local_ivec, 0, sizeof(local_ivec)); - } - DES_ede3_cbc_encrypt(data, data, len, &s[0], &s[1], &s[2], ivec, encryptp); + c = encryptp ? &ctx->ectx : &ctx->dctx; + EVP_CipherInit_ex(c, NULL, NULL, NULL, (void *)&ivec, -1); + EVP_Cipher(c, data, data, len); return 0; } @@ -2209,114 +2131,7 @@ DES_PCBC_encrypt_key_ivec(krb5_context context, DES_pcbc_encrypt(data, data, len, s, &ivec, encryptp); return 0; } - -/* - * AES draft-raeburn-krb-rijndael-krb-02 - */ - -void KRB5_LIB_FUNCTION -_krb5_aes_cts_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const AES_KEY *key, - unsigned char *ivec, const int encryptp) -{ - unsigned char tmp[AES_BLOCK_SIZE]; - int i; - - /* - * In the framework of kerberos, the length can never be shorter - * then at least one blocksize. - */ - - if (encryptp) { - - while(len > AES_BLOCK_SIZE) { - for (i = 0; i < AES_BLOCK_SIZE; i++) - tmp[i] = in[i] ^ ivec[i]; - AES_encrypt(tmp, out, key); - memcpy(ivec, out, AES_BLOCK_SIZE); - len -= AES_BLOCK_SIZE; - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; - } - - for (i = 0; i < len; i++) - tmp[i] = in[i] ^ ivec[i]; - for (; i < AES_BLOCK_SIZE; i++) - tmp[i] = 0 ^ ivec[i]; - - AES_encrypt(tmp, out - AES_BLOCK_SIZE, key); - - memcpy(out, ivec, len); - memcpy(ivec, out - AES_BLOCK_SIZE, AES_BLOCK_SIZE); - - } else { - unsigned char tmp2[AES_BLOCK_SIZE]; - unsigned char tmp3[AES_BLOCK_SIZE]; - - while(len > AES_BLOCK_SIZE * 2) { - memcpy(tmp, in, AES_BLOCK_SIZE); - AES_decrypt(in, out, key); - for (i = 0; i < AES_BLOCK_SIZE; i++) - out[i] ^= ivec[i]; - memcpy(ivec, tmp, AES_BLOCK_SIZE); - len -= AES_BLOCK_SIZE; - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; - } - - len -= AES_BLOCK_SIZE; - - memcpy(tmp, in, AES_BLOCK_SIZE); /* save last iv */ - AES_decrypt(in, tmp2, key); - - memcpy(tmp3, in + AES_BLOCK_SIZE, len); - memcpy(tmp3 + len, tmp2 + len, AES_BLOCK_SIZE - len); /* xor 0 */ - - for (i = 0; i < len; i++) - out[i + AES_BLOCK_SIZE] = tmp2[i] ^ tmp3[i]; - - AES_decrypt(tmp3, out, key); - for (i = 0; i < AES_BLOCK_SIZE; i++) - out[i] ^= ivec[i]; - memcpy(ivec, tmp, AES_BLOCK_SIZE); - } -} - -static krb5_error_code -AES_CTS_encrypt(krb5_context context, - struct key_data *key, - void *data, - size_t len, - krb5_boolean encryptp, - int usage, - void *ivec) -{ - struct krb5_aes_schedule *aeskey = key->schedule->data; - char local_ivec[AES_BLOCK_SIZE]; - AES_KEY *k; - - if (encryptp) - k = &aeskey->ekey; - else - k = &aeskey->dkey; - - if (len < AES_BLOCK_SIZE) - krb5_abortx(context, "invalid use of AES_CTS_encrypt"); - if (len == AES_BLOCK_SIZE) { - if (encryptp) - AES_encrypt(data, data, k); - else - AES_decrypt(data, data, k); - } else { - if(ivec == NULL) { - memset(local_ivec, 0, sizeof(local_ivec)); - ivec = local_ivec; - } - _krb5_aes_cts_encrypt(data, data, len, k, ivec, encryptp); - } - - return 0; -} +#endif /* * section 6 of draft-brezak-win2k-krb-rc4-hmac-03 @@ -2530,7 +2345,11 @@ AES_PRF(krb5_context context, return ret; } - (*ct->checksum)(context, NULL, in->data, in->length, 0, &result); + ret = (*ct->checksum)(context, NULL, in->data, in->length, 0, &result); + if (ret) { + krb5_data_free(&result.checksum); + return ret; + } if (result.checksum.length < crypto->et->blocksize) krb5_abortx(context, "internal prf error"); @@ -2546,12 +2365,13 @@ AES_PRF(krb5_context context, krb5_abortx(context, "malloc failed"); { - AES_KEY key; - - AES_set_encrypt_key(derived->keyvalue.data, - crypto->et->keytype->bits, &key); - AES_encrypt(result.checksum.data, out->data, &key); - memset(&key, 0, sizeof(key)); + const EVP_CIPHER *c = (*crypto->et->keytype->evp)(); + EVP_CIPHER_CTX ctx; + /* XXX blksz 1 for cts, so we can't use that */ + EVP_CIPHER_CTX_init(&ctx); /* ivec all zero */ + EVP_CipherInit_ex(&ctx, c, NULL, derived->keyvalue.data, NULL, 1); + EVP_Cipher(&ctx, out->data, result.checksum.data, 16); + EVP_CIPHER_CTX_cleanup(&ctx); } krb5_data_free(&result.checksum); @@ -2578,48 +2398,6 @@ static struct encryption_type enctype_null = { 0, NULL }; -static struct encryption_type enctype_des_cbc_crc = { - ETYPE_DES_CBC_CRC, - "des-cbc-crc", - 8, - 8, - 8, - &keytype_des, - &checksum_crc32, - NULL, - 0, - DES_CBC_encrypt_key_ivec, - 0, - NULL -}; -static struct encryption_type enctype_des_cbc_md4 = { - ETYPE_DES_CBC_MD4, - "des-cbc-md4", - 8, - 8, - 8, - &keytype_des, - &checksum_rsa_md4, - &checksum_rsa_md4_des, - 0, - DES_CBC_encrypt_null_ivec, - 0, - NULL -}; -static struct encryption_type enctype_des_cbc_md5 = { - ETYPE_DES_CBC_MD5, - "des-cbc-md5", - 8, - 8, - 8, - &keytype_des, - &checksum_rsa_md5, - &checksum_rsa_md5_des, - 0, - DES_CBC_encrypt_null_ivec, - 0, - NULL -}; static struct encryption_type enctype_arcfour_hmac_md5 = { ETYPE_ARCFOUR_HMAC_MD5, "arcfour-hmac-md5", @@ -2634,6 +2412,7 @@ static struct encryption_type enctype_arcfour_hmac_md5 = { 0, NULL }; +#ifdef DES3_OLD_ENCTYPE static struct encryption_type enctype_des3_cbc_md5 = { ETYPE_DES3_CBC_MD5, "des3-cbc-md5", @@ -2644,10 +2423,11 @@ static struct encryption_type enctype_des3_cbc_md5 = { &checksum_rsa_md5, &checksum_rsa_md5_des3, 0, - DES3_CBC_encrypt, + evp_encrypt, 0, NULL }; +#endif static struct encryption_type enctype_des3_cbc_sha1 = { ETYPE_DES3_CBC_SHA1, "des3-cbc-sha1", @@ -2658,10 +2438,11 @@ static struct encryption_type enctype_des3_cbc_sha1 = { &checksum_sha1, &checksum_hmac_sha1_des3, F_DERIVED, - DES3_CBC_encrypt, + evp_encrypt, 0, NULL }; +#ifdef DES3_OLD_ENCTYPE static struct encryption_type enctype_old_des3_cbc_sha1 = { ETYPE_OLD_DES3_CBC_SHA1, "old-des3-cbc-sha1", @@ -2672,10 +2453,11 @@ static struct encryption_type enctype_old_des3_cbc_sha1 = { &checksum_sha1, &checksum_hmac_sha1_des3, 0, - DES3_CBC_encrypt, + evp_encrypt, 0, NULL }; +#endif static struct encryption_type enctype_aes128_cts_hmac_sha1 = { ETYPE_AES128_CTS_HMAC_SHA1_96, "aes128-cts-hmac-sha1-96", @@ -2686,7 +2468,7 @@ static struct encryption_type enctype_aes128_cts_hmac_sha1 = { &checksum_sha1, &checksum_hmac_sha1_aes128, F_DERIVED, - AES_CTS_encrypt, + evp_encrypt, 16, AES_PRF }; @@ -2700,10 +2482,67 @@ static struct encryption_type enctype_aes256_cts_hmac_sha1 = { &checksum_sha1, &checksum_hmac_sha1_aes256, F_DERIVED, - AES_CTS_encrypt, + evp_encrypt, 16, AES_PRF }; +static struct encryption_type enctype_des3_cbc_none = { + ETYPE_DES3_CBC_NONE, + "des3-cbc-none", + 8, + 8, + 0, + &keytype_des3_derived, + &checksum_none, + NULL, + F_PSEUDO, + evp_encrypt, + 0, + NULL +}; +#ifdef WEAK_ENCTYPES +static struct encryption_type enctype_des_cbc_crc = { + ETYPE_DES_CBC_CRC, + "des-cbc-crc", + 8, + 8, + 8, + &keytype_des, + &checksum_crc32, + NULL, + F_DISABLED, + evp_des_encrypt_key_ivec, + 0, + NULL +}; +static struct encryption_type enctype_des_cbc_md4 = { + ETYPE_DES_CBC_MD4, + "des-cbc-md4", + 8, + 8, + 8, + &keytype_des, + &checksum_rsa_md4, + &checksum_rsa_md4_des, + F_DISABLED, + evp_des_encrypt_null_ivec, + 0, + NULL +}; +static struct encryption_type enctype_des_cbc_md5 = { + ETYPE_DES_CBC_MD5, + "des-cbc-md5", + 8, + 8, + 8, + &keytype_des, + &checksum_rsa_md5, + &checksum_rsa_md5_des, + F_DISABLED, + evp_des_encrypt_null_ivec, + 0, + NULL +}; static struct encryption_type enctype_des_cbc_none = { ETYPE_DES_CBC_NONE, "des-cbc-none", @@ -2713,8 +2552,8 @@ static struct encryption_type enctype_des_cbc_none = { &keytype_des, &checksum_none, NULL, - F_PSEUDO, - DES_CBC_encrypt_null_ivec, + F_PSEUDO|F_DISABLED, + evp_des_encrypt_null_ivec, 0, NULL }; @@ -2724,10 +2563,10 @@ static struct encryption_type enctype_des_cfb64_none = { 1, 1, 0, - &keytype_des, + &keytype_des_old, &checksum_none, NULL, - F_PSEUDO, + F_PSEUDO|F_DISABLED, DES_CFB64_encrypt_null_ivec, 0, NULL @@ -2738,44 +2577,35 @@ static struct encryption_type enctype_des_pcbc_none = { 8, 8, 0, - &keytype_des, + &keytype_des_old, &checksum_none, NULL, - F_PSEUDO, + F_PSEUDO|F_DISABLED, DES_PCBC_encrypt_key_ivec, 0, NULL }; -static struct encryption_type enctype_des3_cbc_none = { - ETYPE_DES3_CBC_NONE, - "des3-cbc-none", - 8, - 8, - 0, - &keytype_des3_derived, - &checksum_none, - NULL, - F_PSEUDO, - DES3_CBC_encrypt, - 0, - NULL -}; +#endif /* WEAK_ENCTYPES */ static struct encryption_type *etypes[] = { - &enctype_null, - &enctype_des_cbc_crc, - &enctype_des_cbc_md4, - &enctype_des_cbc_md5, + &enctype_aes256_cts_hmac_sha1, + &enctype_aes128_cts_hmac_sha1, + &enctype_des3_cbc_sha1, + &enctype_des3_cbc_none, /* used by the gss-api mech */ &enctype_arcfour_hmac_md5, +#ifdef DES3_OLD_ENCTYPE &enctype_des3_cbc_md5, - &enctype_des3_cbc_sha1, &enctype_old_des3_cbc_sha1, - &enctype_aes128_cts_hmac_sha1, - &enctype_aes256_cts_hmac_sha1, +#endif +#ifdef WEAK_ENCTYPES + &enctype_des_cbc_crc, + &enctype_des_cbc_md4, + &enctype_des_cbc_md5, &enctype_des_cbc_none, &enctype_des_cfb64_none, &enctype_des_pcbc_none, - &enctype_des3_cbc_none +#endif + &enctype_null }; static unsigned num_etypes = sizeof(etypes) / sizeof(etypes[0]); @@ -2878,37 +2708,6 @@ krb5_keytype_to_enctypes (krb5_context context, return 0; } -/* - * First take the configured list of etypes for `keytype' if available, - * else, do `krb5_keytype_to_enctypes'. - */ - -krb5_error_code KRB5_LIB_FUNCTION -krb5_keytype_to_enctypes_default (krb5_context context, - krb5_keytype keytype, - unsigned *len, - krb5_enctype **val) -{ - unsigned int i, n; - krb5_enctype *ret; - - if (keytype != KEYTYPE_DES || context->etypes_des == NULL) - return krb5_keytype_to_enctypes (context, keytype, len, val); - - for (n = 0; context->etypes_des[n]; ++n) - ; - ret = malloc (n * sizeof(*ret)); - if (ret == NULL && n != 0) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); - return ENOMEM; - } - for (i = 0; i < n; ++i) - ret[i] = context->etypes_des[i]; - *len = n; - *val = ret; - return 0; -} - krb5_error_code KRB5_LIB_FUNCTION krb5_enctype_valid(krb5_context context, krb5_enctype etype) @@ -3032,9 +2831,6 @@ encrypt_internal_derived(krb5_context context, ret = _key_schedule(context, dkey); if(ret) goto fail; -#ifdef CRYPTO_DEBUG - krb5_crypto_debug(context, 1, block_sz, dkey->key); -#endif ret = (*et->encrypt)(context, dkey, p, block_sz, 1, usage, ivec); if (ret) goto fail; @@ -3098,9 +2894,6 @@ encrypt_internal(krb5_context context, ret = _key_schedule(context, &crypto->key); if(ret) goto fail; -#ifdef CRYPTO_DEBUG - krb5_crypto_debug(context, 1, block_sz, crypto->key.key); -#endif ret = (*et->encrypt)(context, &crypto->key, p, block_sz, 1, 0, ivec); if (ret) { memset(p, 0, block_sz); @@ -3202,9 +2995,6 @@ decrypt_internal_derived(krb5_context context, free(p); return ret; } -#ifdef CRYPTO_DEBUG - krb5_crypto_debug(context, 0, len, dkey->key); -#endif ret = (*et->encrypt)(context, dkey, p, len, 0, usage, ivec); if (ret) { free(p); @@ -3269,9 +3059,6 @@ decrypt_internal(krb5_context context, free(p); return ret; } -#ifdef CRYPTO_DEBUG - krb5_crypto_debug(context, 0, len, crypto->key.key); -#endif ret = (*et->encrypt)(context, &crypto->key, p, len, 0, 0, ivec); if (ret) { free(p); @@ -3346,6 +3133,386 @@ decrypt_internal_special(krb5_context context, return 0; } +/** + * Inline encrypt a kerberos message + * + * @param context Kerberos context + * @param crypto Kerberos crypto context + * @param usage Key usage for this buffer + * @param data array of buffers to process + * @param num_data length of array + * @param ivec initial cbc/cts vector + * + * @return Return an error code or 0. + * @ingroup krb5_crypto + * + * Kerberos encrypted data look like this: + * + * 1. KRB5_CRYPTO_TYPE_HEADER + * 2. array KRB5_CRYPTO_TYPE_DATA and KRB5_CRYPTO_TYPE_SIGN_ONLY in + * any order, however the receiver have to aware of the + * order. KRB5_CRYPTO_TYPE_SIGN_ONLY is commonly used headers and + * trailers. + * 3. KRB5_CRYPTO_TYPE_TRAILER + */ + +static krb5_crypto_iov * +find_iv(krb5_crypto_iov *data, int num_data, int type) +{ + int i; + for (i = 0; i < num_data; i++) + if (data[i].flags == type) + return &data[i]; + return NULL; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_encrypt_iov_ivec(krb5_context context, + krb5_crypto crypto, + unsigned usage, + krb5_crypto_iov *data, + size_t num_data, + void *ivec) +{ + size_t headersz, trailersz, len; + size_t i, sz, block_sz, pad_sz; + Checksum cksum; + unsigned char *p, *q; + krb5_error_code ret; + struct key_data *dkey; + const struct encryption_type *et = crypto->et; + krb5_crypto_iov *tiv, *piv, *hiv; + + if(!derived_crypto(context, crypto)) { + krb5_clear_error_string(context); + return KRB5_CRYPTO_INTERNAL; + } + + headersz = et->confoundersize; + trailersz = CHECKSUMSIZE(et->keyed_checksum); + + for (len = 0, i = 0; i < num_data; i++) { + if (data[i].flags != KRB5_CRYPTO_TYPE_HEADER && + data[i].flags == KRB5_CRYPTO_TYPE_DATA) { + len += data[i].data.length; + } + } + + sz = headersz + len; + block_sz = (sz + et->padsize - 1) &~ (et->padsize - 1); /* pad */ + + pad_sz = block_sz - sz; + trailersz += pad_sz; + + /* header */ + + hiv = find_iv(data, num_data, KRB5_CRYPTO_TYPE_HEADER); + if (hiv == NULL || hiv->data.length != headersz) + return KRB5_BAD_MSIZE; + + krb5_generate_random_block(hiv->data.data, hiv->data.length); + + /* padding */ + + piv = find_iv(data, num_data, KRB5_CRYPTO_TYPE_PADDING); + /* its ok to have no TYPE_PADDING if there is no padding */ + if (piv == NULL && pad_sz != 0) + return KRB5_BAD_MSIZE; + if (piv) { + if (piv->data.length < pad_sz) + return KRB5_BAD_MSIZE; + piv->data.length = pad_sz; + } + + + /* trailer */ + + tiv = find_iv(data, num_data, KRB5_CRYPTO_TYPE_TRAILER); + if (tiv == NULL || tiv->data.length != trailersz) + return KRB5_BAD_MSIZE; + + + /* + * XXX replace with EVP_Sign? at least make create_checksum an iov + * function. + * XXX CTS EVP is broken, can't handle multi buffers :( + */ + + len = hiv->data.length; + for (i = 0; i < num_data; i++) { + if (data[i].flags != KRB5_CRYPTO_TYPE_DATA && + data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY) + continue; + len += data[i].data.length; + } + + p = q = malloc(len); + + memcpy(q, hiv->data.data, hiv->data.length); + q += hiv->data.length; + for (i = 0; i < num_data; i++) { + if (data[i].flags != KRB5_CRYPTO_TYPE_DATA && + data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY) + continue; + memcpy(q, data[i].data.data, data[i].data.length); + q += data[i].data.length; + } + + ret = create_checksum(context, + et->keyed_checksum, + crypto, + INTEGRITY_USAGE(usage), + p, + len, + &cksum); + free(p); + if(ret == 0 && cksum.checksum.length != trailersz) { + free_Checksum (&cksum); + krb5_clear_error_string (context); + ret = KRB5_CRYPTO_INTERNAL; + } + if(ret) + return ret; + + /* save cksum at end */ + memcpy(tiv->data.data, cksum.checksum.data, cksum.checksum.length); + free_Checksum (&cksum); + + /* now encrypt data */ + + ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey); + if(ret) + return ret; + ret = _key_schedule(context, dkey); + if(ret) + return ret; + + /* XXX replace with EVP_Cipher */ + + len = hiv->data.length; + for (i = 0; i < num_data; i++) { + if (data[i].flags != KRB5_CRYPTO_TYPE_DATA && + data[i].flags != KRB5_CRYPTO_TYPE_PADDING) + continue; + len += data[i].data.length; + } + + p = q = malloc(len); + if(p == NULL) + return ENOMEM; + + memcpy(q, hiv->data.data, hiv->data.length); + q += hiv->data.length; + for (i = 0; i < num_data; i++) { + if (data[i].flags != KRB5_CRYPTO_TYPE_DATA && + data[i].flags != KRB5_CRYPTO_TYPE_PADDING) + continue; + memcpy(q, data[i].data.data, data[i].data.length); + q += data[i].data.length; + } + + ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey); + if(ret) { + free(p); + return ret; + } + ret = _key_schedule(context, dkey); + if(ret) { + free(p); + return ret; + } + + ret = (*et->encrypt)(context, dkey, p, len, 1, usage, ivec); + if (ret) { + free(p); + return ret; + } + + /* now copy data back to buffers */ + q = p; + memcpy(hiv->data.data, q, hiv->data.length); + q += hiv->data.length; + + for (i = 0; i < num_data; i++) { + if (data[i].flags != KRB5_CRYPTO_TYPE_DATA && + data[i].flags != KRB5_CRYPTO_TYPE_PADDING) + continue; + memcpy(data[i].data.data, q, data[i].data.length); + q += data[i].data.length; + } + free(p); + + return ret; +} + +krb5_error_code KRB5_LIB_FUNCTION +krb5_decrypt_iov_ivec(krb5_context context, + krb5_crypto crypto, + unsigned usage, + krb5_crypto_iov *data, + size_t num_data, + void *ivec) +{ + size_t headersz, trailersz, len; + size_t i, sz, block_sz, pad_sz; + Checksum cksum; + unsigned char *p, *q; + krb5_error_code ret; + struct key_data *dkey; + struct encryption_type *et = crypto->et; + krb5_crypto_iov *tiv, *hiv; + + if(!derived_crypto(context, crypto)) { + krb5_clear_error_string(context); + return KRB5_CRYPTO_INTERNAL; + } + + headersz = et->confoundersize; + trailersz = CHECKSUMSIZE(et->keyed_checksum); + + for (len = 0, i = 0; i < num_data; i++) + if (data[i].flags == KRB5_CRYPTO_TYPE_DATA) + len += data[i].data.length; + + sz = headersz + len; + block_sz = (sz + et->padsize - 1) &~ (et->padsize - 1); /* pad */ + + pad_sz = block_sz - sz; + trailersz += pad_sz; + + /* header */ + + hiv = find_iv(data, num_data, KRB5_CRYPTO_TYPE_HEADER); + if (hiv == NULL || hiv->data.length < headersz) + return KRB5_BAD_MSIZE; + hiv->data.length = headersz; + + /* trailer */ + + tiv = find_iv(data, num_data, KRB5_CRYPTO_TYPE_TRAILER); + if (tiv == NULL || tiv->data.length < trailersz) + return KRB5_BAD_MSIZE; + tiv->data.length = trailersz; + + /* body */ + + /* XXX replace with EVP_Cipher */ + + for (len = 0, i = 0; i < num_data; i++) { + if (data[i].flags != KRB5_CRYPTO_TYPE_HEADER && + data[i].flags != KRB5_CRYPTO_TYPE_DATA) + continue; + len += data[i].data.length; + } + + p = q = malloc(len); + if (p == NULL) + return ENOMEM; + + memcpy(q, hiv->data.data, hiv->data.length); + q += hiv->data.length; + for (i = 0; i < num_data; i++) { + if (data[i].flags != KRB5_CRYPTO_TYPE_DATA) + continue; + memcpy(q, data[i].data.data, data[i].data.length); + q += data[i].data.length; + } + + ret = _get_derived_key(context, crypto, ENCRYPTION_USAGE(usage), &dkey); + if(ret) { + free(p); + return ret; + } + ret = _key_schedule(context, dkey); + if(ret) { + free(p); + return ret; + } + + ret = (*et->encrypt)(context, dkey, p, len, 0, usage, ivec); + if (ret) { + free(p); + return ret; + } + + /* XXX now copy data back to buffers */ + q = p; + memcpy(hiv->data.data, q, hiv->data.length); + q += hiv->data.length; + len -= hiv->data.length; + + for (i = 0; i < num_data; i++) { + if (data[i].flags != KRB5_CRYPTO_TYPE_DATA) + continue; + if (len < data[i].data.length) + data[i].data.length = len; + memcpy(data[i].data.data, q, data[i].data.length); + q += data[i].data.length; + len -= data[i].data.length; + } + free(p); + if (len) + krb5_abortx(context, "data still in the buffer"); + + len = hiv->data.length; + for (i = 0; i < num_data; i++) { + if (data[i].flags != KRB5_CRYPTO_TYPE_DATA && + data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY) + continue; + len += data[i].data.length; + } + + p = q = malloc(len); + + memcpy(q, hiv->data.data, hiv->data.length); + q += hiv->data.length; + for (i = 0; i < num_data; i++) { + if (data[i].flags != KRB5_CRYPTO_TYPE_DATA && + data[i].flags != KRB5_CRYPTO_TYPE_SIGN_ONLY) + continue; + memcpy(q, data[i].data.data, data[i].data.length); + q += data[i].data.length; + } + + cksum.checksum.data = tiv->data.data; + cksum.checksum.length = tiv->data.length; + cksum.cksumtype = CHECKSUMTYPE(et->keyed_checksum); + + ret = verify_checksum(context, + crypto, + INTEGRITY_USAGE(usage), + p, + len, + &cksum); + free(p); + if(ret) + return ret; + + return 0; +} + + +size_t KRB5_LIB_FUNCTION +krb5_crypto_length(krb5_context context, + krb5_crypto crypto, + int type) +{ + if (!derived_crypto(context, crypto)) + return (size_t)-1; + switch(type) { + case KRB5_CRYPTO_TYPE_EMPTY: + return 0; + case KRB5_CRYPTO_TYPE_HEADER: + return crypto->et->blocksize; + case KRB5_CRYPTO_TYPE_PADDING: + if (crypto->et->padsize > 1) + return crypto->et->padsize; + return 0; + case KRB5_CRYPTO_TYPE_TRAILER: + return CHECKSUMSIZE(crypto->et->keyed_checksum); + } + return (size_t)-1; +} krb5_error_code KRB5_LIB_FUNCTION krb5_encrypt_ivec(krb5_context context, @@ -3452,7 +3619,7 @@ seed_something(void) so use 0 for the entropy estimate */ if (RAND_file_name(seedfile, sizeof(seedfile))) { int fd; - fd = open(seedfile, O_RDONLY); + fd = open(seedfile, O_RDONLY | O_BINARY | O_CLOEXEC); if (fd >= 0) { ssize_t ret; rk_cloexec(fd); @@ -3652,7 +3819,7 @@ krb5_derive_key(krb5_context context, ret = derive_key(context, et, &d, constant, constant_len); if (ret == 0) ret = krb5_copy_keyblock(context, d.key, derived_key); - free_key_data(context, &d); + free_key_data(context, &d, et); return ret; } @@ -3727,19 +3894,23 @@ krb5_crypto_init(krb5_context context, } static void -free_key_data(krb5_context context, struct key_data *key) +free_key_data(krb5_context context, struct key_data *key, + struct encryption_type *et) { krb5_free_keyblock(context, key->key); if(key->schedule) { + if (et->keytype->cleanup) + (*et->keytype->cleanup)(context, key); memset(key->schedule->data, 0, key->schedule->length); krb5_free_data(context, key->schedule); } } static void -free_key_usage(krb5_context context, struct key_usage *ku) +free_key_usage(krb5_context context, struct key_usage *ku, + struct encryption_type *et) { - free_key_data(context, &ku->key); + free_key_data(context, &ku->key, et); } krb5_error_code KRB5_LIB_FUNCTION @@ -3749,9 +3920,9 @@ krb5_crypto_destroy(krb5_context context, int i; for(i = 0; i < crypto->num_key_usage; i++) - free_key_usage(context, &crypto->key_usage[i]); + free_key_usage(context, &crypto->key_usage[i], crypto->et); free(crypto->key_usage); - free_key_data(context, &crypto->key); + free_key_data(context, &crypto->key, crypto->et); free (crypto); return 0; } @@ -3792,6 +3963,18 @@ krb5_crypto_getconfoundersize(krb5_context context, return 0; } + +/** + * Disable encryption type + * + * @param context Kerberos 5 context + * @param enctype encryption type to disable + * + * @return Return an error code or 0. + * + * @ingroup krb5_crypto + */ + krb5_error_code KRB5_LIB_FUNCTION krb5_enctype_disable(krb5_context context, krb5_enctype enctype) @@ -3808,6 +3991,34 @@ krb5_enctype_disable(krb5_context context, return 0; } +/** + * Enable encryption type + * + * @param context Kerberos 5 context + * @param enctype encryption type to enable + * + * @return Return an error code or 0. + * + * @ingroup krb5_crypto + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_enctype_enable(krb5_context context, + krb5_enctype enctype) +{ + struct encryption_type *et = _find_enctype(enctype); + if(et == NULL) { + if (context) + krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP, + "encryption type %d not supported", + enctype); + return KRB5_PROG_ETYPE_NOSUPP; + } + et->flags &= ~F_DISABLED; + return 0; +} + + krb5_error_code KRB5_LIB_FUNCTION krb5_string_to_key_derived(krb5_context context, const void *str, @@ -3862,8 +4073,12 @@ krb5_string_to_key_derived(krb5_context context, &kd, "kerberos", /* XXX well known constant */ strlen("kerberos")); + if (ret) { + free_key_data(context, &kd, et); + return ret; + } ret = krb5_copy_keyblock_contents(context, kd.key, key); - free_key_data(context, &kd); + free_key_data(context, &kd, et); return ret; } @@ -4265,108 +4480,86 @@ krb5_crypto_prf(krb5_context context, return (*et->prf)(context, crypto, input, output); } - +#ifndef HEIMDAL_SMALLER +/* + * First take the configured list of etypes for `keytype' if available, + * else, do `krb5_keytype_to_enctypes'. + */ -#ifdef CRYPTO_DEBUG - -static krb5_error_code -krb5_get_keyid(krb5_context context, - krb5_keyblock *key, - uint32_t *keyid) +krb5_error_code KRB5_LIB_FUNCTION +krb5_keytype_to_enctypes_default (krb5_context context, + krb5_keytype keytype, + unsigned *len, + krb5_enctype **val) + __attribute__((deprecated)) { - MD5_CTX md5; - unsigned char tmp[16]; + unsigned int i, n; + krb5_enctype *ret; - MD5_Init (&md5); - MD5_Update (&md5, key->keyvalue.data, key->keyvalue.length); - MD5_Final (tmp, &md5); - *keyid = (tmp[12] << 24) | (tmp[13] << 16) | (tmp[14] << 8) | tmp[15]; + if (keytype != KEYTYPE_DES || context->etypes_des == NULL) + return krb5_keytype_to_enctypes (context, keytype, len, val); + + for (n = 0; context->etypes_des[n]; ++n) + ; + ret = malloc (n * sizeof(*ret)); + if (ret == NULL && n != 0) { + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + return ENOMEM; + } + for (i = 0; i < n; ++i) + ret[i] = context->etypes_des[i]; + *len = n; + *val = ret; return 0; } -static void -krb5_crypto_debug(krb5_context context, - int encryptp, - size_t len, - krb5_keyblock *key) +krb5_error_code KRB5_LIB_FUNCTION +krb5_keytype_to_string(krb5_context context, + krb5_keytype keytype, + char **string) + __attribute__((deprecated)) { - uint32_t keyid; - char *kt; - krb5_get_keyid(context, key, &keyid); - krb5_enctype_to_string(context, key->keytype, &kt); - krb5_warnx(context, "%s %lu bytes with key-id %#x (%s)", - encryptp ? "encrypting" : "decrypting", - (unsigned long)len, - keyid, - kt); - free(kt); + struct key_type *kt = _find_keytype(keytype); + if(kt == NULL) { + krb5_set_error_message(context, KRB5_PROG_KEYTYPE_NOSUPP, + "key type %d not supported", keytype); + return KRB5_PROG_KEYTYPE_NOSUPP; + } + *string = strdup(kt->name); + if(*string == NULL) { + krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); + return ENOMEM; + } + return 0; } -#endif /* CRYPTO_DEBUG */ -#if 0 -int -main() +krb5_error_code KRB5_LIB_FUNCTION +krb5_string_to_keytype(krb5_context context, + const char *string, + krb5_keytype *keytype) + __attribute__((deprecated)) { -#if 0 - int i; - krb5_context context; - krb5_crypto crypto; - struct key_data *d; - krb5_keyblock key; - char constant[4]; - unsigned usage = ENCRYPTION_USAGE(3); - krb5_error_code ret; - - ret = krb5_init_context(&context); - if (ret) - errx (1, "krb5_init_context failed: %d", ret); - - key.keytype = ETYPE_NEW_DES3_CBC_SHA1; - key.keyvalue.data = "\xb3\x85\x58\x94\xd9\xdc\x7c\xc8" - "\x25\xe9\x85\xab\x3e\xb5\xfb\x0e" - "\xc8\xdf\xab\x26\x86\x64\x15\x25"; - key.keyvalue.length = 24; - - krb5_crypto_init(context, &key, 0, &crypto); - - d = _new_derived_key(crypto, usage); - if(d == NULL) - krb5_errx(context, 1, "_new_derived_key failed"); - krb5_copy_keyblock(context, crypto->key.key, &d->key); - _krb5_put_int(constant, usage, 4); - derive_key(context, crypto->et, d, constant, sizeof(constant)); - return 0; -#else + char *end; int i; - krb5_context context; - krb5_crypto crypto; - struct key_data *d; - krb5_keyblock key; - krb5_error_code ret; - Checksum res; - - char *data = "what do ya want for nothing?"; - ret = krb5_init_context(&context); - if (ret) - errx (1, "krb5_init_context failed: %d", ret); - - key.keytype = ETYPE_NEW_DES3_CBC_SHA1; - key.keyvalue.data = "Jefe"; - /* "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" - "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; */ - key.keyvalue.length = 4; + for(i = 0; i < num_keytypes; i++) + if(strcasecmp(keytypes[i]->name, string) == 0){ + *keytype = keytypes[i]->type; + return 0; + } - d = ecalloc(1, sizeof(*d)); - d->key = &key; - res.checksum.length = 20; - res.checksum.data = emalloc(res.checksum.length); - SP_HMAC_SHA1_checksum(context, d, data, 28, &res); + /* check if the enctype is a number */ + *keytype = strtol(string, &end, 0); + if(*end == '\0' && *keytype != 0) { + if (krb5_enctype_valid(context, *keytype) == 0) + return 0; + } - return 0; -#endif + krb5_set_error_message(context, KRB5_PROG_KEYTYPE_NOSUPP, + "key type %s not supported", string); + return KRB5_PROG_KEYTYPE_NOSUPP; } #endif diff --git a/source4/heimdal/lib/krb5/data.c b/source4/heimdal/lib/krb5/data.c index 2b78bfb32b..0286316214 100644 --- a/source4/heimdal/lib/krb5/data.c +++ b/source4/heimdal/lib/krb5/data.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: data.c 23280 2008-06-23 03:26:18Z lha $"); +RCSID("$Id$"); /** * Reset the (potentially uninitalized) krb5_data structure. diff --git a/source4/heimdal/lib/krb5/eai_to_heim_errno.c b/source4/heimdal/lib/krb5/eai_to_heim_errno.c index 19315cea86..c06e8fb9bb 100644 --- a/source4/heimdal/lib/krb5/eai_to_heim_errno.c +++ b/source4/heimdal/lib/krb5/eai_to_heim_errno.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: eai_to_heim_errno.c 22065 2007-11-11 16:41:06Z lha $"); +RCSID("$Id$"); /** * Convert the getaddrinfo() error code to a Kerberos et error code. diff --git a/source4/heimdal/lib/krb5/error_string.c b/source4/heimdal/lib/krb5/error_string.c index 6679b76749..17bc30572b 100644 --- a/source4/heimdal/lib/krb5/error_string.c +++ b/source4/heimdal/lib/krb5/error_string.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: error_string.c 23274 2008-06-23 03:25:08Z lha $"); +RCSID("$Id$"); #undef __attribute__ #define __attribute__(X) @@ -199,7 +199,7 @@ krb5_free_error_message(krb5_context context, const char *msg) * @param context Kerberos context * @param msg error message to free * - * @ingroup krb5_error + * @ingroup krb5_deprecated */ void KRB5_LIB_FUNCTION __attribute__((deprecated)) @@ -208,6 +208,16 @@ krb5_free_error_string(krb5_context context, char *str) krb5_free_error_message(context, str); } +/** + * Set the error message returned by krb5_get_error_string(), + * deprecated, use krb5_set_error_message(). + * + * @param context Kerberos context + * @param msg error message to free + * + * @ingroup krb5_deprecated + */ + krb5_error_code KRB5_LIB_FUNCTION krb5_set_error_string(krb5_context context, const char *fmt, ...) __attribute__((format (printf, 2, 3))) __attribute__((deprecated)) @@ -220,6 +230,16 @@ krb5_set_error_string(krb5_context context, const char *fmt, ...) return 0; } +/** + * Set the error message returned by krb5_get_error_string(), + * deprecated, use krb5_set_error_message(). + * + * @param context Kerberos context + * @param msg error message to free + * + * @ingroup krb5_deprecated + */ + krb5_error_code KRB5_LIB_FUNCTION krb5_vset_error_string(krb5_context context, const char *fmt, va_list args) __attribute__ ((format (printf, 2, 0))) __attribute__((deprecated)) diff --git a/source4/heimdal/lib/krb5/expand_hostname.c b/source4/heimdal/lib/krb5/expand_hostname.c index d06d576432..4ada4b8110 100644 --- a/source4/heimdal/lib/krb5/expand_hostname.c +++ b/source4/heimdal/lib/krb5/expand_hostname.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: expand_hostname.c 23280 2008-06-23 03:26:18Z lha $"); +RCSID("$Id$"); static krb5_error_code copy_hostname(krb5_context context, diff --git a/source4/heimdal/lib/krb5/fcache.c b/source4/heimdal/lib/krb5/fcache.c index 8951bdb24e..fc11893452 100644 --- a/source4/heimdal/lib/krb5/fcache.c +++ b/source4/heimdal/lib/krb5/fcache.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: fcache.c 23444 2008-07-27 12:07:47Z lha $"); +RCSID("$Id$"); typedef struct krb5_fcache{ char *filename; @@ -395,7 +395,7 @@ fcc_initialize(krb5_context context, unlink (filename); - ret = fcc_open(context, id, &fd, O_RDWR | O_CREAT | O_EXCL | O_BINARY, 0600); + ret = fcc_open(context, id, &fd, O_RDWR | O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC, 0600); if(ret) return ret; { @@ -462,7 +462,7 @@ fcc_store_cred(krb5_context context, int ret; int fd; - ret = fcc_open(context, id, &fd, O_WRONLY | O_APPEND | O_BINARY, 0); + ret = fcc_open(context, id, &fd, O_WRONLY | O_APPEND | O_BINARY | O_CLOEXEC, 0); if(ret) return ret; { @@ -503,7 +503,7 @@ init_fcc (krb5_context context, krb5_storage *sp; krb5_error_code ret; - ret = fcc_open(context, id, &fd, O_RDONLY | O_BINARY, 0); + ret = fcc_open(context, id, &fd, O_RDONLY | O_BINARY | O_CLOEXEC, 0); if(ret) return ret; @@ -851,14 +851,14 @@ fcc_move(krb5_context context, krb5_ccache from, krb5_ccache to) int fd1, fd2; char buf[BUFSIZ]; - ret = fcc_open(context, from, &fd1, O_RDONLY | O_BINARY, 0); + ret = fcc_open(context, from, &fd1, O_RDONLY | O_BINARY | O_CLOEXEC, 0); if(ret) return ret; unlink(FILENAME(to)); ret = fcc_open(context, to, &fd2, - O_WRONLY | O_CREAT | O_EXCL | O_BINARY, 0600); + O_WRONLY | O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC, 0600); if(ret) goto out1; diff --git a/source4/heimdal/lib/krb5/free.c b/source4/heimdal/lib/krb5/free.c index 1b0bd05412..d0eac84ca1 100644 --- a/source4/heimdal/lib/krb5/free.c +++ b/source4/heimdal/lib/krb5/free.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: free.c 15175 2005-05-18 10:06:16Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION krb5_free_kdc_rep(krb5_context context, krb5_kdc_rep *rep) diff --git a/source4/heimdal/lib/krb5/free_host_realm.c b/source4/heimdal/lib/krb5/free_host_realm.c index 6b13ce7d0e..a9287de5fd 100644 --- a/source4/heimdal/lib/krb5/free_host_realm.c +++ b/source4/heimdal/lib/krb5/free_host_realm.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: free_host_realm.c 13863 2004-05-25 21:46:46Z lha $"); +RCSID("$Id$"); /* * Free all memory allocated by `realmlist' diff --git a/source4/heimdal/lib/krb5/generate_seq_number.c b/source4/heimdal/lib/krb5/generate_seq_number.c index 8a04f048c8..472fff7fd5 100644 --- a/source4/heimdal/lib/krb5/generate_seq_number.c +++ b/source4/heimdal/lib/krb5/generate_seq_number.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: generate_seq_number.c 17442 2006-05-05 09:31:15Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION krb5_generate_seq_number(krb5_context context, diff --git a/source4/heimdal/lib/krb5/generate_subkey.c b/source4/heimdal/lib/krb5/generate_subkey.c index fb7efbcd29..aa68d14df6 100644 --- a/source4/heimdal/lib/krb5/generate_subkey.c +++ b/source4/heimdal/lib/krb5/generate_subkey.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: generate_subkey.c 23280 2008-06-23 03:26:18Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION krb5_generate_subkey(krb5_context context, diff --git a/source4/heimdal/lib/krb5/get_cred.c b/source4/heimdal/lib/krb5/get_cred.c index 268550b229..c19a5e4abc 100644 --- a/source4/heimdal/lib/krb5/get_cred.c +++ b/source4/heimdal/lib/krb5/get_cred.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: get_cred.c 23280 2008-06-23 03:26:18Z lha $"); +RCSID("$Id$"); /* * Take the `body' and encode it into `padata' using the credentials diff --git a/source4/heimdal/lib/krb5/get_default_principal.c b/source4/heimdal/lib/krb5/get_default_principal.c index 5a7a7829fc..6a56218ed7 100644 --- a/source4/heimdal/lib/krb5/get_default_principal.c +++ b/source4/heimdal/lib/krb5/get_default_principal.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: get_default_principal.c 23280 2008-06-23 03:26:18Z lha $"); +RCSID("$Id$"); /* * Try to find out what's a reasonable default principal. diff --git a/source4/heimdal/lib/krb5/get_default_realm.c b/source4/heimdal/lib/krb5/get_default_realm.c index 1c996031e8..8e8c1ef974 100644 --- a/source4/heimdal/lib/krb5/get_default_realm.c +++ b/source4/heimdal/lib/krb5/get_default_realm.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: get_default_realm.c 23280 2008-06-23 03:26:18Z lha $"); +RCSID("$Id$"); /* * Return a NULL-terminated list of default realms in `realms'. diff --git a/source4/heimdal/lib/krb5/get_for_creds.c b/source4/heimdal/lib/krb5/get_for_creds.c index a8aac950ec..f005460e3f 100644 --- a/source4/heimdal/lib/krb5/get_for_creds.c +++ b/source4/heimdal/lib/krb5/get_for_creds.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: get_for_creds.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); static krb5_error_code add_addrs(krb5_context context, diff --git a/source4/heimdal/lib/krb5/get_host_realm.c b/source4/heimdal/lib/krb5/get_host_realm.c index f4c875b347..e226598101 100644 --- a/source4/heimdal/lib/krb5/get_host_realm.c +++ b/source4/heimdal/lib/krb5/get_host_realm.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include <resolve.h> -RCSID("$Id: get_host_realm.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); /* To automagically find the correct realm of a host (without * [domain_realm] in krb5.conf) add a text record for your domain with diff --git a/source4/heimdal/lib/krb5/get_in_tkt.c b/source4/heimdal/lib/krb5/get_in_tkt.c index 8bdc8c0eb2..c835a9a29e 100644 --- a/source4/heimdal/lib/krb5/get_in_tkt.c +++ b/source4/heimdal/lib/krb5/get_in_tkt.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: get_in_tkt.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION krb5_init_etype (krb5_context context, @@ -383,8 +383,7 @@ _krb5_extract_ticket(krb5_context context, * based on the DNS Name. */ flags |= EXTRACT_TICKET_ALLOW_SERVER_MISMATCH; - flags |=EXTRACT_TICKET_ALLOW_CNAME_MISMATCH ; - + flags |= EXTRACT_TICKET_ALLOW_CNAME_MISMATCH; /* compare client and save */ ret = _krb5_principalname2krb5_principal (context, diff --git a/source4/heimdal/lib/krb5/get_in_tkt_with_keytab.c b/source4/heimdal/lib/krb5/get_in_tkt_with_keytab.c index 52f95c4bc4..78a1c340ac 100644 --- a/source4/heimdal/lib/krb5/get_in_tkt_with_keytab.c +++ b/source4/heimdal/lib/krb5/get_in_tkt_with_keytab.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: get_in_tkt_with_keytab.c 15477 2005-06-17 04:56:44Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION krb5_keytab_key_proc (krb5_context context, diff --git a/source4/heimdal/lib/krb5/get_port.c b/source4/heimdal/lib/krb5/get_port.c index 85587ea766..895c21a433 100644 --- a/source4/heimdal/lib/krb5/get_port.c +++ b/source4/heimdal/lib/krb5/get_port.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: get_port.c 13863 2004-05-25 21:46:46Z lha $"); +RCSID("$Id$"); int KRB5_LIB_FUNCTION krb5_getportbyname (krb5_context context, diff --git a/source4/heimdal/lib/krb5/heim_err.et b/source4/heimdal/lib/krb5/heim_err.et index 1b8ab49bc1..547a14e04c 100644 --- a/source4/heimdal/lib/krb5/heim_err.et +++ b/source4/heimdal/lib/krb5/heim_err.et @@ -3,7 +3,7 @@ # # This might look like a com_err file, but is not # -id "$Id: heim_err.et 13352 2004-02-13 16:23:40Z lha $" +id "$Id$" error_table heim diff --git a/source4/heimdal/lib/krb5/heim_threads.h b/source4/heimdal/lib/krb5/heim_threads.h index 3c27d13d81..c550499499 100755..100644 --- a/source4/heimdal/lib/krb5/heim_threads.h +++ b/source4/heimdal/lib/krb5/heim_threads.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: heim_threads.h 14409 2004-12-18 16:03:38Z lha $ */ +/* $Id$ */ /* * Provide wrapper macros for thread synchronization primitives so we diff --git a/source4/heimdal/lib/krb5/init_creds.c b/source4/heimdal/lib/krb5/init_creds.c index 74c9ff78e5..b2b3b6550d 100644 --- a/source4/heimdal/lib/krb5/init_creds.c +++ b/source4/heimdal/lib/krb5/init_creds.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: init_creds.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); void KRB5_LIB_FUNCTION krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt) diff --git a/source4/heimdal/lib/krb5/init_creds_pw.c b/source4/heimdal/lib/krb5/init_creds_pw.c index e3098b0a92..f56d069b37 100644 --- a/source4/heimdal/lib/krb5/init_creds_pw.c +++ b/source4/heimdal/lib/krb5/init_creds_pw.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: init_creds_pw.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); typedef struct krb5_get_init_creds_ctx { KDCOptions flags; diff --git a/source4/heimdal/lib/krb5/k524_err.et b/source4/heimdal/lib/krb5/k524_err.et index 0ca25f74d4..4827b397af 100644 --- a/source4/heimdal/lib/krb5/k524_err.et +++ b/source4/heimdal/lib/krb5/k524_err.et @@ -3,7 +3,7 @@ # # This might look like a com_err file, but is not # -id "$Id: k524_err.et 10141 2001-06-20 02:45:58Z joda $" +id "$Id$" error_table k524 diff --git a/source4/heimdal/lib/krb5/kcm.c b/source4/heimdal/lib/krb5/kcm.c index 0c91fbb3a0..d5f38c5aaf 100644 --- a/source4/heimdal/lib/krb5/kcm.c +++ b/source4/heimdal/lib/krb5/kcm.c @@ -43,7 +43,7 @@ #include "kcm.h" -RCSID("$Id: kcm.c 23446 2008-07-27 12:08:37Z lha $"); +RCSID("$Id$"); typedef struct krb5_kcmcache { char *name; @@ -105,7 +105,7 @@ try_unix_socket(krb5_context context, krb5_error_code ret; int fd; - fd = socket(AF_UNIX, SOCK_STREAM, 0); + fd = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0); if (fd < 0) return KRB5_CC_IO; rk_cloexec(fd); diff --git a/source4/heimdal/lib/krb5/keyblock.c b/source4/heimdal/lib/krb5/keyblock.c index fa19e1e726..38a856624e 100644 --- a/source4/heimdal/lib/krb5/keyblock.c +++ b/source4/heimdal/lib/krb5/keyblock.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keyblock.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); void KRB5_LIB_FUNCTION krb5_keyblock_zero(krb5_keyblock *keyblock) diff --git a/source4/heimdal/lib/krb5/keytab.c b/source4/heimdal/lib/krb5/keytab.c index 09e130d850..f3e6b9e8f4 100644 --- a/source4/heimdal/lib/krb5/keytab.c +++ b/source4/heimdal/lib/krb5/keytab.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); /* * Register a new keytab in `ops' @@ -341,6 +341,7 @@ krb5_kt_get_entry(krb5_context context, if (ret) { /* This is needed for krb5_verify_init_creds, but keep error * string from previous error for the human. */ + context->error_code = KRB5_KT_NOTFOUND; return KRB5_KT_NOTFOUND; } diff --git a/source4/heimdal/lib/krb5/keytab_any.c b/source4/heimdal/lib/krb5/keytab_any.c index 9e93191045..a4b15394a5 100644 --- a/source4/heimdal/lib/krb5/keytab_any.c +++ b/source4/heimdal/lib/krb5/keytab_any.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_any.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); struct any_data { krb5_keytab kt; diff --git a/source4/heimdal/lib/krb5/keytab_file.c b/source4/heimdal/lib/krb5/keytab_file.c index e830ab3412..17f2d57742 100644 --- a/source4/heimdal/lib/krb5/keytab_file.c +++ b/source4/heimdal/lib/krb5/keytab_file.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_file.c 23469 2008-07-27 12:17:12Z lha $"); +RCSID("$Id$"); #define KRB5_KT_VNO_1 1 #define KRB5_KT_VNO_2 2 @@ -385,7 +385,7 @@ fkt_start_seq_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *c) { - return fkt_start_seq_get_int(context, id, O_RDONLY | O_BINARY, 0, c); + return fkt_start_seq_get_int(context, id, O_RDONLY | O_BINARY | O_CLOEXEC, 0, c); } static krb5_error_code @@ -488,9 +488,9 @@ fkt_add_entry(krb5_context context, krb5_data keytab; int32_t len; - fd = open (d->filename, O_RDWR | O_BINARY); + fd = open (d->filename, O_RDWR | O_BINARY | O_CLOEXEC); if (fd < 0) { - fd = open (d->filename, O_RDWR | O_CREAT | O_EXCL | O_BINARY, 0600); + fd = open (d->filename, O_RDWR | O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC, 0600); if (fd < 0) { ret = errno; krb5_set_error_message(context, ret, "open(%s): %s", d->filename, @@ -632,7 +632,7 @@ fkt_remove_entry(krb5_context context, int found = 0; krb5_error_code ret; - ret = fkt_start_seq_get_int(context, id, O_RDWR | O_BINARY, 1, &cursor); + ret = fkt_start_seq_get_int(context, id, O_RDWR | O_BINARY | O_CLOEXEC, 1, &cursor); if(ret != 0) goto out; /* return other error here? */ while(fkt_next_entry_int(context, id, &e, &cursor, diff --git a/source4/heimdal/lib/krb5/keytab_keyfile.c b/source4/heimdal/lib/krb5/keytab_keyfile.c index 7e14cbd329..3339a96319 100644 --- a/source4/heimdal/lib/krb5/keytab_keyfile.c +++ b/source4/heimdal/lib/krb5/keytab_keyfile.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_keyfile.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); /* afs keyfile operations --------------------------------------- */ @@ -194,7 +194,7 @@ akf_start_seq_get(krb5_context context, int32_t ret; struct akf_data *d = id->data; - c->fd = open (d->filename, O_RDONLY|O_BINARY, 0600); + c->fd = open (d->filename, O_RDONLY | O_BINARY | O_CLOEXEC, 0600); if (c->fd < 0) { ret = errno; krb5_set_error_message(context, ret, "keytab afs keyfil open %s failed: %s", @@ -301,10 +301,10 @@ akf_add_entry(krb5_context context, return 0; } - fd = open (d->filename, O_RDWR | O_BINARY); + fd = open (d->filename, O_RDWR | O_BINARY | O_CLOEXEC); if (fd < 0) { fd = open (d->filename, - O_RDWR | O_BINARY | O_CREAT | O_EXCL, 0600); + O_RDWR | O_BINARY | O_CREAT | O_EXCL | O_CLOEXEC, 0600); if (fd < 0) { ret = errno; krb5_set_error_message(context, ret, "open(%s): %s", d->filename, diff --git a/source4/heimdal/lib/krb5/keytab_krb4.c b/source4/heimdal/lib/krb5/keytab_krb4.c deleted file mode 100644 index 32bb00141a..0000000000 --- a/source4/heimdal/lib/krb5/keytab_krb4.c +++ /dev/null @@ -1,458 +0,0 @@ -/* - * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "krb5_locl.h" - -RCSID("$Id: keytab_krb4.c 22532 2008-01-27 11:59:18Z lha $"); - -struct krb4_kt_data { - char *filename; -}; - -static krb5_error_code -krb4_kt_resolve(krb5_context context, const char *name, krb5_keytab id) -{ - struct krb4_kt_data *d; - - d = malloc (sizeof(*d)); - if (d == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - d->filename = strdup (name); - if (d->filename == NULL) { - free(d); - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - id->data = d; - return 0; -} - -static krb5_error_code -krb4_kt_get_name (krb5_context context, - krb5_keytab id, - char *name, - size_t name_sz) -{ - struct krb4_kt_data *d = id->data; - - strlcpy (name, d->filename, name_sz); - return 0; -} - -static krb5_error_code -krb4_kt_close (krb5_context context, - krb5_keytab id) -{ - struct krb4_kt_data *d = id->data; - - free (d->filename); - free (d); - return 0; -} - -struct krb4_cursor_extra_data { - krb5_keytab_entry entry; - int num; -}; - -static int -open_flock(const char *filename, int flags, int mode) -{ - int lock_mode; - int tries = 0; - int fd = open(filename, flags, mode); - if(fd < 0) - return fd; - if((flags & O_ACCMODE) == O_RDONLY) - lock_mode = LOCK_SH | LOCK_NB; - else - lock_mode = LOCK_EX | LOCK_NB; - while(flock(fd, lock_mode) < 0) { - if(++tries < 5) { - sleep(1); - } else { - close(fd); - return -1; - } - } - return fd; -} - - - -static krb5_error_code -krb4_kt_start_seq_get_int (krb5_context context, - krb5_keytab id, - int flags, - krb5_kt_cursor *c) -{ - struct krb4_kt_data *d = id->data; - struct krb4_cursor_extra_data *ed; - int ret; - - ed = malloc (sizeof(*ed)); - if (ed == NULL) { - krb5_set_error_string (context, "malloc: out of memory"); - return ENOMEM; - } - ed->entry.principal = NULL; - ed->num = -1; - c->data = ed; - c->fd = open_flock (d->filename, flags, 0); - if (c->fd < 0) { - ret = errno; - free (ed); - krb5_set_error_string(context, "keytab krb5 open %s failed: %s", - d->filename, strerror(ret)); - return ret; - } - c->sp = krb5_storage_from_fd(c->fd); - if(c->sp == NULL) { - close(c->fd); - free(ed); - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - krb5_storage_set_eof_code(c->sp, KRB5_KT_END); - return 0; -} - -static krb5_error_code -krb4_kt_start_seq_get (krb5_context context, - krb5_keytab id, - krb5_kt_cursor *c) -{ - return krb4_kt_start_seq_get_int (context, id, O_BINARY | O_RDONLY, c); -} - -static krb5_error_code -read_v4_entry (krb5_context context, - struct krb4_kt_data *d, - krb5_kt_cursor *c, - struct krb4_cursor_extra_data *ed) -{ - unsigned char des_key[8]; - krb5_error_code ret; - char *service, *instance, *realm; - int8_t kvno; - - ret = krb5_ret_stringz(c->sp, &service); - if (ret) - return ret; - ret = krb5_ret_stringz(c->sp, &instance); - if (ret) { - free (service); - return ret; - } - ret = krb5_ret_stringz(c->sp, &realm); - if (ret) { - free (service); - free (instance); - return ret; - } - ret = krb5_425_conv_principal (context, service, instance, realm, - &ed->entry.principal); - free (service); - free (instance); - free (realm); - if (ret) - return ret; - ret = krb5_ret_int8(c->sp, &kvno); - if (ret) { - krb5_free_principal (context, ed->entry.principal); - return ret; - } - ret = krb5_storage_read(c->sp, des_key, sizeof(des_key)); - if (ret < 0) { - krb5_free_principal(context, ed->entry.principal); - return ret; - } - if (ret < 8) { - krb5_free_principal(context, ed->entry.principal); - return EINVAL; - } - ed->entry.vno = kvno; - ret = krb5_data_copy (&ed->entry.keyblock.keyvalue, - des_key, sizeof(des_key)); - if (ret) - return ret; - ed->entry.timestamp = time(NULL); - ed->num = 0; - return 0; -} - -static krb5_error_code -krb4_kt_next_entry (krb5_context context, - krb5_keytab id, - krb5_keytab_entry *entry, - krb5_kt_cursor *c) -{ - krb5_error_code ret; - struct krb4_kt_data *d = id->data; - struct krb4_cursor_extra_data *ed = c->data; - const krb5_enctype keytypes[] = {ETYPE_DES_CBC_MD5, - ETYPE_DES_CBC_MD4, - ETYPE_DES_CBC_CRC}; - - if (ed->num == -1) { - ret = read_v4_entry (context, d, c, ed); - if (ret) - return ret; - } - ret = krb5_kt_copy_entry_contents (context, - &ed->entry, - entry); - if (ret) - return ret; - entry->keyblock.keytype = keytypes[ed->num]; - if (++ed->num == 3) { - krb5_kt_free_entry (context, &ed->entry); - ed->num = -1; - } - return 0; -} - -static krb5_error_code -krb4_kt_end_seq_get (krb5_context context, - krb5_keytab id, - krb5_kt_cursor *c) -{ - struct krb4_cursor_extra_data *ed = c->data; - - krb5_storage_free (c->sp); - if (ed->num != -1) - krb5_kt_free_entry (context, &ed->entry); - free (c->data); - close (c->fd); - return 0; -} - -static krb5_error_code -krb4_store_keytab_entry(krb5_context context, - krb5_keytab_entry *entry, - krb5_storage *sp) -{ - krb5_error_code ret; -#define ANAME_SZ 40 -#define INST_SZ 40 -#define REALM_SZ 40 - char service[ANAME_SZ]; - char instance[INST_SZ]; - char realm[REALM_SZ]; - ret = krb5_524_conv_principal (context, entry->principal, - service, instance, realm); - if (ret) - return ret; - if (entry->keyblock.keyvalue.length == 8 - && entry->keyblock.keytype == ETYPE_DES_CBC_MD5) { - ret = krb5_store_stringz(sp, service); - ret = krb5_store_stringz(sp, instance); - ret = krb5_store_stringz(sp, realm); - ret = krb5_store_int8(sp, entry->vno); - ret = krb5_storage_write(sp, entry->keyblock.keyvalue.data, 8); - } - return 0; -} - -static krb5_error_code -krb4_kt_add_entry (krb5_context context, - krb5_keytab id, - krb5_keytab_entry *entry) -{ - struct krb4_kt_data *d = id->data; - krb5_storage *sp; - krb5_error_code ret; - int fd; - - fd = open_flock (d->filename, O_WRONLY | O_APPEND | O_BINARY, 0); - if (fd < 0) { - fd = open_flock (d->filename, - O_WRONLY | O_APPEND | O_BINARY | O_CREAT, 0600); - if (fd < 0) { - ret = errno; - krb5_set_error_string(context, "open(%s): %s", d->filename, - strerror(ret)); - return ret; - } - } - sp = krb5_storage_from_fd(fd); - if(sp == NULL) { - close(fd); - return ENOMEM; - } - krb5_storage_set_eof_code(sp, KRB5_KT_END); - ret = krb4_store_keytab_entry(context, entry, sp); - krb5_storage_free(sp); - if(close (fd) < 0) - return errno; - return ret; -} - -static krb5_error_code -krb4_kt_remove_entry(krb5_context context, - krb5_keytab id, - krb5_keytab_entry *entry) -{ - struct krb4_kt_data *d = id->data; - krb5_error_code ret; - krb5_keytab_entry e; - krb5_kt_cursor cursor; - krb5_storage *sp; - int remove_flag = 0; - - sp = krb5_storage_emem(); - if (sp == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - return ENOMEM; - } - ret = krb5_kt_start_seq_get(context, id, &cursor); - if (ret) { - krb5_storage_free(sp); - return ret; - } - while(krb5_kt_next_entry(context, id, &e, &cursor) == 0) { - if(!krb5_kt_compare(context, &e, entry->principal, - entry->vno, entry->keyblock.keytype)) { - ret = krb4_store_keytab_entry(context, &e, sp); - if(ret) { - krb5_kt_free_entry(context, &e); - krb5_storage_free(sp); - return ret; - } - } else - remove_flag = 1; - krb5_kt_free_entry(context, &e); - } - krb5_kt_end_seq_get(context, id, &cursor); - if(remove_flag) { - int fd; - unsigned char buf[1024]; - ssize_t n; - krb5_data data; - struct stat st; - - krb5_storage_to_data(sp, &data); - krb5_storage_free(sp); - - fd = open_flock (d->filename, O_RDWR | O_BINARY, 0); - if(fd < 0) { - memset(data.data, 0, data.length); - krb5_data_free(&data); - if(errno == EACCES || errno == EROFS) { - krb5_set_error_string(context, "failed to open %s for writing", - d->filename); - return KRB5_KT_NOWRITE; - } - return errno; - } - - if(write(fd, data.data, data.length) != data.length) { - memset(data.data, 0, data.length); - krb5_data_free(&data); - close(fd); - krb5_set_error_string(context, "failed writing to file %s", - d->filename); - return errno; - } - memset(data.data, 0, data.length); - if(fstat(fd, &st) < 0) { - krb5_data_free(&data); - close(fd); - krb5_set_error_string(context, "failed getting size of file %s", - d->filename); - return errno; - } - st.st_size -= data.length; - memset(buf, 0, sizeof(buf)); - while(st.st_size > 0) { - n = min(st.st_size, sizeof(buf)); - n = write(fd, buf, n); - if(n <= 0) { - krb5_data_free(&data); - close(fd); - krb5_set_error_string(context, "failed writing to file %s", - d->filename); - return errno; - - } - st.st_size -= n; - } - if(ftruncate(fd, data.length) < 0) { - krb5_data_free(&data); - close(fd); - krb5_set_error_string(context, "failed truncating file %s", - d->filename); - return errno; - } - krb5_data_free(&data); - if(close(fd) < 0) { - krb5_set_error_string(context, "error closing %s", - d->filename); - return errno; - } - return 0; - } else { - krb5_storage_free(sp); - krb5_set_error_string(context, "Keytab entry not found"); - return KRB5_KT_NOTFOUND; - } -} - - -const krb5_kt_ops krb4_fkt_ops = { - "krb4", - krb4_kt_resolve, - krb4_kt_get_name, - krb4_kt_close, - NULL, /* get */ - krb4_kt_start_seq_get, - krb4_kt_next_entry, - krb4_kt_end_seq_get, - krb4_kt_add_entry, /* add_entry */ - krb4_kt_remove_entry /* remove_entry */ -}; - -const krb5_kt_ops krb5_srvtab_fkt_ops = { - "SRVTAB", - krb4_kt_resolve, - krb4_kt_get_name, - krb4_kt_close, - NULL, /* get */ - krb4_kt_start_seq_get, - krb4_kt_next_entry, - krb4_kt_end_seq_get, - krb4_kt_add_entry, /* add_entry */ - krb4_kt_remove_entry /* remove_entry */ -}; diff --git a/source4/heimdal/lib/krb5/keytab_memory.c b/source4/heimdal/lib/krb5/keytab_memory.c index eabee7c693..5f648d9bce 100644 --- a/source4/heimdal/lib/krb5/keytab_memory.c +++ b/source4/heimdal/lib/krb5/keytab_memory.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: keytab_memory.c 23293 2008-06-23 03:28:22Z lha $"); +RCSID("$Id$"); /* memory operations -------------------------------------------- */ diff --git a/source4/heimdal/lib/krb5/krb5-private.h b/source4/heimdal/lib/krb5/krb5-private.h deleted file mode 100644 index 867d08e3e5..0000000000 --- a/source4/heimdal/lib/krb5/krb5-private.h +++ /dev/null @@ -1,455 +0,0 @@ -/* This is a generated file */ -#ifndef __krb5_private_h__ -#define __krb5_private_h__ - -#include <stdarg.h> - -void KRB5_LIB_FUNCTION -_krb5_aes_cts_encrypt ( - const unsigned char */*in*/, - unsigned char */*out*/, - size_t /*len*/, - const AES_KEY */*key*/, - unsigned char */*ivec*/, - const int /*encryptp*/); - -krb5_error_code -_krb5_cc_allocate ( - krb5_context /*context*/, - const krb5_cc_ops */*ops*/, - krb5_ccache */*id*/); - -void -_krb5_crc_init_table (void); - -uint32_t -_krb5_crc_update ( - const char */*p*/, - size_t /*len*/, - uint32_t /*res*/); - -krb5_error_code -_krb5_dh_group_ok ( - krb5_context /*context*/, - unsigned long /*bits*/, - heim_integer */*p*/, - heim_integer */*g*/, - heim_integer */*q*/, - struct krb5_dh_moduli **/*moduli*/, - char **/*name*/); - -krb5_error_code -_krb5_expand_default_cc_name ( - krb5_context /*context*/, - const char */*str*/, - char **/*res*/); - -int -_krb5_extract_ticket ( - krb5_context /*context*/, - krb5_kdc_rep */*rep*/, - krb5_creds */*creds*/, - krb5_keyblock */*key*/, - krb5_const_pointer /*keyseed*/, - krb5_key_usage /*key_usage*/, - krb5_addresses */*addrs*/, - unsigned /*nonce*/, - unsigned /*flags*/, - krb5_decrypt_proc /*decrypt_proc*/, - krb5_const_pointer /*decryptarg*/); - -void -_krb5_free_krbhst_info (krb5_krbhst_info */*hi*/); - -void -_krb5_free_moduli (struct krb5_dh_moduli **/*moduli*/); - -krb5_error_code -_krb5_get_default_principal_local ( - krb5_context /*context*/, - krb5_principal */*princ*/); - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_get_host_realm_int ( - krb5_context /*context*/, - const char */*host*/, - krb5_boolean /*use_dns*/, - krb5_realm **/*realms*/); - -krb5_error_code -_krb5_get_init_creds_opt_copy ( - krb5_context /*context*/, - const krb5_get_init_creds_opt */*in*/, - krb5_get_init_creds_opt **/*out*/); - -void KRB5_LIB_FUNCTION -_krb5_get_init_creds_opt_free_krb5_error (krb5_get_init_creds_opt */*opt*/); - -void KRB5_LIB_FUNCTION -_krb5_get_init_creds_opt_free_pkinit (krb5_get_init_creds_opt */*opt*/); - -void KRB5_LIB_FUNCTION -_krb5_get_init_creds_opt_set_krb5_error ( - krb5_context /*context*/, - krb5_get_init_creds_opt */*opt*/, - const KRB_ERROR */*error*/); - -krb5_ssize_t KRB5_LIB_FUNCTION -_krb5_get_int ( - void */*buffer*/, - unsigned long */*value*/, - size_t /*size*/); - -krb5_error_code -_krb5_get_krbtgt ( - krb5_context /*context*/, - krb5_ccache /*id*/, - krb5_realm /*realm*/, - krb5_creds **/*cred*/); - -krb5_error_code -_krb5_kcm_chmod ( - krb5_context /*context*/, - krb5_ccache /*id*/, - uint16_t /*mode*/); - -krb5_error_code -_krb5_kcm_chown ( - krb5_context /*context*/, - krb5_ccache /*id*/, - uint32_t /*uid*/, - uint32_t /*gid*/); - -krb5_error_code -_krb5_kcm_get_initial_ticket ( - krb5_context /*context*/, - krb5_ccache /*id*/, - krb5_principal /*server*/, - krb5_keyblock */*key*/); - -krb5_error_code -_krb5_kcm_get_ticket ( - krb5_context /*context*/, - krb5_ccache /*id*/, - krb5_kdc_flags /*flags*/, - krb5_enctype /*enctype*/, - krb5_principal /*server*/); - -krb5_boolean -_krb5_kcm_is_running (krb5_context /*context*/); - -krb5_error_code -_krb5_kcm_noop ( - krb5_context /*context*/, - krb5_ccache /*id*/); - -krb5_error_code -_krb5_kdc_retry ( - krb5_context /*context*/, - krb5_sendto_ctx /*ctx*/, - void */*data*/, - const krb5_data */*reply*/, - int */*action*/); - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_krb_cr_err_reply ( - krb5_context /*context*/, - const char */*name*/, - const char */*inst*/, - const char */*realm*/, - uint32_t /*time_ws*/, - uint32_t /*e*/, - const char */*e_string*/, - krb5_data */*data*/); - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_krb_create_auth_reply ( - krb5_context /*context*/, - const char */*pname*/, - const char */*pinst*/, - const char */*prealm*/, - int32_t /*time_ws*/, - int /*n*/, - uint32_t /*x_date*/, - unsigned char /*kvno*/, - const krb5_data */*cipher*/, - krb5_data */*data*/); - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_krb_create_ciph ( - krb5_context /*context*/, - const krb5_keyblock */*session*/, - const char */*service*/, - const char */*instance*/, - const char */*realm*/, - uint32_t /*life*/, - unsigned char /*kvno*/, - const krb5_data */*ticket*/, - uint32_t /*kdc_time*/, - const krb5_keyblock */*key*/, - krb5_data */*enc_data*/); - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_krb_create_ticket ( - krb5_context /*context*/, - unsigned char /*flags*/, - const char */*pname*/, - const char */*pinstance*/, - const char */*prealm*/, - int32_t /*paddress*/, - const krb5_keyblock */*session*/, - int16_t /*life*/, - int32_t /*life_sec*/, - const char */*sname*/, - const char */*sinstance*/, - const krb5_keyblock */*key*/, - krb5_data */*enc_data*/); - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_krb_decomp_ticket ( - krb5_context /*context*/, - const krb5_data */*enc_ticket*/, - const krb5_keyblock */*key*/, - const char */*local_realm*/, - char **/*sname*/, - char **/*sinstance*/, - struct _krb5_krb_auth_data */*ad*/); - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_krb_dest_tkt ( - krb5_context /*context*/, - const char */*tkfile*/); - -void KRB5_LIB_FUNCTION -_krb5_krb_free_auth_data ( - krb5_context /*context*/, - struct _krb5_krb_auth_data */*ad*/); - -time_t KRB5_LIB_FUNCTION -_krb5_krb_life_to_time ( - int /*start*/, - int /*life_*/); - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_krb_rd_req ( - krb5_context /*context*/, - krb5_data */*authent*/, - const char */*service*/, - const char */*instance*/, - const char */*local_realm*/, - int32_t /*from_addr*/, - const krb5_keyblock */*key*/, - struct _krb5_krb_auth_data */*ad*/); - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_krb_tf_setup ( - krb5_context /*context*/, - struct credentials */*v4creds*/, - const char */*tkfile*/, - int /*append*/); - -int KRB5_LIB_FUNCTION -_krb5_krb_time_to_life ( - time_t /*start*/, - time_t /*end*/); - -krb5_error_code -_krb5_krbhost_info_move ( - krb5_context /*context*/, - krb5_krbhst_info */*from*/, - krb5_krbhst_info **/*to*/); - -krb5_error_code -_krb5_mk_req_internal ( - krb5_context /*context*/, - krb5_auth_context */*auth_context*/, - const krb5_flags /*ap_req_options*/, - krb5_data */*in_data*/, - krb5_creds */*in_creds*/, - krb5_data */*outbuf*/, - krb5_key_usage /*checksum_usage*/, - krb5_key_usage /*encrypt_usage*/); - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_n_fold ( - const void */*str*/, - size_t /*len*/, - void */*key*/, - size_t /*size*/); - -krb5_error_code -_krb5_pac_sign ( - krb5_context /*context*/, - krb5_pac /*p*/, - time_t /*authtime*/, - krb5_principal /*principal*/, - const krb5_keyblock */*server_key*/, - const krb5_keyblock */*priv_key*/, - krb5_data */*data*/); - -krb5_error_code -_krb5_parse_moduli ( - krb5_context /*context*/, - const char */*file*/, - struct krb5_dh_moduli ***/*moduli*/); - -krb5_error_code -_krb5_parse_moduli_line ( - krb5_context /*context*/, - const char */*file*/, - int /*lineno*/, - char */*p*/, - struct krb5_dh_moduli **/*m*/); - -void KRB5_LIB_FUNCTION -_krb5_pk_allow_proxy_certificate ( - struct krb5_pk_identity */*id*/, - int /*boolean*/); - -void KRB5_LIB_FUNCTION -_krb5_pk_cert_free (struct krb5_pk_cert */*cert*/); - -krb5_error_code -_krb5_pk_kdf ( - krb5_context /*context*/, - const struct AlgorithmIdentifier */*ai*/, - const void */*dhdata*/, - size_t /*dhsize*/, - krb5_const_principal /*client*/, - krb5_const_principal /*server*/, - krb5_enctype /*enctype*/, - const krb5_data */*as_req*/, - const krb5_data */*pk_as_rep*/, - const Ticket */*ticket*/, - krb5_keyblock */*key*/); - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_pk_load_id ( - krb5_context /*context*/, - struct krb5_pk_identity **/*ret_id*/, - const char */*user_id*/, - const char */*anchor_id*/, - char * const */*chain_list*/, - char * const */*revoke_list*/, - krb5_prompter_fct /*prompter*/, - void */*prompter_data*/, - char */*password*/); - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_pk_mk_ContentInfo ( - krb5_context /*context*/, - const krb5_data */*buf*/, - const heim_oid */*oid*/, - struct ContentInfo */*content_info*/); - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_pk_mk_padata ( - krb5_context /*context*/, - void */*c*/, - const KDC_REQ_BODY */*req_body*/, - unsigned /*nonce*/, - METHOD_DATA */*md*/); - -krb5_error_code -_krb5_pk_octetstring2key ( - krb5_context /*context*/, - krb5_enctype /*type*/, - const void */*dhdata*/, - size_t /*dhsize*/, - const heim_octet_string */*c_n*/, - const heim_octet_string */*k_n*/, - krb5_keyblock */*key*/); - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_pk_rd_pa_reply ( - krb5_context /*context*/, - const char */*realm*/, - void */*c*/, - krb5_enctype /*etype*/, - const krb5_krbhst_info */*hi*/, - unsigned /*nonce*/, - const krb5_data */*req_buffer*/, - PA_DATA */*pa*/, - krb5_keyblock **/*key*/); - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_pk_verify_sign ( - krb5_context /*context*/, - const void */*data*/, - size_t /*length*/, - struct krb5_pk_identity */*id*/, - heim_oid */*contentType*/, - krb5_data */*content*/, - struct krb5_pk_cert **/*signer*/); - -krb5_error_code -_krb5_plugin_find ( - krb5_context /*context*/, - enum krb5_plugin_type /*type*/, - const char */*name*/, - struct krb5_plugin **/*list*/); - -void -_krb5_plugin_free (struct krb5_plugin */*list*/); - -struct krb5_plugin * -_krb5_plugin_get_next (struct krb5_plugin */*p*/); - -void * -_krb5_plugin_get_symbol (struct krb5_plugin */*p*/); - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_principal2principalname ( - PrincipalName */*p*/, - const krb5_principal /*from*/); - -krb5_boolean KRB5_LIB_FUNCTION -_krb5_principal_compare_PrincipalName ( - krb5_context /*context*/, - krb5_const_principal /*princ1*/, - PrincipalName */*princ2*/); - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_principalname2krb5_principal ( - krb5_context /*context*/, - krb5_principal */*principal*/, - const PrincipalName /*from*/, - const Realm /*realm*/); - -krb5_ssize_t KRB5_LIB_FUNCTION -_krb5_put_int ( - void */*buffer*/, - unsigned long /*value*/, - size_t /*size*/); - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_rd_req_out_ctx_alloc ( - krb5_context /*context*/, - krb5_rd_req_out_ctx */*ctx*/); - -krb5_error_code KRB5_LIB_FUNCTION -_krb5_s4u2self_to_checksumdata ( - krb5_context /*context*/, - const PA_S4U2Self */*self*/, - krb5_data */*data*/); - -int -_krb5_send_and_recv_tcp ( - int /*fd*/, - time_t /*tmout*/, - const krb5_data */*req*/, - krb5_data */*rep*/); - -int -_krb5_xlock ( - krb5_context /*context*/, - int /*fd*/, - krb5_boolean /*exclusive*/, - const char */*filename*/); - -int -_krb5_xunlock ( - krb5_context /*context*/, - int /*fd*/); - -#endif /* __krb5_private_h__ */ diff --git a/source4/heimdal/lib/krb5/krb5-protos.h b/source4/heimdal/lib/krb5/krb5-protos.h deleted file mode 100644 index ead66565e7..0000000000 --- a/source4/heimdal/lib/krb5/krb5-protos.h +++ /dev/null @@ -1,4169 +0,0 @@ -/* This is a generated file */ -#ifndef __krb5_protos_h__ -#define __krb5_protos_h__ - -#include <stdarg.h> - -#if !defined(__GNUC__) && !defined(__attribute__) -#define __attribute__(x) -#endif - -#ifdef __cplusplus -extern "C" { -#endif - -#ifndef KRB5_LIB -#if defined(_WIN32) -#define KRB5_LIB_FUNCTION _stdcall __declspec(dllimport) -#define KRB5_LIB_VARIABLE __declspec(dllimport) -#else -#define KRB5_LIB_FUNCTION -#define KRB5_LIB_VARIABLE -#endif -#endif - -krb5_error_code KRB5_LIB_FUNCTION -krb524_convert_creds_kdc ( - krb5_context /*context*/, - krb5_creds */*in_cred*/, - struct credentials */*v4creds*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb524_convert_creds_kdc_ccache ( - krb5_context /*context*/, - krb5_ccache /*ccache*/, - krb5_creds */*in_cred*/, - struct credentials */*v4creds*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_425_conv_principal ( - krb5_context /*context*/, - const char */*name*/, - const char */*instance*/, - const char */*realm*/, - krb5_principal */*princ*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_425_conv_principal_ext ( - krb5_context /*context*/, - const char */*name*/, - const char */*instance*/, - const char */*realm*/, - krb5_boolean (*/*func*/)(krb5_context, krb5_principal), - krb5_boolean /*resolve*/, - krb5_principal */*principal*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_425_conv_principal_ext2 ( - krb5_context /*context*/, - const char */*name*/, - const char */*instance*/, - const char */*realm*/, - krb5_boolean (*/*func*/)(krb5_context, void *, krb5_principal), - void */*funcctx*/, - krb5_boolean /*resolve*/, - krb5_principal */*princ*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_524_conv_principal ( - krb5_context /*context*/, - const krb5_principal /*principal*/, - char */*name*/, - char */*instance*/, - char */*realm*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_abort ( - krb5_context /*context*/, - krb5_error_code /*code*/, - const char */*fmt*/, - ...) - __attribute__ ((noreturn, format (printf, 3, 4))); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_abortx ( - krb5_context /*context*/, - const char */*fmt*/, - ...) - __attribute__ ((noreturn, format (printf, 2, 3))); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_acl_match_file ( - krb5_context /*context*/, - const char */*file*/, - const char */*format*/, - ...); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_acl_match_string ( - krb5_context /*context*/, - const char */*string*/, - const char */*format*/, - ...); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_add_et_list ( - krb5_context /*context*/, - void (*/*func*/)(struct et_list **)); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_add_extra_addresses ( - krb5_context /*context*/, - krb5_addresses */*addresses*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_add_ignore_addresses ( - krb5_context /*context*/, - krb5_addresses */*addresses*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_addlog_dest ( - krb5_context /*context*/, - krb5_log_facility */*f*/, - const char */*orig*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_addlog_func ( - krb5_context /*context*/, - krb5_log_facility */*fac*/, - int /*min*/, - int /*max*/, - krb5_log_log_func_t /*log_func*/, - krb5_log_close_func_t /*close_func*/, - void */*data*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_addr2sockaddr ( - krb5_context /*context*/, - const krb5_address */*addr*/, - struct sockaddr */*sa*/, - krb5_socklen_t */*sa_size*/, - int /*port*/); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_address_compare ( - krb5_context /*context*/, - const krb5_address */*addr1*/, - const krb5_address */*addr2*/); - -int KRB5_LIB_FUNCTION -krb5_address_order ( - krb5_context /*context*/, - const krb5_address */*addr1*/, - const krb5_address */*addr2*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_address_prefixlen_boundary ( - krb5_context /*context*/, - const krb5_address */*inaddr*/, - unsigned long /*prefixlen*/, - krb5_address */*low*/, - krb5_address */*high*/); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_address_search ( - krb5_context /*context*/, - const krb5_address */*addr*/, - const krb5_addresses */*addrlist*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_aname_to_localname ( - krb5_context /*context*/, - krb5_const_principal /*aname*/, - size_t /*lnsize*/, - char */*lname*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_anyaddr ( - krb5_context /*context*/, - int /*af*/, - struct sockaddr */*sa*/, - krb5_socklen_t */*sa_size*/, - int /*port*/); - -void KRB5_LIB_FUNCTION -krb5_appdefault_boolean ( - krb5_context /*context*/, - const char */*appname*/, - krb5_const_realm /*realm*/, - const char */*option*/, - krb5_boolean /*def_val*/, - krb5_boolean */*ret_val*/); - -void KRB5_LIB_FUNCTION -krb5_appdefault_string ( - krb5_context /*context*/, - const char */*appname*/, - krb5_const_realm /*realm*/, - const char */*option*/, - const char */*def_val*/, - char **/*ret_val*/); - -void KRB5_LIB_FUNCTION -krb5_appdefault_time ( - krb5_context /*context*/, - const char */*appname*/, - krb5_const_realm /*realm*/, - const char */*option*/, - time_t /*def_val*/, - time_t */*ret_val*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_append_addresses ( - krb5_context /*context*/, - krb5_addresses */*dest*/, - const krb5_addresses */*source*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_addflags ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - int32_t /*addflags*/, - int32_t */*flags*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_free ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_genaddrs ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - int /*fd*/, - int /*flags*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_generatelocalsubkey ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - krb5_keyblock */*key*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_getaddrs ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - krb5_address **/*local_addr*/, - krb5_address **/*remote_addr*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_getauthenticator ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - krb5_authenticator */*authenticator*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_getcksumtype ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - krb5_cksumtype */*cksumtype*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_getflags ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - int32_t */*flags*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_getkey ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - krb5_keyblock **/*keyblock*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_getkeytype ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - krb5_keytype */*keytype*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_getlocalseqnumber ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - int32_t */*seqnumber*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_getlocalsubkey ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - krb5_keyblock **/*keyblock*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_getrcache ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - krb5_rcache */*rcache*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_getremotesubkey ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - krb5_keyblock **/*keyblock*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_init ( - krb5_context /*context*/, - krb5_auth_context */*auth_context*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_removeflags ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - int32_t /*removeflags*/, - int32_t */*flags*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_setaddrs ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - krb5_address */*local_addr*/, - krb5_address */*remote_addr*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_setaddrs_from_fd ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - void */*p_fd*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_setcksumtype ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - krb5_cksumtype /*cksumtype*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_setflags ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - int32_t /*flags*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_setkey ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - krb5_keyblock */*keyblock*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_setkeytype ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - krb5_keytype /*keytype*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_setlocalseqnumber ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - int32_t /*seqnumber*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_setlocalsubkey ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - krb5_keyblock */*keyblock*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_setrcache ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - krb5_rcache /*rcache*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_setremoteseqnumber ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - int32_t /*seqnumber*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_setremotesubkey ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - krb5_keyblock */*keyblock*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_con_setuserkey ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - krb5_keyblock */*keyblock*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_auth_getremoteseqnumber ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - int32_t */*seqnumber*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_build_ap_req ( - krb5_context /*context*/, - krb5_enctype /*enctype*/, - krb5_creds */*cred*/, - krb5_flags /*ap_options*/, - krb5_data /*authenticator*/, - krb5_data */*retdata*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_build_authenticator ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - krb5_enctype /*enctype*/, - krb5_creds */*cred*/, - Checksum */*cksum*/, - Authenticator **/*auth_result*/, - krb5_data */*result*/, - krb5_key_usage /*usage*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_build_principal ( - krb5_context /*context*/, - krb5_principal */*principal*/, - int /*rlen*/, - krb5_const_realm /*realm*/, - ...); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_build_principal_ext ( - krb5_context /*context*/, - krb5_principal */*principal*/, - int /*rlen*/, - krb5_const_realm /*realm*/, - ...); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_build_principal_va ( - krb5_context /*context*/, - krb5_principal */*principal*/, - int /*rlen*/, - krb5_const_realm /*realm*/, - va_list /*ap*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_build_principal_va_ext ( - krb5_context /*context*/, - krb5_principal */*principal*/, - int /*rlen*/, - krb5_const_realm /*realm*/, - va_list /*ap*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_c_block_size ( - krb5_context /*context*/, - krb5_enctype /*enctype*/, - size_t */*blocksize*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_c_checksum_length ( - krb5_context /*context*/, - krb5_cksumtype /*cksumtype*/, - size_t */*length*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_c_decrypt ( - krb5_context /*context*/, - const krb5_keyblock /*key*/, - krb5_keyusage /*usage*/, - const krb5_data */*ivec*/, - krb5_enc_data */*input*/, - krb5_data */*output*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_c_encrypt ( - krb5_context /*context*/, - const krb5_keyblock */*key*/, - krb5_keyusage /*usage*/, - const krb5_data */*ivec*/, - const krb5_data */*input*/, - krb5_enc_data */*output*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_c_encrypt_length ( - krb5_context /*context*/, - krb5_enctype /*enctype*/, - size_t /*inputlen*/, - size_t */*length*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_c_enctype_compare ( - krb5_context /*context*/, - krb5_enctype /*e1*/, - krb5_enctype /*e2*/, - krb5_boolean */*similar*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_c_get_checksum ( - krb5_context /*context*/, - const krb5_checksum */*cksum*/, - krb5_cksumtype */*type*/, - krb5_data **/*data*/); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_c_is_coll_proof_cksum (krb5_cksumtype /*ctype*/); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_c_is_keyed_cksum (krb5_cksumtype /*ctype*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_c_keylengths ( - krb5_context /*context*/, - krb5_enctype /*enctype*/, - size_t */*ilen*/, - size_t */*keylen*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_c_make_checksum ( - krb5_context /*context*/, - krb5_cksumtype /*cksumtype*/, - const krb5_keyblock */*key*/, - krb5_keyusage /*usage*/, - const krb5_data */*input*/, - krb5_checksum */*cksum*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_c_make_random_key ( - krb5_context /*context*/, - krb5_enctype /*enctype*/, - krb5_keyblock */*random_key*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_c_prf ( - krb5_context /*context*/, - const krb5_keyblock */*key*/, - const krb5_data */*input*/, - krb5_data */*output*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_c_prf_length ( - krb5_context /*context*/, - krb5_enctype /*type*/, - size_t */*length*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_c_set_checksum ( - krb5_context /*context*/, - krb5_checksum */*cksum*/, - krb5_cksumtype /*type*/, - const krb5_data */*data*/); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_c_valid_cksumtype (krb5_cksumtype /*ctype*/); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_c_valid_enctype (krb5_enctype /*etype*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_c_verify_checksum ( - krb5_context /*context*/, - const krb5_keyblock */*key*/, - krb5_keyusage /*usage*/, - const krb5_data */*data*/, - const krb5_checksum */*cksum*/, - krb5_boolean */*valid*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_cache_end_seq_get ( - krb5_context /*context*/, - krb5_cc_cache_cursor /*cursor*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_cache_get_first ( - krb5_context /*context*/, - const char */*type*/, - krb5_cc_cache_cursor */*cursor*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_cache_match ( - krb5_context /*context*/, - krb5_principal /*client*/, - const char */*type*/, - krb5_ccache */*id*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_cache_next ( - krb5_context /*context*/, - krb5_cc_cache_cursor /*cursor*/, - krb5_ccache */*id*/); - -void KRB5_LIB_FUNCTION -krb5_cc_clear_mcred (krb5_creds */*mcred*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_close ( - krb5_context /*context*/, - krb5_ccache /*id*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_copy_cache ( - krb5_context /*context*/, - const krb5_ccache /*from*/, - krb5_ccache /*to*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_copy_cache_match ( - krb5_context /*context*/, - const krb5_ccache /*from*/, - krb5_ccache /*to*/, - krb5_flags /*whichfields*/, - const krb5_creds * /*mcreds*/, - unsigned int */*matched*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_default ( - krb5_context /*context*/, - krb5_ccache */*id*/); - -const char* KRB5_LIB_FUNCTION -krb5_cc_default_name (krb5_context /*context*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_destroy ( - krb5_context /*context*/, - krb5_ccache /*id*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_end_seq_get ( - krb5_context /*context*/, - const krb5_ccache /*id*/, - krb5_cc_cursor */*cursor*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_gen_new ( - krb5_context /*context*/, - const krb5_cc_ops */*ops*/, - krb5_ccache */*id*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_get_config ( - krb5_context /*context*/, - krb5_ccache /*id*/, - krb5_const_principal /*principal*/, - const char */*name*/, - krb5_data */*data*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_get_full_name ( - krb5_context /*context*/, - krb5_ccache /*id*/, - char **/*str*/); - -const char* KRB5_LIB_FUNCTION -krb5_cc_get_name ( - krb5_context /*context*/, - krb5_ccache /*id*/); - -const krb5_cc_ops * -krb5_cc_get_ops ( - krb5_context /*context*/, - krb5_ccache /*id*/); - -const krb5_cc_ops * -krb5_cc_get_prefix_ops ( - krb5_context /*context*/, - const char */*prefix*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_get_principal ( - krb5_context /*context*/, - krb5_ccache /*id*/, - krb5_principal */*principal*/); - -const char* KRB5_LIB_FUNCTION -krb5_cc_get_type ( - krb5_context /*context*/, - krb5_ccache /*id*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_get_version ( - krb5_context /*context*/, - const krb5_ccache /*id*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_initialize ( - krb5_context /*context*/, - krb5_ccache /*id*/, - krb5_principal /*primary_principal*/); - -krb5_error_code -krb5_cc_move ( - krb5_context /*context*/, - krb5_ccache /*from*/, - krb5_ccache /*to*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_new_unique ( - krb5_context /*context*/, - const char */*type*/, - const char */*hint*/, - krb5_ccache */*id*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_next_cred ( - krb5_context /*context*/, - const krb5_ccache /*id*/, - krb5_cc_cursor */*cursor*/, - krb5_creds */*creds*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_next_cred_match ( - krb5_context /*context*/, - const krb5_ccache /*id*/, - krb5_cc_cursor * /*cursor*/, - krb5_creds * /*creds*/, - krb5_flags /*whichfields*/, - const krb5_creds * /*mcreds*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_register ( - krb5_context /*context*/, - const krb5_cc_ops */*ops*/, - krb5_boolean /*override*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_remove_cred ( - krb5_context /*context*/, - krb5_ccache /*id*/, - krb5_flags /*which*/, - krb5_creds */*cred*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_resolve ( - krb5_context /*context*/, - const char */*name*/, - krb5_ccache */*id*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_retrieve_cred ( - krb5_context /*context*/, - krb5_ccache /*id*/, - krb5_flags /*whichfields*/, - const krb5_creds */*mcreds*/, - krb5_creds */*creds*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_set_config ( - krb5_context /*context*/, - krb5_ccache /*id*/, - krb5_const_principal /*principal*/, - const char */*name*/, - krb5_data */*data*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_set_default_name ( - krb5_context /*context*/, - const char */*name*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_set_flags ( - krb5_context /*context*/, - krb5_ccache /*id*/, - krb5_flags /*flags*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_start_seq_get ( - krb5_context /*context*/, - const krb5_ccache /*id*/, - krb5_cc_cursor */*cursor*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cc_store_cred ( - krb5_context /*context*/, - krb5_ccache /*id*/, - krb5_creds */*creds*/); - -krb5_error_code -krb5_cc_switch ( - krb5_context /*context*/, - krb5_ccache /*id*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_change_password ( - krb5_context /*context*/, - krb5_creds */*creds*/, - const char */*newpw*/, - int */*result_code*/, - krb5_data */*result_code_string*/, - krb5_data */*result_string*/) - __attribute__((deprecated)); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_check_transited ( - krb5_context /*context*/, - krb5_const_realm /*client_realm*/, - krb5_const_realm /*server_realm*/, - krb5_realm */*realms*/, - unsigned int /*num_realms*/, - int */*bad_realm*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_check_transited_realms ( - krb5_context /*context*/, - const char *const */*realms*/, - unsigned int /*num_realms*/, - int */*bad_realm*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_checksum_disable ( - krb5_context /*context*/, - krb5_cksumtype /*type*/); - -void KRB5_LIB_FUNCTION -krb5_checksum_free ( - krb5_context /*context*/, - krb5_checksum */*cksum*/); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_checksum_is_collision_proof ( - krb5_context /*context*/, - krb5_cksumtype /*type*/); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_checksum_is_keyed ( - krb5_context /*context*/, - krb5_cksumtype /*type*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_checksumsize ( - krb5_context /*context*/, - krb5_cksumtype /*type*/, - size_t */*size*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_cksumtype_valid ( - krb5_context /*context*/, - krb5_cksumtype /*ctype*/); - -void KRB5_LIB_FUNCTION -krb5_clear_error_string (krb5_context /*context*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_closelog ( - krb5_context /*context*/, - krb5_log_facility */*fac*/); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_compare_creds ( - krb5_context /*context*/, - krb5_flags /*whichfields*/, - const krb5_creds * /*mcreds*/, - const krb5_creds * /*creds*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_config_file_free ( - krb5_context /*context*/, - krb5_config_section */*s*/); - -void KRB5_LIB_FUNCTION -krb5_config_free_strings (char **/*strings*/); - -const void * -krb5_config_get ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - int /*type*/, - ...); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_config_get_bool ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - ...); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_config_get_bool_default ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - krb5_boolean /*def_value*/, - ...); - -int KRB5_LIB_FUNCTION -krb5_config_get_int ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - ...); - -int KRB5_LIB_FUNCTION -krb5_config_get_int_default ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - int /*def_value*/, - ...); - -const krb5_config_binding * -krb5_config_get_list ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - ...); - -const void * -krb5_config_get_next ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - const krb5_config_binding **/*pointer*/, - int /*type*/, - ...); - -const char* KRB5_LIB_FUNCTION -krb5_config_get_string ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - ...); - -const char* KRB5_LIB_FUNCTION -krb5_config_get_string_default ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - const char */*def_value*/, - ...); - -char** -krb5_config_get_strings ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - ...); - -int KRB5_LIB_FUNCTION -krb5_config_get_time ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - ...); - -int KRB5_LIB_FUNCTION -krb5_config_get_time_default ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - int /*def_value*/, - ...); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_config_parse_file ( - krb5_context /*context*/, - const char */*fname*/, - krb5_config_section **/*res*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_config_parse_file_multi ( - krb5_context /*context*/, - const char */*fname*/, - krb5_config_section **/*res*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_config_parse_string_multi ( - krb5_context /*context*/, - const char */*string*/, - krb5_config_section **/*res*/); - -const void * -krb5_config_vget ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - int /*type*/, - va_list /*args*/); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_config_vget_bool ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - va_list /*args*/); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_config_vget_bool_default ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - krb5_boolean /*def_value*/, - va_list /*args*/); - -int KRB5_LIB_FUNCTION -krb5_config_vget_int ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - va_list /*args*/); - -int KRB5_LIB_FUNCTION -krb5_config_vget_int_default ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - int /*def_value*/, - va_list /*args*/); - -const krb5_config_binding * -krb5_config_vget_list ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - va_list /*args*/); - -const void * -krb5_config_vget_next ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - const krb5_config_binding **/*pointer*/, - int /*type*/, - va_list /*args*/); - -const char* KRB5_LIB_FUNCTION -krb5_config_vget_string ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - va_list /*args*/); - -const char* KRB5_LIB_FUNCTION -krb5_config_vget_string_default ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - const char */*def_value*/, - va_list /*args*/); - -char ** KRB5_LIB_FUNCTION -krb5_config_vget_strings ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - va_list /*args*/); - -int KRB5_LIB_FUNCTION -krb5_config_vget_time ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - va_list /*args*/); - -int KRB5_LIB_FUNCTION -krb5_config_vget_time_default ( - krb5_context /*context*/, - const krb5_config_section */*c*/, - int /*def_value*/, - va_list /*args*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_copy_address ( - krb5_context /*context*/, - const krb5_address */*inaddr*/, - krb5_address */*outaddr*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_copy_addresses ( - krb5_context /*context*/, - const krb5_addresses */*inaddr*/, - krb5_addresses */*outaddr*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_copy_checksum ( - krb5_context /*context*/, - const krb5_checksum */*old*/, - krb5_checksum **/*new*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_copy_creds ( - krb5_context /*context*/, - const krb5_creds */*incred*/, - krb5_creds **/*outcred*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_copy_creds_contents ( - krb5_context /*context*/, - const krb5_creds */*incred*/, - krb5_creds */*c*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_copy_data ( - krb5_context /*context*/, - const krb5_data */*indata*/, - krb5_data **/*outdata*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_copy_host_realm ( - krb5_context /*context*/, - const krb5_realm */*from*/, - krb5_realm **/*to*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_copy_keyblock ( - krb5_context /*context*/, - const krb5_keyblock */*inblock*/, - krb5_keyblock **/*to*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_copy_keyblock_contents ( - krb5_context /*context*/, - const krb5_keyblock */*inblock*/, - krb5_keyblock */*to*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_copy_principal ( - krb5_context /*context*/, - krb5_const_principal /*inprinc*/, - krb5_principal */*outprinc*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_copy_ticket ( - krb5_context /*context*/, - const krb5_ticket */*from*/, - krb5_ticket **/*to*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_create_checksum ( - krb5_context /*context*/, - krb5_crypto /*crypto*/, - krb5_key_usage /*usage*/, - int /*type*/, - void */*data*/, - size_t /*len*/, - Checksum */*result*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_crypto_destroy ( - krb5_context /*context*/, - krb5_crypto /*crypto*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_crypto_get_checksum_type ( - krb5_context /*context*/, - krb5_crypto /*crypto*/, - krb5_cksumtype */*type*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_crypto_getblocksize ( - krb5_context /*context*/, - krb5_crypto /*crypto*/, - size_t */*blocksize*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_crypto_getconfoundersize ( - krb5_context /*context*/, - krb5_crypto /*crypto*/, - size_t */*confoundersize*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_crypto_getenctype ( - krb5_context /*context*/, - krb5_crypto /*crypto*/, - krb5_enctype */*enctype*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_crypto_getpadsize ( - krb5_context /*context*/, - krb5_crypto /*crypto*/, - size_t */*padsize*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_crypto_init ( - krb5_context /*context*/, - const krb5_keyblock */*key*/, - krb5_enctype /*etype*/, - krb5_crypto */*crypto*/); - -size_t -krb5_crypto_overhead ( - krb5_context /*context*/, - krb5_crypto /*crypto*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_crypto_prf ( - krb5_context /*context*/, - const krb5_crypto /*crypto*/, - const krb5_data */*input*/, - krb5_data */*output*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_crypto_prf_length ( - krb5_context /*context*/, - krb5_enctype /*type*/, - size_t */*length*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_data_alloc ( - krb5_data */*p*/, - int /*len*/); - -int KRB5_LIB_FUNCTION -krb5_data_cmp ( - const krb5_data */*data1*/, - const krb5_data */*data2*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_data_copy ( - krb5_data */*p*/, - const void */*data*/, - size_t /*len*/); - -void KRB5_LIB_FUNCTION -krb5_data_free (krb5_data */*p*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_data_realloc ( - krb5_data */*p*/, - int /*len*/); - -void KRB5_LIB_FUNCTION -krb5_data_zero (krb5_data */*p*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_decode_Authenticator ( - krb5_context /*context*/, - const void */*data*/, - size_t /*length*/, - Authenticator */*t*/, - size_t */*len*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_decode_ETYPE_INFO ( - krb5_context /*context*/, - const void */*data*/, - size_t /*length*/, - ETYPE_INFO */*t*/, - size_t */*len*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_decode_ETYPE_INFO2 ( - krb5_context /*context*/, - const void */*data*/, - size_t /*length*/, - ETYPE_INFO2 */*t*/, - size_t */*len*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_decode_EncAPRepPart ( - krb5_context /*context*/, - const void */*data*/, - size_t /*length*/, - EncAPRepPart */*t*/, - size_t */*len*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_decode_EncASRepPart ( - krb5_context /*context*/, - const void */*data*/, - size_t /*length*/, - EncASRepPart */*t*/, - size_t */*len*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_decode_EncKrbCredPart ( - krb5_context /*context*/, - const void */*data*/, - size_t /*length*/, - EncKrbCredPart */*t*/, - size_t */*len*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_decode_EncTGSRepPart ( - krb5_context /*context*/, - const void */*data*/, - size_t /*length*/, - EncTGSRepPart */*t*/, - size_t */*len*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_decode_EncTicketPart ( - krb5_context /*context*/, - const void */*data*/, - size_t /*length*/, - EncTicketPart */*t*/, - size_t */*len*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_decode_ap_req ( - krb5_context /*context*/, - const krb5_data */*inbuf*/, - krb5_ap_req */*ap_req*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_decrypt ( - krb5_context /*context*/, - krb5_crypto /*crypto*/, - unsigned /*usage*/, - void */*data*/, - size_t /*len*/, - krb5_data */*result*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_decrypt_EncryptedData ( - krb5_context /*context*/, - krb5_crypto /*crypto*/, - unsigned /*usage*/, - const EncryptedData */*e*/, - krb5_data */*result*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_decrypt_ivec ( - krb5_context /*context*/, - krb5_crypto /*crypto*/, - unsigned /*usage*/, - void */*data*/, - size_t /*len*/, - krb5_data */*result*/, - void */*ivec*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_decrypt_ticket ( - krb5_context /*context*/, - Ticket */*ticket*/, - krb5_keyblock */*key*/, - EncTicketPart */*out*/, - krb5_flags /*flags*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_derive_key ( - krb5_context /*context*/, - const krb5_keyblock */*key*/, - krb5_enctype /*etype*/, - const void */*constant*/, - size_t /*constant_len*/, - krb5_keyblock **/*derived_key*/); - -krb5_error_code -krb5_digest_alloc ( - krb5_context /*context*/, - krb5_digest */*digest*/); - -void -krb5_digest_free (krb5_digest /*digest*/); - -krb5_error_code -krb5_digest_get_client_binding ( - krb5_context /*context*/, - krb5_digest /*digest*/, - char **/*type*/, - char **/*binding*/); - -const char * -krb5_digest_get_identifier ( - krb5_context /*context*/, - krb5_digest /*digest*/); - -const char * -krb5_digest_get_opaque ( - krb5_context /*context*/, - krb5_digest /*digest*/); - -const char * -krb5_digest_get_rsp ( - krb5_context /*context*/, - krb5_digest /*digest*/); - -const char * -krb5_digest_get_server_nonce ( - krb5_context /*context*/, - krb5_digest /*digest*/); - -krb5_error_code -krb5_digest_get_session_key ( - krb5_context /*context*/, - krb5_digest /*digest*/, - krb5_data */*data*/); - -krb5_error_code -krb5_digest_get_tickets ( - krb5_context /*context*/, - krb5_digest /*digest*/, - Ticket **/*tickets*/); - -krb5_error_code -krb5_digest_init_request ( - krb5_context /*context*/, - krb5_digest /*digest*/, - krb5_realm /*realm*/, - krb5_ccache /*ccache*/); - -krb5_error_code -krb5_digest_probe ( - krb5_context /*context*/, - krb5_realm /*realm*/, - krb5_ccache /*ccache*/, - unsigned */*flags*/); - -krb5_boolean -krb5_digest_rep_get_status ( - krb5_context /*context*/, - krb5_digest /*digest*/); - -krb5_error_code -krb5_digest_request ( - krb5_context /*context*/, - krb5_digest /*digest*/, - krb5_realm /*realm*/, - krb5_ccache /*ccache*/); - -krb5_error_code -krb5_digest_set_authentication_user ( - krb5_context /*context*/, - krb5_digest /*digest*/, - krb5_principal /*authentication_user*/); - -krb5_error_code -krb5_digest_set_authid ( - krb5_context /*context*/, - krb5_digest /*digest*/, - const char */*authid*/); - -krb5_error_code -krb5_digest_set_client_nonce ( - krb5_context /*context*/, - krb5_digest /*digest*/, - const char */*nonce*/); - -krb5_error_code -krb5_digest_set_digest ( - krb5_context /*context*/, - krb5_digest /*digest*/, - const char */*dgst*/); - -krb5_error_code -krb5_digest_set_hostname ( - krb5_context /*context*/, - krb5_digest /*digest*/, - const char */*hostname*/); - -krb5_error_code -krb5_digest_set_identifier ( - krb5_context /*context*/, - krb5_digest /*digest*/, - const char */*id*/); - -krb5_error_code -krb5_digest_set_method ( - krb5_context /*context*/, - krb5_digest /*digest*/, - const char */*method*/); - -krb5_error_code -krb5_digest_set_nonceCount ( - krb5_context /*context*/, - krb5_digest /*digest*/, - const char */*nonce_count*/); - -krb5_error_code -krb5_digest_set_opaque ( - krb5_context /*context*/, - krb5_digest /*digest*/, - const char */*opaque*/); - -krb5_error_code -krb5_digest_set_qop ( - krb5_context /*context*/, - krb5_digest /*digest*/, - const char */*qop*/); - -krb5_error_code -krb5_digest_set_realm ( - krb5_context /*context*/, - krb5_digest /*digest*/, - const char */*realm*/); - -int -krb5_digest_set_responseData ( - krb5_context /*context*/, - krb5_digest /*digest*/, - const char */*response*/); - -krb5_error_code -krb5_digest_set_server_cb ( - krb5_context /*context*/, - krb5_digest /*digest*/, - const char */*type*/, - const char */*binding*/); - -krb5_error_code -krb5_digest_set_server_nonce ( - krb5_context /*context*/, - krb5_digest /*digest*/, - const char */*nonce*/); - -krb5_error_code -krb5_digest_set_type ( - krb5_context /*context*/, - krb5_digest /*digest*/, - const char */*type*/); - -krb5_error_code -krb5_digest_set_uri ( - krb5_context /*context*/, - krb5_digest /*digest*/, - const char */*uri*/); - -krb5_error_code -krb5_digest_set_username ( - krb5_context /*context*/, - krb5_digest /*digest*/, - const char */*username*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_domain_x500_decode ( - krb5_context /*context*/, - krb5_data /*tr*/, - char ***/*realms*/, - unsigned int */*num_realms*/, - const char */*client_realm*/, - const char */*server_realm*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_domain_x500_encode ( - char **/*realms*/, - unsigned int /*num_realms*/, - krb5_data */*encoding*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_eai_to_heim_errno ( - int /*eai_errno*/, - int /*system_error*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_encode_Authenticator ( - krb5_context /*context*/, - void */*data*/, - size_t /*length*/, - Authenticator */*t*/, - size_t */*len*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_encode_ETYPE_INFO ( - krb5_context /*context*/, - void */*data*/, - size_t /*length*/, - ETYPE_INFO */*t*/, - size_t */*len*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_encode_ETYPE_INFO2 ( - krb5_context /*context*/, - void */*data*/, - size_t /*length*/, - ETYPE_INFO2 */*t*/, - size_t */*len*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_encode_EncAPRepPart ( - krb5_context /*context*/, - void */*data*/, - size_t /*length*/, - EncAPRepPart */*t*/, - size_t */*len*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_encode_EncASRepPart ( - krb5_context /*context*/, - void */*data*/, - size_t /*length*/, - EncASRepPart */*t*/, - size_t */*len*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_encode_EncKrbCredPart ( - krb5_context /*context*/, - void */*data*/, - size_t /*length*/, - EncKrbCredPart */*t*/, - size_t */*len*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_encode_EncTGSRepPart ( - krb5_context /*context*/, - void */*data*/, - size_t /*length*/, - EncTGSRepPart */*t*/, - size_t */*len*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_encode_EncTicketPart ( - krb5_context /*context*/, - void */*data*/, - size_t /*length*/, - EncTicketPart */*t*/, - size_t */*len*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_encrypt ( - krb5_context /*context*/, - krb5_crypto /*crypto*/, - unsigned /*usage*/, - const void */*data*/, - size_t /*len*/, - krb5_data */*result*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_encrypt_EncryptedData ( - krb5_context /*context*/, - krb5_crypto /*crypto*/, - unsigned /*usage*/, - void */*data*/, - size_t /*len*/, - int /*kvno*/, - EncryptedData */*result*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_encrypt_ivec ( - krb5_context /*context*/, - krb5_crypto /*crypto*/, - unsigned /*usage*/, - const void */*data*/, - size_t /*len*/, - krb5_data */*result*/, - void */*ivec*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_enctype_disable ( - krb5_context /*context*/, - krb5_enctype /*enctype*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_enctype_keybits ( - krb5_context /*context*/, - krb5_enctype /*type*/, - size_t */*keybits*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_enctype_keysize ( - krb5_context /*context*/, - krb5_enctype /*type*/, - size_t */*keysize*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_enctype_to_keytype ( - krb5_context /*context*/, - krb5_enctype /*etype*/, - krb5_keytype */*keytype*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_enctype_to_string ( - krb5_context /*context*/, - krb5_enctype /*etype*/, - char **/*string*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_enctype_valid ( - krb5_context /*context*/, - krb5_enctype /*etype*/); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_enctypes_compatible_keys ( - krb5_context /*context*/, - krb5_enctype /*etype1*/, - krb5_enctype /*etype2*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_err ( - krb5_context /*context*/, - int /*eval*/, - krb5_error_code /*code*/, - const char */*fmt*/, - ...) - __attribute__ ((noreturn, format (printf, 4, 5))); - -krb5_error_code KRB5_LIB_FUNCTION - __attribute__((deprecated)) krb5_free_creds_contents (krb5_context context, krb5_creds *c); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_error_from_rd_error ( - krb5_context /*context*/, - const krb5_error */*error*/, - const krb5_creds */*creds*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_errx ( - krb5_context /*context*/, - int /*eval*/, - const char */*fmt*/, - ...) - __attribute__ ((noreturn, format (printf, 3, 4))); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_expand_hostname ( - krb5_context /*context*/, - const char */*orig_hostname*/, - char **/*new_hostname*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_expand_hostname_realms ( - krb5_context /*context*/, - const char */*orig_hostname*/, - char **/*new_hostname*/, - char ***/*realms*/); - -PA_DATA * -krb5_find_padata ( - PA_DATA */*val*/, - unsigned /*len*/, - int /*type*/, - int */*idx*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_format_time ( - krb5_context /*context*/, - time_t /*t*/, - char */*s*/, - size_t /*len*/, - krb5_boolean /*include_time*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_free_address ( - krb5_context /*context*/, - krb5_address */*address*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_free_addresses ( - krb5_context /*context*/, - krb5_addresses */*addresses*/); - -void KRB5_LIB_FUNCTION -krb5_free_ap_rep_enc_part ( - krb5_context /*context*/, - krb5_ap_rep_enc_part */*val*/); - -void KRB5_LIB_FUNCTION -krb5_free_authenticator ( - krb5_context /*context*/, - krb5_authenticator */*authenticator*/); - -void KRB5_LIB_FUNCTION -krb5_free_checksum ( - krb5_context /*context*/, - krb5_checksum */*cksum*/); - -void KRB5_LIB_FUNCTION -krb5_free_checksum_contents ( - krb5_context /*context*/, - krb5_checksum */*cksum*/); - -void KRB5_LIB_FUNCTION -krb5_free_config_files (char **/*filenames*/); - -void KRB5_LIB_FUNCTION -krb5_free_context (krb5_context /*context*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_free_cred_contents ( - krb5_context /*context*/, - krb5_creds */*c*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_free_creds ( - krb5_context /*context*/, - krb5_creds */*c*/); - -void KRB5_LIB_FUNCTION -krb5_free_data ( - krb5_context /*context*/, - krb5_data */*p*/); - -void KRB5_LIB_FUNCTION -krb5_free_data_contents ( - krb5_context /*context*/, - krb5_data */*data*/); - -void KRB5_LIB_FUNCTION -krb5_free_error ( - krb5_context /*context*/, - krb5_error */*error*/); - -void KRB5_LIB_FUNCTION -krb5_free_error_contents ( - krb5_context /*context*/, - krb5_error */*error*/); - -void KRB5_LIB_FUNCTION -krb5_free_error_message ( - krb5_context /*context*/, - const char */*msg*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_free_host_realm ( - krb5_context /*context*/, - krb5_realm */*realmlist*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_free_kdc_rep ( - krb5_context /*context*/, - krb5_kdc_rep */*rep*/); - -void KRB5_LIB_FUNCTION -krb5_free_keyblock ( - krb5_context /*context*/, - krb5_keyblock */*keyblock*/); - -void KRB5_LIB_FUNCTION -krb5_free_keyblock_contents ( - krb5_context /*context*/, - krb5_keyblock */*keyblock*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_free_krbhst ( - krb5_context /*context*/, - char **/*hostlist*/); - -void KRB5_LIB_FUNCTION -krb5_free_principal ( - krb5_context /*context*/, - krb5_principal /*p*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_free_salt ( - krb5_context /*context*/, - krb5_salt /*salt*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_free_ticket ( - krb5_context /*context*/, - krb5_ticket */*ticket*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_fwd_tgt_creds ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - const char */*hostname*/, - krb5_principal /*client*/, - krb5_principal /*server*/, - krb5_ccache /*ccache*/, - int /*forwardable*/, - krb5_data */*out_data*/); - -void KRB5_LIB_FUNCTION -krb5_generate_random_block ( - void */*buf*/, - size_t /*len*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_generate_random_keyblock ( - krb5_context /*context*/, - krb5_enctype /*type*/, - krb5_keyblock */*key*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_generate_seq_number ( - krb5_context /*context*/, - const krb5_keyblock */*key*/, - uint32_t */*seqno*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_generate_subkey ( - krb5_context /*context*/, - const krb5_keyblock */*key*/, - krb5_keyblock **/*subkey*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_generate_subkey_extended ( - krb5_context /*context*/, - const krb5_keyblock */*key*/, - krb5_enctype /*etype*/, - krb5_keyblock **/*subkey*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_all_client_addrs ( - krb5_context /*context*/, - krb5_addresses */*res*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_all_server_addrs ( - krb5_context /*context*/, - krb5_addresses */*res*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_cred_from_kdc ( - krb5_context /*context*/, - krb5_ccache /*ccache*/, - krb5_creds */*in_creds*/, - krb5_creds **/*out_creds*/, - krb5_creds ***/*ret_tgts*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_cred_from_kdc_opt ( - krb5_context /*context*/, - krb5_ccache /*ccache*/, - krb5_creds */*in_creds*/, - krb5_creds **/*out_creds*/, - krb5_creds ***/*ret_tgts*/, - krb5_flags /*flags*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_credentials ( - krb5_context /*context*/, - krb5_flags /*options*/, - krb5_ccache /*ccache*/, - krb5_creds */*in_creds*/, - krb5_creds **/*out_creds*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_credentials_with_flags ( - krb5_context /*context*/, - krb5_flags /*options*/, - krb5_kdc_flags /*flags*/, - krb5_ccache /*ccache*/, - krb5_creds */*in_creds*/, - krb5_creds **/*out_creds*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_creds ( - krb5_context /*context*/, - krb5_get_creds_opt /*opt*/, - krb5_ccache /*ccache*/, - krb5_const_principal /*inprinc*/, - krb5_creds **/*out_creds*/); - -void KRB5_LIB_FUNCTION -krb5_get_creds_opt_add_options ( - krb5_context /*context*/, - krb5_get_creds_opt /*opt*/, - krb5_flags /*options*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_creds_opt_alloc ( - krb5_context /*context*/, - krb5_get_creds_opt */*opt*/); - -void KRB5_LIB_FUNCTION -krb5_get_creds_opt_free ( - krb5_context /*context*/, - krb5_get_creds_opt /*opt*/); - -void KRB5_LIB_FUNCTION -krb5_get_creds_opt_set_enctype ( - krb5_context /*context*/, - krb5_get_creds_opt /*opt*/, - krb5_enctype /*enctype*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_creds_opt_set_impersonate ( - krb5_context /*context*/, - krb5_get_creds_opt /*opt*/, - krb5_const_principal /*self*/); - -void KRB5_LIB_FUNCTION -krb5_get_creds_opt_set_options ( - krb5_context /*context*/, - krb5_get_creds_opt /*opt*/, - krb5_flags /*options*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_creds_opt_set_ticket ( - krb5_context /*context*/, - krb5_get_creds_opt /*opt*/, - const Ticket */*ticket*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_default_config_files (char ***/*pfilenames*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_default_in_tkt_etypes ( - krb5_context /*context*/, - krb5_enctype **/*etypes*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_default_principal ( - krb5_context /*context*/, - krb5_principal */*princ*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_default_realm ( - krb5_context /*context*/, - krb5_realm */*realm*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_default_realms ( - krb5_context /*context*/, - krb5_realm **/*realms*/); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_get_dns_canonicalize_hostname (krb5_context /*context*/); - -const char* KRB5_LIB_FUNCTION -krb5_get_err_text ( - krb5_context /*context*/, - krb5_error_code /*code*/); - -const char * KRB5_LIB_FUNCTION -krb5_get_error_message ( - krb5_context /*context*/, - krb5_error_code /*code*/); - -char * KRB5_LIB_FUNCTION -krb5_get_error_string (krb5_context /*context*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_extra_addresses ( - krb5_context /*context*/, - krb5_addresses */*addresses*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_fcache_version ( - krb5_context /*context*/, - int */*version*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_forwarded_creds ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - krb5_ccache /*ccache*/, - krb5_flags /*flags*/, - const char */*hostname*/, - krb5_creds */*in_creds*/, - krb5_data */*out_data*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_host_realm ( - krb5_context /*context*/, - const char */*targethost*/, - krb5_realm **/*realms*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_ignore_addresses ( - krb5_context /*context*/, - krb5_addresses */*addresses*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_in_cred ( - krb5_context /*context*/, - krb5_flags /*options*/, - const krb5_addresses */*addrs*/, - const krb5_enctype */*etypes*/, - const krb5_preauthtype */*ptypes*/, - const krb5_preauthdata */*preauth*/, - krb5_key_proc /*key_proc*/, - krb5_const_pointer /*keyseed*/, - krb5_decrypt_proc /*decrypt_proc*/, - krb5_const_pointer /*decryptarg*/, - krb5_creds */*creds*/, - krb5_kdc_rep */*ret_as_reply*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_in_tkt ( - krb5_context /*context*/, - krb5_flags /*options*/, - const krb5_addresses */*addrs*/, - const krb5_enctype */*etypes*/, - const krb5_preauthtype */*ptypes*/, - krb5_key_proc /*key_proc*/, - krb5_const_pointer /*keyseed*/, - krb5_decrypt_proc /*decrypt_proc*/, - krb5_const_pointer /*decryptarg*/, - krb5_creds */*creds*/, - krb5_ccache /*ccache*/, - krb5_kdc_rep */*ret_as_reply*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_in_tkt_with_keytab ( - krb5_context /*context*/, - krb5_flags /*options*/, - krb5_addresses */*addrs*/, - const krb5_enctype */*etypes*/, - const krb5_preauthtype */*pre_auth_types*/, - krb5_keytab /*keytab*/, - krb5_ccache /*ccache*/, - krb5_creds */*creds*/, - krb5_kdc_rep */*ret_as_reply*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_in_tkt_with_password ( - krb5_context /*context*/, - krb5_flags /*options*/, - krb5_addresses */*addrs*/, - const krb5_enctype */*etypes*/, - const krb5_preauthtype */*pre_auth_types*/, - const char */*password*/, - krb5_ccache /*ccache*/, - krb5_creds */*creds*/, - krb5_kdc_rep */*ret_as_reply*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_in_tkt_with_skey ( - krb5_context /*context*/, - krb5_flags /*options*/, - krb5_addresses */*addrs*/, - const krb5_enctype */*etypes*/, - const krb5_preauthtype */*pre_auth_types*/, - const krb5_keyblock */*key*/, - krb5_ccache /*ccache*/, - krb5_creds */*creds*/, - krb5_kdc_rep */*ret_as_reply*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_init_creds ( - krb5_context /*context*/, - krb5_creds */*creds*/, - krb5_principal /*client*/, - krb5_prompter_fct /*prompter*/, - void */*data*/, - krb5_deltat /*start_time*/, - const char */*in_tkt_service*/, - krb5_get_init_creds_opt */*options*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_init_creds_keyblock ( - krb5_context /*context*/, - krb5_creds */*creds*/, - krb5_principal /*client*/, - krb5_keyblock */*keyblock*/, - krb5_deltat /*start_time*/, - const char */*in_tkt_service*/, - krb5_get_init_creds_opt */*options*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_init_creds_keytab ( - krb5_context /*context*/, - krb5_creds */*creds*/, - krb5_principal /*client*/, - krb5_keytab /*keytab*/, - krb5_deltat /*start_time*/, - const char */*in_tkt_service*/, - krb5_get_init_creds_opt */*options*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_init_creds_opt_alloc ( - krb5_context /*context*/, - krb5_get_init_creds_opt **/*opt*/); - -void KRB5_LIB_FUNCTION -krb5_get_init_creds_opt_free ( - krb5_context /*context*/, - krb5_get_init_creds_opt */*opt*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_init_creds_opt_get_error ( - krb5_context /*context*/, - krb5_get_init_creds_opt */*opt*/, - KRB_ERROR **/*error*/); - -void KRB5_LIB_FUNCTION -krb5_get_init_creds_opt_init (krb5_get_init_creds_opt */*opt*/); - -void KRB5_LIB_FUNCTION -krb5_get_init_creds_opt_set_address_list ( - krb5_get_init_creds_opt */*opt*/, - krb5_addresses */*addresses*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_init_creds_opt_set_addressless ( - krb5_context /*context*/, - krb5_get_init_creds_opt */*opt*/, - krb5_boolean /*addressless*/); - -void KRB5_LIB_FUNCTION -krb5_get_init_creds_opt_set_anonymous ( - krb5_get_init_creds_opt */*opt*/, - int /*anonymous*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_init_creds_opt_set_canonicalize ( - krb5_context /*context*/, - krb5_get_init_creds_opt */*opt*/, - krb5_boolean /*req*/); - -void KRB5_LIB_FUNCTION -krb5_get_init_creds_opt_set_default_flags ( - krb5_context /*context*/, - const char */*appname*/, - krb5_const_realm /*realm*/, - krb5_get_init_creds_opt */*opt*/); - -void KRB5_LIB_FUNCTION -krb5_get_init_creds_opt_set_etype_list ( - krb5_get_init_creds_opt */*opt*/, - krb5_enctype */*etype_list*/, - int /*etype_list_length*/); - -void KRB5_LIB_FUNCTION -krb5_get_init_creds_opt_set_forwardable ( - krb5_get_init_creds_opt */*opt*/, - int /*forwardable*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_init_creds_opt_set_pa_password ( - krb5_context /*context*/, - krb5_get_init_creds_opt */*opt*/, - const char */*password*/, - krb5_s2k_proc /*key_proc*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_init_creds_opt_set_pac_request ( - krb5_context /*context*/, - krb5_get_init_creds_opt */*opt*/, - krb5_boolean /*req_pac*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_init_creds_opt_set_pkinit ( - krb5_context /*context*/, - krb5_get_init_creds_opt */*opt*/, - krb5_principal /*principal*/, - const char */*user_id*/, - const char */*x509_anchors*/, - char * const * /*pool*/, - char * const * /*pki_revoke*/, - int /*flags*/, - krb5_prompter_fct /*prompter*/, - void */*prompter_data*/, - char */*password*/); - -void KRB5_LIB_FUNCTION -krb5_get_init_creds_opt_set_preauth_list ( - krb5_get_init_creds_opt */*opt*/, - krb5_preauthtype */*preauth_list*/, - int /*preauth_list_length*/); - -void KRB5_LIB_FUNCTION -krb5_get_init_creds_opt_set_proxiable ( - krb5_get_init_creds_opt */*opt*/, - int /*proxiable*/); - -void KRB5_LIB_FUNCTION -krb5_get_init_creds_opt_set_renew_life ( - krb5_get_init_creds_opt */*opt*/, - krb5_deltat /*renew_life*/); - -void KRB5_LIB_FUNCTION -krb5_get_init_creds_opt_set_salt ( - krb5_get_init_creds_opt */*opt*/, - krb5_data */*salt*/); - -void KRB5_LIB_FUNCTION -krb5_get_init_creds_opt_set_tkt_life ( - krb5_get_init_creds_opt */*opt*/, - krb5_deltat /*tkt_life*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_init_creds_opt_set_win2k ( - krb5_context /*context*/, - krb5_get_init_creds_opt */*opt*/, - krb5_boolean /*req*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_init_creds_password ( - krb5_context /*context*/, - krb5_creds */*creds*/, - krb5_principal /*client*/, - const char */*password*/, - krb5_prompter_fct /*prompter*/, - void */*data*/, - krb5_deltat /*start_time*/, - const char */*in_tkt_service*/, - krb5_get_init_creds_opt */*in_options*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_kdc_cred ( - krb5_context /*context*/, - krb5_ccache /*id*/, - krb5_kdc_flags /*flags*/, - krb5_addresses */*addresses*/, - Ticket */*second_ticket*/, - krb5_creds */*in_creds*/, - krb5_creds **out_creds ); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_kdc_sec_offset ( - krb5_context /*context*/, - int32_t */*sec*/, - int32_t */*usec*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_krb524hst ( - krb5_context /*context*/, - const krb5_realm */*realm*/, - char ***/*hostlist*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_krb_admin_hst ( - krb5_context /*context*/, - const krb5_realm */*realm*/, - char ***/*hostlist*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_krb_changepw_hst ( - krb5_context /*context*/, - const krb5_realm */*realm*/, - char ***/*hostlist*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_krbhst ( - krb5_context /*context*/, - const krb5_realm */*realm*/, - char ***/*hostlist*/); - -time_t KRB5_LIB_FUNCTION -krb5_get_max_time_skew (krb5_context /*context*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_pw_salt ( - krb5_context /*context*/, - krb5_const_principal /*principal*/, - krb5_salt */*salt*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_renewed_creds ( - krb5_context /*context*/, - krb5_creds */*creds*/, - krb5_const_principal /*client*/, - krb5_ccache /*ccache*/, - const char */*in_tkt_service*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_get_server_rcache ( - krb5_context /*context*/, - const krb5_data */*piece*/, - krb5_rcache */*id*/); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_get_use_admin_kdc (krb5_context /*context*/); - -krb5_log_facility * KRB5_LIB_FUNCTION -krb5_get_warn_dest (krb5_context /*context*/); - -size_t -krb5_get_wrapped_length ( - krb5_context /*context*/, - krb5_crypto /*crypto*/, - size_t /*data_len*/); - -int KRB5_LIB_FUNCTION -krb5_getportbyname ( - krb5_context /*context*/, - const char */*service*/, - const char */*proto*/, - int /*default_port*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_h_addr2addr ( - krb5_context /*context*/, - int /*af*/, - const char */*haddr*/, - krb5_address */*addr*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_h_addr2sockaddr ( - krb5_context /*context*/, - int /*af*/, - const char */*addr*/, - struct sockaddr */*sa*/, - krb5_socklen_t */*sa_size*/, - int /*port*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_h_errno_to_heim_errno (int /*eai_errno*/); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_have_error_string (krb5_context /*context*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_hmac ( - krb5_context /*context*/, - krb5_cksumtype /*cktype*/, - const void */*data*/, - size_t /*len*/, - unsigned /*usage*/, - krb5_keyblock */*key*/, - Checksum */*result*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_init_context (krb5_context */*context*/); - -void KRB5_LIB_FUNCTION -krb5_init_ets (krb5_context /*context*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_init_etype ( - krb5_context /*context*/, - unsigned */*len*/, - krb5_enctype **/*val*/, - const krb5_enctype */*etypes*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_initlog ( - krb5_context /*context*/, - const char */*program*/, - krb5_log_facility **/*fac*/); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_is_thread_safe (void); - -const krb5_enctype * KRB5_LIB_FUNCTION -krb5_kerberos_enctypes (krb5_context /*context*/); - -krb5_enctype -krb5_keyblock_get_enctype (const krb5_keyblock */*block*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_keyblock_init ( - krb5_context /*context*/, - krb5_enctype /*type*/, - const void */*data*/, - size_t /*size*/, - krb5_keyblock */*key*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_keyblock_key_proc ( - krb5_context /*context*/, - krb5_keytype /*type*/, - krb5_data */*salt*/, - krb5_const_pointer /*keyseed*/, - krb5_keyblock **/*key*/); - -void KRB5_LIB_FUNCTION -krb5_keyblock_zero (krb5_keyblock */*keyblock*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_keytab_key_proc ( - krb5_context /*context*/, - krb5_enctype /*enctype*/, - krb5_salt /*salt*/, - krb5_const_pointer /*keyseed*/, - krb5_keyblock **/*key*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_keytype_to_enctypes ( - krb5_context /*context*/, - krb5_keytype /*keytype*/, - unsigned */*len*/, - krb5_enctype **/*val*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_keytype_to_enctypes_default ( - krb5_context /*context*/, - krb5_keytype /*keytype*/, - unsigned */*len*/, - krb5_enctype **/*val*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_keytype_to_string ( - krb5_context /*context*/, - krb5_keytype /*keytype*/, - char **/*string*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_krbhst_format_string ( - krb5_context /*context*/, - const krb5_krbhst_info */*host*/, - char */*hostname*/, - size_t /*hostlen*/); - -void KRB5_LIB_FUNCTION -krb5_krbhst_free ( - krb5_context /*context*/, - krb5_krbhst_handle /*handle*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_krbhst_get_addrinfo ( - krb5_context /*context*/, - krb5_krbhst_info */*host*/, - struct addrinfo **/*ai*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_krbhst_init ( - krb5_context /*context*/, - const char */*realm*/, - unsigned int /*type*/, - krb5_krbhst_handle */*handle*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_krbhst_init_flags ( - krb5_context /*context*/, - const char */*realm*/, - unsigned int /*type*/, - int /*flags*/, - krb5_krbhst_handle */*handle*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_krbhst_next ( - krb5_context /*context*/, - krb5_krbhst_handle /*handle*/, - krb5_krbhst_info **/*host*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_krbhst_next_as_string ( - krb5_context /*context*/, - krb5_krbhst_handle /*handle*/, - char */*hostname*/, - size_t /*hostlen*/); - -void KRB5_LIB_FUNCTION -krb5_krbhst_reset ( - krb5_context /*context*/, - krb5_krbhst_handle /*handle*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_kt_add_entry ( - krb5_context /*context*/, - krb5_keytab /*id*/, - krb5_keytab_entry */*entry*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_kt_close ( - krb5_context /*context*/, - krb5_keytab /*id*/); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_kt_compare ( - krb5_context /*context*/, - krb5_keytab_entry */*entry*/, - krb5_const_principal /*principal*/, - krb5_kvno /*vno*/, - krb5_enctype /*enctype*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_kt_copy_entry_contents ( - krb5_context /*context*/, - const krb5_keytab_entry */*in*/, - krb5_keytab_entry */*out*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_kt_default ( - krb5_context /*context*/, - krb5_keytab */*id*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_kt_default_modify_name ( - krb5_context /*context*/, - char */*name*/, - size_t /*namesize*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_kt_default_name ( - krb5_context /*context*/, - char */*name*/, - size_t /*namesize*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_kt_end_seq_get ( - krb5_context /*context*/, - krb5_keytab /*id*/, - krb5_kt_cursor */*cursor*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_kt_free_entry ( - krb5_context /*context*/, - krb5_keytab_entry */*entry*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_kt_get_entry ( - krb5_context /*context*/, - krb5_keytab /*id*/, - krb5_const_principal /*principal*/, - krb5_kvno /*kvno*/, - krb5_enctype /*enctype*/, - krb5_keytab_entry */*entry*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_kt_get_full_name ( - krb5_context /*context*/, - krb5_keytab /*keytab*/, - char **/*str*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_kt_get_name ( - krb5_context /*context*/, - krb5_keytab /*keytab*/, - char */*name*/, - size_t /*namesize*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_kt_get_type ( - krb5_context /*context*/, - krb5_keytab /*keytab*/, - char */*prefix*/, - size_t /*prefixsize*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_kt_next_entry ( - krb5_context /*context*/, - krb5_keytab /*id*/, - krb5_keytab_entry */*entry*/, - krb5_kt_cursor */*cursor*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_kt_read_service_key ( - krb5_context /*context*/, - krb5_pointer /*keyprocarg*/, - krb5_principal /*principal*/, - krb5_kvno /*vno*/, - krb5_enctype /*enctype*/, - krb5_keyblock **/*key*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_kt_register ( - krb5_context /*context*/, - const krb5_kt_ops */*ops*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_kt_remove_entry ( - krb5_context /*context*/, - krb5_keytab /*id*/, - krb5_keytab_entry */*entry*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_kt_resolve ( - krb5_context /*context*/, - const char */*name*/, - krb5_keytab */*id*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_kt_start_seq_get ( - krb5_context /*context*/, - krb5_keytab /*id*/, - krb5_kt_cursor */*cursor*/); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_kuserok ( - krb5_context /*context*/, - krb5_principal /*principal*/, - const char */*luser*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_log ( - krb5_context /*context*/, - krb5_log_facility */*fac*/, - int /*level*/, - const char */*fmt*/, - ...) - __attribute__((format (printf, 4, 5))); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_log_msg ( - krb5_context /*context*/, - krb5_log_facility */*fac*/, - int /*level*/, - char **/*reply*/, - const char */*fmt*/, - ...) - __attribute__((format (printf, 5, 6))); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_make_addrport ( - krb5_context /*context*/, - krb5_address **/*res*/, - const krb5_address */*addr*/, - int16_t /*port*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_make_principal ( - krb5_context /*context*/, - krb5_principal */*principal*/, - krb5_const_realm /*realm*/, - ...); - -size_t KRB5_LIB_FUNCTION -krb5_max_sockaddr_size (void); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_mk_error ( - krb5_context /*context*/, - krb5_error_code /*error_code*/, - const char */*e_text*/, - const krb5_data */*e_data*/, - const krb5_principal /*client*/, - const krb5_principal /*server*/, - time_t */*client_time*/, - int */*client_usec*/, - krb5_data */*reply*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_mk_priv ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - const krb5_data */*userdata*/, - krb5_data */*outbuf*/, - krb5_replay_data */*outdata*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_mk_rep ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - krb5_data */*outbuf*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_mk_req ( - krb5_context /*context*/, - krb5_auth_context */*auth_context*/, - const krb5_flags /*ap_req_options*/, - const char */*service*/, - const char */*hostname*/, - krb5_data */*in_data*/, - krb5_ccache /*ccache*/, - krb5_data */*outbuf*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_mk_req_exact ( - krb5_context /*context*/, - krb5_auth_context */*auth_context*/, - const krb5_flags /*ap_req_options*/, - const krb5_principal /*server*/, - krb5_data */*in_data*/, - krb5_ccache /*ccache*/, - krb5_data */*outbuf*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_mk_req_extended ( - krb5_context /*context*/, - krb5_auth_context */*auth_context*/, - const krb5_flags /*ap_req_options*/, - krb5_data */*in_data*/, - krb5_creds */*in_creds*/, - krb5_data */*outbuf*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_mk_safe ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - const krb5_data */*userdata*/, - krb5_data */*outbuf*/, - krb5_replay_data */*outdata*/); - -krb5_ssize_t KRB5_LIB_FUNCTION -krb5_net_read ( - krb5_context /*context*/, - void */*p_fd*/, - void */*buf*/, - size_t /*len*/); - -krb5_ssize_t KRB5_LIB_FUNCTION -krb5_net_write ( - krb5_context /*context*/, - void */*p_fd*/, - const void */*buf*/, - size_t /*len*/); - -krb5_ssize_t KRB5_LIB_FUNCTION -krb5_net_write_block ( - krb5_context /*context*/, - void */*p_fd*/, - const void */*buf*/, - size_t /*len*/, - time_t /*timeout*/); - -krb5_error_code -krb5_ntlm_alloc ( - krb5_context /*context*/, - krb5_ntlm */*ntlm*/); - -krb5_error_code -krb5_ntlm_free ( - krb5_context /*context*/, - krb5_ntlm /*ntlm*/); - -krb5_error_code -krb5_ntlm_init_get_challange ( - krb5_context /*context*/, - krb5_ntlm /*ntlm*/, - krb5_data */*challange*/); - -krb5_error_code -krb5_ntlm_init_get_flags ( - krb5_context /*context*/, - krb5_ntlm /*ntlm*/, - uint32_t */*flags*/); - -krb5_error_code -krb5_ntlm_init_get_opaque ( - krb5_context /*context*/, - krb5_ntlm /*ntlm*/, - krb5_data */*opaque*/); - -krb5_error_code -krb5_ntlm_init_get_targetinfo ( - krb5_context /*context*/, - krb5_ntlm /*ntlm*/, - krb5_data */*data*/); - -krb5_error_code -krb5_ntlm_init_get_targetname ( - krb5_context /*context*/, - krb5_ntlm /*ntlm*/, - char **/*name*/); - -krb5_error_code -krb5_ntlm_init_request ( - krb5_context /*context*/, - krb5_ntlm /*ntlm*/, - krb5_realm /*realm*/, - krb5_ccache /*ccache*/, - uint32_t /*flags*/, - const char */*hostname*/, - const char */*domainname*/); - -krb5_error_code -krb5_ntlm_rep_get_sessionkey ( - krb5_context /*context*/, - krb5_ntlm /*ntlm*/, - krb5_data */*data*/); - -krb5_boolean -krb5_ntlm_rep_get_status ( - krb5_context /*context*/, - krb5_ntlm /*ntlm*/); - -krb5_error_code -krb5_ntlm_req_set_flags ( - krb5_context /*context*/, - krb5_ntlm /*ntlm*/, - uint32_t /*flags*/); - -krb5_error_code -krb5_ntlm_req_set_lm ( - krb5_context /*context*/, - krb5_ntlm /*ntlm*/, - void */*hash*/, - size_t /*len*/); - -krb5_error_code -krb5_ntlm_req_set_ntlm ( - krb5_context /*context*/, - krb5_ntlm /*ntlm*/, - void */*hash*/, - size_t /*len*/); - -krb5_error_code -krb5_ntlm_req_set_opaque ( - krb5_context /*context*/, - krb5_ntlm /*ntlm*/, - krb5_data */*opaque*/); - -krb5_error_code -krb5_ntlm_req_set_session ( - krb5_context /*context*/, - krb5_ntlm /*ntlm*/, - void */*sessionkey*/, - size_t /*length*/); - -krb5_error_code -krb5_ntlm_req_set_targetname ( - krb5_context /*context*/, - krb5_ntlm /*ntlm*/, - const char */*targetname*/); - -krb5_error_code -krb5_ntlm_req_set_username ( - krb5_context /*context*/, - krb5_ntlm /*ntlm*/, - const char */*username*/); - -krb5_error_code -krb5_ntlm_request ( - krb5_context /*context*/, - krb5_ntlm /*ntlm*/, - krb5_realm /*realm*/, - krb5_ccache /*ccache*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_openlog ( - krb5_context /*context*/, - const char */*program*/, - krb5_log_facility **/*fac*/); - -krb5_error_code -krb5_pac_add_buffer ( - krb5_context /*context*/, - krb5_pac /*p*/, - uint32_t /*type*/, - const krb5_data */*data*/); - -void -krb5_pac_free ( - krb5_context /*context*/, - krb5_pac /*pac*/); - -krb5_error_code -krb5_pac_get_buffer ( - krb5_context /*context*/, - krb5_pac /*p*/, - uint32_t /*type*/, - krb5_data */*data*/); - -krb5_error_code -krb5_pac_get_types ( - krb5_context /*context*/, - krb5_pac /*p*/, - size_t */*len*/, - uint32_t **/*types*/); - -krb5_error_code -krb5_pac_init ( - krb5_context /*context*/, - krb5_pac */*pac*/); - -krb5_error_code -krb5_pac_parse ( - krb5_context /*context*/, - const void */*ptr*/, - size_t /*len*/, - krb5_pac */*pac*/); - -krb5_error_code -krb5_pac_verify ( - krb5_context /*context*/, - const krb5_pac /*pac*/, - time_t /*authtime*/, - krb5_const_principal /*principal*/, - const krb5_keyblock */*server*/, - const krb5_keyblock */*privsvr*/); - -int KRB5_LIB_FUNCTION -krb5_padata_add ( - krb5_context /*context*/, - METHOD_DATA */*md*/, - int /*type*/, - void */*buf*/, - size_t /*len*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_parse_address ( - krb5_context /*context*/, - const char */*string*/, - krb5_addresses */*addresses*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_parse_name ( - krb5_context /*context*/, - const char */*name*/, - krb5_principal */*principal*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_parse_name_flags ( - krb5_context /*context*/, - const char */*name*/, - int /*flags*/, - krb5_principal */*principal*/); - -krb5_error_code -krb5_parse_nametype ( - krb5_context /*context*/, - const char */*str*/, - int32_t */*nametype*/); - -const char* KRB5_LIB_FUNCTION -krb5_passwd_result_to_string ( - krb5_context /*context*/, - int /*result*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_password_key_proc ( - krb5_context /*context*/, - krb5_enctype /*type*/, - krb5_salt /*salt*/, - krb5_const_pointer /*keyseed*/, - krb5_keyblock **/*key*/); - -krb5_error_code -krb5_plugin_register ( - krb5_context /*context*/, - enum krb5_plugin_type /*type*/, - const char */*name*/, - void */*symbol*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_prepend_config_files ( - const char */*filelist*/, - char **/*pq*/, - char ***/*ret_pp*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_prepend_config_files_default ( - const char */*filelist*/, - char ***/*pfilenames*/); - -krb5_realm * KRB5_LIB_FUNCTION -krb5_princ_realm ( - krb5_context /*context*/, - krb5_principal /*principal*/); - -void KRB5_LIB_FUNCTION -krb5_princ_set_realm ( - krb5_context /*context*/, - krb5_principal /*principal*/, - krb5_realm */*realm*/); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_principal_compare ( - krb5_context /*context*/, - krb5_const_principal /*princ1*/, - krb5_const_principal /*princ2*/); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_principal_compare_any_realm ( - krb5_context /*context*/, - krb5_const_principal /*princ1*/, - krb5_const_principal /*princ2*/); - -const char* KRB5_LIB_FUNCTION -krb5_principal_get_comp_string ( - krb5_context /*context*/, - krb5_const_principal /*principal*/, - unsigned int /*component*/); - -const char* KRB5_LIB_FUNCTION -krb5_principal_get_realm ( - krb5_context /*context*/, - krb5_const_principal /*principal*/); - -int KRB5_LIB_FUNCTION -krb5_principal_get_type ( - krb5_context /*context*/, - krb5_const_principal /*principal*/); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_principal_match ( - krb5_context /*context*/, - krb5_const_principal /*princ*/, - krb5_const_principal /*pattern*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_principal_set_realm ( - krb5_context /*context*/, - krb5_principal /*principal*/, - krb5_const_realm /*realm*/); - -void KRB5_LIB_FUNCTION -krb5_principal_set_type ( - krb5_context /*context*/, - krb5_principal /*principal*/, - int /*type*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_print_address ( - const krb5_address */*addr*/, - char */*str*/, - size_t /*len*/, - size_t */*ret_len*/); - -int KRB5_LIB_FUNCTION -krb5_program_setup ( - krb5_context */*context*/, - int /*argc*/, - char **/*argv*/, - struct getargs */*args*/, - int /*num_args*/, - void (*/*usage*/)(int, struct getargs*, int)); - -int KRB5_LIB_FUNCTION -krb5_prompter_posix ( - krb5_context /*context*/, - void */*data*/, - const char */*name*/, - const char */*banner*/, - int /*num_prompts*/, - krb5_prompt prompts[]); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_random_to_key ( - krb5_context /*context*/, - krb5_enctype /*type*/, - const void */*data*/, - size_t /*size*/, - krb5_keyblock */*key*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rc_close ( - krb5_context /*context*/, - krb5_rcache /*id*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rc_default ( - krb5_context /*context*/, - krb5_rcache */*id*/); - -const char* KRB5_LIB_FUNCTION -krb5_rc_default_name (krb5_context /*context*/); - -const char* KRB5_LIB_FUNCTION -krb5_rc_default_type (krb5_context /*context*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rc_destroy ( - krb5_context /*context*/, - krb5_rcache /*id*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rc_expunge ( - krb5_context /*context*/, - krb5_rcache /*id*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rc_get_lifespan ( - krb5_context /*context*/, - krb5_rcache /*id*/, - krb5_deltat */*auth_lifespan*/); - -const char* KRB5_LIB_FUNCTION -krb5_rc_get_name ( - krb5_context /*context*/, - krb5_rcache /*id*/); - -const char* KRB5_LIB_FUNCTION -krb5_rc_get_type ( - krb5_context /*context*/, - krb5_rcache /*id*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rc_initialize ( - krb5_context /*context*/, - krb5_rcache /*id*/, - krb5_deltat /*auth_lifespan*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rc_recover ( - krb5_context /*context*/, - krb5_rcache /*id*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rc_resolve ( - krb5_context /*context*/, - krb5_rcache /*id*/, - const char */*name*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rc_resolve_full ( - krb5_context /*context*/, - krb5_rcache */*id*/, - const char */*string_name*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rc_resolve_type ( - krb5_context /*context*/, - krb5_rcache */*id*/, - const char */*type*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rc_store ( - krb5_context /*context*/, - krb5_rcache /*id*/, - krb5_donot_replay */*rep*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rd_cred ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - krb5_data */*in_data*/, - krb5_creds ***/*ret_creds*/, - krb5_replay_data */*outdata*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rd_cred2 ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - krb5_ccache /*ccache*/, - krb5_data */*in_data*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rd_error ( - krb5_context /*context*/, - const krb5_data */*msg*/, - KRB_ERROR */*result*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rd_priv ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - const krb5_data */*inbuf*/, - krb5_data */*outbuf*/, - krb5_replay_data */*outdata*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rd_rep ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - const krb5_data */*inbuf*/, - krb5_ap_rep_enc_part **/*repl*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rd_req ( - krb5_context /*context*/, - krb5_auth_context */*auth_context*/, - const krb5_data */*inbuf*/, - krb5_const_principal /*server*/, - krb5_keytab /*keytab*/, - krb5_flags */*ap_req_options*/, - krb5_ticket **/*ticket*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rd_req_ctx ( - krb5_context /*context*/, - krb5_auth_context */*auth_context*/, - const krb5_data */*inbuf*/, - krb5_const_principal /*server*/, - krb5_rd_req_in_ctx /*inctx*/, - krb5_rd_req_out_ctx */*outctx*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rd_req_in_ctx_alloc ( - krb5_context /*context*/, - krb5_rd_req_in_ctx */*ctx*/); - -void KRB5_LIB_FUNCTION -krb5_rd_req_in_ctx_free ( - krb5_context /*context*/, - krb5_rd_req_in_ctx /*ctx*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rd_req_in_set_keyblock ( - krb5_context /*context*/, - krb5_rd_req_in_ctx /*in*/, - krb5_keyblock */*keyblock*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rd_req_in_set_keytab ( - krb5_context /*context*/, - krb5_rd_req_in_ctx /*in*/, - krb5_keytab /*keytab*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rd_req_in_set_pac_check ( - krb5_context /*context*/, - krb5_rd_req_in_ctx /*in*/, - krb5_boolean /*flag*/); - -void KRB5_LIB_FUNCTION -krb5_rd_req_out_ctx_free ( - krb5_context /*context*/, - krb5_rd_req_out_ctx /*ctx*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rd_req_out_get_ap_req_options ( - krb5_context /*context*/, - krb5_rd_req_out_ctx /*out*/, - krb5_flags */*ap_req_options*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rd_req_out_get_keyblock ( - krb5_context /*context*/, - krb5_rd_req_out_ctx /*out*/, - krb5_keyblock **/*keyblock*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rd_req_out_get_ticket ( - krb5_context /*context*/, - krb5_rd_req_out_ctx /*out*/, - krb5_ticket **/*ticket*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rd_req_with_keyblock ( - krb5_context /*context*/, - krb5_auth_context */*auth_context*/, - const krb5_data */*inbuf*/, - krb5_const_principal /*server*/, - krb5_keyblock */*keyblock*/, - krb5_flags */*ap_req_options*/, - krb5_ticket **/*ticket*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_rd_safe ( - krb5_context /*context*/, - krb5_auth_context /*auth_context*/, - const krb5_data */*inbuf*/, - krb5_data */*outbuf*/, - krb5_replay_data */*outdata*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_read_message ( - krb5_context /*context*/, - krb5_pointer /*p_fd*/, - krb5_data */*data*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_read_priv_message ( - krb5_context /*context*/, - krb5_auth_context /*ac*/, - krb5_pointer /*p_fd*/, - krb5_data */*data*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_read_safe_message ( - krb5_context /*context*/, - krb5_auth_context /*ac*/, - krb5_pointer /*p_fd*/, - krb5_data */*data*/); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_realm_compare ( - krb5_context /*context*/, - krb5_const_principal /*princ1*/, - krb5_const_principal /*princ2*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_recvauth ( - krb5_context /*context*/, - krb5_auth_context */*auth_context*/, - krb5_pointer /*p_fd*/, - const char */*appl_version*/, - krb5_principal /*server*/, - int32_t /*flags*/, - krb5_keytab /*keytab*/, - krb5_ticket **/*ticket*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_recvauth_match_version ( - krb5_context /*context*/, - krb5_auth_context */*auth_context*/, - krb5_pointer /*p_fd*/, - krb5_boolean (*/*match_appl_version*/)(const void *, const char*), - const void */*match_data*/, - krb5_principal /*server*/, - int32_t /*flags*/, - krb5_keytab /*keytab*/, - krb5_ticket **/*ticket*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_ret_address ( - krb5_storage */*sp*/, - krb5_address */*adr*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_ret_addrs ( - krb5_storage */*sp*/, - krb5_addresses */*adr*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_ret_authdata ( - krb5_storage */*sp*/, - krb5_authdata */*auth*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_ret_creds ( - krb5_storage */*sp*/, - krb5_creds */*creds*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_ret_creds_tag ( - krb5_storage */*sp*/, - krb5_creds */*creds*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_ret_data ( - krb5_storage */*sp*/, - krb5_data */*data*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_ret_int16 ( - krb5_storage */*sp*/, - int16_t */*value*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_ret_int32 ( - krb5_storage */*sp*/, - int32_t */*value*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_ret_int8 ( - krb5_storage */*sp*/, - int8_t */*value*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_ret_keyblock ( - krb5_storage */*sp*/, - krb5_keyblock */*p*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_ret_principal ( - krb5_storage */*sp*/, - krb5_principal */*princ*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_ret_string ( - krb5_storage */*sp*/, - char **/*string*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_ret_stringnl ( - krb5_storage */*sp*/, - char **/*string*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_ret_stringz ( - krb5_storage */*sp*/, - char **/*string*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_ret_times ( - krb5_storage */*sp*/, - krb5_times */*times*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_ret_uint16 ( - krb5_storage */*sp*/, - uint16_t */*value*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_ret_uint32 ( - krb5_storage */*sp*/, - uint32_t */*value*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_ret_uint8 ( - krb5_storage */*sp*/, - uint8_t */*value*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_salttype_to_string ( - krb5_context /*context*/, - krb5_enctype /*etype*/, - krb5_salttype /*stype*/, - char **/*string*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_sendauth ( - krb5_context /*context*/, - krb5_auth_context */*auth_context*/, - krb5_pointer /*p_fd*/, - const char */*appl_version*/, - krb5_principal /*client*/, - krb5_principal /*server*/, - krb5_flags /*ap_req_options*/, - krb5_data */*in_data*/, - krb5_creds */*in_creds*/, - krb5_ccache /*ccache*/, - krb5_error **/*ret_error*/, - krb5_ap_rep_enc_part **/*rep_result*/, - krb5_creds **/*out_creds*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_sendto ( - krb5_context /*context*/, - const krb5_data */*send_data*/, - krb5_krbhst_handle /*handle*/, - krb5_data */*receive*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_sendto_context ( - krb5_context /*context*/, - krb5_sendto_ctx /*ctx*/, - const krb5_data */*send_data*/, - const krb5_realm /*realm*/, - krb5_data */*receive*/); - -void KRB5_LIB_FUNCTION -krb5_sendto_ctx_add_flags ( - krb5_sendto_ctx /*ctx*/, - int /*flags*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_sendto_ctx_alloc ( - krb5_context /*context*/, - krb5_sendto_ctx */*ctx*/); - -void KRB5_LIB_FUNCTION -krb5_sendto_ctx_free ( - krb5_context /*context*/, - krb5_sendto_ctx /*ctx*/); - -int KRB5_LIB_FUNCTION -krb5_sendto_ctx_get_flags (krb5_sendto_ctx /*ctx*/); - -void KRB5_LIB_FUNCTION -krb5_sendto_ctx_set_func ( - krb5_sendto_ctx /*ctx*/, - krb5_sendto_ctx_func /*func*/, - void */*data*/); - -void KRB5_LIB_FUNCTION -krb5_sendto_ctx_set_type ( - krb5_sendto_ctx /*ctx*/, - int /*type*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_sendto_kdc ( - krb5_context /*context*/, - const krb5_data */*send_data*/, - const krb5_realm */*realm*/, - krb5_data */*receive*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_sendto_kdc_flags ( - krb5_context /*context*/, - const krb5_data */*send_data*/, - const krb5_realm */*realm*/, - krb5_data */*receive*/, - int /*flags*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_set_config_files ( - krb5_context /*context*/, - char **/*filenames*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_set_default_in_tkt_etypes ( - krb5_context /*context*/, - const krb5_enctype */*etypes*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_set_default_realm ( - krb5_context /*context*/, - const char */*realm*/); - -void KRB5_LIB_FUNCTION -krb5_set_dns_canonicalize_hostname ( - krb5_context /*context*/, - krb5_boolean /*flag*/); - -void KRB5_LIB_FUNCTION -krb5_set_error_message ( - krb5_context /*context*/, - krb5_error_code /*ret*/, - const char */*fmt*/, - ...) - __attribute__ ((format (printf, 3, 4))); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_set_error_string ( - krb5_context /*context*/, - const char */*fmt*/, - ...) __attribute__((format (printf, 2, 3))) - __attribute__((deprecated)); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_set_extra_addresses ( - krb5_context /*context*/, - const krb5_addresses */*addresses*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_set_fcache_version ( - krb5_context /*context*/, - int /*version*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_set_ignore_addresses ( - krb5_context /*context*/, - const krb5_addresses */*addresses*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_set_kdc_sec_offset ( - krb5_context /*context*/, - int32_t /*sec*/, - int32_t /*usec*/); - -void KRB5_LIB_FUNCTION -krb5_set_max_time_skew ( - krb5_context /*context*/, - time_t /*t*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_set_password ( - krb5_context /*context*/, - krb5_creds */*creds*/, - const char */*newpw*/, - krb5_principal /*targprinc*/, - int */*result_code*/, - krb5_data */*result_code_string*/, - krb5_data */*result_string*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_set_password_using_ccache ( - krb5_context /*context*/, - krb5_ccache /*ccache*/, - const char */*newpw*/, - krb5_principal /*targprinc*/, - int */*result_code*/, - krb5_data */*result_code_string*/, - krb5_data */*result_string*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_set_real_time ( - krb5_context /*context*/, - krb5_timestamp /*sec*/, - int32_t /*usec*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_set_send_to_kdc_func ( - krb5_context /*context*/, - krb5_send_to_kdc_func /*func*/, - void */*data*/); - -void KRB5_LIB_FUNCTION -krb5_set_use_admin_kdc ( - krb5_context /*context*/, - krb5_boolean /*flag*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_set_warn_dest ( - krb5_context /*context*/, - krb5_log_facility */*fac*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_sname_to_principal ( - krb5_context /*context*/, - const char */*hostname*/, - const char */*sname*/, - int32_t /*type*/, - krb5_principal */*ret_princ*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_sock_to_principal ( - krb5_context /*context*/, - int /*sock*/, - const char */*sname*/, - int32_t /*type*/, - krb5_principal */*ret_princ*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_sockaddr2address ( - krb5_context /*context*/, - const struct sockaddr */*sa*/, - krb5_address */*addr*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_sockaddr2port ( - krb5_context /*context*/, - const struct sockaddr */*sa*/, - int16_t */*port*/); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_sockaddr_uninteresting (const struct sockaddr */*sa*/); - -void KRB5_LIB_FUNCTION -krb5_std_usage ( - int /*code*/, - struct getargs */*args*/, - int /*num_args*/); - -void KRB5_LIB_FUNCTION -krb5_storage_clear_flags ( - krb5_storage */*sp*/, - krb5_flags /*flags*/); - -krb5_storage * KRB5_LIB_FUNCTION -krb5_storage_emem (void); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_storage_free (krb5_storage */*sp*/); - -krb5_storage * KRB5_LIB_FUNCTION -krb5_storage_from_data (krb5_data */*data*/); - -krb5_storage * KRB5_LIB_FUNCTION -krb5_storage_from_fd (int /*fd*/); - -krb5_storage * KRB5_LIB_FUNCTION -krb5_storage_from_mem ( - void */*buf*/, - size_t /*len*/); - -krb5_storage * KRB5_LIB_FUNCTION -krb5_storage_from_readonly_mem ( - const void */*buf*/, - size_t /*len*/); - -krb5_flags KRB5_LIB_FUNCTION -krb5_storage_get_byteorder ( - krb5_storage */*sp*/, - krb5_flags /*byteorder*/); - -krb5_boolean KRB5_LIB_FUNCTION -krb5_storage_is_flags ( - krb5_storage */*sp*/, - krb5_flags /*flags*/); - -krb5_ssize_t KRB5_LIB_FUNCTION -krb5_storage_read ( - krb5_storage */*sp*/, - void */*buf*/, - size_t /*len*/); - -off_t KRB5_LIB_FUNCTION -krb5_storage_seek ( - krb5_storage */*sp*/, - off_t /*offset*/, - int /*whence*/); - -void KRB5_LIB_FUNCTION -krb5_storage_set_byteorder ( - krb5_storage */*sp*/, - krb5_flags /*byteorder*/); - -void KRB5_LIB_FUNCTION -krb5_storage_set_eof_code ( - krb5_storage */*sp*/, - int /*code*/); - -void KRB5_LIB_FUNCTION -krb5_storage_set_flags ( - krb5_storage */*sp*/, - krb5_flags /*flags*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_storage_to_data ( - krb5_storage */*sp*/, - krb5_data */*data*/); - -krb5_ssize_t KRB5_LIB_FUNCTION -krb5_storage_write ( - krb5_storage */*sp*/, - const void */*buf*/, - size_t /*len*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_store_address ( - krb5_storage */*sp*/, - krb5_address /*p*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_store_addrs ( - krb5_storage */*sp*/, - krb5_addresses /*p*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_store_authdata ( - krb5_storage */*sp*/, - krb5_authdata /*auth*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_store_creds ( - krb5_storage */*sp*/, - krb5_creds */*creds*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_store_creds_tag ( - krb5_storage */*sp*/, - krb5_creds */*creds*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_store_data ( - krb5_storage */*sp*/, - krb5_data /*data*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_store_int16 ( - krb5_storage */*sp*/, - int16_t /*value*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_store_int32 ( - krb5_storage */*sp*/, - int32_t /*value*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_store_int8 ( - krb5_storage */*sp*/, - int8_t /*value*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_store_keyblock ( - krb5_storage */*sp*/, - krb5_keyblock /*p*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_store_principal ( - krb5_storage */*sp*/, - krb5_const_principal /*p*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_store_string ( - krb5_storage */*sp*/, - const char */*s*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_store_stringnl ( - krb5_storage */*sp*/, - const char */*s*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_store_stringz ( - krb5_storage */*sp*/, - const char */*s*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_store_times ( - krb5_storage */*sp*/, - krb5_times /*times*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_store_uint16 ( - krb5_storage */*sp*/, - uint16_t /*value*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_store_uint32 ( - krb5_storage */*sp*/, - uint32_t /*value*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_store_uint8 ( - krb5_storage */*sp*/, - uint8_t /*value*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_string_to_deltat ( - const char */*string*/, - krb5_deltat */*deltat*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_string_to_enctype ( - krb5_context /*context*/, - const char */*string*/, - krb5_enctype */*etype*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_string_to_key ( - krb5_context /*context*/, - krb5_enctype /*enctype*/, - const char */*password*/, - krb5_principal /*principal*/, - krb5_keyblock */*key*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_string_to_key_data ( - krb5_context /*context*/, - krb5_enctype /*enctype*/, - krb5_data /*password*/, - krb5_principal /*principal*/, - krb5_keyblock */*key*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_string_to_key_data_salt ( - krb5_context /*context*/, - krb5_enctype /*enctype*/, - krb5_data /*password*/, - krb5_salt /*salt*/, - krb5_keyblock */*key*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_string_to_key_data_salt_opaque ( - krb5_context /*context*/, - krb5_enctype /*enctype*/, - krb5_data /*password*/, - krb5_salt /*salt*/, - krb5_data /*opaque*/, - krb5_keyblock */*key*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_string_to_key_derived ( - krb5_context /*context*/, - const void */*str*/, - size_t /*len*/, - krb5_enctype /*etype*/, - krb5_keyblock */*key*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_string_to_key_salt ( - krb5_context /*context*/, - krb5_enctype /*enctype*/, - const char */*password*/, - krb5_salt /*salt*/, - krb5_keyblock */*key*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_string_to_key_salt_opaque ( - krb5_context /*context*/, - krb5_enctype /*enctype*/, - const char */*password*/, - krb5_salt /*salt*/, - krb5_data /*opaque*/, - krb5_keyblock */*key*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_string_to_keytype ( - krb5_context /*context*/, - const char */*string*/, - krb5_keytype */*keytype*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_string_to_salttype ( - krb5_context /*context*/, - krb5_enctype /*etype*/, - const char */*string*/, - krb5_salttype */*salttype*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_ticket_get_authorization_data_type ( - krb5_context /*context*/, - krb5_ticket */*ticket*/, - int /*type*/, - krb5_data */*data*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_ticket_get_client ( - krb5_context /*context*/, - const krb5_ticket */*ticket*/, - krb5_principal */*client*/); - -time_t KRB5_LIB_FUNCTION -krb5_ticket_get_endtime ( - krb5_context /*context*/, - const krb5_ticket */*ticket*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_ticket_get_server ( - krb5_context /*context*/, - const krb5_ticket */*ticket*/, - krb5_principal */*server*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_timeofday ( - krb5_context /*context*/, - krb5_timestamp */*timeret*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_unparse_name ( - krb5_context /*context*/, - krb5_const_principal /*principal*/, - char **/*name*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_unparse_name_fixed ( - krb5_context /*context*/, - krb5_const_principal /*principal*/, - char */*name*/, - size_t /*len*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_unparse_name_fixed_flags ( - krb5_context /*context*/, - krb5_const_principal /*principal*/, - int /*flags*/, - char */*name*/, - size_t /*len*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_unparse_name_fixed_short ( - krb5_context /*context*/, - krb5_const_principal /*principal*/, - char */*name*/, - size_t /*len*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_unparse_name_flags ( - krb5_context /*context*/, - krb5_const_principal /*principal*/, - int /*flags*/, - char **/*name*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_unparse_name_short ( - krb5_context /*context*/, - krb5_const_principal /*principal*/, - char **/*name*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_us_timeofday ( - krb5_context /*context*/, - krb5_timestamp */*sec*/, - int32_t */*usec*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_vabort ( - krb5_context /*context*/, - krb5_error_code /*code*/, - const char */*fmt*/, - va_list /*ap*/) - __attribute__ ((noreturn, format (printf, 3, 0))); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_vabortx ( - krb5_context /*context*/, - const char */*fmt*/, - va_list /*ap*/) - __attribute__ ((noreturn, format (printf, 2, 0))); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_verify_ap_req ( - krb5_context /*context*/, - krb5_auth_context */*auth_context*/, - krb5_ap_req */*ap_req*/, - krb5_const_principal /*server*/, - krb5_keyblock */*keyblock*/, - krb5_flags /*flags*/, - krb5_flags */*ap_req_options*/, - krb5_ticket **/*ticket*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_verify_ap_req2 ( - krb5_context /*context*/, - krb5_auth_context */*auth_context*/, - krb5_ap_req */*ap_req*/, - krb5_const_principal /*server*/, - krb5_keyblock */*keyblock*/, - krb5_flags /*flags*/, - krb5_flags */*ap_req_options*/, - krb5_ticket **/*ticket*/, - krb5_key_usage /*usage*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_verify_authenticator_checksum ( - krb5_context /*context*/, - krb5_auth_context /*ac*/, - void */*data*/, - size_t /*len*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_verify_checksum ( - krb5_context /*context*/, - krb5_crypto /*crypto*/, - krb5_key_usage /*usage*/, - void */*data*/, - size_t /*len*/, - Checksum */*cksum*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_verify_init_creds ( - krb5_context /*context*/, - krb5_creds */*creds*/, - krb5_principal /*ap_req_server*/, - krb5_keytab /*ap_req_keytab*/, - krb5_ccache */*ccache*/, - krb5_verify_init_creds_opt */*options*/); - -void KRB5_LIB_FUNCTION -krb5_verify_init_creds_opt_init (krb5_verify_init_creds_opt */*options*/); - -void KRB5_LIB_FUNCTION -krb5_verify_init_creds_opt_set_ap_req_nofail ( - krb5_verify_init_creds_opt */*options*/, - int /*ap_req_nofail*/); - -int KRB5_LIB_FUNCTION -krb5_verify_opt_alloc ( - krb5_context /*context*/, - krb5_verify_opt **/*opt*/); - -void KRB5_LIB_FUNCTION -krb5_verify_opt_free (krb5_verify_opt */*opt*/); - -void KRB5_LIB_FUNCTION -krb5_verify_opt_init (krb5_verify_opt */*opt*/); - -void KRB5_LIB_FUNCTION -krb5_verify_opt_set_ccache ( - krb5_verify_opt */*opt*/, - krb5_ccache /*ccache*/); - -void KRB5_LIB_FUNCTION -krb5_verify_opt_set_flags ( - krb5_verify_opt */*opt*/, - unsigned int /*flags*/); - -void KRB5_LIB_FUNCTION -krb5_verify_opt_set_keytab ( - krb5_verify_opt */*opt*/, - krb5_keytab /*keytab*/); - -void KRB5_LIB_FUNCTION -krb5_verify_opt_set_secure ( - krb5_verify_opt */*opt*/, - krb5_boolean /*secure*/); - -void KRB5_LIB_FUNCTION -krb5_verify_opt_set_service ( - krb5_verify_opt */*opt*/, - const char */*service*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_verify_user ( - krb5_context /*context*/, - krb5_principal /*principal*/, - krb5_ccache /*ccache*/, - const char */*password*/, - krb5_boolean /*secure*/, - const char */*service*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_verify_user_lrealm ( - krb5_context /*context*/, - krb5_principal /*principal*/, - krb5_ccache /*ccache*/, - const char */*password*/, - krb5_boolean /*secure*/, - const char */*service*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_verify_user_opt ( - krb5_context /*context*/, - krb5_principal /*principal*/, - const char */*password*/, - krb5_verify_opt */*opt*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_verr ( - krb5_context /*context*/, - int /*eval*/, - krb5_error_code /*code*/, - const char */*fmt*/, - va_list /*ap*/) - __attribute__ ((noreturn, format (printf, 4, 0))); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_verrx ( - krb5_context /*context*/, - int /*eval*/, - const char */*fmt*/, - va_list /*ap*/) - __attribute__ ((noreturn, format (printf, 3, 0))); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_vlog ( - krb5_context /*context*/, - krb5_log_facility */*fac*/, - int /*level*/, - const char */*fmt*/, - va_list /*ap*/) - __attribute__((format (printf, 4, 0))); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_vlog_msg ( - krb5_context /*context*/, - krb5_log_facility */*fac*/, - char **/*reply*/, - int /*level*/, - const char */*fmt*/, - va_list /*ap*/) - __attribute__((format (printf, 5, 0))); - -void KRB5_LIB_FUNCTION -krb5_vset_error_message ( - krb5_context /*context*/, - krb5_error_code /*ret*/, - const char */*fmt*/, - va_list /*args*/) - __attribute__ ((format (printf, 3, 0))); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_vset_error_string ( - krb5_context /*context*/, - const char */*fmt*/, - va_list args) __attribute__ ((format (printf, 2, 0))) - __attribute__((deprecated)); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_vwarn ( - krb5_context /*context*/, - krb5_error_code /*code*/, - const char */*fmt*/, - va_list /*ap*/) - __attribute__ ((format (printf, 3, 0))); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_vwarnx ( - krb5_context /*context*/, - const char */*fmt*/, - va_list /*ap*/) - __attribute__ ((format (printf, 2, 0))); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_warn ( - krb5_context /*context*/, - krb5_error_code /*code*/, - const char */*fmt*/, - ...) - __attribute__ ((format (printf, 3, 4))); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_warnx ( - krb5_context /*context*/, - const char */*fmt*/, - ...) - __attribute__ ((format (printf, 2, 3))); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_write_message ( - krb5_context /*context*/, - krb5_pointer /*p_fd*/, - krb5_data */*data*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_write_priv_message ( - krb5_context /*context*/, - krb5_auth_context /*ac*/, - krb5_pointer /*p_fd*/, - krb5_data */*data*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_write_safe_message ( - krb5_context /*context*/, - krb5_auth_context /*ac*/, - krb5_pointer /*p_fd*/, - krb5_data */*data*/); - -krb5_error_code KRB5_LIB_FUNCTION -krb5_xfree (void */*ptr*/); - -void KRB5_LIB_FUNCTION - __attribute__((deprecated)) krb5_free_error_string(krb5_context context, char *str); - -#ifdef __cplusplus -} -#endif - -#endif /* __krb5_protos_h__ */ diff --git a/source4/heimdal/lib/krb5/krb5-v4compat.h b/source4/heimdal/lib/krb5/krb5-v4compat.h index dfd7e94460..9470f10337 100644 --- a/source4/heimdal/lib/krb5/krb5-v4compat.h +++ b/source4/heimdal/lib/krb5/krb5-v4compat.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5-v4compat.h 21575 2007-07-16 07:44:54Z lha $ */ +/* $Id$ */ #ifndef __KRB5_V4COMPAT_H__ #define __KRB5_V4COMPAT_H__ diff --git a/source4/heimdal/lib/krb5/krb5.h b/source4/heimdal/lib/krb5/krb5.h index b1e2781d52..aedabcc350 100644 --- a/source4/heimdal/lib/krb5/krb5.h +++ b/source4/heimdal/lib/krb5/krb5.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5.h 23026 2008-04-17 10:02:03Z lha $ */ +/* $Id$ */ #ifndef __KRB5_H__ #define __KRB5_H__ @@ -761,6 +761,28 @@ struct credentials; /* this is to keep the compiler happy */ struct getargs; struct sockaddr; +/** + * Semi private, not stable yet + */ + +typedef struct krb5_crypto_iov { + unsigned int flags; + /* ignored */ +#define KRB5_CRYPTO_TYPE_EMPTY 0 + /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_HEADER) */ +#define KRB5_CRYPTO_TYPE_HEADER 1 + /* IN and OUT */ +#define KRB5_CRYPTO_TYPE_DATA 2 + /* IN */ +#define KRB5_CRYPTO_TYPE_SIGN_ONLY 3 + /* (only for encryption) OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_TRAILER) */ +#define KRB5_CRYPTO_TYPE_PADDING 4 + /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_TRAILER) */ +#define KRB5_CRYPTO_TYPE_TRAILER 5 + krb5_data data; +} krb5_crypto_iov; + + #include <krb5-protos.h> /* variables */ diff --git a/source4/heimdal/lib/krb5/krb5_ccapi.h b/source4/heimdal/lib/krb5/krb5_ccapi.h index 59a38425c2..7a8ac584a1 100644 --- a/source4/heimdal/lib/krb5/krb5_ccapi.h +++ b/source4/heimdal/lib/krb5/krb5_ccapi.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5_ccapi.h 22090 2007-12-02 23:23:43Z lha $ */ +/* $Id$ */ #ifndef KRB5_CCAPI_H #define KRB5_CCAPI_H 1 diff --git a/source4/heimdal/lib/krb5/krb5_err.et b/source4/heimdal/lib/krb5/krb5_err.et index 8e49ffcc4a..c076992d0b 100644 --- a/source4/heimdal/lib/krb5/krb5_err.et +++ b/source4/heimdal/lib/krb5/krb5_err.et @@ -3,7 +3,7 @@ # # This might look like a com_err file, but is not # -id "$Id: krb5_err.et 23354 2008-07-15 11:23:34Z lha $" +id "$Id$" error_table krb5 @@ -110,7 +110,7 @@ error_code PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED, "Public key encryption not suppo index 128 prefix -error_code KRB5_ERR_RCSID, "$Id: krb5_err.et 23354 2008-07-15 11:23:34Z lha $" +error_code KRB5_ERR_RCSID, "$Id$" error_code KRB5_LIBOS_BADLOCKFLAG, "Invalid flag for file lock mode" error_code KRB5_LIBOS_CANTREADPWD, "Cannot read password" diff --git a/source4/heimdal/lib/krb5/krb5_locl.h b/source4/heimdal/lib/krb5/krb5_locl.h index aaabd4541b..73075bf56c 100644 --- a/source4/heimdal/lib/krb5/krb5_locl.h +++ b/source4/heimdal/lib/krb5/krb5_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: krb5_locl.h 23324 2008-06-26 03:54:45Z lha $ */ +/* $Id$ */ #ifndef __KRB5_LOCL_H__ #define __KRB5_LOCL_H__ @@ -133,6 +133,7 @@ struct sockaddr_dl; #include <wind.h> +#define HC_DEPRECATED_CRYPTO #include "crypto-headers.h" @@ -176,6 +177,15 @@ struct _krb5_krb_auth_data; #define O_BINARY 0 #endif +#ifndef O_CLOEXEC +#define O_CLOEXEC 0 +#endif + +#ifndef SOCK_CLOEXEC +#define SOCK_CLOEXEC 0 +#endif + + #define KRB5_BUFSIZ 1024 typedef enum { diff --git a/source4/heimdal/lib/krb5/krbhst.c b/source4/heimdal/lib/krb5/krbhst.c index 3514a026b7..8e49818c50 100644 --- a/source4/heimdal/lib/krb5/krbhst.c +++ b/source4/heimdal/lib/krb5/krbhst.c @@ -35,7 +35,7 @@ #include <resolve.h> #include "locate_plugin.h" -RCSID("$Id: krbhst.c 23447 2008-07-27 12:09:05Z lha $"); +RCSID("$Id$"); static int string_to_proto(const char *string) diff --git a/source4/heimdal/lib/krb5/locate_plugin.h b/source4/heimdal/lib/krb5/locate_plugin.h index a342617d38..baca037ebc 100644 --- a/source4/heimdal/lib/krb5/locate_plugin.h +++ b/source4/heimdal/lib/krb5/locate_plugin.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: locate_plugin.h 23351 2008-07-15 11:22:39Z lha $ */ +/* $Id$ */ #ifndef HEIMDAL_KRB5_LOCATE_PLUGIN_H #define HEIMDAL_KRB5_LOCATE_PLUGIN_H 1 diff --git a/source4/heimdal/lib/krb5/log.c b/source4/heimdal/lib/krb5/log.c index 721e3691ca..2ed061c80b 100644 --- a/source4/heimdal/lib/krb5/log.c +++ b/source4/heimdal/lib/krb5/log.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: log.c 23443 2008-07-27 12:07:25Z lha $"); +RCSID("$Id$"); struct facility { int min; @@ -358,12 +358,12 @@ krb5_openlog(krb5_context context, if(p == NULL) p = krb5_config_get_strings(context, NULL, "logging", "default", NULL); if(p){ - for(q = p; *q; q++) + for(q = p; *q && ret == 0; q++) ret = krb5_addlog_dest(context, *fac, *q); krb5_config_free_strings(p); }else ret = krb5_addlog_dest(context, *fac, "SYSLOG"); - return 0; + return ret; } krb5_error_code KRB5_LIB_FUNCTION diff --git a/source4/heimdal/lib/krb5/mcache.c b/source4/heimdal/lib/krb5/mcache.c index 682f9f6abd..3f26b27a46 100644 --- a/source4/heimdal/lib/krb5/mcache.c +++ b/source4/heimdal/lib/krb5/mcache.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: mcache.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); typedef struct krb5_mcache { char *name; diff --git a/source4/heimdal/lib/krb5/misc.c b/source4/heimdal/lib/krb5/misc.c index 8050bdb9b4..1ed4f08d77 100644 --- a/source4/heimdal/lib/krb5/misc.c +++ b/source4/heimdal/lib/krb5/misc.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: misc.c 21174 2007-06-19 10:10:58Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION _krb5_s4u2self_to_checksumdata(krb5_context context, diff --git a/source4/heimdal/lib/krb5/mit_glue.c b/source4/heimdal/lib/krb5/mit_glue.c index 7440d54762..c157c5d365 100755..100644 --- a/source4/heimdal/lib/krb5/mit_glue.c +++ b/source4/heimdal/lib/krb5/mit_glue.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: mit_glue.c 20042 2007-01-23 20:37:43Z lha $"); +RCSID("$Id$"); /* * Glue for MIT API diff --git a/source4/heimdal/lib/krb5/mk_error.c b/source4/heimdal/lib/krb5/mk_error.c index 7046649934..d4c3867edd 100644 --- a/source4/heimdal/lib/krb5/mk_error.c +++ b/source4/heimdal/lib/krb5/mk_error.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: mk_error.c 15457 2005-06-16 21:16:40Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION krb5_mk_error(krb5_context context, diff --git a/source4/heimdal/lib/krb5/mk_priv.c b/source4/heimdal/lib/krb5/mk_priv.c index 3b4b6e30b7..a1a9ea4dff 100644 --- a/source4/heimdal/lib/krb5/mk_priv.c +++ b/source4/heimdal/lib/krb5/mk_priv.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: mk_priv.c 23297 2008-06-23 03:28:53Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION diff --git a/source4/heimdal/lib/krb5/mk_rep.c b/source4/heimdal/lib/krb5/mk_rep.c index 069df42e26..65c97b5803 100644 --- a/source4/heimdal/lib/krb5/mk_rep.c +++ b/source4/heimdal/lib/krb5/mk_rep.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: mk_rep.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION krb5_mk_rep(krb5_context context, diff --git a/source4/heimdal/lib/krb5/mk_req.c b/source4/heimdal/lib/krb5/mk_req.c index 5f64f01e95..1068aaa668 100644 --- a/source4/heimdal/lib/krb5/mk_req.c +++ b/source4/heimdal/lib/krb5/mk_req.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: mk_req.c 13863 2004-05-25 21:46:46Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION krb5_mk_req_exact(krb5_context context, diff --git a/source4/heimdal/lib/krb5/mk_req_ext.c b/source4/heimdal/lib/krb5/mk_req_ext.c index b6d55c8815..645dadee22 100644 --- a/source4/heimdal/lib/krb5/mk_req_ext.c +++ b/source4/heimdal/lib/krb5/mk_req_ext.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: mk_req_ext.c 19511 2006-12-27 12:07:22Z lha $"); +RCSID("$Id$"); krb5_error_code _krb5_mk_req_internal(krb5_context context, diff --git a/source4/heimdal/lib/krb5/n-fold.c b/source4/heimdal/lib/krb5/n-fold.c index 287f8cf64f..147f6aeac7 100644 --- a/source4/heimdal/lib/krb5/n-fold.c +++ b/source4/heimdal/lib/krb5/n-fold.c @@ -32,7 +32,7 @@ #include "krb5_locl.h" -RCSID("$Id: n-fold.c 22923 2008-04-08 14:51:33Z lha $"); +RCSID("$Id$"); static krb5_error_code rr13(unsigned char *buf, size_t len) diff --git a/source4/heimdal/lib/krb5/pac.c b/source4/heimdal/lib/krb5/pac.c index fbc754efda..9a145c48e6 100644 --- a/source4/heimdal/lib/krb5/pac.c +++ b/source4/heimdal/lib/krb5/pac.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include <wind.h> -RCSID("$Id: pac.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); struct PAC_INFO_BUFFER { uint32_t type; @@ -324,20 +324,6 @@ krb5_pac_get_buffer(krb5_context context, krb5_pac p, krb5_error_code ret; uint32_t i; - /* - * Hide the checksums from external consumers - */ - - if (type == PAC_PRIVSVR_CHECKSUM || type == PAC_SERVER_CHECKSUM) { - ret = krb5_data_alloc(data, 16); - if (ret) { - krb5_set_error_message(context, ret, "malloc: out of memory"); - return ret; - } - memset(data->data, 0, data->length); - return 0; - } - for (i = 0; i < p->pac->numbuffers; i++) { size_t len = p->pac->buffers[i].buffersize; size_t offset = p->pac->buffers[i].offset_lo; @@ -819,7 +805,7 @@ pac_checksum(krb5_context context, return ret; ret = krb5_crypto_get_checksum_type(context, crypto, &cktype); - ret = krb5_crypto_destroy(context, crypto); + krb5_crypto_destroy(context, crypto); if (ret) return ret; diff --git a/source4/heimdal/lib/krb5/padata.c b/source4/heimdal/lib/krb5/padata.c index 9dc3fe69a5..2cd3c18287 100644 --- a/source4/heimdal/lib/krb5/padata.c +++ b/source4/heimdal/lib/krb5/padata.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: padata.c 23300 2008-06-23 03:29:22Z lha $"); +RCSID("$Id$"); PA_DATA * krb5_find_padata(PA_DATA *val, unsigned len, int type, int *idx) diff --git a/source4/heimdal/lib/krb5/pkinit.c b/source4/heimdal/lib/krb5/pkinit.c index 1e82971c6e..634ef26c7f 100755..100644 --- a/source4/heimdal/lib/krb5/pkinit.c +++ b/source4/heimdal/lib/krb5/pkinit.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: pkinit.c 23450 2008-07-27 12:10:10Z lha $"); +RCSID("$Id$"); struct krb5_dh_moduli { char *name; @@ -381,7 +381,7 @@ build_auth_pack(krb5_context context, ret = krb5_data_alloc(a->clientDHNonce, 40); if (a->clientDHNonce == NULL) { krb5_clear_error_string(context); - return ENOMEM; + return ret; } memset(a->clientDHNonce->data, 0, a->clientDHNonce->length); ret = krb5_copy_data(context, a->clientDHNonce, diff --git a/source4/heimdal/lib/krb5/plugin.c b/source4/heimdal/lib/krb5/plugin.c index 8dda27fa59..fb1ee32285 100644 --- a/source4/heimdal/lib/krb5/plugin.c +++ b/source4/heimdal/lib/krb5/plugin.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: plugin.c 23451 2008-07-27 12:10:30Z lha $"); +RCSID("$Id$"); #ifdef HAVE_DLFCN_H #include <dlfcn.h> #endif diff --git a/source4/heimdal/lib/krb5/principal.c b/source4/heimdal/lib/krb5/principal.c index 0d6d72dbcf..3a1d184c3d 100644 --- a/source4/heimdal/lib/krb5/principal.c +++ b/source4/heimdal/lib/krb5/principal.c @@ -57,7 +57,7 @@ host/admin@H5L.ORG #include <fnmatch.h> #include "resolve.h" -RCSID("$Id: principal.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); #define princ_num_comp(P) ((P)->name.name_string.len) #define princ_type(P) ((P)->name.name_type) @@ -1259,7 +1259,14 @@ krb5_sname_to_principal (krb5_context context, return KRB5_SNAME_UNSUPP_NAMETYPE; } if(hostname == NULL) { - gethostname(localhost, sizeof(localhost)); + ret = gethostname(localhost, sizeof(localhost) - 1); + if (ret != 0) { + ret = errno; + krb5_set_error_message(context, ret, + "Failed to get local hostname"); + return ret; + } + localhost[sizeof(localhost) - 1] = '\0'; hostname = localhost; } if(sname == NULL) diff --git a/source4/heimdal/lib/krb5/prompter_posix.c b/source4/heimdal/lib/krb5/prompter_posix.c index e0f407fb24..840bb328ca 100644 --- a/source4/heimdal/lib/krb5/prompter_posix.c +++ b/source4/heimdal/lib/krb5/prompter_posix.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: prompter_posix.c 13863 2004-05-25 21:46:46Z lha $"); +RCSID("$Id$"); int KRB5_LIB_FUNCTION krb5_prompter_posix (krb5_context context, diff --git a/source4/heimdal/lib/krb5/rd_cred.c b/source4/heimdal/lib/krb5/rd_cred.c index 26aa3f2d79..e2807c20d0 100644 --- a/source4/heimdal/lib/krb5/rd_cred.c +++ b/source4/heimdal/lib/krb5/rd_cred.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: rd_cred.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); static krb5_error_code compare_addrs(krb5_context context, diff --git a/source4/heimdal/lib/krb5/rd_error.c b/source4/heimdal/lib/krb5/rd_error.c index 9e50af539a..9f23d8df29 100644 --- a/source4/heimdal/lib/krb5/rd_error.c +++ b/source4/heimdal/lib/krb5/rd_error.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: rd_error.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION krb5_rd_error(krb5_context context, diff --git a/source4/heimdal/lib/krb5/rd_priv.c b/source4/heimdal/lib/krb5/rd_priv.c index ed7a2ccc52..da8f44febb 100644 --- a/source4/heimdal/lib/krb5/rd_priv.c +++ b/source4/heimdal/lib/krb5/rd_priv.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: rd_priv.c 21751 2007-07-31 20:42:20Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION krb5_rd_priv(krb5_context context, @@ -50,14 +50,18 @@ krb5_rd_priv(krb5_context context, krb5_keyblock *key; krb5_crypto crypto; - if (outbuf) - krb5_data_zero(outbuf); + krb5_data_zero(outbuf); if ((auth_context->flags & - (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) && - outdata == NULL) { - krb5_clear_error_string (context); - return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */ + (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE))) + { + if (outdata == NULL) { + krb5_clear_error_string (context); + return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */ + } + /* if these fields are not present in the priv-part, silently + return zero */ + memset(outdata, 0, sizeof(*outdata)); } memset(&priv, 0, sizeof(priv)); @@ -165,9 +169,6 @@ krb5_rd_priv(krb5_context context, if ((auth_context->flags & (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE))) { - /* if these fields are not present in the priv-part, silently - return zero */ - memset(outdata, 0, sizeof(*outdata)); if(part.timestamp) outdata->timestamp = *part.timestamp; if(part.usec) diff --git a/source4/heimdal/lib/krb5/rd_rep.c b/source4/heimdal/lib/krb5/rd_rep.c index 0e6e3d09af..846de26c60 100644 --- a/source4/heimdal/lib/krb5/rd_rep.c +++ b/source4/heimdal/lib/krb5/rd_rep.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: rd_rep.c 23304 2008-06-23 03:29:56Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION krb5_rd_rep(krb5_context context, diff --git a/source4/heimdal/lib/krb5/rd_req.c b/source4/heimdal/lib/krb5/rd_req.c index ddf1f69ae4..ef91f9fdd6 100644 --- a/source4/heimdal/lib/krb5/rd_req.c +++ b/source4/heimdal/lib/krb5/rd_req.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: rd_req.c 23415 2008-07-26 18:35:44Z lha $"); +RCSID("$Id$"); static krb5_error_code decrypt_tkt_enc_part (krb5_context context, diff --git a/source4/heimdal/lib/krb5/replay.c b/source4/heimdal/lib/krb5/replay.c index 7639bfa2ce..cd717f27ac 100644 --- a/source4/heimdal/lib/krb5/replay.c +++ b/source4/heimdal/lib/krb5/replay.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include <vis.h> -RCSID("$Id: replay.c 23467 2008-07-27 12:16:37Z lha $"); +RCSID("$Id$"); struct krb5_rcache_data { char *name; diff --git a/source4/heimdal/lib/krb5/send_to_kdc.c b/source4/heimdal/lib/krb5/send_to_kdc.c index 1ddb5afd1f..45b728aa6c 100644 --- a/source4/heimdal/lib/krb5/send_to_kdc.c +++ b/source4/heimdal/lib/krb5/send_to_kdc.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include "send_to_kdc_plugin.h" -RCSID("$Id: send_to_kdc.c 23448 2008-07-27 12:09:22Z lha $"); +RCSID("$Id$"); struct send_to_kdc { krb5_send_to_kdc_func func; @@ -288,7 +288,7 @@ send_via_proxy (krb5_context context, return krb5_eai_to_heim_errno(ret, errno); for (a = ai; a != NULL; a = a->ai_next) { - s = socket (a->ai_family, a->ai_socktype, a->ai_protocol); + s = socket (a->ai_family, a->ai_socktype, a->ai_protocol | SOCK_CLOEXEC); if (s < 0) continue; rk_cloexec(s); @@ -411,7 +411,7 @@ krb5_sendto (krb5_context context, continue; for (a = ai; a != NULL; a = a->ai_next) { - fd = socket (a->ai_family, a->ai_socktype, a->ai_protocol); + fd = socket (a->ai_family, a->ai_socktype | SOCK_CLOEXEC, a->ai_protocol); if (fd < 0) continue; rk_cloexec(fd); diff --git a/source4/heimdal/lib/krb5/set_default_realm.c b/source4/heimdal/lib/krb5/set_default_realm.c index 55abf2ea7d..c21ac453a2 100644 --- a/source4/heimdal/lib/krb5/set_default_realm.c +++ b/source4/heimdal/lib/krb5/set_default_realm.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: set_default_realm.c 23309 2008-06-23 03:30:41Z lha $"); +RCSID("$Id$"); /* * Convert the simple string `s' into a NULL-terminated and freshly allocated diff --git a/source4/heimdal/lib/krb5/store.c b/source4/heimdal/lib/krb5/store.c index c9cbbb5cef..321ca633a6 100644 --- a/source4/heimdal/lib/krb5/store.c +++ b/source4/heimdal/lib/krb5/store.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include "store-int.h" -RCSID("$Id: store.c 22071 2007-11-14 20:04:50Z lha $"); +RCSID("$Id$"); #define BYTEORDER_IS(SP, V) (((SP)->flags & KRB5_STORAGE_BYTEORDER_MASK) == (V)) #define BYTEORDER_IS_LE(SP) BYTEORDER_IS((SP), KRB5_STORAGE_BYTEORDER_LE) diff --git a/source4/heimdal/lib/krb5/store_emem.c b/source4/heimdal/lib/krb5/store_emem.c index c38c1b53c3..3cb561ec77 100644 --- a/source4/heimdal/lib/krb5/store_emem.c +++ b/source4/heimdal/lib/krb5/store_emem.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include "store-int.h" -RCSID("$Id: store_emem.c 22574 2008-02-05 20:31:55Z lha $"); +RCSID("$Id$"); typedef struct emem_storage{ unsigned char *base; diff --git a/source4/heimdal/lib/krb5/store_fd.c b/source4/heimdal/lib/krb5/store_fd.c index 15f86fcac3..21fa171c28 100644 --- a/source4/heimdal/lib/krb5/store_fd.c +++ b/source4/heimdal/lib/krb5/store_fd.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include "store-int.h" -RCSID("$Id: store_fd.c 17779 2006-06-30 21:23:19Z lha $"); +RCSID("$Id$"); typedef struct fd_storage { int fd; diff --git a/source4/heimdal/lib/krb5/store_mem.c b/source4/heimdal/lib/krb5/store_mem.c index e6e62b5a62..6d8306051a 100644 --- a/source4/heimdal/lib/krb5/store_mem.c +++ b/source4/heimdal/lib/krb5/store_mem.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include "store-int.h" -RCSID("$Id: store_mem.c 20307 2007-04-11 11:16:28Z lha $"); +RCSID("$Id$"); typedef struct mem_storage{ unsigned char *base; diff --git a/source4/heimdal/lib/krb5/ticket.c b/source4/heimdal/lib/krb5/ticket.c index 5eff64e12d..77ce8cb221 100644 --- a/source4/heimdal/lib/krb5/ticket.c +++ b/source4/heimdal/lib/krb5/ticket.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: ticket.c 23310 2008-06-23 03:30:49Z lha $"); +RCSID("$Id$"); krb5_error_code KRB5_LIB_FUNCTION krb5_free_ticket(krb5_context context, diff --git a/source4/heimdal/lib/krb5/time.c b/source4/heimdal/lib/krb5/time.c index 46f88a86cd..7a9b36372c 100644 --- a/source4/heimdal/lib/krb5/time.c +++ b/source4/heimdal/lib/krb5/time.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: time.c 23260 2008-06-21 15:22:37Z lha $"); +RCSID("$Id$"); /** * Set the absolute time that the caller knows the kdc has so the diff --git a/source4/heimdal/lib/krb5/transited.c b/source4/heimdal/lib/krb5/transited.c index 58b00a4b7a..c9db832348 100644 --- a/source4/heimdal/lib/krb5/transited.c +++ b/source4/heimdal/lib/krb5/transited.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: transited.c 23316 2008-06-23 04:32:32Z lha $"); +RCSID("$Id$"); /* this is an attempt at one of the most horrible `compression' schemes that has ever been invented; it's so amazingly brain-dead diff --git a/source4/heimdal/lib/krb5/v4_glue.c b/source4/heimdal/lib/krb5/v4_glue.c index 55570c44dd..baa4bd6892 100644 --- a/source4/heimdal/lib/krb5/v4_glue.c +++ b/source4/heimdal/lib/krb5/v4_glue.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: v4_glue.c 23452 2008-07-27 12:10:54Z lha $"); +RCSID("$Id$"); #include "krb5-v4compat.h" @@ -348,12 +348,12 @@ storage_to_etext(krb5_context context, krb5_ssize_t size; krb5_data data; - /* multiple of eight bytes */ + /* multiple of eight bytes, don't round up */ size = krb5_storage_seek(sp, 0, SEEK_END); if (size < 0) return KRB4ET_RD_AP_UNDEC; - size = 8 - (size & 7); + size = ((size+7) & ~7) - size; ret = krb5_storage_write(sp, eightzeros, size); if (ret != size) diff --git a/source4/heimdal/lib/krb5/version.c b/source4/heimdal/lib/krb5/version.c index f7ccff5bc8..cbc4f8c3e1 100644 --- a/source4/heimdal/lib/krb5/version.c +++ b/source4/heimdal/lib/krb5/version.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: version.c 7464 1999-12-02 17:05:13Z joda $"); +RCSID("$Id$"); /* this is just to get a version stamp in the library file */ diff --git a/source4/heimdal/lib/krb5/warn.c b/source4/heimdal/lib/krb5/warn.c index 97a6cc9e0a..c7fe5640b5 100644 --- a/source4/heimdal/lib/krb5/warn.c +++ b/source4/heimdal/lib/krb5/warn.c @@ -34,7 +34,7 @@ #include "krb5_locl.h" #include <err.h> -RCSID("$Id: warn.c 23206 2008-05-29 02:13:41Z lha $"); +RCSID("$Id$"); static krb5_error_code _warnerr(krb5_context context, int do_errtext, krb5_error_code code, int level, const char *fmt, va_list ap) |